nd6_nbr.c revision 151465
1/* $FreeBSD: head/sys/netinet6/nd6_nbr.c 151465 2005-10-19 10:09:19Z suz $ */ 2/* $KAME: nd6_nbr.c,v 1.86 2002/01/21 02:33:04 jinmei Exp $ */ 3 4/*- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33#include "opt_inet.h" 34#include "opt_inet6.h" 35#include "opt_ipsec.h" 36#include "opt_carp.h" 37 38#include <sys/param.h> 39#include <sys/systm.h> 40#include <sys/malloc.h> 41#include <sys/mbuf.h> 42#include <sys/socket.h> 43#include <sys/sockio.h> 44#include <sys/time.h> 45#include <sys/kernel.h> 46#include <sys/errno.h> 47#include <sys/syslog.h> 48#include <sys/queue.h> 49#include <sys/callout.h> 50 51#include <net/if.h> 52#include <net/if_types.h> 53#include <net/if_dl.h> 54#include <net/if_var.h> 55#include <net/route.h> 56 57#include <netinet/in.h> 58#include <netinet/in_var.h> 59#include <netinet6/in6_var.h> 60#include <netinet/ip6.h> 61#include <netinet6/ip6_var.h> 62#include <netinet6/scope6_var.h> 63#include <netinet6/nd6.h> 64#include <netinet/icmp6.h> 65 66#ifdef DEV_CARP 67#include <netinet/ip_carp.h> 68#endif 69 70#include <net/net_osdep.h> 71 72#define SDL(s) ((struct sockaddr_dl *)s) 73 74struct dadq; 75static struct dadq *nd6_dad_find __P((struct ifaddr *)); 76static void nd6_dad_starttimer __P((struct dadq *, int)); 77static void nd6_dad_stoptimer __P((struct dadq *)); 78static void nd6_dad_timer __P((struct ifaddr *)); 79static void nd6_dad_ns_output __P((struct dadq *, struct ifaddr *)); 80static void nd6_dad_ns_input __P((struct ifaddr *)); 81static void nd6_dad_na_input __P((struct ifaddr *)); 82 83static int dad_ignore_ns = 0; /* ignore NS in DAD - specwise incorrect*/ 84static int dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */ 85 86/* 87 * Input a Neighbor Solicitation Message. 88 * 89 * Based on RFC 2461 90 * Based on RFC 2462 (duplicate address detection) 91 */ 92void 93nd6_ns_input(m, off, icmp6len) 94 struct mbuf *m; 95 int off, icmp6len; 96{ 97 struct ifnet *ifp = m->m_pkthdr.rcvif; 98 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 99 struct nd_neighbor_solicit *nd_ns; 100 struct in6_addr saddr6 = ip6->ip6_src; 101 struct in6_addr daddr6 = ip6->ip6_dst; 102 struct in6_addr taddr6; 103 struct in6_addr myaddr6; 104 char *lladdr = NULL; 105 struct ifaddr *ifa = NULL; 106 int lladdrlen = 0; 107 int anycast = 0, proxy = 0, tentative = 0; 108 int tlladdr; 109 union nd_opts ndopts; 110 struct sockaddr_dl *proxydl = NULL; 111 112#ifndef PULLDOWN_TEST 113 IP6_EXTHDR_CHECK(m, off, icmp6len,); 114 nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off); 115#else 116 IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len); 117 if (nd_ns == NULL) { 118 icmp6stat.icp6s_tooshort++; 119 return; 120 } 121#endif 122 ip6 = mtod(m, struct ip6_hdr *); /* adjust pointer for safety */ 123 taddr6 = nd_ns->nd_ns_target; 124 if (in6_setscope(&taddr6, ifp, NULL) != 0) 125 goto bad; 126 127 if (ip6->ip6_hlim != 255) { 128 nd6log((LOG_ERR, 129 "nd6_ns_input: invalid hlim (%d) from %s to %s on %s\n", 130 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src), 131 ip6_sprintf(&ip6->ip6_dst), if_name(ifp))); 132 goto bad; 133 } 134 135 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 136 /* dst has to be a solicited node multicast address. */ 137 if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL && 138 /* don't check ifindex portion */ 139 daddr6.s6_addr32[1] == 0 && 140 daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE && 141 daddr6.s6_addr8[12] == 0xff) { 142 ; /* good */ 143 } else { 144 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet " 145 "(wrong ip6 dst)\n")); 146 goto bad; 147 } 148 } 149 150 if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 151 nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n")); 152 goto bad; 153 } 154 155 icmp6len -= sizeof(*nd_ns); 156 nd6_option_init(nd_ns + 1, icmp6len, &ndopts); 157 if (nd6_options(&ndopts) < 0) { 158 nd6log((LOG_INFO, 159 "nd6_ns_input: invalid ND option, ignored\n")); 160 /* nd6_options have incremented stats */ 161 goto freeit; 162 } 163 164 if (ndopts.nd_opts_src_lladdr) { 165 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1); 166 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 167 } 168 169 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) { 170 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet " 171 "(link-layer address option)\n")); 172 goto bad; 173 } 174 175 /* 176 * Attaching target link-layer address to the NA? 177 * (RFC 2461 7.2.4) 178 * 179 * NS IP dst is unicast/anycast MUST NOT add 180 * NS IP dst is solicited-node multicast MUST add 181 * 182 * In implementation, we add target link-layer address by default. 183 * We do not add one in MUST NOT cases. 184 */ 185#if 0 /* too much! */ 186 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &daddr6); 187 if (ifa && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)) 188 tlladdr = 0; 189 else 190#endif 191 if (!IN6_IS_ADDR_MULTICAST(&daddr6)) 192 tlladdr = 0; 193 else 194 tlladdr = 1; 195 196 /* 197 * Target address (taddr6) must be either: 198 * (1) Valid unicast/anycast address for my receiving interface, 199 * (2) Unicast address for which I'm offering proxy service, or 200 * (3) "tentative" address on which DAD is being performed. 201 */ 202 /* (1) and (3) check. */ 203#ifdef DEV_CARP 204 if (ifp->if_carp) 205 ifa = carp_iamatch6(ifp->if_carp, &taddr6); 206 if (ifa == NULL) 207 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 208#else 209 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 210#endif 211 212 /* (2) check. */ 213 if (ifa == NULL) { 214 struct rtentry *rt; 215 struct sockaddr_in6 tsin6; 216 int need_proxy; 217 218 bzero(&tsin6, sizeof tsin6); 219 tsin6.sin6_len = sizeof(struct sockaddr_in6); 220 tsin6.sin6_family = AF_INET6; 221 tsin6.sin6_addr = taddr6; 222 223 rt = rtalloc1((struct sockaddr *)&tsin6, 0, 0); 224 need_proxy = (rt && (rt->rt_flags & RTF_ANNOUNCE) != 0 && 225 rt->rt_gateway->sa_family == AF_LINK); 226 if (rt) 227 rtfree(rt); 228 if (need_proxy) { 229 /* 230 * proxy NDP for single entry 231 */ 232 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 233 IN6_IFF_NOTREADY|IN6_IFF_ANYCAST); 234 if (ifa) { 235 proxy = 1; 236 proxydl = SDL(rt->rt_gateway); 237 } 238 } 239 } 240 if (!ifa) { 241 /* 242 * We've got an NS packet, and we don't have that adddress 243 * assigned for us. We MUST silently ignore it. 244 * See RFC2461 7.2.3. 245 */ 246 goto freeit; 247 } 248 myaddr6 = *IFA_IN6(ifa); 249 anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST; 250 tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE; 251 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED) 252 goto freeit; 253 254 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 255 nd6log((LOG_INFO, "nd6_ns_input: lladdrlen mismatch for %s " 256 "(if %d, NS packet %d)\n", 257 ip6_sprintf(&taddr6), 258 ifp->if_addrlen, lladdrlen - 2)); 259 goto bad; 260 } 261 262 if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) { 263 nd6log((LOG_INFO, "nd6_ns_input: duplicate IP6 address %s\n", 264 ip6_sprintf(&saddr6))); 265 goto freeit; 266 } 267 268 /* 269 * We have neighbor solicitation packet, with target address equals to 270 * one of my tentative address. 271 * 272 * src addr how to process? 273 * --- --- 274 * multicast of course, invalid (rejected in ip6_input) 275 * unicast somebody is doing address resolution -> ignore 276 * unspec dup address detection 277 * 278 * The processing is defined in RFC 2462. 279 */ 280 if (tentative) { 281 /* 282 * If source address is unspecified address, it is for 283 * duplicate address detection. 284 * 285 * If not, the packet is for addess resolution; 286 * silently ignore it. 287 */ 288 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) 289 nd6_dad_ns_input(ifa); 290 291 goto freeit; 292 } 293 294 /* 295 * If the source address is unspecified address, entries must not 296 * be created or updated. 297 * It looks that sender is performing DAD. Output NA toward 298 * all-node multicast address, to tell the sender that I'm using 299 * the address. 300 * S bit ("solicited") must be zero. 301 */ 302 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 303 struct in6_addr in6_all; 304 305 in6_all = in6addr_linklocal_allnodes; 306 if (in6_setscope(&in6_all, ifp, NULL) != 0) 307 goto bad; 308 nd6_na_output(ifp, &in6_all, &taddr6, 309 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) | 310 (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0), 311 tlladdr, (struct sockaddr *)proxydl); 312 goto freeit; 313 } 314 315 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, 316 ND_NEIGHBOR_SOLICIT, 0); 317 318 nd6_na_output(ifp, &saddr6, &taddr6, 319 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) | 320 (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0) | ND_NA_FLAG_SOLICITED, 321 tlladdr, (struct sockaddr *)proxydl); 322 freeit: 323 m_freem(m); 324 return; 325 326 bad: 327 nd6log((LOG_ERR, "nd6_ns_input: src=%s\n", ip6_sprintf(&saddr6))); 328 nd6log((LOG_ERR, "nd6_ns_input: dst=%s\n", ip6_sprintf(&daddr6))); 329 nd6log((LOG_ERR, "nd6_ns_input: tgt=%s\n", ip6_sprintf(&taddr6))); 330 icmp6stat.icp6s_badns++; 331 m_freem(m); 332} 333 334/* 335 * Output a Neighbor Solicitation Message. Caller specifies: 336 * - ICMP6 header source IP6 address 337 * - ND6 header target IP6 address 338 * - ND6 header source datalink address 339 * 340 * Based on RFC 2461 341 * Based on RFC 2462 (duplicate address detection) 342 */ 343void 344nd6_ns_output(ifp, daddr6, taddr6, ln, dad) 345 struct ifnet *ifp; 346 const struct in6_addr *daddr6, *taddr6; 347 struct llinfo_nd6 *ln; /* for source address determination */ 348 int dad; /* duplicate address detection */ 349{ 350 struct mbuf *m; 351 struct ip6_hdr *ip6; 352 struct nd_neighbor_solicit *nd_ns; 353 struct in6_addr *src, src_in; 354 struct ip6_moptions im6o; 355 int icmp6len; 356 int maxlen; 357 caddr_t mac; 358 struct route_in6 ro; 359 360 bzero(&ro, sizeof(ro)); 361 362 if (IN6_IS_ADDR_MULTICAST(taddr6)) 363 return; 364 365 /* estimate the size of message */ 366 maxlen = sizeof(*ip6) + sizeof(*nd_ns); 367 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 368 if (max_linkhdr + maxlen >= MCLBYTES) { 369#ifdef DIAGNOSTIC 370 printf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES " 371 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); 372#endif 373 return; 374 } 375 376 MGETHDR(m, M_DONTWAIT, MT_DATA); 377 if (m && max_linkhdr + maxlen >= MHLEN) { 378 MCLGET(m, M_DONTWAIT); 379 if ((m->m_flags & M_EXT) == 0) { 380 m_free(m); 381 m = NULL; 382 } 383 } 384 if (m == NULL) 385 return; 386 m->m_pkthdr.rcvif = NULL; 387 388 if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) { 389 m->m_flags |= M_MCAST; 390 im6o.im6o_multicast_ifp = ifp; 391 im6o.im6o_multicast_hlim = 255; 392 im6o.im6o_multicast_loop = 0; 393 } 394 395 icmp6len = sizeof(*nd_ns); 396 m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len; 397 m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */ 398 399 /* fill neighbor solicitation packet */ 400 ip6 = mtod(m, struct ip6_hdr *); 401 ip6->ip6_flow = 0; 402 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 403 ip6->ip6_vfc |= IPV6_VERSION; 404 /* ip6->ip6_plen will be set later */ 405 ip6->ip6_nxt = IPPROTO_ICMPV6; 406 ip6->ip6_hlim = 255; 407 if (daddr6) 408 ip6->ip6_dst = *daddr6; 409 else { 410 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 411 ip6->ip6_dst.s6_addr16[1] = 0; 412 ip6->ip6_dst.s6_addr32[1] = 0; 413 ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE; 414 ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3]; 415 ip6->ip6_dst.s6_addr8[12] = 0xff; 416 if (in6_setscope(&ip6->ip6_dst, ifp, NULL) != 0) 417 goto bad; 418 } 419 if (!dad) { 420 /* 421 * RFC2461 7.2.2: 422 * "If the source address of the packet prompting the 423 * solicitation is the same as one of the addresses assigned 424 * to the outgoing interface, that address SHOULD be placed 425 * in the IP Source Address of the outgoing solicitation. 426 * Otherwise, any one of the addresses assigned to the 427 * interface should be used." 428 * 429 * We use the source address for the prompting packet 430 * (saddr6), if: 431 * - saddr6 is given from the caller (by giving "ln"), and 432 * - saddr6 belongs to the outgoing interface. 433 * Otherwise, we perform the source address selection as usual. 434 */ 435 struct ip6_hdr *hip6; /* hold ip6 */ 436 struct in6_addr *hsrc = NULL; 437 438 if (ln && ln->ln_hold) { 439 /* 440 * assuming every packet in ln_hold has the same IP 441 * header 442 */ 443 hip6 = mtod(ln->ln_hold, struct ip6_hdr *); 444 /* XXX pullup? */ 445 if (sizeof(*hip6) < ln->ln_hold->m_len) 446 hsrc = &hip6->ip6_src; 447 else 448 hsrc = NULL; 449 } 450 if (hsrc && in6ifa_ifpwithaddr(ifp, hsrc)) 451 src = hsrc; 452 else { 453 int error; 454 struct sockaddr_in6 dst_sa; 455 456 bzero(&dst_sa, sizeof(dst_sa)); 457 dst_sa.sin6_family = AF_INET6; 458 dst_sa.sin6_len = sizeof(dst_sa); 459 dst_sa.sin6_addr = ip6->ip6_dst; 460 461 src = in6_selectsrc(&dst_sa, NULL, 462 NULL, &ro, NULL, NULL, &error); 463 if (src == NULL) { 464 nd6log((LOG_DEBUG, 465 "nd6_ns_output: source can't be " 466 "determined: dst=%s, error=%d\n", 467 ip6_sprintf(&dst_sa.sin6_addr), error)); 468 goto bad; 469 } 470 } 471 } else { 472 /* 473 * Source address for DAD packet must always be IPv6 474 * unspecified address. (0::0) 475 * We actually don't have to 0-clear the address (we did it 476 * above), but we do so here explicitly to make the intention 477 * clearer. 478 */ 479 bzero(&src_in, sizeof(src_in)); 480 src = &src_in; 481 } 482 ip6->ip6_src = *src; 483 nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1); 484 nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; 485 nd_ns->nd_ns_code = 0; 486 nd_ns->nd_ns_reserved = 0; 487 nd_ns->nd_ns_target = *taddr6; 488 in6_clearscope(&nd_ns->nd_ns_target); /* XXX */ 489 490 /* 491 * Add source link-layer address option. 492 * 493 * spec implementation 494 * --- --- 495 * DAD packet MUST NOT do not add the option 496 * there's no link layer address: 497 * impossible do not add the option 498 * there's link layer address: 499 * Multicast NS MUST add one add the option 500 * Unicast NS SHOULD add one add the option 501 */ 502 if (!dad && (mac = nd6_ifptomac(ifp))) { 503 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 504 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1); 505 /* 8 byte alignments... */ 506 optlen = (optlen + 7) & ~7; 507 508 m->m_pkthdr.len += optlen; 509 m->m_len += optlen; 510 icmp6len += optlen; 511 bzero((caddr_t)nd_opt, optlen); 512 nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR; 513 nd_opt->nd_opt_len = optlen >> 3; 514 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen); 515 } 516 517 ip6->ip6_plen = htons((u_short)icmp6len); 518 nd_ns->nd_ns_cksum = 0; 519 nd_ns->nd_ns_cksum = 520 in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len); 521 522 ip6_output(m, NULL, &ro, dad ? IPV6_DADOUTPUT : 0, &im6o, NULL, NULL); 523 icmp6_ifstat_inc(ifp, ifs6_out_msg); 524 icmp6_ifstat_inc(ifp, ifs6_out_neighborsolicit); 525 icmp6stat.icp6s_outhist[ND_NEIGHBOR_SOLICIT]++; 526 527 if (ro.ro_rt) { /* we don't cache this route. */ 528 RTFREE(ro.ro_rt); 529 } 530 return; 531 532 bad: 533 if (ro.ro_rt) { 534 RTFREE(ro.ro_rt); 535 } 536 m_freem(m); 537 return; 538} 539 540/* 541 * Neighbor advertisement input handling. 542 * 543 * Based on RFC 2461 544 * Based on RFC 2462 (duplicate address detection) 545 * 546 * the following items are not implemented yet: 547 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 548 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 549 */ 550void 551nd6_na_input(m, off, icmp6len) 552 struct mbuf *m; 553 int off, icmp6len; 554{ 555 struct ifnet *ifp = m->m_pkthdr.rcvif; 556 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 557 struct nd_neighbor_advert *nd_na; 558 struct in6_addr daddr6 = ip6->ip6_dst; 559 struct in6_addr taddr6; 560 int flags; 561 int is_router; 562 int is_solicited; 563 int is_override; 564 char *lladdr = NULL; 565 int lladdrlen = 0; 566 struct ifaddr *ifa; 567 struct llinfo_nd6 *ln; 568 struct rtentry *rt; 569 struct sockaddr_dl *sdl; 570 union nd_opts ndopts; 571 572 if (ip6->ip6_hlim != 255) { 573 nd6log((LOG_ERR, 574 "nd6_na_input: invalid hlim (%d) from %s to %s on %s\n", 575 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src), 576 ip6_sprintf(&ip6->ip6_dst), if_name(ifp))); 577 goto bad; 578 } 579 580#ifndef PULLDOWN_TEST 581 IP6_EXTHDR_CHECK(m, off, icmp6len,); 582 nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off); 583#else 584 IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len); 585 if (nd_na == NULL) { 586 icmp6stat.icp6s_tooshort++; 587 return; 588 } 589#endif 590 591 flags = nd_na->nd_na_flags_reserved; 592 is_router = ((flags & ND_NA_FLAG_ROUTER) != 0); 593 is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0); 594 is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0); 595 596 taddr6 = nd_na->nd_na_target; 597 if (in6_setscope(&taddr6, ifp, NULL)) 598 goto bad; /* XXX: impossible */ 599 600 if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 601 nd6log((LOG_ERR, 602 "nd6_na_input: invalid target address %s\n", 603 ip6_sprintf(&taddr6))); 604 goto bad; 605 } 606 if (IN6_IS_ADDR_MULTICAST(&daddr6)) 607 if (is_solicited) { 608 nd6log((LOG_ERR, 609 "nd6_na_input: a solicited adv is multicasted\n")); 610 goto bad; 611 } 612 613 icmp6len -= sizeof(*nd_na); 614 nd6_option_init(nd_na + 1, icmp6len, &ndopts); 615 if (nd6_options(&ndopts) < 0) { 616 nd6log((LOG_INFO, 617 "nd6_na_input: invalid ND option, ignored\n")); 618 /* nd6_options have incremented stats */ 619 goto freeit; 620 } 621 622 if (ndopts.nd_opts_tgt_lladdr) { 623 lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1); 624 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3; 625 } 626 627 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 628 629 /* 630 * Target address matches one of my interface address. 631 * 632 * If my address is tentative, this means that there's somebody 633 * already using the same address as mine. This indicates DAD failure. 634 * This is defined in RFC 2462. 635 * 636 * Otherwise, process as defined in RFC 2461. 637 */ 638 if (ifa 639 && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) { 640 nd6_dad_na_input(ifa); 641 goto freeit; 642 } 643 644 /* Just for safety, maybe unnecessary. */ 645 if (ifa) { 646 log(LOG_ERR, 647 "nd6_na_input: duplicate IP6 address %s\n", 648 ip6_sprintf(&taddr6)); 649 goto freeit; 650 } 651 652 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 653 nd6log((LOG_INFO, "nd6_na_input: lladdrlen mismatch for %s " 654 "(if %d, NA packet %d)\n", ip6_sprintf(&taddr6), 655 ifp->if_addrlen, lladdrlen - 2)); 656 goto bad; 657 } 658 659 /* 660 * If no neighbor cache entry is found, NA SHOULD silently be 661 * discarded. 662 */ 663 rt = nd6_lookup(&taddr6, 0, ifp); 664 if ((rt == NULL) || 665 ((ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) || 666 ((sdl = SDL(rt->rt_gateway)) == NULL)) 667 goto freeit; 668 669 if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 670 /* 671 * If the link-layer has address, and no lladdr option came, 672 * discard the packet. 673 */ 674 if (ifp->if_addrlen && lladdr == NULL) 675 goto freeit; 676 677 /* 678 * Record link-layer address, and update the state. 679 */ 680 sdl->sdl_alen = ifp->if_addrlen; 681 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 682 if (is_solicited) { 683 ln->ln_state = ND6_LLINFO_REACHABLE; 684 ln->ln_byhint = 0; 685 if (ln->ln_expire) { 686 ln->ln_expire = time_second + 687 ND_IFINFO(rt->rt_ifp)->reachable; 688 } 689 } else { 690 ln->ln_state = ND6_LLINFO_STALE; 691 ln->ln_expire = time_second + nd6_gctimer; 692 } 693 if ((ln->ln_router = is_router) != 0) { 694 /* 695 * This means a router's state has changed from 696 * non-reachable to probably reachable, and might 697 * affect the status of associated prefixes.. 698 */ 699 pfxlist_onlink_check(); 700 } 701 } else { 702 int llchange; 703 704 /* 705 * Check if the link-layer address has changed or not. 706 */ 707 if (lladdr == NULL) 708 llchange = 0; 709 else { 710 if (sdl->sdl_alen) { 711 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 712 llchange = 1; 713 else 714 llchange = 0; 715 } else 716 llchange = 1; 717 } 718 719 /* 720 * This is VERY complex. Look at it with care. 721 * 722 * override solicit lladdr llchange action 723 * (L: record lladdr) 724 * 725 * 0 0 n -- (2c) 726 * 0 0 y n (2b) L 727 * 0 0 y y (1) REACHABLE->STALE 728 * 0 1 n -- (2c) *->REACHABLE 729 * 0 1 y n (2b) L *->REACHABLE 730 * 0 1 y y (1) REACHABLE->STALE 731 * 1 0 n -- (2a) 732 * 1 0 y n (2a) L 733 * 1 0 y y (2a) L *->STALE 734 * 1 1 n -- (2a) *->REACHABLE 735 * 1 1 y n (2a) L *->REACHABLE 736 * 1 1 y y (2a) L *->REACHABLE 737 */ 738 if (!is_override && (lladdr != NULL && llchange)) { /* (1) */ 739 /* 740 * If state is REACHABLE, make it STALE. 741 * no other updates should be done. 742 */ 743 if (ln->ln_state == ND6_LLINFO_REACHABLE) { 744 ln->ln_state = ND6_LLINFO_STALE; 745 ln->ln_expire = time_second + nd6_gctimer; 746 } 747 goto freeit; 748 } else if (is_override /* (2a) */ 749 || (!is_override && (lladdr != NULL && !llchange)) /* (2b) */ 750 || lladdr == NULL) { /* (2c) */ 751 /* 752 * Update link-local address, if any. 753 */ 754 if (lladdr != NULL) { 755 sdl->sdl_alen = ifp->if_addrlen; 756 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 757 } 758 759 /* 760 * If solicited, make the state REACHABLE. 761 * If not solicited and the link-layer address was 762 * changed, make it STALE. 763 */ 764 if (is_solicited) { 765 ln->ln_state = ND6_LLINFO_REACHABLE; 766 ln->ln_byhint = 0; 767 if (ln->ln_expire) { 768 ln->ln_expire = time_second + 769 ND_IFINFO(ifp)->reachable; 770 } 771 } else { 772 if (lladdr != NULL && llchange) { 773 ln->ln_state = ND6_LLINFO_STALE; 774 ln->ln_expire = time_second + nd6_gctimer; 775 } 776 } 777 } 778 779 if (ln->ln_router && !is_router) { 780 /* 781 * The peer dropped the router flag. 782 * Remove the sender from the Default Router List and 783 * update the Destination Cache entries. 784 */ 785 struct nd_defrouter *dr; 786 struct in6_addr *in6; 787 int s; 788 789 in6 = &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr; 790 791 /* 792 * Lock to protect the default router list. 793 * XXX: this might be unnecessary, since this function 794 * is only called under the network software interrupt 795 * context. However, we keep it just for safety. 796 */ 797 s = splnet(); 798 dr = defrouter_lookup(in6, ifp); 799 if (dr) 800 defrtrlist_del(dr); 801 else if (!ip6_forwarding && ip6_accept_rtadv) { 802 /* 803 * Even if the neighbor is not in the default 804 * router list, the neighbor may be used 805 * as a next hop for some destinations 806 * (e.g. redirect case). So we must 807 * call rt6_flush explicitly. 808 */ 809 rt6_flush(&ip6->ip6_src, ifp); 810 } 811 splx(s); 812 } 813 ln->ln_router = is_router; 814 } 815 rt->rt_flags &= ~RTF_REJECT; 816 ln->ln_asked = 0; 817 if (ln->ln_hold) { 818 /* 819 * we assume ifp is not a loopback here, so just set the 2nd 820 * argument as the 1st one. 821 */ 822 nd6_output(ifp, ifp, ln->ln_hold, 823 (struct sockaddr_in6 *)rt_key(rt), rt); 824 ln->ln_hold = NULL; 825 } 826 827 freeit: 828 m_freem(m); 829 return; 830 831 bad: 832 icmp6stat.icp6s_badna++; 833 m_freem(m); 834} 835 836/* 837 * Neighbor advertisement output handling. 838 * 839 * Based on RFC 2461 840 * 841 * the following items are not implemented yet: 842 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 843 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 844 */ 845void 846nd6_na_output(ifp, daddr6_0, taddr6, flags, tlladdr, sdl0) 847 struct ifnet *ifp; 848 const struct in6_addr *daddr6_0, *taddr6; 849 u_long flags; 850 int tlladdr; /* 1 if include target link-layer address */ 851 struct sockaddr *sdl0; /* sockaddr_dl (= proxy NA) or NULL */ 852{ 853 struct mbuf *m; 854 struct ip6_hdr *ip6; 855 struct nd_neighbor_advert *nd_na; 856 struct ip6_moptions im6o; 857 struct in6_addr *src, daddr6; 858 struct sockaddr_in6 dst_sa; 859 int icmp6len, maxlen, error; 860 caddr_t mac = NULL; 861 struct route_in6 ro; 862 863 bzero(&ro, sizeof(ro)); 864 865 daddr6 = *daddr6_0; /* make a local copy for modification */ 866 867 /* estimate the size of message */ 868 maxlen = sizeof(*ip6) + sizeof(*nd_na); 869 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 870 if (max_linkhdr + maxlen >= MCLBYTES) { 871#ifdef DIAGNOSTIC 872 printf("nd6_na_output: max_linkhdr + maxlen >= MCLBYTES " 873 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); 874#endif 875 return; 876 } 877 878 MGETHDR(m, M_DONTWAIT, MT_DATA); 879 if (m && max_linkhdr + maxlen >= MHLEN) { 880 MCLGET(m, M_DONTWAIT); 881 if ((m->m_flags & M_EXT) == 0) { 882 m_free(m); 883 m = NULL; 884 } 885 } 886 if (m == NULL) 887 return; 888 m->m_pkthdr.rcvif = NULL; 889 890 if (IN6_IS_ADDR_MULTICAST(&daddr6)) { 891 m->m_flags |= M_MCAST; 892 im6o.im6o_multicast_ifp = ifp; 893 im6o.im6o_multicast_hlim = 255; 894 im6o.im6o_multicast_loop = 0; 895 } 896 897 icmp6len = sizeof(*nd_na); 898 m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len; 899 m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */ 900 901 /* fill neighbor advertisement packet */ 902 ip6 = mtod(m, struct ip6_hdr *); 903 ip6->ip6_flow = 0; 904 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 905 ip6->ip6_vfc |= IPV6_VERSION; 906 ip6->ip6_nxt = IPPROTO_ICMPV6; 907 ip6->ip6_hlim = 255; 908 if (IN6_IS_ADDR_UNSPECIFIED(&daddr6)) { 909 /* reply to DAD */ 910 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 911 ip6->ip6_dst.s6_addr16[1] = 0; 912 ip6->ip6_dst.s6_addr32[1] = 0; 913 ip6->ip6_dst.s6_addr32[2] = 0; 914 ip6->ip6_dst.s6_addr32[3] = IPV6_ADDR_INT32_ONE; 915 if (in6_setscope(&daddr6, ifp, NULL)) 916 goto bad; 917 918 flags &= ~ND_NA_FLAG_SOLICITED; 919 } 920 ip6->ip6_dst = daddr6; 921 bzero(&dst_sa, sizeof(struct sockaddr_in6)); 922 dst_sa.sin6_family = AF_INET6; 923 dst_sa.sin6_len = sizeof(struct sockaddr_in6); 924 dst_sa.sin6_addr = daddr6; 925 926 /* 927 * Select a source whose scope is the same as that of the dest. 928 */ 929 bcopy(&dst_sa, &ro.ro_dst, sizeof(dst_sa)); 930 src = in6_selectsrc(&dst_sa, NULL, NULL, &ro, NULL, NULL, &error); 931 if (src == NULL) { 932 nd6log((LOG_DEBUG, "nd6_na_output: source can't be " 933 "determined: dst=%s, error=%d\n", 934 ip6_sprintf(&dst_sa.sin6_addr), error)); 935 goto bad; 936 } 937 ip6->ip6_src = *src; 938 nd_na = (struct nd_neighbor_advert *)(ip6 + 1); 939 nd_na->nd_na_type = ND_NEIGHBOR_ADVERT; 940 nd_na->nd_na_code = 0; 941 nd_na->nd_na_target = *taddr6; 942 in6_clearscope(&nd_na->nd_na_target); /* XXX */ 943 944 /* 945 * "tlladdr" indicates NS's condition for adding tlladdr or not. 946 * see nd6_ns_input() for details. 947 * Basically, if NS packet is sent to unicast/anycast addr, 948 * target lladdr option SHOULD NOT be included. 949 */ 950 if (tlladdr) { 951 /* 952 * sdl0 != NULL indicates proxy NA. If we do proxy, use 953 * lladdr in sdl0. If we are not proxying (sending NA for 954 * my address) use lladdr configured for the interface. 955 */ 956 if (sdl0 == NULL) { 957#ifdef DEV_CARP 958 if (ifp->if_carp) 959 mac = carp_macmatch6(ifp->if_carp, m, taddr6); 960 if (mac == NULL) 961 mac = nd6_ifptomac(ifp); 962#else 963 mac = nd6_ifptomac(ifp); 964#endif 965 } else if (sdl0->sa_family == AF_LINK) { 966 struct sockaddr_dl *sdl; 967 sdl = (struct sockaddr_dl *)sdl0; 968 if (sdl->sdl_alen == ifp->if_addrlen) 969 mac = LLADDR(sdl); 970 } 971 } 972 if (tlladdr && mac) { 973 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 974 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1); 975 976 /* roundup to 8 bytes alignment! */ 977 optlen = (optlen + 7) & ~7; 978 979 m->m_pkthdr.len += optlen; 980 m->m_len += optlen; 981 icmp6len += optlen; 982 bzero((caddr_t)nd_opt, optlen); 983 nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; 984 nd_opt->nd_opt_len = optlen >> 3; 985 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen); 986 } else 987 flags &= ~ND_NA_FLAG_OVERRIDE; 988 989 ip6->ip6_plen = htons((u_short)icmp6len); 990 nd_na->nd_na_flags_reserved = flags; 991 nd_na->nd_na_cksum = 0; 992 nd_na->nd_na_cksum = 993 in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len); 994 995 ip6_output(m, NULL, &ro, 0, &im6o, NULL, NULL); 996 icmp6_ifstat_inc(ifp, ifs6_out_msg); 997 icmp6_ifstat_inc(ifp, ifs6_out_neighboradvert); 998 icmp6stat.icp6s_outhist[ND_NEIGHBOR_ADVERT]++; 999 1000 if (ro.ro_rt) { /* we don't cache this route. */ 1001 RTFREE(ro.ro_rt); 1002 } 1003 return; 1004 1005 bad: 1006 if (ro.ro_rt) { 1007 RTFREE(ro.ro_rt); 1008 } 1009 m_freem(m); 1010 return; 1011} 1012 1013caddr_t 1014nd6_ifptomac(ifp) 1015 struct ifnet *ifp; 1016{ 1017 switch (ifp->if_type) { 1018 case IFT_ARCNET: 1019 case IFT_ETHER: 1020 case IFT_FDDI: 1021 case IFT_IEEE1394: 1022#ifdef IFT_L2VLAN 1023 case IFT_L2VLAN: 1024#endif 1025#ifdef IFT_IEEE80211 1026 case IFT_IEEE80211: 1027#endif 1028#ifdef IFT_CARP 1029 case IFT_CARP: 1030#endif 1031 case IFT_BRIDGE: 1032 case IFT_ISO88025: 1033 return IF_LLADDR(ifp); 1034 default: 1035 return NULL; 1036 } 1037} 1038 1039TAILQ_HEAD(dadq_head, dadq); 1040struct dadq { 1041 TAILQ_ENTRY(dadq) dad_list; 1042 struct ifaddr *dad_ifa; 1043 int dad_count; /* max NS to send */ 1044 int dad_ns_tcount; /* # of trials to send NS */ 1045 int dad_ns_ocount; /* NS sent so far */ 1046 int dad_ns_icount; 1047 int dad_na_icount; 1048 struct callout dad_timer_ch; 1049}; 1050 1051static struct dadq_head dadq; 1052static int dad_init = 0; 1053 1054static struct dadq * 1055nd6_dad_find(ifa) 1056 struct ifaddr *ifa; 1057{ 1058 struct dadq *dp; 1059 1060 for (dp = dadq.tqh_first; dp; dp = dp->dad_list.tqe_next) { 1061 if (dp->dad_ifa == ifa) 1062 return dp; 1063 } 1064 return NULL; 1065} 1066 1067static void 1068nd6_dad_starttimer(dp, ticks) 1069 struct dadq *dp; 1070 int ticks; 1071{ 1072 1073 callout_reset(&dp->dad_timer_ch, ticks, 1074 (void (*) __P((void *)))nd6_dad_timer, (void *)dp->dad_ifa); 1075} 1076 1077static void 1078nd6_dad_stoptimer(dp) 1079 struct dadq *dp; 1080{ 1081 1082 callout_stop(&dp->dad_timer_ch); 1083} 1084 1085/* 1086 * Start Duplicate Address Detection (DAD) for specified interface address. 1087 */ 1088void 1089nd6_dad_start(ifa, tick) 1090 struct ifaddr *ifa; 1091 int *tick; /* minimum delay ticks for IFF_UP event */ 1092{ 1093 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1094 struct dadq *dp; 1095 1096 if (!dad_init) { 1097 TAILQ_INIT(&dadq); 1098 dad_init++; 1099 } 1100 1101 /* 1102 * If we don't need DAD, don't do it. 1103 * There are several cases: 1104 * - DAD is disabled (ip6_dad_count == 0) 1105 * - the interface address is anycast 1106 */ 1107 if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) { 1108 log(LOG_DEBUG, 1109 "nd6_dad_start: called with non-tentative address " 1110 "%s(%s)\n", 1111 ip6_sprintf(&ia->ia_addr.sin6_addr), 1112 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1113 return; 1114 } 1115 if (ia->ia6_flags & IN6_IFF_ANYCAST) { 1116 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1117 return; 1118 } 1119 if (!ip6_dad_count) { 1120 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1121 return; 1122 } 1123 if (ifa->ifa_ifp == NULL) 1124 panic("nd6_dad_start: ifa->ifa_ifp == NULL"); 1125 if (!(ifa->ifa_ifp->if_flags & IFF_UP)) { 1126 return; 1127 } 1128 if (nd6_dad_find(ifa) != NULL) { 1129 /* DAD already in progress */ 1130 return; 1131 } 1132 1133 dp = malloc(sizeof(*dp), M_IP6NDP, M_NOWAIT); 1134 if (dp == NULL) { 1135 log(LOG_ERR, "nd6_dad_start: memory allocation failed for " 1136 "%s(%s)\n", 1137 ip6_sprintf(&ia->ia_addr.sin6_addr), 1138 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1139 return; 1140 } 1141 bzero(dp, sizeof(*dp)); 1142 callout_init(&dp->dad_timer_ch, 0); 1143 TAILQ_INSERT_TAIL(&dadq, (struct dadq *)dp, dad_list); 1144 1145 nd6log((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp), 1146 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1147 1148 /* 1149 * Send NS packet for DAD, ip6_dad_count times. 1150 * Note that we must delay the first transmission, if this is the 1151 * first packet to be sent from the interface after interface 1152 * (re)initialization. 1153 */ 1154 dp->dad_ifa = ifa; 1155 IFAREF(ifa); /* just for safety */ 1156 dp->dad_count = ip6_dad_count; 1157 dp->dad_ns_icount = dp->dad_na_icount = 0; 1158 dp->dad_ns_ocount = dp->dad_ns_tcount = 0; 1159 if (tick == NULL) { 1160 nd6_dad_ns_output(dp, ifa); 1161 nd6_dad_starttimer(dp, 1162 ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000); 1163 } else { 1164 int ntick; 1165 1166 if (*tick == 0) 1167 ntick = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz); 1168 else 1169 ntick = *tick + arc4random() % (hz / 2); 1170 *tick = ntick; 1171 nd6_dad_starttimer(dp, ntick); 1172 } 1173} 1174 1175/* 1176 * terminate DAD unconditionally. used for address removals. 1177 */ 1178void 1179nd6_dad_stop(ifa) 1180 struct ifaddr *ifa; 1181{ 1182 struct dadq *dp; 1183 1184 if (!dad_init) 1185 return; 1186 dp = nd6_dad_find(ifa); 1187 if (!dp) { 1188 /* DAD wasn't started yet */ 1189 return; 1190 } 1191 1192 nd6_dad_stoptimer(dp); 1193 1194 TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list); 1195 free(dp, M_IP6NDP); 1196 dp = NULL; 1197 IFAFREE(ifa); 1198} 1199 1200static void 1201nd6_dad_timer(ifa) 1202 struct ifaddr *ifa; 1203{ 1204 int s; 1205 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1206 struct dadq *dp; 1207 1208 s = splnet(); /* XXX */ 1209 1210 /* Sanity check */ 1211 if (ia == NULL) { 1212 log(LOG_ERR, "nd6_dad_timer: called with null parameter\n"); 1213 goto done; 1214 } 1215 dp = nd6_dad_find(ifa); 1216 if (dp == NULL) { 1217 log(LOG_ERR, "nd6_dad_timer: DAD structure not found\n"); 1218 goto done; 1219 } 1220 if (ia->ia6_flags & IN6_IFF_DUPLICATED) { 1221 log(LOG_ERR, "nd6_dad_timer: called with duplicated address " 1222 "%s(%s)\n", 1223 ip6_sprintf(&ia->ia_addr.sin6_addr), 1224 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1225 goto done; 1226 } 1227 if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) { 1228 log(LOG_ERR, "nd6_dad_timer: called with non-tentative address " 1229 "%s(%s)\n", 1230 ip6_sprintf(&ia->ia_addr.sin6_addr), 1231 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1232 goto done; 1233 } 1234 1235 /* timeouted with IFF_{RUNNING,UP} check */ 1236 if (dp->dad_ns_tcount > dad_maxtry) { 1237 nd6log((LOG_INFO, "%s: could not run DAD, driver problem?\n", 1238 if_name(ifa->ifa_ifp))); 1239 1240 TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list); 1241 free(dp, M_IP6NDP); 1242 dp = NULL; 1243 IFAFREE(ifa); 1244 goto done; 1245 } 1246 1247 /* Need more checks? */ 1248 if (dp->dad_ns_ocount < dp->dad_count) { 1249 /* 1250 * We have more NS to go. Send NS packet for DAD. 1251 */ 1252 nd6_dad_ns_output(dp, ifa); 1253 nd6_dad_starttimer(dp, 1254 ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000); 1255 } else { 1256 /* 1257 * We have transmitted sufficient number of DAD packets. 1258 * See what we've got. 1259 */ 1260 int duplicate; 1261 1262 duplicate = 0; 1263 1264 if (dp->dad_na_icount) { 1265 /* 1266 * the check is in nd6_dad_na_input(), 1267 * but just in case 1268 */ 1269 duplicate++; 1270 } 1271 1272 if (dp->dad_ns_icount) { 1273 /* We've seen NS, means DAD has failed. */ 1274 duplicate++; 1275 } 1276 1277 if (duplicate) { 1278 /* (*dp) will be freed in nd6_dad_duplicated() */ 1279 dp = NULL; 1280 nd6_dad_duplicated(ifa); 1281 } else { 1282 /* 1283 * We are done with DAD. No NA came, no NS came. 1284 * No duplicate address found. 1285 */ 1286 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1287 1288 nd6log((LOG_DEBUG, 1289 "%s: DAD complete for %s - no duplicates found\n", 1290 if_name(ifa->ifa_ifp), 1291 ip6_sprintf(&ia->ia_addr.sin6_addr))); 1292 1293 TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list); 1294 free(dp, M_IP6NDP); 1295 dp = NULL; 1296 IFAFREE(ifa); 1297 } 1298 } 1299 1300done: 1301 splx(s); 1302} 1303 1304void 1305nd6_dad_duplicated(ifa) 1306 struct ifaddr *ifa; 1307{ 1308 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1309 struct dadq *dp; 1310 1311 dp = nd6_dad_find(ifa); 1312 if (dp == NULL) { 1313 log(LOG_ERR, "nd6_dad_duplicated: DAD structure not found\n"); 1314 return; 1315 } 1316 1317 log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: " 1318 "NS in/out=%d/%d, NA in=%d\n", 1319 if_name(ifa->ifa_ifp), ip6_sprintf(&ia->ia_addr.sin6_addr), 1320 dp->dad_ns_icount, dp->dad_ns_ocount, dp->dad_na_icount); 1321 1322 ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1323 ia->ia6_flags |= IN6_IFF_DUPLICATED; 1324 1325 /* We are done with DAD, with duplicate address found. (failure) */ 1326 nd6_dad_stoptimer(dp); 1327 1328 log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n", 1329 if_name(ifa->ifa_ifp), ip6_sprintf(&ia->ia_addr.sin6_addr)); 1330 log(LOG_ERR, "%s: manual intervention required\n", 1331 if_name(ifa->ifa_ifp)); 1332 1333 TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list); 1334 free(dp, M_IP6NDP); 1335 dp = NULL; 1336 IFAFREE(ifa); 1337} 1338 1339static void 1340nd6_dad_ns_output(dp, ifa) 1341 struct dadq *dp; 1342 struct ifaddr *ifa; 1343{ 1344 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1345 struct ifnet *ifp = ifa->ifa_ifp; 1346 1347 dp->dad_ns_tcount++; 1348 if ((ifp->if_flags & IFF_UP) == 0) { 1349#if 0 1350 printf("%s: interface down?\n", if_name(ifp)); 1351#endif 1352 return; 1353 } 1354 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) { 1355#if 0 1356 printf("%s: interface not running?\n", if_name(ifp)); 1357#endif 1358 return; 1359 } 1360 1361 dp->dad_ns_ocount++; 1362 nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL, 1); 1363} 1364 1365static void 1366nd6_dad_ns_input(ifa) 1367 struct ifaddr *ifa; 1368{ 1369 struct in6_ifaddr *ia; 1370 struct ifnet *ifp; 1371 const struct in6_addr *taddr6; 1372 struct dadq *dp; 1373 int duplicate; 1374 1375 if (ifa == NULL) 1376 panic("ifa == NULL in nd6_dad_ns_input"); 1377 1378 ia = (struct in6_ifaddr *)ifa; 1379 ifp = ifa->ifa_ifp; 1380 taddr6 = &ia->ia_addr.sin6_addr; 1381 duplicate = 0; 1382 dp = nd6_dad_find(ifa); 1383 1384 /* Quickhack - completely ignore DAD NS packets */ 1385 if (dad_ignore_ns) { 1386 nd6log((LOG_INFO, 1387 "nd6_dad_ns_input: ignoring DAD NS packet for " 1388 "address %s(%s)\n", ip6_sprintf(taddr6), 1389 if_name(ifa->ifa_ifp))); 1390 return; 1391 } 1392 1393 /* 1394 * if I'm yet to start DAD, someone else started using this address 1395 * first. I have a duplicate and you win. 1396 */ 1397 if (dp == NULL || dp->dad_ns_ocount == 0) 1398 duplicate++; 1399 1400 /* XXX more checks for loopback situation - see nd6_dad_timer too */ 1401 1402 if (duplicate) { 1403 dp = NULL; /* will be freed in nd6_dad_duplicated() */ 1404 nd6_dad_duplicated(ifa); 1405 } else { 1406 /* 1407 * not sure if I got a duplicate. 1408 * increment ns count and see what happens. 1409 */ 1410 if (dp) 1411 dp->dad_ns_icount++; 1412 } 1413} 1414 1415static void 1416nd6_dad_na_input(ifa) 1417 struct ifaddr *ifa; 1418{ 1419 struct dadq *dp; 1420 1421 if (ifa == NULL) 1422 panic("ifa == NULL in nd6_dad_na_input"); 1423 1424 dp = nd6_dad_find(ifa); 1425 if (dp) 1426 dp->dad_na_icount++; 1427 1428 /* remove the address. */ 1429 nd6_dad_duplicated(ifa); 1430} 1431