1 /*-
2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $KAME: nd6_rtr.c,v 1.111 2001/04/27 01:37:15 jinmei Exp $
30 */
31
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD: src/sys/netinet6/nd6_rtr.c,v 1.46 2008/12/02 21:37:28 bz Exp $");
34
35 #include "opt_inet.h"
36 #include "opt_inet6.h"
37
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/malloc.h>
41 #include <sys/mbuf.h>
42 #include <sys/socket.h>
43 #include <sys/sockio.h>
44 #include <sys/time.h>
45 #include <sys/kernel.h>
46 #include <sys/errno.h>
47 #include <sys/syslog.h>
48 #include <sys/queue.h>
49 #include <sys/vimage.h>
50
51 #include <net/if.h>
52 #include <net/if_types.h>
53 #include <net/if_dl.h>
54 #include <net/route.h>
55 #include <net/radix.h>
56 #include <net/vnet.h>
57
58 #include <netinet/in.h>
59 #include <netinet6/in6_var.h>
60 #include <netinet6/in6_ifattach.h>
61 #include <netinet/ip6.h>
62 #include <netinet6/ip6_var.h>
63 #include <netinet6/nd6.h>
64 #include <netinet/icmp6.h>
65 #include <netinet6/scope6_var.h>
66 #include <netinet6/vinet6.h>
67
68 #define SDL(s) ((struct sockaddr_dl *)s)
69
70 static int rtpref(struct nd_defrouter *);
71 static struct nd_defrouter *defrtrlist_update(struct nd_defrouter *);
72 static int prelist_update __P((struct nd_prefixctl *, struct nd_defrouter *,
73 struct mbuf *, int));
74 static struct in6_ifaddr *in6_ifadd(struct nd_prefixctl *, int);
75 static struct nd_pfxrouter *pfxrtr_lookup __P((struct nd_prefix *,
76 struct nd_defrouter *));
77 static void pfxrtr_add(struct nd_prefix *, struct nd_defrouter *);
78 static void pfxrtr_del(struct nd_pfxrouter *);
79 static struct nd_pfxrouter *find_pfxlist_reachable_router
80 (struct nd_prefix *);
81 static void defrouter_delreq(struct nd_defrouter *);
82 static void nd6_rtmsg(int, struct rtentry *);
83
84 static int in6_init_prefix_ltimes(struct nd_prefix *);
85 static void in6_init_address_ltimes __P((struct nd_prefix *,
86 struct in6_addrlifetime *));
87
88 static int rt6_deleteroute(struct radix_node *, void *);
89
90 #ifdef VIMAGE_GLOBALS
91 extern int nd6_recalc_reachtm_interval;
92
93 static struct ifnet *nd6_defifp;
94 int nd6_defifindex;
95
96 int ip6_use_tempaddr;
97 int ip6_desync_factor;
98 u_int32_t ip6_temp_preferred_lifetime;
99 u_int32_t ip6_temp_valid_lifetime;
100 int ip6_temp_regen_advance;
101 #endif
102
103 /* RTPREF_MEDIUM has to be 0! */
104 #define RTPREF_HIGH 1
105 #define RTPREF_MEDIUM 0
106 #define RTPREF_LOW (-1)
107 #define RTPREF_RESERVED (-2)
108 #define RTPREF_INVALID (-3) /* internal */
109
110 /*
111 * Receive Router Solicitation Message - just for routers.
112 * Router solicitation/advertisement is mostly managed by userland program
113 * (rtadvd) so here we have no function like nd6_ra_output().
114 *
115 * Based on RFC 2461
116 */
117 void
118 nd6_rs_input(struct mbuf *m, int off, int icmp6len)
119 {
120 INIT_VNET_INET6(curvnet);
121 struct ifnet *ifp = m->m_pkthdr.rcvif;
122 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
123 struct nd_router_solicit *nd_rs;
124 struct in6_addr saddr6 = ip6->ip6_src;
125 char *lladdr = NULL;
126 int lladdrlen = 0;
127 union nd_opts ndopts;
128 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
129
130 /* If I'm not a router, ignore it. */
131 if (V_ip6_accept_rtadv != 0 || V_ip6_forwarding != 1)
132 goto freeit;
133
134 /* Sanity checks */
135 if (ip6->ip6_hlim != 255) {
136 nd6log((LOG_ERR,
137 "nd6_rs_input: invalid hlim (%d) from %s to %s on %s\n",
138 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
139 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
140 goto bad;
141 }
142
143 /*
144 * Don't update the neighbor cache, if src = ::.
145 * This indicates that the src has no IP address assigned yet.
146 */
147 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6))
148 goto freeit;
149
150 #ifndef PULLDOWN_TEST
151 IP6_EXTHDR_CHECK(m, off, icmp6len,);
152 nd_rs = (struct nd_router_solicit *)((caddr_t)ip6 + off);
153 #else
154 IP6_EXTHDR_GET(nd_rs, struct nd_router_solicit *, m, off, icmp6len);
155 if (nd_rs == NULL) {
156 V_icmp6stat.icp6s_tooshort++;
157 return;
158 }
159 #endif
160
161 icmp6len -= sizeof(*nd_rs);
162 nd6_option_init(nd_rs + 1, icmp6len, &ndopts);
163 if (nd6_options(&ndopts) < 0) {
164 nd6log((LOG_INFO,
165 "nd6_rs_input: invalid ND option, ignored\n"));
166 /* nd6_options have incremented stats */
167 goto freeit;
168 }
169
170 if (ndopts.nd_opts_src_lladdr) {
171 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
172 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
173 }
174
175 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
176 nd6log((LOG_INFO,
177 "nd6_rs_input: lladdrlen mismatch for %s "
178 "(if %d, RS packet %d)\n",
179 ip6_sprintf(ip6bufs, &saddr6),
180 ifp->if_addrlen, lladdrlen - 2));
181 goto bad;
182 }
183
184 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_ROUTER_SOLICIT, 0);
185
186 freeit:
187 m_freem(m);
188 return;
189
190 bad:
191 V_icmp6stat.icp6s_badrs++;
192 m_freem(m);
193 }
194
195 /*
196 * Receive Router Advertisement Message.
197 *
198 * Based on RFC 2461
199 * TODO: on-link bit on prefix information
200 * TODO: ND_RA_FLAG_{OTHER,MANAGED} processing
201 */
202 void
203 nd6_ra_input(struct mbuf *m, int off, int icmp6len)
204 {
205 INIT_VNET_INET6(curvnet);
206 struct ifnet *ifp = m->m_pkthdr.rcvif;
207 struct nd_ifinfo *ndi = ND_IFINFO(ifp);
208 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
209 struct nd_router_advert *nd_ra;
210 struct in6_addr saddr6 = ip6->ip6_src;
211 int mcast = 0;
212 union nd_opts ndopts;
213 struct nd_defrouter *dr;
214 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
215
216 /*
217 * We only accept RAs only when
218 * the system-wide variable allows the acceptance, and
219 * per-interface variable allows RAs on the receiving interface.
220 */
221 if (V_ip6_accept_rtadv == 0)
222 goto freeit;
223 if (!(ndi->flags & ND6_IFF_ACCEPT_RTADV))
224 goto freeit;
225
226 if (ip6->ip6_hlim != 255) {
227 nd6log((LOG_ERR,
228 "nd6_ra_input: invalid hlim (%d) from %s to %s on %s\n",
229 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
230 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
231 goto bad;
232 }
233
234 if (!IN6_IS_ADDR_LINKLOCAL(&saddr6)) {
235 nd6log((LOG_ERR,
236 "nd6_ra_input: src %s is not link-local\n",
237 ip6_sprintf(ip6bufs, &saddr6)));
238 goto bad;
239 }
240
241 #ifndef PULLDOWN_TEST
242 IP6_EXTHDR_CHECK(m, off, icmp6len,);
243 nd_ra = (struct nd_router_advert *)((caddr_t)ip6 + off);
244 #else
245 IP6_EXTHDR_GET(nd_ra, struct nd_router_advert *, m, off, icmp6len);
246 if (nd_ra == NULL) {
247 V_icmp6stat.icp6s_tooshort++;
248 return;
249 }
250 #endif
251
252 icmp6len -= sizeof(*nd_ra);
253 nd6_option_init(nd_ra + 1, icmp6len, &ndopts);
254 if (nd6_options(&ndopts) < 0) {
255 nd6log((LOG_INFO,
256 "nd6_ra_input: invalid ND option, ignored\n"));
257 /* nd6_options have incremented stats */
258 goto freeit;
259 }
260
261 {
262 struct nd_defrouter dr0;
263 u_int32_t advreachable = nd_ra->nd_ra_reachable;
264
265 /* remember if this is a multicasted advertisement */
266 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst))
267 mcast = 1;
268
269 bzero(&dr0, sizeof(dr0));
270 dr0.rtaddr = saddr6;
271 dr0.flags = nd_ra->nd_ra_flags_reserved;
272 dr0.rtlifetime = ntohs(nd_ra->nd_ra_router_lifetime);
273 dr0.expire = time_second + dr0.rtlifetime;
274 dr0.ifp = ifp;
275 /* unspecified or not? (RFC 2461 6.3.4) */
276 if (advreachable) {
277 advreachable = ntohl(advreachable);
278 if (advreachable <= MAX_REACHABLE_TIME &&
279 ndi->basereachable != advreachable) {
280 ndi->basereachable = advreachable;
281 ndi->reachable = ND_COMPUTE_RTIME(ndi->basereachable);
282 ndi->recalctm = V_nd6_recalc_reachtm_interval; /* reset */
283 }
284 }
285 if (nd_ra->nd_ra_retransmit)
286 ndi->retrans = ntohl(nd_ra->nd_ra_retransmit);
287 if (nd_ra->nd_ra_curhoplimit)
288 ndi->chlim = nd_ra->nd_ra_curhoplimit;
289 dr = defrtrlist_update(&dr0);
290 }
291
292 /*
293 * prefix
294 */
295 if (ndopts.nd_opts_pi) {
296 struct nd_opt_hdr *pt;
297 struct nd_opt_prefix_info *pi = NULL;
298 struct nd_prefixctl pr;
299
300 for (pt = (struct nd_opt_hdr *)ndopts.nd_opts_pi;
301 pt <= (struct nd_opt_hdr *)ndopts.nd_opts_pi_end;
302 pt = (struct nd_opt_hdr *)((caddr_t)pt +
303 (pt->nd_opt_len << 3))) {
304 if (pt->nd_opt_type != ND_OPT_PREFIX_INFORMATION)
305 continue;
306 pi = (struct nd_opt_prefix_info *)pt;
307
308 if (pi->nd_opt_pi_len != 4) {
309 nd6log((LOG_INFO,
310 "nd6_ra_input: invalid option "
311 "len %d for prefix information option, "
312 "ignored\n", pi->nd_opt_pi_len));
313 continue;
314 }
315
316 if (128 < pi->nd_opt_pi_prefix_len) {
317 nd6log((LOG_INFO,
318 "nd6_ra_input: invalid prefix "
319 "len %d for prefix information option, "
320 "ignored\n", pi->nd_opt_pi_prefix_len));
321 continue;
322 }
323
324 if (IN6_IS_ADDR_MULTICAST(&pi->nd_opt_pi_prefix)
325 || IN6_IS_ADDR_LINKLOCAL(&pi->nd_opt_pi_prefix)) {
326 nd6log((LOG_INFO,
327 "nd6_ra_input: invalid prefix "
328 "%s, ignored\n",
329 ip6_sprintf(ip6bufs,
330 &pi->nd_opt_pi_prefix)));
331 continue;
332 }
333
334 bzero(&pr, sizeof(pr));
335 pr.ndpr_prefix.sin6_family = AF_INET6;
336 pr.ndpr_prefix.sin6_len = sizeof(pr.ndpr_prefix);
337 pr.ndpr_prefix.sin6_addr = pi->nd_opt_pi_prefix;
338 pr.ndpr_ifp = (struct ifnet *)m->m_pkthdr.rcvif;
339
340 pr.ndpr_raf_onlink = (pi->nd_opt_pi_flags_reserved &
341 ND_OPT_PI_FLAG_ONLINK) ? 1 : 0;
342 pr.ndpr_raf_auto = (pi->nd_opt_pi_flags_reserved &
343 ND_OPT_PI_FLAG_AUTO) ? 1 : 0;
344 pr.ndpr_plen = pi->nd_opt_pi_prefix_len;
345 pr.ndpr_vltime = ntohl(pi->nd_opt_pi_valid_time);
346 pr.ndpr_pltime = ntohl(pi->nd_opt_pi_preferred_time);
347 (void)prelist_update(&pr, dr, m, mcast);
348 }
349 }
350
351 /*
352 * MTU
353 */
354 if (ndopts.nd_opts_mtu && ndopts.nd_opts_mtu->nd_opt_mtu_len == 1) {
355 u_long mtu;
356 u_long maxmtu;
357
358 mtu = (u_long)ntohl(ndopts.nd_opts_mtu->nd_opt_mtu_mtu);
359
360 /* lower bound */
361 if (mtu < IPV6_MMTU) {
362 nd6log((LOG_INFO, "nd6_ra_input: bogus mtu option "
363 "mtu=%lu sent from %s, ignoring\n",
364 mtu, ip6_sprintf(ip6bufs, &ip6->ip6_src)));
365 goto skip;
366 }
367
368 /* upper bound */
369 maxmtu = (ndi->maxmtu && ndi->maxmtu < ifp->if_mtu)
370 ? ndi->maxmtu : ifp->if_mtu;
371 if (mtu <= maxmtu) {
372 int change = (ndi->linkmtu != mtu);
373
374 ndi->linkmtu = mtu;
375 if (change) /* in6_maxmtu may change */
376 in6_setmaxmtu();
377 } else {
378 nd6log((LOG_INFO, "nd6_ra_input: bogus mtu "
379 "mtu=%lu sent from %s; "
380 "exceeds maxmtu %lu, ignoring\n",
381 mtu, ip6_sprintf(ip6bufs, &ip6->ip6_src), maxmtu));
382 }
383 }
384
385 skip:
386
387 /*
388 * Source link layer address
389 */
390 {
391 char *lladdr = NULL;
392 int lladdrlen = 0;
393
394 if (ndopts.nd_opts_src_lladdr) {
395 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
396 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
397 }
398
399 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
400 nd6log((LOG_INFO,
401 "nd6_ra_input: lladdrlen mismatch for %s "
402 "(if %d, RA packet %d)\n", ip6_sprintf(ip6bufs, &saddr6),
403 ifp->if_addrlen, lladdrlen - 2));
404 goto bad;
405 }
406
407 nd6_cache_lladdr(ifp, &saddr6, lladdr,
408 lladdrlen, ND_ROUTER_ADVERT, 0);
409
410 /*
411 * Installing a link-layer address might change the state of the
412 * router's neighbor cache, which might also affect our on-link
413 * detection of adveritsed prefixes.
414 */
415 pfxlist_onlink_check();
416 }
417
418 freeit:
419 m_freem(m);
420 return;
421
422 bad:
423 V_icmp6stat.icp6s_badra++;
424 m_freem(m);
425 }
426
427 /*
428 * default router list proccessing sub routines
429 */
430
431 /* tell the change to user processes watching the routing socket. */
432 static void
433 nd6_rtmsg(int cmd, struct rtentry *rt)
434 {
435 struct rt_addrinfo info;
436
437 bzero((caddr_t)&info, sizeof(info));
438 info.rti_info[RTAX_DST] = rt_key(rt);
439 info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
440 info.rti_info[RTAX_NETMASK] = rt_mask(rt);
441 if (rt->rt_ifp) {
442 info.rti_info[RTAX_IFP] =
443 TAILQ_FIRST(&rt->rt_ifp->if_addrlist)->ifa_addr;
444 info.rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr;
445 }
446
447 rt_missmsg(cmd, &info, rt->rt_flags, 0);
448 }
449
450 void
451 defrouter_addreq(struct nd_defrouter *new)
452 {
453 struct sockaddr_in6 def, mask, gate;
454 struct rtentry *newrt = NULL;
455 int s;
456 int error;
457
458 bzero(&def, sizeof(def));
459 bzero(&mask, sizeof(mask));
460 bzero(&gate, sizeof(gate));
461
462 def.sin6_len = mask.sin6_len = gate.sin6_len =
463 sizeof(struct sockaddr_in6);
464 def.sin6_family = gate.sin6_family = AF_INET6;
465 gate.sin6_addr = new->rtaddr;
466
467 s = splnet();
468 error = rtrequest(RTM_ADD, (struct sockaddr *)&def,
469 (struct sockaddr *)&gate, (struct sockaddr *)&mask,
470 RTF_GATEWAY, &newrt);
471 if (newrt) {
472 RT_LOCK(newrt);
473 nd6_rtmsg(RTM_ADD, newrt); /* tell user process */
474 RT_REMREF(newrt);
475 RT_UNLOCK(newrt);
476 }
477 if (error == 0)
478 new->installed = 1;
479 splx(s);
480 return;
481 }
482
483 struct nd_defrouter *
484 defrouter_lookup(struct in6_addr *addr, struct ifnet *ifp)
485 {
486 INIT_VNET_INET6(ifp->if_vnet);
487 struct nd_defrouter *dr;
488
489 for (dr = TAILQ_FIRST(&V_nd_defrouter); dr;
490 dr = TAILQ_NEXT(dr, dr_entry)) {
491 if (dr->ifp == ifp && IN6_ARE_ADDR_EQUAL(addr, &dr->rtaddr))
492 return (dr);
493 }
494
495 return (NULL); /* search failed */
496 }
497
498 /*
499 * Remove the default route for a given router.
500 * This is just a subroutine function for defrouter_select(), and should
501 * not be called from anywhere else.
502 */
503 static void
504 defrouter_delreq(struct nd_defrouter *dr)
505 {
506 struct sockaddr_in6 def, mask, gate;
507 struct rtentry *oldrt = NULL;
508
509 bzero(&def, sizeof(def));
510 bzero(&mask, sizeof(mask));
511 bzero(&gate, sizeof(gate));
512
513 def.sin6_len = mask.sin6_len = gate.sin6_len =
514 sizeof(struct sockaddr_in6);
515 def.sin6_family = gate.sin6_family = AF_INET6;
516 gate.sin6_addr = dr->rtaddr;
517
518 rtrequest(RTM_DELETE, (struct sockaddr *)&def,
519 (struct sockaddr *)&gate,
520 (struct sockaddr *)&mask, RTF_GATEWAY, &oldrt);
521 if (oldrt) {
522 nd6_rtmsg(RTM_DELETE, oldrt);
523 RTFREE(oldrt);
524 }
525
526 dr->installed = 0;
527 }
528
529 /*
530 * remove all default routes from default router list
531 */
532 void
533 defrouter_reset(void)
534 {
535 INIT_VNET_INET6(curvnet);
536 struct nd_defrouter *dr;
537
538 for (dr = TAILQ_FIRST(&V_nd_defrouter); dr;
539 dr = TAILQ_NEXT(dr, dr_entry))
540 defrouter_delreq(dr);
541
542 /*
543 * XXX should we also nuke any default routers in the kernel, by
544 * going through them by rtalloc1()?
545 */
546 }
547
548 void
549 defrtrlist_del(struct nd_defrouter *dr)
550 {
551 INIT_VNET_INET6(curvnet);
552 struct nd_defrouter *deldr = NULL;
553 struct nd_prefix *pr;
554
555 /*
556 * Flush all the routing table entries that use the router
557 * as a next hop.
558 */
559 if (!V_ip6_forwarding && V_ip6_accept_rtadv) /* XXX: better condition? */
560 rt6_flush(&dr->rtaddr, dr->ifp);
561
562 if (dr->installed) {
563 deldr = dr;
564 defrouter_delreq(dr);
565 }
566 TAILQ_REMOVE(&V_nd_defrouter, dr, dr_entry);
567
568 /*
569 * Also delete all the pointers to the router in each prefix lists.
570 */
571 for (pr = V_nd_prefix.lh_first; pr; pr = pr->ndpr_next) {
572 struct nd_pfxrouter *pfxrtr;
573 if ((pfxrtr = pfxrtr_lookup(pr, dr)) != NULL)
574 pfxrtr_del(pfxrtr);
575 }
576 pfxlist_onlink_check();
577
578 /*
579 * If the router is the primary one, choose a new one.
580 * Note that defrouter_select() will remove the current gateway
581 * from the routing table.
582 */
583 if (deldr)
584 defrouter_select();
585
586 free(dr, M_IP6NDP);
587 }
588
589 /*
590 * Default Router Selection according to Section 6.3.6 of RFC 2461 and
591 * draft-ietf-ipngwg-router-selection:
592 * 1) Routers that are reachable or probably reachable should be preferred.
593 * If we have more than one (probably) reachable router, prefer ones
594 * with the highest router preference.
595 * 2) When no routers on the list are known to be reachable or
596 * probably reachable, routers SHOULD be selected in a round-robin
597 * fashion, regardless of router preference values.
598 * 3) If the Default Router List is empty, assume that all
599 * destinations are on-link.
600 *
601 * We assume nd_defrouter is sorted by router preference value.
602 * Since the code below covers both with and without router preference cases,
603 * we do not need to classify the cases by ifdef.
604 *
605 * At this moment, we do not try to install more than one default router,
606 * even when the multipath routing is available, because we're not sure about
607 * the benefits for stub hosts comparing to the risk of making the code
608 * complicated and the possibility of introducing bugs.
609 */
610 void
611 defrouter_select(void)
612 {
613 INIT_VNET_INET6(curvnet);
614 int s = splnet();
615 struct nd_defrouter *dr, *selected_dr = NULL, *installed_dr = NULL;
616 struct rtentry *rt = NULL;
617 struct llinfo_nd6 *ln = NULL;
618
619 /*
620 * This function should be called only when acting as an autoconfigured
621 * host. Although the remaining part of this function is not effective
622 * if the node is not an autoconfigured host, we explicitly exclude
623 * such cases here for safety.
624 */
625 if (V_ip6_forwarding || !V_ip6_accept_rtadv) {
626 nd6log((LOG_WARNING,
627 "defrouter_select: called unexpectedly (forwarding=%d, "
628 "accept_rtadv=%d)\n", V_ip6_forwarding, V_ip6_accept_rtadv));
629 splx(s);
630 return;
631 }
632
633 /*
634 * Let's handle easy case (3) first:
635 * If default router list is empty, there's nothing to be done.
636 */
637 if (!TAILQ_FIRST(&V_nd_defrouter)) {
638 splx(s);
639 return;
640 }
641
642 /*
643 * Search for a (probably) reachable router from the list.
644 * We just pick up the first reachable one (if any), assuming that
645 * the ordering rule of the list described in defrtrlist_update().
646 */
647 for (dr = TAILQ_FIRST(&V_nd_defrouter); dr;
648 dr = TAILQ_NEXT(dr, dr_entry)) {
649 if (selected_dr == NULL &&
650 (rt = nd6_lookup(&dr->rtaddr, 0, dr->ifp)) &&
651 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) &&
652 ND6_IS_LLINFO_PROBREACH(ln)) {
653 selected_dr = dr;
654 }
655
656 if (dr->installed && installed_dr == NULL)
657 installed_dr = dr;
658 else if (dr->installed && installed_dr) {
659 /* this should not happen. warn for diagnosis. */
660 log(LOG_ERR, "defrouter_select: more than one router"
661 " is installed\n");
662 }
663 }
664 /*
665 * If none of the default routers was found to be reachable,
666 * round-robin the list regardless of preference.
667 * Otherwise, if we have an installed router, check if the selected
668 * (reachable) router should really be preferred to the installed one.
669 * We only prefer the new router when the old one is not reachable
670 * or when the new one has a really higher preference value.
671 */
672 if (selected_dr == NULL) {
673 if (installed_dr == NULL || !TAILQ_NEXT(installed_dr, dr_entry))
674 selected_dr = TAILQ_FIRST(&V_nd_defrouter);
675 else
676 selected_dr = TAILQ_NEXT(installed_dr, dr_entry);
677 } else if (installed_dr &&
678 (rt = nd6_lookup(&installed_dr->rtaddr, 0, installed_dr->ifp)) &&
679 (ln = (struct llinfo_nd6 *)rt->rt_llinfo) &&
680 ND6_IS_LLINFO_PROBREACH(ln) &&
681 rtpref(selected_dr) <= rtpref(installed_dr)) {
682 selected_dr = installed_dr;
683 }
684
685 /*
686 * If the selected router is different than the installed one,
687 * remove the installed router and install the selected one.
688 * Note that the selected router is never NULL here.
689 */
690 if (installed_dr != selected_dr) {
691 if (installed_dr)
692 defrouter_delreq(installed_dr);
693 defrouter_addreq(selected_dr);
694 }
695
696 splx(s);
697 return;
698 }
699
700 /*
701 * for default router selection
702 * regards router-preference field as a 2-bit signed integer
703 */
704 static int
705 rtpref(struct nd_defrouter *dr)
706 {
707 switch (dr->flags & ND_RA_FLAG_RTPREF_MASK) {
708 case ND_RA_FLAG_RTPREF_HIGH:
709 return (RTPREF_HIGH);
710 case ND_RA_FLAG_RTPREF_MEDIUM:
711 case ND_RA_FLAG_RTPREF_RSV:
712 return (RTPREF_MEDIUM);
713 case ND_RA_FLAG_RTPREF_LOW:
714 return (RTPREF_LOW);
715 default:
716 /*
717 * This case should never happen. If it did, it would mean a
718 * serious bug of kernel internal. We thus always bark here.
719 * Or, can we even panic?
720 */
721 log(LOG_ERR, "rtpref: impossible RA flag %x\n", dr->flags);
722 return (RTPREF_INVALID);
723 }
724 /* NOTREACHED */
725 }
726
727 static struct nd_defrouter *
728 defrtrlist_update(struct nd_defrouter *new)
729 {
730 INIT_VNET_INET6(curvnet);
731 struct nd_defrouter *dr, *n;
732 int s = splnet();
733
734 if ((dr = defrouter_lookup(&new->rtaddr, new->ifp)) != NULL) {
735 /* entry exists */
736 if (new->rtlifetime == 0) {
737 defrtrlist_del(dr);
738 dr = NULL;
739 } else {
740 int oldpref = rtpref(dr);
741
742 /* override */
743 dr->flags = new->flags; /* xxx flag check */
744 dr->rtlifetime = new->rtlifetime;
745 dr->expire = new->expire;
746
747 /*
748 * If the preference does not change, there's no need
749 * to sort the entries.
750 */
751 if (rtpref(new) == oldpref) {
752 splx(s);
753 return (dr);
754 }
755
756 /*
757 * preferred router may be changed, so relocate
758 * this router.
759 * XXX: calling TAILQ_REMOVE directly is a bad manner.
760 * However, since defrtrlist_del() has many side
761 * effects, we intentionally do so here.
762 * defrouter_select() below will handle routing
763 * changes later.
764 */
765 TAILQ_REMOVE(&V_nd_defrouter, dr, dr_entry);
766 n = dr;
767 goto insert;
768 }
769 splx(s);
770 return (dr);
771 }
772
773 /* entry does not exist */
774 if (new->rtlifetime == 0) {
775 splx(s);
776 return (NULL);
777 }
778
779 n = (struct nd_defrouter *)malloc(sizeof(*n), M_IP6NDP, M_NOWAIT);
780 if (n == NULL) {
781 splx(s);
782 return (NULL);
783 }
784 bzero(n, sizeof(*n));
785 *n = *new;
786
787 insert:
788 /*
789 * Insert the new router in the Default Router List;
790 * The Default Router List should be in the descending order
791 * of router-preferece. Routers with the same preference are
792 * sorted in the arriving time order.
793 */
794
795 /* insert at the end of the group */
796 for (dr = TAILQ_FIRST(&V_nd_defrouter); dr;
797 dr = TAILQ_NEXT(dr, dr_entry)) {
798 if (rtpref(n) > rtpref(dr))
799 break;
800 }
801 if (dr)
802 TAILQ_INSERT_BEFORE(dr, n, dr_entry);
803 else
804 TAILQ_INSERT_TAIL(&V_nd_defrouter, n, dr_entry);
805
806 defrouter_select();
807
808 splx(s);
809
810 return (n);
811 }
812
813 static struct nd_pfxrouter *
814 pfxrtr_lookup(struct nd_prefix *pr, struct nd_defrouter *dr)
815 {
816 struct nd_pfxrouter *search;
817
818 for (search = pr->ndpr_advrtrs.lh_first; search; search = search->pfr_next) {
819 if (search->router == dr)
820 break;
821 }
822
823 return (search);
824 }
825
826 static void
827 pfxrtr_add(struct nd_prefix *pr, struct nd_defrouter *dr)
828 {
829 struct nd_pfxrouter *new;
830
831 new = (struct nd_pfxrouter *)malloc(sizeof(*new), M_IP6NDP, M_NOWAIT);
832 if (new == NULL)
833 return;
834 bzero(new, sizeof(*new));
835 new->router = dr;
836
837 LIST_INSERT_HEAD(&pr->ndpr_advrtrs, new, pfr_entry);
838
839 pfxlist_onlink_check();
840 }
841
842 static void
843 pfxrtr_del(struct nd_pfxrouter *pfr)
844 {
845 LIST_REMOVE(pfr, pfr_entry);
846 free(pfr, M_IP6NDP);
847 }
848
849 struct nd_prefix *
850 nd6_prefix_lookup(struct nd_prefixctl *key)
851 {
852 INIT_VNET_INET6(curvnet);
853 struct nd_prefix *search;
854
855 for (search = V_nd_prefix.lh_first;
856 search; search = search->ndpr_next) {
857 if (key->ndpr_ifp == search->ndpr_ifp &&
858 key->ndpr_plen == search->ndpr_plen &&
859 in6_are_prefix_equal(&key->ndpr_prefix.sin6_addr,
860 &search->ndpr_prefix.sin6_addr, key->ndpr_plen)) {
861 break;
862 }
863 }
864
865 return (search);
866 }
867
868 int
869 nd6_prelist_add(struct nd_prefixctl *pr, struct nd_defrouter *dr,
870 struct nd_prefix **newp)
871 {
872 INIT_VNET_INET6(curvnet);
873 struct nd_prefix *new = NULL;
874 int error = 0;
875 int i, s;
876 char ip6buf[INET6_ADDRSTRLEN];
877
878 new = (struct nd_prefix *)malloc(sizeof(*new), M_IP6NDP, M_NOWAIT);
879 if (new == NULL)
880 return(ENOMEM);
881 bzero(new, sizeof(*new));
882 new->ndpr_ifp = pr->ndpr_ifp;
883 new->ndpr_prefix = pr->ndpr_prefix;
884 new->ndpr_plen = pr->ndpr_plen;
885 new->ndpr_vltime = pr->ndpr_vltime;
886 new->ndpr_pltime = pr->ndpr_pltime;
887 new->ndpr_flags = pr->ndpr_flags;
888 if ((error = in6_init_prefix_ltimes(new)) != 0) {
889 free(new, M_IP6NDP);
890 return(error);
891 }
892 new->ndpr_lastupdate = time_second;
893 if (newp != NULL)
894 *newp = new;
895
896 /* initialization */
897 LIST_INIT(&new->ndpr_advrtrs);
898 in6_prefixlen2mask(&new->ndpr_mask, new->ndpr_plen);
899 /* make prefix in the canonical form */
900 for (i = 0; i < 4; i++)
901 new->ndpr_prefix.sin6_addr.s6_addr32[i] &=
902 new->ndpr_mask.s6_addr32[i];
903
904 s = splnet();
905 /* link ndpr_entry to nd_prefix list */
906 LIST_INSERT_HEAD(&V_nd_prefix, new, ndpr_entry);
907 splx(s);
908
909 /* ND_OPT_PI_FLAG_ONLINK processing */
910 if (new->ndpr_raf_onlink) {
911 int e;
912
913 if ((e = nd6_prefix_onlink(new)) != 0) {
914 nd6log((LOG_ERR, "nd6_prelist_add: failed to make "
915 "the prefix %s/%d on-link on %s (errno=%d)\n",
916 ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr),
917 pr->ndpr_plen, if_name(pr->ndpr_ifp), e));
918 /* proceed anyway. XXX: is it correct? */
919 }
920 }
921
922 if (dr)
923 pfxrtr_add(new, dr);
924
925 return 0;
926 }
927
928 void
929 prelist_remove(struct nd_prefix *pr)
930 {
931 INIT_VNET_INET6(curvnet);
932 struct nd_pfxrouter *pfr, *next;
933 int e, s;
934 char ip6buf[INET6_ADDRSTRLEN];
935
936 /* make sure to invalidate the prefix until it is really freed. */
937 pr->ndpr_vltime = 0;
938 pr->ndpr_pltime = 0;
939
940 /*
941 * Though these flags are now meaningless, we'd rather keep the value
942 * of pr->ndpr_raf_onlink and pr->ndpr_raf_auto not to confuse users
943 * when executing "ndp -p".
944 */
945
946 if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0 &&
947 (e = nd6_prefix_offlink(pr)) != 0) {
948 nd6log((LOG_ERR, "prelist_remove: failed to make %s/%d offlink "
949 "on %s, errno=%d\n",
950 ip6_sprintf(ip6buf, &pr->ndpr_prefix.sin6_addr),
951 pr->ndpr_plen, if_name(pr->ndpr_ifp), e));
952 /* what should we do? */
953 }
954
955 if (pr->ndpr_refcnt > 0)
956 return; /* notice here? */
957
958 s = splnet();
959
960 /* unlink ndpr_entry from nd_prefix list */
961 LIST_REMOVE(pr, ndpr_entry);
962
963 /* free list of routers that adversed the prefix */
964 for (pfr = pr->ndpr_advrtrs.lh_first; pfr; pfr = next) {
965 next = pfr->pfr_next;
966
967 free(pfr, M_IP6NDP);
968 }
969 splx(s);
970
971 free(pr, M_IP6NDP);
972
973 pfxlist_onlink_check();
974 }
975
976 /*
977 * dr - may be NULL
978 */
979
980 static int
981 prelist_update(struct nd_prefixctl *new, struct nd_defrouter *dr,
982 struct mbuf *m, int mcast)
983 {
984 INIT_VNET_INET6(curvnet);
985 struct in6_ifaddr *ia6 = NULL, *ia6_match = NULL;
986 struct ifaddr *ifa;
987 struct ifnet *ifp = new->ndpr_ifp;
988 struct nd_prefix *pr;
989 int s = splnet();
990 int error = 0;
991 int newprefix = 0;
992 int auth;
993 struct in6_addrlifetime lt6_tmp;
994 char ip6buf[INET6_ADDRSTRLEN];
995
996 auth = 0;
997 if (m) {
998 /*
999 * Authenticity for NA consists authentication for
1000 * both IP header and IP datagrams, doesn't it ?
1001 */
1002 #if defined(M_AUTHIPHDR) && defined(M_AUTHIPDGM)
1003 auth = ((m->m_flags & M_AUTHIPHDR) &&
1004 (m->m_flags & M_AUTHIPDGM));
1005 #endif
1006 }
1007
1008 if ((pr = nd6_prefix_lookup(new)) != NULL) {
1009 /*
1010 * nd6_prefix_lookup() ensures that pr and new have the same
1011 * prefix on a same interface.
1012 */
1013
1014 /*
1015 * Update prefix information. Note that the on-link (L) bit
1016 * and the autonomous (A) bit should NOT be changed from 1
1017 * to 0.
1018 */
1019 if (new->ndpr_raf_onlink == 1)
1020 pr->ndpr_raf_onlink = 1;
1021 if (new->ndpr_raf_auto == 1)
1022 pr->ndpr_raf_auto = 1;
1023 if (new->ndpr_raf_onlink) {
1024 |