1 /* $OpenBSD: nd6.c,v 1.226 2018/08/03 09:11:56 florian Exp $ */ 2 /* $KAME: nd6.c,v 1.280 2002/06/08 19:52:07 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/param.h> 34 #include <sys/systm.h> 35 #include <sys/timeout.h> 36 #include <sys/malloc.h> 37 #include <sys/mbuf.h> 38 #include <sys/socket.h> 39 #include <sys/sockio.h> 40 #include <sys/time.h> 41 #include <sys/kernel.h> 42 #include <sys/pool.h> 43 #include <sys/protosw.h> 44 #include <sys/errno.h> 45 #include <sys/ioctl.h> 46 #include <sys/syslog.h> 47 #include <sys/queue.h> 48 #include <sys/stdint.h> 49 #include <sys/task.h> 50 51 #include <net/if.h> 52 #include <net/if_dl.h> 53 #include <net/if_types.h> 54 #include <net/route.h> 55 56 #include <netinet/in.h> 57 #include <netinet/if_ether.h> 58 #include <netinet/ip_ipsp.h> 59 60 #include <netinet6/in6_var.h> 61 #include <netinet/ip6.h> 62 #include <netinet6/ip6_var.h> 63 #include <netinet6/nd6.h> 64 #include <netinet/icmp6.h> 65 66 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 67 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 68 69 /* timer values */ 70 int nd6_timer_next = -1; /* at which time_uptime nd6_timer runs */ 71 time_t nd6_expire_next = -1; /* at which time_uptime nd6_expire runs */ 72 int nd6_delay = 5; /* delay first probe time 5 second */ 73 int nd6_umaxtries = 3; /* maximum unicast query */ 74 int nd6_mmaxtries = 3; /* maximum multicast query */ 75 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 76 77 /* preventing too many loops in ND option parsing */ 78 int nd6_maxndopt = 10; /* max # of ND options allowed */ 79 80 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 81 82 #ifdef ND6_DEBUG 83 int nd6_debug = 1; 84 #else 85 int nd6_debug = 0; 86 #endif 87 88 TAILQ_HEAD(llinfo_nd6_head, llinfo_nd6) nd6_list; 89 struct pool nd6_pool; /* pool for llinfo_nd6 structures */ 90 int nd6_inuse, nd6_allocated; 91 92 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 93 94 void nd6_timer(void *); 95 void nd6_slowtimo(void *); 96 void nd6_expire(void *); 97 void nd6_expire_timer(void *); 98 void nd6_invalidate(struct rtentry *); 99 void nd6_free(struct rtentry *); 100 int nd6_llinfo_timer(struct rtentry *); 101 102 struct timeout nd6_timer_to; 103 struct timeout nd6_slowtimo_ch; 104 struct timeout nd6_expire_timeout; 105 struct task nd6_expire_task; 106 107 void 108 nd6_init(void) 109 { 110 static int nd6_init_done = 0; 111 112 if (nd6_init_done) { 113 log(LOG_NOTICE, "%s called more than once\n", __func__); 114 return; 115 } 116 117 TAILQ_INIT(&nd6_list); 118 pool_init(&nd6_pool, sizeof(struct llinfo_nd6), 0, 119 IPL_SOFTNET, 0, "nd6", NULL); 120 121 task_set(&nd6_expire_task, nd6_expire, NULL); 122 123 nd6_init_done = 1; 124 125 /* start timer */ 126 timeout_set_proc(&nd6_timer_to, nd6_timer, &nd6_timer_to); 127 timeout_set_proc(&nd6_slowtimo_ch, nd6_slowtimo, NULL); 128 timeout_add_sec(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL); 129 timeout_set(&nd6_expire_timeout, nd6_expire_timer, NULL); 130 } 131 132 struct nd_ifinfo * 133 nd6_ifattach(struct ifnet *ifp) 134 { 135 struct nd_ifinfo *nd; 136 137 nd = malloc(sizeof(*nd), M_IP6NDP, M_WAITOK | M_ZERO); 138 139 nd->initialized = 1; 140 141 nd->basereachable = REACHABLE_TIME; 142 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 143 nd->retrans = RETRANS_TIMER; 144 /* per-interface IFXF_AUTOCONF6 needs to be set too to accept RAs */ 145 146 return nd; 147 } 148 149 void 150 nd6_ifdetach(struct nd_ifinfo *nd) 151 { 152 153 free(nd, M_IP6NDP, sizeof(*nd)); 154 } 155 156 void 157 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 158 { 159 bzero(ndopts, sizeof(*ndopts)); 160 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 161 ndopts->nd_opts_last 162 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 163 164 if (icmp6len == 0) { 165 ndopts->nd_opts_done = 1; 166 ndopts->nd_opts_search = NULL; 167 } 168 } 169 170 /* 171 * Take one ND option. 172 */ 173 struct nd_opt_hdr * 174 nd6_option(union nd_opts *ndopts) 175 { 176 struct nd_opt_hdr *nd_opt; 177 int olen; 178 179 if (!ndopts) 180 panic("ndopts == NULL in nd6_option"); 181 if (!ndopts->nd_opts_last) 182 panic("%s: uninitialized ndopts", __func__); 183 if (!ndopts->nd_opts_search) 184 return NULL; 185 if (ndopts->nd_opts_done) 186 return NULL; 187 188 nd_opt = ndopts->nd_opts_search; 189 190 /* make sure nd_opt_len is inside the buffer */ 191 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 192 bzero(ndopts, sizeof(*ndopts)); 193 return NULL; 194 } 195 196 olen = nd_opt->nd_opt_len << 3; 197 if (olen == 0) { 198 /* 199 * Message validation requires that all included 200 * options have a length that is greater than zero. 201 */ 202 bzero(ndopts, sizeof(*ndopts)); 203 return NULL; 204 } 205 206 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 207 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 208 /* option overruns the end of buffer, invalid */ 209 bzero(ndopts, sizeof(*ndopts)); 210 return NULL; 211 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 212 /* reached the end of options chain */ 213 ndopts->nd_opts_done = 1; 214 ndopts->nd_opts_search = NULL; 215 } 216 return nd_opt; 217 } 218 219 /* 220 * Parse multiple ND options. 221 * This function is much easier to use, for ND routines that do not need 222 * multiple options of the same type. 223 */ 224 int 225 nd6_options(union nd_opts *ndopts) 226 { 227 struct nd_opt_hdr *nd_opt; 228 int i = 0; 229 230 if (!ndopts) 231 panic("ndopts == NULL in nd6_options"); 232 if (!ndopts->nd_opts_last) 233 panic("%s: uninitialized ndopts", __func__); 234 if (!ndopts->nd_opts_search) 235 return 0; 236 237 while (1) { 238 nd_opt = nd6_option(ndopts); 239 if (!nd_opt && !ndopts->nd_opts_last) { 240 /* 241 * Message validation requires that all included 242 * options have a length that is greater than zero. 243 */ 244 icmp6stat_inc(icp6s_nd_badopt); 245 bzero(ndopts, sizeof(*ndopts)); 246 return -1; 247 } 248 249 if (!nd_opt) 250 goto skip1; 251 252 switch (nd_opt->nd_opt_type) { 253 case ND_OPT_SOURCE_LINKADDR: 254 case ND_OPT_TARGET_LINKADDR: 255 case ND_OPT_MTU: 256 case ND_OPT_REDIRECTED_HEADER: 257 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 258 nd6log((LOG_INFO, 259 "duplicated ND6 option found (type=%d)\n", 260 nd_opt->nd_opt_type)); 261 /* XXX bark? */ 262 } else { 263 ndopts->nd_opt_array[nd_opt->nd_opt_type] 264 = nd_opt; 265 } 266 break; 267 case ND_OPT_PREFIX_INFORMATION: 268 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 269 ndopts->nd_opt_array[nd_opt->nd_opt_type] 270 = nd_opt; 271 } 272 ndopts->nd_opts_pi_end = 273 (struct nd_opt_prefix_info *)nd_opt; 274 break; 275 default: 276 /* 277 * Unknown options must be silently ignored, 278 * to accommodate future extension to the protocol. 279 */ 280 nd6log((LOG_DEBUG, 281 "nd6_options: unsupported option %d - " 282 "option ignored\n", nd_opt->nd_opt_type)); 283 } 284 285 skip1: 286 i++; 287 if (i > nd6_maxndopt) { 288 icmp6stat_inc(icp6s_nd_toomanyopt); 289 nd6log((LOG_INFO, "too many loop in nd opt\n")); 290 break; 291 } 292 293 if (ndopts->nd_opts_done) 294 break; 295 } 296 297 return 0; 298 } 299 300 /* 301 * ND6 timer routine to handle ND6 entries 302 */ 303 void 304 nd6_llinfo_settimer(struct llinfo_nd6 *ln, unsigned int secs) 305 { 306 time_t expire = time_uptime + secs; 307 308 NET_ASSERT_LOCKED(); 309 310 ln->ln_rt->rt_expire = expire; 311 if (!timeout_pending(&nd6_timer_to) || expire < nd6_timer_next) { 312 nd6_timer_next = expire; 313 timeout_add_sec(&nd6_timer_to, secs); 314 } 315 } 316 317 void 318 nd6_timer(void *arg) 319 { 320 struct llinfo_nd6 *ln, *nln; 321 time_t expire = time_uptime + nd6_gctimer; 322 int secs; 323 324 NET_LOCK(); 325 TAILQ_FOREACH_SAFE(ln, &nd6_list, ln_list, nln) { 326 struct rtentry *rt = ln->ln_rt; 327 328 if (rt->rt_expire && rt->rt_expire <= time_uptime) 329 if (nd6_llinfo_timer(rt)) 330 continue; 331 332 if (rt->rt_expire && rt->rt_expire < expire) 333 expire = rt->rt_expire; 334 } 335 336 secs = expire - time_uptime; 337 if (secs < 0) 338 secs = 0; 339 if (!TAILQ_EMPTY(&nd6_list)) { 340 nd6_timer_next = time_uptime + secs; 341 timeout_add_sec(&nd6_timer_to, secs); 342 } 343 344 NET_UNLOCK(); 345 } 346 347 /* 348 * ND timer state handling. 349 * 350 * Returns 1 if `rt' should no longer be used, 0 otherwise. 351 */ 352 int 353 nd6_llinfo_timer(struct rtentry *rt) 354 { 355 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 356 struct sockaddr_in6 *dst = satosin6(rt_key(rt)); 357 struct ifnet *ifp; 358 struct nd_ifinfo *ndi = NULL; 359 360 NET_ASSERT_LOCKED(); 361 362 if ((ifp = if_get(rt->rt_ifidx)) == NULL) 363 return 1; 364 365 ndi = ND_IFINFO(ifp); 366 367 switch (ln->ln_state) { 368 case ND6_LLINFO_INCOMPLETE: 369 if (ln->ln_asked < nd6_mmaxtries) { 370 ln->ln_asked++; 371 nd6_llinfo_settimer(ln, ndi->retrans / 1000); 372 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); 373 } else { 374 struct mbuf *m = ln->ln_hold; 375 if (m) { 376 ln->ln_hold = NULL; 377 /* 378 * Fake rcvif to make the ICMP error 379 * more helpful in diagnosing for the 380 * receiver. 381 * XXX: should we consider 382 * older rcvif? 383 */ 384 m->m_pkthdr.ph_ifidx = rt->rt_ifidx; 385 386 icmp6_error(m, ICMP6_DST_UNREACH, 387 ICMP6_DST_UNREACH_ADDR, 0); 388 if (ln->ln_hold == m) { 389 /* m is back in ln_hold. Discard. */ 390 m_freem(ln->ln_hold); 391 ln->ln_hold = NULL; 392 } 393 } 394 nd6_free(rt); 395 ln = NULL; 396 } 397 break; 398 case ND6_LLINFO_REACHABLE: 399 if (!ND6_LLINFO_PERMANENT(ln)) { 400 ln->ln_state = ND6_LLINFO_STALE; 401 nd6_llinfo_settimer(ln, nd6_gctimer); 402 } 403 break; 404 405 case ND6_LLINFO_STALE: 406 case ND6_LLINFO_PURGE: 407 /* Garbage Collection(RFC 2461 5.3) */ 408 if (!ND6_LLINFO_PERMANENT(ln)) { 409 nd6_free(rt); 410 ln = NULL; 411 } 412 break; 413 414 case ND6_LLINFO_DELAY: 415 if (ndi) { 416 /* We need NUD */ 417 ln->ln_asked = 1; 418 ln->ln_state = ND6_LLINFO_PROBE; 419 nd6_llinfo_settimer(ln, ndi->retrans / 1000); 420 nd6_ns_output(ifp, &dst->sin6_addr, 421 &dst->sin6_addr, ln, 0); 422 } 423 break; 424 case ND6_LLINFO_PROBE: 425 if (ln->ln_asked < nd6_umaxtries) { 426 ln->ln_asked++; 427 nd6_llinfo_settimer(ln, ndi->retrans / 1000); 428 nd6_ns_output(ifp, &dst->sin6_addr, 429 &dst->sin6_addr, ln, 0); 430 } else { 431 nd6_free(rt); 432 ln = NULL; 433 } 434 break; 435 } 436 437 if_put(ifp); 438 439 return (ln == NULL); 440 } 441 442 void 443 nd6_expire_timer_update(struct in6_ifaddr *ia6) 444 { 445 time_t expire_time = INT64_MAX; 446 int secs; 447 448 KERNEL_ASSERT_LOCKED(); 449 450 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) 451 expire_time = ia6->ia6_lifetime.ia6t_expire; 452 453 if (!(ia6->ia6_flags & IN6_IFF_DEPRECATED) && 454 ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME && 455 expire_time > ia6->ia6_lifetime.ia6t_preferred) 456 expire_time = ia6->ia6_lifetime.ia6t_preferred; 457 458 if (expire_time == INT64_MAX) 459 return; 460 461 /* 462 * IFA6_IS_INVALID() and IFA6_IS_DEPRECATED() check for uptime 463 * greater than ia6t_expire or ia6t_preferred, not greater or equal. 464 * Schedule timeout one second later so that either IFA6_IS_INVALID() 465 * or IFA6_IS_DEPRECATED() is true. 466 */ 467 expire_time++; 468 469 if (!timeout_pending(&nd6_expire_timeout) || 470 nd6_expire_next > expire_time) { 471 secs = expire_time - time_uptime; 472 if (secs < 0) 473 secs = 0; 474 475 timeout_add_sec(&nd6_expire_timeout, secs); 476 nd6_expire_next = expire_time; 477 } 478 } 479 480 /* 481 * Expire interface addresses. 482 */ 483 void 484 nd6_expire(void *unused) 485 { 486 struct ifnet *ifp; 487 488 KERNEL_LOCK(); 489 NET_LOCK(); 490 491 TAILQ_FOREACH(ifp, &ifnet, if_list) { 492 struct ifaddr *ifa, *nifa; 493 struct in6_ifaddr *ia6; 494 495 TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrlist, ifa_list, nifa) { 496 if (ifa->ifa_addr->sa_family != AF_INET6) 497 continue; 498 ia6 = ifatoia6(ifa); 499 /* check address lifetime */ 500 if (IFA6_IS_INVALID(ia6)) { 501 in6_purgeaddr(&ia6->ia_ifa); 502 } else { 503 if (IFA6_IS_DEPRECATED(ia6)) 504 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 505 nd6_expire_timer_update(ia6); 506 } 507 } 508 } 509 510 NET_UNLOCK(); 511 KERNEL_UNLOCK(); 512 } 513 514 void 515 nd6_expire_timer(void *unused) 516 { 517 task_add(net_tq(0), &nd6_expire_task); 518 } 519 520 /* 521 * Nuke neighbor cache/prefix/default router management table, right before 522 * ifp goes away. 523 */ 524 void 525 nd6_purge(struct ifnet *ifp) 526 { 527 struct llinfo_nd6 *ln, *nln; 528 529 NET_ASSERT_LOCKED(); 530 531 /* 532 * Nuke neighbor cache entries for the ifp. 533 */ 534 TAILQ_FOREACH_SAFE(ln, &nd6_list, ln_list, nln) { 535 struct rtentry *rt; 536 struct sockaddr_dl *sdl; 537 538 rt = ln->ln_rt; 539 if (rt != NULL && rt->rt_gateway != NULL && 540 rt->rt_gateway->sa_family == AF_LINK) { 541 sdl = satosdl(rt->rt_gateway); 542 if (sdl->sdl_index == ifp->if_index) 543 nd6_free(rt); 544 } 545 } 546 } 547 548 struct rtentry * 549 nd6_lookup(struct in6_addr *addr6, int create, struct ifnet *ifp, 550 u_int rtableid) 551 { 552 struct rtentry *rt; 553 struct sockaddr_in6 sin6; 554 int flags; 555 556 bzero(&sin6, sizeof(sin6)); 557 sin6.sin6_len = sizeof(struct sockaddr_in6); 558 sin6.sin6_family = AF_INET6; 559 sin6.sin6_addr = *addr6; 560 flags = (create) ? RT_RESOLVE : 0; 561 562 rt = rtalloc(sin6tosa(&sin6), flags, rtableid); 563 if (rt != NULL && (rt->rt_flags & RTF_LLINFO) == 0) { 564 /* 565 * This is the case for the default route. 566 * If we want to create a neighbor cache for the address, we 567 * should free the route for the destination and allocate an 568 * interface route. 569 */ 570 if (create) { 571 rtfree(rt); 572 rt = NULL; 573 } 574 } 575 if (rt == NULL) { 576 if (create && ifp) { 577 struct rt_addrinfo info; 578 struct ifaddr *ifa; 579 int error; 580 581 /* 582 * If no route is available and create is set, 583 * we allocate a host route for the destination 584 * and treat it like an interface route. 585 * This hack is necessary for a neighbor which can't 586 * be covered by our own prefix. 587 */ 588 ifa = ifaof_ifpforaddr(sin6tosa(&sin6), ifp); 589 if (ifa == NULL) 590 return (NULL); 591 592 /* 593 * Create a new route. RTF_LLINFO is necessary 594 * to create a Neighbor Cache entry for the 595 * destination in nd6_rtrequest which will be 596 * called in rtrequest. 597 */ 598 bzero(&info, sizeof(info)); 599 info.rti_ifa = ifa; 600 info.rti_flags = RTF_HOST | RTF_LLINFO; 601 info.rti_info[RTAX_DST] = sin6tosa(&sin6); 602 info.rti_info[RTAX_GATEWAY] = sdltosa(ifp->if_sadl); 603 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, &rt, 604 rtableid); 605 if (error) 606 return (NULL); 607 if (rt->rt_llinfo != NULL) { 608 struct llinfo_nd6 *ln = 609 (struct llinfo_nd6 *)rt->rt_llinfo; 610 ln->ln_state = ND6_LLINFO_NOSTATE; 611 } 612 } else 613 return (NULL); 614 } 615 /* 616 * Validation for the entry. 617 * Note that the check for rt_llinfo is necessary because a cloned 618 * route from a parent route that has the L flag (e.g. the default 619 * route to a p2p interface) may have the flag, too, while the 620 * destination is not actually a neighbor. 621 */ 622 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || 623 rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL || 624 (ifp != NULL && rt->rt_ifidx != ifp->if_index)) { 625 if (create) { 626 char addr[INET6_ADDRSTRLEN]; 627 nd6log((LOG_DEBUG, "%s: failed to lookup %s (if=%s)\n", 628 __func__, 629 inet_ntop(AF_INET6, addr6, addr, sizeof(addr)), 630 ifp ? ifp->if_xname : "unspec")); 631 } 632 rtfree(rt); 633 return (NULL); 634 } 635 return (rt); 636 } 637 638 /* 639 * Detect if a given IPv6 address identifies a neighbor on a given link. 640 * XXX: should take care of the destination of a p2p link? 641 */ 642 int 643 nd6_is_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp) 644 { 645 struct in6_ifaddr *ia6; 646 struct ifaddr *ifa; 647 struct rtentry *rt; 648 649 /* 650 * A link-local address is always a neighbor. 651 * XXX: we should use the sin6_scope_id field rather than the embedded 652 * interface index. 653 * XXX: a link does not necessarily specify a single interface. 654 */ 655 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) && 656 ntohs(*(u_int16_t *)&addr->sin6_addr.s6_addr[2]) == ifp->if_index) 657 return (1); 658 659 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 660 if (ifa->ifa_addr->sa_family != AF_INET6) 661 continue; 662 663 ia6 = ifatoia6(ifa); 664 665 /* Prefix check down below. */ 666 if (ia6->ia6_flags & IN6_IFF_AUTOCONF) 667 continue; 668 669 if (IN6_ARE_MASKED_ADDR_EQUAL(&addr->sin6_addr, 670 &ia6->ia_addr.sin6_addr, 671 &ia6->ia_prefixmask.sin6_addr)) 672 return (1); 673 } 674 675 /* 676 * Even if the address matches none of our addresses, it might be 677 * in the neighbor cache. 678 */ 679 rt = nd6_lookup(&addr->sin6_addr, 0, ifp, ifp->if_rdomain); 680 if (rt != NULL) { 681 rtfree(rt); 682 return (1); 683 } 684 685 return (0); 686 } 687 688 void 689 nd6_invalidate(struct rtentry *rt) 690 { 691 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 692 693 m_freem(ln->ln_hold); 694 ln->ln_hold = NULL; 695 ln->ln_state = ND6_LLINFO_INCOMPLETE; 696 ln->ln_asked = 0; 697 } 698 699 /* 700 * Free an nd6 llinfo entry. 701 * Since the function would cause significant changes in the kernel, DO NOT 702 * make it global, unless you have a strong reason for the change, and are sure 703 * that the change is safe. 704 */ 705 void 706 nd6_free(struct rtentry *rt) 707 { 708 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 709 struct in6_addr in6 = satosin6(rt_key(rt))->sin6_addr; 710 struct ifnet *ifp; 711 712 NET_ASSERT_LOCKED(); 713 714 ifp = if_get(rt->rt_ifidx); 715 716 if (!ip6_forwarding) { 717 if (ln->ln_router) { 718 /* 719 * rt6_flush must be called whether or not the neighbor 720 * is in the Default Router List. 721 * See a corresponding comment in nd6_na_input(). 722 */ 723 rt6_flush(&in6, ifp); 724 } 725 } 726 727 KASSERT(!ISSET(rt->rt_flags, RTF_LOCAL)); 728 nd6_invalidate(rt); 729 730 /* 731 * Detach the route from the routing tree and the list of neighbor 732 * caches, and disable the route entry not to be used in already 733 * cached routes. 734 */ 735 if (!ISSET(rt->rt_flags, RTF_STATIC|RTF_CACHED)) 736 rtdeletemsg(rt, ifp, ifp->if_rdomain); 737 738 if_put(ifp); 739 } 740 741 /* 742 * Upper-layer reachability hint for Neighbor Unreachability Detection. 743 * 744 * XXX cost-effective methods? 745 */ 746 void 747 nd6_nud_hint(struct rtentry *rt) 748 { 749 struct llinfo_nd6 *ln; 750 struct ifnet *ifp; 751 752 ifp = if_get(rt->rt_ifidx); 753 if (ifp == NULL) 754 return; 755 756 if ((rt->rt_flags & RTF_GATEWAY) != 0 || 757 (rt->rt_flags & RTF_LLINFO) == 0 || 758 rt->rt_llinfo == NULL || rt->rt_gateway == NULL || 759 rt->rt_gateway->sa_family != AF_LINK) { 760 /* This is not a host route. */ 761 goto out; 762 } 763 764 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 765 if (ln->ln_state < ND6_LLINFO_REACHABLE) 766 goto out; 767 768 /* 769 * if we get upper-layer reachability confirmation many times, 770 * it is possible we have false information. 771 */ 772 ln->ln_byhint++; 773 if (ln->ln_byhint > nd6_maxnudhint) 774 goto out; 775 776 ln->ln_state = ND6_LLINFO_REACHABLE; 777 if (!ND6_LLINFO_PERMANENT(ln)) 778 nd6_llinfo_settimer(ln, ND_IFINFO(ifp)->reachable); 779 out: 780 if_put(ifp); 781 } 782 783 void 784 nd6_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt) 785 { 786 struct sockaddr *gate = rt->rt_gateway; 787 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 788 struct ifaddr *ifa; 789 790 if (ISSET(rt->rt_flags, RTF_GATEWAY|RTF_MULTICAST)) 791 return; 792 793 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 794 /* 795 * This is probably an interface direct route for a link 796 * which does not need neighbor caches (e.g. fe80::%lo0/64). 797 * We do not need special treatment below for such a route. 798 * Moreover, the RTF_LLINFO flag which would be set below 799 * would annoy the ndp(8) command. 800 */ 801 return; 802 } 803 804 if (req == RTM_RESOLVE && nd6_need_cache(ifp) == 0) { 805 /* 806 * For routing daemons like ospf6d we allow neighbor discovery 807 * based on the cloning route only. This allows us to sent 808 * packets directly into a network without having an address 809 * with matching prefix on the interface. If the cloning 810 * route is used for an stf interface, we would mistakenly 811 * make a neighbor cache for the host route, and would see 812 * strange neighbor solicitation for the corresponding 813 * destination. In order to avoid confusion, we check if the 814 * interface is suitable for neighbor discovery, and stop the 815 * process if not. Additionally, we remove the LLINFO flag 816 * so that ndp(8) will not try to get the neighbor information 817 * of the destination. 818 */ 819 rt->rt_flags &= ~RTF_LLINFO; 820 return; 821 } 822 823 switch (req) { 824 case RTM_ADD: 825 if ((rt->rt_flags & RTF_CLONING) || 826 ((rt->rt_flags & (RTF_LLINFO | RTF_LOCAL)) && ln == NULL)) { 827 if (ln != NULL) 828 nd6_llinfo_settimer(ln, 0); 829 if ((rt->rt_flags & RTF_CLONING) != 0) 830 break; 831 } 832 /* 833 * In IPv4 code, we try to announce new RTF_ANNOUNCE entry here. 834 * We don't do that here since llinfo is not ready yet. 835 * 836 * There are also couple of other things to be discussed: 837 * - unsolicited NA code needs improvement beforehand 838 * - RFC2461 says we MAY send multicast unsolicited NA 839 * (7.2.6 paragraph 4), however, it also says that we 840 * SHOULD provide a mechanism to prevent multicast NA storm. 841 * we don't have anything like it right now. 842 * note that the mechanism needs a mutual agreement 843 * between proxies, which means that we need to implement 844 * a new protocol, or a new kludge. 845 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 846 * we need to check ip6forwarding before sending it. 847 * (or should we allow proxy ND configuration only for 848 * routers? there's no mention about proxy ND from hosts) 849 */ 850 #if 0 851 /* XXX it does not work */ 852 if (rt->rt_flags & RTF_ANNOUNCE) 853 nd6_na_output(ifp, 854 &satosin6(rt_key(rt))->sin6_addr, 855 &satosin6(rt_key(rt))->sin6_addr, 856 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 857 1, NULL); 858 #endif 859 /* FALLTHROUGH */ 860 case RTM_RESOLVE: 861 if (gate->sa_family != AF_LINK || 862 gate->sa_len < sizeof(struct sockaddr_dl)) { 863 log(LOG_DEBUG, "%s: bad gateway value: %s\n", 864 __func__, ifp->if_xname); 865 break; 866 } 867 satosdl(gate)->sdl_type = ifp->if_type; 868 satosdl(gate)->sdl_index = ifp->if_index; 869 if (ln != NULL) 870 break; /* This happens on a route change */ 871 /* 872 * Case 2: This route may come from cloning, or a manual route 873 * add with a LL address. 874 */ 875 ln = pool_get(&nd6_pool, PR_NOWAIT | PR_ZERO); 876 rt->rt_llinfo = (caddr_t)ln; 877 if (ln == NULL) { 878 log(LOG_DEBUG, "%s: pool get failed\n", __func__); 879 break; 880 } 881 nd6_inuse++; 882 nd6_allocated++; 883 ln->ln_rt = rt; 884 /* this is required for "ndp" command. - shin */ 885 if (req == RTM_ADD) { 886 /* 887 * gate should have some valid AF_LINK entry, 888 * and ln expire should have some lifetime 889 * which is specified by ndp command. 890 */ 891 ln->ln_state = ND6_LLINFO_REACHABLE; 892 ln->ln_byhint = 0; 893 } else { 894 /* 895 * When req == RTM_RESOLVE, rt is created and 896 * initialized in rtrequest(), so rt_expire is 0. 897 */ 898 ln->ln_state = ND6_LLINFO_NOSTATE; 899 nd6_llinfo_settimer(ln, 0); 900 } 901 rt->rt_flags |= RTF_LLINFO; 902 TAILQ_INSERT_HEAD(&nd6_list, ln, ln_list); 903 904 /* 905 * If we have too many cache entries, initiate immediate 906 * purging for some "less recently used" entries. Note that 907 * we cannot directly call nd6_free() here because it would 908 * cause re-entering rtable related routines triggering an LOR 909 * problem for FreeBSD. 910 */ 911 if (ip6_neighborgcthresh >= 0 && 912 nd6_inuse >= ip6_neighborgcthresh) { 913 int i; 914 915 for (i = 0; i < 10; i++) { 916 struct llinfo_nd6 *ln_end; 917 918 ln_end = TAILQ_LAST(&nd6_list, llinfo_nd6_head); 919 if (ln_end == ln) 920 break; 921 922 /* Move this entry to the head */ 923 TAILQ_REMOVE(&nd6_list, ln_end, ln_list); 924 TAILQ_INSERT_HEAD(&nd6_list, ln_end, ln_list); 925 926 if (ND6_LLINFO_PERMANENT(ln_end)) 927 continue; 928 929 if (ln_end->ln_state > ND6_LLINFO_INCOMPLETE) 930 ln_end->ln_state = ND6_LLINFO_STALE; 931 else 932 ln_end->ln_state = ND6_LLINFO_PURGE; 933 nd6_llinfo_settimer(ln_end, 0); 934 } 935 } 936 937 /* 938 * check if rt_key(rt) is one of my address assigned 939 * to the interface. 940 */ 941 ifa = &in6ifa_ifpwithaddr(ifp, 942 &satosin6(rt_key(rt))->sin6_addr)->ia_ifa; 943 if (ifa) { 944 ln->ln_state = ND6_LLINFO_REACHABLE; 945 ln->ln_byhint = 0; 946 rt->rt_expire = 0; 947 KASSERT(ifa == rt->rt_ifa); 948 } else if (rt->rt_flags & RTF_ANNOUNCE) { 949 ln->ln_state = ND6_LLINFO_REACHABLE; 950 ln->ln_byhint = 0; 951 rt->rt_expire = 0; 952 953 /* join solicited node multicast for proxy ND */ 954 if (ifp->if_flags & IFF_MULTICAST) { 955 struct in6_addr llsol; 956 int error; 957 958 llsol = satosin6(rt_key(rt))->sin6_addr; 959 llsol.s6_addr16[0] = htons(0xff02); 960 llsol.s6_addr16[1] = htons(ifp->if_index); 961 llsol.s6_addr32[1] = 0; 962 llsol.s6_addr32[2] = htonl(1); 963 llsol.s6_addr8[12] = 0xff; 964 965 if (in6_addmulti(&llsol, ifp, &error)) { 966 char addr[INET6_ADDRSTRLEN]; 967 nd6log((LOG_ERR, "%s: failed to join " 968 "%s (errno=%d)\n", ifp->if_xname, 969 inet_ntop(AF_INET6, &llsol, 970 addr, sizeof(addr)), 971 error)); 972 } 973 } 974 } 975 break; 976 977 case RTM_DELETE: 978 if (ln == NULL) 979 break; 980 /* leave from solicited node multicast for proxy ND */ 981 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 982 (ifp->if_flags & IFF_MULTICAST) != 0) { 983 struct in6_addr llsol; 984 struct in6_multi *in6m; 985 986 llsol = satosin6(rt_key(rt))->sin6_addr; 987 llsol.s6_addr16[0] = htons(0xff02); 988 llsol.s6_addr16[1] = htons(ifp->if_index); 989 llsol.s6_addr32[1] = 0; 990 llsol.s6_addr32[2] = htonl(1); 991 llsol.s6_addr8[12] = 0xff; 992 993 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 994 if (in6m) 995 in6_delmulti(in6m); 996 } 997 nd6_inuse--; 998 TAILQ_REMOVE(&nd6_list, ln, ln_list); 999 rt->rt_expire = 0; 1000 rt->rt_llinfo = NULL; 1001 rt->rt_flags &= ~RTF_LLINFO; 1002 m_freem(ln->ln_hold); 1003 pool_put(&nd6_pool, ln); 1004 break; 1005 1006 case RTM_INVALIDATE: 1007 if (!ISSET(rt->rt_flags, RTF_LOCAL)) 1008 nd6_invalidate(rt); 1009 break; 1010 } 1011 } 1012 1013 int 1014 nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) 1015 { 1016 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1017 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1018 struct rtentry *rt; 1019 1020 switch (cmd) { 1021 case SIOCGIFINFO_IN6: 1022 NET_RLOCK(); 1023 ndi->ndi = *ND_IFINFO(ifp); 1024 NET_RUNLOCK(); 1025 return (0); 1026 case SIOCGNBRINFO_IN6: 1027 { 1028 struct llinfo_nd6 *ln; 1029 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1030 time_t expire; 1031 1032 NET_RLOCK(); 1033 /* 1034 * XXX: KAME specific hack for scoped addresses 1035 * XXXX: for other scopes than link-local? 1036 */ 1037 if (IN6_IS_ADDR_LINKLOCAL(&nbi->addr) || 1038 IN6_IS_ADDR_MC_LINKLOCAL(&nbi->addr)) { 1039 u_int16_t *idp = (u_int16_t *)&nb_addr.s6_addr[2]; 1040 1041 if (*idp == 0) 1042 *idp = htons(ifp->if_index); 1043 } 1044 1045 rt = nd6_lookup(&nb_addr, 0, ifp, ifp->if_rdomain); 1046 if (rt == NULL || 1047 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) { 1048 rtfree(rt); 1049 NET_RUNLOCK(); 1050 return (EINVAL); 1051 } 1052 expire = ln->ln_rt->rt_expire; 1053 if (expire != 0) { 1054 expire -= time_uptime; 1055 expire += time_second; 1056 } 1057 1058 nbi->state = ln->ln_state; 1059 nbi->asked = ln->ln_asked; 1060 nbi->isrouter = ln->ln_router; 1061 nbi->expire = expire; 1062 1063 rtfree(rt); 1064 NET_RUNLOCK(); 1065 return (0); 1066 } 1067 } 1068 return (0); 1069 } 1070 1071 /* 1072 * Create neighbor cache entry and cache link-layer address, 1073 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1074 * 1075 * type - ICMP6 type 1076 * code - type dependent information 1077 */ 1078 void 1079 nd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr, 1080 int lladdrlen, int type, int code) 1081 { 1082 struct rtentry *rt = NULL; 1083 struct llinfo_nd6 *ln = NULL; 1084 int is_newentry; 1085 struct sockaddr_dl *sdl = NULL; 1086 int do_update; 1087 int olladdr; 1088 int llchange; 1089 int newstate = 0; 1090 1091 if (!ifp) 1092 panic("ifp == NULL in nd6_cache_lladdr"); 1093 if (!from) 1094 panic("from == NULL in nd6_cache_lladdr"); 1095 1096 /* nothing must be updated for unspecified address */ 1097 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1098 return; 1099 1100 /* 1101 * Validation about ifp->if_addrlen and lladdrlen must be done in 1102 * the caller. 1103 * 1104 * XXX If the link does not have link-layer address, what should 1105 * we do? (ifp->if_addrlen == 0) 1106 * Spec says nothing in sections for RA, RS and NA. There's small 1107 * description on it in NS section (RFC 2461 7.2.3). 1108 */ 1109 1110 rt = nd6_lookup(from, 0, ifp, ifp->if_rdomain); 1111 if (rt == NULL) { 1112 #if 0 1113 /* nothing must be done if there's no lladdr */ 1114 if (!lladdr || !lladdrlen) 1115 return NULL; 1116 #endif 1117 1118 rt = nd6_lookup(from, 1, ifp, ifp->if_rdomain); 1119 is_newentry = 1; 1120 } else { 1121 /* do nothing if static ndp is set */ 1122 if (rt->rt_flags & RTF_STATIC) { 1123 rtfree(rt); 1124 return; 1125 } 1126 is_newentry = 0; 1127 } 1128 1129 if (!rt) 1130 return; 1131 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 1132 fail: 1133 nd6_free(rt); 1134 rtfree(rt); 1135 return; 1136 } 1137 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1138 if (ln == NULL) 1139 goto fail; 1140 if (rt->rt_gateway == NULL) 1141 goto fail; 1142 if (rt->rt_gateway->sa_family != AF_LINK) 1143 goto fail; 1144 sdl = satosdl(rt->rt_gateway); 1145 1146 olladdr = (sdl->sdl_alen) ? 1 : 0; 1147 if (olladdr && lladdr) { 1148 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 1149 llchange = 1; 1150 else 1151 llchange = 0; 1152 } else 1153 llchange = 0; 1154 1155 /* 1156 * newentry olladdr lladdr llchange (*=record) 1157 * 0 n n -- (1) 1158 * 0 y n -- (2) 1159 * 0 n y -- (3) * STALE 1160 * 0 y y n (4) * 1161 * 0 y y y (5) * STALE 1162 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1163 * 1 -- y -- (7) * STALE 1164 */ 1165 1166 if (llchange) { 1167 char addr[INET6_ADDRSTRLEN]; 1168 log(LOG_INFO, "ndp info overwritten for %s by %s on %s\n", 1169 inet_ntop(AF_INET6, from, addr, sizeof(addr)), 1170 ether_sprintf(lladdr), ifp->if_xname); 1171 } 1172 if (lladdr) { /* (3-5) and (7) */ 1173 /* 1174 * Record source link-layer address 1175 * XXX is it dependent to ifp->if_type? 1176 */ 1177 sdl->sdl_alen = ifp->if_addrlen; 1178 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 1179 } 1180 1181 if (!is_newentry) { 1182 if ((!olladdr && lladdr) || /* (3) */ 1183 (olladdr && lladdr && llchange)) { /* (5) */ 1184 do_update = 1; 1185 newstate = ND6_LLINFO_STALE; 1186 } else /* (1-2,4) */ 1187 do_update = 0; 1188 } else { 1189 do_update = 1; 1190 if (!lladdr) /* (6) */ 1191 newstate = ND6_LLINFO_NOSTATE; 1192 else /* (7) */ 1193 newstate = ND6_LLINFO_STALE; 1194 } 1195 1196 if (do_update) { 1197 /* 1198 * Update the state of the neighbor cache. 1199 */ 1200 ln->ln_state = newstate; 1201 1202 if (ln->ln_state == ND6_LLINFO_STALE) { 1203 /* 1204 * Since nd6_resolve() in ifp->if_output() will cause 1205 * state transition to DELAY and reset the timer, 1206 * we must set the timer now, although it is actually 1207 * meaningless. 1208 */ 1209 nd6_llinfo_settimer(ln, nd6_gctimer); 1210 1211 if (ln->ln_hold) { 1212 struct mbuf *n = ln->ln_hold; 1213 ln->ln_hold = NULL; 1214 /* 1215 * we assume ifp is not a p2p here, so just 1216 * set the 2nd argument as the 1st one. 1217 */ 1218 ifp->if_output(ifp, n, rt_key(rt), rt); 1219 if (ln->ln_hold == n) { 1220 /* n is back in ln_hold. Discard. */ 1221 m_freem(ln->ln_hold); 1222 ln->ln_hold = NULL; 1223 } 1224 } 1225 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1226 /* probe right away */ 1227 nd6_llinfo_settimer(ln, 0); 1228 } 1229 } 1230 1231 /* 1232 * ICMP6 type dependent behavior. 1233 * 1234 * NS: clear IsRouter if new entry 1235 * RS: clear IsRouter 1236 * RA: set IsRouter if there's lladdr 1237 * redir: clear IsRouter if new entry 1238 * 1239 * RA case, (1): 1240 * The spec says that we must set IsRouter in the following cases: 1241 * - If lladdr exist, set IsRouter. This means (1-5). 1242 * - If it is old entry (!newentry), set IsRouter. This means (7). 1243 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1244 * A question arises for (1) case. (1) case has no lladdr in the 1245 * neighbor cache, this is similar to (6). 1246 * This case is rare but we figured that we MUST NOT set IsRouter. 1247 * 1248 * newentry olladdr lladdr llchange NS RS RA redir 1249 * D R 1250 * 0 n n -- (1) c ? s 1251 * 0 y n -- (2) c s s 1252 * 0 n y -- (3) c s s 1253 * 0 y y n (4) c s s 1254 * 0 y y y (5) c s s 1255 * 1 -- n -- (6) c c c s 1256 * 1 -- y -- (7) c c s c s 1257 * 1258 * (c=clear s=set) 1259 */ 1260 switch (type & 0xff) { 1261 case ND_NEIGHBOR_SOLICIT: 1262 /* 1263 * New entry must have is_router flag cleared. 1264 */ 1265 if (is_newentry) /* (6-7) */ 1266 ln->ln_router = 0; 1267 break; 1268 case ND_REDIRECT: 1269 /* 1270 * If the icmp is a redirect to a better router, always set the 1271 * is_router flag. Otherwise, if the entry is newly created, 1272 * clear the flag. [RFC 2461, sec 8.3] 1273 */ 1274 if (code == ND_REDIRECT_ROUTER) 1275 ln->ln_router = 1; 1276 else if (is_newentry) /* (6-7) */ 1277 ln->ln_router = 0; 1278 break; 1279 case ND_ROUTER_SOLICIT: 1280 /* 1281 * is_router flag must always be cleared. 1282 */ 1283 ln->ln_router = 0; 1284 break; 1285 case ND_ROUTER_ADVERT: 1286 /* 1287 * Mark an entry with lladdr as a router. 1288 */ 1289 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 1290 (is_newentry && lladdr)) { /* (7) */ 1291 ln->ln_router = 1; 1292 } 1293 break; 1294 } 1295 1296 rtfree(rt); 1297 } 1298 1299 void 1300 nd6_slowtimo(void *ignored_arg) 1301 { 1302 struct nd_ifinfo *nd6if; 1303 struct ifnet *ifp; 1304 1305 NET_LOCK(); 1306 1307 timeout_add_sec(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL); 1308 1309 TAILQ_FOREACH(ifp, &ifnet, if_list) { 1310 nd6if = ND_IFINFO(ifp); 1311 if (nd6if->basereachable && /* already initialized */ 1312 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1313 /* 1314 * Since reachable time rarely changes by router 1315 * advertisements, we SHOULD insure that a new random 1316 * value gets recomputed at least once every few hours. 1317 * (RFC 2461, 6.3.4) 1318 */ 1319 nd6if->recalctm = nd6_recalc_reachtm_interval; 1320 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 1321 } 1322 } 1323 NET_UNLOCK(); 1324 } 1325 1326 int 1327 nd6_resolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, 1328 struct sockaddr *dst, u_char *desten) 1329 { 1330 struct sockaddr_dl *sdl; 1331 struct rtentry *rt; 1332 struct llinfo_nd6 *ln = NULL; 1333 1334 if (m->m_flags & M_MCAST) { 1335 ETHER_MAP_IPV6_MULTICAST(&satosin6(dst)->sin6_addr, desten); 1336 return (0); 1337 } 1338 1339 rt = rt_getll(rt0); 1340 1341 if (ISSET(rt->rt_flags, RTF_REJECT) && 1342 (rt->rt_expire == 0 || time_uptime < rt->rt_expire)) { 1343 m_freem(m); 1344 return (rt == rt0 ? EHOSTDOWN : EHOSTUNREACH); 1345 } 1346 1347 /* 1348 * Address resolution or Neighbor Unreachability Detection 1349 * for the next hop. 1350 * At this point, the destination of the packet must be a unicast 1351 * or an anycast address(i.e. not a multicast). 1352 */ 1353 if (!ISSET(rt->rt_flags, RTF_LLINFO)) { 1354 char addr[INET6_ADDRSTRLEN]; 1355 log(LOG_DEBUG, "%s: %s: route contains no ND information\n", 1356 __func__, inet_ntop(AF_INET6, 1357 &satosin6(rt_key(rt))->sin6_addr, addr, sizeof(addr))); 1358 m_freem(m); 1359 return (EINVAL); 1360 } 1361 1362 if (rt->rt_gateway->sa_family != AF_LINK) { 1363 printf("%s: something odd happens\n", __func__); 1364 m_freem(m); 1365 return (EINVAL); 1366 } 1367 1368 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1369 KASSERT(ln != NULL); 1370 1371 /* 1372 * Move this entry to the head of the queue so that it is less likely 1373 * for this entry to be a target of forced garbage collection (see 1374 * nd6_rtrequest()). 1375 */ 1376 TAILQ_REMOVE(&nd6_list, ln, ln_list); 1377 TAILQ_INSERT_HEAD(&nd6_list, ln, ln_list); 1378 1379 /* 1380 * The first time we send a packet to a neighbor whose entry is 1381 * STALE, we have to change the state to DELAY and a sets a timer to 1382 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 1383 * neighbor unreachability detection on expiration. 1384 * (RFC 2461 7.3.3) 1385 */ 1386 if (ln->ln_state == ND6_LLINFO_STALE) { 1387 ln->ln_asked = 0; 1388 ln->ln_state = ND6_LLINFO_DELAY; 1389 nd6_llinfo_settimer(ln, nd6_delay); 1390 } 1391 1392 /* 1393 * If the neighbor cache entry has a state other than INCOMPLETE 1394 * (i.e. its link-layer address is already resolved), just 1395 * send the packet. 1396 */ 1397 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) { 1398 sdl = satosdl(rt->rt_gateway); 1399 if (sdl->sdl_alen != ETHER_ADDR_LEN) { 1400 char addr[INET6_ADDRSTRLEN]; 1401 log(LOG_DEBUG, "%s: %s: incorrect nd6 information\n", 1402 __func__, 1403 inet_ntop(AF_INET6, &satosin6(dst)->sin6_addr, 1404 addr, sizeof(addr))); 1405 m_freem(m); 1406 return (EINVAL); 1407 } 1408 1409 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 1410 return (0); 1411 } 1412 1413 /* 1414 * There is a neighbor cache entry, but no ethernet address 1415 * response yet. Replace the held mbuf (if any) with this 1416 * latest one. 1417 */ 1418 if (ln->ln_state == ND6_LLINFO_NOSTATE) 1419 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1420 m_freem(ln->ln_hold); 1421 ln->ln_hold = m; 1422 1423 /* 1424 * If there has been no NS for the neighbor after entering the 1425 * INCOMPLETE state, send the first solicitation. 1426 */ 1427 if (!ND6_LLINFO_PERMANENT(ln) && ln->ln_asked == 0) { 1428 ln->ln_asked++; 1429 nd6_llinfo_settimer(ln, ND_IFINFO(ifp)->retrans / 1000); 1430 nd6_ns_output(ifp, NULL, &satosin6(dst)->sin6_addr, ln, 0); 1431 } 1432 return (EAGAIN); 1433 } 1434 1435 int 1436 nd6_need_cache(struct ifnet *ifp) 1437 { 1438 /* 1439 * RFC2893 says: 1440 * - unidirectional tunnels needs no ND 1441 */ 1442 switch (ifp->if_type) { 1443 case IFT_ETHER: 1444 case IFT_IEEE80211: 1445 case IFT_CARP: 1446 return (1); 1447 default: 1448 return (0); 1449 } 1450 } 1451