nd6_nbr.c revision 62587
1271493Sdelphij/* $FreeBSD: head/sys/netinet6/nd6_nbr.c 62587 2000-07-04 16:35:15Z itojun $ */ 2271493Sdelphij/* $KAME: nd6_nbr.c,v 1.37 2000/06/04 12:46:13 itojun Exp $ */ 3271493Sdelphij 4271493Sdelphij/* 5271493Sdelphij * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6271493Sdelphij * All rights reserved. 7271493Sdelphij * 8271493Sdelphij * Redistribution and use in source and binary forms, with or without 9271493Sdelphij * modification, are permitted provided that the following conditions 10271493Sdelphij * are met: 11271493Sdelphij * 1. Redistributions of source code must retain the above copyright 12271493Sdelphij * notice, this list of conditions and the following disclaimer. 13271493Sdelphij * 2. Redistributions in binary form must reproduce the above copyright 14271493Sdelphij * notice, this list of conditions and the following disclaimer in the 15271493Sdelphij * documentation and/or other materials provided with the distribution. 16271493Sdelphij * 3. Neither the name of the project nor the names of its contributors 17271493Sdelphij * may be used to endorse or promote products derived from this software 18271493Sdelphij * without specific prior written permission. 19271493Sdelphij * 20271493Sdelphij * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21271493Sdelphij * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22271493Sdelphij * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23271493Sdelphij * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24271493Sdelphij * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25271493Sdelphij * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26271493Sdelphij * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27271493Sdelphij * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28271493Sdelphij * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29271493Sdelphij * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30271493Sdelphij * SUCH DAMAGE. 31271493Sdelphij */ 32271493Sdelphij 33271493Sdelphij#include "opt_inet.h" 34271493Sdelphij#include "opt_inet6.h" 35271493Sdelphij#include "opt_ipsec.h" 36271493Sdelphij 37271493Sdelphij#include <sys/param.h> 38271493Sdelphij#include <sys/systm.h> 39271493Sdelphij#include <sys/malloc.h> 40271493Sdelphij#include <sys/mbuf.h> 41271493Sdelphij#include <sys/socket.h> 42271493Sdelphij#include <sys/sockio.h> 43271493Sdelphij#include <sys/time.h> 44271493Sdelphij#include <sys/kernel.h> 45271493Sdelphij#include <sys/errno.h> 46271493Sdelphij#include <sys/syslog.h> 47271493Sdelphij#include <sys/queue.h> 48271493Sdelphij 49271493Sdelphij#include <net/if.h> 50271493Sdelphij#include <net/if_types.h> 51271493Sdelphij#include <net/if_dl.h> 52271493Sdelphij#include <net/route.h> 53271493Sdelphij 54271493Sdelphij#include <netinet/in.h> 55271493Sdelphij#include <netinet/in_var.h> 56271493Sdelphij#include <netinet6/in6_var.h> 57271493Sdelphij#include <netinet/ip6.h> 58271493Sdelphij#include <netinet6/ip6_var.h> 59271493Sdelphij#include <netinet6/nd6.h> 60271493Sdelphij#include <netinet/icmp6.h> 61271493Sdelphij 62271493Sdelphij#ifdef IPSEC 63271493Sdelphij#include <netinet6/ipsec.h> 64271493Sdelphij#ifdef INET6 65271493Sdelphij#include <netinet6/ipsec6.h> 66271493Sdelphij#endif 67271493Sdelphij#endif 68271493Sdelphij 69271493Sdelphij#include <net/net_osdep.h> 70271493Sdelphij 71271493Sdelphij#define SDL(s) ((struct sockaddr_dl *)s) 72271493Sdelphij 73271493Sdelphijstruct dadq; 74271493Sdelphijstatic struct dadq *nd6_dad_find __P((struct ifaddr *)); 75271493Sdelphijstatic void nd6_dad_timer __P((struct ifaddr *)); 76271493Sdelphijstatic void nd6_dad_ns_output __P((struct dadq *, struct ifaddr *)); 77271493Sdelphijstatic void nd6_dad_ns_input __P((struct ifaddr *)); 78271493Sdelphijstatic void nd6_dad_na_input __P((struct ifaddr *)); 79271493Sdelphij 80271493Sdelphijstatic int dad_ignore_ns = 0; /* ignore NS in DAD - specwise incorrect*/ 81271493Sdelphijstatic int dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */ 82271493Sdelphij 83271493Sdelphij/* 84271493Sdelphij * Input an Neighbor Solicitation Message. 85271493Sdelphij * 86271493Sdelphij * Based on RFC 2461 87271493Sdelphij * Based on RFC 2462 (duplicated address detection) 88271493Sdelphij */ 89271493Sdelphijvoid 90271493Sdelphijnd6_ns_input(m, off, icmp6len) 91271493Sdelphij struct mbuf *m; 92271493Sdelphij int off, icmp6len; 93271493Sdelphij{ 94271493Sdelphij struct ifnet *ifp = m->m_pkthdr.rcvif; 95271493Sdelphij struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 96271493Sdelphij struct nd_neighbor_solicit *nd_ns; 97271493Sdelphij struct in6_addr saddr6 = ip6->ip6_src; 98271493Sdelphij struct in6_addr daddr6 = ip6->ip6_dst; 99271493Sdelphij struct in6_addr taddr6; 100271493Sdelphij struct in6_addr myaddr6; 101271493Sdelphij char *lladdr = NULL; 102271493Sdelphij struct ifaddr *ifa; 103271493Sdelphij int lladdrlen = 0; 104271493Sdelphij int anycast = 0, proxy = 0, tentative = 0; 105271493Sdelphij int tlladdr; 106271493Sdelphij union nd_opts ndopts; 107271493Sdelphij struct sockaddr_dl *proxydl = NULL; 108271493Sdelphij 109271493Sdelphij if (ip6->ip6_hlim != 255) { 110271493Sdelphij log(LOG_ERR, 111271493Sdelphij "nd6_ns_input: invalid hlim %d\n", ip6->ip6_hlim); 112271493Sdelphij goto freeit; 113271493Sdelphij } 114271493Sdelphij 115271493Sdelphij if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 116271493Sdelphij /* dst has to be solicited node multicast address. */ 117271493Sdelphij if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL 118271493Sdelphij /*don't check ifindex portion*/ 119271493Sdelphij && daddr6.s6_addr32[1] == 0 120271493Sdelphij && daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE 121271493Sdelphij && daddr6.s6_addr8[12] == 0xff) { 122271493Sdelphij ; /*good*/ 123271493Sdelphij } else { 124271493Sdelphij log(LOG_INFO, "nd6_ns_input: bad DAD packet " 125271493Sdelphij "(wrong ip6 dst)\n"); 126271493Sdelphij goto bad; 127271493Sdelphij } 128271493Sdelphij } 129271493Sdelphij 130271493Sdelphij#ifndef PULLDOWN_TEST 131271493Sdelphij IP6_EXTHDR_CHECK(m, off, icmp6len,); 132271493Sdelphij nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off); 133271493Sdelphij#else 134271493Sdelphij IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len); 135271493Sdelphij if (nd_ns == NULL) { 136271493Sdelphij icmp6stat.icp6s_tooshort++; 137271493Sdelphij return; 138271493Sdelphij } 139271493Sdelphij#endif 140271493Sdelphij taddr6 = nd_ns->nd_ns_target; 141271493Sdelphij 142271493Sdelphij if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 143271493Sdelphij log(LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n"); 144271493Sdelphij goto bad; 145271493Sdelphij } 146271493Sdelphij 147271493Sdelphij if (IN6_IS_SCOPE_LINKLOCAL(&taddr6)) 148271493Sdelphij taddr6.s6_addr16[1] = htons(ifp->if_index); 149271493Sdelphij 150271493Sdelphij icmp6len -= sizeof(*nd_ns); 151271493Sdelphij nd6_option_init(nd_ns + 1, icmp6len, &ndopts); 152271493Sdelphij if (nd6_options(&ndopts) < 0) { 153271493Sdelphij log(LOG_INFO, "nd6_ns_input: invalid ND option, ignored\n"); 154271493Sdelphij goto bad; 155271493Sdelphij } 156271493Sdelphij 157271493Sdelphij if (ndopts.nd_opts_src_lladdr) { 158271493Sdelphij lladdr = (char *)(ndopts.nd_opts_src_lladdr +1); 159271493Sdelphij lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 160271493Sdelphij } 161271493Sdelphij 162271493Sdelphij if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) { 163271493Sdelphij log(LOG_INFO, "nd6_ns_input: bad DAD packet " 164271493Sdelphij "(link-layer address option)\n"); 165271493Sdelphij goto bad; 166271493Sdelphij } 167271493Sdelphij 168271493Sdelphij /* 169271493Sdelphij * Attaching target link-layer address to the NA? 170271493Sdelphij * (RFC 2461 7.2.4) 171271493Sdelphij * 172271493Sdelphij * NS IP dst is unicast/anycast MUST NOT add 173271493Sdelphij * NS IP dst is solicited-node multicast MUST add 174271493Sdelphij * 175271493Sdelphij * In implementation, we add target link-layer address by default. 176271493Sdelphij * We do not add one in MUST NOT cases. 177271493Sdelphij */ 178271493Sdelphij#if 0 /* too much! */ 179271493Sdelphij ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &daddr6); 180271493Sdelphij if (ifa && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST)) 181271493Sdelphij tlladdr = 0; 182271493Sdelphij else 183271493Sdelphij#endif 184271493Sdelphij if (!IN6_IS_ADDR_MULTICAST(&daddr6)) 185271493Sdelphij tlladdr = 0; 186271493Sdelphij else 187271493Sdelphij tlladdr = 1; 188271493Sdelphij 189271493Sdelphij /* 190271493Sdelphij * Target address (taddr6) must be either: 191271493Sdelphij * (1) Valid unicast/anycast address for my receiving interface, 192271493Sdelphij * (2) Unicast address for which I'm offering proxy service, or 193271493Sdelphij * (3) "tentative" address on which DAD is being performed. 194271493Sdelphij */ 195271493Sdelphij /* (1) and (3) check. */ 196271493Sdelphij ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 197271493Sdelphij 198271493Sdelphij /* (2) check. */ 199271493Sdelphij if (!ifa) { 200271493Sdelphij struct rtentry *rt; 201271493Sdelphij struct sockaddr_in6 tsin6; 202271493Sdelphij 203271493Sdelphij bzero(&tsin6, sizeof tsin6); 204271493Sdelphij tsin6.sin6_len = sizeof(struct sockaddr_in6); 205271493Sdelphij tsin6.sin6_family = AF_INET6; 206271493Sdelphij tsin6.sin6_addr = taddr6; 207271493Sdelphij 208271493Sdelphij rt = rtalloc1((struct sockaddr *)&tsin6, 0, 0); 209271493Sdelphij if (rt && (rt->rt_flags & RTF_ANNOUNCE) != 0 && 210271493Sdelphij rt->rt_gateway->sa_family == AF_LINK) { 211271493Sdelphij /* 212271493Sdelphij * proxy NDP for single entry 213271493Sdelphij */ 214271493Sdelphij ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 215271493Sdelphij IN6_IFF_NOTREADY|IN6_IFF_ANYCAST); 216271493Sdelphij if (ifa) { 217271493Sdelphij proxy = 1; 218271493Sdelphij proxydl = SDL(rt->rt_gateway); 219271493Sdelphij } 220271493Sdelphij } 221271493Sdelphij if (rt) 222271493Sdelphij rtfree(rt); 223271493Sdelphij } 224271493Sdelphij if (!ifa) { 225271493Sdelphij /* 226271493Sdelphij * We've got a NS packet, and we don't have that adddress 227271493Sdelphij * assigned for us. We MUST silently ignore it. 228271493Sdelphij * See RFC2461 7.2.3. 229271493Sdelphij */ 230271493Sdelphij goto freeit; 231271493Sdelphij } 232271493Sdelphij myaddr6 = *IFA_IN6(ifa); 233271493Sdelphij anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST; 234271493Sdelphij tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE; 235271493Sdelphij if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED) 236271493Sdelphij goto freeit; 237271493Sdelphij 238271493Sdelphij if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 239271493Sdelphij log(LOG_INFO, 240271493Sdelphij "nd6_ns_input: lladdrlen mismatch for %s " 241271493Sdelphij "(if %d, NS packet %d)\n", 242271493Sdelphij ip6_sprintf(&taddr6), ifp->if_addrlen, lladdrlen - 2); 243271493Sdelphij } 244271493Sdelphij 245271493Sdelphij if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) { 246271493Sdelphij log(LOG_INFO, 247271493Sdelphij "nd6_ns_input: duplicate IP6 address %s\n", 248271493Sdelphij ip6_sprintf(&saddr6)); 249271493Sdelphij goto freeit; 250271493Sdelphij } 251271493Sdelphij 252271493Sdelphij /* 253271493Sdelphij * We have neighbor solicitation packet, with target address equals to 254271493Sdelphij * one of my tentative address. 255271493Sdelphij * 256271493Sdelphij * src addr how to process? 257271493Sdelphij * --- --- 258271493Sdelphij * multicast of course, invalid (rejected in ip6_input) 259271493Sdelphij * unicast somebody is doing address resolution -> ignore 260271493Sdelphij * unspec dup address detection 261271493Sdelphij * 262271493Sdelphij * The processing is defined in RFC 2462. 263271493Sdelphij */ 264271493Sdelphij if (tentative) { 265271493Sdelphij /* 266271493Sdelphij * If source address is unspecified address, it is for 267271493Sdelphij * duplicated address detection. 268271493Sdelphij * 269271493Sdelphij * If not, the packet is for addess resolution; 270271493Sdelphij * silently ignore it. 271271493Sdelphij */ 272271493Sdelphij if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) 273271493Sdelphij nd6_dad_ns_input(ifa); 274271493Sdelphij 275271493Sdelphij goto freeit; 276271493Sdelphij } 277271493Sdelphij 278271493Sdelphij /* 279271493Sdelphij * If the source address is unspecified address, entries must not 280271493Sdelphij * be created or updated. 281271493Sdelphij * It looks that sender is performing DAD. Output NA toward 282271493Sdelphij * all-node multicast address, to tell the sender that I'm using 283271493Sdelphij * the address. 284271493Sdelphij * S bit ("solicited") must be zero. 285271493Sdelphij */ 286271493Sdelphij if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) { 287271493Sdelphij saddr6 = in6addr_linklocal_allnodes; 288271493Sdelphij saddr6.s6_addr16[1] = htons(ifp->if_index); 289271493Sdelphij nd6_na_output(ifp, &saddr6, &taddr6, 290271493Sdelphij ((anycast || proxy || !tlladdr) 291271493Sdelphij ? 0 : ND_NA_FLAG_OVERRIDE) 292271493Sdelphij | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0), 293271493Sdelphij tlladdr, (struct sockaddr *)proxydl); 294271493Sdelphij goto freeit; 295271493Sdelphij } 296271493Sdelphij 297271493Sdelphij nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_NEIGHBOR_SOLICIT, 0); 298271493Sdelphij 299271493Sdelphij nd6_na_output(ifp, &saddr6, &taddr6, 300271493Sdelphij ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) 301271493Sdelphij | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0) 302271493Sdelphij | ND_NA_FLAG_SOLICITED, 303271493Sdelphij tlladdr, (struct sockaddr *)proxydl); 304271493Sdelphij freeit: 305271493Sdelphij m_freem(m); 306271493Sdelphij return; 307271493Sdelphij 308271493Sdelphij bad: 309271493Sdelphij log(LOG_ERR, "nd6_ns_input: src=%s\n", ip6_sprintf(&saddr6)); 310271493Sdelphij log(LOG_ERR, "nd6_ns_input: dst=%s\n", ip6_sprintf(&daddr6)); 311271493Sdelphij log(LOG_ERR, "nd6_ns_input: tgt=%s\n", ip6_sprintf(&taddr6)); 312271493Sdelphij m_freem(m); 313271493Sdelphij} 314271493Sdelphij 315271493Sdelphij/* 316271493Sdelphij * Output an Neighbor Solicitation Message. Caller specifies: 317271493Sdelphij * - ICMP6 header source IP6 address 318271493Sdelphij * - ND6 header target IP6 address 319271493Sdelphij * - ND6 header source datalink address 320271493Sdelphij * 321271493Sdelphij * Based on RFC 2461 322271493Sdelphij * Based on RFC 2462 (duplicated address detection) 323271493Sdelphij */ 324271493Sdelphijvoid 325271493Sdelphijnd6_ns_output(ifp, daddr6, taddr6, ln, dad) 326271493Sdelphij struct ifnet *ifp; 327271493Sdelphij struct in6_addr *daddr6, *taddr6; 328271493Sdelphij struct llinfo_nd6 *ln; /* for source address determination */ 329271493Sdelphij int dad; /* duplicated address detection */ 330271493Sdelphij{ 331271493Sdelphij struct mbuf *m; 332271493Sdelphij struct ip6_hdr *ip6; 333271493Sdelphij struct nd_neighbor_solicit *nd_ns; 334271493Sdelphij struct in6_ifaddr *ia = NULL; 335271493Sdelphij struct ip6_moptions im6o; 336271493Sdelphij int icmp6len; 337271493Sdelphij int maxlen; 338271493Sdelphij caddr_t mac; 339271493Sdelphij struct ifnet *outif = NULL; 340271493Sdelphij 341271493Sdelphij if (IN6_IS_ADDR_MULTICAST(taddr6)) 342271493Sdelphij return; 343271493Sdelphij 344271493Sdelphij /* estimate the size of message */ 345271493Sdelphij maxlen = sizeof(*ip6) + sizeof(*nd_ns); 346271493Sdelphij maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 347271493Sdelphij if (max_linkhdr + maxlen >= MCLBYTES) { 348271493Sdelphij#ifdef DIAGNOSTIC 349271493Sdelphij printf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES " 350271493Sdelphij "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); 351271493Sdelphij#endif 352271493Sdelphij return; 353271493Sdelphij } 354271493Sdelphij 355271493Sdelphij MGETHDR(m, M_DONTWAIT, MT_DATA); 356271493Sdelphij if (m && max_linkhdr + maxlen >= MHLEN) { 357271493Sdelphij MCLGET(m, M_DONTWAIT); 358271493Sdelphij if ((m->m_flags & M_EXT) == 0) { 359271493Sdelphij m_free(m); 360271493Sdelphij m = NULL; 361271493Sdelphij } 362271493Sdelphij } 363271493Sdelphij if (m == NULL) 364271493Sdelphij return; 365271493Sdelphij 366271493Sdelphij if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) { 367271493Sdelphij m->m_flags |= M_MCAST; 368271493Sdelphij im6o.im6o_multicast_ifp = ifp; 369271493Sdelphij im6o.im6o_multicast_hlim = 255; 370271493Sdelphij im6o.im6o_multicast_loop = 0; 371271493Sdelphij } 372271493Sdelphij 373271493Sdelphij icmp6len = sizeof(*nd_ns); 374271493Sdelphij m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len; 375271493Sdelphij m->m_data += max_linkhdr; /*or MH_ALIGN() equivalent?*/ 376271493Sdelphij 377271493Sdelphij /* fill neighbor solicitation packet */ 378271493Sdelphij ip6 = mtod(m, struct ip6_hdr *); 379271493Sdelphij ip6->ip6_flow = 0; 380271493Sdelphij ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 381271493Sdelphij ip6->ip6_vfc |= IPV6_VERSION; 382271493Sdelphij /* ip6->ip6_plen will be set later */ 383271493Sdelphij ip6->ip6_nxt = IPPROTO_ICMPV6; 384271493Sdelphij ip6->ip6_hlim = 255; 385271493Sdelphij if (daddr6) 386271493Sdelphij ip6->ip6_dst = *daddr6; 387271493Sdelphij else { 388271493Sdelphij ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 389271493Sdelphij ip6->ip6_dst.s6_addr16[1] = htons(ifp->if_index); 390271493Sdelphij ip6->ip6_dst.s6_addr32[1] = 0; 391271493Sdelphij ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE; 392271493Sdelphij ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3]; 393271493Sdelphij ip6->ip6_dst.s6_addr8[12] = 0xff; 394271493Sdelphij } 395271493Sdelphij if (!dad) { 396271493Sdelphij#if 0 /* KAME way, exact address scope match */ 397271493Sdelphij /* 398271493Sdelphij * Select a source whose scope is the same as that of the dest. 399271493Sdelphij * Typically, the dest is link-local solicitation multicast 400271493Sdelphij * (i.e. neighbor discovery) or link-local/global unicast 401271493Sdelphij * (i.e. neighbor un-reachability detection). 402271493Sdelphij */ 403271493Sdelphij ia = in6_ifawithifp(ifp, &ip6->ip6_dst); 404271493Sdelphij if (ia == NULL) { 405271493Sdelphij m_freem(m); 406271493Sdelphij return; 407271493Sdelphij } 408271493Sdelphij ip6->ip6_src = ia->ia_addr.sin6_addr; 409271493Sdelphij#else /* spec-wise correct */ 410271493Sdelphij /* 411271493Sdelphij * RFC2461 7.2.2: 412271493Sdelphij * "If the source address of the packet prompting the 413271493Sdelphij * solicitation is the same as one of the addresses assigned 414271493Sdelphij * to the outgoing interface, that address SHOULD be placed 415271493Sdelphij * in the IP Source Address of the outgoing solicitation. 416271493Sdelphij * Otherwise, any one of the addresses assigned to the 417271493Sdelphij * interface should be used." 418271493Sdelphij * 419271493Sdelphij * We use the source address for the prompting packet 420271493Sdelphij * (saddr6), if: 421271493Sdelphij * - saddr6 is given from the caller (by giving "ln"), and 422271493Sdelphij * - saddr6 belongs to the outgoing interface. 423271493Sdelphij * Otherwise, we perform a scope-wise match. 424271493Sdelphij */ 425271493Sdelphij struct ip6_hdr *hip6; /*hold ip6*/ 426271493Sdelphij struct in6_addr *saddr6; 427271493Sdelphij 428271493Sdelphij if (ln && ln->ln_hold) { 429271493Sdelphij hip6 = mtod(ln->ln_hold, struct ip6_hdr *); 430271493Sdelphij /* XXX pullup? */ 431271493Sdelphij if (sizeof(*hip6) < ln->ln_hold->m_len) 432271493Sdelphij saddr6 = &hip6->ip6_src; 433271493Sdelphij else 434271493Sdelphij saddr6 = NULL; 435271493Sdelphij } else 436271493Sdelphij saddr6 = NULL; 437271493Sdelphij if (saddr6 && in6ifa_ifpwithaddr(ifp, saddr6)) 438271493Sdelphij bcopy(saddr6, &ip6->ip6_src, sizeof(*saddr6)); 439271493Sdelphij else { 440271493Sdelphij ia = in6_ifawithifp(ifp, &ip6->ip6_dst); 441271493Sdelphij if (ia == NULL) { 442271493Sdelphij m_freem(m); /*XXX*/ 443271493Sdelphij return; 444271493Sdelphij } 445271493Sdelphij ip6->ip6_src = ia->ia_addr.sin6_addr; 446271493Sdelphij } 447271493Sdelphij#endif 448271493Sdelphij } else { 449271493Sdelphij /* 450271493Sdelphij * Source address for DAD packet must always be IPv6 451271493Sdelphij * unspecified address. (0::0) 452271493Sdelphij */ 453271493Sdelphij bzero(&ip6->ip6_src, sizeof(ip6->ip6_src)); 454271493Sdelphij } 455271493Sdelphij nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1); 456271493Sdelphij nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; 457271493Sdelphij nd_ns->nd_ns_code = 0; 458271493Sdelphij nd_ns->nd_ns_reserved = 0; 459271493Sdelphij nd_ns->nd_ns_target = *taddr6; 460271493Sdelphij 461271493Sdelphij if (IN6_IS_SCOPE_LINKLOCAL(&nd_ns->nd_ns_target)) 462271493Sdelphij nd_ns->nd_ns_target.s6_addr16[1] = 0; 463271493Sdelphij 464271493Sdelphij /* 465271493Sdelphij * Add source link-layer address option. 466271493Sdelphij * 467271493Sdelphij * spec implementation 468271493Sdelphij * --- --- 469271493Sdelphij * DAD packet MUST NOT do not add the option 470271493Sdelphij * there's no link layer address: 471271493Sdelphij * impossible do not add the option 472271493Sdelphij * there's link layer address: 473271493Sdelphij * Multicast NS MUST add one add the option 474271493Sdelphij * Unicast NS SHOULD add one add the option 475271493Sdelphij */ 476271493Sdelphij if (!dad && (mac = nd6_ifptomac(ifp))) { 477271493Sdelphij int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 478271493Sdelphij struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1); 479271493Sdelphij /* 8 byte alignments... */ 480271493Sdelphij optlen = (optlen + 7) & ~7; 481271493Sdelphij 482271493Sdelphij m->m_pkthdr.len += optlen; 483271493Sdelphij m->m_len += optlen; 484271493Sdelphij icmp6len += optlen; 485271493Sdelphij bzero((caddr_t)nd_opt, optlen); 486271493Sdelphij nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR; 487271493Sdelphij nd_opt->nd_opt_len = optlen >> 3; 488271493Sdelphij bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen); 489271493Sdelphij } 490271493Sdelphij 491271493Sdelphij ip6->ip6_plen = htons((u_short)icmp6len); 492271493Sdelphij nd_ns->nd_ns_cksum = 0; 493271493Sdelphij nd_ns->nd_ns_cksum 494271493Sdelphij = in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len); 495271493Sdelphij 496271493Sdelphij#ifdef IPSEC 497271493Sdelphij /* Don't lookup socket */ 498271493Sdelphij ipsec_setsocket(m, NULL); 499271493Sdelphij#endif 500271493Sdelphij ip6_output(m, NULL, NULL, dad ? IPV6_DADOUTPUT : 0, &im6o, &outif); 501271493Sdelphij if (outif) { 502271493Sdelphij icmp6_ifstat_inc(outif, ifs6_out_msg); 503271493Sdelphij icmp6_ifstat_inc(outif, ifs6_out_neighborsolicit); 504271493Sdelphij } 505271493Sdelphij icmp6stat.icp6s_outhist[ND_NEIGHBOR_SOLICIT]++; 506271493Sdelphij} 507271493Sdelphij 508271493Sdelphij/* 509271493Sdelphij * Neighbor advertisement input handling. 510271493Sdelphij * 511271493Sdelphij * Based on RFC 2461 512271493Sdelphij * Based on RFC 2462 (duplicated address detection) 513271493Sdelphij * 514271493Sdelphij * the following items are not implemented yet: 515271493Sdelphij * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 516271493Sdelphij * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 517271493Sdelphij */ 518271493Sdelphijvoid 519271493Sdelphijnd6_na_input(m, off, icmp6len) 520271493Sdelphij struct mbuf *m; 521271493Sdelphij int off, icmp6len; 522271493Sdelphij{ 523271493Sdelphij struct ifnet *ifp = m->m_pkthdr.rcvif; 524271493Sdelphij struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 525271493Sdelphij struct nd_neighbor_advert *nd_na; 526271493Sdelphij#if 0 527271493Sdelphij struct in6_addr saddr6 = ip6->ip6_src; 528271493Sdelphij#endif 529271493Sdelphij struct in6_addr daddr6 = ip6->ip6_dst; 530271493Sdelphij struct in6_addr taddr6; 531271493Sdelphij int flags; 532271493Sdelphij int is_router; 533271493Sdelphij int is_solicited; 534271493Sdelphij int is_override; 535271493Sdelphij char *lladdr = NULL; 536271493Sdelphij int lladdrlen = 0; 537271493Sdelphij struct ifaddr *ifa; 538271493Sdelphij struct llinfo_nd6 *ln; 539271493Sdelphij struct rtentry *rt; 540271493Sdelphij struct sockaddr_dl *sdl; 541271493Sdelphij union nd_opts ndopts; 542271493Sdelphij 543271493Sdelphij if (ip6->ip6_hlim != 255) { 544271493Sdelphij log(LOG_ERR, 545271493Sdelphij "nd6_na_input: invalid hlim %d\n", ip6->ip6_hlim); 546271493Sdelphij goto freeit; 547271493Sdelphij } 548271493Sdelphij 549271493Sdelphij#ifndef PULLDOWN_TEST 550271493Sdelphij IP6_EXTHDR_CHECK(m, off, icmp6len,); 551271493Sdelphij nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off); 552271493Sdelphij#else 553271493Sdelphij IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len); 554271493Sdelphij if (nd_na == NULL) { 555271493Sdelphij icmp6stat.icp6s_tooshort++; 556271493Sdelphij return; 557271493Sdelphij } 558271493Sdelphij#endif 559271493Sdelphij taddr6 = nd_na->nd_na_target; 560271493Sdelphij flags = nd_na->nd_na_flags_reserved; 561271493Sdelphij is_router = ((flags & ND_NA_FLAG_ROUTER) != 0); 562271493Sdelphij is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0); 563271493Sdelphij is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0); 564271493Sdelphij 565271493Sdelphij if (IN6_IS_SCOPE_LINKLOCAL(&taddr6)) 566271493Sdelphij taddr6.s6_addr16[1] = htons(ifp->if_index); 567271493Sdelphij 568271493Sdelphij if (IN6_IS_ADDR_MULTICAST(&taddr6)) { 569271493Sdelphij log(LOG_ERR, 570271493Sdelphij "nd6_na_input: invalid target address %s\n", 571271493Sdelphij ip6_sprintf(&taddr6)); 572271493Sdelphij goto freeit; 573271493Sdelphij } 574271493Sdelphij if (IN6_IS_ADDR_MULTICAST(&daddr6)) 575271493Sdelphij if (is_solicited) { 576271493Sdelphij log(LOG_ERR, 577271493Sdelphij "nd6_na_input: a solicited adv is multicasted\n"); 578271493Sdelphij goto freeit; 579271493Sdelphij } 580271493Sdelphij 581271493Sdelphij icmp6len -= sizeof(*nd_na); 582271493Sdelphij nd6_option_init(nd_na + 1, icmp6len, &ndopts); 583271493Sdelphij if (nd6_options(&ndopts) < 0) { 584271493Sdelphij log(LOG_INFO, "nd6_na_input: invalid ND option, ignored\n"); 585271493Sdelphij goto freeit; 586271493Sdelphij } 587271493Sdelphij 588271493Sdelphij if (ndopts.nd_opts_tgt_lladdr) { 589271493Sdelphij lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1); 590271493Sdelphij lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3; 591271493Sdelphij } 592271493Sdelphij 593271493Sdelphij ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6); 594271493Sdelphij 595271493Sdelphij /* 596271493Sdelphij * Target address matches one of my interface address. 597271493Sdelphij * 598271493Sdelphij * If my address is tentative, this means that there's somebody 599271493Sdelphij * already using the same address as mine. This indicates DAD failure. 600271493Sdelphij * This is defined in RFC 2462. 601271493Sdelphij * 602271493Sdelphij * Otherwise, process as defined in RFC 2461. 603271493Sdelphij */ 604271493Sdelphij if (ifa 605271493Sdelphij && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) { 606271493Sdelphij nd6_dad_na_input(ifa); 607271493Sdelphij goto freeit; 608271493Sdelphij } 609271493Sdelphij 610271493Sdelphij /* Just for safety, maybe unnecessery. */ 611271493Sdelphij if (ifa) { 612271493Sdelphij log(LOG_ERR, 613271493Sdelphij "nd6_na_input: duplicate IP6 address %s\n", 614271493Sdelphij ip6_sprintf(&taddr6)); 615271493Sdelphij goto freeit; 616271493Sdelphij } 617271493Sdelphij 618271493Sdelphij if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 619271493Sdelphij log(LOG_INFO, 620271493Sdelphij "nd6_na_input: lladdrlen mismatch for %s " 621271493Sdelphij "(if %d, NA packet %d)\n", 622271493Sdelphij ip6_sprintf(&taddr6), ifp->if_addrlen, lladdrlen - 2); 623271493Sdelphij } 624271493Sdelphij 625271493Sdelphij /* 626271493Sdelphij * If no neighbor cache entry is found, NA SHOULD silently be discarded. 627271493Sdelphij */ 628271493Sdelphij rt = nd6_lookup(&taddr6, 0, ifp); 629271493Sdelphij if ((rt == NULL) || 630271493Sdelphij ((ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) || 631271493Sdelphij ((sdl = SDL(rt->rt_gateway)) == NULL)) 632271493Sdelphij goto freeit; 633271493Sdelphij 634271493Sdelphij if (ln->ln_state == ND6_LLINFO_INCOMPLETE) { 635271493Sdelphij /* 636271493Sdelphij * If the link-layer has address, and no lladdr option came, 637271493Sdelphij * discard the packet. 638271493Sdelphij */ 639271493Sdelphij if (ifp->if_addrlen && !lladdr) 640271493Sdelphij goto freeit; 641271493Sdelphij 642271493Sdelphij /* 643271493Sdelphij * Record link-layer address, and update the state. 644271493Sdelphij */ 645271493Sdelphij sdl->sdl_alen = ifp->if_addrlen; 646271493Sdelphij bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 647271493Sdelphij if (is_solicited) { 648271493Sdelphij ln->ln_state = ND6_LLINFO_REACHABLE; 649271493Sdelphij ln->ln_byhint = 0; 650271493Sdelphij if (ln->ln_expire) 651271493Sdelphij ln->ln_expire = time_second + 652271493Sdelphij nd_ifinfo[rt->rt_ifp->if_index].reachable; 653271493Sdelphij } else 654271493Sdelphij ln->ln_state = ND6_LLINFO_STALE; 655271493Sdelphij ln->ln_router = is_router; 656271493Sdelphij } else { 657271493Sdelphij int llchange; 658271493Sdelphij 659271493Sdelphij /* 660271493Sdelphij * Check if the link-layer address has changed or not. 661271493Sdelphij */ 662271493Sdelphij if (!lladdr) 663271493Sdelphij llchange = 0; 664271493Sdelphij else { 665271493Sdelphij if (sdl->sdl_alen) { 666271493Sdelphij if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen)) 667271493Sdelphij llchange = 1; 668271493Sdelphij else 669271493Sdelphij llchange = 0; 670271493Sdelphij } else 671271493Sdelphij llchange = 1; 672271493Sdelphij } 673271493Sdelphij 674271493Sdelphij /* 675271493Sdelphij * This is VERY complex. Look at it with care. 676271493Sdelphij * 677271493Sdelphij * override solicit lladdr llchange action 678271493Sdelphij * (L: record lladdr) 679271493Sdelphij * 680271493Sdelphij * 0 0 n -- (2c) 681271493Sdelphij * 0 0 y n (2b) L 682271493Sdelphij * 0 0 y y (1) REACHABLE->STALE 683271493Sdelphij * 0 1 n -- (2c) *->REACHABLE 684271493Sdelphij * 0 1 y n (2b) L *->REACHABLE 685271493Sdelphij * 0 1 y y (1) REACHABLE->STALE 686271493Sdelphij * 1 0 n -- (2a) 687271493Sdelphij * 1 0 y n (2a) L 688271493Sdelphij * 1 0 y y (2a) L *->STALE 689271493Sdelphij * 1 1 n -- (2a) *->REACHABLE 690271493Sdelphij * 1 1 y n (2a) L *->REACHABLE 691271493Sdelphij * 1 1 y y (2a) L *->REACHABLE 692271493Sdelphij */ 693271493Sdelphij if (!is_override && (lladdr && llchange)) { /* (1) */ 694271493Sdelphij /* 695271493Sdelphij * If state is REACHABLE, make it STALE. 696271493Sdelphij * no other updates should be done. 697271493Sdelphij */ 698271493Sdelphij if (ln->ln_state == ND6_LLINFO_REACHABLE) 699271493Sdelphij ln->ln_state = ND6_LLINFO_STALE; 700271493Sdelphij goto freeit; 701271493Sdelphij } else if (is_override /* (2a) */ 702271493Sdelphij || (!is_override && (lladdr && !llchange)) /* (2b) */ 703271493Sdelphij || !lladdr) { /* (2c) */ 704271493Sdelphij /* 705271493Sdelphij * Update link-local address, if any. 706271493Sdelphij */ 707271493Sdelphij if (lladdr) { 708271493Sdelphij sdl->sdl_alen = ifp->if_addrlen; 709271493Sdelphij bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen); 710271493Sdelphij } 711271493Sdelphij 712271493Sdelphij /* 713271493Sdelphij * If solicited, make the state REACHABLE. 714271493Sdelphij * If not solicited and the link-layer address was 715271493Sdelphij * changed, make it STALE. 716271493Sdelphij */ 717271493Sdelphij if (is_solicited) { 718271493Sdelphij ln->ln_state = ND6_LLINFO_REACHABLE; 719271493Sdelphij ln->ln_byhint = 0; 720271493Sdelphij if (ln->ln_expire) { 721271493Sdelphij ln->ln_expire = time_second + 722271493Sdelphij nd_ifinfo[ifp->if_index].reachable; 723271493Sdelphij } 724271493Sdelphij } else { 725271493Sdelphij if (lladdr && llchange) 726271493Sdelphij ln->ln_state = ND6_LLINFO_STALE; 727271493Sdelphij } 728271493Sdelphij } 729271493Sdelphij 730271493Sdelphij if (ln->ln_router && !is_router) { 731271493Sdelphij /* 732271493Sdelphij * The peer dropped the router flag. 733271493Sdelphij * Remove the sender from the Default Router List and 734271493Sdelphij * update the Destination Cache entries. 735271493Sdelphij */ 736271493Sdelphij struct nd_defrouter *dr; 737271493Sdelphij struct in6_addr *in6; 738271493Sdelphij int s; 739271493Sdelphij 740271493Sdelphij in6 = &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr; 741271493Sdelphij s = splnet(); 742271493Sdelphij dr = defrouter_lookup(in6, rt->rt_ifp); 743271493Sdelphij if (dr) 744271493Sdelphij defrtrlist_del(dr); 745271493Sdelphij else if (!ip6_forwarding && ip6_accept_rtadv) { 746271493Sdelphij /* 747271493Sdelphij * Even if the neighbor is not in the default 748271493Sdelphij * router list, the neighbor may be used 749271493Sdelphij * as a next hop for some destinations 750271493Sdelphij * (e.g. redirect case). So we must 751271493Sdelphij * call rt6_flush explicitly. 752271493Sdelphij */ 753271493Sdelphij rt6_flush(&ip6->ip6_src, rt->rt_ifp); 754271493Sdelphij } 755271493Sdelphij splx(s); 756271493Sdelphij } 757271493Sdelphij ln->ln_router = is_router; 758271493Sdelphij } 759271493Sdelphij rt->rt_flags &= ~RTF_REJECT; 760271493Sdelphij ln->ln_asked = 0; 761271493Sdelphij if (ln->ln_hold) { 762271493Sdelphij#ifdef OLDIP6OUTPUT 763271493Sdelphij (*ifp->if_output)(ifp, ln->ln_hold, rt_key(rt), rt); 764271493Sdelphij#else 765271493Sdelphij /* 766271493Sdelphij * we assume ifp is not a p2p here, so just set the 2nd 767271493Sdelphij * argument as the 1st one. 768271493Sdelphij */ 769271493Sdelphij nd6_output(ifp, ifp, ln->ln_hold, 770271493Sdelphij (struct sockaddr_in6 *)rt_key(rt), rt); 771271493Sdelphij#endif 772271493Sdelphij ln->ln_hold = 0; 773271493Sdelphij } 774271493Sdelphij 775271493Sdelphij freeit: 776271493Sdelphij m_freem(m); 777271493Sdelphij} 778271493Sdelphij 779271493Sdelphij/* 780271493Sdelphij * Neighbor advertisement output handling. 781271493Sdelphij * 782271493Sdelphij * Based on RFC 2461 783271493Sdelphij * 784271493Sdelphij * the following items are not implemented yet: 785271493Sdelphij * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD) 786271493Sdelphij * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD) 787271493Sdelphij */ 788271493Sdelphijvoid 789271493Sdelphijnd6_na_output(ifp, daddr6, taddr6, flags, tlladdr, sdl0) 790271493Sdelphij struct ifnet *ifp; 791271493Sdelphij struct in6_addr *daddr6, *taddr6; 792271493Sdelphij u_long flags; 793271493Sdelphij int tlladdr; /* 1 if include target link-layer address */ 794271493Sdelphij struct sockaddr *sdl0; /* sockaddr_dl (= proxy NA) or NULL */ 795271493Sdelphij{ 796271493Sdelphij struct mbuf *m; 797271493Sdelphij struct ip6_hdr *ip6; 798271493Sdelphij struct nd_neighbor_advert *nd_na; 799271493Sdelphij struct in6_ifaddr *ia = NULL; 800271493Sdelphij struct ip6_moptions im6o; 801271493Sdelphij int icmp6len; 802271493Sdelphij int maxlen; 803271493Sdelphij caddr_t mac; 804271493Sdelphij struct ifnet *outif = NULL; 805271493Sdelphij 806271493Sdelphij /* estimate the size of message */ 807271493Sdelphij maxlen = sizeof(*ip6) + sizeof(*nd_na); 808271493Sdelphij maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7; 809271493Sdelphij if (max_linkhdr + maxlen >= MCLBYTES) { 810271493Sdelphij#ifdef DIAGNOSTIC 811271493Sdelphij printf("nd6_na_output: max_linkhdr + maxlen >= MCLBYTES " 812271493Sdelphij "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); 813271493Sdelphij#endif 814271493Sdelphij return; 815271493Sdelphij } 816271493Sdelphij 817271493Sdelphij MGETHDR(m, M_DONTWAIT, MT_DATA); 818271493Sdelphij if (m && max_linkhdr + maxlen >= MHLEN) { 819271493Sdelphij MCLGET(m, M_DONTWAIT); 820271493Sdelphij if ((m->m_flags & M_EXT) == 0) { 821271493Sdelphij m_free(m); 822271493Sdelphij m = NULL; 823271493Sdelphij } 824271493Sdelphij } 825271493Sdelphij if (m == NULL) 826271493Sdelphij return; 827271493Sdelphij 828271493Sdelphij if (IN6_IS_ADDR_MULTICAST(daddr6)) { 829271493Sdelphij m->m_flags |= M_MCAST; 830271493Sdelphij im6o.im6o_multicast_ifp = ifp; 831271493Sdelphij im6o.im6o_multicast_hlim = 255; 832271493Sdelphij im6o.im6o_multicast_loop = 0; 833271493Sdelphij } 834271493Sdelphij 835271493Sdelphij icmp6len = sizeof(*nd_na); 836271493Sdelphij m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len; 837271493Sdelphij m->m_data += max_linkhdr; /*or MH_ALIGN() equivalent?*/ 838271493Sdelphij 839271493Sdelphij /* fill neighbor advertisement packet */ 840271493Sdelphij ip6 = mtod(m, struct ip6_hdr *); 841271493Sdelphij ip6->ip6_flow = 0; 842271493Sdelphij ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 843271493Sdelphij ip6->ip6_vfc |= IPV6_VERSION; 844271493Sdelphij ip6->ip6_nxt = IPPROTO_ICMPV6; 845271493Sdelphij ip6->ip6_hlim = 255; 846271493Sdelphij if (IN6_IS_ADDR_UNSPECIFIED(daddr6)) { 847271493Sdelphij /* reply to DAD */ 848271493Sdelphij ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL; 849271493Sdelphij ip6->ip6_dst.s6_addr16[1] = htons(ifp->if_index); 850271493Sdelphij ip6->ip6_dst.s6_addr32[1] = 0; 851271493Sdelphij ip6->ip6_dst.s6_addr32[2] = 0; 852271493Sdelphij ip6->ip6_dst.s6_addr32[3] = IPV6_ADDR_INT32_ONE; 853271493Sdelphij flags &= ~ND_NA_FLAG_SOLICITED; 854271493Sdelphij } else 855271493Sdelphij ip6->ip6_dst = *daddr6; 856271493Sdelphij 857271493Sdelphij /* 858271493Sdelphij * Select a source whose scope is the same as that of the dest. 859271493Sdelphij */ 860271493Sdelphij ia = in6_ifawithifp(ifp, &ip6->ip6_dst); 861271493Sdelphij if (ia == NULL) { 862271493Sdelphij m_freem(m); 863271493Sdelphij return; 864271493Sdelphij } 865271493Sdelphij ip6->ip6_src = ia->ia_addr.sin6_addr; 866271493Sdelphij nd_na = (struct nd_neighbor_advert *)(ip6 + 1); 867271493Sdelphij nd_na->nd_na_type = ND_NEIGHBOR_ADVERT; 868271493Sdelphij nd_na->nd_na_code = 0; 869271493Sdelphij nd_na->nd_na_target = *taddr6; 870271493Sdelphij if (IN6_IS_SCOPE_LINKLOCAL(&nd_na->nd_na_target)) 871271493Sdelphij nd_na->nd_na_target.s6_addr16[1] = 0; 872271493Sdelphij 873271493Sdelphij /* 874271493Sdelphij * "tlladdr" indicates NS's condition for adding tlladdr or not. 875271493Sdelphij * see nd6_ns_input() for details. 876271493Sdelphij * Basically, if NS packet is sent to unicast/anycast addr, 877271493Sdelphij * target lladdr option SHOULD NOT be included. 878271493Sdelphij */ 879271493Sdelphij if (tlladdr) { 880271493Sdelphij mac = NULL; 881271493Sdelphij /* 882271493Sdelphij * sdl0 != NULL indicates proxy NA. If we do proxy, use 883271493Sdelphij * lladdr in sdl0. If we are not proxying (sending NA for 884271493Sdelphij * my address) use lladdr configured for the interface. 885271493Sdelphij */ 886271493Sdelphij if (sdl0 == NULL) 887271493Sdelphij mac = nd6_ifptomac(ifp); 888271493Sdelphij else if (sdl0->sa_family == AF_LINK) { 889271493Sdelphij struct sockaddr_dl *sdl; 890271493Sdelphij sdl = (struct sockaddr_dl *)sdl0; 891271493Sdelphij if (sdl->sdl_alen == ifp->if_addrlen) 892271493Sdelphij mac = LLADDR(sdl); 893271493Sdelphij } 894271493Sdelphij } 895271493Sdelphij if (tlladdr && mac) { 896271493Sdelphij int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen; 897271493Sdelphij struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1); 898271493Sdelphij 899271493Sdelphij /* roundup to 8 bytes alignment! */ 900271493Sdelphij optlen = (optlen + 7) & ~7; 901271493Sdelphij 902271493Sdelphij m->m_pkthdr.len += optlen; 903271493Sdelphij m->m_len += optlen; 904271493Sdelphij icmp6len += optlen; 905271493Sdelphij bzero((caddr_t)nd_opt, optlen); 906271493Sdelphij nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; 907271493Sdelphij nd_opt->nd_opt_len = optlen >> 3; 908271493Sdelphij bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen); 909271493Sdelphij } else 910271493Sdelphij flags &= ~ND_NA_FLAG_OVERRIDE; 911271493Sdelphij 912271493Sdelphij ip6->ip6_plen = htons((u_short)icmp6len); 913271493Sdelphij nd_na->nd_na_flags_reserved = flags; 914271493Sdelphij nd_na->nd_na_cksum = 0; 915271493Sdelphij nd_na->nd_na_cksum = 916271493Sdelphij in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len); 917271493Sdelphij 918271493Sdelphij#ifdef IPSEC 919271493Sdelphij /* Don't lookup socket */ 920271493Sdelphij ipsec_setsocket(m, NULL); 921271493Sdelphij#endif 922271493Sdelphij ip6_output(m, NULL, NULL, 0, &im6o, &outif); 923271493Sdelphij if (outif) { 924271493Sdelphij icmp6_ifstat_inc(outif, ifs6_out_msg); 925271493Sdelphij icmp6_ifstat_inc(outif, ifs6_out_neighboradvert); 926271493Sdelphij } 927271493Sdelphij icmp6stat.icp6s_outhist[ND_NEIGHBOR_ADVERT]++; 928271493Sdelphij} 929271493Sdelphij 930271493Sdelphijcaddr_t 931271493Sdelphijnd6_ifptomac(ifp) 932271493Sdelphij struct ifnet *ifp; 933271493Sdelphij{ 934271493Sdelphij switch (ifp->if_type) { 935271493Sdelphij case IFT_ARCNET: 936271493Sdelphij case IFT_ETHER: 937271493Sdelphij case IFT_FDDI: 938271493Sdelphij return ((caddr_t)(ifp + 1)); 939271493Sdelphij break; 940271493Sdelphij default: 941271493Sdelphij return NULL; 942271493Sdelphij } 943271493Sdelphij} 944271493Sdelphij 945271493SdelphijTAILQ_HEAD(dadq_head, dadq); 946271493Sdelphijstruct dadq { 947271493Sdelphij TAILQ_ENTRY(dadq) dad_list; 948271493Sdelphij struct ifaddr *dad_ifa; 949271493Sdelphij int dad_count; /* max NS to send */ 950271493Sdelphij int dad_ns_tcount; /* # of trials to send NS */ 951271493Sdelphij int dad_ns_ocount; /* NS sent so far */ 952271493Sdelphij int dad_ns_icount; 953271493Sdelphij int dad_na_icount; 954271493Sdelphij struct callout_handle dad_timer; 955271493Sdelphij}; 956271493Sdelphij 957271493Sdelphijstatic struct dadq_head dadq; 958271493Sdelphij 959271493Sdelphijstatic struct dadq * 960271493Sdelphijnd6_dad_find(ifa) 961271493Sdelphij struct ifaddr *ifa; 962271493Sdelphij{ 963271493Sdelphij struct dadq *dp; 964271493Sdelphij 965271493Sdelphij for (dp = dadq.tqh_first; dp; dp = dp->dad_list.tqe_next) { 966271493Sdelphij if (dp->dad_ifa == ifa) 967271493Sdelphij return dp; 968271493Sdelphij } 969271493Sdelphij return NULL; 970271493Sdelphij} 971271493Sdelphij 972271493Sdelphij/* 973271493Sdelphij * Start Duplicated Address Detection (DAD) for specified interface address. 974271493Sdelphij */ 975271493Sdelphijvoid 976271493Sdelphijnd6_dad_start(ifa, tick) 977271493Sdelphij struct ifaddr *ifa; 978271493Sdelphij int *tick; /* minimum delay ticks for IFF_UP event */ 979271493Sdelphij{ 980271493Sdelphij struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 981271493Sdelphij struct dadq *dp; 982271493Sdelphij static int dad_init = 0; 983271493Sdelphij 984271493Sdelphij if (!dad_init) { 985271493Sdelphij TAILQ_INIT(&dadq); 986271493Sdelphij dad_init++; 987271493Sdelphij } 988271493Sdelphij 989271493Sdelphij /* 990271493Sdelphij * If we don't need DAD, don't do it. 991271493Sdelphij * There are several cases: 992271493Sdelphij * - DAD is disabled (ip6_dad_count == 0) 993271493Sdelphij * - the interface address is anycast 994271493Sdelphij */ 995271493Sdelphij if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) { 996271493Sdelphij log(LOG_DEBUG, 997271493Sdelphij "nd6_dad_start: called with non-tentative address " 998271493Sdelphij "%s(%s)\n", 999271493Sdelphij ip6_sprintf(&ia->ia_addr.sin6_addr), 1000271493Sdelphij ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1001271493Sdelphij return; 1002271493Sdelphij } 1003271493Sdelphij if (ia->ia6_flags & IN6_IFF_ANYCAST) { 1004271493Sdelphij ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1005271493Sdelphij return; 1006271493Sdelphij } 1007271493Sdelphij if (!ip6_dad_count) { 1008271493Sdelphij ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1009271493Sdelphij return; 1010271493Sdelphij } 1011271493Sdelphij if (!ifa->ifa_ifp) 1012271493Sdelphij panic("nd6_dad_start: ifa->ifa_ifp == NULL"); 1013271493Sdelphij if (!(ifa->ifa_ifp->if_flags & IFF_UP)) 1014271493Sdelphij return; 1015271493Sdelphij if (nd6_dad_find(ifa) != NULL) { 1016271493Sdelphij /* DAD already in progress */ 1017271493Sdelphij return; 1018271493Sdelphij } 1019271493Sdelphij 1020271493Sdelphij dp = malloc(sizeof(*dp), M_IP6NDP, M_NOWAIT); 1021271493Sdelphij if (dp == NULL) { 1022271493Sdelphij log(LOG_ERR, "nd6_dad_start: memory allocation failed for " 1023271493Sdelphij "%s(%s)\n", 1024271493Sdelphij ip6_sprintf(&ia->ia_addr.sin6_addr), 1025271493Sdelphij ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1026271493Sdelphij return; 1027271493Sdelphij } 1028271493Sdelphij bzero(dp, sizeof(*dp)); 1029271493Sdelphij TAILQ_INSERT_TAIL(&dadq, (struct dadq *)dp, dad_list); 1030271493Sdelphij 1031271493Sdelphij#ifdef ND6_DEBUG 1032271493Sdelphij log(LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp), 1033271493Sdelphij ip6_sprintf(&ia->ia_addr.sin6_addr)); 1034271493Sdelphij#endif 1035271493Sdelphij 1036271493Sdelphij /* 1037271493Sdelphij * Send NS packet for DAD, ip6_dad_count times. 1038271493Sdelphij * Note that we must delay the first transmission, if this is the 1039271493Sdelphij * first packet to be sent from the interface after interface 1040271493Sdelphij * (re)initialization. 1041271493Sdelphij */ 1042271493Sdelphij dp->dad_ifa = ifa; 1043271493Sdelphij ifa->ifa_refcnt++; /*just for safety*/ 1044271493Sdelphij dp->dad_count = ip6_dad_count; 1045271493Sdelphij dp->dad_ns_icount = dp->dad_na_icount = 0; 1046271493Sdelphij dp->dad_ns_ocount = dp->dad_ns_tcount = 0; 1047271493Sdelphij if (!tick) { 1048271493Sdelphij nd6_dad_ns_output(dp, ifa); 1049271493Sdelphij dp->dad_timer = 1050271493Sdelphij timeout((void (*) __P((void *)))nd6_dad_timer, (void *)ifa, 1051271493Sdelphij nd_ifinfo[ifa->ifa_ifp->if_index].retrans * hz / 1000); 1052271493Sdelphij } else { 1053271493Sdelphij int ntick; 1054271493Sdelphij 1055271493Sdelphij if (*tick == 0) 1056271493Sdelphij ntick = random() % (MAX_RTR_SOLICITATION_DELAY * hz); 1057271493Sdelphij else 1058271493Sdelphij ntick = *tick + random() % (hz / 2); 1059271493Sdelphij *tick = ntick; 1060271493Sdelphij dp->dad_timer = 1061271493Sdelphij timeout((void (*) __P((void *)))nd6_dad_timer, (void *)ifa, 1062271493Sdelphij ntick); 1063271493Sdelphij } 1064271493Sdelphij} 1065271493Sdelphij 1066271493Sdelphijstatic void 1067271493Sdelphijnd6_dad_timer(ifa) 1068271493Sdelphij struct ifaddr *ifa; 1069271493Sdelphij{ 1070271493Sdelphij int s; 1071271493Sdelphij struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1072271493Sdelphij struct dadq *dp; 1073271493Sdelphij 1074271493Sdelphij s = splnet(); /*XXX*/ 1075271493Sdelphij 1076271493Sdelphij /* Sanity check */ 1077271493Sdelphij if (ia == NULL) { 1078271493Sdelphij log(LOG_ERR, "nd6_dad_timer: called with null parameter\n"); 1079271493Sdelphij goto done; 1080271493Sdelphij } 1081271493Sdelphij dp = nd6_dad_find(ifa); 1082271493Sdelphij if (dp == NULL) { 1083271493Sdelphij log(LOG_ERR, "nd6_dad_timer: DAD structure not found\n"); 1084271493Sdelphij goto done; 1085271493Sdelphij } 1086271493Sdelphij if (ia->ia6_flags & IN6_IFF_DUPLICATED) { 1087271493Sdelphij log(LOG_ERR, "nd6_dad_timer: called with duplicated address " 1088271493Sdelphij "%s(%s)\n", 1089271493Sdelphij ip6_sprintf(&ia->ia_addr.sin6_addr), 1090271493Sdelphij ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1091271493Sdelphij goto done; 1092271493Sdelphij } 1093271493Sdelphij if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) { 1094271493Sdelphij log(LOG_ERR, "nd6_dad_timer: called with non-tentative address " 1095271493Sdelphij "%s(%s)\n", 1096271493Sdelphij ip6_sprintf(&ia->ia_addr.sin6_addr), 1097271493Sdelphij ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???"); 1098271493Sdelphij goto done; 1099271493Sdelphij } 1100271493Sdelphij 1101271493Sdelphij /* timeouted with IFF_{RUNNING,UP} check */ 1102271493Sdelphij if (dp->dad_ns_tcount > dad_maxtry) { 1103271493Sdelphij log(LOG_ERR, "%s: could not run DAD, driver problem?\n", 1104271493Sdelphij if_name(ifa->ifa_ifp)); 1105271493Sdelphij 1106271493Sdelphij TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list); 1107271493Sdelphij free(dp, M_IP6NDP); 1108271493Sdelphij dp = NULL; 1109271493Sdelphij IFAFREE(ifa); 1110271493Sdelphij goto done; 1111271493Sdelphij } 1112271493Sdelphij 1113271493Sdelphij /* Need more checks? */ 1114271493Sdelphij if (dp->dad_ns_ocount < dp->dad_count) { 1115271493Sdelphij /* 1116271493Sdelphij * We have more NS to go. Send NS packet for DAD. 1117271493Sdelphij */ 1118271493Sdelphij nd6_dad_ns_output(dp, ifa); 1119271493Sdelphij dp->dad_timer = 1120271493Sdelphij timeout((void (*) __P((void *)))nd6_dad_timer, (void *)ifa, 1121271493Sdelphij nd_ifinfo[ifa->ifa_ifp->if_index].retrans * hz / 1000); 1122271493Sdelphij } else { 1123271493Sdelphij /* 1124271493Sdelphij * We have transmitted sufficient number of DAD packets. 1125271493Sdelphij * See what we've got. 1126271493Sdelphij */ 1127271493Sdelphij int duplicate; 1128271493Sdelphij 1129271493Sdelphij duplicate = 0; 1130271493Sdelphij 1131271493Sdelphij if (dp->dad_na_icount) { 1132271493Sdelphij /* 1133271493Sdelphij * the check is in nd6_dad_na_input(), 1134271493Sdelphij * but just in case 1135271493Sdelphij */ 1136271493Sdelphij duplicate++; 1137271493Sdelphij } 1138271493Sdelphij 1139271493Sdelphij if (dp->dad_ns_icount) { 1140271493Sdelphij#if 0 /*heuristics*/ 1141271493Sdelphij /* 1142271493Sdelphij * if 1143271493Sdelphij * - we have sent many(?) DAD NS, and 1144271493Sdelphij * - the number of NS we sent equals to the 1145271493Sdelphij * number of NS we've got, and 1146271493Sdelphij * - we've got no NA 1147271493Sdelphij * we may have a faulty network card/driver which 1148271493Sdelphij * loops back multicasts to myself. 1149271493Sdelphij */ 1150271493Sdelphij if (3 < dp->dad_count 1151271493Sdelphij && dp->dad_ns_icount == dp->dad_count 1152271493Sdelphij && dp->dad_na_icount == 0) { 1153271493Sdelphij log(LOG_INFO, "DAD questionable for %s(%s): " 1154271493Sdelphij "network card loops back multicast?\n", 1155271493Sdelphij ip6_sprintf(&ia->ia_addr.sin6_addr), 1156271493Sdelphij if_name(ifa->ifa_ifp)); 1157271493Sdelphij /* XXX consider it a duplicate or not? */ 1158271493Sdelphij /* duplicate++; */ 1159271493Sdelphij } else { 1160271493Sdelphij /* We've seen NS, means DAD has failed. */ 1161271493Sdelphij duplicate++; 1162271493Sdelphij } 1163271493Sdelphij#else 1164271493Sdelphij /* We've seen NS, means DAD has failed. */ 1165271493Sdelphij duplicate++; 1166271493Sdelphij#endif 1167271493Sdelphij } 1168271493Sdelphij 1169271493Sdelphij if (duplicate) { 1170271493Sdelphij /* (*dp) will be freed in nd6_dad_duplicated() */ 1171271493Sdelphij dp = NULL; 1172271493Sdelphij nd6_dad_duplicated(ifa); 1173271493Sdelphij } else { 1174271493Sdelphij /* 1175271493Sdelphij * We are done with DAD. No NA came, no NS came. 1176271493Sdelphij * duplicated address found. 1177271493Sdelphij */ 1178271493Sdelphij ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1179271493Sdelphij 1180271493Sdelphij#ifdef ND6_DEBUG 1181271493Sdelphij log(LOG_INFO, 1182271493Sdelphij "%s: DAD complete for %s - no duplicates found\n", 1183271493Sdelphij if_name(ifa->ifa_ifp), 1184271493Sdelphij ip6_sprintf(&ia->ia_addr.sin6_addr)); 1185271493Sdelphij#endif 1186271493Sdelphij 1187271493Sdelphij TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list); 1188271493Sdelphij free(dp, M_IP6NDP); 1189271493Sdelphij dp = NULL; 1190271493Sdelphij IFAFREE(ifa); 1191271493Sdelphij } 1192271493Sdelphij } 1193271493Sdelphij 1194271493Sdelphijdone: 1195271493Sdelphij splx(s); 1196271493Sdelphij} 1197271493Sdelphij 1198271493Sdelphijvoid 1199271493Sdelphijnd6_dad_duplicated(ifa) 1200271493Sdelphij struct ifaddr *ifa; 1201271493Sdelphij{ 1202271493Sdelphij struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1203271493Sdelphij struct dadq *dp; 1204271493Sdelphij 1205271493Sdelphij dp = nd6_dad_find(ifa); 1206271493Sdelphij if (dp == NULL) { 1207271493Sdelphij log(LOG_ERR, "nd6_dad_duplicated: DAD structure not found\n"); 1208271493Sdelphij return; 1209271493Sdelphij } 1210271493Sdelphij 1211271493Sdelphij log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: %d NS, " 1212271493Sdelphij "%d NA\n", if_name(ifa->ifa_ifp), 1213271493Sdelphij ip6_sprintf(&ia->ia_addr.sin6_addr), 1214271493Sdelphij dp->dad_ns_icount, dp->dad_na_icount); 1215271493Sdelphij 1216271493Sdelphij ia->ia6_flags &= ~IN6_IFF_TENTATIVE; 1217271493Sdelphij ia->ia6_flags |= IN6_IFF_DUPLICATED; 1218271493Sdelphij 1219271493Sdelphij /* We are done with DAD, with duplicated address found. (failure) */ 1220271493Sdelphij untimeout((void (*) __P((void *)))nd6_dad_timer, (void *)ifa 1221271493Sdelphij , dp->dad_timer 1222271493Sdelphij ); 1223271493Sdelphij 1224271493Sdelphij log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n", 1225271493Sdelphij if_name(ifa->ifa_ifp), ip6_sprintf(&ia->ia_addr.sin6_addr)); 1226271493Sdelphij log(LOG_ERR, "%s: manual intervention required\n", 1227271493Sdelphij if_name(ifa->ifa_ifp)); 1228271493Sdelphij 1229271493Sdelphij TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list); 1230271493Sdelphij free(dp, M_IP6NDP); 1231271493Sdelphij dp = NULL; 1232271493Sdelphij IFAFREE(ifa); 1233271493Sdelphij} 1234271493Sdelphij 1235271493Sdelphijstatic void 1236271493Sdelphijnd6_dad_ns_output(dp, ifa) 1237271493Sdelphij struct dadq *dp; 1238271493Sdelphij struct ifaddr *ifa; 1239271493Sdelphij{ 1240271493Sdelphij struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa; 1241271493Sdelphij struct ifnet *ifp = ifa->ifa_ifp; 1242271493Sdelphij 1243271493Sdelphij dp->dad_ns_tcount++; 1244271493Sdelphij if ((ifp->if_flags & IFF_UP) == 0) { 1245271493Sdelphij#if 0 1246271493Sdelphij printf("%s: interface down?\n", if_name(ifp)); 1247271493Sdelphij#endif 1248271493Sdelphij return; 1249271493Sdelphij } 1250271493Sdelphij if ((ifp->if_flags & IFF_RUNNING) == 0) { 1251271493Sdelphij#if 0 1252271493Sdelphij printf("%s: interface not running?\n", if_name(ifp)); 1253271493Sdelphij#endif 1254271493Sdelphij return; 1255271493Sdelphij } 1256271493Sdelphij 1257271493Sdelphij dp->dad_ns_ocount++; 1258271493Sdelphij nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL, 1); 1259271493Sdelphij} 1260271493Sdelphij 1261271493Sdelphijstatic void 1262271493Sdelphijnd6_dad_ns_input(ifa) 1263271493Sdelphij struct ifaddr *ifa; 1264271493Sdelphij{ 1265271493Sdelphij struct in6_ifaddr *ia; 1266271493Sdelphij struct ifnet *ifp; 1267271493Sdelphij struct in6_addr *taddr6; 1268271493Sdelphij struct dadq *dp; 1269271493Sdelphij int duplicate; 1270271493Sdelphij 1271271493Sdelphij if (!ifa) 1272271493Sdelphij panic("ifa == NULL in nd6_dad_ns_input"); 1273271493Sdelphij 1274271493Sdelphij ia = (struct in6_ifaddr *)ifa; 1275271493Sdelphij ifp = ifa->ifa_ifp; 1276271493Sdelphij taddr6 = &ia->ia_addr.sin6_addr; 1277271493Sdelphij duplicate = 0; 1278271493Sdelphij dp = nd6_dad_find(ifa); 1279271493Sdelphij 1280271493Sdelphij /* 1281271493Sdelphij * If it is from myself, ignore this. 1282271493Sdelphij */ 1283271493Sdelphij if (ifp && (ifp->if_flags & IFF_LOOPBACK)) 1284271493Sdelphij return; 1285271493Sdelphij 1286271493Sdelphij /* Quickhack - completely ignore DAD NS packets */ 1287271493Sdelphij if (dad_ignore_ns) { 1288271493Sdelphij log(LOG_INFO, "nd6_dad_ns_input: ignoring DAD NS packet for " 1289271493Sdelphij "address %s(%s)\n", ip6_sprintf(taddr6), 1290271493Sdelphij if_name(ifa->ifa_ifp)); 1291271493Sdelphij return; 1292271493Sdelphij } 1293271493Sdelphij 1294271493Sdelphij /* 1295271493Sdelphij * if I'm yet to start DAD, someone else started using this address 1296271493Sdelphij * first. I have a duplicate and you win. 1297271493Sdelphij */ 1298271493Sdelphij if (!dp || dp->dad_ns_ocount == 0) 1299271493Sdelphij duplicate++; 1300271493Sdelphij 1301271493Sdelphij /* XXX more checks for loopback situation - see nd6_dad_timer too */ 1302271493Sdelphij 1303271493Sdelphij if (duplicate) { 1304271493Sdelphij dp = NULL; /* will be freed in nd6_dad_duplicated() */ 1305271493Sdelphij nd6_dad_duplicated(ifa); 1306271493Sdelphij } else { 1307271493Sdelphij /* 1308271493Sdelphij * not sure if I got a duplicate. 1309271493Sdelphij * increment ns count and see what happens. 1310271493Sdelphij */ 1311271493Sdelphij if (dp) 1312271493Sdelphij dp->dad_ns_icount++; 1313271493Sdelphij } 1314271493Sdelphij} 1315271493Sdelphij 1316271493Sdelphijstatic void 1317271493Sdelphijnd6_dad_na_input(ifa) 1318271493Sdelphij struct ifaddr *ifa; 1319271493Sdelphij{ 1320271493Sdelphij struct dadq *dp; 1321271493Sdelphij 1322271493Sdelphij if (!ifa) 1323271493Sdelphij panic("ifa == NULL in nd6_dad_na_input"); 1324271493Sdelphij 1325271493Sdelphij dp = nd6_dad_find(ifa); 1326271493Sdelphij if (dp) 1327271493Sdelphij dp->dad_na_icount++; 1328271493Sdelphij 1329271493Sdelphij /* remove the address. */ 1330271493Sdelphij nd6_dad_duplicated(ifa); 1331271493Sdelphij} 1332271493Sdelphij