1 /*- 2 * Copyright (c) 2007-2009 Bruce Simpson. 3 * Copyright (c) 1988 Stephen Deering. 4 * Copyright (c) 1992, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Stephen Deering of Stanford University. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)igmp.c 8.1 (Berkeley) 7/19/93 35 */ 36 37 /* 38 * Internet Group Management Protocol (IGMP) routines. 39 * [RFC1112, RFC2236, RFC3376] 40 * 41 * Written by Steve Deering, Stanford, May 1988. 42 * Modified by Rosen Sharma, Stanford, Aug 1994. 43 * Modified by Bill Fenner, Xerox PARC, Feb 1995. 44 * Modified to fully comply to IGMPv2 by Bill Fenner, Oct 1995. 45 * Significantly rewritten for IGMPv3, VIMAGE, and SMP by Bruce Simpson. 46 * 47 * MULTICAST Revision: 3.5.1.4 48 */ 49 50 #include <sys/cdefs.h> 51 __FBSDID("$FreeBSD$"); 52 53 #include "opt_mac.h" 54 #include "opt_route.h" 55 56 #include <sys/param.h> 57 #include <sys/systm.h> 58 #include <sys/module.h> 59 #include <sys/malloc.h> 60 #include <sys/mbuf.h> 61 #include <sys/socket.h> 62 #include <sys/protosw.h> 63 #include <sys/kernel.h> 64 #include <sys/sysctl.h> 65 #include <sys/vimage.h> 66 #include <sys/ktr.h> 67 #include <sys/condvar.h> 68 69 #include <net/if.h> 70 #include <net/netisr.h> 71 #include <net/route.h> 72 #include <net/vnet.h> 73 74 #include <netinet/in.h> 75 #include <netinet/in_var.h> 76 #include <netinet/in_systm.h> 77 #include <netinet/ip.h> 78 #include <netinet/ip_var.h> 79 #include <netinet/ip_options.h> 80 #include <netinet/igmp.h> 81 #include <netinet/igmp_var.h> 82 #include <netinet/vinet.h> 83 84 #include <machine/in_cksum.h> 85 86 #include <security/mac/mac_framework.h> 87 88 #ifndef KTR_IGMPV3 89 #define KTR_IGMPV3 KTR_INET 90 #endif 91 92 static struct igmp_ifinfo * 93 igi_alloc_locked(struct ifnet *); 94 static void igi_delete_locked(const struct ifnet *); 95 static void igmp_dispatch_queue(struct ifqueue *, int, const int); 96 static void igmp_fasttimo_vnet(void); 97 static void igmp_final_leave(struct in_multi *, struct igmp_ifinfo *); 98 static int igmp_handle_state_change(struct in_multi *, 99 struct igmp_ifinfo *); 100 static int igmp_initial_join(struct in_multi *, struct igmp_ifinfo *); 101 static int igmp_input_v1_query(struct ifnet *, const struct ip *); 102 static int igmp_input_v2_query(struct ifnet *, const struct ip *, 103 const struct igmp *); 104 static int igmp_input_v3_query(struct ifnet *, const struct ip *, 105 /*const*/ struct igmpv3 *); 106 static int igmp_input_v3_group_query(struct in_multi *, 107 struct igmp_ifinfo *, int, /*const*/ struct igmpv3 *); 108 static int igmp_input_v1_report(struct ifnet *, /*const*/ struct ip *, 109 /*const*/ struct igmp *); 110 static int igmp_input_v2_report(struct ifnet *, /*const*/ struct ip *, 111 /*const*/ struct igmp *); 112 static void igmp_intr(struct mbuf *); 113 static int igmp_isgroupreported(const struct in_addr); 114 static struct mbuf * 115 igmp_ra_alloc(void); 116 #ifdef KTR 117 static char * igmp_rec_type_to_str(const int); 118 #endif 119 static void igmp_set_version(struct igmp_ifinfo *, const int); 120 static void igmp_slowtimo_vnet(void); 121 static void igmp_sysinit(void); 122 static int igmp_v1v2_queue_report(struct in_multi *, const int); 123 static void igmp_v1v2_process_group_timer(struct in_multi *, const int); 124 static void igmp_v1v2_process_querier_timers(struct igmp_ifinfo *); 125 static void igmp_v2_update_group(struct in_multi *, const int); 126 static void igmp_v3_cancel_link_timers(struct igmp_ifinfo *); 127 static void igmp_v3_dispatch_general_query(struct igmp_ifinfo *); 128 static struct mbuf * 129 igmp_v3_encap_report(struct ifnet *, struct mbuf *); 130 static int igmp_v3_enqueue_group_record(struct ifqueue *, 131 struct in_multi *, const int, const int, const int); 132 static int igmp_v3_enqueue_filter_change(struct ifqueue *, 133 struct in_multi *); 134 static void igmp_v3_process_group_timers(struct igmp_ifinfo *, 135 struct ifqueue *, struct ifqueue *, struct in_multi *, 136 const int); 137 static int igmp_v3_merge_state_changes(struct in_multi *, 138 struct ifqueue *); 139 static void igmp_v3_suppress_group_record(struct in_multi *); 140 static int sysctl_igmp_default_version(SYSCTL_HANDLER_ARGS); 141 static int sysctl_igmp_gsr(SYSCTL_HANDLER_ARGS); 142 static int sysctl_igmp_ifinfo(SYSCTL_HANDLER_ARGS); 143 144 static vnet_attach_fn vnet_igmp_iattach; 145 static vnet_detach_fn vnet_igmp_idetach; 146 147 static const struct netisr_handler igmp_nh = { 148 .nh_name = "igmp", 149 .nh_handler = igmp_intr, 150 .nh_proto = NETISR_IGMP, 151 .nh_policy = NETISR_POLICY_SOURCE, 152 }; 153 154 /* 155 * System-wide globals. 156 * 157 * Unlocked access to these is OK, except for the global IGMP output 158 * queue. The IGMP subsystem lock ends up being system-wide for the moment, 159 * because all VIMAGEs have to share a global output queue, as netisrs 160 * themselves are not virtualized. 161 * 162 * Locking: 163 * * The permitted lock order is: IN_MULTI_LOCK, IGMP_LOCK, IF_ADDR_LOCK. 164 * Any may be taken independently; if any are held at the same 165 * time, the above lock order must be followed. 166 * * All output is delegated to the netisr. 167 * Now that Giant has been eliminated, the netisr may be inlined. 168 * * IN_MULTI_LOCK covers in_multi. 169 * * IGMP_LOCK covers igmp_ifinfo and any global variables in this file, 170 * including the output queue. 171 * * IF_ADDR_LOCK covers if_multiaddrs, which is used for a variety of 172 * per-link state iterators. 173 * * igmp_ifinfo is valid as long as PF_INET is attached to the interface, 174 * therefore it is not refcounted. 175 * We allow unlocked reads of igmp_ifinfo when accessed via in_multi. 176 * 177 * Reference counting 178 * * IGMP acquires its own reference every time an in_multi is passed to 179 * it and the group is being joined for the first time. 180 * * IGMP releases its reference(s) on in_multi in a deferred way, 181 * because the operations which process the release run as part of 182 * a loop whose control variables are directly affected by the release 183 * (that, and not recursing on the IF_ADDR_LOCK). 184 * 185 * VIMAGE: Each in_multi corresponds to an ifp, and each ifp corresponds 186 * to a vnet in ifp->if_vnet. 187 * 188 * SMPng: XXX We may potentially race operations on ifma_protospec. 189 * The problem is that we currently lack a clean way of taking the 190 * IF_ADDR_LOCK() between the ifnet and in layers w/o recursing, 191 * as anything which modifies ifma needs to be covered by that lock. 192 * So check for ifma_protospec being NULL before proceeding. 193 */ 194 struct mtx igmp_mtx; 195 196 struct mbuf *m_raopt; /* Router Alert option */ 197 MALLOC_DEFINE(M_IGMP, "igmp", "igmp state"); 198 199 /* 200 * VIMAGE-wide globals. 201 * 202 * The IGMPv3 timers themselves need to run per-image, however, 203 * protosw timers run globally (see tcp). 204 * An ifnet can only be in one vimage at a time, and the loopback 205 * ifnet, loif, is itself virtualized. 206 * It would otherwise be possible to seriously hose IGMP state, 207 * and create inconsistencies in upstream multicast routing, if you have 208 * multiple VIMAGEs running on the same link joining different multicast 209 * groups, UNLESS the "primary IP address" is different. This is because 210 * IGMP for IPv4 does not force link-local addresses to be used for each 211 * node, unlike MLD for IPv6. 212 * Obviously the IGMPv3 per-interface state has per-vimage granularity 213 * also as a result. 214 * 215 * FUTURE: Stop using IFP_TO_IA/INADDR_ANY, and use source address selection 216 * policy to control the address used by IGMP on the link. 217 */ 218 #ifdef VIMAGE_GLOBALS 219 int interface_timers_running; /* IGMPv3 general query response */ 220 int state_change_timers_running; /* IGMPv3 state-change retransmit */ 221 int current_state_timers_running; /* IGMPv1/v2 host report; 222 * IGMPv3 g/sg query response */ 223 224 LIST_HEAD(, igmp_ifinfo) igi_head; 225 struct igmpstat igmpstat; 226 struct timeval igmp_gsrdelay; 227 228 int igmp_recvifkludge; 229 int igmp_sendra; 230 int igmp_sendlocal; 231 int igmp_v1enable; 232 int igmp_v2enable; 233 int igmp_legacysupp; 234 int igmp_default_version; 235 #endif /* VIMAGE_GLOBALS */ 236 237 /* 238 * Virtualized sysctls. 239 */ 240 SYSCTL_V_STRUCT(V_NET, vnet_inet, _net_inet_igmp, IGMPCTL_STATS, stats, 241 CTLFLAG_RW, igmpstat, igmpstat, ""); 242 SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_igmp, OID_AUTO, recvifkludge, 243 CTLFLAG_RW, igmp_recvifkludge, 0, 244 "Rewrite IGMPv1/v2 reports from 0.0.0.0 to contain subnet address"); 245 SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_igmp, OID_AUTO, sendra, 246 CTLFLAG_RW, igmp_sendra, 0, 247 "Send IP Router Alert option in IGMPv2/v3 messages"); 248 SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_igmp, OID_AUTO, sendlocal, 249 CTLFLAG_RW, igmp_sendlocal, 0, 250 "Send IGMP membership reports for 224.0.0.0/24 groups"); 251 SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_igmp, OID_AUTO, v1enable, 252 CTLFLAG_RW, igmp_v1enable, 0, 253 "Enable backwards compatibility with IGMPv1"); 254 SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_igmp, OID_AUTO, v2enable, 255 CTLFLAG_RW, igmp_v2enable, 0, 256 "Enable backwards compatibility with IGMPv2"); 257 SYSCTL_V_INT(V_NET, vnet_inet, _net_inet_igmp, OID_AUTO, legacysupp, 258 CTLFLAG_RW, igmp_legacysupp, 0, 259 "Allow v1/v2 reports to suppress v3 group responses"); 260 SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_igmp, OID_AUTO, default_version, 261 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, igmp_default_version, 0, 262 sysctl_igmp_default_version, "I", 263 "Default version of IGMP to run on each interface"); 264 SYSCTL_V_PROC(V_NET, vnet_inet, _net_inet_igmp, OID_AUTO, gsrdelay, 265 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, igmp_gsrdelay.tv_sec, 0, 266 sysctl_igmp_gsr, "I", 267 "Rate limit for IGMPv3 Group-and-Source queries in seconds"); 268 269 /* 270 * Non-virtualized sysctls. 271 */ 272 SYSCTL_NODE(_net_inet_igmp, OID_AUTO, ifinfo, CTLFLAG_RD | CTLFLAG_MPSAFE, 273 sysctl_igmp_ifinfo, "Per-interface IGMPv3 state"); 274 275 static __inline void 276 igmp_save_context(struct mbuf *m, struct ifnet *ifp) 277 { 278 279 #ifdef VIMAGE 280 m->m_pkthdr.header = ifp->if_vnet; 281 #endif /* VIMAGE */ 282 m->m_pkthdr.flowid = ifp->if_index; 283 } 284 285 static __inline void 286 igmp_scrub_context(struct mbuf *m) 287 { 288 289 m->m_pkthdr.header = NULL; 290 m->m_pkthdr.flowid = 0; 291 } 292 293 #ifdef KTR 294 static __inline char * 295 inet_ntoa_haddr(in_addr_t haddr) 296 { 297 struct in_addr ia; 298 299 ia.s_addr = htonl(haddr); 300 return (inet_ntoa(ia)); 301 } 302 #endif 303 304 /* 305 * Restore context from a queued IGMP output chain. 306 * Return saved ifindex. 307 * 308 * VIMAGE: The assertion is there to make sure that we 309 * actually called CURVNET_SET() with what's in the mbuf chain. 310 */ 311 static __inline uint32_t 312 igmp_restore_context(struct mbuf *m) 313 { 314 315 #ifdef notyet 316 #if defined(VIMAGE) && defined(INVARIANTS) 317 KASSERT(curvnet == (m->m_pkthdr.header), 318 ("%s: called when curvnet was not restored", __func__)); 319 #endif 320 #endif 321 return (m->m_pkthdr.flowid); 322 } 323 324 /* 325 * Retrieve or set default IGMP version. 326 * 327 * VIMAGE: Assume curvnet set by caller. 328 * SMPng: NOTE: Serialized by IGMP lock. 329 */ 330 static int 331 sysctl_igmp_default_version(SYSCTL_HANDLER_ARGS) 332 { 333 INIT_VNET_INET(curvnet); 334 int error; 335 int new; 336 337 error = sysctl_wire_old_buffer(req, sizeof(int)); 338 if (error) 339 return (error); 340 341 IGMP_LOCK(); 342 343 new = V_igmp_default_version; 344 345 error = sysctl_handle_int(oidp, &new, 0, req); 346 if (error || !req->newptr) 347 goto out_locked; 348 349 if (new < IGMP_VERSION_1 || new > IGMP_VERSION_3) { 350 error = EINVAL; 351 goto out_locked; 352 } 353 354 CTR2(KTR_IGMPV3, "change igmp_default_version from %d to %d", 355 V_igmp_default_version, new); 356 357 V_igmp_default_version = new; 358 359 out_locked: 360 IGMP_UNLOCK(); 361 return (error); 362 } 363 364 /* 365 * Retrieve or set threshold between group-source queries in seconds. 366 * 367 * VIMAGE: Assume curvnet set by caller. 368 * SMPng: NOTE: Serialized by IGMP lock. 369 */ 370 static int 371 sysctl_igmp_gsr(SYSCTL_HANDLER_ARGS) 372 { 373 INIT_VNET_INET(curvnet); 374 int error; 375 int i; 376 377 error = sysctl_wire_old_buffer(req, sizeof(int)); 378 if (error) 379 return (error); 380 381 IGMP_LOCK(); 382 383 i = V_igmp_gsrdelay.tv_sec; 384 385 error = sysctl_handle_int(oidp, &i, 0, req); 386 if (error || !req->newptr) 387 goto out_locked; 388 389 if (i < -1 || i >= 60) { 390 error = EINVAL; 391 goto out_locked; 392 } 393 394 CTR2(KTR_IGMPV3, "change igmp_gsrdelay from %d to %d", 395 V_igmp_gsrdelay.tv_sec, i); 396 V_igmp_gsrdelay.tv_sec = i; 397 398 out_locked: 399 IGMP_UNLOCK(); 400 return (error); 401 } 402 403 /* 404 * Expose struct igmp_ifinfo to userland, keyed by ifindex. 405 * For use by ifmcstat(8). 406 * 407 * SMPng: NOTE: Does an unlocked ifindex space read. 408 * VIMAGE: Assume curvnet set by caller. The node handler itself 409 * is not directly virtualized. 410 */ 411 static int 412 sysctl_igmp_ifinfo(SYSCTL_HANDLER_ARGS) 413 { 414 INIT_VNET_NET(curvnet); 415 INIT_VNET_INET(curvnet); 416 int *name; 417 int error; 418 u_int namelen; 419 struct ifnet *ifp; 420 struct igmp_ifinfo *igi; 421 422 name = (int *)arg1; 423 namelen = arg2; 424 425 if (req->newptr != NULL) 426 return (EPERM); 427 428 if (namelen != 1) 429 return (EINVAL); 430 431 error = sysctl_wire_old_buffer(req, sizeof(struct igmp_ifinfo)); 432 if (error) 433 return (error); 434 435 IN_MULTI_LOCK(); 436 IGMP_LOCK(); 437 438 if (name[0] <= 0 || name[0] > V_if_index) { 439 error = ENOENT; 440 goto out_locked; 441 } 442 443 error = ENOENT; 444 445 ifp = ifnet_byindex(name[0]); 446 if (ifp == NULL) 447 goto out_locked; 448 449 LIST_FOREACH(igi, &V_igi_head, igi_link) { 450 if (ifp == igi->igi_ifp) { 451 error = SYSCTL_OUT(req, igi, 452 sizeof(struct igmp_ifinfo)); 453 break; 454 } 455 } 456 457 out_locked: 458 IGMP_UNLOCK(); 459 IN_MULTI_UNLOCK(); 460 return (error); 461 } 462 463 /* 464 * Dispatch an entire queue of pending packet chains 465 * using the netisr. 466 * VIMAGE: Assumes the vnet pointer has been set. 467 */ 468 static void 469 igmp_dispatch_queue(struct ifqueue *ifq, int limit, const int loop) 470 { 471 struct mbuf *m; 472 473 for (;;) { 474 _IF_DEQUEUE(ifq, m); 475 if (m == NULL) 476 break; 477 CTR3(KTR_IGMPV3, "%s: dispatch %p from %p", __func__, ifq, m); 478 if (loop) 479 m->m_flags |= M_IGMP_LOOP; 480 netisr_dispatch(NETISR_IGMP, m); 481 if (--limit == 0) 482 break; 483 } 484 } 485 486 /* 487 * Filter outgoing IGMP report state by group. 488 * 489 * Reports are ALWAYS suppressed for ALL-HOSTS (224.0.0.1). 490 * If the net.inet.igmp.sendlocal sysctl is 0, then IGMP reports are 491 * disabled for all groups in the 224.0.0.0/24 link-local scope. However, 492 * this may break certain IGMP snooping switches which rely on the old 493 * report behaviour. 494 * 495 * Return zero if the given group is one for which IGMP reports 496 * should be suppressed, or non-zero if reports should be issued. 497 */ 498 static __inline int 499 igmp_isgroupreported(const struct in_addr addr) 500 { 501 INIT_VNET_INET(curvnet); 502 503 if (in_allhosts(addr) || 504 ((!V_igmp_sendlocal && IN_LOCAL_GROUP(ntohl(addr.s_addr))))) 505 return (0); 506 507 return (1); 508 } 509 510 /* 511 * Construct a Router Alert option to use in outgoing packets. 512 */ 513 static struct mbuf * 514 igmp_ra_alloc(void) 515 { 516 struct mbuf *m; 517 struct ipoption *p; 518 519 MGET(m, M_DONTWAIT, MT_DATA); 520 p = mtod(m, struct ipoption *); 521 p->ipopt_dst.s_addr = INADDR_ANY; 522 p->ipopt_list[0] = IPOPT_RA; /* Router Alert Option */ 523 p->ipopt_list[1] = 0x04; /* 4 bytes long */ 524 p->ipopt_list[2] = IPOPT_EOL; /* End of IP option list */ 525 p->ipopt_list[3] = 0x00; /* pad byte */ 526 m->m_len = sizeof(p->ipopt_dst) + p->ipopt_list[1]; 527 528 return (m); 529 } 530 531 /* 532 * Attach IGMP when PF_INET is attached to an interface. 533 */ 534 struct igmp_ifinfo * 535 igmp_domifattach(struct ifnet *ifp) 536 { 537 struct igmp_ifinfo *igi; 538 539 CTR3(KTR_IGMPV3, "%s: called for ifp %p(%s)", 540 __func__, ifp, ifp->if_xname); 541 542 IGMP_LOCK(); 543 544 igi = igi_alloc_locked(ifp); 545 if (!(ifp->if_flags & IFF_MULTICAST)) 546 igi->igi_flags |= IGIF_SILENT; 547 548 IGMP_UNLOCK(); 549 550 return (igi); 551 } 552 553 /* 554 * VIMAGE: assume curvnet set by caller. 555 */ 556 static struct igmp_ifinfo * 557 igi_alloc_locked(/*const*/ struct ifnet *ifp) 558 { 559 INIT_VNET_INET(ifp->if_vnet); 560 struct igmp_ifinfo *igi; 561 562 IGMP_LOCK_ASSERT(); 563 564 igi = malloc(sizeof(struct igmp_ifinfo), M_IGMP, M_NOWAIT|M_ZERO); 565 if (igi == NULL) 566 goto out; 567 568 igi->igi_ifp = ifp; 569 igi->igi_version = V_igmp_default_version; 570 igi->igi_flags = 0; 571 igi->igi_rv = IGMP_RV_INIT; 572 igi->igi_qi = IGMP_QI_INIT; 573 igi->igi_qri = IGMP_QRI_INIT; 574 igi->igi_uri = IGMP_URI_INIT; 575 576 SLIST_INIT(&igi->igi_relinmhead); 577 578 /* 579 * Responses to general queries are subject to bounds. 580 */ 581 IFQ_SET_MAXLEN(&igi->igi_gq, IGMP_MAX_RESPONSE_PACKETS); 582 583 LIST_INSERT_HEAD(&V_igi_head, igi, igi_link); 584 585 CTR2(KTR_IGMPV3, "allocate igmp_ifinfo for ifp %p(%s)", 586 ifp, ifp->if_xname); 587 588 out: 589 return (igi); 590 } 591 592 /* 593 * Hook for ifdetach. 594 * 595 * NOTE: Some finalization tasks need to run before the protocol domain 596 * is detached, but also before the link layer does its cleanup. 597 * 598 * SMPNG: igmp_ifdetach() needs to take IF_ADDR_LOCK(). 599 * XXX This is also bitten by unlocked ifma_protospec access. 600 */ 601 void 602 igmp_ifdetach(struct ifnet *ifp) 603 { 604 struct igmp_ifinfo *igi; 605 struct ifmultiaddr *ifma; 606 struct in_multi *inm, *tinm; 607 608 CTR3(KTR_IGMPV3, "%s: called for ifp %p(%s)", __func__, ifp, 609 ifp->if_xname); 610 611 IGMP_LOCK(); 612 613 igi = ((struct in_ifinfo *)ifp->if_afdata[AF_INET])->ii_igmp; 614 if (igi->igi_version == IGMP_VERSION_3) { 615 IF_ADDR_LOCK(ifp); 616 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 617 if (ifma->ifma_addr->sa_family != AF_INET || 618 ifma->ifma_protospec == NULL) 619 continue; 620 #if 0 621 KASSERT(ifma->ifma_protospec != NULL, 622 ("%s: ifma_protospec is NULL", __func__)); 623 #endif 624 inm = (struct in_multi *)ifma->ifma_protospec; 625 if (inm->inm_state == IGMP_LEAVING_MEMBER) { 626 SLIST_INSERT_HEAD(&igi->igi_relinmhead, 627 inm, inm_nrele); 628 } 629 inm_clear_recorded(inm); 630 } 631 IF_ADDR_UNLOCK(ifp); 632 /* 633 * Free the in_multi reference(s) for this IGMP lifecycle. 634 */ 635 SLIST_FOREACH_SAFE(inm, &igi->igi_relinmhead, inm_nrele, 636 tinm) { 637 SLIST_REMOVE_HEAD(&igi->igi_relinmhead, inm_nrele); 638 inm_release_locked(inm); 639 } 640 } 641 642 IGMP_UNLOCK(); 643 } 644 645 /* 646 * Hook for domifdetach. 647 */ 648 void 649 igmp_domifdetach(struct ifnet *ifp) 650 { 651 struct igmp_ifinfo *igi; 652 653 CTR3(KTR_IGMPV3, "%s: called for ifp %p(%s)", 654 __func__, ifp, ifp->if_xname); 655 656 IGMP_LOCK(); 657 658 igi = ((struct in_ifinfo *)ifp->if_afdata[AF_INET])->ii_igmp; 659 igi_delete_locked(ifp); 660 661 IGMP_UNLOCK(); 662 } 663 664 static void 665 igi_delete_locked(const struct ifnet *ifp) 666 { 667 INIT_VNET_INET(ifp->if_vnet); 668 struct igmp_ifinfo *igi, *tigi; 669 670 CTR3(KTR_IGMPV3, "%s: freeing igmp_ifinfo for ifp %p(%s)", 671 __func__, ifp, ifp->if_xname); 672 673 IGMP_LOCK_ASSERT(); 674 675 LIST_FOREACH_SAFE(igi, &V_igi_head, igi_link, tigi) { 676 if (igi->igi_ifp == ifp) { 677 /* 678 * Free deferred General Query responses. 679 */ 680 _IF_DRAIN(&igi->igi_gq); 681 682 LIST_REMOVE(igi, igi_link); 683 684 KASSERT(SLIST_EMPTY(&igi->igi_relinmhead), 685 ("%s: there are dangling in_multi references", 686 __func__)); 687 688 free(igi, M_IGMP); 689 return; 690 } 691 } 692 693 #ifdef INVARIANTS 694 panic("%s: igmp_ifinfo not found for ifp %p\n", __func__, ifp); 695 #endif 696 } 697 698 /* 699 * Process a received IGMPv1 query. 700 * Return non-zero if the message should be dropped. 701 * 702 * VIMAGE: The curvnet pointer is derived from the input ifp. 703 */ 704 static int 705 igmp_input_v1_query(struct ifnet *ifp, const struct ip *ip) 706 { 707 INIT_VNET_INET(ifp->if_vnet); 708 struct ifmultiaddr *ifma; 709 struct igmp_ifinfo *igi; 710 struct in_multi *inm; 711 712 /* 713 * IGMPv1 General Queries SHOULD always addressed to 224.0.0.1. 714 * igmp_group is always ignored. Do not drop it as a userland 715 * daemon may wish to see it. 716 */ 717 if (!in_allhosts(ip->ip_dst)) { 718 IGMPSTAT_INC(igps_rcv_badqueries); 719 return (0); 720 } 721 722 IGMPSTAT_INC(igps_rcv_gen_queries); 723 724 /* 725 * Switch to IGMPv1 host compatibility mode. 726 */ 727 IN_MULTI_LOCK(); 728 IGMP_LOCK(); 729 730 igi = ((struct in_ifinfo *)ifp->if_afdata[AF_INET])->ii_igmp; 731 KASSERT(igi != NULL, ("%s: no igmp_ifinfo for ifp %p", __func__, ifp)); 732 733 if (igi->igi_flags & IGIF_LOOPBACK) { 734 CTR2(KTR_IGMPV3, "ignore v1 query on IGIF_LOOPBACK ifp %p(%s)", 735 ifp, ifp->if_xname); 736 goto out_locked; 737 } 738 739 igmp_set_version(igi, IGMP_VERSION_1); 740 741 CTR2(KTR_IGMPV3, "process v1 query on ifp %p(%s)", ifp, ifp->if_xname); 742 743 /* 744 * Start the timers in all of our group records 745 * for the interface on which the query arrived, 746 * except those which are already running. 747 */ 748 IF_ADDR_LOCK(ifp); 749 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 750 if (ifma->ifma_addr->sa_family != AF_INET || 751 ifma->ifma_protospec == NULL) 752 continue; 753 inm = (struct in_multi *)ifma->ifma_protospec; 754 if (inm->inm_timer != 0) 755 continue; 756 switch (inm->inm_state) { 757 case IGMP_NOT_MEMBER: 758 case IGMP_SILENT_MEMBER: 759 break; 760 case IGMP_G_QUERY_PENDING_MEMBER: 761 case IGMP_SG_QUERY_PENDING_MEMBER: 762 case IGMP_REPORTING_MEMBER: 763 case IGMP_IDLE_MEMBER: 764 case IGMP_LAZY_MEMBER: 765 case IGMP_SLEEPING_MEMBER: 766 case IGMP_AWAKENING_MEMBER: 767 inm->inm_state = IGMP_REPORTING_MEMBER; 768 inm->inm_timer = IGMP_RANDOM_DELAY( 769 IGMP_V1V2_MAX_RI * PR_FASTHZ); 770 V_current_state_timers_running = 1; 771 break; 772 case IGMP_LEAVING_MEMBER: 773 break; 774 } 775 } 776 IF_ADDR_UNLOCK(ifp); 777 778 out_locked: 779 IGMP_UNLOCK(); 780 IN_MULTI_UNLOCK(); 781 782 return (0); 783 } 784 785 /* 786 * Process a received IGMPv2 general or group-specific query. 787 */ 788 static int 789 igmp_input_v2_query(struct ifnet *ifp, const struct ip *ip, 790 const struct igmp *igmp) 791 { 792 INIT_VNET_INET(ifp->if_vnet); 793 struct ifmultiaddr *ifma; 794 struct igmp_ifinfo *igi; 795 struct in_multi *inm; 796 uint16_t timer; 797 798 /* 799 * Perform lazy allocation of IGMP link info if required, 800 * and switch to IGMPv2 host compatibility mode. 801 */ 802 IN_MULTI_LOCK(); 803 IGMP_LOCK(); 804 805 igi = ((struct in_ifinfo *)ifp->if_afdata[AF_INET])->ii_igmp; 806 KASSERT(igi != NULL, ("%s: no igmp_ifinfo for ifp %p", __func__, ifp)); 807 808 if (igi->igi_flags & IGIF_LOOPBACK) { 809 CTR2(KTR_IGMPV3, "ignore v2 query on IGIF_LOOPBACK ifp %p(%s)", 810 ifp, ifp->if_xname); 811 goto out_locked; 812 } 813 814 igmp_set_version(igi, IGMP_VERSION_2); 815 816 timer = igmp->igmp_code * PR_FASTHZ / IGMP_TIMER_SCALE; 817 if (timer == 0) 818 timer = 1; 819 820 if (!in_nullhost(igmp->igmp_group)) { 821 /* 822 * IGMPv2 Group-Specific Query. 823 * If this is a group-specific IGMPv2 query, we need only 824 * look up the single group to process it. 825 */ 826 inm = inm_lookup(ifp, igmp->igmp_group); 827 if (inm != NULL) { 828 CTR3(KTR_IGMPV3, "process v2 query %s on ifp %p(%s)", 829 inet_ntoa(igmp->igmp_group), ifp, ifp->if_xname); 830 igmp_v2_update_group(inm, timer); 831 } 832 IGMPSTAT_INC(igps_rcv_group_queries); 833 } else { 834 /* 835 * IGMPv2 General Query. 836 * If this was not sent to the all-hosts group, ignore it. 837 */ 838 if (in_allhosts(ip->ip_dst)) { 839 /* 840 * For each reporting group joined on this 841 * interface, kick the report timer. 842 */ 843 CTR2(KTR_IGMPV3, 844 "process v2 general query on ifp %p(%s)", 845 ifp, ifp->if_xname); 846 847 IF_ADDR_LOCK(ifp); 848 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 849 if (ifma->ifma_addr->sa_family != AF_INET || 850 ifma->ifma_protospec == NULL) 851 continue; 852 inm = (struct in_multi *)ifma->ifma_protospec; 853 igmp_v2_update_group(inm, timer); 854 } 855 IF_ADDR_UNLOCK(ifp); 856 } 857 IGMPSTAT_INC(igps_rcv_gen_queries); 858 } 859 860 out_locked: 861 IGMP_UNLOCK(); 862 IN_MULTI_UNLOCK(); 863 864 return (0); 865 } 866 867 /* 868 * Update the report timer on a group in response to an IGMPv2 query. 869 * 870 * If we are becoming the reporting member for this group, start the timer. 871 * If we already are the reporting member for this group, and timer is 872 * below the threshold, reset it. 873 * 874 * We may be updating the group for the first time since we switched 875 * to IGMPv3. If we are, then we must clear any recorded source lists, 876 * and transition to REPORTING state; the group timer is overloaded 877 * for group and group-source query responses. 878 * 879 * Unlike IGMPv3, the delay per group should be jittered 880 * to avoid bursts of IGMPv2 reports. 881 */ 882 static void 883 igmp_v2_update_group(struct in_multi *inm, const int timer) 884 { 885 INIT_VNET_INET(curvnet); 886 887 CTR4(KTR_IGMPV3, "%s: %s/%s timer=%d", __func__, 888 inet_ntoa(inm->inm_addr), inm->inm_ifp->if_xname, timer); 889 890 IN_MULTI_LOCK_ASSERT(); 891 892 switch (inm->inm_state) { 893 case IGMP_NOT_MEMBER: 894 case IGMP_SILENT_MEMBER: 895 break; 896 case IGMP_REPORTING_MEMBER: 897 if (inm->inm_timer != 0 && 898 inm->inm_timer <= timer) { 899 CTR1(KTR_IGMPV3, "%s: REPORTING and timer running, " 900 "skipping.", __func__); 901 break; 902 } 903 /* FALLTHROUGH */ 904 case IGMP_SG_QUERY_PENDING_MEMBER: 905 case IGMP_G_QUERY_PENDING_MEMBER: 906 case IGMP_IDLE_MEMBER: 907 case IGMP_LAZY_MEMBER: 908 case IGMP_AWAKENING_MEMBER: 909 CTR1(KTR_IGMPV3, "%s: ->REPORTING", __func__); 910 inm->inm_state = IGMP_REPORTING_MEMBER; 911 inm->inm_timer = IGMP_RANDOM_DELAY(timer); 912 V_current_state_timers_running = 1; 913 break; 914 case IGMP_SLEEPING_MEMBER: 915 CTR1(KTR_IGMPV3, "%s: ->AWAKENING", __func__); 916 inm->inm_state = IGMP_AWAKENING_MEMBER; 917 break; 918 case IGMP_LEAVING_MEMBER: 919 break; 920 } 921 } 922 923 /* 924 * Process a received IGMPv3 general, group-specific or 925 * group-and-source-specific query. 926 * Assumes m has already been pulled up to the full IGMP message length. 927 * Return 0 if successful, otherwise an appropriate error code is returned. 928 */ 929 static int 930 igmp_input_v3_query(struct ifnet *ifp, const struct ip *ip, 931 /*const*/ struct igmpv3 *igmpv3) 932 { 933 INIT_VNET_INET(ifp->if_vnet); 934 struct igmp_ifinfo *igi; 935 struct in_multi *inm; 936 uint32_t maxresp, nsrc, qqi; 937 uint16_t timer; 938 uint8_t qrv; 939 940 CTR2(KTR_IGMPV3, "process v3 query on ifp %p(%s)", ifp, ifp->if_xname); 941 942 maxresp = igmpv3->igmp_code; /* in 1/10ths of a second */ 943 if (maxresp >= 128) { 944 maxresp = IGMP_MANT(igmpv3->igmp_code) << 945 (IGMP_EXP(igmpv3->igmp_code) + 3); 946 } 947 948 /* 949 * Robustness must never be less than 2 for on-wire IGMPv3. 950 * FIXME: Check if ifp has IGIF_LOOPBACK set, as we make 951 * an exception for interfaces whose IGMPv3 state changes 952 * are redirected to loopback (e.g. MANET). 953 */ 954 qrv = IGMP_QRV(igmpv3->igmp_misc); 955 if (qrv < 2) { 956 CTR3(KTR_IGMPV3, "%s: clamping qrv %d to %d", __func__, 957 qrv, IGMP_RV_INIT); 958 qrv = IGMP_RV_INIT; 959 } 960 961 qqi = igmpv3->igmp_qqi; 962 if (qqi >= 128) { 963 qqi = IGMP_MANT(igmpv3->igmp_qqi) << 964 (IGMP_EXP(igmpv3->igmp_qqi) + 3); 965 } 966 967 timer = maxresp * PR_FASTHZ / IGMP_TIMER_SCALE; 968 if (timer == 0) 969 timer = 1; 970 971 nsrc = ntohs(igmpv3->igmp_numsrc); 972 973 IN_MULTI_LOCK(); 974 IGMP_LOCK(); 975 976 igi = ((struct in_ifinfo *)ifp->if_afdata[AF_INET])->ii_igmp; 977 KASSERT(igi != NULL, ("%s: no igmp_ifinfo for ifp %p", __func__, ifp)); 978 979 if (igi->igi_flags & IGIF_LOOPBACK) { 980 CTR2(KTR_IGMPV3, "ignore v3 query on IGIF_LOOPBACK ifp %p(%s)", 981 ifp, ifp->if_xname); 982 goto out_locked; 983 } 984 985 igmp_set_version(igi, IGMP_VERSION_3); 986 987 igi->igi_rv = qrv; 988 igi->igi_qi = qqi; 989 igi->igi_qri = maxresp; 990 991 CTR4(KTR_IGMPV3, "%s: qrv %d qi %d qri %d", __func__, qrv, qqi, 992 maxresp); 993 994 if (in_nullhost(igmpv3->igmp_group)) { 995 /* 996 * IGMPv3 General Query. 997 * Schedule a current-state report on this ifp for 998 * all groups, possibly containing source lists. 999 */ 1000 IGMPSTAT_INC(igps_rcv_gen_queries); 1001 1002 if (!in_allhosts(ip->ip_dst) || nsrc > 0) { 1003 /* 1004 * General Queries SHOULD be directed to 224.0.0.1. 1005 * A general query with a source list has undefined 1006 * behaviour; discard it. 1007 */ 1008 IGMPSTAT_INC(igps_rcv_badqueries); 1009 goto out_locked; 1010 } 1011 1012 CTR2(KTR_IGMPV3, "process v3 general query on ifp %p(%s)", 1013 ifp, ifp->if_xname); 1014 1015 /* 1016 * If there is a pending General Query response 1017 * scheduled earlier than the selected delay, do 1018 * not schedule any other reports. 1019 * Otherwise, reset the interface timer. 1020 */ 1021 if (igi->igi_v3_timer == 0 || igi->igi_v3_timer >= timer) { 1022 igi->igi_v3_timer = IGMP_RANDOM_DELAY(timer); 1023 V_interface_timers_running = 1; 1024 } 1025 } else { 1026 /* 1027 * IGMPv3 Group-specific or Group-and-source-specific Query. 1028 * 1029 * Group-source-specific queries are throttled on 1030 * a per-group basis to defeat denial-of-service attempts. 1031 * Queries for groups we are not a member of on this 1032 * link are simply ignored. 1033 */ 1034 inm = inm_lookup(ifp, igmpv3->igmp_group); 1035 if (inm == NULL) 1036 goto out_locked; 1037 if (nsrc > 0) { 1038 IGMPSTAT_INC(igps_rcv_gsr_queries); 1039 if (!ratecheck(&inm->inm_lastgsrtv, 1040 &V_igmp_gsrdelay)) { 1041 CTR1(KTR_IGMPV3, "%s: GS query throttled.", 1042 __func__); 1043 IGMPSTAT_INC(igps_drop_gsr_queries); 1044 goto out_locked; 1045 } 1046 } else { 1047 IGMPSTAT_INC(igps_rcv_group_queries); 1048 } 1049 CTR3(KTR_IGMPV3, "process v3 %s query on ifp %p(%s)", 1050 inet_ntoa(igmpv3->igmp_group), ifp, ifp->if_xname); 1051 /* 1052 * If there is a pending General Query response 1053 * scheduled sooner than the selected delay, no 1054 * further report need be scheduled. 1055 * Otherwise, prepare to respond to the 1056 * group-specific or group-and-source query. 1057 */ 1058 if (igi->igi_v3_timer == 0 || igi->igi_v3_timer >= timer) 1059 igmp_input_v3_group_query(inm, igi, timer, igmpv3); 1060 } 1061 1062 out_locked: 1063 IGMP_UNLOCK(); 1064 IN_MULTI_UNLOCK(); 1065 1066 return (0); 1067 } 1068 1069 /* 1070 * Process a recieved IGMPv3 group-specific or group-and-source-specific 1071 * query. 1072 * Return <0 if any error occured. Currently this is ignored. 1073 */ 1074 static int 1075 igmp_input_v3_group_query(struct in_multi *inm, struct igmp_ifinfo *igi, 1076 int timer, /*const*/ struct igmpv3 *igmpv3) 1077 { 1078 INIT_VNET_INET(curvnet); 1079 int retval; 1080 uint16_t nsrc; 1081 1082 IN_MULTI_LOCK_ASSERT(); 1083 IGMP_LOCK_ASSERT(); 1084 1085 retval = 0; 1086 1087 switch (inm->inm_state) { 1088 case IGMP_NOT_MEMBER: 1089 case IGMP_SILENT_MEMBER: 1090 case IGMP_SLEEPING_MEMBER: 1091 case IGMP_LAZY_MEMBER: 1092 case IGMP_AWAKENING_MEMBER: 1093 case IGMP_IDLE_MEMBER: 1094 case IGMP_LEAVING_MEMBER: 1095 return (retval); 1096 break; 1097 case IGMP_REPORTING_MEMBER: 1098 case IGMP_G_QUERY_PENDING_MEMBER: 1099 case IGMP_SG_QUERY_PENDING_MEMBER: 1100 break; 1101 } 1102 1103 nsrc = ntohs(igmpv3->igmp_numsrc); 1104 1105 /* 1106 * Deal with group-specific queries upfront. 1107 * If any group query is already pending, purge any recorded 1108 * source-list state if it exists, and schedule a query response 1109 * for this group-specific query. 1110 */ 1111 if (nsrc == 0) { 1112 if (inm->inm_state == IGMP_G_QUERY_PENDING_MEMBER || 1113 inm->inm_state == IGMP_SG_QUERY_PENDING_MEMBER) { 1114 inm_clear_recorded(inm); 1115 timer = min(inm->inm_timer, timer); 1116 } 1117 inm->inm_state = IGMP_G_QUERY_PENDING_MEMBER; 1118 inm->inm_timer = IGMP_RANDOM_DELAY(timer); 1119 V_current_state_timers_running = 1; 1120 return (retval); 1121 } 1122 1123 /* 1124 * Deal with the case where a group-and-source-specific query has 1125 * been received but a group-specific query is already pending. 1126 */ 1127 if (inm->inm_state == IGMP_G_QUERY_PENDING_MEMBER) { 1128 timer = min(inm->inm_timer, timer); 1129 inm->inm_timer = IGMP_RANDOM_DELAY(timer); 1130 V_current_state_timers_running = 1; 1131 return (retval); 1132 } 1133 1134 /* 1135 * Finally, deal with the case where a group-and-source-specific 1136 * query has been received, where a response to a previous g-s-r 1137 * query exists, or none exists. 1138 * In this case, we need to parse the source-list which the Querier 1139 * has provided us with and check if we have any source list filter 1140 * entries at T1 for these sources. If we do not, there is no need 1141 * schedule a report and the query may be dropped. 1142 * If we do, we must record them and schedule a current-state 1143 * report for those sources. 1144 * FIXME: Handling source lists larger than 1 mbuf requires that 1145 * we pass the mbuf chain pointer down to this function, and use 1146 * m_getptr() to walk the chain. 1147 */ 1148 if (inm->inm_nsrc > 0) { 1149 const struct in_addr *ap; 1150 int i, nrecorded; 1151 1152 ap = (const struct in_addr *)(igmpv3 + 1); 1153 nrecorded = 0; 1154 for (i = 0; i < nsrc; i++, ap++) { 1155 retval = inm_record_source(inm, ap->s_addr); 1156 if (retval < 0) 1157 break; 1158 nrecorded += retval; 1159 } 1160 if (nrecorded > 0) { 1161 CTR1(KTR_IGMPV3, 1162 "%s: schedule response to SG query", __func__); 1163 inm->inm_state = IGMP_SG_QUERY_PENDING_MEMBER; 1164 inm->inm_timer = IGMP_RANDOM_DELAY(timer); 1165 V_current_state_timers_running = 1; 1166 } 1167 } 1168 1169 return (retval); 1170 } 1171 1172 /* 1173 * Process a received IGMPv1 host membership report. 1174 * 1175 * NOTE: 0.0.0.0 workaround breaks const correctness. 1176 */ 1177 static int 1178 igmp_input_v1_report(struct ifnet *ifp, /*const*/ struct ip *ip, 1179 /*const*/ struct igmp *igmp) 1180 { 1181 INIT_VNET_INET(ifp->if_vnet); 1182 struct in_ifaddr *ia; 1183 struct in_multi *inm; 1184 1185 IGMPSTAT_INC(igps_rcv_reports); 1186 1187 if (ifp->if_flags & IFF_LOOPBACK) 1188 return (0); 1189 1190 if (!IN_MULTICAST(ntohl(igmp->igmp_group.s_addr) || 1191 !in_hosteq(igmp->igmp_group, ip->ip_dst))) { 1192 IGMPSTAT_INC(igps_rcv_badreports); 1193 return (EINVAL); 1194 } 1195 1196 /* 1197 * RFC 3376, Section 4.2.13, 9.2, 9.3: 1198 * Booting clients may use the source address 0.0.0.0. Some 1199 * IGMP daemons may not know how to use IP_RECVIF to determine 1200 * the interface upon which this message was received. 1201 * Replace 0.0.0.0 with the subnet address if told to do so. 1202 */ 1203 if (V_igmp_recvifkludge && in_nullhost(ip->ip_src)) { 1204 IFP_TO_IA(ifp, ia); 1205 if (ia != NULL) 1206 ip->ip_src.s_addr = htonl(ia->ia_subnet); 1207 } 1208 1209 CTR3(KTR_IGMPV3, "process v1 report %s on ifp %p(%s)", 1210 inet_ntoa(igmp->igmp_group), ifp, ifp->if_xname); 1211 1212 /* 1213 * IGMPv1 report suppression. 1214 * If we are a member of this group, and our membership should be 1215 * reported, stop our group timer and transition to the 'lazy' state. 1216 */ 1217 IN_MULTI_LOCK(); 1218 inm = inm_lookup(ifp, igmp->igmp_group); 1219 if (inm != NULL) { 1220 struct igmp_ifinfo *igi; 1221 1222 igi = inm->inm_igi; 1223 if (igi == NULL) { 1224 KASSERT(igi != NULL, 1225 ("%s: no igi for ifp %p", __func__, ifp)); 1226 goto out_locked; 1227 } 1228 1229 IGMPSTAT_INC(igps_rcv_ourreports); 1230 1231 /* 1232 * If we are in IGMPv3 host mode, do not allow the 1233 * other host's IGMPv1 report to suppress our reports 1234 * unless explicitly configured to do so. 1235 */ 1236 if (igi->igi_version == IGMP_VERSION_3) { 1237 if (V_igmp_legacysupp) 1238 igmp_v3_suppress_group_record(inm); 1239 goto out_locked; 1240 } 1241 1242 inm->inm_timer = 0; 1243 1244 switch (inm->inm_state) { 1245 case IGMP_NOT_MEMBER: 1246 case IGMP_SILENT_MEMBER: 1247 break; 1248 case IGMP_IDLE_MEMBER: 1249 case IGMP_LAZY_MEMBER: 1250 case IGMP_AWAKENING_MEMBER: 1251 CTR3(KTR_IGMPV3, 1252 "report suppressed for %s on ifp %p(%s)", 1253 inet_ntoa(igmp->igmp_group), ifp, ifp->if_xname); 1254 case IGMP_SLEEPING_MEMBER: 1255 inm->inm_state = IGMP_SLEEPING_MEMBER; 1256 break; 1257 case IGMP_REPORTING_MEMBER: 1258 CTR3(KTR_IGMPV3, 1259 "report suppressed for %s on ifp %p(%s)", 1260 inet_ntoa(igmp->igmp_group), ifp, ifp->if_xname); 1261 if (igi->igi_version == IGMP_VERSION_1) 1262 inm->inm_state = IGMP_LAZY_MEMBER; 1263 else if (igi->igi_version == IGMP_VERSION_2) 1264 inm->inm_state = IGMP_SLEEPING_MEMBER; 1265 break; 1266 case IGMP_G_QUERY_PENDING_MEMBER: 1267 case IGMP_SG_QUERY_PENDING_MEMBER: 1268 case IGMP_LEAVING_MEMBER: 1269 break; 1270 } 1271 } 1272 1273 out_locked: 1274 IN_MULTI_UNLOCK(); 1275 1276 return (0); 1277 } 1278 1279 /* 1280 * Process a received IGMPv2 host membership report. 1281 * 1282 * NOTE: 0.0.0.0 workaround breaks const correctness. 1283 */ 1284 static int 1285 igmp_input_v2_report(struct ifnet *ifp, /*const*/ struct ip *ip, 1286 /*const*/ struct igmp *igmp) 1287 { 1288 INIT_VNET_INET(ifp->if_vnet); 1289 struct in_ifaddr *ia; 1290 struct in_multi *inm; 1291 1292 /* 1293 * Make sure we don't hear our own membership report. Fast 1294 * leave requires knowing that we are the only member of a 1295 * group. 1296 */ 1297 IFP_TO_IA(ifp, ia); 1298 if (ia != NULL && in_hosteq(ip->ip_src, IA_SIN(ia)->sin_addr)) 1299 return (0); 1300 1301 IGMPSTAT_INC(igps_rcv_reports); 1302 1303 if (ifp->if_flags & IFF_LOOPBACK) 1304 return (0); 1305 1306 if (!IN_MULTICAST(ntohl(igmp->igmp_group.s_addr)) || 1307 !in_hosteq(igmp->igmp_group, ip->ip_dst)) { 1308 IGMPSTAT_INC(igps_rcv_badreports); 1309 return (EINVAL); 1310 } 1311 1312 /* 1313 * RFC 3376, Section 4.2.13, 9.2, 9.3: 1314 * Booting clients may use the source address 0.0.0.0. Some 1315 * IGMP daemons may not know how to use IP_RECVIF to determine 1316 * the interface upon which this message was received. 1317 * Replace 0.0.0.0 with the subnet address if told to do so. 1318 */ 1319 if (V_igmp_recvifkludge && in_nullhost(ip->ip_src)) { 1320 if (ia != NULL) 1321 ip->ip_src.s_addr = htonl(ia->ia_subnet); 1322 } 1323 1324 CTR3(KTR_IGMPV3, "process v2 report %s on ifp %p(%s)", 1325 inet_ntoa(igmp->igmp_group), ifp, ifp->if_xname); 1326 1327 /* 1328 * IGMPv2 report suppression. 1329 * If we are a member of this group, and our membership should be 1330 * reported, and our group timer is pending or about to be reset, 1331 * stop our group timer by transitioning to the 'lazy' state. 1332 */ 1333 IN_MULTI_LOCK(); 1334 inm = inm_lookup(ifp, igmp->igmp_group); 1335 if (inm != NULL) { 1336 struct igmp_ifinfo *igi; 1337 1338 igi = inm->inm_igi; 1339 KASSERT(igi != NULL, ("%s: no igi for ifp %p", __func__, ifp)); 1340 1341 IGMPSTAT_INC(igps_rcv_ourreports); 1342 1343 /* 1344 * If we are in IGMPv3 host mode, do not allow the 1345 * other host's IGMPv1 report to suppress our reports 1346 * unless explicitly configured to do so. 1347 */ 1348 if (igi->igi_version == IGMP_VERSION_3) { 1349 if (V_igmp_legacysupp) 1350 igmp_v3_suppress_group_record(inm); 1351 goto out_locked; 1352 } 1353 1354 inm->inm_timer = 0; 1355 1356 switch (inm->inm_state) { 1357 case IGMP_NOT_MEMBER: 1358 case IGMP_SILENT_MEMBER: 1359 case IGMP_SLEEPING_MEMBER: 1360 break; 1361 case IGMP_REPORTING_MEMBER: 1362 case IGMP_IDLE_MEMBER: 1363 case IGMP_AWAKENING_MEMBER: 1364 CTR3(KTR_IGMPV3, 1365 "report suppressed for %s on ifp %p(%s)", 1366 inet_ntoa(igmp->igmp_group), ifp, ifp->if_xname); 1367 case IGMP_LAZY_MEMBER: 1368 inm->inm_state = IGMP_LAZY_MEMBER; 1369 break; 1370 case IGMP_G_QUERY_PENDING_MEMBER: 1371 case IGMP_SG_QUERY_PENDING_MEMBER: 1372 case IGMP_LEAVING_MEMBER: 1373 break; 1374 } 1375 } 1376 1377 out_locked: 1378 IN_MULTI_UNLOCK(); 1379 1380 return (0); 1381 } 1382 1383 void 1384 igmp_input(struct mbuf *m, int off) 1385 { 1386 int iphlen; 1387 struct ifnet *ifp; 1388 struct igmp *igmp; 1389 struct ip *ip; 1390 int igmplen; 1391 int minlen; 1392 int queryver; 1393 1394 CTR3(KTR_IGMPV3, "%s: called w/mbuf (%p,%d)", __func__, m, off); 1395 1396 ifp = m->m_pkthdr.rcvif; 1397 INIT_VNET_INET(ifp->if_vnet); 1398 1399 IGMPSTAT_INC(igps_rcv_total); 1400 1401 ip = mtod(m, struct ip *); 1402 iphlen = off; 1403 igmplen = ip->ip_len; 1404 1405 /* 1406 * Validate lengths. 1407 */ 1408 if (igmplen < IGMP_MINLEN) { 1409 IGMPSTAT_INC(igps_rcv_tooshort); 1410 m_freem(m); 1411 return; 1412 } 1413 1414 /* 1415 * Always pullup to the minimum size for v1/v2 or v3 1416 * to amortize calls to m_pullup(). 1417 */ 1418 minlen = iphlen; 1419 if (igmplen >= IGMP_V3_QUERY_MINLEN) 1420 minlen += IGMP_V3_QUERY_MINLEN; 1421 else 1422 minlen += IGMP_MINLEN; 1423 if ((m->m_flags & M_EXT || m->m_len < minlen) && 1424 (m = m_pullup(m, minlen)) == 0) { 1425 IGMPSTAT_INC(igps_rcv_tooshort); 1426 return; 1427 } 1428 ip = mtod(m, struct ip *); 1429 1430 if (ip->ip_ttl != 1) { 1431 IGMPSTAT_INC(igps_rcv_badttl); 1432 m_freem(m); 1433 return; 1434 } 1435 1436 /* 1437 * Validate checksum. 1438 */ 1439 m->m_data += iphlen; 1440 m->m_len -= iphlen; 1441 igmp = mtod(m, struct igmp *); 1442 if (in_cksum(m, igmplen)) { 1443 IGMPSTAT_INC(igps_rcv_badsum); 1444 m_freem(m); 1445 return; 1446 } 1447 m->m_data -= iphlen; 1448 m->m_len += iphlen; 1449 1450 switch (igmp->igmp_type) { 1451 case IGMP_HOST_MEMBERSHIP_QUERY: 1452 if (igmplen == IGMP_MINLEN) { 1453 if (igmp->igmp_code == 0) 1454 queryver = IGMP_VERSION_1; 1455 else 1456 queryver = IGMP_VERSION_2; 1457 } else if (igmplen >= IGMP_V3_QUERY_MINLEN) { 1458 queryver = IGMP_VERSION_3; 1459 } else { 1460 IGMPSTAT_INC(igps_rcv_tooshort); 1461 m_freem(m); 1462 return; 1463 } 1464 1465 switch (queryver) { 1466 case IGMP_VERSION_1: 1467 IGMPSTAT_INC(igps_rcv_v1v2_queries); 1468 if (!V_igmp_v1enable) 1469 break; 1470 if (igmp_input_v1_query(ifp, ip) != 0) { 1471 m_freem(m); 1472 return; 1473 } 1474 break; 1475 1476 case IGMP_VERSION_2: 1477 IGMPSTAT_INC(igps_rcv_v1v2_queries); 1478 if (!V_igmp_v2enable) 1479 break; 1480 if (igmp_input_v2_query(ifp, ip, igmp) != 0) { 1481 m_freem(m); 1482 return; 1483 } 1484 break; 1485 1486 case IGMP_VERSION_3: { 1487 struct igmpv3 *igmpv3; 1488 uint16_t igmpv3len; 1489 uint16_t srclen; 1490 int nsrc; 1491 1492 IGMPSTAT_INC(igps_rcv_v3_queries); 1493 igmpv3 = (struct igmpv3 *)igmp; 1494 /* 1495 * Validate length based on source count. 1496 */ 1497 nsrc = ntohs(igmpv3->igmp_numsrc); 1498 srclen = sizeof(struct in_addr) * nsrc; 1499 if (nsrc * sizeof(in_addr_t) > srclen) { 1500 IGMPSTAT_INC(igps_rcv_tooshort); 1501 return; 1502 } 1503 /* 1504 * m_pullup() may modify m, so pullup in 1505 * this scope. 1506 */ 1507 igmpv3len = iphlen + IGMP_V3_QUERY_MINLEN + 1508 srclen; 1509 if ((m->m_flags & M_EXT || 1510 m->m_len < igmpv3len) && 1511 (m = m_pullup(m, igmpv3len)) == NULL) { 1512 IGMPSTAT_INC(igps_rcv_tooshort); 1513 return; 1514 } 1515 igmpv3 = (struct igmpv3 *)(mtod(m, uint8_t *) 1516 + iphlen); 1517 if (igmp_input_v3_query(ifp, ip, igmpv3) != 0) { 1518 m_freem(m); 1519 return; 1520 } 1521 } 1522 break; 1523 } 1524 break; 1525 1526 case IGMP_v1_HOST_MEMBERSHIP_REPORT: 1527 if (!V_igmp_v1enable) 1528 break; 1529 if (igmp_input_v1_report(ifp, ip, igmp) != 0) { 1530 m_freem(m); 1531 return; 1532 } 1533 break; 1534 1535 case IGMP_v2_HOST_MEMBERSHIP_REPORT: 1536 if (!V_igmp_v2enable) 1537 break; 1538 if (!ip_checkrouteralert(m)) 1539 IGMPSTAT_INC(igps_rcv_nora); 1540 if (igmp_input_v2_report(ifp, ip, igmp) != 0) { 1541 m_freem(m); 1542 return; 1543 } 1544 break; 1545 1546 case IGMP_v3_HOST_MEMBERSHIP_REPORT: 1547 /* 1548 * Hosts do not need to process IGMPv3 membership reports, 1549 * as report suppression is no longer required. 1550 */ 1551 if (!ip_checkrouteralert(m)) 1552 IGMPSTAT_INC(igps_rcv_nora); 1553 break; 1554 1555 default: 1556 break; 1557 } 1558 1559 /* 1560 * Pass all valid IGMP packets up to any process(es) listening on a 1561 * raw IGMP socket. 1562 */ 1563 rip_input(m, off); 1564 } 1565 1566 1567 /* 1568 * Fast timeout handler (global). 1569 * VIMAGE: Timeout handlers are expected to service all vimages. 1570 */ 1571 void 1572 igmp_fasttimo(void) 1573 { 1574 VNET_ITERATOR_DECL(vnet_iter); 1575 1576 VNET_LIST_RLOCK(); 1577 VNET_FOREACH(vnet_iter) { 1578 CURVNET_SET(vnet_iter); 1579 igmp_fasttimo_vnet(); 1580 CURVNET_RESTORE(); 1581 } 1582 VNET_LIST_RUNLOCK(); 1583 } 1584 1585 /* 1586 * Fast timeout handler (per-vnet). 1587 * Sends are shuffled off to a netisr to deal with Giant. 1588 * 1589 * VIMAGE: Assume caller has set up our curvnet. 1590 */ 1591 static void 1592 igmp_fasttimo_vnet(void) 1593 { 1594 INIT_VNET_INET(curvnet); 1595 struct ifqueue scq; /* State-change packets */ 1596 struct ifqueue qrq; /* Query response packets */ 1597 struct ifnet *ifp; 1598 struct igmp_ifinfo *igi; 1599 struct ifmultiaddr *ifma, *tifma; 1600 struct in_multi *inm; 1601 int loop, uri_fasthz; 1602 1603 loop = 0; 1604 uri_fasthz = 0; 1605 1606 /* 1607 * Quick check to see if any work needs to be done, in order to 1608 * minimize the overhead of fasttimo processing. 1609 * SMPng: XXX Unlocked reads. 1610 */ 1611 if (!V_current_state_timers_running && 1612 !V_interface_timers_running && 1613 !V_state_change_timers_running) 1614 return; 1615 1616 IN_MULTI_LOCK(); 1617 IGMP_LOCK(); 1618 1619 /* 1620 * IGMPv3 General Query response timer processing. 1621 */ 1622 if (V_interface_timers_running) { 1623 CTR1(KTR_IGMPV3, "%s: interface timers running", __func__); 1624 1625 V_interface_timers_running = 0; 1626 LIST_FOREACH(igi, &V_igi_head, igi_link) { 1627 if (igi->igi_v3_timer == 0) { 1628 /* Do nothing. */ 1629 } else if (--igi->igi_v3_timer == 0) { 1630 igmp_v3_dispatch_general_query(igi); 1631 } else { 1632 V_interface_timers_running = 1; 1633 } 1634 } 1635 } 1636 1637 if (!V_current_state_timers_running && 1638 !V_state_change_timers_running) 1639 goto out_locked; 1640 1641 V_current_state_timers_running = 0; 1642 V_state_change_timers_running = 0; 1643 1644 CTR1(KTR_IGMPV3, "%s: state change timers running", __func__); 1645 1646 /* 1647 * IGMPv1/v2/v3 host report and state-change timer processing. 1648 * Note: Processing a v3 group timer may remove a node. 1649 */ 1650 LIST_FOREACH(igi, &V_igi_head, igi_link) { 1651 ifp = igi->igi_ifp; 1652 1653 if (igi->igi_version == IGMP_VERSION_3) { 1654 loop = (igi->igi_flags & IGIF_LOOPBACK) ? 1 : 0; 1655 uri_fasthz = IGMP_RANDOM_DELAY(igi->igi_uri * 1656 PR_FASTHZ); 1657 1658 memset(&qrq, 0, sizeof(struct ifqueue)); 1659 IFQ_SET_MAXLEN(&qrq, IGMP_MAX_G_GS_PACKETS); 1660 1661 memset(&scq, 0, sizeof(struct ifqueue)); 1662 IFQ_SET_MAXLEN(&scq, IGMP_MAX_STATE_CHANGE_PACKETS); 1663 } 1664 1665 IF_ADDR_LOCK(ifp); 1666 TAILQ_FOREACH_SAFE(ifma, &ifp->if_multiaddrs, ifma_link, 1667 tifma) { 1668 if (ifma->ifma_addr->sa_family != AF_INET || 1669 ifma->ifma_protospec == NULL) 1670 continue; 1671 inm = (struct in_multi *)ifma->ifma_protospec; 1672 switch (igi->igi_version) { 1673 case IGMP_VERSION_1: 1674 case IGMP_VERSION_2: 1675 igmp_v1v2_process_group_timer(inm, 1676 igi->igi_version); 1677 break; 1678 case IGMP_VERSION_3: 1679 igmp_v3_process_group_timers(igi, &qrq, 1680 &scq, inm, uri_fasthz); 1681 break; 1682 } 1683 } 1684 IF_ADDR_UNLOCK(ifp); 1685 1686 if (igi->igi_version == IGMP_VERSION_3) { 1687 struct in_multi *tinm; 1688 1689 igmp_dispatch_queue(&qrq, 0, loop); 1690 igmp_dispatch_queue(&scq, 0, loop); 1691 1692 /* 1693 * Free the in_multi reference(s) for this 1694 * IGMP lifecycle. 1695 */ 1696 SLIST_FOREACH_SAFE(inm, &igi->igi_relinmhead, 1697 inm_nrele, tinm) { 1698 SLIST_REMOVE_HEAD(&igi->igi_relinmhead, 1699 inm_nrele); 1700 inm_release_locked(inm); 1701 } 1702 } 1703 } 1704 1705 out_locked: 1706 IGMP_UNLOCK(); 1707 IN_MULTI_UNLOCK(); 1708 } 1709 1710 /* 1711 * Update host report group timer for IGMPv1/v2. 1712 * Will update the global pending timer flags. 1713 */ 1714 static void 1715 igmp_v1v2_process_group_timer(struct in_multi *inm, const int version) 1716 { 1717 INIT_VNET_INET(curvnet); 1718 int report_timer_expired; 1719 1720 IN_MULTI_LOCK_ASSERT(); 1721 IGMP_LOCK_ASSERT(); 1722 1723 if (inm->inm_timer == 0) { 1724 report_timer_expired = 0; 1725 } else if (--inm->inm_timer == 0) { 1726 report_timer_expired = 1; 1727 } else { 1728 V_current_state_timers_running = 1; 1729 return; 1730 } 1731 1732 switch (inm->inm_state) { 1733 case IGMP_NOT_MEMBER: 1734 case IGMP_SILENT_MEMBER: 1735 case IGMP_IDLE_MEMBER: 1736 case IGMP_LAZY_MEMBER: 1737 case IGMP_SLEEPING_MEMBER: 1738 case IGMP_AWAKENING_MEMBER: 1739 break; 1740 case IGMP_REPORTING_MEMBER: 1741 if (report_timer_expired) { 1742 inm->inm_state = IGMP_IDLE_MEMBER; 1743 (void)igmp_v1v2_queue_report(inm, 1744 (version == IGMP_VERSION_2) ? 1745 IGMP_v2_HOST_MEMBERSHIP_REPORT : 1746 IGMP_v1_HOST_MEMBERSHIP_REPORT); 1747 } 1748 break; 1749 case IGMP_G_QUERY_PENDING_MEMBER: 1750 case IGMP_SG_QUERY_PENDING_MEMBER: 1751 case IGMP_LEAVING_MEMBER: 1752 break; 1753 } 1754 } 1755 1756 /* 1757 * Update a group's timers for IGMPv3. 1758 * Will update the global pending timer flags. 1759 * Note: Unlocked read from igi. 1760 */ 1761 static void 1762 igmp_v3_process_group_timers(struct igmp_ifinfo *igi, 1763 struct ifqueue *qrq, struct ifqueue *scq, 1764 struct in_multi *inm, const int uri_fasthz) 1765 { 1766 INIT_VNET_INET(curvnet); 1767 int query_response_timer_expired; 1768 int state_change_retransmit_timer_expired; 1769 1770 IN_MULTI_LOCK_ASSERT(); 1771 IGMP_LOCK_ASSERT(); 1772 1773 query_response_timer_expired = 0; 1774 state_change_retransmit_timer_expired = 0; 1775 1776 /* 1777 * During a transition from v1/v2 compatibility mode back to v3, 1778 * a group record in REPORTING state may still have its group 1779 * timer active. This is a no-op in this function; it is easier 1780 * to deal with it here than to complicate the slow-timeout path. 1781 */ 1782 if (inm->inm_timer == 0) { 1783 query_response_timer_expired = 0; 1784 } else if (--inm->inm_timer == 0) { 1785 query_response_timer_expired = 1; 1786 } else { 1787 V_current_state_timers_running = 1; 1788 } 1789 1790 if (inm->inm_sctimer == 0) { 1791 state_change_retransmit_timer_expired = 0; 1792 } else if (--inm->inm_sctimer == 0) { 1793 state_change_retransmit_timer_expired = 1; 1794 } else { 1795 V_state_change_timers_running = 1; 1796 } 1797 1798 /* We are in fasttimo, so be quick about it. */ 1799 if (!state_change_retransmit_timer_expired && 1800 !query_response_timer_expired) 1801 return; 1802 1803 switch (inm->inm_state) { 1804 case IGMP_NOT_MEMBER: 1805 case IGMP_SILENT_MEMBER: 1806 case IGMP_SLEEPING_MEMBER: 1807 case IGMP_LAZY_MEMBER: 1808 case IGMP_AWAKENING_MEMBER: 1809 case IGMP_IDLE_MEMBER: 1810 break; 1811 case IGMP_G_QUERY_PENDING_MEMBER: 1812 case IGMP_SG_QUERY_PENDING_MEMBER: 1813 /* 1814 * Respond to a previously pending Group-Specific 1815 * or Group-and-Source-Specific query by enqueueing 1816 * the appropriate Current-State report for 1817 * immediate transmission. 1818 */ 1819 if (query_response_timer_expired) { 1820 int retval; 1821 1822 retval = igmp_v3_enqueue_group_record(qrq, inm, 0, 1, 1823 (inm->inm_state == IGMP_SG_QUERY_PENDING_MEMBER)); 1824 CTR2(KTR_IGMPV3, "%s: enqueue record = %d", 1825 __func__, retval); 1826 inm->inm_state = IGMP_REPORTING_MEMBER; 1827 /* XXX Clear recorded sources for next time. */ 1828 inm_clear_recorded(inm); 1829 } 1830 /* FALLTHROUGH */ 1831 case IGMP_REPORTING_MEMBER: 1832 case IGMP_LEAVING_MEMBER: 1833 if (state_change_retransmit_timer_expired) { 1834 /* 1835 * State-change retransmission timer fired. 1836 * If there are any further pending retransmissions, 1837 * set the global pending state-change flag, and 1838 * reset the timer. 1839 */ 1840 if (--inm->inm_scrv > 0) { 1841 inm->inm_sctimer = uri_fasthz; 1842 V_state_change_timers_running = 1; 1843 } 1844 /* 1845 * Retransmit the previously computed state-change 1846 * report. If there are no further pending 1847 * retransmissions, the mbuf queue will be consumed. 1848 * Update T0 state to T1 as we have now sent 1849 * a state-change. 1850 */ 1851 (void)igmp_v3_merge_state_changes(inm, scq); 1852 1853 inm_commit(inm); 1854 CTR3(KTR_IGMPV3, "%s: T1 -> T0 for %s/%s", __func__, 1855 inet_ntoa(inm->inm_addr), inm->inm_ifp->if_xname); 1856 1857 /* 1858 * If we are leaving the group for good, make sure 1859 * we release IGMP's reference to it. 1860 * This release must be deferred using a SLIST, 1861 * as we are called from a loop which traverses 1862 * the in_ifmultiaddr TAILQ. 1863 */ 1864 if (inm->inm_state == IGMP_LEAVING_MEMBER && 1865 inm->inm_scrv == 0) { 1866 inm->inm_state = IGMP_NOT_MEMBER; 1867 SLIST_INSERT_HEAD(&igi->igi_relinmhead, 1868 inm, inm_nrele); 1869 } 1870 } 1871 break; 1872 } 1873 } 1874 1875 1876 /* 1877 * Suppress a group's pending response to a group or source/group query. 1878 * 1879 * Do NOT suppress state changes. This leads to IGMPv3 inconsistency. 1880 * Do NOT update ST1/ST0 as this operation merely suppresses 1881 * the currently pending group record. 1882 * Do NOT suppress the response to a general query. It is possible but 1883 * it would require adding another state or flag. 1884 */ 1885 static void 1886 igmp_v3_suppress_group_record(struct in_multi *inm) 1887 { 1888 1889 IN_MULTI_LOCK_ASSERT(); 1890 1891 KASSERT(inm->inm_igi->igi_version == IGMP_VERSION_3, 1892 ("%s: not IGMPv3 mode on link", __func__)); 1893 1894 if (inm->inm_state != IGMP_G_QUERY_PENDING_MEMBER || 1895 inm->inm_state != IGMP_SG_QUERY_PENDING_MEMBER) 1896 return; 1897 1898 if (inm->inm_state == IGMP_SG_QUERY_PENDING_MEMBER) 1899 inm_clear_recorded(inm); 1900 1901 inm->inm_timer = 0; 1902 inm->inm_state = IGMP_REPORTING_MEMBER; 1903 } 1904 1905 /* 1906 * Switch to a different IGMP version on the given interface, 1907 * as per Section 7.2.1. 1908 */ 1909 static void 1910 igmp_set_version(struct igmp_ifinfo *igi, const int version) 1911 { 1912 1913 IGMP_LOCK_ASSERT(); 1914 1915 CTR4(KTR_IGMPV3, "%s: switching to v%d on ifp %p(%s)", __func__, 1916 version, igi->igi_ifp, igi->igi_ifp->if_xname); 1917 1918 if (version == IGMP_VERSION_1 || version == IGMP_VERSION_2) { 1919 int old_version_timer; 1920 /* 1921 * Compute the "Older Version Querier Present" timer as per 1922 * Section 8.12. 1923 */ 1924 old_version_timer = igi->igi_rv * igi->igi_qi + igi->igi_qri; 1925 old_version_timer *= PR_SLOWHZ; 1926 1927 if (version == IGMP_VERSION_1) { 1928 igi->igi_v1_timer = old_version_timer; 1929 igi->igi_v2_timer = 0; 1930 } else if (version == IGMP_VERSION_2) { 1931 igi->igi_v1_timer = 0; 1932 igi->igi_v2_timer = old_version_timer; 1933 } 1934 } 1935 1936 if (igi->igi_v1_timer == 0 && igi->igi_v2_timer > 0) { 1937 if (igi->igi_version != IGMP_VERSION_2) { 1938 igi->igi_version = IGMP_VERSION_2; 1939 igmp_v3_cancel_link_timers(igi); 1940 } 1941 } else if (igi->igi_v1_timer > 0) { 1942 if (igi->igi_version != IGMP_VERSION_1) { 1943 igi->igi_version = IGMP_VERSION_1; 1944 igmp_v3_cancel_link_timers(igi); 1945 } 1946 } 1947 } 1948 1949 /* 1950 * Cancel pending IGMPv3 timers for the given link and all groups 1951 * joined on it; state-change, general-query, and group-query timers. 1952 */ 1953 static void 1954 igmp_v3_cancel_link_timers(struct igmp_ifinfo *igi) 1955 { 1956 INIT_VNET_INET(curvnet); 1957 struct ifmultiaddr *ifma; 1958 struct ifnet *ifp; 1959 struct in_multi *inm; 1960 1961 CTR3(KTR_IGMPV3, "%s: cancel v3 timers on ifp %p(%s)", __func__, 1962 igi->igi_ifp, igi->igi_ifp->if_xname); 1963 1964 IN_MULTI_LOCK_ASSERT(); 1965 IGMP_LOCK_ASSERT(); 1966 1967 /* 1968 * Fast-track this potentially expensive operation 1969 * by checking all the global 'timer pending' flags. 1970 */ 1971 if (!V_interface_timers_running && 1972 !V_state_change_timers_running && 1973 !V_current_state_timers_running) 1974 return; 1975 1976 igi->igi_v3_timer = 0; 1977 1978 ifp = igi->igi_ifp; 1979 1980 IF_ADDR_LOCK(ifp); 1981 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 1982 if (ifma->ifma_addr->sa_family != AF_INET) 1983 continue; 1984 inm = (struct in_multi *)ifma->ifma_protospec; 1985 switch (inm->inm_state) { 1986 case IGMP_NOT_MEMBER: 1987 case IGMP_SILENT_MEMBER: 1988 case IGMP_IDLE_MEMBER: 1989 case IGMP_LAZY_MEMBER: 1990 case IGMP_SLEEPING_MEMBER: 1991 case IGMP_AWAKENING_MEMBER: 1992 break; 1993 case IGMP_LEAVING_MEMBER: 1994 /* 1995 * If we are leaving the group and switching 1996 * IGMP version, we need to release the final 1997 * reference held for issuing the INCLUDE {}. 1998 * 1999 * SMPNG: Must drop and re-acquire IF_ADDR_LOCK 2000 * around inm_release_locked(), as it is not 2001 * a recursive mutex. 2002 */ 2003 IF_ADDR_UNLOCK(ifp); 2004 inm_release_locked(inm); 2005 IF_ADDR_LOCK(ifp); 2006 /* FALLTHROUGH */ 2007 case IGMP_G_QUERY_PENDING_MEMBER: 2008 case IGMP_SG_QUERY_PENDING_MEMBER: 2009 inm_clear_recorded(inm); 2010 /* FALLTHROUGH */ 2011 case IGMP_REPORTING_MEMBER: 2012 inm->inm_sctimer = 0; 2013 inm->inm_timer = 0; 2014 inm->inm_state = IGMP_REPORTING_MEMBER; 2015 /* 2016 * Free any pending IGMPv3 state-change records. 2017 */ 2018 _IF_DRAIN(&inm->inm_scq); 2019 break; 2020 } 2021 } 2022 IF_ADDR_UNLOCK(ifp); 2023 } 2024 2025 /* 2026 * Update the Older Version Querier Present timers for a link. 2027 * See Section 7.2.1 of RFC 3376. 2028 */ 2029 static void 2030 igmp_v1v2_process_querier_timers(struct igmp_ifinfo *igi) 2031 { 2032 INIT_VNET_INET(curvnet); 2033 2034 IGMP_LOCK_ASSERT(); 2035 2036 if (igi->igi_v1_timer == 0 && igi->igi_v2_timer == 0) { 2037 /* 2038 * IGMPv1 and IGMPv2 Querier Present timers expired. 2039 * 2040 * Revert to IGMPv3. 2041 */ 2042 if (igi->igi_version != IGMP_VERSION_3) { 2043 CTR5(KTR_IGMPV3, 2044 "%s: transition from v%d -> v%d on %p(%s)", 2045 __func__, igi->igi_version, IGMP_VERSION_3, 2046 igi->igi_ifp, igi->igi_ifp->if_xname); 2047 igi->igi_version = IGMP_VERSION_3; 2048 } 2049 } else if (igi->igi_v1_timer == 0 && igi->igi_v2_timer > 0) { 2050 /* 2051 * IGMPv1 Querier Present timer expired, 2052 * IGMPv2 Querier Present timer running. 2053 * If IGMPv2 was disabled since last timeout, 2054 * revert to IGMPv3. 2055 * If IGMPv2 is enabled, revert to IGMPv2. 2056 */ 2057 if (!V_igmp_v2enable) { 2058 CTR5(KTR_IGMPV3, 2059 "%s: transition from v%d -> v%d on %p(%s)", 2060 __func__, igi->igi_version, IGMP_VERSION_3, 2061 igi->igi_ifp, igi->igi_ifp->if_xname); 2062 igi->igi_v2_timer = 0; 2063 igi->igi_version = IGMP_VERSION_3; 2064 } else { 2065 --igi->igi_v2_timer; 2066 if (igi->igi_version != IGMP_VERSION_2) { 2067 CTR5(KTR_IGMPV3, 2068 "%s: transition from v%d -> v%d on %p(%s)", 2069 __func__, igi->igi_version, IGMP_VERSION_2, 2070 igi->igi_ifp, igi->igi_ifp->if_xname); 2071 igi->igi_version = IGMP_VERSION_2; 2072 } 2073 } 2074 } else if (igi->igi_v1_timer > 0) { 2075 /* 2076 * IGMPv1 Querier Present timer running. 2077 * Stop IGMPv2 timer if running. 2078 * 2079 * If IGMPv1 was disabled since last timeout, 2080 * revert to IGMPv3. 2081 * If IGMPv1 is enabled, reset IGMPv2 timer if running. 2082 */ 2083 if (!V_igmp_v1enable) { 2084 CTR5(KTR_IGMPV3, 2085 "%s: transition from v%d -> v%d on %p(%s)", 2086 __func__, igi->igi_version, IGMP_VERSION_3, 2087 igi->igi_ifp, igi->igi_ifp->if_xname); 2088 igi->igi_v1_timer = 0; 2089 igi->igi_version = IGMP_VERSION_3; 2090 } else { 2091 --igi->igi_v1_timer; 2092 } 2093 if (igi->igi_v2_timer > 0) { 2094 CTR3(KTR_IGMPV3, 2095 "%s: cancel v2 timer on %p(%s)", 2096 __func__, igi->igi_ifp, igi->igi_ifp->if_xname); 2097 igi->igi_v2_timer = 0; 2098 } 2099 } 2100 } 2101 2102 /* 2103 * Global slowtimo handler. 2104 * VIMAGE: Timeout handlers are expected to service all vimages. 2105 */ 2106 void 2107 igmp_slowtimo(void) 2108 { 2109 VNET_ITERATOR_DECL(vnet_iter); 2110 2111 VNET_LIST_RLOCK(); 2112 VNET_FOREACH(vnet_iter) { 2113 CURVNET_SET(vnet_iter); 2114 igmp_slowtimo_vnet(); 2115 CURVNET_RESTORE(); 2116 } 2117 VNET_LIST_RUNLOCK(); 2118 } 2119 2120 /* 2121 * Per-vnet slowtimo handler. 2122 */ 2123 static void 2124 igmp_slowtimo_vnet(void) 2125 { 2126 INIT_VNET_INET(curvnet); 2127 struct igmp_ifinfo *igi; 2128 2129 IGMP_LOCK(); 2130 2131 LIST_FOREACH(igi, &V_igi_head, igi_link) { 2132 igmp_v1v2_process_querier_timers(igi); 2133 } 2134 2135 IGMP_UNLOCK(); 2136 } 2137 2138 /* 2139 * Dispatch an IGMPv1/v2 host report or leave message. 2140 * These are always small enough to fit inside a single mbuf. 2141 */ 2142 static int 2143 igmp_v1v2_queue_report(struct in_multi *inm, const int type) 2144 { 2145 struct ifnet *ifp; 2146 struct igmp *igmp; 2147 struct ip *ip; 2148 struct mbuf *m; 2149 2150 IN_MULTI_LOCK_ASSERT(); 2151 IGMP_LOCK_ASSERT(); 2152 2153 ifp = inm->inm_ifp; 2154 2155 MGETHDR(m, M_DONTWAIT, MT_DATA); 2156 if (m == NULL) 2157 return (ENOMEM); 2158 MH_ALIGN(m, sizeof(struct ip) + sizeof(struct igmp)); 2159 2160 m->m_pkthdr.len = sizeof(struct ip) + sizeof(struct igmp); 2161 2162 m->m_data += sizeof(struct ip); 2163 m->m_len = sizeof(struct igmp); 2164 2165 igmp = mtod(m, struct igmp *); 2166 igmp->igmp_type = type; 2167 igmp->igmp_code = 0; 2168 igmp->igmp_group = inm->inm_addr; 2169 igmp->igmp_cksum = 0; 2170 igmp->igmp_cksum = in_cksum(m, sizeof(struct igmp)); 2171 2172 m->m_data -= sizeof(struct ip); 2173 m->m_len += sizeof(struct ip); 2174 2175 ip = mtod(m, struct ip *); 2176 ip->ip_tos = 0; 2177 ip->ip_len = sizeof(struct ip) + sizeof(struct igmp); 2178 ip->ip_off = 0; 2179 ip->ip_p = IPPROTO_IGMP; 2180 ip->ip_src.s_addr = INADDR_ANY; 2181 2182 if (type == IGMP_HOST_LEAVE_MESSAGE) 2183 ip->ip_dst.s_addr = htonl(INADDR_ALLRTRS_GROUP); 2184 else 2185 ip->ip_dst = inm->inm_addr; 2186 2187 igmp_save_context(m, ifp); 2188 2189 m->m_flags |= M_IGMPV2; 2190 if (inm->inm_igi->igi_flags & IGIF_LOOPBACK) 2191 m->m_flags |= M_IGMP_LOOP; 2192 2193 CTR2(KTR_IGMPV3, "%s: netisr_dispatch(NETISR_IGMP, %p)", __func__, m); 2194 netisr_dispatch(NETISR_IGMP, m); 2195 2196 return (0); 2197 } 2198 2199 /* 2200 * Process a state change from the upper layer for the given IPv4 group. 2201 * 2202 * Each socket holds a reference on the in_multi in its own ip_moptions. 2203 * The socket layer will have made the necessary updates to.the group 2204 * state, it is now up to IGMP to issue a state change report if there 2205 * has been any change between T0 (when the last state-change was issued) 2206 * and T1 (now). 2207 * 2208 * We use the IGMPv3 state machine at group level. The IGMP module 2209 * however makes the decision as to which IGMP protocol version to speak. 2210 * A state change *from* INCLUDE {} always means an initial join. 2211 * A state change *to* INCLUDE {} always means a final leave. 2212 * 2213 * FUTURE: If IGIF_V3LITE is enabled for this interface, then we can 2214 * save ourselves a bunch of work; any exclusive mode groups need not 2215 * compute source filter lists. 2216 * 2217 * VIMAGE: curvnet should have been set by caller, as this routine 2218 * is called from the socket option handlers. 2219 */ 2220 int 2221 igmp_change_state(struct in_multi *inm) 2222 { 2223 struct igmp_ifinfo *igi; 2224 struct ifnet *ifp; 2225 int error; 2226 2227 IN_MULTI_LOCK_ASSERT(); 2228 2229 error = 0; 2230 2231 /* 2232 * Try to detect if the upper layer just asked us to change state 2233 * for an interface which has now gone away. 2234 */ 2235 KASSERT(inm->inm_ifma != NULL, ("%s: no ifma", __func__)); 2236 ifp = inm->inm_ifma->ifma_ifp; 2237 if (ifp != NULL) { 2238 /* 2239 * Sanity check that netinet's notion of ifp is the 2240 * same as net's. 2241 */ 2242 KASSERT(inm->inm_ifp == ifp, ("%s: bad ifp", __func__)); 2243 } 2244 2245 IGMP_LOCK(); 2246 2247 igi = ((struct in_ifinfo *)ifp->if_afdata[AF_INET])->ii_igmp; 2248 KASSERT(igi != NULL, ("%s: no igmp_ifinfo for ifp %p", __func__, ifp)); 2249 2250 /* 2251 * If we detect a state transition to or from MCAST_UNDEFINED 2252 * for this group, then we are starting or finishing an IGMP 2253 * life cycle for this group. 2254 */ 2255 if (inm->inm_st[1].iss_fmode != inm->inm_st[0].iss_fmode) { 2256 CTR3(KTR_IGMPV3, "%s: inm transition %d -> %d", __func__, 2257 inm->inm_st[0].iss_fmode, inm->inm_st[1].iss_fmode); 2258 if (inm->inm_st[0].iss_fmode == MCAST_UNDEFINED) { 2259 CTR1(KTR_IGMPV3, "%s: initial join", __func__); 2260 error = igmp_initial_join(inm, igi); 2261 goto out_locked; 2262 } else if (inm->inm_st[1].iss_fmode == MCAST_UNDEFINED) { 2263 CTR1(KTR_IGMPV3, "%s: final leave", __func__); 2264 igmp_final_leave(inm, igi); 2265 goto out_locked; 2266 } 2267 } else { 2268 CTR1(KTR_IGMPV3, "%s: filter set change", __func__); 2269 } 2270 2271 error = igmp_handle_state_change(inm, igi); 2272 2273 out_locked: 2274 IGMP_UNLOCK(); 2275 return (error); 2276 } 2277 2278 /* 2279 * Perform the initial join for an IGMP group. 2280 * 2281 * When joining a group: 2282 * If the group should have its IGMP traffic suppressed, do nothing. 2283 * IGMPv1 starts sending IGMPv1 host membership reports. 2284 * IGMPv2 starts sending IGMPv2 host membership reports. 2285 * IGMPv3 will schedule an IGMPv3 state-change report containing the 2286 * initial state of the membership. 2287 */ 2288 static int 2289 igmp_initial_join(struct in_multi *inm, struct igmp_ifinfo *igi) 2290 { 2291 INIT_VNET_INET(curvnet); 2292 struct ifnet *ifp; 2293 struct ifqueue *ifq; 2294 int error, retval, syncstates; 2295 2296 CTR4(KTR_IGMPV3, "%s: initial join %s on ifp %p(%s)", 2297 __func__, inet_ntoa(inm->inm_addr), inm->inm_ifp, 2298 inm->inm_ifp->if_xname); 2299 2300 error = 0; 2301 syncstates = 1; 2302 2303 ifp = inm->inm_ifp; 2304 2305 IN_MULTI_LOCK_ASSERT(); 2306 IGMP_LOCK_ASSERT(); 2307 2308 KASSERT(igi && igi->igi_ifp == ifp, ("%s: inconsistent ifp", __func__)); 2309 2310 /* 2311 * Groups joined on loopback or marked as 'not reported', 2312 * e.g. 224.0.0.1, enter the IGMP_SILENT_MEMBER state and 2313 * are never reported in any IGMP protocol exchanges. 2314 * All other groups enter the appropriate IGMP state machine 2315 * for the version in use on this link. 2316 * A link marked as IGIF_SILENT causes IGMP to be completely 2317 * disabled for the link. 2318 */ 2319 if ((ifp->if_flags & IFF_LOOPBACK) || 2320 (igi->igi_flags & IGIF_SILENT) || 2321 !igmp_isgroupreported(inm->inm_addr)) { 2322 CTR1(KTR_IGMPV3, 2323 "%s: not kicking state machine for silent group", __func__); 2324 inm->inm_state = IGMP_SILENT_MEMBER; 2325 inm->inm_timer = 0; 2326 } else { 2327 /* 2328 * Deal with overlapping in_multi lifecycle. 2329 * If this group was LEAVING, then make sure 2330 * we drop the reference we picked up to keep the 2331 * group around for the final INCLUDE {} enqueue. 2332 */ 2333 if (igi->igi_version == IGMP_VERSION_3 && 2334 inm->inm_state == IGMP_LEAVING_MEMBER) 2335 inm_release_locked(inm); 2336 2337 inm->inm_state = IGMP_REPORTING_MEMBER; 2338 2339 switch (igi->igi_version) { 2340 case IGMP_VERSION_1: 2341 case IGMP_VERSION_2: 2342 inm->inm_state = IGMP_IDLE_MEMBER; 2343 error = igmp_v1v2_queue_report(inm, 2344 (igi->igi_version == IGMP_VERSION_2) ? 2345 IGMP_v2_HOST_MEMBERSHIP_REPORT : 2346 IGMP_v1_HOST_MEMBERSHIP_REPORT); 2347 if (error == 0) { 2348 inm->inm_timer = IGMP_RANDOM_DELAY( 2349 IGMP_V1V2_MAX_RI * PR_FASTHZ); 2350 V_current_state_timers_running = 1; 2351 } 2352 break; 2353 2354 case IGMP_VERSION_3: 2355 /* 2356 * Defer update of T0 to T1, until the first copy 2357 * of the state change has been transmitted. 2358 */ 2359 syncstates = 0; 2360 2361 /* 2362 * Immediately enqueue a State-Change Report for 2363 * this interface, freeing any previous reports. 2364 * Don't kick the timers if there is nothing to do, 2365 * or if an error occurred. 2366 */ 2367 ifq = &inm->inm_scq; 2368 _IF_DRAIN(ifq); 2369 retval = igmp_v3_enqueue_group_record(ifq, inm, 1, 2370 0, 0); 2371 CTR2(KTR_IGMPV3, "%s: enqueue record = %d", 2372 __func__, retval); 2373 if (retval <= 0) { 2374 error = retval * -1; 2375 break; 2376 } 2377 2378 /* 2379 * Schedule transmission of pending state-change 2380 * report up to RV times for this link. The timer 2381 * will fire at the next igmp_fasttimo (~200ms), 2382 * giving us an opportunity to merge the reports. 2383 */ 2384 if (igi->igi_flags & IGIF_LOOPBACK) { 2385 inm->inm_scrv = 1; 2386 } else { 2387 KASSERT(igi->igi_rv > 1, 2388 ("%s: invalid robustness %d", __func__, 2389 igi->igi_rv)); 2390 inm->inm_scrv = igi->igi_rv; 2391 } 2392 inm->inm_sctimer = 1; 2393 V_state_change_timers_running = 1; 2394 2395 error = 0; 2396 break; 2397 } 2398 } 2399 2400 /* 2401 * Only update the T0 state if state change is atomic, 2402 * i.e. we don't need to wait for a timer to fire before we 2403 * can consider the state change to have been communicated. 2404 */ 2405 if (syncstates) { 2406 inm_commit(inm); 2407 CTR3(KTR_IGMPV3, "%s: T1 -> T0 for %s/%s", __func__, 2408 inet_ntoa(inm->inm_addr), inm->inm_ifp->if_xname); 2409 } 2410 2411 return (error); 2412 } 2413 2414 /* 2415 * Issue an intermediate state change during the IGMP life-cycle. 2416 */ 2417 static int 2418 igmp_handle_state_change(struct in_multi *inm, struct igmp_ifinfo *igi) 2419 { 2420 INIT_VNET_INET(curvnet); 2421 struct ifnet *ifp; 2422 int retval; 2423 2424 CTR4(KTR_IGMPV3, "%s: state change for %s on ifp %p(%s)", 2425 __func__, inet_ntoa(inm->inm_addr), inm->inm_ifp, 2426 inm->inm_ifp->if_xname); 2427 2428 ifp = inm->inm_ifp; 2429 2430 IN_MULTI_LOCK_ASSERT(); 2431 IGMP_LOCK_ASSERT(); 2432 2433 KASSERT(igi && igi->igi_ifp == ifp, ("%s: inconsistent ifp", __func__)); 2434 2435 if ((ifp->if_flags & IFF_LOOPBACK) || 2436 (igi->igi_flags & IGIF_SILENT) || 2437 !igmp_isgroupreported(inm->inm_addr) || 2438 (igi->igi_version != IGMP_VERSION_3)) { 2439 if (!igmp_isgroupreported(inm->inm_addr)) { 2440 CTR1(KTR_IGMPV3, 2441 "%s: not kicking state machine for silent group", __func__); 2442 } 2443 CTR1(KTR_IGMPV3, "%s: nothing to do", __func__); 2444 inm_commit(inm); 2445 CTR3(KTR_IGMPV3, "%s: T1 -> T0 for %s/%s", __func__, 2446 inet_ntoa(inm->inm_addr), inm->inm_ifp->if_xname); 2447 return (0); 2448 } 2449 2450 _IF_DRAIN(&inm->inm_scq); 2451 2452 retval = igmp_v3_enqueue_group_record(&inm->inm_scq, inm, 1, 0, 0); 2453 CTR2(KTR_IGMPV3, "%s: enqueue record = %d", __func__, retval); 2454 if (retval <= 0) 2455 return (-retval); 2456 2457 /* 2458 * If record(s) were enqueued, start the state-change 2459 * report timer for this group. 2460 */ 2461 inm->inm_scrv = ((igi->igi_flags & IGIF_LOOPBACK) ? 1 : igi->igi_rv); 2462 inm->inm_sctimer = 1; 2463 V_state_change_timers_running = 1; 2464 2465 return (0); 2466 } 2467 2468 /* 2469 * Perform the final leave for an IGMP group. 2470 * 2471 * When leaving a group: 2472 * IGMPv1 does nothing. 2473 * IGMPv2 sends a host leave message, if and only if we are the reporter. 2474 * IGMPv3 enqueues a state-change report containing a transition 2475 * to INCLUDE {} for immediate transmission. 2476 */ 2477 static void 2478 igmp_final_leave(struct in_multi *inm, struct igmp_ifinfo *igi) 2479 { 2480 INIT_VNET_INET(curvnet); 2481 int syncstates; 2482 2483 syncstates = 1; 2484 2485 CTR4(KTR_IGMPV3, "%s: final leave %s on ifp %p(%s)", 2486 __func__, inet_ntoa(inm->inm_addr), inm->inm_ifp, 2487 inm->inm_ifp->if_xname); 2488 2489 IN_MULTI_LOCK_ASSERT(); 2490 IGMP_LOCK_ASSERT(); 2491 2492 switch (inm->inm_state) { 2493 case IGMP_NOT_MEMBER: 2494 case IGMP_SILENT_MEMBER: 2495 case IGMP_LEAVING_MEMBER: 2496 /* Already leaving or left; do nothing. */ 2497 CTR1(KTR_IGMPV3, 2498 "%s: not kicking state machine for silent group", __func__); 2499 break; 2500 case IGMP_REPORTING_MEMBER: 2501 case IGMP_IDLE_MEMBER: 2502 case IGMP_G_QUERY_PENDING_MEMBER: 2503 case IGMP_SG_QUERY_PENDING_MEMBER: 2504 if (igi->igi_version == IGMP_VERSION_2) { 2505 #ifdef INVARIANTS 2506 if (inm->inm_state == IGMP_G_QUERY_PENDING_MEMBER || 2507 inm->inm_state == IGMP_SG_QUERY_PENDING_MEMBER) 2508 panic("%s: IGMPv3 state reached, not IGMPv3 mode", 2509 __func__); 2510 #endif 2511 igmp_v1v2_queue_report(inm, IGMP_HOST_LEAVE_MESSAGE); 2512 inm->inm_state = IGMP_NOT_MEMBER; 2513 } else if (igi->igi_version == IGMP_VERSION_3) { 2514 /* 2515 * Stop group timer and all pending reports. 2516 * Immediately enqueue a state-change report 2517 * TO_IN {} to be sent on the next fast timeout, 2518 * giving us an opportunity to merge reports. 2519 */ 2520 _IF_DRAIN(&inm->inm_scq); 2521 inm->inm_timer = 0; 2522 if (igi->igi_flags & IGIF_LOOPBACK) { 2523 inm->inm_scrv = 1; 2524 } else { 2525 inm->inm_scrv = igi->igi_rv; 2526 } 2527 CTR4(KTR_IGMPV3, "%s: Leaving %s/%s with %d " 2528 "pending retransmissions.", __func__, 2529 inet_ntoa(inm->inm_addr), 2530 inm->inm_ifp->if_xname, inm->inm_scrv); 2531 if (inm->inm_scrv == 0) { 2532 inm->inm_state = IGMP_NOT_MEMBER; 2533 inm->inm_sctimer = 0; 2534 } else { 2535 int retval; 2536 2537 inm_acquire_locked(inm); 2538 2539 retval = igmp_v3_enqueue_group_record( 2540 &inm->inm_scq, inm, 1, 0, 0); 2541 KASSERT(retval != 0, 2542 ("%s: enqueue record = %d", __func__, 2543 retval)); 2544 2545 inm->inm_state = IGMP_LEAVING_MEMBER; 2546 inm->inm_sctimer = 1; 2547 V_state_change_timers_running = 1; 2548 syncstates = 0; 2549 } 2550 break; 2551 } 2552 break; 2553 case IGMP_LAZY_MEMBER: 2554 case IGMP_SLEEPING_MEMBER: 2555 case IGMP_AWAKENING_MEMBER: 2556 /* Our reports are suppressed; do nothing. */ 2557 break; 2558 } 2559 2560 if (syncstates) { 2561 inm_commit(inm); 2562 CTR3(KTR_IGMPV3, "%s: T1 -> T0 for %s/%s", __func__, 2563 inet_ntoa(inm->inm_addr), inm->inm_ifp->if_xname); 2564 inm->inm_st[1].iss_fmode = MCAST_UNDEFINED; 2565 CTR3(KTR_IGMPV3, "%s: T1 now MCAST_UNDEFINED for %s/%s", 2566 __func__, inet_ntoa(inm->inm_addr), inm->inm_ifp->if_xname); 2567 } 2568 } 2569 2570 /* 2571 * Enqueue an IGMPv3 group record to the given output queue. 2572 * 2573 * XXX This function could do with having the allocation code 2574 * split out, and the multiple-tree-walks coalesced into a single 2575 * routine as has been done in igmp_v3_enqueue_filter_change(). 2576 * 2577 * If is_state_change is zero, a current-state record is appended. 2578 * If is_state_change is non-zero, a state-change report is appended. 2579 * 2580 * If is_group_query is non-zero, an mbuf packet chain is allocated. 2581 * If is_group_query is zero, and if there is a packet with free space 2582 * at the tail of the queue, it will be appended to providing there 2583 * is enough free space. 2584 * Otherwise a new mbuf packet chain is allocated. 2585 * 2586 * If is_source_query is non-zero, each source is checked to see if 2587 * it was recorded for a Group-Source query, and will be omitted if 2588 * it is not both in-mode and recorded. 2589 * 2590 * The function will attempt to allocate leading space in the packet 2591 * for the IP/IGMP header to be prepended without fragmenting the chain. 2592 * 2593 * If successful the size of all data appended to the queue is returned, 2594 * otherwise an error code less than zero is returned, or zero if 2595 * no record(s) were appended. 2596 */ 2597 static int 2598 igmp_v3_enqueue_group_record(struct ifqueue *ifq, struct in_multi *inm, 2599 const int is_state_change, const int is_group_query, 2600 const int is_source_query) 2601 { 2602 struct igmp_grouprec ig; 2603 struct igmp_grouprec *pig; 2604 struct ifnet *ifp; 2605 struct ip_msource *ims, *nims; 2606 struct mbuf *m0, *m, *md; 2607 int error, is_filter_list_change; 2608 int minrec0len, m0srcs, msrcs, nbytes, off; 2609 int record_has_sources; 2610 int now; 2611 int type; 2612 in_addr_t naddr; 2613 uint8_t mode; 2614 2615 IN_MULTI_LOCK_ASSERT(); 2616 2617 error = 0; 2618 ifp = inm->inm_ifp; 2619 is_filter_list_change = 0; 2620 m = NULL; 2621 m0 = NULL; 2622 m0srcs = 0; 2623 msrcs = 0; 2624 nbytes = 0; 2625 nims = NULL; 2626 record_has_sources = 1; 2627 pig = NULL; 2628 type = IGMP_DO_NOTHING; 2629 mode = inm->inm_st[1].iss_fmode; 2630 2631 /* 2632 * If we did not transition out of ASM mode during t0->t1, 2633 * and there are no source nodes to process, we can skip 2634 * the generation of source records. 2635 */ 2636 if (inm->inm_st[0].iss_asm > 0 && inm->inm_st[1].iss_asm > 0 && 2637 inm->inm_nsrc == 0) 2638 record_has_sources = 0; 2639 2640 if (is_state_change) { 2641 /* 2642 * Queue a state change record. 2643 * If the mode did not change, and there are non-ASM 2644 * listeners or source filters present, 2645 * we potentially need to issue two records for the group. 2646 * If we are transitioning to MCAST_UNDEFINED, we need 2647 * not send any sources. 2648 * If there are ASM listeners, and there was no filter 2649 * mode transition of any kind, do nothing. 2650 */ 2651 if (mode != inm->inm_st[0].iss_fmode) { 2652 if (mode == MCAST_EXCLUDE) { 2653 CTR1(KTR_IGMPV3, "%s: change to EXCLUDE", 2654 __func__); 2655 type = IGMP_CHANGE_TO_EXCLUDE_MODE; 2656 } else { 2657 CTR1(KTR_IGMPV3, "%s: change to INCLUDE", 2658 __func__); 2659 type = IGMP_CHANGE_TO_INCLUDE_MODE; 2660 if (mode == MCAST_UNDEFINED) 2661 record_has_sources = 0; 2662 } 2663 } else { 2664 if (record_has_sources) { 2665 is_filter_list_change = 1; 2666 } else { 2667 type = IGMP_DO_NOTHING; 2668 } 2669 } 2670 } else { 2671 /* 2672 * Queue a current state record. 2673 */ 2674 if (mode == MCAST_EXCLUDE) { 2675 type = IGMP_MODE_IS_EXCLUDE; 2676 } else if (mode == MCAST_INCLUDE) { 2677 type = IGMP_MODE_IS_INCLUDE; 2678 KASSERT(inm->inm_st[1].iss_asm == 0, 2679 ("%s: inm %p is INCLUDE but ASM count is %d", 2680 __func__, inm, inm->inm_st[1].iss_asm)); 2681 } 2682 } 2683 2684 /* 2685 * Generate the filter list changes using a separate function. 2686 */ 2687 if (is_filter_list_change) 2688 return (igmp_v3_enqueue_filter_change(ifq, inm)); 2689 2690 if (type == IGMP_DO_NOTHING) { 2691 CTR3(KTR_IGMPV3, "%s: nothing to do for %s/%s", 2692 __func__, inet_ntoa(inm->inm_addr), 2693 inm->inm_ifp->if_xname); 2694 return (0); 2695 } 2696 2697 /* 2698 * If any sources are present, we must be able to fit at least 2699 * one in the trailing space of the tail packet's mbuf, 2700 * ideally more. 2701 */ 2702 minrec0len = sizeof(struct igmp_grouprec); 2703 if (record_has_sources) 2704 minrec0len += sizeof(in_addr_t); 2705 2706 CTR4(KTR_IGMPV3, "%s: queueing %s for %s/%s", __func__, 2707 igmp_rec_type_to_str(type), inet_ntoa(inm->inm_addr), 2708 inm->inm_ifp->if_xname); 2709 2710 /* 2711 * Check if we have a packet in the tail of the queue for this 2712 * group into which the first group record for this group will fit. 2713 * Otherwise allocate a new packet. 2714 * Always allocate leading space for IP+RA_OPT+IGMP+REPORT. 2715 * Note: Group records for G/GSR query responses MUST be sent 2716 * in their own packet. 2717 */ 2718 m0 = ifq->ifq_tail; 2719 if (!is_group_query && 2720 m0 != NULL && 2721 (m0->m_pkthdr.PH_vt.vt_nrecs + 1 <= IGMP_V3_REPORT_MAXRECS) && 2722 (m0->m_pkthdr.len + minrec0len) < 2723 (ifp->if_mtu - IGMP_LEADINGSPACE)) { 2724 m0srcs = (ifp->if_mtu - m0->m_pkthdr.len - 2725 sizeof(struct igmp_grouprec)) / sizeof(in_addr_t); 2726 m = m0; 2727 CTR1(KTR_IGMPV3, "%s: use existing packet", __func__); 2728 } else { 2729 if (_IF_QFULL(ifq)) { 2730 CTR1(KTR_IGMPV3, "%s: outbound queue full", __func__); 2731 return (-ENOMEM); 2732 } 2733 m = NULL; 2734 m0srcs = (ifp->if_mtu - IGMP_LEADINGSPACE - 2735 sizeof(struct igmp_grouprec)) / sizeof(in_addr_t); 2736 if (!is_state_change && !is_group_query) { 2737 m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); 2738 if (m) 2739 m->m_data += IGMP_LEADINGSPACE; 2740 } 2741 if (m == NULL) { 2742 m = m_gethdr(M_DONTWAIT, MT_DATA); 2743 if (m) 2744 MH_ALIGN(m, IGMP_LEADINGSPACE); 2745 } 2746 if (m == NULL) 2747 return (-ENOMEM); 2748 2749 igmp_save_context(m, ifp); 2750 2751 CTR1(KTR_IGMPV3, "%s: allocated first packet", __func__); 2752 } 2753 2754 /* 2755 * Append group record. 2756 * If we have sources, we don't know how many yet. 2757 */ 2758 ig.ig_type = type; 2759 ig.ig_datalen = 0; 2760 ig.ig_numsrc = 0; 2761 ig.ig_group = inm->inm_addr; 2762 if (!m_append(m, sizeof(struct igmp_grouprec), (void *)&ig)) { 2763 if (m != m0) 2764 m_freem(m); 2765 CTR1(KTR_IGMPV3, "%s: m_append() failed.", __func__); 2766 return (-ENOMEM); 2767 } 2768 nbytes += sizeof(struct igmp_grouprec); 2769 2770 /* 2771 * Append as many sources as will fit in the first packet. 2772 * If we are appending to a new packet, the chain allocation 2773 * may potentially use clusters; use m_getptr() in this case. 2774 * If we are appending to an existing packet, we need to obtain 2775 * a pointer to the group record after m_append(), in case a new 2776 * mbuf was allocated. 2777 * Only append sources which are in-mode at t1. If we are 2778 * transitioning to MCAST_UNDEFINED state on the group, do not 2779 * include source entries. 2780 * Only report recorded sources in our filter set when responding 2781 * to a group-source query. 2782 */ 2783 if (record_has_sources) { 2784 if (m == m0) { 2785 md = m_last(m); 2786 pig = (struct igmp_grouprec *)(mtod(md, uint8_t *) + 2787 md->m_len - nbytes); 2788 } else { 2789 md = m_getptr(m, 0, &off); 2790 pig = (struct igmp_grouprec *)(mtod(md, uint8_t *) + 2791 off); 2792 } 2793 msrcs = 0; 2794 RB_FOREACH_SAFE(ims, ip_msource_tree, &inm->inm_srcs, nims) { 2795 CTR2(KTR_IGMPV3, "%s: visit node %s", __func__, 2796 inet_ntoa_haddr(ims->ims_haddr)); 2797 now = ims_get_mode(inm, ims, 1); 2798 CTR2(KTR_IGMPV3, "%s: node is %d", __func__, now); 2799 if ((now != mode) || 2800 (now == mode && mode == MCAST_UNDEFINED)) { 2801 CTR1(KTR_IGMPV3, "%s: skip node", __func__); 2802 continue; 2803 } 2804 if (is_source_query && ims->ims_stp == 0) { 2805 CTR1(KTR_IGMPV3, "%s: skip unrecorded node", 2806 __func__); 2807 continue; 2808 } 2809 CTR1(KTR_IGMPV3, "%s: append node", __func__); 2810 naddr = htonl(ims->ims_haddr); 2811 if (!m_append(m, sizeof(in_addr_t), (void *)&naddr)) { 2812 if (m != m0) 2813 m_freem(m); 2814 CTR1(KTR_IGMPV3, "%s: m_append() failed.", 2815 __func__); 2816 return (-ENOMEM); 2817 } 2818 nbytes += sizeof(in_addr_t); 2819 ++msrcs; 2820 if (msrcs == m0srcs) 2821 break; 2822 } 2823 CTR2(KTR_IGMPV3, "%s: msrcs is %d this packet", __func__, 2824 msrcs); 2825 pig->ig_numsrc = htons(msrcs); 2826 nbytes += (msrcs * sizeof(in_addr_t)); 2827 } 2828 2829 if (is_source_query && msrcs == 0) { 2830 CTR1(KTR_IGMPV3, "%s: no recorded sources to report", __func__); 2831 if (m != m0) 2832 m_freem(m); 2833 return (0); 2834 } 2835 2836 /* 2837 * We are good to go with first packet. 2838 */ 2839 if (m != m0) { 2840 CTR1(KTR_IGMPV3, "%s: enqueueing first packet", __func__); 2841 m->m_pkthdr.PH_vt.vt_nrecs = 1; 2842 _IF_ENQUEUE(ifq, m); 2843 } else 2844 m->m_pkthdr.PH_vt.vt_nrecs++; 2845 2846 /* 2847 * No further work needed if no source list in packet(s). 2848 */ 2849 if (!record_has_sources) 2850 return (nbytes); 2851 2852 /* 2853 * Whilst sources remain to be announced, we need to allocate 2854 * a new packet and fill out as many sources as will fit. 2855 * Always try for a cluster first. 2856 */ 2857 while (nims != NULL) { 2858 if (_IF_QFULL(ifq)) { 2859 CTR1(KTR_IGMPV3, "%s: outbound queue full", __func__); 2860 return (-ENOMEM); 2861 } 2862 m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); 2863 if (m) 2864 m->m_data += IGMP_LEADINGSPACE; 2865 if (m == NULL) { 2866 m = m_gethdr(M_DONTWAIT, MT_DATA); 2867 if (m) 2868 MH_ALIGN(m, IGMP_LEADINGSPACE); 2869 } 2870 if (m == NULL) 2871 return (-ENOMEM); 2872 igmp_save_context(m, ifp); 2873 md = m_getptr(m, 0, &off); 2874 pig = (struct igmp_grouprec *)(mtod(md, uint8_t *) + off); 2875 CTR1(KTR_IGMPV3, "%s: allocated next packet", __func__); 2876 2877 if (!m_append(m, sizeof(struct igmp_grouprec), (void *)&ig)) { 2878 if (m != m0) 2879 m_freem(m); 2880 CTR1(KTR_IGMPV3, "%s: m_append() failed.", __func__); 2881 return (-ENOMEM); 2882 } 2883 m->m_pkthdr.PH_vt.vt_nrecs = 1; 2884 nbytes += sizeof(struct igmp_grouprec); 2885 2886 m0srcs = (ifp->if_mtu - IGMP_LEADINGSPACE - 2887 sizeof(struct igmp_grouprec)) / sizeof(in_addr_t); 2888 2889 msrcs = 0; 2890 RB_FOREACH_FROM(ims, ip_msource_tree, nims) { 2891 CTR2(KTR_IGMPV3, "%s: visit node %s", __func__, 2892 inet_ntoa_haddr(ims->ims_haddr)); 2893 now = ims_get_mode(inm, ims, 1); 2894 if ((now != mode) || 2895 (now == mode && mode == MCAST_UNDEFINED)) { 2896 CTR1(KTR_IGMPV3, "%s: skip node", __func__); 2897 continue; 2898 } 2899 if (is_source_query && ims->ims_stp == 0) { 2900 CTR1(KTR_IGMPV3, "%s: skip unrecorded node", 2901 __func__); 2902 continue; 2903 } 2904 CTR1(KTR_IGMPV3, "%s: append node", __func__); 2905 naddr = htonl(ims->ims_haddr); 2906 if (!m_append(m, sizeof(in_addr_t), (void *)&naddr)) { 2907 if (m != m0) 2908 m_freem(m); 2909 CTR1(KTR_IGMPV3, "%s: m_append() failed.", 2910 __func__); 2911 return (-ENOMEM); 2912 } 2913 ++msrcs; 2914 if (msrcs == m0srcs) 2915 break; 2916 } 2917 pig->ig_numsrc = htons(msrcs); 2918 nbytes += (msrcs * sizeof(in_addr_t)); 2919 2920 CTR1(KTR_IGMPV3, "%s: enqueueing next packet", __func__); 2921 _IF_ENQUEUE(ifq, m); 2922 } 2923 2924 return (nbytes); 2925 } 2926 2927 /* 2928 * Type used to mark record pass completion. 2929 * We exploit the fact we can cast to this easily from the 2930 * current filter modes on each ip_msource node. 2931 */ 2932 typedef enum { 2933 REC_NONE = 0x00, /* MCAST_UNDEFINED */ 2934 REC_ALLOW = 0x01, /* MCAST_INCLUDE */ 2935 REC_BLOCK = 0x02, /* MCAST_EXCLUDE */ 2936 REC_FULL = REC_ALLOW | REC_BLOCK 2937 } rectype_t; 2938 2939 /* 2940 * Enqueue an IGMPv3 filter list change to the given output queue. 2941 * 2942 * Source list filter state is held in an RB-tree. When the filter list 2943 * for a group is changed without changing its mode, we need to compute 2944 * the deltas between T0 and T1 for each source in the filter set, 2945 * and enqueue the appropriate ALLOW_NEW/BLOCK_OLD records. 2946 * 2947 * As we may potentially queue two record types, and the entire R-B tree 2948 * needs to be walked at once, we break this out into its own function 2949 * so we can generate a tightly packed queue of packets. 2950 * 2951 * XXX This could be written to only use one tree walk, although that makes 2952 * serializing into the mbuf chains a bit harder. For now we do two walks 2953 * which makes things easier on us, and it may or may not be harder on 2954 * the L2 cache. 2955 * 2956 * If successful the size of all data appended to the queue is returned, 2957 * otherwise an error code less than zero is returned, or zero if 2958 * no record(s) were appended. 2959 */ 2960 static int 2961 igmp_v3_enqueue_filter_change(struct ifqueue *ifq, struct in_multi *inm) 2962 { 2963 static const int MINRECLEN = 2964 sizeof(struct igmp_grouprec) + sizeof(in_addr_t); 2965 struct ifnet *ifp; 2966 struct igmp_grouprec ig; 2967 struct igmp_grouprec *pig; 2968 struct ip_msource *ims, *nims; 2969 struct mbuf *m, *m0, *md; 2970 in_addr_t naddr; 2971 int m0srcs, nbytes, npbytes, off, rsrcs, schanged; 2972 int nallow, nblock; 2973 uint8_t mode, now, then; 2974 rectype_t crt, drt, nrt; 2975 2976 IN_MULTI_LOCK_ASSERT(); 2977 2978 if (inm->inm_nsrc == 0 || 2979 (inm->inm_st[0].iss_asm > 0 && inm->inm_st[1].iss_asm > 0)) 2980 return (0); 2981 2982 ifp = inm->inm_ifp; /* interface */ 2983 mode = inm->inm_st[1].iss_fmode; /* filter mode at t1 */ 2984 crt = REC_NONE; /* current group record type */ 2985 drt = REC_NONE; /* mask of completed group record types */ 2986 nrt = REC_NONE; /* record type for current node */ 2987 m0srcs = 0; /* # source which will fit in current mbuf chain */ 2988 nbytes = 0; /* # of bytes appended to group's state-change queue */ 2989 npbytes = 0; /* # of bytes appended this packet */ 2990 rsrcs = 0; /* # sources encoded in current record */ 2991 schanged = 0; /* # nodes encoded in overall filter change */ 2992 nallow = 0; /* # of source entries in ALLOW_NEW */ 2993 nblock = 0; /* # of source entries in BLOCK_OLD */ 2994 nims = NULL; /* next tree node pointer */ 2995 2996 /* 2997 * For each possible filter record mode. 2998 * The first kind of source we encounter tells us which 2999 * is the first kind of record we start appending. 3000 * If a node transitioned to UNDEFINED at t1, its mode is treated 3001 * as the inverse of the group's filter mode. 3002 */ 3003 while (drt != REC_FULL) { 3004 do { 3005 m0 = ifq->ifq_tail; 3006 if (m0 != NULL && 3007 (m0->m_pkthdr.PH_vt.vt_nrecs + 1 <= 3008 IGMP_V3_REPORT_MAXRECS) && 3009 (m0->m_pkthdr.len + MINRECLEN) < 3010 (ifp->if_mtu - IGMP_LEADINGSPACE)) { 3011 m = m0; 3012 m0srcs = (ifp->if_mtu - m0->m_pkthdr.len - 3013 sizeof(struct igmp_grouprec)) / 3014 sizeof(in_addr_t); 3015 CTR1(KTR_IGMPV3, 3016 "%s: use previous packet", __func__); 3017 } else { 3018 m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); 3019 if (m) 3020 m->m_data += IGMP_LEADINGSPACE; 3021 if (m == NULL) { 3022 m = m_gethdr(M_DONTWAIT, MT_DATA); 3023 if (m) 3024 MH_ALIGN(m, IGMP_LEADINGSPACE); 3025 } 3026 if (m == NULL) { 3027 CTR1(KTR_IGMPV3, 3028 "%s: m_get*() failed", __func__); 3029 return (-ENOMEM); 3030 } 3031 m->m_pkthdr.PH_vt.vt_nrecs = 0; 3032 igmp_save_context(m, ifp); 3033 m0srcs = (ifp->if_mtu - IGMP_LEADINGSPACE - 3034 sizeof(struct igmp_grouprec)) / 3035 sizeof(in_addr_t); 3036 npbytes = 0; 3037 CTR1(KTR_IGMPV3, 3038 "%s: allocated new packet", __func__); 3039 } 3040 /* 3041 * Append the IGMP group record header to the 3042 * current packet's data area. 3043 * Recalculate pointer to free space for next 3044 * group record, in case m_append() allocated 3045 * a new mbuf or cluster. 3046 */ 3047 memset(&ig, 0, sizeof(ig)); 3048 ig.ig_group = inm->inm_addr; 3049 if (!m_append(m, sizeof(ig), (void *)&ig)) { 3050 if (m != m0) 3051 m_freem(m); 3052 CTR1(KTR_IGMPV3, 3053 "%s: m_append() failed", __func__); 3054 return (-ENOMEM); 3055 } 3056 npbytes += sizeof(struct igmp_grouprec); 3057 if (m != m0) { 3058 /* new packet; offset in c hain */ 3059 md = m_getptr(m, npbytes - 3060 sizeof(struct igmp_grouprec), &off); 3061 pig = (struct igmp_grouprec *)(mtod(md, 3062 uint8_t *) + off); 3063 } else { 3064 /* current packet; offset from last append */ 3065 md = m_last(m); 3066 pig = (struct igmp_grouprec *)(mtod(md, 3067 uint8_t *) + md->m_len - 3068 sizeof(struct igmp_grouprec)); 3069 } 3070 /* 3071 * Begin walking the tree for this record type 3072 * pass, or continue from where we left off 3073 * previously if we had to allocate a new packet. 3074 * Only report deltas in-mode at t1. 3075 * We need not report included sources as allowed 3076 * if we are in inclusive mode on the group, 3077 * however the converse is not true. 3078 */ 3079 rsrcs = 0; 3080 if (nims == NULL) 3081 nims = RB_MIN(ip_msource_tree, &inm->inm_srcs); 3082 RB_FOREACH_FROM(ims, ip_msource_tree, nims) { 3083 CTR2(KTR_IGMPV3, "%s: visit node %s", 3084 __func__, inet_ntoa_haddr(ims->ims_haddr)); 3085 now = ims_get_mode(inm, ims, 1); 3086 then = ims_get_mode(inm, ims, 0); 3087 CTR3(KTR_IGMPV3, "%s: mode: t0 %d, t1 %d", 3088 __func__, then, now); 3089 if (now == then) { 3090 CTR1(KTR_IGMPV3, 3091 "%s: skip unchanged", __func__); 3092 continue; 3093 } 3094 if (mode == MCAST_EXCLUDE && 3095 now == MCAST_INCLUDE) { 3096 CTR1(KTR_IGMPV3, 3097 "%s: skip IN src on EX group", 3098 __func__); 3099 continue; 3100 } 3101 nrt = (rectype_t)now; 3102 if (nrt == REC_NONE) 3103 nrt = (rectype_t)(~mode & REC_FULL); 3104 if (schanged++ == 0) { 3105 crt = nrt; 3106 } else if (crt != nrt) 3107 continue; 3108 naddr = htonl(ims->ims_haddr); 3109 if (!m_append(m, sizeof(in_addr_t), 3110 (void *)&naddr)) { 3111 if (m != m0) 3112 m_freem(m); 3113 CTR1(KTR_IGMPV3, 3114 "%s: m_append() failed", __func__); 3115 return (-ENOMEM); 3116 } 3117 nallow += !!(crt == REC_ALLOW); 3118 nblock += !!(crt == REC_BLOCK); 3119 if (++rsrcs == m0srcs) 3120 break; 3121 } 3122 /* 3123 * If we did not append any tree nodes on this 3124 * pass, back out of allocations. 3125 */ 3126 if (rsrcs == 0) { 3127 npbytes -= sizeof(struct igmp_grouprec); 3128 if (m != m0) { 3129 CTR1(KTR_IGMPV3, 3130 "%s: m_free(m)", __func__); 3131 m_freem(m); 3132 } else { 3133 CTR1(KTR_IGMPV3, 3134 "%s: m_adj(m, -ig)", __func__); 3135 m_adj(m, -((int)sizeof( 3136 struct igmp_grouprec))); 3137 } 3138 continue; 3139 } 3140 npbytes += (rsrcs * sizeof(in_addr_t)); 3141 if (crt == REC_ALLOW) 3142 pig->ig_type = IGMP_ALLOW_NEW_SOURCES; 3143 else if (crt == REC_BLOCK) 3144 pig->ig_type = IGMP_BLOCK_OLD_SOURCES; 3145 pig->ig_numsrc = htons(rsrcs); 3146 /* 3147 * Count the new group record, and enqueue this 3148 * packet if it wasn't already queued. 3149 */ 3150 m->m_pkthdr.PH_vt.vt_nrecs++; 3151 if (m != m0) 3152 _IF_ENQUEUE(ifq, m); 3153 nbytes += npbytes; 3154 } while (nims != NULL); 3155 drt |= crt; 3156 crt = (~crt & REC_FULL); 3157 } 3158 3159 CTR3(KTR_IGMPV3, "%s: queued %d ALLOW_NEW, %d BLOCK_OLD", __func__, 3160 nallow, nblock); 3161 3162 return (nbytes); 3163 } 3164 3165 static int 3166 igmp_v3_merge_state_changes(struct in_multi *inm, struct ifqueue *ifscq) 3167 { 3168 struct ifqueue *gq; 3169 struct mbuf *m; /* pending state-change */ 3170 struct mbuf *m0; /* copy of pending state-change */ 3171 struct mbuf *mt; /* last state-change in packet */ 3172 int docopy, domerge; 3173 u_int recslen; 3174 3175 docopy = 0; 3176 domerge = 0; 3177 recslen = 0; 3178 3179 IN_MULTI_LOCK_ASSERT(); 3180 IGMP_LOCK_ASSERT(); 3181 3182 /* 3183 * If there are further pending retransmissions, make a writable 3184 * copy of each queued state-change message before merging. 3185 */ 3186 if (inm->inm_scrv > 0) 3187 docopy = 1; 3188 3189 gq = &inm->inm_scq; 3190 #ifdef KTR 3191 if (gq->ifq_head == NULL) { 3192 CTR2(KTR_IGMPV3, "%s: WARNING: queue for inm %p is empty", 3193 __func__, inm); 3194 } 3195 #endif 3196 3197 m = gq->ifq_head; 3198 while (m != NULL) { 3199 /* 3200 * Only merge the report into the current packet if 3201 * there is sufficient space to do so; an IGMPv3 report 3202 * packet may only contain 65,535 group records. 3203 * Always use a simple mbuf chain concatentation to do this, 3204 * as large state changes for single groups may have 3205 * allocated clusters. 3206 */ 3207 domerge = 0; 3208 mt = ifscq->ifq_tail; 3209 if (mt != NULL) { 3210 recslen = m_length(m, NULL); 3211 3212 if ((mt->m_pkthdr.PH_vt.vt_nrecs + 3213 m->m_pkthdr.PH_vt.vt_nrecs <= 3214 IGMP_V3_REPORT_MAXRECS) && 3215 (mt->m_pkthdr.len + recslen <= 3216 (inm->inm_ifp->if_mtu - IGMP_LEADINGSPACE))) 3217 domerge = 1; 3218 } 3219 3220 if (!domerge && _IF_QFULL(gq)) { 3221 CTR2(KTR_IGMPV3, 3222 "%s: outbound queue full, skipping whole packet %p", 3223 __func__, m); 3224 mt = m->m_nextpkt; 3225 if (!docopy) 3226 m_freem(m); 3227 m = mt; 3228 continue; 3229 } 3230 3231 if (!docopy) { 3232 CTR2(KTR_IGMPV3, "%s: dequeueing %p", __func__, m); 3233 _IF_DEQUEUE(gq, m0); 3234 m = m0->m_nextpkt; 3235 } else { 3236 CTR2(KTR_IGMPV3, "%s: copying %p", __func__, m); 3237 m0 = m_dup(m, M_NOWAIT); 3238 if (m0 == NULL) 3239 return (ENOMEM); 3240 m0->m_nextpkt = NULL; 3241 m = m->m_nextpkt; 3242 } 3243 3244 if (!domerge) { 3245 CTR3(KTR_IGMPV3, "%s: queueing %p to ifscq %p)", 3246 __func__, m0, ifscq); 3247 _IF_ENQUEUE(ifscq, m0); 3248 } else { 3249 struct mbuf *mtl; /* last mbuf of packet mt */ 3250 3251 CTR3(KTR_IGMPV3, "%s: merging %p with ifscq tail %p)", 3252 __func__, m0, mt); 3253 3254 mtl = m_last(mt); 3255 m0->m_flags &= ~M_PKTHDR; 3256 mt->m_pkthdr.len += recslen; 3257 mt->m_pkthdr.PH_vt.vt_nrecs += 3258 m0->m_pkthdr.PH_vt.vt_nrecs; 3259 3260 mtl->m_next = m0; 3261 } 3262 } 3263 3264 return (0); 3265 } 3266 3267 /* 3268 * Respond to a pending IGMPv3 General Query. 3269 */ 3270 static void 3271 igmp_v3_dispatch_general_query(struct igmp_ifinfo *igi) 3272 { 3273 INIT_VNET_INET(curvnet); 3274 struct ifmultiaddr *ifma, *tifma; 3275 struct ifnet *ifp; 3276 struct in_multi *inm; 3277 int retval, loop; 3278 3279 IN_MULTI_LOCK_ASSERT(); 3280 IGMP_LOCK_ASSERT(); 3281 3282 KASSERT(igi->igi_version == IGMP_VERSION_3, 3283 ("%s: called when version %d", __func__, igi->igi_version)); 3284 3285 ifp = igi->igi_ifp; 3286 3287 IF_ADDR_LOCK(ifp); 3288 TAILQ_FOREACH_SAFE(ifma, &ifp->if_multiaddrs, ifma_link, tifma) { 3289 if (ifma->ifma_addr->sa_family != AF_INET || 3290 ifma->ifma_protospec == NULL) 3291 continue; 3292 3293 inm = (struct in_multi *)ifma->ifma_protospec; 3294 KASSERT(ifp == inm->inm_ifp, 3295 ("%s: inconsistent ifp", __func__)); 3296 3297 switch (inm->inm_state) { 3298 case IGMP_NOT_MEMBER: 3299 case IGMP_SILENT_MEMBER: 3300 break; 3301 case IGMP_REPORTING_MEMBER: 3302 case IGMP_IDLE_MEMBER: 3303 case IGMP_LAZY_MEMBER: 3304 case IGMP_SLEEPING_MEMBER: 3305 case IGMP_AWAKENING_MEMBER: 3306 inm->inm_state = IGMP_REPORTING_MEMBER; 3307 retval = igmp_v3_enqueue_group_record(&igi->igi_gq, 3308 inm, 0, 0, 0); 3309 CTR2(KTR_IGMPV3, "%s: enqueue record = %d", 3310 __func__, retval); 3311 break; 3312 case IGMP_G_QUERY_PENDING_MEMBER: 3313 case IGMP_SG_QUERY_PENDING_MEMBER: 3314 case IGMP_LEAVING_MEMBER: 3315 break; 3316 } 3317 } 3318 IF_ADDR_UNLOCK(ifp); 3319 3320 loop = (igi->igi_flags & IGIF_LOOPBACK) ? 1 : 0; 3321 igmp_dispatch_queue(&igi->igi_gq, IGMP_MAX_RESPONSE_BURST, loop); 3322 3323 /* 3324 * Slew transmission of bursts over 500ms intervals. 3325 */ 3326 if (igi->igi_gq.ifq_head != NULL) { 3327 igi->igi_v3_timer = 1 + IGMP_RANDOM_DELAY( 3328 IGMP_RESPONSE_BURST_INTERVAL); 3329 V_interface_timers_running = 1; 3330 } 3331 } 3332 3333 /* 3334 * Transmit the next pending IGMP message in the output queue. 3335 * 3336 * We get called from netisr_processqueue(). A mutex private to igmpoq 3337 * will be acquired and released around this routine. 3338 * 3339 * VIMAGE: Needs to store/restore vnet pointer on a per-mbuf-chain basis. 3340 * MRT: Nothing needs to be done, as IGMP traffic is always local to 3341 * a link and uses a link-scope multicast address. 3342 */ 3343 static void 3344 igmp_intr(struct mbuf *m) 3345 { 3346 struct ip_moptions imo; 3347 struct ifnet *ifp; 3348 struct mbuf *ipopts, *m0; 3349 int error; 3350 uint32_t ifindex; 3351 3352 CTR2(KTR_IGMPV3, "%s: transmit %p", __func__, m); 3353 3354 /* 3355 * Set VNET image pointer from enqueued mbuf chain 3356 * before doing anything else. Whilst we use interface 3357 * indexes to guard against interface detach, they are 3358 * unique to each VIMAGE and must be retrieved. 3359 */ 3360 CURVNET_SET((struct vnet *)(m->m_pkthdr.header)); 3361 INIT_VNET_NET(curvnet); 3362 INIT_VNET_INET(curvnet); 3363 ifindex = igmp_restore_context(m); 3364 3365 /* 3366 * Check if the ifnet still exists. This limits the scope of 3367 * any race in the absence of a global ifp lock for low cost 3368 * (an array lookup). 3369 */ 3370 ifp = ifnet_byindex(ifindex); 3371 if (ifp == NULL) { 3372 CTR3(KTR_IGMPV3, "%s: dropped %p as ifindex %u went away.", 3373 __func__, m, ifindex); 3374 m_freem(m); 3375 IPSTAT_INC(ips_noroute); 3376 goto out; 3377 } 3378 3379 ipopts = V_igmp_sendra ? m_raopt : NULL; 3380 3381 imo.imo_multicast_ttl = 1; 3382 imo.imo_multicast_vif = -1; 3383 imo.imo_multicast_loop = (V_ip_mrouter != NULL); 3384 3385 /* 3386 * If the user requested that IGMP traffic be explicitly 3387 * redirected to the loopback interface (e.g. they are running a 3388 * MANET interface and the routing protocol needs to see the 3389 * updates), handle this now. 3390 */ 3391 if (m->m_flags & M_IGMP_LOOP) 3392 imo.imo_multicast_ifp = V_loif; 3393 else 3394 imo.imo_multicast_ifp = ifp; 3395 3396 if (m->m_flags & M_IGMPV2) { 3397 m0 = m; 3398 } else { 3399 m0 = igmp_v3_encap_report(ifp, m); 3400 if (m0 == NULL) { 3401 CTR2(KTR_IGMPV3, "%s: dropped %p", __func__, m); 3402 m_freem(m); 3403 IPSTAT_INC(ips_odropped); 3404 goto out; 3405 } 3406 } 3407 3408 igmp_scrub_context(m0); 3409 m->m_flags &= ~(M_PROTOFLAGS); 3410 m0->m_pkthdr.rcvif = V_loif; 3411 #ifdef MAC 3412 mac_netinet_igmp_send(ifp, m0); 3413 #endif 3414 error = ip_output(m0, ipopts, NULL, 0, &imo, NULL); 3415 if (error) { 3416 CTR3(KTR_IGMPV3, "%s: ip_output(%p) = %d", __func__, m0, error); 3417 goto out; 3418 } 3419 3420 IGMPSTAT_INC(igps_snd_reports); 3421 3422 out: 3423 /* 3424 * We must restore the existing vnet pointer before 3425 * continuing as we are run from netisr context. 3426 */ 3427 CURVNET_RESTORE(); 3428 } 3429 3430 /* 3431 * Encapsulate an IGMPv3 report. 3432 * 3433 * The internal mbuf flag M_IGMPV3_HDR is used to indicate that the mbuf 3434 * chain has already had its IP/IGMPv3 header prepended. In this case 3435 * the function will not attempt to prepend; the lengths and checksums 3436 * will however be re-computed. 3437 * 3438 * Returns a pointer to the new mbuf chain head, or NULL if the 3439 * allocation failed. 3440 */ 3441 static struct mbuf * 3442 igmp_v3_encap_report(struct ifnet *ifp, struct mbuf *m) 3443 { 3444 INIT_VNET_INET(curvnet); 3445 struct igmp_report *igmp; 3446 struct ip *ip; 3447 int hdrlen, igmpreclen; 3448 3449 KASSERT((m->m_flags & M_PKTHDR), 3450 ("%s: mbuf chain %p is !M_PKTHDR", __func__, m)); 3451 3452 igmpreclen = m_length(m, NULL); 3453 hdrlen = sizeof(struct ip) + sizeof(struct igmp_report); 3454 3455 if (m->m_flags & M_IGMPV3_HDR) { 3456 igmpreclen -= hdrlen; 3457 } else { 3458 M_PREPEND(m, hdrlen, M_DONTWAIT); 3459 if (m == NULL) 3460 return (NULL); 3461 m->m_flags |= M_IGMPV3_HDR; 3462 } 3463 3464 CTR2(KTR_IGMPV3, "%s: igmpreclen is %d", __func__, igmpreclen); 3465 3466 m->m_data += sizeof(struct ip); 3467 m->m_len -= sizeof(struct ip); 3468 3469 igmp = mtod(m, struct igmp_report *); 3470 igmp->ir_type = IGMP_v3_HOST_MEMBERSHIP_REPORT; 3471 igmp->ir_rsv1 = 0; 3472 igmp->ir_rsv2 = 0; 3473 igmp->ir_numgrps = htons(m->m_pkthdr.PH_vt.vt_nrecs); 3474 igmp->ir_cksum = 0; 3475 igmp->ir_cksum = in_cksum(m, sizeof(struct igmp_report) + igmpreclen); 3476 m->m_pkthdr.PH_vt.vt_nrecs = 0; 3477 3478 m->m_data -= sizeof(struct ip); 3479 m->m_len += sizeof(struct ip); 3480 3481 ip = mtod(m, struct ip *); 3482 ip->ip_tos = IPTOS_PREC_INTERNETCONTROL; 3483 ip->ip_len = hdrlen + igmpreclen; 3484 ip->ip_off = IP_DF; 3485 ip->ip_p = IPPROTO_IGMP; 3486 ip->ip_sum = 0; 3487 3488 ip->ip_src.s_addr = INADDR_ANY; 3489 3490 if (m->m_flags & M_IGMP_LOOP) { 3491 struct in_ifaddr *ia; 3492 3493 IFP_TO_IA(ifp, ia); 3494 if (ia != NULL) 3495 ip->ip_src = ia->ia_addr.sin_addr; 3496 } 3497 3498 ip->ip_dst.s_addr = htonl(INADDR_ALLRPTS_GROUP); 3499 3500 return (m); 3501 } 3502 3503 #ifdef KTR 3504 static char * 3505 igmp_rec_type_to_str(const int type) 3506 { 3507 3508 switch (type) { 3509 case IGMP_CHANGE_TO_EXCLUDE_MODE: 3510 return "TO_EX"; 3511 break; 3512 case IGMP_CHANGE_TO_INCLUDE_MODE: 3513 return "TO_IN"; 3514 break; 3515 case IGMP_MODE_IS_EXCLUDE: 3516 return "MODE_EX"; 3517 break; 3518 case IGMP_MODE_IS_INCLUDE: 3519 return "MODE_IN"; 3520 break; 3521 case IGMP_ALLOW_NEW_SOURCES: 3522 return "ALLOW_NEW"; 3523 break; 3524 case IGMP_BLOCK_OLD_SOURCES: 3525 return "BLOCK_OLD"; 3526 break; 3527 default: 3528 break; 3529 } 3530 return "unknown"; 3531 } 3532 #endif 3533 3534 static void 3535 igmp_sysinit(void) 3536 { 3537 3538 CTR1(KTR_IGMPV3, "%s: initializing", __func__); 3539 3540 IGMP_LOCK_INIT(); 3541 3542 m_raopt = igmp_ra_alloc(); 3543 3544 netisr_register(&igmp_nh); 3545 } 3546 3547 static void 3548 igmp_sysuninit(void) 3549 { 3550 3551 CTR1(KTR_IGMPV3, "%s: tearing down", __func__); 3552 3553 netisr_unregister(&igmp_nh); 3554 3555 m_free(m_raopt); 3556 m_raopt = NULL; 3557 3558 IGMP_LOCK_DESTROY(); 3559 } 3560 3561 /* 3562 * Initialize an IGMPv3 instance. 3563 * VIMAGE: Assumes curvnet set by caller and called per vimage. 3564 */ 3565 static int 3566 vnet_igmp_iattach(const void *unused __unused) 3567 { 3568 INIT_VNET_INET(curvnet); 3569 3570 CTR1(KTR_IGMPV3, "%s: initializing", __func__); 3571 3572 LIST_INIT(&V_igi_head); 3573 3574 V_current_state_timers_running = 0; 3575 V_state_change_timers_running = 0; 3576 V_interface_timers_running = 0; 3577 3578 /* 3579 * Initialize sysctls to default values. 3580 */ 3581 V_igmp_recvifkludge = 1; 3582 V_igmp_sendra = 1; 3583 V_igmp_sendlocal = 1; 3584 V_igmp_v1enable = 1; 3585 V_igmp_v2enable = 1; 3586 V_igmp_legacysupp = 0; 3587 V_igmp_default_version = IGMP_VERSION_3; 3588 V_igmp_gsrdelay.tv_sec = 10; 3589 V_igmp_gsrdelay.tv_usec = 0; 3590 3591 memset(&V_igmpstat, 0, sizeof(struct igmpstat)); 3592 V_igmpstat.igps_version = IGPS_VERSION_3; 3593 V_igmpstat.igps_len = sizeof(struct igmpstat); 3594 3595 return (0); 3596 } 3597 3598 static int 3599 vnet_igmp_idetach(const void *unused __unused) 3600 { 3601 #ifdef INVARIANTS 3602 INIT_VNET_INET(curvnet); 3603 #endif 3604 3605 CTR1(KTR_IGMPV3, "%s: tearing down", __func__); 3606 3607 KASSERT(LIST_EMPTY(&V_igi_head), 3608 ("%s: igi list not empty; ifnets not detached?", __func__)); 3609 3610 return (0); 3611 } 3612 3613 #ifndef VIMAGE_GLOBALS 3614 static vnet_modinfo_t vnet_igmp_modinfo = { 3615 .vmi_id = VNET_MOD_IGMP, 3616 .vmi_name = "igmp", 3617 .vmi_dependson = VNET_MOD_INET, 3618 .vmi_iattach = vnet_igmp_iattach, 3619 .vmi_idetach = vnet_igmp_idetach 3620 }; 3621 #endif 3622 3623 static int 3624 igmp_modevent(module_t mod, int type, void *unused __unused) 3625 { 3626 3627 switch (type) { 3628 case MOD_LOAD: 3629 igmp_sysinit(); 3630 #ifndef VIMAGE_GLOBALS 3631 vnet_mod_register(&vnet_igmp_modinfo); 3632 #else 3633 vnet_igmp_iattach(NULL); 3634 #endif 3635 break; 3636 case MOD_UNLOAD: 3637 #ifndef VIMAGE_GLOBALS 3638 vnet_mod_deregister(&vnet_igmp_modinfo); 3639 #else 3640 vnet_igmp_idetach(NULL); 3641 #endif 3642 igmp_sysuninit(); 3643 break; 3644 default: 3645 return (EOPNOTSUPP); 3646 } 3647 return (0); 3648 } 3649 3650 static moduledata_t igmp_mod = { 3651 "igmp", 3652 igmp_modevent, 3653 0 3654 }; 3655 DECLARE_MODULE(igmp, igmp_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 3656