1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 * 31 * $KAME: nd6.c,v 1.144 2001/05/24 07:44:00 itojun Exp $ 32 */ 33 34 #include <sys/cdefs.h> 35 __FBSDID("$FreeBSD$"); 36 37 #include "opt_inet.h" 38 #include "opt_inet6.h" 39 40 #include <sys/param.h> 41 #include <sys/systm.h> 42 #include <sys/callout.h> 43 #include <sys/lock.h> 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 #include <sys/mutex.h> 47 #include <sys/socket.h> 48 #include <sys/sockio.h> 49 #include <sys/time.h> 50 #include <sys/kernel.h> 51 #include <sys/protosw.h> 52 #include <sys/errno.h> 53 #include <sys/syslog.h> 54 #include <sys/rwlock.h> 55 #include <sys/queue.h> 56 #include <sys/sdt.h> 57 #include <sys/sysctl.h> 58 59 #include <net/if.h> 60 #include <net/if_var.h> 61 #include <net/if_dl.h> 62 #include <net/if_types.h> 63 #include <net/route.h> 64 #include <net/vnet.h> 65 66 #include <netinet/in.h> 67 #include <netinet/in_kdtrace.h> 68 #include <net/if_llatbl.h> 69 #include <netinet/if_ether.h> 70 #include <netinet6/in6_var.h> 71 #include <netinet/ip6.h> 72 #include <netinet6/ip6_var.h> 73 #include <netinet6/scope6_var.h> 74 #include <netinet6/nd6.h> 75 #include <netinet6/in6_ifattach.h> 76 #include <netinet/icmp6.h> 77 #include <netinet6/send.h> 78 79 #include <sys/limits.h> 80 81 #include <security/mac/mac_framework.h> 82 83 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 84 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 85 86 #define SIN6(s) ((const struct sockaddr_in6 *)(s)) 87 88 MALLOC_DEFINE(M_IP6NDP, "ip6ndp", "IPv6 Neighbor Discovery"); 89 90 /* timer values */ 91 VNET_DEFINE(int, nd6_prune) = 1; /* walk list every 1 seconds */ 92 VNET_DEFINE(int, nd6_delay) = 5; /* delay first probe time 5 second */ 93 VNET_DEFINE(int, nd6_umaxtries) = 3; /* maximum unicast query */ 94 VNET_DEFINE(int, nd6_mmaxtries) = 3; /* maximum multicast query */ 95 VNET_DEFINE(int, nd6_useloopback) = 1; /* use loopback interface for 96 * local traffic */ 97 VNET_DEFINE(int, nd6_gctimer) = (60 * 60 * 24); /* 1 day: garbage 98 * collection timer */ 99 100 /* preventing too many loops in ND option parsing */ 101 VNET_DEFINE_STATIC(int, nd6_maxndopt) = 10; /* max # of ND options allowed */ 102 103 VNET_DEFINE(int, nd6_maxnudhint) = 0; /* max # of subsequent upper 104 * layer hints */ 105 VNET_DEFINE_STATIC(int, nd6_maxqueuelen) = 1; /* max pkts cached in unresolved 106 * ND entries */ 107 #define V_nd6_maxndopt VNET(nd6_maxndopt) 108 #define V_nd6_maxqueuelen VNET(nd6_maxqueuelen) 109 110 #ifdef ND6_DEBUG 111 VNET_DEFINE(int, nd6_debug) = 1; 112 #else 113 VNET_DEFINE(int, nd6_debug) = 0; 114 #endif 115 116 static eventhandler_tag lle_event_eh, iflladdr_event_eh; 117 118 VNET_DEFINE(struct nd_drhead, nd_defrouter); 119 VNET_DEFINE(struct nd_prhead, nd_prefix); 120 VNET_DEFINE(struct rwlock, nd6_lock); 121 VNET_DEFINE(uint64_t, nd6_list_genid); 122 VNET_DEFINE(struct mtx, nd6_onlink_mtx); 123 124 VNET_DEFINE(int, nd6_recalc_reachtm_interval) = ND6_RECALC_REACHTM_INTERVAL; 125 #define V_nd6_recalc_reachtm_interval VNET(nd6_recalc_reachtm_interval) 126 127 int (*send_sendso_input_hook)(struct mbuf *, struct ifnet *, int, int); 128 129 static int nd6_is_new_addr_neighbor(const struct sockaddr_in6 *, 130 struct ifnet *); 131 static void nd6_setmtu0(struct ifnet *, struct nd_ifinfo *); 132 static void nd6_slowtimo(void *); 133 static int regen_tmpaddr(struct in6_ifaddr *); 134 static void nd6_free(struct llentry **, int); 135 static void nd6_free_redirect(const struct llentry *); 136 static void nd6_llinfo_timer(void *); 137 static void nd6_llinfo_settimer_locked(struct llentry *, long); 138 static void clear_llinfo_pqueue(struct llentry *); 139 static void nd6_rtrequest(int, struct rtentry *, struct rt_addrinfo *); 140 static int nd6_resolve_slow(struct ifnet *, int, struct mbuf *, 141 const struct sockaddr_in6 *, u_char *, uint32_t *, struct llentry **); 142 static int nd6_need_cache(struct ifnet *); 143 144 145 VNET_DEFINE_STATIC(struct callout, nd6_slowtimo_ch); 146 #define V_nd6_slowtimo_ch VNET(nd6_slowtimo_ch) 147 148 VNET_DEFINE(struct callout, nd6_timer_ch); 149 #define V_nd6_timer_ch VNET(nd6_timer_ch) 150 151 static void 152 nd6_lle_event(void *arg __unused, struct llentry *lle, int evt) 153 { 154 struct rt_addrinfo rtinfo; 155 struct sockaddr_in6 dst; 156 struct sockaddr_dl gw; 157 struct ifnet *ifp; 158 int type; 159 int fibnum; 160 161 LLE_WLOCK_ASSERT(lle); 162 163 if (lltable_get_af(lle->lle_tbl) != AF_INET6) 164 return; 165 166 switch (evt) { 167 case LLENTRY_RESOLVED: 168 type = RTM_ADD; 169 KASSERT(lle->la_flags & LLE_VALID, 170 ("%s: %p resolved but not valid?", __func__, lle)); 171 break; 172 case LLENTRY_EXPIRED: 173 type = RTM_DELETE; 174 break; 175 default: 176 return; 177 } 178 179 ifp = lltable_get_ifp(lle->lle_tbl); 180 181 bzero(&dst, sizeof(dst)); 182 bzero(&gw, sizeof(gw)); 183 bzero(&rtinfo, sizeof(rtinfo)); 184 lltable_fill_sa_entry(lle, (struct sockaddr *)&dst); 185 dst.sin6_scope_id = in6_getscopezone(ifp, 186 in6_addrscope(&dst.sin6_addr)); 187 gw.sdl_len = sizeof(struct sockaddr_dl); 188 gw.sdl_family = AF_LINK; 189 gw.sdl_alen = ifp->if_addrlen; 190 gw.sdl_index = ifp->if_index; 191 gw.sdl_type = ifp->if_type; 192 if (evt == LLENTRY_RESOLVED) 193 bcopy(lle->ll_addr, gw.sdl_data, ifp->if_addrlen); 194 rtinfo.rti_info[RTAX_DST] = (struct sockaddr *)&dst; 195 rtinfo.rti_info[RTAX_GATEWAY] = (struct sockaddr *)&gw; 196 rtinfo.rti_addrs = RTA_DST | RTA_GATEWAY; 197 fibnum = V_rt_add_addr_allfibs ? RT_ALL_FIBS : ifp->if_fib; 198 rt_missmsg_fib(type, &rtinfo, RTF_HOST | RTF_LLDATA | ( 199 type == RTM_ADD ? RTF_UP: 0), 0, fibnum); 200 } 201 202 /* 203 * A handler for interface link layer address change event. 204 */ 205 static void 206 nd6_iflladdr(void *arg __unused, struct ifnet *ifp) 207 { 208 209 lltable_update_ifaddr(LLTABLE6(ifp)); 210 } 211 212 void 213 nd6_init(void) 214 { 215 216 mtx_init(&V_nd6_onlink_mtx, "nd6 onlink", NULL, MTX_DEF); 217 rw_init(&V_nd6_lock, "nd6 list"); 218 219 LIST_INIT(&V_nd_prefix); 220 TAILQ_INIT(&V_nd_defrouter); 221 222 /* Start timers. */ 223 callout_init(&V_nd6_slowtimo_ch, 0); 224 callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 225 nd6_slowtimo, curvnet); 226 227 callout_init(&V_nd6_timer_ch, 0); 228 callout_reset(&V_nd6_timer_ch, hz, nd6_timer, curvnet); 229 230 nd6_dad_init(); 231 if (IS_DEFAULT_VNET(curvnet)) { 232 lle_event_eh = EVENTHANDLER_REGISTER(lle_event, nd6_lle_event, 233 NULL, EVENTHANDLER_PRI_ANY); 234 iflladdr_event_eh = EVENTHANDLER_REGISTER(iflladdr_event, 235 nd6_iflladdr, NULL, EVENTHANDLER_PRI_ANY); 236 } 237 } 238 239 #ifdef VIMAGE 240 void 241 nd6_destroy() 242 { 243 244 callout_drain(&V_nd6_slowtimo_ch); 245 callout_drain(&V_nd6_timer_ch); 246 if (IS_DEFAULT_VNET(curvnet)) { 247 EVENTHANDLER_DEREGISTER(lle_event, lle_event_eh); 248 EVENTHANDLER_DEREGISTER(iflladdr_event, iflladdr_event_eh); 249 } 250 rw_destroy(&V_nd6_lock); 251 mtx_destroy(&V_nd6_onlink_mtx); 252 } 253 #endif 254 255 struct nd_ifinfo * 256 nd6_ifattach(struct ifnet *ifp) 257 { 258 struct nd_ifinfo *nd; 259 260 nd = malloc(sizeof(*nd), M_IP6NDP, M_WAITOK | M_ZERO); 261 nd->initialized = 1; 262 263 nd->chlim = IPV6_DEFHLIM; 264 nd->basereachable = REACHABLE_TIME; 265 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 266 nd->retrans = RETRANS_TIMER; 267 268 nd->flags = ND6_IFF_PERFORMNUD; 269 270 /* A loopback interface always has ND6_IFF_AUTO_LINKLOCAL. 271 * XXXHRS: Clear ND6_IFF_AUTO_LINKLOCAL on an IFT_BRIDGE interface by 272 * default regardless of the V_ip6_auto_linklocal configuration to 273 * give a reasonable default behavior. 274 */ 275 if ((V_ip6_auto_linklocal && ifp->if_type != IFT_BRIDGE) || 276 (ifp->if_flags & IFF_LOOPBACK)) 277 nd->flags |= ND6_IFF_AUTO_LINKLOCAL; 278 /* 279 * A loopback interface does not need to accept RTADV. 280 * XXXHRS: Clear ND6_IFF_ACCEPT_RTADV on an IFT_BRIDGE interface by 281 * default regardless of the V_ip6_accept_rtadv configuration to 282 * prevent the interface from accepting RA messages arrived 283 * on one of the member interfaces with ND6_IFF_ACCEPT_RTADV. 284 */ 285 if (V_ip6_accept_rtadv && 286 !(ifp->if_flags & IFF_LOOPBACK) && 287 (ifp->if_type != IFT_BRIDGE)) 288 nd->flags |= ND6_IFF_ACCEPT_RTADV; 289 if (V_ip6_no_radr && !(ifp->if_flags & IFF_LOOPBACK)) 290 nd->flags |= ND6_IFF_NO_RADR; 291 292 /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */ 293 nd6_setmtu0(ifp, nd); 294 295 return nd; 296 } 297 298 void 299 nd6_ifdetach(struct ifnet *ifp, struct nd_ifinfo *nd) 300 { 301 struct epoch_tracker et; 302 struct ifaddr *ifa, *next; 303 304 NET_EPOCH_ENTER(et); 305 CK_STAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, next) { 306 if (ifa->ifa_addr->sa_family != AF_INET6) 307 continue; 308 309 /* stop DAD processing */ 310 nd6_dad_stop(ifa); 311 } 312 NET_EPOCH_EXIT(et); 313 314 free(nd, M_IP6NDP); 315 } 316 317 /* 318 * Reset ND level link MTU. This function is called when the physical MTU 319 * changes, which means we might have to adjust the ND level MTU. 320 */ 321 void 322 nd6_setmtu(struct ifnet *ifp) 323 { 324 if (ifp->if_afdata[AF_INET6] == NULL) 325 return; 326 327 nd6_setmtu0(ifp, ND_IFINFO(ifp)); 328 } 329 330 /* XXX todo: do not maintain copy of ifp->if_mtu in ndi->maxmtu */ 331 void 332 nd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi) 333 { 334 u_int32_t omaxmtu; 335 336 omaxmtu = ndi->maxmtu; 337 ndi->maxmtu = ifp->if_mtu; 338 339 /* 340 * Decreasing the interface MTU under IPV6 minimum MTU may cause 341 * undesirable situation. We thus notify the operator of the change 342 * explicitly. The check for omaxmtu is necessary to restrict the 343 * log to the case of changing the MTU, not initializing it. 344 */ 345 if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) { 346 log(LOG_NOTICE, "nd6_setmtu0: " 347 "new link MTU on %s (%lu) is too small for IPv6\n", 348 if_name(ifp), (unsigned long)ndi->maxmtu); 349 } 350 351 if (ndi->maxmtu > V_in6_maxmtu) 352 in6_setmaxmtu(); /* check all interfaces just in case */ 353 354 } 355 356 void 357 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 358 { 359 360 bzero(ndopts, sizeof(*ndopts)); 361 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 362 ndopts->nd_opts_last 363 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 364 365 if (icmp6len == 0) { 366 ndopts->nd_opts_done = 1; 367 ndopts->nd_opts_search = NULL; 368 } 369 } 370 371 /* 372 * Take one ND option. 373 */ 374 struct nd_opt_hdr * 375 nd6_option(union nd_opts *ndopts) 376 { 377 struct nd_opt_hdr *nd_opt; 378 int olen; 379 380 KASSERT(ndopts != NULL, ("%s: ndopts == NULL", __func__)); 381 KASSERT(ndopts->nd_opts_last != NULL, ("%s: uninitialized ndopts", 382 __func__)); 383 if (ndopts->nd_opts_search == NULL) 384 return NULL; 385 if (ndopts->nd_opts_done) 386 return NULL; 387 388 nd_opt = ndopts->nd_opts_search; 389 390 /* make sure nd_opt_len is inside the buffer */ 391 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 392 bzero(ndopts, sizeof(*ndopts)); 393 return NULL; 394 } 395 396 olen = nd_opt->nd_opt_len << 3; 397 if (olen == 0) { 398 /* 399 * Message validation requires that all included 400 * options have a length that is greater than zero. 401 */ 402 bzero(ndopts, sizeof(*ndopts)); 403 return NULL; 404 } 405 406 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 407 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 408 /* option overruns the end of buffer, invalid */ 409 bzero(ndopts, sizeof(*ndopts)); 410 return NULL; 411 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 412 /* reached the end of options chain */ 413 ndopts->nd_opts_done = 1; 414 ndopts->nd_opts_search = NULL; 415 } 416 return nd_opt; 417 } 418 419 /* 420 * Parse multiple ND options. 421 * This function is much easier to use, for ND routines that do not need 422 * multiple options of the same type. 423 */ 424 int 425 nd6_options(union nd_opts *ndopts) 426 { 427 struct nd_opt_hdr *nd_opt; 428 int i = 0; 429 430 KASSERT(ndopts != NULL, ("%s: ndopts == NULL", __func__)); 431 KASSERT(ndopts->nd_opts_last != NULL, ("%s: uninitialized ndopts", 432 __func__)); 433 if (ndopts->nd_opts_search == NULL) 434 return 0; 435 436 while (1) { 437 nd_opt = nd6_option(ndopts); 438 if (nd_opt == NULL && ndopts->nd_opts_last == NULL) { 439 /* 440 * Message validation requires that all included 441 * options have a length that is greater than zero. 442 */ 443 ICMP6STAT_INC(icp6s_nd_badopt); 444 bzero(ndopts, sizeof(*ndopts)); 445 return -1; 446 } 447 448 if (nd_opt == NULL) 449 goto skip1; 450 451 switch (nd_opt->nd_opt_type) { 452 case ND_OPT_SOURCE_LINKADDR: 453 case ND_OPT_TARGET_LINKADDR: 454 case ND_OPT_MTU: 455 case ND_OPT_REDIRECTED_HEADER: 456 case ND_OPT_NONCE: 457 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 458 nd6log((LOG_INFO, 459 "duplicated ND6 option found (type=%d)\n", 460 nd_opt->nd_opt_type)); 461 /* XXX bark? */ 462 } else { 463 ndopts->nd_opt_array[nd_opt->nd_opt_type] 464 = nd_opt; 465 } 466 break; 467 case ND_OPT_PREFIX_INFORMATION: 468 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 469 ndopts->nd_opt_array[nd_opt->nd_opt_type] 470 = nd_opt; 471 } 472 ndopts->nd_opts_pi_end = 473 (struct nd_opt_prefix_info *)nd_opt; 474 break; 475 /* What about ND_OPT_ROUTE_INFO? RFC 4191 */ 476 case ND_OPT_RDNSS: /* RFC 6106 */ 477 case ND_OPT_DNSSL: /* RFC 6106 */ 478 /* 479 * Silently ignore options we know and do not care about 480 * in the kernel. 481 */ 482 break; 483 default: 484 /* 485 * Unknown options must be silently ignored, 486 * to accommodate future extension to the protocol. 487 */ 488 nd6log((LOG_DEBUG, 489 "nd6_options: unsupported option %d - " 490 "option ignored\n", nd_opt->nd_opt_type)); 491 } 492 493 skip1: 494 i++; 495 if (i > V_nd6_maxndopt) { 496 ICMP6STAT_INC(icp6s_nd_toomanyopt); 497 nd6log((LOG_INFO, "too many loop in nd opt\n")); 498 break; 499 } 500 501 if (ndopts->nd_opts_done) 502 break; 503 } 504 505 return 0; 506 } 507 508 /* 509 * ND6 timer routine to handle ND6 entries 510 */ 511 static void 512 nd6_llinfo_settimer_locked(struct llentry *ln, long tick) 513 { 514 int canceled; 515 516 LLE_WLOCK_ASSERT(ln); 517 518 if (tick < 0) { 519 ln->la_expire = 0; 520 ln->ln_ntick = 0; 521 canceled = callout_stop(&ln->lle_timer); 522 } else { 523 ln->la_expire = time_uptime + tick / hz; 524 LLE_ADDREF(ln); 525 if (tick > INT_MAX) { 526 ln->ln_ntick = tick - INT_MAX; 527 canceled = callout_reset(&ln->lle_timer, INT_MAX, 528 nd6_llinfo_timer, ln); 529 } else { 530 ln->ln_ntick = 0; 531 canceled = callout_reset(&ln->lle_timer, tick, 532 nd6_llinfo_timer, ln); 533 } 534 } 535 if (canceled > 0) 536 LLE_REMREF(ln); 537 } 538 539 /* 540 * Gets source address of the first packet in hold queue 541 * and stores it in @src. 542 * Returns pointer to @src (if hold queue is not empty) or NULL. 543 * 544 * Set noinline to be dtrace-friendly 545 */ 546 static __noinline struct in6_addr * 547 nd6_llinfo_get_holdsrc(struct llentry *ln, struct in6_addr *src) 548 { 549 struct ip6_hdr hdr; 550 struct mbuf *m; 551 552 if (ln->la_hold == NULL) 553 return (NULL); 554 555 /* 556 * assume every packet in la_hold has the same IP header 557 */ 558 m = ln->la_hold; 559 if (sizeof(hdr) > m->m_len) 560 return (NULL); 561 562 m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr); 563 *src = hdr.ip6_src; 564 565 return (src); 566 } 567 568 /* 569 * Checks if we need to switch from STALE state. 570 * 571 * RFC 4861 requires switching from STALE to DELAY state 572 * on first packet matching entry, waiting V_nd6_delay and 573 * transition to PROBE state (if upper layer confirmation was 574 * not received). 575 * 576 * This code performs a bit differently: 577 * On packet hit we don't change state (but desired state 578 * can be guessed by control plane). However, after V_nd6_delay 579 * seconds code will transition to PROBE state (so DELAY state 580 * is kinda skipped in most situations). 581 * 582 * Typically, V_nd6_gctimer is bigger than V_nd6_delay, so 583 * we perform the following upon entering STALE state: 584 * 585 * 1) Arm timer to run each V_nd6_delay seconds to make sure that 586 * if packet was transmitted at the start of given interval, we 587 * would be able to switch to PROBE state in V_nd6_delay seconds 588 * as user expects. 589 * 590 * 2) Reschedule timer until original V_nd6_gctimer expires keeping 591 * lle in STALE state (remaining timer value stored in lle_remtime). 592 * 593 * 3) Reschedule timer if packet was transmitted less that V_nd6_delay 594 * seconds ago. 595 * 596 * Returns non-zero value if the entry is still STALE (storing 597 * the next timer interval in @pdelay). 598 * 599 * Returns zero value if original timer expired or we need to switch to 600 * PROBE (store that in @do_switch variable). 601 */ 602 static int 603 nd6_is_stale(struct llentry *lle, long *pdelay, int *do_switch) 604 { 605 int nd_delay, nd_gctimer, r_skip_req; 606 time_t lle_hittime; 607 long delay; 608 609 *do_switch = 0; 610 nd_gctimer = V_nd6_gctimer; 611 nd_delay = V_nd6_delay; 612 613 LLE_REQ_LOCK(lle); 614 r_skip_req = lle->r_skip_req; 615 lle_hittime = lle->lle_hittime; 616 LLE_REQ_UNLOCK(lle); 617 618 if (r_skip_req > 0) { 619 620 /* 621 * Nonzero r_skip_req value was set upon entering 622 * STALE state. Since value was not changed, no 623 * packets were passed using this lle. Ask for 624 * timer reschedule and keep STALE state. 625 */ 626 delay = (long)(MIN(nd_gctimer, nd_delay)); 627 delay *= hz; 628 if (lle->lle_remtime > delay) 629 lle->lle_remtime -= delay; 630 else { 631 delay = lle->lle_remtime; 632 lle->lle_remtime = 0; 633 } 634 635 if (delay == 0) { 636 637 /* 638 * The original ng6_gctime timeout ended, 639 * no more rescheduling. 640 */ 641 return (0); 642 } 643 644 *pdelay = delay; 645 return (1); 646 } 647 648 /* 649 * Packet received. Verify timestamp 650 */ 651 delay = (long)(time_uptime - lle_hittime); 652 if (delay < nd_delay) { 653 654 /* 655 * V_nd6_delay still not passed since the first 656 * hit in STALE state. 657 * Reshedule timer and return. 658 */ 659 *pdelay = (long)(nd_delay - delay) * hz; 660 return (1); 661 } 662 663 /* Request switching to probe */ 664 *do_switch = 1; 665 return (0); 666 } 667 668 669 /* 670 * Switch @lle state to new state optionally arming timers. 671 * 672 * Set noinline to be dtrace-friendly 673 */ 674 __noinline void 675 nd6_llinfo_setstate(struct llentry *lle, int newstate) 676 { 677 struct ifnet *ifp; 678 int nd_gctimer, nd_delay; 679 long delay, remtime; 680 681 delay = 0; 682 remtime = 0; 683 684 switch (newstate) { 685 case ND6_LLINFO_INCOMPLETE: 686 ifp = lle->lle_tbl->llt_ifp; 687 delay = (long)ND_IFINFO(ifp)->retrans * hz / 1000; 688 break; 689 case ND6_LLINFO_REACHABLE: 690 if (!ND6_LLINFO_PERMANENT(lle)) { 691 ifp = lle->lle_tbl->llt_ifp; 692 delay = (long)ND_IFINFO(ifp)->reachable * hz; 693 } 694 break; 695 case ND6_LLINFO_STALE: 696 697 /* 698 * Notify fast path that we want to know if any packet 699 * is transmitted by setting r_skip_req. 700 */ 701 LLE_REQ_LOCK(lle); 702 lle->r_skip_req = 1; 703 LLE_REQ_UNLOCK(lle); 704 nd_delay = V_nd6_delay; 705 nd_gctimer = V_nd6_gctimer; 706 707 delay = (long)(MIN(nd_gctimer, nd_delay)) * hz; 708 remtime = (long)nd_gctimer * hz - delay; 709 break; 710 case ND6_LLINFO_DELAY: 711 lle->la_asked = 0; 712 delay = (long)V_nd6_delay * hz; 713 break; 714 } 715 716 if (delay > 0) 717 nd6_llinfo_settimer_locked(lle, delay); 718 719 lle->lle_remtime = remtime; 720 lle->ln_state = newstate; 721 } 722 723 /* 724 * Timer-dependent part of nd state machine. 725 * 726 * Set noinline to be dtrace-friendly 727 */ 728 static __noinline void 729 nd6_llinfo_timer(void *arg) 730 { 731 struct llentry *ln; 732 struct in6_addr *dst, *pdst, *psrc, src; 733 struct ifnet *ifp; 734 struct nd_ifinfo *ndi; 735 int do_switch, send_ns; 736 long delay; 737 738 KASSERT(arg != NULL, ("%s: arg NULL", __func__)); 739 ln = (struct llentry *)arg; 740 ifp = lltable_get_ifp(ln->lle_tbl); 741 CURVNET_SET(ifp->if_vnet); 742 743 ND6_RLOCK(); 744 LLE_WLOCK(ln); 745 if (callout_pending(&ln->lle_timer)) { 746 /* 747 * Here we are a bit odd here in the treatment of 748 * active/pending. If the pending bit is set, it got 749 * rescheduled before I ran. The active 750 * bit we ignore, since if it was stopped 751 * in ll_tablefree() and was currently running 752 * it would have return 0 so the code would 753 * not have deleted it since the callout could 754 * not be stopped so we want to go through 755 * with the delete here now. If the callout 756 * was restarted, the pending bit will be back on and 757 * we just want to bail since the callout_reset would 758 * return 1 and our reference would have been removed 759 * by nd6_llinfo_settimer_locked above since canceled 760 * would have been 1. 761 */ 762 LLE_WUNLOCK(ln); 763 ND6_RUNLOCK(); 764 CURVNET_RESTORE(); 765 return; 766 } 767 ndi = ND_IFINFO(ifp); 768 send_ns = 0; 769 dst = &ln->r_l3addr.addr6; 770 pdst = dst; 771 772 if (ln->ln_ntick > 0) { 773 if (ln->ln_ntick > INT_MAX) { 774 ln->ln_ntick -= INT_MAX; 775 nd6_llinfo_settimer_locked(ln, INT_MAX); 776 } else { 777 ln->ln_ntick = 0; 778 nd6_llinfo_settimer_locked(ln, ln->ln_ntick); 779 } 780 goto done; 781 } 782 783 if (ln->la_flags & LLE_STATIC) { 784 goto done; 785 } 786 787 if (ln->la_flags & LLE_DELETED) { 788 nd6_free(&ln, 0); 789 goto done; 790 } 791 792 switch (ln->ln_state) { 793 case ND6_LLINFO_INCOMPLETE: 794 if (ln->la_asked < V_nd6_mmaxtries) { 795 ln->la_asked++; 796 send_ns = 1; 797 /* Send NS to multicast address */ 798 pdst = NULL; 799 } else { 800 struct mbuf *m = ln->la_hold; 801 if (m) { 802 struct mbuf *m0; 803 804 /* 805 * assuming every packet in la_hold has the 806 * same IP header. Send error after unlock. 807 */ 808 m0 = m->m_nextpkt; 809 m->m_nextpkt = NULL; 810 ln->la_hold = m0; 811 clear_llinfo_pqueue(ln); 812 } 813 nd6_free(&ln, 0); 814 if (m != NULL) 815 icmp6_error2(m, ICMP6_DST_UNREACH, 816 ICMP6_DST_UNREACH_ADDR, 0, ifp); 817 } 818 break; 819 case ND6_LLINFO_REACHABLE: 820 if (!ND6_LLINFO_PERMANENT(ln)) 821 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE); 822 break; 823 824 case ND6_LLINFO_STALE: 825 if (nd6_is_stale(ln, &delay, &do_switch) != 0) { 826 827 /* 828 * No packet has used this entry and GC timeout 829 * has not been passed. Reshedule timer and 830 * return. 831 */ 832 nd6_llinfo_settimer_locked(ln, delay); 833 break; 834 } 835 836 if (do_switch == 0) { 837 838 /* 839 * GC timer has ended and entry hasn't been used. 840 * Run Garbage collector (RFC 4861, 5.3) 841 */ 842 if (!ND6_LLINFO_PERMANENT(ln)) 843 nd6_free(&ln, 1); 844 break; 845 } 846 847 /* Entry has been used AND delay timer has ended. */ 848 849 /* FALLTHROUGH */ 850 851 case ND6_LLINFO_DELAY: 852 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) { 853 /* We need NUD */ 854 ln->la_asked = 1; 855 nd6_llinfo_setstate(ln, ND6_LLINFO_PROBE); 856 send_ns = 1; 857 } else 858 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE); /* XXX */ 859 break; 860 case ND6_LLINFO_PROBE: 861 if (ln->la_asked < V_nd6_umaxtries) { 862 ln->la_asked++; 863 send_ns = 1; 864 } else { 865 nd6_free(&ln, 0); 866 } 867 break; 868 default: 869 panic("%s: paths in a dark night can be confusing: %d", 870 __func__, ln->ln_state); 871 } 872 done: 873 if (ln != NULL) 874 ND6_RUNLOCK(); 875 if (send_ns != 0) { 876 nd6_llinfo_settimer_locked(ln, (long)ndi->retrans * hz / 1000); 877 psrc = nd6_llinfo_get_holdsrc(ln, &src); 878 LLE_FREE_LOCKED(ln); 879 ln = NULL; 880 nd6_ns_output(ifp, psrc, pdst, dst, NULL); 881 } 882 883 if (ln != NULL) 884 LLE_FREE_LOCKED(ln); 885 CURVNET_RESTORE(); 886 } 887 888 889 /* 890 * ND6 timer routine to expire default route list and prefix list 891 */ 892 void 893 nd6_timer(void *arg) 894 { 895 CURVNET_SET((struct vnet *) arg); 896 struct nd_drhead drq; 897 struct nd_prhead prl; 898 struct nd_defrouter *dr, *ndr; 899 struct nd_prefix *pr, *npr; 900 struct in6_ifaddr *ia6, *nia6; 901 uint64_t genid; 902 903 TAILQ_INIT(&drq); 904 LIST_INIT(&prl); 905 906 ND6_WLOCK(); 907 TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, ndr) 908 if (dr->expire && dr->expire < time_uptime) 909 defrouter_unlink(dr, &drq); 910 ND6_WUNLOCK(); 911 912 while ((dr = TAILQ_FIRST(&drq)) != NULL) { 913 TAILQ_REMOVE(&drq, dr, dr_entry); 914 defrouter_del(dr); 915 } 916 917 /* 918 * expire interface addresses. 919 * in the past the loop was inside prefix expiry processing. 920 * However, from a stricter speci-confrmance standpoint, we should 921 * rather separate address lifetimes and prefix lifetimes. 922 * 923 * XXXRW: in6_ifaddrhead locking. 924 */ 925 addrloop: 926 CK_STAILQ_FOREACH_SAFE(ia6, &V_in6_ifaddrhead, ia_link, nia6) { 927 /* check address lifetime */ 928 if (IFA6_IS_INVALID(ia6)) { 929 int regen = 0; 930 931 /* 932 * If the expiring address is temporary, try 933 * regenerating a new one. This would be useful when 934 * we suspended a laptop PC, then turned it on after a 935 * period that could invalidate all temporary 936 * addresses. Although we may have to restart the 937 * loop (see below), it must be after purging the 938 * address. Otherwise, we'd see an infinite loop of 939 * regeneration. 940 */ 941 if (V_ip6_use_tempaddr && 942 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) { 943 if (regen_tmpaddr(ia6) == 0) 944 regen = 1; 945 } 946 947 in6_purgeaddr(&ia6->ia_ifa); 948 949 if (regen) 950 goto addrloop; /* XXX: see below */ 951 } else if (IFA6_IS_DEPRECATED(ia6)) { 952 int oldflags = ia6->ia6_flags; 953 954 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 955 956 /* 957 * If a temporary address has just become deprecated, 958 * regenerate a new one if possible. 959 */ 960 if (V_ip6_use_tempaddr && 961 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 962 (oldflags & IN6_IFF_DEPRECATED) == 0) { 963 964 if (regen_tmpaddr(ia6) == 0) { 965 /* 966 * A new temporary address is 967 * generated. 968 * XXX: this means the address chain 969 * has changed while we are still in 970 * the loop. Although the change 971 * would not cause disaster (because 972 * it's not a deletion, but an 973 * addition,) we'd rather restart the 974 * loop just for safety. Or does this 975 * significantly reduce performance?? 976 */ 977 goto addrloop; 978 } 979 } 980 } else if ((ia6->ia6_flags & IN6_IFF_TENTATIVE) != 0) { 981 /* 982 * Schedule DAD for a tentative address. This happens 983 * if the interface was down or not running 984 * when the address was configured. 985 */ 986 int delay; 987 988 delay = arc4random() % 989 (MAX_RTR_SOLICITATION_DELAY * hz); 990 nd6_dad_start((struct ifaddr *)ia6, delay); 991 } else { 992 /* 993 * Check status of the interface. If it is down, 994 * mark the address as tentative for future DAD. 995 */ 996 if ((ia6->ia_ifp->if_flags & IFF_UP) == 0 || 997 (ia6->ia_ifp->if_drv_flags & IFF_DRV_RUNNING) 998 == 0 || 999 (ND_IFINFO(ia6->ia_ifp)->flags & 1000 ND6_IFF_IFDISABLED) != 0) { 1001 ia6->ia6_flags &= ~IN6_IFF_DUPLICATED; 1002 ia6->ia6_flags |= IN6_IFF_TENTATIVE; 1003 } 1004 /* 1005 * A new RA might have made a deprecated address 1006 * preferred. 1007 */ 1008 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 1009 } 1010 } 1011 1012 ND6_WLOCK(); 1013 restart: 1014 LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) { 1015 /* 1016 * Expire prefixes. Since the pltime is only used for 1017 * autoconfigured addresses, pltime processing for prefixes is 1018 * not necessary. 1019 * 1020 * Only unlink after all derived addresses have expired. This 1021 * may not occur until two hours after the prefix has expired 1022 * per RFC 4862. If the prefix expires before its derived 1023 * addresses, mark it off-link. This will be done automatically 1024 * after unlinking if no address references remain. 1025 */ 1026 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME || 1027 time_uptime - pr->ndpr_lastupdate <= pr->ndpr_vltime) 1028 continue; 1029 1030 if (pr->ndpr_addrcnt == 0) { 1031 nd6_prefix_unlink(pr, &prl); 1032 continue; 1033 } 1034 if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0) { 1035 genid = V_nd6_list_genid; 1036 nd6_prefix_ref(pr); 1037 ND6_WUNLOCK(); 1038 ND6_ONLINK_LOCK(); 1039 (void)nd6_prefix_offlink(pr); 1040 ND6_ONLINK_UNLOCK(); 1041 ND6_WLOCK(); 1042 nd6_prefix_rele(pr); 1043 if (genid != V_nd6_list_genid) 1044 goto restart; 1045 } 1046 } 1047 ND6_WUNLOCK(); 1048 1049 while ((pr = LIST_FIRST(&prl)) != NULL) { 1050 LIST_REMOVE(pr, ndpr_entry); 1051 nd6_prefix_del(pr); 1052 } 1053 1054 callout_reset(&V_nd6_timer_ch, V_nd6_prune * hz, 1055 nd6_timer, curvnet); 1056 1057 CURVNET_RESTORE(); 1058 } 1059 1060 /* 1061 * ia6 - deprecated/invalidated temporary address 1062 */ 1063 static int 1064 regen_tmpaddr(struct in6_ifaddr *ia6) 1065 { 1066 struct epoch_tracker et; 1067 struct ifaddr *ifa; 1068 struct ifnet *ifp; 1069 struct in6_ifaddr *public_ifa6 = NULL; 1070 1071 ifp = ia6->ia_ifa.ifa_ifp; 1072 NET_EPOCH_ENTER(et); 1073 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1074 struct in6_ifaddr *it6; 1075 1076 if (ifa->ifa_addr->sa_family != AF_INET6) 1077 continue; 1078 1079 it6 = (struct in6_ifaddr *)ifa; 1080 1081 /* ignore no autoconf addresses. */ 1082 if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1083 continue; 1084 1085 /* ignore autoconf addresses with different prefixes. */ 1086 if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr) 1087 continue; 1088 1089 /* 1090 * Now we are looking at an autoconf address with the same 1091 * prefix as ours. If the address is temporary and is still 1092 * preferred, do not create another one. It would be rare, but 1093 * could happen, for example, when we resume a laptop PC after 1094 * a long period. 1095 */ 1096 if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 1097 !IFA6_IS_DEPRECATED(it6)) { 1098 public_ifa6 = NULL; 1099 break; 1100 } 1101 1102 /* 1103 * This is a public autoconf address that has the same prefix 1104 * as ours. If it is preferred, keep it. We can't break the 1105 * loop here, because there may be a still-preferred temporary 1106 * address with the prefix. 1107 */ 1108 if (!IFA6_IS_DEPRECATED(it6)) 1109 public_ifa6 = it6; 1110 } 1111 if (public_ifa6 != NULL) 1112 ifa_ref(&public_ifa6->ia_ifa); 1113 NET_EPOCH_EXIT(et); 1114 1115 if (public_ifa6 != NULL) { 1116 int e; 1117 1118 if ((e = in6_tmpifadd(public_ifa6, 0, 0)) != 0) { 1119 ifa_free(&public_ifa6->ia_ifa); 1120 log(LOG_NOTICE, "regen_tmpaddr: failed to create a new" 1121 " tmp addr,errno=%d\n", e); 1122 return (-1); 1123 } 1124 ifa_free(&public_ifa6->ia_ifa); 1125 return (0); 1126 } 1127 1128 return (-1); 1129 } 1130 1131 /* 1132 * Remove prefix and default router list entries corresponding to ifp. Neighbor 1133 * cache entries are freed in in6_domifdetach(). 1134 */ 1135 void 1136 nd6_purge(struct ifnet *ifp) 1137 { 1138 struct nd_drhead drq; 1139 struct nd_prhead prl; 1140 struct nd_defrouter *dr, *ndr; 1141 struct nd_prefix *pr, *npr; 1142 1143 TAILQ_INIT(&drq); 1144 LIST_INIT(&prl); 1145 1146 /* 1147 * Nuke default router list entries toward ifp. 1148 * We defer removal of default router list entries that is installed 1149 * in the routing table, in order to keep additional side effects as 1150 * small as possible. 1151 */ 1152 ND6_WLOCK(); 1153 TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, ndr) { 1154 if (dr->installed) 1155 continue; 1156 if (dr->ifp == ifp) 1157 defrouter_unlink(dr, &drq); 1158 } 1159 TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, ndr) { 1160 if (!dr->installed) 1161 continue; 1162 if (dr->ifp == ifp) 1163 defrouter_unlink(dr, &drq); 1164 } 1165 1166 /* 1167 * Remove prefixes on ifp. We should have already removed addresses on 1168 * this interface, so no addresses should be referencing these prefixes. 1169 */ 1170 LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) { 1171 if (pr->ndpr_ifp == ifp) 1172 nd6_prefix_unlink(pr, &prl); 1173 } 1174 ND6_WUNLOCK(); 1175 1176 /* Delete the unlinked router and prefix objects. */ 1177 while ((dr = TAILQ_FIRST(&drq)) != NULL) { 1178 TAILQ_REMOVE(&drq, dr, dr_entry); 1179 defrouter_del(dr); 1180 } 1181 while ((pr = LIST_FIRST(&prl)) != NULL) { 1182 LIST_REMOVE(pr, ndpr_entry); 1183 nd6_prefix_del(pr); 1184 } 1185 1186 /* cancel default outgoing interface setting */ 1187 if (V_nd6_defifindex == ifp->if_index) 1188 nd6_setdefaultiface(0); 1189 1190 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) { 1191 /* Refresh default router list. */ 1192 defrouter_select_fib(ifp->if_fib); 1193 } 1194 } 1195 1196 /* 1197 * the caller acquires and releases the lock on the lltbls 1198 * Returns the llentry locked 1199 */ 1200 struct llentry * 1201 nd6_lookup(const struct in6_addr *addr6, int flags, struct ifnet *ifp) 1202 { 1203 struct sockaddr_in6 sin6; 1204 struct llentry *ln; 1205 1206 bzero(&sin6, sizeof(sin6)); 1207 sin6.sin6_len = sizeof(struct sockaddr_in6); 1208 sin6.sin6_family = AF_INET6; 1209 sin6.sin6_addr = *addr6; 1210 1211 IF_AFDATA_LOCK_ASSERT(ifp); 1212 1213 ln = lla_lookup(LLTABLE6(ifp), flags, (struct sockaddr *)&sin6); 1214 1215 return (ln); 1216 } 1217 1218 struct llentry * 1219 nd6_alloc(const struct in6_addr *addr6, int flags, struct ifnet *ifp) 1220 { 1221 struct sockaddr_in6 sin6; 1222 struct llentry *ln; 1223 1224 bzero(&sin6, sizeof(sin6)); 1225 sin6.sin6_len = sizeof(struct sockaddr_in6); 1226 sin6.sin6_family = AF_INET6; 1227 sin6.sin6_addr = *addr6; 1228 1229 ln = lltable_alloc_entry(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6); 1230 if (ln != NULL) 1231 ln->ln_state = ND6_LLINFO_NOSTATE; 1232 1233 return (ln); 1234 } 1235 1236 /* 1237 * Test whether a given IPv6 address is a neighbor or not, ignoring 1238 * the actual neighbor cache. The neighbor cache is ignored in order 1239 * to not reenter the routing code from within itself. 1240 */ 1241 static int 1242 nd6_is_new_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp) 1243 { 1244 struct nd_prefix *pr; 1245 struct ifaddr *ifa; 1246 struct rt_addrinfo info; 1247 struct sockaddr_in6 rt_key; 1248 const struct sockaddr *dst6; 1249 uint64_t genid; 1250 int error, fibnum; 1251 1252 /* 1253 * A link-local address is always a neighbor. 1254 * XXX: a link does not necessarily specify a single interface. 1255 */ 1256 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) { 1257 struct sockaddr_in6 sin6_copy; 1258 u_int32_t zone; 1259 1260 /* 1261 * We need sin6_copy since sa6_recoverscope() may modify the 1262 * content (XXX). 1263 */ 1264 sin6_copy = *addr; 1265 if (sa6_recoverscope(&sin6_copy)) 1266 return (0); /* XXX: should be impossible */ 1267 if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone)) 1268 return (0); 1269 if (sin6_copy.sin6_scope_id == zone) 1270 return (1); 1271 else 1272 return (0); 1273 } 1274 1275 bzero(&rt_key, sizeof(rt_key)); 1276 bzero(&info, sizeof(info)); 1277 info.rti_info[RTAX_DST] = (struct sockaddr *)&rt_key; 1278 1279 /* 1280 * If the address matches one of our addresses, 1281 * it should be a neighbor. 1282 * If the address matches one of our on-link prefixes, it should be a 1283 * neighbor. 1284 */ 1285 ND6_RLOCK(); 1286 restart: 1287 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) { 1288 if (pr->ndpr_ifp != ifp) 1289 continue; 1290 1291 if ((pr->ndpr_stateflags & NDPRF_ONLINK) == 0) { 1292 dst6 = (const struct sockaddr *)&pr->ndpr_prefix; 1293 1294 /* 1295 * We only need to check all FIBs if add_addr_allfibs 1296 * is unset. If set, checking any FIB will suffice. 1297 */ 1298 fibnum = V_rt_add_addr_allfibs ? rt_numfibs - 1 : 0; 1299 for (; fibnum < rt_numfibs; fibnum++) { 1300 genid = V_nd6_list_genid; 1301 ND6_RUNLOCK(); 1302 1303 /* 1304 * Restore length field before 1305 * retrying lookup 1306 */ 1307 rt_key.sin6_len = sizeof(rt_key); 1308 error = rib_lookup_info(fibnum, dst6, 0, 0, 1309 &info); 1310 1311 ND6_RLOCK(); 1312 if (genid != V_nd6_list_genid) 1313 goto restart; 1314 if (error == 0) 1315 break; 1316 } 1317 if (error != 0) 1318 continue; 1319 1320 /* 1321 * This is the case where multiple interfaces 1322 * have the same prefix, but only one is installed 1323 * into the routing table and that prefix entry 1324 * is not the one being examined here. In the case 1325 * where RADIX_MPATH is enabled, multiple route 1326 * entries (of the same rt_key value) will be 1327 * installed because the interface addresses all 1328 * differ. 1329 */ 1330 if (!IN6_ARE_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, 1331 &rt_key.sin6_addr)) 1332 continue; 1333 } 1334 1335 if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, 1336 &addr->sin6_addr, &pr->ndpr_mask)) { 1337 ND6_RUNLOCK(); 1338 return (1); 1339 } 1340 } 1341 ND6_RUNLOCK(); 1342 1343 /* 1344 * If the address is assigned on the node of the other side of 1345 * a p2p interface, the address should be a neighbor. 1346 */ 1347 if (ifp->if_flags & IFF_POINTOPOINT) { 1348 struct epoch_tracker et; 1349 1350 NET_EPOCH_ENTER(et); 1351 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1352 if (ifa->ifa_addr->sa_family != addr->sin6_family) 1353 continue; 1354 if (ifa->ifa_dstaddr != NULL && 1355 sa_equal(addr, ifa->ifa_dstaddr)) { 1356 NET_EPOCH_EXIT(et); 1357 return 1; 1358 } 1359 } 1360 NET_EPOCH_EXIT(et); 1361 } 1362 1363 /* 1364 * If the default router list is empty, all addresses are regarded 1365 * as on-link, and thus, as a neighbor. 1366 */ 1367 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && 1368 TAILQ_EMPTY(&V_nd_defrouter) && 1369 V_nd6_defifindex == ifp->if_index) { 1370 return (1); 1371 } 1372 1373 return (0); 1374 } 1375 1376 1377 /* 1378 * Detect if a given IPv6 address identifies a neighbor on a given link. 1379 * XXX: should take care of the destination of a p2p link? 1380 */ 1381 int 1382 nd6_is_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp) 1383 { 1384 struct epoch_tracker et; 1385 struct llentry *lle; 1386 int rc = 0; 1387 1388 IF_AFDATA_UNLOCK_ASSERT(ifp); 1389 if (nd6_is_new_addr_neighbor(addr, ifp)) 1390 return (1); 1391 1392 /* 1393 * Even if the address matches none of our addresses, it might be 1394 * in the neighbor cache. 1395 */ 1396 NET_EPOCH_ENTER(et); 1397 if ((lle = nd6_lookup(&addr->sin6_addr, 0, ifp)) != NULL) { 1398 LLE_RUNLOCK(lle); 1399 rc = 1; 1400 } 1401 NET_EPOCH_EXIT(et); 1402 return (rc); 1403 } 1404 1405 /* 1406 * Free an nd6 llinfo entry. 1407 * Since the function would cause significant changes in the kernel, DO NOT 1408 * make it global, unless you have a strong reason for the change, and are sure 1409 * that the change is safe. 1410 * 1411 * Set noinline to be dtrace-friendly 1412 */ 1413 static __noinline void 1414 nd6_free(struct llentry **lnp, int gc) 1415 { 1416 struct ifnet *ifp; 1417 struct llentry *ln; 1418 struct nd_defrouter *dr; 1419 1420 ln = *lnp; 1421 *lnp = NULL; 1422 1423 LLE_WLOCK_ASSERT(ln); 1424 ND6_RLOCK_ASSERT(); 1425 1426 ifp = lltable_get_ifp(ln->lle_tbl); 1427 if ((ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) != 0) 1428 dr = defrouter_lookup_locked(&ln->r_l3addr.addr6, ifp); 1429 else 1430 dr = NULL; 1431 ND6_RUNLOCK(); 1432 1433 if ((ln->la_flags & LLE_DELETED) == 0) 1434 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_EXPIRED); 1435 1436 /* 1437 * we used to have pfctlinput(PRC_HOSTDEAD) here. 1438 * even though it is not harmful, it was not really necessary. 1439 */ 1440 1441 /* cancel timer */ 1442 nd6_llinfo_settimer_locked(ln, -1); 1443 1444 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) { 1445 if (dr != NULL && dr->expire && 1446 ln->ln_state == ND6_LLINFO_STALE && gc) { 1447 /* 1448 * If the reason for the deletion is just garbage 1449 * collection, and the neighbor is an active default 1450 * router, do not delete it. Instead, reset the GC 1451 * timer using the router's lifetime. 1452 * Simply deleting the entry would affect default 1453 * router selection, which is not necessarily a good 1454 * thing, especially when we're using router preference 1455 * values. 1456 * XXX: the check for ln_state would be redundant, 1457 * but we intentionally keep it just in case. 1458 */ 1459 if (dr->expire > time_uptime) 1460 nd6_llinfo_settimer_locked(ln, 1461 (dr->expire - time_uptime) * hz); 1462 else 1463 nd6_llinfo_settimer_locked(ln, 1464 (long)V_nd6_gctimer * hz); 1465 1466 LLE_REMREF(ln); 1467 LLE_WUNLOCK(ln); 1468 defrouter_rele(dr); 1469 return; 1470 } 1471 1472 if (dr) { 1473 /* 1474 * Unreachablity of a router might affect the default 1475 * router selection and on-link detection of advertised 1476 * prefixes. 1477 */ 1478 1479 /* 1480 * Temporarily fake the state to choose a new default 1481 * router and to perform on-link determination of 1482 * prefixes correctly. 1483 * Below the state will be set correctly, 1484 * or the entry itself will be deleted. 1485 */ 1486 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1487 } 1488 1489 if (ln->ln_router || dr) { 1490 1491 /* 1492 * We need to unlock to avoid a LOR with rt6_flush() with the 1493 * rnh and for the calls to pfxlist_onlink_check() and 1494 * defrouter_select_fib() in the block further down for calls 1495 * into nd6_lookup(). We still hold a ref. 1496 */ 1497 LLE_WUNLOCK(ln); 1498 1499 /* 1500 * rt6_flush must be called whether or not the neighbor 1501 * is in the Default Router List. 1502 * See a corresponding comment in nd6_na_input(). 1503 */ 1504 rt6_flush(&ln->r_l3addr.addr6, ifp); 1505 } 1506 1507 if (dr) { 1508 /* 1509 * Since defrouter_select_fib() does not affect the 1510 * on-link determination and MIP6 needs the check 1511 * before the default router selection, we perform 1512 * the check now. 1513 */ 1514 pfxlist_onlink_check(); 1515 1516 /* 1517 * Refresh default router list. 1518 */ 1519 defrouter_select_fib(dr->ifp->if_fib); 1520 } 1521 1522 /* 1523 * If this entry was added by an on-link redirect, remove the 1524 * corresponding host route. 1525 */ 1526 if (ln->la_flags & LLE_REDIRECT) 1527 nd6_free_redirect(ln); 1528 1529 if (ln->ln_router || dr) 1530 LLE_WLOCK(ln); 1531 } 1532 1533 /* 1534 * Save to unlock. We still hold an extra reference and will not 1535 * free(9) in llentry_free() if someone else holds one as well. 1536 */ 1537 LLE_WUNLOCK(ln); 1538 IF_AFDATA_LOCK(ifp); 1539 LLE_WLOCK(ln); 1540 /* Guard against race with other llentry_free(). */ 1541 if (ln->la_flags & LLE_LINKED) { 1542 /* Remove callout reference */ 1543 LLE_REMREF(ln); 1544 lltable_unlink_entry(ln->lle_tbl, ln); 1545 } 1546 IF_AFDATA_UNLOCK(ifp); 1547 1548 llentry_free(ln); 1549 if (dr != NULL) 1550 defrouter_rele(dr); 1551 } 1552 1553 static int 1554 nd6_isdynrte(const struct rtentry *rt, void *xap) 1555 { 1556 1557 if (rt->rt_flags == (RTF_UP | RTF_HOST | RTF_DYNAMIC)) 1558 return (1); 1559 1560 return (0); 1561 } 1562 /* 1563 * Remove the rtentry for the given llentry, 1564 * both of which were installed by a redirect. 1565 */ 1566 static void 1567 nd6_free_redirect(const struct llentry *ln) 1568 { 1569 int fibnum; 1570 struct sockaddr_in6 sin6; 1571 struct rt_addrinfo info; 1572 1573 lltable_fill_sa_entry(ln, (struct sockaddr *)&sin6); 1574 memset(&info, 0, sizeof(info)); 1575 info.rti_info[RTAX_DST] = (struct sockaddr *)&sin6; 1576 info.rti_filter = nd6_isdynrte; 1577 1578 for (fibnum = 0; fibnum < rt_numfibs; fibnum++) 1579 rtrequest1_fib(RTM_DELETE, &info, NULL, fibnum); 1580 } 1581 1582 /* 1583 * Rejuvenate this function for routing operations related 1584 * processing. 1585 */ 1586 void 1587 nd6_rtrequest(int req, struct rtentry *rt, struct rt_addrinfo *info) 1588 { 1589 struct sockaddr_in6 *gateway; 1590 struct nd_defrouter *dr; 1591 struct ifnet *ifp; 1592 1593 gateway = (struct sockaddr_in6 *)rt->rt_gateway; 1594 ifp = rt->rt_ifp; 1595 1596 switch (req) { 1597 case RTM_ADD: 1598 break; 1599 1600 case RTM_DELETE: 1601 if (!ifp) 1602 return; 1603 /* 1604 * Only indirect routes are interesting. 1605 */ 1606 if ((rt->rt_flags & RTF_GATEWAY) == 0) 1607 return; 1608 /* 1609 * check for default route 1610 */ 1611 if (IN6_ARE_ADDR_EQUAL(&in6addr_any, 1612 &SIN6(rt_key(rt))->sin6_addr)) { 1613 dr = defrouter_lookup(&gateway->sin6_addr, ifp); 1614 if (dr != NULL) { 1615 dr->installed = 0; 1616 defrouter_rele(dr); 1617 } 1618 } 1619 break; 1620 } 1621 } 1622 1623 1624 int 1625 nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) 1626 { 1627 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1628 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1629 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1630 struct epoch_tracker et; 1631 int error = 0; 1632 1633 if (ifp->if_afdata[AF_INET6] == NULL) 1634 return (EPFNOSUPPORT); 1635 switch (cmd) { 1636 case OSIOCGIFINFO_IN6: 1637 #define ND ndi->ndi 1638 /* XXX: old ndp(8) assumes a positive value for linkmtu. */ 1639 bzero(&ND, sizeof(ND)); 1640 ND.linkmtu = IN6_LINKMTU(ifp); 1641 ND.maxmtu = ND_IFINFO(ifp)->maxmtu; 1642 ND.basereachable = ND_IFINFO(ifp)->basereachable; 1643 ND.reachable = ND_IFINFO(ifp)->reachable; 1644 ND.retrans = ND_IFINFO(ifp)->retrans; 1645 ND.flags = ND_IFINFO(ifp)->flags; 1646 ND.recalctm = ND_IFINFO(ifp)->recalctm; 1647 ND.chlim = ND_IFINFO(ifp)->chlim; 1648 break; 1649 case SIOCGIFINFO_IN6: 1650 ND = *ND_IFINFO(ifp); 1651 break; 1652 case SIOCSIFINFO_IN6: 1653 /* 1654 * used to change host variables from userland. 1655 * intended for a use on router to reflect RA configurations. 1656 */ 1657 /* 0 means 'unspecified' */ 1658 if (ND.linkmtu != 0) { 1659 if (ND.linkmtu < IPV6_MMTU || 1660 ND.linkmtu > IN6_LINKMTU(ifp)) { 1661 error = EINVAL; 1662 break; 1663 } 1664 ND_IFINFO(ifp)->linkmtu = ND.linkmtu; 1665 } 1666 1667 if (ND.basereachable != 0) { 1668 int obasereachable = ND_IFINFO(ifp)->basereachable; 1669 1670 ND_IFINFO(ifp)->basereachable = ND.basereachable; 1671 if (ND.basereachable != obasereachable) 1672 ND_IFINFO(ifp)->reachable = 1673 ND_COMPUTE_RTIME(ND.basereachable); 1674 } 1675 if (ND.retrans != 0) 1676 ND_IFINFO(ifp)->retrans = ND.retrans; 1677 if (ND.chlim != 0) 1678 ND_IFINFO(ifp)->chlim = ND.chlim; 1679 /* FALLTHROUGH */ 1680 case SIOCSIFINFO_FLAGS: 1681 { 1682 struct ifaddr *ifa; 1683 struct in6_ifaddr *ia; 1684 1685 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && 1686 !(ND.flags & ND6_IFF_IFDISABLED)) { 1687 /* ifdisabled 1->0 transision */ 1688 1689 /* 1690 * If the interface is marked as ND6_IFF_IFDISABLED and 1691 * has an link-local address with IN6_IFF_DUPLICATED, 1692 * do not clear ND6_IFF_IFDISABLED. 1693 * See RFC 4862, Section 5.4.5. 1694 */ 1695 NET_EPOCH_ENTER(et); 1696 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1697 if (ifa->ifa_addr->sa_family != AF_INET6) 1698 continue; 1699 ia = (struct in6_ifaddr *)ifa; 1700 if ((ia->ia6_flags & IN6_IFF_DUPLICATED) && 1701 IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))) 1702 break; 1703 } 1704 NET_EPOCH_EXIT(et); 1705 1706 if (ifa != NULL) { 1707 /* LLA is duplicated. */ 1708 ND.flags |= ND6_IFF_IFDISABLED; 1709 log(LOG_ERR, "Cannot enable an interface" 1710 " with a link-local address marked" 1711 " duplicate.\n"); 1712 } else { 1713 ND_IFINFO(ifp)->flags &= ~ND6_IFF_IFDISABLED; 1714 if (ifp->if_flags & IFF_UP) 1715 in6_if_up(ifp); 1716 } 1717 } else if (!(ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && 1718 (ND.flags & ND6_IFF_IFDISABLED)) { 1719 /* ifdisabled 0->1 transision */ 1720 /* Mark all IPv6 address as tentative. */ 1721 1722 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED; 1723 if (V_ip6_dad_count > 0 && 1724 (ND_IFINFO(ifp)->flags & ND6_IFF_NO_DAD) == 0) { 1725 NET_EPOCH_ENTER(et); 1726 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, 1727 ifa_link) { 1728 if (ifa->ifa_addr->sa_family != 1729 AF_INET6) 1730 continue; 1731 ia = (struct in6_ifaddr *)ifa; 1732 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1733 } 1734 NET_EPOCH_EXIT(et); 1735 } 1736 } 1737 1738 if (ND.flags & ND6_IFF_AUTO_LINKLOCAL) { 1739 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_AUTO_LINKLOCAL)) { 1740 /* auto_linklocal 0->1 transision */ 1741 1742 /* If no link-local address on ifp, configure */ 1743 ND_IFINFO(ifp)->flags |= ND6_IFF_AUTO_LINKLOCAL; 1744 in6_ifattach(ifp, NULL); 1745 } else if (!(ND.flags & ND6_IFF_IFDISABLED) && 1746 ifp->if_flags & IFF_UP) { 1747 /* 1748 * When the IF already has 1749 * ND6_IFF_AUTO_LINKLOCAL, no link-local 1750 * address is assigned, and IFF_UP, try to 1751 * assign one. 1752 */ 1753 NET_EPOCH_ENTER(et); 1754 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, 1755 ifa_link) { 1756 if (ifa->ifa_addr->sa_family != 1757 AF_INET6) 1758 continue; 1759 ia = (struct in6_ifaddr *)ifa; 1760 if (IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))) 1761 break; 1762 } 1763 NET_EPOCH_EXIT(et); 1764 if (ifa != NULL) 1765 /* No LLA is configured. */ 1766 in6_ifattach(ifp, NULL); 1767 } 1768 } 1769 } 1770 ND_IFINFO(ifp)->flags = ND.flags; 1771 break; 1772 #undef ND 1773 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1774 /* sync kernel routing table with the default router list */ 1775 defrouter_reset(); 1776 defrouter_select(); 1777 break; 1778 case SIOCSPFXFLUSH_IN6: 1779 { 1780 /* flush all the prefix advertised by routers */ 1781 struct in6_ifaddr *ia, *ia_next; 1782 struct nd_prefix *pr, *next; 1783 struct nd_prhead prl; 1784 1785 LIST_INIT(&prl); 1786 1787 ND6_WLOCK(); 1788 LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, next) { 1789 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1790 continue; /* XXX */ 1791 nd6_prefix_unlink(pr, &prl); 1792 } 1793 ND6_WUNLOCK(); 1794 1795 while ((pr = LIST_FIRST(&prl)) != NULL) { 1796 LIST_REMOVE(pr, ndpr_entry); 1797 /* XXXRW: in6_ifaddrhead locking. */ 1798 CK_STAILQ_FOREACH_SAFE(ia, &V_in6_ifaddrhead, ia_link, 1799 ia_next) { 1800 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1801 continue; 1802 1803 if (ia->ia6_ndpr == pr) 1804 in6_purgeaddr(&ia->ia_ifa); 1805 } 1806 nd6_prefix_del(pr); 1807 } 1808 break; 1809 } 1810 case SIOCSRTRFLUSH_IN6: 1811 { 1812 /* flush all the default routers */ 1813 struct nd_drhead drq; 1814 struct nd_defrouter *dr; 1815 1816 TAILQ_INIT(&drq); 1817 1818 defrouter_reset(); 1819 1820 ND6_WLOCK(); 1821 while ((dr = TAILQ_FIRST(&V_nd_defrouter)) != NULL) 1822 defrouter_unlink(dr, &drq); 1823 ND6_WUNLOCK(); 1824 while ((dr = TAILQ_FIRST(&drq)) != NULL) { 1825 TAILQ_REMOVE(&drq, dr, dr_entry); 1826 defrouter_del(dr); 1827 } 1828 1829 defrouter_select(); 1830 break; 1831 } 1832 case SIOCGNBRINFO_IN6: 1833 { 1834 struct llentry *ln; 1835 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1836 1837 if ((error = in6_setscope(&nb_addr, ifp, NULL)) != 0) 1838 return (error); 1839 1840 NET_EPOCH_ENTER(et); 1841 ln = nd6_lookup(&nb_addr, 0, ifp); 1842 NET_EPOCH_EXIT(et); 1843 1844 if (ln == NULL) { 1845 error = EINVAL; 1846 break; 1847 } 1848 nbi->state = ln->ln_state; 1849 nbi->asked = ln->la_asked; 1850 nbi->isrouter = ln->ln_router; 1851 if (ln->la_expire == 0) 1852 nbi->expire = 0; 1853 else 1854 nbi->expire = ln->la_expire + ln->lle_remtime / hz + 1855 (time_second - time_uptime); 1856 LLE_RUNLOCK(ln); 1857 break; 1858 } 1859 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1860 ndif->ifindex = V_nd6_defifindex; 1861 break; 1862 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1863 return (nd6_setdefaultiface(ndif->ifindex)); 1864 } 1865 return (error); 1866 } 1867 1868 /* 1869 * Calculates new isRouter value based on provided parameters and 1870 * returns it. 1871 */ 1872 static int 1873 nd6_is_router(int type, int code, int is_new, int old_addr, int new_addr, 1874 int ln_router) 1875 { 1876 1877 /* 1878 * ICMP6 type dependent behavior. 1879 * 1880 * NS: clear IsRouter if new entry 1881 * RS: clear IsRouter 1882 * RA: set IsRouter if there's lladdr 1883 * redir: clear IsRouter if new entry 1884 * 1885 * RA case, (1): 1886 * The spec says that we must set IsRouter in the following cases: 1887 * - If lladdr exist, set IsRouter. This means (1-5). 1888 * - If it is old entry (!newentry), set IsRouter. This means (7). 1889 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1890 * A quetion arises for (1) case. (1) case has no lladdr in the 1891 * neighbor cache, this is similar to (6). 1892 * This case is rare but we figured that we MUST NOT set IsRouter. 1893 * 1894 * is_new old_addr new_addr NS RS RA redir 1895 * D R 1896 * 0 n n (1) c ? s 1897 * 0 y n (2) c s s 1898 * 0 n y (3) c s s 1899 * 0 y y (4) c s s 1900 * 0 y y (5) c s s 1901 * 1 -- n (6) c c c s 1902 * 1 -- y (7) c c s c s 1903 * 1904 * (c=clear s=set) 1905 */ 1906 switch (type & 0xff) { 1907 case ND_NEIGHBOR_SOLICIT: 1908 /* 1909 * New entry must have is_router flag cleared. 1910 */ 1911 if (is_new) /* (6-7) */ 1912 ln_router = 0; 1913 break; 1914 case ND_REDIRECT: 1915 /* 1916 * If the icmp is a redirect to a better router, always set the 1917 * is_router flag. Otherwise, if the entry is newly created, 1918 * clear the flag. [RFC 2461, sec 8.3] 1919 */ 1920 if (code == ND_REDIRECT_ROUTER) 1921 ln_router = 1; 1922 else { 1923 if (is_new) /* (6-7) */ 1924 ln_router = 0; 1925 } 1926 break; 1927 case ND_ROUTER_SOLICIT: 1928 /* 1929 * is_router flag must always be cleared. 1930 */ 1931 ln_router = 0; 1932 break; 1933 case ND_ROUTER_ADVERT: 1934 /* 1935 * Mark an entry with lladdr as a router. 1936 */ 1937 if ((!is_new && (old_addr || new_addr)) || /* (2-5) */ 1938 (is_new && new_addr)) { /* (7) */ 1939 ln_router = 1; 1940 } 1941 break; 1942 } 1943 1944 return (ln_router); 1945 } 1946 1947 /* 1948 * Create neighbor cache entry and cache link-layer address, 1949 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1950 * 1951 * type - ICMP6 type 1952 * code - type dependent information 1953 * 1954 */ 1955 void 1956 nd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr, 1957 int lladdrlen, int type, int code) 1958 { 1959 struct llentry *ln = NULL, *ln_tmp; 1960 int is_newentry; 1961 int do_update; 1962 int olladdr; 1963 int llchange; 1964 int flags; 1965 uint16_t router = 0; 1966 struct sockaddr_in6 sin6; 1967 struct epoch_tracker et; 1968 struct mbuf *chain = NULL; 1969 u_char linkhdr[LLE_MAX_LINKHDR]; 1970 size_t linkhdrsize; 1971 int lladdr_off; 1972 1973 IF_AFDATA_UNLOCK_ASSERT(ifp); 1974 1975 KASSERT(ifp != NULL, ("%s: ifp == NULL", __func__)); 1976 KASSERT(from != NULL, ("%s: from == NULL", __func__)); 1977 1978 /* nothing must be updated for unspecified address */ 1979 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1980 return; 1981 1982 /* 1983 * Validation about ifp->if_addrlen and lladdrlen must be done in 1984 * the caller. 1985 * 1986 * XXX If the link does not have link-layer adderss, what should 1987 * we do? (ifp->if_addrlen == 0) 1988 * Spec says nothing in sections for RA, RS and NA. There's small 1989 * description on it in NS section (RFC 2461 7.2.3). 1990 */ 1991 flags = lladdr ? LLE_EXCLUSIVE : 0; 1992 NET_EPOCH_ENTER(et); 1993 ln = nd6_lookup(from, flags, ifp); 1994 NET_EPOCH_EXIT(et); 1995 is_newentry = 0; 1996 if (ln == NULL) { 1997 flags |= LLE_EXCLUSIVE; 1998 ln = nd6_alloc(from, 0, ifp); 1999 if (ln == NULL) 2000 return; 2001 2002 /* 2003 * Since we already know all the data for the new entry, 2004 * fill it before insertion. 2005 */ 2006 if (lladdr != NULL) { 2007 linkhdrsize = sizeof(linkhdr); 2008 if (lltable_calc_llheader(ifp, AF_INET6, lladdr, 2009 linkhdr, &linkhdrsize, &lladdr_off) != 0) 2010 return; 2011 lltable_set_entry_addr(ifp, ln, linkhdr, linkhdrsize, 2012 lladdr_off); 2013 } 2014 2015 IF_AFDATA_WLOCK(ifp); 2016 LLE_WLOCK(ln); 2017 /* Prefer any existing lle over newly-created one */ 2018 ln_tmp = nd6_lookup(from, LLE_EXCLUSIVE, ifp); 2019 if (ln_tmp == NULL) 2020 lltable_link_entry(LLTABLE6(ifp), ln); 2021 IF_AFDATA_WUNLOCK(ifp); 2022 if (ln_tmp == NULL) { 2023 /* No existing lle, mark as new entry (6,7) */ 2024 is_newentry = 1; 2025 if (lladdr != NULL) { /* (7) */ 2026 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE); 2027 EVENTHANDLER_INVOKE(lle_event, ln, 2028 LLENTRY_RESOLVED); 2029 } 2030 } else { 2031 lltable_free_entry(LLTABLE6(ifp), ln); 2032 ln = ln_tmp; 2033 ln_tmp = NULL; 2034 } 2035 } 2036 /* do nothing if static ndp is set */ 2037 if ((ln->la_flags & LLE_STATIC)) { 2038 if (flags & LLE_EXCLUSIVE) 2039 LLE_WUNLOCK(ln); 2040 else 2041 LLE_RUNLOCK(ln); 2042 return; 2043 } 2044 2045 olladdr = (ln->la_flags & LLE_VALID) ? 1 : 0; 2046 if (olladdr && lladdr) { 2047 llchange = bcmp(lladdr, ln->ll_addr, 2048 ifp->if_addrlen); 2049 } else if (!olladdr && lladdr) 2050 llchange = 1; 2051 else 2052 llchange = 0; 2053 2054 /* 2055 * newentry olladdr lladdr llchange (*=record) 2056 * 0 n n -- (1) 2057 * 0 y n -- (2) 2058 * 0 n y y (3) * STALE 2059 * 0 y y n (4) * 2060 * 0 y y y (5) * STALE 2061 * 1 -- n -- (6) NOSTATE(= PASSIVE) 2062 * 1 -- y -- (7) * STALE 2063 */ 2064 2065 do_update = 0; 2066 if (is_newentry == 0 && llchange != 0) { 2067 do_update = 1; /* (3,5) */ 2068 2069 /* 2070 * Record source link-layer address 2071 * XXX is it dependent to ifp->if_type? 2072 */ 2073 linkhdrsize = sizeof(linkhdr); 2074 if (lltable_calc_llheader(ifp, AF_INET6, lladdr, 2075 linkhdr, &linkhdrsize, &lladdr_off) != 0) 2076 return; 2077 2078 if (lltable_try_set_entry_addr(ifp, ln, linkhdr, linkhdrsize, 2079 lladdr_off) == 0) { 2080 /* Entry was deleted */ 2081 return; 2082 } 2083 2084 nd6_llinfo_setstate(ln, ND6_LLINFO_STALE); 2085 2086 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED); 2087 2088 if (ln->la_hold != NULL) 2089 nd6_grab_holdchain(ln, &chain, &sin6); 2090 } 2091 2092 /* Calculates new router status */ 2093 router = nd6_is_router(type, code, is_newentry, olladdr, 2094 lladdr != NULL ? 1 : 0, ln->ln_router); 2095 2096 ln->ln_router = router; 2097 /* Mark non-router redirects with special flag */ 2098 if ((type & 0xFF) == ND_REDIRECT && code != ND_REDIRECT_ROUTER) 2099 ln->la_flags |= LLE_REDIRECT; 2100 2101 if (flags & LLE_EXCLUSIVE) 2102 LLE_WUNLOCK(ln); 2103 else 2104 LLE_RUNLOCK(ln); 2105 2106 if (chain != NULL) 2107 nd6_flush_holdchain(ifp, chain, &sin6); 2108 2109 /* 2110 * When the link-layer address of a router changes, select the 2111 * best router again. In particular, when the neighbor entry is newly 2112 * created, it might affect the selection policy. 2113 * Question: can we restrict the first condition to the "is_newentry" 2114 * case? 2115 * XXX: when we hear an RA from a new router with the link-layer 2116 * address option, defrouter_select_fib() is called twice, since 2117 * defrtrlist_update called the function as well. However, I believe 2118 * we can compromise the overhead, since it only happens the first 2119 * time. 2120 * XXX: although defrouter_select_fib() should not have a bad effect 2121 * for those are not autoconfigured hosts, we explicitly avoid such 2122 * cases for safety. 2123 */ 2124 if ((do_update || is_newentry) && router && 2125 ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) { 2126 /* 2127 * guaranteed recursion 2128 */ 2129 defrouter_select_fib(ifp->if_fib); 2130 } 2131 } 2132 2133 static void 2134 nd6_slowtimo(void *arg) 2135 { 2136 struct epoch_tracker et; 2137 CURVNET_SET((struct vnet *) arg); 2138 struct nd_ifinfo *nd6if; 2139 struct ifnet *ifp; 2140 2141 callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 2142 nd6_slowtimo, curvnet); 2143 NET_EPOCH_ENTER(et); 2144 CK_STAILQ_FOREACH(ifp, &V_ifnet, if_link) { 2145 if (ifp->if_afdata[AF_INET6] == NULL) 2146 continue; 2147 nd6if = ND_IFINFO(ifp); 2148 if (nd6if->basereachable && /* already initialized */ 2149 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 2150 /* 2151 * Since reachable time rarely changes by router 2152 * advertisements, we SHOULD insure that a new random 2153 * value gets recomputed at least once every few hours. 2154 * (RFC 2461, 6.3.4) 2155 */ 2156 nd6if->recalctm = V_nd6_recalc_reachtm_interval; 2157 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 2158 } 2159 } 2160 NET_EPOCH_EXIT(et); 2161 CURVNET_RESTORE(); 2162 } 2163 2164 void 2165 nd6_grab_holdchain(struct llentry *ln, struct mbuf **chain, 2166 struct sockaddr_in6 *sin6) 2167 { 2168 2169 LLE_WLOCK_ASSERT(ln); 2170 2171 *chain = ln->la_hold; 2172 ln->la_hold = NULL; 2173 lltable_fill_sa_entry(ln, (struct sockaddr *)sin6); 2174 2175 if (ln->ln_state == ND6_LLINFO_STALE) { 2176 2177 /* 2178 * The first time we send a packet to a 2179 * neighbor whose entry is STALE, we have 2180 * to change the state to DELAY and a sets 2181 * a timer to expire in DELAY_FIRST_PROBE_TIME 2182 * seconds to ensure do neighbor unreachability 2183 * detection on expiration. 2184 * (RFC 2461 7.3.3) 2185 */ 2186 nd6_llinfo_setstate(ln, ND6_LLINFO_DELAY); 2187 } 2188 } 2189 2190 int 2191 nd6_output_ifp(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m, 2192 struct sockaddr_in6 *dst, struct route *ro) 2193 { 2194 int error; 2195 int ip6len; 2196 struct ip6_hdr *ip6; 2197 struct m_tag *mtag; 2198 2199 #ifdef MAC 2200 mac_netinet6_nd6_send(ifp, m); 2201 #endif 2202 2203 /* 2204 * If called from nd6_ns_output() (NS), nd6_na_output() (NA), 2205 * icmp6_redirect_output() (REDIRECT) or from rip6_output() (RS, RA 2206 * as handled by rtsol and rtadvd), mbufs will be tagged for SeND 2207 * to be diverted to user space. When re-injected into the kernel, 2208 * send_output() will directly dispatch them to the outgoing interface. 2209 */ 2210 if (send_sendso_input_hook != NULL) { 2211 mtag = m_tag_find(m, PACKET_TAG_ND_OUTGOING, NULL); 2212 if (mtag != NULL) { 2213 ip6 = mtod(m, struct ip6_hdr *); 2214 ip6len = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen); 2215 /* Use the SEND socket */ 2216 error = send_sendso_input_hook(m, ifp, SND_OUT, 2217 ip6len); 2218 /* -1 == no app on SEND socket */ 2219 if (error == 0 || error != -1) 2220 return (error); 2221 } 2222 } 2223 2224 m_clrprotoflags(m); /* Avoid confusing lower layers. */ 2225 IP_PROBE(send, NULL, NULL, mtod(m, struct ip6_hdr *), ifp, NULL, 2226 mtod(m, struct ip6_hdr *)); 2227 2228 if ((ifp->if_flags & IFF_LOOPBACK) == 0) 2229 origifp = ifp; 2230 2231 error = (*ifp->if_output)(origifp, m, (struct sockaddr *)dst, ro); 2232 return (error); 2233 } 2234 2235 /* 2236 * Lookup link headerfor @sa_dst address. Stores found 2237 * data in @desten buffer. Copy of lle ln_flags can be also 2238 * saved in @pflags if @pflags is non-NULL. 2239 * 2240 * If destination LLE does not exists or lle state modification 2241 * is required, call "slow" version. 2242 * 2243 * Return values: 2244 * - 0 on success (address copied to buffer). 2245 * - EWOULDBLOCK (no local error, but address is still unresolved) 2246 * - other errors (alloc failure, etc) 2247 */ 2248 int 2249 nd6_resolve(struct ifnet *ifp, int is_gw, struct mbuf *m, 2250 const struct sockaddr *sa_dst, u_char *desten, uint32_t *pflags, 2251 struct llentry **plle) 2252 { 2253 struct epoch_tracker et; 2254 struct llentry *ln = NULL; 2255 const struct sockaddr_in6 *dst6; 2256 2257 if (pflags != NULL) 2258 *pflags = 0; 2259 2260 dst6 = (const struct sockaddr_in6 *)sa_dst; 2261 2262 /* discard the packet if IPv6 operation is disabled on the interface */ 2263 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) { 2264 m_freem(m); 2265 return (ENETDOWN); /* better error? */ 2266 } 2267 2268 if (m != NULL && m->m_flags & M_MCAST) { 2269 switch (ifp->if_type) { 2270 case IFT_ETHER: 2271 case IFT_L2VLAN: 2272 case IFT_BRIDGE: 2273 ETHER_MAP_IPV6_MULTICAST(&dst6->sin6_addr, 2274 desten); 2275 return (0); 2276 default: 2277 m_freem(m); 2278 return (EAFNOSUPPORT); 2279 } 2280 } 2281 2282 NET_EPOCH_ENTER(et); 2283 ln = nd6_lookup(&dst6->sin6_addr, plle ? LLE_EXCLUSIVE : LLE_UNLOCKED, 2284 ifp); 2285 if (ln != NULL && (ln->r_flags & RLLE_VALID) != 0) { 2286 /* Entry found, let's copy lle info */ 2287 bcopy(ln->r_linkdata, desten, ln->r_hdrlen); 2288 if (pflags != NULL) 2289 *pflags = LLE_VALID | (ln->r_flags & RLLE_IFADDR); 2290 /* Check if we have feedback request from nd6 timer */ 2291 if (ln->r_skip_req != 0) { 2292 LLE_REQ_LOCK(ln); 2293 ln->r_skip_req = 0; /* Notify that entry was used */ 2294 ln->lle_hittime = time_uptime; 2295 LLE_REQ_UNLOCK(ln); 2296 } 2297 if (plle) { 2298 LLE_ADDREF(ln); 2299 *plle = ln; 2300 LLE_WUNLOCK(ln); 2301 } 2302 NET_EPOCH_EXIT(et); 2303 return (0); 2304 } else if (plle && ln) 2305 LLE_WUNLOCK(ln); 2306 NET_EPOCH_EXIT(et); 2307 2308 return (nd6_resolve_slow(ifp, 0, m, dst6, desten, pflags, plle)); 2309 } 2310 2311 2312 /* 2313 * Do L2 address resolution for @sa_dst address. Stores found 2314 * address in @desten buffer. Copy of lle ln_flags can be also 2315 * saved in @pflags if @pflags is non-NULL. 2316 * 2317 * Heavy version. 2318 * Function assume that destination LLE does not exist, 2319 * is invalid or stale, so LLE_EXCLUSIVE lock needs to be acquired. 2320 * 2321 * Set noinline to be dtrace-friendly 2322 */ 2323 static __noinline int 2324 nd6_resolve_slow(struct ifnet *ifp, int flags, struct mbuf *m, 2325 const struct sockaddr_in6 *dst, u_char *desten, uint32_t *pflags, 2326 struct llentry **plle) 2327 { 2328 struct llentry *lle = NULL, *lle_tmp; 2329 struct in6_addr *psrc, src; 2330 int send_ns, ll_len; 2331 char *lladdr; 2332 2333 /* 2334 * Address resolution or Neighbor Unreachability Detection 2335 * for the next hop. 2336 * At this point, the destination of the packet must be a unicast 2337 * or an anycast address(i.e. not a multicast). 2338 */ 2339 if (lle == NULL) { 2340 struct epoch_tracker et; 2341 2342 NET_EPOCH_ENTER(et); 2343 lle = nd6_lookup(&dst->sin6_addr, LLE_EXCLUSIVE, ifp); 2344 NET_EPOCH_EXIT(et); 2345 if ((lle == NULL) && nd6_is_addr_neighbor(dst, ifp)) { 2346 /* 2347 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 2348 * the condition below is not very efficient. But we believe 2349 * it is tolerable, because this should be a rare case. 2350 */ 2351 lle = nd6_alloc(&dst->sin6_addr, 0, ifp); 2352 if (lle == NULL) { 2353 char ip6buf[INET6_ADDRSTRLEN]; 2354 log(LOG_DEBUG, 2355 "nd6_output: can't allocate llinfo for %s " 2356 "(ln=%p)\n", 2357 ip6_sprintf(ip6buf, &dst->sin6_addr), lle); 2358 m_freem(m); 2359 return (ENOBUFS); 2360 } 2361 2362 IF_AFDATA_WLOCK(ifp); 2363 LLE_WLOCK(lle); 2364 /* Prefer any existing entry over newly-created one */ 2365 lle_tmp = nd6_lookup(&dst->sin6_addr, LLE_EXCLUSIVE, ifp); 2366 if (lle_tmp == NULL) 2367 lltable_link_entry(LLTABLE6(ifp), lle); 2368 IF_AFDATA_WUNLOCK(ifp); 2369 if (lle_tmp != NULL) { 2370 lltable_free_entry(LLTABLE6(ifp), lle); 2371 lle = lle_tmp; 2372 lle_tmp = NULL; 2373 } 2374 } 2375 } 2376 if (lle == NULL) { 2377 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_PERFORMNUD)) { 2378 m_freem(m); 2379 return (ENOBUFS); 2380 } 2381 2382 if (m != NULL) 2383 m_freem(m); 2384 return (ENOBUFS); 2385 } 2386 2387 LLE_WLOCK_ASSERT(lle); 2388 2389 /* 2390 * The first time we send a packet to a neighbor whose entry is 2391 * STALE, we have to change the state to DELAY and a sets a timer to 2392 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 2393 * neighbor unreachability detection on expiration. 2394 * (RFC 2461 7.3.3) 2395 */ 2396 if (lle->ln_state == ND6_LLINFO_STALE) 2397 nd6_llinfo_setstate(lle, ND6_LLINFO_DELAY); 2398 2399 /* 2400 * If the neighbor cache entry has a state other than INCOMPLETE 2401 * (i.e. its link-layer address is already resolved), just 2402 * send the packet. 2403 */ 2404 if (lle->ln_state > ND6_LLINFO_INCOMPLETE) { 2405 if (flags & LLE_ADDRONLY) { 2406 lladdr = lle->ll_addr; 2407 ll_len = ifp->if_addrlen; 2408 } else { 2409 lladdr = lle->r_linkdata; 2410 ll_len = lle->r_hdrlen; 2411 } 2412 bcopy(lladdr, desten, ll_len); 2413 if (pflags != NULL) 2414 *pflags = lle->la_flags; 2415 if (plle) { 2416 LLE_ADDREF(lle); 2417 *plle = lle; 2418 } 2419 LLE_WUNLOCK(lle); 2420 return (0); 2421 } 2422 2423 /* 2424 * There is a neighbor cache entry, but no ethernet address 2425 * response yet. Append this latest packet to the end of the 2426 * packet queue in the mbuf. When it exceeds nd6_maxqueuelen, 2427 * the oldest packet in the queue will be removed. 2428 */ 2429 2430 if (lle->la_hold != NULL) { 2431 struct mbuf *m_hold; 2432 int i; 2433 2434 i = 0; 2435 for (m_hold = lle->la_hold; m_hold; m_hold = m_hold->m_nextpkt){ 2436 i++; 2437 if (m_hold->m_nextpkt == NULL) { 2438 m_hold->m_nextpkt = m; 2439 break; 2440 } 2441 } 2442 while (i >= V_nd6_maxqueuelen) { 2443 m_hold = lle->la_hold; 2444 lle->la_hold = lle->la_hold->m_nextpkt; 2445 m_freem(m_hold); 2446 i--; 2447 } 2448 } else { 2449 lle->la_hold = m; 2450 } 2451 2452 /* 2453 * If there has been no NS for the neighbor after entering the 2454 * INCOMPLETE state, send the first solicitation. 2455 * Note that for newly-created lle la_asked will be 0, 2456 * so we will transition from ND6_LLINFO_NOSTATE to 2457 * ND6_LLINFO_INCOMPLETE state here. 2458 */ 2459 psrc = NULL; 2460 send_ns = 0; 2461 if (lle->la_asked == 0) { 2462 lle->la_asked++; 2463 send_ns = 1; 2464 psrc = nd6_llinfo_get_holdsrc(lle, &src); 2465 2466 nd6_llinfo_setstate(lle, ND6_LLINFO_INCOMPLETE); 2467 } 2468 LLE_WUNLOCK(lle); 2469 if (send_ns != 0) 2470 nd6_ns_output(ifp, psrc, NULL, &dst->sin6_addr, NULL); 2471 2472 return (EWOULDBLOCK); 2473 } 2474 2475 /* 2476 * Do L2 address resolution for @sa_dst address. Stores found 2477 * address in @desten buffer. Copy of lle ln_flags can be also 2478 * saved in @pflags if @pflags is non-NULL. 2479 * 2480 * Return values: 2481 * - 0 on success (address copied to buffer). 2482 * - EWOULDBLOCK (no local error, but address is still unresolved) 2483 * - other errors (alloc failure, etc) 2484 */ 2485 int 2486 nd6_resolve_addr(struct ifnet *ifp, int flags, const struct sockaddr *dst, 2487 char *desten, uint32_t *pflags) 2488 { 2489 int error; 2490 2491 flags |= LLE_ADDRONLY; 2492 error = nd6_resolve_slow(ifp, flags, NULL, 2493 (const struct sockaddr_in6 *)dst, desten, pflags, NULL); 2494 return (error); 2495 } 2496 2497 int 2498 nd6_flush_holdchain(struct ifnet *ifp, struct mbuf *chain, 2499 struct sockaddr_in6 *dst) 2500 { 2501 struct mbuf *m, *m_head; 2502 int error = 0; 2503 2504 m_head = chain; 2505 2506 while (m_head) { 2507 m = m_head; 2508 m_head = m_head->m_nextpkt; 2509 error = nd6_output_ifp(ifp, ifp, m, dst, NULL); 2510 } 2511 2512 /* 2513 * XXX 2514 * note that intermediate errors are blindly ignored 2515 */ 2516 return (error); 2517 } 2518 2519 static int 2520 nd6_need_cache(struct ifnet *ifp) 2521 { 2522 /* 2523 * XXX: we currently do not make neighbor cache on any interface 2524 * other than Ethernet and GIF. 2525 * 2526 * RFC2893 says: 2527 * - unidirectional tunnels needs no ND 2528 */ 2529 switch (ifp->if_type) { 2530 case IFT_ETHER: 2531 case IFT_IEEE1394: 2532 case IFT_L2VLAN: 2533 case IFT_INFINIBAND: 2534 case IFT_BRIDGE: 2535 case IFT_PROPVIRTUAL: 2536 return (1); 2537 default: 2538 return (0); 2539 } 2540 } 2541 2542 /* 2543 * Add pernament ND6 link-layer record for given 2544 * interface address. 2545 * 2546 * Very similar to IPv4 arp_ifinit(), but: 2547 * 1) IPv6 DAD is performed in different place 2548 * 2) It is called by IPv6 protocol stack in contrast to 2549 * arp_ifinit() which is typically called in SIOCSIFADDR 2550 * driver ioctl handler. 2551 * 2552 */ 2553 int 2554 nd6_add_ifa_lle(struct in6_ifaddr *ia) 2555 { 2556 struct ifnet *ifp; 2557 struct llentry *ln, *ln_tmp; 2558 struct sockaddr *dst; 2559 2560 ifp = ia->ia_ifa.ifa_ifp; 2561 if (nd6_need_cache(ifp) == 0) 2562 return (0); 2563 2564 ia->ia_ifa.ifa_rtrequest = nd6_rtrequest; 2565 dst = (struct sockaddr *)&ia->ia_addr; 2566 ln = lltable_alloc_entry(LLTABLE6(ifp), LLE_IFADDR, dst); 2567 if (ln == NULL) 2568 return (ENOBUFS); 2569 2570 IF_AFDATA_WLOCK(ifp); 2571 LLE_WLOCK(ln); 2572 /* Unlink any entry if exists */ 2573 ln_tmp = lla_lookup(LLTABLE6(ifp), LLE_EXCLUSIVE, dst); 2574 if (ln_tmp != NULL) 2575 lltable_unlink_entry(LLTABLE6(ifp), ln_tmp); 2576 lltable_link_entry(LLTABLE6(ifp), ln); 2577 IF_AFDATA_WUNLOCK(ifp); 2578 2579 if (ln_tmp != NULL) 2580 EVENTHANDLER_INVOKE(lle_event, ln_tmp, LLENTRY_EXPIRED); 2581 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED); 2582 2583 LLE_WUNLOCK(ln); 2584 if (ln_tmp != NULL) 2585 llentry_free(ln_tmp); 2586 2587 return (0); 2588 } 2589 2590 /* 2591 * Removes either all lle entries for given @ia, or lle 2592 * corresponding to @ia address. 2593 */ 2594 void 2595 nd6_rem_ifa_lle(struct in6_ifaddr *ia, int all) 2596 { 2597 struct sockaddr_in6 mask, addr; 2598 struct sockaddr *saddr, *smask; 2599 struct ifnet *ifp; 2600 2601 ifp = ia->ia_ifa.ifa_ifp; 2602 memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr)); 2603 memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask)); 2604 saddr = (struct sockaddr *)&addr; 2605 smask = (struct sockaddr *)&mask; 2606 2607 if (all != 0) 2608 lltable_prefix_free(AF_INET6, saddr, smask, LLE_STATIC); 2609 else 2610 lltable_delete_addr(LLTABLE6(ifp), LLE_IFADDR, saddr); 2611 } 2612 2613 static void 2614 clear_llinfo_pqueue(struct llentry *ln) 2615 { 2616 struct mbuf *m_hold, *m_hold_next; 2617 2618 for (m_hold = ln->la_hold; m_hold; m_hold = m_hold_next) { 2619 m_hold_next = m_hold->m_nextpkt; 2620 m_freem(m_hold); 2621 } 2622 2623 ln->la_hold = NULL; 2624 } 2625 2626 static int nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS); 2627 static int nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS); 2628 2629 SYSCTL_DECL(_net_inet6_icmp6); 2630 SYSCTL_PROC(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist, 2631 CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE, 2632 NULL, 0, nd6_sysctl_drlist, "S,in6_defrouter", 2633 "NDP default router list"); 2634 SYSCTL_PROC(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist, 2635 CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE, 2636 NULL, 0, nd6_sysctl_prlist, "S,in6_prefix", 2637 "NDP prefix list"); 2638 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, nd6_maxqueuelen, 2639 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_maxqueuelen), 1, ""); 2640 SYSCTL_INT(_net_inet6_icmp6, OID_AUTO, nd6_gctimer, 2641 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_gctimer), (60 * 60 * 24), ""); 2642 2643 static int 2644 nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS) 2645 { 2646 struct in6_defrouter d; 2647 struct nd_defrouter *dr; 2648 int error; 2649 2650 if (req->newptr != NULL) 2651 return (EPERM); 2652 2653 error = sysctl_wire_old_buffer(req, 0); 2654 if (error != 0) 2655 return (error); 2656 2657 bzero(&d, sizeof(d)); 2658 d.rtaddr.sin6_family = AF_INET6; 2659 d.rtaddr.sin6_len = sizeof(d.rtaddr); 2660 2661 ND6_RLOCK(); 2662 TAILQ_FOREACH(dr, &V_nd_defrouter, dr_entry) { 2663 d.rtaddr.sin6_addr = dr->rtaddr; 2664 error = sa6_recoverscope(&d.rtaddr); 2665 if (error != 0) 2666 break; 2667 d.flags = dr->raflags; 2668 d.rtlifetime = dr->rtlifetime; 2669 d.expire = dr->expire + (time_second - time_uptime); 2670 d.if_index = dr->ifp->if_index; 2671 error = SYSCTL_OUT(req, &d, sizeof(d)); 2672 if (error != 0) 2673 break; 2674 } 2675 ND6_RUNLOCK(); 2676 return (error); 2677 } 2678 2679 static int 2680 nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS) 2681 { 2682 struct in6_prefix p; 2683 struct sockaddr_in6 s6; 2684 struct nd_prefix *pr; 2685 struct nd_pfxrouter *pfr; 2686 time_t maxexpire; 2687 int error; 2688 char ip6buf[INET6_ADDRSTRLEN]; 2689 2690 if (req->newptr) 2691 return (EPERM); 2692 2693 error = sysctl_wire_old_buffer(req, 0); 2694 if (error != 0) 2695 return (error); 2696 2697 bzero(&p, sizeof(p)); 2698 p.origin = PR_ORIG_RA; 2699 bzero(&s6, sizeof(s6)); 2700 s6.sin6_family = AF_INET6; 2701 s6.sin6_len = sizeof(s6); 2702 2703 ND6_RLOCK(); 2704 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) { 2705 p.prefix = pr->ndpr_prefix; 2706 if (sa6_recoverscope(&p.prefix)) { 2707 log(LOG_ERR, "scope error in prefix list (%s)\n", 2708 ip6_sprintf(ip6buf, &p.prefix.sin6_addr)); 2709 /* XXX: press on... */ 2710 } 2711 p.raflags = pr->ndpr_raf; 2712 p.prefixlen = pr->ndpr_plen; 2713 p.vltime = pr->ndpr_vltime; 2714 p.pltime = pr->ndpr_pltime; 2715 p.if_index = pr->ndpr_ifp->if_index; 2716 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 2717 p.expire = 0; 2718 else { 2719 /* XXX: we assume time_t is signed. */ 2720 maxexpire = (-1) & 2721 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 2722 if (pr->ndpr_vltime < maxexpire - pr->ndpr_lastupdate) 2723 p.expire = pr->ndpr_lastupdate + 2724 pr->ndpr_vltime + 2725 (time_second - time_uptime); 2726 else 2727 p.expire = maxexpire; 2728 } 2729 p.refcnt = pr->ndpr_addrcnt; 2730 p.flags = pr->ndpr_stateflags; 2731 p.advrtrs = 0; 2732 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) 2733 p.advrtrs++; 2734 error = SYSCTL_OUT(req, &p, sizeof(p)); 2735 if (error != 0) 2736 break; 2737 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 2738 s6.sin6_addr = pfr->router->rtaddr; 2739 if (sa6_recoverscope(&s6)) 2740 log(LOG_ERR, 2741 "scope error in prefix list (%s)\n", 2742 ip6_sprintf(ip6buf, &pfr->router->rtaddr)); 2743 error = SYSCTL_OUT(req, &s6, sizeof(s6)); 2744 if (error != 0) 2745 goto out; 2746 } 2747 } 2748 out: 2749 ND6_RUNLOCK(); 2750 return (error); 2751 } 2752