1 /*- 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $KAME: nd6_nbr.c,v 1.86 2002/01/21 02:33:04 jinmei Exp $ 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include "opt_inet.h" 36 #include "opt_inet6.h" 37 #include "opt_ipsec.h" 38 #include "opt_mpath.h" 39 40 #include <sys/param.h> 41 #include <sys/systm.h> 42 #include <sys/malloc.h> 43 #include <sys/lock.h> 44 #include <sys/rwlock.h> 45 #include <sys/mbuf.h> 46 #include <sys/socket.h> 47 #include <sys/sockio.h> 48 #include <sys/time.h> 49 #include <sys/kernel.h> 50 #include <sys/errno.h> 51 #include <sys/syslog.h> 52 #include <sys/queue.h> 53 #include <sys/callout.h> 54 55 #include <net/if.h> 56 #include <net/if_types.h> 57 #include <net/if_dl.h> 58 #include <net/if_var.h> 59 #include <net/route.h> 60 #ifdef RADIX_MPATH 61 #include <net/radix_mpath.h> 62 #endif 63 64 #include <netinet/in.h> 65 #include <netinet/in_var.h> 66 #include <net/if_llatbl.h> 67 #define L3_ADDR_SIN6(le) ((struct sockaddr_in6 *) L3_ADDR(le)) 68 #include <netinet6/in6_var.h> 69 #include <netinet6/in6_ifattach.h> 70 #include <netinet/ip6.h> 71 #include <netinet6/ip6_var.h> 72 #include <netinet6/scope6_var.h> 73 #include <netinet6/nd6.h> 74 #include <netinet/icmp6.h> 75 #include <netinet/ip_carp.h> 76 #include <netinet6/send.h> 77 78 #define SDL(s) ((struct sockaddr_dl *)s) 79 80 struct dadq; 81 static struct dadq *nd6_dad_find(struct ifaddr *); 82 static void nd6_dad_add(struct dadq *dp); 83 static void nd6_dad_del(struct dadq *dp); 84 static void nd6_dad_starttimer(struct dadq *, int); 85 static void nd6_dad_stoptimer(struct dadq *); 86 static void nd6_dad_timer(struct dadq *); 87 static void nd6_dad_duplicated(struct ifaddr *, struct dadq *); 88 static void nd6_dad_ns_output(struct dadq *, struct ifaddr *); 89 static void nd6_dad_ns_input(struct ifaddr *); 90 static void nd6_dad_na_input(struct ifaddr *); 91 static void nd6_na_output_fib(struct ifnet *, const struct in6_addr *, 92 const struct in6_addr *, u_long, int, struct sockaddr *, u_int); 93 94 static VNET_DEFINE(int, dad_ignore_ns) = 0; /* ignore NS in DAD 95 - specwise incorrect */ 96 static VNET_DEFINE(int, dad_maxtry) = 15; /* max # of *tries* to 97 transmit DAD packet */ 98 #define V_dad_ignore_ns VNET(dad_ignore_ns) 99 #define V_dad_maxtry VNET(dad_maxtry) 100 101 /* 102 * Input a Neighbor Solicitation Message. 103 * 104 * Based on RFC 2461 105 * Based on RFC 2462 (duplicate address detection) 106 */ 107 void 108 nd6_ns_input(struct mbuf *m, int off, int icmp6len) 109 { 110 struct ifnet *ifp = m->m_pkthdr.rcvif; 111 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 112 struct nd_neighbor_solicit *nd_ns; 113 struct in6_addr saddr6 = ip6->ip6_src; 114 struct in6_addr daddr6 = ip6->ip6_dst; 115 struct in6_addr taddr6; 116 struct in6_addr myaddr6; 117 char *lladdr = NULL; 118 struct ifaddr *ifa = NULL; 119 int lladdrlen = 0; 120 int anycast = 0, proxy = 0, tentative = 0; 121 int tlladdr; 122 int rflag; 123 union nd_opts ndopts; 124 struct sockaddr_dl proxydl; 125 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; 126 127 rflag = (V_ip6_forwarding) ? ND_NA_FLAG_ROUTER : 0; 128 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && V_ip6_norbit_raif) 129 rflag = 0; 130 #ifndef PULLDOWN_TEST 131 IP6_EXTHDR_CHECK(m, off, icmp6len,); 132 nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off); 133 #else 134 IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len); 135 if (nd_ns == NULL) { 136 ICMP6STAT_INC(icp6s_tooshort); 137 return; 138 } 139 #endif 140 ip6 = mtod(m, struct ip6_hdr *); /* adjust pointer for safety */ 141 taddr6 = nd_ns->nd_ns_target; 142 if (in6_setscope(&taddr6, ifp, NULL) != 0) 143 goto bad; 144 145 if (ip6->ip6_hlim != 255) { 146 nd6log((LOG_ERR, 147 "nd6_ns_input: invalid hlim (%d) from %s to %s on %s\n", 148 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src), 149 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp))); 150 goto bad; 151 } 152 153 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 154 /* dst has to be a solicited node multicast address. */ 155 if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL && 156 /* don't check ifindex portion */ 157 daddr6.s6_addr32[1] == 0 && 158 daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE && 159 daddr6.s6_addr8[12] == 0xff) { 160 ; /* good */ 161 } else { 162 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet " 163 "(wrong ip6 dst)\n")); 164 goto bad; 165 } 166 } else if (!V_nd6_onlink_ns_rfc4861) { 167 struct sockaddr_in6 src_sa6; 168 169 /* 170 * According to recent IETF discussions, it is not a good idea 171 * to accept a NS from an address which would not be deemed 172 * to be a neighbor otherwise. This point is expected to be 173 * clarified in future revisions of the specification. 174 */ 175 bzero(&src_sa6, sizeof(src_sa6)); 176 src_sa6.sin6_family = AF_INET6; 177 src_sa6.sin6_len = sizeof(src_sa6); 178 src_sa6.sin6_addr = saddr6; 179 if (nd6_is_addr_neighbor(&src_sa6, ifp) == 0) { 180 nd6log((LOG_INFO, "nd6_ns_input: " 181 "NS packet from non-neighbor\n")); 182 goto bad; 183 } 184 } 185 186 if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 187 nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n")); 188 goto bad; 189 } 190 191 icmp6len -= sizeof(*nd_ns); 192 nd6_option_init(nd_ns + 1, icmp6len, &ndopts); 193 if (nd6_options(&ndopts) < 0) { 194 nd6log((LOG_INFO, 195 "nd6_ns_input: invalid ND option, ignored\n")); 196 /* nd6_options have incremented stats */ 197 goto freeit; 198 } 199 200 if (ndopts.nd_opts_src_lladdr) { 201 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1); 202 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 203 } 204 205 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) { 206 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet " 207 "(link-layer address option)\n")); 208 goto bad; 209 } 210 211 /* 212 * Attaching target link-layer address to the NA? 213 * (RFC 2461 7.2.4) 214 * 215 * NS IP dst is unicast/anycast MUST NOT add 216 * NS IP dst is solicited-node multicast MUST add 217 * 218 * In implementation, we add target link-layer address by default. 219 * We do not add one in MUST NOT cases. 220 */ 221 if (!IN6_IS_ADDR_MULTICAST(&daddr6)) 222 tlladdr = 0; 223 else 224 tlladdr = 1; 225 226 /* 227 * Target address (taddr6) must be either: 228 * (1) Valid unicast/anycast address for my receiving interface, 229 * (2) Unicast address for which I'm offering proxy service, or 230 * (3) "tentative" address on which DAD is being performed. 231 */ 232 /* (1) and (3) check. */ 233 if (ifp->if_carp) 234 ifa = (*carp_iamatch6_p)(ifp, &taddr6); 235 else 236 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 237 238 /* (2) check. */ 239 if (ifa == NULL) { 240 struct route_in6 ro; 241 int need_proxy; 242 243 bzero(&ro, sizeof(ro)); 244 ro.ro_dst.sin6_len = sizeof(struct sockaddr_in6); 245 ro.ro_dst.sin6_family = AF_INET6; 246 ro.ro_dst.sin6_addr = taddr6; 247 248 /* Always use the default FIB. */ 249 #ifdef RADIX_MPATH 250 rtalloc_mpath_fib((struct route *)&ro, ntohl(taddr6.s6_addr32[3]), 251 RT_DEFAULT_FIB); 252 #else 253 in6_rtalloc(&ro, RT_DEFAULT_FIB); 254 #endif 255 need_proxy = (ro.ro_rt && 256 (ro.ro_rt->rt_flags & RTF_ANNOUNCE) != 0 && 257 ro.ro_rt->rt_gateway->sa_family == AF_LINK); 258 if (ro.ro_rt != NULL) { 259 if (need_proxy) 260 proxydl = *SDL(ro.ro_rt->rt_gateway); 261 RTFREE(ro.ro_rt); 262 } 263 if (need_proxy) { 264 /* 265 * proxy NDP for single entry 266 */ 267 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 268 IN6_IFF_NOTREADY|IN6_IFF_ANYCAST); 269 if (ifa) 270 proxy = 1; 271 } 272 } 273 if (ifa == NULL) { 274 /* 275 * We've got an NS packet, and we don't have that adddress 276 * assigned for us. We MUST silently ignore it. 277 * See RFC2461 7.2.3. 278 */ 279 goto freeit; 280 } 281 myaddr6 = *IFA_IN6(ifa); 282 anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST; 283 tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE; 284 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED) 285 goto freeit; 286 287 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 288 nd6log((LOG_INFO, "nd6_ns_input: lladdrlen mismatch for %s " 289 "(if %d, NS packet %d)\n", 290 ip6_sprintf(ip6bufs, &taddr6), 291 ifp->if_addrlen, lladdrlen - 2)); 292 goto bad; 293 } 294 295 if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) { 296 nd6log((LOG_INFO, "nd6_ns_input: duplicate IP6 address %s\n", 297 ip6_sprintf(ip6bufs, &saddr6))); 298 goto freeit; 299 } 300 301 /* 302 * We have neighbor solicitation packet, with target address equals to 303 * one of my tentative address. 304 * 305 * src addr how to process? 306 * --- --- 307 * multicast of course, invalid (rejected in ip6_input) 308 * unicast somebody is doing address resolution -> ignore 309 * unspec dup address detection 310 * 311 * The processing is defined in RFC 2462. 312 */ 313 if (tentative) { 314 /* 315 * If source address is unspecified address, it is for 316 * duplicate address detection. 317 * 318 * If not, the packet is for addess resolution; 319 * silently ignore it. 320 */ 321 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) 322 nd6_dad_ns_input(ifa); 323 324 goto freeit; 325 } 326 327 /* 328 * If the source address is unspecified address, entries must not 329 * be created or updated. 330 * It looks that sender is performing DAD. Output NA toward 331 * all-node multicast address, to tell the sender that I'm using 332 * the address. 333 * S bit ("solicited") must be zero. 334 */ 335 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 336 struct in6_addr in6_all; 337 338 in6_all = in6addr_linklocal_allnodes; 339 if (in6_setscope(&in6_all, ifp, NULL) != 0) 340 goto bad; 341 nd6_na_output_fib(ifp, &in6_all, &taddr6, 342 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) | 343 rflag, tlladdr, proxy ? (struct sockaddr *)&proxydl : NULL, 344 M_GETFIB(m)); 345 goto freeit; 346 } 347 348 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, 349 ND_NEIGHBOR_SOLICIT, 0); 350 351 nd6_na_output_fib(ifp, &saddr6, &taddr6, 352 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) | 353 rflag | ND_NA_FLAG_SOLICITED, tlladdr, 354 proxy ? (struct sockaddr *)&proxydl : NULL, M_GETFIB(m)); 355 freeit: 356 if (ifa != NULL) 357 ifa_free(ifa); 358 m_freem(m); 359 return; 360 361 bad: 362 nd6log((LOG_ERR, "nd6_ns_input: src=%s\n", 363 ip6_sprintf(ip6bufs, &saddr6))); 364 nd6log((LOG_ERR, "nd6_ns_input: dst=%s\n", 365 ip6_sprintf(ip6bufs, &daddr6))); 366 nd6log((LOG_ERR, "nd6_ns_input: tgt=%s\n", 367 ip6_sprintf(ip6bufs, &taddr6))); 368 ICMP6STAT_INC(icp6s_badns); 369 if (ifa != NULL) 370 ifa_free(ifa); 371 m_freem(m); 372 } 373 374 /* 375 * Output a Neighbor Solicitation Message. Caller specifies: 376 * - ICMP6 header source IP6 address 377 * - ND6 header target IP6 address 378 * - ND6 header source datalink address 379 * 380 * Based on RFC 2461 381 * Based on RFC 2462 (duplicate address detection) 382 * 383 * ln - for source address determination 384 * dad - duplicate address detection 385 */ 386 void 387 nd6_ns_output(struct ifnet *ifp, const struct in6_addr *daddr6, 388 const struct in6_addr *taddr6, struct llentry *ln, int dad) 389 { 390 struct mbuf *m; 391 struct m_tag *mtag; 392 struct ip6_hdr *ip6; 393 struct nd_neighbor_solicit *nd_ns; 394 struct ip6_moptions im6o; 395 int icmp6len; 396 int maxlen; 397 caddr_t mac; 398 struct route_in6 ro; 399 400 if (IN6_IS_ADDR_MULTICAST(taddr6)) 401 return; 402 403 /* estimate the size of message */ 404 maxlen = sizeof(*ip6) + sizeof(*nd_ns); 405 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 406 if (max_linkhdr + maxlen >= MCLBYTES) { 407 #ifdef DIAGNOSTIC 408 printf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES " 409 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); 410 #endif 411 return; 412 } 413 414 if (max_linkhdr + maxlen > MHLEN) 415 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 416 else 417 m = m_gethdr(M_NOWAIT, MT_DATA); 418 if (m == NULL) 419 return; 420 421 bzero(&ro, sizeof(ro)); 422 423 if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) { 424 m->m_flags |= M_MCAST; 425 im6o.im6o_multicast_ifp = ifp; 426 im6o.im6o_multicast_hlim = 255; 427 im6o.im6o_multicast_loop = 0; 428 } 429 430 icmp6len = sizeof(*nd_ns); 431 m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len; 432 m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */ 433 434 /* fill neighbor solicitation packet */ 435 ip6 = mtod(m, struct ip6_hdr *); 436 ip6->ip6_flow = 0; 437 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 438 ip6->ip6_vfc |= IPV6_VERSION; 439 /* ip6->ip6_plen will be set later */ 440 ip6->ip6_nxt = IPPROTO_ICMPV6; 441 ip6->ip6_hlim = 255; 442 if (daddr6) 443 ip6->ip6_dst = *daddr6; 444 else { 445 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 446 ip6->ip6_dst.s6_addr16[1] = 0; 447 ip6->ip6_dst.s6_addr32[1] = 0; 448 ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE; 449 ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3]; 450 ip6->ip6_dst.s6_addr8[12] = 0xff; 451 if (in6_setscope(&ip6->ip6_dst, ifp, NULL) != 0) 452 goto bad; 453 } 454 if (!dad) { 455 struct ifaddr *ifa; 456 457 /* 458 * RFC2461 7.2.2: 459 * "If the source address of the packet prompting the 460 * solicitation is the same as one of the addresses assigned 461 * to the outgoing interface, that address SHOULD be placed 462 * in the IP Source Address of the outgoing solicitation. 463 * Otherwise, any one of the addresses assigned to the 464 * interface should be used." 465 * 466 * We use the source address for the prompting packet 467 * (saddr6), if: 468 * - saddr6 is given from the caller (by giving "ln"), and 469 * - saddr6 belongs to the outgoing interface. 470 * Otherwise, we perform the source address selection as usual. 471 */ 472 struct in6_addr *hsrc; 473 474 hsrc = NULL; 475 if (ln != NULL) { 476 LLE_RLOCK(ln); 477 if (ln->la_hold != NULL) { 478 struct ip6_hdr *hip6; /* hold ip6 */ 479 480 /* 481 * assuming every packet in la_hold has the same IP 482 * header 483 */ 484 hip6 = mtod(ln->la_hold, struct ip6_hdr *); 485 /* XXX pullup? */ 486 if (sizeof(*hip6) < ln->la_hold->m_len) { 487 ip6->ip6_src = hip6->ip6_src; 488 hsrc = &hip6->ip6_src; 489 } 490 } 491 LLE_RUNLOCK(ln); 492 } 493 if (hsrc && (ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, 494 hsrc)) != NULL) { 495 /* ip6_src set already. */ 496 ifa_free(ifa); 497 } else { 498 int error; 499 struct sockaddr_in6 dst_sa; 500 struct in6_addr src_in; 501 struct ifnet *oifp; 502 503 bzero(&dst_sa, sizeof(dst_sa)); 504 dst_sa.sin6_family = AF_INET6; 505 dst_sa.sin6_len = sizeof(dst_sa); 506 dst_sa.sin6_addr = ip6->ip6_dst; 507 508 oifp = ifp; 509 error = in6_selectsrc(&dst_sa, NULL, 510 NULL, &ro, NULL, &oifp, &src_in); 511 if (error) { 512 char ip6buf[INET6_ADDRSTRLEN]; 513 nd6log((LOG_DEBUG, 514 "nd6_ns_output: source can't be " 515 "determined: dst=%s, error=%d\n", 516 ip6_sprintf(ip6buf, &dst_sa.sin6_addr), 517 error)); 518 goto bad; 519 } 520 ip6->ip6_src = src_in; 521 } 522 } else { 523 /* 524 * Source address for DAD packet must always be IPv6 525 * unspecified address. (0::0) 526 * We actually don't have to 0-clear the address (we did it 527 * above), but we do so here explicitly to make the intention 528 * clearer. 529 */ 530 bzero(&ip6->ip6_src, sizeof(ip6->ip6_src)); 531 } 532 nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1); 533 nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; 534 nd_ns->nd_ns_code = 0; 535 nd_ns->nd_ns_reserved = 0; 536 nd_ns->nd_ns_target = *taddr6; 537 in6_clearscope(&nd_ns->nd_ns_target); /* XXX */ 538 539 /* 540 * Add source link-layer address option. 541 * 542 * spec implementation 543 * --- --- 544 * DAD packet MUST NOT do not add the option 545 * there's no link layer address: 546 * impossible do not add the option 547 * there's link layer address: 548 * Multicast NS MUST add one add the option 549 * Unicast NS SHOULD add one add the option 550 */ 551 if (!dad && (mac = nd6_ifptomac(ifp))) { 552 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 553 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1); 554 /* 8 byte alignments... */ 555 optlen = (optlen + 7) & ~7; 556 557 m->m_pkthdr.len += optlen; 558 m->m_len += optlen; 559 icmp6len += optlen; 560 bzero((caddr_t)nd_opt, optlen); 561 nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR; 562 nd_opt->nd_opt_len = optlen >> 3; 563 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen); 564 } 565 566 ip6->ip6_plen = htons((u_short)icmp6len); 567 nd_ns->nd_ns_cksum = 0; 568 nd_ns->nd_ns_cksum = 569 in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len); 570 571 if (send_sendso_input_hook != NULL) { 572 mtag = m_tag_get(PACKET_TAG_ND_OUTGOING, 573 sizeof(unsigned short), M_NOWAIT); 574 if (mtag == NULL) 575 goto bad; 576 *(unsigned short *)(mtag + 1) = nd_ns->nd_ns_type; 577 m_tag_prepend(m, mtag); 578 } 579 580 ip6_output(m, NULL, &ro, dad ? IPV6_UNSPECSRC : 0, &im6o, NULL, NULL); 581 icmp6_ifstat_inc(ifp, ifs6_out_msg); 582 icmp6_ifstat_inc(ifp, ifs6_out_neighborsolicit); 583 ICMP6STAT_INC(icp6s_outhist[ND_NEIGHBOR_SOLICIT]); 584 585 /* We don't cache this route. */ 586 RO_RTFREE(&ro); 587 588 return; 589 590 bad: 591 if (ro.ro_rt) { 592 RTFREE(ro.ro_rt); 593 } 594 m_freem(m); 595 return; 596 } 597 598 /* 599 * Neighbor advertisement input handling. 600 * 601 * Based on RFC 2461 602 * Based on RFC 2462 (duplicate address detection) 603 * 604 * the following items are not implemented yet: 605 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 606 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 607 */ 608 void 609 nd6_na_input(struct mbuf *m, int off, int icmp6len) 610 { 611 struct ifnet *ifp = m->m_pkthdr.rcvif; 612 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 613 struct nd_neighbor_advert *nd_na; 614 struct in6_addr daddr6 = ip6->ip6_dst; 615 struct in6_addr taddr6; 616 int flags; 617 int is_router; 618 int is_solicited; 619 int is_override; 620 char *lladdr = NULL; 621 int lladdrlen = 0; 622 int checklink = 0; 623 struct ifaddr *ifa; 624 struct llentry *ln = NULL; 625 union nd_opts ndopts; 626 struct mbuf *chain = NULL; 627 struct m_tag *mtag; 628 struct sockaddr_in6 sin6; 629 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; 630 631 if (ip6->ip6_hlim != 255) { 632 nd6log((LOG_ERR, 633 "nd6_na_input: invalid hlim (%d) from %s to %s on %s\n", 634 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src), 635 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp))); 636 goto bad; 637 } 638 639 #ifndef PULLDOWN_TEST 640 IP6_EXTHDR_CHECK(m, off, icmp6len,); 641 nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off); 642 #else 643 IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len); 644 if (nd_na == NULL) { 645 ICMP6STAT_INC(icp6s_tooshort); 646 return; 647 } 648 #endif 649 650 flags = nd_na->nd_na_flags_reserved; 651 is_router = ((flags & ND_NA_FLAG_ROUTER) != 0); 652 is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0); 653 is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0); 654 655 taddr6 = nd_na->nd_na_target; 656 if (in6_setscope(&taddr6, ifp, NULL)) 657 goto bad; /* XXX: impossible */ 658 659 if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 660 nd6log((LOG_ERR, 661 "nd6_na_input: invalid target address %s\n", 662 ip6_sprintf(ip6bufs, &taddr6))); 663 goto bad; 664 } 665 if (IN6_IS_ADDR_MULTICAST(&daddr6)) 666 if (is_solicited) { 667 nd6log((LOG_ERR, 668 "nd6_na_input: a solicited adv is multicasted\n")); 669 goto bad; 670 } 671 672 icmp6len -= sizeof(*nd_na); 673 nd6_option_init(nd_na + 1, icmp6len, &ndopts); 674 if (nd6_options(&ndopts) < 0) { 675 nd6log((LOG_INFO, 676 "nd6_na_input: invalid ND option, ignored\n")); 677 /* nd6_options have incremented stats */ 678 goto freeit; 679 } 680 681 if (ndopts.nd_opts_tgt_lladdr) { 682 lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1); 683 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3; 684 } 685 686 /* 687 * This effectively disables the DAD check on a non-master CARP 688 * address. 689 */ 690 if (ifp->if_carp) 691 ifa = (*carp_iamatch6_p)(ifp, &taddr6); 692 else 693 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 694 695 /* 696 * Target address matches one of my interface address. 697 * 698 * If my address is tentative, this means that there's somebody 699 * already using the same address as mine. This indicates DAD failure. 700 * This is defined in RFC 2462. 701 * 702 * Otherwise, process as defined in RFC 2461. 703 */ 704 if (ifa 705 && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) { 706 ifa_free(ifa); 707 nd6_dad_na_input(ifa); 708 goto freeit; 709 } 710 711 /* Just for safety, maybe unnecessary. */ 712 if (ifa) { 713 ifa_free(ifa); 714 log(LOG_ERR, 715 "nd6_na_input: duplicate IP6 address %s\n", 716 ip6_sprintf(ip6bufs, &taddr6)); 717 goto freeit; 718 } 719 720 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 721 nd6log((LOG_INFO, "nd6_na_input: lladdrlen mismatch for %s " 722 "(if %d, NA packet %d)\n", ip6_sprintf(ip6bufs, &taddr6), 723 ifp->if_addrlen, lladdrlen - 2)); 724 goto bad; 725 } 726 727 /* 728 * If no neighbor cache entry is found, NA SHOULD silently be 729 * discarded. 730 */ 731 IF_AFDATA_RLOCK(ifp); 732 ln = nd6_lookup(&taddr6, LLE_EXCLUSIVE, ifp); 733 IF_AFDATA_RUNLOCK(ifp); 734 if (ln == NULL) { 735 goto freeit; 736 } 737 738 if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 739 /* 740 * If the link-layer has address, and no lladdr option came, 741 * discard the packet. 742 */ 743 if (ifp->if_addrlen && lladdr == NULL) { 744 goto freeit; 745 } 746 747 /* 748 * Record link-layer address, and update the state. 749 */ 750 bcopy(lladdr, &ln->ll_addr, ifp->if_addrlen); 751 ln->la_flags |= LLE_VALID; 752 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED); 753 if (is_solicited) { 754 ln->ln_state = ND6_LLINFO_REACHABLE; 755 ln->ln_byhint = 0; 756 if (!ND6_LLINFO_PERMANENT(ln)) { 757 nd6_llinfo_settimer_locked(ln, 758 (long)ND_IFINFO(ln->lle_tbl->llt_ifp)->reachable * hz); 759 } 760 } else { 761 ln->ln_state = ND6_LLINFO_STALE; 762 nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz); 763 } 764 if ((ln->ln_router = is_router) != 0) { 765 /* 766 * This means a router's state has changed from 767 * non-reachable to probably reachable, and might 768 * affect the status of associated prefixes.. 769 */ 770 checklink = 1; 771 } 772 } else { 773 int llchange; 774 775 /* 776 * Check if the link-layer address has changed or not. 777 */ 778 if (lladdr == NULL) 779 llchange = 0; 780 else { 781 if (ln->la_flags & LLE_VALID) { 782 if (bcmp(lladdr, &ln->ll_addr, ifp->if_addrlen)) 783 llchange = 1; 784 else 785 llchange = 0; 786 } else 787 llchange = 1; 788 } 789 790 /* 791 * This is VERY complex. Look at it with care. 792 * 793 * override solicit lladdr llchange action 794 * (L: record lladdr) 795 * 796 * 0 0 n -- (2c) 797 * 0 0 y n (2b) L 798 * 0 0 y y (1) REACHABLE->STALE 799 * 0 1 n -- (2c) *->REACHABLE 800 * 0 1 y n (2b) L *->REACHABLE 801 * 0 1 y y (1) REACHABLE->STALE 802 * 1 0 n -- (2a) 803 * 1 0 y n (2a) L 804 * 1 0 y y (2a) L *->STALE 805 * 1 1 n -- (2a) *->REACHABLE 806 * 1 1 y n (2a) L *->REACHABLE 807 * 1 1 y y (2a) L *->REACHABLE 808 */ 809 if (!is_override && (lladdr != NULL && llchange)) { /* (1) */ 810 /* 811 * If state is REACHABLE, make it STALE. 812 * no other updates should be done. 813 */ 814 if (ln->ln_state == ND6_LLINFO_REACHABLE) { 815 ln->ln_state = ND6_LLINFO_STALE; 816 nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz); 817 } 818 goto freeit; 819 } else if (is_override /* (2a) */ 820 || (!is_override && (lladdr != NULL && !llchange)) /* (2b) */ 821 || lladdr == NULL) { /* (2c) */ 822 /* 823 * Update link-local address, if any. 824 */ 825 if (lladdr != NULL) { 826 bcopy(lladdr, &ln->ll_addr, ifp->if_addrlen); 827 ln->la_flags |= LLE_VALID; 828 EVENTHANDLER_INVOKE(lle_event, ln, 829 LLENTRY_RESOLVED); 830 } 831 832 /* 833 * If solicited, make the state REACHABLE. 834 * If not solicited and the link-layer address was 835 * changed, make it STALE. 836 */ 837 if (is_solicited) { 838 ln->ln_state = ND6_LLINFO_REACHABLE; 839 ln->ln_byhint = 0; 840 if (!ND6_LLINFO_PERMANENT(ln)) { 841 nd6_llinfo_settimer_locked(ln, 842 (long)ND_IFINFO(ifp)->reachable * hz); 843 } 844 } else { 845 if (lladdr != NULL && llchange) { 846 ln->ln_state = ND6_LLINFO_STALE; 847 nd6_llinfo_settimer_locked(ln, 848 (long)V_nd6_gctimer * hz); 849 } 850 } 851 } 852 853 if (ln->ln_router && !is_router) { 854 /* 855 * The peer dropped the router flag. 856 * Remove the sender from the Default Router List and 857 * update the Destination Cache entries. 858 */ 859 struct nd_defrouter *dr; 860 struct in6_addr *in6; 861 862 in6 = &L3_ADDR_SIN6(ln)->sin6_addr; 863 864 /* 865 * Lock to protect the default router list. 866 * XXX: this might be unnecessary, since this function 867 * is only called under the network software interrupt 868 * context. However, we keep it just for safety. 869 */ 870 dr = defrouter_lookup(in6, ln->lle_tbl->llt_ifp); 871 if (dr) 872 defrtrlist_del(dr); 873 else if (ND_IFINFO(ln->lle_tbl->llt_ifp)->flags & 874 ND6_IFF_ACCEPT_RTADV) { 875 /* 876 * Even if the neighbor is not in the default 877 * router list, the neighbor may be used 878 * as a next hop for some destinations 879 * (e.g. redirect case). So we must 880 * call rt6_flush explicitly. 881 */ 882 rt6_flush(&ip6->ip6_src, ifp); 883 } 884 } 885 ln->ln_router = is_router; 886 } 887 /* XXX - QL 888 * Does this matter? 889 * rt->rt_flags &= ~RTF_REJECT; 890 */ 891 ln->la_asked = 0; 892 if (ln->la_hold) { 893 struct mbuf *m_hold, *m_hold_next; 894 895 /* 896 * reset the la_hold in advance, to explicitly 897 * prevent a la_hold lookup in nd6_output() 898 * (wouldn't happen, though...) 899 */ 900 for (m_hold = ln->la_hold, ln->la_hold = NULL; 901 m_hold; m_hold = m_hold_next) { 902 m_hold_next = m_hold->m_nextpkt; 903 m_hold->m_nextpkt = NULL; 904 /* 905 * we assume ifp is not a loopback here, so just set 906 * the 2nd argument as the 1st one. 907 */ 908 909 if (send_sendso_input_hook != NULL) { 910 mtag = m_tag_get(PACKET_TAG_ND_OUTGOING, 911 sizeof(unsigned short), M_NOWAIT); 912 if (mtag == NULL) 913 goto bad; 914 m_tag_prepend(m, mtag); 915 } 916 917 nd6_output_lle(ifp, ifp, m_hold, L3_ADDR_SIN6(ln), NULL, ln, &chain); 918 } 919 } 920 freeit: 921 if (ln != NULL) { 922 if (chain) 923 memcpy(&sin6, L3_ADDR_SIN6(ln), sizeof(sin6)); 924 LLE_WUNLOCK(ln); 925 926 if (chain) 927 nd6_output_flush(ifp, ifp, chain, &sin6); 928 } 929 if (checklink) 930 pfxlist_onlink_check(); 931 932 m_freem(m); 933 return; 934 935 bad: 936 if (ln != NULL) 937 LLE_WUNLOCK(ln); 938 939 ICMP6STAT_INC(icp6s_badna); 940 m_freem(m); 941 } 942 943 /* 944 * Neighbor advertisement output handling. 945 * 946 * Based on RFC 2461 947 * 948 * the following items are not implemented yet: 949 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 950 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 951 * 952 * tlladdr - 1 if include target link-layer address 953 * sdl0 - sockaddr_dl (= proxy NA) or NULL 954 */ 955 static void 956 nd6_na_output_fib(struct ifnet *ifp, const struct in6_addr *daddr6_0, 957 const struct in6_addr *taddr6, u_long flags, int tlladdr, 958 struct sockaddr *sdl0, u_int fibnum) 959 { 960 struct mbuf *m; 961 struct m_tag *mtag; 962 struct ifnet *oifp; 963 struct ip6_hdr *ip6; 964 struct nd_neighbor_advert *nd_na; 965 struct ip6_moptions im6o; 966 struct in6_addr src, daddr6; 967 struct sockaddr_in6 dst_sa; 968 int icmp6len, maxlen, error; 969 caddr_t mac = NULL; 970 struct route_in6 ro; 971 972 bzero(&ro, sizeof(ro)); 973 974 daddr6 = *daddr6_0; /* make a local copy for modification */ 975 976 /* estimate the size of message */ 977 maxlen = sizeof(*ip6) + sizeof(*nd_na); 978 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 979 if (max_linkhdr + maxlen >= MCLBYTES) { 980 #ifdef DIAGNOSTIC 981 printf("nd6_na_output: max_linkhdr + maxlen >= MCLBYTES " 982 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); 983 #endif 984 return; 985 } 986 987 if (max_linkhdr + maxlen > MHLEN) 988 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 989 else 990 m = m_gethdr(M_NOWAIT, MT_DATA); 991 if (m == NULL) 992 return; 993 M_SETFIB(m, fibnum); 994 995 if (IN6_IS_ADDR_MULTICAST(&daddr6)) { 996 m->m_flags |= M_MCAST; 997 im6o.im6o_multicast_ifp = ifp; 998 im6o.im6o_multicast_hlim = 255; 999 im6o.im6o_multicast_loop = 0; 1000 } 1001 1002 icmp6len = sizeof(*nd_na); 1003 m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len; 1004 m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */ 1005 1006 /* fill neighbor advertisement packet */ 1007 ip6 = mtod(m, struct ip6_hdr *); 1008 ip6->ip6_flow = 0; 1009 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 1010 ip6->ip6_vfc |= IPV6_VERSION; 1011 ip6->ip6_nxt = IPPROTO_ICMPV6; 1012 ip6->ip6_hlim = 255; 1013 if (IN6_IS_ADDR_UNSPECIFIED(&daddr6)) { 1014 /* reply to DAD */ 1015 daddr6.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 1016 daddr6.s6_addr16[1] = 0; 1017 daddr6.s6_addr32[1] = 0; 1018 daddr6.s6_addr32[2] = 0; 1019 daddr6.s6_addr32[3] = IPV6_ADDR_INT32_ONE; 1020 if (in6_setscope(&daddr6, ifp, NULL)) 1021 goto bad; 1022 1023 flags &= ~ND_NA_FLAG_SOLICITED; 1024 } 1025 ip6->ip6_dst = daddr6; 1026 bzero(&dst_sa, sizeof(struct sockaddr_in6)); 1027 dst_sa.sin6_family = AF_INET6; 1028 dst_sa.sin6_len = sizeof(struct sockaddr_in6); 1029 dst_sa.sin6_addr = daddr6; 1030 1031 /* 1032 * Select a source whose scope is the same as that of the dest. 1033 */ 1034 bcopy(&dst_sa, &ro.ro_dst, sizeof(dst_sa)); 1035 oifp = ifp; 1036 error = in6_selectsrc(&dst_sa, NULL, NULL, &ro, NULL, &oifp, &src); 1037 if (error) { 1038 char ip6buf[INET6_ADDRSTRLEN]; 1039 nd6log((LOG_DEBUG, "nd6_na_output: source can't be " 1040 "determined: dst=%s, error=%d\n", 1041 ip6_sprintf(ip6buf, &dst_sa.sin6_addr), error)); 1042 goto bad; 1043 } 1044 ip6->ip6_src = src; 1045 nd_na = (struct nd_neighbor_advert *)(ip6 + 1); 1046 nd_na->nd_na_type = ND_NEIGHBOR_ADVERT; 1047 nd_na->nd_na_code = 0; 1048 nd_na->nd_na_target = *taddr6; 1049 in6_clearscope(&nd_na->nd_na_target); /* XXX */ 1050 1051 /* 1052 * "tlladdr" indicates NS's condition for adding tlladdr or not. 1053 * see nd6_ns_input() for details. 1054 * Basically, if NS packet is sent to unicast/anycast addr, 1055 * target lladdr option SHOULD NOT be included. 1056 */ 1057 if (tlladdr) { 1058 /* 1059 * sdl0 != NULL indicates proxy NA. If we do proxy, use 1060 * lladdr in sdl0. If we are not proxying (sending NA for 1061 * my address) use lladdr configured for the interface. 1062 */ 1063 if (sdl0 == NULL) { 1064 if (ifp->if_carp) 1065 mac = (*carp_macmatch6_p)(ifp, m, taddr6); 1066 if (mac == NULL) 1067 mac = nd6_ifptomac(ifp); 1068 } else if (sdl0->sa_family == AF_LINK) { 1069 struct sockaddr_dl *sdl; 1070 sdl = (struct sockaddr_dl *)sdl0; 1071 if (sdl->sdl_alen == ifp->if_addrlen) 1072 mac = LLADDR(sdl); 1073 } 1074 } 1075 if (tlladdr && mac) { 1076 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 1077 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1); 1078 1079 /* roundup to 8 bytes alignment! */ 1080 optlen = (optlen + 7) & ~7; 1081 1082 m->m_pkthdr.len += optlen; 1083 m->m_len += optlen; 1084 icmp6len += optlen; 1085 bzero((caddr_t)nd_opt, optlen); 1086 nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; 1087 nd_opt->nd_opt_len = optlen >> 3; 1088 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen); 1089 } else 1090 flags &= ~ND_NA_FLAG_OVERRIDE; 1091 1092 ip6->ip6_plen = htons((u_short)icmp6len); 1093 nd_na->nd_na_flags_reserved = flags; 1094 nd_na->nd_na_cksum = 0; 1095 nd_na->nd_na_cksum = 1096 in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len); 1097 1098 if (send_sendso_input_hook != NULL) { 1099 mtag = m_tag_get(PACKET_TAG_ND_OUTGOING, 1100 sizeof(unsigned short), M_NOWAIT); 1101 if (mtag == NULL) 1102 goto bad; 1103 *(unsigned short *)(mtag + 1) = nd_na->nd_na_type; 1104 m_tag_prepend(m, mtag); 1105 } 1106 1107 ip6_output(m, NULL, &ro, 0, &im6o, NULL, NULL); 1108 icmp6_ifstat_inc(ifp, ifs6_out_msg); 1109 icmp6_ifstat_inc(ifp, ifs6_out_neighboradvert); 1110 ICMP6STAT_INC(icp6s_outhist[ND_NEIGHBOR_ADVERT]); 1111 1112 /* We don't cache this route. */ 1113 RO_RTFREE(&ro); 1114 1115 return; 1116 1117 bad: 1118 if (ro.ro_rt) { 1119 RTFREE(ro.ro_rt); 1120 } 1121 m_freem(m); 1122 return; 1123 } 1124 1125 #ifndef BURN_BRIDGES 1126 void 1127 nd6_na_output(struct ifnet *ifp, const struct in6_addr *daddr6_0, 1128 const struct in6_addr *taddr6, u_long flags, int tlladdr, 1129 struct sockaddr *sdl0) 1130 { 1131 1132 nd6_na_output_fib(ifp, daddr6_0, taddr6, flags, tlladdr, sdl0, 1133 RT_DEFAULT_FIB); 1134 } 1135 #endif 1136 1137 caddr_t 1138 nd6_ifptomac(struct ifnet *ifp) 1139 { 1140 switch (ifp->if_type) { 1141 case IFT_ARCNET: 1142 case IFT_ETHER: 1143 case IFT_FDDI: 1144 case IFT_IEEE1394: 1145 #ifdef IFT_L2VLAN 1146 case IFT_L2VLAN: 1147 #endif 1148 #ifdef IFT_IEEE80211 1149 case IFT_IEEE80211: 1150 #endif 1151 case IFT_INFINIBAND: 1152 case IFT_BRIDGE: 1153 case IFT_ISO88025: 1154 return IF_LLADDR(ifp); 1155 default: 1156 return NULL; 1157 } 1158 } 1159 1160 struct dadq { 1161 TAILQ_ENTRY(dadq) dad_list; 1162 struct ifaddr *dad_ifa; 1163 int dad_count; /* max NS to send */ 1164 int dad_ns_tcount; /* # of trials to send NS */ 1165 int dad_ns_ocount; /* NS sent so far */ 1166 int dad_ns_icount; 1167 int dad_na_icount; 1168 struct callout dad_timer_ch; 1169 struct vnet *dad_vnet; 1170 }; 1171 1172 static VNET_DEFINE(TAILQ_HEAD(, dadq), dadq); 1173 static VNET_DEFINE(struct rwlock, dad_rwlock); 1174 #define V_dadq VNET(dadq) 1175 #define V_dad_rwlock VNET(dad_rwlock) 1176 1177 #define DADQ_LOCK_INIT() rw_init(&V_dad_rwlock, "nd6 DAD queue") 1178 #define DADQ_LOCK_DESTROY() rw_destroy(&V_dad_rwlock) 1179 #define DADQ_LOCK_INITIALIZED() rw_initialized(&V_dad_rwlock) 1180 #define DADQ_RLOCK() rw_rlock(&V_dad_rwlock) 1181 #define DADQ_RUNLOCK() rw_runlock(&V_dad_rwlock) 1182 #define DADQ_WLOCK() rw_wlock(&V_dad_rwlock) 1183 #define DADQ_WUNLOCK() rw_wunlock(&V_dad_rwlock) 1184 1185 static void 1186 nd6_dad_add(struct dadq *dp) 1187 { 1188 1189 ifa_ref(dp->dad_ifa); /* just for safety */ 1190 DADQ_WLOCK(); 1191 TAILQ_INSERT_TAIL(&V_dadq, (struct dadq *)dp, dad_list); 1192 DADQ_WUNLOCK(); 1193 } 1194 1195 static void 1196 nd6_dad_del(struct dadq *dp) 1197 { 1198 1199 ifa_free(dp->dad_ifa); 1200 DADQ_WLOCK(); 1201 TAILQ_REMOVE(&V_dadq, (struct dadq *)dp, dad_list); 1202 DADQ_WUNLOCK(); 1203 } 1204 1205 static struct dadq * 1206 nd6_dad_find(struct ifaddr *ifa) 1207 { 1208 struct dadq *dp; 1209 1210 DADQ_RLOCK(); 1211 TAILQ_FOREACH(dp, &V_dadq, dad_list) 1212 if (dp->dad_ifa == ifa) 1213 break; 1214 DADQ_RUNLOCK(); 1215 1216 return (dp); 1217 } 1218 1219 static void 1220 nd6_dad_starttimer(struct dadq *dp, int ticks) 1221 { 1222 1223 callout_reset(&dp->dad_timer_ch, ticks, 1224 (void (*)(void *))nd6_dad_timer, (void *)dp); 1225 } 1226 1227 static void 1228 nd6_dad_stoptimer(struct dadq *dp) 1229 { 1230 1231 callout_stop(&dp->dad_timer_ch); 1232 } 1233 1234 /* 1235 * Start Duplicate Address Detection (DAD) for specified interface address. 1236 */ 1237 void 1238 nd6_dad_start(struct ifaddr *ifa, int delay) 1239 { 1240 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1241 struct dadq *dp; 1242 char ip6buf[INET6_ADDRSTRLEN]; 1243 1244 if (DADQ_LOCK_INITIALIZED() == 0) { 1245 DADQ_LOCK_INIT(); 1246 TAILQ_INIT(&V_dadq); 1247 } 1248 1249 /* 1250 * If we don't need DAD, don't do it. 1251 * There are several cases: 1252 * - DAD is disabled (ip6_dad_count == 0) 1253 * - the interface address is anycast 1254 */ 1255 if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) { 1256 log(LOG_DEBUG, 1257 "nd6_dad_start: called with non-tentative address " 1258 "%s(%s)\n", 1259 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1260 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1261 return; 1262 } 1263 if (ia->ia6_flags & IN6_IFF_ANYCAST) { 1264 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1265 return; 1266 } 1267 if (!V_ip6_dad_count) { 1268 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1269 return; 1270 } 1271 if (ifa->ifa_ifp == NULL) 1272 panic("nd6_dad_start: ifa->ifa_ifp == NULL"); 1273 if (!(ifa->ifa_ifp->if_flags & IFF_UP)) { 1274 return; 1275 } 1276 if (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_IFDISABLED) 1277 return; 1278 if (nd6_dad_find(ifa) != NULL) { 1279 /* DAD already in progress */ 1280 return; 1281 } 1282 1283 dp = malloc(sizeof(*dp), M_IP6NDP, M_NOWAIT); 1284 if (dp == NULL) { 1285 log(LOG_ERR, "nd6_dad_start: memory allocation failed for " 1286 "%s(%s)\n", 1287 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1288 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1289 return; 1290 } 1291 bzero(dp, sizeof(*dp)); 1292 callout_init(&dp->dad_timer_ch, 0); 1293 #ifdef VIMAGE 1294 dp->dad_vnet = curvnet; 1295 #endif 1296 nd6log((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp), 1297 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1298 1299 /* 1300 * Send NS packet for DAD, ip6_dad_count times. 1301 * Note that we must delay the first transmission, if this is the 1302 * first packet to be sent from the interface after interface 1303 * (re)initialization. 1304 */ 1305 dp->dad_ifa = ifa; 1306 dp->dad_count = V_ip6_dad_count; 1307 dp->dad_ns_icount = dp->dad_na_icount = 0; 1308 dp->dad_ns_ocount = dp->dad_ns_tcount = 0; 1309 nd6_dad_add(dp); 1310 if (delay == 0) { 1311 nd6_dad_ns_output(dp, ifa); 1312 nd6_dad_starttimer(dp, 1313 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000); 1314 } else { 1315 nd6_dad_starttimer(dp, delay); 1316 } 1317 } 1318 1319 /* 1320 * terminate DAD unconditionally. used for address removals. 1321 */ 1322 void 1323 nd6_dad_stop(struct ifaddr *ifa) 1324 { 1325 struct dadq *dp; 1326 1327 if (DADQ_LOCK_INITIALIZED() == 0) 1328 return; 1329 dp = nd6_dad_find(ifa); 1330 if (!dp) { 1331 /* DAD wasn't started yet */ 1332 return; 1333 } 1334 1335 nd6_dad_stoptimer(dp); 1336 1337 nd6_dad_del(dp); 1338 free(dp, M_IP6NDP); 1339 } 1340 1341 static void 1342 nd6_dad_timer(struct dadq *dp) 1343 { 1344 CURVNET_SET(dp->dad_vnet); 1345 struct ifaddr *ifa = dp->dad_ifa; 1346 struct ifnet *ifp = dp->dad_ifa->ifa_ifp; 1347 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1348 char ip6buf[INET6_ADDRSTRLEN]; 1349 1350 /* Sanity check */ 1351 if (ia == NULL) { 1352 log(LOG_ERR, "nd6_dad_timer: called with null parameter\n"); 1353 goto done; 1354 } 1355 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) { 1356 /* Do not need DAD for ifdisabled interface. */ 1357 TAILQ_REMOVE(&V_dadq, (struct dadq *)dp, dad_list); 1358 log(LOG_ERR, "nd6_dad_timer: cancel DAD on %s because of " 1359 "ND6_IFF_IFDISABLED.\n", ifp->if_xname); 1360 free(dp, M_IP6NDP); 1361 dp = NULL; 1362 ifa_free(ifa); 1363 goto done; 1364 } 1365 if (ia->ia6_flags & IN6_IFF_DUPLICATED) { 1366 log(LOG_ERR, "nd6_dad_timer: called with duplicated address " 1367 "%s(%s)\n", 1368 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1369 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1370 goto done; 1371 } 1372 if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) { 1373 log(LOG_ERR, "nd6_dad_timer: called with non-tentative address " 1374 "%s(%s)\n", 1375 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1376 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1377 goto done; 1378 } 1379 1380 /* timeouted with IFF_{RUNNING,UP} check */ 1381 if (dp->dad_ns_tcount > V_dad_maxtry) { 1382 nd6log((LOG_INFO, "%s: could not run DAD, driver problem?\n", 1383 if_name(ifa->ifa_ifp))); 1384 1385 nd6_dad_del(dp); 1386 free(dp, M_IP6NDP); 1387 dp = NULL; 1388 goto done; 1389 } 1390 1391 /* Need more checks? */ 1392 if (dp->dad_ns_ocount < dp->dad_count) { 1393 /* 1394 * We have more NS to go. Send NS packet for DAD. 1395 */ 1396 nd6_dad_ns_output(dp, ifa); 1397 nd6_dad_starttimer(dp, 1398 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000); 1399 } else { 1400 /* 1401 * We have transmitted sufficient number of DAD packets. 1402 * See what we've got. 1403 */ 1404 int duplicate; 1405 1406 duplicate = 0; 1407 1408 if (dp->dad_na_icount) { 1409 /* 1410 * the check is in nd6_dad_na_input(), 1411 * but just in case 1412 */ 1413 duplicate++; 1414 } 1415 1416 if (dp->dad_ns_icount) { 1417 /* We've seen NS, means DAD has failed. */ 1418 duplicate++; 1419 } 1420 1421 if (duplicate) { 1422 /* (*dp) will be freed in nd6_dad_duplicated() */ 1423 nd6_dad_duplicated(ifa, dp); 1424 dp = NULL; 1425 } else { 1426 /* 1427 * We are done with DAD. No NA came, no NS came. 1428 * No duplicate address found. Check IFDISABLED flag 1429 * again in case that it is changed between the 1430 * beginning of this function and here. 1431 */ 1432 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) == 0) 1433 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1434 1435 nd6log((LOG_DEBUG, 1436 "%s: DAD complete for %s - no duplicates found\n", 1437 if_name(ifa->ifa_ifp), 1438 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr))); 1439 1440 nd6_dad_del(dp); 1441 free(dp, M_IP6NDP); 1442 dp = NULL; 1443 } 1444 } 1445 1446 done: 1447 CURVNET_RESTORE(); 1448 } 1449 1450 void 1451 nd6_dad_duplicated(struct ifaddr *ifa, struct dadq *dp) 1452 { 1453 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1454 struct ifnet *ifp; 1455 char ip6buf[INET6_ADDRSTRLEN]; 1456 1457 log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: " 1458 "NS in/out=%d/%d, NA in=%d\n", 1459 if_name(ifa->ifa_ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr), 1460 dp->dad_ns_icount, dp->dad_ns_ocount, dp->dad_na_icount); 1461 1462 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1463 ia->ia6_flags |= IN6_IFF_DUPLICATED; 1464 1465 /* We are done with DAD, with duplicate address found. (failure) */ 1466 nd6_dad_stoptimer(dp); 1467 1468 ifp = ifa->ifa_ifp; 1469 log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n", 1470 if_name(ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)); 1471 log(LOG_ERR, "%s: manual intervention required\n", 1472 if_name(ifp)); 1473 1474 /* 1475 * If the address is a link-local address formed from an interface 1476 * identifier based on the hardware address which is supposed to be 1477 * uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP 1478 * operation on the interface SHOULD be disabled. 1479 * [RFC 4862, Section 5.4.5] 1480 */ 1481 if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) { 1482 struct in6_addr in6; 1483 1484 /* 1485 * To avoid over-reaction, we only apply this logic when we are 1486 * very sure that hardware addresses are supposed to be unique. 1487 */ 1488 switch (ifp->if_type) { 1489 case IFT_ETHER: 1490 case IFT_FDDI: 1491 case IFT_ATM: 1492 case IFT_IEEE1394: 1493 #ifdef IFT_IEEE80211 1494 case IFT_IEEE80211: 1495 #endif 1496 case IFT_INFINIBAND: 1497 in6 = ia->ia_addr.sin6_addr; 1498 if (in6_get_hw_ifid(ifp, &in6) == 0 && 1499 IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, &in6)) { 1500 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED; 1501 log(LOG_ERR, "%s: possible hardware address " 1502 "duplication detected, disable IPv6\n", 1503 if_name(ifp)); 1504 } 1505 break; 1506 } 1507 } 1508 1509 nd6_dad_del(dp); 1510 free(dp, M_IP6NDP); 1511 } 1512 1513 static void 1514 nd6_dad_ns_output(struct dadq *dp, struct ifaddr *ifa) 1515 { 1516 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1517 struct ifnet *ifp = ifa->ifa_ifp; 1518 1519 dp->dad_ns_tcount++; 1520 if ((ifp->if_flags & IFF_UP) == 0) { 1521 return; 1522 } 1523 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1524 return; 1525 } 1526 1527 dp->dad_ns_ocount++; 1528 nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL, 1); 1529 } 1530 1531 static void 1532 nd6_dad_ns_input(struct ifaddr *ifa) 1533 { 1534 struct in6_ifaddr *ia; 1535 struct ifnet *ifp; 1536 const struct in6_addr *taddr6; 1537 struct dadq *dp; 1538 int duplicate; 1539 1540 if (ifa == NULL) 1541 panic("ifa == NULL in nd6_dad_ns_input"); 1542 1543 ia = (struct in6_ifaddr *)ifa; 1544 ifp = ifa->ifa_ifp; 1545 taddr6 = &ia->ia_addr.sin6_addr; 1546 duplicate = 0; 1547 dp = nd6_dad_find(ifa); 1548 1549 /* Quickhack - completely ignore DAD NS packets */ 1550 if (V_dad_ignore_ns) { 1551 char ip6buf[INET6_ADDRSTRLEN]; 1552 nd6log((LOG_INFO, 1553 "nd6_dad_ns_input: ignoring DAD NS packet for " 1554 "address %s(%s)\n", ip6_sprintf(ip6buf, taddr6), 1555 if_name(ifa->ifa_ifp))); 1556 return; 1557 } 1558 1559 /* 1560 * if I'm yet to start DAD, someone else started using this address 1561 * first. I have a duplicate and you win. 1562 */ 1563 if (dp == NULL || dp->dad_ns_ocount == 0) 1564 duplicate++; 1565 1566 /* XXX more checks for loopback situation - see nd6_dad_timer too */ 1567 1568 if (duplicate) { 1569 nd6_dad_duplicated(ifa, dp); 1570 dp = NULL; /* will be freed in nd6_dad_duplicated() */ 1571 } else { 1572 /* 1573 * not sure if I got a duplicate. 1574 * increment ns count and see what happens. 1575 */ 1576 if (dp) 1577 dp->dad_ns_icount++; 1578 } 1579 } 1580 1581 static void 1582 nd6_dad_na_input(struct ifaddr *ifa) 1583 { 1584 struct dadq *dp; 1585 1586 if (ifa == NULL) 1587 panic("ifa == NULL in nd6_dad_na_input"); 1588 1589 dp = nd6_dad_find(ifa); 1590 if (dp) 1591 dp->dad_na_icount++; 1592 1593 /* remove the address. */ 1594 nd6_dad_duplicated(ifa, dp); 1595 } 1596