nd6.c revision 186159
1218792Snp/*- 2218792Snp * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3218792Snp * All rights reserved. 4218792Snp * 5218792Snp * Redistribution and use in source and binary forms, with or without 6218792Snp * modification, are permitted provided that the following conditions 7218792Snp * are met: 8218792Snp * 1. Redistributions of source code must retain the above copyright 9218792Snp * notice, this list of conditions and the following disclaimer. 10218792Snp * 2. Redistributions in binary form must reproduce the above copyright 11218792Snp * notice, this list of conditions and the following disclaimer in the 12218792Snp * documentation and/or other materials provided with the distribution. 13218792Snp * 3. Neither the name of the project nor the names of its contributors 14218792Snp * may be used to endorse or promote products derived from this software 15218792Snp * without specific prior written permission. 16218792Snp * 17218792Snp * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18218792Snp * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19218792Snp * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20218792Snp * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21218792Snp * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22218792Snp * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23218792Snp * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24218792Snp * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25218792Snp * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26218792Snp * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27218792Snp * SUCH DAMAGE. 28218792Snp * 29218792Snp * $KAME: nd6.c,v 1.144 2001/05/24 07:44:00 itojun Exp $ 30218792Snp */ 31218792Snp 32237819Snp#include <sys/cdefs.h> 33218792Snp__FBSDID("$FreeBSD: head/sys/netinet6/nd6.c 186159 2008-12-16 02:33:53Z kmacy $"); 34218792Snp 35218792Snp#include "opt_inet.h" 36218792Snp#include "opt_inet6.h" 37218792Snp#include "opt_mac.h" 38219286Snp 39219286Snp#include <sys/param.h> 40265425Snp#include <sys/systm.h> 41219286Snp#include <sys/callout.h> 42255015Snp#include <sys/malloc.h> 43284052Snp#include <sys/mbuf.h> 44218792Snp#include <sys/socket.h> 45228561Snp#include <sys/sockio.h> 46269356Snp#include <sys/time.h> 47218792Snp#include <sys/kernel.h> 48218792Snp#include <sys/protosw.h> 49218792Snp#include <sys/errno.h> 50218792Snp#include <sys/syslog.h> 51218792Snp#include <sys/lock.h> 52218792Snp#include <sys/rwlock.h> 53237819Snp#include <sys/queue.h> 54218792Snp#include <sys/sysctl.h> 55309447Sjhb 56256131Sdim#include <net/if.h> 57265425Snp#include <net/if_arc.h> 58265425Snp#include <net/if_dl.h> 59270297Snp#include <net/if_types.h> 60270297Snp#include <net/iso88025.h> 61270297Snp#include <net/fddi.h> 62270297Snp#include <net/route.h> 63270297Snp#include <net/vnet.h> 64270297Snp 65270297Snp#include <netinet/in.h> 66218792Snp#include <net/if_llatbl.h> 67218792Snp#define L3_ADDR_SIN6(le) ((struct sockaddr_in6 *) L3_ADDR(le)) 68218792Snp#include <netinet/if_ether.h> 69218792Snp#include <netinet6/in6_var.h> 70218792Snp#include <netinet/ip6.h> 71309442Sjhb#include <netinet6/ip6_var.h> 72284052Snp#include <netinet6/scope6_var.h> 73218792Snp#include <netinet6/nd6.h> 74248925Snp#include <netinet/icmp6.h> 75248925Snp#include <netinet6/vinet6.h> 76248925Snp 77248925Snp#include <sys/limits.h> 78248925Snp#include <sys/vimage.h> 79248925Snp 80239258Snp#include <security/mac/mac_framework.h> 81239258Snp 82239258Snp#define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 83239258Snp#define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 84309448Sjhb 85239258Snp#define SIN6(s) ((struct sockaddr_in6 *)s) 86218792Snp#define SDL(s) ((struct sockaddr_dl *)s) 87239258Snp 88239258Snp#ifdef VIMAGE_GLOBALS 89239258Snpint nd6_prune; 90255050Snpint nd6_delay; 91255050Snpint nd6_umaxtries; 92239258Snpint nd6_mmaxtries; 93270297Snpint nd6_useloopback; 94239258Snpint nd6_gctimer; 95218792Snp 96239258Snp/* preventing too many loops in ND option parsing */ 97239258Snpint nd6_maxndopt; 98239258Snp 99239258Snpint nd6_maxnudhint; 100239258Snpint nd6_maxqueuelen; 101309448Sjhb 102239258Snpint nd6_debug; 103239258Snp 104239258Snp/* for debugging? */ 105239258Snp#if 0 106239258Snpstatic int nd6_inuse, nd6_allocated; 107239258Snp#endif 108239258Snp 109239258Snpstruct nd_drhead nd_defrouter; 110239258Snpstruct nd_prhead nd_prefix; 111239258Snp 112239258Snpint nd6_recalc_reachtm_interval; 113255050Snp#endif /* VIMAGE_GLOBALS */ 114255050Snp 115255050Snpstatic struct sockaddr_in6 all1_sa; 116255050Snp 117255050Snpstatic int nd6_is_new_addr_neighbor __P((struct sockaddr_in6 *, 118255050Snp struct ifnet *)); 119255050Snpstatic void nd6_setmtu0(struct ifnet *, struct nd_ifinfo *); 120255050Snpstatic void nd6_slowtimo(void *); 121255050Snpstatic int regen_tmpaddr(struct in6_ifaddr *); 122255050Snpstatic struct llentry *nd6_free(struct llentry *, int); 123255050Snpstatic void nd6_llinfo_timer(void *); 124255050Snpstatic void clear_llinfo_pqueue(struct llentry *); 125281212Snp 126281212Snp#ifdef VIMAGE_GLOBALS 127255050Snpstruct callout nd6_slowtimo_ch; 128255050Snpstruct callout nd6_timer_ch; 129255050Snpextern struct callout in6_tmpaddrtimer_ch; 130255050Snpextern int dad_ignore_ns; 131265425Snpextern int dad_maxtry; 132265425Snp#endif 133265425Snp 134265425Snpvoid 135265425Snpnd6_init(void) 136265425Snp{ 137265425Snp INIT_VNET_INET6(curvnet); 138265425Snp static int nd6_init_done = 0; 139265425Snp int i; 140265425Snp 141265425Snp if (nd6_init_done) { 142265425Snp log(LOG_NOTICE, "nd6_init called more than once(ignored)\n"); 143265425Snp return; 144265425Snp } 145265425Snp 146265425Snp V_nd6_prune = 1; /* walk list every 1 seconds */ 147265425Snp V_nd6_delay = 5; /* delay first probe time 5 second */ 148265425Snp V_nd6_umaxtries = 3; /* maximum unicast query */ 149265425Snp V_nd6_mmaxtries = 3; /* maximum multicast query */ 150265425Snp V_nd6_useloopback = 1; /* use loopback interface for local traffic */ 151265425Snp V_nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */ 152318840Snp 153318840Snp /* preventing too many loops in ND option parsing */ 154318840Snp V_nd6_maxndopt = 10; /* max # of ND options allowed */ 155318840Snp 156318840Snp V_nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */ 157318840Snp V_nd6_maxqueuelen = 1; /* max pkts cached in unresolved ND entries */ 158318840Snp 159218792Snp#ifdef ND6_DEBUG 160284052Snp V_nd6_debug = 1; 161284052Snp#else 162284052Snp V_nd6_debug = 0; 163284052Snp#endif 164218792Snp 165218792Snp V_nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL; 166218792Snp 167218792Snp V_dad_ignore_ns = 0; /* ignore NS in DAD - specwise incorrect*/ 168284052Snp V_dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */ 169284052Snp 170218792Snp /* 171218792Snp * XXX just to get this to compile KMM 172228561Snp */ 173270297Snp#ifdef notyet 174228561Snp V_llinfo_nd6.ln_next = &V_llinfo_nd6; 175270297Snp V_llinfo_nd6.ln_prev = &V_llinfo_nd6; 176281212Snp#endif 177308304Sjhb LIST_INIT(&V_nd_prefix); 178308304Sjhb 179218792Snp V_ip6_use_tempaddr = 0; 180218792Snp V_ip6_temp_preferred_lifetime = DEF_TEMP_PREFERRED_LIFETIME; 181218792Snp V_ip6_temp_valid_lifetime = DEF_TEMP_VALID_LIFETIME; 182218792Snp V_ip6_temp_regen_advance = TEMPADDR_REGEN_ADVANCE; 183308154Sjhb 184222085Snp all1_sa.sin6_family = AF_INET6; 185308154Sjhb all1_sa.sin6_len = sizeof(struct sockaddr_in6); 186309564Sjhb for (i = 0; i < sizeof(all1_sa.sin6_addr); i++) 187309564Sjhb all1_sa.sin6_addr.s6_addr[i] = 0xff; 188228561Snp 189228561Snp /* initialization of the default router list */ 190228561Snp TAILQ_INIT(&V_nd_defrouter); 191228561Snp /* start timer */ 192308154Sjhb callout_init(&V_nd6_slowtimo_ch, 0); 193228561Snp callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 194308154Sjhb nd6_slowtimo, NULL); 195237263Snp 196308154Sjhb nd6_init_done = 1; 197228561Snp 198308154Sjhb} 199228561Snp 200270297Snpstruct nd_ifinfo * 201308154Sjhbnd6_ifattach(struct ifnet *ifp) 202270297Snp{ 203308154Sjhb struct nd_ifinfo *nd; 204308154Sjhb 205270297Snp nd = (struct nd_ifinfo *)malloc(sizeof(*nd), M_IP6NDP, M_WAITOK); 206308154Sjhb bzero(nd, sizeof(*nd)); 207270297Snp 208228561Snp nd->initialized = 1; 209308154Sjhb 210237263Snp nd->chlim = IPV6_DEFHLIM; 211308154Sjhb nd->basereachable = REACHABLE_TIME; 212228561Snp nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 213308154Sjhb nd->retrans = RETRANS_TIMER; 214228561Snp /* 215308154Sjhb * Note that the default value of ip6_accept_rtadv is 0, which means 216228561Snp * we won't accept RAs by default even if we set ND6_IFF_ACCEPT_RTADV 217228561Snp * here. 218308154Sjhb */ 219228561Snp nd->flags = (ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV); 220308154Sjhb 221218792Snp /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */ 222218792Snp nd6_setmtu0(ifp, nd); 223228561Snp 224228561Snp return nd; 225218792Snp} 226255050Snp 227265425Snpvoid 228265425Snpnd6_ifdetach(struct nd_ifinfo *nd) 229228561Snp{ 230218792Snp 231284052Snp free(nd, M_IP6NDP); 232284052Snp} 233309447Sjhb 234284052Snp/* 235284052Snp * Reset ND level link MTU. This function is called when the physical MTU 236284052Snp * changes, which means we might have to adjust the ND level MTU. 237284052Snp */ 238309560Sjhbvoid 239309560Sjhbnd6_setmtu(struct ifnet *ifp) 240284052Snp{ 241284052Snp 242284052Snp nd6_setmtu0(ifp, ND_IFINFO(ifp)); 243284052Snp} 244284052Snp 245218792Snp/* XXX todo: do not maintain copy of ifp->if_mtu in ndi->maxmtu */ 246284052Snpvoid 247284052Snpnd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi) 248284052Snp{ 249284052Snp INIT_VNET_INET6(ifp->if_vnet); 250284052Snp u_int32_t omaxmtu; 251284052Snp 252284052Snp omaxmtu = ndi->maxmtu; 253228561Snp 254228561Snp switch (ifp->if_type) { 255239336Snp case IFT_ARCNET: 256228561Snp ndi->maxmtu = MIN(ARC_PHDS_MAXMTU, ifp->if_mtu); /* RFC2497 */ 257309444Sjhb break; 258284052Snp case IFT_FDDI: 259284052Snp ndi->maxmtu = MIN(FDDIIPMTU, ifp->if_mtu); /* RFC2467 */ 260218792Snp break; 261222510Snp case IFT_ISO88025: 262265425Snp ndi->maxmtu = MIN(ISO88025_MAX_MTU, ifp->if_mtu); 263308321Sjhb break; 264220873Snp default: 265269356Snp ndi->maxmtu = ifp->if_mtu; 266269356Snp break; 267269356Snp } 268309442Sjhb 269309442Sjhb /* 270309442Sjhb * Decreasing the interface MTU under IPV6 minimum MTU may cause 271309442Sjhb * undesirable situation. We thus notify the operator of the change 272309442Sjhb * explicitly. The check for omaxmtu is necessary to restrict the 273309442Sjhb * log to the case of changing the MTU, not initializing it. 274309442Sjhb */ 275309442Sjhb if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) { 276309442Sjhb log(LOG_NOTICE, "nd6_setmtu0: " 277309442Sjhb "new link MTU on %s (%lu) is too small for IPv6\n", 278309442Sjhb if_name(ifp), (unsigned long)ndi->maxmtu); 279309442Sjhb } 280309442Sjhb 281309442Sjhb if (ndi->maxmtu > V_in6_maxmtu) 282309442Sjhb in6_setmaxmtu(); /* check all interfaces just in case */ 283309442Sjhb 284309442Sjhb#undef MIN 285309442Sjhb} 286309442Sjhb 287309442Sjhbvoid 288309442Sjhbnd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 289309442Sjhb{ 290309442Sjhb 291309442Sjhb bzero(ndopts, sizeof(*ndopts)); 292309442Sjhb ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 293309442Sjhb ndopts->nd_opts_last 294309442Sjhb = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 295309442Sjhb 296309442Sjhb if (icmp6len == 0) { 297309442Sjhb ndopts->nd_opts_done = 1; 298309442Sjhb ndopts->nd_opts_search = NULL; 299309442Sjhb } 300309442Sjhb} 301309442Sjhb 302309442Sjhb/* 303309442Sjhb * Take one ND option. 304309442Sjhb */ 305309442Sjhbstruct nd_opt_hdr * 306309442Sjhbnd6_option(union nd_opts *ndopts) 307309442Sjhb{ 308309442Sjhb struct nd_opt_hdr *nd_opt; 309309442Sjhb int olen; 310309442Sjhb 311309442Sjhb if (ndopts == NULL) 312309442Sjhb panic("ndopts == NULL in nd6_option"); 313309442Sjhb if (ndopts->nd_opts_last == NULL) 314309442Sjhb panic("uninitialized ndopts in nd6_option"); 315309442Sjhb if (ndopts->nd_opts_search == NULL) 316309442Sjhb return NULL; 317309442Sjhb if (ndopts->nd_opts_done) 318309442Sjhb return NULL; 319309442Sjhb 320309442Sjhb nd_opt = ndopts->nd_opts_search; 321309442Sjhb 322309442Sjhb /* make sure nd_opt_len is inside the buffer */ 323309442Sjhb if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 324309442Sjhb bzero(ndopts, sizeof(*ndopts)); 325309442Sjhb return NULL; 326309442Sjhb } 327309442Sjhb 328309442Sjhb olen = nd_opt->nd_opt_len << 3; 329309442Sjhb if (olen == 0) { 330309442Sjhb /* 331309442Sjhb * Message validation requires that all included 332309442Sjhb * options have a length that is greater than zero. 333309442Sjhb */ 334309442Sjhb bzero(ndopts, sizeof(*ndopts)); 335309442Sjhb return NULL; 336309442Sjhb } 337309442Sjhb 338309442Sjhb ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 339309442Sjhb if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 340309442Sjhb /* option overruns the end of buffer, invalid */ 341309442Sjhb bzero(ndopts, sizeof(*ndopts)); 342309442Sjhb return NULL; 343309442Sjhb } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 344309442Sjhb /* reached the end of options chain */ 345309442Sjhb ndopts->nd_opts_done = 1; 346309442Sjhb ndopts->nd_opts_search = NULL; 347309442Sjhb } 348309442Sjhb return nd_opt; 349309442Sjhb} 350309442Sjhb 351309442Sjhb/* 352309442Sjhb * Parse multiple ND options. 353309442Sjhb * This function is much easier to use, for ND routines that do not need 354309442Sjhb * multiple options of the same type. 355309442Sjhb */ 356309442Sjhbint 357309442Sjhbnd6_options(union nd_opts *ndopts) 358309442Sjhb{ 359309442Sjhb INIT_VNET_INET6(curvnet); 360309442Sjhb struct nd_opt_hdr *nd_opt; 361309442Sjhb int i = 0; 362309442Sjhb 363309442Sjhb if (ndopts == NULL) 364309442Sjhb panic("ndopts == NULL in nd6_options"); 365219392Snp if (ndopts->nd_opts_last == NULL) 366255050Snp panic("uninitialized ndopts in nd6_options"); 367219392Snp if (ndopts->nd_opts_search == NULL) 368219392Snp return 0; 369219392Snp 370219392Snp while (1) { 371309442Sjhb nd_opt = nd6_option(ndopts); 372255050Snp if (nd_opt == NULL && ndopts->nd_opts_last == NULL) { 373239258Snp /* 374239258Snp * Message validation requires that all included 375239258Snp * options have a length that is greater than zero. 376239258Snp */ 377239258Snp V_icmp6stat.icp6s_nd_badopt++; 378239258Snp bzero(ndopts, sizeof(*ndopts)); 379239258Snp return -1; 380239258Snp } 381239258Snp 382239258Snp if (nd_opt == NULL) 383239258Snp goto skip1; 384239258Snp 385239258Snp switch (nd_opt->nd_opt_type) { 386239258Snp case ND_OPT_SOURCE_LINKADDR: 387239258Snp case ND_OPT_TARGET_LINKADDR: 388239258Snp case ND_OPT_MTU: 389239258Snp case ND_OPT_REDIRECTED_HEADER: 390239258Snp if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 391239258Snp nd6log((LOG_INFO, 392239258Snp "duplicated ND6 option found (type=%d)\n", 393239258Snp nd_opt->nd_opt_type)); 394239258Snp /* XXX bark? */ 395239258Snp } else { 396239258Snp ndopts->nd_opt_array[nd_opt->nd_opt_type] 397239258Snp = nd_opt; 398239258Snp } 399269356Snp break; 400318840Snp case ND_OPT_PREFIX_INFORMATION: 401318840Snp if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 402318840Snp ndopts->nd_opt_array[nd_opt->nd_opt_type] 403318840Snp = nd_opt; 404318840Snp } 405318840Snp ndopts->nd_opts_pi_end = 406269356Snp (struct nd_opt_prefix_info *)nd_opt; 407269356Snp break; 408269356Snp default: 409269356Snp /* 410309442Sjhb * Unknown options must be silently ignored, 411309442Sjhb * to accomodate future extension to the protocol. 412309442Sjhb */ 413309442Sjhb nd6log((LOG_DEBUG, 414309442Sjhb "nd6_options: unsupported option %d - " 415309442Sjhb "option ignored\n", nd_opt->nd_opt_type)); 416309442Sjhb } 417309442Sjhb 418309442Sjhbskip1: 419309442Sjhb i++; 420309442Sjhb if (i > V_nd6_maxndopt) { 421309442Sjhb V_icmp6stat.icp6s_nd_toomanyopt++; 422309444Sjhb nd6log((LOG_INFO, "too many loop in nd opt\n")); 423219392Snp break; 424219392Snp } 425248925Snp 426269356Snp if (ndopts->nd_opts_done) 427269356Snp break; 428269356Snp } 429269356Snp 430269356Snp return 0; 431269356Snp} 432269356Snp 433269356Snp/* 434269356Snp * ND6 timer routine to handle ND6 entries 435269356Snp */ 436269356Snpvoid 437269356Snpnd6_llinfo_settimer_locked(struct llentry *ln, long tick) 438269356Snp{ 439269356Snp if (tick < 0) { 440269356Snp ln->la_expire = 0; 441269356Snp ln->ln_ntick = 0; 442269356Snp callout_stop(&ln->ln_timer_ch); 443269356Snp /* 444281212Snp * XXX - do we know that there is 445281212Snp * callout installed? i.e. are we 446281212Snp * guaranteed that we're not dropping 447281212Snp * a reference that we did not add? 448309560Sjhb * KMM 449281212Snp */ 450309560Sjhb LLE_REMREF(ln); 451309560Sjhb } else { 452281212Snp ln->la_expire = time_second + tick / hz; 453309560Sjhb LLE_ADDREF(ln); 454309560Sjhb if (tick > INT_MAX) { 455309560Sjhb ln->ln_ntick = tick - INT_MAX; 456281212Snp callout_reset(&ln->ln_timer_ch, INT_MAX, 457281212Snp nd6_llinfo_timer, ln); 458281212Snp } else { 459309560Sjhb ln->ln_ntick = 0; 460281212Snp callout_reset(&ln->ln_timer_ch, tick, 461309560Sjhb nd6_llinfo_timer, ln); 462281212Snp } 463281212Snp } 464281212Snp} 465281212Snp 466281212Snpvoid 467281212Snpnd6_llinfo_settimer(struct llentry *ln, long tick) 468281212Snp{ 469281212Snp 470281212Snp LLE_WLOCK(ln); 471281212Snp nd6_llinfo_settimer_locked(ln, tick); 472281212Snp LLE_WUNLOCK(ln); 473281212Snp} 474281212Snp 475309560Sjhbstatic void 476281212Snpnd6_llinfo_timer(void *arg) 477281212Snp{ 478281212Snp struct llentry *ln; 479281212Snp struct in6_addr *dst; 480281212Snp struct ifnet *ifp; 481281212Snp struct nd_ifinfo *ndi = NULL; 482281212Snp 483281212Snp ln = (struct llentry *)arg; 484281212Snp if (ln == NULL) { 485281212Snp panic("%s: NULL entry!\n", __func__); 486281212Snp return; 487281212Snp } 488281212Snp 489281212Snp if ((ifp = ((ln->lle_tbl != NULL) ? ln->lle_tbl->llt_ifp : NULL)) == NULL) 490281212Snp panic("ln ifp == NULL"); 491281212Snp 492281212Snp CURVNET_SET(ifp->if_vnet); 493281212Snp INIT_VNET_INET6(curvnet); 494281212Snp 495281212Snp if (ln->ln_ntick > 0) { 496281212Snp if (ln->ln_ntick > INT_MAX) { 497281212Snp ln->ln_ntick -= INT_MAX; 498281212Snp nd6_llinfo_settimer(ln, INT_MAX); 499281212Snp } else { 500281212Snp ln->ln_ntick = 0; 501281212Snp nd6_llinfo_settimer(ln, ln->ln_ntick); 502281212Snp } 503281212Snp goto done; 504281212Snp } 505281212Snp 506281212Snp ndi = ND_IFINFO(ifp); 507281212Snp dst = &L3_ADDR_SIN6(ln)->sin6_addr; 508281212Snp if ((ln->la_flags & LLE_STATIC) || (ln->la_expire > time_second)) { 509281212Snp goto done; 510281212Snp } 511281212Snp 512281212Snp if (ln->la_flags & LLE_DELETED) { 513249391Snp (void)nd6_free(ln, 0); 514249391Snp goto done; 515249391Snp } 516248925Snp 517248925Snp switch (ln->ln_state) { 518248925Snp case ND6_LLINFO_INCOMPLETE: 519248925Snp if (ln->la_asked < V_nd6_mmaxtries) { 520248925Snp ln->la_asked++; 521248925Snp nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000); 522249391Snp nd6_ns_output(ifp, NULL, dst, ln, 0); 523248925Snp } else { 524248925Snp struct mbuf *m = ln->la_hold; 525265425Snp if (m) { 526255050Snp struct mbuf *m0; 527255050Snp 528255050Snp /* 529265425Snp * assuming every packet in la_hold has the 530265425Snp * same IP header 531255050Snp */ 532255050Snp m0 = m->m_nextpkt; 533255050Snp m->m_nextpkt = NULL; 534265425Snp icmp6_error2(m, ICMP6_DST_UNREACH, 535265425Snp ICMP6_DST_UNREACH_ADDR, 0, ifp); 536265425Snp 537255050Snp ln->la_hold = m0; 538248925Snp clear_llinfo_pqueue(ln); 539248925Snp } 540248925Snp (void)nd6_free(ln, 0); 541248925Snp ln = NULL; 542255050Snp } 543248925Snp break; 544237512Snp case ND6_LLINFO_REACHABLE: 545248925Snp if (!ND6_LLINFO_PERMANENT(ln)) { 546218792Snp ln->ln_state = ND6_LLINFO_STALE; 547281212Snp nd6_llinfo_settimer(ln, (long)V_nd6_gctimer * hz); 548255050Snp } 549248925Snp break; 550228561Snp 551228561Snp case ND6_LLINFO_STALE: 552228561Snp /* Garbage Collection(RFC 2461 5.3) */ 553228561Snp if (!ND6_LLINFO_PERMANENT(ln)) { 554228561Snp (void)nd6_free(ln, 1); 555228561Snp ln = NULL; 556228561Snp } 557248925Snp break; 558228561Snp 559265425Snp case ND6_LLINFO_DELAY: 560265425Snp if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) { 561265425Snp /* We need NUD */ 562248925Snp ln->la_asked = 1; 563265425Snp ln->ln_state = ND6_LLINFO_PROBE; 564248925Snp nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000); 565228561Snp nd6_ns_output(ifp, dst, dst, ln, 0); 566248925Snp } else { 567248925Snp ln->ln_state = ND6_LLINFO_STALE; /* XXX */ 568248925Snp nd6_llinfo_settimer(ln, (long)V_nd6_gctimer * hz); 569228561Snp } 570249391Snp break; 571249391Snp case ND6_LLINFO_PROBE: 572249391Snp if (ln->la_asked < V_nd6_umaxtries) { 573249391Snp ln->la_asked++; 574249391Snp nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000); 575249391Snp nd6_ns_output(ifp, dst, dst, ln, 0); 576249391Snp } else { 577249391Snp (void)nd6_free(ln, 0); 578249391Snp ln = NULL; 579249391Snp } 580249391Snp break; 581249391Snp } 582249391Snp CURVNET_RESTORE(); 583249391Snpdone: 584249391Snp if (ln != NULL) 585249391Snp LLE_FREE(ln); 586249391Snp} 587249391Snp 588248925Snp 589248925Snp/* 590248925Snp * ND6 timer routine to expire default route list and prefix list 591248925Snp */ 592248925Snpvoid 593248925Snpnd6_timer(void *arg) 594248925Snp{ 595248925Snp CURVNET_SET_QUIET((struct vnet *) arg); 596248925Snp INIT_VNET_INET6((struct vnet *) arg); 597228561Snp int s; 598318840Snp struct nd_defrouter *dr; 599318840Snp struct nd_prefix *pr; 600318840Snp struct in6_ifaddr *ia6, *nia6; 601318840Snp struct in6_addrlifetime *lt6; 602318840Snp 603318840Snp callout_reset(&V_nd6_timer_ch, V_nd6_prune * hz, 604318840Snp nd6_timer, NULL); 605318840Snp 606318840Snp /* expire default router list */ 607248925Snp s = splnet(); 608248925Snp dr = TAILQ_FIRST(&V_nd_defrouter); 609248925Snp while (dr) { 610248925Snp if (dr->expire && dr->expire < time_second) { 611248925Snp struct nd_defrouter *t; 612248925Snp t = TAILQ_NEXT(dr, dr_entry); 613248925Snp defrtrlist_del(dr); 614248925Snp dr = t; 615248925Snp } else { 616248925Snp dr = TAILQ_NEXT(dr, dr_entry); 617248925Snp } 618248925Snp } 619248925Snp 620248925Snp /* 621281212Snp * expire interface addresses. 622309449Sjhb * in the past the loop was inside prefix expiry processing. 623281212Snp * However, from a stricter speci-confrmance standpoint, we should 624281212Snp * rather separate address lifetimes and prefix lifetimes. 625281212Snp */ 626265425Snp addrloop: 627265425Snp for (ia6 = V_in6_ifaddr; ia6; ia6 = nia6) { 628281212Snp nia6 = ia6->ia_next; 629265425Snp /* check address lifetime */ 630308304Sjhb lt6 = &ia6->ia6_lifetime; 631265425Snp if (IFA6_IS_INVALID(ia6)) { 632265425Snp int regen = 0; 633265425Snp 634265425Snp /* 635265425Snp * If the expiring address is temporary, try 636248925Snp * regenerating a new one. This would be useful when 637248925Snp * we suspended a laptop PC, then turned it on after a 638248925Snp * period that could invalidate all temporary 639248925Snp * addresses. Although we may have to restart the 640248925Snp * loop (see below), it must be after purging the 641248925Snp * address. Otherwise, we'd see an infinite loop of 642308304Sjhb * regeneration. 643255050Snp */ 644248925Snp if (V_ip6_use_tempaddr && 645248925Snp (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) { 646265425Snp if (regen_tmpaddr(ia6) == 0) 647255050Snp regen = 1; 648255050Snp } 649255050Snp 650255050Snp in6_purgeaddr(&ia6->ia_ifa); 651255050Snp 652255050Snp if (regen) 653255050Snp goto addrloop; /* XXX: see below */ 654265425Snp } else if (IFA6_IS_DEPRECATED(ia6)) { 655265425Snp int oldflags = ia6->ia6_flags; 656248925Snp 657308304Sjhb ia6->ia6_flags |= IN6_IFF_DEPRECATED; 658308304Sjhb 659309447Sjhb /* 660248925Snp * If a temporary address has just become deprecated, 661248925Snp * regenerate a new one if possible. 662228561Snp */ 663228561Snp if (V_ip6_use_tempaddr && 664228561Snp (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 665308304Sjhb (oldflags & IN6_IFF_DEPRECATED) == 0) { 666308304Sjhb 667308304Sjhb if (regen_tmpaddr(ia6) == 0) { 668308304Sjhb /* 669308304Sjhb * A new temporary address is 670248925Snp * generated. 671228561Snp * XXX: this means the address chain 672228561Snp * has changed while we are still in 673228561Snp * the loop. Although the change 674265425Snp * would not cause disaster (because 675265425Snp * it's not a deletion, but an 676265425Snp * addition,) we'd rather restart the 677309447Sjhb * loop just for safety. Or does this 678265425Snp * significantly reduce performance?? 679281212Snp */ 680265425Snp goto addrloop; 681265425Snp } 682265425Snp } 683255050Snp } else { 684265425Snp /* 685265425Snp * A new RA might have made a deprecated address 686281212Snp * preferred. 687281212Snp */ 688281212Snp ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 689281212Snp } 690281212Snp } 691281212Snp 692281212Snp /* expire prefix list */ 693281212Snp pr = V_nd_prefix.lh_first; 694281212Snp while (pr) { 695255050Snp /* 696265425Snp * check prefix lifetime. 697265425Snp * since pltime is just for autoconf, pltime processing for 698265425Snp * prefix is not necessary. 699265425Snp */ 700265425Snp if (pr->ndpr_vltime != ND6_INFINITE_LIFETIME && 701265425Snp time_second - pr->ndpr_lastupdate > pr->ndpr_vltime) { 702265425Snp struct nd_prefix *t; 703265425Snp t = pr->ndpr_next; 704265425Snp 705265425Snp /* 706281212Snp * address expiration and prefix expiration are 707281212Snp * separate. NEVER perform in6_purgeaddr here. 708308304Sjhb */ 709281212Snp 710281212Snp prelist_remove(pr); 711281212Snp pr = t; 712265425Snp } else 713265425Snp pr = pr->ndpr_next; 714265425Snp } 715265425Snp splx(s); 716265425Snp CURVNET_RESTORE(); 717265425Snp} 718265425Snp 719281212Snp/* 720281212Snp * ia6 - deprecated/invalidated temporary address 721308304Sjhb */ 722281212Snpstatic int 723265425Snpregen_tmpaddr(struct in6_ifaddr *ia6) 724265425Snp{ 725265425Snp struct ifaddr *ifa; 726265425Snp struct ifnet *ifp; 727265425Snp struct in6_ifaddr *public_ifa6 = NULL; 728265425Snp 729265425Snp ifp = ia6->ia_ifa.ifa_ifp; 730265425Snp for (ifa = ifp->if_addrlist.tqh_first; ifa; 731265425Snp ifa = ifa->ifa_list.tqe_next) { 732265425Snp struct in6_ifaddr *it6; 733265425Snp 734265425Snp if (ifa->ifa_addr->sa_family != AF_INET6) 735265425Snp continue; 736265425Snp 737265425Snp it6 = (struct in6_ifaddr *)ifa; 738265425Snp 739265425Snp /* ignore no autoconf addresses. */ 740265425Snp if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0) 741265425Snp continue; 742265425Snp 743265425Snp /* ignore autoconf addresses with different prefixes. */ 744265425Snp if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr) 745265425Snp continue; 746228561Snp 747265425Snp /* 748265425Snp * Now we are looking at an autoconf address with the same 749265425Snp * prefix as ours. If the address is temporary and is still 750265425Snp * preferred, do not create another one. It would be rare, but 751255050Snp * could happen, for example, when we resume a laptop PC after 752265425Snp * a long period. 753265425Snp */ 754265425Snp if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 755255050Snp !IFA6_IS_DEPRECATED(it6)) { 756255050Snp public_ifa6 = NULL; 757255050Snp break; 758255050Snp } 759255050Snp 760255050Snp /* 761218792Snp * This is a public autoconf address that has the same prefix 762265425Snp * as ours. If it is preferred, keep it. We can't break the 763265425Snp * loop here, because there may be a still-preferred temporary 764265425Snp * address with the prefix. 765265425Snp */ 766265425Snp if (!IFA6_IS_DEPRECATED(it6)) 767265425Snp public_ifa6 = it6; 768265425Snp } 769265425Snp 770281212Snp if (public_ifa6 != NULL) { 771281212Snp int e; 772308304Sjhb 773281212Snp if ((e = in6_tmpifadd(public_ifa6, 0, 0)) != 0) { 774265425Snp log(LOG_NOTICE, "regen_tmpaddr: failed to create a new" 775281212Snp " tmp addr,errno=%d\n", e); 776265425Snp return (-1); 777265425Snp } 778281212Snp return (0); 779265425Snp } 780265425Snp 781265425Snp return (-1); 782309447Sjhb} 783309447Sjhb 784309447Sjhb/* 785248925Snp * Nuke neighbor cache/prefix/default router management table, right before 786248925Snp * ifp goes away. 787248925Snp */ 788248925Snpvoid 789248925Snpnd6_purge(struct ifnet *ifp) 790248925Snp{ 791228561Snp INIT_VNET_INET6(ifp->if_vnet); 792248925Snp struct nd_defrouter *dr, *ndr; 793248925Snp struct nd_prefix *pr, *npr; 794248925Snp 795248925Snp /* 796248925Snp * Nuke default router list entries toward ifp. 797248925Snp * We defer removal of default router list entries that is installed 798239336Snp * in the routing table, in order to keep additional side effects as 799248925Snp * small as possible. 800248925Snp */ 801248925Snp for (dr = TAILQ_FIRST(&V_nd_defrouter); dr; dr = ndr) { 802248925Snp ndr = TAILQ_NEXT(dr, dr_entry); 803248925Snp if (dr->installed) 804248925Snp continue; 805248925Snp 806248925Snp if (dr->ifp == ifp) 807248925Snp defrtrlist_del(dr); 808353418Snp } 809248925Snp 810248925Snp for (dr = TAILQ_FIRST(&V_nd_defrouter); dr; dr = ndr) { 811248925Snp ndr = TAILQ_NEXT(dr, dr_entry); 812248925Snp if (!dr->installed) 813228561Snp continue; 814218792Snp 815218792Snp if (dr->ifp == ifp) 816218792Snp defrtrlist_del(dr); 817218792Snp } 818218792Snp 819218792Snp /* Nuke prefix list entries toward ifp */ 820218792Snp for (pr = V_nd_prefix.lh_first; pr; pr = npr) { 821218792Snp npr = pr->ndpr_next; 822218792Snp if (pr->ndpr_ifp == ifp) { 823218792Snp /* 824218792Snp * Because if_detach() does *not* release prefixes 825218792Snp * while purging addresses the reference count will 826218792Snp * still be above zero. We therefore reset it to 827218792Snp * make sure that the prefix really gets purged. 828218792Snp */ 829218792Snp pr->ndpr_refcnt = 0; 830218792Snp 831218792Snp /* 832218792Snp * Previously, pr->ndpr_addr is removed as well, 833253829Snp * but I strongly believe we don't have to do it. 834253829Snp * nd6_purge() is only called from in6_ifdetach(), 835253829Snp * which removes all the associated interface addresses 836253829Snp * by itself. 837308304Sjhb * (jinmei@kame.net 20010129) 838253829Snp */ 839265425Snp prelist_remove(pr); 840265425Snp } 841265425Snp } 842265425Snp 843253829Snp /* cancel default outgoing interface setting */ 844308304Sjhb if (V_nd6_defifindex == ifp->if_index) 845253829Snp nd6_setdefaultiface(0); 846253829Snp 847308304Sjhb if (!V_ip6_forwarding && V_ip6_accept_rtadv) { /* XXX: too restrictive? */ 848253829Snp /* refresh default router list 849253829Snp * 850308304Sjhb * 851253829Snp */ 852253829Snp defrouter_select(); 853253829Snp 854255050Snp } 855255050Snp 856308304Sjhb /* XXXXX 857253829Snp * We do not nuke the neighbor cache entries here any more 858253829Snp * because the neighbor cache is kept in if_afdata[AF_INET6]. 859218792Snp * nd6_purge() is invoked by in6_ifdetach() which is called 860218792Snp * from if_detach() where everything gets purged. So let 861218792Snp * in6_domifdetach() do the actual L2 table purging work. 862218792Snp */ 863218792Snp} 864218792Snp 865218792Snp/* 866218792Snp * the caller acquires and releases the lock on the lltbls 867218792Snp * Returns the llentry locked 868218792Snp */ 869228561Snpstruct llentry * 870218792Snpnd6_lookup(struct in6_addr *addr6, int flags, struct ifnet *ifp) 871218792Snp{ 872218792Snp INIT_VNET_INET6(curvnet); 873218792Snp struct sockaddr_in6 sin6; 874218792Snp struct llentry *ln; 875220873Snp int llflags = 0; 876218792Snp 877228561Snp bzero(&sin6, sizeof(sin6)); 878218792Snp sin6.sin6_len = sizeof(struct sockaddr_in6); 879218792Snp sin6.sin6_family = AF_INET6; 880218792Snp sin6.sin6_addr = *addr6; 881228561Snp 882228561Snp IF_AFDATA_LOCK_ASSERT(ifp); 883220873Snp 884222510Snp if (flags & ND6_CREATE) 885222510Snp llflags |= LLE_CREATE; 886222510Snp if (flags & ND6_EXCLUSIVE) 887228561Snp llflags |= LLE_EXCLUSIVE; 888241398Snp 889220873Snp ln = lla_lookup(LLTABLE6(ifp), llflags, (struct sockaddr *)&sin6); 890218792Snp if ((ln != NULL) && (flags & LLE_CREATE)) { 891220873Snp ln->ln_state = ND6_LLINFO_NOSTATE; 892228561Snp callout_init(&ln->ln_timer_ch, 0); 893228561Snp } 894220873Snp 895309447Sjhb return (ln); 896309447Sjhb} 897220873Snp 898218792Snp/* 899218792Snp * Test whether a given IPv6 address is a neighbor or not, ignoring 900218792Snp * the actual neighbor cache. The neighbor cache is ignored in order 901218792Snp * to not reenter the routing code from within itself. 902218792Snp */ 903218792Snpstatic int 904218792Snpnd6_is_new_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp) 905220873Snp{ 906218792Snp INIT_VNET_INET6(ifp->if_vnet); 907218792Snp struct nd_prefix *pr; 908218792Snp struct ifaddr *dstaddr; 909218792Snp 910228561Snp /* 911228561Snp * A link-local address is always a neighbor. 912220873Snp * XXX: a link does not necessarily specify a single interface. 913228561Snp */ 914220873Snp if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) { 915220873Snp struct sockaddr_in6 sin6_copy; 916228561Snp u_int32_t zone; 917228561Snp 918220873Snp /* 919228561Snp * We need sin6_copy since sa6_recoverscope() may modify the 920228561Snp * content (XXX). 921222510Snp */ 922228561Snp sin6_copy = *addr; 923308154Sjhb if (sa6_recoverscope(&sin6_copy)) 924270297Snp return (0); /* XXX: should be impossible */ 925308154Sjhb if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone)) 926270297Snp return (0); 927228561Snp if (sin6_copy.sin6_scope_id == zone) 928228561Snp return (1); 929228561Snp else 930308154Sjhb return (0); 931218792Snp } 932218792Snp 933228561Snp /* 934228561Snp * If the address matches one of our addresses, 935308154Sjhb * it should be a neighbor. 936228561Snp * If the address matches one of our on-link prefixes, it should be a 937228561Snp * neighbor. 938228561Snp */ 939308154Sjhb for (pr = V_nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 940228561Snp if (pr->ndpr_ifp != ifp) 941308154Sjhb continue; 942228561Snp 943228561Snp if (!(pr->ndpr_stateflags & NDPRF_ONLINK)) 944270297Snp continue; 945228561Snp 946228561Snp if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, 947228561Snp &addr->sin6_addr, &pr->ndpr_mask)) 948228561Snp return (1); 949308154Sjhb } 950318855Snp 951318855Snp /* 952318855Snp * If the address is assigned on the node of the other side of 953318855Snp * a p2p interface, the address should be a neighbor. 954318855Snp */ 955270297Snp dstaddr = ifa_ifwithdstaddr((struct sockaddr *)addr); 956308154Sjhb if ((dstaddr != NULL) && (dstaddr->ifa_ifp == ifp)) 957308154Sjhb return (1); 958270297Snp 959265425Snp /* 960308154Sjhb * If the default router list is empty, all addresses are regarded 961308154Sjhb * as on-link, and thus, as a neighbor. 962308154Sjhb * XXX: we restrict the condition to hosts, because routers usually do 963270297Snp * not have the "default router list". 964270297Snp */ 965308154Sjhb if (!V_ip6_forwarding && TAILQ_FIRST(&V_nd_defrouter) == NULL && 966228561Snp V_nd6_defifindex == ifp->if_index) { 967270297Snp return (1); 968308154Sjhb } 969308154Sjhb 970308154Sjhb return (0); 971270297Snp} 972270297Snp 973308154Sjhb 974270297Snp/* 975228561Snp * Detect if a given IPv6 address identifies a neighbor on a given link. 976308154Sjhb * XXX: should take care of the destination of a p2p link? 977308154Sjhb */ 978270297Snpint 979270297Snpnd6_is_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp) 980270297Snp{ 981308154Sjhb struct llentry *lle; 982308154Sjhb int rc = 0; 983228561Snp 984228561Snp IF_AFDATA_UNLOCK_ASSERT(ifp); 985228561Snp if (nd6_is_new_addr_neighbor(addr, ifp)) 986265425Snp return (1); 987239266Snp 988265425Snp /* 989239266Snp * Even if the address matches none of our addresses, it might be 990265425Snp * in the neighbor cache. 991239266Snp */ 992252728Snp IF_AFDATA_LOCK(ifp); 993265425Snp if ((lle = nd6_lookup(&addr->sin6_addr, 0, ifp)) != NULL) { 994265425Snp LLE_RUNLOCK(lle); 995265425Snp rc = 1; 996265425Snp } 997265425Snp IF_AFDATA_UNLOCK(ifp); 998265425Snp return (rc); 999308304Sjhb} 1000308304Sjhb 1001265425Snp/* 1002265425Snp * Free an nd6 llinfo entry. 1003265425Snp * Since the function would cause significant changes in the kernel, DO NOT 1004252728Snp * make it global, unless you have a strong reason for the change, and are sure 1005265425Snp * that the change is safe. 1006252728Snp */ 1007252728Snpstatic struct llentry * 1008218792Snpnd6_free(struct llentry *ln, int gc) 1009308154Sjhb{ 1010218792Snp INIT_VNET_INET6(curvnet); 1011228561Snp struct llentry *next; 1012218792Snp struct nd_defrouter *dr; 1013218792Snp struct ifnet *ifp=NULL; 1014228561Snp 1015237263Snp /* 1016228561Snp * we used to have pfctlinput(PRC_HOSTDEAD) here. 1017228561Snp * even though it is not harmful, it was not really necessary. 1018228561Snp */ 1019270297Snp 1020308154Sjhb /* cancel timer */ 1021270297Snp nd6_llinfo_settimer(ln, -1); 1022270297Snp 1023270297Snp if (!V_ip6_forwarding) { 1024218792Snp int s; 1025308154Sjhb s = splnet(); 1026218792Snp dr = defrouter_lookup(&L3_ADDR_SIN6(ln)->sin6_addr, ln->lle_tbl->llt_ifp); 1027308154Sjhb 1028308154Sjhb if (dr != NULL && dr->expire && 1029228561Snp ln->ln_state == ND6_LLINFO_STALE && gc) { 1030281212Snp /* 1031218792Snp * If the reason for the deletion is just garbage 1032228561Snp * collection, and the neighbor is an active default 1033308154Sjhb * router, do not delete it. Instead, reset the GC 1034228561Snp * timer using the router's lifetime. 1035308154Sjhb * Simply deleting the entry would affect default 1036308154Sjhb * router selection, which is not necessarily a good 1037308154Sjhb * thing, especially when we're using router preference 1038308154Sjhb * values. 1039308154Sjhb * XXX: the check for ln_state would be redundant, 1040308154Sjhb * but we intentionally keep it just in case. 1041308154Sjhb */ 1042308154Sjhb if (dr->expire > time_second) 1043308154Sjhb nd6_llinfo_settimer(ln, 1044308154Sjhb (dr->expire - time_second) * hz); 1045308154Sjhb else 1046308154Sjhb nd6_llinfo_settimer(ln, (long)V_nd6_gctimer * hz); 1047308154Sjhb splx(s); 1048308154Sjhb return (LIST_NEXT(ln, lle_next)); 1049308154Sjhb } 1050308154Sjhb 1051308154Sjhb if (ln->ln_router || dr) { 1052308154Sjhb /* 1053308154Sjhb * rt6_flush must be called whether or not the neighbor 1054308154Sjhb * is in the Default Router List. 1055308154Sjhb * See a corresponding comment in nd6_na_input(). 1056308154Sjhb */ 1057308154Sjhb rt6_flush(&L3_ADDR_SIN6(ln)->sin6_addr, ln->lle_tbl->llt_ifp); 1058308154Sjhb } 1059308154Sjhb 1060308154Sjhb if (dr) { 1061308154Sjhb /* 1062308154Sjhb * Unreachablity of a router might affect the default 1063308154Sjhb * router selection and on-link detection of advertised 1064308154Sjhb * prefixes. 1065308154Sjhb */ 1066308154Sjhb 1067308154Sjhb /* 1068308154Sjhb * Temporarily fake the state to choose a new default 1069308154Sjhb * router and to perform on-link determination of 1070228561Snp * prefixes correctly. 1071270297Snp * Below the state will be set correctly, 1072228561Snp * or the entry itself will be deleted. 1073228561Snp */ 1074228561Snp ln->ln_state = ND6_LLINFO_INCOMPLETE; 1075265425Snp 1076308154Sjhb /* 1077308154Sjhb * Since defrouter_select() does not affect the 1078270297Snp * on-link determination and MIP6 needs the check 1079270297Snp * before the default router selection, we perform 1080308154Sjhb * the check now. 1081218792Snp */ 1082308154Sjhb pfxlist_onlink_check(); 1083218792Snp 1084218792Snp /* 1085308154Sjhb * refresh default router list 1086308154Sjhb */ 1087218792Snp defrouter_select(); 1088308154Sjhb } 1089228561Snp splx(s); 1090308154Sjhb } 1091228561Snp 1092228561Snp /* 1093228561Snp * Before deleting the entry, remember the next entry as the 1094228561Snp * return value. We need this because pfxlist_onlink_check() above 1095228561Snp * might have freed other entries (particularly the old next entry) as 1096308154Sjhb * a side effect (XXX). 1097308154Sjhb */ 1098308154Sjhb next = LIST_NEXT(ln, lle_next); 1099308154Sjhb 1100237263Snp ifp = ln->lle_tbl->llt_ifp; 1101265425Snp IF_AFDATA_LOCK(ifp); 1102308154Sjhb LLE_WLOCK(ln); 1103308154Sjhb llentry_free(ln); 1104270297Snp IF_AFDATA_UNLOCK(ifp); 1105270297Snp 1106270297Snp return (next); 1107308154Sjhb} 1108228561Snp 1109308154Sjhb/* 1110308154Sjhb * Upper-layer reachability hint for Neighbor Unreachability Detection. 1111228561Snp * 1112228561Snp * XXX cost-effective methods? 1113308154Sjhb */ 1114308154Sjhbvoid 1115228561Snpnd6_nud_hint(struct rtentry *rt, struct in6_addr *dst6, int force) 1116308154Sjhb{ 1117228561Snp INIT_VNET_INET6(curvnet); 1118308154Sjhb struct llentry *ln; 1119228561Snp struct ifnet *ifp; 1120228561Snp 1121228561Snp if ((dst6 == NULL) || (rt == NULL)) 1122228561Snp return; 1123228561Snp 1124228561Snp ifp = rt->rt_ifp; 1125228561Snp IF_AFDATA_LOCK(ifp); 1126228561Snp ln = nd6_lookup(dst6, ND6_EXCLUSIVE, NULL); 1127270297Snp IF_AFDATA_UNLOCK(ifp); 1128228561Snp if (ln == NULL) 1129228561Snp return; 1130228561Snp 1131308154Sjhb if (ln->ln_state < ND6_LLINFO_REACHABLE) 1132308154Sjhb goto done; 1133270297Snp 1134308154Sjhb /* 1135270297Snp * if we get upper-layer reachability confirmation many times, 1136228561Snp * it is possible we have false information. 1137308154Sjhb */ 1138228561Snp if (!force) { 1139308154Sjhb ln->ln_byhint++; 1140270297Snp if (ln->ln_byhint > V_nd6_maxnudhint) { 1141270297Snp goto done; 1142270297Snp } 1143270297Snp } 1144218792Snp 1145237263Snp ln->ln_state = ND6_LLINFO_REACHABLE; 1146308154Sjhb if (!ND6_LLINFO_PERMANENT(ln)) { 1147308154Sjhb nd6_llinfo_settimer(ln, 1148270297Snp (long)ND_IFINFO(rt->rt_ifp)->reachable * hz); 1149270297Snp } 1150308154Sjhbdone: 1151270297Snp LLE_WUNLOCK(ln); 1152228561Snp} 1153308154Sjhb 1154228561Snp 1155308154Sjhbint 1156270297Snpnd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) 1157270297Snp{ 1158270297Snp INIT_VNET_INET6(ifp->if_vnet); 1159270297Snp struct in6_drlist *drl = (struct in6_drlist *)data; 1160228561Snp struct in6_oprlist *oprl = (struct in6_oprlist *)data; 1161228561Snp struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1162228561Snp struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1163228561Snp struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1164228561Snp struct nd_defrouter *dr; 1165228561Snp struct nd_prefix *pr; 1166308154Sjhb int i = 0, error = 0; 1167228561Snp int s; 1168228561Snp 1169308154Sjhb switch (cmd) { 1170308154Sjhb case SIOCGDRLST_IN6: 1171218792Snp /* 1172308154Sjhb * obsolete API, use sysctl under net.inet6.icmp6 1173308304Sjhb */ 1174228561Snp bzero(drl, sizeof(*drl)); 1175218792Snp s = splnet(); 1176308154Sjhb dr = TAILQ_FIRST(&V_nd_defrouter); 1177218792Snp while (dr && i < DRLSTSIZ) { 1178218792Snp drl->defrouter[i].rtaddr = dr->rtaddr; 1179228561Snp in6_clearscope(&drl->defrouter[i].rtaddr); 1180218792Snp 1181237263Snp drl->defrouter[i].flags = dr->flags; 1182308154Sjhb drl->defrouter[i].rtlifetime = dr->rtlifetime; 1183228561Snp drl->defrouter[i].expire = dr->expire; 1184308154Sjhb drl->defrouter[i].if_index = dr->ifp->if_index; 1185270297Snp i++; 1186228561Snp dr = TAILQ_NEXT(dr, dr_entry); 1187308154Sjhb } 1188228561Snp splx(s); 1189308154Sjhb break; 1190308304Sjhb case SIOCGPRLST_IN6: 1191228561Snp /* 1192228561Snp * obsolete API, use sysctl under net.inet6.icmp6 1193228561Snp * 1194308154Sjhb * XXX the structure in6_prlist was changed in backward- 1195228561Snp * incompatible manner. in6_oprlist is used for SIOCGPRLST_IN6, 1196228561Snp * in6_prlist is used for nd6_sysctl() - fill_prlist(). 1197308154Sjhb */ 1198228561Snp /* 1199228561Snp * XXX meaning of fields, especialy "raflags", is very 1200228561Snp * differnet between RA prefix list and RR/static prefix list. 1201228561Snp * how about separating ioctls into two? 1202228561Snp */ 1203228561Snp bzero(oprl, sizeof(*oprl)); 1204228561Snp s = splnet(); 1205228561Snp pr = V_nd_prefix.lh_first; 1206228561Snp while (pr && i < PRLSTSIZ) { 1207309447Sjhb struct nd_pfxrouter *pfr; 1208308154Sjhb int j; 1209308154Sjhb 1210228561Snp oprl->prefix[i].prefix = pr->ndpr_prefix.sin6_addr; 1211228561Snp oprl->prefix[i].raflags = pr->ndpr_raf; 1212308154Sjhb oprl->prefix[i].prefixlen = pr->ndpr_plen; 1213308154Sjhb oprl->prefix[i].vltime = pr->ndpr_vltime; 1214308304Sjhb oprl->prefix[i].pltime = pr->ndpr_pltime; 1215308304Sjhb oprl->prefix[i].if_index = pr->ndpr_ifp->if_index; 1216308154Sjhb if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 1217228561Snp oprl->prefix[i].expire = 0; 1218218792Snp else { 1219218792Snp time_t maxexpire; 1220308154Sjhb 1221218792Snp /* XXX: we assume time_t is signed. */ 1222218792Snp maxexpire = (-1) & 1223218792Snp ~((time_t)1 << 1224218792Snp ((sizeof(maxexpire) * 8) - 1)); 1225218792Snp if (pr->ndpr_vltime < 1226218792Snp maxexpire - pr->ndpr_lastupdate) { 1227218792Snp oprl->prefix[i].expire = 1228218792Snp pr->ndpr_lastupdate + 1229308154Sjhb pr->ndpr_vltime; 1230218792Snp } else 1231218792Snp oprl->prefix[i].expire = maxexpire; 1232308154Sjhb } 1233228561Snp 1234218792Snp pfr = pr->ndpr_advrtrs.lh_first; 1235218792Snp j = 0; 1236237263Snp while (pfr) { 1237228561Snp if (j < DRLSTSIZ) { 1238228561Snp#define RTRADDR oprl->prefix[i].advrtr[j] 1239228561Snp RTRADDR = pfr->router->rtaddr; 1240270297Snp in6_clearscope(&RTRADDR); 1241270297Snp#undef RTRADDR 1242270297Snp } 1243270297Snp j++; 1244218792Snp pfr = pfr->pfr_next; 1245218792Snp } 1246308154Sjhb oprl->prefix[i].advrtrs = j; 1247308154Sjhb oprl->prefix[i].origin = PR_ORIG_RA; 1248308154Sjhb 1249218792Snp i++; 1250218792Snp pr = pr->ndpr_next; 1251308154Sjhb } 1252308154Sjhb splx(s); 1253308154Sjhb 1254308154Sjhb break; 1255308154Sjhb case OSIOCGIFINFO_IN6: 1256308154Sjhb#define ND ndi->ndi 1257308154Sjhb /* XXX: old ndp(8) assumes a positive value for linkmtu. */ 1258308154Sjhb bzero(&ND, sizeof(ND)); 1259308154Sjhb ND.linkmtu = IN6_LINKMTU(ifp); 1260308154Sjhb ND.maxmtu = ND_IFINFO(ifp)->maxmtu; 1261308154Sjhb ND.basereachable = ND_IFINFO(ifp)->basereachable; 1262308154Sjhb ND.reachable = ND_IFINFO(ifp)->reachable; 1263228561Snp ND.retrans = ND_IFINFO(ifp)->retrans; 1264228561Snp ND.flags = ND_IFINFO(ifp)->flags; 1265228561Snp ND.recalctm = ND_IFINFO(ifp)->recalctm; 1266228561Snp ND.chlim = ND_IFINFO(ifp)->chlim; 1267228561Snp break; 1268309447Sjhb case SIOCGIFINFO_IN6: 1269308154Sjhb ND = *ND_IFINFO(ifp); 1270228561Snp break; 1271308154Sjhb case SIOCSIFINFO_IN6: 1272308154Sjhb /* 1273218792Snp * used to change host variables from userland. 1274237263Snp * intented for a use on router to reflect RA configurations. 1275308154Sjhb */ 1276228561Snp /* 0 means 'unspecified' */ 1277228561Snp if (ND.linkmtu != 0) { 1278228561Snp if (ND.linkmtu < IPV6_MMTU || 1279228561Snp ND.linkmtu > IN6_LINKMTU(ifp)) { 1280228561Snp error = EINVAL; 1281228561Snp break; 1282228561Snp } 1283228561Snp ND_IFINFO(ifp)->linkmtu = ND.linkmtu; 1284228561Snp } 1285308154Sjhb 1286228561Snp if (ND.basereachable != 0) { 1287308154Sjhb int obasereachable = ND_IFINFO(ifp)->basereachable; 1288218792Snp 1289237263Snp ND_IFINFO(ifp)->basereachable = ND.basereachable; 1290308154Sjhb if (ND.basereachable != obasereachable) 1291228561Snp ND_IFINFO(ifp)->reachable = 1292308154Sjhb ND_COMPUTE_RTIME(ND.basereachable); 1293228561Snp } 1294228561Snp if (ND.retrans != 0) 1295228561Snp ND_IFINFO(ifp)->retrans = ND.retrans; 1296228561Snp if (ND.chlim != 0) 1297228561Snp ND_IFINFO(ifp)->chlim = ND.chlim; 1298228561Snp /* FALLTHROUGH */ 1299228561Snp case SIOCSIFINFO_FLAGS: 1300308154Sjhb ND_IFINFO(ifp)->flags = ND.flags; 1301228561Snp break; 1302308154Sjhb#undef ND 1303228561Snp case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1304237263Snp /* sync kernel routing table with the default router list */ 1305308154Sjhb defrouter_reset(); 1306228561Snp defrouter_select(); 1307308154Sjhb break; 1308228561Snp case SIOCSPFXFLUSH_IN6: 1309228561Snp { 1310228561Snp /* flush all the prefix advertised by routers */ 1311218792Snp struct nd_prefix *pr, *next; 1312218792Snp 1313218792Snp s = splnet(); 1314228561Snp for (pr = V_nd_prefix.lh_first; pr; pr = next) { 1315228561Snp struct in6_ifaddr *ia, *ia_next; 1316228561Snp 1317228561Snp next = pr->ndpr_next; 1318218792Snp 1319218792Snp if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1320218792Snp continue; /* XXX */ 1321218792Snp 1322228561Snp /* do we really have to remove addresses as well? */ 1323218792Snp for (ia = V_in6_ifaddr; ia; ia = ia_next) { 1324218792Snp /* ia might be removed. keep the next ptr. */ 1325228561Snp ia_next = ia->ia_next; 1326228561Snp 1327228561Snp if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1328218792Snp continue; 1329218792Snp 1330218792Snp if (ia->ia6_ndpr == pr) 1331218792Snp in6_purgeaddr(&ia->ia_ifa); 1332218792Snp } 1333218792Snp prelist_remove(pr); 1334218792Snp } 1335218792Snp splx(s); 1336218792Snp break; 1337222510Snp } 1338218792Snp case SIOCSRTRFLUSH_IN6: 1339218792Snp { 1340218792Snp /* flush all the default routers */ 1341218792Snp struct nd_defrouter *dr, *next; 1342218792Snp 1343218792Snp s = splnet(); 1344218792Snp defrouter_reset(); 1345220649Snp for (dr = TAILQ_FIRST(&V_nd_defrouter); dr; dr = next) { 1346228561Snp next = TAILQ_NEXT(dr, dr_entry); 1347228561Snp defrtrlist_del(dr); 1348228561Snp } 1349222510Snp defrouter_select(); 1350220649Snp splx(s); 1351220649Snp break; 1352228561Snp } 1353228561Snp case SIOCGNBRINFO_IN6: 1354220649Snp { 1355220649Snp struct llentry *ln; 1356228561Snp struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1357228561Snp 1358228561Snp if ((error = in6_setscope(&nb_addr, ifp, NULL)) != 0) 1359228561Snp return (error); 1360228561Snp 1361228561Snp IF_AFDATA_LOCK(ifp); 1362228561Snp ln = nd6_lookup(&nb_addr, 0, ifp); 1363308154Sjhb IF_AFDATA_UNLOCK(ifp); 1364308154Sjhb 1365308154Sjhb if (ln == NULL) { 1366308154Sjhb error = EINVAL; 1367308154Sjhb break; 1368308154Sjhb } 1369308154Sjhb nbi->state = ln->ln_state; 1370308154Sjhb nbi->asked = ln->la_asked; 1371308154Sjhb nbi->isrouter = ln->ln_router; 1372308154Sjhb nbi->expire = ln->la_expire; 1373308154Sjhb LLE_RUNLOCK(ln); 1374308154Sjhb break; 1375308154Sjhb } 1376308154Sjhb case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1377308154Sjhb ndif->ifindex = V_nd6_defifindex; 1378228561Snp break; 1379228561Snp case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1380228561Snp return (nd6_setdefaultiface(ndif->ifindex)); 1381228561Snp } 1382228561Snp return (error); 1383228561Snp} 1384228561Snp 1385237263Snp/* 1386270297Snp * Create neighbor cache entry and cache link-layer address, 1387218792Snp * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1388270297Snp * 1389270297Snp * type - ICMP6 type 1390270297Snp * code - type dependent information 1391228561Snp * 1392270297Snp * XXXXX 1393228561Snp * The caller of this function already acquired the ndp 1394228561Snp * cache table lock because the cache entry is returned. 1395255015Snp */ 1396255015Snpstruct llentry * 1397255015Snpnd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr, 1398218792Snp int lladdrlen, int type, int code) 1399228561Snp{ 1400218792Snp INIT_VNET_INET6(curvnet); 1401270297Snp struct llentry *ln = NULL; 1402270297Snp int is_newentry; 1403270297Snp int do_update; 1404270297Snp int olladdr; 1405270297Snp int llchange; 1406270297Snp int flags = 0; 1407270297Snp int newstate = 0; 1408270297Snp uint16_t router = 0; 1409270297Snp struct sockaddr_in6 sin6; 1410270297Snp struct mbuf *tail = NULL, *chain = NULL; 1411228561Snp int static_route = 0; 1412228561Snp 1413228561Snp IF_AFDATA_UNLOCK_ASSERT(ifp); 1414228561Snp 1415228561Snp if (ifp == NULL) 1416270297Snp panic("ifp == NULL in nd6_cache_lladdr"); 1417218792Snp if (from == NULL) 1418228561Snp panic("from == NULL in nd6_cache_lladdr"); 1419218792Snp 1420270297Snp /* nothing must be updated for unspecified address */ 1421228561Snp if (IN6_IS_ADDR_UNSPECIFIED(from)) 1422270297Snp return NULL; 1423270297Snp 1424218792Snp /* 1425228561Snp * Validation about ifp->if_addrlen and lladdrlen must be done in 1426228561Snp * the caller. 1427228561Snp * 1428228561Snp * XXX If the link does not have link-layer adderss, what should 1429228561Snp * we do? (ifp->if_addrlen == 0) 1430228561Snp * Spec says nothing in sections for RA, RS and NA. There's small 1431228561Snp * description on it in NS section (RFC 2461 7.2.3). 1432270297Snp */ 1433255050Snp flags |= lladdr ? ND6_EXCLUSIVE : 0; 1434255050Snp IF_AFDATA_LOCK(ifp); 1435270297Snp ln = nd6_lookup(from, flags, ifp); 1436228561Snp if (ln) 1437228561Snp IF_AFDATA_UNLOCK(ifp); 1438228561Snp if (ln == NULL) { 1439228561Snp flags |= LLE_EXCLUSIVE; 1440228561Snp ln = nd6_lookup(from, flags |ND6_CREATE, ifp); 1441228561Snp IF_AFDATA_UNLOCK(ifp); 1442228561Snp is_newentry = 1; 1443228561Snp } else { 1444228561Snp /* do nothing if static ndp is set */ 1445228561Snp if (ln->la_flags & LLE_STATIC) { 1446228561Snp static_route = 1; 1447228561Snp goto done; 1448228561Snp } 1449228561Snp is_newentry = 0; 1450228561Snp } 1451228561Snp if (ln == NULL) 1452228561Snp return (NULL); 1453228561Snp 1454270297Snp olladdr = (ln->la_flags & LLE_VALID) ? 1 : 0; 1455228561Snp if (olladdr && lladdr) { 1456270297Snp llchange = bcmp(lladdr, &ln->ll_addr, 1457309442Sjhb ifp->if_addrlen); 1458228561Snp } else 1459228561Snp llchange = 0; 1460228561Snp 1461228561Snp /* 1462228561Snp * newentry olladdr lladdr llchange (*=record) 1463228561Snp * 0 n n -- (1) 1464228561Snp * 0 y n -- (2) 1465228561Snp * 0 n y -- (3) * STALE 1466228561Snp * 0 y y n (4) * 1467228561Snp * 0 y y y (5) * STALE 1468228561Snp * 1 -- n -- (6) NOSTATE(= PASSIVE) 1469228561Snp * 1 -- y -- (7) * STALE 1470228561Snp */ 1471228561Snp 1472255005Snp if (lladdr) { /* (3-5) and (7) */ 1473255005Snp /* 1474255005Snp * Record source link-layer address 1475255005Snp * XXX is it dependent to ifp->if_type? 1476255005Snp */ 1477255005Snp bcopy(lladdr, &ln->ll_addr, ifp->if_addrlen); 1478255005Snp ln->la_flags |= LLE_VALID; 1479309442Sjhb } 1480255005Snp 1481255005Snp if (!is_newentry) { 1482255005Snp if ((!olladdr && lladdr != NULL) || /* (3) */ 1483309447Sjhb (olladdr && lladdr != NULL && llchange)) { /* (5) */ 1484309447Sjhb do_update = 1; 1485228561Snp newstate = ND6_LLINFO_STALE; 1486228561Snp } else /* (1-2,4) */ 1487270297Snp do_update = 0; 1488228561Snp } else { 1489228561Snp do_update = 1; 1490228561Snp if (lladdr == NULL) /* (6) */ 1491228561Snp newstate = ND6_LLINFO_NOSTATE; 1492228561Snp else /* (7) */ 1493228561Snp newstate = ND6_LLINFO_STALE; 1494228561Snp } 1495228561Snp 1496228561Snp if (do_update) { 1497228561Snp /* 1498255005Snp * Update the state of the neighbor cache. 1499255005Snp */ 1500255005Snp ln->ln_state = newstate; 1501255005Snp 1502255005Snp if (ln->ln_state == ND6_LLINFO_STALE) { 1503255005Snp /* 1504237263Snp * XXX: since nd6_output() below will cause 1505228561Snp * state tansition to DELAY and reset the timer, 1506228561Snp * we must set the timer now, although it is actually 1507270297Snp * meaningless. 1508270297Snp */ 1509270297Snp nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz); 1510270297Snp 1511270297Snp if (ln->la_hold) { 1512265425Snp struct mbuf *m_hold, *m_hold_next; 1513270297Snp 1514309447Sjhb /* 1515228561Snp * reset the la_hold in advance, to explicitly 1516228561Snp * prevent a la_hold lookup in nd6_output() 1517228561Snp * (wouldn't happen, though...) 1518228561Snp */ 1519228561Snp for (m_hold = ln->la_hold, ln->la_hold = NULL; 1520255015Snp m_hold; m_hold = m_hold_next) { 1521255015Snp m_hold_next = m_hold->m_nextpkt; 1522255015Snp m_hold->m_nextpkt = NULL; 1523255015Snp 1524255015Snp /* 1525255015Snp * we assume ifp is not a p2p here, so 1526255015Snp * just set the 2nd argument as the 1527255015Snp * 1st one. 1528267244Snp */ 1529270297Snp nd6_output_lle(ifp, ifp, m_hold, L3_ADDR_SIN6(ln), NULL, ln, &tail); 1530267244Snp if ((tail != NULL) && chain == (NULL)) 1531267244Snp chain = tail; 1532267244Snp } 1533267244Snp if (chain) 1534228561Snp memcpy(&sin6, L3_ADDR_SIN6(ln), sizeof(sin6)); 1535267244Snp } 1536228561Snp } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1537270297Snp /* probe right away */ 1538270297Snp nd6_llinfo_settimer_locked((void *)ln, 0); 1539270297Snp } 1540270297Snp } 1541270297Snp 1542270297Snp /* 1543218792Snp * ICMP6 type dependent behavior. 1544222510Snp * 1545255050Snp * NS: clear IsRouter if new entry 1546228561Snp * RS: clear IsRouter 1547228561Snp * RA: set IsRouter if there's lladdr 1548228561Snp * redir: clear IsRouter if new entry 1549228561Snp * 1550228561Snp * RA case, (1): 1551228561Snp * The spec says that we must set IsRouter in the following cases: 1552228561Snp * - If lladdr exist, set IsRouter. This means (1-5). 1553228561Snp * - If it is old entry (!newentry), set IsRouter. This means (7). 1554228561Snp * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1555228561Snp * A quetion arises for (1) case. (1) case has no lladdr in the 1556228561Snp * neighbor cache, this is similar to (6). 1557228561Snp * This case is rare but we figured that we MUST NOT set IsRouter. 1558228561Snp * 1559218792Snp * newentry olladdr lladdr llchange NS RS RA redir 1560218792Snp * D R 1561237819Snp * 0 n n -- (1) c ? s 1562228561Snp * 0 y n -- (2) c s s 1563228561Snp * 0 n y -- (3) c s s 1564228561Snp * 0 y y n (4) c s s 1565228561Snp * 0 y y y (5) c s s 1566228561Snp * 1 -- n -- (6) c c c s 1567228561Snp * 1 -- y -- (7) c c s c s 1568228561Snp * 1569228561Snp * (c=clear s=set) 1570228561Snp */ 1571228561Snp switch (type & 0xff) { 1572228561Snp case ND_NEIGHBOR_SOLICIT: 1573228561Snp /* 1574309447Sjhb * New entry must have is_router flag cleared. 1575228561Snp */ 1576228561Snp if (is_newentry) /* (6-7) */ 1577228561Snp ln->ln_router = 0; 1578228561Snp break; 1579228561Snp case ND_REDIRECT: 1580228561Snp /* 1581265425Snp * If the icmp is a redirect to a better router, always set the 1582228561Snp * is_router flag. Otherwise, if the entry is newly created, 1583228561Snp * clear the flag. [RFC 2461, sec 8.3] 1584228561Snp */ 1585228561Snp if (code == ND_REDIRECT_ROUTER) 1586228561Snp ln->ln_router = 1; 1587228561Snp else if (is_newentry) /* (6-7) */ 1588218792Snp ln->ln_router = 0; 1589218792Snp break; 1590265425Snp case ND_ROUTER_SOLICIT: 1591265425Snp /* 1592255050Snp * is_router flag must always be cleared. 1593265425Snp */ 1594255050Snp ln->ln_router = 0; 1595265425Snp break; 1596265425Snp case ND_ROUTER_ADVERT: 1597255050Snp /* 1598265425Snp * Mark an entry with lladdr as a router. 1599255050Snp */ 1600255050Snp if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 1601265425Snp (is_newentry && lladdr)) { /* (7) */ 1602265425Snp ln->ln_router = 1; 1603265425Snp } 1604255050Snp break; 1605255050Snp } 1606265425Snp 1607265425Snp if (ln) { 1608255050Snp static_route = (ln->la_flags & LLE_STATIC); 1609265425Snp router = ln->ln_router; 1610255050Snp 1611265425Snp if (flags & ND6_EXCLUSIVE) 1612255050Snp LLE_WUNLOCK(ln); 1613255050Snp else 1614255050Snp LLE_RUNLOCK(ln); 1615255050Snp if (static_route) 1616255050Snp ln = NULL; 1617255050Snp } 1618255050Snp if (chain) 1619255050Snp nd6_output_flush(ifp, ifp, chain, &sin6, NULL); 1620255050Snp 1621269356Snp /* 1622255050Snp * When the link-layer address of a router changes, select the 1623255050Snp * best router again. In particular, when the neighbor entry is newly 1624255050Snp * created, it might affect the selection policy. 1625255050Snp * Question: can we restrict the first condition to the "is_newentry" 1626265425Snp * case? 1627265425Snp * XXX: when we hear an RA from a new router with the link-layer 1628265425Snp * address option, defrouter_select() is called twice, since 1629265425Snp * defrtrlist_update called the function as well. However, I believe 1630265425Snp * we can compromise the overhead, since it only happens the first 1631265425Snp * time. 1632265425Snp * XXX: although defrouter_select() should not have a bad effect 1633265425Snp * for those are not autoconfigured hosts, we explicitly avoid such 1634265425Snp * cases for safety. 1635265425Snp */ 1636255050Snp if (do_update && router && !V_ip6_forwarding && V_ip6_accept_rtadv) { 1637281212Snp /* 1638281212Snp * guaranteed recursion 1639218792Snp */ 1640265425Snp defrouter_select(); 1641228561Snp } 1642265425Snp 1643265425Snp return (ln); 1644265425Snpdone: 1645265425Snp if (ln) { 1646281212Snp if (flags & ND6_EXCLUSIVE) 1647265425Snp LLE_WUNLOCK(ln); 1648218792Snp else 1649281212Snp LLE_RUNLOCK(ln); 1650281212Snp if (static_route) 1651265425Snp ln = NULL; 1652281212Snp } 1653281212Snp return (ln); 1654281212Snp} 1655219290Snp 1656281212Snpstatic void 1657281212Snpnd6_slowtimo(void *arg) 1658281212Snp{ 1659281212Snp CURVNET_SET((struct vnet *) arg); 1660281212Snp INIT_VNET_NET((struct vnet *) arg); 1661281212Snp INIT_VNET_INET6((struct vnet *) arg); 1662281212Snp struct nd_ifinfo *nd6if; 1663281212Snp struct ifnet *ifp; 1664265425Snp 1665255050Snp callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 1666265425Snp nd6_slowtimo, NULL); 1667265425Snp IFNET_RLOCK(); 1668265425Snp for (ifp = TAILQ_FIRST(&V_ifnet); ifp; 1669255050Snp ifp = TAILQ_NEXT(ifp, if_list)) { 1670281212Snp nd6if = ND_IFINFO(ifp); 1671265425Snp if (nd6if->basereachable && /* already initialized */ 1672265425Snp (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1673255050Snp /* 1674265425Snp * Since reachable time rarely changes by router 1675255050Snp * advertisements, we SHOULD insure that a new random 1676265425Snp * value gets recomputed at least once every few hours. 1677265425Snp * (RFC 2461, 6.3.4) 1678255050Snp */ 1679265425Snp nd6if->recalctm = V_nd6_recalc_reachtm_interval; 1680265425Snp nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 1681255050Snp } 1682269356Snp } 1683255050Snp IFNET_RUNLOCK(); 1684265425Snp CURVNET_RESTORE(); 1685265425Snp} 1686267694Snp 1687265425Snpint 1688255050Snpnd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0, 1689265425Snp struct sockaddr_in6 *dst, struct rtentry *rt0) 1690269356Snp{ 1691265425Snp 1692281212Snp return (nd6_output_lle(ifp, origifp, m0, dst, rt0, NULL, NULL)); 1693281212Snp} 1694265425Snp 1695265425Snp 1696281212Snp/* 1697265425Snp * Note that I'm not enforcing any global serialization 1698269356Snp * lle state or asked changes here as the logic is too 1699269356Snp * complicated to avoid having to always acquire an exclusive 1700255050Snp * lock 1701265425Snp * KMM 1702255050Snp * 1703265425Snp */ 1704265425Snp#define senderr(e) { error = (e); goto bad;} 1705265425Snp 1706265425Snpint 1707255050Snpnd6_output_lle(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0, 1708281212Snp struct sockaddr_in6 *dst, struct rtentry *rt0, struct llentry *lle, 1709265425Snp struct mbuf **tail) 1710265425Snp{ 1711265425Snp INIT_VNET_INET6(curvnet); 1712265425Snp struct mbuf *m = m0; 1713267694Snp struct rtentry *rt = rt0; 1714281212Snp struct llentry *ln = lle; 1715265425Snp int error = 0; 1716269356Snp int flags = 0; 1717269356Snp 1718267694Snp#ifdef INVARIANTS 1719265425Snp if (lle) { 1720265425Snp 1721255050Snp LLE_WLOCK_ASSERT(lle); 1722255050Snp 1723281212Snp KASSERT(tail != NULL, (" lle locked but no tail pointer passed")); 1724281212Snp } 1725265425Snp#endif 1726255050Snp if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr)) 1727265425Snp goto sendpkt; 1728281212Snp 1729265425Snp if (nd6_need_cache(ifp) == 0) 1730265425Snp goto sendpkt; 1731265425Snp 1732265425Snp /* 1733255050Snp * next hop determination. This routine is derived from ether_output. 1734270297Snp */ 1735270297Snp 1736270297Snp /* 1737270297Snp * Address resolution or Neighbor Unreachability Detection 1738270297Snp * for the next hop. 1739270297Snp * At this point, the destination of the packet must be a unicast 1740270297Snp * or an anycast address(i.e. not a multicast). 1741265425Snp */ 1742255050Snp 1743265425Snp flags = ((m != NULL) || (lle != NULL)) ? LLE_EXCLUSIVE : 0; 1744255050Snp if (ln == NULL) { 1745255050Snp retry: 1746255050Snp IF_AFDATA_LOCK(rt->rt_ifp); 1747270297Snp ln = lla_lookup(LLTABLE6(ifp), flags, (struct sockaddr *)dst); 1748255050Snp IF_AFDATA_UNLOCK(rt->rt_ifp); 1749265425Snp if ((ln == NULL) && nd6_is_addr_neighbor(dst, ifp)) { 1750281212Snp /* 1751281212Snp * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 1752255050Snp * the condition below is not very efficient. But we believe 1753270297Snp * it is tolerable, because this should be a rare case. 1754266965Snp */ 1755281212Snp flags = ND6_CREATE | (m ? ND6_EXCLUSIVE : 0); 1756281212Snp IF_AFDATA_LOCK(rt->rt_ifp); 1757218792Snp ln = nd6_lookup(&dst->sin6_addr, flags, ifp); 1758265425Snp IF_AFDATA_UNLOCK(rt->rt_ifp); 1759265425Snp } 1760281212Snp } 1761270297Snp if (ln == NULL) { 1762265425Snp if ((ifp->if_flags & IFF_POINTOPOINT) == 0 && 1763255050Snp !(ND_IFINFO(ifp)->flags & ND6_IFF_PERFORMNUD)) { 1764255050Snp char ip6buf[INET6_ADDRSTRLEN]; 1765265425Snp log(LOG_DEBUG, 1766265425Snp "nd6_output: can't allocate llinfo for %s " 1767270297Snp "(ln=%p, rt=%p)\n", 1768270297Snp ip6_sprintf(ip6buf, &dst->sin6_addr), ln, rt); 1769270297Snp senderr(EIO); /* XXX: good error? */ 1770270297Snp } 1771270297Snp goto sendpkt; /* send anyway */ 1772270297Snp } 1773270297Snp 1774228561Snp /* We don't have to do link-layer address resolution on a p2p link. */ 1775218792Snp if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 1776265425Snp ln->ln_state < ND6_LLINFO_REACHABLE) { 1777265425Snp if ((flags & LLE_EXCLUSIVE) == 0) { 1778265425Snp flags |= LLE_EXCLUSIVE; 1779265425Snp goto retry; 1780218792Snp } 1781281212Snp ln->ln_state = ND6_LLINFO_STALE; 1782266965Snp nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz); 1783270297Snp } 1784281212Snp 1785265425Snp /* 1786281212Snp * The first time we send a packet to a neighbor whose entry is 1787265425Snp * STALE, we have to change the state to DELAY and a sets a timer to 1788265425Snp * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 1789281212Snp * neighbor unreachability detection on expiration. 1790270297Snp * (RFC 2461 7.3.3) 1791265425Snp */ 1792265425Snp if (ln->ln_state == ND6_LLINFO_STALE) { 1793281212Snp if ((flags & LLE_EXCLUSIVE) == 0) { 1794270297Snp flags |= LLE_EXCLUSIVE; 1795270297Snp LLE_RUNLOCK(ln); 1796218792Snp goto retry; 1797265425Snp } 1798265425Snp ln->la_asked = 0; 1799281212Snp ln->ln_state = ND6_LLINFO_DELAY; 1800265425Snp nd6_llinfo_settimer_locked(ln, (long)V_nd6_delay * hz); 1801265425Snp } 1802270297Snp 1803286273Snp /* 1804228561Snp * If the neighbor cache entry has a state other than INCOMPLETE 1805228561Snp * (i.e. its link-layer address is already resolved), just 1806218792Snp * send the packet. 1807228561Snp */ 1808228561Snp if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 1809228561Snp goto sendpkt; 1810237463Snp 1811228561Snp /* 1812308304Sjhb * There is a neighbor cache entry, but no ethernet address 1813228561Snp * response yet. Append this latest packet to the end of the 1814237819Snp * packet queue in the mbuf, unless the number of the packet 1815228561Snp * does not exceed nd6_maxqueuelen. When it exceeds nd6_maxqueuelen, 1816228561Snp * the oldest packet in the queue will be removed. 1817219290Snp */ 1818228561Snp if (ln->ln_state == ND6_LLINFO_NOSTATE) 1819228561Snp ln->ln_state = ND6_LLINFO_INCOMPLETE; 1820219290Snp 1821308304Sjhb if ((flags & LLE_EXCLUSIVE) == 0) { 1822308304Sjhb flags |= LLE_EXCLUSIVE; 1823308304Sjhb LLE_RUNLOCK(ln); 1824219290Snp goto retry; 1825228561Snp } 1826281955Shiren if (ln->la_hold) { 1827259142Snp struct mbuf *m_hold; 1828219290Snp int i; 1829311261Snp 1830237799Snp i = 0; 1831237799Snp for (m_hold = ln->la_hold; m_hold; m_hold = m_hold->m_nextpkt) { 1832237831Snp i++; 1833237799Snp if (m_hold->m_nextpkt == NULL) { 1834237799Snp m_hold->m_nextpkt = m; 1835237799Snp break; 1836237799Snp } 1837237831Snp } 1838237799Snp while (i >= V_nd6_maxqueuelen) { 1839237799Snp m_hold = ln->la_hold; 1840237799Snp ln->la_hold = ln->la_hold->m_nextpkt; 1841237799Snp m_freem(m_hold); 1842237799Snp i--; 1843228561Snp } 1844228561Snp } else { 1845228561Snp ln->la_hold = m; 1846228561Snp } 1847219290Snp /* 1848228561Snp * We did the lookup (no lle arg) so we 1849228561Snp * need to do the unlock here 1850228561Snp */ 1851228561Snp if (lle == NULL) { 1852228561Snp if (flags & LLE_EXCLUSIVE) 1853219290Snp LLE_WUNLOCK(ln); 1854237819Snp else 1855309558Sjhb LLE_RUNLOCK(ln); 1856228561Snp } 1857228561Snp 1858228561Snp /* 1859218792Snp * If there has been no NS for the neighbor after entering the 1860228561Snp * INCOMPLETE state, send the first solicitation. 1861218792Snp */ 1862228561Snp if (!ND6_LLINFO_PERMANENT(ln) && ln->la_asked == 0) { 1863228561Snp ln->la_asked++; 1864218792Snp 1865228561Snp nd6_llinfo_settimer(ln, 1866284052Snp (long)ND_IFINFO(ifp)->retrans * hz / 1000); 1867284052Snp nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); 1868284052Snp } 1869284052Snp return (0); 1870284052Snp 1871284052Snp sendpkt: 1872284052Snp /* discard the packet if IPv6 operation is disabled on the interface */ 1873284052Snp if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) { 1874284052Snp error = ENETDOWN; /* better error? */ 1875284052Snp goto bad; 1876284052Snp } 1877284052Snp /* 1878284052Snp * ln is valid and the caller did not pass in 1879284052Snp * an llentry 1880284052Snp */ 1881284052Snp if (ln && (lle == NULL)) { 1882284052Snp if (flags & LLE_EXCLUSIVE) 1883284052Snp LLE_WUNLOCK(ln); 1884284052Snp else 1885284052Snp LLE_RUNLOCK(ln); 1886284052Snp } 1887284052Snp 1888284052Snp#ifdef MAC 1889284052Snp mac_netinet6_nd6_send(ifp, m); 1890284052Snp#endif 1891284052Snp if (lle != NULL) { 1892284052Snp if (*tail == NULL) 1893308320Sjhb *tail = m; 1894308320Sjhb else { 1895284052Snp (*tail)->m_nextpkt = m; 1896284052Snp *tail = m; 1897284052Snp } 1898284052Snp return (error); 1899284052Snp } 1900284052Snp if ((ifp->if_flags & IFF_LOOPBACK) != 0) { 1901284052Snp return ((*ifp->if_output)(origifp, m, (struct sockaddr *)dst, 1902284052Snp rt)); 1903284052Snp } 1904284052Snp error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst, rt); 1905284052Snp return (error); 1906308320Sjhb 1907284052Snp bad: 1908284052Snp /* 1909284052Snp * ln is valid and the caller did not pass in 1910284052Snp * an llentry 1911284052Snp */ 1912284052Snp if (ln && (lle == NULL)) { 1913284052Snp if (flags & LLE_EXCLUSIVE) 1914284052Snp LLE_WUNLOCK(ln); 1915284052Snp else 1916284052Snp LLE_RUNLOCK(ln); 1917284052Snp } 1918284052Snp if (m) 1919284052Snp m_freem(m); 1920284052Snp return (error); 1921284052Snp} 1922284052Snp#undef senderr 1923309458Sjhb 1924284052Snp 1925284052Snpint 1926284052Snpnd6_output_flush(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *chain, 1927284052Snp struct sockaddr_in6 *dst, struct rtentry *rt) 1928284052Snp{ 1929284052Snp struct mbuf *m, *m_head; 1930284052Snp struct ifnet *outifp; 1931284052Snp int error = 0; 1932284052Snp 1933284052Snp m_head = chain; 1934284052Snp if ((ifp->if_flags & IFF_LOOPBACK) != 0) 1935284052Snp outifp = origifp; 1936284052Snp else 1937284052Snp outifp = ifp; 1938284052Snp 1939284052Snp while (m_head) { 1940284052Snp m = m_head; 1941284052Snp m_head = m_head->m_nextpkt; 1942284052Snp error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst, rt); 1943284052Snp } 1944284052Snp 1945284052Snp /* 1946284052Snp * XXX 1947284052Snp * note that intermediate errors are blindly ignored - but this is 1948284052Snp * the same convention as used with nd6_output when called by 1949284052Snp * nd6_cache_lladdr 1950284052Snp */ 1951284052Snp return (error); 1952284052Snp} 1953284052Snp 1954228561Snp 1955228561Snpint 1956237263Snpnd6_need_cache(struct ifnet *ifp) 1957237263Snp{ 1958228561Snp /* 1959284052Snp * XXX: we currently do not make neighbor cache on any interface 1960228561Snp * other than ARCnet, Ethernet, FDDI and GIF. 1961284052Snp * 1962228561Snp * RFC2893 says: 1963284052Snp * - unidirectional tunnels needs no ND 1964284052Snp */ 1965284052Snp switch (ifp->if_type) { 1966284052Snp case IFT_ARCNET: 1967284052Snp case IFT_ETHER: 1968284052Snp case IFT_FDDI: 1969284052Snp case IFT_IEEE1394: 1970284052Snp#ifdef IFT_L2VLAN 1971284052Snp case IFT_L2VLAN: 1972284052Snp#endif 1973284052Snp#ifdef IFT_IEEE80211 1974284052Snp case IFT_IEEE80211: 1975284052Snp#endif 1976284052Snp#ifdef IFT_CARP 1977284052Snp case IFT_CARP: 1978284052Snp#endif 1979284052Snp case IFT_GIF: /* XXX need more cases? */ 1980284052Snp case IFT_PPP: 1981284052Snp case IFT_TUNNEL: 1982284052Snp case IFT_BRIDGE: 1983284052Snp case IFT_PROPVIRTUAL: 1984308154Sjhb return (1); 1985308154Sjhb default: 1986284052Snp return (0); 1987237263Snp } 1988284052Snp} 1989237263Snp 1990284052Snp/* 1991284052Snp * the callers of this function need to be re-worked to drop 1992228561Snp * the lle lock, drop here for now 1993284052Snp */ 1994308154Sjhbint 1995284052Snpnd6_storelladdr(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, 1996218792Snp struct sockaddr *dst, u_char *desten, struct llentry **lle) 1997284052Snp{ 1998284052Snp struct llentry *ln; 1999284052Snp 2000218792Snp *lle = NULL; 2001284052Snp IF_AFDATA_UNLOCK_ASSERT(ifp); 2002284052Snp if (m->m_flags & M_MCAST) { 2003308154Sjhb int i; 2004284052Snp 2005228561Snp switch (ifp->if_type) { 2006284052Snp case IFT_ETHER: 2007284052Snp case IFT_FDDI: 2008284052Snp#ifdef IFT_L2VLAN 2009284052Snp case IFT_L2VLAN: 2010284052Snp#endif 2011284052Snp#ifdef IFT_IEEE80211 2012228561Snp case IFT_IEEE80211: 2013284052Snp#endif 2014284052Snp case IFT_BRIDGE: 2015284052Snp case IFT_ISO88025: 2016228561Snp ETHER_MAP_IPV6_MULTICAST(&SIN6(dst)->sin6_addr, 2017284052Snp desten); 2018284052Snp return (0); 2019284052Snp case IFT_IEEE1394: 2020218792Snp /* 2021284052Snp * netbsd can use if_broadcastaddr, but we don't do so 2022284052Snp * to reduce # of ifdef. 2023218792Snp */ 2024284052Snp for (i = 0; i < ifp->if_addrlen; i++) 2025284052Snp desten[i] = ~0; 2026284052Snp return (0); 2027218792Snp case IFT_ARCNET: 2028284052Snp *desten = 0; 2029284052Snp return (0); 2030284052Snp default: 2031228561Snp m_freem(m); 2032284052Snp return (EAFNOSUPPORT); 2033284052Snp } 2034284052Snp } 2035284052Snp 2036228561Snp 2037284052Snp /* 2038284052Snp * the entry should have been created in nd6_store_lladdr 2039284052Snp */ 2040228561Snp IF_AFDATA_LOCK(ifp); 2041284052Snp ln = lla_lookup(LLTABLE6(ifp), 0, dst); 2042284052Snp IF_AFDATA_UNLOCK(ifp); 2043228561Snp if ((ln == NULL) || !(ln->la_flags & LLE_VALID)) { 2044284052Snp if (ln != NULL) 2045284052Snp LLE_RUNLOCK(ln); 2046284052Snp /* this could happen, if we could not allocate memory */ 2047228561Snp m_freem(m); 2048284052Snp return (1); 2049284052Snp } 2050220873Snp 2051220873Snp bcopy(&ln->ll_addr, desten, ifp->if_addrlen); 2052284052Snp *lle = ln; 2053284052Snp LLE_RUNLOCK(ln); 2054284052Snp /* 2055218792Snp * A *small* use after free race exists here 2056284052Snp */ 2057218792Snp return (0); 2058284052Snp} 2059284052Snp 2060284052Snpstatic void 2061284052Snpclear_llinfo_pqueue(struct llentry *ln) 2062284052Snp{ 2063284052Snp struct mbuf *m_hold, *m_hold_next; 2064218792Snp 2065284052Snp for (m_hold = ln->la_hold; m_hold; m_hold = m_hold_next) { 2066284052Snp m_hold_next = m_hold->m_nextpkt; 2067218792Snp m_hold->m_nextpkt = NULL; 2068284052Snp m_freem(m_hold); 2069284052Snp } 2070218792Snp 2071218792Snp ln->la_hold = NULL; 2072284052Snp return; 2073218792Snp} 2074284052Snp 2075284052Snpstatic int nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS); 2076284052Snpstatic int nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS); 2077284052Snp#ifdef SYSCTL_DECL 2078219292SnpSYSCTL_DECL(_net_inet6_icmp6); 2079284052Snp#endif 2080284052SnpSYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist, 2081284052Snp CTLFLAG_RD, nd6_sysctl_drlist, ""); 2082218792SnpSYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist, 2083284052Snp CTLFLAG_RD, nd6_sysctl_prlist, ""); 2084218792SnpSYSCTL_V_INT(V_NET, vnet_inet6, _net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, 2085284052Snp nd6_maxqueuelen, CTLFLAG_RW, nd6_maxqueuelen, 1, ""); 2086284052Snp 2087284052Snpstatic int 2088284052Snpnd6_sysctl_drlist(SYSCTL_HANDLER_ARGS) 2089284052Snp{ 2090284052Snp INIT_VNET_INET6(curvnet); 2091284052Snp int error; 2092284052Snp char buf[1024] __aligned(4); 2093284052Snp struct in6_defrouter *d, *de; 2094284052Snp struct nd_defrouter *dr; 2095284052Snp 2096284052Snp if (req->newptr) 2097284052Snp return EPERM; 2098284052Snp error = 0; 2099284052Snp 2100284052Snp for (dr = TAILQ_FIRST(&V_nd_defrouter); dr; 2101284052Snp dr = TAILQ_NEXT(dr, dr_entry)) { 2102228561Snp d = (struct in6_defrouter *)buf; 2103284052Snp de = (struct in6_defrouter *)(buf + sizeof(buf)); 2104284052Snp 2105228561Snp if (d + 1 <= de) { 2106284052Snp bzero(d, sizeof(*d)); 2107284052Snp d->rtaddr.sin6_family = AF_INET6; 2108284052Snp d->rtaddr.sin6_len = sizeof(d->rtaddr); 2109284052Snp d->rtaddr.sin6_addr = dr->rtaddr; 2110284052Snp error = sa6_recoverscope(&d->rtaddr); 2111284052Snp if (error != 0) 2112228561Snp return (error); 2113284052Snp d->flags = dr->flags; 2114218792Snp d->rtlifetime = dr->rtlifetime; 2115309447Sjhb d->expire = dr->expire; 2116284052Snp d->if_index = dr->ifp->if_index; 2117284052Snp } else 2118284052Snp panic("buffer too short"); 2119218792Snp 2120284052Snp error = SYSCTL_OUT(req, buf, sizeof(*d)); 2121284052Snp if (error) 2122284052Snp break; 2123284052Snp } 2124284052Snp 2125284052Snp return (error); 2126284052Snp} 2127284052Snp 2128284052Snpstatic int 2129284052Snpnd6_sysctl_prlist(SYSCTL_HANDLER_ARGS) 2130218792Snp{ 2131284052Snp INIT_VNET_INET6(curvnet); 2132284052Snp int error; 2133284052Snp char buf[1024] __aligned(4); 2134284052Snp struct in6_prefix *p, *pe; 2135284052Snp struct nd_prefix *pr; 2136284052Snp char ip6buf[INET6_ADDRSTRLEN]; 2137284052Snp 2138309579Sjhb if (req->newptr) 2139309579Sjhb return EPERM; 2140284052Snp error = 0; 2141218792Snp 2142284052Snp for (pr = V_nd_prefix.lh_first; pr; pr = pr->ndpr_next) { 2143218792Snp u_short advrtrs; 2144284052Snp size_t advance; 2145309579Sjhb struct sockaddr_in6 *sin6, *s6; 2146284052Snp struct nd_pfxrouter *pfr; 2147284052Snp 2148284052Snp p = (struct in6_prefix *)buf; 2149284052Snp pe = (struct in6_prefix *)(buf + sizeof(buf)); 2150218792Snp 2151309579Sjhb if (p + 1 <= pe) { 2152309579Sjhb bzero(p, sizeof(*p)); 2153309579Sjhb sin6 = (struct sockaddr_in6 *)(p + 1); 2154309579Sjhb 2155284052Snp p->prefix = pr->ndpr_prefix; 2156309579Sjhb if (sa6_recoverscope(&p->prefix)) { 2157284052Snp log(LOG_ERR, 2158218792Snp "scope error in prefix list (%s)\n", 2159284052Snp ip6_sprintf(ip6buf, &p->prefix.sin6_addr)); 2160284052Snp /* XXX: press on... */ 2161284052Snp } 2162218792Snp p->raflags = pr->ndpr_raf; 2163284052Snp p->prefixlen = pr->ndpr_plen; 2164284052Snp p->vltime = pr->ndpr_vltime; 2165284052Snp p->pltime = pr->ndpr_pltime; 2166284052Snp p->if_index = pr->ndpr_ifp->if_index; 2167284052Snp if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 2168284052Snp p->expire = 0; 2169309447Sjhb else { 2170284052Snp time_t maxexpire; 2171284052Snp 2172284052Snp /* XXX: we assume time_t is signed. */ 2173284052Snp maxexpire = (-1) & 2174284052Snp ~((time_t)1 << 2175284052Snp ((sizeof(maxexpire) * 8) - 1)); 2176284052Snp if (pr->ndpr_vltime < 2177284052Snp maxexpire - pr->ndpr_lastupdate) { 2178284052Snp p->expire = pr->ndpr_lastupdate + 2179284052Snp pr->ndpr_vltime; 2180284052Snp } else 2181284052Snp p->expire = maxexpire; 2182284052Snp } 2183284052Snp p->refcnt = pr->ndpr_refcnt; 2184284052Snp p->flags = pr->ndpr_stateflags; 2185284052Snp p->origin = PR_ORIG_RA; 2186284052Snp advrtrs = 0; 2187284052Snp for (pfr = pr->ndpr_advrtrs.lh_first; pfr; 2188284052Snp pfr = pfr->pfr_next) { 2189284052Snp if ((void *)&sin6[advrtrs + 1] > (void *)pe) { 2190284052Snp advrtrs++; 2191284052Snp continue; 2192284052Snp } 2193284052Snp s6 = &sin6[advrtrs]; 2194284052Snp bzero(s6, sizeof(*s6)); 2195284052Snp s6->sin6_family = AF_INET6; 2196284052Snp s6->sin6_len = sizeof(*sin6); 2197284052Snp s6->sin6_addr = pfr->router->rtaddr; 2198284052Snp if (sa6_recoverscope(s6)) { 2199284052Snp log(LOG_ERR, 2200218792Snp "scope error in " 2201284052Snp "prefix list (%s)\n", 2202284052Snp ip6_sprintf(ip6buf, 2203284052Snp &pfr->router->rtaddr)); 2204218792Snp } 2205284052Snp advrtrs++; 2206284052Snp } 2207284052Snp p->advrtrs = advrtrs; 2208284052Snp } else 2209284052Snp panic("buffer too short"); 2210284052Snp 2211284052Snp advance = sizeof(*p) + sizeof(*sin6) * advrtrs; 2212284052Snp error = SYSCTL_OUT(req, buf, advance); 2213284052Snp if (error) 2214284052Snp break; 2215284052Snp } 2216309447Sjhb 2217309447Sjhb return (error); 2218309447Sjhb} 2219309447Sjhb