if_ether.c revision 191148
1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)if_ether.c 8.1 (Berkeley) 6/10/93 30 */ 31 32/* 33 * Ethernet address resolution protocol. 34 * TODO: 35 * add "inuse/lock" bit (or ref. count) along with valid bit 36 */ 37 38#include <sys/cdefs.h> 39__FBSDID("$FreeBSD: head/sys/netinet/if_ether.c 191148 2009-04-16 20:30:28Z kmacy $"); 40 41#include "opt_inet.h" 42#include "opt_route.h" 43#include "opt_mac.h" 44#include "opt_carp.h" 45 46#include <sys/param.h> 47#include <sys/kernel.h> 48#include <sys/queue.h> 49#include <sys/sysctl.h> 50#include <sys/systm.h> 51#include <sys/mbuf.h> 52#include <sys/malloc.h> 53#include <sys/proc.h> 54#include <sys/socket.h> 55#include <sys/syslog.h> 56#include <sys/vimage.h> 57 58#include <net/if.h> 59#include <net/if_dl.h> 60#include <net/if_types.h> 61#include <net/route.h> 62#include <net/netisr.h> 63#include <net/if_llc.h> 64#include <net/ethernet.h> 65#include <net/vnet.h> 66 67#include <netinet/in.h> 68#include <netinet/in_var.h> 69#include <net/if_llatbl.h> 70#include <netinet/if_ether.h> 71#include <netinet/vinet.h> 72 73#include <net/if_arc.h> 74#include <net/iso88025.h> 75 76#ifdef DEV_CARP 77#include <netinet/ip_carp.h> 78#endif 79 80#include <security/mac/mac_framework.h> 81 82#define SIN(s) ((struct sockaddr_in *)s) 83#define SDL(s) ((struct sockaddr_dl *)s) 84 85SYSCTL_DECL(_net_link_ether); 86SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, ""); 87 88/* timer values */ 89#ifdef VIMAGE_GLOBALS 90static int arpt_keep; /* once resolved, good for 20 more minutes */ 91static int arp_maxtries; 92int useloopback; /* use loopback interface for local traffic */ 93static int arp_proxyall; 94#endif 95 96SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, max_age, 97 CTLFLAG_RW, arpt_keep, 0, "ARP entry lifetime in seconds"); 98 99static struct ifqueue arpintrq; 100 101SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, maxtries, 102 CTLFLAG_RW, arp_maxtries, 0, 103 "ARP resolution attempts before returning error"); 104SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, useloopback, 105 CTLFLAG_RW, useloopback, 0, 106 "Use the loopback interface for local traffic"); 107SYSCTL_V_INT(V_NET, vnet_inet, _net_link_ether_inet, OID_AUTO, proxyall, 108 CTLFLAG_RW, arp_proxyall, 0, 109 "Enable proxy ARP for all suitable requests"); 110 111static void arp_init(void); 112static int arp_iattach(const void *); 113void arprequest(struct ifnet *, 114 struct in_addr *, struct in_addr *, u_char *); 115static void arpintr(struct mbuf *); 116static void arptimer(void *); 117#ifdef INET 118static void in_arpinput(struct mbuf *); 119#endif 120 121#ifndef VIMAGE_GLOBALS 122static const vnet_modinfo_t vnet_arp_modinfo = { 123 .vmi_id = VNET_MOD_ARP, 124 .vmi_name = "arp", 125 .vmi_dependson = VNET_MOD_INET, 126 .vmi_iattach = arp_iattach 127}; 128#endif /* !VIMAGE_GLOBALS */ 129 130#ifdef AF_INET 131void arp_ifscrub(struct ifnet *ifp, uint32_t addr); 132 133/* 134 * called by in_ifscrub to remove entry from the table when 135 * the interface goes away 136 */ 137void 138arp_ifscrub(struct ifnet *ifp, uint32_t addr) 139{ 140 struct sockaddr_in addr4; 141 142 bzero((void *)&addr4, sizeof(addr4)); 143 addr4.sin_len = sizeof(addr4); 144 addr4.sin_family = AF_INET; 145 addr4.sin_addr.s_addr = addr; 146 IF_AFDATA_LOCK(ifp); 147 lla_lookup(LLTABLE(ifp), (LLE_DELETE | LLE_IFADDR), 148 (struct sockaddr *)&addr4); 149 IF_AFDATA_UNLOCK(ifp); 150} 151#endif 152 153/* 154 * Timeout routine. Age arp_tab entries periodically. 155 */ 156static void 157arptimer(void *arg) 158{ 159 struct ifnet *ifp; 160 struct llentry *lle = (struct llentry *)arg; 161 162 if (lle == NULL) { 163 panic("%s: NULL entry!\n", __func__); 164 return; 165 } 166 ifp = lle->lle_tbl->llt_ifp; 167 IF_AFDATA_LOCK(ifp); 168 LLE_WLOCK(lle); 169 if (((lle->la_flags & LLE_DELETED) 170 || (time_second >= lle->la_expire)) 171 && (!callout_pending(&lle->la_timer) && 172 callout_active(&lle->la_timer))) 173 (void) llentry_free(lle); 174 else { 175 /* 176 * Still valid, just drop our reference 177 */ 178 LLE_FREE_LOCKED(lle); 179 } 180 IF_AFDATA_UNLOCK(ifp); 181} 182 183/* 184 * Broadcast an ARP request. Caller specifies: 185 * - arp header source ip address 186 * - arp header target ip address 187 * - arp header source ethernet address 188 */ 189void 190arprequest(struct ifnet *ifp, struct in_addr *sip, struct in_addr *tip, 191 u_char *enaddr) 192{ 193 struct mbuf *m; 194 struct arphdr *ah; 195 struct sockaddr sa; 196 197 if (sip == NULL) { 198 /* XXX don't believe this can happen (or explain why) */ 199 /* 200 * The caller did not supply a source address, try to find 201 * a compatible one among those assigned to this interface. 202 */ 203 struct ifaddr *ifa; 204 205 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 206 if (!ifa->ifa_addr || 207 ifa->ifa_addr->sa_family != AF_INET) 208 continue; 209 sip = &SIN(ifa->ifa_addr)->sin_addr; 210 if (0 == ((sip->s_addr ^ tip->s_addr) & 211 SIN(ifa->ifa_netmask)->sin_addr.s_addr) ) 212 break; /* found it. */ 213 } 214 if (sip == NULL) { 215 printf("%s: cannot find matching address\n", __func__); 216 return; 217 } 218 } 219 220 if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL) 221 return; 222 m->m_len = sizeof(*ah) + 2*sizeof(struct in_addr) + 223 2*ifp->if_data.ifi_addrlen; 224 m->m_pkthdr.len = m->m_len; 225 MH_ALIGN(m, m->m_len); 226 ah = mtod(m, struct arphdr *); 227 bzero((caddr_t)ah, m->m_len); 228#ifdef MAC 229 mac_netinet_arp_send(ifp, m); 230#endif 231 ah->ar_pro = htons(ETHERTYPE_IP); 232 ah->ar_hln = ifp->if_addrlen; /* hardware address length */ 233 ah->ar_pln = sizeof(struct in_addr); /* protocol address length */ 234 ah->ar_op = htons(ARPOP_REQUEST); 235 bcopy((caddr_t)enaddr, (caddr_t)ar_sha(ah), ah->ar_hln); 236 bcopy((caddr_t)sip, (caddr_t)ar_spa(ah), ah->ar_pln); 237 bcopy((caddr_t)tip, (caddr_t)ar_tpa(ah), ah->ar_pln); 238 sa.sa_family = AF_ARP; 239 sa.sa_len = 2; 240 m->m_flags |= M_BCAST; 241 (*ifp->if_output)(ifp, m, &sa, NULL); 242} 243 244/* 245 * Resolve an IP address into an ethernet address. 246 * On input: 247 * ifp is the interface we use 248 * rt0 is the route to the final destination (possibly useless) 249 * m is the mbuf. May be NULL if we don't have a packet. 250 * dst is the next hop, 251 * desten is where we want the address. 252 * 253 * On success, desten is filled in and the function returns 0; 254 * If the packet must be held pending resolution, we return EWOULDBLOCK 255 * On other errors, we return the corresponding error code. 256 * Note that m_freem() handles NULL. 257 */ 258int 259arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, 260 struct sockaddr *dst, u_char *desten, struct llentry **lle) 261{ 262 INIT_VNET_INET(ifp->if_vnet); 263 struct llentry *la = 0; 264 u_int flags = 0; 265 int error, renew; 266 267 *lle = NULL; 268 if (m != NULL) { 269 if (m->m_flags & M_BCAST) { 270 /* broadcast */ 271 (void)memcpy(desten, 272 ifp->if_broadcastaddr, ifp->if_addrlen); 273 return (0); 274 } 275 if (m->m_flags & M_MCAST && ifp->if_type != IFT_ARCNET) { 276 /* multicast */ 277 ETHER_MAP_IP_MULTICAST(&SIN(dst)->sin_addr, desten); 278 return (0); 279 } 280 } 281 /* XXXXX 282 */ 283retry: 284 IF_AFDATA_RLOCK(ifp); 285 la = lla_lookup(LLTABLE(ifp), flags, dst); 286 IF_AFDATA_RUNLOCK(ifp); 287 if ((la == NULL) && ((flags & LLE_EXCLUSIVE) == 0) 288 && ((ifp->if_flags & (IFF_NOARP | IFF_STATICARP)) == 0)) { 289 flags |= (LLE_CREATE | LLE_EXCLUSIVE); 290 IF_AFDATA_WLOCK(ifp); 291 la = lla_lookup(LLTABLE(ifp), flags, dst); 292 IF_AFDATA_WUNLOCK(ifp); 293 } 294 if (la == NULL) { 295 if (flags & LLE_CREATE) 296 log(LOG_DEBUG, 297 "arpresolve: can't allocate llinfo for %s\n", 298 inet_ntoa(SIN(dst)->sin_addr)); 299 m_freem(m); 300 return (EINVAL); 301 } 302 303 if ((la->la_flags & LLE_VALID) && 304 ((la->la_flags & LLE_STATIC) || la->la_expire > time_uptime)) { 305 bcopy(&la->ll_addr, desten, ifp->if_addrlen); 306 /* 307 * If entry has an expiry time and it is approaching, 308 * see if we need to send an ARP request within this 309 * arpt_down interval. 310 */ 311 if (!(la->la_flags & LLE_STATIC) && 312 time_uptime + la->la_preempt > la->la_expire) { 313 arprequest(ifp, NULL, 314 &SIN(dst)->sin_addr, IF_LLADDR(ifp)); 315 316 la->la_preempt--; 317 } 318 319 *lle = la; 320 error = 0; 321 goto done; 322 } 323 324 if (la->la_flags & LLE_STATIC) { /* should not happen! */ 325 log(LOG_DEBUG, "arpresolve: ouch, empty static llinfo for %s\n", 326 inet_ntoa(SIN(dst)->sin_addr)); 327 m_freem(m); 328 error = EINVAL; 329 goto done; 330 } 331 332 renew = (la->la_asked == 0 || la->la_expire != time_uptime); 333 if ((renew || m != NULL) && (flags & LLE_EXCLUSIVE) == 0) { 334 flags |= LLE_EXCLUSIVE; 335 LLE_RUNLOCK(la); 336 goto retry; 337 } 338 /* 339 * There is an arptab entry, but no ethernet address 340 * response yet. Replace the held mbuf with this 341 * latest one. 342 */ 343 if (m != NULL) { 344 if (la->la_hold != NULL) 345 m_freem(la->la_hold); 346 la->la_hold = m; 347 if (renew == 0 && (flags & LLE_EXCLUSIVE)) { 348 flags &= ~LLE_EXCLUSIVE; 349 LLE_DOWNGRADE(la); 350 } 351 352 } 353 /* 354 * Return EWOULDBLOCK if we have tried less than arp_maxtries. It 355 * will be masked by ether_output(). Return EHOSTDOWN/EHOSTUNREACH 356 * if we have already sent arp_maxtries ARP requests. Retransmit the 357 * ARP request, but not faster than one request per second. 358 */ 359 if (la->la_asked < V_arp_maxtries) 360 error = EWOULDBLOCK; /* First request. */ 361 else 362 error = 363 (rt0->rt_flags & RTF_GATEWAY) ? EHOSTDOWN : EHOSTUNREACH; 364 365 if (renew) { 366 LLE_ADDREF(la); 367 la->la_expire = time_uptime; 368 callout_reset(&la->la_timer, hz, arptimer, la); 369 la->la_asked++; 370 LLE_WUNLOCK(la); 371 arprequest(ifp, NULL, &SIN(dst)->sin_addr, 372 IF_LLADDR(ifp)); 373 return (error); 374 } 375done: 376 if (flags & LLE_EXCLUSIVE) 377 LLE_WUNLOCK(la); 378 else 379 LLE_RUNLOCK(la); 380 return (error); 381} 382 383/* 384 * Common length and type checks are done here, 385 * then the protocol-specific routine is called. 386 */ 387static void 388arpintr(struct mbuf *m) 389{ 390 struct arphdr *ar; 391 392 if (m->m_len < sizeof(struct arphdr) && 393 ((m = m_pullup(m, sizeof(struct arphdr))) == NULL)) { 394 log(LOG_ERR, "arp: runt packet -- m_pullup failed\n"); 395 return; 396 } 397 ar = mtod(m, struct arphdr *); 398 399 if (ntohs(ar->ar_hrd) != ARPHRD_ETHER && 400 ntohs(ar->ar_hrd) != ARPHRD_IEEE802 && 401 ntohs(ar->ar_hrd) != ARPHRD_ARCNET && 402 ntohs(ar->ar_hrd) != ARPHRD_IEEE1394) { 403 log(LOG_ERR, "arp: unknown hardware address format (0x%2D)\n", 404 (unsigned char *)&ar->ar_hrd, ""); 405 m_freem(m); 406 return; 407 } 408 409 if (m->m_len < arphdr_len(ar)) { 410 if ((m = m_pullup(m, arphdr_len(ar))) == NULL) { 411 log(LOG_ERR, "arp: runt packet\n"); 412 m_freem(m); 413 return; 414 } 415 ar = mtod(m, struct arphdr *); 416 } 417 418 switch (ntohs(ar->ar_pro)) { 419#ifdef INET 420 case ETHERTYPE_IP: 421 in_arpinput(m); 422 return; 423#endif 424 } 425 m_freem(m); 426} 427 428#ifdef INET 429/* 430 * ARP for Internet protocols on 10 Mb/s Ethernet. 431 * Algorithm is that given in RFC 826. 432 * In addition, a sanity check is performed on the sender 433 * protocol address, to catch impersonators. 434 * We no longer handle negotiations for use of trailer protocol: 435 * Formerly, ARP replied for protocol type ETHERTYPE_TRAIL sent 436 * along with IP replies if we wanted trailers sent to us, 437 * and also sent them in response to IP replies. 438 * This allowed either end to announce the desire to receive 439 * trailer packets. 440 * We no longer reply to requests for ETHERTYPE_TRAIL protocol either, 441 * but formerly didn't normally send requests. 442 */ 443static int log_arp_wrong_iface = 1; 444static int log_arp_movements = 1; 445static int log_arp_permanent_modify = 1; 446 447SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_wrong_iface, CTLFLAG_RW, 448 &log_arp_wrong_iface, 0, 449 "log arp packets arriving on the wrong interface"); 450SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_movements, CTLFLAG_RW, 451 &log_arp_movements, 0, 452 "log arp replies from MACs different than the one in the cache"); 453SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_permanent_modify, CTLFLAG_RW, 454 &log_arp_permanent_modify, 0, 455 "log arp replies from MACs different than the one in the permanent arp entry"); 456 457 458static void 459in_arpinput(struct mbuf *m) 460{ 461 struct arphdr *ah; 462 struct ifnet *ifp = m->m_pkthdr.rcvif; 463 struct llentry *la = NULL; 464 struct rtentry *rt; 465 struct ifaddr *ifa; 466 struct in_ifaddr *ia; 467 struct sockaddr sa; 468 struct in_addr isaddr, itaddr, myaddr; 469 u_int8_t *enaddr = NULL; 470 int op, flags; 471 struct mbuf *m0; 472 int req_len; 473 int bridged = 0, is_bridge = 0; 474#ifdef DEV_CARP 475 int carp_match = 0; 476#endif 477 struct sockaddr_in sin; 478 sin.sin_len = sizeof(struct sockaddr_in); 479 sin.sin_family = AF_INET; 480 sin.sin_addr.s_addr = 0; 481 INIT_VNET_INET(ifp->if_vnet); 482 483 if (ifp->if_bridge) 484 bridged = 1; 485 if (ifp->if_type == IFT_BRIDGE) 486 is_bridge = 1; 487 488 req_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr)); 489 if (m->m_len < req_len && (m = m_pullup(m, req_len)) == NULL) { 490 log(LOG_ERR, "in_arp: runt packet -- m_pullup failed\n"); 491 return; 492 } 493 494 ah = mtod(m, struct arphdr *); 495 op = ntohs(ah->ar_op); 496 (void)memcpy(&isaddr, ar_spa(ah), sizeof (isaddr)); 497 (void)memcpy(&itaddr, ar_tpa(ah), sizeof (itaddr)); 498 499 /* 500 * For a bridge, we want to check the address irrespective 501 * of the receive interface. (This will change slightly 502 * when we have clusters of interfaces). 503 * If the interface does not match, but the recieving interface 504 * is part of carp, we call carp_iamatch to see if this is a 505 * request for the virtual host ip. 506 * XXX: This is really ugly! 507 */ 508 LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash) { 509 if (((bridged && ia->ia_ifp->if_bridge != NULL) || 510 ia->ia_ifp == ifp) && 511 itaddr.s_addr == ia->ia_addr.sin_addr.s_addr) 512 goto match; 513#ifdef DEV_CARP 514 if (ifp->if_carp != NULL && 515 carp_iamatch(ifp->if_carp, ia, &isaddr, &enaddr) && 516 itaddr.s_addr == ia->ia_addr.sin_addr.s_addr) { 517 carp_match = 1; 518 goto match; 519 } 520#endif 521 } 522 LIST_FOREACH(ia, INADDR_HASH(isaddr.s_addr), ia_hash) 523 if (((bridged && ia->ia_ifp->if_bridge != NULL) || 524 ia->ia_ifp == ifp) && 525 isaddr.s_addr == ia->ia_addr.sin_addr.s_addr) 526 goto match; 527 528#define BDG_MEMBER_MATCHES_ARP(addr, ifp, ia) \ 529 (ia->ia_ifp->if_bridge == ifp->if_softc && \ 530 !bcmp(IF_LLADDR(ia->ia_ifp), IF_LLADDR(ifp), ifp->if_addrlen) && \ 531 addr == ia->ia_addr.sin_addr.s_addr) 532 /* 533 * Check the case when bridge shares its MAC address with 534 * some of its children, so packets are claimed by bridge 535 * itself (bridge_input() does it first), but they are really 536 * meant to be destined to the bridge member. 537 */ 538 if (is_bridge) { 539 LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash) { 540 if (BDG_MEMBER_MATCHES_ARP(itaddr.s_addr, ifp, ia)) { 541 ifp = ia->ia_ifp; 542 goto match; 543 } 544 } 545 } 546#undef BDG_MEMBER_MATCHES_ARP 547 548 /* 549 * No match, use the first inet address on the receive interface 550 * as a dummy address for the rest of the function. 551 */ 552 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 553 if (ifa->ifa_addr->sa_family == AF_INET) { 554 ia = ifatoia(ifa); 555 goto match; 556 } 557 /* 558 * If bridging, fall back to using any inet address. 559 */ 560 if (!bridged || (ia = TAILQ_FIRST(&V_in_ifaddrhead)) == NULL) 561 goto drop; 562match: 563 if (!enaddr) 564 enaddr = (u_int8_t *)IF_LLADDR(ifp); 565 myaddr = ia->ia_addr.sin_addr; 566 if (!bcmp(ar_sha(ah), enaddr, ifp->if_addrlen)) 567 goto drop; /* it's from me, ignore it. */ 568 if (!bcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) { 569 log(LOG_ERR, 570 "arp: link address is broadcast for IP address %s!\n", 571 inet_ntoa(isaddr)); 572 goto drop; 573 } 574 /* 575 * Warn if another host is using the same IP address, but only if the 576 * IP address isn't 0.0.0.0, which is used for DHCP only, in which 577 * case we suppress the warning to avoid false positive complaints of 578 * potential misconfiguration. 579 */ 580 if (!bridged && isaddr.s_addr == myaddr.s_addr && myaddr.s_addr != 0) { 581 log(LOG_ERR, 582 "arp: %*D is using my IP address %s on %s!\n", 583 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 584 inet_ntoa(isaddr), ifp->if_xname); 585 itaddr = myaddr; 586 goto reply; 587 } 588 if (ifp->if_flags & IFF_STATICARP) 589 goto reply; 590 591 bzero(&sin, sizeof(sin)); 592 sin.sin_len = sizeof(struct sockaddr_in); 593 sin.sin_family = AF_INET; 594 sin.sin_addr = isaddr; 595 flags = (itaddr.s_addr == myaddr.s_addr) ? LLE_CREATE : 0; 596 flags |= LLE_EXCLUSIVE; 597 IF_AFDATA_LOCK(ifp); 598 la = lla_lookup(LLTABLE(ifp), flags, (struct sockaddr *)&sin); 599 IF_AFDATA_UNLOCK(ifp); 600 if (la != NULL) { 601 /* the following is not an error when doing bridging */ 602 if (!bridged && la->lle_tbl->llt_ifp != ifp 603#ifdef DEV_CARP 604 && (ifp->if_type != IFT_CARP || !carp_match) 605#endif 606 ) { 607 if (log_arp_wrong_iface) 608 log(LOG_ERR, "arp: %s is on %s " 609 "but got reply from %*D on %s\n", 610 inet_ntoa(isaddr), 611 la->lle_tbl->llt_ifp->if_xname, 612 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 613 ifp->if_xname); 614 goto reply; 615 } 616 if ((la->la_flags & LLE_VALID) && 617 bcmp(ar_sha(ah), &la->ll_addr, ifp->if_addrlen)) { 618 if (la->la_flags & LLE_STATIC) { 619 log(LOG_ERR, 620 "arp: %*D attempts to modify permanent " 621 "entry for %s on %s\n", 622 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 623 inet_ntoa(isaddr), ifp->if_xname); 624 goto reply; 625 } 626 if (log_arp_movements) { 627 log(LOG_INFO, "arp: %s moved from %*D " 628 "to %*D on %s\n", 629 inet_ntoa(isaddr), 630 ifp->if_addrlen, 631 (u_char *)&la->ll_addr, ":", 632 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 633 ifp->if_xname); 634 } 635 } 636 637 if (ifp->if_addrlen != ah->ar_hln) { 638 log(LOG_WARNING, 639 "arp from %*D: addr len: new %d, i/f %d (ignored)", 640 ifp->if_addrlen, (u_char *) ar_sha(ah), ":", 641 ah->ar_hln, ifp->if_addrlen); 642 goto reply; 643 } 644 (void)memcpy(&la->ll_addr, ar_sha(ah), ifp->if_addrlen); 645 la->la_flags |= LLE_VALID; 646 647 if (!(la->la_flags & LLE_STATIC)) { 648 la->la_expire = time_uptime + V_arpt_keep; 649 callout_reset(&la->la_timer, hz * V_arpt_keep, 650 arptimer, la); 651 } 652 la->la_asked = 0; 653 la->la_preempt = V_arp_maxtries; 654 if (la->la_hold != NULL) { 655 m0 = la->la_hold; 656 la->la_hold = 0; 657 memcpy(&sa, L3_ADDR(la), sizeof(sa)); 658 LLE_WUNLOCK(la); 659 660 (*ifp->if_output)(ifp, m0, &sa, NULL); 661 return; 662 } 663 } 664reply: 665 if (op != ARPOP_REQUEST) 666 goto drop; 667 668 if (itaddr.s_addr == myaddr.s_addr) { 669 /* Shortcut.. the receiving interface is the target. */ 670 (void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 671 (void)memcpy(ar_sha(ah), enaddr, ah->ar_hln); 672 } else { 673 struct llentry *lle = NULL; 674 675 if (!V_arp_proxyall) 676 goto drop; 677 678 sin.sin_addr = itaddr; 679 /* XXX MRT use table 0 for arp reply */ 680 rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, 0); 681 if (!rt) 682 goto drop; 683 684 /* 685 * Don't send proxies for nodes on the same interface 686 * as this one came out of, or we'll get into a fight 687 * over who claims what Ether address. 688 */ 689 if (!rt->rt_ifp || rt->rt_ifp == ifp) { 690 RTFREE_LOCKED(rt); 691 goto drop; 692 } 693 IF_AFDATA_LOCK(rt->rt_ifp); 694 lle = lla_lookup(LLTABLE(rt->rt_ifp), 0, (struct sockaddr *)&sin); 695 IF_AFDATA_UNLOCK(rt->rt_ifp); 696 RTFREE_LOCKED(rt); 697 698 if (lle != NULL) { 699 (void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 700 (void)memcpy(ar_sha(ah), &lle->ll_addr, ah->ar_hln); 701 LLE_RUNLOCK(lle); 702 } else 703 goto drop; 704 705 /* 706 * Also check that the node which sent the ARP packet 707 * is on the the interface we expect it to be on. This 708 * avoids ARP chaos if an interface is connected to the 709 * wrong network. 710 */ 711 sin.sin_addr = isaddr; 712 713 /* XXX MRT use table 0 for arp checks */ 714 rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, 0); 715 if (!rt) 716 goto drop; 717 if (rt->rt_ifp != ifp) { 718 log(LOG_INFO, "arp_proxy: ignoring request" 719 " from %s via %s, expecting %s\n", 720 inet_ntoa(isaddr), ifp->if_xname, 721 rt->rt_ifp->if_xname); 722 RTFREE_LOCKED(rt); 723 goto drop; 724 } 725 RTFREE_LOCKED(rt); 726 727#ifdef DEBUG_PROXY 728 printf("arp: proxying for %s\n", 729 inet_ntoa(itaddr)); 730#endif 731 } 732 733 if (la != NULL) 734 LLE_WUNLOCK(la); 735 if (itaddr.s_addr == myaddr.s_addr && 736 IN_LINKLOCAL(ntohl(itaddr.s_addr))) { 737 /* RFC 3927 link-local IPv4; always reply by broadcast. */ 738#ifdef DEBUG_LINKLOCAL 739 printf("arp: sending reply for link-local addr %s\n", 740 inet_ntoa(itaddr)); 741#endif 742 m->m_flags |= M_BCAST; 743 m->m_flags &= ~M_MCAST; 744 } else { 745 /* default behaviour; never reply by broadcast. */ 746 m->m_flags &= ~(M_BCAST|M_MCAST); 747 } 748 (void)memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln); 749 (void)memcpy(ar_spa(ah), &itaddr, ah->ar_pln); 750 ah->ar_op = htons(ARPOP_REPLY); 751 ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */ 752 m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + (2 * ah->ar_hln); 753 m->m_pkthdr.len = m->m_len; 754 sa.sa_family = AF_ARP; 755 sa.sa_len = 2; 756 (*ifp->if_output)(ifp, m, &sa, NULL); 757 return; 758 759drop: 760 if (la != NULL) 761 LLE_WUNLOCK(la); 762 m_freem(m); 763} 764#endif 765 766void 767arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa) 768{ 769 struct llentry *lle; 770 771 if (ntohl(IA_SIN(ifa)->sin_addr.s_addr) != INADDR_ANY) { 772 arprequest(ifp, &IA_SIN(ifa)->sin_addr, 773 &IA_SIN(ifa)->sin_addr, IF_LLADDR(ifp)); 774 /* 775 * interface address is considered static entry 776 * because the output of the arp utility shows 777 * that L2 entry as permanent 778 */ 779 IF_AFDATA_LOCK(ifp); 780 lle = lla_lookup(LLTABLE(ifp), (LLE_CREATE | LLE_IFADDR | LLE_STATIC), 781 (struct sockaddr *)IA_SIN(ifa)); 782 IF_AFDATA_UNLOCK(ifp); 783 if (lle == NULL) 784 log(LOG_INFO, "arp_ifinit: cannot create arp " 785 "entry for interface address\n"); 786 else 787 LLE_RUNLOCK(lle); 788 } 789 ifa->ifa_rtrequest = NULL; 790} 791 792void 793arp_ifinit2(struct ifnet *ifp, struct ifaddr *ifa, u_char *enaddr) 794{ 795 if (ntohl(IA_SIN(ifa)->sin_addr.s_addr) != INADDR_ANY) 796 arprequest(ifp, &IA_SIN(ifa)->sin_addr, 797 &IA_SIN(ifa)->sin_addr, enaddr); 798 ifa->ifa_rtrequest = NULL; 799} 800 801static int 802arp_iattach(const void *unused __unused) 803{ 804 INIT_VNET_INET(curvnet); 805 806 V_arpt_keep = (20*60); /* once resolved, good for 20 more minutes */ 807 V_arp_maxtries = 5; 808 V_useloopback = 1; /* use loopback interface for local traffic */ 809 V_arp_proxyall = 0; 810 811 return (0); 812} 813 814static void 815arp_init(void) 816{ 817 818#ifndef VIMAGE_GLOBALS 819 vnet_mod_register(&vnet_arp_modinfo); 820#else 821 arp_iattach(NULL); 822#endif 823 824 arpintrq.ifq_maxlen = 50; 825 mtx_init(&arpintrq.ifq_mtx, "arp_inq", NULL, MTX_DEF); 826 netisr_register(NETISR_ARP, arpintr, &arpintrq, 0); 827} 828SYSINIT(arp, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, arp_init, 0); 829