1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * $KAME: nd6_rtr.c,v 1.111 2001/04/27 01:37:15 jinmei Exp $
32 */
33
34 #include "opt_inet.h"
35 #include "opt_inet6.h"
36
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/malloc.h>
40 #include <sys/mbuf.h>
41 #include <sys/refcount.h>
42 #include <sys/socket.h>
43 #include <sys/sockio.h>
44 #include <sys/time.h>
45 #include <sys/kernel.h>
46 #include <sys/lock.h>
47 #include <sys/errno.h>
48 #include <sys/rmlock.h>
49 #include <sys/rwlock.h>
50 #include <sys/sysctl.h>
51 #include <sys/syslog.h>
52 #include <sys/queue.h>
53 #include <sys/random.h>
54
55 #include <net/if.h>
56 #include <net/if_var.h>
57 #include <net/if_private.h>
58 #include <net/if_types.h>
59 #include <net/if_dl.h>
60 #include <net/route.h>
61 #include <net/route/nhop.h>
62 #include <net/route/route_ctl.h>
63 #include <net/route/route_var.h>
64 #include <net/radix.h>
65 #include <net/vnet.h>
66
67 #include <netinet/in.h>
68 #include <net/if_llatbl.h>
69 #include <netinet6/in6_var.h>
70 #include <netinet6/in6_ifattach.h>
71 #include <netinet/ip6.h>
72 #include <netinet6/ip6_var.h>
73 #include <netinet6/nd6.h>
74 #include <netinet/icmp6.h>
75 #include <netinet6/scope6_var.h>
76
77 #include <machine/atomic.h>
78
79 MALLOC_DEFINE(M_IP6NDP, "ip6ndp", "IPv6 Neighbor Discovery");
80
81 struct nd_routectl {
82 struct ifnet *ndrt_ifp; /* nexthop interface */
83 struct sockaddr_in6 ndrt_gateway; /* gateway address */
84 struct sockaddr_in6 ndrt_prefix; /* route prefix */
85 struct sockaddr_in6 ndrt_mask; /* route prefix mask */
86 uint8_t ndrt_plen; /* route prefix len */
87 uint8_t ndrt_flags; /* route info flags */
88 uint32_t ndrt_lifetime; /* route info lifetime (sec) */
89 };
90
91 static struct nd_defrouter *defrtrlist_update(struct nd_defrouter *);
92 static void prelist_update(struct nd_prefixctl *, struct nd_defrouter *,
93 bool, int);
94 static int nd6_routelist_update(struct nd_routectl *);
95 static int nd6_prefix_onlink(struct nd_prefix *);
96 static int in6_get_tmp_ifid(struct in6_aliasreq *);
97
98 TAILQ_HEAD(nd6_drhead, nd_defrouter);
99 VNET_DEFINE_STATIC(struct nd6_drhead, nd6_defrouter);
100 #define V_nd6_defrouter VNET(nd6_defrouter)
101
102 VNET_DECLARE(int, nd6_recalc_reachtm_interval);
103 #define V_nd6_recalc_reachtm_interval VNET(nd6_recalc_reachtm_interval)
104
105 VNET_DEFINE_STATIC(struct ifnet *, nd6_defifp);
106 VNET_DEFINE(int, nd6_defifindex);
107 #define V_nd6_defifp VNET(nd6_defifp)
108
109 VNET_DEFINE(int, ip6_use_tempaddr) = 0;
110 VNET_DEFINE(bool, ip6_use_stableaddr) = 1;
111
112 VNET_DEFINE(int, ip6_desync_factor);
113 VNET_DEFINE(uint32_t, ip6_temp_max_desync_factor) = TEMP_MAX_DESYNC_FACTOR_BASE;
114 VNET_DEFINE(u_int32_t, ip6_temp_preferred_lifetime) = DEF_TEMP_PREFERRED_LIFETIME;
115 VNET_DEFINE(u_int32_t, ip6_temp_valid_lifetime) = DEF_TEMP_VALID_LIFETIME;
116
117 VNET_DEFINE(int, ip6_temp_regen_advance) = TEMPADDR_REGEN_ADVANCE;
118
119 /* RTPREF_MEDIUM has to be 0! */
120 #define RTPREF_HIGH 1
121 #define RTPREF_MEDIUM 0
122 #define RTPREF_LOW (-1)
123 #define RTPREF_RESERVED (-2)
124 #define RTPREF_INVALID (-3) /* internal */
125
126 static void
defrouter_ref(struct nd_defrouter * dr)127 defrouter_ref(struct nd_defrouter *dr)
128 {
129
130 refcount_acquire(&dr->refcnt);
131 }
132
133 void
defrouter_rele(struct nd_defrouter * dr)134 defrouter_rele(struct nd_defrouter *dr)
135 {
136
137 if (refcount_release(&dr->refcnt))
138 free(dr, M_IP6NDP);
139 }
140
141 /*
142 * Remove a router from the global list and optionally stash it in a
143 * caller-supplied queue.
144 */
145 static void
defrouter_unlink(struct nd_defrouter * dr,struct nd6_drhead * drq)146 defrouter_unlink(struct nd_defrouter *dr, struct nd6_drhead *drq)
147 {
148
149 ND6_WLOCK_ASSERT();
150
151 TAILQ_REMOVE(&V_nd6_defrouter, dr, dr_entry);
152 V_nd6_list_genid++;
153 if (drq != NULL)
154 TAILQ_INSERT_TAIL(drq, dr, dr_entry);
155 }
156
157 /*
158 * Receive Router Solicitation Message - just for routers.
159 * Router solicitation/advertisement is mostly managed by userland program
160 * (rtadvd) so here we have no function like nd6_ra_output().
161 *
162 * Based on RFC 2461
163 */
164 void
nd6_rs_input(struct mbuf * m,int off,int icmp6len)165 nd6_rs_input(struct mbuf *m, int off, int icmp6len)
166 {
167 struct ifnet *ifp;
168 struct ip6_hdr *ip6;
169 struct nd_router_solicit *nd_rs;
170 struct in6_addr saddr6;
171 union nd_opts ndopts;
172 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
173 char *lladdr;
174 int lladdrlen;
175
176 ifp = m->m_pkthdr.rcvif;
177
178 /*
179 * Accept RS only when V_ip6_forwarding=1 and the interface has
180 * no ND6_IFF_ACCEPT_RTADV.
181 */
182 if (!V_ip6_forwarding || ifp->if_inet6->nd_flags & ND6_IFF_ACCEPT_RTADV)
183 goto freeit;
184
185 /* RFC 6980: Nodes MUST silently ignore fragments */
186 if(m->m_flags & M_FRAGMENTED)
187 goto freeit;
188
189 /* Sanity checks */
190 ip6 = mtod(m, struct ip6_hdr *);
191 if (__predict_false(ip6->ip6_hlim != 255)) {
192 ICMP6STAT_INC(icp6s_invlhlim);
193 nd6log((LOG_ERR,
194 "%s: invalid hlim (%d) from %s to %s on %s\n", __func__,
195 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
196 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
197 goto bad;
198 }
199
200 /*
201 * Don't update the neighbor cache, if src = ::.
202 * This indicates that the src has no IP address assigned yet.
203 */
204 saddr6 = ip6->ip6_src;
205 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6))
206 goto freeit;
207
208 if (m->m_len < off + icmp6len) {
209 m = m_pullup(m, off + icmp6len);
210 if (m == NULL) {
211 IP6STAT_INC(ip6s_exthdrtoolong);
212 return;
213 }
214 }
215 ip6 = mtod(m, struct ip6_hdr *);
216 nd_rs = (struct nd_router_solicit *)((caddr_t)ip6 + off);
217
218 icmp6len -= sizeof(*nd_rs);
219 nd6_option_init(nd_rs + 1, icmp6len, &ndopts);
220 if (nd6_options(&ndopts) < 0) {
221 nd6log((LOG_INFO,
222 "%s: invalid ND option, ignored\n", __func__));
223 /* nd6_options have incremented stats */
224 goto freeit;
225 }
226
227 lladdr = NULL;
228 lladdrlen = 0;
229 if (ndopts.nd_opts_src_lladdr) {
230 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
231 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
232 }
233
234 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
235 nd6log((LOG_INFO,
236 "%s: lladdrlen mismatch for %s (if %d, RS packet %d)\n",
237 __func__, ip6_sprintf(ip6bufs, &saddr6),
238 ifp->if_addrlen, lladdrlen - 2));
239 goto bad;
240 }
241
242 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_ROUTER_SOLICIT, 0);
243
244 freeit:
245 m_freem(m);
246 return;
247
248 bad:
249 ICMP6STAT_INC(icp6s_badrs);
250 m_freem(m);
251 }
252
253 void
nd6_ifnet_link_event(void * arg __unused,struct ifnet * ifp,int linkstate)254 nd6_ifnet_link_event(void *arg __unused, struct ifnet *ifp, int linkstate)
255 {
256
257 /*
258 * XXX-BZ we might want to trigger re-evaluation of our default router
259 * availability. E.g., on link down the default router might be
260 * unreachable but a different interface might still have connectivity.
261 */
262
263 }
264
265 static void
nd6_ra_opt_pi(struct nd_opt_hdr * pt,struct ifnet * ifp,struct nd_router_advert * nd_ra,struct nd_defrouter * dr,bool auth,bool mcast)266 nd6_ra_opt_pi(struct nd_opt_hdr *pt, struct ifnet *ifp,
267 struct nd_router_advert *nd_ra, struct nd_defrouter *dr,
268 bool auth, bool mcast)
269 {
270 struct nd_opt_prefix_info *pi = NULL;
271 struct nd_prefixctl pr;
272 char ip6bufs[INET6_ADDRSTRLEN];
273
274 if (pt->nd_opt_type != ND_OPT_PREFIX_INFORMATION)
275 return;
276
277 pi = (struct nd_opt_prefix_info *)pt;
278 if (pi->nd_opt_pi_len != 4) {
279 nd6log((LOG_INFO,
280 "%s: invalid option len %d for prefix "
281 "information option, ignored\n", __func__,
282 pi->nd_opt_pi_len));
283 return;
284 }
285
286 if (pi->nd_opt_pi_prefix_len > 128) {
287 nd6log((LOG_INFO,
288 "%s: invalid prefix len %d for prefix "
289 "information option, ignored\n", __func__,
290 pi->nd_opt_pi_prefix_len));
291 return;
292 }
293
294 if (IN6_IS_ADDR_MULTICAST(&pi->nd_opt_pi_prefix)
295 || IN6_IS_ADDR_LINKLOCAL(&pi->nd_opt_pi_prefix)) {
296 nd6log((LOG_INFO,
297 "%s: invalid prefix %s, ignored\n",
298 __func__, ip6_sprintf(ip6bufs,
299 &pi->nd_opt_pi_prefix)));
300 return;
301 }
302
303 bzero(&pr, sizeof(pr));
304 pr.ndpr_prefix.sin6_family = AF_INET6;
305 pr.ndpr_prefix.sin6_len = sizeof(pr.ndpr_prefix);
306 pr.ndpr_prefix.sin6_addr = pi->nd_opt_pi_prefix;
307 pr.ndpr_ifp = ifp;
308
309 pr.ndpr_raf_onlink = (pi->nd_opt_pi_flags_reserved &
310 ND_OPT_PI_FLAG_ONLINK) ? 1 : 0;
311 pr.ndpr_raf_auto = (pi->nd_opt_pi_flags_reserved &
312 ND_OPT_PI_FLAG_AUTO) ? 1 : 0;
313 pr.ndpr_plen = pi->nd_opt_pi_prefix_len;
314 pr.ndpr_vltime = ntohl(pi->nd_opt_pi_valid_time);
315 pr.ndpr_pltime = ntohl(pi->nd_opt_pi_preferred_time);
316 prelist_update(&pr, dr, auth, mcast);
317 }
318
319 static void
nd6_ra_opt_rti(struct nd_opt_hdr * hdr,struct ifnet * ifp,struct in6_addr saddr6,struct nd_defrouter * dr)320 nd6_ra_opt_rti(struct nd_opt_hdr *hdr, struct ifnet *ifp,
321 struct in6_addr saddr6, struct nd_defrouter *dr)
322 {
323 struct nd_opt_route_info *rti = NULL;
324 struct nd_routectl rt;
325 struct in6_addr prefix, netmask;
326 char ip6bufs[INET6_ADDRSTRLEN];
327 int olen;
328 uint8_t pref;
329
330 if (hdr->nd_opt_type != ND_OPT_ROUTE_INFO)
331 return;
332
333 /* RFC 4191 section 2.3, Field validation */
334 rti = (struct nd_opt_route_info *)hdr;
335 if (rti->nd_opt_rti_len == 0 || rti->nd_opt_rti_len > 3) {
336 nd6log((LOG_INFO,
337 "%s: invalid option len %d for route "
338 "information option, ignored\n", __func__,
339 rti->nd_opt_rti_len));
340 return;
341 }
342 if (rti->nd_opt_rti_prefixlen > 128 ||
343 (rti->nd_opt_rti_prefixlen > 64 && rti->nd_opt_rti_len != 3) ||
344 (rti->nd_opt_rti_prefixlen > 0 && rti->nd_opt_rti_len < 2)) {
345 nd6log((LOG_INFO,
346 "%s: invalid prefix len %d with option len %d for route "
347 "information option, ignored\n", __func__,
348 rti->nd_opt_rti_prefixlen, rti->nd_opt_rti_len));
349 return;
350 }
351 pref = rti->nd_opt_rti_flags & ND_OPT_RTI_FLAG_PRF_MASK;
352 if ((pref & ND_RA_FLAG_RTPREF_RSV) != 0) {
353 nd6log((LOG_INFO,
354 "%s: reserved preference %d for route "
355 "information option, ignored\n", __func__,
356 pref));
357 return;
358 }
359
360 /*
361 * RFC 4191 section 2.3: The bits in the prefix after
362 * the prefix length (if any) are reserved and MUST be
363 * initialized to zero by the sender and ignored by the receiver.
364 */
365 memset(&prefix, 0, sizeof(prefix));
366 /*
367 * Calculate the variable length of the option and copy the remaining
368 * length into the prefix.
369 * The resulting value cannot exceed the size of struct in6_addr
370 * since the option length is limited to 3 (24 bytes).
371 */
372 olen = (rti->nd_opt_rti_len << 3) - sizeof(struct nd_opt_route_info);
373 memcpy(&prefix, (char *)rti + sizeof(struct nd_opt_route_info), olen);
374 in6_prefixlen2mask(&netmask, rti->nd_opt_rti_prefixlen);
375 IN6_MASK_ADDR(&prefix, &netmask);
376 if (IN6_IS_ADDR_MULTICAST(&prefix) || IN6_IS_ADDR_LINKLOCAL(&prefix)) {
377 nd6log((LOG_INFO, "%s: invalid prefix %s, ignored\n",
378 __func__, ip6_sprintf(ip6bufs, &prefix)));
379 return;
380 }
381
382 /*
383 * RFC 4191 section 3.1: The Router Preference and Lifetime
384 * values in a ::/0 Route Information Option override the
385 * preference and lifetime values in the Router Advertisement header.
386 */
387 if (rti->nd_opt_rti_prefixlen == 0 && dr != NULL) {
388 /*
389 * We may disable routes from RA messages when
390 * ND6_IFF_NO_RADR enabled on the receiving interface or
391 * (ip6.forwarding == 1 && ip6.rfc6204w3 != 1).
392 * Therefore, don't overwrite it.
393 */
394 if (dr->rtlifetime == 0)
395 return;
396 /*
397 * XXXPO: ignore rti lifetime bigger than uint16_max until
398 * we update the dr structure size to uint32_t.
399 */
400 if (ntohl(rti->nd_opt_rti_lifetime) > UINT16_MAX)
401 return;
402 dr->rtlifetime = ntohl(rti->nd_opt_rti_lifetime);
403 dr->expire = time_uptime + dr->rtlifetime;
404 dr->raflags &= ~ND_OPT_RTI_FLAG_PRF_MASK;
405 dr->raflags |= pref;
406 nd6log((LOG_INFO,
407 "%s: override default route with route information option\n",
408 __func__));
409 return;
410 }
411
412 memset(&rt, 0, sizeof(rt));
413 rt.ndrt_ifp = ifp;
414 rt.ndrt_prefix.sin6_len = sizeof(struct sockaddr_in6);
415 rt.ndrt_prefix.sin6_family = AF_INET6;
416 rt.ndrt_prefix.sin6_addr = prefix;
417 rt.ndrt_gateway.sin6_len = sizeof(struct sockaddr_in6);
418 rt.ndrt_gateway.sin6_family = AF_INET6;
419 rt.ndrt_gateway.sin6_addr = saddr6;
420 rt.ndrt_mask.sin6_len = sizeof(struct sockaddr_in6);
421 rt.ndrt_mask.sin6_family = AF_INET6;
422 rt.ndrt_mask.sin6_addr = netmask;
423 rt.ndrt_plen = rti->nd_opt_rti_prefixlen;
424 rt.ndrt_flags = rti->nd_opt_rti_flags;
425 rt.ndrt_lifetime = ntohl(rti->nd_opt_rti_lifetime);
426 (void)nd6_routelist_update(&rt);
427 }
428
429 static void
nd6_ra_opt_mtu(struct nd_opt_mtu * optmtu,struct ifnet * ifp,struct in6_addr saddr6)430 nd6_ra_opt_mtu(struct nd_opt_mtu *optmtu, struct ifnet *ifp,
431 struct in6_addr saddr6)
432 {
433 struct in6_ifextra *ndi;
434 char ip6bufs[INET6_ADDRSTRLEN];
435 uint32_t mtu, maxmtu;
436
437 ndi = ifp->if_inet6;
438
439 if (optmtu->nd_opt_mtu_len != 1)
440 return;
441 mtu = (uint32_t)ntohl(optmtu->nd_opt_mtu_mtu);
442 /* lower bound */
443 if (mtu < IPV6_MMTU) {
444 nd6log((LOG_INFO, "%s: bogus mtu option mtu=%u sent from %s, "
445 "ignoring\n", __func__, mtu, ip6_sprintf(ip6bufs, &saddr6)));
446 return;
447 }
448
449 /* upper bound */
450 maxmtu = (ndi->nd_maxmtu && ndi->nd_maxmtu < ifp->if_mtu)
451 ? ndi->nd_maxmtu : ifp->if_mtu;
452 if (mtu <= maxmtu) {
453 if (ndi->nd_linkmtu != mtu) {
454 ndi->nd_linkmtu = mtu;
455 rt_updatemtu(ifp);
456 }
457 } else {
458 nd6log((LOG_INFO, "%s: bogus mtu=%u sent from %s; "
459 "exceeds maxmtu %u, ignoring\n", __func__,
460 mtu, ip6_sprintf(ip6bufs, &saddr6), maxmtu));
461 }
462 }
463
464 static int
nd6_ra_opt_src_lladdr(struct nd_opt_hdr * opthdr,struct ifnet * ifp,struct in6_addr saddr6)465 nd6_ra_opt_src_lladdr(struct nd_opt_hdr *opthdr, struct ifnet *ifp,
466 struct in6_addr saddr6)
467 {
468 char ip6bufs[INET6_ADDRSTRLEN];
469 char *lladdr = NULL;
470 int lladdrlen = 0;
471
472 if (opthdr != NULL) {
473 lladdr = (char *)(opthdr + 1);
474 lladdrlen = opthdr->nd_opt_len << 3;
475 }
476
477 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
478 nd6log((LOG_INFO,
479 "%s: lladdrlen mismatch for %s (if %d, RA packet %d)\n",
480 __func__, ip6_sprintf(ip6bufs, &saddr6),
481 ifp->if_addrlen, lladdrlen - 2));
482 return (-1);
483 }
484
485 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_ROUTER_ADVERT, 0);
486
487 /*
488 * Installing a link-layer address might change the state of the
489 * router's neighbor cache, which might also affect our on-link
490 * detection of adveritsed prefixes.
491 */
492 pfxlist_onlink_check();
493 return (0);
494 }
495
496 /*
497 * Receive Router Advertisement Message.
498 *
499 * Based on RFC 2461
500 * TODO: on-link bit on prefix information
501 * TODO: ND_RA_FLAG_{OTHER,MANAGED} processing
502 */
503 void
nd6_ra_input(struct mbuf * m,int off,int icmp6len)504 nd6_ra_input(struct mbuf *m, int off, int icmp6len)
505 {
506 struct ifnet *ifp;
507 struct in6_ifextra *ndi;
508 struct ip6_hdr *ip6;
509 struct nd_router_advert *nd_ra;
510 struct nd_opt_hdr *pt, *rti;
511 struct in6_addr saddr6;
512 struct nd_defrouter dr0, *dr;
513 union nd_opts ndopts;
514 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
515 uint32_t advreachable;
516 bool mcast, auth;
517
518 /*
519 * We only accept RAs only when the per-interface flag
520 * ND6_IFF_ACCEPT_RTADV is on the receiving interface.
521 */
522 ifp = m->m_pkthdr.rcvif;
523 ndi = ifp->if_inet6;
524 if (!(ndi->nd_flags & ND6_IFF_ACCEPT_RTADV))
525 goto freeit;
526
527 /* RFC 6980: Nodes MUST silently ignore fragments */
528 if(m->m_flags & M_FRAGMENTED)
529 goto freeit;
530
531 ip6 = mtod(m, struct ip6_hdr *);
532 /* RFC 4861 section 6.1.2: hlim must be 255 */
533 if (__predict_false(ip6->ip6_hlim != 255)) {
534 ICMP6STAT_INC(icp6s_invlhlim);
535 nd6log((LOG_ERR,
536 "%s: invalid hlim (%d) from %s to %s on %s\n", __func__,
537 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
538 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
539 goto bad;
540 }
541
542 saddr6 = ip6->ip6_src;
543 /* RFC 4861 section 6.1.2: source address must be link-local */
544 if (!IN6_IS_ADDR_LINKLOCAL(&saddr6)) {
545 nd6log((LOG_ERR,
546 "%s: src %s is not link-local\n", __func__,
547 ip6_sprintf(ip6bufs, &saddr6)));
548 goto bad;
549 }
550
551 if (m->m_len < off + icmp6len) {
552 m = m_pullup(m, off + icmp6len);
553 if (m == NULL) {
554 IP6STAT_INC(ip6s_exthdrtoolong);
555 return;
556 }
557 }
558 nd_ra = (struct nd_router_advert *)((caddr_t)ip6 + off);
559
560 icmp6len -= sizeof(*nd_ra);
561 nd6_option_init(nd_ra + 1, icmp6len, &ndopts);
562 if (nd6_options(&ndopts) < 0) {
563 nd6log((LOG_INFO,
564 "%s: invalid ND option, ignored\n", __func__));
565 /* nd6_options have incremented stats */
566 goto freeit;
567 }
568
569 dr = NULL;
570 mcast = false;
571 /* remember if this is a multicasted advertisement */
572 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst))
573 mcast = true;
574
575 bzero(&dr0, sizeof(dr0));
576 dr0.rtaddr = saddr6;
577 dr0.raflags = nd_ra->nd_ra_flags_reserved;
578 /*
579 * Effectively-disable routes from RA messages when
580 * ND6_IFF_NO_RADR enabled on the receiving interface or
581 * (ip6.forwarding == 1 && ip6.rfc6204w3 != 1).
582 */
583 if ((ndi->nd_flags & ND6_IFF_NO_RADR) ||
584 (V_ip6_forwarding && !V_ip6_rfc6204w3))
585 dr0.rtlifetime = 0;
586 else
587 dr0.rtlifetime = ntohs(nd_ra->nd_ra_router_lifetime);
588 dr0.expire = time_uptime + dr0.rtlifetime;
589 dr0.ifp = ifp;
590 /*
591 * RFC 4861 6.3.4: RA fields such as Cur Hop Limit,
592 * Reachable Time, and Retrans Timer may be unspecified.
593 * In such cases, the parameter should be ignored.
594 */
595 if (nd_ra->nd_ra_reachable) {
596 advreachable = ntohl(nd_ra->nd_ra_reachable);
597 if (advreachable <= MAX_REACHABLE_TIME &&
598 ndi->nd_basereachable != advreachable) {
599 ndi->nd_basereachable = advreachable;
600 ndi->nd_reachable =
601 ND_COMPUTE_RTIME(ndi->nd_basereachable);
602 ndi->nd_recalc_timer = V_nd6_recalc_reachtm_interval;
603 }
604 }
605 if (nd_ra->nd_ra_retransmit)
606 ndi->nd_retrans = ntohl(nd_ra->nd_ra_retransmit);
607 if (nd_ra->nd_ra_curhoplimit) {
608 if (ndi->nd_curhoplimit < nd_ra->nd_ra_curhoplimit)
609 ndi->nd_curhoplimit = nd_ra->nd_ra_curhoplimit;
610 else if (ndi->nd_curhoplimit != nd_ra->nd_ra_curhoplimit) {
611 log(LOG_ERR, "RA with a lower CurHopLimit sent from "
612 "%s on %s (current = %d, received = %d). "
613 "Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src),
614 if_name(ifp), ndi->nd_curhoplimit,
615 nd_ra->nd_ra_curhoplimit);
616 }
617 }
618 /* Route Information */
619 if (ndopts.nd_opts_rti != NULL) {
620 for (rti = (struct nd_opt_hdr *)ndopts.nd_opts_rti;
621 rti <= (struct nd_opt_hdr *)ndopts.nd_opts_rti_end;
622 rti = (struct nd_opt_hdr *)((char *)rti +
623 (rti->nd_opt_len << 3))) {
624 nd6_ra_opt_rti(rti, ifp, saddr6, &dr0);
625 }
626 }
627 dr = defrtrlist_update(&dr0);
628 /* Prefix Information */
629 if (ndopts.nd_opts_pi != NULL) {
630 /*
631 * Authenticity for NA consists authentication for
632 * both IP header and IP datagrams, doesn't it ?
633 */
634 auth = ((m->m_flags & M_AUTHIPHDR) && (m->m_flags & M_AUTHIPDGM));
635 for (pt = (struct nd_opt_hdr *)ndopts.nd_opts_pi;
636 pt <= (struct nd_opt_hdr *)ndopts.nd_opts_pi_end;
637 pt = (struct nd_opt_hdr *)((caddr_t)pt +
638 (pt->nd_opt_len << 3))) {
639 nd6_ra_opt_pi(pt, ifp, nd_ra, dr, auth, mcast);
640 }
641 }
642 if (dr != NULL) {
643 defrouter_rele(dr);
644 dr = NULL;
645 }
646
647 /* MTU */
648 if (ndopts.nd_opts_mtu != NULL)
649 nd6_ra_opt_mtu(ndopts.nd_opts_mtu, ifp, saddr6);
650
651 /* Source link layer address */
652 if (nd6_ra_opt_src_lladdr(ndopts.nd_opts_src_lladdr, ifp, saddr6) != 0)
653 goto bad;
654
655 freeit:
656 m_freem(m);
657 return;
658
659 bad:
660 ICMP6STAT_INC(icp6s_badra);
661 m_freem(m);
662 }
663
664 /* PFXRTR */
665 static struct nd_pfxrouter *
pfxrtr_lookup(struct nd_prefix * pr,struct nd_defrouter * dr)666 pfxrtr_lookup(struct nd_prefix *pr, struct nd_defrouter *dr)
667 {
668 struct nd_pfxrouter *search;
669
670 ND6_LOCK_ASSERT();
671
672 LIST_FOREACH(search, &pr->ndpr_advrtrs, pfr_entry) {
673 if (search->router == dr)
674 break;
675 }
676 return (search);
677 }
678
679 static void
pfxrtr_add(struct nd_prefix * pr,struct nd_defrouter * dr)680 pfxrtr_add(struct nd_prefix *pr, struct nd_defrouter *dr)
681 {
682 struct nd_pfxrouter *new;
683 bool update;
684
685 ND6_UNLOCK_ASSERT();
686
687 ND6_RLOCK();
688 if (pfxrtr_lookup(pr, dr) != NULL) {
689 ND6_RUNLOCK();
690 return;
691 }
692 ND6_RUNLOCK();
693
694 new = malloc(sizeof(*new), M_IP6NDP, M_NOWAIT | M_ZERO);
695 if (new == NULL)
696 return;
697 defrouter_ref(dr);
698 new->router = dr;
699
700 ND6_WLOCK();
701 if (pfxrtr_lookup(pr, dr) == NULL) {
702 LIST_INSERT_HEAD(&pr->ndpr_advrtrs, new, pfr_entry);
703 update = true;
704 } else {
705 /* We lost a race to add the reference. */
706 defrouter_rele(dr);
707 free(new, M_IP6NDP);
708 update = false;
709 }
710 ND6_WUNLOCK();
711
712 if (update)
713 pfxlist_onlink_check();
714 }
715
716 static void
pfxrtr_del(struct nd_pfxrouter * pfr)717 pfxrtr_del(struct nd_pfxrouter *pfr)
718 {
719
720 ND6_WLOCK_ASSERT();
721
722 LIST_REMOVE(pfr, pfr_entry);
723 defrouter_rele(pfr->router);
724 free(pfr, M_IP6NDP);
725 }
726
727 /* Default router list processing sub routines. */
728 static void
defrouter_addreq(struct nd_defrouter * new)729 defrouter_addreq(struct nd_defrouter *new)
730 {
731 uint32_t fibnum = new->ifp->if_fib;
732 struct rib_cmd_info rc = {};
733 int error = 0;
734
735 NET_EPOCH_ASSERT();
736
737 struct sockaddr_in6 gw = {
738 .sin6_family = AF_INET6,
739 .sin6_len = sizeof(struct sockaddr_in6),
740 .sin6_addr = new->rtaddr,
741 };
742
743 error = rib_add_default_route(fibnum, AF_INET6, new->ifp,
744 (struct sockaddr *)&gw, &rc);
745
746 if (error == 0) {
747 struct nhop_object *nh = nhop_select_func(rc.rc_nh_new, 0);
748 rt_routemsg(RTM_ADD, rc.rc_rt, nh, fibnum);
749 new->installed = 1;
750 }
751 }
752
753 /*
754 * Remove the default route for a given router.
755 * This is just a subroutine function for defrouter_select_fib(), and
756 * should not be called from anywhere else.
757 */
758 static void
defrouter_delreq(struct nd_defrouter * dr)759 defrouter_delreq(struct nd_defrouter *dr)
760 {
761 uint32_t fibnum = dr->ifp->if_fib;
762 struct epoch_tracker et;
763 struct rib_cmd_info rc;
764 int error;
765
766 struct sockaddr_in6 dst = {
767 .sin6_family = AF_INET6,
768 .sin6_len = sizeof(struct sockaddr_in6),
769 };
770
771 struct sockaddr_in6 gw = {
772 .sin6_family = AF_INET6,
773 .sin6_len = sizeof(struct sockaddr_in6),
774 .sin6_addr = dr->rtaddr,
775 };
776
777 NET_EPOCH_ENTER(et);
778 error = rib_del_route_px(fibnum, (struct sockaddr *)&dst, 0,
779 rib_match_gw, (struct sockaddr *)&gw, 0, &rc);
780 if (error == 0) {
781 struct nhop_object *nh = nhop_select_func(rc.rc_nh_old, 0);
782 rt_routemsg(RTM_DELETE, rc.rc_rt, nh, fibnum);
783 }
784 NET_EPOCH_EXIT(et);
785
786 dr->installed = 0;
787 }
788
789 static void
defrouter_del(struct nd_defrouter * dr)790 defrouter_del(struct nd_defrouter *dr)
791 {
792 struct nd_defrouter *deldr = NULL;
793 struct nd_prefix *pr;
794 struct nd_pfxrouter *pfxrtr;
795
796 ND6_UNLOCK_ASSERT();
797
798 /*
799 * Flush all the routing table entries that use the router
800 * as a next hop.
801 */
802 if (dr->ifp->if_inet6->nd_flags & ND6_IFF_ACCEPT_RTADV)
803 rt6_flush(&dr->rtaddr, dr->ifp);
804
805 if (dr->installed) {
806 deldr = dr;
807 defrouter_delreq(dr);
808 }
809
810 /*
811 * Also delete all the pointers to the router in each prefix lists.
812 */
813 ND6_WLOCK();
814 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
815 if ((pfxrtr = pfxrtr_lookup(pr, dr)) != NULL)
816 pfxrtr_del(pfxrtr);
817 }
818 ND6_WUNLOCK();
819
820 pfxlist_onlink_check();
821
822 /*
823 * If the router is the primary one, choose a new one.
824 * Note that defrouter_select_fib() will remove the current
825 * gateway from the routing table.
826 */
827 if (deldr)
828 defrouter_select_fib(deldr->ifp->if_fib);
829
830 /*
831 * Release the list reference.
832 */
833 defrouter_rele(dr);
834 }
835
836 struct nd_defrouter *
defrouter_lookup_locked(const struct in6_addr * addr,struct ifnet * ifp)837 defrouter_lookup_locked(const struct in6_addr *addr, struct ifnet *ifp)
838 {
839 struct nd_defrouter *dr;
840
841 ND6_LOCK_ASSERT();
842 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry)
843 if (dr->ifp == ifp && IN6_ARE_ADDR_EQUAL(addr, &dr->rtaddr)) {
844 defrouter_ref(dr);
845 return (dr);
846 }
847 return (NULL);
848 }
849
850 struct nd_defrouter *
defrouter_lookup(const struct in6_addr * addr,struct ifnet * ifp)851 defrouter_lookup(const struct in6_addr *addr, struct ifnet *ifp)
852 {
853 struct nd_defrouter *dr;
854
855 ND6_RLOCK();
856 dr = defrouter_lookup_locked(addr, ifp);
857 ND6_RUNLOCK();
858 return (dr);
859 }
860
861 /*
862 * Remove all default routes from default router list.
863 */
864 void
defrouter_reset(void)865 defrouter_reset(void)
866 {
867 struct nd_defrouter *dr, **dra;
868 int count, i;
869
870 count = i = 0;
871
872 /*
873 * We can't delete routes with the ND lock held, so make a copy of the
874 * current default router list and use that when deleting routes.
875 */
876 ND6_RLOCK();
877 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry)
878 count++;
879 ND6_RUNLOCK();
880
881 dra = malloc(count * sizeof(*dra), M_TEMP, M_WAITOK | M_ZERO);
882
883 ND6_RLOCK();
884 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry) {
885 if (i == count)
886 break;
887 defrouter_ref(dr);
888 dra[i++] = dr;
889 }
890 ND6_RUNLOCK();
891
892 for (i = 0; i < count && dra[i] != NULL; i++) {
893 defrouter_delreq(dra[i]);
894 defrouter_rele(dra[i]);
895 }
896 free(dra, M_TEMP);
897
898 /*
899 * XXX should we also nuke any default routers in the kernel, by
900 * going through them by rtalloc1()?
901 */
902 }
903
904 /*
905 * Look up a matching default router list entry and remove it. Returns true if a
906 * matching entry was found, false otherwise.
907 */
908 bool
defrouter_remove(struct in6_addr * addr,struct ifnet * ifp)909 defrouter_remove(struct in6_addr *addr, struct ifnet *ifp)
910 {
911 struct nd_defrouter *dr;
912
913 ND6_WLOCK();
914 dr = defrouter_lookup_locked(addr, ifp);
915 if (dr == NULL) {
916 ND6_WUNLOCK();
917 return (false);
918 }
919
920 defrouter_unlink(dr, NULL);
921 ND6_WUNLOCK();
922 defrouter_del(dr);
923 defrouter_rele(dr);
924 return (true);
925 }
926
927 /*
928 * for default router selection
929 * regards router-preference field as a 2-bit signed integer
930 */
931 static int
rtpref(struct nd_defrouter * dr)932 rtpref(struct nd_defrouter *dr)
933 {
934 switch (dr->raflags & ND_RA_FLAG_RTPREF_MASK) {
935 case ND_RA_FLAG_RTPREF_HIGH:
936 return (RTPREF_HIGH);
937 case ND_RA_FLAG_RTPREF_MEDIUM:
938 case ND_RA_FLAG_RTPREF_RSV:
939 return (RTPREF_MEDIUM);
940 case ND_RA_FLAG_RTPREF_LOW:
941 return (RTPREF_LOW);
942 default:
943 /*
944 * This case should never happen. If it did, it would mean a
945 * serious bug of kernel internal. We thus always bark here.
946 * Or, can we even panic?
947 */
948 log(LOG_ERR, "rtpref: impossible RA flag %x\n", dr->raflags);
949 return (RTPREF_INVALID);
950 }
951 /* NOTREACHED */
952 }
953
954 static bool
is_dr_reachable(const struct nd_defrouter * dr)955 is_dr_reachable(const struct nd_defrouter *dr) {
956 struct llentry *ln = NULL;
957
958 ln = nd6_lookup(&dr->rtaddr, LLE_SF(AF_INET6, 0), dr->ifp);
959 if (ln == NULL)
960 return (false);
961 bool reachable = ND6_IS_LLINFO_PROBREACH(ln);
962 LLE_RUNLOCK(ln);
963 return reachable;
964 }
965
966 /*
967 * Default Router Selection according to Section 6.3.6 of RFC 2461 and
968 * draft-ietf-ipngwg-router-selection:
969 * 1) Routers that are reachable or probably reachable should be preferred.
970 * If we have more than one (probably) reachable router, prefer ones
971 * with the highest router preference.
972 * 2) When no routers on the list are known to be reachable or
973 * probably reachable, routers SHOULD be selected in a round-robin
974 * fashion, regardless of router preference values.
975 * 3) If the Default Router List is empty, assume that all
976 * destinations are on-link.
977 *
978 * We assume nd_defrouter is sorted by router preference value.
979 * Since the code below covers both with and without router preference cases,
980 * we do not need to classify the cases by ifdef.
981 *
982 * At this moment, we do not try to install more than one default router,
983 * even when the multipath routing is available, because we're not sure about
984 * the benefits for stub hosts comparing to the risk of making the code
985 * complicated and the possibility of introducing bugs.
986 *
987 * We maintain a single list of routers for multiple FIBs, only considering one
988 * at a time based on the receiving interface's FIB. If @fibnum is RT_ALL_FIBS,
989 * we do the whole thing multiple times.
990 */
991 void
defrouter_select_fib(int fibnum)992 defrouter_select_fib(int fibnum)
993 {
994 struct epoch_tracker et;
995 struct nd_defrouter *dr, *selected_dr, *installed_dr;
996
997 if (fibnum == RT_ALL_FIBS) {
998 for (fibnum = 0; fibnum < rt_numfibs; fibnum++) {
999 defrouter_select_fib(fibnum);
1000 }
1001 return;
1002 }
1003
1004 ND6_RLOCK();
1005 /*
1006 * Let's handle easy case (3) first:
1007 * If default router list is empty, there's nothing to be done.
1008 */
1009 if (TAILQ_EMPTY(&V_nd6_defrouter)) {
1010 ND6_RUNLOCK();
1011 return;
1012 }
1013
1014 /*
1015 * Search for a (probably) reachable router from the list.
1016 * We just pick up the first reachable one (if any), assuming that
1017 * the ordering rule of the list described in defrtrlist_update().
1018 */
1019 selected_dr = installed_dr = NULL;
1020 NET_EPOCH_ENTER(et);
1021 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry) {
1022 if (dr->ifp->if_fib != fibnum)
1023 continue;
1024
1025 if (selected_dr == NULL && is_dr_reachable(dr)) {
1026 selected_dr = dr;
1027 defrouter_ref(selected_dr);
1028 }
1029
1030 if (dr->installed) {
1031 if (installed_dr == NULL) {
1032 installed_dr = dr;
1033 defrouter_ref(installed_dr);
1034 } else {
1035 /*
1036 * this should not happen.
1037 * warn for diagnosis.
1038 */
1039 log(LOG_ERR, "defrouter_select_fib: more than "
1040 "one router is installed\n");
1041 }
1042 }
1043 }
1044
1045 /*
1046 * If none of the default routers was found to be reachable,
1047 * round-robin the list regardless of preference.
1048 * Otherwise, if we have an installed router, check if the selected
1049 * (reachable) router should really be preferred to the installed one.
1050 * We only prefer the new router when the old one is not reachable
1051 * or when the new one has a really higher preference value.
1052 */
1053 if (selected_dr == NULL) {
1054 if (installed_dr == NULL ||
1055 TAILQ_NEXT(installed_dr, dr_entry) == NULL)
1056 dr = TAILQ_FIRST(&V_nd6_defrouter);
1057 else
1058 dr = TAILQ_NEXT(installed_dr, dr_entry);
1059
1060 /* Ensure we select a router for this FIB. */
1061 TAILQ_FOREACH_FROM(dr, &V_nd6_defrouter, dr_entry) {
1062 if (dr->ifp->if_fib == fibnum) {
1063 selected_dr = dr;
1064 defrouter_ref(selected_dr);
1065 break;
1066 }
1067 }
1068 } else if (installed_dr != NULL) {
1069 if (is_dr_reachable(installed_dr) &&
1070 rtpref(selected_dr) <= rtpref(installed_dr)) {
1071 defrouter_rele(selected_dr);
1072 selected_dr = installed_dr;
1073 }
1074 }
1075 ND6_RUNLOCK();
1076
1077 /*
1078 * If we selected a router for this FIB and it's different
1079 * than the installed one, remove the installed router and
1080 * install the selected one in its place.
1081 */
1082 if (installed_dr != selected_dr) {
1083 if (installed_dr != NULL) {
1084 defrouter_delreq(installed_dr);
1085 defrouter_rele(installed_dr);
1086 }
1087 if (selected_dr != NULL)
1088 defrouter_addreq(selected_dr);
1089 }
1090 if (selected_dr != NULL)
1091 defrouter_rele(selected_dr);
1092 NET_EPOCH_EXIT(et);
1093 }
1094
1095 static struct nd_defrouter *
defrtrlist_update(struct nd_defrouter * new)1096 defrtrlist_update(struct nd_defrouter *new)
1097 {
1098 struct nd_defrouter *dr, *n;
1099 uint64_t genid;
1100 int oldpref;
1101 bool writelocked;
1102
1103 if (new->rtlifetime == 0) {
1104 defrouter_remove(&new->rtaddr, new->ifp);
1105 return (NULL);
1106 }
1107
1108 ND6_RLOCK();
1109 writelocked = false;
1110 restart:
1111 dr = defrouter_lookup_locked(&new->rtaddr, new->ifp);
1112 if (dr != NULL) {
1113 oldpref = rtpref(dr);
1114
1115 /* override */
1116 dr->raflags = new->raflags; /* XXX flag check */
1117 dr->rtlifetime = new->rtlifetime;
1118 dr->expire = new->expire;
1119
1120 /*
1121 * If the preference does not change, there's no need
1122 * to sort the entries. Also make sure the selected
1123 * router is still installed in the kernel.
1124 */
1125 if (dr->installed && rtpref(new) == oldpref) {
1126 if (writelocked)
1127 ND6_WUNLOCK();
1128 else
1129 ND6_RUNLOCK();
1130 return (dr);
1131 }
1132 }
1133
1134 /*
1135 * The router needs to be reinserted into the default router
1136 * list, so upgrade to a write lock. If that fails and the list
1137 * has potentially changed while the lock was dropped, we'll
1138 * redo the lookup with the write lock held.
1139 */
1140 if (!writelocked) {
1141 writelocked = true;
1142 if (!ND6_TRY_UPGRADE()) {
1143 genid = V_nd6_list_genid;
1144 ND6_RUNLOCK();
1145 ND6_WLOCK();
1146 if (genid != V_nd6_list_genid)
1147 goto restart;
1148 }
1149 }
1150
1151 if (dr != NULL) {
1152 /*
1153 * The preferred router may have changed, so relocate this
1154 * router.
1155 */
1156 TAILQ_REMOVE(&V_nd6_defrouter, dr, dr_entry);
1157 n = dr;
1158 } else {
1159 n = malloc(sizeof(*n), M_IP6NDP, M_NOWAIT | M_ZERO);
1160 if (n == NULL) {
1161 ND6_WUNLOCK();
1162 return (NULL);
1163 }
1164 memcpy(n, new, sizeof(*n));
1165 /* Initialize with an extra reference for the caller. */
1166 refcount_init(&n->refcnt, 2);
1167 }
1168
1169 /*
1170 * Insert the new router in the Default Router List;
1171 * The Default Router List should be in the descending order
1172 * of router-preferece. Routers with the same preference are
1173 * sorted in the arriving time order.
1174 */
1175
1176 /* insert at the end of the group */
1177 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry) {
1178 if (rtpref(n) > rtpref(dr))
1179 break;
1180 }
1181 if (dr != NULL)
1182 TAILQ_INSERT_BEFORE(dr, n, dr_entry);
1183 else
1184 TAILQ_INSERT_TAIL(&V_nd6_defrouter, n, dr_entry);
1185 V_nd6_list_genid++;
1186 ND6_WUNLOCK();
1187
1188 defrouter_select_fib(new->ifp->if_fib);
1189
1190 return (n);
1191 }
1192
1193 static void
in6_init_prefix_ltimes(struct nd_prefix * ndpr)1194 in6_init_prefix_ltimes(struct nd_prefix *ndpr)
1195 {
1196 ndpr->ndpr_preferred = in6_expire_time(ndpr->ndpr_pltime);
1197 ndpr->ndpr_expire = in6_expire_time(ndpr->ndpr_vltime);
1198 }
1199
1200 static void
in6_init_address_ltimes(struct nd_prefix * new,struct in6_addrlifetime * lt6)1201 in6_init_address_ltimes(struct nd_prefix *new, struct in6_addrlifetime *lt6)
1202 {
1203 lt6->ia6t_preferred = in6_expire_time(lt6->ia6t_pltime);
1204 lt6->ia6t_expire = in6_expire_time(lt6->ia6t_vltime);
1205 }
1206
1207 static struct in6_ifaddr *
in6_ifadd(struct nd_prefixctl * pr,int mcast)1208 in6_ifadd(struct nd_prefixctl *pr, int mcast)
1209 {
1210 struct ifnet *ifp = pr->ndpr_ifp;
1211 struct ifaddr *ifa;
1212 struct in6_aliasreq ifra;
1213 struct in6_ifaddr *ia = NULL, *ib = NULL;
1214 int error, plen0;
1215 struct in6_addr *ifid_addr = NULL, mask, newaddr;
1216 int prefixlen = pr->ndpr_plen;
1217 int updateflags;
1218 char ip6buf[INET6_ADDRSTRLEN];
1219
1220 in6_prefixlen2mask(&mask, prefixlen);
1221
1222 /*
1223 * find a link-local address (will be interface ID).
1224 * Is it really mandatory? Theoretically, a global or a site-local
1225 * address can be configured without a link-local address, if we
1226 * have a unique interface identifier...
1227 *
1228 * it is not mandatory to have a link-local address, we can generate
1229 * interface identifier on the fly. we do this because:
1230 * (1) it should be the easiest way to find interface identifier.
1231 * (2) RFC2462 5.4 suggesting the use of the same interface identifier
1232 * for multiple addresses on a single interface, and possible shortcut
1233 * of DAD. we omitted DAD for this reason in the past.
1234 * (3) a user can prevent autoconfiguration of global address
1235 * by removing link-local address by hand (this is partly because we
1236 * don't have other way to control the use of IPv6 on an interface.
1237 * this has been our design choice - cf. NRL's "ifconfig auto").
1238 * (4) it is easier to manage when an interface has addresses
1239 * with the same interface identifier, than to have multiple addresses
1240 * with different interface identifiers.
1241 *
1242 * If using stable privacy generation, generate a new address with
1243 * the algorithm specified in RFC 7217 section 5
1244 */
1245
1246 /* make ifaddr */
1247 in6_prepare_ifra(&ifra, &pr->ndpr_prefix.sin6_addr, &mask);
1248
1249 if (ifp->if_inet6->nd_flags & ND6_IFF_STABLEADDR) {
1250 memcpy(&newaddr, &pr->ndpr_prefix.sin6_addr, sizeof(pr->ndpr_prefix.sin6_addr));
1251
1252 if(!in6_get_stableifid(ifp, &newaddr, prefixlen))
1253 return NULL;
1254 } else {
1255 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); /* 0 is OK? */
1256 if (ifa) {
1257 ib = (struct in6_ifaddr *)ifa;
1258 ifid_addr = &ib->ia_addr.sin6_addr;
1259
1260 /* prefixlen + ifidlen must be equal to 128 */
1261 plen0 = in6_mask2len(&ib->ia_prefixmask.sin6_addr, NULL);
1262 if (prefixlen != plen0) {
1263 ifa_free(ifa);
1264 ifid_addr = NULL;
1265 nd6log((LOG_DEBUG,
1266 "%s: wrong prefixlen for %s (prefix=%d ifid=%d)\n",
1267 __func__, if_name(ifp), prefixlen, 128 - plen0));
1268 }
1269 }
1270
1271 /* No suitable LL address, get the ifid directly */
1272 if (ifid_addr == NULL) {
1273 ifa = ifa_alloc(sizeof(struct in6_ifaddr), M_NOWAIT);
1274 if (ifa != NULL) {
1275 ib = (struct in6_ifaddr *)ifa;
1276 ifid_addr = &ib->ia_addr.sin6_addr;
1277 if(in6_get_ifid(ifp, NULL, ifid_addr) != 0) {
1278 nd6log((LOG_DEBUG,
1279 "%s: failed to get ifid for %s\n",
1280 __func__, if_name(ifp)));
1281 ifa_free(ifa);
1282 ifid_addr = NULL;
1283 }
1284 }
1285 }
1286
1287 if (ifid_addr == NULL) {
1288 nd6log((LOG_INFO,
1289 "%s: could not determine ifid for %s\n",
1290 __func__, if_name(ifp)));
1291 return NULL;
1292 }
1293
1294 memcpy(&newaddr, &ib->ia_addr.sin6_addr, sizeof(ib->ia_addr.sin6_addr));
1295 ifa_free(ifa);
1296 }
1297
1298 IN6_MASK_ADDR(&ifra.ifra_addr.sin6_addr, &mask);
1299 /* interface ID */
1300 ifra.ifra_addr.sin6_addr.s6_addr32[0] |= (newaddr.s6_addr32[0] & ~mask.s6_addr32[0]);
1301 ifra.ifra_addr.sin6_addr.s6_addr32[1] |= (newaddr.s6_addr32[1] & ~mask.s6_addr32[1]);
1302 ifra.ifra_addr.sin6_addr.s6_addr32[2] |= (newaddr.s6_addr32[2] & ~mask.s6_addr32[2]);
1303 ifra.ifra_addr.sin6_addr.s6_addr32[3] |= (newaddr.s6_addr32[3] & ~mask.s6_addr32[3]);
1304
1305 /* lifetimes. */
1306 ifra.ifra_lifetime.ia6t_vltime = pr->ndpr_vltime;
1307 ifra.ifra_lifetime.ia6t_pltime = pr->ndpr_pltime;
1308
1309 /* XXX: scope zone ID? */
1310
1311 ifra.ifra_flags |= IN6_IFF_AUTOCONF; /* obey autoconf */
1312
1313 /*
1314 * Make sure that we do not have this address already. This should
1315 * usually not happen, but we can still see this case, e.g., if we
1316 * have manually configured the exact address to be configured.
1317 */
1318 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp,
1319 &ifra.ifra_addr.sin6_addr);
1320 if (ifa != NULL) {
1321 ifa_free(ifa);
1322 /* this should be rare enough to make an explicit log */
1323 log(LOG_INFO, "in6_ifadd: %s is already configured\n",
1324 ip6_sprintf(ip6buf, &ifra.ifra_addr.sin6_addr));
1325 return (NULL);
1326 }
1327
1328 /*
1329 * Allocate ifaddr structure, link into chain, etc.
1330 * If we are going to create a new address upon receiving a multicasted
1331 * RA, we need to impose a random delay before starting DAD.
1332 * [draft-ietf-ipv6-rfc2462bis-02.txt, Section 5.4.2]
1333 */
1334 updateflags = 0;
1335 if (mcast)
1336 updateflags |= IN6_IFAUPDATE_DADDELAY;
1337 if ((error = in6_update_ifa(ifp, &ifra, NULL, updateflags)) != 0) {
1338 nd6log((LOG_ERR,
1339 "%s: failed to make ifaddr %s on %s (errno=%d)\n", __func__,
1340 ip6_sprintf(ip6buf, &ifra.ifra_addr.sin6_addr),
1341 if_name(ifp), error));
1342 return (NULL); /* ifaddr must not have been allocated. */
1343 }
1344
1345 ia = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr);
1346 /*
1347 * XXXRW: Assumption of non-NULLness here might not be true with
1348 * fine-grained locking -- should we validate it? Or just return
1349 * earlier ifa rather than looking it up again?
1350 */
1351 return (ia); /* this is always non-NULL and referenced. */
1352 }
1353
1354 static struct nd_prefix *
nd6_prefix_lookup_locked(struct nd_prefixctl * key)1355 nd6_prefix_lookup_locked(struct nd_prefixctl *key)
1356 {
1357 struct nd_prefix *search;
1358
1359 ND6_LOCK_ASSERT();
1360
1361 LIST_FOREACH(search, &V_nd_prefix, ndpr_entry) {
1362 if (key->ndpr_ifp == search->ndpr_ifp &&
1363 key->ndpr_plen == search->ndpr_plen &&
1364 in6_are_prefix_equal(&key->ndpr_prefix.sin6_addr,
1365 &search->ndpr_prefix.sin6_addr, key->ndpr_plen)) {
1366 nd6_prefix_ref(search);
1367 break;
1368 }
1369 }
1370 return (search);
1371 }
1372
1373 struct nd_prefix *
nd6_prefix_lookup(struct nd_prefixctl * key)1374 nd6_prefix_lookup(struct nd_prefixctl *key)
1375 {
1376 struct nd_prefix *search;
1377
1378 ND6_RLOCK();
1379 search = nd6_prefix_lookup_locked(key);
1380 ND6_RUNLOCK();
1381 return (search);
1382 }
1383
1384 void
nd6_prefix_ref(struct nd_prefix * pr)1385 nd6_prefix_ref(struct nd_prefix *pr)
1386 {
1387
1388 refcount_acquire(&pr->ndpr_refcnt);
1389 }
1390
1391 void
nd6_prefix_rele(struct nd_prefix * pr)1392 nd6_prefix_rele(struct nd_prefix *pr)
1393 {
1394
1395 if (refcount_release(&pr->ndpr_refcnt)) {
1396 KASSERT(LIST_EMPTY(&pr->ndpr_advrtrs),
1397 ("prefix %p has advertising routers", pr));
1398 free(pr, M_IP6NDP);
1399 }
1400 }
1401
1402 int
nd6_prelist_add(struct nd_prefixctl * pr,struct nd_prefix ** newp)1403 nd6_prelist_add(struct nd_prefixctl *pr, struct nd_prefix **newp)
1404 {
1405 struct nd_prefix *new;
1406 char ip6buf[INET6_ADDRSTRLEN];
1407 int error;
1408
1409 new = malloc(sizeof(*new), M_IP6NDP, M_NOWAIT | M_ZERO);
1410 if (new == NULL)
1411 return (ENOMEM);
1412 refcount_init(&new->ndpr_refcnt, newp != NULL ? 2 : 1);
1413 new->ndpr_ifp = pr->ndpr_ifp;
1414 new->ndpr_prefix = pr->ndpr_prefix;
1415 new->ndpr_plen = pr->ndpr_plen;
1416 new->ndpr_vltime = pr->ndpr_vltime;
1417 new->ndpr_pltime = pr->ndpr_pltime;
1418 new->ndpr_flags = pr->ndpr_flags;
1419 new->ndpr_lastupdate = time_uptime;
1420 in6_init_prefix_ltimes(new);
1421
1422 /* initialization */
1423 LIST_INIT(&new->ndpr_advrtrs);
1424 in6_prefixlen2mask(&new->ndpr_mask, new->ndpr_plen);
1425 /* make prefix in the canonical form */
1426 IN6_MASK_ADDR(&new->ndpr_prefix.sin6_addr, &new->ndpr_mask);
1427
1428 ND6_WLOCK();
1429 LIST_INSERT_HEAD(&V_nd_prefix, new, ndpr_entry);
1430 V_nd6_list_genid++;
1431 ND6_WUNLOCK();
1432
1433 /* ND_OPT_PI_FLAG_ONLINK processing */
1434 if (new->ndpr_raf_onlink) {
1435 struct epoch_tracker et;
1436
1437 ND6_ONLINK_LOCK();
1438 NET_EPOCH_ENTER(et);
1439 if ((error = nd6_prefix_onlink(new)) != 0) {
1440 nd6log((LOG_ERR, "%s: failed to make the prefix %s/%d "
1441 "on-link on %s (errno=%d)\n", __func__,
1442 ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr),
1443 pr->ndpr_plen, if_name(pr->ndpr_ifp), error));
1444 /* proceed anyway. XXX: is it correct? */
1445 }
1446 NET_EPOCH_EXIT(et);
1447 ND6_ONLINK_UNLOCK();
1448 }
1449
1450 if (newp != NULL)
1451 *newp = new;
1452 return (0);
1453 }
1454
1455 /*
1456 * Remove a prefix from the prefix list and optionally stash it in a
1457 * caller-provided list.
1458 *
1459 * The ND6 lock must be held.
1460 */
1461 void
nd6_prefix_unlink(struct nd_prefix * pr,struct nd_prhead * list)1462 nd6_prefix_unlink(struct nd_prefix *pr, struct nd_prhead *list)
1463 {
1464
1465 ND6_WLOCK_ASSERT();
1466
1467 LIST_REMOVE(pr, ndpr_entry);
1468 V_nd6_list_genid++;
1469 if (list != NULL)
1470 LIST_INSERT_HEAD(list, pr, ndpr_entry);
1471 }
1472
1473 /*
1474 * Free an unlinked prefix, first marking it off-link if necessary.
1475 */
1476 void
nd6_prefix_del(struct nd_prefix * pr)1477 nd6_prefix_del(struct nd_prefix *pr)
1478 {
1479 struct nd_pfxrouter *pfr, *next;
1480 int e;
1481 char ip6buf[INET6_ADDRSTRLEN];
1482
1483 KASSERT(pr->ndpr_addrcnt == 0,
1484 ("prefix %p has referencing addresses", pr));
1485 ND6_UNLOCK_ASSERT();
1486
1487 /*
1488 * Though these flags are now meaningless, we'd rather keep the value
1489 * of pr->ndpr_raf_onlink and pr->ndpr_raf_auto not to confuse users
1490 * when executing "ndp -p".
1491 */
1492 if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0) {
1493 ND6_ONLINK_LOCK();
1494 if ((e = nd6_prefix_offlink(pr)) != 0) {
1495 nd6log((LOG_ERR,
1496 "%s: failed to make the prefix %s/%d offlink on %s "
1497 "(errno=%d)\n", __func__,
1498 ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr),
1499 pr->ndpr_plen, if_name(pr->ndpr_ifp), e));
1500 /* what should we do? */
1501 }
1502 ND6_ONLINK_UNLOCK();
1503 }
1504
1505 /* Release references to routers that have advertised this prefix. */
1506 ND6_WLOCK();
1507 LIST_FOREACH_SAFE(pfr, &pr->ndpr_advrtrs, pfr_entry, next)
1508 pfxrtr_del(pfr);
1509 ND6_WUNLOCK();
1510
1511 nd6_prefix_rele(pr);
1512
1513 pfxlist_onlink_check();
1514 }
1515
1516 static void
nd6_prefix_update(struct nd_prefixctl * new,struct nd_prefix * pr)1517 nd6_prefix_update(struct nd_prefixctl *new, struct nd_prefix *pr)
1518 {
1519 int error;
1520 char ip6buf[INET6_ADDRSTRLEN];
1521
1522 /*
1523 * Update prefix information. Note that the on-link (L) bit
1524 * and the autonomous (A) bit should NOT be changed from 1
1525 * to 0.
1526 */
1527 if (new->ndpr_raf_onlink == 1)
1528 pr->ndpr_raf_onlink = 1;
1529 if (new->ndpr_raf_auto == 1)
1530 pr->ndpr_raf_auto = 1;
1531 if (new->ndpr_raf_onlink != 0) {
1532 pr->ndpr_vltime = new->ndpr_vltime;
1533 pr->ndpr_pltime = new->ndpr_pltime;
1534 in6_init_prefix_ltimes(pr);
1535 pr->ndpr_lastupdate = time_uptime;
1536 }
1537
1538 if (new->ndpr_raf_onlink != 0 &&
1539 (pr->ndpr_stateflags & NDPRF_ONLINK) == 0) {
1540 ND6_ONLINK_LOCK();
1541 if ((error = nd6_prefix_onlink(pr)) != 0) {
1542 nd6log((LOG_ERR,
1543 "%s: failed to make the prefix %s/%d "
1544 "on-link on %s (errno=%d)\n", __func__,
1545 ip6_sprintf(ip6buf,
1546 &pr->ndpr_prefix.sin6_addr),
1547 pr->ndpr_plen, if_name(pr->ndpr_ifp),
1548 error));
1549 /* proceed anyway. XXX: is it correct? */
1550 }
1551 ND6_ONLINK_UNLOCK();
1552 }
1553 }
1554
1555 /*
1556 * RFC 4862 5.5.3 (e): update the lifetimes according to the "two hours" rule
1557 * and the privacy extension.
1558 * We apply some clarifications in rfc2462bis:
1559 * - use remaininglifetime instead of storedlifetime as a variable name
1560 * - remove the dead code in the "two-hour" rule
1561 */
1562 static void
nd6_prefix_lifetime_update(struct nd_prefixctl * new,struct nd_prefix * pr,struct in6_ifaddr * ia6,bool auth)1563 nd6_prefix_lifetime_update(struct nd_prefixctl *new, struct nd_prefix *pr,
1564 struct in6_ifaddr *ia6, bool auth)
1565 {
1566 struct in6_addrlifetime lt6_tmp;
1567 uint32_t remaininglifetime;
1568
1569 NET_EPOCH_ASSERT();
1570
1571 #define TWOHOUR (120*60)
1572 lt6_tmp = ia6->ia6_lifetime;
1573 if (lt6_tmp.ia6t_vltime == ND6_INFINITE_LIFETIME)
1574 remaininglifetime = ND6_INFINITE_LIFETIME;
1575 else if (time_uptime - ia6->ia6_updatetime > lt6_tmp.ia6t_vltime)
1576 /* The case of "invalid" address. We should usually not see this case. */
1577 remaininglifetime = 0;
1578 else
1579 remaininglifetime = lt6_tmp.ia6t_vltime - (time_uptime - ia6->ia6_updatetime);
1580
1581 /* when not updating, keep the current stored lifetime. */
1582 lt6_tmp.ia6t_vltime = remaininglifetime;
1583
1584 if (TWOHOUR < new->ndpr_vltime || remaininglifetime < new->ndpr_vltime) {
1585 lt6_tmp.ia6t_vltime = new->ndpr_vltime;
1586 } else if (remaininglifetime <= TWOHOUR) {
1587 if (auth)
1588 lt6_tmp.ia6t_vltime = new->ndpr_vltime;
1589 } else {
1590 /* new->ndpr_vltime <= TWOHOUR && TWOHOUR < remaininglifetime */
1591 lt6_tmp.ia6t_vltime = TWOHOUR;
1592 }
1593
1594 /* The 2 hour rule is not imposed for preferred lifetime. */
1595 lt6_tmp.ia6t_pltime = new->ndpr_pltime;
1596
1597 in6_init_address_ltimes(pr, <6_tmp);
1598
1599 /*
1600 * We need to treat lifetimes for temporary addresses differently, according
1601 * to draft-ietf-ipv6-privacy-addrs-v2-01.txt 3.3 (1);
1602 * we only update the lifetimes when they are in the maximum intervals.
1603 */
1604 if ((ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) {
1605 uint32_t maxvltime, maxpltime, vltime;
1606
1607 vltime = time_uptime - ia6->ia6_createtime + V_ip6_desync_factor;
1608 if (V_ip6_temp_valid_lifetime > vltime)
1609 maxvltime = V_ip6_temp_valid_lifetime - vltime;
1610 else
1611 maxvltime = 0;
1612 if (V_ip6_temp_preferred_lifetime > vltime)
1613 maxpltime = V_ip6_temp_preferred_lifetime - vltime;
1614 else
1615 maxpltime = 0;
1616
1617 if (lt6_tmp.ia6t_vltime == ND6_INFINITE_LIFETIME ||
1618 lt6_tmp.ia6t_vltime > maxvltime)
1619 lt6_tmp.ia6t_vltime = maxvltime;
1620
1621 if (lt6_tmp.ia6t_pltime == ND6_INFINITE_LIFETIME ||
1622 lt6_tmp.ia6t_pltime > maxpltime)
1623 lt6_tmp.ia6t_pltime = maxpltime;
1624 }
1625 ia6->ia6_lifetime = lt6_tmp;
1626 ia6->ia6_updatetime = time_uptime;
1627 }
1628
1629 static void
prelist_update(struct nd_prefixctl * new,struct nd_defrouter * dr,bool auth,int mcast)1630 prelist_update(struct nd_prefixctl *new, struct nd_defrouter *dr,
1631 bool auth, int mcast)
1632 {
1633 struct in6_ifaddr *ia6 = NULL, *ia6_match = NULL;
1634 struct ifaddr *ifa;
1635 struct ifnet *ifp = new->ndpr_ifp;
1636 struct nd_prefix *pr;
1637 int error = 0;
1638 char ip6buf[INET6_ADDRSTRLEN];
1639 bool has_temporary = false;
1640
1641 NET_EPOCH_ASSERT();
1642
1643 /*
1644 * Address autoconfiguration based on Section 5.5.3 of RFC 4862.
1645 * 5.5.3 (a). Ignore the prefix without the A bit set.
1646 * 5.5.3 (b). the link-local prefix should have been ignored in nd6_ra_input.
1647 * 5.5.3 (c). Consistency check on lifetimes: pltime <= vltime.
1648 */
1649 if (new->ndpr_raf_auto == 0 ||
1650 new->ndpr_pltime > new->ndpr_vltime)
1651 return;
1652
1653 /* check if prefix already exists on the same interface */
1654 if ((pr = nd6_prefix_lookup(new)) != NULL)
1655 nd6_prefix_update(new, pr);
1656 else {
1657 if (new->ndpr_vltime == 0)
1658 return;
1659 if (new->ndpr_raf_onlink == 0 && new->ndpr_raf_auto == 0)
1660 return;
1661
1662 error = nd6_prelist_add(new, &pr);
1663 if (error != 0) {
1664 nd6log((LOG_NOTICE, "%s: nd6_prelist_add() failed for "
1665 "the prefix %s/%d on %s (errno=%d)\n", __func__,
1666 ip6_sprintf(ip6buf, &new->ndpr_prefix.sin6_addr),
1667 new->ndpr_plen, if_name(new->ndpr_ifp), error));
1668 /* we should just give up in this case. */
1669 return;
1670 }
1671
1672 /*
1673 * XXX: from the ND point of view, we can ignore a prefix
1674 * with the on-link bit being zero. However, we need a
1675 * prefix structure for references from autoconfigured
1676 * addresses. Thus, we explicitly make sure that the prefix
1677 * itself expires now.
1678 */
1679 if (pr->ndpr_raf_onlink == 0) {
1680 pr->ndpr_vltime = 0;
1681 pr->ndpr_pltime = 0;
1682 in6_init_prefix_ltimes(pr);
1683 }
1684 }
1685 if (dr != NULL)
1686 pfxrtr_add(pr, dr);
1687
1688 /*
1689 * 5.5.3 (d). If the prefix advertised is not equal to the prefix of
1690 * an address configured by stateless autoconfiguration already in the
1691 * list of addresses associated with the interface (where "equal"
1692 * means the two prefix lengths are the same and the first prefix-length
1693 * bits of the prefixes are identical),
1694 * and if the Valid Lifetime is not 0, form an address (and
1695 * add it to the list). We first check if we have a matching prefix.
1696 */
1697 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1698 struct in6_ifaddr *ia6;
1699
1700 if (ifa->ifa_addr->sa_family != AF_INET6)
1701 continue;
1702
1703 ia6 = (struct in6_ifaddr *)ifa;
1704 if ((ia6->ia6_flags & IN6_IFF_AUTOCONF) == 0)
1705 continue;
1706
1707 /*
1708 * Ignore the address if it is not associated with a prefix
1709 * or is associated with a prefix that is different from this
1710 * one. (pr is never NULL here)
1711 */
1712 if (ia6->ia6_ndpr != pr)
1713 continue;
1714
1715 /*
1716 * An already autoconfigured address matched.
1717 * Now that we are sure there is at least one matched address.
1718 */
1719 nd6_prefix_lifetime_update(new, pr, ia6, auth);
1720
1721 if ((ifp->if_inet6->nd_flags & ND6_IFF_STABLEADDR) != 0) {
1722 /*
1723 * if stable addresses (RFC 7217) are enabled, mark that
1724 * a temporary address has been found to avoid generating
1725 * uneeded extra ones.
1726 */
1727 if ((ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0)
1728 has_temporary = true;
1729
1730 /*
1731 * If using stable addresses (RFC 7217) and we still have retries
1732 * to perform, ignore addresses already marked as duplicated, since
1733 * a new one will be generated. Also ignore addresses marked as
1734 * temporary, since their generation is orthogonal to opaque stable ones.
1735 *
1736 * There is a small race condition, in that the dad_counter could be
1737 * incremented between here and when a new address is generated, but this
1738 * will cause that generation to fail and no further retries should happen.
1739 */
1740 if (atomic_load_int(&DAD_FAILURES(ifp)) <= V_ip6_stableaddr_maxretries &&
1741 (ia6->ia6_flags & (IN6_IFF_DUPLICATED | IN6_IFF_TEMPORARY)) != 0)
1742 continue;
1743 }
1744
1745 if (ia6_match == NULL) /* remember the first one */
1746 ia6_match = ia6;
1747 }
1748
1749 /*
1750 * 5.5.3 (d) (continued)
1751 * If no address matched and the valid lifetime is non-zero,
1752 * create a new address.
1753 */
1754 if (ia6_match == NULL && new->ndpr_vltime != 0) {
1755 int ifidlen;
1756
1757 /*
1758 * Prefix Length check:
1759 * If the sum of the prefix length and interface identifier
1760 * length does not equal 128 bits, the Prefix Information
1761 * option MUST be ignored. The length of the interface
1762 * identifier is defined in a separate link-type specific document.
1763 */
1764 ifidlen = in6_if2idlen(ifp);
1765 if (ifidlen + pr->ndpr_plen != 128) {
1766 nd6log((LOG_INFO, "%s: invalid prefixlen %d for %s, ignored\n",
1767 __func__, pr->ndpr_plen, if_name(ifp)));
1768 } else if ((ia6 = in6_ifadd(new, mcast)) != NULL) {
1769 /*
1770 * note that we should use pr (not new) for reference.
1771 */
1772 pr->ndpr_addrcnt++;
1773 ia6->ia6_ndpr = pr;
1774
1775 /*
1776 * RFC 3041 3.3 (2).
1777 * When a new public address is created as described
1778 * in RFC2462, also create a new temporary address.
1779 *
1780 * 3.5: When an interface connects to a new link, a new
1781 * randomized interface identifier should be generated
1782 * immediately together with a new set of temporary
1783 * addresses. Thus, we specifiy 1 as the 2nd arg of
1784 * in6_tmpifadd().
1785 *
1786 * Skip this if a temporary address has been marked as
1787 * found (happens only if stable addresses (RFC 7217) is in use)
1788 */
1789 if (V_ip6_use_tempaddr && !has_temporary) {
1790 int e;
1791 if ((e = in6_tmpifadd(ia6, 1, 1)) != 0) {
1792 nd6log((LOG_NOTICE,
1793 "%s: failed to create a temporary address (errno=%d)\n",
1794 __func__, e));
1795 }
1796 }
1797 ifa_free(&ia6->ia_ifa);
1798
1799 /*
1800 * A newly added address might affect the status
1801 * of other addresses, so we check and update it.
1802 * XXX: what if address duplication happens?
1803 */
1804 pfxlist_onlink_check();
1805 }
1806 }
1807
1808 nd6_prefix_rele(pr);
1809 }
1810
1811 /*
1812 * A supplement function used in the on-link detection below;
1813 * detect if a given prefix has a (probably) reachable advertising router.
1814 * XXX: lengthy function name...
1815 */
1816 static struct nd_pfxrouter *
find_pfxlist_reachable_router(struct nd_prefix * pr)1817 find_pfxlist_reachable_router(struct nd_prefix *pr)
1818 {
1819 struct epoch_tracker et;
1820 struct nd_pfxrouter *pfxrtr;
1821
1822 ND6_LOCK_ASSERT();
1823
1824 NET_EPOCH_ENTER(et);
1825 LIST_FOREACH(pfxrtr, &pr->ndpr_advrtrs, pfr_entry) {
1826 if (is_dr_reachable(pfxrtr->router))
1827 break;
1828 }
1829 NET_EPOCH_EXIT(et);
1830 return (pfxrtr);
1831 }
1832
1833 /*
1834 * Check if each prefix in the prefix list has at least one available router
1835 * that advertised the prefix (a router is "available" if its neighbor cache
1836 * entry is reachable or probably reachable).
1837 * If the check fails, the prefix may be off-link, because, for example,
1838 * we have moved from the network but the lifetime of the prefix has not
1839 * expired yet. So we should not use the prefix if there is another prefix
1840 * that has an available router.
1841 * But, if there is no prefix that has an available router, we still regard
1842 * all the prefixes as on-link. This is because we can't tell if all the
1843 * routers are simply dead or if we really moved from the network and there
1844 * is no router around us.
1845 */
1846 void
pfxlist_onlink_check(void)1847 pfxlist_onlink_check(void)
1848 {
1849 struct nd_prefix *pr;
1850 struct in6_ifaddr *ifa;
1851 struct nd_defrouter *dr;
1852 struct nd_pfxrouter *pfxrtr = NULL;
1853 struct rm_priotracker in6_ifa_tracker;
1854 uint64_t genid;
1855 uint32_t flags;
1856
1857 ND6_ONLINK_LOCK();
1858 ND6_RLOCK();
1859
1860 /*
1861 * Check if there is a prefix that has a reachable advertising
1862 * router.
1863 */
1864 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
1865 if (pr->ndpr_raf_onlink && find_pfxlist_reachable_router(pr))
1866 break;
1867 }
1868
1869 /*
1870 * If we have no such prefix, check whether we still have a router
1871 * that does not advertise any prefixes.
1872 */
1873 if (pr == NULL) {
1874 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry) {
1875 struct nd_prefix *pr0;
1876
1877 LIST_FOREACH(pr0, &V_nd_prefix, ndpr_entry) {
1878 if ((pfxrtr = pfxrtr_lookup(pr0, dr)) != NULL)
1879 break;
1880 }
1881 if (pfxrtr != NULL)
1882 break;
1883 }
1884 }
1885 if (pr != NULL || (!TAILQ_EMPTY(&V_nd6_defrouter) && pfxrtr == NULL)) {
1886 /*
1887 * There is at least one prefix that has a reachable router,
1888 * or at least a router which probably does not advertise
1889 * any prefixes. The latter would be the case when we move
1890 * to a new link where we have a router that does not provide
1891 * prefixes and we configure an address by hand.
1892 * Detach prefixes which have no reachable advertising
1893 * router, and attach other prefixes.
1894 */
1895 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
1896 /* XXX: a link-local prefix should never be detached */
1897 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr) ||
1898 pr->ndpr_raf_onlink == 0 ||
1899 pr->ndpr_raf_auto == 0)
1900 continue;
1901
1902 if ((pr->ndpr_stateflags & NDPRF_DETACHED) == 0 &&
1903 find_pfxlist_reachable_router(pr) == NULL)
1904 pr->ndpr_stateflags |= NDPRF_DETACHED;
1905 else if ((pr->ndpr_stateflags & NDPRF_DETACHED) != 0 &&
1906 find_pfxlist_reachable_router(pr) != NULL)
1907 pr->ndpr_stateflags &= ~NDPRF_DETACHED;
1908 }
1909 } else {
1910 /* there is no prefix that has a reachable router */
1911 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
1912 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr) ||
1913 pr->ndpr_raf_onlink == 0 ||
1914 pr->ndpr_raf_auto == 0)
1915 continue;
1916 pr->ndpr_stateflags &= ~NDPRF_DETACHED;
1917 }
1918 }
1919
1920 /*
1921 * Remove each interface route associated with a (just) detached
1922 * prefix, and reinstall the interface route for a (just) attached
1923 * prefix. Note that all attempt of reinstallation does not
1924 * necessarily success, when a same prefix is shared among multiple
1925 * interfaces. Such cases will be handled in nd6_prefix_onlink,
1926 * so we don't have to care about them.
1927 */
1928 restart:
1929 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
1930 char ip6buf[INET6_ADDRSTRLEN];
1931 int e;
1932
1933 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr) ||
1934 pr->ndpr_raf_onlink == 0 ||
1935 pr->ndpr_raf_auto == 0)
1936 continue;
1937
1938 flags = pr->ndpr_stateflags & (NDPRF_DETACHED | NDPRF_ONLINK);
1939 if (flags == 0 || flags == (NDPRF_DETACHED | NDPRF_ONLINK)) {
1940 genid = V_nd6_list_genid;
1941 ND6_RUNLOCK();
1942 if ((flags & NDPRF_ONLINK) != 0 &&
1943 (e = nd6_prefix_offlink(pr)) != 0) {
1944 nd6log((LOG_ERR,
1945 "%s: failed to make %s/%d offlink "
1946 "(errno=%d)\n", __func__,
1947 ip6_sprintf(ip6buf,
1948 &pr->ndpr_prefix.sin6_addr),
1949 pr->ndpr_plen, e));
1950 } else if ((flags & NDPRF_ONLINK) == 0 &&
1951 (e = nd6_prefix_onlink(pr)) != 0) {
1952 nd6log((LOG_ERR,
1953 "%s: failed to make %s/%d onlink "
1954 "(errno=%d)\n", __func__,
1955 ip6_sprintf(ip6buf,
1956 &pr->ndpr_prefix.sin6_addr),
1957 pr->ndpr_plen, e));
1958 }
1959 ND6_RLOCK();
1960 if (genid != V_nd6_list_genid)
1961 goto restart;
1962 }
1963 }
1964
1965 /*
1966 * Changes on the prefix status might affect address status as well.
1967 * Make sure that all addresses derived from an attached prefix are
1968 * attached, and that all addresses derived from a detached prefix are
1969 * detached. Note, however, that a manually configured address should
1970 * always be attached.
1971 * The precise detection logic is same as the one for prefixes.
1972 */
1973 IN6_IFADDR_RLOCK(&in6_ifa_tracker);
1974 CK_STAILQ_FOREACH(ifa, &V_in6_ifaddrhead, ia_link) {
1975 if (!(ifa->ia6_flags & IN6_IFF_AUTOCONF))
1976 continue;
1977
1978 if (ifa->ia6_ndpr == NULL) {
1979 /*
1980 * This can happen when we first configure the address
1981 * (i.e. the address exists, but the prefix does not).
1982 * XXX: complicated relationships...
1983 */
1984 continue;
1985 }
1986
1987 if (find_pfxlist_reachable_router(ifa->ia6_ndpr))
1988 break;
1989 }
1990 if (ifa) {
1991 CK_STAILQ_FOREACH(ifa, &V_in6_ifaddrhead, ia_link) {
1992 if ((ifa->ia6_flags & IN6_IFF_AUTOCONF) == 0)
1993 continue;
1994
1995 if (ifa->ia6_ndpr == NULL) /* XXX: see above. */
1996 continue;
1997
1998 if (find_pfxlist_reachable_router(ifa->ia6_ndpr)) {
1999 if (ifa->ia6_flags & IN6_IFF_DETACHED) {
2000 ifa->ia6_flags &= ~IN6_IFF_DETACHED;
2001 ifa->ia6_flags |= IN6_IFF_TENTATIVE;
2002 nd6_dad_start((struct ifaddr *)ifa, 0);
2003 }
2004 } else {
2005 ifa->ia6_flags |= IN6_IFF_DETACHED;
2006 }
2007 }
2008 } else {
2009 CK_STAILQ_FOREACH(ifa, &V_in6_ifaddrhead, ia_link) {
2010 if ((ifa->ia6_flags & IN6_IFF_AUTOCONF) == 0)
2011 continue;
2012
2013 if (ifa->ia6_flags & IN6_IFF_DETACHED) {
2014 ifa->ia6_flags &= ~IN6_IFF_DETACHED;
2015 ifa->ia6_flags |= IN6_IFF_TENTATIVE;
2016 /* Do we need a delay in this case? */
2017 nd6_dad_start((struct ifaddr *)ifa, 0);
2018 }
2019 }
2020 }
2021 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
2022 ND6_RUNLOCK();
2023 ND6_ONLINK_UNLOCK();
2024 }
2025
2026 /*
2027 * Add or remove interface route specified by @dst, @netmask and @ifp.
2028 * ifa can be NULL.
2029 * Returns 0 on success
2030 */
2031 static int
nd6_prefix_rtrequest(uint32_t fibnum,int cmd,struct sockaddr_in6 * dst,struct sockaddr_in6 * netmask,struct ifnet * ifp,struct ifaddr * ifa)2032 nd6_prefix_rtrequest(uint32_t fibnum, int cmd, struct sockaddr_in6 *dst,
2033 struct sockaddr_in6 *netmask, struct ifnet *ifp, struct ifaddr *ifa)
2034 {
2035 struct epoch_tracker et;
2036 int error;
2037
2038 /* Prepare gateway */
2039 struct sockaddr_dl_short sdl = {
2040 .sdl_family = AF_LINK,
2041 .sdl_len = sizeof(struct sockaddr_dl_short),
2042 .sdl_type = ifp->if_type,
2043 .sdl_index = ifp->if_index,
2044 };
2045
2046 struct rt_addrinfo info = {
2047 .rti_ifa = ifa,
2048 .rti_ifp = ifp,
2049 .rti_flags = RTF_PINNED | ((netmask != NULL) ? 0 : RTF_HOST),
2050 .rti_info = {
2051 [RTAX_DST] = (struct sockaddr *)dst,
2052 [RTAX_NETMASK] = (struct sockaddr *)netmask,
2053 [RTAX_GATEWAY] = (struct sockaddr *)&sdl,
2054 },
2055 };
2056 /* Don't set additional per-gw filters on removal */
2057
2058 NET_EPOCH_ENTER(et);
2059 error = rib_handle_ifaddr_info(fibnum, cmd, &info);
2060 NET_EPOCH_EXIT(et);
2061 return (error);
2062 }
2063
2064 static int
nd6_prefix_onlink_rtrequest(struct nd_prefix * pr,struct ifaddr * ifa)2065 nd6_prefix_onlink_rtrequest(struct nd_prefix *pr, struct ifaddr *ifa)
2066 {
2067 int error;
2068
2069 struct sockaddr_in6 mask6 = {
2070 .sin6_family = AF_INET6,
2071 .sin6_len = sizeof(struct sockaddr_in6),
2072 .sin6_addr = pr->ndpr_mask,
2073 };
2074 struct sockaddr_in6 *pmask6 = (pr->ndpr_plen != 128) ? &mask6 : NULL;
2075
2076 error = nd6_prefix_rtrequest(pr->ndpr_ifp->if_fib, RTM_ADD,
2077 &pr->ndpr_prefix, pmask6, pr->ndpr_ifp, ifa);
2078 if (error == 0)
2079 pr->ndpr_stateflags |= NDPRF_ONLINK;
2080
2081 return (error);
2082 }
2083
2084 static int
nd6_prefix_onlink(struct nd_prefix * pr)2085 nd6_prefix_onlink(struct nd_prefix *pr)
2086 {
2087 struct epoch_tracker et;
2088 struct ifaddr *ifa;
2089 struct ifnet *ifp = pr->ndpr_ifp;
2090 struct nd_prefix *opr;
2091 char ip6buf[INET6_ADDRSTRLEN];
2092 int error;
2093
2094 ND6_ONLINK_LOCK_ASSERT();
2095 ND6_UNLOCK_ASSERT();
2096
2097 if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0)
2098 return (EEXIST);
2099
2100 /*
2101 * Add the interface route associated with the prefix. Before
2102 * installing the route, check if there's the same prefix on another
2103 * interface, and the prefix has already installed the interface route.
2104 * Although such a configuration is expected to be rare, we explicitly
2105 * allow it.
2106 */
2107 ND6_RLOCK();
2108 LIST_FOREACH(opr, &V_nd_prefix, ndpr_entry) {
2109 if (opr == pr)
2110 continue;
2111
2112 if ((opr->ndpr_stateflags & NDPRF_ONLINK) == 0)
2113 continue;
2114
2115 if (!V_rt_add_addr_allfibs &&
2116 opr->ndpr_ifp->if_fib != pr->ndpr_ifp->if_fib)
2117 continue;
2118
2119 if (opr->ndpr_plen == pr->ndpr_plen &&
2120 in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr,
2121 &opr->ndpr_prefix.sin6_addr, pr->ndpr_plen)) {
2122 ND6_RUNLOCK();
2123 return (0);
2124 }
2125 }
2126 ND6_RUNLOCK();
2127
2128 /*
2129 * We prefer link-local addresses as the associated interface address.
2130 */
2131 /* search for a link-local addr */
2132 NET_EPOCH_ENTER(et);
2133 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp,
2134 IN6_IFF_NOTREADY | IN6_IFF_ANYCAST);
2135 if (ifa == NULL) {
2136 /* XXX: freebsd does not have ifa_ifwithaf */
2137 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
2138 if (ifa->ifa_addr->sa_family == AF_INET6) {
2139 ifa_ref(ifa);
2140 break;
2141 }
2142 }
2143 /* should we care about ia6_flags? */
2144 }
2145 if (ifa == NULL) {
2146 /*
2147 * This can still happen, when, for example, we receive an RA
2148 * containing a prefix with the L bit set and the A bit clear,
2149 * after removing all IPv6 addresses on the receiving
2150 * interface. This should, of course, be rare though.
2151 */
2152 nd6log((LOG_NOTICE,
2153 "%s: failed to find any ifaddr to add route for a "
2154 "prefix(%s/%d) on %s\n", __func__,
2155 ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr),
2156 pr->ndpr_plen, if_name(ifp)));
2157 error = 0;
2158 } else {
2159 error = nd6_prefix_onlink_rtrequest(pr, ifa);
2160 ifa_free(ifa);
2161 }
2162 NET_EPOCH_EXIT(et);
2163
2164 return (error);
2165 }
2166
2167 int
nd6_prefix_offlink(struct nd_prefix * pr)2168 nd6_prefix_offlink(struct nd_prefix *pr)
2169 {
2170 int error = 0;
2171 struct ifnet *ifp = pr->ndpr_ifp;
2172 struct nd_prefix *opr;
2173 char ip6buf[INET6_ADDRSTRLEN];
2174 uint64_t genid;
2175 int a_failure;
2176
2177 ND6_ONLINK_LOCK_ASSERT();
2178 ND6_UNLOCK_ASSERT();
2179
2180 if ((pr->ndpr_stateflags & NDPRF_ONLINK) == 0)
2181 return (EEXIST);
2182
2183 struct sockaddr_in6 mask6 = {
2184 .sin6_family = AF_INET6,
2185 .sin6_len = sizeof(struct sockaddr_in6),
2186 .sin6_addr = pr->ndpr_mask,
2187 };
2188 struct sockaddr_in6 *pmask6 = (pr->ndpr_plen != 128) ? &mask6 : NULL;
2189
2190 error = nd6_prefix_rtrequest(ifp->if_fib, RTM_DELETE,
2191 &pr->ndpr_prefix, pmask6, ifp, NULL);
2192
2193 a_failure = 1;
2194 if (error == 0) {
2195 pr->ndpr_stateflags &= ~NDPRF_ONLINK;
2196
2197 /*
2198 * There might be the same prefix on another interface,
2199 * the prefix which could not be on-link just because we have
2200 * the interface route (see comments in nd6_prefix_onlink).
2201 * If there's one, try to make the prefix on-link on the
2202 * interface.
2203 */
2204 ND6_RLOCK();
2205 restart:
2206 LIST_FOREACH(opr, &V_nd_prefix, ndpr_entry) {
2207 /*
2208 * KAME specific: detached prefixes should not be
2209 * on-link.
2210 */
2211 if (opr == pr || (opr->ndpr_stateflags &
2212 (NDPRF_ONLINK | NDPRF_DETACHED)) != 0)
2213 continue;
2214
2215 if (opr->ndpr_plen == pr->ndpr_plen &&
2216 in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr,
2217 &opr->ndpr_prefix.sin6_addr, pr->ndpr_plen)) {
2218 int e;
2219
2220 genid = V_nd6_list_genid;
2221 ND6_RUNLOCK();
2222 if ((e = nd6_prefix_onlink(opr)) != 0) {
2223 nd6log((LOG_ERR,
2224 "%s: failed to recover a prefix "
2225 "%s/%d from %s to %s (errno=%d)\n",
2226 __func__, ip6_sprintf(ip6buf,
2227 &opr->ndpr_prefix.sin6_addr),
2228 opr->ndpr_plen, if_name(ifp),
2229 if_name(opr->ndpr_ifp), e));
2230 } else
2231 a_failure = 0;
2232 ND6_RLOCK();
2233 if (genid != V_nd6_list_genid)
2234 goto restart;
2235 }
2236 }
2237 ND6_RUNLOCK();
2238 } else {
2239 /* XXX: can we still set the NDPRF_ONLINK flag? */
2240 nd6log((LOG_ERR,
2241 "%s: failed to delete route: %s/%d on %s (errno=%d)\n",
2242 __func__, ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr),
2243 pr->ndpr_plen, if_name(ifp), error));
2244 }
2245
2246 if (a_failure)
2247 lltable_prefix_free(AF_INET6,
2248 (struct sockaddr *)&pr->ndpr_prefix,
2249 (struct sockaddr *)&mask6, LLE_STATIC);
2250
2251 return (error);
2252 }
2253
2254 /*
2255 * Install advertised route via default router.
2256 */
2257 static int
nd6_route_rtrequest(struct nd_routectl * key)2258 nd6_route_rtrequest(struct nd_routectl *key)
2259 {
2260 struct rib_cmd_info rc;
2261 struct rib_head *rnh;
2262 struct nhop_object *nh;
2263 struct ifaddr *ifa;
2264 struct ifnet *ifp;
2265 struct sockaddr *dst, *gw, *mask;
2266 int flags, error;
2267 time_t expire;
2268
2269 NET_EPOCH_ASSERT();
2270
2271 ifp = key->ndrt_ifp;
2272 dst = (struct sockaddr *)&key->ndrt_prefix;
2273 gw = (struct sockaddr *)&key->ndrt_gateway;
2274 mask = (struct sockaddr *)&key->ndrt_mask;
2275 flags = RTF_DYNAMIC | RTF_GATEWAY;
2276 if (key->ndrt_plen == 128) {
2277 flags |= RTF_HOST;
2278 mask = NULL;
2279 }
2280
2281 rnh = rt_tables_get_rnh_safe(key->ndrt_ifp->if_fib, AF_INET6);
2282 if (rnh == NULL)
2283 return (EINVAL);
2284
2285 /* Get the best ifa for the given interface and gateway. */
2286 if ((ifa = ifaof_ifpforaddr(gw, ifp)) == NULL)
2287 return (ENETUNREACH);
2288
2289 expire = time_second + key->ndrt_lifetime;
2290 struct rt_metrics rmx = {
2291 .rmx_expire = expire,
2292 };
2293 struct rt_addrinfo info = {
2294 .rti_flags = flags,
2295 .rti_info = {
2296 [RTAX_DST] = dst,
2297 [RTAX_GATEWAY] = gw,
2298 [RTAX_NETMASK] = mask,
2299 [RTAX_AUTHOR] = gw,
2300 },
2301 .rti_ifa = ifa,
2302 .rti_ifp = ifp,
2303 .rti_mflags = RTV_EXPIRE,
2304 .rti_rmx = &rmx,
2305 };
2306 /* XXX: route preference */
2307 struct route_nhop_data rnd = {
2308 .rnd_weight = RT_DEFAULT_WEIGHT,
2309 };
2310
2311 error = nhop_create_from_info(rnh, &info, &nh);
2312 if (error == 0) {
2313 nhop_set_origin(nh, NH_ORIGIN_REDIRECT);
2314 rnd.rnd_nhop = nh;
2315 error = rib_add_route_px(ifp->if_fib, dst, key->ndrt_plen, &rnd,
2316 RTM_F_CREATE, &rc);
2317 }
2318 if (error != 0)
2319 return (error);
2320 RTSTAT_INC(rts_dynamic);
2321
2322 /* Send notification of a route addition to userland. */
2323 rt_missmsg_fib(RTM_REDIRECT, &info, flags | RTF_UP, error, ifp->if_fib);
2324
2325 return (error);
2326 }
2327
2328 /*
2329 * Update lifetime of advertised route.
2330 */
2331 static int
nd6_route_rtupdate(struct nd_routectl * key)2332 nd6_route_rtupdate(struct nd_routectl *key)
2333 {
2334 struct rib_cmd_info rc;
2335 time_t expire;
2336
2337 expire = time_second + key->ndrt_lifetime;
2338 struct rt_metrics rmx = {
2339 .rmx_expire = expire,
2340 };
2341 struct rt_addrinfo info = {
2342 .rti_info[RTAX_DST] = (struct sockaddr *)&key->ndrt_prefix,
2343 .rti_mflags = RTV_EXPIRE,
2344 .rti_rmx = &rmx,
2345 };
2346 if (key->ndrt_plen != 128)
2347 info.rti_info[RTAX_NETMASK] = (struct sockaddr *)&key->ndrt_mask;
2348 return (rib_change_route(key->ndrt_ifp->if_fib, &info, &rc));
2349 }
2350
2351 /*
2352 * Delete advertised route.
2353 */
2354 static int
nd6_route_rtdelete(struct nd_routectl * key)2355 nd6_route_rtdelete(struct nd_routectl *key)
2356 {
2357 struct sockaddr *dst, *gw;
2358 struct rib_cmd_info rc;
2359 struct nhop_object *nh;
2360 struct ifnet *ifp;
2361 int error;
2362
2363 ifp = key->ndrt_ifp;
2364 dst = (struct sockaddr *)&key->ndrt_prefix;
2365 gw = (struct sockaddr *)&key->ndrt_gateway;
2366 error = rib_del_route_px(ifp->if_fib, dst, key->ndrt_plen,
2367 rib_match_gw, gw, 0, &rc);
2368 if (error == 0) {
2369 nh = nhop_select_func(rc.rc_nh_old, 0);
2370 rt_routemsg(RTM_DELETE, rc.rc_rt, nh, ifp->if_fib);
2371 }
2372
2373 return (error);
2374 }
2375
2376 /*
2377 * Lookup for exact match of advertised route with gateway
2378 * as its nexthop address.
2379 */
2380 static bool
nd6_route_rtlookup(struct nd_routectl * key)2381 nd6_route_rtlookup(struct nd_routectl *key)
2382 {
2383 RIB_RLOCK_TRACKER;
2384 struct rib_head *rnh;
2385 struct route_nhop_data rnd;
2386 struct sockaddr *dst, *gw;
2387
2388 dst = (struct sockaddr *)&key->ndrt_prefix;
2389 gw = (struct sockaddr *)&key->ndrt_gateway;
2390 rnh = rt_tables_get_rnh_safe(key->ndrt_ifp->if_fib, AF_INET6);
2391 if (rnh == NULL)
2392 return (false);
2393
2394 RIB_RLOCK(rnh);
2395 rib_lookup_prefix_plen(rnh, dst, key->ndrt_plen, &rnd);
2396 RIB_RUNLOCK(rnh);
2397 if (rnd.rnd_nhop == NULL)
2398 return (false);
2399
2400 return (match_nhop_gw(rnd.rnd_nhop, gw));
2401 }
2402
2403 static int
nd6_routelist_update(struct nd_routectl * new)2404 nd6_routelist_update(struct nd_routectl *new)
2405 {
2406 char ip6buf[INET6_ADDRSTRLEN];
2407 int error = 0;
2408
2409 NET_EPOCH_ASSERT();
2410
2411 /*
2412 * RFC 4191 section 3.1: If the received route's
2413 * lifetime is zero, the route is removed from the Routing
2414 * Table if present.
2415 */
2416 if (new->ndrt_lifetime == 0) {
2417 error = nd6_route_rtdelete(new);
2418 if (error != 0) {
2419 nd6log((LOG_DEBUG,
2420 "%s: failed to delete the route %s/%d on %s (errno=%d)\n",
2421 __func__, ip6_sprintf(ip6buf, &new->ndrt_prefix.sin6_addr),
2422 new->ndrt_plen, if_name(new->ndrt_ifp), error));
2423 }
2424 return (error);
2425 }
2426
2427 if (nd6_route_rtlookup(new)) {
2428 /*
2429 * RFC 4191 section 3.1: the route's lifetime and
2430 * preference is updated if the route is already present.
2431 * XXX: preference on routing table? (ndrt_flags)
2432 */
2433 error = nd6_route_rtupdate(new);
2434 if (error != 0) {
2435 nd6log((LOG_DEBUG,
2436 "%s: failed to update route lifetime of "
2437 "%s/%d from RA on %s (errno=%d)\n",
2438 __func__, ip6_sprintf(ip6buf, &new->ndrt_prefix.sin6_addr),
2439 new->ndrt_plen, if_name(new->ndrt_ifp), error));
2440 }
2441 } else {
2442 /*
2443 * RFC 4191 section 3.1: If a route's lifetime is non-zero,
2444 * the route is added to the Routing Table if not present.
2445 */
2446 error = nd6_route_rtrequest(new);
2447 if (error != 0) {
2448 nd6log((LOG_NOTICE,
2449 "%s: failed to add route %s/%d from RA on %s (errno=%d)\n",
2450 __func__, ip6_sprintf(ip6buf, &new->ndrt_prefix.sin6_addr),
2451 new->ndrt_plen, if_name(new->ndrt_ifp), error));
2452 }
2453 }
2454
2455 return (error);
2456 }
2457
2458 /*
2459 * Get a randomized interface identifier for a temporary address
2460 * Based on RFC 8981, Section 3.3.1.
2461 */
2462 static int
in6_get_tmp_ifid(struct in6_aliasreq * ifra)2463 in6_get_tmp_ifid(struct in6_aliasreq *ifra)
2464 {
2465 struct in6_addr *addr;
2466
2467 if(!is_random_seeded()){
2468 return 1;
2469 }
2470
2471 addr = &(ifra->ifra_addr.sin6_addr);
2472 regen:
2473 ifra->ifra_addr.sin6_addr.s6_addr32[2] |=
2474 (arc4random() & ~(ifra->ifra_prefixmask.sin6_addr.s6_addr32[2]));
2475 ifra->ifra_addr.sin6_addr.s6_addr32[3] |=
2476 (arc4random() & ~(ifra->ifra_prefixmask.sin6_addr.s6_addr32[3]));
2477
2478 /*
2479 * Check if generated address is not inappropriate:
2480 *
2481 * - Reserved IPv6 Interface Identifiers
2482 * (https://www.iana.org/assignments/ipv6-interface-ids/)
2483 */
2484
2485 /* Subnet-router anycast: 0000:0000:0000:0000 */
2486 if (!(addr->s6_addr32[2] | addr->s6_addr32[3]))
2487 goto regen;
2488
2489 /*
2490 * IANA Ethernet block: 0200:5EFF:FE00:0000-0200:5EFF:FE00:5212
2491 * Proxy Mobile IPv6: 0200:5EFF:FE00:5213
2492 * IANA Ethernet block: 0200:5EFF:FE00:5214-0200:5EFF:FEFF:FFFF
2493 */
2494 if (ntohl(addr->s6_addr32[2]) == 0x02005eff &&
2495 (ntohl(addr->s6_addr32[3]) & 0Xff000000) == 0xfe000000)
2496 goto regen;
2497
2498 /* Reserved subnet anycast addresses */
2499 if (ntohl(addr->s6_addr32[2]) == 0xfdffffff &&
2500 ntohl(addr->s6_addr32[3]) >= 0Xffffff80)
2501 goto regen;
2502
2503 return 0;
2504 }
2505
2506 /*
2507 * ia0 - corresponding public address
2508 */
2509 int
in6_tmpifadd(const struct in6_ifaddr * ia0,int forcegen,int delay)2510 in6_tmpifadd(const struct in6_ifaddr *ia0, int forcegen, int delay)
2511 {
2512 struct ifnet *ifp = ia0->ia_ifa.ifa_ifp;
2513 struct in6_ifaddr *newia;
2514 struct in6_aliasreq ifra;
2515 int error;
2516 int trylimit = 3; /* XXX: adhoc value */
2517 int updateflags;
2518 time_t vltime0, pltime0;
2519
2520 in6_prepare_ifra(&ifra, &ia0->ia_addr.sin6_addr,
2521 &ia0->ia_prefixmask.sin6_addr);
2522
2523 ifra.ifra_addr = ia0->ia_addr; /* XXX: do we need this ? */
2524 /* clear the old IFID */
2525 IN6_MASK_ADDR(&ifra.ifra_addr.sin6_addr,
2526 &ifra.ifra_prefixmask.sin6_addr);
2527
2528 again:
2529 if (in6_get_tmp_ifid(&ifra) != 0) {
2530 nd6log((LOG_NOTICE, "%s: failed to find a good random IFID\n",
2531 __func__));
2532 return (EINVAL);
2533 }
2534
2535 /*
2536 * in6_get_tmpifid() quite likely provided a unique interface ID.
2537 * However, we may still have a chance to see collision, because
2538 * there may be a time lag between generation of the ID and generation
2539 * of the address. So, we'll do one more sanity check.
2540 */
2541
2542 if (in6_localip(&ifra.ifra_addr.sin6_addr) != 0) {
2543 if (trylimit-- > 0) {
2544 forcegen = 1;
2545 goto again;
2546 }
2547
2548 /* Give up. Something strange should have happened. */
2549 nd6log((LOG_NOTICE, "%s: failed to find a unique random IFID\n",
2550 __func__));
2551 return (EEXIST);
2552 }
2553
2554 /*
2555 * The Valid Lifetime is the lower of the Valid Lifetime of the
2556 * public address or TEMP_VALID_LIFETIME.
2557 * The Preferred Lifetime is the lower of the Preferred Lifetime
2558 * of the public address or TEMP_PREFERRED_LIFETIME -
2559 * DESYNC_FACTOR.
2560 */
2561 if (ia0->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
2562 vltime0 = IFA6_IS_INVALID(ia0) ? 0 :
2563 (ia0->ia6_lifetime.ia6t_vltime -
2564 (time_uptime - ia0->ia6_updatetime));
2565 if (vltime0 > V_ip6_temp_valid_lifetime)
2566 vltime0 = V_ip6_temp_valid_lifetime;
2567 } else
2568 vltime0 = V_ip6_temp_valid_lifetime;
2569 if (ia0->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
2570 pltime0 = IFA6_IS_DEPRECATED(ia0) ? 0 :
2571 (ia0->ia6_lifetime.ia6t_pltime -
2572 (time_uptime - ia0->ia6_updatetime));
2573 if (pltime0 > V_ip6_temp_preferred_lifetime - V_ip6_desync_factor){
2574 pltime0 = V_ip6_temp_preferred_lifetime -
2575 V_ip6_desync_factor;
2576 }
2577 } else
2578 pltime0 = V_ip6_temp_preferred_lifetime - V_ip6_desync_factor;
2579 ifra.ifra_lifetime.ia6t_vltime = vltime0;
2580 ifra.ifra_lifetime.ia6t_pltime = pltime0;
2581
2582 /*
2583 * A temporary address is created only if this calculated Preferred
2584 * Lifetime is greater than REGEN_ADVANCE time units.
2585 */
2586 if (ifra.ifra_lifetime.ia6t_pltime <= V_ip6_temp_regen_advance)
2587 return (0);
2588
2589 /* XXX: scope zone ID? */
2590
2591 ifra.ifra_flags |= (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY);
2592
2593 /* allocate ifaddr structure, link into chain, etc. */
2594 updateflags = 0;
2595 if (delay)
2596 updateflags |= IN6_IFAUPDATE_DADDELAY;
2597 if ((error = in6_update_ifa(ifp, &ifra, NULL, updateflags)) != 0)
2598 return (error);
2599
2600 newia = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr);
2601 if (newia == NULL) { /* XXX: can it happen? */
2602 nd6log((LOG_ERR,
2603 "%s: ifa update succeeded, but we got no ifaddr\n",
2604 __func__));
2605 return (EINVAL); /* XXX */
2606 }
2607 newia->ia6_ndpr = ia0->ia6_ndpr;
2608 newia->ia6_ndpr->ndpr_addrcnt++;
2609 ifa_free(&newia->ia_ifa);
2610
2611 /*
2612 * A newly added address might affect the status of other addresses.
2613 * XXX: when the temporary address is generated with a new public
2614 * address, the onlink check is redundant. However, it would be safe
2615 * to do the check explicitly everywhere a new address is generated,
2616 * and, in fact, we surely need the check when we create a new
2617 * temporary address due to deprecation of an old temporary address.
2618 */
2619 pfxlist_onlink_check();
2620
2621 return (0);
2622 }
2623
2624 static int
rt6_deleteroute(const struct rtentry * rt,const struct nhop_object * nh,void * arg)2625 rt6_deleteroute(const struct rtentry *rt, const struct nhop_object *nh,
2626 void *arg)
2627 {
2628 struct in6_addr *gate = (struct in6_addr *)arg;
2629 int nh_rt_flags;
2630
2631 if (nh->gw_sa.sa_family != AF_INET6)
2632 return (0);
2633
2634 if (!IN6_ARE_ADDR_EQUAL(gate, &nh->gw6_sa.sin6_addr)) {
2635 return (0);
2636 }
2637
2638 /*
2639 * Do not delete a static route.
2640 * XXX: this seems to be a bit ad-hoc. Should we consider the
2641 * 'cloned' bit instead?
2642 */
2643 nh_rt_flags = nhop_get_rtflags(nh);
2644 if ((nh_rt_flags & RTF_STATIC) != 0)
2645 return (0);
2646
2647 /*
2648 * We delete only host route. This means, in particular, we don't
2649 * delete default route.
2650 */
2651 if ((nh_rt_flags & RTF_HOST) == 0)
2652 return (0);
2653
2654 return (1);
2655 #undef SIN6
2656 }
2657
2658 /*
2659 * Delete all the routing table entries that use the specified gateway.
2660 * XXX: this function causes search through all entries of routing table, so
2661 * it shouldn't be called when acting as a router.
2662 */
2663 void
rt6_flush(struct in6_addr * gateway,struct ifnet * ifp)2664 rt6_flush(struct in6_addr *gateway, struct ifnet *ifp)
2665 {
2666
2667 /* We'll care only link-local addresses */
2668 if (!IN6_IS_ADDR_LINKLOCAL(gateway))
2669 return;
2670
2671 /* XXX Do we really need to walk any but the default FIB? */
2672 rib_foreach_table_walk_del(AF_INET6, rt6_deleteroute, (void *)gateway);
2673 }
2674
2675 int
nd6_setdefaultiface(int ifindex)2676 nd6_setdefaultiface(int ifindex)
2677 {
2678
2679 if (V_nd6_defifindex != ifindex) {
2680 V_nd6_defifindex = ifindex;
2681 if (V_nd6_defifindex != 0) {
2682 struct epoch_tracker et;
2683
2684 /*
2685 * XXXGL: this function should use ifnet_byindex_ref!
2686 */
2687 NET_EPOCH_ENTER(et);
2688 V_nd6_defifp = ifnet_byindex(V_nd6_defifindex);
2689 NET_EPOCH_EXIT(et);
2690 if (V_nd6_defifp == NULL)
2691 return (EINVAL);
2692 } else
2693 V_nd6_defifp = NULL;
2694
2695 /*
2696 * Our current implementation assumes one-to-one mapping between
2697 * interfaces and links, so it would be natural to use the
2698 * default interface as the default link.
2699 */
2700 scope6_setdefault(V_nd6_defifp);
2701 }
2702
2703 return (0);
2704 }
2705
2706 bool
nd6_defrouter_list_empty(void)2707 nd6_defrouter_list_empty(void)
2708 {
2709
2710 return (TAILQ_EMPTY(&V_nd6_defrouter));
2711 }
2712
2713 void
nd6_defrouter_timer(void)2714 nd6_defrouter_timer(void)
2715 {
2716 struct nd_defrouter *dr, *ndr;
2717 struct nd6_drhead drq;
2718
2719 TAILQ_INIT(&drq);
2720
2721 ND6_WLOCK();
2722 TAILQ_FOREACH_SAFE(dr, &V_nd6_defrouter, dr_entry, ndr)
2723 if (dr->expire && dr->expire < time_uptime)
2724 defrouter_unlink(dr, &drq);
2725 ND6_WUNLOCK();
2726
2727 while ((dr = TAILQ_FIRST(&drq)) != NULL) {
2728 TAILQ_REMOVE(&drq, dr, dr_entry);
2729 defrouter_del(dr);
2730 }
2731 }
2732
2733 /*
2734 * Nuke default router list entries toward ifp.
2735 * We defer removal of default router list entries that is installed in the
2736 * routing table, in order to keep additional side effects as small as possible.
2737 */
2738 void
nd6_defrouter_purge(struct ifnet * ifp)2739 nd6_defrouter_purge(struct ifnet *ifp)
2740 {
2741 struct nd_defrouter *dr, *ndr;
2742 struct nd6_drhead drq;
2743
2744 TAILQ_INIT(&drq);
2745
2746 ND6_WLOCK();
2747 TAILQ_FOREACH_SAFE(dr, &V_nd6_defrouter, dr_entry, ndr) {
2748 if (dr->installed)
2749 continue;
2750 if (dr->ifp == ifp)
2751 defrouter_unlink(dr, &drq);
2752 }
2753 TAILQ_FOREACH_SAFE(dr, &V_nd6_defrouter, dr_entry, ndr) {
2754 if (!dr->installed)
2755 continue;
2756 if (dr->ifp == ifp)
2757 defrouter_unlink(dr, &drq);
2758 }
2759 ND6_WUNLOCK();
2760
2761 /* Delete the unlinked router objects. */
2762 while ((dr = TAILQ_FIRST(&drq)) != NULL) {
2763 TAILQ_REMOVE(&drq, dr, dr_entry);
2764 defrouter_del(dr);
2765 }
2766 }
2767
2768 void
nd6_defrouter_flush_all(void)2769 nd6_defrouter_flush_all(void)
2770 {
2771 struct nd_defrouter *dr;
2772 struct nd6_drhead drq;
2773
2774 TAILQ_INIT(&drq);
2775
2776 ND6_WLOCK();
2777 while ((dr = TAILQ_FIRST(&V_nd6_defrouter)) != NULL)
2778 defrouter_unlink(dr, &drq);
2779 ND6_WUNLOCK();
2780
2781 while ((dr = TAILQ_FIRST(&drq)) != NULL) {
2782 TAILQ_REMOVE(&drq, dr, dr_entry);
2783 defrouter_del(dr);
2784 }
2785 }
2786
2787 void
nd6_defrouter_init(void)2788 nd6_defrouter_init(void)
2789 {
2790
2791 TAILQ_INIT(&V_nd6_defrouter);
2792 }
2793
2794 static int
nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS)2795 nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS)
2796 {
2797 struct in6_defrouter d;
2798 struct nd_defrouter *dr;
2799 int error;
2800
2801 if (req->newptr != NULL)
2802 return (EPERM);
2803
2804 error = sysctl_wire_old_buffer(req, 0);
2805 if (error != 0)
2806 return (error);
2807
2808 bzero(&d, sizeof(d));
2809 d.rtaddr.sin6_family = AF_INET6;
2810 d.rtaddr.sin6_len = sizeof(d.rtaddr);
2811
2812 ND6_RLOCK();
2813 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry) {
2814 d.rtaddr.sin6_addr = dr->rtaddr;
2815 error = sa6_recoverscope(&d.rtaddr);
2816 if (error != 0)
2817 break;
2818 d.flags = dr->raflags;
2819 d.rtlifetime = dr->rtlifetime;
2820 d.expire = dr->expire + (time_second - time_uptime);
2821 d.if_index = dr->ifp->if_index;
2822 error = SYSCTL_OUT(req, &d, sizeof(d));
2823 if (error != 0)
2824 break;
2825 }
2826 ND6_RUNLOCK();
2827 return (error);
2828 }
2829 SYSCTL_PROC(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist,
2830 CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE,
2831 NULL, 0, nd6_sysctl_drlist, "S,in6_defrouter",
2832 "NDP default router list");
2833