1 /*- 2 * Copyright (C) 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: mld6.c,v 1.27 2001/04/04 05:17:30 itojun Exp $ 30 */ 31 32 /*- 33 * Copyright (c) 1988 Stephen Deering. 34 * Copyright (c) 1992, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * This code is derived from software contributed to Berkeley by 38 * Stephen Deering of Stanford University. 39 * 40 * Redistribution and use in source and binary forms, with or without 41 * modification, are permitted provided that the following conditions 42 * are met: 43 * 1. Redistributions of source code must retain the above copyright 44 * notice, this list of conditions and the following disclaimer. 45 * 2. Redistributions in binary form must reproduce the above copyright 46 * notice, this list of conditions and the following disclaimer in the 47 * documentation and/or other materials provided with the distribution. 48 * 4. Neither the name of the University nor the names of its contributors 49 * may be used to endorse or promote products derived from this software 50 * without specific prior written permission. 51 * 52 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 53 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 54 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 55 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 56 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 57 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 58 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 59 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 60 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 61 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 62 * SUCH DAMAGE. 63 * 64 * @(#)igmp.c 8.1 (Berkeley) 7/19/93 65 */ 66 67 #include <sys/cdefs.h> 68 __FBSDID("$FreeBSD$"); 69 70 #include "opt_inet.h" 71 #include "opt_inet6.h" 72 73 #include <sys/param.h> 74 #include <sys/systm.h> 75 #include <sys/mbuf.h> 76 #include <sys/socket.h> 77 #include <sys/protosw.h> 78 #include <sys/syslog.h> 79 #include <sys/kernel.h> 80 #include <sys/callout.h> 81 #include <sys/malloc.h> 82 #include <sys/vimage.h> 83 84 #include <net/if.h> 85 86 #include <netinet/in.h> 87 #include <netinet/in_var.h> 88 #include <netinet6/in6_var.h> 89 #include <netinet/ip6.h> 90 #include <netinet6/ip6_var.h> 91 #include <netinet6/scope6_var.h> 92 #include <netinet/icmp6.h> 93 #include <netinet6/mld6_var.h> 94 95 /* 96 * Protocol constants 97 */ 98 99 /* denotes that the MLD max response delay field specifies time in milliseconds */ 100 #define MLD_TIMER_SCALE 1000 101 /* 102 * time between repetitions of a node's initial report of interest in a 103 * multicast address(in seconds) 104 */ 105 #define MLD_UNSOLICITED_REPORT_INTERVAL 10 106 107 #ifdef VIMAGE_GLOBALS 108 static struct ip6_pktopts ip6_opts; 109 #endif 110 111 static void mld6_sendpkt(struct in6_multi *, int, const struct in6_addr *); 112 static void mld_starttimer(struct in6_multi *); 113 static void mld_stoptimer(struct in6_multi *); 114 static void mld_timeo(struct in6_multi *); 115 static u_long mld_timerresid(struct in6_multi *); 116 117 void 118 mld6_init(void) 119 { 120 INIT_VNET_INET6(curvnet); 121 static u_int8_t hbh_buf[8]; 122 struct ip6_hbh *hbh = (struct ip6_hbh *)hbh_buf; 123 u_int16_t rtalert_code = htons((u_int16_t)IP6OPT_RTALERT_MLD); 124 125 /* ip6h_nxt will be fill in later */ 126 hbh->ip6h_len = 0; /* (8 >> 3) - 1 */ 127 128 /* XXX: grotty hard coding... */ 129 hbh_buf[2] = IP6OPT_PADN; /* 2 byte padding */ 130 hbh_buf[3] = 0; 131 hbh_buf[4] = IP6OPT_ROUTER_ALERT; 132 hbh_buf[5] = IP6OPT_RTALERT_LEN - 2; 133 bcopy((caddr_t)&rtalert_code, &hbh_buf[6], sizeof(u_int16_t)); 134 135 ip6_initpktopts(&V_ip6_opts); 136 V_ip6_opts.ip6po_hbh = hbh; 137 } 138 139 static void 140 mld_starttimer(struct in6_multi *in6m) 141 { 142 struct timeval now; 143 144 microtime(&now); 145 in6m->in6m_timer_expire.tv_sec = now.tv_sec + in6m->in6m_timer / hz; 146 in6m->in6m_timer_expire.tv_usec = now.tv_usec + 147 (in6m->in6m_timer % hz) * (1000000 / hz); 148 if (in6m->in6m_timer_expire.tv_usec > 1000000) { 149 in6m->in6m_timer_expire.tv_sec++; 150 in6m->in6m_timer_expire.tv_usec -= 1000000; 151 } 152 153 /* start or restart the timer */ 154 callout_reset(in6m->in6m_timer_ch, in6m->in6m_timer, 155 (void (*)(void *))mld_timeo, in6m); 156 } 157 158 static void 159 mld_stoptimer(struct in6_multi *in6m) 160 { 161 if (in6m->in6m_timer == IN6M_TIMER_UNDEF) 162 return; 163 164 callout_stop(in6m->in6m_timer_ch); 165 in6m->in6m_timer = IN6M_TIMER_UNDEF; 166 } 167 168 static void 169 mld_timeo(struct in6_multi *in6m) 170 { 171 int s = splnet(); 172 173 in6m->in6m_timer = IN6M_TIMER_UNDEF; 174 175 callout_stop(in6m->in6m_timer_ch); 176 177 switch (in6m->in6m_state) { 178 case MLD_REPORTPENDING: 179 mld6_start_listening(in6m); 180 break; 181 default: 182 mld6_sendpkt(in6m, MLD_LISTENER_REPORT, NULL); 183 break; 184 } 185 186 splx(s); 187 } 188 189 static u_long 190 mld_timerresid(struct in6_multi *in6m) 191 { 192 struct timeval now, diff; 193 194 microtime(&now); 195 196 if (now.tv_sec > in6m->in6m_timer_expire.tv_sec || 197 (now.tv_sec == in6m->in6m_timer_expire.tv_sec && 198 now.tv_usec > in6m->in6m_timer_expire.tv_usec)) { 199 return (0); 200 } 201 diff = in6m->in6m_timer_expire; 202 diff.tv_sec -= now.tv_sec; 203 diff.tv_usec -= now.tv_usec; 204 if (diff.tv_usec < 0) { 205 diff.tv_sec--; 206 diff.tv_usec += 1000000; 207 } 208 209 /* return the remaining time in milliseconds */ 210 return (diff.tv_sec * 1000 + diff.tv_usec / 1000); 211 } 212 213 void 214 mld6_start_listening(struct in6_multi *in6m) 215 { 216 struct in6_addr all_in6; 217 int s = splnet(); 218 219 /* 220 * RFC2710 page 10: 221 * The node never sends a Report or Done for the link-scope all-nodes 222 * address. 223 * MLD messages are never sent for multicast addresses whose scope is 0 224 * (reserved) or 1 (node-local). 225 */ 226 all_in6 = in6addr_linklocal_allnodes; 227 if (in6_setscope(&all_in6, in6m->in6m_ifp, NULL)) { 228 /* XXX: this should not happen! */ 229 in6m->in6m_timer = 0; 230 in6m->in6m_state = MLD_OTHERLISTENER; 231 } 232 if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_in6) || 233 IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) < 234 IPV6_ADDR_SCOPE_LINKLOCAL) { 235 in6m->in6m_timer = 0; 236 in6m->in6m_state = MLD_OTHERLISTENER; 237 } else { 238 mld6_sendpkt(in6m, MLD_LISTENER_REPORT, NULL); 239 in6m->in6m_timer = arc4random() % 240 MLD_UNSOLICITED_REPORT_INTERVAL * hz; 241 in6m->in6m_state = MLD_IREPORTEDLAST; 242 243 mld_starttimer(in6m); 244 } 245 splx(s); 246 } 247 248 void 249 mld6_stop_listening(struct in6_multi *in6m) 250 { 251 struct in6_addr allnode, allrouter; 252 253 allnode = in6addr_linklocal_allnodes; 254 if (in6_setscope(&allnode, in6m->in6m_ifp, NULL)) { 255 /* XXX: this should not happen! */ 256 return; 257 } 258 allrouter = in6addr_linklocal_allrouters; 259 if (in6_setscope(&allrouter, in6m->in6m_ifp, NULL)) { 260 /* XXX impossible */ 261 return; 262 } 263 if (in6m->in6m_state == MLD_IREPORTEDLAST && 264 !IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &allnode) && 265 IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) > 266 IPV6_ADDR_SCOPE_INTFACELOCAL) { 267 mld6_sendpkt(in6m, MLD_LISTENER_DONE, &allrouter); 268 } 269 } 270 271 void 272 mld6_input(struct mbuf *m, int off) 273 { 274 INIT_VNET_INET6(curvnet); 275 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 276 struct mld_hdr *mldh; 277 struct ifnet *ifp = m->m_pkthdr.rcvif; 278 struct in6_multi *in6m; 279 struct in6_addr mld_addr, all_in6; 280 struct in6_ifaddr *ia; 281 struct ifmultiaddr *ifma; 282 u_long timer; /* timer value in the MLD query header */ 283 284 #ifndef PULLDOWN_TEST 285 IP6_EXTHDR_CHECK(m, off, sizeof(*mldh),); 286 mldh = (struct mld_hdr *)(mtod(m, caddr_t) + off); 287 #else 288 IP6_EXTHDR_GET(mldh, struct mld_hdr *, m, off, sizeof(*mldh)); 289 if (mldh == NULL) { 290 V_icmp6stat.icp6s_tooshort++; 291 return; 292 } 293 #endif 294 295 /* source address validation */ 296 ip6 = mtod(m, struct ip6_hdr *); /* in case mpullup */ 297 if (!IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_src)) { 298 char ip6bufs[INET6_ADDRSTRLEN], ip6bufg[INET6_ADDRSTRLEN]; 299 log(LOG_ERR, 300 "mld6_input: src %s is not link-local (grp=%s)\n", 301 ip6_sprintf(ip6bufs, &ip6->ip6_src), 302 ip6_sprintf(ip6bufg, &mldh->mld_addr)); 303 /* 304 * spec (RFC2710) does not explicitly 305 * specify to discard the packet from a non link-local 306 * source address. But we believe it's expected to do so. 307 * XXX: do we have to allow :: as source? 308 */ 309 m_freem(m); 310 return; 311 } 312 313 /* 314 * make a copy for local work (in6_setscope() may modify the 1st arg) 315 */ 316 mld_addr = mldh->mld_addr; 317 if (in6_setscope(&mld_addr, ifp, NULL)) { 318 /* XXX: this should not happen! */ 319 m_free(m); 320 return; 321 } 322 323 /* 324 * In the MLD6 specification, there are 3 states and a flag. 325 * 326 * In Non-Listener state, we simply don't have a membership record. 327 * In Delaying Listener state, our timer is running (in6m->in6m_timer) 328 * In Idle Listener state, our timer is not running 329 * (in6m->in6m_timer==IN6M_TIMER_UNDEF) 330 * 331 * The flag is in6m->in6m_state, it is set to MLD_OTHERLISTENER if 332 * we have heard a report from another member, or MLD_IREPORTEDLAST 333 * if we sent the last report. 334 */ 335 switch(mldh->mld_type) { 336 case MLD_LISTENER_QUERY: 337 if (ifp->if_flags & IFF_LOOPBACK) 338 break; 339 340 if (!IN6_IS_ADDR_UNSPECIFIED(&mld_addr) && 341 !IN6_IS_ADDR_MULTICAST(&mld_addr)) 342 break; /* print error or log stat? */ 343 344 all_in6 = in6addr_linklocal_allnodes; 345 if (in6_setscope(&all_in6, ifp, NULL)) { 346 /* XXX: this should not happen! */ 347 break; 348 } 349 350 /* 351 * - Start the timers in all of our membership records 352 * that the query applies to for the interface on 353 * which the query arrived excl. those that belong 354 * to the "all-nodes" group (ff02::1). 355 * - Restart any timer that is already running but has 356 * A value longer than the requested timeout. 357 * - Use the value specified in the query message as 358 * the maximum timeout. 359 */ 360 timer = ntohs(mldh->mld_maxdelay); 361 362 IFP_TO_IA6(ifp, ia); 363 if (ia == NULL) 364 break; 365 366 /* 367 * XXX: System timer resolution is too low to handle Max 368 * Response Delay, so set 1 to the internal timer even if 369 * the calculated value equals to zero when Max Response 370 * Delay is positive. 371 */ 372 timer = ntohs(mldh->mld_maxdelay) * PR_FASTHZ / MLD_TIMER_SCALE; 373 if (timer == 0 && mldh->mld_maxdelay) 374 timer = 1; 375 376 IF_ADDR_LOCK(ifp); 377 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { 378 if (ifma->ifma_addr->sa_family != AF_INET6) 379 continue; 380 in6m = (struct in6_multi *)ifma->ifma_protospec; 381 382 if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_in6) || 383 IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) < 384 IPV6_ADDR_SCOPE_LINKLOCAL) 385 continue; 386 387 if (IN6_IS_ADDR_UNSPECIFIED(&mld_addr) || 388 IN6_ARE_ADDR_EQUAL(&mld_addr, &in6m->in6m_addr)) { 389 if (timer == 0) { 390 /* send a report immediately */ 391 mld_stoptimer(in6m); 392 mld6_sendpkt(in6m, MLD_LISTENER_REPORT, 393 NULL); 394 in6m->in6m_timer = 0; /* reset timer */ 395 in6m->in6m_state = MLD_IREPORTEDLAST; 396 } 397 else if (in6m->in6m_timer == IN6M_TIMER_UNDEF || 398 mld_timerresid(in6m) > timer) { 399 in6m->in6m_timer = 400 1 + (arc4random() % timer) * hz / 1000; 401 mld_starttimer(in6m); 402 } 403 } 404 } 405 IF_ADDR_UNLOCK(ifp); 406 break; 407 408 case MLD_LISTENER_REPORT: 409 /* 410 * For fast leave to work, we have to know that we are the 411 * last person to send a report for this group. Reports 412 * can potentially get looped back if we are a multicast 413 * router, so discard reports sourced by me. 414 * Note that it is impossible to check IFF_LOOPBACK flag of 415 * ifp for this purpose, since ip6_mloopback pass the physical 416 * interface to looutput. 417 */ 418 if (m->m_flags & M_LOOP) /* XXX: grotty flag, but efficient */ 419 break; 420 421 if (!IN6_IS_ADDR_MULTICAST(&mld_addr)) 422 break; 423 424 /* 425 * If we belong to the group being reported, stop 426 * our timer for that group. 427 */ 428 IN6_LOOKUP_MULTI(mld_addr, ifp, in6m); 429 if (in6m) { 430 in6m->in6m_timer = 0; /* transit to idle state */ 431 in6m->in6m_state = MLD_OTHERLISTENER; /* clear flag */ 432 } 433 break; 434 default: /* this is impossible */ 435 log(LOG_ERR, "mld6_input: illegal type(%d)", mldh->mld_type); 436 break; 437 } 438 439 m_freem(m); 440 } 441 442 static void 443 mld6_sendpkt(struct in6_multi *in6m, int type, const struct in6_addr *dst) 444 { 445 INIT_VNET_INET6(curvnet); 446 struct mbuf *mh, *md; 447 struct mld_hdr *mldh; 448 struct ip6_hdr *ip6; 449 struct ip6_moptions im6o; 450 struct in6_ifaddr *ia; 451 struct ifnet *ifp = in6m->in6m_ifp; 452 struct ifnet *outif = NULL; 453 454 /* 455 * At first, find a link local address on the outgoing interface 456 * to use as the source address of the MLD packet. 457 */ 458 if ((ia = in6ifa_ifpforlinklocal(ifp, IN6_IFF_NOTREADY|IN6_IFF_ANYCAST)) 459 == NULL) 460 return; 461 462 /* 463 * Allocate mbufs to store ip6 header and MLD header. 464 * We allocate 2 mbufs and make chain in advance because 465 * it is more convenient when inserting the hop-by-hop option later. 466 */ 467 MGETHDR(mh, M_DONTWAIT, MT_HEADER); 468 if (mh == NULL) 469 return; 470 MGET(md, M_DONTWAIT, MT_DATA); 471 if (md == NULL) { 472 m_free(mh); 473 return; 474 } 475 mh->m_next = md; 476 477 mh->m_pkthdr.rcvif = NULL; 478 mh->m_pkthdr.len = sizeof(struct ip6_hdr) + sizeof(struct mld_hdr); 479 mh->m_len = sizeof(struct ip6_hdr); 480 MH_ALIGN(mh, sizeof(struct ip6_hdr)); 481 482 /* fill in the ip6 header */ 483 ip6 = mtod(mh, struct ip6_hdr *); 484 ip6->ip6_flow = 0; 485 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 486 ip6->ip6_vfc |= IPV6_VERSION; 487 /* ip6_plen will be set later */ 488 ip6->ip6_nxt = IPPROTO_ICMPV6; 489 /* ip6_hlim will be set by im6o.im6o_multicast_hlim */ 490 ip6->ip6_src = ia->ia_addr.sin6_addr; 491 ip6->ip6_dst = dst ? *dst : in6m->in6m_addr; 492 493 /* fill in the MLD header */ 494 md->m_len = sizeof(struct mld_hdr); 495 mldh = mtod(md, struct mld_hdr *); 496 mldh->mld_type = type; 497 mldh->mld_code = 0; 498 mldh->mld_cksum = 0; 499 /* XXX: we assume the function will not be called for query messages */ 500 mldh->mld_maxdelay = 0; 501 mldh->mld_reserved = 0; 502 mldh->mld_addr = in6m->in6m_addr; 503 in6_clearscope(&mldh->mld_addr); /* XXX */ 504 mldh->mld_cksum = in6_cksum(mh, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), 505 sizeof(struct mld_hdr)); 506 507 /* construct multicast option */ 508 bzero(&im6o, sizeof(im6o)); 509 im6o.im6o_multicast_ifp = ifp; 510 im6o.im6o_multicast_hlim = 1; 511 512 /* 513 * Request loopback of the report if we are acting as a multicast 514 * router, so that the process-level routing daemon can hear it. 515 */ 516 im6o.im6o_multicast_loop = (ip6_mrouter != NULL); 517 518 /* increment output statictics */ 519 V_icmp6stat.icp6s_outhist[type]++; 520 521 ip6_output(mh, &V_ip6_opts, NULL, 0, &im6o, &outif, NULL); 522 if (outif) { 523 icmp6_ifstat_inc(outif, ifs6_out_msg); 524 switch (type) { 525 case MLD_LISTENER_QUERY: 526 icmp6_ifstat_inc(outif, ifs6_out_mldquery); 527 break; 528 case MLD_LISTENER_REPORT: 529 icmp6_ifstat_inc(outif, ifs6_out_mldreport); 530 break; 531 case MLD_LISTENER_DONE: 532 icmp6_ifstat_inc(outif, ifs6_out_mlddone); 533 break; 534 } 535 } 536 } 537 538 /* 539 * Add an address to the list of IP6 multicast addresses for a given interface. 540 * Add source addresses to the list also, if upstream router is MLDv2 capable 541 * and the number of source is not 0. 542 */ 543 struct in6_multi * 544 in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp, 545 int *errorp, int delay) 546 { 547 struct in6_multi *in6m; 548 549 *errorp = 0; 550 in6m = NULL; 551 552 IFF_LOCKGIANT(ifp); 553 /*IN6_MULTI_LOCK();*/ 554 555 IN6_LOOKUP_MULTI(*maddr6, ifp, in6m); 556 if (in6m != NULL) { 557 /* 558 * If we already joined this group, just bump the 559 * refcount and return it. 560 */ 561 KASSERT(in6m->in6m_refcount >= 1, 562 ("%s: bad refcount %d", __func__, in6m->in6m_refcount)); 563 ++in6m->in6m_refcount; 564 } else do { 565 struct in6_multi *nin6m; 566 struct ifmultiaddr *ifma; 567 struct sockaddr_in6 sa6; 568 569 bzero(&sa6, sizeof(sa6)); 570 sa6.sin6_family = AF_INET6; 571 sa6.sin6_len = sizeof(struct sockaddr_in6); 572 sa6.sin6_addr = *maddr6; 573 574 *errorp = if_addmulti(ifp, (struct sockaddr *)&sa6, &ifma); 575 if (*errorp) 576 break; 577 578 /* 579 * If ifma->ifma_protospec is null, then if_addmulti() created 580 * a new record. Otherwise, bump refcount, and we are done. 581 */ 582 if (ifma->ifma_protospec != NULL) { 583 in6m = ifma->ifma_protospec; 584 ++in6m->in6m_refcount; 585 break; 586 } 587 588 nin6m = malloc(sizeof(*nin6m), M_IP6MADDR, M_NOWAIT | M_ZERO); 589 if (nin6m == NULL) { 590 if_delmulti_ifma(ifma); 591 break; 592 } 593 594 nin6m->in6m_addr = *maddr6; 595 nin6m->in6m_ifp = ifp; 596 nin6m->in6m_refcount = 1; 597 nin6m->in6m_ifma = ifma; 598 ifma->ifma_protospec = nin6m; 599 600 nin6m->in6m_timer_ch = malloc(sizeof(*nin6m->in6m_timer_ch), 601 M_IP6MADDR, M_NOWAIT); 602 if (nin6m->in6m_timer_ch == NULL) { 603 free(nin6m, M_IP6MADDR); 604 if_delmulti_ifma(ifma); 605 break; 606 } 607 608 LIST_INSERT_HEAD(&in6_multihead, nin6m, in6m_entry); 609 610 callout_init(nin6m->in6m_timer_ch, 0); 611 nin6m->in6m_timer = delay; 612 if (nin6m->in6m_timer > 0) { 613 nin6m->in6m_state = MLD_REPORTPENDING; 614 mld_starttimer(nin6m); 615 } 616 617 mld6_start_listening(nin6m); 618 619 in6m = nin6m; 620 621 } while (0); 622 623 /*IN6_MULTI_UNLOCK();*/ 624 IFF_UNLOCKGIANT(ifp); 625 626 return (in6m); 627 } 628 629 /* 630 * Delete a multicast address record. 631 * 632 * TODO: Locking, as per netinet. 633 */ 634 void 635 in6_delmulti(struct in6_multi *in6m) 636 { 637 struct ifmultiaddr *ifma; 638 639 KASSERT(in6m->in6m_refcount >= 1, ("%s: freeing freed in6m", __func__)); 640 641 if (--in6m->in6m_refcount == 0) { 642 mld_stoptimer(in6m); 643 mld6_stop_listening(in6m); 644 645 ifma = in6m->in6m_ifma; 646 KASSERT(ifma->ifma_protospec == in6m, 647 ("%s: ifma_protospec != in6m", __func__)); 648 ifma->ifma_protospec = NULL; 649 650 LIST_REMOVE(in6m, in6m_entry); 651 free(in6m->in6m_timer_ch, M_IP6MADDR); 652 free(in6m, M_IP6MADDR); 653 654 if_delmulti_ifma(ifma); 655 } 656 } 657