1 /* $FreeBSD$ */ 2 /* $KAME: nd6.c,v 1.144 2001/05/24 07:44:00 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * XXX 35 * KAME 970409 note: 36 * BSD/OS version heavily modifies this code, related to llinfo. 37 * Since we don't have BSD/OS version of net/route.c in our hand, 38 * I left the code mostly as it was in 970310. -- itojun 39 */ 40 41 #include "opt_inet.h" 42 #include "opt_inet6.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/callout.h> 47 #include <sys/malloc.h> 48 #include <sys/mbuf.h> 49 #include <sys/socket.h> 50 #include <sys/sockio.h> 51 #include <sys/time.h> 52 #include <sys/kernel.h> 53 #include <sys/protosw.h> 54 #include <sys/errno.h> 55 #include <sys/syslog.h> 56 #include <sys/queue.h> 57 #include <sys/sysctl.h> 58 59 #include <net/if.h> 60 #include <net/if_dl.h> 61 #include <net/if_types.h> 62 #include <net/if_atm.h> 63 #include <net/route.h> 64 65 #include <netinet/in.h> 66 #include <netinet/if_ether.h> 67 #include <netinet/if_fddi.h> 68 #include <netinet6/in6_var.h> 69 #include <netinet/ip6.h> 70 #include <netinet6/ip6_var.h> 71 #include <netinet6/nd6.h> 72 #include <netinet6/in6_prefix.h> 73 #include <netinet/icmp6.h> 74 75 #include <net/net_osdep.h> 76 77 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 78 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 79 80 #define SIN6(s) ((struct sockaddr_in6 *)s) 81 #define SDL(s) ((struct sockaddr_dl *)s) 82 83 /* timer values */ 84 int nd6_prune = 1; /* walk list every 1 seconds */ 85 int nd6_delay = 5; /* delay first probe time 5 second */ 86 int nd6_umaxtries = 3; /* maximum unicast query */ 87 int nd6_mmaxtries = 3; /* maximum multicast query */ 88 int nd6_useloopback = 1; /* use loopback interface for local traffic */ 89 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 90 91 /* preventing too many loops in ND option parsing */ 92 int nd6_maxndopt = 10; /* max # of ND options allowed */ 93 94 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 95 96 #ifdef ND6_DEBUG 97 int nd6_debug = 1; 98 #else 99 int nd6_debug = 0; 100 #endif 101 102 /* for debugging? */ 103 static int nd6_inuse, nd6_allocated; 104 105 struct llinfo_nd6 llinfo_nd6 = {&llinfo_nd6, &llinfo_nd6}; 106 static size_t nd_ifinfo_indexlim = 8; 107 struct nd_ifinfo *nd_ifinfo = NULL; 108 struct nd_drhead nd_defrouter; 109 struct nd_prhead nd_prefix = { 0 }; 110 111 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 112 static struct sockaddr_in6 all1_sa; 113 114 static void nd6_slowtimo __P((void *)); 115 static int regen_tmpaddr __P((struct in6_ifaddr *)); 116 117 struct callout nd6_slowtimo_ch; 118 struct callout nd6_timer_ch; 119 extern struct callout in6_tmpaddrtimer_ch; 120 121 void 122 nd6_init() 123 { 124 static int nd6_init_done = 0; 125 int i; 126 127 if (nd6_init_done) { 128 log(LOG_NOTICE, "nd6_init called more than once(ignored)\n"); 129 return; 130 } 131 132 all1_sa.sin6_family = AF_INET6; 133 all1_sa.sin6_len = sizeof(struct sockaddr_in6); 134 for (i = 0; i < sizeof(all1_sa.sin6_addr); i++) 135 all1_sa.sin6_addr.s6_addr[i] = 0xff; 136 137 /* initialization of the default router list */ 138 TAILQ_INIT(&nd_defrouter); 139 140 nd6_init_done = 1; 141 142 /* start timer */ 143 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 144 nd6_slowtimo, NULL); 145 } 146 147 void 148 nd6_ifattach(ifp) 149 struct ifnet *ifp; 150 { 151 152 /* 153 * We have some arrays that should be indexed by if_index. 154 * since if_index will grow dynamically, they should grow too. 155 */ 156 if (nd_ifinfo == NULL || if_index >= nd_ifinfo_indexlim) { 157 size_t n; 158 caddr_t q; 159 160 while (if_index >= nd_ifinfo_indexlim) 161 nd_ifinfo_indexlim <<= 1; 162 163 /* grow nd_ifinfo */ 164 n = nd_ifinfo_indexlim * sizeof(struct nd_ifinfo); 165 q = (caddr_t)malloc(n, M_IP6NDP, M_WAITOK); 166 bzero(q, n); 167 if (nd_ifinfo) { 168 bcopy((caddr_t)nd_ifinfo, q, n/2); 169 free((caddr_t)nd_ifinfo, M_IP6NDP); 170 } 171 nd_ifinfo = (struct nd_ifinfo *)q; 172 } 173 174 #define ND nd_ifinfo[ifp->if_index] 175 176 /* 177 * Don't initialize if called twice. 178 * XXX: to detect this, we should choose a member that is never set 179 * before initialization of the ND structure itself. We formaly used 180 * the linkmtu member, which was not suitable because it could be 181 * initialized via "ifconfig mtu". 182 */ 183 if (ND.basereachable) 184 return; 185 186 ND.linkmtu = ifnet_byindex(ifp->if_index)->if_mtu; 187 ND.chlim = IPV6_DEFHLIM; 188 ND.basereachable = REACHABLE_TIME; 189 ND.reachable = ND_COMPUTE_RTIME(ND.basereachable); 190 ND.retrans = RETRANS_TIMER; 191 ND.receivedra = 0; 192 ND.flags = ND6_IFF_PERFORMNUD; 193 nd6_setmtu(ifp); 194 #undef ND 195 } 196 197 /* 198 * Reset ND level link MTU. This function is called when the physical MTU 199 * changes, which means we might have to adjust the ND level MTU. 200 */ 201 void 202 nd6_setmtu(ifp) 203 struct ifnet *ifp; 204 { 205 #define MIN(a,b) ((a) < (b) ? (a) : (b)) 206 struct nd_ifinfo *ndi = &nd_ifinfo[ifp->if_index]; 207 u_long oldmaxmtu = ndi->maxmtu; 208 u_long oldlinkmtu = ndi->linkmtu; 209 210 switch (ifp->if_type) { 211 case IFT_ARCNET: /* XXX MTU handling needs more work */ 212 ndi->maxmtu = MIN(60480, ifp->if_mtu); 213 break; 214 case IFT_ETHER: 215 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 216 break; 217 case IFT_FDDI: 218 ndi->maxmtu = MIN(FDDIIPMTU, ifp->if_mtu); 219 break; 220 case IFT_ATM: 221 ndi->maxmtu = MIN(ATMMTU, ifp->if_mtu); 222 break; 223 case IFT_IEEE1394: /* XXX should be IEEE1394MTU(1500) */ 224 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 225 break; 226 #ifdef IFT_IEEE80211 227 case IFT_IEEE80211: /* XXX should be IEEE80211MTU(1500) */ 228 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 229 break; 230 #endif 231 default: 232 ndi->maxmtu = ifp->if_mtu; 233 break; 234 } 235 236 if (oldmaxmtu != ndi->maxmtu) { 237 /* 238 * If the ND level MTU is not set yet, or if the maxmtu 239 * is reset to a smaller value than the ND level MTU, 240 * also reset the ND level MTU. 241 */ 242 if (ndi->linkmtu == 0 || 243 ndi->maxmtu < ndi->linkmtu) { 244 ndi->linkmtu = ndi->maxmtu; 245 /* also adjust in6_maxmtu if necessary. */ 246 if (oldlinkmtu == 0) { 247 /* 248 * XXX: the case analysis is grotty, but 249 * it is not efficient to call in6_setmaxmtu() 250 * here when we are during the initialization 251 * procedure. 252 */ 253 if (in6_maxmtu < ndi->linkmtu) 254 in6_maxmtu = ndi->linkmtu; 255 } else 256 in6_setmaxmtu(); 257 } 258 } 259 #undef MIN 260 } 261 262 void 263 nd6_option_init(opt, icmp6len, ndopts) 264 void *opt; 265 int icmp6len; 266 union nd_opts *ndopts; 267 { 268 bzero(ndopts, sizeof(*ndopts)); 269 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 270 ndopts->nd_opts_last 271 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 272 273 if (icmp6len == 0) { 274 ndopts->nd_opts_done = 1; 275 ndopts->nd_opts_search = NULL; 276 } 277 } 278 279 /* 280 * Take one ND option. 281 */ 282 struct nd_opt_hdr * 283 nd6_option(ndopts) 284 union nd_opts *ndopts; 285 { 286 struct nd_opt_hdr *nd_opt; 287 int olen; 288 289 if (!ndopts) 290 panic("ndopts == NULL in nd6_option\n"); 291 if (!ndopts->nd_opts_last) 292 panic("uninitialized ndopts in nd6_option\n"); 293 if (!ndopts->nd_opts_search) 294 return NULL; 295 if (ndopts->nd_opts_done) 296 return NULL; 297 298 nd_opt = ndopts->nd_opts_search; 299 300 /* make sure nd_opt_len is inside the buffer */ 301 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 302 bzero(ndopts, sizeof(*ndopts)); 303 return NULL; 304 } 305 306 olen = nd_opt->nd_opt_len << 3; 307 if (olen == 0) { 308 /* 309 * Message validation requires that all included 310 * options have a length that is greater than zero. 311 */ 312 bzero(ndopts, sizeof(*ndopts)); 313 return NULL; 314 } 315 316 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 317 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 318 /* option overruns the end of buffer, invalid */ 319 bzero(ndopts, sizeof(*ndopts)); 320 return NULL; 321 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 322 /* reached the end of options chain */ 323 ndopts->nd_opts_done = 1; 324 ndopts->nd_opts_search = NULL; 325 } 326 return nd_opt; 327 } 328 329 /* 330 * Parse multiple ND options. 331 * This function is much easier to use, for ND routines that do not need 332 * multiple options of the same type. 333 */ 334 int 335 nd6_options(ndopts) 336 union nd_opts *ndopts; 337 { 338 struct nd_opt_hdr *nd_opt; 339 int i = 0; 340 341 if (!ndopts) 342 panic("ndopts == NULL in nd6_options\n"); 343 if (!ndopts->nd_opts_last) 344 panic("uninitialized ndopts in nd6_options\n"); 345 if (!ndopts->nd_opts_search) 346 return 0; 347 348 while (1) { 349 nd_opt = nd6_option(ndopts); 350 if (!nd_opt && !ndopts->nd_opts_last) { 351 /* 352 * Message validation requires that all included 353 * options have a length that is greater than zero. 354 */ 355 icmp6stat.icp6s_nd_badopt++; 356 bzero(ndopts, sizeof(*ndopts)); 357 return -1; 358 } 359 360 if (!nd_opt) 361 goto skip1; 362 363 switch (nd_opt->nd_opt_type) { 364 case ND_OPT_SOURCE_LINKADDR: 365 case ND_OPT_TARGET_LINKADDR: 366 case ND_OPT_MTU: 367 case ND_OPT_REDIRECTED_HEADER: 368 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 369 nd6log((LOG_INFO, 370 "duplicated ND6 option found (type=%d)\n", 371 nd_opt->nd_opt_type)); 372 /* XXX bark? */ 373 } else { 374 ndopts->nd_opt_array[nd_opt->nd_opt_type] 375 = nd_opt; 376 } 377 break; 378 case ND_OPT_PREFIX_INFORMATION: 379 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 380 ndopts->nd_opt_array[nd_opt->nd_opt_type] 381 = nd_opt; 382 } 383 ndopts->nd_opts_pi_end = 384 (struct nd_opt_prefix_info *)nd_opt; 385 break; 386 default: 387 /* 388 * Unknown options must be silently ignored, 389 * to accomodate future extension to the protocol. 390 */ 391 nd6log((LOG_DEBUG, 392 "nd6_options: unsupported option %d - " 393 "option ignored\n", nd_opt->nd_opt_type)); 394 } 395 396 skip1: 397 i++; 398 if (i > nd6_maxndopt) { 399 icmp6stat.icp6s_nd_toomanyopt++; 400 nd6log((LOG_INFO, "too many loop in nd opt\n")); 401 break; 402 } 403 404 if (ndopts->nd_opts_done) 405 break; 406 } 407 408 return 0; 409 } 410 411 /* 412 * ND6 timer routine to expire default route list and prefix list 413 */ 414 void 415 nd6_timer(ignored_arg) 416 void *ignored_arg; 417 { 418 int s; 419 struct llinfo_nd6 *ln; 420 struct nd_defrouter *dr; 421 struct nd_prefix *pr; 422 struct ifnet *ifp; 423 struct in6_ifaddr *ia6, *nia6; 424 struct in6_addrlifetime *lt6; 425 426 s = splnet(); 427 callout_reset(&nd6_timer_ch, nd6_prune * hz, 428 nd6_timer, NULL); 429 430 ln = llinfo_nd6.ln_next; 431 /* XXX BSD/OS separates this code -- itojun */ 432 while (ln && ln != &llinfo_nd6) { 433 struct rtentry *rt; 434 struct sockaddr_in6 *dst; 435 struct llinfo_nd6 *next = ln->ln_next; 436 /* XXX: used for the DELAY case only: */ 437 struct nd_ifinfo *ndi = NULL; 438 439 if ((rt = ln->ln_rt) == NULL) { 440 ln = next; 441 continue; 442 } 443 if ((ifp = rt->rt_ifp) == NULL) { 444 ln = next; 445 continue; 446 } 447 ndi = &nd_ifinfo[ifp->if_index]; 448 dst = (struct sockaddr_in6 *)rt_key(rt); 449 450 if (ln->ln_expire > time_second) { 451 ln = next; 452 continue; 453 } 454 455 /* sanity check */ 456 if (!rt) 457 panic("rt=0 in nd6_timer(ln=%p)\n", ln); 458 if (rt->rt_llinfo && (struct llinfo_nd6 *)rt->rt_llinfo != ln) 459 panic("rt_llinfo(%p) is not equal to ln(%p)\n", 460 rt->rt_llinfo, ln); 461 if (!dst) 462 panic("dst=0 in nd6_timer(ln=%p)\n", ln); 463 464 switch (ln->ln_state) { 465 case ND6_LLINFO_INCOMPLETE: 466 if (ln->ln_asked < nd6_mmaxtries) { 467 ln->ln_asked++; 468 ln->ln_expire = time_second + 469 nd_ifinfo[ifp->if_index].retrans / 1000; 470 nd6_ns_output(ifp, NULL, &dst->sin6_addr, 471 ln, 0); 472 } else { 473 struct mbuf *m = ln->ln_hold; 474 if (m) { 475 if (rt->rt_ifp) { 476 /* 477 * Fake rcvif to make ICMP error 478 * more helpful in diagnosing 479 * for the receiver. 480 * XXX: should we consider 481 * older rcvif? 482 */ 483 m->m_pkthdr.rcvif = rt->rt_ifp; 484 } 485 icmp6_error(m, ICMP6_DST_UNREACH, 486 ICMP6_DST_UNREACH_ADDR, 0); 487 ln->ln_hold = NULL; 488 } 489 next = nd6_free(rt); 490 } 491 break; 492 case ND6_LLINFO_REACHABLE: 493 if (ln->ln_expire) { 494 ln->ln_state = ND6_LLINFO_STALE; 495 ln->ln_expire = time_second + nd6_gctimer; 496 } 497 break; 498 499 case ND6_LLINFO_STALE: 500 /* Garbage Collection(RFC 2461 5.3) */ 501 if (ln->ln_expire) 502 next = nd6_free(rt); 503 break; 504 505 case ND6_LLINFO_DELAY: 506 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) { 507 /* We need NUD */ 508 ln->ln_asked = 1; 509 ln->ln_state = ND6_LLINFO_PROBE; 510 ln->ln_expire = time_second + 511 ndi->retrans / 1000; 512 nd6_ns_output(ifp, &dst->sin6_addr, 513 &dst->sin6_addr, 514 ln, 0); 515 } else { 516 ln->ln_state = ND6_LLINFO_STALE; /* XXX */ 517 ln->ln_expire = time_second + nd6_gctimer; 518 } 519 break; 520 case ND6_LLINFO_PROBE: 521 if (ln->ln_asked < nd6_umaxtries) { 522 ln->ln_asked++; 523 ln->ln_expire = time_second + 524 nd_ifinfo[ifp->if_index].retrans / 1000; 525 nd6_ns_output(ifp, &dst->sin6_addr, 526 &dst->sin6_addr, ln, 0); 527 } else { 528 next = nd6_free(rt); 529 } 530 break; 531 } 532 ln = next; 533 } 534 535 /* expire default router list */ 536 dr = TAILQ_FIRST(&nd_defrouter); 537 while (dr) { 538 if (dr->expire && dr->expire < time_second) { 539 struct nd_defrouter *t; 540 t = TAILQ_NEXT(dr, dr_entry); 541 defrtrlist_del(dr); 542 dr = t; 543 } else { 544 dr = TAILQ_NEXT(dr, dr_entry); 545 } 546 } 547 548 /* 549 * expire interface addresses. 550 * in the past the loop was inside prefix expiry processing. 551 * However, from a stricter speci-confrmance standpoint, we should 552 * rather separate address lifetimes and prefix lifetimes. 553 */ 554 addrloop: 555 for (ia6 = in6_ifaddr; ia6; ia6 = nia6) { 556 nia6 = ia6->ia_next; 557 /* check address lifetime */ 558 lt6 = &ia6->ia6_lifetime; 559 if (IFA6_IS_INVALID(ia6)) { 560 int regen = 0; 561 562 /* 563 * If the expiring address is temporary, try 564 * regenerating a new one. This would be useful when 565 * we suspended a laptop PC, then turned on after a 566 * period that could invalidate all temporary 567 * addresses. Although we may have to restart the 568 * loop (see below), it must be after purging the 569 * address. Otherwise, we'd see an infinite loop of 570 * regeneration. 571 */ 572 if (ip6_use_tempaddr && 573 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) { 574 if (regen_tmpaddr(ia6) == 0) 575 regen = 1; 576 } 577 578 in6_purgeaddr(&ia6->ia_ifa); 579 580 if (regen) 581 goto addrloop; /* XXX: see below */ 582 } else if (IFA6_IS_DEPRECATED(ia6)) { 583 int oldflags = ia6->ia6_flags; 584 585 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 586 587 /* 588 * If a temporary address has just become deprecated, 589 * regenerate a new one if possible. 590 */ 591 if (ip6_use_tempaddr && 592 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 593 (oldflags & IN6_IFF_DEPRECATED) == 0) { 594 595 if (regen_tmpaddr(ia6) == 0) { 596 /* 597 * A new temporary address is 598 * generated. 599 * XXX: this means the address chain 600 * has changed while we are still in 601 * the loop. Although the change 602 * would not cause disaster (because 603 * it's not an addition, but a 604 * deletion,) we'd rather restart the 605 * loop just for safety. Or does this 606 * significantly reduce performance?? 607 */ 608 goto addrloop; 609 } 610 } 611 } else if (IFA6_IS_DEPRECATED(ia6)) { 612 /* 613 * A new RA might have made a deprecated address 614 * preferred. 615 */ 616 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 617 } 618 } 619 620 /* expire prefix list */ 621 pr = nd_prefix.lh_first; 622 while (pr) { 623 /* 624 * check prefix lifetime. 625 * since pltime is just for autoconf, pltime processing for 626 * prefix is not necessary. 627 * 628 * we offset expire time by NDPR_KEEP_EXPIRE, so that we 629 * can use the old prefix information to validate the 630 * next prefix information to come. See prelist_update() 631 * for actual validation. 632 * 633 * I don't think such an offset is necessary. 634 * (jinmei@kame.net, 20010130). 635 */ 636 if (pr->ndpr_expire && pr->ndpr_expire < time_second) { 637 struct nd_prefix *t; 638 t = pr->ndpr_next; 639 640 /* 641 * address expiration and prefix expiration are 642 * separate. NEVER perform in6_purgeaddr here. 643 */ 644 645 prelist_remove(pr); 646 pr = t; 647 } else 648 pr = pr->ndpr_next; 649 } 650 splx(s); 651 } 652 653 static int 654 regen_tmpaddr(ia6) 655 struct in6_ifaddr *ia6; /* deprecated/invalidated temporary address */ 656 { 657 struct ifaddr *ifa; 658 struct ifnet *ifp; 659 struct in6_ifaddr *public_ifa6 = NULL; 660 661 ifp = ia6->ia_ifa.ifa_ifp; 662 for (ifa = ifp->if_addrlist.tqh_first; ifa; 663 ifa = ifa->ifa_list.tqe_next) 664 { 665 struct in6_ifaddr *it6; 666 667 if (ifa->ifa_addr->sa_family != AF_INET6) 668 continue; 669 670 it6 = (struct in6_ifaddr *)ifa; 671 672 /* ignore no autoconf addresses. */ 673 if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0) 674 continue; 675 676 /* ignore autoconf addresses with different prefixes. */ 677 if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr) 678 continue; 679 680 /* 681 * Now we are looking at an autoconf address with the same 682 * prefix as ours. If the address is temporary and is still 683 * preferred, do not create another one. It would be rare, but 684 * could happen, for example, when we resume a laptop PC after 685 * a long period. 686 */ 687 if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 688 !IFA6_IS_DEPRECATED(it6)) { 689 public_ifa6 = NULL; 690 break; 691 } 692 693 /* 694 * This is a public autoconf address that has the same prefix 695 * as ours. If it is preferred, keep it. We can't break the 696 * loop here, because there may be a still-preferred temporary 697 * address with the prefix. 698 */ 699 if (!IFA6_IS_DEPRECATED(it6)) 700 public_ifa6 = it6; 701 } 702 703 if (public_ifa6 != NULL) { 704 int e; 705 706 if ((e = in6_tmpifadd(public_ifa6, 0)) != 0) { 707 log(LOG_NOTICE, "regen_tmpaddr: failed to create a new" 708 " tmp addr,errno=%d\n", e); 709 return(-1); 710 } 711 return(0); 712 } 713 714 return(-1); 715 } 716 717 /* 718 * Nuke neighbor cache/prefix/default router management table, right before 719 * ifp goes away. 720 */ 721 void 722 nd6_purge(ifp) 723 struct ifnet *ifp; 724 { 725 struct llinfo_nd6 *ln, *nln; 726 struct nd_defrouter *dr, *ndr, drany; 727 struct nd_prefix *pr, *npr; 728 729 /* Nuke default router list entries toward ifp */ 730 if ((dr = TAILQ_FIRST(&nd_defrouter)) != NULL) { 731 /* 732 * The first entry of the list may be stored in 733 * the routing table, so we'll delete it later. 734 */ 735 for (dr = TAILQ_NEXT(dr, dr_entry); dr; dr = ndr) { 736 ndr = TAILQ_NEXT(dr, dr_entry); 737 if (dr->ifp == ifp) 738 defrtrlist_del(dr); 739 } 740 dr = TAILQ_FIRST(&nd_defrouter); 741 if (dr->ifp == ifp) 742 defrtrlist_del(dr); 743 } 744 745 /* Nuke prefix list entries toward ifp */ 746 for (pr = nd_prefix.lh_first; pr; pr = npr) { 747 npr = pr->ndpr_next; 748 if (pr->ndpr_ifp == ifp) { 749 /* 750 * Previously, pr->ndpr_addr is removed as well, 751 * but I strongly believe we don't have to do it. 752 * nd6_purge() is only called from in6_ifdetach(), 753 * which removes all the associated interface addresses 754 * by itself. 755 * (jinmei@kame.net 20010129) 756 */ 757 prelist_remove(pr); 758 } 759 } 760 761 /* cancel default outgoing interface setting */ 762 if (nd6_defifindex == ifp->if_index) 763 nd6_setdefaultiface(0); 764 765 if (!ip6_forwarding && ip6_accept_rtadv) { /* XXX: too restrictive? */ 766 /* refresh default router list */ 767 bzero(&drany, sizeof(drany)); 768 defrouter_delreq(&drany, 0); 769 defrouter_select(); 770 } 771 772 /* 773 * Nuke neighbor cache entries for the ifp. 774 * Note that rt->rt_ifp may not be the same as ifp, 775 * due to KAME goto ours hack. See RTM_RESOLVE case in 776 * nd6_rtrequest(), and ip6_input(). 777 */ 778 ln = llinfo_nd6.ln_next; 779 while (ln && ln != &llinfo_nd6) { 780 struct rtentry *rt; 781 struct sockaddr_dl *sdl; 782 783 nln = ln->ln_next; 784 rt = ln->ln_rt; 785 if (rt && rt->rt_gateway && 786 rt->rt_gateway->sa_family == AF_LINK) { 787 sdl = (struct sockaddr_dl *)rt->rt_gateway; 788 if (sdl->sdl_index == ifp->if_index) 789 nln = nd6_free(rt); 790 } 791 ln = nln; 792 } 793 } 794 795 struct rtentry * 796 nd6_lookup(addr6, create, ifp) 797 struct in6_addr *addr6; 798 int create; 799 struct ifnet *ifp; 800 { 801 struct rtentry *rt; 802 struct sockaddr_in6 sin6; 803 804 bzero(&sin6, sizeof(sin6)); 805 sin6.sin6_len = sizeof(struct sockaddr_in6); 806 sin6.sin6_family = AF_INET6; 807 sin6.sin6_addr = *addr6; 808 #ifdef SCOPEDROUTING 809 sin6.sin6_scope_id = in6_addr2scopeid(ifp, addr6); 810 #endif 811 rt = rtalloc1((struct sockaddr *)&sin6, create, 0UL); 812 if (rt && (rt->rt_flags & RTF_LLINFO) == 0) { 813 /* 814 * This is the case for the default route. 815 * If we want to create a neighbor cache for the address, we 816 * should free the route for the destination and allocate an 817 * interface route. 818 */ 819 if (create) { 820 RTFREE(rt); 821 rt = 0; 822 } 823 } 824 if (!rt) { 825 if (create && ifp) { 826 int e; 827 828 /* 829 * If no route is available and create is set, 830 * we allocate a host route for the destination 831 * and treat it like an interface route. 832 * This hack is necessary for a neighbor which can't 833 * be covered by our own prefix. 834 */ 835 struct ifaddr *ifa = 836 ifaof_ifpforaddr((struct sockaddr *)&sin6, ifp); 837 if (ifa == NULL) 838 return(NULL); 839 840 /* 841 * Create a new route. RTF_LLINFO is necessary 842 * to create a Neighbor Cache entry for the 843 * destination in nd6_rtrequest which will be 844 * called in rtequest via ifa->ifa_rtrequest. 845 */ 846 if ((e = rtrequest(RTM_ADD, (struct sockaddr *)&sin6, 847 ifa->ifa_addr, 848 (struct sockaddr *)&all1_sa, 849 (ifa->ifa_flags | 850 RTF_HOST | RTF_LLINFO) & 851 ~RTF_CLONING, 852 &rt)) != 0) 853 log(LOG_ERR, 854 "nd6_lookup: failed to add route for a " 855 "neighbor(%s), errno=%d\n", 856 ip6_sprintf(addr6), e); 857 if (rt == NULL) 858 return(NULL); 859 if (rt->rt_llinfo) { 860 struct llinfo_nd6 *ln = 861 (struct llinfo_nd6 *)rt->rt_llinfo; 862 ln->ln_state = ND6_LLINFO_NOSTATE; 863 } 864 } else 865 return(NULL); 866 } 867 rt->rt_refcnt--; 868 /* 869 * Validation for the entry. 870 * XXX: we can't use rt->rt_ifp to check for the interface, since 871 * it might be the loopback interface if the entry is for our 872 * own address on a non-loopback interface. Instead, we should 873 * use rt->rt_ifa->ifa_ifp, which would specify the REAL interface. 874 */ 875 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || 876 rt->rt_gateway->sa_family != AF_LINK || 877 (ifp && rt->rt_ifa->ifa_ifp != ifp)) { 878 if (create) { 879 log(LOG_DEBUG, "nd6_lookup: failed to lookup %s (if = %s)\n", 880 ip6_sprintf(addr6), ifp ? if_name(ifp) : "unspec"); 881 /* xxx more logs... kazu */ 882 } 883 return(0); 884 } 885 return(rt); 886 } 887 888 /* 889 * Detect if a given IPv6 address identifies a neighbor on a given link. 890 * XXX: should take care of the destination of a p2p link? 891 */ 892 int 893 nd6_is_addr_neighbor(addr, ifp) 894 struct sockaddr_in6 *addr; 895 struct ifnet *ifp; 896 { 897 struct ifaddr *ifa; 898 int i; 899 900 #define IFADDR6(a) ((((struct in6_ifaddr *)(a))->ia_addr).sin6_addr) 901 #define IFMASK6(a) ((((struct in6_ifaddr *)(a))->ia_prefixmask).sin6_addr) 902 903 /* 904 * A link-local address is always a neighbor. 905 * XXX: we should use the sin6_scope_id field rather than the embedded 906 * interface index. 907 */ 908 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) && 909 ntohs(*(u_int16_t *)&addr->sin6_addr.s6_addr[2]) == ifp->if_index) 910 return(1); 911 912 /* 913 * If the address matches one of our addresses, 914 * it should be a neighbor. 915 */ 916 for (ifa = ifp->if_addrlist.tqh_first; 917 ifa; 918 ifa = ifa->ifa_list.tqe_next) 919 { 920 if (ifa->ifa_addr->sa_family != AF_INET6) 921 next: continue; 922 923 for (i = 0; i < 4; i++) { 924 if ((IFADDR6(ifa).s6_addr32[i] ^ 925 addr->sin6_addr.s6_addr32[i]) & 926 IFMASK6(ifa).s6_addr32[i]) 927 goto next; 928 } 929 return(1); 930 } 931 932 /* 933 * Even if the address matches none of our addresses, it might be 934 * in the neighbor cache. 935 */ 936 if (nd6_lookup(&addr->sin6_addr, 0, ifp)) 937 return(1); 938 939 return(0); 940 #undef IFADDR6 941 #undef IFMASK6 942 } 943 944 /* 945 * Free an nd6 llinfo entry. 946 */ 947 struct llinfo_nd6 * 948 nd6_free(rt) 949 struct rtentry *rt; 950 { 951 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo, *next; 952 struct in6_addr in6 = ((struct sockaddr_in6 *)rt_key(rt))->sin6_addr; 953 struct nd_defrouter *dr; 954 955 /* 956 * we used to have pfctlinput(PRC_HOSTDEAD) here. 957 * even though it is not harmful, it was not really necessary. 958 */ 959 960 if (!ip6_forwarding && ip6_accept_rtadv) { /* XXX: too restrictive? */ 961 int s; 962 s = splnet(); 963 dr = defrouter_lookup(&((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 964 rt->rt_ifp); 965 966 if (ln->ln_router || dr) { 967 /* 968 * rt6_flush must be called whether or not the neighbor 969 * is in the Default Router List. 970 * See a corresponding comment in nd6_na_input(). 971 */ 972 rt6_flush(&in6, rt->rt_ifp); 973 } 974 975 if (dr) { 976 /* 977 * Unreachablity of a router might affect the default 978 * router selection and on-link detection of advertised 979 * prefixes. 980 */ 981 982 /* 983 * Temporarily fake the state to choose a new default 984 * router and to perform on-link determination of 985 * prefixes coreectly. 986 * Below the state will be set correctly, 987 * or the entry itself will be deleted. 988 */ 989 ln->ln_state = ND6_LLINFO_INCOMPLETE; 990 991 /* 992 * Since defrouter_select() does not affect the 993 * on-link determination and MIP6 needs the check 994 * before the default router selection, we perform 995 * the check now. 996 */ 997 pfxlist_onlink_check(); 998 999 if (dr == TAILQ_FIRST(&nd_defrouter)) { 1000 /* 1001 * It is used as the current default router, 1002 * so we have to move it to the end of the 1003 * list and choose a new one. 1004 * XXX: it is not very efficient if this is 1005 * the only router. 1006 */ 1007 TAILQ_REMOVE(&nd_defrouter, dr, dr_entry); 1008 TAILQ_INSERT_TAIL(&nd_defrouter, dr, dr_entry); 1009 1010 defrouter_select(); 1011 } 1012 } 1013 splx(s); 1014 } 1015 1016 /* 1017 * Before deleting the entry, remember the next entry as the 1018 * return value. We need this because pfxlist_onlink_check() above 1019 * might have freed other entries (particularly the old next entry) as 1020 * a side effect (XXX). 1021 */ 1022 next = ln->ln_next; 1023 1024 /* 1025 * Detach the route from the routing tree and the list of neighbor 1026 * caches, and disable the route entry not to be used in already 1027 * cached routes. 1028 */ 1029 rtrequest(RTM_DELETE, rt_key(rt), (struct sockaddr *)0, 1030 rt_mask(rt), 0, (struct rtentry **)0); 1031 1032 return(next); 1033 } 1034 1035 /* 1036 * Upper-layer reachability hint for Neighbor Unreachability Detection. 1037 * 1038 * XXX cost-effective metods? 1039 */ 1040 void 1041 nd6_nud_hint(rt, dst6, force) 1042 struct rtentry *rt; 1043 struct in6_addr *dst6; 1044 int force; 1045 { 1046 struct llinfo_nd6 *ln; 1047 1048 /* 1049 * If the caller specified "rt", use that. Otherwise, resolve the 1050 * routing table by supplied "dst6". 1051 */ 1052 if (!rt) { 1053 if (!dst6) 1054 return; 1055 if (!(rt = nd6_lookup(dst6, 0, NULL))) 1056 return; 1057 } 1058 1059 if ((rt->rt_flags & RTF_GATEWAY) != 0 || 1060 (rt->rt_flags & RTF_LLINFO) == 0 || 1061 !rt->rt_llinfo || !rt->rt_gateway || 1062 rt->rt_gateway->sa_family != AF_LINK) { 1063 /* This is not a host route. */ 1064 return; 1065 } 1066 1067 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1068 if (ln->ln_state < ND6_LLINFO_REACHABLE) 1069 return; 1070 1071 /* 1072 * if we get upper-layer reachability confirmation many times, 1073 * it is possible we have false information. 1074 */ 1075 if (!force) { 1076 ln->ln_byhint++; 1077 if (ln->ln_byhint > nd6_maxnudhint) 1078 return; 1079 } 1080 1081 ln->ln_state = ND6_LLINFO_REACHABLE; 1082 if (ln->ln_expire) 1083 ln->ln_expire = time_second + 1084 nd_ifinfo[rt->rt_ifp->if_index].reachable; 1085 } 1086 1087 void 1088 nd6_rtrequest(req, rt, sa) 1089 int req; 1090 struct rtentry *rt; 1091 struct sockaddr *sa; /* xxx unused */ 1092 { 1093 struct sockaddr *gate = rt->rt_gateway; 1094 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1095 static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK}; 1096 struct ifnet *ifp = rt->rt_ifp; 1097 struct ifaddr *ifa; 1098 1099 if (rt->rt_flags & RTF_GATEWAY) 1100 return; 1101 1102 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 1103 /* 1104 * This is probably an interface direct route for a link 1105 * which does not need neighbor caches (e.g. fe80::%lo0/64). 1106 * We do not need special treatment below for such a route. 1107 * Moreover, the RTF_LLINFO flag which would be set below 1108 * would annoy the ndp(8) command. 1109 */ 1110 return; 1111 } 1112 1113 switch (req) { 1114 case RTM_ADD: 1115 /* 1116 * There is no backward compatibility :) 1117 * 1118 * if ((rt->rt_flags & RTF_HOST) == 0 && 1119 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 1120 * rt->rt_flags |= RTF_CLONING; 1121 */ 1122 if (rt->rt_flags & (RTF_CLONING | RTF_LLINFO)) { 1123 /* 1124 * Case 1: This route should come from 1125 * a route to interface. RTF_LLINFO flag is set 1126 * for a host route whose destination should be 1127 * treated as on-link. 1128 */ 1129 rt_setgate(rt, rt_key(rt), 1130 (struct sockaddr *)&null_sdl); 1131 gate = rt->rt_gateway; 1132 SDL(gate)->sdl_type = ifp->if_type; 1133 SDL(gate)->sdl_index = ifp->if_index; 1134 if (ln) 1135 ln->ln_expire = time_second; 1136 #if 1 1137 if (ln && ln->ln_expire == 0) { 1138 /* kludge for desktops */ 1139 #if 0 1140 printf("nd6_request: time.tv_sec is zero; " 1141 "treat it as 1\n"); 1142 #endif 1143 ln->ln_expire = 1; 1144 } 1145 #endif 1146 if (rt->rt_flags & RTF_CLONING) 1147 break; 1148 } 1149 /* 1150 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here. 1151 * We don't do that here since llinfo is not ready yet. 1152 * 1153 * There are also couple of other things to be discussed: 1154 * - unsolicited NA code needs improvement beforehand 1155 * - RFC2461 says we MAY send multicast unsolicited NA 1156 * (7.2.6 paragraph 4), however, it also says that we 1157 * SHOULD provide a mechanism to prevent multicast NA storm. 1158 * we don't have anything like it right now. 1159 * note that the mechanism needs a mutual agreement 1160 * between proxies, which means that we need to implement 1161 * a new protocol, or a new kludge. 1162 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 1163 * we need to check ip6forwarding before sending it. 1164 * (or should we allow proxy ND configuration only for 1165 * routers? there's no mention about proxy ND from hosts) 1166 */ 1167 #if 0 1168 /* XXX it does not work */ 1169 if (rt->rt_flags & RTF_ANNOUNCE) 1170 nd6_na_output(ifp, 1171 &SIN6(rt_key(rt))->sin6_addr, 1172 &SIN6(rt_key(rt))->sin6_addr, 1173 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 1174 1, NULL); 1175 #endif 1176 /* FALLTHROUGH */ 1177 case RTM_RESOLVE: 1178 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) { 1179 /* 1180 * Address resolution isn't necessary for a point to 1181 * point link, so we can skip this test for a p2p link. 1182 */ 1183 if (gate->sa_family != AF_LINK || 1184 gate->sa_len < sizeof(null_sdl)) { 1185 log(LOG_DEBUG, 1186 "nd6_rtrequest: bad gateway value: %s\n", 1187 if_name(ifp)); 1188 break; 1189 } 1190 SDL(gate)->sdl_type = ifp->if_type; 1191 SDL(gate)->sdl_index = ifp->if_index; 1192 } 1193 if (ln != NULL) 1194 break; /* This happens on a route change */ 1195 /* 1196 * Case 2: This route may come from cloning, or a manual route 1197 * add with a LL address. 1198 */ 1199 R_Malloc(ln, struct llinfo_nd6 *, sizeof(*ln)); 1200 rt->rt_llinfo = (caddr_t)ln; 1201 if (!ln) { 1202 log(LOG_DEBUG, "nd6_rtrequest: malloc failed\n"); 1203 break; 1204 } 1205 nd6_inuse++; 1206 nd6_allocated++; 1207 Bzero(ln, sizeof(*ln)); 1208 ln->ln_rt = rt; 1209 /* this is required for "ndp" command. - shin */ 1210 if (req == RTM_ADD) { 1211 /* 1212 * gate should have some valid AF_LINK entry, 1213 * and ln->ln_expire should have some lifetime 1214 * which is specified by ndp command. 1215 */ 1216 ln->ln_state = ND6_LLINFO_REACHABLE; 1217 ln->ln_byhint = 0; 1218 } else { 1219 /* 1220 * When req == RTM_RESOLVE, rt is created and 1221 * initialized in rtrequest(), so rt_expire is 0. 1222 */ 1223 ln->ln_state = ND6_LLINFO_NOSTATE; 1224 ln->ln_expire = time_second; 1225 } 1226 rt->rt_flags |= RTF_LLINFO; 1227 ln->ln_next = llinfo_nd6.ln_next; 1228 llinfo_nd6.ln_next = ln; 1229 ln->ln_prev = &llinfo_nd6; 1230 ln->ln_next->ln_prev = ln; 1231 1232 /* 1233 * check if rt_key(rt) is one of my address assigned 1234 * to the interface. 1235 */ 1236 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(rt->rt_ifp, 1237 &SIN6(rt_key(rt))->sin6_addr); 1238 if (ifa) { 1239 caddr_t macp = nd6_ifptomac(ifp); 1240 ln->ln_expire = 0; 1241 ln->ln_state = ND6_LLINFO_REACHABLE; 1242 ln->ln_byhint = 0; 1243 if (macp) { 1244 Bcopy(macp, LLADDR(SDL(gate)), ifp->if_addrlen); 1245 SDL(gate)->sdl_alen = ifp->if_addrlen; 1246 } 1247 if (nd6_useloopback) { 1248 rt->rt_ifp = &loif[0]; /*XXX*/ 1249 /* 1250 * Make sure rt_ifa be equal to the ifaddr 1251 * corresponding to the address. 1252 * We need this because when we refer 1253 * rt_ifa->ia6_flags in ip6_input, we assume 1254 * that the rt_ifa points to the address instead 1255 * of the loopback address. 1256 */ 1257 if (ifa != rt->rt_ifa) { 1258 IFAFREE(rt->rt_ifa); 1259 IFAREF(ifa); 1260 rt->rt_ifa = ifa; 1261 } 1262 } 1263 } else if (rt->rt_flags & RTF_ANNOUNCE) { 1264 ln->ln_expire = 0; 1265 ln->ln_state = ND6_LLINFO_REACHABLE; 1266 ln->ln_byhint = 0; 1267 1268 /* join solicited node multicast for proxy ND */ 1269 if (ifp->if_flags & IFF_MULTICAST) { 1270 struct in6_addr llsol; 1271 int error; 1272 1273 llsol = SIN6(rt_key(rt))->sin6_addr; 1274 llsol.s6_addr16[0] = htons(0xff02); 1275 llsol.s6_addr16[1] = htons(ifp->if_index); 1276 llsol.s6_addr32[1] = 0; 1277 llsol.s6_addr32[2] = htonl(1); 1278 llsol.s6_addr8[12] = 0xff; 1279 1280 if (!in6_addmulti(&llsol, ifp, &error)) { 1281 nd6log((LOG_ERR, "%s: failed to join " 1282 "%s (errno=%d)\n", if_name(ifp), 1283 ip6_sprintf(&llsol), error)); 1284 } 1285 } 1286 } 1287 break; 1288 1289 case RTM_DELETE: 1290 if (!ln) 1291 break; 1292 /* leave from solicited node multicast for proxy ND */ 1293 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 1294 (ifp->if_flags & IFF_MULTICAST) != 0) { 1295 struct in6_addr llsol; 1296 struct in6_multi *in6m; 1297 1298 llsol = SIN6(rt_key(rt))->sin6_addr; 1299 llsol.s6_addr16[0] = htons(0xff02); 1300 llsol.s6_addr16[1] = htons(ifp->if_index); 1301 llsol.s6_addr32[1] = 0; 1302 llsol.s6_addr32[2] = htonl(1); 1303 llsol.s6_addr8[12] = 0xff; 1304 1305 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 1306 if (in6m) 1307 in6_delmulti(in6m); 1308 } 1309 nd6_inuse--; 1310 ln->ln_next->ln_prev = ln->ln_prev; 1311 ln->ln_prev->ln_next = ln->ln_next; 1312 ln->ln_prev = NULL; 1313 rt->rt_llinfo = 0; 1314 rt->rt_flags &= ~RTF_LLINFO; 1315 if (ln->ln_hold) 1316 m_freem(ln->ln_hold); 1317 Free((caddr_t)ln); 1318 } 1319 } 1320 1321 int 1322 nd6_ioctl(cmd, data, ifp) 1323 u_long cmd; 1324 caddr_t data; 1325 struct ifnet *ifp; 1326 { 1327 struct in6_drlist *drl = (struct in6_drlist *)data; 1328 struct in6_prlist *prl = (struct in6_prlist *)data; 1329 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1330 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1331 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1332 struct nd_defrouter *dr, any; 1333 struct nd_prefix *pr; 1334 struct rtentry *rt; 1335 int i = 0, error = 0; 1336 int s; 1337 1338 switch (cmd) { 1339 case SIOCGDRLST_IN6: 1340 /* 1341 * obsolete API, use sysctl under net.inet6.icmp6 1342 */ 1343 bzero(drl, sizeof(*drl)); 1344 s = splnet(); 1345 dr = TAILQ_FIRST(&nd_defrouter); 1346 while (dr && i < DRLSTSIZ) { 1347 drl->defrouter[i].rtaddr = dr->rtaddr; 1348 if (IN6_IS_ADDR_LINKLOCAL(&drl->defrouter[i].rtaddr)) { 1349 /* XXX: need to this hack for KAME stack */ 1350 drl->defrouter[i].rtaddr.s6_addr16[1] = 0; 1351 } else 1352 log(LOG_ERR, 1353 "default router list contains a " 1354 "non-linklocal address(%s)\n", 1355 ip6_sprintf(&drl->defrouter[i].rtaddr)); 1356 1357 drl->defrouter[i].flags = dr->flags; 1358 drl->defrouter[i].rtlifetime = dr->rtlifetime; 1359 drl->defrouter[i].expire = dr->expire; 1360 drl->defrouter[i].if_index = dr->ifp->if_index; 1361 i++; 1362 dr = TAILQ_NEXT(dr, dr_entry); 1363 } 1364 splx(s); 1365 break; 1366 case SIOCGPRLST_IN6: 1367 /* 1368 * obsolete API, use sysctl under net.inet6.icmp6 1369 */ 1370 /* 1371 * XXX meaning of fields, especialy "raflags", is very 1372 * differnet between RA prefix list and RR/static prefix list. 1373 * how about separating ioctls into two? 1374 */ 1375 bzero(prl, sizeof(*prl)); 1376 s = splnet(); 1377 pr = nd_prefix.lh_first; 1378 while (pr && i < PRLSTSIZ) { 1379 struct nd_pfxrouter *pfr; 1380 int j; 1381 1382 (void)in6_embedscope(&prl->prefix[i].prefix, 1383 &pr->ndpr_prefix, NULL, NULL); 1384 prl->prefix[i].raflags = pr->ndpr_raf; 1385 prl->prefix[i].prefixlen = pr->ndpr_plen; 1386 prl->prefix[i].vltime = pr->ndpr_vltime; 1387 prl->prefix[i].pltime = pr->ndpr_pltime; 1388 prl->prefix[i].if_index = pr->ndpr_ifp->if_index; 1389 prl->prefix[i].expire = pr->ndpr_expire; 1390 1391 pfr = pr->ndpr_advrtrs.lh_first; 1392 j = 0; 1393 while (pfr) { 1394 if (j < DRLSTSIZ) { 1395 #define RTRADDR prl->prefix[i].advrtr[j] 1396 RTRADDR = pfr->router->rtaddr; 1397 if (IN6_IS_ADDR_LINKLOCAL(&RTRADDR)) { 1398 /* XXX: hack for KAME */ 1399 RTRADDR.s6_addr16[1] = 0; 1400 } else 1401 log(LOG_ERR, 1402 "a router(%s) advertises " 1403 "a prefix with " 1404 "non-link local address\n", 1405 ip6_sprintf(&RTRADDR)); 1406 #undef RTRADDR 1407 } 1408 j++; 1409 pfr = pfr->pfr_next; 1410 } 1411 prl->prefix[i].advrtrs = j; 1412 prl->prefix[i].origin = PR_ORIG_RA; 1413 1414 i++; 1415 pr = pr->ndpr_next; 1416 } 1417 { 1418 struct rr_prefix *rpp; 1419 1420 for (rpp = LIST_FIRST(&rr_prefix); rpp; 1421 rpp = LIST_NEXT(rpp, rp_entry)) { 1422 if (i >= PRLSTSIZ) 1423 break; 1424 (void)in6_embedscope(&prl->prefix[i].prefix, 1425 &pr->ndpr_prefix, NULL, NULL); 1426 prl->prefix[i].raflags = rpp->rp_raf; 1427 prl->prefix[i].prefixlen = rpp->rp_plen; 1428 prl->prefix[i].vltime = rpp->rp_vltime; 1429 prl->prefix[i].pltime = rpp->rp_pltime; 1430 prl->prefix[i].if_index = rpp->rp_ifp->if_index; 1431 prl->prefix[i].expire = rpp->rp_expire; 1432 prl->prefix[i].advrtrs = 0; 1433 prl->prefix[i].origin = rpp->rp_origin; 1434 i++; 1435 } 1436 } 1437 splx(s); 1438 1439 break; 1440 case OSIOCGIFINFO_IN6: 1441 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) { 1442 error = EINVAL; 1443 break; 1444 } 1445 ndi->ndi.linkmtu = nd_ifinfo[ifp->if_index].linkmtu; 1446 ndi->ndi.maxmtu = nd_ifinfo[ifp->if_index].maxmtu; 1447 ndi->ndi.basereachable = 1448 nd_ifinfo[ifp->if_index].basereachable; 1449 ndi->ndi.reachable = nd_ifinfo[ifp->if_index].reachable; 1450 ndi->ndi.retrans = nd_ifinfo[ifp->if_index].retrans; 1451 ndi->ndi.flags = nd_ifinfo[ifp->if_index].flags; 1452 ndi->ndi.recalctm = nd_ifinfo[ifp->if_index].recalctm; 1453 ndi->ndi.chlim = nd_ifinfo[ifp->if_index].chlim; 1454 ndi->ndi.receivedra = nd_ifinfo[ifp->if_index].receivedra; 1455 break; 1456 case SIOCGIFINFO_IN6: 1457 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) { 1458 error = EINVAL; 1459 break; 1460 } 1461 ndi->ndi = nd_ifinfo[ifp->if_index]; 1462 break; 1463 case SIOCSIFINFO_FLAGS: 1464 /* XXX: almost all other fields of ndi->ndi is unused */ 1465 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) { 1466 error = EINVAL; 1467 break; 1468 } 1469 nd_ifinfo[ifp->if_index].flags = ndi->ndi.flags; 1470 break; 1471 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1472 /* flush default router list */ 1473 /* 1474 * xxx sumikawa: should not delete route if default 1475 * route equals to the top of default router list 1476 */ 1477 bzero(&any, sizeof(any)); 1478 defrouter_delreq(&any, 0); 1479 defrouter_select(); 1480 /* xxx sumikawa: flush prefix list */ 1481 break; 1482 case SIOCSPFXFLUSH_IN6: 1483 { 1484 /* flush all the prefix advertised by routers */ 1485 struct nd_prefix *pr, *next; 1486 1487 s = splnet(); 1488 for (pr = nd_prefix.lh_first; pr; pr = next) { 1489 struct in6_ifaddr *ia, *ia_next; 1490 1491 next = pr->ndpr_next; 1492 1493 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1494 continue; /* XXX */ 1495 1496 /* do we really have to remove addresses as well? */ 1497 for (ia = in6_ifaddr; ia; ia = ia_next) { 1498 /* ia might be removed. keep the next ptr. */ 1499 ia_next = ia->ia_next; 1500 1501 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1502 continue; 1503 1504 if (ia->ia6_ndpr == pr) 1505 in6_purgeaddr(&ia->ia_ifa); 1506 } 1507 prelist_remove(pr); 1508 } 1509 splx(s); 1510 break; 1511 } 1512 case SIOCSRTRFLUSH_IN6: 1513 { 1514 /* flush all the default routers */ 1515 struct nd_defrouter *dr, *next; 1516 1517 s = splnet(); 1518 if ((dr = TAILQ_FIRST(&nd_defrouter)) != NULL) { 1519 /* 1520 * The first entry of the list may be stored in 1521 * the routing table, so we'll delete it later. 1522 */ 1523 for (dr = TAILQ_NEXT(dr, dr_entry); dr; dr = next) { 1524 next = TAILQ_NEXT(dr, dr_entry); 1525 defrtrlist_del(dr); 1526 } 1527 defrtrlist_del(TAILQ_FIRST(&nd_defrouter)); 1528 } 1529 splx(s); 1530 break; 1531 } 1532 case SIOCGNBRINFO_IN6: 1533 { 1534 struct llinfo_nd6 *ln; 1535 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1536 1537 /* 1538 * XXX: KAME specific hack for scoped addresses 1539 * XXXX: for other scopes than link-local? 1540 */ 1541 if (IN6_IS_ADDR_LINKLOCAL(&nbi->addr) || 1542 IN6_IS_ADDR_MC_LINKLOCAL(&nbi->addr)) { 1543 u_int16_t *idp = (u_int16_t *)&nb_addr.s6_addr[2]; 1544 1545 if (*idp == 0) 1546 *idp = htons(ifp->if_index); 1547 } 1548 1549 s = splnet(); 1550 if ((rt = nd6_lookup(&nb_addr, 0, ifp)) == NULL) { 1551 error = EINVAL; 1552 splx(s); 1553 break; 1554 } 1555 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1556 nbi->state = ln->ln_state; 1557 nbi->asked = ln->ln_asked; 1558 nbi->isrouter = ln->ln_router; 1559 nbi->expire = ln->ln_expire; 1560 splx(s); 1561 1562 break; 1563 } 1564 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1565 ndif->ifindex = nd6_defifindex; 1566 break; 1567 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1568 return(nd6_setdefaultiface(ndif->ifindex)); 1569 break; 1570 } 1571 return(error); 1572 } 1573 1574 /* 1575 * Create neighbor cache entry and cache link-layer address, 1576 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1577 */ 1578 struct rtentry * 1579 nd6_cache_lladdr(ifp, from, lladdr, lladdrlen, type, code) 1580 struct ifnet *ifp; 1581 struct in6_addr *from; 1582 char *lladdr; 1583 int lladdrlen; 1584 int type; /* ICMP6 type */ 1585 int code; /* type dependent information */ 1586 { 1587 struct rtentry *rt = NULL; 1588 struct llinfo_nd6 *ln = NULL; 1589 int is_newentry; 1590 struct sockaddr_dl *sdl = NULL; 1591 int do_update; 1592 int olladdr; 1593 int llchange; 1594 int newstate = 0; 1595 1596 if (!ifp) 1597 panic("ifp == NULL in nd6_cache_lladdr"); 1598 if (!from) 1599 panic("from == NULL in nd6_cache_lladdr"); 1600 1601 /* nothing must be updated for unspecified address */ 1602 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1603 return NULL; 1604 1605 /* 1606 * Validation about ifp->if_addrlen and lladdrlen must be done in 1607 * the caller. 1608 * 1609 * XXX If the link does not have link-layer adderss, what should 1610 * we do? (ifp->if_addrlen == 0) 1611 * Spec says nothing in sections for RA, RS and NA. There's small 1612 * description on it in NS section (RFC 2461 7.2.3). 1613 */ 1614 1615 rt = nd6_lookup(from, 0, ifp); 1616 if (!rt) { 1617 #if 0 1618 /* nothing must be done if there's no lladdr */ 1619 if (!lladdr || !lladdrlen) 1620 return NULL; 1621 #endif 1622 1623 rt = nd6_lookup(from, 1, ifp); 1624 is_newentry = 1; 1625 } else { 1626 /* do nothing if static ndp is set */ 1627 if (rt->rt_flags & RTF_STATIC) 1628 return NULL; 1629 is_newentry = 0; 1630 } 1631 1632 if (!rt) 1633 return NULL; 1634 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 1635 fail: 1636 (void)nd6_free(rt); 1637 return NULL; 1638 } 1639 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1640 if (!ln) 1641 goto fail; 1642 if (!rt->rt_gateway) 1643 goto fail; 1644 if (rt->rt_gateway->sa_family != AF_LINK) 1645 goto fail; 1646 sdl = SDL(rt->rt_gateway); 1647 1648 olladdr = (sdl->sdl_alen) ? 1 : 0; 1649 if (olladdr && lladdr) { 1650 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 1651 llchange = 1; 1652 else 1653 llchange = 0; 1654 } else 1655 llchange = 0; 1656 1657 /* 1658 * newentry olladdr lladdr llchange (*=record) 1659 * 0 n n -- (1) 1660 * 0 y n -- (2) 1661 * 0 n y -- (3) * STALE 1662 * 0 y y n (4) * 1663 * 0 y y y (5) * STALE 1664 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1665 * 1 -- y -- (7) * STALE 1666 */ 1667 1668 if (lladdr) { /*(3-5) and (7)*/ 1669 /* 1670 * Record source link-layer address 1671 * XXX is it dependent to ifp->if_type? 1672 */ 1673 sdl->sdl_alen = ifp->if_addrlen; 1674 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 1675 } 1676 1677 if (!is_newentry) { 1678 if ((!olladdr && lladdr) /*(3)*/ 1679 || (olladdr && lladdr && llchange)) { /*(5)*/ 1680 do_update = 1; 1681 newstate = ND6_LLINFO_STALE; 1682 } else /*(1-2,4)*/ 1683 do_update = 0; 1684 } else { 1685 do_update = 1; 1686 if (!lladdr) /*(6)*/ 1687 newstate = ND6_LLINFO_NOSTATE; 1688 else /*(7)*/ 1689 newstate = ND6_LLINFO_STALE; 1690 } 1691 1692 if (do_update) { 1693 /* 1694 * Update the state of the neighbor cache. 1695 */ 1696 ln->ln_state = newstate; 1697 1698 if (ln->ln_state == ND6_LLINFO_STALE) { 1699 /* 1700 * XXX: since nd6_output() below will cause 1701 * state tansition to DELAY and reset the timer, 1702 * we must set the timer now, although it is actually 1703 * meaningless. 1704 */ 1705 ln->ln_expire = time_second + nd6_gctimer; 1706 1707 if (ln->ln_hold) { 1708 /* 1709 * we assume ifp is not a p2p here, so just 1710 * set the 2nd argument as the 1st one. 1711 */ 1712 nd6_output(ifp, ifp, ln->ln_hold, 1713 (struct sockaddr_in6 *)rt_key(rt), 1714 rt); 1715 ln->ln_hold = NULL; 1716 } 1717 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1718 /* probe right away */ 1719 ln->ln_expire = time_second; 1720 } 1721 } 1722 1723 /* 1724 * ICMP6 type dependent behavior. 1725 * 1726 * NS: clear IsRouter if new entry 1727 * RS: clear IsRouter 1728 * RA: set IsRouter if there's lladdr 1729 * redir: clear IsRouter if new entry 1730 * 1731 * RA case, (1): 1732 * The spec says that we must set IsRouter in the following cases: 1733 * - If lladdr exist, set IsRouter. This means (1-5). 1734 * - If it is old entry (!newentry), set IsRouter. This means (7). 1735 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1736 * A quetion arises for (1) case. (1) case has no lladdr in the 1737 * neighbor cache, this is similar to (6). 1738 * This case is rare but we figured that we MUST NOT set IsRouter. 1739 * 1740 * newentry olladdr lladdr llchange NS RS RA redir 1741 * D R 1742 * 0 n n -- (1) c ? s 1743 * 0 y n -- (2) c s s 1744 * 0 n y -- (3) c s s 1745 * 0 y y n (4) c s s 1746 * 0 y y y (5) c s s 1747 * 1 -- n -- (6) c c c s 1748 * 1 -- y -- (7) c c s c s 1749 * 1750 * (c=clear s=set) 1751 */ 1752 switch (type & 0xff) { 1753 case ND_NEIGHBOR_SOLICIT: 1754 /* 1755 * New entry must have is_router flag cleared. 1756 */ 1757 if (is_newentry) /*(6-7)*/ 1758 ln->ln_router = 0; 1759 break; 1760 case ND_REDIRECT: 1761 /* 1762 * If the icmp is a redirect to a better router, always set the 1763 * is_router flag. Otherwise, if the entry is newly created, 1764 * clear the flag. [RFC 2461, sec 8.3] 1765 */ 1766 if (code == ND_REDIRECT_ROUTER) 1767 ln->ln_router = 1; 1768 else if (is_newentry) /*(6-7)*/ 1769 ln->ln_router = 0; 1770 break; 1771 case ND_ROUTER_SOLICIT: 1772 /* 1773 * is_router flag must always be cleared. 1774 */ 1775 ln->ln_router = 0; 1776 break; 1777 case ND_ROUTER_ADVERT: 1778 /* 1779 * Mark an entry with lladdr as a router. 1780 */ 1781 if ((!is_newentry && (olladdr || lladdr)) /*(2-5)*/ 1782 || (is_newentry && lladdr)) { /*(7)*/ 1783 ln->ln_router = 1; 1784 } 1785 break; 1786 } 1787 1788 /* 1789 * When the link-layer address of a router changes, select the 1790 * best router again. In particular, when the neighbor entry is newly 1791 * created, it might affect the selection policy. 1792 * Question: can we restrict the first condition to the "is_newentry" 1793 * case? 1794 * XXX: when we hear an RA from a new router with the link-layer 1795 * address option, defrouter_select() is called twice, since 1796 * defrtrlist_update called the function as well. However, I believe 1797 * we can compromise the overhead, since it only happens the first 1798 * time. 1799 * XXX: although defrouter_select() should not have a bad effect 1800 * for those are not autoconfigured hosts, we explicitly avoid such 1801 * cases for safety. 1802 */ 1803 if (do_update && ln->ln_router && !ip6_forwarding && ip6_accept_rtadv) 1804 defrouter_select(); 1805 1806 return rt; 1807 } 1808 1809 static void 1810 nd6_slowtimo(ignored_arg) 1811 void *ignored_arg; 1812 { 1813 int s = splnet(); 1814 int i; 1815 struct nd_ifinfo *nd6if; 1816 1817 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 1818 nd6_slowtimo, NULL); 1819 for (i = 1; i < if_index + 1; i++) { 1820 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) 1821 continue; 1822 nd6if = &nd_ifinfo[i]; 1823 if (nd6if->basereachable && /* already initialized */ 1824 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1825 /* 1826 * Since reachable time rarely changes by router 1827 * advertisements, we SHOULD insure that a new random 1828 * value gets recomputed at least once every few hours. 1829 * (RFC 2461, 6.3.4) 1830 */ 1831 nd6if->recalctm = nd6_recalc_reachtm_interval; 1832 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 1833 } 1834 } 1835 splx(s); 1836 } 1837 1838 #define senderr(e) { error = (e); goto bad;} 1839 int 1840 nd6_output(ifp, origifp, m0, dst, rt0) 1841 struct ifnet *ifp; 1842 struct ifnet *origifp; 1843 struct mbuf *m0; 1844 struct sockaddr_in6 *dst; 1845 struct rtentry *rt0; 1846 { 1847 struct mbuf *m = m0; 1848 struct rtentry *rt = rt0; 1849 struct sockaddr_in6 *gw6 = NULL; 1850 struct llinfo_nd6 *ln = NULL; 1851 int error = 0; 1852 1853 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr)) 1854 goto sendpkt; 1855 1856 if (nd6_need_cache(ifp) == 0) 1857 goto sendpkt; 1858 1859 /* 1860 * next hop determination. This routine is derived from ether_outpout. 1861 */ 1862 if (rt) { 1863 if ((rt->rt_flags & RTF_UP) == 0) { 1864 if ((rt0 = rt = rtalloc1((struct sockaddr *)dst, 1, 0UL)) != 1865 NULL) 1866 { 1867 rt->rt_refcnt--; 1868 if (rt->rt_ifp != ifp) { 1869 /* XXX: loop care? */ 1870 return nd6_output(ifp, origifp, m0, 1871 dst, rt); 1872 } 1873 } else 1874 senderr(EHOSTUNREACH); 1875 } 1876 1877 if (rt->rt_flags & RTF_GATEWAY) { 1878 gw6 = (struct sockaddr_in6 *)rt->rt_gateway; 1879 1880 /* 1881 * We skip link-layer address resolution and NUD 1882 * if the gateway is not a neighbor from ND point 1883 * of view, regardless the value of the 1884 * nd_ifinfo.flags. 1885 * The second condition is a bit tricky: we skip 1886 * if the gateway is our own address, which is 1887 * sometimes used to install a route to a p2p link. 1888 */ 1889 if (!nd6_is_addr_neighbor(gw6, ifp) || 1890 in6ifa_ifpwithaddr(ifp, &gw6->sin6_addr)) { 1891 /* 1892 * We allow this kind of tricky route only 1893 * when the outgoing interface is p2p. 1894 * XXX: we may need a more generic rule here. 1895 */ 1896 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 1897 senderr(EHOSTUNREACH); 1898 1899 goto sendpkt; 1900 } 1901 1902 if (rt->rt_gwroute == 0) 1903 goto lookup; 1904 if (((rt = rt->rt_gwroute)->rt_flags & RTF_UP) == 0) { 1905 rtfree(rt); rt = rt0; 1906 lookup: rt->rt_gwroute = rtalloc1(rt->rt_gateway, 1, 0UL); 1907 if ((rt = rt->rt_gwroute) == 0) 1908 senderr(EHOSTUNREACH); 1909 } 1910 } 1911 } 1912 1913 /* 1914 * Address resolution or Neighbor Unreachability Detection 1915 * for the next hop. 1916 * At this point, the destination of the packet must be a unicast 1917 * or an anycast address(i.e. not a multicast). 1918 */ 1919 1920 /* Look up the neighbor cache for the nexthop */ 1921 if (rt && (rt->rt_flags & RTF_LLINFO) != 0) 1922 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1923 else { 1924 /* 1925 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 1926 * the condition below is not very efficient. But we believe 1927 * it is tolerable, because this should be a rare case. 1928 */ 1929 if (nd6_is_addr_neighbor(dst, ifp) && 1930 (rt = nd6_lookup(&dst->sin6_addr, 1, ifp)) != NULL) 1931 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1932 } 1933 if (!ln || !rt) { 1934 if ((ifp->if_flags & IFF_POINTOPOINT) == 0 && 1935 !(nd_ifinfo[ifp->if_index].flags & ND6_IFF_PERFORMNUD)) { 1936 log(LOG_DEBUG, 1937 "nd6_output: can't allocate llinfo for %s " 1938 "(ln=%p, rt=%p)\n", 1939 ip6_sprintf(&dst->sin6_addr), ln, rt); 1940 senderr(EIO); /* XXX: good error? */ 1941 } 1942 1943 goto sendpkt; /* send anyway */ 1944 } 1945 1946 /* We don't have to do link-layer address resolution on a p2p link. */ 1947 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 1948 ln->ln_state < ND6_LLINFO_REACHABLE) { 1949 ln->ln_state = ND6_LLINFO_STALE; 1950 ln->ln_expire = time_second + nd6_gctimer; 1951 } 1952 1953 /* 1954 * The first time we send a packet to a neighbor whose entry is 1955 * STALE, we have to change the state to DELAY and a sets a timer to 1956 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 1957 * neighbor unreachability detection on expiration. 1958 * (RFC 2461 7.3.3) 1959 */ 1960 if (ln->ln_state == ND6_LLINFO_STALE) { 1961 ln->ln_asked = 0; 1962 ln->ln_state = ND6_LLINFO_DELAY; 1963 ln->ln_expire = time_second + nd6_delay; 1964 } 1965 1966 /* 1967 * If the neighbor cache entry has a state other than INCOMPLETE 1968 * (i.e. its link-layer address is already reloved), just 1969 * send the packet. 1970 */ 1971 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 1972 goto sendpkt; 1973 1974 /* 1975 * There is a neighbor cache entry, but no ethernet address 1976 * response yet. Replace the held mbuf (if any) with this 1977 * latest one. 1978 * 1979 * XXX Does the code conform to rate-limiting rule? 1980 * (RFC 2461 7.2.2) 1981 */ 1982 if (ln->ln_state == ND6_LLINFO_NOSTATE) 1983 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1984 if (ln->ln_hold) 1985 m_freem(ln->ln_hold); 1986 ln->ln_hold = m; 1987 if (ln->ln_expire) { 1988 if (ln->ln_asked < nd6_mmaxtries && 1989 ln->ln_expire < time_second) { 1990 ln->ln_asked++; 1991 ln->ln_expire = time_second + 1992 nd_ifinfo[ifp->if_index].retrans / 1000; 1993 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); 1994 } 1995 } 1996 return(0); 1997 1998 sendpkt: 1999 2000 if ((ifp->if_flags & IFF_LOOPBACK) != 0) { 2001 return((*ifp->if_output)(origifp, m, (struct sockaddr *)dst, 2002 rt)); 2003 } 2004 return((*ifp->if_output)(ifp, m, (struct sockaddr *)dst, rt)); 2005 2006 bad: 2007 if (m) 2008 m_freem(m); 2009 return (error); 2010 } 2011 #undef senderr 2012 2013 int 2014 nd6_need_cache(ifp) 2015 struct ifnet *ifp; 2016 { 2017 /* 2018 * XXX: we currently do not make neighbor cache on any interface 2019 * other than ARCnet, Ethernet, FDDI and GIF. 2020 * 2021 * RFC2893 says: 2022 * - unidirectional tunnels needs no ND 2023 */ 2024 switch (ifp->if_type) { 2025 case IFT_ARCNET: 2026 case IFT_ETHER: 2027 case IFT_FDDI: 2028 case IFT_IEEE1394: 2029 #ifdef IFT_L2VLAN 2030 case IFT_L2VLAN: 2031 #endif 2032 #ifdef IFT_IEEE80211 2033 case IFT_IEEE80211: 2034 #endif 2035 case IFT_GIF: /* XXX need more cases? */ 2036 return(1); 2037 default: 2038 return(0); 2039 } 2040 } 2041 2042 int 2043 nd6_storelladdr(ifp, rt, m, dst, desten) 2044 struct ifnet *ifp; 2045 struct rtentry *rt; 2046 struct mbuf *m; 2047 struct sockaddr *dst; 2048 u_char *desten; 2049 { 2050 int i; 2051 struct sockaddr_dl *sdl; 2052 2053 if (m->m_flags & M_MCAST) { 2054 switch (ifp->if_type) { 2055 case IFT_ETHER: 2056 case IFT_FDDI: 2057 #ifdef IFT_L2VLAN 2058 case IFT_L2VLAN: 2059 #endif 2060 #ifdef IFT_IEEE80211 2061 case IFT_IEEE80211: 2062 #endif 2063 ETHER_MAP_IPV6_MULTICAST(&SIN6(dst)->sin6_addr, 2064 desten); 2065 return(1); 2066 case IFT_IEEE1394: 2067 for (i = 0; i < ifp->if_addrlen; i++) 2068 desten[i] = ~0; 2069 return(1); 2070 case IFT_ARCNET: 2071 *desten = 0; 2072 return(1); 2073 default: 2074 m_freem(m); 2075 return(0); 2076 } 2077 } 2078 2079 if (rt == NULL) { 2080 /* this could happen, if we could not allocate memory */ 2081 m_freem(m); 2082 return(0); 2083 } 2084 if (rt->rt_gateway->sa_family != AF_LINK) { 2085 printf("nd6_storelladdr: something odd happens\n"); 2086 m_freem(m); 2087 return(0); 2088 } 2089 sdl = SDL(rt->rt_gateway); 2090 if (sdl->sdl_alen == 0) { 2091 /* this should be impossible, but we bark here for debugging */ 2092 printf("nd6_storelladdr: sdl_alen == 0\n"); 2093 m_freem(m); 2094 return(0); 2095 } 2096 2097 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 2098 return(1); 2099 } 2100 2101 static int nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS); 2102 static int nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS); 2103 #ifdef SYSCTL_DECL 2104 SYSCTL_DECL(_net_inet6_icmp6); 2105 #endif 2106 SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist, 2107 CTLFLAG_RD, nd6_sysctl_drlist, ""); 2108 SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist, 2109 CTLFLAG_RD, nd6_sysctl_prlist, ""); 2110 2111 static int 2112 nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS) 2113 { 2114 int error; 2115 char buf[1024]; 2116 struct in6_defrouter *d, *de; 2117 struct nd_defrouter *dr; 2118 2119 if (req->newptr) 2120 return EPERM; 2121 error = 0; 2122 2123 for (dr = TAILQ_FIRST(&nd_defrouter); 2124 dr; 2125 dr = TAILQ_NEXT(dr, dr_entry)) { 2126 d = (struct in6_defrouter *)buf; 2127 de = (struct in6_defrouter *)(buf + sizeof(buf)); 2128 2129 if (d + 1 <= de) { 2130 bzero(d, sizeof(*d)); 2131 d->rtaddr.sin6_family = AF_INET6; 2132 d->rtaddr.sin6_len = sizeof(d->rtaddr); 2133 if (in6_recoverscope(&d->rtaddr, &dr->rtaddr, 2134 dr->ifp) != 0) 2135 log(LOG_ERR, 2136 "scope error in " 2137 "default router list (%s)\n", 2138 ip6_sprintf(&dr->rtaddr)); 2139 d->flags = dr->flags; 2140 d->rtlifetime = dr->rtlifetime; 2141 d->expire = dr->expire; 2142 d->if_index = dr->ifp->if_index; 2143 } else 2144 panic("buffer too short"); 2145 2146 error = SYSCTL_OUT(req, buf, sizeof(*d)); 2147 if (error) 2148 break; 2149 } 2150 return error; 2151 } 2152 2153 static int 2154 nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS) 2155 { 2156 int error; 2157 char buf[1024]; 2158 struct in6_prefix *p, *pe; 2159 struct nd_prefix *pr; 2160 2161 if (req->newptr) 2162 return EPERM; 2163 error = 0; 2164 2165 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 2166 u_short advrtrs; 2167 size_t advance; 2168 struct sockaddr_in6 *sin6, *s6; 2169 struct nd_pfxrouter *pfr; 2170 2171 p = (struct in6_prefix *)buf; 2172 pe = (struct in6_prefix *)(buf + sizeof(buf)); 2173 2174 if (p + 1 <= pe) { 2175 bzero(p, sizeof(*p)); 2176 sin6 = (struct sockaddr_in6 *)(p + 1); 2177 2178 p->prefix = pr->ndpr_prefix; 2179 if (in6_recoverscope(&p->prefix, 2180 &p->prefix.sin6_addr, pr->ndpr_ifp) != 0) 2181 log(LOG_ERR, 2182 "scope error in prefix list (%s)\n", 2183 ip6_sprintf(&p->prefix.sin6_addr)); 2184 p->raflags = pr->ndpr_raf; 2185 p->prefixlen = pr->ndpr_plen; 2186 p->vltime = pr->ndpr_vltime; 2187 p->pltime = pr->ndpr_pltime; 2188 p->if_index = pr->ndpr_ifp->if_index; 2189 p->expire = pr->ndpr_expire; 2190 p->refcnt = pr->ndpr_refcnt; 2191 p->flags = pr->ndpr_stateflags; 2192 p->origin = PR_ORIG_RA; 2193 advrtrs = 0; 2194 for (pfr = pr->ndpr_advrtrs.lh_first; 2195 pfr; 2196 pfr = pfr->pfr_next) { 2197 if ((void *)&sin6[advrtrs + 1] > 2198 (void *)pe) { 2199 advrtrs++; 2200 continue; 2201 } 2202 s6 = &sin6[advrtrs]; 2203 bzero(s6, sizeof(*s6)); 2204 s6->sin6_family = AF_INET6; 2205 s6->sin6_len = sizeof(*sin6); 2206 if (in6_recoverscope(s6, 2207 &pfr->router->rtaddr, 2208 pfr->router->ifp) != 0) 2209 log(LOG_ERR, 2210 "scope error in " 2211 "prefix list (%s)\n", 2212 ip6_sprintf(&pfr->router->rtaddr)); 2213 advrtrs++; 2214 } 2215 p->advrtrs = advrtrs; 2216 } else 2217 panic("buffer too short"); 2218 2219 advance = sizeof(*p) + sizeof(*sin6) * advrtrs; 2220 error = SYSCTL_OUT(req, buf, advance); 2221 if (error) 2222 break; 2223 } 2224 return error; 2225 } 2226