Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/netinet/if_ether.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)if_ether.c 8.1 (Berkeley) 6/10/93 30 */ 31 32 /* 33 * Ethernet address resolution protocol. 34 * TODO: 35 * add "inuse/lock" bit (or ref. count) along with valid bit 36 */ 37 38 #include <sys/cdefs.h> 39 __FBSDID("$FreeBSD: releng/8.0/sys/netinet/if_ether.c 198308 2009-10-20 21:36:56Z qingli $"); 40 41 #include "opt_inet.h" 42 #include "opt_carp.h" 43 44 #include <sys/param.h> 45 #include <sys/kernel.h> 46 #include <sys/queue.h> 47 #include <sys/sysctl.h> 48 #include <sys/systm.h> 49 #include <sys/mbuf.h> 50 #include <sys/malloc.h> 51 #include <sys/proc.h> 52 #include <sys/socket.h> 53 #include <sys/syslog.h> 54 55 #include <net/if.h> 56 #include <net/if_dl.h> 57 #include <net/if_types.h> 58 #include <net/netisr.h> 59 #include <net/if_llc.h> 60 #include <net/ethernet.h> 61 #include <net/route.h> 62 #include <net/vnet.h> 63 64 #include <netinet/in.h> 65 #include <netinet/in_var.h> 66 #include <net/if_llatbl.h> 67 #include <netinet/if_ether.h> 68 69 #include <net/if_arc.h> 70 #include <net/iso88025.h> 71 72 #ifdef DEV_CARP 73 #include <netinet/ip_carp.h> 74 #endif 75 76 #include <security/mac/mac_framework.h> 77 78 #define SIN(s) ((struct sockaddr_in *)s) 79 #define SDL(s) ((struct sockaddr_dl *)s) 80 81 SYSCTL_DECL(_net_link_ether); 82 SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, ""); 83 84 VNET_DEFINE(int, useloopback) = 1; /* use loopback interface for 85 * local traffic */ 86 87 /* timer values */ 88 static VNET_DEFINE(int, arpt_keep) = (20*60); /* once resolved, good for 20 89 * minutes */ 90 static VNET_DEFINE(int, arpt_down) = 20; /* keep incomplete entries for 91 * 20 seconds */ 92 static VNET_DEFINE(int, arp_maxtries) = 5; 93 static VNET_DEFINE(int, arp_proxyall); 94 95 #define V_arpt_keep VNET(arpt_keep) 96 #define V_arpt_down VNET(arpt_down) 97 #define V_arp_maxtries VNET(arp_maxtries) 98 #define V_arp_proxyall VNET(arp_proxyall) 99 100 SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW, 101 &VNET_NAME(arpt_keep), 0, 102 "ARP entry lifetime in seconds"); 103 104 SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW, 105 &VNET_NAME(arp_maxtries), 0, 106 "ARP resolution attempts before returning error"); 107 SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, useloopback, CTLFLAG_RW, 108 &VNET_NAME(useloopback), 0, 109 "Use the loopback interface for local traffic"); 110 SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW, 111 &VNET_NAME(arp_proxyall), 0, 112 "Enable proxy ARP for all suitable requests"); 113 114 static void arp_init(void); 115 void arprequest(struct ifnet *, 116 struct in_addr *, struct in_addr *, u_char *); 117 static void arpintr(struct mbuf *); 118 static void arptimer(void *); 119 #ifdef INET 120 static void in_arpinput(struct mbuf *); 121 #endif 122 123 static const struct netisr_handler arp_nh = { 124 .nh_name = "arp", 125 .nh_handler = arpintr, 126 .nh_proto = NETISR_ARP, 127 .nh_policy = NETISR_POLICY_SOURCE, 128 }; 129 130 #ifdef AF_INET 131 void arp_ifscrub(struct ifnet *ifp, uint32_t addr); 132 133 /* 134 * called by in_ifscrub to remove entry from the table when 135 * the interface goes away 136 */ 137 void 138 arp_ifscrub(struct ifnet *ifp, uint32_t addr) 139 { 140 struct sockaddr_in addr4; 141 142 bzero((void *)&addr4, sizeof(addr4)); 143 addr4.sin_len = sizeof(addr4); 144 addr4.sin_family = AF_INET; 145 addr4.sin_addr.s_addr = addr; 146 CURVNET_SET(ifp->if_vnet); 147 IF_AFDATA_LOCK(ifp); 148 lla_lookup(LLTABLE(ifp), (LLE_DELETE | LLE_IFADDR), 149 (struct sockaddr *)&addr4); 150 IF_AFDATA_UNLOCK(ifp); 151 CURVNET_RESTORE(); 152 } 153 #endif 154 155 /* 156 * Timeout routine. Age arp_tab entries periodically. 157 */ 158 static void 159 arptimer(void *arg) 160 { 161 struct ifnet *ifp; 162 struct llentry *lle = (struct llentry *)arg; 163 164 if (lle == NULL) { 165 panic("%s: NULL entry!\n", __func__); 166 return; 167 } 168 ifp = lle->lle_tbl->llt_ifp; 169 IF_AFDATA_LOCK(ifp); 170 LLE_WLOCK(lle); 171 if ((!callout_pending(&lle->la_timer) && 172 callout_active(&lle->la_timer))) { 173 (void) llentry_free(lle); 174 } 175 #ifdef DIAGNOSTICS 176 else { 177 struct sockaddr *l3addr = L3_ADDR(lle); 178 log(LOG_INFO, "arptimer issue: %p, IPv4 address: \"%s\"\n", lle, 179 inet_ntoa(((const struct sockaddr_in *)l3addr)->sin_addr)); 180 } 181 #endif 182 IF_AFDATA_UNLOCK(ifp); 183 } 184 185 /* 186 * Broadcast an ARP request. Caller specifies: 187 * - arp header source ip address 188 * - arp header target ip address 189 * - arp header source ethernet address 190 */ 191 void 192 arprequest(struct ifnet *ifp, struct in_addr *sip, struct in_addr *tip, 193 u_char *enaddr) 194 { 195 struct mbuf *m; 196 struct arphdr *ah; 197 struct sockaddr sa; 198 199 if (sip == NULL) { 200 /* XXX don't believe this can happen (or explain why) */ 201 /* 202 * The caller did not supply a source address, try to find 203 * a compatible one among those assigned to this interface. 204 */ 205 struct ifaddr *ifa; 206 207 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 208 if (!ifa->ifa_addr || 209 ifa->ifa_addr->sa_family != AF_INET) 210 continue; 211 sip = &SIN(ifa->ifa_addr)->sin_addr; 212 if (0 == ((sip->s_addr ^ tip->s_addr) & 213 SIN(ifa->ifa_netmask)->sin_addr.s_addr) ) 214 break; /* found it. */ 215 } 216 if (sip == NULL) { 217 printf("%s: cannot find matching address\n", __func__); 218 return; 219 } 220 } 221 222 if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL) 223 return; 224 m->m_len = sizeof(*ah) + 2*sizeof(struct in_addr) + 225 2*ifp->if_data.ifi_addrlen; 226 m->m_pkthdr.len = m->m_len; 227 MH_ALIGN(m, m->m_len); 228 ah = mtod(m, struct arphdr *); 229 bzero((caddr_t)ah, m->m_len); 230 #ifdef MAC 231 mac_netinet_arp_send(ifp, m); 232 #endif 233 ah->ar_pro = htons(ETHERTYPE_IP); 234 ah->ar_hln = ifp->if_addrlen; /* hardware address length */ 235 ah->ar_pln = sizeof(struct in_addr); /* protocol address length */ 236 ah->ar_op = htons(ARPOP_REQUEST); 237 bcopy((caddr_t)enaddr, (caddr_t)ar_sha(ah), ah->ar_hln); 238 bcopy((caddr_t)sip, (caddr_t)ar_spa(ah), ah->ar_pln); 239 bcopy((caddr_t)tip, (caddr_t)ar_tpa(ah), ah->ar_pln); 240 sa.sa_family = AF_ARP; 241 sa.sa_len = 2; 242 m->m_flags |= M_BCAST; 243 (*ifp->if_output)(ifp, m, &sa, NULL); 244 } 245 246 /* 247 * Resolve an IP address into an ethernet address. 248 * On input: 249 * ifp is the interface we use 250 * rt0 is the route to the final destination (possibly useless) 251 * m is the mbuf. May be NULL if we don't have a packet. 252 * dst is the next hop, 253 * desten is where we want the address. 254 * 255 * On success, desten is filled in and the function returns 0; 256 * If the packet must be held pending resolution, we return EWOULDBLOCK 257 * On other errors, we return the corresponding error code. 258 * Note that m_freem() handles NULL. 259 */ 260 int 261 arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, 262 struct sockaddr *dst, u_char *desten, struct llentry **lle) 263 { 264 struct llentry *la = 0; 265 u_int flags = 0; 266 int error, renew; 267 268 *lle = NULL; 269 if (m != NULL) { 270 if (m->m_flags & M_BCAST) { 271 /* broadcast */ 272 (void)memcpy(desten, 273 ifp->if_broadcastaddr, ifp->if_addrlen); 274 return (0); 275 } 276 if (m->m_flags & M_MCAST && ifp->if_type != IFT_ARCNET) { 277 /* multicast */ 278 ETHER_MAP_IP_MULTICAST(&SIN(dst)->sin_addr, desten); 279 return (0); 280 } 281 } 282 /* XXXXX 283 */ 284 retry: 285 IF_AFDATA_RLOCK(ifp); 286 la = lla_lookup(LLTABLE(ifp), flags, dst); 287 IF_AFDATA_RUNLOCK(ifp); 288 if ((la == NULL) && ((flags & LLE_EXCLUSIVE) == 0) 289 && ((ifp->if_flags & (IFF_NOARP | IFF_STATICARP)) == 0)) { 290 flags |= (LLE_CREATE | LLE_EXCLUSIVE); 291 IF_AFDATA_WLOCK(ifp); 292 la = lla_lookup(LLTABLE(ifp), flags, dst); 293 IF_AFDATA_WUNLOCK(ifp); 294 } 295 if (la == NULL) { 296 if (flags & LLE_CREATE) 297 log(LOG_DEBUG, 298 "arpresolve: can't allocate llinfo for %s\n", 299 inet_ntoa(SIN(dst)->sin_addr)); 300 m_freem(m); 301 return (EINVAL); 302 } 303 304 if ((la->la_flags & LLE_VALID) && 305 ((la->la_flags & LLE_STATIC) || la->la_expire > time_second)) { 306 bcopy(&la->ll_addr, desten, ifp->if_addrlen); 307 /* 308 * If entry has an expiry time and it is approaching, 309 * see if we need to send an ARP request within this 310 * arpt_down interval. 311 */ 312 if (!(la->la_flags & LLE_STATIC) && 313 time_second + la->la_preempt > la->la_expire) { 314 arprequest(ifp, NULL, 315 &SIN(dst)->sin_addr, IF_LLADDR(ifp)); 316 317 la->la_preempt--; 318 } 319 320 *lle = la; 321 error = 0; 322 goto done; 323 } 324 325 if (la->la_flags & LLE_STATIC) { /* should not happen! */ 326 log(LOG_DEBUG, "arpresolve: ouch, empty static llinfo for %s\n", 327 inet_ntoa(SIN(dst)->sin_addr)); 328 m_freem(m); 329 error = EINVAL; 330 goto done; 331 } 332 333 renew = (la->la_asked == 0 || la->la_expire != time_second); 334 if ((renew || m != NULL) && (flags & LLE_EXCLUSIVE) == 0) { 335 flags |= LLE_EXCLUSIVE; 336 LLE_RUNLOCK(la); 337 goto retry; 338 } 339 /* 340 * There is an arptab entry, but no ethernet address 341 * response yet. Replace the held mbuf with this 342 * latest one. 343 */ 344 if (m != NULL) { 345 if (la->la_hold != NULL) 346 m_freem(la->la_hold); 347 la->la_hold = m; 348 if (renew == 0 && (flags & LLE_EXCLUSIVE)) { 349 flags &= ~LLE_EXCLUSIVE; 350 LLE_DOWNGRADE(la); 351 } 352 353 } 354 /* 355 * Return EWOULDBLOCK if we have tried less than arp_maxtries. It 356 * will be masked by ether_output(). Return EHOSTDOWN/EHOSTUNREACH 357 * if we have already sent arp_maxtries ARP requests. Retransmit the 358 * ARP request, but not faster than one request per second. 359 */ 360 if (la->la_asked < V_arp_maxtries) 361 error = EWOULDBLOCK; /* First request. */ 362 else 363 error = 364 (rt0->rt_flags & RTF_GATEWAY) ? EHOSTUNREACH : EHOSTDOWN; 365 366 if (renew) { 367 LLE_ADDREF(la); 368 la->la_expire = time_second + V_arpt_down; 369 callout_reset(&la->la_timer, hz * V_arpt_down, arptimer, la); 370 la->la_asked++; 371 LLE_WUNLOCK(la); 372 arprequest(ifp, NULL, &SIN(dst)->sin_addr, 373 IF_LLADDR(ifp)); 374 return (error); 375 } 376 done: 377 if (flags & LLE_EXCLUSIVE) 378 LLE_WUNLOCK(la); 379 else 380 LLE_RUNLOCK(la); 381 return (error); 382 } 383 384 /* 385 * Common length and type checks are done here, 386 * then the protocol-specific routine is called. 387 */ 388 static void 389 arpintr(struct mbuf *m) 390 { 391 struct arphdr *ar; 392 393 if (m->m_len < sizeof(struct arphdr) && 394 ((m = m_pullup(m, sizeof(struct arphdr))) == NULL)) { 395 log(LOG_ERR, "arp: runt packet -- m_pullup failed\n"); 396 return; 397 } 398 ar = mtod(m, struct arphdr *); 399 400 if (ntohs(ar->ar_hrd) != ARPHRD_ETHER && 401 ntohs(ar->ar_hrd) != ARPHRD_IEEE802 && 402 ntohs(ar->ar_hrd) != ARPHRD_ARCNET && 403 ntohs(ar->ar_hrd) != ARPHRD_IEEE1394) { 404 log(LOG_ERR, "arp: unknown hardware address format (0x%2D)\n", 405 (unsigned char *)&ar->ar_hrd, ""); 406 m_freem(m); 407 return; 408 } 409 410 if (m->m_len < arphdr_len(ar)) { 411 if ((m = m_pullup(m, arphdr_len(ar))) == NULL) { 412 log(LOG_ERR, "arp: runt packet\n"); 413 m_freem(m); 414 return; 415 } 416 ar = mtod(m, struct arphdr *); 417 } 418 419 switch (ntohs(ar->ar_pro)) { 420 #ifdef INET 421 case ETHERTYPE_IP: 422 in_arpinput(m); 423 return; 424 #endif 425 } 426 m_freem(m); 427 } 428 429 #ifdef INET 430 /* 431 * ARP for Internet protocols on 10 Mb/s Ethernet. 432 * Algorithm is that given in RFC 826. 433 * In addition, a sanity check is performed on the sender 434 * protocol address, to catch impersonators. 435 * We no longer handle negotiations for use of trailer protocol: 436 * Formerly, ARP replied for protocol type ETHERTYPE_TRAIL sent 437 * along with IP replies if we wanted trailers sent to us, 438 * and also sent them in response to IP replies. 439 * This allowed either end to announce the desire to receive 440 * trailer packets. 441 * We no longer reply to requests for ETHERTYPE_TRAIL protocol either, 442 * but formerly didn't normally send requests. 443 */ 444 static int log_arp_wrong_iface = 1; 445 static int log_arp_movements = 1; 446 static int log_arp_permanent_modify = 1; 447 448 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_wrong_iface, CTLFLAG_RW, 449 &log_arp_wrong_iface, 0, 450 "log arp packets arriving on the wrong interface"); 451 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_movements, CTLFLAG_RW, 452 &log_arp_movements, 0, 453 "log arp replies from MACs different than the one in the cache"); 454 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_permanent_modify, CTLFLAG_RW, 455 &log_arp_permanent_modify, 0, 456 "log arp replies from MACs different than the one in the permanent arp entry"); 457 458 459 static void 460 in_arpinput(struct mbuf *m) 461 { 462 struct arphdr *ah; 463 struct ifnet *ifp = m->m_pkthdr.rcvif; 464 struct llentry *la = NULL; 465 struct rtentry *rt; 466 struct ifaddr *ifa; 467 struct in_ifaddr *ia; 468 struct mbuf *hold; 469 struct sockaddr sa; 470 struct in_addr isaddr, itaddr, myaddr; 471 u_int8_t *enaddr = NULL; 472 int op, flags; 473 int req_len; 474 int bridged = 0, is_bridge = 0; 475 #ifdef DEV_CARP 476 int carp_match = 0; 477 #endif 478 struct sockaddr_in sin; 479 sin.sin_len = sizeof(struct sockaddr_in); 480 sin.sin_family = AF_INET; 481 sin.sin_addr.s_addr = 0; 482 483 if (ifp->if_bridge) 484 bridged = 1; 485 if (ifp->if_type == IFT_BRIDGE) 486 is_bridge = 1; 487 488 req_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr)); 489 if (m->m_len < req_len && (m = m_pullup(m, req_len)) == NULL) { 490 log(LOG_ERR, "in_arp: runt packet -- m_pullup failed\n"); 491 return; 492 } 493 494 ah = mtod(m, struct arphdr *); 495 op = ntohs(ah->ar_op); 496 (void)memcpy(&isaddr, ar_spa(ah), sizeof (isaddr)); 497 (void)memcpy(&itaddr, ar_tpa(ah), sizeof (itaddr)); 498 499 /* 500 * For a bridge, we want to check the address irrespective 501 * of the receive interface. (This will change slightly 502 * when we have clusters of interfaces). 503 * If the interface does not match, but the recieving interface 504 * is part of carp, we call carp_iamatch to see if this is a 505 * request for the virtual host ip. 506 * XXX: This is really ugly! 507 */ 508 IN_IFADDR_RLOCK(); 509 LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash) { 510 if (((bridged && ia->ia_ifp->if_bridge != NULL) || 511 ia->ia_ifp == ifp) && 512 itaddr.s_addr == ia->ia_addr.sin_addr.s_addr) { 513 ifa_ref(&ia->ia_ifa); 514 IN_IFADDR_RUNLOCK(); 515 goto match; 516 } 517 #ifdef DEV_CARP 518 if (ifp->if_carp != NULL && 519 carp_iamatch(ifp->if_carp, ia, &isaddr, &enaddr) && 520 itaddr.s_addr == ia->ia_addr.sin_addr.s_addr) { 521 carp_match = 1; 522 ifa_ref(&ia->ia_ifa); 523 IN_IFADDR_RUNLOCK(); 524 goto match; 525 } 526 #endif 527 } 528 LIST_FOREACH(ia, INADDR_HASH(isaddr.s_addr), ia_hash) 529 if (((bridged && ia->ia_ifp->if_bridge != NULL) || 530 ia->ia_ifp == ifp) && 531 isaddr.s_addr == ia->ia_addr.sin_addr.s_addr) { 532 ifa_ref(&ia->ia_ifa); 533 IN_IFADDR_RUNLOCK(); 534 goto match; 535 } 536 537 #define BDG_MEMBER_MATCHES_ARP(addr, ifp, ia) \ 538 (ia->ia_ifp->if_bridge == ifp->if_softc && \ 539 !bcmp(IF_LLADDR(ia->ia_ifp), IF_LLADDR(ifp), ifp->if_addrlen) && \ 540 addr == ia->ia_addr.sin_addr.s_addr) 541 /* 542 * Check the case when bridge shares its MAC address with 543 * some of its children, so packets are claimed by bridge 544 * itself (bridge_input() does it first), but they are really 545 * meant to be destined to the bridge member. 546 */ 547 if (is_bridge) { 548 LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash) { 549 if (BDG_MEMBER_MATCHES_ARP(itaddr.s_addr, ifp, ia)) { 550 ifa_ref(&ia->ia_ifa); 551 ifp = ia->ia_ifp; 552 IN_IFADDR_RUNLOCK(); 553 goto match; 554 } 555 } 556 } 557 #undef BDG_MEMBER_MATCHES_ARP 558 IN_IFADDR_RUNLOCK(); 559 560 /* 561 * No match, use the first inet address on the receive interface 562 * as a dummy address for the rest of the function. 563 */ 564 IF_ADDR_LOCK(ifp); 565 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) 566 if (ifa->ifa_addr->sa_family == AF_INET) { 567 ia = ifatoia(ifa); 568 ifa_ref(ifa); 569 IF_ADDR_UNLOCK(ifp); 570 goto match; 571 } 572 IF_ADDR_UNLOCK(ifp); 573 574 /* 575 * If bridging, fall back to using any inet address. 576 */ 577 IN_IFADDR_RLOCK(); 578 if (!bridged || (ia = TAILQ_FIRST(&V_in_ifaddrhead)) == NULL) { 579 IN_IFADDR_RUNLOCK(); 580 goto drop; 581 } 582 ifa_ref(&ia->ia_ifa); 583 IN_IFADDR_RUNLOCK(); 584 match: 585 if (!enaddr) 586 enaddr = (u_int8_t *)IF_LLADDR(ifp); 587 myaddr = ia->ia_addr.sin_addr; 588 ifa_free(&ia->ia_ifa); 589 if (!bcmp(ar_sha(ah), enaddr, ifp->if_addrlen)) 590 goto drop; /* it's from me, ignore it. */ 591 if (!bcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) { 592 log(LOG_ERR, 593 "arp: link address is broadcast for IP address %s!\n", 594 inet_ntoa(isaddr)); 595 goto drop; 596 } 597 /* 598 * Warn if another host is using the same IP address, but only if the 599 * IP address isn't 0.0.0.0, which is used for DHCP only, in which 600 * case we suppress the warning to avoid false positive complaints of 601 * potential misconfiguration. 602 */ 603 if (!bridged && isaddr.s_addr == myaddr.s_addr && myaddr.s_addr != 0) { 604 log(LOG_ERR, 605 "arp: %*D is using my IP address %s on %s!\n", 606 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 607 inet_ntoa(isaddr), ifp->if_xname); 608 itaddr = myaddr; 609 goto reply; 610 } 611 if (ifp->if_flags & IFF_STATICARP) 612 goto reply; 613 614 bzero(&sin, sizeof(sin)); 615 sin.sin_len = sizeof(struct sockaddr_in); 616 sin.sin_family = AF_INET; 617 sin.sin_addr = isaddr; 618 flags = (itaddr.s_addr == myaddr.s_addr) ? LLE_CREATE : 0; 619 flags |= LLE_EXCLUSIVE; 620 IF_AFDATA_LOCK(ifp); 621 la = lla_lookup(LLTABLE(ifp), flags, (struct sockaddr *)&sin); 622 IF_AFDATA_UNLOCK(ifp); 623 if (la != NULL) { 624 /* the following is not an error when doing bridging */ 625 if (!bridged && la->lle_tbl->llt_ifp != ifp 626 #ifdef DEV_CARP 627 && (ifp->if_type != IFT_CARP || !carp_match) 628 #endif 629 ) { 630 if (log_arp_wrong_iface) 631 log(LOG_ERR, "arp: %s is on %s " 632 "but got reply from %*D on %s\n", 633 inet_ntoa(isaddr), 634 la->lle_tbl->llt_ifp->if_xname, 635 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 636 ifp->if_xname); 637 LLE_WUNLOCK(la); 638 goto reply; 639 } 640 if ((la->la_flags & LLE_VALID) && 641 bcmp(ar_sha(ah), &la->ll_addr, ifp->if_addrlen)) { 642 if (la->la_flags & LLE_STATIC) { 643 LLE_WUNLOCK(la); 644 log(LOG_ERR, 645 "arp: %*D attempts to modify permanent " 646 "entry for %s on %s\n", 647 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 648 inet_ntoa(isaddr), ifp->if_xname); 649 goto reply; 650 } 651 if (log_arp_movements) { 652 log(LOG_INFO, "arp: %s moved from %*D " 653 "to %*D on %s\n", 654 inet_ntoa(isaddr), 655 ifp->if_addrlen, 656 (u_char *)&la->ll_addr, ":", 657 ifp->if_addrlen, (u_char *)ar_sha(ah), ":", 658 ifp->if_xname); 659 } 660 } 661 662 if (ifp->if_addrlen != ah->ar_hln) { 663 LLE_WUNLOCK(la); 664 log(LOG_WARNING, 665 "arp from %*D: addr len: new %d, i/f %d (ignored)", 666 ifp->if_addrlen, (u_char *) ar_sha(ah), ":", 667 ah->ar_hln, ifp->if_addrlen); 668 goto reply; 669 } 670 (void)memcpy(&la->ll_addr, ar_sha(ah), ifp->if_addrlen); 671 la->la_flags |= LLE_VALID; 672 673 if (!(la->la_flags & LLE_STATIC)) { 674 la->la_expire = time_second + V_arpt_keep; 675 callout_reset(&la->la_timer, hz * V_arpt_keep, 676 arptimer, la); 677 } 678 la->la_asked = 0; 679 la->la_preempt = V_arp_maxtries; 680 hold = la->la_hold; 681 if (hold != NULL) { 682 la->la_hold = NULL; 683 memcpy(&sa, L3_ADDR(la), sizeof(sa)); 684 } 685 LLE_WUNLOCK(la); 686 if (hold != NULL) 687 (*ifp->if_output)(ifp, hold, &sa, NULL); 688 } 689 reply: 690 if (op != ARPOP_REQUEST) 691 goto drop; 692 693 if (itaddr.s_addr == myaddr.s_addr) { 694 /* Shortcut.. the receiving interface is the target. */ 695 (void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 696 (void)memcpy(ar_sha(ah), enaddr, ah->ar_hln); 697 } else { 698 struct llentry *lle = NULL; 699 700 sin.sin_addr = itaddr; 701 IF_AFDATA_LOCK(ifp); 702 lle = lla_lookup(LLTABLE(ifp), 0, (struct sockaddr *)&sin); 703 IF_AFDATA_UNLOCK(ifp); 704 705 if ((lle != NULL) && (lle->la_flags & LLE_PUB)) { 706 (void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 707 (void)memcpy(ar_sha(ah), &lle->ll_addr, ah->ar_hln); 708 LLE_RUNLOCK(lle); 709 } else { 710 711 if (lle != NULL) 712 LLE_RUNLOCK(lle); 713 714 if (!V_arp_proxyall) 715 goto drop; 716 717 sin.sin_addr = itaddr; 718 /* XXX MRT use table 0 for arp reply */ 719 rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, 0); 720 if (!rt) 721 goto drop; 722 723 /* 724 * Don't send proxies for nodes on the same interface 725 * as this one came out of, or we'll get into a fight 726 * over who claims what Ether address. 727 */ 728 if (!rt->rt_ifp || rt->rt_ifp == ifp) { 729 RTFREE_LOCKED(rt); 730 goto drop; 731 } 732 RTFREE_LOCKED(rt); 733 734 (void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln); 735 (void)memcpy(ar_sha(ah), enaddr, ah->ar_hln); 736 737 /* 738 * Also check that the node which sent the ARP packet 739 * is on the the interface we expect it to be on. This 740 * avoids ARP chaos if an interface is connected to the 741 * wrong network. 742 */ 743 sin.sin_addr = isaddr; 744 745 /* XXX MRT use table 0 for arp checks */ 746 rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, 0); 747 if (!rt) 748 goto drop; 749 if (rt->rt_ifp != ifp) { 750 log(LOG_INFO, "arp_proxy: ignoring request" 751 " from %s via %s, expecting %s\n", 752 inet_ntoa(isaddr), ifp->if_xname, 753 rt->rt_ifp->if_xname); 754 RTFREE_LOCKED(rt); 755 goto drop; 756 } 757 RTFREE_LOCKED(rt); 758 759 #ifdef DEBUG_PROXY 760 printf("arp: proxying for %s\n", 761 inet_ntoa(itaddr)); 762 #endif 763 } 764 } 765 766 if (itaddr.s_addr == myaddr.s_addr && 767 IN_LINKLOCAL(ntohl(itaddr.s_addr))) { 768 /* RFC 3927 link-local IPv4; always reply by broadcast. */ 769 #ifdef DEBUG_LINKLOCAL 770 printf("arp: sending reply for link-local addr %s\n", 771 inet_ntoa(itaddr)); 772 #endif 773 m->m_flags |= M_BCAST; 774 m->m_flags &= ~M_MCAST; 775 } else { 776 /* default behaviour; never reply by broadcast. */ 777 m->m_flags &= ~(M_BCAST|M_MCAST); 778 } 779 (void)memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln); 780 (void)memcpy(ar_spa(ah), &itaddr, ah->ar_pln); 781 ah->ar_op = htons(ARPOP_REPLY); 782 ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */ 783 m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + (2 * ah->ar_hln); 784 m->m_pkthdr.len = m->m_len; 785 sa.sa_family = AF_ARP; 786 sa.sa_len = 2; 787 (*ifp->if_output)(ifp, m, &sa, NULL); 788 return; 789 790 drop: 791 m_freem(m); 792 } 793 #endif 794 795 void 796 arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa) 797 { 798 struct llentry *lle; 799 800 if (ntohl(IA_SIN(ifa)->sin_addr.s_addr) != INADDR_ANY) { 801 arprequest(ifp, &IA_SIN(ifa)->sin_addr, 802 &IA_SIN(ifa)->sin_addr, IF_LLADDR(ifp)); 803 /* 804 * interface address is considered static entry 805 * because the output of the arp utility shows 806 * that L2 entry as permanent 807 */ 808 IF_AFDATA_LOCK(ifp); 809 lle = lla_lookup(LLTABLE(ifp), (LLE_CREATE | LLE_IFADDR | LLE_STATIC), 810 (struct sockaddr *)IA_SIN(ifa)); 811 IF_AFDATA_UNLOCK(ifp); 812 if (lle == NULL) 813 log(LOG_INFO, "arp_ifinit: cannot create arp " 814 "entry for interface address\n"); 815 else 816 LLE_RUNLOCK(lle); 817 } 818 ifa->ifa_rtrequest = NULL; 819 } 820 821 void 822 arp_ifinit2(struct ifnet *ifp, struct ifaddr *ifa, u_char *enaddr) 823 { 824 if (ntohl(IA_SIN(ifa)->sin_addr.s_addr) != INADDR_ANY) 825 arprequest(ifp, &IA_SIN(ifa)->sin_addr, 826 &IA_SIN(ifa)->sin_addr, enaddr); 827 ifa->ifa_rtrequest = NULL; 828 } 829 830 static void 831 arp_init(void) 832 { 833 834 netisr_register(&arp_nh); 835 } 836 SYSINIT(arp, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, arp_init, 0);
Cache object: 75b8f9dce087db2941d7689d13f3b5fc
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]