FreeBSD/Linux Kernel Cross Reference
sys/netinet6/nd6.c
1 /* $NetBSD: nd6.c,v 1.91.10.1 2005/04/07 17:06:56 jmc Exp $ */
2 /* $KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $ */
3
4 /*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 #include <sys/cdefs.h>
34 __KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.91.10.1 2005/04/07 17:06:56 jmc Exp $");
35
36 #include "opt_ipsec.h"
37
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/callout.h>
41 #include <sys/malloc.h>
42 #include <sys/mbuf.h>
43 #include <sys/socket.h>
44 #include <sys/sockio.h>
45 #include <sys/time.h>
46 #include <sys/kernel.h>
47 #include <sys/protosw.h>
48 #include <sys/errno.h>
49 #include <sys/ioctl.h>
50 #include <sys/syslog.h>
51 #include <sys/queue.h>
52
53 #include <net/if.h>
54 #include <net/if_dl.h>
55 #include <net/if_types.h>
56 #include <net/route.h>
57 #include <net/if_ether.h>
58 #include <net/if_fddi.h>
59 #include <net/if_arc.h>
60
61 #include <netinet/in.h>
62 #include <netinet6/in6_var.h>
63 #include <netinet/ip6.h>
64 #include <netinet6/ip6_var.h>
65 #include <netinet6/nd6.h>
66 #include <netinet/icmp6.h>
67
68 #ifdef IPSEC
69 #include <netinet6/ipsec.h>
70 #endif
71
72 #include <net/net_osdep.h>
73
74 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */
75 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */
76
77 #define SIN6(s) ((struct sockaddr_in6 *)s)
78 #define SDL(s) ((struct sockaddr_dl *)s)
79
80 /* timer values */
81 int nd6_prune = 1; /* walk list every 1 seconds */
82 int nd6_delay = 5; /* delay first probe time 5 second */
83 int nd6_umaxtries = 3; /* maximum unicast query */
84 int nd6_mmaxtries = 3; /* maximum multicast query */
85 int nd6_useloopback = 1; /* use loopback interface for local traffic */
86 int nd6_gctimer = (60 * 60 * 24); /* 1 day: garbage collection timer */
87
88 /* preventing too many loops in ND option parsing */
89 int nd6_maxndopt = 10; /* max # of ND options allowed */
90
91 int nd6_maxnudhint = 0; /* max # of subsequent upper layer hints */
92
93 #ifdef ND6_DEBUG
94 int nd6_debug = 1;
95 #else
96 int nd6_debug = 0;
97 #endif
98
99 /* for debugging? */
100 static int nd6_inuse, nd6_allocated;
101
102 struct llinfo_nd6 llinfo_nd6 = {&llinfo_nd6, &llinfo_nd6};
103 struct nd_drhead nd_defrouter;
104 struct nd_prhead nd_prefix = { 0 };
105
106 int nd6_recalc_reachtm_interval = ND6_RECALC_REACHTM_INTERVAL;
107 static struct sockaddr_in6 all1_sa;
108
109 static void nd6_setmtu0 __P((struct ifnet *, struct nd_ifinfo *));
110 static void nd6_slowtimo __P((void *));
111 static struct llinfo_nd6 *nd6_free __P((struct rtentry *, int));
112 static void nd6_llinfo_timer __P((void *));
113
114 struct callout nd6_slowtimo_ch = CALLOUT_INITIALIZER;
115 struct callout nd6_timer_ch = CALLOUT_INITIALIZER;
116
117 static int fill_drlist __P((void *, size_t *, size_t));
118 static int fill_prlist __P((void *, size_t *, size_t));
119
120 MALLOC_DEFINE(M_IP6NDP, "NDP", "IPv6 Neighbour Discovery");
121
122 void
123 nd6_init()
124 {
125 static int nd6_init_done = 0;
126 int i;
127
128 if (nd6_init_done) {
129 log(LOG_NOTICE, "nd6_init called more than once(ignored)\n");
130 return;
131 }
132
133 all1_sa.sin6_family = AF_INET6;
134 all1_sa.sin6_len = sizeof(struct sockaddr_in6);
135 for (i = 0; i < sizeof(all1_sa.sin6_addr); i++)
136 all1_sa.sin6_addr.s6_addr[i] = 0xff;
137
138 /* initialization of the default router list */
139 TAILQ_INIT(&nd_defrouter);
140
141 nd6_init_done = 1;
142
143 /* start timer */
144 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz,
145 nd6_slowtimo, NULL);
146 }
147
148 struct nd_ifinfo *
149 nd6_ifattach(ifp)
150 struct ifnet *ifp;
151 {
152 struct nd_ifinfo *nd;
153
154 nd = (struct nd_ifinfo *)malloc(sizeof(*nd), M_IP6NDP, M_WAITOK);
155 bzero(nd, sizeof(*nd));
156
157 nd->initialized = 1;
158
159 nd->chlim = IPV6_DEFHLIM;
160 nd->basereachable = REACHABLE_TIME;
161 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable);
162 nd->retrans = RETRANS_TIMER;
163 /*
164 * Note that the default value of ip6_accept_rtadv is 0, which means
165 * we won't accept RAs by default even if we set ND6_IFF_ACCEPT_RTADV
166 * here.
167 */
168 nd->flags = (ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV);
169
170 /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */
171 nd6_setmtu0(ifp, nd);
172
173 return nd;
174 }
175
176 void
177 nd6_ifdetach(nd)
178 struct nd_ifinfo *nd;
179 {
180
181 free(nd, M_IP6NDP);
182 }
183
184 void
185 nd6_setmtu(ifp)
186 struct ifnet *ifp;
187 {
188 nd6_setmtu0(ifp, ND_IFINFO(ifp));
189 }
190
191 void
192 nd6_setmtu0(ifp, ndi)
193 struct ifnet *ifp;
194 struct nd_ifinfo *ndi;
195 {
196 u_int32_t omaxmtu;
197
198 omaxmtu = ndi->maxmtu;
199
200 switch (ifp->if_type) {
201 case IFT_ARCNET:
202 ndi->maxmtu = MIN(ARC_PHDS_MAXMTU, ifp->if_mtu); /* RFC2497 */
203 break;
204 case IFT_FDDI:
205 ndi->maxmtu = MIN(FDDIIPMTU, ifp->if_mtu);
206 break;
207 default:
208 ndi->maxmtu = ifp->if_mtu;
209 break;
210 }
211
212 /*
213 * Decreasing the interface MTU under IPV6 minimum MTU may cause
214 * undesirable situation. We thus notify the operator of the change
215 * explicitly. The check for omaxmtu is necessary to restrict the
216 * log to the case of changing the MTU, not initializing it.
217 */
218 if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) {
219 log(LOG_NOTICE, "nd6_setmtu0: new link MTU on %s (%lu) is too"
220 " small for IPv6 which needs %lu\n",
221 if_name(ifp), (unsigned long)ndi->maxmtu, (unsigned long)
222 IPV6_MMTU);
223 }
224
225 if (ndi->maxmtu > in6_maxmtu)
226 in6_setmaxmtu(); /* check all interfaces just in case */
227 }
228
229 void
230 nd6_option_init(opt, icmp6len, ndopts)
231 void *opt;
232 int icmp6len;
233 union nd_opts *ndopts;
234 {
235
236 bzero(ndopts, sizeof(*ndopts));
237 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt;
238 ndopts->nd_opts_last
239 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len);
240
241 if (icmp6len == 0) {
242 ndopts->nd_opts_done = 1;
243 ndopts->nd_opts_search = NULL;
244 }
245 }
246
247 /*
248 * Take one ND option.
249 */
250 struct nd_opt_hdr *
251 nd6_option(ndopts)
252 union nd_opts *ndopts;
253 {
254 struct nd_opt_hdr *nd_opt;
255 int olen;
256
257 if (!ndopts)
258 panic("ndopts == NULL in nd6_option");
259 if (!ndopts->nd_opts_last)
260 panic("uninitialized ndopts in nd6_option");
261 if (!ndopts->nd_opts_search)
262 return NULL;
263 if (ndopts->nd_opts_done)
264 return NULL;
265
266 nd_opt = ndopts->nd_opts_search;
267
268 /* make sure nd_opt_len is inside the buffer */
269 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) {
270 bzero(ndopts, sizeof(*ndopts));
271 return NULL;
272 }
273
274 olen = nd_opt->nd_opt_len << 3;
275 if (olen == 0) {
276 /*
277 * Message validation requires that all included
278 * options have a length that is greater than zero.
279 */
280 bzero(ndopts, sizeof(*ndopts));
281 return NULL;
282 }
283
284 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen);
285 if (ndopts->nd_opts_search > ndopts->nd_opts_last) {
286 /* option overruns the end of buffer, invalid */
287 bzero(ndopts, sizeof(*ndopts));
288 return NULL;
289 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) {
290 /* reached the end of options chain */
291 ndopts->nd_opts_done = 1;
292 ndopts->nd_opts_search = NULL;
293 }
294 return nd_opt;
295 }
296
297 /*
298 * Parse multiple ND options.
299 * This function is much easier to use, for ND routines that do not need
300 * multiple options of the same type.
301 */
302 int
303 nd6_options(ndopts)
304 union nd_opts *ndopts;
305 {
306 struct nd_opt_hdr *nd_opt;
307 int i = 0;
308
309 if (!ndopts)
310 panic("ndopts == NULL in nd6_options");
311 if (!ndopts->nd_opts_last)
312 panic("uninitialized ndopts in nd6_options");
313 if (!ndopts->nd_opts_search)
314 return 0;
315
316 while (1) {
317 nd_opt = nd6_option(ndopts);
318 if (!nd_opt && !ndopts->nd_opts_last) {
319 /*
320 * Message validation requires that all included
321 * options have a length that is greater than zero.
322 */
323 icmp6stat.icp6s_nd_badopt++;
324 bzero(ndopts, sizeof(*ndopts));
325 return -1;
326 }
327
328 if (!nd_opt)
329 goto skip1;
330
331 switch (nd_opt->nd_opt_type) {
332 case ND_OPT_SOURCE_LINKADDR:
333 case ND_OPT_TARGET_LINKADDR:
334 case ND_OPT_MTU:
335 case ND_OPT_REDIRECTED_HEADER:
336 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
337 nd6log((LOG_INFO,
338 "duplicated ND6 option found (type=%d)\n",
339 nd_opt->nd_opt_type));
340 /* XXX bark? */
341 } else {
342 ndopts->nd_opt_array[nd_opt->nd_opt_type]
343 = nd_opt;
344 }
345 break;
346 case ND_OPT_PREFIX_INFORMATION:
347 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) {
348 ndopts->nd_opt_array[nd_opt->nd_opt_type]
349 = nd_opt;
350 }
351 ndopts->nd_opts_pi_end =
352 (struct nd_opt_prefix_info *)nd_opt;
353 break;
354 default:
355 /*
356 * Unknown options must be silently ignored,
357 * to accomodate future extension to the protocol.
358 */
359 nd6log((LOG_DEBUG,
360 "nd6_options: unsupported option %d - "
361 "option ignored\n", nd_opt->nd_opt_type));
362 }
363
364 skip1:
365 i++;
366 if (i > nd6_maxndopt) {
367 icmp6stat.icp6s_nd_toomanyopt++;
368 nd6log((LOG_INFO, "too many loop in nd opt\n"));
369 break;
370 }
371
372 if (ndopts->nd_opts_done)
373 break;
374 }
375
376 return 0;
377 }
378
379 /*
380 * ND6 timer routine to handle ND6 entries
381 */
382 void
383 nd6_llinfo_settimer(ln, tick)
384 struct llinfo_nd6 *ln;
385 long tick;
386 {
387 int s;
388
389 s = splsoftnet();
390
391 if (tick < 0) {
392 ln->ln_expire = 0;
393 ln->ln_ntick = 0;
394 callout_stop(&ln->ln_timer_ch);
395 } else {
396 ln->ln_expire = time.tv_sec + tick / hz;
397 if (tick > INT_MAX) {
398 ln->ln_ntick = tick - INT_MAX;
399 callout_reset(&ln->ln_timer_ch, INT_MAX,
400 nd6_llinfo_timer, ln);
401 } else {
402 ln->ln_ntick = 0;
403 callout_reset(&ln->ln_timer_ch, tick,
404 nd6_llinfo_timer, ln);
405 }
406 }
407
408 splx(s);
409 }
410
411 static void
412 nd6_llinfo_timer(arg)
413 void *arg;
414 {
415 int s;
416 struct llinfo_nd6 *ln;
417 struct rtentry *rt;
418 const struct sockaddr_in6 *dst;
419 struct ifnet *ifp;
420 struct nd_ifinfo *ndi = NULL;
421
422 s = splsoftnet();
423
424 ln = (struct llinfo_nd6 *)arg;
425
426 if (ln->ln_ntick > 0) {
427 if (ln->ln_ntick > INT_MAX) {
428 ln->ln_ntick -= INT_MAX;
429 nd6_llinfo_settimer(ln, INT_MAX);
430 } else {
431 ln->ln_ntick = 0;
432 nd6_llinfo_settimer(ln, ln->ln_ntick);
433 }
434 splx(s);
435 return;
436 }
437
438 if ((rt = ln->ln_rt) == NULL)
439 panic("ln->ln_rt == NULL");
440 if ((ifp = rt->rt_ifp) == NULL)
441 panic("ln->ln_rt->rt_ifp == NULL");
442 ndi = ND_IFINFO(ifp);
443 dst = (struct sockaddr_in6 *)rt_key(rt);
444
445 /* sanity check */
446 if (rt->rt_llinfo && (struct llinfo_nd6 *)rt->rt_llinfo != ln)
447 panic("rt_llinfo(%p) is not equal to ln(%p)",
448 rt->rt_llinfo, ln);
449 if (!dst)
450 panic("dst=0 in nd6_timer(ln=%p)", ln);
451
452 switch (ln->ln_state) {
453 case ND6_LLINFO_INCOMPLETE:
454 if (ln->ln_asked < nd6_mmaxtries) {
455 ln->ln_asked++;
456 nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000);
457 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0);
458 } else {
459 struct mbuf *m = ln->ln_hold;
460 if (m) {
461 ln->ln_hold = NULL;
462 /*
463 * Fake rcvif to make the ICMP error
464 * more helpful in diagnosing for the
465 * receiver.
466 * XXX: should we consider
467 * older rcvif?
468 */
469 m->m_pkthdr.rcvif = rt->rt_ifp;
470
471 icmp6_error(m, ICMP6_DST_UNREACH,
472 ICMP6_DST_UNREACH_ADDR, 0);
473 }
474 (void)nd6_free(rt, 0);
475 ln = NULL;
476 }
477 break;
478 case ND6_LLINFO_REACHABLE:
479 if (!ND6_LLINFO_PERMANENT(ln)) {
480 ln->ln_state = ND6_LLINFO_STALE;
481 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
482 }
483 break;
484
485 case ND6_LLINFO_STALE:
486 /* Garbage Collection(RFC 2461 5.3) */
487 if (!ND6_LLINFO_PERMANENT(ln)) {
488 (void)nd6_free(rt, 1);
489 ln = NULL;
490 }
491 break;
492
493 case ND6_LLINFO_DELAY:
494 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) {
495 /* We need NUD */
496 ln->ln_asked = 1;
497 ln->ln_state = ND6_LLINFO_PROBE;
498 nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000);
499 nd6_ns_output(ifp, &dst->sin6_addr,
500 &dst->sin6_addr, ln, 0);
501 } else {
502 ln->ln_state = ND6_LLINFO_STALE; /* XXX */
503 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
504 }
505 break;
506 case ND6_LLINFO_PROBE:
507 if (ln->ln_asked < nd6_umaxtries) {
508 ln->ln_asked++;
509 nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000);
510 nd6_ns_output(ifp, &dst->sin6_addr,
511 &dst->sin6_addr, ln, 0);
512 } else {
513 (void)nd6_free(rt, 0);
514 ln = NULL;
515 }
516 break;
517 }
518
519 splx(s);
520 }
521
522 /*
523 * ND6 timer routine to expire default route list and prefix list
524 */
525 void
526 nd6_timer(ignored_arg)
527 void *ignored_arg;
528 {
529 int s;
530 struct nd_defrouter *dr;
531 struct nd_prefix *pr;
532 struct in6_ifaddr *ia6, *nia6;
533
534 s = splsoftnet();
535 callout_reset(&nd6_timer_ch, nd6_prune * hz,
536 nd6_timer, NULL);
537
538 /* expire default router list */
539 dr = TAILQ_FIRST(&nd_defrouter);
540 while (dr) {
541 if (dr->expire && dr->expire < time.tv_sec) {
542 struct nd_defrouter *t;
543 t = TAILQ_NEXT(dr, dr_entry);
544 defrtrlist_del(dr);
545 dr = t;
546 } else {
547 dr = TAILQ_NEXT(dr, dr_entry);
548 }
549 }
550
551 /*
552 * expire interface addresses.
553 * in the past the loop was inside prefix expiry processing.
554 * However, from a stricter speci-confrmance standpoint, we should
555 * rather separate address lifetimes and prefix lifetimes.
556 */
557 for (ia6 = in6_ifaddr; ia6; ia6 = nia6) {
558 nia6 = ia6->ia_next;
559 /* check address lifetime */
560 if (IFA6_IS_INVALID(ia6)) {
561 in6_purgeaddr(&ia6->ia_ifa);
562 }
563 if (IFA6_IS_DEPRECATED(ia6)) {
564 ia6->ia6_flags |= IN6_IFF_DEPRECATED;
565 } else {
566 /*
567 * A new RA might have made a deprecated address
568 * preferred.
569 */
570 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED;
571 }
572 }
573
574 /* expire prefix list */
575 pr = nd_prefix.lh_first;
576 while (pr) {
577 /*
578 * check prefix lifetime.
579 * since pltime is just for autoconf, pltime processing for
580 * prefix is not necessary.
581 */
582 if (pr->ndpr_vltime != ND6_INFINITE_LIFETIME &&
583 time.tv_sec - pr->ndpr_lastupdate > pr->ndpr_vltime) {
584 struct nd_prefix *t;
585 t = pr->ndpr_next;
586
587 /*
588 * address expiration and prefix expiration are
589 * separate. NEVER perform in6_purgeaddr here.
590 */
591
592 prelist_remove(pr);
593 pr = t;
594 } else
595 pr = pr->ndpr_next;
596 }
597 splx(s);
598 }
599
600 /*
601 * Nuke neighbor cache/prefix/default router management table, right before
602 * ifp goes away.
603 */
604 void
605 nd6_purge(ifp)
606 struct ifnet *ifp;
607 {
608 struct llinfo_nd6 *ln, *nln;
609 struct nd_defrouter *dr, *ndr;
610 struct nd_prefix *pr, *npr;
611
612 /*
613 * Nuke default router list entries toward ifp.
614 * We defer removal of default router list entries that is installed
615 * in the routing table, in order to keep additional side effects as
616 * small as possible.
617 */
618 for (dr = TAILQ_FIRST(&nd_defrouter); dr; dr = ndr) {
619 ndr = TAILQ_NEXT(dr, dr_entry);
620 if (dr->installed)
621 continue;
622
623 if (dr->ifp == ifp)
624 defrtrlist_del(dr);
625 }
626 for (dr = TAILQ_FIRST(&nd_defrouter); dr; dr = ndr) {
627 ndr = TAILQ_NEXT(dr, dr_entry);
628 if (!dr->installed)
629 continue;
630
631 if (dr->ifp == ifp)
632 defrtrlist_del(dr);
633 }
634
635 /* Nuke prefix list entries toward ifp */
636 for (pr = nd_prefix.lh_first; pr; pr = npr) {
637 npr = pr->ndpr_next;
638 if (pr->ndpr_ifp == ifp) {
639 /*
640 * Because if_detach() does *not* release prefixes
641 * while purging addresses the reference count will
642 * still be above zero. We therefore reset it to
643 * make sure that the prefix really gets purged.
644 */
645 pr->ndpr_refcnt = 0;
646 /*
647 * Previously, pr->ndpr_addr is removed as well,
648 * but I strongly believe we don't have to do it.
649 * nd6_purge() is only called from in6_ifdetach(),
650 * which removes all the associated interface addresses
651 * by itself.
652 * (jinmei@kame.net 20010129)
653 */
654 prelist_remove(pr);
655 }
656 }
657
658 /* cancel default outgoing interface setting */
659 if (nd6_defifindex == ifp->if_index)
660 nd6_setdefaultiface(0);
661
662 if (!ip6_forwarding && ip6_accept_rtadv) { /* XXX: too restrictive? */
663 /* refresh default router list */
664 defrouter_select();
665 }
666
667 /*
668 * Nuke neighbor cache entries for the ifp.
669 * Note that rt->rt_ifp may not be the same as ifp,
670 * due to KAME goto ours hack. See RTM_RESOLVE case in
671 * nd6_rtrequest(), and ip6_input().
672 */
673 ln = llinfo_nd6.ln_next;
674 while (ln && ln != &llinfo_nd6) {
675 struct rtentry *rt;
676 struct sockaddr_dl *sdl;
677
678 nln = ln->ln_next;
679 rt = ln->ln_rt;
680 if (rt && rt->rt_gateway &&
681 rt->rt_gateway->sa_family == AF_LINK) {
682 sdl = (struct sockaddr_dl *)rt->rt_gateway;
683 if (sdl->sdl_index == ifp->if_index)
684 nln = nd6_free(rt, 0);
685 }
686 ln = nln;
687 }
688 }
689
690 struct rtentry *
691 nd6_lookup(addr6, create, ifp)
692 struct in6_addr *addr6;
693 int create;
694 struct ifnet *ifp;
695 {
696 struct rtentry *rt;
697 struct sockaddr_in6 sin6;
698
699 bzero(&sin6, sizeof(sin6));
700 sin6.sin6_len = sizeof(struct sockaddr_in6);
701 sin6.sin6_family = AF_INET6;
702 sin6.sin6_addr = *addr6;
703 rt = rtalloc1((struct sockaddr *)&sin6, create);
704 if (rt && (rt->rt_flags & RTF_LLINFO) == 0) {
705 /*
706 * This is the case for the default route.
707 * If we want to create a neighbor cache for the address, we
708 * should free the route for the destination and allocate an
709 * interface route.
710 */
711 if (create) {
712 RTFREE(rt);
713 rt = 0;
714 }
715 }
716 if (!rt) {
717 if (create && ifp) {
718 int e;
719
720 /*
721 * If no route is available and create is set,
722 * we allocate a host route for the destination
723 * and treat it like an interface route.
724 * This hack is necessary for a neighbor which can't
725 * be covered by our own prefix.
726 */
727 struct ifaddr *ifa =
728 ifaof_ifpforaddr((struct sockaddr *)&sin6, ifp);
729 if (ifa == NULL)
730 return (NULL);
731
732 /*
733 * Create a new route. RTF_LLINFO is necessary
734 * to create a Neighbor Cache entry for the
735 * destination in nd6_rtrequest which will be
736 * called in rtrequest via ifa->ifa_rtrequest.
737 */
738 if ((e = rtrequest(RTM_ADD, (struct sockaddr *)&sin6,
739 ifa->ifa_addr, (struct sockaddr *)&all1_sa,
740 (ifa->ifa_flags | RTF_HOST | RTF_LLINFO) &
741 ~RTF_CLONING, &rt)) != 0) {
742 #if 0
743 log(LOG_ERR,
744 "nd6_lookup: failed to add route for a "
745 "neighbor(%s), errno=%d\n",
746 ip6_sprintf(addr6), e);
747 #endif
748 return (NULL);
749 }
750 if (rt == NULL)
751 return (NULL);
752 if (rt->rt_llinfo) {
753 struct llinfo_nd6 *ln =
754 (struct llinfo_nd6 *)rt->rt_llinfo;
755 ln->ln_state = ND6_LLINFO_NOSTATE;
756 }
757 } else
758 return (NULL);
759 }
760 rt->rt_refcnt--;
761 /*
762 * Validation for the entry.
763 * Note that the check for rt_llinfo is necessary because a cloned
764 * route from a parent route that has the L flag (e.g. the default
765 * route to a p2p interface) may have the flag, too, while the
766 * destination is not actually a neighbor.
767 * XXX: we can't use rt->rt_ifp to check for the interface, since
768 * it might be the loopback interface if the entry is for our
769 * own address on a non-loopback interface. Instead, we should
770 * use rt->rt_ifa->ifa_ifp, which would specify the REAL
771 * interface.
772 */
773 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 ||
774 rt->rt_gateway->sa_family != AF_LINK || rt->rt_llinfo == NULL ||
775 (ifp && rt->rt_ifa->ifa_ifp != ifp)) {
776 if (create) {
777 nd6log((LOG_DEBUG,
778 "nd6_lookup: failed to lookup %s (if = %s)\n",
779 ip6_sprintf(addr6),
780 ifp ? if_name(ifp) : "unspec"));
781 }
782 return (NULL);
783 }
784 return (rt);
785 }
786
787 /*
788 * Detect if a given IPv6 address identifies a neighbor on a given link.
789 * XXX: should take care of the destination of a p2p link?
790 */
791 int
792 nd6_is_addr_neighbor(addr, ifp)
793 struct sockaddr_in6 *addr;
794 struct ifnet *ifp;
795 {
796 struct nd_prefix *pr;
797
798 /*
799 * A link-local address is always a neighbor.
800 * XXX: we should use the sin6_scope_id field rather than the embedded
801 * interface index.
802 * XXX: a link does not necessarily specify a single interface.
803 */
804 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr) &&
805 ntohs(addr->sin6_addr.s6_addr16[1]) == ifp->if_index)
806 return (1);
807
808 /*
809 * If the address matches one of our on-link prefixes, it should be a
810 * neighbor.
811 */
812 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) {
813 if (pr->ndpr_ifp != ifp)
814 continue;
815
816 if (!(pr->ndpr_stateflags & NDPRF_ONLINK))
817 continue;
818
819 if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr,
820 &addr->sin6_addr, &pr->ndpr_mask))
821 return (1);
822 }
823
824 /*
825 * If the default router list is empty, all addresses are regarded
826 * as on-link, and thus, as a neighbor.
827 * XXX: we restrict the condition to hosts, because routers usually do
828 * not have the "default router list".
829 */
830 if (!ip6_forwarding && TAILQ_FIRST(&nd_defrouter) == NULL &&
831 nd6_defifindex == ifp->if_index) {
832 return (1);
833 }
834
835 /*
836 * Even if the address matches none of our addresses, it might be
837 * in the neighbor cache.
838 */
839 if (nd6_lookup(&addr->sin6_addr, 0, ifp) != NULL)
840 return (1);
841
842 return (0);
843 }
844
845 /*
846 * Free an nd6 llinfo entry.
847 * Since the function would cause significant changes in the kernel, DO NOT
848 * make it global, unless you have a strong reason for the change, and are sure
849 * that the change is safe.
850 */
851 static struct llinfo_nd6 *
852 nd6_free(rt, gc)
853 struct rtentry *rt;
854 int gc;
855 {
856 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo, *next;
857 struct in6_addr in6 = ((struct sockaddr_in6 *)rt_key(rt))->sin6_addr;
858 struct nd_defrouter *dr;
859
860 /*
861 * we used to have pfctlinput(PRC_HOSTDEAD) here.
862 * even though it is not harmful, it was not really necessary.
863 */
864
865 /* cancel timer */
866 nd6_llinfo_settimer(ln, -1);
867
868 if (!ip6_forwarding) {
869 int s;
870 s = splsoftnet();
871 dr = defrouter_lookup(&((struct sockaddr_in6 *)rt_key(rt))->sin6_addr,
872 rt->rt_ifp);
873
874 if (dr != NULL && dr->expire &&
875 ln->ln_state == ND6_LLINFO_STALE && gc) {
876 /*
877 * If the reason for the deletion is just garbage
878 * collection, and the neighbor is an active default
879 * router, do not delete it. Instead, reset the GC
880 * timer using the router's lifetime.
881 * Simply deleting the entry would affect default
882 * router selection, which is not necessarily a good
883 * thing, especially when we're using router preference
884 * values.
885 * XXX: the check for ln_state would be redundant,
886 * but we intentionally keep it just in case.
887 */
888 if (dr->expire > time.tv_sec * hz)
889 nd6_llinfo_settimer(ln,
890 dr->expire - time.tv_sec * hz);
891 else
892 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
893 splx(s);
894 return (ln->ln_next);
895 }
896
897 if (ln->ln_router || dr) {
898 /*
899 * rt6_flush must be called whether or not the neighbor
900 * is in the Default Router List.
901 * See a corresponding comment in nd6_na_input().
902 */
903 rt6_flush(&in6, rt->rt_ifp);
904 }
905
906 if (dr) {
907 /*
908 * Unreachablity of a router might affect the default
909 * router selection and on-link detection of advertised
910 * prefixes.
911 */
912
913 /*
914 * Temporarily fake the state to choose a new default
915 * router and to perform on-link determination of
916 * prefixes correctly.
917 * Below the state will be set correctly,
918 * or the entry itself will be deleted.
919 */
920 ln->ln_state = ND6_LLINFO_INCOMPLETE;
921
922 /*
923 * Since defrouter_select() does not affect the
924 * on-link determination and MIP6 needs the check
925 * before the default router selection, we perform
926 * the check now.
927 */
928 pfxlist_onlink_check();
929
930 /*
931 * refresh default router list
932 */
933 defrouter_select();
934 }
935 splx(s);
936 }
937
938 /*
939 * Before deleting the entry, remember the next entry as the
940 * return value. We need this because pfxlist_onlink_check() above
941 * might have freed other entries (particularly the old next entry) as
942 * a side effect (XXX).
943 */
944 next = ln->ln_next;
945
946 /*
947 * Detach the route from the routing tree and the list of neighbor
948 * caches, and disable the route entry not to be used in already
949 * cached routes.
950 */
951 rtrequest(RTM_DELETE, rt_key(rt), (struct sockaddr *)0,
952 rt_mask(rt), 0, (struct rtentry **)0);
953
954 return (next);
955 }
956
957 /*
958 * Upper-layer reachability hint for Neighbor Unreachability Detection.
959 *
960 * XXX cost-effective metods?
961 */
962 void
963 nd6_nud_hint(rt, dst6, force)
964 struct rtentry *rt;
965 struct in6_addr *dst6;
966 int force;
967 {
968 struct llinfo_nd6 *ln;
969
970 /*
971 * If the caller specified "rt", use that. Otherwise, resolve the
972 * routing table by supplied "dst6".
973 */
974 if (!rt) {
975 if (!dst6)
976 return;
977 if (!(rt = nd6_lookup(dst6, 0, NULL)))
978 return;
979 }
980
981 if ((rt->rt_flags & RTF_GATEWAY) != 0 ||
982 (rt->rt_flags & RTF_LLINFO) == 0 ||
983 !rt->rt_llinfo || !rt->rt_gateway ||
984 rt->rt_gateway->sa_family != AF_LINK) {
985 /* This is not a host route. */
986 return;
987 }
988
989 ln = (struct llinfo_nd6 *)rt->rt_llinfo;
990 if (ln->ln_state < ND6_LLINFO_REACHABLE)
991 return;
992
993 /*
994 * if we get upper-layer reachability confirmation many times,
995 * it is possible we have false information.
996 */
997 if (!force) {
998 ln->ln_byhint++;
999 if (ln->ln_byhint > nd6_maxnudhint)
1000 return;
1001 }
1002
1003 ln->ln_state = ND6_LLINFO_REACHABLE;
1004 if (!ND6_LLINFO_PERMANENT(ln)) {
1005 nd6_llinfo_settimer(ln,
1006 (long)ND_IFINFO(rt->rt_ifp)->reachable * hz);
1007 }
1008 }
1009
1010 void
1011 nd6_rtrequest(req, rt, info)
1012 int req;
1013 struct rtentry *rt;
1014 struct rt_addrinfo *info; /* xxx unused */
1015 {
1016 struct sockaddr *gate = rt->rt_gateway;
1017 struct llinfo_nd6 *ln = (struct llinfo_nd6 *)rt->rt_llinfo;
1018 static struct sockaddr_dl null_sdl = {sizeof(null_sdl), AF_LINK};
1019 struct ifnet *ifp = rt->rt_ifp;
1020 struct ifaddr *ifa;
1021
1022 if ((rt->rt_flags & RTF_GATEWAY) != 0)
1023 return;
1024
1025 if (nd6_need_cache(ifp) == 0 && (rt->rt_flags & RTF_HOST) == 0) {
1026 /*
1027 * This is probably an interface direct route for a link
1028 * which does not need neighbor caches (e.g. fe80::%lo0/64).
1029 * We do not need special treatment below for such a route.
1030 * Moreover, the RTF_LLINFO flag which would be set below
1031 * would annoy the ndp(8) command.
1032 */
1033 return;
1034 }
1035
1036 if (req == RTM_RESOLVE &&
1037 (nd6_need_cache(ifp) == 0 || /* stf case */
1038 !nd6_is_addr_neighbor((struct sockaddr_in6 *)rt_key(rt), ifp))) {
1039 /*
1040 * FreeBSD and BSD/OS often make a cloned host route based
1041 * on a less-specific route (e.g. the default route).
1042 * If the less specific route does not have a "gateway"
1043 * (this is the case when the route just goes to a p2p or an
1044 * stf interface), we'll mistakenly make a neighbor cache for
1045 * the host route, and will see strange neighbor solicitation
1046 * for the corresponding destination. In order to avoid the
1047 * confusion, we check if the destination of the route is
1048 * a neighbor in terms of neighbor discovery, and stop the
1049 * process if not. Additionally, we remove the LLINFO flag
1050 * so that ndp(8) will not try to get the neighbor information
1051 * of the destination.
1052 */
1053 rt->rt_flags &= ~RTF_LLINFO;
1054 return;
1055 }
1056
1057 switch (req) {
1058 case RTM_ADD:
1059 /*
1060 * There is no backward compatibility :)
1061 *
1062 * if ((rt->rt_flags & RTF_HOST) == 0 &&
1063 * SIN(rt_mask(rt))->sin_addr.s_addr != 0xffffffff)
1064 * rt->rt_flags |= RTF_CLONING;
1065 */
1066 if ((rt->rt_flags & RTF_CLONING) ||
1067 ((rt->rt_flags & RTF_LLINFO) && !ln)) {
1068 /*
1069 * Case 1: This route should come from a route to
1070 * interface (RTF_CLONING case) or the route should be
1071 * treated as on-link but is currently not
1072 * (RTF_LLINFO && !ln case).
1073 */
1074 rt_setgate(rt, rt_key(rt),
1075 (struct sockaddr *)&null_sdl);
1076 gate = rt->rt_gateway;
1077 SDL(gate)->sdl_type = ifp->if_type;
1078 SDL(gate)->sdl_index = ifp->if_index;
1079 if (ln)
1080 nd6_llinfo_settimer(ln, 0);
1081 if ((rt->rt_flags & RTF_CLONING) != 0)
1082 break;
1083 }
1084 /*
1085 * In IPv4 code, we try to annonuce new RTF_ANNOUNCE entry here.
1086 * We don't do that here since llinfo is not ready yet.
1087 *
1088 * There are also couple of other things to be discussed:
1089 * - unsolicited NA code needs improvement beforehand
1090 * - RFC2461 says we MAY send multicast unsolicited NA
1091 * (7.2.6 paragraph 4), however, it also says that we
1092 * SHOULD provide a mechanism to prevent multicast NA storm.
1093 * we don't have anything like it right now.
1094 * note that the mechanism needs a mutual agreement
1095 * between proxies, which means that we need to implement
1096 * a new protocol, or a new kludge.
1097 * - from RFC2461 6.2.4, host MUST NOT send an unsolicited NA.
1098 * we need to check ip6forwarding before sending it.
1099 * (or should we allow proxy ND configuration only for
1100 * routers? there's no mention about proxy ND from hosts)
1101 */
1102 #if 0
1103 /* XXX it does not work */
1104 if (rt->rt_flags & RTF_ANNOUNCE)
1105 nd6_na_output(ifp,
1106 &SIN6(rt_key(rt))->sin6_addr,
1107 &SIN6(rt_key(rt))->sin6_addr,
1108 ip6_forwarding ? ND_NA_FLAG_ROUTER : 0,
1109 1, NULL);
1110 #endif
1111 /* FALLTHROUGH */
1112 case RTM_RESOLVE:
1113 if ((ifp->if_flags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) {
1114 /*
1115 * Address resolution isn't necessary for a point to
1116 * point link, so we can skip this test for a p2p link.
1117 */
1118 if (gate->sa_family != AF_LINK ||
1119 gate->sa_len < sizeof(null_sdl)) {
1120 log(LOG_DEBUG,
1121 "nd6_rtrequest: bad gateway value: %s\n",
1122 if_name(ifp));
1123 break;
1124 }
1125 SDL(gate)->sdl_type = ifp->if_type;
1126 SDL(gate)->sdl_index = ifp->if_index;
1127 }
1128 if (ln != NULL)
1129 break; /* This happens on a route change */
1130 /*
1131 * Case 2: This route may come from cloning, or a manual route
1132 * add with a LL address.
1133 */
1134 R_Malloc(ln, struct llinfo_nd6 *, sizeof(*ln));
1135 rt->rt_llinfo = (caddr_t)ln;
1136 if (!ln) {
1137 log(LOG_DEBUG, "nd6_rtrequest: malloc failed\n");
1138 break;
1139 }
1140 nd6_inuse++;
1141 nd6_allocated++;
1142 Bzero(ln, sizeof(*ln));
1143 ln->ln_rt = rt;
1144 callout_init(&ln->ln_timer_ch);
1145 /* this is required for "ndp" command. - shin */
1146 if (req == RTM_ADD) {
1147 /*
1148 * gate should have some valid AF_LINK entry,
1149 * and ln->ln_expire should have some lifetime
1150 * which is specified by ndp command.
1151 */
1152 ln->ln_state = ND6_LLINFO_REACHABLE;
1153 ln->ln_byhint = 0;
1154 } else {
1155 /*
1156 * When req == RTM_RESOLVE, rt is created and
1157 * initialized in rtrequest(), so rt_expire is 0.
1158 */
1159 ln->ln_state = ND6_LLINFO_NOSTATE;
1160 nd6_llinfo_settimer(ln, 0);
1161 }
1162 rt->rt_flags |= RTF_LLINFO;
1163 ln->ln_next = llinfo_nd6.ln_next;
1164 llinfo_nd6.ln_next = ln;
1165 ln->ln_prev = &llinfo_nd6;
1166 ln->ln_next->ln_prev = ln;
1167
1168 /*
1169 * check if rt_key(rt) is one of my address assigned
1170 * to the interface.
1171 */
1172 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(rt->rt_ifp,
1173 &SIN6(rt_key(rt))->sin6_addr);
1174 if (ifa) {
1175 caddr_t macp = nd6_ifptomac(ifp);
1176 nd6_llinfo_settimer(ln, -1);
1177 ln->ln_state = ND6_LLINFO_REACHABLE;
1178 ln->ln_byhint = 0;
1179 if (macp) {
1180 Bcopy(macp, LLADDR(SDL(gate)), ifp->if_addrlen);
1181 SDL(gate)->sdl_alen = ifp->if_addrlen;
1182 }
1183 if (nd6_useloopback) {
1184 rt->rt_ifp = lo0ifp; /* XXX */
1185 /*
1186 * Make sure rt_ifa be equal to the ifaddr
1187 * corresponding to the address.
1188 * We need this because when we refer
1189 * rt_ifa->ia6_flags in ip6_input, we assume
1190 * that the rt_ifa points to the address instead
1191 * of the loopback address.
1192 */
1193 if (ifa != rt->rt_ifa) {
1194 IFAFREE(rt->rt_ifa);
1195 IFAREF(ifa);
1196 rt->rt_ifa = ifa;
1197 }
1198 }
1199 } else if (rt->rt_flags & RTF_ANNOUNCE) {
1200 nd6_llinfo_settimer(ln, -1);
1201 ln->ln_state = ND6_LLINFO_REACHABLE;
1202 ln->ln_byhint = 0;
1203
1204 /* join solicited node multicast for proxy ND */
1205 if (ifp->if_flags & IFF_MULTICAST) {
1206 struct in6_addr llsol;
1207 int error;
1208
1209 llsol = SIN6(rt_key(rt))->sin6_addr;
1210 llsol.s6_addr16[0] = htons(0xff02);
1211 llsol.s6_addr16[1] = htons(ifp->if_index);
1212 llsol.s6_addr32[1] = 0;
1213 llsol.s6_addr32[2] = htonl(1);
1214 llsol.s6_addr8[12] = 0xff;
1215
1216 if (!in6_addmulti(&llsol, ifp, &error)) {
1217 nd6log((LOG_ERR, "%s: failed to join "
1218 "%s (errno=%d)\n", if_name(ifp),
1219 ip6_sprintf(&llsol), error));
1220 }
1221 }
1222 }
1223 break;
1224
1225 case RTM_DELETE:
1226 if (!ln)
1227 break;
1228 /* leave from solicited node multicast for proxy ND */
1229 if ((rt->rt_flags & RTF_ANNOUNCE) != 0 &&
1230 (ifp->if_flags & IFF_MULTICAST) != 0) {
1231 struct in6_addr llsol;
1232 struct in6_multi *in6m;
1233
1234 llsol = SIN6(rt_key(rt))->sin6_addr;
1235 llsol.s6_addr16[0] = htons(0xff02);
1236 llsol.s6_addr16[1] = htons(ifp->if_index);
1237 llsol.s6_addr32[1] = 0;
1238 llsol.s6_addr32[2] = htonl(1);
1239 llsol.s6_addr8[12] = 0xff;
1240
1241 IN6_LOOKUP_MULTI(llsol, ifp, in6m);
1242 if (in6m)
1243 in6_delmulti(in6m);
1244 }
1245 nd6_inuse--;
1246 ln->ln_next->ln_prev = ln->ln_prev;
1247 ln->ln_prev->ln_next = ln->ln_next;
1248 ln->ln_prev = NULL;
1249 nd6_llinfo_settimer(ln, -1);
1250 rt->rt_llinfo = 0;
1251 rt->rt_flags &= ~RTF_LLINFO;
1252 if (ln->ln_hold)
1253 m_freem(ln->ln_hold);
1254 Free((caddr_t)ln);
1255 }
1256 }
1257
1258 int
1259 nd6_ioctl(cmd, data, ifp)
1260 u_long cmd;
1261 caddr_t data;
1262 struct ifnet *ifp;
1263 {
1264 struct in6_drlist *drl = (struct in6_drlist *)data;
1265 struct in6_oprlist *oprl = (struct in6_oprlist *)data;
1266 struct in6_ndireq *ndi = (struct in6_ndireq *)data;
1267 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data;
1268 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data;
1269 struct nd_defrouter *dr;
1270 struct nd_prefix *pr;
1271 struct rtentry *rt;
1272 int i = 0, error = 0;
1273 int s;
1274
1275 switch (cmd) {
1276 case SIOCGDRLST_IN6:
1277 /*
1278 * obsolete API, use sysctl under net.inet6.icmp6
1279 */
1280 bzero(drl, sizeof(*drl));
1281 s = splsoftnet();
1282 dr = TAILQ_FIRST(&nd_defrouter);
1283 while (dr && i < DRLSTSIZ) {
1284 drl->defrouter[i].rtaddr = dr->rtaddr;
1285 if (IN6_IS_ADDR_LINKLOCAL(&drl->defrouter[i].rtaddr)) {
1286 /* XXX: need to this hack for KAME stack */
1287 drl->defrouter[i].rtaddr.s6_addr16[1] = 0;
1288 } else
1289 log(LOG_ERR,
1290 "default router list contains a "
1291 "non-linklocal address(%s)\n",
1292 ip6_sprintf(&drl->defrouter[i].rtaddr));
1293
1294 drl->defrouter[i].flags = dr->flags;
1295 drl->defrouter[i].rtlifetime = dr->rtlifetime;
1296 drl->defrouter[i].expire = dr->expire;
1297 drl->defrouter[i].if_index = dr->ifp->if_index;
1298 i++;
1299 dr = TAILQ_NEXT(dr, dr_entry);
1300 }
1301 splx(s);
1302 break;
1303 case SIOCGPRLST_IN6:
1304 /*
1305 * obsolete API, use sysctl under net.inet6.icmp6
1306 *
1307 * XXX the structure in6_prlist was changed in backward-
1308 * incompatible manner. in6_oprlist is used for SIOCGPRLST_IN6,
1309 * in6_prlist is used for nd6_sysctl() - fill_prlist().
1310 */
1311 /*
1312 * XXX meaning of fields, especialy "raflags", is very
1313 * differnet between RA prefix list and RR/static prefix list.
1314 * how about separating ioctls into two?
1315 */
1316 bzero(oprl, sizeof(*oprl));
1317 s = splsoftnet();
1318 pr = nd_prefix.lh_first;
1319 while (pr && i < PRLSTSIZ) {
1320 struct nd_pfxrouter *pfr;
1321 int j;
1322
1323 oprl->prefix[i].prefix = pr->ndpr_prefix.sin6_addr;
1324 oprl->prefix[i].raflags = pr->ndpr_raf;
1325 oprl->prefix[i].prefixlen = pr->ndpr_plen;
1326 oprl->prefix[i].vltime = pr->ndpr_vltime;
1327 oprl->prefix[i].pltime = pr->ndpr_pltime;
1328 oprl->prefix[i].if_index = pr->ndpr_ifp->if_index;
1329 oprl->prefix[i].expire = pr->ndpr_expire;
1330
1331 pfr = pr->ndpr_advrtrs.lh_first;
1332 j = 0;
1333 while (pfr) {
1334 if (j < DRLSTSIZ) {
1335 #define RTRADDR oprl->prefix[i].advrtr[j]
1336 RTRADDR = pfr->router->rtaddr;
1337 if (IN6_IS_ADDR_LINKLOCAL(&RTRADDR)) {
1338 /* XXX: hack for KAME */
1339 RTRADDR.s6_addr16[1] = 0;
1340 } else
1341 log(LOG_ERR,
1342 "a router(%s) advertises "
1343 "a prefix with "
1344 "non-link local address\n",
1345 ip6_sprintf(&RTRADDR));
1346 #undef RTRADDR
1347 }
1348 j++;
1349 pfr = pfr->pfr_next;
1350 }
1351 oprl->prefix[i].advrtrs = j;
1352 oprl->prefix[i].origin = PR_ORIG_RA;
1353
1354 i++;
1355 pr = pr->ndpr_next;
1356 }
1357 splx(s);
1358
1359 break;
1360 case OSIOCGIFINFO_IN6:
1361 /* XXX: old ndp(8) assumes a positive value for linkmtu. */
1362 bzero(&ndi->ndi, sizeof(ndi->ndi));
1363 ndi->ndi.linkmtu = IN6_LINKMTU(ifp);
1364 ndi->ndi.maxmtu = ND_IFINFO(ifp)->maxmtu;
1365 ndi->ndi.basereachable = ND_IFINFO(ifp)->basereachable;
1366 ndi->ndi.reachable = ND_IFINFO(ifp)->reachable;
1367 ndi->ndi.retrans = ND_IFINFO(ifp)->retrans;
1368 ndi->ndi.flags = ND_IFINFO(ifp)->flags;
1369 ndi->ndi.recalctm = ND_IFINFO(ifp)->recalctm;
1370 ndi->ndi.chlim = ND_IFINFO(ifp)->chlim;
1371 break;
1372 case SIOCGIFINFO_IN6:
1373 ndi->ndi = *ND_IFINFO(ifp);
1374 break;
1375 case SIOCSIFINFO_FLAGS:
1376 ND_IFINFO(ifp)->flags = ndi->ndi.flags;
1377 break;
1378 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */
1379 /* sync kernel routing table with the default router list */
1380 defrouter_reset();
1381 defrouter_select();
1382 break;
1383 case SIOCSPFXFLUSH_IN6:
1384 {
1385 /* flush all the prefix advertised by routers */
1386 struct nd_prefix *pr, *next;
1387
1388 s = splsoftnet();
1389 for (pr = nd_prefix.lh_first; pr; pr = next) {
1390 struct in6_ifaddr *ia, *ia_next;
1391
1392 next = pr->ndpr_next;
1393
1394 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr))
1395 continue; /* XXX */
1396
1397 /* do we really have to remove addresses as well? */
1398 for (ia = in6_ifaddr; ia; ia = ia_next) {
1399 /* ia might be removed. keep the next ptr. */
1400 ia_next = ia->ia_next;
1401
1402 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0)
1403 continue;
1404
1405 if (ia->ia6_ndpr == pr)
1406 in6_purgeaddr(&ia->ia_ifa);
1407 }
1408 prelist_remove(pr);
1409 }
1410 splx(s);
1411 break;
1412 }
1413 case SIOCSRTRFLUSH_IN6:
1414 {
1415 /* flush all the default routers */
1416 struct nd_defrouter *dr, *next;
1417
1418 s = splsoftnet();
1419 defrouter_reset();
1420 for (dr = TAILQ_FIRST(&nd_defrouter); dr; dr = next) {
1421 next = TAILQ_NEXT(dr, dr_entry);
1422 defrtrlist_del(dr);
1423 }
1424 defrouter_select();
1425 splx(s);
1426 break;
1427 }
1428 case SIOCGNBRINFO_IN6:
1429 {
1430 struct llinfo_nd6 *ln;
1431 struct in6_addr nb_addr = nbi->addr; /* make local for safety */
1432
1433 /*
1434 * XXX: KAME specific hack for scoped addresses
1435 * XXXX: for other scopes than link-local?
1436 */
1437 if (IN6_IS_ADDR_LINKLOCAL(&nbi->addr) ||
1438 IN6_IS_ADDR_MC_LINKLOCAL(&nbi->addr)) {
1439 u_int16_t *idp = (u_int16_t *)&nb_addr.s6_addr[2];
1440
1441 if (*idp == 0)
1442 *idp = htons(ifp->if_index);
1443 }
1444
1445 s = splsoftnet();
1446 if ((rt = nd6_lookup(&nb_addr, 0, ifp)) == NULL ||
1447 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) {
1448 error = EINVAL;
1449 splx(s);
1450 break;
1451 }
1452 nbi->state = ln->ln_state;
1453 nbi->asked = ln->ln_asked;
1454 nbi->isrouter = ln->ln_router;
1455 nbi->expire = ln->ln_expire;
1456 splx(s);
1457
1458 break;
1459 }
1460 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */
1461 ndif->ifindex = nd6_defifindex;
1462 break;
1463 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */
1464 return (nd6_setdefaultiface(ndif->ifindex));
1465 }
1466 return (error);
1467 }
1468
1469 /*
1470 * Create neighbor cache entry and cache link-layer address,
1471 * on reception of inbound ND6 packets. (RS/RA/NS/redirect)
1472 */
1473 struct rtentry *
1474 nd6_cache_lladdr(ifp, from, lladdr, lladdrlen, type, code)
1475 struct ifnet *ifp;
1476 struct in6_addr *from;
1477 char *lladdr;
1478 int lladdrlen;
1479 int type; /* ICMP6 type */
1480 int code; /* type dependent information */
1481 {
1482 struct rtentry *rt = NULL;
1483 struct llinfo_nd6 *ln = NULL;
1484 int is_newentry;
1485 struct sockaddr_dl *sdl = NULL;
1486 int do_update;
1487 int olladdr;
1488 int llchange;
1489 int newstate = 0;
1490
1491 if (!ifp)
1492 panic("ifp == NULL in nd6_cache_lladdr");
1493 if (!from)
1494 panic("from == NULL in nd6_cache_lladdr");
1495
1496 /* nothing must be updated for unspecified address */
1497 if (IN6_IS_ADDR_UNSPECIFIED(from))
1498 return NULL;
1499
1500 /*
1501 * Validation about ifp->if_addrlen and lladdrlen must be done in
1502 * the caller.
1503 *
1504 * XXX If the link does not have link-layer adderss, what should
1505 * we do? (ifp->if_addrlen == 0)
1506 * Spec says nothing in sections for RA, RS and NA. There's small
1507 * description on it in NS section (RFC 2461 7.2.3).
1508 */
1509
1510 rt = nd6_lookup(from, 0, ifp);
1511 if (!rt) {
1512 #if 0
1513 /* nothing must be done if there's no lladdr */
1514 if (!lladdr || !lladdrlen)
1515 return NULL;
1516 #endif
1517
1518 rt = nd6_lookup(from, 1, ifp);
1519 is_newentry = 1;
1520 } else {
1521 /* do nothing if static ndp is set */
1522 if (rt->rt_flags & RTF_STATIC)
1523 return NULL;
1524 is_newentry = 0;
1525 }
1526
1527 if (!rt)
1528 return NULL;
1529 if ((rt->rt_flags & (RTF_GATEWAY | RTF_LLINFO)) != RTF_LLINFO) {
1530 fail:
1531 (void)nd6_free(rt, 0);
1532 return NULL;
1533 }
1534 ln = (struct llinfo_nd6 *)rt->rt_llinfo;
1535 if (!ln)
1536 goto fail;
1537 if (!rt->rt_gateway)
1538 goto fail;
1539 if (rt->rt_gateway->sa_family != AF_LINK)
1540 goto fail;
1541 sdl = SDL(rt->rt_gateway);
1542
1543 olladdr = (sdl->sdl_alen) ? 1 : 0;
1544 if (olladdr && lladdr) {
1545 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen))
1546 llchange = 1;
1547 else
1548 llchange = 0;
1549 } else
1550 llchange = 0;
1551
1552 /*
1553 * newentry olladdr lladdr llchange (*=record)
1554 * 0 n n -- (1)
1555 * 0 y n -- (2)
1556 * 0 n y -- (3) * STALE
1557 * 0 y y n (4) *
1558 * 0 y y y (5) * STALE
1559 * 1 -- n -- (6) NOSTATE(= PASSIVE)
1560 * 1 -- y -- (7) * STALE
1561 */
1562
1563 if (lladdr) { /* (3-5) and (7) */
1564 /*
1565 * Record source link-layer address
1566 * XXX is it dependent to ifp->if_type?
1567 */
1568 sdl->sdl_alen = ifp->if_addrlen;
1569 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen);
1570 }
1571
1572 if (!is_newentry) {
1573 if ((!olladdr && lladdr) || /* (3) */
1574 (olladdr && lladdr && llchange)) { /* (5) */
1575 do_update = 1;
1576 newstate = ND6_LLINFO_STALE;
1577 } else /* (1-2,4) */
1578 do_update = 0;
1579 } else {
1580 do_update = 1;
1581 if (!lladdr) /* (6) */
1582 newstate = ND6_LLINFO_NOSTATE;
1583 else /* (7) */
1584 newstate = ND6_LLINFO_STALE;
1585 }
1586
1587 if (do_update) {
1588 /*
1589 * Update the state of the neighbor cache.
1590 */
1591 ln->ln_state = newstate;
1592
1593 if (ln->ln_state == ND6_LLINFO_STALE) {
1594 /*
1595 * XXX: since nd6_output() below will cause
1596 * state tansition to DELAY and reset the timer,
1597 * we must set the timer now, although it is actually
1598 * meaningless.
1599 */
1600 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
1601
1602 if (ln->ln_hold) {
1603 /*
1604 * we assume ifp is not a p2p here, so just
1605 * set the 2nd argument as the 1st one.
1606 */
1607 nd6_output(ifp, ifp, ln->ln_hold,
1608 (struct sockaddr_in6 *)rt_key(rt), rt);
1609 ln->ln_hold = NULL;
1610 }
1611 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
1612 /* probe right away */
1613 nd6_llinfo_settimer((void *)ln, 0);
1614 }
1615 }
1616
1617 /*
1618 * ICMP6 type dependent behavior.
1619 *
1620 * NS: clear IsRouter if new entry
1621 * RS: clear IsRouter
1622 * RA: set IsRouter if there's lladdr
1623 * redir: clear IsRouter if new entry
1624 *
1625 * RA case, (1):
1626 * The spec says that we must set IsRouter in the following cases:
1627 * - If lladdr exist, set IsRouter. This means (1-5).
1628 * - If it is old entry (!newentry), set IsRouter. This means (7).
1629 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter.
1630 * A quetion arises for (1) case. (1) case has no lladdr in the
1631 * neighbor cache, this is similar to (6).
1632 * This case is rare but we figured that we MUST NOT set IsRouter.
1633 *
1634 * newentry olladdr lladdr llchange NS RS RA redir
1635 * D R
1636 * 0 n n -- (1) c ? s
1637 * 0 y n -- (2) c s s
1638 * 0 n y -- (3) c s s
1639 * 0 y y n (4) c s s
1640 * 0 y y y (5) c s s
1641 * 1 -- n -- (6) c c c s
1642 * 1 -- y -- (7) c c s c s
1643 *
1644 * (c=clear s=set)
1645 */
1646 switch (type & 0xff) {
1647 case ND_NEIGHBOR_SOLICIT:
1648 /*
1649 * New entry must have is_router flag cleared.
1650 */
1651 if (is_newentry) /* (6-7) */
1652 ln->ln_router = 0;
1653 break;
1654 case ND_REDIRECT:
1655 /*
1656 * If the icmp is a redirect to a better router, always set the
1657 * is_router flag. Otherwise, if the entry is newly created,
1658 * clear the flag. [RFC 2461, sec 8.3]
1659 */
1660 if (code == ND_REDIRECT_ROUTER)
1661 ln->ln_router = 1;
1662 else if (is_newentry) /* (6-7) */
1663 ln->ln_router = 0;
1664 break;
1665 case ND_ROUTER_SOLICIT:
1666 /*
1667 * is_router flag must always be cleared.
1668 */
1669 ln->ln_router = 0;
1670 break;
1671 case ND_ROUTER_ADVERT:
1672 /*
1673 * Mark an entry with lladdr as a router.
1674 */
1675 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */
1676 (is_newentry && lladdr)) { /* (7) */
1677 ln->ln_router = 1;
1678 }
1679 break;
1680 }
1681
1682 /*
1683 * When the link-layer address of a router changes, select the
1684 * best router again. In particular, when the neighbor entry is newly
1685 * created, it might affect the selection policy.
1686 * Question: can we restrict the first condition to the "is_newentry"
1687 * case?
1688 * XXX: when we hear an RA from a new router with the link-layer
1689 * address option, defrouter_select() is called twice, since
1690 * defrtrlist_update called the function as well. However, I believe
1691 * we can compromise the overhead, since it only happens the first
1692 * time.
1693 * XXX: although defrouter_select() should not have a bad effect
1694 * for those are not autoconfigured hosts, we explicitly avoid such
1695 * cases for safety.
1696 */
1697 if (do_update && ln->ln_router && !ip6_forwarding && ip6_accept_rtadv)
1698 defrouter_select();
1699
1700 return rt;
1701 }
1702
1703 static void
1704 nd6_slowtimo(ignored_arg)
1705 void *ignored_arg;
1706 {
1707 int s = splsoftnet();
1708 struct nd_ifinfo *nd6if;
1709 struct ifnet *ifp;
1710
1711 callout_reset(&nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz,
1712 nd6_slowtimo, NULL);
1713 for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list))
1714 {
1715 nd6if = ND_IFINFO(ifp);
1716 if (nd6if->basereachable && /* already initialized */
1717 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) {
1718 /*
1719 * Since reachable time rarely changes by router
1720 * advertisements, we SHOULD insure that a new random
1721 * value gets recomputed at least once every few hours.
1722 * (RFC 2461, 6.3.4)
1723 */
1724 nd6if->recalctm = nd6_recalc_reachtm_interval;
1725 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable);
1726 }
1727 }
1728 splx(s);
1729 }
1730
1731 #define senderr(e) { error = (e); goto bad;}
1732 int
1733 nd6_output(ifp, origifp, m0, dst, rt0)
1734 struct ifnet *ifp;
1735 struct ifnet *origifp;
1736 struct mbuf *m0;
1737 struct sockaddr_in6 *dst;
1738 struct rtentry *rt0;
1739 {
1740 struct mbuf *m = m0;
1741 struct rtentry *rt = rt0;
1742 struct sockaddr_in6 *gw6 = NULL;
1743 struct llinfo_nd6 *ln = NULL;
1744 int error = 0;
1745
1746 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr))
1747 goto sendpkt;
1748
1749 if (nd6_need_cache(ifp) == 0)
1750 goto sendpkt;
1751
1752 /*
1753 * next hop determination. This routine is derived from ether_outpout.
1754 */
1755 if (rt) {
1756 if ((rt->rt_flags & RTF_UP) == 0) {
1757 if ((rt0 = rt = rtalloc1((struct sockaddr *)dst,
1758 1)) != NULL)
1759 {
1760 rt->rt_refcnt--;
1761 if (rt->rt_ifp != ifp)
1762 senderr(EHOSTUNREACH);
1763 } else
1764 senderr(EHOSTUNREACH);
1765 }
1766
1767 if (rt->rt_flags & RTF_GATEWAY) {
1768 gw6 = (struct sockaddr_in6 *)rt->rt_gateway;
1769
1770 /*
1771 * We skip link-layer address resolution and NUD
1772 * if the gateway is not a neighbor from ND point
1773 * of view, regardless of the value of nd_ifinfo.flags.
1774 * The second condition is a bit tricky; we skip
1775 * if the gateway is our own address, which is
1776 * sometimes used to install a route to a p2p link.
1777 */
1778 if (!nd6_is_addr_neighbor(gw6, ifp) ||
1779 in6ifa_ifpwithaddr(ifp, &gw6->sin6_addr)) {
1780 /*
1781 * We allow this kind of tricky route only
1782 * when the outgoing interface is p2p.
1783 * XXX: we may need a more generic rule here.
1784 */
1785 if ((ifp->if_flags & IFF_POINTOPOINT) == 0)
1786 senderr(EHOSTUNREACH);
1787
1788 goto sendpkt;
1789 }
1790
1791 if (rt->rt_gwroute == 0)
1792 goto lookup;
1793 if (((rt = rt->rt_gwroute)->rt_flags & RTF_UP) == 0) {
1794 rtfree(rt); rt = rt0;
1795 lookup:
1796 rt->rt_gwroute = rtalloc1(rt->rt_gateway, 1);
1797 if ((rt = rt->rt_gwroute) == 0)
1798 senderr(EHOSTUNREACH);
1799 /* the "G" test below also prevents rt == rt0 */
1800 if ((rt->rt_flags & RTF_GATEWAY) ||
1801 (rt->rt_ifp != ifp)) {
1802 rt->rt_refcnt--;
1803 rt0->rt_gwroute = 0;
1804 senderr(EHOSTUNREACH);
1805 }
1806 }
1807 }
1808 }
1809
1810 /*
1811 * Address resolution or Neighbor Unreachability Detection
1812 * for the next hop.
1813 * At this point, the destination of the packet must be a unicast
1814 * or an anycast address(i.e. not a multicast).
1815 */
1816
1817 /* Look up the neighbor cache for the nexthop */
1818 if (rt && (rt->rt_flags & RTF_LLINFO) != 0)
1819 ln = (struct llinfo_nd6 *)rt->rt_llinfo;
1820 else {
1821 /*
1822 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(),
1823 * the condition below is not very efficient. But we believe
1824 * it is tolerable, because this should be a rare case.
1825 */
1826 if (nd6_is_addr_neighbor(dst, ifp) &&
1827 (rt = nd6_lookup(&dst->sin6_addr, 1, ifp)) != NULL)
1828 ln = (struct llinfo_nd6 *)rt->rt_llinfo;
1829 }
1830 if (!ln || !rt) {
1831 if ((ifp->if_flags & IFF_POINTOPOINT) == 0 &&
1832 !(ND_IFINFO(ifp)->flags & ND6_IFF_PERFORMNUD)) {
1833 log(LOG_DEBUG,
1834 "nd6_output: can't allocate llinfo for %s "
1835 "(ln=%p, rt=%p)\n",
1836 ip6_sprintf(&dst->sin6_addr), ln, rt);
1837 senderr(EIO); /* XXX: good error? */
1838 }
1839
1840 goto sendpkt; /* send anyway */
1841 }
1842
1843 /* We don't have to do link-layer address resolution on a p2p link. */
1844 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 &&
1845 ln->ln_state < ND6_LLINFO_REACHABLE) {
1846 ln->ln_state = ND6_LLINFO_STALE;
1847 nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
1848 }
1849
1850 /*
1851 * The first time we send a packet to a neighbor whose entry is
1852 * STALE, we have to change the state to DELAY and a sets a timer to
1853 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do
1854 * neighbor unreachability detection on expiration.
1855 * (RFC 2461 7.3.3)
1856 */
1857 if (ln->ln_state == ND6_LLINFO_STALE) {
1858 ln->ln_asked = 0;
1859 ln->ln_state = ND6_LLINFO_DELAY;
1860 nd6_llinfo_settimer(ln, nd6_delay * hz);
1861 }
1862
1863 /*
1864 * If the neighbor cache entry has a state other than INCOMPLETE
1865 * (i.e. its link-layer address is already resolved), just
1866 * send the packet.
1867 */
1868 if (ln->ln_state > ND6_LLINFO_INCOMPLETE)
1869 goto sendpkt;
1870
1871 /*
1872 * There is a neighbor cache entry, but no ethernet address
1873 * response yet. Replace the held mbuf (if any) with this
1874 * latest one.
1875 */
1876 if (ln->ln_state == ND6_LLINFO_NOSTATE)
1877 ln->ln_state = ND6_LLINFO_INCOMPLETE;
1878 if (ln->ln_hold)
1879 m_freem(ln->ln_hold);
1880 ln->ln_hold = m;
1881 /*
1882 * If there has been no NS for the neighbor after entering the
1883 * INCOMPLETE state, send the first solicitation.
1884 */
1885 if (!ND6_LLINFO_PERMANENT(ln) && ln->ln_asked == 0) {
1886 ln->ln_asked++;
1887 nd6_llinfo_settimer(ln,
1888 (long)ND_IFINFO(ifp)->retrans * hz / 1000);
1889 nd6_ns_output(ifp, NULL, &dst->sin6_addr, ln, 0);
1890 }
1891 return (0);
1892
1893 sendpkt:
1894
1895 #ifdef IPSEC
1896 /* clean ipsec history once it goes out of the node */
1897 ipsec_delaux(m);
1898 #endif
1899 if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
1900 return ((*ifp->if_output)(origifp, m, (struct sockaddr *)dst,
1901 rt));
1902 }
1903 return ((*ifp->if_output)(ifp, m, (struct sockaddr *)dst, rt));
1904
1905 bad:
1906 if (m)
1907 m_freem(m);
1908 return (error);
1909 }
1910 #undef senderr
1911
1912 int
1913 nd6_need_cache(ifp)
1914 struct ifnet *ifp;
1915 {
1916 /*
1917 * XXX: we currently do not make neighbor cache on any interface
1918 * other than ARCnet, Ethernet, FDDI and GIF.
1919 *
1920 * RFC2893 says:
1921 * - unidirectional tunnels needs no ND
1922 */
1923 switch (ifp->if_type) {
1924 case IFT_ARCNET:
1925 case IFT_ETHER:
1926 case IFT_FDDI:
1927 case IFT_IEEE1394:
1928 case IFT_GIF: /* XXX need more cases? */
1929 return (1);
1930 default:
1931 return (0);
1932 }
1933 }
1934
1935 int
1936 nd6_storelladdr(ifp, rt, m, dst, desten)
1937 struct ifnet *ifp;
1938 struct rtentry *rt;
1939 struct mbuf *m;
1940 struct sockaddr *dst;
1941 u_char *desten;
1942 {
1943 struct sockaddr_dl *sdl;
1944
1945 if (m->m_flags & M_MCAST) {
1946 switch (ifp->if_type) {
1947 case IFT_ETHER:
1948 case IFT_FDDI:
1949 ETHER_MAP_IPV6_MULTICAST(&SIN6(dst)->sin6_addr,
1950 desten);
1951 return (1);
1952 case IFT_IEEE1394:
1953 bcopy(ifp->if_broadcastaddr, desten, ifp->if_addrlen);
1954 return (1);
1955 case IFT_ARCNET:
1956 *desten = 0;
1957 return (1);
1958 default:
1959 m_freem(m);
1960 return (0);
1961 }
1962 }
1963
1964 if (rt == NULL) {
1965 /* this could happen, if we could not allocate memory */
1966 m_freem(m);
1967 return (0);
1968 }
1969 if (rt->rt_gateway->sa_family != AF_LINK) {
1970 printf("nd6_storelladdr: something odd happens\n");
1971 m_freem(m);
1972 return (0);
1973 }
1974 sdl = SDL(rt->rt_gateway);
1975 if (sdl->sdl_alen == 0) {
1976 /* this should be impossible, but we bark here for debugging */
1977 printf("nd6_storelladdr: sdl_alen == 0, dst=%s, if=%s\n",
1978 ip6_sprintf(&SIN6(dst)->sin6_addr), if_name(ifp));
1979 m_freem(m);
1980 return (0);
1981 }
1982
1983 bcopy(LLADDR(sdl), desten, sdl->sdl_alen);
1984 return (1);
1985 }
1986
1987 int
1988 nd6_sysctl(name, oldp, oldlenp, newp, newlen)
1989 int name;
1990 void *oldp; /* syscall arg, need copyout */
1991 size_t *oldlenp;
1992 void *newp; /* syscall arg, need copyin */
1993 size_t newlen;
1994 {
1995 void *p;
1996 size_t ol;
1997 int error;
1998
1999 error = 0;
2000
2001 if (newp)
2002 return EPERM;
2003 if (oldp && !oldlenp)
2004 return EINVAL;
2005 ol = oldlenp ? *oldlenp : 0;
2006
2007 if (oldp) {
2008 p = malloc(*oldlenp, M_TEMP, M_WAITOK);
2009 if (!p)
2010 return ENOMEM;
2011 } else
2012 p = NULL;
2013 switch (name) {
2014 case ICMPV6CTL_ND6_DRLIST:
2015 error = fill_drlist(p, oldlenp, ol);
2016 if (!error && p && oldp)
2017 error = copyout(p, oldp, *oldlenp);
2018 break;
2019
2020 case ICMPV6CTL_ND6_PRLIST:
2021 error = fill_prlist(p, oldlenp, ol);
2022 if (!error && p && oldp)
2023 error = copyout(p, oldp, *oldlenp);
2024 break;
2025
2026 default:
2027 error = ENOPROTOOPT;
2028 break;
2029 }
2030 if (p)
2031 free(p, M_TEMP);
2032
2033 return (error);
2034 }
2035
2036 static int
2037 fill_drlist(oldp, oldlenp, ol)
2038 void *oldp;
2039 size_t *oldlenp, ol;
2040 {
2041 int error = 0, s;
2042 struct in6_defrouter *d = NULL, *de = NULL;
2043 struct nd_defrouter *dr;
2044 size_t l;
2045
2046 s = splsoftnet();
2047
2048 if (oldp) {
2049 d = (struct in6_defrouter *)oldp;
2050 de = (struct in6_defrouter *)((caddr_t)oldp + *oldlenp);
2051 }
2052 l = 0;
2053
2054 for (dr = TAILQ_FIRST(&nd_defrouter); dr;
2055 dr = TAILQ_NEXT(dr, dr_entry)) {
2056
2057 if (oldp && d + 1 <= de) {
2058 bzero(d, sizeof(*d));
2059 d->rtaddr.sin6_family = AF_INET6;
2060 d->rtaddr.sin6_len = sizeof(struct sockaddr_in6);
2061 d->rtaddr.sin6_addr = dr->rtaddr;
2062 in6_recoverscope(&d->rtaddr, &d->rtaddr.sin6_addr,
2063 dr->ifp);
2064 d->flags = dr->flags;
2065 d->rtlifetime = dr->rtlifetime;
2066 d->expire = dr->expire;
2067 d->if_index = dr->ifp->if_index;
2068 }
2069
2070 l += sizeof(*d);
2071 if (d)
2072 d++;
2073 }
2074
2075 if (oldp) {
2076 *oldlenp = l; /* (caddr_t)d - (caddr_t)oldp */
2077 if (l > ol)
2078 error = ENOMEM;
2079 } else
2080 *oldlenp = l;
2081
2082 splx(s);
2083
2084 return (error);
2085 }
2086
2087 static int
2088 fill_prlist(oldp, oldlenp, ol)
2089 void *oldp;
2090 size_t *oldlenp, ol;
2091 {
2092 int error = 0, s;
2093 struct nd_prefix *pr;
2094 struct in6_prefix *p = NULL;
2095 struct in6_prefix *pe = NULL;
2096 size_t l;
2097
2098 s = splsoftnet();
2099
2100 if (oldp) {
2101 p = (struct in6_prefix *)oldp;
2102 pe = (struct in6_prefix *)((caddr_t)oldp + *oldlenp);
2103 }
2104 l = 0;
2105
2106 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) {
2107 u_short advrtrs;
2108 size_t advance;
2109 struct sockaddr_in6 *sin6;
2110 struct sockaddr_in6 *s6;
2111 struct nd_pfxrouter *pfr;
2112
2113 if (oldp && p + 1 <= pe)
2114 {
2115 bzero(p, sizeof(*p));
2116 sin6 = (struct sockaddr_in6 *)(p + 1);
2117
2118 p->prefix = pr->ndpr_prefix;
2119 if (in6_recoverscope(&p->prefix,
2120 &p->prefix.sin6_addr, pr->ndpr_ifp) != 0)
2121 log(LOG_ERR,
2122 "scope error in prefix list (%s)\n",
2123 ip6_sprintf(&p->prefix.sin6_addr));
2124 p->raflags = pr->ndpr_raf;
2125 p->prefixlen = pr->ndpr_plen;
2126 p->vltime = pr->ndpr_vltime;
2127 p->pltime = pr->ndpr_pltime;
2128 p->if_index = pr->ndpr_ifp->if_index;
2129 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME)
2130 p->expire = 0;
2131 else {
2132 time_t maxexpire;
2133
2134 /* XXX: we assume time_t is signed. */
2135 maxexpire = (-1) &
2136 ~(1 << ((sizeof(maxexpire) * 8) - 1));
2137 if (pr->ndpr_vltime <
2138 maxexpire - pr->ndpr_lastupdate) {
2139 p->expire = pr->ndpr_lastupdate +
2140 pr->ndpr_vltime;
2141 } else
2142 p->expire = maxexpire;
2143 }
2144 p->refcnt = pr->ndpr_refcnt;
2145 p->flags = pr->ndpr_stateflags;
2146 p->origin = PR_ORIG_RA;
2147 advrtrs = 0;
2148 for (pfr = pr->ndpr_advrtrs.lh_first; pfr;
2149 pfr = pfr->pfr_next) {
2150 if ((void *)&sin6[advrtrs + 1] > (void *)pe) {
2151 advrtrs++;
2152 continue;
2153 }
2154 s6 = &sin6[advrtrs];
2155 s6->sin6_family = AF_INET6;
2156 s6->sin6_len = sizeof(struct sockaddr_in6);
2157 s6->sin6_addr = pfr->router->rtaddr;
2158 in6_recoverscope(s6, &s6->sin6_addr,
2159 pfr->router->ifp);
2160 advrtrs++;
2161 }
2162 p->advrtrs = advrtrs;
2163 }
2164 else {
2165 advrtrs = 0;
2166 for (pfr = pr->ndpr_advrtrs.lh_first; pfr;
2167 pfr = pfr->pfr_next)
2168 advrtrs++;
2169 }
2170
2171 advance = sizeof(*p) + sizeof(*sin6) * advrtrs;
2172 l += advance;
2173 if (p)
2174 p = (struct in6_prefix *)((caddr_t)p + advance);
2175 }
2176
2177 if (oldp) {
2178 *oldlenp = l; /* (caddr_t)d - (caddr_t)oldp */
2179 if (l > ol)
2180 error = ENOMEM;
2181 } else
2182 *oldlenp = l;
2183
2184 splx(s);
2185
2186 return (error);
2187 }
Cache object: 5bcb953354328902adf1da8b3b4f20b4
|