nd6.c revision 254441
1135446Strhodes/*- 2262706Serwin * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3135446Strhodes * All rights reserved. 4135446Strhodes * 5193149Sdougb * Redistribution and use in source and binary forms, with or without 6135446Strhodes * modification, are permitted provided that the following conditions 7135446Strhodes * are met: 8135446Strhodes * 1. Redistributions of source code must retain the above copyright 9135446Strhodes * notice, this list of conditions and the following disclaimer. 10135446Strhodes * 2. Redistributions in binary form must reproduce the above copyright 11135446Strhodes * notice, this list of conditions and the following disclaimer in the 12135446Strhodes * documentation and/or other materials provided with the distribution. 13135446Strhodes * 3. Neither the name of the project nor the names of its contributors 14135446Strhodes * may be used to endorse or promote products derived from this software 15135446Strhodes * without specific prior written permission. 16135446Strhodes * 17135446Strhodes * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18234010Sdougb * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19135446Strhodes * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20170222Sdougb * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21135446Strhodes * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22170222Sdougb * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23170222Sdougb * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24170222Sdougb * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25170222Sdougb * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26170222Sdougb * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27193149Sdougb * SUCH DAMAGE. 28170222Sdougb * 29170222Sdougb * $KAME: nd6.c,v 1.144 2001/05/24 07:44:00 itojun Exp $ 30193149Sdougb */ 31170222Sdougb 32170222Sdougb#include <sys/cdefs.h> 33193149Sdougb__FBSDID("$FreeBSD: head/sys/netinet6/nd6.c 254441 2013-08-17 07:14:45Z hrs $"); 34170222Sdougb 35170222Sdougb#include "opt_inet.h" 36193149Sdougb#include "opt_inet6.h" 37170222Sdougb 38193149Sdougb#include <sys/param.h> 39170222Sdougb#include <sys/systm.h> 40170222Sdougb#include <sys/callout.h> 41170222Sdougb#include <sys/malloc.h> 42193149Sdougb#include <sys/mbuf.h> 43170222Sdougb#include <sys/socket.h> 44170222Sdougb#include <sys/sockio.h> 45170222Sdougb#include <sys/time.h> 46193149Sdougb#include <sys/kernel.h> 47170222Sdougb#include <sys/protosw.h> 48193149Sdougb#include <sys/errno.h> 49170222Sdougb#include <sys/syslog.h> 50193149Sdougb#include <sys/lock.h> 51170222Sdougb#include <sys/rwlock.h> 52193149Sdougb#include <sys/queue.h> 53170222Sdougb#include <sys/sysctl.h> 54170222Sdougb 55170222Sdougb#include <net/if.h> 56135446Strhodes#include <net/if_arc.h> 57135446Strhodes#include <net/if_dl.h> 58135446Strhodes#include <net/if_types.h> 59135446Strhodes#include <net/iso88025.h> 60135446Strhodes#include <net/fddi.h> 61135446Strhodes#include <net/route.h> 62135446Strhodes#include <net/vnet.h> 63135446Strhodes 64135446Strhodes#include <netinet/in.h> 65135446Strhodes#include <net/if_llatbl.h> 66135446Strhodes#define L3_ADDR_SIN6(le) ((struct sockaddr_in6 *) L3_ADDR(le)) 67135446Strhodes#include <netinet/if_ether.h> 68135446Strhodes#include <netinet6/in6_var.h> 69135446Strhodes#include <netinet/ip6.h> 70135446Strhodes#include <netinet6/ip6_var.h> 71135446Strhodes#include <netinet6/scope6_var.h> 72135446Strhodes#include <netinet6/nd6.h> 73135446Strhodes#include <netinet6/in6_ifattach.h> 74135446Strhodes#include <netinet/icmp6.h> 75135446Strhodes#include <netinet6/send.h> 76135446Strhodes 77135446Strhodes#include <sys/limits.h> 78135446Strhodes 79135446Strhodes#include <security/mac/mac_framework.h> 80135446Strhodes 81135446Strhodes#define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */ 82135446Strhodes#define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */ 83135446Strhodes 84135446Strhodes#define SIN6(s) ((const struct sockaddr_in6 *)(s)) 85135446Strhodes 86135446Strhodes/* timer values */ 87135446StrhodesVNET_DEFINE(int, nd6_prune) = 1; /* walk list every 1 seconds */ 88135446StrhodesVNET_DEFINE(int, nd6_delay) = 5; /* delay first probe time 5 second */ 89135446StrhodesVNET_DEFINE(int, nd6_umaxtries) = 3; /* maximum unicast query */ 90135446StrhodesVNET_DEFINE(int, nd6_mmaxtries) = 3; /* maximum multicast query */ 91135446StrhodesVNET_DEFINE(int, nd6_useloopback) = 1; /* use loopback interface for 92135446Strhodes * local traffic */ 93135446StrhodesVNET_DEFINE(int, nd6_gctimer) = (60 * 60 * 24); /* 1 day: garbage 94135446Strhodes * collection timer */ 95135446Strhodes 96135446Strhodes/* preventing too many loops in ND option parsing */ 97135446Strhodesstatic VNET_DEFINE(int, nd6_maxndopt) = 10; /* max # of ND options allowed */ 98135446Strhodes 99135446StrhodesVNET_DEFINE(int, nd6_maxnudhint) = 0; /* max # of subsequent upper 100135446Strhodes * layer hints */ 101135446Strhodesstatic VNET_DEFINE(int, nd6_maxqueuelen) = 1; /* max pkts cached in unresolved 102135446Strhodes * ND entries */ 103135446Strhodes#define V_nd6_maxndopt VNET(nd6_maxndopt) 104135446Strhodes#define V_nd6_maxqueuelen VNET(nd6_maxqueuelen) 105135446Strhodes 106135446Strhodes#ifdef ND6_DEBUG 107135446StrhodesVNET_DEFINE(int, nd6_debug) = 1; 108135446Strhodes#else 109135446StrhodesVNET_DEFINE(int, nd6_debug) = 0; 110135446Strhodes#endif 111135446Strhodes 112135446Strhodes/* for debugging? */ 113135446Strhodes#if 0 114135446Strhodesstatic int nd6_inuse, nd6_allocated; 115135446Strhodes#endif 116135446Strhodes 117135446StrhodesVNET_DEFINE(struct nd_drhead, nd_defrouter); 118135446StrhodesVNET_DEFINE(struct nd_prhead, nd_prefix); 119135446Strhodes 120135446StrhodesVNET_DEFINE(int, nd6_recalc_reachtm_interval) = ND6_RECALC_REACHTM_INTERVAL; 121135446Strhodes#define V_nd6_recalc_reachtm_interval VNET(nd6_recalc_reachtm_interval) 122135446Strhodes 123135446Strhodesint (*send_sendso_input_hook)(struct mbuf *, struct ifnet *, int, int); 124135446Strhodes 125135446Strhodesstatic int nd6_is_new_addr_neighbor(struct sockaddr_in6 *, 126135446Strhodes struct ifnet *); 127135446Strhodesstatic void nd6_setmtu0(struct ifnet *, struct nd_ifinfo *); 128135446Strhodesstatic void nd6_slowtimo(void *); 129170222Sdougbstatic int regen_tmpaddr(struct in6_ifaddr *); 130135446Strhodesstatic struct llentry *nd6_free(struct llentry *, int); 131135446Strhodesstatic void nd6_llinfo_timer(void *); 132135446Strhodesstatic void clear_llinfo_pqueue(struct llentry *); 133135446Strhodes 134135446Strhodesstatic VNET_DEFINE(struct callout, nd6_slowtimo_ch); 135135446Strhodes#define V_nd6_slowtimo_ch VNET(nd6_slowtimo_ch) 136135446Strhodes 137135446StrhodesVNET_DEFINE(struct callout, nd6_timer_ch); 138135446Strhodes 139135446Strhodesvoid 140135446Strhodesnd6_init(void) 141135446Strhodes{ 142135446Strhodes 143135446Strhodes LIST_INIT(&V_nd_prefix); 144170222Sdougb 145135446Strhodes /* initialization of the default router list */ 146135446Strhodes TAILQ_INIT(&V_nd_defrouter); 147135446Strhodes 148135446Strhodes /* start timer */ 149135446Strhodes callout_init(&V_nd6_slowtimo_ch, 0); 150135446Strhodes callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 151135446Strhodes nd6_slowtimo, curvnet); 152135446Strhodes} 153135446Strhodes 154135446Strhodes#ifdef VIMAGE 155135446Strhodesvoid 156135446Strhodesnd6_destroy() 157135446Strhodes{ 158135446Strhodes 159135446Strhodes callout_drain(&V_nd6_slowtimo_ch); 160135446Strhodes callout_drain(&V_nd6_timer_ch); 161135446Strhodes} 162135446Strhodes#endif 163135446Strhodes 164170222Sdougbstruct nd_ifinfo * 165135446Strhodesnd6_ifattach(struct ifnet *ifp) 166135446Strhodes{ 167135446Strhodes struct nd_ifinfo *nd; 168135446Strhodes 169135446Strhodes nd = (struct nd_ifinfo *)malloc(sizeof(*nd), M_IP6NDP, M_WAITOK|M_ZERO); 170135446Strhodes nd->initialized = 1; 171135446Strhodes 172135446Strhodes nd->chlim = IPV6_DEFHLIM; 173135446Strhodes nd->basereachable = REACHABLE_TIME; 174135446Strhodes nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); 175135446Strhodes nd->retrans = RETRANS_TIMER; 176135446Strhodes 177135446Strhodes nd->flags = ND6_IFF_PERFORMNUD; 178135446Strhodes 179135446Strhodes /* A loopback interface always has ND6_IFF_AUTO_LINKLOCAL. 180135446Strhodes * XXXHRS: Clear ND6_IFF_AUTO_LINKLOCAL on an IFT_BRIDGE interface by 181135446Strhodes * default regardless of the V_ip6_auto_linklocal configuration to 182135446Strhodes * give a reasonable default behavior. 183135446Strhodes */ 184135446Strhodes if ((V_ip6_auto_linklocal && ifp->if_type != IFT_BRIDGE) || 185135446Strhodes (ifp->if_flags & IFF_LOOPBACK)) 186135446Strhodes nd->flags |= ND6_IFF_AUTO_LINKLOCAL; 187135446Strhodes /* 188135446Strhodes * A loopback interface does not need to accept RTADV. 189135446Strhodes * XXXHRS: Clear ND6_IFF_ACCEPT_RTADV on an IFT_BRIDGE interface by 190135446Strhodes * default regardless of the V_ip6_accept_rtadv configuration to 191135446Strhodes * prevent the interface from accepting RA messages arrived 192135446Strhodes * on one of the member interfaces with ND6_IFF_ACCEPT_RTADV. 193135446Strhodes */ 194135446Strhodes if (V_ip6_accept_rtadv && 195135446Strhodes !(ifp->if_flags & IFF_LOOPBACK) && 196135446Strhodes (ifp->if_type != IFT_BRIDGE)) 197135446Strhodes nd->flags |= ND6_IFF_ACCEPT_RTADV; 198135446Strhodes if (V_ip6_no_radr && !(ifp->if_flags & IFF_LOOPBACK)) 199135446Strhodes nd->flags |= ND6_IFF_NO_RADR; 200135446Strhodes 201135446Strhodes /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */ 202135446Strhodes nd6_setmtu0(ifp, nd); 203135446Strhodes 204135446Strhodes return nd; 205135446Strhodes} 206135446Strhodes 207135446Strhodesvoid 208135446Strhodesnd6_ifdetach(struct nd_ifinfo *nd) 209135446Strhodes{ 210135446Strhodes 211135446Strhodes free(nd, M_IP6NDP); 212135446Strhodes} 213135446Strhodes 214135446Strhodes/* 215135446Strhodes * Reset ND level link MTU. This function is called when the physical MTU 216135446Strhodes * changes, which means we might have to adjust the ND level MTU. 217135446Strhodes */ 218135446Strhodesvoid 219135446Strhodesnd6_setmtu(struct ifnet *ifp) 220135446Strhodes{ 221135446Strhodes 222135446Strhodes nd6_setmtu0(ifp, ND_IFINFO(ifp)); 223170222Sdougb} 224135446Strhodes 225135446Strhodes/* XXX todo: do not maintain copy of ifp->if_mtu in ndi->maxmtu */ 226135446Strhodesvoid 227135446Strhodesnd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi) 228135446Strhodes{ 229135446Strhodes u_int32_t omaxmtu; 230135446Strhodes 231135446Strhodes omaxmtu = ndi->maxmtu; 232135446Strhodes 233135446Strhodes switch (ifp->if_type) { 234135446Strhodes case IFT_ARCNET: 235135446Strhodes ndi->maxmtu = MIN(ARC_PHDS_MAXMTU, ifp->if_mtu); /* RFC2497 */ 236135446Strhodes break; 237135446Strhodes case IFT_FDDI: 238135446Strhodes ndi->maxmtu = MIN(FDDIIPMTU, ifp->if_mtu); /* RFC2467 */ 239135446Strhodes break; 240135446Strhodes case IFT_ISO88025: 241135446Strhodes ndi->maxmtu = MIN(ISO88025_MAX_MTU, ifp->if_mtu); 242135446Strhodes break; 243135446Strhodes default: 244135446Strhodes ndi->maxmtu = ifp->if_mtu; 245135446Strhodes break; 246135446Strhodes } 247135446Strhodes 248135446Strhodes /* 249135446Strhodes * Decreasing the interface MTU under IPV6 minimum MTU may cause 250135446Strhodes * undesirable situation. We thus notify the operator of the change 251135446Strhodes * explicitly. The check for omaxmtu is necessary to restrict the 252135446Strhodes * log to the case of changing the MTU, not initializing it. 253170222Sdougb */ 254135446Strhodes if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) { 255135446Strhodes log(LOG_NOTICE, "nd6_setmtu0: " 256135446Strhodes "new link MTU on %s (%lu) is too small for IPv6\n", 257135446Strhodes if_name(ifp), (unsigned long)ndi->maxmtu); 258135446Strhodes } 259135446Strhodes 260135446Strhodes if (ndi->maxmtu > V_in6_maxmtu) 261135446Strhodes in6_setmaxmtu(); /* check all interfaces just in case */ 262135446Strhodes 263135446Strhodes} 264135446Strhodes 265135446Strhodesvoid 266135446Strhodesnd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts) 267135446Strhodes{ 268135446Strhodes 269135446Strhodes bzero(ndopts, sizeof(*ndopts)); 270135446Strhodes ndopts->nd_opts_search = (struct nd_opt_hdr *)opt; 271135446Strhodes ndopts->nd_opts_last 272135446Strhodes = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len); 273135446Strhodes 274135446Strhodes if (icmp6len == 0) { 275135446Strhodes ndopts->nd_opts_done = 1; 276135446Strhodes ndopts->nd_opts_search = NULL; 277135446Strhodes } 278135446Strhodes} 279135446Strhodes 280135446Strhodes/* 281135446Strhodes * Take one ND option. 282135446Strhodes */ 283135446Strhodesstruct nd_opt_hdr * 284135446Strhodesnd6_option(union nd_opts *ndopts) 285135446Strhodes{ 286135446Strhodes struct nd_opt_hdr *nd_opt; 287135446Strhodes int olen; 288135446Strhodes 289135446Strhodes KASSERT(ndopts != NULL, ("%s: ndopts == NULL", __func__)); 290135446Strhodes KASSERT(ndopts->nd_opts_last != NULL, ("%s: uninitialized ndopts", 291135446Strhodes __func__)); 292135446Strhodes if (ndopts->nd_opts_search == NULL) 293135446Strhodes return NULL; 294135446Strhodes if (ndopts->nd_opts_done) 295135446Strhodes return NULL; 296135446Strhodes 297135446Strhodes nd_opt = ndopts->nd_opts_search; 298135446Strhodes 299153816Sdougb /* make sure nd_opt_len is inside the buffer */ 300135446Strhodes if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) { 301135446Strhodes bzero(ndopts, sizeof(*ndopts)); 302135446Strhodes return NULL; 303135446Strhodes } 304135446Strhodes 305135446Strhodes olen = nd_opt->nd_opt_len << 3; 306135446Strhodes if (olen == 0) { 307135446Strhodes /* 308135446Strhodes * Message validation requires that all included 309135446Strhodes * options have a length that is greater than zero. 310135446Strhodes */ 311135446Strhodes bzero(ndopts, sizeof(*ndopts)); 312135446Strhodes return NULL; 313135446Strhodes } 314135446Strhodes 315153816Sdougb ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen); 316193149Sdougb if (ndopts->nd_opts_search > ndopts->nd_opts_last) { 317193149Sdougb /* option overruns the end of buffer, invalid */ 318193149Sdougb bzero(ndopts, sizeof(*ndopts)); 319153816Sdougb return NULL; 320193149Sdougb } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) { 321135446Strhodes /* reached the end of options chain */ 322135446Strhodes ndopts->nd_opts_done = 1; 323135446Strhodes ndopts->nd_opts_search = NULL; 324135446Strhodes } 325135446Strhodes return nd_opt; 326135446Strhodes} 327135446Strhodes 328135446Strhodes/* 329135446Strhodes * Parse multiple ND options. 330135446Strhodes * This function is much easier to use, for ND routines that do not need 331135446Strhodes * multiple options of the same type. 332135446Strhodes */ 333135446Strhodesint 334135446Strhodesnd6_options(union nd_opts *ndopts) 335135446Strhodes{ 336135446Strhodes struct nd_opt_hdr *nd_opt; 337135446Strhodes int i = 0; 338135446Strhodes 339135446Strhodes KASSERT(ndopts != NULL, ("%s: ndopts == NULL", __func__)); 340135446Strhodes KASSERT(ndopts->nd_opts_last != NULL, ("%s: uninitialized ndopts", 341135446Strhodes __func__)); 342135446Strhodes if (ndopts->nd_opts_search == NULL) 343135446Strhodes return 0; 344135446Strhodes 345135446Strhodes while (1) { 346135446Strhodes nd_opt = nd6_option(ndopts); 347135446Strhodes if (nd_opt == NULL && ndopts->nd_opts_last == NULL) { 348135446Strhodes /* 349135446Strhodes * Message validation requires that all included 350135446Strhodes * options have a length that is greater than zero. 351135446Strhodes */ 352135446Strhodes ICMP6STAT_INC(icp6s_nd_badopt); 353135446Strhodes bzero(ndopts, sizeof(*ndopts)); 354135446Strhodes return -1; 355135446Strhodes } 356135446Strhodes 357135446Strhodes if (nd_opt == NULL) 358135446Strhodes goto skip1; 359135446Strhodes 360135446Strhodes switch (nd_opt->nd_opt_type) { 361135446Strhodes case ND_OPT_SOURCE_LINKADDR: 362135446Strhodes case ND_OPT_TARGET_LINKADDR: 363135446Strhodes case ND_OPT_MTU: 364135446Strhodes case ND_OPT_REDIRECTED_HEADER: 365135446Strhodes if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 366135446Strhodes nd6log((LOG_INFO, 367135446Strhodes "duplicated ND6 option found (type=%d)\n", 368135446Strhodes nd_opt->nd_opt_type)); 369135446Strhodes /* XXX bark? */ 370135446Strhodes } else { 371135446Strhodes ndopts->nd_opt_array[nd_opt->nd_opt_type] 372135446Strhodes = nd_opt; 373135446Strhodes } 374135446Strhodes break; 375135446Strhodes case ND_OPT_PREFIX_INFORMATION: 376135446Strhodes if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) { 377135446Strhodes ndopts->nd_opt_array[nd_opt->nd_opt_type] 378135446Strhodes = nd_opt; 379135446Strhodes } 380135446Strhodes ndopts->nd_opts_pi_end = 381135446Strhodes (struct nd_opt_prefix_info *)nd_opt; 382135446Strhodes break; 383135446Strhodes /* What about ND_OPT_ROUTE_INFO? RFC 4191 */ 384135446Strhodes case ND_OPT_RDNSS: /* RFC 6106 */ 385135446Strhodes case ND_OPT_DNSSL: /* RFC 6106 */ 386135446Strhodes /* 387135446Strhodes * Silently ignore options we know and do not care about 388135446Strhodes * in the kernel. 389135446Strhodes */ 390135446Strhodes break; 391135446Strhodes default: 392135446Strhodes /* 393135446Strhodes * Unknown options must be silently ignored, 394135446Strhodes * to accomodate future extension to the protocol. 395135446Strhodes */ 396135446Strhodes nd6log((LOG_DEBUG, 397135446Strhodes "nd6_options: unsupported option %d - " 398135446Strhodes "option ignored\n", nd_opt->nd_opt_type)); 399135446Strhodes } 400135446Strhodes 401135446Strhodesskip1: 402135446Strhodes i++; 403135446Strhodes if (i > V_nd6_maxndopt) { 404135446Strhodes ICMP6STAT_INC(icp6s_nd_toomanyopt); 405135446Strhodes nd6log((LOG_INFO, "too many loop in nd opt\n")); 406135446Strhodes break; 407135446Strhodes } 408135446Strhodes 409135446Strhodes if (ndopts->nd_opts_done) 410135446Strhodes break; 411135446Strhodes } 412135446Strhodes 413135446Strhodes return 0; 414135446Strhodes} 415135446Strhodes 416135446Strhodes/* 417135446Strhodes * ND6 timer routine to handle ND6 entries 418135446Strhodes */ 419135446Strhodesvoid 420135446Strhodesnd6_llinfo_settimer_locked(struct llentry *ln, long tick) 421135446Strhodes{ 422135446Strhodes int canceled; 423135446Strhodes 424135446Strhodes LLE_WLOCK_ASSERT(ln); 425135446Strhodes 426135446Strhodes if (tick < 0) { 427135446Strhodes ln->la_expire = 0; 428135446Strhodes ln->ln_ntick = 0; 429135446Strhodes canceled = callout_stop(&ln->ln_timer_ch); 430135446Strhodes } else { 431135446Strhodes ln->la_expire = time_uptime + tick / hz; 432135446Strhodes LLE_ADDREF(ln); 433135446Strhodes if (tick > INT_MAX) { 434135446Strhodes ln->ln_ntick = tick - INT_MAX; 435135446Strhodes canceled = callout_reset(&ln->ln_timer_ch, INT_MAX, 436135446Strhodes nd6_llinfo_timer, ln); 437135446Strhodes } else { 438135446Strhodes ln->ln_ntick = 0; 439135446Strhodes canceled = callout_reset(&ln->ln_timer_ch, tick, 440135446Strhodes nd6_llinfo_timer, ln); 441135446Strhodes } 442135446Strhodes } 443135446Strhodes if (canceled) 444135446Strhodes LLE_REMREF(ln); 445135446Strhodes} 446135446Strhodes 447135446Strhodesvoid 448135446Strhodesnd6_llinfo_settimer(struct llentry *ln, long tick) 449135446Strhodes{ 450135446Strhodes 451135446Strhodes LLE_WLOCK(ln); 452135446Strhodes nd6_llinfo_settimer_locked(ln, tick); 453135446Strhodes LLE_WUNLOCK(ln); 454135446Strhodes} 455135446Strhodes 456135446Strhodesstatic void 457135446Strhodesnd6_llinfo_timer(void *arg) 458262706Serwin{ 459135446Strhodes struct llentry *ln; 460135446Strhodes struct in6_addr *dst; 461135446Strhodes struct ifnet *ifp; 462262706Serwin struct nd_ifinfo *ndi = NULL; 463135446Strhodes 464135446Strhodes KASSERT(arg != NULL, ("%s: arg NULL", __func__)); 465135446Strhodes ln = (struct llentry *)arg; 466135446Strhodes LLE_WLOCK_ASSERT(ln); 467262706Serwin ifp = ln->lle_tbl->llt_ifp; 468135446Strhodes 469135446Strhodes CURVNET_SET(ifp->if_vnet); 470135446Strhodes 471135446Strhodes if (ln->ln_ntick > 0) { 472135446Strhodes if (ln->ln_ntick > INT_MAX) { 473135446Strhodes ln->ln_ntick -= INT_MAX; 474135446Strhodes nd6_llinfo_settimer_locked(ln, INT_MAX); 475135446Strhodes } else { 476135446Strhodes ln->ln_ntick = 0; 477135446Strhodes nd6_llinfo_settimer_locked(ln, ln->ln_ntick); 478135446Strhodes } 479135446Strhodes goto done; 480135446Strhodes } 481135446Strhodes 482135446Strhodes ndi = ND_IFINFO(ifp); 483135446Strhodes dst = &L3_ADDR_SIN6(ln)->sin6_addr; 484135446Strhodes if (ln->la_flags & LLE_STATIC) { 485135446Strhodes goto done; 486135446Strhodes } 487135446Strhodes 488135446Strhodes if (ln->la_flags & LLE_DELETED) { 489135446Strhodes (void)nd6_free(ln, 0); 490135446Strhodes ln = NULL; 491135446Strhodes goto done; 492135446Strhodes } 493135446Strhodes 494135446Strhodes switch (ln->ln_state) { 495135446Strhodes case ND6_LLINFO_INCOMPLETE: 496135446Strhodes if (ln->la_asked < V_nd6_mmaxtries) { 497135446Strhodes ln->la_asked++; 498135446Strhodes nd6_llinfo_settimer_locked(ln, (long)ndi->retrans * hz / 1000); 499135446Strhodes LLE_WUNLOCK(ln); 500135446Strhodes nd6_ns_output(ifp, NULL, dst, ln, 0); 501135446Strhodes LLE_WLOCK(ln); 502135446Strhodes } else { 503135446Strhodes struct mbuf *m = ln->la_hold; 504135446Strhodes if (m) { 505135446Strhodes struct mbuf *m0; 506135446Strhodes 507135446Strhodes /* 508135446Strhodes * assuming every packet in la_hold has the 509135446Strhodes * same IP header. Send error after unlock. 510135446Strhodes */ 511135446Strhodes m0 = m->m_nextpkt; 512135446Strhodes m->m_nextpkt = NULL; 513135446Strhodes ln->la_hold = m0; 514135446Strhodes clear_llinfo_pqueue(ln); 515135446Strhodes } 516135446Strhodes EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_TIMEDOUT); 517135446Strhodes (void)nd6_free(ln, 0); 518135446Strhodes ln = NULL; 519135446Strhodes if (m != NULL) 520135446Strhodes icmp6_error2(m, ICMP6_DST_UNREACH, 521135446Strhodes ICMP6_DST_UNREACH_ADDR, 0, ifp); 522135446Strhodes } 523135446Strhodes break; 524135446Strhodes case ND6_LLINFO_REACHABLE: 525135446Strhodes if (!ND6_LLINFO_PERMANENT(ln)) { 526135446Strhodes ln->ln_state = ND6_LLINFO_STALE; 527135446Strhodes nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz); 528135446Strhodes } 529135446Strhodes break; 530135446Strhodes 531135446Strhodes case ND6_LLINFO_STALE: 532135446Strhodes /* Garbage Collection(RFC 2461 5.3) */ 533135446Strhodes if (!ND6_LLINFO_PERMANENT(ln)) { 534135446Strhodes EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_EXPIRED); 535135446Strhodes (void)nd6_free(ln, 1); 536135446Strhodes ln = NULL; 537135446Strhodes } 538135446Strhodes break; 539135446Strhodes 540135446Strhodes case ND6_LLINFO_DELAY: 541135446Strhodes if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) { 542135446Strhodes /* We need NUD */ 543135446Strhodes ln->la_asked = 1; 544135446Strhodes ln->ln_state = ND6_LLINFO_PROBE; 545135446Strhodes nd6_llinfo_settimer_locked(ln, (long)ndi->retrans * hz / 1000); 546135446Strhodes LLE_WUNLOCK(ln); 547135446Strhodes nd6_ns_output(ifp, dst, dst, ln, 0); 548135446Strhodes LLE_WLOCK(ln); 549135446Strhodes } else { 550135446Strhodes ln->ln_state = ND6_LLINFO_STALE; /* XXX */ 551135446Strhodes nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz); 552135446Strhodes } 553135446Strhodes break; 554135446Strhodes case ND6_LLINFO_PROBE: 555135446Strhodes if (ln->la_asked < V_nd6_umaxtries) { 556135446Strhodes ln->la_asked++; 557135446Strhodes nd6_llinfo_settimer_locked(ln, (long)ndi->retrans * hz / 1000); 558135446Strhodes LLE_WUNLOCK(ln); 559135446Strhodes nd6_ns_output(ifp, dst, dst, ln, 0); 560135446Strhodes LLE_WLOCK(ln); 561135446Strhodes } else { 562135446Strhodes EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_EXPIRED); 563135446Strhodes (void)nd6_free(ln, 0); 564135446Strhodes ln = NULL; 565135446Strhodes } 566135446Strhodes break; 567170222Sdougb default: 568135446Strhodes panic("%s: paths in a dark night can be confusing: %d", 569135446Strhodes __func__, ln->ln_state); 570135446Strhodes } 571135446Strhodesdone: 572135446Strhodes if (ln != NULL) 573135446Strhodes LLE_FREE_LOCKED(ln); 574135446Strhodes CURVNET_RESTORE(); 575135446Strhodes} 576135446Strhodes 577135446Strhodes 578135446Strhodes/* 579135446Strhodes * ND6 timer routine to expire default route list and prefix list 580135446Strhodes */ 581135446Strhodesvoid 582135446Strhodesnd6_timer(void *arg) 583135446Strhodes{ 584135446Strhodes CURVNET_SET((struct vnet *) arg); 585165071Sdougb struct nd_defrouter *dr, *ndr; 586135446Strhodes struct nd_prefix *pr, *npr; 587135446Strhodes struct in6_ifaddr *ia6, *nia6; 588135446Strhodes 589135446Strhodes callout_reset(&V_nd6_timer_ch, V_nd6_prune * hz, 590135446Strhodes nd6_timer, curvnet); 591135446Strhodes 592225361Sdougb /* expire default router list */ 593135446Strhodes TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, ndr) { 594135446Strhodes if (dr->expire && dr->expire < time_uptime) 595135446Strhodes defrtrlist_del(dr); 596135446Strhodes } 597135446Strhodes 598135446Strhodes /* 599135446Strhodes * expire interface addresses. 600135446Strhodes * in the past the loop was inside prefix expiry processing. 601135446Strhodes * However, from a stricter speci-confrmance standpoint, we should 602135446Strhodes * rather separate address lifetimes and prefix lifetimes. 603135446Strhodes * 604135446Strhodes * XXXRW: in6_ifaddrhead locking. 605135446Strhodes */ 606135446Strhodes addrloop: 607135446Strhodes TAILQ_FOREACH_SAFE(ia6, &V_in6_ifaddrhead, ia_link, nia6) { 608135446Strhodes /* check address lifetime */ 609135446Strhodes if (IFA6_IS_INVALID(ia6)) { 610135446Strhodes int regen = 0; 611135446Strhodes 612135446Strhodes /* 613135446Strhodes * If the expiring address is temporary, try 614135446Strhodes * regenerating a new one. This would be useful when 615135446Strhodes * we suspended a laptop PC, then turned it on after a 616135446Strhodes * period that could invalidate all temporary 617135446Strhodes * addresses. Although we may have to restart the 618135446Strhodes * loop (see below), it must be after purging the 619135446Strhodes * address. Otherwise, we'd see an infinite loop of 620135446Strhodes * regeneration. 621135446Strhodes */ 622135446Strhodes if (V_ip6_use_tempaddr && 623135446Strhodes (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) { 624135446Strhodes if (regen_tmpaddr(ia6) == 0) 625135446Strhodes regen = 1; 626135446Strhodes } 627170222Sdougb 628135446Strhodes in6_purgeaddr(&ia6->ia_ifa); 629135446Strhodes 630135446Strhodes if (regen) 631135446Strhodes goto addrloop; /* XXX: see below */ 632135446Strhodes } else if (IFA6_IS_DEPRECATED(ia6)) { 633135446Strhodes int oldflags = ia6->ia6_flags; 634135446Strhodes 635135446Strhodes ia6->ia6_flags |= IN6_IFF_DEPRECATED; 636135446Strhodes 637135446Strhodes /* 638135446Strhodes * If a temporary address has just become deprecated, 639135446Strhodes * regenerate a new one if possible. 640135446Strhodes */ 641135446Strhodes if (V_ip6_use_tempaddr && 642135446Strhodes (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 643135446Strhodes (oldflags & IN6_IFF_DEPRECATED) == 0) { 644135446Strhodes 645135446Strhodes if (regen_tmpaddr(ia6) == 0) { 646135446Strhodes /* 647135446Strhodes * A new temporary address is 648135446Strhodes * generated. 649135446Strhodes * XXX: this means the address chain 650135446Strhodes * has changed while we are still in 651135446Strhodes * the loop. Although the change 652135446Strhodes * would not cause disaster (because 653135446Strhodes * it's not a deletion, but an 654135446Strhodes * addition,) we'd rather restart the 655135446Strhodes * loop just for safety. Or does this 656135446Strhodes * significantly reduce performance?? 657135446Strhodes */ 658135446Strhodes goto addrloop; 659135446Strhodes } 660135446Strhodes } 661135446Strhodes } else { 662135446Strhodes /* 663135446Strhodes * A new RA might have made a deprecated address 664135446Strhodes * preferred. 665135446Strhodes */ 666135446Strhodes ia6->ia6_flags &= ~IN6_IFF_DEPRECATED; 667135446Strhodes } 668135446Strhodes } 669135446Strhodes 670135446Strhodes /* expire prefix list */ 671135446Strhodes LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) { 672135446Strhodes /* 673135446Strhodes * check prefix lifetime. 674135446Strhodes * since pltime is just for autoconf, pltime processing for 675135446Strhodes * prefix is not necessary. 676135446Strhodes */ 677135446Strhodes if (pr->ndpr_vltime != ND6_INFINITE_LIFETIME && 678135446Strhodes time_uptime - pr->ndpr_lastupdate > pr->ndpr_vltime) { 679135446Strhodes 680135446Strhodes /* 681135446Strhodes * address expiration and prefix expiration are 682135446Strhodes * separate. NEVER perform in6_purgeaddr here. 683135446Strhodes */ 684135446Strhodes prelist_remove(pr); 685135446Strhodes } 686135446Strhodes } 687135446Strhodes CURVNET_RESTORE(); 688135446Strhodes} 689135446Strhodes 690135446Strhodes/* 691135446Strhodes * ia6 - deprecated/invalidated temporary address 692135446Strhodes */ 693135446Strhodesstatic int 694135446Strhodesregen_tmpaddr(struct in6_ifaddr *ia6) 695135446Strhodes{ 696135446Strhodes struct ifaddr *ifa; 697135446Strhodes struct ifnet *ifp; 698135446Strhodes struct in6_ifaddr *public_ifa6 = NULL; 699135446Strhodes 700135446Strhodes ifp = ia6->ia_ifa.ifa_ifp; 701135446Strhodes IF_ADDR_RLOCK(ifp); 702135446Strhodes TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 703135446Strhodes struct in6_ifaddr *it6; 704135446Strhodes 705135446Strhodes if (ifa->ifa_addr->sa_family != AF_INET6) 706135446Strhodes continue; 707135446Strhodes 708135446Strhodes it6 = (struct in6_ifaddr *)ifa; 709135446Strhodes 710135446Strhodes /* ignore no autoconf addresses. */ 711135446Strhodes if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0) 712135446Strhodes continue; 713135446Strhodes 714135446Strhodes /* ignore autoconf addresses with different prefixes. */ 715135446Strhodes if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr) 716135446Strhodes continue; 717135446Strhodes 718135446Strhodes /* 719135446Strhodes * Now we are looking at an autoconf address with the same 720135446Strhodes * prefix as ours. If the address is temporary and is still 721135446Strhodes * preferred, do not create another one. It would be rare, but 722135446Strhodes * could happen, for example, when we resume a laptop PC after 723170222Sdougb * a long period. 724135446Strhodes */ 725135446Strhodes if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 && 726135446Strhodes !IFA6_IS_DEPRECATED(it6)) { 727135446Strhodes public_ifa6 = NULL; 728135446Strhodes break; 729135446Strhodes } 730 731 /* 732 * This is a public autoconf address that has the same prefix 733 * as ours. If it is preferred, keep it. We can't break the 734 * loop here, because there may be a still-preferred temporary 735 * address with the prefix. 736 */ 737 if (!IFA6_IS_DEPRECATED(it6)) 738 public_ifa6 = it6; 739 740 if (public_ifa6 != NULL) 741 ifa_ref(&public_ifa6->ia_ifa); 742 } 743 IF_ADDR_RUNLOCK(ifp); 744 745 if (public_ifa6 != NULL) { 746 int e; 747 748 if ((e = in6_tmpifadd(public_ifa6, 0, 0)) != 0) { 749 ifa_free(&public_ifa6->ia_ifa); 750 log(LOG_NOTICE, "regen_tmpaddr: failed to create a new" 751 " tmp addr,errno=%d\n", e); 752 return (-1); 753 } 754 ifa_free(&public_ifa6->ia_ifa); 755 return (0); 756 } 757 758 return (-1); 759} 760 761/* 762 * Nuke neighbor cache/prefix/default router management table, right before 763 * ifp goes away. 764 */ 765void 766nd6_purge(struct ifnet *ifp) 767{ 768 struct nd_defrouter *dr, *ndr; 769 struct nd_prefix *pr, *npr; 770 771 /* 772 * Nuke default router list entries toward ifp. 773 * We defer removal of default router list entries that is installed 774 * in the routing table, in order to keep additional side effects as 775 * small as possible. 776 */ 777 TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, ndr) { 778 if (dr->installed) 779 continue; 780 781 if (dr->ifp == ifp) 782 defrtrlist_del(dr); 783 } 784 785 TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, ndr) { 786 if (!dr->installed) 787 continue; 788 789 if (dr->ifp == ifp) 790 defrtrlist_del(dr); 791 } 792 793 /* Nuke prefix list entries toward ifp */ 794 LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) { 795 if (pr->ndpr_ifp == ifp) { 796 /* 797 * Because if_detach() does *not* release prefixes 798 * while purging addresses the reference count will 799 * still be above zero. We therefore reset it to 800 * make sure that the prefix really gets purged. 801 */ 802 pr->ndpr_refcnt = 0; 803 804 /* 805 * Previously, pr->ndpr_addr is removed as well, 806 * but I strongly believe we don't have to do it. 807 * nd6_purge() is only called from in6_ifdetach(), 808 * which removes all the associated interface addresses 809 * by itself. 810 * (jinmei@kame.net 20010129) 811 */ 812 prelist_remove(pr); 813 } 814 } 815 816 /* cancel default outgoing interface setting */ 817 if (V_nd6_defifindex == ifp->if_index) 818 nd6_setdefaultiface(0); 819 820 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) { 821 /* Refresh default router list. */ 822 defrouter_select(); 823 } 824 825 /* XXXXX 826 * We do not nuke the neighbor cache entries here any more 827 * because the neighbor cache is kept in if_afdata[AF_INET6]. 828 * nd6_purge() is invoked by in6_ifdetach() which is called 829 * from if_detach() where everything gets purged. So let 830 * in6_domifdetach() do the actual L2 table purging work. 831 */ 832} 833 834/* 835 * the caller acquires and releases the lock on the lltbls 836 * Returns the llentry locked 837 */ 838struct llentry * 839nd6_lookup(struct in6_addr *addr6, int flags, struct ifnet *ifp) 840{ 841 struct sockaddr_in6 sin6; 842 struct llentry *ln; 843 int llflags; 844 845 bzero(&sin6, sizeof(sin6)); 846 sin6.sin6_len = sizeof(struct sockaddr_in6); 847 sin6.sin6_family = AF_INET6; 848 sin6.sin6_addr = *addr6; 849 850 IF_AFDATA_LOCK_ASSERT(ifp); 851 852 llflags = 0; 853 if (flags & ND6_CREATE) 854 llflags |= LLE_CREATE; 855 if (flags & ND6_EXCLUSIVE) 856 llflags |= LLE_EXCLUSIVE; 857 858 ln = lla_lookup(LLTABLE6(ifp), llflags, (struct sockaddr *)&sin6); 859 if ((ln != NULL) && (llflags & LLE_CREATE)) 860 ln->ln_state = ND6_LLINFO_NOSTATE; 861 862 return (ln); 863} 864 865/* 866 * Test whether a given IPv6 address is a neighbor or not, ignoring 867 * the actual neighbor cache. The neighbor cache is ignored in order 868 * to not reenter the routing code from within itself. 869 */ 870static int 871nd6_is_new_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp) 872{ 873 struct nd_prefix *pr; 874 struct ifaddr *dstaddr; 875 876 /* 877 * A link-local address is always a neighbor. 878 * XXX: a link does not necessarily specify a single interface. 879 */ 880 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) { 881 struct sockaddr_in6 sin6_copy; 882 u_int32_t zone; 883 884 /* 885 * We need sin6_copy since sa6_recoverscope() may modify the 886 * content (XXX). 887 */ 888 sin6_copy = *addr; 889 if (sa6_recoverscope(&sin6_copy)) 890 return (0); /* XXX: should be impossible */ 891 if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone)) 892 return (0); 893 if (sin6_copy.sin6_scope_id == zone) 894 return (1); 895 else 896 return (0); 897 } 898 899 /* 900 * If the address matches one of our addresses, 901 * it should be a neighbor. 902 * If the address matches one of our on-link prefixes, it should be a 903 * neighbor. 904 */ 905 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) { 906 if (pr->ndpr_ifp != ifp) 907 continue; 908 909 if (!(pr->ndpr_stateflags & NDPRF_ONLINK)) { 910 struct rtentry *rt; 911 912 /* Always use the default FIB here. */ 913 rt = in6_rtalloc1((struct sockaddr *)&pr->ndpr_prefix, 914 0, 0, RT_DEFAULT_FIB); 915 if (rt == NULL) 916 continue; 917 /* 918 * This is the case where multiple interfaces 919 * have the same prefix, but only one is installed 920 * into the routing table and that prefix entry 921 * is not the one being examined here. In the case 922 * where RADIX_MPATH is enabled, multiple route 923 * entries (of the same rt_key value) will be 924 * installed because the interface addresses all 925 * differ. 926 */ 927 if (!IN6_ARE_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, 928 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr)) { 929 RTFREE_LOCKED(rt); 930 continue; 931 } 932 RTFREE_LOCKED(rt); 933 } 934 935 if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr, 936 &addr->sin6_addr, &pr->ndpr_mask)) 937 return (1); 938 } 939 940 /* 941 * If the address is assigned on the node of the other side of 942 * a p2p interface, the address should be a neighbor. 943 */ 944 dstaddr = ifa_ifwithdstaddr((struct sockaddr *)addr); 945 if (dstaddr != NULL) { 946 if (dstaddr->ifa_ifp == ifp) { 947 ifa_free(dstaddr); 948 return (1); 949 } 950 ifa_free(dstaddr); 951 } 952 953 /* 954 * If the default router list is empty, all addresses are regarded 955 * as on-link, and thus, as a neighbor. 956 */ 957 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && 958 TAILQ_EMPTY(&V_nd_defrouter) && 959 V_nd6_defifindex == ifp->if_index) { 960 return (1); 961 } 962 963 return (0); 964} 965 966 967/* 968 * Detect if a given IPv6 address identifies a neighbor on a given link. 969 * XXX: should take care of the destination of a p2p link? 970 */ 971int 972nd6_is_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp) 973{ 974 struct llentry *lle; 975 int rc = 0; 976 977 IF_AFDATA_UNLOCK_ASSERT(ifp); 978 if (nd6_is_new_addr_neighbor(addr, ifp)) 979 return (1); 980 981 /* 982 * Even if the address matches none of our addresses, it might be 983 * in the neighbor cache. 984 */ 985 IF_AFDATA_RLOCK(ifp); 986 if ((lle = nd6_lookup(&addr->sin6_addr, 0, ifp)) != NULL) { 987 LLE_RUNLOCK(lle); 988 rc = 1; 989 } 990 IF_AFDATA_RUNLOCK(ifp); 991 return (rc); 992} 993 994/* 995 * Free an nd6 llinfo entry. 996 * Since the function would cause significant changes in the kernel, DO NOT 997 * make it global, unless you have a strong reason for the change, and are sure 998 * that the change is safe. 999 */ 1000static struct llentry * 1001nd6_free(struct llentry *ln, int gc) 1002{ 1003 struct llentry *next; 1004 struct nd_defrouter *dr; 1005 struct ifnet *ifp; 1006 1007 LLE_WLOCK_ASSERT(ln); 1008 1009 /* 1010 * we used to have pfctlinput(PRC_HOSTDEAD) here. 1011 * even though it is not harmful, it was not really necessary. 1012 */ 1013 1014 /* cancel timer */ 1015 nd6_llinfo_settimer_locked(ln, -1); 1016 1017 ifp = ln->lle_tbl->llt_ifp; 1018 1019 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) { 1020 dr = defrouter_lookup(&L3_ADDR_SIN6(ln)->sin6_addr, ifp); 1021 1022 if (dr != NULL && dr->expire && 1023 ln->ln_state == ND6_LLINFO_STALE && gc) { 1024 /* 1025 * If the reason for the deletion is just garbage 1026 * collection, and the neighbor is an active default 1027 * router, do not delete it. Instead, reset the GC 1028 * timer using the router's lifetime. 1029 * Simply deleting the entry would affect default 1030 * router selection, which is not necessarily a good 1031 * thing, especially when we're using router preference 1032 * values. 1033 * XXX: the check for ln_state would be redundant, 1034 * but we intentionally keep it just in case. 1035 */ 1036 if (dr->expire > time_uptime) 1037 nd6_llinfo_settimer_locked(ln, 1038 (dr->expire - time_uptime) * hz); 1039 else 1040 nd6_llinfo_settimer_locked(ln, 1041 (long)V_nd6_gctimer * hz); 1042 1043 next = LIST_NEXT(ln, lle_next); 1044 LLE_REMREF(ln); 1045 LLE_WUNLOCK(ln); 1046 return (next); 1047 } 1048 1049 if (dr) { 1050 /* 1051 * Unreachablity of a router might affect the default 1052 * router selection and on-link detection of advertised 1053 * prefixes. 1054 */ 1055 1056 /* 1057 * Temporarily fake the state to choose a new default 1058 * router and to perform on-link determination of 1059 * prefixes correctly. 1060 * Below the state will be set correctly, 1061 * or the entry itself will be deleted. 1062 */ 1063 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1064 } 1065 1066 if (ln->ln_router || dr) { 1067 1068 /* 1069 * We need to unlock to avoid a LOR with rt6_flush() with the 1070 * rnh and for the calls to pfxlist_onlink_check() and 1071 * defrouter_select() in the block further down for calls 1072 * into nd6_lookup(). We still hold a ref. 1073 */ 1074 LLE_WUNLOCK(ln); 1075 1076 /* 1077 * rt6_flush must be called whether or not the neighbor 1078 * is in the Default Router List. 1079 * See a corresponding comment in nd6_na_input(). 1080 */ 1081 rt6_flush(&L3_ADDR_SIN6(ln)->sin6_addr, ifp); 1082 } 1083 1084 if (dr) { 1085 /* 1086 * Since defrouter_select() does not affect the 1087 * on-link determination and MIP6 needs the check 1088 * before the default router selection, we perform 1089 * the check now. 1090 */ 1091 pfxlist_onlink_check(); 1092 1093 /* 1094 * Refresh default router list. 1095 */ 1096 defrouter_select(); 1097 } 1098 1099 if (ln->ln_router || dr) 1100 LLE_WLOCK(ln); 1101 } 1102 1103 /* 1104 * Before deleting the entry, remember the next entry as the 1105 * return value. We need this because pfxlist_onlink_check() above 1106 * might have freed other entries (particularly the old next entry) as 1107 * a side effect (XXX). 1108 */ 1109 next = LIST_NEXT(ln, lle_next); 1110 1111 /* 1112 * Save to unlock. We still hold an extra reference and will not 1113 * free(9) in llentry_free() if someone else holds one as well. 1114 */ 1115 LLE_WUNLOCK(ln); 1116 IF_AFDATA_LOCK(ifp); 1117 LLE_WLOCK(ln); 1118 1119 /* Guard against race with other llentry_free(). */ 1120 if (ln->la_flags & LLE_LINKED) { 1121 LLE_REMREF(ln); 1122 llentry_free(ln); 1123 } else 1124 LLE_FREE_LOCKED(ln); 1125 1126 IF_AFDATA_UNLOCK(ifp); 1127 1128 return (next); 1129} 1130 1131/* 1132 * Upper-layer reachability hint for Neighbor Unreachability Detection. 1133 * 1134 * XXX cost-effective methods? 1135 */ 1136void 1137nd6_nud_hint(struct rtentry *rt, struct in6_addr *dst6, int force) 1138{ 1139 struct llentry *ln; 1140 struct ifnet *ifp; 1141 1142 if ((dst6 == NULL) || (rt == NULL)) 1143 return; 1144 1145 ifp = rt->rt_ifp; 1146 IF_AFDATA_LOCK(ifp); 1147 ln = nd6_lookup(dst6, ND6_EXCLUSIVE, NULL); 1148 IF_AFDATA_UNLOCK(ifp); 1149 if (ln == NULL) 1150 return; 1151 1152 if (ln->ln_state < ND6_LLINFO_REACHABLE) 1153 goto done; 1154 1155 /* 1156 * if we get upper-layer reachability confirmation many times, 1157 * it is possible we have false information. 1158 */ 1159 if (!force) { 1160 ln->ln_byhint++; 1161 if (ln->ln_byhint > V_nd6_maxnudhint) { 1162 goto done; 1163 } 1164 } 1165 1166 ln->ln_state = ND6_LLINFO_REACHABLE; 1167 if (!ND6_LLINFO_PERMANENT(ln)) { 1168 nd6_llinfo_settimer_locked(ln, 1169 (long)ND_IFINFO(rt->rt_ifp)->reachable * hz); 1170 } 1171done: 1172 LLE_WUNLOCK(ln); 1173} 1174 1175 1176/* 1177 * Rejuvenate this function for routing operations related 1178 * processing. 1179 */ 1180void 1181nd6_rtrequest(int req, struct rtentry *rt, struct rt_addrinfo *info) 1182{ 1183 struct sockaddr_in6 *gateway; 1184 struct nd_defrouter *dr; 1185 struct ifnet *ifp; 1186 1187 RT_LOCK_ASSERT(rt); 1188 gateway = (struct sockaddr_in6 *)rt->rt_gateway; 1189 ifp = rt->rt_ifp; 1190 1191 switch (req) { 1192 case RTM_ADD: 1193 break; 1194 1195 case RTM_DELETE: 1196 if (!ifp) 1197 return; 1198 /* 1199 * Only indirect routes are interesting. 1200 */ 1201 if ((rt->rt_flags & RTF_GATEWAY) == 0) 1202 return; 1203 /* 1204 * check for default route 1205 */ 1206 if (IN6_ARE_ADDR_EQUAL(&in6addr_any, 1207 &SIN6(rt_key(rt))->sin6_addr)) { 1208 1209 dr = defrouter_lookup(&gateway->sin6_addr, ifp); 1210 if (dr != NULL) 1211 dr->installed = 0; 1212 } 1213 break; 1214 } 1215} 1216 1217 1218int 1219nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp) 1220{ 1221 struct in6_drlist *drl = (struct in6_drlist *)data; 1222 struct in6_oprlist *oprl = (struct in6_oprlist *)data; 1223 struct in6_ndireq *ndi = (struct in6_ndireq *)data; 1224 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data; 1225 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data; 1226 struct nd_defrouter *dr; 1227 struct nd_prefix *pr; 1228 int i = 0, error = 0; 1229 1230 if (ifp->if_afdata[AF_INET6] == NULL) 1231 return (EPFNOSUPPORT); 1232 switch (cmd) { 1233 case SIOCGDRLST_IN6: 1234 /* 1235 * obsolete API, use sysctl under net.inet6.icmp6 1236 */ 1237 bzero(drl, sizeof(*drl)); 1238 TAILQ_FOREACH(dr, &V_nd_defrouter, dr_entry) { 1239 if (i >= DRLSTSIZ) 1240 break; 1241 drl->defrouter[i].rtaddr = dr->rtaddr; 1242 in6_clearscope(&drl->defrouter[i].rtaddr); 1243 1244 drl->defrouter[i].flags = dr->flags; 1245 drl->defrouter[i].rtlifetime = dr->rtlifetime; 1246 drl->defrouter[i].expire = dr->expire + 1247 (time_second - time_uptime); 1248 drl->defrouter[i].if_index = dr->ifp->if_index; 1249 i++; 1250 } 1251 break; 1252 case SIOCGPRLST_IN6: 1253 /* 1254 * obsolete API, use sysctl under net.inet6.icmp6 1255 * 1256 * XXX the structure in6_prlist was changed in backward- 1257 * incompatible manner. in6_oprlist is used for SIOCGPRLST_IN6, 1258 * in6_prlist is used for nd6_sysctl() - fill_prlist(). 1259 */ 1260 /* 1261 * XXX meaning of fields, especialy "raflags", is very 1262 * differnet between RA prefix list and RR/static prefix list. 1263 * how about separating ioctls into two? 1264 */ 1265 bzero(oprl, sizeof(*oprl)); 1266 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) { 1267 struct nd_pfxrouter *pfr; 1268 int j; 1269 1270 if (i >= PRLSTSIZ) 1271 break; 1272 oprl->prefix[i].prefix = pr->ndpr_prefix.sin6_addr; 1273 oprl->prefix[i].raflags = pr->ndpr_raf; 1274 oprl->prefix[i].prefixlen = pr->ndpr_plen; 1275 oprl->prefix[i].vltime = pr->ndpr_vltime; 1276 oprl->prefix[i].pltime = pr->ndpr_pltime; 1277 oprl->prefix[i].if_index = pr->ndpr_ifp->if_index; 1278 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 1279 oprl->prefix[i].expire = 0; 1280 else { 1281 time_t maxexpire; 1282 1283 /* XXX: we assume time_t is signed. */ 1284 maxexpire = (-1) & 1285 ~((time_t)1 << 1286 ((sizeof(maxexpire) * 8) - 1)); 1287 if (pr->ndpr_vltime < 1288 maxexpire - pr->ndpr_lastupdate) { 1289 oprl->prefix[i].expire = 1290 pr->ndpr_lastupdate + 1291 pr->ndpr_vltime + 1292 (time_second - time_uptime); 1293 } else 1294 oprl->prefix[i].expire = maxexpire; 1295 } 1296 1297 j = 0; 1298 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 1299 if (j < DRLSTSIZ) { 1300#define RTRADDR oprl->prefix[i].advrtr[j] 1301 RTRADDR = pfr->router->rtaddr; 1302 in6_clearscope(&RTRADDR); 1303#undef RTRADDR 1304 } 1305 j++; 1306 } 1307 oprl->prefix[i].advrtrs = j; 1308 oprl->prefix[i].origin = PR_ORIG_RA; 1309 1310 i++; 1311 } 1312 1313 break; 1314 case OSIOCGIFINFO_IN6: 1315#define ND ndi->ndi 1316 /* XXX: old ndp(8) assumes a positive value for linkmtu. */ 1317 bzero(&ND, sizeof(ND)); 1318 ND.linkmtu = IN6_LINKMTU(ifp); 1319 ND.maxmtu = ND_IFINFO(ifp)->maxmtu; 1320 ND.basereachable = ND_IFINFO(ifp)->basereachable; 1321 ND.reachable = ND_IFINFO(ifp)->reachable; 1322 ND.retrans = ND_IFINFO(ifp)->retrans; 1323 ND.flags = ND_IFINFO(ifp)->flags; 1324 ND.recalctm = ND_IFINFO(ifp)->recalctm; 1325 ND.chlim = ND_IFINFO(ifp)->chlim; 1326 break; 1327 case SIOCGIFINFO_IN6: 1328 ND = *ND_IFINFO(ifp); 1329 break; 1330 case SIOCSIFINFO_IN6: 1331 /* 1332 * used to change host variables from userland. 1333 * intented for a use on router to reflect RA configurations. 1334 */ 1335 /* 0 means 'unspecified' */ 1336 if (ND.linkmtu != 0) { 1337 if (ND.linkmtu < IPV6_MMTU || 1338 ND.linkmtu > IN6_LINKMTU(ifp)) { 1339 error = EINVAL; 1340 break; 1341 } 1342 ND_IFINFO(ifp)->linkmtu = ND.linkmtu; 1343 } 1344 1345 if (ND.basereachable != 0) { 1346 int obasereachable = ND_IFINFO(ifp)->basereachable; 1347 1348 ND_IFINFO(ifp)->basereachable = ND.basereachable; 1349 if (ND.basereachable != obasereachable) 1350 ND_IFINFO(ifp)->reachable = 1351 ND_COMPUTE_RTIME(ND.basereachable); 1352 } 1353 if (ND.retrans != 0) 1354 ND_IFINFO(ifp)->retrans = ND.retrans; 1355 if (ND.chlim != 0) 1356 ND_IFINFO(ifp)->chlim = ND.chlim; 1357 /* FALLTHROUGH */ 1358 case SIOCSIFINFO_FLAGS: 1359 { 1360 struct ifaddr *ifa; 1361 struct in6_ifaddr *ia; 1362 1363 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && 1364 !(ND.flags & ND6_IFF_IFDISABLED)) { 1365 /* ifdisabled 1->0 transision */ 1366 1367 /* 1368 * If the interface is marked as ND6_IFF_IFDISABLED and 1369 * has an link-local address with IN6_IFF_DUPLICATED, 1370 * do not clear ND6_IFF_IFDISABLED. 1371 * See RFC 4862, Section 5.4.5. 1372 */ 1373 int duplicated_linklocal = 0; 1374 1375 IF_ADDR_RLOCK(ifp); 1376 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1377 if (ifa->ifa_addr->sa_family != AF_INET6) 1378 continue; 1379 ia = (struct in6_ifaddr *)ifa; 1380 if ((ia->ia6_flags & IN6_IFF_DUPLICATED) && 1381 IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))) { 1382 duplicated_linklocal = 1; 1383 break; 1384 } 1385 } 1386 IF_ADDR_RUNLOCK(ifp); 1387 1388 if (duplicated_linklocal) { 1389 ND.flags |= ND6_IFF_IFDISABLED; 1390 log(LOG_ERR, "Cannot enable an interface" 1391 " with a link-local address marked" 1392 " duplicate.\n"); 1393 } else { 1394 ND_IFINFO(ifp)->flags &= ~ND6_IFF_IFDISABLED; 1395 if (ifp->if_flags & IFF_UP) 1396 in6_if_up(ifp); 1397 } 1398 } else if (!(ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && 1399 (ND.flags & ND6_IFF_IFDISABLED)) { 1400 /* ifdisabled 0->1 transision */ 1401 /* Mark all IPv6 address as tentative. */ 1402 1403 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED; 1404 IF_ADDR_RLOCK(ifp); 1405 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1406 if (ifa->ifa_addr->sa_family != AF_INET6) 1407 continue; 1408 ia = (struct in6_ifaddr *)ifa; 1409 ia->ia6_flags |= IN6_IFF_TENTATIVE; 1410 } 1411 IF_ADDR_RUNLOCK(ifp); 1412 } 1413 1414 if (ND.flags & ND6_IFF_AUTO_LINKLOCAL) { 1415 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_AUTO_LINKLOCAL)) { 1416 /* auto_linklocal 0->1 transision */ 1417 1418 /* If no link-local address on ifp, configure */ 1419 ND_IFINFO(ifp)->flags |= ND6_IFF_AUTO_LINKLOCAL; 1420 in6_ifattach(ifp, NULL); 1421 } else if (!(ND.flags & ND6_IFF_IFDISABLED) && 1422 ifp->if_flags & IFF_UP) { 1423 /* 1424 * When the IF already has 1425 * ND6_IFF_AUTO_LINKLOCAL, no link-local 1426 * address is assigned, and IFF_UP, try to 1427 * assign one. 1428 */ 1429 int haslinklocal = 0; 1430 1431 IF_ADDR_RLOCK(ifp); 1432 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 1433 if (ifa->ifa_addr->sa_family != AF_INET6) 1434 continue; 1435 ia = (struct in6_ifaddr *)ifa; 1436 if (IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))) { 1437 haslinklocal = 1; 1438 break; 1439 } 1440 } 1441 IF_ADDR_RUNLOCK(ifp); 1442 if (!haslinklocal) 1443 in6_ifattach(ifp, NULL); 1444 } 1445 } 1446 } 1447 ND_IFINFO(ifp)->flags = ND.flags; 1448 break; 1449#undef ND 1450 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */ 1451 /* sync kernel routing table with the default router list */ 1452 defrouter_reset(); 1453 defrouter_select(); 1454 break; 1455 case SIOCSPFXFLUSH_IN6: 1456 { 1457 /* flush all the prefix advertised by routers */ 1458 struct nd_prefix *pr, *next; 1459 1460 LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, next) { 1461 struct in6_ifaddr *ia, *ia_next; 1462 1463 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) 1464 continue; /* XXX */ 1465 1466 /* do we really have to remove addresses as well? */ 1467 /* XXXRW: in6_ifaddrhead locking. */ 1468 TAILQ_FOREACH_SAFE(ia, &V_in6_ifaddrhead, ia_link, 1469 ia_next) { 1470 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0) 1471 continue; 1472 1473 if (ia->ia6_ndpr == pr) 1474 in6_purgeaddr(&ia->ia_ifa); 1475 } 1476 prelist_remove(pr); 1477 } 1478 break; 1479 } 1480 case SIOCSRTRFLUSH_IN6: 1481 { 1482 /* flush all the default routers */ 1483 struct nd_defrouter *dr, *next; 1484 1485 defrouter_reset(); 1486 TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, next) { 1487 defrtrlist_del(dr); 1488 } 1489 defrouter_select(); 1490 break; 1491 } 1492 case SIOCGNBRINFO_IN6: 1493 { 1494 struct llentry *ln; 1495 struct in6_addr nb_addr = nbi->addr; /* make local for safety */ 1496 1497 if ((error = in6_setscope(&nb_addr, ifp, NULL)) != 0) 1498 return (error); 1499 1500 IF_AFDATA_RLOCK(ifp); 1501 ln = nd6_lookup(&nb_addr, 0, ifp); 1502 IF_AFDATA_RUNLOCK(ifp); 1503 1504 if (ln == NULL) { 1505 error = EINVAL; 1506 break; 1507 } 1508 nbi->state = ln->ln_state; 1509 nbi->asked = ln->la_asked; 1510 nbi->isrouter = ln->ln_router; 1511 if (ln->la_expire == 0) 1512 nbi->expire = 0; 1513 else 1514 nbi->expire = ln->la_expire + 1515 (time_second - time_uptime); 1516 LLE_RUNLOCK(ln); 1517 break; 1518 } 1519 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1520 ndif->ifindex = V_nd6_defifindex; 1521 break; 1522 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */ 1523 return (nd6_setdefaultiface(ndif->ifindex)); 1524 } 1525 return (error); 1526} 1527 1528/* 1529 * Create neighbor cache entry and cache link-layer address, 1530 * on reception of inbound ND6 packets. (RS/RA/NS/redirect) 1531 * 1532 * type - ICMP6 type 1533 * code - type dependent information 1534 * 1535 * XXXXX 1536 * The caller of this function already acquired the ndp 1537 * cache table lock because the cache entry is returned. 1538 */ 1539struct llentry * 1540nd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr, 1541 int lladdrlen, int type, int code) 1542{ 1543 struct llentry *ln = NULL; 1544 int is_newentry; 1545 int do_update; 1546 int olladdr; 1547 int llchange; 1548 int flags; 1549 int newstate = 0; 1550 uint16_t router = 0; 1551 struct sockaddr_in6 sin6; 1552 struct mbuf *chain = NULL; 1553 int static_route = 0; 1554 1555 IF_AFDATA_UNLOCK_ASSERT(ifp); 1556 1557 KASSERT(ifp != NULL, ("%s: ifp == NULL", __func__)); 1558 KASSERT(from != NULL, ("%s: from == NULL", __func__)); 1559 1560 /* nothing must be updated for unspecified address */ 1561 if (IN6_IS_ADDR_UNSPECIFIED(from)) 1562 return NULL; 1563 1564 /* 1565 * Validation about ifp->if_addrlen and lladdrlen must be done in 1566 * the caller. 1567 * 1568 * XXX If the link does not have link-layer adderss, what should 1569 * we do? (ifp->if_addrlen == 0) 1570 * Spec says nothing in sections for RA, RS and NA. There's small 1571 * description on it in NS section (RFC 2461 7.2.3). 1572 */ 1573 flags = lladdr ? ND6_EXCLUSIVE : 0; 1574 IF_AFDATA_LOCK(ifp); 1575 ln = nd6_lookup(from, flags, ifp); 1576 1577 if (ln == NULL) { 1578 flags |= ND6_EXCLUSIVE; 1579 ln = nd6_lookup(from, flags | ND6_CREATE, ifp); 1580 IF_AFDATA_UNLOCK(ifp); 1581 is_newentry = 1; 1582 } else { 1583 IF_AFDATA_UNLOCK(ifp); 1584 /* do nothing if static ndp is set */ 1585 if (ln->la_flags & LLE_STATIC) { 1586 static_route = 1; 1587 goto done; 1588 } 1589 is_newentry = 0; 1590 } 1591 if (ln == NULL) 1592 return (NULL); 1593 1594 olladdr = (ln->la_flags & LLE_VALID) ? 1 : 0; 1595 if (olladdr && lladdr) { 1596 llchange = bcmp(lladdr, &ln->ll_addr, 1597 ifp->if_addrlen); 1598 } else 1599 llchange = 0; 1600 1601 /* 1602 * newentry olladdr lladdr llchange (*=record) 1603 * 0 n n -- (1) 1604 * 0 y n -- (2) 1605 * 0 n y -- (3) * STALE 1606 * 0 y y n (4) * 1607 * 0 y y y (5) * STALE 1608 * 1 -- n -- (6) NOSTATE(= PASSIVE) 1609 * 1 -- y -- (7) * STALE 1610 */ 1611 1612 if (lladdr) { /* (3-5) and (7) */ 1613 /* 1614 * Record source link-layer address 1615 * XXX is it dependent to ifp->if_type? 1616 */ 1617 bcopy(lladdr, &ln->ll_addr, ifp->if_addrlen); 1618 ln->la_flags |= LLE_VALID; 1619 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED); 1620 } 1621 1622 if (!is_newentry) { 1623 if ((!olladdr && lladdr != NULL) || /* (3) */ 1624 (olladdr && lladdr != NULL && llchange)) { /* (5) */ 1625 do_update = 1; 1626 newstate = ND6_LLINFO_STALE; 1627 } else /* (1-2,4) */ 1628 do_update = 0; 1629 } else { 1630 do_update = 1; 1631 if (lladdr == NULL) /* (6) */ 1632 newstate = ND6_LLINFO_NOSTATE; 1633 else /* (7) */ 1634 newstate = ND6_LLINFO_STALE; 1635 } 1636 1637 if (do_update) { 1638 /* 1639 * Update the state of the neighbor cache. 1640 */ 1641 ln->ln_state = newstate; 1642 1643 if (ln->ln_state == ND6_LLINFO_STALE) { 1644 /* 1645 * XXX: since nd6_output() below will cause 1646 * state tansition to DELAY and reset the timer, 1647 * we must set the timer now, although it is actually 1648 * meaningless. 1649 */ 1650 nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz); 1651 1652 if (ln->la_hold) { 1653 struct mbuf *m_hold, *m_hold_next; 1654 1655 /* 1656 * reset the la_hold in advance, to explicitly 1657 * prevent a la_hold lookup in nd6_output() 1658 * (wouldn't happen, though...) 1659 */ 1660 for (m_hold = ln->la_hold, ln->la_hold = NULL; 1661 m_hold; m_hold = m_hold_next) { 1662 m_hold_next = m_hold->m_nextpkt; 1663 m_hold->m_nextpkt = NULL; 1664 1665 /* 1666 * we assume ifp is not a p2p here, so 1667 * just set the 2nd argument as the 1668 * 1st one. 1669 */ 1670 nd6_output_lle(ifp, ifp, m_hold, L3_ADDR_SIN6(ln), NULL, ln, &chain); 1671 } 1672 /* 1673 * If we have mbufs in the chain we need to do 1674 * deferred transmit. Copy the address from the 1675 * llentry before dropping the lock down below. 1676 */ 1677 if (chain != NULL) 1678 memcpy(&sin6, L3_ADDR_SIN6(ln), sizeof(sin6)); 1679 } 1680 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 1681 /* probe right away */ 1682 nd6_llinfo_settimer_locked((void *)ln, 0); 1683 } 1684 } 1685 1686 /* 1687 * ICMP6 type dependent behavior. 1688 * 1689 * NS: clear IsRouter if new entry 1690 * RS: clear IsRouter 1691 * RA: set IsRouter if there's lladdr 1692 * redir: clear IsRouter if new entry 1693 * 1694 * RA case, (1): 1695 * The spec says that we must set IsRouter in the following cases: 1696 * - If lladdr exist, set IsRouter. This means (1-5). 1697 * - If it is old entry (!newentry), set IsRouter. This means (7). 1698 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter. 1699 * A quetion arises for (1) case. (1) case has no lladdr in the 1700 * neighbor cache, this is similar to (6). 1701 * This case is rare but we figured that we MUST NOT set IsRouter. 1702 * 1703 * newentry olladdr lladdr llchange NS RS RA redir 1704 * D R 1705 * 0 n n -- (1) c ? s 1706 * 0 y n -- (2) c s s 1707 * 0 n y -- (3) c s s 1708 * 0 y y n (4) c s s 1709 * 0 y y y (5) c s s 1710 * 1 -- n -- (6) c c c s 1711 * 1 -- y -- (7) c c s c s 1712 * 1713 * (c=clear s=set) 1714 */ 1715 switch (type & 0xff) { 1716 case ND_NEIGHBOR_SOLICIT: 1717 /* 1718 * New entry must have is_router flag cleared. 1719 */ 1720 if (is_newentry) /* (6-7) */ 1721 ln->ln_router = 0; 1722 break; 1723 case ND_REDIRECT: 1724 /* 1725 * If the icmp is a redirect to a better router, always set the 1726 * is_router flag. Otherwise, if the entry is newly created, 1727 * clear the flag. [RFC 2461, sec 8.3] 1728 */ 1729 if (code == ND_REDIRECT_ROUTER) 1730 ln->ln_router = 1; 1731 else if (is_newentry) /* (6-7) */ 1732 ln->ln_router = 0; 1733 break; 1734 case ND_ROUTER_SOLICIT: 1735 /* 1736 * is_router flag must always be cleared. 1737 */ 1738 ln->ln_router = 0; 1739 break; 1740 case ND_ROUTER_ADVERT: 1741 /* 1742 * Mark an entry with lladdr as a router. 1743 */ 1744 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */ 1745 (is_newentry && lladdr)) { /* (7) */ 1746 ln->ln_router = 1; 1747 } 1748 break; 1749 } 1750 1751 if (ln != NULL) { 1752 static_route = (ln->la_flags & LLE_STATIC); 1753 router = ln->ln_router; 1754 1755 if (flags & ND6_EXCLUSIVE) 1756 LLE_WUNLOCK(ln); 1757 else 1758 LLE_RUNLOCK(ln); 1759 if (static_route) 1760 ln = NULL; 1761 } 1762 if (chain) 1763 nd6_output_flush(ifp, ifp, chain, &sin6, NULL); 1764 1765 /* 1766 * When the link-layer address of a router changes, select the 1767 * best router again. In particular, when the neighbor entry is newly 1768 * created, it might affect the selection policy. 1769 * Question: can we restrict the first condition to the "is_newentry" 1770 * case? 1771 * XXX: when we hear an RA from a new router with the link-layer 1772 * address option, defrouter_select() is called twice, since 1773 * defrtrlist_update called the function as well. However, I believe 1774 * we can compromise the overhead, since it only happens the first 1775 * time. 1776 * XXX: although defrouter_select() should not have a bad effect 1777 * for those are not autoconfigured hosts, we explicitly avoid such 1778 * cases for safety. 1779 */ 1780 if (do_update && router && 1781 ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) { 1782 /* 1783 * guaranteed recursion 1784 */ 1785 defrouter_select(); 1786 } 1787 1788 return (ln); 1789done: 1790 if (ln != NULL) { 1791 if (flags & ND6_EXCLUSIVE) 1792 LLE_WUNLOCK(ln); 1793 else 1794 LLE_RUNLOCK(ln); 1795 if (static_route) 1796 ln = NULL; 1797 } 1798 return (ln); 1799} 1800 1801static void 1802nd6_slowtimo(void *arg) 1803{ 1804 CURVNET_SET((struct vnet *) arg); 1805 struct nd_ifinfo *nd6if; 1806 struct ifnet *ifp; 1807 1808 callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz, 1809 nd6_slowtimo, curvnet); 1810 IFNET_RLOCK_NOSLEEP(); 1811 TAILQ_FOREACH(ifp, &V_ifnet, if_list) { 1812 if (ifp->if_afdata[AF_INET6] == NULL) 1813 continue; 1814 nd6if = ND_IFINFO(ifp); 1815 if (nd6if->basereachable && /* already initialized */ 1816 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) { 1817 /* 1818 * Since reachable time rarely changes by router 1819 * advertisements, we SHOULD insure that a new random 1820 * value gets recomputed at least once every few hours. 1821 * (RFC 2461, 6.3.4) 1822 */ 1823 nd6if->recalctm = V_nd6_recalc_reachtm_interval; 1824 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable); 1825 } 1826 } 1827 IFNET_RUNLOCK_NOSLEEP(); 1828 CURVNET_RESTORE(); 1829} 1830 1831int 1832nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0, 1833 struct sockaddr_in6 *dst, struct rtentry *rt0) 1834{ 1835 1836 return (nd6_output_lle(ifp, origifp, m0, dst, rt0, NULL, NULL)); 1837} 1838 1839 1840/* 1841 * Note that I'm not enforcing any global serialization 1842 * lle state or asked changes here as the logic is too 1843 * complicated to avoid having to always acquire an exclusive 1844 * lock 1845 * KMM 1846 * 1847 */ 1848#define senderr(e) { error = (e); goto bad;} 1849 1850int 1851nd6_output_lle(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m0, 1852 struct sockaddr_in6 *dst, struct rtentry *rt0, struct llentry *lle, 1853 struct mbuf **chain) 1854{ 1855 struct mbuf *m = m0; 1856 struct m_tag *mtag; 1857 struct llentry *ln = lle; 1858 struct ip6_hdr *ip6; 1859 int error = 0; 1860 int flags = 0; 1861 int ip6len; 1862 1863#ifdef INVARIANTS 1864 if (lle != NULL) { 1865 1866 LLE_WLOCK_ASSERT(lle); 1867 1868 KASSERT(chain != NULL, (" lle locked but no mbuf chain pointer passed")); 1869 } 1870#endif 1871 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr)) 1872 goto sendpkt; 1873 1874 if (nd6_need_cache(ifp) == 0) 1875 goto sendpkt; 1876 1877 /* 1878 * next hop determination. This routine is derived from ether_output. 1879 */ 1880 1881 /* 1882 * Address resolution or Neighbor Unreachability Detection 1883 * for the next hop. 1884 * At this point, the destination of the packet must be a unicast 1885 * or an anycast address(i.e. not a multicast). 1886 */ 1887 1888 flags = ((m != NULL) || (lle != NULL)) ? LLE_EXCLUSIVE : 0; 1889 if (ln == NULL) { 1890 retry: 1891 IF_AFDATA_LOCK(ifp); 1892 ln = lla_lookup(LLTABLE6(ifp), flags, (struct sockaddr *)dst); 1893 IF_AFDATA_UNLOCK(ifp); 1894 if ((ln == NULL) && nd6_is_addr_neighbor(dst, ifp)) { 1895 /* 1896 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(), 1897 * the condition below is not very efficient. But we believe 1898 * it is tolerable, because this should be a rare case. 1899 */ 1900 flags = ND6_CREATE | (m ? ND6_EXCLUSIVE : 0); 1901 IF_AFDATA_LOCK(ifp); 1902 ln = nd6_lookup(&dst->sin6_addr, flags, ifp); 1903 IF_AFDATA_UNLOCK(ifp); 1904 } 1905 } 1906 if (ln == NULL) { 1907 if ((ifp->if_flags & IFF_POINTOPOINT) == 0 && 1908 !(ND_IFINFO(ifp)->flags & ND6_IFF_PERFORMNUD)) { 1909 char ip6buf[INET6_ADDRSTRLEN]; 1910 log(LOG_DEBUG, 1911 "nd6_output: can't allocate llinfo for %s " 1912 "(ln=%p)\n", 1913 ip6_sprintf(ip6buf, &dst->sin6_addr), ln); 1914 senderr(EIO); /* XXX: good error? */ 1915 } 1916 goto sendpkt; /* send anyway */ 1917 } 1918 1919 /* We don't have to do link-layer address resolution on a p2p link. */ 1920 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 && 1921 ln->ln_state < ND6_LLINFO_REACHABLE) { 1922 if ((flags & LLE_EXCLUSIVE) == 0) { 1923 flags |= LLE_EXCLUSIVE; 1924 goto retry; 1925 } 1926 ln->ln_state = ND6_LLINFO_STALE; 1927 nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz); 1928 } 1929 1930 /* 1931 * The first time we send a packet to a neighbor whose entry is 1932 * STALE, we have to change the state to DELAY and a sets a timer to 1933 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do 1934 * neighbor unreachability detection on expiration. 1935 * (RFC 2461 7.3.3) 1936 */ 1937 if (ln->ln_state == ND6_LLINFO_STALE) { 1938 if ((flags & LLE_EXCLUSIVE) == 0) { 1939 flags |= LLE_EXCLUSIVE; 1940 LLE_RUNLOCK(ln); 1941 goto retry; 1942 } 1943 ln->la_asked = 0; 1944 ln->ln_state = ND6_LLINFO_DELAY; 1945 nd6_llinfo_settimer_locked(ln, (long)V_nd6_delay * hz); 1946 } 1947 1948 /* 1949 * If the neighbor cache entry has a state other than INCOMPLETE 1950 * (i.e. its link-layer address is already resolved), just 1951 * send the packet. 1952 */ 1953 if (ln->ln_state > ND6_LLINFO_INCOMPLETE) 1954 goto sendpkt; 1955 1956 /* 1957 * There is a neighbor cache entry, but no ethernet address 1958 * response yet. Append this latest packet to the end of the 1959 * packet queue in the mbuf, unless the number of the packet 1960 * does not exceed nd6_maxqueuelen. When it exceeds nd6_maxqueuelen, 1961 * the oldest packet in the queue will be removed. 1962 */ 1963 if (ln->ln_state == ND6_LLINFO_NOSTATE) 1964 ln->ln_state = ND6_LLINFO_INCOMPLETE; 1965 1966 if ((flags & LLE_EXCLUSIVE) == 0) { 1967 flags |= LLE_EXCLUSIVE; 1968 LLE_RUNLOCK(ln); 1969 goto retry; 1970 } 1971 1972 LLE_WLOCK_ASSERT(ln); 1973 1974 if (ln->la_hold) { 1975 struct mbuf *m_hold; 1976 int i; 1977 1978 i = 0; 1979 for (m_hold = ln->la_hold; m_hold; m_hold = m_hold->m_nextpkt) { 1980 i++; 1981 if (m_hold->m_nextpkt == NULL) { 1982 m_hold->m_nextpkt = m; 1983 break; 1984 } 1985 } 1986 while (i >= V_nd6_maxqueuelen) { 1987 m_hold = ln->la_hold; 1988 ln->la_hold = ln->la_hold->m_nextpkt; 1989 m_freem(m_hold); 1990 i--; 1991 } 1992 } else { 1993 ln->la_hold = m; 1994 } 1995 1996 /* 1997 * If there has been no NS for the neighbor after entering the 1998 * INCOMPLETE state, send the first solicitation. 1999 */ 2000 if (!ND6_LLINFO_PERMANENT(ln) && ln->la_asked == 0) { 2001 ln->la_asked++; 2002 2003 nd6_llinfo_settimer_locked(ln, 2004 (long)ND_IFINFO(ifp)->retrans * hz / 1000); 2005 LLE_WUNLOCK(ln); 2006 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0); 2007 if (lle != NULL && ln == lle) 2008 LLE_WLOCK(lle); 2009 2010 } else if (lle == NULL || ln != lle) { 2011 /* 2012 * We did the lookup (no lle arg) so we 2013 * need to do the unlock here. 2014 */ 2015 LLE_WUNLOCK(ln); 2016 } 2017 2018 return (0); 2019 2020 sendpkt: 2021 /* discard the packet if IPv6 operation is disabled on the interface */ 2022 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) { 2023 error = ENETDOWN; /* better error? */ 2024 goto bad; 2025 } 2026 /* 2027 * ln is valid and the caller did not pass in 2028 * an llentry 2029 */ 2030 if ((ln != NULL) && (lle == NULL)) { 2031 if (flags & LLE_EXCLUSIVE) 2032 LLE_WUNLOCK(ln); 2033 else 2034 LLE_RUNLOCK(ln); 2035 } 2036 2037#ifdef MAC 2038 mac_netinet6_nd6_send(ifp, m); 2039#endif 2040 2041 /* 2042 * If called from nd6_ns_output() (NS), nd6_na_output() (NA), 2043 * icmp6_redirect_output() (REDIRECT) or from rip6_output() (RS, RA 2044 * as handled by rtsol and rtadvd), mbufs will be tagged for SeND 2045 * to be diverted to user space. When re-injected into the kernel, 2046 * send_output() will directly dispatch them to the outgoing interface. 2047 */ 2048 if (send_sendso_input_hook != NULL) { 2049 mtag = m_tag_find(m, PACKET_TAG_ND_OUTGOING, NULL); 2050 if (mtag != NULL) { 2051 ip6 = mtod(m, struct ip6_hdr *); 2052 ip6len = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen); 2053 /* Use the SEND socket */ 2054 error = send_sendso_input_hook(m, ifp, SND_OUT, 2055 ip6len); 2056 /* -1 == no app on SEND socket */ 2057 if (error == 0 || error != -1) 2058 return (error); 2059 } 2060 } 2061 2062 /* 2063 * We were passed in a pointer to an lle with the lock held 2064 * this means that we can't call if_output as we will 2065 * recurse on the lle lock - so what we do is we create 2066 * a list of mbufs to send and transmit them in the caller 2067 * after the lock is dropped 2068 */ 2069 if (lle != NULL) { 2070 if (*chain == NULL) 2071 *chain = m; 2072 else { 2073 struct mbuf *mb; 2074 2075 /* 2076 * append mbuf to end of deferred chain 2077 */ 2078 mb = *chain; 2079 while (mb->m_nextpkt != NULL) 2080 mb = mb->m_nextpkt; 2081 mb->m_nextpkt = m; 2082 } 2083 return (error); 2084 } 2085 /* Reset layer specific mbuf flags to avoid confusing lower layers. */ 2086 m->m_flags &= ~(M_PROTOFLAGS); 2087 if ((ifp->if_flags & IFF_LOOPBACK) != 0) { 2088 return ((*ifp->if_output)(origifp, m, (struct sockaddr *)dst, 2089 NULL)); 2090 } 2091 error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst, NULL); 2092 return (error); 2093 2094 bad: 2095 /* 2096 * ln is valid and the caller did not pass in 2097 * an llentry 2098 */ 2099 if ((ln != NULL) && (lle == NULL)) { 2100 if (flags & LLE_EXCLUSIVE) 2101 LLE_WUNLOCK(ln); 2102 else 2103 LLE_RUNLOCK(ln); 2104 } 2105 if (m) 2106 m_freem(m); 2107 return (error); 2108} 2109#undef senderr 2110 2111 2112int 2113nd6_output_flush(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *chain, 2114 struct sockaddr_in6 *dst, struct route *ro) 2115{ 2116 struct mbuf *m, *m_head; 2117 struct ifnet *outifp; 2118 int error = 0; 2119 2120 m_head = chain; 2121 if ((ifp->if_flags & IFF_LOOPBACK) != 0) 2122 outifp = origifp; 2123 else 2124 outifp = ifp; 2125 2126 while (m_head) { 2127 m = m_head; 2128 m_head = m_head->m_nextpkt; 2129 error = (*ifp->if_output)(ifp, m, (struct sockaddr *)dst, ro); 2130 } 2131 2132 /* 2133 * XXX 2134 * note that intermediate errors are blindly ignored - but this is 2135 * the same convention as used with nd6_output when called by 2136 * nd6_cache_lladdr 2137 */ 2138 return (error); 2139} 2140 2141 2142int 2143nd6_need_cache(struct ifnet *ifp) 2144{ 2145 /* 2146 * XXX: we currently do not make neighbor cache on any interface 2147 * other than ARCnet, Ethernet, FDDI and GIF. 2148 * 2149 * RFC2893 says: 2150 * - unidirectional tunnels needs no ND 2151 */ 2152 switch (ifp->if_type) { 2153 case IFT_ARCNET: 2154 case IFT_ETHER: 2155 case IFT_FDDI: 2156 case IFT_IEEE1394: 2157#ifdef IFT_L2VLAN 2158 case IFT_L2VLAN: 2159#endif 2160#ifdef IFT_IEEE80211 2161 case IFT_IEEE80211: 2162#endif 2163 case IFT_INFINIBAND: 2164 case IFT_GIF: /* XXX need more cases? */ 2165 case IFT_PPP: 2166 case IFT_TUNNEL: 2167 case IFT_BRIDGE: 2168 case IFT_PROPVIRTUAL: 2169 return (1); 2170 default: 2171 return (0); 2172 } 2173} 2174 2175/* 2176 * the callers of this function need to be re-worked to drop 2177 * the lle lock, drop here for now 2178 */ 2179int 2180nd6_storelladdr(struct ifnet *ifp, struct mbuf *m, 2181 const struct sockaddr *dst, u_char *desten, struct llentry **lle) 2182{ 2183 struct llentry *ln; 2184 2185 *lle = NULL; 2186 IF_AFDATA_UNLOCK_ASSERT(ifp); 2187 if (m != NULL && m->m_flags & M_MCAST) { 2188 int i; 2189 2190 switch (ifp->if_type) { 2191 case IFT_ETHER: 2192 case IFT_FDDI: 2193#ifdef IFT_L2VLAN 2194 case IFT_L2VLAN: 2195#endif 2196#ifdef IFT_IEEE80211 2197 case IFT_IEEE80211: 2198#endif 2199 case IFT_BRIDGE: 2200 case IFT_ISO88025: 2201 ETHER_MAP_IPV6_MULTICAST(&SIN6(dst)->sin6_addr, 2202 desten); 2203 return (0); 2204 case IFT_IEEE1394: 2205 /* 2206 * netbsd can use if_broadcastaddr, but we don't do so 2207 * to reduce # of ifdef. 2208 */ 2209 for (i = 0; i < ifp->if_addrlen; i++) 2210 desten[i] = ~0; 2211 return (0); 2212 case IFT_ARCNET: 2213 *desten = 0; 2214 return (0); 2215 default: 2216 m_freem(m); 2217 return (EAFNOSUPPORT); 2218 } 2219 } 2220 2221 2222 /* 2223 * the entry should have been created in nd6_store_lladdr 2224 */ 2225 IF_AFDATA_RLOCK(ifp); 2226 ln = lla_lookup(LLTABLE6(ifp), 0, dst); 2227 IF_AFDATA_RUNLOCK(ifp); 2228 if ((ln == NULL) || !(ln->la_flags & LLE_VALID)) { 2229 if (ln != NULL) 2230 LLE_RUNLOCK(ln); 2231 /* this could happen, if we could not allocate memory */ 2232 m_freem(m); 2233 return (1); 2234 } 2235 2236 bcopy(&ln->ll_addr, desten, ifp->if_addrlen); 2237 *lle = ln; 2238 LLE_RUNLOCK(ln); 2239 /* 2240 * A *small* use after free race exists here 2241 */ 2242 return (0); 2243} 2244 2245static void 2246clear_llinfo_pqueue(struct llentry *ln) 2247{ 2248 struct mbuf *m_hold, *m_hold_next; 2249 2250 for (m_hold = ln->la_hold; m_hold; m_hold = m_hold_next) { 2251 m_hold_next = m_hold->m_nextpkt; 2252 m_freem(m_hold); 2253 } 2254 2255 ln->la_hold = NULL; 2256 return; 2257} 2258 2259static int nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS); 2260static int nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS); 2261#ifdef SYSCTL_DECL 2262SYSCTL_DECL(_net_inet6_icmp6); 2263#endif 2264SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist, 2265 CTLFLAG_RD, nd6_sysctl_drlist, ""); 2266SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist, 2267 CTLFLAG_RD, nd6_sysctl_prlist, ""); 2268SYSCTL_VNET_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, nd6_maxqueuelen, 2269 CTLFLAG_RW, &VNET_NAME(nd6_maxqueuelen), 1, ""); 2270 2271static int 2272nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS) 2273{ 2274 struct in6_defrouter d; 2275 struct nd_defrouter *dr; 2276 int error; 2277 2278 if (req->newptr) 2279 return (EPERM); 2280 2281 bzero(&d, sizeof(d)); 2282 d.rtaddr.sin6_family = AF_INET6; 2283 d.rtaddr.sin6_len = sizeof(d.rtaddr); 2284 2285 /* 2286 * XXX locking 2287 */ 2288 TAILQ_FOREACH(dr, &V_nd_defrouter, dr_entry) { 2289 d.rtaddr.sin6_addr = dr->rtaddr; 2290 error = sa6_recoverscope(&d.rtaddr); 2291 if (error != 0) 2292 return (error); 2293 d.flags = dr->flags; 2294 d.rtlifetime = dr->rtlifetime; 2295 d.expire = dr->expire + (time_second - time_uptime); 2296 d.if_index = dr->ifp->if_index; 2297 error = SYSCTL_OUT(req, &d, sizeof(d)); 2298 if (error != 0) 2299 return (error); 2300 } 2301 return (0); 2302} 2303 2304static int 2305nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS) 2306{ 2307 struct in6_prefix p; 2308 struct sockaddr_in6 s6; 2309 struct nd_prefix *pr; 2310 struct nd_pfxrouter *pfr; 2311 time_t maxexpire; 2312 int error; 2313 char ip6buf[INET6_ADDRSTRLEN]; 2314 2315 if (req->newptr) 2316 return (EPERM); 2317 2318 bzero(&p, sizeof(p)); 2319 p.origin = PR_ORIG_RA; 2320 bzero(&s6, sizeof(s6)); 2321 s6.sin6_family = AF_INET6; 2322 s6.sin6_len = sizeof(s6); 2323 2324 /* 2325 * XXX locking 2326 */ 2327 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) { 2328 p.prefix = pr->ndpr_prefix; 2329 if (sa6_recoverscope(&p.prefix)) { 2330 log(LOG_ERR, "scope error in prefix list (%s)\n", 2331 ip6_sprintf(ip6buf, &p.prefix.sin6_addr)); 2332 /* XXX: press on... */ 2333 } 2334 p.raflags = pr->ndpr_raf; 2335 p.prefixlen = pr->ndpr_plen; 2336 p.vltime = pr->ndpr_vltime; 2337 p.pltime = pr->ndpr_pltime; 2338 p.if_index = pr->ndpr_ifp->if_index; 2339 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME) 2340 p.expire = 0; 2341 else { 2342 /* XXX: we assume time_t is signed. */ 2343 maxexpire = (-1) & 2344 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1)); 2345 if (pr->ndpr_vltime < maxexpire - pr->ndpr_lastupdate) 2346 p.expire = pr->ndpr_lastupdate + 2347 pr->ndpr_vltime + 2348 (time_second - time_uptime); 2349 else 2350 p.expire = maxexpire; 2351 } 2352 p.refcnt = pr->ndpr_refcnt; 2353 p.flags = pr->ndpr_stateflags; 2354 p.advrtrs = 0; 2355 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) 2356 p.advrtrs++; 2357 error = SYSCTL_OUT(req, &p, sizeof(p)); 2358 if (error != 0) 2359 return (error); 2360 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) { 2361 s6.sin6_addr = pfr->router->rtaddr; 2362 if (sa6_recoverscope(&s6)) 2363 log(LOG_ERR, 2364 "scope error in prefix list (%s)\n", 2365 ip6_sprintf(ip6buf, &pfr->router->rtaddr)); 2366 error = SYSCTL_OUT(req, &s6, sizeof(s6)); 2367 if (error != 0) 2368 return (error); 2369 } 2370 } 2371 return (0); 2372} 2373