1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * $KAME: nd6_nbr.c,v 1.86 2002/01/21 02:33:04 jinmei Exp $ 32 */ 33 34 #include <sys/cdefs.h> 35 #include "opt_inet.h" 36 #include "opt_inet6.h" 37 #include "opt_ipsec.h" 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/counter.h> 42 #include <sys/eventhandler.h> 43 #include <sys/malloc.h> 44 #include <sys/libkern.h> 45 #include <sys/lock.h> 46 #include <sys/rwlock.h> 47 #include <sys/mbuf.h> 48 #include <sys/socket.h> 49 #include <sys/sockio.h> 50 #include <sys/time.h> 51 #include <sys/kernel.h> 52 #include <sys/errno.h> 53 #include <sys/sysctl.h> 54 #include <sys/syslog.h> 55 #include <sys/queue.h> 56 #include <sys/callout.h> 57 #include <sys/refcount.h> 58 59 #include <net/if.h> 60 #include <net/if_types.h> 61 #include <net/if_dl.h> 62 #include <net/if_var.h> 63 #include <net/if_private.h> 64 #include <net/route.h> 65 #include <net/vnet.h> 66 67 #include <netinet/in.h> 68 #include <netinet/in_var.h> 69 #include <net/if_llatbl.h> 70 #include <netinet6/in6_var.h> 71 #include <netinet6/in6_ifattach.h> 72 #include <netinet/ip6.h> 73 #include <netinet6/ip6_var.h> 74 #include <netinet6/scope6_var.h> 75 #include <netinet6/nd6.h> 76 #include <netinet/icmp6.h> 77 #include <netinet/ip_carp.h> 78 #include <netinet6/send.h> 79 80 #define SDL(s) ((struct sockaddr_dl *)s) 81 82 struct dadq; 83 static struct dadq *nd6_dad_find(struct ifaddr *, struct nd_opt_nonce *); 84 static void nd6_dad_add(struct dadq *dp); 85 static void nd6_dad_del(struct dadq *dp); 86 static void nd6_dad_rele(struct dadq *); 87 static void nd6_dad_starttimer(struct dadq *, int); 88 static void nd6_dad_stoptimer(struct dadq *); 89 static void nd6_dad_timer(void *); 90 static void nd6_dad_duplicated(struct ifaddr *, struct dadq *); 91 static void nd6_dad_ns_output(struct dadq *); 92 static void nd6_dad_ns_input(struct ifaddr *, struct nd_opt_nonce *); 93 static void nd6_dad_na_input(struct ifaddr *); 94 static void nd6_na_output_fib(struct ifnet *, const struct in6_addr *, 95 const struct in6_addr *, u_long, int, struct sockaddr *, u_int); 96 static void nd6_ns_output_fib(struct ifnet *, const struct in6_addr *, 97 const struct in6_addr *, const struct in6_addr *, uint8_t *, u_int); 98 99 static struct ifaddr *nd6_proxy_fill_sdl(struct ifnet *, 100 const struct in6_addr *, struct sockaddr_dl *); 101 102 VNET_DEFINE_STATIC(int, dad_enhanced) = 1; 103 #define V_dad_enhanced VNET(dad_enhanced) 104 105 SYSCTL_DECL(_net_inet6_ip6); 106 SYSCTL_INT(_net_inet6_ip6, OID_AUTO, dad_enhanced, CTLFLAG_VNET | CTLFLAG_RW, 107 &VNET_NAME(dad_enhanced), 0, 108 "Enable Enhanced DAD, which adds a random nonce to NS messages for DAD."); 109 110 VNET_DEFINE_STATIC(int, dad_maxtry) = 15; /* max # of *tries* to 111 transmit DAD packet */ 112 #define V_dad_maxtry VNET(dad_maxtry) 113 114 VNET_DEFINE_STATIC(int, nd6_onlink_ns_rfc4861) = 0; 115 #define V_nd6_onlink_ns_rfc4861 VNET(nd6_onlink_ns_rfc4861) 116 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861, 117 nd6_onlink_ns_rfc4861, CTLFLAG_VNET | CTLFLAG_RW, 118 &VNET_NAME(nd6_onlink_ns_rfc4861), 0, 119 "Accept 'on-link' ICMPv6 NS messages in compliance with RFC 4861"); 120 121 /* 122 * Input a Neighbor Solicitation Message. 123 * 124 * Based on RFC 2461 125 * Based on RFC 2462 (duplicate address detection) 126 */ 127 void 128 nd6_ns_input(struct mbuf *m, int off, int icmp6len) 129 { 130 struct ifnet *ifp; 131 struct ip6_hdr *ip6; 132 struct nd_neighbor_solicit *nd_ns; 133 struct in6_addr daddr6, myaddr6, saddr6, taddr6; 134 struct ifaddr *ifa; 135 struct sockaddr_dl proxydl; 136 union nd_opts ndopts; 137 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; 138 char *lladdr; 139 int anycast, lladdrlen, proxy, rflag, tentative, tlladdr; 140 141 ifa = NULL; 142 143 /* RFC 6980: Nodes MUST silently ignore fragments */ 144 if(m->m_flags & M_FRAGMENTED) 145 goto freeit; 146 147 ifp = m->m_pkthdr.rcvif; 148 ip6 = mtod(m, struct ip6_hdr *); 149 if (__predict_false(ip6->ip6_hlim != 255)) { 150 ICMP6STAT_INC(icp6s_invlhlim); 151 nd6log((LOG_ERR, 152 "nd6_ns_input: invalid hlim (%d) from %s to %s on %s\n", 153 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src), 154 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp))); 155 goto bads; 156 } 157 158 if (m->m_len < off + icmp6len) { 159 m = m_pullup(m, off + icmp6len); 160 if (m == NULL) { 161 IP6STAT_INC(ip6s_exthdrtoolong); 162 return; 163 } 164 } 165 ip6 = mtod(m, struct ip6_hdr *); 166 nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off); 167 168 saddr6 = ip6->ip6_src; 169 daddr6 = ip6->ip6_dst; 170 taddr6 = nd_ns->nd_ns_target; 171 if (in6_setscope(&taddr6, ifp, NULL) != 0) 172 goto bad; 173 174 rflag = (V_ip6_forwarding) ? ND_NA_FLAG_ROUTER : 0; 175 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && V_ip6_norbit_raif) 176 rflag = 0; 177 178 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 179 /* dst has to be a solicited node multicast address. */ 180 if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL && 181 /* don't check ifindex portion */ 182 daddr6.s6_addr32[1] == 0 && 183 daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE && 184 daddr6.s6_addr8[12] == 0xff) { 185 ; /* good */ 186 } else { 187 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet " 188 "(wrong ip6 dst)\n")); 189 goto bad; 190 } 191 } else if (!V_nd6_onlink_ns_rfc4861) { 192 struct sockaddr_in6 src_sa6; 193 194 /* 195 * According to recent IETF discussions, it is not a good idea 196 * to accept a NS from an address which would not be deemed 197 * to be a neighbor otherwise. This point is expected to be 198 * clarified in future revisions of the specification. 199 */ 200 bzero(&src_sa6, sizeof(src_sa6)); 201 src_sa6.sin6_family = AF_INET6; 202 src_sa6.sin6_len = sizeof(src_sa6); 203 src_sa6.sin6_addr = saddr6; 204 if (nd6_is_addr_neighbor(&src_sa6, ifp) == 0) { 205 nd6log((LOG_INFO, "nd6_ns_input: " 206 "NS packet from non-neighbor\n")); 207 goto bad; 208 } 209 } 210 211 if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 212 nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n")); 213 goto bad; 214 } 215 216 icmp6len -= sizeof(*nd_ns); 217 nd6_option_init(nd_ns + 1, icmp6len, &ndopts); 218 if (nd6_options(&ndopts) < 0) { 219 nd6log((LOG_INFO, 220 "nd6_ns_input: invalid ND option, ignored\n")); 221 /* nd6_options have incremented stats */ 222 goto freeit; 223 } 224 225 lladdr = NULL; 226 lladdrlen = 0; 227 if (ndopts.nd_opts_src_lladdr) { 228 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1); 229 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 230 } 231 232 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) { 233 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet " 234 "(link-layer address option)\n")); 235 goto bad; 236 } 237 238 /* 239 * Attaching target link-layer address to the NA? 240 * (RFC 2461 7.2.4) 241 * 242 * NS IP dst is unicast/anycast MUST NOT add 243 * NS IP dst is solicited-node multicast MUST add 244 * 245 * In implementation, we add target link-layer address by default. 246 * We do not add one in MUST NOT cases. 247 */ 248 if (!IN6_IS_ADDR_MULTICAST(&daddr6)) 249 tlladdr = 0; 250 else 251 tlladdr = 1; 252 253 /* 254 * Target address (taddr6) must be either: 255 * (1) Valid unicast/anycast address for my receiving interface, 256 * (2) Unicast address for which I'm offering proxy service, or 257 * (3) "tentative" address on which DAD is being performed. 258 */ 259 /* (1) and (3) check. */ 260 if (ifp->if_carp) 261 ifa = (*carp_iamatch6_p)(ifp, &taddr6); 262 else 263 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 264 265 /* (2) check. */ 266 proxy = 0; 267 if (ifa == NULL) { 268 if ((ifa = nd6_proxy_fill_sdl(ifp, &taddr6, &proxydl)) != NULL) 269 proxy = 1; 270 } 271 if (ifa == NULL) { 272 /* 273 * We've got an NS packet, and we don't have that address 274 * assigned for us. We MUST silently ignore it. 275 * See RFC2461 7.2.3. 276 */ 277 goto freeit; 278 } 279 myaddr6 = *IFA_IN6(ifa); 280 anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST; 281 tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE; 282 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED) 283 goto freeit; 284 285 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 286 nd6log((LOG_INFO, "nd6_ns_input: lladdrlen mismatch for %s " 287 "(if %d, NS packet %d)\n", 288 ip6_sprintf(ip6bufs, &taddr6), 289 ifp->if_addrlen, lladdrlen - 2)); 290 goto bad; 291 } 292 293 if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) { 294 nd6log((LOG_INFO, "nd6_ns_input: duplicate IP6 address %s\n", 295 ip6_sprintf(ip6bufs, &saddr6))); 296 goto freeit; 297 } 298 299 /* 300 * We have neighbor solicitation packet, with target address equals to 301 * one of my tentative address. 302 * 303 * src addr how to process? 304 * --- --- 305 * multicast of course, invalid (rejected in ip6_input) 306 * unicast somebody is doing address resolution -> ignore 307 * unspec dup address detection 308 * 309 * The processing is defined in RFC 2462. 310 */ 311 if (tentative) { 312 /* 313 * If source address is unspecified address, it is for 314 * duplicate address detection. 315 * 316 * If not, the packet is for addess resolution; 317 * silently ignore it. 318 */ 319 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) 320 nd6_dad_ns_input(ifa, ndopts.nd_opts_nonce); 321 322 goto freeit; 323 } 324 325 /* 326 * If the source address is unspecified address, entries must not 327 * be created or updated. 328 * It looks that sender is performing DAD. Output NA toward 329 * all-node multicast address, to tell the sender that I'm using 330 * the address. 331 * S bit ("solicited") must be zero. 332 */ 333 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 334 struct in6_addr in6_all; 335 336 in6_all = in6addr_linklocal_allnodes; 337 if (in6_setscope(&in6_all, ifp, NULL) != 0) 338 goto bad; 339 nd6_na_output_fib(ifp, &in6_all, &taddr6, 340 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) | 341 rflag, tlladdr, proxy ? (struct sockaddr *)&proxydl : NULL, 342 M_GETFIB(m)); 343 goto freeit; 344 } 345 346 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, 347 ND_NEIGHBOR_SOLICIT, 0); 348 349 nd6_na_output_fib(ifp, &saddr6, &taddr6, 350 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) | 351 rflag | ND_NA_FLAG_SOLICITED, tlladdr, 352 proxy ? (struct sockaddr *)&proxydl : NULL, M_GETFIB(m)); 353 freeit: 354 if (ifa != NULL) 355 ifa_free(ifa); 356 m_freem(m); 357 return; 358 359 bad: 360 nd6log((LOG_ERR, "nd6_ns_input: src=%s\n", 361 ip6_sprintf(ip6bufs, &saddr6))); 362 nd6log((LOG_ERR, "nd6_ns_input: dst=%s\n", 363 ip6_sprintf(ip6bufs, &daddr6))); 364 nd6log((LOG_ERR, "nd6_ns_input: tgt=%s\n", 365 ip6_sprintf(ip6bufs, &taddr6))); 366 bads: 367 ICMP6STAT_INC(icp6s_badns); 368 if (ifa != NULL) 369 ifa_free(ifa); 370 m_freem(m); 371 } 372 373 static struct ifaddr * 374 nd6_proxy_fill_sdl(struct ifnet *ifp, const struct in6_addr *taddr6, 375 struct sockaddr_dl *sdl) 376 { 377 struct ifaddr *ifa; 378 struct llentry *ln; 379 380 ifa = NULL; 381 ln = nd6_lookup(taddr6, LLE_SF(AF_INET6, 0), ifp); 382 if (ln == NULL) 383 return (ifa); 384 if ((ln->la_flags & (LLE_PUB | LLE_VALID)) == (LLE_PUB | LLE_VALID)) { 385 link_init_sdl(ifp, (struct sockaddr *)sdl, ifp->if_type); 386 sdl->sdl_alen = ifp->if_addrlen; 387 bcopy(ln->ll_addr, &sdl->sdl_data, ifp->if_addrlen); 388 LLE_RUNLOCK(ln); 389 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 390 IN6_IFF_NOTREADY|IN6_IFF_ANYCAST); 391 } else 392 LLE_RUNLOCK(ln); 393 394 return (ifa); 395 } 396 397 /* 398 * Output a Neighbor Solicitation Message. Caller specifies: 399 * - ICMP6 header source IP6 address 400 * - ND6 header target IP6 address 401 * - ND6 header source datalink address 402 * 403 * Based on RFC 2461 404 * Based on RFC 2462 (duplicate address detection) 405 * 406 * ln - for source address determination 407 * nonce - If non-NULL, NS is used for duplicate address detection and 408 * the value (length is ND_OPT_NONCE_LEN) is used as a random nonce. 409 */ 410 static void 411 nd6_ns_output_fib(struct ifnet *ifp, const struct in6_addr *saddr6, 412 const struct in6_addr *daddr6, const struct in6_addr *taddr6, 413 uint8_t *nonce, u_int fibnum) 414 { 415 struct mbuf *m; 416 struct m_tag *mtag; 417 struct ip6_hdr *ip6; 418 struct nd_neighbor_solicit *nd_ns; 419 struct ip6_moptions im6o; 420 int icmp6len; 421 int maxlen; 422 423 NET_EPOCH_ASSERT(); 424 425 if (IN6_IS_ADDR_MULTICAST(taddr6)) 426 return; 427 428 /* estimate the size of message */ 429 maxlen = sizeof(*ip6) + sizeof(*nd_ns); 430 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 431 KASSERT(max_linkhdr + maxlen <= MCLBYTES, ( 432 "%s: max_linkhdr + maxlen > MCLBYTES (%d + %d > %d)", 433 __func__, max_linkhdr, maxlen, MCLBYTES)); 434 435 if (max_linkhdr + maxlen > MHLEN) 436 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 437 else 438 m = m_gethdr(M_NOWAIT, MT_DATA); 439 if (m == NULL) 440 return; 441 M_SETFIB(m, fibnum); 442 443 if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) { 444 m->m_flags |= M_MCAST; 445 im6o.im6o_multicast_ifp = ifp; 446 im6o.im6o_multicast_hlim = 255; 447 im6o.im6o_multicast_loop = 0; 448 } 449 450 icmp6len = sizeof(*nd_ns); 451 m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len; 452 m->m_data += max_linkhdr; /* or M_ALIGN() equivalent? */ 453 454 /* fill neighbor solicitation packet */ 455 ip6 = mtod(m, struct ip6_hdr *); 456 ip6->ip6_flow = 0; 457 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 458 ip6->ip6_vfc |= IPV6_VERSION; 459 /* ip6->ip6_plen will be set later */ 460 ip6->ip6_nxt = IPPROTO_ICMPV6; 461 ip6->ip6_hlim = 255; 462 if (daddr6) 463 ip6->ip6_dst = *daddr6; 464 else { 465 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 466 ip6->ip6_dst.s6_addr16[1] = 0; 467 ip6->ip6_dst.s6_addr32[1] = 0; 468 ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE; 469 ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3]; 470 ip6->ip6_dst.s6_addr8[12] = 0xff; 471 if (in6_setscope(&ip6->ip6_dst, ifp, NULL) != 0) 472 goto bad; 473 } 474 if (nonce == NULL) { 475 char ip6buf[INET6_ADDRSTRLEN]; 476 struct ifaddr *ifa = NULL; 477 478 /* 479 * RFC2461 7.2.2: 480 * "If the source address of the packet prompting the 481 * solicitation is the same as one of the addresses assigned 482 * to the outgoing interface, that address SHOULD be placed 483 * in the IP Source Address of the outgoing solicitation. 484 * Otherwise, any one of the addresses assigned to the 485 * interface should be used." 486 * 487 * We use the source address for the prompting packet 488 * (saddr6), if saddr6 belongs to the outgoing interface. 489 * Otherwise, we perform the source address selection as usual. 490 */ 491 if (saddr6 != NULL) 492 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, saddr6); 493 if (ifa == NULL) { 494 int error; 495 struct in6_addr dst6, src6; 496 uint32_t scopeid; 497 498 in6_splitscope(&ip6->ip6_dst, &dst6, &scopeid); 499 error = in6_selectsrc_addr(fibnum, &dst6, 500 scopeid, ifp, &src6, NULL); 501 if (error) { 502 nd6log((LOG_DEBUG, "%s: source can't be " 503 "determined: dst=%s, error=%d\n", __func__, 504 ip6_sprintf(ip6buf, &dst6), 505 error)); 506 goto bad; 507 } 508 ip6->ip6_src = src6; 509 } else 510 ip6->ip6_src = *saddr6; 511 512 if (ifp->if_carp != NULL) { 513 /* 514 * Check that selected source address belongs to 515 * CARP addresses. 516 */ 517 if (ifa == NULL) 518 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, 519 &ip6->ip6_src); 520 /* 521 * Do not send NS for CARP address if we are not 522 * the CARP master. 523 */ 524 if (ifa != NULL && ifa->ifa_carp != NULL && 525 !(*carp_master_p)(ifa)) { 526 nd6log((LOG_DEBUG, 527 "nd6_ns_output: NS from BACKUP CARP address %s\n", 528 ip6_sprintf(ip6buf, &ip6->ip6_src))); 529 ifa_free(ifa); 530 goto bad; 531 } 532 } 533 if (ifa != NULL) 534 ifa_free(ifa); 535 } else { 536 /* 537 * Source address for DAD packet must always be IPv6 538 * unspecified address. (0::0) 539 * We actually don't have to 0-clear the address (we did it 540 * above), but we do so here explicitly to make the intention 541 * clearer. 542 */ 543 bzero(&ip6->ip6_src, sizeof(ip6->ip6_src)); 544 } 545 nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1); 546 nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; 547 nd_ns->nd_ns_code = 0; 548 nd_ns->nd_ns_reserved = 0; 549 nd_ns->nd_ns_target = *taddr6; 550 in6_clearscope(&nd_ns->nd_ns_target); /* XXX */ 551 552 /* 553 * Add source link-layer address option. 554 * 555 * spec implementation 556 * --- --- 557 * DAD packet MUST NOT do not add the option 558 * there's no link layer address: 559 * impossible do not add the option 560 * there's link layer address: 561 * Multicast NS MUST add one add the option 562 * Unicast NS SHOULD add one add the option 563 */ 564 if (nonce == NULL) { 565 struct nd_opt_hdr *nd_opt; 566 char *mac; 567 int optlen; 568 569 mac = NULL; 570 if (ifp->if_carp) 571 mac = (*carp_macmatch6_p)(ifp, m, &ip6->ip6_src); 572 if (mac == NULL) 573 mac = nd6_ifptomac(ifp); 574 575 if (mac != NULL) { 576 nd_opt = (struct nd_opt_hdr *)(nd_ns + 1); 577 optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 578 /* 8 byte alignments... */ 579 optlen = (optlen + 7) & ~7; 580 m->m_pkthdr.len += optlen; 581 m->m_len += optlen; 582 icmp6len += optlen; 583 bzero(nd_opt, optlen); 584 nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR; 585 nd_opt->nd_opt_len = optlen >> 3; 586 bcopy(mac, nd_opt + 1, ifp->if_addrlen); 587 } 588 } 589 /* 590 * Add a Nonce option (RFC 3971) to detect looped back NS messages. 591 * This behavior is documented as Enhanced Duplicate Address 592 * Detection in RFC 7527. 593 * net.inet6.ip6.dad_enhanced=0 disables this. 594 */ 595 if (V_dad_enhanced != 0 && nonce != NULL) { 596 int optlen = sizeof(struct nd_opt_hdr) + ND_OPT_NONCE_LEN; 597 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1); 598 /* 8-byte alignment is required. */ 599 optlen = (optlen + 7) & ~7; 600 601 m->m_pkthdr.len += optlen; 602 m->m_len += optlen; 603 icmp6len += optlen; 604 bzero((caddr_t)nd_opt, optlen); 605 nd_opt->nd_opt_type = ND_OPT_NONCE; 606 nd_opt->nd_opt_len = optlen >> 3; 607 bcopy(nonce, (caddr_t)(nd_opt + 1), ND_OPT_NONCE_LEN); 608 } 609 ip6->ip6_plen = htons((u_short)icmp6len); 610 nd_ns->nd_ns_cksum = 0; 611 nd_ns->nd_ns_cksum = 612 in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len); 613 614 if (send_sendso_input_hook != NULL) { 615 mtag = m_tag_get(PACKET_TAG_ND_OUTGOING, 616 sizeof(unsigned short), M_NOWAIT); 617 if (mtag == NULL) 618 goto bad; 619 *(unsigned short *)(mtag + 1) = nd_ns->nd_ns_type; 620 m_tag_prepend(m, mtag); 621 } 622 623 ip6_output(m, NULL, NULL, (nonce != NULL) ? IPV6_UNSPECSRC : 0, 624 &im6o, NULL, NULL); 625 icmp6_ifstat_inc(ifp, ifs6_out_msg); 626 icmp6_ifstat_inc(ifp, ifs6_out_neighborsolicit); 627 ICMP6STAT_INC2(icp6s_outhist, ND_NEIGHBOR_SOLICIT); 628 629 return; 630 631 bad: 632 m_freem(m); 633 } 634 635 #ifndef BURN_BRIDGES 636 void 637 nd6_ns_output(struct ifnet *ifp, const struct in6_addr *saddr6, 638 const struct in6_addr *daddr6, const struct in6_addr *taddr6,uint8_t *nonce) 639 { 640 641 nd6_ns_output_fib(ifp, saddr6, daddr6, taddr6, nonce, RT_DEFAULT_FIB); 642 } 643 #endif 644 /* 645 * Neighbor advertisement input handling. 646 * 647 * Based on RFC 2461 648 * Based on RFC 2462 (duplicate address detection) 649 * 650 * the following items are not implemented yet: 651 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 652 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 653 */ 654 void 655 nd6_na_input(struct mbuf *m, int off, int icmp6len) 656 { 657 struct ifnet *ifp; 658 struct ip6_hdr *ip6; 659 struct ifaddr *ifa; 660 struct llentry *ln; 661 struct mbuf *chain; 662 struct nd_neighbor_advert *nd_na; 663 struct in6_addr daddr6, taddr6; 664 union nd_opts ndopts; 665 u_char linkhdr[LLE_MAX_LINKHDR]; 666 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; 667 char *lladdr; 668 size_t linkhdrsize; 669 int flags, is_override, is_router, is_solicited; 670 int lladdr_off, lladdrlen, checklink; 671 bool flush_holdchain = false; 672 673 NET_EPOCH_ASSERT(); 674 675 chain = NULL; 676 ln = NULL; 677 checklink = 0; 678 679 /* RFC 6980: Nodes MUST silently ignore fragments */ 680 if(m->m_flags & M_FRAGMENTED) 681 goto freeit; 682 683 ifp = m->m_pkthdr.rcvif; 684 ip6 = mtod(m, struct ip6_hdr *); 685 if (__predict_false(ip6->ip6_hlim != 255)) { 686 ICMP6STAT_INC(icp6s_invlhlim); 687 nd6log((LOG_ERR, 688 "nd6_na_input: invalid hlim (%d) from %s to %s on %s\n", 689 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src), 690 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp))); 691 goto bad; 692 } 693 694 if (m->m_len < off + icmp6len) { 695 m = m_pullup(m, off + icmp6len); 696 if (m == NULL) { 697 IP6STAT_INC(ip6s_exthdrtoolong); 698 return; 699 } 700 } 701 ip6 = mtod(m, struct ip6_hdr *); 702 nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off); 703 704 flags = nd_na->nd_na_flags_reserved; 705 is_router = ((flags & ND_NA_FLAG_ROUTER) != 0); 706 is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0); 707 is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0); 708 709 taddr6 = nd_na->nd_na_target; 710 if (in6_setscope(&taddr6, ifp, NULL)) 711 goto bad; /* XXX: impossible */ 712 713 if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 714 nd6log((LOG_ERR, 715 "nd6_na_input: invalid target address %s\n", 716 ip6_sprintf(ip6bufs, &taddr6))); 717 goto bad; 718 } 719 720 daddr6 = ip6->ip6_dst; 721 if (IN6_IS_ADDR_MULTICAST(&daddr6)) 722 if (is_solicited) { 723 nd6log((LOG_ERR, 724 "nd6_na_input: a solicited adv is multicasted\n")); 725 goto bad; 726 } 727 728 icmp6len -= sizeof(*nd_na); 729 nd6_option_init(nd_na + 1, icmp6len, &ndopts); 730 if (nd6_options(&ndopts) < 0) { 731 nd6log((LOG_INFO, 732 "nd6_na_input: invalid ND option, ignored\n")); 733 /* nd6_options have incremented stats */ 734 goto freeit; 735 } 736 737 lladdr = NULL; 738 lladdrlen = 0; 739 if (ndopts.nd_opts_tgt_lladdr) { 740 lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1); 741 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3; 742 } 743 744 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 745 if (ifa != NULL && ifa->ifa_carp != NULL) { 746 /* 747 * Silently ignore NAs for CARP addresses if we are not 748 * the CARP master. 749 */ 750 if (!(*carp_master_p)(ifa)) { 751 nd6log((LOG_DEBUG, 752 "nd6_na_input: NA for BACKUP CARP address %s\n", 753 ip6_sprintf(ip6bufs, &taddr6))); 754 ifa_free(ifa); 755 goto freeit; 756 } 757 } 758 /* 759 * Target address matches one of my interface address. 760 * 761 * If my address is tentative, this means that there's somebody 762 * already using the same address as mine. This indicates DAD failure. 763 * This is defined in RFC 2462. 764 * 765 * Otherwise, process as defined in RFC 2461. 766 */ 767 if (ifa 768 && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) { 769 nd6_dad_na_input(ifa); 770 ifa_free(ifa); 771 goto freeit; 772 } 773 774 /* Just for safety, maybe unnecessary. */ 775 if (ifa) { 776 ifa_free(ifa); 777 log(LOG_ERR, 778 "nd6_na_input: duplicate IP6 address %s\n", 779 ip6_sprintf(ip6bufs, &taddr6)); 780 goto freeit; 781 } 782 783 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 784 nd6log((LOG_INFO, "nd6_na_input: lladdrlen mismatch for %s " 785 "(if %d, NA packet %d)\n", ip6_sprintf(ip6bufs, &taddr6), 786 ifp->if_addrlen, lladdrlen - 2)); 787 goto bad; 788 } 789 790 /* 791 * If no neighbor cache entry is found, NA SHOULD silently be 792 * discarded. 793 */ 794 ln = nd6_lookup(&taddr6, LLE_SF(AF_INET6, LLE_EXCLUSIVE), ifp); 795 if (ln == NULL) { 796 goto freeit; 797 } 798 799 /* 800 * Do not try to override static entry. 801 */ 802 if (ln->la_flags & LLE_STATIC) 803 goto freeit; 804 805 if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 806 /* 807 * If the link-layer has address, and no lladdr option came, 808 * discard the packet. 809 */ 810 if (ifp->if_addrlen && lladdr == NULL) { 811 goto freeit; 812 } 813 814 /* 815 * Record link-layer address, and update the state. 816 */ 817 if (!nd6_try_set_entry_addr(ifp, ln, lladdr)) 818 goto freeit; 819 820 flush_holdchain = true; 821 if (is_solicited) 822 nd6_llinfo_setstate(ln, ND6_LLINFO_REACHABLE); 823 else 824 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE); 825 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED); 826 if ((ln->ln_router = is_router) != 0) { 827 /* 828 * This means a router's state has changed from 829 * non-reachable to probably reachable, and might 830 * affect the status of associated prefixes.. 831 */ 832 checklink = 1; 833 } 834 } else { 835 int llchange; 836 837 /* 838 * Check if the link-layer address has changed or not. 839 */ 840 if (lladdr == NULL) 841 llchange = 0; 842 else { 843 if (ln->la_flags & LLE_VALID) { 844 if (bcmp(lladdr, ln->ll_addr, ifp->if_addrlen)) 845 llchange = 1; 846 else 847 llchange = 0; 848 } else 849 llchange = 1; 850 } 851 852 /* 853 * This is VERY complex. Look at it with care. 854 * 855 * override solicit lladdr llchange action 856 * (L: record lladdr) 857 * 858 * 0 0 n -- (2c) 859 * 0 0 y n (2b) L 860 * 0 0 y y (1) REACHABLE->STALE 861 * 0 1 n -- (2c) *->REACHABLE 862 * 0 1 y n (2b) L *->REACHABLE 863 * 0 1 y y (1) REACHABLE->STALE 864 * 1 0 n -- (2a) 865 * 1 0 y n (2a) L 866 * 1 0 y y (2a) L *->STALE 867 * 1 1 n -- (2a) *->REACHABLE 868 * 1 1 y n (2a) L *->REACHABLE 869 * 1 1 y y (2a) L *->REACHABLE 870 */ 871 if (!is_override && (lladdr != NULL && llchange)) { /* (1) */ 872 /* 873 * If state is REACHABLE, make it STALE. 874 * no other updates should be done. 875 */ 876 if (ln->ln_state == ND6_LLINFO_REACHABLE) 877 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE); 878 goto freeit; 879 } else if (is_override /* (2a) */ 880 || (!is_override && (lladdr != NULL && !llchange)) /* (2b) */ 881 || lladdr == NULL) { /* (2c) */ 882 /* 883 * Update link-local address, if any. 884 */ 885 if (lladdr != NULL) { 886 linkhdrsize = sizeof(linkhdr); 887 if (lltable_calc_llheader(ifp, AF_INET6, lladdr, 888 linkhdr, &linkhdrsize, &lladdr_off) != 0) 889 goto freeit; 890 if (lltable_try_set_entry_addr(ifp, ln, linkhdr, 891 linkhdrsize, lladdr_off) == 0) 892 goto freeit; 893 EVENTHANDLER_INVOKE(lle_event, ln, 894 LLENTRY_RESOLVED); 895 } 896 897 /* 898 * If solicited, make the state REACHABLE. 899 * If not solicited and the link-layer address was 900 * changed, make it STALE. 901 */ 902 if (is_solicited) 903 nd6_llinfo_setstate(ln, ND6_LLINFO_REACHABLE); 904 else { 905 if (lladdr != NULL && llchange) 906 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE); 907 } 908 } 909 910 if (ln->ln_router && !is_router) { 911 /* 912 * The peer dropped the router flag. 913 * Remove the sender from the Default Router List and 914 * update the Destination Cache entries. 915 */ 916 struct ifnet *nd6_ifp; 917 918 nd6_ifp = lltable_get_ifp(ln->lle_tbl); 919 if (!defrouter_remove(&ln->r_l3addr.addr6, nd6_ifp) && 920 (ND_IFINFO(nd6_ifp)->flags & 921 ND6_IFF_ACCEPT_RTADV) != 0) 922 /* 923 * Even if the neighbor is not in the default 924 * router list, the neighbor may be used as a 925 * next hop for some destinations (e.g. redirect 926 * case). So we must call rt6_flush explicitly. 927 */ 928 rt6_flush(&ip6->ip6_src, ifp); 929 } 930 ln->ln_router = is_router; 931 } 932 /* XXX - QL 933 * Does this matter? 934 * rt->rt_flags &= ~RTF_REJECT; 935 */ 936 ln->la_asked = 0; 937 if (ln->la_hold != NULL) 938 chain = nd6_grab_holdchain(ln); 939 freeit: 940 if (ln != NULL) 941 LLE_WUNLOCK(ln); 942 943 if (chain != NULL) 944 nd6_flush_holdchain(ifp, ln, chain); 945 if (flush_holdchain) 946 nd6_flush_children_holdchain(ifp, ln); 947 948 if (checklink) 949 pfxlist_onlink_check(); 950 951 m_freem(m); 952 return; 953 954 bad: 955 if (ln != NULL) 956 LLE_WUNLOCK(ln); 957 958 ICMP6STAT_INC(icp6s_badna); 959 m_freem(m); 960 } 961 962 /* 963 * Neighbor advertisement output handling. 964 * 965 * Based on RFC 2461 966 * 967 * the following items are not implemented yet: 968 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 969 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 970 * 971 * tlladdr - 1 if include target link-layer address 972 * sdl0 - sockaddr_dl (= proxy NA) or NULL 973 */ 974 static void 975 nd6_na_output_fib(struct ifnet *ifp, const struct in6_addr *daddr6_0, 976 const struct in6_addr *taddr6, u_long flags, int tlladdr, 977 struct sockaddr *sdl0, u_int fibnum) 978 { 979 struct mbuf *m; 980 struct m_tag *mtag; 981 struct ip6_hdr *ip6; 982 struct nd_neighbor_advert *nd_na; 983 struct ip6_moptions im6o; 984 struct in6_addr daddr6, dst6, src6; 985 uint32_t scopeid; 986 987 NET_EPOCH_ASSERT(); 988 989 int icmp6len, maxlen, error; 990 caddr_t mac = NULL; 991 992 daddr6 = *daddr6_0; /* make a local copy for modification */ 993 994 /* estimate the size of message */ 995 maxlen = sizeof(*ip6) + sizeof(*nd_na); 996 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 997 KASSERT(max_linkhdr + maxlen <= MCLBYTES, ( 998 "%s: max_linkhdr + maxlen > MCLBYTES (%d + %d > %d)", 999 __func__, max_linkhdr, maxlen, MCLBYTES)); 1000 1001 if (max_linkhdr + maxlen > MHLEN) 1002 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 1003 else 1004 m = m_gethdr(M_NOWAIT, MT_DATA); 1005 if (m == NULL) 1006 return; 1007 M_SETFIB(m, fibnum); 1008 1009 if (IN6_IS_ADDR_MULTICAST(&daddr6)) { 1010 m->m_flags |= M_MCAST; 1011 im6o.im6o_multicast_ifp = ifp; 1012 im6o.im6o_multicast_hlim = 255; 1013 im6o.im6o_multicast_loop = 0; 1014 } 1015 1016 icmp6len = sizeof(*nd_na); 1017 m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len; 1018 m->m_data += max_linkhdr; /* or M_ALIGN() equivalent? */ 1019 1020 /* fill neighbor advertisement packet */ 1021 ip6 = mtod(m, struct ip6_hdr *); 1022 ip6->ip6_flow = 0; 1023 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 1024 ip6->ip6_vfc |= IPV6_VERSION; 1025 ip6->ip6_nxt = IPPROTO_ICMPV6; 1026 ip6->ip6_hlim = 255; 1027 if (IN6_IS_ADDR_UNSPECIFIED(&daddr6)) { 1028 /* reply to DAD */ 1029 daddr6.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 1030 daddr6.s6_addr16[1] = 0; 1031 daddr6.s6_addr32[1] = 0; 1032 daddr6.s6_addr32[2] = 0; 1033 daddr6.s6_addr32[3] = IPV6_ADDR_INT32_ONE; 1034 if (in6_setscope(&daddr6, ifp, NULL)) 1035 goto bad; 1036 1037 flags &= ~ND_NA_FLAG_SOLICITED; 1038 } 1039 ip6->ip6_dst = daddr6; 1040 1041 /* 1042 * Select a source whose scope is the same as that of the dest. 1043 */ 1044 in6_splitscope(&daddr6, &dst6, &scopeid); 1045 error = in6_selectsrc_addr(fibnum, &dst6, 1046 scopeid, ifp, &src6, NULL); 1047 if (error) { 1048 char ip6buf[INET6_ADDRSTRLEN]; 1049 nd6log((LOG_DEBUG, "nd6_na_output: source can't be " 1050 "determined: dst=%s, error=%d\n", 1051 ip6_sprintf(ip6buf, &daddr6), error)); 1052 goto bad; 1053 } 1054 ip6->ip6_src = src6; 1055 nd_na = (struct nd_neighbor_advert *)(ip6 + 1); 1056 nd_na->nd_na_type = ND_NEIGHBOR_ADVERT; 1057 nd_na->nd_na_code = 0; 1058 nd_na->nd_na_target = *taddr6; 1059 in6_clearscope(&nd_na->nd_na_target); /* XXX */ 1060 1061 /* 1062 * "tlladdr" indicates NS's condition for adding tlladdr or not. 1063 * see nd6_ns_input() for details. 1064 * Basically, if NS packet is sent to unicast/anycast addr, 1065 * target lladdr option SHOULD NOT be included. 1066 */ 1067 if (tlladdr) { 1068 /* 1069 * sdl0 != NULL indicates proxy NA. If we do proxy, use 1070 * lladdr in sdl0. If we are not proxying (sending NA for 1071 * my address) use lladdr configured for the interface. 1072 */ 1073 if (sdl0 == NULL) { 1074 if (ifp->if_carp) 1075 mac = (*carp_macmatch6_p)(ifp, m, taddr6); 1076 if (mac == NULL) 1077 mac = nd6_ifptomac(ifp); 1078 } else if (sdl0->sa_family == AF_LINK) { 1079 struct sockaddr_dl *sdl; 1080 sdl = (struct sockaddr_dl *)sdl0; 1081 if (sdl->sdl_alen == ifp->if_addrlen) 1082 mac = LLADDR(sdl); 1083 } 1084 } 1085 if (tlladdr && mac) { 1086 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 1087 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1); 1088 1089 /* roundup to 8 bytes alignment! */ 1090 optlen = (optlen + 7) & ~7; 1091 1092 m->m_pkthdr.len += optlen; 1093 m->m_len += optlen; 1094 icmp6len += optlen; 1095 bzero((caddr_t)nd_opt, optlen); 1096 nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; 1097 nd_opt->nd_opt_len = optlen >> 3; 1098 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen); 1099 } else 1100 flags &= ~ND_NA_FLAG_OVERRIDE; 1101 1102 ip6->ip6_plen = htons((u_short)icmp6len); 1103 nd_na->nd_na_flags_reserved = flags; 1104 nd_na->nd_na_cksum = 0; 1105 nd_na->nd_na_cksum = 1106 in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len); 1107 1108 if (send_sendso_input_hook != NULL) { 1109 mtag = m_tag_get(PACKET_TAG_ND_OUTGOING, 1110 sizeof(unsigned short), M_NOWAIT); 1111 if (mtag == NULL) 1112 goto bad; 1113 *(unsigned short *)(mtag + 1) = nd_na->nd_na_type; 1114 m_tag_prepend(m, mtag); 1115 } 1116 1117 ip6_output(m, NULL, NULL, 0, &im6o, NULL, NULL); 1118 icmp6_ifstat_inc(ifp, ifs6_out_msg); 1119 icmp6_ifstat_inc(ifp, ifs6_out_neighboradvert); 1120 ICMP6STAT_INC2(icp6s_outhist, ND_NEIGHBOR_ADVERT); 1121 1122 return; 1123 1124 bad: 1125 m_freem(m); 1126 } 1127 1128 #ifndef BURN_BRIDGES 1129 void 1130 nd6_na_output(struct ifnet *ifp, const struct in6_addr *daddr6_0, 1131 const struct in6_addr *taddr6, u_long flags, int tlladdr, 1132 struct sockaddr *sdl0) 1133 { 1134 1135 nd6_na_output_fib(ifp, daddr6_0, taddr6, flags, tlladdr, sdl0, 1136 RT_DEFAULT_FIB); 1137 } 1138 #endif 1139 1140 caddr_t 1141 nd6_ifptomac(struct ifnet *ifp) 1142 { 1143 switch (ifp->if_type) { 1144 case IFT_ETHER: 1145 case IFT_IEEE1394: 1146 case IFT_L2VLAN: 1147 case IFT_INFINIBAND: 1148 case IFT_BRIDGE: 1149 return IF_LLADDR(ifp); 1150 default: 1151 return NULL; 1152 } 1153 } 1154 1155 struct dadq { 1156 TAILQ_ENTRY(dadq) dad_list; 1157 struct ifaddr *dad_ifa; 1158 int dad_count; /* max NS to send */ 1159 int dad_ns_tcount; /* # of trials to send NS */ 1160 int dad_ns_ocount; /* NS sent so far */ 1161 int dad_ns_icount; 1162 int dad_na_icount; 1163 int dad_ns_lcount; /* looped back NS */ 1164 int dad_loopbackprobe; /* probing state for loopback detection */ 1165 struct callout dad_timer_ch; 1166 struct vnet *dad_vnet; 1167 u_int dad_refcnt; 1168 #define ND_OPT_NONCE_LEN32 \ 1169 ((ND_OPT_NONCE_LEN + sizeof(uint32_t) - 1)/sizeof(uint32_t)) 1170 uint32_t dad_nonce[ND_OPT_NONCE_LEN32]; 1171 bool dad_ondadq; /* on dadq? Protected by DADQ_WLOCK. */ 1172 }; 1173 1174 VNET_DEFINE_STATIC(TAILQ_HEAD(, dadq), dadq); 1175 VNET_DEFINE_STATIC(struct rwlock, dad_rwlock); 1176 #define V_dadq VNET(dadq) 1177 #define V_dad_rwlock VNET(dad_rwlock) 1178 1179 #define DADQ_LOCKPTR() (&V_dad_rwlock) 1180 #define DADQ_LOCK_INIT() rw_init(DADQ_LOCKPTR(), "nd6 DAD queue") 1181 #define DADQ_RLOCK() rw_rlock(DADQ_LOCKPTR()) 1182 #define DADQ_RUNLOCK() rw_runlock(DADQ_LOCKPTR()) 1183 #define DADQ_WLOCK() rw_wlock(DADQ_LOCKPTR()) 1184 #define DADQ_WUNLOCK() rw_wunlock(DADQ_LOCKPTR()) 1185 1186 #define DADQ_LOCK_ASSERT() rw_assert(DADQ_LOCKPTR(), RA_LOCKED); 1187 #define DADQ_RLOCK_ASSERT() rw_assert(DADQ_LOCKPTR(), RA_RLOCKED); 1188 #define DADQ_WLOCK_ASSERT() rw_assert(DADQ_LOCKPTR(), RA_WLOCKED); 1189 1190 static void 1191 nd6_dad_add(struct dadq *dp) 1192 { 1193 DADQ_WLOCK_ASSERT(); 1194 1195 TAILQ_INSERT_TAIL(&V_dadq, dp, dad_list); 1196 dp->dad_ondadq = true; 1197 } 1198 1199 static void 1200 nd6_dad_del(struct dadq *dp) 1201 { 1202 DADQ_WLOCK_ASSERT(); 1203 1204 if (dp->dad_ondadq) { 1205 /* 1206 * Remove dp from the dadq and release the dadq's 1207 * reference. 1208 */ 1209 TAILQ_REMOVE(&V_dadq, dp, dad_list); 1210 dp->dad_ondadq = false; 1211 nd6_dad_rele(dp); 1212 } 1213 } 1214 1215 static struct dadq * 1216 nd6_dad_find(struct ifaddr *ifa, struct nd_opt_nonce *n) 1217 { 1218 struct dadq *dp; 1219 1220 DADQ_LOCK_ASSERT(); 1221 1222 TAILQ_FOREACH(dp, &V_dadq, dad_list) { 1223 if (dp->dad_ifa != ifa) 1224 continue; 1225 1226 /* 1227 * Skip if the nonce matches the received one. 1228 * +2 in the length is required because of type and 1229 * length fields are included in a header. 1230 */ 1231 if (n != NULL && 1232 n->nd_opt_nonce_len == (ND_OPT_NONCE_LEN + 2) / 8 && 1233 memcmp(&n->nd_opt_nonce[0], &dp->dad_nonce[0], 1234 ND_OPT_NONCE_LEN) == 0) { 1235 dp->dad_ns_lcount++; 1236 continue; 1237 } 1238 break; 1239 } 1240 1241 return (dp); 1242 } 1243 1244 static void 1245 nd6_dad_starttimer(struct dadq *dp, int ticks) 1246 { 1247 DADQ_WLOCK_ASSERT(); 1248 1249 callout_reset(&dp->dad_timer_ch, ticks, nd6_dad_timer, dp); 1250 } 1251 1252 static void 1253 nd6_dad_stoptimer(struct dadq *dp) 1254 { 1255 callout_drain(&dp->dad_timer_ch); 1256 } 1257 1258 static void 1259 nd6_dad_rele(struct dadq *dp) 1260 { 1261 if (refcount_release(&dp->dad_refcnt)) { 1262 KASSERT(!dp->dad_ondadq, ("dp %p still on DAD queue", dp)); 1263 ifa_free(dp->dad_ifa); 1264 free(dp, M_IP6NDP); 1265 } 1266 } 1267 1268 void 1269 nd6_dad_init(void) 1270 { 1271 DADQ_LOCK_INIT(); 1272 TAILQ_INIT(&V_dadq); 1273 } 1274 1275 /* 1276 * Start Duplicate Address Detection (DAD) for specified interface address. 1277 */ 1278 void 1279 nd6_dad_start(struct ifaddr *ifa, int delay) 1280 { 1281 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1282 struct dadq *dp; 1283 char ip6buf[INET6_ADDRSTRLEN]; 1284 1285 KASSERT((ia->ia6_flags & IN6_IFF_TENTATIVE) != 0, 1286 ("starting DAD on non-tentative address %p", ifa)); 1287 1288 /* 1289 * If we don't need DAD, don't do it. 1290 * There are several cases: 1291 * - DAD is disabled globally or on the interface 1292 * - the interface address is anycast 1293 */ 1294 if ((ia->ia6_flags & IN6_IFF_ANYCAST) != 0 || 1295 V_ip6_dad_count == 0 || 1296 (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_NO_DAD) != 0) { 1297 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1298 return; 1299 } 1300 if ((ifa->ifa_ifp->if_flags & IFF_UP) == 0 || 1301 (ifa->ifa_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 || 1302 (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_IFDISABLED) != 0) 1303 return; 1304 1305 DADQ_WLOCK(); 1306 if ((dp = nd6_dad_find(ifa, NULL)) != NULL) { 1307 /* 1308 * DAD is already in progress. Let the existing entry 1309 * finish it. 1310 */ 1311 DADQ_WUNLOCK(); 1312 return; 1313 } 1314 1315 dp = malloc(sizeof(*dp), M_IP6NDP, M_NOWAIT | M_ZERO); 1316 if (dp == NULL) { 1317 log(LOG_ERR, "nd6_dad_start: memory allocation failed for " 1318 "%s(%s)\n", 1319 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1320 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1321 return; 1322 } 1323 callout_init_rw(&dp->dad_timer_ch, DADQ_LOCKPTR(), 1324 CALLOUT_RETURNUNLOCKED); 1325 #ifdef VIMAGE 1326 dp->dad_vnet = curvnet; 1327 #endif 1328 nd6log((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp), 1329 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1330 1331 /* 1332 * Send NS packet for DAD, ip6_dad_count times. 1333 * Note that we must delay the first transmission, if this is the 1334 * first packet to be sent from the interface after interface 1335 * (re)initialization. 1336 */ 1337 dp->dad_ifa = ifa; 1338 ifa_ref(dp->dad_ifa); 1339 dp->dad_count = V_ip6_dad_count; 1340 dp->dad_ns_icount = dp->dad_na_icount = 0; 1341 dp->dad_ns_ocount = dp->dad_ns_tcount = 0; 1342 dp->dad_ns_lcount = dp->dad_loopbackprobe = 0; 1343 1344 /* Add this to the dadq and add a reference for the dadq. */ 1345 refcount_init(&dp->dad_refcnt, 1); 1346 nd6_dad_add(dp); 1347 nd6_dad_starttimer(dp, delay); 1348 DADQ_WUNLOCK(); 1349 } 1350 1351 /* 1352 * terminate DAD unconditionally. used for address removals. 1353 */ 1354 void 1355 nd6_dad_stop(struct ifaddr *ifa) 1356 { 1357 struct dadq *dp; 1358 1359 DADQ_WLOCK(); 1360 dp = nd6_dad_find(ifa, NULL); 1361 if (dp == NULL) { 1362 DADQ_WUNLOCK(); 1363 /* DAD wasn't started yet */ 1364 return; 1365 } 1366 1367 /* 1368 * Acquire a temporary reference so that we can safely stop the callout. 1369 */ 1370 (void)refcount_acquire(&dp->dad_refcnt); 1371 nd6_dad_del(dp); 1372 DADQ_WUNLOCK(); 1373 1374 nd6_dad_stoptimer(dp); 1375 nd6_dad_rele(dp); 1376 } 1377 1378 static void 1379 nd6_dad_timer(void *arg) 1380 { 1381 struct dadq *dp = arg; 1382 struct ifaddr *ifa = dp->dad_ifa; 1383 struct ifnet *ifp = dp->dad_ifa->ifa_ifp; 1384 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1385 char ip6buf[INET6_ADDRSTRLEN]; 1386 struct epoch_tracker et; 1387 1388 CURVNET_SET(dp->dad_vnet); 1389 KASSERT(ia != NULL, ("DAD entry %p with no address", dp)); 1390 1391 NET_EPOCH_ENTER(et); 1392 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) { 1393 /* Do not need DAD for ifdisabled interface. */ 1394 log(LOG_ERR, "nd6_dad_timer: cancel DAD on %s because of " 1395 "ND6_IFF_IFDISABLED.\n", ifp->if_xname); 1396 goto err; 1397 } 1398 if (ia->ia6_flags & IN6_IFF_DUPLICATED) { 1399 log(LOG_ERR, "nd6_dad_timer: called with duplicated address " 1400 "%s(%s)\n", 1401 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1402 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1403 goto err; 1404 } 1405 if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) { 1406 log(LOG_ERR, "nd6_dad_timer: called with non-tentative address " 1407 "%s(%s)\n", 1408 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1409 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1410 goto err; 1411 } 1412 1413 /* Stop DAD if the interface is down even after dad_maxtry attempts. */ 1414 if ((dp->dad_ns_tcount > V_dad_maxtry) && 1415 (((ifp->if_flags & IFF_UP) == 0) || 1416 ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0))) { 1417 nd6log((LOG_INFO, "%s: could not run DAD " 1418 "because the interface was down or not running.\n", 1419 if_name(ifa->ifa_ifp))); 1420 goto err; 1421 } 1422 1423 /* Need more checks? */ 1424 if (dp->dad_ns_ocount < dp->dad_count) { 1425 /* 1426 * We have more NS to go. Send NS packet for DAD. 1427 */ 1428 nd6_dad_starttimer(dp, 1429 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000); 1430 nd6_dad_ns_output(dp); 1431 goto done; 1432 } else { 1433 /* 1434 * We have transmitted sufficient number of DAD packets. 1435 * See what we've got. 1436 */ 1437 if (dp->dad_ns_icount > 0 || dp->dad_na_icount > 0) { 1438 /* We've seen NS or NA, means DAD has failed. */ 1439 nd6_dad_duplicated(ifa, dp); 1440 } else if (V_dad_enhanced != 0 && 1441 dp->dad_ns_lcount > 0 && 1442 dp->dad_ns_lcount > dp->dad_loopbackprobe) { 1443 /* 1444 * Sec. 4.1 in RFC 7527 requires transmission of 1445 * additional probes until the loopback condition 1446 * becomes clear when a looped back probe is detected. 1447 */ 1448 log(LOG_ERR, "%s: a looped back NS message is " 1449 "detected during DAD for %s. " 1450 "Another DAD probes are being sent.\n", 1451 if_name(ifa->ifa_ifp), 1452 ip6_sprintf(ip6buf, IFA_IN6(ifa))); 1453 dp->dad_loopbackprobe = dp->dad_ns_lcount; 1454 /* 1455 * Send an NS immediately and increase dad_count by 1456 * V_nd6_mmaxtries - 1. 1457 */ 1458 dp->dad_count = 1459 dp->dad_ns_ocount + V_nd6_mmaxtries - 1; 1460 nd6_dad_starttimer(dp, 1461 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000); 1462 nd6_dad_ns_output(dp); 1463 goto done; 1464 } else { 1465 /* 1466 * We are done with DAD. No NA came, no NS came. 1467 * No duplicate address found. Check IFDISABLED flag 1468 * again in case that it is changed between the 1469 * beginning of this function and here. 1470 * 1471 * Reset DAD failures counter if using stable addresses. 1472 */ 1473 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) == 0) { 1474 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1475 if ((ND_IFINFO(ifp)->flags & ND6_IFF_STABLEADDR) && !(ia->ia6_flags & IN6_IFF_TEMPORARY)) 1476 counter_u64_zero(DAD_FAILURES(ifp)); 1477 } 1478 1479 nd6log((LOG_DEBUG, 1480 "%s: DAD complete for %s - no duplicates found\n", 1481 if_name(ifa->ifa_ifp), 1482 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1483 if (dp->dad_ns_lcount > 0) 1484 log(LOG_ERR, "%s: DAD completed while " 1485 "a looped back NS message is detected " 1486 "during DAD for %s.\n", 1487 if_name(ifa->ifa_ifp), 1488 ip6_sprintf(ip6buf, IFA_IN6(ifa))); 1489 } 1490 } 1491 err: 1492 nd6_dad_del(dp); 1493 DADQ_WUNLOCK(); 1494 done: 1495 NET_EPOCH_EXIT(et); 1496 CURVNET_RESTORE(); 1497 } 1498 1499 static void 1500 nd6_dad_duplicated(struct ifaddr *ifa, struct dadq *dp) 1501 { 1502 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1503 struct ifnet *ifp; 1504 char ip6buf[INET6_ADDRSTRLEN]; 1505 1506 ifp = ifa->ifa_ifp; 1507 1508 log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: " 1509 "NS in/out/loopback=%d/%d/%d, NA in=%d\n", 1510 if_name(ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1511 dp->dad_ns_icount, dp->dad_ns_ocount, dp->dad_ns_lcount, 1512 dp->dad_na_icount); 1513 1514 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1515 ia->ia6_flags |= IN6_IFF_DUPLICATED; 1516 1517 log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n", 1518 if_name(ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)); 1519 1520 /* 1521 * For RFC 7217 stable addresses, increment failure counter here if we still have retries. 1522 * More addresses will be generated as long as retries are not exhausted. 1523 */ 1524 if ((ND_IFINFO(ifp)->flags & ND6_IFF_STABLEADDR) && !(ia->ia6_flags & IN6_IFF_TEMPORARY)) { 1525 uint64_t dad_failures = counter_u64_fetch(DAD_FAILURES(ifp)); 1526 1527 if (dad_failures <= V_ip6_stableaddr_maxretries) { 1528 counter_u64_add(DAD_FAILURES(ifp), 1); 1529 /* if retries exhausted, output an informative error message */ 1530 if (dad_failures == V_ip6_stableaddr_maxretries) 1531 log(LOG_ERR, "%s: manual intervention required, consider disabling \"stableaddr\" on the interface" 1532 " or checking hostuuid for uniqueness\n", 1533 if_name(ifp)); 1534 } 1535 } else { 1536 log(LOG_ERR, "%s: manual intervention required\n", 1537 if_name(ifp)); 1538 } 1539 1540 /* 1541 * If the address is a link-local address formed from an interface 1542 * identifier based on the hardware address which is supposed to be 1543 * uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP 1544 * operation on the interface SHOULD be disabled. 1545 * [RFC 4862, Section 5.4.5] 1546 */ 1547 if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) { 1548 struct in6_addr in6; 1549 1550 /* 1551 * To avoid over-reaction, we only apply this logic when we are 1552 * very sure that hardware addresses are supposed to be unique. 1553 */ 1554 switch (ifp->if_type) { 1555 case IFT_ETHER: 1556 case IFT_ATM: 1557 case IFT_IEEE1394: 1558 case IFT_INFINIBAND: 1559 in6 = ia->ia_addr.sin6_addr; 1560 if (in6_get_hw_ifid(ifp, &in6) == 0 && 1561 IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, &in6)) { 1562 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED; 1563 log(LOG_ERR, "%s: possible hardware address " 1564 "duplication detected, disable IPv6\n", 1565 if_name(ifp)); 1566 } 1567 break; 1568 } 1569 } 1570 } 1571 1572 /* 1573 * Transmit a neighbour solicitation for the purpose of DAD. Returns with the 1574 * DAD queue unlocked. 1575 */ 1576 static void 1577 nd6_dad_ns_output(struct dadq *dp) 1578 { 1579 struct in6_ifaddr *ia = (struct in6_ifaddr *)dp->dad_ifa; 1580 struct ifnet *ifp = dp->dad_ifa->ifa_ifp; 1581 int i; 1582 1583 DADQ_WLOCK_ASSERT(); 1584 1585 dp->dad_ns_tcount++; 1586 if ((ifp->if_flags & IFF_UP) == 0) { 1587 DADQ_WUNLOCK(); 1588 return; 1589 } 1590 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1591 DADQ_WUNLOCK(); 1592 return; 1593 } 1594 1595 dp->dad_ns_ocount++; 1596 if (V_dad_enhanced != 0) { 1597 for (i = 0; i < ND_OPT_NONCE_LEN32; i++) 1598 dp->dad_nonce[i] = arc4random(); 1599 /* 1600 * XXXHRS: Note that in the case that 1601 * DupAddrDetectTransmits > 1, multiple NS messages with 1602 * different nonces can be looped back in an unexpected 1603 * order. The current implementation recognizes only 1604 * the latest nonce on the sender side. Practically it 1605 * should work well in almost all cases. 1606 */ 1607 } 1608 DADQ_WUNLOCK(); 1609 nd6_ns_output(ifp, NULL, NULL, &ia->ia_addr.sin6_addr, 1610 (uint8_t *)&dp->dad_nonce[0]); 1611 } 1612 1613 static void 1614 nd6_dad_ns_input(struct ifaddr *ifa, struct nd_opt_nonce *ndopt_nonce) 1615 { 1616 struct dadq *dp; 1617 1618 if (ifa == NULL) 1619 panic("ifa == NULL in nd6_dad_ns_input"); 1620 1621 /* Ignore Nonce option when Enhanced DAD is disabled. */ 1622 if (V_dad_enhanced == 0) 1623 ndopt_nonce = NULL; 1624 DADQ_RLOCK(); 1625 dp = nd6_dad_find(ifa, ndopt_nonce); 1626 if (dp != NULL) 1627 dp->dad_ns_icount++; 1628 DADQ_RUNLOCK(); 1629 } 1630 1631 static void 1632 nd6_dad_na_input(struct ifaddr *ifa) 1633 { 1634 struct dadq *dp; 1635 1636 if (ifa == NULL) 1637 panic("ifa == NULL in nd6_dad_na_input"); 1638 1639 DADQ_RLOCK(); 1640 dp = nd6_dad_find(ifa, NULL); 1641 if (dp != NULL) 1642 dp->dad_na_icount++; 1643 DADQ_RUNLOCK(); 1644 } 1645