search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Expand PMF_FN_* macros.
[netbsd-mini2440.git] / sys / netinet / ip_carp.c
blob6bb0aa4554b79d60315a0cadba98f88f9012e28a
1 /* $NetBSD: ip_carp.c,v 1.38 2009/06/07 06:11:18 taca Exp $ */
2 /* $OpenBSD: ip_carp.c,v 1.113 2005/11/04 08:11:54 mcbride Exp $ */
3
4 /*
5 * Copyright (c) 2002 Michael Shalayeff. All rights reserved.
6 * Copyright (c) 2003 Ryan McBride. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
21 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
23 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
27 * THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #include <sys/cdefs.h>
31 __KERNEL_RCSID(0, "$NetBSD: ip_carp.c,v 1.38 2009/06/07 06:11:18 taca Exp $");
32
33 /*
34 * TODO:
35 * - iface reconfigure
36 * - support for hardware checksum calculations;
37 *
38 */
39
40 #include <sys/param.h>
41 #include <sys/proc.h>
42 #include <sys/mbuf.h>
43 #include <sys/socket.h>
44 #include <sys/socketvar.h>
45 #include <sys/callout.h>
46 #include <sys/ioctl.h>
47 #include <sys/errno.h>
48 #include <sys/device.h>
49 #include <sys/time.h>
50 #include <sys/kernel.h>
51 #include <sys/kauth.h>
52 #include <sys/sysctl.h>
53 #include <sys/ucred.h>
54 #include <sys/syslog.h>
55 #include <sys/acct.h>
56
57 #include <sys/cpu.h>
58
59 #include <net/if.h>
60 #include <net/pfil.h>
61 #include <net/if_types.h>
62 #include <net/if_ether.h>
63 #include <net/route.h>
64 #include <net/netisr.h>
65 #include <net/net_stats.h>
66 #include <netinet/if_inarp.h>
67
68 #include <machine/stdarg.h>
69
70 #if NFDDI > 0
71 #include <net/if_fddi.h>
72 #endif
73 #if NTOKEN > 0
74 #include <net/if_token.h>
75 #endif
76
77 #ifdef INET
78 #include <netinet/in.h>
79 #include <netinet/in_systm.h>
80 #include <netinet/in_var.h>
81 #include <netinet/ip.h>
82 #include <netinet/ip_var.h>
83
84 #include <net/if_dl.h>
85 #endif
86
87 #ifdef INET6
88 #include <netinet/icmp6.h>
89 #include <netinet/ip6.h>
90 #include <netinet6/ip6_var.h>
91 #include <netinet6/nd6.h>
92 #include <netinet6/scope6_var.h>
93 #endif
94
95 #include "bpfilter.h"
96 #if NBPFILTER > 0
97 #include <net/bpf.h>
98 #endif
99
100 #include <sys/sha1.h>
101
102 #include <netinet/ip_carp.h>
103
104 struct carp_mc_entry {
105 LIST_ENTRY(carp_mc_entry) mc_entries;
106 union {
107 struct ether_multi *mcu_enm;
108 } mc_u;
109 struct sockaddr_storage mc_addr;
110 };
111 #define mc_enm mc_u.mcu_enm
112
113 struct carp_softc {
114 struct ethercom sc_ac;
115 #define sc_if sc_ac.ec_if
116 #define sc_carpdev sc_ac.ec_if.if_carpdev
117 int ah_cookie;
118 int lh_cookie;
119 struct ip_moptions sc_imo;
120 #ifdef INET6
121 struct ip6_moptions sc_im6o;
122 #endif /* INET6 */
123 TAILQ_ENTRY(carp_softc) sc_list;
124
125 enum { INIT = 0, BACKUP, MASTER } sc_state;
126
127 int sc_suppress;
128 int sc_bow_out;
129
130 int sc_sendad_errors;
131 #define CARP_SENDAD_MAX_ERRORS 3
132 int sc_sendad_success;
133 #define CARP_SENDAD_MIN_SUCCESS 3
134
135 int sc_vhid;
136 int sc_advskew;
137 int sc_naddrs;
138 int sc_naddrs6;
139 int sc_advbase; /* seconds */
140 int sc_init_counter;
141 u_int64_t sc_counter;
142
143 /* authentication */
144 #define CARP_HMAC_PAD 64
145 unsigned char sc_key[CARP_KEY_LEN];
146 unsigned char sc_pad[CARP_HMAC_PAD];
147 SHA1_CTX sc_sha1;
148 u_int32_t sc_hashkey[2];
149
150 struct callout sc_ad_tmo; /* advertisement timeout */
151 struct callout sc_md_tmo; /* master down timeout */
152 struct callout sc_md6_tmo; /* master down timeout */
153
154 LIST_HEAD(__carp_mchead, carp_mc_entry) carp_mc_listhead;
155 };
156
157 int carp_suppress_preempt = 0;
158 int carp_opts[CARPCTL_MAXID] = { 0, 1, 0, 0, 0 }; /* XXX for now */
159
160 static percpu_t *carpstat_percpu;
161
162 #define CARP_STATINC(x) _NET_STATINC(carpstat_percpu, x)
163
164 struct carp_if {
165 TAILQ_HEAD(, carp_softc) vhif_vrs;
166 int vhif_nvrs;
167
168 struct ifnet *vhif_ifp;
169 };
170
171 #define CARP_LOG(sc, s) \
172 if (carp_opts[CARPCTL_LOG]) { \
173 if (sc) \
174 log(LOG_INFO, "%s: ", \
175 (sc)->sc_if.if_xname); \
176 else \
177 log(LOG_INFO, "carp: "); \
178 addlog s; \
179 addlog("\n"); \
180 }
181
182 void carp_hmac_prepare(struct carp_softc *);
183 void carp_hmac_generate(struct carp_softc *, u_int32_t *,
184 unsigned char *);
185 int carp_hmac_verify(struct carp_softc *, u_int32_t *,
186 unsigned char *);
187 void carp_setroute(struct carp_softc *, int);
188 void carp_proto_input_c(struct mbuf *, struct carp_header *, sa_family_t);
189 void carpattach(int);
190 void carpdetach(struct carp_softc *);
191 int carp_prepare_ad(struct mbuf *, struct carp_softc *,
192 struct carp_header *);
193 void carp_send_ad_all(void);
194 void carp_send_ad(void *);
195 void carp_send_arp(struct carp_softc *);
196 void carp_master_down(void *);
197 int carp_ioctl(struct ifnet *, u_long, void *);
198 void carp_start(struct ifnet *);
199 void carp_setrun(struct carp_softc *, sa_family_t);
200 void carp_set_state(struct carp_softc *, int);
201 int carp_addrcount(struct carp_if *, struct in_ifaddr *, int);
202 enum { CARP_COUNT_MASTER, CARP_COUNT_RUNNING };
203
204 void carp_multicast_cleanup(struct carp_softc *);
205 int carp_set_ifp(struct carp_softc *, struct ifnet *);
206 void carp_set_enaddr(struct carp_softc *);
207 void carp_addr_updated(void *);
208 u_int32_t carp_hash(struct carp_softc *, u_char *);
209 int carp_set_addr(struct carp_softc *, struct sockaddr_in *);
210 int carp_join_multicast(struct carp_softc *);
211 #ifdef INET6
212 void carp_send_na(struct carp_softc *);
213 int carp_set_addr6(struct carp_softc *, struct sockaddr_in6 *);
214 int carp_join_multicast6(struct carp_softc *);
215 #endif
216 int carp_clone_create(struct if_clone *, int);
217 int carp_clone_destroy(struct ifnet *);
218 int carp_ether_addmulti(struct carp_softc *, struct ifreq *);
219 int carp_ether_delmulti(struct carp_softc *, struct ifreq *);
220 void carp_ether_purgemulti(struct carp_softc *);
221
222 static void sysctl_net_inet_carp_setup(struct sysctllog **);
223
224 struct if_clone carp_cloner =
225 IF_CLONE_INITIALIZER("carp", carp_clone_create, carp_clone_destroy);
226
227 static __inline u_int16_t
228 carp_cksum(struct mbuf *m, int len)
229 {
230 return (in_cksum(m, len));
231 }
232
233 void
234 carp_hmac_prepare(struct carp_softc *sc)
235 {
236 u_int8_t carp_version = CARP_VERSION, type = CARP_ADVERTISEMENT;
237 u_int8_t vhid = sc->sc_vhid & 0xff;
238 SHA1_CTX sha1ctx;
239 u_int32_t kmd[5];
240 struct ifaddr *ifa;
241 int i, found;
242 struct in_addr last, cur, in;
243 #ifdef INET6
244 struct in6_addr last6, cur6, in6;
245 #endif /* INET6 */
246
247 /* compute ipad from key */
248 memset(sc->sc_pad, 0, sizeof(sc->sc_pad));
249 memcpy(sc->sc_pad, sc->sc_key, sizeof(sc->sc_key));
250 for (i = 0; i < sizeof(sc->sc_pad); i++)
251 sc->sc_pad[i] ^= 0x36;
252
253 /* precompute first part of inner hash */
254 SHA1Init(&sc->sc_sha1);
255 SHA1Update(&sc->sc_sha1, sc->sc_pad, sizeof(sc->sc_pad));
256 SHA1Update(&sc->sc_sha1, (void *)&carp_version, sizeof(carp_version));
257 SHA1Update(&sc->sc_sha1, (void *)&type, sizeof(type));
258
259 /* generate a key for the arpbalance hash, before the vhid is hashed */
260 memcpy(&sha1ctx, &sc->sc_sha1, sizeof(sha1ctx));
261 SHA1Final((unsigned char *)kmd, &sha1ctx);
262 sc->sc_hashkey[0] = kmd[0] ^ kmd[1];
263 sc->sc_hashkey[1] = kmd[2] ^ kmd[3];
264
265 /* the rest of the precomputation */
266 SHA1Update(&sc->sc_sha1, (void *)&vhid, sizeof(vhid));
267
268 /* Hash the addresses from smallest to largest, not interface order */
269 #ifdef INET
270 cur.s_addr = 0;
271 do {
272 found = 0;
273 last = cur;
274 cur.s_addr = 0xffffffff;
275 IFADDR_FOREACH(ifa, &sc->sc_if) {
276 in.s_addr = ifatoia(ifa)->ia_addr.sin_addr.s_addr;
277 if (ifa->ifa_addr->sa_family == AF_INET &&
278 ntohl(in.s_addr) > ntohl(last.s_addr) &&
279 ntohl(in.s_addr) < ntohl(cur.s_addr)) {
280 cur.s_addr = in.s_addr;
281 found++;
282 }
283 }
284 if (found)
285 SHA1Update(&sc->sc_sha1, (void *)&cur, sizeof(cur));
286 } while (found);
287 #endif /* INET */
288
289 #ifdef INET6
290 memset(&cur6, 0x00, sizeof(cur6));
291 do {
292 found = 0;
293 last6 = cur6;
294 memset(&cur6, 0xff, sizeof(cur6));
295 IFADDR_FOREACH(ifa, &sc->sc_if) {
296 in6 = ifatoia6(ifa)->ia_addr.sin6_addr;
297 if (IN6_IS_ADDR_LINKLOCAL(&in6))
298 in6.s6_addr16[1] = 0;
299 if (ifa->ifa_addr->sa_family == AF_INET6 &&
300 memcmp(&in6, &last6, sizeof(in6)) > 0 &&
301 memcmp(&in6, &cur6, sizeof(in6)) < 0) {
302 cur6 = in6;
303 found++;
304 }
305 }
306 if (found)
307 SHA1Update(&sc->sc_sha1, (void *)&cur6, sizeof(cur6));
308 } while (found);
309 #endif /* INET6 */
310
311 /* convert ipad to opad */
312 for (i = 0; i < sizeof(sc->sc_pad); i++)
313 sc->sc_pad[i] ^= 0x36 ^ 0x5c;
314 }
315
316 void
317 carp_hmac_generate(struct carp_softc *sc, u_int32_t counter[2],
318 unsigned char md[20])
319 {
320 SHA1_CTX sha1ctx;
321
322 /* fetch first half of inner hash */
323 memcpy(&sha1ctx, &sc->sc_sha1, sizeof(sha1ctx));
324
325 SHA1Update(&sha1ctx, (void *)counter, sizeof(sc->sc_counter));
326 SHA1Final(md, &sha1ctx);
327
328 /* outer hash */
329 SHA1Init(&sha1ctx);
330 SHA1Update(&sha1ctx, sc->sc_pad, sizeof(sc->sc_pad));
331 SHA1Update(&sha1ctx, md, 20);
332 SHA1Final(md, &sha1ctx);
333 }
334
335 int
336 carp_hmac_verify(struct carp_softc *sc, u_int32_t counter[2],
337 unsigned char md[20])
338 {
339 unsigned char md2[20];
340
341 carp_hmac_generate(sc, counter, md2);
342
343 return (memcmp(md, md2, sizeof(md2)));
344 }
345
346 void
347 carp_setroute(struct carp_softc *sc, int cmd)
348 {
349 struct ifaddr *ifa;
350 int s;
351
352 s = splsoftnet();
353 IFADDR_FOREACH(ifa, &sc->sc_if) {
354 switch (ifa->ifa_addr->sa_family) {
355 case AF_INET: {
356 int count = 0;
357 struct rtentry *rt;
358 int hr_otherif, nr_ourif;
359
360 /*
361 * Avoid screwing with the routes if there are other
362 * carp interfaces which are master and have the same
363 * address.
364 */
365 if (sc->sc_carpdev != NULL &&
366 sc->sc_carpdev->if_carp != NULL) {
367 count = carp_addrcount(
368 (struct carp_if *)sc->sc_carpdev->if_carp,
369 ifatoia(ifa), CARP_COUNT_MASTER);
370 if ((cmd == RTM_ADD && count != 1) ||
371 (cmd == RTM_DELETE && count != 0))
372 continue;
373 }
374
375 /* Remove the existing host route, if any */
376 rtrequest(RTM_DELETE, ifa->ifa_addr,
377 ifa->ifa_addr, ifa->ifa_netmask,
378 RTF_HOST, NULL);
379
380 rt = NULL;
381 (void)rtrequest(RTM_GET, ifa->ifa_addr, ifa->ifa_addr,
382 ifa->ifa_netmask, RTF_HOST, &rt);
383 hr_otherif = (rt && rt->rt_ifp != &sc->sc_if &&
384 rt->rt_flags & (RTF_CLONING|RTF_CLONED));
385 if (rt != NULL) {
386 RTFREE(rt);
387 rt = NULL;
388 }
389
390 /* Check for a network route on our interface */
391
392 rt = NULL;
393 (void)rtrequest(RTM_GET, ifa->ifa_addr, ifa->ifa_addr,
394 ifa->ifa_netmask, 0, &rt);
395 nr_ourif = (rt && rt->rt_ifp == &sc->sc_if);
396
397 switch (cmd) {
398 case RTM_ADD:
399 if (hr_otherif) {
400 ifa->ifa_rtrequest = NULL;
401 ifa->ifa_flags &= ~RTF_CLONING;
402
403 rtrequest(RTM_ADD, ifa->ifa_addr,
404 ifa->ifa_addr, ifa->ifa_netmask,
405 RTF_UP | RTF_HOST, NULL);
406 }
407 if (!hr_otherif || nr_ourif || !rt) {
408 if (nr_ourif && !(rt->rt_flags &
409 RTF_CLONING))
410 rtrequest(RTM_DELETE,
411 ifa->ifa_addr,
412 ifa->ifa_addr,
413 ifa->ifa_netmask, 0, NULL);
414
415 ifa->ifa_rtrequest = arp_rtrequest;
416 ifa->ifa_flags |= RTF_CLONING;
417
418 if (rtrequest(RTM_ADD, ifa->ifa_addr,
419 ifa->ifa_addr, ifa->ifa_netmask, 0,
420 NULL) == 0)
421 ifa->ifa_flags |= IFA_ROUTE;
422 }
423 break;
424 case RTM_DELETE:
425 break;
426 default:
427 break;
428 }
429 if (rt != NULL) {
430 RTFREE(rt);
431 rt = NULL;
432 }
433 break;
434 }
435
436 #ifdef INET6
437 case AF_INET6:
438 if (cmd == RTM_ADD)
439 in6_ifaddloop(ifa);
440 else
441 in6_ifremloop(ifa);
442 break;
443 #endif /* INET6 */
444 default:
445 break;
446 }
447 }
448 splx(s);
449 }
450
451 /*
452 * process input packet.
453 * we have rearranged checks order compared to the rfc,
454 * but it seems more efficient this way or not possible otherwise.
455 */
456 void
457 carp_proto_input(struct mbuf *m, ...)
458 {
459 struct ip *ip = mtod(m, struct ip *);
460 struct carp_softc *sc = NULL;
461 struct carp_header *ch;
462 int iplen, len, hlen;
463 va_list ap;
464
465 va_start(ap, m);
466 hlen = va_arg(ap, int);
467 va_end(ap);
468
469 CARP_STATINC(CARP_STAT_IPACKETS);
470
471 if (!carp_opts[CARPCTL_ALLOW]) {
472 m_freem(m);
473 return;
474 }
475
476 /* check if received on a valid carp interface */
477 if (m->m_pkthdr.rcvif->if_type != IFT_CARP) {
478 CARP_STATINC(CARP_STAT_BADIF);
479 CARP_LOG(sc, ("packet received on non-carp interface: %s",
480 m->m_pkthdr.rcvif->if_xname));
481 m_freem(m);
482 return;
483 }
484
485 /* verify that the IP TTL is 255. */
486 if (ip->ip_ttl != CARP_DFLTTL) {
487 CARP_STATINC(CARP_STAT_BADTTL);
488 CARP_LOG(sc, ("received ttl %d != %d on %s", ip->ip_ttl,
489 CARP_DFLTTL, m->m_pkthdr.rcvif->if_xname));
490 m_freem(m);
491 return;
492 }
493
494 /*
495 * verify that the received packet length is
496 * equal to the CARP header
497 */
498 iplen = ip->ip_hl << 2;
499 len = iplen + sizeof(*ch);
500 if (len > m->m_pkthdr.len) {
501 CARP_STATINC(CARP_STAT_BADLEN);
502 CARP_LOG(sc, ("packet too short %d on %s", m->m_pkthdr.len,
503 m->m_pkthdr.rcvif->if_xname));
504 m_freem(m);
505 return;
506 }
507
508 if ((m = m_pullup(m, len)) == NULL) {
509 CARP_STATINC(CARP_STAT_HDROPS);
510 return;
511 }
512 ip = mtod(m, struct ip *);
513 ch = (struct carp_header *)((char *)ip + iplen);
514 /* verify the CARP checksum */
515 m->m_data += iplen;
516 if (carp_cksum(m, len - iplen)) {
517 CARP_STATINC(CARP_STAT_BADSUM);
518 CARP_LOG(sc, ("checksum failed on %s",
519 m->m_pkthdr.rcvif->if_xname));
520 m_freem(m);
521 return;
522 }
523 m->m_data -= iplen;
524
525 carp_proto_input_c(m, ch, AF_INET);
526 }
527
528 #ifdef INET6
529 int
530 carp6_proto_input(struct mbuf **mp, int *offp, int proto)
531 {
532 struct mbuf *m = *mp;
533 struct carp_softc *sc = NULL;
534 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
535 struct carp_header *ch;
536 u_int len;
537
538 CARP_STATINC(CARP_STAT_IPACKETS6);
539
540 if (!carp_opts[CARPCTL_ALLOW]) {
541 m_freem(m);
542 return (IPPROTO_DONE);
543 }
544
545 /* check if received on a valid carp interface */
546 if (m->m_pkthdr.rcvif->if_type != IFT_CARP) {
547 CARP_STATINC(CARP_STAT_BADIF);
548 CARP_LOG(sc, ("packet received on non-carp interface: %s",
549 m->m_pkthdr.rcvif->if_xname));
550 m_freem(m);
551 return (IPPROTO_DONE);
552 }
553
554 /* verify that the IP TTL is 255 */
555 if (ip6->ip6_hlim != CARP_DFLTTL) {
556 CARP_STATINC(CARP_STAT_BADTTL);
557 CARP_LOG(sc, ("received ttl %d != %d on %s", ip6->ip6_hlim,
558 CARP_DFLTTL, m->m_pkthdr.rcvif->if_xname));
559 m_freem(m);
560 return (IPPROTO_DONE);
561 }
562
563 /* verify that we have a complete carp packet */
564 len = m->m_len;
565 IP6_EXTHDR_GET(ch, struct carp_header *, m, *offp, sizeof(*ch));
566 if (ch == NULL) {
567 CARP_STATINC(CARP_STAT_BADLEN);
568 CARP_LOG(sc, ("packet size %u too small", len));
569 return (IPPROTO_DONE);
570 }
571
572
573 /* verify the CARP checksum */
574 m->m_data += *offp;
575 if (carp_cksum(m, sizeof(*ch))) {
576 CARP_STATINC(CARP_STAT_BADSUM);
577 CARP_LOG(sc, ("checksum failed, on %s",
578 m->m_pkthdr.rcvif->if_xname));
579 m_freem(m);
580 return (IPPROTO_DONE);
581 }
582 m->m_data -= *offp;
583
584 carp_proto_input_c(m, ch, AF_INET6);
585 return (IPPROTO_DONE);
586 }
587 #endif /* INET6 */
588
589 void
590 carp_proto_input_c(struct mbuf *m, struct carp_header *ch, sa_family_t af)
591 {
592 struct carp_softc *sc;
593 u_int64_t tmp_counter;
594 struct timeval sc_tv, ch_tv;
595
596 TAILQ_FOREACH(sc, &((struct carp_if *)
597 m->m_pkthdr.rcvif->if_carpdev->if_carp)->vhif_vrs, sc_list)
598 if (sc->sc_vhid == ch->carp_vhid)
599 break;
600
601 if (!sc || (sc->sc_if.if_flags & (IFF_UP|IFF_RUNNING)) !=
602 (IFF_UP|IFF_RUNNING)) {
603 CARP_STATINC(CARP_STAT_BADVHID);
604 m_freem(m);
605 return;
606 }
607
608 /*
609 * Check if our own advertisement was duplicated
610 * from a non simplex interface.
611 * XXX If there is no address on our physical interface
612 * there is no way to distinguish our ads from the ones
613 * another carp host might have sent us.
614 */
615 if ((sc->sc_carpdev->if_flags & IFF_SIMPLEX) == 0) {
616 struct sockaddr sa;
617 struct ifaddr *ifa;
618
619 memset(&sa, 0, sizeof(sa));
620 sa.sa_family = af;
621 ifa = ifaof_ifpforaddr(&sa, sc->sc_carpdev);
622
623 if (ifa && af == AF_INET) {
624 struct ip *ip = mtod(m, struct ip *);
625 if (ip->ip_src.s_addr ==
626 ifatoia(ifa)->ia_addr.sin_addr.s_addr) {
627 m_freem(m);
628 return;
629 }
630 }
631 #ifdef INET6
632 if (ifa && af == AF_INET6) {
633 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
634 struct in6_addr in6_src, in6_found;
635
636 in6_src = ip6->ip6_src;
637 in6_found = ifatoia6(ifa)->ia_addr.sin6_addr;
638 if (IN6_IS_ADDR_LINKLOCAL(&in6_src))
639 in6_src.s6_addr16[1] = 0;
640 if (IN6_IS_ADDR_LINKLOCAL(&in6_found))
641 in6_found.s6_addr16[1] = 0;
642 if (IN6_ARE_ADDR_EQUAL(&in6_src, &in6_found)) {
643 m_freem(m);
644 return;
645 }
646 }
647 #endif /* INET6 */
648 }
649
650 nanotime(&sc->sc_if.if_lastchange);
651 sc->sc_if.if_ipackets++;
652 sc->sc_if.if_ibytes += m->m_pkthdr.len;
653
654 /* verify the CARP version. */
655 if (ch->carp_version != CARP_VERSION) {
656 CARP_STATINC(CARP_STAT_BADVER);
657 sc->sc_if.if_ierrors++;
658 CARP_LOG(sc, ("invalid version %d != %d",
659 ch->carp_version, CARP_VERSION));
660 m_freem(m);
661 return;
662 }
663
664 /* verify the hash */
665 if (carp_hmac_verify(sc, ch->carp_counter, ch->carp_md)) {
666 CARP_STATINC(CARP_STAT_BADAUTH);
667 sc->sc_if.if_ierrors++;
668 CARP_LOG(sc, ("incorrect hash"));
669 m_freem(m);
670 return;
671 }
672
673 tmp_counter = ntohl(ch->carp_counter[0]);
674 tmp_counter = tmp_counter<<32;
675 tmp_counter += ntohl(ch->carp_counter[1]);
676
677 /* XXX Replay protection goes here */
678
679 sc->sc_init_counter = 0;
680 sc->sc_counter = tmp_counter;
681
682
683 sc_tv.tv_sec = sc->sc_advbase;
684 if (carp_suppress_preempt && sc->sc_advskew < 240)
685 sc_tv.tv_usec = 240 * 1000000 / 256;
686 else
687 sc_tv.tv_usec = sc->sc_advskew * 1000000 / 256;
688 ch_tv.tv_sec = ch->carp_advbase;
689 ch_tv.tv_usec = ch->carp_advskew * 1000000 / 256;
690
691 switch (sc->sc_state) {
692 case INIT:
693 break;
694 case MASTER:
695 /*
696 * If we receive an advertisement from a backup who's going to
697 * be more frequent than us, go into BACKUP state.
698 */
699 if (timercmp(&sc_tv, &ch_tv, >) ||
700 timercmp(&sc_tv, &ch_tv, ==)) {
701 callout_stop(&sc->sc_ad_tmo);
702 CARP_LOG(sc, ("MASTER -> BACKUP (more frequent advertisement received)"));
703 carp_set_state(sc, BACKUP);
704 carp_setrun(sc, 0);
705 carp_setroute(sc, RTM_DELETE);
706 }
707 break;
708 case BACKUP:
709 /*
710 * If we're pre-empting masters who advertise slower than us,
711 * and this one claims to be slower, treat him as down.
712 */
713 if (carp_opts[CARPCTL_PREEMPT] && timercmp(&sc_tv, &ch_tv, <)) {
714 CARP_LOG(sc, ("BACKUP -> MASTER (preempting a slower master)"));
715 carp_master_down(sc);
716 break;
717 }
718
719 /*
720 * If the master is going to advertise at such a low frequency
721 * that he's guaranteed to time out, we'd might as well just
722 * treat him as timed out now.
723 */
724 sc_tv.tv_sec = sc->sc_advbase * 3;
725 if (timercmp(&sc_tv, &ch_tv, <)) {
726 CARP_LOG(sc, ("BACKUP -> MASTER (master timed out)"));
727 carp_master_down(sc);
728 break;
729 }
730
731 /*
732 * Otherwise, we reset the counter and wait for the next
733 * advertisement.
734 */
735 carp_setrun(sc, af);
736 break;
737 }
738
739 m_freem(m);
740 return;
741 }
742
743 /*
744 * Interface side of the CARP implementation.
745 */
746
747 /* ARGSUSED */
748 void
749 carpattach(int n)
750 {
751 if_clone_attach(&carp_cloner);
752
753 carpstat_percpu = percpu_alloc(sizeof(uint64_t) * CARP_NSTATS);
754 }
755
756 int
757 carp_clone_create(struct if_clone *ifc, int unit)
758 {
759 extern int ifqmaxlen;
760 struct carp_softc *sc;
761 struct ifnet *ifp;
762
763 sc = malloc(sizeof(*sc), M_DEVBUF, M_NOWAIT|M_ZERO);
764 if (!sc)
765 return (ENOMEM);
766
767 sc->sc_suppress = 0;
768 sc->sc_advbase = CARP_DFLTINTV;
769 sc->sc_vhid = -1; /* required setting */
770 sc->sc_advskew = 0;
771 sc->sc_init_counter = 1;
772 sc->sc_naddrs = sc->sc_naddrs6 = 0;
773 #ifdef INET6
774 sc->sc_im6o.im6o_multicast_hlim = CARP_DFLTTL;
775 #endif /* INET6 */
776
777 callout_init(&sc->sc_ad_tmo, 0);
778 callout_init(&sc->sc_md_tmo, 0);
779 callout_init(&sc->sc_md6_tmo, 0);
780
781 callout_setfunc(&sc->sc_ad_tmo, carp_send_ad, sc);
782 callout_setfunc(&sc->sc_md_tmo, carp_master_down, sc);
783 callout_setfunc(&sc->sc_md6_tmo, carp_master_down, sc);
784
785 LIST_INIT(&sc->carp_mc_listhead);
786 ifp = &sc->sc_if;
787 ifp->if_softc = sc;
788 snprintf(ifp->if_xname, sizeof ifp->if_xname, "%s%d", ifc->ifc_name,
789 unit);
790 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
791 ifp->if_ioctl = carp_ioctl;
792 ifp->if_start = carp_start;
793 ifp->if_output = carp_output;
794 ifp->if_type = IFT_CARP;
795 ifp->if_addrlen = ETHER_ADDR_LEN;
796 ifp->if_hdrlen = ETHER_HDR_LEN;
797 ifp->if_mtu = ETHERMTU;
798 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
799 IFQ_SET_READY(&ifp->if_snd);
800 if_attach(ifp);
801
802 if_alloc_sadl(ifp);
803 ifp->if_broadcastaddr = etherbroadcastaddr;
804 carp_set_enaddr(sc);
805 LIST_INIT(&sc->sc_ac.ec_multiaddrs);
806 #if NBPFILTER > 0
807 bpfattach(ifp, DLT_EN10MB, ETHER_HDR_LEN);
808 #endif
809 return (0);
810 }
811
812 int
813 carp_clone_destroy(struct ifnet *ifp)
814 {
815 struct carp_softc *sc = ifp->if_softc;
816
817 carpdetach(ifp->if_softc);
818 ether_ifdetach(ifp);
819 if_detach(ifp);
820 callout_destroy(&sc->sc_ad_tmo);
821 callout_destroy(&sc->sc_md_tmo);
822 callout_destroy(&sc->sc_md6_tmo);
823 free(ifp->if_softc, M_DEVBUF);
824
825 return (0);
826 }
827
828 void
829 carpdetach(struct carp_softc *sc)
830 {
831 struct carp_if *cif;
832 int s;
833
834 callout_stop(&sc->sc_ad_tmo);
835 callout_stop(&sc->sc_md_tmo);
836 callout_stop(&sc->sc_md6_tmo);
837
838 if (sc->sc_suppress)
839 carp_suppress_preempt--;
840 sc->sc_suppress = 0;
841
842 if (sc->sc_sendad_errors >= CARP_SENDAD_MAX_ERRORS)
843 carp_suppress_preempt--;
844 sc->sc_sendad_errors = 0;
845
846 carp_set_state(sc, INIT);
847 sc->sc_if.if_flags &= ~IFF_UP;
848 carp_setrun(sc, 0);
849 carp_multicast_cleanup(sc);
850
851 s = splnet();
852 if (sc->sc_carpdev != NULL) {
853 /* XXX linkstatehook removal */
854 cif = (struct carp_if *)sc->sc_carpdev->if_carp;
855 TAILQ_REMOVE(&cif->vhif_vrs, sc, sc_list);
856 if (!--cif->vhif_nvrs) {
857 ifpromisc(sc->sc_carpdev, 0);
858 sc->sc_carpdev->if_carp = NULL;
859 free(cif, M_IFADDR);
860 }
861 }
862 sc->sc_carpdev = NULL;
863 splx(s);
864 }
865
866 /* Detach an interface from the carp. */
867 void
868 carp_ifdetach(struct ifnet *ifp)
869 {
870 struct carp_softc *sc, *nextsc;
871 struct carp_if *cif = (struct carp_if *)ifp->if_carp;
872
873 for (sc = TAILQ_FIRST(&cif->vhif_vrs); sc; sc = nextsc) {
874 nextsc = TAILQ_NEXT(sc, sc_list);
875 carpdetach(sc);
876 }
877 }
878
879 int
880 carp_prepare_ad(struct mbuf *m, struct carp_softc *sc,
881 struct carp_header *ch)
882 {
883 if (sc->sc_init_counter) {
884 /* this could also be seconds since unix epoch */
885 sc->sc_counter = arc4random();
886 sc->sc_counter = sc->sc_counter << 32;
887 sc->sc_counter += arc4random();
888 } else
889 sc->sc_counter++;
890
891 ch->carp_counter[0] = htonl((sc->sc_counter>>32)&0xffffffff);
892 ch->carp_counter[1] = htonl(sc->sc_counter&0xffffffff);
893
894 carp_hmac_generate(sc, ch->carp_counter, ch->carp_md);
895
896 return (0);
897 }
898
899 void
900 carp_send_ad_all(void)
901 {
902 struct ifnet *ifp;
903 struct carp_if *cif;
904 struct carp_softc *vh;
905
906 TAILQ_FOREACH(ifp, &ifnet, if_list) {
907 if (ifp->if_carp == NULL || ifp->if_type == IFT_CARP)
908 continue;
909
910 cif = (struct carp_if *)ifp->if_carp;
911 TAILQ_FOREACH(vh, &cif->vhif_vrs, sc_list) {
912 if ((vh->sc_if.if_flags & (IFF_UP|IFF_RUNNING)) ==
913 (IFF_UP|IFF_RUNNING) && vh->sc_state == MASTER)
914 carp_send_ad(vh);
915 }
916 }
917 }
918
919
920 void
921 carp_send_ad(void *v)
922 {
923 struct carp_header ch;
924 struct timeval tv;
925 struct carp_softc *sc = v;
926 struct carp_header *ch_ptr;
927 struct mbuf *m;
928 int error, len, advbase, advskew, s;
929 struct ifaddr *ifa;
930 struct sockaddr sa;
931
932 s = splsoftnet();
933
934 advbase = advskew = 0; /* Sssssh compiler */
935 if (sc->sc_carpdev == NULL) {
936 sc->sc_if.if_oerrors++;
937 goto retry_later;
938 }
939
940 /* bow out if we've gone to backup (the carp interface is going down) */
941 if (sc->sc_bow_out) {
942 sc->sc_bow_out = 0;
943 advbase = 255;
944 advskew = 255;
945 } else {
946 advbase = sc->sc_advbase;
947 if (!carp_suppress_preempt || sc->sc_advskew > 240)
948 advskew = sc->sc_advskew;
949 else
950 advskew = 240;
951 tv.tv_sec = advbase;
952 tv.tv_usec = advskew * 1000000 / 256;
953 }
954
955 ch.carp_version = CARP_VERSION;
956 ch.carp_type = CARP_ADVERTISEMENT;
957 ch.carp_vhid = sc->sc_vhid;
958 ch.carp_advbase = advbase;
959 ch.carp_advskew = advskew;
960 ch.carp_authlen = 7; /* XXX DEFINE */
961 ch.carp_pad1 = 0; /* must be zero */
962 ch.carp_cksum = 0;
963
964
965 #ifdef INET
966 if (sc->sc_naddrs) {
967 struct ip *ip;
968
969 MGETHDR(m, M_DONTWAIT, MT_HEADER);
970 if (m == NULL) {
971 sc->sc_if.if_oerrors++;
972 CARP_STATINC(CARP_STAT_ONOMEM);
973 /* XXX maybe less ? */
974 goto retry_later;
975 }
976 len = sizeof(*ip) + sizeof(ch);
977 m->m_pkthdr.len = len;
978 m->m_pkthdr.rcvif = NULL;
979 m->m_len = len;
980 MH_ALIGN(m, m->m_len);
981 m->m_flags |= M_MCAST;
982 ip = mtod(m, struct ip *);
983 ip->ip_v = IPVERSION;
984 ip->ip_hl = sizeof(*ip) >> 2;
985 ip->ip_tos = IPTOS_LOWDELAY;
986 ip->ip_len = htons(len);
987 ip->ip_id = 0; /* no need for id, we don't support fragments */
988 ip->ip_off = htons(IP_DF);
989 ip->ip_ttl = CARP_DFLTTL;
990 ip->ip_p = IPPROTO_CARP;
991 ip->ip_sum = 0;
992
993 memset(&sa, 0, sizeof(sa));
994 sa.sa_family = AF_INET;
995 ifa = ifaof_ifpforaddr(&sa, sc->sc_carpdev);
996 if (ifa == NULL)
997 ip->ip_src.s_addr = 0;
998 else
999 ip->ip_src.s_addr =
1000 ifatoia(ifa)->ia_addr.sin_addr.s_addr;
1001 ip->ip_dst.s_addr = INADDR_CARP_GROUP;
1002
1003 ch_ptr = (struct carp_header *)(&ip[1]);
1004 memcpy(ch_ptr, &ch, sizeof(ch));
1005 if (carp_prepare_ad(m, sc, ch_ptr))
1006 goto retry_later;
1007
1008 m->m_data += sizeof(*ip);
1009 ch_ptr->carp_cksum = carp_cksum(m, len - sizeof(*ip));
1010 m->m_data -= sizeof(*ip);
1011
1012 nanotime(&sc->sc_if.if_lastchange);
1013 sc->sc_if.if_opackets++;
1014 sc->sc_if.if_obytes += len;
1015 CARP_STATINC(CARP_STAT_OPACKETS);
1016
1017 error = ip_output(m, NULL, NULL, IP_RAWOUTPUT, &sc->sc_imo,
1018 NULL);
1019 if (error) {
1020 if (error == ENOBUFS)
1021 CARP_STATINC(CARP_STAT_ONOMEM);
1022 else
1023 CARP_LOG(sc, ("ip_output failed: %d", error));
1024 sc->sc_if.if_oerrors++;
1025 if (sc->sc_sendad_errors < INT_MAX)
1026 sc->sc_sendad_errors++;
1027 if (sc->sc_sendad_errors == CARP_SENDAD_MAX_ERRORS) {
1028 carp_suppress_preempt++;
1029 if (carp_suppress_preempt == 1)
1030 carp_send_ad_all();
1031 }
1032 sc->sc_sendad_success = 0;
1033 } else {
1034 if (sc->sc_sendad_errors >= CARP_SENDAD_MAX_ERRORS) {
1035 if (++sc->sc_sendad_success >=
1036 CARP_SENDAD_MIN_SUCCESS) {
1037 carp_suppress_preempt--;
1038 sc->sc_sendad_errors = 0;
1039 }
1040 } else
1041 sc->sc_sendad_errors = 0;
1042 }
1043 }
1044 #endif /* INET */
1045 #ifdef INET6
1046 if (sc->sc_naddrs6) {
1047 struct ip6_hdr *ip6;
1048
1049 MGETHDR(m, M_DONTWAIT, MT_HEADER);
1050 if (m == NULL) {
1051 sc->sc_if.if_oerrors++;
1052 CARP_STATINC(CARP_STAT_ONOMEM);
1053 /* XXX maybe less ? */
1054 goto retry_later;
1055 }
1056 len = sizeof(*ip6) + sizeof(ch);
1057 m->m_pkthdr.len = len;
1058 m->m_pkthdr.rcvif = NULL;
1059 m->m_len = len;
1060 MH_ALIGN(m, m->m_len);
1061 m->m_flags |= M_MCAST;
1062 ip6 = mtod(m, struct ip6_hdr *);
1063 memset(ip6, 0, sizeof(*ip6));
1064 ip6->ip6_vfc |= IPV6_VERSION;
1065 ip6->ip6_hlim = CARP_DFLTTL;
1066 ip6->ip6_nxt = IPPROTO_CARP;
1067
1068 /* set the source address */
1069 memset(&sa, 0, sizeof(sa));
1070 sa.sa_family = AF_INET6;
1071 ifa = ifaof_ifpforaddr(&sa, sc->sc_carpdev);
1072 if (ifa == NULL) /* This should never happen with IPv6 */
1073 memset(&ip6->ip6_src, 0, sizeof(struct in6_addr));
1074 else
1075 bcopy(ifatoia6(ifa)->ia_addr.sin6_addr.s6_addr,
1076 &ip6->ip6_src, sizeof(struct in6_addr));
1077 /* set the multicast destination */
1078
1079 ip6->ip6_dst.s6_addr16[0] = htons(0xff02);
1080 ip6->ip6_dst.s6_addr8[15] = 0x12;
1081 if (in6_setscope(&ip6->ip6_dst, sc->sc_carpdev, NULL) != 0) {
1082 sc->sc_if.if_oerrors++;
1083 m_freem(m);
1084 CARP_LOG(sc, ("in6_setscope failed"));
1085 goto retry_later;
1086 }
1087
1088 ch_ptr = (struct carp_header *)(&ip6[1]);
1089 memcpy(ch_ptr, &ch, sizeof(ch));
1090 if (carp_prepare_ad(m, sc, ch_ptr))
1091 goto retry_later;
1092
1093 m->m_data += sizeof(*ip6);
1094 ch_ptr->carp_cksum = carp_cksum(m, len - sizeof(*ip6));
1095 m->m_data -= sizeof(*ip6);
1096
1097 nanotime(&sc->sc_if.if_lastchange);
1098 sc->sc_if.if_opackets++;
1099 sc->sc_if.if_obytes += len;
1100 CARP_STATINC(CARP_STAT_OPACKETS6);
1101
1102 error = ip6_output(m, NULL, NULL, 0, &sc->sc_im6o, NULL, NULL);
1103 if (error) {
1104 if (error == ENOBUFS)
1105 CARP_STATINC(CARP_STAT_ONOMEM);
1106 else
1107 CARP_LOG(sc, ("ip6_output failed: %d", error));
1108 sc->sc_if.if_oerrors++;
1109 if (sc->sc_sendad_errors < INT_MAX)
1110 sc->sc_sendad_errors++;
1111 if (sc->sc_sendad_errors == CARP_SENDAD_MAX_ERRORS) {
1112 carp_suppress_preempt++;
1113 if (carp_suppress_preempt == 1)
1114 carp_send_ad_all();
1115 }
1116 sc->sc_sendad_success = 0;
1117 } else {
1118 if (sc->sc_sendad_errors >= CARP_SENDAD_MAX_ERRORS) {
1119 if (++sc->sc_sendad_success >=
1120 CARP_SENDAD_MIN_SUCCESS) {
1121 carp_suppress_preempt--;
1122 sc->sc_sendad_errors = 0;
1123 }
1124 } else
1125 sc->sc_sendad_errors = 0;
1126 }
1127 }
1128 #endif /* INET6 */
1129
1130 retry_later:
1131 splx(s);
1132 if (advbase != 255 || advskew != 255)
1133 callout_schedule(&sc->sc_ad_tmo, tvtohz(&tv));
1134 }
1135
1136 /*
1137 * Broadcast a gratuitous ARP request containing
1138 * the virtual router MAC address for each IP address
1139 * associated with the virtual router.
1140 */
1141 void
1142 carp_send_arp(struct carp_softc *sc)
1143 {
1144 struct ifaddr *ifa;
1145 struct in_addr *in;
1146 int s = splsoftnet();
1147
1148 IFADDR_FOREACH(ifa, &sc->sc_if) {
1149
1150 if (ifa->ifa_addr->sa_family != AF_INET)
1151 continue;
1152
1153 in = &ifatoia(ifa)->ia_addr.sin_addr;
1154 arprequest(sc->sc_carpdev, in, in, CLLADDR(sc->sc_if.if_sadl));
1155 DELAY(1000); /* XXX */
1156 }
1157 splx(s);
1158 }
1159
1160 #ifdef INET6
1161 void
1162 carp_send_na(struct carp_softc *sc)
1163 {
1164 struct ifaddr *ifa;
1165 struct in6_addr *in6;
1166 static struct in6_addr mcast = IN6ADDR_LINKLOCAL_ALLNODES_INIT;
1167 int s = splsoftnet();
1168
1169 IFADDR_FOREACH(ifa, &sc->sc_if) {
1170
1171 if (ifa->ifa_addr->sa_family != AF_INET6)
1172 continue;
1173
1174 in6 = &ifatoia6(ifa)->ia_addr.sin6_addr;
1175 nd6_na_output(sc->sc_carpdev, &mcast, in6,
1176 ND_NA_FLAG_OVERRIDE, 1, NULL);
1177 DELAY(1000); /* XXX */
1178 }
1179 splx(s);
1180 }
1181 #endif /* INET6 */
1182
1183 /*
1184 * Based on bridge_hash() in if_bridge.c
1185 */
1186 #define mix(a,b,c) \
1187 do { \
1188 a -= b; a -= c; a ^= (c >> 13); \
1189 b -= c; b -= a; b ^= (a << 8); \
1190 c -= a; c -= b; c ^= (b >> 13); \
1191 a -= b; a -= c; a ^= (c >> 12); \
1192 b -= c; b -= a; b ^= (a << 16); \
1193 c -= a; c -= b; c ^= (b >> 5); \
1194 a -= b; a -= c; a ^= (c >> 3); \
1195 b -= c; b -= a; b ^= (a << 10); \
1196 c -= a; c -= b; c ^= (b >> 15); \
1197 } while (0)
1198
1199 u_int32_t
1200 carp_hash(struct carp_softc *sc, u_char *src)
1201 {
1202 u_int32_t a = 0x9e3779b9, b = sc->sc_hashkey[0], c = sc->sc_hashkey[1];
1203
1204 c += sc->sc_key[3] << 24;
1205 c += sc->sc_key[2] << 16;
1206 c += sc->sc_key[1] << 8;
1207 c += sc->sc_key[0];
1208 b += src[5] << 8;
1209 b += src[4];
1210 a += src[3] << 24;
1211 a += src[2] << 16;
1212 a += src[1] << 8;
1213 a += src[0];
1214
1215 mix(a, b, c);
1216 return (c);
1217 }
1218
1219 int
1220 carp_addrcount(struct carp_if *cif, struct in_ifaddr *ia, int type)
1221 {
1222 struct carp_softc *vh;
1223 struct ifaddr *ifa;
1224 int count = 0;
1225
1226 TAILQ_FOREACH(vh, &cif->vhif_vrs, sc_list) {
1227 if ((type == CARP_COUNT_RUNNING &&
1228 (vh->sc_if.if_flags & (IFF_UP|IFF_RUNNING)) ==
1229 (IFF_UP|IFF_RUNNING)) ||
1230 (type == CARP_COUNT_MASTER && vh->sc_state == MASTER)) {
1231 IFADDR_FOREACH(ifa, &vh->sc_if) {
1232 if (ifa->ifa_addr->sa_family == AF_INET &&
1233 ia->ia_addr.sin_addr.s_addr ==
1234 ifatoia(ifa)->ia_addr.sin_addr.s_addr)
1235 count++;
1236 }
1237 }
1238 }
1239 return (count);
1240 }
1241
1242 int
1243 carp_iamatch(struct in_ifaddr *ia, u_char *src,
1244 u_int32_t *count, u_int32_t index)
1245 {
1246 struct carp_softc *sc = ia->ia_ifp->if_softc;
1247
1248 if (carp_opts[CARPCTL_ARPBALANCE]) {
1249 /*
1250 * We use the source ip to decide which virtual host should
1251 * handle the request. If we're master of that virtual host,
1252 * then we respond, otherwise, just drop the arp packet on
1253 * the floor.
1254 */
1255
1256 /* Count the elegible carp interfaces with this address */
1257 if (*count == 0)
1258 *count = carp_addrcount(
1259 (struct carp_if *)ia->ia_ifp->if_carpdev->if_carp,
1260 ia, CARP_COUNT_RUNNING);
1261
1262 /* This should never happen, but... */
1263 if (*count == 0)
1264 return (0);
1265
1266 if (carp_hash(sc, src) % *count == index - 1 &&
1267 sc->sc_state == MASTER) {
1268 return (1);
1269 }
1270 } else {
1271 if (sc->sc_state == MASTER)
1272 return (1);
1273 }
1274
1275 return (0);
1276 }
1277
1278 #ifdef INET6
1279 struct ifaddr *
1280 carp_iamatch6(void *v, struct in6_addr *taddr)
1281 {
1282 struct carp_if *cif = v;
1283 struct carp_softc *vh;
1284 struct ifaddr *ifa;
1285
1286 TAILQ_FOREACH(vh, &cif->vhif_vrs, sc_list) {
1287 IFADDR_FOREACH(ifa, &vh->sc_if) {
1288 if (IN6_ARE_ADDR_EQUAL(taddr,
1289 &ifatoia6(ifa)->ia_addr.sin6_addr) &&
1290 ((vh->sc_if.if_flags & (IFF_UP|IFF_RUNNING)) ==
1291 (IFF_UP|IFF_RUNNING)) && vh->sc_state == MASTER)
1292 return (ifa);
1293 }
1294 }
1295
1296 return (NULL);
1297 }
1298 #endif /* INET6 */
1299
1300 struct ifnet *
1301 carp_ourether(void *v, struct ether_header *eh, u_char iftype, int src)
1302 {
1303 struct carp_if *cif = (struct carp_if *)v;
1304 struct carp_softc *vh;
1305 u_int8_t *ena;
1306
1307 if (src)
1308 ena = (u_int8_t *)&eh->ether_shost;
1309 else
1310 ena = (u_int8_t *)&eh->ether_dhost;
1311
1312 switch (iftype) {
1313 case IFT_ETHER:
1314 case IFT_FDDI:
1315 if (ena[0] || ena[1] || ena[2] != 0x5e || ena[3] || ena[4] != 1)
1316 return (NULL);
1317 break;
1318 case IFT_ISO88025:
1319 if (ena[0] != 3 || ena[1] || ena[4] || ena[5])
1320 return (NULL);
1321 break;
1322 default:
1323 return (NULL);
1324 break;
1325 }
1326
1327 TAILQ_FOREACH(vh, &cif->vhif_vrs, sc_list)
1328 if ((vh->sc_if.if_flags & (IFF_UP|IFF_RUNNING)) ==
1329 (IFF_UP|IFF_RUNNING) && vh->sc_state == MASTER &&
1330 !memcmp(ena, CLLADDR(vh->sc_if.if_sadl),
1331 ETHER_ADDR_LEN)) {
1332 return (&vh->sc_if);
1333 }
1334
1335 return (NULL);
1336 }
1337
1338 int
1339 carp_input(struct mbuf *m, u_int8_t *shost, u_int8_t *dhost, u_int16_t etype)
1340 {
1341 struct ether_header eh;
1342 struct carp_if *cif = (struct carp_if *)m->m_pkthdr.rcvif->if_carp;
1343 struct ifnet *ifp;
1344
1345 memcpy(&eh.ether_shost, shost, sizeof(eh.ether_shost));
1346 memcpy(&eh.ether_dhost, dhost, sizeof(eh.ether_dhost));
1347 eh.ether_type = etype;
1348
1349 if (m->m_flags & (M_BCAST|M_MCAST)) {
1350 struct carp_softc *vh;
1351 struct mbuf *m0;
1352
1353 /*
1354 * XXX Should really check the list of multicast addresses
1355 * for each CARP interface _before_ copying.
1356 */
1357 TAILQ_FOREACH(vh, &cif->vhif_vrs, sc_list) {
1358 m0 = m_copym(m, 0, M_COPYALL, M_DONTWAIT);
1359 if (m0 == NULL)
1360 continue;
1361 m0->m_pkthdr.rcvif = &vh->sc_if;
1362 ether_input(&vh->sc_if, m0);
1363 }
1364 return (1);
1365 }
1366
1367 ifp = carp_ourether(cif, &eh, m->m_pkthdr.rcvif->if_type, 0);
1368 if (ifp == NULL) {
1369 return (1);
1370 }
1371
1372 m->m_pkthdr.rcvif = ifp;
1373
1374 #if NBPFILTER > 0
1375 if (ifp->if_bpf)
1376 bpf_mtap(ifp->if_bpf, m);
1377 #endif
1378 ifp->if_ipackets++;
1379 ether_input(ifp, m);
1380 return (0);
1381 }
1382
1383 void
1384 carp_master_down(void *v)
1385 {
1386 struct carp_softc *sc = v;
1387
1388 switch (sc->sc_state) {
1389 case INIT:
1390 printf("%s: master_down event in INIT state\n",
1391 sc->sc_if.if_xname);
1392 break;
1393 case MASTER:
1394 break;
1395 case BACKUP:
1396 CARP_LOG(sc, ("INIT -> MASTER (preempting)"));
1397 carp_set_state(sc, MASTER);
1398 carp_send_ad(sc);
1399 carp_send_arp(sc);
1400 #ifdef INET6
1401 carp_send_na(sc);
1402 #endif /* INET6 */
1403 carp_setrun(sc, 0);
1404 carp_setroute(sc, RTM_ADD);
1405 break;
1406 }
1407 }
1408
1409 /*
1410 * When in backup state, af indicates whether to reset the master down timer
1411 * for v4 or v6. If it's set to zero, reset the ones which are already pending.
1412 */
1413 void
1414 carp_setrun(struct carp_softc *sc, sa_family_t af)
1415 {
1416 struct timeval tv;
1417
1418 if (sc->sc_carpdev == NULL) {
1419 sc->sc_if.if_flags &= ~IFF_RUNNING;
1420 carp_set_state(sc, INIT);
1421 return;
1422 }
1423
1424 if (sc->sc_if.if_flags & IFF_UP && sc->sc_vhid > 0 &&
1425 (sc->sc_naddrs || sc->sc_naddrs6) && !sc->sc_suppress) {
1426 sc->sc_if.if_flags |= IFF_RUNNING;
1427 } else {
1428 sc->sc_if.if_flags &= ~IFF_RUNNING;
1429 carp_setroute(sc, RTM_DELETE);
1430 return;
1431 }
1432
1433 switch (sc->sc_state) {
1434 case INIT:
1435 carp_set_state(sc, BACKUP);
1436 carp_setroute(sc, RTM_DELETE);
1437 carp_setrun(sc, 0);
1438 break;
1439 case BACKUP:
1440 callout_stop(&sc->sc_ad_tmo);
1441 tv.tv_sec = 3 * sc->sc_advbase;
1442 tv.tv_usec = sc->sc_advskew * 1000000 / 256;
1443 switch (af) {
1444 #ifdef INET
1445 case AF_INET:
1446 callout_schedule(&sc->sc_md_tmo, tvtohz(&tv));
1447 break;
1448 #endif /* INET */
1449 #ifdef INET6
1450 case AF_INET6:
1451 callout_schedule(&sc->sc_md6_tmo, tvtohz(&tv));
1452 break;
1453 #endif /* INET6 */
1454 default:
1455 if (sc->sc_naddrs)
1456 callout_schedule(&sc->sc_md_tmo, tvtohz(&tv));
1457 if (sc->sc_naddrs6)
1458 callout_schedule(&sc->sc_md6_tmo, tvtohz(&tv));
1459 break;
1460 }
1461 break;
1462 case MASTER:
1463 tv.tv_sec = sc->sc_advbase;
1464 tv.tv_usec = sc->sc_advskew * 1000000 / 256;
1465 callout_schedule(&sc->sc_ad_tmo, tvtohz(&tv));
1466 break;
1467 }
1468 }
1469
1470 void
1471 carp_multicast_cleanup(struct carp_softc *sc)
1472 {
1473 struct ip_moptions *imo = &sc->sc_imo;
1474 #ifdef INET6
1475 struct ip6_moptions *im6o = &sc->sc_im6o;
1476 #endif
1477 u_int16_t n = imo->imo_num_memberships;
1478
1479 /* Clean up our own multicast memberships */
1480 while (n-- > 0) {
1481 if (imo->imo_membership[n] != NULL) {
1482 in_delmulti(imo->imo_membership[n]);
1483 imo->imo_membership[n] = NULL;
1484 }
1485 }
1486 imo->imo_num_memberships = 0;
1487 imo->imo_multicast_ifp = NULL;
1488
1489 #ifdef INET6
1490 while (!LIST_EMPTY(&im6o->im6o_memberships)) {
1491 struct in6_multi_mship *imm =
1492 LIST_FIRST(&im6o->im6o_memberships);
1493
1494 LIST_REMOVE(imm, i6mm_chain);
1495 in6_leavegroup(imm);
1496 }
1497 im6o->im6o_multicast_ifp = NULL;
1498 #endif
1499
1500 /* And any other multicast memberships */
1501 carp_ether_purgemulti(sc);
1502 }
1503
1504 int
1505 carp_set_ifp(struct carp_softc *sc, struct ifnet *ifp)
1506 {
1507 struct carp_if *cif, *ncif = NULL;
1508 struct carp_softc *vr, *after = NULL;
1509 int myself = 0, error = 0;
1510 int s;
1511
1512 if (ifp == sc->sc_carpdev)
1513 return (0);
1514
1515 if (ifp != NULL) {
1516 if ((ifp->if_flags & IFF_MULTICAST) == 0)
1517 return (EADDRNOTAVAIL);
1518
1519 if (ifp->if_type == IFT_CARP)
1520 return (EINVAL);
1521
1522 if (ifp->if_carp == NULL) {
1523 ncif = malloc(sizeof(*cif), M_IFADDR, M_NOWAIT);
1524 if (ncif == NULL)
1525 return (ENOBUFS);
1526 if ((error = ifpromisc(ifp, 1))) {
1527 free(ncif, M_IFADDR);
1528 return (error);
1529 }
1530
1531 ncif->vhif_ifp = ifp;
1532 TAILQ_INIT(&ncif->vhif_vrs);
1533 } else {
1534 cif = (struct carp_if *)ifp->if_carp;
1535 TAILQ_FOREACH(vr, &cif->vhif_vrs, sc_list)
1536 if (vr != sc && vr->sc_vhid == sc->sc_vhid)
1537 return (EINVAL);
1538 }
1539
1540 /* detach from old interface */
1541 if (sc->sc_carpdev != NULL)
1542 carpdetach(sc);
1543
1544 /* join multicast groups */
1545 if (sc->sc_naddrs < 0 &&
1546 (error = carp_join_multicast(sc)) != 0) {
1547 if (ncif != NULL)
1548 free(ncif, M_IFADDR);
1549 return (error);
1550 }
1551
1552 #ifdef INET6
1553 if (sc->sc_naddrs6 < 0 &&
1554 (error = carp_join_multicast6(sc)) != 0) {
1555 if (ncif != NULL)
1556 free(ncif, M_IFADDR);
1557 carp_multicast_cleanup(sc);
1558 return (error);
1559 }
1560 #endif
1561
1562 /* attach carp interface to physical interface */
1563 if (ncif != NULL)
1564 ifp->if_carp = (void *)ncif;
1565 sc->sc_carpdev = ifp;
1566 cif = (struct carp_if *)ifp->if_carp;
1567 TAILQ_FOREACH(vr, &cif->vhif_vrs, sc_list) {
1568 if (vr == sc)
1569 myself = 1;
1570 if (vr->sc_vhid < sc->sc_vhid)
1571 after = vr;
1572 }
1573
1574 if (!myself) {
1575 /* We're trying to keep things in order */
1576 if (after == NULL) {
1577 TAILQ_INSERT_TAIL(&cif->vhif_vrs, sc, sc_list);
1578 } else {
1579 TAILQ_INSERT_AFTER(&cif->vhif_vrs, after,
1580 sc, sc_list);
1581 }
1582 cif->vhif_nvrs++;
1583 }
1584 if (sc->sc_naddrs || sc->sc_naddrs6)
1585 sc->sc_if.if_flags |= IFF_UP;
1586 carp_set_enaddr(sc);
1587 s = splnet();
1588 /* XXX linkstatehooks establish */
1589 carp_carpdev_state(ifp);
1590 splx(s);
1591 } else {
1592 carpdetach(sc);
1593 sc->sc_if.if_flags &= ~(IFF_UP|IFF_RUNNING);
1594 }
1595 return (0);
1596 }
1597
1598 void
1599 carp_set_enaddr(struct carp_softc *sc)
1600 {
1601 uint8_t enaddr[ETHER_ADDR_LEN];
1602 if (sc->sc_carpdev && sc->sc_carpdev->if_type == IFT_ISO88025) {
1603 enaddr[0] = 3;
1604 enaddr[1] = 0;
1605 enaddr[2] = 0x40 >> (sc->sc_vhid - 1);
1606 enaddr[3] = 0x40000 >> (sc->sc_vhid - 1);
1607 enaddr[4] = 0;
1608 enaddr[5] = 0;
1609 } else {
1610 enaddr[0] = 0;
1611 enaddr[1] = 0;
1612 enaddr[2] = 0x5e;
1613 enaddr[3] = 0;
1614 enaddr[4] = 1;
1615 enaddr[5] = sc->sc_vhid;
1616 }
1617 if_set_sadl(&sc->sc_if, enaddr, sizeof(enaddr), false);
1618 }
1619
1620 void
1621 carp_addr_updated(void *v)
1622 {
1623 struct carp_softc *sc = (struct carp_softc *) v;
1624 struct ifaddr *ifa;
1625 int new_naddrs = 0, new_naddrs6 = 0;
1626
1627 IFADDR_FOREACH(ifa, &sc->sc_if) {
1628 if (ifa->ifa_addr->sa_family == AF_INET)
1629 new_naddrs++;
1630 else if (ifa->ifa_addr->sa_family == AF_INET6)
1631 new_naddrs6++;
1632 }
1633
1634 /* Handle a callback after SIOCDIFADDR */
1635 if (new_naddrs < sc->sc_naddrs || new_naddrs6 < sc->sc_naddrs6) {
1636 struct in_addr mc_addr;
1637 struct in_multi *inm;
1638
1639 sc->sc_naddrs = new_naddrs;
1640 sc->sc_naddrs6 = new_naddrs6;
1641
1642 /* Re-establish multicast membership removed by in_control */
1643 mc_addr.s_addr = INADDR_CARP_GROUP;
1644 IN_LOOKUP_MULTI(mc_addr, &sc->sc_if, inm);
1645 if (inm == NULL) {
1646 memset(&sc->sc_imo, 0, sizeof(sc->sc_imo));
1647
1648 if (sc->sc_carpdev != NULL && sc->sc_naddrs > 0)
1649 carp_join_multicast(sc);
1650 }
1651
1652 if (sc->sc_naddrs == 0 && sc->sc_naddrs6 == 0) {
1653 sc->sc_if.if_flags &= ~IFF_UP;
1654 carp_set_state(sc, INIT);
1655 } else
1656 carp_hmac_prepare(sc);
1657 }
1658
1659 carp_setrun(sc, 0);
1660 }
1661
1662 int
1663 carp_set_addr(struct carp_softc *sc, struct sockaddr_in *sin)
1664 {
1665 struct ifnet *ifp = sc->sc_carpdev;
1666 struct in_ifaddr *ia, *ia_if;
1667 int error = 0;
1668
1669 if (sin->sin_addr.s_addr == 0) {
1670 if (!(sc->sc_if.if_flags & IFF_UP))
1671 carp_set_state(sc, INIT);
1672 if (sc->sc_naddrs)
1673 sc->sc_if.if_flags |= IFF_UP;
1674 carp_setrun(sc, 0);
1675 return (0);
1676 }
1677
1678 /* we have to do this by hand to ensure we don't match on ourselves */
1679 ia_if = NULL;
1680 for (ia = TAILQ_FIRST(&in_ifaddrhead); ia;
1681 ia = TAILQ_NEXT(ia, ia_list)) {
1682
1683 /* and, yeah, we need a multicast-capable iface too */
1684 if (ia->ia_ifp != &sc->sc_if &&
1685 ia->ia_ifp->if_type != IFT_CARP &&
1686 (ia->ia_ifp->if_flags & IFF_MULTICAST) &&
1687 (sin->sin_addr.s_addr & ia->ia_subnetmask) ==
1688 ia->ia_subnet) {
1689 if (!ia_if)
1690 ia_if = ia;
1691 }
1692 }
1693
1694 if (ia_if) {
1695 ia = ia_if;
1696 if (ifp) {
1697 if (ifp != ia->ia_ifp)
1698 return (EADDRNOTAVAIL);
1699 } else {
1700 ifp = ia->ia_ifp;
1701 }
1702 }
1703
1704 if ((error = carp_set_ifp(sc, ifp)))
1705 return (error);
1706
1707 if (sc->sc_carpdev == NULL)
1708 return (EADDRNOTAVAIL);
1709
1710 if (sc->sc_naddrs == 0 && (error = carp_join_multicast(sc)) != 0)
1711 return (error);
1712
1713 sc->sc_naddrs++;
1714 if (sc->sc_carpdev != NULL)
1715 sc->sc_if.if_flags |= IFF_UP;
1716
1717 carp_set_state(sc, INIT);
1718 carp_setrun(sc, 0);
1719
1720 /*
1721 * Hook if_addrhooks so that we get a callback after in_ifinit has run,
1722 * to correct any inappropriate routes that it inserted.
1723 */
1724 if (sc->ah_cookie == 0) {
1725 /* XXX link address hook */
1726 }
1727
1728 return (0);
1729 }
1730
1731 int
1732 carp_join_multicast(struct carp_softc *sc)
1733 {
1734 struct ip_moptions *imo = &sc->sc_imo, tmpimo;
1735 struct in_addr addr;
1736
1737 memset(&tmpimo, 0, sizeof(tmpimo));
1738 addr.s_addr = INADDR_CARP_GROUP;
1739 if ((tmpimo.imo_membership[0] =
1740 in_addmulti(&addr, &sc->sc_if)) == NULL) {
1741 return (ENOBUFS);
1742 }
1743
1744 imo->imo_membership[0] = tmpimo.imo_membership[0];
1745 imo->imo_num_memberships = 1;
1746 imo->imo_multicast_ifp = &sc->sc_if;
1747 imo->imo_multicast_ttl = CARP_DFLTTL;
1748 imo->imo_multicast_loop = 0;
1749 return (0);
1750 }
1751
1752
1753 #ifdef INET6
1754 int
1755 carp_set_addr6(struct carp_softc *sc, struct sockaddr_in6 *sin6)
1756 {
1757 struct ifnet *ifp = sc->sc_carpdev;
1758 struct in6_ifaddr *ia, *ia_if;
1759 int error = 0;
1760
1761 if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
1762 if (!(sc->sc_if.if_flags & IFF_UP))
1763 carp_set_state(sc, INIT);
1764 if (sc->sc_naddrs6)
1765 sc->sc_if.if_flags |= IFF_UP;
1766 carp_setrun(sc, 0);
1767 return (0);
1768 }
1769
1770 /* we have to do this by hand to ensure we don't match on ourselves */
1771 ia_if = NULL;
1772 for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
1773 int i;
1774
1775 for (i = 0; i < 4; i++) {
1776 if ((sin6->sin6_addr.s6_addr32[i] &
1777 ia->ia_prefixmask.sin6_addr.s6_addr32[i]) !=
1778 (ia->ia_addr.sin6_addr.s6_addr32[i] &
1779 ia->ia_prefixmask.sin6_addr.s6_addr32[i]))
1780 break;
1781 }
1782 /* and, yeah, we need a multicast-capable iface too */
1783 if (ia->ia_ifp != &sc->sc_if &&
1784 ia->ia_ifp->if_type != IFT_CARP &&
1785 (ia->ia_ifp->if_flags & IFF_MULTICAST) &&
1786 (i == 4)) {
1787 if (!ia_if)
1788 ia_if = ia;
1789 }
1790 }
1791
1792 if (ia_if) {
1793 ia = ia_if;
1794 if (sc->sc_carpdev) {
1795 if (sc->sc_carpdev != ia->ia_ifp)
1796 return (EADDRNOTAVAIL);
1797 } else {
1798 ifp = ia->ia_ifp;
1799 }
1800 }
1801
1802 if ((error = carp_set_ifp(sc, ifp)))
1803 return (error);
1804
1805 if (sc->sc_carpdev == NULL)
1806 return (EADDRNOTAVAIL);
1807
1808 if (sc->sc_naddrs6 == 0 && (error = carp_join_multicast6(sc)) != 0)
1809 return (error);
1810
1811 sc->sc_naddrs6++;
1812 if (sc->sc_carpdev != NULL)
1813 sc->sc_if.if_flags |= IFF_UP;
1814 carp_set_state(sc, INIT);
1815 carp_setrun(sc, 0);
1816
1817 return (0);
1818 }
1819
1820 int
1821 carp_join_multicast6(struct carp_softc *sc)
1822 {
1823 struct in6_multi_mship *imm, *imm2;
1824 struct ip6_moptions *im6o = &sc->sc_im6o;
1825 struct sockaddr_in6 addr6;
1826 int error;
1827
1828 /* Join IPv6 CARP multicast group */
1829 memset(&addr6, 0, sizeof(addr6));
1830 addr6.sin6_family = AF_INET6;
1831 addr6.sin6_len = sizeof(addr6);
1832 addr6.sin6_addr.s6_addr16[0] = htons(0xff02);
1833 addr6.sin6_addr.s6_addr16[1] = htons(sc->sc_if.if_index);
1834 addr6.sin6_addr.s6_addr8[15] = 0x12;
1835 if ((imm = in6_joingroup(&sc->sc_if,
1836 &addr6.sin6_addr, &error, 0)) == NULL) {
1837 return (error);
1838 }
1839 /* join solicited multicast address */
1840 memset(&addr6.sin6_addr, 0, sizeof(addr6.sin6_addr));
1841 addr6.sin6_addr.s6_addr16[0] = htons(0xff02);
1842 addr6.sin6_addr.s6_addr16[1] = htons(sc->sc_if.if_index);
1843 addr6.sin6_addr.s6_addr32[1] = 0;
1844 addr6.sin6_addr.s6_addr32[2] = htonl(1);
1845 addr6.sin6_addr.s6_addr32[3] = 0;
1846 addr6.sin6_addr.s6_addr8[12] = 0xff;
1847 if ((imm2 = in6_joingroup(&sc->sc_if,
1848 &addr6.sin6_addr, &error, 0)) == NULL) {
1849 in6_leavegroup(imm);
1850 return (error);
1851 }
1852
1853 /* apply v6 multicast membership */
1854 im6o->im6o_multicast_ifp = &sc->sc_if;
1855 if (imm)
1856 LIST_INSERT_HEAD(&im6o->im6o_memberships, imm,
1857 i6mm_chain);
1858 if (imm2)
1859 LIST_INSERT_HEAD(&im6o->im6o_memberships, imm2,
1860 i6mm_chain);
1861
1862 return (0);
1863 }
1864
1865 #endif /* INET6 */
1866
1867 int
1868 carp_ioctl(struct ifnet *ifp, u_long cmd, void *data)
1869 {
1870 struct lwp *l = curlwp; /* XXX */
1871 struct carp_softc *sc = ifp->if_softc, *vr;
1872 struct carpreq carpr;
1873 struct ifaddr *ifa;
1874 struct ifreq *ifr;
1875 struct ifnet *cdev = NULL;
1876 int error = 0;
1877
1878 ifa = (struct ifaddr *)data;
1879 ifr = (struct ifreq *)data;
1880
1881 switch (cmd) {
1882 case SIOCINITIFADDR:
1883 switch (ifa->ifa_addr->sa_family) {
1884 #ifdef INET
1885 case AF_INET:
1886 sc->sc_if.if_flags |= IFF_UP;
1887 memcpy(ifa->ifa_dstaddr, ifa->ifa_addr,
1888 sizeof(struct sockaddr));
1889 error = carp_set_addr(sc, satosin(ifa->ifa_addr));
1890 break;
1891 #endif /* INET */
1892 #ifdef INET6
1893 case AF_INET6:
1894 sc->sc_if.if_flags|= IFF_UP;
1895 error = carp_set_addr6(sc, satosin6(ifa->ifa_addr));
1896 break;
1897 #endif /* INET6 */
1898 default:
1899 error = EAFNOSUPPORT;
1900 break;
1901 }
1902 break;
1903
1904 case SIOCSIFFLAGS:
1905 if ((error = ifioctl_common(ifp, cmd, data)) != 0)
1906 break;
1907 if (sc->sc_state != INIT && !(ifr->ifr_flags & IFF_UP)) {
1908 callout_stop(&sc->sc_ad_tmo);
1909 callout_stop(&sc->sc_md_tmo);
1910 callout_stop(&sc->sc_md6_tmo);
1911 if (sc->sc_state == MASTER) {
1912 /* we need the interface up to bow out */
1913 sc->sc_if.if_flags |= IFF_UP;
1914 sc->sc_bow_out = 1;
1915 carp_send_ad(sc);
1916 }
1917 sc->sc_if.if_flags &= ~IFF_UP;
1918 carp_set_state(sc, INIT);
1919 carp_setrun(sc, 0);
1920 } else if (sc->sc_state == INIT && (ifr->ifr_flags & IFF_UP)) {
1921 sc->sc_if.if_flags |= IFF_UP;
1922 carp_setrun(sc, 0);
1923 }
1924 break;
1925
1926 case SIOCSVH:
1927 if (l == NULL)
1928 break;
1929 if ((error = kauth_authorize_network(l->l_cred,
1930 KAUTH_NETWORK_INTERFACE,
1931 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
1932 NULL)) != 0)
1933 break;
1934 if ((error = copyin(ifr->ifr_data, &carpr, sizeof carpr)))
1935 break;
1936 error = 1;
1937 if (carpr.carpr_carpdev[0] != '\0' &&
1938 (cdev = ifunit(carpr.carpr_carpdev)) == NULL)
1939 return (EINVAL);
1940 if ((error = carp_set_ifp(sc, cdev)))
1941 return (error);
1942 if (sc->sc_state != INIT && carpr.carpr_state != sc->sc_state) {
1943 switch (carpr.carpr_state) {
1944 case BACKUP:
1945 callout_stop(&sc->sc_ad_tmo);
1946 carp_set_state(sc, BACKUP);
1947 carp_setrun(sc, 0);
1948 carp_setroute(sc, RTM_DELETE);
1949 break;
1950 case MASTER:
1951 carp_master_down(sc);
1952 break;
1953 default:
1954 break;
1955 }
1956 }
1957 if (carpr.carpr_vhid > 0) {
1958 if (carpr.carpr_vhid > 255) {
1959 error = EINVAL;
1960 break;
1961 }
1962 if (sc->sc_carpdev) {
1963 struct carp_if *cif;
1964 cif = (struct carp_if *)sc->sc_carpdev->if_carp;
1965 TAILQ_FOREACH(vr, &cif->vhif_vrs, sc_list)
1966 if (vr != sc &&
1967 vr->sc_vhid == carpr.carpr_vhid)
1968 return (EINVAL);
1969 }
1970 sc->sc_vhid = carpr.carpr_vhid;
1971 carp_set_enaddr(sc);
1972 carp_set_state(sc, INIT);
1973 error--;
1974 }
1975 if (carpr.carpr_advbase > 0 || carpr.carpr_advskew > 0) {
1976 if (carpr.carpr_advskew > 254) {
1977 error = EINVAL;
1978 break;
1979 }
1980 if (carpr.carpr_advbase > 255) {
1981 error = EINVAL;
1982 break;
1983 }
1984 sc->sc_advbase = carpr.carpr_advbase;
1985 sc->sc_advskew = carpr.carpr_advskew;
1986 error--;
1987 }
1988 memcpy(sc->sc_key, carpr.carpr_key, sizeof(sc->sc_key));
1989 if (error > 0)
1990 error = EINVAL;
1991 else {
1992 error = 0;
1993 carp_setrun(sc, 0);
1994 }
1995 break;
1996
1997 case SIOCGVH:
1998 memset(&carpr, 0, sizeof(carpr));
1999 if (sc->sc_carpdev != NULL)
2000 strlcpy(carpr.carpr_carpdev, sc->sc_carpdev->if_xname,
2001 IFNAMSIZ);
2002 carpr.carpr_state = sc->sc_state;
2003 carpr.carpr_vhid = sc->sc_vhid;
2004 carpr.carpr_advbase = sc->sc_advbase;
2005 carpr.carpr_advskew = sc->sc_advskew;
2006
2007 if ((l != NULL) && (error = kauth_authorize_network(l->l_cred,
2008 KAUTH_NETWORK_INTERFACE,
2009 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, (void *)cmd,
2010 NULL)) == 0)
2011 memcpy(carpr.carpr_key, sc->sc_key,
2012 sizeof(carpr.carpr_key));
2013 error = copyout(&carpr, ifr->ifr_data, sizeof(carpr));
2014 break;
2015
2016 case SIOCADDMULTI:
2017 error = carp_ether_addmulti(sc, ifr);
2018 break;
2019
2020 case SIOCDELMULTI:
2021 error = carp_ether_delmulti(sc, ifr);
2022 break;
2023
2024 default:
2025 error = ether_ioctl(ifp, cmd, data);
2026 }
2027
2028 carp_hmac_prepare(sc);
2029 return (error);
2030 }
2031
2032
2033 /*
2034 * Start output on carp interface. This function should never be called.
2035 */
2036 void
2037 carp_start(struct ifnet *ifp)
2038 {
2039 #ifdef DEBUG
2040 printf("%s: start called\n", ifp->if_xname);
2041 #endif
2042 }
2043
2044 int
2045 carp_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *sa,
2046 struct rtentry *rt)
2047 {
2048 struct carp_softc *sc = ((struct carp_softc *)ifp->if_softc);
2049
2050 if (sc->sc_carpdev != NULL && sc->sc_state == MASTER) {
2051 return (sc->sc_carpdev->if_output(ifp, m, sa, rt));
2052 } else {
2053 m_freem(m);
2054 return (ENETUNREACH);
2055 }
2056 }
2057
2058 void
2059 carp_set_state(struct carp_softc *sc, int state)
2060 {
2061 static const char *carp_states[] = { CARP_STATES };
2062 if (sc->sc_state == state)
2063 return;
2064
2065 CARP_LOG(sc, ("state transition from: %s -> to: %s", carp_states[sc->sc_state], carp_states[state]));
2066
2067 sc->sc_state = state;
2068 switch (state) {
2069 case BACKUP:
2070 sc->sc_if.if_link_state = LINK_STATE_DOWN;
2071 break;
2072 case MASTER:
2073 sc->sc_if.if_link_state = LINK_STATE_UP;
2074 break;
2075 default:
2076 sc->sc_if.if_link_state = LINK_STATE_UNKNOWN;
2077 break;
2078 }
2079 rt_ifmsg(&sc->sc_if);
2080 }
2081
2082 void
2083 carp_carpdev_state(void *v)
2084 {
2085 struct carp_if *cif;
2086 struct carp_softc *sc;
2087 struct ifnet *ifp = v;
2088
2089 if (ifp->if_type == IFT_CARP)
2090 return;
2091
2092 cif = (struct carp_if *)ifp->if_carp;
2093
2094 TAILQ_FOREACH(sc, &cif->vhif_vrs, sc_list) {
2095 int suppressed = sc->sc_suppress;
2096
2097 if (sc->sc_carpdev->if_link_state == LINK_STATE_DOWN ||
2098 !(sc->sc_carpdev->if_flags & IFF_UP)) {
2099 sc->sc_if.if_flags &= ~IFF_RUNNING;
2100 callout_stop(&sc->sc_ad_tmo);
2101 callout_stop(&sc->sc_md_tmo);
2102 callout_stop(&sc->sc_md6_tmo);
2103 carp_set_state(sc, INIT);
2104 sc->sc_suppress = 1;
2105 carp_setrun(sc, 0);
2106 if (!suppressed) {
2107 carp_suppress_preempt++;
2108 if (carp_suppress_preempt == 1)
2109 carp_send_ad_all();
2110 }
2111 } else {
2112 carp_set_state(sc, INIT);
2113 sc->sc_suppress = 0;
2114 carp_setrun(sc, 0);
2115 if (suppressed)
2116 carp_suppress_preempt--;
2117 }
2118 }
2119 }
2120
2121 int
2122 carp_ether_addmulti(struct carp_softc *sc, struct ifreq *ifr)
2123 {
2124 const struct sockaddr *sa = ifreq_getaddr(SIOCADDMULTI, ifr);
2125 struct ifnet *ifp;
2126 struct carp_mc_entry *mc;
2127 u_int8_t addrlo[ETHER_ADDR_LEN], addrhi[ETHER_ADDR_LEN];
2128 int error;
2129
2130 ifp = sc->sc_carpdev;
2131 if (ifp == NULL)
2132 return (EINVAL);
2133
2134 error = ether_addmulti(sa, &sc->sc_ac);
2135 if (error != ENETRESET)
2136 return (error);
2137
2138 /*
2139 * This is new multicast address. We have to tell parent
2140 * about it. Also, remember this multicast address so that
2141 * we can delete them on unconfigure.
2142 */
2143 mc = malloc(sizeof(struct carp_mc_entry), M_DEVBUF, M_NOWAIT);
2144 if (mc == NULL) {
2145 error = ENOMEM;
2146 goto alloc_failed;
2147 }
2148
2149 /*
2150 * As ether_addmulti() returns ENETRESET, following two
2151 * statement shouldn't fail.
2152 */
2153 (void)ether_multiaddr(sa, addrlo, addrhi);
2154 ETHER_LOOKUP_MULTI(addrlo, addrhi, &sc->sc_ac, mc->mc_enm);
2155 memcpy(&mc->mc_addr, sa, sa->sa_len);
2156 LIST_INSERT_HEAD(&sc->carp_mc_listhead, mc, mc_entries);
2157
2158 error = (*ifp->if_ioctl)(ifp, SIOCADDMULTI, ifr);
2159 if (error != 0)
2160 goto ioctl_failed;
2161
2162 return (error);
2163
2164 ioctl_failed:
2165 LIST_REMOVE(mc, mc_entries);
2166 free(mc, M_DEVBUF);
2167 alloc_failed:
2168 (void)ether_delmulti(sa, &sc->sc_ac);
2169
2170 return (error);
2171 }
2172
2173 int
2174 carp_ether_delmulti(struct carp_softc *sc, struct ifreq *ifr)
2175 {
2176 const struct sockaddr *sa = ifreq_getaddr(SIOCDELMULTI, ifr);
2177 struct ifnet *ifp;
2178 struct ether_multi *enm;
2179 struct carp_mc_entry *mc;
2180 u_int8_t addrlo[ETHER_ADDR_LEN], addrhi[ETHER_ADDR_LEN];
2181 int error;
2182
2183 ifp = sc->sc_carpdev;
2184 if (ifp == NULL)
2185 return (EINVAL);
2186
2187 /*
2188 * Find a key to lookup carp_mc_entry. We have to do this
2189 * before calling ether_delmulti for obvious reason.
2190 */
2191 if ((error = ether_multiaddr(sa, addrlo, addrhi)) != 0)
2192 return (error);
2193 ETHER_LOOKUP_MULTI(addrlo, addrhi, &sc->sc_ac, enm);
2194 if (enm == NULL)
2195 return (EINVAL);
2196
2197 LIST_FOREACH(mc, &sc->carp_mc_listhead, mc_entries)
2198 if (mc->mc_enm == enm)
2199 break;
2200
2201 /* We won't delete entries we didn't add */
2202 if (mc == NULL)
2203 return (EINVAL);
2204
2205 error = ether_delmulti(sa, &sc->sc_ac);
2206 if (error != ENETRESET)
2207 return (error);
2208
2209 /* We no longer use this multicast address. Tell parent so. */
2210 error = (*ifp->if_ioctl)(ifp, SIOCDELMULTI, ifr);
2211 if (error == 0) {
2212 /* And forget about this address. */
2213 LIST_REMOVE(mc, mc_entries);
2214 free(mc, M_DEVBUF);
2215 } else
2216 (void)ether_addmulti(sa, &sc->sc_ac);
2217 return (error);
2218 }
2219
2220 /*
2221 * Delete any multicast address we have asked to add from parent
2222 * interface. Called when the carp is being unconfigured.
2223 */
2224 void
2225 carp_ether_purgemulti(struct carp_softc *sc)
2226 {
2227 struct ifnet *ifp = sc->sc_carpdev; /* Parent. */
2228 struct carp_mc_entry *mc;
2229 union {
2230 struct ifreq ifreq;
2231 struct {
2232 char ifr_name[IFNAMSIZ];
2233 struct sockaddr_storage ifr_ss;
2234 } ifreq_storage;
2235 } u;
2236 struct ifreq *ifr = &u.ifreq;
2237
2238 if (ifp == NULL)
2239 return;
2240
2241 memcpy(ifr->ifr_name, ifp->if_xname, IFNAMSIZ);
2242 while ((mc = LIST_FIRST(&sc->carp_mc_listhead)) != NULL) {
2243 memcpy(&ifr->ifr_addr, &mc->mc_addr, mc->mc_addr.ss_len);
2244 (void)(*ifp->if_ioctl)(ifp, SIOCDELMULTI, ifr);
2245 LIST_REMOVE(mc, mc_entries);
2246 free(mc, M_DEVBUF);
2247 }
2248 }
2249
2250 static int
2251 sysctl_net_inet_carp_stats(SYSCTLFN_ARGS)
2252 {
2253
2254 return (NETSTAT_SYSCTL(carpstat_percpu, CARP_NSTATS));
2255 }
2256
2257 void
2258 carp_init(void)
2259 {
2260
2261 sysctl_net_inet_carp_setup(NULL);
2262 }
2263
2264 static void
2265 sysctl_net_inet_carp_setup(struct sysctllog **clog)
2266 {
2267
2268 sysctl_createv(clog, 0, NULL, NULL,
2269 CTLFLAG_PERMANENT,
2270 CTLTYPE_NODE, "net", NULL,
2271 NULL, 0, NULL, 0,
2272 CTL_NET, CTL_EOL);
2273 sysctl_createv(clog, 0, NULL, NULL,
2274 CTLFLAG_PERMANENT,
2275 CTLTYPE_NODE, "inet", NULL,
2276 NULL, 0, NULL, 0,
2277 CTL_NET, PF_INET, CTL_EOL);
2278 sysctl_createv(clog, 0, NULL, NULL,
2279 CTLFLAG_PERMANENT,
2280 CTLTYPE_NODE, "carp",
2281 SYSCTL_DESCR("CARP related settings"),
2282 NULL, 0, NULL, 0,
2283 CTL_NET, PF_INET, IPPROTO_CARP, CTL_EOL);
2284
2285 sysctl_createv(clog, 0, NULL, NULL,
2286 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2287 CTLTYPE_INT, "preempt",
2288 SYSCTL_DESCR("Enable CARP Preempt"),
2289 NULL, 0, &carp_opts[CARPCTL_PREEMPT], 0,
2290 CTL_NET, PF_INET, IPPROTO_CARP,
2291 CTL_CREATE, CTL_EOL);
2292 sysctl_createv(clog, 0, NULL, NULL,
2293 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2294 CTLTYPE_INT, "arpbalance",
2295 SYSCTL_DESCR("Enable ARP balancing"),
2296 NULL, 0, &carp_opts[CARPCTL_ARPBALANCE], 0,
2297 CTL_NET, PF_INET, IPPROTO_CARP,
2298 CTL_CREATE, CTL_EOL);
2299 sysctl_createv(clog, 0, NULL, NULL,
2300 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2301 CTLTYPE_INT, "allow",
2302 SYSCTL_DESCR("Enable CARP"),
2303 NULL, 0, &carp_opts[CARPCTL_ALLOW], 0,
2304 CTL_NET, PF_INET, IPPROTO_CARP,
2305 CTL_CREATE, CTL_EOL);
2306 sysctl_createv(clog, 0, NULL, NULL,
2307 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2308 CTLTYPE_INT, "log",
2309 SYSCTL_DESCR("CARP logging"),
2310 NULL, 0, &carp_opts[CARPCTL_LOG], 0,
2311 CTL_NET, PF_INET, IPPROTO_CARP,
2312 CTL_CREATE, CTL_EOL);
2313 sysctl_createv(clog, 0, NULL, NULL,
2314 CTLFLAG_PERMANENT,
2315 CTLTYPE_STRUCT, "stats",
2316 SYSCTL_DESCR("CARP statistics"),
2317 sysctl_net_inet_carp_stats, 0, NULL, 0,
2318 CTL_NET, PF_INET, IPPROTO_CARP, CARPCTL_STATS,
2319 CTL_EOL);
2320 }
NetBSD on the FriendlyARM MINI2440