1 /*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: nd6_nbr.c,v 1.86 2002/01/21 02:33:04 jinmei Exp $ 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include "opt_inet.h" 36 #include "opt_inet6.h" 37 #include "opt_ipsec.h" 38 #include "opt_carp.h" 39 #include "opt_mpath.h" 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/malloc.h> 44 #include <sys/lock.h> 45 #include <sys/rwlock.h> 46 #include <sys/mbuf.h> 47 #include <sys/socket.h> 48 #include <sys/sockio.h> 49 #include <sys/time.h> 50 #include <sys/kernel.h> 51 #include <sys/errno.h> 52 #include <sys/syslog.h> 53 #include <sys/queue.h> 54 #include <sys/callout.h> 55 56 #include <net/if.h> 57 #include <net/if_types.h> 58 #include <net/if_dl.h> 59 #include <net/if_var.h> 60 #include <net/route.h> 61 #ifdef RADIX_MPATH 62 #include <net/radix_mpath.h> 63 #endif 64 65 #include <netinet/in.h> 66 #include <netinet/in_var.h> 67 #include <net/if_llatbl.h> 68 #define L3_ADDR_SIN6(le) ((struct sockaddr_in6 *) L3_ADDR(le)) 69 #include <netinet6/in6_var.h> 70 #include <netinet6/in6_ifattach.h> 71 #include <netinet/ip6.h> 72 #include <netinet6/ip6_var.h> 73 #include <netinet6/scope6_var.h> 74 #include <netinet6/nd6.h> 75 #include <netinet/icmp6.h> 76 77 #ifdef DEV_CARP 78 #include <netinet/ip_carp.h> 79 #endif 80 81 #define SDL(s) ((struct sockaddr_dl *)s) 82 83 struct dadq; 84 static struct dadq *nd6_dad_find(struct ifaddr *); 85 static void nd6_dad_starttimer(struct dadq *, int); 86 static void nd6_dad_stoptimer(struct dadq *); 87 static void nd6_dad_timer(struct dadq *); 88 static void nd6_dad_ns_output(struct dadq *, struct ifaddr *); 89 static void nd6_dad_ns_input(struct ifaddr *); 90 static void nd6_dad_na_input(struct ifaddr *); 91 92 VNET_DEFINE(int, dad_ignore_ns); 93 VNET_DEFINE(int, dad_maxtry); 94 95 #define V_dad_ignore_ns VNET(dad_ignore_ns) 96 #define V_dad_maxtry VNET(dad_maxtry) 97 98 /* 99 * Input a Neighbor Solicitation Message. 100 * 101 * Based on RFC 2461 102 * Based on RFC 2462 (duplicate address detection) 103 */ 104 void 105 nd6_ns_input(struct mbuf *m, int off, int icmp6len) 106 { 107 struct ifnet *ifp = m->m_pkthdr.rcvif; 108 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 109 struct nd_neighbor_solicit *nd_ns; 110 struct in6_addr saddr6 = ip6->ip6_src; 111 struct in6_addr daddr6 = ip6->ip6_dst; 112 struct in6_addr taddr6; 113 struct in6_addr myaddr6; 114 char *lladdr = NULL; 115 struct ifaddr *ifa = NULL; 116 int lladdrlen = 0; 117 int anycast = 0, proxy = 0, tentative = 0; 118 int tlladdr; 119 union nd_opts ndopts; 120 struct sockaddr_dl *proxydl = NULL; 121 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; 122 123 #ifndef PULLDOWN_TEST 124 IP6_EXTHDR_CHECK(m, off, icmp6len,); 125 nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off); 126 #else 127 IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len); 128 if (nd_ns == NULL) { 129 ICMP6STAT_INC(icp6s_tooshort); 130 return; 131 } 132 #endif 133 ip6 = mtod(m, struct ip6_hdr *); /* adjust pointer for safety */ 134 taddr6 = nd_ns->nd_ns_target; 135 if (in6_setscope(&taddr6, ifp, NULL) != 0) 136 goto bad; 137 138 if (ip6->ip6_hlim != 255) { 139 nd6log((LOG_ERR, 140 "nd6_ns_input: invalid hlim (%d) from %s to %s on %s\n", 141 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src), 142 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp))); 143 goto bad; 144 } 145 146 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 147 /* dst has to be a solicited node multicast address. */ 148 if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL && 149 /* don't check ifindex portion */ 150 daddr6.s6_addr32[1] == 0 && 151 daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE && 152 daddr6.s6_addr8[12] == 0xff) { 153 ; /* good */ 154 } else { 155 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet " 156 "(wrong ip6 dst)\n")); 157 goto bad; 158 } 159 } else if (!V_nd6_onlink_ns_rfc4861) { 160 struct sockaddr_in6 src_sa6; 161 162 /* 163 * According to recent IETF discussions, it is not a good idea 164 * to accept a NS from an address which would not be deemed 165 * to be a neighbor otherwise. This point is expected to be 166 * clarified in future revisions of the specification. 167 */ 168 bzero(&src_sa6, sizeof(src_sa6)); 169 src_sa6.sin6_family = AF_INET6; 170 src_sa6.sin6_len = sizeof(src_sa6); 171 src_sa6.sin6_addr = saddr6; 172 if (nd6_is_addr_neighbor(&src_sa6, ifp) == 0) { 173 nd6log((LOG_INFO, "nd6_ns_input: " 174 "NS packet from non-neighbor\n")); 175 goto bad; 176 } 177 } 178 179 if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 180 nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n")); 181 goto bad; 182 } 183 184 icmp6len -= sizeof(*nd_ns); 185 nd6_option_init(nd_ns + 1, icmp6len, &ndopts); 186 if (nd6_options(&ndopts) < 0) { 187 nd6log((LOG_INFO, 188 "nd6_ns_input: invalid ND option, ignored\n")); 189 /* nd6_options have incremented stats */ 190 goto freeit; 191 } 192 193 if (ndopts.nd_opts_src_lladdr) { 194 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1); 195 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 196 } 197 198 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) { 199 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet " 200 "(link-layer address option)\n")); 201 goto bad; 202 } 203 204 /* 205 * Attaching target link-layer address to the NA? 206 * (RFC 2461 7.2.4) 207 * 208 * NS IP dst is unicast/anycast MUST NOT add 209 * NS IP dst is solicited-node multicast MUST add 210 * 211 * In implementation, we add target link-layer address by default. 212 * We do not add one in MUST NOT cases. 213 */ 214 if (!IN6_IS_ADDR_MULTICAST(&daddr6)) 215 tlladdr = 0; 216 else 217 tlladdr = 1; 218 219 /* 220 * Target address (taddr6) must be either: 221 * (1) Valid unicast/anycast address for my receiving interface, 222 * (2) Unicast address for which I'm offering proxy service, or 223 * (3) "tentative" address on which DAD is being performed. 224 */ 225 /* (1) and (3) check. */ 226 #ifdef DEV_CARP 227 if (ifp->if_carp) 228 ifa = carp_iamatch6(ifp->if_carp, &taddr6); 229 if (ifa == NULL) 230 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 231 #else 232 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 233 #endif 234 235 /* (2) check. */ 236 if (ifa == NULL) { 237 struct rtentry *rt; 238 struct sockaddr_in6 tsin6; 239 int need_proxy; 240 #ifdef RADIX_MPATH 241 struct route_in6 ro; 242 #endif 243 244 bzero(&tsin6, sizeof tsin6); 245 tsin6.sin6_len = sizeof(struct sockaddr_in6); 246 tsin6.sin6_family = AF_INET6; 247 tsin6.sin6_addr = taddr6; 248 249 #ifdef RADIX_MPATH 250 bzero(&ro, sizeof(ro)); 251 ro.ro_dst = tsin6; 252 rtalloc_mpath((struct route *)&ro, RTF_ANNOUNCE); 253 rt = ro.ro_rt; 254 #else 255 rt = rtalloc1((struct sockaddr *)&tsin6, 0, 0); 256 #endif 257 need_proxy = (rt && (rt->rt_flags & RTF_ANNOUNCE) != 0 && 258 rt->rt_gateway->sa_family == AF_LINK); 259 if (rt) 260 RTFREE_LOCKED(rt); 261 if (need_proxy) { 262 /* 263 * proxy NDP for single entry 264 */ 265 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 266 IN6_IFF_NOTREADY|IN6_IFF_ANYCAST); 267 if (ifa) { 268 proxy = 1; 269 proxydl = SDL(rt->rt_gateway); 270 } 271 } 272 } 273 if (ifa == NULL) { 274 /* 275 * We've got an NS packet, and we don't have that adddress 276 * assigned for us. We MUST silently ignore it. 277 * See RFC2461 7.2.3. 278 */ 279 goto freeit; 280 } 281 myaddr6 = *IFA_IN6(ifa); 282 anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST; 283 tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE; 284 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED) 285 goto freeit; 286 287 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 288 nd6log((LOG_INFO, "nd6_ns_input: lladdrlen mismatch for %s " 289 "(if %d, NS packet %d)\n", 290 ip6_sprintf(ip6bufs, &taddr6), 291 ifp->if_addrlen, lladdrlen - 2)); 292 goto bad; 293 } 294 295 if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) { 296 nd6log((LOG_INFO, "nd6_ns_input: duplicate IP6 address %s\n", 297 ip6_sprintf(ip6bufs, &saddr6))); 298 goto freeit; 299 } 300 301 /* 302 * We have neighbor solicitation packet, with target address equals to 303 * one of my tentative address. 304 * 305 * src addr how to process? 306 * --- --- 307 * multicast of course, invalid (rejected in ip6_input) 308 * unicast somebody is doing address resolution -> ignore 309 * unspec dup address detection 310 * 311 * The processing is defined in RFC 2462. 312 */ 313 if (tentative) { 314 /* 315 * If source address is unspecified address, it is for 316 * duplicate address detection. 317 * 318 * If not, the packet is for addess resolution; 319 * silently ignore it. 320 */ 321 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) 322 nd6_dad_ns_input(ifa); 323 324 goto freeit; 325 } 326 327 /* 328 * If the source address is unspecified address, entries must not 329 * be created or updated. 330 * It looks that sender is performing DAD. Output NA toward 331 * all-node multicast address, to tell the sender that I'm using 332 * the address. 333 * S bit ("solicited") must be zero. 334 */ 335 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 336 struct in6_addr in6_all; 337 338 in6_all = in6addr_linklocal_allnodes; 339 if (in6_setscope(&in6_all, ifp, NULL) != 0) 340 goto bad; 341 nd6_na_output(ifp, &in6_all, &taddr6, 342 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) | 343 (V_ip6_forwarding ? ND_NA_FLAG_ROUTER : 0), 344 tlladdr, (struct sockaddr *)proxydl); 345 goto freeit; 346 } 347 348 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, 349 ND_NEIGHBOR_SOLICIT, 0); 350 351 nd6_na_output(ifp, &saddr6, &taddr6, 352 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) | 353 (V_ip6_forwarding ? ND_NA_FLAG_ROUTER : 0) | ND_NA_FLAG_SOLICITED, 354 tlladdr, (struct sockaddr *)proxydl); 355 freeit: 356 if (ifa != NULL) 357 ifa_free(ifa); 358 m_freem(m); 359 return; 360 361 bad: 362 nd6log((LOG_ERR, "nd6_ns_input: src=%s\n", 363 ip6_sprintf(ip6bufs, &saddr6))); 364 nd6log((LOG_ERR, "nd6_ns_input: dst=%s\n", 365 ip6_sprintf(ip6bufs, &daddr6))); 366 nd6log((LOG_ERR, "nd6_ns_input: tgt=%s\n", 367 ip6_sprintf(ip6bufs, &taddr6))); 368 ICMP6STAT_INC(icp6s_badns); 369 if (ifa != NULL) 370 ifa_free(ifa); 371 m_freem(m); 372 } 373 374 /* 375 * Output a Neighbor Solicitation Message. Caller specifies: 376 * - ICMP6 header source IP6 address 377 * - ND6 header target IP6 address 378 * - ND6 header source datalink address 379 * 380 * Based on RFC 2461 381 * Based on RFC 2462 (duplicate address detection) 382 * 383 * ln - for source address determination 384 * dad - duplicate address detection 385 */ 386 void 387 nd6_ns_output(struct ifnet *ifp, const struct in6_addr *daddr6, 388 const struct in6_addr *taddr6, struct llentry *ln, int dad) 389 { 390 struct mbuf *m; 391 struct ip6_hdr *ip6; 392 struct nd_neighbor_solicit *nd_ns; 393 struct in6_addr *src, src_in; 394 struct ip6_moptions im6o; 395 int icmp6len; 396 int maxlen; 397 caddr_t mac; 398 struct route_in6 ro; 399 400 bzero(&ro, sizeof(ro)); 401 402 if (IN6_IS_ADDR_MULTICAST(taddr6)) 403 return; 404 405 /* estimate the size of message */ 406 maxlen = sizeof(*ip6) + sizeof(*nd_ns); 407 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 408 if (max_linkhdr + maxlen >= MCLBYTES) { 409 #ifdef DIAGNOSTIC 410 printf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES " 411 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); 412 #endif 413 return; 414 } 415 416 MGETHDR(m, M_DONTWAIT, MT_DATA); 417 if (m && max_linkhdr + maxlen >= MHLEN) { 418 MCLGET(m, M_DONTWAIT); 419 if ((m->m_flags & M_EXT) == 0) { 420 m_free(m); 421 m = NULL; 422 } 423 } 424 if (m == NULL) 425 return; 426 m->m_pkthdr.rcvif = NULL; 427 428 if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) { 429 m->m_flags |= M_MCAST; 430 im6o.im6o_multicast_ifp = ifp; 431 im6o.im6o_multicast_hlim = 255; 432 im6o.im6o_multicast_loop = 0; 433 } 434 435 icmp6len = sizeof(*nd_ns); 436 m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len; 437 m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */ 438 439 /* fill neighbor solicitation packet */ 440 ip6 = mtod(m, struct ip6_hdr *); 441 ip6->ip6_flow = 0; 442 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 443 ip6->ip6_vfc |= IPV6_VERSION; 444 /* ip6->ip6_plen will be set later */ 445 ip6->ip6_nxt = IPPROTO_ICMPV6; 446 ip6->ip6_hlim = 255; 447 if (daddr6) 448 ip6->ip6_dst = *daddr6; 449 else { 450 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 451 ip6->ip6_dst.s6_addr16[1] = 0; 452 ip6->ip6_dst.s6_addr32[1] = 0; 453 ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE; 454 ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3]; 455 ip6->ip6_dst.s6_addr8[12] = 0xff; 456 if (in6_setscope(&ip6->ip6_dst, ifp, NULL) != 0) 457 goto bad; 458 } 459 if (!dad) { 460 struct ifaddr *ifa; 461 462 /* 463 * RFC2461 7.2.2: 464 * "If the source address of the packet prompting the 465 * solicitation is the same as one of the addresses assigned 466 * to the outgoing interface, that address SHOULD be placed 467 * in the IP Source Address of the outgoing solicitation. 468 * Otherwise, any one of the addresses assigned to the 469 * interface should be used." 470 * 471 * We use the source address for the prompting packet 472 * (saddr6), if: 473 * - saddr6 is given from the caller (by giving "ln"), and 474 * - saddr6 belongs to the outgoing interface. 475 * Otherwise, we perform the source address selection as usual. 476 */ 477 struct ip6_hdr *hip6; /* hold ip6 */ 478 struct in6_addr *hsrc = NULL; 479 480 if ((ln != NULL) && ln->la_hold) { 481 /* 482 * assuming every packet in la_hold has the same IP 483 * header 484 */ 485 hip6 = mtod(ln->la_hold, struct ip6_hdr *); 486 /* XXX pullup? */ 487 if (sizeof(*hip6) < ln->la_hold->m_len) 488 hsrc = &hip6->ip6_src; 489 else 490 hsrc = NULL; 491 } 492 if (hsrc && (ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, 493 hsrc)) != NULL) { 494 src = hsrc; 495 ifa_free(ifa); 496 } else { 497 int error; 498 struct sockaddr_in6 dst_sa; 499 500 bzero(&dst_sa, sizeof(dst_sa)); 501 dst_sa.sin6_family = AF_INET6; 502 dst_sa.sin6_len = sizeof(dst_sa); 503 dst_sa.sin6_addr = ip6->ip6_dst; 504 505 error = in6_selectsrc(&dst_sa, NULL, 506 NULL, &ro, NULL, NULL, &src_in); 507 if (error) { 508 char ip6buf[INET6_ADDRSTRLEN]; 509 nd6log((LOG_DEBUG, 510 "nd6_ns_output: source can't be " 511 "determined: dst=%s, error=%d\n", 512 ip6_sprintf(ip6buf, &dst_sa.sin6_addr), 513 error)); 514 goto bad; 515 } 516 src = &src_in; 517 } 518 } else { 519 /* 520 * Source address for DAD packet must always be IPv6 521 * unspecified address. (0::0) 522 * We actually don't have to 0-clear the address (we did it 523 * above), but we do so here explicitly to make the intention 524 * clearer. 525 */ 526 bzero(&src_in, sizeof(src_in)); 527 src = &src_in; 528 } 529 ip6->ip6_src = *src; 530 nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1); 531 nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; 532 nd_ns->nd_ns_code = 0; 533 nd_ns->nd_ns_reserved = 0; 534 nd_ns->nd_ns_target = *taddr6; 535 in6_clearscope(&nd_ns->nd_ns_target); /* XXX */ 536 537 /* 538 * Add source link-layer address option. 539 * 540 * spec implementation 541 * --- --- 542 * DAD packet MUST NOT do not add the option 543 * there's no link layer address: 544 * impossible do not add the option 545 * there's link layer address: 546 * Multicast NS MUST add one add the option 547 * Unicast NS SHOULD add one add the option 548 */ 549 if (!dad && (mac = nd6_ifptomac(ifp))) { 550 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 551 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1); 552 /* 8 byte alignments... */ 553 optlen = (optlen + 7) & ~7; 554 555 m->m_pkthdr.len += optlen; 556 m->m_len += optlen; 557 icmp6len += optlen; 558 bzero((caddr_t)nd_opt, optlen); 559 nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR; 560 nd_opt->nd_opt_len = optlen >> 3; 561 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen); 562 } 563 564 ip6->ip6_plen = htons((u_short)icmp6len); 565 nd_ns->nd_ns_cksum = 0; 566 nd_ns->nd_ns_cksum = 567 in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len); 568 569 ip6_output(m, NULL, &ro, dad ? IPV6_UNSPECSRC : 0, &im6o, NULL, NULL); 570 icmp6_ifstat_inc(ifp, ifs6_out_msg); 571 icmp6_ifstat_inc(ifp, ifs6_out_neighborsolicit); 572 ICMP6STAT_INC(icp6s_outhist[ND_NEIGHBOR_SOLICIT]); 573 574 if (ro.ro_rt) { /* we don't cache this route. */ 575 RTFREE(ro.ro_rt); 576 } 577 return; 578 579 bad: 580 if (ro.ro_rt) { 581 RTFREE(ro.ro_rt); 582 } 583 m_freem(m); 584 return; 585 } 586 587 /* 588 * Neighbor advertisement input handling. 589 * 590 * Based on RFC 2461 591 * Based on RFC 2462 (duplicate address detection) 592 * 593 * the following items are not implemented yet: 594 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 595 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 596 */ 597 void 598 nd6_na_input(struct mbuf *m, int off, int icmp6len) 599 { 600 struct ifnet *ifp = m->m_pkthdr.rcvif; 601 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 602 struct nd_neighbor_advert *nd_na; 603 struct in6_addr daddr6 = ip6->ip6_dst; 604 struct in6_addr taddr6; 605 int flags; 606 int is_router; 607 int is_solicited; 608 int is_override; 609 char *lladdr = NULL; 610 int lladdrlen = 0; 611 int checklink = 0; 612 struct ifaddr *ifa; 613 struct llentry *ln = NULL; 614 union nd_opts ndopts; 615 struct mbuf *chain = NULL; 616 struct sockaddr_in6 sin6; 617 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; 618 619 if (ip6->ip6_hlim != 255) { 620 nd6log((LOG_ERR, 621 "nd6_na_input: invalid hlim (%d) from %s to %s on %s\n", 622 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src), 623 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp))); 624 goto bad; 625 } 626 627 #ifndef PULLDOWN_TEST 628 IP6_EXTHDR_CHECK(m, off, icmp6len,); 629 nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off); 630 #else 631 IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len); 632 if (nd_na == NULL) { 633 ICMP6STAT_INC(icp6s_tooshort); 634 return; 635 } 636 #endif 637 638 flags = nd_na->nd_na_flags_reserved; 639 is_router = ((flags & ND_NA_FLAG_ROUTER) != 0); 640 is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0); 641 is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0); 642 643 taddr6 = nd_na->nd_na_target; 644 if (in6_setscope(&taddr6, ifp, NULL)) 645 goto bad; /* XXX: impossible */ 646 647 if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 648 nd6log((LOG_ERR, 649 "nd6_na_input: invalid target address %s\n", 650 ip6_sprintf(ip6bufs, &taddr6))); 651 goto bad; 652 } 653 if (IN6_IS_ADDR_MULTICAST(&daddr6)) 654 if (is_solicited) { 655 nd6log((LOG_ERR, 656 "nd6_na_input: a solicited adv is multicasted\n")); 657 goto bad; 658 } 659 660 icmp6len -= sizeof(*nd_na); 661 nd6_option_init(nd_na + 1, icmp6len, &ndopts); 662 if (nd6_options(&ndopts) < 0) { 663 nd6log((LOG_INFO, 664 "nd6_na_input: invalid ND option, ignored\n")); 665 /* nd6_options have incremented stats */ 666 goto freeit; 667 } 668 669 if (ndopts.nd_opts_tgt_lladdr) { 670 lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1); 671 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3; 672 } 673 674 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 675 676 /* 677 * Target address matches one of my interface address. 678 * 679 * If my address is tentative, this means that there's somebody 680 * already using the same address as mine. This indicates DAD failure. 681 * This is defined in RFC 2462. 682 * 683 * Otherwise, process as defined in RFC 2461. 684 */ 685 if (ifa 686 && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) { 687 ifa_free(ifa); 688 nd6_dad_na_input(ifa); 689 goto freeit; 690 } 691 692 /* Just for safety, maybe unnecessary. */ 693 if (ifa) { 694 ifa_free(ifa); 695 log(LOG_ERR, 696 "nd6_na_input: duplicate IP6 address %s\n", 697 ip6_sprintf(ip6bufs, &taddr6)); 698 goto freeit; 699 } 700 701 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 702 nd6log((LOG_INFO, "nd6_na_input: lladdrlen mismatch for %s " 703 "(if %d, NA packet %d)\n", ip6_sprintf(ip6bufs, &taddr6), 704 ifp->if_addrlen, lladdrlen - 2)); 705 goto bad; 706 } 707 708 /* 709 * If no neighbor cache entry is found, NA SHOULD silently be 710 * discarded. 711 */ 712 IF_AFDATA_LOCK(ifp); 713 ln = nd6_lookup(&taddr6, LLE_EXCLUSIVE, ifp); 714 IF_AFDATA_UNLOCK(ifp); 715 if (ln == NULL) { 716 goto freeit; 717 } 718 719 if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 720 /* 721 * If the link-layer has address, and no lladdr option came, 722 * discard the packet. 723 */ 724 if (ifp->if_addrlen && lladdr == NULL) { 725 goto freeit; 726 } 727 728 /* 729 * Record link-layer address, and update the state. 730 */ 731 bcopy(lladdr, &ln->ll_addr, ifp->if_addrlen); 732 ln->la_flags |= LLE_VALID; 733 if (is_solicited) { 734 ln->ln_state = ND6_LLINFO_REACHABLE; 735 ln->ln_byhint = 0; 736 if (!ND6_LLINFO_PERMANENT(ln)) { 737 nd6_llinfo_settimer_locked(ln, 738 (long)ND_IFINFO(ln->lle_tbl->llt_ifp)->reachable * hz); 739 } 740 } else { 741 ln->ln_state = ND6_LLINFO_STALE; 742 nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz); 743 } 744 if ((ln->ln_router = is_router) != 0) { 745 /* 746 * This means a router's state has changed from 747 * non-reachable to probably reachable, and might 748 * affect the status of associated prefixes.. 749 */ 750 checklink = 1; 751 } 752 } else { 753 int llchange; 754 755 /* 756 * Check if the link-layer address has changed or not. 757 */ 758 if (lladdr == NULL) 759 llchange = 0; 760 else { 761 if (ln->la_flags & LLE_VALID) { 762 if (bcmp(lladdr, &ln->ll_addr, ifp->if_addrlen)) 763 llchange = 1; 764 else 765 llchange = 0; 766 } else 767 llchange = 1; 768 } 769 770 /* 771 * This is VERY complex. Look at it with care. 772 * 773 * override solicit lladdr llchange action 774 * (L: record lladdr) 775 * 776 * 0 0 n -- (2c) 777 * 0 0 y n (2b) L 778 * 0 0 y y (1) REACHABLE->STALE 779 * 0 1 n -- (2c) *->REACHABLE 780 * 0 1 y n (2b) L *->REACHABLE 781 * 0 1 y y (1) REACHABLE->STALE 782 * 1 0 n -- (2a) 783 * 1 0 y n (2a) L 784 * 1 0 y y (2a) L *->STALE 785 * 1 1 n -- (2a) *->REACHABLE 786 * 1 1 y n (2a) L *->REACHABLE 787 * 1 1 y y (2a) L *->REACHABLE 788 */ 789 if (!is_override && (lladdr != NULL && llchange)) { /* (1) */ 790 /* 791 * If state is REACHABLE, make it STALE. 792 * no other updates should be done. 793 */ 794 if (ln->ln_state == ND6_LLINFO_REACHABLE) { 795 ln->ln_state = ND6_LLINFO_STALE; 796 nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz); 797 } 798 goto freeit; 799 } else if (is_override /* (2a) */ 800 || (!is_override && (lladdr != NULL && !llchange)) /* (2b) */ 801 || lladdr == NULL) { /* (2c) */ 802 /* 803 * Update link-local address, if any. 804 */ 805 if (lladdr != NULL) { 806 bcopy(lladdr, &ln->ll_addr, ifp->if_addrlen); 807 ln->la_flags |= LLE_VALID; 808 } 809 810 /* 811 * If solicited, make the state REACHABLE. 812 * If not solicited and the link-layer address was 813 * changed, make it STALE. 814 */ 815 if (is_solicited) { 816 ln->ln_state = ND6_LLINFO_REACHABLE; 817 ln->ln_byhint = 0; 818 if (!ND6_LLINFO_PERMANENT(ln)) { 819 nd6_llinfo_settimer_locked(ln, 820 (long)ND_IFINFO(ifp)->reachable * hz); 821 } 822 } else { 823 if (lladdr != NULL && llchange) { 824 ln->ln_state = ND6_LLINFO_STALE; 825 nd6_llinfo_settimer_locked(ln, 826 (long)V_nd6_gctimer * hz); 827 } 828 } 829 } 830 831 if (ln->ln_router && !is_router) { 832 /* 833 * The peer dropped the router flag. 834 * Remove the sender from the Default Router List and 835 * update the Destination Cache entries. 836 */ 837 struct nd_defrouter *dr; 838 struct in6_addr *in6; 839 840 in6 = &L3_ADDR_SIN6(ln)->sin6_addr; 841 842 /* 843 * Lock to protect the default router list. 844 * XXX: this might be unnecessary, since this function 845 * is only called under the network software interrupt 846 * context. However, we keep it just for safety. 847 */ 848 dr = defrouter_lookup(in6, ln->lle_tbl->llt_ifp); 849 if (dr) 850 defrtrlist_del(dr); 851 else if (!V_ip6_forwarding) { 852 /* 853 * Even if the neighbor is not in the default 854 * router list, the neighbor may be used 855 * as a next hop for some destinations 856 * (e.g. redirect case). So we must 857 * call rt6_flush explicitly. 858 */ 859 rt6_flush(&ip6->ip6_src, ifp); 860 } 861 } 862 ln->ln_router = is_router; 863 } 864 /* XXX - QL 865 * Does this matter? 866 * rt->rt_flags &= ~RTF_REJECT; 867 */ 868 ln->la_asked = 0; 869 if (ln->la_hold) { 870 struct mbuf *m_hold, *m_hold_next; 871 872 /* 873 * reset the la_hold in advance, to explicitly 874 * prevent a la_hold lookup in nd6_output() 875 * (wouldn't happen, though...) 876 */ 877 for (m_hold = ln->la_hold, ln->la_hold = NULL; 878 m_hold; m_hold = m_hold_next) { 879 m_hold_next = m_hold->m_nextpkt; 880 m_hold->m_nextpkt = NULL; 881 /* 882 * we assume ifp is not a loopback here, so just set 883 * the 2nd argument as the 1st one. 884 */ 885 nd6_output_lle(ifp, ifp, m_hold, L3_ADDR_SIN6(ln), NULL, ln, &chain); 886 } 887 } 888 freeit: 889 if (ln != NULL) { 890 if (chain) 891 memcpy(&sin6, L3_ADDR_SIN6(ln), sizeof(sin6)); 892 LLE_WUNLOCK(ln); 893 894 if (chain) 895 nd6_output_flush(ifp, ifp, chain, &sin6, NULL); 896 } 897 if (checklink) 898 pfxlist_onlink_check(); 899 900 m_freem(m); 901 return; 902 903 bad: 904 if (ln != NULL) 905 LLE_WUNLOCK(ln); 906 907 ICMP6STAT_INC(icp6s_badna); 908 m_freem(m); 909 } 910 911 /* 912 * Neighbor advertisement output handling. 913 * 914 * Based on RFC 2461 915 * 916 * the following items are not implemented yet: 917 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 918 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 919 * 920 * tlladdr - 1 if include target link-layer address 921 * sdl0 - sockaddr_dl (= proxy NA) or NULL 922 */ 923 void 924 nd6_na_output(struct ifnet *ifp, const struct in6_addr *daddr6_0, 925 const struct in6_addr *taddr6, u_long flags, int tlladdr, 926 struct sockaddr *sdl0) 927 { 928 struct mbuf *m; 929 struct ip6_hdr *ip6; 930 struct nd_neighbor_advert *nd_na; 931 struct ip6_moptions im6o; 932 struct in6_addr src, daddr6; 933 struct sockaddr_in6 dst_sa; 934 int icmp6len, maxlen, error; 935 caddr_t mac = NULL; 936 struct route_in6 ro; 937 938 bzero(&ro, sizeof(ro)); 939 940 daddr6 = *daddr6_0; /* make a local copy for modification */ 941 942 /* estimate the size of message */ 943 maxlen = sizeof(*ip6) + sizeof(*nd_na); 944 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 945 if (max_linkhdr + maxlen >= MCLBYTES) { 946 #ifdef DIAGNOSTIC 947 printf("nd6_na_output: max_linkhdr + maxlen >= MCLBYTES " 948 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); 949 #endif 950 return; 951 } 952 953 MGETHDR(m, M_DONTWAIT, MT_DATA); 954 if (m && max_linkhdr + maxlen >= MHLEN) { 955 MCLGET(m, M_DONTWAIT); 956 if ((m->m_flags & M_EXT) == 0) { 957 m_free(m); 958 m = NULL; 959 } 960 } 961 if (m == NULL) 962 return; 963 m->m_pkthdr.rcvif = NULL; 964 965 if (IN6_IS_ADDR_MULTICAST(&daddr6)) { 966 m->m_flags |= M_MCAST; 967 im6o.im6o_multicast_ifp = ifp; 968 im6o.im6o_multicast_hlim = 255; 969 im6o.im6o_multicast_loop = 0; 970 } 971 972 icmp6len = sizeof(*nd_na); 973 m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len; 974 m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */ 975 976 /* fill neighbor advertisement packet */ 977 ip6 = mtod(m, struct ip6_hdr *); 978 ip6->ip6_flow = 0; 979 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 980 ip6->ip6_vfc |= IPV6_VERSION; 981 ip6->ip6_nxt = IPPROTO_ICMPV6; 982 ip6->ip6_hlim = 255; 983 if (IN6_IS_ADDR_UNSPECIFIED(&daddr6)) { 984 /* reply to DAD */ 985 daddr6.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 986 daddr6.s6_addr16[1] = 0; 987 daddr6.s6_addr32[1] = 0; 988 daddr6.s6_addr32[2] = 0; 989 daddr6.s6_addr32[3] = IPV6_ADDR_INT32_ONE; 990 if (in6_setscope(&daddr6, ifp, NULL)) 991 goto bad; 992 993 flags &= ~ND_NA_FLAG_SOLICITED; 994 } 995 ip6->ip6_dst = daddr6; 996 bzero(&dst_sa, sizeof(struct sockaddr_in6)); 997 dst_sa.sin6_family = AF_INET6; 998 dst_sa.sin6_len = sizeof(struct sockaddr_in6); 999 dst_sa.sin6_addr = daddr6; 1000 1001 /* 1002 * Select a source whose scope is the same as that of the dest. 1003 */ 1004 bcopy(&dst_sa, &ro.ro_dst, sizeof(dst_sa)); 1005 error = in6_selectsrc(&dst_sa, NULL, NULL, &ro, NULL, NULL, &src); 1006 if (error) { 1007 char ip6buf[INET6_ADDRSTRLEN]; 1008 nd6log((LOG_DEBUG, "nd6_na_output: source can't be " 1009 "determined: dst=%s, error=%d\n", 1010 ip6_sprintf(ip6buf, &dst_sa.sin6_addr), error)); 1011 goto bad; 1012 } 1013 ip6->ip6_src = src; 1014 nd_na = (struct nd_neighbor_advert *)(ip6 + 1); 1015 nd_na->nd_na_type = ND_NEIGHBOR_ADVERT; 1016 nd_na->nd_na_code = 0; 1017 nd_na->nd_na_target = *taddr6; 1018 in6_clearscope(&nd_na->nd_na_target); /* XXX */ 1019 1020 /* 1021 * "tlladdr" indicates NS's condition for adding tlladdr or not. 1022 * see nd6_ns_input() for details. 1023 * Basically, if NS packet is sent to unicast/anycast addr, 1024 * target lladdr option SHOULD NOT be included. 1025 */ 1026 if (tlladdr) { 1027 /* 1028 * sdl0 != NULL indicates proxy NA. If we do proxy, use 1029 * lladdr in sdl0. If we are not proxying (sending NA for 1030 * my address) use lladdr configured for the interface. 1031 */ 1032 if (sdl0 == NULL) { 1033 #ifdef DEV_CARP 1034 if (ifp->if_carp) 1035 mac = carp_macmatch6(ifp->if_carp, m, taddr6); 1036 if (mac == NULL) 1037 mac = nd6_ifptomac(ifp); 1038 #else 1039 mac = nd6_ifptomac(ifp); 1040 #endif 1041 } else if (sdl0->sa_family == AF_LINK) { 1042 struct sockaddr_dl *sdl; 1043 sdl = (struct sockaddr_dl *)sdl0; 1044 if (sdl->sdl_alen == ifp->if_addrlen) 1045 mac = LLADDR(sdl); 1046 } 1047 } 1048 if (tlladdr && mac) { 1049 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 1050 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1); 1051 1052 /* roundup to 8 bytes alignment! */ 1053 optlen = (optlen + 7) & ~7; 1054 1055 m->m_pkthdr.len += optlen; 1056 m->m_len += optlen; 1057 icmp6len += optlen; 1058 bzero((caddr_t)nd_opt, optlen); 1059 nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; 1060 nd_opt->nd_opt_len = optlen >> 3; 1061 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen); 1062 } else 1063 flags &= ~ND_NA_FLAG_OVERRIDE; 1064 1065 ip6->ip6_plen = htons((u_short)icmp6len); 1066 nd_na->nd_na_flags_reserved = flags; 1067 nd_na->nd_na_cksum = 0; 1068 nd_na->nd_na_cksum = 1069 in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len); 1070 1071 ip6_output(m, NULL, &ro, 0, &im6o, NULL, NULL); 1072 icmp6_ifstat_inc(ifp, ifs6_out_msg); 1073 icmp6_ifstat_inc(ifp, ifs6_out_neighboradvert); 1074 ICMP6STAT_INC(icp6s_outhist[ND_NEIGHBOR_ADVERT]); 1075 1076 if (ro.ro_rt) { /* we don't cache this route. */ 1077 RTFREE(ro.ro_rt); 1078 } 1079 return; 1080 1081 bad: 1082 if (ro.ro_rt) { 1083 RTFREE(ro.ro_rt); 1084 } 1085 m_freem(m); 1086 return; 1087 } 1088 1089 caddr_t 1090 nd6_ifptomac(struct ifnet *ifp) 1091 { 1092 switch (ifp->if_type) { 1093 case IFT_ARCNET: 1094 case IFT_ETHER: 1095 case IFT_FDDI: 1096 case IFT_IEEE1394: 1097 #ifdef IFT_L2VLAN 1098 case IFT_L2VLAN: 1099 #endif 1100 #ifdef IFT_IEEE80211 1101 case IFT_IEEE80211: 1102 #endif 1103 #ifdef IFT_CARP 1104 case IFT_CARP: 1105 #endif 1106 case IFT_BRIDGE: 1107 case IFT_ISO88025: 1108 return IF_LLADDR(ifp); 1109 default: 1110 return NULL; 1111 } 1112 } 1113 1114 struct dadq { 1115 TAILQ_ENTRY(dadq) dad_list; 1116 struct ifaddr *dad_ifa; 1117 int dad_count; /* max NS to send */ 1118 int dad_ns_tcount; /* # of trials to send NS */ 1119 int dad_ns_ocount; /* NS sent so far */ 1120 int dad_ns_icount; 1121 int dad_na_icount; 1122 struct callout dad_timer_ch; 1123 struct vnet *dad_vnet; 1124 }; 1125 1126 static VNET_DEFINE(TAILQ_HEAD(, dadq), dadq); 1127 #define V_dadq VNET(dadq) 1128 1129 VNET_DEFINE(int, dad_init); 1130 #define V_dad_init VNET(dad_init) 1131 1132 static struct dadq * 1133 nd6_dad_find(struct ifaddr *ifa) 1134 { 1135 struct dadq *dp; 1136 1137 for (dp = V_dadq.tqh_first; dp; dp = dp->dad_list.tqe_next) { 1138 if (dp->dad_ifa == ifa) 1139 return dp; 1140 } 1141 return NULL; 1142 } 1143 1144 static void 1145 nd6_dad_starttimer(struct dadq *dp, int ticks) 1146 { 1147 1148 callout_reset(&dp->dad_timer_ch, ticks, 1149 (void (*)(void *))nd6_dad_timer, (void *)dp); 1150 } 1151 1152 static void 1153 nd6_dad_stoptimer(struct dadq *dp) 1154 { 1155 1156 callout_stop(&dp->dad_timer_ch); 1157 } 1158 1159 /* 1160 * Start Duplicate Address Detection (DAD) for specified interface address. 1161 */ 1162 void 1163 nd6_dad_start(struct ifaddr *ifa, int delay) 1164 { 1165 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1166 struct dadq *dp; 1167 char ip6buf[INET6_ADDRSTRLEN]; 1168 1169 if (!V_dad_init) { 1170 TAILQ_INIT(&V_dadq); 1171 V_dad_init++; 1172 } 1173 1174 /* 1175 * If we don't need DAD, don't do it. 1176 * There are several cases: 1177 * - DAD is disabled (ip6_dad_count == 0) 1178 * - the interface address is anycast 1179 */ 1180 if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) { 1181 log(LOG_DEBUG, 1182 "nd6_dad_start: called with non-tentative address " 1183 "%s(%s)\n", 1184 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1185 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1186 return; 1187 } 1188 if (ia->ia6_flags & IN6_IFF_ANYCAST) { 1189 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1190 return; 1191 } 1192 if (!V_ip6_dad_count) { 1193 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1194 return; 1195 } 1196 if (ifa->ifa_ifp == NULL) 1197 panic("nd6_dad_start: ifa->ifa_ifp == NULL"); 1198 if (!(ifa->ifa_ifp->if_flags & IFF_UP)) { 1199 return; 1200 } 1201 if (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_IFDISABLED) 1202 return; 1203 if (nd6_dad_find(ifa) != NULL) { 1204 /* DAD already in progress */ 1205 return; 1206 } 1207 1208 dp = malloc(sizeof(*dp), M_IP6NDP, M_NOWAIT); 1209 if (dp == NULL) { 1210 log(LOG_ERR, "nd6_dad_start: memory allocation failed for " 1211 "%s(%s)\n", 1212 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1213 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1214 return; 1215 } 1216 bzero(dp, sizeof(*dp)); 1217 callout_init(&dp->dad_timer_ch, 0); 1218 #ifdef VIMAGE 1219 dp->dad_vnet = curvnet; 1220 #endif 1221 TAILQ_INSERT_TAIL(&V_dadq, (struct dadq *)dp, dad_list); 1222 1223 nd6log((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp), 1224 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1225 1226 /* 1227 * Send NS packet for DAD, ip6_dad_count times. 1228 * Note that we must delay the first transmission, if this is the 1229 * first packet to be sent from the interface after interface 1230 * (re)initialization. 1231 */ 1232 dp->dad_ifa = ifa; 1233 ifa_ref(ifa); /* just for safety */ 1234 dp->dad_count = V_ip6_dad_count; 1235 dp->dad_ns_icount = dp->dad_na_icount = 0; 1236 dp->dad_ns_ocount = dp->dad_ns_tcount = 0; 1237 if (delay == 0) { 1238 nd6_dad_ns_output(dp, ifa); 1239 nd6_dad_starttimer(dp, 1240 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000); 1241 } else { 1242 nd6_dad_starttimer(dp, delay); 1243 } 1244 } 1245 1246 /* 1247 * terminate DAD unconditionally. used for address removals. 1248 */ 1249 void 1250 nd6_dad_stop(struct ifaddr *ifa) 1251 { 1252 struct dadq *dp; 1253 1254 if (!V_dad_init) 1255 return; 1256 dp = nd6_dad_find(ifa); 1257 if (!dp) { 1258 /* DAD wasn't started yet */ 1259 return; 1260 } 1261 1262 nd6_dad_stoptimer(dp); 1263 1264 TAILQ_REMOVE(&V_dadq, (struct dadq *)dp, dad_list); 1265 free(dp, M_IP6NDP); 1266 dp = NULL; 1267 ifa_free(ifa); 1268 } 1269 1270 static void 1271 nd6_dad_timer(struct dadq *dp) 1272 { 1273 CURVNET_SET(dp->dad_vnet); 1274 int s; 1275 struct ifaddr *ifa = dp->dad_ifa; 1276 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1277 char ip6buf[INET6_ADDRSTRLEN]; 1278 1279 s = splnet(); /* XXX */ 1280 1281 /* Sanity check */ 1282 if (ia == NULL) { 1283 log(LOG_ERR, "nd6_dad_timer: called with null parameter\n"); 1284 goto done; 1285 } 1286 if (ia->ia6_flags & IN6_IFF_DUPLICATED) { 1287 log(LOG_ERR, "nd6_dad_timer: called with duplicated address " 1288 "%s(%s)\n", 1289 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1290 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1291 goto done; 1292 } 1293 if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) { 1294 log(LOG_ERR, "nd6_dad_timer: called with non-tentative address " 1295 "%s(%s)\n", 1296 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1297 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1298 goto done; 1299 } 1300 1301 /* timeouted with IFF_{RUNNING,UP} check */ 1302 if (dp->dad_ns_tcount > V_dad_maxtry) { 1303 nd6log((LOG_INFO, "%s: could not run DAD, driver problem?\n", 1304 if_name(ifa->ifa_ifp))); 1305 1306 TAILQ_REMOVE(&V_dadq, (struct dadq *)dp, dad_list); 1307 free(dp, M_IP6NDP); 1308 dp = NULL; 1309 ifa_free(ifa); 1310 goto done; 1311 } 1312 1313 /* Need more checks? */ 1314 if (dp->dad_ns_ocount < dp->dad_count) { 1315 /* 1316 * We have more NS to go. Send NS packet for DAD. 1317 */ 1318 nd6_dad_ns_output(dp, ifa); 1319 nd6_dad_starttimer(dp, 1320 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000); 1321 } else { 1322 /* 1323 * We have transmitted sufficient number of DAD packets. 1324 * See what we've got. 1325 */ 1326 int duplicate; 1327 1328 duplicate = 0; 1329 1330 if (dp->dad_na_icount) { 1331 /* 1332 * the check is in nd6_dad_na_input(), 1333 * but just in case 1334 */ 1335 duplicate++; 1336 } 1337 1338 if (dp->dad_ns_icount) { 1339 /* We've seen NS, means DAD has failed. */ 1340 duplicate++; 1341 } 1342 1343 if (duplicate) { 1344 /* (*dp) will be freed in nd6_dad_duplicated() */ 1345 dp = NULL; 1346 nd6_dad_duplicated(ifa); 1347 } else { 1348 /* 1349 * We are done with DAD. No NA came, no NS came. 1350 * No duplicate address found. 1351 */ 1352 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1353 1354 nd6log((LOG_DEBUG, 1355 "%s: DAD complete for %s - no duplicates found\n", 1356 if_name(ifa->ifa_ifp), 1357 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1358 1359 TAILQ_REMOVE(&V_dadq, (struct dadq *)dp, dad_list); 1360 free(dp, M_IP6NDP); 1361 dp = NULL; 1362 ifa_free(ifa); 1363 } 1364 } 1365 1366 done: 1367 splx(s); 1368 CURVNET_RESTORE(); 1369 } 1370 1371 void 1372 nd6_dad_duplicated(struct ifaddr *ifa) 1373 { 1374 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1375 struct ifnet *ifp; 1376 struct dadq *dp; 1377 char ip6buf[INET6_ADDRSTRLEN]; 1378 1379 dp = nd6_dad_find(ifa); 1380 if (dp == NULL) { 1381 log(LOG_ERR, "nd6_dad_duplicated: DAD structure not found\n"); 1382 return; 1383 } 1384 1385 log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: " 1386 "NS in/out=%d/%d, NA in=%d\n", 1387 if_name(ifa->ifa_ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1388 dp->dad_ns_icount, dp->dad_ns_ocount, dp->dad_na_icount); 1389 1390 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1391 ia->ia6_flags |= IN6_IFF_DUPLICATED; 1392 1393 /* We are done with DAD, with duplicate address found. (failure) */ 1394 nd6_dad_stoptimer(dp); 1395 1396 ifp = ifa->ifa_ifp; 1397 log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n", 1398 if_name(ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)); 1399 log(LOG_ERR, "%s: manual intervention required\n", 1400 if_name(ifp)); 1401 1402 /* 1403 * If the address is a link-local address formed from an interface 1404 * identifier based on the hardware address which is supposed to be 1405 * uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP 1406 * operation on the interface SHOULD be disabled. 1407 * [RFC 4862, Section 5.4.5] 1408 */ 1409 if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) { 1410 struct in6_addr in6; 1411 1412 /* 1413 * To avoid over-reaction, we only apply this logic when we are 1414 * very sure that hardware addresses are supposed to be unique. 1415 */ 1416 switch (ifp->if_type) { 1417 case IFT_ETHER: 1418 case IFT_FDDI: 1419 case IFT_ATM: 1420 case IFT_IEEE1394: 1421 #ifdef IFT_IEEE80211 1422 case IFT_IEEE80211: 1423 #endif 1424 in6 = ia->ia_addr.sin6_addr; 1425 if (in6_get_hw_ifid(ifp, &in6) == 0 && 1426 IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, &in6)) { 1427 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED; 1428 log(LOG_ERR, "%s: possible hardware address " 1429 "duplication detected, disable IPv6\n", 1430 if_name(ifp)); 1431 } 1432 break; 1433 } 1434 } 1435 1436 TAILQ_REMOVE(&V_dadq, (struct dadq *)dp, dad_list); 1437 free(dp, M_IP6NDP); 1438 dp = NULL; 1439 ifa_free(ifa); 1440 } 1441 1442 static void 1443 nd6_dad_ns_output(struct dadq *dp, struct ifaddr *ifa) 1444 { 1445 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1446 struct ifnet *ifp = ifa->ifa_ifp; 1447 1448 dp->dad_ns_tcount++; 1449 if ((ifp->if_flags & IFF_UP) == 0) { 1450 return; 1451 } 1452 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1453 return; 1454 } 1455 1456 dp->dad_ns_ocount++; 1457 nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL, 1); 1458 } 1459 1460 static void 1461 nd6_dad_ns_input(struct ifaddr *ifa) 1462 { 1463 struct in6_ifaddr *ia; 1464 struct ifnet *ifp; 1465 const struct in6_addr *taddr6; 1466 struct dadq *dp; 1467 int duplicate; 1468 1469 if (ifa == NULL) 1470 panic("ifa == NULL in nd6_dad_ns_input"); 1471 1472 ia = (struct in6_ifaddr *)ifa; 1473 ifp = ifa->ifa_ifp; 1474 taddr6 = &ia->ia_addr.sin6_addr; 1475 duplicate = 0; 1476 dp = nd6_dad_find(ifa); 1477 1478 /* Quickhack - completely ignore DAD NS packets */ 1479 if (V_dad_ignore_ns) { 1480 char ip6buf[INET6_ADDRSTRLEN]; 1481 nd6log((LOG_INFO, 1482 "nd6_dad_ns_input: ignoring DAD NS packet for " 1483 "address %s(%s)\n", ip6_sprintf(ip6buf, taddr6), 1484 if_name(ifa->ifa_ifp))); 1485 return; 1486 } 1487 1488 /* 1489 * if I'm yet to start DAD, someone else started using this address 1490 * first. I have a duplicate and you win. 1491 */ 1492 if (dp == NULL || dp->dad_ns_ocount == 0) 1493 duplicate++; 1494 1495 /* XXX more checks for loopback situation - see nd6_dad_timer too */ 1496 1497 if (duplicate) { 1498 dp = NULL; /* will be freed in nd6_dad_duplicated() */ 1499 nd6_dad_duplicated(ifa); 1500 } else { 1501 /* 1502 * not sure if I got a duplicate. 1503 * increment ns count and see what happens. 1504 */ 1505 if (dp) 1506 dp->dad_ns_icount++; 1507 } 1508 } 1509 1510 static void 1511 nd6_dad_na_input(struct ifaddr *ifa) 1512 { 1513 struct dadq *dp; 1514 1515 if (ifa == NULL) 1516 panic("ifa == NULL in nd6_dad_na_input"); 1517 1518 dp = nd6_dad_find(ifa); 1519 if (dp) 1520 dp->dad_na_icount++; 1521 1522 /* remove the address. */ 1523 nd6_dad_duplicated(ifa); 1524 } 1525