1c398230bSWarner Losh /*- 2df8bae1dSRodney W. Grimes * Copyright (c) 1982, 1986, 1988, 1993 3df8bae1dSRodney W. Grimes * The Regents of the University of California. All rights reserved. 4df8bae1dSRodney W. Grimes * 5df8bae1dSRodney W. Grimes * Redistribution and use in source and binary forms, with or without 6df8bae1dSRodney W. Grimes * modification, are permitted provided that the following conditions 7df8bae1dSRodney W. Grimes * are met: 8df8bae1dSRodney W. Grimes * 1. Redistributions of source code must retain the above copyright 9df8bae1dSRodney W. Grimes * notice, this list of conditions and the following disclaimer. 10df8bae1dSRodney W. Grimes * 2. Redistributions in binary form must reproduce the above copyright 11df8bae1dSRodney W. Grimes * notice, this list of conditions and the following disclaimer in the 12df8bae1dSRodney W. Grimes * documentation and/or other materials provided with the distribution. 13df8bae1dSRodney W. Grimes * 4. Neither the name of the University nor the names of its contributors 14df8bae1dSRodney W. Grimes * may be used to endorse or promote products derived from this software 15df8bae1dSRodney W. Grimes * without specific prior written permission. 16df8bae1dSRodney W. Grimes * 17df8bae1dSRodney W. Grimes * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18df8bae1dSRodney W. Grimes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19df8bae1dSRodney W. Grimes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20df8bae1dSRodney W. Grimes * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21df8bae1dSRodney W. Grimes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22df8bae1dSRodney W. Grimes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23df8bae1dSRodney W. Grimes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24df8bae1dSRodney W. Grimes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25df8bae1dSRodney W. Grimes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26df8bae1dSRodney W. Grimes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27df8bae1dSRodney W. Grimes * SUCH DAMAGE. 28df8bae1dSRodney W. Grimes * 29df8bae1dSRodney W. Grimes * @(#)if_ether.c 8.1 (Berkeley) 6/10/93 30df8bae1dSRodney W. Grimes */ 31df8bae1dSRodney W. Grimes 32df8bae1dSRodney W. Grimes /* 33df8bae1dSRodney W. Grimes * Ethernet address resolution protocol. 34df8bae1dSRodney W. Grimes * TODO: 35df8bae1dSRodney W. Grimes * add "inuse/lock" bit (or ref. count) along with valid bit 36df8bae1dSRodney W. Grimes */ 37df8bae1dSRodney W. Grimes 384b421e2dSMike Silbersack #include <sys/cdefs.h> 394b421e2dSMike Silbersack __FBSDID("$FreeBSD$"); 404b421e2dSMike Silbersack 411d5e9e22SEivind Eklund #include "opt_inet.h" 421d5e9e22SEivind Eklund 43df8bae1dSRodney W. Grimes #include <sys/param.h> 44df8bae1dSRodney W. Grimes #include <sys/kernel.h> 45cc0a3c8cSAndrey V. Elsukov #include <sys/lock.h> 46ce02431fSDoug Rabson #include <sys/queue.h> 47885f1aa4SPoul-Henning Kamp #include <sys/sysctl.h> 48885f1aa4SPoul-Henning Kamp #include <sys/systm.h> 49885f1aa4SPoul-Henning Kamp #include <sys/mbuf.h> 50885f1aa4SPoul-Henning Kamp #include <sys/malloc.h> 51de34ad3fSJulian Elischer #include <sys/proc.h> 52cc0a3c8cSAndrey V. Elsukov #include <sys/rmlock.h> 534458ac71SBruce Evans #include <sys/socket.h> 54885f1aa4SPoul-Henning Kamp #include <sys/syslog.h> 55df8bae1dSRodney W. Grimes 56df8bae1dSRodney W. Grimes #include <net/if.h> 5776039bc8SGleb Smirnoff #include <net/if_var.h> 58df8bae1dSRodney W. Grimes #include <net/if_dl.h> 59722012ccSJulian Elischer #include <net/if_types.h> 60748e0b0aSGarrett Wollman #include <net/netisr.h> 61c8f8e9c1SJulian Elischer #include <net/ethernet.h> 625736e6fbSBjoern A. Zeeb #include <net/route.h> 63530c0060SRobert Watson #include <net/vnet.h> 64df8bae1dSRodney W. Grimes 65df8bae1dSRodney W. Grimes #include <netinet/in.h> 66df8bae1dSRodney W. Grimes #include <netinet/in_var.h> 676e6b3f7cSQing Li #include <net/if_llatbl.h> 68df8bae1dSRodney W. Grimes #include <netinet/if_ether.h> 6983e521ecSBjoern A. Zeeb #ifdef INET 709963e8a5SWill Andrews #include <netinet/ip_carp.h> 719963e8a5SWill Andrews #endif 72df8bae1dSRodney W. Grimes 73aed55708SRobert Watson #include <security/mac/mac_framework.h> 74aed55708SRobert Watson 7547e8d432SGleb Smirnoff #define SIN(s) ((const struct sockaddr_in *)(s)) 76eec33ea0SAlexander V. Chernikov 77eec33ea0SAlexander V. Chernikov static struct timeval arp_lastlog; 78eec33ea0SAlexander V. Chernikov static int arp_curpps; 79eec33ea0SAlexander V. Chernikov static int arp_maxpps = 1; 80df8bae1dSRodney W. Grimes 81ce02431fSDoug Rabson SYSCTL_DECL(_net_link_ether); 826472ac3dSEd Schouten static SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, ""); 836472ac3dSEd Schouten static SYSCTL_NODE(_net_link_ether, PF_ARP, arp, CTLFLAG_RW, 0, ""); 84df8bae1dSRodney W. Grimes 85df8bae1dSRodney W. Grimes /* timer values */ 863e288e62SDimitry Andric static VNET_DEFINE(int, arpt_keep) = (20*60); /* once resolved, good for 20 87eddfbb76SRobert Watson * minutes */ 883e288e62SDimitry Andric static VNET_DEFINE(int, arp_maxtries) = 5; 893e288e62SDimitry Andric static VNET_DEFINE(int, arp_proxyall) = 0; 903e288e62SDimitry Andric static VNET_DEFINE(int, arpt_down) = 20; /* keep incomplete entries for 9193704ac5SQing Li * 20 seconds */ 925b7cb97cSAndrey V. Elsukov VNET_PCPUSTAT_DEFINE(struct arpstat, arpstat); /* ARP statistics, see if_arp.h */ 935b7cb97cSAndrey V. Elsukov VNET_PCPUSTAT_SYSINIT(arpstat); 945b7cb97cSAndrey V. Elsukov 955b7cb97cSAndrey V. Elsukov #ifdef VIMAGE 965b7cb97cSAndrey V. Elsukov VNET_PCPUSTAT_SYSUNINIT(arpstat); 975b7cb97cSAndrey V. Elsukov #endif /* VIMAGE */ 98e162ea60SGeorge V. Neville-Neil 993e288e62SDimitry Andric static VNET_DEFINE(int, arp_maxhold) = 1; 100885f1aa4SPoul-Henning Kamp 1011e77c105SRobert Watson #define V_arpt_keep VNET(arpt_keep) 10293704ac5SQing Li #define V_arpt_down VNET(arpt_down) 1031e77c105SRobert Watson #define V_arp_maxtries VNET(arp_maxtries) 1041e77c105SRobert Watson #define V_arp_proxyall VNET(arp_proxyall) 105e162ea60SGeorge V. Neville-Neil #define V_arp_maxhold VNET(arp_maxhold) 106885f1aa4SPoul-Henning Kamp 1076df8a710SGleb Smirnoff SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_VNET | CTLFLAG_RW, 108eddfbb76SRobert Watson &VNET_NAME(arpt_keep), 0, 109eddfbb76SRobert Watson "ARP entry lifetime in seconds"); 1106df8a710SGleb Smirnoff SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_VNET | CTLFLAG_RW, 111eddfbb76SRobert Watson &VNET_NAME(arp_maxtries), 0, 1128b615593SMarko Zec "ARP resolution attempts before returning error"); 1136df8a710SGleb Smirnoff SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_VNET | CTLFLAG_RW, 114eddfbb76SRobert Watson &VNET_NAME(arp_proxyall), 0, 1158b615593SMarko Zec "Enable proxy ARP for all suitable requests"); 1166df8a710SGleb Smirnoff SYSCTL_INT(_net_link_ether_inet, OID_AUTO, wait, CTLFLAG_VNET | CTLFLAG_RW, 117e162ea60SGeorge V. Neville-Neil &VNET_NAME(arpt_down), 0, 118e162ea60SGeorge V. Neville-Neil "Incomplete ARP entry lifetime in seconds"); 1195b7cb97cSAndrey V. Elsukov SYSCTL_VNET_PCPUSTAT(_net_link_ether_arp, OID_AUTO, stats, struct arpstat, 1205b7cb97cSAndrey V. Elsukov arpstat, "ARP statistics (struct arpstat, net/if_arp.h)"); 1216df8a710SGleb Smirnoff SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxhold, CTLFLAG_VNET | CTLFLAG_RW, 122e162ea60SGeorge V. Neville-Neil &VNET_NAME(arp_maxhold), 0, 123e162ea60SGeorge V. Neville-Neil "Number of packets to hold per ARP entry"); 124eec33ea0SAlexander V. Chernikov SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_log_per_second, 125eec33ea0SAlexander V. Chernikov CTLFLAG_RW, &arp_maxpps, 0, 126eec33ea0SAlexander V. Chernikov "Maximum number of remotely triggered ARP messages that can be " 127eec33ea0SAlexander V. Chernikov "logged per second"); 128eec33ea0SAlexander V. Chernikov 129eec33ea0SAlexander V. Chernikov #define ARP_LOG(pri, ...) do { \ 130eec33ea0SAlexander V. Chernikov if (ppsratecheck(&arp_lastlog, &arp_curpps, arp_maxpps)) \ 131eec33ea0SAlexander V. Chernikov log((pri), "arp: " __VA_ARGS__); \ 132eec33ea0SAlexander V. Chernikov } while (0) 133eec33ea0SAlexander V. Chernikov 134885f1aa4SPoul-Henning Kamp 1354d77a549SAlfred Perlstein static void arp_init(void); 1361cafed39SJonathan Lemon static void arpintr(struct mbuf *); 1374d77a549SAlfred Perlstein static void arptimer(void *); 1381d5e9e22SEivind Eklund #ifdef INET 1394d77a549SAlfred Perlstein static void in_arpinput(struct mbuf *); 1401d5e9e22SEivind Eklund #endif 14128e82295SGarrett Wollman 142f3bfa7d1SAlexander V. Chernikov static void arp_check_update_lle(struct arphdr *ah, struct in_addr isaddr, 143f3bfa7d1SAlexander V. Chernikov struct ifnet *ifp, int bridged, struct llentry *la); 144f3bfa7d1SAlexander V. Chernikov static void arp_mark_lle_reachable(struct llentry *la); 145*b13c5b5dSAlexander V. Chernikov static void arp_iflladdr(void *arg __unused, struct ifnet *ifp); 146f3bfa7d1SAlexander V. Chernikov 147*b13c5b5dSAlexander V. Chernikov static eventhandler_tag iflladdr_tag; 148f3bfa7d1SAlexander V. Chernikov 149d4b5cae4SRobert Watson static const struct netisr_handler arp_nh = { 150d4b5cae4SRobert Watson .nh_name = "arp", 151d4b5cae4SRobert Watson .nh_handler = arpintr, 152d4b5cae4SRobert Watson .nh_proto = NETISR_ARP, 153d4b5cae4SRobert Watson .nh_policy = NETISR_POLICY_SOURCE, 154d4b5cae4SRobert Watson }; 155d4b5cae4SRobert Watson 1566e6b3f7cSQing Li /* 1576e6b3f7cSQing Li * Timeout routine. Age arp_tab entries periodically. 158df8bae1dSRodney W. Grimes */ 159df8bae1dSRodney W. Grimes static void 1601daaa65dSGleb Smirnoff arptimer(void *arg) 161df8bae1dSRodney W. Grimes { 162ea537929SGleb Smirnoff struct llentry *lle = (struct llentry *)arg; 1636e6b3f7cSQing Li struct ifnet *ifp; 164df8bae1dSRodney W. Grimes 165ea537929SGleb Smirnoff if (lle->la_flags & LLE_STATIC) { 1662575fbb8SRandall Stewart return; 1672575fbb8SRandall Stewart } 1682575fbb8SRandall Stewart LLE_WLOCK(lle); 1690447c136SAlexander V. Chernikov if (callout_pending(&lle->lle_timer)) { 1702575fbb8SRandall Stewart /* 1712575fbb8SRandall Stewart * Here we are a bit odd here in the treatment of 1722575fbb8SRandall Stewart * active/pending. If the pending bit is set, it got 1732575fbb8SRandall Stewart * rescheduled before I ran. The active 1742575fbb8SRandall Stewart * bit we ignore, since if it was stopped 1752575fbb8SRandall Stewart * in ll_tablefree() and was currently running 1762575fbb8SRandall Stewart * it would have return 0 so the code would 1772575fbb8SRandall Stewart * not have deleted it since the callout could 1782575fbb8SRandall Stewart * not be stopped so we want to go through 1792575fbb8SRandall Stewart * with the delete here now. If the callout 1802575fbb8SRandall Stewart * was restarted, the pending bit will be back on and 1812575fbb8SRandall Stewart * we just want to bail since the callout_reset would 1822575fbb8SRandall Stewart * return 1 and our reference would have been removed 1832575fbb8SRandall Stewart * by arpresolve() below. 1842575fbb8SRandall Stewart */ 185ea537929SGleb Smirnoff LLE_WUNLOCK(lle); 186ea537929SGleb Smirnoff return; 187ea537929SGleb Smirnoff } 1886e6b3f7cSQing Li ifp = lle->lle_tbl->llt_ifp; 18954fc657dSGeorge V. Neville-Neil CURVNET_SET(ifp->if_vnet); 19009fe6320SNavdeep Parhar 191e364d8c4SNavdeep Parhar if ((lle->la_flags & LLE_DELETED) == 0) { 19209fe6320SNavdeep Parhar int evt; 19309fe6320SNavdeep Parhar 19409fe6320SNavdeep Parhar if (lle->la_flags & LLE_VALID) 19509fe6320SNavdeep Parhar evt = LLENTRY_EXPIRED; 19609fe6320SNavdeep Parhar else 19709fe6320SNavdeep Parhar evt = LLENTRY_TIMEDOUT; 19809fe6320SNavdeep Parhar EVENTHANDLER_INVOKE(lle_event, lle, evt); 19909fe6320SNavdeep Parhar } 20009fe6320SNavdeep Parhar 2010447c136SAlexander V. Chernikov callout_stop(&lle->lle_timer); 202ea537929SGleb Smirnoff 203ea537929SGleb Smirnoff /* XXX: LOR avoidance. We still have ref on lle. */ 204ea537929SGleb Smirnoff LLE_WUNLOCK(lle); 205ea537929SGleb Smirnoff IF_AFDATA_LOCK(ifp); 206ea537929SGleb Smirnoff LLE_WLOCK(lle); 207ea537929SGleb Smirnoff 208b1ec2940SGleb Smirnoff /* Guard against race with other llentry_free(). */ 209b1ec2940SGleb Smirnoff if (lle->la_flags & LLE_LINKED) { 210ea537929SGleb Smirnoff LLE_REMREF(lle); 211d3cdb716SAlexander V. Chernikov lltable_unlink_entry(lle->lle_tbl, lle); 212d3cdb716SAlexander V. Chernikov } 213b1ec2940SGleb Smirnoff IF_AFDATA_UNLOCK(ifp); 214b1ec2940SGleb Smirnoff 215d3cdb716SAlexander V. Chernikov size_t pkts_dropped = llentry_free(lle); 216d3cdb716SAlexander V. Chernikov 217d3cdb716SAlexander V. Chernikov ARPSTAT_ADD(dropped, pkts_dropped); 21854fc657dSGeorge V. Neville-Neil ARPSTAT_INC(timeouts); 219b1ec2940SGleb Smirnoff 22054fc657dSGeorge V. Neville-Neil CURVNET_RESTORE(); 221df8bae1dSRodney W. Grimes } 222df8bae1dSRodney W. Grimes 223df8bae1dSRodney W. Grimes /* 224df8bae1dSRodney W. Grimes * Broadcast an ARP request. Caller specifies: 225df8bae1dSRodney W. Grimes * - arp header source ip address 226df8bae1dSRodney W. Grimes * - arp header target ip address 227df8bae1dSRodney W. Grimes * - arp header source ethernet address 228df8bae1dSRodney W. Grimes */ 2296e6b3f7cSQing Li void 23047e8d432SGleb Smirnoff arprequest(struct ifnet *ifp, const struct in_addr *sip, 23147e8d432SGleb Smirnoff const struct in_addr *tip, u_char *enaddr) 232df8bae1dSRodney W. Grimes { 233e952fa39SMatthew N. Dodd struct mbuf *m; 234e952fa39SMatthew N. Dodd struct arphdr *ah; 235df8bae1dSRodney W. Grimes struct sockaddr sa; 236aa24ae3cSGleb Smirnoff u_char *carpaddr = NULL; 237df8bae1dSRodney W. Grimes 2386e6b3f7cSQing Li if (sip == NULL) { 2396e6b3f7cSQing Li /* 2406e6b3f7cSQing Li * The caller did not supply a source address, try to find 2416e6b3f7cSQing Li * a compatible one among those assigned to this interface. 2426e6b3f7cSQing Li */ 2436e6b3f7cSQing Li struct ifaddr *ifa; 2446e6b3f7cSQing Li 245aa24ae3cSGleb Smirnoff IF_ADDR_RLOCK(ifp); 2466e6b3f7cSQing Li TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 247aa24ae3cSGleb Smirnoff if (ifa->ifa_addr->sa_family != AF_INET) 2486e6b3f7cSQing Li continue; 249aa24ae3cSGleb Smirnoff 250aa24ae3cSGleb Smirnoff if (ifa->ifa_carp) { 251aa24ae3cSGleb Smirnoff if ((*carp_iamatch_p)(ifa, &carpaddr) == 0) 252aa24ae3cSGleb Smirnoff continue; 253aa24ae3cSGleb Smirnoff sip = &IA_SIN(ifa)->sin_addr; 254aa24ae3cSGleb Smirnoff } else { 255aa24ae3cSGleb Smirnoff carpaddr = NULL; 256aa24ae3cSGleb Smirnoff sip = &IA_SIN(ifa)->sin_addr; 257aa24ae3cSGleb Smirnoff } 258aa24ae3cSGleb Smirnoff 2596e6b3f7cSQing Li if (0 == ((sip->s_addr ^ tip->s_addr) & 260aa24ae3cSGleb Smirnoff IA_MASKSIN(ifa)->sin_addr.s_addr)) 2616e6b3f7cSQing Li break; /* found it. */ 2626e6b3f7cSQing Li } 263aa24ae3cSGleb Smirnoff IF_ADDR_RUNLOCK(ifp); 2646e6b3f7cSQing Li if (sip == NULL) { 2656e6b3f7cSQing Li printf("%s: cannot find matching address\n", __func__); 2666e6b3f7cSQing Li return; 2676e6b3f7cSQing Li } 2686e6b3f7cSQing Li } 269aa24ae3cSGleb Smirnoff if (enaddr == NULL) 270aa24ae3cSGleb Smirnoff enaddr = carpaddr ? carpaddr : (u_char *)IF_LLADDR(ifp); 2716e6b3f7cSQing Li 272eb1b1807SGleb Smirnoff if ((m = m_gethdr(M_NOWAIT, MT_DATA)) == NULL) 273df8bae1dSRodney W. Grimes return; 27464bf80ceSMatthew N. Dodd m->m_len = sizeof(*ah) + 2 * sizeof(struct in_addr) + 275546451a2SGleb Smirnoff 2 * ifp->if_addrlen; 27664bf80ceSMatthew N. Dodd m->m_pkthdr.len = m->m_len; 277ed6a66caSRobert Watson M_ALIGN(m, m->m_len); 27864bf80ceSMatthew N. Dodd ah = mtod(m, struct arphdr *); 27964bf80ceSMatthew N. Dodd bzero((caddr_t)ah, m->m_len); 28019527d3eSRobert Watson #ifdef MAC 281b9b0dac3SRobert Watson mac_netinet_arp_send(ifp, m); 28219527d3eSRobert Watson #endif 283322dcb8dSMax Khon ah->ar_pro = htons(ETHERTYPE_IP); 284322dcb8dSMax Khon ah->ar_hln = ifp->if_addrlen; /* hardware address length */ 285322dcb8dSMax Khon ah->ar_pln = sizeof(struct in_addr); /* protocol address length */ 286322dcb8dSMax Khon ah->ar_op = htons(ARPOP_REQUEST); 28747e8d432SGleb Smirnoff bcopy(enaddr, ar_sha(ah), ah->ar_hln); 28847e8d432SGleb Smirnoff bcopy(sip, ar_spa(ah), ah->ar_pln); 28947e8d432SGleb Smirnoff bcopy(tip, ar_tpa(ah), ah->ar_pln); 29064bf80ceSMatthew N. Dodd sa.sa_family = AF_ARP; 29164bf80ceSMatthew N. Dodd sa.sa_len = 2; 29264bf80ceSMatthew N. Dodd m->m_flags |= M_BCAST; 29386bd0491SAndre Oppermann m_clrprotoflags(m); /* Avoid confusing lower layers. */ 294279aa3d4SKip Macy (*ifp->if_output)(ifp, m, &sa, NULL); 29554fc657dSGeorge V. Neville-Neil ARPSTAT_INC(txrequests); 296df8bae1dSRodney W. Grimes } 297df8bae1dSRodney W. Grimes 298df8bae1dSRodney W. Grimes /* 299512e30efSAlexander V. Chernikov * Resolve an IP address into an ethernet address - heavy version. 300512e30efSAlexander V. Chernikov * Used internally by arpresolve(). 301512e30efSAlexander V. Chernikov * We have already checked than we can't use existing lle without 302512e30efSAlexander V. Chernikov * modification so we have to acquire LLE_EXCLUSIVE lle lock. 303cd46a114SLuigi Rizzo * 30474860d4fSAlexander V. Chernikov * On success, desten and flags are filled in and the function returns 0; 305cd46a114SLuigi Rizzo * If the packet must be held pending resolution, we return EWOULDBLOCK 306cd46a114SLuigi Rizzo * On other errors, we return the corresponding error code. 307b6ae6984SJulian Elischer * Note that m_freem() handles NULL. 308df8bae1dSRodney W. Grimes */ 309512e30efSAlexander V. Chernikov static int 310512e30efSAlexander V. Chernikov arpresolve_full(struct ifnet *ifp, int is_gw, int create, struct mbuf *m, 31174860d4fSAlexander V. Chernikov const struct sockaddr *dst, u_char *desten, uint32_t *pflags) 312df8bae1dSRodney W. Grimes { 3135a255516SAlexander V. Chernikov struct llentry *la = NULL, *la_tmp; 314e162ea60SGeorge V. Neville-Neil struct mbuf *curr = NULL; 315e162ea60SGeorge V. Neville-Neil struct mbuf *next = NULL; 316512e30efSAlexander V. Chernikov int error, renew; 317df8bae1dSRodney W. Grimes 31874860d4fSAlexander V. Chernikov if (pflags != NULL) 31974860d4fSAlexander V. Chernikov *pflags = 0; 32074860d4fSAlexander V. Chernikov 321512e30efSAlexander V. Chernikov if (create == 0) { 32200a46b31SKip Macy IF_AFDATA_RLOCK(ifp); 323512e30efSAlexander V. Chernikov la = lla_lookup(LLTABLE(ifp), LLE_EXCLUSIVE, dst); 32400a46b31SKip Macy IF_AFDATA_RUNLOCK(ifp); 325512e30efSAlexander V. Chernikov } 326512e30efSAlexander V. Chernikov if (la == NULL && (ifp->if_flags & (IFF_NOARP | IFF_STATICARP)) == 0) { 3275a255516SAlexander V. Chernikov la = lltable_alloc_entry(LLTABLE(ifp), 0, dst); 3281ed7bf1eSGleb Smirnoff if (la == NULL) { 3291ed7bf1eSGleb Smirnoff log(LOG_DEBUG, 330743c072aSAlan Somers "arpresolve: can't allocate llinfo for %s on %s\n", 3315a255516SAlexander V. Chernikov inet_ntoa(SIN(dst)->sin_addr), if_name(ifp)); 3325a255516SAlexander V. Chernikov m_freem(m); 3335a255516SAlexander V. Chernikov return (EINVAL); 3345a255516SAlexander V. Chernikov } 3355a255516SAlexander V. Chernikov 3365a255516SAlexander V. Chernikov IF_AFDATA_WLOCK(ifp); 3375a255516SAlexander V. Chernikov LLE_WLOCK(la); 3385a255516SAlexander V. Chernikov la_tmp = lla_lookup(LLTABLE(ifp), LLE_EXCLUSIVE, dst); 3395a255516SAlexander V. Chernikov /* Prefer ANY existing lle over newly-created one */ 3405a255516SAlexander V. Chernikov if (la_tmp == NULL) 3415a255516SAlexander V. Chernikov lltable_link_entry(LLTABLE(ifp), la); 3425a255516SAlexander V. Chernikov IF_AFDATA_WUNLOCK(ifp); 3435a255516SAlexander V. Chernikov if (la_tmp != NULL) { 3445a255516SAlexander V. Chernikov lltable_free_entry(LLTABLE(ifp), la); 3455a255516SAlexander V. Chernikov la = la_tmp; 3465a255516SAlexander V. Chernikov } 3475a255516SAlexander V. Chernikov } 3485a255516SAlexander V. Chernikov if (la == NULL) { 3491ed7bf1eSGleb Smirnoff m_freem(m); 3506e6b3f7cSQing Li return (EINVAL); 3511ed7bf1eSGleb Smirnoff } 352a20e2538SGleb Smirnoff 3536e6b3f7cSQing Li if ((la->la_flags & LLE_VALID) && 354a98c06f1SGleb Smirnoff ((la->la_flags & LLE_STATIC) || la->la_expire > time_uptime)) { 3556e6b3f7cSQing Li bcopy(&la->ll_addr, desten, ifp->if_addrlen); 356f0516b3cSErmal Luçi renew = 0; 357f0f3379eSOrion Hodson /* 358f0f3379eSOrion Hodson * If entry has an expiry time and it is approaching, 3596e6b3f7cSQing Li * see if we need to send an ARP request within this 3606e6b3f7cSQing Li * arpt_down interval. 361f0f3379eSOrion Hodson */ 3626e6b3f7cSQing Li if (!(la->la_flags & LLE_STATIC) && 363a98c06f1SGleb Smirnoff time_uptime + la->la_preempt > la->la_expire) { 364f0516b3cSErmal Luçi renew = 1; 365022695f8SOrion Hodson la->la_preempt--; 366f0f3379eSOrion Hodson } 367f0f3379eSOrion Hodson 36874860d4fSAlexander V. Chernikov if (pflags != NULL) 36974860d4fSAlexander V. Chernikov *pflags = la->la_flags; 370f0516b3cSErmal Luçi 371f0516b3cSErmal Luçi LLE_WUNLOCK(la); 372f0516b3cSErmal Luçi 373f0516b3cSErmal Luçi if (renew == 1) 374f0516b3cSErmal Luçi arprequest(ifp, NULL, &SIN(dst)->sin_addr, NULL); 375f0516b3cSErmal Luçi 376f0516b3cSErmal Luçi return (0); 377df8bae1dSRodney W. Grimes } 3786e6b3f7cSQing Li 379a98c06f1SGleb Smirnoff renew = (la->la_asked == 0 || la->la_expire != time_uptime); 38008aadfbbSJonathan Lemon /* 381df8bae1dSRodney W. Grimes * There is an arptab entry, but no ethernet address 382e162ea60SGeorge V. Neville-Neil * response yet. Add the mbuf to the list, dropping 383e162ea60SGeorge V. Neville-Neil * the oldest packet if we have exceeded the system 384e162ea60SGeorge V. Neville-Neil * setting. 385df8bae1dSRodney W. Grimes */ 3866e6b3f7cSQing Li if (m != NULL) { 387e162ea60SGeorge V. Neville-Neil if (la->la_numheld >= V_arp_maxhold) { 38854fc657dSGeorge V. Neville-Neil if (la->la_hold != NULL) { 389e162ea60SGeorge V. Neville-Neil next = la->la_hold->m_nextpkt; 390df8bae1dSRodney W. Grimes m_freem(la->la_hold); 391e162ea60SGeorge V. Neville-Neil la->la_hold = next; 392e162ea60SGeorge V. Neville-Neil la->la_numheld--; 39354fc657dSGeorge V. Neville-Neil ARPSTAT_INC(dropped); 39454fc657dSGeorge V. Neville-Neil } 395e162ea60SGeorge V. Neville-Neil } 396e162ea60SGeorge V. Neville-Neil if (la->la_hold != NULL) { 397e162ea60SGeorge V. Neville-Neil curr = la->la_hold; 398e162ea60SGeorge V. Neville-Neil while (curr->m_nextpkt != NULL) 399e162ea60SGeorge V. Neville-Neil curr = curr->m_nextpkt; 400e162ea60SGeorge V. Neville-Neil curr->m_nextpkt = m; 401e162ea60SGeorge V. Neville-Neil } else 402df8bae1dSRodney W. Grimes la->la_hold = m; 403e162ea60SGeorge V. Neville-Neil la->la_numheld++; 4046e6b3f7cSQing Li } 405e1ff74c5SGleb Smirnoff /* 406e1ff74c5SGleb Smirnoff * Return EWOULDBLOCK if we have tried less than arp_maxtries. It 407e1ff74c5SGleb Smirnoff * will be masked by ether_output(). Return EHOSTDOWN/EHOSTUNREACH 408e1ff74c5SGleb Smirnoff * if we have already sent arp_maxtries ARP requests. Retransmit the 409e1ff74c5SGleb Smirnoff * ARP request, but not faster than one request per second. 410e1ff74c5SGleb Smirnoff */ 411603724d3SBjoern A. Zeeb if (la->la_asked < V_arp_maxtries) 412e1ff74c5SGleb Smirnoff error = EWOULDBLOCK; /* First request. */ 413e1ff74c5SGleb Smirnoff else 41474860d4fSAlexander V. Chernikov error = is_gw != 0 ? EHOSTUNREACH : EHOSTDOWN; 415e1ff74c5SGleb Smirnoff 4166e6b3f7cSQing Li if (renew) { 417becba438SBjoern A. Zeeb int canceled; 418becba438SBjoern A. Zeeb 4196e6b3f7cSQing Li LLE_ADDREF(la); 420a98c06f1SGleb Smirnoff la->la_expire = time_uptime; 4210447c136SAlexander V. Chernikov canceled = callout_reset(&la->lle_timer, hz * V_arpt_down, 422becba438SBjoern A. Zeeb arptimer, la); 423becba438SBjoern A. Zeeb if (canceled) 424becba438SBjoern A. Zeeb LLE_REMREF(la); 42595ebcabeSMaxim Konovalov la->la_asked++; 4266e6b3f7cSQing Li LLE_WUNLOCK(la); 427aa24ae3cSGleb Smirnoff arprequest(ifp, NULL, &SIN(dst)->sin_addr, NULL); 4286e6b3f7cSQing Li return (error); 4296e6b3f7cSQing Li } 430512e30efSAlexander V. Chernikov 4316e6b3f7cSQing Li LLE_WUNLOCK(la); 432e1ff74c5SGleb Smirnoff return (error); 433df8bae1dSRodney W. Grimes } 434df8bae1dSRodney W. Grimes 435df8bae1dSRodney W. Grimes /* 436512e30efSAlexander V. Chernikov * Resolve an IP address into an ethernet address. 437512e30efSAlexander V. Chernikov * On input: 438512e30efSAlexander V. Chernikov * ifp is the interface we use 439512e30efSAlexander V. Chernikov * is_gw != 0 if @dst represents gateway to some destination 440512e30efSAlexander V. Chernikov * m is the mbuf. May be NULL if we don't have a packet. 441512e30efSAlexander V. Chernikov * dst is the next hop, 442512e30efSAlexander V. Chernikov * desten is the storage to put LL address. 443512e30efSAlexander V. Chernikov * flags returns lle entry flags. 444512e30efSAlexander V. Chernikov * 445512e30efSAlexander V. Chernikov * On success, desten and flags are filled in and the function returns 0; 446512e30efSAlexander V. Chernikov * If the packet must be held pending resolution, we return EWOULDBLOCK 447512e30efSAlexander V. Chernikov * On other errors, we return the corresponding error code. 448512e30efSAlexander V. Chernikov * Note that m_freem() handles NULL. 449512e30efSAlexander V. Chernikov */ 450512e30efSAlexander V. Chernikov int 451512e30efSAlexander V. Chernikov arpresolve(struct ifnet *ifp, int is_gw, struct mbuf *m, 452512e30efSAlexander V. Chernikov const struct sockaddr *dst, u_char *desten, uint32_t *pflags) 453512e30efSAlexander V. Chernikov { 454512e30efSAlexander V. Chernikov struct llentry *la = 0; 455512e30efSAlexander V. Chernikov int renew; 456512e30efSAlexander V. Chernikov 457512e30efSAlexander V. Chernikov if (pflags != NULL) 458512e30efSAlexander V. Chernikov *pflags = 0; 459512e30efSAlexander V. Chernikov 460512e30efSAlexander V. Chernikov if (m != NULL) { 461512e30efSAlexander V. Chernikov if (m->m_flags & M_BCAST) { 462512e30efSAlexander V. Chernikov /* broadcast */ 463512e30efSAlexander V. Chernikov (void)memcpy(desten, 464512e30efSAlexander V. Chernikov ifp->if_broadcastaddr, ifp->if_addrlen); 465512e30efSAlexander V. Chernikov return (0); 466512e30efSAlexander V. Chernikov } 467512e30efSAlexander V. Chernikov if (m->m_flags & M_MCAST) { 468512e30efSAlexander V. Chernikov /* multicast */ 469512e30efSAlexander V. Chernikov ETHER_MAP_IP_MULTICAST(&SIN(dst)->sin_addr, desten); 470512e30efSAlexander V. Chernikov return (0); 471512e30efSAlexander V. Chernikov } 472512e30efSAlexander V. Chernikov } 473512e30efSAlexander V. Chernikov 474512e30efSAlexander V. Chernikov IF_AFDATA_RLOCK(ifp); 475512e30efSAlexander V. Chernikov la = lla_lookup(LLTABLE(ifp), 0, dst); 476512e30efSAlexander V. Chernikov IF_AFDATA_RUNLOCK(ifp); 477512e30efSAlexander V. Chernikov 478512e30efSAlexander V. Chernikov if (la == NULL) 479512e30efSAlexander V. Chernikov return (arpresolve_full(ifp, is_gw, 1, m, dst, desten, pflags)); 480512e30efSAlexander V. Chernikov 481512e30efSAlexander V. Chernikov if ((la->la_flags & LLE_VALID) && 482512e30efSAlexander V. Chernikov ((la->la_flags & LLE_STATIC) || la->la_expire > time_uptime)) { 483512e30efSAlexander V. Chernikov bcopy(&la->ll_addr, desten, ifp->if_addrlen); 484512e30efSAlexander V. Chernikov renew = 0; 485512e30efSAlexander V. Chernikov /* 486512e30efSAlexander V. Chernikov * If entry has an expiry time and it is approaching, 487512e30efSAlexander V. Chernikov * see if we need to send an ARP request within this 488512e30efSAlexander V. Chernikov * arpt_down interval. 489512e30efSAlexander V. Chernikov */ 490512e30efSAlexander V. Chernikov if (!(la->la_flags & LLE_STATIC) && 491512e30efSAlexander V. Chernikov time_uptime + la->la_preempt > la->la_expire) { 492512e30efSAlexander V. Chernikov renew = 1; 493512e30efSAlexander V. Chernikov la->la_preempt--; 494512e30efSAlexander V. Chernikov } 495512e30efSAlexander V. Chernikov 496512e30efSAlexander V. Chernikov if (pflags != NULL) 497512e30efSAlexander V. Chernikov *pflags = la->la_flags; 498512e30efSAlexander V. Chernikov 499512e30efSAlexander V. Chernikov LLE_RUNLOCK(la); 500512e30efSAlexander V. Chernikov 501512e30efSAlexander V. Chernikov if (renew == 1) 502512e30efSAlexander V. Chernikov arprequest(ifp, NULL, &SIN(dst)->sin_addr, NULL); 503512e30efSAlexander V. Chernikov 504512e30efSAlexander V. Chernikov return (0); 505512e30efSAlexander V. Chernikov } 506512e30efSAlexander V. Chernikov LLE_RUNLOCK(la); 507512e30efSAlexander V. Chernikov 508512e30efSAlexander V. Chernikov return (arpresolve_full(ifp, is_gw, 0, m, dst, desten, pflags)); 509512e30efSAlexander V. Chernikov } 510512e30efSAlexander V. Chernikov 511512e30efSAlexander V. Chernikov /* 512df8bae1dSRodney W. Grimes * Common length and type checks are done here, 513df8bae1dSRodney W. Grimes * then the protocol-specific routine is called. 514df8bae1dSRodney W. Grimes */ 515885f1aa4SPoul-Henning Kamp static void 5161cafed39SJonathan Lemon arpintr(struct mbuf *m) 517df8bae1dSRodney W. Grimes { 5181cafed39SJonathan Lemon struct arphdr *ar; 519eec33ea0SAlexander V. Chernikov struct ifnet *ifp; 520deb6bda6SAlexander V. Chernikov char *layer; 521deb6bda6SAlexander V. Chernikov int hlen; 522df8bae1dSRodney W. Grimes 523eec33ea0SAlexander V. Chernikov ifp = m->m_pkthdr.rcvif; 524eec33ea0SAlexander V. Chernikov 52576ec7b2fSRobert Watson if (m->m_len < sizeof(struct arphdr) && 52684365e2bSMatthew Dillon ((m = m_pullup(m, sizeof(struct arphdr))) == NULL)) { 527eec33ea0SAlexander V. Chernikov ARP_LOG(LOG_NOTICE, "packet with short header received on %s\n", 528eec33ea0SAlexander V. Chernikov if_name(ifp)); 5291cafed39SJonathan Lemon return; 53076ec7b2fSRobert Watson } 53176ec7b2fSRobert Watson ar = mtod(m, struct arphdr *); 53276ec7b2fSRobert Watson 533deb6bda6SAlexander V. Chernikov /* Check if length is sufficient */ 53489bc0426SGleb Smirnoff if (m->m_len < arphdr_len(ar)) { 53589bc0426SGleb Smirnoff m = m_pullup(m, arphdr_len(ar)); 53689bc0426SGleb Smirnoff if (m == NULL) { 537eec33ea0SAlexander V. Chernikov ARP_LOG(LOG_NOTICE, "short packet received on %s\n", 538eec33ea0SAlexander V. Chernikov if_name(ifp)); 539deb6bda6SAlexander V. Chernikov return; 540deb6bda6SAlexander V. Chernikov } 541deb6bda6SAlexander V. Chernikov ar = mtod(m, struct arphdr *); 54289bc0426SGleb Smirnoff } 543deb6bda6SAlexander V. Chernikov 544deb6bda6SAlexander V. Chernikov hlen = 0; 545deb6bda6SAlexander V. Chernikov layer = ""; 546deb6bda6SAlexander V. Chernikov switch (ntohs(ar->ar_hrd)) { 547deb6bda6SAlexander V. Chernikov case ARPHRD_ETHER: 548deb6bda6SAlexander V. Chernikov hlen = ETHER_ADDR_LEN; /* RFC 826 */ 549deb6bda6SAlexander V. Chernikov layer = "ethernet"; 550deb6bda6SAlexander V. Chernikov break; 551deb6bda6SAlexander V. Chernikov case ARPHRD_IEEE802: 552deb6bda6SAlexander V. Chernikov hlen = 6; /* RFC 1390, FDDI_ADDR_LEN */ 553deb6bda6SAlexander V. Chernikov layer = "fddi"; 554deb6bda6SAlexander V. Chernikov break; 555deb6bda6SAlexander V. Chernikov case ARPHRD_ARCNET: 556deb6bda6SAlexander V. Chernikov hlen = 1; /* RFC 1201, ARC_ADDR_LEN */ 557deb6bda6SAlexander V. Chernikov layer = "arcnet"; 558deb6bda6SAlexander V. Chernikov break; 559deb6bda6SAlexander V. Chernikov case ARPHRD_INFINIBAND: 560deb6bda6SAlexander V. Chernikov hlen = 20; /* RFC 4391, INFINIBAND_ALEN */ 561deb6bda6SAlexander V. Chernikov layer = "infiniband"; 562deb6bda6SAlexander V. Chernikov break; 563deb6bda6SAlexander V. Chernikov case ARPHRD_IEEE1394: 564deb6bda6SAlexander V. Chernikov hlen = 0; /* SHALL be 16 */ /* RFC 2734 */ 565deb6bda6SAlexander V. Chernikov layer = "firewire"; 566deb6bda6SAlexander V. Chernikov 567deb6bda6SAlexander V. Chernikov /* 568deb6bda6SAlexander V. Chernikov * Restrict too long harware addresses. 569deb6bda6SAlexander V. Chernikov * Currently we are capable of handling 20-byte 570deb6bda6SAlexander V. Chernikov * addresses ( sizeof(lle->ll_addr) ) 571deb6bda6SAlexander V. Chernikov */ 572deb6bda6SAlexander V. Chernikov if (ar->ar_hln >= 20) 573deb6bda6SAlexander V. Chernikov hlen = 16; 574deb6bda6SAlexander V. Chernikov break; 575deb6bda6SAlexander V. Chernikov default: 576eec33ea0SAlexander V. Chernikov ARP_LOG(LOG_NOTICE, 577eec33ea0SAlexander V. Chernikov "packet with unknown harware format 0x%02d received on %s\n", 578eec33ea0SAlexander V. Chernikov ntohs(ar->ar_hrd), if_name(ifp)); 57976ec7b2fSRobert Watson m_freem(m); 5801cafed39SJonathan Lemon return; 58176ec7b2fSRobert Watson } 58276ec7b2fSRobert Watson 583deb6bda6SAlexander V. Chernikov if (hlen != 0 && hlen != ar->ar_hln) { 584eec33ea0SAlexander V. Chernikov ARP_LOG(LOG_NOTICE, 585eec33ea0SAlexander V. Chernikov "packet with invalid %s address length %d received on %s\n", 586eec33ea0SAlexander V. Chernikov layer, ar->ar_hln, if_name(ifp)); 58776ec7b2fSRobert Watson m_freem(m); 5881cafed39SJonathan Lemon return; 58976ec7b2fSRobert Watson } 590df8bae1dSRodney W. Grimes 59154fc657dSGeorge V. Neville-Neil ARPSTAT_INC(received); 592df8bae1dSRodney W. Grimes switch (ntohs(ar->ar_pro)) { 5931d5e9e22SEivind Eklund #ifdef INET 594df8bae1dSRodney W. Grimes case ETHERTYPE_IP: 595df8bae1dSRodney W. Grimes in_arpinput(m); 5961cafed39SJonathan Lemon return; 5971d5e9e22SEivind Eklund #endif 598df8bae1dSRodney W. Grimes } 599df8bae1dSRodney W. Grimes m_freem(m); 600df8bae1dSRodney W. Grimes } 601df8bae1dSRodney W. Grimes 6021d5e9e22SEivind Eklund #ifdef INET 603df8bae1dSRodney W. Grimes /* 604df8bae1dSRodney W. Grimes * ARP for Internet protocols on 10 Mb/s Ethernet. 605df8bae1dSRodney W. Grimes * Algorithm is that given in RFC 826. 606df8bae1dSRodney W. Grimes * In addition, a sanity check is performed on the sender 607df8bae1dSRodney W. Grimes * protocol address, to catch impersonators. 608df8bae1dSRodney W. Grimes * We no longer handle negotiations for use of trailer protocol: 609df8bae1dSRodney W. Grimes * Formerly, ARP replied for protocol type ETHERTYPE_TRAIL sent 610df8bae1dSRodney W. Grimes * along with IP replies if we wanted trailers sent to us, 611df8bae1dSRodney W. Grimes * and also sent them in response to IP replies. 612df8bae1dSRodney W. Grimes * This allowed either end to announce the desire to receive 613df8bae1dSRodney W. Grimes * trailer packets. 614df8bae1dSRodney W. Grimes * We no longer reply to requests for ETHERTYPE_TRAIL protocol either, 615df8bae1dSRodney W. Grimes * but formerly didn't normally send requests. 616df8bae1dSRodney W. Grimes */ 6173269187dSAlfred Perlstein static int log_arp_wrong_iface = 1; 618e3d123d6SAlfred Perlstein static int log_arp_movements = 1; 61939393906SGleb Smirnoff static int log_arp_permanent_modify = 1; 620478df1d5SGleb Smirnoff static int allow_multicast = 0; 6213269187dSAlfred Perlstein 6223269187dSAlfred Perlstein SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_wrong_iface, CTLFLAG_RW, 6233269187dSAlfred Perlstein &log_arp_wrong_iface, 0, 6243269187dSAlfred Perlstein "log arp packets arriving on the wrong interface"); 625e3d123d6SAlfred Perlstein SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_movements, CTLFLAG_RW, 626e3d123d6SAlfred Perlstein &log_arp_movements, 0, 62775ce3221SAlfred Perlstein "log arp replies from MACs different than the one in the cache"); 62839393906SGleb Smirnoff SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_permanent_modify, CTLFLAG_RW, 62939393906SGleb Smirnoff &log_arp_permanent_modify, 0, 63039393906SGleb Smirnoff "log arp replies from MACs different than the one in the permanent arp entry"); 631478df1d5SGleb Smirnoff SYSCTL_INT(_net_link_ether_inet, OID_AUTO, allow_multicast, CTLFLAG_RW, 632478df1d5SGleb Smirnoff &allow_multicast, 0, "accept multicast addresses"); 6333269187dSAlfred Perlstein 634df8bae1dSRodney W. Grimes static void 635f2565d68SRobert Watson in_arpinput(struct mbuf *m) 636df8bae1dSRodney W. Grimes { 637cc0a3c8cSAndrey V. Elsukov struct rm_priotracker in_ifa_tracker; 638e952fa39SMatthew N. Dodd struct arphdr *ah; 639e952fa39SMatthew N. Dodd struct ifnet *ifp = m->m_pkthdr.rcvif; 6405a255516SAlexander V. Chernikov struct llentry *la = NULL, *la_tmp; 641e952fa39SMatthew N. Dodd struct rtentry *rt; 642ca925d9cSJonathan Lemon struct ifaddr *ifa; 643ca925d9cSJonathan Lemon struct in_ifaddr *ia; 644df8bae1dSRodney W. Grimes struct sockaddr sa; 645df8bae1dSRodney W. Grimes struct in_addr isaddr, itaddr, myaddr; 646a9771948SGleb Smirnoff u_int8_t *enaddr = NULL; 647f3bfa7d1SAlexander V. Chernikov int op; 64880b11ee4SPhilip Paeps int bridged = 0, is_bridge = 0; 649f3bfa7d1SAlexander V. Chernikov int carped; 6508e7e854cSKip Macy struct sockaddr_in sin; 6515a255516SAlexander V. Chernikov struct sockaddr *dst; 6528e7e854cSKip Macy sin.sin_len = sizeof(struct sockaddr_in); 6538e7e854cSKip Macy sin.sin_family = AF_INET; 65429910a5aSKip Macy sin.sin_addr.s_addr = 0; 655df8bae1dSRodney W. Grimes 65674948aa6SAndrew Thompson if (ifp->if_bridge) 6578f867517SAndrew Thompson bridged = 1; 65880b11ee4SPhilip Paeps if (ifp->if_type == IFT_BRIDGE) 65980b11ee4SPhilip Paeps is_bridge = 1; 6608f867517SAndrew Thompson 661eec33ea0SAlexander V. Chernikov /* 662eec33ea0SAlexander V. Chernikov * We already have checked that mbuf contains enough contiguous data 663eec33ea0SAlexander V. Chernikov * to hold entire arp message according to the arp header. 664eec33ea0SAlexander V. Chernikov */ 665322dcb8dSMax Khon ah = mtod(m, struct arphdr *); 666eec33ea0SAlexander V. Chernikov 66709d3f895SGeorge V. Neville-Neil /* 66809d3f895SGeorge V. Neville-Neil * ARP is only for IPv4 so we can reject packets with 66909d3f895SGeorge V. Neville-Neil * a protocol length not equal to an IPv4 address. 67009d3f895SGeorge V. Neville-Neil */ 67109d3f895SGeorge V. Neville-Neil if (ah->ar_pln != sizeof(struct in_addr)) { 6725d81d095SGleb Smirnoff ARP_LOG(LOG_NOTICE, "requested protocol length != %zu\n", 67309d3f895SGeorge V. Neville-Neil sizeof(struct in_addr)); 674414676baSGleb Smirnoff goto drop; 67509d3f895SGeorge V. Neville-Neil } 67609d3f895SGeorge V. Neville-Neil 677478df1d5SGleb Smirnoff if (allow_multicast == 0 && ETHER_IS_MULTICAST(ar_sha(ah))) { 6785d81d095SGleb Smirnoff ARP_LOG(LOG_NOTICE, "%*D is multicast\n", 679c9168718SGleb Smirnoff ifp->if_addrlen, (u_char *)ar_sha(ah), ":"); 680414676baSGleb Smirnoff goto drop; 68109d3f895SGeorge V. Neville-Neil } 68209d3f895SGeorge V. Neville-Neil 683322dcb8dSMax Khon op = ntohs(ah->ar_op); 684322dcb8dSMax Khon (void)memcpy(&isaddr, ar_spa(ah), sizeof (isaddr)); 685322dcb8dSMax Khon (void)memcpy(&itaddr, ar_tpa(ah), sizeof (itaddr)); 68632439868SGleb Smirnoff 68754fc657dSGeorge V. Neville-Neil if (op == ARPOP_REPLY) 68854fc657dSGeorge V. Neville-Neil ARPSTAT_INC(rxreplies); 68954fc657dSGeorge V. Neville-Neil 690ca925d9cSJonathan Lemon /* 691ca925d9cSJonathan Lemon * For a bridge, we want to check the address irrespective 692ca925d9cSJonathan Lemon * of the receive interface. (This will change slightly 693ca925d9cSJonathan Lemon * when we have clusters of interfaces). 694ca925d9cSJonathan Lemon */ 695cc0a3c8cSAndrey V. Elsukov IN_IFADDR_RLOCK(&in_ifa_tracker); 6962ef4a436SGleb Smirnoff LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash) { 69796561547SAndrew Thompson if (((bridged && ia->ia_ifp->if_bridge == ifp->if_bridge) || 6986e6b3f7cSQing Li ia->ia_ifp == ifp) && 69908b68b0eSGleb Smirnoff itaddr.s_addr == ia->ia_addr.sin_addr.s_addr && 70008b68b0eSGleb Smirnoff (ia->ia_ifa.ifa_carp == NULL || 70108b68b0eSGleb Smirnoff (*carp_iamatch_p)(&ia->ia_ifa, &enaddr))) { 70209d54778SRobert Watson ifa_ref(&ia->ia_ifa); 703cc0a3c8cSAndrey V. Elsukov IN_IFADDR_RUNLOCK(&in_ifa_tracker); 7042ef4a436SGleb Smirnoff goto match; 7052ef4a436SGleb Smirnoff } 7062ef4a436SGleb Smirnoff } 707ca925d9cSJonathan Lemon LIST_FOREACH(ia, INADDR_HASH(isaddr.s_addr), ia_hash) 70896561547SAndrew Thompson if (((bridged && ia->ia_ifp->if_bridge == ifp->if_bridge) || 7096e6b3f7cSQing Li ia->ia_ifp == ifp) && 71009d54778SRobert Watson isaddr.s_addr == ia->ia_addr.sin_addr.s_addr) { 71109d54778SRobert Watson ifa_ref(&ia->ia_ifa); 712cc0a3c8cSAndrey V. Elsukov IN_IFADDR_RUNLOCK(&in_ifa_tracker); 713ca925d9cSJonathan Lemon goto match; 71409d54778SRobert Watson } 71580b11ee4SPhilip Paeps 71680b11ee4SPhilip Paeps #define BDG_MEMBER_MATCHES_ARP(addr, ifp, ia) \ 71780b11ee4SPhilip Paeps (ia->ia_ifp->if_bridge == ifp->if_softc && \ 71880b11ee4SPhilip Paeps !bcmp(IF_LLADDR(ia->ia_ifp), IF_LLADDR(ifp), ifp->if_addrlen) && \ 71980b11ee4SPhilip Paeps addr == ia->ia_addr.sin_addr.s_addr) 72080b11ee4SPhilip Paeps /* 72180b11ee4SPhilip Paeps * Check the case when bridge shares its MAC address with 72280b11ee4SPhilip Paeps * some of its children, so packets are claimed by bridge 72380b11ee4SPhilip Paeps * itself (bridge_input() does it first), but they are really 72480b11ee4SPhilip Paeps * meant to be destined to the bridge member. 72580b11ee4SPhilip Paeps */ 72680b11ee4SPhilip Paeps if (is_bridge) { 72780b11ee4SPhilip Paeps LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash) { 72880b11ee4SPhilip Paeps if (BDG_MEMBER_MATCHES_ARP(itaddr.s_addr, ifp, ia)) { 72909d54778SRobert Watson ifa_ref(&ia->ia_ifa); 73080b11ee4SPhilip Paeps ifp = ia->ia_ifp; 731cc0a3c8cSAndrey V. Elsukov IN_IFADDR_RUNLOCK(&in_ifa_tracker); 73280b11ee4SPhilip Paeps goto match; 73380b11ee4SPhilip Paeps } 73480b11ee4SPhilip Paeps } 73580b11ee4SPhilip Paeps } 73680b11ee4SPhilip Paeps #undef BDG_MEMBER_MATCHES_ARP 737cc0a3c8cSAndrey V. Elsukov IN_IFADDR_RUNLOCK(&in_ifa_tracker); 73880b11ee4SPhilip Paeps 739ca925d9cSJonathan Lemon /* 740d8b84d9eSJonathan Lemon * No match, use the first inet address on the receive interface 741ca925d9cSJonathan Lemon * as a dummy address for the rest of the function. 742ca925d9cSJonathan Lemon */ 743137f91e8SJohn Baldwin IF_ADDR_RLOCK(ifp); 744d8b84d9eSJonathan Lemon TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 7459de96e89SGleb Smirnoff if (ifa->ifa_addr->sa_family == AF_INET && 7469de96e89SGleb Smirnoff (ifa->ifa_carp == NULL || 7479de96e89SGleb Smirnoff (*carp_iamatch_p)(ifa, &enaddr))) { 748ec691a10SJonathan Lemon ia = ifatoia(ifa); 74909d54778SRobert Watson ifa_ref(ifa); 750137f91e8SJohn Baldwin IF_ADDR_RUNLOCK(ifp); 751ec691a10SJonathan Lemon goto match; 752ec691a10SJonathan Lemon } 753137f91e8SJohn Baldwin IF_ADDR_RUNLOCK(ifp); 75409d54778SRobert Watson 755ec691a10SJonathan Lemon /* 756ec691a10SJonathan Lemon * If bridging, fall back to using any inet address. 757ec691a10SJonathan Lemon */ 758cc0a3c8cSAndrey V. Elsukov IN_IFADDR_RLOCK(&in_ifa_tracker); 7592d9cfabaSRobert Watson if (!bridged || (ia = TAILQ_FIRST(&V_in_ifaddrhead)) == NULL) { 760cc0a3c8cSAndrey V. Elsukov IN_IFADDR_RUNLOCK(&in_ifa_tracker); 761b2a8ac7cSLuigi Rizzo goto drop; 7622d9cfabaSRobert Watson } 76309d54778SRobert Watson ifa_ref(&ia->ia_ifa); 764cc0a3c8cSAndrey V. Elsukov IN_IFADDR_RUNLOCK(&in_ifa_tracker); 765ca925d9cSJonathan Lemon match: 766a9771948SGleb Smirnoff if (!enaddr) 767a9771948SGleb Smirnoff enaddr = (u_int8_t *)IF_LLADDR(ifp); 76808b68b0eSGleb Smirnoff carped = (ia->ia_ifa.ifa_carp != NULL); 769ca925d9cSJonathan Lemon myaddr = ia->ia_addr.sin_addr; 77009d54778SRobert Watson ifa_free(&ia->ia_ifa); 771a9771948SGleb Smirnoff if (!bcmp(ar_sha(ah), enaddr, ifp->if_addrlen)) 772b2a8ac7cSLuigi Rizzo goto drop; /* it's from me, ignore it. */ 773322dcb8dSMax Khon if (!bcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) { 7745d81d095SGleb Smirnoff ARP_LOG(LOG_NOTICE, "link address is broadcast for IP address " 7755d81d095SGleb Smirnoff "%s!\n", inet_ntoa(isaddr)); 776b2a8ac7cSLuigi Rizzo goto drop; 777df8bae1dSRodney W. Grimes } 778f3bfa7d1SAlexander V. Chernikov 779f3bfa7d1SAlexander V. Chernikov if (ifp->if_addrlen != ah->ar_hln) { 780f3bfa7d1SAlexander V. Chernikov ARP_LOG(LOG_WARNING, "from %*D: addr len: new %d, " 781f3bfa7d1SAlexander V. Chernikov "i/f %d (ignored)\n", ifp->if_addrlen, 782f3bfa7d1SAlexander V. Chernikov (u_char *) ar_sha(ah), ":", ah->ar_hln, 783f3bfa7d1SAlexander V. Chernikov ifp->if_addrlen); 784f3bfa7d1SAlexander V. Chernikov goto drop; 785f3bfa7d1SAlexander V. Chernikov } 786f3bfa7d1SAlexander V. Chernikov 78700fcf9d1SRobert Watson /* 78800fcf9d1SRobert Watson * Warn if another host is using the same IP address, but only if the 78900fcf9d1SRobert Watson * IP address isn't 0.0.0.0, which is used for DHCP only, in which 79000fcf9d1SRobert Watson * case we suppress the warning to avoid false positive complaints of 79100fcf9d1SRobert Watson * potential misconfiguration. 79200fcf9d1SRobert Watson */ 79308b68b0eSGleb Smirnoff if (!bridged && !carped && isaddr.s_addr == myaddr.s_addr && 79408b68b0eSGleb Smirnoff myaddr.s_addr != 0) { 7955d81d095SGleb Smirnoff ARP_LOG(LOG_ERR, "%*D is using my IP address %s on %s!\n", 796322dcb8dSMax Khon ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 7973affb6fbSYaroslav Tykhiy inet_ntoa(isaddr), ifp->if_xname); 798df8bae1dSRodney W. Grimes itaddr = myaddr; 79954fc657dSGeorge V. Neville-Neil ARPSTAT_INC(dupips); 800df8bae1dSRodney W. Grimes goto reply; 801df8bae1dSRodney W. Grimes } 802deb62e28SRuslan Ermilov if (ifp->if_flags & IFF_STATICARP) 803deb62e28SRuslan Ermilov goto reply; 8048b07e49aSJulian Elischer 8056e6b3f7cSQing Li bzero(&sin, sizeof(sin)); 8066e6b3f7cSQing Li sin.sin_len = sizeof(struct sockaddr_in); 8076e6b3f7cSQing Li sin.sin_family = AF_INET; 8086e6b3f7cSQing Li sin.sin_addr = isaddr; 8095a255516SAlexander V. Chernikov dst = (struct sockaddr *)&sin; 810f3bfa7d1SAlexander V. Chernikov IF_AFDATA_RLOCK(ifp); 8115a255516SAlexander V. Chernikov la = lla_lookup(LLTABLE(ifp), LLE_EXCLUSIVE, dst); 812f3bfa7d1SAlexander V. Chernikov IF_AFDATA_RUNLOCK(ifp); 813f3bfa7d1SAlexander V. Chernikov if (la != NULL) 814f3bfa7d1SAlexander V. Chernikov arp_check_update_lle(ah, isaddr, ifp, bridged, la); 815f3bfa7d1SAlexander V. Chernikov else if (itaddr.s_addr == myaddr.s_addr) { 816e162ea60SGeorge V. Neville-Neil /* 817f3bfa7d1SAlexander V. Chernikov * Reply to our address, but no lle exists yet. 818f3bfa7d1SAlexander V. Chernikov * do we really have to create an entry? 819e162ea60SGeorge V. Neville-Neil */ 8205a255516SAlexander V. Chernikov la = lltable_alloc_entry(LLTABLE(ifp), 0, dst); 8215a255516SAlexander V. Chernikov if (la == NULL) 8225a255516SAlexander V. Chernikov goto drop; 823ddd208f7SAlexander V. Chernikov lltable_set_entry_addr(ifp, la, ar_sha(ah)); 8245a255516SAlexander V. Chernikov 8255a255516SAlexander V. Chernikov IF_AFDATA_WLOCK(ifp); 8265a255516SAlexander V. Chernikov LLE_WLOCK(la); 8275a255516SAlexander V. Chernikov la_tmp = lla_lookup(LLTABLE(ifp), LLE_EXCLUSIVE, dst); 8285a255516SAlexander V. Chernikov 8295a255516SAlexander V. Chernikov /* 8305a255516SAlexander V. Chernikov * Check if lle still does not exists. 8315a255516SAlexander V. Chernikov * If it does, that means that we either 8325a255516SAlexander V. Chernikov * 1) have configured it explicitly, via 8335a255516SAlexander V. Chernikov * 1a) 'arp -s' static entry or 8345a255516SAlexander V. Chernikov * 1b) interface address static record 8355a255516SAlexander V. Chernikov * or 8365a255516SAlexander V. Chernikov * 2) it was the result of sending first packet to-host 8375a255516SAlexander V. Chernikov * or 8385a255516SAlexander V. Chernikov * 3) it was another arp reply packet we handled in 8395a255516SAlexander V. Chernikov * different thread. 8405a255516SAlexander V. Chernikov * 8415a255516SAlexander V. Chernikov * In all cases except 3) we definitely need to prefer 8425a255516SAlexander V. Chernikov * existing lle. For the sake of simplicity, prefer any 8435a255516SAlexander V. Chernikov * existing lle over newly-create one. 8445a255516SAlexander V. Chernikov */ 8455a255516SAlexander V. Chernikov if (la_tmp == NULL) 8465a255516SAlexander V. Chernikov lltable_link_entry(LLTABLE(ifp), la); 847f3bfa7d1SAlexander V. Chernikov IF_AFDATA_WUNLOCK(ifp); 8485a255516SAlexander V. Chernikov 8495a255516SAlexander V. Chernikov if (la_tmp == NULL) { 850f3bfa7d1SAlexander V. Chernikov arp_mark_lle_reachable(la); 851e162ea60SGeorge V. Neville-Neil LLE_WUNLOCK(la); 8525a255516SAlexander V. Chernikov } else { 8535a255516SAlexander V. Chernikov /* Free newly-create entry and handle packet */ 8545a255516SAlexander V. Chernikov lltable_free_entry(LLTABLE(ifp), la); 8555a255516SAlexander V. Chernikov la = la_tmp; 8565a255516SAlexander V. Chernikov la_tmp = NULL; 8575a255516SAlexander V. Chernikov arp_check_update_lle(ah, isaddr, ifp, bridged, la); 8585a255516SAlexander V. Chernikov /* arp_check_update_lle() returns @la unlocked */ 859f4048639SBjoern A. Zeeb } 8605a255516SAlexander V. Chernikov la = NULL; 861a4141c63SAlexander V. Chernikov } 8626e6b3f7cSQing Li reply: 863b2a8ac7cSLuigi Rizzo if (op != ARPOP_REQUEST) 864b2a8ac7cSLuigi Rizzo goto drop; 86554fc657dSGeorge V. Neville-Neil ARPSTAT_INC(rxrequests); 8666e6b3f7cSQing Li 867df8bae1dSRodney W. Grimes if (itaddr.s_addr == myaddr.s_addr) { 8688b07e49aSJulian Elischer /* Shortcut.. the receiving interface is the target. */ 869322dcb8dSMax Khon (void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 870a9771948SGleb Smirnoff (void)memcpy(ar_sha(ah), enaddr, ah->ar_hln); 871df8bae1dSRodney W. Grimes } else { 872897d75c9SQing Li struct llentry *lle = NULL; 873897d75c9SQing Li 874cd29a779SQing Li sin.sin_addr = itaddr; 875ea0c3776SAndrey V. Elsukov IF_AFDATA_RLOCK(ifp); 876cd29a779SQing Li lle = lla_lookup(LLTABLE(ifp), 0, (struct sockaddr *)&sin); 877ea0c3776SAndrey V. Elsukov IF_AFDATA_RUNLOCK(ifp); 878cd29a779SQing Li 879cd29a779SQing Li if ((lle != NULL) && (lle->la_flags & LLE_PUB)) { 880cd29a779SQing Li (void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 881cd29a779SQing Li (void)memcpy(ar_sha(ah), &lle->ll_addr, ah->ar_hln); 882cd29a779SQing Li LLE_RUNLOCK(lle); 883cd29a779SQing Li } else { 884cd29a779SQing Li 885cd29a779SQing Li if (lle != NULL) 886cd29a779SQing Li LLE_RUNLOCK(lle); 887cd29a779SQing Li 888603724d3SBjoern A. Zeeb if (!V_arp_proxyall) 889b2a8ac7cSLuigi Rizzo goto drop; 89028e82295SGarrett Wollman 89128e82295SGarrett Wollman sin.sin_addr = itaddr; 8928b07e49aSJulian Elischer /* XXX MRT use table 0 for arp reply */ 8938b07e49aSJulian Elischer rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, 0); 894b2a8ac7cSLuigi Rizzo if (!rt) 895b2a8ac7cSLuigi Rizzo goto drop; 896897d75c9SQing Li 89728e82295SGarrett Wollman /* 89828e82295SGarrett Wollman * Don't send proxies for nodes on the same interface 89928e82295SGarrett Wollman * as this one came out of, or we'll get into a fight 90028e82295SGarrett Wollman * over who claims what Ether address. 90128e82295SGarrett Wollman */ 902897d75c9SQing Li if (!rt->rt_ifp || rt->rt_ifp == ifp) { 9034e57bc33SChristian S.J. Peron RTFREE_LOCKED(rt); 904b2a8ac7cSLuigi Rizzo goto drop; 90528e82295SGarrett Wollman } 9064e57bc33SChristian S.J. Peron RTFREE_LOCKED(rt); 907cc728227SDavid Malone 908897d75c9SQing Li (void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 909cd29a779SQing Li (void)memcpy(ar_sha(ah), enaddr, ah->ar_hln); 910897d75c9SQing Li 911cc728227SDavid Malone /* 912cc728227SDavid Malone * Also check that the node which sent the ARP packet 9136bccea7cSRebecca Cran * is on the interface we expect it to be on. This 914cc728227SDavid Malone * avoids ARP chaos if an interface is connected to the 915cc728227SDavid Malone * wrong network. 916cc728227SDavid Malone */ 917cc728227SDavid Malone sin.sin_addr = isaddr; 918cc728227SDavid Malone 9198b07e49aSJulian Elischer /* XXX MRT use table 0 for arp checks */ 9208b07e49aSJulian Elischer rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, 0); 921b2a8ac7cSLuigi Rizzo if (!rt) 922b2a8ac7cSLuigi Rizzo goto drop; 923322dcb8dSMax Khon if (rt->rt_ifp != ifp) { 9245d81d095SGleb Smirnoff ARP_LOG(LOG_INFO, "proxy: ignoring request" 9259bf40edeSBrooks Davis " from %s via %s, expecting %s\n", 9269bf40edeSBrooks Davis inet_ntoa(isaddr), ifp->if_xname, 9279bf40edeSBrooks Davis rt->rt_ifp->if_xname); 9284e57bc33SChristian S.J. Peron RTFREE_LOCKED(rt); 929b2a8ac7cSLuigi Rizzo goto drop; 930cc728227SDavid Malone } 9314e57bc33SChristian S.J. Peron RTFREE_LOCKED(rt); 932cc728227SDavid Malone 933ac234f93SGarrett Wollman #ifdef DEBUG_PROXY 934ea50c13eSGleb Smirnoff printf("arp: proxying for %s\n", inet_ntoa(itaddr)); 935ac234f93SGarrett Wollman #endif 936df8bae1dSRodney W. Grimes } 937cd29a779SQing Li } 938df8bae1dSRodney W. Grimes 939d0558157SBruce M Simpson if (itaddr.s_addr == myaddr.s_addr && 940d0558157SBruce M Simpson IN_LINKLOCAL(ntohl(itaddr.s_addr))) { 941d0558157SBruce M Simpson /* RFC 3927 link-local IPv4; always reply by broadcast. */ 942d0558157SBruce M Simpson #ifdef DEBUG_LINKLOCAL 943d0558157SBruce M Simpson printf("arp: sending reply for link-local addr %s\n", 944d0558157SBruce M Simpson inet_ntoa(itaddr)); 945d0558157SBruce M Simpson #endif 946d0558157SBruce M Simpson m->m_flags |= M_BCAST; 947d0558157SBruce M Simpson m->m_flags &= ~M_MCAST; 948d0558157SBruce M Simpson } else { 949d0558157SBruce M Simpson /* default behaviour; never reply by broadcast. */ 950d0558157SBruce M Simpson m->m_flags &= ~(M_BCAST|M_MCAST); 951d0558157SBruce M Simpson } 952322dcb8dSMax Khon (void)memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln); 953322dcb8dSMax Khon (void)memcpy(ar_spa(ah), &itaddr, ah->ar_pln); 954322dcb8dSMax Khon ah->ar_op = htons(ARPOP_REPLY); 955322dcb8dSMax Khon ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */ 95664bf80ceSMatthew N. Dodd m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + (2 * ah->ar_hln); 95764bf80ceSMatthew N. Dodd m->m_pkthdr.len = m->m_len; 9582303570fSAndrey V. Elsukov m->m_pkthdr.rcvif = NULL; 95964bf80ceSMatthew N. Dodd sa.sa_family = AF_ARP; 96064bf80ceSMatthew N. Dodd sa.sa_len = 2; 96186bd0491SAndre Oppermann m_clrprotoflags(m); /* Avoid confusing lower layers. */ 962279aa3d4SKip Macy (*ifp->if_output)(ifp, m, &sa, NULL); 96354fc657dSGeorge V. Neville-Neil ARPSTAT_INC(txreplies); 964df8bae1dSRodney W. Grimes return; 965b2a8ac7cSLuigi Rizzo 966b2a8ac7cSLuigi Rizzo drop: 967b2a8ac7cSLuigi Rizzo m_freem(m); 968df8bae1dSRodney W. Grimes } 9691d5e9e22SEivind Eklund #endif 970df8bae1dSRodney W. Grimes 971f3bfa7d1SAlexander V. Chernikov /* 972f3bfa7d1SAlexander V. Chernikov * Checks received arp data against existing @la. 973f3bfa7d1SAlexander V. Chernikov * Updates lle state/performs notification if necessary. 974f3bfa7d1SAlexander V. Chernikov */ 975f3bfa7d1SAlexander V. Chernikov static void 976f3bfa7d1SAlexander V. Chernikov arp_check_update_lle(struct arphdr *ah, struct in_addr isaddr, struct ifnet *ifp, 977f3bfa7d1SAlexander V. Chernikov int bridged, struct llentry *la) 978f3bfa7d1SAlexander V. Chernikov { 979f3bfa7d1SAlexander V. Chernikov struct sockaddr sa; 980f3bfa7d1SAlexander V. Chernikov struct mbuf *m_hold, *m_hold_next; 981f3bfa7d1SAlexander V. Chernikov 982f3bfa7d1SAlexander V. Chernikov LLE_WLOCK_ASSERT(la); 983f3bfa7d1SAlexander V. Chernikov 984f3bfa7d1SAlexander V. Chernikov /* the following is not an error when doing bridging */ 985f3bfa7d1SAlexander V. Chernikov if (!bridged && la->lle_tbl->llt_ifp != ifp) { 986f3bfa7d1SAlexander V. Chernikov if (log_arp_wrong_iface) 987f3bfa7d1SAlexander V. Chernikov ARP_LOG(LOG_WARNING, "%s is on %s " 988f3bfa7d1SAlexander V. Chernikov "but got reply from %*D on %s\n", 989f3bfa7d1SAlexander V. Chernikov inet_ntoa(isaddr), 990f3bfa7d1SAlexander V. Chernikov la->lle_tbl->llt_ifp->if_xname, 991f3bfa7d1SAlexander V. Chernikov ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 992f3bfa7d1SAlexander V. Chernikov ifp->if_xname); 993f3bfa7d1SAlexander V. Chernikov LLE_WUNLOCK(la); 994f3bfa7d1SAlexander V. Chernikov return; 995f3bfa7d1SAlexander V. Chernikov } 996f3bfa7d1SAlexander V. Chernikov if ((la->la_flags & LLE_VALID) && 997f3bfa7d1SAlexander V. Chernikov bcmp(ar_sha(ah), &la->ll_addr, ifp->if_addrlen)) { 998f3bfa7d1SAlexander V. Chernikov if (la->la_flags & LLE_STATIC) { 999f3bfa7d1SAlexander V. Chernikov LLE_WUNLOCK(la); 1000f3bfa7d1SAlexander V. Chernikov if (log_arp_permanent_modify) 1001f3bfa7d1SAlexander V. Chernikov ARP_LOG(LOG_ERR, 1002f3bfa7d1SAlexander V. Chernikov "%*D attempts to modify " 1003f3bfa7d1SAlexander V. Chernikov "permanent entry for %s on %s\n", 1004f3bfa7d1SAlexander V. Chernikov ifp->if_addrlen, 1005f3bfa7d1SAlexander V. Chernikov (u_char *)ar_sha(ah), ":", 1006f3bfa7d1SAlexander V. Chernikov inet_ntoa(isaddr), ifp->if_xname); 1007f3bfa7d1SAlexander V. Chernikov return; 1008f3bfa7d1SAlexander V. Chernikov } 1009f3bfa7d1SAlexander V. Chernikov if (log_arp_movements) { 1010f3bfa7d1SAlexander V. Chernikov ARP_LOG(LOG_INFO, "%s moved from %*D " 1011f3bfa7d1SAlexander V. Chernikov "to %*D on %s\n", 1012f3bfa7d1SAlexander V. Chernikov inet_ntoa(isaddr), 1013f3bfa7d1SAlexander V. Chernikov ifp->if_addrlen, 1014f3bfa7d1SAlexander V. Chernikov (u_char *)&la->ll_addr, ":", 1015f3bfa7d1SAlexander V. Chernikov ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 1016f3bfa7d1SAlexander V. Chernikov ifp->if_xname); 1017f3bfa7d1SAlexander V. Chernikov } 1018f3bfa7d1SAlexander V. Chernikov } 1019f3bfa7d1SAlexander V. Chernikov 1020f3bfa7d1SAlexander V. Chernikov /* Check if something has changed */ 1021f3bfa7d1SAlexander V. Chernikov if (memcmp(&la->ll_addr, ar_sha(ah), ifp->if_addrlen) != 0 || 1022f3bfa7d1SAlexander V. Chernikov (la->la_flags & LLE_VALID) == 0) { 1023f3bfa7d1SAlexander V. Chernikov /* Perform real LLE update */ 1024f3bfa7d1SAlexander V. Chernikov /* use afdata WLOCK to update fields */ 1025f3bfa7d1SAlexander V. Chernikov LLE_ADDREF(la); 1026f3bfa7d1SAlexander V. Chernikov LLE_WUNLOCK(la); 1027f3bfa7d1SAlexander V. Chernikov IF_AFDATA_WLOCK(ifp); 1028f3bfa7d1SAlexander V. Chernikov LLE_WLOCK(la); 1029f3bfa7d1SAlexander V. Chernikov 1030f3bfa7d1SAlexander V. Chernikov /* 1031f3bfa7d1SAlexander V. Chernikov * Since we droppped LLE lock, other thread might have deleted 1032f3bfa7d1SAlexander V. Chernikov * this lle. Check and return 1033f3bfa7d1SAlexander V. Chernikov */ 1034f3bfa7d1SAlexander V. Chernikov if ((la->la_flags & LLE_DELETED) != 0) { 1035f3bfa7d1SAlexander V. Chernikov IF_AFDATA_WUNLOCK(ifp); 1036f3bfa7d1SAlexander V. Chernikov LLE_FREE_LOCKED(la); 1037f3bfa7d1SAlexander V. Chernikov return; 1038f3bfa7d1SAlexander V. Chernikov } 1039f3bfa7d1SAlexander V. Chernikov 1040f3bfa7d1SAlexander V. Chernikov /* Update data */ 1041ddd208f7SAlexander V. Chernikov lltable_set_entry_addr(ifp, la, ar_sha(ah)); 1042f3bfa7d1SAlexander V. Chernikov 1043f3bfa7d1SAlexander V. Chernikov IF_AFDATA_WUNLOCK(ifp); 1044f3bfa7d1SAlexander V. Chernikov LLE_REMREF(la); 1045f3bfa7d1SAlexander V. Chernikov } 1046f3bfa7d1SAlexander V. Chernikov 1047f3bfa7d1SAlexander V. Chernikov arp_mark_lle_reachable(la); 1048f3bfa7d1SAlexander V. Chernikov 1049f3bfa7d1SAlexander V. Chernikov /* 1050f3bfa7d1SAlexander V. Chernikov * The packets are all freed within the call to the output 1051f3bfa7d1SAlexander V. Chernikov * routine. 1052f3bfa7d1SAlexander V. Chernikov * 1053f3bfa7d1SAlexander V. Chernikov * NB: The lock MUST be released before the call to the 1054f3bfa7d1SAlexander V. Chernikov * output routine. 1055f3bfa7d1SAlexander V. Chernikov */ 1056f3bfa7d1SAlexander V. Chernikov if (la->la_hold != NULL) { 1057f3bfa7d1SAlexander V. Chernikov m_hold = la->la_hold; 1058f3bfa7d1SAlexander V. Chernikov la->la_hold = NULL; 1059f3bfa7d1SAlexander V. Chernikov la->la_numheld = 0; 1060f3bfa7d1SAlexander V. Chernikov lltable_fill_sa_entry(la, &sa); 1061f3bfa7d1SAlexander V. Chernikov LLE_WUNLOCK(la); 1062f3bfa7d1SAlexander V. Chernikov for (; m_hold != NULL; m_hold = m_hold_next) { 1063f3bfa7d1SAlexander V. Chernikov m_hold_next = m_hold->m_nextpkt; 1064f3bfa7d1SAlexander V. Chernikov m_hold->m_nextpkt = NULL; 1065f3bfa7d1SAlexander V. Chernikov /* Avoid confusing lower layers. */ 1066f3bfa7d1SAlexander V. Chernikov m_clrprotoflags(m_hold); 1067f3bfa7d1SAlexander V. Chernikov (*ifp->if_output)(ifp, m_hold, &sa, NULL); 1068f3bfa7d1SAlexander V. Chernikov } 1069f3bfa7d1SAlexander V. Chernikov } else 1070f3bfa7d1SAlexander V. Chernikov LLE_WUNLOCK(la); 1071f3bfa7d1SAlexander V. Chernikov } 1072f3bfa7d1SAlexander V. Chernikov 1073f3bfa7d1SAlexander V. Chernikov static void 1074f3bfa7d1SAlexander V. Chernikov arp_mark_lle_reachable(struct llentry *la) 1075f3bfa7d1SAlexander V. Chernikov { 1076f3bfa7d1SAlexander V. Chernikov int canceled; 1077f3bfa7d1SAlexander V. Chernikov 1078f3bfa7d1SAlexander V. Chernikov LLE_WLOCK_ASSERT(la); 1079f3bfa7d1SAlexander V. Chernikov 1080f3bfa7d1SAlexander V. Chernikov EVENTHANDLER_INVOKE(lle_event, la, LLENTRY_RESOLVED); 1081f3bfa7d1SAlexander V. Chernikov 1082f3bfa7d1SAlexander V. Chernikov if (!(la->la_flags & LLE_STATIC)) { 1083f3bfa7d1SAlexander V. Chernikov LLE_ADDREF(la); 1084f3bfa7d1SAlexander V. Chernikov la->la_expire = time_uptime + V_arpt_keep; 1085f3bfa7d1SAlexander V. Chernikov canceled = callout_reset(&la->lle_timer, 1086f3bfa7d1SAlexander V. Chernikov hz * V_arpt_keep, arptimer, la); 1087f3bfa7d1SAlexander V. Chernikov if (canceled) 1088f3bfa7d1SAlexander V. Chernikov LLE_REMREF(la); 1089f3bfa7d1SAlexander V. Chernikov } 1090f3bfa7d1SAlexander V. Chernikov la->la_asked = 0; 1091f3bfa7d1SAlexander V. Chernikov la->la_preempt = V_arp_maxtries; 1092f3bfa7d1SAlexander V. Chernikov } 1093f3bfa7d1SAlexander V. Chernikov 1094dd2e4102SGarrett Wollman void 1095f2565d68SRobert Watson arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa) 1096dd2e4102SGarrett Wollman { 10975a255516SAlexander V. Chernikov struct llentry *lle, *lle_tmp; 10985a255516SAlexander V. Chernikov struct sockaddr_in *dst_in; 10995a255516SAlexander V. Chernikov struct sockaddr *dst; 11006e6b3f7cSQing Li 110108b68b0eSGleb Smirnoff if (ifa->ifa_carp != NULL) 110208b68b0eSGleb Smirnoff return; 110308b68b0eSGleb Smirnoff 11045a255516SAlexander V. Chernikov ifa->ifa_rtrequest = NULL; 11055a255516SAlexander V. Chernikov 11065a255516SAlexander V. Chernikov dst_in = IA_SIN(ifa); 11075a255516SAlexander V. Chernikov dst = (struct sockaddr *)dst_in; 11085a255516SAlexander V. Chernikov 11095a255516SAlexander V. Chernikov if (ntohl(IA_SIN(ifa)->sin_addr.s_addr) == INADDR_ANY) 11105a255516SAlexander V. Chernikov return; 11115a255516SAlexander V. Chernikov 1112322dcb8dSMax Khon arprequest(ifp, &IA_SIN(ifa)->sin_addr, 1113322dcb8dSMax Khon &IA_SIN(ifa)->sin_addr, IF_LLADDR(ifp)); 11145a255516SAlexander V. Chernikov 11156e6b3f7cSQing Li /* 11165a255516SAlexander V. Chernikov * Interface address LLE record is considered static 11175a255516SAlexander V. Chernikov * because kernel code relies on LLE_STATIC flag to check 11185a255516SAlexander V. Chernikov * if these entries can be rewriten by arp updates. 11196e6b3f7cSQing Li */ 11205a255516SAlexander V. Chernikov lle = lltable_alloc_entry(LLTABLE(ifp), LLE_IFADDR | LLE_STATIC, dst); 11215a255516SAlexander V. Chernikov if (lle == NULL) { 11226e6b3f7cSQing Li log(LOG_INFO, "arp_ifinit: cannot create arp " 11236e6b3f7cSQing Li "entry for interface address\n"); 11245a255516SAlexander V. Chernikov return; 1125ce9122fdSQing Li } 11265a255516SAlexander V. Chernikov 11275a255516SAlexander V. Chernikov IF_AFDATA_WLOCK(ifp); 11285a255516SAlexander V. Chernikov LLE_WLOCK(lle); 11295a255516SAlexander V. Chernikov /* Unlink any entry if exists */ 11305a255516SAlexander V. Chernikov lle_tmp = lla_lookup(LLTABLE(ifp), LLE_EXCLUSIVE, dst); 11315a255516SAlexander V. Chernikov if (lle_tmp != NULL) 11325a255516SAlexander V. Chernikov lltable_unlink_entry(LLTABLE(ifp), lle_tmp); 11335a255516SAlexander V. Chernikov 11345a255516SAlexander V. Chernikov lltable_link_entry(LLTABLE(ifp), lle); 11355a255516SAlexander V. Chernikov IF_AFDATA_WUNLOCK(ifp); 11365a255516SAlexander V. Chernikov 11375a255516SAlexander V. Chernikov if (lle_tmp != NULL) 11385a255516SAlexander V. Chernikov EVENTHANDLER_INVOKE(lle_event, lle_tmp, LLENTRY_EXPIRED); 11395a255516SAlexander V. Chernikov 11405a255516SAlexander V. Chernikov EVENTHANDLER_INVOKE(lle_event, lle, LLENTRY_RESOLVED); 11415a255516SAlexander V. Chernikov LLE_WUNLOCK(lle); 11425a255516SAlexander V. Chernikov if (lle_tmp != NULL) 11435a255516SAlexander V. Chernikov lltable_free_entry(LLTABLE(ifp), lle_tmp); 1144dd2e4102SGarrett Wollman } 1145df5e1987SJonathan Lemon 1146a9771948SGleb Smirnoff void 1147f2565d68SRobert Watson arp_ifinit2(struct ifnet *ifp, struct ifaddr *ifa, u_char *enaddr) 1148a9771948SGleb Smirnoff { 1149a9771948SGleb Smirnoff if (ntohl(IA_SIN(ifa)->sin_addr.s_addr) != INADDR_ANY) 1150a9771948SGleb Smirnoff arprequest(ifp, &IA_SIN(ifa)->sin_addr, 1151a9771948SGleb Smirnoff &IA_SIN(ifa)->sin_addr, enaddr); 11526e6b3f7cSQing Li ifa->ifa_rtrequest = NULL; 1153a9771948SGleb Smirnoff } 1154a9771948SGleb Smirnoff 1155*b13c5b5dSAlexander V. Chernikov /* 1156*b13c5b5dSAlexander V. Chernikov * Sends gratuitous ARPs for each ifaddr to notify other 1157*b13c5b5dSAlexander V. Chernikov * nodes about the address change. 1158*b13c5b5dSAlexander V. Chernikov */ 1159*b13c5b5dSAlexander V. Chernikov static __noinline void 1160*b13c5b5dSAlexander V. Chernikov arp_handle_ifllchange(struct ifnet *ifp) 1161*b13c5b5dSAlexander V. Chernikov { 1162*b13c5b5dSAlexander V. Chernikov struct ifaddr *ifa; 1163*b13c5b5dSAlexander V. Chernikov 1164*b13c5b5dSAlexander V. Chernikov TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1165*b13c5b5dSAlexander V. Chernikov if (ifa->ifa_addr->sa_family == AF_INET) 1166*b13c5b5dSAlexander V. Chernikov arp_ifinit(ifp, ifa); 1167*b13c5b5dSAlexander V. Chernikov } 1168*b13c5b5dSAlexander V. Chernikov } 1169*b13c5b5dSAlexander V. Chernikov 1170*b13c5b5dSAlexander V. Chernikov /* 1171*b13c5b5dSAlexander V. Chernikov * A handler for interface link layer address change event. 1172*b13c5b5dSAlexander V. Chernikov */ 1173*b13c5b5dSAlexander V. Chernikov static __noinline void 1174*b13c5b5dSAlexander V. Chernikov arp_iflladdr(void *arg __unused, struct ifnet *ifp) 1175*b13c5b5dSAlexander V. Chernikov { 1176*b13c5b5dSAlexander V. Chernikov 1177*b13c5b5dSAlexander V. Chernikov if ((ifp->if_flags & IFF_UP) != 0) 1178*b13c5b5dSAlexander V. Chernikov arp_handle_ifllchange(ifp); 1179*b13c5b5dSAlexander V. Chernikov } 1180*b13c5b5dSAlexander V. Chernikov 11811ed81b73SMarko Zec static void 11821ed81b73SMarko Zec arp_init(void) 11831ed81b73SMarko Zec { 11841ed81b73SMarko Zec 1185d4b5cae4SRobert Watson netisr_register(&arp_nh); 1186*b13c5b5dSAlexander V. Chernikov if (IS_DEFAULT_VNET(curvnet)) 1187*b13c5b5dSAlexander V. Chernikov iflladdr_tag = EVENTHANDLER_REGISTER(iflladdr_event, 1188*b13c5b5dSAlexander V. Chernikov arp_iflladdr, NULL, EVENTHANDLER_PRI_ANY); 1189df5e1987SJonathan Lemon } 1190df5e1987SJonathan Lemon SYSINIT(arp, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, arp_init, 0); 1191