First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
2011-11-20 02:51:18 +04:00
|
|
|
/* $NetBSD: mld6.c,v 1.55 2011/11/19 22:51:29 tls Exp $ */
|
2001-02-10 07:14:26 +03:00
|
|
|
/* $KAME: mld6.c,v 1.25 2001/01/16 14:14:18 itojun Exp $ */
|
1999-07-04 01:24:45 +04:00
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
|
|
|
* Copyright (C) 1998 WIDE Project.
|
|
|
|
* All rights reserved.
|
2001-02-10 07:14:26 +03:00
|
|
|
*
|
1999-06-28 10:36:47 +04:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
2001-02-10 07:14:26 +03:00
|
|
|
*
|
1999-06-28 10:36:47 +04:00
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright (c) 1992, 1993
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
*
|
|
|
|
* This code is derived from software contributed to Berkeley by
|
|
|
|
* Stephen Deering of Stanford University.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2003-08-07 20:26:28 +04:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
|
|
|
* @(#)igmp.c 8.1 (Berkeley) 7/19/93
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright (c) 1988 Stephen Deering.
|
|
|
|
*
|
|
|
|
* This code is derived from software contributed to Berkeley by
|
|
|
|
* Stephen Deering of Stanford University.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
1999-06-28 10:36:47 +04:00
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
* This product includes software developed by the University of
|
|
|
|
* California, Berkeley and its contributors.
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
|
|
|
* @(#)igmp.c 8.1 (Berkeley) 7/19/93
|
|
|
|
*/
|
|
|
|
|
2001-11-13 03:56:55 +03:00
|
|
|
#include <sys/cdefs.h>
|
First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
2011-11-20 02:51:18 +04:00
|
|
|
__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.55 2011/11/19 22:51:29 tls Exp $");
|
2001-11-13 03:56:55 +03:00
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
#include "opt_inet.h"
|
|
|
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/systm.h>
|
|
|
|
#include <sys/mbuf.h>
|
|
|
|
#include <sys/socket.h>
|
2008-04-24 15:38:36 +04:00
|
|
|
#include <sys/socketvar.h>
|
1999-06-28 10:36:47 +04:00
|
|
|
#include <sys/protosw.h>
|
|
|
|
#include <sys/syslog.h>
|
2006-03-06 02:47:08 +03:00
|
|
|
#include <sys/sysctl.h>
|
|
|
|
#include <sys/kernel.h>
|
|
|
|
#include <sys/callout.h>
|
First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
2011-11-20 02:51:18 +04:00
|
|
|
#include <sys/cprng.h>
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
#include <net/if.h>
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <netinet/in_var.h>
|
2006-03-06 02:47:08 +03:00
|
|
|
#include <netinet6/in6_var.h>
|
2000-02-06 15:49:37 +03:00
|
|
|
#include <netinet/ip6.h>
|
1999-06-28 10:36:47 +04:00
|
|
|
#include <netinet6/ip6_var.h>
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
#include <netinet6/scope6_var.h>
|
2000-02-06 15:49:37 +03:00
|
|
|
#include <netinet/icmp6.h>
|
2008-04-15 07:57:04 +04:00
|
|
|
#include <netinet6/icmp6_private.h>
|
1999-06-28 10:36:47 +04:00
|
|
|
#include <netinet6/mld6_var.h>
|
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
#include <net/net_osdep.h>
|
|
|
|
|
2006-03-06 02:47:08 +03:00
|
|
|
|
|
|
|
/*
|
|
|
|
* This structure is used to keep track of in6_multi chains which belong to
|
|
|
|
* deleted interface addresses.
|
|
|
|
*/
|
|
|
|
static LIST_HEAD(, multi6_kludge) in6_mk; /* XXX BSS initialization */
|
|
|
|
|
|
|
|
struct multi6_kludge {
|
|
|
|
LIST_ENTRY(multi6_kludge) mk_entry;
|
|
|
|
struct ifnet *mk_ifp;
|
|
|
|
struct in6_multihead mk_head;
|
|
|
|
};
|
|
|
|
|
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
|
|
|
* Protocol constants
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* time between repetitions of a node's initial report of interest in a
|
|
|
|
* multicast address(in seconds)
|
|
|
|
*/
|
2003-06-06 12:13:43 +04:00
|
|
|
#define MLD_UNSOLICITED_REPORT_INTERVAL 10
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
static struct ip6_pktopts ip6_opts;
|
|
|
|
|
2006-03-06 02:47:08 +03:00
|
|
|
static void mld_start_listening(struct in6_multi *);
|
|
|
|
static void mld_stop_listening(struct in6_multi *);
|
|
|
|
|
|
|
|
static struct mld_hdr * mld_allocbuf(struct mbuf **, int, struct in6_multi *,
|
|
|
|
int);
|
|
|
|
static void mld_sendpkt(struct in6_multi *, int, const struct in6_addr *);
|
|
|
|
static void mld_starttimer(struct in6_multi *);
|
|
|
|
static void mld_stoptimer(struct in6_multi *);
|
|
|
|
static u_long mld_timerresid(struct in6_multi *);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
void
|
2008-02-27 22:40:56 +03:00
|
|
|
mld_init(void)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
|
|
|
static u_int8_t hbh_buf[8];
|
|
|
|
struct ip6_hbh *hbh = (struct ip6_hbh *)hbh_buf;
|
|
|
|
u_int16_t rtalert_code = htons((u_int16_t)IP6OPT_RTALERT_MLD);
|
|
|
|
|
|
|
|
/* ip6h_nxt will be fill in later */
|
2000-02-26 11:39:18 +03:00
|
|
|
hbh->ip6h_len = 0; /* (8 >> 3) - 1 */
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
/* XXX: grotty hard coding... */
|
|
|
|
hbh_buf[2] = IP6OPT_PADN; /* 2 byte padding */
|
|
|
|
hbh_buf[3] = 0;
|
|
|
|
hbh_buf[4] = IP6OPT_RTALERT;
|
|
|
|
hbh_buf[5] = IP6OPT_RTALERT_LEN - 2;
|
2009-04-18 18:58:02 +04:00
|
|
|
memcpy(&hbh_buf[6], (void *)&rtalert_code, sizeof(u_int16_t));
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
ip6_opts.ip6po_hbh = hbh;
|
|
|
|
/* We will specify the hoplimit by a multicast option. */
|
|
|
|
ip6_opts.ip6po_hlim = -1;
|
|
|
|
}
|
|
|
|
|
2006-03-06 02:47:08 +03:00
|
|
|
static void
|
2007-05-23 21:14:59 +04:00
|
|
|
mld_starttimer(struct in6_multi *in6m)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
|
|
|
struct timeval now;
|
|
|
|
|
|
|
|
microtime(&now);
|
|
|
|
in6m->in6m_timer_expire.tv_sec = now.tv_sec + in6m->in6m_timer / hz;
|
|
|
|
in6m->in6m_timer_expire.tv_usec = now.tv_usec +
|
|
|
|
(in6m->in6m_timer % hz) * (1000000 / hz);
|
|
|
|
if (in6m->in6m_timer_expire.tv_usec > 1000000) {
|
|
|
|
in6m->in6m_timer_expire.tv_sec++;
|
|
|
|
in6m->in6m_timer_expire.tv_usec -= 1000000;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* start or restart the timer */
|
2007-10-17 00:31:33 +04:00
|
|
|
callout_schedule(&in6m->in6m_timer_ch, in6m->in6m_timer);
|
2006-03-06 02:47:08 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2007-05-23 21:14:59 +04:00
|
|
|
mld_stoptimer(struct in6_multi *in6m)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
|
|
|
if (in6m->in6m_timer == IN6M_TIMER_UNDEF)
|
|
|
|
return;
|
|
|
|
|
2007-10-17 00:31:33 +04:00
|
|
|
callout_stop(&in6m->in6m_timer_ch);
|
2006-03-06 02:47:08 +03:00
|
|
|
|
|
|
|
in6m->in6m_timer = IN6M_TIMER_UNDEF;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2007-10-17 00:31:33 +04:00
|
|
|
mld_timeo(void *arg)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
2007-10-17 00:31:33 +04:00
|
|
|
struct in6_multi *in6m = arg;
|
2008-04-24 15:38:36 +04:00
|
|
|
|
|
|
|
mutex_enter(softnet_lock);
|
|
|
|
KERNEL_LOCK(1, NULL);
|
2006-03-06 02:47:08 +03:00
|
|
|
|
|
|
|
in6m->in6m_timer = IN6M_TIMER_UNDEF;
|
|
|
|
|
|
|
|
switch (in6m->in6m_state) {
|
|
|
|
case MLD_REPORTPENDING:
|
|
|
|
mld_start_listening(in6m);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
mld_sendpkt(in6m, MLD_LISTENER_REPORT, NULL);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2008-04-24 15:38:36 +04:00
|
|
|
KERNEL_UNLOCK_ONE(NULL);
|
|
|
|
mutex_exit(softnet_lock);
|
2006-03-06 02:47:08 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static u_long
|
2007-05-23 21:14:59 +04:00
|
|
|
mld_timerresid(struct in6_multi *in6m)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
|
|
|
struct timeval now, diff;
|
|
|
|
|
|
|
|
microtime(&now);
|
|
|
|
|
|
|
|
if (now.tv_sec > in6m->in6m_timer_expire.tv_sec ||
|
|
|
|
(now.tv_sec == in6m->in6m_timer_expire.tv_sec &&
|
|
|
|
now.tv_usec > in6m->in6m_timer_expire.tv_usec)) {
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
diff = in6m->in6m_timer_expire;
|
|
|
|
diff.tv_sec -= now.tv_sec;
|
|
|
|
diff.tv_usec -= now.tv_usec;
|
|
|
|
if (diff.tv_usec < 0) {
|
|
|
|
diff.tv_sec--;
|
|
|
|
diff.tv_usec += 1000000;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* return the remaining time in milliseconds */
|
2008-08-22 21:11:39 +04:00
|
|
|
return diff.tv_sec * 1000 + diff.tv_usec / 1000;
|
2006-03-06 02:47:08 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2007-05-23 21:14:59 +04:00
|
|
|
mld_start_listening(struct in6_multi *in6m)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
struct in6_addr all_in6;
|
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
2000-02-26 11:39:18 +03:00
|
|
|
* RFC2710 page 10:
|
1999-06-28 10:36:47 +04:00
|
|
|
* The node never sends a Report or Done for the link-scope all-nodes
|
|
|
|
* address.
|
|
|
|
* MLD messages are never sent for multicast addresses whose scope is 0
|
|
|
|
* (reserved) or 1 (node-local).
|
|
|
|
*/
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
all_in6 = in6addr_linklocal_allnodes;
|
|
|
|
if (in6_setscope(&all_in6, in6m->in6m_ifp, NULL)) {
|
|
|
|
/* XXX: this should not happen! */
|
|
|
|
in6m->in6m_timer = 0;
|
|
|
|
in6m->in6m_state = MLD_OTHERLISTENER;
|
|
|
|
}
|
|
|
|
if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_in6) ||
|
1999-06-28 10:36:47 +04:00
|
|
|
IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) < IPV6_ADDR_SCOPE_LINKLOCAL) {
|
2006-03-06 02:47:08 +03:00
|
|
|
in6m->in6m_timer = IN6M_TIMER_UNDEF;
|
2003-06-06 12:13:43 +04:00
|
|
|
in6m->in6m_state = MLD_OTHERLISTENER;
|
1999-06-28 10:36:47 +04:00
|
|
|
} else {
|
2006-03-06 02:47:08 +03:00
|
|
|
mld_sendpkt(in6m, MLD_LISTENER_REPORT, NULL);
|
First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
2011-11-20 02:51:18 +04:00
|
|
|
in6m->in6m_timer = cprng_fast32() %
|
2006-03-06 02:47:08 +03:00
|
|
|
(MLD_UNSOLICITED_REPORT_INTERVAL * hz);
|
2003-06-06 12:13:43 +04:00
|
|
|
in6m->in6m_state = MLD_IREPORTEDLAST;
|
2006-03-06 02:47:08 +03:00
|
|
|
|
|
|
|
mld_starttimer(in6m);
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-03-06 02:47:08 +03:00
|
|
|
static void
|
2007-05-23 21:14:59 +04:00
|
|
|
mld_stop_listening(struct in6_multi *in6m)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
struct in6_addr allnode, allrouter;
|
|
|
|
|
|
|
|
allnode = in6addr_linklocal_allnodes;
|
|
|
|
if (in6_setscope(&allnode, in6m->in6m_ifp, NULL)) {
|
|
|
|
/* XXX: this should not happen! */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
allrouter = in6addr_linklocal_allrouters;
|
|
|
|
if (in6_setscope(&allrouter, in6m->in6m_ifp, NULL)) {
|
|
|
|
/* XXX impossible */
|
|
|
|
return;
|
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2003-06-06 12:13:43 +04:00
|
|
|
if (in6m->in6m_state == MLD_IREPORTEDLAST &&
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
(!IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &allnode)) &&
|
|
|
|
IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) >
|
|
|
|
IPV6_ADDR_SCOPE_INTFACELOCAL) {
|
2006-03-06 02:47:08 +03:00
|
|
|
mld_sendpkt(in6m, MLD_LISTENER_DONE, &allrouter);
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2007-05-23 21:14:59 +04:00
|
|
|
mld_input(struct mbuf *m, int off)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
2011-04-21 10:58:31 +04:00
|
|
|
struct ip6_hdr *ip6;
|
2003-06-06 12:13:43 +04:00
|
|
|
struct mld_hdr *mldh;
|
1999-06-28 10:36:47 +04:00
|
|
|
struct ifnet *ifp = m->m_pkthdr.rcvif;
|
2006-03-06 02:47:08 +03:00
|
|
|
struct in6_multi *in6m = NULL;
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
struct in6_addr mld_addr, all_in6;
|
1999-06-28 10:36:47 +04:00
|
|
|
struct in6_ifaddr *ia;
|
2008-08-22 21:11:39 +04:00
|
|
|
u_long timer = 0; /* timer value in the MLD query header */
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2003-06-06 12:13:43 +04:00
|
|
|
IP6_EXTHDR_GET(mldh, struct mld_hdr *, m, off, sizeof(*mldh));
|
2001-02-10 07:14:26 +03:00
|
|
|
if (mldh == NULL) {
|
2008-04-15 07:57:04 +04:00
|
|
|
ICMP6_STATINC(ICMP6_STAT_TOOSHORT);
|
2001-02-10 07:14:26 +03:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
/* source address validation */
|
2001-02-10 07:14:26 +03:00
|
|
|
ip6 = mtod(m, struct ip6_hdr *);/* in case mpullup */
|
1999-06-28 10:36:47 +04:00
|
|
|
if (!IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_src)) {
|
2006-03-06 02:47:08 +03:00
|
|
|
/*
|
|
|
|
* RFC3590 allows the IPv6 unspecified address as the source
|
|
|
|
* address of MLD report and done messages. However, as this
|
|
|
|
* same document says, this special rule is for snooping
|
|
|
|
* switches and the RFC requires routers to discard MLD packets
|
|
|
|
* with the unspecified source address. The RFC only talks
|
|
|
|
* about hosts receiving an MLD query or report in Security
|
|
|
|
* Considerations, but this is probably the correct intention.
|
|
|
|
* RFC3590 does not talk about other cases than link-local and
|
|
|
|
* the unspecified source addresses, but we believe the same
|
|
|
|
* rule should be applied.
|
|
|
|
* As a result, we only allow link-local addresses as the
|
|
|
|
* source address; otherwise, simply discard the packet.
|
|
|
|
*/
|
2002-01-08 07:37:32 +03:00
|
|
|
#if 0
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
2006-03-06 02:47:08 +03:00
|
|
|
* XXX: do not log in an input path to avoid log flooding,
|
|
|
|
* though RFC3590 says "SHOULD log" if the source of a query
|
|
|
|
* is the unspecified address.
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
2006-03-06 02:47:08 +03:00
|
|
|
log(LOG_INFO,
|
|
|
|
"mld_input: src %s is not link-local (grp=%s)\n",
|
|
|
|
ip6_sprintf(&ip6->ip6_src), ip6_sprintf(&mldh->mld_addr));
|
|
|
|
#endif
|
2000-02-26 11:39:18 +03:00
|
|
|
m_freem(m);
|
1999-06-28 10:36:47 +04:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
/*
|
|
|
|
* make a copy for local work (in6_setscope() may modify the 1st arg)
|
|
|
|
*/
|
|
|
|
mld_addr = mldh->mld_addr;
|
|
|
|
if (in6_setscope(&mld_addr, ifp, NULL)) {
|
|
|
|
/* XXX: this should not happen! */
|
|
|
|
m_free(m);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
2006-03-06 02:47:08 +03:00
|
|
|
* In the MLD specification, there are 3 states and a flag.
|
1999-06-28 10:36:47 +04:00
|
|
|
*
|
|
|
|
* In Non-Listener state, we simply don't have a membership record.
|
|
|
|
* In Delaying Listener state, our timer is running (in6m->in6m_timer)
|
2006-03-06 02:47:08 +03:00
|
|
|
* In Idle Listener state, our timer is not running
|
|
|
|
* (in6m->in6m_timer==IN6M_TIMER_UNDEF)
|
1999-06-28 10:36:47 +04:00
|
|
|
*
|
2003-06-06 12:13:43 +04:00
|
|
|
* The flag is in6m->in6m_state, it is set to MLD_OTHERLISTENER if
|
|
|
|
* we have heard a report from another member, or MLD_IREPORTEDLAST
|
1999-06-28 10:36:47 +04:00
|
|
|
* if we sent the last report.
|
|
|
|
*/
|
2003-06-06 12:13:43 +04:00
|
|
|
switch (mldh->mld_type) {
|
|
|
|
case MLD_LISTENER_QUERY:
|
1999-12-13 18:17:17 +03:00
|
|
|
if (ifp->if_flags & IFF_LOOPBACK)
|
|
|
|
break;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
if (!IN6_IS_ADDR_UNSPECIFIED(&mld_addr) &&
|
|
|
|
!IN6_IS_ADDR_MULTICAST(&mld_addr))
|
1999-12-13 18:17:17 +03:00
|
|
|
break; /* print error or log stat? */
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
|
|
|
|
all_in6 = in6addr_linklocal_allnodes;
|
|
|
|
if (in6_setscope(&all_in6, ifp, NULL)) {
|
|
|
|
/* XXX: this should not happen! */
|
|
|
|
break;
|
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
/*
|
2000-02-26 11:39:18 +03:00
|
|
|
* - Start the timers in all of our membership records
|
|
|
|
* that the query applies to for the interface on
|
|
|
|
* which the query arrived excl. those that belong
|
|
|
|
* to the "all-nodes" group (ff02::1).
|
|
|
|
* - Restart any timer that is already running but has
|
2006-03-03 17:07:06 +03:00
|
|
|
* a value longer than the requested timeout.
|
2000-02-26 11:39:18 +03:00
|
|
|
* - Use the value specified in the query message as
|
|
|
|
* the maximum timeout.
|
|
|
|
*/
|
2006-03-06 02:47:08 +03:00
|
|
|
timer = ntohs(mldh->mld_maxdelay);
|
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
IFP_TO_IA6(ifp, ia);
|
|
|
|
if (ia == NULL)
|
|
|
|
break;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2006-11-20 07:26:22 +03:00
|
|
|
LIST_FOREACH(in6m, &ia->ia6_multiaddrs, in6m_entry) {
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
if (IN6_ARE_ADDR_EQUAL(&in6m->in6m_addr, &all_in6) ||
|
1999-12-13 18:17:17 +03:00
|
|
|
IPV6_ADDR_MC_SCOPE(&in6m->in6m_addr) <
|
|
|
|
IPV6_ADDR_SCOPE_LINKLOCAL)
|
|
|
|
continue;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2006-03-06 02:47:08 +03:00
|
|
|
if (in6m->in6m_state == MLD_REPORTPENDING)
|
|
|
|
continue; /* we are not yet ready */
|
|
|
|
|
|
|
|
if (!IN6_IS_ADDR_UNSPECIFIED(&mld_addr) &&
|
|
|
|
!IN6_ARE_ADDR_EQUAL(&mld_addr, &in6m->in6m_addr))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (timer == 0) {
|
|
|
|
/* send a report immediately */
|
|
|
|
mld_stoptimer(in6m);
|
|
|
|
mld_sendpkt(in6m, MLD_LISTENER_REPORT, NULL);
|
|
|
|
in6m->in6m_state = MLD_IREPORTEDLAST;
|
|
|
|
} else if (in6m->in6m_timer == IN6M_TIMER_UNDEF ||
|
2008-08-22 21:11:39 +04:00
|
|
|
mld_timerresid(in6m) > timer) {
|
|
|
|
in6m->in6m_timer =
|
First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
2011-11-20 02:51:18 +04:00
|
|
|
1 + (cprng_fast32() % timer) * hz / 1000;
|
2006-03-06 02:47:08 +03:00
|
|
|
mld_starttimer(in6m);
|
1999-12-13 18:17:17 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
|
2003-06-06 12:13:43 +04:00
|
|
|
case MLD_LISTENER_REPORT:
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
2000-02-26 11:39:18 +03:00
|
|
|
* For fast leave to work, we have to know that we are the
|
|
|
|
* last person to send a report for this group. Reports
|
|
|
|
* can potentially get looped back if we are a multicast
|
|
|
|
* router, so discard reports sourced by me.
|
|
|
|
* Note that it is impossible to check IFF_LOOPBACK flag of
|
|
|
|
* ifp for this purpose, since ip6_mloopback pass the physical
|
|
|
|
* interface to looutput.
|
|
|
|
*/
|
1999-12-13 18:17:17 +03:00
|
|
|
if (m->m_flags & M_LOOP) /* XXX: grotty flag, but efficient */
|
|
|
|
break;
|
|
|
|
|
2003-06-06 12:13:43 +04:00
|
|
|
if (!IN6_IS_ADDR_MULTICAST(&mldh->mld_addr))
|
1999-12-13 18:17:17 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
/*
|
2000-02-26 11:39:18 +03:00
|
|
|
* If we belong to the group being reported, stop
|
|
|
|
* our timer for that group.
|
|
|
|
*/
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
IN6_LOOKUP_MULTI(mld_addr, ifp, in6m);
|
1999-12-13 18:17:17 +03:00
|
|
|
if (in6m) {
|
2006-03-06 02:47:08 +03:00
|
|
|
mld_stoptimer(in6m); /* transit to idle state */
|
2003-06-06 12:13:43 +04:00
|
|
|
in6m->in6m_state = MLD_OTHERLISTENER; /* clear flag */
|
1999-12-13 18:17:17 +03:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
default: /* this is impossible */
|
2002-01-08 07:37:32 +03:00
|
|
|
#if 0
|
2002-06-09 01:22:29 +04:00
|
|
|
/*
|
|
|
|
* this case should be impossible because of filtering in
|
|
|
|
* icmp6_input(). But we explicitly disabled this part
|
|
|
|
* just in case.
|
|
|
|
*/
|
2006-03-06 02:47:08 +03:00
|
|
|
log(LOG_ERR, "mld_input: illegal type(%d)", mldh->mld_type);
|
2002-01-08 07:37:32 +03:00
|
|
|
#endif
|
1999-12-13 18:17:17 +03:00
|
|
|
break;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
2000-02-26 11:39:18 +03:00
|
|
|
|
|
|
|
m_freem(m);
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2007-05-23 21:14:59 +04:00
|
|
|
mld_sendpkt(struct in6_multi *in6m, int type,
|
|
|
|
const struct in6_addr *dst)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
2006-03-06 02:47:08 +03:00
|
|
|
struct mbuf *mh;
|
2003-06-06 12:13:43 +04:00
|
|
|
struct mld_hdr *mldh;
|
2006-03-06 02:47:08 +03:00
|
|
|
struct ip6_hdr *ip6 = NULL;
|
1999-06-28 10:36:47 +04:00
|
|
|
struct ip6_moptions im6o;
|
2006-03-06 02:47:08 +03:00
|
|
|
struct in6_ifaddr *ia = NULL;
|
1999-06-28 10:36:47 +04:00
|
|
|
struct ifnet *ifp = in6m->in6m_ifp;
|
2002-06-09 01:22:29 +04:00
|
|
|
int ignflags;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
/*
|
|
|
|
* At first, find a link local address on the outgoing interface
|
|
|
|
* to use as the source address of the MLD packet.
|
2002-06-09 01:22:29 +04:00
|
|
|
* We do not reject tentative addresses for MLD report to deal with
|
|
|
|
* the case where we first join a link-local address.
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
2002-06-09 01:22:29 +04:00
|
|
|
ignflags = (IN6_IFF_NOTREADY|IN6_IFF_ANYCAST) & ~IN6_IFF_TENTATIVE;
|
|
|
|
if ((ia = in6ifa_ifpforlinklocal(ifp, ignflags)) == NULL)
|
1999-06-28 10:36:47 +04:00
|
|
|
return;
|
2002-06-09 01:22:29 +04:00
|
|
|
if ((ia->ia6_flags & IN6_IFF_TENTATIVE))
|
|
|
|
ia = NULL;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2006-03-06 02:47:08 +03:00
|
|
|
/* Allocate two mbufs to store IPv6 header and MLD header */
|
|
|
|
mldh = mld_allocbuf(&mh, sizeof(struct mld_hdr), in6m, type);
|
|
|
|
if (mldh == NULL)
|
1999-06-28 10:36:47 +04:00
|
|
|
return;
|
|
|
|
|
2006-03-06 02:47:08 +03:00
|
|
|
/* fill src/dst here */
|
|
|
|
ip6 = mtod(mh, struct ip6_hdr *);
|
|
|
|
ip6->ip6_src = ia ? ia->ia_addr.sin6_addr : in6addr_any;
|
|
|
|
ip6->ip6_dst = dst ? *dst : in6m->in6m_addr;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2003-06-06 12:13:43 +04:00
|
|
|
mldh->mld_addr = in6m->in6m_addr;
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
in6_clearscope(&mldh->mld_addr); /* XXX */
|
2003-06-06 12:13:43 +04:00
|
|
|
mldh->mld_cksum = in6_cksum(mh, IPPROTO_ICMPV6, sizeof(struct ip6_hdr),
|
|
|
|
sizeof(struct mld_hdr));
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
/* construct multicast option */
|
2006-03-06 02:47:08 +03:00
|
|
|
memset(&im6o, 0, sizeof(im6o));
|
1999-06-28 10:36:47 +04:00
|
|
|
im6o.im6o_multicast_ifp = ifp;
|
|
|
|
im6o.im6o_multicast_hlim = 1;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Request loopback of the report if we are acting as a multicast
|
|
|
|
* router, so that the process-level routing daemon can hear it.
|
|
|
|
*/
|
|
|
|
im6o.im6o_multicast_loop = (ip6_mrouter != NULL);
|
|
|
|
|
|
|
|
/* increment output statictics */
|
2008-04-15 07:57:04 +04:00
|
|
|
ICMP6_STATINC(ICMP6_STAT_OUTHIST + type);
|
2001-10-18 13:09:25 +04:00
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_msg);
|
2001-12-18 06:04:02 +03:00
|
|
|
switch (type) {
|
2003-06-06 12:13:43 +04:00
|
|
|
case MLD_LISTENER_QUERY:
|
2001-10-18 13:09:25 +04:00
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_mldquery);
|
|
|
|
break;
|
2003-06-06 12:13:43 +04:00
|
|
|
case MLD_LISTENER_REPORT:
|
2001-10-18 13:09:25 +04:00
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_mldreport);
|
|
|
|
break;
|
2003-06-06 12:13:43 +04:00
|
|
|
case MLD_LISTENER_DONE:
|
2001-10-18 13:09:25 +04:00
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_mlddone);
|
|
|
|
break;
|
1999-12-13 18:17:17 +03:00
|
|
|
}
|
2002-06-09 01:22:29 +04:00
|
|
|
|
2005-02-27 01:45:09 +03:00
|
|
|
ip6_output(mh, &ip6_opts, NULL, ia ? 0 : IPV6_UNSPECSRC,
|
2011-08-31 22:31:02 +04:00
|
|
|
&im6o, NULL, NULL);
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
2006-03-06 02:47:08 +03:00
|
|
|
|
|
|
|
static struct mld_hdr *
|
2006-11-16 04:32:37 +03:00
|
|
|
mld_allocbuf(struct mbuf **mh, int len, struct in6_multi *in6m,
|
2006-10-12 05:30:41 +04:00
|
|
|
int type)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
|
|
|
struct mbuf *md;
|
|
|
|
struct mld_hdr *mldh;
|
|
|
|
struct ip6_hdr *ip6;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Allocate mbufs to store ip6 header and MLD header.
|
|
|
|
* We allocate 2 mbufs and make chain in advance because
|
|
|
|
* it is more convenient when inserting the hop-by-hop option later.
|
|
|
|
*/
|
|
|
|
MGETHDR(*mh, M_DONTWAIT, MT_HEADER);
|
|
|
|
if (*mh == NULL)
|
|
|
|
return NULL;
|
|
|
|
MGET(md, M_DONTWAIT, MT_DATA);
|
|
|
|
if (md == NULL) {
|
|
|
|
m_free(*mh);
|
|
|
|
*mh = NULL;
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
(*mh)->m_next = md;
|
|
|
|
md->m_next = NULL;
|
|
|
|
|
|
|
|
(*mh)->m_pkthdr.rcvif = NULL;
|
|
|
|
(*mh)->m_pkthdr.len = sizeof(struct ip6_hdr) + len;
|
|
|
|
(*mh)->m_len = sizeof(struct ip6_hdr);
|
|
|
|
MH_ALIGN(*mh, sizeof(struct ip6_hdr));
|
|
|
|
|
|
|
|
/* fill in the ip6 header */
|
|
|
|
ip6 = mtod(*mh, struct ip6_hdr *);
|
|
|
|
memset(ip6, 0, sizeof(*ip6));
|
|
|
|
ip6->ip6_flow = 0;
|
|
|
|
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
|
|
|
|
ip6->ip6_vfc |= IPV6_VERSION;
|
|
|
|
/* ip6_plen will be set later */
|
|
|
|
ip6->ip6_nxt = IPPROTO_ICMPV6;
|
|
|
|
/* ip6_hlim will be set by im6o.im6o_multicast_hlim */
|
|
|
|
/* ip6_src/dst will be set by mld_sendpkt() or mld_sendbuf() */
|
|
|
|
|
|
|
|
/* fill in the MLD header as much as possible */
|
|
|
|
md->m_len = len;
|
|
|
|
mldh = mtod(md, struct mld_hdr *);
|
|
|
|
memset(mldh, 0, len);
|
|
|
|
mldh->mld_type = type;
|
|
|
|
return mldh;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Add an address to the list of IP6 multicast addresses for a given interface.
|
|
|
|
*/
|
|
|
|
struct in6_multi *
|
2007-05-23 21:14:59 +04:00
|
|
|
in6_addmulti(struct in6_addr *maddr6, struct ifnet *ifp,
|
|
|
|
int *errorp, int timer)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
|
|
|
struct in6_ifaddr *ia;
|
2011-10-19 05:52:22 +04:00
|
|
|
struct sockaddr_in6 sin6;
|
2006-03-06 02:47:08 +03:00
|
|
|
struct in6_multi *in6m;
|
|
|
|
int s = splsoftnet();
|
|
|
|
|
|
|
|
*errorp = 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* See if address already in list.
|
|
|
|
*/
|
|
|
|
IN6_LOOKUP_MULTI(*maddr6, ifp, in6m);
|
|
|
|
if (in6m != NULL) {
|
|
|
|
/*
|
|
|
|
* Found it; just increment the refrence count.
|
|
|
|
*/
|
|
|
|
in6m->in6m_refcount++;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* New address; allocate a new multicast record
|
|
|
|
* and link it into the interface's multicast list.
|
|
|
|
*/
|
|
|
|
in6m = (struct in6_multi *)
|
2009-08-05 02:04:23 +04:00
|
|
|
malloc(sizeof(*in6m), M_IPMADDR, M_NOWAIT|M_ZERO);
|
2006-03-06 02:47:08 +03:00
|
|
|
if (in6m == NULL) {
|
|
|
|
splx(s);
|
|
|
|
*errorp = ENOBUFS;
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
in6m->in6m_addr = *maddr6;
|
|
|
|
in6m->in6m_ifp = ifp;
|
|
|
|
in6m->in6m_refcount = 1;
|
|
|
|
in6m->in6m_timer = IN6M_TIMER_UNDEF;
|
|
|
|
IFP_TO_IA6(ifp, ia);
|
|
|
|
if (ia == NULL) {
|
|
|
|
free(in6m, M_IPMADDR);
|
|
|
|
splx(s);
|
|
|
|
*errorp = EADDRNOTAVAIL; /* appropriate? */
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
in6m->in6m_ia = ia;
|
|
|
|
IFAREF(&ia->ia_ifa); /* gain a reference */
|
|
|
|
LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Ask the network driver to update its multicast reception
|
|
|
|
* filter appropriately for the new address.
|
|
|
|
*/
|
2011-10-19 05:52:22 +04:00
|
|
|
sockaddr_in6_init(&sin6, maddr6, 0, 0, 0);
|
|
|
|
*errorp = if_mcast_op(ifp, SIOCADDMULTI, sin6tosa(&sin6));
|
2006-03-06 02:47:08 +03:00
|
|
|
if (*errorp) {
|
|
|
|
LIST_REMOVE(in6m, in6m_entry);
|
|
|
|
free(in6m, M_IPMADDR);
|
|
|
|
IFAFREE(&ia->ia_ifa);
|
|
|
|
splx(s);
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
2008-04-24 15:38:36 +04:00
|
|
|
callout_init(&in6m->in6m_timer_ch, CALLOUT_MPSAFE);
|
2007-10-17 00:31:33 +04:00
|
|
|
callout_setfunc(&in6m->in6m_timer_ch, mld_timeo, in6m);
|
2006-03-06 23:33:52 +03:00
|
|
|
in6m->in6m_timer = timer;
|
2006-03-06 02:47:08 +03:00
|
|
|
if (in6m->in6m_timer > 0) {
|
|
|
|
in6m->in6m_state = MLD_REPORTPENDING;
|
|
|
|
mld_starttimer(in6m);
|
|
|
|
|
|
|
|
splx(s);
|
|
|
|
return (in6m);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Let MLD6 know that we have joined a new IP6 multicast
|
|
|
|
* group.
|
|
|
|
*/
|
|
|
|
mld_start_listening(in6m);
|
|
|
|
}
|
|
|
|
splx(s);
|
|
|
|
return (in6m);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Delete a multicast address record.
|
|
|
|
*/
|
|
|
|
void
|
2007-05-23 21:14:59 +04:00
|
|
|
in6_delmulti(struct in6_multi *in6m)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
2011-10-19 05:52:22 +04:00
|
|
|
struct sockaddr_in6 sin6;
|
2006-03-06 02:47:08 +03:00
|
|
|
struct in6_ifaddr *ia;
|
|
|
|
int s = splsoftnet();
|
|
|
|
|
|
|
|
mld_stoptimer(in6m);
|
|
|
|
|
|
|
|
if (--in6m->in6m_refcount == 0) {
|
|
|
|
/*
|
|
|
|
* No remaining claims to this record; let MLD6 know
|
|
|
|
* that we are leaving the multicast group.
|
|
|
|
*/
|
|
|
|
mld_stop_listening(in6m);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Unlink from list.
|
|
|
|
*/
|
|
|
|
LIST_REMOVE(in6m, in6m_entry);
|
2006-11-20 07:26:22 +03:00
|
|
|
if (in6m->in6m_ia != NULL) {
|
2006-03-06 02:47:08 +03:00
|
|
|
IFAFREE(&in6m->in6m_ia->ia_ifa); /* release reference */
|
2006-11-20 07:26:22 +03:00
|
|
|
in6m->in6m_ia = NULL;
|
2006-03-06 02:47:08 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Delete all references of this multicasting group from
|
|
|
|
* the membership arrays
|
|
|
|
*/
|
|
|
|
for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
|
|
|
|
struct in6_multi_mship *imm;
|
2006-11-20 07:26:22 +03:00
|
|
|
LIST_FOREACH(imm, &ia->ia6_memberships, i6mm_chain) {
|
2006-03-06 02:47:08 +03:00
|
|
|
if (imm->i6mm_maddr == in6m)
|
|
|
|
imm->i6mm_maddr = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Notify the network driver to update its multicast
|
|
|
|
* reception filter.
|
|
|
|
*/
|
2011-10-19 05:52:22 +04:00
|
|
|
sockaddr_in6_init(&sin6, &in6m->in6m_addr, 0, 0, 0);
|
|
|
|
if_mcast_op(in6m->in6m_ifp, SIOCDELMULTI, sin6tosa(&sin6));
|
2007-10-17 00:31:33 +04:00
|
|
|
callout_destroy(&in6m->in6m_timer_ch);
|
2006-03-06 02:47:08 +03:00
|
|
|
free(in6m, M_IPMADDR);
|
|
|
|
}
|
|
|
|
splx(s);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
struct in6_multi_mship *
|
2007-05-23 21:14:59 +04:00
|
|
|
in6_joingroup(struct ifnet *ifp, struct in6_addr *addr,
|
|
|
|
int *errorp, int timer)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
|
|
|
struct in6_multi_mship *imm;
|
|
|
|
|
2009-08-05 02:04:23 +04:00
|
|
|
imm = malloc(sizeof(*imm), M_IPMADDR, M_NOWAIT|M_ZERO);
|
|
|
|
if (imm == NULL) {
|
2006-03-06 02:47:08 +03:00
|
|
|
*errorp = ENOBUFS;
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2006-03-06 23:33:52 +03:00
|
|
|
imm->i6mm_maddr = in6_addmulti(addr, ifp, errorp, timer);
|
2006-03-06 02:47:08 +03:00
|
|
|
if (!imm->i6mm_maddr) {
|
2006-11-29 06:05:12 +03:00
|
|
|
/* *errorp is already set */
|
2006-03-06 02:47:08 +03:00
|
|
|
free(imm, M_IPMADDR);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
return imm;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2007-05-23 21:14:59 +04:00
|
|
|
in6_leavegroup(struct in6_multi_mship *imm)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
|
|
|
|
|
|
|
if (imm->i6mm_maddr) {
|
|
|
|
in6_delmulti(imm->i6mm_maddr);
|
|
|
|
}
|
|
|
|
free(imm, M_IPMADDR);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Multicast address kludge:
|
|
|
|
* If there were any multicast addresses attached to this interface address,
|
|
|
|
* either move them to another address on this interface, or save them until
|
|
|
|
* such time as this interface is reconfigured for IPv6.
|
|
|
|
*/
|
|
|
|
void
|
2007-05-23 21:14:59 +04:00
|
|
|
in6_savemkludge(struct in6_ifaddr *oia)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
|
|
|
struct in6_ifaddr *ia;
|
2006-11-29 06:05:12 +03:00
|
|
|
struct in6_multi *in6m;
|
2006-03-06 02:47:08 +03:00
|
|
|
|
|
|
|
IFP_TO_IA6(oia->ia_ifp, ia);
|
|
|
|
if (ia) { /* there is another address */
|
2006-11-29 06:05:12 +03:00
|
|
|
KASSERT(ia != oia);
|
|
|
|
while ((in6m = LIST_FIRST(&oia->ia6_multiaddrs)) != NULL) {
|
|
|
|
LIST_REMOVE(in6m, in6m_entry);
|
2006-03-06 02:47:08 +03:00
|
|
|
IFAREF(&ia->ia_ifa);
|
2006-11-29 06:05:12 +03:00
|
|
|
IFAFREE(&in6m->in6m_ia->ia_ifa);
|
2006-03-06 02:47:08 +03:00
|
|
|
in6m->in6m_ia = ia;
|
|
|
|
LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry);
|
|
|
|
}
|
|
|
|
} else { /* last address on this if deleted, save */
|
|
|
|
struct multi6_kludge *mk;
|
|
|
|
|
2006-11-20 07:26:22 +03:00
|
|
|
LIST_FOREACH(mk, &in6_mk, mk_entry) {
|
2006-03-06 02:47:08 +03:00
|
|
|
if (mk->mk_ifp == oia->ia_ifp)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (mk == NULL) /* this should not happen! */
|
|
|
|
panic("in6_savemkludge: no kludge space");
|
|
|
|
|
2006-11-29 06:05:12 +03:00
|
|
|
while ((in6m = LIST_FIRST(&oia->ia6_multiaddrs)) != NULL) {
|
|
|
|
LIST_REMOVE(in6m, in6m_entry);
|
2006-03-06 02:47:08 +03:00
|
|
|
IFAFREE(&in6m->in6m_ia->ia_ifa); /* release reference */
|
|
|
|
in6m->in6m_ia = NULL;
|
|
|
|
LIST_INSERT_HEAD(&mk->mk_head, in6m, in6m_entry);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Continuation of multicast address hack:
|
|
|
|
* If there was a multicast group list previously saved for this interface,
|
|
|
|
* then we re-attach it to the first address configured on the i/f.
|
|
|
|
*/
|
|
|
|
void
|
2007-05-23 21:14:59 +04:00
|
|
|
in6_restoremkludge(struct in6_ifaddr *ia, struct ifnet *ifp)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
|
|
|
struct multi6_kludge *mk;
|
2006-11-29 06:05:12 +03:00
|
|
|
struct in6_multi *in6m;
|
2006-03-06 02:47:08 +03:00
|
|
|
|
2006-11-20 07:26:22 +03:00
|
|
|
LIST_FOREACH(mk, &in6_mk, mk_entry) {
|
|
|
|
if (mk->mk_ifp == ifp)
|
2006-03-06 02:47:08 +03:00
|
|
|
break;
|
|
|
|
}
|
2006-11-20 07:26:22 +03:00
|
|
|
if (mk == NULL)
|
|
|
|
return;
|
2006-11-29 06:05:12 +03:00
|
|
|
while ((in6m = LIST_FIRST(&mk->mk_head)) != NULL) {
|
|
|
|
LIST_REMOVE(in6m, in6m_entry);
|
2006-11-20 07:26:22 +03:00
|
|
|
in6m->in6m_ia = ia;
|
|
|
|
IFAREF(&ia->ia_ifa);
|
|
|
|
LIST_INSERT_HEAD(&ia->ia6_multiaddrs, in6m, in6m_entry);
|
|
|
|
}
|
2006-03-06 02:47:08 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Allocate space for the kludge at interface initialization time.
|
|
|
|
* Formerly, we dynamically allocated the space in in6_savemkludge() with
|
|
|
|
* malloc(M_WAITOK). However, it was wrong since the function could be called
|
|
|
|
* under an interrupt context (software timer on address lifetime expiration).
|
|
|
|
* Also, we cannot just give up allocating the strucutre, since the group
|
|
|
|
* membership structure is very complex and we need to keep it anyway.
|
|
|
|
* Of course, this function MUST NOT be called under an interrupt context.
|
|
|
|
* Specifically, it is expected to be called only from in6_ifattach(), though
|
|
|
|
* it is a global function.
|
|
|
|
*/
|
|
|
|
void
|
2007-05-23 21:14:59 +04:00
|
|
|
in6_createmkludge(struct ifnet *ifp)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
|
|
|
struct multi6_kludge *mk;
|
|
|
|
|
2006-11-20 07:26:22 +03:00
|
|
|
LIST_FOREACH(mk, &in6_mk, mk_entry) {
|
2006-03-06 02:47:08 +03:00
|
|
|
/* If we've already had one, do not allocate. */
|
|
|
|
if (mk->mk_ifp == ifp)
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2009-08-05 02:04:23 +04:00
|
|
|
mk = malloc(sizeof(*mk), M_IPMADDR, M_ZERO|M_WAITOK);
|
2006-03-06 02:47:08 +03:00
|
|
|
|
|
|
|
LIST_INIT(&mk->mk_head);
|
|
|
|
mk->mk_ifp = ifp;
|
|
|
|
LIST_INSERT_HEAD(&in6_mk, mk, mk_entry);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2007-05-23 21:14:59 +04:00
|
|
|
in6_purgemkludge(struct ifnet *ifp)
|
2006-03-06 02:47:08 +03:00
|
|
|
{
|
|
|
|
struct multi6_kludge *mk;
|
2006-11-29 06:05:12 +03:00
|
|
|
struct in6_multi *in6m, *next;
|
2006-03-06 02:47:08 +03:00
|
|
|
|
2006-11-20 07:26:22 +03:00
|
|
|
LIST_FOREACH(mk, &in6_mk, mk_entry) {
|
|
|
|
if (mk->mk_ifp == ifp)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (mk == NULL)
|
|
|
|
return;
|
2006-03-06 02:47:08 +03:00
|
|
|
|
2006-11-20 07:26:22 +03:00
|
|
|
/* leave from all multicast groups joined */
|
2006-11-29 06:05:12 +03:00
|
|
|
for (in6m = LIST_FIRST(&mk->mk_head); in6m != NULL; in6m = next) {
|
|
|
|
next = LIST_NEXT(in6m, in6m_entry);
|
2006-11-20 07:26:22 +03:00
|
|
|
in6_delmulti(in6m);
|
2006-03-06 02:47:08 +03:00
|
|
|
}
|
2006-11-20 07:26:22 +03:00
|
|
|
LIST_REMOVE(mk, mk_entry);
|
|
|
|
free(mk, M_IPMADDR);
|
2006-03-06 02:47:08 +03:00
|
|
|
}
|