1 /* $FreeBSD: src/sys/netinet6/nd6_nbr.c,v 1.4.2.6 2003/01/23 21:06:47 sam Exp $ */
2 /* $KAME: nd6_nbr.c,v 1.86 2002/01/21 02:33:04 jinmei Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "opt_inet6.h"
35 #include "opt_ipsec.h"
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/malloc.h>
42 #include <sys/socket.h>
43 #include <sys/sockio.h>
45 #include <sys/kernel.h>
46 #include <sys/errno.h>
47 #include <sys/syslog.h>
48 #include <sys/queue.h>
49 #include <sys/callout.h>
50 #include <sys/mutex.h>
52 #include <sys/thread2.h>
53 #include <sys/mutex2.h>
56 #include <net/if_types.h>
57 #include <net/if_dl.h>
58 #include <net/route.h>
60 #include <netinet/in.h>
61 #include <netinet/in_var.h>
62 #include <netinet6/in6_var.h>
63 #include <netinet/ip6.h>
64 #include <netinet6/ip6_var.h>
65 #include <netinet6/nd6.h>
66 #include <netinet/icmp6.h>
69 #include <netinet6/ipsec.h>
71 #include <netinet6/ipsec6.h>
75 #include <net/net_osdep.h>
78 #include <netinet/ip_carp.h>
82 #define SDL(s) ((struct sockaddr_dl *)s)
85 static struct dadq *nd6_dad_find (struct ifaddr *);
86 static void nd6_dad_starttimer (struct dadq *, int);
87 static void nd6_dad_stoptimer (struct dadq *);
88 static void nd6_dad_timer (struct ifaddr *);
89 static void nd6_dad_ns_output (struct dadq *, struct ifaddr *);
90 static void nd6_dad_ns_input (struct ifaddr *);
91 static void nd6_dad_na_input (struct ifaddr *);
93 static int dad_ignore_ns = 0; /* ignore NS in DAD - specwise incorrect*/
94 static int dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */
97 * Input an Neighbor Solicitation Message.
100 * Based on RFC 2462 (duplicated address detection)
103 nd6_ns_input(struct mbuf *m, int off, int icmp6len)
105 struct ifnet *ifp = m->m_pkthdr.rcvif;
106 struct ifnet *cmpifp;
107 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
108 struct nd_neighbor_solicit *nd_ns;
109 struct in6_addr saddr6 = ip6->ip6_src;
110 struct in6_addr daddr6 = ip6->ip6_dst;
111 struct in6_addr taddr6;
112 struct in6_addr myaddr6;
114 struct ifaddr *ifa = NULL;
116 int anycast = 0, proxy = 0, tentative = 0;
118 union nd_opts ndopts;
119 struct sockaddr_dl *proxydl = NULL;
122 * Collapse interfaces to the bridge for comparison and
123 * mac (llinfo) purposes.
127 cmpifp = ifp->if_bridge;
129 #ifndef PULLDOWN_TEST
130 IP6_EXTHDR_CHECK(m, off, icmp6len,);
131 nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off);
133 IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len);
135 icmp6stat.icp6s_tooshort++;
139 ip6 = mtod(m, struct ip6_hdr *); /* adjust pointer for safety */
140 taddr6 = nd_ns->nd_ns_target;
142 if (ip6->ip6_hlim != 255) {
144 "nd6_ns_input: invalid hlim (%d) from %s to %s on %s\n",
145 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src),
146 ip6_sprintf(&ip6->ip6_dst), if_name(ifp)));
150 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
151 /* dst has to be solicited node multicast address. */
152 if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL
153 /* don't check ifindex portion */
154 && daddr6.s6_addr32[1] == 0
155 && daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE
156 && daddr6.s6_addr8[12] == 0xff) {
159 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet "
160 "(wrong ip6 dst)\n"));
163 } else if (!nd6_onlink_ns_rfc4861) {
165 * Make sure the source address is from a neighbor's address.
167 * XXX probably only need to check cmpifp.
169 if (in6ifa_ifplocaladdr(cmpifp, &saddr6) == NULL &&
170 in6ifa_ifplocaladdr(ifp, &saddr6) == NULL) {
171 nd6log((LOG_INFO, "nd6_ns_input: "
172 "NS packet from non-neighbor\n"));
177 if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
178 nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n"));
182 if (IN6_IS_SCOPE_LINKLOCAL(&taddr6))
183 taddr6.s6_addr16[1] = htons(ifp->if_index);
185 icmp6len -= sizeof(*nd_ns);
186 nd6_option_init(nd_ns + 1, icmp6len, &ndopts);
187 if (nd6_options(&ndopts) < 0) {
189 "nd6_ns_input: invalid ND option, ignored\n"));
190 /* nd6_options have incremented stats */
194 if (ndopts.nd_opts_src_lladdr) {
195 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
196 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
199 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) {
200 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet "
201 "(link-layer address option)\n"));
206 * Attaching target link-layer address to the NA?
209 * NS IP dst is unicast/anycast MUST NOT add
210 * NS IP dst is solicited-node multicast MUST add
212 * In implementation, we add target link-layer address by default.
213 * We do not add one in MUST NOT cases.
215 #if 0 /* too much! */
216 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &daddr6);
217 if (ifa && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST))
221 if (!IN6_IS_ADDR_MULTICAST(&daddr6))
227 * Target address (taddr6) must be either:
228 * (1) Valid unicast/anycast address for my receiving interface.
229 * (2) Unicast or anycast address for which I'm offering proxy
231 * (3) "tentative" address on which DAD is being performed.
233 /* (1) and (3) check. */
236 ifa = carp_iamatch6(ifp->if_carp, &taddr6);
238 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
240 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
244 * (2) Check proxying. Requires ip6_forwarding to be turned on.
246 * If the packet is anycast the target route must be on a
247 * different interface because the anycast will get anything
248 * on the current interface.
250 * If the packet is unicast the target route may be on the
251 * same interface. If the gateway is a (typically manually
252 * configured) link address we can directly offer it.
253 * XXX for now we don't do this but instead offer ours and
256 * WARNING! Since this is a subnet proxy the interface proxying
257 * the ND6 must be in promiscuous mode or it will not see the
258 * solicited multicast requests for various hosts being proxied.
260 * WARNING! Since this is a subnet proxy we have to treat bridge
261 * interfaces as being the bridge itself so we do not proxy-nd6
262 * between bridge interfaces (which are effectively switched).
264 * (In the specific-host-proxy case via RTF_ANNOUNCE, which is
265 * a bitch to configure, a specific multicast route is already
266 * added for that host <-- NOT RECOMMENDED).
268 if (!ifa && ip6_forwarding) {
270 struct sockaddr_in6 tsin6;
273 bzero(&tsin6, sizeof tsin6);
274 tsin6.sin6_len = sizeof(struct sockaddr_in6);
275 tsin6.sin6_family = AF_INET6;
276 tsin6.sin6_addr = taddr6;
278 rt = rtpurelookup((struct sockaddr *)&tsin6);
279 rtifp = rt ? rt->rt_ifp : NULL;
280 if (rtifp && rtifp->if_bridge)
281 rtifp = rtifp->if_bridge;
285 (cmpifp == rtifp && (m->m_flags & M_MCAST) == 0))
287 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(cmpifp,
288 IN6_IFF_NOTREADY|IN6_IFF_ANYCAST);
290 "nd6_ns_input: nd6 proxy %s(%s)<-%s ifa %p\n",
291 if_name(cmpifp), if_name(ifp),
292 if_name(rtifp), ifa));
296 * Manual link address on same interface
297 * w/announce flag will proxy-arp using
298 * target mac, else our mac is used.
300 if (cmpifp == rtifp &&
301 (rt->rt_flags & RTF_ANNOUNCE) &&
302 rt->rt_gateway->sa_family == AF_LINK) {
303 proxydl = SDL(rt->rt_gateway);
312 * We've got an NS packet, and we don't have that adddress
313 * assigned for us. We MUST silently ignore it.
318 myaddr6 = *IFA_IN6(ifa);
319 anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST;
320 tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE;
321 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED)
324 if (lladdr && ((cmpifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
326 "nd6_ns_input: lladdrlen mismatch for %s "
327 "(if %d, NS packet %d)\n",
328 ip6_sprintf(&taddr6), cmpifp->if_addrlen, lladdrlen - 2));
332 if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) {
334 "nd6_ns_input: duplicate IP6 address %s\n",
335 ip6_sprintf(&saddr6)));
340 * We have neighbor solicitation packet, with target address equals to
341 * one of my tentative address.
343 * src addr how to process?
345 * multicast of course, invalid (rejected in ip6_input)
346 * unicast somebody is doing address resolution -> ignore
347 * unspec dup address detection
349 * The processing is defined in RFC 2462.
353 * If source address is unspecified address, it is for
354 * duplicated address detection.
356 * If not, the packet is for addess resolution;
357 * silently ignore it.
359 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6))
360 nd6_dad_ns_input(ifa);
366 * If the source address is unspecified address, entries must not
367 * be created or updated.
368 * It looks that sender is performing DAD. Output NA toward
369 * all-node multicast address, to tell the sender that I'm using
371 * S bit ("solicited") must be zero.
373 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
374 saddr6 = kin6addr_linklocal_allnodes;
375 saddr6.s6_addr16[1] = htons(cmpifp->if_index);
376 nd6_na_output(cmpifp, &saddr6, &taddr6,
377 ((anycast || proxy || !tlladdr)
378 ? 0 : ND_NA_FLAG_OVERRIDE)
379 | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0),
380 tlladdr, (struct sockaddr *)proxydl);
384 nd6_cache_lladdr(cmpifp, &saddr6, lladdr,
385 lladdrlen, ND_NEIGHBOR_SOLICIT, 0);
387 nd6_na_output(ifp, &saddr6, &taddr6,
388 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE)
389 | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0)
390 | ND_NA_FLAG_SOLICITED,
391 tlladdr, (struct sockaddr *)proxydl);
397 nd6log((LOG_ERR, "nd6_ns_input: src=%s\n", ip6_sprintf(&saddr6)));
398 nd6log((LOG_ERR, "nd6_ns_input: dst=%s\n", ip6_sprintf(&daddr6)));
399 nd6log((LOG_ERR, "nd6_ns_input: tgt=%s\n", ip6_sprintf(&taddr6)));
400 icmp6stat.icp6s_badns++;
405 * Output an Neighbor Solicitation Message. Caller specifies:
406 * - ICMP6 header source IP6 address
407 * - ND6 header target IP6 address
408 * - ND6 header source datalink address
411 * Based on RFC 2462 (duplicated address detection)
414 nd6_ns_output(struct ifnet *ifp, const struct in6_addr *daddr6,
415 const struct in6_addr *taddr6,
416 struct llinfo_nd6 *ln, /* for source address determination */
417 int dad) /* duplicated address detection */
421 struct nd_neighbor_solicit *nd_ns;
422 struct in6_ifaddr *ia = NULL;
423 struct ip6_moptions im6o;
427 struct ifnet *outif = NULL;
429 if (IN6_IS_ADDR_MULTICAST(taddr6))
432 /* estimate the size of message */
433 maxlen = sizeof(*ip6) + sizeof(*nd_ns);
434 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
435 if (max_linkhdr + maxlen >= MCLBYTES) {
437 kprintf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES "
438 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES);
443 m = m_getb(max_linkhdr + maxlen, M_NOWAIT, MT_DATA, M_PKTHDR);
447 if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) {
448 m->m_flags |= M_MCAST;
449 im6o.im6o_multicast_ifp = ifp;
450 im6o.im6o_multicast_hlim = 255;
451 im6o.im6o_multicast_loop = 0;
454 icmp6len = sizeof(*nd_ns);
455 m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len;
456 m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */
458 /* fill neighbor solicitation packet */
459 ip6 = mtod(m, struct ip6_hdr *);
461 ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
462 ip6->ip6_vfc |= IPV6_VERSION;
463 /* ip6->ip6_plen will be set later */
464 ip6->ip6_nxt = IPPROTO_ICMPV6;
467 ip6->ip6_dst = *daddr6;
469 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
470 ip6->ip6_dst.s6_addr16[1] = htons(ifp->if_index);
471 ip6->ip6_dst.s6_addr32[1] = 0;
472 ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE;
473 ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3];
474 ip6->ip6_dst.s6_addr8[12] = 0xff;
477 #if 0 /* KAME way, exact address scope match */
479 * Select a source whose scope is the same as that of the dest.
480 * Typically, the dest is link-local solicitation multicast
481 * (i.e. neighbor discovery) or link-local/global unicast
482 * (i.e. neighbor un-reachability detection).
484 ia = in6_ifawithifp(ifp, &ip6->ip6_dst);
489 ip6->ip6_src = ia->ia_addr.sin6_addr;
490 #else /* spec-wise correct */
493 * "If the source address of the packet prompting the
494 * solicitation is the same as one of the addresses assigned
495 * to the outgoing interface, that address SHOULD be placed
496 * in the IP Source Address of the outgoing solicitation.
497 * Otherwise, any one of the addresses assigned to the
498 * interface should be used."
500 * We use the source address for the prompting packet
502 * - saddr6 is given from the caller (by giving "ln"), and
503 * - saddr6 belongs to the outgoing interface.
504 * Otherwise, we perform a scope-wise match.
506 struct ip6_hdr *hip6; /* hold ip6 */
507 struct in6_addr *saddr6;
509 if (ln && ln->ln_hold) {
510 hip6 = mtod(ln->ln_hold, struct ip6_hdr *);
512 if (sizeof(*hip6) < ln->ln_hold->m_len)
513 saddr6 = &hip6->ip6_src;
518 if (saddr6 && in6ifa_ifpwithaddr(ifp, saddr6))
519 bcopy(saddr6, &ip6->ip6_src, sizeof(*saddr6));
521 ia = in6_ifawithifp(ifp, &ip6->ip6_dst);
526 ip6->ip6_src = ia->ia_addr.sin6_addr;
531 * Source address for DAD packet must always be IPv6
532 * unspecified address. (0::0)
534 bzero(&ip6->ip6_src, sizeof(ip6->ip6_src));
536 nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1);
537 nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT;
538 nd_ns->nd_ns_code = 0;
539 nd_ns->nd_ns_reserved = 0;
540 nd_ns->nd_ns_target = *taddr6;
542 if (IN6_IS_SCOPE_LINKLOCAL(&nd_ns->nd_ns_target))
543 nd_ns->nd_ns_target.s6_addr16[1] = 0;
546 * Add source link-layer address option.
548 * spec implementation
550 * DAD packet MUST NOT do not add the option
551 * there's no link layer address:
552 * impossible do not add the option
553 * there's link layer address:
554 * Multicast NS MUST add one add the option
555 * Unicast NS SHOULD add one add the option
557 if (!dad && (mac = nd6_ifptomac(ifp))) {
558 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
559 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1);
560 /* 8 byte alignments... */
561 optlen = (optlen + 7) & ~7;
563 m->m_pkthdr.len += optlen;
566 bzero((caddr_t)nd_opt, optlen);
567 nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR;
568 nd_opt->nd_opt_len = optlen >> 3;
569 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen);
572 ip6->ip6_plen = htons((u_short)icmp6len);
573 nd_ns->nd_ns_cksum = 0;
575 = in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len);
577 ip6_output(m, NULL, NULL, dad ? IPV6_DADOUTPUT : 0, &im6o, &outif, NULL);
579 icmp6_ifstat_inc(outif, ifs6_out_msg);
580 icmp6_ifstat_inc(outif, ifs6_out_neighborsolicit);
582 icmp6stat.icp6s_outhist[ND_NEIGHBOR_SOLICIT]++;
586 * Neighbor advertisement input handling.
589 * Based on RFC 2462 (duplicated address detection)
591 * the following items are not implemented yet:
592 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
593 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
596 nd6_na_input(struct mbuf *m, int off, int icmp6len)
598 struct ifnet *ifp = m->m_pkthdr.rcvif;
599 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
600 struct nd_neighbor_advert *nd_na;
601 struct in6_addr saddr6 = ip6->ip6_src;
602 struct in6_addr daddr6 = ip6->ip6_dst;
603 struct in6_addr taddr6;
611 struct llinfo_nd6 *ln;
613 struct sockaddr_dl *sdl;
614 union nd_opts ndopts;
616 if (ip6->ip6_hlim != 255) {
618 "nd6_na_input: invalid hlim (%d) from %s to %s on %s\n",
619 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src),
620 ip6_sprintf(&ip6->ip6_dst), if_name(ifp)));
624 #ifndef PULLDOWN_TEST
625 IP6_EXTHDR_CHECK(m, off, icmp6len,);
626 nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off);
628 IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len);
630 icmp6stat.icp6s_tooshort++;
634 taddr6 = nd_na->nd_na_target;
635 flags = nd_na->nd_na_flags_reserved;
636 is_router = ((flags & ND_NA_FLAG_ROUTER) != 0);
637 is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0);
638 is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0);
640 if (IN6_IS_SCOPE_LINKLOCAL(&taddr6))
641 taddr6.s6_addr16[1] = htons(ifp->if_index);
643 if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
645 "nd6_na_input: invalid target address %s\n",
646 ip6_sprintf(&taddr6)));
649 if (IN6_IS_ADDR_MULTICAST(&daddr6))
652 "nd6_na_input: a solicited adv is multicasted\n"));
656 icmp6len -= sizeof(*nd_na);
657 nd6_option_init(nd_na + 1, icmp6len, &ndopts);
658 if (nd6_options(&ndopts) < 0) {
660 "nd6_na_input: invalid ND option, ignored\n"));
661 /* nd6_options have incremented stats */
665 if (ndopts.nd_opts_tgt_lladdr) {
666 lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1);
667 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
670 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
673 * Target address matches one of my interface address.
675 * If my address is tentative, this means that there's somebody
676 * already using the same address as mine. This indicates DAD failure.
677 * This is defined in RFC 2462.
679 * Otherwise, process as defined in RFC 2461.
682 && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) {
683 nd6_dad_na_input(ifa);
687 /* Just for safety, maybe unnecessary. */
690 "nd6_na_input: duplicate IP6 address %s\n",
691 ip6_sprintf(&taddr6));
696 * Make sure the source address is from a neighbor's address.
698 if (in6ifa_ifplocaladdr(ifp, &saddr6) == NULL) {
699 nd6log((LOG_INFO, "nd6_na_input: "
700 "NA packet from non-neighbor\n"));
704 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
706 "nd6_na_input: lladdrlen mismatch for %s "
707 "(if %d, NA packet %d)\n",
708 ip6_sprintf(&taddr6), ifp->if_addrlen, lladdrlen - 2));
713 * If no neighbor cache entry is found, NA SHOULD silently be discarded.
715 rt = nd6_lookup(&taddr6, 0, ifp);
717 ((ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) ||
718 ((sdl = SDL(rt->rt_gateway)) == NULL))
721 if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
723 * If the link-layer has address, and no lladdr option came,
724 * discard the packet.
726 if (ifp->if_addrlen && !lladdr)
730 * Record link-layer address, and update the state.
732 sdl->sdl_alen = ifp->if_addrlen;
733 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen);
735 ln->ln_state = ND6_LLINFO_REACHABLE;
738 ln->ln_expire = time_uptime +
739 ND_IFINFO(rt->rt_ifp)->reachable;
741 ln->ln_state = ND6_LLINFO_STALE;
742 ln->ln_expire = time_uptime + nd6_gctimer;
744 if ((ln->ln_router = is_router) != 0) {
746 * This means a router's state has changed from
747 * non-reachable to probably reachable, and might
748 * affect the status of associated prefixes..
750 pfxlist_onlink_check();
756 * Check if the link-layer address has changed or not.
762 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen))
771 * This is VERY complex. Look at it with care.
773 * override solicit lladdr llchange action
778 * 0 0 y y (1) REACHABLE->STALE
779 * 0 1 n -- (2c) *->REACHABLE
780 * 0 1 y n (2b) L *->REACHABLE
781 * 0 1 y y (1) REACHABLE->STALE
784 * 1 0 y y (2a) L *->STALE
785 * 1 1 n -- (2a) *->REACHABLE
786 * 1 1 y n (2a) L *->REACHABLE
787 * 1 1 y y (2a) L *->REACHABLE
789 if (!is_override && (lladdr && llchange)) { /* (1) */
791 * If state is REACHABLE, make it STALE.
792 * no other updates should be done.
794 if (ln->ln_state == ND6_LLINFO_REACHABLE) {
795 ln->ln_state = ND6_LLINFO_STALE;
796 ln->ln_expire = time_uptime + nd6_gctimer;
799 } else if (is_override /* (2a) */
800 || (!is_override && (lladdr && !llchange)) /* (2b) */
801 || !lladdr) { /* (2c) */
803 * Update link-local address, if any.
806 sdl->sdl_alen = ifp->if_addrlen;
807 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen);
811 * If solicited, make the state REACHABLE.
812 * If not solicited and the link-layer address was
813 * changed, make it STALE.
816 ln->ln_state = ND6_LLINFO_REACHABLE;
819 ln->ln_expire = time_uptime +
820 ND_IFINFO(ifp)->reachable;
823 if (lladdr && llchange) {
824 ln->ln_state = ND6_LLINFO_STALE;
825 ln->ln_expire = time_uptime + nd6_gctimer;
830 if (ln->ln_router && !is_router) {
832 * The peer dropped the router flag.
833 * Remove the sender from the Default Router List and
834 * update the Destination Cache entries.
836 struct nd_defrouter *dr;
837 struct in6_addr *in6;
839 in6 = &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr;
842 * Lock to protect the default router list.
843 * XXX: this might be unnecessary, since this function
844 * is only called under the network software interrupt
845 * context. However, we keep it just for safety.
848 dr = defrouter_lookup(in6, rt->rt_ifp);
851 mtx_unlock(&nd6_mtx);
853 if (dr == NULL && !ip6_forwarding && ip6_accept_rtadv) {
855 * Even if the neighbor is not in the default
856 * router list, the neighbor may be used
857 * as a next hop for some destinations
858 * (e.g. redirect case). So we must
859 * call rt6_flush explicitly.
861 rt6_flush(&ip6->ip6_src, rt->rt_ifp);
864 ln->ln_router = is_router;
866 rt->rt_flags &= ~RTF_REJECT;
870 * we assume ifp is not a loopback here, so just set the 2nd
871 * argument as the 1st one.
873 nd6_output(ifp, ifp, ln->ln_hold,
874 (struct sockaddr_in6 *)rt_key(rt), rt);
883 icmp6stat.icp6s_badna++;
888 * Neighbor advertisement output handling.
892 * the following items are not implemented yet:
893 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
894 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
897 nd6_na_output(struct ifnet *ifp, const struct in6_addr *daddr6,
898 const struct in6_addr *taddr6, u_long flags,
899 int tlladdr, /* 1 if include target link-layer address */
900 struct sockaddr *sdl0) /* sockaddr_dl (= proxy NA) or NULL */
904 struct nd_neighbor_advert *nd_na;
905 struct in6_ifaddr *ia = NULL;
906 struct ip6_moptions im6o;
910 struct ifnet *outif = NULL;
912 /* estimate the size of message */
913 maxlen = sizeof(*ip6) + sizeof(*nd_na);
914 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
915 if (max_linkhdr + maxlen >= MCLBYTES) {
917 kprintf("nd6_na_output: max_linkhdr + maxlen >= MCLBYTES "
918 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES);
923 m = m_getb(max_linkhdr + maxlen, M_NOWAIT, MT_DATA, M_PKTHDR);
927 if (IN6_IS_ADDR_MULTICAST(daddr6)) {
928 m->m_flags |= M_MCAST;
929 im6o.im6o_multicast_ifp = ifp;
930 im6o.im6o_multicast_hlim = 255;
931 im6o.im6o_multicast_loop = 0;
934 icmp6len = sizeof(*nd_na);
935 m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len;
936 m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */
938 /* fill neighbor advertisement packet */
939 ip6 = mtod(m, struct ip6_hdr *);
941 ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
942 ip6->ip6_vfc |= IPV6_VERSION;
943 ip6->ip6_nxt = IPPROTO_ICMPV6;
945 if (IN6_IS_ADDR_UNSPECIFIED(daddr6)) {
947 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
948 ip6->ip6_dst.s6_addr16[1] = htons(ifp->if_index);
949 ip6->ip6_dst.s6_addr32[1] = 0;
950 ip6->ip6_dst.s6_addr32[2] = 0;
951 ip6->ip6_dst.s6_addr32[3] = IPV6_ADDR_INT32_ONE;
952 flags &= ~ND_NA_FLAG_SOLICITED;
954 ip6->ip6_dst = *daddr6;
957 * Select a source whose scope is the same as that of the dest.
959 ia = in6_ifawithifp(ifp, &ip6->ip6_dst);
964 ip6->ip6_src = ia->ia_addr.sin6_addr;
965 nd_na = (struct nd_neighbor_advert *)(ip6 + 1);
966 nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
967 nd_na->nd_na_code = 0;
968 nd_na->nd_na_target = *taddr6;
969 if (IN6_IS_SCOPE_LINKLOCAL(&nd_na->nd_na_target))
970 nd_na->nd_na_target.s6_addr16[1] = 0;
973 * "tlladdr" indicates NS's condition for adding tlladdr or not.
974 * see nd6_ns_input() for details.
975 * Basically, if NS packet is sent to unicast/anycast addr,
976 * target lladdr option SHOULD NOT be included.
981 * sdl0 != NULL indicates proxy NA. If we do proxy, use
982 * lladdr in sdl0. If we are not proxying (sending NA for
983 * my address) use lladdr configured for the interface.
988 mac = carp_macmatch6(ifp->if_carp, m, taddr6);
990 mac = nd6_ifptomac(ifp);
992 mac = nd6_ifptomac(ifp);
994 } else if (sdl0->sa_family == AF_LINK) {
995 struct sockaddr_dl *sdl;
996 sdl = (struct sockaddr_dl *)sdl0;
997 if (sdl->sdl_alen == ifp->if_addrlen)
1002 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
1003 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1);
1005 /* roundup to 8 bytes alignment! */
1006 optlen = (optlen + 7) & ~7;
1008 m->m_pkthdr.len += optlen;
1011 bzero((caddr_t)nd_opt, optlen);
1012 nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR;
1013 nd_opt->nd_opt_len = optlen >> 3;
1014 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen);
1016 flags &= ~ND_NA_FLAG_OVERRIDE;
1018 ip6->ip6_plen = htons((u_short)icmp6len);
1019 nd_na->nd_na_flags_reserved = flags;
1020 nd_na->nd_na_cksum = 0;
1021 nd_na->nd_na_cksum =
1022 in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len);
1024 ip6_output(m, NULL, NULL, 0, &im6o, &outif, NULL);
1026 icmp6_ifstat_inc(outif, ifs6_out_msg);
1027 icmp6_ifstat_inc(outif, ifs6_out_neighboradvert);
1029 icmp6stat.icp6s_outhist[ND_NEIGHBOR_ADVERT]++;
1033 nd6_ifptomac(struct ifnet *ifp)
1035 switch (ifp->if_type) {
1041 #ifdef IFT_IEEE80211
1047 return ((caddr_t)(ifp + 1));
1054 TAILQ_HEAD(dadq_head, dadq);
1056 TAILQ_ENTRY(dadq) dad_list;
1057 struct ifaddr *dad_ifa;
1058 int dad_count; /* max NS to send */
1059 int dad_ns_tcount; /* # of trials to send NS */
1060 int dad_ns_ocount; /* NS sent so far */
1063 struct callout dad_timer_ch;
1066 static struct dadq_head dadq;
1067 static int dad_init = 0;
1069 static struct dadq *
1070 nd6_dad_find(struct ifaddr *ifa)
1074 TAILQ_FOREACH(dp, &dadq, dad_list) {
1075 if (dp->dad_ifa == ifa)
1082 nd6_dad_starttimer(struct dadq *dp, int ticks)
1085 callout_reset(&dp->dad_timer_ch, ticks,
1086 (void (*) (void *))nd6_dad_timer, (void *)dp->dad_ifa);
1090 nd6_dad_stoptimer(struct dadq *dp)
1093 callout_stop(&dp->dad_timer_ch);
1097 * Start Duplicated Address Detection (DAD) for specified interface address.
1100 nd6_dad_start(struct ifaddr *ifa,
1101 int *tick) /* minimum delay ticks for IFF_UP event */
1103 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1112 * If we don't need DAD, don't do it.
1113 * There are several cases:
1114 * - DAD is disabled (ip6_dad_count == 0)
1115 * - the interface address is anycast
1117 if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) {
1119 "nd6_dad_start: called with non-tentative address "
1121 ip6_sprintf(&ia->ia_addr.sin6_addr),
1122 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1125 if (ia->ia6_flags & IN6_IFF_ANYCAST) {
1126 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1129 if (!ip6_dad_count) {
1130 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1134 panic("nd6_dad_start: ifa->ifa_ifp == NULL");
1135 if (!(ifa->ifa_ifp->if_flags & IFF_UP))
1137 if (nd6_dad_find(ifa) != NULL) {
1138 /* DAD already in progress */
1142 dp = kmalloc(sizeof(*dp), M_IP6NDP, M_NOWAIT | M_ZERO);
1144 log(LOG_ERR, "nd6_dad_start: memory allocation failed for "
1146 ip6_sprintf(&ia->ia_addr.sin6_addr),
1147 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1150 callout_init(&dp->dad_timer_ch);
1151 TAILQ_INSERT_TAIL(&dadq, dp, dad_list);
1153 nd6log((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp),
1154 ip6_sprintf(&ia->ia_addr.sin6_addr)));
1157 * Send NS packet for DAD, ip6_dad_count times.
1158 * Note that we must delay the first transmission, if this is the
1159 * first packet to be sent from the interface after interface
1160 * (re)initialization.
1163 _IFAREF(ifa, 0); /* just for safety */
1164 dp->dad_count = ip6_dad_count;
1165 dp->dad_ns_icount = dp->dad_na_icount = 0;
1166 dp->dad_ns_ocount = dp->dad_ns_tcount = 0;
1168 nd6_dad_ns_output(dp, ifa);
1169 nd6_dad_starttimer(dp,
1170 ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
1175 ntick = krandom() % (MAX_RTR_SOLICITATION_DELAY * hz);
1177 ntick = *tick + krandom() % (hz / 2);
1179 nd6_dad_starttimer(dp, ntick);
1184 * terminate DAD unconditionally. used for address removals.
1187 nd6_dad_stop(struct ifaddr *ifa)
1193 dp = nd6_dad_find(ifa);
1195 /* DAD wasn't started yet */
1199 nd6_dad_stoptimer(dp);
1201 TAILQ_REMOVE(&dadq, dp, dad_list);
1202 kfree(dp, M_IP6NDP);
1208 nd6_dad_timer(struct ifaddr *ifa)
1210 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1217 log(LOG_ERR, "nd6_dad_timer: called with null parameter\n");
1220 dp = nd6_dad_find(ifa);
1222 log(LOG_ERR, "nd6_dad_timer: DAD structure not found\n");
1225 if (ia->ia6_flags & IN6_IFF_DUPLICATED) {
1226 log(LOG_ERR, "nd6_dad_timer: called with duplicated address "
1228 ip6_sprintf(&ia->ia_addr.sin6_addr),
1229 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1232 if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) {
1233 log(LOG_ERR, "nd6_dad_timer: called with non-tentative address "
1235 ip6_sprintf(&ia->ia_addr.sin6_addr),
1236 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1240 /* timeouted with IFF_{RUNNING,UP} check */
1241 if (dp->dad_ns_tcount > dad_maxtry) {
1242 nd6log((LOG_INFO, "%s: could not run DAD, driver problem?\n",
1243 if_name(ifa->ifa_ifp)));
1245 TAILQ_REMOVE(&dadq, dp, dad_list);
1246 kfree(dp, M_IP6NDP);
1252 /* Need more checks? */
1253 if (dp->dad_ns_ocount < dp->dad_count) {
1255 * We have more NS to go. Send NS packet for DAD.
1257 nd6_dad_ns_output(dp, ifa);
1258 nd6_dad_starttimer(dp,
1259 ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
1262 * We have transmitted sufficient number of DAD packets.
1263 * See what we've got.
1269 if (dp->dad_na_icount) {
1271 * the check is in nd6_dad_na_input(),
1277 if (dp->dad_ns_icount) {
1278 #if 0 /* heuristics */
1281 * - we have sent many(?) DAD NS, and
1282 * - the number of NS we sent equals to the
1283 * number of NS we've got, and
1285 * we may have a faulty network card/driver which
1286 * loops back multicasts to myself.
1288 if (3 < dp->dad_count
1289 && dp->dad_ns_icount == dp->dad_count
1290 && dp->dad_na_icount == 0) {
1291 log(LOG_INFO, "DAD questionable for %s(%s): "
1292 "network card loops back multicast?\n",
1293 ip6_sprintf(&ia->ia_addr.sin6_addr),
1294 if_name(ifa->ifa_ifp));
1295 /* XXX consider it a duplicate or not? */
1298 /* We've seen NS, means DAD has failed. */
1302 /* We've seen NS, means DAD has failed. */
1308 /* (*dp) will be freed in nd6_dad_duplicated() */
1310 nd6_dad_duplicated(ifa);
1313 * We are done with DAD. No NA came, no NS came.
1314 * duplicated address found.
1316 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1319 "%s: DAD complete for %s - no duplicates found\n",
1320 if_name(ifa->ifa_ifp),
1321 ip6_sprintf(&ia->ia_addr.sin6_addr)));
1323 TAILQ_REMOVE(&dadq, dp, dad_list);
1324 kfree(dp, M_IP6NDP);
1331 mtx_unlock(&nd6_mtx);
1335 nd6_dad_duplicated(struct ifaddr *ifa)
1337 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1340 dp = nd6_dad_find(ifa);
1342 log(LOG_ERR, "nd6_dad_duplicated: DAD structure not found\n");
1346 log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: "
1347 "NS in/out=%d/%d, NA in=%d\n",
1348 if_name(ifa->ifa_ifp), ip6_sprintf(&ia->ia_addr.sin6_addr),
1349 dp->dad_ns_icount, dp->dad_ns_ocount, dp->dad_na_icount);
1351 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1352 ia->ia6_flags |= IN6_IFF_DUPLICATED;
1354 /* We are done with DAD, with duplicated address found. (failure) */
1355 nd6_dad_stoptimer(dp);
1357 log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n",
1358 if_name(ifa->ifa_ifp), ip6_sprintf(&ia->ia_addr.sin6_addr));
1359 log(LOG_ERR, "%s: manual intervention required\n",
1360 if_name(ifa->ifa_ifp));
1362 TAILQ_REMOVE(&dadq, dp, dad_list);
1363 kfree(dp, M_IP6NDP);
1369 nd6_dad_ns_output(struct dadq *dp, struct ifaddr *ifa)
1371 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1372 struct ifnet *ifp = ifa->ifa_ifp;
1374 dp->dad_ns_tcount++;
1375 if (!(ifp->if_flags & IFF_UP)) {
1377 kprintf("%s: interface down?\n", if_name(ifp));
1381 if (!(ifp->if_flags & IFF_RUNNING)) {
1383 kprintf("%s: interface not running?\n", if_name(ifp));
1388 dp->dad_ns_ocount++;
1389 nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL, 1);
1393 nd6_dad_ns_input(struct ifaddr *ifa)
1395 struct in6_ifaddr *ia;
1396 const struct in6_addr *taddr6;
1401 panic("ifa == NULL in nd6_dad_ns_input");
1403 ia = (struct in6_ifaddr *)ifa;
1404 taddr6 = &ia->ia_addr.sin6_addr;
1406 dp = nd6_dad_find(ifa);
1408 /* Quickhack - completely ignore DAD NS packets */
1409 if (dad_ignore_ns) {
1411 "nd6_dad_ns_input: ignoring DAD NS packet for "
1412 "address %s(%s)\n", ip6_sprintf(taddr6),
1413 if_name(ifa->ifa_ifp)));
1418 * if I'm yet to start DAD, someone else started using this address
1419 * first. I have a duplicate and you win.
1421 if (!dp || dp->dad_ns_ocount == 0)
1424 /* XXX more checks for loopback situation - see nd6_dad_timer too */
1427 dp = NULL; /* will be freed in nd6_dad_duplicated() */
1428 nd6_dad_duplicated(ifa);
1431 * not sure if I got a duplicate.
1432 * increment ns count and see what happens.
1435 dp->dad_ns_icount++;
1440 nd6_dad_na_input(struct ifaddr *ifa)
1445 panic("ifa == NULL in nd6_dad_na_input");
1447 dp = nd6_dad_find(ifa);
1449 dp->dad_na_icount++;
1451 /* remove the address. */
1452 nd6_dad_duplicated(ifa);
projects / dragonfly.git / blob