sys/netinet/if_ether.c

139823Simp/*-
1541Srgrimes * Copyright (c) 1982, 1986, 1988, 1993
1541Srgrimes *	The Regents of the University of California.  All rights reserved.
1541Srgrimes *
1541Srgrimes * Redistribution and use in source and binary forms, with or without
1541Srgrimes * modification, are permitted provided that the following conditions
1541Srgrimes * are met:
1541Srgrimes * 1. Redistributions of source code must retain the above copyright
1541Srgrimes *    notice, this list of conditions and the following disclaimer.
1541Srgrimes * 2. Redistributions in binary form must reproduce the above copyright
1541Srgrimes *    notice, this list of conditions and the following disclaimer in the
1541Srgrimes *    documentation and/or other materials provided with the distribution.
1541Srgrimes * 4. Neither the name of the University nor the names of its contributors
1541Srgrimes *    may be used to endorse or promote products derived from this software
1541Srgrimes *    without specific prior written permission.
1541Srgrimes *
1541Srgrimes * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
1541Srgrimes * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1541Srgrimes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1541Srgrimes * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
1541Srgrimes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
1541Srgrimes * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
1541Srgrimes * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1541Srgrimes * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
1541Srgrimes * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
1541Srgrimes * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1541Srgrimes * SUCH DAMAGE.
1541Srgrimes *
1541Srgrimes *	@(#)if_ether.c	8.1 (Berkeley) 6/10/93
1541Srgrimes */
1541Srgrimes
1541Srgrimes/*
1541Srgrimes * Ethernet address resolution protocol.
1541Srgrimes * TODO:
1541Srgrimes *	add "inuse/lock" bit (or ref. count) along with valid bit
1541Srgrimes */
1541Srgrimes
172467Ssilby#include <sys/cdefs.h>
172467Ssilby__FBSDID("$FreeBSD: head/sys/netinet/if_ether.c 186411 2008-12-23 03:33:32Z qingli $");
172467Ssilby
32350Seivind#include "opt_inet.h"
101090Srwatson#include "opt_mac.h"
142215Sglebius#include "opt_carp.h"
32350Seivind
1541Srgrimes#include <sys/param.h>
12693Sphk#include <sys/kernel.h>
44078Sdfr#include <sys/queue.h>
12693Sphk#include <sys/sysctl.h>
1541Srgrimes#include <sys/systm.h>
12693Sphk#include <sys/mbuf.h>
1541Srgrimes#include <sys/malloc.h>
183014Sjulian#include <sys/proc.h>
18892Sbde#include <sys/socket.h>
1541Srgrimes#include <sys/syslog.h>
181803Sbz#include <sys/vimage.h>
1541Srgrimes
1541Srgrimes#include <net/if.h>
1541Srgrimes#include <net/if_dl.h>
44165Sjulian#include <net/if_types.h>
1541Srgrimes#include <net/route.h>
8426Swollman#include <net/netisr.h>
58313Slile#include <net/if_llc.h>
71963Sjulian#include <net/ethernet.h>
185571Sbz#include <net/vnet.h>
1541Srgrimes
1541Srgrimes#include <netinet/in.h>
1541Srgrimes#include <netinet/in_var.h>
186119Sqingli#include <net/if_llatbl.h>
1541Srgrimes#include <netinet/if_ether.h>
185571Sbz#include <netinet/vinet.h>
1541Srgrimes
84931Sfjoe#include <net/if_arc.h>
44627Sjulian#include <net/iso88025.h>
44627Sjulian
142215Sglebius#ifdef DEV_CARP
142215Sglebius#include <netinet/ip_carp.h>
142215Sglebius#endif
142215Sglebius
163606Srwatson#include <security/mac/mac_framework.h>
163606Srwatson
1541Srgrimes#define SIN(s) ((struct sockaddr_in *)s)
1541Srgrimes#define SDL(s) ((struct sockaddr_dl *)s)
186119Sqingli#define LLTABLE(ifp)	((struct lltable *)(ifp)->if_afdata[AF_INET])
1541Srgrimes
44078SdfrSYSCTL_DECL(_net_link_ether);
12942SwollmanSYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, "");
1541Srgrimes
12693Sphk/* timer values */
185088Szec#ifdef VIMAGE_GLOBALS
185088Szecstatic int	arpt_keep; /* once resolved, good for 20 more minutes */
185088Szecstatic int	arp_maxtries;
186119Sqingliint	useloopback; /* use loopback interface for local traffic */
185088Szecstatic int	arp_proxyall;
185088Szec#endif
1541Srgrimes
185348SzecSYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, max_age,
185348Szec    CTLFLAG_RW, arpt_keep, 0, "ARP entry lifetime in seconds");
12693Sphk
111888Sjlemonstatic struct	ifqueue arpintrq;
1541Srgrimes
183550SzecSYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, maxtries,
183550Szec	CTLFLAG_RW, arp_maxtries, 0,
183550Szec	"ARP resolution attempts before returning error");
183550SzecSYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, useloopback,
183550Szec	CTLFLAG_RW, useloopback, 0,
183550Szec	"Use the loopback interface for local traffic");
183550SzecSYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, proxyall,
183550Szec	CTLFLAG_RW, arp_proxyall, 0,
183550Szec	"Enable proxy ARP for all suitable requests");
12693Sphk
92723Salfredstatic void	arp_init(void);
186119Sqinglivoid		arprequest(struct ifnet *,
92723Salfred			struct in_addr *, struct in_addr *, u_char *);
111888Sjlemonstatic void	arpintr(struct mbuf *);
92723Salfredstatic void	arptimer(void *);
32350Seivind#ifdef INET
92723Salfredstatic void	in_arpinput(struct mbuf *);
32350Seivind#endif
12693Sphk
186119Sqingli#ifdef AF_INET
186119Sqinglivoid arp_ifscrub(struct ifnet *ifp, uint32_t addr);
186119Sqingli
1541Srgrimes/*
186119Sqingli * called by in_ifscrub to remove entry from the table when
186119Sqingli * the interface goes away
1541Srgrimes */
186119Sqinglivoid
186119Sqingliarp_ifscrub(struct ifnet *ifp, uint32_t addr)
1541Srgrimes{
186119Sqingli	struct sockaddr_in addr4;
1541Srgrimes
186119Sqingli	bzero((void *)&addr4, sizeof(addr4));
186119Sqingli	addr4.sin_len    = sizeof(addr4);
186119Sqingli	addr4.sin_family = AF_INET;
186119Sqingli	addr4.sin_addr.s_addr = addr;
186119Sqingli	IF_AFDATA_LOCK(ifp);
186119Sqingli	lla_lookup(LLTABLE(ifp), (LLE_DELETE | LLE_IFADDR),
186119Sqingli	    (struct sockaddr *)&addr4);
186119Sqingli	IF_AFDATA_UNLOCK(ifp);
1541Srgrimes}
186119Sqingli#endif
1541Srgrimes
1541Srgrimes/*
186119Sqingli * Timeout routine.  Age arp_tab entries periodically.
1541Srgrimes */
5196Swollmanstatic void
186119Sqingliarptimer(void *arg)
1541Srgrimes{
186119Sqingli	struct ifnet *ifp;
186119Sqingli	struct llentry   *lle = (struct llentry *)arg;
1541Srgrimes
186119Sqingli	if (lle == NULL) {
186119Sqingli		panic("%s: NULL entry!\n", __func__);
1541Srgrimes		return;
186119Sqingli	}
186119Sqingli	ifp = lle->lle_tbl->llt_ifp;
186119Sqingli	IF_AFDATA_LOCK(ifp);
186119Sqingli	LLE_WLOCK(lle);
186119Sqingli	if ((lle->la_flags & LLE_DELETED) ||
186119Sqingli	    (time_second >= lle->la_expire)) {
186119Sqingli		if (!callout_pending(&lle->la_timer) &&
186119Sqingli		    callout_active(&lle->la_timer))
186119Sqingli			(void) llentry_free(lle);
186119Sqingli	} else {
1541Srgrimes		/*
186119Sqingli		 * Still valid, just drop our reference
1541Srgrimes		 */
186119Sqingli		LLE_FREE_LOCKED(lle);
1541Srgrimes	}
186119Sqingli	IF_AFDATA_UNLOCK(ifp);
1541Srgrimes}
1541Srgrimes
1541Srgrimes/*
1541Srgrimes * Broadcast an ARP request. Caller specifies:
1541Srgrimes *	- arp header source ip address
1541Srgrimes *	- arp header target ip address
1541Srgrimes *	- arp header source ethernet address
1541Srgrimes */
186119Sqinglivoid
186119Sqingliarprequest(struct ifnet *ifp, struct in_addr *sip, struct in_addr  *tip,
169454Srwatson    u_char *enaddr)
1541Srgrimes{
126936Smdodd	struct mbuf *m;
126936Smdodd	struct arphdr *ah;
1541Srgrimes	struct sockaddr sa;
1541Srgrimes
186119Sqingli	if (sip == NULL) {
186119Sqingli		/* XXX don't believe this can happen (or explain why) */
186119Sqingli		/*
186119Sqingli		 * The caller did not supply a source address, try to find
186119Sqingli		 * a compatible one among those assigned to this interface.
186119Sqingli		 */
186119Sqingli		struct ifaddr *ifa;
186119Sqingli
186119Sqingli		TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
186119Sqingli			if (!ifa->ifa_addr ||
186119Sqingli			    ifa->ifa_addr->sa_family != AF_INET)
186119Sqingli				continue;
186119Sqingli			sip = &SIN(ifa->ifa_addr)->sin_addr;
186119Sqingli			if (0 == ((sip->s_addr ^ tip->s_addr) &
186119Sqingli			    SIN(ifa->ifa_netmask)->sin_addr.s_addr) )
186119Sqingli				break;  /* found it. */
186119Sqingli		}
186119Sqingli		if (sip == NULL) {
186119Sqingli			printf("%s: cannot find matching address\n", __func__);
186119Sqingli			return;
186119Sqingli		}
186119Sqingli	}
186119Sqingli
111119Simp	if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL)
1541Srgrimes		return;
127261Smdodd	m->m_len = sizeof(*ah) + 2*sizeof(struct in_addr) +
127261Smdodd		2*ifp->if_data.ifi_addrlen;
127277Smdodd	m->m_pkthdr.len = m->m_len;
127277Smdodd	MH_ALIGN(m, m->m_len);
127277Smdodd	ah = mtod(m, struct arphdr *);
127261Smdodd	bzero((caddr_t)ah, m->m_len);
101090Srwatson#ifdef MAC
173095Srwatson	mac_netinet_arp_send(ifp, m);
101090Srwatson#endif
84931Sfjoe	ah->ar_pro = htons(ETHERTYPE_IP);
84931Sfjoe	ah->ar_hln = ifp->if_addrlen;		/* hardware address length */
84931Sfjoe	ah->ar_pln = sizeof(struct in_addr);	/* protocol address length */
84931Sfjoe	ah->ar_op = htons(ARPOP_REQUEST);
127261Smdodd	bcopy((caddr_t)enaddr, (caddr_t)ar_sha(ah), ah->ar_hln);
127261Smdodd	bcopy((caddr_t)sip, (caddr_t)ar_spa(ah), ah->ar_pln);
127261Smdodd	bcopy((caddr_t)tip, (caddr_t)ar_tpa(ah), ah->ar_pln);
127261Smdodd	sa.sa_family = AF_ARP;
127261Smdodd	sa.sa_len = 2;
127261Smdodd	m->m_flags |= M_BCAST;
127261Smdodd	(*ifp->if_output)(ifp, m, &sa, (struct rtentry *)0);
1541Srgrimes}
1541Srgrimes
1541Srgrimes/*
128636Sluigi * Resolve an IP address into an ethernet address.
128636Sluigi * On input:
128636Sluigi *    ifp is the interface we use
175025Sjulian *    rt0 is the route to the final destination (possibly useless)
175025Sjulian *    m is the mbuf. May be NULL if we don't have a packet.
128636Sluigi *    dst is the next hop,
128636Sluigi *    desten is where we want the address.
128636Sluigi *
128636Sluigi * On success, desten is filled in and the function returns 0;
128636Sluigi * If the packet must be held pending resolution, we return EWOULDBLOCK
128636Sluigi * On other errors, we return the corresponding error code.
175025Sjulian * Note that m_freem() handles NULL.
1541Srgrimes */
1541Srgrimesint
128636Sluigiarpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m,
186119Sqingli	struct sockaddr *dst, u_char *desten, struct llentry **lle)
1541Srgrimes{
183550Szec	INIT_VNET_INET(ifp->if_vnet);
186119Sqingli	struct llentry *la = 0;
186200Skmacy	u_int flags = 0;
186119Sqingli	int error, renew;
1541Srgrimes
186119Sqingli	*lle = NULL;
186119Sqingli	if (m != NULL) {
175025Sjulian		if (m->m_flags & M_BCAST) {
175025Sjulian			/* broadcast */
175025Sjulian			(void)memcpy(desten,
175025Sjulian			    ifp->if_broadcastaddr, ifp->if_addrlen);
175025Sjulian			return (0);
175025Sjulian		}
175025Sjulian		if (m->m_flags & M_MCAST && ifp->if_type != IFT_ARCNET) {
175025Sjulian			/* multicast */
175025Sjulian			ETHER_MAP_IP_MULTICAST(&SIN(dst)->sin_addr, desten);
175025Sjulian			return (0);
175025Sjulian		}
1541Srgrimes	}
186119Sqingli	/* XXXXX
183013Sjulian	 */
186119Sqingliretry:
186200Skmacy	IF_AFDATA_RLOCK(ifp);
186119Sqingli	la = lla_lookup(LLTABLE(ifp), flags, dst);
186200Skmacy	IF_AFDATA_RUNLOCK(ifp);
186200Skmacy	if ((la == NULL) && ((flags & LLE_EXCLUSIVE) == 0)
186200Skmacy	    && ((ifp->if_flags & (IFF_NOARP | IFF_STATICARP)) == 0)) {
186200Skmacy		flags |= (LLE_CREATE | LLE_EXCLUSIVE);
186200Skmacy		IF_AFDATA_WLOCK(ifp);
186200Skmacy		la = lla_lookup(LLTABLE(ifp), flags, dst);
186200Skmacy		IF_AFDATA_WUNLOCK(ifp);
186200Skmacy	}
148955Sglebius	if (la == NULL) {
186119Sqingli		if (flags & LLE_CREATE)
148955Sglebius			log(LOG_DEBUG,
148955Sglebius			    "arpresolve: can't allocate llinfo for %s\n",
148955Sglebius			    inet_ntoa(SIN(dst)->sin_addr));
186119Sqingli		m_freem(m);
186119Sqingli		return (EINVAL);
186119Sqingli	}
149909Sglebius
186119Sqingli	if ((la->la_flags & LLE_VALID) &&
186119Sqingli	    ((la->la_flags & LLE_STATIC) || la->la_expire > time_uptime)) {
186119Sqingli		bcopy(&la->ll_addr, desten, ifp->if_addrlen);
92802Sorion		/*
92802Sorion		 * If entry has an expiry time and it is approaching,
186119Sqingli		 * see if we need to send an ARP request within this
186119Sqingli		 * arpt_down interval.
92802Sorion		 */
186119Sqingli		if (!(la->la_flags & LLE_STATIC) &&
186119Sqingli		    time_uptime + la->la_preempt > la->la_expire) {
186119Sqingli			arprequest(ifp, NULL,
186119Sqingli			    &SIN(dst)->sin_addr, IF_LLADDR(ifp));
149909Sglebius
110544Sorion			la->la_preempt--;
186119Sqingli		}
186119Sqingli
186119Sqingli		*lle = la;
186119Sqingli		error = 0;
186119Sqingli		goto done;
186119Sqingli	}
186119Sqingli
186119Sqingli	if (la->la_flags & LLE_STATIC) {   /* should not happen! */
186119Sqingli		log(LOG_DEBUG, "arpresolve: ouch, empty static llinfo for %s\n",
186119Sqingli		    inet_ntoa(SIN(dst)->sin_addr));
186119Sqingli		m_freem(m);
186119Sqingli		error = EINVAL;
186119Sqingli		goto done;
186119Sqingli	}
92802Sorion
186119Sqingli	renew = (la->la_asked == 0 || la->la_expire != time_uptime);
186119Sqingli	if ((renew || m != NULL) && (flags & LLE_EXCLUSIVE) == 0) {
186119Sqingli		flags |= LLE_EXCLUSIVE;
186119Sqingli		LLE_RUNLOCK(la);
186119Sqingli		goto retry;
1541Srgrimes	}
1541Srgrimes	/*
1541Srgrimes	 * There is an arptab entry, but no ethernet address
1541Srgrimes	 * response yet.  Replace the held mbuf with this
1541Srgrimes	 * latest one.
1541Srgrimes	 */
186119Sqingli	if (m != NULL) {
186119Sqingli		if (la->la_hold != NULL)
175025Sjulian			m_freem(la->la_hold);
175025Sjulian		la->la_hold = m;
186119Sqingli		if (renew == 0 && (flags & LLE_EXCLUSIVE)) {
186119Sqingli			flags &= ~LLE_EXCLUSIVE;
186119Sqingli			LLE_DOWNGRADE(la);
186119Sqingli		}
186119Sqingli
174699Skmacy	}
152188Sglebius	/*
152188Sglebius	 * Return EWOULDBLOCK if we have tried less than arp_maxtries. It
152188Sglebius	 * will be masked by ether_output(). Return EHOSTDOWN/EHOSTUNREACH
152188Sglebius	 * if we have already sent arp_maxtries ARP requests. Retransmit the
152188Sglebius	 * ARP request, but not faster than one request per second.
152188Sglebius	 */
181803Sbz	if (la->la_asked < V_arp_maxtries)
152188Sglebius		error = EWOULDBLOCK;	/* First request. */
152188Sglebius	else
186119Sqingli		error =
186119Sqingli		    (rt0->rt_flags & RTF_GATEWAY) ? EHOSTDOWN : EHOSTUNREACH;
152188Sglebius
186119Sqingli	if (renew) {
186119Sqingli		LLE_ADDREF(la);
186119Sqingli		la->la_expire = time_uptime;
186119Sqingli		callout_reset(&la->la_timer, hz, arptimer, la);
166010Smaxim		la->la_asked++;
186119Sqingli		LLE_WUNLOCK(la);
186119Sqingli		arprequest(ifp, NULL, &SIN(dst)->sin_addr,
152188Sglebius		    IF_LLADDR(ifp));
186119Sqingli		return (error);
186119Sqingli	}
186119Sqinglidone:
186119Sqingli	if (flags & LLE_EXCLUSIVE)
186119Sqingli		LLE_WUNLOCK(la);
186119Sqingli	else
186119Sqingli		LLE_RUNLOCK(la);
152188Sglebius	return (error);
1541Srgrimes}
1541Srgrimes
1541Srgrimes/*
1541Srgrimes * Common length and type checks are done here,
1541Srgrimes * then the protocol-specific routine is called.
1541Srgrimes */
12693Sphkstatic void
111888Sjlemonarpintr(struct mbuf *m)
1541Srgrimes{
111888Sjlemon	struct arphdr *ar;
1541Srgrimes
111888Sjlemon	if (m->m_len < sizeof(struct arphdr) &&
111888Sjlemon	    ((m = m_pullup(m, sizeof(struct arphdr))) == NULL)) {
111888Sjlemon		log(LOG_ERR, "arp: runt packet -- m_pullup failed\n");
111888Sjlemon		return;
111888Sjlemon	}
111888Sjlemon	ar = mtod(m, struct arphdr *);
1541Srgrimes
111888Sjlemon	if (ntohs(ar->ar_hrd) != ARPHRD_ETHER &&
111888Sjlemon	    ntohs(ar->ar_hrd) != ARPHRD_IEEE802 &&
130407Sdfr	    ntohs(ar->ar_hrd) != ARPHRD_ARCNET &&
130407Sdfr	    ntohs(ar->ar_hrd) != ARPHRD_IEEE1394) {
111888Sjlemon		log(LOG_ERR, "arp: unknown hardware address format (0x%2D)\n",
111888Sjlemon		    (unsigned char *)&ar->ar_hrd, "");
111888Sjlemon		m_freem(m);
111888Sjlemon		return;
111888Sjlemon	}
1541Srgrimes
123768Sru	if (m->m_len < arphdr_len(ar)) {
123765Sru		if ((m = m_pullup(m, arphdr_len(ar))) == NULL) {
123765Sru			log(LOG_ERR, "arp: runt packet\n");
123765Sru			m_freem(m);
123765Sru			return;
123765Sru		}
123765Sru		ar = mtod(m, struct arphdr *);
111888Sjlemon	}
57900Srwatson
111888Sjlemon	switch (ntohs(ar->ar_pro)) {
32350Seivind#ifdef INET
111888Sjlemon	case ETHERTYPE_IP:
111888Sjlemon		in_arpinput(m);
111888Sjlemon		return;
32350Seivind#endif
1541Srgrimes	}
111888Sjlemon	m_freem(m);
1541Srgrimes}
1541Srgrimes
32350Seivind#ifdef INET
1541Srgrimes/*
1541Srgrimes * ARP for Internet protocols on 10 Mb/s Ethernet.
1541Srgrimes * Algorithm is that given in RFC 826.
1541Srgrimes * In addition, a sanity check is performed on the sender
1541Srgrimes * protocol address, to catch impersonators.
1541Srgrimes * We no longer handle negotiations for use of trailer protocol:
1541Srgrimes * Formerly, ARP replied for protocol type ETHERTYPE_TRAIL sent
1541Srgrimes * along with IP replies if we wanted trailers sent to us,
1541Srgrimes * and also sent them in response to IP replies.
1541Srgrimes * This allowed either end to announce the desire to receive
1541Srgrimes * trailer packets.
1541Srgrimes * We no longer reply to requests for ETHERTYPE_TRAIL protocol either,
1541Srgrimes * but formerly didn't normally send requests.
1541Srgrimes */
70699Salfredstatic int log_arp_wrong_iface = 1;
82893Salfredstatic int log_arp_movements = 1;
153513Sglebiusstatic int log_arp_permanent_modify = 1;
70699Salfred
70699SalfredSYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_wrong_iface, CTLFLAG_RW,
70699Salfred	&log_arp_wrong_iface, 0,
70699Salfred	"log arp packets arriving on the wrong interface");
82893SalfredSYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_movements, CTLFLAG_RW,
82893Salfred        &log_arp_movements, 0,
82966Salfred        "log arp replies from MACs different than the one in the cache");
153513SglebiusSYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_permanent_modify, CTLFLAG_RW,
153513Sglebius        &log_arp_permanent_modify, 0,
153513Sglebius        "log arp replies from MACs different than the one in the permanent arp entry");
70699Salfred
82893Salfred
1541Srgrimesstatic void
169454Srwatsonin_arpinput(struct mbuf *m)
1541Srgrimes{
126936Smdodd	struct arphdr *ah;
126936Smdodd	struct ifnet *ifp = m->m_pkthdr.rcvif;
186119Sqingli	struct llentry *la = NULL;
126936Smdodd	struct rtentry *rt;
84102Sjlemon	struct ifaddr *ifa;
84102Sjlemon	struct in_ifaddr *ia;
1541Srgrimes	struct sockaddr sa;
1541Srgrimes	struct in_addr isaddr, itaddr, myaddr;
142215Sglebius	u_int8_t *enaddr = NULL;
186119Sqingli	int op, flags;
186119Sqingli	struct mbuf *m0;
84931Sfjoe	int req_len;
181824Sphilip	int bridged = 0, is_bridge = 0;
143491Sglebius#ifdef DEV_CARP
143314Sglebius	int carp_match = 0;
143491Sglebius#endif
174559Skmacy	struct sockaddr_in sin;
174559Skmacy	sin.sin_len = sizeof(struct sockaddr_in);
174559Skmacy	sin.sin_family = AF_INET;
174703Skmacy	sin.sin_addr.s_addr = 0;
183550Szec	INIT_VNET_INET(ifp->if_vnet);
183550Szec
155018Sthompsa	if (ifp->if_bridge)
146986Sthompsa		bridged = 1;
181824Sphilip	if (ifp->if_type == IFT_BRIDGE)
181824Sphilip		is_bridge = 1;
146986Sthompsa
84931Sfjoe	req_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr));
84931Sfjoe	if (m->m_len < req_len && (m = m_pullup(m, req_len)) == NULL) {
74851Syar		log(LOG_ERR, "in_arp: runt packet -- m_pullup failed\n");
74851Syar		return;
74851Syar	}
74851Syar
84931Sfjoe	ah = mtod(m, struct arphdr *);
84931Sfjoe	op = ntohs(ah->ar_op);
84931Sfjoe	(void)memcpy(&isaddr, ar_spa(ah), sizeof (isaddr));
84931Sfjoe	(void)memcpy(&itaddr, ar_tpa(ah), sizeof (itaddr));
134991Sglebius
84102Sjlemon	/*
84102Sjlemon	 * For a bridge, we want to check the address irrespective
84102Sjlemon	 * of the receive interface. (This will change slightly
84102Sjlemon	 * when we have clusters of interfaces).
142215Sglebius	 * If the interface does not match, but the recieving interface
142215Sglebius	 * is part of carp, we call carp_iamatch to see if this is a
142215Sglebius	 * request for the virtual host ip.
142215Sglebius	 * XXX: This is really ugly!
84102Sjlemon	 */
143314Sglebius	LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash) {
156409Sthompsa		if (((bridged && ia->ia_ifp->if_bridge != NULL) ||
186119Sqingli		    ia->ia_ifp == ifp) &&
143314Sglebius		    itaddr.s_addr == ia->ia_addr.sin_addr.s_addr)
143314Sglebius			goto match;
142215Sglebius#ifdef DEV_CARP
143314Sglebius		if (ifp->if_carp != NULL &&
143314Sglebius		    carp_iamatch(ifp->if_carp, ia, &isaddr, &enaddr) &&
143314Sglebius		    itaddr.s_addr == ia->ia_addr.sin_addr.s_addr) {
143314Sglebius			carp_match = 1;
143314Sglebius			goto match;
143314Sglebius		}
142215Sglebius#endif
143314Sglebius	}
84102Sjlemon	LIST_FOREACH(ia, INADDR_HASH(isaddr.s_addr), ia_hash)
156409Sthompsa		if (((bridged && ia->ia_ifp->if_bridge != NULL) ||
186119Sqingli		    ia->ia_ifp == ifp) &&
84102Sjlemon		    isaddr.s_addr == ia->ia_addr.sin_addr.s_addr)
84102Sjlemon			goto match;
181824Sphilip
181824Sphilip#define BDG_MEMBER_MATCHES_ARP(addr, ifp, ia)				\
181824Sphilip  (ia->ia_ifp->if_bridge == ifp->if_softc &&				\
181824Sphilip  !bcmp(IF_LLADDR(ia->ia_ifp), IF_LLADDR(ifp), ifp->if_addrlen) &&	\
181824Sphilip  addr == ia->ia_addr.sin_addr.s_addr)
84102Sjlemon	/*
181824Sphilip	 * Check the case when bridge shares its MAC address with
181824Sphilip	 * some of its children, so packets are claimed by bridge
181824Sphilip	 * itself (bridge_input() does it first), but they are really
181824Sphilip	 * meant to be destined to the bridge member.
181824Sphilip	 */
181824Sphilip	if (is_bridge) {
181824Sphilip		LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash) {
181824Sphilip			if (BDG_MEMBER_MATCHES_ARP(itaddr.s_addr, ifp, ia)) {
181824Sphilip				ifp = ia->ia_ifp;
181824Sphilip				goto match;
181824Sphilip			}
181824Sphilip		}
181824Sphilip	}
181824Sphilip#undef BDG_MEMBER_MATCHES_ARP
181824Sphilip
181824Sphilip	/*
85223Sjlemon	 * No match, use the first inet address on the receive interface
84102Sjlemon	 * as a dummy address for the rest of the function.
84102Sjlemon	 */
85223Sjlemon	TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link)
160038Syar		if (ifa->ifa_addr->sa_family == AF_INET) {
85466Sjlemon			ia = ifatoia(ifa);
85466Sjlemon			goto match;
85466Sjlemon		}
85466Sjlemon	/*
85466Sjlemon	 * If bridging, fall back to using any inet address.
85466Sjlemon	 */
181803Sbz	if (!bridged || (ia = TAILQ_FIRST(&V_in_ifaddrhead)) == NULL)
128645Sluigi		goto drop;
84102Sjlemonmatch:
142215Sglebius	if (!enaddr)
142215Sglebius		enaddr = (u_int8_t *)IF_LLADDR(ifp);
84102Sjlemon	myaddr = ia->ia_addr.sin_addr;
142215Sglebius	if (!bcmp(ar_sha(ah), enaddr, ifp->if_addrlen))
128645Sluigi		goto drop;	/* it's from me, ignore it. */
84931Sfjoe	if (!bcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) {
1541Srgrimes		log(LOG_ERR,
84931Sfjoe		    "arp: link address is broadcast for IP address %s!\n",
7088Swollman		    inet_ntoa(isaddr));
128645Sluigi		goto drop;
1541Srgrimes	}
136441Srwatson	/*
136441Srwatson	 * Warn if another host is using the same IP address, but only if the
136441Srwatson	 * IP address isn't 0.0.0.0, which is used for DHCP only, in which
136441Srwatson	 * case we suppress the warning to avoid false positive complaints of
136441Srwatson	 * potential misconfiguration.
136441Srwatson	 */
150942Sthompsa	if (!bridged && isaddr.s_addr == myaddr.s_addr && myaddr.s_addr != 0) {
1541Srgrimes		log(LOG_ERR,
174256Syar		   "arp: %*D is using my IP address %s on %s!\n",
84931Sfjoe		   ifp->if_addrlen, (u_char *)ar_sha(ah), ":",
174256Syar		   inet_ntoa(isaddr), ifp->if_xname);
1541Srgrimes		itaddr = myaddr;
1541Srgrimes		goto reply;
1541Srgrimes	}
120626Sru	if (ifp->if_flags & IFF_STATICARP)
120626Sru		goto reply;
148955Sglebius
186119Sqingli	bzero(&sin, sizeof(sin));
186119Sqingli	sin.sin_len = sizeof(struct sockaddr_in);
186119Sqingli	sin.sin_family = AF_INET;
186119Sqingli	sin.sin_addr = isaddr;
186119Sqingli	flags = (itaddr.s_addr == myaddr.s_addr) ? LLE_CREATE : 0;
186119Sqingli	flags |= LLE_EXCLUSIVE;
186119Sqingli	IF_AFDATA_LOCK(ifp);
186119Sqingli	la = lla_lookup(LLTABLE(ifp), flags, (struct sockaddr *)&sin);
186119Sqingli	IF_AFDATA_UNLOCK(ifp);
186119Sqingli	if (la != NULL) {
186119Sqingli		/* the following is not an error when doing bridging */
186119Sqingli		if (!bridged && la->lle_tbl->llt_ifp != ifp
143491Sglebius#ifdef DEV_CARP
186119Sqingli		    && (ifp->if_type != IFT_CARP || !carp_match)
143491Sglebius#endif
186119Sqingli			) {
186119Sqingli			if (log_arp_wrong_iface)
186119Sqingli				log(LOG_ERR, "arp: %s is on %s "
186119Sqingli				    "but got reply from %*D on %s\n",
186119Sqingli				    inet_ntoa(isaddr),
186119Sqingli				    la->lle_tbl->llt_ifp->if_xname,
186119Sqingli				    ifp->if_addrlen, (u_char *)ar_sha(ah), ":",
186119Sqingli				    ifp->if_xname);
186119Sqingli			goto reply;
186119Sqingli		}
186119Sqingli		if ((la->la_flags & LLE_VALID) &&
186119Sqingli		    bcmp(ar_sha(ah), &la->ll_addr, ifp->if_addrlen)) {
186119Sqingli			if (la->la_flags & LLE_STATIC) {
186119Sqingli				log(LOG_ERR,
186119Sqingli				    "arp: %*D attempts to modify permanent "
186119Sqingli				    "entry for %s on %s\n",
186119Sqingli				    ifp->if_addrlen, (u_char *)ar_sha(ah), ":",
186119Sqingli				    inet_ntoa(isaddr), ifp->if_xname);
186119Sqingli				goto reply;
178888Sjulian			}
186119Sqingli			if (log_arp_movements) {
186119Sqingli			        log(LOG_INFO, "arp: %s moved from %*D "
186119Sqingli				    "to %*D on %s\n",
186119Sqingli				    inet_ntoa(isaddr),
186119Sqingli				    ifp->if_addrlen,
186119Sqingli				    (u_char *)&la->ll_addr, ":",
186119Sqingli				    ifp->if_addrlen, (u_char *)ar_sha(ah), ":",
186119Sqingli				    ifp->if_xname);
178888Sjulian			}
178888Sjulian		}
186119Sqingli
186119Sqingli		if (ifp->if_addrlen != ah->ar_hln) {
186119Sqingli			log(LOG_WARNING,
186119Sqingli			    "arp from %*D: addr len: new %d, i/f %d (ignored)",
186119Sqingli			    ifp->if_addrlen, (u_char *) ar_sha(ah), ":",
186119Sqingli			    ah->ar_hln, ifp->if_addrlen);
186119Sqingli			goto reply;
178888Sjulian		}
186119Sqingli		(void)memcpy(&la->ll_addr, ar_sha(ah), ifp->if_addrlen);
186119Sqingli		la->la_flags |= LLE_VALID;
178888Sjulian
186119Sqingli		if (!(la->la_flags & LLE_STATIC)) {
186119Sqingli			la->la_expire = time_uptime + V_arpt_keep;
181803Sbz			callout_reset(&la->la_timer, hz * V_arpt_keep,
186119Sqingli			    arptimer, la);
39389Sfenner		}
178888Sjulian		la->la_asked = 0;
181803Sbz		la->la_preempt = V_arp_maxtries;
186119Sqingli		if (la->la_hold != NULL) {
186119Sqingli			m0 = la->la_hold;
186119Sqingli			la->la_hold = 0;
186119Sqingli			memcpy(&sa, L3_ADDR(la), sizeof(sa));
186119Sqingli			LLE_WUNLOCK(la);
186119Sqingli
186119Sqingli			(*ifp->if_output)(ifp, m0, &sa, NULL);
186119Sqingli			return;
186119Sqingli		}
186119Sqingli	}
178888Sjulianreply:
128645Sluigi	if (op != ARPOP_REQUEST)
128645Sluigi		goto drop;
186119Sqingli
1541Srgrimes	if (itaddr.s_addr == myaddr.s_addr) {
178888Sjulian		/* Shortcut.. the receiving interface is the target. */
84931Sfjoe		(void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln);
142215Sglebius		(void)memcpy(ar_sha(ah), enaddr, ah->ar_hln);
1541Srgrimes	} else {
186317Sqingli		struct llentry *lle = NULL;
3282Swollman
186317Sqingli		if (!V_arp_proxyall)
186317Sqingli			goto drop;
186317Sqingli
186317Sqingli		sin.sin_addr = itaddr;
186317Sqingli		/* XXX MRT use table 0 for arp reply  */
186317Sqingli		rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, 0);
186317Sqingli		if (!rt)
186317Sqingli			goto drop;
186317Sqingli
186317Sqingli		/*
186317Sqingli		 * Don't send proxies for nodes on the same interface
186317Sqingli		 * as this one came out of, or we'll get into a fight
186317Sqingli		 * over who claims what Ether address.
186317Sqingli		 */
186317Sqingli		if (!rt->rt_ifp || rt->rt_ifp == ifp) {
185713Scsjp			RTFREE_LOCKED(rt);
186317Sqingli			goto drop;
186317Sqingli		}
186317Sqingli		IF_AFDATA_LOCK(rt->rt_ifp);
186317Sqingli		lle = lla_lookup(LLTABLE(rt->rt_ifp), 0, (struct sockaddr *)&sin);
186317Sqingli		IF_AFDATA_UNLOCK(rt->rt_ifp);
186317Sqingli		RTFREE_LOCKED(rt);
63080Sdwmalone
186317Sqingli		if (lle != NULL) {
186317Sqingli			(void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln);
186317Sqingli			(void)memcpy(ar_sha(ah), &lle->ll_addr, ah->ar_hln);
186317Sqingli			LLE_RUNLOCK(lle);
186317Sqingli		} else
186317Sqingli			goto drop;
63080Sdwmalone
186317Sqingli		/*
186317Sqingli		 * Also check that the node which sent the ARP packet
186317Sqingli		 * is on the the interface we expect it to be on. This
186317Sqingli		 * avoids ARP chaos if an interface is connected to the
186317Sqingli		 * wrong network.
186317Sqingli		 */
186317Sqingli		sin.sin_addr = isaddr;
186317Sqingli
186317Sqingli		/* XXX MRT use table 0 for arp checks */
186317Sqingli		rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, 0);
186317Sqingli		if (!rt)
186317Sqingli			goto drop;
186317Sqingli		if (rt->rt_ifp != ifp) {
186317Sqingli			log(LOG_INFO, "arp_proxy: ignoring request"
186317Sqingli			    " from %s via %s, expecting %s\n",
186317Sqingli			    inet_ntoa(isaddr), ifp->if_xname,
186317Sqingli			    rt->rt_ifp->if_xname);
185713Scsjp			RTFREE_LOCKED(rt);
186317Sqingli			goto drop;
186317Sqingli		}
186317Sqingli		RTFREE_LOCKED(rt);
63080Sdwmalone
4069Swollman#ifdef DEBUG_PROXY
186317Sqingli		printf("arp: proxying for %s\n",
186317Sqingli		       inet_ntoa(itaddr));
4069Swollman#endif
1541Srgrimes	}
1541Srgrimes
186119Sqingli	if (la != NULL)
186119Sqingli		LLE_WUNLOCK(la);
166436Sbms	if (itaddr.s_addr == myaddr.s_addr &&
166436Sbms	    IN_LINKLOCAL(ntohl(itaddr.s_addr))) {
166436Sbms		/* RFC 3927 link-local IPv4; always reply by broadcast. */
166436Sbms#ifdef DEBUG_LINKLOCAL
166436Sbms		printf("arp: sending reply for link-local addr %s\n",
166436Sbms		    inet_ntoa(itaddr));
166436Sbms#endif
166436Sbms		m->m_flags |= M_BCAST;
166436Sbms		m->m_flags &= ~M_MCAST;
166436Sbms	} else {
166436Sbms		/* default behaviour; never reply by broadcast. */
166436Sbms		m->m_flags &= ~(M_BCAST|M_MCAST);
166436Sbms	}
84931Sfjoe	(void)memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln);
84931Sfjoe	(void)memcpy(ar_spa(ah), &itaddr, ah->ar_pln);
84931Sfjoe	ah->ar_op = htons(ARPOP_REPLY);
84931Sfjoe	ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */
127261Smdodd	m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + (2 * ah->ar_hln);
127261Smdodd	m->m_pkthdr.len = m->m_len;
127261Smdodd	sa.sa_family = AF_ARP;
127261Smdodd	sa.sa_len = 2;
84931Sfjoe	(*ifp->if_output)(ifp, m, &sa, (struct rtentry *)0);
1541Srgrimes	return;
128645Sluigi
128645Sluigidrop:
186119Sqingli	if (la != NULL)
186119Sqingli		LLE_WUNLOCK(la);
128645Sluigi	m_freem(m);
1541Srgrimes}
32350Seivind#endif
1541Srgrimes
5195Swollmanvoid
169454Srwatsonarp_ifinit(struct ifnet *ifp, struct ifaddr *ifa)
5195Swollman{
186119Sqingli	struct llentry *lle;
186119Sqingli
186411Sqingli	if (ntohl(IA_SIN(ifa)->sin_addr.s_addr) != INADDR_ANY) {
84931Sfjoe		arprequest(ifp, &IA_SIN(ifa)->sin_addr,
84931Sfjoe				&IA_SIN(ifa)->sin_addr, IF_LLADDR(ifp));
186411Sqingli		/*
186411Sqingli		 * interface address is considered static entry
186411Sqingli		 * because the output of the arp utility shows
186411Sqingli		 * that L2 entry as permanent
186411Sqingli		 */
186411Sqingli		IF_AFDATA_LOCK(ifp);
186411Sqingli		lle = lla_lookup(LLTABLE(ifp), (LLE_CREATE | LLE_IFADDR | LLE_STATIC),
186411Sqingli				 (struct sockaddr *)IA_SIN(ifa));
186411Sqingli		IF_AFDATA_UNLOCK(ifp);
186411Sqingli		if (lle == NULL)
186411Sqingli			log(LOG_INFO, "arp_ifinit: cannot create arp "
186411Sqingli			    "entry for interface address\n");
186411Sqingli		else
186411Sqingli			LLE_RUNLOCK(lle);
186411Sqingli	}
186119Sqingli	ifa->ifa_rtrequest = NULL;
5195Swollman}
69152Sjlemon
142215Sglebiusvoid
169454Srwatsonarp_ifinit2(struct ifnet *ifp, struct ifaddr *ifa, u_char *enaddr)
142215Sglebius{
142215Sglebius	if (ntohl(IA_SIN(ifa)->sin_addr.s_addr) != INADDR_ANY)
142215Sglebius		arprequest(ifp, &IA_SIN(ifa)->sin_addr,
142215Sglebius				&IA_SIN(ifa)->sin_addr, enaddr);
186119Sqingli	ifa->ifa_rtrequest = NULL;
142215Sglebius}
142215Sglebius
69152Sjlemonstatic void
69152Sjlemonarp_init(void)
69152Sjlemon{
185088Szec	INIT_VNET_INET(curvnet);
69152Sjlemon
185088Szec	V_arpt_keep = (20*60); /* once resolved, good for 20 more minutes */
185088Szec	V_arp_maxtries = 5;
185088Szec	V_useloopback = 1; /* use loopback interface for local traffic */
185088Szec	V_arp_proxyall = 0;
185088Szec
69152Sjlemon	arpintrq.ifq_maxlen = 50;
93818Sjhb	mtx_init(&arpintrq.ifq_mtx, "arp_inq", NULL, MTX_DEF);
180239Srwatson	netisr_register(NETISR_ARP, arpintr, &arpintrq, 0);
69152Sjlemon}
69152SjlemonSYSINIT(arp, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, arp_init, 0);