search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / sys / netinet6 / nd6.c
blobf4d920aa9b03dd139bbbe93bb6cb2ba7efc12b68
1 /* $NetBSD: nd6.c,v 1.134 2009/08/31 12:37:59 yamt Exp $ */
2 /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */
3
4 /*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 #include <sys/cdefs.h>
34 __KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.134 2009/08/31 12:37:59 yamt Exp $");
35
36 #include "opt_ipsec.h"
37
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/callout.h>
41 #include <sys/malloc.h>
42 #include <sys/mbuf.h>
43 #include <sys/socket.h>
44 #include <sys/socketvar.h>
45 #include <sys/sockio.h>
46 #include <sys/time.h>
47 #include <sys/kernel.h>
48 #include <sys/protosw.h>
49 #include <sys/errno.h>
50 #include <sys/ioctl.h>
51 #include <sys/syslog.h>
52 #include <sys/queue.h>
53
54 #include <net/if.h>
55 #include <net/if_dl.h>
56 #include <net/if_types.h>
57 #include <net/route.h>
58 #include <net/if_ether.h>
59 #include <net/if_fddi.h>
60 #include <net/if_arc.h>
61
62 #include <netinet/in.h>
63 #include <netinet6/in6_var.h>
64 #include <netinet/ip6.h>
65 #include <netinet6/ip6_var.h>
66 #include <netinet6/scope6_var.h>
67 #include <netinet6/nd6.h>
68 #include <netinet/icmp6.h>
69 #include <netinet6/icmp6_private.h>
70
71 #ifdef IPSEC
72 #include <netinet6/ipsec.h>
73 #endif
74
75 #include <net/net_osdep.h>
76
77 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */
78 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */
79
80 /* timer values */
81 int nd6_prune = 1; /* walk list every 1 seconds */
82 int nd6_delay = 5; /* delay first probe time 5 second */
83 int nd6_umaxtries = 3; /* maximum unicast query */
84 int nd6_mmaxtries = 3; /* maximum multicast query */
85 int nd6_useloopback = 1; /* use loopback interface for local traffic */
86 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */
87
88 /* preventing too many loops in ND option parsing */
89 int nd6_maxndopt = 10; /* max # of ND options allowed */
90
91 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */
92
93 int nd6_maxqueuelen = 1; /* max # of packets cached in unresolved ND entries */
94
95 #ifdef ND6_DEBUG
96 int nd6_debug = 1;
97 #else
98 int nd6_debug = 0;
99 #endif
100
101 /* for debugging? */
102 static int nd6_inuse, nd6_allocated;
103
104 struct llinfo_nd6 llinfo_nd6 = {
105 .ln_prev = &llinfo_nd6,
106 .ln_next = &llinfo_nd6,
107 };
108 struct nd_drhead nd_defrouter;
109 struct nd_prhead nd_prefix = { 0 };
110
111 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL;
112 static const struct sockaddr_in6 all1_sa = {
113 .sin6_family = AF_INET6
114 , .sin6_len = sizeof(struct sockaddr_in6)
115 , .sin6_addr = {.s6_addr = {0xff, 0xff, 0xff, 0xff,
116 0xff, 0xff, 0xff, 0xff,
117 0xff, 0xff, 0xff, 0xff,
118 0xff, 0xff, 0xff, 0xff}}
119 };
120
121 static void nd6_setmtu0(struct ifnet *, struct nd_ifinfo *);
122 static void nd6_slowtimo(void *);
123 static int regen_tmpaddr(struct in6_ifaddr *);
124 static struct llinfo_nd6 *nd6_free(struct rtentry *, int);
125 static void nd6_llinfo_timer(void *);
126 static void clear_llinfo_pqueue(struct llinfo_nd6 *);
127
128 callout_t nd6_slowtimo_ch;
129 callout_t nd6_timer_ch;
130 extern callout_t in6_tmpaddrtimer_ch;
131
132 static int fill_drlist(void *, size_t *, size_t);
133 static int fill_prlist(void *, size_t *, size_t);
134
135 MALLOC_DEFINE(M_IP6NDP, "NDP", "IPv6 Neighbour Discovery");
136
137 void
138 nd6_init(void)
139 {
140 static int nd6_init_done = 0;
141
142 if (nd6_init_done) {
143 log(LOG_NOTICE, "nd6_init called more than once(ignored)\n");
144 return;
145 }
146
147 /* initialization of the default router list */
148 TAILQ_INIT(&nd_defrouter);
149
150 nd6_init_done = 1;
151
152 callout_init(&nd6_slowtimo_ch, CALLOUT_MPSAFE);
153 callout_init(&nd6_timer_ch, CALLOUT_MPSAFE);
154
155 /* start timer */
156 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz,
157 nd6_slowtimo, NULL);
158 }
159
160 struct nd_ifinfo *
161 nd6_ifattach(struct ifnet *ifp)
162 {
163 struct nd_ifinfo *nd;
164
165 nd = (struct nd_ifinfo *)malloc(sizeof(*nd), M_IP6NDP, M_WAITOK);
166 memset(nd, 0, sizeof(*nd));
167
168 nd->initialized = 1;
169
170 nd->chlim = IPV6_DEFHLIM;
171 nd->basereachable = REACHABLE_TIME;
172 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable);
173 nd->retrans = RETRANS_TIMER;
174 /*
175 * Note that the default value of ip6_accept_rtadv is 0.
176 * Because we do not set ND6_IFF_OVERRIDE_RTADV here, we won't
177 * accept RAs by default.
178 */
179 nd->flags = ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV;
180
181 /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */
182 nd6_setmtu0(ifp, nd);
183
184 return nd;
185 }
186
187 void
188 nd6_ifdetach(struct nd_ifinfo *nd)
189 {
190
191 free(nd, M_IP6NDP);
192 }
193
194 void
195 nd6_setmtu(struct ifnet *ifp)
196 {
197 nd6_setmtu0(ifp, ND_IFINFO(ifp));
198 }
199
200 void
201 nd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi)
202 {
203 u_int32_t omaxmtu;
204
205 omaxmtu = ndi->maxmtu;
206
207 switch (ifp->if_type) {
208 case IFT_ARCNET:
209 ndi->maxmtu = MIN(ARC_PHDS_MAXMTU, ifp->if_mtu); /* RFC2497 */
210 break;
211 case IFT_FDDI:
212 ndi->maxmtu = MIN(FDDIIPMTU, ifp->if_mtu);
213 break;
214 default:
215 ndi->maxmtu = ifp->if_mtu;
216 break;
217 }
218
219 /*
220 * Decreasing the interface MTU under IPV6 minimum MTU may cause
221 * undesirable situation. We thus notify the operator of the change
222 * explicitly. The check for omaxmtu is necessary to restrict the
223 * log to the case of changing the MTU, not initializing it.
224 */
225 if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) {
226 log(LOG_NOTICE, "nd6_setmtu0: new link MTU on %s (%lu) is too"
227 " small for IPv6 which needs %lu\n",
228 if_name(ifp), (unsigned long)ndi->maxmtu, (unsigned long)
229 IPV6_MMTU);
230 }
231
232 if (ndi->maxmtu > in6_maxmtu)
233 in6_setmaxmtu(); /* check all interfaces just in case */
234 }
235
236 void
237 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts)
238 {
239
240 memset(ndopts, 0, sizeof(*ndopts));
241 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt;
242 ndopts->nd_opts_last
243 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len);
244
245 if (icmp6len == 0) {
246 ndopts->nd_opts_done = 1;
247 ndopts->nd_opts_search = NULL;
248 }
249 }
250
251 /*
252 * Take one ND option.
253 */
254 struct nd_opt_hdr *
255 nd6_option(union nd_opts *ndopts)
256 {
257 struct nd_opt_hdr *nd_opt;
258 int olen;
259
260 if (ndopts == NULL)
261 panic("ndopts == NULL in nd6_option");
262 if (ndopts->nd_opts_last == NULL)
263 panic("uninitialized ndopts in nd6_option");
264 if (ndopts->nd_opts_search == NULL)
265 return NULL;
266 if (ndopts->nd_opts_done)
267 return NULL;
268
269 nd_opt = ndopts->nd_opts_search;
270
271 /* make sure nd_opt_len is inside the buffer */
272 if ((void *)&nd_opt->nd_opt_len >= (void *)ndopts->nd_opts_last) {
273 memset(ndopts, 0, sizeof(*ndopts));
274 return NULL;
275 }
276
277 olen = nd_opt->nd_opt_len << 3;
278 if (olen == 0) {
279 /*
280 * Message validation requires that all included
281 * options have a length that is greater than zero.
282 */
283 memset(ndopts, 0, sizeof(*ndopts));
284 return NULL;
285 }
286
287 ndopts->nd_opts_search = (struct nd_opt_hdr *)((char *)nd_opt + olen);
288 if (ndopts->nd_opts_search > ndopts->nd_opts_last) {
289 /* option overruns the end of buffer, invalid */
290 memset(ndopts, 0, sizeof(*ndopts));
291 return NULL;
292 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) {
293 /* reached the end of options chain */
294 ndopts->nd_opts_done = 1;
295 ndopts->nd_opts_search = NULL;
296 }
297 return nd_opt;
298 }
299
300 /*
301 * Parse multiple ND options.
302 * This function is much easier to use, for ND routines that do not need
303 * multiple options of the same type.
304 */
305 int
306 nd6_options(union nd_opts *ndopts)
307 {
308 struct nd_opt_hdr *nd_opt;
309 int i = 0;
310
311 if (ndopts == NULL)
312 panic("ndopts == NULL in nd6_options");
313 if (ndopts->nd_opts_last == NULL)
314 panic("uninitialized ndopts in nd6_options");
315 if (ndopts->nd_opts_search == NULL)
316 return 0;
317
318 while (1) {
319 nd_opt = nd6_option(ndopts);
320 if (nd_opt == NULL && ndopts->nd_opts_last == NULL) {
321 /*
322 * Message validation requires that all included
323 * options have a length that is greater than zero.
324 */
325 ICMP6_STATINC(ICMP6_STAT_ND_BADOPT);
326 memset(ndopts, 0, sizeof(*ndopts));
327 return -1;
328 }
329
330 if (nd_opt == NULL)
331 goto skip1;
332
333 switch (nd_opt->nd_opt_type) {
334 case ND_OPT_SOURCE_LINKADDR:
335 case ND_OPT_TARGET_LINKADDR:
336 case ND_OPT_MTU:
337 case ND_OPT_REDIRECTED_HEADER:
338 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
339 nd6log((LOG_INFO,
340 "duplicated ND6 option found (type=%d)\n",
341 nd_opt->nd_opt_type));
342 /* XXX bark? */
343 } else {
344 ndopts->nd_opt_array[nd_opt->nd_opt_type]
345 = nd_opt;
346 }
347 break;
348 case ND_OPT_PREFIX_INFORMATION:
349 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) {
350 ndopts->nd_opt_array[nd_opt->nd_opt_type]
351 = nd_opt;
352 }
353 ndopts->nd_opts_pi_end =
354 (struct nd_opt_prefix_info *)nd_opt;
355 break;
356 default:
357 /*
358 * Unknown options must be silently ignored,
359 * to accommodate future extension to the protocol.
360 */
361 nd6log((LOG_DEBUG,
362 "nd6_options: unsupported option %d - "
363 "option ignored\n", nd_opt->nd_opt_type));
364 }
365
366 skip1:
367 i++;
368 if (i > nd6_maxndopt) {
369 ICMP6_STATINC(ICMP6_STAT_ND_TOOMANYOPT);
370 nd6log((LOG_INFO, "too many loop in nd opt\n"));
371 break;
372 }
373
374 if (ndopts->nd_opts_done)
375 break;
376 }
377
378 return 0;
379 }
380
381 /*
382 * ND6 timer routine to handle ND6 entries
383 */
384 void
385 nd6_llinfo_settimer(struct llinfo_nd6 *ln, long xtick)
386 {
387 int s;
388
389 s = splsoftnet();
390
391 if (xtick < 0) {
392 ln->ln_expire = 0;
393 ln->ln_ntick = 0;
394 callout_stop(&ln->ln_timer_ch);
395 } else {
396 ln->ln_expire = time_second + xtick / hz;
397 if (xtick > INT_MAX) {
398 ln->ln_ntick = xtick - INT_MAX;
399 callout_reset(&ln->ln_timer_ch, INT_MAX,
400 nd6_llinfo_timer, ln);
401 } else {
402 ln->ln_ntick = 0;
403 callout_reset(&ln->ln_timer_ch, xtick,
404 nd6_llinfo_timer, ln);
405 }
406 }
407
408 splx(s);
409 }
410
411 static void
412 nd6_llinfo_timer(void *arg)
413 {
414 struct llinfo_nd6 *ln;
415 struct rtentry *rt;
416 const struct sockaddr_in6 *dst;
417 struct ifnet *ifp;
418 struct nd_ifinfo *ndi = NULL;
419
420 mutex_enter(softnet_lock);
421 KERNEL_LOCK(1, NULL);
422
423 ln = (struct llinfo_nd6 *)arg;
424
425 if (ln->ln_ntick > 0) {
426 nd6_llinfo_settimer(ln, ln->ln_ntick);
427 KERNEL_UNLOCK_ONE(NULL);
428 mutex_exit(softnet_lock);
429 return;
430 }
431
432 if ((rt = ln->ln_rt) == NULL)
433 panic("ln->ln_rt == NULL");
434 if ((ifp = rt->rt_ifp) == NULL)
435 panic("ln->ln_rt->rt_ifp == NULL");
436 ndi = ND_IFINFO(ifp);
437 dst = satocsin6(rt_getkey(rt));
438
439 /* sanity check */
440 if (rt->rt_llinfo && (struct llinfo_nd6 *)rt->rt_llinfo != ln)
441 panic("rt_llinfo(%p) is not equal to ln(%p)",
442 rt->rt_llinfo, ln);
443 if (!dst)
444 panic("dst=0 in nd6_timer(ln=%p)", ln);
445
446 switch (ln->ln_state) {
447 case ND6_LLINFO_INCOMPLETE:
448 if (ln->ln_asked < nd6_mmaxtries) {
449 ln->ln_asked++;
450 nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000);
451 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0);
452 } else {
453 struct mbuf *m = ln->ln_hold;
454 if (m) {
455 struct mbuf *m0;
456
457 /*
458 * assuming every packet in ln_hold has
459 * the same IP header
460 */
461 m0 = m->m_nextpkt;
462 m->m_nextpkt = NULL;
463 icmp6_error2(m, ICMP6_DST_UNREACH,
464 ICMP6_DST_UNREACH_ADDR, 0, rt->rt_ifp);
465
466 ln->ln_hold = m0;
467 clear_llinfo_pqueue(ln);
468 }
469 (void)nd6_free(rt, 0);
470 ln = NULL;
471 }
472 break;
473 case ND6_LLINFO_REACHABLE:
474 if (!ND6_LLINFO_PERMANENT(ln)) {
475 ln->ln_state = ND6_LLINFO_STALE;
476 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
477 }
478 break;
479
480 case ND6_LLINFO_STALE:
481 /* Garbage Collection(RFC 2461 5.3) */
482 if (!ND6_LLINFO_PERMANENT(ln)) {
483 (void)nd6_free(rt, 1);
484 ln = NULL;
485 }
486 break;
487
488 case ND6_LLINFO_DELAY:
489 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) {
490 /* We need NUD */
491 ln->ln_asked = 1;
492 ln->ln_state = ND6_LLINFO_PROBE;
493 nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000);
494 nd6_ns_output(ifp, &dst->sin6_addr,
495 &dst->sin6_addr, ln, 0);
496 } else {
497 ln->ln_state = ND6_LLINFO_STALE; /* XXX */
498 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
499 }
500 break;
501 case ND6_LLINFO_PROBE:
502 if (ln->ln_asked < nd6_umaxtries) {
503 ln->ln_asked++;
504 nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000);
505 nd6_ns_output(ifp, &dst->sin6_addr,
506 &dst->sin6_addr, ln, 0);
507 } else {
508 (void)nd6_free(rt, 0);
509 ln = NULL;
510 }
511 break;
512 }
513
514 KERNEL_UNLOCK_ONE(NULL);
515 mutex_exit(softnet_lock);
516 }
517
518 /*
519 * ND6 timer routine to expire default route list and prefix list
520 */
521 void
522 nd6_timer(void *ignored_arg)
523 {
524 struct nd_defrouter *next_dr, *dr;
525 struct nd_prefix *next_pr, *pr;
526 struct in6_ifaddr *ia6, *nia6;
527 struct in6_addrlifetime *lt6;
528
529 callout_reset(&nd6_timer_ch, nd6_prune * hz,
530 nd6_timer, NULL);
531
532 mutex_enter(softnet_lock);
533 KERNEL_LOCK(1, NULL);
534
535 /* expire default router list */
536
537 for (dr = TAILQ_FIRST(&nd_defrouter); dr != NULL; dr = next_dr) {
538 next_dr = TAILQ_NEXT(dr, dr_entry);
539 if (dr->expire && dr->expire < time_second) {
540 defrtrlist_del(dr);
541 }
542 }
543
544 /*
545 * expire interface addresses.
546 * in the past the loop was inside prefix expiry processing.
547 * However, from a stricter speci-confrmance standpoint, we should
548 * rather separate address lifetimes and prefix lifetimes.
549 */
550 addrloop:
551 for (ia6 = in6_ifaddr; ia6; ia6 = nia6) {
552 nia6 = ia6->ia_next;
553 /* check address lifetime */
554 lt6 = &ia6->ia6_lifetime;
555 if (IFA6_IS_INVALID(ia6)) {
556 int regen = 0;
557
558 /*
559 * If the expiring address is temporary, try
560 * regenerating a new one. This would be useful when
561 * we suspended a laptop PC, then turned it on after a
562 * period that could invalidate all temporary
563 * addresses. Although we may have to restart the
564 * loop (see below), it must be after purging the
565 * address. Otherwise, we'd see an infinite loop of
566 * regeneration.
567 */
568 if (ip6_use_tempaddr &&
569 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) {
570 if (regen_tmpaddr(ia6) == 0)
571 regen = 1;
572 }
573
574 in6_purgeaddr(&ia6->ia_ifa);
575
576 if (regen)
577 goto addrloop; /* XXX: see below */
578 } else if (IFA6_IS_DEPRECATED(ia6)) {
579 int oldflags = ia6->ia6_flags;
580
581 ia6->ia6_flags |= IN6_IFF_DEPRECATED;
582
583 /*
584 * If a temporary address has just become deprecated,
585 * regenerate a new one if possible.
586 */
587 if (ip6_use_tempaddr &&
588 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 &&
589 (oldflags & IN6_IFF_DEPRECATED) == 0) {
590
591 if (regen_tmpaddr(ia6) == 0) {
592 /*
593 * A new temporary address is
594 * generated.
595 * XXX: this means the address chain
596 * has changed while we are still in
597 * the loop. Although the change
598 * would not cause disaster (because
599 * it's not a deletion, but an
600 * addition,) we'd rather restart the
601 * loop just for safety. Or does this
602 * significantly reduce performance??
603 */
604 goto addrloop;
605 }
606 }
607 } else {
608 /*
609 * A new RA might have made a deprecated address
610 * preferred.
611 */
612 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED;
613 }
614 }
615
616 /* expire prefix list */
617 for (pr = LIST_FIRST(&nd_prefix); pr != NULL; pr = next_pr) {
618 next_pr = LIST_NEXT(pr, ndpr_entry);
619 /*
620 * check prefix lifetime.
621 * since pltime is just for autoconf, pltime processing for
622 * prefix is not necessary.
623 */
624 if (pr->ndpr_vltime != ND6_INFINITE_LIFETIME &&
625 time_second - pr->ndpr_lastupdate > pr->ndpr_vltime) {
626
627 /*
628 * address expiration and prefix expiration are
629 * separate. NEVER perform in6_purgeaddr here.
630 */
631
632 prelist_remove(pr);
633 }
634 }
635
636 KERNEL_UNLOCK_ONE(NULL);
637 mutex_exit(softnet_lock);
638 }
639
640 /* ia6: deprecated/invalidated temporary address */
641 static int
642 regen_tmpaddr(struct in6_ifaddr *ia6)
643 {
644 struct ifaddr *ifa;
645 struct ifnet *ifp;
646 struct in6_ifaddr *public_ifa6 = NULL;
647
648 ifp = ia6->ia_ifa.ifa_ifp;
649 IFADDR_FOREACH(ifa, ifp) {
650 struct in6_ifaddr *it6;
651
652 if (ifa->ifa_addr->sa_family != AF_INET6)
653 continue;
654
655 it6 = (struct in6_ifaddr *)ifa;
656
657 /* ignore no autoconf addresses. */
658 if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0)
659 continue;
660
661 /* ignore autoconf addresses with different prefixes. */
662 if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr)
663 continue;
664
665 /*
666 * Now we are looking at an autoconf address with the same
667 * prefix as ours. If the address is temporary and is still
668 * preferred, do not create another one. It would be rare, but
669 * could happen, for example, when we resume a laptop PC after
670 * a long period.
671 */
672 if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 &&
673 !IFA6_IS_DEPRECATED(it6)) {
674 public_ifa6 = NULL;
675 break;
676 }
677
678 /*
679 * This is a public autoconf address that has the same prefix
680 * as ours. If it is preferred, keep it. We can't break the
681 * loop here, because there may be a still-preferred temporary
682 * address with the prefix.
683 */
684 if (!IFA6_IS_DEPRECATED(it6))
685 public_ifa6 = it6;
686 }
687
688 if (public_ifa6 != NULL) {
689 int e;
690
691 /*
692 * Random factor is introduced in the preferred lifetime, so
693 * we do not need additional delay (3rd arg to in6_tmpifadd).
694 */
695 if ((e = in6_tmpifadd(public_ifa6, 0, 0)) != 0) {
696 log(LOG_NOTICE, "regen_tmpaddr: failed to create a new"
697 " tmp addr, errno=%d\n", e);
698 return -1;
699 }
700 return 0;
701 }
702
703 return -1;
704 }
705
706 bool
707 nd6_accepts_rtadv(const struct nd_ifinfo *ndi)
708 {
709 switch (ndi->flags & (ND6_IFF_ACCEPT_RTADV|ND6_IFF_OVERRIDE_RTADV)) {
710 case ND6_IFF_OVERRIDE_RTADV|ND6_IFF_ACCEPT_RTADV:
711 return true;
712 case ND6_IFF_ACCEPT_RTADV:
713 return ip6_accept_rtadv != 0;
714 case ND6_IFF_OVERRIDE_RTADV:
715 case 0:
716 default:
717 return false;
718 }
719 }
720
721 /*
722 * Nuke neighbor cache/prefix/default router management table, right before
723 * ifp goes away.
724 */
725 void
726 nd6_purge(struct ifnet *ifp)
727 {
728 struct nd_ifinfo *ndi = ND_IFINFO(ifp);
729 struct llinfo_nd6 *ln, *nln;
730 struct nd_defrouter *dr, *ndr;
731 struct nd_prefix *pr, *npr;
732
733 /*
734 * Nuke default router list entries toward ifp.
735 * We defer removal of default router list entries that is installed
736 * in the routing table, in order to keep additional side effects as
737 * small as possible.
738 */
739 for (dr = TAILQ_FIRST(&nd_defrouter); dr != NULL; dr = ndr) {
740 ndr = TAILQ_NEXT(dr, dr_entry);
741 if (dr->installed)
742 continue;
743
744 if (dr->ifp == ifp)
745 defrtrlist_del(dr);
746 }
747 for (dr = TAILQ_FIRST(&nd_defrouter); dr != NULL; dr = ndr) {
748 ndr = TAILQ_NEXT(dr, dr_entry);
749 if (!dr->installed)
750 continue;
751
752 if (dr->ifp == ifp)
753 defrtrlist_del(dr);
754 }
755
756 /* Nuke prefix list entries toward ifp */
757 for (pr = LIST_FIRST(&nd_prefix); pr != NULL; pr = npr) {
758 npr = LIST_NEXT(pr, ndpr_entry);
759 if (pr->ndpr_ifp == ifp) {
760 /*
761 * Because if_detach() does *not* release prefixes
762 * while purging addresses the reference count will
763 * still be above zero. We therefore reset it to
764 * make sure that the prefix really gets purged.
765 */
766 pr->ndpr_refcnt = 0;
767 /*
768 * Previously, pr->ndpr_addr is removed as well,
769 * but I strongly believe we don't have to do it.
770 * nd6_purge() is only called from in6_ifdetach(),
771 * which removes all the associated interface addresses
772 * by itself.
773 * (jinmei@kame.net 20010129)
774 */
775 prelist_remove(pr);
776 }
777 }
778
779 /* cancel default outgoing interface setting */
780 if (nd6_defifindex == ifp->if_index)
781 nd6_setdefaultiface(0);
782
783 /* XXX: too restrictive? */
784 if (!ip6_forwarding && ndi && nd6_accepts_rtadv(ndi)) {
785 /* refresh default router list */
786 defrouter_select();
787 }
788
789 /*
790 * Nuke neighbor cache entries for the ifp.
791 * Note that rt->rt_ifp may not be the same as ifp,
792 * due to KAME goto ours hack. See RTM_RESOLVE case in
793 * nd6_rtrequest(), and ip6_input().
794 */
795 ln = llinfo_nd6.ln_next;
796 while (ln != NULL && ln != &llinfo_nd6) {
797 struct rtentry *rt;
798 const struct sockaddr_dl *sdl;
799
800 nln = ln->ln_next;
801 rt = ln->ln_rt;
802 if (rt && rt->rt_gateway &&
803 rt->rt_gateway->sa_family == AF_LINK) {
804 sdl = satocsdl(rt->rt_gateway);
805 if (sdl->sdl_index == ifp->if_index)
806 nln = nd6_free(rt, 0);
807 }
808 ln = nln;
809 }
810 }
811
812 struct rtentry *
813 nd6_lookup(const struct in6_addr *addr6, int create, struct ifnet *ifp)
814 {
815 struct rtentry *rt;
816 struct sockaddr_in6 sin6;
817
818 sockaddr_in6_init(&sin6, addr6, 0, 0, 0);
819 rt = rtalloc1((struct sockaddr *)&sin6, create);
820 if (rt != NULL && (rt->rt_flags & RTF_LLINFO) == 0) {
821 /*
822 * This is the case for the default route.
823 * If we want to create a neighbor cache for the address, we
824 * should free the route for the destination and allocate an
825 * interface route.
826 */
827 if (create) {
828 RTFREE(rt);
829 rt = NULL;
830 }
831 }
832 if (rt != NULL)
833 ;
834 else if (create && ifp) {
835 int e;
836
837 /*
838 * If no route is available and create is set,
839 * we allocate a host route for the destination
840 * and treat it like an interface route.
841 * This hack is necessary for a neighbor which can't
842 * be covered by our own prefix.
843 */
844 struct ifaddr *ifa =
845 ifaof_ifpforaddr((struct sockaddr *)&sin6, ifp);
846 if (ifa == NULL)
847 return NULL;
848
849 /*
850 * Create a new route. RTF_LLINFO is necessary
851 * to create a Neighbor Cache entry for the
852 * destination in nd6_rtrequest which will be
853 * called in rtrequest via ifa->ifa_rtrequest.
854 */
855 if ((e = rtrequest(RTM_ADD, (const struct sockaddr *)&sin6,
856 ifa->ifa_addr, (const struct sockaddr *)&all1_sa,
857 (ifa->ifa_flags | RTF_HOST | RTF_LLINFO) &
858 ~RTF_CLONING, &rt)) != 0) {
859 #if 0
860 log(LOG_ERR,
861 "nd6_lookup: failed to add route for a "
862 "neighbor(%s), errno=%d\n",
863 ip6_sprintf(addr6), e);
864 #endif
865 return NULL;
866 }
867 if (rt == NULL)
868 return NULL;
869 if (rt->rt_llinfo) {
870 struct llinfo_nd6 *ln =
871 (struct llinfo_nd6 *)rt->rt_llinfo;
872 ln->ln_state = ND6_LLINFO_NOSTATE;
873 }
874 } else
875 return NULL;
876 rt->rt_refcnt--;
877 /*
878 * Validation for the entry.
879 * Note that the check for rt_llinfo is necessary because a cloned
880 * route from a parent route that has the L flag (e.g. the default
881 * route to a p2p interface) may have the flag, too, while the
882 * destination is not actually a neighbor.
883 * XXX: we can't use rt->rt_ifp to check for the interface, since
884 * it might be the loopback interface if the entry is for our
885 * own address on a non-loopback interface. Instead, we should
886 * use rt->rt_ifa->ifa_ifp, which would specify the REAL
887 * interface.
888 * Note also that ifa_ifp and ifp may differ when we connect two
889 * interfaces to a same link, install a link prefix to an interface,
890 * and try to install a neighbor cache on an interface that does not
891 * have a route to the prefix.
892 */
893 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 ||
894 rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL ||
895 (ifp && rt->rt_ifa->ifa_ifp != ifp)) {
896 if (create) {
897 nd6log((LOG_DEBUG,
898 "nd6_lookup: failed to lookup %s (if = %s)\n",
899 ip6_sprintf(addr6),
900 ifp ? if_name(ifp) : "unspec"));
901 }
902 return NULL;
903 }
904 return rt;
905 }
906
907 /*
908 * Detect if a given IPv6 address identifies a neighbor on a given link.
909 * XXX: should take care of the destination of a p2p link?
910 */
911 int
912 nd6_is_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp)
913 {
914 struct nd_prefix *pr;
915
916 /*
917 * A link-local address is always a neighbor.
918 * XXX: a link does not necessarily specify a single interface.
919 */
920 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) {
921 struct sockaddr_in6 sin6_copy;
922 u_int32_t zone;
923
924 /*
925 * We need sin6_copy since sa6_recoverscope() may modify the
926 * content (XXX).
927 */
928 sin6_copy = *addr;
929 if (sa6_recoverscope(&sin6_copy))
930 return 0; /* XXX: should be impossible */
931 if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone))
932 return 0;
933 if (sin6_copy.sin6_scope_id == zone)
934 return 1;
935 else
936 return 0;
937 }
938
939 /*
940 * If the address matches one of our on-link prefixes, it should be a
941 * neighbor.
942 */
943 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) {
944 if (pr->ndpr_ifp != ifp)
945 continue;
946
947 if (!(pr->ndpr_stateflags & NDPRF_ONLINK))
948 continue;
949
950 if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr,
951 &addr->sin6_addr, &pr->ndpr_mask))
952 return 1;
953 }
954
955 /*
956 * If the default router list is empty, all addresses are regarded
957 * as on-link, and thus, as a neighbor.
958 * XXX: we restrict the condition to hosts, because routers usually do
959 * not have the "default router list".
960 */
961 if (!ip6_forwarding && TAILQ_FIRST(&nd_defrouter) == NULL &&
962 nd6_defifindex == ifp->if_index) {
963 return 1;
964 }
965
966 /*
967 * Even if the address matches none of our addresses, it might be
968 * in the neighbor cache.
969 */
970 if (nd6_lookup(&addr->sin6_addr, 0, ifp) != NULL)
971 return 1;
972
973 return 0;
974 }
975
976 /*
977 * Free an nd6 llinfo entry.
978 * Since the function would cause significant changes in the kernel, DO NOT
979 * make it global, unless you have a strong reason for the change, and are sure
980 * that the change is safe.
981 */
982 static struct llinfo_nd6 *
983 nd6_free(struct rtentry *rt, int gc)
984 {
985 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo, *next;
986 struct in6_addr in6 = satocsin6(rt_getkey(rt))->sin6_addr;
987 struct nd_defrouter *dr;
988
989 /*
990 * we used to have pfctlinput(PRC_HOSTDEAD) here.
991 * even though it is not harmful, it was not really necessary.
992 */
993
994 /* cancel timer */
995 nd6_llinfo_settimer(ln, -1);
996
997 if (!ip6_forwarding) {
998 int s;
999 s = splsoftnet();
1000 dr = defrouter_lookup(&satocsin6(rt_getkey(rt))->sin6_addr,
1001 rt->rt_ifp);
1002
1003 if (dr != NULL && dr->expire &&
1004 ln->ln_state == ND6_LLINFO_STALE && gc) {
1005 /*
1006 * If the reason for the deletion is just garbage
1007 * collection, and the neighbor is an active default
1008 * router, do not delete it. Instead, reset the GC
1009 * timer using the router's lifetime.
1010 * Simply deleting the entry would affect default
1011 * router selection, which is not necessarily a good
1012 * thing, especially when we're using router preference
1013 * values.
1014 * XXX: the check for ln_state would be redundant,
1015 * but we intentionally keep it just in case.
1016 */
1017 if (dr->expire > time_second)
1018 nd6_llinfo_settimer(ln,
1019 (dr->expire - time_second) * hz);
1020 else
1021 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
1022 splx(s);
1023 return ln->ln_next;
1024 }
1025
1026 if (ln->ln_router || dr) {
1027 /*
1028 * rt6_flush must be called whether or not the neighbor
1029 * is in the Default Router List.
1030 * See a corresponding comment in nd6_na_input().
1031 */
1032 rt6_flush(&in6, rt->rt_ifp);
1033 }
1034
1035 if (dr) {
1036 /*
1037 * Unreachablity of a router might affect the default
1038 * router selection and on-link detection of advertised
1039 * prefixes.
1040 */
1041
1042 /*
1043 * Temporarily fake the state to choose a new default
1044 * router and to perform on-link determination of
1045 * prefixes correctly.
1046 * Below the state will be set correctly,
1047 * or the entry itself will be deleted.
1048 */
1049 ln->ln_state = ND6_LLINFO_INCOMPLETE;
1050
1051 /*
1052 * Since defrouter_select() does not affect the
1053 * on-link determination and MIP6 needs the check
1054 * before the default router selection, we perform
1055 * the check now.
1056 */
1057 pfxlist_onlink_check();
1058
1059 /*
1060 * refresh default router list
1061 */
1062 defrouter_select();
1063 }
1064 splx(s);
1065 }
1066
1067 /*
1068 * Before deleting the entry, remember the next entry as the
1069 * return value. We need this because pfxlist_onlink_check() above
1070 * might have freed other entries (particularly the old next entry) as
1071 * a side effect (XXX).
1072 */
1073 next = ln->ln_next;
1074
1075 /*
1076 * Detach the route from the routing tree and the list of neighbor
1077 * caches, and disable the route entry not to be used in already
1078 * cached routes.
1079 */
1080 rtrequest(RTM_DELETE, rt_getkey(rt), NULL, rt_mask(rt), 0, NULL);
1081
1082 return next;
1083 }
1084
1085 /*
1086 * Upper-layer reachability hint for Neighbor Unreachability Detection.
1087 *
1088 * XXX cost-effective methods?
1089 */
1090 void
1091 nd6_nud_hint(struct rtentry *rt, struct in6_addr *dst6, int force)
1092 {
1093 struct llinfo_nd6 *ln;
1094
1095 /*
1096 * If the caller specified "rt", use that. Otherwise, resolve the
1097 * routing table by supplied "dst6".
1098 */
1099 if (rt == NULL) {
1100 if (dst6 == NULL)
1101 return;
1102 if ((rt = nd6_lookup(dst6, 0, NULL)) == NULL)
1103 return;
1104 }
1105
1106 if ((rt->rt_flags & RTF_GATEWAY) != 0 ||
1107 (rt->rt_flags & RTF_LLINFO) == 0 ||
1108 !rt->rt_llinfo || !rt->rt_gateway ||
1109 rt->rt_gateway->sa_family != AF_LINK) {
1110 /* This is not a host route. */
1111 return;
1112 }
1113
1114 ln = (struct llinfo_nd6 *)rt->rt_llinfo;
1115 if (ln->ln_state < ND6_LLINFO_REACHABLE)
1116 return;
1117
1118 /*
1119 * if we get upper-layer reachability confirmation many times,
1120 * it is possible we have false information.
1121 */
1122 if (!force) {
1123 ln->ln_byhint++;
1124 if (ln->ln_byhint > nd6_maxnudhint)
1125 return;
1126 }
1127
1128 ln->ln_state = ND6_LLINFO_REACHABLE;
1129 if (!ND6_LLINFO_PERMANENT(ln)) {
1130 nd6_llinfo_settimer(ln,
1131 (long)ND_IFINFO(rt->rt_ifp)->reachable * hz);
1132 }
1133 }
1134
1135 void
1136 nd6_rtrequest(int req, struct rtentry *rt, const struct rt_addrinfo *info)
1137 {
1138 struct sockaddr *gate = rt->rt_gateway;
1139 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo;
1140 struct ifnet *ifp = rt->rt_ifp;
1141 uint8_t namelen = strlen(ifp->if_xname), addrlen = ifp->if_addrlen;
1142 struct ifaddr *ifa;
1143
1144 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1145
1146 if (req == RTM_LLINFO_UPD) {
1147 int rc;
1148 struct in6_addr *in6;
1149 struct in6_addr in6_all;
1150 int anycast;
1151
1152 if ((ifa = info->rti_ifa) == NULL)
1153 return;
1154
1155 in6 = &ifatoia6(ifa)->ia_addr.sin6_addr;
1156 anycast = ifatoia6(ifa)->ia6_flags & IN6_IFF_ANYCAST;
1157
1158 in6_all = in6addr_linklocal_allnodes;
1159 if ((rc = in6_setscope(&in6_all, ifa->ifa_ifp, NULL)) != 0) {
1160 log(LOG_ERR, "%s: failed to set scope %s "
1161 "(errno=%d)\n", __func__, if_name(ifp), rc);
1162 return;
1163 }
1164
1165 /* XXX don't set Override for proxy addresses */
1166 nd6_na_output(ifa->ifa_ifp, &in6_all, in6,
1167 (anycast ? 0 : ND_NA_FLAG_OVERRIDE)
1168 #if 0
1169 | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0)
1170 #endif
1171 , 1, NULL);
1172 return;
1173 }
1174
1175 if ((rt->rt_flags & RTF_GATEWAY) != 0)
1176 return;
1177
1178 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) {
1179 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1180 /*
1181 * This is probably an interface direct route for a link
1182 * which does not need neighbor caches (e.g. fe80::%lo0/64).
1183 * We do not need special treatment below for such a route.
1184 * Moreover, the RTF_LLINFO flag which would be set below
1185 * would annoy the ndp(8) command.
1186 */
1187 return;
1188 }
1189
1190 if (req == RTM_RESOLVE &&
1191 (nd6_need_cache(ifp) == 0 || /* stf case */
1192 !nd6_is_addr_neighbor(satocsin6(rt_getkey(rt)), ifp))) {
1193 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1194 /*
1195 * FreeBSD and BSD/OS often make a cloned host route based
1196 * on a less-specific route (e.g. the default route).
1197 * If the less specific route does not have a "gateway"
1198 * (this is the case when the route just goes to a p2p or an
1199 * stf interface), we'll mistakenly make a neighbor cache for
1200 * the host route, and will see strange neighbor solicitation
1201 * for the corresponding destination. In order to avoid the
1202 * confusion, we check if the destination of the route is
1203 * a neighbor in terms of neighbor discovery, and stop the
1204 * process if not. Additionally, we remove the LLINFO flag
1205 * so that ndp(8) will not try to get the neighbor information
1206 * of the destination.
1207 */
1208 rt->rt_flags &= ~RTF_LLINFO;
1209 return;
1210 }
1211
1212 switch (req) {
1213 case RTM_ADD:
1214 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1215 /*
1216 * There is no backward compatibility :)
1217 *
1218 * if ((rt->rt_flags & RTF_HOST) == 0 &&
1219 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff)
1220 * rt->rt_flags |= RTF_CLONING;
1221 */
1222 if ((rt->rt_flags & RTF_CLONING) ||
1223 ((rt->rt_flags & RTF_LLINFO) && ln == NULL)) {
1224 union {
1225 struct sockaddr sa;
1226 struct sockaddr_dl sdl;
1227 struct sockaddr_storage ss;
1228 } u;
1229 /*
1230 * Case 1: This route should come from a route to
1231 * interface (RTF_CLONING case) or the route should be
1232 * treated as on-link but is currently not
1233 * (RTF_LLINFO && ln == NULL case).
1234 */
1235 sockaddr_dl_init(&u.sdl, sizeof(u.ss),
1236 ifp->if_index, ifp->if_type,
1237 NULL, namelen, NULL, addrlen);
1238 rt_setgate(rt, &u.sa);
1239 gate = rt->rt_gateway;
1240 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1241 if (ln != NULL)
1242 nd6_llinfo_settimer(ln, 0);
1243 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1244 if ((rt->rt_flags & RTF_CLONING) != 0)
1245 break;
1246 }
1247 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1248 /*
1249 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here.
1250 * We don't do that here since llinfo is not ready yet.
1251 *
1252 * There are also couple of other things to be discussed:
1253 * - unsolicited NA code needs improvement beforehand
1254 * - RFC2461 says we MAY send multicast unsolicited NA
1255 * (7.2.6 paragraph 4), however, it also says that we
1256 * SHOULD provide a mechanism to prevent multicast NA storm.
1257 * we don't have anything like it right now.
1258 * note that the mechanism needs a mutual agreement
1259 * between proxies, which means that we need to implement
1260 * a new protocol, or a new kludge.
1261 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA.
1262 * we need to check ip6forwarding before sending it.
1263 * (or should we allow proxy ND configuration only for
1264 * routers? there's no mention about proxy ND from hosts)
1265 */
1266 #if 0
1267 /* XXX it does not work */
1268 if (rt->rt_flags & RTF_ANNOUNCE)
1269 nd6_na_output(ifp,
1270 &satocsin6(rt_getkey(rt))->sin6_addr,
1271 &satocsin6(rt_getkey(rt))->sin6_addr,
1272 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0,
1273 1, NULL);
1274 #endif
1275 /* FALLTHROUGH */
1276 case RTM_RESOLVE:
1277 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) {
1278 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1279 /*
1280 * Address resolution isn't necessary for a point to
1281 * point link, so we can skip this test for a p2p link.
1282 */
1283 if (gate->sa_family != AF_LINK ||
1284 gate->sa_len <
1285 sockaddr_dl_measure(namelen, addrlen)) {
1286 log(LOG_DEBUG,
1287 "nd6_rtrequest: bad gateway value: %s\n",
1288 if_name(ifp));
1289 break;
1290 }
1291 satosdl(gate)->sdl_type = ifp->if_type;
1292 satosdl(gate)->sdl_index = ifp->if_index;
1293 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1294 }
1295 if (ln != NULL)
1296 break; /* This happens on a route change */
1297 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1298 /*
1299 * Case 2: This route may come from cloning, or a manual route
1300 * add with a LL address.
1301 */
1302 R_Malloc(ln, struct llinfo_nd6 *, sizeof(*ln));
1303 rt->rt_llinfo = ln;
1304 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1305 if (ln == NULL) {
1306 log(LOG_DEBUG, "nd6_rtrequest: malloc failed\n");
1307 break;
1308 }
1309 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1310 nd6_inuse++;
1311 nd6_allocated++;
1312 memset(ln, 0, sizeof(*ln));
1313 ln->ln_rt = rt;
1314 callout_init(&ln->ln_timer_ch, CALLOUT_MPSAFE);
1315 /* this is required for "ndp" command. - shin */
1316 if (req == RTM_ADD) {
1317 /*
1318 * gate should have some valid AF_LINK entry,
1319 * and ln->ln_expire should have some lifetime
1320 * which is specified by ndp command.
1321 */
1322 ln->ln_state = ND6_LLINFO_REACHABLE;
1323 ln->ln_byhint = 0;
1324 } else {
1325 /*
1326 * When req == RTM_RESOLVE, rt is created and
1327 * initialized in rtrequest(), so rt_expire is 0.
1328 */
1329 ln->ln_state = ND6_LLINFO_NOSTATE;
1330 nd6_llinfo_settimer(ln, 0);
1331 }
1332 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1333 rt->rt_flags |= RTF_LLINFO;
1334 ln->ln_next = llinfo_nd6.ln_next;
1335 llinfo_nd6.ln_next = ln;
1336 ln->ln_prev = &llinfo_nd6;
1337 ln->ln_next->ln_prev = ln;
1338
1339 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1340 /*
1341 * check if rt_getkey(rt) is an address assigned
1342 * to the interface.
1343 */
1344 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp,
1345 &satocsin6(rt_getkey(rt))->sin6_addr);
1346 RT_DPRINTF("rt->_rt_key = %p\n", (void *)rt->_rt_key);
1347 if (ifa != NULL) {
1348 const void *mac;
1349 nd6_llinfo_settimer(ln, -1);
1350 ln->ln_state = ND6_LLINFO_REACHABLE;
1351 ln->ln_byhint = 0;
1352 if ((mac = nd6_ifptomac(ifp)) != NULL) {
1353 /* XXX check for error */
1354 (void)sockaddr_dl_setaddr(satosdl(gate),
1355 gate->sa_len, mac, ifp->if_addrlen);
1356 }
1357 if (nd6_useloopback) {
1358 ifp = rt->rt_ifp = lo0ifp; /* XXX */
1359 /*
1360 * Make sure rt_ifa be equal to the ifaddr
1361 * corresponding to the address.
1362 * We need this because when we refer
1363 * rt_ifa->ia6_flags in ip6_input, we assume
1364 * that the rt_ifa points to the address instead
1365 * of the loopback address.
1366 */
1367 if (ifa != rt->rt_ifa)
1368 rt_replace_ifa(rt, ifa);
1369 rt->rt_flags &= ~RTF_CLONED;
1370 }
1371 } else if (rt->rt_flags & RTF_ANNOUNCE) {
1372 nd6_llinfo_settimer(ln, -1);
1373 ln->ln_state = ND6_LLINFO_REACHABLE;
1374 ln->ln_byhint = 0;
1375
1376 /* join solicited node multicast for proxy ND */
1377 if (ifp->if_flags & IFF_MULTICAST) {
1378 struct in6_addr llsol;
1379 int error;
1380
1381 llsol = satocsin6(rt_getkey(rt))->sin6_addr;
1382 llsol.s6_addr32[0] = htonl(0xff020000);
1383 llsol.s6_addr32[1] = 0;
1384 llsol.s6_addr32[2] = htonl(1);
1385 llsol.s6_addr8[12] = 0xff;
1386 if (in6_setscope(&llsol, ifp, NULL))
1387 break;
1388 if (!in6_addmulti(&llsol, ifp, &error, 0)) {
1389 nd6log((LOG_ERR, "%s: failed to join "
1390 "%s (errno=%d)\n", if_name(ifp),
1391 ip6_sprintf(&llsol), error));
1392 }
1393 }
1394 }
1395 break;
1396
1397 case RTM_DELETE:
1398 if (ln == NULL)
1399 break;
1400 /* leave from solicited node multicast for proxy ND */
1401 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 &&
1402 (ifp->if_flags & IFF_MULTICAST) != 0) {
1403 struct in6_addr llsol;
1404 struct in6_multi *in6m;
1405
1406 llsol = satocsin6(rt_getkey(rt))->sin6_addr;
1407 llsol.s6_addr32[0] = htonl(0xff020000);
1408 llsol.s6_addr32[1] = 0;
1409 llsol.s6_addr32[2] = htonl(1);
1410 llsol.s6_addr8[12] = 0xff;
1411 if (in6_setscope(&llsol, ifp, NULL) == 0) {
1412 IN6_LOOKUP_MULTI(llsol, ifp, in6m);
1413 if (in6m)
1414 in6_delmulti(in6m);
1415 }
1416 }
1417 nd6_inuse--;
1418 ln->ln_next->ln_prev = ln->ln_prev;
1419 ln->ln_prev->ln_next = ln->ln_next;
1420 ln->ln_prev = NULL;
1421 nd6_llinfo_settimer(ln, -1);
1422 rt->rt_llinfo = 0;
1423 rt->rt_flags &= ~RTF_LLINFO;
1424 clear_llinfo_pqueue(ln);
1425 Free(ln);
1426 }
1427 }
1428
1429 int
1430 nd6_ioctl(u_long cmd, void *data, struct ifnet *ifp)
1431 {
1432 struct in6_drlist *drl = (struct in6_drlist *)data;
1433 struct in6_oprlist *oprl = (struct in6_oprlist *)data;
1434 struct in6_ndireq *ndi = (struct in6_ndireq *)data;
1435 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data;
1436 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data;
1437 struct nd_defrouter *dr;
1438 struct nd_prefix *pr;
1439 struct rtentry *rt;
1440 int i = 0, error = 0;
1441 int s;
1442
1443 switch (cmd) {
1444 case SIOCGDRLST_IN6:
1445 /*
1446 * obsolete API, use sysctl under net.inet6.icmp6
1447 */
1448 memset(drl, 0, sizeof(*drl));
1449 s = splsoftnet();
1450 TAILQ_FOREACH(dr, &nd_defrouter, dr_entry) {
1451 if (i >= DRLSTSIZ)
1452 break;
1453 drl->defrouter[i].rtaddr = dr->rtaddr;
1454 in6_clearscope(&drl->defrouter[i].rtaddr);
1455
1456 drl->defrouter[i].flags = dr->flags;
1457 drl->defrouter[i].rtlifetime = dr->rtlifetime;
1458 drl->defrouter[i].expire = dr->expire;
1459 drl->defrouter[i].if_index = dr->ifp->if_index;
1460 i++;
1461 }
1462 splx(s);
1463 break;
1464 case SIOCGPRLST_IN6:
1465 /*
1466 * obsolete API, use sysctl under net.inet6.icmp6
1467 *
1468 * XXX the structure in6_prlist was changed in backward-
1469 * incompatible manner. in6_oprlist is used for SIOCGPRLST_IN6,
1470 * in6_prlist is used for nd6_sysctl() - fill_prlist().
1471 */
1472 /*
1473 * XXX meaning of fields, especialy "raflags", is very
1474 * differnet between RA prefix list and RR/static prefix list.
1475 * how about separating ioctls into two?
1476 */
1477 memset(oprl, 0, sizeof(*oprl));
1478 s = splsoftnet();
1479 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) {
1480 struct nd_pfxrouter *pfr;
1481 int j;
1482
1483 if (i >= PRLSTSIZ)
1484 break;
1485 oprl->prefix[i].prefix = pr->ndpr_prefix.sin6_addr;
1486 oprl->prefix[i].raflags = pr->ndpr_raf;
1487 oprl->prefix[i].prefixlen = pr->ndpr_plen;
1488 oprl->prefix[i].vltime = pr->ndpr_vltime;
1489 oprl->prefix[i].pltime = pr->ndpr_pltime;
1490 oprl->prefix[i].if_index = pr->ndpr_ifp->if_index;
1491 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME)
1492 oprl->prefix[i].expire = 0;
1493 else {
1494 time_t maxexpire;
1495
1496 /* XXX: we assume time_t is signed. */
1497 maxexpire = (-1) &
1498 ~((time_t)1 <<
1499 ((sizeof(maxexpire) * 8) - 1));
1500 if (pr->ndpr_vltime <
1501 maxexpire - pr->ndpr_lastupdate) {
1502 oprl->prefix[i].expire =
1503 pr->ndpr_lastupdate +
1504 pr->ndpr_vltime;
1505 } else
1506 oprl->prefix[i].expire = maxexpire;
1507 }
1508
1509 j = 0;
1510 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) {
1511 if (j < DRLSTSIZ) {
1512 #define RTRADDR oprl->prefix[i].advrtr[j]
1513 RTRADDR = pfr->router->rtaddr;
1514 in6_clearscope(&RTRADDR);
1515 #undef RTRADDR
1516 }
1517 j++;
1518 }
1519 oprl->prefix[i].advrtrs = j;
1520 oprl->prefix[i].origin = PR_ORIG_RA;
1521
1522 i++;
1523 }
1524 splx(s);
1525
1526 break;
1527 case OSIOCGIFINFO_IN6:
1528 #define ND ndi->ndi
1529 /* XXX: old ndp(8) assumes a positive value for linkmtu. */
1530 memset(&ND, 0, sizeof(ND));
1531 ND.linkmtu = IN6_LINKMTU(ifp);
1532 ND.maxmtu = ND_IFINFO(ifp)->maxmtu;
1533 ND.basereachable = ND_IFINFO(ifp)->basereachable;
1534 ND.reachable = ND_IFINFO(ifp)->reachable;
1535 ND.retrans = ND_IFINFO(ifp)->retrans;
1536 ND.flags = ND_IFINFO(ifp)->flags;
1537 ND.recalctm = ND_IFINFO(ifp)->recalctm;
1538 ND.chlim = ND_IFINFO(ifp)->chlim;
1539 break;
1540 case SIOCGIFINFO_IN6:
1541 ND = *ND_IFINFO(ifp);
1542 break;
1543 case SIOCSIFINFO_IN6:
1544 /*
1545 * used to change host variables from userland.
1546 * intented for a use on router to reflect RA configurations.
1547 */
1548 /* 0 means 'unspecified' */
1549 if (ND.linkmtu != 0) {
1550 if (ND.linkmtu < IPV6_MMTU ||
1551 ND.linkmtu > IN6_LINKMTU(ifp)) {
1552 error = EINVAL;
1553 break;
1554 }
1555 ND_IFINFO(ifp)->linkmtu = ND.linkmtu;
1556 }
1557
1558 if (ND.basereachable != 0) {
1559 int obasereachable = ND_IFINFO(ifp)->basereachable;
1560
1561 ND_IFINFO(ifp)->basereachable = ND.basereachable;
1562 if (ND.basereachable != obasereachable)
1563 ND_IFINFO(ifp)->reachable =
1564 ND_COMPUTE_RTIME(ND.basereachable);
1565 }
1566 if (ND.retrans != 0)
1567 ND_IFINFO(ifp)->retrans = ND.retrans;
1568 if (ND.chlim != 0)
1569 ND_IFINFO(ifp)->chlim = ND.chlim;
1570 /* FALLTHROUGH */
1571 case SIOCSIFINFO_FLAGS:
1572 ND_IFINFO(ifp)->flags = ND.flags;
1573 break;
1574 #undef ND
1575 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */
1576 /* sync kernel routing table with the default router list */
1577 defrouter_reset();
1578 defrouter_select();
1579 break;
1580 case SIOCSPFXFLUSH_IN6:
1581 {
1582 /* flush all the prefix advertised by routers */
1583 struct nd_prefix *pfx, *next;
1584
1585 s = splsoftnet();
1586 for (pfx = LIST_FIRST(&nd_prefix); pfx; pfx = next) {
1587 struct in6_ifaddr *ia, *ia_next;
1588
1589 next = LIST_NEXT(pfx, ndpr_entry);
1590
1591 if (IN6_IS_ADDR_LINKLOCAL(&pfx->ndpr_prefix.sin6_addr))
1592 continue; /* XXX */
1593
1594 /* do we really have to remove addresses as well? */
1595 for (ia = in6_ifaddr; ia; ia = ia_next) {
1596 /* ia might be removed. keep the next ptr. */
1597 ia_next = ia->ia_next;
1598
1599 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0)
1600 continue;
1601
1602 if (ia->ia6_ndpr == pfx)
1603 in6_purgeaddr(&ia->ia_ifa);
1604 }
1605 prelist_remove(pfx);
1606 }
1607 splx(s);
1608 break;
1609 }
1610 case SIOCSRTRFLUSH_IN6:
1611 {
1612 /* flush all the default routers */
1613 struct nd_defrouter *drtr, *next;
1614
1615 s = splsoftnet();
1616 defrouter_reset();
1617 for (drtr = TAILQ_FIRST(&nd_defrouter); drtr; drtr = next) {
1618 next = TAILQ_NEXT(drtr, dr_entry);
1619 defrtrlist_del(drtr);
1620 }
1621 defrouter_select();
1622 splx(s);
1623 break;
1624 }
1625 case SIOCGNBRINFO_IN6:
1626 {
1627 struct llinfo_nd6 *ln;
1628 struct in6_addr nb_addr = nbi->addr; /* make local for safety */
1629
1630 if ((error = in6_setscope(&nb_addr, ifp, NULL)) != 0)
1631 return error;
1632
1633 s = splsoftnet();
1634 if ((rt = nd6_lookup(&nb_addr, 0, ifp)) == NULL ||
1635 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) {
1636 error = EINVAL;
1637 splx(s);
1638 break;
1639 }
1640 nbi->state = ln->ln_state;
1641 nbi->asked = ln->ln_asked;
1642 nbi->isrouter = ln->ln_router;
1643 nbi->expire = ln->ln_expire;
1644 splx(s);
1645
1646 break;
1647 }
1648 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */
1649 ndif->ifindex = nd6_defifindex;
1650 break;
1651 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */
1652 return nd6_setdefaultiface(ndif->ifindex);
1653 }
1654 return error;
1655 }
1656
1657 void
1658 nd6_llinfo_release_pkts(struct llinfo_nd6 *ln, struct ifnet *ifp,
1659 struct rtentry *rt)
1660 {
1661 struct mbuf *m_hold, *m_hold_next;
1662
1663 for (m_hold = ln->ln_hold, ln->ln_hold = NULL;
1664 m_hold != NULL;
1665 m_hold = m_hold_next) {
1666 m_hold_next = m_hold->m_nextpkt;
1667 m_hold->m_nextpkt = NULL;
1668
1669 /*
1670 * we assume ifp is not a p2p here, so
1671 * just set the 2nd argument as the
1672 * 1st one.
1673 */
1674 nd6_output(ifp, ifp, m_hold, satocsin6(rt_getkey(rt)), rt);
1675 }
1676 }
1677
1678 /*
1679 * Create neighbor cache entry and cache link-layer address,
1680 * on reception of inbound ND6 packets. (RS/RA/NS/redirect)
1681 */
1682 struct rtentry *
1683 nd6_cache_lladdr(
1684 struct ifnet *ifp,
1685 struct in6_addr *from,
1686 char *lladdr,
1687 int lladdrlen,
1688 int type, /* ICMP6 type */
1689 int code /* type dependent information */
1690 )
1691 {
1692 struct nd_ifinfo *ndi = ND_IFINFO(ifp);
1693 struct rtentry *rt = NULL;
1694 struct llinfo_nd6 *ln = NULL;
1695 int is_newentry;
1696 struct sockaddr_dl *sdl = NULL;
1697 int do_update;
1698 int olladdr;
1699 int llchange;
1700 int newstate = 0;
1701
1702 if (ifp == NULL)
1703 panic("ifp == NULL in nd6_cache_lladdr");
1704 if (from == NULL)
1705 panic("from == NULL in nd6_cache_lladdr");
1706
1707 /* nothing must be updated for unspecified address */
1708 if (IN6_IS_ADDR_UNSPECIFIED(from))
1709 return NULL;
1710
1711 /*
1712 * Validation about ifp->if_addrlen and lladdrlen must be done in
1713 * the caller.
1714 *
1715 * XXX If the link does not have link-layer adderss, what should
1716 * we do? (ifp->if_addrlen == 0)
1717 * Spec says nothing in sections for RA, RS and NA. There's small
1718 * description on it in NS section (RFC 2461 7.2.3).
1719 */
1720
1721 rt = nd6_lookup(from, 0, ifp);
1722 if (rt == NULL) {
1723 #if 0
1724 /* nothing must be done if there's no lladdr */
1725 if (!lladdr || !lladdrlen)
1726 return NULL;
1727 #endif
1728
1729 rt = nd6_lookup(from, 1, ifp);
1730 is_newentry = 1;
1731 } else {
1732 /* do nothing if static ndp is set */
1733 if (rt->rt_flags & RTF_STATIC)
1734 return NULL;
1735 is_newentry = 0;
1736 }
1737
1738 if (rt == NULL)
1739 return NULL;
1740 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) {
1741 fail:
1742 (void)nd6_free(rt, 0);
1743 return NULL;
1744 }
1745 ln = (struct llinfo_nd6 *)rt->rt_llinfo;
1746 if (ln == NULL)
1747 goto fail;
1748 if (rt->rt_gateway == NULL)
1749 goto fail;
1750 if (rt->rt_gateway->sa_family != AF_LINK)
1751 goto fail;
1752 sdl = satosdl(rt->rt_gateway);
1753
1754 olladdr = (sdl->sdl_alen) ? 1 : 0;
1755 if (olladdr && lladdr) {
1756 if (memcmp(lladdr, CLLADDR(sdl), ifp->if_addrlen))
1757 llchange = 1;
1758 else
1759 llchange = 0;
1760 } else
1761 llchange = 0;
1762
1763 /*
1764 * newentry olladdr lladdr llchange (*=record)
1765 * 0 n n -- (1)
1766 * 0 y n -- (2)
1767 * 0 n y -- (3) * STALE
1768 * 0 y y n (4) *
1769 * 0 y y y (5) * STALE
1770 * 1 -- n -- (6) NOSTATE(= PASSIVE)
1771 * 1 -- y -- (7) * STALE
1772 */
1773
1774 if (lladdr) { /* (3-5) and (7) */
1775 /*
1776 * Record source link-layer address
1777 * XXX is it dependent to ifp->if_type?
1778 */
1779 /* XXX check for error */
1780 (void)sockaddr_dl_setaddr(sdl, sdl->sdl_len, lladdr,
1781 ifp->if_addrlen);
1782 }
1783
1784 if (!is_newentry) {
1785 if ((!olladdr && lladdr) || /* (3) */
1786 (olladdr && lladdr && llchange)) { /* (5) */
1787 do_update = 1;
1788 newstate = ND6_LLINFO_STALE;
1789 } else /* (1-2,4) */
1790 do_update = 0;
1791 } else {
1792 do_update = 1;
1793 if (lladdr == NULL) /* (6) */
1794 newstate = ND6_LLINFO_NOSTATE;
1795 else /* (7) */
1796 newstate = ND6_LLINFO_STALE;
1797 }
1798
1799 if (do_update) {
1800 /*
1801 * Update the state of the neighbor cache.
1802 */
1803 ln->ln_state = newstate;
1804
1805 if (ln->ln_state == ND6_LLINFO_STALE) {
1806 /*
1807 * XXX: since nd6_output() below will cause
1808 * state tansition to DELAY and reset the timer,
1809 * we must set the timer now, although it is actually
1810 * meaningless.
1811 */
1812 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
1813
1814 nd6_llinfo_release_pkts(ln, ifp, rt);
1815 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
1816 /* probe right away */
1817 nd6_llinfo_settimer((void *)ln, 0);
1818 }
1819 }
1820
1821 /*
1822 * ICMP6 type dependent behavior.
1823 *
1824 * NS: clear IsRouter if new entry
1825 * RS: clear IsRouter
1826 * RA: set IsRouter if there's lladdr
1827 * redir: clear IsRouter if new entry
1828 *
1829 * RA case, (1):
1830 * The spec says that we must set IsRouter in the following cases:
1831 * - If lladdr exist, set IsRouter. This means (1-5).
1832 * - If it is old entry (!newentry), set IsRouter. This means (7).
1833 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter.
1834 * A quetion arises for (1) case. (1) case has no lladdr in the
1835 * neighbor cache, this is similar to (6).
1836 * This case is rare but we figured that we MUST NOT set IsRouter.
1837 *
1838 * newentry olladdr lladdr llchange NS RS RA redir
1839 * D R
1840 * 0 n n -- (1) c ? s
1841 * 0 y n -- (2) c s s
1842 * 0 n y -- (3) c s s
1843 * 0 y y n (4) c s s
1844 * 0 y y y (5) c s s
1845 * 1 -- n -- (6) c c c s
1846 * 1 -- y -- (7) c c s c s
1847 *
1848 * (c=clear s=set)
1849 */
1850 switch (type & 0xff) {
1851 case ND_NEIGHBOR_SOLICIT:
1852 /*
1853 * New entry must have is_router flag cleared.
1854 */
1855 if (is_newentry) /* (6-7) */
1856 ln->ln_router = 0;
1857 break;
1858 case ND_REDIRECT:
1859 /*
1860 * If the icmp is a redirect to a better router, always set the
1861 * is_router flag. Otherwise, if the entry is newly created,
1862 * clear the flag. [RFC 2461, sec 8.3]
1863 */
1864 if (code == ND_REDIRECT_ROUTER)
1865 ln->ln_router = 1;
1866 else if (is_newentry) /* (6-7) */
1867 ln->ln_router = 0;
1868 break;
1869 case ND_ROUTER_SOLICIT:
1870 /*
1871 * is_router flag must always be cleared.
1872 */
1873 ln->ln_router = 0;
1874 break;
1875 case ND_ROUTER_ADVERT:
1876 /*
1877 * Mark an entry with lladdr as a router.
1878 */
1879 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */
1880 (is_newentry && lladdr)) { /* (7) */
1881 ln->ln_router = 1;
1882 }
1883 break;
1884 }
1885
1886 /*
1887 * When the link-layer address of a router changes, select the
1888 * best router again. In particular, when the neighbor entry is newly
1889 * created, it might affect the selection policy.
1890 * Question: can we restrict the first condition to the "is_newentry"
1891 * case?
1892 * XXX: when we hear an RA from a new router with the link-layer
1893 * address option, defrouter_select() is called twice, since
1894 * defrtrlist_update called the function as well. However, I believe
1895 * we can compromise the overhead, since it only happens the first
1896 * time.
1897 * XXX: although defrouter_select() should not have a bad effect
1898 * for those are not autoconfigured hosts, we explicitly avoid such
1899 * cases for safety.
1900 */
1901 if (do_update && ln->ln_router && !ip6_forwarding &&
1902 nd6_accepts_rtadv(ndi))
1903 defrouter_select();
1904
1905 return rt;
1906 }
1907
1908 static void
1909 nd6_slowtimo(void *ignored_arg)
1910 {
1911 struct nd_ifinfo *nd6if;
1912 struct ifnet *ifp;
1913
1914 mutex_enter(softnet_lock);
1915 KERNEL_LOCK(1, NULL);
1916 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz,
1917 nd6_slowtimo, NULL);
1918 TAILQ_FOREACH(ifp, &ifnet, if_list) {
1919 nd6if = ND_IFINFO(ifp);
1920 if (nd6if->basereachable && /* already initialized */
1921 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) {
1922 /*
1923 * Since reachable time rarely changes by router
1924 * advertisements, we SHOULD insure that a new random
1925 * value gets recomputed at least once every few hours.
1926 * (RFC 2461, 6.3.4)
1927 */
1928 nd6if->recalctm = nd6_recalc_reachtm_interval;
1929 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable);
1930 }
1931 }
1932 KERNEL_UNLOCK_ONE(NULL);
1933 mutex_exit(softnet_lock);
1934 }
1935
1936 #define senderr(e) { error = (e); goto bad;}
1937 int
1938 nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0,
1939 const struct sockaddr_in6 *dst, struct rtentry *rt0)
1940 {
1941 struct mbuf *m = m0;
1942 struct rtentry *rt = rt0;
1943 struct sockaddr_in6 *gw6 = NULL;
1944 struct llinfo_nd6 *ln = NULL;
1945 int error = 0;
1946
1947 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr))
1948 goto sendpkt;
1949
1950 if (nd6_need_cache(ifp) == 0)
1951 goto sendpkt;
1952
1953 /*
1954 * next hop determination. This routine is derived from ether_output.
1955 */
1956 if (rt) {
1957 if ((rt->rt_flags & RTF_UP) == 0) {
1958 if ((rt0 = rt = rtalloc1(sin6tocsa(dst), 1)) != NULL) {
1959 rt->rt_refcnt--;
1960 if (rt->rt_ifp != ifp)
1961 senderr(EHOSTUNREACH);
1962 } else
1963 senderr(EHOSTUNREACH);
1964 }
1965
1966 if (rt->rt_flags & RTF_GATEWAY) {
1967 gw6 = (struct sockaddr_in6 *)rt->rt_gateway;
1968
1969 /*
1970 * We skip link-layer address resolution and NUD
1971 * if the gateway is not a neighbor from ND point
1972 * of view, regardless of the value of nd_ifinfo.flags.
1973 * The second condition is a bit tricky; we skip
1974 * if the gateway is our own address, which is
1975 * sometimes used to install a route to a p2p link.
1976 */
1977 if (!nd6_is_addr_neighbor(gw6, ifp) ||
1978 in6ifa_ifpwithaddr(ifp, &gw6->sin6_addr)) {
1979 /*
1980 * We allow this kind of tricky route only
1981 * when the outgoing interface is p2p.
1982 * XXX: we may need a more generic rule here.
1983 */
1984 if ((ifp->if_flags & IFF_POINTOPOINT) == 0)
1985 senderr(EHOSTUNREACH);
1986
1987 goto sendpkt;
1988 }
1989
1990 if (rt->rt_gwroute == NULL)
1991 goto lookup;
1992 if (((rt = rt->rt_gwroute)->rt_flags & RTF_UP) == 0) {
1993 rtfree(rt); rt = rt0;
1994 lookup:
1995 rt->rt_gwroute = rtalloc1(rt->rt_gateway, 1);
1996 if ((rt = rt->rt_gwroute) == NULL)
1997 senderr(EHOSTUNREACH);
1998 /* the "G" test below also prevents rt == rt0 */
1999 if ((rt->rt_flags & RTF_GATEWAY) ||
2000 (rt->rt_ifp != ifp)) {
2001 rt->rt_refcnt--;
2002 rt0->rt_gwroute = NULL;
2003 senderr(EHOSTUNREACH);
2004 }
2005 }
2006 }
2007 }
2008
2009 /*
2010 * Address resolution or Neighbor Unreachability Detection
2011 * for the next hop.
2012 * At this point, the destination of the packet must be a unicast
2013 * or an anycast address(i.e. not a multicast).
2014 */
2015
2016 /* Look up the neighbor cache for the nexthop */
2017 if (rt != NULL && (rt->rt_flags & RTF_LLINFO) != 0)
2018 ln = (struct llinfo_nd6 *)rt->rt_llinfo;
2019 else {
2020 /*
2021 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(),
2022 * the condition below is not very efficient. But we believe
2023 * it is tolerable, because this should be a rare case.
2024 */
2025 if (nd6_is_addr_neighbor(dst, ifp) &&
2026 (rt = nd6_lookup(&dst->sin6_addr, 1, ifp)) != NULL)
2027 ln = (struct llinfo_nd6 *)rt->rt_llinfo;
2028 }
2029 if (ln == NULL || rt == NULL) {
2030 if ((ifp->if_flags & IFF_POINTOPOINT) == 0 &&
2031 !(ND_IFINFO(ifp)->flags & ND6_IFF_PERFORMNUD)) {
2032 log(LOG_DEBUG,
2033 "nd6_output: can't allocate llinfo for %s "
2034 "(ln=%p, rt=%p)\n",
2035 ip6_sprintf(&dst->sin6_addr), ln, rt);
2036 senderr(EIO); /* XXX: good error? */
2037 }
2038
2039 goto sendpkt; /* send anyway */
2040 }
2041
2042 /* We don't have to do link-layer address resolution on a p2p link. */
2043 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 &&
2044 ln->ln_state < ND6_LLINFO_REACHABLE) {
2045 ln->ln_state = ND6_LLINFO_STALE;
2046 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
2047 }
2048
2049 /*
2050 * The first time we send a packet to a neighbor whose entry is
2051 * STALE, we have to change the state to DELAY and a sets a timer to
2052 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do
2053 * neighbor unreachability detection on expiration.
2054 * (RFC 2461 7.3.3)
2055 */
2056 if (ln->ln_state == ND6_LLINFO_STALE) {
2057 ln->ln_asked = 0;
2058 ln->ln_state = ND6_LLINFO_DELAY;
2059 nd6_llinfo_settimer(ln, (long)nd6_delay * hz);
2060 }
2061
2062 /*
2063 * If the neighbor cache entry has a state other than INCOMPLETE
2064 * (i.e. its link-layer address is already resolved), just
2065 * send the packet.
2066 */
2067 if (ln->ln_state > ND6_LLINFO_INCOMPLETE)
2068 goto sendpkt;
2069
2070 /*
2071 * There is a neighbor cache entry, but no ethernet address
2072 * response yet. Append this latest packet to the end of the
2073 * packet queue in the mbuf, unless the number of the packet
2074 * does not exceed nd6_maxqueuelen. When it exceeds nd6_maxqueuelen,
2075 * the oldest packet in the queue will be removed.
2076 */
2077 if (ln->ln_state == ND6_LLINFO_NOSTATE)
2078 ln->ln_state = ND6_LLINFO_INCOMPLETE;
2079 if (ln->ln_hold) {
2080 struct mbuf *m_hold;
2081 int i;
2082
2083 i = 0;
2084 for (m_hold = ln->ln_hold; m_hold; m_hold = m_hold->m_nextpkt) {
2085 i++;
2086 if (m_hold->m_nextpkt == NULL) {
2087 m_hold->m_nextpkt = m;
2088 break;
2089 }
2090 }
2091 while (i >= nd6_maxqueuelen) {
2092 m_hold = ln->ln_hold;
2093 ln->ln_hold = ln->ln_hold->m_nextpkt;
2094 m_freem(m_hold);
2095 i--;
2096 }
2097 } else {
2098 ln->ln_hold = m;
2099 }
2100
2101 /*
2102 * If there has been no NS for the neighbor after entering the
2103 * INCOMPLETE state, send the first solicitation.
2104 */
2105 if (!ND6_LLINFO_PERMANENT(ln) && ln->ln_asked == 0) {
2106 ln->ln_asked++;
2107 nd6_llinfo_settimer(ln,
2108 (long)ND_IFINFO(ifp)->retrans * hz / 1000);
2109 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0);
2110 }
2111 return 0;
2112
2113 sendpkt:
2114 /* discard the packet if IPv6 operation is disabled on the interface */
2115 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) {
2116 error = ENETDOWN; /* better error? */
2117 goto bad;
2118 }
2119
2120 #ifdef IPSEC
2121 /* clean ipsec history once it goes out of the node */
2122 ipsec_delaux(m);
2123 #endif
2124 if ((ifp->if_flags & IFF_LOOPBACK) != 0)
2125 return (*ifp->if_output)(origifp, m, sin6tocsa(dst), rt);
2126 return (*ifp->if_output)(ifp, m, sin6tocsa(dst), rt);
2127
2128 bad:
2129 if (m != NULL)
2130 m_freem(m);
2131 return error;
2132 }
2133 #undef senderr
2134
2135 int
2136 nd6_need_cache(struct ifnet *ifp)
2137 {
2138 /*
2139 * XXX: we currently do not make neighbor cache on any interface
2140 * other than ARCnet, Ethernet, FDDI and GIF.
2141 *
2142 * RFC2893 says:
2143 * - unidirectional tunnels needs no ND
2144 */
2145 switch (ifp->if_type) {
2146 case IFT_ARCNET:
2147 case IFT_ETHER:
2148 case IFT_FDDI:
2149 case IFT_IEEE1394:
2150 case IFT_CARP:
2151 case IFT_GIF: /* XXX need more cases? */
2152 case IFT_PPP:
2153 case IFT_TUNNEL:
2154 return 1;
2155 default:
2156 return 0;
2157 }
2158 }
2159
2160 int
2161 nd6_storelladdr(const struct ifnet *ifp, const struct rtentry *rt,
2162 struct mbuf *m, const struct sockaddr *dst, uint8_t *lldst,
2163 size_t dstsize)
2164 {
2165 const struct sockaddr_dl *sdl;
2166
2167 if (m->m_flags & M_MCAST) {
2168 switch (ifp->if_type) {
2169 case IFT_ETHER:
2170 case IFT_FDDI:
2171 ETHER_MAP_IPV6_MULTICAST(&satocsin6(dst)->sin6_addr,
2172 lldst);
2173 return 1;
2174 case IFT_IEEE1394:
2175 memcpy(lldst, ifp->if_broadcastaddr,
2176 MIN(dstsize, ifp->if_addrlen));
2177 return 1;
2178 case IFT_ARCNET:
2179 *lldst = 0;
2180 return 1;
2181 default:
2182 m_freem(m);
2183 return 0;
2184 }
2185 }
2186
2187 if (rt == NULL) {
2188 /* this could happen, if we could not allocate memory */
2189 m_freem(m);
2190 return 0;
2191 }
2192 if (rt->rt_gateway->sa_family != AF_LINK) {
2193 printf("%s: something odd happens\n", __func__);
2194 m_freem(m);
2195 return 0;
2196 }
2197 sdl = satocsdl(rt->rt_gateway);
2198 if (sdl->sdl_alen == 0 || sdl->sdl_alen > dstsize) {
2199 /* this should be impossible, but we bark here for debugging */
2200 printf("%s: sdl_alen == 0, dst=%s, if=%s\n", __func__,
2201 ip6_sprintf(&satocsin6(dst)->sin6_addr), if_name(ifp));
2202 m_freem(m);
2203 return 0;
2204 }
2205
2206 memcpy(lldst, CLLADDR(sdl), MIN(dstsize, sdl->sdl_alen));
2207 return 1;
2208 }
2209
2210 static void
2211 clear_llinfo_pqueue(struct llinfo_nd6 *ln)
2212 {
2213 struct mbuf *m_hold, *m_hold_next;
2214
2215 for (m_hold = ln->ln_hold; m_hold; m_hold = m_hold_next) {
2216 m_hold_next = m_hold->m_nextpkt;
2217 m_hold->m_nextpkt = NULL;
2218 m_freem(m_hold);
2219 }
2220
2221 ln->ln_hold = NULL;
2222 return;
2223 }
2224
2225 int
2226 nd6_sysctl(
2227 int name,
2228 void *oldp, /* syscall arg, need copyout */
2229 size_t *oldlenp,
2230 void *newp, /* syscall arg, need copyin */
2231 size_t newlen
2232 )
2233 {
2234 void *p;
2235 size_t ol;
2236 int error;
2237
2238 error = 0;
2239
2240 if (newp)
2241 return EPERM;
2242 if (oldp && !oldlenp)
2243 return EINVAL;
2244 ol = oldlenp ? *oldlenp : 0;
2245
2246 if (oldp) {
2247 p = malloc(*oldlenp, M_TEMP, M_WAITOK);
2248 if (p == NULL)
2249 return ENOMEM;
2250 } else
2251 p = NULL;
2252 switch (name) {
2253 case ICMPV6CTL_ND6_DRLIST:
2254 error = fill_drlist(p, oldlenp, ol);
2255 if (!error && p != NULL && oldp != NULL)
2256 error = copyout(p, oldp, *oldlenp);
2257 break;
2258
2259 case ICMPV6CTL_ND6_PRLIST:
2260 error = fill_prlist(p, oldlenp, ol);
2261 if (!error && p != NULL && oldp != NULL)
2262 error = copyout(p, oldp, *oldlenp);
2263 break;
2264
2265 case ICMPV6CTL_ND6_MAXQLEN:
2266 break;
2267
2268 default:
2269 error = ENOPROTOOPT;
2270 break;
2271 }
2272 if (p)
2273 free(p, M_TEMP);
2274
2275 return error;
2276 }
2277
2278 static int
2279 fill_drlist(void *oldp, size_t *oldlenp, size_t ol)
2280 {
2281 int error = 0, s;
2282 struct in6_defrouter *d = NULL, *de = NULL;
2283 struct nd_defrouter *dr;
2284 size_t l;
2285
2286 s = splsoftnet();
2287
2288 if (oldp) {
2289 d = (struct in6_defrouter *)oldp;
2290 de = (struct in6_defrouter *)((char *)oldp + *oldlenp);
2291 }
2292 l = 0;
2293
2294 TAILQ_FOREACH(dr, &nd_defrouter, dr_entry) {
2295
2296 if (oldp && d + 1 <= de) {
2297 memset(d, 0, sizeof(*d));
2298 sockaddr_in6_init(&d->rtaddr, &dr->rtaddr, 0, 0, 0);
2299 if (sa6_recoverscope(&d->rtaddr)) {
2300 log(LOG_ERR,
2301 "scope error in router list (%s)\n",
2302 ip6_sprintf(&d->rtaddr.sin6_addr));
2303 /* XXX: press on... */
2304 }
2305 d->flags = dr->flags;
2306 d->rtlifetime = dr->rtlifetime;
2307 d->expire = dr->expire;
2308 d->if_index = dr->ifp->if_index;
2309 }
2310
2311 l += sizeof(*d);
2312 if (d)
2313 d++;
2314 }
2315
2316 if (oldp) {
2317 if (l > ol)
2318 error = ENOMEM;
2319 }
2320 if (oldlenp)
2321 *oldlenp = l; /* (void *)d - (void *)oldp */
2322
2323 splx(s);
2324
2325 return error;
2326 }
2327
2328 static int
2329 fill_prlist(void *oldp, size_t *oldlenp, size_t ol)
2330 {
2331 int error = 0, s;
2332 struct nd_prefix *pr;
2333 struct in6_prefix *p = NULL;
2334 struct in6_prefix *pe = NULL;
2335 size_t l;
2336
2337 s = splsoftnet();
2338
2339 if (oldp) {
2340 p = (struct in6_prefix *)oldp;
2341 pe = (struct in6_prefix *)((char *)oldp + *oldlenp);
2342 }
2343 l = 0;
2344
2345 LIST_FOREACH(pr, &nd_prefix, ndpr_entry) {
2346 u_short advrtrs;
2347 size_t advance;
2348 struct sockaddr_in6 *sin6;
2349 struct sockaddr_in6 *s6;
2350 struct nd_pfxrouter *pfr;
2351
2352 if (oldp && p + 1 <= pe)
2353 {
2354 memset(p, 0, sizeof(*p));
2355 sin6 = (struct sockaddr_in6 *)(p + 1);
2356
2357 p->prefix = pr->ndpr_prefix;
2358 if (sa6_recoverscope(&p->prefix)) {
2359 log(LOG_ERR,
2360 "scope error in prefix list (%s)\n",
2361 ip6_sprintf(&p->prefix.sin6_addr));
2362 /* XXX: press on... */
2363 }
2364 p->raflags = pr->ndpr_raf;
2365 p->prefixlen = pr->ndpr_plen;
2366 p->vltime = pr->ndpr_vltime;
2367 p->pltime = pr->ndpr_pltime;
2368 p->if_index = pr->ndpr_ifp->if_index;
2369 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME)
2370 p->expire = 0;
2371 else {
2372 time_t maxexpire;
2373
2374 /* XXX: we assume time_t is signed. */
2375 maxexpire = (-1) &
2376 ~((time_t)1 <<
2377 ((sizeof(maxexpire) * 8) - 1));
2378 if (pr->ndpr_vltime <
2379 maxexpire - pr->ndpr_lastupdate) {
2380 p->expire = pr->ndpr_lastupdate +
2381 pr->ndpr_vltime;
2382 } else
2383 p->expire = maxexpire;
2384 }
2385 p->refcnt = pr->ndpr_refcnt;
2386 p->flags = pr->ndpr_stateflags;
2387 p->origin = PR_ORIG_RA;
2388 advrtrs = 0;
2389 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) {
2390 if ((void *)&sin6[advrtrs + 1] > (void *)pe) {
2391 advrtrs++;
2392 continue;
2393 }
2394 s6 = &sin6[advrtrs];
2395 sockaddr_in6_init(s6, &pfr->router->rtaddr,
2396 0, 0, 0);
2397 if (sa6_recoverscope(s6)) {
2398 log(LOG_ERR,
2399 "scope error in "
2400 "prefix list (%s)\n",
2401 ip6_sprintf(&pfr->router->rtaddr));
2402 }
2403 advrtrs++;
2404 }
2405 p->advrtrs = advrtrs;
2406 }
2407 else {
2408 advrtrs = 0;
2409 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry)
2410 advrtrs++;
2411 }
2412
2413 advance = sizeof(*p) + sizeof(*sin6) * advrtrs;
2414 l += advance;
2415 if (p)
2416 p = (struct in6_prefix *)((char *)p + advance);
2417 }
2418
2419 if (oldp) {
2420 *oldlenp = l; /* (void *)d - (void *)oldp */
2421 if (l > ol)
2422 error = ENOMEM;
2423 } else
2424 *oldlenp = l;
2425
2426 splx(s);
2427
2428 return error;
2429 }
NetBSD on the FriendlyARM MINI2440