1 /* $FreeBSD$ */ 2 /* $KAME: nd6.c,v 1.144 2001/05/24 07:44:00 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * XXX 35 * KAME 970409 note: 36 * BSD/OS version heavily modifies this code, related to llinfo. 37 * Since we don't have BSD/OS version of net/route.c in our hand, 38 * I left the code mostly as it was in 970310. -- itojun 39 */ 40 41 #include "opt_inet.h" 42 #include "opt_inet6.h" 43 #include "opt_mac.h" 44 45 #include <sys/param.h> 46 #include <sys/systm.h> 47 #include <sys/callout.h> 48 #include <sys/mac.h> 49 #include <sys/malloc.h> 50 #include <sys/mbuf.h> 51 #include <sys/socket.h> 52 #include <sys/sockio.h> 53 #include <sys/time.h> 54 #include <sys/kernel.h> 55 #include <sys/protosw.h> 56 #include <sys/errno.h> 57 #include <sys/syslog.h> 58 #include <sys/queue.h> 59 #include <sys/sysctl.h> 60 61 #include <net/if.h> 62 #include <net/if_dl.h> 63 #include <net/if_types.h> 64 #include <net/if_atm.h> 65 #include <net/iso88025.h> 66 #include <net/fddi.h> 67 #include <net/route.h> 68 69 #include <netinet/in.h> 70 #include <netinet/if_ether.h> 71 #include <netinet6/in6_var.h> 72 #include <netinet/ip6.h> 73 #include <netinet6/ip6_var.h> 74 #include <netinet6/nd6.h> 75 #include <netinet6/in6_prefix.h> 76 #include <netinet/icmp6.h> 77 78 #include <net/net_osdep.h> 79 80 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 81 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 82 83 #define SIN6(s) ((struct sockaddr_in6 *)s) 84 #define SDL(s) ((struct sockaddr_dl *)s) 85 86 /* timer values */ 87 int nd6_prune = 1; /* walk list every 1 seconds */ 88 int nd6_delay = 5; /* delay first probe time 5 second */ 89 int nd6_umaxtries = 3; /* maximum unicast query */ 90 int nd6_mmaxtries = 3; /* maximum multicast query */ 91 int nd6_useloopback = 1; /* use loopback interface for local traffic */ 92 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 93 94 /* preventing too many loops in ND option parsing */ 95 int nd6_maxndopt = 10; /* max # of ND options allowed */ 96 97 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 98 99 #ifdef ND6_DEBUG 100 int nd6_debug = 1; 101 #else 102 int nd6_debug = 0; 103 #endif 104 105 /* for debugging? */ 106 static int nd6_inuse, nd6_allocated; 107 108 struct llinfo_nd6 llinfo_nd6 = {&llinfo_nd6, &llinfo_nd6}; 109 static size_t nd_ifinfo_indexlim = 8; 110 struct nd_ifinfo *nd_ifinfo = NULL; 111 struct nd_drhead nd_defrouter; 112 struct nd_prhead nd_prefix = { 0 }; 113 114 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 115 static struct sockaddr_in6 all1_sa; 116 117 static void nd6_slowtimo __P((void *)); 118 static int regen_tmpaddr __P((struct in6_ifaddr *)); 119 120 struct callout nd6_slowtimo_ch; 121 struct callout nd6_timer_ch; 122 extern struct callout in6_tmpaddrtimer_ch; 123 124 void 125 nd6_init() 126 { 127 static int nd6_init_done = 0; 128 int i; 129 130 if (nd6_init_done) { 131 log(LOG_NOTICE, "nd6_init called more than once(ignored)\n"); 132 return; 133 } 134 135 all1_sa.sin6_family = AF_INET6; 136 all1_sa.sin6_len = sizeof(struct sockaddr_in6); 137 for (i = 0; i < sizeof(all1_sa.sin6_addr); i++) 138 all1_sa.sin6_addr.s6_addr[i] = 0xff; 139 140 /* initialization of the default router list */ 141 TAILQ_INIT(&nd_defrouter); 142 143 nd6_init_done = 1; 144 145 /* start timer */ 146 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 147 nd6_slowtimo, NULL); 148 } 149 150 void 151 nd6_ifattach(ifp) 152 struct ifnet *ifp; 153 { 154 155 /* 156 * We have some arrays that should be indexed by if_index. 157 * since if_index will grow dynamically, they should grow too. 158 */ 159 if (nd_ifinfo == NULL || if_index >= nd_ifinfo_indexlim) { 160 size_t n; 161 caddr_t q; 162 163 while (if_index >= nd_ifinfo_indexlim) 164 nd_ifinfo_indexlim <<= 1; 165 166 /* grow nd_ifinfo */ 167 n = nd_ifinfo_indexlim * sizeof(struct nd_ifinfo); 168 q = (caddr_t)malloc(n, M_IP6NDP, M_WAITOK); 169 bzero(q, n); 170 if (nd_ifinfo) { 171 bcopy((caddr_t)nd_ifinfo, q, n/2); 172 free((caddr_t)nd_ifinfo, M_IP6NDP); 173 } 174 nd_ifinfo = (struct nd_ifinfo *)q; 175 } 176 177 #define ND nd_ifinfo[ifp->if_index] 178 179 /* 180 * Don't initialize if called twice. 181 * XXX: to detect this, we should choose a member that is never set 182 * before initialization of the ND structure itself. We formaly used 183 * the linkmtu member, which was not suitable because it could be 184 * initialized via "ifconfig mtu". 185 */ 186 if (ND.basereachable) 187 return; 188 189 ND.linkmtu = ifnet_byindex(ifp->if_index)->if_mtu; 190 ND.chlim = IPV6_DEFHLIM; 191 ND.basereachable = REACHABLE_TIME; 192 ND.reachable = ND_COMPUTE_RTIME(ND.basereachable); 193 ND.retrans = RETRANS_TIMER; 194 ND.receivedra = 0; 195 /* 196 * Note that the default value of ip6_accept_rtadv is 0, which means 197 * we won't accept RAs by default even if we set ND6_IFF_ACCEPT_RTADV 198 * here. 199 */ 200 ND.flags = (ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV); 201 nd6_setmtu(ifp); 202 #undef ND 203 } 204 205 /* 206 * Reset ND level link MTU. This function is called when the physical MTU 207 * changes, which means we might have to adjust the ND level MTU. 208 */ 209 void 210 nd6_setmtu(ifp) 211 struct ifnet *ifp; 212 { 213 struct nd_ifinfo *ndi = &nd_ifinfo[ifp->if_index]; 214 u_long oldmaxmtu = ndi->maxmtu; 215 u_long oldlinkmtu = ndi->linkmtu; 216 217 switch (ifp->if_type) { 218 case IFT_ARCNET: /* XXX MTU handling needs more work */ 219 ndi->maxmtu = MIN(60480, ifp->if_mtu); 220 break; 221 case IFT_ETHER: 222 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 223 break; 224 case IFT_FDDI: 225 ndi->maxmtu = MIN(FDDIIPMTU, ifp->if_mtu); 226 break; 227 case IFT_ATM: 228 ndi->maxmtu = MIN(ATMMTU, ifp->if_mtu); 229 break; 230 case IFT_IEEE1394: /* XXX should be IEEE1394MTU(1500) */ 231 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 232 break; 233 #ifdef IFT_IEEE80211 234 case IFT_IEEE80211: /* XXX should be IEEE80211MTU(1500) */ 235 ndi->maxmtu = MIN(ETHERMTU, ifp->if_mtu); 236 break; 237 #endif 238 case IFT_ISO88025: 239 ndi->maxmtu = MIN(ISO88025_MAX_MTU, ifp->if_mtu); 240 break; 241 default: 242 ndi->maxmtu = ifp->if_mtu; 243 break; 244 } 245 246 if (oldmaxmtu != ndi->maxmtu) { 247 /* 248 * If the ND level MTU is not set yet, or if the maxmtu 249 * is reset to a smaller value than the ND level MTU, 250 * also reset the ND level MTU. 251 */ 252 if (ndi->linkmtu == 0 || 253 ndi->maxmtu < ndi->linkmtu) { 254 ndi->linkmtu = ndi->maxmtu; 255 /* also adjust in6_maxmtu if necessary. */ 256 if (oldlinkmtu == 0) { 257 /* 258 * XXX: the case analysis is grotty, but 259 * it is not efficient to call in6_setmaxmtu() 260 * here when we are during the initialization 261 * procedure. 262 */ 263 if (in6_maxmtu < ndi->linkmtu) 264 in6_maxmtu = ndi->linkmtu; 265 } else 266 in6_setmaxmtu(); 267 } 268 } 269 #undef MIN 270 } 271 272 void 273 nd6_option_init(opt, icmp6len, ndopts) 274 void *opt; 275 int icmp6len; 276 union nd_opts *ndopts; 277 { 278 bzero(ndopts, sizeof(*ndopts)); 279 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 280 ndopts->nd_opts_last 281 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 282 283 if (icmp6len == 0) { 284 ndopts->nd_opts_done = 1; 285 ndopts->nd_opts_search = NULL; 286 } 287 } 288 289 /* 290 * Take one ND option. 291 */ 292 struct nd_opt_hdr * 293 nd6_option(ndopts) 294 union nd_opts *ndopts; 295 { 296 struct nd_opt_hdr *nd_opt; 297 int olen; 298 299 if (!ndopts) 300 panic("ndopts == NULL in nd6_option"); 301 if (!ndopts->nd_opts_last) 302 panic("uninitialized ndopts in nd6_option"); 303 if (!ndopts->nd_opts_search) 304 return NULL; 305 if (ndopts->nd_opts_done) 306 return NULL; 307 308 nd_opt = ndopts->nd_opts_search; 309 310 /* make sure nd_opt_len is inside the buffer */ 311 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 312 bzero(ndopts, sizeof(*ndopts)); 313 return NULL; 314 } 315 316 olen = nd_opt->nd_opt_len << 3; 317 if (olen == 0) { 318 /* 319 * Message validation requires that all included 320 * options have a length that is greater than zero. 321 */ 322 bzero(ndopts, sizeof(*ndopts)); 323 return NULL; 324 } 325 326 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 327 if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 328 /* option overruns the end of buffer, invalid */ 329 bzero(ndopts, sizeof(*ndopts)); 330 return NULL; 331 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 332 /* reached the end of options chain */ 333 ndopts->nd_opts_done = 1; 334 ndopts->nd_opts_search = NULL; 335 } 336 return nd_opt; 337 } 338 339 /* 340 * Parse multiple ND options. 341 * This function is much easier to use, for ND routines that do not need 342 * multiple options of the same type. 343 */ 344 int 345 nd6_options(ndopts) 346 union nd_opts *ndopts; 347 { 348 struct nd_opt_hdr *nd_opt; 349 int i = 0; 350 351 if (!ndopts) 352 panic("ndopts == NULL in nd6_options"); 353 if (!ndopts->nd_opts_last) 354 panic("uninitialized ndopts in nd6_options"); 355 if (!ndopts->nd_opts_search) 356 return 0; 357 358 while (1) { 359 nd_opt = nd6_option(ndopts); 360 if (!nd_opt && !ndopts->nd_opts_last) { 361 /* 362 * Message validation requires that all included 363 * options have a length that is greater than zero. 364 */ 365 icmp6stat.icp6s_nd_badopt++; 366 bzero(ndopts, sizeof(*ndopts)); 367 return -1; 368 } 369 370 if (!nd_opt) 371 goto skip1; 372 373 switch (nd_opt->nd_opt_type) { 374 case ND_OPT_SOURCE_LINKADDR: 375 case ND_OPT_TARGET_LINKADDR: 376 case ND_OPT_MTU: 377 case ND_OPT_REDIRECTED_HEADER: 378 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 379 nd6log((LOG_INFO, 380 "duplicated ND6 option found (type=%d)\n", 381 nd_opt->nd_opt_type)); 382 /* XXX bark? */ 383 } else { 384 ndopts->nd_opt_array[nd_opt->nd_opt_type] 385 = nd_opt; 386 } 387 break; 388 case ND_OPT_PREFIX_INFORMATION: 389 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 390 ndopts->nd_opt_array[nd_opt->nd_opt_type] 391 = nd_opt; 392 } 393 ndopts->nd_opts_pi_end = 394 (struct nd_opt_prefix_info *)nd_opt; 395 break; 396 default: 397 /* 398 * Unknown options must be silently ignored, 399 * to accomodate future extension to the protocol. 400 */ 401 nd6log((LOG_DEBUG, 402 "nd6_options: unsupported option %d - " 403 "option ignored\n", nd_opt->nd_opt_type)); 404 } 405 406 skip1: 407 i++; 408 if (i > nd6_maxndopt) { 409 icmp6stat.icp6s_nd_toomanyopt++; 410 nd6log((LOG_INFO, "too many loop in nd opt\n")); 411 break; 412 } 413 414 if (ndopts->nd_opts_done) 415 break; 416 } 417 418 return 0; 419 } 420 421 /* 422 * ND6 timer routine to expire default route list and prefix list 423 */ 424 void 425 nd6_timer(ignored_arg) 426 void *ignored_arg; 427 { 428 int s; 429 struct llinfo_nd6 *ln; 430 struct nd_defrouter *dr; 431 struct nd_prefix *pr; 432 struct ifnet *ifp; 433 struct in6_ifaddr *ia6, *nia6; 434 struct in6_addrlifetime *lt6; 435 436 s = splnet(); 437 callout_reset(&nd6_timer_ch, nd6_prune * hz, 438 nd6_timer, NULL); 439 440 ln = llinfo_nd6.ln_next; 441 while (ln && ln != &llinfo_nd6) { 442 struct rtentry *rt; 443 struct sockaddr_in6 *dst; 444 struct llinfo_nd6 *next = ln->ln_next; 445 /* XXX: used for the DELAY case only: */ 446 struct nd_ifinfo *ndi = NULL; 447 448 if ((rt = ln->ln_rt) == NULL) { 449 ln = next; 450 continue; 451 } 452 if ((ifp = rt->rt_ifp) == NULL) { 453 ln = next; 454 continue; 455 } 456 ndi = &nd_ifinfo[ifp->if_index]; 457 dst = (struct sockaddr_in6 *)rt_key(rt); 458 459 if (ln->ln_expire > time_second) { 460 ln = next; 461 continue; 462 } 463 464 /* sanity check */ 465 if (!rt) 466 panic("rt=0 in nd6_timer(ln=%p)", ln); 467 if (rt->rt_llinfo && (struct llinfo_nd6 *)rt->rt_llinfo != ln) 468 panic("rt_llinfo(%p) is not equal to ln(%p)", 469 rt->rt_llinfo, ln); 470 if (!dst) 471 panic("dst=0 in nd6_timer(ln=%p)", ln); 472 473 switch (ln->ln_state) { 474 case ND6_LLINFO_INCOMPLETE: 475 if (ln->ln_asked < nd6_mmaxtries) { 476 ln->ln_asked++; 477 ln->ln_expire = time_second + 478 nd_ifinfo[ifp->if_index].retrans / 1000; 479 nd6_ns_output(ifp, NULL, &dst->sin6_addr, 480 ln, 0); 481 } else { 482 struct mbuf *m = ln->ln_hold; 483 if (m) { 484 if (rt->rt_ifp) { 485 /* 486 * Fake rcvif to make ICMP error 487 * more helpful in diagnosing 488 * for the receiver. 489 * XXX: should we consider 490 * older rcvif? 491 */ 492 m->m_pkthdr.rcvif = rt->rt_ifp; 493 } 494 icmp6_error(m, ICMP6_DST_UNREACH, 495 ICMP6_DST_UNREACH_ADDR, 0); 496 ln->ln_hold = NULL; 497 } 498 next = nd6_free(rt); 499 } 500 break; 501 case ND6_LLINFO_REACHABLE: 502 if (ln->ln_expire) { 503 ln->ln_state = ND6_LLINFO_STALE; 504 ln->ln_expire = time_second + nd6_gctimer; 505 } 506 break; 507 508 case ND6_LLINFO_STALE: 509 /* Garbage Collection(RFC 2461 5.3) */ 510 if (ln->ln_expire) 511 next = nd6_free(rt); 512 break; 513 514 case ND6_LLINFO_DELAY: 515 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) { 516 /* We need NUD */ 517 ln->ln_asked = 1; 518 ln->ln_state = ND6_LLINFO_PROBE; 519 ln->ln_expire = time_second + 520 ndi->retrans / 1000; 521 nd6_ns_output(ifp, &dst->sin6_addr, 522 &dst->sin6_addr, 523 ln, 0); 524 } else { 525 ln->ln_state = ND6_LLINFO_STALE; /* XXX */ 526 ln->ln_expire = time_second + nd6_gctimer; 527 } 528 break; 529 case ND6_LLINFO_PROBE: 530 if (ln->ln_asked < nd6_umaxtries) { 531 ln->ln_asked++; 532 ln->ln_expire = time_second + 533 nd_ifinfo[ifp->if_index].retrans / 1000; 534 nd6_ns_output(ifp, &dst->sin6_addr, 535 &dst->sin6_addr, ln, 0); 536 } else { 537 next = nd6_free(rt); 538 } 539 break; 540 } 541 ln = next; 542 } 543 544 /* expire default router list */ 545 dr = TAILQ_FIRST(&nd_defrouter); 546 while (dr) { 547 if (dr->expire && dr->expire < time_second) { 548 struct nd_defrouter *t; 549 t = TAILQ_NEXT(dr, dr_entry); 550 defrtrlist_del(dr); 551 dr = t; 552 } else { 553 dr = TAILQ_NEXT(dr, dr_entry); 554 } 555 } 556 557 /* 558 * expire interface addresses. 559 * in the past the loop was inside prefix expiry processing. 560 * However, from a stricter speci-confrmance standpoint, we should 561 * rather separate address lifetimes and prefix lifetimes. 562 */ 563 addrloop: 564 for (ia6 = in6_ifaddr; ia6; ia6 = nia6) { 565 nia6 = ia6->ia_next; 566 /* check address lifetime */ 567 lt6 = &ia6->ia6_lifetime; 568 if (IFA6_IS_INVALID(ia6)) { 569 int regen = 0; 570 571 /* 572 * If the expiring address is temporary, try 573 * regenerating a new one. This would be useful when 574 * we suspended a laptop PC, then turned it on after a 575 * period that could invalidate all temporary 576 * addresses. Although we may have to restart the 577 * loop (see below), it must be after purging the 578 * address. Otherwise, we'd see an infinite loop of 579 * regeneration. 580 */ 581 if (ip6_use_tempaddr && 582 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) { 583 if (regen_tmpaddr(ia6) == 0) 584 regen = 1; 585 } 586 587 in6_purgeaddr(&ia6->ia_ifa); 588 589 if (regen) 590 goto addrloop; /* XXX: see below */ 591 } 592 if (IFA6_IS_DEPRECATED(ia6)) { 593 int oldflags = ia6->ia6_flags; 594 595 ia6->ia6_flags |= IN6_IFF_DEPRECATED; 596 597 /* 598 * If a temporary address has just become deprecated, 599 * regenerate a new one if possible. 600 */ 601 if (ip6_use_tempaddr && 602 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 603 (oldflags & IN6_IFF_DEPRECATED) == 0) { 604 605 if (regen_tmpaddr(ia6) == 0) { 606 /* 607 * A new temporary address is 608 * generated. 609 * XXX: this means the address chain 610 * has changed while we are still in 611 * the loop. Although the change 612 * would not cause disaster (because 613 * it's not a deletion, but an 614 * addition,) we'd rather restart the 615 * loop just for safety. Or does this 616 * significantly reduce performance?? 617 */ 618 goto addrloop; 619 } 620 } 621 } else { 622 /* 623 * A new RA might have made a deprecated address 624 * preferred. 625 */ 626 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 627 } 628 } 629 630 /* expire prefix list */ 631 pr = nd_prefix.lh_first; 632 while (pr) { 633 /* 634 * check prefix lifetime. 635 * since pltime is just for autoconf, pltime processing for 636 * prefix is not necessary. 637 */ 638 if (pr->ndpr_expire && pr->ndpr_expire < time_second) { 639 struct nd_prefix *t; 640 t = pr->ndpr_next; 641 642 /* 643 * address expiration and prefix expiration are 644 * separate. NEVER perform in6_purgeaddr here. 645 */ 646 647 prelist_remove(pr); 648 pr = t; 649 } else 650 pr = pr->ndpr_next; 651 } 652 splx(s); 653 } 654 655 static int 656 regen_tmpaddr(ia6) 657 struct in6_ifaddr *ia6; /* deprecated/invalidated temporary address */ 658 { 659 struct ifaddr *ifa; 660 struct ifnet *ifp; 661 struct in6_ifaddr *public_ifa6 = NULL; 662 663 ifp = ia6->ia_ifa.ifa_ifp; 664 for (ifa = ifp->if_addrlist.tqh_first; ifa; 665 ifa = ifa->ifa_list.tqe_next) 666 { 667 struct in6_ifaddr *it6; 668 669 if (ifa->ifa_addr->sa_family != AF_INET6) 670 continue; 671 672 it6 = (struct in6_ifaddr *)ifa; 673 674 /* ignore no autoconf addresses. */ 675 if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0) 676 continue; 677 678 /* ignore autoconf addresses with different prefixes. */ 679 if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr) 680 continue; 681 682 /* 683 * Now we are looking at an autoconf address with the same 684 * prefix as ours. If the address is temporary and is still 685 * preferred, do not create another one. It would be rare, but 686 * could happen, for example, when we resume a laptop PC after 687 * a long period. 688 */ 689 if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 690 !IFA6_IS_DEPRECATED(it6)) { 691 public_ifa6 = NULL; 692 break; 693 } 694 695 /* 696 * This is a public autoconf address that has the same prefix 697 * as ours. If it is preferred, keep it. We can't break the 698 * loop here, because there may be a still-preferred temporary 699 * address with the prefix. 700 */ 701 if (!IFA6_IS_DEPRECATED(it6)) 702 public_ifa6 = it6; 703 } 704 705 if (public_ifa6 != NULL) { 706 int e; 707 708 if ((e = in6_tmpifadd(public_ifa6, 0)) != 0) { 709 log(LOG_NOTICE, "regen_tmpaddr: failed to create a new" 710 " tmp addr,errno=%d\n", e); 711 return(-1); 712 } 713 return(0); 714 } 715 716 return(-1); 717 } 718 719 /* 720 * Nuke neighbor cache/prefix/default router management table, right before 721 * ifp goes away. 722 */ 723 void 724 nd6_purge(ifp) 725 struct ifnet *ifp; 726 { 727 struct llinfo_nd6 *ln, *nln; 728 struct nd_defrouter *dr, *ndr, drany; 729 struct nd_prefix *pr, *npr; 730 731 /* Nuke default router list entries toward ifp */ 732 if ((dr = TAILQ_FIRST(&nd_defrouter)) != NULL) { 733 /* 734 * The first entry of the list may be stored in 735 * the routing table, so we'll delete it later. 736 */ 737 for (dr = TAILQ_NEXT(dr, dr_entry); dr; dr = ndr) { 738 ndr = TAILQ_NEXT(dr, dr_entry); 739 if (dr->ifp == ifp) 740 defrtrlist_del(dr); 741 } 742 dr = TAILQ_FIRST(&nd_defrouter); 743 if (dr->ifp == ifp) 744 defrtrlist_del(dr); 745 } 746 747 /* Nuke prefix list entries toward ifp */ 748 for (pr = nd_prefix.lh_first; pr; pr = npr) { 749 npr = pr->ndpr_next; 750 if (pr->ndpr_ifp == ifp) { 751 /* 752 * Previously, pr->ndpr_addr is removed as well, 753 * but I strongly believe we don't have to do it. 754 * nd6_purge() is only called from in6_ifdetach(), 755 * which removes all the associated interface addresses 756 * by itself. 757 * (jinmei@kame.net 20010129) 758 */ 759 prelist_remove(pr); 760 } 761 } 762 763 /* cancel default outgoing interface setting */ 764 if (nd6_defifindex == ifp->if_index) 765 nd6_setdefaultiface(0); 766 767 if (!ip6_forwarding && ip6_accept_rtadv) { /* XXX: too restrictive? */ 768 /* refresh default router list */ 769 bzero(&drany, sizeof(drany)); 770 defrouter_delreq(&drany, 0); 771 defrouter_select(); 772 } 773 774 /* 775 * Nuke neighbor cache entries for the ifp. 776 * Note that rt->rt_ifp may not be the same as ifp, 777 * due to KAME goto ours hack. See RTM_RESOLVE case in 778 * nd6_rtrequest(), and ip6_input(). 779 */ 780 ln = llinfo_nd6.ln_next; 781 while (ln && ln != &llinfo_nd6) { 782 struct rtentry *rt; 783 struct sockaddr_dl *sdl; 784 785 nln = ln->ln_next; 786 rt = ln->ln_rt; 787 if (rt && rt->rt_gateway && 788 rt->rt_gateway->sa_family == AF_LINK) { 789 sdl = (struct sockaddr_dl *)rt->rt_gateway; 790 if (sdl->sdl_index == ifp->if_index) 791 nln = nd6_free(rt); 792 } 793 ln = nln; 794 } 795 } 796 797 struct rtentry * 798 nd6_lookup(addr6, create, ifp) 799 struct in6_addr *addr6; 800 int create; 801 struct ifnet *ifp; 802 { 803 struct rtentry *rt; 804 struct sockaddr_in6 sin6; 805 806 bzero(&sin6, sizeof(sin6)); 807 sin6.sin6_len = sizeof(struct sockaddr_in6); 808 sin6.sin6_family = AF_INET6; 809 sin6.sin6_addr = *addr6; 810 #ifdef SCOPEDROUTING 811 sin6.sin6_scope_id = in6_addr2scopeid(ifp, addr6); 812 #endif 813 rt = rtalloc1((struct sockaddr *)&sin6, create, 0UL); 814 if (rt && (rt->rt_flags & RTF_LLINFO) == 0) { 815 /* 816 * This is the case for the default route. 817 * If we want to create a neighbor cache for the address, we 818 * should free the route for the destination and allocate an 819 * interface route. 820 */ 821 if (create) { 822 RTFREE(rt); 823 rt = 0; 824 } 825 } 826 if (!rt) { 827 if (create && ifp) { 828 int e; 829 830 /* 831 * If no route is available and create is set, 832 * we allocate a host route for the destination 833 * and treat it like an interface route. 834 * This hack is necessary for a neighbor which can't 835 * be covered by our own prefix. 836 */ 837 struct ifaddr *ifa = 838 ifaof_ifpforaddr((struct sockaddr *)&sin6, ifp); 839 if (ifa == NULL) 840 return(NULL); 841 842 /* 843 * Create a new route. RTF_LLINFO is necessary 844 * to create a Neighbor Cache entry for the 845 * destination in nd6_rtrequest which will be 846 * called in rtrequest via ifa->ifa_rtrequest. 847 */ 848 if ((e = rtrequest(RTM_ADD, (struct sockaddr *)&sin6, 849 ifa->ifa_addr, 850 (struct sockaddr *)&all1_sa, 851 (ifa->ifa_flags | 852 RTF_HOST | RTF_LLINFO) & 853 ~RTF_CLONING, 854 &rt)) != 0) 855 log(LOG_ERR, 856 "nd6_lookup: failed to add route for a " 857 "neighbor(%s), errno=%d\n", 858 ip6_sprintf(addr6), e); 859 if (rt == NULL) 860 return(NULL); 861 if (rt->rt_llinfo) { 862 struct llinfo_nd6 *ln = 863 (struct llinfo_nd6 *)rt->rt_llinfo; 864 ln->ln_state = ND6_LLINFO_NOSTATE; 865 } 866 } else 867 return(NULL); 868 } 869 rt->rt_refcnt--; 870 /* 871 * Validation for the entry. 872 * Note that the check for rt_llinfo is necessary because a cloned 873 * route from a parent route that has the L flag (e.g. the default 874 * route to a p2p interface) may have the flag, too, while the 875 * destination is not actually a neighbor. 876 * XXX: we can't use rt->rt_ifp to check for the interface, since 877 * it might be the loopback interface if the entry is for our 878 * own address on a non-loopback interface. Instead, we should 879 * use rt->rt_ifa->ifa_ifp, which would specify the REAL 880 * interface. 881 */ 882 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 || 883 rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL || 884 (ifp && rt->rt_ifa->ifa_ifp != ifp)) { 885 if (create) { 886 log(LOG_DEBUG, "nd6_lookup: failed to lookup %s (if = %s)\n", 887 ip6_sprintf(addr6), ifp ? if_name(ifp) : "unspec"); 888 /* xxx more logs... kazu */ 889 } 890 return(NULL); 891 } 892 return(rt); 893 } 894 895 /* 896 * Detect if a given IPv6 address identifies a neighbor on a given link. 897 * XXX: should take care of the destination of a p2p link? 898 */ 899 int 900 nd6_is_addr_neighbor(addr, ifp) 901 struct sockaddr_in6 *addr; 902 struct ifnet *ifp; 903 { 904 struct ifaddr *ifa; 905 int i; 906 907 #define IFADDR6(a) ((((struct in6_ifaddr *)(a))->ia_addr).sin6_addr) 908 #define IFMASK6(a) ((((struct in6_ifaddr *)(a))->ia_prefixmask).sin6_addr) 909 910 /* 911 * A link-local address is always a neighbor. 912 * XXX: we should use the sin6_scope_id field rather than the embedded 913 * interface index. 914 */ 915 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) && 916 ntohs(*(u_int16_t *)&addr->sin6_addr.s6_addr[2]) == ifp->if_index) 917 return(1); 918 919 /* 920 * If the address matches one of our addresses, 921 * it should be a neighbor. 922 */ 923 for (ifa = ifp->if_addrlist.tqh_first; 924 ifa; 925 ifa = ifa->ifa_list.tqe_next) 926 { 927 if (ifa->ifa_addr->sa_family != AF_INET6) 928 next: continue; 929 930 for (i = 0; i < 4; i++) { 931 if ((IFADDR6(ifa).s6_addr32[i] ^ 932 addr->sin6_addr.s6_addr32[i]) & 933 IFMASK6(ifa).s6_addr32[i]) 934 goto next; 935 } 936 return(1); 937 } 938 939 /* 940 * Even if the address matches none of our addresses, it might be 941 * in the neighbor cache. 942 */ 943 if (nd6_lookup(&addr->sin6_addr, 0, ifp) != NULL) 944 return(1); 945 946 return(0); 947 #undef IFADDR6 948 #undef IFMASK6 949 } 950 951 /* 952 * Free an nd6 llinfo entry. 953 */ 954 struct llinfo_nd6 * 955 nd6_free(rt) 956 struct rtentry *rt; 957 { 958 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo, *next; 959 struct in6_addr in6 = ((struct sockaddr_in6 *)rt_key(rt))->sin6_addr; 960 struct nd_defrouter *dr; 961 962 /* 963 * we used to have pfctlinput(PRC_HOSTDEAD) here. 964 * even though it is not harmful, it was not really necessary. 965 */ 966 967 if (!ip6_forwarding && ip6_accept_rtadv) { /* XXX: too restrictive? */ 968 int s; 969 s = splnet(); 970 dr = defrouter_lookup(&((struct sockaddr_in6 *)rt_key(rt))->sin6_addr, 971 rt->rt_ifp); 972 973 if (ln->ln_router || dr) { 974 /* 975 * rt6_flush must be called whether or not the neighbor 976 * is in the Default Router List. 977 * See a corresponding comment in nd6_na_input(). 978 */ 979 rt6_flush(&in6, rt->rt_ifp); 980 } 981 982 if (dr) { 983 /* 984 * Unreachablity of a router might affect the default 985 * router selection and on-link detection of advertised 986 * prefixes. 987 */ 988 989 /* 990 * Temporarily fake the state to choose a new default 991 * router and to perform on-link determination of 992 * prefixes correctly. 993 * Below the state will be set correctly, 994 * or the entry itself will be deleted. 995 */ 996 ln->ln_state = ND6_LLINFO_INCOMPLETE; 997 998 /* 999 * Since defrouter_select() does not affect the 1000 * on-link determination and MIP6 needs the check 1001 * before the default router selection, we perform 1002 * the check now. 1003 */ 1004 pfxlist_onlink_check(); 1005 1006 if (dr == TAILQ_FIRST(&nd_defrouter)) { 1007 /* 1008 * It is used as the current default router, 1009 * so we have to move it to the end of the 1010 * list and choose a new one. 1011 * XXX: it is not very efficient if this is 1012 * the only router. 1013 */ 1014 TAILQ_REMOVE(&nd_defrouter, dr, dr_entry); 1015 TAILQ_INSERT_TAIL(&nd_defrouter, dr, dr_entry); 1016 1017 defrouter_select(); 1018 } 1019 } 1020 splx(s); 1021 } 1022 1023 /* 1024 * Before deleting the entry, remember the next entry as the 1025 * return value. We need this because pfxlist_onlink_check() above 1026 * might have freed other entries (particularly the old next entry) as 1027 * a side effect (XXX). 1028 */ 1029 next = ln->ln_next; 1030 1031 /* 1032 * Detach the route from the routing tree and the list of neighbor 1033 * caches, and disable the route entry not to be used in already 1034 * cached routes. 1035 */ 1036 rtrequest(RTM_DELETE, rt_key(rt), (struct sockaddr *)0, 1037 rt_mask(rt), 0, (struct rtentry **)0); 1038 1039 return(next); 1040 } 1041 1042 /* 1043 * Upper-layer reachability hint for Neighbor Unreachability Detection. 1044 * 1045 * XXX cost-effective metods? 1046 */ 1047 void 1048 nd6_nud_hint(rt, dst6, force) 1049 struct rtentry *rt; 1050 struct in6_addr *dst6; 1051 int force; 1052 { 1053 struct llinfo_nd6 *ln; 1054 1055 /* 1056 * If the caller specified "rt", use that. Otherwise, resolve the 1057 * routing table by supplied "dst6". 1058 */ 1059 if (!rt) { 1060 if (!dst6) 1061 return; 1062 if (!(rt = nd6_lookup(dst6, 0, NULL))) 1063 return; 1064 } 1065 1066 if ((rt->rt_flags & RTF_GATEWAY) != 0 || 1067 (rt->rt_flags & RTF_LLINFO) == 0 || 1068 !rt->rt_llinfo || !rt->rt_gateway || 1069 rt->rt_gateway->sa_family != AF_LINK) { 1070 /* This is not a host route. */ 1071 return; 1072 } 1073 1074 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1075 if (ln->ln_state < ND6_LLINFO_REACHABLE) 1076 return; 1077 1078 /* 1079 * if we get upper-layer reachability confirmation many times, 1080 * it is possible we have false information. 1081 */ 1082 if (!force) { 1083 ln->ln_byhint++; 1084 if (ln->ln_byhint > nd6_maxnudhint) 1085 return; 1086 } 1087 1088 ln->ln_state = ND6_LLINFO_REACHABLE; 1089 if (ln->ln_expire) 1090 ln->ln_expire = time_second + 1091 nd_ifinfo[rt->rt_ifp->if_index].reachable; 1092 } 1093 1094 void 1095 nd6_rtrequest(req, rt, info) 1096 int req; 1097 struct rtentry *rt; 1098 struct rt_addrinfo *info; /* xxx unused */ 1099 { 1100 struct sockaddr *gate = rt->rt_gateway; 1101 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1102 static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK}; 1103 struct ifnet *ifp = rt->rt_ifp; 1104 struct ifaddr *ifa; 1105 1106 if ((rt->rt_flags & RTF_GATEWAY)) 1107 return; 1108 1109 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) { 1110 /* 1111 * This is probably an interface direct route for a link 1112 * which does not need neighbor caches (e.g. fe80::%lo0/64). 1113 * We do not need special treatment below for such a route. 1114 * Moreover, the RTF_LLINFO flag which would be set below 1115 * would annoy the ndp(8) command. 1116 */ 1117 return; 1118 } 1119 1120 if (req == RTM_RESOLVE && 1121 (nd6_need_cache(ifp) == 0 || /* stf case */ 1122 !nd6_is_addr_neighbor((struct sockaddr_in6 *)rt_key(rt), ifp))) { 1123 /* 1124 * FreeBSD and BSD/OS often make a cloned host route based 1125 * on a less-specific route (e.g. the default route). 1126 * If the less specific route does not have a "gateway" 1127 * (this is the case when the route just goes to a p2p or an 1128 * stf interface), we'll mistakenly make a neighbor cache for 1129 * the host route, and will see strange neighbor solicitation 1130 * for the corresponding destination. In order to avoid the 1131 * confusion, we check if the destination of the route is 1132 * a neighbor in terms of neighbor discovery, and stop the 1133 * process if not. Additionally, we remove the LLINFO flag 1134 * so that ndp(8) will not try to get the neighbor information 1135 * of the destination. 1136 */ 1137 rt->rt_flags &= ~RTF_LLINFO; 1138 return; 1139 } 1140 1141 switch (req) { 1142 case RTM_ADD: 1143 /* 1144 * There is no backward compatibility :) 1145 * 1146 * if ((rt->rt_flags & RTF_HOST) == 0 && 1147 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff) 1148 * rt->rt_flags |= RTF_CLONING; 1149 */ 1150 if (rt->rt_flags & (RTF_CLONING | RTF_LLINFO)) { 1151 /* 1152 * Case 1: This route should come from 1153 * a route to interface. RTF_LLINFO flag is set 1154 * for a host route whose destination should be 1155 * treated as on-link. 1156 */ 1157 rt_setgate(rt, rt_key(rt), 1158 (struct sockaddr *)&null_sdl); 1159 gate = rt->rt_gateway; 1160 SDL(gate)->sdl_type = ifp->if_type; 1161 SDL(gate)->sdl_index = ifp->if_index; 1162 if (ln) 1163 ln->ln_expire = time_second; 1164 #if 1 1165 if (ln && ln->ln_expire == 0) { 1166 /* kludge for desktops */ 1167 #if 0 1168 printf("nd6_rtequest: time.tv_sec is zero; " 1169 "treat it as 1\n"); 1170 #endif 1171 ln->ln_expire = 1; 1172 } 1173 #endif 1174 if ((rt->rt_flags & RTF_CLONING)) 1175 break; 1176 } 1177 /* 1178 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here. 1179 * We don't do that here since llinfo is not ready yet. 1180 * 1181 * There are also couple of other things to be discussed: 1182 * - unsolicited NA code needs improvement beforehand 1183 * - RFC2461 says we MAY send multicast unsolicited NA 1184 * (7.2.6 paragraph 4), however, it also says that we 1185 * SHOULD provide a mechanism to prevent multicast NA storm. 1186 * we don't have anything like it right now. 1187 * note that the mechanism needs a mutual agreement 1188 * between proxies, which means that we need to implement 1189 * a new protocol, or a new kludge. 1190 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA. 1191 * we need to check ip6forwarding before sending it. 1192 * (or should we allow proxy ND configuration only for 1193 * routers? there's no mention about proxy ND from hosts) 1194 */ 1195 #if 0 1196 /* XXX it does not work */ 1197 if (rt->rt_flags & RTF_ANNOUNCE) 1198 nd6_na_output(ifp, 1199 &SIN6(rt_key(rt))->sin6_addr, 1200 &SIN6(rt_key(rt))->sin6_addr, 1201 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0, 1202 1, NULL); 1203 #endif 1204 /* FALLTHROUGH */ 1205 case RTM_RESOLVE: 1206 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) { 1207 /* 1208 * Address resolution isn't necessary for a point to 1209 * point link, so we can skip this test for a p2p link. 1210 */ 1211 if (gate->sa_family != AF_LINK || 1212 gate->sa_len < sizeof(null_sdl)) { 1213 log(LOG_DEBUG, 1214 "nd6_rtrequest: bad gateway value: %s\n", 1215 if_name(ifp)); 1216 break; 1217 } 1218 SDL(gate)->sdl_type = ifp->if_type; 1219 SDL(gate)->sdl_index = ifp->if_index; 1220 } 1221 if (ln != NULL) 1222 break; /* This happens on a route change */ 1223 /* 1224 * Case 2: This route may come from cloning, or a manual route 1225 * add with a LL address. 1226 */ 1227 R_Malloc(ln, struct llinfo_nd6 *, sizeof(*ln)); 1228 rt->rt_llinfo = (caddr_t)ln; 1229 if (!ln) { 1230 log(LOG_DEBUG, "nd6_rtrequest: malloc failed\n"); 1231 break; 1232 } 1233 nd6_inuse++; 1234 nd6_allocated++; 1235 Bzero(ln, sizeof(*ln)); 1236 ln->ln_rt = rt; 1237 /* this is required for "ndp" command. - shin */ 1238 if (req == RTM_ADD) { 1239 /* 1240 * gate should have some valid AF_LINK entry, 1241 * and ln->ln_expire should have some lifetime 1242 * which is specified by ndp command. 1243 */ 1244 ln->ln_state = ND6_LLINFO_REACHABLE; 1245 ln->ln_byhint = 0; 1246 } else { 1247 /* 1248 * When req == RTM_RESOLVE, rt is created and 1249 * initialized in rtrequest(), so rt_expire is 0. 1250 */ 1251 ln->ln_state = ND6_LLINFO_NOSTATE; 1252 ln->ln_expire = time_second; 1253 } 1254 rt->rt_flags |= RTF_LLINFO; 1255 ln->ln_next = llinfo_nd6.ln_next; 1256 llinfo_nd6.ln_next = ln; 1257 ln->ln_prev = &llinfo_nd6; 1258 ln->ln_next->ln_prev = ln; 1259 1260 /* 1261 * check if rt_key(rt) is one of my address assigned 1262 * to the interface. 1263 */ 1264 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(rt->rt_ifp, 1265 &SIN6(rt_key(rt))->sin6_addr); 1266 if (ifa) { 1267 caddr_t macp = nd6_ifptomac(ifp); 1268 ln->ln_expire = 0; 1269 ln->ln_state = ND6_LLINFO_REACHABLE; 1270 ln->ln_byhint = 0; 1271 if (macp) { 1272 Bcopy(macp, LLADDR(SDL(gate)), ifp->if_addrlen); 1273 SDL(gate)->sdl_alen = ifp->if_addrlen; 1274 } 1275 if (nd6_useloopback) { 1276 rt->rt_ifp = &loif[0]; /* XXX */ 1277 /* 1278 * Make sure rt_ifa be equal to the ifaddr 1279 * corresponding to the address. 1280 * We need this because when we refer 1281 * rt_ifa->ia6_flags in ip6_input, we assume 1282 * that the rt_ifa points to the address instead 1283 * of the loopback address. 1284 */ 1285 if (ifa != rt->rt_ifa) { 1286 IFAFREE(rt->rt_ifa); 1287 IFAREF(ifa); 1288 rt->rt_ifa = ifa; 1289 } 1290 } 1291 } else if (rt->rt_flags & RTF_ANNOUNCE) { 1292 ln->ln_expire = 0; 1293 ln->ln_state = ND6_LLINFO_REACHABLE; 1294 ln->ln_byhint = 0; 1295 1296 /* join solicited node multicast for proxy ND */ 1297 if (ifp->if_flags & IFF_MULTICAST) { 1298 struct in6_addr llsol; 1299 int error; 1300 1301 llsol = SIN6(rt_key(rt))->sin6_addr; 1302 llsol.s6_addr16[0] = htons(0xff02); 1303 llsol.s6_addr16[1] = htons(ifp->if_index); 1304 llsol.s6_addr32[1] = 0; 1305 llsol.s6_addr32[2] = htonl(1); 1306 llsol.s6_addr8[12] = 0xff; 1307 1308 if (!in6_addmulti(&llsol, ifp, &error)) { 1309 nd6log((LOG_ERR, "%s: failed to join " 1310 "%s (errno=%d)\n", if_name(ifp), 1311 ip6_sprintf(&llsol), error)); 1312 } 1313 } 1314 } 1315 break; 1316 1317 case RTM_DELETE: 1318 if (!ln) 1319 break; 1320 /* leave from solicited node multicast for proxy ND */ 1321 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 && 1322 (ifp->if_flags & IFF_MULTICAST) != 0) { 1323 struct in6_addr llsol; 1324 struct in6_multi *in6m; 1325 1326 llsol = SIN6(rt_key(rt))->sin6_addr; 1327 llsol.s6_addr16[0] = htons(0xff02); 1328 llsol.s6_addr16[1] = htons(ifp->if_index); 1329 llsol.s6_addr32[1] = 0; 1330 llsol.s6_addr32[2] = htonl(1); 1331 llsol.s6_addr8[12] = 0xff; 1332 1333 IN6_LOOKUP_MULTI(llsol, ifp, in6m); 1334 if (in6m) 1335 in6_delmulti(in6m); 1336 } 1337 nd6_inuse--; 1338 ln->ln_next->ln_prev = ln->ln_prev; 1339 ln->ln_prev->ln_next = ln->ln_next; 1340 ln->ln_prev = NULL; 1341 rt->rt_llinfo = 0; 1342 rt->rt_flags &= ~RTF_LLINFO; 1343 if (ln->ln_hold) 1344 m_freem(ln->ln_hold); 1345 Free((caddr_t)ln); 1346 } 1347 } 1348 1349 int 1350 nd6_ioctl(cmd, data, ifp) 1351 u_long cmd; 1352 caddr_t data; 1353 struct ifnet *ifp; 1354 { 1355 struct in6_drlist *drl = (struct in6_drlist *)data; 1356 struct in6_prlist *prl = (struct in6_prlist *)data; 1357 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1358 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1359 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1360 struct nd_defrouter *dr, any; 1361 struct nd_prefix *pr; 1362 struct rtentry *rt; 1363 int i = 0, error = 0; 1364 int s; 1365 1366 switch (cmd) { 1367 case SIOCGDRLST_IN6: 1368 /* 1369 * obsolete API, use sysctl under net.inet6.icmp6 1370 */ 1371 bzero(drl, sizeof(*drl)); 1372 s = splnet(); 1373 dr = TAILQ_FIRST(&nd_defrouter); 1374 while (dr && i < DRLSTSIZ) { 1375 drl->defrouter[i].rtaddr = dr->rtaddr; 1376 if (IN6_IS_ADDR_LINKLOCAL(&drl->defrouter[i].rtaddr)) { 1377 /* XXX: need to this hack for KAME stack */ 1378 drl->defrouter[i].rtaddr.s6_addr16[1] = 0; 1379 } else 1380 log(LOG_ERR, 1381 "default router list contains a " 1382 "non-linklocal address(%s)\n", 1383 ip6_sprintf(&drl->defrouter[i].rtaddr)); 1384 1385 drl->defrouter[i].flags = dr->flags; 1386 drl->defrouter[i].rtlifetime = dr->rtlifetime; 1387 drl->defrouter[i].expire = dr->expire; 1388 drl->defrouter[i].if_index = dr->ifp->if_index; 1389 i++; 1390 dr = TAILQ_NEXT(dr, dr_entry); 1391 } 1392 splx(s); 1393 break; 1394 case SIOCGPRLST_IN6: 1395 /* 1396 * obsolete API, use sysctl under net.inet6.icmp6 1397 */ 1398 /* 1399 * XXX meaning of fields, especialy "raflags", is very 1400 * differnet between RA prefix list and RR/static prefix list. 1401 * how about separating ioctls into two? 1402 */ 1403 bzero(prl, sizeof(*prl)); 1404 s = splnet(); 1405 pr = nd_prefix.lh_first; 1406 while (pr && i < PRLSTSIZ) { 1407 struct nd_pfxrouter *pfr; 1408 int j; 1409 1410 (void)in6_embedscope(&prl->prefix[i].prefix, 1411 &pr->ndpr_prefix, NULL, NULL); 1412 prl->prefix[i].raflags = pr->ndpr_raf; 1413 prl->prefix[i].prefixlen = pr->ndpr_plen; 1414 prl->prefix[i].vltime = pr->ndpr_vltime; 1415 prl->prefix[i].pltime = pr->ndpr_pltime; 1416 prl->prefix[i].if_index = pr->ndpr_ifp->if_index; 1417 prl->prefix[i].expire = pr->ndpr_expire; 1418 1419 pfr = pr->ndpr_advrtrs.lh_first; 1420 j = 0; 1421 while (pfr) { 1422 if (j < DRLSTSIZ) { 1423 #define RTRADDR prl->prefix[i].advrtr[j] 1424 RTRADDR = pfr->router->rtaddr; 1425 if (IN6_IS_ADDR_LINKLOCAL(&RTRADDR)) { 1426 /* XXX: hack for KAME */ 1427 RTRADDR.s6_addr16[1] = 0; 1428 } else 1429 log(LOG_ERR, 1430 "a router(%s) advertises " 1431 "a prefix with " 1432 "non-link local address\n", 1433 ip6_sprintf(&RTRADDR)); 1434 #undef RTRADDR 1435 } 1436 j++; 1437 pfr = pfr->pfr_next; 1438 } 1439 prl->prefix[i].advrtrs = j; 1440 prl->prefix[i].origin = PR_ORIG_RA; 1441 1442 i++; 1443 pr = pr->ndpr_next; 1444 } 1445 { 1446 struct rr_prefix *rpp; 1447 1448 for (rpp = LIST_FIRST(&rr_prefix); rpp; 1449 rpp = LIST_NEXT(rpp, rp_entry)) { 1450 if (i >= PRLSTSIZ) 1451 break; 1452 (void)in6_embedscope(&prl->prefix[i].prefix, 1453 &pr->ndpr_prefix, NULL, NULL); 1454 prl->prefix[i].raflags = rpp->rp_raf; 1455 prl->prefix[i].prefixlen = rpp->rp_plen; 1456 prl->prefix[i].vltime = rpp->rp_vltime; 1457 prl->prefix[i].pltime = rpp->rp_pltime; 1458 prl->prefix[i].if_index = rpp->rp_ifp->if_index; 1459 prl->prefix[i].expire = rpp->rp_expire; 1460 prl->prefix[i].advrtrs = 0; 1461 prl->prefix[i].origin = rpp->rp_origin; 1462 i++; 1463 } 1464 } 1465 splx(s); 1466 1467 break; 1468 case OSIOCGIFINFO_IN6: 1469 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) { 1470 error = EINVAL; 1471 break; 1472 } 1473 ndi->ndi.linkmtu = nd_ifinfo[ifp->if_index].linkmtu; 1474 ndi->ndi.maxmtu = nd_ifinfo[ifp->if_index].maxmtu; 1475 ndi->ndi.basereachable = 1476 nd_ifinfo[ifp->if_index].basereachable; 1477 ndi->ndi.reachable = nd_ifinfo[ifp->if_index].reachable; 1478 ndi->ndi.retrans = nd_ifinfo[ifp->if_index].retrans; 1479 ndi->ndi.flags = nd_ifinfo[ifp->if_index].flags; 1480 ndi->ndi.recalctm = nd_ifinfo[ifp->if_index].recalctm; 1481 ndi->ndi.chlim = nd_ifinfo[ifp->if_index].chlim; 1482 ndi->ndi.receivedra = nd_ifinfo[ifp->if_index].receivedra; 1483 break; 1484 case SIOCGIFINFO_IN6: 1485 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) { 1486 error = EINVAL; 1487 break; 1488 } 1489 ndi->ndi = nd_ifinfo[ifp->if_index]; 1490 break; 1491 case SIOCSIFINFO_FLAGS: 1492 /* XXX: almost all other fields of ndi->ndi is unused */ 1493 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) { 1494 error = EINVAL; 1495 break; 1496 } 1497 nd_ifinfo[ifp->if_index].flags = ndi->ndi.flags; 1498 break; 1499 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1500 /* flush default router list */ 1501 /* 1502 * xxx sumikawa: should not delete route if default 1503 * route equals to the top of default router list 1504 */ 1505 bzero(&any, sizeof(any)); 1506 defrouter_delreq(&any, 0); 1507 defrouter_select(); 1508 /* xxx sumikawa: flush prefix list */ 1509 break; 1510 case SIOCSPFXFLUSH_IN6: 1511 { 1512 /* flush all the prefix advertised by routers */ 1513 struct nd_prefix *pr, *next; 1514 1515 s = splnet(); 1516 for (pr = nd_prefix.lh_first; pr; pr = next) { 1517 struct in6_ifaddr *ia, *ia_next; 1518 1519 next = pr->ndpr_next; 1520 1521 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1522 continue; /* XXX */ 1523 1524 /* do we really have to remove addresses as well? */ 1525 for (ia = in6_ifaddr; ia; ia = ia_next) { 1526 /* ia might be removed. keep the next ptr. */ 1527 ia_next = ia->ia_next; 1528 1529 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1530 continue; 1531 1532 if (ia->ia6_ndpr == pr) 1533 in6_purgeaddr(&ia->ia_ifa); 1534 } 1535 prelist_remove(pr); 1536 } 1537 splx(s); 1538 break; 1539 } 1540 case SIOCSRTRFLUSH_IN6: 1541 { 1542 /* flush all the default routers */ 1543 struct nd_defrouter *dr, *next; 1544 1545 s = splnet(); 1546 if ((dr = TAILQ_FIRST(&nd_defrouter)) != NULL) { 1547 /* 1548 * The first entry of the list may be stored in 1549 * the routing table, so we'll delete it later. 1550 */ 1551 for (dr = TAILQ_NEXT(dr, dr_entry); dr; dr = next) { 1552 next = TAILQ_NEXT(dr, dr_entry); 1553 defrtrlist_del(dr); 1554 } 1555 defrtrlist_del(TAILQ_FIRST(&nd_defrouter)); 1556 } 1557 splx(s); 1558 break; 1559 } 1560 case SIOCGNBRINFO_IN6: 1561 { 1562 struct llinfo_nd6 *ln; 1563 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1564 1565 /* 1566 * XXX: KAME specific hack for scoped addresses 1567 * XXXX: for other scopes than link-local? 1568 */ 1569 if (IN6_IS_ADDR_LINKLOCAL(&nbi->addr) || 1570 IN6_IS_ADDR_MC_LINKLOCAL(&nbi->addr)) { 1571 u_int16_t *idp = (u_int16_t *)&nb_addr.s6_addr[2]; 1572 1573 if (*idp == 0) 1574 *idp = htons(ifp->if_index); 1575 } 1576 1577 s = splnet(); 1578 if ((rt = nd6_lookup(&nb_addr, 0, ifp)) == NULL) { 1579 error = EINVAL; 1580 splx(s); 1581 break; 1582 } 1583 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1584 nbi->state = ln->ln_state; 1585 nbi->asked = ln->ln_asked; 1586 nbi->isrouter = ln->ln_router; 1587 nbi->expire = ln->ln_expire; 1588 splx(s); 1589 1590 break; 1591 } 1592 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1593 ndif->ifindex = nd6_defifindex; 1594 break; 1595 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1596 return(nd6_setdefaultiface(ndif->ifindex)); 1597 break; 1598 } 1599 return(error); 1600 } 1601 1602 /* 1603 * Create neighbor cache entry and cache link-layer address, 1604 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1605 */ 1606 struct rtentry * 1607 nd6_cache_lladdr(ifp, from, lladdr, lladdrlen, type, code) 1608 struct ifnet *ifp; 1609 struct in6_addr *from; 1610 char *lladdr; 1611 int lladdrlen; 1612 int type; /* ICMP6 type */ 1613 int code; /* type dependent information */ 1614 { 1615 struct rtentry *rt = NULL; 1616 struct llinfo_nd6 *ln = NULL; 1617 int is_newentry; 1618 struct sockaddr_dl *sdl = NULL; 1619 int do_update; 1620 int olladdr; 1621 int llchange; 1622 int newstate = 0; 1623 1624 if (!ifp) 1625 panic("ifp == NULL in nd6_cache_lladdr"); 1626 if (!from) 1627 panic("from == NULL in nd6_cache_lladdr"); 1628 1629 /* nothing must be updated for unspecified address */ 1630 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1631 return NULL; 1632 1633 /* 1634 * Validation about ifp->if_addrlen and lladdrlen must be done in 1635 * the caller. 1636 * 1637 * XXX If the link does not have link-layer adderss, what should 1638 * we do? (ifp->if_addrlen == 0) 1639 * Spec says nothing in sections for RA, RS and NA. There's small 1640 * description on it in NS section (RFC 2461 7.2.3). 1641 */ 1642 1643 rt = nd6_lookup(from, 0, ifp); 1644 if (!rt) { 1645 #if 0 1646 /* nothing must be done if there's no lladdr */ 1647 if (!lladdr || !lladdrlen) 1648 return NULL; 1649 #endif 1650 1651 rt = nd6_lookup(from, 1, ifp); 1652 is_newentry = 1; 1653 } else { 1654 /* do nothing if static ndp is set */ 1655 if (rt->rt_flags & RTF_STATIC) 1656 return NULL; 1657 is_newentry = 0; 1658 } 1659 1660 if (!rt) 1661 return NULL; 1662 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) { 1663 fail: 1664 (void)nd6_free(rt); 1665 return NULL; 1666 } 1667 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1668 if (!ln) 1669 goto fail; 1670 if (!rt->rt_gateway) 1671 goto fail; 1672 if (rt->rt_gateway->sa_family != AF_LINK) 1673 goto fail; 1674 sdl = SDL(rt->rt_gateway); 1675 1676 olladdr = (sdl->sdl_alen) ? 1 : 0; 1677 if (olladdr && lladdr) { 1678 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 1679 llchange = 1; 1680 else 1681 llchange = 0; 1682 } else 1683 llchange = 0; 1684 1685 /* 1686 * newentry olladdr lladdr llchange (*=record) 1687 * 0 n n -- (1) 1688 * 0 y n -- (2) 1689 * 0 n y -- (3) * STALE 1690 * 0 y y n (4) * 1691 * 0 y y y (5) * STALE 1692 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1693 * 1 -- y -- (7) * STALE 1694 */ 1695 1696 if (lladdr) { /* (3-5) and (7) */ 1697 /* 1698 * Record source link-layer address 1699 * XXX is it dependent to ifp->if_type? 1700 */ 1701 sdl->sdl_alen = ifp->if_addrlen; 1702 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 1703 } 1704 1705 if (!is_newentry) { 1706 if ((!olladdr && lladdr) /* (3) */ 1707 || (olladdr && lladdr && llchange)) { /* (5) */ 1708 do_update = 1; 1709 newstate = ND6_LLINFO_STALE; 1710 } else /* (1-2,4) */ 1711 do_update = 0; 1712 } else { 1713 do_update = 1; 1714 if (!lladdr) /* (6) */ 1715 newstate = ND6_LLINFO_NOSTATE; 1716 else /* (7) */ 1717 newstate = ND6_LLINFO_STALE; 1718 } 1719 1720 if (do_update) { 1721 /* 1722 * Update the state of the neighbor cache. 1723 */ 1724 ln->ln_state = newstate; 1725 1726 if (ln->ln_state == ND6_LLINFO_STALE) { 1727 /* 1728 * XXX: since nd6_output() below will cause 1729 * state tansition to DELAY and reset the timer, 1730 * we must set the timer now, although it is actually 1731 * meaningless. 1732 */ 1733 ln->ln_expire = time_second + nd6_gctimer; 1734 1735 if (ln->ln_hold) { 1736 /* 1737 * we assume ifp is not a p2p here, so just 1738 * set the 2nd argument as the 1st one. 1739 */ 1740 nd6_output(ifp, ifp, ln->ln_hold, 1741 (struct sockaddr_in6 *)rt_key(rt), 1742 rt); 1743 ln->ln_hold = NULL; 1744 } 1745 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1746 /* probe right away */ 1747 ln->ln_expire = time_second; 1748 } 1749 } 1750 1751 /* 1752 * ICMP6 type dependent behavior. 1753 * 1754 * NS: clear IsRouter if new entry 1755 * RS: clear IsRouter 1756 * RA: set IsRouter if there's lladdr 1757 * redir: clear IsRouter if new entry 1758 * 1759 * RA case, (1): 1760 * The spec says that we must set IsRouter in the following cases: 1761 * - If lladdr exist, set IsRouter. This means (1-5). 1762 * - If it is old entry (!newentry), set IsRouter. This means (7). 1763 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1764 * A quetion arises for (1) case. (1) case has no lladdr in the 1765 * neighbor cache, this is similar to (6). 1766 * This case is rare but we figured that we MUST NOT set IsRouter. 1767 * 1768 * newentry olladdr lladdr llchange NS RS RA redir 1769 * D R 1770 * 0 n n -- (1) c ? s 1771 * 0 y n -- (2) c s s 1772 * 0 n y -- (3) c s s 1773 * 0 y y n (4) c s s 1774 * 0 y y y (5) c s s 1775 * 1 -- n -- (6) c c c s 1776 * 1 -- y -- (7) c c s c s 1777 * 1778 * (c=clear s=set) 1779 */ 1780 switch (type & 0xff) { 1781 case ND_NEIGHBOR_SOLICIT: 1782 /* 1783 * New entry must have is_router flag cleared. 1784 */ 1785 if (is_newentry) /* (6-7) */ 1786 ln->ln_router = 0; 1787 break; 1788 case ND_REDIRECT: 1789 /* 1790 * If the icmp is a redirect to a better router, always set the 1791 * is_router flag. Otherwise, if the entry is newly created, 1792 * clear the flag. [RFC 2461, sec 8.3] 1793 */ 1794 if (code == ND_REDIRECT_ROUTER) 1795 ln->ln_router = 1; 1796 else if (is_newentry) /* (6-7) */ 1797 ln->ln_router = 0; 1798 break; 1799 case ND_ROUTER_SOLICIT: 1800 /* 1801 * is_router flag must always be cleared. 1802 */ 1803 ln->ln_router = 0; 1804 break; 1805 case ND_ROUTER_ADVERT: 1806 /* 1807 * Mark an entry with lladdr as a router. 1808 */ 1809 if ((!is_newentry && (olladdr || lladdr)) /* (2-5) */ 1810 || (is_newentry && lladdr)) { /* (7) */ 1811 ln->ln_router = 1; 1812 } 1813 break; 1814 } 1815 1816 /* 1817 * When the link-layer address of a router changes, select the 1818 * best router again. In particular, when the neighbor entry is newly 1819 * created, it might affect the selection policy. 1820 * Question: can we restrict the first condition to the "is_newentry" 1821 * case? 1822 * XXX: when we hear an RA from a new router with the link-layer 1823 * address option, defrouter_select() is called twice, since 1824 * defrtrlist_update called the function as well. However, I believe 1825 * we can compromise the overhead, since it only happens the first 1826 * time. 1827 * XXX: although defrouter_select() should not have a bad effect 1828 * for those are not autoconfigured hosts, we explicitly avoid such 1829 * cases for safety. 1830 */ 1831 if (do_update && ln->ln_router && !ip6_forwarding && ip6_accept_rtadv) 1832 defrouter_select(); 1833 1834 return rt; 1835 } 1836 1837 static void 1838 nd6_slowtimo(ignored_arg) 1839 void *ignored_arg; 1840 { 1841 int s = splnet(); 1842 int i; 1843 struct nd_ifinfo *nd6if; 1844 1845 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 1846 nd6_slowtimo, NULL); 1847 for (i = 1; i < if_index + 1; i++) { 1848 if (!nd_ifinfo || i >= nd_ifinfo_indexlim) 1849 continue; 1850 nd6if = &nd_ifinfo[i]; 1851 if (nd6if->basereachable && /* already initialized */ 1852 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1853 /* 1854 * Since reachable time rarely changes by router 1855 * advertisements, we SHOULD insure that a new random 1856 * value gets recomputed at least once every few hours. 1857 * (RFC 2461, 6.3.4) 1858 */ 1859 nd6if->recalctm = nd6_recalc_reachtm_interval; 1860 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 1861 } 1862 } 1863 splx(s); 1864 } 1865 1866 #define senderr(e) { error = (e); goto bad;} 1867 int 1868 nd6_output(ifp, origifp, m0, dst, rt0) 1869 struct ifnet *ifp; 1870 struct ifnet *origifp; 1871 struct mbuf *m0; 1872 struct sockaddr_in6 *dst; 1873 struct rtentry *rt0; 1874 { 1875 struct mbuf *m = m0; 1876 struct rtentry *rt = rt0; 1877 struct sockaddr_in6 *gw6 = NULL; 1878 struct llinfo_nd6 *ln = NULL; 1879 int error = 0; 1880 1881 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr)) 1882 goto sendpkt; 1883 1884 if (nd6_need_cache(ifp) == 0) 1885 goto sendpkt; 1886 1887 /* 1888 * next hop determination. This routine is derived from ether_outpout. 1889 */ 1890 if (rt) { 1891 if ((rt->rt_flags & RTF_UP) == 0) { 1892 if ((rt0 = rt = rtalloc1((struct sockaddr *)dst, 1, 0UL)) != 1893 NULL) 1894 { 1895 rt->rt_refcnt--; 1896 if (rt->rt_ifp != ifp) { 1897 /* XXX: loop care? */ 1898 return nd6_output(ifp, origifp, m0, 1899 dst, rt); 1900 } 1901 } else 1902 senderr(EHOSTUNREACH); 1903 } 1904 1905 if (rt->rt_flags & RTF_GATEWAY) { 1906 gw6 = (struct sockaddr_in6 *)rt->rt_gateway; 1907 1908 /* 1909 * We skip link-layer address resolution and NUD 1910 * if the gateway is not a neighbor from ND point 1911 * of view, regardless of the value of nd_ifinfo.flags. 1912 * The second condition is a bit tricky; we skip 1913 * if the gateway is our own address, which is 1914 * sometimes used to install a route to a p2p link. 1915 */ 1916 if (!nd6_is_addr_neighbor(gw6, ifp) || 1917 in6ifa_ifpwithaddr(ifp, &gw6->sin6_addr)) { 1918 /* 1919 * We allow this kind of tricky route only 1920 * when the outgoing interface is p2p. 1921 * XXX: we may need a more generic rule here. 1922 */ 1923 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) 1924 senderr(EHOSTUNREACH); 1925 1926 goto sendpkt; 1927 } 1928 1929 if (rt->rt_gwroute == 0) 1930 goto lookup; 1931 if (((rt = rt->rt_gwroute)->rt_flags & RTF_UP) == 0) { 1932 rtfree(rt); rt = rt0; 1933 lookup: rt->rt_gwroute = rtalloc1(rt->rt_gateway, 1, 0UL); 1934 if ((rt = rt->rt_gwroute) == 0) 1935 senderr(EHOSTUNREACH); 1936 } 1937 } 1938 } 1939 1940 /* 1941 * Address resolution or Neighbor Unreachability Detection 1942 * for the next hop. 1943 * At this point, the destination of the packet must be a unicast 1944 * or an anycast address(i.e. not a multicast). 1945 */ 1946 1947 /* Look up the neighbor cache for the nexthop */ 1948 if (rt && (rt->rt_flags & RTF_LLINFO) != 0) 1949 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1950 else { 1951 /* 1952 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 1953 * the condition below is not very efficient. But we believe 1954 * it is tolerable, because this should be a rare case. 1955 */ 1956 if (nd6_is_addr_neighbor(dst, ifp) && 1957 (rt = nd6_lookup(&dst->sin6_addr, 1, ifp)) != NULL) 1958 ln = (struct llinfo_nd6 *)rt->rt_llinfo; 1959 } 1960 if (!ln || !rt) { 1961 if ((ifp->if_flags & IFF_POINTOPOINT) == 0 && 1962 !(nd_ifinfo[ifp->if_index].flags & ND6_IFF_PERFORMNUD)) { 1963 log(LOG_DEBUG, 1964 "nd6_output: can't allocate llinfo for %s " 1965 "(ln=%p, rt=%p)\n", 1966 ip6_sprintf(&dst->sin6_addr), ln, rt); 1967 senderr(EIO); /* XXX: good error? */ 1968 } 1969 1970 goto sendpkt; /* send anyway */ 1971 } 1972 1973 /* We don't have to do link-layer address resolution on a p2p link. */ 1974 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 1975 ln->ln_state < ND6_LLINFO_REACHABLE) { 1976 ln->ln_state = ND6_LLINFO_STALE; 1977 ln->ln_expire = time_second + nd6_gctimer; 1978 } 1979 1980 /* 1981 * The first time we send a packet to a neighbor whose entry is 1982 * STALE, we have to change the state to DELAY and a sets a timer to 1983 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 1984 * neighbor unreachability detection on expiration. 1985 * (RFC 2461 7.3.3) 1986 */ 1987 if (ln->ln_state == ND6_LLINFO_STALE) { 1988 ln->ln_asked = 0; 1989 ln->ln_state = ND6_LLINFO_DELAY; 1990 ln->ln_expire = time_second + nd6_delay; 1991 } 1992 1993 /* 1994 * If the neighbor cache entry has a state other than INCOMPLETE 1995 * (i.e. its link-layer address is already resolved), just 1996 * send the packet. 1997 */ 1998 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 1999 goto sendpkt; 2000 2001 /* 2002 * There is a neighbor cache entry, but no ethernet address 2003 * response yet. Replace the held mbuf (if any) with this 2004 * latest one. 2005 * 2006 * This code conforms to the rate-limiting rule described in Section 2007 * 7.2.2 of RFC 2461, because the timer is set correctly after sending 2008 * an NS below. 2009 */ 2010 if (ln->ln_state == ND6_LLINFO_NOSTATE) 2011 ln->ln_state = ND6_LLINFO_INCOMPLETE; 2012 if (ln->ln_hold) 2013 m_freem(ln->ln_hold); 2014 ln->ln_hold = m; 2015 if (ln->ln_expire) { 2016 if (ln->ln_asked < nd6_mmaxtries && 2017 ln->ln_expire < time_second) { 2018 ln->ln_asked++; 2019 ln->ln_expire = time_second + 2020 nd_ifinfo[ifp->if_index].retrans / 1000; 2021 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); 2022 } 2023 } 2024 return(0); 2025 2026 sendpkt: 2027 2028 #ifdef MAC 2029 mac_create_mbuf_linklayer(ifp, m); 2030 #endif 2031 if ((ifp->if_flags & IFF_LOOPBACK) != 0) { 2032 return((*ifp->if_output)(origifp, m, (struct sockaddr *)dst, 2033 rt)); 2034 } 2035 return((*ifp->if_output)(ifp, m, (struct sockaddr *)dst, rt)); 2036 2037 bad: 2038 if (m) 2039 m_freem(m); 2040 return (error); 2041 } 2042 #undef senderr 2043 2044 int 2045 nd6_need_cache(ifp) 2046 struct ifnet *ifp; 2047 { 2048 /* 2049 * XXX: we currently do not make neighbor cache on any interface 2050 * other than ARCnet, Ethernet, FDDI and GIF. 2051 * 2052 * RFC2893 says: 2053 * - unidirectional tunnels needs no ND 2054 */ 2055 switch (ifp->if_type) { 2056 case IFT_ARCNET: 2057 case IFT_ETHER: 2058 case IFT_FDDI: 2059 case IFT_IEEE1394: 2060 #ifdef IFT_L2VLAN 2061 case IFT_L2VLAN: 2062 #endif 2063 #ifdef IFT_IEEE80211 2064 case IFT_IEEE80211: 2065 #endif 2066 case IFT_GIF: /* XXX need more cases? */ 2067 return(1); 2068 default: 2069 return(0); 2070 } 2071 } 2072 2073 int 2074 nd6_storelladdr(ifp, rt, m, dst, desten) 2075 struct ifnet *ifp; 2076 struct rtentry *rt; 2077 struct mbuf *m; 2078 struct sockaddr *dst; 2079 u_char *desten; 2080 { 2081 int i; 2082 struct sockaddr_dl *sdl; 2083 2084 if (m->m_flags & M_MCAST) { 2085 switch (ifp->if_type) { 2086 case IFT_ETHER: 2087 case IFT_FDDI: 2088 #ifdef IFT_L2VLAN 2089 case IFT_L2VLAN: 2090 #endif 2091 #ifdef IFT_IEEE80211 2092 case IFT_IEEE80211: 2093 #endif 2094 case IFT_ISO88025: 2095 ETHER_MAP_IPV6_MULTICAST(&SIN6(dst)->sin6_addr, 2096 desten); 2097 return(1); 2098 case IFT_IEEE1394: 2099 /* 2100 * netbsd can use if_broadcastaddr, but we don't do so 2101 * to reduce # of ifdef. 2102 */ 2103 for (i = 0; i < ifp->if_addrlen; i++) 2104 desten[i] = ~0; 2105 return(1); 2106 case IFT_ARCNET: 2107 *desten = 0; 2108 return(1); 2109 default: 2110 m_freem(m); 2111 return(0); 2112 } 2113 } 2114 2115 if (rt == NULL) { 2116 /* this could happen, if we could not allocate memory */ 2117 m_freem(m); 2118 return(0); 2119 } 2120 if (rt->rt_gateway->sa_family != AF_LINK) { 2121 printf("nd6_storelladdr: something odd happens\n"); 2122 m_freem(m); 2123 return(0); 2124 } 2125 sdl = SDL(rt->rt_gateway); 2126 if (sdl->sdl_alen == 0) { 2127 /* this should be impossible, but we bark here for debugging */ 2128 printf("nd6_storelladdr: sdl_alen == 0\n"); 2129 m_freem(m); 2130 return(0); 2131 } 2132 2133 bcopy(LLADDR(sdl), desten, sdl->sdl_alen); 2134 return(1); 2135 } 2136 2137 static int nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS); 2138 static int nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS); 2139 #ifdef SYSCTL_DECL 2140 SYSCTL_DECL(_net_inet6_icmp6); 2141 #endif 2142 SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist, 2143 CTLFLAG_RD, nd6_sysctl_drlist, ""); 2144 SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist, 2145 CTLFLAG_RD, nd6_sysctl_prlist, ""); 2146 2147 static int 2148 nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS) 2149 { 2150 int error; 2151 char buf[1024]; 2152 struct in6_defrouter *d, *de; 2153 struct nd_defrouter *dr; 2154 2155 if (req->newptr) 2156 return EPERM; 2157 error = 0; 2158 2159 for (dr = TAILQ_FIRST(&nd_defrouter); 2160 dr; 2161 dr = TAILQ_NEXT(dr, dr_entry)) { 2162 d = (struct in6_defrouter *)buf; 2163 de = (struct in6_defrouter *)(buf + sizeof(buf)); 2164 2165 if (d + 1 <= de) { 2166 bzero(d, sizeof(*d)); 2167 d->rtaddr.sin6_family = AF_INET6; 2168 d->rtaddr.sin6_len = sizeof(d->rtaddr); 2169 if (in6_recoverscope(&d->rtaddr, &dr->rtaddr, 2170 dr->ifp) != 0) 2171 log(LOG_ERR, 2172 "scope error in " 2173 "default router list (%s)\n", 2174 ip6_sprintf(&dr->rtaddr)); 2175 d->flags = dr->flags; 2176 d->rtlifetime = dr->rtlifetime; 2177 d->expire = dr->expire; 2178 d->if_index = dr->ifp->if_index; 2179 } else 2180 panic("buffer too short"); 2181 2182 error = SYSCTL_OUT(req, buf, sizeof(*d)); 2183 if (error) 2184 break; 2185 } 2186 return error; 2187 } 2188 2189 static int 2190 nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS) 2191 { 2192 int error; 2193 char buf[1024]; 2194 struct in6_prefix *p, *pe; 2195 struct nd_prefix *pr; 2196 2197 if (req->newptr) 2198 return EPERM; 2199 error = 0; 2200 2201 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 2202 u_short advrtrs; 2203 size_t advance; 2204 struct sockaddr_in6 *sin6, *s6; 2205 struct nd_pfxrouter *pfr; 2206 2207 p = (struct in6_prefix *)buf; 2208 pe = (struct in6_prefix *)(buf + sizeof(buf)); 2209 2210 if (p + 1 <= pe) { 2211 bzero(p, sizeof(*p)); 2212 sin6 = (struct sockaddr_in6 *)(p + 1); 2213 2214 p->prefix = pr->ndpr_prefix; 2215 if (in6_recoverscope(&p->prefix, 2216 &p->prefix.sin6_addr, pr->ndpr_ifp) != 0) 2217 log(LOG_ERR, 2218 "scope error in prefix list (%s)\n", 2219 ip6_sprintf(&p->prefix.sin6_addr)); 2220 p->raflags = pr->ndpr_raf; 2221 p->prefixlen = pr->ndpr_plen; 2222 p->vltime = pr->ndpr_vltime; 2223 p->pltime = pr->ndpr_pltime; 2224 p->if_index = pr->ndpr_ifp->if_index; 2225 p->expire = pr->ndpr_expire; 2226 p->refcnt = pr->ndpr_refcnt; 2227 p->flags = pr->ndpr_stateflags; 2228 p->origin = PR_ORIG_RA; 2229 advrtrs = 0; 2230 for (pfr = pr->ndpr_advrtrs.lh_first; 2231 pfr; 2232 pfr = pfr->pfr_next) { 2233 if ((void *)&sin6[advrtrs + 1] > 2234 (void *)pe) { 2235 advrtrs++; 2236 continue; 2237 } 2238 s6 = &sin6[advrtrs]; 2239 bzero(s6, sizeof(*s6)); 2240 s6->sin6_family = AF_INET6; 2241 s6->sin6_len = sizeof(*sin6); 2242 if (in6_recoverscope(s6, 2243 &pfr->router->rtaddr, 2244 pfr->router->ifp) != 0) 2245 log(LOG_ERR, 2246 "scope error in " 2247 "prefix list (%s)\n", 2248 ip6_sprintf(&pfr->router->rtaddr)); 2249 advrtrs++; 2250 } 2251 p->advrtrs = advrtrs; 2252 } else 2253 panic("buffer too short"); 2254 2255 advance = sizeof(*p) + sizeof(*sin6) * advrtrs; 2256 error = SYSCTL_OUT(req, buf, advance); 2257 if (error) 2258 break; 2259 } 2260 return error; 2261 } 2262