2019-08-30 11:40:25 +03:00
|
|
|
/* $NetBSD: nd6_nbr.c,v 1.171 2019/08/30 08:40:25 roy Exp $ */
|
2001-02-23 11:02:41 +03:00
|
|
|
/* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */
|
1999-07-04 01:24:45 +04:00
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
|
|
|
|
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
|
|
|
|
* All rights reserved.
|
2000-05-19 05:40:18 +04:00
|
|
|
*
|
1999-06-28 10:36:47 +04:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
|
* without specific prior written permission.
|
2000-05-19 05:40:18 +04:00
|
|
|
*
|
1999-06-28 10:36:47 +04:00
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*/
|
|
|
|
|
|
2001-11-13 03:56:55 +03:00
|
|
|
#include <sys/cdefs.h>
|
2019-08-30 11:40:25 +03:00
|
|
|
__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.171 2019/08/30 08:40:25 roy Exp $");
|
2001-11-13 03:56:55 +03:00
|
|
|
|
2015-08-25 01:21:26 +03:00
|
|
|
#ifdef _KERNEL_OPT
|
1999-06-28 10:36:47 +04:00
|
|
|
#include "opt_inet.h"
|
2016-10-18 10:30:30 +03:00
|
|
|
#include "opt_net_mpsafe.h"
|
2015-08-25 01:21:26 +03:00
|
|
|
#endif
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
|
#include <sys/systm.h>
|
2017-02-21 06:58:23 +03:00
|
|
|
#include <sys/kmem.h>
|
1999-06-28 10:36:47 +04:00
|
|
|
#include <sys/mbuf.h>
|
|
|
|
|
#include <sys/socket.h>
|
2008-04-24 15:38:36 +04:00
|
|
|
#include <sys/socketvar.h>
|
1999-06-28 10:36:47 +04:00
|
|
|
#include <sys/sockio.h>
|
|
|
|
|
#include <sys/time.h>
|
|
|
|
|
#include <sys/kernel.h>
|
|
|
|
|
#include <sys/errno.h>
|
|
|
|
|
#include <sys/ioctl.h>
|
|
|
|
|
#include <sys/syslog.h>
|
|
|
|
|
#include <sys/queue.h>
|
2000-03-24 07:09:04 +03:00
|
|
|
#include <sys/callout.h>
|
2018-03-06 13:57:00 +03:00
|
|
|
#include <sys/cprng.h>
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
#include <net/if.h>
|
|
|
|
|
#include <net/if_types.h>
|
|
|
|
|
#include <net/if_dl.h>
|
|
|
|
|
#include <net/route.h>
|
|
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
|
#include <netinet/in_var.h>
|
|
|
|
|
#include <netinet6/in6_var.h>
|
2006-03-06 02:47:08 +03:00
|
|
|
#include <netinet6/in6_ifattach.h>
|
2000-02-06 15:49:37 +03:00
|
|
|
#include <netinet/ip6.h>
|
1999-06-28 10:36:47 +04:00
|
|
|
#include <netinet6/ip6_var.h>
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
#include <netinet6/scope6_var.h>
|
1999-06-28 10:36:47 +04:00
|
|
|
#include <netinet6/nd6.h>
|
2000-02-06 15:49:37 +03:00
|
|
|
#include <netinet/icmp6.h>
|
2008-04-15 07:57:04 +04:00
|
|
|
#include <netinet6/icmp6_private.h>
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2006-05-18 13:05:49 +04:00
|
|
|
#include "carp.h"
|
|
|
|
|
#if NCARP > 0
|
|
|
|
|
#include <netinet/ip_carp.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
struct dadq;
|
2018-12-04 15:23:43 +03:00
|
|
|
static struct dadq *nd6_dad_find(struct ifaddr *, struct nd_opt_nonce *, bool *);
|
2018-12-07 17:47:24 +03:00
|
|
|
static bool nd6_dad_ownnonce(struct ifaddr *, struct nd_opt_nonce *nonce);
|
2007-03-16 02:39:51 +03:00
|
|
|
static void nd6_dad_starttimer(struct dadq *, int);
|
2018-01-16 11:13:47 +03:00
|
|
|
static void nd6_dad_destroytimer(struct dadq *);
|
|
|
|
|
static void nd6_dad_timer(struct dadq *);
|
2007-03-16 02:39:51 +03:00
|
|
|
static void nd6_dad_ns_output(struct dadq *, struct ifaddr *);
|
2019-04-29 19:12:30 +03:00
|
|
|
static void nd6_dad_input(struct ifaddr *, struct nd_opt_nonce *,
|
|
|
|
|
const struct sockaddr_dl *);
|
|
|
|
|
static void nd6_dad_duplicated(struct ifaddr *, struct dadq *,
|
|
|
|
|
const struct sockaddr_dl *);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
static int dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
/*
|
2006-03-03 17:07:06 +03:00
|
|
|
* Input a Neighbor Solicitation Message.
|
1999-06-28 10:36:47 +04:00
|
|
|
*
|
|
|
|
|
* Based on RFC 2461
|
2006-03-03 17:07:06 +03:00
|
|
|
* Based on RFC 2462 (duplicate address detection)
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
|
|
|
|
void
|
2007-03-16 02:39:51 +03:00
|
|
|
nd6_ns_input(struct mbuf *m, int off, int icmp6len)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
2016-06-10 16:31:43 +03:00
|
|
|
struct ifnet *ifp;
|
1999-06-28 10:36:47 +04:00
|
|
|
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
|
2000-02-26 11:39:18 +03:00
|
|
|
struct nd_neighbor_solicit *nd_ns;
|
1999-06-28 10:36:47 +04:00
|
|
|
struct in6_addr saddr6 = ip6->ip6_src;
|
|
|
|
|
struct in6_addr daddr6 = ip6->ip6_dst;
|
2000-02-26 11:39:18 +03:00
|
|
|
struct in6_addr taddr6;
|
1999-06-28 10:36:47 +04:00
|
|
|
struct in6_addr myaddr6;
|
|
|
|
|
char *lladdr = NULL;
|
2016-08-01 06:15:30 +03:00
|
|
|
struct ifaddr *ifa = NULL;
|
1999-06-28 10:36:47 +04:00
|
|
|
int lladdrlen = 0;
|
|
|
|
|
int anycast = 0, proxy = 0, tentative = 0;
|
2002-06-09 01:22:29 +04:00
|
|
|
int router = ip6_forwarding;
|
1999-06-28 10:36:47 +04:00
|
|
|
int tlladdr;
|
|
|
|
|
union nd_opts ndopts;
|
2007-08-07 08:35:42 +04:00
|
|
|
const struct sockaddr_dl *proxydl = NULL;
|
2016-06-10 16:31:43 +03:00
|
|
|
struct psref psref;
|
2016-08-01 06:15:30 +03:00
|
|
|
struct psref psref_ia;
|
2017-01-16 10:33:36 +03:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN], ip6buf2[INET6_ADDRSTRLEN];
|
2016-06-10 16:31:43 +03:00
|
|
|
|
|
|
|
|
ifp = m_get_rcvif_psref(m, &psref);
|
|
|
|
|
if (ifp == NULL)
|
|
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2001-02-07 11:59:47 +03:00
|
|
|
IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len);
|
|
|
|
|
if (nd_ns == NULL) {
|
2008-04-15 07:57:04 +04:00
|
|
|
ICMP6_STATINC(ICMP6_STAT_TOOSHORT);
|
2016-06-10 16:31:43 +03:00
|
|
|
m_put_rcvif_psref(ifp, &psref);
|
2001-02-07 11:59:47 +03:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *); /* adjust pointer for safety */
|
|
|
|
|
taddr6 = nd_ns->nd_ns_target;
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
if (in6_setscope(&taddr6, ifp, NULL) != 0)
|
|
|
|
|
goto bad;
|
2001-02-07 11:59:47 +03:00
|
|
|
|
|
|
|
|
if (ip6->ip6_hlim != 255) {
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_ERR, "invalid hlim (%d) from %s to %s on %s\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
ip6->ip6_hlim, IN6_PRINT(ip6buf, &ip6->ip6_src),
|
|
|
|
|
IN6_PRINT(ip6buf2, &ip6->ip6_dst), if_name(ifp));
|
2001-02-07 11:59:47 +03:00
|
|
|
goto bad;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
|
2006-03-03 17:07:06 +03:00
|
|
|
/* dst has to be a solicited node multicast address. */
|
2002-06-09 01:22:29 +04:00
|
|
|
/* don't check ifindex portion */
|
|
|
|
|
if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL &&
|
|
|
|
|
daddr6.s6_addr32[1] == 0 &&
|
|
|
|
|
daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE &&
|
|
|
|
|
daddr6.s6_addr8[12] == 0xff) {
|
2001-10-17 14:55:09 +04:00
|
|
|
; /* good */
|
1999-06-28 10:36:47 +04:00
|
|
|
} else {
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_INFO, "bad DAD packet (wrong ip6 dst)\n");
|
1999-06-28 10:36:47 +04:00
|
|
|
goto bad;
|
|
|
|
|
}
|
2008-07-31 22:01:36 +04:00
|
|
|
} else {
|
2014-01-13 22:23:36 +04:00
|
|
|
struct sockaddr_in6 ssin6;
|
|
|
|
|
|
2008-07-31 22:01:36 +04:00
|
|
|
/*
|
|
|
|
|
* Make sure the source address is from a neighbor's address.
|
|
|
|
|
*/
|
2014-01-13 22:23:36 +04:00
|
|
|
sockaddr_in6_init(&ssin6, &saddr6, 0, 0, 0);
|
|
|
|
|
if (nd6_is_addr_neighbor(&ssin6, ifp) == 0) {
|
2016-04-29 14:46:17 +03:00
|
|
|
nd6log(LOG_INFO,
|
|
|
|
|
"NS packet from non-neighbor %s on %s\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
IN6_PRINT(ip6buf, &saddr6), if_name(ifp));
|
2008-07-31 22:01:36 +04:00
|
|
|
goto bad;
|
|
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_INFO, "bad NS target (multicast)\n");
|
1999-06-28 10:36:47 +04:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
icmp6len -= sizeof(*nd_ns);
|
|
|
|
|
nd6_option_init(nd_ns + 1, icmp6len, &ndopts);
|
|
|
|
|
if (nd6_options(&ndopts) < 0) {
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_INFO, "invalid ND option, ignored\n");
|
2001-02-07 11:59:47 +03:00
|
|
|
/* nd6_options have incremented stats */
|
|
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ndopts.nd_opts_src_lladdr) {
|
2001-10-17 14:55:09 +04:00
|
|
|
lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
|
1999-06-28 10:36:47 +04:00
|
|
|
lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
|
|
|
|
|
}
|
2002-06-09 18:43:10 +04:00
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) {
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_INFO,
|
|
|
|
|
"bad DAD packet (link-layer address option)\n");
|
1999-06-28 10:36:47 +04:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Attaching target link-layer address to the NA?
|
|
|
|
|
* (RFC 2461 7.2.4)
|
|
|
|
|
*
|
2006-03-06 02:47:08 +03:00
|
|
|
* NS IP dst is multicast MUST add
|
|
|
|
|
* Otherwise MAY be omitted
|
1999-06-28 10:36:47 +04:00
|
|
|
*
|
2006-03-06 02:47:08 +03:00
|
|
|
* In this implementation, we omit the target link-layer address
|
2018-05-19 11:22:58 +03:00
|
|
|
* in the "MAY" case.
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
|
|
|
|
#if 0 /* too much! */
|
|
|
|
|
ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &daddr6);
|
|
|
|
|
if (ifa && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST))
|
|
|
|
|
tlladdr = 0;
|
|
|
|
|
else
|
|
|
|
|
#endif
|
|
|
|
|
if (!IN6_IS_ADDR_MULTICAST(&daddr6))
|
|
|
|
|
tlladdr = 0;
|
|
|
|
|
else
|
|
|
|
|
tlladdr = 1;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Target address (taddr6) must be either:
|
|
|
|
|
* (1) Valid unicast/anycast address for my receiving interface,
|
|
|
|
|
* (2) Unicast address for which I'm offering proxy service, or
|
|
|
|
|
* (3) "tentative" address on which DAD is being performed.
|
|
|
|
|
*/
|
|
|
|
|
/* (1) and (3) check. */
|
2006-05-18 13:05:49 +04:00
|
|
|
#if NCARP > 0
|
2016-08-01 06:15:30 +03:00
|
|
|
if (ifp->if_carp && ifp->if_type != IFT_CARP) {
|
|
|
|
|
int s = pserialize_read_enter();
|
2006-05-18 13:05:49 +04:00
|
|
|
ifa = carp_iamatch6(ifp->if_carp, &taddr6);
|
2016-08-01 06:15:30 +03:00
|
|
|
if (ifa != NULL)
|
|
|
|
|
ifa_acquire(ifa, &psref_ia);
|
|
|
|
|
pserialize_read_exit(s);
|
|
|
|
|
} else
|
2006-05-18 13:05:49 +04:00
|
|
|
ifa = NULL;
|
|
|
|
|
if (!ifa)
|
2016-08-01 06:15:30 +03:00
|
|
|
ifa = (struct ifaddr *)in6ifa_ifpwithaddr_psref(ifp, &taddr6,
|
|
|
|
|
&psref_ia);
|
2006-05-18 13:05:49 +04:00
|
|
|
#else
|
2016-08-01 06:15:30 +03:00
|
|
|
ifa = (struct ifaddr *)in6ifa_ifpwithaddr_psref(ifp, &taddr6,
|
|
|
|
|
&psref_ia);
|
2006-05-18 13:05:49 +04:00
|
|
|
#endif
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
/* (2) check. */
|
2006-03-06 02:47:08 +03:00
|
|
|
if (ifa == NULL) {
|
1999-06-28 10:36:47 +04:00
|
|
|
struct rtentry *rt;
|
|
|
|
|
struct sockaddr_in6 tsin6;
|
|
|
|
|
|
2007-11-10 03:14:31 +03:00
|
|
|
sockaddr_in6_init(&tsin6, &taddr6, 0, 0, 0);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2016-07-15 10:40:09 +03:00
|
|
|
rt = rtalloc1(sin6tosa(&tsin6), 0);
|
2000-02-26 11:39:18 +03:00
|
|
|
if (rt && (rt->rt_flags & RTF_ANNOUNCE) != 0 &&
|
|
|
|
|
rt->rt_gateway->sa_family == AF_LINK) {
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
2000-02-26 11:39:18 +03:00
|
|
|
* proxy NDP for single entry
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
2016-08-01 06:15:30 +03:00
|
|
|
ifa = (struct ifaddr *)in6ifa_ifpforlinklocal_psref(ifp,
|
|
|
|
|
IN6_IFF_NOTREADY|IN6_IFF_ANYCAST, &psref_ia);
|
2000-02-26 11:39:18 +03:00
|
|
|
if (ifa) {
|
1999-06-28 10:36:47 +04:00
|
|
|
proxy = 1;
|
2007-08-07 08:35:42 +04:00
|
|
|
proxydl = satocsdl(rt->rt_gateway);
|
2002-06-09 01:22:29 +04:00
|
|
|
router = 0; /* XXX */
|
2000-02-26 11:39:18 +03:00
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
2000-02-26 11:39:18 +03:00
|
|
|
if (rt)
|
Make the routing table and rtcaches MP-safe
See the following descriptions for details.
Proposed on tech-kern and tech-net
Overview
--------
We protect the routing table with a rwock and protect
rtcaches with another rwlock. Each rtentry is protected
from being freed or updated via reference counting and psref.
Global rwlocks
--------------
There are two rwlocks; one for the routing table (rt_lock) and
the other for rtcaches (rtcache_lock). rtcache_lock covers
all existing rtcaches; there may have room for optimizations
(future work).
The locking order is rtcache_lock first and rt_lock is next.
rtentry references
------------------
References to an rtentry is managed with reference counting
and psref. Either of the two mechanisms is used depending on
where a rtentry is obtained. Reference counting is used when
we obtain a rtentry from the routing table directly via
rtalloc1 and rtrequest{,1} while psref is used when we obtain
a rtentry from a rtcache via rtcache_* APIs. In both cases,
a caller can sleep/block with holding an obtained rtentry.
The reasons why we use two different mechanisms are (i) only
using reference counting hurts the performance due to atomic
instructions (rtcache case) (ii) ease of implementation;
applying psref to APIs such rtaloc1 and rtrequest{,1} requires
additional works (adding a local variable and an argument).
We will finally migrate to use only psref but we can do it
when we have a lockless routing table alternative.
Reference counting for rtentry
------------------------------
rt_refcnt now doesn't count permanent references such as for
rt_timers and rtcaches, instead it is used only for temporal
references when obtaining a rtentry via rtalloc1 and rtrequest{,1}.
We can do so because destroying a rtentry always involves
removing references of rt_timers and rtcaches to the rtentry
and we don't need to track such references. This also makes
it easy to wait for readers to release references on deleting
or updating a rtentry, i.e., we can simply wait until the
reference counter is 0 or 1. (If there are permanent references
the counter can be arbitrary.)
rt_ref increments a reference counter of a rtentry and rt_unref
decrements it. rt_ref is called inside APIs (rtalloc1 and
rtrequest{,1} so users don't need to care about it while
users must call rt_unref to an obtained rtentry after using it.
rtfree is removed and we use rt_unref and rt_free instead.
rt_unref now just decrements the counter of a given rtentry
and rt_free just tries to destroy a given rtentry.
See the next section for destructions of rtentries by rt_free.
Destructions of rtentries
-------------------------
We destroy a rtentry only when we call rtrequst{,1}(RTM_DELETE);
the original implementation can destroy in any rtfree where it's
the last reference. If we use reference counting or psref, it's
easy to understand if the place that a rtentry is destroyed is
fixed.
rt_free waits for references to a given rtentry to be released
before actually destroying the rtentry. rt_free uses a condition
variable (cv_wait) (and psref_target_destroy for psref) to wait.
Unfortunately rtrequst{,1}(RTM_DELETE) can be called in softint
that we cannot use cv_wait. In that case, we have to defer the
destruction to a workqueue.
rtentry#rt_cv, rtentry#rt_psref and global variables
(see rt_free_global) are added to conduct the procedure.
Updates of rtentries
--------------------
One difficulty to use refcnt/psref instead of rwlock for rtentry
is updates of rtentries. We need an additional mechanism to
prevent readers from seeing inconsistency of a rtentry being
updated.
We introduce RTF_UPDATING flag to rtentries that are updating.
While the flag is set to a rtentry, users cannot acquire the
rtentry. By doing so, we avoid users to see inconsistent
rtentries.
There are two options when a user tries to acquire a rtentry
with the RTF_UPDATING flag; if a user runs in softint context
the user fails to acquire a rtentry (NULL is returned).
Otherwise a user waits until the update completes by waiting
on cv.
The procedure of a updater is simpler to destruction of
a rtentry. Wait on cv (and psref) and after all readers left,
proceed with the update.
Global variables (see rt_update_global) are added to conduct
the procedure.
Currently we apply the mechanism to only RTM_CHANGE in
rtsock.c. We would have to apply other codes. See
"Known issues" section.
psref for rtentry
-----------------
When we obtain a rtentry from a rtcache via rtcache_* APIs,
psref is used to reference to the rtentry.
rtcache_ref acquires a reference to a rtentry with psref
and rtcache_unref releases the reference after using it.
rtcache_ref is called inside rtcache_* APIs and users don't
need to take care of it while users must call rtcache_unref
to release the reference.
struct psref and int bound that is needed for psref is
embedded into struct route. By doing so we don't need to
add local variables and additional argument to APIs.
However this adds another constraint to psref other than
reference counting one's; holding a reference of an rtentry
via a rtcache is allowed by just one caller at the same time.
So we must not acquire a rtentry via a rtcache twice and
avoid a recursive use of a rtcache. And also a rtcache must
be arranged to be used by a LWP/softint at the same time
somehow. For IP forwarding case, we have per-CPU rtcaches
used in softint so the constraint is guaranteed. For a h
rtcache of a PCB case, the constraint is guaranteed by the
solock of each PCB. Any other cases (pf, ipf, stf and ipsec)
are currently guaranteed by only the existence of the global
locks (softnet_lock and/or KERNEL_LOCK). If we've found the
cases that we cannot guarantee the constraint, we would need
to introduce other rtcache APIs that use simple reference
counting.
psref of rtcache is created with IPL_SOFTNET and so rtcache
shouldn't used at an IPL higher than IPL_SOFTNET.
Note that rtcache_free is used to invalidate a given rtcache.
We don't need another care by my change; just keep them as
they are.
Performance impact
------------------
When NET_MPSAFE is disabled the performance drop is 3% while
when it's enabled the drop is increased to 11%. The difference
comes from that currently we don't take any global locks and
don't use psref if NET_MPSAFE is disabled.
We can optimize the performance of the case of NET_MPSAFE
on by reducing lookups of rtcache that uses psref;
currently we do two lookups but we should be able to trim
one of two. This is a future work.
Known issues
------------
There are two known issues to be solved; one is that
a caller of rtrequest(RTM_ADD) may change rtentry (see rtinit).
We need to prevent new references during the update. Or
we may be able to remove the code (perhaps, need more
investigations).
The other is rtredirect that updates a rtentry. We need
to apply our update mechanism, however it's not easy because
rtredirect is called in softint and we cannot apply our
mechanism simply. One solution is to defer rtredirect to
a workqueue but it requires some code restructuring.
2016-12-12 06:55:57 +03:00
|
|
|
rt_unref(rt);
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
2006-03-06 02:47:08 +03:00
|
|
|
if (ifa == NULL) {
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
2006-02-25 03:58:34 +03:00
|
|
|
* We've got an NS packet, and we don't have that address
|
1999-06-28 10:36:47 +04:00
|
|
|
* assigned for us. We MUST silently ignore it.
|
|
|
|
|
* See RFC2461 7.2.3.
|
|
|
|
|
*/
|
2000-02-26 11:39:18 +03:00
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
1999-12-13 18:17:17 +03:00
|
|
|
myaddr6 = *IFA_IN6(ifa);
|
1999-06-28 10:36:47 +04:00
|
|
|
anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST;
|
|
|
|
|
tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE;
|
|
|
|
|
if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED)
|
2000-02-26 11:39:18 +03:00
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_INFO, "lladdrlen mismatch for %s "
|
1999-06-28 10:36:47 +04:00
|
|
|
"(if %d, NS packet %d)\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
IN6_PRINT(ip6buf, &taddr6),
|
2017-01-16 10:33:36 +03:00
|
|
|
ifp->if_addrlen, lladdrlen - 2);
|
2001-02-07 11:59:47 +03:00
|
|
|
goto bad;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) {
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_INFO, "duplicate IP6 address %s\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
IN6_PRINT(ip6buf, &saddr6));
|
2000-02-26 11:39:18 +03:00
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We have neighbor solicitation packet, with target address equals to
|
|
|
|
|
* one of my tentative address.
|
|
|
|
|
*
|
|
|
|
|
* src addr how to process?
|
|
|
|
|
* --- ---
|
|
|
|
|
* multicast of course, invalid (rejected in ip6_input)
|
|
|
|
|
* unicast somebody is doing address resolution -> ignore
|
|
|
|
|
* unspec dup address detection
|
|
|
|
|
*
|
|
|
|
|
* The processing is defined in RFC 2462.
|
|
|
|
|
*/
|
|
|
|
|
if (tentative) {
|
|
|
|
|
/*
|
|
|
|
|
* If source address is unspecified address, it is for
|
2006-03-03 17:07:06 +03:00
|
|
|
* duplicate address detection.
|
1999-06-28 10:36:47 +04:00
|
|
|
*
|
|
|
|
|
* If not, the packet is for addess resolution;
|
|
|
|
|
* silently ignore it.
|
|
|
|
|
*/
|
2019-04-29 19:12:30 +03:00
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
|
|
|
|
|
struct sockaddr_dl sdl, *sdlp;
|
|
|
|
|
|
|
|
|
|
if (lladdr != NULL)
|
|
|
|
|
sdlp = sockaddr_dl_init(&sdl, sizeof(sdl),
|
|
|
|
|
ifp->if_index, ifp->if_type,
|
|
|
|
|
NULL, 0, lladdr, lladdrlen);
|
|
|
|
|
else
|
|
|
|
|
sdlp = NULL;
|
|
|
|
|
nd6_dad_input(ifa, ndopts.nd_opts_nonce, sdlp);
|
|
|
|
|
}
|
2000-02-26 11:39:18 +03:00
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
2018-12-05 00:16:54 +03:00
|
|
|
|
2018-12-07 17:47:24 +03:00
|
|
|
/*
|
|
|
|
|
* It looks that sender is performing DAD.
|
|
|
|
|
* Check that the nonce is not being used by the same address
|
|
|
|
|
* on another interface.
|
|
|
|
|
*/
|
|
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&saddr6) && ndopts.nd_opts_nonce != NULL) {
|
|
|
|
|
if (nd6_dad_ownnonce(ifa, ndopts.nd_opts_nonce))
|
|
|
|
|
goto freeit;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-01 06:15:30 +03:00
|
|
|
ifa_release(ifa, &psref_ia);
|
|
|
|
|
ifa = NULL;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If the source address is unspecified address, entries must not
|
|
|
|
|
* be created or updated.
|
|
|
|
|
* It looks that sender is performing DAD. Output NA toward
|
|
|
|
|
* all-node multicast address, to tell the sender that I'm using
|
|
|
|
|
* the address.
|
|
|
|
|
* S bit ("solicited") must be zero.
|
|
|
|
|
*/
|
|
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
struct in6_addr in6_all;
|
|
|
|
|
|
|
|
|
|
in6_all = in6addr_linklocal_allnodes;
|
|
|
|
|
if (in6_setscope(&in6_all, ifp, NULL) != 0)
|
|
|
|
|
goto bad;
|
|
|
|
|
nd6_na_output(ifp, &in6_all, &taddr6,
|
2002-06-09 01:22:29 +04:00
|
|
|
((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) |
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
(ip6_forwarding ? ND_NA_FLAG_ROUTER : 0),
|
2007-08-07 08:35:42 +04:00
|
|
|
tlladdr, (const struct sockaddr *)proxydl);
|
2000-02-26 11:39:18 +03:00
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
1999-07-31 22:41:15 +04:00
|
|
|
nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_NEIGHBOR_SOLICIT, 0);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
nd6_na_output(ifp, &saddr6, &taddr6,
|
2002-06-09 01:22:29 +04:00
|
|
|
((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) |
|
|
|
|
|
(router ? ND_NA_FLAG_ROUTER : 0) | ND_NA_FLAG_SOLICITED,
|
2007-08-07 08:35:42 +04:00
|
|
|
tlladdr, (const struct sockaddr *)proxydl);
|
2000-02-26 11:39:18 +03:00
|
|
|
freeit:
|
2016-08-01 06:15:30 +03:00
|
|
|
ifa_release(ifa, &psref_ia);
|
2016-06-10 16:31:43 +03:00
|
|
|
m_put_rcvif_psref(ifp, &psref);
|
2000-02-26 11:39:18 +03:00
|
|
|
m_freem(m);
|
1999-06-28 10:36:47 +04:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
bad:
|
2017-01-16 18:44:46 +03:00
|
|
|
nd6log(LOG_ERR, "src=%s\n", IN6_PRINT(ip6buf, &saddr6));
|
|
|
|
|
nd6log(LOG_ERR, "dst=%s\n", IN6_PRINT(ip6buf, &daddr6));
|
|
|
|
|
nd6log(LOG_ERR, "tgt=%s\n", IN6_PRINT(ip6buf, &taddr6));
|
2008-04-15 07:57:04 +04:00
|
|
|
ICMP6_STATINC(ICMP6_STAT_BADNS);
|
2016-08-01 06:15:30 +03:00
|
|
|
ifa_release(ifa, &psref_ia);
|
2016-06-10 16:31:43 +03:00
|
|
|
m_put_rcvif_psref(ifp, &psref);
|
2000-02-26 11:39:18 +03:00
|
|
|
m_freem(m);
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2006-03-03 17:07:06 +03:00
|
|
|
* Output a Neighbor Solicitation Message. Caller specifies:
|
1999-06-28 10:36:47 +04:00
|
|
|
* - ICMP6 header source IP6 address
|
|
|
|
|
* - ND6 header target IP6 address
|
|
|
|
|
* - ND6 header source datalink address
|
|
|
|
|
*
|
|
|
|
|
* Based on RFC 2461
|
2006-03-03 17:07:06 +03:00
|
|
|
* Based on RFC 2462 (duplicate address detection)
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
|
|
|
|
void
|
2007-03-16 02:39:51 +03:00
|
|
|
nd6_ns_output(struct ifnet *ifp, const struct in6_addr *daddr6,
|
|
|
|
|
const struct in6_addr *taddr6,
|
2015-11-18 08:16:22 +03:00
|
|
|
struct in6_addr *hsrc,
|
2018-03-06 13:57:00 +03:00
|
|
|
uint8_t *nonce /* duplicate address detection */)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
|
|
|
|
struct mbuf *m;
|
|
|
|
|
struct ip6_hdr *ip6;
|
|
|
|
|
struct nd_neighbor_solicit *nd_ns;
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
struct in6_addr *src, src_in;
|
1999-06-28 10:36:47 +04:00
|
|
|
struct ip6_moptions im6o;
|
|
|
|
|
int icmp6len;
|
2000-02-07 08:42:28 +03:00
|
|
|
int maxlen;
|
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool
and dom_sa_len members from struct domain. Pools of fixed-size
objects are too rigid for sockaddr_dls, whose size can vary over
a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using
malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create
a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl
is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an
arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(),
sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(),
instead. Used properly, sockaddr_dl_setaddr() will not overrun
the end of the sockaddr.
2007-08-30 06:17:34 +04:00
|
|
|
const void *mac;
|
Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.
The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing. Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.
Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously. Of course, all design oversights and bugs are
mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have
introduced routines for allocating, copying, and duplicating,
and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
struct sockaddr *sockaddr_copy(struct sockaddr *dst,
const struct sockaddr *src);
struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging
to the specified family, or NULL if the pool is exhausted. The
returned sockaddr has the right size for that family; sa_family
and sa_len fields are initialized to the family and sockaddr
length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
sockaddr_in). sockaddr_free() puts the given sockaddr back into
its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup()
and strcpy(), respectively. sockaddr_copy() KASSERTs that the
family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address
family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families
use struct route. I have changed the route cache, 'struct route',
so that it does not contain storage space for a sockaddr. Instead,
struct route points to a sockaddr coming from the pool the sockaddr
belongs to. I added a new method to struct route, rtcache_setdst(),
for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say,
rtcache_setdst() failed. I check the return value for NULL
everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route
caches, dom_rtcache. rtflushall(sa_family_t af) looks up the
domain indicated by 'af', walks the domain's list of route caches
and invalidates each one.
2007-05-03 00:40:22 +04:00
|
|
|
struct route ro;
|
2002-06-09 01:22:29 +04:00
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
if (IN6_IS_ADDR_MULTICAST(taddr6))
|
|
|
|
|
return;
|
|
|
|
|
|
2007-11-16 20:51:51 +03:00
|
|
|
memset(&ro, 0, sizeof(ro));
|
|
|
|
|
|
2000-02-07 08:42:28 +03:00
|
|
|
/* estimate the size of message */
|
|
|
|
|
maxlen = sizeof(*ip6) + sizeof(*nd_ns);
|
|
|
|
|
maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
|
2018-05-17 15:07:48 +03:00
|
|
|
KASSERTMSG(max_linkhdr + maxlen <= MCLBYTES,
|
|
|
|
|
"max_linkhdr + maxlen > MCLBYTES (%d + %d > %d)",
|
2017-03-14 07:25:10 +03:00
|
|
|
max_linkhdr, maxlen, MCLBYTES);
|
2000-02-07 08:42:28 +03:00
|
|
|
|
|
|
|
|
MGETHDR(m, M_DONTWAIT, MT_DATA);
|
|
|
|
|
if (m && max_linkhdr + maxlen >= MHLEN) {
|
|
|
|
|
MCLGET(m, M_DONTWAIT);
|
|
|
|
|
if ((m->m_flags & M_EXT) == 0) {
|
|
|
|
|
m_free(m);
|
|
|
|
|
m = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (m == NULL)
|
1999-06-28 10:36:47 +04:00
|
|
|
return;
|
2016-06-10 16:27:10 +03:00
|
|
|
m_reset_rcvif(m);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) {
|
|
|
|
|
m->m_flags |= M_MCAST;
|
2016-06-21 06:28:27 +03:00
|
|
|
im6o.im6o_multicast_if_index = if_get_index(ifp);
|
1999-06-28 10:36:47 +04:00
|
|
|
im6o.im6o_multicast_hlim = 255;
|
|
|
|
|
im6o.im6o_multicast_loop = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
icmp6len = sizeof(*nd_ns);
|
|
|
|
|
m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len;
|
2018-12-22 17:28:56 +03:00
|
|
|
m->m_data += max_linkhdr; /* or m_align() equivalent? */
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
/* fill neighbor solicitation packet */
|
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
|
ip6->ip6_flow = 0;
|
1999-12-15 09:28:43 +03:00
|
|
|
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
|
|
|
|
|
ip6->ip6_vfc |= IPV6_VERSION;
|
1999-06-28 10:36:47 +04:00
|
|
|
/* ip6->ip6_plen will be set later */
|
|
|
|
|
ip6->ip6_nxt = IPPROTO_ICMPV6;
|
|
|
|
|
ip6->ip6_hlim = 255;
|
|
|
|
|
if (daddr6)
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
ip6->ip6_dst = *daddr6;
|
1999-06-28 10:36:47 +04:00
|
|
|
else {
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
|
|
|
|
|
ip6->ip6_dst.s6_addr16[1] = 0;
|
|
|
|
|
ip6->ip6_dst.s6_addr32[1] = 0;
|
|
|
|
|
ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE;
|
|
|
|
|
ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3];
|
|
|
|
|
ip6->ip6_dst.s6_addr8[12] = 0xff;
|
|
|
|
|
if (in6_setscope(&ip6->ip6_dst, ifp, NULL) != 0)
|
|
|
|
|
goto bad;
|
|
|
|
|
}
|
2018-03-06 13:57:00 +03:00
|
|
|
if (nonce == NULL) {
|
2016-08-01 06:15:30 +03:00
|
|
|
int s;
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
|
|
|
|
* RFC2461 7.2.2:
|
|
|
|
|
* "If the source address of the packet prompting the
|
|
|
|
|
* solicitation is the same as one of the addresses assigned
|
|
|
|
|
* to the outgoing interface, that address SHOULD be placed
|
|
|
|
|
* in the IP Source Address of the outgoing solicitation.
|
|
|
|
|
* Otherwise, any one of the addresses assigned to the
|
|
|
|
|
* interface should be used."
|
|
|
|
|
*
|
|
|
|
|
* We use the source address for the prompting packet
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
* (hsrc), if:
|
|
|
|
|
* - hsrc is given from the caller (by giving "ln"), and
|
|
|
|
|
* - hsrc belongs to the outgoing interface.
|
2002-06-09 01:22:29 +04:00
|
|
|
* Otherwise, we perform the source address selection as usual.
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
2016-08-01 06:15:30 +03:00
|
|
|
s = pserialize_read_enter();
|
2018-03-19 06:14:08 +03:00
|
|
|
if (hsrc && in6ifa_ifpwithaddr(ifp, hsrc)) {
|
|
|
|
|
pserialize_read_exit(s);
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
src = hsrc;
|
2018-03-19 06:14:08 +03:00
|
|
|
} else {
|
2002-06-09 01:22:29 +04:00
|
|
|
int error;
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
struct sockaddr_in6 dst_sa;
|
|
|
|
|
|
2018-03-19 06:14:08 +03:00
|
|
|
pserialize_read_exit(s);
|
|
|
|
|
|
2007-11-10 03:14:31 +03:00
|
|
|
sockaddr_in6_init(&dst_sa, &ip6->ip6_dst, 0, 0, 0);
|
2002-06-09 01:22:29 +04:00
|
|
|
|
2016-10-31 07:16:25 +03:00
|
|
|
error = in6_selectsrc(&dst_sa, NULL,
|
|
|
|
|
NULL, &ro, NULL, NULL, NULL, &src_in);
|
|
|
|
|
if (error != 0) {
|
2017-01-16 10:33:36 +03:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_DEBUG, "source can't be "
|
2002-06-09 01:22:29 +04:00
|
|
|
"determined: dst=%s, error=%d\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
IN6_PRINT(ip6buf, &dst_sa.sin6_addr),
|
2017-01-16 10:33:36 +03:00
|
|
|
error);
|
2016-08-01 06:15:30 +03:00
|
|
|
pserialize_read_exit(s);
|
2002-06-09 01:22:29 +04:00
|
|
|
goto bad;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
2016-10-31 07:16:25 +03:00
|
|
|
src = &src_in;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* Source address for DAD packet must always be IPv6
|
|
|
|
|
* unspecified address. (0::0)
|
2002-06-09 01:22:29 +04:00
|
|
|
* We actually don't have to 0-clear the address (we did it
|
|
|
|
|
* above), but we do so here explicitly to make the intention
|
|
|
|
|
* clearer.
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
2009-03-18 19:00:08 +03:00
|
|
|
memset(&src_in, 0, sizeof(src_in));
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
src = &src_in;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
ip6->ip6_src = *src;
|
1999-06-28 10:36:47 +04:00
|
|
|
nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1);
|
|
|
|
|
nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT;
|
|
|
|
|
nd_ns->nd_ns_code = 0;
|
|
|
|
|
nd_ns->nd_ns_reserved = 0;
|
|
|
|
|
nd_ns->nd_ns_target = *taddr6;
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
in6_clearscope(&nd_ns->nd_ns_target); /* XXX */
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Add source link-layer address option.
|
|
|
|
|
*
|
|
|
|
|
* spec implementation
|
|
|
|
|
* --- ---
|
|
|
|
|
* DAD packet MUST NOT do not add the option
|
|
|
|
|
* there's no link layer address:
|
|
|
|
|
* impossible do not add the option
|
|
|
|
|
* there's link layer address:
|
|
|
|
|
* Multicast NS MUST add one add the option
|
|
|
|
|
* Unicast NS SHOULD add one add the option
|
|
|
|
|
*/
|
2018-03-06 13:57:00 +03:00
|
|
|
if (nonce == NULL && (mac = nd6_ifptomac(ifp))) {
|
1999-06-28 10:36:47 +04:00
|
|
|
int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
|
|
|
|
|
struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1);
|
1999-09-20 01:31:33 +04:00
|
|
|
/* 8 byte alignments... */
|
|
|
|
|
optlen = (optlen + 7) & ~7;
|
2002-06-09 18:43:10 +04:00
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
m->m_pkthdr.len += optlen;
|
|
|
|
|
m->m_len += optlen;
|
|
|
|
|
icmp6len += optlen;
|
2009-03-18 19:00:08 +03:00
|
|
|
memset((void *)nd_opt, 0, optlen);
|
1999-06-28 10:36:47 +04:00
|
|
|
nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR;
|
|
|
|
|
nd_opt->nd_opt_len = optlen >> 3;
|
2009-04-18 18:58:02 +04:00
|
|
|
memcpy((void *)(nd_opt + 1), mac, ifp->if_addrlen);
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
2018-03-06 13:57:00 +03:00
|
|
|
/* Add a nonce option (RFC 3971) to detect looped back NS messages.
|
|
|
|
|
* This behavior is documented in RFC 7527. */
|
|
|
|
|
if (nonce != NULL) {
|
|
|
|
|
int optlen = sizeof(struct nd_opt_hdr) + ND_OPT_NONCE_LEN;
|
|
|
|
|
struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1);
|
|
|
|
|
|
|
|
|
|
/* 8-byte alignment is required. */
|
|
|
|
|
optlen = (optlen + 7) & ~7;
|
|
|
|
|
m->m_pkthdr.len += optlen;
|
|
|
|
|
m->m_len += optlen;
|
|
|
|
|
icmp6len += optlen;
|
|
|
|
|
memset(nd_opt, 0, optlen);
|
|
|
|
|
nd_opt->nd_opt_type = ND_OPT_NONCE;
|
|
|
|
|
nd_opt->nd_opt_len = optlen >> 3;
|
|
|
|
|
memcpy(nd_opt + 1, nonce, ND_OPT_NONCE_LEN);
|
|
|
|
|
}
|
|
|
|
|
|
2003-09-06 03:20:48 +04:00
|
|
|
ip6->ip6_plen = htons((u_int16_t)icmp6len);
|
1999-06-28 10:36:47 +04:00
|
|
|
nd_ns->nd_ns_cksum = 0;
|
2002-06-09 01:22:29 +04:00
|
|
|
nd_ns->nd_ns_cksum =
|
|
|
|
|
in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2018-03-06 13:57:00 +03:00
|
|
|
ip6_output(m, NULL, &ro, nonce != NULL ? IPV6_UNSPECSRC : 0,
|
|
|
|
|
&im6o, NULL, NULL);
|
2001-10-18 11:44:33 +04:00
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_msg);
|
|
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_neighborsolicit);
|
2008-04-15 07:57:04 +04:00
|
|
|
ICMP6_STATINC(ICMP6_STAT_OUTHIST + ND_NEIGHBOR_SOLICIT);
|
2001-10-18 11:44:33 +04:00
|
|
|
|
Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.
The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing. Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.
Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously. Of course, all design oversights and bugs are
mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have
introduced routines for allocating, copying, and duplicating,
and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
struct sockaddr *sockaddr_copy(struct sockaddr *dst,
const struct sockaddr *src);
struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging
to the specified family, or NULL if the pool is exhausted. The
returned sockaddr has the right size for that family; sa_family
and sa_len fields are initialized to the family and sockaddr
length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
sockaddr_in). sockaddr_free() puts the given sockaddr back into
its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup()
and strcpy(), respectively. sockaddr_copy() KASSERTs that the
family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address
family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families
use struct route. I have changed the route cache, 'struct route',
so that it does not contain storage space for a sockaddr. Instead,
struct route points to a sockaddr coming from the pool the sockaddr
belongs to. I added a new method to struct route, rtcache_setdst(),
for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say,
rtcache_setdst() failed. I check the return value for NULL
everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route
caches, dom_rtcache. rtflushall(sa_family_t af) looks up the
domain indicated by 'af', walks the domain's list of route caches
and invalidates each one.
2007-05-03 00:40:22 +04:00
|
|
|
rtcache_free(&ro);
|
2001-10-18 11:44:33 +04:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
bad:
|
Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.
The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing. Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.
Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously. Of course, all design oversights and bugs are
mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have
introduced routines for allocating, copying, and duplicating,
and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
struct sockaddr *sockaddr_copy(struct sockaddr *dst,
const struct sockaddr *src);
struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging
to the specified family, or NULL if the pool is exhausted. The
returned sockaddr has the right size for that family; sa_family
and sa_len fields are initialized to the family and sockaddr
length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
sockaddr_in). sockaddr_free() puts the given sockaddr back into
its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup()
and strcpy(), respectively. sockaddr_copy() KASSERTs that the
family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address
family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families
use struct route. I have changed the route cache, 'struct route',
so that it does not contain storage space for a sockaddr. Instead,
struct route points to a sockaddr coming from the pool the sockaddr
belongs to. I added a new method to struct route, rtcache_setdst(),
for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say,
rtcache_setdst() failed. I check the return value for NULL
everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route
caches, dom_rtcache. rtflushall(sa_family_t af) looks up the
domain indicated by 'af', walks the domain's list of route caches
and invalidates each one.
2007-05-03 00:40:22 +04:00
|
|
|
rtcache_free(&ro);
|
2001-10-18 11:44:33 +04:00
|
|
|
m_freem(m);
|
|
|
|
|
return;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Neighbor advertisement input handling.
|
|
|
|
|
*
|
|
|
|
|
* Based on RFC 2461
|
2006-03-03 17:07:06 +03:00
|
|
|
* Based on RFC 2462 (duplicate address detection)
|
2000-02-26 11:39:18 +03:00
|
|
|
*
|
|
|
|
|
* the following items are not implemented yet:
|
|
|
|
|
* - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
|
|
|
|
|
* - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
|
|
|
|
void
|
2007-03-16 02:39:51 +03:00
|
|
|
nd6_na_input(struct mbuf *m, int off, int icmp6len)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
2016-06-10 16:31:43 +03:00
|
|
|
struct ifnet *ifp;
|
1999-06-28 10:36:47 +04:00
|
|
|
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
|
2000-02-26 11:39:18 +03:00
|
|
|
struct nd_neighbor_advert *nd_na;
|
1999-06-28 10:36:47 +04:00
|
|
|
struct in6_addr saddr6 = ip6->ip6_src;
|
|
|
|
|
struct in6_addr daddr6 = ip6->ip6_dst;
|
2000-02-26 11:39:18 +03:00
|
|
|
struct in6_addr taddr6;
|
|
|
|
|
int flags;
|
|
|
|
|
int is_router;
|
|
|
|
|
int is_solicited;
|
|
|
|
|
int is_override;
|
1999-06-28 10:36:47 +04:00
|
|
|
char *lladdr = NULL;
|
|
|
|
|
int lladdrlen = 0;
|
|
|
|
|
struct ifaddr *ifa;
|
2016-04-04 10:37:07 +03:00
|
|
|
struct llentry *ln = NULL;
|
1999-06-28 10:36:47 +04:00
|
|
|
union nd_opts ndopts;
|
2014-01-13 22:23:36 +04:00
|
|
|
struct sockaddr_in6 ssin6;
|
2019-08-29 17:26:55 +03:00
|
|
|
bool rt_announce;
|
2016-04-11 04:16:20 +03:00
|
|
|
bool checklink = false;
|
2016-06-10 16:31:43 +03:00
|
|
|
struct psref psref;
|
2016-08-01 06:15:30 +03:00
|
|
|
struct psref psref_ia;
|
2017-01-16 10:33:36 +03:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN], ip6buf2[INET6_ADDRSTRLEN];
|
2016-06-10 16:31:43 +03:00
|
|
|
|
|
|
|
|
ifp = m_get_rcvif_psref(m, &psref);
|
|
|
|
|
if (ifp == NULL)
|
|
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
if (ip6->ip6_hlim != 255) {
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_ERR,
|
|
|
|
|
"invalid hlim (%d) from %s to %s on %s\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
ip6->ip6_hlim, IN6_PRINT(ip6buf, &ip6->ip6_src),
|
|
|
|
|
IN6_PRINT(ip6buf2, &ip6->ip6_dst), if_name(ifp));
|
2001-02-07 11:59:47 +03:00
|
|
|
goto bad;
|
2000-02-26 11:39:18 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len);
|
|
|
|
|
if (nd_na == NULL) {
|
2016-06-10 16:31:43 +03:00
|
|
|
m_put_rcvif_psref(ifp, &psref);
|
2008-04-15 07:57:04 +04:00
|
|
|
ICMP6_STATINC(ICMP6_STAT_TOOSHORT);
|
1999-06-28 10:36:47 +04:00
|
|
|
return;
|
|
|
|
|
}
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
|
2000-02-26 11:39:18 +03:00
|
|
|
flags = nd_na->nd_na_flags_reserved;
|
|
|
|
|
is_router = ((flags & ND_NA_FLAG_ROUTER) != 0);
|
|
|
|
|
is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0);
|
|
|
|
|
is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
taddr6 = nd_na->nd_na_target;
|
2016-06-10 16:31:43 +03:00
|
|
|
if (in6_setscope(&taddr6, ifp, NULL)) {
|
2018-02-02 13:49:01 +03:00
|
|
|
goto bad;
|
2016-06-10 16:31:43 +03:00
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_ERR, "invalid target address %s\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
IN6_PRINT(ip6buf, &taddr6));
|
2001-02-07 11:59:47 +03:00
|
|
|
goto bad;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
2002-06-09 01:22:29 +04:00
|
|
|
if (is_solicited && IN6_IS_ADDR_MULTICAST(&daddr6)) {
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_ERR, "a solicited adv is multicasted\n");
|
2002-06-09 01:22:29 +04:00
|
|
|
goto bad;
|
|
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
icmp6len -= sizeof(*nd_na);
|
|
|
|
|
nd6_option_init(nd_na + 1, icmp6len, &ndopts);
|
|
|
|
|
if (nd6_options(&ndopts) < 0) {
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_INFO, "invalid ND option, ignored\n");
|
2001-02-07 11:59:47 +03:00
|
|
|
/* nd6_options have incremented stats */
|
2000-02-26 11:39:18 +03:00
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
2018-12-13 13:27:51 +03:00
|
|
|
if (ndopts.nd_opts_tgt_lladdr != NULL) {
|
|
|
|
|
struct ifnet *ifp_ll;
|
|
|
|
|
struct psref psref_ll;
|
|
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1);
|
|
|
|
|
lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
|
2018-12-13 13:27:51 +03:00
|
|
|
|
|
|
|
|
if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
|
|
|
|
|
nd6log(LOG_INFO, "lladdrlen mismatch for %s "
|
|
|
|
|
"(if %d, NA packet %d)\n", IN6_PRINT(ip6buf, &taddr6),
|
|
|
|
|
ifp->if_addrlen, lladdrlen - 2);
|
|
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ifp_ll = if_get_bylla(lladdr, ifp->if_addrlen, &psref_ll);
|
|
|
|
|
if (ifp_ll != NULL) {
|
|
|
|
|
/* it's from me, ignore it. */
|
|
|
|
|
if_put(ifp_ll, &psref_ll);
|
|
|
|
|
goto freeit;
|
|
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
2016-08-01 06:15:30 +03:00
|
|
|
ifa = (struct ifaddr *)in6ifa_ifpwithaddr_psref(ifp, &taddr6, &psref_ia);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Target address matches one of my interface address.
|
|
|
|
|
*
|
|
|
|
|
* If my address is tentative, this means that there's somebody
|
|
|
|
|
* already using the same address as mine. This indicates DAD failure.
|
|
|
|
|
* This is defined in RFC 2462.
|
|
|
|
|
*
|
|
|
|
|
* Otherwise, process as defined in RFC 2461.
|
|
|
|
|
*/
|
|
|
|
|
if (ifa) {
|
2019-04-29 19:12:30 +03:00
|
|
|
if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE) {
|
|
|
|
|
struct sockaddr_dl sdl, *sdlp;
|
|
|
|
|
|
|
|
|
|
if (lladdr != NULL)
|
|
|
|
|
sdlp = sockaddr_dl_init(&sdl, sizeof(sdl),
|
|
|
|
|
ifp->if_index, ifp->if_type,
|
|
|
|
|
NULL, 0, lladdr, lladdrlen);
|
|
|
|
|
else
|
|
|
|
|
sdlp = NULL;
|
|
|
|
|
nd6_dad_input(ifa, NULL, sdlp);
|
|
|
|
|
} else
|
2018-12-04 23:46:56 +03:00
|
|
|
log(LOG_ERR,
|
|
|
|
|
"nd6_na_input: duplicate IP6 address %s\n",
|
|
|
|
|
IN6_PRINT(ip6buf, &taddr6));
|
2016-08-01 06:15:30 +03:00
|
|
|
ifa_release(ifa, &psref_ia);
|
|
|
|
|
ifa = NULL;
|
2000-02-26 11:39:18 +03:00
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
2014-01-13 22:23:36 +04:00
|
|
|
|
2008-07-31 22:24:07 +04:00
|
|
|
/*
|
|
|
|
|
* Make sure the source address is from a neighbor's address.
|
|
|
|
|
*/
|
2014-01-13 22:23:36 +04:00
|
|
|
sockaddr_in6_init(&ssin6, &saddr6, 0, 0, 0);
|
|
|
|
|
if (nd6_is_addr_neighbor(&ssin6, ifp) == 0) {
|
2016-04-29 14:46:17 +03:00
|
|
|
nd6log(LOG_INFO, "ND packet from non-neighbor %s on %s\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
IN6_PRINT(ip6buf, &saddr6), if_name(ifp));
|
2008-07-31 22:24:07 +04:00
|
|
|
goto bad;
|
|
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
/*
|
2002-06-09 01:22:29 +04:00
|
|
|
* If no neighbor cache entry is found, NA SHOULD silently be
|
|
|
|
|
* discarded.
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
2016-04-04 10:37:07 +03:00
|
|
|
ln = nd6_lookup(&taddr6, ifp, true);
|
|
|
|
|
if (ln == NULL)
|
2000-02-26 11:39:18 +03:00
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2019-08-29 17:28:06 +03:00
|
|
|
rt_announce = false;
|
1999-06-28 10:36:47 +04:00
|
|
|
if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
|
|
|
|
|
/*
|
|
|
|
|
* If the link-layer has address, and no lladdr option came,
|
|
|
|
|
* discard the packet.
|
|
|
|
|
*/
|
|
|
|
|
if (ifp->if_addrlen && !lladdr)
|
2000-02-26 11:39:18 +03:00
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Record link-layer address, and update the state.
|
|
|
|
|
*/
|
2016-04-04 10:37:07 +03:00
|
|
|
memcpy(&ln->ll_addr, lladdr, ifp->if_addrlen);
|
|
|
|
|
ln->la_flags |= LLE_VALID;
|
2019-08-29 17:28:06 +03:00
|
|
|
rt_announce = true;
|
1999-06-28 10:36:47 +04:00
|
|
|
if (is_solicited) {
|
|
|
|
|
ln->ln_state = ND6_LLINFO_REACHABLE;
|
2001-02-11 10:00:03 +03:00
|
|
|
ln->ln_byhint = 0;
|
2003-06-27 12:41:08 +04:00
|
|
|
if (!ND6_LLINFO_PERMANENT(ln)) {
|
|
|
|
|
nd6_llinfo_settimer(ln,
|
2015-12-07 09:19:13 +03:00
|
|
|
ND_IFINFO(ln->lle_tbl->llt_ifp)->reachable * hz);
|
2003-06-27 12:41:08 +04:00
|
|
|
}
|
2001-02-23 11:02:41 +03:00
|
|
|
} else {
|
1999-06-28 10:36:47 +04:00
|
|
|
ln->ln_state = ND6_LLINFO_STALE;
|
2015-12-07 09:19:13 +03:00
|
|
|
nd6_llinfo_settimer(ln, nd6_gctimer * hz);
|
2001-10-17 14:55:09 +04:00
|
|
|
}
|
|
|
|
|
if ((ln->ln_router = is_router) != 0) {
|
|
|
|
|
/*
|
|
|
|
|
* This means a router's state has changed from
|
|
|
|
|
* non-reachable to probably reachable, and might
|
|
|
|
|
* affect the status of associated prefixes..
|
|
|
|
|
*/
|
2016-04-11 04:16:20 +03:00
|
|
|
checklink = true;
|
2001-02-23 11:02:41 +03:00
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
} else {
|
2019-08-29 17:26:55 +03:00
|
|
|
bool llchange;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check if the link-layer address has changed or not.
|
|
|
|
|
*/
|
2006-03-06 02:47:08 +03:00
|
|
|
if (lladdr == NULL)
|
2019-08-29 17:26:55 +03:00
|
|
|
llchange = false;
|
1999-06-28 10:36:47 +04:00
|
|
|
else {
|
2016-04-04 10:37:07 +03:00
|
|
|
if (ln->la_flags & LLE_VALID) {
|
|
|
|
|
if (memcmp(lladdr, &ln->ll_addr, ifp->if_addrlen))
|
2019-08-29 17:26:55 +03:00
|
|
|
llchange = rt_announce = true;
|
1999-06-28 10:36:47 +04:00
|
|
|
else
|
2019-08-29 17:26:55 +03:00
|
|
|
llchange = false;
|
1999-06-28 10:36:47 +04:00
|
|
|
} else
|
2019-08-29 17:26:55 +03:00
|
|
|
llchange = rt_announce = true;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This is VERY complex. Look at it with care.
|
|
|
|
|
*
|
|
|
|
|
* override solicit lladdr llchange action
|
|
|
|
|
* (L: record lladdr)
|
|
|
|
|
*
|
|
|
|
|
* 0 0 n -- (2c)
|
|
|
|
|
* 0 0 y n (2b) L
|
|
|
|
|
* 0 0 y y (1) REACHABLE->STALE
|
|
|
|
|
* 0 1 n -- (2c) *->REACHABLE
|
|
|
|
|
* 0 1 y n (2b) L *->REACHABLE
|
|
|
|
|
* 0 1 y y (1) REACHABLE->STALE
|
|
|
|
|
* 1 0 n -- (2a)
|
|
|
|
|
* 1 0 y n (2a) L
|
|
|
|
|
* 1 0 y y (2a) L *->STALE
|
|
|
|
|
* 1 1 n -- (2a) *->REACHABLE
|
|
|
|
|
* 1 1 y n (2a) L *->REACHABLE
|
|
|
|
|
* 1 1 y y (2a) L *->REACHABLE
|
|
|
|
|
*/
|
2006-03-06 02:47:08 +03:00
|
|
|
if (!is_override && lladdr != NULL && llchange) { /* (1) */
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
|
|
|
|
* If state is REACHABLE, make it STALE.
|
|
|
|
|
* no other updates should be done.
|
|
|
|
|
*/
|
2001-02-23 11:02:41 +03:00
|
|
|
if (ln->ln_state == ND6_LLINFO_REACHABLE) {
|
1999-06-28 10:36:47 +04:00
|
|
|
ln->ln_state = ND6_LLINFO_STALE;
|
2015-12-07 09:19:13 +03:00
|
|
|
nd6_llinfo_settimer(ln, nd6_gctimer * hz);
|
2001-02-23 11:02:41 +03:00
|
|
|
}
|
2000-02-26 11:39:18 +03:00
|
|
|
goto freeit;
|
1999-06-28 10:36:47 +04:00
|
|
|
} else if (is_override /* (2a) */
|
2006-03-06 02:47:08 +03:00
|
|
|
|| (!is_override && lladdr != NULL && !llchange) /* (2b) */
|
|
|
|
|
|| lladdr == NULL) { /* (2c) */
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
|
|
|
|
* Update link-local address, if any.
|
|
|
|
|
*/
|
2006-03-06 02:47:08 +03:00
|
|
|
if (lladdr != NULL) {
|
2016-04-04 10:37:07 +03:00
|
|
|
memcpy(&ln->ll_addr, lladdr, ifp->if_addrlen);
|
|
|
|
|
ln->la_flags |= LLE_VALID;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If solicited, make the state REACHABLE.
|
|
|
|
|
* If not solicited and the link-layer address was
|
|
|
|
|
* changed, make it STALE.
|
|
|
|
|
*/
|
|
|
|
|
if (is_solicited) {
|
|
|
|
|
ln->ln_state = ND6_LLINFO_REACHABLE;
|
2001-02-11 10:00:03 +03:00
|
|
|
ln->ln_byhint = 0;
|
2003-06-27 12:41:08 +04:00
|
|
|
if (!ND6_LLINFO_PERMANENT(ln)) {
|
|
|
|
|
nd6_llinfo_settimer(ln,
|
2015-12-07 09:19:13 +03:00
|
|
|
ND_IFINFO(ifp)->reachable * hz);
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
} else {
|
2001-02-23 11:02:41 +03:00
|
|
|
if (lladdr && llchange) {
|
1999-06-28 10:36:47 +04:00
|
|
|
ln->ln_state = ND6_LLINFO_STALE;
|
2003-06-27 12:41:08 +04:00
|
|
|
nd6_llinfo_settimer(ln,
|
2015-12-07 09:19:13 +03:00
|
|
|
nd6_gctimer * hz);
|
2001-02-23 11:02:41 +03:00
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ln->ln_router && !is_router) {
|
|
|
|
|
/*
|
|
|
|
|
* The peer dropped the router flag.
|
|
|
|
|
* Remove the sender from the Default Router List and
|
|
|
|
|
* update the Destination Cache entries.
|
|
|
|
|
*/
|
2019-08-29 19:26:43 +03:00
|
|
|
const struct in6_addr *in6 = &ln->r_l3addr.addr6;
|
1999-06-28 10:36:47 +04:00
|
|
|
struct nd_defrouter *dr;
|
2001-10-16 10:24:44 +04:00
|
|
|
|
2016-12-19 10:51:34 +03:00
|
|
|
ND6_WLOCK();
|
2016-12-11 10:38:50 +03:00
|
|
|
dr = nd6_defrouter_lookup(in6, ln->lle_tbl->llt_ifp);
|
1999-06-28 10:36:47 +04:00
|
|
|
if (dr)
|
2016-12-11 10:38:50 +03:00
|
|
|
nd6_defrtrlist_del(dr, NULL);
|
2003-06-24 11:54:47 +04:00
|
|
|
else if (!ip6_forwarding) {
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
|
|
|
|
* Even if the neighbor is not in the default
|
|
|
|
|
* router list, the neighbor may be used
|
|
|
|
|
* as a next hop for some destinations
|
|
|
|
|
* (e.g. redirect case). So we must
|
2016-12-11 10:38:50 +03:00
|
|
|
* call nd6_rt_flush explicitly.
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
2016-12-11 10:38:50 +03:00
|
|
|
nd6_rt_flush(&ip6->ip6_src, ln->lle_tbl->llt_ifp);
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
2016-12-19 10:51:34 +03:00
|
|
|
ND6_UNLOCK();
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
ln->ln_router = is_router;
|
|
|
|
|
}
|
2016-04-04 10:37:07 +03:00
|
|
|
/*
|
|
|
|
|
* XXX: does this matter?
|
|
|
|
|
* rt->rt_flags &= ~RTF_REJECT;
|
|
|
|
|
*/
|
1999-06-28 10:36:47 +04:00
|
|
|
ln->ln_asked = 0;
|
2016-04-04 10:37:07 +03:00
|
|
|
nd6_llinfo_release_pkts(ln, ifp);
|
2019-08-23 00:22:50 +03:00
|
|
|
|
|
|
|
|
if (rt_announce) {
|
|
|
|
|
struct sockaddr_in6 sin6;
|
|
|
|
|
|
2019-08-29 19:26:43 +03:00
|
|
|
sockaddr_in6_init(&sin6, &ln->r_l3addr.addr6, 0, 0, 0);
|
|
|
|
|
rt_clonedmsg(RTM_CHANGE, sin6tosa(&sin6),
|
|
|
|
|
(char *)&ln->ll_addr, ln->lle_tbl->llt_ifp);
|
2019-08-23 00:22:50 +03:00
|
|
|
}
|
2000-02-26 11:39:18 +03:00
|
|
|
|
|
|
|
|
freeit:
|
2016-04-04 10:37:07 +03:00
|
|
|
if (ln != NULL)
|
|
|
|
|
LLE_WUNLOCK(ln);
|
|
|
|
|
|
2016-12-19 10:51:34 +03:00
|
|
|
if (checklink) {
|
|
|
|
|
ND6_WLOCK();
|
2016-12-11 10:38:50 +03:00
|
|
|
nd6_pfxlist_onlink_check();
|
2016-12-19 10:51:34 +03:00
|
|
|
ND6_UNLOCK();
|
|
|
|
|
}
|
2016-04-11 04:16:20 +03:00
|
|
|
|
2016-06-10 16:31:43 +03:00
|
|
|
m_put_rcvif_psref(ifp, &psref);
|
2000-02-26 11:39:18 +03:00
|
|
|
m_freem(m);
|
2001-02-07 11:59:47 +03:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
bad:
|
2016-04-04 10:37:07 +03:00
|
|
|
if (ln != NULL)
|
|
|
|
|
LLE_WUNLOCK(ln);
|
|
|
|
|
|
2008-04-15 07:57:04 +04:00
|
|
|
ICMP6_STATINC(ICMP6_STAT_BADNA);
|
2016-06-10 16:31:43 +03:00
|
|
|
m_put_rcvif_psref(ifp, &psref);
|
2001-02-07 11:59:47 +03:00
|
|
|
m_freem(m);
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Neighbor advertisement output handling.
|
|
|
|
|
*
|
|
|
|
|
* Based on RFC 2461
|
|
|
|
|
*
|
2000-02-26 11:39:18 +03:00
|
|
|
* the following items are not implemented yet:
|
|
|
|
|
* - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
|
|
|
|
|
* - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
|
|
|
|
void
|
2008-02-27 22:40:56 +03:00
|
|
|
nd6_na_output(
|
|
|
|
|
struct ifnet *ifp,
|
|
|
|
|
const struct in6_addr *daddr6_0,
|
|
|
|
|
const struct in6_addr *taddr6,
|
|
|
|
|
u_long flags,
|
|
|
|
|
int tlladdr, /* 1 if include target link-layer address */
|
|
|
|
|
const struct sockaddr *sdl0) /* sockaddr_dl (= proxy NA) or NULL */
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
|
|
|
|
struct mbuf *m;
|
|
|
|
|
struct ip6_hdr *ip6;
|
|
|
|
|
struct nd_neighbor_advert *nd_na;
|
|
|
|
|
struct ip6_moptions im6o;
|
Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.
The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing. Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.
Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously. Of course, all design oversights and bugs are
mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have
introduced routines for allocating, copying, and duplicating,
and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
struct sockaddr *sockaddr_copy(struct sockaddr *dst,
const struct sockaddr *src);
struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging
to the specified family, or NULL if the pool is exhausted. The
returned sockaddr has the right size for that family; sa_family
and sa_len fields are initialized to the family and sockaddr
length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
sockaddr_in). sockaddr_free() puts the given sockaddr back into
its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup()
and strcpy(), respectively. sockaddr_copy() KASSERTs that the
family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address
family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families
use struct route. I have changed the route cache, 'struct route',
so that it does not contain storage space for a sockaddr. Instead,
struct route points to a sockaddr coming from the pool the sockaddr
belongs to. I added a new method to struct route, rtcache_setdst(),
for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say,
rtcache_setdst() failed. I check the return value for NULL
everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route
caches, dom_rtcache. rtflushall(sa_family_t af) looks up the
domain indicated by 'af', walks the domain's list of route caches
and invalidates each one.
2007-05-03 00:40:22 +04:00
|
|
|
struct sockaddr *dst;
|
|
|
|
|
union {
|
|
|
|
|
struct sockaddr dst;
|
|
|
|
|
struct sockaddr_in6 dst6;
|
|
|
|
|
} u;
|
2016-10-31 07:16:25 +03:00
|
|
|
struct in6_addr daddr6;
|
2002-06-09 01:22:29 +04:00
|
|
|
int icmp6len, maxlen, error;
|
2007-08-07 08:35:42 +04:00
|
|
|
const void *mac;
|
Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.
The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing. Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.
Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously. Of course, all design oversights and bugs are
mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have
introduced routines for allocating, copying, and duplicating,
and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
struct sockaddr *sockaddr_copy(struct sockaddr *dst,
const struct sockaddr *src);
struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging
to the specified family, or NULL if the pool is exhausted. The
returned sockaddr has the right size for that family; sa_family
and sa_len fields are initialized to the family and sockaddr
length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
sockaddr_in). sockaddr_free() puts the given sockaddr back into
its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup()
and strcpy(), respectively. sockaddr_copy() KASSERTs that the
family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address
family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families
use struct route. I have changed the route cache, 'struct route',
so that it does not contain storage space for a sockaddr. Instead,
struct route points to a sockaddr coming from the pool the sockaddr
belongs to. I added a new method to struct route, rtcache_setdst(),
for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say,
rtcache_setdst() failed. I check the return value for NULL
everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route
caches, dom_rtcache. rtflushall(sa_family_t af) looks up the
domain indicated by 'af', walks the domain's list of route caches
and invalidates each one.
2007-05-03 00:40:22 +04:00
|
|
|
struct route ro;
|
2002-06-09 01:22:29 +04:00
|
|
|
|
|
|
|
|
mac = NULL;
|
2007-01-29 09:20:43 +03:00
|
|
|
memset(&ro, 0, sizeof(ro));
|
2000-02-07 08:42:28 +03:00
|
|
|
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
daddr6 = *daddr6_0; /* make a local copy for modification */
|
|
|
|
|
|
2000-02-07 08:42:28 +03:00
|
|
|
/* estimate the size of message */
|
|
|
|
|
maxlen = sizeof(*ip6) + sizeof(*nd_na);
|
|
|
|
|
maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
|
2018-05-17 15:07:48 +03:00
|
|
|
KASSERTMSG(max_linkhdr + maxlen <= MCLBYTES,
|
|
|
|
|
"max_linkhdr + maxlen > MCLBYTES (%d + %d > %d)",
|
2017-03-14 07:25:10 +03:00
|
|
|
max_linkhdr, maxlen, MCLBYTES);
|
2000-02-07 08:42:28 +03:00
|
|
|
|
|
|
|
|
MGETHDR(m, M_DONTWAIT, MT_DATA);
|
|
|
|
|
if (m && max_linkhdr + maxlen >= MHLEN) {
|
|
|
|
|
MCLGET(m, M_DONTWAIT);
|
|
|
|
|
if ((m->m_flags & M_EXT) == 0) {
|
|
|
|
|
m_free(m);
|
|
|
|
|
m = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (m == NULL)
|
1999-06-28 10:36:47 +04:00
|
|
|
return;
|
2016-06-10 16:27:10 +03:00
|
|
|
m_reset_rcvif(m);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
if (IN6_IS_ADDR_MULTICAST(&daddr6)) {
|
1999-06-28 10:36:47 +04:00
|
|
|
m->m_flags |= M_MCAST;
|
2016-06-21 06:28:27 +03:00
|
|
|
im6o.im6o_multicast_if_index = if_get_index(ifp);
|
1999-06-28 10:36:47 +04:00
|
|
|
im6o.im6o_multicast_hlim = 255;
|
|
|
|
|
im6o.im6o_multicast_loop = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
icmp6len = sizeof(*nd_na);
|
|
|
|
|
m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len;
|
2018-12-22 17:28:56 +03:00
|
|
|
m->m_data += max_linkhdr; /* or m_align() equivalent? */
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
/* fill neighbor advertisement packet */
|
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
|
ip6->ip6_flow = 0;
|
1999-12-15 09:28:43 +03:00
|
|
|
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
|
|
|
|
|
ip6->ip6_vfc |= IPV6_VERSION;
|
1999-06-28 10:36:47 +04:00
|
|
|
ip6->ip6_nxt = IPPROTO_ICMPV6;
|
|
|
|
|
ip6->ip6_hlim = 255;
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&daddr6)) {
|
1999-06-28 10:36:47 +04:00
|
|
|
/* reply to DAD */
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
daddr6.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
|
|
|
|
|
daddr6.s6_addr16[1] = 0;
|
|
|
|
|
daddr6.s6_addr32[1] = 0;
|
|
|
|
|
daddr6.s6_addr32[2] = 0;
|
|
|
|
|
daddr6.s6_addr32[3] = IPV6_ADDR_INT32_ONE;
|
|
|
|
|
if (in6_setscope(&daddr6, ifp, NULL))
|
|
|
|
|
goto bad;
|
2002-06-09 01:22:29 +04:00
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
flags &= ~ND_NA_FLAG_SOLICITED;
|
2002-06-09 01:22:29 +04:00
|
|
|
}
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
ip6->ip6_dst = daddr6;
|
Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.
The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing. Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.
Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously. Of course, all design oversights and bugs are
mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have
introduced routines for allocating, copying, and duplicating,
and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
struct sockaddr *sockaddr_copy(struct sockaddr *dst,
const struct sockaddr *src);
struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging
to the specified family, or NULL if the pool is exhausted. The
returned sockaddr has the right size for that family; sa_family
and sa_len fields are initialized to the family and sockaddr
length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
sockaddr_in). sockaddr_free() puts the given sockaddr back into
its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup()
and strcpy(), respectively. sockaddr_copy() KASSERTs that the
family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address
family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families
use struct route. I have changed the route cache, 'struct route',
so that it does not contain storage space for a sockaddr. Instead,
struct route points to a sockaddr coming from the pool the sockaddr
belongs to. I added a new method to struct route, rtcache_setdst(),
for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say,
rtcache_setdst() failed. I check the return value for NULL
everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route
caches, dom_rtcache. rtflushall(sa_family_t af) looks up the
domain indicated by 'af', walks the domain's list of route caches
and invalidates each one.
2007-05-03 00:40:22 +04:00
|
|
|
sockaddr_in6_init(&u.dst6, &daddr6, 0, 0, 0);
|
|
|
|
|
dst = &u.dst;
|
2015-04-27 13:14:44 +03:00
|
|
|
if (rtcache_setdst(&ro, dst) != 0)
|
|
|
|
|
goto bad;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Select a source whose scope is the same as that of the dest.
|
|
|
|
|
*/
|
2016-10-31 07:16:25 +03:00
|
|
|
error = in6_selectsrc(satosin6(dst), NULL, NULL, &ro, NULL, NULL, NULL,
|
|
|
|
|
&ip6->ip6_src);
|
|
|
|
|
if (error != 0) {
|
2017-01-16 10:33:36 +03:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_DEBUG, "source can't be "
|
2002-06-09 01:22:29 +04:00
|
|
|
"determined: dst=%s, error=%d\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
IN6_PRINT(ip6buf, &satocsin6(dst)->sin6_addr), error);
|
2002-06-09 01:22:29 +04:00
|
|
|
goto bad;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
nd_na = (struct nd_neighbor_advert *)(ip6 + 1);
|
|
|
|
|
nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
|
|
|
|
|
nd_na->nd_na_code = 0;
|
|
|
|
|
nd_na->nd_na_target = *taddr6;
|
Better support of IPv6 scoped addresses.
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.
This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.
From the KAME project via JINMEI Tatuya.
Approved by core@.
2006-01-21 03:15:35 +03:00
|
|
|
in6_clearscope(&nd_na->nd_na_target); /* XXX */
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* "tlladdr" indicates NS's condition for adding tlladdr or not.
|
|
|
|
|
* see nd6_ns_input() for details.
|
|
|
|
|
* Basically, if NS packet is sent to unicast/anycast addr,
|
|
|
|
|
* target lladdr option SHOULD NOT be included.
|
|
|
|
|
*/
|
2000-02-26 11:39:18 +03:00
|
|
|
if (tlladdr) {
|
|
|
|
|
/*
|
|
|
|
|
* sdl0 != NULL indicates proxy NA. If we do proxy, use
|
|
|
|
|
* lladdr in sdl0. If we are not proxying (sending NA for
|
|
|
|
|
* my address) use lladdr configured for the interface.
|
|
|
|
|
*/
|
|
|
|
|
if (sdl0 == NULL)
|
|
|
|
|
mac = nd6_ifptomac(ifp);
|
|
|
|
|
else if (sdl0->sa_family == AF_LINK) {
|
2007-08-07 08:35:42 +04:00
|
|
|
const struct sockaddr_dl *sdl;
|
|
|
|
|
sdl = satocsdl(sdl0);
|
2000-02-26 11:39:18 +03:00
|
|
|
if (sdl->sdl_alen == ifp->if_addrlen)
|
2007-08-07 08:35:42 +04:00
|
|
|
mac = CLLADDR(sdl);
|
2000-02-26 11:39:18 +03:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (tlladdr && mac) {
|
1999-06-28 10:36:47 +04:00
|
|
|
int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
|
|
|
|
|
struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1);
|
2002-06-09 18:43:10 +04:00
|
|
|
|
1999-09-20 01:31:33 +04:00
|
|
|
/* roundup to 8 bytes alignment! */
|
|
|
|
|
optlen = (optlen + 7) & ~7;
|
|
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
m->m_pkthdr.len += optlen;
|
|
|
|
|
m->m_len += optlen;
|
|
|
|
|
icmp6len += optlen;
|
2009-03-18 19:00:08 +03:00
|
|
|
memset((void *)nd_opt, 0, optlen);
|
1999-06-28 10:36:47 +04:00
|
|
|
nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR;
|
|
|
|
|
nd_opt->nd_opt_len = optlen >> 3;
|
2009-04-18 18:58:02 +04:00
|
|
|
memcpy((void *)(nd_opt + 1), mac, ifp->if_addrlen);
|
1999-06-28 10:36:47 +04:00
|
|
|
} else
|
|
|
|
|
flags &= ~ND_NA_FLAG_OVERRIDE;
|
|
|
|
|
|
2003-09-06 03:20:48 +04:00
|
|
|
ip6->ip6_plen = htons((u_int16_t)icmp6len);
|
1999-06-28 10:36:47 +04:00
|
|
|
nd_na->nd_na_flags_reserved = flags;
|
|
|
|
|
nd_na->nd_na_cksum = 0;
|
|
|
|
|
nd_na->nd_na_cksum =
|
2002-06-09 01:22:29 +04:00
|
|
|
in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2008-05-22 05:05:38 +04:00
|
|
|
ip6_output(m, NULL, NULL, 0, &im6o, NULL, NULL);
|
2001-10-18 11:44:33 +04:00
|
|
|
|
|
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_msg);
|
|
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_neighboradvert);
|
2008-04-15 07:57:04 +04:00
|
|
|
ICMP6_STATINC(ICMP6_STAT_OUTHIST + ND_NEIGHBOR_ADVERT);
|
2002-06-09 01:22:29 +04:00
|
|
|
|
Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.
The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing. Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.
Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously. Of course, all design oversights and bugs are
mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have
introduced routines for allocating, copying, and duplicating,
and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
struct sockaddr *sockaddr_copy(struct sockaddr *dst,
const struct sockaddr *src);
struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging
to the specified family, or NULL if the pool is exhausted. The
returned sockaddr has the right size for that family; sa_family
and sa_len fields are initialized to the family and sockaddr
length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
sockaddr_in). sockaddr_free() puts the given sockaddr back into
its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup()
and strcpy(), respectively. sockaddr_copy() KASSERTs that the
family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address
family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families
use struct route. I have changed the route cache, 'struct route',
so that it does not contain storage space for a sockaddr. Instead,
struct route points to a sockaddr coming from the pool the sockaddr
belongs to. I added a new method to struct route, rtcache_setdst(),
for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say,
rtcache_setdst() failed. I check the return value for NULL
everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route
caches, dom_rtcache. rtflushall(sa_family_t af) looks up the
domain indicated by 'af', walks the domain's list of route caches
and invalidates each one.
2007-05-03 00:40:22 +04:00
|
|
|
rtcache_free(&ro);
|
2002-06-09 01:22:29 +04:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
bad:
|
Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.
The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing. Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.
Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously. Of course, all design oversights and bugs are
mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have
introduced routines for allocating, copying, and duplicating,
and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
struct sockaddr *sockaddr_copy(struct sockaddr *dst,
const struct sockaddr *src);
struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging
to the specified family, or NULL if the pool is exhausted. The
returned sockaddr has the right size for that family; sa_family
and sa_len fields are initialized to the family and sockaddr
length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
sockaddr_in). sockaddr_free() puts the given sockaddr back into
its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup()
and strcpy(), respectively. sockaddr_copy() KASSERTs that the
family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address
family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families
use struct route. I have changed the route cache, 'struct route',
so that it does not contain storage space for a sockaddr. Instead,
struct route points to a sockaddr coming from the pool the sockaddr
belongs to. I added a new method to struct route, rtcache_setdst(),
for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say,
rtcache_setdst() failed. I check the return value for NULL
everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route
caches, dom_rtcache. rtflushall(sa_family_t af) looks up the
domain indicated by 'af', walks the domain's list of route caches
and invalidates each one.
2007-05-03 00:40:22 +04:00
|
|
|
rtcache_free(&ro);
|
2002-06-09 01:22:29 +04:00
|
|
|
m_freem(m);
|
|
|
|
|
return;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool
and dom_sa_len members from struct domain. Pools of fixed-size
objects are too rigid for sockaddr_dls, whose size can vary over
a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using
malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create
a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl
is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an
arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(),
sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(),
instead. Used properly, sockaddr_dl_setaddr() will not overrun
the end of the sockaddr.
2007-08-30 06:17:34 +04:00
|
|
|
const void *
|
|
|
|
|
nd6_ifptomac(const struct ifnet *ifp)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
|
|
|
|
switch (ifp->if_type) {
|
1999-09-20 01:31:33 +04:00
|
|
|
case IFT_ARCNET:
|
1999-06-28 10:36:47 +04:00
|
|
|
case IFT_ETHER:
|
|
|
|
|
case IFT_FDDI:
|
2000-11-05 20:17:12 +03:00
|
|
|
case IFT_IEEE1394:
|
2002-06-09 01:22:29 +04:00
|
|
|
case IFT_PROPVIRTUAL:
|
2006-05-18 13:05:49 +04:00
|
|
|
case IFT_CARP:
|
2002-06-09 01:22:29 +04:00
|
|
|
case IFT_L2VLAN:
|
|
|
|
|
case IFT_IEEE80211:
|
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool
and dom_sa_len members from struct domain. Pools of fixed-size
objects are too rigid for sockaddr_dls, whose size can vary over
a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using
malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create
a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl
is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an
arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(),
sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(),
instead. Used properly, sockaddr_dl_setaddr() will not overrun
the end of the sockaddr.
2007-08-30 06:17:34 +04:00
|
|
|
return CLLADDR(ifp->if_sadl);
|
1999-06-28 10:36:47 +04:00
|
|
|
default:
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TAILQ_HEAD(dadq_head, dadq);
|
|
|
|
|
struct dadq {
|
|
|
|
|
TAILQ_ENTRY(dadq) dad_list;
|
|
|
|
|
struct ifaddr *dad_ifa;
|
2018-03-06 13:57:00 +03:00
|
|
|
int dad_count; /* max NS to send */
|
|
|
|
|
int dad_ns_tcount; /* # of trials to send NS */
|
|
|
|
|
int dad_ns_ocount; /* NS sent so far */
|
|
|
|
|
int dad_ns_lcount; /* looped back NS */
|
2000-03-24 07:09:04 +03:00
|
|
|
struct callout dad_timer_ch;
|
2018-03-06 13:57:00 +03:00
|
|
|
#define ND_OPT_NONCE_STORE 3 /* dad_count should not exceed this */
|
|
|
|
|
/*
|
|
|
|
|
* The default ip6_dad_count is 1 as specified by RFC 4862 and
|
|
|
|
|
* practically must users won't exceed this.
|
|
|
|
|
* A storage of 3 is defaulted to here, in-case the administrator wants
|
|
|
|
|
* to match the equivalent behaviour in our ARP implementation.
|
|
|
|
|
* This constraint could be removed by sending the on wire nonce as
|
|
|
|
|
* hmac(key, dad_ns_ocount), but that would increase the nonce size
|
|
|
|
|
* sent on the wire.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t dad_nonce[ND_OPT_NONCE_STORE][ND_OPT_NONCE_LEN];
|
1999-06-28 10:36:47 +04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static struct dadq_head dadq;
|
2001-02-07 11:59:47 +03:00
|
|
|
static int dad_init = 0;
|
2016-07-25 07:21:19 +03:00
|
|
|
static kmutex_t nd6_dad_lock;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
static struct dadq *
|
2018-12-04 15:23:43 +03:00
|
|
|
nd6_dad_find(struct ifaddr *ifa, struct nd_opt_nonce *nonce, bool *found_nonce)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
2018-12-07 17:47:24 +03:00
|
|
|
struct in6_addr *myaddr6, *dadaddr6;
|
|
|
|
|
bool match_ifa;
|
1999-06-28 10:36:47 +04:00
|
|
|
struct dadq *dp;
|
2018-03-06 13:57:00 +03:00
|
|
|
int i, nonce_max;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2016-07-25 07:21:19 +03:00
|
|
|
KASSERT(mutex_owned(&nd6_dad_lock));
|
2018-12-07 17:47:24 +03:00
|
|
|
KASSERT(ifa != NULL);
|
|
|
|
|
|
|
|
|
|
myaddr6 = IFA_IN6(ifa);
|
|
|
|
|
if (nonce != NULL &&
|
|
|
|
|
nonce->nd_opt_nonce_len != (ND_OPT_NONCE_LEN + 2) / 8)
|
|
|
|
|
nonce = NULL;
|
|
|
|
|
match_ifa = nonce == NULL || found_nonce == NULL || *found_nonce == false;
|
|
|
|
|
if (found_nonce != NULL)
|
|
|
|
|
*found_nonce = false;
|
2016-07-25 07:21:19 +03:00
|
|
|
|
2007-03-16 02:39:51 +03:00
|
|
|
TAILQ_FOREACH(dp, &dadq, dad_list) {
|
2018-12-07 17:47:24 +03:00
|
|
|
if (match_ifa) {
|
|
|
|
|
if (dp->dad_ifa != ifa)
|
|
|
|
|
continue;
|
|
|
|
|
} else {
|
|
|
|
|
dadaddr6 = IFA_IN6(dp->dad_ifa);
|
|
|
|
|
if (!IN6_ARE_ADDR_EQUAL(myaddr6, dadaddr6))
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2018-03-06 13:57:00 +03:00
|
|
|
|
2018-12-07 17:47:24 +03:00
|
|
|
if (nonce == NULL)
|
2018-03-06 13:57:00 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
nonce_max = MIN(dp->dad_ns_ocount, ND_OPT_NONCE_STORE);
|
|
|
|
|
for (i = 0; i < nonce_max; i++) {
|
|
|
|
|
if (memcmp(nonce->nd_opt_nonce,
|
|
|
|
|
dp->dad_nonce[i],
|
|
|
|
|
ND_OPT_NONCE_LEN) == 0)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (i < nonce_max) {
|
|
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
|
|
|
|
|
2018-12-04 15:23:43 +03:00
|
|
|
*found_nonce = true;
|
2018-03-06 13:57:00 +03:00
|
|
|
log(LOG_DEBUG,
|
|
|
|
|
"%s: detected a looped back NS message for %s\n",
|
|
|
|
|
ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???",
|
2018-12-07 17:47:24 +03:00
|
|
|
IN6_PRINT(ip6buf, myaddr6));
|
2018-03-06 13:57:00 +03:00
|
|
|
dp->dad_ns_lcount++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
break;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
2018-03-06 13:57:00 +03:00
|
|
|
return dp;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
2018-12-07 17:47:24 +03:00
|
|
|
static bool
|
|
|
|
|
nd6_dad_ownnonce(struct ifaddr *ifa, struct nd_opt_nonce *nonce)
|
|
|
|
|
{
|
|
|
|
|
bool found_nonce = true;
|
|
|
|
|
|
|
|
|
|
mutex_enter(&nd6_dad_lock);
|
|
|
|
|
nd6_dad_find(ifa, nonce, &found_nonce);
|
|
|
|
|
mutex_exit(&nd6_dad_lock);
|
|
|
|
|
|
|
|
|
|
return found_nonce;
|
|
|
|
|
}
|
|
|
|
|
|
2001-02-07 11:59:47 +03:00
|
|
|
static void
|
2007-03-16 02:39:51 +03:00
|
|
|
nd6_dad_starttimer(struct dadq *dp, int ticks)
|
2001-02-07 11:59:47 +03:00
|
|
|
{
|
|
|
|
|
|
|
|
|
|
callout_reset(&dp->dad_timer_ch, ticks,
|
2018-01-16 11:13:47 +03:00
|
|
|
(void (*)(void *))nd6_dad_timer, dp);
|
2001-02-07 11:59:47 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2018-03-08 09:48:23 +03:00
|
|
|
nd6_dad_stoptimer(struct dadq *dp)
|
2001-02-07 11:59:47 +03:00
|
|
|
{
|
2018-03-08 09:48:23 +03:00
|
|
|
|
|
|
|
|
KASSERT(mutex_owned(&nd6_dad_lock));
|
2001-02-07 11:59:47 +03:00
|
|
|
|
2018-01-16 11:13:47 +03:00
|
|
|
TAILQ_REMOVE(&dadq, dp, dad_list);
|
2018-03-08 09:48:23 +03:00
|
|
|
/* Tell the timer that dp is being destroyed. */
|
2018-01-16 11:13:47 +03:00
|
|
|
dp->dad_ifa = NULL;
|
2018-03-08 09:48:23 +03:00
|
|
|
callout_halt(&dp->dad_timer_ch, &nd6_dad_lock);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
nd6_dad_destroytimer(struct dadq *dp)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
KASSERT(dp->dad_ifa == NULL);
|
|
|
|
|
callout_destroy(&dp->dad_timer_ch);
|
|
|
|
|
kmem_intr_free(dp, sizeof(*dp));
|
2001-02-07 11:59:47 +03:00
|
|
|
}
|
|
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
2006-03-03 17:07:06 +03:00
|
|
|
* Start Duplicate Address Detection (DAD) for specified interface address.
|
2007-03-16 02:39:51 +03:00
|
|
|
*
|
2014-07-01 11:51:29 +04:00
|
|
|
* Note that callout is used when xtick > 0 and not when xtick == 0.
|
|
|
|
|
*
|
2007-03-16 02:39:51 +03:00
|
|
|
* xtick: minimum delay ticks for IFF_UP event
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
|
|
|
|
void
|
2007-03-16 02:39:51 +03:00
|
|
|
nd6_dad_start(struct ifaddr *ifa, int xtick)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
|
|
|
|
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
|
|
|
|
|
struct dadq *dp;
|
2017-01-16 10:33:36 +03:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
if (!dad_init) {
|
|
|
|
|
TAILQ_INIT(&dadq);
|
2016-07-25 07:21:19 +03:00
|
|
|
mutex_init(&nd6_dad_lock, MUTEX_DEFAULT, IPL_NONE);
|
1999-06-28 10:36:47 +04:00
|
|
|
dad_init++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If we don't need DAD, don't do it.
|
|
|
|
|
* There are several cases:
|
2018-11-29 12:51:20 +03:00
|
|
|
* - DAD is disabled
|
1999-06-28 10:36:47 +04:00
|
|
|
* - the interface address is anycast
|
|
|
|
|
*/
|
|
|
|
|
if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) {
|
2000-02-07 08:42:28 +03:00
|
|
|
log(LOG_DEBUG,
|
|
|
|
|
"nd6_dad_start: called with non-tentative address "
|
1999-06-28 10:36:47 +04:00
|
|
|
"%s(%s)\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
IN6_PRINT(ip6buf, &ia->ia_addr.sin6_addr),
|
1999-12-13 18:17:17 +03:00
|
|
|
ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
|
1999-06-28 10:36:47 +04:00
|
|
|
return;
|
|
|
|
|
}
|
2018-11-29 12:51:20 +03:00
|
|
|
if (ia->ia6_flags & IN6_IFF_ANYCAST || !ip6_dad_enabled()) {
|
1999-06-28 10:36:47 +04:00
|
|
|
ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
|
2019-04-29 14:57:22 +03:00
|
|
|
rt_addrmsg(RTM_NEWADDR, ifa);
|
1999-06-28 10:36:47 +04:00
|
|
|
return;
|
|
|
|
|
}
|
2016-07-25 04:52:21 +03:00
|
|
|
KASSERT(ifa->ifa_ifp != NULL);
|
1999-06-28 10:36:47 +04:00
|
|
|
if (!(ifa->ifa_ifp->if_flags & IFF_UP))
|
|
|
|
|
return;
|
2016-07-25 07:21:19 +03:00
|
|
|
|
2017-02-21 06:58:23 +03:00
|
|
|
dp = kmem_intr_alloc(sizeof(*dp), KM_NOSLEEP);
|
|
|
|
|
|
2016-07-25 07:21:19 +03:00
|
|
|
mutex_enter(&nd6_dad_lock);
|
2018-12-04 15:23:43 +03:00
|
|
|
if (nd6_dad_find(ifa, NULL, NULL) != NULL) {
|
2016-07-25 07:21:19 +03:00
|
|
|
mutex_exit(&nd6_dad_lock);
|
1999-06-28 10:36:47 +04:00
|
|
|
/* DAD already in progress */
|
2017-02-21 06:58:23 +03:00
|
|
|
if (dp != NULL)
|
|
|
|
|
kmem_intr_free(dp, sizeof(*dp));
|
1999-06-28 10:36:47 +04:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (dp == NULL) {
|
2016-07-25 07:21:19 +03:00
|
|
|
mutex_exit(&nd6_dad_lock);
|
2000-02-07 08:42:28 +03:00
|
|
|
log(LOG_ERR, "nd6_dad_start: memory allocation failed for "
|
1999-06-28 10:36:47 +04:00
|
|
|
"%s(%s)\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
IN6_PRINT(ip6buf, &ia->ia_addr.sin6_addr),
|
1999-12-13 18:17:17 +03:00
|
|
|
ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
|
1999-06-28 10:36:47 +04:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Send NS packet for DAD, ip6_dad_count times.
|
|
|
|
|
* Note that we must delay the first transmission, if this is the
|
|
|
|
|
* first packet to be sent from the interface after interface
|
|
|
|
|
* (re)initialization.
|
|
|
|
|
*/
|
2017-02-21 06:58:23 +03:00
|
|
|
callout_init(&dp->dad_timer_ch, CALLOUT_MPSAFE);
|
1999-06-28 10:36:47 +04:00
|
|
|
dp->dad_ifa = ifa;
|
2014-09-10 00:16:12 +04:00
|
|
|
ifaref(ifa); /* just for safety */
|
1999-06-28 10:36:47 +04:00
|
|
|
dp->dad_count = ip6_dad_count;
|
1999-12-13 18:17:17 +03:00
|
|
|
dp->dad_ns_ocount = dp->dad_ns_tcount = 0;
|
2018-03-06 13:57:00 +03:00
|
|
|
dp->dad_ns_lcount = 0;
|
2016-07-25 07:21:19 +03:00
|
|
|
TAILQ_INSERT_TAIL(&dadq, (struct dadq *)dp, dad_list);
|
|
|
|
|
|
|
|
|
|
nd6log(LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp),
|
2017-01-16 18:44:46 +03:00
|
|
|
IN6_PRINT(ip6buf, &ia->ia_addr.sin6_addr));
|
2016-07-25 07:21:19 +03:00
|
|
|
|
2006-03-06 23:33:52 +03:00
|
|
|
if (xtick == 0) {
|
1999-12-13 18:17:17 +03:00
|
|
|
nd6_dad_ns_output(dp, ifa);
|
2002-06-07 11:38:51 +04:00
|
|
|
nd6_dad_starttimer(dp,
|
2003-06-27 12:41:08 +04:00
|
|
|
(long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
|
2006-03-06 02:47:08 +03:00
|
|
|
} else
|
2006-03-06 23:33:52 +03:00
|
|
|
nd6_dad_starttimer(dp, xtick);
|
2016-07-25 07:21:19 +03:00
|
|
|
mutex_exit(&nd6_dad_lock);
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
2001-02-07 11:59:47 +03:00
|
|
|
/*
|
|
|
|
|
* terminate DAD unconditionally. used for address removals.
|
|
|
|
|
*/
|
|
|
|
|
void
|
2007-03-16 02:39:51 +03:00
|
|
|
nd6_dad_stop(struct ifaddr *ifa)
|
2001-02-07 11:59:47 +03:00
|
|
|
{
|
|
|
|
|
struct dadq *dp;
|
|
|
|
|
|
|
|
|
|
if (!dad_init)
|
|
|
|
|
return;
|
2016-07-25 07:21:19 +03:00
|
|
|
|
|
|
|
|
mutex_enter(&nd6_dad_lock);
|
2018-12-04 15:23:43 +03:00
|
|
|
dp = nd6_dad_find(ifa, NULL, NULL);
|
2006-03-06 02:47:08 +03:00
|
|
|
if (dp == NULL) {
|
2016-07-25 07:21:19 +03:00
|
|
|
mutex_exit(&nd6_dad_lock);
|
2001-02-07 11:59:47 +03:00
|
|
|
/* DAD wasn't started yet */
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-25 07:21:19 +03:00
|
|
|
/* Prevent the timer from running anymore. */
|
2018-03-08 09:48:23 +03:00
|
|
|
nd6_dad_stoptimer(dp);
|
2016-07-25 07:21:19 +03:00
|
|
|
|
2018-01-16 11:13:47 +03:00
|
|
|
mutex_exit(&nd6_dad_lock);
|
2018-03-08 09:48:23 +03:00
|
|
|
|
|
|
|
|
nd6_dad_destroytimer(dp);
|
|
|
|
|
ifafree(ifa);
|
2001-02-07 11:59:47 +03:00
|
|
|
}
|
|
|
|
|
|
1999-06-28 10:36:47 +04:00
|
|
|
static void
|
2018-01-16 11:13:47 +03:00
|
|
|
nd6_dad_timer(struct dadq *dp)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
2018-01-16 11:13:47 +03:00
|
|
|
struct ifaddr *ifa;
|
|
|
|
|
struct in6_ifaddr *ia;
|
2017-01-16 10:33:36 +03:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
2017-02-21 06:58:23 +03:00
|
|
|
bool need_free = false;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2018-03-08 09:48:23 +03:00
|
|
|
KERNEL_LOCK_UNLESS_NET_MPSAFE();
|
2016-07-25 07:21:19 +03:00
|
|
|
mutex_enter(&nd6_dad_lock);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2018-01-16 11:13:47 +03:00
|
|
|
ifa = dp->dad_ifa;
|
|
|
|
|
if (ifa == NULL) {
|
2018-03-08 09:48:23 +03:00
|
|
|
/* dp is being destroyed by someone. Do nothing. */
|
1999-06-28 10:36:47 +04:00
|
|
|
goto done;
|
|
|
|
|
}
|
2018-01-16 11:13:47 +03:00
|
|
|
|
|
|
|
|
ia = (struct in6_ifaddr *)ifa;
|
1999-06-28 10:36:47 +04:00
|
|
|
if (ia->ia6_flags & IN6_IFF_DUPLICATED) {
|
2006-03-03 17:07:06 +03:00
|
|
|
log(LOG_ERR, "nd6_dad_timer: called with duplicate address "
|
1999-06-28 10:36:47 +04:00
|
|
|
"%s(%s)\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
IN6_PRINT(ip6buf, &ia->ia_addr.sin6_addr),
|
1999-12-13 18:17:17 +03:00
|
|
|
ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
|
1999-06-28 10:36:47 +04:00
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) {
|
2000-02-07 08:42:28 +03:00
|
|
|
log(LOG_ERR, "nd6_dad_timer: called with non-tentative address "
|
1999-06-28 10:36:47 +04:00
|
|
|
"%s(%s)\n",
|
2017-01-16 18:44:46 +03:00
|
|
|
IN6_PRINT(ip6buf, &ia->ia_addr.sin6_addr),
|
1999-12-13 18:17:17 +03:00
|
|
|
ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
|
|
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* timeouted with IFF_{RUNNING,UP} check */
|
|
|
|
|
if (dp->dad_ns_tcount > dad_maxtry) {
|
2016-04-01 11:12:00 +03:00
|
|
|
nd6log(LOG_INFO, "%s: could not run DAD, driver problem?\n",
|
|
|
|
|
if_name(ifa->ifa_ifp));
|
1999-12-13 18:17:17 +03:00
|
|
|
|
2018-03-08 09:48:23 +03:00
|
|
|
nd6_dad_stoptimer(dp);
|
2017-02-21 06:58:23 +03:00
|
|
|
need_free = true;
|
1999-06-28 10:36:47 +04:00
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Need more checks? */
|
2005-02-10 05:57:17 +03:00
|
|
|
if (dp->dad_ns_ocount < dp->dad_count) {
|
1999-06-28 10:36:47 +04:00
|
|
|
/*
|
|
|
|
|
* We have more NS to go. Send NS packet for DAD.
|
|
|
|
|
*/
|
1999-12-13 18:17:17 +03:00
|
|
|
nd6_dad_ns_output(dp, ifa);
|
2002-06-07 11:38:51 +04:00
|
|
|
nd6_dad_starttimer(dp,
|
2003-06-27 12:41:08 +04:00
|
|
|
(long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
|
1999-06-28 10:36:47 +04:00
|
|
|
} else {
|
|
|
|
|
/*
|
2018-12-04 15:23:43 +03:00
|
|
|
* We are done with DAD. No NA came, no NS came.
|
|
|
|
|
* No duplicate address found.
|
1999-06-28 10:36:47 +04:00
|
|
|
*/
|
2018-12-04 15:23:43 +03:00
|
|
|
ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
|
2019-04-29 14:57:22 +03:00
|
|
|
rt_addrmsg(RTM_NEWADDR, ifa);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2018-12-04 15:23:43 +03:00
|
|
|
nd6log(LOG_DEBUG,
|
|
|
|
|
"%s: DAD complete for %s - no duplicates found\n",
|
|
|
|
|
if_name(ifa->ifa_ifp),
|
|
|
|
|
IN6_PRINT(ip6buf, &ia->ia_addr.sin6_addr));
|
1999-07-10 23:46:10 +04:00
|
|
|
|
2018-12-04 15:23:43 +03:00
|
|
|
nd6_dad_stoptimer(dp);
|
|
|
|
|
need_free = true;
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
done:
|
2016-07-25 07:21:19 +03:00
|
|
|
mutex_exit(&nd6_dad_lock);
|
2016-11-16 00:17:07 +03:00
|
|
|
|
2017-02-21 06:58:23 +03:00
|
|
|
if (need_free) {
|
2018-03-08 09:48:23 +03:00
|
|
|
nd6_dad_destroytimer(dp);
|
|
|
|
|
KASSERT(ifa != NULL);
|
|
|
|
|
ifafree(ifa);
|
2017-02-21 06:58:23 +03:00
|
|
|
}
|
|
|
|
|
|
2018-03-08 09:48:23 +03:00
|
|
|
KERNEL_UNLOCK_UNLESS_NET_MPSAFE();
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
2016-12-14 07:05:11 +03:00
|
|
|
static void
|
2019-04-29 19:12:30 +03:00
|
|
|
nd6_dad_duplicated(struct ifaddr *ifa, struct dadq *dp,
|
|
|
|
|
const struct sockaddr_dl *from)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
2018-02-24 10:40:40 +03:00
|
|
|
struct in6_ifaddr *ia;
|
2006-03-06 02:47:08 +03:00
|
|
|
struct ifnet *ifp;
|
2019-04-29 19:12:30 +03:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN], llabuf[LLA_ADDRSTRLEN], *llastr;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2018-02-24 10:40:40 +03:00
|
|
|
KASSERT(mutex_owned(&nd6_dad_lock));
|
|
|
|
|
KASSERT(ifa != NULL);
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2006-03-06 02:47:08 +03:00
|
|
|
ifp = ifa->ifa_ifp;
|
2018-02-24 10:40:40 +03:00
|
|
|
ia = (struct in6_ifaddr *)ifa;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
|
|
|
|
ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
|
|
|
|
|
ia->ia6_flags |= IN6_IFF_DUPLICATED;
|
|
|
|
|
|
2019-04-29 19:12:30 +03:00
|
|
|
if (__predict_false(from == NULL))
|
|
|
|
|
llastr = NULL;
|
|
|
|
|
else
|
|
|
|
|
llastr = lla_snprintf(llabuf, sizeof(llabuf),
|
|
|
|
|
CLLADDR(from), from->sdl_alen);
|
|
|
|
|
|
|
|
|
|
log(LOG_ERR, "%s: DAD duplicate address %s from %s\n",
|
|
|
|
|
if_name(ifp), IN6_PRINT(ip6buf, &ia->ia_addr.sin6_addr), llastr);
|
2006-03-06 02:47:08 +03:00
|
|
|
|
2013-05-21 12:37:27 +04:00
|
|
|
/* Inform the routing socket that DAD has completed */
|
2019-04-29 19:12:30 +03:00
|
|
|
rt_addrmsg_src(RTM_NEWADDR, ifa, (const struct sockaddr *)from);
|
2013-05-21 12:37:27 +04:00
|
|
|
|
2006-03-06 02:47:08 +03:00
|
|
|
/*
|
|
|
|
|
* If the address is a link-local address formed from an interface
|
|
|
|
|
* identifier based on the hardware address which is supposed to be
|
|
|
|
|
* uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP
|
|
|
|
|
* operation on the interface SHOULD be disabled.
|
|
|
|
|
* [rfc2462bis-03 Section 5.4.5]
|
|
|
|
|
*/
|
|
|
|
|
if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
|
|
|
|
|
struct in6_addr in6;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* To avoid over-reaction, we only apply this logic when we are
|
|
|
|
|
* very sure that hardware addresses are supposed to be unique.
|
|
|
|
|
*/
|
|
|
|
|
switch (ifp->if_type) {
|
|
|
|
|
case IFT_ETHER:
|
|
|
|
|
case IFT_FDDI:
|
|
|
|
|
case IFT_ATM:
|
|
|
|
|
case IFT_IEEE1394:
|
|
|
|
|
case IFT_IEEE80211:
|
|
|
|
|
in6 = ia->ia_addr.sin6_addr;
|
|
|
|
|
if (in6_get_hw_ifid(ifp, &in6) == 0 &&
|
|
|
|
|
IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, &in6)) {
|
|
|
|
|
ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED;
|
|
|
|
|
log(LOG_ERR, "%s: possible hardware address "
|
|
|
|
|
"duplication detected, disable IPv6\n",
|
|
|
|
|
if_name(ifp));
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
|
|
|
|
|
1999-12-13 18:17:17 +03:00
|
|
|
static void
|
2007-03-16 02:39:51 +03:00
|
|
|
nd6_dad_ns_output(struct dadq *dp, struct ifaddr *ifa)
|
1999-12-13 18:17:17 +03:00
|
|
|
{
|
|
|
|
|
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
|
|
|
|
|
struct ifnet *ifp = ifa->ifa_ifp;
|
2018-03-06 13:57:00 +03:00
|
|
|
uint8_t *nonce;
|
1999-12-13 18:17:17 +03:00
|
|
|
|
|
|
|
|
dp->dad_ns_tcount++;
|
|
|
|
|
if ((ifp->if_flags & IFF_UP) == 0) {
|
|
|
|
|
#if 0
|
|
|
|
|
printf("%s: interface down?\n", if_name(ifp));
|
|
|
|
|
#endif
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if ((ifp->if_flags & IFF_RUNNING) == 0) {
|
|
|
|
|
#if 0
|
|
|
|
|
printf("%s: interface not running?\n", if_name(ifp));
|
|
|
|
|
#endif
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2006-06-28 20:43:43 +04:00
|
|
|
dp->dad_ns_tcount = 0;
|
2018-03-06 13:57:00 +03:00
|
|
|
nonce = dp->dad_nonce[dp->dad_ns_ocount % ND_OPT_NONCE_STORE];
|
|
|
|
|
cprng_fast(nonce, ND_OPT_NONCE_LEN);
|
1999-12-13 18:17:17 +03:00
|
|
|
dp->dad_ns_ocount++;
|
2018-03-06 13:57:00 +03:00
|
|
|
|
|
|
|
|
nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL, nonce);
|
1999-12-13 18:17:17 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2019-04-29 19:12:30 +03:00
|
|
|
nd6_dad_input(struct ifaddr *ifa, struct nd_opt_nonce *nonce,
|
|
|
|
|
const struct sockaddr_dl *from)
|
1999-06-28 10:36:47 +04:00
|
|
|
{
|
|
|
|
|
struct dadq *dp;
|
2018-12-04 15:23:43 +03:00
|
|
|
bool found_nonce = false;
|
1999-06-28 10:36:47 +04:00
|
|
|
|
2018-12-04 15:23:43 +03:00
|
|
|
KASSERT(ifa != NULL);
|
2016-07-25 07:21:19 +03:00
|
|
|
|
|
|
|
|
mutex_enter(&nd6_dad_lock);
|
2018-12-04 15:23:43 +03:00
|
|
|
dp = nd6_dad_find(ifa, nonce, &found_nonce);
|
|
|
|
|
if (!found_nonce) {
|
2019-04-29 19:12:30 +03:00
|
|
|
nd6_dad_duplicated(ifa, dp, from);
|
2018-12-04 15:23:43 +03:00
|
|
|
if (dp != NULL)
|
2018-03-08 09:48:23 +03:00
|
|
|
nd6_dad_stoptimer(dp);
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|
2018-02-24 10:40:40 +03:00
|
|
|
mutex_exit(&nd6_dad_lock);
|
2018-12-04 15:23:43 +03:00
|
|
|
if (dp != NULL) {
|
2018-03-08 09:48:23 +03:00
|
|
|
nd6_dad_destroytimer(dp);
|
|
|
|
|
ifafree(ifa);
|
|
|
|
|
}
|
1999-06-28 10:36:47 +04:00
|
|
|
}
|