Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/sys/netinet6/nd6.h

214 lines
7.5 KiB
C
Raw Normal View History

Sprinkle some const
2020-08-20 14:01:02 +03:00
/* $NetBSD: nd6.h,v 1.90 2020/08/20 11:01:02 roy Exp $ */
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
2002-06-09 01:22:29 +04:00
/* $KAME: nd6.h,v 1.95 2002/06/08 11:31:06 itojun Exp $ */
RCS ID police.
1999-07-04 01:24:45 +04:00
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* All rights reserved.
better sync with latest kame (cosmetic only).
2000-04-16 19:00:56 +04:00
*
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
better sync with latest kame (cosmetic only).
2000-04-16 19:00:56 +04:00
*
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef _NETINET6_ND6_H_
#define _NETINET6_ND6_H_
#include <sys/queue.h>
New callout mechanism with two major improvements over the old timeout()/untimeout() API: - Clients supply callout handle storage, thus eliminating problems of resource allocation. - Insertion and removal of callouts is constant time, important as this facility is used quite a lot in the kernel. The old timeout()/untimeout() API has been removed from the kernel.
2000-03-23 10:01:25 +03:00
#include <sys/callout.h>
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
2012-06-23 07:13:41 +04:00
#define ND6_LLINFO_PURGE -3
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
#define ND6_LLINFO_NOSTATE -2
inet6: Re-introduce ND6_LLINFO_WAITDELETE so we can return EHOSTDOWN Once we've sent nd6_mmaxtries NS messages, send RTM_MISS and move to the ND6_LLINFO_WAITDELETE state rather than freeing the llentry right away. Wait for a probe cycle and then free the llentry. If a connection attempts to re-use the llentry during ND6_LLINFO_WAITDELETE, return EHOSTDOWN (or EHOSTUNREACH if a gateway) to match inet behaviour. Continue to ND6_LLINFO_INCOMPLETE and send another NS probe in hope of a reply. Rinse and repeat. This reverts part of nd6.c r1.14 - an 18 year old commit!
2019-09-01 22:26:21 +03:00
#define ND6_LLINFO_WAITDELETE -1
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
#define ND6_LLINFO_INCOMPLETE 0
#define ND6_LLINFO_REACHABLE 1
#define ND6_LLINFO_STALE 2
#define ND6_LLINFO_DELAY 3
#define ND6_LLINFO_PROBE 4
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more. TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach (sorry for jumbo commit, I can't separate this any more...)
1999-12-13 18:17:17 +03:00
#define ND6_IS_LLINFO_PROBREACH(n) ((n)->ln_state > ND6_LLINFO_INCOMPLETE)
NDP-related improvements: RFC4191 - supports host-side router-preference RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code From the KAME project via SUZUKI Shinsuke. Reviewed by core.
2006-03-06 02:47:08 +03:00
#define ND6_LLINFO_PERMANENT(n) (((n)->ln_expire == 0) && ((n)->ln_state > ND6_LLINFO_INCOMPLETE))
attach nd_ifinfo structure into if_afdata. split IPv6 link MTU (advertised by RA) from real link MTU. sync with kame
2002-05-29 11:53:39 +04:00
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
struct nd_ifinfo {
Remove in-kernel handling of Router Advertisements This is much better handled by a user-land tool. Proposed on tech-net here: https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl. Compat is fully provided where it makes sense, but trying to turn on RA handling will obviously throw an error as it no longer exists. Note that if you use IPv6 temporary addresses, this now needs to be turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
2020-06-12 14:04:44 +03:00
uint8_t chlim; /* CurHopLimit */
uint32_t basereachable; /* BaseReachableTime */
uint32_t retrans; /* Retrans Timer */
uint32_t flags; /* Flags */
};
#ifdef _KERNEL
struct nd_kifinfo {
uint8_t chlim; /* CurHopLimit */
uint32_t basereachable; /* BaseReachableTime */
uint32_t retrans; /* Retrans Timer */
uint32_t flags; /* Flags */
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more. TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach (sorry for jumbo commit, I can't separate this any more...)
1999-12-13 18:17:17 +03:00
int recalctm; /* BaseReacable re-calculation timer */
Remove in-kernel handling of Router Advertisements This is much better handled by a user-land tool. Proposed on tech-net here: https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl. Compat is fully provided where it makes sense, but trying to turn on RA handling will obviously throw an error as it no longer exists. Note that if you use IPv6 temporary addresses, this now needs to be turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
2020-06-12 14:04:44 +03:00
uint32_t reachable; /* Reachable Time */
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
};
Remove in-kernel handling of Router Advertisements This is much better handled by a user-land tool. Proposed on tech-net here: https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl. Compat is fully provided where it makes sense, but trying to turn on RA handling will obviously throw an error as it no longer exists. Note that if you use IPv6 temporary addresses, this now needs to be turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
2020-06-12 14:04:44 +03:00
#endif
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
Fix net.inet6.ip6.accept_rtadv and 'ndp -i <interface> accept_rtadv': Add a flag ND6_IFF_OVERRIDE_RTADV that tells the kernel to override ip6_accept_rtadv (net.inet6.ip6.accept_rtadv) on an interface. Add a routine nd6_accepts_rtadv(ndi) that evaluates both the flags on the interface represented by ndi and ip6_accept_rtadv, and returns 'true' if the given interface should accept Router Advertisements, and 'false' if not. Now, ND6_IFF_ACCEPT_RTADV works as it was historically documented: if it is set, then accept router advertisements iff ip6_accept_rtadv != 0. Otherwise, do not accept router advertisements. If ND6_IFF_OVERRIDE_RTADV is set, then the flag ND6_IFF_ACCEPT_RTADV overrides ip6_accept_rtadv: if ND6_IFF_ACCEPT_RTADV is set, accept; otherwise reject. Ignore ip6_accept_rtadv. If neither ND6_IFF_ACCEPT_RTADV nor ND6_IFF_OVERRIDE_RTADV is set, reject Router Advertisements.
2009-11-06 23:41:22 +03:00
#define ND6_IFF_PERFORMNUD 0x01
Remove in-kernel handling of Router Advertisements This is much better handled by a user-land tool. Proposed on tech-net here: https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl. Compat is fully provided where it makes sense, but trying to turn on RA handling will obviously throw an error as it no longer exists. Note that if you use IPv6 temporary addresses, this now needs to be turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
2020-06-12 14:04:44 +03:00
/* 0x02 was ND6_IFF_ACCEPT_RTADV */
Fix net.inet6.ip6.accept_rtadv and 'ndp -i <interface> accept_rtadv': Add a flag ND6_IFF_OVERRIDE_RTADV that tells the kernel to override ip6_accept_rtadv (net.inet6.ip6.accept_rtadv) on an interface. Add a routine nd6_accepts_rtadv(ndi) that evaluates both the flags on the interface represented by ndi and ip6_accept_rtadv, and returns 'true' if the given interface should accept Router Advertisements, and 'false' if not. Now, ND6_IFF_ACCEPT_RTADV works as it was historically documented: if it is set, then accept router advertisements iff ip6_accept_rtadv != 0. Otherwise, do not accept router advertisements. If ND6_IFF_OVERRIDE_RTADV is set, then the flag ND6_IFF_ACCEPT_RTADV overrides ip6_accept_rtadv: if ND6_IFF_ACCEPT_RTADV is set, accept; otherwise reject. Ignore ip6_accept_rtadv. If neither ND6_IFF_ACCEPT_RTADV nor ND6_IFF_OVERRIDE_RTADV is set, reject Router Advertisements.
2009-11-06 23:41:22 +03:00
#define ND6_IFF_PREFER_SOURCE 0x04 /* XXX: not related to ND. */
#define ND6_IFF_IFDISABLED 0x08 /* IPv6 operation is disabled due to
* DAD failure. (XXX: not ND-specific)
*/
Remove in-kernel handling of Router Advertisements This is much better handled by a user-land tool. Proposed on tech-net here: https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl. Compat is fully provided where it makes sense, but trying to turn on RA handling will obviously throw an error as it no longer exists. Note that if you use IPv6 temporary addresses, this now needs to be turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
2020-06-12 14:04:44 +03:00
/* 0x10 was ND6_IFF_OVERRIDE_RTADV */
Add IPV6CTL_AUTO_LINKLOCAL and ND6_IFF_AUTO_LINKLOCAL toggles which control the automatic creation of IPv6 link-local addresses when an interface is brought up. Taken from FreeBSD.
2014-06-05 20:06:49 +04:00
#define ND6_IFF_AUTO_LINKLOCAL 0x20
Fix net.inet6.ip6.accept_rtadv and 'ndp -i <interface> accept_rtadv': Add a flag ND6_IFF_OVERRIDE_RTADV that tells the kernel to override ip6_accept_rtadv (net.inet6.ip6.accept_rtadv) on an interface. Add a routine nd6_accepts_rtadv(ndi) that evaluates both the flags on the interface represented by ndi and ip6_accept_rtadv, and returns 'true' if the given interface should accept Router Advertisements, and 'false' if not. Now, ND6_IFF_ACCEPT_RTADV works as it was historically documented: if it is set, then accept router advertisements iff ip6_accept_rtadv != 0. Otherwise, do not accept router advertisements. If ND6_IFF_OVERRIDE_RTADV is set, then the flag ND6_IFF_ACCEPT_RTADV overrides ip6_accept_rtadv: if ND6_IFF_ACCEPT_RTADV is set, accept; otherwise reject. Ignore ip6_accept_rtadv. If neither ND6_IFF_ACCEPT_RTADV nor ND6_IFF_OVERRIDE_RTADV is set, reject Router Advertisements.
2009-11-06 23:41:22 +03:00
attach nd_ifinfo structure into if_afdata. split IPv6 link MTU (advertised by RA) from real link MTU. sync with kame
2002-05-29 11:53:39 +04:00
#ifdef _KERNEL
#define ND_IFINFO(ifp) \
(((struct in6_ifextra *)(ifp)->if_afdata[AF_INET6])->nd_ifinfo)
#endif
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
struct in6_nbrinfo {
char ifname[IFNAMSIZ]; /* if name, e.g. "en0" */
struct in6_addr addr; /* IPv6 address of the neighbor */
long asked; /* number of queries already sent for this addr */
int isrouter; /* if it acts as a router */
int state; /* reachability state */
int expire; /* lifetime for NDP state transition */
};
struct in6_ndireq {
char ifname[IFNAMSIZ];
struct nd_ifinfo ndi;
};
/* protocol constants */
reduce white space/cosmetic diffs w/kame.
2001-12-18 06:04:02 +03:00
#define MAX_RTR_SOLICITATION_DELAY 1 /* 1sec */
- switch the lifetime struct to time_t and provide compatibility for the old ioctl.
2009-01-15 21:20:48 +03:00
#define ND6_INFINITE_LIFETIME ((u_int32_t)~0)
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
#ifdef _KERNEL
/* node constants */
#define MAX_REACHABLE_TIME 3600000 /* msec */
#define REACHABLE_TIME 30000 /* msec */
#define RETRANS_TIMER 1000 /* msec */
#define MIN_RANDOM_FACTOR 512 /* 1024 * 0.5 */
#define MAX_RANDOM_FACTOR 1536 /* 1024 * 1.5 */
#define ND_COMPUTE_RTIME(x) \
First step of random number subsystem rework described in <20111022023242.BA26F14A158@mail.netbsd.org>. This change includes the following: An initial cleanup and minor reorganization of the entropy pool code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are fixed. Some effort is made to accumulate entropy more quickly at boot time. A generic interface, "rndsink", is added, for stream generators to request that they be re-keyed with good quality entropy from the pool as soon as it is available. The arc4random()/arc4randbytes() implementation in libkern is adjusted to use the rndsink interface for rekeying, which helps address the problem of low-quality keys at boot time. An implementation of the FIPS 140-2 statistical tests for random number generator quality is provided (libkern/rngtest.c). This is based on Greg Rose's implementation from Qualcomm. A new random stream generator, nist_ctr_drbg, is provided. It is based on an implementation of the NIST SP800-90 CTR_DRBG by Henric Jungheim. This generator users AES in a modified counter mode to generate a backtracking-resistant random stream. An abstraction layer, "cprng", is provided for in-kernel consumers of randomness. The arc4random/arc4randbytes API is deprecated for in-kernel use. It is replaced by "cprng_strong". The current cprng_fast implementation wraps the existing arc4random implementation. The current cprng_strong implementation wraps the new CTR_DRBG implementation. Both interfaces are rekeyed from the entropy pool automatically at intervals justifiable from best current cryptographic practice. In some quick tests, cprng_fast() is about the same speed as the old arc4randbytes(), and cprng_strong() is about 20% faster than rnd_extract_data(). Performance is expected to improve. The AES code in src/crypto/rijndael is no longer an optional kernel component, as it is required by cprng_strong, which is not an optional kernel component. The entropy pool output is subjected to the rngtest tests at startup time; if it fails, the system will reboot. There is approximately a 3/10000 chance of a false positive from these tests. Entropy pool _input_ from hardware random numbers is subjected to the rngtest tests at attach time, as well as the FIPS continuous-output test, to detect bad or stuck hardware RNGs; if any are detected, they are detached, but the system continues to run. A problem with rndctl(8) is fixed -- datastructures with pointers in arrays are no longer passed to userspace (this was not a security problem, but rather a major issue for compat32). A new kernel will require a new rndctl. The sysctl kern.arandom() and kern.urandom() nodes are hooked up to the new generators, but the /dev/*random pseudodevices are not, yet. Manual pages for the new kernel interfaces are forthcoming.
2011-11-20 02:51:18 +04:00
(((MIN_RANDOM_FACTOR * (x >> 10)) + (cprng_fast32() & \
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
((MAX_RANDOM_FACTOR - MIN_RANDOM_FACTOR) * (x >> 10)))) /1000)
Add extensible malloc types, adapted from FreeBSD. This turns malloc types into a structure, a pointer to which is passed around, instead of an int constant. Allow the limit to be adjusted when the malloc type is defined, or with a function call, as suggested by Jonathan Stone.
2003-02-01 09:23:35 +03:00
#include <sys/mallocvar.h>
MALLOC_DECLARE(M_IP6NDP);
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
/* nd6.c */
extern int nd6_prune;
extern int nd6_delay;
extern int nd6_umaxtries;
extern int nd6_mmaxtries;
extern int nd6_useloopback;
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
2000-07-06 16:36:18 +04:00
extern int nd6_maxnudhint;
garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
2001-02-23 11:02:41 +03:00
extern int nd6_gctimer;
during ip6/icmp6 inbound packet processing, do not call log() nor printf() in normal operation (/var can get filled up by flodding bogus packets). sysctl net.inet6.icmp6.nd6_debug will turn on diagnostic messages. (#define ND6_DEBUG will turn it on by default) improve stats in ND6 code. lots of synchronziation with kame (including comments and cometic ones).
2001-02-07 11:59:47 +03:00
extern int nd6_debug;
Refine nd6log Add __func__ to nd6log itself instead of adding it to callers.
2016-04-01 11:12:00 +03:00
#define nd6log(level, fmt, args...) \
do { if (nd6_debug) log(level, "%s: " fmt, __func__, ##args);} while (0)
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
Protect IPv6 default router and prefix lists with coarse-grained rwlock in6_purgeaddr (in6_unlink_ifa) itself unrefernces a prefix entry and calls nd6_prelist_remove if the counter becomes 0, so callers doesn't need to handle the reference counting. Performance-sensitive paths (sending/forwarding packets) call just one reader lock. This is a trade-off between performance impact vs. the amount of efforts; if we want to remove the reader lock, we need huge amount of works including destroying objects with psz/psref in softint, for example.
2016-12-19 10:51:34 +03:00
extern krwlock_t nd6_lock;
#define ND6_RLOCK() rw_enter(&nd6_lock, RW_READER)
#define ND6_WLOCK() rw_enter(&nd6_lock, RW_WRITER)
#define ND6_UNLOCK() rw_exit(&nd6_lock)
#define ND6_ASSERT_WLOCK() KASSERT(rw_write_held(&nd6_lock))
#define ND6_ASSERT_LOCK() KASSERT(rw_lock_held(&nd6_lock))
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
union nd_opts {
nd6: add a nonce to DaD probes in-case they are looped back to us This implements RFC 7527, based a similar change in FreeBSD.
2018-03-06 13:57:00 +03:00
struct nd_opt_hdr *nd_opt_array[16]; /* max = ND_OPT_NONCE */
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
struct {
struct nd_opt_hdr *zero;
struct nd_opt_hdr *src_lladdr;
struct nd_opt_hdr *tgt_lladdr;
attach nd_ifinfo structure into if_afdata. split IPv6 link MTU (advertised by RA) from real link MTU. sync with kame
2002-05-29 11:53:39 +04:00
struct nd_opt_prefix_info *pi_beg; /* multiple opts, start */
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
struct nd_opt_rd_hdr *rh;
struct nd_opt_mtu *mtu;
nd6: add a nonce to DaD probes in-case they are looped back to us This implements RFC 7527, based a similar change in FreeBSD.
2018-03-06 13:57:00 +03:00
struct nd_opt_hdr *__res6;
struct nd_opt_hdr *__res7;
struct nd_opt_hdr *__res8;
struct nd_opt_hdr *__res9;
struct nd_opt_hdr *__res10;
struct nd_opt_hdr *__res11;
struct nd_opt_hdr *__res12;
struct nd_opt_hdr *__res13;
struct nd_opt_nonce *nonce;
struct nd_opt_hdr *__res15;
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
struct nd_opt_hdr *search; /* multiple opts */
struct nd_opt_hdr *last; /* multiple opts */
int done;
struct nd_opt_prefix_info *pi_end;/* multiple opts, end */
} nd_opt_each;
};
#define nd_opts_src_lladdr nd_opt_each.src_lladdr
#define nd_opts_tgt_lladdr nd_opt_each.tgt_lladdr
#define nd_opts_pi nd_opt_each.pi_beg
#define nd_opts_pi_end nd_opt_each.pi_end
#define nd_opts_rh nd_opt_each.rh
#define nd_opts_mtu nd_opt_each.mtu
nd6: add a nonce to DaD probes in-case they are looped back to us This implements RFC 7527, based a similar change in FreeBSD.
2018-03-06 13:57:00 +03:00
#define nd_opts_nonce nd_opt_each.nonce
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
#define nd_opts_search nd_opt_each.search
#define nd_opts_last nd_opt_each.last
#define nd_opts_done nd_opt_each.done
Use lltable/llentry for NDP lltable and llentry were introduced to replace ARP cache data structure for further restructuring of the routing table: L2 nexthop cache separation. This change replaces the NDP cache data structure (llinfo_nd6) with them as well as ARP. One noticeable change is for neighbor cache GC mechanism that was introduced to prevent IPv6 DoS attacks. net.inet6.ip6.neighborgcthresh was the max number of caches that we store in the system. After introducing lltable/llentry, the value is changed to be per-interface basis because lltable/llentry stores neighbor caches in each interface separately. And the change brings one degradation; the old GC mechanism dropped exceeded packets based on LRU while the new implementation drops packets in order from the beginning of lltable (a hash table + linked lists). It would be improved in the future. Added functions in in6.c come from FreeBSD (as of r286629) and are tweaked for NetBSD. Proposed on tech-kern and tech-net.
2015-11-25 09:21:26 +03:00
#include <net/if_llatbl.h>
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
/* XXX: need nd6_var.h?? */
/* nd6.c */
In nd6_lookup, shorten a staircase. KNF: change return (expr); to return expr; throughout. Fix K&R prototypes and parameter type declarations.
2007-03-16 02:35:25 +03:00
void nd6_init(void);
Initialize DAD components properly The original code initialized each component in non-init functions such as arp_dad_start and nd6_dad_find, conditionally based on a global flag for each. However, it was racy because the flag and the code around it were not protected by a lock and could cause a kernel panic at worst. Fix the issue by initializing the components in bootup as usual.
2019-09-25 12:52:32 +03:00
void nd6_nbr_init(void);
Remove in-kernel handling of Router Advertisements This is much better handled by a user-land tool. Proposed on tech-net here: https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl. Compat is fully provided where it makes sense, but trying to turn on RA handling will obviously throw an error as it no longer exists. Note that if you use IPv6 temporary addresses, this now needs to be turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
2020-06-12 14:04:44 +03:00
struct nd_kifinfo *nd6_ifattach(struct ifnet *);
Rearange interface detachement slightly: before we free the INET6 specific per-interface data, make sure to call nd6_purge() with it to remove routing entries pointing to the going interface. When we should happen to call this function again later, with the data already gone, just return. Fixes PR kern/49682, ok: christos.
2015-02-23 22:15:59 +03:00
void nd6_ifdetach(struct ifnet *, struct in6_ifextra *);
KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous parentheses in return statements. Cosmetic: don't open-code TAILQ_FOREACH(). Cosmetic: change types of variables to avoid oodles of casts: in in6_src.c, avoid casts by changing several route_in6 pointers to struct route pointers. Remove unnecessary casts to caddr_t elsewhere. Pave the way for eliminating address family-specific route caches: soon, struct route will not embed a sockaddr, but it will hold a reference to an external sockaddr, instead. We will set the destination sockaddr using rtcache_setdst(). (I created a stub for it, but it isn't used anywhere, yet.) rtcache_free() will free the sockaddr. I have extracted from rtcache_free() a helper subroutine, rtcache_clear(). rtcache_clear() will "forget" a cached route, but it will not forget the destination by releasing the sockaddr. I use rtcache_clear() instead of rtcache_free() in rtcache_update(), because rtcache_update() is not supposed to forget the destination. Constify: 1 Introduce const accessor for route->ro_dst, rtcache_getdst(). 2 Constify the 'dst' argument to ifnet->if_output(). This led me to constify a lot of code called by output routines. 3 Constify the sockaddr argument to protosw->pr_ctlinput. This led me to constify a lot of code called by ctlinput routines. 4 Introduce const macros for converting from a generic sockaddr to family-specific sockaddrs, e.g., sockaddr_in: satocsin6, satocsin, et cetera.
2007-02-18 01:34:07 +03:00
int nd6_is_addr_neighbor(const struct sockaddr_in6 *, struct ifnet *);
In nd6_lookup, shorten a staircase. KNF: change return (expr); to return expr; throughout. Fix K&R prototypes and parameter type declarations.
2007-03-16 02:35:25 +03:00
void nd6_option_init(void *, int, union nd_opts *);
int nd6_options(union nd_opts *);
Separate nexthop caches from the routing table By this change, nexthop caches (IP-MAC address pair) are not stored in the routing table anymore. Instead nexthop caches are stored in each network interface; we already have lltable/llentry data structure for this purpose. This change also obsoletes the concept of cloning/cloned routes. Cloned routes no longer exist while cloning routes still exist with renamed to connected routes. Noticeable changes are: - Nexthop caches aren't listed in route show/netstat -r - sysctl(NET_RT_DUMP) doesn't return them - If RTF_LLDATA is specified, it returns nexthop caches - Several definitions of routing flags and messages are removed - RTF_CLONING, RTF_XRESOLVE, RTF_LLINFO, RTF_CLONED and RTM_RESOLVE - RTF_CONNECTED is added - It has the same value of RTF_CLONING for backward compatibility - route's -xresolve, -[no]cloned and -llinfo options are removed - -[no]cloning remains because it seems there are users - -[no]connected is introduced and recommended to be used instead of -[no]cloning - route show/netstat -r drops some flags - 'L' and 'c' are not seen anymore - 'C' now indicates a connected route - Gateway value of a route of an interface address is now not a L2 address but "link#N" like a connected (cloning) route - Proxy ARP: "arp -s ... pub" doesn't create a route You can know details of behavior changes by seeing diffs under tests/. Proposed on tech-net and tech-kern: http://mail-index.netbsd.org/tech-net/2016/03/11/msg005701.html
2016-04-04 10:37:07 +03:00
struct llentry *nd6_lookup(const struct in6_addr *, const struct ifnet *, bool);
struct llentry *nd6_create(const struct in6_addr *, const struct ifnet *);
CID 1341546: Fix integer handling issue (CONSTANT_EXPRESSION_RESULT) n > INT_MAX where n is a long integer variable never be true on 32bit architectures. Use time_t(int64_t) instead of long for the variable.
2015-12-07 09:19:13 +03:00
void nd6_llinfo_settimer(struct llentry *, time_t);
Rearange interface detachement slightly: before we free the INET6 specific per-interface data, make sure to call nd6_purge() with it to remove routing entries pointing to the going interface. When we should happen to call this function again later, with the data already gone, just return. Fixes PR kern/49682, ok: christos.
2015-02-23 22:15:59 +03:00
void nd6_purge(struct ifnet *, struct in6_ifextra *);
Remove unused arguments and the associated code from nd6_nud_hint() from OpenBSD
2015-07-15 12:20:18 +03:00
void nd6_nud_hint(struct rtentry *);
Do ND in L2_output in the same manner as arpresolve The benefits of this change are: - The flow is consistent with IPv4 (and FreeBSD and OpenBSD) - old: ip6_output => nd6_output (do ND if needed) => L2_output (lookup a stored cache) - new: ip6_output => L2_output (lookup a cache. Do ND if cache not found) - We can remove some workarounds in nd6_output - We can move L2 specific operations to their own place - The performance slightly improves because one cache lookup is reduced
2017-02-14 06:05:06 +03:00
int nd6_resolve(struct ifnet *, const struct rtentry *, struct mbuf *,
const struct sockaddr *, uint8_t *, size_t);
Constify the rt_addrinfo argument to the ifa_rtrequest member function of struct ifaddr.
2008-10-24 21:07:33 +04:00
void nd6_rtrequest(int, struct rtentry *, const struct rt_addrinfo *);
In nd6_lookup, shorten a staircase. KNF: change return (expr); to return expr; throughout. Fix K&R prototypes and parameter type declarations.
2007-03-16 02:35:25 +03:00
int nd6_ioctl(u_long, void *, struct ifnet *);
Reform use of rt_refcnt rt_refcnt of rtentry was used in bad manners, for example, direct rt_refcnt++ and rt_refcnt-- outside route.c, "rt->rt_refcnt++; rtfree(rt);" idiom, and touching rt after rt->rt_refcnt--. These abuses seem to be needed because rt_refcnt manages only references between rtentry and doesn't take care of references during packet processing (IOW references from local variables). In order to reduce the above abuses, the latter cases should be counted by rt_refcnt as well as the former cases. This change improves consistency of use of rt_refcnt: - rtentry is always accessed with rt_refcnt incremented - rtentry's rt_refcnt is decremented after use (rtfree is always used instead of rt_refcnt--) - functions returning rtentry increment its rt_refcnt (and caller rtfree it) Note that rt_refcnt prevents rtentry from being freed but doesn't prevent rtentry from being updated. Toward MP-safe, we need to provide another protection for rtentry, e.g., locks. (Or introduce a better data structure allowing concurrent readers during updates.)
2015-07-17 05:21:08 +03:00
void nd6_cache_lladdr(struct ifnet *, struct in6_addr *,
In nd6_lookup, shorten a staircase. KNF: change return (expr); to return expr; throughout. Fix K&R prototypes and parameter type declarations.
2007-03-16 02:35:25 +03:00
char *, int, int, int);
int nd6_sysctl(int, void *, size_t *, void *, size_t);
int nd6_need_cache(struct ifnet *);
Separate nexthop caches from the routing table By this change, nexthop caches (IP-MAC address pair) are not stored in the routing table anymore. Instead nexthop caches are stored in each network interface; we already have lltable/llentry data structure for this purpose. This change also obsoletes the concept of cloning/cloned routes. Cloned routes no longer exist while cloning routes still exist with renamed to connected routes. Noticeable changes are: - Nexthop caches aren't listed in route show/netstat -r - sysctl(NET_RT_DUMP) doesn't return them - If RTF_LLDATA is specified, it returns nexthop caches - Several definitions of routing flags and messages are removed - RTF_CLONING, RTF_XRESOLVE, RTF_LLINFO, RTF_CLONED and RTM_RESOLVE - RTF_CONNECTED is added - It has the same value of RTF_CLONING for backward compatibility - route's -xresolve, -[no]cloned and -llinfo options are removed - -[no]cloning remains because it seems there are users - -[no]connected is introduced and recommended to be used instead of -[no]cloning - route show/netstat -r drops some flags - 'L' and 'c' are not seen anymore - 'C' now indicates a connected route - Gateway value of a route of an interface address is now not a L2 address but "link#N" like a connected (cloning) route - Proxy ARP: "arp -s ... pub" doesn't create a route You can know details of behavior changes by seeing diffs under tests/. Proposed on tech-net and tech-kern: http://mail-index.netbsd.org/tech-net/2016/03/11/msg005701.html
2016-04-04 10:37:07 +03:00
void nd6_llinfo_release_pkts(struct llentry *, struct ifnet *);
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
/* nd6_nbr.c */
In nd6_lookup, shorten a staircase. KNF: change return (expr); to return expr; throughout. Fix K&R prototypes and parameter type declarations.
2007-03-16 02:35:25 +03:00
void nd6_na_input(struct mbuf *, int, int);
void nd6_na_output(struct ifnet *, const struct in6_addr *,
Avoid writing past the end of the buffer [lldst, lldst + dstsize) in nd6_storelladdr(). Use sockaddr_dl_setaddr(). Constify some sockaddr_dl's. Constify a sockaddr argument to nd6_na_output(). Change SDL() to "standard" satocsdl() or satosdl(). Change SIN6() to satocsin6() or satosin6(). bcmp -> memcmp, bcopy -> memcpy.
2007-08-07 08:35:42 +04:00
const struct in6_addr *, u_long, int, const struct sockaddr *);
In nd6_lookup, shorten a staircase. KNF: change return (expr); to return expr; throughout. Fix K&R prototypes and parameter type declarations.
2007-03-16 02:35:25 +03:00
void nd6_ns_input(struct mbuf *, int, int);
void nd6_ns_output(struct ifnet *, const struct in6_addr *,
Sprinkle some const
2020-08-20 14:01:02 +03:00
const struct in6_addr *, const struct in6_addr *, const uint8_t *);
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range. Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless. Avoid using sizeof(struct sockaddr_dl) in the kernel. Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap. Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr(). Constify: LLADDR() -> CLLADDR(). Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
2007-08-30 06:17:34 +04:00
const void *nd6_ifptomac(const struct ifnet *);
In nd6_lookup, shorten a staircase. KNF: change return (expr); to return expr; throughout. Fix K&R prototypes and parameter type declarations.
2007-03-16 02:35:25 +03:00
void nd6_dad_start(struct ifaddr *, int);
void nd6_dad_stop(struct ifaddr *);
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
/* nd6_rtr.c */
Remove in-kernel handling of Router Advertisements This is much better handled by a user-land tool. Proposed on tech-net here: https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl. Compat is fully provided where it makes sense, but trying to turn on RA handling will obviously throw an error as it no longer exists. Note that if you use IPv6 temporary addresses, this now needs to be turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
2020-06-12 14:04:44 +03:00
void nd6_rtr_cache(struct mbuf *, int, int, int);
KAME/NetBSD 1.4 SNAP kit, dated 19990628. NOTE: this branch (kame) is used just for refernce. this may not compile due to multiple reasons.
1999-06-28 10:36:47 +04:00
#endif /* _KERNEL */
Multiple inclusion protection, as suggested by christos@ on tech-kern@ few days ago.
2005-12-11 02:31:41 +03:00
#endif /* !_NETINET6_ND6_H_ */