1 /*- 2 * Copyright (c) 2002 Michael Shalayeff. 3 * Copyright (c) 2003 Ryan McBride. 4 * Copyright (c) 2011 Gleb Smirnoff <glebius@FreeBSD.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT, 20 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 21 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 22 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 24 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 25 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 26 * THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 #include <sys/cdefs.h> 30 __FBSDID("$FreeBSD$"); 31 32 #include "opt_bpf.h" 33 #include "opt_inet.h" 34 #include "opt_inet6.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/bus.h> 39 #include <sys/jail.h> 40 #include <sys/kernel.h> 41 #include <sys/limits.h> 42 #include <sys/malloc.h> 43 #include <sys/mbuf.h> 44 #include <sys/module.h> 45 #include <sys/priv.h> 46 #include <sys/proc.h> 47 #include <sys/protosw.h> 48 #include <sys/socket.h> 49 #include <sys/sockio.h> 50 #include <sys/sysctl.h> 51 #include <sys/syslog.h> 52 #include <sys/taskqueue.h> 53 54 #include <net/ethernet.h> 55 #include <net/fddi.h> 56 #include <net/if.h> 57 #include <net/if_dl.h> 58 #include <net/if_llatbl.h> 59 #include <net/if_types.h> 60 #include <net/iso88025.h> 61 #include <net/route.h> 62 #include <net/vnet.h> 63 64 #if defined(INET) || defined(INET6) 65 #include <netinet/in.h> 66 #include <netinet/in_var.h> 67 #include <netinet/ip_carp.h> 68 #include <netinet/ip.h> 69 #include <machine/in_cksum.h> 70 #endif 71 #ifdef INET 72 #include <netinet/ip_var.h> 73 #include <netinet/if_ether.h> 74 #endif 75 76 #ifdef INET6 77 #include <netinet/icmp6.h> 78 #include <netinet/ip6.h> 79 #include <netinet6/ip6protosw.h> 80 #include <netinet6/in6_var.h> 81 #include <netinet6/ip6_var.h> 82 #include <netinet6/scope6_var.h> 83 #include <netinet6/nd6.h> 84 #endif 85 86 #include <crypto/sha1.h> 87 88 static MALLOC_DEFINE(M_CARP, "CARP", "CARP addresses"); 89 90 struct carp_softc { 91 struct ifnet *sc_carpdev; /* Pointer to parent ifnet. */ 92 struct ifaddr **sc_ifas; /* Our ifaddrs. */ 93 struct sockaddr_dl sc_addr; /* Our link level address. */ 94 struct callout sc_ad_tmo; /* Advertising timeout. */ 95 #ifdef INET 96 struct callout sc_md_tmo; /* Master down timeout. */ 97 #endif 98 #ifdef INET6 99 struct callout sc_md6_tmo; /* XXX: Master down timeout. */ 100 #endif 101 struct mtx sc_mtx; 102 103 int sc_vhid; 104 int sc_advskew; 105 int sc_advbase; 106 107 int sc_naddrs; 108 int sc_naddrs6; 109 int sc_ifasiz; 110 enum { INIT = 0, BACKUP, MASTER } sc_state; 111 int sc_suppress; 112 int sc_sendad_errors; 113 #define CARP_SENDAD_MAX_ERRORS 3 114 int sc_sendad_success; 115 #define CARP_SENDAD_MIN_SUCCESS 3 116 117 int sc_init_counter; 118 uint64_t sc_counter; 119 120 /* authentication */ 121 #define CARP_HMAC_PAD 64 122 unsigned char sc_key[CARP_KEY_LEN]; 123 unsigned char sc_pad[CARP_HMAC_PAD]; 124 SHA1_CTX sc_sha1; 125 126 TAILQ_ENTRY(carp_softc) sc_list; /* On the carp_if list. */ 127 LIST_ENTRY(carp_softc) sc_next; /* On the global list. */ 128 }; 129 130 struct carp_if { 131 #ifdef INET 132 int cif_naddrs; 133 #endif 134 #ifdef INET6 135 int cif_naddrs6; 136 #endif 137 TAILQ_HEAD(, carp_softc) cif_vrs; 138 #ifdef INET 139 struct ip_moptions cif_imo; 140 #endif 141 #ifdef INET6 142 struct ip6_moptions cif_im6o; 143 #endif 144 struct ifnet *cif_ifp; 145 struct mtx cif_mtx; 146 }; 147 148 #define CARP_INET 0 149 #define CARP_INET6 1 150 static int proto_reg[] = {-1, -1}; 151 152 /* 153 * Brief design of carp(4). 154 * 155 * Any carp-capable ifnet may have a list of carp softcs hanging off 156 * its ifp->if_carp pointer. Each softc represents one unique virtual 157 * host id, or vhid. The softc has a back pointer to the ifnet. All 158 * softcs are joined in a global list, which has quite limited use. 159 * 160 * Any interface address that takes part in CARP negotiation has a 161 * pointer to the softc of its vhid, ifa->ifa_carp. That could be either 162 * AF_INET or AF_INET6 address. 163 * 164 * Although, one can get the softc's backpointer to ifnet and traverse 165 * through its ifp->if_addrhead queue to find all interface addresses 166 * involved in CARP, we keep a growable array of ifaddr pointers. This 167 * allows us to avoid grabbing the IF_ADDR_LOCK() in many traversals that 168 * do calls into the network stack, thus avoiding LORs. 169 * 170 * Locking: 171 * 172 * Each softc has a lock sc_mtx. It is used to synchronise carp_input_c(), 173 * callout-driven events and ioctl()s. 174 * 175 * To traverse the list of softcs on an ifnet we use CIF_LOCK(), to 176 * traverse the global list we use the mutex carp_mtx. 177 * 178 * Known issues with locking: 179 * 180 * - There is no protection for races between two ioctl() requests, 181 * neither SIOCSVH, nor SIOCAIFADDR & SIOCAIFADDR_IN6. I think that all 182 * interface ioctl()s should be serialized right in net/if.c. 183 * - Sending ad, we put the pointer to the softc in an mtag, and no reference 184 * counting is done on the softc. 185 * - On module unload we may race (?) with packet processing thread 186 * dereferencing our function pointers. 187 */ 188 189 static int carp_allow = 1; /* Accept incoming CARP packets. */ 190 static int carp_preempt = 0; /* Preempt slower nodes. */ 191 static int carp_log = 1; /* Log level. */ 192 static int carp_demotion = 0; /* Global advskew demotion. */ 193 static int carp_senderr_adj = CARP_MAXSKEW; /* Send error demotion factor */ 194 static int carp_ifdown_adj = CARP_MAXSKEW; /* Iface down demotion factor */ 195 196 SYSCTL_NODE(_net_inet, IPPROTO_CARP, carp, CTLFLAG_RW, 0, "CARP"); 197 SYSCTL_INT(_net_inet_carp, OID_AUTO, allow, CTLFLAG_RW, &carp_allow, 0, 198 "Accept incoming CARP packets"); 199 SYSCTL_INT(_net_inet_carp, OID_AUTO, preempt, CTLFLAG_RW, &carp_preempt, 0, 200 "High-priority backup preemption mode"); 201 SYSCTL_INT(_net_inet_carp, OID_AUTO, log, CTLFLAG_RW, &carp_log, 0, 202 "CARP log level"); 203 SYSCTL_INT(_net_inet_carp, OID_AUTO, demotion, CTLFLAG_RW, &carp_demotion, 0, 204 "Demotion factor (skew of advskew)"); 205 SYSCTL_INT(_net_inet_carp, OID_AUTO, senderr_demotion_factor, CTLFLAG_RW, 206 &carp_senderr_adj, 0, "Send error demotion factor adjustment"); 207 SYSCTL_INT(_net_inet_carp, OID_AUTO, ifdown_demotion_factor, CTLFLAG_RW, 208 &carp_ifdown_adj, 0, "Interface down demotion factor adjustment"); 209 210 static struct carpstats carpstats; 211 SYSCTL_STRUCT(_net_inet_carp, OID_AUTO, stats, CTLFLAG_RW, &carpstats, 212 carpstats, "CARP statistics (struct carpstats, netinet/ip_carp.h)"); 213 214 #define CARP_LOCK_INIT(sc) mtx_init(&(sc)->sc_mtx, "carp_softc", \ 215 NULL, MTX_DEF) 216 #define CARP_LOCK_DESTROY(sc) mtx_destroy(&(sc)->sc_mtx) 217 #define CARP_LOCK_ASSERT(sc) mtx_assert(&(sc)->sc_mtx, MA_OWNED) 218 #define CARP_LOCK(sc) mtx_lock(&(sc)->sc_mtx) 219 #define CARP_UNLOCK(sc) mtx_unlock(&(sc)->sc_mtx) 220 #define CIF_LOCK_INIT(cif) mtx_init(&(cif)->cif_mtx, "carp_if", \ 221 NULL, MTX_DEF) 222 #define CIF_LOCK_DESTROY(cif) mtx_destroy(&(cif)->cif_mtx) 223 #define CIF_LOCK_ASSERT(cif) mtx_assert(&(cif)->cif_mtx, MA_OWNED) 224 #define CIF_LOCK(cif) mtx_lock(&(cif)->cif_mtx) 225 #define CIF_UNLOCK(cif) mtx_unlock(&(cif)->cif_mtx) 226 227 #define CARP_LOG(...) do { \ 228 if (carp_log > 0) \ 229 log(LOG_INFO, "carp: " __VA_ARGS__); \ 230 } while (0) 231 232 #define CARP_DEBUG(...) do { \ 233 if (carp_log > 1) \ 234 log(LOG_DEBUG, __VA_ARGS__); \ 235 } while (0) 236 237 #define IFNET_FOREACH_IFA(ifp, ifa) \ 238 IF_ADDR_LOCK_ASSERT(ifp); \ 239 TAILQ_FOREACH((ifa), &(ifp)->if_addrhead, ifa_link) \ 240 if ((ifa)->ifa_carp != NULL) 241 242 #define CARP_FOREACH_IFA(sc, ifa) \ 243 CARP_LOCK_ASSERT(sc); \ 244 for (int _i = 0; \ 245 _i < (sc)->sc_naddrs + (sc)->sc_naddrs6 && \ 246 ((ifa) = sc->sc_ifas[_i]) != NULL; \ 247 ++_i) 248 249 #define IFNET_FOREACH_CARP(ifp, sc) \ 250 CIF_LOCK_ASSERT(ifp->if_carp); \ 251 TAILQ_FOREACH((sc), &(ifp)->if_carp->cif_vrs, sc_list) 252 253 #define DEMOTE_ADVSKEW(sc) \ 254 (((sc)->sc_advskew + carp_demotion > CARP_MAXSKEW) ? \ 255 CARP_MAXSKEW : ((sc)->sc_advskew + carp_demotion)) 256 257 static void carp_input_c(struct mbuf *, struct carp_header *, sa_family_t); 258 static struct carp_softc 259 *carp_alloc(struct ifnet *); 260 static void carp_destroy(struct carp_softc *); 261 static struct carp_if 262 *carp_alloc_if(struct ifnet *); 263 static void carp_free_if(struct carp_if *); 264 static void carp_set_state(struct carp_softc *, int); 265 static void carp_sc_state(struct carp_softc *); 266 static void carp_setrun(struct carp_softc *, sa_family_t); 267 static void carp_master_down(void *); 268 static void carp_master_down_locked(struct carp_softc *); 269 static void carp_send_ad(void *); 270 static void carp_send_ad_locked(struct carp_softc *); 271 static void carp_addroute(struct carp_softc *); 272 static void carp_delroute(struct carp_softc *); 273 static void carp_send_ad_all(void *, int); 274 static void carp_demote_adj(int, char *); 275 276 static LIST_HEAD(, carp_softc) carp_list; 277 static struct mtx carp_mtx; 278 static struct task carp_sendall_task = 279 TASK_INITIALIZER(0, carp_send_ad_all, NULL); 280 281 static __inline uint16_t 282 carp_cksum(struct mbuf *m, int len) 283 { 284 return (in_cksum(m, len)); 285 } 286 287 static void 288 carp_hmac_prepare(struct carp_softc *sc) 289 { 290 uint8_t version = CARP_VERSION, type = CARP_ADVERTISEMENT; 291 uint8_t vhid = sc->sc_vhid & 0xff; 292 struct ifaddr *ifa; 293 int i, found; 294 #ifdef INET 295 struct in_addr last, cur, in; 296 #endif 297 #ifdef INET6 298 struct in6_addr last6, cur6, in6; 299 #endif 300 301 CARP_LOCK_ASSERT(sc); 302 303 /* Compute ipad from key. */ 304 bzero(sc->sc_pad, sizeof(sc->sc_pad)); 305 bcopy(sc->sc_key, sc->sc_pad, sizeof(sc->sc_key)); 306 for (i = 0; i < sizeof(sc->sc_pad); i++) 307 sc->sc_pad[i] ^= 0x36; 308 309 /* Precompute first part of inner hash. */ 310 SHA1Init(&sc->sc_sha1); 311 SHA1Update(&sc->sc_sha1, sc->sc_pad, sizeof(sc->sc_pad)); 312 SHA1Update(&sc->sc_sha1, (void *)&version, sizeof(version)); 313 SHA1Update(&sc->sc_sha1, (void *)&type, sizeof(type)); 314 SHA1Update(&sc->sc_sha1, (void *)&vhid, sizeof(vhid)); 315 #ifdef INET 316 cur.s_addr = 0; 317 do { 318 found = 0; 319 last = cur; 320 cur.s_addr = 0xffffffff; 321 CARP_FOREACH_IFA(sc, ifa) { 322 in.s_addr = ifatoia(ifa)->ia_addr.sin_addr.s_addr; 323 if (ifa->ifa_addr->sa_family == AF_INET && 324 ntohl(in.s_addr) > ntohl(last.s_addr) && 325 ntohl(in.s_addr) < ntohl(cur.s_addr)) { 326 cur.s_addr = in.s_addr; 327 found++; 328 } 329 } 330 if (found) 331 SHA1Update(&sc->sc_sha1, (void *)&cur, sizeof(cur)); 332 } while (found); 333 #endif /* INET */ 334 #ifdef INET6 335 memset(&cur6, 0, sizeof(cur6)); 336 do { 337 found = 0; 338 last6 = cur6; 339 memset(&cur6, 0xff, sizeof(cur6)); 340 CARP_FOREACH_IFA(sc, ifa) { 341 in6 = ifatoia6(ifa)->ia_addr.sin6_addr; 342 if (IN6_IS_SCOPE_EMBED(&in6)) 343 in6.s6_addr16[1] = 0; 344 if (ifa->ifa_addr->sa_family == AF_INET6 && 345 memcmp(&in6, &last6, sizeof(in6)) > 0 && 346 memcmp(&in6, &cur6, sizeof(in6)) < 0) { 347 cur6 = in6; 348 found++; 349 } 350 } 351 if (found) 352 SHA1Update(&sc->sc_sha1, (void *)&cur6, sizeof(cur6)); 353 } while (found); 354 #endif /* INET6 */ 355 356 /* convert ipad to opad */ 357 for (i = 0; i < sizeof(sc->sc_pad); i++) 358 sc->sc_pad[i] ^= 0x36 ^ 0x5c; 359 } 360 361 static void 362 carp_hmac_generate(struct carp_softc *sc, uint32_t counter[2], 363 unsigned char md[20]) 364 { 365 SHA1_CTX sha1ctx; 366 367 CARP_LOCK_ASSERT(sc); 368 369 /* fetch first half of inner hash */ 370 bcopy(&sc->sc_sha1, &sha1ctx, sizeof(sha1ctx)); 371 372 SHA1Update(&sha1ctx, (void *)counter, sizeof(sc->sc_counter)); 373 SHA1Final(md, &sha1ctx); 374 375 /* outer hash */ 376 SHA1Init(&sha1ctx); 377 SHA1Update(&sha1ctx, sc->sc_pad, sizeof(sc->sc_pad)); 378 SHA1Update(&sha1ctx, md, 20); 379 SHA1Final(md, &sha1ctx); 380 } 381 382 static int 383 carp_hmac_verify(struct carp_softc *sc, uint32_t counter[2], 384 unsigned char md[20]) 385 { 386 unsigned char md2[20]; 387 388 CARP_LOCK_ASSERT(sc); 389 390 carp_hmac_generate(sc, counter, md2); 391 392 return (bcmp(md, md2, sizeof(md2))); 393 } 394 395 /* 396 * process input packet. 397 * we have rearranged checks order compared to the rfc, 398 * but it seems more efficient this way or not possible otherwise. 399 */ 400 #ifdef INET 401 void 402 carp_input(struct mbuf *m, int hlen) 403 { 404 struct ip *ip = mtod(m, struct ip *); 405 struct carp_header *ch; 406 int iplen, len; 407 408 CARPSTATS_INC(carps_ipackets); 409 410 if (!carp_allow) { 411 m_freem(m); 412 return; 413 } 414 415 /* verify that the IP TTL is 255. */ 416 if (ip->ip_ttl != CARP_DFLTTL) { 417 CARPSTATS_INC(carps_badttl); 418 CARP_DEBUG("%s: received ttl %d != 255 on %s\n", __func__, 419 ip->ip_ttl, 420 m->m_pkthdr.rcvif->if_xname); 421 m_freem(m); 422 return; 423 } 424 425 iplen = ip->ip_hl << 2; 426 427 if (m->m_pkthdr.len < iplen + sizeof(*ch)) { 428 CARPSTATS_INC(carps_badlen); 429 CARP_DEBUG("%s: received len %zd < sizeof(struct carp_header) " 430 "on %s\n", __func__, m->m_len - sizeof(struct ip), 431 m->m_pkthdr.rcvif->if_xname); 432 m_freem(m); 433 return; 434 } 435 436 if (iplen + sizeof(*ch) < m->m_len) { 437 if ((m = m_pullup(m, iplen + sizeof(*ch))) == NULL) { 438 CARPSTATS_INC(carps_hdrops); 439 CARP_DEBUG("%s: pullup failed\n", __func__); 440 return; 441 } 442 ip = mtod(m, struct ip *); 443 } 444 ch = (struct carp_header *)((char *)ip + iplen); 445 446 /* 447 * verify that the received packet length is 448 * equal to the CARP header 449 */ 450 len = iplen + sizeof(*ch); 451 if (len > m->m_pkthdr.len) { 452 CARPSTATS_INC(carps_badlen); 453 CARP_DEBUG("%s: packet too short %d on %s\n", __func__, 454 m->m_pkthdr.len, 455 m->m_pkthdr.rcvif->if_xname); 456 m_freem(m); 457 return; 458 } 459 460 if ((m = m_pullup(m, len)) == NULL) { 461 CARPSTATS_INC(carps_hdrops); 462 return; 463 } 464 ip = mtod(m, struct ip *); 465 ch = (struct carp_header *)((char *)ip + iplen); 466 467 /* verify the CARP checksum */ 468 m->m_data += iplen; 469 if (carp_cksum(m, len - iplen)) { 470 CARPSTATS_INC(carps_badsum); 471 CARP_DEBUG("%s: checksum failed on %s\n", __func__, 472 m->m_pkthdr.rcvif->if_xname); 473 m_freem(m); 474 return; 475 } 476 m->m_data -= iplen; 477 478 carp_input_c(m, ch, AF_INET); 479 } 480 #endif 481 482 #ifdef INET6 483 int 484 carp6_input(struct mbuf **mp, int *offp, int proto) 485 { 486 struct mbuf *m = *mp; 487 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 488 struct carp_header *ch; 489 u_int len; 490 491 CARPSTATS_INC(carps_ipackets6); 492 493 if (!carp_allow) { 494 m_freem(m); 495 return (IPPROTO_DONE); 496 } 497 498 /* check if received on a valid carp interface */ 499 if (m->m_pkthdr.rcvif->if_carp == NULL) { 500 CARPSTATS_INC(carps_badif); 501 CARP_DEBUG("%s: packet received on non-carp interface: %s\n", 502 __func__, m->m_pkthdr.rcvif->if_xname); 503 m_freem(m); 504 return (IPPROTO_DONE); 505 } 506 507 /* verify that the IP TTL is 255 */ 508 if (ip6->ip6_hlim != CARP_DFLTTL) { 509 CARPSTATS_INC(carps_badttl); 510 CARP_DEBUG("%s: received ttl %d != 255 on %s\n", __func__, 511 ip6->ip6_hlim, m->m_pkthdr.rcvif->if_xname); 512 m_freem(m); 513 return (IPPROTO_DONE); 514 } 515 516 /* verify that we have a complete carp packet */ 517 len = m->m_len; 518 IP6_EXTHDR_GET(ch, struct carp_header *, m, *offp, sizeof(*ch)); 519 if (ch == NULL) { 520 CARPSTATS_INC(carps_badlen); 521 CARP_DEBUG("%s: packet size %u too small\n", __func__, len); 522 return (IPPROTO_DONE); 523 } 524 525 526 /* verify the CARP checksum */ 527 m->m_data += *offp; 528 if (carp_cksum(m, sizeof(*ch))) { 529 CARPSTATS_INC(carps_badsum); 530 CARP_DEBUG("%s: checksum failed, on %s\n", __func__, 531 m->m_pkthdr.rcvif->if_xname); 532 m_freem(m); 533 return (IPPROTO_DONE); 534 } 535 m->m_data -= *offp; 536 537 carp_input_c(m, ch, AF_INET6); 538 return (IPPROTO_DONE); 539 } 540 #endif /* INET6 */ 541 542 static void 543 carp_input_c(struct mbuf *m, struct carp_header *ch, sa_family_t af) 544 { 545 struct ifnet *ifp = m->m_pkthdr.rcvif; 546 struct ifaddr *ifa; 547 struct carp_softc *sc; 548 uint64_t tmp_counter; 549 struct timeval sc_tv, ch_tv; 550 551 /* verify that the VHID is valid on the receiving interface */ 552 IF_ADDR_RLOCK(ifp); 553 IFNET_FOREACH_IFA(ifp, ifa) 554 if (ifa->ifa_addr->sa_family == af && 555 ifa->ifa_carp->sc_vhid == ch->carp_vhid) { 556 ifa_ref(ifa); 557 break; 558 } 559 IF_ADDR_RUNLOCK(ifp); 560 561 if (ifa == NULL) { 562 CARPSTATS_INC(carps_badvhid); 563 m_freem(m); 564 return; 565 } 566 567 /* verify the CARP version. */ 568 if (ch->carp_version != CARP_VERSION) { 569 CARPSTATS_INC(carps_badver); 570 CARP_DEBUG("%s: invalid version %d\n", ifp->if_xname, 571 ch->carp_version); 572 ifa_free(ifa); 573 m_freem(m); 574 return; 575 } 576 577 sc = ifa->ifa_carp; 578 CARP_LOCK(sc); 579 ifa_free(ifa); 580 581 if (carp_hmac_verify(sc, ch->carp_counter, ch->carp_md)) { 582 CARPSTATS_INC(carps_badauth); 583 CARP_DEBUG("%s: incorrect hash for VHID %u@%s\n", __func__, 584 sc->sc_vhid, ifp->if_xname); 585 goto out; 586 } 587 588 tmp_counter = ntohl(ch->carp_counter[0]); 589 tmp_counter = tmp_counter<<32; 590 tmp_counter += ntohl(ch->carp_counter[1]); 591 592 /* XXX Replay protection goes here */ 593 594 sc->sc_init_counter = 0; 595 sc->sc_counter = tmp_counter; 596 597 sc_tv.tv_sec = sc->sc_advbase; 598 sc_tv.tv_usec = DEMOTE_ADVSKEW(sc) * 1000000 / 256; 599 ch_tv.tv_sec = ch->carp_advbase; 600 ch_tv.tv_usec = ch->carp_advskew * 1000000 / 256; 601 602 switch (sc->sc_state) { 603 case INIT: 604 break; 605 case MASTER: 606 /* 607 * If we receive an advertisement from a master who's going to 608 * be more frequent than us, go into BACKUP state. 609 */ 610 if (timevalcmp(&sc_tv, &ch_tv, >) || 611 timevalcmp(&sc_tv, &ch_tv, ==)) { 612 callout_stop(&sc->sc_ad_tmo); 613 CARP_LOG("VHID %u@%s: MASTER -> BACKUP " 614 "(more frequent advertisement received)\n", 615 sc->sc_vhid, 616 sc->sc_carpdev->if_xname); 617 carp_set_state(sc, BACKUP); 618 carp_setrun(sc, 0); 619 carp_delroute(sc); 620 } 621 break; 622 case BACKUP: 623 /* 624 * If we're pre-empting masters who advertise slower than us, 625 * and this one claims to be slower, treat him as down. 626 */ 627 if (carp_preempt && timevalcmp(&sc_tv, &ch_tv, <)) { 628 CARP_LOG("VHID %u@%s: BACKUP -> MASTER " 629 "(preempting a slower master)\n", 630 sc->sc_vhid, 631 sc->sc_carpdev->if_xname); 632 carp_master_down_locked(sc); 633 break; 634 } 635 636 /* 637 * If the master is going to advertise at such a low frequency 638 * that he's guaranteed to time out, we'd might as well just 639 * treat him as timed out now. 640 */ 641 sc_tv.tv_sec = sc->sc_advbase * 3; 642 if (timevalcmp(&sc_tv, &ch_tv, <)) { 643 CARP_LOG("VHID %u@%s: BACKUP -> MASTER " 644 "(master timed out)\n", 645 sc->sc_vhid, 646 sc->sc_carpdev->if_xname); 647 carp_master_down_locked(sc); 648 break; 649 } 650 651 /* 652 * Otherwise, we reset the counter and wait for the next 653 * advertisement. 654 */ 655 carp_setrun(sc, af); 656 break; 657 } 658 659 out: 660 CARP_UNLOCK(sc); 661 m_freem(m); 662 } 663 664 static int 665 carp_prepare_ad(struct mbuf *m, struct carp_softc *sc, struct carp_header *ch) 666 { 667 struct m_tag *mtag; 668 669 if (sc->sc_init_counter) { 670 /* this could also be seconds since unix epoch */ 671 sc->sc_counter = arc4random(); 672 sc->sc_counter = sc->sc_counter << 32; 673 sc->sc_counter += arc4random(); 674 } else 675 sc->sc_counter++; 676 677 ch->carp_counter[0] = htonl((sc->sc_counter>>32)&0xffffffff); 678 ch->carp_counter[1] = htonl(sc->sc_counter&0xffffffff); 679 680 carp_hmac_generate(sc, ch->carp_counter, ch->carp_md); 681 682 /* Tag packet for carp_output */ 683 if ((mtag = m_tag_get(PACKET_TAG_CARP, sizeof(struct carp_softc *), 684 M_NOWAIT)) == NULL) { 685 m_freem(m); 686 CARPSTATS_INC(carps_onomem); 687 return (ENOMEM); 688 } 689 bcopy(&sc, (caddr_t)(mtag + 1), sizeof(struct carp_softc *)); 690 m_tag_prepend(m, mtag); 691 692 return (0); 693 } 694 695 /* 696 * To avoid LORs and possible recursions this function shouldn't 697 * be called directly, but scheduled via taskqueue. 698 */ 699 static void 700 carp_send_ad_all(void *ctx __unused, int pending __unused) 701 { 702 struct carp_softc *sc; 703 704 mtx_lock(&carp_mtx); 705 LIST_FOREACH(sc, &carp_list, sc_next) 706 if (sc->sc_state == MASTER) { 707 CARP_LOCK(sc); 708 carp_send_ad_locked(sc); 709 CARP_UNLOCK(sc); 710 } 711 mtx_unlock(&carp_mtx); 712 } 713 714 static void 715 carp_send_ad(void *v) 716 { 717 struct carp_softc *sc = v; 718 719 CARP_LOCK_ASSERT(sc); 720 carp_send_ad_locked(sc); 721 CARP_UNLOCK(sc); 722 } 723 724 static void 725 carp_send_ad_locked(struct carp_softc *sc) 726 { 727 struct carp_header ch; 728 struct timeval tv; 729 struct sockaddr sa; 730 struct ifaddr *ifa; 731 struct carp_header *ch_ptr; 732 struct mbuf *m; 733 int len, advskew; 734 735 CARP_LOCK_ASSERT(sc); 736 737 advskew = DEMOTE_ADVSKEW(sc); 738 tv.tv_sec = sc->sc_advbase; 739 tv.tv_usec = advskew * 1000000 / 256; 740 741 ch.carp_version = CARP_VERSION; 742 ch.carp_type = CARP_ADVERTISEMENT; 743 ch.carp_vhid = sc->sc_vhid; 744 ch.carp_advbase = sc->sc_advbase; 745 ch.carp_advskew = advskew; 746 ch.carp_authlen = 7; /* XXX DEFINE */ 747 ch.carp_pad1 = 0; /* must be zero */ 748 ch.carp_cksum = 0; 749 750 /* XXXGL: OpenBSD picks first ifaddr with needed family. */ 751 752 #ifdef INET 753 if (sc->sc_naddrs) { 754 struct ip *ip; 755 756 MGETHDR(m, M_NOWAIT, MT_HEADER); 757 if (m == NULL) { 758 CARPSTATS_INC(carps_onomem); 759 /* XXX maybe less ? */ 760 callout_reset(&sc->sc_ad_tmo, tvtohz(&tv), 761 carp_send_ad, sc); 762 return; 763 } 764 len = sizeof(*ip) + sizeof(ch); 765 m->m_pkthdr.len = len; 766 m->m_pkthdr.rcvif = NULL; 767 m->m_len = len; 768 MH_ALIGN(m, m->m_len); 769 m->m_flags |= M_MCAST; 770 ip = mtod(m, struct ip *); 771 ip->ip_v = IPVERSION; 772 ip->ip_hl = sizeof(*ip) >> 2; 773 ip->ip_tos = IPTOS_LOWDELAY; 774 ip->ip_len = len; 775 ip->ip_id = ip_newid(); 776 ip->ip_off = IP_DF; 777 ip->ip_ttl = CARP_DFLTTL; 778 ip->ip_p = IPPROTO_CARP; 779 ip->ip_sum = 0; 780 781 bzero(&sa, sizeof(sa)); 782 sa.sa_family = AF_INET; 783 ifa = ifaof_ifpforaddr(&sa, sc->sc_carpdev); 784 if (ifa != NULL) { 785 ip->ip_src.s_addr = 786 ifatoia(ifa)->ia_addr.sin_addr.s_addr; 787 ifa_free(ifa); 788 } else 789 ip->ip_src.s_addr = 0; 790 ip->ip_dst.s_addr = htonl(INADDR_CARP_GROUP); 791 792 ch_ptr = (struct carp_header *)(&ip[1]); 793 bcopy(&ch, ch_ptr, sizeof(ch)); 794 if (carp_prepare_ad(m, sc, ch_ptr)) 795 return; 796 797 m->m_data += sizeof(*ip); 798 ch_ptr->carp_cksum = carp_cksum(m, len - sizeof(*ip)); 799 m->m_data -= sizeof(*ip); 800 801 CARPSTATS_INC(carps_opackets); 802 803 if (ip_output(m, NULL, NULL, IP_RAWOUTPUT, 804 &sc->sc_carpdev->if_carp->cif_imo, NULL)) { 805 if (sc->sc_sendad_errors < INT_MAX) 806 sc->sc_sendad_errors++; 807 if (sc->sc_sendad_errors == CARP_SENDAD_MAX_ERRORS) 808 carp_demote_adj(carp_senderr_adj, "send error"); 809 sc->sc_sendad_success = 0; 810 } else { 811 if (sc->sc_sendad_errors >= CARP_SENDAD_MAX_ERRORS) { 812 if (++sc->sc_sendad_success >= 813 CARP_SENDAD_MIN_SUCCESS) { 814 carp_demote_adj(-carp_senderr_adj, 815 "send ok"); 816 sc->sc_sendad_errors = 0; 817 } 818 } else 819 sc->sc_sendad_errors = 0; 820 } 821 } 822 #endif /* INET */ 823 #ifdef INET6 824 if (sc->sc_naddrs6) { 825 struct ip6_hdr *ip6; 826 827 MGETHDR(m, M_NOWAIT, MT_HEADER); 828 if (m == NULL) { 829 CARPSTATS_INC(carps_onomem); 830 /* XXX maybe less ? */ 831 callout_reset(&sc->sc_ad_tmo, tvtohz(&tv), 832 carp_send_ad, sc); 833 return; 834 } 835 len = sizeof(*ip6) + sizeof(ch); 836 m->m_pkthdr.len = len; 837 m->m_pkthdr.rcvif = NULL; 838 m->m_len = len; 839 MH_ALIGN(m, m->m_len); 840 m->m_flags |= M_MCAST; 841 ip6 = mtod(m, struct ip6_hdr *); 842 bzero(ip6, sizeof(*ip6)); 843 ip6->ip6_vfc |= IPV6_VERSION; 844 ip6->ip6_hlim = CARP_DFLTTL; 845 ip6->ip6_nxt = IPPROTO_CARP; 846 bzero(&sa, sizeof(sa)); 847 848 /* set the source address */ 849 sa.sa_family = AF_INET6; 850 ifa = ifaof_ifpforaddr(&sa, sc->sc_carpdev); 851 if (ifa != NULL) { 852 bcopy(IFA_IN6(ifa), &ip6->ip6_src, 853 sizeof(struct in6_addr)); 854 ifa_free(ifa); 855 } else 856 /* This should never happen with IPv6. */ 857 bzero(&ip6->ip6_src, sizeof(struct in6_addr)); 858 859 /* Set the multicast destination. */ 860 ip6->ip6_dst.s6_addr16[0] = htons(0xff02); 861 ip6->ip6_dst.s6_addr8[15] = 0x12; 862 if (in6_setscope(&ip6->ip6_dst, sc->sc_carpdev, NULL) != 0) { 863 m_freem(m); 864 CARP_DEBUG("%s: in6_setscope failed\n", __func__); 865 return; 866 } 867 868 ch_ptr = (struct carp_header *)(&ip6[1]); 869 bcopy(&ch, ch_ptr, sizeof(ch)); 870 if (carp_prepare_ad(m, sc, ch_ptr)) 871 return; 872 873 m->m_data += sizeof(*ip6); 874 ch_ptr->carp_cksum = carp_cksum(m, len - sizeof(*ip6)); 875 m->m_data -= sizeof(*ip6); 876 877 CARPSTATS_INC(carps_opackets6); 878 879 if (ip6_output(m, NULL, NULL, 0, 880 &sc->sc_carpdev->if_carp->cif_im6o, NULL, NULL)) { 881 if (sc->sc_sendad_errors < INT_MAX) 882 sc->sc_sendad_errors++; 883 if (sc->sc_sendad_errors == CARP_SENDAD_MAX_ERRORS) 884 carp_demote_adj(carp_senderr_adj, 885 "send6 error"); 886 sc->sc_sendad_success = 0; 887 } else { 888 if (sc->sc_sendad_errors >= CARP_SENDAD_MAX_ERRORS) { 889 if (++sc->sc_sendad_success >= 890 CARP_SENDAD_MIN_SUCCESS) { 891 carp_demote_adj(-carp_senderr_adj, 892 "send6 ok"); 893 sc->sc_sendad_errors = 0; 894 } 895 } else 896 sc->sc_sendad_errors = 0; 897 } 898 } 899 #endif /* INET6 */ 900 901 callout_reset(&sc->sc_ad_tmo, tvtohz(&tv), carp_send_ad, sc); 902 } 903 904 static void 905 carp_addroute(struct carp_softc *sc) 906 { 907 struct ifaddr *ifa; 908 909 CARP_FOREACH_IFA(sc, ifa) 910 switch (ifa->ifa_addr->sa_family) { 911 #ifdef INET 912 case AF_INET: 913 in_addprefix(ifatoia(ifa), RTF_UP); 914 ifa_add_loopback_route(ifa, 915 (struct sockaddr *)&ifatoia(ifa)->ia_addr); 916 break; 917 #endif 918 #ifdef INET6 919 case AF_INET6: 920 ifa_add_loopback_route(ifa, 921 (struct sockaddr *)&ifatoia6(ifa)->ia_addr); 922 in6_ifaddloop(ifa); 923 break; 924 #endif 925 } 926 } 927 928 static void 929 carp_delroute(struct carp_softc *sc) 930 { 931 struct ifaddr *ifa; 932 933 CARP_FOREACH_IFA(sc, ifa) 934 switch (ifa->ifa_addr->sa_family) { 935 #ifdef INET 936 case AF_INET: 937 ifa_del_loopback_route(ifa, 938 (struct sockaddr *)&ifatoia(ifa)->ia_addr); 939 in_scrubprefix(ifatoia(ifa), LLE_STATIC); 940 break; 941 #endif 942 #ifdef INET6 943 case AF_INET6: 944 ifa_del_loopback_route(ifa, 945 (struct sockaddr *)&ifatoia6(ifa)->ia_addr); 946 in6_ifremloop(ifa); 947 break; 948 #endif 949 } 950 } 951 952 #ifdef INET 953 /* 954 * Broadcast a gratuitous ARP request containing 955 * the virtual router MAC address for each IP address 956 * associated with the virtual router. 957 */ 958 static void 959 carp_send_arp(struct carp_softc *sc) 960 { 961 struct ifaddr *ifa; 962 963 CARP_FOREACH_IFA(sc, ifa) 964 if (ifa->ifa_addr->sa_family == AF_INET) 965 arp_ifinit2(sc->sc_carpdev, ifa, LLADDR(&sc->sc_addr)); 966 } 967 968 int 969 carp_iamatch(struct ifaddr *ifa, uint8_t **enaddr) 970 { 971 struct carp_softc *sc = ifa->ifa_carp; 972 973 if (sc->sc_state == MASTER) { 974 *enaddr = LLADDR(&sc->sc_addr); 975 return (1); 976 } 977 978 return (0); 979 } 980 #endif 981 982 #ifdef INET6 983 static void 984 carp_send_na(struct carp_softc *sc) 985 { 986 static struct in6_addr mcast = IN6ADDR_LINKLOCAL_ALLNODES_INIT; 987 struct ifaddr *ifa; 988 struct in6_addr *in6; 989 990 CARP_FOREACH_IFA(sc, ifa) { 991 if (ifa->ifa_addr->sa_family != AF_INET6) 992 continue; 993 994 in6 = IFA_IN6(ifa); 995 nd6_na_output(sc->sc_carpdev, &mcast, in6, 996 ND_NA_FLAG_OVERRIDE, 1, NULL); 997 DELAY(1000); /* XXX */ 998 } 999 } 1000 1001 struct ifaddr * 1002 carp_iamatch6(struct ifnet *ifp, struct in6_addr *taddr) 1003 { 1004 struct ifaddr *ifa; 1005 1006 IF_ADDR_RLOCK(ifp); 1007 IFNET_FOREACH_IFA(ifp, ifa) 1008 if (ifa->ifa_addr->sa_family == AF_INET6 && 1009 ifa->ifa_carp->sc_state == MASTER && 1010 IN6_ARE_ADDR_EQUAL(taddr, IFA_IN6(ifa))) { 1011 ifa_ref(ifa); 1012 IF_ADDR_RUNLOCK(ifp); 1013 return (ifa); 1014 } 1015 IF_ADDR_RUNLOCK(ifp); 1016 1017 return (NULL); 1018 } 1019 1020 caddr_t 1021 carp_macmatch6(struct ifnet *ifp, struct mbuf *m, const struct in6_addr *taddr) 1022 { 1023 struct ifaddr *ifa; 1024 1025 IF_ADDR_RLOCK(ifp); 1026 IFNET_FOREACH_IFA(ifp, ifa) 1027 if (ifa->ifa_addr->sa_family == AF_INET6 && 1028 IN6_ARE_ADDR_EQUAL(taddr, IFA_IN6(ifa))) { 1029 struct carp_softc *sc = ifa->ifa_carp; 1030 struct m_tag *mtag; 1031 1032 IF_ADDR_RUNLOCK(ifp); 1033 1034 mtag = m_tag_get(PACKET_TAG_CARP, 1035 sizeof(struct ifnet *), M_NOWAIT); 1036 if (mtag == NULL) 1037 /* Better a bit than nothing. */ 1038 return (LLADDR(&sc->sc_addr)); 1039 1040 bcopy(&ifp, (caddr_t)(mtag + 1), 1041 sizeof(struct ifnet *)); 1042 m_tag_prepend(m, mtag); 1043 1044 return (LLADDR(&sc->sc_addr)); 1045 } 1046 IF_ADDR_RUNLOCK(ifp); 1047 1048 return (NULL); 1049 } 1050 #endif /* INET6 */ 1051 1052 int 1053 carp_forus(struct ifnet *ifp, u_char *dhost) 1054 { 1055 struct carp_softc *sc; 1056 uint8_t *ena = dhost; 1057 1058 if (ena[0] || ena[1] || ena[2] != 0x5e || ena[3] || ena[4] != 1) 1059 return (0); 1060 1061 CIF_LOCK(ifp->if_carp); 1062 IFNET_FOREACH_CARP(ifp, sc) { 1063 CARP_LOCK(sc); 1064 if (sc->sc_state == MASTER && !bcmp(dhost, LLADDR(&sc->sc_addr), 1065 ETHER_ADDR_LEN)) { 1066 CARP_UNLOCK(sc); 1067 CIF_UNLOCK(ifp->if_carp); 1068 return (1); 1069 } 1070 CARP_UNLOCK(sc); 1071 } 1072 CIF_UNLOCK(ifp->if_carp); 1073 1074 return (0); 1075 } 1076 1077 static void 1078 carp_master_down(void *v) 1079 { 1080 struct carp_softc *sc = v; 1081 1082 CARP_LOCK_ASSERT(sc); 1083 1084 if (sc->sc_state == BACKUP) { 1085 CARP_LOG("VHID %u@%s: BACKUP -> MASTER (master down)\n", 1086 sc->sc_vhid, 1087 sc->sc_carpdev->if_xname); 1088 carp_master_down_locked(sc); 1089 } 1090 1091 CARP_UNLOCK(sc); 1092 } 1093 1094 static void 1095 carp_master_down_locked(struct carp_softc *sc) 1096 { 1097 1098 CARP_LOCK_ASSERT(sc); 1099 1100 switch (sc->sc_state) { 1101 case BACKUP: 1102 carp_set_state(sc, MASTER); 1103 carp_send_ad_locked(sc); 1104 #ifdef INET 1105 carp_send_arp(sc); 1106 #endif 1107 #ifdef INET6 1108 carp_send_na(sc); 1109 #endif 1110 carp_setrun(sc, 0); 1111 carp_addroute(sc); 1112 break; 1113 case INIT: 1114 case MASTER: 1115 #ifdef INVARIANTS 1116 panic("carp: VHID %u@%s: master_down event in %s state\n", 1117 sc->sc_vhid, 1118 sc->sc_carpdev->if_xname, 1119 sc->sc_state ? "MASTER" : "INIT"); 1120 #endif 1121 break; 1122 } 1123 } 1124 1125 /* 1126 * When in backup state, af indicates whether to reset the master down timer 1127 * for v4 or v6. If it's set to zero, reset the ones which are already pending. 1128 */ 1129 static void 1130 carp_setrun(struct carp_softc *sc, sa_family_t af) 1131 { 1132 struct timeval tv; 1133 1134 CARP_LOCK_ASSERT(sc); 1135 1136 if ((sc->sc_carpdev->if_flags & IFF_UP) == 0 || 1137 sc->sc_carpdev->if_link_state != LINK_STATE_UP || 1138 (sc->sc_naddrs == 0 && sc->sc_naddrs6 == 0)) 1139 return; 1140 1141 switch (sc->sc_state) { 1142 case INIT: 1143 CARP_LOG("VHID %u@%s: INIT -> BACKUP\n", 1144 sc->sc_vhid, 1145 sc->sc_carpdev->if_xname); 1146 carp_set_state(sc, BACKUP); 1147 carp_setrun(sc, 0); 1148 break; 1149 case BACKUP: 1150 callout_stop(&sc->sc_ad_tmo); 1151 tv.tv_sec = 3 * sc->sc_advbase; 1152 tv.tv_usec = sc->sc_advskew * 1000000 / 256; 1153 switch (af) { 1154 #ifdef INET 1155 case AF_INET: 1156 callout_reset(&sc->sc_md_tmo, tvtohz(&tv), 1157 carp_master_down, sc); 1158 break; 1159 #endif 1160 #ifdef INET6 1161 case AF_INET6: 1162 callout_reset(&sc->sc_md6_tmo, tvtohz(&tv), 1163 carp_master_down, sc); 1164 break; 1165 #endif 1166 default: 1167 #ifdef INET 1168 if (sc->sc_naddrs) 1169 callout_reset(&sc->sc_md_tmo, tvtohz(&tv), 1170 carp_master_down, sc); 1171 #endif 1172 #ifdef INET6 1173 if (sc->sc_naddrs6) 1174 callout_reset(&sc->sc_md6_tmo, tvtohz(&tv), 1175 carp_master_down, sc); 1176 #endif 1177 break; 1178 } 1179 break; 1180 case MASTER: 1181 tv.tv_sec = sc->sc_advbase; 1182 tv.tv_usec = sc->sc_advskew * 1000000 / 256; 1183 callout_reset(&sc->sc_ad_tmo, tvtohz(&tv), 1184 carp_send_ad, sc); 1185 break; 1186 } 1187 } 1188 1189 /* 1190 * Setup multicast structures. 1191 */ 1192 static int 1193 carp_multicast_setup(struct carp_softc *sc, sa_family_t sa) 1194 { 1195 struct ifnet *ifp = sc->sc_carpdev; 1196 struct carp_if *cif = ifp->if_carp; 1197 int error = 0; 1198 1199 switch (sa) { 1200 #ifdef INET 1201 case AF_INET: 1202 { 1203 struct ip_moptions *imo = &cif->cif_imo; 1204 struct in_addr addr; 1205 1206 if (imo->imo_membership) 1207 return (0); 1208 1209 imo->imo_membership = (struct in_multi **)malloc( 1210 (sizeof(struct in_multi *) * IP_MIN_MEMBERSHIPS), M_CARP, 1211 M_WAITOK); 1212 imo->imo_mfilters = NULL; 1213 imo->imo_max_memberships = IP_MIN_MEMBERSHIPS; 1214 imo->imo_multicast_vif = -1; 1215 1216 addr.s_addr = htonl(INADDR_CARP_GROUP); 1217 if ((error = in_joingroup(ifp, &addr, NULL, 1218 &imo->imo_membership[0])) != 0) { 1219 free(imo->imo_membership, M_CARP); 1220 break; 1221 } 1222 imo->imo_num_memberships++; 1223 imo->imo_multicast_ifp = ifp; 1224 imo->imo_multicast_ttl = CARP_DFLTTL; 1225 imo->imo_multicast_loop = 0; 1226 break; 1227 } 1228 #endif 1229 #ifdef INET6 1230 case AF_INET6: 1231 { 1232 struct ip6_moptions *im6o = &cif->cif_im6o; 1233 struct in6_addr in6; 1234 struct in6_multi *in6m; 1235 1236 if (im6o->im6o_membership) 1237 return (0); 1238 1239 im6o->im6o_membership = (struct in6_multi **)malloc( 1240 (sizeof(struct in6_multi *) * IPV6_MIN_MEMBERSHIPS), M_CARP, 1241 M_ZERO|M_WAITOK); 1242 im6o->im6o_mfilters = NULL; 1243 im6o->im6o_max_memberships = IPV6_MIN_MEMBERSHIPS; 1244 im6o->im6o_multicast_hlim = CARP_DFLTTL; 1245 im6o->im6o_multicast_ifp = ifp; 1246 1247 /* Join IPv6 CARP multicast group. */ 1248 bzero(&in6, sizeof(in6)); 1249 in6.s6_addr16[0] = htons(0xff02); 1250 in6.s6_addr8[15] = 0x12; 1251 if ((error = in6_setscope(&in6, ifp, NULL)) != 0) { 1252 free(im6o->im6o_membership, M_CARP); 1253 break; 1254 } 1255 in6m = NULL; 1256 if ((error = in6_mc_join(ifp, &in6, NULL, &in6m, 0)) != 0) { 1257 free(im6o->im6o_membership, M_CARP); 1258 break; 1259 } 1260 im6o->im6o_membership[0] = in6m; 1261 im6o->im6o_num_memberships++; 1262 1263 /* Join solicited multicast address. */ 1264 bzero(&in6, sizeof(in6)); 1265 in6.s6_addr16[0] = htons(0xff02); 1266 in6.s6_addr32[1] = 0; 1267 in6.s6_addr32[2] = htonl(1); 1268 in6.s6_addr32[3] = 0; 1269 in6.s6_addr8[12] = 0xff; 1270 if ((error = in6_setscope(&in6, ifp, NULL)) != 0) { 1271 in6_mc_leave(im6o->im6o_membership[0], NULL); 1272 free(im6o->im6o_membership, M_CARP); 1273 break; 1274 } 1275 in6m = NULL; 1276 if ((error = in6_mc_join(ifp, &in6, NULL, &in6m, 0)) != 0) { 1277 in6_mc_leave(im6o->im6o_membership[0], NULL); 1278 free(im6o->im6o_membership, M_CARP); 1279 break; 1280 } 1281 im6o->im6o_membership[1] = in6m; 1282 im6o->im6o_num_memberships++; 1283 break; 1284 } 1285 #endif 1286 } 1287 1288 return (error); 1289 } 1290 1291 /* 1292 * Free multicast structures. 1293 */ 1294 static void 1295 carp_multicast_cleanup(struct carp_softc *sc, sa_family_t sa) 1296 { 1297 struct ifnet *ifp = sc->sc_carpdev; 1298 struct carp_if *cif = ifp->if_carp; 1299 1300 switch (sa) { 1301 #ifdef INET 1302 case AF_INET: 1303 if (sc->sc_naddrs == 0) { 1304 struct ip_moptions *imo = &cif->cif_imo; 1305 1306 in_leavegroup(imo->imo_membership[0], NULL); 1307 KASSERT(imo->imo_mfilters == NULL, 1308 ("%s: imo_mfilters != NULL", __func__)); 1309 free(imo->imo_membership, M_CARP); 1310 imo->imo_membership = NULL; 1311 1312 } 1313 break; 1314 #endif 1315 #ifdef INET6 1316 case AF_INET6: 1317 if (sc->sc_naddrs6 == 0) { 1318 struct ip6_moptions *im6o = &cif->cif_im6o; 1319 1320 in6_mc_leave(im6o->im6o_membership[0], NULL); 1321 in6_mc_leave(im6o->im6o_membership[1], NULL); 1322 KASSERT(im6o->im6o_mfilters == NULL, 1323 ("%s: im6o_mfilters != NULL", __func__)); 1324 free(im6o->im6o_membership, M_CARP); 1325 im6o->im6o_membership = NULL; 1326 } 1327 break; 1328 #endif 1329 } 1330 } 1331 1332 int 1333 carp_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *sa) 1334 { 1335 struct m_tag *mtag; 1336 struct carp_softc *sc; 1337 1338 if (!sa) 1339 return (0); 1340 1341 switch (sa->sa_family) { 1342 #ifdef INET 1343 case AF_INET: 1344 break; 1345 #endif 1346 #ifdef INET6 1347 case AF_INET6: 1348 break; 1349 #endif 1350 default: 1351 return (0); 1352 } 1353 1354 mtag = m_tag_find(m, PACKET_TAG_CARP, NULL); 1355 if (mtag == NULL) 1356 return (0); 1357 1358 bcopy(mtag + 1, &sc, sizeof(struct carp_softc *)); 1359 1360 /* Set the source MAC address to the Virtual Router MAC Address. */ 1361 switch (ifp->if_type) { 1362 case IFT_ETHER: 1363 case IFT_L2VLAN: { 1364 struct ether_header *eh; 1365 1366 eh = mtod(m, struct ether_header *); 1367 eh->ether_shost[0] = 0; 1368 eh->ether_shost[1] = 0; 1369 eh->ether_shost[2] = 0x5e; 1370 eh->ether_shost[3] = 0; 1371 eh->ether_shost[4] = 1; 1372 eh->ether_shost[5] = sc->sc_vhid; 1373 } 1374 break; 1375 case IFT_FDDI: { 1376 struct fddi_header *fh; 1377 1378 fh = mtod(m, struct fddi_header *); 1379 fh->fddi_shost[0] = 0; 1380 fh->fddi_shost[1] = 0; 1381 fh->fddi_shost[2] = 0x5e; 1382 fh->fddi_shost[3] = 0; 1383 fh->fddi_shost[4] = 1; 1384 fh->fddi_shost[5] = sc->sc_vhid; 1385 } 1386 break; 1387 case IFT_ISO88025: { 1388 struct iso88025_header *th; 1389 th = mtod(m, struct iso88025_header *); 1390 th->iso88025_shost[0] = 3; 1391 th->iso88025_shost[1] = 0; 1392 th->iso88025_shost[2] = 0x40 >> (sc->sc_vhid - 1); 1393 th->iso88025_shost[3] = 0x40000 >> (sc->sc_vhid - 1); 1394 th->iso88025_shost[4] = 0; 1395 th->iso88025_shost[5] = 0; 1396 } 1397 break; 1398 default: 1399 printf("%s: carp is not supported for the %d interface type\n", 1400 ifp->if_xname, ifp->if_type); 1401 return (EOPNOTSUPP); 1402 } 1403 1404 return (0); 1405 } 1406 1407 static struct carp_softc* 1408 carp_alloc(struct ifnet *ifp) 1409 { 1410 struct carp_softc *sc; 1411 struct carp_if *cif; 1412 1413 if ((cif = ifp->if_carp) == NULL) { 1414 cif = carp_alloc_if(ifp); 1415 if (cif == NULL) 1416 return (NULL); 1417 } 1418 1419 sc = malloc(sizeof(*sc), M_CARP, M_WAITOK|M_ZERO); 1420 1421 sc->sc_advbase = CARP_DFLTINTV; 1422 sc->sc_vhid = -1; /* required setting */ 1423 sc->sc_init_counter = 1; 1424 sc->sc_state = INIT; 1425 1426 sc->sc_ifasiz = sizeof(struct ifaddr *); 1427 sc->sc_ifas = malloc(sc->sc_ifasiz, M_CARP, M_WAITOK|M_ZERO); 1428 sc->sc_carpdev = ifp; 1429 1430 CARP_LOCK_INIT(sc); 1431 #ifdef INET 1432 callout_init_mtx(&sc->sc_md_tmo, &sc->sc_mtx, CALLOUT_RETURNUNLOCKED); 1433 #endif 1434 #ifdef INET6 1435 callout_init_mtx(&sc->sc_md6_tmo, &sc->sc_mtx, CALLOUT_RETURNUNLOCKED); 1436 #endif 1437 callout_init_mtx(&sc->sc_ad_tmo, &sc->sc_mtx, CALLOUT_RETURNUNLOCKED); 1438 1439 CIF_LOCK(cif); 1440 TAILQ_INSERT_TAIL(&cif->cif_vrs, sc, sc_list); 1441 CIF_UNLOCK(cif); 1442 1443 mtx_lock(&carp_mtx); 1444 LIST_INSERT_HEAD(&carp_list, sc, sc_next); 1445 mtx_unlock(&carp_mtx); 1446 1447 return (sc); 1448 } 1449 1450 static int 1451 carp_grow_ifas(struct carp_softc *sc) 1452 { 1453 struct ifaddr **new; 1454 1455 CARP_LOCK_ASSERT(sc); 1456 1457 new = malloc(sc->sc_ifasiz * 2, M_CARP, M_NOWAIT|M_ZERO); 1458 if (new == NULL) 1459 return (ENOMEM); 1460 bcopy(sc->sc_ifas, new, sc->sc_ifasiz); 1461 free(sc->sc_ifas, M_CARP); 1462 sc->sc_ifas = new; 1463 sc->sc_ifasiz *= 2; 1464 1465 return (0); 1466 } 1467 1468 static void 1469 carp_destroy(struct carp_softc *sc) 1470 { 1471 struct ifnet *ifp = sc->sc_carpdev; 1472 struct carp_if *cif = ifp->if_carp; 1473 1474 CIF_LOCK(cif); 1475 TAILQ_REMOVE(&cif->cif_vrs, sc, sc_list); 1476 if (TAILQ_EMPTY(&cif->cif_vrs)) 1477 carp_free_if(cif); 1478 else 1479 CIF_UNLOCK(cif); 1480 1481 mtx_lock(&carp_mtx); 1482 LIST_REMOVE(sc, sc_next); 1483 mtx_unlock(&carp_mtx); 1484 1485 CARP_LOCK(sc); 1486 if (sc->sc_suppress) 1487 carp_demote_adj(-carp_ifdown_adj, "vhid removed"); 1488 callout_drain(&sc->sc_ad_tmo); 1489 #ifdef INET 1490 callout_drain(&sc->sc_md_tmo); 1491 #endif 1492 #ifdef INET6 1493 callout_drain(&sc->sc_md6_tmo); 1494 #endif 1495 CARP_LOCK_DESTROY(sc); 1496 1497 free(sc->sc_ifas, M_CARP); 1498 free(sc, M_CARP); 1499 } 1500 1501 static struct carp_if* 1502 carp_alloc_if(struct ifnet *ifp) 1503 { 1504 struct carp_if *cif; 1505 1506 cif = malloc(sizeof(*cif), M_CARP, M_WAITOK|M_ZERO); 1507 1508 if (ifpromisc(ifp, 1) != 0) 1509 goto cleanup; 1510 1511 CIF_LOCK_INIT(cif); 1512 cif->cif_ifp = ifp; 1513 TAILQ_INIT(&cif->cif_vrs); 1514 1515 IF_ADDR_WLOCK(ifp); 1516 ifp->if_carp = cif; 1517 if_ref(ifp); 1518 IF_ADDR_WUNLOCK(ifp); 1519 1520 return (cif); 1521 1522 cleanup: 1523 free(cif, M_CARP); 1524 1525 return (NULL); 1526 } 1527 1528 static void 1529 carp_free_if(struct carp_if *cif) 1530 { 1531 struct ifnet *ifp = cif->cif_ifp; 1532 1533 CIF_LOCK_ASSERT(cif); 1534 KASSERT(TAILQ_EMPTY(&cif->cif_vrs), ("%s: softc list not empty", 1535 __func__)); 1536 1537 IF_ADDR_WLOCK(ifp); 1538 ifp->if_carp = NULL; 1539 if_rele(ifp); 1540 IF_ADDR_WUNLOCK(ifp); 1541 1542 CIF_LOCK_DESTROY(cif); 1543 1544 ifpromisc(ifp, 0); 1545 1546 free(cif, M_CARP); 1547 } 1548 1549 static void 1550 carp_carprcp(struct carpreq *carpr, struct carp_softc *sc, int priv) 1551 { 1552 1553 CARP_LOCK(sc); 1554 carpr->carpr_state = sc->sc_state; 1555 carpr->carpr_vhid = sc->sc_vhid; 1556 carpr->carpr_advbase = sc->sc_advbase; 1557 carpr->carpr_advskew = sc->sc_advskew; 1558 if (priv) 1559 bcopy(sc->sc_key, carpr->carpr_key, sizeof(carpr->carpr_key)); 1560 else 1561 bzero(carpr->carpr_key, sizeof(carpr->carpr_key)); 1562 CARP_UNLOCK(sc); 1563 } 1564 1565 int 1566 carp_ioctl(struct ifreq *ifr, u_long cmd, struct thread *td) 1567 { 1568 struct carpreq carpr; 1569 struct ifnet *ifp; 1570 struct carp_softc *sc = NULL; 1571 int error = 0, locked = 0; 1572 1573 if ((error = copyin(ifr->ifr_data, &carpr, sizeof carpr))) 1574 return (error); 1575 1576 ifp = ifunit_ref(ifr->ifr_name); 1577 if (ifp == NULL) 1578 return (ENXIO); 1579 1580 switch (ifp->if_type) { 1581 case IFT_ETHER: 1582 case IFT_L2VLAN: 1583 case IFT_FDDI: 1584 case IFT_ISO88025: 1585 break; 1586 default: 1587 error = EOPNOTSUPP; 1588 goto out; 1589 } 1590 1591 if ((ifp->if_flags & IFF_MULTICAST) == 0) { 1592 error = EADDRNOTAVAIL; 1593 goto out; 1594 } 1595 1596 switch (cmd) { 1597 case SIOCSVH: 1598 if ((error = priv_check(td, PRIV_NETINET_CARP))) 1599 break; 1600 if (carpr.carpr_vhid <= 0 || carpr.carpr_vhid > CARP_MAXVHID || 1601 carpr.carpr_advbase < 0 || carpr.carpr_advskew < 0) { 1602 error = EINVAL; 1603 break; 1604 } 1605 1606 if (ifp->if_carp) { 1607 CIF_LOCK(ifp->if_carp); 1608 IFNET_FOREACH_CARP(ifp, sc) 1609 if (sc->sc_vhid == carpr.carpr_vhid) 1610 break; 1611 CIF_UNLOCK(ifp->if_carp); 1612 } 1613 if (sc == NULL) { 1614 sc = carp_alloc(ifp); 1615 if (sc == NULL) { 1616 error = EINVAL; /* XXX: ifpromisc failed */ 1617 break; 1618 } 1619 1620 CARP_LOCK(sc); 1621 sc->sc_vhid = carpr.carpr_vhid; 1622 LLADDR(&sc->sc_addr)[0] = 0; 1623 LLADDR(&sc->sc_addr)[1] = 0; 1624 LLADDR(&sc->sc_addr)[2] = 0x5e; 1625 LLADDR(&sc->sc_addr)[3] = 0; 1626 LLADDR(&sc->sc_addr)[4] = 1; 1627 LLADDR(&sc->sc_addr)[5] = sc->sc_vhid; 1628 } else 1629 CARP_LOCK(sc); 1630 locked = 1; 1631 if (carpr.carpr_advbase > 0) { 1632 if (carpr.carpr_advbase > 255 || 1633 carpr.carpr_advbase < CARP_DFLTINTV) { 1634 error = EINVAL; 1635 break; 1636 } 1637 sc->sc_advbase = carpr.carpr_advbase; 1638 } 1639 if (carpr.carpr_advskew > 0) { 1640 if (carpr.carpr_advskew >= 255) { 1641 error = EINVAL; 1642 break; 1643 } 1644 sc->sc_advskew = carpr.carpr_advskew; 1645 } 1646 if (carpr.carpr_key[0] != '\0') { 1647 bcopy(carpr.carpr_key, sc->sc_key, sizeof(sc->sc_key)); 1648 carp_hmac_prepare(sc); 1649 } 1650 if (sc->sc_state != INIT && 1651 carpr.carpr_state != sc->sc_state) { 1652 switch (carpr.carpr_state) { 1653 case BACKUP: 1654 callout_stop(&sc->sc_ad_tmo); 1655 carp_set_state(sc, BACKUP); 1656 carp_setrun(sc, 0); 1657 carp_delroute(sc); 1658 break; 1659 case MASTER: 1660 carp_master_down_locked(sc); 1661 break; 1662 default: 1663 break; 1664 } 1665 } 1666 break; 1667 1668 case SIOCGVH: 1669 { 1670 int priveleged; 1671 1672 if (carpr.carpr_vhid < 0 || carpr.carpr_vhid > CARP_MAXVHID) { 1673 error = EINVAL; 1674 break; 1675 } 1676 if (carpr.carpr_count < 1) { 1677 error = EMSGSIZE; 1678 break; 1679 } 1680 if (ifp->if_carp == NULL) { 1681 error = ENOENT; 1682 break; 1683 } 1684 1685 priveleged = (priv_check(td, PRIV_NETINET_CARP) == 0); 1686 if (carpr.carpr_vhid != 0) { 1687 CIF_LOCK(ifp->if_carp); 1688 IFNET_FOREACH_CARP(ifp, sc) 1689 if (sc->sc_vhid == carpr.carpr_vhid) 1690 break; 1691 CIF_UNLOCK(ifp->if_carp); 1692 if (sc == NULL) { 1693 error = ENOENT; 1694 break; 1695 } 1696 carp_carprcp(&carpr, sc, priveleged); 1697 error = copyout(&carpr, ifr->ifr_data, sizeof(carpr)); 1698 } else { 1699 int i, count; 1700 1701 count = 0; 1702 CIF_LOCK(ifp->if_carp); 1703 IFNET_FOREACH_CARP(ifp, sc) 1704 count++; 1705 1706 if (count > carpr.carpr_count) { 1707 CIF_UNLOCK(ifp->if_carp); 1708 error = EMSGSIZE; 1709 break; 1710 } 1711 1712 i = 0; 1713 IFNET_FOREACH_CARP(ifp, sc) { 1714 carp_carprcp(&carpr, sc, priveleged); 1715 carpr.carpr_count = count; 1716 error = copyout(&carpr, ifr->ifr_data + 1717 (i * sizeof(carpr)), sizeof(carpr)); 1718 if (error) { 1719 CIF_UNLOCK(ifp->if_carp); 1720 break; 1721 } 1722 i++; 1723 } 1724 CIF_UNLOCK(ifp->if_carp); 1725 } 1726 break; 1727 } 1728 default: 1729 error = EINVAL; 1730 } 1731 1732 out: 1733 if (locked) 1734 CARP_UNLOCK(sc); 1735 if_rele(ifp); 1736 1737 return (error); 1738 } 1739 1740 static int 1741 carp_get_vhid(struct ifaddr *ifa) 1742 { 1743 1744 if (ifa == NULL || ifa->ifa_carp == NULL) 1745 return (0); 1746 1747 return (ifa->ifa_carp->sc_vhid); 1748 } 1749 1750 int 1751 carp_attach(struct ifaddr *ifa, int vhid) 1752 { 1753 struct ifnet *ifp = ifa->ifa_ifp; 1754 struct carp_softc *sc; 1755 int index, error; 1756 1757 if (ifp->if_carp == NULL) 1758 return (ENOPROTOOPT); 1759 1760 switch (ifa->ifa_addr->sa_family) { 1761 #ifdef INET 1762 case AF_INET: 1763 #endif 1764 #ifdef INET6 1765 case AF_INET6: 1766 #endif 1767 break; 1768 default: 1769 return (EPROTOTYPE); 1770 } 1771 1772 CIF_LOCK(ifp->if_carp); 1773 IFNET_FOREACH_CARP(ifp, sc) 1774 if (sc->sc_vhid == vhid) 1775 break; 1776 CIF_UNLOCK(ifp->if_carp); 1777 if (sc == NULL) 1778 return (ENOENT); 1779 1780 if (ifa->ifa_carp) { 1781 if (ifa->ifa_carp->sc_vhid != vhid) 1782 carp_detach(ifa); 1783 else 1784 return (0); 1785 } 1786 1787 error = carp_multicast_setup(sc, ifa->ifa_addr->sa_family); 1788 if (error) 1789 return (error); 1790 1791 CARP_LOCK(sc); 1792 index = sc->sc_naddrs + sc->sc_naddrs6 + 1; 1793 if (index > sc->sc_ifasiz / sizeof(struct ifaddr *)) 1794 if ((error = carp_grow_ifas(sc)) != 0) { 1795 carp_multicast_cleanup(sc, 1796 ifa->ifa_addr->sa_family); 1797 CARP_UNLOCK(sc); 1798 return (error); 1799 } 1800 1801 switch (ifa->ifa_addr->sa_family) { 1802 #ifdef INET 1803 case AF_INET: 1804 sc->sc_naddrs++; 1805 break; 1806 #endif 1807 #ifdef INET6 1808 case AF_INET6: 1809 sc->sc_naddrs6++; 1810 break; 1811 #endif 1812 } 1813 1814 ifa_ref(ifa); 1815 sc->sc_ifas[index - 1] = ifa; 1816 ifa->ifa_carp = sc; 1817 1818 carp_hmac_prepare(sc); 1819 carp_sc_state(sc); 1820 1821 CARP_UNLOCK(sc); 1822 1823 return (0); 1824 } 1825 1826 void 1827 carp_detach(struct ifaddr *ifa) 1828 { 1829 struct carp_softc *sc = ifa->ifa_carp; 1830 int i, index; 1831 1832 KASSERT(sc != NULL, ("%s: %p not attached", __func__, ifa)); 1833 1834 CARP_LOCK(sc); 1835 1836 /* Shift array. */ 1837 index = sc->sc_naddrs + sc->sc_naddrs6; 1838 for (i = 0; i < index; i++) 1839 if (sc->sc_ifas[i] == ifa) 1840 break; 1841 KASSERT(i < index, ("%s: %p no backref", __func__, ifa)); 1842 for (; i < index - 1; i++) 1843 sc->sc_ifas[i] = sc->sc_ifas[i+1]; 1844 sc->sc_ifas[index - 1] = NULL; 1845 1846 switch (ifa->ifa_addr->sa_family) { 1847 #ifdef INET 1848 case AF_INET: 1849 sc->sc_naddrs--; 1850 break; 1851 #endif 1852 #ifdef INET6 1853 case AF_INET6: 1854 sc->sc_naddrs6--; 1855 break; 1856 #endif 1857 } 1858 1859 carp_multicast_cleanup(sc, ifa->ifa_addr->sa_family); 1860 1861 ifa->ifa_carp = NULL; 1862 ifa_free(ifa); 1863 1864 carp_hmac_prepare(sc); 1865 carp_sc_state(sc); 1866 1867 if (sc->sc_naddrs == 0 && sc->sc_naddrs6 == 0) { 1868 CARP_UNLOCK(sc); 1869 carp_destroy(sc); 1870 } else 1871 CARP_UNLOCK(sc); 1872 } 1873 1874 static void 1875 carp_set_state(struct carp_softc *sc, int state) 1876 { 1877 1878 CARP_LOCK_ASSERT(sc); 1879 1880 if (sc->sc_state != state) { 1881 const char *carp_states[] = { CARP_STATES }; 1882 char subsys[IFNAMSIZ+5]; 1883 1884 sc->sc_state = state; 1885 1886 snprintf(subsys, IFNAMSIZ+5, "%u@%s", sc->sc_vhid, 1887 sc->sc_carpdev->if_xname); 1888 devctl_notify("CARP", subsys, carp_states[state], NULL); 1889 } 1890 } 1891 1892 static void 1893 carp_linkstate(struct ifnet *ifp) 1894 { 1895 struct carp_softc *sc; 1896 1897 CIF_LOCK(ifp->if_carp); 1898 IFNET_FOREACH_CARP(ifp, sc) { 1899 CARP_LOCK(sc); 1900 carp_sc_state(sc); 1901 CARP_UNLOCK(sc); 1902 } 1903 CIF_UNLOCK(ifp->if_carp); 1904 } 1905 1906 static void 1907 carp_sc_state(struct carp_softc *sc) 1908 { 1909 1910 CARP_LOCK_ASSERT(sc); 1911 1912 if (sc->sc_carpdev->if_link_state != LINK_STATE_UP || 1913 !(sc->sc_carpdev->if_flags & IFF_UP)) { 1914 callout_stop(&sc->sc_ad_tmo); 1915 #ifdef INET 1916 callout_stop(&sc->sc_md_tmo); 1917 #endif 1918 #ifdef INET6 1919 callout_stop(&sc->sc_md6_tmo); 1920 #endif 1921 carp_set_state(sc, INIT); 1922 carp_setrun(sc, 0); 1923 if (!sc->sc_suppress) 1924 carp_demote_adj(carp_ifdown_adj, "interface down"); 1925 sc->sc_suppress = 1; 1926 } else { 1927 carp_set_state(sc, INIT); 1928 carp_setrun(sc, 0); 1929 if (sc->sc_suppress) 1930 carp_demote_adj(-carp_ifdown_adj, "interface up"); 1931 sc->sc_suppress = 0; 1932 } 1933 } 1934 1935 static void 1936 carp_demote_adj(int adj, char *reason) 1937 { 1938 carp_demotion += adj; 1939 CARP_LOG("demoted by %d to %d (%s)\n", adj, carp_demotion, reason); 1940 taskqueue_enqueue(taskqueue_swi, &carp_sendall_task); 1941 } 1942 1943 #ifdef INET 1944 extern struct domain inetdomain; 1945 static struct protosw in_carp_protosw = { 1946 .pr_type = SOCK_RAW, 1947 .pr_domain = &inetdomain, 1948 .pr_protocol = IPPROTO_CARP, 1949 .pr_flags = PR_ATOMIC|PR_ADDR, 1950 .pr_input = carp_input, 1951 .pr_output = (pr_output_t *)rip_output, 1952 .pr_ctloutput = rip_ctloutput, 1953 .pr_usrreqs = &rip_usrreqs 1954 }; 1955 #endif 1956 1957 #ifdef INET6 1958 extern struct domain inet6domain; 1959 static struct ip6protosw in6_carp_protosw = { 1960 .pr_type = SOCK_RAW, 1961 .pr_domain = &inet6domain, 1962 .pr_protocol = IPPROTO_CARP, 1963 .pr_flags = PR_ATOMIC|PR_ADDR, 1964 .pr_input = carp6_input, 1965 .pr_output = rip6_output, 1966 .pr_ctloutput = rip6_ctloutput, 1967 .pr_usrreqs = &rip6_usrreqs 1968 }; 1969 #endif 1970 1971 static void 1972 carp_mod_cleanup(void) 1973 { 1974 1975 #ifdef INET 1976 if (proto_reg[CARP_INET] == 0) { 1977 (void)ipproto_unregister(IPPROTO_CARP); 1978 pf_proto_unregister(PF_INET, IPPROTO_CARP, SOCK_RAW); 1979 proto_reg[CARP_INET] = -1; 1980 } 1981 carp_iamatch_p = NULL; 1982 #endif 1983 #ifdef INET6 1984 if (proto_reg[CARP_INET6] == 0) { 1985 (void)ip6proto_unregister(IPPROTO_CARP); 1986 pf_proto_unregister(PF_INET6, IPPROTO_CARP, SOCK_RAW); 1987 proto_reg[CARP_INET6] = -1; 1988 } 1989 carp_iamatch6_p = NULL; 1990 carp_macmatch6_p = NULL; 1991 #endif 1992 carp_ioctl_p = NULL; 1993 carp_attach_p = NULL; 1994 carp_detach_p = NULL; 1995 carp_get_vhid_p = NULL; 1996 carp_linkstate_p = NULL; 1997 carp_forus_p = NULL; 1998 carp_output_p = NULL; 1999 carp_demote_adj_p = NULL; 2000 mtx_unlock(&carp_mtx); 2001 taskqueue_drain(taskqueue_swi, &carp_sendall_task); 2002 mtx_destroy(&carp_mtx); 2003 } 2004 2005 static int 2006 carp_mod_load(void) 2007 { 2008 int err; 2009 2010 mtx_init(&carp_mtx, "carp_mtx", NULL, MTX_DEF); 2011 LIST_INIT(&carp_list); 2012 carp_get_vhid_p = carp_get_vhid; 2013 carp_forus_p = carp_forus; 2014 carp_output_p = carp_output; 2015 carp_linkstate_p = carp_linkstate; 2016 carp_ioctl_p = carp_ioctl; 2017 carp_attach_p = carp_attach; 2018 carp_detach_p = carp_detach; 2019 carp_demote_adj_p = carp_demote_adj; 2020 #ifdef INET6 2021 carp_iamatch6_p = carp_iamatch6; 2022 carp_macmatch6_p = carp_macmatch6; 2023 proto_reg[CARP_INET6] = pf_proto_register(PF_INET6, 2024 (struct protosw *)&in6_carp_protosw); 2025 if (proto_reg[CARP_INET6]) { 2026 printf("carp: error %d attaching to PF_INET6\n", 2027 proto_reg[CARP_INET6]); 2028 carp_mod_cleanup(); 2029 return (proto_reg[CARP_INET6]); 2030 } 2031 err = ip6proto_register(IPPROTO_CARP); 2032 if (err) { 2033 printf("carp: error %d registering with INET6\n", err); 2034 carp_mod_cleanup(); 2035 return (err); 2036 } 2037 #endif 2038 #ifdef INET 2039 carp_iamatch_p = carp_iamatch; 2040 proto_reg[CARP_INET] = pf_proto_register(PF_INET, &in_carp_protosw); 2041 if (proto_reg[CARP_INET]) { 2042 printf("carp: error %d attaching to PF_INET\n", 2043 proto_reg[CARP_INET]); 2044 carp_mod_cleanup(); 2045 return (proto_reg[CARP_INET]); 2046 } 2047 err = ipproto_register(IPPROTO_CARP); 2048 if (err) { 2049 printf("carp: error %d registering with INET\n", err); 2050 carp_mod_cleanup(); 2051 return (err); 2052 } 2053 #endif 2054 return (0); 2055 } 2056 2057 static int 2058 carp_modevent(module_t mod, int type, void *data) 2059 { 2060 switch (type) { 2061 case MOD_LOAD: 2062 return carp_mod_load(); 2063 /* NOTREACHED */ 2064 case MOD_UNLOAD: 2065 mtx_lock(&carp_mtx); 2066 if (LIST_EMPTY(&carp_list)) 2067 carp_mod_cleanup(); 2068 else { 2069 mtx_unlock(&carp_mtx); 2070 return (EBUSY); 2071 } 2072 break; 2073 2074 default: 2075 return (EINVAL); 2076 } 2077 2078 return (0); 2079 } 2080 2081 static moduledata_t carp_mod = { 2082 "carp", 2083 carp_modevent, 2084 0 2085 }; 2086 2087 DECLARE_MODULE(carp, carp_mod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY); 2088