1 /* $OpenBSD: nd6.c,v 1.65 2003/06/27 22:47:32 itojun Exp $ */ 2 /* $KAME: nd6.c,v 1.280 2002/06/08 19:52:07 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/param.h> 34 #include <sys/systm.h> 35 #include <sys/timeout.h> 36 #include <sys/malloc.h> 37 #include <sys/mbuf.h> 38 #include <sys/socket.h> 39 #include <sys/sockio.h> 40 #include <sys/time.h> 41 #include <sys/kernel.h> 42 #include <sys/protosw.h> 43 #include <sys/errno.h> 44 #include <sys/ioctl.h> 45 #include <sys/syslog.h> 46 #include <sys/queue.h> 47 #include <dev/rndvar.h> 48 49 #include <net/if.h> 50 #include <net/if_dl.h> 51 #include <net/if_types.h> 52 #include <net/if_fddi.h> 53 #include <net/route.h> 54 55 #include <netinet/in.h> 56 #include <netinet/if_ether.h> 57 #include <netinet/ip_ipsp.h> 58 59 #include <netinet6/in6_var.h> 60 #include <netinet/ip6.h> 61 #include <netinet6/ip6_var.h> 62 #include <netinet6/nd6.h> 63 #include <netinet/icmp6.h> 64 65 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 66 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 67 68 #define SIN6(s) ((struct sockaddr_in6 *)s) 69 #define SDL(s) ((struct sockaddr_dl *)s) 70 71 /* timer values */ 72 int nd6_prune = 1; /* walk list every 1 seconds */ 73 int nd6_delay = 5; /* delay first probe time 5 second */ 74 int nd6_umaxtries = 3; /* maximum unicast query */ 75 int nd6_mmaxtries = 3; /* maximum multicast query */ 76 int nd6_useloopback = 1; /* use loopback interface for local traffic */ 77 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 78 79 /* preventing too many loops in ND option parsing */ 80 int nd6_maxndopt = 10; /* max # of ND options allowed */ 81 82 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 83 84 #ifdef ND6_DEBUG 85 int nd6_debug = 1; 86 #else 87 int nd6_debug = 0; 88 #endif 89 90 /* for debugging? */ 91 static int nd6_inuse, nd6_allocated; 92 93 struct llinfo_nd6 llinfo_nd6 = {&llinfo_nd6, &llinfo_nd6}; 94 struct nd_drhead nd_defrouter; 95 struct nd_prhead nd_prefix = { 0 }; 96 97 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 98 static struct sockaddr_in6 all1_sa; 99 100 static void nd6_setmtu0(struct ifnet *, struct nd_ifinfo *); 101 static void nd6_slowtimo(void *); 102 static struct llinfo_nd6 *nd6_free(struct rtentry *, int); 103 static void nd6_llinfo_timer(void *); 104 105 struct timeout nd6_slowtimo_ch; 106 struct timeout nd6_timer_ch; 107 extern struct timeout in6_tmpaddrtimer_ch; 108 109 static int fill_drlist(void *, size_t *, size_t); 110 static int fill_prlist(void *, size_t *, size_t); 111 112 void 113 nd6_init() 114 { 115 static int nd6_init_done = 0; 116 int i; 117 118 if (nd6_init_done) { 119 log(LOG_NOTICE, "nd6_init called more than once(ignored)\n"); 120 return; 121 } 122 123 all1_sa.sin6_family = AF_INET6; 124 all1_sa.sin6_len = sizeof(struct sockaddr_in6); 125 for (i = 0; i < sizeof(all1_sa.sin6_addr); i++) 126 all1_sa.sin6_addr.s6_addr[i] = 0xff; 127 128 /* initialization of the default router list */ 129 TAILQ_INIT(&nd_defrouter); 130 131 nd6_init_done = 1; 132 133 /* start timer */ 134 timeout_set(&nd6_slowtimo_ch, nd6_slowtimo, NULL); 135 timeout_add(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz); 136 } 137 138 struct nd_ifinfo * 139 nd6_ifattach(ifp) 140 struct ifnet *ifp; 141 { 142 struct nd_ifinfo *nd; 143 144 nd = (struct nd_ifinfo *)malloc(sizeof(*nd), M_IP6NDP, M_WAITOK); 145 bzero(nd, sizeof(*nd)); 146 147 nd->initialized = 1; 148 149 nd->chlim = IPV6_DEFHLIM; 150 nd->basereachable = REACHABLE_TIME; 151 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 152 nd->retrans = RETRANS_TIMER; 153 /* 154 * Note that the default value of ip6_accept_rtadv is 0, which means 155 * we won't accept RAs by default even if we set ND6_IFF_ACCEPT_RTADV 156 * here. 157 */ 158 nd->flags = (ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV); 159 160 /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */ 161 nd6_setmtu0(ifp, nd); 162 163 return nd; 164 } 165 166 void 167 nd6_ifdetach(nd) 168 struct nd_ifinfo *nd; 169 { 170 171 free(nd, M_IP6NDP); 172 } 173 174 void 175 nd6_setmtu(ifp) 176 struct ifnet *ifp; 177 { 178 nd6_setmtu0(ifp, ND_IFINFO(ifp)); 179 } 180 181 void 182 nd6_setmtu0(ifp, ndi) 183 struct ifnet *ifp; 184 struct nd_ifinfo *ndi; 185 { 186 u_int32_t omaxmtu; 187 188 omaxmtu = ndi->maxmtu; 189 190 switch (ifp->if_type) { 191 case IFT_ARCNET: 192 ndi->maxmtu = MIN(60480, ifp->if_mtu); /* RFC2497 */ 193 break; 194 case IFT_FDDI: 195 ndi->maxmtu = MIN(FDDIMTU, ifp->if_mtu); 196 break; 197 default: 198 ndi->maxmtu = ifp->if_mtu; 199 break; 200 } 201 202 /* 203 * Decreasing the interface MTU under IPV6 minimum MTU may cause 204 * undesirable situation. We thus notify the operator of the change 205 * explicitly. The check for omaxmtu is necessary to restrict the 206 * log to the case of changing the MTU, not initializing it. 207 */ 208 if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) { 209 log(LOG_NOTICE, "nd6_setmtu0: " 210 "new link MTU on %s (%lu) is too small for IPv6\n", 211 ifp->if_xname, (unsigned long)ndi->maxmtu); 212 } 213 214 if (ndi->maxmtu > in6_maxmtu) 215 in6_setmaxmtu(); /* check all interfaces just in case */ 216 } 217 218 void 219 nd6_option_init(opt, icmp6len, ndopts) 220 void *opt; 221 int icmp6len; 222 union nd_opts *ndopts; 223 { 224 225 bzero(ndopts, sizeof(*ndopts)); 226 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 227 ndopts->nd_opts_last 228 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 229 230 if (icmp6len == 0) { 231 ndopts->nd_opts_done = 1; 232 ndopts->nd_opts_search = NULL; 233 } 234 } 235 236 /* 237 * Take one ND option. 238 */ 239 struct nd_opt_hdr * 240 nd6_option(ndopts) 241 union nd_opts *ndopts; 242 { 243 struct nd_opt_hdr *nd_opt; 244 int olen; 245 246 if (!ndopts) 247 panic("ndopts == NULL in nd6_option"); 248 if (!ndopts->nd_opts_last) 249 panic("uninitialized ndopts in nd6_option"); 250 if (!ndopts->nd_opts_search) 251 return NULL; 252 if (ndopts->nd_opts_done) 253 return NULL; 254 255 nd_opt = ndopts->nd_opts_search; 256 257 /* make sure nd_opt_len is inside the buffer */ 258 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 259 bzero(ndopts, sizeof(*ndopts)); 260 return NULL; 261 } 262 263 olen = nd_opt->nd_opt_len << 3; 264 if (olen == 0) { 265 /* 266 * Message validation requires that all included 267 * options have a length that is greater than zero. 268 */ 269 bzero(ndopts, sizeof(*ndopts)); 270 return NULL; 271 } 272 273 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 274 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 275 /* option overruns the end of buffer, invalid */ 276 bzero(ndopts, sizeof(*ndopts)); 277 return NULL; 278 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 279 /* reached the end of options chain */ 280 ndopts->nd_opts_done = 1; 281 ndopts->nd_opts_search = NULL; 282 } 283 return nd_opt; 284 } 285 286 /* 287 * Parse multiple ND options. 288 * This function is much easier to use, for ND routines that do not need 289 * multiple options of the same type. 290 */ 291 int 292 nd6_options(ndopts) 293 union nd_opts *ndopts; 294 { 295 struct nd_opt_hdr *nd_opt; 296 int i = 0; 297 298 if (!ndopts) 299 panic("ndopts == NULL in nd6_options"); 300 if (!ndopts->nd_opts_last) 301 panic("uninitialized ndopts in nd6_options"); 302 if (!ndopts->nd_opts_search) 303 return 0; 304 305 while (1) { 306 nd_opt = nd6_option(ndopts); 307 if (!nd_opt && !ndopts->nd_opts_last) { 308 /* 309 * Message validation requires that all included 310 * options have a length that is greater than zero. 311 */ 312 icmp6stat.icp6s_nd_badopt++; 313 bzero(ndopts, sizeof(*ndopts)); 314 return -1; 315 } 316 317 if (!nd_opt) 318 goto skip1; 319 320 switch (nd_opt->nd_opt_type) { 321 case ND_OPT_SOURCE_LINKADDR: 322 case ND_OPT_TARGET_LINKADDR: 323 case ND_OPT_MTU: 324 case ND_OPT_REDIRECTED_HEADER: 325 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 326 nd6log((LOG_INFO, 327 "duplicated ND6 option found (type=%d)\n", 328 nd_opt->nd_opt_type)); 329 /* XXX bark? */ 330 } else { 331 ndopts->nd_opt_array[nd_opt->nd_opt_type] 332 = nd_opt; 333 } 334 break; 335 case ND_OPT_PREFIX_INFORMATION: 336 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 337 ndopts->nd_opt_array[nd_opt->nd_opt_type] 338 = nd_opt; 339 } 340 ndopts->nd_opts_pi_end = 341 (struct nd_opt_prefix_info *)nd_opt; 342 break; 343 default: 344 /* 345 * Unknown options must be silently ignored, 346 * to accommodate future extension to the protocol. 347 */ 348 nd6log((LOG_DEBUG, 349 "nd6_options: unsupported option %d - " 350 "option ignored\n", nd_opt->nd_opt_type)); 351 } 352 353 skip1: 354 i++; 355 if (i > nd6_maxndopt) { 356 icmp6stat.icp6s_nd_toomanyopt++; 357 nd6log((LOG_INFO, "too many loop in nd opt\n")); 358 break; 359 } 360 361 if (ndopts->nd_opts_done) 362 break; 363 } 364 365 return 0; 366 } 367 368 /* 369 * ND6 timer routine to handle ND6 entries 370 */ 371 void 372 nd6_llinfo_settimer(struct llinfo_nd6 *ln, long tick) 373 { 374 int s; 375 376 s = splsoftnet(); 377 378 if (tick < 0) { 379 ln->ln_expire = 0; 380 ln->ln_ntick = 0; 381 timeout_del(&ln->ln_timer_ch); 382 } else { 383 ln->ln_expire = time.tv_sec + tick / hz; 384 if (tick > INT_MAX) { 385 ln->ln_ntick = tick - INT_MAX; 386 timeout_add(&ln->ln_timer_ch, INT_MAX); 387 } else { 388 ln->ln_ntick = 0; 389 timeout_add(&ln->ln_timer_ch, tick); 390 } 391 } 392 393 splx(s); 394 } 395 396 static void 397 nd6_llinfo_timer(void *arg) 398 { 399 int s; 400 struct llinfo_nd6 *ln; 401 struct rtentry *rt; 402 struct sockaddr_in6 *dst; 403 struct ifnet *ifp; 404 struct nd_ifinfo *ndi = NULL; 405 406 s = splsoftnet(); 407 408 ln = (struct llinfo_nd6 *)arg; 409 410 if (ln->ln_ntick > 0) { 411 if (ln->ln_ntick > INT_MAX) { 412 ln->ln_ntick -= INT_MAX; 413 nd6_llinfo_settimer(ln, INT_MAX); 414 } else { 415 ln->ln_ntick = 0; 416 nd6_llinfo_settimer(ln, ln->ln_ntick); 417 } 418 splx(s); 419 return; 420 } 421 422 if ((rt = ln->ln_rt) == NULL) 423 panic("ln->ln_rt == NULL"); 424 if ((ifp = rt->rt_ifp) == NULL) 425 panic("ln->ln_rt->rt_ifp == NULL"); 426 ndi = ND_IFINFO(ifp); 427 dst = (struct sockaddr_in6 *)rt_key(rt); 428 429 /* sanity check */ 430 if (rt->rt_llinfo && (struct llinfo_nd6 *)rt->rt_llinfo != ln) 431 panic("rt_llinfo(%p) is not equal to ln(%p)", 432 rt->rt_llinfo, ln); 433 if (!dst) 434 panic("dst=0 in nd6_timer(ln=%p)", ln); 435 436 switch (ln->ln_state) { 437 case ND6_LLINFO_INCOMPLETE: 438 if (ln->ln_asked < nd6_mmaxtries) { 439 ln->ln_asked++; 440 nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000); 441 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); 442 } else { 443 struct mbuf *m = ln->ln_hold; 444 if (m) { 445 ln->ln_hold = NULL; 446 /* 447 * Fake rcvif to make the ICMP error 448 * more helpful in diagnosing for the 449 * receiver. 450 * XXX: should we consider 451 * older rcvif? 452 */ 453 m->m_pkthdr.rcvif = rt->rt_ifp; 454 455 icmp6_error(m, ICMP6_DST_UNREACH, 456 ICMP6_DST_UNREACH_ADDR, 0); 457 } 458 (void)nd6_free(rt, 0); 459 ln = NULL; 460 } 461 break; 462 case ND6_LLINFO_REACHABLE: 463 if (!ND6_LLINFO_PERMANENT(ln)) { 464 ln->ln_state = ND6_LLINFO_STALE; 465 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz); 466 } 467 break; 468 469 case ND6_LLINFO_STALE: 470 /* Garbage Collection(RFC 2461 5.3) */ 471 if (!ND6_LLINFO_PERMANENT(ln)) { 472 (void)nd6_free(rt, 1); 473 ln = NULL; 474 } 475 break; 476 477 case ND6_LLINFO_DELAY: 478 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) { 479 /* We need NUD */ 480 ln->ln_asked = 1; 481 ln->ln_state = ND6_LLINFO_PROBE; 482 nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000); 483 nd6_ns_output(ifp, &dst->sin6_addr, 484 &dst->sin6_addr, ln, 0); 485 } else { 486 ln->ln_state = ND6_LLINFO_STALE; /* XXX */ 487 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz); 488 } 489 break; 490 case ND6_LLINFO_PROBE: 491 if (ln->ln_asked < nd6_umaxtries) { 492 ln->ln_asked++; 493 nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000); 494 nd6_ns_output(ifp, &dst->sin6_addr, 495 &dst->sin6_addr, ln, 0); 496 } else { 497 (void)nd6_free(rt, 0); 498 ln = NULL; 499 } 500 break; 501 } 502 503 splx(s); 504 } 505 506 /* 507 * ND6 timer routine to expire default route list and prefix list 508 */ 509 void 510 nd6_timer(ignored_arg) 511 void *ignored_arg; 512 { 513 int s; 514 struct nd_defrouter *dr; 515 struct nd_prefix *pr; 516 struct in6_ifaddr *ia6, *nia6; 517 struct in6_addrlifetime *lt6; 518 519 s = splsoftnet(); 520 timeout_set(&nd6_timer_ch, nd6_timer, NULL); 521 timeout_add(&nd6_timer_ch, nd6_prune * hz); 522 523 /* expire default router list */ 524 dr = TAILQ_FIRST(&nd_defrouter); 525 while (dr) { 526 if (dr->expire && dr->expire < time.tv_sec) { 527 struct nd_defrouter *t; 528 t = TAILQ_NEXT(dr, dr_entry); 529 defrtrlist_del(dr); 530 dr = t; 531 } else { 532 dr = TAILQ_NEXT(dr, dr_entry); 533 } 534 } 535 536 /* 537 * expire interface addresses. 538 * in the past the loop was inside prefix expiry processing. 539 * However, from a stricter speci-confrmance standpoint, we should 540 * rather separate address lifetimes and prefix lifetimes. 541 */ 542 for (ia6 = in6_ifaddr; ia6; ia6 = nia6) { 543 nia6 = ia6->ia_next; 544 /* check address lifetime */ 545 lt6 = &ia6->ia6_lifetime; 546 if (IFA6_IS_INVALID(ia6)) { 547 in6_purgeaddr(&ia6->ia_ifa); 548 } 549 if (IFA6_IS_DEPRECATED(ia6)) { 550 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 551 } else { 552 /* 553 * A new RA might have made a deprecated address 554 * preferred. 555 */ 556 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 557 } 558 } 559 560 /* expire prefix list */ 561 pr = nd_prefix.lh_first; 562 while (pr) { 563 /* 564 * check prefix lifetime. 565 * since pltime is just for autoconf, pltime processing for 566 * prefix is not necessary. 567 */ 568 if (pr->ndpr_vltime != ND6_INFINITE_LIFETIME && 569 time.tv_sec - pr->ndpr_lastupdate > pr->ndpr_vltime) { 570 struct nd_prefix *t; 571 t = pr->ndpr_next; 572 573 /* 574 * address expiration and prefix expiration are 575 * separate. NEVER perform in6_purgeaddr here. 576 */ 577 578 prelist_remove(pr); 579 pr = t; 580 } else 581 pr = pr->ndpr_next; 582 } 583 splx(s); 584 } 585 586 /* 587 * Nuke neighbor cache/prefix/default router management table, right before 588 * ifp goes away. 589 */ 590 void 591 nd6_purge(ifp) 592 struct ifnet *ifp; 593 { 594 struct llinfo_nd6 *ln, *nln; 595 struct nd_defrouter *dr, *ndr; 596 struct nd_prefix *pr, *npr; 597 598 /* 599 * Nuke default router list entries toward ifp. 600 * We defer removal of default router list entries that is installed 601 * in the routing table, in order to keep additional side effects as 602 * small as possible. 603 */ 604 for (dr = TAILQ_FIRST(&nd_defrouter); dr; dr = ndr) { 605 ndr = TAILQ_NEXT(dr, dr_entry); 606 if (dr->installed) 607 continue; 608 609 if (dr->ifp == ifp) 610 defrtrlist_del(dr); 611 } 612 for (dr = TAILQ_FIRST(&nd_defrouter); dr; dr = ndr) { 613 ndr = TAILQ_NEXT(dr, dr_entry); 614 if (!dr->installed) 615 continue; 616 617 if (dr->ifp == ifp) 618 defrtrlist_del(dr); 619 } 620 621 /* Nuke prefix list entries toward ifp */ 622 for (pr = nd_prefix.lh_first; pr; pr = npr) { 623 npr = pr->ndpr_next; 624 if (pr->ndpr_ifp == ifp) { 625 /* 626 * Previously, pr->ndpr_addr is removed as well, 627 * but I strongly believe we don't have to do it. 628 * nd6_purge() is only called from in6_ifdetach(), 629 * which removes all the associated interface addresses 630 * by itself. 631 * (jinmei@kame.net 20010129) 632 */ 633 prelist_remove(pr); 634 } 635 } 636 637 /* cancel default outgoing interface setting */ 638 if (nd6_defifindex == ifp->if_index) 639 nd6_setdefaultiface(0); 640 641 if (!ip6_forwarding && ip6_accept_rtadv) { /* XXX: too restrictive? */ 642 /* refresh default router list */ 643 defrouter_select(); 644 } 645 646 /* 647 * Nuke neighbor cache entries for the ifp. 648 * Note that rt->rt_ifp may not be the same as ifp, 649 * due to KAME goto ours hack. See RTM_RESOLVE case in 650 * nd6_rtrequest(), and ip6_input(). 651 */ 652 ln = llinfo_nd6.ln_next; 653 while (ln && ln != &llinfo_nd6) { 654 struct rtentry *rt; 655 struct sockaddr_dl *sdl; 656 657 nln = ln->ln_next; 658 rt = ln->ln_rt; 659 if (rt && rt->rt_gateway && 660 rt->rt_gateway->sa_family == AF_LINK) { 661 sdl = (struct sockaddr_dl *)rt->rt_gateway; 662 if (sdl->sdl_index == ifp->if_index) 663 nln = nd6_free(rt, 0); 664 } 665 ln = nln; 666 } 667 } 668 669 struct rtentry * 670 nd6_lookup(addr6, create, ifp) 671 struct in6_addr *addr6; 672 int create; 673 struct ifnet *ifp; 674 { 675 struct rtentry *rt; 676 struct sockaddr_in6 sin6; 677 678 bzero(&sin6, sizeof(sin6)); 679 sin6.sin6_len = sizeof(struct sockaddr_in6); 680 sin6.sin6_family = AF_INET6; 681 sin6.sin6_addr = *addr6; 682 683 rt = rtalloc1((struct sockaddr *)&sin6, create); 684 if (rt && (rt->rt_flags & RTF_LLINFO) == 0) { 685 /* 686 * This is the case for the default route. 687 * If we want to create a neighbor cache for the address, we 688 * should free the route for the destination and allocate an 689 * interface route. 690 */ 691 if (create) { 692 RTFREE(rt); 693 rt = 0; 694 } 695 } 696 if (!rt) { 697 if (create && ifp) { 698 int e; 699 700 /* 701 * If no route is available and create is set, 702 * we allocate a host route for the destination 703 * and treat it like an interface route. 704 * This hack is necessary for a neighbor which can't 705 * be covered by our own prefix. 706 */ 707 struct ifaddr *ifa = 708 ifaof_ifpforaddr((struct sockaddr *)&sin6, ifp); 709 if (ifa == NULL) 710 return (NULL); 711 712 /* 713 * Create a new route. RTF_LLINFO is necessary 714 * to create a Neighbor Cache entry for the 715 * destination in nd6_rtrequest which will be 716 * called in rtrequest via ifa->ifa_rtrequest. 717 */ 718 if ((e = rtrequest(RTM_ADD, (struct sockaddr *)&sin6, 719 ifa->ifa_addr, (struct sockaddr *)&all1_sa, 720 (ifa->ifa_flags | RTF_HOST | RTF_LLINFO) & 721 ~RTF_CLONING, &rt)) != 0) { 722 #if 0 723 log(LOG_ERR, 724 "nd6_lookup: failed to add route for a " 725 "neighbor(%s), errno=%d\n", 726 ip6_sprintf(addr6), e); 727 #endif 728 return (NULL); 729 } 730 if (rt == NULL) 731 return (NULL); 732 if (rt->rt_llinfo) { 733 struct llinfo_nd6 *ln = 734 (struct llinfo_nd6 *)rt->rt_llinfo; 735 ln->ln_state = ND6_LLINFO_NOSTATE; 736 } 737 } else 738 return (NULL); 739 } 740 rt->rt_refcnt--; 741 /* 742 * Validation for the entry. 743 * Note that the check for rt_llinfo is necessary because a cloned 744 * route from a parent route that has the L flag (e.g. the default 745 * route to a p2p interface) may have the flag, too, while the 746 * destination is not actually a neighbor. 747 * XXX: we can't use rt->rt_ifp to check for the interface, since 748 * it might be the loopback interface if the entry is for our 749 * own address on a non-loopback interface. Instead, we should 750 * use rt->rt_ifa->ifa_ifp, which would specify the REAL 751 * interface. 752 */ 753 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || 754 rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL || 755 (ifp && rt->rt_ifa->ifa_ifp != ifp)) { 756 if (create) { 757 nd6log((LOG_DEBUG, 758 "nd6_lookup: failed to lookup %s (if = %s)\n", 759 ip6_sprintf(addr6), 760 ifp ? ifp->if_xname : "unspec")); 761 } 762 return (NULL); 763 } 764 return (rt); 765 } 766 767 /* 768 * Detect if a given IPv6 address identifies a neighbor on a given link. 769 * XXX: should take care of the destination of a p2p link? 770 */ 771 int 772 nd6_is_addr_neighbor(addr, ifp) 773 struct sockaddr_in6 *addr; 774 struct ifnet *ifp; 775 { 776 struct nd_prefix *pr; 777 struct rtentry *rt; 778 779 /* 780 * A link-local address is always a neighbor. 781 * XXX: we should use the sin6_scope_id field rather than the embedded 782 * interface index. 783 * XXX: a link does not necessarily specify a single interface. 784 */ 785 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) && 786 ntohs(*(u_int16_t *)&addr->sin6_addr.s6_addr[2]) == ifp->if_index) 787 return (1); 788 789 /* 790 * If the address matches one of our on-link prefixes, it should be a 791 * neighbor. 792 */ 793 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 794 if (pr->ndpr_ifp != ifp) 795 continue; 796 797 if (!(pr->ndpr_stateflags & NDPRF_ONLINK)) 798 continue; 799 800 if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, 801 &addr->sin6_addr, &pr->ndpr_mask)) 802 return (1); 803 } 804 805 /* 806 * If the default router list is empty, all addresses are regarded 807 * as on-link, and thus, as a neighbor. 808 * XXX: we restrict the condition to hosts, because routers usually do 809 * not have the "default router list". 810 */ 811 if (!ip6_forwarding && TAILQ_FIRST(&nd_defrouter) == NULL && 812 nd6_defifindex == ifp->if_index) { 813 return (1); 814 } 815 816 /* 817 * Even if the address matches none of our addresses, it might be 818 * in the neighbor cache. 819 */ 820 if ((rt = nd6_lookup(&addr->sin6_addr, 0, ifp)) != NULL) 821 return (1); 822 823 return (0); 824 } 825 826 /* 827 * Free an nd6 llinfo entry. 828 * Since the function would cause significant changes in the kernel, DO NOT 829 * make it global, unless you have a strong reason for the change, and are sure 830 * that the change is safe. 831 */ 832 static struct llinfo_nd6 * 833 nd6_free(rt, gc) 834 struct rtentry *rt; 835 int gc; 836 { 837 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo, *next; 838 struct in6_addr in6 = ((struct sockaddr_in6 *)rt_key(rt))->sin6_addr; 839 struct nd_defrouter *dr; 840 841 /* 842 * we used to have pfctlinput(PRC_HOSTDEAD) here. 843 * even though it is not harmful, it was not really necessary. 844 */ 845 846 if (!ip6_forwarding) { 847 int s; 848 s = splsoftnet(); 849 dr = defrouter_lookup(&((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 850 rt->rt_ifp); 851 852 if (dr != NULL && dr->expire && 853 ln->ln_state == ND6_LLINFO_STALE && gc) { 854 /* 855 * If the reason for the deletion is just garbage 856 * collection, and the neighbor is an active default 857 * router, do not delete it. Instead, reset the GC 858 * timer using the router's lifetime. 859 * Simply deleting the entry would affect default 860 * router selection, which is not necessarily a good 861 * thing, especially when we're using router preference 862 * values. 863 * XXX: the check for ln_state would be redundant, 864 * but we intentionally keep it just in case. 865 */ 866 if (dr->expire > time.tv_sec * hz) { 867 nd6_llinfo_settimer(ln, 868 dr->expire - time.tv_sec * hz); 869 } else 870 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz); 871 splx(s); 872 return (ln->ln_next); 873 } 874 875 if (ln->ln_router || dr) { 876 /* 877 * rt6_flush must be called whether or not the neighbor 878 * is in the Default Router List. 879 * See a corresponding comment in nd6_na_input(). 880 */ 881 rt6_flush(&in6, rt->rt_ifp); 882 } 883 884 if (dr) { 885 /* 886 * Unreachablity of a router might affect the default 887 * router selection and on-link detection of advertised 888 * prefixes. 889 */ 890 891 /* 892 * Temporarily fake the state to choose a new default 893 * router and to perform on-link determination of 894 * prefixes correctly. 895 * Below the state will be set correctly, 896 * or the entry itself will be deleted. 897 */ 898 ln->ln_state = ND6_LLINFO_INCOMPLETE; 899 900 /* 901 * Since defrouter_select() does not affect the 902 * on-link determination and MIP6 needs the check 903 * before the default router selection, we perform 904 * the check now. 905 */ 906 pfxlist_onlink_check(); 907 908 /* 909 * refresh default router list 910 */ 911 defrouter_select(); 912 } 913 splx(s); 914 } 915 916 /* 917 * Before deleting the entry, remember the next entry as the 918 * return value. We need this because pfxlist_onlink_check() above 919 * might have freed other entries (particularly the old next entry) as 920 * a side effect (XXX). 921 */ 922 next = ln->ln_next; 923 924 /* 925 * Detach the route from the routing tree and the list of neighbor 926 * caches, and disable the route entry not to be used in already 927 * cached routes. 928 */ 929 rtrequest(RTM_DELETE, rt_key(rt), (struct sockaddr *)0, 930 rt_mask(rt), 0, (struct rtentry **)0); 931 932 return (next); 933 } 934 935 /* 936 * Upper-layer reachability hint for Neighbor Unreachability Detection. 937 * 938 * XXX cost-effective metods? 939 */ 940 void 941 nd6_nud_hint(rt, dst6, force) 942 struct rtentry *rt; 943 struct in6_addr *dst6; 944 int force; 945 { 946 struct llinfo_nd6 *ln; 947 948 /* 949 * If the caller specified "rt", use that. Otherwise, resolve the 950 * routing table by supplied "dst6". 951 */ 952 if (!rt) { 953 if (!dst6) 954 return; 955 if (!(rt = nd6_lookup(dst6, 0, NULL))) 956 return; 957 } 958 959 if ((rt->rt_flags & RTF_GATEWAY) != 0 || 960 (rt->rt_flags & RTF_LLINFO) == 0 || 961 !rt->rt_llinfo || !rt->rt_gateway || 962 rt->rt_gateway->sa_family != AF_LINK) { 963 /* This is not a host route. */ 964 return; 965 } 966 967 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 968 if (ln->ln_state < ND6_LLINFO_REACHABLE) 969 return; 970 971 /* 972 * if we get upper-layer reachability confirmation many times, 973 * it is possible we have false information. 974 */ 975 if (!force) { 976 ln->ln_byhint++; 977 if (ln->ln_byhint > nd6_maxnudhint) 978 return; 979 } 980 981 ln->ln_state = ND6_LLINFO_REACHABLE; 982 if (!ND6_LLINFO_PERMANENT(ln)) { 983 nd6_llinfo_settimer(ln, 984 (long)ND_IFINFO(rt->rt_ifp)->reachable * hz); 985 } 986 } 987 988 void 989 nd6_rtrequest(req, rt, info) 990 int req; 991 struct rtentry *rt; 992 struct rt_addrinfo *info; /* xxx unused */ 993 { 994 struct sockaddr *gate = rt->rt_gateway; 995 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 996 static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK}; 997 struct ifnet *ifp = rt->rt_ifp; 998 struct ifaddr *ifa; 999 int mine = 0; 1000 1001 if ((rt->rt_flags & RTF_GATEWAY) != 0) 1002 return; 1003 1004 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 1005 /* 1006 * This is probably an interface direct route for a link 1007 * which does not need neighbor caches (e.g. fe80::%lo0/64). 1008 * We do not need special treatment below for such a route. 1009 * Moreover, the RTF_LLINFO flag which would be set below 1010 * would annoy the ndp(8) command. 1011 */ 1012 return; 1013 } 1014 1015 if (req == RTM_RESOLVE && 1016 (nd6_need_cache(ifp) == 0 || /* stf case */ 1017 !nd6_is_addr_neighbor((struct sockaddr_in6 *)rt_key(rt), ifp))) { 1018 /* 1019 * FreeBSD and BSD/OS often make a cloned host route based 1020 * on a less-specific route (e.g. the default route). 1021 * If the less specific route does not have a "gateway" 1022 * (this is the case when the route just goes to a p2p or an 1023 * stf interface), we'll mistakenly make a neighbor cache for 1024 * the host route, and will see strange neighbor solicitation 1025 * for the corresponding destination. In order to avoid the 1026 * confusion, we check if the destination of the route is 1027 * a neighbor in terms of neighbor discovery, and stop the 1028 * process if not. Additionally, we remove the LLINFO flag 1029 * so that ndp(8) will not try to get the neighbor information 1030 * of the destination. 1031 */ 1032 rt->rt_flags &= ~RTF_LLINFO; 1033 return; 1034 } 1035 1036 switch (req) { 1037 case RTM_ADD: 1038 /* 1039 * There is no backward compatibility :) 1040 * 1041 * if ((rt->rt_flags & RTF_HOST) == 0 && 1042 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 1043 * rt->rt_flags |= RTF_CLONING; 1044 */ 1045 if ((rt->rt_flags & RTF_CLONING) || 1046 ((rt->rt_flags & RTF_LLINFO) && !ln)) { 1047 /* 1048 * Case 1: This route should come from a route to 1049 * interface (RTF_CLONING case) or the route should be 1050 * treated as on-link but is currently not 1051 * (RTF_LLINFO && !ln case). 1052 */ 1053 rt_setgate(rt, rt_key(rt), 1054 (struct sockaddr *)&null_sdl); 1055 gate = rt->rt_gateway; 1056 SDL(gate)->sdl_type = ifp->if_type; 1057 SDL(gate)->sdl_index = ifp->if_index; 1058 if (ln) 1059 nd6_llinfo_settimer(ln, 0); 1060 if ((rt->rt_flags & RTF_CLONING) != 0) 1061 break; 1062 } 1063 /* 1064 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here. 1065 * We don't do that here since llinfo is not ready yet. 1066 * 1067 * There are also couple of other things to be discussed: 1068 * - unsolicited NA code needs improvement beforehand 1069 * - RFC2461 says we MAY send multicast unsolicited NA 1070 * (7.2.6 paragraph 4), however, it also says that we 1071 * SHOULD provide a mechanism to prevent multicast NA storm. 1072 * we don't have anything like it right now. 1073 * note that the mechanism needs a mutual agreement 1074 * between proxies, which means that we need to implement 1075 * a new protocol, or a new kludge. 1076 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 1077 * we need to check ip6forwarding before sending it. 1078 * (or should we allow proxy ND configuration only for 1079 * routers? there's no mention about proxy ND from hosts) 1080 */ 1081 #if 0 1082 /* XXX it does not work */ 1083 if (rt->rt_flags & RTF_ANNOUNCE) 1084 nd6_na_output(ifp, 1085 &SIN6(rt_key(rt))->sin6_addr, 1086 &SIN6(rt_key(rt))->sin6_addr, 1087 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 1088 1, NULL); 1089 #endif 1090 /* FALLTHROUGH */ 1091 case RTM_RESOLVE: 1092 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) { 1093 /* 1094 * Address resolution isn't necessary for a point to 1095 * point link, so we can skip this test for a p2p link. 1096 */ 1097 if (gate->sa_family != AF_LINK || 1098 gate->sa_len < sizeof(null_sdl)) { 1099 log(LOG_DEBUG, 1100 "nd6_rtrequest: bad gateway value: %s\n", 1101 ifp->if_xname); 1102 break; 1103 } 1104 SDL(gate)->sdl_type = ifp->if_type; 1105 SDL(gate)->sdl_index = ifp->if_index; 1106 } 1107 if (ln != NULL) 1108 break; /* This happens on a route change */ 1109 /* 1110 * Case 2: This route may come from cloning, or a manual route 1111 * add with a LL address. 1112 */ 1113 R_Malloc(ln, struct llinfo_nd6 *, sizeof(*ln)); 1114 rt->rt_llinfo = (caddr_t)ln; 1115 if (!ln) { 1116 log(LOG_DEBUG, "nd6_rtrequest: malloc failed\n"); 1117 break; 1118 } 1119 nd6_inuse++; 1120 nd6_allocated++; 1121 Bzero(ln, sizeof(*ln)); 1122 ln->ln_rt = rt; 1123 timeout_set(&ln->ln_timer_ch, nd6_llinfo_timer, ln); 1124 /* this is required for "ndp" command. - shin */ 1125 if (req == RTM_ADD) { 1126 /* 1127 * gate should have some valid AF_LINK entry, 1128 * and ln->ln_expire should have some lifetime 1129 * which is specified by ndp command. 1130 */ 1131 ln->ln_state = ND6_LLINFO_REACHABLE; 1132 ln->ln_byhint = 0; 1133 } else { 1134 /* 1135 * When req == RTM_RESOLVE, rt is created and 1136 * initialized in rtrequest(), so rt_expire is 0. 1137 */ 1138 ln->ln_state = ND6_LLINFO_NOSTATE; 1139 nd6_llinfo_settimer(ln, 0); 1140 } 1141 rt->rt_flags |= RTF_LLINFO; 1142 ln->ln_next = llinfo_nd6.ln_next; 1143 llinfo_nd6.ln_next = ln; 1144 ln->ln_prev = &llinfo_nd6; 1145 ln->ln_next->ln_prev = ln; 1146 1147 /* 1148 * check if rt_key(rt) is one of my address assigned 1149 * to the interface. 1150 */ 1151 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(rt->rt_ifp, 1152 &SIN6(rt_key(rt))->sin6_addr); 1153 if (ifa) { 1154 caddr_t macp = nd6_ifptomac(ifp); 1155 nd6_llinfo_settimer(ln, -1); 1156 ln->ln_state = ND6_LLINFO_REACHABLE; 1157 ln->ln_byhint = 0; 1158 mine = 1; 1159 if (macp) { 1160 Bcopy(macp, LLADDR(SDL(gate)), ifp->if_addrlen); 1161 SDL(gate)->sdl_alen = ifp->if_addrlen; 1162 } 1163 if (nd6_useloopback) { 1164 rt->rt_ifp = lo0ifp; /*XXX*/ 1165 /* 1166 * Make sure rt_ifa be equal to the ifaddr 1167 * corresponding to the address. 1168 * We need this because when we refer 1169 * rt_ifa->ia6_flags in ip6_input, we assume 1170 * that the rt_ifa points to the address instead 1171 * of the loopback address. 1172 */ 1173 if (ifa != rt->rt_ifa) { 1174 IFAFREE(rt->rt_ifa); 1175 ifa->ifa_refcnt++; 1176 rt->rt_ifa = ifa; 1177 } 1178 } 1179 } else if (rt->rt_flags & RTF_ANNOUNCE) { 1180 nd6_llinfo_settimer(ln, -1); 1181 ln->ln_state = ND6_LLINFO_REACHABLE; 1182 ln->ln_byhint = 0; 1183 1184 /* join solicited node multicast for proxy ND */ 1185 if (ifp->if_flags & IFF_MULTICAST) { 1186 struct in6_addr llsol; 1187 int error; 1188 1189 llsol = SIN6(rt_key(rt))->sin6_addr; 1190 llsol.s6_addr16[0] = htons(0xff02); 1191 llsol.s6_addr16[1] = htons(ifp->if_index); 1192 llsol.s6_addr32[1] = 0; 1193 llsol.s6_addr32[2] = htonl(1); 1194 llsol.s6_addr8[12] = 0xff; 1195 1196 if (in6_addmulti(&llsol, ifp, &error)) { 1197 nd6log((LOG_ERR, "%s: failed to join " 1198 "%s (errno=%d)\n", ifp->if_xname, 1199 ip6_sprintf(&llsol), error)); 1200 } 1201 } 1202 } 1203 break; 1204 1205 case RTM_DELETE: 1206 if (!ln) 1207 break; 1208 /* leave from solicited node multicast for proxy ND */ 1209 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 1210 (ifp->if_flags & IFF_MULTICAST) != 0) { 1211 struct in6_addr llsol; 1212 struct in6_multi *in6m; 1213 1214 llsol = SIN6(rt_key(rt))->sin6_addr; 1215 llsol.s6_addr16[0] = htons(0xff02); 1216 llsol.s6_addr16[1] = htons(ifp->if_index); 1217 llsol.s6_addr32[1] = 0; 1218 llsol.s6_addr32[2] = htonl(1); 1219 llsol.s6_addr8[12] = 0xff; 1220 1221 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 1222 if (in6m) 1223 in6_delmulti(in6m); 1224 } 1225 nd6_inuse--; 1226 ln->ln_next->ln_prev = ln->ln_prev; 1227 ln->ln_prev->ln_next = ln->ln_next; 1228 ln->ln_prev = NULL; 1229 nd6_llinfo_settimer(ln, -1); 1230 rt->rt_llinfo = 0; 1231 rt->rt_flags &= ~RTF_LLINFO; 1232 if (ln->ln_hold) 1233 m_freem(ln->ln_hold); 1234 Free((caddr_t)ln); 1235 } 1236 } 1237 1238 int 1239 nd6_ioctl(cmd, data, ifp) 1240 u_long cmd; 1241 caddr_t data; 1242 struct ifnet *ifp; 1243 { 1244 struct in6_drlist *drl = (struct in6_drlist *)data; 1245 struct in6_oprlist *oprl = (struct in6_oprlist *)data; 1246 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1247 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1248 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1249 struct nd_defrouter *dr; 1250 struct nd_prefix *pr; 1251 struct rtentry *rt; 1252 int i = 0, error = 0; 1253 int s; 1254 1255 switch (cmd) { 1256 case SIOCGDRLST_IN6: 1257 /* 1258 * obsolete API, use sysctl under net.inet6.icmp6 1259 */ 1260 bzero(drl, sizeof(*drl)); 1261 s = splsoftnet(); 1262 dr = TAILQ_FIRST(&nd_defrouter); 1263 while (dr && i < DRLSTSIZ) { 1264 drl->defrouter[i].rtaddr = dr->rtaddr; 1265 if (IN6_IS_ADDR_LINKLOCAL(&drl->defrouter[i].rtaddr)) { 1266 /* XXX: need to this hack for KAME stack */ 1267 drl->defrouter[i].rtaddr.s6_addr16[1] = 0; 1268 } else 1269 log(LOG_ERR, 1270 "default router list contains a " 1271 "non-linklocal address(%s)\n", 1272 ip6_sprintf(&drl->defrouter[i].rtaddr)); 1273 1274 drl->defrouter[i].flags = dr->flags; 1275 drl->defrouter[i].rtlifetime = dr->rtlifetime; 1276 drl->defrouter[i].expire = dr->expire; 1277 drl->defrouter[i].if_index = dr->ifp->if_index; 1278 i++; 1279 dr = TAILQ_NEXT(dr, dr_entry); 1280 } 1281 splx(s); 1282 break; 1283 case SIOCGPRLST_IN6: 1284 /* 1285 * obsolete API, use sysctl under net.inet6.icmp6 1286 * 1287 * XXX the structure in6_prlist was changed in backward- 1288 * incompatible manner. in6_oprlist is used for SIOCGPRLST_IN6, 1289 * in6_prlist is used for nd6_sysctl() - fill_prlist(). 1290 */ 1291 /* 1292 * XXX meaning of fields, especialy "raflags", is very 1293 * differnet between RA prefix list and RR/static prefix list. 1294 * how about separating ioctls into two? 1295 */ 1296 bzero(oprl, sizeof(*oprl)); 1297 s = splsoftnet(); 1298 pr = nd_prefix.lh_first; 1299 while (pr && i < PRLSTSIZ) { 1300 struct nd_pfxrouter *pfr; 1301 int j; 1302 1303 oprl->prefix[i].prefix = pr->ndpr_prefix.sin6_addr; 1304 oprl->prefix[i].raflags = pr->ndpr_raf; 1305 oprl->prefix[i].prefixlen = pr->ndpr_plen; 1306 oprl->prefix[i].vltime = pr->ndpr_vltime; 1307 oprl->prefix[i].pltime = pr->ndpr_pltime; 1308 oprl->prefix[i].if_index = pr->ndpr_ifp->if_index; 1309 oprl->prefix[i].expire = pr->ndpr_expire; 1310 1311 pfr = pr->ndpr_advrtrs.lh_first; 1312 j = 0; 1313 while(pfr) { 1314 if (j < DRLSTSIZ) { 1315 #define RTRADDR oprl->prefix[i].advrtr[j] 1316 RTRADDR = pfr->router->rtaddr; 1317 if (IN6_IS_ADDR_LINKLOCAL(&RTRADDR)) { 1318 /* XXX: hack for KAME */ 1319 RTRADDR.s6_addr16[1] = 0; 1320 } else 1321 log(LOG_ERR, 1322 "a router(%s) advertises " 1323 "a prefix with " 1324 "non-link local address\n", 1325 ip6_sprintf(&RTRADDR)); 1326 #undef RTRADDR 1327 } 1328 j++; 1329 pfr = pfr->pfr_next; 1330 } 1331 oprl->prefix[i].advrtrs = j; 1332 oprl->prefix[i].origin = PR_ORIG_RA; 1333 1334 i++; 1335 pr = pr->ndpr_next; 1336 } 1337 splx(s); 1338 1339 break; 1340 case OSIOCGIFINFO_IN6: 1341 /* XXX: old ndp(8) assumes a positive value for linkmtu. */ 1342 bzero(&ndi->ndi, sizeof(ndi->ndi)); 1343 ndi->ndi.linkmtu = IN6_LINKMTU(ifp); 1344 ndi->ndi.maxmtu = ND_IFINFO(ifp)->maxmtu; 1345 ndi->ndi.basereachable = ND_IFINFO(ifp)->basereachable; 1346 ndi->ndi.reachable = ND_IFINFO(ifp)->reachable; 1347 ndi->ndi.retrans = ND_IFINFO(ifp)->retrans; 1348 ndi->ndi.flags = ND_IFINFO(ifp)->flags; 1349 ndi->ndi.recalctm = ND_IFINFO(ifp)->recalctm; 1350 ndi->ndi.chlim = ND_IFINFO(ifp)->chlim; 1351 break; 1352 case SIOCGIFINFO_IN6: 1353 ndi->ndi = *ND_IFINFO(ifp); 1354 break; 1355 case SIOCSIFINFO_FLAGS: 1356 ND_IFINFO(ifp)->flags = ndi->ndi.flags; 1357 break; 1358 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1359 /* sync kernel routing table with the default router list */ 1360 defrouter_reset(); 1361 defrouter_select(); 1362 break; 1363 case SIOCSPFXFLUSH_IN6: 1364 { 1365 /* flush all the prefix advertised by routers */ 1366 struct nd_prefix *pr, *next; 1367 1368 s = splsoftnet(); 1369 for (pr = nd_prefix.lh_first; pr; pr = next) { 1370 struct in6_ifaddr *ia, *ia_next; 1371 1372 next = pr->ndpr_next; 1373 1374 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1375 continue; /* XXX */ 1376 1377 /* do we really have to remove addresses as well? */ 1378 for (ia = in6_ifaddr; ia; ia = ia_next) { 1379 /* ia might be removed. keep the next ptr. */ 1380 ia_next = ia->ia_next; 1381 1382 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1383 continue; 1384 1385 if (ia->ia6_ndpr == pr) 1386 in6_purgeaddr(&ia->ia_ifa); 1387 } 1388 prelist_remove(pr); 1389 } 1390 splx(s); 1391 break; 1392 } 1393 case SIOCSRTRFLUSH_IN6: 1394 { 1395 /* flush all the default routers */ 1396 struct nd_defrouter *dr, *next; 1397 1398 s = splsoftnet(); 1399 defrouter_reset(); 1400 for (dr = TAILQ_FIRST(&nd_defrouter); dr; dr = next) { 1401 next = TAILQ_NEXT(dr, dr_entry); 1402 defrtrlist_del(dr); 1403 } 1404 defrouter_select(); 1405 splx(s); 1406 break; 1407 } 1408 case SIOCGNBRINFO_IN6: 1409 { 1410 struct llinfo_nd6 *ln; 1411 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1412 1413 /* 1414 * XXX: KAME specific hack for scoped addresses 1415 * XXXX: for other scopes than link-local? 1416 */ 1417 if (IN6_IS_ADDR_LINKLOCAL(&nbi->addr) || 1418 IN6_IS_ADDR_MC_LINKLOCAL(&nbi->addr)) { 1419 u_int16_t *idp = (u_int16_t *)&nb_addr.s6_addr[2]; 1420 1421 if (*idp == 0) 1422 *idp = htons(ifp->if_index); 1423 } 1424 1425 s = splsoftnet(); 1426 if ((rt = nd6_lookup(&nb_addr, 0, ifp)) == NULL || 1427 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) { 1428 error = EINVAL; 1429 splx(s); 1430 break; 1431 } 1432 nbi->state = ln->ln_state; 1433 nbi->asked = ln->ln_asked; 1434 nbi->isrouter = ln->ln_router; 1435 nbi->expire = ln->ln_expire; 1436 splx(s); 1437 1438 break; 1439 } 1440 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1441 ndif->ifindex = nd6_defifindex; 1442 break; 1443 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1444 return (nd6_setdefaultiface(ndif->ifindex)); 1445 break; 1446 } 1447 return (error); 1448 } 1449 1450 /* 1451 * Create neighbor cache entry and cache link-layer address, 1452 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1453 */ 1454 struct rtentry * 1455 nd6_cache_lladdr(ifp, from, lladdr, lladdrlen, type, code) 1456 struct ifnet *ifp; 1457 struct in6_addr *from; 1458 char *lladdr; 1459 int lladdrlen; 1460 int type; /* ICMP6 type */ 1461 int code; /* type dependent information */ 1462 { 1463 struct rtentry *rt = NULL; 1464 struct llinfo_nd6 *ln = NULL; 1465 int is_newentry; 1466 struct sockaddr_dl *sdl = NULL; 1467 int do_update; 1468 int olladdr; 1469 int llchange; 1470 int newstate = 0; 1471 1472 if (!ifp) 1473 panic("ifp == NULL in nd6_cache_lladdr"); 1474 if (!from) 1475 panic("from == NULL in nd6_cache_lladdr"); 1476 1477 /* nothing must be updated for unspecified address */ 1478 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1479 return NULL; 1480 1481 /* 1482 * Validation about ifp->if_addrlen and lladdrlen must be done in 1483 * the caller. 1484 * 1485 * XXX If the link does not have link-layer adderss, what should 1486 * we do? (ifp->if_addrlen == 0) 1487 * Spec says nothing in sections for RA, RS and NA. There's small 1488 * description on it in NS section (RFC 2461 7.2.3). 1489 */ 1490 1491 rt = nd6_lookup(from, 0, ifp); 1492 if (!rt) { 1493 #if 0 1494 /* nothing must be done if there's no lladdr */ 1495 if (!lladdr || !lladdrlen) 1496 return NULL; 1497 #endif 1498 1499 rt = nd6_lookup(from, 1, ifp); 1500 is_newentry = 1; 1501 } else { 1502 /* do nothing if static ndp is set */ 1503 if (rt->rt_flags & RTF_STATIC) 1504 return NULL; 1505 is_newentry = 0; 1506 } 1507 1508 if (!rt) 1509 return NULL; 1510 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 1511 fail: 1512 (void)nd6_free(rt, 0); 1513 return NULL; 1514 } 1515 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1516 if (!ln) 1517 goto fail; 1518 if (!rt->rt_gateway) 1519 goto fail; 1520 if (rt->rt_gateway->sa_family != AF_LINK) 1521 goto fail; 1522 sdl = SDL(rt->rt_gateway); 1523 1524 olladdr = (sdl->sdl_alen) ? 1 : 0; 1525 if (olladdr && lladdr) { 1526 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 1527 llchange = 1; 1528 else 1529 llchange = 0; 1530 } else 1531 llchange = 0; 1532 1533 /* 1534 * newentry olladdr lladdr llchange (*=record) 1535 * 0 n n -- (1) 1536 * 0 y n -- (2) 1537 * 0 n y -- (3) * STALE 1538 * 0 y y n (4) * 1539 * 0 y y y (5) * STALE 1540 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1541 * 1 -- y -- (7) * STALE 1542 */ 1543 1544 if (lladdr) { /* (3-5) and (7) */ 1545 /* 1546 * Record source link-layer address 1547 * XXX is it dependent to ifp->if_type? 1548 */ 1549 sdl->sdl_alen = ifp->if_addrlen; 1550 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 1551 } 1552 1553 if (!is_newentry) { 1554 if ((!olladdr && lladdr) || /* (3) */ 1555 (olladdr && lladdr && llchange)) { /* (5) */ 1556 do_update = 1; 1557 newstate = ND6_LLINFO_STALE; 1558 } else /* (1-2,4) */ 1559 do_update = 0; 1560 } else { 1561 do_update = 1; 1562 if (!lladdr) /* (6) */ 1563 newstate = ND6_LLINFO_NOSTATE; 1564 else /* (7) */ 1565 newstate = ND6_LLINFO_STALE; 1566 } 1567 1568 if (do_update) { 1569 /* 1570 * Update the state of the neighbor cache. 1571 */ 1572 ln->ln_state = newstate; 1573 1574 if (ln->ln_state == ND6_LLINFO_STALE) { 1575 /* 1576 * XXX: since nd6_output() below will cause 1577 * state tansition to DELAY and reset the timer, 1578 * we must set the timer now, although it is actually 1579 * meaningless. 1580 */ 1581 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz); 1582 1583 if (ln->ln_hold) { 1584 /* 1585 * we assume ifp is not a p2p here, so just 1586 * set the 2nd argument as the 1st one. 1587 */ 1588 nd6_output(ifp, ifp, ln->ln_hold, 1589 (struct sockaddr_in6 *)rt_key(rt), rt); 1590 ln->ln_hold = NULL; 1591 } 1592 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1593 /* probe right away */ 1594 nd6_llinfo_settimer((void *)ln, 0); 1595 } 1596 } 1597 1598 /* 1599 * ICMP6 type dependent behavior. 1600 * 1601 * NS: clear IsRouter if new entry 1602 * RS: clear IsRouter 1603 * RA: set IsRouter if there's lladdr 1604 * redir: clear IsRouter if new entry 1605 * 1606 * RA case, (1): 1607 * The spec says that we must set IsRouter in the following cases: 1608 * - If lladdr exist, set IsRouter. This means (1-5). 1609 * - If it is old entry (!newentry), set IsRouter. This means (7). 1610 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1611 * A quetion arises for (1) case. (1) case has no lladdr in the 1612 * neighbor cache, this is similar to (6). 1613 * This case is rare but we figured that we MUST NOT set IsRouter. 1614 * 1615 * newentry olladdr lladdr llchange NS RS RA redir 1616 * D R 1617 * 0 n n -- (1) c ? s 1618 * 0 y n -- (2) c s s 1619 * 0 n y -- (3) c s s 1620 * 0 y y n (4) c s s 1621 * 0 y y y (5) c s s 1622 * 1 -- n -- (6) c c c s 1623 * 1 -- y -- (7) c c s c s 1624 * 1625 * (c=clear s=set) 1626 */ 1627 switch (type & 0xff) { 1628 case ND_NEIGHBOR_SOLICIT: 1629 /* 1630 * New entry must have is_router flag cleared. 1631 */ 1632 if (is_newentry) /* (6-7) */ 1633 ln->ln_router = 0; 1634 break; 1635 case ND_REDIRECT: 1636 /* 1637 * If the icmp is a redirect to a better router, always set the 1638 * is_router flag. Otherwise, if the entry is newly created, 1639 * clear the flag. [RFC 2461, sec 8.3] 1640 */ 1641 if (code == ND_REDIRECT_ROUTER) 1642 ln->ln_router = 1; 1643 else if (is_newentry) /* (6-7) */ 1644 ln->ln_router = 0; 1645 break; 1646 case ND_ROUTER_SOLICIT: 1647 /* 1648 * is_router flag must always be cleared. 1649 */ 1650 ln->ln_router = 0; 1651 break; 1652 case ND_ROUTER_ADVERT: 1653 /* 1654 * Mark an entry with lladdr as a router. 1655 */ 1656 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 1657 (is_newentry && lladdr)) { /* (7) */ 1658 ln->ln_router = 1; 1659 } 1660 break; 1661 } 1662 1663 /* 1664 * When the link-layer address of a router changes, select the 1665 * best router again. In particular, when the neighbor entry is newly 1666 * created, it might affect the selection policy. 1667 * Question: can we restrict the first condition to the "is_newentry" 1668 * case? 1669 * XXX: when we hear an RA from a new router with the link-layer 1670 * address option, defrouter_select() is called twice, since 1671 * defrtrlist_update called the function as well. However, I believe 1672 * we can compromise the overhead, since it only happens the first 1673 * time. 1674 * XXX: although defrouter_select() should not have a bad effect 1675 * for those are not autoconfigured hosts, we explicitly avoid such 1676 * cases for safety. 1677 */ 1678 if (do_update && ln->ln_router && !ip6_forwarding && ip6_accept_rtadv) 1679 defrouter_select(); 1680 1681 return rt; 1682 } 1683 1684 static void 1685 nd6_slowtimo(ignored_arg) 1686 void *ignored_arg; 1687 { 1688 int s = splsoftnet(); 1689 struct nd_ifinfo *nd6if; 1690 struct ifnet *ifp; 1691 1692 timeout_set(&nd6_slowtimo_ch, nd6_slowtimo, NULL); 1693 timeout_add(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz); 1694 for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list)) 1695 { 1696 nd6if = ND_IFINFO(ifp); 1697 if (nd6if->basereachable && /* already initialized */ 1698 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1699 /* 1700 * Since reachable time rarely changes by router 1701 * advertisements, we SHOULD insure that a new random 1702 * value gets recomputed at least once every few hours. 1703 * (RFC 2461, 6.3.4) 1704 */ 1705 nd6if->recalctm = nd6_recalc_reachtm_interval; 1706 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 1707 } 1708 } 1709 splx(s); 1710 } 1711 1712 #define senderr(e) { error = (e); goto bad;} 1713 int 1714 nd6_output(ifp, origifp, m0, dst, rt0) 1715 struct ifnet *ifp; 1716 struct ifnet *origifp; 1717 struct mbuf *m0; 1718 struct sockaddr_in6 *dst; 1719 struct rtentry *rt0; 1720 { 1721 struct mbuf *m = m0; 1722 struct rtentry *rt = rt0; 1723 struct sockaddr_in6 *gw6 = NULL; 1724 struct llinfo_nd6 *ln = NULL; 1725 int error = 0; 1726 #ifdef IPSEC 1727 struct m_tag *mtag; 1728 #endif /* IPSEC */ 1729 1730 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr)) 1731 goto sendpkt; 1732 1733 if (nd6_need_cache(ifp) == 0) 1734 goto sendpkt; 1735 1736 /* 1737 * next hop determination. This routine is derived from ether_outpout. 1738 */ 1739 if (rt) { 1740 if ((rt->rt_flags & RTF_UP) == 0) { 1741 if ((rt0 = rt = rtalloc1((struct sockaddr *)dst, 1742 1)) != NULL) 1743 { 1744 rt->rt_refcnt--; 1745 if (rt->rt_ifp != ifp) { 1746 /* XXX: loop care? */ 1747 return nd6_output(ifp, origifp, m0, 1748 dst, rt); 1749 } 1750 } else 1751 senderr(EHOSTUNREACH); 1752 } 1753 1754 if (rt->rt_flags & RTF_GATEWAY) { 1755 gw6 = (struct sockaddr_in6 *)rt->rt_gateway; 1756 1757 /* 1758 * We skip link-layer address resolution and NUD 1759 * if the gateway is not a neighbor from ND point 1760 * of view, regardless of the value of nd_ifinfo.flags. 1761 * The second condition is a bit tricky; we skip 1762 * if the gateway is our own address, which is 1763 * sometimes used to install a route to a p2p link. 1764 */ 1765 if (!nd6_is_addr_neighbor(gw6, ifp) || 1766 in6ifa_ifpwithaddr(ifp, &gw6->sin6_addr)) { 1767 /* 1768 * We allow this kind of tricky route only 1769 * when the outgoing interface is p2p. 1770 * XXX: we may need a more generic rule here. 1771 */ 1772 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 1773 senderr(EHOSTUNREACH); 1774 1775 goto sendpkt; 1776 } 1777 1778 if (rt->rt_gwroute == 0) 1779 goto lookup; 1780 if (((rt = rt->rt_gwroute)->rt_flags & RTF_UP) == 0) { 1781 rtfree(rt); rt = rt0; 1782 lookup: 1783 rt->rt_gwroute = rtalloc1(rt->rt_gateway, 1); 1784 if ((rt = rt->rt_gwroute) == 0) 1785 senderr(EHOSTUNREACH); 1786 } 1787 } 1788 } 1789 1790 /* 1791 * Address resolution or Neighbor Unreachability Detection 1792 * for the next hop. 1793 * At this point, the destination of the packet must be a unicast 1794 * or an anycast address(i.e. not a multicast). 1795 */ 1796 1797 /* Look up the neighbor cache for the nexthop */ 1798 if (rt && (rt->rt_flags & RTF_LLINFO) != 0) 1799 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1800 else { 1801 /* 1802 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 1803 * the condition below is not very efficient. But we believe 1804 * it is tolerable, because this should be a rare case. 1805 */ 1806 if (nd6_is_addr_neighbor(dst, ifp) && 1807 (rt = nd6_lookup(&dst->sin6_addr, 1, ifp)) != NULL) 1808 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1809 } 1810 if (!ln || !rt) { 1811 if ((ifp->if_flags & IFF_POINTOPOINT) == 0 && 1812 !(ND_IFINFO(ifp)->flags & ND6_IFF_PERFORMNUD)) { 1813 log(LOG_DEBUG, 1814 "nd6_output: can't allocate llinfo for %s " 1815 "(ln=%p, rt=%p)\n", 1816 ip6_sprintf(&dst->sin6_addr), ln, rt); 1817 senderr(EIO); /* XXX: good error? */ 1818 } 1819 1820 goto sendpkt; /* send anyway */ 1821 } 1822 1823 /* We don't have to do link-layer address resolution on a p2p link. */ 1824 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 1825 ln->ln_state < ND6_LLINFO_REACHABLE) { 1826 ln->ln_state = ND6_LLINFO_STALE; 1827 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz); 1828 } 1829 1830 /* 1831 * The first time we send a packet to a neighbor whose entry is 1832 * STALE, we have to change the state to DELAY and a sets a timer to 1833 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 1834 * neighbor unreachability detection on expiration. 1835 * (RFC 2461 7.3.3) 1836 */ 1837 if (ln->ln_state == ND6_LLINFO_STALE) { 1838 ln->ln_asked = 0; 1839 ln->ln_state = ND6_LLINFO_DELAY; 1840 nd6_llinfo_settimer(ln, nd6_delay * hz); 1841 } 1842 1843 /* 1844 * If the neighbor cache entry has a state other than INCOMPLETE 1845 * (i.e. its link-layer address is already resolved), just 1846 * send the packet. 1847 */ 1848 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 1849 goto sendpkt; 1850 1851 /* 1852 * There is a neighbor cache entry, but no ethernet address 1853 * response yet. Replace the held mbuf (if any) with this 1854 * latest one. 1855 */ 1856 if (ln->ln_state == ND6_LLINFO_NOSTATE) 1857 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1858 if (ln->ln_hold) 1859 m_freem(ln->ln_hold); 1860 ln->ln_hold = m; 1861 /* 1862 * If there has been no NS for the neighbor after entering the 1863 * INCOMPLETE state, send the first solicitation. 1864 */ 1865 if (!ND6_LLINFO_PERMANENT(ln) && ln->ln_asked == 0) { 1866 ln->ln_asked++; 1867 nd6_llinfo_settimer(ln, 1868 (long)ND_IFINFO(ifp)->retrans * hz / 1000); 1869 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); 1870 } 1871 return (0); 1872 1873 sendpkt: 1874 #ifdef IPSEC 1875 /* 1876 * If the packet needs outgoing IPsec crypto processing and the 1877 * interface doesn't support it, drop it. 1878 */ 1879 mtag = m_tag_find(m, PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED, NULL); 1880 #endif /* IPSEC */ 1881 1882 if ((ifp->if_flags & IFF_LOOPBACK) != 0) { 1883 #ifdef IPSEC 1884 if (mtag != NULL && 1885 (origifp->if_capabilities & IFCAP_IPSEC) == 0) { 1886 /* Tell IPsec to do its own crypto. */ 1887 ipsp_skipcrypto_unmark((struct tdb_ident *)(mtag + 1)); 1888 error = EACCES; 1889 goto bad; 1890 } 1891 #endif /* IPSEC */ 1892 return ((*ifp->if_output)(origifp, m, (struct sockaddr *)dst, 1893 rt)); 1894 } 1895 #ifdef IPSEC 1896 if (mtag != NULL && 1897 (ifp->if_capabilities & IFCAP_IPSEC) == 0) { 1898 /* Tell IPsec to do its own crypto. */ 1899 ipsp_skipcrypto_unmark((struct tdb_ident *)(mtag + 1)); 1900 error = EACCES; 1901 goto bad; 1902 } 1903 #endif /* IPSEC */ 1904 return ((*ifp->if_output)(ifp, m, (struct sockaddr *)dst, rt)); 1905 1906 bad: 1907 if (m) 1908 m_freem(m); 1909 return (error); 1910 } 1911 #undef senderr 1912 1913 int 1914 nd6_need_cache(ifp) 1915 struct ifnet *ifp; 1916 { 1917 /* 1918 * XXX: we currently do not make neighbor cache on any interface 1919 * other than ARCnet, Ethernet, FDDI and GIF. 1920 * 1921 * RFC2893 says: 1922 * - unidirectional tunnels needs no ND 1923 */ 1924 switch (ifp->if_type) { 1925 case IFT_ARCNET: 1926 case IFT_ETHER: 1927 case IFT_FDDI: 1928 case IFT_IEEE1394: 1929 case IFT_PROPVIRTUAL: 1930 case IFT_L2VLAN: 1931 case IFT_IEEE80211: 1932 case IFT_GIF: /* XXX need more cases? */ 1933 return (1); 1934 default: 1935 return (0); 1936 } 1937 } 1938 1939 int 1940 nd6_storelladdr(ifp, rt, m, dst, desten) 1941 struct ifnet *ifp; 1942 struct rtentry *rt; 1943 struct mbuf *m; 1944 struct sockaddr *dst; 1945 u_char *desten; 1946 { 1947 struct sockaddr_dl *sdl; 1948 1949 if (m->m_flags & M_MCAST) { 1950 switch (ifp->if_type) { 1951 case IFT_ETHER: 1952 case IFT_FDDI: 1953 ETHER_MAP_IPV6_MULTICAST(&SIN6(dst)->sin6_addr, 1954 desten); 1955 return (1); 1956 break; 1957 case IFT_ARCNET: 1958 *desten = 0; 1959 return (1); 1960 default: 1961 m_freem(m); 1962 return (0); 1963 } 1964 } 1965 1966 if (rt == NULL) { 1967 /* this could happen, if we could not allocate memory */ 1968 m_freem(m); 1969 return (0); 1970 } 1971 if (rt->rt_gateway->sa_family != AF_LINK) { 1972 printf("nd6_storelladdr: something odd happens\n"); 1973 m_freem(m); 1974 return (0); 1975 } 1976 sdl = SDL(rt->rt_gateway); 1977 if (sdl->sdl_alen == 0) { 1978 /* this should be impossible, but we bark here for debugging */ 1979 printf("nd6_storelladdr: sdl_alen == 0, dst=%s, if=%s\n", 1980 ip6_sprintf(&SIN6(dst)->sin6_addr), ifp->if_xname); 1981 m_freem(m); 1982 return (0); 1983 } 1984 1985 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 1986 return (1); 1987 } 1988 1989 int 1990 nd6_sysctl(name, oldp, oldlenp, newp, newlen) 1991 int name; 1992 void *oldp; /* syscall arg, need copyout */ 1993 size_t *oldlenp; 1994 void *newp; /* syscall arg, need copyin */ 1995 size_t newlen; 1996 { 1997 void *p; 1998 size_t ol, l; 1999 int error; 2000 2001 error = 0; 2002 l = 0; 2003 2004 if (newp) 2005 return EPERM; 2006 if (oldp && !oldlenp) 2007 return EINVAL; 2008 ol = oldlenp ? *oldlenp : 0; 2009 2010 if (oldp) { 2011 p = malloc(*oldlenp, M_TEMP, M_WAITOK); 2012 if (!p) 2013 return ENOMEM; 2014 } else 2015 p = NULL; 2016 switch (name) { 2017 case ICMPV6CTL_ND6_DRLIST: 2018 error = fill_drlist(p, oldlenp, ol); 2019 if (!error && p && oldp) 2020 error = copyout(p, oldp, *oldlenp); 2021 break; 2022 2023 case ICMPV6CTL_ND6_PRLIST: 2024 error = fill_prlist(p, oldlenp, ol); 2025 if (!error && p && oldp) 2026 error = copyout(p, oldp, *oldlenp); 2027 break; 2028 2029 default: 2030 error = ENOPROTOOPT; 2031 break; 2032 } 2033 if (p) 2034 free(p, M_TEMP); 2035 2036 return (error); 2037 } 2038 2039 static int 2040 fill_drlist(oldp, oldlenp, ol) 2041 void *oldp; 2042 size_t *oldlenp, ol; 2043 { 2044 int error = 0, s; 2045 struct in6_defrouter *d = NULL, *de = NULL; 2046 struct nd_defrouter *dr; 2047 size_t l; 2048 2049 s = splsoftnet(); 2050 2051 if (oldp) { 2052 d = (struct in6_defrouter *)oldp; 2053 de = (struct in6_defrouter *)((caddr_t)oldp + *oldlenp); 2054 } 2055 l = 0; 2056 2057 for (dr = TAILQ_FIRST(&nd_defrouter); dr; 2058 dr = TAILQ_NEXT(dr, dr_entry)) { 2059 2060 if (oldp && d + 1 <= de) { 2061 bzero(d, sizeof(*d)); 2062 d->rtaddr.sin6_family = AF_INET6; 2063 d->rtaddr.sin6_len = sizeof(struct sockaddr_in6); 2064 d->rtaddr.sin6_addr = dr->rtaddr; 2065 in6_recoverscope(&d->rtaddr, &d->rtaddr.sin6_addr, 2066 dr->ifp); 2067 d->flags = dr->flags; 2068 d->rtlifetime = dr->rtlifetime; 2069 d->expire = dr->expire; 2070 d->if_index = dr->ifp->if_index; 2071 } 2072 2073 l += sizeof(*d); 2074 if (d) 2075 d++; 2076 } 2077 2078 if (oldp) { 2079 *oldlenp = l; /* (caddr_t)d - (caddr_t)oldp */ 2080 if (l > ol) 2081 error = ENOMEM; 2082 } else 2083 *oldlenp = l; 2084 2085 splx(s); 2086 2087 return (error); 2088 } 2089 2090 static int 2091 fill_prlist(oldp, oldlenp, ol) 2092 void *oldp; 2093 size_t *oldlenp, ol; 2094 { 2095 int error = 0, s; 2096 struct nd_prefix *pr; 2097 struct in6_prefix *p = NULL; 2098 struct in6_prefix *pe = NULL; 2099 size_t l; 2100 2101 s = splsoftnet(); 2102 2103 if (oldp) { 2104 p = (struct in6_prefix *)oldp; 2105 pe = (struct in6_prefix *)((caddr_t)oldp + *oldlenp); 2106 } 2107 l = 0; 2108 2109 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 2110 u_short advrtrs; 2111 size_t advance; 2112 struct sockaddr_in6 *sin6; 2113 struct sockaddr_in6 *s6; 2114 struct nd_pfxrouter *pfr; 2115 2116 if (oldp && p + 1 <= pe) 2117 { 2118 bzero(p, sizeof(*p)); 2119 sin6 = (struct sockaddr_in6 *)(p + 1); 2120 2121 p->prefix = pr->ndpr_prefix; 2122 if (in6_recoverscope(&p->prefix, 2123 &p->prefix.sin6_addr, pr->ndpr_ifp) != 0) 2124 log(LOG_ERR, 2125 "scope error in prefix list (%s)\n", 2126 ip6_sprintf(&p->prefix.sin6_addr)); 2127 p->raflags = pr->ndpr_raf; 2128 p->prefixlen = pr->ndpr_plen; 2129 p->vltime = pr->ndpr_vltime; 2130 p->pltime = pr->ndpr_pltime; 2131 p->if_index = pr->ndpr_ifp->if_index; 2132 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 2133 p->expire = 0; 2134 else { 2135 time_t maxexpire; 2136 2137 /* XXX: we assume time_t is signed. */ 2138 maxexpire = (-1) & 2139 ~(1 << ((sizeof(maxexpire) * 8) - 1)); 2140 if (pr->ndpr_vltime < 2141 maxexpire - pr->ndpr_lastupdate) { 2142 p->expire = pr->ndpr_lastupdate + 2143 pr->ndpr_vltime; 2144 } else 2145 p->expire = maxexpire; 2146 } 2147 p->refcnt = pr->ndpr_refcnt; 2148 p->flags = pr->ndpr_stateflags; 2149 p->origin = PR_ORIG_RA; 2150 advrtrs = 0; 2151 for (pfr = pr->ndpr_advrtrs.lh_first; pfr; 2152 pfr = pfr->pfr_next) { 2153 if ((void *)&sin6[advrtrs + 1] > (void *)pe) { 2154 advrtrs++; 2155 continue; 2156 } 2157 s6 = &sin6[advrtrs]; 2158 s6->sin6_family = AF_INET6; 2159 s6->sin6_len = sizeof(struct sockaddr_in6); 2160 s6->sin6_addr = pfr->router->rtaddr; 2161 in6_recoverscope(s6, &pfr->router->rtaddr, 2162 pfr->router->ifp); 2163 advrtrs++; 2164 } 2165 p->advrtrs = advrtrs; 2166 } 2167 else { 2168 advrtrs = 0; 2169 for (pfr = pr->ndpr_advrtrs.lh_first; pfr; 2170 pfr = pfr->pfr_next) 2171 advrtrs++; 2172 } 2173 2174 advance = sizeof(*p) + sizeof(*sin6) * advrtrs; 2175 l += advance; 2176 if (p) 2177 p = (struct in6_prefix *)((caddr_t)p + advance); 2178 } 2179 2180 if (oldp) { 2181 *oldlenp = l; /* (caddr_t)d - (caddr_t)oldp */ 2182 if (l > ol) 2183 error = ENOMEM; 2184 } else 2185 *oldlenp = l; 2186 2187 splx(s); 2188 2189 return (error); 2190 } 2191