1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * $KAME: nd6.c,v 1.144 2001/05/24 07:44:00 itojun Exp $ 32 */ 33 34 #include <sys/cdefs.h> 35 #include "opt_inet.h" 36 #include "opt_inet6.h" 37 #include "opt_route.h" 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/eventhandler.h> 42 #include <sys/callout.h> 43 #include <sys/lock.h> 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 #include <sys/mutex.h> 47 #include <sys/socket.h> 48 #include <sys/sockio.h> 49 #include <sys/time.h> 50 #include <sys/kernel.h> 51 #include <sys/protosw.h> 52 #include <sys/errno.h> 53 #include <sys/syslog.h> 54 #include <sys/rwlock.h> 55 #include <sys/queue.h> 56 #include <sys/sdt.h> 57 #include <sys/sysctl.h> 58 59 #include <net/if.h> 60 #include <net/if_var.h> 61 #include <net/if_dl.h> 62 #include <net/if_private.h> 63 #include <net/if_types.h> 64 #include <net/route.h> 65 #include <net/route/route_ctl.h> 66 #include <net/route/nhop.h> 67 #include <net/vnet.h> 68 69 #include <netinet/in.h> 70 #include <netinet/in_kdtrace.h> 71 #include <net/if_llatbl.h> 72 #include <netinet/if_ether.h> 73 #include <netinet6/in6_fib.h> 74 #include <netinet6/in6_var.h> 75 #include <netinet/ip6.h> 76 #include <netinet6/ip6_var.h> 77 #include <netinet6/scope6_var.h> 78 #include <netinet6/nd6.h> 79 #include <netinet6/in6_ifattach.h> 80 #include <netinet/icmp6.h> 81 #include <netinet6/send.h> 82 83 #include <sys/limits.h> 84 85 #include <security/mac/mac_framework.h> 86 87 #define ND6_PREFIX_WITH_ROUTER(pr) !LIST_EMPTY(&(pr)->ndpr_advrtrs) 88 89 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 90 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 91 92 MALLOC_DEFINE(M_IP6NDP, "ip6ndp", "IPv6 Neighbor Discovery"); 93 94 VNET_DEFINE_STATIC(int, nd6_prune) = 1; 95 #define V_nd6_prune VNET(nd6_prune) 96 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, nd6_prune, 97 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_prune), 0, 98 "Frequency in seconds of checks for expired prefixes and routers"); 99 100 VNET_DEFINE_STATIC(int, nd6_delay) = 5; 101 #define V_nd6_delay VNET(nd6_delay) 102 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, nd6_delay, 103 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_delay), 0, 104 "Delay in seconds before probing for reachability"); 105 106 VNET_DEFINE_STATIC(int, nd6_umaxtries) = 3; 107 #define V_nd6_umaxtries VNET(nd6_umaxtries) 108 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, nd6_umaxtries, 109 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_umaxtries), 0, 110 "Number of ICMPv6 NS messages sent during reachability detection"); 111 112 VNET_DEFINE(int, nd6_mmaxtries) = 3; 113 #define V_nd6_mmaxtries VNET(nd6_mmaxtries) 114 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, nd6_mmaxtries, 115 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_mmaxtries), 0, 116 "Number of ICMPv6 NS messages sent during address resolution"); 117 118 VNET_DEFINE_STATIC(int, nd6_gctimer) = (60 * 60 * 24); /* 1 day: garbage 119 * collection timer */ 120 #define V_nd6_gctimer VNET(nd6_gctimer) 121 122 /* preventing too many loops in ND option parsing */ 123 VNET_DEFINE_STATIC(int, nd6_maxndopt) = 10; /* max # of ND options allowed */ 124 125 VNET_DEFINE_STATIC(int, nd6_maxqueuelen) = 16; /* max pkts cached in unresolved 126 * ND entries */ 127 #define V_nd6_maxndopt VNET(nd6_maxndopt) 128 #define V_nd6_maxqueuelen VNET(nd6_maxqueuelen) 129 130 #ifdef ND6_DEBUG 131 VNET_DEFINE(int, nd6_debug) = 1; 132 #else 133 VNET_DEFINE(int, nd6_debug) = 0; 134 #endif 135 #define V_nd6_debug VNET(nd6_debug) 136 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, nd6_debug, 137 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_debug), 0, 138 "Log NDP debug messages"); 139 140 static eventhandler_tag lle_event_eh, iflladdr_event_eh, ifnet_link_event_eh; 141 142 VNET_DEFINE(struct nd_prhead, nd_prefix); 143 VNET_DEFINE(struct rwlock, nd6_lock); 144 VNET_DEFINE(uint64_t, nd6_list_genid); 145 VNET_DEFINE(struct mtx, nd6_onlink_mtx); 146 147 VNET_DEFINE(int, nd6_recalc_reachtm_interval) = ND6_RECALC_REACHTM_INTERVAL; 148 #define V_nd6_recalc_reachtm_interval VNET(nd6_recalc_reachtm_interval) 149 150 int (*send_sendso_input_hook)(struct mbuf *, struct ifnet *, int, int); 151 152 static bool nd6_is_new_addr_neighbor(const struct sockaddr_in6 *, 153 struct ifnet *); 154 static void nd6_setmtu0(struct ifnet *, struct nd_ifinfo *); 155 static void nd6_slowtimo(void *); 156 static int regen_tmpaddr(struct in6_ifaddr *); 157 static void nd6_free(struct llentry **, int); 158 static void nd6_free_redirect(const struct llentry *); 159 static void nd6_llinfo_timer(void *); 160 static void nd6_llinfo_settimer_locked(struct llentry *, long); 161 static int nd6_resolve_slow(struct ifnet *, int, int, struct mbuf *, 162 const struct sockaddr_in6 *, u_char *, uint32_t *, struct llentry **); 163 static int nd6_need_cache(struct ifnet *); 164 165 VNET_DEFINE_STATIC(struct callout, nd6_slowtimo_ch); 166 #define V_nd6_slowtimo_ch VNET(nd6_slowtimo_ch) 167 168 VNET_DEFINE_STATIC(struct callout, nd6_timer_ch); 169 #define V_nd6_timer_ch VNET(nd6_timer_ch) 170 171 static void 172 nd6_lle_event(void *arg __unused, struct llentry *lle, int evt) 173 { 174 struct rt_addrinfo rtinfo; 175 struct sockaddr_in6 dst; 176 struct sockaddr_dl gw; 177 struct ifnet *ifp; 178 int type; 179 int fibnum; 180 181 LLE_WLOCK_ASSERT(lle); 182 183 if (lltable_get_af(lle->lle_tbl) != AF_INET6) 184 return; 185 186 switch (evt) { 187 case LLENTRY_RESOLVED: 188 type = RTM_ADD; 189 KASSERT(lle->la_flags & LLE_VALID, 190 ("%s: %p resolved but not valid?", __func__, lle)); 191 break; 192 case LLENTRY_EXPIRED: 193 type = RTM_DELETE; 194 break; 195 default: 196 return; 197 } 198 199 ifp = lltable_get_ifp(lle->lle_tbl); 200 201 bzero(&dst, sizeof(dst)); 202 bzero(&gw, sizeof(gw)); 203 bzero(&rtinfo, sizeof(rtinfo)); 204 lltable_fill_sa_entry(lle, (struct sockaddr *)&dst); 205 dst.sin6_scope_id = in6_getscopezone(ifp, 206 in6_addrscope(&dst.sin6_addr)); 207 gw.sdl_len = sizeof(struct sockaddr_dl); 208 gw.sdl_family = AF_LINK; 209 gw.sdl_alen = ifp->if_addrlen; 210 gw.sdl_index = ifp->if_index; 211 gw.sdl_type = ifp->if_type; 212 if (evt == LLENTRY_RESOLVED) 213 bcopy(lle->ll_addr, gw.sdl_data, ifp->if_addrlen); 214 rtinfo.rti_info[RTAX_DST] = (struct sockaddr *)&dst; 215 rtinfo.rti_info[RTAX_GATEWAY] = (struct sockaddr *)&gw; 216 rtinfo.rti_addrs = RTA_DST | RTA_GATEWAY; 217 fibnum = V_rt_add_addr_allfibs ? RT_ALL_FIBS : ifp->if_fib; 218 rt_missmsg_fib(type, &rtinfo, RTF_HOST | RTF_LLDATA | ( 219 type == RTM_ADD ? RTF_UP: 0), 0, fibnum); 220 } 221 222 /* 223 * A handler for interface link layer address change event. 224 */ 225 static void 226 nd6_iflladdr(void *arg __unused, struct ifnet *ifp) 227 { 228 if (ifp->if_afdata[AF_INET6] == NULL) 229 return; 230 231 lltable_update_ifaddr(LLTABLE6(ifp)); 232 } 233 234 void 235 nd6_init(void) 236 { 237 238 mtx_init(&V_nd6_onlink_mtx, "nd6 onlink", NULL, MTX_DEF); 239 rw_init(&V_nd6_lock, "nd6 list"); 240 241 LIST_INIT(&V_nd_prefix); 242 nd6_defrouter_init(); 243 244 /* Start timers. */ 245 callout_init(&V_nd6_slowtimo_ch, 1); 246 callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 247 nd6_slowtimo, curvnet); 248 249 callout_init(&V_nd6_timer_ch, 1); 250 callout_reset(&V_nd6_timer_ch, hz, nd6_timer, curvnet); 251 252 nd6_dad_init(); 253 if (IS_DEFAULT_VNET(curvnet)) { 254 lle_event_eh = EVENTHANDLER_REGISTER(lle_event, nd6_lle_event, 255 NULL, EVENTHANDLER_PRI_ANY); 256 iflladdr_event_eh = EVENTHANDLER_REGISTER(iflladdr_event, 257 nd6_iflladdr, NULL, EVENTHANDLER_PRI_ANY); 258 ifnet_link_event_eh = EVENTHANDLER_REGISTER(ifnet_link_event, 259 nd6_ifnet_link_event, NULL, EVENTHANDLER_PRI_ANY); 260 } 261 } 262 263 #ifdef VIMAGE 264 void 265 nd6_destroy(void) 266 { 267 268 callout_drain(&V_nd6_slowtimo_ch); 269 callout_drain(&V_nd6_timer_ch); 270 if (IS_DEFAULT_VNET(curvnet)) { 271 EVENTHANDLER_DEREGISTER(ifnet_link_event, ifnet_link_event_eh); 272 EVENTHANDLER_DEREGISTER(lle_event, lle_event_eh); 273 EVENTHANDLER_DEREGISTER(iflladdr_event, iflladdr_event_eh); 274 } 275 rw_destroy(&V_nd6_lock); 276 mtx_destroy(&V_nd6_onlink_mtx); 277 } 278 #endif 279 280 struct nd_ifinfo * 281 nd6_ifattach(struct ifnet *ifp) 282 { 283 struct nd_ifinfo *nd; 284 285 nd = malloc(sizeof(*nd), M_IP6NDP, M_WAITOK | M_ZERO); 286 nd->initialized = 1; 287 288 nd->chlim = IPV6_DEFHLIM; 289 nd->basereachable = REACHABLE_TIME; 290 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 291 nd->retrans = RETRANS_TIMER; 292 293 nd->flags = ND6_IFF_PERFORMNUD; 294 295 /* Set IPv6 disabled on all interfaces but loopback by default. */ 296 if ((ifp->if_flags & IFF_LOOPBACK) == 0) 297 nd->flags |= ND6_IFF_IFDISABLED; 298 299 /* A loopback interface always has ND6_IFF_AUTO_LINKLOCAL. 300 * XXXHRS: Clear ND6_IFF_AUTO_LINKLOCAL on an IFT_BRIDGE interface by 301 * default regardless of the V_ip6_auto_linklocal configuration to 302 * give a reasonable default behavior. 303 */ 304 if ((V_ip6_auto_linklocal && ifp->if_type != IFT_BRIDGE && 305 ifp->if_type != IFT_WIREGUARD) || (ifp->if_flags & IFF_LOOPBACK)) 306 nd->flags |= ND6_IFF_AUTO_LINKLOCAL; 307 /* 308 * A loopback interface does not need to accept RTADV. 309 * XXXHRS: Clear ND6_IFF_ACCEPT_RTADV on an IFT_BRIDGE interface by 310 * default regardless of the V_ip6_accept_rtadv configuration to 311 * prevent the interface from accepting RA messages arrived 312 * on one of the member interfaces with ND6_IFF_ACCEPT_RTADV. 313 */ 314 if (V_ip6_accept_rtadv && 315 !(ifp->if_flags & IFF_LOOPBACK) && 316 (ifp->if_type != IFT_BRIDGE)) { 317 nd->flags |= ND6_IFF_ACCEPT_RTADV; 318 /* If we globally accept rtadv, assume IPv6 on. */ 319 nd->flags &= ~ND6_IFF_IFDISABLED; 320 } 321 if (V_ip6_no_radr && !(ifp->if_flags & IFF_LOOPBACK)) 322 nd->flags |= ND6_IFF_NO_RADR; 323 324 /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */ 325 nd6_setmtu0(ifp, nd); 326 327 /* Configure default value for stable addresses algorithm, skip loopback interface */ 328 if (V_ip6_use_stableaddr && !(ifp->if_flags & IFF_LOOPBACK)) { 329 nd->flags |= ND6_IFF_STABLEADDR; 330 } 331 332 return nd; 333 } 334 335 void 336 nd6_ifdetach(struct ifnet *ifp, struct nd_ifinfo *nd) 337 { 338 struct epoch_tracker et; 339 struct ifaddr *ifa, *next; 340 341 NET_EPOCH_ENTER(et); 342 CK_STAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, next) { 343 if (ifa->ifa_addr->sa_family != AF_INET6) 344 continue; 345 346 /* stop DAD processing */ 347 nd6_dad_stop(ifa); 348 } 349 NET_EPOCH_EXIT(et); 350 351 free(nd, M_IP6NDP); 352 } 353 354 /* 355 * Reset ND level link MTU. This function is called when the physical MTU 356 * changes, which means we might have to adjust the ND level MTU. 357 */ 358 void 359 nd6_setmtu(struct ifnet *ifp) 360 { 361 if (ifp->if_afdata[AF_INET6] == NULL) 362 return; 363 364 nd6_setmtu0(ifp, ND_IFINFO(ifp)); 365 } 366 367 /* XXX todo: do not maintain copy of ifp->if_mtu in ndi->maxmtu */ 368 void 369 nd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi) 370 { 371 u_int32_t omaxmtu; 372 373 omaxmtu = ndi->maxmtu; 374 ndi->maxmtu = ifp->if_mtu; 375 376 /* 377 * Decreasing the interface MTU under IPV6 minimum MTU may cause 378 * undesirable situation. We thus notify the operator of the change 379 * explicitly. The check for omaxmtu is necessary to restrict the 380 * log to the case of changing the MTU, not initializing it. 381 */ 382 if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) { 383 log(LOG_NOTICE, "nd6_setmtu0: " 384 "new link MTU on %s (%lu) is too small for IPv6\n", 385 if_name(ifp), (unsigned long)ndi->maxmtu); 386 } 387 } 388 389 void 390 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 391 { 392 393 bzero(ndopts, sizeof(*ndopts)); 394 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 395 ndopts->nd_opts_last 396 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 397 398 if (icmp6len == 0) { 399 ndopts->nd_opts_done = 1; 400 ndopts->nd_opts_search = NULL; 401 } 402 } 403 404 /* 405 * Take one ND option. 406 */ 407 struct nd_opt_hdr * 408 nd6_option(union nd_opts *ndopts) 409 { 410 struct nd_opt_hdr *nd_opt; 411 int olen; 412 413 KASSERT(ndopts != NULL, ("%s: ndopts == NULL", __func__)); 414 KASSERT(ndopts->nd_opts_last != NULL, ("%s: uninitialized ndopts", 415 __func__)); 416 if (ndopts->nd_opts_search == NULL) 417 return NULL; 418 if (ndopts->nd_opts_done) 419 return NULL; 420 421 nd_opt = ndopts->nd_opts_search; 422 423 /* make sure nd_opt_len is inside the buffer */ 424 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 425 bzero(ndopts, sizeof(*ndopts)); 426 return NULL; 427 } 428 429 olen = nd_opt->nd_opt_len << 3; 430 if (olen == 0) { 431 /* 432 * Message validation requires that all included 433 * options have a length that is greater than zero. 434 */ 435 bzero(ndopts, sizeof(*ndopts)); 436 return NULL; 437 } 438 439 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 440 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 441 /* option overruns the end of buffer, invalid */ 442 bzero(ndopts, sizeof(*ndopts)); 443 return NULL; 444 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 445 /* reached the end of options chain */ 446 ndopts->nd_opts_done = 1; 447 ndopts->nd_opts_search = NULL; 448 } 449 return nd_opt; 450 } 451 452 /* 453 * Parse multiple ND options. 454 * This function is much easier to use, for ND routines that do not need 455 * multiple options of the same type. 456 */ 457 int 458 nd6_options(union nd_opts *ndopts) 459 { 460 struct nd_opt_hdr *nd_opt; 461 int i = 0; 462 463 KASSERT(ndopts != NULL, ("%s: ndopts == NULL", __func__)); 464 KASSERT(ndopts->nd_opts_last != NULL, ("%s: uninitialized ndopts", 465 __func__)); 466 if (ndopts->nd_opts_search == NULL) 467 return 0; 468 469 while (1) { 470 nd_opt = nd6_option(ndopts); 471 if (nd_opt == NULL && ndopts->nd_opts_last == NULL) { 472 /* 473 * Message validation requires that all included 474 * options have a length that is greater than zero. 475 */ 476 ICMP6STAT_INC(icp6s_nd_badopt); 477 bzero(ndopts, sizeof(*ndopts)); 478 return -1; 479 } 480 481 if (nd_opt == NULL) 482 goto skip1; 483 484 switch (nd_opt->nd_opt_type) { 485 case ND_OPT_SOURCE_LINKADDR: 486 case ND_OPT_TARGET_LINKADDR: 487 case ND_OPT_MTU: 488 case ND_OPT_REDIRECTED_HEADER: 489 case ND_OPT_NONCE: 490 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 491 nd6log((LOG_INFO, 492 "duplicated ND6 option found (type=%d)\n", 493 nd_opt->nd_opt_type)); 494 /* XXX bark? */ 495 } else { 496 ndopts->nd_opt_array[nd_opt->nd_opt_type] 497 = nd_opt; 498 } 499 break; 500 case ND_OPT_PREFIX_INFORMATION: 501 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 502 ndopts->nd_opt_array[nd_opt->nd_opt_type] 503 = nd_opt; 504 } 505 ndopts->nd_opts_pi_end = 506 (struct nd_opt_prefix_info *)nd_opt; 507 break; 508 /* What about ND_OPT_ROUTE_INFO? RFC 4191 */ 509 case ND_OPT_RDNSS: /* RFC 6106 */ 510 case ND_OPT_DNSSL: /* RFC 6106 */ 511 /* 512 * Silently ignore options we know and do not care about 513 * in the kernel. 514 */ 515 break; 516 default: 517 /* 518 * Unknown options must be silently ignored, 519 * to accommodate future extension to the protocol. 520 */ 521 nd6log((LOG_DEBUG, 522 "nd6_options: unsupported option %d - " 523 "option ignored\n", nd_opt->nd_opt_type)); 524 } 525 526 skip1: 527 i++; 528 if (i > V_nd6_maxndopt) { 529 ICMP6STAT_INC(icp6s_nd_toomanyopt); 530 nd6log((LOG_INFO, "too many loop in nd opt\n")); 531 break; 532 } 533 534 if (ndopts->nd_opts_done) 535 break; 536 } 537 538 return 0; 539 } 540 541 /* 542 * ND6 timer routine to handle ND6 entries 543 */ 544 static void 545 nd6_llinfo_settimer_locked(struct llentry *ln, long tick) 546 { 547 int canceled; 548 549 LLE_WLOCK_ASSERT(ln); 550 551 /* Do not schedule timers for child LLEs. */ 552 if (ln->la_flags & LLE_CHILD) 553 return; 554 555 if (tick < 0) { 556 ln->la_expire = 0; 557 ln->ln_ntick = 0; 558 canceled = callout_stop(&ln->lle_timer); 559 } else { 560 ln->la_expire = time_uptime + tick / hz; 561 LLE_ADDREF(ln); 562 if (tick > INT_MAX) { 563 ln->ln_ntick = tick - INT_MAX; 564 canceled = callout_reset(&ln->lle_timer, INT_MAX, 565 nd6_llinfo_timer, ln); 566 } else { 567 ln->ln_ntick = 0; 568 canceled = callout_reset(&ln->lle_timer, tick, 569 nd6_llinfo_timer, ln); 570 } 571 } 572 if (canceled > 0) 573 LLE_REMREF(ln); 574 } 575 576 /* 577 * Gets source address of the first packet in hold queue 578 * and stores it in @src. 579 * Returns pointer to @src (if hold queue is not empty) or NULL. 580 * 581 * Set noinline to be dtrace-friendly 582 */ 583 static __noinline struct in6_addr * 584 nd6_llinfo_get_holdsrc(struct llentry *ln, struct in6_addr *src) 585 { 586 struct ip6_hdr hdr; 587 struct mbuf *m; 588 589 if (ln->la_hold == NULL) 590 return (NULL); 591 592 /* 593 * assume every packet in la_hold has the same IP header 594 */ 595 m = ln->la_hold; 596 if (sizeof(hdr) > m->m_len) 597 return (NULL); 598 599 m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr); 600 *src = hdr.ip6_src; 601 602 return (src); 603 } 604 605 /* 606 * Checks if we need to switch from STALE state. 607 * 608 * RFC 4861 requires switching from STALE to DELAY state 609 * on first packet matching entry, waiting V_nd6_delay and 610 * transition to PROBE state (if upper layer confirmation was 611 * not received). 612 * 613 * This code performs a bit differently: 614 * On packet hit we don't change state (but desired state 615 * can be guessed by control plane). However, after V_nd6_delay 616 * seconds code will transition to PROBE state (so DELAY state 617 * is kinda skipped in most situations). 618 * 619 * Typically, V_nd6_gctimer is bigger than V_nd6_delay, so 620 * we perform the following upon entering STALE state: 621 * 622 * 1) Arm timer to run each V_nd6_delay seconds to make sure that 623 * if packet was transmitted at the start of given interval, we 624 * would be able to switch to PROBE state in V_nd6_delay seconds 625 * as user expects. 626 * 627 * 2) Reschedule timer until original V_nd6_gctimer expires keeping 628 * lle in STALE state (remaining timer value stored in lle_remtime). 629 * 630 * 3) Reschedule timer if packet was transmitted less that V_nd6_delay 631 * seconds ago. 632 * 633 * Returns non-zero value if the entry is still STALE (storing 634 * the next timer interval in @pdelay). 635 * 636 * Returns zero value if original timer expired or we need to switch to 637 * PROBE (store that in @do_switch variable). 638 */ 639 static int 640 nd6_is_stale(struct llentry *lle, long *pdelay, int *do_switch) 641 { 642 int nd_delay, nd_gctimer; 643 time_t lle_hittime; 644 long delay; 645 646 *do_switch = 0; 647 nd_gctimer = V_nd6_gctimer; 648 nd_delay = V_nd6_delay; 649 650 lle_hittime = llentry_get_hittime(lle); 651 652 if (lle_hittime == 0) { 653 /* 654 * Datapath feedback has been requested upon entering 655 * STALE state. No packets has been passed using this lle. 656 * Ask for the timer reschedule and keep STALE state. 657 */ 658 delay = (long)(MIN(nd_gctimer, nd_delay)); 659 delay *= hz; 660 if (lle->lle_remtime > delay) 661 lle->lle_remtime -= delay; 662 else { 663 delay = lle->lle_remtime; 664 lle->lle_remtime = 0; 665 } 666 667 if (delay == 0) { 668 /* 669 * The original ng6_gctime timeout ended, 670 * no more rescheduling. 671 */ 672 return (0); 673 } 674 675 *pdelay = delay; 676 return (1); 677 } 678 679 /* 680 * Packet received. Verify timestamp 681 */ 682 delay = (long)(time_uptime - lle_hittime); 683 if (delay < nd_delay) { 684 /* 685 * V_nd6_delay still not passed since the first 686 * hit in STALE state. 687 * Reschedule timer and return. 688 */ 689 *pdelay = (long)(nd_delay - delay) * hz; 690 return (1); 691 } 692 693 /* Request switching to probe */ 694 *do_switch = 1; 695 return (0); 696 } 697 698 /* 699 * Switch @lle state to new state optionally arming timers. 700 * 701 * Set noinline to be dtrace-friendly 702 */ 703 __noinline void 704 nd6_llinfo_setstate(struct llentry *lle, int newstate) 705 { 706 struct ifnet *ifp; 707 int nd_gctimer, nd_delay; 708 long delay, remtime; 709 710 delay = 0; 711 remtime = 0; 712 713 switch (newstate) { 714 case ND6_LLINFO_INCOMPLETE: 715 ifp = lle->lle_tbl->llt_ifp; 716 delay = (long)ND_IFINFO(ifp)->retrans * hz / 1000; 717 break; 718 case ND6_LLINFO_REACHABLE: 719 if (!ND6_LLINFO_PERMANENT(lle)) { 720 ifp = lle->lle_tbl->llt_ifp; 721 delay = (long)ND_IFINFO(ifp)->reachable * hz; 722 } 723 break; 724 case ND6_LLINFO_STALE: 725 726 llentry_request_feedback(lle); 727 nd_delay = V_nd6_delay; 728 nd_gctimer = V_nd6_gctimer; 729 730 delay = (long)(MIN(nd_gctimer, nd_delay)) * hz; 731 remtime = (long)nd_gctimer * hz - delay; 732 break; 733 case ND6_LLINFO_DELAY: 734 lle->la_asked = 0; 735 delay = (long)V_nd6_delay * hz; 736 break; 737 } 738 739 if (delay > 0) 740 nd6_llinfo_settimer_locked(lle, delay); 741 742 lle->lle_remtime = remtime; 743 lle->ln_state = newstate; 744 } 745 746 /* 747 * Timer-dependent part of nd state machine. 748 * 749 * Set noinline to be dtrace-friendly 750 */ 751 static __noinline void 752 nd6_llinfo_timer(void *arg) 753 { 754 struct epoch_tracker et; 755 struct llentry *ln; 756 struct in6_addr *dst, *pdst, *psrc, src; 757 struct ifnet *ifp; 758 struct nd_ifinfo *ndi; 759 int do_switch, send_ns; 760 long delay; 761 762 KASSERT(arg != NULL, ("%s: arg NULL", __func__)); 763 ln = (struct llentry *)arg; 764 ifp = lltable_get_ifp(ln->lle_tbl); 765 CURVNET_SET(ifp->if_vnet); 766 767 ND6_RLOCK(); 768 LLE_WLOCK(ln); 769 if (callout_pending(&ln->lle_timer)) { 770 /* 771 * Here we are a bit odd here in the treatment of 772 * active/pending. If the pending bit is set, it got 773 * rescheduled before I ran. The active 774 * bit we ignore, since if it was stopped 775 * in ll_tablefree() and was currently running 776 * it would have return 0 so the code would 777 * not have deleted it since the callout could 778 * not be stopped so we want to go through 779 * with the delete here now. If the callout 780 * was restarted, the pending bit will be back on and 781 * we just want to bail since the callout_reset would 782 * return 1 and our reference would have been removed 783 * by nd6_llinfo_settimer_locked above since canceled 784 * would have been 1. 785 */ 786 LLE_WUNLOCK(ln); 787 ND6_RUNLOCK(); 788 CURVNET_RESTORE(); 789 return; 790 } 791 NET_EPOCH_ENTER(et); 792 ndi = ND_IFINFO(ifp); 793 send_ns = 0; 794 dst = &ln->r_l3addr.addr6; 795 pdst = dst; 796 797 if (ln->ln_ntick > 0) { 798 if (ln->ln_ntick > INT_MAX) { 799 ln->ln_ntick -= INT_MAX; 800 nd6_llinfo_settimer_locked(ln, INT_MAX); 801 } else { 802 ln->ln_ntick = 0; 803 nd6_llinfo_settimer_locked(ln, ln->ln_ntick); 804 } 805 goto done; 806 } 807 808 if (ln->la_flags & LLE_STATIC) { 809 goto done; 810 } 811 812 if (ln->la_flags & LLE_DELETED) { 813 nd6_free(&ln, 0); 814 goto done; 815 } 816 817 switch (ln->ln_state) { 818 case ND6_LLINFO_INCOMPLETE: 819 if (ln->la_asked < V_nd6_mmaxtries) { 820 ln->la_asked++; 821 send_ns = 1; 822 /* Send NS to multicast address */ 823 pdst = NULL; 824 } else { 825 struct mbuf *m; 826 827 ICMP6STAT_ADD(icp6s_dropped, ln->la_numheld); 828 829 m = ln->la_hold; 830 if (m != NULL) { 831 /* 832 * assuming every packet in la_hold has the 833 * same IP header. Send error after unlock. 834 */ 835 ln->la_hold = m->m_nextpkt; 836 m->m_nextpkt = NULL; 837 ln->la_numheld--; 838 } 839 nd6_free(&ln, 0); 840 if (m != NULL) { 841 struct mbuf *n = m; 842 843 /* 844 * if there are any ummapped mbufs, we 845 * must free them, rather than using 846 * them for an ICMP, as they cannot be 847 * checksummed. 848 */ 849 while ((n = n->m_next) != NULL) { 850 if (n->m_flags & M_EXTPG) 851 break; 852 } 853 if (n != NULL) { 854 m_freem(m); 855 m = NULL; 856 } else { 857 icmp6_error2(m, ICMP6_DST_UNREACH, 858 ICMP6_DST_UNREACH_ADDR, 0, ifp); 859 } 860 } 861 } 862 break; 863 case ND6_LLINFO_REACHABLE: 864 if (!ND6_LLINFO_PERMANENT(ln)) 865 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE); 866 break; 867 868 case ND6_LLINFO_STALE: 869 if (nd6_is_stale(ln, &delay, &do_switch) != 0) { 870 /* 871 * No packet has used this entry and GC timeout 872 * has not been passed. Reschedule timer and 873 * return. 874 */ 875 nd6_llinfo_settimer_locked(ln, delay); 876 break; 877 } 878 879 if (do_switch == 0) { 880 /* 881 * GC timer has ended and entry hasn't been used. 882 * Run Garbage collector (RFC 4861, 5.3) 883 */ 884 if (!ND6_LLINFO_PERMANENT(ln)) 885 nd6_free(&ln, 1); 886 break; 887 } 888 889 /* Entry has been used AND delay timer has ended. */ 890 891 /* FALLTHROUGH */ 892 893 case ND6_LLINFO_DELAY: 894 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) { 895 /* We need NUD */ 896 ln->la_asked = 1; 897 nd6_llinfo_setstate(ln, ND6_LLINFO_PROBE); 898 send_ns = 1; 899 } else 900 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE); /* XXX */ 901 break; 902 case ND6_LLINFO_PROBE: 903 if (ln->la_asked < V_nd6_umaxtries) { 904 ln->la_asked++; 905 send_ns = 1; 906 } else { 907 nd6_free(&ln, 0); 908 } 909 break; 910 default: 911 panic("%s: paths in a dark night can be confusing: %d", 912 __func__, ln->ln_state); 913 } 914 done: 915 if (ln != NULL) 916 ND6_RUNLOCK(); 917 if (send_ns != 0) { 918 nd6_llinfo_settimer_locked(ln, (long)ndi->retrans * hz / 1000); 919 psrc = nd6_llinfo_get_holdsrc(ln, &src); 920 LLE_FREE_LOCKED(ln); 921 ln = NULL; 922 nd6_ns_output(ifp, psrc, pdst, dst, NULL); 923 } 924 925 if (ln != NULL) 926 LLE_FREE_LOCKED(ln); 927 NET_EPOCH_EXIT(et); 928 CURVNET_RESTORE(); 929 } 930 931 /* 932 * ND6 timer routine to expire default route list and prefix list 933 */ 934 void 935 nd6_timer(void *arg) 936 { 937 CURVNET_SET((struct vnet *) arg); 938 struct epoch_tracker et; 939 struct nd_prhead prl; 940 struct nd_prefix *pr, *npr; 941 struct ifnet *ifp; 942 struct in6_ifaddr *ia6, *nia6; 943 uint64_t genid; 944 945 LIST_INIT(&prl); 946 947 NET_EPOCH_ENTER(et); 948 nd6_defrouter_timer(); 949 950 /* 951 * expire interface addresses. 952 * in the past the loop was inside prefix expiry processing. 953 * However, from a stricter speci-confrmance standpoint, we should 954 * rather separate address lifetimes and prefix lifetimes. 955 * 956 * XXXRW: in6_ifaddrhead locking. 957 */ 958 addrloop: 959 CK_STAILQ_FOREACH_SAFE(ia6, &V_in6_ifaddrhead, ia_link, nia6) { 960 /* check address lifetime */ 961 if (IFA6_IS_INVALID(ia6)) { 962 int regen = 0; 963 964 /* 965 * If the expiring address is temporary, try 966 * regenerating a new one. This would be useful when 967 * we suspended a laptop PC, then turned it on after a 968 * period that could invalidate all temporary 969 * addresses. Although we may have to restart the 970 * loop (see below), it must be after purging the 971 * address. Otherwise, we'd see an infinite loop of 972 * regeneration. 973 */ 974 if (V_ip6_use_tempaddr && 975 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) { 976 if (regen_tmpaddr(ia6) == 0) 977 regen = 1; 978 } 979 980 in6_purgeaddr(&ia6->ia_ifa); 981 982 if (regen) 983 goto addrloop; /* XXX: see below */ 984 } else if (IFA6_IS_DEPRECATED(ia6)) { 985 int oldflags = ia6->ia6_flags; 986 987 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 988 989 /* 990 * If a temporary address has just become deprecated, 991 * regenerate a new one if possible. 992 */ 993 if (V_ip6_use_tempaddr && 994 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 995 (oldflags & IN6_IFF_DEPRECATED) == 0) { 996 if (regen_tmpaddr(ia6) == 0) { 997 /* 998 * A new temporary address is 999 * generated. 1000 * XXX: this means the address chain 1001 * has changed while we are still in 1002 * the loop. Although the change 1003 * would not cause disaster (because 1004 * it's not a deletion, but an 1005 * addition,) we'd rather restart the 1006 * loop just for safety. Or does this 1007 * significantly reduce performance?? 1008 */ 1009 goto addrloop; 1010 } 1011 } 1012 } else if ((ia6->ia6_flags & IN6_IFF_TENTATIVE) != 0) { 1013 /* 1014 * Schedule DAD for a tentative address. This happens 1015 * if the interface was down or not running 1016 * when the address was configured. 1017 */ 1018 int delay; 1019 1020 delay = arc4random() % 1021 (MAX_RTR_SOLICITATION_DELAY * hz); 1022 nd6_dad_start((struct ifaddr *)ia6, delay); 1023 } else { 1024 /* 1025 * Check status of the interface. If it is down, 1026 * mark the address as tentative for future DAD. 1027 */ 1028 ifp = ia6->ia_ifp; 1029 if ((ND_IFINFO(ifp)->flags & ND6_IFF_NO_DAD) == 0 && 1030 ((ifp->if_flags & IFF_UP) == 0 || 1031 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 || 1032 (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) != 0)){ 1033 ia6->ia6_flags &= ~IN6_IFF_DUPLICATED; 1034 ia6->ia6_flags |= IN6_IFF_TENTATIVE; 1035 } 1036 1037 /* 1038 * A new RA might have made a deprecated address 1039 * preferred. 1040 */ 1041 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 1042 } 1043 } 1044 NET_EPOCH_EXIT(et); 1045 1046 ND6_WLOCK(); 1047 restart: 1048 LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) { 1049 /* 1050 * Expire prefixes. Since the pltime is only used for 1051 * autoconfigured addresses, pltime processing for prefixes is 1052 * not necessary. 1053 * 1054 * Only unlink after all derived addresses have expired. This 1055 * may not occur until two hours after the prefix has expired 1056 * per RFC 4862. If the prefix expires before its derived 1057 * addresses, mark it off-link. This will be done automatically 1058 * after unlinking if no address references remain. 1059 */ 1060 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME || 1061 time_uptime - pr->ndpr_lastupdate <= pr->ndpr_vltime) 1062 continue; 1063 1064 if (pr->ndpr_addrcnt == 0) { 1065 nd6_prefix_unlink(pr, &prl); 1066 continue; 1067 } 1068 if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0) { 1069 genid = V_nd6_list_genid; 1070 nd6_prefix_ref(pr); 1071 ND6_WUNLOCK(); 1072 ND6_ONLINK_LOCK(); 1073 (void)nd6_prefix_offlink(pr); 1074 ND6_ONLINK_UNLOCK(); 1075 ND6_WLOCK(); 1076 nd6_prefix_rele(pr); 1077 if (genid != V_nd6_list_genid) 1078 goto restart; 1079 } 1080 } 1081 ND6_WUNLOCK(); 1082 1083 while ((pr = LIST_FIRST(&prl)) != NULL) { 1084 LIST_REMOVE(pr, ndpr_entry); 1085 nd6_prefix_del(pr); 1086 } 1087 1088 callout_reset(&V_nd6_timer_ch, V_nd6_prune * hz, 1089 nd6_timer, curvnet); 1090 1091 CURVNET_RESTORE(); 1092 } 1093 1094 /* 1095 * ia6 - deprecated/invalidated temporary address 1096 */ 1097 static int 1098 regen_tmpaddr(struct in6_ifaddr *ia6) 1099 { 1100 struct ifaddr *ifa; 1101 struct ifnet *ifp; 1102 struct in6_ifaddr *public_ifa6 = NULL; 1103 1104 NET_EPOCH_ASSERT(); 1105 1106 ifp = ia6->ia_ifa.ifa_ifp; 1107 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1108 struct in6_ifaddr *it6; 1109 1110 if (ifa->ifa_addr->sa_family != AF_INET6) 1111 continue; 1112 1113 it6 = (struct in6_ifaddr *)ifa; 1114 1115 /* ignore no autoconf addresses. */ 1116 if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1117 continue; 1118 1119 /* ignore autoconf addresses with different prefixes. */ 1120 if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr) 1121 continue; 1122 1123 /* 1124 * Now we are looking at an autoconf address with the same 1125 * prefix as ours. If the address is temporary and is still 1126 * preferred, do not create another one. It would be rare, but 1127 * could happen, for example, when we resume a laptop PC after 1128 * a long period. 1129 */ 1130 if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 1131 !IFA6_IS_DEPRECATED(it6)) { 1132 public_ifa6 = NULL; 1133 break; 1134 } 1135 1136 /* 1137 * This is a public autoconf address that has the same prefix 1138 * as ours. If it is preferred, keep it. We can't break the 1139 * loop here, because there may be a still-preferred temporary 1140 * address with the prefix. 1141 */ 1142 if (!IFA6_IS_DEPRECATED(it6)) 1143 public_ifa6 = it6; 1144 } 1145 if (public_ifa6 != NULL) 1146 ifa_ref(&public_ifa6->ia_ifa); 1147 1148 if (public_ifa6 != NULL) { 1149 int e; 1150 1151 if ((e = in6_tmpifadd(public_ifa6, 0, 0)) != 0) { 1152 ifa_free(&public_ifa6->ia_ifa); 1153 log(LOG_NOTICE, "regen_tmpaddr: failed to create a new" 1154 " tmp addr,errno=%d\n", e); 1155 return (-1); 1156 } 1157 ifa_free(&public_ifa6->ia_ifa); 1158 return (0); 1159 } 1160 1161 return (-1); 1162 } 1163 1164 /* 1165 * Remove prefix and default router list entries corresponding to ifp. Neighbor 1166 * cache entries are freed in in6_domifdetach(). 1167 */ 1168 void 1169 nd6_purge(struct ifnet *ifp) 1170 { 1171 struct nd_prhead prl; 1172 struct nd_prefix *pr, *npr; 1173 1174 LIST_INIT(&prl); 1175 1176 /* Purge default router list entries toward ifp. */ 1177 nd6_defrouter_purge(ifp); 1178 1179 ND6_WLOCK(); 1180 /* 1181 * Remove prefixes on ifp. We should have already removed addresses on 1182 * this interface, so no addresses should be referencing these prefixes. 1183 */ 1184 LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) { 1185 if (pr->ndpr_ifp == ifp) 1186 nd6_prefix_unlink(pr, &prl); 1187 } 1188 ND6_WUNLOCK(); 1189 1190 /* Delete the unlinked prefix objects. */ 1191 while ((pr = LIST_FIRST(&prl)) != NULL) { 1192 LIST_REMOVE(pr, ndpr_entry); 1193 nd6_prefix_del(pr); 1194 } 1195 1196 /* cancel default outgoing interface setting */ 1197 if (V_nd6_defifindex == ifp->if_index) 1198 nd6_setdefaultiface(0); 1199 1200 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) { 1201 /* Refresh default router list. */ 1202 defrouter_select_fib(ifp->if_fib); 1203 } 1204 } 1205 1206 /* 1207 * the caller acquires and releases the lock on the lltbls 1208 * Returns the llentry locked 1209 */ 1210 struct llentry * 1211 nd6_lookup(const struct in6_addr *addr6, int flags, struct ifnet *ifp) 1212 { 1213 struct sockaddr_in6 sin6; 1214 struct llentry *ln; 1215 1216 bzero(&sin6, sizeof(sin6)); 1217 sin6.sin6_len = sizeof(struct sockaddr_in6); 1218 sin6.sin6_family = AF_INET6; 1219 sin6.sin6_addr = *addr6; 1220 1221 IF_AFDATA_LOCK_ASSERT(ifp); 1222 1223 ln = lla_lookup(LLTABLE6(ifp), flags, (struct sockaddr *)&sin6); 1224 1225 return (ln); 1226 } 1227 1228 static struct llentry * 1229 nd6_alloc(const struct in6_addr *addr6, int flags, struct ifnet *ifp) 1230 { 1231 struct sockaddr_in6 sin6; 1232 struct llentry *ln; 1233 1234 bzero(&sin6, sizeof(sin6)); 1235 sin6.sin6_len = sizeof(struct sockaddr_in6); 1236 sin6.sin6_family = AF_INET6; 1237 sin6.sin6_addr = *addr6; 1238 1239 ln = lltable_alloc_entry(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6); 1240 if (ln != NULL) 1241 ln->ln_state = ND6_LLINFO_NOSTATE; 1242 1243 return (ln); 1244 } 1245 1246 /* 1247 * Test whether a given IPv6 address can be a neighbor. 1248 */ 1249 static bool 1250 nd6_is_new_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp) 1251 { 1252 1253 /* 1254 * A link-local address is always a neighbor. 1255 * XXX: a link does not necessarily specify a single interface. 1256 */ 1257 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) { 1258 struct sockaddr_in6 sin6_copy; 1259 u_int32_t zone; 1260 1261 /* 1262 * We need sin6_copy since sa6_recoverscope() may modify the 1263 * content (XXX). 1264 */ 1265 sin6_copy = *addr; 1266 if (sa6_recoverscope(&sin6_copy)) 1267 return (0); /* XXX: should be impossible */ 1268 if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone)) 1269 return (0); 1270 if (sin6_copy.sin6_scope_id == zone) 1271 return (1); 1272 else 1273 return (0); 1274 } 1275 /* Checking global unicast */ 1276 1277 /* If an address is directly reachable, it is a neigbor */ 1278 struct nhop_object *nh; 1279 nh = fib6_lookup(ifp->if_fib, &addr->sin6_addr, 0, NHR_NONE, 0); 1280 if (nh != NULL && nh->nh_aifp == ifp && (nh->nh_flags & NHF_GATEWAY) == 0) 1281 return (true); 1282 1283 /* 1284 * Check prefixes with desired on-link state, as some may be not 1285 * installed in the routing table. 1286 */ 1287 bool matched = false; 1288 struct nd_prefix *pr; 1289 ND6_RLOCK(); 1290 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) { 1291 if (pr->ndpr_ifp != ifp) 1292 continue; 1293 if ((pr->ndpr_stateflags & NDPRF_ONLINK) == 0) 1294 continue; 1295 if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, 1296 &addr->sin6_addr, &pr->ndpr_mask)) { 1297 matched = true; 1298 break; 1299 } 1300 } 1301 ND6_RUNLOCK(); 1302 if (matched) 1303 return (true); 1304 1305 /* 1306 * If the address is assigned on the node of the other side of 1307 * a p2p interface, the address should be a neighbor. 1308 */ 1309 if (ifp->if_flags & IFF_POINTOPOINT) { 1310 struct ifaddr *ifa; 1311 1312 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1313 if (ifa->ifa_addr->sa_family != addr->sin6_family) 1314 continue; 1315 if (ifa->ifa_dstaddr != NULL && 1316 sa_equal(addr, ifa->ifa_dstaddr)) { 1317 return (true); 1318 } 1319 } 1320 } 1321 1322 /* 1323 * If the default router list is empty, all addresses are regarded 1324 * as on-link, and thus, as a neighbor. 1325 */ 1326 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && 1327 nd6_defrouter_list_empty() && 1328 V_nd6_defifindex == ifp->if_index) { 1329 return (1); 1330 } 1331 1332 return (0); 1333 } 1334 1335 /* 1336 * Detect if a given IPv6 address identifies a neighbor on a given link. 1337 * XXX: should take care of the destination of a p2p link? 1338 */ 1339 int 1340 nd6_is_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp) 1341 { 1342 struct llentry *lle; 1343 int rc = 0; 1344 1345 NET_EPOCH_ASSERT(); 1346 IF_AFDATA_UNLOCK_ASSERT(ifp); 1347 if (nd6_is_new_addr_neighbor(addr, ifp)) 1348 return (1); 1349 1350 /* 1351 * Even if the address matches none of our addresses, it might be 1352 * in the neighbor cache. 1353 */ 1354 if ((lle = nd6_lookup(&addr->sin6_addr, LLE_SF(AF_INET6, 0), ifp)) != NULL) { 1355 LLE_RUNLOCK(lle); 1356 rc = 1; 1357 } 1358 return (rc); 1359 } 1360 1361 static __noinline void 1362 nd6_free_children(struct llentry *lle) 1363 { 1364 struct llentry *child_lle; 1365 1366 NET_EPOCH_ASSERT(); 1367 LLE_WLOCK_ASSERT(lle); 1368 1369 while ((child_lle = CK_SLIST_FIRST(&lle->lle_children)) != NULL) { 1370 LLE_WLOCK(child_lle); 1371 lltable_unlink_child_entry(child_lle); 1372 llentry_free(child_lle); 1373 } 1374 } 1375 1376 /* 1377 * Tries to update @lle address/prepend data with new @lladdr. 1378 * 1379 * Returns true on success. 1380 * In any case, @lle is returned wlocked. 1381 */ 1382 static __noinline bool 1383 nd6_try_set_entry_addr_locked(struct ifnet *ifp, struct llentry *lle, char *lladdr) 1384 { 1385 u_char buf[LLE_MAX_LINKHDR]; 1386 int fam, off; 1387 size_t sz; 1388 1389 sz = sizeof(buf); 1390 if (lltable_calc_llheader(ifp, AF_INET6, lladdr, buf, &sz, &off) != 0) 1391 return (false); 1392 1393 /* Update data */ 1394 lltable_set_entry_addr(ifp, lle, buf, sz, off); 1395 1396 struct llentry *child_lle; 1397 CK_SLIST_FOREACH(child_lle, &lle->lle_children, lle_child_next) { 1398 LLE_WLOCK(child_lle); 1399 fam = child_lle->r_family; 1400 sz = sizeof(buf); 1401 if (lltable_calc_llheader(ifp, fam, lladdr, buf, &sz, &off) == 0) { 1402 /* success */ 1403 lltable_set_entry_addr(ifp, child_lle, buf, sz, off); 1404 child_lle->ln_state = ND6_LLINFO_REACHABLE; 1405 } 1406 LLE_WUNLOCK(child_lle); 1407 } 1408 1409 return (true); 1410 } 1411 1412 bool 1413 nd6_try_set_entry_addr(struct ifnet *ifp, struct llentry *lle, char *lladdr) 1414 { 1415 NET_EPOCH_ASSERT(); 1416 LLE_WLOCK_ASSERT(lle); 1417 1418 if (!lltable_acquire_wlock(ifp, lle)) 1419 return (false); 1420 bool ret = nd6_try_set_entry_addr_locked(ifp, lle, lladdr); 1421 IF_AFDATA_WUNLOCK(ifp); 1422 1423 return (ret); 1424 } 1425 1426 /* 1427 * Free an nd6 llinfo entry. 1428 * Since the function would cause significant changes in the kernel, DO NOT 1429 * make it global, unless you have a strong reason for the change, and are sure 1430 * that the change is safe. 1431 * 1432 * Set noinline to be dtrace-friendly 1433 */ 1434 static __noinline void 1435 nd6_free(struct llentry **lnp, int gc) 1436 { 1437 struct ifnet *ifp; 1438 struct llentry *ln; 1439 struct nd_defrouter *dr; 1440 1441 ln = *lnp; 1442 *lnp = NULL; 1443 1444 LLE_WLOCK_ASSERT(ln); 1445 ND6_RLOCK_ASSERT(); 1446 1447 KASSERT((ln->la_flags & LLE_CHILD) == 0, ("child lle")); 1448 1449 ifp = lltable_get_ifp(ln->lle_tbl); 1450 if ((ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) != 0) 1451 dr = defrouter_lookup_locked(&ln->r_l3addr.addr6, ifp); 1452 else 1453 dr = NULL; 1454 ND6_RUNLOCK(); 1455 1456 if ((ln->la_flags & LLE_DELETED) == 0) 1457 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_EXPIRED); 1458 1459 /* 1460 * we used to have pfctlinput(PRC_HOSTDEAD) here. 1461 * even though it is not harmful, it was not really necessary. 1462 */ 1463 1464 /* cancel timer */ 1465 nd6_llinfo_settimer_locked(ln, -1); 1466 1467 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) { 1468 if (dr != NULL && dr->expire && 1469 ln->ln_state == ND6_LLINFO_STALE && gc) { 1470 /* 1471 * If the reason for the deletion is just garbage 1472 * collection, and the neighbor is an active default 1473 * router, do not delete it. Instead, reset the GC 1474 * timer using the router's lifetime. 1475 * Simply deleting the entry would affect default 1476 * router selection, which is not necessarily a good 1477 * thing, especially when we're using router preference 1478 * values. 1479 * XXX: the check for ln_state would be redundant, 1480 * but we intentionally keep it just in case. 1481 */ 1482 if (dr->expire > time_uptime) 1483 nd6_llinfo_settimer_locked(ln, 1484 (dr->expire - time_uptime) * hz); 1485 else 1486 nd6_llinfo_settimer_locked(ln, 1487 (long)V_nd6_gctimer * hz); 1488 1489 LLE_REMREF(ln); 1490 LLE_WUNLOCK(ln); 1491 defrouter_rele(dr); 1492 return; 1493 } 1494 1495 if (dr) { 1496 /* 1497 * Unreachability of a router might affect the default 1498 * router selection and on-link detection of advertised 1499 * prefixes. 1500 */ 1501 1502 /* 1503 * Temporarily fake the state to choose a new default 1504 * router and to perform on-link determination of 1505 * prefixes correctly. 1506 * Below the state will be set correctly, 1507 * or the entry itself will be deleted. 1508 */ 1509 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1510 } 1511 1512 if (ln->ln_router || dr) { 1513 /* 1514 * We need to unlock to avoid a LOR with rt6_flush() with the 1515 * rnh and for the calls to pfxlist_onlink_check() and 1516 * defrouter_select_fib() in the block further down for calls 1517 * into nd6_lookup(). We still hold a ref. 1518 */ 1519 LLE_WUNLOCK(ln); 1520 1521 /* 1522 * rt6_flush must be called whether or not the neighbor 1523 * is in the Default Router List. 1524 * See a corresponding comment in nd6_na_input(). 1525 */ 1526 rt6_flush(&ln->r_l3addr.addr6, ifp); 1527 } 1528 1529 if (dr) { 1530 /* 1531 * Since defrouter_select_fib() does not affect the 1532 * on-link determination and MIP6 needs the check 1533 * before the default router selection, we perform 1534 * the check now. 1535 */ 1536 pfxlist_onlink_check(); 1537 1538 /* 1539 * Refresh default router list. 1540 */ 1541 defrouter_select_fib(dr->ifp->if_fib); 1542 } 1543 1544 /* 1545 * If this entry was added by an on-link redirect, remove the 1546 * corresponding host route. 1547 */ 1548 if (ln->la_flags & LLE_REDIRECT) 1549 nd6_free_redirect(ln); 1550 1551 if (ln->ln_router || dr) 1552 LLE_WLOCK(ln); 1553 } 1554 1555 /* 1556 * Save to unlock. We still hold an extra reference and will not 1557 * free(9) in llentry_free() if someone else holds one as well. 1558 */ 1559 LLE_WUNLOCK(ln); 1560 IF_AFDATA_LOCK(ifp); 1561 LLE_WLOCK(ln); 1562 /* Guard against race with other llentry_free(). */ 1563 if (ln->la_flags & LLE_LINKED) { 1564 /* Remove callout reference */ 1565 LLE_REMREF(ln); 1566 lltable_unlink_entry(ln->lle_tbl, ln); 1567 } 1568 IF_AFDATA_UNLOCK(ifp); 1569 1570 nd6_free_children(ln); 1571 1572 llentry_free(ln); 1573 if (dr != NULL) 1574 defrouter_rele(dr); 1575 } 1576 1577 static int 1578 nd6_isdynrte(const struct rtentry *rt, const struct nhop_object *nh, void *xap) 1579 { 1580 1581 if (nh->nh_flags & NHF_REDIRECT) 1582 return (1); 1583 1584 return (0); 1585 } 1586 1587 /* 1588 * Remove the rtentry for the given llentry, 1589 * both of which were installed by a redirect. 1590 */ 1591 static void 1592 nd6_free_redirect(const struct llentry *ln) 1593 { 1594 int fibnum; 1595 struct sockaddr_in6 sin6; 1596 struct rib_cmd_info rc; 1597 struct epoch_tracker et; 1598 1599 lltable_fill_sa_entry(ln, (struct sockaddr *)&sin6); 1600 1601 NET_EPOCH_ENTER(et); 1602 for (fibnum = 0; fibnum < rt_numfibs; fibnum++) 1603 rib_del_route_px(fibnum, (struct sockaddr *)&sin6, 128, 1604 nd6_isdynrte, NULL, 0, &rc); 1605 NET_EPOCH_EXIT(et); 1606 } 1607 1608 /* 1609 * Updates status of the default router route. 1610 */ 1611 static void 1612 check_release_defrouter(const struct rib_cmd_info *rc, void *_cbdata) 1613 { 1614 struct nd_defrouter *dr; 1615 struct nhop_object *nh; 1616 1617 nh = rc->rc_nh_old; 1618 if (rc->rc_cmd == RTM_DELETE && (nh->nh_flags & NHF_DEFAULT) != 0) { 1619 dr = defrouter_lookup(&nh->gw6_sa.sin6_addr, nh->nh_ifp); 1620 if (dr != NULL) { 1621 dr->installed = 0; 1622 defrouter_rele(dr); 1623 } 1624 } 1625 } 1626 1627 void 1628 nd6_subscription_cb(struct rib_head *rnh, struct rib_cmd_info *rc, void *arg) 1629 { 1630 #ifdef ROUTE_MPATH 1631 rib_decompose_notification(rc, check_release_defrouter, NULL); 1632 if (rc->rc_cmd == RTM_DELETE && !NH_IS_NHGRP(rc->rc_nh_old)) 1633 check_release_defrouter(rc, NULL); 1634 #else 1635 check_release_defrouter(rc, NULL); 1636 #endif 1637 } 1638 1639 int 1640 nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) 1641 { 1642 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1643 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1644 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1645 struct epoch_tracker et; 1646 int error = 0; 1647 1648 if (ifp->if_afdata[AF_INET6] == NULL) 1649 return (EPFNOSUPPORT); 1650 switch (cmd) { 1651 case OSIOCGIFINFO_IN6: 1652 #define ND ndi->ndi 1653 /* XXX: old ndp(8) assumes a positive value for linkmtu. */ 1654 bzero(&ND, sizeof(ND)); 1655 ND.linkmtu = IN6_LINKMTU(ifp); 1656 ND.maxmtu = ND_IFINFO(ifp)->maxmtu; 1657 ND.basereachable = ND_IFINFO(ifp)->basereachable; 1658 ND.reachable = ND_IFINFO(ifp)->reachable; 1659 ND.retrans = ND_IFINFO(ifp)->retrans; 1660 ND.flags = ND_IFINFO(ifp)->flags; 1661 ND.recalctm = ND_IFINFO(ifp)->recalctm; 1662 ND.chlim = ND_IFINFO(ifp)->chlim; 1663 break; 1664 case SIOCGIFINFO_IN6: 1665 ND = *ND_IFINFO(ifp); 1666 break; 1667 case SIOCSIFINFO_IN6: 1668 /* 1669 * used to change host variables from userland. 1670 * intended for a use on router to reflect RA configurations. 1671 */ 1672 /* 0 means 'unspecified' */ 1673 if (ND.linkmtu != 0) { 1674 if (ND.linkmtu < IPV6_MMTU || 1675 ND.linkmtu > IN6_LINKMTU(ifp)) { 1676 error = EINVAL; 1677 break; 1678 } 1679 ND_IFINFO(ifp)->linkmtu = ND.linkmtu; 1680 } 1681 1682 if (ND.basereachable != 0) { 1683 int obasereachable = ND_IFINFO(ifp)->basereachable; 1684 1685 ND_IFINFO(ifp)->basereachable = ND.basereachable; 1686 if (ND.basereachable != obasereachable) 1687 ND_IFINFO(ifp)->reachable = 1688 ND_COMPUTE_RTIME(ND.basereachable); 1689 } 1690 if (ND.retrans != 0) 1691 ND_IFINFO(ifp)->retrans = ND.retrans; 1692 if (ND.chlim != 0) 1693 ND_IFINFO(ifp)->chlim = ND.chlim; 1694 /* FALLTHROUGH */ 1695 case SIOCSIFINFO_FLAGS: 1696 { 1697 struct ifaddr *ifa; 1698 struct in6_ifaddr *ia; 1699 1700 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && 1701 !(ND.flags & ND6_IFF_IFDISABLED)) { 1702 /* ifdisabled 1->0 transision */ 1703 1704 /* 1705 * If the interface is marked as ND6_IFF_IFDISABLED and 1706 * has an link-local address with IN6_IFF_DUPLICATED, 1707 * do not clear ND6_IFF_IFDISABLED. 1708 * See RFC 4862, Section 5.4.5. 1709 */ 1710 NET_EPOCH_ENTER(et); 1711 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1712 if (ifa->ifa_addr->sa_family != AF_INET6) 1713 continue; 1714 ia = (struct in6_ifaddr *)ifa; 1715 if ((ia->ia6_flags & IN6_IFF_DUPLICATED) && 1716 IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))) 1717 break; 1718 } 1719 NET_EPOCH_EXIT(et); 1720 1721 if (ifa != NULL) { 1722 /* LLA is duplicated. */ 1723 ND.flags |= ND6_IFF_IFDISABLED; 1724 log(LOG_ERR, "Cannot enable an interface" 1725 " with a link-local address marked" 1726 " duplicate.\n"); 1727 } else { 1728 ND_IFINFO(ifp)->flags &= ~ND6_IFF_IFDISABLED; 1729 if (ifp->if_flags & IFF_UP) 1730 in6_if_up(ifp); 1731 } 1732 } else if (!(ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && 1733 (ND.flags & ND6_IFF_IFDISABLED)) { 1734 /* ifdisabled 0->1 transision */ 1735 /* Mark all IPv6 address as tentative. */ 1736 1737 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED; 1738 if (V_ip6_dad_count > 0 && 1739 (ND_IFINFO(ifp)->flags & ND6_IFF_NO_DAD) == 0) { 1740 NET_EPOCH_ENTER(et); 1741 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, 1742 ifa_link) { 1743 if (ifa->ifa_addr->sa_family != 1744 AF_INET6) 1745 continue; 1746 ia = (struct in6_ifaddr *)ifa; 1747 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1748 } 1749 NET_EPOCH_EXIT(et); 1750 } 1751 } 1752 1753 if (ND.flags & ND6_IFF_AUTO_LINKLOCAL) { 1754 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_AUTO_LINKLOCAL)) { 1755 /* auto_linklocal 0->1 transision */ 1756 1757 /* If no link-local address on ifp, configure */ 1758 ND_IFINFO(ifp)->flags |= ND6_IFF_AUTO_LINKLOCAL; 1759 in6_ifattach(ifp, NULL); 1760 } else if (!(ND.flags & ND6_IFF_IFDISABLED) && 1761 ifp->if_flags & IFF_UP) { 1762 /* 1763 * When the IF already has 1764 * ND6_IFF_AUTO_LINKLOCAL, no link-local 1765 * address is assigned, and IFF_UP, try to 1766 * assign one. 1767 */ 1768 NET_EPOCH_ENTER(et); 1769 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, 1770 ifa_link) { 1771 if (ifa->ifa_addr->sa_family != 1772 AF_INET6) 1773 continue; 1774 ia = (struct in6_ifaddr *)ifa; 1775 if (IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))) 1776 break; 1777 } 1778 NET_EPOCH_EXIT(et); 1779 if (ifa != NULL) 1780 /* No LLA is configured. */ 1781 in6_ifattach(ifp, NULL); 1782 } 1783 } 1784 ND_IFINFO(ifp)->flags = ND.flags; 1785 break; 1786 } 1787 #undef ND 1788 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1789 /* sync kernel routing table with the default router list */ 1790 defrouter_reset(); 1791 defrouter_select_fib(RT_ALL_FIBS); 1792 break; 1793 case SIOCSPFXFLUSH_IN6: 1794 { 1795 /* flush all the prefix advertised by routers */ 1796 struct in6_ifaddr *ia, *ia_next; 1797 struct nd_prefix *pr, *next; 1798 struct nd_prhead prl; 1799 1800 LIST_INIT(&prl); 1801 1802 ND6_WLOCK(); 1803 LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, next) { 1804 if (ND6_PREFIX_WITH_ROUTER(pr)) 1805 nd6_prefix_unlink(pr, &prl); 1806 } 1807 ND6_WUNLOCK(); 1808 1809 while ((pr = LIST_FIRST(&prl)) != NULL) { 1810 LIST_REMOVE(pr, ndpr_entry); 1811 /* XXXRW: in6_ifaddrhead locking. */ 1812 CK_STAILQ_FOREACH_SAFE(ia, &V_in6_ifaddrhead, ia_link, 1813 ia_next) { 1814 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1815 continue; 1816 1817 if (ia->ia6_ndpr == pr) 1818 in6_purgeaddr(&ia->ia_ifa); 1819 } 1820 nd6_prefix_del(pr); 1821 } 1822 break; 1823 } 1824 case SIOCSRTRFLUSH_IN6: 1825 { 1826 /* flush all the default routers */ 1827 1828 defrouter_reset(); 1829 nd6_defrouter_flush_all(); 1830 defrouter_select_fib(RT_ALL_FIBS); 1831 break; 1832 } 1833 case SIOCGNBRINFO_IN6: 1834 { 1835 struct llentry *ln; 1836 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1837 1838 if ((error = in6_setscope(&nb_addr, ifp, NULL)) != 0) 1839 return (error); 1840 1841 NET_EPOCH_ENTER(et); 1842 ln = nd6_lookup(&nb_addr, LLE_SF(AF_INET6, 0), ifp); 1843 NET_EPOCH_EXIT(et); 1844 1845 if (ln == NULL) { 1846 error = EINVAL; 1847 break; 1848 } 1849 nbi->state = ln->ln_state; 1850 nbi->asked = ln->la_asked; 1851 nbi->isrouter = ln->ln_router; 1852 if (ln->la_expire == 0) 1853 nbi->expire = 0; 1854 else 1855 nbi->expire = ln->la_expire + ln->lle_remtime / hz + 1856 (time_second - time_uptime); 1857 LLE_RUNLOCK(ln); 1858 break; 1859 } 1860 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1861 ndif->ifindex = V_nd6_defifindex; 1862 break; 1863 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1864 return (nd6_setdefaultiface(ndif->ifindex)); 1865 } 1866 return (error); 1867 } 1868 1869 /* 1870 * Calculates new isRouter value based on provided parameters and 1871 * returns it. 1872 */ 1873 static int 1874 nd6_is_router(int type, int code, int is_new, int old_addr, int new_addr, 1875 int ln_router) 1876 { 1877 1878 /* 1879 * ICMP6 type dependent behavior. 1880 * 1881 * NS: clear IsRouter if new entry 1882 * RS: clear IsRouter 1883 * RA: set IsRouter if there's lladdr 1884 * redir: clear IsRouter if new entry 1885 * 1886 * RA case, (1): 1887 * The spec says that we must set IsRouter in the following cases: 1888 * - If lladdr exist, set IsRouter. This means (1-5). 1889 * - If it is old entry (!newentry), set IsRouter. This means (7). 1890 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1891 * A quetion arises for (1) case. (1) case has no lladdr in the 1892 * neighbor cache, this is similar to (6). 1893 * This case is rare but we figured that we MUST NOT set IsRouter. 1894 * 1895 * is_new old_addr new_addr NS RS RA redir 1896 * D R 1897 * 0 n n (1) c ? s 1898 * 0 y n (2) c s s 1899 * 0 n y (3) c s s 1900 * 0 y y (4) c s s 1901 * 0 y y (5) c s s 1902 * 1 -- n (6) c c c s 1903 * 1 -- y (7) c c s c s 1904 * 1905 * (c=clear s=set) 1906 */ 1907 switch (type & 0xff) { 1908 case ND_NEIGHBOR_SOLICIT: 1909 /* 1910 * New entry must have is_router flag cleared. 1911 */ 1912 if (is_new) /* (6-7) */ 1913 ln_router = 0; 1914 break; 1915 case ND_REDIRECT: 1916 /* 1917 * If the icmp is a redirect to a better router, always set the 1918 * is_router flag. Otherwise, if the entry is newly created, 1919 * clear the flag. [RFC 2461, sec 8.3] 1920 */ 1921 if (code == ND_REDIRECT_ROUTER) 1922 ln_router = 1; 1923 else { 1924 if (is_new) /* (6-7) */ 1925 ln_router = 0; 1926 } 1927 break; 1928 case ND_ROUTER_SOLICIT: 1929 /* 1930 * is_router flag must always be cleared. 1931 */ 1932 ln_router = 0; 1933 break; 1934 case ND_ROUTER_ADVERT: 1935 /* 1936 * Mark an entry with lladdr as a router. 1937 */ 1938 if ((!is_new && (old_addr || new_addr)) || /* (2-5) */ 1939 (is_new && new_addr)) { /* (7) */ 1940 ln_router = 1; 1941 } 1942 break; 1943 } 1944 1945 return (ln_router); 1946 } 1947 1948 /* 1949 * Create neighbor cache entry and cache link-layer address, 1950 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1951 * 1952 * type - ICMP6 type 1953 * code - type dependent information 1954 * 1955 */ 1956 void 1957 nd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr, 1958 int lladdrlen, int type, int code) 1959 { 1960 struct llentry *ln = NULL, *ln_tmp; 1961 int is_newentry; 1962 int do_update; 1963 int olladdr; 1964 int llchange; 1965 int flags; 1966 uint16_t router = 0; 1967 struct mbuf *chain = NULL; 1968 u_char linkhdr[LLE_MAX_LINKHDR]; 1969 size_t linkhdrsize; 1970 int lladdr_off; 1971 1972 NET_EPOCH_ASSERT(); 1973 IF_AFDATA_UNLOCK_ASSERT(ifp); 1974 1975 KASSERT(ifp != NULL, ("%s: ifp == NULL", __func__)); 1976 KASSERT(from != NULL, ("%s: from == NULL", __func__)); 1977 1978 /* nothing must be updated for unspecified address */ 1979 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1980 return; 1981 1982 /* 1983 * Validation about ifp->if_addrlen and lladdrlen must be done in 1984 * the caller. 1985 * 1986 * XXX If the link does not have link-layer adderss, what should 1987 * we do? (ifp->if_addrlen == 0) 1988 * Spec says nothing in sections for RA, RS and NA. There's small 1989 * description on it in NS section (RFC 2461 7.2.3). 1990 */ 1991 flags = lladdr ? LLE_EXCLUSIVE : 0; 1992 ln = nd6_lookup(from, LLE_SF(AF_INET6, flags), ifp); 1993 is_newentry = 0; 1994 if (ln == NULL) { 1995 flags |= LLE_EXCLUSIVE; 1996 ln = nd6_alloc(from, 0, ifp); 1997 if (ln == NULL) 1998 return; 1999 2000 /* 2001 * Since we already know all the data for the new entry, 2002 * fill it before insertion. 2003 */ 2004 if (lladdr != NULL) { 2005 linkhdrsize = sizeof(linkhdr); 2006 if (lltable_calc_llheader(ifp, AF_INET6, lladdr, 2007 linkhdr, &linkhdrsize, &lladdr_off) != 0) { 2008 lltable_free_entry(LLTABLE6(ifp), ln); 2009 return; 2010 } 2011 lltable_set_entry_addr(ifp, ln, linkhdr, linkhdrsize, 2012 lladdr_off); 2013 } 2014 2015 IF_AFDATA_WLOCK(ifp); 2016 LLE_WLOCK(ln); 2017 /* Prefer any existing lle over newly-created one */ 2018 ln_tmp = nd6_lookup(from, LLE_SF(AF_INET6, LLE_EXCLUSIVE), ifp); 2019 if (ln_tmp == NULL) 2020 lltable_link_entry(LLTABLE6(ifp), ln); 2021 IF_AFDATA_WUNLOCK(ifp); 2022 if (ln_tmp == NULL) { 2023 /* No existing lle, mark as new entry (6,7) */ 2024 is_newentry = 1; 2025 if (lladdr != NULL) { /* (7) */ 2026 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE); 2027 EVENTHANDLER_INVOKE(lle_event, ln, 2028 LLENTRY_RESOLVED); 2029 } 2030 } else { 2031 lltable_free_entry(LLTABLE6(ifp), ln); 2032 ln = ln_tmp; 2033 ln_tmp = NULL; 2034 } 2035 } 2036 /* do nothing if static ndp is set */ 2037 if ((ln->la_flags & LLE_STATIC)) { 2038 if (flags & LLE_EXCLUSIVE) 2039 LLE_WUNLOCK(ln); 2040 else 2041 LLE_RUNLOCK(ln); 2042 return; 2043 } 2044 2045 olladdr = (ln->la_flags & LLE_VALID) ? 1 : 0; 2046 if (olladdr && lladdr) { 2047 llchange = bcmp(lladdr, ln->ll_addr, 2048 ifp->if_addrlen); 2049 } else if (!olladdr && lladdr) 2050 llchange = 1; 2051 else 2052 llchange = 0; 2053 2054 /* 2055 * newentry olladdr lladdr llchange (*=record) 2056 * 0 n n -- (1) 2057 * 0 y n -- (2) 2058 * 0 n y y (3) * STALE 2059 * 0 y y n (4) * 2060 * 0 y y y (5) * STALE 2061 * 1 -- n -- (6) NOSTATE(= PASSIVE) 2062 * 1 -- y -- (7) * STALE 2063 */ 2064 2065 do_update = 0; 2066 if (is_newentry == 0 && llchange != 0) { 2067 do_update = 1; /* (3,5) */ 2068 2069 /* 2070 * Record source link-layer address 2071 * XXX is it dependent to ifp->if_type? 2072 */ 2073 if (!nd6_try_set_entry_addr(ifp, ln, lladdr)) { 2074 /* Entry was deleted */ 2075 LLE_WUNLOCK(ln); 2076 return; 2077 } 2078 2079 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE); 2080 2081 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED); 2082 2083 if (ln->la_hold != NULL) 2084 chain = nd6_grab_holdchain(ln); 2085 } 2086 2087 /* Calculates new router status */ 2088 router = nd6_is_router(type, code, is_newentry, olladdr, 2089 lladdr != NULL ? 1 : 0, ln->ln_router); 2090 2091 ln->ln_router = router; 2092 /* Mark non-router redirects with special flag */ 2093 if ((type & 0xFF) == ND_REDIRECT && code != ND_REDIRECT_ROUTER) 2094 ln->la_flags |= LLE_REDIRECT; 2095 2096 if (flags & LLE_EXCLUSIVE) 2097 LLE_WUNLOCK(ln); 2098 else 2099 LLE_RUNLOCK(ln); 2100 2101 if (chain != NULL) 2102 nd6_flush_holdchain(ifp, ln, chain); 2103 if (do_update) 2104 nd6_flush_children_holdchain(ifp, ln); 2105 2106 /* 2107 * When the link-layer address of a router changes, select the 2108 * best router again. In particular, when the neighbor entry is newly 2109 * created, it might affect the selection policy. 2110 * Question: can we restrict the first condition to the "is_newentry" 2111 * case? 2112 * XXX: when we hear an RA from a new router with the link-layer 2113 * address option, defrouter_select_fib() is called twice, since 2114 * defrtrlist_update called the function as well. However, I believe 2115 * we can compromise the overhead, since it only happens the first 2116 * time. 2117 * XXX: although defrouter_select_fib() should not have a bad effect 2118 * for those are not autoconfigured hosts, we explicitly avoid such 2119 * cases for safety. 2120 */ 2121 if ((do_update || is_newentry) && router && 2122 ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) { 2123 /* 2124 * guaranteed recursion 2125 */ 2126 defrouter_select_fib(ifp->if_fib); 2127 } 2128 } 2129 2130 static void 2131 nd6_slowtimo(void *arg) 2132 { 2133 struct epoch_tracker et; 2134 CURVNET_SET((struct vnet *) arg); 2135 struct nd_ifinfo *nd6if; 2136 struct ifnet *ifp; 2137 2138 callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 2139 nd6_slowtimo, curvnet); 2140 NET_EPOCH_ENTER(et); 2141 CK_STAILQ_FOREACH(ifp, &V_ifnet, if_link) { 2142 if (ifp->if_afdata[AF_INET6] == NULL) 2143 continue; 2144 nd6if = ND_IFINFO(ifp); 2145 if (nd6if->basereachable && /* already initialized */ 2146 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 2147 /* 2148 * Since reachable time rarely changes by router 2149 * advertisements, we SHOULD insure that a new random 2150 * value gets recomputed at least once every few hours. 2151 * (RFC 2461, 6.3.4) 2152 */ 2153 nd6if->recalctm = V_nd6_recalc_reachtm_interval; 2154 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 2155 } 2156 } 2157 NET_EPOCH_EXIT(et); 2158 CURVNET_RESTORE(); 2159 } 2160 2161 struct mbuf * 2162 nd6_grab_holdchain(struct llentry *ln) 2163 { 2164 struct mbuf *chain; 2165 2166 LLE_WLOCK_ASSERT(ln); 2167 2168 chain = ln->la_hold; 2169 ln->la_hold = NULL; 2170 ln->la_numheld = 0; 2171 2172 if (ln->ln_state == ND6_LLINFO_STALE) { 2173 /* 2174 * The first time we send a packet to a 2175 * neighbor whose entry is STALE, we have 2176 * to change the state to DELAY and a sets 2177 * a timer to expire in DELAY_FIRST_PROBE_TIME 2178 * seconds to ensure do neighbor unreachability 2179 * detection on expiration. 2180 * (RFC 2461 7.3.3) 2181 */ 2182 nd6_llinfo_setstate(ln, ND6_LLINFO_DELAY); 2183 } 2184 2185 return (chain); 2186 } 2187 2188 int 2189 nd6_output_ifp(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m, 2190 struct sockaddr_in6 *dst, struct route *ro) 2191 { 2192 int error; 2193 int ip6len; 2194 struct ip6_hdr *ip6; 2195 struct m_tag *mtag; 2196 2197 #ifdef MAC 2198 mac_netinet6_nd6_send(ifp, m); 2199 #endif 2200 2201 /* 2202 * If called from nd6_ns_output() (NS), nd6_na_output() (NA), 2203 * icmp6_redirect_output() (REDIRECT) or from rip6_output() (RS, RA 2204 * as handled by rtsol and rtadvd), mbufs will be tagged for SeND 2205 * to be diverted to user space. When re-injected into the kernel, 2206 * send_output() will directly dispatch them to the outgoing interface. 2207 */ 2208 if (send_sendso_input_hook != NULL) { 2209 mtag = m_tag_find(m, PACKET_TAG_ND_OUTGOING, NULL); 2210 if (mtag != NULL) { 2211 ip6 = mtod(m, struct ip6_hdr *); 2212 ip6len = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen); 2213 /* Use the SEND socket */ 2214 error = send_sendso_input_hook(m, ifp, SND_OUT, 2215 ip6len); 2216 /* -1 == no app on SEND socket */ 2217 if (error == 0 || error != -1) 2218 return (error); 2219 } 2220 } 2221 2222 m_clrprotoflags(m); /* Avoid confusing lower layers. */ 2223 IP_PROBE(send, NULL, NULL, mtod(m, struct ip6_hdr *), ifp, NULL, 2224 mtod(m, struct ip6_hdr *)); 2225 2226 if ((ifp->if_flags & IFF_LOOPBACK) == 0) 2227 origifp = ifp; 2228 2229 error = (*ifp->if_output)(origifp, m, (struct sockaddr *)dst, ro); 2230 return (error); 2231 } 2232 2233 /* 2234 * Lookup link headerfor @sa_dst address. Stores found 2235 * data in @desten buffer. Copy of lle ln_flags can be also 2236 * saved in @pflags if @pflags is non-NULL. 2237 * 2238 * If destination LLE does not exists or lle state modification 2239 * is required, call "slow" version. 2240 * 2241 * Return values: 2242 * - 0 on success (address copied to buffer). 2243 * - EWOULDBLOCK (no local error, but address is still unresolved) 2244 * - other errors (alloc failure, etc) 2245 */ 2246 int 2247 nd6_resolve(struct ifnet *ifp, int gw_flags, struct mbuf *m, 2248 const struct sockaddr *sa_dst, u_char *desten, uint32_t *pflags, 2249 struct llentry **plle) 2250 { 2251 struct llentry *ln = NULL; 2252 const struct sockaddr_in6 *dst6; 2253 2254 NET_EPOCH_ASSERT(); 2255 2256 if (pflags != NULL) 2257 *pflags = 0; 2258 2259 dst6 = (const struct sockaddr_in6 *)sa_dst; 2260 2261 /* discard the packet if IPv6 operation is disabled on the interface */ 2262 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) { 2263 m_freem(m); 2264 return (ENETDOWN); /* better error? */ 2265 } 2266 2267 if (m != NULL && m->m_flags & M_MCAST) { 2268 switch (ifp->if_type) { 2269 case IFT_ETHER: 2270 case IFT_L2VLAN: 2271 case IFT_BRIDGE: 2272 ETHER_MAP_IPV6_MULTICAST(&dst6->sin6_addr, 2273 desten); 2274 return (0); 2275 default: 2276 m_freem(m); 2277 return (EAFNOSUPPORT); 2278 } 2279 } 2280 2281 int family = gw_flags >> 16; 2282 int lookup_flags = plle ? LLE_EXCLUSIVE : LLE_UNLOCKED; 2283 ln = nd6_lookup(&dst6->sin6_addr, LLE_SF(family, lookup_flags), ifp); 2284 if (ln != NULL && (ln->r_flags & RLLE_VALID) != 0) { 2285 /* Entry found, let's copy lle info */ 2286 bcopy(ln->r_linkdata, desten, ln->r_hdrlen); 2287 if (pflags != NULL) 2288 *pflags = LLE_VALID | (ln->r_flags & RLLE_IFADDR); 2289 llentry_provide_feedback(ln); 2290 if (plle) { 2291 LLE_ADDREF(ln); 2292 *plle = ln; 2293 LLE_WUNLOCK(ln); 2294 } 2295 return (0); 2296 } else if (plle && ln) 2297 LLE_WUNLOCK(ln); 2298 2299 return (nd6_resolve_slow(ifp, family, 0, m, dst6, desten, pflags, plle)); 2300 } 2301 2302 /* 2303 * Finds or creates a new llentry for @addr and @family. 2304 * Returns wlocked llentry or NULL. 2305 * 2306 * 2307 * Child LLEs. 2308 * 2309 * Do not have their own state machine (gets marked as static) 2310 * settimer bails out for child LLEs just in case. 2311 * 2312 * Locking order: parent lle gets locked first, chen goes the child. 2313 */ 2314 static __noinline struct llentry * 2315 nd6_get_llentry(struct ifnet *ifp, const struct in6_addr *addr, int family) 2316 { 2317 struct llentry *child_lle = NULL; 2318 struct llentry *lle, *lle_tmp; 2319 2320 lle = nd6_alloc(addr, 0, ifp); 2321 if (lle != NULL && family != AF_INET6) { 2322 child_lle = nd6_alloc(addr, 0, ifp); 2323 if (child_lle == NULL) { 2324 lltable_free_entry(LLTABLE6(ifp), lle); 2325 return (NULL); 2326 } 2327 child_lle->r_family = family; 2328 child_lle->la_flags |= LLE_CHILD | LLE_STATIC; 2329 child_lle->ln_state = ND6_LLINFO_INCOMPLETE; 2330 } 2331 2332 if (lle == NULL) { 2333 char ip6buf[INET6_ADDRSTRLEN]; 2334 log(LOG_DEBUG, 2335 "nd6_get_llentry: can't allocate llinfo for %s " 2336 "(ln=%p)\n", 2337 ip6_sprintf(ip6buf, addr), lle); 2338 return (NULL); 2339 } 2340 2341 IF_AFDATA_WLOCK(ifp); 2342 LLE_WLOCK(lle); 2343 /* Prefer any existing entry over newly-created one */ 2344 lle_tmp = nd6_lookup(addr, LLE_SF(AF_INET6, LLE_EXCLUSIVE), ifp); 2345 if (lle_tmp == NULL) 2346 lltable_link_entry(LLTABLE6(ifp), lle); 2347 else { 2348 lltable_free_entry(LLTABLE6(ifp), lle); 2349 lle = lle_tmp; 2350 } 2351 if (child_lle != NULL) { 2352 /* Check if child lle for the same family exists */ 2353 lle_tmp = llentry_lookup_family(lle, child_lle->r_family); 2354 LLE_WLOCK(child_lle); 2355 if (lle_tmp == NULL) { 2356 /* Attach */ 2357 lltable_link_child_entry(lle, child_lle); 2358 } else { 2359 /* child lle already exists, free newly-created one */ 2360 lltable_free_entry(LLTABLE6(ifp), child_lle); 2361 LLE_WLOCK(lle_tmp); 2362 child_lle = lle_tmp; 2363 } 2364 LLE_WUNLOCK(lle); 2365 lle = child_lle; 2366 } 2367 IF_AFDATA_WUNLOCK(ifp); 2368 return (lle); 2369 } 2370 2371 /* 2372 * Do L2 address resolution for @sa_dst address. Stores found 2373 * address in @desten buffer. Copy of lle ln_flags can be also 2374 * saved in @pflags if @pflags is non-NULL. 2375 * 2376 * Heavy version. 2377 * Function assume that destination LLE does not exist, 2378 * is invalid or stale, so LLE_EXCLUSIVE lock needs to be acquired. 2379 * 2380 * Set noinline to be dtrace-friendly 2381 */ 2382 static __noinline int 2383 nd6_resolve_slow(struct ifnet *ifp, int family, int flags, struct mbuf *m, 2384 const struct sockaddr_in6 *dst, u_char *desten, uint32_t *pflags, 2385 struct llentry **plle) 2386 { 2387 struct llentry *lle = NULL; 2388 struct in6_addr *psrc, src; 2389 int send_ns, ll_len; 2390 char *lladdr; 2391 2392 NET_EPOCH_ASSERT(); 2393 2394 /* 2395 * Address resolution or Neighbor Unreachability Detection 2396 * for the next hop. 2397 * At this point, the destination of the packet must be a unicast 2398 * or an anycast address(i.e. not a multicast). 2399 */ 2400 lle = nd6_lookup(&dst->sin6_addr, LLE_SF(family, LLE_EXCLUSIVE), ifp); 2401 if ((lle == NULL) && nd6_is_addr_neighbor(dst, ifp)) { 2402 /* 2403 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 2404 * the condition below is not very efficient. But we believe 2405 * it is tolerable, because this should be a rare case. 2406 */ 2407 lle = nd6_get_llentry(ifp, &dst->sin6_addr, family); 2408 } 2409 2410 if (lle == NULL) { 2411 m_freem(m); 2412 return (ENOBUFS); 2413 } 2414 2415 LLE_WLOCK_ASSERT(lle); 2416 2417 /* 2418 * The first time we send a packet to a neighbor whose entry is 2419 * STALE, we have to change the state to DELAY and a sets a timer to 2420 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 2421 * neighbor unreachability detection on expiration. 2422 * (RFC 2461 7.3.3) 2423 */ 2424 if ((!(lle->la_flags & LLE_CHILD)) && (lle->ln_state == ND6_LLINFO_STALE)) 2425 nd6_llinfo_setstate(lle, ND6_LLINFO_DELAY); 2426 2427 /* 2428 * If the neighbor cache entry has a state other than INCOMPLETE 2429 * (i.e. its link-layer address is already resolved), just 2430 * send the packet. 2431 */ 2432 if (lle->ln_state > ND6_LLINFO_INCOMPLETE) { 2433 if (flags & LLE_ADDRONLY) { 2434 lladdr = lle->ll_addr; 2435 ll_len = ifp->if_addrlen; 2436 } else { 2437 lladdr = lle->r_linkdata; 2438 ll_len = lle->r_hdrlen; 2439 } 2440 bcopy(lladdr, desten, ll_len); 2441 if (pflags != NULL) 2442 *pflags = lle->la_flags; 2443 if (plle) { 2444 LLE_ADDREF(lle); 2445 *plle = lle; 2446 } 2447 LLE_WUNLOCK(lle); 2448 return (0); 2449 } 2450 2451 /* 2452 * There is a neighbor cache entry, but no ethernet address 2453 * response yet. Append this latest packet to the end of the 2454 * packet queue in the mbuf. When it exceeds nd6_maxqueuelen, 2455 * the oldest packet in the queue will be removed. 2456 */ 2457 if (m != NULL) { 2458 size_t dropped; 2459 2460 dropped = lltable_append_entry_queue(lle, m, V_nd6_maxqueuelen); 2461 ICMP6STAT_ADD(icp6s_dropped, dropped); 2462 } 2463 2464 /* 2465 * If there has been no NS for the neighbor after entering the 2466 * INCOMPLETE state, send the first solicitation. 2467 * Note that for newly-created lle la_asked will be 0, 2468 * so we will transition from ND6_LLINFO_NOSTATE to 2469 * ND6_LLINFO_INCOMPLETE state here. 2470 */ 2471 psrc = NULL; 2472 send_ns = 0; 2473 2474 /* If we have child lle, switch to the parent to send NS */ 2475 if (lle->la_flags & LLE_CHILD) { 2476 struct llentry *lle_parent = lle->lle_parent; 2477 LLE_WUNLOCK(lle); 2478 lle = lle_parent; 2479 LLE_WLOCK(lle); 2480 } 2481 if (lle->la_asked == 0) { 2482 lle->la_asked++; 2483 send_ns = 1; 2484 psrc = nd6_llinfo_get_holdsrc(lle, &src); 2485 2486 nd6_llinfo_setstate(lle, ND6_LLINFO_INCOMPLETE); 2487 } 2488 LLE_WUNLOCK(lle); 2489 if (send_ns != 0) 2490 nd6_ns_output(ifp, psrc, NULL, &dst->sin6_addr, NULL); 2491 2492 return (EWOULDBLOCK); 2493 } 2494 2495 /* 2496 * Do L2 address resolution for @sa_dst address. Stores found 2497 * address in @desten buffer. Copy of lle ln_flags can be also 2498 * saved in @pflags if @pflags is non-NULL. 2499 * 2500 * Return values: 2501 * - 0 on success (address copied to buffer). 2502 * - EWOULDBLOCK (no local error, but address is still unresolved) 2503 * - other errors (alloc failure, etc) 2504 */ 2505 int 2506 nd6_resolve_addr(struct ifnet *ifp, int flags, const struct sockaddr *dst, 2507 char *desten, uint32_t *pflags) 2508 { 2509 int error; 2510 2511 flags |= LLE_ADDRONLY; 2512 error = nd6_resolve_slow(ifp, AF_INET6, flags, NULL, 2513 (const struct sockaddr_in6 *)dst, desten, pflags, NULL); 2514 return (error); 2515 } 2516 2517 int 2518 nd6_flush_holdchain(struct ifnet *ifp, struct llentry *lle, struct mbuf *chain) 2519 { 2520 struct mbuf *m, *m_head; 2521 struct sockaddr_in6 dst6; 2522 int error = 0; 2523 2524 NET_EPOCH_ASSERT(); 2525 2526 struct route_in6 ro = { 2527 .ro_prepend = lle->r_linkdata, 2528 .ro_plen = lle->r_hdrlen, 2529 }; 2530 2531 lltable_fill_sa_entry(lle, (struct sockaddr *)&dst6); 2532 m_head = chain; 2533 2534 while (m_head) { 2535 m = m_head; 2536 m_head = m_head->m_nextpkt; 2537 m->m_nextpkt = NULL; 2538 error = nd6_output_ifp(ifp, ifp, m, &dst6, (struct route *)&ro); 2539 } 2540 2541 /* 2542 * XXX 2543 * note that intermediate errors are blindly ignored 2544 */ 2545 return (error); 2546 } 2547 2548 __noinline void 2549 nd6_flush_children_holdchain(struct ifnet *ifp, struct llentry *lle) 2550 { 2551 struct llentry *child_lle; 2552 struct mbuf *chain; 2553 2554 NET_EPOCH_ASSERT(); 2555 2556 CK_SLIST_FOREACH(child_lle, &lle->lle_children, lle_child_next) { 2557 LLE_WLOCK(child_lle); 2558 chain = nd6_grab_holdchain(child_lle); 2559 LLE_WUNLOCK(child_lle); 2560 nd6_flush_holdchain(ifp, child_lle, chain); 2561 } 2562 } 2563 2564 static int 2565 nd6_need_cache(struct ifnet *ifp) 2566 { 2567 /* 2568 * XXX: we currently do not make neighbor cache on any interface 2569 * other than Ethernet and GIF. 2570 * 2571 * RFC2893 says: 2572 * - unidirectional tunnels needs no ND 2573 */ 2574 switch (ifp->if_type) { 2575 case IFT_ETHER: 2576 case IFT_IEEE1394: 2577 case IFT_L2VLAN: 2578 case IFT_INFINIBAND: 2579 case IFT_BRIDGE: 2580 case IFT_PROPVIRTUAL: 2581 return (1); 2582 default: 2583 return (0); 2584 } 2585 } 2586 2587 /* 2588 * Add pernament ND6 link-layer record for given 2589 * interface address. 2590 * 2591 * Very similar to IPv4 arp_ifinit(), but: 2592 * 1) IPv6 DAD is performed in different place 2593 * 2) It is called by IPv6 protocol stack in contrast to 2594 * arp_ifinit() which is typically called in SIOCSIFADDR 2595 * driver ioctl handler. 2596 * 2597 */ 2598 int 2599 nd6_add_ifa_lle(struct in6_ifaddr *ia) 2600 { 2601 struct ifnet *ifp; 2602 struct llentry *ln, *ln_tmp; 2603 struct sockaddr *dst; 2604 2605 ifp = ia->ia_ifa.ifa_ifp; 2606 if (nd6_need_cache(ifp) == 0) 2607 return (0); 2608 2609 dst = (struct sockaddr *)&ia->ia_addr; 2610 ln = lltable_alloc_entry(LLTABLE6(ifp), LLE_IFADDR, dst); 2611 if (ln == NULL) 2612 return (ENOBUFS); 2613 2614 IF_AFDATA_WLOCK(ifp); 2615 LLE_WLOCK(ln); 2616 /* Unlink any entry if exists */ 2617 ln_tmp = lla_lookup(LLTABLE6(ifp), LLE_SF(AF_INET6, LLE_EXCLUSIVE), dst); 2618 if (ln_tmp != NULL) 2619 lltable_unlink_entry(LLTABLE6(ifp), ln_tmp); 2620 lltable_link_entry(LLTABLE6(ifp), ln); 2621 IF_AFDATA_WUNLOCK(ifp); 2622 2623 if (ln_tmp != NULL) 2624 EVENTHANDLER_INVOKE(lle_event, ln_tmp, LLENTRY_EXPIRED); 2625 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED); 2626 2627 LLE_WUNLOCK(ln); 2628 if (ln_tmp != NULL) 2629 llentry_free(ln_tmp); 2630 2631 return (0); 2632 } 2633 2634 /* 2635 * Removes either all lle entries for given @ia, or lle 2636 * corresponding to @ia address. 2637 */ 2638 void 2639 nd6_rem_ifa_lle(struct in6_ifaddr *ia, int all) 2640 { 2641 struct sockaddr_in6 mask, addr; 2642 struct sockaddr *saddr, *smask; 2643 struct ifnet *ifp; 2644 2645 ifp = ia->ia_ifa.ifa_ifp; 2646 memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr)); 2647 memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask)); 2648 saddr = (struct sockaddr *)&addr; 2649 smask = (struct sockaddr *)&mask; 2650 2651 if (all != 0) 2652 lltable_prefix_free(AF_INET6, saddr, smask, LLE_STATIC); 2653 else 2654 lltable_delete_addr(LLTABLE6(ifp), LLE_IFADDR, saddr); 2655 } 2656 2657 static int 2658 nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS) 2659 { 2660 struct in6_prefix p; 2661 struct sockaddr_in6 s6; 2662 struct nd_prefix *pr; 2663 struct nd_pfxrouter *pfr; 2664 time_t maxexpire; 2665 int error; 2666 char ip6buf[INET6_ADDRSTRLEN]; 2667 2668 if (req->newptr) 2669 return (EPERM); 2670 2671 error = sysctl_wire_old_buffer(req, 0); 2672 if (error != 0) 2673 return (error); 2674 2675 bzero(&p, sizeof(p)); 2676 p.origin = PR_ORIG_RA; 2677 bzero(&s6, sizeof(s6)); 2678 s6.sin6_family = AF_INET6; 2679 s6.sin6_len = sizeof(s6); 2680 2681 ND6_RLOCK(); 2682 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) { 2683 p.prefix = pr->ndpr_prefix; 2684 if (sa6_recoverscope(&p.prefix)) { 2685 log(LOG_ERR, "scope error in prefix list (%s)\n", 2686 ip6_sprintf(ip6buf, &p.prefix.sin6_addr)); 2687 /* XXX: press on... */ 2688 } 2689 p.raflags = pr->ndpr_raf; 2690 p.prefixlen = pr->ndpr_plen; 2691 p.vltime = pr->ndpr_vltime; 2692 p.pltime = pr->ndpr_pltime; 2693 p.if_index = pr->ndpr_ifp->if_index; 2694 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 2695 p.expire = 0; 2696 else { 2697 /* XXX: we assume time_t is signed. */ 2698 maxexpire = (-1) & 2699 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 2700 if (pr->ndpr_vltime < maxexpire - pr->ndpr_lastupdate) 2701 p.expire = pr->ndpr_lastupdate + 2702 pr->ndpr_vltime + 2703 (time_second - time_uptime); 2704 else 2705 p.expire = maxexpire; 2706 } 2707 p.refcnt = pr->ndpr_addrcnt; 2708 p.flags = pr->ndpr_stateflags; 2709 p.advrtrs = 0; 2710 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) 2711 p.advrtrs++; 2712 error = SYSCTL_OUT(req, &p, sizeof(p)); 2713 if (error != 0) 2714 break; 2715 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 2716 s6.sin6_addr = pfr->router->rtaddr; 2717 if (sa6_recoverscope(&s6)) 2718 log(LOG_ERR, 2719 "scope error in prefix list (%s)\n", 2720 ip6_sprintf(ip6buf, &pfr->router->rtaddr)); 2721 error = SYSCTL_OUT(req, &s6, sizeof(s6)); 2722 if (error != 0) 2723 goto out; 2724 } 2725 } 2726 out: 2727 ND6_RUNLOCK(); 2728 return (error); 2729 } 2730 SYSCTL_PROC(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist, 2731 CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE, 2732 NULL, 0, nd6_sysctl_prlist, "S,in6_prefix", 2733 "NDP prefix list"); 2734 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, nd6_maxqueuelen, 2735 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_maxqueuelen), 1, ""); 2736 SYSCTL_INT(_net_inet6_icmp6, OID_AUTO, nd6_gctimer, 2737 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_gctimer), (60 * 60 * 24), ""); 2738