1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * $KAME: nd6_nbr.c,v 1.86 2002/01/21 02:33:04 jinmei Exp $
32 */
33
34 #include <sys/cdefs.h>
35 #include "opt_inet.h"
36 #include "opt_inet6.h"
37 #include "opt_ipsec.h"
38
39 #include <sys/param.h>
40 #include <sys/systm.h>
41 #include <sys/counter.h>
42 #include <sys/eventhandler.h>
43 #include <sys/malloc.h>
44 #include <sys/libkern.h>
45 #include <sys/lock.h>
46 #include <sys/rwlock.h>
47 #include <sys/mbuf.h>
48 #include <sys/socket.h>
49 #include <sys/sockio.h>
50 #include <sys/time.h>
51 #include <sys/kernel.h>
52 #include <sys/errno.h>
53 #include <sys/sysctl.h>
54 #include <sys/syslog.h>
55 #include <sys/queue.h>
56 #include <sys/callout.h>
57 #include <sys/refcount.h>
58
59 #include <net/if.h>
60 #include <net/if_types.h>
61 #include <net/if_dl.h>
62 #include <net/if_var.h>
63 #include <net/if_private.h>
64 #include <net/route.h>
65 #include <net/vnet.h>
66
67 #include <netinet/in.h>
68 #include <netinet/in_var.h>
69 #include <net/if_llatbl.h>
70 #include <netinet6/in6_var.h>
71 #include <netinet6/in6_ifattach.h>
72 #include <netinet/ip6.h>
73 #include <netinet6/ip6_var.h>
74 #include <netinet6/scope6_var.h>
75 #include <netinet6/nd6.h>
76 #include <netinet/icmp6.h>
77 #include <netinet/ip_carp.h>
78 #include <netinet6/send.h>
79
80 #define SDL(s) ((struct sockaddr_dl *)s)
81
82 struct dadq;
83 static struct dadq *nd6_dad_find(struct ifaddr *, struct nd_opt_nonce *);
84 static void nd6_dad_add(struct dadq *dp);
85 static void nd6_dad_del(struct dadq *dp);
86 static void nd6_dad_rele(struct dadq *);
87 static void nd6_dad_starttimer(struct dadq *, int);
88 static void nd6_dad_stoptimer(struct dadq *);
89 static void nd6_dad_timer(void *);
90 static void nd6_dad_duplicated(struct ifaddr *, struct dadq *);
91 static void nd6_dad_ns_output(struct dadq *);
92 static void nd6_dad_ns_input(struct ifaddr *, struct nd_opt_nonce *);
93 static void nd6_dad_na_input(struct ifaddr *);
94 static void nd6_na_output_fib(struct ifnet *, const struct in6_addr *,
95 const struct in6_addr *, u_long, int, struct sockaddr *, u_int);
96 static void nd6_ns_output_fib(struct ifnet *, const struct in6_addr *,
97 const struct in6_addr *, const struct in6_addr *, uint8_t *, u_int);
98
99 static struct ifaddr *nd6_proxy_fill_sdl(struct ifnet *,
100 const struct in6_addr *, struct sockaddr_dl *);
101
102 VNET_DEFINE_STATIC(int, dad_enhanced) = 1;
103 #define V_dad_enhanced VNET(dad_enhanced)
104
105 SYSCTL_DECL(_net_inet6_ip6);
106 SYSCTL_INT(_net_inet6_ip6, OID_AUTO, dad_enhanced, CTLFLAG_VNET | CTLFLAG_RW,
107 &VNET_NAME(dad_enhanced), 0,
108 "Enable Enhanced DAD, which adds a random nonce to NS messages for DAD.");
109
110 VNET_DEFINE_STATIC(int, dad_maxtry) = 15; /* max # of *tries* to
111 transmit DAD packet */
112 #define V_dad_maxtry VNET(dad_maxtry)
113
114 VNET_DEFINE_STATIC(int, nd6_onlink_ns_rfc4861) = 0;
115 #define V_nd6_onlink_ns_rfc4861 VNET(nd6_onlink_ns_rfc4861)
116 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
117 nd6_onlink_ns_rfc4861, CTLFLAG_VNET | CTLFLAG_RW,
118 &VNET_NAME(nd6_onlink_ns_rfc4861), 0,
119 "Accept 'on-link' ICMPv6 NS messages in compliance with RFC 4861");
120
121 /*
122 * Input a Neighbor Solicitation Message.
123 *
124 * Based on RFC 2461
125 * Based on RFC 2462 (duplicate address detection)
126 */
127 void
nd6_ns_input(struct mbuf * m,int off,int icmp6len)128 nd6_ns_input(struct mbuf *m, int off, int icmp6len)
129 {
130 struct ifnet *ifp;
131 struct ip6_hdr *ip6;
132 struct nd_neighbor_solicit *nd_ns;
133 struct in6_addr daddr6, myaddr6, saddr6, taddr6;
134 struct ifaddr *ifa;
135 struct sockaddr_dl proxydl;
136 union nd_opts ndopts;
137 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
138 char *lladdr;
139 int anycast, lladdrlen, proxy, rflag, tentative, tlladdr;
140
141 ifa = NULL;
142
143 /* RFC 6980: Nodes MUST silently ignore fragments */
144 if(m->m_flags & M_FRAGMENTED)
145 goto freeit;
146
147 ifp = m->m_pkthdr.rcvif;
148 ip6 = mtod(m, struct ip6_hdr *);
149 if (__predict_false(ip6->ip6_hlim != 255)) {
150 ICMP6STAT_INC(icp6s_invlhlim);
151 nd6log((LOG_ERR,
152 "nd6_ns_input: invalid hlim (%d) from %s to %s on %s\n",
153 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
154 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
155 goto bads;
156 }
157
158 if (m->m_len < off + icmp6len) {
159 m = m_pullup(m, off + icmp6len);
160 if (m == NULL) {
161 IP6STAT_INC(ip6s_exthdrtoolong);
162 return;
163 }
164 }
165 ip6 = mtod(m, struct ip6_hdr *);
166 nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off);
167
168 saddr6 = ip6->ip6_src;
169 daddr6 = ip6->ip6_dst;
170 taddr6 = nd_ns->nd_ns_target;
171 if (in6_setscope(&taddr6, ifp, NULL) != 0)
172 goto bad;
173
174 rflag = (V_ip6_forwarding) ? ND_NA_FLAG_ROUTER : 0;
175 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && V_ip6_norbit_raif)
176 rflag = 0;
177
178 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
179 /* dst has to be a solicited node multicast address. */
180 if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL &&
181 /* don't check ifindex portion */
182 daddr6.s6_addr32[1] == 0 &&
183 daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE &&
184 daddr6.s6_addr8[12] == 0xff) {
185 ; /* good */
186 } else {
187 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet "
188 "(wrong ip6 dst)\n"));
189 goto bad;
190 }
191 } else if (!V_nd6_onlink_ns_rfc4861) {
192 struct sockaddr_in6 src_sa6;
193
194 /*
195 * According to recent IETF discussions, it is not a good idea
196 * to accept a NS from an address which would not be deemed
197 * to be a neighbor otherwise. This point is expected to be
198 * clarified in future revisions of the specification.
199 */
200 bzero(&src_sa6, sizeof(src_sa6));
201 src_sa6.sin6_family = AF_INET6;
202 src_sa6.sin6_len = sizeof(src_sa6);
203 src_sa6.sin6_addr = saddr6;
204 if (nd6_is_addr_neighbor(&src_sa6, ifp) == 0) {
205 nd6log((LOG_INFO, "nd6_ns_input: "
206 "NS packet from non-neighbor\n"));
207 goto bad;
208 }
209 }
210
211 if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
212 nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n"));
213 goto bad;
214 }
215
216 icmp6len -= sizeof(*nd_ns);
217 nd6_option_init(nd_ns + 1, icmp6len, &ndopts);
218 if (nd6_options(&ndopts) < 0) {
219 nd6log((LOG_INFO,
220 "nd6_ns_input: invalid ND option, ignored\n"));
221 /* nd6_options have incremented stats */
222 goto freeit;
223 }
224
225 lladdr = NULL;
226 lladdrlen = 0;
227 if (ndopts.nd_opts_src_lladdr) {
228 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
229 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
230 }
231
232 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) {
233 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet "
234 "(link-layer address option)\n"));
235 goto bad;
236 }
237
238 /*
239 * Attaching target link-layer address to the NA?
240 * (RFC 2461 7.2.4)
241 *
242 * NS IP dst is unicast/anycast MUST NOT add
243 * NS IP dst is solicited-node multicast MUST add
244 *
245 * In implementation, we add target link-layer address by default.
246 * We do not add one in MUST NOT cases.
247 */
248 if (!IN6_IS_ADDR_MULTICAST(&daddr6))
249 tlladdr = 0;
250 else
251 tlladdr = 1;
252
253 /*
254 * Target address (taddr6) must be either:
255 * (1) Valid unicast/anycast address for my receiving interface,
256 * (2) Unicast address for which I'm offering proxy service, or
257 * (3) "tentative" address on which DAD is being performed.
258 */
259 /* (1) and (3) check. */
260 if (ifp->if_carp)
261 ifa = (*carp_iamatch6_p)(ifp, &taddr6);
262 else
263 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
264
265 /* (2) check. */
266 proxy = 0;
267 if (ifa == NULL) {
268 if ((ifa = nd6_proxy_fill_sdl(ifp, &taddr6, &proxydl)) != NULL)
269 proxy = 1;
270 }
271 if (ifa == NULL) {
272 /*
273 * We've got an NS packet, and we don't have that address
274 * assigned for us. We MUST silently ignore it.
275 * See RFC2461 7.2.3.
276 */
277 goto freeit;
278 }
279 myaddr6 = *IFA_IN6(ifa);
280 anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST;
281 tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE;
282 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED)
283 goto freeit;
284
285 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
286 nd6log((LOG_INFO, "nd6_ns_input: lladdrlen mismatch for %s "
287 "(if %d, NS packet %d)\n",
288 ip6_sprintf(ip6bufs, &taddr6),
289 ifp->if_addrlen, lladdrlen - 2));
290 goto bad;
291 }
292
293 if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) {
294 nd6log((LOG_INFO, "nd6_ns_input: duplicate IP6 address %s\n",
295 ip6_sprintf(ip6bufs, &saddr6)));
296 goto freeit;
297 }
298
299 /*
300 * We have neighbor solicitation packet, with target address equals to
301 * one of my tentative address.
302 *
303 * src addr how to process?
304 * --- ---
305 * multicast of course, invalid (rejected in ip6_input)
306 * unicast somebody is doing address resolution -> ignore
307 * unspec dup address detection
308 *
309 * The processing is defined in RFC 2462.
310 */
311 if (tentative) {
312 /*
313 * If source address is unspecified address, it is for
314 * duplicate address detection.
315 *
316 * If not, the packet is for addess resolution;
317 * silently ignore it.
318 */
319 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6))
320 nd6_dad_ns_input(ifa, ndopts.nd_opts_nonce);
321
322 goto freeit;
323 }
324
325 /*
326 * If the source address is unspecified address, entries must not
327 * be created or updated.
328 * It looks that sender is performing DAD. Output NA toward
329 * all-node multicast address, to tell the sender that I'm using
330 * the address.
331 * S bit ("solicited") must be zero.
332 */
333 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
334 struct in6_addr in6_all;
335
336 in6_all = in6addr_linklocal_allnodes;
337 if (in6_setscope(&in6_all, ifp, NULL) != 0)
338 goto bad;
339 nd6_na_output_fib(ifp, &in6_all, &taddr6,
340 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) |
341 rflag, tlladdr, proxy ? (struct sockaddr *)&proxydl : NULL,
342 M_GETFIB(m));
343 goto freeit;
344 }
345
346 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen,
347 ND_NEIGHBOR_SOLICIT, 0);
348
349 nd6_na_output_fib(ifp, &saddr6, &taddr6,
350 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) |
351 rflag | ND_NA_FLAG_SOLICITED, tlladdr,
352 proxy ? (struct sockaddr *)&proxydl : NULL, M_GETFIB(m));
353 freeit:
354 if (ifa != NULL)
355 ifa_free(ifa);
356 m_freem(m);
357 return;
358
359 bad:
360 nd6log((LOG_ERR, "nd6_ns_input: src=%s\n",
361 ip6_sprintf(ip6bufs, &saddr6)));
362 nd6log((LOG_ERR, "nd6_ns_input: dst=%s\n",
363 ip6_sprintf(ip6bufs, &daddr6)));
364 nd6log((LOG_ERR, "nd6_ns_input: tgt=%s\n",
365 ip6_sprintf(ip6bufs, &taddr6)));
366 bads:
367 ICMP6STAT_INC(icp6s_badns);
368 if (ifa != NULL)
369 ifa_free(ifa);
370 m_freem(m);
371 }
372
373 static struct ifaddr *
nd6_proxy_fill_sdl(struct ifnet * ifp,const struct in6_addr * taddr6,struct sockaddr_dl * sdl)374 nd6_proxy_fill_sdl(struct ifnet *ifp, const struct in6_addr *taddr6,
375 struct sockaddr_dl *sdl)
376 {
377 struct ifaddr *ifa;
378 struct llentry *ln;
379
380 ifa = NULL;
381 ln = nd6_lookup(taddr6, LLE_SF(AF_INET6, 0), ifp);
382 if (ln == NULL)
383 return (ifa);
384 if ((ln->la_flags & (LLE_PUB | LLE_VALID)) == (LLE_PUB | LLE_VALID)) {
385 link_init_sdl(ifp, (struct sockaddr *)sdl, ifp->if_type);
386 sdl->sdl_alen = ifp->if_addrlen;
387 bcopy(ln->ll_addr, &sdl->sdl_data, ifp->if_addrlen);
388 LLE_RUNLOCK(ln);
389 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp,
390 IN6_IFF_NOTREADY|IN6_IFF_ANYCAST);
391 } else
392 LLE_RUNLOCK(ln);
393
394 return (ifa);
395 }
396
397 /*
398 * Output a Neighbor Solicitation Message. Caller specifies:
399 * - ICMP6 header source IP6 address
400 * - ND6 header target IP6 address
401 * - ND6 header source datalink address
402 *
403 * Based on RFC 2461
404 * Based on RFC 2462 (duplicate address detection)
405 *
406 * ln - for source address determination
407 * nonce - If non-NULL, NS is used for duplicate address detection and
408 * the value (length is ND_OPT_NONCE_LEN) is used as a random nonce.
409 */
410 static void
nd6_ns_output_fib(struct ifnet * ifp,const struct in6_addr * saddr6,const struct in6_addr * daddr6,const struct in6_addr * taddr6,uint8_t * nonce,u_int fibnum)411 nd6_ns_output_fib(struct ifnet *ifp, const struct in6_addr *saddr6,
412 const struct in6_addr *daddr6, const struct in6_addr *taddr6,
413 uint8_t *nonce, u_int fibnum)
414 {
415 struct mbuf *m;
416 struct m_tag *mtag;
417 struct ip6_hdr *ip6;
418 struct nd_neighbor_solicit *nd_ns;
419 struct ip6_moptions im6o;
420 int icmp6len;
421 int maxlen;
422
423 NET_EPOCH_ASSERT();
424
425 if (IN6_IS_ADDR_MULTICAST(taddr6))
426 return;
427
428 /* estimate the size of message */
429 maxlen = sizeof(*ip6) + sizeof(*nd_ns);
430 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
431 KASSERT(max_linkhdr + maxlen <= MCLBYTES, (
432 "%s: max_linkhdr + maxlen > MCLBYTES (%d + %d > %d)",
433 __func__, max_linkhdr, maxlen, MCLBYTES));
434
435 if (max_linkhdr + maxlen > MHLEN)
436 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
437 else
438 m = m_gethdr(M_NOWAIT, MT_DATA);
439 if (m == NULL)
440 return;
441 M_SETFIB(m, fibnum);
442
443 if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) {
444 m->m_flags |= M_MCAST;
445 im6o.im6o_multicast_ifp = ifp;
446 im6o.im6o_multicast_hlim = 255;
447 im6o.im6o_multicast_loop = 0;
448 }
449
450 icmp6len = sizeof(*nd_ns);
451 m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len;
452 m->m_data += max_linkhdr; /* or M_ALIGN() equivalent? */
453
454 /* fill neighbor solicitation packet */
455 ip6 = mtod(m, struct ip6_hdr *);
456 ip6->ip6_flow = 0;
457 ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
458 ip6->ip6_vfc |= IPV6_VERSION;
459 /* ip6->ip6_plen will be set later */
460 ip6->ip6_nxt = IPPROTO_ICMPV6;
461 ip6->ip6_hlim = 255;
462 if (daddr6)
463 ip6->ip6_dst = *daddr6;
464 else {
465 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
466 ip6->ip6_dst.s6_addr16[1] = 0;
467 ip6->ip6_dst.s6_addr32[1] = 0;
468 ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE;
469 ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3];
470 ip6->ip6_dst.s6_addr8[12] = 0xff;
471 if (in6_setscope(&ip6->ip6_dst, ifp, NULL) != 0)
472 goto bad;
473 }
474 if (nonce == NULL) {
475 char ip6buf[INET6_ADDRSTRLEN];
476 struct ifaddr *ifa = NULL;
477
478 /*
479 * RFC2461 7.2.2:
480 * "If the source address of the packet prompting the
481 * solicitation is the same as one of the addresses assigned
482 * to the outgoing interface, that address SHOULD be placed
483 * in the IP Source Address of the outgoing solicitation.
484 * Otherwise, any one of the addresses assigned to the
485 * interface should be used."
486 *
487 * We use the source address for the prompting packet
488 * (saddr6), if saddr6 belongs to the outgoing interface.
489 * Otherwise, we perform the source address selection as usual.
490 */
491 if (saddr6 != NULL)
492 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, saddr6);
493 if (ifa == NULL) {
494 int error;
495 struct in6_addr dst6, src6;
496 uint32_t scopeid;
497
498 in6_splitscope(&ip6->ip6_dst, &dst6, &scopeid);
499 error = in6_selectsrc_addr(fibnum, &dst6,
500 scopeid, ifp, &src6, NULL);
501 if (error) {
502 nd6log((LOG_DEBUG, "%s: source can't be "
503 "determined: dst=%s, error=%d\n", __func__,
504 ip6_sprintf(ip6buf, &dst6),
505 error));
506 goto bad;
507 }
508 ip6->ip6_src = src6;
509 } else
510 ip6->ip6_src = *saddr6;
511
512 if (ifp->if_carp != NULL) {
513 /*
514 * Check that selected source address belongs to
515 * CARP addresses.
516 */
517 if (ifa == NULL)
518 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp,
519 &ip6->ip6_src);
520 /*
521 * Do not send NS for CARP address if we are not
522 * the CARP master.
523 */
524 if (ifa != NULL && ifa->ifa_carp != NULL &&
525 !(*carp_master_p)(ifa)) {
526 nd6log((LOG_DEBUG,
527 "nd6_ns_output: NS from BACKUP CARP address %s\n",
528 ip6_sprintf(ip6buf, &ip6->ip6_src)));
529 ifa_free(ifa);
530 goto bad;
531 }
532 }
533 if (ifa != NULL)
534 ifa_free(ifa);
535 } else {
536 /*
537 * Source address for DAD packet must always be IPv6
538 * unspecified address. (0::0)
539 * We actually don't have to 0-clear the address (we did it
540 * above), but we do so here explicitly to make the intention
541 * clearer.
542 */
543 bzero(&ip6->ip6_src, sizeof(ip6->ip6_src));
544 }
545 nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1);
546 nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT;
547 nd_ns->nd_ns_code = 0;
548 nd_ns->nd_ns_reserved = 0;
549 nd_ns->nd_ns_target = *taddr6;
550 in6_clearscope(&nd_ns->nd_ns_target); /* XXX */
551
552 /*
553 * Add source link-layer address option.
554 *
555 * spec implementation
556 * --- ---
557 * DAD packet MUST NOT do not add the option
558 * there's no link layer address:
559 * impossible do not add the option
560 * there's link layer address:
561 * Multicast NS MUST add one add the option
562 * Unicast NS SHOULD add one add the option
563 */
564 if (nonce == NULL) {
565 struct nd_opt_hdr *nd_opt;
566 char *mac;
567 int optlen;
568
569 mac = NULL;
570 if (ifp->if_carp)
571 mac = (*carp_macmatch6_p)(ifp, m, &ip6->ip6_src);
572 if (mac == NULL)
573 mac = nd6_ifptomac(ifp);
574
575 if (mac != NULL) {
576 nd_opt = (struct nd_opt_hdr *)(nd_ns + 1);
577 optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
578 /* 8 byte alignments... */
579 optlen = (optlen + 7) & ~7;
580 m->m_pkthdr.len += optlen;
581 m->m_len += optlen;
582 icmp6len += optlen;
583 bzero(nd_opt, optlen);
584 nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR;
585 nd_opt->nd_opt_len = optlen >> 3;
586 bcopy(mac, nd_opt + 1, ifp->if_addrlen);
587 }
588 }
589 /*
590 * Add a Nonce option (RFC 3971) to detect looped back NS messages.
591 * This behavior is documented as Enhanced Duplicate Address
592 * Detection in RFC 7527.
593 * net.inet6.ip6.dad_enhanced=0 disables this.
594 */
595 if (V_dad_enhanced != 0 && nonce != NULL) {
596 int optlen = sizeof(struct nd_opt_hdr) + ND_OPT_NONCE_LEN;
597 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1);
598 /* 8-byte alignment is required. */
599 optlen = (optlen + 7) & ~7;
600
601 m->m_pkthdr.len += optlen;
602 m->m_len += optlen;
603 icmp6len += optlen;
604 bzero((caddr_t)nd_opt, optlen);
605 nd_opt->nd_opt_type = ND_OPT_NONCE;
606 nd_opt->nd_opt_len = optlen >> 3;
607 bcopy(nonce, (caddr_t)(nd_opt + 1), ND_OPT_NONCE_LEN);
608 }
609 ip6->ip6_plen = htons((u_short)icmp6len);
610 nd_ns->nd_ns_cksum = 0;
611 nd_ns->nd_ns_cksum =
612 in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len);
613
614 if (send_sendso_input_hook != NULL) {
615 mtag = m_tag_get(PACKET_TAG_ND_OUTGOING,
616 sizeof(unsigned short), M_NOWAIT);
617 if (mtag == NULL)
618 goto bad;
619 *(unsigned short *)(mtag + 1) = nd_ns->nd_ns_type;
620 m_tag_prepend(m, mtag);
621 }
622
623 ip6_output(m, NULL, NULL, (nonce != NULL) ? IPV6_UNSPECSRC : 0,
624 &im6o, NULL, NULL);
625 icmp6_ifstat_inc(ifp, ifs6_out_msg);
626 icmp6_ifstat_inc(ifp, ifs6_out_neighborsolicit);
627 ICMP6STAT_INC2(icp6s_outhist, ND_NEIGHBOR_SOLICIT);
628
629 return;
630
631 bad:
632 m_freem(m);
633 }
634
635 #ifndef BURN_BRIDGES
636 void
nd6_ns_output(struct ifnet * ifp,const struct in6_addr * saddr6,const struct in6_addr * daddr6,const struct in6_addr * taddr6,uint8_t * nonce)637 nd6_ns_output(struct ifnet *ifp, const struct in6_addr *saddr6,
638 const struct in6_addr *daddr6, const struct in6_addr *taddr6,uint8_t *nonce)
639 {
640
641 nd6_ns_output_fib(ifp, saddr6, daddr6, taddr6, nonce, RT_DEFAULT_FIB);
642 }
643 #endif
644 /*
645 * Neighbor advertisement input handling.
646 *
647 * Based on RFC 2461
648 * Based on RFC 2462 (duplicate address detection)
649 *
650 * the following items are not implemented yet:
651 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
652 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
653 */
654 void
nd6_na_input(struct mbuf * m,int off,int icmp6len)655 nd6_na_input(struct mbuf *m, int off, int icmp6len)
656 {
657 struct ifnet *ifp;
658 struct ip6_hdr *ip6;
659 struct ifaddr *ifa;
660 struct llentry *ln;
661 struct mbuf *chain;
662 struct nd_neighbor_advert *nd_na;
663 struct in6_addr daddr6, taddr6;
664 union nd_opts ndopts;
665 u_char linkhdr[LLE_MAX_LINKHDR];
666 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
667 char *lladdr;
668 size_t linkhdrsize;
669 int flags, is_override, is_router, is_solicited;
670 int lladdr_off, lladdrlen, checklink;
671 bool flush_holdchain = false;
672
673 NET_EPOCH_ASSERT();
674
675 chain = NULL;
676 ln = NULL;
677 checklink = 0;
678
679 /* RFC 6980: Nodes MUST silently ignore fragments */
680 if(m->m_flags & M_FRAGMENTED)
681 goto freeit;
682
683 ifp = m->m_pkthdr.rcvif;
684 ip6 = mtod(m, struct ip6_hdr *);
685 if (__predict_false(ip6->ip6_hlim != 255)) {
686 ICMP6STAT_INC(icp6s_invlhlim);
687 nd6log((LOG_ERR,
688 "nd6_na_input: invalid hlim (%d) from %s to %s on %s\n",
689 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
690 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
691 goto bad;
692 }
693
694 if (m->m_len < off + icmp6len) {
695 m = m_pullup(m, off + icmp6len);
696 if (m == NULL) {
697 IP6STAT_INC(ip6s_exthdrtoolong);
698 return;
699 }
700 }
701 ip6 = mtod(m, struct ip6_hdr *);
702 nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off);
703
704 flags = nd_na->nd_na_flags_reserved;
705 is_router = ((flags & ND_NA_FLAG_ROUTER) != 0);
706 is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0);
707 is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0);
708
709 taddr6 = nd_na->nd_na_target;
710 if (in6_setscope(&taddr6, ifp, NULL))
711 goto bad; /* XXX: impossible */
712
713 if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
714 nd6log((LOG_ERR,
715 "nd6_na_input: invalid target address %s\n",
716 ip6_sprintf(ip6bufs, &taddr6)));
717 goto bad;
718 }
719
720 daddr6 = ip6->ip6_dst;
721 if (IN6_IS_ADDR_MULTICAST(&daddr6))
722 if (is_solicited) {
723 nd6log((LOG_ERR,
724 "nd6_na_input: a solicited adv is multicasted\n"));
725 goto bad;
726 }
727
728 icmp6len -= sizeof(*nd_na);
729 nd6_option_init(nd_na + 1, icmp6len, &ndopts);
730 if (nd6_options(&ndopts) < 0) {
731 nd6log((LOG_INFO,
732 "nd6_na_input: invalid ND option, ignored\n"));
733 /* nd6_options have incremented stats */
734 goto freeit;
735 }
736
737 lladdr = NULL;
738 lladdrlen = 0;
739 if (ndopts.nd_opts_tgt_lladdr) {
740 lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1);
741 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
742 }
743
744 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
745 if (ifa != NULL && ifa->ifa_carp != NULL) {
746 /*
747 * Silently ignore NAs for CARP addresses if we are not
748 * the CARP master.
749 */
750 if (!(*carp_master_p)(ifa)) {
751 nd6log((LOG_DEBUG,
752 "nd6_na_input: NA for BACKUP CARP address %s\n",
753 ip6_sprintf(ip6bufs, &taddr6)));
754 ifa_free(ifa);
755 goto freeit;
756 }
757 }
758 /*
759 * Target address matches one of my interface address.
760 *
761 * If my address is tentative, this means that there's somebody
762 * already using the same address as mine. This indicates DAD failure.
763 * This is defined in RFC 2462.
764 *
765 * Otherwise, process as defined in RFC 2461.
766 */
767 if (ifa
768 && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) {
769 nd6_dad_na_input(ifa);
770 ifa_free(ifa);
771 goto freeit;
772 }
773
774 /* Just for safety, maybe unnecessary. */
775 if (ifa) {
776 ifa_free(ifa);
777 log(LOG_ERR,
778 "nd6_na_input: duplicate IP6 address %s\n",
779 ip6_sprintf(ip6bufs, &taddr6));
780 goto freeit;
781 }
782
783 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
784 nd6log((LOG_INFO, "nd6_na_input: lladdrlen mismatch for %s "
785 "(if %d, NA packet %d)\n", ip6_sprintf(ip6bufs, &taddr6),
786 ifp->if_addrlen, lladdrlen - 2));
787 goto bad;
788 }
789
790 /*
791 * If no neighbor cache entry is found, NA SHOULD silently be
792 * discarded.
793 */
794 ln = nd6_lookup(&taddr6, LLE_SF(AF_INET6, LLE_EXCLUSIVE), ifp);
795 if (ln == NULL) {
796 goto freeit;
797 }
798
799 /*
800 * Do not try to override static entry.
801 */
802 if (ln->la_flags & LLE_STATIC)
803 goto freeit;
804
805 if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
806 /*
807 * If the link-layer has address, and no lladdr option came,
808 * discard the packet.
809 */
810 if (ifp->if_addrlen && lladdr == NULL) {
811 goto freeit;
812 }
813
814 /*
815 * Record link-layer address, and update the state.
816 */
817 if (!nd6_try_set_entry_addr(ifp, ln, lladdr))
818 goto freeit;
819
820 flush_holdchain = true;
821 if (is_solicited)
822 nd6_llinfo_setstate(ln, ND6_LLINFO_REACHABLE);
823 else
824 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE);
825 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED);
826 if ((ln->ln_router = is_router) != 0) {
827 /*
828 * This means a router's state has changed from
829 * non-reachable to probably reachable, and might
830 * affect the status of associated prefixes..
831 */
832 checklink = 1;
833 }
834 } else {
835 int llchange;
836
837 /*
838 * Check if the link-layer address has changed or not.
839 */
840 if (lladdr == NULL)
841 llchange = 0;
842 else {
843 if (ln->la_flags & LLE_VALID) {
844 if (bcmp(lladdr, ln->ll_addr, ifp->if_addrlen))
845 llchange = 1;
846 else
847 llchange = 0;
848 } else
849 llchange = 1;
850 }
851
852 /*
853 * This is VERY complex. Look at it with care.
854 *
855 * override solicit lladdr llchange action
856 * (L: record lladdr)
857 *
858 * 0 0 n -- (2c)
859 * 0 0 y n (2b) L
860 * 0 0 y y (1) REACHABLE->STALE
861 * 0 1 n -- (2c) *->REACHABLE
862 * 0 1 y n (2b) L *->REACHABLE
863 * 0 1 y y (1) REACHABLE->STALE
864 * 1 0 n -- (2a)
865 * 1 0 y n (2a) L
866 * 1 0 y y (2a) L *->STALE
867 * 1 1 n -- (2a) *->REACHABLE
868 * 1 1 y n (2a) L *->REACHABLE
869 * 1 1 y y (2a) L *->REACHABLE
870 */
871 if (!is_override && (lladdr != NULL && llchange)) { /* (1) */
872 /*
873 * If state is REACHABLE, make it STALE.
874 * no other updates should be done.
875 */
876 if (ln->ln_state == ND6_LLINFO_REACHABLE)
877 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE);
878 goto freeit;
879 } else if (is_override /* (2a) */
880 || (!is_override && (lladdr != NULL && !llchange)) /* (2b) */
881 || lladdr == NULL) { /* (2c) */
882 /*
883 * Update link-local address, if any.
884 */
885 if (lladdr != NULL) {
886 linkhdrsize = sizeof(linkhdr);
887 if (lltable_calc_llheader(ifp, AF_INET6, lladdr,
888 linkhdr, &linkhdrsize, &lladdr_off) != 0)
889 goto freeit;
890 if (lltable_try_set_entry_addr(ifp, ln, linkhdr,
891 linkhdrsize, lladdr_off) == 0)
892 goto freeit;
893 EVENTHANDLER_INVOKE(lle_event, ln,
894 LLENTRY_RESOLVED);
895 }
896
897 /*
898 * If solicited, make the state REACHABLE.
899 * If not solicited and the link-layer address was
900 * changed, make it STALE.
901 */
902 if (is_solicited)
903 nd6_llinfo_setstate(ln, ND6_LLINFO_REACHABLE);
904 else {
905 if (lladdr != NULL && llchange)
906 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE);
907 }
908 }
909
910 if (ln->ln_router && !is_router) {
911 /*
912 * The peer dropped the router flag.
913 * Remove the sender from the Default Router List and
914 * update the Destination Cache entries.
915 */
916 struct ifnet *nd6_ifp;
917
918 nd6_ifp = lltable_get_ifp(ln->lle_tbl);
919 if (!defrouter_remove(&ln->r_l3addr.addr6, nd6_ifp) &&
920 (ND_IFINFO(nd6_ifp)->flags &
921 ND6_IFF_ACCEPT_RTADV) != 0)
922 /*
923 * Even if the neighbor is not in the default
924 * router list, the neighbor may be used as a
925 * next hop for some destinations (e.g. redirect
926 * case). So we must call rt6_flush explicitly.
927 */
928 rt6_flush(&ip6->ip6_src, ifp);
929 }
930 ln->ln_router = is_router;
931 }
932 /* XXX - QL
933 * Does this matter?
934 * rt->rt_flags &= ~RTF_REJECT;
935 */
936 ln->la_asked = 0;
937 if (ln->la_hold != NULL)
938 chain = nd6_grab_holdchain(ln);
939 freeit:
940 if (ln != NULL)
941 LLE_WUNLOCK(ln);
942
943 if (chain != NULL)
944 nd6_flush_holdchain(ifp, ln, chain);
945 if (flush_holdchain)
946 nd6_flush_children_holdchain(ifp, ln);
947
948 if (checklink)
949 pfxlist_onlink_check();
950
951 m_freem(m);
952 return;
953
954 bad:
955 if (ln != NULL)
956 LLE_WUNLOCK(ln);
957
958 ICMP6STAT_INC(icp6s_badna);
959 m_freem(m);
960 }
961
962 /*
963 * Neighbor advertisement output handling.
964 *
965 * Based on RFC 2461
966 *
967 * the following items are not implemented yet:
968 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
969 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
970 *
971 * tlladdr - 1 if include target link-layer address
972 * sdl0 - sockaddr_dl (= proxy NA) or NULL
973 */
974 static void
nd6_na_output_fib(struct ifnet * ifp,const struct in6_addr * daddr6_0,const struct in6_addr * taddr6,u_long flags,int tlladdr,struct sockaddr * sdl0,u_int fibnum)975 nd6_na_output_fib(struct ifnet *ifp, const struct in6_addr *daddr6_0,
976 const struct in6_addr *taddr6, u_long flags, int tlladdr,
977 struct sockaddr *sdl0, u_int fibnum)
978 {
979 struct mbuf *m;
980 struct m_tag *mtag;
981 struct ip6_hdr *ip6;
982 struct nd_neighbor_advert *nd_na;
983 struct ip6_moptions im6o;
984 struct in6_addr daddr6, dst6, src6;
985 uint32_t scopeid;
986
987 NET_EPOCH_ASSERT();
988
989 int icmp6len, maxlen, error;
990 caddr_t mac = NULL;
991
992 daddr6 = *daddr6_0; /* make a local copy for modification */
993
994 /* estimate the size of message */
995 maxlen = sizeof(*ip6) + sizeof(*nd_na);
996 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
997 KASSERT(max_linkhdr + maxlen <= MCLBYTES, (
998 "%s: max_linkhdr + maxlen > MCLBYTES (%d + %d > %d)",
999 __func__, max_linkhdr, maxlen, MCLBYTES));
1000
1001 if (max_linkhdr + maxlen > MHLEN)
1002 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
1003 else
1004 m = m_gethdr(M_NOWAIT, MT_DATA);
1005 if (m == NULL)
1006 return;
1007 M_SETFIB(m, fibnum);
1008
1009 if (IN6_IS_ADDR_MULTICAST(&daddr6)) {
1010 m->m_flags |= M_MCAST;
1011 im6o.im6o_multicast_ifp = ifp;
1012 im6o.im6o_multicast_hlim = 255;
1013 im6o.im6o_multicast_loop = 0;
1014 }
1015
1016 icmp6len = sizeof(*nd_na);
1017 m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len;
1018 m->m_data += max_linkhdr; /* or M_ALIGN() equivalent? */
1019
1020 /* fill neighbor advertisement packet */
1021 ip6 = mtod(m, struct ip6_hdr *);
1022 ip6->ip6_flow = 0;
1023 ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
1024 ip6->ip6_vfc |= IPV6_VERSION;
1025 ip6->ip6_nxt = IPPROTO_ICMPV6;
1026 ip6->ip6_hlim = 255;
1027 if (IN6_IS_ADDR_UNSPECIFIED(&daddr6)) {
1028 /* reply to DAD */
1029 daddr6.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
1030 daddr6.s6_addr16[1] = 0;
1031 daddr6.s6_addr32[1] = 0;
1032 daddr6.s6_addr32[2] = 0;
1033 daddr6.s6_addr32[3] = IPV6_ADDR_INT32_ONE;
1034 if (in6_setscope(&daddr6, ifp, NULL))
1035 goto bad;
1036
1037 flags &= ~ND_NA_FLAG_SOLICITED;
1038 }
1039 ip6->ip6_dst = daddr6;
1040
1041 /*
1042 * Select a source whose scope is the same as that of the dest.
1043 */
1044 in6_splitscope(&daddr6, &dst6, &scopeid);
1045 error = in6_selectsrc_addr(fibnum, &dst6,
1046 scopeid, ifp, &src6, NULL);
1047 if (error) {
1048 char ip6buf[INET6_ADDRSTRLEN];
1049 nd6log((LOG_DEBUG, "nd6_na_output: source can't be "
1050 "determined: dst=%s, error=%d\n",
1051 ip6_sprintf(ip6buf, &daddr6), error));
1052 goto bad;
1053 }
1054 ip6->ip6_src = src6;
1055 nd_na = (struct nd_neighbor_advert *)(ip6 + 1);
1056 nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
1057 nd_na->nd_na_code = 0;
1058 nd_na->nd_na_target = *taddr6;
1059 in6_clearscope(&nd_na->nd_na_target); /* XXX */
1060
1061 /*
1062 * "tlladdr" indicates NS's condition for adding tlladdr or not.
1063 * see nd6_ns_input() for details.
1064 * Basically, if NS packet is sent to unicast/anycast addr,
1065 * target lladdr option SHOULD NOT be included.
1066 */
1067 if (tlladdr) {
1068 /*
1069 * sdl0 != NULL indicates proxy NA. If we do proxy, use
1070 * lladdr in sdl0. If we are not proxying (sending NA for
1071 * my address) use lladdr configured for the interface.
1072 */
1073 if (sdl0 == NULL) {
1074 if (ifp->if_carp)
1075 mac = (*carp_macmatch6_p)(ifp, m, taddr6);
1076 if (mac == NULL)
1077 mac = nd6_ifptomac(ifp);
1078 } else if (sdl0->sa_family == AF_LINK) {
1079 struct sockaddr_dl *sdl;
1080 sdl = (struct sockaddr_dl *)sdl0;
1081 if (sdl->sdl_alen == ifp->if_addrlen)
1082 mac = LLADDR(sdl);
1083 }
1084 }
1085 if (tlladdr && mac) {
1086 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
1087 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1);
1088
1089 /* roundup to 8 bytes alignment! */
1090 optlen = (optlen + 7) & ~7;
1091
1092 m->m_pkthdr.len += optlen;
1093 m->m_len += optlen;
1094 icmp6len += optlen;
1095 bzero((caddr_t)nd_opt, optlen);
1096 nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR;
1097 nd_opt->nd_opt_len = optlen >> 3;
1098 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen);
1099 } else
1100 flags &= ~ND_NA_FLAG_OVERRIDE;
1101
1102 ip6->ip6_plen = htons((u_short)icmp6len);
1103 nd_na->nd_na_flags_reserved = flags;
1104 nd_na->nd_na_cksum = 0;
1105 nd_na->nd_na_cksum =
1106 in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len);
1107
1108 if (send_sendso_input_hook != NULL) {
1109 mtag = m_tag_get(PACKET_TAG_ND_OUTGOING,
1110 sizeof(unsigned short), M_NOWAIT);
1111 if (mtag == NULL)
1112 goto bad;
1113 *(unsigned short *)(mtag + 1) = nd_na->nd_na_type;
1114 m_tag_prepend(m, mtag);
1115 }
1116
1117 ip6_output(m, NULL, NULL, 0, &im6o, NULL, NULL);
1118 icmp6_ifstat_inc(ifp, ifs6_out_msg);
1119 icmp6_ifstat_inc(ifp, ifs6_out_neighboradvert);
1120 ICMP6STAT_INC2(icp6s_outhist, ND_NEIGHBOR_ADVERT);
1121
1122 return;
1123
1124 bad:
1125 m_freem(m);
1126 }
1127
1128 #ifndef BURN_BRIDGES
1129 void
nd6_na_output(struct ifnet * ifp,const struct in6_addr * daddr6_0,const struct in6_addr * taddr6,u_long flags,int tlladdr,struct sockaddr * sdl0)1130 nd6_na_output(struct ifnet *ifp, const struct in6_addr *daddr6_0,
1131 const struct in6_addr *taddr6, u_long flags, int tlladdr,
1132 struct sockaddr *sdl0)
1133 {
1134
1135 nd6_na_output_fib(ifp, daddr6_0, taddr6, flags, tlladdr, sdl0,
1136 RT_DEFAULT_FIB);
1137 }
1138 #endif
1139
1140 caddr_t
nd6_ifptomac(struct ifnet * ifp)1141 nd6_ifptomac(struct ifnet *ifp)
1142 {
1143 switch (ifp->if_type) {
1144 case IFT_ETHER:
1145 case IFT_IEEE1394:
1146 case IFT_L2VLAN:
1147 case IFT_INFINIBAND:
1148 case IFT_BRIDGE:
1149 return IF_LLADDR(ifp);
1150 default:
1151 return NULL;
1152 }
1153 }
1154
1155 struct dadq {
1156 TAILQ_ENTRY(dadq) dad_list;
1157 struct ifaddr *dad_ifa;
1158 int dad_count; /* max NS to send */
1159 int dad_ns_tcount; /* # of trials to send NS */
1160 int dad_ns_ocount; /* NS sent so far */
1161 int dad_ns_icount;
1162 int dad_na_icount;
1163 int dad_ns_lcount; /* looped back NS */
1164 int dad_loopbackprobe; /* probing state for loopback detection */
1165 struct callout dad_timer_ch;
1166 struct vnet *dad_vnet;
1167 u_int dad_refcnt;
1168 #define ND_OPT_NONCE_LEN32 \
1169 ((ND_OPT_NONCE_LEN + sizeof(uint32_t) - 1)/sizeof(uint32_t))
1170 uint32_t dad_nonce[ND_OPT_NONCE_LEN32];
1171 bool dad_ondadq; /* on dadq? Protected by DADQ_WLOCK. */
1172 };
1173
1174 VNET_DEFINE_STATIC(TAILQ_HEAD(, dadq), dadq);
1175 VNET_DEFINE_STATIC(struct rwlock, dad_rwlock);
1176 #define V_dadq VNET(dadq)
1177 #define V_dad_rwlock VNET(dad_rwlock)
1178
1179 #define DADQ_LOCKPTR() (&V_dad_rwlock)
1180 #define DADQ_LOCK_INIT() rw_init(DADQ_LOCKPTR(), "nd6 DAD queue")
1181 #define DADQ_RLOCK() rw_rlock(DADQ_LOCKPTR())
1182 #define DADQ_RUNLOCK() rw_runlock(DADQ_LOCKPTR())
1183 #define DADQ_WLOCK() rw_wlock(DADQ_LOCKPTR())
1184 #define DADQ_WUNLOCK() rw_wunlock(DADQ_LOCKPTR())
1185
1186 #define DADQ_LOCK_ASSERT() rw_assert(DADQ_LOCKPTR(), RA_LOCKED);
1187 #define DADQ_RLOCK_ASSERT() rw_assert(DADQ_LOCKPTR(), RA_RLOCKED);
1188 #define DADQ_WLOCK_ASSERT() rw_assert(DADQ_LOCKPTR(), RA_WLOCKED);
1189
1190 static void
nd6_dad_add(struct dadq * dp)1191 nd6_dad_add(struct dadq *dp)
1192 {
1193 DADQ_WLOCK_ASSERT();
1194
1195 TAILQ_INSERT_TAIL(&V_dadq, dp, dad_list);
1196 dp->dad_ondadq = true;
1197 }
1198
1199 static void
nd6_dad_del(struct dadq * dp)1200 nd6_dad_del(struct dadq *dp)
1201 {
1202 DADQ_WLOCK_ASSERT();
1203
1204 if (dp->dad_ondadq) {
1205 /*
1206 * Remove dp from the dadq and release the dadq's
1207 * reference.
1208 */
1209 TAILQ_REMOVE(&V_dadq, dp, dad_list);
1210 dp->dad_ondadq = false;
1211 nd6_dad_rele(dp);
1212 }
1213 }
1214
1215 static struct dadq *
nd6_dad_find(struct ifaddr * ifa,struct nd_opt_nonce * n)1216 nd6_dad_find(struct ifaddr *ifa, struct nd_opt_nonce *n)
1217 {
1218 struct dadq *dp;
1219
1220 DADQ_LOCK_ASSERT();
1221
1222 TAILQ_FOREACH(dp, &V_dadq, dad_list) {
1223 if (dp->dad_ifa != ifa)
1224 continue;
1225
1226 /*
1227 * Skip if the nonce matches the received one.
1228 * +2 in the length is required because of type and
1229 * length fields are included in a header.
1230 */
1231 if (n != NULL &&
1232 n->nd_opt_nonce_len == (ND_OPT_NONCE_LEN + 2) / 8 &&
1233 memcmp(&n->nd_opt_nonce[0], &dp->dad_nonce[0],
1234 ND_OPT_NONCE_LEN) == 0) {
1235 dp->dad_ns_lcount++;
1236 continue;
1237 }
1238 break;
1239 }
1240
1241 return (dp);
1242 }
1243
1244 static void
nd6_dad_starttimer(struct dadq * dp,int ticks)1245 nd6_dad_starttimer(struct dadq *dp, int ticks)
1246 {
1247 DADQ_WLOCK_ASSERT();
1248
1249 callout_reset(&dp->dad_timer_ch, ticks, nd6_dad_timer, dp);
1250 }
1251
1252 static void
nd6_dad_stoptimer(struct dadq * dp)1253 nd6_dad_stoptimer(struct dadq *dp)
1254 {
1255 callout_drain(&dp->dad_timer_ch);
1256 }
1257
1258 static void
nd6_dad_rele(struct dadq * dp)1259 nd6_dad_rele(struct dadq *dp)
1260 {
1261 if (refcount_release(&dp->dad_refcnt)) {
1262 KASSERT(!dp->dad_ondadq, ("dp %p still on DAD queue", dp));
1263 ifa_free(dp->dad_ifa);
1264 free(dp, M_IP6NDP);
1265 }
1266 }
1267
1268 void
nd6_dad_init(void)1269 nd6_dad_init(void)
1270 {
1271 DADQ_LOCK_INIT();
1272 TAILQ_INIT(&V_dadq);
1273 }
1274
1275 /*
1276 * Start Duplicate Address Detection (DAD) for specified interface address.
1277 */
1278 void
nd6_dad_start(struct ifaddr * ifa,int delay)1279 nd6_dad_start(struct ifaddr *ifa, int delay)
1280 {
1281 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1282 struct dadq *dp;
1283 char ip6buf[INET6_ADDRSTRLEN];
1284
1285 KASSERT((ia->ia6_flags & IN6_IFF_TENTATIVE) != 0,
1286 ("starting DAD on non-tentative address %p", ifa));
1287
1288 /*
1289 * If we don't need DAD, don't do it.
1290 * There are several cases:
1291 * - DAD is disabled globally or on the interface
1292 * - the interface address is anycast
1293 */
1294 if ((ia->ia6_flags & IN6_IFF_ANYCAST) != 0 ||
1295 V_ip6_dad_count == 0 ||
1296 (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_NO_DAD) != 0) {
1297 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1298 return;
1299 }
1300 if ((ifa->ifa_ifp->if_flags & IFF_UP) == 0 ||
1301 (ifa->ifa_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
1302 (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_IFDISABLED) != 0)
1303 return;
1304
1305 DADQ_WLOCK();
1306 if ((dp = nd6_dad_find(ifa, NULL)) != NULL) {
1307 /*
1308 * DAD is already in progress. Let the existing entry
1309 * finish it.
1310 */
1311 DADQ_WUNLOCK();
1312 return;
1313 }
1314
1315 dp = malloc(sizeof(*dp), M_IP6NDP, M_NOWAIT | M_ZERO);
1316 if (dp == NULL) {
1317 log(LOG_ERR, "nd6_dad_start: memory allocation failed for "
1318 "%s(%s)\n",
1319 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
1320 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1321 return;
1322 }
1323 callout_init_rw(&dp->dad_timer_ch, DADQ_LOCKPTR(),
1324 CALLOUT_RETURNUNLOCKED);
1325 #ifdef VIMAGE
1326 dp->dad_vnet = curvnet;
1327 #endif
1328 nd6log((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp),
1329 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
1330
1331 /*
1332 * Send NS packet for DAD, ip6_dad_count times.
1333 * Note that we must delay the first transmission, if this is the
1334 * first packet to be sent from the interface after interface
1335 * (re)initialization.
1336 */
1337 dp->dad_ifa = ifa;
1338 ifa_ref(dp->dad_ifa);
1339 dp->dad_count = V_ip6_dad_count;
1340 dp->dad_ns_icount = dp->dad_na_icount = 0;
1341 dp->dad_ns_ocount = dp->dad_ns_tcount = 0;
1342 dp->dad_ns_lcount = dp->dad_loopbackprobe = 0;
1343
1344 /* Add this to the dadq and add a reference for the dadq. */
1345 refcount_init(&dp->dad_refcnt, 1);
1346 nd6_dad_add(dp);
1347 nd6_dad_starttimer(dp, delay);
1348 DADQ_WUNLOCK();
1349 }
1350
1351 /*
1352 * terminate DAD unconditionally. used for address removals.
1353 */
1354 void
nd6_dad_stop(struct ifaddr * ifa)1355 nd6_dad_stop(struct ifaddr *ifa)
1356 {
1357 struct dadq *dp;
1358
1359 DADQ_WLOCK();
1360 dp = nd6_dad_find(ifa, NULL);
1361 if (dp == NULL) {
1362 DADQ_WUNLOCK();
1363 /* DAD wasn't started yet */
1364 return;
1365 }
1366
1367 /*
1368 * Acquire a temporary reference so that we can safely stop the callout.
1369 */
1370 (void)refcount_acquire(&dp->dad_refcnt);
1371 nd6_dad_del(dp);
1372 DADQ_WUNLOCK();
1373
1374 nd6_dad_stoptimer(dp);
1375 nd6_dad_rele(dp);
1376 }
1377
1378 static void
nd6_dad_timer(void * arg)1379 nd6_dad_timer(void *arg)
1380 {
1381 struct dadq *dp = arg;
1382 struct ifaddr *ifa = dp->dad_ifa;
1383 struct ifnet *ifp = dp->dad_ifa->ifa_ifp;
1384 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1385 char ip6buf[INET6_ADDRSTRLEN];
1386 struct epoch_tracker et;
1387
1388 CURVNET_SET(dp->dad_vnet);
1389 KASSERT(ia != NULL, ("DAD entry %p with no address", dp));
1390
1391 NET_EPOCH_ENTER(et);
1392 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) {
1393 /* Do not need DAD for ifdisabled interface. */
1394 log(LOG_ERR, "nd6_dad_timer: cancel DAD on %s because of "
1395 "ND6_IFF_IFDISABLED.\n", ifp->if_xname);
1396 goto err;
1397 }
1398 if (ia->ia6_flags & IN6_IFF_DUPLICATED) {
1399 log(LOG_ERR, "nd6_dad_timer: called with duplicated address "
1400 "%s(%s)\n",
1401 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
1402 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1403 goto err;
1404 }
1405 if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) {
1406 log(LOG_ERR, "nd6_dad_timer: called with non-tentative address "
1407 "%s(%s)\n",
1408 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
1409 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1410 goto err;
1411 }
1412
1413 /* Stop DAD if the interface is down even after dad_maxtry attempts. */
1414 if ((dp->dad_ns_tcount > V_dad_maxtry) &&
1415 (((ifp->if_flags & IFF_UP) == 0) ||
1416 ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0))) {
1417 nd6log((LOG_INFO, "%s: could not run DAD "
1418 "because the interface was down or not running.\n",
1419 if_name(ifa->ifa_ifp)));
1420 goto err;
1421 }
1422
1423 /* Need more checks? */
1424 if (dp->dad_ns_ocount < dp->dad_count) {
1425 /*
1426 * We have more NS to go. Send NS packet for DAD.
1427 */
1428 nd6_dad_starttimer(dp,
1429 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
1430 nd6_dad_ns_output(dp);
1431 goto done;
1432 } else {
1433 /*
1434 * We have transmitted sufficient number of DAD packets.
1435 * See what we've got.
1436 */
1437 if (dp->dad_ns_icount > 0 || dp->dad_na_icount > 0) {
1438 /* We've seen NS or NA, means DAD has failed. */
1439 nd6_dad_duplicated(ifa, dp);
1440 } else if (V_dad_enhanced != 0 &&
1441 dp->dad_ns_lcount > 0 &&
1442 dp->dad_ns_lcount > dp->dad_loopbackprobe) {
1443 /*
1444 * Sec. 4.1 in RFC 7527 requires transmission of
1445 * additional probes until the loopback condition
1446 * becomes clear when a looped back probe is detected.
1447 */
1448 log(LOG_ERR, "%s: a looped back NS message is "
1449 "detected during DAD for %s. "
1450 "Another DAD probes are being sent.\n",
1451 if_name(ifa->ifa_ifp),
1452 ip6_sprintf(ip6buf, IFA_IN6(ifa)));
1453 dp->dad_loopbackprobe = dp->dad_ns_lcount;
1454 /*
1455 * Send an NS immediately and increase dad_count by
1456 * V_nd6_mmaxtries - 1.
1457 */
1458 dp->dad_count =
1459 dp->dad_ns_ocount + V_nd6_mmaxtries - 1;
1460 nd6_dad_starttimer(dp,
1461 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
1462 nd6_dad_ns_output(dp);
1463 goto done;
1464 } else {
1465 /*
1466 * We are done with DAD. No NA came, no NS came.
1467 * No duplicate address found. Check IFDISABLED flag
1468 * again in case that it is changed between the
1469 * beginning of this function and here.
1470 *
1471 * Reset DAD failures counter if using stable addresses.
1472 */
1473 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) == 0) {
1474 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1475 if ((ND_IFINFO(ifp)->flags & ND6_IFF_STABLEADDR) && !(ia->ia6_flags & IN6_IFF_TEMPORARY))
1476 counter_u64_zero(ND_IFINFO(ifp)->dad_failures);
1477 }
1478
1479 nd6log((LOG_DEBUG,
1480 "%s: DAD complete for %s - no duplicates found\n",
1481 if_name(ifa->ifa_ifp),
1482 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
1483 if (dp->dad_ns_lcount > 0)
1484 log(LOG_ERR, "%s: DAD completed while "
1485 "a looped back NS message is detected "
1486 "during DAD for %s.\n",
1487 if_name(ifa->ifa_ifp),
1488 ip6_sprintf(ip6buf, IFA_IN6(ifa)));
1489 }
1490 }
1491 err:
1492 nd6_dad_del(dp);
1493 DADQ_WUNLOCK();
1494 done:
1495 NET_EPOCH_EXIT(et);
1496 CURVNET_RESTORE();
1497 }
1498
1499 static void
nd6_dad_duplicated(struct ifaddr * ifa,struct dadq * dp)1500 nd6_dad_duplicated(struct ifaddr *ifa, struct dadq *dp)
1501 {
1502 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1503 struct ifnet *ifp;
1504 char ip6buf[INET6_ADDRSTRLEN];
1505
1506 ifp = ifa->ifa_ifp;
1507
1508 log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: "
1509 "NS in/out/loopback=%d/%d/%d, NA in=%d\n",
1510 if_name(ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
1511 dp->dad_ns_icount, dp->dad_ns_ocount, dp->dad_ns_lcount,
1512 dp->dad_na_icount);
1513
1514 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1515 ia->ia6_flags |= IN6_IFF_DUPLICATED;
1516
1517 log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n",
1518 if_name(ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr));
1519
1520 /*
1521 * For RFC 7217 stable addresses, increment failure counter here if we still have retries.
1522 * More addresses will be generated as long as retries are not exhausted.
1523 */
1524 if ((ND_IFINFO(ifp)->flags & ND6_IFF_STABLEADDR) && !(ia->ia6_flags & IN6_IFF_TEMPORARY)) {
1525 uint64_t dad_failures = counter_u64_fetch(ND_IFINFO(ifp)->dad_failures);
1526
1527 if (dad_failures <= V_ip6_stableaddr_maxretries) {
1528 counter_u64_add(ND_IFINFO(ifp)->dad_failures, 1);
1529 /* if retries exhausted, output an informative error message */
1530 if (dad_failures == V_ip6_stableaddr_maxretries)
1531 log(LOG_ERR, "%s: manual intervention required, consider disabling \"stableaddr\" on the interface"
1532 " or checking hostuuid for uniqueness\n",
1533 if_name(ifp));
1534 }
1535 } else {
1536 log(LOG_ERR, "%s: manual intervention required\n",
1537 if_name(ifp));
1538 }
1539
1540 /*
1541 * If the address is a link-local address formed from an interface
1542 * identifier based on the hardware address which is supposed to be
1543 * uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP
1544 * operation on the interface SHOULD be disabled.
1545 * [RFC 4862, Section 5.4.5]
1546 */
1547 if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
1548 struct in6_addr in6;
1549
1550 /*
1551 * To avoid over-reaction, we only apply this logic when we are
1552 * very sure that hardware addresses are supposed to be unique.
1553 */
1554 switch (ifp->if_type) {
1555 case IFT_ETHER:
1556 case IFT_ATM:
1557 case IFT_IEEE1394:
1558 case IFT_INFINIBAND:
1559 in6 = ia->ia_addr.sin6_addr;
1560 if (in6_get_hw_ifid(ifp, &in6) == 0 &&
1561 IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, &in6)) {
1562 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED;
1563 log(LOG_ERR, "%s: possible hardware address "
1564 "duplication detected, disable IPv6\n",
1565 if_name(ifp));
1566 }
1567 break;
1568 }
1569 }
1570 }
1571
1572 /*
1573 * Transmit a neighbour solicitation for the purpose of DAD. Returns with the
1574 * DAD queue unlocked.
1575 */
1576 static void
nd6_dad_ns_output(struct dadq * dp)1577 nd6_dad_ns_output(struct dadq *dp)
1578 {
1579 struct in6_ifaddr *ia = (struct in6_ifaddr *)dp->dad_ifa;
1580 struct ifnet *ifp = dp->dad_ifa->ifa_ifp;
1581 int i;
1582
1583 DADQ_WLOCK_ASSERT();
1584
1585 dp->dad_ns_tcount++;
1586 if ((ifp->if_flags & IFF_UP) == 0) {
1587 DADQ_WUNLOCK();
1588 return;
1589 }
1590 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1591 DADQ_WUNLOCK();
1592 return;
1593 }
1594
1595 dp->dad_ns_ocount++;
1596 if (V_dad_enhanced != 0) {
1597 for (i = 0; i < ND_OPT_NONCE_LEN32; i++)
1598 dp->dad_nonce[i] = arc4random();
1599 /*
1600 * XXXHRS: Note that in the case that
1601 * DupAddrDetectTransmits > 1, multiple NS messages with
1602 * different nonces can be looped back in an unexpected
1603 * order. The current implementation recognizes only
1604 * the latest nonce on the sender side. Practically it
1605 * should work well in almost all cases.
1606 */
1607 }
1608 DADQ_WUNLOCK();
1609 nd6_ns_output(ifp, NULL, NULL, &ia->ia_addr.sin6_addr,
1610 (uint8_t *)&dp->dad_nonce[0]);
1611 }
1612
1613 static void
nd6_dad_ns_input(struct ifaddr * ifa,struct nd_opt_nonce * ndopt_nonce)1614 nd6_dad_ns_input(struct ifaddr *ifa, struct nd_opt_nonce *ndopt_nonce)
1615 {
1616 struct dadq *dp;
1617
1618 if (ifa == NULL)
1619 panic("ifa == NULL in nd6_dad_ns_input");
1620
1621 /* Ignore Nonce option when Enhanced DAD is disabled. */
1622 if (V_dad_enhanced == 0)
1623 ndopt_nonce = NULL;
1624 DADQ_RLOCK();
1625 dp = nd6_dad_find(ifa, ndopt_nonce);
1626 if (dp != NULL)
1627 dp->dad_ns_icount++;
1628 DADQ_RUNLOCK();
1629 }
1630
1631 static void
nd6_dad_na_input(struct ifaddr * ifa)1632 nd6_dad_na_input(struct ifaddr *ifa)
1633 {
1634 struct dadq *dp;
1635
1636 if (ifa == NULL)
1637 panic("ifa == NULL in nd6_dad_na_input");
1638
1639 DADQ_RLOCK();
1640 dp = nd6_dad_find(ifa, NULL);
1641 if (dp != NULL)
1642 dp->dad_na_icount++;
1643 DADQ_RUNLOCK();
1644 }
1645