Kind of sync makewhatis.local with FreeBSD. Ignore r/o directories.
[dragonfly.git] / sys / netinet / if_ether.c
CommitLineData
f3ed2586
JH
1/*
2 * Copyright (c) 2004, 2005 The DragonFly Project. All rights reserved.
3 *
4 * This code is derived from software contributed to The DragonFly Project
5 * by Jeffrey M. Hsu.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of The DragonFly Project nor the names of its
16 * contributors may be used to endorse or promote products derived
17 * from this software without specific, prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
25 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
27 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
29 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
984263bc
MD
33/*
34 * Copyright (c) 1982, 1986, 1988, 1993
35 * The Regents of the University of California. All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
dc71b7ab 45 * 3. Neither the name of the University nor the names of its contributors
984263bc
MD
46 * may be used to endorse or promote products derived from this software
47 * without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59 * SUCH DAMAGE.
60 *
61 * @(#)if_ether.c 8.1 (Berkeley) 6/10/93
62 * $FreeBSD: src/sys/netinet/if_ether.c,v 1.64.2.23 2003/04/11 07:23:15 fjoe Exp $
63 */
64
65/*
66 * Ethernet address resolution protocol.
67 * TODO:
68 * add "inuse/lock" bit (or ref. count) along with valid bit
69 */
70
71#include "opt_inet.h"
0d16ba1d 72#include "opt_carp.h"
984263bc
MD
73
74#include <sys/param.h>
75#include <sys/kernel.h>
76#include <sys/queue.h>
77#include <sys/sysctl.h>
78#include <sys/systm.h>
79#include <sys/mbuf.h>
80#include <sys/malloc.h>
81#include <sys/socket.h>
82#include <sys/syslog.h>
65fd4168 83#include <sys/lock.h>
984263bc
MD
84
85#include <net/if.h>
86#include <net/if_dl.h>
87#include <net/if_types.h>
88#include <net/route.h>
89#include <net/netisr.h>
90#include <net/if_llc.h>
984263bc
MD
91
92#include <netinet/in.h>
93#include <netinet/in_var.h>
94#include <netinet/if_ether.h>
95
4599cf19
MD
96#include <sys/thread2.h>
97#include <sys/msgport2.h>
98#include <net/netmsg2.h>
5337421c 99#include <net/netisr2.h>
684a93c4 100#include <sys/mplock2.h>
4599cf19 101
0d16ba1d
MD
102#ifdef CARP
103#include <netinet/ip_carp.h>
104#endif
105
984263bc
MD
106#define SIN(s) ((struct sockaddr_in *)s)
107#define SDL(s) ((struct sockaddr_dl *)s)
108
5d7d9171
SZ
109MALLOC_DEFINE(M_ARP, "arp", "ARP");
110
984263bc
MD
111SYSCTL_DECL(_net_link_ether);
112SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, "");
113
114/* timer values */
115static int arpt_prune = (5*60*1); /* walk list every 5 minutes */
116static int arpt_keep = (20*60); /* once resolved, good for 20 more minutes */
117static int arpt_down = 20; /* once declared down, don't send for 20 sec */
118
119SYSCTL_INT(_net_link_ether_inet, OID_AUTO, prune_intvl, CTLFLAG_RW,
120 &arpt_prune, 0, "");
f23061d4 121SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW,
984263bc
MD
122 &arpt_keep, 0, "");
123SYSCTL_INT(_net_link_ether_inet, OID_AUTO, host_down_time, CTLFLAG_RW,
124 &arpt_down, 0, "");
125
f23061d4 126#define rt_expire rt_rmx.rmx_expire
984263bc
MD
127
128struct llinfo_arp {
129 LIST_ENTRY(llinfo_arp) la_le;
130 struct rtentry *la_rt;
131 struct mbuf *la_hold; /* last packet until resolved/timeout */
a916e847 132 u_short la_preempt; /* countdown for pre-expiry arps */
984263bc 133 u_short la_asked; /* #times we QUERIED following expiration */
984263bc
MD
134};
135
984263bc
MD
136static int arp_maxtries = 5;
137static int useloopback = 1; /* use loopback interface for local traffic */
138static int arp_proxyall = 0;
70d9a675
MD
139static int arp_refresh = 60; /* refresh arp cache ~60 (not impl yet) */
140static int arp_restricted_match = 0;
0a125a6d 141static int arp_ignore_probes = 1;
984263bc
MD
142
143SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW,
19a2058e 144 &arp_maxtries, 0, "ARP resolution attempts before returning error");
984263bc 145SYSCTL_INT(_net_link_ether_inet, OID_AUTO, useloopback, CTLFLAG_RW,
19a2058e 146 &useloopback, 0, "Use the loopback interface for local traffic");
984263bc 147SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW,
19a2058e 148 &arp_proxyall, 0, "Enable proxy ARP for all suitable requests");
70d9a675
MD
149SYSCTL_INT(_net_link_ether_inet, OID_AUTO, restricted_match, CTLFLAG_RW,
150 &arp_restricted_match, 0, "Only match against the sender");
151SYSCTL_INT(_net_link_ether_inet, OID_AUTO, refresh, CTLFLAG_RW,
152 &arp_refresh, 0, "Preemptively refresh the ARP");
0a125a6d
SZ
153SYSCTL_INT(_net_link_ether_inet, OID_AUTO, ignore_probes, CTLFLAG_RW,
154 &arp_ignore_probes, 0, "Ignore ARP probes");
984263bc 155
3ffea39d 156static void arp_rtrequest(int, struct rtentry *);
1dfeb73c
SZ
157static void arprequest(struct ifnet *, const struct in_addr *,
158 const struct in_addr *, const u_char *);
159static void arprequest_async(struct ifnet *, const struct in_addr *,
160 const struct in_addr *, const u_char *);
002c1265 161static void arpintr(netmsg_t msg);
799975d0
SZ
162static void arptfree(struct llinfo_arp *);
163static void arptimer(void *);
164static struct llinfo_arp *
125186e0 165 arplookup(in_addr_t, boolean_t, boolean_t, boolean_t);
984263bc 166#ifdef INET
799975d0 167static void in_arpinput(struct mbuf *);
858ae8d6
SZ
168static void in_arpreply(struct mbuf *m, in_addr_t, in_addr_t);
169static void arp_update_msghandler(netmsg_t);
170static void arp_reply_msghandler(netmsg_t);
984263bc
MD
171#endif
172
f9bba59b 173struct arp_pcpu_data {
5d7d9171 174 LIST_HEAD(, llinfo_arp) llinfo_list;
39de498b
SZ
175 struct callout timer_ch;
176 struct netmsg_base timer_nmsg;
5d7d9171 177};
39de498b 178
5d7d9171 179static struct arp_pcpu_data *arp_data[MAXCPU];
ac311540 180
984263bc
MD
181/*
182 * Timeout routine. Age arp_tab entries periodically.
183 */
984263bc 184static void
39de498b 185arptimer_dispatch(netmsg_t nmsg)
984263bc 186{
5d7d9171 187 struct arp_pcpu_data *ad = nmsg->lmsg.u.ms_resultp;
2e9572df 188 struct llinfo_arp *la, *nla;
984263bc 189
43dbcc2a
SZ
190 ASSERT_NETISR_NCPUS(mycpuid);
191
39de498b 192 /* Reply ASAP */
1cae611f 193 crit_enter();
5d7d9171 194 netisr_replymsg(&nmsg->base, 0);
39de498b
SZ
195 crit_exit();
196
f9bba59b 197 LIST_FOREACH_MUTABLE(la, &ad->llinfo_list, la_le, nla) {
cec73927 198 if (la->la_rt->rt_expire && la->la_rt->rt_expire <= time_uptime)
799975d0 199 arptfree(la);
984263bc 200 }
5d7d9171 201 callout_reset(&ad->timer_ch, arpt_prune * hz, arptimer, &ad->timer_nmsg);
39de498b
SZ
202}
203
204static void
5d7d9171 205arptimer(void *xnm)
39de498b 206{
5d7d9171
SZ
207 struct netmsg_base *nm = xnm;
208
209 KKASSERT(mycpuid < netisr_ncpus);
39de498b
SZ
210
211 crit_enter();
5d7d9171
SZ
212 if (nm->lmsg.ms_flags & MSGF_DONE)
213 netisr_sendmsg_oncpu(nm);
1cae611f 214 crit_exit();
984263bc
MD
215}
216
217/*
218 * Parallel to llc_rtrequest.
30220c17
MD
219 *
220 * Called after a route is successfully added to the tree to fix-up the
221 * route and initiate arp operations if required.
984263bc
MD
222 */
223static void
3ffea39d 224arp_rtrequest(int req, struct rtentry *rt)
984263bc 225{
2256ba69 226 struct sockaddr *gate = rt->rt_gateway;
f23061d4
JH
227 struct llinfo_arp *la = rt->rt_llinfo;
228
5fe66e68 229 struct sockaddr_dl null_sdl = { sizeof null_sdl, AF_LINK };
984263bc 230
984263bc
MD
231 if (rt->rt_flags & RTF_GATEWAY)
232 return;
984263bc 233
f23061d4 234 switch (req) {
984263bc
MD
235 case RTM_ADD:
236 /*
237 * XXX: If this is a manually added route to interface
238 * such as older version of routed or gated might provide,
239 * restore cloning bit.
240 */
f23061d4 241 if (!(rt->rt_flags & RTF_HOST) &&
984263bc
MD
242 SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff)
243 rt->rt_flags |= RTF_CLONING;
244 if (rt->rt_flags & RTF_CLONING) {
245 /*
246 * Case 1: This route should come from a route to iface.
247 */
248 rt_setgate(rt, rt_key(rt),
afe44b68
SZ
249 (struct sockaddr *)&null_sdl,
250 RTL_DONTREPORT);
984263bc
MD
251 gate = rt->rt_gateway;
252 SDL(gate)->sdl_type = rt->rt_ifp->if_type;
253 SDL(gate)->sdl_index = rt->rt_ifp->if_index;
cec73927 254 rt->rt_expire = time_uptime;
984263bc
MD
255 break;
256 }
5186e68e
SZ
257 /*
258 * Announce a new entry if requested, and only announce it
259 * once on cpu0.
260 */
261 if ((rt->rt_flags & RTF_ANNOUNCE) && mycpuid == 0) {
43dbcc2a 262 arprequest(rt->rt_ifp,
984263bc
MD
263 &SIN(rt_key(rt))->sin_addr,
264 &SIN(rt_key(rt))->sin_addr,
f23061d4 265 LLADDR(SDL(gate)));
9c94ab97 266 }
984263bc
MD
267 /*FALLTHROUGH*/
268 case RTM_RESOLVE:
269 if (gate->sa_family != AF_LINK ||
f23061d4 270 gate->sa_len < sizeof(struct sockaddr_dl)) {
984263bc
MD
271 log(LOG_DEBUG, "arp_rtrequest: bad gateway value\n");
272 break;
273 }
274 SDL(gate)->sdl_type = rt->rt_ifp->if_type;
275 SDL(gate)->sdl_index = rt->rt_ifp->if_index;
f23061d4 276 if (la != NULL)
984263bc
MD
277 break; /* This happens on a route change */
278 /*
279 * Case 2: This route may come from cloning, or a manual route
280 * add with a LL address.
281 */
0c3c561c 282 R_Malloc(la, struct llinfo_arp *, sizeof *la);
f23061d4
JH
283 rt->rt_llinfo = la;
284 if (la == NULL) {
984263bc
MD
285 log(LOG_DEBUG, "arp_rtrequest: malloc failed\n");
286 break;
287 }
f23061d4 288 bzero(la, sizeof *la);
984263bc
MD
289 la->la_rt = rt;
290 rt->rt_flags |= RTF_LLINFO;
5d7d9171 291 LIST_INSERT_HEAD(&arp_data[mycpuid]->llinfo_list, la, la_le);
984263bc
MD
292
293#ifdef INET
294 /*
295 * This keeps the multicast addresses from showing up
296 * in `arp -a' listings as unresolved. It's not actually
297 * functional. Then the same for broadcast.
298 */
ce6da440 299 if (IN_MULTICAST(ntohl(SIN(rt_key(rt))->sin_addr.s_addr))) {
984263bc
MD
300 ETHER_MAP_IP_MULTICAST(&SIN(rt_key(rt))->sin_addr,
301 LLADDR(SDL(gate)));
302 SDL(gate)->sdl_alen = 6;
303 rt->rt_expire = 0;
304 }
305 if (in_broadcast(SIN(rt_key(rt))->sin_addr, rt->rt_ifp)) {
c401f0fd 306 memcpy(LLADDR(SDL(gate)), rt->rt_ifp->if_broadcastaddr,
984263bc
MD
307 rt->rt_ifp->if_addrlen);
308 SDL(gate)->sdl_alen = rt->rt_ifp->if_addrlen;
309 rt->rt_expire = 0;
310 }
311#endif
312
30220c17
MD
313 /*
314 * This fixes up the routing interface for local addresses.
315 * The route is adjusted to point at lo0 and the expiration
316 * timer is disabled.
317 *
318 * NOTE: This prevents locally targetted traffic from going
319 * out the hardware interface, which is inefficient
320 * and might not work if the hardware cannot listen
321 * to its own transmitted packets. Setting
322 * net.link.ether.inet.useloopback to 0 will force
323 * packets for local addresses out the hardware (and
324 * it is expected to receive its own packet).
325 *
326 * XXX We should just be able to test RTF_LOCAL here instead
327 * of having to compare IPs.
328 */
984263bc
MD
329 if (SIN(rt_key(rt))->sin_addr.s_addr ==
330 (IA_SIN(rt->rt_ifa))->sin_addr.s_addr) {
984263bc 331 rt->rt_expire = 0;
2e9572df 332 bcopy(IF_LLADDR(rt->rt_ifp), LLADDR(SDL(gate)),
984263bc
MD
333 SDL(gate)->sdl_alen = rt->rt_ifp->if_addrlen);
334 if (useloopback)
335 rt->rt_ifp = loif;
984263bc
MD
336 }
337 break;
338
339 case RTM_DELETE:
f23061d4 340 if (la == NULL)
984263bc 341 break;
984263bc 342 LIST_REMOVE(la, la_le);
f23061d4 343 rt->rt_llinfo = NULL;
984263bc 344 rt->rt_flags &= ~RTF_LLINFO;
f23061d4 345 if (la->la_hold != NULL)
984263bc 346 m_freem(la->la_hold);
f23061d4 347 Free(la);
799975d0 348 break;
984263bc
MD
349 }
350}
351
77e3dc77 352static struct mbuf *
1dfeb73c
SZ
353arpreq_alloc(struct ifnet *ifp, const struct in_addr *sip,
354 const struct in_addr *tip, const u_char *enaddr)
984263bc 355{
2256ba69 356 struct mbuf *m;
2256ba69 357 struct arphdr *ah;
984263bc
MD
358 u_short ar_hrd;
359
b5523eac 360 if ((m = m_gethdr(M_NOWAIT, MT_DATA)) == NULL)
77e3dc77 361 return NULL;
69e8ff02 362 m->m_pkthdr.rcvif = NULL;
f23061d4 363
984263bc 364 switch (ifp->if_type) {
984263bc
MD
365 case IFT_ETHER:
366 /*
367 * This may not be correct for types not explicitly
368 * listed, but this is our best guess
369 */
370 default:
371 ar_hrd = htons(ARPHRD_ETHER);
372
373 m->m_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr));
374 m->m_pkthdr.len = m->m_len;
375 MH_ALIGN(m, m->m_len);
376
984263bc
MD
377 ah = mtod(m, struct arphdr *);
378 break;
379 }
380
381 ah->ar_hrd = ar_hrd;
382 ah->ar_pro = htons(ETHERTYPE_IP);
383 ah->ar_hln = ifp->if_addrlen; /* hardware address length */
384 ah->ar_pln = sizeof(struct in_addr); /* protocol address length */
385 ah->ar_op = htons(ARPOP_REQUEST);
f23061d4 386 memcpy(ar_sha(ah), enaddr, ah->ar_hln);
984263bc 387 memset(ar_tha(ah), 0, ah->ar_hln);
f23061d4
JH
388 memcpy(ar_spa(ah), sip, ah->ar_pln);
389 memcpy(ar_tpa(ah), tip, ah->ar_pln);
984263bc 390
77e3dc77
SZ
391 return m;
392}
393
394static void
395arpreq_send(struct ifnet *ifp, struct mbuf *m)
396{
397 struct sockaddr sa;
398 struct ether_header *eh;
399
43dbcc2a
SZ
400 ASSERT_NETISR_NCPUS(mycpuid);
401
77e3dc77
SZ
402 switch (ifp->if_type) {
403 case IFT_ETHER:
404 /*
405 * This may not be correct for types not explicitly
406 * listed, but this is our best guess
407 */
408 default:
409 eh = (struct ether_header *)sa.sa_data;
410 /* if_output() will not swap */
411 eh->ether_type = htons(ETHERTYPE_ARP);
412 memcpy(eh->ether_dhost, ifp->if_broadcastaddr, ifp->if_addrlen);
413 break;
414 }
415
984263bc 416 sa.sa_family = AF_UNSPEC;
77e3dc77 417 sa.sa_len = sizeof(sa);
799975d0 418 ifp->if_output(ifp, m, &sa, NULL);
984263bc
MD
419}
420
77e3dc77 421static void
002c1265 422arpreq_send_handler(netmsg_t msg)
77e3dc77 423{
002c1265
MD
424 struct mbuf *m = msg->packet.nm_packet;
425 struct ifnet *ifp = msg->lmsg.u.ms_resultp;
77e3dc77
SZ
426
427 arpreq_send(ifp, m);
428 /* nmsg was embedded in the mbuf, do not reply! */
429}
430
431/*
432 * Broadcast an ARP request. Caller specifies:
433 * - arp header source ip address
434 * - arp header target ip address
435 * - arp header source ethernet address
436 *
437 * NOTE: Caller MUST NOT hold ifp's serializer
438 */
439static void
1dfeb73c
SZ
440arprequest(struct ifnet *ifp, const struct in_addr *sip,
441 const struct in_addr *tip, const u_char *enaddr)
77e3dc77
SZ
442{
443 struct mbuf *m;
444
43dbcc2a
SZ
445 ASSERT_NETISR_NCPUS(mycpuid);
446
70d9a675
MD
447 if (enaddr == NULL) {
448 if (ifp->if_bridge) {
449 enaddr = IF_LLADDR(ether_bridge_interface(ifp));
450 } else {
451 enaddr = IF_LLADDR(ifp);
452 }
453 }
454
77e3dc77
SZ
455 m = arpreq_alloc(ifp, sip, tip, enaddr);
456 if (m == NULL)
457 return;
458 arpreq_send(ifp, m);
459}
460
461/*
462 * Same as arprequest(), except:
463 * - Caller is allowed to hold ifp's serializer
c3c96e44 464 * - Network output is done in protocol thead
77e3dc77
SZ
465 */
466static void
1dfeb73c
SZ
467arprequest_async(struct ifnet *ifp, const struct in_addr *sip,
468 const struct in_addr *tip, const u_char *enaddr)
77e3dc77
SZ
469{
470 struct mbuf *m;
471 struct netmsg_packet *pmsg;
43dbcc2a 472 int cpu;
77e3dc77 473
70d9a675
MD
474 if (enaddr == NULL) {
475 if (ifp->if_bridge) {
476 enaddr = IF_LLADDR(ether_bridge_interface(ifp));
477 } else {
478 enaddr = IF_LLADDR(ifp);
479 }
480 }
77e3dc77
SZ
481 m = arpreq_alloc(ifp, sip, tip, enaddr);
482 if (m == NULL)
483 return;
484
485 pmsg = &m->m_hdr.mh_netmsg;
002c1265 486 netmsg_init(&pmsg->base, NULL, &netisr_apanic_rport,
48e7b118 487 0, arpreq_send_handler);
77e3dc77 488 pmsg->nm_packet = m;
002c1265 489 pmsg->base.lmsg.u.ms_resultp = ifp;
77e3dc77 490
43dbcc2a
SZ
491 if (mycpuid < netisr_ncpus)
492 cpu = mycpuid;
493 else
494 cpu = 0;
495 lwkt_sendmsg(netisr_cpuport(cpu), &pmsg->base.lmsg);
77e3dc77
SZ
496}
497
984263bc
MD
498/*
499 * Resolve an IP address into an ethernet address. If success,
500 * desten is filled in. If there is no entry in arptab,
501 * set one up and broadcast a request for the IP address.
502 * Hold onto this mbuf and resend it once the address
503 * is finally resolved. A return value of 1 indicates
504 * that desten has been filled in and the packet should be sent
505 * normally; a 0 return indicates that the packet has been
506 * taken over here, either now or for later transmission.
507 */
508int
799975d0
SZ
509arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m,
510 struct sockaddr *dst, u_char *desten)
984263bc 511{
18c42749 512 struct rtentry *rt = NULL;
f23061d4 513 struct llinfo_arp *la = NULL;
984263bc
MD
514 struct sockaddr_dl *sdl;
515
516 if (m->m_flags & M_BCAST) { /* broadcast */
c401f0fd 517 memcpy(desten, ifp->if_broadcastaddr, ifp->if_addrlen);
984263bc
MD
518 return (1);
519 }
ce6da440 520 if (m->m_flags & M_MCAST) {/* multicast */
984263bc 521 ETHER_MAP_IP_MULTICAST(&SIN(dst)->sin_addr, desten);
f23061d4 522 return (1);
984263bc 523 }
f23061d4
JH
524 if (rt0 != NULL) {
525 if (rt_llroute(dst, rt0, &rt) != 0) {
526 m_freem(m);
527 return 0;
528 }
529 la = rt->rt_llinfo;
530 }
531 if (la == NULL) {
125186e0
SZ
532 la = arplookup(SIN(dst)->sin_addr.s_addr,
533 TRUE, RTL_REPORTMSG, FALSE);
f23061d4 534 if (la != NULL)
984263bc
MD
535 rt = la->la_rt;
536 }
f23061d4 537 if (la == NULL || rt == NULL) {
54ba75e6
SZ
538 char addr[INET_ADDRSTRLEN];
539
984263bc 540 log(LOG_DEBUG, "arpresolve: can't allocate llinfo for %s%s%s\n",
54ba75e6 541 kinet_ntoa(SIN(dst)->sin_addr, addr), la ? "la" : " ",
5fe66e68 542 rt ? "rt" : "");
984263bc
MD
543 m_freem(m);
544 return (0);
545 }
546 sdl = SDL(rt->rt_gateway);
547 /*
548 * Check the address family and length is valid, the address
549 * is resolved; otherwise, try to resolve.
550 */
cec73927 551 if ((rt->rt_expire == 0 || rt->rt_expire > time_uptime) &&
984263bc
MD
552 sdl->sdl_family == AF_LINK && sdl->sdl_alen != 0) {
553 /*
554 * If entry has an expiry time and it is approaching,
555 * see if we need to send an ARP request within this
556 * arpt_down interval.
557 */
558 if ((rt->rt_expire != 0) &&
cec73927 559 (time_uptime + la->la_preempt > rt->rt_expire)) {
984263bc
MD
560 arprequest(ifp,
561 &SIN(rt->rt_ifa->ifa_addr)->sin_addr,
562 &SIN(dst)->sin_addr,
70d9a675 563 NULL);
a916e847 564 la->la_preempt--;
f23061d4 565 }
984263bc
MD
566
567 bcopy(LLADDR(sdl), desten, sdl->sdl_alen);
568 return 1;
569 }
570 /*
07813904 571 * If ARP is disabled or static on this interface, stop.
984263bc
MD
572 * XXX
573 * Probably should not allocate empty llinfo struct if we are
574 * not going to be sending out an arp request.
575 */
07813904 576 if (ifp->if_flags & (IFF_NOARP | IFF_STATICARP)) {
984263bc
MD
577 m_freem(m);
578 return (0);
579 }
580 /*
581 * There is an arptab entry, but no ethernet address
582 * response yet. Replace the held mbuf with this
583 * latest one.
584 */
f23061d4 585 if (la->la_hold != NULL)
984263bc
MD
586 m_freem(la->la_hold);
587 la->la_hold = m;
03f869ef 588 if (rt->rt_expire || ((rt->rt_flags & RTF_STATIC) && !sdl->sdl_alen)) {
984263bc 589 rt->rt_flags &= ~RTF_REJECT;
cec73927
MD
590 if (la->la_asked == 0 || rt->rt_expire != time_uptime) {
591 rt->rt_expire = time_uptime;
984263bc
MD
592 if (la->la_asked++ < arp_maxtries) {
593 arprequest(ifp,
594 &SIN(rt->rt_ifa->ifa_addr)->sin_addr,
595 &SIN(dst)->sin_addr,
70d9a675 596 NULL);
984263bc
MD
597 } else {
598 rt->rt_flags |= RTF_REJECT;
599 rt->rt_expire += arpt_down;
a916e847
JH
600 la->la_asked = 0;
601 la->la_preempt = arp_maxtries;
984263bc 602 }
984263bc
MD
603 }
604 }
605 return (0);
606}
607
608/*
609 * Common length and type checks are done here,
610 * then the protocol-specific routine is called.
611 */
4599cf19 612static void
002c1265 613arpintr(netmsg_t msg)
984263bc 614{
002c1265 615 struct mbuf *m = msg->packet.nm_packet;
2256ba69 616 struct arphdr *ar;
8bde602d 617 u_short ar_hrd;
f69e505f 618 char hexstr[6];
984263bc 619
8bde602d 620 if (m->m_len < sizeof(struct arphdr) &&
db597c8a 621 (m = m_pullup(m, sizeof(struct arphdr))) == NULL) {
8bde602d 622 log(LOG_ERR, "arp: runt packet -- m_pullup failed\n");
db597c8a 623 return;
8bde602d
JH
624 }
625 ar = mtod(m, struct arphdr *);
626
627 ar_hrd = ntohs(ar->ar_hrd);
db597c8a 628 if (ar_hrd != ARPHRD_ETHER && ar_hrd != ARPHRD_IEEE802) {
f69e505f
AHJ
629 hexncpy((unsigned char *)&ar->ar_hrd, 2, hexstr, 5, NULL);
630 log(LOG_ERR, "arp: unknown hardware address format (0x%s)\n",
631 hexstr);
db597c8a
SZ
632 m_freem(m);
633 return;
8bde602d 634 }
984263bc 635
db597c8a
SZ
636 if (m->m_pkthdr.len < arphdr_len(ar)) {
637 if ((m = m_pullup(m, arphdr_len(ar))) == NULL) {
638 log(LOG_ERR, "arp: runt packet\n");
639 return;
640 }
641 ar = mtod(m, struct arphdr *);
8bde602d
JH
642 }
643
644 switch (ntohs(ar->ar_pro)) {
984263bc 645#ifdef INET
db597c8a
SZ
646 case ETHERTYPE_IP:
647 in_arpinput(m);
648 return;
984263bc 649#endif
984263bc 650 }
8bde602d 651 m_freem(m);
6aad077d 652 /* msg was embedded in the mbuf, do not reply! */
984263bc
MD
653}
654
655#ifdef INET
656/*
657 * ARP for Internet protocols on 10 Mb/s Ethernet.
658 * Algorithm is that given in RFC 826.
659 * In addition, a sanity check is performed on the sender
660 * protocol address, to catch impersonators.
661 * We no longer handle negotiations for use of trailer protocol:
662 * Formerly, ARP replied for protocol type ETHERTYPE_TRAIL sent
663 * along with IP replies if we wanted trailers sent to us,
664 * and also sent them in response to IP replies.
665 * This allowed either end to announce the desire to receive
666 * trailer packets.
667 * We no longer reply to requests for ETHERTYPE_TRAIL protocol either,
668 * but formerly didn't normally send requests.
669 */
87ccd6a5
SZ
670
671static int log_arp_wrong_iface = 1;
672static int log_arp_movements = 1;
673static int log_arp_permanent_modify = 1;
c8b3a0b0 674static int log_arp_creation_failure = 1;
87ccd6a5 675
984263bc 676SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_wrong_iface, CTLFLAG_RW,
799975d0 677 &log_arp_wrong_iface, 0,
87ccd6a5
SZ
678 "Log arp packets arriving on the wrong interface");
679SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_movements, CTLFLAG_RW,
680 &log_arp_movements, 0,
681 "Log arp replies from MACs different than the one in the cache");
682SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_permanent_modify, CTLFLAG_RW,
683 &log_arp_permanent_modify, 0,
684 "Log arp replies from MACs different than the one "
685 "in the permanent arp entry");
c8b3a0b0
SZ
686SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_creation_failure, CTLFLAG_RW,
687 &log_arp_creation_failure, 0, "Log arp creation failure");
87ccd6a5 688
db37b7cb
MD
689/*
690 * Returns non-zero if the routine updated anything.
691 */
692static int
ecdefdda 693arp_update_oncpu(struct mbuf *m, in_addr_t saddr, boolean_t create,
125186e0 694 boolean_t generate_report, boolean_t dologging)
ecdefdda
MD
695{
696 struct arphdr *ah = mtod(m, struct arphdr *);
697 struct ifnet *ifp = m->m_pkthdr.rcvif;
698 struct llinfo_arp *la;
699 struct sockaddr_dl *sdl;
700 struct rtentry *rt;
f69e505f 701 char hexstr[2][64];
54ba75e6 702 char sbuf[INET_ADDRSTRLEN];
db37b7cb 703 int changed = create;
ecdefdda 704
f14c04f2
SZ
705 KASSERT(curthread->td_type == TD_TYPE_NETISR,
706 ("arp update not in netisr"));
707
125186e0 708 la = arplookup(saddr, create, generate_report, FALSE);
ecdefdda
MD
709 if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
710 struct in_addr isaddr = { saddr };
711
70d9a675
MD
712 /*
713 * Normally arps coming in on the wrong interface are ignored,
714 * but if we are bridging and the two interfaces belong to
715 * the same bridge, or one is a member of the bridge which
716 * is the other, then it isn't an error.
717 */
a8d45119 718 if (rt->rt_ifp != ifp) {
70d9a675
MD
719 /*
720 * (1) ifp and rt_ifp both members of same bridge
721 * (2) rt_ifp member of bridge ifp
722 * (3) ifp member of bridge rt_ifp
723 *
724 * Always replace rt_ifp with the bridge ifc.
725 */
726 struct ifnet *nifp;
727
4ee4f753
MD
728 if (ifp->if_bridge &&
729 rt->rt_ifp->if_bridge == ifp->if_bridge) {
70d9a675
MD
730 nifp = ether_bridge_interface(ifp);
731 } else if (rt->rt_ifp->if_bridge &&
732 ether_bridge_interface(rt->rt_ifp) == ifp) {
733 nifp = ifp;
734 } else if (ifp->if_bridge &&
735 ether_bridge_interface(ifp) == rt->rt_ifp) {
736 nifp = rt->rt_ifp;
737 } else {
738 nifp = NULL;
4ee4f753 739 }
4ee4f753 740
70d9a675
MD
741 if ((log_arp_wrong_iface == 1 && nifp == NULL) ||
742 log_arp_wrong_iface == 2) {
f69e505f
AHJ
743 hexncpy((u_char *)ar_sha(ah), ifp->if_addrlen,
744 hexstr[0], HEX_NCPYLEN(ifp->if_addrlen), ":");
ecdefdda
MD
745 log(LOG_ERR,
746 "arp: %s is on %s "
f69e505f 747 "but got reply from %s on %s\n",
54ba75e6 748 kinet_ntoa(isaddr, sbuf),
f69e505f 749 rt->rt_ifp->if_xname, hexstr[0],
ecdefdda
MD
750 ifp->if_xname);
751 }
70d9a675 752 if (nifp == NULL)
db37b7cb 753 return 0;
70d9a675
MD
754
755 /*
756 * nifp is our man! Replace rt_ifp and adjust
757 * the sdl.
758 */
759 ifp = rt->rt_ifp = nifp;
db37b7cb
MD
760 if (sdl->sdl_type != ifp->if_type) {
761 sdl->sdl_type = ifp->if_type;
762 changed = 1;
763 }
764 if (sdl->sdl_index != ifp->if_index) {
765 sdl->sdl_index = ifp->if_index;
766 changed = 1;
767 }
ecdefdda
MD
768 }
769 if (sdl->sdl_alen &&
770 bcmp(ar_sha(ah), LLADDR(sdl), sdl->sdl_alen)) {
db37b7cb 771 changed = 1;
ecdefdda 772 if (rt->rt_expire != 0) {
87ccd6a5 773 if (dologging && log_arp_movements) {
f69e505f
AHJ
774 hexncpy((u_char *)LLADDR(sdl), ifp->if_addrlen,
775 hexstr[0], HEX_NCPYLEN(ifp->if_addrlen), ":");
776 hexncpy((u_char *)ar_sha(ah), ifp->if_addrlen,
777 hexstr[1], HEX_NCPYLEN(ifp->if_addrlen), ":");
ecdefdda 778 log(LOG_INFO,
f69e505f 779 "arp: %s moved from %s to %s on %s\n",
54ba75e6 780 kinet_ntoa(isaddr, sbuf), hexstr[0], hexstr[1],
f69e505f 781 ifp->if_xname);
ecdefdda
MD
782 }
783 } else {
87ccd6a5 784 if (dologging && log_arp_permanent_modify) {
f69e505f
AHJ
785 hexncpy((u_char *)ar_sha(ah), ifp->if_addrlen,
786 hexstr[0], HEX_NCPYLEN(ifp->if_addrlen), ":");
ecdefdda 787 log(LOG_ERR,
f69e505f 788 "arp: %s attempts to modify "
799975d0 789 "permanent entry for %s on %s\n",
54ba75e6 790 hexstr[0], kinet_ntoa(isaddr, sbuf), ifp->if_xname);
ecdefdda 791 }
db37b7cb 792 return changed;
ecdefdda
MD
793 }
794 }
795 /*
796 * sanity check for the address length.
797 * XXX this does not work for protocols with variable address
798 * length. -is
799 */
e090f4c1 800 if (dologging && sdl->sdl_alen && sdl->sdl_alen != ah->ar_hln) {
f69e505f
AHJ
801 hexncpy((u_char *)ar_sha(ah), ifp->if_addrlen,
802 hexstr[0], HEX_NCPYLEN(ifp->if_addrlen), ":");
ecdefdda 803 log(LOG_WARNING,
f69e505f
AHJ
804 "arp from %s: new addr len %d, was %d",
805 hexstr[0], ah->ar_hln, sdl->sdl_alen);
ecdefdda
MD
806 }
807 if (ifp->if_addrlen != ah->ar_hln) {
e090f4c1 808 if (dologging) {
f69e505f
AHJ
809 hexncpy((u_char *)ar_sha(ah), ifp->if_addrlen,
810 hexstr[0], HEX_NCPYLEN(ifp->if_addrlen), ":");
ecdefdda 811 log(LOG_WARNING,
f69e505f
AHJ
812 "arp from %s: addr len: new %d, i/f %d "
813 "(ignored)", hexstr[0],
ecdefdda
MD
814 ah->ar_hln, ifp->if_addrlen);
815 }
db37b7cb 816 return changed;
ecdefdda
MD
817 }
818 memcpy(LLADDR(sdl), ar_sha(ah), sdl->sdl_alen = ah->ar_hln);
70d9a675 819 if (rt->rt_expire != 0) {
db37b7cb
MD
820 if (rt->rt_expire != time_uptime + arpt_keep &&
821 rt->rt_expire != time_uptime + arpt_keep - 1) {
822 rt->rt_expire = time_uptime + arpt_keep;
823 changed = 1;
824 }
825 }
826 if (rt->rt_flags & RTF_REJECT) {
827 rt->rt_flags &= ~RTF_REJECT;
828 changed = 1;
829 }
830 if (la->la_asked != 0) {
831 la->la_asked = 0;
832 changed = 1;
833 }
834 if (la->la_preempt != arp_maxtries) {
835 la->la_preempt = arp_maxtries;
836 changed = 1;
70d9a675 837 }
ecdefdda
MD
838
839 /*
840 * This particular cpu might have been holding an mbuf
841 * pending ARP resolution. If so, transmit the mbuf now.
842 */
843 if (la->la_hold != NULL) {
a6f79f3a 844 struct mbuf *m = la->la_hold;
a6f79f3a 845
ecdefdda 846 la->la_hold = NULL;
a6f79f3a 847 m_adj(m, sizeof(struct ether_header));
f14c04f2 848 ifp->if_output(ifp, m, rt_key(rt), rt);
db37b7cb 849 changed = 1;
ecdefdda
MD
850 }
851 }
db37b7cb 852 return changed;
ecdefdda
MD
853}
854
ecdefdda
MD
855/*
856 * Called from arpintr() - this routine is run from a single cpu.
857 */
984263bc 858static void
f23061d4 859in_arpinput(struct mbuf *m)
984263bc 860{
2256ba69
RG
861 struct arphdr *ah;
862 struct ifnet *ifp = m->m_pkthdr.rcvif;
b2632176 863 struct ifaddr_container *ifac;
f8983475 864 struct in_ifaddr_container *iac;
5bd4422e 865 struct in_ifaddr *ia = NULL;
984263bc 866 struct in_addr isaddr, itaddr, myaddr;
5bd4422e 867 uint8_t *enaddr = NULL;
984263bc 868 int req_len;
db37b7cb 869 int changed;
54ba75e6 870 char hexstr[64], sbuf[INET_ADDRSTRLEN];
984263bc
MD
871
872 req_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr));
873 if (m->m_len < req_len && (m = m_pullup(m, req_len)) == NULL) {
874 log(LOG_ERR, "in_arp: runt packet -- m_pullup failed\n");
875 return;
876 }
877
878 ah = mtod(m, struct arphdr *);
f23061d4
JH
879 memcpy(&isaddr, ar_spa(ah), sizeof isaddr);
880 memcpy(&itaddr, ar_tpa(ah), sizeof itaddr);
5bd4422e 881
984263bc 882 /*
ed5bc924
SS
883 * Check both target and sender IP addresses:
884 *
885 * If we receive the packet on the interface owning the address,
886 * then accept the address.
887 *
888 * For a bridge, we accept the address if the receive interface and
70d9a675
MD
889 * the interface owning the address are on the same bridge, and
890 * use the bridge MAC as the is-at response. The bridge will be
891 * responsible for handling the packet.
892 *
24c6e413
SZ
893 * (0) Check target IP against CARP IPs
894 */
895#ifdef CARP
896 LIST_FOREACH(iac, INADDR_HASH(itaddr.s_addr), ia_hash) {
897 int is_match = 0, is_parent = 0;
898
899 ia = iac->ia;
900
901 /* Skip all ia's which don't match */
902 if (itaddr.s_addr != ia->ia_addr.sin_addr.s_addr)
903 continue;
904
905 if (ia->ia_ifp->if_type != IFT_CARP)
906 continue;
907
24c6e413
SZ
908 if (carp_parent(ia->ia_ifp) == ifp)
909 is_parent = 1;
910 if (is_parent || ia->ia_ifp == ifp)
911 is_match = carp_iamatch(ia);
24c6e413
SZ
912
913 if (is_match) {
914 if (is_parent) {
915 /*
916 * The parent interface will also receive
917 * the ethernet broadcast packets, e.g. ARP
918 * REQUEST, so if we could find a CARP
919 * interface of the parent that could match
920 * the target IP address, we then drop the
921 * packets, which is delieverd to us through
922 * the parent interface.
923 */
924 m_freem(m);
925 return;
926 }
927 goto match;
928 }
929 }
930#endif /* CARP */
931
932 /*
70d9a675 933 * (1) Check target IP against our local IPs
984263bc 934 */
f8983475
SZ
935 LIST_FOREACH(iac, INADDR_HASH(itaddr.s_addr), ia_hash) {
936 ia = iac->ia;
937
ed5bc924
SS
938 /* Skip all ia's which don't match */
939 if (itaddr.s_addr != ia->ia_addr.sin_addr.s_addr)
940 continue;
24c6e413 941
5bd4422e 942#ifdef CARP
24c6e413 943 /* CARP interfaces are checked in (0) */
5bd4422e
SZ
944 if (ia->ia_ifp->if_type == IFT_CARP)
945 continue;
946#endif
24c6e413 947
70d9a675
MD
948 if (ifp->if_bridge && ia->ia_ifp &&
949 ifp->if_bridge == ia->ia_ifp->if_bridge) {
950 ifp = ether_bridge_interface(ifp);
951 goto match;
952 }
953 if (ia->ia_ifp && ia->ia_ifp->if_bridge &&
954 ether_bridge_interface(ia->ia_ifp) == ifp) {
955 goto match;
956 }
957 if (ifp->if_bridge && ether_bridge_interface(ifp) ==
958 ia->ia_ifp) {
959 goto match;
960 }
24c6e413 961 if (ia->ia_ifp == ifp) {
ed5bc924 962 goto match;
24c6e413 963 }
ac93838f 964 }
70d9a675
MD
965
966 /*
967 * (2) Check sender IP against our local IPs
968 */
f8983475
SZ
969 LIST_FOREACH(iac, INADDR_HASH(isaddr.s_addr), ia_hash) {
970 ia = iac->ia;
971
ed5bc924
SS
972 /* Skip all ia's which don't match */
973 if (isaddr.s_addr != ia->ia_addr.sin_addr.s_addr)
974 continue;
24c6e413 975
70d9a675
MD
976 if (ifp->if_bridge && ia->ia_ifp &&
977 ifp->if_bridge == ia->ia_ifp->if_bridge) {
978 ifp = ether_bridge_interface(ifp);
ed5bc924 979 goto match;
70d9a675
MD
980 }
981 if (ia->ia_ifp && ia->ia_ifp->if_bridge &&
982 ether_bridge_interface(ia->ia_ifp) == ifp) {
983 goto match;
984 }
985 if (ifp->if_bridge && ether_bridge_interface(ifp) ==
986 ia->ia_ifp) {
987 goto match;
988 }
ed5bc924 989
70d9a675 990 if (ia->ia_ifp == ifp)
ac93838f 991 goto match;
ac93838f 992 }
70d9a675 993
984263bc
MD
994 /*
995 * No match, use the first inet address on the receive interface
996 * as a dummy address for the rest of the function.
997 */
b2632176
SZ
998 TAILQ_FOREACH(ifac, &ifp->if_addrheads[mycpuid], ifa_link) {
999 struct ifaddr *ifa = ifac->ifa;
1000
984263bc
MD
1001 if (ifa->ifa_addr && ifa->ifa_addr->sa_family == AF_INET) {
1002 ia = ifatoia(ifa);
1003 goto match;
1004 }
984263bc 1005 }
70d9a675 1006
ed5bc924
SS
1007 /*
1008 * If we got here, we didn't find any suitable interface,
1009 * so drop the packet.
1010 */
1011 m_freem(m);
1012 return;
1013
984263bc 1014match:
0d16ba1d 1015 if (!enaddr)
5bd4422e 1016 enaddr = (uint8_t *)IF_LLADDR(ifp);
24c6e413 1017 myaddr = ia->ia_addr.sin_addr;
0d16ba1d 1018 if (!bcmp(ar_sha(ah), enaddr, ifp->if_addrlen)) {
984263bc
MD
1019 m_freem(m); /* it's from me, ignore it. */
1020 return;
1021 }
c401f0fd 1022 if (!bcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) {
984263bc
MD
1023 log(LOG_ERR,
1024 "arp: link address is broadcast for IP address %s!\n",
54ba75e6 1025 kinet_ntoa(isaddr, sbuf));
984263bc
MD
1026 m_freem(m);
1027 return;
1028 }
c3749f74 1029 if (isaddr.s_addr == myaddr.s_addr && myaddr.s_addr != 0) {
f69e505f
AHJ
1030 hexncpy((u_char *)ar_sha(ah), ifp->if_addrlen,
1031 hexstr, HEX_NCPYLEN(ifp->if_addrlen), ":");
984263bc 1032 log(LOG_ERR,
f69e505f 1033 "arp: %s is using my IP address %s!\n",
54ba75e6 1034 hexstr, kinet_ntoa(isaddr, sbuf));
984263bc
MD
1035 itaddr = myaddr;
1036 goto reply;
1037 }
07813904
SZ
1038 if (ifp->if_flags & IFF_STATICARP)
1039 goto reply;
70d9a675
MD
1040
1041 /*
1042 * When arp_restricted_match is true and the ARP response is not
1043 * specifically targetted to me, ignore it. Otherwise the entry
1044 * timeout may be updated for an old MAC.
1045 */
1046 if (arp_restricted_match && itaddr.s_addr != myaddr.s_addr) {
1047 m_freem(m);
1048 return;
1049 }
1050
858ae8d6 1051 /*
9763404f
SZ
1052 * Update all CPU's routing tables with this ARP packet.
1053 *
1054 * However, we only need to generate rtmsg on CPU0.
858ae8d6 1055 */
5204e13c 1056 ASSERT_NETISR0;
db37b7cb
MD
1057 changed = arp_update_oncpu(m, isaddr.s_addr,
1058 itaddr.s_addr == myaddr.s_addr,
1059 RTL_REPORTMSG, TRUE);
9763404f 1060
43dbcc2a 1061 if (netisr_ncpus > 1 && changed) {
9763404f
SZ
1062 struct netmsg_inarp *msg = &m->m_hdr.mh_arpmsg;
1063
1064 netmsg_init(&msg->base, NULL, &netisr_apanic_rport,
db37b7cb 1065 0, arp_update_msghandler);
9763404f
SZ
1066 msg->m = m;
1067 msg->saddr = isaddr.s_addr;
1068 msg->taddr = itaddr.s_addr;
1069 msg->myaddr = myaddr.s_addr;
1070 lwkt_sendmsg(netisr_cpuport(1), &msg->base.lmsg);
1071 } else {
1072 goto reply;
1073 }
858ae8d6
SZ
1074
1075 /*
1076 * Just return here; after all CPUs's routing tables are
1077 * properly updated by this ARP packet, an ARP reply will
1078 * be generated if appropriate.
1079 */
1080 return;
984263bc 1081reply:
858ae8d6
SZ
1082 in_arpreply(m, itaddr.s_addr, myaddr.s_addr);
1083}
1084
1085static void
1086arp_reply_msghandler(netmsg_t msg)
1087{
1088 struct netmsg_inarp *rmsg = (struct netmsg_inarp *)msg;
1089
1090 in_arpreply(rmsg->m, rmsg->taddr, rmsg->myaddr);
1091 /* Don't reply this netmsg; netmsg_inarp is embedded in mbuf */
1092}
1093
1094static void
1095arp_update_msghandler(netmsg_t msg)
1096{
1097 struct netmsg_inarp *rmsg = (struct netmsg_inarp *)msg;
1098 int nextcpu;
1099
43dbcc2a
SZ
1100 ASSERT_NETISR_NCPUS(mycpuid);
1101
858ae8d6 1102 /*
9763404f
SZ
1103 * This message handler will be called on all of the APs;
1104 * no need to generate rtmsg on them.
858ae8d6 1105 */
9763404f 1106 KASSERT(mycpuid > 0, ("arp update msg on cpu%d", mycpuid));
db37b7cb
MD
1107 arp_update_oncpu(rmsg->m, rmsg->saddr,
1108 rmsg->taddr == rmsg->myaddr,
1109 RTL_DONTREPORT, FALSE);
858ae8d6
SZ
1110
1111 nextcpu = mycpuid + 1;
43dbcc2a 1112 if (nextcpu < netisr_ncpus) {
9763404f 1113 lwkt_forwardmsg(netisr_cpuport(nextcpu), &rmsg->base.lmsg);
858ae8d6
SZ
1114 } else {
1115 struct mbuf *m = rmsg->m;
1116 in_addr_t saddr = rmsg->saddr;
1117 in_addr_t taddr = rmsg->taddr;
1118 in_addr_t myaddr = rmsg->myaddr;
1119
1120 /*
1121 * Dispatch this mbuf to netisr0 to perform ARP reply,
1122 * if appropriate.
1123 * NOTE: netmsg_inarp is embedded in this mbuf.
1124 */
1125 netmsg_init(&rmsg->base, NULL, &netisr_apanic_rport,
1126 0, arp_reply_msghandler);
1127 rmsg->m = m;
1128 rmsg->saddr = saddr;
1129 rmsg->taddr = taddr;
1130 rmsg->myaddr = myaddr;
ec7f7fc8 1131 lwkt_sendmsg(netisr_cpuport(0), &rmsg->base.lmsg);
858ae8d6
SZ
1132 }
1133}
1134
9f8970ab
MD
1135/*
1136 * Reply to an arp request
1137 */
858ae8d6
SZ
1138static void
1139in_arpreply(struct mbuf *m, in_addr_t taddr, in_addr_t myaddr)
1140{
1141 struct ifnet *ifp = m->m_pkthdr.rcvif;
1142 const uint8_t *enaddr;
1143 struct arphdr *ah;
1144 struct sockaddr sa;
1145 struct ether_header *eh;
1146
43dbcc2a
SZ
1147 ASSERT_NETISR0;
1148
858ae8d6
SZ
1149 ah = mtod(m, struct arphdr *);
1150 if (ntohs(ah->ar_op) != ARPOP_REQUEST) {
984263bc
MD
1151 m_freem(m);
1152 return;
1153 }
858ae8d6
SZ
1154
1155 enaddr = (const uint8_t *)IF_LLADDR(ifp);
1156 if (taddr == myaddr) {
984263bc 1157 /* I am the target */
f23061d4 1158 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln);
0d16ba1d 1159 memcpy(ar_sha(ah), enaddr, ah->ar_hln);
984263bc 1160 } else {
ecdefdda 1161 struct llinfo_arp *la;
858ae8d6 1162 struct rtentry *rt;
ecdefdda 1163
858ae8d6 1164 la = arplookup(taddr, FALSE, RTL_DONTREPORT, SIN_PROXY);
984263bc
MD
1165 if (la == NULL) {
1166 struct sockaddr_in sin;
54ba75e6
SZ
1167#ifdef DEBUG_PROXY
1168 char tbuf[INET_ADDRSTRLEN];
1169#endif
984263bc
MD
1170
1171 if (!arp_proxyall) {
1172 m_freem(m);
1173 return;
1174 }
1175
1176 bzero(&sin, sizeof sin);
1177 sin.sin_family = AF_INET;
1178 sin.sin_len = sizeof sin;
858ae8d6 1179 sin.sin_addr.s_addr = taddr;
984263bc 1180
f3ed2586 1181 rt = rtpurelookup((struct sockaddr *)&sin);
0c3c561c 1182 if (rt == NULL) {
984263bc
MD
1183 m_freem(m);
1184 return;
1185 }
be23faf1 1186 --rt->rt_refcnt;
9f8970ab 1187
984263bc
MD
1188 /*
1189 * Don't send proxies for nodes on the same interface
1190 * as this one came out of, or we'll get into a fight
1191 * over who claims what Ether address.
9f8970ab
MD
1192 *
1193 * If the rt entry is associated with a bridge, we
1194 * count it as the 'same' interface if ifp is
1195 * associated with the bridge.
984263bc 1196 */
9f8970ab 1197 if (rt->rt_ifp == ifp || rt->rt_ifp == ifp->if_bridge) {
984263bc
MD
1198 m_freem(m);
1199 return;
1200 }
f23061d4 1201 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln);
0d16ba1d 1202 memcpy(ar_sha(ah), enaddr, ah->ar_hln);
984263bc 1203#ifdef DEBUG_PROXY
54ba75e6
SZ
1204 kprintf("arp: proxying for %s\n",
1205 kinet_ntoa(itaddr, tbuf));
984263bc
MD
1206#endif
1207 } else {
ecdefdda
MD
1208 struct sockaddr_dl *sdl;
1209
984263bc 1210 rt = la->la_rt;
f23061d4 1211 memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln);
984263bc 1212 sdl = SDL(rt->rt_gateway);
f23061d4 1213 memcpy(ar_sha(ah), LLADDR(sdl), ah->ar_hln);
984263bc
MD
1214 }
1215 }
1216
f23061d4 1217 memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln);
858ae8d6 1218 memcpy(ar_spa(ah), &taddr, ah->ar_pln);
984263bc
MD
1219 ah->ar_op = htons(ARPOP_REPLY);
1220 ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */
1221 switch (ifp->if_type) {
984263bc 1222 case IFT_ETHER:
70d9a675
MD
1223 /*
1224 * May not be correct for types not explictly
1225 * listed, but it is our best guess.
1226 */
984263bc
MD
1227 default:
1228 eh = (struct ether_header *)sa.sa_data;
0c3c561c 1229 memcpy(eh->ether_dhost, ar_tha(ah), sizeof eh->ether_dhost);
984263bc
MD
1230 eh->ether_type = htons(ETHERTYPE_ARP);
1231 break;
1232 }
1233 sa.sa_family = AF_UNSPEC;
0c3c561c 1234 sa.sa_len = sizeof sa;
799975d0 1235 ifp->if_output(ifp, m, &sa, NULL);
984263bc 1236}
ecdefdda 1237
799975d0 1238#endif /* INET */
984263bc
MD
1239
1240/*
03f869ef
MD
1241 * Free an arp entry. If the arp entry is actively referenced or represents
1242 * a static entry we only clear it back to an unresolved state, otherwise
1243 * we destroy the entry entirely.
1244 *
1245 * Note that static entries are created when route add ... -interface is used
1246 * to create an interface route to a (direct) destination.
984263bc
MD
1247 */
1248static void
5fe66e68 1249arptfree(struct llinfo_arp *la)
984263bc 1250{
2256ba69
RG
1251 struct rtentry *rt = la->la_rt;
1252 struct sockaddr_dl *sdl;
f23061d4 1253
03f869ef 1254 if (rt == NULL)
984263bc 1255 panic("arptfree");
03f869ef 1256 sdl = SDL(rt->rt_gateway);
5fe66e68
JH
1257 if (sdl != NULL &&
1258 ((rt->rt_refcnt > 0 && sdl->sdl_family == AF_LINK) ||
1259 (rt->rt_flags & RTF_STATIC))) {
984263bc
MD
1260 sdl->sdl_alen = 0;
1261 la->la_preempt = la->la_asked = 0;
1262 rt->rt_flags &= ~RTF_REJECT;
1263 return;
1264 }
f23061d4 1265 rtrequest(RTM_DELETE, rt_key(rt), NULL, rt_mask(rt), 0, NULL);
984263bc 1266}
0c3c561c 1267
984263bc
MD
1268/*
1269 * Lookup or enter a new address in arptab.
1270 */
1271static struct llinfo_arp *
125186e0
SZ
1272arplookup(in_addr_t addr, boolean_t create, boolean_t generate_report,
1273 boolean_t proxy)
984263bc 1274{
2256ba69 1275 struct rtentry *rt;
f3ed2586 1276 struct sockaddr_inarp sin = { sizeof sin, AF_INET };
f23061d4 1277 const char *why = NULL;
984263bc 1278
0a125a6d
SZ
1279 /* Check ARP probes, e.g. from Cisco switches. */
1280 if (addr == INADDR_ANY && arp_ignore_probes)
1281 return (NULL);
1282
984263bc
MD
1283 sin.sin_addr.s_addr = addr;
1284 sin.sin_other = proxy ? SIN_PROXY : 0;
125186e0
SZ
1285 if (create) {
1286 rt = _rtlookup((struct sockaddr *)&sin,
1287 generate_report, RTL_DOCLONE);
1288 } else {
f3ed2586 1289 rt = rtpurelookup((struct sockaddr *)&sin);
125186e0 1290 }
f23061d4
JH
1291 if (rt == NULL)
1292 return (NULL);
984263bc
MD
1293 rt->rt_refcnt--;
1294
1295 if (rt->rt_flags & RTF_GATEWAY)
1296 why = "host is not on local network";
f23061d4 1297 else if (!(rt->rt_flags & RTF_LLINFO))
984263bc
MD
1298 why = "could not allocate llinfo";
1299 else if (rt->rt_gateway->sa_family != AF_LINK)
1300 why = "gateway route is not ours";
1301
8fd3e627 1302 if (why) {
c8b3a0b0 1303 if (create && log_arp_creation_failure) {
54ba75e6
SZ
1304 char abuf[INET_ADDRSTRLEN];
1305
8fd3e627 1306 log(LOG_DEBUG, "arplookup %s failed: %s\n",
54ba75e6 1307 kinet_ntoa(sin.sin_addr, abuf), why);
8fd3e627 1308 }
f23061d4
JH
1309 if (rt->rt_refcnt <= 0 && (rt->rt_flags & RTF_WASCLONED)) {
1310 /* No references to this route. Purge it. */
1311 rtrequest(RTM_DELETE, rt_key(rt), rt->rt_gateway,
be23faf1 1312 rt_mask(rt), rt->rt_flags, NULL);
8fd3e627 1313 }
f23061d4 1314 return (NULL);
984263bc 1315 }
f23061d4 1316 return (rt->rt_llinfo);
984263bc
MD
1317}
1318
1319void
f23061d4 1320arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa)
984263bc 1321{
984263bc
MD
1322 ifa->ifa_rtrequest = arp_rtrequest;
1323 ifa->ifa_flags |= RTF_CLONING;
1324}
1325
0d16ba1d 1326void
69b66ae8 1327arp_gratuitous(struct ifnet *ifp, struct ifaddr *ifa)
0d16ba1d 1328{
69b66ae8 1329 if (IA_SIN(ifa)->sin_addr.s_addr != INADDR_ANY) {
43dbcc2a
SZ
1330 if (IN_NETISR_NCPUS(mycpuid)) {
1331 arprequest(ifp, &IA_SIN(ifa)->sin_addr,
1332 &IA_SIN(ifa)->sin_addr, NULL);
1333 } else {
1334 arprequest_async(ifp, &IA_SIN(ifa)->sin_addr,
1335 &IA_SIN(ifa)->sin_addr, NULL);
1336 }
69b66ae8
SZ
1337 }
1338}
1339
1340static void
1341arp_ifaddr(void *arg __unused, struct ifnet *ifp,
1342 enum ifaddr_event event, struct ifaddr *ifa)
1343{
c56fcd0f
SZ
1344 if (ifa->ifa_rtrequest != arp_rtrequest) /* XXX need a generic way */
1345 return;
69b66ae8
SZ
1346 if (ifa->ifa_addr->sa_family != AF_INET)
1347 return;
1348 if (event == IFADDR_EVENT_DELETE)
1349 return;
1350
1351 /*
1352 * - CARP interfaces will take care of gratuitous ARP themselves.
1353 * - If we are the CARP interface's parent, don't send gratuitous
1354 * ARP to avoid unnecessary confusion.
1355 */
1356#ifdef CARP
1357 if (ifp->if_type != IFT_CARP && ifp->if_carp == NULL)
1358#endif
1359 {
1360 arp_gratuitous(ifp, ifa);
1361 }
0d16ba1d
MD
1362}
1363
984263bc 1364static void
5d7d9171 1365arp_init_dispatch(netmsg_t nm)
984263bc 1366{
5d7d9171 1367 struct arp_pcpu_data *ad;
ecdefdda 1368
5d7d9171 1369 ASSERT_NETISR_NCPUS(mycpuid);
f9bba59b 1370
5d7d9171 1371 ad = kmalloc(sizeof(*ad), M_ARP, M_WAITOK | M_ZERO);
f9bba59b 1372
5d7d9171
SZ
1373 LIST_INIT(&ad->llinfo_list);
1374 callout_init_mp(&ad->timer_ch);
1375 netmsg_init(&ad->timer_nmsg, NULL, &netisr_adone_rport,
1376 MSGF_PRIORITY, arptimer_dispatch);
1377 ad->timer_nmsg.lmsg.u.ms_resultp = ad;
1378
1379 arp_data[mycpuid] = ad;
1380
1381 callout_reset(&ad->timer_ch, hz, arptimer, &ad->timer_nmsg);
1382
1383 netisr_forwardmsg(&nm->base, mycpuid + 1);
1384}
1385
1386static void
1387arp_init(void)
1388{
1389 struct netmsg_base nm;
1390
1391 netmsg_init(&nm, NULL, &curthread->td_msgport, 0, arp_init_dispatch);
1392 netisr_domsg_global(&nm);
ed2327fe 1393
858ae8d6 1394 netisr_register(NETISR_ARP, arpintr, NULL);
69b66ae8
SZ
1395
1396 EVENTHANDLER_REGISTER(ifaddr_event, arp_ifaddr, NULL,
1397 EVENTHANDLER_PRI_LAST);
984263bc 1398}
984263bc 1399SYSINIT(arp, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, arp_init, 0);