1 /* $OpenBSD: nd6.c,v 1.37 2001/06/29 16:10:36 itojun Exp $ */ 2 /* $KAME: nd6.c,v 1.151 2001/06/19 14:24:41 sumikawa Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * XXX 35 * KAME 970409 note: 36 * BSD/OS version heavily modifies this code, related to llinfo. 37 * Since we don't have BSD/OS version of net/route.c in our hand, 38 * I left the code mostly as it was in 970310. -- itojun 39 */ 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/timeout.h> 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 #include <sys/socket.h> 47 #include <sys/sockio.h> 48 #include <sys/time.h> 49 #include <sys/kernel.h> 50 #include <sys/protosw.h> 51 #include <sys/errno.h> 52 #include <sys/ioctl.h> 53 #include <sys/syslog.h> 54 #include <sys/queue.h> 55 #include <dev/rndvar.h> 56 57 #include <net/if.h> 58 #include <net/if_dl.h> 59 #include <net/if_types.h> 60 #include <net/if_atm.h> 61 #include <net/route.h> 62 63 #include <netinet/in.h> 64 #include <netinet/if_ether.h> 65 #include <netinet/ip_ipsp.h> 66 67 #include <netinet6/in6_var.h> 68 #include <netinet/ip6.h> 69 #include <netinet6/ip6_var.h> 70 #include <netinet6/nd6.h> 71 #include <netinet6/in6_prefix.h> 72 #include <netinet/icmp6.h> 73 74 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 75 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 76 77 #define SIN6(s) ((struct sockaddr_in6 *)s) 78 #define SDL(s) ((struct sockaddr_dl *)s) 79 80 /* timer values */ 81 int nd6_prune = 1; /* walk list every 1 seconds */ 82 int nd6_delay = 5; /* delay first probe time 5 second */ 83 int nd6_umaxtries = 3; /* maximum unicast query */ 84 int nd6_mmaxtries = 3; /* maximum multicast query */ 85 int nd6_useloopback = 1; /* use loopback interface for local traffic */ 86 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 87 88 /* preventing too many loops in ND option parsing */ 89 int nd6_maxndopt = 10; /* max # of ND options allowed */ 90 91 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 92 93 #ifdef ND6_DEBUG 94 int nd6_debug = 1; 95 #else 96 int nd6_debug = 0; 97 #endif 98 99 /* for debugging? */ 100 static int nd6_inuse, nd6_allocated; 101 102 struct llinfo_nd6 llinfo_nd6 = {&llinfo_nd6, &llinfo_nd6}; 103 static size_t nd_ifinfo_indexlim = 8; 104 struct nd_ifinfo *nd_ifinfo = NULL; 105 struct nd_drhead nd_defrouter; 106 struct nd_prhead nd_prefix = { 0 }; 107 108 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 109 static struct sockaddr_in6 all1_sa; 110 111 static void nd6_slowtimo __P((void *)); 112 113 struct timeout nd6_slowtimo_ch; 114 struct timeout nd6_timer_ch; 115 extern struct timeout in6_tmpaddrtimer_ch; 116 117 void 118 nd6_init() 119 { 120 static int nd6_init_done = 0; 121 int i; 122 123 if (nd6_init_done) { 124 log(LOG_NOTICE, "nd6_init called more than once(ignored)\n"); 125 return; 126 } 127 128 all1_sa.sin6_family = AF_INET6; 129 all1_sa.sin6_len = sizeof(struct sockaddr_in6); 130 for (i = 0; i < sizeof(all1_sa.sin6_addr); i++) 131 all1_sa.sin6_addr.s6_addr[i] = 0xff; 132 133 /* initialization of the default router list */ 134 TAILQ_INIT(&nd_defrouter); 135 136 nd6_init_done = 1; 137 138 /* start timer */ 139 timeout_set(&nd6_slowtimo_ch, nd6_slowtimo, NULL); 140 timeout_add(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz); 141 } 142 143 void 144 nd6_ifattach(ifp) 145 struct ifnet *ifp; 146 { 147 148 /* 149 * We have some arrays that should be indexed by if_index. 150 * since if_index will grow dynamically, they should grow too. 151 */ 152 if (nd_ifinfo == NULL || if_index >= nd_ifinfo_indexlim) { 153 size_t n; 154 caddr_t q; 155 156 while (if_index >= nd_ifinfo_indexlim) 157 nd_ifinfo_indexlim <<= 1; 158 159 /* grow nd_ifinfo */ 160 n = nd_ifinfo_indexlim * sizeof(struct nd_ifinfo); 161 q = (caddr_t)malloc(n, M_IP6NDP, M_WAITOK); 162 bzero(q, n); 163 if (nd_ifinfo) { 164 bcopy((caddr_t)nd_ifinfo, q, n/2); 165 free((caddr_t)nd_ifinfo, M_IP6NDP); 166 } 167 nd_ifinfo = (struct nd_ifinfo *)q; 168 } 169 170 #define ND nd_ifinfo[ifp->if_index] 171 172 /* 173 * Don't initialize if called twice. 174 * XXX: to detect this, we should choose a member that is never set 175 * before initialization of the ND structure itself. We formaly used 176 * the linkmtu member, which was not suitable because it could be 177 * initialized via "ifconfig mtu". 178 */ 179 if (ND.basereachable) 180 return; 181 182 ND.linkmtu = ifindex2ifnet[ifp->if_index]->if_mtu; 183 ND.chlim = IPV6_DEFHLIM; 184 ND.basereachable = REACHABLE_TIME; 185 ND.reachable = ND_COMPUTE_RTIME(ND.basereachable); 186 ND.retrans = RETRANS_TIMER; 187 ND.receivedra = 0; 188 ND.flags = ND6_IFF_PERFORMNUD; 189 nd6_setmtu(ifp); 190 #undef ND 191 } 192 193 /* 194 * Reset ND level link MTU. This function is called when the physical MTU 195 * changes, which means we might have to adjust the ND level MTU. 196 */ 197 void 198 nd6_setmtu(ifp) 199 struct ifnet *ifp; 200 { 201 struct nd_ifinfo *ndi = &nd_ifinfo[ifp->if_index]; 202 u_long oldmaxmtu = ndi->maxmtu; 203 u_long oldlinkmtu = ndi->linkmtu; 204 205 switch (ifp->if_type) { 206 case IFT_ARCNET: /* XXX MTU handling needs more work */ 207 ndi->maxmtu = MIN(60480, ifp->if_mtu); 208 break; 209 case IFT_ETHER: 210 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 211 break; 212 case IFT_ATM: 213 ndi->maxmtu = MIN(ATMMTU, ifp->if_mtu); 214 break; 215 default: 216 ndi->maxmtu = ifp->if_mtu; 217 break; 218 } 219 220 if (oldmaxmtu != ndi->maxmtu) { 221 /* 222 * If the ND level MTU is not set yet, or if the maxmtu 223 * is reset to a smaller value than the ND level MTU, 224 * also reset the ND level MTU. 225 */ 226 if (ndi->linkmtu == 0 || 227 ndi->maxmtu < ndi->linkmtu) { 228 ndi->linkmtu = ndi->maxmtu; 229 /* also adjust in6_maxmtu if necessary. */ 230 if (oldlinkmtu == 0) { 231 /* 232 * XXX: the case analysis is grotty, but 233 * it is not efficient to call in6_setmaxmtu() 234 * here when we are during the initialization 235 * procedure. 236 */ 237 if (in6_maxmtu < ndi->linkmtu) 238 in6_maxmtu = ndi->linkmtu; 239 } else 240 in6_setmaxmtu(); 241 } 242 } 243 #undef MIN 244 } 245 246 void 247 nd6_option_init(opt, icmp6len, ndopts) 248 void *opt; 249 int icmp6len; 250 union nd_opts *ndopts; 251 { 252 bzero(ndopts, sizeof(*ndopts)); 253 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 254 ndopts->nd_opts_last 255 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 256 257 if (icmp6len == 0) { 258 ndopts->nd_opts_done = 1; 259 ndopts->nd_opts_search = NULL; 260 } 261 } 262 263 /* 264 * Take one ND option. 265 */ 266 struct nd_opt_hdr * 267 nd6_option(ndopts) 268 union nd_opts *ndopts; 269 { 270 struct nd_opt_hdr *nd_opt; 271 int olen; 272 273 if (!ndopts) 274 panic("ndopts == NULL in nd6_option\n"); 275 if (!ndopts->nd_opts_last) 276 panic("uninitialized ndopts in nd6_option\n"); 277 if (!ndopts->nd_opts_search) 278 return NULL; 279 if (ndopts->nd_opts_done) 280 return NULL; 281 282 nd_opt = ndopts->nd_opts_search; 283 284 /* make sure nd_opt_len is inside the buffer */ 285 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 286 bzero(ndopts, sizeof(*ndopts)); 287 return NULL; 288 } 289 290 olen = nd_opt->nd_opt_len << 3; 291 if (olen == 0) { 292 /* 293 * Message validation requires that all included 294 * options have a length that is greater than zero. 295 */ 296 bzero(ndopts, sizeof(*ndopts)); 297 return NULL; 298 } 299 300 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 301 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 302 /* option overruns the end of buffer, invalid */ 303 bzero(ndopts, sizeof(*ndopts)); 304 return NULL; 305 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 306 /* reached the end of options chain */ 307 ndopts->nd_opts_done = 1; 308 ndopts->nd_opts_search = NULL; 309 } 310 return nd_opt; 311 } 312 313 /* 314 * Parse multiple ND options. 315 * This function is much easier to use, for ND routines that do not need 316 * multiple options of the same type. 317 */ 318 int 319 nd6_options(ndopts) 320 union nd_opts *ndopts; 321 { 322 struct nd_opt_hdr *nd_opt; 323 int i = 0; 324 325 if (!ndopts) 326 panic("ndopts == NULL in nd6_options\n"); 327 if (!ndopts->nd_opts_last) 328 panic("uninitialized ndopts in nd6_options\n"); 329 if (!ndopts->nd_opts_search) 330 return 0; 331 332 while (1) { 333 nd_opt = nd6_option(ndopts); 334 if (!nd_opt && !ndopts->nd_opts_last) { 335 /* 336 * Message validation requires that all included 337 * options have a length that is greater than zero. 338 */ 339 icmp6stat.icp6s_nd_badopt++; 340 bzero(ndopts, sizeof(*ndopts)); 341 return -1; 342 } 343 344 if (!nd_opt) 345 goto skip1; 346 347 switch (nd_opt->nd_opt_type) { 348 case ND_OPT_SOURCE_LINKADDR: 349 case ND_OPT_TARGET_LINKADDR: 350 case ND_OPT_MTU: 351 case ND_OPT_REDIRECTED_HEADER: 352 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 353 nd6log((LOG_INFO, 354 "duplicated ND6 option found (type=%d)\n", 355 nd_opt->nd_opt_type)); 356 /* XXX bark? */ 357 } else { 358 ndopts->nd_opt_array[nd_opt->nd_opt_type] 359 = nd_opt; 360 } 361 break; 362 case ND_OPT_PREFIX_INFORMATION: 363 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 364 ndopts->nd_opt_array[nd_opt->nd_opt_type] 365 = nd_opt; 366 } 367 ndopts->nd_opts_pi_end = 368 (struct nd_opt_prefix_info *)nd_opt; 369 break; 370 default: 371 /* 372 * Unknown options must be silently ignored, 373 * to accomodate future extension to the protocol. 374 */ 375 nd6log((LOG_DEBUG, 376 "nd6_options: unsupported option %d - " 377 "option ignored\n", nd_opt->nd_opt_type)); 378 } 379 380 skip1: 381 i++; 382 if (i > nd6_maxndopt) { 383 icmp6stat.icp6s_nd_toomanyopt++; 384 nd6log((LOG_INFO, "too many loop in nd opt\n")); 385 break; 386 } 387 388 if (ndopts->nd_opts_done) 389 break; 390 } 391 392 return 0; 393 } 394 395 /* 396 * ND6 timer routine to expire default route list and prefix list 397 */ 398 void 399 nd6_timer(ignored_arg) 400 void *ignored_arg; 401 { 402 int s; 403 struct llinfo_nd6 *ln; 404 struct nd_defrouter *dr; 405 struct nd_prefix *pr; 406 long time_second = time.tv_sec; 407 408 s = splnet(); 409 410 timeout_set(&nd6_timer_ch, nd6_timer, NULL); 411 timeout_add(&nd6_timer_ch, nd6_prune * hz); 412 413 ln = llinfo_nd6.ln_next; 414 /* XXX BSD/OS separates this code -- itojun */ 415 while (ln && ln != &llinfo_nd6) { 416 struct rtentry *rt; 417 struct ifnet *ifp; 418 struct sockaddr_in6 *dst; 419 struct llinfo_nd6 *next = ln->ln_next; 420 /* XXX: used for the DELAY case only: */ 421 struct nd_ifinfo *ndi = NULL; 422 423 if ((rt = ln->ln_rt) == NULL) { 424 ln = next; 425 continue; 426 } 427 if ((ifp = rt->rt_ifp) == NULL) { 428 ln = next; 429 continue; 430 } 431 ndi = &nd_ifinfo[ifp->if_index]; 432 dst = (struct sockaddr_in6 *)rt_key(rt); 433 434 if (ln->ln_expire > time_second) { 435 ln = next; 436 continue; 437 } 438 439 /* sanity check */ 440 if (!rt) 441 panic("rt=0 in nd6_timer(ln=%p)\n", ln); 442 if (rt->rt_llinfo && (struct llinfo_nd6 *)rt->rt_llinfo != ln) 443 panic("rt_llinfo(%p) is not equal to ln(%p)\n", 444 rt->rt_llinfo, ln); 445 if (!dst) 446 panic("dst=0 in nd6_timer(ln=%p)\n", ln); 447 448 switch (ln->ln_state) { 449 case ND6_LLINFO_INCOMPLETE: 450 if (ln->ln_asked < nd6_mmaxtries) { 451 ln->ln_asked++; 452 ln->ln_expire = time_second + 453 nd_ifinfo[ifp->if_index].retrans / 1000; 454 nd6_ns_output(ifp, NULL, &dst->sin6_addr, 455 ln, 0); 456 } else { 457 struct mbuf *m = ln->ln_hold; 458 if (m) { 459 if (rt->rt_ifp) { 460 /* 461 * Fake rcvif to make ICMP error 462 * more helpful in diagnosing 463 * for the receiver. 464 * XXX: should we consider 465 * older rcvif? 466 */ 467 m->m_pkthdr.rcvif = rt->rt_ifp; 468 } 469 icmp6_error(m, ICMP6_DST_UNREACH, 470 ICMP6_DST_UNREACH_ADDR, 0); 471 ln->ln_hold = NULL; 472 } 473 next = nd6_free(rt); 474 } 475 break; 476 case ND6_LLINFO_REACHABLE: 477 if (ln->ln_expire) { 478 ln->ln_state = ND6_LLINFO_STALE; 479 ln->ln_expire = time_second + nd6_gctimer; 480 } 481 break; 482 483 case ND6_LLINFO_STALE: 484 /* Garbage Collection(RFC 2461 5.3) */ 485 if (ln->ln_expire) 486 next = nd6_free(rt); 487 break; 488 489 case ND6_LLINFO_DELAY: 490 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) { 491 /* We need NUD */ 492 ln->ln_asked = 1; 493 ln->ln_state = ND6_LLINFO_PROBE; 494 ln->ln_expire = time_second + 495 ndi->retrans / 1000; 496 nd6_ns_output(ifp, &dst->sin6_addr, 497 &dst->sin6_addr, 498 ln, 0); 499 } else { 500 ln->ln_state = ND6_LLINFO_STALE; /* XXX */ 501 ln->ln_expire = time_second + nd6_gctimer; 502 } 503 break; 504 case ND6_LLINFO_PROBE: 505 if (ln->ln_asked < nd6_umaxtries) { 506 ln->ln_asked++; 507 ln->ln_expire = time_second + 508 nd_ifinfo[ifp->if_index].retrans / 1000; 509 nd6_ns_output(ifp, &dst->sin6_addr, 510 &dst->sin6_addr, ln, 0); 511 } else 512 next = nd6_free(rt); 513 break; 514 } 515 ln = next; 516 } 517 518 /* expire default router list */ 519 dr = TAILQ_FIRST(&nd_defrouter); 520 while (dr) { 521 if (dr->expire && dr->expire < time_second) { 522 struct nd_defrouter *t; 523 t = TAILQ_NEXT(dr, dr_entry); 524 defrtrlist_del(dr); 525 dr = t; 526 } else 527 dr = TAILQ_NEXT(dr, dr_entry); 528 } 529 pr = nd_prefix.lh_first; 530 while (pr) { 531 struct in6_ifaddr *ia6; 532 struct in6_addrlifetime *lt6; 533 534 if (IN6_IS_ADDR_UNSPECIFIED(&pr->ndpr_addr)) 535 ia6 = NULL; 536 else 537 ia6 = in6ifa_ifpwithaddr(pr->ndpr_ifp, &pr->ndpr_addr); 538 539 if (ia6) { 540 /* check address lifetime */ 541 lt6 = &ia6->ia6_lifetime; 542 if (lt6->ia6t_preferred && lt6->ia6t_preferred < time_second) 543 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 544 if (lt6->ia6t_expire && lt6->ia6t_expire < time_second) { 545 if (!IN6_IS_ADDR_UNSPECIFIED(&pr->ndpr_addr)) 546 in6_ifdel(pr->ndpr_ifp, &pr->ndpr_addr); 547 /* xxx ND_OPT_PI_FLAG_ONLINK processing */ 548 } 549 } 550 551 /* 552 * check prefix lifetime. 553 * since pltime is just for autoconf, pltime processing for 554 * prefix is not necessary. 555 * 556 * we offset expire time by NDPR_KEEP_EXPIRE, so that we 557 * can use the old prefix information to validate the 558 * next prefix information to come. See prelist_update() 559 * for actual validation. 560 */ 561 if (pr->ndpr_expire 562 && pr->ndpr_expire + NDPR_KEEP_EXPIRED < time_second) { 563 struct nd_prefix *t; 564 t = pr->ndpr_next; 565 566 /* 567 * address expiration and prefix expiration are 568 * separate. NEVER perform in6_ifdel here. 569 */ 570 571 prelist_remove(pr); 572 pr = t; 573 } else 574 pr = pr->ndpr_next; 575 } 576 splx(s); 577 } 578 579 /* 580 * Nuke neighbor cache/prefix/default router management table, right before 581 * ifp goes away. 582 */ 583 void 584 nd6_purge(ifp) 585 struct ifnet *ifp; 586 { 587 struct llinfo_nd6 *ln, *nln; 588 struct nd_defrouter *dr, *ndr, drany; 589 struct nd_prefix *pr, *npr; 590 591 /* Nuke default router list entries toward ifp */ 592 if ((dr = TAILQ_FIRST(&nd_defrouter)) != NULL) { 593 /* 594 * The first entry of the list may be stored in 595 * the routing table, so we'll delete it later. 596 */ 597 for (dr = TAILQ_NEXT(dr, dr_entry); dr; dr = ndr) { 598 ndr = TAILQ_NEXT(dr, dr_entry); 599 if (dr->ifp == ifp) 600 defrtrlist_del(dr); 601 } 602 dr = TAILQ_FIRST(&nd_defrouter); 603 if (dr->ifp == ifp) 604 defrtrlist_del(dr); 605 } 606 607 /* Nuke prefix list entries toward ifp */ 608 for (pr = nd_prefix.lh_first; pr; pr = npr) { 609 npr = pr->ndpr_next; 610 if (pr->ndpr_ifp == ifp) { 611 if (!IN6_IS_ADDR_UNSPECIFIED(&pr->ndpr_addr)) 612 in6_ifdel(pr->ndpr_ifp, &pr->ndpr_addr); 613 prelist_remove(pr); 614 } 615 } 616 617 /* cancel default outgoing interface setting */ 618 if (nd6_defifindex == ifp->if_index) 619 nd6_setdefaultiface(0); 620 621 if (!ip6_forwarding && ip6_accept_rtadv) { /* XXX: too restrictive? */ 622 /* refresh default router list */ 623 bzero(&drany, sizeof(drany)); 624 defrouter_delreq(&drany, 0); 625 defrouter_select(); 626 } 627 628 /* 629 * Nuke neighbor cache entries for the ifp. 630 * Note that rt->rt_ifp may not be the same as ifp, 631 * due to KAME goto ours hack. See RTM_RESOLVE case in 632 * nd6_rtrequest(), and ip6_input(). 633 */ 634 ln = llinfo_nd6.ln_next; 635 while (ln && ln != &llinfo_nd6) { 636 struct rtentry *rt; 637 struct sockaddr_dl *sdl; 638 639 nln = ln->ln_next; 640 rt = ln->ln_rt; 641 if (rt && rt->rt_gateway && 642 rt->rt_gateway->sa_family == AF_LINK) { 643 sdl = (struct sockaddr_dl *)rt->rt_gateway; 644 if (sdl->sdl_index == ifp->if_index) 645 nln = nd6_free(rt); 646 } 647 ln = nln; 648 } 649 } 650 651 struct rtentry * 652 nd6_lookup(addr6, create, ifp) 653 struct in6_addr *addr6; 654 int create; 655 struct ifnet *ifp; 656 { 657 struct rtentry *rt; 658 struct sockaddr_in6 sin6; 659 660 bzero(&sin6, sizeof(sin6)); 661 sin6.sin6_len = sizeof(struct sockaddr_in6); 662 sin6.sin6_family = AF_INET6; 663 sin6.sin6_addr = *addr6; 664 rt = rtalloc1((struct sockaddr *)&sin6, create); 665 if (rt && (rt->rt_flags & RTF_LLINFO) == 0) { 666 /* 667 * This is the case for the default route. 668 * If we want to create a neighbor cache for the address, we 669 * should free the route for the destination and allocate an 670 * interface route. 671 */ 672 if (create) { 673 RTFREE(rt); 674 rt = 0; 675 } 676 } 677 if (!rt) { 678 if (create && ifp) { 679 int e; 680 681 /* 682 * If no route is available and create is set, 683 * we allocate a host route for the destination 684 * and treat it like an interface route. 685 * This hack is necessary for a neighbor which can't 686 * be covered by our own prefix. 687 */ 688 struct ifaddr *ifa = 689 ifaof_ifpforaddr((struct sockaddr *)&sin6, ifp); 690 if (ifa == NULL) 691 return(NULL); 692 693 /* 694 * Create a new route. RTF_LLINFO is necessary 695 * to create a Neighbor Cache entry for the 696 * destination in nd6_rtrequest which will be 697 * called in rtequest via ifa->ifa_rtrequest. 698 */ 699 if ((e = rtrequest(RTM_ADD, (struct sockaddr *)&sin6, 700 ifa->ifa_addr, 701 (struct sockaddr *)&all1_sa, 702 (ifa->ifa_flags | 703 RTF_HOST | RTF_LLINFO) & 704 ~RTF_CLONING, 705 &rt)) != 0) 706 log(LOG_ERR, 707 "nd6_lookup: failed to add route for a " 708 "neighbor(%s), errno=%d\n", 709 ip6_sprintf(addr6), e); 710 if (rt == NULL) 711 return(NULL); 712 if (rt->rt_llinfo) { 713 struct llinfo_nd6 *ln = 714 (struct llinfo_nd6 *)rt->rt_llinfo; 715 ln->ln_state = ND6_LLINFO_NOSTATE; 716 } 717 } else 718 return(NULL); 719 } 720 rt->rt_refcnt--; 721 /* 722 * Validation for the entry. 723 * XXX: we can't use rt->rt_ifp to check for the interface, since 724 * it might be the loopback interface if the entry is for our 725 * own address on a non-loopback interface. Instead, we should 726 * use rt->rt_ifa->ifa_ifp, which would specify the REAL interface. 727 */ 728 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || 729 rt->rt_gateway->sa_family != AF_LINK || 730 (ifp && rt->rt_ifa->ifa_ifp != ifp)) { 731 if (create) { 732 log(LOG_DEBUG, "nd6_lookup: failed to lookup %s (if = %s)\n", 733 ip6_sprintf(addr6), ifp ? ifp->if_xname : "unspec"); 734 /* xxx more logs... kazu */ 735 } 736 return(0); 737 } 738 return(rt); 739 } 740 741 /* 742 * Detect if a given IPv6 address identifies a neighbor on a given link. 743 * XXX: should take care of the destination of a p2p link? 744 */ 745 int 746 nd6_is_addr_neighbor(addr, ifp) 747 struct sockaddr_in6 *addr; 748 struct ifnet *ifp; 749 { 750 struct ifaddr *ifa; 751 int i; 752 753 #define IFADDR6(a) ((((struct in6_ifaddr *)(a))->ia_addr).sin6_addr) 754 #define IFMASK6(a) ((((struct in6_ifaddr *)(a))->ia_prefixmask).sin6_addr) 755 756 /* 757 * A link-local address is always a neighbor. 758 * XXX: we should use the sin6_scope_id field rather than the embedded 759 * interface index. 760 */ 761 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) && 762 ntohs(*(u_int16_t *)&addr->sin6_addr.s6_addr[2]) == ifp->if_index) 763 return(1); 764 765 /* 766 * If the address matches one of our addresses, 767 * it should be a neighbor. 768 */ 769 for (ifa = ifp->if_addrlist.tqh_first; 770 ifa; 771 ifa = ifa->ifa_list.tqe_next) 772 { 773 if (ifa->ifa_addr->sa_family != AF_INET6) 774 next: continue; 775 776 for (i = 0; i < 4; i++) { 777 if ((IFADDR6(ifa).s6_addr32[i] ^ 778 addr->sin6_addr.s6_addr32[i]) & 779 IFMASK6(ifa).s6_addr32[i]) 780 goto next; 781 } 782 return(1); 783 } 784 785 /* 786 * Even if the address matches none of our addresses, it might be 787 * in the neighbor cache. 788 */ 789 if (nd6_lookup(&addr->sin6_addr, 0, ifp)) 790 return(1); 791 792 return(0); 793 #undef IFADDR6 794 #undef IFMASK6 795 } 796 797 /* 798 * Free an nd6 llinfo entry. 799 */ 800 struct llinfo_nd6 * 801 nd6_free(rt) 802 struct rtentry *rt; 803 { 804 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo, *next; 805 struct in6_addr in6 = ((struct sockaddr_in6 *)rt_key(rt))->sin6_addr; 806 struct nd_defrouter *dr; 807 808 /* 809 * Clear all destination cache entries for the neighbor. 810 * XXX: is it better to restrict this to hosts? 811 */ 812 pfctlinput(PRC_HOSTDEAD, rt_key(rt)); 813 814 if (!ip6_forwarding && ip6_accept_rtadv) { /* XXX: too restrictive? */ 815 int s; 816 s = splnet(); 817 dr = defrouter_lookup(&((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 818 rt->rt_ifp); 819 if (ln->ln_router || dr) { 820 /* 821 * rt6_flush must be called whether or not the neighbor 822 * is in the Default Router List. 823 * See a corresponding comment in nd6_na_input(). 824 */ 825 rt6_flush(&in6, rt->rt_ifp); 826 } 827 828 if (dr) { 829 /* 830 * Unreachablity of a router might affect the default 831 * router selection and on-link detection of advertised 832 * prefixes. 833 */ 834 835 /* 836 * Temporarily fake the state to choose a new default 837 * router and to perform on-link determination of 838 * prefixes coreectly. 839 * Below the state will be set correctly, 840 * or the entry itself will be deleted. 841 */ 842 ln->ln_state = ND6_LLINFO_INCOMPLETE; 843 844 if (dr == TAILQ_FIRST(&nd_defrouter)) { 845 /* 846 * It is used as the current default router, 847 * so we have to move it to the end of the 848 * list and choose a new one. 849 * XXX: it is not very efficient if this is 850 * the only router. 851 */ 852 TAILQ_REMOVE(&nd_defrouter, dr, dr_entry); 853 TAILQ_INSERT_TAIL(&nd_defrouter, dr, dr_entry); 854 855 defrouter_select(); 856 } 857 pfxlist_onlink_check(); 858 } 859 splx(s); 860 } 861 862 /* 863 * Before deleting the entry, remember the next entry as the 864 * return value. We need this because pfxlist_onlink_check() above 865 * might have freed other entries (particularly the old next entry) as 866 * a side effect (XXX). 867 */ 868 next = ln->ln_next; 869 870 /* 871 * Detach the route from the routing tree and the list of neighbor 872 * caches, and disable the route entry not to be used in already 873 * cached routes. 874 */ 875 rtrequest(RTM_DELETE, rt_key(rt), (struct sockaddr *)0, 876 rt_mask(rt), 0, (struct rtentry **)0); 877 878 return(next); 879 } 880 881 /* 882 * Upper-layer reachability hint for Neighbor Unreachability Detection. 883 * 884 * XXX cost-effective metods? 885 */ 886 void 887 nd6_nud_hint(rt, dst6, force) 888 struct rtentry *rt; 889 struct in6_addr *dst6; 890 int force; 891 { 892 struct llinfo_nd6 *ln; 893 long time_second = time.tv_sec; 894 895 /* 896 * If the caller specified "rt", use that. Otherwise, resolve the 897 * routing table by supplied "dst6". 898 */ 899 if (!rt) { 900 if (!dst6) 901 return; 902 if (!(rt = nd6_lookup(dst6, 0, NULL))) 903 return; 904 } 905 906 if ((rt->rt_flags & RTF_GATEWAY) != 0 || 907 (rt->rt_flags & RTF_LLINFO) == 0 || 908 !rt->rt_llinfo || !rt->rt_gateway || 909 rt->rt_gateway->sa_family != AF_LINK) { 910 /* This is not a host route. */ 911 return; 912 } 913 914 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 915 if (ln->ln_state < ND6_LLINFO_REACHABLE) 916 return; 917 918 /* 919 * if we get upper-layer reachability confirmation many times, 920 * it is possible we have false information. 921 */ 922 if (!force) { 923 ln->ln_byhint++; 924 if (ln->ln_byhint > nd6_maxnudhint) 925 return; 926 } 927 928 ln->ln_state = ND6_LLINFO_REACHABLE; 929 if (ln->ln_expire) 930 ln->ln_expire = time_second + 931 nd_ifinfo[rt->rt_ifp->if_index].reachable; 932 } 933 934 #ifdef OLDIP6OUTPUT 935 /* 936 * Resolve an IP6 address into an ethernet address. If success, 937 * desten is filled in. If there is no entry in ndptab, 938 * set one up and multicast a solicitation for the IP6 address. 939 * Hold onto this mbuf and resend it once the address 940 * is finally resolved. A return value of 1 indicates 941 * that desten has been filled in and the packet should be sent 942 * normally; a 0 return indicates that the packet has been 943 * taken over here, either now or for later transmission. 944 */ 945 int 946 nd6_resolve(ifp, rt, m, dst, desten) 947 struct ifnet *ifp; 948 struct rtentry *rt; 949 struct mbuf *m; 950 struct sockaddr *dst; 951 u_char *desten; 952 { 953 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)NULL; 954 struct sockaddr_dl *sdl; 955 long time_second = time.tv_sec; 956 957 if (m->m_flags & M_MCAST) { 958 switch (ifp->if_type) { 959 case IFT_ETHER: 960 case IFT_FDDI: 961 ETHER_MAP_IPV6_MULTICAST(&SIN6(dst)->sin6_addr, 962 desten); 963 return(1); 964 break; 965 case IFT_ARCNET: 966 *desten = 0; 967 return(1); 968 default: 969 m_freem(m); 970 return(0); 971 } 972 } 973 if (rt && (rt->rt_flags & RTF_LLINFO) != 0) 974 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 975 else { 976 if ((rt = nd6_lookup(&(SIN6(dst)->sin6_addr), 1, ifp)) != NULL) 977 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 978 } 979 if (!ln || !rt) { 980 log(LOG_DEBUG, "nd6_resolve: can't allocate llinfo for %s\n", 981 ip6_sprintf(&(SIN6(dst)->sin6_addr))); 982 m_freem(m); 983 return(0); 984 } 985 sdl = SDL(rt->rt_gateway); 986 /* 987 * Ckeck the address family and length is valid, the address 988 * is resolved; otherwise, try to resolve. 989 */ 990 if (ln->ln_state >= ND6_LLINFO_REACHABLE 991 && sdl->sdl_family == AF_LINK 992 && sdl->sdl_alen != 0) { 993 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 994 if (ln->ln_state == ND6_LLINFO_STALE) { 995 ln->ln_asked = 0; 996 ln->ln_state = ND6_LLINFO_DELAY; 997 ln->ln_expire = time_second + nd6_delay; 998 } 999 return(1); 1000 } 1001 /* 1002 * There is an ndp entry, but no ethernet address 1003 * response yet. Replace the held mbuf with this 1004 * latest one. 1005 * 1006 * XXX Does the code conform to rate-limiting rule? 1007 * (RFC 2461 7.2.2) 1008 */ 1009 if (ln->ln_state == ND6_LLINFO_NOSTATE) 1010 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1011 if (ln->ln_hold) 1012 m_freem(ln->ln_hold); 1013 ln->ln_hold = m; 1014 if (ln->ln_expire) { 1015 if (ln->ln_asked < nd6_mmaxtries && 1016 ln->ln_expire < time_second) { 1017 ln->ln_asked++; 1018 ln->ln_expire = time_second + 1019 nd_ifinfo[ifp->if_index].retrans / 1000; 1020 nd6_ns_output(ifp, NULL, &(SIN6(dst)->sin6_addr), 1021 ln, 0); 1022 } 1023 } 1024 /* do not free mbuf here, it is queued into llinfo_nd6 */ 1025 return(0); 1026 } 1027 #endif /* OLDIP6OUTPUT */ 1028 1029 void 1030 nd6_rtrequest(req, rt, info) 1031 int req; 1032 struct rtentry *rt; 1033 struct rt_addrinfo *info; /* xxx unused */ 1034 { 1035 struct sockaddr *gate = rt->rt_gateway; 1036 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1037 static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK}; 1038 struct ifnet *ifp = rt->rt_ifp; 1039 struct ifaddr *ifa; 1040 long time_second = time.tv_sec; 1041 1042 if (rt->rt_flags & RTF_GATEWAY) 1043 return; 1044 1045 switch (req) { 1046 case RTM_ADD: 1047 /* 1048 * There is no backward compatibility :) 1049 * 1050 * if ((rt->rt_flags & RTF_HOST) == 0 && 1051 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 1052 * rt->rt_flags |= RTF_CLONING; 1053 */ 1054 if (rt->rt_flags & (RTF_CLONING | RTF_LLINFO)) { 1055 /* 1056 * Case 1: This route should come from 1057 * a route to interface. RTF_LLINFO flag is set 1058 * for a host route whose destination should be 1059 * treated as on-link. 1060 */ 1061 rt_setgate(rt, rt_key(rt), 1062 (struct sockaddr *)&null_sdl); 1063 gate = rt->rt_gateway; 1064 SDL(gate)->sdl_type = ifp->if_type; 1065 SDL(gate)->sdl_index = ifp->if_index; 1066 if (ln) 1067 ln->ln_expire = time_second; 1068 #if 1 1069 if (ln && ln->ln_expire == 0) { 1070 /* kludge for desktops */ 1071 #if 0 1072 printf("nd6_request: time.tv_sec is zero; " 1073 "treat it as 1\n"); 1074 #endif 1075 ln->ln_expire = 1; 1076 } 1077 #endif 1078 if (rt->rt_flags & RTF_CLONING) 1079 break; 1080 } 1081 /* 1082 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here. 1083 * We don't do that here since llinfo is not ready yet. 1084 * 1085 * There are also couple of other things to be discussed: 1086 * - unsolicited NA code needs improvement beforehand 1087 * - RFC2461 says we MAY send multicast unsolicited NA 1088 * (7.2.6 paragraph 4), however, it also says that we 1089 * SHOULD provide a mechanism to prevent multicast NA storm. 1090 * we don't have anything like it right now. 1091 * note that the mechanism needs a mutual agreement 1092 * between proxies, which means that we need to implement 1093 * a new protocol, or a new kludge. 1094 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 1095 * we need to check ip6forwarding before sending it. 1096 * (or should we allow proxy ND configuration only for 1097 * routers? there's no mention about proxy ND from hosts) 1098 */ 1099 #if 0 1100 /* XXX it does not work */ 1101 if (rt->rt_flags & RTF_ANNOUNCE) 1102 nd6_na_output(ifp, 1103 &SIN6(rt_key(rt))->sin6_addr, 1104 &SIN6(rt_key(rt))->sin6_addr, 1105 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 1106 1, NULL); 1107 #endif 1108 /* FALLTHROUGH */ 1109 case RTM_RESOLVE: 1110 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) { 1111 /* 1112 * Address resolution isn't necessary for a point to 1113 * point link, so we can skip this test for a p2p link. 1114 */ 1115 if (gate->sa_family != AF_LINK || 1116 gate->sa_len < sizeof(null_sdl)) { 1117 log(LOG_DEBUG, 1118 "nd6_rtrequest: bad gateway value: %s\n", 1119 ifp->if_xname); 1120 break; 1121 } 1122 SDL(gate)->sdl_type = ifp->if_type; 1123 SDL(gate)->sdl_index = ifp->if_index; 1124 } 1125 if (ln != NULL) 1126 break; /* This happens on a route change */ 1127 /* 1128 * Case 2: This route may come from cloning, or a manual route 1129 * add with a LL address. 1130 */ 1131 R_Malloc(ln, struct llinfo_nd6 *, sizeof(*ln)); 1132 rt->rt_llinfo = (caddr_t)ln; 1133 if (!ln) { 1134 log(LOG_DEBUG, "nd6_rtrequest: malloc failed\n"); 1135 break; 1136 } 1137 nd6_inuse++; 1138 nd6_allocated++; 1139 Bzero(ln, sizeof(*ln)); 1140 ln->ln_rt = rt; 1141 /* this is required for "ndp" command. - shin */ 1142 if (req == RTM_ADD) { 1143 /* 1144 * gate should have some valid AF_LINK entry, 1145 * and ln->ln_expire should have some lifetime 1146 * which is specified by ndp command. 1147 */ 1148 ln->ln_state = ND6_LLINFO_REACHABLE; 1149 ln->ln_byhint = 0; 1150 } else { 1151 /* 1152 * When req == RTM_RESOLVE, rt is created and 1153 * initialized in rtrequest(), so rt_expire is 0. 1154 */ 1155 ln->ln_state = ND6_LLINFO_NOSTATE; 1156 ln->ln_expire = time_second; 1157 } 1158 rt->rt_flags |= RTF_LLINFO; 1159 ln->ln_next = llinfo_nd6.ln_next; 1160 llinfo_nd6.ln_next = ln; 1161 ln->ln_prev = &llinfo_nd6; 1162 ln->ln_next->ln_prev = ln; 1163 1164 /* 1165 * check if rt_key(rt) is one of my address assigned 1166 * to the interface. 1167 */ 1168 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(rt->rt_ifp, 1169 &SIN6(rt_key(rt))->sin6_addr); 1170 if (ifa) { 1171 caddr_t macp = nd6_ifptomac(ifp); 1172 ln->ln_expire = 0; 1173 ln->ln_state = ND6_LLINFO_REACHABLE; 1174 ln->ln_byhint = 0; 1175 if (macp) { 1176 Bcopy(macp, LLADDR(SDL(gate)), ifp->if_addrlen); 1177 SDL(gate)->sdl_alen = ifp->if_addrlen; 1178 } 1179 if (nd6_useloopback) { 1180 rt->rt_ifp = lo0ifp; /*XXX*/ 1181 /* 1182 * Make sure rt_ifa be equal to the ifaddr 1183 * corresponding to the address. 1184 * We need this because when we refer 1185 * rt_ifa->ia6_flags in ip6_input, we assume 1186 * that the rt_ifa points to the address instead 1187 * of the loopback address. 1188 */ 1189 if (ifa != rt->rt_ifa) { 1190 IFAFREE(rt->rt_ifa); 1191 ifa->ifa_refcnt++; 1192 rt->rt_ifa = ifa; 1193 } 1194 } 1195 } else if (rt->rt_flags & RTF_ANNOUNCE) { 1196 ln->ln_expire = 0; 1197 ln->ln_state = ND6_LLINFO_REACHABLE; 1198 ln->ln_byhint = 0; 1199 1200 /* join solicited node multicast for proxy ND */ 1201 if (ifp->if_flags & IFF_MULTICAST) { 1202 struct in6_addr llsol; 1203 int error; 1204 1205 llsol = SIN6(rt_key(rt))->sin6_addr; 1206 llsol.s6_addr16[0] = htons(0xff02); 1207 llsol.s6_addr16[1] = htons(ifp->if_index); 1208 llsol.s6_addr32[1] = 0; 1209 llsol.s6_addr32[2] = htonl(1); 1210 llsol.s6_addr8[12] = 0xff; 1211 1212 (void)in6_addmulti(&llsol, ifp, &error); 1213 if (error) 1214 printf( 1215 "nd6_rtrequest: could not join solicited node multicast (errno=%d)\n", error); 1216 } 1217 } 1218 break; 1219 1220 case RTM_DELETE: 1221 if (!ln) 1222 break; 1223 /* leave from solicited node multicast for proxy ND */ 1224 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 1225 (ifp->if_flags & IFF_MULTICAST) != 0) { 1226 struct in6_addr llsol; 1227 struct in6_multi *in6m; 1228 1229 llsol = SIN6(rt_key(rt))->sin6_addr; 1230 llsol.s6_addr16[0] = htons(0xff02); 1231 llsol.s6_addr16[1] = htons(ifp->if_index); 1232 llsol.s6_addr32[1] = 0; 1233 llsol.s6_addr32[2] = htonl(1); 1234 llsol.s6_addr8[12] = 0xff; 1235 1236 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 1237 if (in6m) 1238 in6_delmulti(in6m); 1239 } 1240 nd6_inuse--; 1241 ln->ln_next->ln_prev = ln->ln_prev; 1242 ln->ln_prev->ln_next = ln->ln_next; 1243 ln->ln_prev = NULL; 1244 rt->rt_llinfo = 0; 1245 rt->rt_flags &= ~RTF_LLINFO; 1246 if (ln->ln_hold) 1247 m_freem(ln->ln_hold); 1248 Free((caddr_t)ln); 1249 } 1250 } 1251 1252 void 1253 nd6_p2p_rtrequest(req, rt, info) 1254 int req; 1255 struct rtentry *rt; 1256 struct rt_addrinfo *info; /* xxx unused */ 1257 { 1258 struct sockaddr *gate = rt->rt_gateway; 1259 static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK}; 1260 struct ifnet *ifp = rt->rt_ifp; 1261 struct ifaddr *ifa; 1262 1263 if (rt->rt_flags & RTF_GATEWAY) 1264 return; 1265 1266 switch (req) { 1267 case RTM_ADD: 1268 /* 1269 * There is no backward compatibility :) 1270 * 1271 * if ((rt->rt_flags & RTF_HOST) == 0 && 1272 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 1273 * rt->rt_flags |= RTF_CLONING; 1274 */ 1275 if (rt->rt_flags & RTF_CLONING) { 1276 /* 1277 * Case 1: This route should come from 1278 * a route to interface. 1279 */ 1280 rt_setgate(rt, rt_key(rt), 1281 (struct sockaddr *)&null_sdl); 1282 gate = rt->rt_gateway; 1283 SDL(gate)->sdl_type = ifp->if_type; 1284 SDL(gate)->sdl_index = ifp->if_index; 1285 break; 1286 } 1287 /* Announce a new entry if requested. */ 1288 if (rt->rt_flags & RTF_ANNOUNCE) 1289 nd6_na_output(ifp, 1290 &SIN6(rt_key(rt))->sin6_addr, 1291 &SIN6(rt_key(rt))->sin6_addr, 1292 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 1293 1, NULL); 1294 /* FALLTHROUGH */ 1295 case RTM_RESOLVE: 1296 /* 1297 * check if rt_key(rt) is one of my address assigned 1298 * to the interface. 1299 */ 1300 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(rt->rt_ifp, 1301 &SIN6(rt_key(rt))->sin6_addr); 1302 if (ifa) { 1303 if (nd6_useloopback) { 1304 rt->rt_ifp = lo0ifp; /*XXX*/ 1305 } 1306 } 1307 break; 1308 } 1309 } 1310 1311 int 1312 nd6_ioctl(cmd, data, ifp) 1313 u_long cmd; 1314 caddr_t data; 1315 struct ifnet *ifp; 1316 { 1317 struct in6_drlist *drl = (struct in6_drlist *)data; 1318 struct in6_prlist *prl = (struct in6_prlist *)data; 1319 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1320 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1321 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1322 struct nd_defrouter *dr, any; 1323 struct nd_prefix *pr; 1324 struct rtentry *rt; 1325 int i = 0, error = 0; 1326 int s; 1327 1328 switch (cmd) { 1329 case SIOCGDRLST_IN6: 1330 bzero(drl, sizeof(*drl)); 1331 s = splnet(); 1332 dr = TAILQ_FIRST(&nd_defrouter); 1333 while (dr && i < DRLSTSIZ) { 1334 drl->defrouter[i].rtaddr = dr->rtaddr; 1335 if (IN6_IS_ADDR_LINKLOCAL(&drl->defrouter[i].rtaddr)) { 1336 /* XXX: need to this hack for KAME stack */ 1337 drl->defrouter[i].rtaddr.s6_addr16[1] = 0; 1338 } else 1339 log(LOG_ERR, 1340 "default router list contains a " 1341 "non-linklocal address(%s)\n", 1342 ip6_sprintf(&drl->defrouter[i].rtaddr)); 1343 1344 drl->defrouter[i].flags = dr->flags; 1345 drl->defrouter[i].rtlifetime = dr->rtlifetime; 1346 drl->defrouter[i].expire = dr->expire; 1347 drl->defrouter[i].if_index = dr->ifp->if_index; 1348 i++; 1349 dr = TAILQ_NEXT(dr, dr_entry); 1350 } 1351 splx(s); 1352 break; 1353 case SIOCGPRLST_IN6: 1354 /* 1355 * XXX meaning of fields, especialy "raflags", is very 1356 * differnet between RA prefix list and RR/static prefix list. 1357 * how about separating ioctls into two? 1358 */ 1359 bzero(prl, sizeof(*prl)); 1360 s = splnet(); 1361 pr = nd_prefix.lh_first; 1362 while (pr && i < PRLSTSIZ) { 1363 struct nd_pfxrouter *pfr; 1364 int j; 1365 1366 prl->prefix[i].prefix = pr->ndpr_prefix.sin6_addr; 1367 prl->prefix[i].raflags = pr->ndpr_raf; 1368 prl->prefix[i].prefixlen = pr->ndpr_plen; 1369 prl->prefix[i].vltime = pr->ndpr_vltime; 1370 prl->prefix[i].pltime = pr->ndpr_pltime; 1371 prl->prefix[i].if_index = pr->ndpr_ifp->if_index; 1372 prl->prefix[i].expire = pr->ndpr_expire; 1373 1374 pfr = pr->ndpr_advrtrs.lh_first; 1375 j = 0; 1376 while(pfr) { 1377 if (j < DRLSTSIZ) { 1378 #define RTRADDR prl->prefix[i].advrtr[j] 1379 RTRADDR = pfr->router->rtaddr; 1380 if (IN6_IS_ADDR_LINKLOCAL(&RTRADDR)) { 1381 /* XXX: hack for KAME */ 1382 RTRADDR.s6_addr16[1] = 0; 1383 } else 1384 log(LOG_ERR, 1385 "a router(%s) advertises " 1386 "a prefix with " 1387 "non-link local address\n", 1388 ip6_sprintf(&RTRADDR)); 1389 #undef RTRADDR 1390 } 1391 j++; 1392 pfr = pfr->pfr_next; 1393 } 1394 prl->prefix[i].advrtrs = j; 1395 prl->prefix[i].origin = PR_ORIG_RA; 1396 1397 i++; 1398 pr = pr->ndpr_next; 1399 } 1400 { 1401 struct rr_prefix *rpp; 1402 1403 for (rpp = LIST_FIRST(&rr_prefix); rpp; 1404 rpp = LIST_NEXT(rpp, rp_entry)) { 1405 if (i >= PRLSTSIZ) 1406 break; 1407 prl->prefix[i].prefix = rpp->rp_prefix.sin6_addr; 1408 prl->prefix[i].raflags = rpp->rp_raf; 1409 prl->prefix[i].prefixlen = rpp->rp_plen; 1410 prl->prefix[i].vltime = rpp->rp_vltime; 1411 prl->prefix[i].pltime = rpp->rp_pltime; 1412 prl->prefix[i].if_index = rpp->rp_ifp->if_index; 1413 prl->prefix[i].expire = rpp->rp_expire; 1414 prl->prefix[i].advrtrs = 0; 1415 prl->prefix[i].origin = rpp->rp_origin; 1416 i++; 1417 } 1418 } 1419 splx(s); 1420 1421 break; 1422 case SIOCGIFINFO_IN6: 1423 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) { 1424 error = EINVAL; 1425 break; 1426 } 1427 ndi->ndi = nd_ifinfo[ifp->if_index]; 1428 break; 1429 case SIOCSIFINFO_FLAGS: 1430 /* XXX: almost all other fields of ndi->ndi is unused */ 1431 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) { 1432 error = EINVAL; 1433 break; 1434 } 1435 nd_ifinfo[ifp->if_index].flags = ndi->ndi.flags; 1436 break; 1437 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1438 /* flush default router list */ 1439 /* 1440 * xxx sumikawa: should not delete route if default 1441 * route equals to the top of default router list 1442 */ 1443 bzero(&any, sizeof(any)); 1444 defrouter_delreq(&any, 0); 1445 defrouter_select(); 1446 /* xxx sumikawa: flush prefix list */ 1447 break; 1448 case SIOCSPFXFLUSH_IN6: 1449 { 1450 /* flush all the prefix advertised by routers */ 1451 struct nd_prefix *pr, *next; 1452 1453 s = splnet(); 1454 1455 for (pr = nd_prefix.lh_first; pr; pr = next) { 1456 next = pr->ndpr_next; 1457 if (!IN6_IS_ADDR_UNSPECIFIED(&pr->ndpr_addr)) 1458 in6_ifdel(pr->ndpr_ifp, &pr->ndpr_addr); 1459 prelist_remove(pr); 1460 } 1461 splx(s); 1462 break; 1463 } 1464 case SIOCSRTRFLUSH_IN6: 1465 { 1466 /* flush all the default routers */ 1467 struct nd_defrouter *dr, *next; 1468 1469 s = splnet(); 1470 if ((dr = TAILQ_FIRST(&nd_defrouter)) != NULL) { 1471 /* 1472 * The first entry of the list may be stored in 1473 * the routing table, so we'll delete it later. 1474 */ 1475 for (dr = TAILQ_NEXT(dr, dr_entry); dr; dr = next) { 1476 next = TAILQ_NEXT(dr, dr_entry); 1477 defrtrlist_del(dr); 1478 } 1479 defrtrlist_del(TAILQ_FIRST(&nd_defrouter)); 1480 } 1481 splx(s); 1482 break; 1483 } 1484 case SIOCGNBRINFO_IN6: 1485 { 1486 struct llinfo_nd6 *ln; 1487 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1488 1489 /* 1490 * XXX: KAME specific hack for scoped addresses 1491 * XXXX: for other scopes than link-local? 1492 */ 1493 if (IN6_IS_ADDR_LINKLOCAL(&nbi->addr) || 1494 IN6_IS_ADDR_MC_LINKLOCAL(&nbi->addr)) { 1495 u_int16_t *idp = (u_int16_t *)&nb_addr.s6_addr[2]; 1496 1497 if (*idp == 0) 1498 *idp = htons(ifp->if_index); 1499 } 1500 1501 s = splnet(); 1502 1503 if ((rt = nd6_lookup(&nb_addr, 0, ifp)) == NULL) { 1504 error = EINVAL; 1505 splx(s); 1506 break; 1507 } 1508 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1509 nbi->state = ln->ln_state; 1510 nbi->asked = ln->ln_asked; 1511 nbi->isrouter = ln->ln_router; 1512 nbi->expire = ln->ln_expire; 1513 splx(s); 1514 1515 break; 1516 } 1517 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1518 ndif->ifindex = nd6_defifindex; 1519 break; 1520 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1521 return(nd6_setdefaultiface(ndif->ifindex)); 1522 break; 1523 } 1524 return(error); 1525 } 1526 1527 /* 1528 * Create neighbor cache entry and cache link-layer address, 1529 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1530 */ 1531 struct rtentry * 1532 nd6_cache_lladdr(ifp, from, lladdr, lladdrlen, type, code) 1533 struct ifnet *ifp; 1534 struct in6_addr *from; 1535 char *lladdr; 1536 int lladdrlen; 1537 int type; /* ICMP6 type */ 1538 int code; /* type dependent information */ 1539 { 1540 struct rtentry *rt = NULL; 1541 struct llinfo_nd6 *ln = NULL; 1542 int is_newentry; 1543 struct sockaddr_dl *sdl = NULL; 1544 int do_update; 1545 int olladdr; 1546 int llchange; 1547 int newstate = 0; 1548 long time_second = time.tv_sec; 1549 1550 if (!ifp) 1551 panic("ifp == NULL in nd6_cache_lladdr"); 1552 if (!from) 1553 panic("from == NULL in nd6_cache_lladdr"); 1554 1555 /* nothing must be updated for unspecified address */ 1556 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1557 return NULL; 1558 1559 /* 1560 * Validation about ifp->if_addrlen and lladdrlen must be done in 1561 * the caller. 1562 * 1563 * XXX If the link does not have link-layer adderss, what should 1564 * we do? (ifp->if_addrlen == 0) 1565 * Spec says nothing in sections for RA, RS and NA. There's small 1566 * description on it in NS section (RFC 2461 7.2.3). 1567 */ 1568 1569 rt = nd6_lookup(from, 0, ifp); 1570 if (!rt) { 1571 #if 0 1572 /* nothing must be done if there's no lladdr */ 1573 if (!lladdr || !lladdrlen) 1574 return NULL; 1575 #endif 1576 1577 rt = nd6_lookup(from, 1, ifp); 1578 is_newentry = 1; 1579 } else { 1580 /* do nothing if static ndp is set */ 1581 if (rt->rt_flags & RTF_STATIC) 1582 return NULL; 1583 is_newentry = 0; 1584 } 1585 1586 if (!rt) 1587 return NULL; 1588 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 1589 fail: 1590 (void)nd6_free(rt); 1591 return NULL; 1592 } 1593 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1594 if (!ln) 1595 goto fail; 1596 if (!rt->rt_gateway) 1597 goto fail; 1598 if (rt->rt_gateway->sa_family != AF_LINK) 1599 goto fail; 1600 sdl = SDL(rt->rt_gateway); 1601 1602 olladdr = (sdl->sdl_alen) ? 1 : 0; 1603 if (olladdr && lladdr) { 1604 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 1605 llchange = 1; 1606 else 1607 llchange = 0; 1608 } else 1609 llchange = 0; 1610 1611 /* 1612 * newentry olladdr lladdr llchange (*=record) 1613 * 0 n n -- (1) 1614 * 0 y n -- (2) 1615 * 0 n y -- (3) * STALE 1616 * 0 y y n (4) * 1617 * 0 y y y (5) * STALE 1618 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1619 * 1 -- y -- (7) * STALE 1620 */ 1621 1622 if (lladdr) { /*(3-5) and (7)*/ 1623 /* 1624 * Record source link-layer address 1625 * XXX is it dependent to ifp->if_type? 1626 */ 1627 sdl->sdl_alen = ifp->if_addrlen; 1628 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 1629 } 1630 1631 if (!is_newentry) { 1632 if ((!olladdr && lladdr) /*(3)*/ 1633 || (olladdr && lladdr && llchange)) { /*(5)*/ 1634 do_update = 1; 1635 newstate = ND6_LLINFO_STALE; 1636 } else /*(1-2,4)*/ 1637 do_update = 0; 1638 } else { 1639 do_update = 1; 1640 if (!lladdr) /*(6)*/ 1641 newstate = ND6_LLINFO_NOSTATE; 1642 else /*(7)*/ 1643 newstate = ND6_LLINFO_STALE; 1644 } 1645 1646 if (do_update) { 1647 /* 1648 * Update the state of the neighbor cache. 1649 */ 1650 ln->ln_state = newstate; 1651 1652 if (ln->ln_state == ND6_LLINFO_STALE) { 1653 /* 1654 * XXX: since nd6_output() below will cause 1655 * state tansition to DELAY and reset the timer, 1656 * we must set the timer now, although it is actually 1657 * meaningless. 1658 */ 1659 ln->ln_expire = time_second + nd6_gctimer; 1660 1661 if (ln->ln_hold) { 1662 #ifdef OLDIP6OUTPUT 1663 ln->ln_asked = 0; 1664 ln->ln_state = ND6_LLINFO_DELAY; 1665 ln->ln_expire = time_second + nd6_delay; 1666 (*ifp->if_output)(ifp, ln->ln_hold, 1667 rt_key(rt), rt); 1668 #else 1669 /* 1670 * we assume ifp is not a p2p here, so just 1671 * set the 2nd argument as the 1st one. 1672 */ 1673 nd6_output(ifp, ifp, ln->ln_hold, 1674 (struct sockaddr_in6 *)rt_key(rt), 1675 rt); 1676 #endif 1677 ln->ln_hold = NULL; 1678 } 1679 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1680 /* probe right away */ 1681 ln->ln_expire = time_second; 1682 } 1683 } 1684 1685 /* 1686 * ICMP6 type dependent behavior. 1687 * 1688 * NS: clear IsRouter if new entry 1689 * RS: clear IsRouter 1690 * RA: set IsRouter if there's lladdr 1691 * redir: clear IsRouter if new entry 1692 * 1693 * RA case, (1): 1694 * The spec says that we must set IsRouter in the following cases: 1695 * - If lladdr exist, set IsRouter. This means (1-5). 1696 * - If it is old entry (!newentry), set IsRouter. This means (7). 1697 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1698 * A quetion arises for (1) case. (1) case has no lladdr in the 1699 * neighbor cache, this is similar to (6). 1700 * This case is rare but we figured that we MUST NOT set IsRouter. 1701 * 1702 * newentry olladdr lladdr llchange NS RS RA redir 1703 * D R 1704 * 0 n n -- (1) c ? s 1705 * 0 y n -- (2) c s s 1706 * 0 n y -- (3) c s s 1707 * 0 y y n (4) c s s 1708 * 0 y y y (5) c s s 1709 * 1 -- n -- (6) c c c s 1710 * 1 -- y -- (7) c c s c s 1711 * 1712 * (c=clear s=set) 1713 */ 1714 switch (type & 0xff) { 1715 case ND_NEIGHBOR_SOLICIT: 1716 /* 1717 * New entry must have is_router flag cleared. 1718 */ 1719 if (is_newentry) /*(6-7)*/ 1720 ln->ln_router = 0; 1721 break; 1722 case ND_REDIRECT: 1723 /* 1724 * If the icmp is a redirect to a better router, always set the 1725 * is_router flag. Otherwise, if the entry is newly created, 1726 * clear the flag. [RFC 2461, sec 8.3] 1727 */ 1728 if (code == ND_REDIRECT_ROUTER) 1729 ln->ln_router = 1; 1730 else if (is_newentry) /*(6-7)*/ 1731 ln->ln_router = 0; 1732 break; 1733 case ND_ROUTER_SOLICIT: 1734 /* 1735 * is_router flag must always be cleared. 1736 */ 1737 ln->ln_router = 0; 1738 break; 1739 case ND_ROUTER_ADVERT: 1740 /* 1741 * Mark an entry with lladdr as a router. 1742 */ 1743 if ((!is_newentry && (olladdr || lladdr)) /*(2-5)*/ 1744 || (is_newentry && lladdr)) { /*(7)*/ 1745 ln->ln_router = 1; 1746 } 1747 break; 1748 } 1749 1750 /* 1751 * When the link-layer address of a router changes, select the 1752 * best router again. In particular, when the neighbor entry is newly 1753 * created, it might affect the selection policy. 1754 * Question: can we restrict the first condition to the "is_newentry" 1755 * case? 1756 * XXX: when we hear an RA from a new router with the link-layer 1757 * address option, defrouter_select() is called twice, since 1758 * defrtrlist_update called the function as well. However, I believe 1759 * we can compromise the overhead, since it only happens the first 1760 * time. 1761 */ 1762 if (do_update && ln->ln_router && !ip6_forwarding && ip6_accept_rtadv) 1763 defrouter_select(); 1764 1765 return rt; 1766 } 1767 1768 static void 1769 nd6_slowtimo(ignored_arg) 1770 void *ignored_arg; 1771 { 1772 int s = splnet(); 1773 int i; 1774 struct nd_ifinfo *nd6if; 1775 1776 timeout_set(&nd6_slowtimo_ch, nd6_slowtimo, NULL); 1777 timeout_add(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz); 1778 for (i = 1; i < if_index + 1; i++) { 1779 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) 1780 continue; 1781 nd6if = &nd_ifinfo[i]; 1782 if (nd6if->basereachable && /* already initialized */ 1783 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1784 /* 1785 * Since reachable time rarely changes by router 1786 * advertisements, we SHOULD insure that a new random 1787 * value gets recomputed at least once every few hours. 1788 * (RFC 2461, 6.3.4) 1789 */ 1790 nd6if->recalctm = nd6_recalc_reachtm_interval; 1791 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 1792 } 1793 } 1794 splx(s); 1795 } 1796 1797 #define senderr(e) { error = (e); goto bad;} 1798 int 1799 nd6_output(ifp, origifp, m0, dst, rt0) 1800 struct ifnet *ifp; 1801 struct ifnet *origifp; 1802 struct mbuf *m0; 1803 struct sockaddr_in6 *dst; 1804 struct rtentry *rt0; 1805 { 1806 struct mbuf *m = m0; 1807 struct rtentry *rt = rt0; 1808 struct sockaddr_in6 *gw6 = NULL; 1809 struct llinfo_nd6 *ln = NULL; 1810 int error = 0; 1811 long time_second = time.tv_sec; 1812 #ifdef IPSEC 1813 struct m_tag *mtag; 1814 #endif /* IPSEC */ 1815 1816 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr)) 1817 goto sendpkt; 1818 1819 /* 1820 * XXX: we currently do not make neighbor cache on any interface 1821 * other than ARCnet, Ethernet, FDDI and GIF. 1822 * 1823 * RFC2893 says: 1824 * - unidirectional tunnels needs no ND 1825 */ 1826 switch (ifp->if_type) { 1827 case IFT_ARCNET: 1828 case IFT_ETHER: 1829 case IFT_FDDI: 1830 case IFT_GIF: /* XXX need more cases? */ 1831 break; 1832 default: 1833 goto sendpkt; 1834 } 1835 1836 /* 1837 * next hop determination. This routine is derived from ether_outpout. 1838 */ 1839 if (rt) { 1840 if ((rt->rt_flags & RTF_UP) == 0) { 1841 if ((rt0 = rt = rtalloc1((struct sockaddr *)dst, 1)) != 1842 NULL) 1843 { 1844 rt->rt_refcnt--; 1845 if (rt->rt_ifp != ifp) { 1846 /* XXX: loop care? */ 1847 return nd6_output(ifp, origifp, m0, 1848 dst, rt); 1849 } 1850 } else 1851 senderr(EHOSTUNREACH); 1852 } 1853 1854 if (rt->rt_flags & RTF_GATEWAY) { 1855 gw6 = (struct sockaddr_in6 *)rt->rt_gateway; 1856 1857 /* 1858 * We skip link-layer address resolution and NUD 1859 * if the gateway is not a neighbor from ND point 1860 * of view, regardless the value of the 1861 * nd_ifinfo.flags. 1862 * The second condition is a bit tricky: we skip 1863 * if the gateway is our own address, which is 1864 * sometimes used to install a route to a p2p link. 1865 */ 1866 if (!nd6_is_addr_neighbor(gw6, ifp) || 1867 in6ifa_ifpwithaddr(ifp, &gw6->sin6_addr)) { 1868 /* 1869 * We allow this kind of tricky route only 1870 * when the outgoing interface is p2p. 1871 * XXX: we may need a more generic rule here. 1872 */ 1873 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 1874 senderr(EHOSTUNREACH); 1875 1876 goto sendpkt; 1877 } 1878 1879 if (rt->rt_gwroute == 0) 1880 goto lookup; 1881 if (((rt = rt->rt_gwroute)->rt_flags & RTF_UP) == 0) { 1882 rtfree(rt); rt = rt0; 1883 lookup: rt->rt_gwroute = rtalloc1(rt->rt_gateway, 1); 1884 if ((rt = rt->rt_gwroute) == 0) 1885 senderr(EHOSTUNREACH); 1886 } 1887 } 1888 } 1889 1890 /* 1891 * Address resolution or Neighbor Unreachability Detection 1892 * for the next hop. 1893 * At this point, the destination of the packet must be a unicast 1894 * or an anycast address(i.e. not a multicast). 1895 */ 1896 1897 /* Look up the neighbor cache for the nexthop */ 1898 if (rt && (rt->rt_flags & RTF_LLINFO) != 0) 1899 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1900 else { 1901 /* 1902 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 1903 * the condition below is not very efficient. But we believe 1904 * it is tolerable, because this should be a rare case. 1905 */ 1906 if (nd6_is_addr_neighbor(dst, ifp) && 1907 (rt = nd6_lookup(&dst->sin6_addr, 1, ifp)) != NULL) 1908 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1909 } 1910 if (!ln || !rt) { 1911 if ((ifp->if_flags & IFF_POINTOPOINT) == 0 && 1912 !(nd_ifinfo[ifp->if_index].flags & ND6_IFF_PERFORMNUD)) { 1913 log(LOG_DEBUG, 1914 "nd6_output: can't allocate llinfo for %s " 1915 "(ln=%p, rt=%p)\n", 1916 ip6_sprintf(&dst->sin6_addr), ln, rt); 1917 senderr(EIO); /* XXX: good error? */ 1918 } 1919 1920 goto sendpkt; /* send anyway */ 1921 } 1922 1923 /* We don't have to do link-layer address resolution on a p2p link. */ 1924 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 1925 ln->ln_state < ND6_LLINFO_REACHABLE) { 1926 ln->ln_state = ND6_LLINFO_STALE; 1927 ln->ln_expire = time_second + nd6_gctimer; 1928 } 1929 1930 /* 1931 * The first time we send a packet to a neighbor whose entry is 1932 * STALE, we have to change the state to DELAY and a sets a timer to 1933 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 1934 * neighbor unreachability detection on expiration. 1935 * (RFC 2461 7.3.3) 1936 */ 1937 if (ln->ln_state == ND6_LLINFO_STALE) { 1938 ln->ln_asked = 0; 1939 ln->ln_state = ND6_LLINFO_DELAY; 1940 ln->ln_expire = time_second + nd6_delay; 1941 } 1942 1943 /* 1944 * If the neighbor cache entry has a state other than INCOMPLETE 1945 * (i.e. its link-layer address is already reloved), just 1946 * send the packet. 1947 */ 1948 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 1949 goto sendpkt; 1950 1951 /* 1952 * There is a neighbor cache entry, but no ethernet address 1953 * response yet. Replace the held mbuf (if any) with this 1954 * latest one. 1955 * 1956 * XXX Does the code conform to rate-limiting rule? 1957 * (RFC 2461 7.2.2) 1958 */ 1959 if (ln->ln_state == ND6_LLINFO_NOSTATE) 1960 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1961 if (ln->ln_hold) 1962 m_freem(ln->ln_hold); 1963 ln->ln_hold = m; 1964 if (ln->ln_expire) { 1965 if (ln->ln_asked < nd6_mmaxtries && 1966 ln->ln_expire < time_second) { 1967 ln->ln_asked++; 1968 ln->ln_expire = time_second + 1969 nd_ifinfo[ifp->if_index].retrans / 1000; 1970 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); 1971 } 1972 } 1973 return(0); 1974 1975 sendpkt: 1976 #ifdef IPSEC 1977 /* 1978 * If the packet needs outgoing IPsec crypto processing and the 1979 * interface doesn't support it, drop it. 1980 */ 1981 mtag = m_tag_find(m, PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED, NULL); 1982 #endif /* IPSEC */ 1983 1984 if ((ifp->if_flags & IFF_LOOPBACK) != 0) { 1985 #ifdef IPSEC 1986 if (mtag != NULL && 1987 (origifp->if_capabilities & IFCAP_IPSEC) == 0) { 1988 /* Tell IPsec to do its own crypto. */ 1989 ipsp_skipcrypto_unmark((struct tdb_ident *)(mtag + 1)); 1990 error = EACCES; 1991 goto bad; 1992 } 1993 #endif /* IPSEC */ 1994 return((*ifp->if_output)(origifp, m, (struct sockaddr *)dst, 1995 rt)); 1996 } 1997 #ifdef IPSEC 1998 if (mtag != NULL && 1999 (ifp->if_capabilities & IFCAP_IPSEC) == 0) { 2000 /* Tell IPsec to do its own crypto. */ 2001 ipsp_skipcrypto_unmark((struct tdb_ident *)(mtag + 1)); 2002 error = EACCES; 2003 goto bad; 2004 } 2005 #endif /* IPSEC */ 2006 return((*ifp->if_output)(ifp, m, (struct sockaddr *)dst, rt)); 2007 2008 bad: 2009 if (m) 2010 m_freem(m); 2011 return (error); 2012 } 2013 #undef senderr 2014 2015 int 2016 nd6_storelladdr(ifp, rt, m, dst, desten) 2017 struct ifnet *ifp; 2018 struct rtentry *rt; 2019 struct mbuf *m; 2020 struct sockaddr *dst; 2021 u_char *desten; 2022 { 2023 struct sockaddr_dl *sdl; 2024 2025 if (m->m_flags & M_MCAST) { 2026 switch (ifp->if_type) { 2027 case IFT_ETHER: 2028 case IFT_FDDI: 2029 ETHER_MAP_IPV6_MULTICAST(&SIN6(dst)->sin6_addr, 2030 desten); 2031 return(1); 2032 break; 2033 case IFT_ARCNET: 2034 *desten = 0; 2035 return(1); 2036 default: 2037 m_freem(m); 2038 return(0); 2039 } 2040 } 2041 2042 if (rt == NULL) { 2043 /* this could happen, if we could not allocate memory */ 2044 m_freem(m); 2045 return(0); 2046 } 2047 if (rt->rt_gateway->sa_family != AF_LINK) { 2048 printf("nd6_storelladdr: something odd happens\n"); 2049 m_freem(m); 2050 return(0); 2051 } 2052 sdl = SDL(rt->rt_gateway); 2053 if (sdl->sdl_alen == 0) { 2054 /* this should be impossible, but we bark here for debugging */ 2055 printf("nd6_storelladdr: sdl_alen == 0\n"); 2056 m_freem(m); 2057 return(0); 2058 } 2059 2060 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 2061 return(1); 2062 } 2063