1 /*-
2 * Copyright (c) 1982, 1986, 1988, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 4. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * @(#)if_ether.c 8.1 (Berkeley) 6/10/93
30 */
31
32 /*
33 * Ethernet address resolution protocol.
34 * TODO:
35 * add "inuse/lock" bit (or ref. count) along with valid bit
36 */
37
38 #include <sys/cdefs.h>
39 __FBSDID("$FreeBSD: releng/8.0/sys/netinet/if_ether.c 198308 2009-10-20 21:36:56Z qingli $");
40
41 #include "opt_inet.h"
42 #include "opt_carp.h"
43
44 #include <sys/param.h>
45 #include <sys/kernel.h>
46 #include <sys/queue.h>
47 #include <sys/sysctl.h>
48 #include <sys/systm.h>
49 #include <sys/mbuf.h>
50 #include <sys/malloc.h>
51 #include <sys/proc.h>
52 #include <sys/socket.h>
53 #include <sys/syslog.h>
54
55 #include <net/if.h>
56 #include <net/if_dl.h>
57 #include <net/if_types.h>
58 #include <net/netisr.h>
59 #include <net/if_llc.h>
60 #include <net/ethernet.h>
61 #include <net/route.h>
62 #include <net/vnet.h>
63
64 #include <netinet/in.h>
65 #include <netinet/in_var.h>
66 #include <net/if_llatbl.h>
67 #include <netinet/if_ether.h>
68
69 #include <net/if_arc.h>
70 #include <net/iso88025.h>
71
72 #ifdef DEV_CARP
73 #include <netinet/ip_carp.h>
74 #endif
75
76 #include <security/mac/mac_framework.h>
77
78 #define SIN(s) ((struct sockaddr_in *)s)
79 #define SDL(s) ((struct sockaddr_dl *)s)
80
81 SYSCTL_DECL(_net_link_ether);
82 SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW, 0, "");
83
84 VNET_DEFINE(int, useloopback) = 1; /* use loopback interface for
85 * local traffic */
86
87 /* timer values */
88 static VNET_DEFINE(int, arpt_keep) = (20*60); /* once resolved, good for 20
89 * minutes */
90 static VNET_DEFINE(int, arpt_down) = 20; /* keep incomplete entries for
91 * 20 seconds */
92 static VNET_DEFINE(int, arp_maxtries) = 5;
93 static VNET_DEFINE(int, arp_proxyall);
94
95 #define V_arpt_keep VNET(arpt_keep)
96 #define V_arpt_down VNET(arpt_down)
97 #define V_arp_maxtries VNET(arp_maxtries)
98 #define V_arp_proxyall VNET(arp_proxyall)
99
100 SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_RW,
101 &VNET_NAME(arpt_keep), 0,
102 "ARP entry lifetime in seconds");
103
104 SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW,
105 &VNET_NAME(arp_maxtries), 0,
106 "ARP resolution attempts before returning error");
107 SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, useloopback, CTLFLAG_RW,
108 &VNET_NAME(useloopback), 0,
109 "Use the loopback interface for local traffic");
110 SYSCTL_VNET_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW,
111 &VNET_NAME(arp_proxyall), 0,
112 "Enable proxy ARP for all suitable requests");
113
114 static void arp_init(void);
115 void arprequest(struct ifnet *,
116 struct in_addr *, struct in_addr *, u_char *);
117 static void arpintr(struct mbuf *);
118 static void arptimer(void *);
119 #ifdef INET
120 static void in_arpinput(struct mbuf *);
121 #endif
122
123 static const struct netisr_handler arp_nh = {
124 .nh_name = "arp",
125 .nh_handler = arpintr,
126 .nh_proto = NETISR_ARP,
127 .nh_policy = NETISR_POLICY_SOURCE,
128 };
129
130 #ifdef AF_INET
131 void arp_ifscrub(struct ifnet *ifp, uint32_t addr);
132
133 /*
134 * called by in_ifscrub to remove entry from the table when
135 * the interface goes away
136 */
137 void
138 arp_ifscrub(struct ifnet *ifp, uint32_t addr)
139 {
140 struct sockaddr_in addr4;
141
142 bzero((void *)&addr4, sizeof(addr4));
143 addr4.sin_len = sizeof(addr4);
144 addr4.sin_family = AF_INET;
145 addr4.sin_addr.s_addr = addr;
146 CURVNET_SET(ifp->if_vnet);
147 IF_AFDATA_LOCK(ifp);
148 lla_lookup(LLTABLE(ifp), (LLE_DELETE | LLE_IFADDR),
149 (struct sockaddr *)&addr4);
150 IF_AFDATA_UNLOCK(ifp);
151 CURVNET_RESTORE();
152 }
153 #endif
154
155 /*
156 * Timeout routine. Age arp_tab entries periodically.
157 */
158 static void
159 arptimer(void *arg)
160 {
161 struct ifnet *ifp;
162 struct llentry *lle = (struct llentry *)arg;
163
164 if (lle == NULL) {
165 panic("%s: NULL entry!\n", __func__);
166 return;
167 }
168 ifp = lle->lle_tbl->llt_ifp;
169 IF_AFDATA_LOCK(ifp);
170 LLE_WLOCK(lle);
171 if ((!callout_pending(&lle->la_timer) &&
172 callout_active(&lle->la_timer))) {
173 (void) llentry_free(lle);
174 }
175 #ifdef DIAGNOSTICS
176 else {
177 struct sockaddr *l3addr = L3_ADDR(lle);
178 log(LOG_INFO, "arptimer issue: %p, IPv4 address: \"%s\"\n", lle,
179 inet_ntoa(((const struct sockaddr_in *)l3addr)->sin_addr));
180 }
181 #endif
182 IF_AFDATA_UNLOCK(ifp);
183 }
184
185 /*
186 * Broadcast an ARP request. Caller specifies:
187 * - arp header source ip address
188 * - arp header target ip address
189 * - arp header source ethernet address
190 */
191 void
192 arprequest(struct ifnet *ifp, struct in_addr *sip, struct in_addr *tip,
193 u_char *enaddr)
194 {
195 struct mbuf *m;
196 struct arphdr *ah;
197 struct sockaddr sa;
198
199 if (sip == NULL) {
200 /* XXX don't believe this can happen (or explain why) */
201 /*
202 * The caller did not supply a source address, try to find
203 * a compatible one among those assigned to this interface.
204 */
205 struct ifaddr *ifa;
206
207 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
208 if (!ifa->ifa_addr ||
209 ifa->ifa_addr->sa_family != AF_INET)
210 continue;
211 sip = &SIN(ifa->ifa_addr)->sin_addr;
212 if (0 == ((sip->s_addr ^ tip->s_addr) &
213 SIN(ifa->ifa_netmask)->sin_addr.s_addr) )
214 break; /* found it. */
215 }
216 if (sip == NULL) {
217 printf("%s: cannot find matching address\n", __func__);
218 return;
219 }
220 }
221
222 if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL)
223 return;
224 m->m_len = sizeof(*ah) + 2*sizeof(struct in_addr) +
225 2*ifp->if_data.ifi_addrlen;
226 m->m_pkthdr.len = m->m_len;
227 MH_ALIGN(m, m->m_len);
228 ah = mtod(m, struct arphdr *);
229 bzero((caddr_t)ah, m->m_len);
230 #ifdef MAC
231 mac_netinet_arp_send(ifp, m);
232 #endif
233 ah->ar_pro = htons(ETHERTYPE_IP);
234 ah->ar_hln = ifp->if_addrlen; /* hardware address length */
235 ah->ar_pln = sizeof(struct in_addr); /* protocol address length */
236 ah->ar_op = htons(ARPOP_REQUEST);
237 bcopy((caddr_t)enaddr, (caddr_t)ar_sha(ah), ah->ar_hln);
238 bcopy((caddr_t)sip, (caddr_t)ar_spa(ah), ah->ar_pln);
239 bcopy((caddr_t)tip, (caddr_t)ar_tpa(ah), ah->ar_pln);
240 sa.sa_family = AF_ARP;
241 sa.sa_len = 2;
242 m->m_flags |= M_BCAST;
243 (*ifp->if_output)(ifp, m, &sa, NULL);
244 }
245
246 /*
247 * Resolve an IP address into an ethernet address.
248 * On input:
249 * ifp is the interface we use
250 * rt0 is the route to the final destination (possibly useless)
251 * m is the mbuf. May be NULL if we don't have a packet.
252 * dst is the next hop,
253 * desten is where we want the address.
254 *
255 * On success, desten is filled in and the function returns 0;
256 * If the packet must be held pending resolution, we return EWOULDBLOCK
257 * On other errors, we return the corresponding error code.
258 * Note that m_freem() handles NULL.
259 */
260 int
261 arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m,
262 struct sockaddr *dst, u_char *desten, struct llentry **lle)
263 {
264 struct llentry *la = 0;
265 u_int flags = 0;
266 int error, renew;
267
268 *lle = NULL;
269 if (m != NULL) {
270 if (m->m_flags & M_BCAST) {
271 /* broadcast */
272 (void)memcpy(desten,
273 ifp->if_broadcastaddr, ifp->if_addrlen);
274 return (0);
275 }
276 if (m->m_flags & M_MCAST && ifp->if_type != IFT_ARCNET) {
277 /* multicast */
278 ETHER_MAP_IP_MULTICAST(&SIN(dst)->sin_addr, desten);
279 return (0);
280 }
281 }
282 /* XXXXX
283 */
284 retry:
285 IF_AFDATA_RLOCK(ifp);
286 la = lla_lookup(LLTABLE(ifp), flags, dst);
287 IF_AFDATA_RUNLOCK(ifp);
288 if ((la == NULL) && ((flags & LLE_EXCLUSIVE) == 0)
289 && ((ifp->if_flags & (IFF_NOARP | IFF_STATICARP)) == 0)) {
290 flags |= (LLE_CREATE | LLE_EXCLUSIVE);
291 IF_AFDATA_WLOCK(ifp);
292 la = lla_lookup(LLTABLE(ifp), flags, dst);
293 IF_AFDATA_WUNLOCK(ifp);
294 }
295 if (la == NULL) {
296 if (flags & LLE_CREATE)
297 log(LOG_DEBUG,
298 "arpresolve: can't allocate llinfo for %s\n",
299 inet_ntoa(SIN(dst)->sin_addr));
300 m_freem(m);
301 return (EINVAL);
302 }
303
304 if ((la->la_flags & LLE_VALID) &&
305 ((la->la_flags & LLE_STATIC) || la->la_expire > time_second)) {
306 bcopy(&la->ll_addr, desten, ifp->if_addrlen);
307 /*
308 * If entry has an expiry time and it is approaching,
309 * see if we need to send an ARP request within this
310 * arpt_down interval.
311 */
312 if (!(la->la_flags & LLE_STATIC) &&
313 time_second + la->la_preempt > la->la_expire) {
314 arprequest(ifp, NULL,
315 &SIN(dst)->sin_addr, IF_LLADDR(ifp));
316
317 la->la_preempt--;
318 }
319
320 *lle = la;
321 error = 0;
322 goto done;
323 }
324
325 if (la->la_flags & LLE_STATIC) { /* should not happen! */
326 log(LOG_DEBUG, "arpresolve: ouch, empty static llinfo for %s\n",
327 inet_ntoa(SIN(dst)->sin_addr));
328 m_freem(m);
329 error = EINVAL;
330 goto done;
331 }
332
333 renew = (la->la_asked == 0 || la->la_expire != time_second);
334 if ((renew || m != NULL) && (flags & LLE_EXCLUSIVE) == 0) {
335 flags |= LLE_EXCLUSIVE;
336 LLE_RUNLOCK(la);
337 goto retry;
338 }
339 /*
340 * There is an arptab entry, but no ethernet address
341 * response yet. Replace the held mbuf with this
342 * latest one.
343 */
344 if (m != NULL) {
345 if (la->la_hold != NULL)
346 m_freem(la->la_hold);
347 la->la_hold = m;
348 if (renew == 0 && (flags & LLE_EXCLUSIVE)) {
349 flags &= ~LLE_EXCLUSIVE;
350 LLE_DOWNGRADE(la);
351 }
352
353 }
354 /*
355 * Return EWOULDBLOCK if we have tried less than arp_maxtries. It
356 * will be masked by ether_output(). Return EHOSTDOWN/EHOSTUNREACH
357 * if we have already sent arp_maxtries ARP requests. Retransmit the
358 * ARP request, but not faster than one request per second.
359 */
360 if (la->la_asked < V_arp_maxtries)
361 error = EWOULDBLOCK; /* First request. */
362 else
363 error =
364 (rt0->rt_flags & RTF_GATEWAY) ? EHOSTUNREACH : EHOSTDOWN;
365
366 if (renew) {
367 LLE_ADDREF(la);
368 la->la_expire = time_second + V_arpt_down;
369 callout_reset(&la->la_timer, hz * V_arpt_down, arptimer, la);
370 la->la_asked++;
371 LLE_WUNLOCK(la);
372 arprequest(ifp, NULL, &SIN(dst)->sin_addr,
373 IF_LLADDR(ifp));
374 return (error);
375 }
376 done:
377 if (flags & LLE_EXCLUSIVE)
378 LLE_WUNLOCK(la);
379 else
380 LLE_RUNLOCK(la);
381 return (error);
382 }
383
384 /*
385 * Common length and type checks are done here,
386 * then the protocol-specific routine is called.
387 */
388 static void
389 arpintr(struct mbuf *m)
390 {
391 struct arphdr *ar;
392
393 if (m->m_len < sizeof(struct arphdr) &&
394 ((m = m_pullup(m, sizeof(struct arphdr))) == NULL)) {
395 log(LOG_ERR, "arp: runt packet -- m_pullup failed\n");
396 return;
397 }
398 ar = mtod(m, struct arphdr *);
399
400 if (ntohs(ar->ar_hrd) != ARPHRD_ETHER &&
401 ntohs(ar->ar_hrd) != ARPHRD_IEEE802 &&
402 ntohs(ar->ar_hrd) != ARPHRD_ARCNET &&
403 ntohs(ar->ar_hrd) != ARPHRD_IEEE1394) {
404 log(LOG_ERR, "arp: unknown hardware address format (0x%2D)\n",
405 (unsigned char *)&ar->ar_hrd, "");
406 m_freem(m);
407 return;
408 }
409
410 if (m->m_len < arphdr_len(ar)) {
411 if ((m = m_pullup(m, arphdr_len(ar))) == NULL) {
412 log(LOG_ERR, "arp: runt packet\n");
413 m_freem(m);
414 return;
415 }
416 ar = mtod(m, struct arphdr *);
417 }
418
419 switch (ntohs(ar->ar_pro)) {
420 #ifdef INET
421 case ETHERTYPE_IP:
422 in_arpinput(m);
423 return;
424 #endif
425 }
426 m_freem(m);
427 }
428
429 #ifdef INET
430 /*
431 * ARP for Internet protocols on 10 Mb/s Ethernet.
432 * Algorithm is that given in RFC 826.
433 * In addition, a sanity check is performed on the sender
434 * protocol address, to catch impersonators.
435 * We no longer handle negotiations for use of trailer protocol:
436 * Formerly, ARP replied for protocol type ETHERTYPE_TRAIL sent
437 * along with IP replies if we wanted trailers sent to us,
438 * and also sent them in response to IP replies.
439 * This allowed either end to announce the desire to receive
440 * trailer packets.
441 * We no longer reply to requests for ETHERTYPE_TRAIL protocol either,
442 * but formerly didn't normally send requests.
443 */
444 static int log_arp_wrong_iface = 1;
445 static int log_arp_movements = 1;
446 static int log_arp_permanent_modify = 1;
447
448 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_wrong_iface, CTLFLAG_RW,
449 &log_arp_wrong_iface, 0,
450 "log arp packets arriving on the wrong interface");
451 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_movements, CTLFLAG_RW,
452 &log_arp_movements, 0,
453 "log arp replies from MACs different than the one in the cache");
454 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_permanent_modify, CTLFLAG_RW,
455 &log_arp_permanent_modify, 0,
456 "log arp replies from MACs different than the one in the permanent arp entry");
457
458
459 static void
460 in_arpinput(struct mbuf *m)
461 {
462 struct arphdr *ah;
463 struct ifnet *ifp = m->m_pkthdr.rcvif;
464 struct llentry *la = NULL;
465 struct rtentry *rt;
466 struct ifaddr *ifa;
467 struct in_ifaddr *ia;
468 struct mbuf *hold;
469 struct sockaddr sa;
470 struct in_addr isaddr, itaddr, myaddr;
471 u_int8_t *enaddr = NULL;
472 int op, flags;
473 int req_len;
474 int bridged = 0, is_bridge = 0;
475 #ifdef DEV_CARP
476 int carp_match = 0;
477 #endif
478 struct sockaddr_in sin;
479 sin.sin_len = sizeof(struct sockaddr_in);
480 sin.sin_family = AF_INET;
481 sin.sin_addr.s_addr = 0;
482
483 if (ifp->if_bridge)
484 bridged = 1;
485 if (ifp->if_type == IFT_BRIDGE)
486 is_bridge = 1;
487
488 req_len = arphdr_len2(ifp->if_addrlen, sizeof(struct in_addr));
489 if (m->m_len < req_len && (m = m_pullup(m, req_len)) == NULL) {
490 log(LOG_ERR, "in_arp: runt packet -- m_pullup failed\n");
491 return;
492 }
493
494 ah = mtod(m, struct arphdr *);
495 op = ntohs(ah->ar_op);
496 (void)memcpy(&isaddr, ar_spa(ah), sizeof (isaddr));
497 (void)memcpy(&itaddr, ar_tpa(ah), sizeof (itaddr));
498
499 /*
500 * For a bridge, we want to check the address irrespective
501 * of the receive interface. (This will change slightly
502 * when we have clusters of interfaces).
503 * If the interface does not match, but the recieving interface
504 * is part of carp, we call carp_iamatch to see if this is a
505 * request for the virtual host ip.
506 * XXX: This is really ugly!
507 */
508 IN_IFADDR_RLOCK();
509 LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash) {
510 if (((bridged && ia->ia_ifp->if_bridge != NULL) ||
511 ia->ia_ifp == ifp) &&
512 itaddr.s_addr == ia->ia_addr.sin_addr.s_addr) {
513 ifa_ref(&ia->ia_ifa);
514 IN_IFADDR_RUNLOCK();
515 goto match;
516 }
517 #ifdef DEV_CARP
518 if (ifp->if_carp != NULL &&
519 carp_iamatch(ifp->if_carp, ia, &isaddr, &enaddr) &&
520 itaddr.s_addr == ia->ia_addr.sin_addr.s_addr) {
521 carp_match = 1;
522 ifa_ref(&ia->ia_ifa);
523 IN_IFADDR_RUNLOCK();
524 goto match;
525 }
526 #endif
527 }
528 LIST_FOREACH(ia, INADDR_HASH(isaddr.s_addr), ia_hash)
529 if (((bridged && ia->ia_ifp->if_bridge != NULL) ||
530 ia->ia_ifp == ifp) &&
531 isaddr.s_addr == ia->ia_addr.sin_addr.s_addr) {
532 ifa_ref(&ia->ia_ifa);
533 IN_IFADDR_RUNLOCK();
534 goto match;
535 }
536
537 #define BDG_MEMBER_MATCHES_ARP(addr, ifp, ia) \
538 (ia->ia_ifp->if_bridge == ifp->if_softc && \
539 !bcmp(IF_LLADDR(ia->ia_ifp), IF_LLADDR(ifp), ifp->if_addrlen) && \
540 addr == ia->ia_addr.sin_addr.s_addr)
541 /*
542 * Check the case when bridge shares its MAC address with
543 * some of its children, so packets are claimed by bridge
544 * itself (bridge_input() does it first), but they are really
545 * meant to be destined to the bridge member.
546 */
547 if (is_bridge) {
548 LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash) {
549 if (BDG_MEMBER_MATCHES_ARP(itaddr.s_addr, ifp, ia)) {
550 ifa_ref(&ia->ia_ifa);
551 ifp = ia->ia_ifp;
552 IN_IFADDR_RUNLOCK();
553 goto match;
554 }
555 }
556 }
557 #undef BDG_MEMBER_MATCHES_ARP
558 IN_IFADDR_RUNLOCK();
559
560 /*
561 * No match, use the first inet address on the receive interface
562 * as a dummy address for the rest of the function.
563 */
564 IF_ADDR_LOCK(ifp);
565 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link)
566 if (ifa->ifa_addr->sa_family == AF_INET) {
567 ia = ifatoia(ifa);
568 ifa_ref(ifa);
569 IF_ADDR_UNLOCK(ifp);
570 goto match;
571 }
572 IF_ADDR_UNLOCK(ifp);
573
574 /*
575 * If bridging, fall back to using any inet address.
576 */
577 IN_IFADDR_RLOCK();
578 if (!bridged || (ia = TAILQ_FIRST(&V_in_ifaddrhead)) == NULL) {
579 IN_IFADDR_RUNLOCK();
580 goto drop;
581 }
582 ifa_ref(&ia->ia_ifa);
583 IN_IFADDR_RUNLOCK();
584 match:
585 if (!enaddr)
586 enaddr = (u_int8_t *)IF_LLADDR(ifp);
587 myaddr = ia->ia_addr.sin_addr;
588 ifa_free(&ia->ia_ifa);
589 if (!bcmp(ar_sha(ah), enaddr, ifp->if_addrlen))
590 goto drop; /* it's from me, ignore it. */
591 if (!bcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) {
592 log(LOG_ERR,
593 "arp: link address is broadcast for IP address %s!\n",
594 inet_ntoa(isaddr));
595 goto drop;
596 }
597 /*
598 * Warn if another host is using the same IP address, but only if the
599 * IP address isn't 0.0.0.0, which is used for DHCP only, in which
600 * case we suppress the warning to avoid false positive complaints of
601 * potential misconfiguration.
602 */
603 if (!bridged && isaddr.s_addr == myaddr.s_addr && myaddr.s_addr != 0) {
604 log(LOG_ERR,
605 "arp: %*D is using my IP address %s on %s!\n",
606 ifp->if_addrlen, (u_char *)ar_sha(ah), ":",
607 inet_ntoa(isaddr), ifp->if_xname);
608 itaddr = myaddr;
609 goto reply;
610 }
611 if (ifp->if_flags & IFF_STATICARP)
612 goto reply;
613
614 bzero(&sin, sizeof(sin));
615 sin.sin_len = sizeof(struct sockaddr_in);
616 sin.sin_family = AF_INET;
617 sin.sin_addr = isaddr;
618 flags = (itaddr.s_addr == myaddr.s_addr) ? LLE_CREATE : 0;
619 flags |= LLE_EXCLUSIVE;
620 IF_AFDATA_LOCK(ifp);
621 la = lla_lookup(LLTABLE(ifp), flags, (struct sockaddr *)&sin);
622 IF_AFDATA_UNLOCK(ifp);
623 if (la != NULL) {
624 /* the following is not an error when doing bridging */
625 if (!bridged && la->lle_tbl->llt_ifp != ifp
626 #ifdef DEV_CARP
627 && (ifp->if_type != IFT_CARP || !carp_match)
628 #endif
629 ) {
630 if (log_arp_wrong_iface)
631 log(LOG_ERR, "arp: %s is on %s "
632 "but got reply from %*D on %s\n",
633 inet_ntoa(isaddr),
634 la->lle_tbl->llt_ifp->if_xname,
635 ifp->if_addrlen, (u_char *)ar_sha(ah), ":",
636 ifp->if_xname);
637 LLE_WUNLOCK(la);
638 goto reply;
639 }
640 if ((la->la_flags & LLE_VALID) &&
641 bcmp(ar_sha(ah), &la->ll_addr, ifp->if_addrlen)) {
642 if (la->la_flags & LLE_STATIC) {
643 LLE_WUNLOCK(la);
644 log(LOG_ERR,
645 "arp: %*D attempts to modify permanent "
646 "entry for %s on %s\n",
647 ifp->if_addrlen, (u_char *)ar_sha(ah), ":",
648 inet_ntoa(isaddr), ifp->if_xname);
649 goto reply;
650 }
651 if (log_arp_movements) {
652 log(LOG_INFO, "arp: %s moved from %*D "
653 "to %*D on %s\n",
654 inet_ntoa(isaddr),
655 ifp->if_addrlen,
656 (u_char *)&la->ll_addr, ":",
657 ifp->if_addrlen, (u_char *)ar_sha(ah), ":",
658 ifp->if_xname);
659 }
660 }
661
662 if (ifp->if_addrlen != ah->ar_hln) {
663 LLE_WUNLOCK(la);
664 log(LOG_WARNING,
665 "arp from %*D: addr len: new %d, i/f %d (ignored)",
666 ifp->if_addrlen, (u_char *) ar_sha(ah), ":",
667 ah->ar_hln, ifp->if_addrlen);
668 goto reply;
669 }
670 (void)memcpy(&la->ll_addr, ar_sha(ah), ifp->if_addrlen);
671 la->la_flags |= LLE_VALID;
672
673 if (!(la->la_flags & LLE_STATIC)) {
674 la->la_expire = time_second + V_arpt_keep;
675 callout_reset(&la->la_timer, hz * V_arpt_keep,
676 arptimer, la);
677 }
678 la->la_asked = 0;
679 la->la_preempt = V_arp_maxtries;
680 hold = la->la_hold;
681 if (hold != NULL) {
682 la->la_hold = NULL;
683 memcpy(&sa, L3_ADDR(la), sizeof(sa));
684 }
685 LLE_WUNLOCK(la);
686 if (hold != NULL)
687 (*ifp->if_output)(ifp, hold, &sa, NULL);
688 }
689 reply:
690 if (op != ARPOP_REQUEST)
691 goto drop;
692
693 if (itaddr.s_addr == myaddr.s_addr) {
694 /* Shortcut.. the receiving interface is the target. */
695 (void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln);
696 (void)memcpy(ar_sha(ah), enaddr, ah->ar_hln);
697 } else {
698 struct llentry *lle = NULL;
699
700 sin.sin_addr = itaddr;
701 IF_AFDATA_LOCK(ifp);
702 lle = lla_lookup(LLTABLE(ifp), 0, (struct sockaddr *)&sin);
703 IF_AFDATA_UNLOCK(ifp);
704
705 if ((lle != NULL) && (lle->la_flags & LLE_PUB)) {
706 (void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln);
707 (void)memcpy(ar_sha(ah), &lle->ll_addr, ah->ar_hln);
708 LLE_RUNLOCK(lle);
709 } else {
710
711 if (lle != NULL)
712 LLE_RUNLOCK(lle);
713
714 if (!V_arp_proxyall)
715 goto drop;
716
717 sin.sin_addr = itaddr;
718 /* XXX MRT use table 0 for arp reply */
719 rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, 0);
720 if (!rt)
721 goto drop;
722
723 /*
724 * Don't send proxies for nodes on the same interface
725 * as this one came out of, or we'll get into a fight
726 * over who claims what Ether address.
727 */
728 if (!rt->rt_ifp || rt->rt_ifp == ifp) {
729 RTFREE_LOCKED(rt);
730 goto drop;
731 }
732 RTFREE_LOCKED(rt);
733
734 (void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln);
735 (void)memcpy(ar_sha(ah), enaddr, ah->ar_hln);
736
737 /*
738 * Also check that the node which sent the ARP packet
739 * is on the the interface we expect it to be on. This
740 * avoids ARP chaos if an interface is connected to the
741 * wrong network.
742 */
743 sin.sin_addr = isaddr;
744
745 /* XXX MRT use table 0 for arp checks */
746 rt = in_rtalloc1((struct sockaddr *)&sin, 0, 0UL, 0);
747 if (!rt)
748 goto drop;
749 if (rt->rt_ifp != ifp) {
750 log(LOG_INFO, "arp_proxy: ignoring request"
751 " from %s via %s, expecting %s\n",
752 inet_ntoa(isaddr), ifp->if_xname,
753 rt->rt_ifp->if_xname);
754 RTFREE_LOCKED(rt);
755 goto drop;
756 }
757 RTFREE_LOCKED(rt);
758
759 #ifdef DEBUG_PROXY
760 printf("arp: proxying for %s\n",
761 inet_ntoa(itaddr));
762 #endif
763 }
764 }
765
766 if (itaddr.s_addr == myaddr.s_addr &&
767 IN_LINKLOCAL(ntohl(itaddr.s_addr))) {
768 /* RFC 3927 link-local IPv4; always reply by broadcast. */
769 #ifdef DEBUG_LINKLOCAL
770 printf("arp: sending reply for link-local addr %s\n",
771 inet_ntoa(itaddr));
772 #endif
773 m->m_flags |= M_BCAST;
774 m->m_flags &= ~M_MCAST;
775 } else {
776 /* default behaviour; never reply by broadcast. */
777 m->m_flags &= ~(M_BCAST|M_MCAST);
778 }
779 (void)memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln);
780 (void)memcpy(ar_spa(ah), &itaddr, ah->ar_pln);
781 ah->ar_op = htons(ARPOP_REPLY);
782 ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */
783 m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + (2 * ah->ar_hln);
784 m->m_pkthdr.len = m->m_len;
785 sa.sa_family = AF_ARP;
786 sa.sa_len = 2;
787 (*ifp->if_output)(ifp, m, &sa, NULL);
788 return;
789
790 drop:
791 m_freem(m);
792 }
793 #endif
794
795 void
796 arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa)
797 {
798 struct llentry *lle;
799
800 if (ntohl(IA_SIN(ifa)->sin_addr.s_addr) != INADDR_ANY) {
801 arprequest(ifp, &IA_SIN(ifa)->sin_addr,
802 &IA_SIN(ifa)->sin_addr, IF_LLADDR(ifp));
803 /*
804 * interface address is considered static entry
805 * because the output of the arp utility shows
806 * that L2 entry as permanent
807 */
808 IF_AFDATA_LOCK(ifp);
809 lle = lla_lookup(LLTABLE(ifp), (LLE_CREATE | LLE_IFADDR | LLE_STATIC),
810 (struct sockaddr *)IA_SIN(ifa));
811 IF_AFDATA_UNLOCK(ifp);
812 if (lle == NULL)
813 log(LOG_INFO, "arp_ifinit: cannot create arp "
814 "entry for interface address\n");
815 else
816 LLE_RUNLOCK(lle);
817 }
818 ifa->ifa_rtrequest = NULL;
819 }
820
821 void
822 arp_ifinit2(struct ifnet *ifp, struct ifaddr *ifa, u_char *enaddr)
823 {
824 if (ntohl(IA_SIN(ifa)->sin_addr.s_addr) != INADDR_ANY)
825 arprequest(ifp, &IA_SIN(ifa)->sin_addr,
826 &IA_SIN(ifa)->sin_addr, enaddr);
827 ifa->ifa_rtrequest = NULL;
828 }
829
830 static void
831 arp_init(void)
832 {
833
834 netisr_register(&arp_nh);
835 }
836 SYSINIT(arp, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, arp_init, 0);
Cache object: 75b8f9dce087db2941d7689d13f3b5fc
|