1 /* $OpenBSD: nd6.c,v 1.234 2021/01/06 08:10:15 florian Exp $ */ 2 /* $KAME: nd6.c,v 1.280 2002/06/08 19:52:07 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include <sys/param.h> 34 #include <sys/systm.h> 35 #include <sys/timeout.h> 36 #include <sys/malloc.h> 37 #include <sys/mbuf.h> 38 #include <sys/socket.h> 39 #include <sys/sockio.h> 40 #include <sys/time.h> 41 #include <sys/kernel.h> 42 #include <sys/pool.h> 43 #include <sys/protosw.h> 44 #include <sys/errno.h> 45 #include <sys/ioctl.h> 46 #include <sys/syslog.h> 47 #include <sys/queue.h> 48 #include <sys/stdint.h> 49 #include <sys/task.h> 50 51 #include <net/if.h> 52 #include <net/if_dl.h> 53 #include <net/if_types.h> 54 #include <net/route.h> 55 56 #include <netinet/in.h> 57 #include <netinet/if_ether.h> 58 #include <netinet/ip_ipsp.h> 59 60 #include <netinet6/in6_var.h> 61 #include <netinet/ip6.h> 62 #include <netinet6/ip6_var.h> 63 #include <netinet6/nd6.h> 64 #include <netinet/icmp6.h> 65 66 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 67 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 68 69 /* timer values */ 70 int nd6_timer_next = -1; /* at which uptime nd6_timer runs */ 71 time_t nd6_expire_next = -1; /* at which uptime nd6_expire runs */ 72 int nd6_delay = 5; /* delay first probe time 5 second */ 73 int nd6_umaxtries = 3; /* maximum unicast query */ 74 int nd6_mmaxtries = 3; /* maximum multicast query */ 75 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 76 77 /* preventing too many loops in ND option parsing */ 78 int nd6_maxndopt = 10; /* max # of ND options allowed */ 79 80 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 81 82 #ifdef ND6_DEBUG 83 int nd6_debug = 1; 84 #else 85 int nd6_debug = 0; 86 #endif 87 88 TAILQ_HEAD(llinfo_nd6_head, llinfo_nd6) nd6_list; 89 struct pool nd6_pool; /* pool for llinfo_nd6 structures */ 90 int nd6_inuse, nd6_allocated; 91 92 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 93 94 void nd6_timer(void *); 95 void nd6_slowtimo(void *); 96 void nd6_expire(void *); 97 void nd6_expire_timer(void *); 98 void nd6_invalidate(struct rtentry *); 99 void nd6_free(struct rtentry *); 100 int nd6_llinfo_timer(struct rtentry *); 101 102 struct timeout nd6_timer_to; 103 struct timeout nd6_slowtimo_ch; 104 struct timeout nd6_expire_timeout; 105 struct task nd6_expire_task; 106 107 void 108 nd6_init(void) 109 { 110 static int nd6_init_done = 0; 111 112 if (nd6_init_done) { 113 log(LOG_NOTICE, "%s called more than once\n", __func__); 114 return; 115 } 116 117 TAILQ_INIT(&nd6_list); 118 pool_init(&nd6_pool, sizeof(struct llinfo_nd6), 0, 119 IPL_SOFTNET, 0, "nd6", NULL); 120 121 task_set(&nd6_expire_task, nd6_expire, NULL); 122 123 nd6_init_done = 1; 124 125 /* start timer */ 126 timeout_set_proc(&nd6_timer_to, nd6_timer, &nd6_timer_to); 127 timeout_set_proc(&nd6_slowtimo_ch, nd6_slowtimo, NULL); 128 timeout_add_sec(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL); 129 timeout_set(&nd6_expire_timeout, nd6_expire_timer, NULL); 130 } 131 132 struct nd_ifinfo * 133 nd6_ifattach(struct ifnet *ifp) 134 { 135 struct nd_ifinfo *nd; 136 137 nd = malloc(sizeof(*nd), M_IP6NDP, M_WAITOK | M_ZERO); 138 139 nd->initialized = 1; 140 141 nd->basereachable = REACHABLE_TIME; 142 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 143 nd->retrans = RETRANS_TIMER; 144 /* per-interface IFXF_AUTOCONF6 needs to be set too to accept RAs */ 145 146 return nd; 147 } 148 149 void 150 nd6_ifdetach(struct nd_ifinfo *nd) 151 { 152 153 free(nd, M_IP6NDP, sizeof(*nd)); 154 } 155 156 void 157 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 158 { 159 bzero(ndopts, sizeof(*ndopts)); 160 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 161 ndopts->nd_opts_last 162 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 163 164 if (icmp6len == 0) { 165 ndopts->nd_opts_done = 1; 166 ndopts->nd_opts_search = NULL; 167 } 168 } 169 170 /* 171 * Take one ND option. 172 */ 173 struct nd_opt_hdr * 174 nd6_option(union nd_opts *ndopts) 175 { 176 struct nd_opt_hdr *nd_opt; 177 int olen; 178 179 if (!ndopts) 180 panic("%s: ndopts == NULL", __func__); 181 if (!ndopts->nd_opts_last) 182 panic("%s: uninitialized ndopts", __func__); 183 if (!ndopts->nd_opts_search) 184 return NULL; 185 if (ndopts->nd_opts_done) 186 return NULL; 187 188 nd_opt = ndopts->nd_opts_search; 189 190 /* make sure nd_opt_len is inside the buffer */ 191 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 192 bzero(ndopts, sizeof(*ndopts)); 193 return NULL; 194 } 195 196 olen = nd_opt->nd_opt_len << 3; 197 if (olen == 0) { 198 /* 199 * Message validation requires that all included 200 * options have a length that is greater than zero. 201 */ 202 bzero(ndopts, sizeof(*ndopts)); 203 return NULL; 204 } 205 206 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 207 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 208 /* option overruns the end of buffer, invalid */ 209 bzero(ndopts, sizeof(*ndopts)); 210 return NULL; 211 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 212 /* reached the end of options chain */ 213 ndopts->nd_opts_done = 1; 214 ndopts->nd_opts_search = NULL; 215 } 216 return nd_opt; 217 } 218 219 /* 220 * Parse multiple ND options. 221 * This function is much easier to use, for ND routines that do not need 222 * multiple options of the same type. 223 */ 224 int 225 nd6_options(union nd_opts *ndopts) 226 { 227 struct nd_opt_hdr *nd_opt; 228 int i = 0; 229 230 if (!ndopts) 231 panic("%s: ndopts == NULL", __func__); 232 if (!ndopts->nd_opts_last) 233 panic("%s: uninitialized ndopts", __func__); 234 if (!ndopts->nd_opts_search) 235 return 0; 236 237 while (1) { 238 nd_opt = nd6_option(ndopts); 239 if (!nd_opt && !ndopts->nd_opts_last) { 240 /* 241 * Message validation requires that all included 242 * options have a length that is greater than zero. 243 */ 244 icmp6stat_inc(icp6s_nd_badopt); 245 bzero(ndopts, sizeof(*ndopts)); 246 return -1; 247 } 248 249 if (!nd_opt) 250 goto skip1; 251 252 switch (nd_opt->nd_opt_type) { 253 case ND_OPT_SOURCE_LINKADDR: 254 case ND_OPT_TARGET_LINKADDR: 255 case ND_OPT_MTU: 256 case ND_OPT_REDIRECTED_HEADER: 257 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 258 nd6log((LOG_INFO, 259 "duplicated ND6 option found (type=%d)\n", 260 nd_opt->nd_opt_type)); 261 /* XXX bark? */ 262 } else { 263 ndopts->nd_opt_array[nd_opt->nd_opt_type] 264 = nd_opt; 265 } 266 break; 267 case ND_OPT_PREFIX_INFORMATION: 268 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 269 ndopts->nd_opt_array[nd_opt->nd_opt_type] 270 = nd_opt; 271 } 272 ndopts->nd_opts_pi_end = 273 (struct nd_opt_prefix_info *)nd_opt; 274 break; 275 default: 276 /* 277 * Unknown options must be silently ignored, 278 * to accommodate future extension to the protocol. 279 */ 280 nd6log((LOG_DEBUG, 281 "nd6_options: unsupported option %d - " 282 "option ignored\n", nd_opt->nd_opt_type)); 283 } 284 285 skip1: 286 i++; 287 if (i > nd6_maxndopt) { 288 icmp6stat_inc(icp6s_nd_toomanyopt); 289 nd6log((LOG_INFO, "too many loop in nd opt\n")); 290 break; 291 } 292 293 if (ndopts->nd_opts_done) 294 break; 295 } 296 297 return 0; 298 } 299 300 /* 301 * ND6 timer routine to handle ND6 entries 302 */ 303 void 304 nd6_llinfo_settimer(struct llinfo_nd6 *ln, unsigned int secs) 305 { 306 time_t expire = getuptime() + secs; 307 308 NET_ASSERT_LOCKED(); 309 KASSERT(!ISSET(ln->ln_rt->rt_flags, RTF_LOCAL)); 310 311 ln->ln_rt->rt_expire = expire; 312 if (!timeout_pending(&nd6_timer_to) || expire < nd6_timer_next) { 313 nd6_timer_next = expire; 314 timeout_add_sec(&nd6_timer_to, secs); 315 } 316 } 317 318 void 319 nd6_timer(void *arg) 320 { 321 struct llinfo_nd6 *ln, *nln; 322 time_t expire = getuptime() + nd6_gctimer; 323 int secs; 324 325 NET_LOCK(); 326 TAILQ_FOREACH_SAFE(ln, &nd6_list, ln_list, nln) { 327 struct rtentry *rt = ln->ln_rt; 328 329 if (rt->rt_expire && rt->rt_expire <= getuptime()) 330 if (nd6_llinfo_timer(rt)) 331 continue; 332 333 if (rt->rt_expire && rt->rt_expire < expire) 334 expire = rt->rt_expire; 335 } 336 337 secs = expire - getuptime(); 338 if (secs < 0) 339 secs = 0; 340 if (!TAILQ_EMPTY(&nd6_list)) { 341 nd6_timer_next = getuptime() + secs; 342 timeout_add_sec(&nd6_timer_to, secs); 343 } 344 345 NET_UNLOCK(); 346 } 347 348 /* 349 * ND timer state handling. 350 * 351 * Returns 1 if `rt' should no longer be used, 0 otherwise. 352 */ 353 int 354 nd6_llinfo_timer(struct rtentry *rt) 355 { 356 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 357 struct sockaddr_in6 *dst = satosin6(rt_key(rt)); 358 struct ifnet *ifp; 359 struct nd_ifinfo *ndi = NULL; 360 361 NET_ASSERT_LOCKED(); 362 363 if ((ifp = if_get(rt->rt_ifidx)) == NULL) 364 return 1; 365 366 ndi = ND_IFINFO(ifp); 367 368 switch (ln->ln_state) { 369 case ND6_LLINFO_INCOMPLETE: 370 if (ln->ln_asked < nd6_mmaxtries) { 371 ln->ln_asked++; 372 nd6_llinfo_settimer(ln, ndi->retrans / 1000); 373 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); 374 } else { 375 struct mbuf *m = ln->ln_hold; 376 if (m) { 377 ln->ln_hold = NULL; 378 /* 379 * Fake rcvif to make the ICMP error 380 * more helpful in diagnosing for the 381 * receiver. 382 * XXX: should we consider 383 * older rcvif? 384 */ 385 m->m_pkthdr.ph_ifidx = rt->rt_ifidx; 386 387 icmp6_error(m, ICMP6_DST_UNREACH, 388 ICMP6_DST_UNREACH_ADDR, 0); 389 if (ln->ln_hold == m) { 390 /* m is back in ln_hold. Discard. */ 391 m_freem(ln->ln_hold); 392 ln->ln_hold = NULL; 393 } 394 } 395 nd6_free(rt); 396 ln = NULL; 397 } 398 break; 399 case ND6_LLINFO_REACHABLE: 400 if (!ND6_LLINFO_PERMANENT(ln)) { 401 ln->ln_state = ND6_LLINFO_STALE; 402 nd6_llinfo_settimer(ln, nd6_gctimer); 403 } 404 break; 405 406 case ND6_LLINFO_STALE: 407 case ND6_LLINFO_PURGE: 408 /* Garbage Collection(RFC 2461 5.3) */ 409 if (!ND6_LLINFO_PERMANENT(ln)) { 410 nd6_free(rt); 411 ln = NULL; 412 } 413 break; 414 415 case ND6_LLINFO_DELAY: 416 if (ndi) { 417 /* We need NUD */ 418 ln->ln_asked = 1; 419 ln->ln_state = ND6_LLINFO_PROBE; 420 nd6_llinfo_settimer(ln, ndi->retrans / 1000); 421 nd6_ns_output(ifp, &dst->sin6_addr, 422 &dst->sin6_addr, ln, 0); 423 } 424 break; 425 case ND6_LLINFO_PROBE: 426 if (ln->ln_asked < nd6_umaxtries) { 427 ln->ln_asked++; 428 nd6_llinfo_settimer(ln, ndi->retrans / 1000); 429 nd6_ns_output(ifp, &dst->sin6_addr, 430 &dst->sin6_addr, ln, 0); 431 } else { 432 nd6_free(rt); 433 ln = NULL; 434 } 435 break; 436 } 437 438 if_put(ifp); 439 440 return (ln == NULL); 441 } 442 443 void 444 nd6_expire_timer_update(struct in6_ifaddr *ia6) 445 { 446 time_t expire_time = INT64_MAX; 447 int secs; 448 449 KERNEL_ASSERT_LOCKED(); 450 451 if (ia6->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) 452 expire_time = ia6->ia6_lifetime.ia6t_expire; 453 454 if (!(ia6->ia6_flags & IN6_IFF_DEPRECATED) && 455 ia6->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME && 456 expire_time > ia6->ia6_lifetime.ia6t_preferred) 457 expire_time = ia6->ia6_lifetime.ia6t_preferred; 458 459 if (expire_time == INT64_MAX) 460 return; 461 462 /* 463 * IFA6_IS_INVALID() and IFA6_IS_DEPRECATED() check for uptime 464 * greater than ia6t_expire or ia6t_preferred, not greater or equal. 465 * Schedule timeout one second later so that either IFA6_IS_INVALID() 466 * or IFA6_IS_DEPRECATED() is true. 467 */ 468 expire_time++; 469 470 if (!timeout_pending(&nd6_expire_timeout) || 471 nd6_expire_next > expire_time) { 472 secs = expire_time - getuptime(); 473 if (secs < 0) 474 secs = 0; 475 476 timeout_add_sec(&nd6_expire_timeout, secs); 477 nd6_expire_next = expire_time; 478 } 479 } 480 481 /* 482 * Expire interface addresses. 483 */ 484 void 485 nd6_expire(void *unused) 486 { 487 struct ifnet *ifp; 488 489 KERNEL_LOCK(); 490 NET_LOCK(); 491 492 TAILQ_FOREACH(ifp, &ifnet, if_list) { 493 struct ifaddr *ifa, *nifa; 494 struct in6_ifaddr *ia6; 495 496 TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrlist, ifa_list, nifa) { 497 if (ifa->ifa_addr->sa_family != AF_INET6) 498 continue; 499 ia6 = ifatoia6(ifa); 500 /* check address lifetime */ 501 if (IFA6_IS_INVALID(ia6)) { 502 in6_purgeaddr(&ia6->ia_ifa); 503 } else { 504 if (IFA6_IS_DEPRECATED(ia6)) 505 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 506 nd6_expire_timer_update(ia6); 507 } 508 } 509 } 510 511 NET_UNLOCK(); 512 KERNEL_UNLOCK(); 513 } 514 515 void 516 nd6_expire_timer(void *unused) 517 { 518 task_add(net_tq(0), &nd6_expire_task); 519 } 520 521 /* 522 * Nuke neighbor cache/prefix/default router management table, right before 523 * ifp goes away. 524 */ 525 void 526 nd6_purge(struct ifnet *ifp) 527 { 528 struct llinfo_nd6 *ln, *nln; 529 530 NET_ASSERT_LOCKED(); 531 532 /* 533 * Nuke neighbor cache entries for the ifp. 534 */ 535 TAILQ_FOREACH_SAFE(ln, &nd6_list, ln_list, nln) { 536 struct rtentry *rt; 537 struct sockaddr_dl *sdl; 538 539 rt = ln->ln_rt; 540 if (rt != NULL && rt->rt_gateway != NULL && 541 rt->rt_gateway->sa_family == AF_LINK) { 542 sdl = satosdl(rt->rt_gateway); 543 if (sdl->sdl_index == ifp->if_index) 544 nd6_free(rt); 545 } 546 } 547 } 548 549 struct rtentry * 550 nd6_lookup(struct in6_addr *addr6, int create, struct ifnet *ifp, 551 u_int rtableid) 552 { 553 struct rtentry *rt; 554 struct sockaddr_in6 sin6; 555 int flags; 556 557 bzero(&sin6, sizeof(sin6)); 558 sin6.sin6_len = sizeof(struct sockaddr_in6); 559 sin6.sin6_family = AF_INET6; 560 sin6.sin6_addr = *addr6; 561 flags = (create) ? RT_RESOLVE : 0; 562 563 rt = rtalloc(sin6tosa(&sin6), flags, rtableid); 564 if (rt != NULL && (rt->rt_flags & RTF_LLINFO) == 0) { 565 /* 566 * This is the case for the default route. 567 * If we want to create a neighbor cache for the address, we 568 * should free the route for the destination and allocate an 569 * interface route. 570 */ 571 if (create) { 572 rtfree(rt); 573 rt = NULL; 574 } 575 } 576 if (rt == NULL) { 577 if (create && ifp) { 578 struct rt_addrinfo info; 579 struct ifaddr *ifa; 580 int error; 581 582 /* 583 * If no route is available and create is set, 584 * we allocate a host route for the destination 585 * and treat it like an interface route. 586 * This hack is necessary for a neighbor which can't 587 * be covered by our own prefix. 588 */ 589 ifa = ifaof_ifpforaddr(sin6tosa(&sin6), ifp); 590 if (ifa == NULL) 591 return (NULL); 592 593 /* 594 * Create a new route. RTF_LLINFO is necessary 595 * to create a Neighbor Cache entry for the 596 * destination in nd6_rtrequest which will be 597 * called in rtrequest. 598 */ 599 bzero(&info, sizeof(info)); 600 info.rti_ifa = ifa; 601 info.rti_flags = RTF_HOST | RTF_LLINFO; 602 info.rti_info[RTAX_DST] = sin6tosa(&sin6); 603 info.rti_info[RTAX_GATEWAY] = sdltosa(ifp->if_sadl); 604 error = rtrequest(RTM_ADD, &info, RTP_CONNECTED, &rt, 605 rtableid); 606 if (error) 607 return (NULL); 608 if (rt->rt_llinfo != NULL) { 609 struct llinfo_nd6 *ln = 610 (struct llinfo_nd6 *)rt->rt_llinfo; 611 ln->ln_state = ND6_LLINFO_NOSTATE; 612 } 613 } else 614 return (NULL); 615 } 616 /* 617 * Validation for the entry. 618 * Note that the check for rt_llinfo is necessary because a cloned 619 * route from a parent route that has the L flag (e.g. the default 620 * route to a p2p interface) may have the flag, too, while the 621 * destination is not actually a neighbor. 622 */ 623 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || 624 rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL || 625 (ifp != NULL && rt->rt_ifidx != ifp->if_index)) { 626 if (create) { 627 char addr[INET6_ADDRSTRLEN]; 628 nd6log((LOG_DEBUG, "%s: failed to lookup %s (if=%s)\n", 629 __func__, 630 inet_ntop(AF_INET6, addr6, addr, sizeof(addr)), 631 ifp ? ifp->if_xname : "unspec")); 632 } 633 rtfree(rt); 634 return (NULL); 635 } 636 return (rt); 637 } 638 639 /* 640 * Detect if a given IPv6 address identifies a neighbor on a given link. 641 * XXX: should take care of the destination of a p2p link? 642 */ 643 int 644 nd6_is_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp) 645 { 646 struct in6_ifaddr *ia6; 647 struct ifaddr *ifa; 648 struct rtentry *rt; 649 650 /* 651 * A link-local address is always a neighbor. 652 * XXX: we should use the sin6_scope_id field rather than the embedded 653 * interface index. 654 * XXX: a link does not necessarily specify a single interface. 655 */ 656 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) && 657 ntohs(*(u_int16_t *)&addr->sin6_addr.s6_addr[2]) == ifp->if_index) 658 return (1); 659 660 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { 661 if (ifa->ifa_addr->sa_family != AF_INET6) 662 continue; 663 664 ia6 = ifatoia6(ifa); 665 666 /* Prefix check down below. */ 667 if (ia6->ia6_flags & IN6_IFF_AUTOCONF) 668 continue; 669 670 if (IN6_ARE_MASKED_ADDR_EQUAL(&addr->sin6_addr, 671 &ia6->ia_addr.sin6_addr, 672 &ia6->ia_prefixmask.sin6_addr)) 673 return (1); 674 } 675 676 /* 677 * Even if the address matches none of our addresses, it might be 678 * in the neighbor cache. 679 */ 680 rt = nd6_lookup(&addr->sin6_addr, 0, ifp, ifp->if_rdomain); 681 if (rt != NULL) { 682 rtfree(rt); 683 return (1); 684 } 685 686 return (0); 687 } 688 689 void 690 nd6_invalidate(struct rtentry *rt) 691 { 692 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 693 struct sockaddr_dl *sdl = satosdl(rt->rt_gateway); 694 695 m_freem(ln->ln_hold); 696 sdl->sdl_alen = 0; 697 ln->ln_hold = NULL; 698 ln->ln_state = ND6_LLINFO_INCOMPLETE; 699 ln->ln_asked = 0; 700 } 701 702 /* 703 * Free an nd6 llinfo entry. 704 * Since the function would cause significant changes in the kernel, DO NOT 705 * make it global, unless you have a strong reason for the change, and are sure 706 * that the change is safe. 707 */ 708 void 709 nd6_free(struct rtentry *rt) 710 { 711 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 712 struct in6_addr in6 = satosin6(rt_key(rt))->sin6_addr; 713 struct ifnet *ifp; 714 715 NET_ASSERT_LOCKED(); 716 717 ifp = if_get(rt->rt_ifidx); 718 719 if (!ip6_forwarding) { 720 if (ln->ln_router) { 721 /* 722 * rt6_flush must be called whether or not the neighbor 723 * is in the Default Router List. 724 * See a corresponding comment in nd6_na_input(). 725 */ 726 rt6_flush(&in6, ifp); 727 } 728 } 729 730 KASSERT(!ISSET(rt->rt_flags, RTF_LOCAL)); 731 nd6_invalidate(rt); 732 733 /* 734 * Detach the route from the routing tree and the list of neighbor 735 * caches, and disable the route entry not to be used in already 736 * cached routes. 737 */ 738 if (!ISSET(rt->rt_flags, RTF_STATIC|RTF_CACHED)) 739 rtdeletemsg(rt, ifp, ifp->if_rdomain); 740 741 if_put(ifp); 742 } 743 744 /* 745 * Upper-layer reachability hint for Neighbor Unreachability Detection. 746 * 747 * XXX cost-effective methods? 748 */ 749 void 750 nd6_nud_hint(struct rtentry *rt) 751 { 752 struct llinfo_nd6 *ln; 753 struct ifnet *ifp; 754 755 ifp = if_get(rt->rt_ifidx); 756 if (ifp == NULL) 757 return; 758 759 if ((rt->rt_flags & RTF_GATEWAY) != 0 || 760 (rt->rt_flags & RTF_LLINFO) == 0 || 761 rt->rt_llinfo == NULL || rt->rt_gateway == NULL || 762 rt->rt_gateway->sa_family != AF_LINK) { 763 /* This is not a host route. */ 764 goto out; 765 } 766 767 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 768 if (ln->ln_state < ND6_LLINFO_REACHABLE) 769 goto out; 770 771 /* 772 * if we get upper-layer reachability confirmation many times, 773 * it is possible we have false information. 774 */ 775 ln->ln_byhint++; 776 if (ln->ln_byhint > nd6_maxnudhint) 777 goto out; 778 779 ln->ln_state = ND6_LLINFO_REACHABLE; 780 if (!ND6_LLINFO_PERMANENT(ln)) 781 nd6_llinfo_settimer(ln, ND_IFINFO(ifp)->reachable); 782 out: 783 if_put(ifp); 784 } 785 786 void 787 nd6_rtrequest(struct ifnet *ifp, int req, struct rtentry *rt) 788 { 789 struct sockaddr *gate = rt->rt_gateway; 790 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 791 struct ifaddr *ifa; 792 793 if (ISSET(rt->rt_flags, RTF_GATEWAY|RTF_MULTICAST|RTF_MPLS)) 794 return; 795 796 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 797 /* 798 * This is probably an interface direct route for a link 799 * which does not need neighbor caches (e.g. fe80::%lo0/64). 800 * We do not need special treatment below for such a route. 801 * Moreover, the RTF_LLINFO flag which would be set below 802 * would annoy the ndp(8) command. 803 */ 804 return; 805 } 806 807 if (req == RTM_RESOLVE && nd6_need_cache(ifp) == 0) { 808 /* 809 * For routing daemons like ospf6d we allow neighbor discovery 810 * based on the cloning route only. This allows us to sent 811 * packets directly into a network without having an address 812 * with matching prefix on the interface. If the cloning 813 * route is used for an stf interface, we would mistakenly 814 * make a neighbor cache for the host route, and would see 815 * strange neighbor solicitation for the corresponding 816 * destination. In order to avoid confusion, we check if the 817 * interface is suitable for neighbor discovery, and stop the 818 * process if not. Additionally, we remove the LLINFO flag 819 * so that ndp(8) will not try to get the neighbor information 820 * of the destination. 821 */ 822 rt->rt_flags &= ~RTF_LLINFO; 823 return; 824 } 825 826 switch (req) { 827 case RTM_ADD: 828 if ((rt->rt_flags & RTF_CLONING) || 829 ((rt->rt_flags & (RTF_LLINFO | RTF_LOCAL)) && ln == NULL)) { 830 if (ln != NULL) 831 nd6_llinfo_settimer(ln, 0); 832 if ((rt->rt_flags & RTF_CLONING) != 0) 833 break; 834 } 835 /* 836 * In IPv4 code, we try to announce new RTF_ANNOUNCE entry here. 837 * We don't do that here since llinfo is not ready yet. 838 * 839 * There are also couple of other things to be discussed: 840 * - unsolicited NA code needs improvement beforehand 841 * - RFC2461 says we MAY send multicast unsolicited NA 842 * (7.2.6 paragraph 4), however, it also says that we 843 * SHOULD provide a mechanism to prevent multicast NA storm. 844 * we don't have anything like it right now. 845 * note that the mechanism needs a mutual agreement 846 * between proxies, which means that we need to implement 847 * a new protocol, or a new kludge. 848 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 849 * we need to check ip6forwarding before sending it. 850 * (or should we allow proxy ND configuration only for 851 * routers? there's no mention about proxy ND from hosts) 852 */ 853 #if 0 854 /* XXX it does not work */ 855 if (rt->rt_flags & RTF_ANNOUNCE) 856 nd6_na_output(ifp, 857 &satosin6(rt_key(rt))->sin6_addr, 858 &satosin6(rt_key(rt))->sin6_addr, 859 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 860 1, NULL); 861 #endif 862 /* FALLTHROUGH */ 863 case RTM_RESOLVE: 864 if (gate->sa_family != AF_LINK || 865 gate->sa_len < sizeof(struct sockaddr_dl)) { 866 log(LOG_DEBUG, "%s: bad gateway value: %s\n", 867 __func__, ifp->if_xname); 868 break; 869 } 870 satosdl(gate)->sdl_type = ifp->if_type; 871 satosdl(gate)->sdl_index = ifp->if_index; 872 if (ln != NULL) 873 break; /* This happens on a route change */ 874 /* 875 * Case 2: This route may come from cloning, or a manual route 876 * add with a LL address. 877 */ 878 ln = pool_get(&nd6_pool, PR_NOWAIT | PR_ZERO); 879 rt->rt_llinfo = (caddr_t)ln; 880 if (ln == NULL) { 881 log(LOG_DEBUG, "%s: pool get failed\n", __func__); 882 break; 883 } 884 nd6_inuse++; 885 nd6_allocated++; 886 ln->ln_rt = rt; 887 /* this is required for "ndp" command. - shin */ 888 if (req == RTM_ADD) { 889 /* 890 * gate should have some valid AF_LINK entry, 891 * and ln expire should have some lifetime 892 * which is specified by ndp command. 893 */ 894 ln->ln_state = ND6_LLINFO_REACHABLE; 895 ln->ln_byhint = 0; 896 } else { 897 /* 898 * When req == RTM_RESOLVE, rt is created and 899 * initialized in rtrequest(), so rt_expire is 0. 900 */ 901 ln->ln_state = ND6_LLINFO_NOSTATE; 902 nd6_llinfo_settimer(ln, 0); 903 } 904 rt->rt_flags |= RTF_LLINFO; 905 TAILQ_INSERT_HEAD(&nd6_list, ln, ln_list); 906 907 /* 908 * If we have too many cache entries, initiate immediate 909 * purging for some "less recently used" entries. Note that 910 * we cannot directly call nd6_free() here because it would 911 * cause re-entering rtable related routines triggering an LOR 912 * problem for FreeBSD. 913 */ 914 if (ip6_neighborgcthresh >= 0 && 915 nd6_inuse >= ip6_neighborgcthresh) { 916 int i; 917 918 for (i = 0; i < 10; i++) { 919 struct llinfo_nd6 *ln_end; 920 921 ln_end = TAILQ_LAST(&nd6_list, llinfo_nd6_head); 922 if (ln_end == ln) 923 break; 924 925 /* Move this entry to the head */ 926 TAILQ_REMOVE(&nd6_list, ln_end, ln_list); 927 TAILQ_INSERT_HEAD(&nd6_list, ln_end, ln_list); 928 929 if (ND6_LLINFO_PERMANENT(ln_end)) 930 continue; 931 932 if (ln_end->ln_state > ND6_LLINFO_INCOMPLETE) 933 ln_end->ln_state = ND6_LLINFO_STALE; 934 else 935 ln_end->ln_state = ND6_LLINFO_PURGE; 936 nd6_llinfo_settimer(ln_end, 0); 937 } 938 } 939 940 /* 941 * check if rt_key(rt) is one of my address assigned 942 * to the interface. 943 */ 944 ifa = &in6ifa_ifpwithaddr(ifp, 945 &satosin6(rt_key(rt))->sin6_addr)->ia_ifa; 946 if (ifa) { 947 ln->ln_state = ND6_LLINFO_REACHABLE; 948 ln->ln_byhint = 0; 949 rt->rt_expire = 0; 950 KASSERT(ifa == rt->rt_ifa); 951 } else if (rt->rt_flags & RTF_ANNOUNCE) { 952 ln->ln_state = ND6_LLINFO_REACHABLE; 953 ln->ln_byhint = 0; 954 rt->rt_expire = 0; 955 956 /* join solicited node multicast for proxy ND */ 957 if (ifp->if_flags & IFF_MULTICAST) { 958 struct in6_addr llsol; 959 int error; 960 961 llsol = satosin6(rt_key(rt))->sin6_addr; 962 llsol.s6_addr16[0] = htons(0xff02); 963 llsol.s6_addr16[1] = htons(ifp->if_index); 964 llsol.s6_addr32[1] = 0; 965 llsol.s6_addr32[2] = htonl(1); 966 llsol.s6_addr8[12] = 0xff; 967 968 if (in6_addmulti(&llsol, ifp, &error)) { 969 char addr[INET6_ADDRSTRLEN]; 970 nd6log((LOG_ERR, "%s: failed to join " 971 "%s (errno=%d)\n", ifp->if_xname, 972 inet_ntop(AF_INET6, &llsol, 973 addr, sizeof(addr)), 974 error)); 975 } 976 } 977 } 978 break; 979 980 case RTM_DELETE: 981 if (ln == NULL) 982 break; 983 /* leave from solicited node multicast for proxy ND */ 984 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 985 (ifp->if_flags & IFF_MULTICAST) != 0) { 986 struct in6_addr llsol; 987 struct in6_multi *in6m; 988 989 llsol = satosin6(rt_key(rt))->sin6_addr; 990 llsol.s6_addr16[0] = htons(0xff02); 991 llsol.s6_addr16[1] = htons(ifp->if_index); 992 llsol.s6_addr32[1] = 0; 993 llsol.s6_addr32[2] = htonl(1); 994 llsol.s6_addr8[12] = 0xff; 995 996 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 997 if (in6m) 998 in6_delmulti(in6m); 999 } 1000 nd6_inuse--; 1001 TAILQ_REMOVE(&nd6_list, ln, ln_list); 1002 rt->rt_expire = 0; 1003 rt->rt_llinfo = NULL; 1004 rt->rt_flags &= ~RTF_LLINFO; 1005 m_freem(ln->ln_hold); 1006 pool_put(&nd6_pool, ln); 1007 break; 1008 1009 case RTM_INVALIDATE: 1010 if (ln == NULL) 1011 break; 1012 if (!ISSET(rt->rt_flags, RTF_LOCAL)) 1013 nd6_invalidate(rt); 1014 break; 1015 } 1016 } 1017 1018 int 1019 nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) 1020 { 1021 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1022 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1023 struct rtentry *rt; 1024 1025 switch (cmd) { 1026 case SIOCGIFINFO_IN6: 1027 NET_RLOCK_IN_IOCTL(); 1028 ndi->ndi = *ND_IFINFO(ifp); 1029 NET_RUNLOCK_IN_IOCTL(); 1030 return (0); 1031 case SIOCGNBRINFO_IN6: 1032 { 1033 struct llinfo_nd6 *ln; 1034 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1035 time_t expire; 1036 1037 NET_RLOCK_IN_IOCTL(); 1038 /* 1039 * XXX: KAME specific hack for scoped addresses 1040 * XXXX: for other scopes than link-local? 1041 */ 1042 if (IN6_IS_ADDR_LINKLOCAL(&nbi->addr) || 1043 IN6_IS_ADDR_MC_LINKLOCAL(&nbi->addr)) { 1044 u_int16_t *idp = (u_int16_t *)&nb_addr.s6_addr[2]; 1045 1046 if (*idp == 0) 1047 *idp = htons(ifp->if_index); 1048 } 1049 1050 rt = nd6_lookup(&nb_addr, 0, ifp, ifp->if_rdomain); 1051 if (rt == NULL || 1052 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) { 1053 rtfree(rt); 1054 NET_RUNLOCK_IN_IOCTL(); 1055 return (EINVAL); 1056 } 1057 expire = ln->ln_rt->rt_expire; 1058 if (expire != 0) { 1059 expire -= getuptime(); 1060 expire += gettime(); 1061 } 1062 1063 nbi->state = ln->ln_state; 1064 nbi->asked = ln->ln_asked; 1065 nbi->isrouter = ln->ln_router; 1066 nbi->expire = expire; 1067 1068 rtfree(rt); 1069 NET_RUNLOCK_IN_IOCTL(); 1070 return (0); 1071 } 1072 } 1073 return (0); 1074 } 1075 1076 /* 1077 * Create neighbor cache entry and cache link-layer address, 1078 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1079 * 1080 * type - ICMP6 type 1081 * code - type dependent information 1082 */ 1083 void 1084 nd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr, 1085 int lladdrlen, int type, int code) 1086 { 1087 struct rtentry *rt = NULL; 1088 struct llinfo_nd6 *ln = NULL; 1089 int is_newentry; 1090 struct sockaddr_dl *sdl = NULL; 1091 int do_update; 1092 int olladdr; 1093 int llchange; 1094 int newstate = 0; 1095 1096 if (!ifp) 1097 panic("%s: ifp == NULL", __func__); 1098 if (!from) 1099 panic("%s: from == NULL", __func__); 1100 1101 /* nothing must be updated for unspecified address */ 1102 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1103 return; 1104 1105 /* 1106 * Validation about ifp->if_addrlen and lladdrlen must be done in 1107 * the caller. 1108 * 1109 * XXX If the link does not have link-layer address, what should 1110 * we do? (ifp->if_addrlen == 0) 1111 * Spec says nothing in sections for RA, RS and NA. There's small 1112 * description on it in NS section (RFC 2461 7.2.3). 1113 */ 1114 1115 rt = nd6_lookup(from, 0, ifp, ifp->if_rdomain); 1116 if (rt == NULL) { 1117 rt = nd6_lookup(from, 1, ifp, ifp->if_rdomain); 1118 is_newentry = 1; 1119 } else { 1120 /* do not overwrite local or static entry */ 1121 if (ISSET(rt->rt_flags, RTF_STATIC|RTF_LOCAL)) { 1122 rtfree(rt); 1123 return; 1124 } 1125 is_newentry = 0; 1126 } 1127 1128 if (!rt) 1129 return; 1130 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 1131 fail: 1132 nd6_free(rt); 1133 rtfree(rt); 1134 return; 1135 } 1136 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1137 if (ln == NULL) 1138 goto fail; 1139 if (rt->rt_gateway == NULL) 1140 goto fail; 1141 if (rt->rt_gateway->sa_family != AF_LINK) 1142 goto fail; 1143 sdl = satosdl(rt->rt_gateway); 1144 1145 olladdr = (sdl->sdl_alen) ? 1 : 0; 1146 if (olladdr && lladdr) { 1147 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 1148 llchange = 1; 1149 else 1150 llchange = 0; 1151 } else 1152 llchange = 0; 1153 1154 /* 1155 * newentry olladdr lladdr llchange (*=record) 1156 * 0 n n -- (1) 1157 * 0 y n -- (2) 1158 * 0 n y -- (3) * STALE 1159 * 0 y y n (4) * 1160 * 0 y y y (5) * STALE 1161 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1162 * 1 -- y -- (7) * STALE 1163 */ 1164 1165 if (llchange) { 1166 char addr[INET6_ADDRSTRLEN]; 1167 log(LOG_INFO, "ndp info overwritten for %s by %s on %s\n", 1168 inet_ntop(AF_INET6, from, addr, sizeof(addr)), 1169 ether_sprintf(lladdr), ifp->if_xname); 1170 } 1171 if (lladdr) { /* (3-5) and (7) */ 1172 /* 1173 * Record source link-layer address 1174 * XXX is it dependent to ifp->if_type? 1175 */ 1176 sdl->sdl_alen = ifp->if_addrlen; 1177 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 1178 } 1179 1180 if (!is_newentry) { 1181 if ((!olladdr && lladdr) || /* (3) */ 1182 (olladdr && lladdr && llchange)) { /* (5) */ 1183 do_update = 1; 1184 newstate = ND6_LLINFO_STALE; 1185 } else /* (1-2,4) */ 1186 do_update = 0; 1187 } else { 1188 do_update = 1; 1189 if (!lladdr) /* (6) */ 1190 newstate = ND6_LLINFO_NOSTATE; 1191 else /* (7) */ 1192 newstate = ND6_LLINFO_STALE; 1193 } 1194 1195 if (do_update) { 1196 /* 1197 * Update the state of the neighbor cache. 1198 */ 1199 ln->ln_state = newstate; 1200 1201 if (ln->ln_state == ND6_LLINFO_STALE) { 1202 /* 1203 * Since nd6_resolve() in ifp->if_output() will cause 1204 * state transition to DELAY and reset the timer, 1205 * we must set the timer now, although it is actually 1206 * meaningless. 1207 */ 1208 nd6_llinfo_settimer(ln, nd6_gctimer); 1209 1210 if (ln->ln_hold) { 1211 struct mbuf *n = ln->ln_hold; 1212 ln->ln_hold = NULL; 1213 /* 1214 * we assume ifp is not a p2p here, so just 1215 * set the 2nd argument as the 1st one. 1216 */ 1217 ifp->if_output(ifp, n, rt_key(rt), rt); 1218 if (ln->ln_hold == n) { 1219 /* n is back in ln_hold. Discard. */ 1220 m_freem(ln->ln_hold); 1221 ln->ln_hold = NULL; 1222 } 1223 } 1224 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1225 /* probe right away */ 1226 nd6_llinfo_settimer(ln, 0); 1227 } 1228 } 1229 1230 /* 1231 * ICMP6 type dependent behavior. 1232 * 1233 * NS: clear IsRouter if new entry 1234 * RS: clear IsRouter 1235 * RA: set IsRouter if there's lladdr 1236 * redir: clear IsRouter if new entry 1237 * 1238 * RA case, (1): 1239 * The spec says that we must set IsRouter in the following cases: 1240 * - If lladdr exist, set IsRouter. This means (1-5). 1241 * - If it is old entry (!newentry), set IsRouter. This means (7). 1242 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1243 * A question arises for (1) case. (1) case has no lladdr in the 1244 * neighbor cache, this is similar to (6). 1245 * This case is rare but we figured that we MUST NOT set IsRouter. 1246 * 1247 * newentry olladdr lladdr llchange NS RS RA redir 1248 * D R 1249 * 0 n n -- (1) c ? s 1250 * 0 y n -- (2) c s s 1251 * 0 n y -- (3) c s s 1252 * 0 y y n (4) c s s 1253 * 0 y y y (5) c s s 1254 * 1 -- n -- (6) c c c s 1255 * 1 -- y -- (7) c c s c s 1256 * 1257 * (c=clear s=set) 1258 */ 1259 switch (type & 0xff) { 1260 case ND_NEIGHBOR_SOLICIT: 1261 /* 1262 * New entry must have is_router flag cleared. 1263 */ 1264 if (is_newentry) /* (6-7) */ 1265 ln->ln_router = 0; 1266 break; 1267 case ND_REDIRECT: 1268 /* 1269 * If the icmp is a redirect to a better router, always set the 1270 * is_router flag. Otherwise, if the entry is newly created, 1271 * clear the flag. [RFC 2461, sec 8.3] 1272 */ 1273 if (code == ND_REDIRECT_ROUTER) 1274 ln->ln_router = 1; 1275 else if (is_newentry) /* (6-7) */ 1276 ln->ln_router = 0; 1277 break; 1278 case ND_ROUTER_SOLICIT: 1279 /* 1280 * is_router flag must always be cleared. 1281 */ 1282 ln->ln_router = 0; 1283 break; 1284 case ND_ROUTER_ADVERT: 1285 /* 1286 * Mark an entry with lladdr as a router. 1287 */ 1288 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 1289 (is_newentry && lladdr)) { /* (7) */ 1290 ln->ln_router = 1; 1291 } 1292 break; 1293 } 1294 1295 rtfree(rt); 1296 } 1297 1298 void 1299 nd6_slowtimo(void *ignored_arg) 1300 { 1301 struct nd_ifinfo *nd6if; 1302 struct ifnet *ifp; 1303 1304 NET_LOCK(); 1305 1306 timeout_add_sec(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL); 1307 1308 TAILQ_FOREACH(ifp, &ifnet, if_list) { 1309 nd6if = ND_IFINFO(ifp); 1310 if (nd6if->basereachable && /* already initialized */ 1311 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1312 /* 1313 * Since reachable time rarely changes by router 1314 * advertisements, we SHOULD insure that a new random 1315 * value gets recomputed at least once every few hours. 1316 * (RFC 2461, 6.3.4) 1317 */ 1318 nd6if->recalctm = nd6_recalc_reachtm_interval; 1319 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 1320 } 1321 } 1322 NET_UNLOCK(); 1323 } 1324 1325 int 1326 nd6_resolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, 1327 struct sockaddr *dst, u_char *desten) 1328 { 1329 struct sockaddr_dl *sdl; 1330 struct rtentry *rt; 1331 struct llinfo_nd6 *ln = NULL; 1332 1333 if (m->m_flags & M_MCAST) { 1334 ETHER_MAP_IPV6_MULTICAST(&satosin6(dst)->sin6_addr, desten); 1335 return (0); 1336 } 1337 1338 rt = rt_getll(rt0); 1339 1340 if (ISSET(rt->rt_flags, RTF_REJECT) && 1341 (rt->rt_expire == 0 || getuptime() < rt->rt_expire)) { 1342 m_freem(m); 1343 return (rt == rt0 ? EHOSTDOWN : EHOSTUNREACH); 1344 } 1345 1346 /* 1347 * Address resolution or Neighbor Unreachability Detection 1348 * for the next hop. 1349 * At this point, the destination of the packet must be a unicast 1350 * or an anycast address(i.e. not a multicast). 1351 */ 1352 if (!ISSET(rt->rt_flags, RTF_LLINFO)) { 1353 char addr[INET6_ADDRSTRLEN]; 1354 log(LOG_DEBUG, "%s: %s: route contains no ND information\n", 1355 __func__, inet_ntop(AF_INET6, 1356 &satosin6(rt_key(rt))->sin6_addr, addr, sizeof(addr))); 1357 m_freem(m); 1358 return (EINVAL); 1359 } 1360 1361 if (rt->rt_gateway->sa_family != AF_LINK) { 1362 printf("%s: something odd happens\n", __func__); 1363 m_freem(m); 1364 return (EINVAL); 1365 } 1366 1367 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1368 KASSERT(ln != NULL); 1369 1370 /* 1371 * Move this entry to the head of the queue so that it is less likely 1372 * for this entry to be a target of forced garbage collection (see 1373 * nd6_rtrequest()). 1374 */ 1375 TAILQ_REMOVE(&nd6_list, ln, ln_list); 1376 TAILQ_INSERT_HEAD(&nd6_list, ln, ln_list); 1377 1378 /* 1379 * The first time we send a packet to a neighbor whose entry is 1380 * STALE, we have to change the state to DELAY and a sets a timer to 1381 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 1382 * neighbor unreachability detection on expiration. 1383 * (RFC 2461 7.3.3) 1384 */ 1385 if (ln->ln_state == ND6_LLINFO_STALE) { 1386 ln->ln_asked = 0; 1387 ln->ln_state = ND6_LLINFO_DELAY; 1388 nd6_llinfo_settimer(ln, nd6_delay); 1389 } 1390 1391 /* 1392 * If the neighbor cache entry has a state other than INCOMPLETE 1393 * (i.e. its link-layer address is already resolved), just 1394 * send the packet. 1395 */ 1396 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) { 1397 sdl = satosdl(rt->rt_gateway); 1398 if (sdl->sdl_alen != ETHER_ADDR_LEN) { 1399 char addr[INET6_ADDRSTRLEN]; 1400 log(LOG_DEBUG, "%s: %s: incorrect nd6 information\n", 1401 __func__, 1402 inet_ntop(AF_INET6, &satosin6(dst)->sin6_addr, 1403 addr, sizeof(addr))); 1404 m_freem(m); 1405 return (EINVAL); 1406 } 1407 1408 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 1409 return (0); 1410 } 1411 1412 /* 1413 * There is a neighbor cache entry, but no ethernet address 1414 * response yet. Replace the held mbuf (if any) with this 1415 * latest one. 1416 */ 1417 if (ln->ln_state == ND6_LLINFO_NOSTATE) 1418 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1419 m_freem(ln->ln_hold); 1420 ln->ln_hold = m; 1421 1422 /* 1423 * If there has been no NS for the neighbor after entering the 1424 * INCOMPLETE state, send the first solicitation. 1425 */ 1426 if (!ND6_LLINFO_PERMANENT(ln) && ln->ln_asked == 0) { 1427 ln->ln_asked++; 1428 nd6_llinfo_settimer(ln, ND_IFINFO(ifp)->retrans / 1000); 1429 nd6_ns_output(ifp, NULL, &satosin6(dst)->sin6_addr, ln, 0); 1430 } 1431 return (EAGAIN); 1432 } 1433 1434 int 1435 nd6_need_cache(struct ifnet *ifp) 1436 { 1437 /* 1438 * RFC2893 says: 1439 * - unidirectional tunnels needs no ND 1440 */ 1441 switch (ifp->if_type) { 1442 case IFT_ETHER: 1443 case IFT_IEEE80211: 1444 case IFT_CARP: 1445 return (1); 1446 default: 1447 return (0); 1448 } 1449 } 1450