1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #include <sys/types.h> 27 #include <sys/stream.h> 28 #include <sys/stropts.h> 29 #include <sys/strsun.h> 30 #include <sys/sysmacros.h> 31 #include <sys/errno.h> 32 #include <sys/dlpi.h> 33 #include <sys/socket.h> 34 #include <sys/ddi.h> 35 #include <sys/sunddi.h> 36 #include <sys/cmn_err.h> 37 #include <sys/debug.h> 38 #include <sys/vtrace.h> 39 #include <sys/kmem.h> 40 #include <sys/zone.h> 41 #include <sys/ethernet.h> 42 #include <sys/sdt.h> 43 #include <sys/mac.h> 44 45 #include <net/if.h> 46 #include <net/if_types.h> 47 #include <net/if_dl.h> 48 #include <net/route.h> 49 #include <netinet/in.h> 50 #include <netinet/ip6.h> 51 #include <netinet/icmp6.h> 52 53 #include <inet/common.h> 54 #include <inet/mi.h> 55 #include <inet/mib2.h> 56 #include <inet/nd.h> 57 #include <inet/ip.h> 58 #include <inet/ip_impl.h> 59 #include <inet/ipclassifier.h> 60 #include <inet/ip_if.h> 61 #include <inet/ip_ire.h> 62 #include <inet/ip_rts.h> 63 #include <inet/ip6.h> 64 #include <inet/ip_ndp.h> 65 #include <inet/sctp_ip.h> 66 #include <inet/ip_arp.h> 67 #include <inet/ip2mac_impl.h> 68 69 #define ANNOUNCE_INTERVAL(isv6) \ 70 (isv6 ? ipst->ips_ip_ndp_unsolicit_interval : \ 71 ipst->ips_ip_arp_publish_interval) 72 73 #define DEFENSE_INTERVAL(isv6) \ 74 (isv6 ? ipst->ips_ndp_defend_interval : \ 75 ipst->ips_arp_defend_interval) 76 77 /* Non-tunable probe interval, based on link capabilities */ 78 #define ILL_PROBE_INTERVAL(ill) ((ill)->ill_note_link ? 150 : 1500) 79 80 /* 81 * The IPv4 Link Local address space is special; we do extra duplicate checking 82 * there, as the entire assignment mechanism rests on random numbers. 83 */ 84 #define IS_IPV4_LL_SPACE(ptr) (((uchar_t *)ptr)[0] == 169 && \ 85 ((uchar_t *)ptr)[1] == 254) 86 87 /* 88 * NCE_EXTERNAL_FLAGS_MASK defines the set of ncec_flags that may be passed 89 * in to the ncec*add* functions. 90 * 91 * NCE_F_AUTHORITY means that we ignore any incoming adverts for that 92 * mapping (though DAD is performed for the mapping). NCE_F_PUBLISH means 93 * that we will respond to requests for the protocol address. 94 */ 95 #define NCE_EXTERNAL_FLAGS_MASK \ 96 (NCE_F_MYADDR | NCE_F_ISROUTER | NCE_F_NONUD | \ 97 NCE_F_ANYCAST | NCE_F_UNSOL_ADV | NCE_F_BCAST | NCE_F_MCAST | \ 98 NCE_F_AUTHORITY | NCE_F_PUBLISH | NCE_F_STATIC) 99 100 /* 101 * Lock ordering: 102 * 103 * ndp_g_lock -> ill_lock -> ncec_lock 104 * 105 * The ndp_g_lock protects the NCE hash (nce_hash_tbl, NCE_HASH_PTR) and 106 * ncec_next. ncec_lock protects the contents of the NCE (particularly 107 * ncec_refcnt). 108 */ 109 110 static void nce_cleanup_list(ncec_t *ncec); 111 static void nce_set_ll(ncec_t *ncec, uchar_t *ll_addr); 112 static ncec_t *ncec_lookup_illgrp(ill_t *, const in6_addr_t *, 113 ncec_t *); 114 static nce_t *nce_lookup_addr(ill_t *, const in6_addr_t *); 115 static int nce_set_multicast_v6(ill_t *ill, const in6_addr_t *addr, 116 uint16_t ncec_flags, nce_t **newnce); 117 static int nce_set_multicast_v4(ill_t *ill, const in_addr_t *dst, 118 uint16_t ncec_flags, nce_t **newnce); 119 static boolean_t ndp_xmit(ill_t *ill, uint32_t operation, 120 uint8_t *hwaddr, uint_t hwaddr_len, const in6_addr_t *sender, 121 const in6_addr_t *target, int flag); 122 static void ncec_refhold_locked(ncec_t *); 123 static boolean_t ill_defend_rate_limit(ill_t *, ncec_t *); 124 static void nce_queue_mp_common(ncec_t *, mblk_t *, boolean_t); 125 static int nce_add_common(ill_t *, uchar_t *, uint_t, const in6_addr_t *, 126 uint16_t, uint16_t, nce_t **); 127 static nce_t *nce_add_impl(ill_t *, ncec_t *, nce_t *, mblk_t *); 128 static nce_t *nce_add(ill_t *, ncec_t *); 129 static void nce_inactive(nce_t *); 130 extern nce_t *nce_lookup(ill_t *, const in6_addr_t *); 131 static nce_t *nce_ill_lookup_then_add(ill_t *, ncec_t *); 132 static int nce_add_v6(ill_t *, uchar_t *, uint_t, const in6_addr_t *, 133 uint16_t, uint16_t, nce_t **); 134 static int nce_add_v4(ill_t *, uchar_t *, uint_t, const in_addr_t *, 135 uint16_t, uint16_t, nce_t **); 136 static int nce_add_v6_postprocess(nce_t *); 137 static int nce_add_v4_postprocess(nce_t *); 138 static ill_t *nce_resolve_src(ncec_t *, in6_addr_t *); 139 static clock_t nce_fuzz_interval(clock_t, boolean_t); 140 static void nce_resolv_ipmp_ok(ncec_t *); 141 static void nce_walk_common(ill_t *, pfi_t, void *); 142 static void nce_start_timer(ncec_t *, uint_t); 143 static nce_t *nce_fastpath_create(ill_t *, ncec_t *); 144 static void nce_fastpath_trigger(nce_t *); 145 static nce_t *nce_fastpath(ncec_t *, boolean_t, nce_t *); 146 147 #ifdef DEBUG 148 static void ncec_trace_cleanup(const ncec_t *); 149 #endif 150 151 #define NCE_HASH_PTR_V4(ipst, addr) \ 152 (&((ipst)->ips_ndp4->nce_hash_tbl[IRE_ADDR_HASH(addr, NCE_TABLE_SIZE)])) 153 154 #define NCE_HASH_PTR_V6(ipst, addr) \ 155 (&((ipst)->ips_ndp6->nce_hash_tbl[NCE_ADDR_HASH_V6(addr, \ 156 NCE_TABLE_SIZE)])) 157 158 extern kmem_cache_t *ncec_cache; 159 extern kmem_cache_t *nce_cache; 160 161 /* 162 * Send out a IPv6 (unicast) or IPv4 (broadcast) DAD probe 163 * If src_ill is not null, the ncec_addr is bound to src_ill. The 164 * src_ill is ignored by nce_dad for IPv4 Neighbor Cache entries where 165 * the probe is sent on the ncec_ill (in the non-IPMP case) or the 166 * IPMP cast_ill (in the IPMP case). 167 * 168 * Note that the probe interval is based on ncec->ncec_ill which 169 * may be the ipmp_ill. 170 */ 171 static void 172 nce_dad(ncec_t *ncec, ill_t *src_ill, boolean_t send_probe) 173 { 174 boolean_t dropped; 175 uint32_t probe_interval; 176 177 ASSERT(!(ncec->ncec_flags & NCE_F_MCAST)); 178 ASSERT(!(ncec->ncec_flags & NCE_F_BCAST)); 179 if (ncec->ncec_ipversion == IPV6_VERSION) { 180 dropped = ndp_xmit(src_ill, ND_NEIGHBOR_SOLICIT, 181 ncec->ncec_lladdr, ncec->ncec_lladdr_length, 182 &ipv6_all_zeros, &ncec->ncec_addr, NDP_PROBE); 183 probe_interval = ILL_PROBE_INTERVAL(ncec->ncec_ill); 184 } else { 185 /* IPv4 DAD delay the initial probe. */ 186 if (send_probe) 187 dropped = arp_probe(ncec); 188 else 189 dropped = B_TRUE; 190 probe_interval = nce_fuzz_interval(ncec->ncec_xmit_interval, 191 !send_probe); 192 } 193 if (!dropped) { 194 mutex_enter(&ncec->ncec_lock); 195 ncec->ncec_pcnt--; 196 mutex_exit(&ncec->ncec_lock); 197 } 198 nce_restart_timer(ncec, probe_interval); 199 } 200 201 /* 202 * Compute default flags to use for an advertisement of this ncec's address. 203 */ 204 static int 205 nce_advert_flags(const ncec_t *ncec) 206 { 207 int flag = 0; 208 209 if (ncec->ncec_flags & NCE_F_ISROUTER) 210 flag |= NDP_ISROUTER; 211 if (!(ncec->ncec_flags & NCE_F_ANYCAST)) 212 flag |= NDP_ORIDE; 213 214 return (flag); 215 } 216 217 /* 218 * NDP Cache Entry creation routine. 219 * This routine must always be called with ndp6->ndp_g_lock held. 220 */ 221 int 222 nce_add_v6(ill_t *ill, uchar_t *hw_addr, uint_t hw_addr_len, 223 const in6_addr_t *addr, uint16_t flags, uint16_t state, nce_t **newnce) 224 { 225 int err; 226 nce_t *nce; 227 228 ASSERT(MUTEX_HELD(&ill->ill_ipst->ips_ndp6->ndp_g_lock)); 229 ASSERT(ill != NULL && ill->ill_isv6); 230 231 err = nce_add_common(ill, hw_addr, hw_addr_len, addr, flags, state, 232 &nce); 233 if (err != 0) 234 return (err); 235 ASSERT(newnce != NULL); 236 *newnce = nce; 237 return (err); 238 } 239 240 /* 241 * Post-processing routine to be executed after nce_add_v6(). This function 242 * triggers fastpath (if appropriate) and DAD on the newly added nce entry 243 * and must be called without any locks held. 244 */ 245 int 246 nce_add_v6_postprocess(nce_t *nce) 247 { 248 ncec_t *ncec = nce->nce_common; 249 boolean_t dropped = B_FALSE; 250 uchar_t *hw_addr = ncec->ncec_lladdr; 251 uint_t hw_addr_len = ncec->ncec_lladdr_length; 252 ill_t *ill = ncec->ncec_ill; 253 int err = 0; 254 uint16_t flags = ncec->ncec_flags; 255 ip_stack_t *ipst = ill->ill_ipst; 256 boolean_t trigger_fastpath = B_TRUE; 257 258 /* 259 * If the hw_addr is NULL, typically for ND_INCOMPLETE nces, then 260 * we call nce_fastpath as soon as the ncec is resolved in nce_process. 261 * We call nce_fastpath from nce_update if the link layer address of 262 * the peer changes from nce_update 263 */ 264 if (NCE_PUBLISH(ncec) || !NCE_ISREACHABLE(ncec) || 265 (hw_addr == NULL && ill->ill_net_type != IRE_IF_NORESOLVER)) 266 trigger_fastpath = B_FALSE; 267 268 if (trigger_fastpath) 269 nce_fastpath_trigger(nce); 270 if (NCE_PUBLISH(ncec) && ncec->ncec_state == ND_PROBE) { 271 ill_t *hwaddr_ill; 272 /* 273 * Unicast entry that needs DAD. 274 */ 275 if (IS_IPMP(ill)) { 276 hwaddr_ill = ipmp_illgrp_find_ill(ill->ill_grp, 277 hw_addr, hw_addr_len); 278 } else { 279 hwaddr_ill = ill; 280 } 281 nce_dad(ncec, hwaddr_ill, B_TRUE); 282 err = EINPROGRESS; 283 } else if (flags & NCE_F_UNSOL_ADV) { 284 /* 285 * We account for the transmit below by assigning one 286 * less than the ndd variable. Subsequent decrements 287 * are done in nce_timer. 288 */ 289 mutex_enter(&ncec->ncec_lock); 290 ncec->ncec_unsolicit_count = 291 ipst->ips_ip_ndp_unsolicit_count - 1; 292 mutex_exit(&ncec->ncec_lock); 293 dropped = ndp_xmit(ill, 294 ND_NEIGHBOR_ADVERT, 295 hw_addr, 296 hw_addr_len, 297 &ncec->ncec_addr, /* Source and target of the adv */ 298 &ipv6_all_hosts_mcast, /* Destination of the packet */ 299 nce_advert_flags(ncec)); 300 mutex_enter(&ncec->ncec_lock); 301 if (dropped) 302 ncec->ncec_unsolicit_count++; 303 else 304 ncec->ncec_last_time_defended = ddi_get_lbolt(); 305 if (ncec->ncec_unsolicit_count != 0) { 306 nce_start_timer(ncec, 307 ipst->ips_ip_ndp_unsolicit_interval); 308 } 309 mutex_exit(&ncec->ncec_lock); 310 } 311 return (err); 312 } 313 314 /* 315 * Atomically lookup and add (if needed) Neighbor Cache information for 316 * an address. 317 * 318 * IPMP notes: the ncec for non-local (i.e., !NCE_MYADDR(ncec) addresses 319 * are always added pointing at the ipmp_ill. Thus, when the ill passed 320 * to nce_add_v6 is an under_ill (i.e., IS_UNDER_IPMP(ill)) two nce_t 321 * entries will be created, both pointing at the same ncec_t. The nce_t 322 * entries will have their nce_ill set to the ipmp_ill and the under_ill 323 * respectively, with the ncec_t having its ncec_ill pointing at the ipmp_ill. 324 * Local addresses are always created on the ill passed to nce_add_v6. 325 */ 326 int 327 nce_lookup_then_add_v6(ill_t *ill, uchar_t *hw_addr, uint_t hw_addr_len, 328 const in6_addr_t *addr, uint16_t flags, uint16_t state, nce_t **newnce) 329 { 330 int err = 0; 331 ip_stack_t *ipst = ill->ill_ipst; 332 nce_t *nce, *upper_nce = NULL; 333 ill_t *in_ill = ill; 334 boolean_t need_ill_refrele = B_FALSE; 335 336 if (flags & NCE_F_MCAST) { 337 /* 338 * hw_addr will be figured out in nce_set_multicast_v6; 339 * caller has to select the cast_ill 340 */ 341 ASSERT(hw_addr == NULL); 342 ASSERT(!IS_IPMP(ill)); 343 err = nce_set_multicast_v6(ill, addr, flags, newnce); 344 return (err); 345 } 346 ASSERT(ill->ill_isv6); 347 if (IS_UNDER_IPMP(ill) && !(flags & NCE_F_MYADDR)) { 348 ill = ipmp_ill_hold_ipmp_ill(ill); 349 if (ill == NULL) 350 return (ENXIO); 351 need_ill_refrele = B_TRUE; 352 } 353 354 mutex_enter(&ipst->ips_ndp6->ndp_g_lock); 355 nce = nce_lookup_addr(ill, addr); 356 if (nce == NULL) { 357 err = nce_add_v6(ill, hw_addr, hw_addr_len, addr, flags, state, 358 &nce); 359 } else { 360 err = EEXIST; 361 } 362 mutex_exit(&ipst->ips_ndp6->ndp_g_lock); 363 if (err == 0) 364 err = nce_add_v6_postprocess(nce); 365 if (in_ill != ill && nce != NULL) { 366 nce_t *under_nce; 367 368 /* 369 * in_ill was the under_ill. Try to create the under_nce. 370 * Hold the ill_g_lock to prevent changes to group membership 371 * until we are done. 372 */ 373 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 374 if (IS_IN_SAME_ILLGRP(in_ill, ill)) { 375 under_nce = nce_fastpath_create(in_ill, 376 nce->nce_common); 377 upper_nce = nce; 378 if ((nce = under_nce) == NULL) 379 err = EINVAL; 380 } 381 rw_exit(&ipst->ips_ill_g_lock); 382 if (under_nce != NULL && NCE_ISREACHABLE(nce->nce_common)) 383 nce_fastpath_trigger(under_nce); 384 } 385 if (nce != NULL) { 386 if (newnce != NULL) 387 *newnce = nce; 388 else 389 nce_refrele(nce); 390 } 391 /* nce_refrele is deferred until the lock is dropped */ 392 if (upper_nce != NULL) 393 nce_refrele(upper_nce); 394 if (need_ill_refrele) 395 ill_refrele(ill); 396 return (err); 397 } 398 399 /* 400 * Remove all the CONDEMNED nces from the appropriate hash table. 401 * We create a private list of NCEs, these may have ires pointing 402 * to them, so the list will be passed through to clean up dependent 403 * ires and only then we can do ncec_refrele() which can make NCE inactive. 404 */ 405 static void 406 nce_remove(ndp_g_t *ndp, ncec_t *ncec, ncec_t **free_nce_list) 407 { 408 ncec_t *ncec1; 409 ncec_t **ptpn; 410 411 ASSERT(MUTEX_HELD(&ndp->ndp_g_lock)); 412 ASSERT(ndp->ndp_g_walker == 0); 413 for (; ncec; ncec = ncec1) { 414 ncec1 = ncec->ncec_next; 415 mutex_enter(&ncec->ncec_lock); 416 if (NCE_ISCONDEMNED(ncec)) { 417 ptpn = ncec->ncec_ptpn; 418 ncec1 = ncec->ncec_next; 419 if (ncec1 != NULL) 420 ncec1->ncec_ptpn = ptpn; 421 *ptpn = ncec1; 422 ncec->ncec_ptpn = NULL; 423 ncec->ncec_next = NULL; 424 ncec->ncec_next = *free_nce_list; 425 *free_nce_list = ncec; 426 } 427 mutex_exit(&ncec->ncec_lock); 428 } 429 } 430 431 /* 432 * 1. Mark the entry CONDEMNED. This ensures that no new nce_lookup() 433 * will return this NCE. Also no new timeouts will 434 * be started (See nce_restart_timer). 435 * 2. Cancel any currently running timeouts. 436 * 3. If there is an ndp walker, return. The walker will do the cleanup. 437 * This ensures that walkers see a consistent list of NCEs while walking. 438 * 4. Otherwise remove the NCE from the list of NCEs 439 */ 440 void 441 ncec_delete(ncec_t *ncec) 442 { 443 ncec_t **ptpn; 444 ncec_t *ncec1; 445 int ipversion = ncec->ncec_ipversion; 446 ndp_g_t *ndp; 447 ip_stack_t *ipst = ncec->ncec_ipst; 448 449 if (ipversion == IPV4_VERSION) 450 ndp = ipst->ips_ndp4; 451 else 452 ndp = ipst->ips_ndp6; 453 454 /* Serialize deletes */ 455 mutex_enter(&ncec->ncec_lock); 456 if (NCE_ISCONDEMNED(ncec)) { 457 /* Some other thread is doing the delete */ 458 mutex_exit(&ncec->ncec_lock); 459 return; 460 } 461 /* 462 * Caller has a refhold. Also 1 ref for being in the list. Thus 463 * refcnt has to be >= 2 464 */ 465 ASSERT(ncec->ncec_refcnt >= 2); 466 ncec->ncec_flags |= NCE_F_CONDEMNED; 467 mutex_exit(&ncec->ncec_lock); 468 469 /* Count how many condemned ires for kmem_cache callback */ 470 atomic_add_32(&ipst->ips_num_nce_condemned, 1); 471 nce_fastpath_list_delete(ncec->ncec_ill, ncec, NULL); 472 473 /* Complete any waiting callbacks */ 474 ncec_cb_dispatch(ncec); 475 476 /* 477 * Cancel any running timer. Timeout can't be restarted 478 * since CONDEMNED is set. Can't hold ncec_lock across untimeout. 479 * Passing invalid timeout id is fine. 480 */ 481 if (ncec->ncec_timeout_id != 0) { 482 (void) untimeout(ncec->ncec_timeout_id); 483 ncec->ncec_timeout_id = 0; 484 } 485 486 mutex_enter(&ndp->ndp_g_lock); 487 if (ncec->ncec_ptpn == NULL) { 488 /* 489 * The last ndp walker has already removed this ncec from 490 * the list after we marked the ncec CONDEMNED and before 491 * we grabbed the global lock. 492 */ 493 mutex_exit(&ndp->ndp_g_lock); 494 return; 495 } 496 if (ndp->ndp_g_walker > 0) { 497 /* 498 * Can't unlink. The walker will clean up 499 */ 500 ndp->ndp_g_walker_cleanup = B_TRUE; 501 mutex_exit(&ndp->ndp_g_lock); 502 return; 503 } 504 505 /* 506 * Now remove the ncec from the list. nce_restart_timer won't restart 507 * the timer since it is marked CONDEMNED. 508 */ 509 ptpn = ncec->ncec_ptpn; 510 ncec1 = ncec->ncec_next; 511 if (ncec1 != NULL) 512 ncec1->ncec_ptpn = ptpn; 513 *ptpn = ncec1; 514 ncec->ncec_ptpn = NULL; 515 ncec->ncec_next = NULL; 516 mutex_exit(&ndp->ndp_g_lock); 517 518 /* Removed from ncec_ptpn/ncec_next list */ 519 ncec_refrele_notr(ncec); 520 } 521 522 void 523 ncec_inactive(ncec_t *ncec) 524 { 525 mblk_t **mpp; 526 ill_t *ill = ncec->ncec_ill; 527 ip_stack_t *ipst = ncec->ncec_ipst; 528 529 ASSERT(ncec->ncec_refcnt == 0); 530 ASSERT(MUTEX_HELD(&ncec->ncec_lock)); 531 532 /* Count how many condemned nces for kmem_cache callback */ 533 if (NCE_ISCONDEMNED(ncec)) 534 atomic_add_32(&ipst->ips_num_nce_condemned, -1); 535 536 /* Free all allocated messages */ 537 mpp = &ncec->ncec_qd_mp; 538 while (*mpp != NULL) { 539 mblk_t *mp; 540 541 mp = *mpp; 542 *mpp = mp->b_next; 543 544 inet_freemsg(mp); 545 } 546 /* 547 * must have been cleaned up in ncec_delete 548 */ 549 ASSERT(list_is_empty(&ncec->ncec_cb)); 550 list_destroy(&ncec->ncec_cb); 551 /* 552 * free the ncec_lladdr if one was allocated in nce_add_common() 553 */ 554 if (ncec->ncec_lladdr_length > 0) 555 kmem_free(ncec->ncec_lladdr, ncec->ncec_lladdr_length); 556 557 #ifdef DEBUG 558 ncec_trace_cleanup(ncec); 559 #endif 560 561 mutex_enter(&ill->ill_lock); 562 DTRACE_PROBE3(ill__decr__cnt, (ill_t *), ill, 563 (char *), "ncec", (void *), ncec); 564 ill->ill_ncec_cnt--; 565 ncec->ncec_ill = NULL; 566 /* 567 * If the number of ncec's associated with this ill have dropped 568 * to zero, check whether we need to restart any operation that 569 * is waiting for this to happen. 570 */ 571 if (ILL_DOWN_OK(ill)) { 572 /* ipif_ill_refrele_tail drops the ill_lock */ 573 ipif_ill_refrele_tail(ill); 574 } else { 575 mutex_exit(&ill->ill_lock); 576 } 577 578 mutex_destroy(&ncec->ncec_lock); 579 kmem_cache_free(ncec_cache, ncec); 580 } 581 582 /* 583 * ncec_walk routine. Delete the ncec if it is associated with the ill 584 * that is going away. Always called as a writer. 585 */ 586 void 587 ncec_delete_per_ill(ncec_t *ncec, uchar_t *arg) 588 { 589 if ((ncec != NULL) && ncec->ncec_ill == (ill_t *)arg) { 590 ncec_delete(ncec); 591 } 592 } 593 594 /* 595 * Neighbor Cache cleanup logic for a list of ncec_t entries. 596 */ 597 static void 598 nce_cleanup_list(ncec_t *ncec) 599 { 600 ncec_t *ncec_next; 601 602 ASSERT(ncec != NULL); 603 while (ncec != NULL) { 604 ncec_next = ncec->ncec_next; 605 ncec->ncec_next = NULL; 606 607 /* 608 * It is possible for the last ndp walker (this thread) 609 * to come here after ncec_delete has marked the ncec CONDEMNED 610 * and before it has removed the ncec from the fastpath list 611 * or called untimeout. So we need to do it here. It is safe 612 * for both ncec_delete and this thread to do it twice or 613 * even simultaneously since each of the threads has a 614 * reference on the ncec. 615 */ 616 nce_fastpath_list_delete(ncec->ncec_ill, ncec, NULL); 617 /* 618 * Cancel any running timer. Timeout can't be restarted 619 * since CONDEMNED is set. The ncec_lock can't be 620 * held across untimeout though passing invalid timeout 621 * id is fine. 622 */ 623 if (ncec->ncec_timeout_id != 0) { 624 (void) untimeout(ncec->ncec_timeout_id); 625 ncec->ncec_timeout_id = 0; 626 } 627 /* Removed from ncec_ptpn/ncec_next list */ 628 ncec_refrele_notr(ncec); 629 ncec = ncec_next; 630 } 631 } 632 633 /* 634 * Restart DAD on given NCE. Returns B_TRUE if DAD has been restarted. 635 */ 636 boolean_t 637 nce_restart_dad(ncec_t *ncec) 638 { 639 boolean_t started; 640 ill_t *ill, *hwaddr_ill; 641 642 if (ncec == NULL) 643 return (B_FALSE); 644 ill = ncec->ncec_ill; 645 mutex_enter(&ncec->ncec_lock); 646 if (ncec->ncec_state == ND_PROBE) { 647 mutex_exit(&ncec->ncec_lock); 648 started = B_TRUE; 649 } else if (ncec->ncec_state == ND_REACHABLE) { 650 ASSERT(ncec->ncec_lladdr != NULL); 651 ncec->ncec_state = ND_PROBE; 652 ncec->ncec_pcnt = ND_MAX_UNICAST_SOLICIT; 653 /* 654 * Slight cheat here: we don't use the initial probe delay 655 * for IPv4 in this obscure case. 656 */ 657 mutex_exit(&ncec->ncec_lock); 658 if (IS_IPMP(ill)) { 659 hwaddr_ill = ipmp_illgrp_find_ill(ill->ill_grp, 660 ncec->ncec_lladdr, ncec->ncec_lladdr_length); 661 } else { 662 hwaddr_ill = ill; 663 } 664 nce_dad(ncec, hwaddr_ill, B_TRUE); 665 started = B_TRUE; 666 } else { 667 mutex_exit(&ncec->ncec_lock); 668 started = B_FALSE; 669 } 670 return (started); 671 } 672 673 /* 674 * IPv6 Cache entry lookup. Try to find an ncec matching the parameters passed. 675 * If one is found, the refcnt on the ncec will be incremented. 676 */ 677 ncec_t * 678 ncec_lookup_illgrp_v6(ill_t *ill, const in6_addr_t *addr) 679 { 680 ncec_t *ncec; 681 ip_stack_t *ipst = ill->ill_ipst; 682 683 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 684 mutex_enter(&ipst->ips_ndp6->ndp_g_lock); 685 686 /* Get head of v6 hash table */ 687 ncec = *((ncec_t **)NCE_HASH_PTR_V6(ipst, *addr)); 688 ncec = ncec_lookup_illgrp(ill, addr, ncec); 689 mutex_exit(&ipst->ips_ndp6->ndp_g_lock); 690 rw_exit(&ipst->ips_ill_g_lock); 691 return (ncec); 692 } 693 /* 694 * IPv4 Cache entry lookup. Try to find an ncec matching the parameters passed. 695 * If one is found, the refcnt on the ncec will be incremented. 696 */ 697 ncec_t * 698 ncec_lookup_illgrp_v4(ill_t *ill, const in_addr_t *addr) 699 { 700 ncec_t *ncec = NULL; 701 in6_addr_t addr6; 702 ip_stack_t *ipst = ill->ill_ipst; 703 704 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 705 mutex_enter(&ipst->ips_ndp4->ndp_g_lock); 706 707 /* Get head of v4 hash table */ 708 ncec = *((ncec_t **)NCE_HASH_PTR_V4(ipst, *addr)); 709 IN6_IPADDR_TO_V4MAPPED(*addr, &addr6); 710 ncec = ncec_lookup_illgrp(ill, &addr6, ncec); 711 mutex_exit(&ipst->ips_ndp4->ndp_g_lock); 712 rw_exit(&ipst->ips_ill_g_lock); 713 return (ncec); 714 } 715 716 /* 717 * Cache entry lookup. Try to find an ncec matching the parameters passed. 718 * If an ncec is found, increment the hold count on that ncec. 719 * The caller passes in the start of the appropriate hash table, and must 720 * be holding the appropriate global lock (ndp_g_lock). In addition, since 721 * this function matches ncec_t entries across the illgrp, the ips_ill_g_lock 722 * must be held as reader. 723 * 724 * This function always matches across the ipmp group. 725 */ 726 ncec_t * 727 ncec_lookup_illgrp(ill_t *ill, const in6_addr_t *addr, ncec_t *ncec) 728 { 729 ndp_g_t *ndp; 730 ip_stack_t *ipst = ill->ill_ipst; 731 732 if (ill->ill_isv6) 733 ndp = ipst->ips_ndp6; 734 else 735 ndp = ipst->ips_ndp4; 736 737 ASSERT(ill != NULL); 738 ASSERT(MUTEX_HELD(&ndp->ndp_g_lock)); 739 if (IN6_IS_ADDR_UNSPECIFIED(addr)) 740 return (NULL); 741 for (; ncec != NULL; ncec = ncec->ncec_next) { 742 if (ncec->ncec_ill == ill || 743 IS_IN_SAME_ILLGRP(ill, ncec->ncec_ill)) { 744 if (IN6_ARE_ADDR_EQUAL(&ncec->ncec_addr, addr)) { 745 mutex_enter(&ncec->ncec_lock); 746 if (!NCE_ISCONDEMNED(ncec)) { 747 ncec_refhold_locked(ncec); 748 mutex_exit(&ncec->ncec_lock); 749 break; 750 } 751 mutex_exit(&ncec->ncec_lock); 752 } 753 } 754 } 755 return (ncec); 756 } 757 758 /* 759 * Find an nce_t on ill with nce_addr == addr. Lookup the nce_t 760 * entries for ill only, i.e., when ill is part of an ipmp group, 761 * nce_lookup_v4 will never try to match across the group. 762 */ 763 nce_t * 764 nce_lookup_v4(ill_t *ill, const in_addr_t *addr) 765 { 766 nce_t *nce; 767 in6_addr_t addr6; 768 ip_stack_t *ipst = ill->ill_ipst; 769 770 mutex_enter(&ipst->ips_ndp4->ndp_g_lock); 771 IN6_IPADDR_TO_V4MAPPED(*addr, &addr6); 772 nce = nce_lookup_addr(ill, &addr6); 773 mutex_exit(&ipst->ips_ndp4->ndp_g_lock); 774 return (nce); 775 } 776 777 /* 778 * Find an nce_t on ill with nce_addr == addr. Lookup the nce_t 779 * entries for ill only, i.e., when ill is part of an ipmp group, 780 * nce_lookup_v6 will never try to match across the group. 781 */ 782 nce_t * 783 nce_lookup_v6(ill_t *ill, const in6_addr_t *addr6) 784 { 785 nce_t *nce; 786 ip_stack_t *ipst = ill->ill_ipst; 787 788 mutex_enter(&ipst->ips_ndp6->ndp_g_lock); 789 nce = nce_lookup_addr(ill, addr6); 790 mutex_exit(&ipst->ips_ndp6->ndp_g_lock); 791 return (nce); 792 } 793 794 static nce_t * 795 nce_lookup_addr(ill_t *ill, const in6_addr_t *addr) 796 { 797 nce_t *nce; 798 799 ASSERT(ill != NULL); 800 #ifdef DEBUG 801 if (ill->ill_isv6) 802 ASSERT(MUTEX_HELD(&ill->ill_ipst->ips_ndp6->ndp_g_lock)); 803 else 804 ASSERT(MUTEX_HELD(&ill->ill_ipst->ips_ndp4->ndp_g_lock)); 805 #endif 806 mutex_enter(&ill->ill_lock); 807 nce = nce_lookup(ill, addr); 808 mutex_exit(&ill->ill_lock); 809 return (nce); 810 } 811 812 813 /* 814 * Router turned to host. We need to make sure that cached copies of the ncec 815 * are not used for forwarding packets if they were derived from the default 816 * route, and that the default route itself is removed, as required by 817 * section 7.2.5 of RFC 2461. 818 * 819 * Note that the ncec itself probably has valid link-layer information for the 820 * nexthop, so that there is no reason to delete the ncec, as long as the 821 * ISROUTER flag is turned off. 822 */ 823 static void 824 ncec_router_to_host(ncec_t *ncec) 825 { 826 ire_t *ire; 827 ip_stack_t *ipst = ncec->ncec_ipst; 828 829 mutex_enter(&ncec->ncec_lock); 830 ncec->ncec_flags &= ~NCE_F_ISROUTER; 831 mutex_exit(&ncec->ncec_lock); 832 833 ire = ire_ftable_lookup_v6(&ipv6_all_zeros, &ipv6_all_zeros, 834 &ncec->ncec_addr, IRE_DEFAULT, ncec->ncec_ill, ALL_ZONES, NULL, 835 MATCH_IRE_ILL | MATCH_IRE_TYPE | MATCH_IRE_GW, 0, ipst, NULL); 836 if (ire != NULL) { 837 ip_rts_rtmsg(RTM_DELETE, ire, 0, ipst); 838 ire_delete(ire); 839 ire_refrele(ire); 840 } 841 } 842 843 /* 844 * Process passed in parameters either from an incoming packet or via 845 * user ioctl. 846 */ 847 void 848 nce_process(ncec_t *ncec, uchar_t *hw_addr, uint32_t flag, boolean_t is_adv) 849 { 850 ill_t *ill = ncec->ncec_ill; 851 uint32_t hw_addr_len = ill->ill_phys_addr_length; 852 boolean_t ll_updated = B_FALSE; 853 boolean_t ll_changed; 854 nce_t *nce; 855 856 ASSERT(ncec->ncec_ipversion == IPV6_VERSION); 857 /* 858 * No updates of link layer address or the neighbor state is 859 * allowed, when the cache is in NONUD state. This still 860 * allows for responding to reachability solicitation. 861 */ 862 mutex_enter(&ncec->ncec_lock); 863 if (ncec->ncec_state == ND_INCOMPLETE) { 864 if (hw_addr == NULL) { 865 mutex_exit(&ncec->ncec_lock); 866 return; 867 } 868 nce_set_ll(ncec, hw_addr); 869 /* 870 * Update ncec state and send the queued packets 871 * back to ip this time ire will be added. 872 */ 873 if (flag & ND_NA_FLAG_SOLICITED) { 874 nce_update(ncec, ND_REACHABLE, NULL); 875 } else { 876 nce_update(ncec, ND_STALE, NULL); 877 } 878 mutex_exit(&ncec->ncec_lock); 879 nce = nce_fastpath(ncec, B_TRUE, NULL); 880 nce_resolv_ok(ncec); 881 if (nce != NULL) 882 nce_refrele(nce); 883 return; 884 } 885 ll_changed = nce_cmp_ll_addr(ncec, hw_addr, hw_addr_len); 886 if (!is_adv) { 887 /* If this is a SOLICITATION request only */ 888 if (ll_changed) 889 nce_update(ncec, ND_STALE, hw_addr); 890 mutex_exit(&ncec->ncec_lock); 891 ncec_cb_dispatch(ncec); 892 return; 893 } 894 if (!(flag & ND_NA_FLAG_OVERRIDE) && ll_changed) { 895 /* If in any other state than REACHABLE, ignore */ 896 if (ncec->ncec_state == ND_REACHABLE) { 897 nce_update(ncec, ND_STALE, NULL); 898 } 899 mutex_exit(&ncec->ncec_lock); 900 ncec_cb_dispatch(ncec); 901 return; 902 } else { 903 if (ll_changed) { 904 nce_update(ncec, ND_UNCHANGED, hw_addr); 905 ll_updated = B_TRUE; 906 } 907 if (flag & ND_NA_FLAG_SOLICITED) { 908 nce_update(ncec, ND_REACHABLE, NULL); 909 } else { 910 if (ll_updated) { 911 nce_update(ncec, ND_STALE, NULL); 912 } 913 } 914 mutex_exit(&ncec->ncec_lock); 915 if (!(flag & ND_NA_FLAG_ROUTER) && (ncec->ncec_flags & 916 NCE_F_ISROUTER)) { 917 ncec_router_to_host(ncec); 918 } else { 919 ncec_cb_dispatch(ncec); 920 } 921 } 922 } 923 924 /* 925 * Pass arg1 to the pfi supplied, along with each ncec in existence. 926 * ncec_walk() places a REFHOLD on the ncec and drops the lock when 927 * walking the hash list. 928 */ 929 void 930 ncec_walk_common(ndp_g_t *ndp, ill_t *ill, pfi_t pfi, void *arg1, 931 boolean_t trace) 932 { 933 ncec_t *ncec; 934 ncec_t *ncec1; 935 ncec_t **ncep; 936 ncec_t *free_nce_list = NULL; 937 938 mutex_enter(&ndp->ndp_g_lock); 939 /* Prevent ncec_delete from unlink and free of NCE */ 940 ndp->ndp_g_walker++; 941 mutex_exit(&ndp->ndp_g_lock); 942 for (ncep = ndp->nce_hash_tbl; 943 ncep < A_END(ndp->nce_hash_tbl); ncep++) { 944 for (ncec = *ncep; ncec != NULL; ncec = ncec1) { 945 ncec1 = ncec->ncec_next; 946 if (ill == NULL || ncec->ncec_ill == ill) { 947 if (trace) { 948 ncec_refhold(ncec); 949 (*pfi)(ncec, arg1); 950 ncec_refrele(ncec); 951 } else { 952 ncec_refhold_notr(ncec); 953 (*pfi)(ncec, arg1); 954 ncec_refrele_notr(ncec); 955 } 956 } 957 } 958 } 959 mutex_enter(&ndp->ndp_g_lock); 960 ndp->ndp_g_walker--; 961 if (ndp->ndp_g_walker_cleanup && ndp->ndp_g_walker == 0) { 962 /* Time to delete condemned entries */ 963 for (ncep = ndp->nce_hash_tbl; 964 ncep < A_END(ndp->nce_hash_tbl); ncep++) { 965 ncec = *ncep; 966 if (ncec != NULL) { 967 nce_remove(ndp, ncec, &free_nce_list); 968 } 969 } 970 ndp->ndp_g_walker_cleanup = B_FALSE; 971 } 972 973 mutex_exit(&ndp->ndp_g_lock); 974 975 if (free_nce_list != NULL) { 976 nce_cleanup_list(free_nce_list); 977 } 978 } 979 980 /* 981 * Walk everything. 982 * Note that ill can be NULL hence can't derive the ipst from it. 983 */ 984 void 985 ncec_walk(ill_t *ill, pfi_t pfi, void *arg1, ip_stack_t *ipst) 986 { 987 ncec_walk_common(ipst->ips_ndp4, ill, pfi, arg1, B_TRUE); 988 ncec_walk_common(ipst->ips_ndp6, ill, pfi, arg1, B_TRUE); 989 } 990 991 /* 992 * For each interface an entry is added for the unspecified multicast group. 993 * Here that mapping is used to form the multicast cache entry for a particular 994 * multicast destination. 995 */ 996 static int 997 nce_set_multicast_v6(ill_t *ill, const in6_addr_t *dst, 998 uint16_t flags, nce_t **newnce) 999 { 1000 uchar_t *hw_addr; 1001 int err = 0; 1002 ip_stack_t *ipst = ill->ill_ipst; 1003 nce_t *nce; 1004 1005 ASSERT(ill != NULL); 1006 ASSERT(ill->ill_isv6); 1007 ASSERT(!(IN6_IS_ADDR_UNSPECIFIED(dst))); 1008 1009 mutex_enter(&ipst->ips_ndp6->ndp_g_lock); 1010 nce = nce_lookup_addr(ill, dst); 1011 if (nce != NULL) { 1012 mutex_exit(&ipst->ips_ndp6->ndp_g_lock); 1013 goto done; 1014 } 1015 if (ill->ill_net_type == IRE_IF_RESOLVER) { 1016 /* 1017 * For IRE_IF_RESOLVER a hardware mapping can be 1018 * generated. 1019 */ 1020 hw_addr = kmem_alloc(ill->ill_nd_lla_len, KM_NOSLEEP); 1021 if (hw_addr == NULL) { 1022 mutex_exit(&ipst->ips_ndp6->ndp_g_lock); 1023 return (ENOMEM); 1024 } 1025 ip_mcast_mapping(ill, (uchar_t *)dst, hw_addr); 1026 } else { 1027 /* No hw_addr is needed for IRE_IF_NORESOLVER. */ 1028 hw_addr = NULL; 1029 } 1030 ASSERT((flags & NCE_F_MCAST) != 0); 1031 ASSERT((flags & NCE_F_NONUD) != 0); 1032 /* nce_state will be computed by nce_add_common() */ 1033 err = nce_add_v6(ill, hw_addr, ill->ill_phys_addr_length, dst, flags, 1034 ND_UNCHANGED, &nce); 1035 mutex_exit(&ipst->ips_ndp6->ndp_g_lock); 1036 if (err == 0) 1037 err = nce_add_v6_postprocess(nce); 1038 if (hw_addr != NULL) 1039 kmem_free(hw_addr, ill->ill_nd_lla_len); 1040 if (err != 0) { 1041 ip1dbg(("nce_set_multicast_v6: create failed" "%d\n", err)); 1042 return (err); 1043 } 1044 done: 1045 ASSERT(nce->nce_common->ncec_state == ND_REACHABLE); 1046 if (newnce != NULL) 1047 *newnce = nce; 1048 else 1049 nce_refrele(nce); 1050 return (0); 1051 } 1052 1053 /* 1054 * Return the link layer address, and any flags of a ncec. 1055 */ 1056 int 1057 ndp_query(ill_t *ill, struct lif_nd_req *lnr) 1058 { 1059 ncec_t *ncec; 1060 in6_addr_t *addr; 1061 sin6_t *sin6; 1062 1063 ASSERT(ill != NULL && ill->ill_isv6); 1064 sin6 = (sin6_t *)&lnr->lnr_addr; 1065 addr = &sin6->sin6_addr; 1066 1067 /* 1068 * NOTE: if the ill is an IPMP interface, then match against the whole 1069 * illgrp. This e.g. allows in.ndpd to retrieve the link layer 1070 * addresses for the data addresses on an IPMP interface even though 1071 * ipif_ndp_up() created them with an ncec_ill of ipif_bound_ill. 1072 */ 1073 ncec = ncec_lookup_illgrp_v6(ill, addr); 1074 if (ncec == NULL) 1075 return (ESRCH); 1076 /* If no link layer address is available yet, return ESRCH */ 1077 if (!NCE_ISREACHABLE(ncec)) { 1078 ncec_refrele(ncec); 1079 return (ESRCH); 1080 } 1081 lnr->lnr_hdw_len = ill->ill_phys_addr_length; 1082 bcopy(ncec->ncec_lladdr, (uchar_t *)&lnr->lnr_hdw_addr, 1083 lnr->lnr_hdw_len); 1084 if (ncec->ncec_flags & NCE_F_ISROUTER) 1085 lnr->lnr_flags = NDF_ISROUTER_ON; 1086 if (ncec->ncec_flags & NCE_F_ANYCAST) 1087 lnr->lnr_flags |= NDF_ANYCAST_ON; 1088 ncec_refrele(ncec); 1089 return (0); 1090 } 1091 1092 /* 1093 * Finish setting up the Enable/Disable multicast for the driver. 1094 */ 1095 mblk_t * 1096 ndp_mcastreq(ill_t *ill, const in6_addr_t *v6group, uint32_t hw_addr_len, 1097 uint32_t hw_addr_offset, mblk_t *mp) 1098 { 1099 uchar_t *hw_addr; 1100 ipaddr_t v4group; 1101 uchar_t *addr; 1102 1103 ASSERT(ill->ill_net_type == IRE_IF_RESOLVER); 1104 if (IN6_IS_ADDR_V4MAPPED(v6group)) { 1105 IN6_V4MAPPED_TO_IPADDR(v6group, v4group); 1106 1107 ASSERT(CLASSD(v4group)); 1108 ASSERT(!(ill->ill_isv6)); 1109 1110 addr = (uchar_t *)&v4group; 1111 } else { 1112 ASSERT(IN6_IS_ADDR_MULTICAST(v6group)); 1113 ASSERT(ill->ill_isv6); 1114 1115 addr = (uchar_t *)v6group; 1116 } 1117 hw_addr = mi_offset_paramc(mp, hw_addr_offset, hw_addr_len); 1118 if (hw_addr == NULL) { 1119 ip0dbg(("ndp_mcastreq NULL hw_addr\n")); 1120 freemsg(mp); 1121 return (NULL); 1122 } 1123 1124 ip_mcast_mapping(ill, addr, hw_addr); 1125 return (mp); 1126 } 1127 1128 void 1129 ip_ndp_resolve(ncec_t *ncec) 1130 { 1131 in_addr_t sender4 = INADDR_ANY; 1132 in6_addr_t sender6 = ipv6_all_zeros; 1133 ill_t *src_ill; 1134 uint32_t ms; 1135 1136 src_ill = nce_resolve_src(ncec, &sender6); 1137 if (src_ill == NULL) { 1138 /* Make sure we try again later */ 1139 ms = ncec->ncec_ill->ill_reachable_retrans_time; 1140 nce_restart_timer(ncec, (clock_t)ms); 1141 return; 1142 } 1143 if (ncec->ncec_ipversion == IPV4_VERSION) 1144 IN6_V4MAPPED_TO_IPADDR(&sender6, sender4); 1145 mutex_enter(&ncec->ncec_lock); 1146 if (ncec->ncec_ipversion == IPV6_VERSION) 1147 ms = ndp_solicit(ncec, sender6, src_ill); 1148 else 1149 ms = arp_request(ncec, sender4, src_ill); 1150 mutex_exit(&ncec->ncec_lock); 1151 if (ms == 0) { 1152 if (ncec->ncec_state != ND_REACHABLE) { 1153 if (ncec->ncec_ipversion == IPV6_VERSION) 1154 ndp_resolv_failed(ncec); 1155 else 1156 arp_resolv_failed(ncec); 1157 ASSERT((ncec->ncec_flags & NCE_F_STATIC) == 0); 1158 nce_make_unreachable(ncec); 1159 ncec_delete(ncec); 1160 } 1161 } else { 1162 nce_restart_timer(ncec, (clock_t)ms); 1163 } 1164 done: 1165 ill_refrele(src_ill); 1166 } 1167 1168 /* 1169 * Send an IPv6 neighbor solicitation. 1170 * Returns number of milliseconds after which we should either rexmit or abort. 1171 * Return of zero means we should abort. 1172 * The caller holds the ncec_lock to protect ncec_qd_mp and ncec_rcnt. 1173 * The optional source address is used as a hint to ndp_solicit for 1174 * which source to use in the packet. 1175 * 1176 * NOTE: This routine drops ncec_lock (and later reacquires it) when sending 1177 * the packet. 1178 */ 1179 uint32_t 1180 ndp_solicit(ncec_t *ncec, in6_addr_t src, ill_t *ill) 1181 { 1182 in6_addr_t dst; 1183 boolean_t dropped = B_FALSE; 1184 1185 ASSERT(ncec->ncec_ipversion == IPV6_VERSION); 1186 ASSERT(MUTEX_HELD(&ncec->ncec_lock)); 1187 1188 if (ncec->ncec_rcnt == 0) 1189 return (0); 1190 1191 dst = ncec->ncec_addr; 1192 ncec->ncec_rcnt--; 1193 mutex_exit(&ncec->ncec_lock); 1194 dropped = ndp_xmit(ill, ND_NEIGHBOR_SOLICIT, ill->ill_phys_addr, 1195 ill->ill_phys_addr_length, &src, &dst, 0); 1196 mutex_enter(&ncec->ncec_lock); 1197 if (dropped) 1198 ncec->ncec_rcnt++; 1199 return (ncec->ncec_ill->ill_reachable_retrans_time); 1200 } 1201 1202 /* 1203 * Attempt to recover an address on an interface that's been marked as a 1204 * duplicate. Because NCEs are destroyed when the interface goes down, there's 1205 * no easy way to just probe the address and have the right thing happen if 1206 * it's no longer in use. Instead, we just bring it up normally and allow the 1207 * regular interface start-up logic to probe for a remaining duplicate and take 1208 * us back down if necessary. 1209 * Neither DHCP nor temporary addresses arrive here; they're excluded by 1210 * ip_ndp_excl. 1211 */ 1212 /* ARGSUSED */ 1213 void 1214 ip_addr_recover(ipsq_t *ipsq, queue_t *rq, mblk_t *mp, void *dummy_arg) 1215 { 1216 ill_t *ill = rq->q_ptr; 1217 ipif_t *ipif; 1218 in6_addr_t *addr6 = (in6_addr_t *)mp->b_rptr; 1219 in_addr_t *addr4 = (in_addr_t *)mp->b_rptr; 1220 boolean_t addr_equal; 1221 1222 for (ipif = ill->ill_ipif; ipif != NULL; ipif = ipif->ipif_next) { 1223 /* 1224 * We do not support recovery of proxy ARP'd interfaces, 1225 * because the system lacks a complete proxy ARP mechanism. 1226 */ 1227 if (ill->ill_isv6) { 1228 addr_equal = IN6_ARE_ADDR_EQUAL(&ipif->ipif_v6lcl_addr, 1229 addr6); 1230 } else { 1231 addr_equal = (ipif->ipif_lcl_addr == *addr4); 1232 } 1233 1234 if ((ipif->ipif_flags & IPIF_POINTOPOINT) || !addr_equal) 1235 continue; 1236 1237 /* 1238 * If we have already recovered or if the interface is going 1239 * away, then ignore. 1240 */ 1241 mutex_enter(&ill->ill_lock); 1242 if (!(ipif->ipif_flags & IPIF_DUPLICATE) || 1243 (ipif->ipif_state_flags & IPIF_CONDEMNED)) { 1244 mutex_exit(&ill->ill_lock); 1245 continue; 1246 } 1247 1248 ipif->ipif_flags &= ~IPIF_DUPLICATE; 1249 ill->ill_ipif_dup_count--; 1250 mutex_exit(&ill->ill_lock); 1251 ipif->ipif_was_dup = B_TRUE; 1252 1253 if (ill->ill_isv6) { 1254 VERIFY(ipif_ndp_up(ipif, B_TRUE) != EINPROGRESS); 1255 (void) ipif_up_done_v6(ipif); 1256 } else { 1257 VERIFY(ipif_arp_up(ipif, Res_act_initial, B_TRUE) != 1258 EINPROGRESS); 1259 (void) ipif_up_done(ipif); 1260 } 1261 } 1262 freeb(mp); 1263 } 1264 1265 /* 1266 * Attempt to recover an IPv6 interface that's been shut down as a duplicate. 1267 * As long as someone else holds the address, the interface will stay down. 1268 * When that conflict goes away, the interface is brought back up. This is 1269 * done so that accidental shutdowns of addresses aren't made permanent. Your 1270 * server will recover from a failure. 1271 * 1272 * For DHCP and temporary addresses, recovery is not done in the kernel. 1273 * Instead, it's handled by user space processes (dhcpagent and in.ndpd). 1274 * 1275 * This function is entered on a timer expiry; the ID is in ipif_recovery_id. 1276 */ 1277 void 1278 ipif_dup_recovery(void *arg) 1279 { 1280 ipif_t *ipif = arg; 1281 1282 ipif->ipif_recovery_id = 0; 1283 if (!(ipif->ipif_flags & IPIF_DUPLICATE)) 1284 return; 1285 1286 /* 1287 * No lock, because this is just an optimization. 1288 */ 1289 if (ipif->ipif_state_flags & IPIF_CONDEMNED) 1290 return; 1291 1292 /* If the link is down, we'll retry this later */ 1293 if (!(ipif->ipif_ill->ill_phyint->phyint_flags & PHYI_RUNNING)) 1294 return; 1295 1296 ipif_do_recovery(ipif); 1297 } 1298 1299 /* 1300 * Perform interface recovery by forcing the duplicate interfaces up and 1301 * allowing the system to determine which ones should stay up. 1302 * 1303 * Called both by recovery timer expiry and link-up notification. 1304 */ 1305 void 1306 ipif_do_recovery(ipif_t *ipif) 1307 { 1308 ill_t *ill = ipif->ipif_ill; 1309 mblk_t *mp; 1310 ip_stack_t *ipst = ill->ill_ipst; 1311 size_t mp_size; 1312 1313 if (ipif->ipif_isv6) 1314 mp_size = sizeof (ipif->ipif_v6lcl_addr); 1315 else 1316 mp_size = sizeof (ipif->ipif_lcl_addr); 1317 mp = allocb(mp_size, BPRI_MED); 1318 if (mp == NULL) { 1319 mutex_enter(&ill->ill_lock); 1320 if (ipst->ips_ip_dup_recovery > 0 && 1321 ipif->ipif_recovery_id == 0 && 1322 !(ipif->ipif_state_flags & IPIF_CONDEMNED)) { 1323 ipif->ipif_recovery_id = timeout(ipif_dup_recovery, 1324 ipif, MSEC_TO_TICK(ipst->ips_ip_dup_recovery)); 1325 } 1326 mutex_exit(&ill->ill_lock); 1327 } else { 1328 /* 1329 * A recovery timer may still be running if we got here from 1330 * ill_restart_dad(); cancel that timer. 1331 */ 1332 if (ipif->ipif_recovery_id != 0) 1333 (void) untimeout(ipif->ipif_recovery_id); 1334 ipif->ipif_recovery_id = 0; 1335 1336 if (ipif->ipif_isv6) { 1337 bcopy(&ipif->ipif_v6lcl_addr, mp->b_rptr, 1338 sizeof (ipif->ipif_v6lcl_addr)); 1339 } else { 1340 bcopy(&ipif->ipif_lcl_addr, mp->b_rptr, 1341 sizeof (ipif->ipif_lcl_addr)); 1342 } 1343 ill_refhold(ill); 1344 qwriter_ip(ill, ill->ill_rq, mp, ip_addr_recover, NEW_OP, 1345 B_FALSE); 1346 } 1347 } 1348 1349 /* 1350 * Find the MAC and IP addresses in an NA/NS message. 1351 */ 1352 static void 1353 ip_ndp_find_addresses(mblk_t *mp, ip_recv_attr_t *ira, ill_t *ill, 1354 in6_addr_t *targp, uchar_t **haddr, uint_t *haddrlenp) 1355 { 1356 icmp6_t *icmp6 = (icmp6_t *)(mp->b_rptr + IPV6_HDR_LEN); 1357 nd_neighbor_solicit_t *ns = (nd_neighbor_solicit_t *)icmp6; 1358 uchar_t *addr; 1359 int alen; 1360 1361 /* icmp_inbound_v6 ensures this */ 1362 ASSERT(ira->ira_flags & IRAF_L2SRC_SET); 1363 1364 addr = ira->ira_l2src; 1365 alen = ill->ill_phys_addr_length; 1366 if (alen > 0) { 1367 *haddr = addr; 1368 *haddrlenp = alen; 1369 } else { 1370 *haddr = NULL; 1371 *haddrlenp = 0; 1372 } 1373 1374 /* nd_ns_target and nd_na_target are at the same offset, so we cheat */ 1375 *targp = ns->nd_ns_target; 1376 } 1377 1378 /* 1379 * This is for exclusive changes due to NDP duplicate address detection 1380 * failure. 1381 */ 1382 /* ARGSUSED */ 1383 static void 1384 ip_ndp_excl(ipsq_t *ipsq, queue_t *rq, mblk_t *mp, void *dummy_arg) 1385 { 1386 ill_t *ill = rq->q_ptr; 1387 ipif_t *ipif; 1388 uchar_t *haddr; 1389 uint_t haddrlen; 1390 ip_stack_t *ipst = ill->ill_ipst; 1391 in6_addr_t targ; 1392 ip_recv_attr_t iras; 1393 mblk_t *attrmp; 1394 1395 attrmp = mp; 1396 mp = mp->b_cont; 1397 attrmp->b_cont = NULL; 1398 if (!ip_recv_attr_from_mblk(attrmp, &iras)) { 1399 /* The ill or ip_stack_t disappeared on us */ 1400 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 1401 ip_drop_input("ip_recv_attr_from_mblk", mp, ill); 1402 freemsg(mp); 1403 ira_cleanup(&iras, B_TRUE); 1404 return; 1405 } 1406 1407 ASSERT(ill == iras.ira_rill); 1408 1409 ip_ndp_find_addresses(mp, &iras, ill, &targ, &haddr, &haddrlen); 1410 if (haddr != NULL && haddrlen == ill->ill_phys_addr_length) { 1411 /* 1412 * Ignore conflicts generated by misbehaving switches that 1413 * just reflect our own messages back to us. For IPMP, we may 1414 * see reflections across any ill in the illgrp. 1415 * 1416 * RFC2462 and revisions tried to detect both the case 1417 * when a statically configured IPv6 address is a duplicate, 1418 * and the case when the L2 address itself is a duplicate. The 1419 * later is important because, with stateles address autoconf, 1420 * if the L2 address is a duplicate, the resulting IPv6 1421 * address(es) would also be duplicates. We rely on DAD of the 1422 * IPv6 address itself to detect the latter case. 1423 */ 1424 /* For an under ill_grp can change under lock */ 1425 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 1426 if (bcmp(haddr, ill->ill_phys_addr, haddrlen) == 0 || 1427 IS_UNDER_IPMP(ill) && 1428 ipmp_illgrp_find_ill(ill->ill_grp, haddr, 1429 haddrlen) != NULL) { 1430 rw_exit(&ipst->ips_ill_g_lock); 1431 goto ignore_conflict; 1432 } 1433 rw_exit(&ipst->ips_ill_g_lock); 1434 } 1435 1436 /* 1437 * Look up the appropriate ipif. 1438 */ 1439 ipif = ipif_lookup_addr_v6(&targ, ill, ALL_ZONES, ipst); 1440 if (ipif == NULL) 1441 goto ignore_conflict; 1442 1443 /* Reload the ill to match the ipif */ 1444 ill = ipif->ipif_ill; 1445 1446 /* If it's already duplicate or ineligible, then don't do anything. */ 1447 if (ipif->ipif_flags & (IPIF_POINTOPOINT|IPIF_DUPLICATE)) { 1448 ipif_refrele(ipif); 1449 goto ignore_conflict; 1450 } 1451 1452 /* 1453 * If this is a failure during duplicate recovery, then don't 1454 * complain. It may take a long time to recover. 1455 */ 1456 if (!ipif->ipif_was_dup) { 1457 char ibuf[LIFNAMSIZ]; 1458 char hbuf[MAC_STR_LEN]; 1459 char sbuf[INET6_ADDRSTRLEN]; 1460 1461 ipif_get_name(ipif, ibuf, sizeof (ibuf)); 1462 cmn_err(CE_WARN, "%s has duplicate address %s (in use by %s);" 1463 " disabled", ibuf, 1464 inet_ntop(AF_INET6, &targ, sbuf, sizeof (sbuf)), 1465 mac_colon_addr(haddr, haddrlen, hbuf, sizeof (hbuf))); 1466 } 1467 mutex_enter(&ill->ill_lock); 1468 ASSERT(!(ipif->ipif_flags & IPIF_DUPLICATE)); 1469 ipif->ipif_flags |= IPIF_DUPLICATE; 1470 ill->ill_ipif_dup_count++; 1471 mutex_exit(&ill->ill_lock); 1472 (void) ipif_down(ipif, NULL, NULL); 1473 (void) ipif_down_tail(ipif); 1474 mutex_enter(&ill->ill_lock); 1475 if (!(ipif->ipif_flags & (IPIF_DHCPRUNNING|IPIF_TEMPORARY)) && 1476 ill->ill_net_type == IRE_IF_RESOLVER && 1477 !(ipif->ipif_state_flags & IPIF_CONDEMNED) && 1478 ipst->ips_ip_dup_recovery > 0) { 1479 ASSERT(ipif->ipif_recovery_id == 0); 1480 ipif->ipif_recovery_id = timeout(ipif_dup_recovery, 1481 ipif, MSEC_TO_TICK(ipst->ips_ip_dup_recovery)); 1482 } 1483 mutex_exit(&ill->ill_lock); 1484 ipif_refrele(ipif); 1485 1486 ignore_conflict: 1487 freemsg(mp); 1488 ira_cleanup(&iras, B_TRUE); 1489 } 1490 1491 /* 1492 * Handle failure by tearing down the ipifs with the specified address. Note 1493 * that tearing down the ipif also means deleting the ncec through ipif_down, so 1494 * it's not possible to do recovery by just restarting the ncec timer. Instead, 1495 * we start a timer on the ipif. 1496 * Caller has to free mp; 1497 */ 1498 static void 1499 ndp_failure(mblk_t *mp, ip_recv_attr_t *ira) 1500 { 1501 const uchar_t *haddr; 1502 ill_t *ill = ira->ira_rill; 1503 1504 /* 1505 * Ignore conflicts generated by misbehaving switches that just 1506 * reflect our own messages back to us. 1507 */ 1508 1509 /* icmp_inbound_v6 ensures this */ 1510 ASSERT(ira->ira_flags & IRAF_L2SRC_SET); 1511 haddr = ira->ira_l2src; 1512 if (haddr != NULL && 1513 bcmp(haddr, ill->ill_phys_addr, ill->ill_phys_addr_length) == 0) { 1514 return; 1515 } 1516 1517 if ((mp = copymsg(mp)) != NULL) { 1518 mblk_t *attrmp; 1519 1520 attrmp = ip_recv_attr_to_mblk(ira); 1521 if (attrmp == NULL) { 1522 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 1523 ip_drop_input("ipIfStatsInDiscards", mp, ill); 1524 freemsg(mp); 1525 } else { 1526 ASSERT(attrmp->b_cont == NULL); 1527 attrmp->b_cont = mp; 1528 mp = attrmp; 1529 ill_refhold(ill); 1530 qwriter_ip(ill, ill->ill_rq, mp, ip_ndp_excl, NEW_OP, 1531 B_FALSE); 1532 } 1533 } 1534 } 1535 1536 /* 1537 * Handle a discovered conflict: some other system is advertising that it owns 1538 * one of our IP addresses. We need to defend ourselves, or just shut down the 1539 * interface. 1540 * 1541 * Handles both IPv4 and IPv6 1542 */ 1543 boolean_t 1544 ip_nce_conflict(mblk_t *mp, ip_recv_attr_t *ira, ncec_t *ncec) 1545 { 1546 ipif_t *ipif; 1547 clock_t now; 1548 uint_t maxdefense; 1549 uint_t defs; 1550 ill_t *ill = ira->ira_ill; 1551 ip_stack_t *ipst = ill->ill_ipst; 1552 uint32_t elapsed; 1553 boolean_t isv6 = ill->ill_isv6; 1554 ipaddr_t ncec_addr; 1555 1556 if (isv6) { 1557 ipif = ipif_lookup_addr_v6(&ncec->ncec_addr, ill, ALL_ZONES, 1558 ipst); 1559 } else { 1560 if (arp_no_defense) { 1561 /* 1562 * Yes, there is a conflict, but no, we do not 1563 * defend ourself. 1564 */ 1565 return (B_TRUE); 1566 } 1567 IN6_V4MAPPED_TO_IPADDR(&ncec->ncec_addr, ncec_addr); 1568 ipif = ipif_lookup_addr(ncec_addr, ill, ALL_ZONES, 1569 ipst); 1570 } 1571 if (ipif == NULL) 1572 return (B_FALSE); 1573 1574 /* 1575 * First, figure out if this address is disposable. 1576 */ 1577 if (ipif->ipif_flags & (IPIF_DHCPRUNNING | IPIF_TEMPORARY)) 1578 maxdefense = ipst->ips_ip_max_temp_defend; 1579 else 1580 maxdefense = ipst->ips_ip_max_defend; 1581 1582 /* 1583 * Now figure out how many times we've defended ourselves. Ignore 1584 * defenses that happened long in the past. 1585 */ 1586 now = ddi_get_lbolt(); 1587 elapsed = (drv_hztousec(now - ncec->ncec_last_time_defended))/1000000; 1588 mutex_enter(&ncec->ncec_lock); 1589 if ((defs = ncec->ncec_defense_count) > 0 && 1590 elapsed > ipst->ips_ip_defend_interval) { 1591 /* 1592 * ip_defend_interval has elapsed. 1593 * reset the defense count. 1594 */ 1595 ncec->ncec_defense_count = defs = 0; 1596 } 1597 ncec->ncec_defense_count++; 1598 ncec->ncec_last_time_defended = now; 1599 mutex_exit(&ncec->ncec_lock); 1600 ipif_refrele(ipif); 1601 1602 /* 1603 * If we've defended ourselves too many times already, then give up and 1604 * tear down the interface(s) using this address. 1605 * Otherwise, caller has to defend by sending out an announce. 1606 */ 1607 if (defs >= maxdefense) { 1608 if (isv6) 1609 ndp_failure(mp, ira); 1610 else 1611 arp_failure(mp, ira); 1612 } else { 1613 return (B_TRUE); /* caller must defend this address */ 1614 } 1615 return (B_FALSE); 1616 } 1617 1618 /* 1619 * Handle reception of Neighbor Solicitation messages. 1620 */ 1621 static void 1622 ndp_input_solicit(mblk_t *mp, ip_recv_attr_t *ira) 1623 { 1624 ill_t *ill = ira->ira_ill, *under_ill; 1625 nd_neighbor_solicit_t *ns; 1626 uint32_t hlen = ill->ill_phys_addr_length; 1627 uchar_t *haddr = NULL; 1628 icmp6_t *icmp_nd; 1629 ip6_t *ip6h; 1630 ncec_t *our_ncec = NULL; 1631 in6_addr_t target; 1632 in6_addr_t src; 1633 int len; 1634 int flag = 0; 1635 nd_opt_hdr_t *opt = NULL; 1636 boolean_t bad_solicit = B_FALSE; 1637 mib2_ipv6IfIcmpEntry_t *mib = ill->ill_icmp6_mib; 1638 boolean_t need_ill_refrele = B_FALSE; 1639 1640 ip6h = (ip6_t *)mp->b_rptr; 1641 icmp_nd = (icmp6_t *)(mp->b_rptr + IPV6_HDR_LEN); 1642 len = mp->b_wptr - mp->b_rptr - IPV6_HDR_LEN; 1643 src = ip6h->ip6_src; 1644 ns = (nd_neighbor_solicit_t *)icmp_nd; 1645 target = ns->nd_ns_target; 1646 if (IN6_IS_ADDR_MULTICAST(&target)) { 1647 if (ip_debug > 2) { 1648 /* ip1dbg */ 1649 pr_addr_dbg("ndp_input_solicit: Target is" 1650 " multicast! %s\n", AF_INET6, &target); 1651 } 1652 bad_solicit = B_TRUE; 1653 goto done; 1654 } 1655 if (len > sizeof (nd_neighbor_solicit_t)) { 1656 /* Options present */ 1657 opt = (nd_opt_hdr_t *)&ns[1]; 1658 len -= sizeof (nd_neighbor_solicit_t); 1659 if (!ndp_verify_optlen(opt, len)) { 1660 ip1dbg(("ndp_input_solicit: Bad opt len\n")); 1661 bad_solicit = B_TRUE; 1662 goto done; 1663 } 1664 } 1665 if (IN6_IS_ADDR_UNSPECIFIED(&src)) { 1666 /* Check to see if this is a valid DAD solicitation */ 1667 if (!IN6_IS_ADDR_MC_SOLICITEDNODE(&ip6h->ip6_dst)) { 1668 if (ip_debug > 2) { 1669 /* ip1dbg */ 1670 pr_addr_dbg("ndp_input_solicit: IPv6 " 1671 "Destination is not solicited node " 1672 "multicast %s\n", AF_INET6, 1673 &ip6h->ip6_dst); 1674 } 1675 bad_solicit = B_TRUE; 1676 goto done; 1677 } 1678 } 1679 1680 /* 1681 * NOTE: with IPMP, it's possible the nominated multicast ill (which 1682 * received this packet if it's multicast) is not the ill tied to 1683 * e.g. the IPMP ill's data link-local. So we match across the illgrp 1684 * to ensure we find the associated NCE. 1685 */ 1686 our_ncec = ncec_lookup_illgrp_v6(ill, &target); 1687 /* 1688 * If this is a valid Solicitation for an address we are publishing, 1689 * then a PUBLISH entry should exist in the cache 1690 */ 1691 if (our_ncec == NULL || !NCE_PUBLISH(our_ncec)) { 1692 ip1dbg(("ndp_input_solicit: Wrong target in NS?!" 1693 "ifname=%s ", ill->ill_name)); 1694 if (ip_debug > 2) { 1695 /* ip1dbg */ 1696 pr_addr_dbg(" dst %s\n", AF_INET6, &target); 1697 } 1698 if (our_ncec == NULL) 1699 bad_solicit = B_TRUE; 1700 goto done; 1701 } 1702 1703 /* At this point we should have a verified NS per spec */ 1704 if (opt != NULL) { 1705 opt = ndp_get_option(opt, len, ND_OPT_SOURCE_LINKADDR); 1706 if (opt != NULL) { 1707 haddr = (uchar_t *)&opt[1]; 1708 if (hlen > opt->nd_opt_len * 8 - sizeof (*opt) || 1709 hlen == 0) { 1710 ip1dbg(("ndp_input_advert: bad SLLA\n")); 1711 bad_solicit = B_TRUE; 1712 goto done; 1713 } 1714 } 1715 } 1716 1717 /* If sending directly to peer, set the unicast flag */ 1718 if (!IN6_IS_ADDR_MULTICAST(&ip6h->ip6_dst)) 1719 flag |= NDP_UNICAST; 1720 1721 /* 1722 * Create/update the entry for the soliciting node on the ipmp_ill. 1723 * or respond to outstanding queries, don't if 1724 * the source is unspecified address. 1725 */ 1726 if (!IN6_IS_ADDR_UNSPECIFIED(&src)) { 1727 int err; 1728 nce_t *nnce; 1729 1730 ASSERT(ill->ill_isv6); 1731 /* 1732 * Regular solicitations *must* include the Source Link-Layer 1733 * Address option. Ignore messages that do not. 1734 */ 1735 if (haddr == NULL && IN6_IS_ADDR_MULTICAST(&ip6h->ip6_dst)) { 1736 ip1dbg(("ndp_input_solicit: source link-layer address " 1737 "option missing with a specified source.\n")); 1738 bad_solicit = B_TRUE; 1739 goto done; 1740 } 1741 1742 /* 1743 * This is a regular solicitation. If we're still in the 1744 * process of verifying the address, then don't respond at all 1745 * and don't keep track of the sender. 1746 */ 1747 if (our_ncec->ncec_state == ND_PROBE) 1748 goto done; 1749 1750 /* 1751 * If the solicitation doesn't have sender hardware address 1752 * (legal for unicast solicitation), then process without 1753 * installing the return NCE. Either we already know it, or 1754 * we'll be forced to look it up when (and if) we reply to the 1755 * packet. 1756 */ 1757 if (haddr == NULL) 1758 goto no_source; 1759 1760 under_ill = ill; 1761 if (IS_UNDER_IPMP(under_ill)) { 1762 ill = ipmp_ill_hold_ipmp_ill(under_ill); 1763 if (ill == NULL) 1764 ill = under_ill; 1765 else 1766 need_ill_refrele = B_TRUE; 1767 } 1768 err = nce_lookup_then_add_v6(ill, 1769 haddr, hlen, 1770 &src, /* Soliciting nodes address */ 1771 0, 1772 ND_STALE, 1773 &nnce); 1774 1775 if (need_ill_refrele) { 1776 ill_refrele(ill); 1777 ill = under_ill; 1778 need_ill_refrele = B_FALSE; 1779 } 1780 switch (err) { 1781 case 0: 1782 /* done with this entry */ 1783 nce_refrele(nnce); 1784 break; 1785 case EEXIST: 1786 /* 1787 * B_FALSE indicates this is not an an advertisement. 1788 */ 1789 nce_process(nnce->nce_common, haddr, 0, B_FALSE); 1790 nce_refrele(nnce); 1791 break; 1792 default: 1793 ip1dbg(("ndp_input_solicit: Can't create NCE %d\n", 1794 err)); 1795 goto done; 1796 } 1797 no_source: 1798 flag |= NDP_SOLICITED; 1799 } else { 1800 /* 1801 * No source link layer address option should be present in a 1802 * valid DAD request. 1803 */ 1804 if (haddr != NULL) { 1805 ip1dbg(("ndp_input_solicit: source link-layer address " 1806 "option present with an unspecified source.\n")); 1807 bad_solicit = B_TRUE; 1808 goto done; 1809 } 1810 if (our_ncec->ncec_state == ND_PROBE) { 1811 /* 1812 * Internally looped-back probes will have 1813 * IRAF_L2SRC_LOOPBACK set so we can ignore our own 1814 * transmissions. 1815 */ 1816 if (!(ira->ira_flags & IRAF_L2SRC_LOOPBACK)) { 1817 /* 1818 * If someone else is probing our address, then 1819 * we've crossed wires. Declare failure. 1820 */ 1821 ndp_failure(mp, ira); 1822 } 1823 goto done; 1824 } 1825 /* 1826 * This is a DAD probe. Multicast the advertisement to the 1827 * all-nodes address. 1828 */ 1829 src = ipv6_all_hosts_mcast; 1830 } 1831 flag |= nce_advert_flags(our_ncec); 1832 (void) ndp_xmit(ill, 1833 ND_NEIGHBOR_ADVERT, 1834 our_ncec->ncec_lladdr, 1835 our_ncec->ncec_lladdr_length, 1836 &target, /* Source and target of the advertisement pkt */ 1837 &src, /* IP Destination (source of original pkt) */ 1838 flag); 1839 done: 1840 if (bad_solicit) 1841 BUMP_MIB(mib, ipv6IfIcmpInBadNeighborSolicitations); 1842 if (our_ncec != NULL) 1843 ncec_refrele(our_ncec); 1844 } 1845 1846 /* 1847 * Handle reception of Neighbor Solicitation messages 1848 */ 1849 void 1850 ndp_input_advert(mblk_t *mp, ip_recv_attr_t *ira) 1851 { 1852 ill_t *ill = ira->ira_ill; 1853 nd_neighbor_advert_t *na; 1854 uint32_t hlen = ill->ill_phys_addr_length; 1855 uchar_t *haddr = NULL; 1856 icmp6_t *icmp_nd; 1857 ip6_t *ip6h; 1858 ncec_t *dst_ncec = NULL; 1859 in6_addr_t target; 1860 nd_opt_hdr_t *opt = NULL; 1861 int len; 1862 ip_stack_t *ipst = ill->ill_ipst; 1863 mib2_ipv6IfIcmpEntry_t *mib = ill->ill_icmp6_mib; 1864 1865 ip6h = (ip6_t *)mp->b_rptr; 1866 icmp_nd = (icmp6_t *)(mp->b_rptr + IPV6_HDR_LEN); 1867 len = mp->b_wptr - mp->b_rptr - IPV6_HDR_LEN; 1868 na = (nd_neighbor_advert_t *)icmp_nd; 1869 1870 if (IN6_IS_ADDR_MULTICAST(&ip6h->ip6_dst) && 1871 (na->nd_na_flags_reserved & ND_NA_FLAG_SOLICITED)) { 1872 ip1dbg(("ndp_input_advert: Target is multicast but the " 1873 "solicited flag is not zero\n")); 1874 BUMP_MIB(mib, ipv6IfIcmpInBadNeighborAdvertisements); 1875 return; 1876 } 1877 target = na->nd_na_target; 1878 if (IN6_IS_ADDR_MULTICAST(&target)) { 1879 ip1dbg(("ndp_input_advert: Target is multicast!\n")); 1880 BUMP_MIB(mib, ipv6IfIcmpInBadNeighborAdvertisements); 1881 return; 1882 } 1883 if (len > sizeof (nd_neighbor_advert_t)) { 1884 opt = (nd_opt_hdr_t *)&na[1]; 1885 if (!ndp_verify_optlen(opt, 1886 len - sizeof (nd_neighbor_advert_t))) { 1887 ip1dbg(("ndp_input_advert: cannot verify SLLA\n")); 1888 BUMP_MIB(mib, ipv6IfIcmpInBadNeighborAdvertisements); 1889 return; 1890 } 1891 /* At this point we have a verified NA per spec */ 1892 len -= sizeof (nd_neighbor_advert_t); 1893 opt = ndp_get_option(opt, len, ND_OPT_TARGET_LINKADDR); 1894 if (opt != NULL) { 1895 haddr = (uchar_t *)&opt[1]; 1896 if (hlen > opt->nd_opt_len * 8 - sizeof (*opt) || 1897 hlen == 0) { 1898 ip1dbg(("ndp_input_advert: bad SLLA\n")); 1899 BUMP_MIB(mib, 1900 ipv6IfIcmpInBadNeighborAdvertisements); 1901 return; 1902 } 1903 } 1904 } 1905 1906 /* 1907 * NOTE: we match across the illgrp since we need to do DAD for all of 1908 * our local addresses, and those are spread across all the active 1909 * ills in the group. 1910 */ 1911 if ((dst_ncec = ncec_lookup_illgrp_v6(ill, &target)) == NULL) 1912 return; 1913 1914 if (NCE_PUBLISH(dst_ncec)) { 1915 /* 1916 * Someone just advertised an addresses that we publish. First, 1917 * check it it was us -- if so, we can safely ignore it. 1918 * We don't get the haddr from the ira_l2src because, in the 1919 * case that the packet originated from us, on an IPMP group, 1920 * the ira_l2src may would be the link-layer address of the 1921 * cast_ill used to send the packet, which may not be the same 1922 * as the dst_ncec->ncec_lladdr of the address. 1923 */ 1924 if (haddr != NULL) { 1925 if (ira->ira_flags & IRAF_L2SRC_LOOPBACK) 1926 goto out; 1927 1928 if (!nce_cmp_ll_addr(dst_ncec, haddr, hlen)) 1929 goto out; /* from us -- no conflict */ 1930 1931 /* 1932 * If we're in an IPMP group, check if this is an echo 1933 * from another ill in the group. Use the double- 1934 * checked locking pattern to avoid grabbing 1935 * ill_g_lock in the non-IPMP case. 1936 */ 1937 if (IS_UNDER_IPMP(ill)) { 1938 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 1939 if (IS_UNDER_IPMP(ill) && ipmp_illgrp_find_ill( 1940 ill->ill_grp, haddr, hlen) != NULL) { 1941 rw_exit(&ipst->ips_ill_g_lock); 1942 goto out; 1943 } 1944 rw_exit(&ipst->ips_ill_g_lock); 1945 } 1946 } 1947 1948 /* 1949 * This appears to be a real conflict. If we're trying to 1950 * configure this NCE (ND_PROBE), then shut it down. 1951 * Otherwise, handle the discovered conflict. 1952 */ 1953 if (dst_ncec->ncec_state == ND_PROBE) { 1954 ndp_failure(mp, ira); 1955 } else { 1956 if (ip_nce_conflict(mp, ira, dst_ncec)) { 1957 char hbuf[MAC_STR_LEN]; 1958 char sbuf[INET6_ADDRSTRLEN]; 1959 1960 cmn_err(CE_WARN, 1961 "node '%s' is using %s on %s", 1962 inet_ntop(AF_INET6, &target, sbuf, 1963 sizeof (sbuf)), 1964 haddr == NULL ? "<none>" : 1965 mac_colon_addr(haddr, hlen, hbuf, 1966 sizeof (hbuf)), ill->ill_name); 1967 /* 1968 * RFC 4862, Section 5.4.4 does not mandate 1969 * any specific behavior when an NA matches 1970 * a non-tentative address assigned to the 1971 * receiver. We make the choice of defending 1972 * our address, based on the assumption that 1973 * the sender has not detected the Duplicate. 1974 * 1975 * ncec_last_time_defended has been adjusted 1976 * in ip_nce_conflict() 1977 */ 1978 (void) ndp_announce(dst_ncec); 1979 } 1980 } 1981 } else { 1982 if (na->nd_na_flags_reserved & ND_NA_FLAG_ROUTER) 1983 dst_ncec->ncec_flags |= NCE_F_ISROUTER; 1984 1985 /* B_TRUE indicates this an advertisement */ 1986 nce_process(dst_ncec, haddr, na->nd_na_flags_reserved, B_TRUE); 1987 } 1988 out: 1989 ncec_refrele(dst_ncec); 1990 } 1991 1992 /* 1993 * Process NDP neighbor solicitation/advertisement messages. 1994 * The checksum has already checked o.k before reaching here. 1995 * Information about the datalink header is contained in ira_l2src, but 1996 * that should be ignored for loopback packets. 1997 */ 1998 void 1999 ndp_input(mblk_t *mp, ip_recv_attr_t *ira) 2000 { 2001 ill_t *ill = ira->ira_rill; 2002 icmp6_t *icmp_nd; 2003 ip6_t *ip6h; 2004 int len; 2005 mib2_ipv6IfIcmpEntry_t *mib = ill->ill_icmp6_mib; 2006 ill_t *orig_ill = NULL; 2007 2008 /* 2009 * Since ira_ill is where the IRE_LOCAL was hosted we use ira_rill 2010 * and make it be the IPMP upper so avoid being confused by a packet 2011 * addressed to a unicast address on a different ill. 2012 */ 2013 if (IS_UNDER_IPMP(ill)) { 2014 orig_ill = ill; 2015 ill = ipmp_ill_hold_ipmp_ill(orig_ill); 2016 if (ill == NULL) { 2017 ill = orig_ill; 2018 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 2019 ip_drop_input("ipIfStatsInDiscards - IPMP ill", 2020 mp, ill); 2021 freemsg(mp); 2022 return; 2023 } 2024 ASSERT(ill != orig_ill); 2025 orig_ill = ira->ira_ill; 2026 ira->ira_ill = ill; 2027 mib = ill->ill_icmp6_mib; 2028 } 2029 if (!pullupmsg(mp, -1)) { 2030 ip1dbg(("ndp_input: pullupmsg failed\n")); 2031 BUMP_MIB(ill->ill_ip_mib, ipIfStatsInDiscards); 2032 ip_drop_input("ipIfStatsInDiscards - pullupmsg", mp, ill); 2033 goto done; 2034 } 2035 ip6h = (ip6_t *)mp->b_rptr; 2036 if (ip6h->ip6_hops != IPV6_MAX_HOPS) { 2037 ip1dbg(("ndp_input: hoplimit != IPV6_MAX_HOPS\n")); 2038 ip_drop_input("ipv6IfIcmpBadHoplimit", mp, ill); 2039 BUMP_MIB(mib, ipv6IfIcmpBadHoplimit); 2040 goto done; 2041 } 2042 /* 2043 * NDP does not accept any extension headers between the 2044 * IP header and the ICMP header since e.g. a routing 2045 * header could be dangerous. 2046 * This assumes that any AH or ESP headers are removed 2047 * by ip prior to passing the packet to ndp_input. 2048 */ 2049 if (ip6h->ip6_nxt != IPPROTO_ICMPV6) { 2050 ip1dbg(("ndp_input: Wrong next header 0x%x\n", 2051 ip6h->ip6_nxt)); 2052 ip_drop_input("Wrong next header", mp, ill); 2053 BUMP_MIB(mib, ipv6IfIcmpInErrors); 2054 goto done; 2055 } 2056 icmp_nd = (icmp6_t *)(mp->b_rptr + IPV6_HDR_LEN); 2057 ASSERT(icmp_nd->icmp6_type == ND_NEIGHBOR_SOLICIT || 2058 icmp_nd->icmp6_type == ND_NEIGHBOR_ADVERT); 2059 if (icmp_nd->icmp6_code != 0) { 2060 ip1dbg(("ndp_input: icmp6 code != 0 \n")); 2061 ip_drop_input("code non-zero", mp, ill); 2062 BUMP_MIB(mib, ipv6IfIcmpInErrors); 2063 goto done; 2064 } 2065 len = mp->b_wptr - mp->b_rptr - IPV6_HDR_LEN; 2066 /* 2067 * Make sure packet length is large enough for either 2068 * a NS or a NA icmp packet. 2069 */ 2070 if (len < sizeof (struct icmp6_hdr) + sizeof (struct in6_addr)) { 2071 ip1dbg(("ndp_input: packet too short\n")); 2072 ip_drop_input("packet too short", mp, ill); 2073 BUMP_MIB(mib, ipv6IfIcmpInErrors); 2074 goto done; 2075 } 2076 if (icmp_nd->icmp6_type == ND_NEIGHBOR_SOLICIT) { 2077 ndp_input_solicit(mp, ira); 2078 } else { 2079 ndp_input_advert(mp, ira); 2080 } 2081 done: 2082 freemsg(mp); 2083 if (orig_ill != NULL) { 2084 ill_refrele(ill); 2085 ira->ira_ill = orig_ill; 2086 } 2087 } 2088 2089 /* 2090 * ndp_xmit is called to form and transmit a ND solicitation or 2091 * advertisement ICMP packet. 2092 * 2093 * If the source address is unspecified and this isn't a probe (used for 2094 * duplicate address detection), an appropriate source address and link layer 2095 * address will be chosen here. The link layer address option is included if 2096 * the source is specified (i.e., all non-probe packets), and omitted (per the 2097 * specification) otherwise. 2098 * 2099 * It returns B_FALSE only if it does a successful put() to the 2100 * corresponding ill's ill_wq otherwise returns B_TRUE. 2101 */ 2102 static boolean_t 2103 ndp_xmit(ill_t *ill, uint32_t operation, uint8_t *hw_addr, uint_t hw_addr_len, 2104 const in6_addr_t *sender, const in6_addr_t *target, int flag) 2105 { 2106 uint32_t len; 2107 icmp6_t *icmp6; 2108 mblk_t *mp; 2109 ip6_t *ip6h; 2110 nd_opt_hdr_t *opt; 2111 uint_t plen; 2112 zoneid_t zoneid = GLOBAL_ZONEID; 2113 ill_t *hwaddr_ill = ill; 2114 ip_xmit_attr_t ixas; 2115 ip_stack_t *ipst = ill->ill_ipst; 2116 boolean_t need_refrele = B_FALSE; 2117 boolean_t probe = B_FALSE; 2118 2119 if (IS_UNDER_IPMP(ill)) { 2120 probe = ipif_lookup_testaddr_v6(ill, sender, NULL); 2121 /* 2122 * We send non-probe packets on the upper IPMP interface. 2123 * ip_output_simple() will use cast_ill for sending any 2124 * multicast packets. Note that we can't follow the same 2125 * logic for probe packets because all interfaces in the ipmp 2126 * group may have failed, so that we really want to only try 2127 * to send the ND packet on the ill corresponding to the src 2128 * address. 2129 */ 2130 if (!probe) { 2131 ill = ipmp_ill_hold_ipmp_ill(ill); 2132 if (ill != NULL) 2133 need_refrele = B_TRUE; 2134 else 2135 ill = hwaddr_ill; 2136 } 2137 } 2138 2139 /* 2140 * If we have a unspecified source(sender) address, select a 2141 * proper source address for the solicitation here itself so 2142 * that we can initialize the h/w address correctly. 2143 * 2144 * If the sender is specified then we use this address in order 2145 * to lookup the zoneid before calling ip_output_v6(). This is to 2146 * enable unicast ND_NEIGHBOR_ADVERT packets to be routed correctly 2147 * by IP (we cannot guarantee that the global zone has an interface 2148 * route to the destination). 2149 * 2150 * Note that the NA never comes here with the unspecified source 2151 * address. 2152 */ 2153 2154 /* 2155 * Probes will have unspec src at this point. 2156 */ 2157 if (!(IN6_IS_ADDR_UNSPECIFIED(sender))) { 2158 zoneid = ipif_lookup_addr_zoneid_v6(sender, ill, ipst); 2159 /* 2160 * It's possible for ipif_lookup_addr_zoneid_v6() to return 2161 * ALL_ZONES if it cannot find a matching ipif for the address 2162 * we are trying to use. In this case we err on the side of 2163 * trying to send the packet by defaulting to the GLOBAL_ZONEID. 2164 */ 2165 if (zoneid == ALL_ZONES) 2166 zoneid = GLOBAL_ZONEID; 2167 } 2168 2169 plen = (sizeof (nd_opt_hdr_t) + hw_addr_len + 7) / 8; 2170 len = IPV6_HDR_LEN + sizeof (nd_neighbor_advert_t) + plen * 8; 2171 mp = allocb(len, BPRI_LO); 2172 if (mp == NULL) { 2173 if (need_refrele) 2174 ill_refrele(ill); 2175 return (B_TRUE); 2176 } 2177 2178 bzero((char *)mp->b_rptr, len); 2179 mp->b_wptr = mp->b_rptr + len; 2180 2181 bzero(&ixas, sizeof (ixas)); 2182 ixas.ixa_flags = IXAF_BASIC_SIMPLE_V6 | IXAF_NO_HW_CKSUM; 2183 2184 ixas.ixa_ifindex = ill->ill_phyint->phyint_ifindex; 2185 ixas.ixa_ipst = ipst; 2186 ixas.ixa_cred = kcred; 2187 ixas.ixa_cpid = NOPID; 2188 ixas.ixa_tsl = NULL; 2189 ixas.ixa_zoneid = zoneid; 2190 2191 ip6h = (ip6_t *)mp->b_rptr; 2192 ip6h->ip6_vcf = IPV6_DEFAULT_VERS_AND_FLOW; 2193 ip6h->ip6_plen = htons(len - IPV6_HDR_LEN); 2194 ip6h->ip6_nxt = IPPROTO_ICMPV6; 2195 ip6h->ip6_hops = IPV6_MAX_HOPS; 2196 ixas.ixa_multicast_ttl = ip6h->ip6_hops; 2197 ip6h->ip6_dst = *target; 2198 icmp6 = (icmp6_t *)&ip6h[1]; 2199 2200 if (hw_addr_len != 0) { 2201 opt = (nd_opt_hdr_t *)((uint8_t *)ip6h + IPV6_HDR_LEN + 2202 sizeof (nd_neighbor_advert_t)); 2203 } else { 2204 opt = NULL; 2205 } 2206 if (operation == ND_NEIGHBOR_SOLICIT) { 2207 nd_neighbor_solicit_t *ns = (nd_neighbor_solicit_t *)icmp6; 2208 2209 if (opt != NULL && !(flag & NDP_PROBE)) { 2210 /* 2211 * Note that we don't send out SLLA for ND probes 2212 * per RFC 4862, even though we do send out the src 2213 * haddr for IPv4 DAD probes, even though both IPv4 2214 * and IPv6 go out with the unspecified/INADDR_ANY 2215 * src IP addr. 2216 */ 2217 opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR; 2218 } 2219 ip6h->ip6_src = *sender; 2220 ns->nd_ns_target = *target; 2221 if (!(flag & NDP_UNICAST)) { 2222 /* Form multicast address of the target */ 2223 ip6h->ip6_dst = ipv6_solicited_node_mcast; 2224 ip6h->ip6_dst.s6_addr32[3] |= 2225 ns->nd_ns_target.s6_addr32[3]; 2226 } 2227 } else { 2228 nd_neighbor_advert_t *na = (nd_neighbor_advert_t *)icmp6; 2229 2230 ASSERT(!(flag & NDP_PROBE)); 2231 if (opt != NULL) 2232 opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; 2233 ip6h->ip6_src = *sender; 2234 na->nd_na_target = *sender; 2235 if (flag & NDP_ISROUTER) 2236 na->nd_na_flags_reserved |= ND_NA_FLAG_ROUTER; 2237 if (flag & NDP_SOLICITED) 2238 na->nd_na_flags_reserved |= ND_NA_FLAG_SOLICITED; 2239 if (flag & NDP_ORIDE) 2240 na->nd_na_flags_reserved |= ND_NA_FLAG_OVERRIDE; 2241 } 2242 2243 if (!(flag & NDP_PROBE)) { 2244 if (hw_addr != NULL && opt != NULL) { 2245 /* Fill in link layer address and option len */ 2246 opt->nd_opt_len = (uint8_t)plen; 2247 bcopy(hw_addr, &opt[1], hw_addr_len); 2248 } 2249 } 2250 if (opt != NULL && opt->nd_opt_type == 0) { 2251 /* If there's no link layer address option, then strip it. */ 2252 len -= plen * 8; 2253 mp->b_wptr = mp->b_rptr + len; 2254 ip6h->ip6_plen = htons(len - IPV6_HDR_LEN); 2255 } 2256 2257 icmp6->icmp6_type = (uint8_t)operation; 2258 icmp6->icmp6_code = 0; 2259 /* 2260 * Prepare for checksum by putting icmp length in the icmp 2261 * checksum field. The checksum is calculated in ip_output.c. 2262 */ 2263 icmp6->icmp6_cksum = ip6h->ip6_plen; 2264 2265 (void) ip_output_simple(mp, &ixas); 2266 ixa_cleanup(&ixas); 2267 if (need_refrele) 2268 ill_refrele(ill); 2269 return (B_FALSE); 2270 } 2271 2272 /* 2273 * Used to set ND_UNREACHBLE before ncec_delete sets it NCE_F_CONDEMNED. 2274 * The datapath uses this as an indication that there 2275 * is a problem (as opposed to a NCE that was just 2276 * reclaimed due to lack of memory. 2277 * Note that static ARP entries never become unreachable. 2278 */ 2279 void 2280 nce_make_unreachable(ncec_t *ncec) 2281 { 2282 mutex_enter(&ncec->ncec_lock); 2283 ncec->ncec_state = ND_UNREACHABLE; 2284 mutex_exit(&ncec->ncec_lock); 2285 } 2286 2287 /* 2288 * NCE retransmit timer. Common to IPv4 and IPv6. 2289 * This timer goes off when: 2290 * a. It is time to retransmit a resolution for resolver. 2291 * b. It is time to send reachability probes. 2292 */ 2293 void 2294 nce_timer(void *arg) 2295 { 2296 ncec_t *ncec = arg; 2297 ill_t *ill = ncec->ncec_ill, *src_ill; 2298 char addrbuf[INET6_ADDRSTRLEN]; 2299 boolean_t dropped = B_FALSE; 2300 ip_stack_t *ipst = ncec->ncec_ipst; 2301 boolean_t isv6 = (ncec->ncec_ipversion == IPV6_VERSION); 2302 in_addr_t sender4 = INADDR_ANY; 2303 in6_addr_t sender6 = ipv6_all_zeros; 2304 2305 /* 2306 * The timer has to be cancelled by ncec_delete before doing the final 2307 * refrele. So the NCE is guaranteed to exist when the timer runs 2308 * until it clears the timeout_id. Before clearing the timeout_id 2309 * bump up the refcnt so that we can continue to use the ncec 2310 */ 2311 ASSERT(ncec != NULL); 2312 mutex_enter(&ncec->ncec_lock); 2313 ncec_refhold_locked(ncec); 2314 ncec->ncec_timeout_id = 0; 2315 mutex_exit(&ncec->ncec_lock); 2316 2317 src_ill = nce_resolve_src(ncec, &sender6); 2318 /* if we could not find a sender address, return */ 2319 if (src_ill == NULL) { 2320 if (!isv6) { 2321 IN6_V4MAPPED_TO_IPADDR(&ncec->ncec_addr, sender4); 2322 ip1dbg(("no src ill for %s\n", inet_ntop(AF_INET, 2323 &sender4, addrbuf, sizeof (addrbuf)))); 2324 } else { 2325 ip1dbg(("no src ill for %s\n", inet_ntop(AF_INET6, 2326 &ncec->ncec_addr, addrbuf, sizeof (addrbuf)))); 2327 } 2328 nce_restart_timer(ncec, ill->ill_reachable_retrans_time); 2329 ncec_refrele(ncec); 2330 return; 2331 } 2332 if (!isv6) 2333 IN6_V4MAPPED_TO_IPADDR(&sender6, sender4); 2334 2335 mutex_enter(&ncec->ncec_lock); 2336 /* 2337 * Check the reachability state. 2338 */ 2339 switch (ncec->ncec_state) { 2340 case ND_DELAY: 2341 ASSERT(ncec->ncec_lladdr != NULL); 2342 ncec->ncec_state = ND_PROBE; 2343 ncec->ncec_pcnt = ND_MAX_UNICAST_SOLICIT; 2344 if (isv6) { 2345 mutex_exit(&ncec->ncec_lock); 2346 dropped = ndp_xmit(src_ill, ND_NEIGHBOR_SOLICIT, 2347 src_ill->ill_phys_addr, 2348 src_ill->ill_phys_addr_length, 2349 &sender6, &ncec->ncec_addr, 2350 NDP_UNICAST); 2351 } else { 2352 dropped = arp_request(ncec, sender4, src_ill); 2353 mutex_exit(&ncec->ncec_lock); 2354 } 2355 if (!dropped) { 2356 mutex_enter(&ncec->ncec_lock); 2357 ncec->ncec_pcnt--; 2358 mutex_exit(&ncec->ncec_lock); 2359 } 2360 if (ip_debug > 3) { 2361 /* ip2dbg */ 2362 pr_addr_dbg("nce_timer: state for %s changed " 2363 "to PROBE\n", AF_INET6, &ncec->ncec_addr); 2364 } 2365 nce_restart_timer(ncec, ill->ill_reachable_retrans_time); 2366 break; 2367 case ND_PROBE: 2368 /* must be retransmit timer */ 2369 ASSERT(ncec->ncec_pcnt >= -1); 2370 if (ncec->ncec_pcnt > 0) { 2371 /* 2372 * As per RFC2461, the ncec gets deleted after 2373 * MAX_UNICAST_SOLICIT unsuccessful re-transmissions. 2374 * Note that the first unicast solicitation is sent 2375 * during the DELAY state. 2376 */ 2377 ip2dbg(("nce_timer: pcount=%x dst %s\n", 2378 ncec->ncec_pcnt, 2379 inet_ntop((isv6? AF_INET6 : AF_INET), 2380 &ncec->ncec_addr, addrbuf, sizeof (addrbuf)))); 2381 if (NCE_PUBLISH(ncec)) { 2382 mutex_exit(&ncec->ncec_lock); 2383 /* 2384 * send out a probe; note that src_ill 2385 * is ignored by nce_dad() for all 2386 * DAD message types other than IPv6 2387 * unicast probes 2388 */ 2389 nce_dad(ncec, src_ill, B_TRUE); 2390 } else { 2391 ASSERT(src_ill != NULL); 2392 if (isv6) { 2393 mutex_exit(&ncec->ncec_lock); 2394 dropped = ndp_xmit(src_ill, 2395 ND_NEIGHBOR_SOLICIT, 2396 src_ill->ill_phys_addr, 2397 src_ill->ill_phys_addr_length, 2398 &sender6, &ncec->ncec_addr, 2399 NDP_UNICAST); 2400 } else { 2401 /* 2402 * since the nce is REACHABLE, 2403 * the ARP request will be sent out 2404 * as a link-layer unicast. 2405 */ 2406 dropped = arp_request(ncec, sender4, 2407 src_ill); 2408 mutex_exit(&ncec->ncec_lock); 2409 } 2410 if (!dropped) { 2411 mutex_enter(&ncec->ncec_lock); 2412 ncec->ncec_pcnt--; 2413 mutex_exit(&ncec->ncec_lock); 2414 } 2415 nce_restart_timer(ncec, 2416 ill->ill_reachable_retrans_time); 2417 } 2418 } else if (ncec->ncec_pcnt < 0) { 2419 /* No hope, delete the ncec */ 2420 /* Tell datapath it went bad */ 2421 ncec->ncec_state = ND_UNREACHABLE; 2422 mutex_exit(&ncec->ncec_lock); 2423 if (ip_debug > 2) { 2424 /* ip1dbg */ 2425 pr_addr_dbg("nce_timer: Delete NCE for" 2426 " dst %s\n", (isv6? AF_INET6: AF_INET), 2427 &ncec->ncec_addr); 2428 } 2429 /* if static ARP can't delete. */ 2430 if ((ncec->ncec_flags & NCE_F_STATIC) == 0) 2431 ncec_delete(ncec); 2432 2433 } else if (!NCE_PUBLISH(ncec)) { 2434 /* 2435 * Probe count is 0 for a dynamic entry (one that we 2436 * ourselves are not publishing). We should never get 2437 * here if NONUD was requested, hence the ASSERT below. 2438 */ 2439 ASSERT((ncec->ncec_flags & NCE_F_NONUD) == 0); 2440 ip2dbg(("nce_timer: pcount=%x dst %s\n", 2441 ncec->ncec_pcnt, inet_ntop(AF_INET6, 2442 &ncec->ncec_addr, addrbuf, sizeof (addrbuf)))); 2443 ncec->ncec_pcnt--; 2444 mutex_exit(&ncec->ncec_lock); 2445 /* Wait one interval before killing */ 2446 nce_restart_timer(ncec, 2447 ill->ill_reachable_retrans_time); 2448 } else if (ill->ill_phyint->phyint_flags & PHYI_RUNNING) { 2449 ipif_t *ipif; 2450 ipaddr_t ncec_addr; 2451 2452 /* 2453 * We're done probing, and we can now declare this 2454 * address to be usable. Let IP know that it's ok to 2455 * use. 2456 */ 2457 ncec->ncec_state = ND_REACHABLE; 2458 ncec->ncec_flags &= ~NCE_F_UNVERIFIED; 2459 mutex_exit(&ncec->ncec_lock); 2460 if (isv6) { 2461 ipif = ipif_lookup_addr_exact_v6( 2462 &ncec->ncec_addr, ill, ipst); 2463 } else { 2464 IN6_V4MAPPED_TO_IPADDR(&ncec->ncec_addr, 2465 ncec_addr); 2466 ipif = ipif_lookup_addr_exact(ncec_addr, ill, 2467 ipst); 2468 } 2469 if (ipif != NULL) { 2470 if (ipif->ipif_was_dup) { 2471 char ibuf[LIFNAMSIZ]; 2472 char sbuf[INET6_ADDRSTRLEN]; 2473 2474 ipif->ipif_was_dup = B_FALSE; 2475 (void) inet_ntop(AF_INET6, 2476 &ipif->ipif_v6lcl_addr, 2477 sbuf, sizeof (sbuf)); 2478 ipif_get_name(ipif, ibuf, 2479 sizeof (ibuf)); 2480 cmn_err(CE_NOTE, "recovered address " 2481 "%s on %s", sbuf, ibuf); 2482 } 2483 if ((ipif->ipif_flags & IPIF_UP) && 2484 !ipif->ipif_addr_ready) 2485 ipif_up_notify(ipif); 2486 ipif->ipif_addr_ready = 1; 2487 ipif_refrele(ipif); 2488 } 2489 if (!isv6 && arp_no_defense) 2490 break; 2491 /* Begin defending our new address */ 2492 if (ncec->ncec_unsolicit_count > 0) { 2493 ncec->ncec_unsolicit_count--; 2494 if (isv6) { 2495 dropped = ndp_announce(ncec); 2496 } else { 2497 dropped = arp_announce(ncec); 2498 } 2499 2500 if (dropped) 2501 ncec->ncec_unsolicit_count++; 2502 else 2503 ncec->ncec_last_time_defended = 2504 ddi_get_lbolt(); 2505 } 2506 if (ncec->ncec_unsolicit_count > 0) { 2507 nce_restart_timer(ncec, 2508 ANNOUNCE_INTERVAL(isv6)); 2509 } else if (DEFENSE_INTERVAL(isv6) != 0) { 2510 nce_restart_timer(ncec, DEFENSE_INTERVAL(isv6)); 2511 } 2512 } else { 2513 /* 2514 * This is an address we're probing to be our own, but 2515 * the ill is down. Wait until it comes back before 2516 * doing anything, but switch to reachable state so 2517 * that the restart will work. 2518 */ 2519 ncec->ncec_state = ND_REACHABLE; 2520 mutex_exit(&ncec->ncec_lock); 2521 } 2522 break; 2523 case ND_INCOMPLETE: { 2524 mblk_t *mp, *nextmp; 2525 mblk_t **prevmpp; 2526 2527 /* 2528 * Per case (2) in the nce_queue_mp() comments, scan ncec_qd_mp 2529 * for any IPMP probe packets, and toss them. IPMP probe 2530 * packets will always be at the head of ncec_qd_mp, so that 2531 * we can stop at the first queued ND packet that is 2532 * not a probe packet. 2533 */ 2534 prevmpp = &ncec->ncec_qd_mp; 2535 for (mp = ncec->ncec_qd_mp; mp != NULL; mp = nextmp) { 2536 nextmp = mp->b_next; 2537 2538 if (IS_UNDER_IPMP(ill) && ncec->ncec_nprobes > 0) { 2539 inet_freemsg(mp); 2540 ncec->ncec_nprobes--; 2541 *prevmpp = nextmp; 2542 } else { 2543 prevmpp = &mp->b_next; 2544 } 2545 } 2546 2547 /* 2548 * Must be resolver's retransmit timer. 2549 */ 2550 mutex_exit(&ncec->ncec_lock); 2551 ip_ndp_resolve(ncec); 2552 break; 2553 } 2554 case ND_REACHABLE: 2555 if (((ncec->ncec_flags & NCE_F_UNSOL_ADV) && 2556 ncec->ncec_unsolicit_count != 0) || 2557 (NCE_PUBLISH(ncec) && DEFENSE_INTERVAL(isv6) != 0)) { 2558 if (ncec->ncec_unsolicit_count > 0) { 2559 ncec->ncec_unsolicit_count--; 2560 mutex_exit(&ncec->ncec_lock); 2561 /* 2562 * When we get to zero announcements left, 2563 * switch to address defense 2564 */ 2565 } else { 2566 boolean_t rate_limit; 2567 2568 mutex_exit(&ncec->ncec_lock); 2569 rate_limit = ill_defend_rate_limit(ill, ncec); 2570 if (rate_limit) { 2571 nce_restart_timer(ncec, 2572 DEFENSE_INTERVAL(isv6)); 2573 break; 2574 } 2575 } 2576 if (isv6) { 2577 dropped = ndp_announce(ncec); 2578 } else { 2579 dropped = arp_announce(ncec); 2580 } 2581 mutex_enter(&ncec->ncec_lock); 2582 if (dropped) { 2583 ncec->ncec_unsolicit_count++; 2584 } else { 2585 ncec->ncec_last_time_defended = 2586 ddi_get_lbolt(); 2587 } 2588 mutex_exit(&ncec->ncec_lock); 2589 if (ncec->ncec_unsolicit_count != 0) { 2590 nce_restart_timer(ncec, 2591 ANNOUNCE_INTERVAL(isv6)); 2592 } else { 2593 nce_restart_timer(ncec, DEFENSE_INTERVAL(isv6)); 2594 } 2595 } else { 2596 mutex_exit(&ncec->ncec_lock); 2597 } 2598 break; 2599 default: 2600 mutex_exit(&ncec->ncec_lock); 2601 break; 2602 } 2603 done: 2604 ncec_refrele(ncec); 2605 ill_refrele(src_ill); 2606 } 2607 2608 /* 2609 * Set a link layer address from the ll_addr passed in. 2610 * Copy SAP from ill. 2611 */ 2612 static void 2613 nce_set_ll(ncec_t *ncec, uchar_t *ll_addr) 2614 { 2615 ill_t *ill = ncec->ncec_ill; 2616 2617 ASSERT(ll_addr != NULL); 2618 if (ill->ill_phys_addr_length > 0) { 2619 /* 2620 * The bcopy() below used to be called for the physical address 2621 * length rather than the link layer address length. For 2622 * ethernet and many other media, the phys_addr and lla are 2623 * identical. 2624 * 2625 * The phys_addr and lla may not be the same for devices that 2626 * support DL_IPV6_LINK_LAYER_ADDR, though there are currently 2627 * no known instances of these. 2628 * 2629 * For PPP or other interfaces with a zero length 2630 * physical address, don't do anything here. 2631 * The bcopy() with a zero phys_addr length was previously 2632 * a no-op for interfaces with a zero-length physical address. 2633 * Using the lla for them would change the way they operate. 2634 * Doing nothing in such cases preserves expected behavior. 2635 */ 2636 bcopy(ll_addr, ncec->ncec_lladdr, ill->ill_nd_lla_len); 2637 } 2638 } 2639 2640 boolean_t 2641 nce_cmp_ll_addr(const ncec_t *ncec, const uchar_t *ll_addr, 2642 uint32_t ll_addr_len) 2643 { 2644 ASSERT(ncec->ncec_lladdr != NULL); 2645 if (ll_addr == NULL) 2646 return (B_FALSE); 2647 if (bcmp(ll_addr, ncec->ncec_lladdr, ll_addr_len) != 0) 2648 return (B_TRUE); 2649 return (B_FALSE); 2650 } 2651 2652 /* 2653 * Updates the link layer address or the reachability state of 2654 * a cache entry. Reset probe counter if needed. 2655 */ 2656 void 2657 nce_update(ncec_t *ncec, uint16_t new_state, uchar_t *new_ll_addr) 2658 { 2659 ill_t *ill = ncec->ncec_ill; 2660 boolean_t need_stop_timer = B_FALSE; 2661 boolean_t need_fastpath_update = B_FALSE; 2662 nce_t *nce = NULL; 2663 timeout_id_t tid; 2664 2665 ASSERT(MUTEX_HELD(&ncec->ncec_lock)); 2666 /* 2667 * If this interface does not do NUD, there is no point 2668 * in allowing an update to the cache entry. Although 2669 * we will respond to NS. 2670 * The only time we accept an update for a resolver when 2671 * NUD is turned off is when it has just been created. 2672 * Non-Resolvers will always be created as REACHABLE. 2673 */ 2674 if (new_state != ND_UNCHANGED) { 2675 if ((ncec->ncec_flags & NCE_F_NONUD) && 2676 (ncec->ncec_state != ND_INCOMPLETE)) 2677 return; 2678 ASSERT((int16_t)new_state >= ND_STATE_VALID_MIN); 2679 ASSERT((int16_t)new_state <= ND_STATE_VALID_MAX); 2680 need_stop_timer = B_TRUE; 2681 if (new_state == ND_REACHABLE) 2682 ncec->ncec_last = TICK_TO_MSEC(ddi_get_lbolt64()); 2683 else { 2684 /* We force NUD in this case */ 2685 ncec->ncec_last = 0; 2686 } 2687 ncec->ncec_state = new_state; 2688 ncec->ncec_pcnt = ND_MAX_UNICAST_SOLICIT; 2689 ASSERT(ncec->ncec_lladdr != NULL || new_state == ND_INITIAL || 2690 new_state == ND_INCOMPLETE); 2691 } 2692 if (need_stop_timer || (ncec->ncec_flags & NCE_F_STATIC)) { 2693 tid = ncec->ncec_timeout_id; 2694 ncec->ncec_timeout_id = 0; 2695 } 2696 /* 2697 * Re-trigger fastpath probe and 2698 * overwrite the DL_UNITDATA_REQ data, noting we'll lose 2699 * whatever packets that happens to be transmitting at the time. 2700 */ 2701 if (new_ll_addr != NULL) { 2702 bcopy(new_ll_addr, ncec->ncec_lladdr, 2703 ill->ill_phys_addr_length); 2704 need_fastpath_update = B_TRUE; 2705 } 2706 mutex_exit(&ncec->ncec_lock); 2707 if (need_stop_timer || (ncec->ncec_flags & NCE_F_STATIC)) { 2708 if (tid != 0) 2709 (void) untimeout(tid); 2710 } 2711 if (need_fastpath_update) { 2712 /* 2713 * Delete any existing existing dlur_mp and fp_mp information. 2714 * For IPMP interfaces, all underlying ill's must be checked 2715 * and purged. 2716 */ 2717 nce_fastpath_list_delete(ncec->ncec_ill, ncec, NULL); 2718 /* 2719 * add the new dlur_mp and fp_mp 2720 */ 2721 nce = nce_fastpath(ncec, B_TRUE, NULL); 2722 if (nce != NULL) 2723 nce_refrele(nce); 2724 } 2725 mutex_enter(&ncec->ncec_lock); 2726 } 2727 2728 static void 2729 nce_queue_mp_common(ncec_t *ncec, mblk_t *mp, boolean_t head_insert) 2730 { 2731 uint_t count = 0; 2732 mblk_t **mpp, *tmp; 2733 2734 ASSERT(MUTEX_HELD(&ncec->ncec_lock)); 2735 2736 for (mpp = &ncec->ncec_qd_mp; *mpp != NULL; mpp = &(*mpp)->b_next) { 2737 if (++count > ncec->ncec_ill->ill_max_buf) { 2738 tmp = ncec->ncec_qd_mp->b_next; 2739 ncec->ncec_qd_mp->b_next = NULL; 2740 /* 2741 * if we never create data addrs on the under_ill 2742 * does this matter? 2743 */ 2744 BUMP_MIB(ncec->ncec_ill->ill_ip_mib, 2745 ipIfStatsOutDiscards); 2746 ip_drop_output("ipIfStatsOutDiscards", ncec->ncec_qd_mp, 2747 ncec->ncec_ill); 2748 freemsg(ncec->ncec_qd_mp); 2749 ncec->ncec_qd_mp = tmp; 2750 } 2751 } 2752 2753 if (head_insert) { 2754 ncec->ncec_nprobes++; 2755 mp->b_next = ncec->ncec_qd_mp; 2756 ncec->ncec_qd_mp = mp; 2757 } else { 2758 *mpp = mp; 2759 } 2760 } 2761 2762 /* 2763 * nce_queue_mp will queue the packet into the ncec_qd_mp. The packet will be 2764 * queued at the head or tail of the queue based on the input argument 2765 * 'head_insert'. The caller should specify this argument as B_TRUE if this 2766 * packet is an IPMP probe packet, in which case the following happens: 2767 * 2768 * 1. Insert it at the head of the ncec_qd_mp list. Consider the normal 2769 * (non-ipmp_probe) load-speading case where the source address of the ND 2770 * packet is not tied to ncec_ill. If the ill bound to the source address 2771 * cannot receive, the response to the ND packet will not be received. 2772 * However, if ND packets for ncec_ill's probes are queued behind that ND 2773 * packet, those probes will also fail to be sent, and thus in.mpathd will 2774 * erroneously conclude that ncec_ill has also failed. 2775 * 2776 * 2. Drop the ipmp_probe packet in ndp_timer() if the ND did not succeed on 2777 * the first attempt. This ensures that ND problems do not manifest as 2778 * probe RTT spikes. 2779 * 2780 * We achieve this by inserting ipmp_probe() packets at the head of the 2781 * nce_queue. 2782 * 2783 * The ncec for the probe target is created with ncec_ill set to the ipmp_ill, 2784 * but the caller needs to set head_insert to B_TRUE if this is a probe packet. 2785 */ 2786 void 2787 nce_queue_mp(ncec_t *ncec, mblk_t *mp, boolean_t head_insert) 2788 { 2789 ASSERT(MUTEX_HELD(&ncec->ncec_lock)); 2790 nce_queue_mp_common(ncec, mp, head_insert); 2791 } 2792 2793 /* 2794 * Called when address resolution failed due to a timeout. 2795 * Send an ICMP unreachable in response to all queued packets. 2796 */ 2797 void 2798 ndp_resolv_failed(ncec_t *ncec) 2799 { 2800 mblk_t *mp, *nxt_mp; 2801 char buf[INET6_ADDRSTRLEN]; 2802 ill_t *ill = ncec->ncec_ill; 2803 ip_recv_attr_t iras; 2804 2805 bzero(&iras, sizeof (iras)); 2806 iras.ira_flags = 0; 2807 /* 2808 * we are setting the ira_rill to the ipmp_ill (instead of 2809 * the actual ill on which the packet was received), but this 2810 * is ok because we don't actually need the real ira_rill. 2811 * to send the icmp unreachable to the sender. 2812 */ 2813 iras.ira_ill = iras.ira_rill = ill; 2814 iras.ira_ruifindex = ill->ill_phyint->phyint_ifindex; 2815 iras.ira_rifindex = iras.ira_ruifindex; 2816 2817 ip1dbg(("ndp_resolv_failed: dst %s\n", 2818 inet_ntop(AF_INET6, (char *)&ncec->ncec_addr, buf, sizeof (buf)))); 2819 mutex_enter(&ncec->ncec_lock); 2820 mp = ncec->ncec_qd_mp; 2821 ncec->ncec_qd_mp = NULL; 2822 ncec->ncec_nprobes = 0; 2823 mutex_exit(&ncec->ncec_lock); 2824 while (mp != NULL) { 2825 nxt_mp = mp->b_next; 2826 mp->b_next = NULL; 2827 2828 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 2829 ip_drop_output("ipIfStatsOutDiscards - address unreachable", 2830 mp, ill); 2831 icmp_unreachable_v6(mp, 2832 ICMP6_DST_UNREACH_ADDR, B_FALSE, &iras); 2833 ASSERT(!(iras.ira_flags & IRAF_IPSEC_SECURE)); 2834 mp = nxt_mp; 2835 } 2836 ncec_cb_dispatch(ncec); /* finish off waiting callbacks */ 2837 } 2838 2839 /* 2840 * Handle the completion of NDP and ARP resolution. 2841 */ 2842 void 2843 nce_resolv_ok(ncec_t *ncec) 2844 { 2845 mblk_t *mp; 2846 uint_t pkt_len; 2847 iaflags_t ixaflags = IXAF_NO_TRACE; 2848 nce_t *nce; 2849 ill_t *ill = ncec->ncec_ill; 2850 boolean_t isv6 = (ncec->ncec_ipversion == IPV6_VERSION); 2851 ip_stack_t *ipst = ill->ill_ipst; 2852 2853 if (IS_IPMP(ncec->ncec_ill)) { 2854 nce_resolv_ipmp_ok(ncec); 2855 return; 2856 } 2857 /* non IPMP case */ 2858 2859 mutex_enter(&ncec->ncec_lock); 2860 ASSERT(ncec->ncec_nprobes == 0); 2861 mp = ncec->ncec_qd_mp; 2862 ncec->ncec_qd_mp = NULL; 2863 mutex_exit(&ncec->ncec_lock); 2864 2865 while (mp != NULL) { 2866 mblk_t *nxt_mp; 2867 2868 if (ill->ill_isv6) { 2869 ip6_t *ip6h = (ip6_t *)mp->b_rptr; 2870 2871 pkt_len = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 2872 } else { 2873 ipha_t *ipha = (ipha_t *)mp->b_rptr; 2874 2875 ixaflags |= IXAF_IS_IPV4; 2876 pkt_len = ntohs(ipha->ipha_length); 2877 } 2878 nxt_mp = mp->b_next; 2879 mp->b_next = NULL; 2880 /* 2881 * IXAF_NO_DEV_FLOW_CTL information for TCP packets is no 2882 * longer available, but it's ok to drop this flag because TCP 2883 * has its own flow-control in effect, so TCP packets 2884 * are not likely to get here when flow-control is in effect. 2885 */ 2886 mutex_enter(&ill->ill_lock); 2887 nce = nce_lookup(ill, &ncec->ncec_addr); 2888 mutex_exit(&ill->ill_lock); 2889 2890 if (nce == NULL) { 2891 if (isv6) { 2892 BUMP_MIB(&ipst->ips_ip6_mib, 2893 ipIfStatsOutDiscards); 2894 } else { 2895 BUMP_MIB(&ipst->ips_ip_mib, 2896 ipIfStatsOutDiscards); 2897 } 2898 ip_drop_output("ipIfStatsOutDiscards - no nce", 2899 mp, NULL); 2900 freemsg(mp); 2901 } else { 2902 /* 2903 * We don't know the zoneid, but 2904 * ip_xmit does not care since IXAF_NO_TRACE 2905 * is set. (We traced the packet the first 2906 * time through ip_xmit.) 2907 */ 2908 (void) ip_xmit(mp, nce, ixaflags, pkt_len, 0, 2909 ALL_ZONES, 0, NULL); 2910 nce_refrele(nce); 2911 } 2912 mp = nxt_mp; 2913 } 2914 2915 ncec_cb_dispatch(ncec); /* complete callbacks */ 2916 } 2917 2918 /* 2919 * Called by SIOCSNDP* ioctl to add/change an ncec entry 2920 * and the corresponding attributes. 2921 * Disallow states other than ND_REACHABLE or ND_STALE. 2922 */ 2923 int 2924 ndp_sioc_update(ill_t *ill, lif_nd_req_t *lnr) 2925 { 2926 sin6_t *sin6; 2927 in6_addr_t *addr; 2928 ncec_t *ncec; 2929 nce_t *nce; 2930 int err = 0; 2931 uint16_t new_flags = 0; 2932 uint16_t old_flags = 0; 2933 int inflags = lnr->lnr_flags; 2934 ip_stack_t *ipst = ill->ill_ipst; 2935 boolean_t do_postprocess = B_FALSE; 2936 2937 ASSERT(ill->ill_isv6); 2938 if ((lnr->lnr_state_create != ND_REACHABLE) && 2939 (lnr->lnr_state_create != ND_STALE)) 2940 return (EINVAL); 2941 2942 sin6 = (sin6_t *)&lnr->lnr_addr; 2943 addr = &sin6->sin6_addr; 2944 2945 mutex_enter(&ipst->ips_ndp6->ndp_g_lock); 2946 ASSERT(!IS_UNDER_IPMP(ill)); 2947 nce = nce_lookup_addr(ill, addr); 2948 if (nce != NULL) 2949 new_flags = nce->nce_common->ncec_flags; 2950 2951 switch (inflags & (NDF_ISROUTER_ON|NDF_ISROUTER_OFF)) { 2952 case NDF_ISROUTER_ON: 2953 new_flags |= NCE_F_ISROUTER; 2954 break; 2955 case NDF_ISROUTER_OFF: 2956 new_flags &= ~NCE_F_ISROUTER; 2957 break; 2958 case (NDF_ISROUTER_OFF|NDF_ISROUTER_ON): 2959 mutex_exit(&ipst->ips_ndp6->ndp_g_lock); 2960 if (nce != NULL) 2961 nce_refrele(nce); 2962 return (EINVAL); 2963 } 2964 2965 switch (inflags & (NDF_ANYCAST_ON|NDF_ANYCAST_OFF)) { 2966 case NDF_ANYCAST_ON: 2967 new_flags |= NCE_F_ANYCAST; 2968 break; 2969 case NDF_ANYCAST_OFF: 2970 new_flags &= ~NCE_F_ANYCAST; 2971 break; 2972 case (NDF_ANYCAST_OFF|NDF_ANYCAST_ON): 2973 mutex_exit(&ipst->ips_ndp6->ndp_g_lock); 2974 if (nce != NULL) 2975 nce_refrele(nce); 2976 return (EINVAL); 2977 } 2978 2979 if (nce == NULL) { 2980 err = nce_add_v6(ill, 2981 (uchar_t *)lnr->lnr_hdw_addr, 2982 ill->ill_phys_addr_length, 2983 addr, 2984 new_flags, 2985 lnr->lnr_state_create, 2986 &nce); 2987 if (err != 0) { 2988 mutex_exit(&ipst->ips_ndp6->ndp_g_lock); 2989 ip1dbg(("ndp_sioc_update: Can't create NCE %d\n", err)); 2990 return (err); 2991 } else { 2992 do_postprocess = B_TRUE; 2993 } 2994 } 2995 ncec = nce->nce_common; 2996 old_flags = ncec->ncec_flags; 2997 if (old_flags & NCE_F_ISROUTER && !(new_flags & NCE_F_ISROUTER)) { 2998 ncec_router_to_host(ncec); 2999 mutex_exit(&ipst->ips_ndp6->ndp_g_lock); 3000 if (do_postprocess) 3001 err = nce_add_v6_postprocess(nce); 3002 nce_refrele(nce); 3003 return (0); 3004 } 3005 mutex_exit(&ipst->ips_ndp6->ndp_g_lock); 3006 3007 if (do_postprocess) 3008 err = nce_add_v6_postprocess(nce); 3009 /* 3010 * err cannot be anything other than 0 because we don't support 3011 * proxy arp of static addresses. 3012 */ 3013 ASSERT(err == 0); 3014 3015 mutex_enter(&ncec->ncec_lock); 3016 ncec->ncec_flags = new_flags; 3017 mutex_exit(&ncec->ncec_lock); 3018 /* 3019 * Note that we ignore the state at this point, which 3020 * should be either STALE or REACHABLE. Instead we let 3021 * the link layer address passed in to determine the state 3022 * much like incoming packets. 3023 */ 3024 nce_process(ncec, (uchar_t *)lnr->lnr_hdw_addr, 0, B_FALSE); 3025 nce_refrele(nce); 3026 return (0); 3027 } 3028 3029 /* 3030 * Create an nce_t structure for ill using the ncec->ncec_lladdr to set up 3031 * the nce_dlur_mp. If ill != ncec->ncec_ill, then the ips_ill_g_lock must 3032 * be held to ensure that they are in the same group. 3033 */ 3034 static nce_t * 3035 nce_fastpath_create(ill_t *ill, ncec_t *ncec) 3036 { 3037 3038 nce_t *nce; 3039 3040 nce = nce_ill_lookup_then_add(ill, ncec); 3041 3042 if (nce == NULL || IS_LOOPBACK(nce->nce_ill) || IS_VNI(nce->nce_ill)) 3043 return (nce); 3044 3045 /* 3046 * hold the ncec_lock to synchronize with nce_update() so that, 3047 * at the end of this function, the contents of nce_dlur_mp are 3048 * consistent with ncec->ncec_lladdr, even though some intermediate 3049 * packet may have been sent out with a mangled address, which would 3050 * only be a transient condition. 3051 */ 3052 mutex_enter(&ncec->ncec_lock); 3053 if (ncec->ncec_lladdr != NULL) { 3054 bcopy(ncec->ncec_lladdr, nce->nce_dlur_mp->b_rptr + 3055 NCE_LL_ADDR_OFFSET(ill), ill->ill_phys_addr_length); 3056 } else { 3057 nce->nce_dlur_mp = ill_dlur_gen(NULL, 0, ill->ill_sap, 3058 ill->ill_sap_length); 3059 } 3060 mutex_exit(&ncec->ncec_lock); 3061 return (nce); 3062 } 3063 3064 /* 3065 * we make nce_fp_mp to have an M_DATA prepend. 3066 * The caller ensures there is hold on ncec for this function. 3067 * Note that since ill_fastpath_probe() copies the mblk there is 3068 * no need to hold the nce or ncec beyond this function. 3069 * 3070 * If the caller has passed in a non-null ncec_nce to nce_faspath() that 3071 * ncec_nce must correspond to the nce for ncec with nce_ill == ncec->ncec_ill 3072 * and will be returned back by this function, so that no extra nce_refrele 3073 * is required for the caller. The calls from nce_add_common() use this 3074 * method. All other callers (that pass in NULL ncec_nce) will have to do a 3075 * nce_refrele of the returned nce (when it is non-null). 3076 */ 3077 nce_t * 3078 nce_fastpath(ncec_t *ncec, boolean_t trigger_fp_req, nce_t *ncec_nce) 3079 { 3080 nce_t *nce; 3081 ill_t *ill = ncec->ncec_ill; 3082 3083 ASSERT(ill != NULL); 3084 3085 if (IS_IPMP(ill) && trigger_fp_req) { 3086 trigger_fp_req = B_FALSE; 3087 ipmp_ncec_fastpath(ncec, ill); 3088 3089 } 3090 /* 3091 * If the caller already has the nce corresponding to the ill, use 3092 * that one. Otherwise we have to lookup/add the nce. Calls from 3093 * nce_add_common() fall in the former category, and have just done 3094 * the nce lookup/add that can be reused. 3095 */ 3096 if (ncec_nce == NULL) 3097 nce = nce_fastpath_create(ill, ncec); 3098 else 3099 nce = ncec_nce; 3100 3101 if (nce == NULL || IS_LOOPBACK(nce->nce_ill) || IS_VNI(nce->nce_ill)) 3102 return (nce); 3103 3104 if (trigger_fp_req) 3105 nce_fastpath_trigger(nce); 3106 return (nce); 3107 } 3108 3109 /* 3110 * Trigger fastpath on nce. No locks may be held. 3111 */ 3112 static void 3113 nce_fastpath_trigger(nce_t *nce) 3114 { 3115 int res; 3116 ill_t *ill = nce->nce_ill; 3117 ncec_t *ncec = nce->nce_common; 3118 3119 res = ill_fastpath_probe(ill, nce->nce_dlur_mp); 3120 /* 3121 * EAGAIN is an indication of a transient error 3122 * i.e. allocation failure etc. leave the ncec in the list it 3123 * will be updated when another probe happens for another ire 3124 * if not it will be taken out of the list when the ire is 3125 * deleted. 3126 */ 3127 if (res != 0 && res != EAGAIN && res != ENOTSUP) 3128 nce_fastpath_list_delete(ill, ncec, NULL); 3129 } 3130 3131 /* 3132 * Add ncec to the nce fastpath list on ill. 3133 */ 3134 static nce_t * 3135 nce_ill_lookup_then_add_locked(ill_t *ill, ncec_t *ncec) 3136 { 3137 nce_t *nce = NULL; 3138 3139 ASSERT(MUTEX_HELD(&ill->ill_lock)); 3140 /* 3141 * Atomically ensure that the ill is not CONDEMNED and is not going 3142 * down, before adding the NCE. 3143 */ 3144 if (ill->ill_state_flags & ILL_CONDEMNED) 3145 return (NULL); 3146 mutex_enter(&ncec->ncec_lock); 3147 /* 3148 * if ncec has not been deleted and 3149 * is not already in the list add it. 3150 */ 3151 if (!NCE_ISCONDEMNED(ncec)) { 3152 nce = nce_lookup(ill, &ncec->ncec_addr); 3153 if (nce != NULL) 3154 goto done; 3155 nce = nce_add(ill, ncec); 3156 } 3157 done: 3158 mutex_exit(&ncec->ncec_lock); 3159 return (nce); 3160 } 3161 3162 nce_t * 3163 nce_ill_lookup_then_add(ill_t *ill, ncec_t *ncec) 3164 { 3165 nce_t *nce; 3166 3167 mutex_enter(&ill->ill_lock); 3168 nce = nce_ill_lookup_then_add_locked(ill, ncec); 3169 mutex_exit(&ill->ill_lock); 3170 return (nce); 3171 } 3172 3173 3174 /* 3175 * remove ncec from the ill_nce list. If 'dead' is non-null, the deleted 3176 * nce is added to the 'dead' list, and the caller must nce_refrele() the 3177 * entry after all locks have been dropped. 3178 */ 3179 void 3180 nce_fastpath_list_delete(ill_t *ill, ncec_t *ncec, list_t *dead) 3181 { 3182 nce_t *nce; 3183 3184 ASSERT(ill != NULL); 3185 3186 /* first clean out any nce pointers in the under_ills */ 3187 if (IS_IPMP(ill)) 3188 ipmp_ncec_flush_nce(ncec); 3189 3190 /* now the ill itself */ 3191 mutex_enter(&ill->ill_lock); 3192 for (nce = list_head(&ill->ill_nce); nce != NULL; 3193 nce = list_next(&ill->ill_nce, nce)) { 3194 if (nce->nce_common == ncec) { 3195 nce_refhold(nce); 3196 nce_delete(nce); 3197 break; 3198 } 3199 } 3200 mutex_exit(&ill->ill_lock); 3201 if (nce != NULL) { 3202 if (dead == NULL) 3203 nce_refrele(nce); 3204 else 3205 list_insert_tail(dead, nce); 3206 } 3207 } 3208 3209 /* 3210 * when the fastpath response does not fit in the datab 3211 * associated with the existing nce_fp_mp, we delete and 3212 * add the nce to retrigger fastpath based on the information 3213 * in the ncec_t. 3214 */ 3215 static nce_t * 3216 nce_delete_then_add(nce_t *nce) 3217 { 3218 ill_t *ill = nce->nce_ill; 3219 nce_t *newnce = NULL; 3220 3221 ip0dbg(("nce_delete_then_add nce %p ill %s\n", 3222 (void *)nce, ill->ill_name)); 3223 mutex_enter(&ill->ill_lock); 3224 mutex_enter(&nce->nce_common->ncec_lock); 3225 nce_delete(nce); 3226 /* 3227 * Make sure that ncec is not condemned before adding. We hold the 3228 * ill_lock and ncec_lock to synchronize with ncec_delete() and 3229 * ipmp_ncec_flush_nce() 3230 */ 3231 if (!NCE_ISCONDEMNED(nce->nce_common)) 3232 newnce = nce_add(ill, nce->nce_common); 3233 mutex_exit(&nce->nce_common->ncec_lock); 3234 mutex_exit(&ill->ill_lock); 3235 nce_refrele(nce); 3236 return (newnce); /* could be null if nomem */ 3237 } 3238 3239 typedef struct nce_fp_match_s { 3240 nce_t *nce_fp_match_res; 3241 mblk_t *nce_fp_match_ack_mp; 3242 } nce_fp_match_t; 3243 3244 /* ARGSUSED */ 3245 static int 3246 nce_fastpath_match_dlur(ill_t *ill, nce_t *nce, void *arg) 3247 { 3248 nce_fp_match_t *nce_fp_marg = arg; 3249 ncec_t *ncec = nce->nce_common; 3250 mblk_t *mp = nce_fp_marg->nce_fp_match_ack_mp; 3251 uchar_t *mp_rptr, *ud_mp_rptr; 3252 mblk_t *ud_mp = nce->nce_dlur_mp; 3253 ptrdiff_t cmplen; 3254 3255 /* 3256 * mp is the mp associated with the fastpath ack. 3257 * ud_mp is the outstanding DL_UNITDATA_REQ on the nce_t 3258 * under consideration. If the contents match, then the 3259 * fastpath ack is used to update the nce. 3260 */ 3261 if (ud_mp == NULL) 3262 return (0); 3263 mp_rptr = mp->b_rptr; 3264 cmplen = mp->b_wptr - mp_rptr; 3265 ASSERT(cmplen >= 0); 3266 3267 ud_mp_rptr = ud_mp->b_rptr; 3268 /* 3269 * The ncec is locked here to prevent any other threads from accessing 3270 * and changing nce_dlur_mp when the address becomes resolved to an 3271 * lla while we're in the middle of looking at and comparing the 3272 * hardware address (lla). It is also locked to prevent multiple 3273 * threads in nce_fastpath() from examining nce_dlur_mp at the same 3274 * time. 3275 */ 3276 mutex_enter(&ncec->ncec_lock); 3277 if (ud_mp->b_wptr - ud_mp_rptr != cmplen || 3278 bcmp((char *)mp_rptr, (char *)ud_mp_rptr, cmplen) == 0) { 3279 nce_fp_marg->nce_fp_match_res = nce; 3280 mutex_exit(&ncec->ncec_lock); 3281 nce_refhold(nce); 3282 return (1); 3283 } 3284 mutex_exit(&ncec->ncec_lock); 3285 return (0); 3286 } 3287 3288 /* 3289 * Update all NCE's that are not in fastpath mode and 3290 * have an nce_fp_mp that matches mp. mp->b_cont contains 3291 * the fastpath header. 3292 * 3293 * Returns TRUE if entry should be dequeued, or FALSE otherwise. 3294 */ 3295 void 3296 nce_fastpath_update(ill_t *ill, mblk_t *mp) 3297 { 3298 nce_fp_match_t nce_fp_marg; 3299 nce_t *nce; 3300 mblk_t *nce_fp_mp, *fp_mp; 3301 3302 nce_fp_marg.nce_fp_match_res = NULL; 3303 nce_fp_marg.nce_fp_match_ack_mp = mp; 3304 3305 nce_walk(ill, nce_fastpath_match_dlur, &nce_fp_marg); 3306 3307 if ((nce = nce_fp_marg.nce_fp_match_res) == NULL) 3308 return; 3309 3310 mutex_enter(&nce->nce_lock); 3311 nce_fp_mp = nce->nce_fp_mp; 3312 3313 if (nce_fp_mp != NULL) { 3314 fp_mp = mp->b_cont; 3315 if (nce_fp_mp->b_rptr + MBLKL(fp_mp) > 3316 nce_fp_mp->b_datap->db_lim) { 3317 mutex_exit(&nce->nce_lock); 3318 nce = nce_delete_then_add(nce); 3319 if (nce == NULL) { 3320 return; 3321 } 3322 mutex_enter(&nce->nce_lock); 3323 nce_fp_mp = nce->nce_fp_mp; 3324 } 3325 } 3326 3327 /* Matched - install mp as the fastpath mp */ 3328 if (nce_fp_mp == NULL) { 3329 fp_mp = dupb(mp->b_cont); 3330 nce->nce_fp_mp = fp_mp; 3331 } else { 3332 fp_mp = mp->b_cont; 3333 bcopy(fp_mp->b_rptr, nce_fp_mp->b_rptr, MBLKL(fp_mp)); 3334 nce->nce_fp_mp->b_wptr = nce->nce_fp_mp->b_rptr 3335 + MBLKL(fp_mp); 3336 } 3337 mutex_exit(&nce->nce_lock); 3338 nce_refrele(nce); 3339 } 3340 3341 /* 3342 * Return a pointer to a given option in the packet. 3343 * Assumes that option part of the packet have already been validated. 3344 */ 3345 nd_opt_hdr_t * 3346 ndp_get_option(nd_opt_hdr_t *opt, int optlen, int opt_type) 3347 { 3348 while (optlen > 0) { 3349 if (opt->nd_opt_type == opt_type) 3350 return (opt); 3351 optlen -= 8 * opt->nd_opt_len; 3352 opt = (struct nd_opt_hdr *)((char *)opt + 8 * opt->nd_opt_len); 3353 } 3354 return (NULL); 3355 } 3356 3357 /* 3358 * Verify all option lengths present are > 0, also check to see 3359 * if the option lengths and packet length are consistent. 3360 */ 3361 boolean_t 3362 ndp_verify_optlen(nd_opt_hdr_t *opt, int optlen) 3363 { 3364 ASSERT(opt != NULL); 3365 while (optlen > 0) { 3366 if (opt->nd_opt_len == 0) 3367 return (B_FALSE); 3368 optlen -= 8 * opt->nd_opt_len; 3369 if (optlen < 0) 3370 return (B_FALSE); 3371 opt = (struct nd_opt_hdr *)((char *)opt + 8 * opt->nd_opt_len); 3372 } 3373 return (B_TRUE); 3374 } 3375 3376 /* 3377 * ncec_walk function. 3378 * Free a fraction of the NCE cache entries. 3379 * 3380 * A possible optimization here would be to use ncec_last where possible, and 3381 * delete the least-frequently used entry, which would require more complex 3382 * computation as we walk through the ncec's (e.g., track ncec entries by 3383 * order of ncec_last and/or maintain state) 3384 */ 3385 static void 3386 ncec_cache_reclaim(ncec_t *ncec, char *arg) 3387 { 3388 ip_stack_t *ipst = ncec->ncec_ipst; 3389 uint_t fraction = *(uint_t *)arg; 3390 uint_t rand; 3391 3392 if ((ncec->ncec_flags & 3393 (NCE_F_MYADDR | NCE_F_STATIC | NCE_F_BCAST)) != 0) { 3394 return; 3395 } 3396 3397 rand = (uint_t)ddi_get_lbolt() + 3398 NCE_ADDR_HASH_V6(ncec->ncec_addr, NCE_TABLE_SIZE); 3399 if ((rand/fraction)*fraction == rand) { 3400 IP_STAT(ipst, ip_nce_reclaim_deleted); 3401 ncec_delete(ncec); 3402 } 3403 } 3404 3405 /* 3406 * kmem_cache callback to free up memory. 3407 * 3408 * For now we just delete a fixed fraction. 3409 */ 3410 static void 3411 ip_nce_reclaim_stack(ip_stack_t *ipst) 3412 { 3413 uint_t fraction = ipst->ips_ip_nce_reclaim_fraction; 3414 3415 IP_STAT(ipst, ip_nce_reclaim_calls); 3416 3417 ncec_walk(NULL, (pfi_t)ncec_cache_reclaim, (uchar_t *)&fraction, ipst); 3418 3419 /* 3420 * Walk all CONNs that can have a reference on an ire, ncec or dce. 3421 * Get them to update any stale references to drop any refholds they 3422 * have. 3423 */ 3424 ipcl_walk(conn_ixa_cleanup, (void *)B_FALSE, ipst); 3425 } 3426 3427 /* 3428 * Called by the memory allocator subsystem directly, when the system 3429 * is running low on memory. 3430 */ 3431 /* ARGSUSED */ 3432 void 3433 ip_nce_reclaim(void *args) 3434 { 3435 netstack_handle_t nh; 3436 netstack_t *ns; 3437 3438 netstack_next_init(&nh); 3439 while ((ns = netstack_next(&nh)) != NULL) { 3440 ip_nce_reclaim_stack(ns->netstack_ip); 3441 netstack_rele(ns); 3442 } 3443 netstack_next_fini(&nh); 3444 } 3445 3446 #ifdef DEBUG 3447 void 3448 ncec_trace_ref(ncec_t *ncec) 3449 { 3450 ASSERT(MUTEX_HELD(&ncec->ncec_lock)); 3451 3452 if (ncec->ncec_trace_disable) 3453 return; 3454 3455 if (!th_trace_ref(ncec, ncec->ncec_ipst)) { 3456 ncec->ncec_trace_disable = B_TRUE; 3457 ncec_trace_cleanup(ncec); 3458 } 3459 } 3460 3461 void 3462 ncec_untrace_ref(ncec_t *ncec) 3463 { 3464 ASSERT(MUTEX_HELD(&ncec->ncec_lock)); 3465 3466 if (!ncec->ncec_trace_disable) 3467 th_trace_unref(ncec); 3468 } 3469 3470 static void 3471 ncec_trace_cleanup(const ncec_t *ncec) 3472 { 3473 th_trace_cleanup(ncec, ncec->ncec_trace_disable); 3474 } 3475 #endif 3476 3477 /* 3478 * Called when address resolution fails due to a timeout. 3479 * Send an ICMP unreachable in response to all queued packets. 3480 */ 3481 void 3482 arp_resolv_failed(ncec_t *ncec) 3483 { 3484 mblk_t *mp, *nxt_mp; 3485 char buf[INET6_ADDRSTRLEN]; 3486 struct in_addr ipv4addr; 3487 ill_t *ill = ncec->ncec_ill; 3488 ip_stack_t *ipst = ncec->ncec_ipst; 3489 ip_recv_attr_t iras; 3490 3491 bzero(&iras, sizeof (iras)); 3492 iras.ira_flags = IRAF_IS_IPV4; 3493 /* 3494 * we are setting the ira_rill to the ipmp_ill (instead of 3495 * the actual ill on which the packet was received), but this 3496 * is ok because we don't actually need the real ira_rill. 3497 * to send the icmp unreachable to the sender. 3498 */ 3499 iras.ira_ill = iras.ira_rill = ill; 3500 iras.ira_ruifindex = ill->ill_phyint->phyint_ifindex; 3501 iras.ira_rifindex = iras.ira_ruifindex; 3502 3503 IN6_V4MAPPED_TO_INADDR(&ncec->ncec_addr, &ipv4addr); 3504 ip3dbg(("arp_resolv_failed: dst %s\n", 3505 inet_ntop(AF_INET, &ipv4addr, buf, sizeof (buf)))); 3506 mutex_enter(&ncec->ncec_lock); 3507 mp = ncec->ncec_qd_mp; 3508 ncec->ncec_qd_mp = NULL; 3509 ncec->ncec_nprobes = 0; 3510 mutex_exit(&ncec->ncec_lock); 3511 while (mp != NULL) { 3512 nxt_mp = mp->b_next; 3513 mp->b_next = NULL; 3514 3515 BUMP_MIB(ill->ill_ip_mib, ipIfStatsOutDiscards); 3516 ip_drop_output("ipIfStatsOutDiscards - address unreachable", 3517 mp, ill); 3518 if (ipst->ips_ip_arp_icmp_error) { 3519 ip3dbg(("arp_resolv_failed: " 3520 "Calling icmp_unreachable\n")); 3521 icmp_unreachable(mp, ICMP_HOST_UNREACHABLE, &iras); 3522 } else { 3523 freemsg(mp); 3524 } 3525 ASSERT(!(iras.ira_flags & IRAF_IPSEC_SECURE)); 3526 mp = nxt_mp; 3527 } 3528 ncec_cb_dispatch(ncec); /* finish off waiting callbacks */ 3529 } 3530 3531 /* 3532 * if ill is an under_ill, translate it to the ipmp_ill and add the 3533 * nce on the ipmp_ill. Two nce_t entries (one on the ipmp_ill, and 3534 * one on the underlying in_ill) will be created for the 3535 * ncec_t in this case. The ncec_t itself will be created on the ipmp_ill. 3536 */ 3537 int 3538 nce_lookup_then_add_v4(ill_t *ill, uchar_t *hw_addr, uint_t hw_addr_len, 3539 const in_addr_t *addr, uint16_t flags, uint16_t state, nce_t **newnce) 3540 { 3541 int err; 3542 in6_addr_t addr6; 3543 ip_stack_t *ipst = ill->ill_ipst; 3544 nce_t *nce, *upper_nce = NULL; 3545 ill_t *in_ill = ill, *under = NULL; 3546 boolean_t need_ill_refrele = B_FALSE; 3547 3548 if (flags & NCE_F_MCAST) { 3549 /* 3550 * hw_addr will be figured out in nce_set_multicast_v4; 3551 * caller needs to pass in the cast_ill for ipmp 3552 */ 3553 ASSERT(hw_addr == NULL); 3554 ASSERT(!IS_IPMP(ill)); 3555 err = nce_set_multicast_v4(ill, addr, flags, newnce); 3556 return (err); 3557 } 3558 3559 if (IS_UNDER_IPMP(ill) && !(flags & NCE_F_MYADDR)) { 3560 ill = ipmp_ill_hold_ipmp_ill(ill); 3561 if (ill == NULL) 3562 return (ENXIO); 3563 need_ill_refrele = B_TRUE; 3564 } 3565 if ((flags & NCE_F_BCAST) != 0) { 3566 /* 3567 * IPv4 broadcast ncec: compute the hwaddr. 3568 */ 3569 if (IS_IPMP(ill)) { 3570 under = ipmp_ill_get_xmit_ill(ill, B_FALSE); 3571 if (under == NULL) { 3572 if (need_ill_refrele) 3573 ill_refrele(ill); 3574 return (ENETDOWN); 3575 } 3576 hw_addr = under->ill_bcast_mp->b_rptr + 3577 NCE_LL_ADDR_OFFSET(under); 3578 hw_addr_len = under->ill_phys_addr_length; 3579 } else { 3580 hw_addr = ill->ill_bcast_mp->b_rptr + 3581 NCE_LL_ADDR_OFFSET(ill), 3582 hw_addr_len = ill->ill_phys_addr_length; 3583 } 3584 } 3585 3586 mutex_enter(&ipst->ips_ndp4->ndp_g_lock); 3587 IN6_IPADDR_TO_V4MAPPED(*addr, &addr6); 3588 nce = nce_lookup_addr(ill, &addr6); 3589 if (nce == NULL) { 3590 err = nce_add_v4(ill, hw_addr, hw_addr_len, addr, flags, 3591 state, &nce); 3592 } else { 3593 err = EEXIST; 3594 } 3595 mutex_exit(&ipst->ips_ndp4->ndp_g_lock); 3596 if (err == 0) 3597 err = nce_add_v4_postprocess(nce); 3598 3599 if (in_ill != ill && nce != NULL) { 3600 nce_t *under_nce; 3601 3602 /* 3603 * in_ill was the under_ill. Try to create the under_nce. 3604 * Hold the ill_g_lock to prevent changes to group membership 3605 * until we are done. 3606 */ 3607 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 3608 if (IS_IN_SAME_ILLGRP(in_ill, ill)) { 3609 under_nce = nce_fastpath_create(in_ill, 3610 nce->nce_common); 3611 upper_nce = nce; 3612 if ((nce = under_nce) == NULL) 3613 err = EINVAL; 3614 } 3615 rw_exit(&ipst->ips_ill_g_lock); 3616 if (under_nce != NULL && NCE_ISREACHABLE(nce->nce_common)) 3617 nce_fastpath_trigger(under_nce); 3618 } 3619 if (nce != NULL) { 3620 if (newnce != NULL) 3621 *newnce = nce; 3622 else 3623 nce_refrele(nce); 3624 } 3625 3626 if (under != NULL) 3627 ill_refrele(under); 3628 3629 if (upper_nce != NULL) 3630 nce_refrele(upper_nce); 3631 3632 if (need_ill_refrele) 3633 ill_refrele(ill); 3634 3635 return (err); 3636 } 3637 3638 /* 3639 * NDP Cache Entry creation routine for IPv4. 3640 * This routine must always be called with ndp4->ndp_g_lock held. 3641 * Prior to return, ncec_refcnt is incremented. 3642 * 3643 * IPMP notes: the ncec for non-local (i.e., !NCE_MYADDR(ncec) addresses 3644 * are always added pointing at the ipmp_ill. Thus, when the ill passed 3645 * to nce_add_v4 is an under_ill (i.e., IS_UNDER_IPMP(ill)) two nce_t 3646 * entries will be created, both pointing at the same ncec_t. The nce_t 3647 * entries will have their nce_ill set to the ipmp_ill and the under_ill 3648 * respectively, with the ncec_t having its ncec_ill pointing at the ipmp_ill. 3649 * Local addresses are always created on the ill passed to nce_add_v4. 3650 */ 3651 int 3652 nce_add_v4(ill_t *ill, uchar_t *hw_addr, uint_t hw_addr_len, 3653 const in_addr_t *addr, uint16_t flags, uint16_t state, nce_t **newnce) 3654 { 3655 int err; 3656 boolean_t is_multicast = (flags & NCE_F_MCAST); 3657 struct in6_addr addr6; 3658 nce_t *nce; 3659 3660 ASSERT(MUTEX_HELD(&ill->ill_ipst->ips_ndp4->ndp_g_lock)); 3661 ASSERT(!ill->ill_isv6); 3662 ASSERT(!IN_MULTICAST(htonl(*addr)) || is_multicast); 3663 3664 IN6_IPADDR_TO_V4MAPPED(*addr, &addr6); 3665 err = nce_add_common(ill, hw_addr, hw_addr_len, &addr6, flags, state, 3666 &nce); 3667 ASSERT(newnce != NULL); 3668 *newnce = nce; 3669 return (err); 3670 } 3671 3672 /* 3673 * Post-processing routine to be executed after nce_add_v4(). This function 3674 * triggers fastpath (if appropriate) and DAD on the newly added nce entry 3675 * and must be called without any locks held. 3676 * 3677 * Always returns 0, but we return an int to keep this symmetric with the 3678 * IPv6 counter-part. 3679 */ 3680 int 3681 nce_add_v4_postprocess(nce_t *nce) 3682 { 3683 ncec_t *ncec = nce->nce_common; 3684 uint16_t flags = ncec->ncec_flags; 3685 boolean_t ndp_need_dad = B_FALSE; 3686 boolean_t dropped; 3687 clock_t delay; 3688 ip_stack_t *ipst = ncec->ncec_ill->ill_ipst; 3689 uchar_t *hw_addr = ncec->ncec_lladdr; 3690 boolean_t trigger_fastpath = B_TRUE; 3691 3692 /* 3693 * If the hw_addr is NULL, typically for ND_INCOMPLETE nces, then 3694 * we call nce_fastpath as soon as the ncec is resolved in nce_process. 3695 * We call nce_fastpath from nce_update if the link layer address of 3696 * the peer changes from nce_update 3697 */ 3698 if (NCE_PUBLISH(ncec) || !NCE_ISREACHABLE(ncec) || (hw_addr == NULL && 3699 ncec->ncec_ill->ill_net_type != IRE_IF_NORESOLVER)) 3700 trigger_fastpath = B_FALSE; 3701 3702 if (trigger_fastpath) 3703 nce_fastpath_trigger(nce); 3704 3705 if (NCE_PUBLISH(ncec) && ncec->ncec_state == ND_PROBE) { 3706 /* 3707 * Either the caller (by passing in ND_PROBE) 3708 * or nce_add_common() (by the internally computed state 3709 * based on ncec_addr and ill_net_type) has determined 3710 * that this unicast entry needs DAD. Trigger DAD. 3711 */ 3712 ndp_need_dad = B_TRUE; 3713 } else if (flags & NCE_F_UNSOL_ADV) { 3714 /* 3715 * We account for the transmit below by assigning one 3716 * less than the ndd variable. Subsequent decrements 3717 * are done in nce_timer. 3718 */ 3719 mutex_enter(&ncec->ncec_lock); 3720 ncec->ncec_unsolicit_count = 3721 ipst->ips_ip_arp_publish_count - 1; 3722 mutex_exit(&ncec->ncec_lock); 3723 dropped = arp_announce(ncec); 3724 mutex_enter(&ncec->ncec_lock); 3725 if (dropped) 3726 ncec->ncec_unsolicit_count++; 3727 else 3728 ncec->ncec_last_time_defended = ddi_get_lbolt(); 3729 if (ncec->ncec_unsolicit_count != 0) { 3730 nce_start_timer(ncec, 3731 ipst->ips_ip_arp_publish_interval); 3732 } 3733 mutex_exit(&ncec->ncec_lock); 3734 } 3735 3736 /* 3737 * If ncec_xmit_interval is 0, user has configured us to send the first 3738 * probe right away. Do so, and set up for the subsequent probes. 3739 */ 3740 if (ndp_need_dad) { 3741 mutex_enter(&ncec->ncec_lock); 3742 if (ncec->ncec_pcnt == 0) { 3743 /* 3744 * DAD probes and announce can be 3745 * administratively disabled by setting the 3746 * probe_count to zero. Restart the timer in 3747 * this case to mark the ipif as ready. 3748 */ 3749 ncec->ncec_unsolicit_count = 0; 3750 mutex_exit(&ncec->ncec_lock); 3751 nce_restart_timer(ncec, 0); 3752 } else { 3753 mutex_exit(&ncec->ncec_lock); 3754 delay = ((ncec->ncec_flags & NCE_F_FAST) ? 3755 ipst->ips_arp_probe_delay : 3756 ipst->ips_arp_fastprobe_delay); 3757 nce_dad(ncec, NULL, (delay == 0 ? B_TRUE : B_FALSE)); 3758 } 3759 } 3760 return (0); 3761 } 3762 3763 /* 3764 * ncec_walk routine to update all entries that have a given destination or 3765 * gateway address and cached link layer (MAC) address. This is used when ARP 3766 * informs us that a network-to-link-layer mapping may have changed. 3767 */ 3768 void 3769 nce_update_hw_changed(ncec_t *ncec, void *arg) 3770 { 3771 nce_hw_map_t *hwm = arg; 3772 ipaddr_t ncec_addr; 3773 3774 if (ncec->ncec_state != ND_REACHABLE) 3775 return; 3776 3777 IN6_V4MAPPED_TO_IPADDR(&ncec->ncec_addr, ncec_addr); 3778 if (ncec_addr != hwm->hwm_addr) 3779 return; 3780 3781 mutex_enter(&ncec->ncec_lock); 3782 if (hwm->hwm_flags != 0) 3783 ncec->ncec_flags = hwm->hwm_flags; 3784 nce_update(ncec, ND_STALE, hwm->hwm_hwaddr); 3785 mutex_exit(&ncec->ncec_lock); 3786 } 3787 3788 void 3789 ncec_refhold(ncec_t *ncec) 3790 { 3791 mutex_enter(&(ncec)->ncec_lock); 3792 (ncec)->ncec_refcnt++; 3793 ASSERT((ncec)->ncec_refcnt != 0); 3794 #ifdef DEBUG 3795 ncec_trace_ref(ncec); 3796 #endif 3797 mutex_exit(&(ncec)->ncec_lock); 3798 } 3799 3800 void 3801 ncec_refhold_notr(ncec_t *ncec) 3802 { 3803 mutex_enter(&(ncec)->ncec_lock); 3804 (ncec)->ncec_refcnt++; 3805 ASSERT((ncec)->ncec_refcnt != 0); 3806 mutex_exit(&(ncec)->ncec_lock); 3807 } 3808 3809 static void 3810 ncec_refhold_locked(ncec_t *ncec) 3811 { 3812 ASSERT(MUTEX_HELD(&(ncec)->ncec_lock)); 3813 (ncec)->ncec_refcnt++; 3814 #ifdef DEBUG 3815 ncec_trace_ref(ncec); 3816 #endif 3817 } 3818 3819 /* ncec_inactive destroys the mutex thus no mutex_exit is needed */ 3820 void 3821 ncec_refrele(ncec_t *ncec) 3822 { 3823 mutex_enter(&(ncec)->ncec_lock); 3824 #ifdef DEBUG 3825 ncec_untrace_ref(ncec); 3826 #endif 3827 ASSERT((ncec)->ncec_refcnt != 0); 3828 if (--(ncec)->ncec_refcnt == 0) { 3829 ncec_inactive(ncec); 3830 } else { 3831 mutex_exit(&(ncec)->ncec_lock); 3832 } 3833 } 3834 3835 void 3836 ncec_refrele_notr(ncec_t *ncec) 3837 { 3838 mutex_enter(&(ncec)->ncec_lock); 3839 ASSERT((ncec)->ncec_refcnt != 0); 3840 if (--(ncec)->ncec_refcnt == 0) { 3841 ncec_inactive(ncec); 3842 } else { 3843 mutex_exit(&(ncec)->ncec_lock); 3844 } 3845 } 3846 3847 /* 3848 * Common to IPv4 and IPv6. 3849 */ 3850 void 3851 nce_restart_timer(ncec_t *ncec, uint_t ms) 3852 { 3853 timeout_id_t tid; 3854 3855 ASSERT(!MUTEX_HELD(&(ncec)->ncec_lock)); 3856 3857 /* First cancel any running timer */ 3858 mutex_enter(&ncec->ncec_lock); 3859 tid = ncec->ncec_timeout_id; 3860 ncec->ncec_timeout_id = 0; 3861 if (tid != 0) { 3862 mutex_exit(&ncec->ncec_lock); 3863 (void) untimeout(tid); 3864 mutex_enter(&ncec->ncec_lock); 3865 } 3866 3867 /* Restart timer */ 3868 nce_start_timer(ncec, ms); 3869 mutex_exit(&ncec->ncec_lock); 3870 } 3871 3872 static void 3873 nce_start_timer(ncec_t *ncec, uint_t ms) 3874 { 3875 ASSERT(MUTEX_HELD(&ncec->ncec_lock)); 3876 /* 3877 * Don't start the timer if the ncec has been deleted, or if the timer 3878 * is already running 3879 */ 3880 if (!NCE_ISCONDEMNED(ncec) && ncec->ncec_timeout_id == 0) { 3881 ncec->ncec_timeout_id = timeout(nce_timer, ncec, 3882 MSEC_TO_TICK(ms) == 0 ? 1 : MSEC_TO_TICK(ms)); 3883 } 3884 } 3885 3886 int 3887 nce_set_multicast_v4(ill_t *ill, const in_addr_t *dst, 3888 uint16_t flags, nce_t **newnce) 3889 { 3890 uchar_t *hw_addr; 3891 int err = 0; 3892 ip_stack_t *ipst = ill->ill_ipst; 3893 in6_addr_t dst6; 3894 nce_t *nce; 3895 3896 ASSERT(!ill->ill_isv6); 3897 3898 IN6_IPADDR_TO_V4MAPPED(*dst, &dst6); 3899 mutex_enter(&ipst->ips_ndp4->ndp_g_lock); 3900 if ((nce = nce_lookup_addr(ill, &dst6)) != NULL) { 3901 mutex_exit(&ipst->ips_ndp4->ndp_g_lock); 3902 goto done; 3903 } 3904 if (ill->ill_net_type == IRE_IF_RESOLVER) { 3905 /* 3906 * For IRE_IF_RESOLVER a hardware mapping can be 3907 * generated, for IRE_IF_NORESOLVER, resolution cookie 3908 * in the ill is copied in nce_add_v4(). 3909 */ 3910 hw_addr = kmem_alloc(ill->ill_phys_addr_length, KM_NOSLEEP); 3911 if (hw_addr == NULL) { 3912 mutex_exit(&ipst->ips_ndp4->ndp_g_lock); 3913 return (ENOMEM); 3914 } 3915 ip_mcast_mapping(ill, (uchar_t *)dst, hw_addr); 3916 } else { 3917 /* 3918 * IRE_IF_NORESOLVER type simply copies the resolution 3919 * cookie passed in. So no hw_addr is needed. 3920 */ 3921 hw_addr = NULL; 3922 } 3923 ASSERT(flags & NCE_F_MCAST); 3924 ASSERT(flags & NCE_F_NONUD); 3925 /* nce_state will be computed by nce_add_common() */ 3926 err = nce_add_v4(ill, hw_addr, ill->ill_phys_addr_length, dst, flags, 3927 ND_UNCHANGED, &nce); 3928 mutex_exit(&ipst->ips_ndp4->ndp_g_lock); 3929 if (err == 0) 3930 err = nce_add_v4_postprocess(nce); 3931 if (hw_addr != NULL) 3932 kmem_free(hw_addr, ill->ill_phys_addr_length); 3933 if (err != 0) { 3934 ip1dbg(("nce_set_multicast_v4: create failed" "%d\n", err)); 3935 return (err); 3936 } 3937 done: 3938 if (newnce != NULL) 3939 *newnce = nce; 3940 else 3941 nce_refrele(nce); 3942 return (0); 3943 } 3944 3945 /* 3946 * This is used when scanning for "old" (least recently broadcast) NCEs. We 3947 * don't want to have to walk the list for every single one, so we gather up 3948 * batches at a time. 3949 */ 3950 #define NCE_RESCHED_LIST_LEN 8 3951 3952 typedef struct { 3953 ill_t *ncert_ill; 3954 uint_t ncert_num; 3955 ncec_t *ncert_nces[NCE_RESCHED_LIST_LEN]; 3956 } nce_resched_t; 3957 3958 /* 3959 * Pick the longest waiting NCEs for defense. 3960 */ 3961 /* ARGSUSED */ 3962 static int 3963 ncec_reschedule(ill_t *ill, nce_t *nce, void *arg) 3964 { 3965 nce_resched_t *ncert = arg; 3966 ncec_t **ncecs; 3967 ncec_t **ncec_max; 3968 ncec_t *ncec_temp; 3969 ncec_t *ncec = nce->nce_common; 3970 3971 ASSERT(ncec->ncec_ill == ncert->ncert_ill); 3972 /* 3973 * Only reachable entries that are ready for announcement are eligible. 3974 */ 3975 if (!NCE_MYADDR(ncec) || ncec->ncec_state != ND_REACHABLE) 3976 return (0); 3977 if (ncert->ncert_num < NCE_RESCHED_LIST_LEN) { 3978 ncec_refhold(ncec); 3979 ncert->ncert_nces[ncert->ncert_num++] = ncec; 3980 } else { 3981 ncecs = ncert->ncert_nces; 3982 ncec_max = ncecs + NCE_RESCHED_LIST_LEN; 3983 ncec_refhold(ncec); 3984 for (; ncecs < ncec_max; ncecs++) { 3985 ASSERT(ncec != NULL); 3986 if ((*ncecs)->ncec_last_time_defended > 3987 ncec->ncec_last_time_defended) { 3988 ncec_temp = *ncecs; 3989 *ncecs = ncec; 3990 ncec = ncec_temp; 3991 } 3992 } 3993 ncec_refrele(ncec); 3994 } 3995 return (0); 3996 } 3997 3998 /* 3999 * Reschedule the ARP defense of any long-waiting NCEs. It's assumed that this 4000 * doesn't happen very often (if at all), and thus it needn't be highly 4001 * optimized. (Note, though, that it's actually O(N) complexity, because the 4002 * outer loop is bounded by a constant rather than by the length of the list.) 4003 */ 4004 static void 4005 nce_ill_reschedule(ill_t *ill, nce_resched_t *ncert) 4006 { 4007 ncec_t *ncec; 4008 ip_stack_t *ipst = ill->ill_ipst; 4009 uint_t i, defend_rate; 4010 4011 i = ill->ill_defend_count; 4012 ill->ill_defend_count = 0; 4013 if (ill->ill_isv6) 4014 defend_rate = ipst->ips_ndp_defend_rate; 4015 else 4016 defend_rate = ipst->ips_arp_defend_rate; 4017 /* If none could be sitting around, then don't reschedule */ 4018 if (i < defend_rate) { 4019 DTRACE_PROBE1(reschedule_none, ill_t *, ill); 4020 return; 4021 } 4022 ncert->ncert_ill = ill; 4023 while (ill->ill_defend_count < defend_rate) { 4024 nce_walk_common(ill, ncec_reschedule, ncert); 4025 for (i = 0; i < ncert->ncert_num; i++) { 4026 4027 ncec = ncert->ncert_nces[i]; 4028 mutex_enter(&ncec->ncec_lock); 4029 ncec->ncec_flags |= NCE_F_DELAYED; 4030 mutex_exit(&ncec->ncec_lock); 4031 /* 4032 * we plan to schedule this ncec, so incr the 4033 * defend_count in anticipation. 4034 */ 4035 if (++ill->ill_defend_count >= defend_rate) 4036 break; 4037 } 4038 if (ncert->ncert_num < NCE_RESCHED_LIST_LEN) 4039 break; 4040 } 4041 } 4042 4043 /* 4044 * Check if the current rate-limiting parameters permit the sending 4045 * of another address defense announcement for both IPv4 and IPv6. 4046 * Returns B_TRUE if rate-limiting is in effect (i.e., send is not 4047 * permitted), and B_FALSE otherwise. The `defend_rate' parameter 4048 * determines how many address defense announcements are permitted 4049 * in any `defense_perio' interval. 4050 */ 4051 static boolean_t 4052 ill_defend_rate_limit(ill_t *ill, ncec_t *ncec) 4053 { 4054 clock_t now = ddi_get_lbolt(); 4055 ip_stack_t *ipst = ill->ill_ipst; 4056 clock_t start = ill->ill_defend_start; 4057 uint32_t elapsed, defend_period, defend_rate; 4058 nce_resched_t ncert; 4059 boolean_t ret; 4060 int i; 4061 4062 if (ill->ill_isv6) { 4063 defend_period = ipst->ips_ndp_defend_period; 4064 defend_rate = ipst->ips_ndp_defend_rate; 4065 } else { 4066 defend_period = ipst->ips_arp_defend_period; 4067 defend_rate = ipst->ips_arp_defend_rate; 4068 } 4069 if (defend_rate == 0) 4070 return (B_TRUE); 4071 bzero(&ncert, sizeof (ncert)); 4072 mutex_enter(&ill->ill_lock); 4073 if (start > 0) { 4074 elapsed = now - start; 4075 if (elapsed > SEC_TO_TICK(defend_period)) { 4076 ill->ill_defend_start = now; 4077 /* 4078 * nce_ill_reschedule will attempt to 4079 * prevent starvation by reschduling the 4080 * oldest entries, which are marked with 4081 * the NCE_F_DELAYED flag. 4082 */ 4083 nce_ill_reschedule(ill, &ncert); 4084 } 4085 } else { 4086 ill->ill_defend_start = now; 4087 } 4088 ASSERT(ill->ill_defend_count <= defend_rate); 4089 mutex_enter(&ncec->ncec_lock); 4090 if (ncec->ncec_flags & NCE_F_DELAYED) { 4091 /* 4092 * This ncec was rescheduled as one of the really old 4093 * entries needing on-going defense. The 4094 * ill_defend_count was already incremented in 4095 * nce_ill_reschedule. Go ahead and send the announce. 4096 */ 4097 ncec->ncec_flags &= ~NCE_F_DELAYED; 4098 mutex_exit(&ncec->ncec_lock); 4099 ret = B_FALSE; 4100 goto done; 4101 } 4102 mutex_exit(&ncec->ncec_lock); 4103 if (ill->ill_defend_count < defend_rate) 4104 ill->ill_defend_count++; 4105 if (ill->ill_defend_count == defend_rate) { 4106 /* 4107 * we are no longer allowed to send unbidden defense 4108 * messages. Wait for rescheduling. 4109 */ 4110 ret = B_TRUE; 4111 } else { 4112 ret = B_FALSE; 4113 } 4114 done: 4115 mutex_exit(&ill->ill_lock); 4116 /* 4117 * After all the locks have been dropped we can restart nce timer, 4118 * and refrele the delayed ncecs 4119 */ 4120 for (i = 0; i < ncert.ncert_num; i++) { 4121 clock_t xmit_interval; 4122 ncec_t *tmp; 4123 4124 tmp = ncert.ncert_nces[i]; 4125 xmit_interval = nce_fuzz_interval(tmp->ncec_xmit_interval, 4126 B_FALSE); 4127 nce_restart_timer(tmp, xmit_interval); 4128 ncec_refrele(tmp); 4129 } 4130 return (ret); 4131 } 4132 4133 boolean_t 4134 ndp_announce(ncec_t *ncec) 4135 { 4136 return (ndp_xmit(ncec->ncec_ill, ND_NEIGHBOR_ADVERT, ncec->ncec_lladdr, 4137 ncec->ncec_lladdr_length, &ncec->ncec_addr, &ipv6_all_hosts_mcast, 4138 nce_advert_flags(ncec))); 4139 } 4140 4141 ill_t * 4142 nce_resolve_src(ncec_t *ncec, in6_addr_t *src) 4143 { 4144 mblk_t *mp; 4145 in6_addr_t src6; 4146 ipaddr_t src4; 4147 ill_t *ill = ncec->ncec_ill; 4148 ill_t *src_ill = NULL; 4149 ipif_t *ipif = NULL; 4150 boolean_t is_myaddr = NCE_MYADDR(ncec); 4151 boolean_t isv6 = (ncec->ncec_ipversion == IPV6_VERSION); 4152 4153 ASSERT(src != NULL); 4154 ASSERT(IN6_IS_ADDR_UNSPECIFIED(src)); 4155 src6 = *src; 4156 if (is_myaddr) { 4157 src6 = ncec->ncec_addr; 4158 if (!isv6) 4159 IN6_V4MAPPED_TO_IPADDR(&ncec->ncec_addr, src4); 4160 } else { 4161 /* 4162 * try to find one from the outgoing packet. 4163 */ 4164 mutex_enter(&ncec->ncec_lock); 4165 mp = ncec->ncec_qd_mp; 4166 if (mp != NULL) { 4167 if (isv6) { 4168 ip6_t *ip6h = (ip6_t *)mp->b_rptr; 4169 4170 src6 = ip6h->ip6_src; 4171 } else { 4172 ipha_t *ipha = (ipha_t *)mp->b_rptr; 4173 4174 src4 = ipha->ipha_src; 4175 IN6_IPADDR_TO_V4MAPPED(src4, &src6); 4176 } 4177 } 4178 mutex_exit(&ncec->ncec_lock); 4179 } 4180 4181 /* 4182 * For outgoing packets, if the src of outgoing packet is one 4183 * of the assigned interface addresses use it, otherwise we 4184 * will pick the source address below. 4185 * For local addresses (is_myaddr) doing DAD, NDP announce 4186 * messages are mcast. So we use the (IPMP) cast_ill or the 4187 * (non-IPMP) ncec_ill for these message types. The only case 4188 * of unicast DAD messages are for IPv6 ND probes, for which 4189 * we find the ipif_bound_ill corresponding to the ncec_addr. 4190 */ 4191 if (!IN6_IS_ADDR_UNSPECIFIED(&src6) || is_myaddr) { 4192 if (isv6) { 4193 ipif = ipif_lookup_addr_nondup_v6(&src6, ill, ALL_ZONES, 4194 ill->ill_ipst); 4195 } else { 4196 ipif = ipif_lookup_addr_nondup(src4, ill, ALL_ZONES, 4197 ill->ill_ipst); 4198 } 4199 4200 /* 4201 * If no relevant ipif can be found, then it's not one of our 4202 * addresses. Reset to :: and try to find a src for the NS or 4203 * ARP request using ipif_select_source_v[4,6] below. 4204 * If an ipif can be found, but it's not yet done with 4205 * DAD verification, and we are not being invoked for 4206 * DAD (i.e., !is_myaddr), then just postpone this 4207 * transmission until later. 4208 */ 4209 if (ipif == NULL) { 4210 src6 = ipv6_all_zeros; 4211 src4 = INADDR_ANY; 4212 } else if (!ipif->ipif_addr_ready && !is_myaddr) { 4213 DTRACE_PROBE2(nce__resolve__ipif__not__ready, 4214 ncec_t *, ncec, ipif_t *, ipif); 4215 ipif_refrele(ipif); 4216 return (NULL); 4217 } 4218 } 4219 4220 if (IN6_IS_ADDR_UNSPECIFIED(&src6) && !is_myaddr) { 4221 /* 4222 * Pick a source address for this solicitation, but 4223 * restrict the selection to addresses assigned to the 4224 * output interface. We do this because the destination will 4225 * create a neighbor cache entry for the source address of 4226 * this packet, so the source address had better be a valid 4227 * neighbor. 4228 */ 4229 if (isv6) { 4230 ipif = ipif_select_source_v6(ill, &ncec->ncec_addr, 4231 B_TRUE, IPV6_PREFER_SRC_DEFAULT, ALL_ZONES, 4232 B_FALSE, NULL); 4233 } else { 4234 ipaddr_t nce_addr; 4235 4236 IN6_V4MAPPED_TO_IPADDR(&ncec->ncec_addr, nce_addr); 4237 ipif = ipif_select_source_v4(ill, nce_addr, ALL_ZONES, 4238 B_FALSE, NULL); 4239 } 4240 if (ipif == NULL && IS_IPMP(ill)) { 4241 ill_t *send_ill = ipmp_ill_get_xmit_ill(ill, B_TRUE); 4242 4243 if (send_ill != NULL) { 4244 if (isv6) { 4245 ipif = ipif_select_source_v6(send_ill, 4246 &ncec->ncec_addr, B_TRUE, 4247 IPV6_PREFER_SRC_DEFAULT, ALL_ZONES, 4248 B_FALSE, NULL); 4249 } else { 4250 IN6_V4MAPPED_TO_IPADDR(&ncec->ncec_addr, 4251 src4); 4252 ipif = ipif_select_source_v4(send_ill, 4253 src4, ALL_ZONES, B_TRUE, NULL); 4254 } 4255 ill_refrele(send_ill); 4256 } 4257 } 4258 4259 if (ipif == NULL) { 4260 char buf[INET6_ADDRSTRLEN]; 4261 4262 ip1dbg(("nce_resolve_src: No source ipif for dst %s\n", 4263 inet_ntop((isv6 ? AF_INET6 : AF_INET), 4264 (char *)&ncec->ncec_addr, buf, sizeof (buf)))); 4265 DTRACE_PROBE1(nce__resolve__no__ipif, ncec_t *, ncec); 4266 return (NULL); 4267 } 4268 src6 = ipif->ipif_v6lcl_addr; 4269 } 4270 *src = src6; 4271 if (ipif != NULL) { 4272 src_ill = ipif->ipif_ill; 4273 if (IS_IPMP(src_ill)) 4274 src_ill = ipmp_ipif_hold_bound_ill(ipif); 4275 else 4276 ill_refhold(src_ill); 4277 ipif_refrele(ipif); 4278 DTRACE_PROBE2(nce__resolve__src__ill, ncec_t *, ncec, 4279 ill_t *, src_ill); 4280 } 4281 return (src_ill); 4282 } 4283 4284 void 4285 ip_nce_lookup_and_update(ipaddr_t *addr, ipif_t *ipif, ip_stack_t *ipst, 4286 uchar_t *hwaddr, int hwaddr_len, int flags) 4287 { 4288 ill_t *ill; 4289 ncec_t *ncec; 4290 nce_t *nce; 4291 uint16_t new_state; 4292 4293 ill = (ipif ? ipif->ipif_ill : NULL); 4294 if (ill != NULL) { 4295 /* 4296 * only one ncec is possible 4297 */ 4298 nce = nce_lookup_v4(ill, addr); 4299 if (nce != NULL) { 4300 ncec = nce->nce_common; 4301 mutex_enter(&ncec->ncec_lock); 4302 if (NCE_ISREACHABLE(ncec)) 4303 new_state = ND_UNCHANGED; 4304 else 4305 new_state = ND_STALE; 4306 ncec->ncec_flags = flags; 4307 nce_update(ncec, new_state, hwaddr); 4308 mutex_exit(&ncec->ncec_lock); 4309 nce_refrele(nce); 4310 return; 4311 } 4312 } else { 4313 /* 4314 * ill is wildcard; clean up all ncec's and ire's 4315 * that match on addr. 4316 */ 4317 nce_hw_map_t hwm; 4318 4319 hwm.hwm_addr = *addr; 4320 hwm.hwm_hwlen = hwaddr_len; 4321 hwm.hwm_hwaddr = hwaddr; 4322 hwm.hwm_flags = flags; 4323 4324 ncec_walk_common(ipst->ips_ndp4, NULL, 4325 (pfi_t)nce_update_hw_changed, (uchar_t *)&hwm, B_TRUE); 4326 } 4327 } 4328 4329 /* 4330 * Common function to add ncec entries. 4331 * we always add the ncec with ncec_ill == ill, and always create 4332 * nce_t on ncec_ill. A dlpi fastpath message may be triggered if the 4333 * ncec is !reachable. 4334 * 4335 * When the caller passes in an nce_state of ND_UNCHANGED, 4336 * nce_add_common() will determine the state of the created nce based 4337 * on the ill_net_type and nce_flags used. Otherwise, the nce will 4338 * be created with state set to the passed in nce_state. 4339 */ 4340 static int 4341 nce_add_common(ill_t *ill, uchar_t *hw_addr, uint_t hw_addr_len, 4342 const in6_addr_t *addr, uint16_t flags, uint16_t nce_state, nce_t **retnce) 4343 { 4344 static ncec_t nce_nil; 4345 uchar_t *template = NULL; 4346 int err; 4347 ncec_t *ncec; 4348 ncec_t **ncep; 4349 ip_stack_t *ipst = ill->ill_ipst; 4350 uint16_t state; 4351 boolean_t fastprobe = B_FALSE; 4352 struct ndp_g_s *ndp; 4353 nce_t *nce = NULL; 4354 mblk_t *dlur_mp = NULL; 4355 4356 if (ill->ill_isv6) 4357 ndp = ill->ill_ipst->ips_ndp6; 4358 else 4359 ndp = ill->ill_ipst->ips_ndp4; 4360 4361 *retnce = NULL; 4362 4363 ASSERT(MUTEX_HELD(&ndp->ndp_g_lock)); 4364 4365 if (IN6_IS_ADDR_UNSPECIFIED(addr)) { 4366 ip0dbg(("nce_add_common: no addr\n")); 4367 return (EINVAL); 4368 } 4369 if ((flags & ~NCE_EXTERNAL_FLAGS_MASK)) { 4370 ip0dbg(("nce_add_common: flags = %x\n", (int)flags)); 4371 return (EINVAL); 4372 } 4373 4374 if (ill->ill_isv6) { 4375 ncep = ((ncec_t **)NCE_HASH_PTR_V6(ipst, *addr)); 4376 } else { 4377 ipaddr_t v4addr; 4378 4379 IN6_V4MAPPED_TO_IPADDR(addr, v4addr); 4380 ncep = ((ncec_t **)NCE_HASH_PTR_V4(ipst, v4addr)); 4381 } 4382 4383 /* 4384 * The caller has ensured that there is no nce on ill, but there could 4385 * still be an nce_common_t for the address, so that we find exisiting 4386 * ncec_t strucutures first, and atomically add a new nce_t if 4387 * one is found. The ndp_g_lock ensures that we don't cross threads 4388 * with an ncec_delete(). Unlike ncec_lookup_illgrp() we do not 4389 * compare for matches across the illgrp because this function is 4390 * called via nce_lookup_then_add_v* -> nce_add_v* -> nce_add_common, 4391 * with the nce_lookup_then_add_v* passing in the ipmp_ill where 4392 * appropriate. 4393 */ 4394 ncec = *ncep; 4395 for (; ncec != NULL; ncec = ncec->ncec_next) { 4396 if (ncec->ncec_ill == ill) { 4397 if (IN6_ARE_ADDR_EQUAL(&ncec->ncec_addr, addr)) { 4398 *retnce = nce_ill_lookup_then_add(ill, ncec); 4399 if (*retnce != NULL) 4400 break; 4401 } 4402 } 4403 } 4404 if (*retnce != NULL) { 4405 /* 4406 * We should never find *retnce to be MYADDR, since the caller 4407 * may then incorrectly restart a DAD timer that's already 4408 * running. 4409 */ 4410 ASSERT(!NCE_MYADDR(ncec)); 4411 /* caller must trigger fastpath on nce */ 4412 return (0); 4413 } 4414 ncec = kmem_cache_alloc(ncec_cache, KM_NOSLEEP); 4415 if (ncec == NULL) 4416 return (ENOMEM); 4417 *ncec = nce_nil; 4418 ncec->ncec_ill = ill; 4419 ncec->ncec_ipversion = (ill->ill_isv6 ? IPV6_VERSION : IPV4_VERSION); 4420 ncec->ncec_flags = flags; 4421 ncec->ncec_ipst = ipst; /* No netstack_hold */ 4422 4423 if (!ill->ill_isv6) { 4424 ipaddr_t addr4; 4425 4426 /* 4427 * DAD probe interval and probe count are set based on 4428 * fast/slow probe settings. If the underlying link doesn't 4429 * have reliably up/down notifications or if we're working 4430 * with IPv4 169.254.0.0/16 Link Local Address space, then 4431 * don't use the fast timers. Otherwise, use them. 4432 */ 4433 ASSERT(IN6_IS_ADDR_V4MAPPED(addr)); 4434 IN6_V4MAPPED_TO_IPADDR(addr, addr4); 4435 if (ill->ill_note_link && !IS_IPV4_LL_SPACE(&addr4)) 4436 fastprobe = B_TRUE; 4437 if (fastprobe) { 4438 ncec->ncec_xmit_interval = 4439 ipst->ips_arp_fastprobe_interval; 4440 ncec->ncec_pcnt = 4441 ipst->ips_arp_fastprobe_count; 4442 ncec->ncec_flags |= NCE_F_FAST; 4443 } else { 4444 ncec->ncec_xmit_interval = 4445 ipst->ips_arp_probe_interval; 4446 ncec->ncec_pcnt = 4447 ipst->ips_arp_probe_count; 4448 } 4449 if (NCE_PUBLISH(ncec)) { 4450 ncec->ncec_unsolicit_count = 4451 ipst->ips_ip_arp_publish_count; 4452 } 4453 } else { 4454 /* 4455 * probe interval is constant: ILL_PROBE_INTERVAL 4456 * probe count is constant: ND_MAX_UNICAST_SOLICIT 4457 */ 4458 ncec->ncec_pcnt = ND_MAX_UNICAST_SOLICIT; 4459 if (NCE_PUBLISH(ncec)) { 4460 ncec->ncec_unsolicit_count = 4461 ipst->ips_ip_ndp_unsolicit_count; 4462 } 4463 } 4464 ncec->ncec_rcnt = ill->ill_xmit_count; 4465 ncec->ncec_addr = *addr; 4466 ncec->ncec_qd_mp = NULL; 4467 ncec->ncec_refcnt = 1; /* for ncec getting created */ 4468 mutex_init(&ncec->ncec_lock, NULL, MUTEX_DEFAULT, NULL); 4469 ncec->ncec_trace_disable = B_FALSE; 4470 4471 /* 4472 * ncec_lladdr holds link layer address 4473 */ 4474 if (hw_addr_len > 0) { 4475 template = kmem_alloc(hw_addr_len, KM_NOSLEEP); 4476 if (template == NULL) { 4477 err = ENOMEM; 4478 goto err_ret; 4479 } 4480 ncec->ncec_lladdr = template; 4481 ncec->ncec_lladdr_length = hw_addr_len; 4482 bzero(ncec->ncec_lladdr, hw_addr_len); 4483 } 4484 if ((flags & NCE_F_BCAST) != 0) { 4485 state = ND_REACHABLE; 4486 ASSERT(hw_addr_len > 0); 4487 } else if (ill->ill_net_type == IRE_IF_RESOLVER) { 4488 state = ND_INITIAL; 4489 } else if (ill->ill_net_type == IRE_IF_NORESOLVER) { 4490 /* 4491 * NORESOLVER entries are always created in the REACHABLE 4492 * state. 4493 */ 4494 state = ND_REACHABLE; 4495 if (ill->ill_phys_addr_length == IP_ADDR_LEN && 4496 ill->ill_mactype != DL_IPV4 && 4497 ill->ill_mactype != DL_6TO4) { 4498 /* 4499 * We create a nce_res_mp with the IP nexthop address 4500 * as the destination address if the physical length 4501 * is exactly 4 bytes for point-to-multipoint links 4502 * that do their own resolution from IP to link-layer 4503 * address (e.g. IP over X.25). 4504 */ 4505 bcopy((uchar_t *)addr, 4506 ncec->ncec_lladdr, ill->ill_phys_addr_length); 4507 } 4508 if (ill->ill_phys_addr_length == IPV6_ADDR_LEN && 4509 ill->ill_mactype != DL_IPV6) { 4510 /* 4511 * We create a nce_res_mp with the IP nexthop address 4512 * as the destination address if the physical legnth 4513 * is exactly 16 bytes for point-to-multipoint links 4514 * that do their own resolution from IP to link-layer 4515 * address. 4516 */ 4517 bcopy((uchar_t *)addr, 4518 ncec->ncec_lladdr, ill->ill_phys_addr_length); 4519 } 4520 /* 4521 * Since NUD is not part of the base IPv4 protocol definition, 4522 * IPv4 neighbor entries on NORESOLVER interfaces will never 4523 * age, and are marked NCE_F_NONUD. 4524 */ 4525 if (!ill->ill_isv6) 4526 ncec->ncec_flags |= NCE_F_NONUD; 4527 } else if (ill->ill_net_type == IRE_LOOPBACK) { 4528 state = ND_REACHABLE; 4529 } 4530 4531 if (hw_addr != NULL || ill->ill_net_type == IRE_IF_NORESOLVER) { 4532 /* 4533 * We are adding an ncec with a deterministic hw_addr, 4534 * so the state can only be one of {REACHABLE, STALE, PROBE}. 4535 * 4536 * if we are adding a unicast ncec for the local address 4537 * it would be REACHABLE; we would be adding a ND_STALE entry 4538 * for the requestor of an ARP_REQUEST/ND_SOLICIT. Our own 4539 * addresses are added in PROBE to trigger DAD. 4540 */ 4541 if ((flags & (NCE_F_MCAST|NCE_F_BCAST)) || 4542 ill->ill_net_type == IRE_IF_NORESOLVER) 4543 state = ND_REACHABLE; 4544 else if (!NCE_PUBLISH(ncec)) 4545 state = ND_STALE; 4546 else 4547 state = ND_PROBE; 4548 if (hw_addr != NULL) 4549 nce_set_ll(ncec, hw_addr); 4550 } 4551 /* caller overrides internally computed state */ 4552 if (nce_state != ND_UNCHANGED) 4553 state = nce_state; 4554 4555 if (state == ND_PROBE) 4556 ncec->ncec_flags |= NCE_F_UNVERIFIED; 4557 4558 ncec->ncec_state = state; 4559 4560 if (state == ND_REACHABLE) { 4561 ncec->ncec_last = ncec->ncec_init_time = 4562 TICK_TO_MSEC(ddi_get_lbolt64()); 4563 } else { 4564 ncec->ncec_last = 0; 4565 if (state == ND_INITIAL) 4566 ncec->ncec_init_time = TICK_TO_MSEC(ddi_get_lbolt64()); 4567 } 4568 list_create(&ncec->ncec_cb, sizeof (ncec_cb_t), 4569 offsetof(ncec_cb_t, ncec_cb_node)); 4570 /* 4571 * have all the memory allocations out of the way before taking locks 4572 * and adding the nce. 4573 */ 4574 nce = kmem_cache_alloc(nce_cache, KM_NOSLEEP); 4575 if (nce == NULL) { 4576 err = ENOMEM; 4577 goto err_ret; 4578 } 4579 if (ncec->ncec_lladdr != NULL || 4580 ill->ill_net_type == IRE_IF_NORESOLVER) { 4581 dlur_mp = ill_dlur_gen(ncec->ncec_lladdr, 4582 ill->ill_phys_addr_length, ill->ill_sap, 4583 ill->ill_sap_length); 4584 if (dlur_mp == NULL) { 4585 err = ENOMEM; 4586 goto err_ret; 4587 } 4588 } 4589 4590 /* 4591 * Atomically ensure that the ill is not CONDEMNED, before 4592 * adding the NCE. 4593 */ 4594 mutex_enter(&ill->ill_lock); 4595 if (ill->ill_state_flags & ILL_CONDEMNED) { 4596 mutex_exit(&ill->ill_lock); 4597 err = EINVAL; 4598 goto err_ret; 4599 } 4600 if (!NCE_MYADDR(ncec) && 4601 (ill->ill_state_flags & ILL_DOWN_IN_PROGRESS)) { 4602 mutex_exit(&ill->ill_lock); 4603 DTRACE_PROBE1(nce__add__on__down__ill, ncec_t *, ncec); 4604 err = EINVAL; 4605 goto err_ret; 4606 } 4607 /* 4608 * Acquire the ncec_lock even before adding the ncec to the list 4609 * so that it cannot get deleted after the ncec is added, but 4610 * before we add the nce. 4611 */ 4612 mutex_enter(&ncec->ncec_lock); 4613 if ((ncec->ncec_next = *ncep) != NULL) 4614 ncec->ncec_next->ncec_ptpn = &ncec->ncec_next; 4615 *ncep = ncec; 4616 ncec->ncec_ptpn = ncep; 4617 4618 /* Bump up the number of ncec's referencing this ill */ 4619 DTRACE_PROBE3(ill__incr__cnt, (ill_t *), ill, 4620 (char *), "ncec", (void *), ncec); 4621 ill->ill_ncec_cnt++; 4622 /* 4623 * Since we hold the ncec_lock at this time, the ncec cannot be 4624 * condemned, and we can safely add the nce. 4625 */ 4626 *retnce = nce_add_impl(ill, ncec, nce, dlur_mp); 4627 mutex_exit(&ncec->ncec_lock); 4628 mutex_exit(&ill->ill_lock); 4629 4630 /* caller must trigger fastpath on *retnce */ 4631 return (0); 4632 4633 err_ret: 4634 if (ncec != NULL) 4635 kmem_cache_free(ncec_cache, ncec); 4636 if (nce != NULL) 4637 kmem_cache_free(nce_cache, nce); 4638 freemsg(dlur_mp); 4639 if (template != NULL) 4640 kmem_free(template, ill->ill_phys_addr_length); 4641 return (err); 4642 } 4643 4644 /* 4645 * take a ref on the nce 4646 */ 4647 void 4648 nce_refhold(nce_t *nce) 4649 { 4650 mutex_enter(&nce->nce_lock); 4651 nce->nce_refcnt++; 4652 ASSERT((nce)->nce_refcnt != 0); 4653 mutex_exit(&nce->nce_lock); 4654 } 4655 4656 /* 4657 * release a ref on the nce; In general, this 4658 * cannot be called with locks held because nce_inactive 4659 * may result in nce_inactive which will take the ill_lock, 4660 * do ipif_ill_refrele_tail etc. Thus the one exception 4661 * where this can be called with locks held is when the caller 4662 * is certain that the nce_refcnt is sufficient to prevent 4663 * the invocation of nce_inactive. 4664 */ 4665 void 4666 nce_refrele(nce_t *nce) 4667 { 4668 ASSERT((nce)->nce_refcnt != 0); 4669 mutex_enter(&nce->nce_lock); 4670 if (--nce->nce_refcnt == 0) 4671 nce_inactive(nce); /* destroys the mutex */ 4672 else 4673 mutex_exit(&nce->nce_lock); 4674 } 4675 4676 /* 4677 * free the nce after all refs have gone away. 4678 */ 4679 static void 4680 nce_inactive(nce_t *nce) 4681 { 4682 ill_t *ill = nce->nce_ill; 4683 4684 ASSERT(nce->nce_refcnt == 0); 4685 4686 ncec_refrele_notr(nce->nce_common); 4687 nce->nce_common = NULL; 4688 freemsg(nce->nce_fp_mp); 4689 freemsg(nce->nce_dlur_mp); 4690 4691 mutex_enter(&ill->ill_lock); 4692 DTRACE_PROBE3(ill__decr__cnt, (ill_t *), ill, 4693 (char *), "nce", (void *), nce); 4694 ill->ill_nce_cnt--; 4695 nce->nce_ill = NULL; 4696 /* 4697 * If the number of ncec's associated with this ill have dropped 4698 * to zero, check whether we need to restart any operation that 4699 * is waiting for this to happen. 4700 */ 4701 if (ILL_DOWN_OK(ill)) { 4702 /* ipif_ill_refrele_tail drops the ill_lock */ 4703 ipif_ill_refrele_tail(ill); 4704 } else { 4705 mutex_exit(&ill->ill_lock); 4706 } 4707 4708 mutex_destroy(&nce->nce_lock); 4709 kmem_cache_free(nce_cache, nce); 4710 } 4711 4712 /* 4713 * Add an nce to the ill_nce list. 4714 */ 4715 static nce_t * 4716 nce_add_impl(ill_t *ill, ncec_t *ncec, nce_t *nce, mblk_t *dlur_mp) 4717 { 4718 bzero(nce, sizeof (*nce)); 4719 mutex_init(&nce->nce_lock, NULL, MUTEX_DEFAULT, NULL); 4720 nce->nce_common = ncec; 4721 nce->nce_addr = ncec->ncec_addr; 4722 nce->nce_ill = ill; 4723 DTRACE_PROBE3(ill__incr__cnt, (ill_t *), ill, 4724 (char *), "nce", (void *), nce); 4725 ill->ill_nce_cnt++; 4726 4727 nce->nce_refcnt = 1; /* for the thread */ 4728 ncec->ncec_refcnt++; /* want ncec_refhold_locked_notr(ncec) */ 4729 nce->nce_dlur_mp = dlur_mp; 4730 4731 /* add nce to the ill's fastpath list. */ 4732 nce->nce_refcnt++; /* for the list */ 4733 list_insert_head(&ill->ill_nce, nce); 4734 return (nce); 4735 } 4736 4737 static nce_t * 4738 nce_add(ill_t *ill, ncec_t *ncec) 4739 { 4740 nce_t *nce; 4741 mblk_t *dlur_mp = NULL; 4742 4743 ASSERT(MUTEX_HELD(&ill->ill_lock)); 4744 ASSERT(MUTEX_HELD(&ncec->ncec_lock)); 4745 4746 nce = kmem_cache_alloc(nce_cache, KM_NOSLEEP); 4747 if (nce == NULL) 4748 return (NULL); 4749 if (ncec->ncec_lladdr != NULL || 4750 ill->ill_net_type == IRE_IF_NORESOLVER) { 4751 dlur_mp = ill_dlur_gen(ncec->ncec_lladdr, 4752 ill->ill_phys_addr_length, ill->ill_sap, 4753 ill->ill_sap_length); 4754 if (dlur_mp == NULL) { 4755 kmem_cache_free(nce_cache, nce); 4756 return (NULL); 4757 } 4758 } 4759 return (nce_add_impl(ill, ncec, nce, dlur_mp)); 4760 } 4761 4762 /* 4763 * remove the nce from the ill_faspath list 4764 */ 4765 void 4766 nce_delete(nce_t *nce) 4767 { 4768 ill_t *ill = nce->nce_ill; 4769 4770 ASSERT(MUTEX_HELD(&ill->ill_lock)); 4771 4772 mutex_enter(&nce->nce_lock); 4773 if (nce->nce_is_condemned) { 4774 /* 4775 * some other thread has removed this nce from the ill_nce list 4776 */ 4777 mutex_exit(&nce->nce_lock); 4778 return; 4779 } 4780 nce->nce_is_condemned = B_TRUE; 4781 mutex_exit(&nce->nce_lock); 4782 4783 list_remove(&ill->ill_nce, nce); 4784 /* 4785 * even though we are holding the ill_lock, it is ok to 4786 * call nce_refrele here because we know that we should have 4787 * at least 2 refs on the nce: one for the thread, and one 4788 * for the list. The refrele below will release the one for 4789 * the list. 4790 */ 4791 nce_refrele(nce); 4792 } 4793 4794 nce_t * 4795 nce_lookup(ill_t *ill, const in6_addr_t *addr) 4796 { 4797 nce_t *nce = NULL; 4798 4799 ASSERT(ill != NULL); 4800 ASSERT(MUTEX_HELD(&ill->ill_lock)); 4801 4802 for (nce = list_head(&ill->ill_nce); nce != NULL; 4803 nce = list_next(&ill->ill_nce, nce)) { 4804 if (IN6_ARE_ADDR_EQUAL(&nce->nce_addr, addr)) 4805 break; 4806 } 4807 4808 /* 4809 * if we found the nce on the ill_nce list while holding 4810 * the ill_lock, then it cannot be condemned yet. 4811 */ 4812 if (nce != NULL) { 4813 ASSERT(!nce->nce_is_condemned); 4814 nce_refhold(nce); 4815 } 4816 return (nce); 4817 } 4818 4819 /* 4820 * Walk the ill_nce list on ill. The callback function func() cannot perform 4821 * any destructive actions. 4822 */ 4823 static void 4824 nce_walk_common(ill_t *ill, pfi_t func, void *arg) 4825 { 4826 nce_t *nce = NULL, *nce_next; 4827 4828 ASSERT(MUTEX_HELD(&ill->ill_lock)); 4829 for (nce = list_head(&ill->ill_nce); nce != NULL; ) { 4830 nce_next = list_next(&ill->ill_nce, nce); 4831 if (func(ill, nce, arg) != 0) 4832 break; 4833 nce = nce_next; 4834 } 4835 } 4836 4837 void 4838 nce_walk(ill_t *ill, pfi_t func, void *arg) 4839 { 4840 mutex_enter(&ill->ill_lock); 4841 nce_walk_common(ill, func, arg); 4842 mutex_exit(&ill->ill_lock); 4843 } 4844 4845 void 4846 nce_flush(ill_t *ill, boolean_t flushall) 4847 { 4848 nce_t *nce, *nce_next; 4849 list_t dead; 4850 4851 list_create(&dead, sizeof (nce_t), offsetof(nce_t, nce_node)); 4852 mutex_enter(&ill->ill_lock); 4853 for (nce = list_head(&ill->ill_nce); nce != NULL; ) { 4854 nce_next = list_next(&ill->ill_nce, nce); 4855 if (!flushall && NCE_PUBLISH(nce->nce_common)) { 4856 nce = nce_next; 4857 continue; 4858 } 4859 /* 4860 * nce_delete requires that the caller should either not 4861 * be holding locks, or should hold a ref to ensure that 4862 * we wont hit ncec_inactive. So take a ref and clean up 4863 * after the list is flushed. 4864 */ 4865 nce_refhold(nce); 4866 nce_delete(nce); 4867 list_insert_tail(&dead, nce); 4868 nce = nce_next; 4869 } 4870 mutex_exit(&ill->ill_lock); 4871 while ((nce = list_head(&dead)) != NULL) { 4872 list_remove(&dead, nce); 4873 nce_refrele(nce); 4874 } 4875 ASSERT(list_is_empty(&dead)); 4876 list_destroy(&dead); 4877 } 4878 4879 /* Return an interval that is anywhere in the [1 .. intv] range */ 4880 static clock_t 4881 nce_fuzz_interval(clock_t intv, boolean_t initial_time) 4882 { 4883 clock_t rnd, frac; 4884 4885 (void) random_get_pseudo_bytes((uint8_t *)&rnd, sizeof (rnd)); 4886 /* Note that clock_t is signed; must chop off bits */ 4887 rnd &= (1ul << (NBBY * sizeof (rnd) - 1)) - 1; 4888 if (initial_time) { 4889 if (intv <= 0) 4890 intv = 1; 4891 else 4892 intv = (rnd % intv) + 1; 4893 } else { 4894 /* Compute 'frac' as 20% of the configured interval */ 4895 if ((frac = intv / 5) <= 1) 4896 frac = 2; 4897 /* Set intv randomly in the range [intv-frac .. intv+frac] */ 4898 if ((intv = intv - frac + rnd % (2 * frac + 1)) <= 0) 4899 intv = 1; 4900 } 4901 return (intv); 4902 } 4903 4904 void 4905 nce_resolv_ipmp_ok(ncec_t *ncec) 4906 { 4907 mblk_t *mp; 4908 uint_t pkt_len; 4909 iaflags_t ixaflags = IXAF_NO_TRACE; 4910 nce_t *under_nce; 4911 ill_t *ill = ncec->ncec_ill; 4912 boolean_t isv6 = (ncec->ncec_ipversion == IPV6_VERSION); 4913 ipif_t *src_ipif = NULL; 4914 ip_stack_t *ipst = ill->ill_ipst; 4915 ill_t *send_ill; 4916 uint_t nprobes; 4917 4918 ASSERT(IS_IPMP(ill)); 4919 4920 mutex_enter(&ncec->ncec_lock); 4921 nprobes = ncec->ncec_nprobes; 4922 mp = ncec->ncec_qd_mp; 4923 ncec->ncec_qd_mp = NULL; 4924 ncec->ncec_nprobes = 0; 4925 mutex_exit(&ncec->ncec_lock); 4926 4927 while (mp != NULL) { 4928 mblk_t *nxt_mp; 4929 4930 nxt_mp = mp->b_next; 4931 mp->b_next = NULL; 4932 if (isv6) { 4933 ip6_t *ip6h = (ip6_t *)mp->b_rptr; 4934 4935 pkt_len = ntohs(ip6h->ip6_plen) + IPV6_HDR_LEN; 4936 src_ipif = ipif_lookup_addr_nondup_v6(&ip6h->ip6_src, 4937 ill, ALL_ZONES, ipst); 4938 } else { 4939 ipha_t *ipha = (ipha_t *)mp->b_rptr; 4940 4941 ixaflags |= IXAF_IS_IPV4; 4942 pkt_len = ntohs(ipha->ipha_length); 4943 src_ipif = ipif_lookup_addr_nondup(ipha->ipha_src, 4944 ill, ALL_ZONES, ipst); 4945 } 4946 4947 /* 4948 * find a new nce based on an under_ill. The first IPMP probe 4949 * packet gets queued, so we could still find a src_ipif that 4950 * matches an IPMP test address. 4951 */ 4952 if (src_ipif == NULL || IS_IPMP(src_ipif->ipif_ill)) { 4953 /* 4954 * if src_ipif is null, this could be either a 4955 * forwarded packet or a probe whose src got deleted. 4956 * We identify the former case by looking for the 4957 * ncec_nprobes: the first ncec_nprobes packets are 4958 * probes; 4959 */ 4960 if (src_ipif == NULL && nprobes > 0) 4961 goto drop_pkt; 4962 4963 /* 4964 * For forwarded packets, we use the ipmp rotor 4965 * to find send_ill. 4966 */ 4967 send_ill = ipmp_ill_get_xmit_ill(ncec->ncec_ill, 4968 B_TRUE); 4969 } else { 4970 send_ill = src_ipif->ipif_ill; 4971 ill_refhold(send_ill); 4972 } 4973 4974 DTRACE_PROBE4(nce__resolve__ipmp, (mblk_t *), mp, 4975 (ncec_t *), ncec, (ipif_t *), 4976 src_ipif, (ill_t *), send_ill); 4977 4978 if (send_ill == NULL) { 4979 if (src_ipif != NULL) 4980 ipif_refrele(src_ipif); 4981 goto drop_pkt; 4982 } 4983 /* create an under_nce on send_ill */ 4984 rw_enter(&ipst->ips_ill_g_lock, RW_READER); 4985 if (IS_IN_SAME_ILLGRP(send_ill, ncec->ncec_ill)) 4986 under_nce = nce_fastpath_create(send_ill, ncec); 4987 else 4988 under_nce = NULL; 4989 rw_exit(&ipst->ips_ill_g_lock); 4990 if (under_nce != NULL && NCE_ISREACHABLE(ncec)) 4991 nce_fastpath_trigger(under_nce); 4992 4993 ill_refrele(send_ill); 4994 if (src_ipif != NULL) 4995 ipif_refrele(src_ipif); 4996 4997 if (under_nce != NULL) { 4998 (void) ip_xmit(mp, under_nce, ixaflags, pkt_len, 0, 4999 ALL_ZONES, 0, NULL); 5000 nce_refrele(under_nce); 5001 if (nprobes > 0) 5002 nprobes--; 5003 mp = nxt_mp; 5004 continue; 5005 } 5006 drop_pkt: 5007 if (isv6) { 5008 BUMP_MIB(&ipst->ips_ip6_mib, ipIfStatsOutDiscards); 5009 } else { 5010 BUMP_MIB(&ipst->ips_ip_mib, ipIfStatsOutDiscards); 5011 } 5012 ip_drop_output("ipIfStatsOutDiscards - no under_ill", mp, NULL); 5013 freemsg(mp); 5014 if (nprobes > 0) 5015 nprobes--; 5016 mp = nxt_mp; 5017 } 5018 ncec_cb_dispatch(ncec); /* complete callbacks */ 5019 } 5020