1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * $KAME: nd6_rtr.c,v 1.111 2001/04/27 01:37:15 jinmei Exp $
32 */
33
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
36
37 #include "opt_inet.h"
38 #include "opt_inet6.h"
39
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/malloc.h>
43 #include <sys/mbuf.h>
44 #include <sys/refcount.h>
45 #include <sys/socket.h>
46 #include <sys/sockio.h>
47 #include <sys/time.h>
48 #include <sys/kernel.h>
49 #include <sys/lock.h>
50 #include <sys/errno.h>
51 #include <sys/rmlock.h>
52 #include <sys/rwlock.h>
53 #include <sys/sysctl.h>
54 #include <sys/syslog.h>
55 #include <sys/queue.h>
56
57 #include <net/if.h>
58 #include <net/if_var.h>
59 #include <net/if_types.h>
60 #include <net/if_dl.h>
61 #include <net/route.h>
62 #include <net/route/nhop.h>
63 #include <net/route/route_ctl.h>
64 #include <net/radix.h>
65 #include <net/vnet.h>
66
67 #include <netinet/in.h>
68 #include <net/if_llatbl.h>
69 #include <netinet6/in6_var.h>
70 #include <netinet6/in6_ifattach.h>
71 #include <netinet/ip6.h>
72 #include <netinet6/ip6_var.h>
73 #include <netinet6/nd6.h>
74 #include <netinet/icmp6.h>
75 #include <netinet6/scope6_var.h>
76
77 static struct nd_defrouter *defrtrlist_update(struct nd_defrouter *);
78 static int prelist_update(struct nd_prefixctl *, struct nd_defrouter *,
79 struct mbuf *, int);
80 static int nd6_prefix_onlink(struct nd_prefix *);
81
82 TAILQ_HEAD(nd6_drhead, nd_defrouter);
83 VNET_DEFINE_STATIC(struct nd6_drhead, nd6_defrouter);
84 #define V_nd6_defrouter VNET(nd6_defrouter)
85
86 VNET_DECLARE(int, nd6_recalc_reachtm_interval);
87 #define V_nd6_recalc_reachtm_interval VNET(nd6_recalc_reachtm_interval)
88
89 VNET_DEFINE_STATIC(struct ifnet *, nd6_defifp);
90 VNET_DEFINE(int, nd6_defifindex);
91 #define V_nd6_defifp VNET(nd6_defifp)
92
93 VNET_DEFINE(int, ip6_use_tempaddr) = 0;
94
95 VNET_DEFINE(int, ip6_desync_factor);
96 VNET_DEFINE(u_int32_t, ip6_temp_preferred_lifetime) = DEF_TEMP_PREFERRED_LIFETIME;
97 VNET_DEFINE(u_int32_t, ip6_temp_valid_lifetime) = DEF_TEMP_VALID_LIFETIME;
98
99 VNET_DEFINE(int, ip6_temp_regen_advance) = TEMPADDR_REGEN_ADVANCE;
100
101 #ifdef EXPERIMENTAL
102 VNET_DEFINE(int, nd6_ignore_ipv6_only_ra) = 1;
103 #endif
104
105 SYSCTL_DECL(_net_inet6_icmp6);
106
107 /* RTPREF_MEDIUM has to be 0! */
108 #define RTPREF_HIGH 1
109 #define RTPREF_MEDIUM 0
110 #define RTPREF_LOW (-1)
111 #define RTPREF_RESERVED (-2)
112 #define RTPREF_INVALID (-3) /* internal */
113
114 static void
115 defrouter_ref(struct nd_defrouter *dr)
116 {
117
118 refcount_acquire(&dr->refcnt);
119 }
120
121 void
122 defrouter_rele(struct nd_defrouter *dr)
123 {
124
125 if (refcount_release(&dr->refcnt))
126 free(dr, M_IP6NDP);
127 }
128
129 /*
130 * Remove a router from the global list and optionally stash it in a
131 * caller-supplied queue.
132 */
133 static void
134 defrouter_unlink(struct nd_defrouter *dr, struct nd6_drhead *drq)
135 {
136
137 ND6_WLOCK_ASSERT();
138
139 TAILQ_REMOVE(&V_nd6_defrouter, dr, dr_entry);
140 V_nd6_list_genid++;
141 if (drq != NULL)
142 TAILQ_INSERT_TAIL(drq, dr, dr_entry);
143 }
144
145 /*
146 * Receive Router Solicitation Message - just for routers.
147 * Router solicitation/advertisement is mostly managed by userland program
148 * (rtadvd) so here we have no function like nd6_ra_output().
149 *
150 * Based on RFC 2461
151 */
152 void
153 nd6_rs_input(struct mbuf *m, int off, int icmp6len)
154 {
155 struct ifnet *ifp;
156 struct ip6_hdr *ip6;
157 struct nd_router_solicit *nd_rs;
158 struct in6_addr saddr6;
159 union nd_opts ndopts;
160 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
161 char *lladdr;
162 int lladdrlen;
163
164 ifp = m->m_pkthdr.rcvif;
165
166 /*
167 * Accept RS only when V_ip6_forwarding=1 and the interface has
168 * no ND6_IFF_ACCEPT_RTADV.
169 */
170 if (!V_ip6_forwarding || ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV)
171 goto freeit;
172
173 /* RFC 6980: Nodes MUST silently ignore fragments */
174 if(m->m_flags & M_FRAGMENTED)
175 goto freeit;
176
177 /* Sanity checks */
178 ip6 = mtod(m, struct ip6_hdr *);
179 if (__predict_false(ip6->ip6_hlim != 255)) {
180 ICMP6STAT_INC(icp6s_invlhlim);
181 nd6log((LOG_ERR,
182 "%s: invalid hlim (%d) from %s to %s on %s\n", __func__,
183 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
184 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
185 goto bad;
186 }
187
188 /*
189 * Don't update the neighbor cache, if src = ::.
190 * This indicates that the src has no IP address assigned yet.
191 */
192 saddr6 = ip6->ip6_src;
193 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6))
194 goto freeit;
195
196 if (m->m_len < off + icmp6len) {
197 m = m_pullup(m, off + icmp6len);
198 if (m == NULL) {
199 IP6STAT_INC(ip6s_exthdrtoolong);
200 return;
201 }
202 }
203 ip6 = mtod(m, struct ip6_hdr *);
204 nd_rs = (struct nd_router_solicit *)((caddr_t)ip6 + off);
205
206 icmp6len -= sizeof(*nd_rs);
207 nd6_option_init(nd_rs + 1, icmp6len, &ndopts);
208 if (nd6_options(&ndopts) < 0) {
209 nd6log((LOG_INFO,
210 "%s: invalid ND option, ignored\n", __func__));
211 /* nd6_options have incremented stats */
212 goto freeit;
213 }
214
215 lladdr = NULL;
216 lladdrlen = 0;
217 if (ndopts.nd_opts_src_lladdr) {
218 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
219 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
220 }
221
222 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
223 nd6log((LOG_INFO,
224 "%s: lladdrlen mismatch for %s (if %d, RS packet %d)\n",
225 __func__, ip6_sprintf(ip6bufs, &saddr6),
226 ifp->if_addrlen, lladdrlen - 2));
227 goto bad;
228 }
229
230 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_ROUTER_SOLICIT, 0);
231
232 freeit:
233 m_freem(m);
234 return;
235
236 bad:
237 ICMP6STAT_INC(icp6s_badrs);
238 m_freem(m);
239 }
240
241 #ifdef EXPERIMENTAL
242 /*
243 * An initial update routine for draft-ietf-6man-ipv6only-flag.
244 * We need to iterate over all default routers for the given
245 * interface to see whether they are all advertising the "S"
246 * (IPv6-Only) flag. If they do set, otherwise unset, the
247 * interface flag we later use to filter on.
248 */
249 static void
250 defrtr_ipv6_only_ifp(struct ifnet *ifp)
251 {
252 struct nd_defrouter *dr;
253 bool ipv6_only, ipv6_only_old;
254 #ifdef INET
255 struct epoch_tracker et;
256 struct ifaddr *ifa;
257 bool has_ipv4_addr;
258 #endif
259
260 if (V_nd6_ignore_ipv6_only_ra != 0)
261 return;
262
263 ipv6_only = true;
264 ND6_RLOCK();
265 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry)
266 if (dr->ifp == ifp &&
267 (dr->raflags & ND_RA_FLAG_IPV6_ONLY) == 0)
268 ipv6_only = false;
269 ND6_RUNLOCK();
270
271 IF_AFDATA_WLOCK(ifp);
272 ipv6_only_old = ND_IFINFO(ifp)->flags & ND6_IFF_IPV6_ONLY;
273 IF_AFDATA_WUNLOCK(ifp);
274
275 /* If nothing changed, we have an early exit. */
276 if (ipv6_only == ipv6_only_old)
277 return;
278
279 #ifdef INET
280 /*
281 * Should we want to set the IPV6-ONLY flag, check if the
282 * interface has a non-0/0 and non-link-local IPv4 address
283 * configured on it. If it has we will assume working
284 * IPv4 operations and will clear the interface flag.
285 */
286 has_ipv4_addr = false;
287 if (ipv6_only) {
288 NET_EPOCH_ENTER(et);
289 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
290 if (ifa->ifa_addr->sa_family != AF_INET)
291 continue;
292 if (in_canforward(
293 satosin(ifa->ifa_addr)->sin_addr)) {
294 has_ipv4_addr = true;
295 break;
296 }
297 }
298 NET_EPOCH_EXIT(et);
299 }
300 if (ipv6_only && has_ipv4_addr) {
301 log(LOG_NOTICE, "%s rcvd RA w/ IPv6-Only flag set but has IPv4 "
302 "configured, ignoring IPv6-Only flag.\n", ifp->if_xname);
303 ipv6_only = false;
304 }
305 #endif
306
307 IF_AFDATA_WLOCK(ifp);
308 if (ipv6_only)
309 ND_IFINFO(ifp)->flags |= ND6_IFF_IPV6_ONLY;
310 else
311 ND_IFINFO(ifp)->flags &= ~ND6_IFF_IPV6_ONLY;
312 IF_AFDATA_WUNLOCK(ifp);
313
314 #ifdef notyet
315 /* Send notification of flag change. */
316 #endif
317 }
318
319 static void
320 defrtr_ipv6_only_ipf_down(struct ifnet *ifp)
321 {
322
323 IF_AFDATA_WLOCK(ifp);
324 ND_IFINFO(ifp)->flags &= ~ND6_IFF_IPV6_ONLY;
325 IF_AFDATA_WUNLOCK(ifp);
326 }
327 #endif /* EXPERIMENTAL */
328
329 void
330 nd6_ifnet_link_event(void *arg __unused, struct ifnet *ifp, int linkstate)
331 {
332
333 /*
334 * XXX-BZ we might want to trigger re-evaluation of our default router
335 * availability. E.g., on link down the default router might be
336 * unreachable but a different interface might still have connectivity.
337 */
338
339 #ifdef EXPERIMENTAL
340 if (linkstate == LINK_STATE_DOWN)
341 defrtr_ipv6_only_ipf_down(ifp);
342 #endif
343 }
344
345 /*
346 * Receive Router Advertisement Message.
347 *
348 * Based on RFC 2461
349 * TODO: on-link bit on prefix information
350 * TODO: ND_RA_FLAG_{OTHER,MANAGED} processing
351 */
352 void
353 nd6_ra_input(struct mbuf *m, int off, int icmp6len)
354 {
355 struct ifnet *ifp;
356 struct nd_ifinfo *ndi;
357 struct ip6_hdr *ip6;
358 struct nd_router_advert *nd_ra;
359 struct in6_addr saddr6;
360 struct nd_defrouter *dr;
361 union nd_opts ndopts;
362 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
363 int mcast;
364
365 /*
366 * We only accept RAs only when the per-interface flag
367 * ND6_IFF_ACCEPT_RTADV is on the receiving interface.
368 */
369 ifp = m->m_pkthdr.rcvif;
370 ndi = ND_IFINFO(ifp);
371 if (!(ndi->flags & ND6_IFF_ACCEPT_RTADV))
372 goto freeit;
373
374 /* RFC 6980: Nodes MUST silently ignore fragments */
375 if(m->m_flags & M_FRAGMENTED)
376 goto freeit;
377
378 ip6 = mtod(m, struct ip6_hdr *);
379 if (__predict_false(ip6->ip6_hlim != 255)) {
380 ICMP6STAT_INC(icp6s_invlhlim);
381 nd6log((LOG_ERR,
382 "%s: invalid hlim (%d) from %s to %s on %s\n", __func__,
383 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
384 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
385 goto bad;
386 }
387
388 saddr6 = ip6->ip6_src;
389 if (!IN6_IS_ADDR_LINKLOCAL(&saddr6)) {
390 nd6log((LOG_ERR,
391 "%s: src %s is not link-local\n", __func__,
392 ip6_sprintf(ip6bufs, &saddr6)));
393 goto bad;
394 }
395
396 if (m->m_len < off + icmp6len) {
397 m = m_pullup(m, off + icmp6len);
398 if (m == NULL) {
399 IP6STAT_INC(ip6s_exthdrtoolong);
400 return;
401 }
402 }
403 ip6 = mtod(m, struct ip6_hdr *);
404 nd_ra = (struct nd_router_advert *)((caddr_t)ip6 + off);
405
406 icmp6len -= sizeof(*nd_ra);
407 nd6_option_init(nd_ra + 1, icmp6len, &ndopts);
408 if (nd6_options(&ndopts) < 0) {
409 nd6log((LOG_INFO,
410 "%s: invalid ND option, ignored\n", __func__));
411 /* nd6_options have incremented stats */
412 goto freeit;
413 }
414
415 mcast = 0;
416 dr = NULL;
417 {
418 struct nd_defrouter dr0;
419 u_int32_t advreachable = nd_ra->nd_ra_reachable;
420
421 /* remember if this is a multicasted advertisement */
422 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst))
423 mcast = 1;
424
425 bzero(&dr0, sizeof(dr0));
426 dr0.rtaddr = saddr6;
427 dr0.raflags = nd_ra->nd_ra_flags_reserved;
428 /*
429 * Effectively-disable routes from RA messages when
430 * ND6_IFF_NO_RADR enabled on the receiving interface or
431 * (ip6.forwarding == 1 && ip6.rfc6204w3 != 1).
432 */
433 if (ndi->flags & ND6_IFF_NO_RADR)
434 dr0.rtlifetime = 0;
435 else if (V_ip6_forwarding && !V_ip6_rfc6204w3)
436 dr0.rtlifetime = 0;
437 else
438 dr0.rtlifetime = ntohs(nd_ra->nd_ra_router_lifetime);
439 dr0.expire = time_uptime + dr0.rtlifetime;
440 dr0.ifp = ifp;
441 /* unspecified or not? (RFC 2461 6.3.4) */
442 if (advreachable) {
443 advreachable = ntohl(advreachable);
444 if (advreachable <= MAX_REACHABLE_TIME &&
445 ndi->basereachable != advreachable) {
446 ndi->basereachable = advreachable;
447 ndi->reachable = ND_COMPUTE_RTIME(ndi->basereachable);
448 ndi->recalctm = V_nd6_recalc_reachtm_interval; /* reset */
449 }
450 }
451 if (nd_ra->nd_ra_retransmit)
452 ndi->retrans = ntohl(nd_ra->nd_ra_retransmit);
453 if (nd_ra->nd_ra_curhoplimit) {
454 if (ndi->chlim < nd_ra->nd_ra_curhoplimit)
455 ndi->chlim = nd_ra->nd_ra_curhoplimit;
456 else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) {
457 log(LOG_ERR, "RA with a lower CurHopLimit sent from "
458 "%s on %s (current = %d, received = %d). "
459 "Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src),
460 if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit);
461 }
462 }
463 dr = defrtrlist_update(&dr0);
464 #ifdef EXPERIMENTAL
465 defrtr_ipv6_only_ifp(ifp);
466 #endif
467 }
468
469 /*
470 * prefix
471 */
472 if (ndopts.nd_opts_pi) {
473 struct nd_opt_hdr *pt;
474 struct nd_opt_prefix_info *pi = NULL;
475 struct nd_prefixctl pr;
476
477 for (pt = (struct nd_opt_hdr *)ndopts.nd_opts_pi;
478 pt <= (struct nd_opt_hdr *)ndopts.nd_opts_pi_end;
479 pt = (struct nd_opt_hdr *)((caddr_t)pt +
480 (pt->nd_opt_len << 3))) {
481 if (pt->nd_opt_type != ND_OPT_PREFIX_INFORMATION)
482 continue;
483 pi = (struct nd_opt_prefix_info *)pt;
484
485 if (pi->nd_opt_pi_len != 4) {
486 nd6log((LOG_INFO,
487 "%s: invalid option len %d for prefix "
488 "information option, ignored\n", __func__,
489 pi->nd_opt_pi_len));
490 continue;
491 }
492
493 if (128 < pi->nd_opt_pi_prefix_len) {
494 nd6log((LOG_INFO,
495 "%s: invalid prefix len %d for prefix "
496 "information option, ignored\n", __func__,
497 pi->nd_opt_pi_prefix_len));
498 continue;
499 }
500
501 if (IN6_IS_ADDR_MULTICAST(&pi->nd_opt_pi_prefix)
502 || IN6_IS_ADDR_LINKLOCAL(&pi->nd_opt_pi_prefix)) {
503 nd6log((LOG_INFO,
504 "%s: invalid prefix %s, ignored\n",
505 __func__, ip6_sprintf(ip6bufs,
506 &pi->nd_opt_pi_prefix)));
507 continue;
508 }
509
510 bzero(&pr, sizeof(pr));
511 pr.ndpr_prefix.sin6_family = AF_INET6;
512 pr.ndpr_prefix.sin6_len = sizeof(pr.ndpr_prefix);
513 pr.ndpr_prefix.sin6_addr = pi->nd_opt_pi_prefix;
514 pr.ndpr_ifp = (struct ifnet *)m->m_pkthdr.rcvif;
515
516 pr.ndpr_raf_onlink = (pi->nd_opt_pi_flags_reserved &
517 ND_OPT_PI_FLAG_ONLINK) ? 1 : 0;
518 pr.ndpr_raf_auto = (pi->nd_opt_pi_flags_reserved &
519 ND_OPT_PI_FLAG_AUTO) ? 1 : 0;
520 pr.ndpr_raf_ra_derived = 1;
521 pr.ndpr_plen = pi->nd_opt_pi_prefix_len;
522 pr.ndpr_vltime = ntohl(pi->nd_opt_pi_valid_time);
523 pr.ndpr_pltime = ntohl(pi->nd_opt_pi_preferred_time);
524 (void)prelist_update(&pr, dr, m, mcast);
525 }
526 }
527 if (dr != NULL) {
528 defrouter_rele(dr);
529 dr = NULL;
530 }
531
532 /*
533 * MTU
534 */
535 if (ndopts.nd_opts_mtu && ndopts.nd_opts_mtu->nd_opt_mtu_len == 1) {
536 u_long mtu;
537 u_long maxmtu;
538
539 mtu = (u_long)ntohl(ndopts.nd_opts_mtu->nd_opt_mtu_mtu);
540
541 /* lower bound */
542 if (mtu < IPV6_MMTU) {
543 nd6log((LOG_INFO, "%s: bogus mtu option mtu=%lu sent "
544 "from %s, ignoring\n", __func__,
545 mtu, ip6_sprintf(ip6bufs, &ip6->ip6_src)));
546 goto skip;
547 }
548
549 /* upper bound */
550 maxmtu = (ndi->maxmtu && ndi->maxmtu < ifp->if_mtu)
551 ? ndi->maxmtu : ifp->if_mtu;
552 if (mtu <= maxmtu) {
553 int change = (ndi->linkmtu != mtu);
554
555 ndi->linkmtu = mtu;
556 if (change) {
557 /* in6_maxmtu may change */
558 in6_setmaxmtu();
559 rt_updatemtu(ifp);
560 }
561 } else {
562 nd6log((LOG_INFO, "%s: bogus mtu=%lu sent from %s; "
563 "exceeds maxmtu %lu, ignoring\n", __func__,
564 mtu, ip6_sprintf(ip6bufs, &ip6->ip6_src), maxmtu));
565 }
566 }
567
568 skip:
569
570 /*
571 * Source link layer address
572 */
573 {
574 char *lladdr = NULL;
575 int lladdrlen = 0;
576
577 if (ndopts.nd_opts_src_lladdr) {
578 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
579 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
580 }
581
582 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
583 nd6log((LOG_INFO,
584 "%s: lladdrlen mismatch for %s (if %d, RA packet %d)\n",
585 __func__, ip6_sprintf(ip6bufs, &saddr6),
586 ifp->if_addrlen, lladdrlen - 2));
587 goto bad;
588 }
589
590 nd6_cache_lladdr(ifp, &saddr6, lladdr,
591 lladdrlen, ND_ROUTER_ADVERT, 0);
592
593 /*
594 * Installing a link-layer address might change the state of the
595 * router's neighbor cache, which might also affect our on-link
596 * detection of adveritsed prefixes.
597 */
598 pfxlist_onlink_check();
599 }
600
601 freeit:
602 m_freem(m);
603 return;
604
605 bad:
606 ICMP6STAT_INC(icp6s_badra);
607 m_freem(m);
608 }
609
610 /* PFXRTR */
611 static struct nd_pfxrouter *
612 pfxrtr_lookup(struct nd_prefix *pr, struct nd_defrouter *dr)
613 {
614 struct nd_pfxrouter *search;
615
616 ND6_LOCK_ASSERT();
617
618 LIST_FOREACH(search, &pr->ndpr_advrtrs, pfr_entry) {
619 if (search->router == dr)
620 break;
621 }
622 return (search);
623 }
624
625 static void
626 pfxrtr_add(struct nd_prefix *pr, struct nd_defrouter *dr)
627 {
628 struct nd_pfxrouter *new;
629 bool update;
630
631 ND6_UNLOCK_ASSERT();
632
633 ND6_RLOCK();
634 if (pfxrtr_lookup(pr, dr) != NULL) {
635 ND6_RUNLOCK();
636 return;
637 }
638 ND6_RUNLOCK();
639
640 new = malloc(sizeof(*new), M_IP6NDP, M_NOWAIT | M_ZERO);
641 if (new == NULL)
642 return;
643 defrouter_ref(dr);
644 new->router = dr;
645
646 ND6_WLOCK();
647 if (pfxrtr_lookup(pr, dr) == NULL) {
648 LIST_INSERT_HEAD(&pr->ndpr_advrtrs, new, pfr_entry);
649 update = true;
650 } else {
651 /* We lost a race to add the reference. */
652 defrouter_rele(dr);
653 free(new, M_IP6NDP);
654 update = false;
655 }
656 ND6_WUNLOCK();
657
658 if (update)
659 pfxlist_onlink_check();
660 }
661
662 static void
663 pfxrtr_del(struct nd_pfxrouter *pfr)
664 {
665
666 ND6_WLOCK_ASSERT();
667
668 LIST_REMOVE(pfr, pfr_entry);
669 defrouter_rele(pfr->router);
670 free(pfr, M_IP6NDP);
671 }
672
673 /* Default router list processing sub routines. */
674 static void
675 defrouter_addreq(struct nd_defrouter *new)
676 {
677 uint32_t fibnum = new->ifp->if_fib;
678 struct rib_cmd_info rc = {};
679 int error = 0;
680
681 NET_EPOCH_ASSERT();
682
683 struct sockaddr_in6 gw = {
684 .sin6_family = AF_INET6,
685 .sin6_len = sizeof(struct sockaddr_in6),
686 .sin6_addr = new->rtaddr,
687 };
688
689 error = rib_add_default_route(fibnum, AF_INET6, new->ifp,
690 (struct sockaddr *)&gw, &rc);
691
692 if (error == 0) {
693 struct nhop_object *nh = nhop_select_func(rc.rc_nh_new, 0);
694 rt_routemsg(RTM_ADD, rc.rc_rt, nh, fibnum);
695 new->installed = 1;
696 }
697 }
698
699 /*
700 * Remove the default route for a given router.
701 * This is just a subroutine function for defrouter_select_fib(), and
702 * should not be called from anywhere else.
703 */
704 static void
705 defrouter_delreq(struct nd_defrouter *dr)
706 {
707 uint32_t fibnum = dr->ifp->if_fib;
708 struct epoch_tracker et;
709 struct rib_cmd_info rc;
710 int error;
711
712 struct sockaddr_in6 dst = {
713 .sin6_family = AF_INET6,
714 .sin6_len = sizeof(struct sockaddr_in6),
715 };
716
717 struct sockaddr_in6 gw = {
718 .sin6_family = AF_INET6,
719 .sin6_len = sizeof(struct sockaddr_in6),
720 .sin6_addr = dr->rtaddr,
721 };
722
723 NET_EPOCH_ENTER(et);
724 error = rib_del_route_px(fibnum, (struct sockaddr *)&dst, 0,
725 rib_match_gw, (struct sockaddr *)&gw, 0, &rc);
726 if (error == 0) {
727 struct nhop_object *nh = nhop_select_func(rc.rc_nh_old, 0);
728 rt_routemsg(RTM_DELETE, rc.rc_rt, nh, fibnum);
729 }
730 NET_EPOCH_EXIT(et);
731
732 dr->installed = 0;
733 }
734
735 static void
736 defrouter_del(struct nd_defrouter *dr)
737 {
738 struct nd_defrouter *deldr = NULL;
739 struct nd_prefix *pr;
740 struct nd_pfxrouter *pfxrtr;
741
742 ND6_UNLOCK_ASSERT();
743
744 /*
745 * Flush all the routing table entries that use the router
746 * as a next hop.
747 */
748 if (ND_IFINFO(dr->ifp)->flags & ND6_IFF_ACCEPT_RTADV)
749 rt6_flush(&dr->rtaddr, dr->ifp);
750
751 #ifdef EXPERIMENTAL
752 defrtr_ipv6_only_ifp(dr->ifp);
753 #endif
754
755 if (dr->installed) {
756 deldr = dr;
757 defrouter_delreq(dr);
758 }
759
760 /*
761 * Also delete all the pointers to the router in each prefix lists.
762 */
763 ND6_WLOCK();
764 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
765 if ((pfxrtr = pfxrtr_lookup(pr, dr)) != NULL)
766 pfxrtr_del(pfxrtr);
767 }
768 ND6_WUNLOCK();
769
770 pfxlist_onlink_check();
771
772 /*
773 * If the router is the primary one, choose a new one.
774 * Note that defrouter_select_fib() will remove the current
775 * gateway from the routing table.
776 */
777 if (deldr)
778 defrouter_select_fib(deldr->ifp->if_fib);
779
780 /*
781 * Release the list reference.
782 */
783 defrouter_rele(dr);
784 }
785
786 struct nd_defrouter *
787 defrouter_lookup_locked(const struct in6_addr *addr, struct ifnet *ifp)
788 {
789 struct nd_defrouter *dr;
790
791 ND6_LOCK_ASSERT();
792 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry)
793 if (dr->ifp == ifp && IN6_ARE_ADDR_EQUAL(addr, &dr->rtaddr)) {
794 defrouter_ref(dr);
795 return (dr);
796 }
797 return (NULL);
798 }
799
800 struct nd_defrouter *
801 defrouter_lookup(const struct in6_addr *addr, struct ifnet *ifp)
802 {
803 struct nd_defrouter *dr;
804
805 ND6_RLOCK();
806 dr = defrouter_lookup_locked(addr, ifp);
807 ND6_RUNLOCK();
808 return (dr);
809 }
810
811 /*
812 * Remove all default routes from default router list.
813 */
814 void
815 defrouter_reset(void)
816 {
817 struct nd_defrouter *dr, **dra;
818 int count, i;
819
820 count = i = 0;
821
822 /*
823 * We can't delete routes with the ND lock held, so make a copy of the
824 * current default router list and use that when deleting routes.
825 */
826 ND6_RLOCK();
827 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry)
828 count++;
829 ND6_RUNLOCK();
830
831 dra = malloc(count * sizeof(*dra), M_TEMP, M_WAITOK | M_ZERO);
832
833 ND6_RLOCK();
834 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry) {
835 if (i == count)
836 break;
837 defrouter_ref(dr);
838 dra[i++] = dr;
839 }
840 ND6_RUNLOCK();
841
842 for (i = 0; i < count && dra[i] != NULL; i++) {
843 defrouter_delreq(dra[i]);
844 defrouter_rele(dra[i]);
845 }
846 free(dra, M_TEMP);
847
848 /*
849 * XXX should we also nuke any default routers in the kernel, by
850 * going through them by rtalloc1()?
851 */
852 }
853
854 /*
855 * Look up a matching default router list entry and remove it. Returns true if a
856 * matching entry was found, false otherwise.
857 */
858 bool
859 defrouter_remove(struct in6_addr *addr, struct ifnet *ifp)
860 {
861 struct nd_defrouter *dr;
862
863 ND6_WLOCK();
864 dr = defrouter_lookup_locked(addr, ifp);
865 if (dr == NULL) {
866 ND6_WUNLOCK();
867 return (false);
868 }
869
870 defrouter_unlink(dr, NULL);
871 ND6_WUNLOCK();
872 defrouter_del(dr);
873 defrouter_rele(dr);
874 return (true);
875 }
876
877 /*
878 * for default router selection
879 * regards router-preference field as a 2-bit signed integer
880 */
881 static int
882 rtpref(struct nd_defrouter *dr)
883 {
884 switch (dr->raflags & ND_RA_FLAG_RTPREF_MASK) {
885 case ND_RA_FLAG_RTPREF_HIGH:
886 return (RTPREF_HIGH);
887 case ND_RA_FLAG_RTPREF_MEDIUM:
888 case ND_RA_FLAG_RTPREF_RSV:
889 return (RTPREF_MEDIUM);
890 case ND_RA_FLAG_RTPREF_LOW:
891 return (RTPREF_LOW);
892 default:
893 /*
894 * This case should never happen. If it did, it would mean a
895 * serious bug of kernel internal. We thus always bark here.
896 * Or, can we even panic?
897 */
898 log(LOG_ERR, "rtpref: impossible RA flag %x\n", dr->raflags);
899 return (RTPREF_INVALID);
900 }
901 /* NOTREACHED */
902 }
903
904 static bool
905 is_dr_reachable(const struct nd_defrouter *dr) {
906 struct llentry *ln = NULL;
907
908 ln = nd6_lookup(&dr->rtaddr, LLE_SF(AF_INET6, 0), dr->ifp);
909 if (ln == NULL)
910 return (false);
911 bool reachable = ND6_IS_LLINFO_PROBREACH(ln);
912 LLE_RUNLOCK(ln);
913 return reachable;
914 }
915
916 /*
917 * Default Router Selection according to Section 6.3.6 of RFC 2461 and
918 * draft-ietf-ipngwg-router-selection:
919 * 1) Routers that are reachable or probably reachable should be preferred.
920 * If we have more than one (probably) reachable router, prefer ones
921 * with the highest router preference.
922 * 2) When no routers on the list are known to be reachable or
923 * probably reachable, routers SHOULD be selected in a round-robin
924 * fashion, regardless of router preference values.
925 * 3) If the Default Router List is empty, assume that all
926 * destinations are on-link.
927 *
928 * We assume nd_defrouter is sorted by router preference value.
929 * Since the code below covers both with and without router preference cases,
930 * we do not need to classify the cases by ifdef.
931 *
932 * At this moment, we do not try to install more than one default router,
933 * even when the multipath routing is available, because we're not sure about
934 * the benefits for stub hosts comparing to the risk of making the code
935 * complicated and the possibility of introducing bugs.
936 *
937 * We maintain a single list of routers for multiple FIBs, only considering one
938 * at a time based on the receiving interface's FIB. If @fibnum is RT_ALL_FIBS,
939 * we do the whole thing multiple times.
940 */
941 void
942 defrouter_select_fib(int fibnum)
943 {
944 struct epoch_tracker et;
945 struct nd_defrouter *dr, *selected_dr, *installed_dr;
946
947 if (fibnum == RT_ALL_FIBS) {
948 for (fibnum = 0; fibnum < rt_numfibs; fibnum++) {
949 defrouter_select_fib(fibnum);
950 }
951 return;
952 }
953
954 ND6_RLOCK();
955 /*
956 * Let's handle easy case (3) first:
957 * If default router list is empty, there's nothing to be done.
958 */
959 if (TAILQ_EMPTY(&V_nd6_defrouter)) {
960 ND6_RUNLOCK();
961 return;
962 }
963
964 /*
965 * Search for a (probably) reachable router from the list.
966 * We just pick up the first reachable one (if any), assuming that
967 * the ordering rule of the list described in defrtrlist_update().
968 */
969 selected_dr = installed_dr = NULL;
970 NET_EPOCH_ENTER(et);
971 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry) {
972 if (dr->ifp->if_fib != fibnum)
973 continue;
974
975 if (selected_dr == NULL && is_dr_reachable(dr)) {
976 selected_dr = dr;
977 defrouter_ref(selected_dr);
978 }
979
980 if (dr->installed) {
981 if (installed_dr == NULL) {
982 installed_dr = dr;
983 defrouter_ref(installed_dr);
984 } else {
985 /*
986 * this should not happen.
987 * warn for diagnosis.
988 */
989 log(LOG_ERR, "defrouter_select_fib: more than "
990 "one router is installed\n");
991 }
992 }
993 }
994
995 /*
996 * If none of the default routers was found to be reachable,
997 * round-robin the list regardless of preference.
998 * Otherwise, if we have an installed router, check if the selected
999 * (reachable) router should really be preferred to the installed one.
1000 * We only prefer the new router when the old one is not reachable
1001 * or when the new one has a really higher preference value.
1002 */
1003 if (selected_dr == NULL) {
1004 if (installed_dr == NULL ||
1005 TAILQ_NEXT(installed_dr, dr_entry) == NULL)
1006 dr = TAILQ_FIRST(&V_nd6_defrouter);
1007 else
1008 dr = TAILQ_NEXT(installed_dr, dr_entry);
1009
1010 /* Ensure we select a router for this FIB. */
1011 TAILQ_FOREACH_FROM(dr, &V_nd6_defrouter, dr_entry) {
1012 if (dr->ifp->if_fib == fibnum) {
1013 selected_dr = dr;
1014 defrouter_ref(selected_dr);
1015 break;
1016 }
1017 }
1018 } else if (installed_dr != NULL) {
1019 if (is_dr_reachable(installed_dr) &&
1020 rtpref(selected_dr) <= rtpref(installed_dr)) {
1021 defrouter_rele(selected_dr);
1022 selected_dr = installed_dr;
1023 }
1024 }
1025 ND6_RUNLOCK();
1026
1027 /*
1028 * If we selected a router for this FIB and it's different
1029 * than the installed one, remove the installed router and
1030 * install the selected one in its place.
1031 */
1032 if (installed_dr != selected_dr) {
1033 if (installed_dr != NULL) {
1034 defrouter_delreq(installed_dr);
1035 defrouter_rele(installed_dr);
1036 }
1037 if (selected_dr != NULL)
1038 defrouter_addreq(selected_dr);
1039 }
1040 if (selected_dr != NULL)
1041 defrouter_rele(selected_dr);
1042 NET_EPOCH_EXIT(et);
1043 }
1044
1045 static struct nd_defrouter *
1046 defrtrlist_update(struct nd_defrouter *new)
1047 {
1048 struct nd_defrouter *dr, *n;
1049 uint64_t genid;
1050 int oldpref;
1051 bool writelocked;
1052
1053 if (new->rtlifetime == 0) {
1054 defrouter_remove(&new->rtaddr, new->ifp);
1055 return (NULL);
1056 }
1057
1058 ND6_RLOCK();
1059 writelocked = false;
1060 restart:
1061 dr = defrouter_lookup_locked(&new->rtaddr, new->ifp);
1062 if (dr != NULL) {
1063 oldpref = rtpref(dr);
1064
1065 /* override */
1066 dr->raflags = new->raflags; /* XXX flag check */
1067 dr->rtlifetime = new->rtlifetime;
1068 dr->expire = new->expire;
1069
1070 /*
1071 * If the preference does not change, there's no need
1072 * to sort the entries. Also make sure the selected
1073 * router is still installed in the kernel.
1074 */
1075 if (dr->installed && rtpref(new) == oldpref) {
1076 if (writelocked)
1077 ND6_WUNLOCK();
1078 else
1079 ND6_RUNLOCK();
1080 return (dr);
1081 }
1082 }
1083
1084 /*
1085 * The router needs to be reinserted into the default router
1086 * list, so upgrade to a write lock. If that fails and the list
1087 * has potentially changed while the lock was dropped, we'll
1088 * redo the lookup with the write lock held.
1089 */
1090 if (!writelocked) {
1091 writelocked = true;
1092 if (!ND6_TRY_UPGRADE()) {
1093 genid = V_nd6_list_genid;
1094 ND6_RUNLOCK();
1095 ND6_WLOCK();
1096 if (genid != V_nd6_list_genid)
1097 goto restart;
1098 }
1099 }
1100
1101 if (dr != NULL) {
1102 /*
1103 * The preferred router may have changed, so relocate this
1104 * router.
1105 */
1106 TAILQ_REMOVE(&V_nd6_defrouter, dr, dr_entry);
1107 n = dr;
1108 } else {
1109 n = malloc(sizeof(*n), M_IP6NDP, M_NOWAIT | M_ZERO);
1110 if (n == NULL) {
1111 ND6_WUNLOCK();
1112 return (NULL);
1113 }
1114 memcpy(n, new, sizeof(*n));
1115 /* Initialize with an extra reference for the caller. */
1116 refcount_init(&n->refcnt, 2);
1117 }
1118
1119 /*
1120 * Insert the new router in the Default Router List;
1121 * The Default Router List should be in the descending order
1122 * of router-preferece. Routers with the same preference are
1123 * sorted in the arriving time order.
1124 */
1125
1126 /* insert at the end of the group */
1127 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry) {
1128 if (rtpref(n) > rtpref(dr))
1129 break;
1130 }
1131 if (dr != NULL)
1132 TAILQ_INSERT_BEFORE(dr, n, dr_entry);
1133 else
1134 TAILQ_INSERT_TAIL(&V_nd6_defrouter, n, dr_entry);
1135 V_nd6_list_genid++;
1136 ND6_WUNLOCK();
1137
1138 defrouter_select_fib(new->ifp->if_fib);
1139
1140 return (n);
1141 }
1142
1143 static int
1144 in6_init_prefix_ltimes(struct nd_prefix *ndpr)
1145 {
1146 if (ndpr->ndpr_pltime == ND6_INFINITE_LIFETIME)
1147 ndpr->ndpr_preferred = 0;
1148 else
1149 ndpr->ndpr_preferred = time_uptime + ndpr->ndpr_pltime;
1150 if (ndpr->ndpr_vltime == ND6_INFINITE_LIFETIME)
1151 ndpr->ndpr_expire = 0;
1152 else
1153 ndpr->ndpr_expire = time_uptime + ndpr->ndpr_vltime;
1154
1155 return 0;
1156 }
1157
1158 static void
1159 in6_init_address_ltimes(struct nd_prefix *new, struct in6_addrlifetime *lt6)
1160 {
1161 /* init ia6t_expire */
1162 if (lt6->ia6t_vltime == ND6_INFINITE_LIFETIME)
1163 lt6->ia6t_expire = 0;
1164 else {
1165 lt6->ia6t_expire = time_uptime;
1166 lt6->ia6t_expire += lt6->ia6t_vltime;
1167 }
1168
1169 /* init ia6t_preferred */
1170 if (lt6->ia6t_pltime == ND6_INFINITE_LIFETIME)
1171 lt6->ia6t_preferred = 0;
1172 else {
1173 lt6->ia6t_preferred = time_uptime;
1174 lt6->ia6t_preferred += lt6->ia6t_pltime;
1175 }
1176 }
1177
1178 static struct in6_ifaddr *
1179 in6_ifadd(struct nd_prefixctl *pr, int mcast)
1180 {
1181 struct ifnet *ifp = pr->ndpr_ifp;
1182 struct ifaddr *ifa;
1183 struct in6_aliasreq ifra;
1184 struct in6_ifaddr *ia, *ib;
1185 int error, plen0;
1186 struct in6_addr mask;
1187 int prefixlen = pr->ndpr_plen;
1188 int updateflags;
1189 char ip6buf[INET6_ADDRSTRLEN];
1190
1191 in6_prefixlen2mask(&mask, prefixlen);
1192
1193 /*
1194 * find a link-local address (will be interface ID).
1195 * Is it really mandatory? Theoretically, a global or a site-local
1196 * address can be configured without a link-local address, if we
1197 * have a unique interface identifier...
1198 *
1199 * it is not mandatory to have a link-local address, we can generate
1200 * interface identifier on the fly. we do this because:
1201 * (1) it should be the easiest way to find interface identifier.
1202 * (2) RFC2462 5.4 suggesting the use of the same interface identifier
1203 * for multiple addresses on a single interface, and possible shortcut
1204 * of DAD. we omitted DAD for this reason in the past.
1205 * (3) a user can prevent autoconfiguration of global address
1206 * by removing link-local address by hand (this is partly because we
1207 * don't have other way to control the use of IPv6 on an interface.
1208 * this has been our design choice - cf. NRL's "ifconfig auto").
1209 * (4) it is easier to manage when an interface has addresses
1210 * with the same interface identifier, than to have multiple addresses
1211 * with different interface identifiers.
1212 */
1213 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); /* 0 is OK? */
1214 if (ifa)
1215 ib = (struct in6_ifaddr *)ifa;
1216 else
1217 return NULL;
1218
1219 /* prefixlen + ifidlen must be equal to 128 */
1220 plen0 = in6_mask2len(&ib->ia_prefixmask.sin6_addr, NULL);
1221 if (prefixlen != plen0) {
1222 ifa_free(ifa);
1223 nd6log((LOG_INFO,
1224 "%s: wrong prefixlen for %s (prefix=%d ifid=%d)\n",
1225 __func__, if_name(ifp), prefixlen, 128 - plen0));
1226 return NULL;
1227 }
1228
1229 /* make ifaddr */
1230 in6_prepare_ifra(&ifra, &pr->ndpr_prefix.sin6_addr, &mask);
1231
1232 IN6_MASK_ADDR(&ifra.ifra_addr.sin6_addr, &mask);
1233 /* interface ID */
1234 ifra.ifra_addr.sin6_addr.s6_addr32[0] |=
1235 (ib->ia_addr.sin6_addr.s6_addr32[0] & ~mask.s6_addr32[0]);
1236 ifra.ifra_addr.sin6_addr.s6_addr32[1] |=
1237 (ib->ia_addr.sin6_addr.s6_addr32[1] & ~mask.s6_addr32[1]);
1238 ifra.ifra_addr.sin6_addr.s6_addr32[2] |=
1239 (ib->ia_addr.sin6_addr.s6_addr32[2] & ~mask.s6_addr32[2]);
1240 ifra.ifra_addr.sin6_addr.s6_addr32[3] |=
1241 (ib->ia_addr.sin6_addr.s6_addr32[3] & ~mask.s6_addr32[3]);
1242 ifa_free(ifa);
1243
1244 /* lifetimes. */
1245 ifra.ifra_lifetime.ia6t_vltime = pr->ndpr_vltime;
1246 ifra.ifra_lifetime.ia6t_pltime = pr->ndpr_pltime;
1247
1248 /* XXX: scope zone ID? */
1249
1250 ifra.ifra_flags |= IN6_IFF_AUTOCONF; /* obey autoconf */
1251
1252 /*
1253 * Make sure that we do not have this address already. This should
1254 * usually not happen, but we can still see this case, e.g., if we
1255 * have manually configured the exact address to be configured.
1256 */
1257 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp,
1258 &ifra.ifra_addr.sin6_addr);
1259 if (ifa != NULL) {
1260 ifa_free(ifa);
1261 /* this should be rare enough to make an explicit log */
1262 log(LOG_INFO, "in6_ifadd: %s is already configured\n",
1263 ip6_sprintf(ip6buf, &ifra.ifra_addr.sin6_addr));
1264 return (NULL);
1265 }
1266
1267 /*
1268 * Allocate ifaddr structure, link into chain, etc.
1269 * If we are going to create a new address upon receiving a multicasted
1270 * RA, we need to impose a random delay before starting DAD.
1271 * [draft-ietf-ipv6-rfc2462bis-02.txt, Section 5.4.2]
1272 */
1273 updateflags = 0;
1274 if (mcast)
1275 updateflags |= IN6_IFAUPDATE_DADDELAY;
1276 if ((error = in6_update_ifa(ifp, &ifra, NULL, updateflags)) != 0) {
1277 nd6log((LOG_ERR,
1278 "%s: failed to make ifaddr %s on %s (errno=%d)\n", __func__,
1279 ip6_sprintf(ip6buf, &ifra.ifra_addr.sin6_addr),
1280 if_name(ifp), error));
1281 return (NULL); /* ifaddr must not have been allocated. */
1282 }
1283
1284 ia = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr);
1285 /*
1286 * XXXRW: Assumption of non-NULLness here might not be true with
1287 * fine-grained locking -- should we validate it? Or just return
1288 * earlier ifa rather than looking it up again?
1289 */
1290 return (ia); /* this is always non-NULL and referenced. */
1291 }
1292
1293 static struct nd_prefix *
1294 nd6_prefix_lookup_locked(struct nd_prefixctl *key)
1295 {
1296 struct nd_prefix *search;
1297
1298 ND6_LOCK_ASSERT();
1299
1300 LIST_FOREACH(search, &V_nd_prefix, ndpr_entry) {
1301 if (key->ndpr_ifp == search->ndpr_ifp &&
1302 key->ndpr_plen == search->ndpr_plen &&
1303 in6_are_prefix_equal(&key->ndpr_prefix.sin6_addr,
1304 &search->ndpr_prefix.sin6_addr, key->ndpr_plen)) {
1305 nd6_prefix_ref(search);
1306 break;
1307 }
1308 }
1309 return (search);
1310 }
1311
1312 struct nd_prefix *
1313 nd6_prefix_lookup(struct nd_prefixctl *key)
1314 {
1315 struct nd_prefix *search;
1316
1317 ND6_RLOCK();
1318 search = nd6_prefix_lookup_locked(key);
1319 ND6_RUNLOCK();
1320 return (search);
1321 }
1322
1323 void
1324 nd6_prefix_ref(struct nd_prefix *pr)
1325 {
1326
1327 refcount_acquire(&pr->ndpr_refcnt);
1328 }
1329
1330 void
1331 nd6_prefix_rele(struct nd_prefix *pr)
1332 {
1333
1334 if (refcount_release(&pr->ndpr_refcnt)) {
1335 KASSERT(LIST_EMPTY(&pr->ndpr_advrtrs),
1336 ("prefix %p has advertising routers", pr));
1337 free(pr, M_IP6NDP);
1338 }
1339 }
1340
1341 int
1342 nd6_prelist_add(struct nd_prefixctl *pr, struct nd_defrouter *dr,
1343 struct nd_prefix **newp)
1344 {
1345 struct nd_prefix *new;
1346 char ip6buf[INET6_ADDRSTRLEN];
1347 int error;
1348
1349 new = malloc(sizeof(*new), M_IP6NDP, M_NOWAIT | M_ZERO);
1350 if (new == NULL)
1351 return (ENOMEM);
1352 refcount_init(&new->ndpr_refcnt, newp != NULL ? 2 : 1);
1353 new->ndpr_ifp = pr->ndpr_ifp;
1354 new->ndpr_prefix = pr->ndpr_prefix;
1355 new->ndpr_plen = pr->ndpr_plen;
1356 new->ndpr_vltime = pr->ndpr_vltime;
1357 new->ndpr_pltime = pr->ndpr_pltime;
1358 new->ndpr_flags = pr->ndpr_flags;
1359 if ((error = in6_init_prefix_ltimes(new)) != 0) {
1360 free(new, M_IP6NDP);
1361 return (error);
1362 }
1363 new->ndpr_lastupdate = time_uptime;
1364
1365 /* initialization */
1366 LIST_INIT(&new->ndpr_advrtrs);
1367 in6_prefixlen2mask(&new->ndpr_mask, new->ndpr_plen);
1368 /* make prefix in the canonical form */
1369 IN6_MASK_ADDR(&new->ndpr_prefix.sin6_addr, &new->ndpr_mask);
1370
1371 ND6_WLOCK();
1372 LIST_INSERT_HEAD(&V_nd_prefix, new, ndpr_entry);
1373 V_nd6_list_genid++;
1374 ND6_WUNLOCK();
1375
1376 /* ND_OPT_PI_FLAG_ONLINK processing */
1377 if (new->ndpr_raf_onlink) {
1378 struct epoch_tracker et;
1379
1380 ND6_ONLINK_LOCK();
1381 NET_EPOCH_ENTER(et);
1382 if ((error = nd6_prefix_onlink(new)) != 0) {
1383 nd6log((LOG_ERR, "%s: failed to make the prefix %s/%d "
1384 "on-link on %s (errno=%d)\n", __func__,
1385 ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr),
1386 pr->ndpr_plen, if_name(pr->ndpr_ifp), error));
1387 /* proceed anyway. XXX: is it correct? */
1388 }
1389 NET_EPOCH_EXIT(et);
1390 ND6_ONLINK_UNLOCK();
1391 }
1392
1393 if (dr != NULL)
1394 pfxrtr_add(new, dr);
1395 if (newp != NULL)
1396 *newp = new;
1397 return (0);
1398 }
1399
1400 /*
1401 * Remove a prefix from the prefix list and optionally stash it in a
1402 * caller-provided list.
1403 *
1404 * The ND6 lock must be held.
1405 */
1406 void
1407 nd6_prefix_unlink(struct nd_prefix *pr, struct nd_prhead *list)
1408 {
1409
1410 ND6_WLOCK_ASSERT();
1411
1412 LIST_REMOVE(pr, ndpr_entry);
1413 V_nd6_list_genid++;
1414 if (list != NULL)
1415 LIST_INSERT_HEAD(list, pr, ndpr_entry);
1416 }
1417
1418 /*
1419 * Free an unlinked prefix, first marking it off-link if necessary.
1420 */
1421 void
1422 nd6_prefix_del(struct nd_prefix *pr)
1423 {
1424 struct nd_pfxrouter *pfr, *next;
1425 int e;
1426 char ip6buf[INET6_ADDRSTRLEN];
1427
1428 KASSERT(pr->ndpr_addrcnt == 0,
1429 ("prefix %p has referencing addresses", pr));
1430 ND6_UNLOCK_ASSERT();
1431
1432 /*
1433 * Though these flags are now meaningless, we'd rather keep the value
1434 * of pr->ndpr_raf_onlink and pr->ndpr_raf_auto not to confuse users
1435 * when executing "ndp -p".
1436 */
1437 if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0) {
1438 ND6_ONLINK_LOCK();
1439 if ((e = nd6_prefix_offlink(pr)) != 0) {
1440 nd6log((LOG_ERR,
1441 "%s: failed to make the prefix %s/%d offlink on %s "
1442 "(errno=%d)\n", __func__,
1443 ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr),
1444 pr->ndpr_plen, if_name(pr->ndpr_ifp), e));
1445 /* what should we do? */
1446 }
1447 ND6_ONLINK_UNLOCK();
1448 }
1449
1450 /* Release references to routers that have advertised this prefix. */
1451 ND6_WLOCK();
1452 LIST_FOREACH_SAFE(pfr, &pr->ndpr_advrtrs, pfr_entry, next)
1453 pfxrtr_del(pfr);
1454 ND6_WUNLOCK();
1455
1456 nd6_prefix_rele(pr);
1457
1458 pfxlist_onlink_check();
1459 }
1460
1461 static int
1462 prelist_update(struct nd_prefixctl *new, struct nd_defrouter *dr,
1463 struct mbuf *m, int mcast)
1464 {
1465 struct in6_ifaddr *ia6 = NULL, *ia6_match = NULL;
1466 struct ifaddr *ifa;
1467 struct ifnet *ifp = new->ndpr_ifp;
1468 struct nd_prefix *pr;
1469 int error = 0;
1470 int auth;
1471 struct in6_addrlifetime lt6_tmp;
1472 char ip6buf[INET6_ADDRSTRLEN];
1473
1474 NET_EPOCH_ASSERT();
1475
1476 auth = 0;
1477 if (m) {
1478 /*
1479 * Authenticity for NA consists authentication for
1480 * both IP header and IP datagrams, doesn't it ?
1481 */
1482 #if defined(M_AUTHIPHDR) && defined(M_AUTHIPDGM)
1483 auth = ((m->m_flags & M_AUTHIPHDR) &&
1484 (m->m_flags & M_AUTHIPDGM));
1485 #endif
1486 }
1487
1488 if ((pr = nd6_prefix_lookup(new)) != NULL) {
1489 /*
1490 * nd6_prefix_lookup() ensures that pr and new have the same
1491 * prefix on a same interface.
1492 */
1493
1494 /*
1495 * Update prefix information. Note that the on-link (L) bit
1496 * and the autonomous (A) bit should NOT be changed from 1
1497 * to 0.
1498 */
1499 if (new->ndpr_raf_onlink == 1)
1500 pr->ndpr_raf_onlink = 1;
1501 if (new->ndpr_raf_auto == 1)
1502 pr->ndpr_raf_auto = 1;
1503 if (new->ndpr_raf_onlink) {
1504 pr->ndpr_vltime = new->ndpr_vltime;
1505 pr->ndpr_pltime = new->ndpr_pltime;
1506 (void)in6_init_prefix_ltimes(pr); /* XXX error case? */
1507 pr->ndpr_lastupdate = time_uptime;
1508 }
1509
1510 if (new->ndpr_raf_onlink &&
1511 (pr->ndpr_stateflags & NDPRF_ONLINK) == 0) {
1512 ND6_ONLINK_LOCK();
1513 if ((error = nd6_prefix_onlink(pr)) != 0) {
1514 nd6log((LOG_ERR,
1515 "%s: failed to make the prefix %s/%d "
1516 "on-link on %s (errno=%d)\n", __func__,
1517 ip6_sprintf(ip6buf,
1518 &pr->ndpr_prefix.sin6_addr),
1519 pr->ndpr_plen, if_name(pr->ndpr_ifp),
1520 error));
1521 /* proceed anyway. XXX: is it correct? */
1522 }
1523 ND6_ONLINK_UNLOCK();
1524 }
1525
1526 if (dr != NULL)
1527 pfxrtr_add(pr, dr);
1528 } else {
1529 if (new->ndpr_vltime == 0)
1530 goto end;
1531 if (new->ndpr_raf_onlink == 0 && new->ndpr_raf_auto == 0)
1532 goto end;
1533
1534 error = nd6_prelist_add(new, dr, &pr);
1535 if (error != 0) {
1536 nd6log((LOG_NOTICE, "%s: nd6_prelist_add() failed for "
1537 "the prefix %s/%d on %s (errno=%d)\n", __func__,
1538 ip6_sprintf(ip6buf, &new->ndpr_prefix.sin6_addr),
1539 new->ndpr_plen, if_name(new->ndpr_ifp), error));
1540 goto end; /* we should just give up in this case. */
1541 }
1542
1543 /*
1544 * XXX: from the ND point of view, we can ignore a prefix
1545 * with the on-link bit being zero. However, we need a
1546 * prefix structure for references from autoconfigured
1547 * addresses. Thus, we explicitly make sure that the prefix
1548 * itself expires now.
1549 */
1550 if (pr->ndpr_raf_onlink == 0) {
1551 pr->ndpr_vltime = 0;
1552 pr->ndpr_pltime = 0;
1553 in6_init_prefix_ltimes(pr);
1554 }
1555 }
1556
1557 /*
1558 * Address autoconfiguration based on Section 5.5.3 of RFC 2462.
1559 * Note that pr must be non NULL at this point.
1560 */
1561
1562 /* 5.5.3 (a). Ignore the prefix without the A bit set. */
1563 if (!new->ndpr_raf_auto)
1564 goto end;
1565
1566 /*
1567 * 5.5.3 (b). the link-local prefix should have been ignored in
1568 * nd6_ra_input.
1569 */
1570
1571 /* 5.5.3 (c). Consistency check on lifetimes: pltime <= vltime. */
1572 if (new->ndpr_pltime > new->ndpr_vltime) {
1573 error = EINVAL; /* XXX: won't be used */
1574 goto end;
1575 }
1576
1577 /*
1578 * 5.5.3 (d). If the prefix advertised is not equal to the prefix of
1579 * an address configured by stateless autoconfiguration already in the
1580 * list of addresses associated with the interface, and the Valid
1581 * Lifetime is not 0, form an address. We first check if we have
1582 * a matching prefix.
1583 * Note: we apply a clarification in rfc2462bis-02 here. We only
1584 * consider autoconfigured addresses while RFC2462 simply said
1585 * "address".
1586 */
1587 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1588 struct in6_ifaddr *ifa6;
1589 u_int32_t remaininglifetime;
1590
1591 if (ifa->ifa_addr->sa_family != AF_INET6)
1592 continue;
1593
1594 ifa6 = (struct in6_ifaddr *)ifa;
1595
1596 /*
1597 * We only consider autoconfigured addresses as per rfc2462bis.
1598 */
1599 if (!(ifa6->ia6_flags & IN6_IFF_AUTOCONF))
1600 continue;
1601
1602 /*
1603 * Spec is not clear here, but I believe we should concentrate
1604 * on unicast (i.e. not anycast) addresses.
1605 * XXX: other ia6_flags? detached or duplicated?
1606 */
1607 if ((ifa6->ia6_flags & IN6_IFF_ANYCAST) != 0)
1608 continue;
1609
1610 /*
1611 * Ignore the address if it is not associated with a prefix
1612 * or is associated with a prefix that is different from this
1613 * one. (pr is never NULL here)
1614 */
1615 if (ifa6->ia6_ndpr != pr)
1616 continue;
1617
1618 if (ia6_match == NULL) /* remember the first one */
1619 ia6_match = ifa6;
1620
1621 /*
1622 * An already autoconfigured address matched. Now that we
1623 * are sure there is at least one matched address, we can
1624 * proceed to 5.5.3. (e): update the lifetimes according to the
1625 * "two hours" rule and the privacy extension.
1626 * We apply some clarifications in rfc2462bis:
1627 * - use remaininglifetime instead of storedlifetime as a
1628 * variable name
1629 * - remove the dead code in the "two-hour" rule
1630 */
1631 #define TWOHOUR (120*60)
1632 lt6_tmp = ifa6->ia6_lifetime;
1633
1634 if (lt6_tmp.ia6t_vltime == ND6_INFINITE_LIFETIME)
1635 remaininglifetime = ND6_INFINITE_LIFETIME;
1636 else if (time_uptime - ifa6->ia6_updatetime >
1637 lt6_tmp.ia6t_vltime) {
1638 /*
1639 * The case of "invalid" address. We should usually
1640 * not see this case.
1641 */
1642 remaininglifetime = 0;
1643 } else
1644 remaininglifetime = lt6_tmp.ia6t_vltime -
1645 (time_uptime - ifa6->ia6_updatetime);
1646
1647 /* when not updating, keep the current stored lifetime. */
1648 lt6_tmp.ia6t_vltime = remaininglifetime;
1649
1650 if (TWOHOUR < new->ndpr_vltime ||
1651 remaininglifetime < new->ndpr_vltime) {
1652 lt6_tmp.ia6t_vltime = new->ndpr_vltime;
1653 } else if (remaininglifetime <= TWOHOUR) {
1654 if (auth) {
1655 lt6_tmp.ia6t_vltime = new->ndpr_vltime;
1656 }
1657 } else {
1658 /*
1659 * new->ndpr_vltime <= TWOHOUR &&
1660 * TWOHOUR < remaininglifetime
1661 */
1662 lt6_tmp.ia6t_vltime = TWOHOUR;
1663 }
1664
1665 /* The 2 hour rule is not imposed for preferred lifetime. */
1666 lt6_tmp.ia6t_pltime = new->ndpr_pltime;
1667
1668 in6_init_address_ltimes(pr, <6_tmp);
1669
1670 /*
1671 * We need to treat lifetimes for temporary addresses
1672 * differently, according to
1673 * draft-ietf-ipv6-privacy-addrs-v2-01.txt 3.3 (1);
1674 * we only update the lifetimes when they are in the maximum
1675 * intervals.
1676 */
1677 if ((ifa6->ia6_flags & IN6_IFF_TEMPORARY) != 0) {
1678 u_int32_t maxvltime, maxpltime;
1679
1680 if (V_ip6_temp_valid_lifetime >
1681 (u_int32_t)((time_uptime - ifa6->ia6_createtime) +
1682 V_ip6_desync_factor)) {
1683 maxvltime = V_ip6_temp_valid_lifetime -
1684 (time_uptime - ifa6->ia6_createtime) -
1685 V_ip6_desync_factor;
1686 } else
1687 maxvltime = 0;
1688 if (V_ip6_temp_preferred_lifetime >
1689 (u_int32_t)((time_uptime - ifa6->ia6_createtime) +
1690 V_ip6_desync_factor)) {
1691 maxpltime = V_ip6_temp_preferred_lifetime -
1692 (time_uptime - ifa6->ia6_createtime) -
1693 V_ip6_desync_factor;
1694 } else
1695 maxpltime = 0;
1696
1697 if (lt6_tmp.ia6t_vltime == ND6_INFINITE_LIFETIME ||
1698 lt6_tmp.ia6t_vltime > maxvltime) {
1699 lt6_tmp.ia6t_vltime = maxvltime;
1700 }
1701 if (lt6_tmp.ia6t_pltime == ND6_INFINITE_LIFETIME ||
1702 lt6_tmp.ia6t_pltime > maxpltime) {
1703 lt6_tmp.ia6t_pltime = maxpltime;
1704 }
1705 }
1706 ifa6->ia6_lifetime = lt6_tmp;
1707 ifa6->ia6_updatetime = time_uptime;
1708 }
1709 if (ia6_match == NULL && new->ndpr_vltime) {
1710 int ifidlen;
1711
1712 /*
1713 * 5.5.3 (d) (continued)
1714 * No address matched and the valid lifetime is non-zero.
1715 * Create a new address.
1716 */
1717
1718 /*
1719 * Prefix Length check:
1720 * If the sum of the prefix length and interface identifier
1721 * length does not equal 128 bits, the Prefix Information
1722 * option MUST be ignored. The length of the interface
1723 * identifier is defined in a separate link-type specific
1724 * document.
1725 */
1726 ifidlen = in6_if2idlen(ifp);
1727 if (ifidlen < 0) {
1728 /* this should not happen, so we always log it. */
1729 log(LOG_ERR, "prelist_update: IFID undefined (%s)\n",
1730 if_name(ifp));
1731 goto end;
1732 }
1733 if (ifidlen + pr->ndpr_plen != 128) {
1734 nd6log((LOG_INFO,
1735 "%s: invalid prefixlen %d for %s, ignored\n",
1736 __func__, pr->ndpr_plen, if_name(ifp)));
1737 goto end;
1738 }
1739
1740 if ((ia6 = in6_ifadd(new, mcast)) != NULL) {
1741 /*
1742 * note that we should use pr (not new) for reference.
1743 */
1744 pr->ndpr_addrcnt++;
1745 ia6->ia6_ndpr = pr;
1746
1747 /*
1748 * RFC 3041 3.3 (2).
1749 * When a new public address is created as described
1750 * in RFC2462, also create a new temporary address.
1751 *
1752 * RFC 3041 3.5.
1753 * When an interface connects to a new link, a new
1754 * randomized interface identifier should be generated
1755 * immediately together with a new set of temporary
1756 * addresses. Thus, we specifiy 1 as the 2nd arg of
1757 * in6_tmpifadd().
1758 */
1759 if (V_ip6_use_tempaddr) {
1760 int e;
1761 if ((e = in6_tmpifadd(ia6, 1, 1)) != 0) {
1762 nd6log((LOG_NOTICE, "%s: failed to "
1763 "create a temporary address "
1764 "(errno=%d)\n", __func__, e));
1765 }
1766 }
1767 ifa_free(&ia6->ia_ifa);
1768
1769 /*
1770 * A newly added address might affect the status
1771 * of other addresses, so we check and update it.
1772 * XXX: what if address duplication happens?
1773 */
1774 pfxlist_onlink_check();
1775 } else {
1776 /* just set an error. do not bark here. */
1777 error = EADDRNOTAVAIL; /* XXX: might be unused. */
1778 }
1779 }
1780
1781 end:
1782 if (pr != NULL)
1783 nd6_prefix_rele(pr);
1784 return (error);
1785 }
1786
1787 /*
1788 * A supplement function used in the on-link detection below;
1789 * detect if a given prefix has a (probably) reachable advertising router.
1790 * XXX: lengthy function name...
1791 */
1792 static struct nd_pfxrouter *
1793 find_pfxlist_reachable_router(struct nd_prefix *pr)
1794 {
1795 struct epoch_tracker et;
1796 struct nd_pfxrouter *pfxrtr;
1797
1798 ND6_LOCK_ASSERT();
1799
1800 NET_EPOCH_ENTER(et);
1801 LIST_FOREACH(pfxrtr, &pr->ndpr_advrtrs, pfr_entry) {
1802 if (is_dr_reachable(pfxrtr->router))
1803 break;
1804 }
1805 NET_EPOCH_EXIT(et);
1806 return (pfxrtr);
1807 }
1808
1809 /*
1810 * Check if each prefix in the prefix list has at least one available router
1811 * that advertised the prefix (a router is "available" if its neighbor cache
1812 * entry is reachable or probably reachable).
1813 * If the check fails, the prefix may be off-link, because, for example,
1814 * we have moved from the network but the lifetime of the prefix has not
1815 * expired yet. So we should not use the prefix if there is another prefix
1816 * that has an available router.
1817 * But, if there is no prefix that has an available router, we still regard
1818 * all the prefixes as on-link. This is because we can't tell if all the
1819 * routers are simply dead or if we really moved from the network and there
1820 * is no router around us.
1821 */
1822 void
1823 pfxlist_onlink_check(void)
1824 {
1825 struct nd_prefix *pr;
1826 struct in6_ifaddr *ifa;
1827 struct nd_defrouter *dr;
1828 struct nd_pfxrouter *pfxrtr = NULL;
1829 struct rm_priotracker in6_ifa_tracker;
1830 uint64_t genid;
1831 uint32_t flags;
1832
1833 ND6_ONLINK_LOCK();
1834 ND6_RLOCK();
1835
1836 /*
1837 * Check if there is a prefix that has a reachable advertising
1838 * router.
1839 */
1840 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
1841 if (pr->ndpr_raf_onlink && find_pfxlist_reachable_router(pr))
1842 break;
1843 }
1844
1845 /*
1846 * If we have no such prefix, check whether we still have a router
1847 * that does not advertise any prefixes.
1848 */
1849 if (pr == NULL) {
1850 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry) {
1851 struct nd_prefix *pr0;
1852
1853 LIST_FOREACH(pr0, &V_nd_prefix, ndpr_entry) {
1854 if ((pfxrtr = pfxrtr_lookup(pr0, dr)) != NULL)
1855 break;
1856 }
1857 if (pfxrtr != NULL)
1858 break;
1859 }
1860 }
1861 if (pr != NULL || (!TAILQ_EMPTY(&V_nd6_defrouter) && pfxrtr == NULL)) {
1862 /*
1863 * There is at least one prefix that has a reachable router,
1864 * or at least a router which probably does not advertise
1865 * any prefixes. The latter would be the case when we move
1866 * to a new link where we have a router that does not provide
1867 * prefixes and we configure an address by hand.
1868 * Detach prefixes which have no reachable advertising
1869 * router, and attach other prefixes.
1870 */
1871 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
1872 /* XXX: a link-local prefix should never be detached */
1873 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr) ||
1874 pr->ndpr_raf_onlink == 0 ||
1875 pr->ndpr_raf_auto == 0)
1876 continue;
1877
1878 if ((pr->ndpr_stateflags & NDPRF_DETACHED) == 0 &&
1879 find_pfxlist_reachable_router(pr) == NULL)
1880 pr->ndpr_stateflags |= NDPRF_DETACHED;
1881 else if ((pr->ndpr_stateflags & NDPRF_DETACHED) != 0 &&
1882 find_pfxlist_reachable_router(pr) != NULL)
1883 pr->ndpr_stateflags &= ~NDPRF_DETACHED;
1884 }
1885 } else {
1886 /* there is no prefix that has a reachable router */
1887 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
1888 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr) ||
1889 pr->ndpr_raf_onlink == 0 ||
1890 pr->ndpr_raf_auto == 0)
1891 continue;
1892 pr->ndpr_stateflags &= ~NDPRF_DETACHED;
1893 }
1894 }
1895
1896 /*
1897 * Remove each interface route associated with a (just) detached
1898 * prefix, and reinstall the interface route for a (just) attached
1899 * prefix. Note that all attempt of reinstallation does not
1900 * necessarily success, when a same prefix is shared among multiple
1901 * interfaces. Such cases will be handled in nd6_prefix_onlink,
1902 * so we don't have to care about them.
1903 */
1904 restart:
1905 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
1906 char ip6buf[INET6_ADDRSTRLEN];
1907 int e;
1908
1909 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr) ||
1910 pr->ndpr_raf_onlink == 0 ||
1911 pr->ndpr_raf_auto == 0)
1912 continue;
1913
1914 flags = pr->ndpr_stateflags & (NDPRF_DETACHED | NDPRF_ONLINK);
1915 if (flags == 0 || flags == (NDPRF_DETACHED | NDPRF_ONLINK)) {
1916 genid = V_nd6_list_genid;
1917 ND6_RUNLOCK();
1918 if ((flags & NDPRF_ONLINK) != 0 &&
1919 (e = nd6_prefix_offlink(pr)) != 0) {
1920 nd6log((LOG_ERR,
1921 "%s: failed to make %s/%d offlink "
1922 "(errno=%d)\n", __func__,
1923 ip6_sprintf(ip6buf,
1924 &pr->ndpr_prefix.sin6_addr),
1925 pr->ndpr_plen, e));
1926 } else if ((flags & NDPRF_ONLINK) == 0 &&
1927 (e = nd6_prefix_onlink(pr)) != 0) {
1928 nd6log((LOG_ERR,
1929 "%s: failed to make %s/%d onlink "
1930 "(errno=%d)\n", __func__,
1931 ip6_sprintf(ip6buf,
1932 &pr->ndpr_prefix.sin6_addr),
1933 pr->ndpr_plen, e));
1934 }
1935 ND6_RLOCK();
1936 if (genid != V_nd6_list_genid)
1937 goto restart;
1938 }
1939 }
1940
1941 /*
1942 * Changes on the prefix status might affect address status as well.
1943 * Make sure that all addresses derived from an attached prefix are
1944 * attached, and that all addresses derived from a detached prefix are
1945 * detached. Note, however, that a manually configured address should
1946 * always be attached.
1947 * The precise detection logic is same as the one for prefixes.
1948 */
1949 IN6_IFADDR_RLOCK(&in6_ifa_tracker);
1950 CK_STAILQ_FOREACH(ifa, &V_in6_ifaddrhead, ia_link) {
1951 if (!(ifa->ia6_flags & IN6_IFF_AUTOCONF))
1952 continue;
1953
1954 if (ifa->ia6_ndpr == NULL) {
1955 /*
1956 * This can happen when we first configure the address
1957 * (i.e. the address exists, but the prefix does not).
1958 * XXX: complicated relationships...
1959 */
1960 continue;
1961 }
1962
1963 if (find_pfxlist_reachable_router(ifa->ia6_ndpr))
1964 break;
1965 }
1966 if (ifa) {
1967 CK_STAILQ_FOREACH(ifa, &V_in6_ifaddrhead, ia_link) {
1968 if ((ifa->ia6_flags & IN6_IFF_AUTOCONF) == 0)
1969 continue;
1970
1971 if (ifa->ia6_ndpr == NULL) /* XXX: see above. */
1972 continue;
1973
1974 if (find_pfxlist_reachable_router(ifa->ia6_ndpr)) {
1975 if (ifa->ia6_flags & IN6_IFF_DETACHED) {
1976 ifa->ia6_flags &= ~IN6_IFF_DETACHED;
1977 ifa->ia6_flags |= IN6_IFF_TENTATIVE;
1978 nd6_dad_start((struct ifaddr *)ifa, 0);
1979 }
1980 } else {
1981 ifa->ia6_flags |= IN6_IFF_DETACHED;
1982 }
1983 }
1984 } else {
1985 CK_STAILQ_FOREACH(ifa, &V_in6_ifaddrhead, ia_link) {
1986 if ((ifa->ia6_flags & IN6_IFF_AUTOCONF) == 0)
1987 continue;
1988
1989 if (ifa->ia6_flags & IN6_IFF_DETACHED) {
1990 ifa->ia6_flags &= ~IN6_IFF_DETACHED;
1991 ifa->ia6_flags |= IN6_IFF_TENTATIVE;
1992 /* Do we need a delay in this case? */
1993 nd6_dad_start((struct ifaddr *)ifa, 0);
1994 }
1995 }
1996 }
1997 IN6_IFADDR_RUNLOCK(&in6_ifa_tracker);
1998 ND6_RUNLOCK();
1999 ND6_ONLINK_UNLOCK();
2000 }
2001
2002 /*
2003 * Add or remove interface route specified by @dst, @netmask and @ifp.
2004 * ifa can be NULL.
2005 * Returns 0 on success
2006 */
2007 static int
2008 nd6_prefix_rtrequest(uint32_t fibnum, int cmd, struct sockaddr_in6 *dst,
2009 struct sockaddr_in6 *netmask, struct ifnet *ifp, struct ifaddr *ifa)
2010 {
2011 struct epoch_tracker et;
2012 int error;
2013
2014 /* Prepare gateway */
2015 struct sockaddr_dl_short sdl = {
2016 .sdl_family = AF_LINK,
2017 .sdl_len = sizeof(struct sockaddr_dl_short),
2018 .sdl_type = ifp->if_type,
2019 .sdl_index = ifp->if_index,
2020 };
2021
2022 struct rt_addrinfo info = {
2023 .rti_ifa = ifa,
2024 .rti_ifp = ifp,
2025 .rti_flags = RTF_PINNED | ((netmask != NULL) ? 0 : RTF_HOST),
2026 .rti_info = {
2027 [RTAX_DST] = (struct sockaddr *)dst,
2028 [RTAX_NETMASK] = (struct sockaddr *)netmask,
2029 [RTAX_GATEWAY] = (struct sockaddr *)&sdl,
2030 },
2031 };
2032 /* Don't set additional per-gw filters on removal */
2033
2034 NET_EPOCH_ENTER(et);
2035 error = rib_handle_ifaddr_info(fibnum, cmd, &info);
2036 NET_EPOCH_EXIT(et);
2037 return (error);
2038 }
2039
2040 static int
2041 nd6_prefix_onlink_rtrequest(struct nd_prefix *pr, struct ifaddr *ifa)
2042 {
2043 int error;
2044
2045 struct sockaddr_in6 mask6 = {
2046 .sin6_family = AF_INET6,
2047 .sin6_len = sizeof(struct sockaddr_in6),
2048 .sin6_addr = pr->ndpr_mask,
2049 };
2050 struct sockaddr_in6 *pmask6 = (pr->ndpr_plen != 128) ? &mask6 : NULL;
2051
2052 error = nd6_prefix_rtrequest(pr->ndpr_ifp->if_fib, RTM_ADD,
2053 &pr->ndpr_prefix, pmask6, pr->ndpr_ifp, ifa);
2054 if (error == 0)
2055 pr->ndpr_stateflags |= NDPRF_ONLINK;
2056
2057 return (error);
2058 }
2059
2060 static int
2061 nd6_prefix_onlink(struct nd_prefix *pr)
2062 {
2063 struct epoch_tracker et;
2064 struct ifaddr *ifa;
2065 struct ifnet *ifp = pr->ndpr_ifp;
2066 struct nd_prefix *opr;
2067 char ip6buf[INET6_ADDRSTRLEN];
2068 int error;
2069
2070 ND6_ONLINK_LOCK_ASSERT();
2071 ND6_UNLOCK_ASSERT();
2072
2073 if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0)
2074 return (EEXIST);
2075
2076 /*
2077 * Add the interface route associated with the prefix. Before
2078 * installing the route, check if there's the same prefix on another
2079 * interface, and the prefix has already installed the interface route.
2080 * Although such a configuration is expected to be rare, we explicitly
2081 * allow it.
2082 */
2083 ND6_RLOCK();
2084 LIST_FOREACH(opr, &V_nd_prefix, ndpr_entry) {
2085 if (opr == pr)
2086 continue;
2087
2088 if ((opr->ndpr_stateflags & NDPRF_ONLINK) == 0)
2089 continue;
2090
2091 if (!V_rt_add_addr_allfibs &&
2092 opr->ndpr_ifp->if_fib != pr->ndpr_ifp->if_fib)
2093 continue;
2094
2095 if (opr->ndpr_plen == pr->ndpr_plen &&
2096 in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr,
2097 &opr->ndpr_prefix.sin6_addr, pr->ndpr_plen)) {
2098 ND6_RUNLOCK();
2099 return (0);
2100 }
2101 }
2102 ND6_RUNLOCK();
2103
2104 /*
2105 * We prefer link-local addresses as the associated interface address.
2106 */
2107 /* search for a link-local addr */
2108 NET_EPOCH_ENTER(et);
2109 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp,
2110 IN6_IFF_NOTREADY | IN6_IFF_ANYCAST);
2111 if (ifa == NULL) {
2112 /* XXX: freebsd does not have ifa_ifwithaf */
2113 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
2114 if (ifa->ifa_addr->sa_family == AF_INET6) {
2115 ifa_ref(ifa);
2116 break;
2117 }
2118 }
2119 /* should we care about ia6_flags? */
2120 }
2121 if (ifa == NULL) {
2122 /*
2123 * This can still happen, when, for example, we receive an RA
2124 * containing a prefix with the L bit set and the A bit clear,
2125 * after removing all IPv6 addresses on the receiving
2126 * interface. This should, of course, be rare though.
2127 */
2128 nd6log((LOG_NOTICE,
2129 "%s: failed to find any ifaddr to add route for a "
2130 "prefix(%s/%d) on %s\n", __func__,
2131 ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr),
2132 pr->ndpr_plen, if_name(ifp)));
2133 error = 0;
2134 } else {
2135 error = nd6_prefix_onlink_rtrequest(pr, ifa);
2136 ifa_free(ifa);
2137 }
2138 NET_EPOCH_EXIT(et);
2139
2140 return (error);
2141 }
2142
2143 int
2144 nd6_prefix_offlink(struct nd_prefix *pr)
2145 {
2146 int error = 0;
2147 struct ifnet *ifp = pr->ndpr_ifp;
2148 struct nd_prefix *opr;
2149 char ip6buf[INET6_ADDRSTRLEN];
2150 uint64_t genid;
2151 int a_failure;
2152
2153 ND6_ONLINK_LOCK_ASSERT();
2154 ND6_UNLOCK_ASSERT();
2155
2156 if ((pr->ndpr_stateflags & NDPRF_ONLINK) == 0)
2157 return (EEXIST);
2158
2159 struct sockaddr_in6 mask6 = {
2160 .sin6_family = AF_INET6,
2161 .sin6_len = sizeof(struct sockaddr_in6),
2162 .sin6_addr = pr->ndpr_mask,
2163 };
2164 struct sockaddr_in6 *pmask6 = (pr->ndpr_plen != 128) ? &mask6 : NULL;
2165
2166 error = nd6_prefix_rtrequest(ifp->if_fib, RTM_DELETE,
2167 &pr->ndpr_prefix, pmask6, ifp, NULL);
2168
2169 a_failure = 1;
2170 if (error == 0) {
2171 pr->ndpr_stateflags &= ~NDPRF_ONLINK;
2172
2173 /*
2174 * There might be the same prefix on another interface,
2175 * the prefix which could not be on-link just because we have
2176 * the interface route (see comments in nd6_prefix_onlink).
2177 * If there's one, try to make the prefix on-link on the
2178 * interface.
2179 */
2180 ND6_RLOCK();
2181 restart:
2182 LIST_FOREACH(opr, &V_nd_prefix, ndpr_entry) {
2183 /*
2184 * KAME specific: detached prefixes should not be
2185 * on-link.
2186 */
2187 if (opr == pr || (opr->ndpr_stateflags &
2188 (NDPRF_ONLINK | NDPRF_DETACHED)) != 0)
2189 continue;
2190
2191 if (opr->ndpr_plen == pr->ndpr_plen &&
2192 in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr,
2193 &opr->ndpr_prefix.sin6_addr, pr->ndpr_plen)) {
2194 int e;
2195
2196 genid = V_nd6_list_genid;
2197 ND6_RUNLOCK();
2198 if ((e = nd6_prefix_onlink(opr)) != 0) {
2199 nd6log((LOG_ERR,
2200 "%s: failed to recover a prefix "
2201 "%s/%d from %s to %s (errno=%d)\n",
2202 __func__, ip6_sprintf(ip6buf,
2203 &opr->ndpr_prefix.sin6_addr),
2204 opr->ndpr_plen, if_name(ifp),
2205 if_name(opr->ndpr_ifp), e));
2206 } else
2207 a_failure = 0;
2208 ND6_RLOCK();
2209 if (genid != V_nd6_list_genid)
2210 goto restart;
2211 }
2212 }
2213 ND6_RUNLOCK();
2214 } else {
2215 /* XXX: can we still set the NDPRF_ONLINK flag? */
2216 nd6log((LOG_ERR,
2217 "%s: failed to delete route: %s/%d on %s (errno=%d)\n",
2218 __func__, ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr),
2219 pr->ndpr_plen, if_name(ifp), error));
2220 }
2221
2222 if (a_failure)
2223 lltable_prefix_free(AF_INET6,
2224 (struct sockaddr *)&pr->ndpr_prefix,
2225 (struct sockaddr *)&mask6, LLE_STATIC);
2226
2227 return (error);
2228 }
2229
2230 /*
2231 * ia0 - corresponding public address
2232 */
2233 int
2234 in6_tmpifadd(const struct in6_ifaddr *ia0, int forcegen, int delay)
2235 {
2236 struct ifnet *ifp = ia0->ia_ifa.ifa_ifp;
2237 struct in6_ifaddr *newia;
2238 struct in6_aliasreq ifra;
2239 int error;
2240 int trylimit = 3; /* XXX: adhoc value */
2241 int updateflags;
2242 u_int32_t randid[2];
2243 time_t vltime0, pltime0;
2244
2245 in6_prepare_ifra(&ifra, &ia0->ia_addr.sin6_addr,
2246 &ia0->ia_prefixmask.sin6_addr);
2247
2248 ifra.ifra_addr = ia0->ia_addr; /* XXX: do we need this ? */
2249 /* clear the old IFID */
2250 IN6_MASK_ADDR(&ifra.ifra_addr.sin6_addr,
2251 &ifra.ifra_prefixmask.sin6_addr);
2252
2253 again:
2254 if (in6_get_tmpifid(ifp, (u_int8_t *)randid,
2255 (const u_int8_t *)&ia0->ia_addr.sin6_addr.s6_addr[8], forcegen)) {
2256 nd6log((LOG_NOTICE, "%s: failed to find a good random IFID\n",
2257 __func__));
2258 return (EINVAL);
2259 }
2260 ifra.ifra_addr.sin6_addr.s6_addr32[2] |=
2261 (randid[0] & ~(ifra.ifra_prefixmask.sin6_addr.s6_addr32[2]));
2262 ifra.ifra_addr.sin6_addr.s6_addr32[3] |=
2263 (randid[1] & ~(ifra.ifra_prefixmask.sin6_addr.s6_addr32[3]));
2264
2265 /*
2266 * in6_get_tmpifid() quite likely provided a unique interface ID.
2267 * However, we may still have a chance to see collision, because
2268 * there may be a time lag between generation of the ID and generation
2269 * of the address. So, we'll do one more sanity check.
2270 */
2271
2272 if (in6_localip(&ifra.ifra_addr.sin6_addr) != 0) {
2273 if (trylimit-- > 0) {
2274 forcegen = 1;
2275 goto again;
2276 }
2277
2278 /* Give up. Something strange should have happened. */
2279 nd6log((LOG_NOTICE, "%s: failed to find a unique random IFID\n",
2280 __func__));
2281 return (EEXIST);
2282 }
2283
2284 /*
2285 * The Valid Lifetime is the lower of the Valid Lifetime of the
2286 * public address or TEMP_VALID_LIFETIME.
2287 * The Preferred Lifetime is the lower of the Preferred Lifetime
2288 * of the public address or TEMP_PREFERRED_LIFETIME -
2289 * DESYNC_FACTOR.
2290 */
2291 if (ia0->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
2292 vltime0 = IFA6_IS_INVALID(ia0) ? 0 :
2293 (ia0->ia6_lifetime.ia6t_vltime -
2294 (time_uptime - ia0->ia6_updatetime));
2295 if (vltime0 > V_ip6_temp_valid_lifetime)
2296 vltime0 = V_ip6_temp_valid_lifetime;
2297 } else
2298 vltime0 = V_ip6_temp_valid_lifetime;
2299 if (ia0->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
2300 pltime0 = IFA6_IS_DEPRECATED(ia0) ? 0 :
2301 (ia0->ia6_lifetime.ia6t_pltime -
2302 (time_uptime - ia0->ia6_updatetime));
2303 if (pltime0 > V_ip6_temp_preferred_lifetime - V_ip6_desync_factor){
2304 pltime0 = V_ip6_temp_preferred_lifetime -
2305 V_ip6_desync_factor;
2306 }
2307 } else
2308 pltime0 = V_ip6_temp_preferred_lifetime - V_ip6_desync_factor;
2309 ifra.ifra_lifetime.ia6t_vltime = vltime0;
2310 ifra.ifra_lifetime.ia6t_pltime = pltime0;
2311
2312 /*
2313 * A temporary address is created only if this calculated Preferred
2314 * Lifetime is greater than REGEN_ADVANCE time units.
2315 */
2316 if (ifra.ifra_lifetime.ia6t_pltime <= V_ip6_temp_regen_advance)
2317 return (0);
2318
2319 /* XXX: scope zone ID? */
2320
2321 ifra.ifra_flags |= (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY);
2322
2323 /* allocate ifaddr structure, link into chain, etc. */
2324 updateflags = 0;
2325 if (delay)
2326 updateflags |= IN6_IFAUPDATE_DADDELAY;
2327 if ((error = in6_update_ifa(ifp, &ifra, NULL, updateflags)) != 0)
2328 return (error);
2329
2330 newia = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr);
2331 if (newia == NULL) { /* XXX: can it happen? */
2332 nd6log((LOG_ERR,
2333 "%s: ifa update succeeded, but we got no ifaddr\n",
2334 __func__));
2335 return (EINVAL); /* XXX */
2336 }
2337 newia->ia6_ndpr = ia0->ia6_ndpr;
2338 newia->ia6_ndpr->ndpr_addrcnt++;
2339 ifa_free(&newia->ia_ifa);
2340
2341 /*
2342 * A newly added address might affect the status of other addresses.
2343 * XXX: when the temporary address is generated with a new public
2344 * address, the onlink check is redundant. However, it would be safe
2345 * to do the check explicitly everywhere a new address is generated,
2346 * and, in fact, we surely need the check when we create a new
2347 * temporary address due to deprecation of an old temporary address.
2348 */
2349 pfxlist_onlink_check();
2350
2351 return (0);
2352 }
2353
2354 static int
2355 rt6_deleteroute(const struct rtentry *rt, const struct nhop_object *nh,
2356 void *arg)
2357 {
2358 struct in6_addr *gate = (struct in6_addr *)arg;
2359 int nh_rt_flags;
2360
2361 if (nh->gw_sa.sa_family != AF_INET6)
2362 return (0);
2363
2364 if (!IN6_ARE_ADDR_EQUAL(gate, &nh->gw6_sa.sin6_addr)) {
2365 return (0);
2366 }
2367
2368 /*
2369 * Do not delete a static route.
2370 * XXX: this seems to be a bit ad-hoc. Should we consider the
2371 * 'cloned' bit instead?
2372 */
2373 nh_rt_flags = nhop_get_rtflags(nh);
2374 if ((nh_rt_flags & RTF_STATIC) != 0)
2375 return (0);
2376
2377 /*
2378 * We delete only host route. This means, in particular, we don't
2379 * delete default route.
2380 */
2381 if ((nh_rt_flags & RTF_HOST) == 0)
2382 return (0);
2383
2384 return (1);
2385 #undef SIN6
2386 }
2387
2388 /*
2389 * Delete all the routing table entries that use the specified gateway.
2390 * XXX: this function causes search through all entries of routing table, so
2391 * it shouldn't be called when acting as a router.
2392 */
2393 void
2394 rt6_flush(struct in6_addr *gateway, struct ifnet *ifp)
2395 {
2396
2397 /* We'll care only link-local addresses */
2398 if (!IN6_IS_ADDR_LINKLOCAL(gateway))
2399 return;
2400
2401 /* XXX Do we really need to walk any but the default FIB? */
2402 rib_foreach_table_walk_del(AF_INET6, rt6_deleteroute, (void *)gateway);
2403 }
2404
2405 int
2406 nd6_setdefaultiface(int ifindex)
2407 {
2408
2409 if (V_nd6_defifindex != ifindex) {
2410 V_nd6_defifindex = ifindex;
2411 if (V_nd6_defifindex != 0) {
2412 struct epoch_tracker et;
2413
2414 /*
2415 * XXXGL: this function should use ifnet_byindex_ref!
2416 */
2417 NET_EPOCH_ENTER(et);
2418 V_nd6_defifp = ifnet_byindex(V_nd6_defifindex);
2419 NET_EPOCH_EXIT(et);
2420 if (V_nd6_defifp == NULL)
2421 return (EINVAL);
2422 } else
2423 V_nd6_defifp = NULL;
2424
2425 /*
2426 * Our current implementation assumes one-to-one mapping between
2427 * interfaces and links, so it would be natural to use the
2428 * default interface as the default link.
2429 */
2430 scope6_setdefault(V_nd6_defifp);
2431 }
2432
2433 return (0);
2434 }
2435
2436 bool
2437 nd6_defrouter_list_empty(void)
2438 {
2439
2440 return (TAILQ_EMPTY(&V_nd6_defrouter));
2441 }
2442
2443 void
2444 nd6_defrouter_timer(void)
2445 {
2446 struct nd_defrouter *dr, *ndr;
2447 struct nd6_drhead drq;
2448
2449 TAILQ_INIT(&drq);
2450
2451 ND6_WLOCK();
2452 TAILQ_FOREACH_SAFE(dr, &V_nd6_defrouter, dr_entry, ndr)
2453 if (dr->expire && dr->expire < time_uptime)
2454 defrouter_unlink(dr, &drq);
2455 ND6_WUNLOCK();
2456
2457 while ((dr = TAILQ_FIRST(&drq)) != NULL) {
2458 TAILQ_REMOVE(&drq, dr, dr_entry);
2459 defrouter_del(dr);
2460 }
2461 }
2462
2463 /*
2464 * Nuke default router list entries toward ifp.
2465 * We defer removal of default router list entries that is installed in the
2466 * routing table, in order to keep additional side effects as small as possible.
2467 */
2468 void
2469 nd6_defrouter_purge(struct ifnet *ifp)
2470 {
2471 struct nd_defrouter *dr, *ndr;
2472 struct nd6_drhead drq;
2473
2474 TAILQ_INIT(&drq);
2475
2476 ND6_WLOCK();
2477 TAILQ_FOREACH_SAFE(dr, &V_nd6_defrouter, dr_entry, ndr) {
2478 if (dr->installed)
2479 continue;
2480 if (dr->ifp == ifp)
2481 defrouter_unlink(dr, &drq);
2482 }
2483 TAILQ_FOREACH_SAFE(dr, &V_nd6_defrouter, dr_entry, ndr) {
2484 if (!dr->installed)
2485 continue;
2486 if (dr->ifp == ifp)
2487 defrouter_unlink(dr, &drq);
2488 }
2489 ND6_WUNLOCK();
2490
2491 /* Delete the unlinked router objects. */
2492 while ((dr = TAILQ_FIRST(&drq)) != NULL) {
2493 TAILQ_REMOVE(&drq, dr, dr_entry);
2494 defrouter_del(dr);
2495 }
2496 }
2497
2498 void
2499 nd6_defrouter_flush_all(void)
2500 {
2501 struct nd_defrouter *dr;
2502 struct nd6_drhead drq;
2503
2504 TAILQ_INIT(&drq);
2505
2506 ND6_WLOCK();
2507 while ((dr = TAILQ_FIRST(&V_nd6_defrouter)) != NULL)
2508 defrouter_unlink(dr, &drq);
2509 ND6_WUNLOCK();
2510
2511 while ((dr = TAILQ_FIRST(&drq)) != NULL) {
2512 TAILQ_REMOVE(&drq, dr, dr_entry);
2513 defrouter_del(dr);
2514 }
2515 }
2516
2517 void
2518 nd6_defrouter_init(void)
2519 {
2520
2521 TAILQ_INIT(&V_nd6_defrouter);
2522 }
2523
2524 static int
2525 nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS)
2526 {
2527 struct in6_defrouter d;
2528 struct nd_defrouter *dr;
2529 int error;
2530
2531 if (req->newptr != NULL)
2532 return (EPERM);
2533
2534 error = sysctl_wire_old_buffer(req, 0);
2535 if (error != 0)
2536 return (error);
2537
2538 bzero(&d, sizeof(d));
2539 d.rtaddr.sin6_family = AF_INET6;
2540 d.rtaddr.sin6_len = sizeof(d.rtaddr);
2541
2542 ND6_RLOCK();
2543 TAILQ_FOREACH(dr, &V_nd6_defrouter, dr_entry) {
2544 d.rtaddr.sin6_addr = dr->rtaddr;
2545 error = sa6_recoverscope(&d.rtaddr);
2546 if (error != 0)
2547 break;
2548 d.flags = dr->raflags;
2549 d.rtlifetime = dr->rtlifetime;
2550 d.expire = dr->expire + (time_second - time_uptime);
2551 d.if_index = dr->ifp->if_index;
2552 error = SYSCTL_OUT(req, &d, sizeof(d));
2553 if (error != 0)
2554 break;
2555 }
2556 ND6_RUNLOCK();
2557 return (error);
2558 }
2559 SYSCTL_PROC(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist,
2560 CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE,
2561 NULL, 0, nd6_sysctl_drlist, "S,in6_defrouter",
2562 "NDP default router list");
Cache object: ad02ba6b996050055c01dd558d145fd9
|