151 .pr_ctloutput = rip6_ctloutput,
152 .pr_usrreqs = &rip6_usrreqs
153};
154static int pim6_encapcheck(const struct mbuf *, int, int, void *);
155
156static VNET_DEFINE(int, ip6_mrouter_ver) = 0;
157#define V_ip6_mrouter_ver VNET(ip6_mrouter_ver)
158
159SYSCTL_DECL(_net_inet6);
160SYSCTL_DECL(_net_inet6_ip6);
161static SYSCTL_NODE(_net_inet6, IPPROTO_PIM, pim, CTLFLAG_RW, 0, "PIM");
162
163static struct mrt6stat mrt6stat;
164SYSCTL_STRUCT(_net_inet6_ip6, OID_AUTO, mrt6stat, CTLFLAG_RW,
165 &mrt6stat, mrt6stat,
166 "Multicast Routing Statistics (struct mrt6stat, netinet6/ip6_mroute.h)");
167
168#define MRT6STAT_INC(name) mrt6stat.name += 1
169#define NO_RTE_FOUND 0x1
170#define RTE_FOUND 0x2
171
172static struct mtx mrouter6_mtx;
173#define MROUTER6_LOCK() mtx_lock(&mrouter6_mtx)
174#define MROUTER6_UNLOCK() mtx_unlock(&mrouter6_mtx)
175#define MROUTER6_LOCK_ASSERT() do { \
176 mtx_assert(&mrouter6_mtx, MA_OWNED); \
177 NET_ASSERT_GIANT(); \
178} while (0)
179#define MROUTER6_LOCK_INIT() \
180 mtx_init(&mrouter6_mtx, "IPv6 multicast forwarding", NULL, MTX_DEF)
181#define MROUTER6_LOCK_DESTROY() mtx_destroy(&mrouter6_mtx)
182
183static struct mf6c *mf6ctable[MF6CTBLSIZ];
184SYSCTL_OPAQUE(_net_inet6_ip6, OID_AUTO, mf6ctable, CTLFLAG_RD,
185 &mf6ctable, sizeof(mf6ctable), "S,*mf6ctable[MF6CTBLSIZ]",
186 "IPv6 Multicast Forwarding Table (struct *mf6ctable[MF6CTBLSIZ], "
187 "netinet6/ip6_mroute.h)");
188
189static struct mtx mfc6_mtx;
190#define MFC6_LOCK() mtx_lock(&mfc6_mtx)
191#define MFC6_UNLOCK() mtx_unlock(&mfc6_mtx)
192#define MFC6_LOCK_ASSERT() do { \
193 mtx_assert(&mfc6_mtx, MA_OWNED); \
194 NET_ASSERT_GIANT(); \
195} while (0)
196#define MFC6_LOCK_INIT() \
197 mtx_init(&mfc6_mtx, "IPv6 multicast forwarding cache", NULL, MTX_DEF)
198#define MFC6_LOCK_DESTROY() mtx_destroy(&mfc6_mtx)
199
200static u_char n6expire[MF6CTBLSIZ];
201
202static struct mif6 mif6table[MAXMIFS];
203SYSCTL_OPAQUE(_net_inet6_ip6, OID_AUTO, mif6table, CTLFLAG_RD,
204 &mif6table, sizeof(mif6table), "S,mif6[MAXMIFS]",
205 "IPv6 Multicast Interfaces (struct mif6[MAXMIFS], netinet6/ip6_mroute.h)");
206
207static struct mtx mif6_mtx;
208#define MIF6_LOCK() mtx_lock(&mif6_mtx)
209#define MIF6_UNLOCK() mtx_unlock(&mif6_mtx)
210#define MIF6_LOCK_ASSERT() mtx_assert(&mif6_mtx, MA_OWNED)
211#define MIF6_LOCK_INIT() \
212 mtx_init(&mif6_mtx, "IPv6 multicast interfaces", NULL, MTX_DEF)
213#define MIF6_LOCK_DESTROY() mtx_destroy(&mif6_mtx)
214
215#ifdef MRT6DEBUG
216static VNET_DEFINE(u_int, mrt6debug) = 0; /* debug level */
217#define V_mrt6debug VNET(mrt6debug)
218#define DEBUG_MFC 0x02
219#define DEBUG_FORWARD 0x04
220#define DEBUG_EXPIRE 0x08
221#define DEBUG_XMIT 0x10
222#define DEBUG_REG 0x20
223#define DEBUG_PIM 0x40
224#define DEBUG_ERR 0x80
225#define DEBUG_ANY 0x7f
226#define MRT6_DLOG(m, fmt, ...) \
227 if (V_mrt6debug & (m)) \
228 log(((m) & DEBUG_ERR) ? LOG_ERR: LOG_DEBUG, \
229 "%s: " fmt "\n", __func__, ##__VA_ARGS__)
230#else
231#define MRT6_DLOG(m, fmt, ...)
232#endif
233
234static void expire_upcalls(void *);
235#define EXPIRE_TIMEOUT (hz / 4) /* 4x / second */
236#define UPCALL_EXPIRE 6 /* number of timeouts */
237
238/*
239 * XXX TODO: maintain a count to if_allmulti() calls in struct ifnet.
240 */
241
242/*
243 * 'Interfaces' associated with decapsulator (so we can tell
244 * packets that went through it from ones that get reflected
245 * by a broken gateway). Different from IPv4 register_if,
246 * these interfaces are linked into the system ifnet list,
247 * because per-interface IPv6 statistics are maintained in
248 * ifp->if_afdata. But it does not have any routes point
249 * to them. I.e., packets can't be sent this way. They
250 * only exist as a placeholder for multicast source
251 * verification.
252 */
253static struct ifnet *multicast_register_if6;
254
255#define ENCAP_HOPS 64
256
257/*
258 * Private variables.
259 */
260static mifi_t nummifs = 0;
261static mifi_t reg_mif_num = (mifi_t)-1;
262
263static struct pim6stat pim6stat;
264SYSCTL_STRUCT(_net_inet6_pim, PIM6CTL_STATS, stats, CTLFLAG_RW,
265 &pim6stat, pim6stat,
266 "PIM Statistics (struct pim6stat, netinet6/pim6_var.h)");
267
268#define PIM6STAT_INC(name) pim6stat.name += 1
269static VNET_DEFINE(int, pim6);
270#define V_pim6 VNET(pim6)
271
272/*
273 * Hash function for a source, group entry
274 */
275#define MF6CHASH(a, g) MF6CHASHMOD((a).s6_addr32[0] ^ (a).s6_addr32[1] ^ \
276 (a).s6_addr32[2] ^ (a).s6_addr32[3] ^ \
277 (g).s6_addr32[0] ^ (g).s6_addr32[1] ^ \
278 (g).s6_addr32[2] ^ (g).s6_addr32[3])
279
280/*
281 * Find a route for a given origin IPv6 address and Multicast group address.
282 */
283#define MF6CFIND(o, g, rt) do { \
284 struct mf6c *_rt = mf6ctable[MF6CHASH(o,g)]; \
285 rt = NULL; \
286 while (_rt) { \
287 if (IN6_ARE_ADDR_EQUAL(&_rt->mf6c_origin.sin6_addr, &(o)) && \
288 IN6_ARE_ADDR_EQUAL(&_rt->mf6c_mcastgrp.sin6_addr, &(g)) && \
289 (_rt->mf6c_stall == NULL)) { \
290 rt = _rt; \
291 break; \
292 } \
293 _rt = _rt->mf6c_next; \
294 } \
295 if (rt == NULL) { \
296 MRT6STAT_INC(mrt6s_mfc_misses); \
297 } \
298} while (/*CONSTCOND*/ 0)
299
300/*
301 * Macros to compute elapsed time efficiently
302 * Borrowed from Van Jacobson's scheduling code
303 * XXX: replace with timersub() ?
304 */
305#define TV_DELTA(a, b, delta) do { \
306 int xxs; \
307 \
308 delta = (a).tv_usec - (b).tv_usec; \
309 if ((xxs = (a).tv_sec - (b).tv_sec)) { \
310 switch (xxs) { \
311 case 2: \
312 delta += 1000000; \
313 /* FALLTHROUGH */ \
314 case 1: \
315 delta += 1000000; \
316 break; \
317 default: \
318 delta += (1000000 * xxs); \
319 } \
320 } \
321} while (/*CONSTCOND*/ 0)
322
323/* XXX: replace with timercmp(a, b, <) ? */
324#define TV_LT(a, b) (((a).tv_usec < (b).tv_usec && \
325 (a).tv_sec <= (b).tv_sec) || (a).tv_sec < (b).tv_sec)
326
327#ifdef UPCALL_TIMING
328#define UPCALL_MAX 50
329static u_long upcall_data[UPCALL_MAX + 1];
330static void collate();
331#endif /* UPCALL_TIMING */
332
333static int ip6_mrouter_init(struct socket *, int, int);
334static int add_m6fc(struct mf6cctl *);
335static int add_m6if(struct mif6ctl *);
336static int del_m6fc(struct mf6cctl *);
337static int del_m6if(mifi_t *);
338static int del_m6if_locked(mifi_t *);
339static int get_mif6_cnt(struct sioc_mif_req6 *);
340static int get_sg_cnt(struct sioc_sg_req6 *);
341
342static struct callout expire_upcalls_ch;
343
344int X_ip6_mforward(struct ip6_hdr *, struct ifnet *, struct mbuf *);
345int X_ip6_mrouter_done(void);
346int X_ip6_mrouter_set(struct socket *, struct sockopt *);
347int X_ip6_mrouter_get(struct socket *, struct sockopt *);
348int X_mrt6_ioctl(u_long, caddr_t);
349
350/*
351 * Handle MRT setsockopt commands to modify the multicast routing tables.
352 */
353int
354X_ip6_mrouter_set(struct socket *so, struct sockopt *sopt)
355{
356 int error = 0;
357 int optval;
358 struct mif6ctl mifc;
359 struct mf6cctl mfcc;
360 mifi_t mifi;
361
362 if (so != V_ip6_mrouter && sopt->sopt_name != MRT6_INIT)
363 return (EPERM);
364
365 switch (sopt->sopt_name) {
366 case MRT6_INIT:
367#ifdef MRT6_OINIT
368 case MRT6_OINIT:
369#endif
370 error = sooptcopyin(sopt, &optval, sizeof(optval),
371 sizeof(optval));
372 if (error)
373 break;
374 error = ip6_mrouter_init(so, optval, sopt->sopt_name);
375 break;
376 case MRT6_DONE:
377 error = X_ip6_mrouter_done();
378 break;
379 case MRT6_ADD_MIF:
380 error = sooptcopyin(sopt, &mifc, sizeof(mifc), sizeof(mifc));
381 if (error)
382 break;
383 error = add_m6if(&mifc);
384 break;
385 case MRT6_ADD_MFC:
386 error = sooptcopyin(sopt, &mfcc, sizeof(mfcc), sizeof(mfcc));
387 if (error)
388 break;
389 error = add_m6fc(&mfcc);
390 break;
391 case MRT6_DEL_MFC:
392 error = sooptcopyin(sopt, &mfcc, sizeof(mfcc), sizeof(mfcc));
393 if (error)
394 break;
395 error = del_m6fc(&mfcc);
396 break;
397 case MRT6_DEL_MIF:
398 error = sooptcopyin(sopt, &mifi, sizeof(mifi), sizeof(mifi));
399 if (error)
400 break;
401 error = del_m6if(&mifi);
402 break;
403 case MRT6_PIM:
404 error = sooptcopyin(sopt, &optval, sizeof(optval),
405 sizeof(optval));
406 if (error)
407 break;
408 error = set_pim6(&optval);
409 break;
410 default:
411 error = EOPNOTSUPP;
412 break;
413 }
414
415 return (error);
416}
417
418/*
419 * Handle MRT getsockopt commands
420 */
421int
422X_ip6_mrouter_get(struct socket *so, struct sockopt *sopt)
423{
424 int error = 0;
425
426 if (so != V_ip6_mrouter)
427 return (EACCES);
428
429 switch (sopt->sopt_name) {
430 case MRT6_PIM:
431 error = sooptcopyout(sopt, &V_pim6, sizeof(V_pim6));
432 break;
433 }
434 return (error);
435}
436
437/*
438 * Handle ioctl commands to obtain information from the cache
439 */
440int
441X_mrt6_ioctl(u_long cmd, caddr_t data)
442{
443 int ret;
444
445 ret = EINVAL;
446
447 switch (cmd) {
448 case SIOCGETSGCNT_IN6:
449 ret = get_sg_cnt((struct sioc_sg_req6 *)data);
450 break;
451
452 case SIOCGETMIFCNT_IN6:
453 ret = get_mif6_cnt((struct sioc_mif_req6 *)data);
454 break;
455
456 default:
457 break;
458 }
459
460 return (ret);
461}
462
463/*
464 * returns the packet, byte, rpf-failure count for the source group provided
465 */
466static int
467get_sg_cnt(struct sioc_sg_req6 *req)
468{
469 struct mf6c *rt;
470 int ret;
471
472 ret = 0;
473
474 MFC6_LOCK();
475
476 MF6CFIND(req->src.sin6_addr, req->grp.sin6_addr, rt);
477 if (rt == NULL) {
478 ret = ESRCH;
479 } else {
480 req->pktcnt = rt->mf6c_pkt_cnt;
481 req->bytecnt = rt->mf6c_byte_cnt;
482 req->wrong_if = rt->mf6c_wrong_if;
483 }
484
485 MFC6_UNLOCK();
486
487 return (ret);
488}
489
490/*
491 * returns the input and output packet and byte counts on the mif provided
492 */
493static int
494get_mif6_cnt(struct sioc_mif_req6 *req)
495{
496 mifi_t mifi;
497 int ret;
498
499 ret = 0;
500 mifi = req->mifi;
501
502 MIF6_LOCK();
503
504 if (mifi >= nummifs) {
505 ret = EINVAL;
506 } else {
507 req->icount = mif6table[mifi].m6_pkt_in;
508 req->ocount = mif6table[mifi].m6_pkt_out;
509 req->ibytes = mif6table[mifi].m6_bytes_in;
510 req->obytes = mif6table[mifi].m6_bytes_out;
511 }
512
513 MIF6_UNLOCK();
514
515 return (ret);
516}
517
518static int
519set_pim6(int *i)
520{
521 if ((*i != 1) && (*i != 0))
522 return (EINVAL);
523
524 V_pim6 = *i;
525
526 return (0);
527}
528
529/*
530 * Enable multicast routing
531 */
532static int
533ip6_mrouter_init(struct socket *so, int v, int cmd)
534{
535
536 MRT6_DLOG(DEBUG_ANY, "so_type = %d, pr_protocol = %d",
537 so->so_type, so->so_proto->pr_protocol);
538
539 if (so->so_type != SOCK_RAW ||
540 so->so_proto->pr_protocol != IPPROTO_ICMPV6)
541 return (EOPNOTSUPP);
542
543 if (v != 1)
544 return (ENOPROTOOPT);
545
546 MROUTER6_LOCK();
547
548 if (V_ip6_mrouter != NULL) {
549 MROUTER6_UNLOCK();
550 return (EADDRINUSE);
551 }
552
553 V_ip6_mrouter = so;
554 V_ip6_mrouter_ver = cmd;
555
556 bzero((caddr_t)mf6ctable, sizeof(mf6ctable));
557 bzero((caddr_t)n6expire, sizeof(n6expire));
558
559 V_pim6 = 0;/* used for stubbing out/in pim stuff */
560
561 callout_init(&expire_upcalls_ch, 0);
562 callout_reset(&expire_upcalls_ch, EXPIRE_TIMEOUT,
563 expire_upcalls, NULL);
564
565 MROUTER6_UNLOCK();
566 MRT6_DLOG(DEBUG_ANY, "finished");
567
568 return (0);
569}
570
571/*
572 * Disable IPv6 multicast forwarding.
573 */
574int
575X_ip6_mrouter_done(void)
576{
577 mifi_t mifi;
578 u_long i;
579 struct mf6c *rt;
580 struct rtdetq *rte;
581
582 MROUTER6_LOCK();
583
584 if (V_ip6_mrouter == NULL) {
585 MROUTER6_UNLOCK();
586 return (EINVAL);
587 }
588
589 /*
590 * For each phyint in use, disable promiscuous reception of all IPv6
591 * multicasts.
592 */
593 for (mifi = 0; mifi < nummifs; mifi++) {
594 if (mif6table[mifi].m6_ifp &&
595 !(mif6table[mifi].m6_flags & MIFF_REGISTER)) {
596 if_allmulti(mif6table[mifi].m6_ifp, 0);
597 }
598 }
599 bzero((caddr_t)mif6table, sizeof(mif6table));
600 nummifs = 0;
601
602 V_pim6 = 0; /* used to stub out/in pim specific code */
603
604 callout_stop(&expire_upcalls_ch);
605
606 /*
607 * Free all multicast forwarding cache entries.
608 */
609 MFC6_LOCK();
610 for (i = 0; i < MF6CTBLSIZ; i++) {
611 rt = mf6ctable[i];
612 while (rt) {
613 struct mf6c *frt;
614
615 for (rte = rt->mf6c_stall; rte != NULL; ) {
616 struct rtdetq *n = rte->next;
617
618 m_freem(rte->m);
619 free(rte, M_MRTABLE6);
620 rte = n;
621 }
622 frt = rt;
623 rt = rt->mf6c_next;
624 free(frt, M_MRTABLE6);
625 }
626 }
627 bzero((caddr_t)mf6ctable, sizeof(mf6ctable));
628 MFC6_UNLOCK();
629
630 /*
631 * Reset register interface
632 */
633 if (reg_mif_num != (mifi_t)-1 && multicast_register_if6 != NULL) {
634 if_detach(multicast_register_if6);
635 if_free(multicast_register_if6);
636 reg_mif_num = (mifi_t)-1;
637 multicast_register_if6 = NULL;
638 }
639
640 V_ip6_mrouter = NULL;
641 V_ip6_mrouter_ver = 0;
642
643 MROUTER6_UNLOCK();
644 MRT6_DLOG(DEBUG_ANY, "finished");
645
646 return (0);
647}
648
649static struct sockaddr_in6 sin6 = { sizeof(sin6), AF_INET6 };
650
651/*
652 * Add a mif to the mif table
653 */
654static int
655add_m6if(struct mif6ctl *mifcp)
656{
657 struct mif6 *mifp;
658 struct ifnet *ifp;
659 int error;
660
661 MIF6_LOCK();
662
663 if (mifcp->mif6c_mifi >= MAXMIFS) {
664 MIF6_UNLOCK();
665 return (EINVAL);
666 }
667 mifp = mif6table + mifcp->mif6c_mifi;
668 if (mifp->m6_ifp != NULL) {
669 MIF6_UNLOCK();
670 return (EADDRINUSE); /* XXX: is it appropriate? */
671 }
672 if (mifcp->mif6c_pifi == 0 || mifcp->mif6c_pifi > V_if_index) {
673 MIF6_UNLOCK();
674 return (ENXIO);
675 }
676
677 ifp = ifnet_byindex(mifcp->mif6c_pifi);
678
679 if (mifcp->mif6c_flags & MIFF_REGISTER) {
680 if (reg_mif_num == (mifi_t)-1) {
681 ifp = if_alloc(IFT_OTHER);
682
683 if_initname(ifp, "register_mif", 0);
684 ifp->if_flags |= IFF_LOOPBACK;
685 if_attach(ifp);
686 multicast_register_if6 = ifp;
687 reg_mif_num = mifcp->mif6c_mifi;
688 /*
689 * it is impossible to guess the ifindex of the
690 * register interface. So mif6c_pifi is automatically
691 * calculated.
692 */
693 mifcp->mif6c_pifi = ifp->if_index;
694 } else {
695 ifp = multicast_register_if6;
696 }
697 } else {
698 /* Make sure the interface supports multicast */
699 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
700 MIF6_UNLOCK();
701 return (EOPNOTSUPP);
702 }
703
704 error = if_allmulti(ifp, 1);
705 if (error) {
706 MIF6_UNLOCK();
707 return (error);
708 }
709 }
710
711 mifp->m6_flags = mifcp->mif6c_flags;
712 mifp->m6_ifp = ifp;
713
714 /* initialize per mif pkt counters */
715 mifp->m6_pkt_in = 0;
716 mifp->m6_pkt_out = 0;
717 mifp->m6_bytes_in = 0;
718 mifp->m6_bytes_out = 0;
719
720 /* Adjust nummifs up if the mifi is higher than nummifs */
721 if (nummifs <= mifcp->mif6c_mifi)
722 nummifs = mifcp->mif6c_mifi + 1;
723
724 MIF6_UNLOCK();
725 MRT6_DLOG(DEBUG_ANY, "mif #%d, phyint %s", mifcp->mif6c_mifi,
726 if_name(ifp));
727
728 return (0);
729}
730
731/*
732 * Delete a mif from the mif table
733 */
734static int
735del_m6if_locked(mifi_t *mifip)
736{
737 struct mif6 *mifp = mif6table + *mifip;
738 mifi_t mifi;
739 struct ifnet *ifp;
740
741 MIF6_LOCK_ASSERT();
742
743 if (*mifip >= nummifs)
744 return (EINVAL);
745 if (mifp->m6_ifp == NULL)
746 return (EINVAL);
747
748 if (!(mifp->m6_flags & MIFF_REGISTER)) {
749 /* XXX: TODO: Maintain an ALLMULTI refcount in struct ifnet. */
750 ifp = mifp->m6_ifp;
751 if_allmulti(ifp, 0);
752 } else {
753 if (reg_mif_num != (mifi_t)-1 &&
754 multicast_register_if6 != NULL) {
755 if_detach(multicast_register_if6);
756 if_free(multicast_register_if6);
757 reg_mif_num = (mifi_t)-1;
758 multicast_register_if6 = NULL;
759 }
760 }
761
762 bzero((caddr_t)mifp, sizeof(*mifp));
763
764 /* Adjust nummifs down */
765 for (mifi = nummifs; mifi > 0; mifi--)
766 if (mif6table[mifi - 1].m6_ifp)
767 break;
768 nummifs = mifi;
769 MRT6_DLOG(DEBUG_ANY, "mif %d, nummifs %d", *mifip, nummifs);
770
771 return (0);
772}
773
774static int
775del_m6if(mifi_t *mifip)
776{
777 int cc;
778
779 MIF6_LOCK();
780 cc = del_m6if_locked(mifip);
781 MIF6_UNLOCK();
782
783 return (cc);
784}
785
786/*
787 * Add an mfc entry
788 */
789static int
790add_m6fc(struct mf6cctl *mfccp)
791{
792 struct mf6c *rt;
793 u_long hash;
794 struct rtdetq *rte;
795 u_short nstl;
796 char ip6bufo[INET6_ADDRSTRLEN], ip6bufg[INET6_ADDRSTRLEN];
797
798 MFC6_LOCK();
799
800 MF6CFIND(mfccp->mf6cc_origin.sin6_addr,
801 mfccp->mf6cc_mcastgrp.sin6_addr, rt);
802
803 /* If an entry already exists, just update the fields */
804 if (rt) {
805 MRT6_DLOG(DEBUG_MFC, "no upcall o %s g %s p %x",
806 ip6_sprintf(ip6bufo, &mfccp->mf6cc_origin.sin6_addr),
807 ip6_sprintf(ip6bufg, &mfccp->mf6cc_mcastgrp.sin6_addr),
808 mfccp->mf6cc_parent);
809
810 rt->mf6c_parent = mfccp->mf6cc_parent;
811 rt->mf6c_ifset = mfccp->mf6cc_ifset;
812
813 MFC6_UNLOCK();
814 return (0);
815 }
816
817 /*
818 * Find the entry for which the upcall was made and update
819 */
820 hash = MF6CHASH(mfccp->mf6cc_origin.sin6_addr,
821 mfccp->mf6cc_mcastgrp.sin6_addr);
822 for (rt = mf6ctable[hash], nstl = 0; rt; rt = rt->mf6c_next) {
823 if (IN6_ARE_ADDR_EQUAL(&rt->mf6c_origin.sin6_addr,
824 &mfccp->mf6cc_origin.sin6_addr) &&
825 IN6_ARE_ADDR_EQUAL(&rt->mf6c_mcastgrp.sin6_addr,
826 &mfccp->mf6cc_mcastgrp.sin6_addr) &&
827 (rt->mf6c_stall != NULL)) {
828
829 if (nstl++)
830 log(LOG_ERR,
831 "add_m6fc: %s o %s g %s p %x dbx %p\n",
832 "multiple kernel entries",
833 ip6_sprintf(ip6bufo,
834 &mfccp->mf6cc_origin.sin6_addr),
835 ip6_sprintf(ip6bufg,
836 &mfccp->mf6cc_mcastgrp.sin6_addr),
837 mfccp->mf6cc_parent, rt->mf6c_stall);
838
839 MRT6_DLOG(DEBUG_MFC, "o %s g %s p %x dbg %p",
840 ip6_sprintf(ip6bufo,
841 &mfccp->mf6cc_origin.sin6_addr),
842 ip6_sprintf(ip6bufg,
843 &mfccp->mf6cc_mcastgrp.sin6_addr),
844 mfccp->mf6cc_parent, rt->mf6c_stall);
845
846 rt->mf6c_origin = mfccp->mf6cc_origin;
847 rt->mf6c_mcastgrp = mfccp->mf6cc_mcastgrp;
848 rt->mf6c_parent = mfccp->mf6cc_parent;
849 rt->mf6c_ifset = mfccp->mf6cc_ifset;
850 /* initialize pkt counters per src-grp */
851 rt->mf6c_pkt_cnt = 0;
852 rt->mf6c_byte_cnt = 0;
853 rt->mf6c_wrong_if = 0;
854
855 rt->mf6c_expire = 0; /* Don't clean this guy up */
856 n6expire[hash]--;
857
858 /* free packets Qed at the end of this entry */
859 for (rte = rt->mf6c_stall; rte != NULL; ) {
860 struct rtdetq *n = rte->next;
861 ip6_mdq(rte->m, rte->ifp, rt);
862 m_freem(rte->m);
863#ifdef UPCALL_TIMING
864 collate(&(rte->t));
865#endif /* UPCALL_TIMING */
866 free(rte, M_MRTABLE6);
867 rte = n;
868 }
869 rt->mf6c_stall = NULL;
870 }
871 }
872
873 /*
874 * It is possible that an entry is being inserted without an upcall
875 */
876 if (nstl == 0) {
877 MRT6_DLOG(DEBUG_MFC, "no upcall h %lu o %s g %s p %x", hash,
878 ip6_sprintf(ip6bufo, &mfccp->mf6cc_origin.sin6_addr),
879 ip6_sprintf(ip6bufg, &mfccp->mf6cc_mcastgrp.sin6_addr),
880 mfccp->mf6cc_parent);
881
882 for (rt = mf6ctable[hash]; rt; rt = rt->mf6c_next) {
883
884 if (IN6_ARE_ADDR_EQUAL(&rt->mf6c_origin.sin6_addr,
885 &mfccp->mf6cc_origin.sin6_addr)&&
886 IN6_ARE_ADDR_EQUAL(&rt->mf6c_mcastgrp.sin6_addr,
887 &mfccp->mf6cc_mcastgrp.sin6_addr)) {
888
889 rt->mf6c_origin = mfccp->mf6cc_origin;
890 rt->mf6c_mcastgrp = mfccp->mf6cc_mcastgrp;
891 rt->mf6c_parent = mfccp->mf6cc_parent;
892 rt->mf6c_ifset = mfccp->mf6cc_ifset;
893 /* initialize pkt counters per src-grp */
894 rt->mf6c_pkt_cnt = 0;
895 rt->mf6c_byte_cnt = 0;
896 rt->mf6c_wrong_if = 0;
897
898 if (rt->mf6c_expire)
899 n6expire[hash]--;
900 rt->mf6c_expire = 0;
901 }
902 }
903 if (rt == NULL) {
904 /* no upcall, so make a new entry */
905 rt = (struct mf6c *)malloc(sizeof(*rt), M_MRTABLE6,
906 M_NOWAIT);
907 if (rt == NULL) {
908 MFC6_UNLOCK();
909 return (ENOBUFS);
910 }
911
912 /* insert new entry at head of hash chain */
913 rt->mf6c_origin = mfccp->mf6cc_origin;
914 rt->mf6c_mcastgrp = mfccp->mf6cc_mcastgrp;
915 rt->mf6c_parent = mfccp->mf6cc_parent;
916 rt->mf6c_ifset = mfccp->mf6cc_ifset;
917 /* initialize pkt counters per src-grp */
918 rt->mf6c_pkt_cnt = 0;
919 rt->mf6c_byte_cnt = 0;
920 rt->mf6c_wrong_if = 0;
921 rt->mf6c_expire = 0;
922 rt->mf6c_stall = NULL;
923
924 /* link into table */
925 rt->mf6c_next = mf6ctable[hash];
926 mf6ctable[hash] = rt;
927 }
928 }
929
930 MFC6_UNLOCK();
931 return (0);
932}
933
934#ifdef UPCALL_TIMING
935/*
936 * collect delay statistics on the upcalls
937 */
938static void
939collate(struct timeval *t)
940{
941 u_long d;
942 struct timeval tp;
943 u_long delta;
944
945 GET_TIME(tp);
946
947 if (TV_LT(*t, tp))
948 {
949 TV_DELTA(tp, *t, delta);
950
951 d = delta >> 10;
952 if (d > UPCALL_MAX)
953 d = UPCALL_MAX;
954
955 ++upcall_data[d];
956 }
957}
958#endif /* UPCALL_TIMING */
959
960/*
961 * Delete an mfc entry
962 */
963static int
964del_m6fc(struct mf6cctl *mfccp)
965{
966#ifdef MRT6DEBUG
967 char ip6bufo[INET6_ADDRSTRLEN], ip6bufg[INET6_ADDRSTRLEN];
968#endif
969 struct sockaddr_in6 origin;
970 struct sockaddr_in6 mcastgrp;
971 struct mf6c *rt;
972 struct mf6c **nptr;
973 u_long hash;
974
975 origin = mfccp->mf6cc_origin;
976 mcastgrp = mfccp->mf6cc_mcastgrp;
977 hash = MF6CHASH(origin.sin6_addr, mcastgrp.sin6_addr);
978
979 MRT6_DLOG(DEBUG_MFC, "orig %s mcastgrp %s",
980 ip6_sprintf(ip6bufo, &origin.sin6_addr),
981 ip6_sprintf(ip6bufg, &mcastgrp.sin6_addr));
982
983 MFC6_LOCK();
984
985 nptr = &mf6ctable[hash];
986 while ((rt = *nptr) != NULL) {
987 if (IN6_ARE_ADDR_EQUAL(&origin.sin6_addr,
988 &rt->mf6c_origin.sin6_addr) &&
989 IN6_ARE_ADDR_EQUAL(&mcastgrp.sin6_addr,
990 &rt->mf6c_mcastgrp.sin6_addr) &&
991 rt->mf6c_stall == NULL)
992 break;
993
994 nptr = &rt->mf6c_next;
995 }
996 if (rt == NULL) {
997 MFC6_UNLOCK();
998 return (EADDRNOTAVAIL);
999 }
1000
1001 *nptr = rt->mf6c_next;
1002 free(rt, M_MRTABLE6);
1003
1004 MFC6_UNLOCK();
1005
1006 return (0);
1007}
1008
1009static int
1010socket_send(struct socket *s, struct mbuf *mm, struct sockaddr_in6 *src)
1011{
1012
1013 if (s) {
1014 if (sbappendaddr(&s->so_rcv,
1015 (struct sockaddr *)src,
1016 mm, (struct mbuf *)0) != 0) {
1017 sorwakeup(s);
1018 return (0);
1019 }
1020 }
1021 m_freem(mm);
1022 return (-1);
1023}
1024
1025/*
1026 * IPv6 multicast forwarding function. This function assumes that the packet
1027 * pointed to by "ip6" has arrived on (or is about to be sent to) the interface
1028 * pointed to by "ifp", and the packet is to be relayed to other networks
1029 * that have members of the packet's destination IPv6 multicast group.
1030 *
1031 * The packet is returned unscathed to the caller, unless it is
1032 * erroneous, in which case a non-zero return value tells the caller to
1033 * discard it.
1034 *
1035 * NOTE: this implementation assumes that m->m_pkthdr.rcvif is NULL iff
1036 * this function is called in the originating context (i.e., not when
1037 * forwarding a packet from other node). ip6_output(), which is currently the
1038 * only function that calls this function is called in the originating context,
1039 * explicitly ensures this condition. It is caller's responsibility to ensure
1040 * that if this function is called from somewhere else in the originating
1041 * context in the future.
1042 */
1043int
1044X_ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m)
1045{
1046 struct rtdetq *rte;
1047 struct mbuf *mb0;
1048 struct mf6c *rt;
1049 struct mif6 *mifp;
1050 struct mbuf *mm;
1051 u_long hash;
1052 mifi_t mifi;
1053 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
1054#ifdef UPCALL_TIMING
1055 struct timeval tp;
1056
1057 GET_TIME(tp);
1058#endif /* UPCALL_TIMING */
1059
1060 MRT6_DLOG(DEBUG_FORWARD, "src %s, dst %s, ifindex %d",
1061 ip6_sprintf(ip6bufs, &ip6->ip6_src),
1062 ip6_sprintf(ip6bufd, &ip6->ip6_dst), ifp->if_index);
1063
1064 /*
1065 * Don't forward a packet with Hop limit of zero or one,
1066 * or a packet destined to a local-only group.
1067 */
1068 if (ip6->ip6_hlim <= 1 || IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst) ||
1069 IN6_IS_ADDR_MC_LINKLOCAL(&ip6->ip6_dst))
1070 return (0);
1071 ip6->ip6_hlim--;
1072
1073 /*
1074 * Source address check: do not forward packets with unspecified
1075 * source. It was discussed in July 2000, on ipngwg mailing list.
1076 * This is rather more serious than unicast cases, because some
1077 * MLD packets can be sent with the unspecified source address
1078 * (although such packets must normally set 1 to the hop limit field).
1079 */
1080 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
1081 IP6STAT_INC(ip6s_cantforward);
1082 if (V_ip6_log_time + V_ip6_log_interval < time_uptime) {
1083 V_ip6_log_time = time_uptime;
1084 log(LOG_DEBUG,
1085 "cannot forward "
1086 "from %s to %s nxt %d received on %s\n",
1087 ip6_sprintf(ip6bufs, &ip6->ip6_src),
1088 ip6_sprintf(ip6bufd, &ip6->ip6_dst),
1089 ip6->ip6_nxt,
1090 if_name(m->m_pkthdr.rcvif));
1091 }
1092 return (0);
1093 }
1094
1095 MFC6_LOCK();
1096
1097 /*
1098 * Determine forwarding mifs from the forwarding cache table
1099 */
1100 MF6CFIND(ip6->ip6_src, ip6->ip6_dst, rt);
1101 MRT6STAT_INC(mrt6s_mfc_lookups);
1102
1103 /* Entry exists, so forward if necessary */
1104 if (rt) {
1105 MFC6_UNLOCK();
1106 return (ip6_mdq(m, ifp, rt));
1107 }
1108
1109 /*
1110 * If we don't have a route for packet's origin,
1111 * Make a copy of the packet & send message to routing daemon.
1112 */
1113 MRT6STAT_INC(mrt6s_no_route);
1114 MRT6_DLOG(DEBUG_FORWARD | DEBUG_MFC, "no rte s %s g %s",
1115 ip6_sprintf(ip6bufs, &ip6->ip6_src),
1116 ip6_sprintf(ip6bufd, &ip6->ip6_dst));
1117
1118 /*
1119 * Allocate mbufs early so that we don't do extra work if we
1120 * are just going to fail anyway.
1121 */
1122 rte = (struct rtdetq *)malloc(sizeof(*rte), M_MRTABLE6, M_NOWAIT);
1123 if (rte == NULL) {
1124 MFC6_UNLOCK();
1125 return (ENOBUFS);
1126 }
1127 mb0 = m_copy(m, 0, M_COPYALL);
1128 /*
1129 * Pullup packet header if needed before storing it,
1130 * as other references may modify it in the meantime.
1131 */
1132 if (mb0 && (M_HASCL(mb0) || mb0->m_len < sizeof(struct ip6_hdr)))
1133 mb0 = m_pullup(mb0, sizeof(struct ip6_hdr));
1134 if (mb0 == NULL) {
1135 free(rte, M_MRTABLE6);
1136 MFC6_UNLOCK();
1137 return (ENOBUFS);
1138 }
1139
1140 /* is there an upcall waiting for this packet? */
1141 hash = MF6CHASH(ip6->ip6_src, ip6->ip6_dst);
1142 for (rt = mf6ctable[hash]; rt; rt = rt->mf6c_next) {
1143 if (IN6_ARE_ADDR_EQUAL(&ip6->ip6_src,
1144 &rt->mf6c_origin.sin6_addr) &&
1145 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
1146 &rt->mf6c_mcastgrp.sin6_addr) && (rt->mf6c_stall != NULL))
1147 break;
1148 }
1149
1150 if (rt == NULL) {
1151 struct mrt6msg *im;
1152#ifdef MRT6_OINIT
1153 struct omrt6msg *oim;
1154#endif
1155 /* no upcall, so make a new entry */
1156 rt = (struct mf6c *)malloc(sizeof(*rt), M_MRTABLE6, M_NOWAIT);
1157 if (rt == NULL) {
1158 free(rte, M_MRTABLE6);
1159 m_freem(mb0);
1160 MFC6_UNLOCK();
1161 return (ENOBUFS);
1162 }
1163 /*
1164 * Make a copy of the header to send to the user
1165 * level process
1166 */
1167 mm = m_copy(mb0, 0, sizeof(struct ip6_hdr));
1168 if (mm == NULL) {
1169 free(rte, M_MRTABLE6);
1170 m_freem(mb0);
1171 free(rt, M_MRTABLE6);
1172 MFC6_UNLOCK();
1173 return (ENOBUFS);
1174 }
1175
1176 /*
1177 * Send message to routing daemon
1178 */
1179 sin6.sin6_addr = ip6->ip6_src;
1180 im = NULL;
1181#ifdef MRT6_OINIT
1182 oim = NULL;
1183#endif
1184 switch (V_ip6_mrouter_ver) {
1185#ifdef MRT6_OINIT
1186 case MRT6_OINIT:
1187 oim = mtod(mm, struct omrt6msg *);
1188 oim->im6_msgtype = MRT6MSG_NOCACHE;
1189 oim->im6_mbz = 0;
1190 break;
1191#endif
1192 case MRT6_INIT:
1193 im = mtod(mm, struct mrt6msg *);
1194 im->im6_msgtype = MRT6MSG_NOCACHE;
1195 im->im6_mbz = 0;
1196 break;
1197 default:
1198 free(rte, M_MRTABLE6);
1199 m_freem(mb0);
1200 free(rt, M_MRTABLE6);
1201 MFC6_UNLOCK();
1202 return (EINVAL);
1203 }
1204
1205 MRT6_DLOG(DEBUG_FORWARD, "getting the iif info in the kernel");
1206 for (mifp = mif6table, mifi = 0;
1207 mifi < nummifs && mifp->m6_ifp != ifp; mifp++, mifi++)
1208 ;
1209
1210 switch (V_ip6_mrouter_ver) {
1211#ifdef MRT6_OINIT
1212 case MRT6_OINIT:
1213 oim->im6_mif = mifi;
1214 break;
1215#endif
1216 case MRT6_INIT:
1217 im->im6_mif = mifi;
1218 break;
1219 }
1220
1221 if (socket_send(V_ip6_mrouter, mm, &sin6) < 0) {
1222 log(LOG_WARNING, "ip6_mforward: ip6_mrouter "
1223 "socket queue full\n");
1224 MRT6STAT_INC(mrt6s_upq_sockfull);
1225 free(rte, M_MRTABLE6);
1226 m_freem(mb0);
1227 free(rt, M_MRTABLE6);
1228 MFC6_UNLOCK();
1229 return (ENOBUFS);
1230 }
1231
1232 MRT6STAT_INC(mrt6s_upcalls);
1233
1234 /* insert new entry at head of hash chain */
1235 bzero(rt, sizeof(*rt));
1236 rt->mf6c_origin.sin6_family = AF_INET6;
1237 rt->mf6c_origin.sin6_len = sizeof(struct sockaddr_in6);
1238 rt->mf6c_origin.sin6_addr = ip6->ip6_src;
1239 rt->mf6c_mcastgrp.sin6_family = AF_INET6;
1240 rt->mf6c_mcastgrp.sin6_len = sizeof(struct sockaddr_in6);
1241 rt->mf6c_mcastgrp.sin6_addr = ip6->ip6_dst;
1242 rt->mf6c_expire = UPCALL_EXPIRE;
1243 n6expire[hash]++;
1244 rt->mf6c_parent = MF6C_INCOMPLETE_PARENT;
1245
1246 /* link into table */
1247 rt->mf6c_next = mf6ctable[hash];
1248 mf6ctable[hash] = rt;
1249 /* Add this entry to the end of the queue */
1250 rt->mf6c_stall = rte;
1251 } else {
1252 /* determine if q has overflowed */
1253 struct rtdetq **p;
1254 int npkts = 0;
1255
1256 for (p = &rt->mf6c_stall; *p != NULL; p = &(*p)->next)
1257 if (++npkts > MAX_UPQ6) {
1258 MRT6STAT_INC(mrt6s_upq_ovflw);
1259 free(rte, M_MRTABLE6);
1260 m_freem(mb0);
1261 MFC6_UNLOCK();
1262 return (0);
1263 }
1264
1265 /* Add this entry to the end of the queue */
1266 *p = rte;
1267 }
1268
1269 rte->next = NULL;
1270 rte->m = mb0;
1271 rte->ifp = ifp;
1272#ifdef UPCALL_TIMING
1273 rte->t = tp;
1274#endif /* UPCALL_TIMING */
1275
1276 MFC6_UNLOCK();
1277
1278 return (0);
1279}
1280
1281/*
1282 * Clean up cache entries if upcalls are not serviced
1283 * Call from the Slow Timeout mechanism, every half second.
1284 */
1285static void
1286expire_upcalls(void *unused)
1287{
1288#ifdef MRT6DEBUG
1289 char ip6bufo[INET6_ADDRSTRLEN], ip6bufg[INET6_ADDRSTRLEN];
1290#endif
1291 struct rtdetq *rte;
1292 struct mf6c *mfc, **nptr;
1293 u_long i;
1294
1295 MFC6_LOCK();
1296 for (i = 0; i < MF6CTBLSIZ; i++) {
1297 if (n6expire[i] == 0)
1298 continue;
1299 nptr = &mf6ctable[i];
1300 while ((mfc = *nptr) != NULL) {
1301 rte = mfc->mf6c_stall;
1302 /*
1303 * Skip real cache entries
1304 * Make sure it wasn't marked to not expire (shouldn't happen)
1305 * If it expires now
1306 */
1307 if (rte != NULL &&
1308 mfc->mf6c_expire != 0 &&
1309 --mfc->mf6c_expire == 0) {
1310 MRT6_DLOG(DEBUG_EXPIRE, "expiring (%s %s)",
1311 ip6_sprintf(ip6bufo, &mfc->mf6c_origin.sin6_addr),
1312 ip6_sprintf(ip6bufg, &mfc->mf6c_mcastgrp.sin6_addr));
1313 /*
1314 * drop all the packets
1315 * free the mbuf with the pkt, if, timing info
1316 */
1317 do {
1318 struct rtdetq *n = rte->next;
1319 m_freem(rte->m);
1320 free(rte, M_MRTABLE6);
1321 rte = n;
1322 } while (rte != NULL);
1323 MRT6STAT_INC(mrt6s_cache_cleanups);
1324 n6expire[i]--;
1325
1326 *nptr = mfc->mf6c_next;
1327 free(mfc, M_MRTABLE6);
1328 } else {
1329 nptr = &mfc->mf6c_next;
1330 }
1331 }
1332 }
1333 MFC6_UNLOCK();
1334 callout_reset(&expire_upcalls_ch, EXPIRE_TIMEOUT,
1335 expire_upcalls, NULL);
1336}
1337
1338/*
1339 * Packet forwarding routine once entry in the cache is made
1340 */
1341static int
1342ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct mf6c *rt)
1343{
1344 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
1345 mifi_t mifi, iif;
1346 struct mif6 *mifp;
1347 int plen = m->m_pkthdr.len;
1348 struct in6_addr src0, dst0; /* copies for local work */
1349 u_int32_t iszone, idzone, oszone, odzone;
1350 int error = 0;
1351
1352/*
1353 * Macro to send packet on mif. Since RSVP packets don't get counted on
1354 * input, they shouldn't get counted on output, so statistics keeping is
1355 * separate.
1356 */
1357
1358#define MC6_SEND(ip6, mifp, m) do { \
1359 if ((mifp)->m6_flags & MIFF_REGISTER) \
1360 register_send((ip6), (mifp), (m)); \
1361 else \
1362 phyint_send((ip6), (mifp), (m)); \
1363} while (/*CONSTCOND*/ 0)
1364
1365 /*
1366 * Don't forward if it didn't arrive from the parent mif
1367 * for its origin.
1368 */
1369 mifi = rt->mf6c_parent;
1370 if ((mifi >= nummifs) || (mif6table[mifi].m6_ifp != ifp)) {
1371 /* came in the wrong interface */
1372 MRT6_DLOG(DEBUG_FORWARD,
1373 "wrong if: ifid %d mifi %d mififid %x", ifp->if_index,
1374 mifi, mif6table[mifi].m6_ifp->if_index);
1375 MRT6STAT_INC(mrt6s_wrong_if);
1376 rt->mf6c_wrong_if++;
1377 /*
1378 * If we are doing PIM processing, and we are forwarding
1379 * packets on this interface, send a message to the
1380 * routing daemon.
1381 */
1382 /* have to make sure this is a valid mif */
1383 if (mifi < nummifs && mif6table[mifi].m6_ifp)
1384 if (V_pim6 && (m->m_flags & M_LOOP) == 0) {
1385 /*
1386 * Check the M_LOOP flag to avoid an
1387 * unnecessary PIM assert.
1388 * XXX: M_LOOP is an ad-hoc hack...
1389 */
1390 static struct sockaddr_in6 sin6 =
1391 { sizeof(sin6), AF_INET6 };
1392
1393 struct mbuf *mm;
1394 struct mrt6msg *im;
1395#ifdef MRT6_OINIT
1396 struct omrt6msg *oim;
1397#endif
1398
1399 mm = m_copy(m, 0, sizeof(struct ip6_hdr));
1400 if (mm &&
1401 (M_HASCL(mm) ||
1402 mm->m_len < sizeof(struct ip6_hdr)))
1403 mm = m_pullup(mm, sizeof(struct ip6_hdr));
1404 if (mm == NULL)
1405 return (ENOBUFS);
1406
1407#ifdef MRT6_OINIT
1408 oim = NULL;
1409#endif
1410 im = NULL;
1411 switch (V_ip6_mrouter_ver) {
1412#ifdef MRT6_OINIT
1413 case MRT6_OINIT:
1414 oim = mtod(mm, struct omrt6msg *);
1415 oim->im6_msgtype = MRT6MSG_WRONGMIF;
1416 oim->im6_mbz = 0;
1417 break;
1418#endif
1419 case MRT6_INIT:
1420 im = mtod(mm, struct mrt6msg *);
1421 im->im6_msgtype = MRT6MSG_WRONGMIF;
1422 im->im6_mbz = 0;
1423 break;
1424 default:
1425 m_freem(mm);
1426 return (EINVAL);
1427 }
1428
1429 for (mifp = mif6table, iif = 0;
1430 iif < nummifs && mifp &&
1431 mifp->m6_ifp != ifp;
1432 mifp++, iif++)
1433 ;
1434
1435 switch (V_ip6_mrouter_ver) {
1436#ifdef MRT6_OINIT
1437 case MRT6_OINIT:
1438 oim->im6_mif = iif;
1439 sin6.sin6_addr = oim->im6_src;
1440 break;
1441#endif
1442 case MRT6_INIT:
1443 im->im6_mif = iif;
1444 sin6.sin6_addr = im->im6_src;
1445 break;
1446 }
1447
1448 MRT6STAT_INC(mrt6s_upcalls);
1449
1450 if (socket_send(V_ip6_mrouter, mm, &sin6) < 0) {
1451 MRT6_DLOG(DEBUG_ANY,
1452 "ip6_mrouter socket queue full");
1453 MRT6STAT_INC(mrt6s_upq_sockfull);
1454 return (ENOBUFS);
1455 } /* if socket Q full */
1456 } /* if PIM */
1457 return (0);
1458 } /* if wrong iif */
1459
1460 /* If I sourced this packet, it counts as output, else it was input. */
1461 if (m->m_pkthdr.rcvif == NULL) {
1462 /* XXX: is rcvif really NULL when output?? */
1463 mif6table[mifi].m6_pkt_out++;
1464 mif6table[mifi].m6_bytes_out += plen;
1465 } else {
1466 mif6table[mifi].m6_pkt_in++;
1467 mif6table[mifi].m6_bytes_in += plen;
1468 }
1469 rt->mf6c_pkt_cnt++;
1470 rt->mf6c_byte_cnt += plen;
1471
1472 /*
1473 * For each mif, forward a copy of the packet if there are group
1474 * members downstream on the interface.
1475 */
1476 src0 = ip6->ip6_src;
1477 dst0 = ip6->ip6_dst;
1478 if ((error = in6_setscope(&src0, ifp, &iszone)) != 0 ||
1479 (error = in6_setscope(&dst0, ifp, &idzone)) != 0) {
1480 IP6STAT_INC(ip6s_badscope);
1481 return (error);
1482 }
1483 for (mifp = mif6table, mifi = 0; mifi < nummifs; mifp++, mifi++) {
1484 if (IF_ISSET(mifi, &rt->mf6c_ifset)) {
1485 /*
1486 * check if the outgoing packet is going to break
1487 * a scope boundary.
1488 * XXX For packets through PIM register tunnel
1489 * interface, we believe a routing daemon.
1490 */
1491 if (!(mif6table[rt->mf6c_parent].m6_flags &
1492 MIFF_REGISTER) &&
1493 !(mif6table[mifi].m6_flags & MIFF_REGISTER)) {
1494 if (in6_setscope(&src0, mif6table[mifi].m6_ifp,
1495 &oszone) ||
1496 in6_setscope(&dst0, mif6table[mifi].m6_ifp,
1497 &odzone) ||
1498 iszone != oszone ||
1499 idzone != odzone) {
1500 IP6STAT_INC(ip6s_badscope);
1501 continue;
1502 }
1503 }
1504
1505 mifp->m6_pkt_out++;
1506 mifp->m6_bytes_out += plen;
1507 MC6_SEND(ip6, mifp, m);
1508 }
1509 }
1510 return (0);
1511}
1512
1513static void
1514phyint_send(struct ip6_hdr *ip6, struct mif6 *mifp, struct mbuf *m)
1515{
1516#ifdef MRT6DEBUG
1517 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
1518#endif
1519 struct mbuf *mb_copy;
1520 struct ifnet *ifp = mifp->m6_ifp;
1521 int error = 0;
1522 u_long linkmtu;
1523
1524 /*
1525 * Make a new reference to the packet; make sure that
1526 * the IPv6 header is actually copied, not just referenced,
1527 * so that ip6_output() only scribbles on the copy.
1528 */
1529 mb_copy = m_copy(m, 0, M_COPYALL);
1530 if (mb_copy &&
1531 (M_HASCL(mb_copy) || mb_copy->m_len < sizeof(struct ip6_hdr)))
1532 mb_copy = m_pullup(mb_copy, sizeof(struct ip6_hdr));
1533 if (mb_copy == NULL) {
1534 return;
1535 }
1536 /* set MCAST flag to the outgoing packet */
1537 mb_copy->m_flags |= M_MCAST;
1538
1539 /*
1540 * If we sourced the packet, call ip6_output since we may devide
1541 * the packet into fragments when the packet is too big for the
1542 * outgoing interface.
1543 * Otherwise, we can simply send the packet to the interface
1544 * sending queue.
1545 */
1546 if (m->m_pkthdr.rcvif == NULL) {
1547 struct ip6_moptions im6o;
1548
1549 im6o.im6o_multicast_ifp = ifp;
1550 /* XXX: ip6_output will override ip6->ip6_hlim */
1551 im6o.im6o_multicast_hlim = ip6->ip6_hlim;
1552 im6o.im6o_multicast_loop = 1;
1553 error = ip6_output(mb_copy, NULL, NULL, IPV6_FORWARDING, &im6o,
1554 NULL, NULL);
1555
1556 MRT6_DLOG(DEBUG_XMIT, "mif %u err %d",
1557 (uint16_t)(mifp - mif6table), error);
1558 return;
1559 }
1560
1561 /*
1562 * If configured to loop back multicasts by default,
1563 * loop back a copy now.
1564 */
1565 if (in6_mcast_loop) {
1566 struct sockaddr_in6 dst6;
1567
1568 bzero(&dst6, sizeof(dst6));
1569 dst6.sin6_len = sizeof(struct sockaddr_in6);
1570 dst6.sin6_family = AF_INET6;
1571 dst6.sin6_addr = ip6->ip6_dst;
1572 ip6_mloopback(ifp, m, &dst6);
1573 }
1574
1575 /*
1576 * Put the packet into the sending queue of the outgoing interface
1577 * if it would fit in the MTU of the interface.
1578 */
1579 linkmtu = IN6_LINKMTU(ifp);
1580 if (mb_copy->m_pkthdr.len <= linkmtu || linkmtu < IPV6_MMTU) {
1581 struct sockaddr_in6 dst6;
1582
1583 bzero(&dst6, sizeof(dst6));
1584 dst6.sin6_len = sizeof(struct sockaddr_in6);
1585 dst6.sin6_family = AF_INET6;
1586 dst6.sin6_addr = ip6->ip6_dst;
1587
1588 IP_PROBE(send, NULL, NULL, ip6, ifp, NULL, ip6);
1589 /*
1590 * We just call if_output instead of nd6_output here, since
1591 * we need no ND for a multicast forwarded packet...right?
1592 */
1593 m_clrprotoflags(m); /* Avoid confusing lower layers. */
1594 error = (*ifp->if_output)(ifp, mb_copy,
1595 (struct sockaddr *)&dst6, NULL);
1596 MRT6_DLOG(DEBUG_XMIT, "mif %u err %d",
1597 (uint16_t)(mifp - mif6table), error);
1598 } else {
1599 /*
1600 * pMTU discovery is intentionally disabled by default, since
1601 * various router may notify pMTU in multicast, which can be
1602 * a DDoS to a router
1603 */
1604 if (V_ip6_mcast_pmtu)
1605 icmp6_error(mb_copy, ICMP6_PACKET_TOO_BIG, 0, linkmtu);
1606 else {
1607 MRT6_DLOG(DEBUG_XMIT, " packet too big on %s o %s "
1608 "g %s size %d (discarded)", if_name(ifp),
1609 ip6_sprintf(ip6bufs, &ip6->ip6_src),
1610 ip6_sprintf(ip6bufd, &ip6->ip6_dst),
1611 mb_copy->m_pkthdr.len);
1612 m_freem(mb_copy); /* simply discard the packet */
1613 }
1614 }
1615}
1616
1617static int
1618register_send(struct ip6_hdr *ip6, struct mif6 *mif, struct mbuf *m)
1619{
1620#ifdef MRT6DEBUG
1621 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
1622#endif
1623 struct mbuf *mm;
1624 int i, len = m->m_pkthdr.len;
1625 static struct sockaddr_in6 sin6 = { sizeof(sin6), AF_INET6 };
1626 struct mrt6msg *im6;
1627
1628 MRT6_DLOG(DEBUG_ANY, "src %s dst %s",
1629 ip6_sprintf(ip6bufs, &ip6->ip6_src),
1630 ip6_sprintf(ip6bufd, &ip6->ip6_dst));
1631 PIM6STAT_INC(pim6s_snd_registers);
1632
1633 /* Make a copy of the packet to send to the user level process. */
1634 mm = m_gethdr(M_NOWAIT, MT_DATA);
1635 if (mm == NULL)
1636 return (ENOBUFS);
1637 mm->m_data += max_linkhdr;
1638 mm->m_len = sizeof(struct ip6_hdr);
1639
1640 if ((mm->m_next = m_copy(m, 0, M_COPYALL)) == NULL) {
1641 m_freem(mm);
1642 return (ENOBUFS);
1643 }
1644 i = MHLEN - M_LEADINGSPACE(mm);
1645 if (i > len)
1646 i = len;
1647 mm = m_pullup(mm, i);
1648 if (mm == NULL)
1649 return (ENOBUFS);
1650/* TODO: check it! */
1651 mm->m_pkthdr.len = len + sizeof(struct ip6_hdr);
1652
1653 /*
1654 * Send message to routing daemon
1655 */
1656 sin6.sin6_addr = ip6->ip6_src;
1657
1658 im6 = mtod(mm, struct mrt6msg *);
1659 im6->im6_msgtype = MRT6MSG_WHOLEPKT;
1660 im6->im6_mbz = 0;
1661
1662 im6->im6_mif = mif - mif6table;
1663
1664 /* iif info is not given for reg. encap.n */
1665 MRT6STAT_INC(mrt6s_upcalls);
1666
1667 if (socket_send(V_ip6_mrouter, mm, &sin6) < 0) {
1668 MRT6_DLOG(DEBUG_ANY, "ip6_mrouter socket queue full");
1669 MRT6STAT_INC(mrt6s_upq_sockfull);
1670 return (ENOBUFS);
1671 }
1672 return (0);
1673}
1674
1675/*
1676 * pim6_encapcheck() is called by the encap6_input() path at runtime to
1677 * determine if a packet is for PIM; allowing PIM to be dynamically loaded
1678 * into the kernel.
1679 */
1680static int
1681pim6_encapcheck(const struct mbuf *m, int off, int proto, void *arg)
1682{
1683
1684#ifdef DIAGNOSTIC
1685 KASSERT(proto == IPPROTO_PIM, ("not for IPPROTO_PIM"));
1686#endif
1687 if (proto != IPPROTO_PIM)
1688 return 0; /* not for us; reject the datagram. */
1689
1690 return 64; /* claim the datagram. */
1691}
1692
1693/*
1694 * PIM sparse mode hook
1695 * Receives the pim control messages, and passes them up to the listening
1696 * socket, using rip6_input.
1697 * The only message processed is the REGISTER pim message; the pim header
1698 * is stripped off, and the inner packet is passed to register_mforward.
1699 */
1700int
1701pim6_input(struct mbuf **mp, int *offp, int proto)
1702{
1703 struct pim *pim; /* pointer to a pim struct */
1704 struct ip6_hdr *ip6;
1705 int pimlen;
1706 struct mbuf *m = *mp;
1707 int minlen;
1708 int off = *offp;
1709
1710 PIM6STAT_INC(pim6s_rcv_total);
1711
1712 ip6 = mtod(m, struct ip6_hdr *);
1713 pimlen = m->m_pkthdr.len - *offp;
1714
1715 /*
1716 * Validate lengths
1717 */
1718 if (pimlen < PIM_MINLEN) {
1719 PIM6STAT_INC(pim6s_rcv_tooshort);
1720 MRT6_DLOG(DEBUG_PIM, "PIM packet too short");
1721 m_freem(m);
1722 return (IPPROTO_DONE);
1723 }
1724
1725 /*
1726 * if the packet is at least as big as a REGISTER, go ahead
1727 * and grab the PIM REGISTER header size, to avoid another
1728 * possible m_pullup() later.
1729 *
1730 * PIM_MINLEN == pimhdr + u_int32 == 8
1731 * PIM6_REG_MINLEN == pimhdr + reghdr + eip6hdr == 4 + 4 + 40
1732 */
1733 minlen = (pimlen >= PIM6_REG_MINLEN) ? PIM6_REG_MINLEN : PIM_MINLEN;
1734
1735 /*
1736 * Make sure that the IP6 and PIM headers in contiguous memory, and
1737 * possibly the PIM REGISTER header
1738 */
1739#ifndef PULLDOWN_TEST
1740 IP6_EXTHDR_CHECK(m, off, minlen, IPPROTO_DONE);
1741 /* adjust pointer */
1742 ip6 = mtod(m, struct ip6_hdr *);
1743
1744 /* adjust mbuf to point to the PIM header */
1745 pim = (struct pim *)((caddr_t)ip6 + off);
1746#else
1747 IP6_EXTHDR_GET(pim, struct pim *, m, off, minlen);
1748 if (pim == NULL) {
1749 PIM6STAT_INC(pim6s_rcv_tooshort);
1750 return (IPPROTO_DONE);
1751 }
1752#endif
1753
1754#define PIM6_CHECKSUM
1755#ifdef PIM6_CHECKSUM
1756 {
1757 int cksumlen;
1758
1759 /*
1760 * Validate checksum.
1761 * If PIM REGISTER, exclude the data packet
1762 */
1763 if (pim->pim_type == PIM_REGISTER)
1764 cksumlen = PIM_MINLEN;
1765 else
1766 cksumlen = pimlen;
1767
1768 if (in6_cksum(m, IPPROTO_PIM, off, cksumlen)) {
1769 PIM6STAT_INC(pim6s_rcv_badsum);
1770 MRT6_DLOG(DEBUG_PIM, "invalid checksum");
1771 m_freem(m);
1772 return (IPPROTO_DONE);
1773 }
1774 }
1775#endif /* PIM_CHECKSUM */
1776
1777 /* PIM version check */
1778 if (pim->pim_ver != PIM_VERSION) {
1779 PIM6STAT_INC(pim6s_rcv_badversion);
1780 MRT6_DLOG(DEBUG_ANY | DEBUG_ERR,
1781 "incorrect version %d, expecting %d",
1782 pim->pim_ver, PIM_VERSION);
1783 m_freem(m);
1784 return (IPPROTO_DONE);
1785 }
1786
1787 if (pim->pim_type == PIM_REGISTER) {
1788 /*
1789 * since this is a REGISTER, we'll make a copy of the register
1790 * headers ip6+pim+u_int32_t+encap_ip6, to be passed up to the
1791 * routing daemon.
1792 */
1793 static struct sockaddr_in6 dst = { sizeof(dst), AF_INET6 };
1794
1795 struct mbuf *mcp;
1796 struct ip6_hdr *eip6;
1797 u_int32_t *reghdr;
1798 int rc;
1799#ifdef MRT6DEBUG
1800 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
1801#endif
1802
1803 PIM6STAT_INC(pim6s_rcv_registers);
1804
1805 if ((reg_mif_num >= nummifs) || (reg_mif_num == (mifi_t) -1)) {
1806 MRT6_DLOG(DEBUG_PIM, "register mif not set: %d",
1807 reg_mif_num);
1808 m_freem(m);
1809 return (IPPROTO_DONE);
1810 }
1811
1812 reghdr = (u_int32_t *)(pim + 1);
1813
1814 if ((ntohl(*reghdr) & PIM_NULL_REGISTER))
1815 goto pim6_input_to_daemon;
1816
1817 /*
1818 * Validate length
1819 */
1820 if (pimlen < PIM6_REG_MINLEN) {
1821 PIM6STAT_INC(pim6s_rcv_tooshort);
1822 PIM6STAT_INC(pim6s_rcv_badregisters);
1823 MRT6_DLOG(DEBUG_ANY | DEBUG_ERR, "register packet "
1824 "size too small %d from %s",
1825 pimlen, ip6_sprintf(ip6bufs, &ip6->ip6_src));
1826 m_freem(m);
1827 return (IPPROTO_DONE);
1828 }
1829
1830 eip6 = (struct ip6_hdr *) (reghdr + 1);
1831 MRT6_DLOG(DEBUG_PIM, "eip6: %s -> %s, eip6 plen %d",
1832 ip6_sprintf(ip6bufs, &eip6->ip6_src),
1833 ip6_sprintf(ip6bufd, &eip6->ip6_dst),
1834 ntohs(eip6->ip6_plen));
1835
1836 /* verify the version number of the inner packet */
1837 if ((eip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
1838 PIM6STAT_INC(pim6s_rcv_badregisters);
1839 MRT6_DLOG(DEBUG_ANY, "invalid IP version (%d) "
1840 "of the inner packet",
1841 (eip6->ip6_vfc & IPV6_VERSION));
1842 m_freem(m);
1843 return (IPPROTO_NONE);
1844 }
1845
1846 /* verify the inner packet is destined to a mcast group */
1847 if (!IN6_IS_ADDR_MULTICAST(&eip6->ip6_dst)) {
1848 PIM6STAT_INC(pim6s_rcv_badregisters);
1849 MRT6_DLOG(DEBUG_PIM, "inner packet of register "
1850 "is not multicast %s",
1851 ip6_sprintf(ip6bufd, &eip6->ip6_dst));
1852 m_freem(m);
1853 return (IPPROTO_DONE);
1854 }
1855
1856 /*
1857 * make a copy of the whole header to pass to the daemon later.
1858 */
1859 mcp = m_copy(m, 0, off + PIM6_REG_MINLEN);
1860 if (mcp == NULL) {
1861 MRT6_DLOG(DEBUG_ANY | DEBUG_ERR, "pim register: "
1862 "could not copy register head");
1863 m_freem(m);
1864 return (IPPROTO_DONE);
1865 }
1866
1867 /*
1868 * forward the inner ip6 packet; point m_data at the inner ip6.
1869 */
1870 m_adj(m, off + PIM_MINLEN);
1871 MRT6_DLOG(DEBUG_PIM, "forwarding decapsulated register: "
1872 "src %s, dst %s, mif %d",
1873 ip6_sprintf(ip6bufs, &eip6->ip6_src),
1874 ip6_sprintf(ip6bufd, &eip6->ip6_dst), reg_mif_num);
1875
1876 rc = if_simloop(mif6table[reg_mif_num].m6_ifp, m,
1877 dst.sin6_family, 0);
1878
1879 /* prepare the register head to send to the mrouting daemon */
1880 m = mcp;
1881 }
1882
1883 /*
1884 * Pass the PIM message up to the daemon; if it is a register message
1885 * pass the 'head' only up to the daemon. This includes the
1886 * encapsulator ip6 header, pim header, register header and the
1887 * encapsulated ip6 header.
1888 */
1889 pim6_input_to_daemon:
1890 rip6_input(&m, offp, proto);
1891 return (IPPROTO_DONE);
1892}
1893
1894static int
1895ip6_mroute_modevent(module_t mod, int type, void *unused)
1896{
1897
1898 switch (type) {
1899 case MOD_LOAD:
1900 MROUTER6_LOCK_INIT();
1901 MFC6_LOCK_INIT();
1902 MIF6_LOCK_INIT();
1903
1904 pim6_encap_cookie = encap_attach_func(AF_INET6, IPPROTO_PIM,
1905 pim6_encapcheck,
1906 (const struct protosw *)&in6_pim_protosw, NULL);
1907 if (pim6_encap_cookie == NULL) {
1908 printf("ip6_mroute: unable to attach pim6 encap\n");
1909 MIF6_LOCK_DESTROY();
1910 MFC6_LOCK_DESTROY();
1911 MROUTER6_LOCK_DESTROY();
1912 return (EINVAL);
1913 }
1914
1915 ip6_mforward = X_ip6_mforward;
1916 ip6_mrouter_done = X_ip6_mrouter_done;
1917 ip6_mrouter_get = X_ip6_mrouter_get;
1918 ip6_mrouter_set = X_ip6_mrouter_set;
1919 mrt6_ioctl = X_mrt6_ioctl;
1920 break;
1921
1922 case MOD_UNLOAD:
1923 if (V_ip6_mrouter != NULL)
1924 return EINVAL;
1925
1926 if (pim6_encap_cookie) {
1927 encap_detach(pim6_encap_cookie);
1928 pim6_encap_cookie = NULL;
1929 }
1930 X_ip6_mrouter_done();
1931 ip6_mforward = NULL;
1932 ip6_mrouter_done = NULL;
1933 ip6_mrouter_get = NULL;
1934 ip6_mrouter_set = NULL;
1935 mrt6_ioctl = NULL;
1936
1937 MIF6_LOCK_DESTROY();
1938 MFC6_LOCK_DESTROY();
1939 MROUTER6_LOCK_DESTROY();
1940 break;
1941
1942 default:
1943 return (EOPNOTSUPP);
1944 }
1945
1946 return (0);
1947}
1948
1949static moduledata_t ip6_mroutemod = {
1950 "ip6_mroute",
1951 ip6_mroute_modevent,
1952 0
1953};
1954
1955DECLARE_MODULE(ip6_mroute, ip6_mroutemod, SI_SUB_PSEUDO, SI_ORDER_ANY);
| 150 .pr_ctloutput = rip6_ctloutput,
151 .pr_usrreqs = &rip6_usrreqs
152};
153static int pim6_encapcheck(const struct mbuf *, int, int, void *);
154
155static VNET_DEFINE(int, ip6_mrouter_ver) = 0;
156#define V_ip6_mrouter_ver VNET(ip6_mrouter_ver)
157
158SYSCTL_DECL(_net_inet6);
159SYSCTL_DECL(_net_inet6_ip6);
160static SYSCTL_NODE(_net_inet6, IPPROTO_PIM, pim, CTLFLAG_RW, 0, "PIM");
161
162static struct mrt6stat mrt6stat;
163SYSCTL_STRUCT(_net_inet6_ip6, OID_AUTO, mrt6stat, CTLFLAG_RW,
164 &mrt6stat, mrt6stat,
165 "Multicast Routing Statistics (struct mrt6stat, netinet6/ip6_mroute.h)");
166
167#define MRT6STAT_INC(name) mrt6stat.name += 1
168#define NO_RTE_FOUND 0x1
169#define RTE_FOUND 0x2
170
171static struct mtx mrouter6_mtx;
172#define MROUTER6_LOCK() mtx_lock(&mrouter6_mtx)
173#define MROUTER6_UNLOCK() mtx_unlock(&mrouter6_mtx)
174#define MROUTER6_LOCK_ASSERT() do { \
175 mtx_assert(&mrouter6_mtx, MA_OWNED); \
176 NET_ASSERT_GIANT(); \
177} while (0)
178#define MROUTER6_LOCK_INIT() \
179 mtx_init(&mrouter6_mtx, "IPv6 multicast forwarding", NULL, MTX_DEF)
180#define MROUTER6_LOCK_DESTROY() mtx_destroy(&mrouter6_mtx)
181
182static struct mf6c *mf6ctable[MF6CTBLSIZ];
183SYSCTL_OPAQUE(_net_inet6_ip6, OID_AUTO, mf6ctable, CTLFLAG_RD,
184 &mf6ctable, sizeof(mf6ctable), "S,*mf6ctable[MF6CTBLSIZ]",
185 "IPv6 Multicast Forwarding Table (struct *mf6ctable[MF6CTBLSIZ], "
186 "netinet6/ip6_mroute.h)");
187
188static struct mtx mfc6_mtx;
189#define MFC6_LOCK() mtx_lock(&mfc6_mtx)
190#define MFC6_UNLOCK() mtx_unlock(&mfc6_mtx)
191#define MFC6_LOCK_ASSERT() do { \
192 mtx_assert(&mfc6_mtx, MA_OWNED); \
193 NET_ASSERT_GIANT(); \
194} while (0)
195#define MFC6_LOCK_INIT() \
196 mtx_init(&mfc6_mtx, "IPv6 multicast forwarding cache", NULL, MTX_DEF)
197#define MFC6_LOCK_DESTROY() mtx_destroy(&mfc6_mtx)
198
199static u_char n6expire[MF6CTBLSIZ];
200
201static struct mif6 mif6table[MAXMIFS];
202SYSCTL_OPAQUE(_net_inet6_ip6, OID_AUTO, mif6table, CTLFLAG_RD,
203 &mif6table, sizeof(mif6table), "S,mif6[MAXMIFS]",
204 "IPv6 Multicast Interfaces (struct mif6[MAXMIFS], netinet6/ip6_mroute.h)");
205
206static struct mtx mif6_mtx;
207#define MIF6_LOCK() mtx_lock(&mif6_mtx)
208#define MIF6_UNLOCK() mtx_unlock(&mif6_mtx)
209#define MIF6_LOCK_ASSERT() mtx_assert(&mif6_mtx, MA_OWNED)
210#define MIF6_LOCK_INIT() \
211 mtx_init(&mif6_mtx, "IPv6 multicast interfaces", NULL, MTX_DEF)
212#define MIF6_LOCK_DESTROY() mtx_destroy(&mif6_mtx)
213
214#ifdef MRT6DEBUG
215static VNET_DEFINE(u_int, mrt6debug) = 0; /* debug level */
216#define V_mrt6debug VNET(mrt6debug)
217#define DEBUG_MFC 0x02
218#define DEBUG_FORWARD 0x04
219#define DEBUG_EXPIRE 0x08
220#define DEBUG_XMIT 0x10
221#define DEBUG_REG 0x20
222#define DEBUG_PIM 0x40
223#define DEBUG_ERR 0x80
224#define DEBUG_ANY 0x7f
225#define MRT6_DLOG(m, fmt, ...) \
226 if (V_mrt6debug & (m)) \
227 log(((m) & DEBUG_ERR) ? LOG_ERR: LOG_DEBUG, \
228 "%s: " fmt "\n", __func__, ##__VA_ARGS__)
229#else
230#define MRT6_DLOG(m, fmt, ...)
231#endif
232
233static void expire_upcalls(void *);
234#define EXPIRE_TIMEOUT (hz / 4) /* 4x / second */
235#define UPCALL_EXPIRE 6 /* number of timeouts */
236
237/*
238 * XXX TODO: maintain a count to if_allmulti() calls in struct ifnet.
239 */
240
241/*
242 * 'Interfaces' associated with decapsulator (so we can tell
243 * packets that went through it from ones that get reflected
244 * by a broken gateway). Different from IPv4 register_if,
245 * these interfaces are linked into the system ifnet list,
246 * because per-interface IPv6 statistics are maintained in
247 * ifp->if_afdata. But it does not have any routes point
248 * to them. I.e., packets can't be sent this way. They
249 * only exist as a placeholder for multicast source
250 * verification.
251 */
252static struct ifnet *multicast_register_if6;
253
254#define ENCAP_HOPS 64
255
256/*
257 * Private variables.
258 */
259static mifi_t nummifs = 0;
260static mifi_t reg_mif_num = (mifi_t)-1;
261
262static struct pim6stat pim6stat;
263SYSCTL_STRUCT(_net_inet6_pim, PIM6CTL_STATS, stats, CTLFLAG_RW,
264 &pim6stat, pim6stat,
265 "PIM Statistics (struct pim6stat, netinet6/pim6_var.h)");
266
267#define PIM6STAT_INC(name) pim6stat.name += 1
268static VNET_DEFINE(int, pim6);
269#define V_pim6 VNET(pim6)
270
271/*
272 * Hash function for a source, group entry
273 */
274#define MF6CHASH(a, g) MF6CHASHMOD((a).s6_addr32[0] ^ (a).s6_addr32[1] ^ \
275 (a).s6_addr32[2] ^ (a).s6_addr32[3] ^ \
276 (g).s6_addr32[0] ^ (g).s6_addr32[1] ^ \
277 (g).s6_addr32[2] ^ (g).s6_addr32[3])
278
279/*
280 * Find a route for a given origin IPv6 address and Multicast group address.
281 */
282#define MF6CFIND(o, g, rt) do { \
283 struct mf6c *_rt = mf6ctable[MF6CHASH(o,g)]; \
284 rt = NULL; \
285 while (_rt) { \
286 if (IN6_ARE_ADDR_EQUAL(&_rt->mf6c_origin.sin6_addr, &(o)) && \
287 IN6_ARE_ADDR_EQUAL(&_rt->mf6c_mcastgrp.sin6_addr, &(g)) && \
288 (_rt->mf6c_stall == NULL)) { \
289 rt = _rt; \
290 break; \
291 } \
292 _rt = _rt->mf6c_next; \
293 } \
294 if (rt == NULL) { \
295 MRT6STAT_INC(mrt6s_mfc_misses); \
296 } \
297} while (/*CONSTCOND*/ 0)
298
299/*
300 * Macros to compute elapsed time efficiently
301 * Borrowed from Van Jacobson's scheduling code
302 * XXX: replace with timersub() ?
303 */
304#define TV_DELTA(a, b, delta) do { \
305 int xxs; \
306 \
307 delta = (a).tv_usec - (b).tv_usec; \
308 if ((xxs = (a).tv_sec - (b).tv_sec)) { \
309 switch (xxs) { \
310 case 2: \
311 delta += 1000000; \
312 /* FALLTHROUGH */ \
313 case 1: \
314 delta += 1000000; \
315 break; \
316 default: \
317 delta += (1000000 * xxs); \
318 } \
319 } \
320} while (/*CONSTCOND*/ 0)
321
322/* XXX: replace with timercmp(a, b, <) ? */
323#define TV_LT(a, b) (((a).tv_usec < (b).tv_usec && \
324 (a).tv_sec <= (b).tv_sec) || (a).tv_sec < (b).tv_sec)
325
326#ifdef UPCALL_TIMING
327#define UPCALL_MAX 50
328static u_long upcall_data[UPCALL_MAX + 1];
329static void collate();
330#endif /* UPCALL_TIMING */
331
332static int ip6_mrouter_init(struct socket *, int, int);
333static int add_m6fc(struct mf6cctl *);
334static int add_m6if(struct mif6ctl *);
335static int del_m6fc(struct mf6cctl *);
336static int del_m6if(mifi_t *);
337static int del_m6if_locked(mifi_t *);
338static int get_mif6_cnt(struct sioc_mif_req6 *);
339static int get_sg_cnt(struct sioc_sg_req6 *);
340
341static struct callout expire_upcalls_ch;
342
343int X_ip6_mforward(struct ip6_hdr *, struct ifnet *, struct mbuf *);
344int X_ip6_mrouter_done(void);
345int X_ip6_mrouter_set(struct socket *, struct sockopt *);
346int X_ip6_mrouter_get(struct socket *, struct sockopt *);
347int X_mrt6_ioctl(u_long, caddr_t);
348
349/*
350 * Handle MRT setsockopt commands to modify the multicast routing tables.
351 */
352int
353X_ip6_mrouter_set(struct socket *so, struct sockopt *sopt)
354{
355 int error = 0;
356 int optval;
357 struct mif6ctl mifc;
358 struct mf6cctl mfcc;
359 mifi_t mifi;
360
361 if (so != V_ip6_mrouter && sopt->sopt_name != MRT6_INIT)
362 return (EPERM);
363
364 switch (sopt->sopt_name) {
365 case MRT6_INIT:
366#ifdef MRT6_OINIT
367 case MRT6_OINIT:
368#endif
369 error = sooptcopyin(sopt, &optval, sizeof(optval),
370 sizeof(optval));
371 if (error)
372 break;
373 error = ip6_mrouter_init(so, optval, sopt->sopt_name);
374 break;
375 case MRT6_DONE:
376 error = X_ip6_mrouter_done();
377 break;
378 case MRT6_ADD_MIF:
379 error = sooptcopyin(sopt, &mifc, sizeof(mifc), sizeof(mifc));
380 if (error)
381 break;
382 error = add_m6if(&mifc);
383 break;
384 case MRT6_ADD_MFC:
385 error = sooptcopyin(sopt, &mfcc, sizeof(mfcc), sizeof(mfcc));
386 if (error)
387 break;
388 error = add_m6fc(&mfcc);
389 break;
390 case MRT6_DEL_MFC:
391 error = sooptcopyin(sopt, &mfcc, sizeof(mfcc), sizeof(mfcc));
392 if (error)
393 break;
394 error = del_m6fc(&mfcc);
395 break;
396 case MRT6_DEL_MIF:
397 error = sooptcopyin(sopt, &mifi, sizeof(mifi), sizeof(mifi));
398 if (error)
399 break;
400 error = del_m6if(&mifi);
401 break;
402 case MRT6_PIM:
403 error = sooptcopyin(sopt, &optval, sizeof(optval),
404 sizeof(optval));
405 if (error)
406 break;
407 error = set_pim6(&optval);
408 break;
409 default:
410 error = EOPNOTSUPP;
411 break;
412 }
413
414 return (error);
415}
416
417/*
418 * Handle MRT getsockopt commands
419 */
420int
421X_ip6_mrouter_get(struct socket *so, struct sockopt *sopt)
422{
423 int error = 0;
424
425 if (so != V_ip6_mrouter)
426 return (EACCES);
427
428 switch (sopt->sopt_name) {
429 case MRT6_PIM:
430 error = sooptcopyout(sopt, &V_pim6, sizeof(V_pim6));
431 break;
432 }
433 return (error);
434}
435
436/*
437 * Handle ioctl commands to obtain information from the cache
438 */
439int
440X_mrt6_ioctl(u_long cmd, caddr_t data)
441{
442 int ret;
443
444 ret = EINVAL;
445
446 switch (cmd) {
447 case SIOCGETSGCNT_IN6:
448 ret = get_sg_cnt((struct sioc_sg_req6 *)data);
449 break;
450
451 case SIOCGETMIFCNT_IN6:
452 ret = get_mif6_cnt((struct sioc_mif_req6 *)data);
453 break;
454
455 default:
456 break;
457 }
458
459 return (ret);
460}
461
462/*
463 * returns the packet, byte, rpf-failure count for the source group provided
464 */
465static int
466get_sg_cnt(struct sioc_sg_req6 *req)
467{
468 struct mf6c *rt;
469 int ret;
470
471 ret = 0;
472
473 MFC6_LOCK();
474
475 MF6CFIND(req->src.sin6_addr, req->grp.sin6_addr, rt);
476 if (rt == NULL) {
477 ret = ESRCH;
478 } else {
479 req->pktcnt = rt->mf6c_pkt_cnt;
480 req->bytecnt = rt->mf6c_byte_cnt;
481 req->wrong_if = rt->mf6c_wrong_if;
482 }
483
484 MFC6_UNLOCK();
485
486 return (ret);
487}
488
489/*
490 * returns the input and output packet and byte counts on the mif provided
491 */
492static int
493get_mif6_cnt(struct sioc_mif_req6 *req)
494{
495 mifi_t mifi;
496 int ret;
497
498 ret = 0;
499 mifi = req->mifi;
500
501 MIF6_LOCK();
502
503 if (mifi >= nummifs) {
504 ret = EINVAL;
505 } else {
506 req->icount = mif6table[mifi].m6_pkt_in;
507 req->ocount = mif6table[mifi].m6_pkt_out;
508 req->ibytes = mif6table[mifi].m6_bytes_in;
509 req->obytes = mif6table[mifi].m6_bytes_out;
510 }
511
512 MIF6_UNLOCK();
513
514 return (ret);
515}
516
517static int
518set_pim6(int *i)
519{
520 if ((*i != 1) && (*i != 0))
521 return (EINVAL);
522
523 V_pim6 = *i;
524
525 return (0);
526}
527
528/*
529 * Enable multicast routing
530 */
531static int
532ip6_mrouter_init(struct socket *so, int v, int cmd)
533{
534
535 MRT6_DLOG(DEBUG_ANY, "so_type = %d, pr_protocol = %d",
536 so->so_type, so->so_proto->pr_protocol);
537
538 if (so->so_type != SOCK_RAW ||
539 so->so_proto->pr_protocol != IPPROTO_ICMPV6)
540 return (EOPNOTSUPP);
541
542 if (v != 1)
543 return (ENOPROTOOPT);
544
545 MROUTER6_LOCK();
546
547 if (V_ip6_mrouter != NULL) {
548 MROUTER6_UNLOCK();
549 return (EADDRINUSE);
550 }
551
552 V_ip6_mrouter = so;
553 V_ip6_mrouter_ver = cmd;
554
555 bzero((caddr_t)mf6ctable, sizeof(mf6ctable));
556 bzero((caddr_t)n6expire, sizeof(n6expire));
557
558 V_pim6 = 0;/* used for stubbing out/in pim stuff */
559
560 callout_init(&expire_upcalls_ch, 0);
561 callout_reset(&expire_upcalls_ch, EXPIRE_TIMEOUT,
562 expire_upcalls, NULL);
563
564 MROUTER6_UNLOCK();
565 MRT6_DLOG(DEBUG_ANY, "finished");
566
567 return (0);
568}
569
570/*
571 * Disable IPv6 multicast forwarding.
572 */
573int
574X_ip6_mrouter_done(void)
575{
576 mifi_t mifi;
577 u_long i;
578 struct mf6c *rt;
579 struct rtdetq *rte;
580
581 MROUTER6_LOCK();
582
583 if (V_ip6_mrouter == NULL) {
584 MROUTER6_UNLOCK();
585 return (EINVAL);
586 }
587
588 /*
589 * For each phyint in use, disable promiscuous reception of all IPv6
590 * multicasts.
591 */
592 for (mifi = 0; mifi < nummifs; mifi++) {
593 if (mif6table[mifi].m6_ifp &&
594 !(mif6table[mifi].m6_flags & MIFF_REGISTER)) {
595 if_allmulti(mif6table[mifi].m6_ifp, 0);
596 }
597 }
598 bzero((caddr_t)mif6table, sizeof(mif6table));
599 nummifs = 0;
600
601 V_pim6 = 0; /* used to stub out/in pim specific code */
602
603 callout_stop(&expire_upcalls_ch);
604
605 /*
606 * Free all multicast forwarding cache entries.
607 */
608 MFC6_LOCK();
609 for (i = 0; i < MF6CTBLSIZ; i++) {
610 rt = mf6ctable[i];
611 while (rt) {
612 struct mf6c *frt;
613
614 for (rte = rt->mf6c_stall; rte != NULL; ) {
615 struct rtdetq *n = rte->next;
616
617 m_freem(rte->m);
618 free(rte, M_MRTABLE6);
619 rte = n;
620 }
621 frt = rt;
622 rt = rt->mf6c_next;
623 free(frt, M_MRTABLE6);
624 }
625 }
626 bzero((caddr_t)mf6ctable, sizeof(mf6ctable));
627 MFC6_UNLOCK();
628
629 /*
630 * Reset register interface
631 */
632 if (reg_mif_num != (mifi_t)-1 && multicast_register_if6 != NULL) {
633 if_detach(multicast_register_if6);
634 if_free(multicast_register_if6);
635 reg_mif_num = (mifi_t)-1;
636 multicast_register_if6 = NULL;
637 }
638
639 V_ip6_mrouter = NULL;
640 V_ip6_mrouter_ver = 0;
641
642 MROUTER6_UNLOCK();
643 MRT6_DLOG(DEBUG_ANY, "finished");
644
645 return (0);
646}
647
648static struct sockaddr_in6 sin6 = { sizeof(sin6), AF_INET6 };
649
650/*
651 * Add a mif to the mif table
652 */
653static int
654add_m6if(struct mif6ctl *mifcp)
655{
656 struct mif6 *mifp;
657 struct ifnet *ifp;
658 int error;
659
660 MIF6_LOCK();
661
662 if (mifcp->mif6c_mifi >= MAXMIFS) {
663 MIF6_UNLOCK();
664 return (EINVAL);
665 }
666 mifp = mif6table + mifcp->mif6c_mifi;
667 if (mifp->m6_ifp != NULL) {
668 MIF6_UNLOCK();
669 return (EADDRINUSE); /* XXX: is it appropriate? */
670 }
671 if (mifcp->mif6c_pifi == 0 || mifcp->mif6c_pifi > V_if_index) {
672 MIF6_UNLOCK();
673 return (ENXIO);
674 }
675
676 ifp = ifnet_byindex(mifcp->mif6c_pifi);
677
678 if (mifcp->mif6c_flags & MIFF_REGISTER) {
679 if (reg_mif_num == (mifi_t)-1) {
680 ifp = if_alloc(IFT_OTHER);
681
682 if_initname(ifp, "register_mif", 0);
683 ifp->if_flags |= IFF_LOOPBACK;
684 if_attach(ifp);
685 multicast_register_if6 = ifp;
686 reg_mif_num = mifcp->mif6c_mifi;
687 /*
688 * it is impossible to guess the ifindex of the
689 * register interface. So mif6c_pifi is automatically
690 * calculated.
691 */
692 mifcp->mif6c_pifi = ifp->if_index;
693 } else {
694 ifp = multicast_register_if6;
695 }
696 } else {
697 /* Make sure the interface supports multicast */
698 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
699 MIF6_UNLOCK();
700 return (EOPNOTSUPP);
701 }
702
703 error = if_allmulti(ifp, 1);
704 if (error) {
705 MIF6_UNLOCK();
706 return (error);
707 }
708 }
709
710 mifp->m6_flags = mifcp->mif6c_flags;
711 mifp->m6_ifp = ifp;
712
713 /* initialize per mif pkt counters */
714 mifp->m6_pkt_in = 0;
715 mifp->m6_pkt_out = 0;
716 mifp->m6_bytes_in = 0;
717 mifp->m6_bytes_out = 0;
718
719 /* Adjust nummifs up if the mifi is higher than nummifs */
720 if (nummifs <= mifcp->mif6c_mifi)
721 nummifs = mifcp->mif6c_mifi + 1;
722
723 MIF6_UNLOCK();
724 MRT6_DLOG(DEBUG_ANY, "mif #%d, phyint %s", mifcp->mif6c_mifi,
725 if_name(ifp));
726
727 return (0);
728}
729
730/*
731 * Delete a mif from the mif table
732 */
733static int
734del_m6if_locked(mifi_t *mifip)
735{
736 struct mif6 *mifp = mif6table + *mifip;
737 mifi_t mifi;
738 struct ifnet *ifp;
739
740 MIF6_LOCK_ASSERT();
741
742 if (*mifip >= nummifs)
743 return (EINVAL);
744 if (mifp->m6_ifp == NULL)
745 return (EINVAL);
746
747 if (!(mifp->m6_flags & MIFF_REGISTER)) {
748 /* XXX: TODO: Maintain an ALLMULTI refcount in struct ifnet. */
749 ifp = mifp->m6_ifp;
750 if_allmulti(ifp, 0);
751 } else {
752 if (reg_mif_num != (mifi_t)-1 &&
753 multicast_register_if6 != NULL) {
754 if_detach(multicast_register_if6);
755 if_free(multicast_register_if6);
756 reg_mif_num = (mifi_t)-1;
757 multicast_register_if6 = NULL;
758 }
759 }
760
761 bzero((caddr_t)mifp, sizeof(*mifp));
762
763 /* Adjust nummifs down */
764 for (mifi = nummifs; mifi > 0; mifi--)
765 if (mif6table[mifi - 1].m6_ifp)
766 break;
767 nummifs = mifi;
768 MRT6_DLOG(DEBUG_ANY, "mif %d, nummifs %d", *mifip, nummifs);
769
770 return (0);
771}
772
773static int
774del_m6if(mifi_t *mifip)
775{
776 int cc;
777
778 MIF6_LOCK();
779 cc = del_m6if_locked(mifip);
780 MIF6_UNLOCK();
781
782 return (cc);
783}
784
785/*
786 * Add an mfc entry
787 */
788static int
789add_m6fc(struct mf6cctl *mfccp)
790{
791 struct mf6c *rt;
792 u_long hash;
793 struct rtdetq *rte;
794 u_short nstl;
795 char ip6bufo[INET6_ADDRSTRLEN], ip6bufg[INET6_ADDRSTRLEN];
796
797 MFC6_LOCK();
798
799 MF6CFIND(mfccp->mf6cc_origin.sin6_addr,
800 mfccp->mf6cc_mcastgrp.sin6_addr, rt);
801
802 /* If an entry already exists, just update the fields */
803 if (rt) {
804 MRT6_DLOG(DEBUG_MFC, "no upcall o %s g %s p %x",
805 ip6_sprintf(ip6bufo, &mfccp->mf6cc_origin.sin6_addr),
806 ip6_sprintf(ip6bufg, &mfccp->mf6cc_mcastgrp.sin6_addr),
807 mfccp->mf6cc_parent);
808
809 rt->mf6c_parent = mfccp->mf6cc_parent;
810 rt->mf6c_ifset = mfccp->mf6cc_ifset;
811
812 MFC6_UNLOCK();
813 return (0);
814 }
815
816 /*
817 * Find the entry for which the upcall was made and update
818 */
819 hash = MF6CHASH(mfccp->mf6cc_origin.sin6_addr,
820 mfccp->mf6cc_mcastgrp.sin6_addr);
821 for (rt = mf6ctable[hash], nstl = 0; rt; rt = rt->mf6c_next) {
822 if (IN6_ARE_ADDR_EQUAL(&rt->mf6c_origin.sin6_addr,
823 &mfccp->mf6cc_origin.sin6_addr) &&
824 IN6_ARE_ADDR_EQUAL(&rt->mf6c_mcastgrp.sin6_addr,
825 &mfccp->mf6cc_mcastgrp.sin6_addr) &&
826 (rt->mf6c_stall != NULL)) {
827
828 if (nstl++)
829 log(LOG_ERR,
830 "add_m6fc: %s o %s g %s p %x dbx %p\n",
831 "multiple kernel entries",
832 ip6_sprintf(ip6bufo,
833 &mfccp->mf6cc_origin.sin6_addr),
834 ip6_sprintf(ip6bufg,
835 &mfccp->mf6cc_mcastgrp.sin6_addr),
836 mfccp->mf6cc_parent, rt->mf6c_stall);
837
838 MRT6_DLOG(DEBUG_MFC, "o %s g %s p %x dbg %p",
839 ip6_sprintf(ip6bufo,
840 &mfccp->mf6cc_origin.sin6_addr),
841 ip6_sprintf(ip6bufg,
842 &mfccp->mf6cc_mcastgrp.sin6_addr),
843 mfccp->mf6cc_parent, rt->mf6c_stall);
844
845 rt->mf6c_origin = mfccp->mf6cc_origin;
846 rt->mf6c_mcastgrp = mfccp->mf6cc_mcastgrp;
847 rt->mf6c_parent = mfccp->mf6cc_parent;
848 rt->mf6c_ifset = mfccp->mf6cc_ifset;
849 /* initialize pkt counters per src-grp */
850 rt->mf6c_pkt_cnt = 0;
851 rt->mf6c_byte_cnt = 0;
852 rt->mf6c_wrong_if = 0;
853
854 rt->mf6c_expire = 0; /* Don't clean this guy up */
855 n6expire[hash]--;
856
857 /* free packets Qed at the end of this entry */
858 for (rte = rt->mf6c_stall; rte != NULL; ) {
859 struct rtdetq *n = rte->next;
860 ip6_mdq(rte->m, rte->ifp, rt);
861 m_freem(rte->m);
862#ifdef UPCALL_TIMING
863 collate(&(rte->t));
864#endif /* UPCALL_TIMING */
865 free(rte, M_MRTABLE6);
866 rte = n;
867 }
868 rt->mf6c_stall = NULL;
869 }
870 }
871
872 /*
873 * It is possible that an entry is being inserted without an upcall
874 */
875 if (nstl == 0) {
876 MRT6_DLOG(DEBUG_MFC, "no upcall h %lu o %s g %s p %x", hash,
877 ip6_sprintf(ip6bufo, &mfccp->mf6cc_origin.sin6_addr),
878 ip6_sprintf(ip6bufg, &mfccp->mf6cc_mcastgrp.sin6_addr),
879 mfccp->mf6cc_parent);
880
881 for (rt = mf6ctable[hash]; rt; rt = rt->mf6c_next) {
882
883 if (IN6_ARE_ADDR_EQUAL(&rt->mf6c_origin.sin6_addr,
884 &mfccp->mf6cc_origin.sin6_addr)&&
885 IN6_ARE_ADDR_EQUAL(&rt->mf6c_mcastgrp.sin6_addr,
886 &mfccp->mf6cc_mcastgrp.sin6_addr)) {
887
888 rt->mf6c_origin = mfccp->mf6cc_origin;
889 rt->mf6c_mcastgrp = mfccp->mf6cc_mcastgrp;
890 rt->mf6c_parent = mfccp->mf6cc_parent;
891 rt->mf6c_ifset = mfccp->mf6cc_ifset;
892 /* initialize pkt counters per src-grp */
893 rt->mf6c_pkt_cnt = 0;
894 rt->mf6c_byte_cnt = 0;
895 rt->mf6c_wrong_if = 0;
896
897 if (rt->mf6c_expire)
898 n6expire[hash]--;
899 rt->mf6c_expire = 0;
900 }
901 }
902 if (rt == NULL) {
903 /* no upcall, so make a new entry */
904 rt = (struct mf6c *)malloc(sizeof(*rt), M_MRTABLE6,
905 M_NOWAIT);
906 if (rt == NULL) {
907 MFC6_UNLOCK();
908 return (ENOBUFS);
909 }
910
911 /* insert new entry at head of hash chain */
912 rt->mf6c_origin = mfccp->mf6cc_origin;
913 rt->mf6c_mcastgrp = mfccp->mf6cc_mcastgrp;
914 rt->mf6c_parent = mfccp->mf6cc_parent;
915 rt->mf6c_ifset = mfccp->mf6cc_ifset;
916 /* initialize pkt counters per src-grp */
917 rt->mf6c_pkt_cnt = 0;
918 rt->mf6c_byte_cnt = 0;
919 rt->mf6c_wrong_if = 0;
920 rt->mf6c_expire = 0;
921 rt->mf6c_stall = NULL;
922
923 /* link into table */
924 rt->mf6c_next = mf6ctable[hash];
925 mf6ctable[hash] = rt;
926 }
927 }
928
929 MFC6_UNLOCK();
930 return (0);
931}
932
933#ifdef UPCALL_TIMING
934/*
935 * collect delay statistics on the upcalls
936 */
937static void
938collate(struct timeval *t)
939{
940 u_long d;
941 struct timeval tp;
942 u_long delta;
943
944 GET_TIME(tp);
945
946 if (TV_LT(*t, tp))
947 {
948 TV_DELTA(tp, *t, delta);
949
950 d = delta >> 10;
951 if (d > UPCALL_MAX)
952 d = UPCALL_MAX;
953
954 ++upcall_data[d];
955 }
956}
957#endif /* UPCALL_TIMING */
958
959/*
960 * Delete an mfc entry
961 */
962static int
963del_m6fc(struct mf6cctl *mfccp)
964{
965#ifdef MRT6DEBUG
966 char ip6bufo[INET6_ADDRSTRLEN], ip6bufg[INET6_ADDRSTRLEN];
967#endif
968 struct sockaddr_in6 origin;
969 struct sockaddr_in6 mcastgrp;
970 struct mf6c *rt;
971 struct mf6c **nptr;
972 u_long hash;
973
974 origin = mfccp->mf6cc_origin;
975 mcastgrp = mfccp->mf6cc_mcastgrp;
976 hash = MF6CHASH(origin.sin6_addr, mcastgrp.sin6_addr);
977
978 MRT6_DLOG(DEBUG_MFC, "orig %s mcastgrp %s",
979 ip6_sprintf(ip6bufo, &origin.sin6_addr),
980 ip6_sprintf(ip6bufg, &mcastgrp.sin6_addr));
981
982 MFC6_LOCK();
983
984 nptr = &mf6ctable[hash];
985 while ((rt = *nptr) != NULL) {
986 if (IN6_ARE_ADDR_EQUAL(&origin.sin6_addr,
987 &rt->mf6c_origin.sin6_addr) &&
988 IN6_ARE_ADDR_EQUAL(&mcastgrp.sin6_addr,
989 &rt->mf6c_mcastgrp.sin6_addr) &&
990 rt->mf6c_stall == NULL)
991 break;
992
993 nptr = &rt->mf6c_next;
994 }
995 if (rt == NULL) {
996 MFC6_UNLOCK();
997 return (EADDRNOTAVAIL);
998 }
999
1000 *nptr = rt->mf6c_next;
1001 free(rt, M_MRTABLE6);
1002
1003 MFC6_UNLOCK();
1004
1005 return (0);
1006}
1007
1008static int
1009socket_send(struct socket *s, struct mbuf *mm, struct sockaddr_in6 *src)
1010{
1011
1012 if (s) {
1013 if (sbappendaddr(&s->so_rcv,
1014 (struct sockaddr *)src,
1015 mm, (struct mbuf *)0) != 0) {
1016 sorwakeup(s);
1017 return (0);
1018 }
1019 }
1020 m_freem(mm);
1021 return (-1);
1022}
1023
1024/*
1025 * IPv6 multicast forwarding function. This function assumes that the packet
1026 * pointed to by "ip6" has arrived on (or is about to be sent to) the interface
1027 * pointed to by "ifp", and the packet is to be relayed to other networks
1028 * that have members of the packet's destination IPv6 multicast group.
1029 *
1030 * The packet is returned unscathed to the caller, unless it is
1031 * erroneous, in which case a non-zero return value tells the caller to
1032 * discard it.
1033 *
1034 * NOTE: this implementation assumes that m->m_pkthdr.rcvif is NULL iff
1035 * this function is called in the originating context (i.e., not when
1036 * forwarding a packet from other node). ip6_output(), which is currently the
1037 * only function that calls this function is called in the originating context,
1038 * explicitly ensures this condition. It is caller's responsibility to ensure
1039 * that if this function is called from somewhere else in the originating
1040 * context in the future.
1041 */
1042int
1043X_ip6_mforward(struct ip6_hdr *ip6, struct ifnet *ifp, struct mbuf *m)
1044{
1045 struct rtdetq *rte;
1046 struct mbuf *mb0;
1047 struct mf6c *rt;
1048 struct mif6 *mifp;
1049 struct mbuf *mm;
1050 u_long hash;
1051 mifi_t mifi;
1052 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
1053#ifdef UPCALL_TIMING
1054 struct timeval tp;
1055
1056 GET_TIME(tp);
1057#endif /* UPCALL_TIMING */
1058
1059 MRT6_DLOG(DEBUG_FORWARD, "src %s, dst %s, ifindex %d",
1060 ip6_sprintf(ip6bufs, &ip6->ip6_src),
1061 ip6_sprintf(ip6bufd, &ip6->ip6_dst), ifp->if_index);
1062
1063 /*
1064 * Don't forward a packet with Hop limit of zero or one,
1065 * or a packet destined to a local-only group.
1066 */
1067 if (ip6->ip6_hlim <= 1 || IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst) ||
1068 IN6_IS_ADDR_MC_LINKLOCAL(&ip6->ip6_dst))
1069 return (0);
1070 ip6->ip6_hlim--;
1071
1072 /*
1073 * Source address check: do not forward packets with unspecified
1074 * source. It was discussed in July 2000, on ipngwg mailing list.
1075 * This is rather more serious than unicast cases, because some
1076 * MLD packets can be sent with the unspecified source address
1077 * (although such packets must normally set 1 to the hop limit field).
1078 */
1079 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
1080 IP6STAT_INC(ip6s_cantforward);
1081 if (V_ip6_log_time + V_ip6_log_interval < time_uptime) {
1082 V_ip6_log_time = time_uptime;
1083 log(LOG_DEBUG,
1084 "cannot forward "
1085 "from %s to %s nxt %d received on %s\n",
1086 ip6_sprintf(ip6bufs, &ip6->ip6_src),
1087 ip6_sprintf(ip6bufd, &ip6->ip6_dst),
1088 ip6->ip6_nxt,
1089 if_name(m->m_pkthdr.rcvif));
1090 }
1091 return (0);
1092 }
1093
1094 MFC6_LOCK();
1095
1096 /*
1097 * Determine forwarding mifs from the forwarding cache table
1098 */
1099 MF6CFIND(ip6->ip6_src, ip6->ip6_dst, rt);
1100 MRT6STAT_INC(mrt6s_mfc_lookups);
1101
1102 /* Entry exists, so forward if necessary */
1103 if (rt) {
1104 MFC6_UNLOCK();
1105 return (ip6_mdq(m, ifp, rt));
1106 }
1107
1108 /*
1109 * If we don't have a route for packet's origin,
1110 * Make a copy of the packet & send message to routing daemon.
1111 */
1112 MRT6STAT_INC(mrt6s_no_route);
1113 MRT6_DLOG(DEBUG_FORWARD | DEBUG_MFC, "no rte s %s g %s",
1114 ip6_sprintf(ip6bufs, &ip6->ip6_src),
1115 ip6_sprintf(ip6bufd, &ip6->ip6_dst));
1116
1117 /*
1118 * Allocate mbufs early so that we don't do extra work if we
1119 * are just going to fail anyway.
1120 */
1121 rte = (struct rtdetq *)malloc(sizeof(*rte), M_MRTABLE6, M_NOWAIT);
1122 if (rte == NULL) {
1123 MFC6_UNLOCK();
1124 return (ENOBUFS);
1125 }
1126 mb0 = m_copy(m, 0, M_COPYALL);
1127 /*
1128 * Pullup packet header if needed before storing it,
1129 * as other references may modify it in the meantime.
1130 */
1131 if (mb0 && (M_HASCL(mb0) || mb0->m_len < sizeof(struct ip6_hdr)))
1132 mb0 = m_pullup(mb0, sizeof(struct ip6_hdr));
1133 if (mb0 == NULL) {
1134 free(rte, M_MRTABLE6);
1135 MFC6_UNLOCK();
1136 return (ENOBUFS);
1137 }
1138
1139 /* is there an upcall waiting for this packet? */
1140 hash = MF6CHASH(ip6->ip6_src, ip6->ip6_dst);
1141 for (rt = mf6ctable[hash]; rt; rt = rt->mf6c_next) {
1142 if (IN6_ARE_ADDR_EQUAL(&ip6->ip6_src,
1143 &rt->mf6c_origin.sin6_addr) &&
1144 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
1145 &rt->mf6c_mcastgrp.sin6_addr) && (rt->mf6c_stall != NULL))
1146 break;
1147 }
1148
1149 if (rt == NULL) {
1150 struct mrt6msg *im;
1151#ifdef MRT6_OINIT
1152 struct omrt6msg *oim;
1153#endif
1154 /* no upcall, so make a new entry */
1155 rt = (struct mf6c *)malloc(sizeof(*rt), M_MRTABLE6, M_NOWAIT);
1156 if (rt == NULL) {
1157 free(rte, M_MRTABLE6);
1158 m_freem(mb0);
1159 MFC6_UNLOCK();
1160 return (ENOBUFS);
1161 }
1162 /*
1163 * Make a copy of the header to send to the user
1164 * level process
1165 */
1166 mm = m_copy(mb0, 0, sizeof(struct ip6_hdr));
1167 if (mm == NULL) {
1168 free(rte, M_MRTABLE6);
1169 m_freem(mb0);
1170 free(rt, M_MRTABLE6);
1171 MFC6_UNLOCK();
1172 return (ENOBUFS);
1173 }
1174
1175 /*
1176 * Send message to routing daemon
1177 */
1178 sin6.sin6_addr = ip6->ip6_src;
1179 im = NULL;
1180#ifdef MRT6_OINIT
1181 oim = NULL;
1182#endif
1183 switch (V_ip6_mrouter_ver) {
1184#ifdef MRT6_OINIT
1185 case MRT6_OINIT:
1186 oim = mtod(mm, struct omrt6msg *);
1187 oim->im6_msgtype = MRT6MSG_NOCACHE;
1188 oim->im6_mbz = 0;
1189 break;
1190#endif
1191 case MRT6_INIT:
1192 im = mtod(mm, struct mrt6msg *);
1193 im->im6_msgtype = MRT6MSG_NOCACHE;
1194 im->im6_mbz = 0;
1195 break;
1196 default:
1197 free(rte, M_MRTABLE6);
1198 m_freem(mb0);
1199 free(rt, M_MRTABLE6);
1200 MFC6_UNLOCK();
1201 return (EINVAL);
1202 }
1203
1204 MRT6_DLOG(DEBUG_FORWARD, "getting the iif info in the kernel");
1205 for (mifp = mif6table, mifi = 0;
1206 mifi < nummifs && mifp->m6_ifp != ifp; mifp++, mifi++)
1207 ;
1208
1209 switch (V_ip6_mrouter_ver) {
1210#ifdef MRT6_OINIT
1211 case MRT6_OINIT:
1212 oim->im6_mif = mifi;
1213 break;
1214#endif
1215 case MRT6_INIT:
1216 im->im6_mif = mifi;
1217 break;
1218 }
1219
1220 if (socket_send(V_ip6_mrouter, mm, &sin6) < 0) {
1221 log(LOG_WARNING, "ip6_mforward: ip6_mrouter "
1222 "socket queue full\n");
1223 MRT6STAT_INC(mrt6s_upq_sockfull);
1224 free(rte, M_MRTABLE6);
1225 m_freem(mb0);
1226 free(rt, M_MRTABLE6);
1227 MFC6_UNLOCK();
1228 return (ENOBUFS);
1229 }
1230
1231 MRT6STAT_INC(mrt6s_upcalls);
1232
1233 /* insert new entry at head of hash chain */
1234 bzero(rt, sizeof(*rt));
1235 rt->mf6c_origin.sin6_family = AF_INET6;
1236 rt->mf6c_origin.sin6_len = sizeof(struct sockaddr_in6);
1237 rt->mf6c_origin.sin6_addr = ip6->ip6_src;
1238 rt->mf6c_mcastgrp.sin6_family = AF_INET6;
1239 rt->mf6c_mcastgrp.sin6_len = sizeof(struct sockaddr_in6);
1240 rt->mf6c_mcastgrp.sin6_addr = ip6->ip6_dst;
1241 rt->mf6c_expire = UPCALL_EXPIRE;
1242 n6expire[hash]++;
1243 rt->mf6c_parent = MF6C_INCOMPLETE_PARENT;
1244
1245 /* link into table */
1246 rt->mf6c_next = mf6ctable[hash];
1247 mf6ctable[hash] = rt;
1248 /* Add this entry to the end of the queue */
1249 rt->mf6c_stall = rte;
1250 } else {
1251 /* determine if q has overflowed */
1252 struct rtdetq **p;
1253 int npkts = 0;
1254
1255 for (p = &rt->mf6c_stall; *p != NULL; p = &(*p)->next)
1256 if (++npkts > MAX_UPQ6) {
1257 MRT6STAT_INC(mrt6s_upq_ovflw);
1258 free(rte, M_MRTABLE6);
1259 m_freem(mb0);
1260 MFC6_UNLOCK();
1261 return (0);
1262 }
1263
1264 /* Add this entry to the end of the queue */
1265 *p = rte;
1266 }
1267
1268 rte->next = NULL;
1269 rte->m = mb0;
1270 rte->ifp = ifp;
1271#ifdef UPCALL_TIMING
1272 rte->t = tp;
1273#endif /* UPCALL_TIMING */
1274
1275 MFC6_UNLOCK();
1276
1277 return (0);
1278}
1279
1280/*
1281 * Clean up cache entries if upcalls are not serviced
1282 * Call from the Slow Timeout mechanism, every half second.
1283 */
1284static void
1285expire_upcalls(void *unused)
1286{
1287#ifdef MRT6DEBUG
1288 char ip6bufo[INET6_ADDRSTRLEN], ip6bufg[INET6_ADDRSTRLEN];
1289#endif
1290 struct rtdetq *rte;
1291 struct mf6c *mfc, **nptr;
1292 u_long i;
1293
1294 MFC6_LOCK();
1295 for (i = 0; i < MF6CTBLSIZ; i++) {
1296 if (n6expire[i] == 0)
1297 continue;
1298 nptr = &mf6ctable[i];
1299 while ((mfc = *nptr) != NULL) {
1300 rte = mfc->mf6c_stall;
1301 /*
1302 * Skip real cache entries
1303 * Make sure it wasn't marked to not expire (shouldn't happen)
1304 * If it expires now
1305 */
1306 if (rte != NULL &&
1307 mfc->mf6c_expire != 0 &&
1308 --mfc->mf6c_expire == 0) {
1309 MRT6_DLOG(DEBUG_EXPIRE, "expiring (%s %s)",
1310 ip6_sprintf(ip6bufo, &mfc->mf6c_origin.sin6_addr),
1311 ip6_sprintf(ip6bufg, &mfc->mf6c_mcastgrp.sin6_addr));
1312 /*
1313 * drop all the packets
1314 * free the mbuf with the pkt, if, timing info
1315 */
1316 do {
1317 struct rtdetq *n = rte->next;
1318 m_freem(rte->m);
1319 free(rte, M_MRTABLE6);
1320 rte = n;
1321 } while (rte != NULL);
1322 MRT6STAT_INC(mrt6s_cache_cleanups);
1323 n6expire[i]--;
1324
1325 *nptr = mfc->mf6c_next;
1326 free(mfc, M_MRTABLE6);
1327 } else {
1328 nptr = &mfc->mf6c_next;
1329 }
1330 }
1331 }
1332 MFC6_UNLOCK();
1333 callout_reset(&expire_upcalls_ch, EXPIRE_TIMEOUT,
1334 expire_upcalls, NULL);
1335}
1336
1337/*
1338 * Packet forwarding routine once entry in the cache is made
1339 */
1340static int
1341ip6_mdq(struct mbuf *m, struct ifnet *ifp, struct mf6c *rt)
1342{
1343 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
1344 mifi_t mifi, iif;
1345 struct mif6 *mifp;
1346 int plen = m->m_pkthdr.len;
1347 struct in6_addr src0, dst0; /* copies for local work */
1348 u_int32_t iszone, idzone, oszone, odzone;
1349 int error = 0;
1350
1351/*
1352 * Macro to send packet on mif. Since RSVP packets don't get counted on
1353 * input, they shouldn't get counted on output, so statistics keeping is
1354 * separate.
1355 */
1356
1357#define MC6_SEND(ip6, mifp, m) do { \
1358 if ((mifp)->m6_flags & MIFF_REGISTER) \
1359 register_send((ip6), (mifp), (m)); \
1360 else \
1361 phyint_send((ip6), (mifp), (m)); \
1362} while (/*CONSTCOND*/ 0)
1363
1364 /*
1365 * Don't forward if it didn't arrive from the parent mif
1366 * for its origin.
1367 */
1368 mifi = rt->mf6c_parent;
1369 if ((mifi >= nummifs) || (mif6table[mifi].m6_ifp != ifp)) {
1370 /* came in the wrong interface */
1371 MRT6_DLOG(DEBUG_FORWARD,
1372 "wrong if: ifid %d mifi %d mififid %x", ifp->if_index,
1373 mifi, mif6table[mifi].m6_ifp->if_index);
1374 MRT6STAT_INC(mrt6s_wrong_if);
1375 rt->mf6c_wrong_if++;
1376 /*
1377 * If we are doing PIM processing, and we are forwarding
1378 * packets on this interface, send a message to the
1379 * routing daemon.
1380 */
1381 /* have to make sure this is a valid mif */
1382 if (mifi < nummifs && mif6table[mifi].m6_ifp)
1383 if (V_pim6 && (m->m_flags & M_LOOP) == 0) {
1384 /*
1385 * Check the M_LOOP flag to avoid an
1386 * unnecessary PIM assert.
1387 * XXX: M_LOOP is an ad-hoc hack...
1388 */
1389 static struct sockaddr_in6 sin6 =
1390 { sizeof(sin6), AF_INET6 };
1391
1392 struct mbuf *mm;
1393 struct mrt6msg *im;
1394#ifdef MRT6_OINIT
1395 struct omrt6msg *oim;
1396#endif
1397
1398 mm = m_copy(m, 0, sizeof(struct ip6_hdr));
1399 if (mm &&
1400 (M_HASCL(mm) ||
1401 mm->m_len < sizeof(struct ip6_hdr)))
1402 mm = m_pullup(mm, sizeof(struct ip6_hdr));
1403 if (mm == NULL)
1404 return (ENOBUFS);
1405
1406#ifdef MRT6_OINIT
1407 oim = NULL;
1408#endif
1409 im = NULL;
1410 switch (V_ip6_mrouter_ver) {
1411#ifdef MRT6_OINIT
1412 case MRT6_OINIT:
1413 oim = mtod(mm, struct omrt6msg *);
1414 oim->im6_msgtype = MRT6MSG_WRONGMIF;
1415 oim->im6_mbz = 0;
1416 break;
1417#endif
1418 case MRT6_INIT:
1419 im = mtod(mm, struct mrt6msg *);
1420 im->im6_msgtype = MRT6MSG_WRONGMIF;
1421 im->im6_mbz = 0;
1422 break;
1423 default:
1424 m_freem(mm);
1425 return (EINVAL);
1426 }
1427
1428 for (mifp = mif6table, iif = 0;
1429 iif < nummifs && mifp &&
1430 mifp->m6_ifp != ifp;
1431 mifp++, iif++)
1432 ;
1433
1434 switch (V_ip6_mrouter_ver) {
1435#ifdef MRT6_OINIT
1436 case MRT6_OINIT:
1437 oim->im6_mif = iif;
1438 sin6.sin6_addr = oim->im6_src;
1439 break;
1440#endif
1441 case MRT6_INIT:
1442 im->im6_mif = iif;
1443 sin6.sin6_addr = im->im6_src;
1444 break;
1445 }
1446
1447 MRT6STAT_INC(mrt6s_upcalls);
1448
1449 if (socket_send(V_ip6_mrouter, mm, &sin6) < 0) {
1450 MRT6_DLOG(DEBUG_ANY,
1451 "ip6_mrouter socket queue full");
1452 MRT6STAT_INC(mrt6s_upq_sockfull);
1453 return (ENOBUFS);
1454 } /* if socket Q full */
1455 } /* if PIM */
1456 return (0);
1457 } /* if wrong iif */
1458
1459 /* If I sourced this packet, it counts as output, else it was input. */
1460 if (m->m_pkthdr.rcvif == NULL) {
1461 /* XXX: is rcvif really NULL when output?? */
1462 mif6table[mifi].m6_pkt_out++;
1463 mif6table[mifi].m6_bytes_out += plen;
1464 } else {
1465 mif6table[mifi].m6_pkt_in++;
1466 mif6table[mifi].m6_bytes_in += plen;
1467 }
1468 rt->mf6c_pkt_cnt++;
1469 rt->mf6c_byte_cnt += plen;
1470
1471 /*
1472 * For each mif, forward a copy of the packet if there are group
1473 * members downstream on the interface.
1474 */
1475 src0 = ip6->ip6_src;
1476 dst0 = ip6->ip6_dst;
1477 if ((error = in6_setscope(&src0, ifp, &iszone)) != 0 ||
1478 (error = in6_setscope(&dst0, ifp, &idzone)) != 0) {
1479 IP6STAT_INC(ip6s_badscope);
1480 return (error);
1481 }
1482 for (mifp = mif6table, mifi = 0; mifi < nummifs; mifp++, mifi++) {
1483 if (IF_ISSET(mifi, &rt->mf6c_ifset)) {
1484 /*
1485 * check if the outgoing packet is going to break
1486 * a scope boundary.
1487 * XXX For packets through PIM register tunnel
1488 * interface, we believe a routing daemon.
1489 */
1490 if (!(mif6table[rt->mf6c_parent].m6_flags &
1491 MIFF_REGISTER) &&
1492 !(mif6table[mifi].m6_flags & MIFF_REGISTER)) {
1493 if (in6_setscope(&src0, mif6table[mifi].m6_ifp,
1494 &oszone) ||
1495 in6_setscope(&dst0, mif6table[mifi].m6_ifp,
1496 &odzone) ||
1497 iszone != oszone ||
1498 idzone != odzone) {
1499 IP6STAT_INC(ip6s_badscope);
1500 continue;
1501 }
1502 }
1503
1504 mifp->m6_pkt_out++;
1505 mifp->m6_bytes_out += plen;
1506 MC6_SEND(ip6, mifp, m);
1507 }
1508 }
1509 return (0);
1510}
1511
1512static void
1513phyint_send(struct ip6_hdr *ip6, struct mif6 *mifp, struct mbuf *m)
1514{
1515#ifdef MRT6DEBUG
1516 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
1517#endif
1518 struct mbuf *mb_copy;
1519 struct ifnet *ifp = mifp->m6_ifp;
1520 int error = 0;
1521 u_long linkmtu;
1522
1523 /*
1524 * Make a new reference to the packet; make sure that
1525 * the IPv6 header is actually copied, not just referenced,
1526 * so that ip6_output() only scribbles on the copy.
1527 */
1528 mb_copy = m_copy(m, 0, M_COPYALL);
1529 if (mb_copy &&
1530 (M_HASCL(mb_copy) || mb_copy->m_len < sizeof(struct ip6_hdr)))
1531 mb_copy = m_pullup(mb_copy, sizeof(struct ip6_hdr));
1532 if (mb_copy == NULL) {
1533 return;
1534 }
1535 /* set MCAST flag to the outgoing packet */
1536 mb_copy->m_flags |= M_MCAST;
1537
1538 /*
1539 * If we sourced the packet, call ip6_output since we may devide
1540 * the packet into fragments when the packet is too big for the
1541 * outgoing interface.
1542 * Otherwise, we can simply send the packet to the interface
1543 * sending queue.
1544 */
1545 if (m->m_pkthdr.rcvif == NULL) {
1546 struct ip6_moptions im6o;
1547
1548 im6o.im6o_multicast_ifp = ifp;
1549 /* XXX: ip6_output will override ip6->ip6_hlim */
1550 im6o.im6o_multicast_hlim = ip6->ip6_hlim;
1551 im6o.im6o_multicast_loop = 1;
1552 error = ip6_output(mb_copy, NULL, NULL, IPV6_FORWARDING, &im6o,
1553 NULL, NULL);
1554
1555 MRT6_DLOG(DEBUG_XMIT, "mif %u err %d",
1556 (uint16_t)(mifp - mif6table), error);
1557 return;
1558 }
1559
1560 /*
1561 * If configured to loop back multicasts by default,
1562 * loop back a copy now.
1563 */
1564 if (in6_mcast_loop) {
1565 struct sockaddr_in6 dst6;
1566
1567 bzero(&dst6, sizeof(dst6));
1568 dst6.sin6_len = sizeof(struct sockaddr_in6);
1569 dst6.sin6_family = AF_INET6;
1570 dst6.sin6_addr = ip6->ip6_dst;
1571 ip6_mloopback(ifp, m, &dst6);
1572 }
1573
1574 /*
1575 * Put the packet into the sending queue of the outgoing interface
1576 * if it would fit in the MTU of the interface.
1577 */
1578 linkmtu = IN6_LINKMTU(ifp);
1579 if (mb_copy->m_pkthdr.len <= linkmtu || linkmtu < IPV6_MMTU) {
1580 struct sockaddr_in6 dst6;
1581
1582 bzero(&dst6, sizeof(dst6));
1583 dst6.sin6_len = sizeof(struct sockaddr_in6);
1584 dst6.sin6_family = AF_INET6;
1585 dst6.sin6_addr = ip6->ip6_dst;
1586
1587 IP_PROBE(send, NULL, NULL, ip6, ifp, NULL, ip6);
1588 /*
1589 * We just call if_output instead of nd6_output here, since
1590 * we need no ND for a multicast forwarded packet...right?
1591 */
1592 m_clrprotoflags(m); /* Avoid confusing lower layers. */
1593 error = (*ifp->if_output)(ifp, mb_copy,
1594 (struct sockaddr *)&dst6, NULL);
1595 MRT6_DLOG(DEBUG_XMIT, "mif %u err %d",
1596 (uint16_t)(mifp - mif6table), error);
1597 } else {
1598 /*
1599 * pMTU discovery is intentionally disabled by default, since
1600 * various router may notify pMTU in multicast, which can be
1601 * a DDoS to a router
1602 */
1603 if (V_ip6_mcast_pmtu)
1604 icmp6_error(mb_copy, ICMP6_PACKET_TOO_BIG, 0, linkmtu);
1605 else {
1606 MRT6_DLOG(DEBUG_XMIT, " packet too big on %s o %s "
1607 "g %s size %d (discarded)", if_name(ifp),
1608 ip6_sprintf(ip6bufs, &ip6->ip6_src),
1609 ip6_sprintf(ip6bufd, &ip6->ip6_dst),
1610 mb_copy->m_pkthdr.len);
1611 m_freem(mb_copy); /* simply discard the packet */
1612 }
1613 }
1614}
1615
1616static int
1617register_send(struct ip6_hdr *ip6, struct mif6 *mif, struct mbuf *m)
1618{
1619#ifdef MRT6DEBUG
1620 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
1621#endif
1622 struct mbuf *mm;
1623 int i, len = m->m_pkthdr.len;
1624 static struct sockaddr_in6 sin6 = { sizeof(sin6), AF_INET6 };
1625 struct mrt6msg *im6;
1626
1627 MRT6_DLOG(DEBUG_ANY, "src %s dst %s",
1628 ip6_sprintf(ip6bufs, &ip6->ip6_src),
1629 ip6_sprintf(ip6bufd, &ip6->ip6_dst));
1630 PIM6STAT_INC(pim6s_snd_registers);
1631
1632 /* Make a copy of the packet to send to the user level process. */
1633 mm = m_gethdr(M_NOWAIT, MT_DATA);
1634 if (mm == NULL)
1635 return (ENOBUFS);
1636 mm->m_data += max_linkhdr;
1637 mm->m_len = sizeof(struct ip6_hdr);
1638
1639 if ((mm->m_next = m_copy(m, 0, M_COPYALL)) == NULL) {
1640 m_freem(mm);
1641 return (ENOBUFS);
1642 }
1643 i = MHLEN - M_LEADINGSPACE(mm);
1644 if (i > len)
1645 i = len;
1646 mm = m_pullup(mm, i);
1647 if (mm == NULL)
1648 return (ENOBUFS);
1649/* TODO: check it! */
1650 mm->m_pkthdr.len = len + sizeof(struct ip6_hdr);
1651
1652 /*
1653 * Send message to routing daemon
1654 */
1655 sin6.sin6_addr = ip6->ip6_src;
1656
1657 im6 = mtod(mm, struct mrt6msg *);
1658 im6->im6_msgtype = MRT6MSG_WHOLEPKT;
1659 im6->im6_mbz = 0;
1660
1661 im6->im6_mif = mif - mif6table;
1662
1663 /* iif info is not given for reg. encap.n */
1664 MRT6STAT_INC(mrt6s_upcalls);
1665
1666 if (socket_send(V_ip6_mrouter, mm, &sin6) < 0) {
1667 MRT6_DLOG(DEBUG_ANY, "ip6_mrouter socket queue full");
1668 MRT6STAT_INC(mrt6s_upq_sockfull);
1669 return (ENOBUFS);
1670 }
1671 return (0);
1672}
1673
1674/*
1675 * pim6_encapcheck() is called by the encap6_input() path at runtime to
1676 * determine if a packet is for PIM; allowing PIM to be dynamically loaded
1677 * into the kernel.
1678 */
1679static int
1680pim6_encapcheck(const struct mbuf *m, int off, int proto, void *arg)
1681{
1682
1683#ifdef DIAGNOSTIC
1684 KASSERT(proto == IPPROTO_PIM, ("not for IPPROTO_PIM"));
1685#endif
1686 if (proto != IPPROTO_PIM)
1687 return 0; /* not for us; reject the datagram. */
1688
1689 return 64; /* claim the datagram. */
1690}
1691
1692/*
1693 * PIM sparse mode hook
1694 * Receives the pim control messages, and passes them up to the listening
1695 * socket, using rip6_input.
1696 * The only message processed is the REGISTER pim message; the pim header
1697 * is stripped off, and the inner packet is passed to register_mforward.
1698 */
1699int
1700pim6_input(struct mbuf **mp, int *offp, int proto)
1701{
1702 struct pim *pim; /* pointer to a pim struct */
1703 struct ip6_hdr *ip6;
1704 int pimlen;
1705 struct mbuf *m = *mp;
1706 int minlen;
1707 int off = *offp;
1708
1709 PIM6STAT_INC(pim6s_rcv_total);
1710
1711 ip6 = mtod(m, struct ip6_hdr *);
1712 pimlen = m->m_pkthdr.len - *offp;
1713
1714 /*
1715 * Validate lengths
1716 */
1717 if (pimlen < PIM_MINLEN) {
1718 PIM6STAT_INC(pim6s_rcv_tooshort);
1719 MRT6_DLOG(DEBUG_PIM, "PIM packet too short");
1720 m_freem(m);
1721 return (IPPROTO_DONE);
1722 }
1723
1724 /*
1725 * if the packet is at least as big as a REGISTER, go ahead
1726 * and grab the PIM REGISTER header size, to avoid another
1727 * possible m_pullup() later.
1728 *
1729 * PIM_MINLEN == pimhdr + u_int32 == 8
1730 * PIM6_REG_MINLEN == pimhdr + reghdr + eip6hdr == 4 + 4 + 40
1731 */
1732 minlen = (pimlen >= PIM6_REG_MINLEN) ? PIM6_REG_MINLEN : PIM_MINLEN;
1733
1734 /*
1735 * Make sure that the IP6 and PIM headers in contiguous memory, and
1736 * possibly the PIM REGISTER header
1737 */
1738#ifndef PULLDOWN_TEST
1739 IP6_EXTHDR_CHECK(m, off, minlen, IPPROTO_DONE);
1740 /* adjust pointer */
1741 ip6 = mtod(m, struct ip6_hdr *);
1742
1743 /* adjust mbuf to point to the PIM header */
1744 pim = (struct pim *)((caddr_t)ip6 + off);
1745#else
1746 IP6_EXTHDR_GET(pim, struct pim *, m, off, minlen);
1747 if (pim == NULL) {
1748 PIM6STAT_INC(pim6s_rcv_tooshort);
1749 return (IPPROTO_DONE);
1750 }
1751#endif
1752
1753#define PIM6_CHECKSUM
1754#ifdef PIM6_CHECKSUM
1755 {
1756 int cksumlen;
1757
1758 /*
1759 * Validate checksum.
1760 * If PIM REGISTER, exclude the data packet
1761 */
1762 if (pim->pim_type == PIM_REGISTER)
1763 cksumlen = PIM_MINLEN;
1764 else
1765 cksumlen = pimlen;
1766
1767 if (in6_cksum(m, IPPROTO_PIM, off, cksumlen)) {
1768 PIM6STAT_INC(pim6s_rcv_badsum);
1769 MRT6_DLOG(DEBUG_PIM, "invalid checksum");
1770 m_freem(m);
1771 return (IPPROTO_DONE);
1772 }
1773 }
1774#endif /* PIM_CHECKSUM */
1775
1776 /* PIM version check */
1777 if (pim->pim_ver != PIM_VERSION) {
1778 PIM6STAT_INC(pim6s_rcv_badversion);
1779 MRT6_DLOG(DEBUG_ANY | DEBUG_ERR,
1780 "incorrect version %d, expecting %d",
1781 pim->pim_ver, PIM_VERSION);
1782 m_freem(m);
1783 return (IPPROTO_DONE);
1784 }
1785
1786 if (pim->pim_type == PIM_REGISTER) {
1787 /*
1788 * since this is a REGISTER, we'll make a copy of the register
1789 * headers ip6+pim+u_int32_t+encap_ip6, to be passed up to the
1790 * routing daemon.
1791 */
1792 static struct sockaddr_in6 dst = { sizeof(dst), AF_INET6 };
1793
1794 struct mbuf *mcp;
1795 struct ip6_hdr *eip6;
1796 u_int32_t *reghdr;
1797 int rc;
1798#ifdef MRT6DEBUG
1799 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
1800#endif
1801
1802 PIM6STAT_INC(pim6s_rcv_registers);
1803
1804 if ((reg_mif_num >= nummifs) || (reg_mif_num == (mifi_t) -1)) {
1805 MRT6_DLOG(DEBUG_PIM, "register mif not set: %d",
1806 reg_mif_num);
1807 m_freem(m);
1808 return (IPPROTO_DONE);
1809 }
1810
1811 reghdr = (u_int32_t *)(pim + 1);
1812
1813 if ((ntohl(*reghdr) & PIM_NULL_REGISTER))
1814 goto pim6_input_to_daemon;
1815
1816 /*
1817 * Validate length
1818 */
1819 if (pimlen < PIM6_REG_MINLEN) {
1820 PIM6STAT_INC(pim6s_rcv_tooshort);
1821 PIM6STAT_INC(pim6s_rcv_badregisters);
1822 MRT6_DLOG(DEBUG_ANY | DEBUG_ERR, "register packet "
1823 "size too small %d from %s",
1824 pimlen, ip6_sprintf(ip6bufs, &ip6->ip6_src));
1825 m_freem(m);
1826 return (IPPROTO_DONE);
1827 }
1828
1829 eip6 = (struct ip6_hdr *) (reghdr + 1);
1830 MRT6_DLOG(DEBUG_PIM, "eip6: %s -> %s, eip6 plen %d",
1831 ip6_sprintf(ip6bufs, &eip6->ip6_src),
1832 ip6_sprintf(ip6bufd, &eip6->ip6_dst),
1833 ntohs(eip6->ip6_plen));
1834
1835 /* verify the version number of the inner packet */
1836 if ((eip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
1837 PIM6STAT_INC(pim6s_rcv_badregisters);
1838 MRT6_DLOG(DEBUG_ANY, "invalid IP version (%d) "
1839 "of the inner packet",
1840 (eip6->ip6_vfc & IPV6_VERSION));
1841 m_freem(m);
1842 return (IPPROTO_NONE);
1843 }
1844
1845 /* verify the inner packet is destined to a mcast group */
1846 if (!IN6_IS_ADDR_MULTICAST(&eip6->ip6_dst)) {
1847 PIM6STAT_INC(pim6s_rcv_badregisters);
1848 MRT6_DLOG(DEBUG_PIM, "inner packet of register "
1849 "is not multicast %s",
1850 ip6_sprintf(ip6bufd, &eip6->ip6_dst));
1851 m_freem(m);
1852 return (IPPROTO_DONE);
1853 }
1854
1855 /*
1856 * make a copy of the whole header to pass to the daemon later.
1857 */
1858 mcp = m_copy(m, 0, off + PIM6_REG_MINLEN);
1859 if (mcp == NULL) {
1860 MRT6_DLOG(DEBUG_ANY | DEBUG_ERR, "pim register: "
1861 "could not copy register head");
1862 m_freem(m);
1863 return (IPPROTO_DONE);
1864 }
1865
1866 /*
1867 * forward the inner ip6 packet; point m_data at the inner ip6.
1868 */
1869 m_adj(m, off + PIM_MINLEN);
1870 MRT6_DLOG(DEBUG_PIM, "forwarding decapsulated register: "
1871 "src %s, dst %s, mif %d",
1872 ip6_sprintf(ip6bufs, &eip6->ip6_src),
1873 ip6_sprintf(ip6bufd, &eip6->ip6_dst), reg_mif_num);
1874
1875 rc = if_simloop(mif6table[reg_mif_num].m6_ifp, m,
1876 dst.sin6_family, 0);
1877
1878 /* prepare the register head to send to the mrouting daemon */
1879 m = mcp;
1880 }
1881
1882 /*
1883 * Pass the PIM message up to the daemon; if it is a register message
1884 * pass the 'head' only up to the daemon. This includes the
1885 * encapsulator ip6 header, pim header, register header and the
1886 * encapsulated ip6 header.
1887 */
1888 pim6_input_to_daemon:
1889 rip6_input(&m, offp, proto);
1890 return (IPPROTO_DONE);
1891}
1892
1893static int
1894ip6_mroute_modevent(module_t mod, int type, void *unused)
1895{
1896
1897 switch (type) {
1898 case MOD_LOAD:
1899 MROUTER6_LOCK_INIT();
1900 MFC6_LOCK_INIT();
1901 MIF6_LOCK_INIT();
1902
1903 pim6_encap_cookie = encap_attach_func(AF_INET6, IPPROTO_PIM,
1904 pim6_encapcheck,
1905 (const struct protosw *)&in6_pim_protosw, NULL);
1906 if (pim6_encap_cookie == NULL) {
1907 printf("ip6_mroute: unable to attach pim6 encap\n");
1908 MIF6_LOCK_DESTROY();
1909 MFC6_LOCK_DESTROY();
1910 MROUTER6_LOCK_DESTROY();
1911 return (EINVAL);
1912 }
1913
1914 ip6_mforward = X_ip6_mforward;
1915 ip6_mrouter_done = X_ip6_mrouter_done;
1916 ip6_mrouter_get = X_ip6_mrouter_get;
1917 ip6_mrouter_set = X_ip6_mrouter_set;
1918 mrt6_ioctl = X_mrt6_ioctl;
1919 break;
1920
1921 case MOD_UNLOAD:
1922 if (V_ip6_mrouter != NULL)
1923 return EINVAL;
1924
1925 if (pim6_encap_cookie) {
1926 encap_detach(pim6_encap_cookie);
1927 pim6_encap_cookie = NULL;
1928 }
1929 X_ip6_mrouter_done();
1930 ip6_mforward = NULL;
1931 ip6_mrouter_done = NULL;
1932 ip6_mrouter_get = NULL;
1933 ip6_mrouter_set = NULL;
1934 mrt6_ioctl = NULL;
1935
1936 MIF6_LOCK_DESTROY();
1937 MFC6_LOCK_DESTROY();
1938 MROUTER6_LOCK_DESTROY();
1939 break;
1940
1941 default:
1942 return (EOPNOTSUPP);
1943 }
1944
1945 return (0);
1946}
1947
1948static moduledata_t ip6_mroutemod = {
1949 "ip6_mroute",
1950 ip6_mroute_modevent,
1951 0
1952};
1953
1954DECLARE_MODULE(ip6_mroute, ip6_mroutemod, SI_SUB_PSEUDO, SI_ORDER_ANY);
|