]> git.saurik.com Git - apple/xnu.git/blame - bsd/netinet6/nd6_nbr.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-123.5.tar.gz
[apple/xnu.git] / bsd / netinet6 / nd6_nbr.c
CommitLineData
1c79356b
A		 1/* $KAME: nd6_nbr.c,v 1.32 2000/03/21 11:37:30 itojun Exp $ */
2
3/*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32#if (defined(__FreeBSD__) && __FreeBSD__ >= 3) || defined(__NetBSD__)
33#include "opt_inet.h"
34#if __NetBSD__ /*XXX*/
35#include "opt_ipsec.h"
36#endif
37#endif
38
39#include <sys/param.h>
40#include <sys/systm.h>
41#include <sys/malloc.h>
42#include <sys/mbuf.h>
43#include <sys/socket.h>
44#include <sys/sockio.h>
45#include <sys/time.h>
46#include <sys/kernel.h>
47#include <sys/errno.h>
48#if !(defined(__FreeBSD__) && __FreeBSD__ >= 3)
49#include <sys/ioctl.h>
50#endif
51#include <sys/syslog.h>
52#include <kern/queue.h>
53
54#include <net/if.h>
55#include <net/if_types.h>
56#include <net/if_dl.h>
57#include <net/route.h>
58
59#include <netinet/in.h>
60#include <netinet/in_var.h>
61#include <netinet6/in6_var.h>
62#include <netinet/ip6.h>
63#include <netinet6/ip6_var.h>
64#include <netinet6/nd6.h>
65#include <netinet/icmp6.h>
66
67#ifdef __OpenBSD__ /*don't confuse KAME ipsec with OpenBSD ipsec*/
68#undef IPSEC
69#endif
70
71#if IPSEC
72#include <netinet6/ipsec.h>
73#endif
74
75#include <net/net_osdep.h>
76
77#define SDL(s) ((struct sockaddr_dl *)s)
78
79struct dadq;
80static struct dadq *nd6_dad_find __P((struct ifaddr *));
81static void nd6_dad_timer __P((struct ifaddr *));
82static void nd6_dad_ns_output __P((struct dadq *, struct ifaddr *));
83static void nd6_dad_ns_input __P((struct ifaddr *));
84static void nd6_dad_na_input __P((struct ifaddr *));
85
86static int dad_ignore_ns = 0; /* ignore NS in DAD - specwise incorrect*/
87static int dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */
88
89/*
90 * Input an Neighbor Solicitation Message.
91 *
92 * Based on RFC 2461
93 * Based on RFC 2462 (duplicated address detection)
94 */
95void
96nd6_ns_input(m, off, icmp6len)
97 struct mbuf *m;
98 int off, icmp6len;
99{
100 struct ifnet *ifp = m->m_pkthdr.rcvif;
101 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
102 struct nd_neighbor_solicit *nd_ns;
103 struct in6_addr saddr6 = ip6->ip6_src;
104 struct in6_addr daddr6 = ip6->ip6_dst;
105 struct in6_addr taddr6;
106 struct in6_addr myaddr6;
107 char *lladdr = NULL;
108 struct ifaddr *ifa;
109 int lladdrlen = 0;
110 int anycast = 0, proxy = 0, tentative = 0;
111 int tlladdr;
112 union nd_opts ndopts;
113 struct sockaddr_dl *proxydl = NULL;
114
115 if (ip6->ip6_hlim != 255) {
116 log(LOG_ERR,
117 "nd6_ns_input: invalid hlim %d\n", ip6->ip6_hlim);
118 goto freeit;
119 }
120
121 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
122 /* dst has to be solicited node multicast address. */
123 if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL
124 /*don't check ifindex portion*/
125 && daddr6.s6_addr32[1] == 0
126 && daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE
127 && daddr6.s6_addr8[12] == 0xff) {
128 ; /*good*/
129 } else {
130 log(LOG_INFO, "nd6_ns_input: bad DAD packet "
131 "(wrong ip6 dst)\n");
132 goto bad;
133 }
134 }
135
136#ifndef PULLDOWN_TEST
137 IP6_EXTHDR_CHECK(m, off, icmp6len,);
138 nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off);
139#else
140 IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len);
141 if (nd_ns == NULL) {
142 icmp6stat.icp6s_tooshort++;
143 return;
144 }
145#endif
146 taddr6 = nd_ns->nd_ns_target;
147
148 if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
149 log(LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n");
150 goto bad;
151 }
152
153 if (IN6_IS_SCOPE_LINKLOCAL(&taddr6))
154 taddr6.s6_addr16[1] = htons(ifp->if_index);
155
156 icmp6len -= sizeof(*nd_ns);
157 nd6_option_init(nd_ns + 1, icmp6len, &ndopts);
158 if (nd6_options(&ndopts) < 0) {
159 log(LOG_INFO, "nd6_ns_input: invalid ND option, ignored\n");
160 goto bad;
161 }
162
163 if (ndopts.nd_opts_src_lladdr) {
164 lladdr = (char *)(ndopts.nd_opts_src_lladdr +1);
165 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
166 }
167
168 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) {
169 log(LOG_INFO, "nd6_ns_input: bad DAD packet "
170 "(link-layer address option)\n");
171 goto bad;
172 }
173
174 /*
175 * Attaching target link-layer address to the NA?
176 * (RFC 2461 7.2.4)
177 *
178 * NS IP dst is unicast/anycast MUST NOT add
179 * NS IP dst is solicited-node multicast MUST add
180 *
181 * In implementation, we add target link-layer address by default.
182 * We do not add one in MUST NOT cases.
183 */
184#if 0 /* too much! */
185 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &daddr6);
186 if (ifa && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST))
187 tlladdr = 0;
188 else
189#endif
190 if (!IN6_IS_ADDR_MULTICAST(&daddr6))
191 tlladdr = 0;
192 else
193 tlladdr = 1;
194
195 /*
196 * Target address (taddr6) must be either:
197 * (1) Valid unicast/anycast address for my receiving interface,
198 * (2) Unicast address for which I'm offering proxy service, or
199 * (3) "tentative" address on which DAD is being performed.
200 */
201 /* (1) and (3) check. */
202 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
203
204 /* (2) check. */
205 if (!ifa) {
206 struct rtentry *rt;
207 struct sockaddr_in6 tsin6;
208
209 bzero(&tsin6, sizeof tsin6);
210 tsin6.sin6_len = sizeof(struct sockaddr_in6);
211 tsin6.sin6_family = AF_INET6;
212 tsin6.sin6_addr = taddr6;
213
214 rt = rtalloc1((struct sockaddr *)&tsin6, 0
215#if __FreeBSD__ || defined (__APPLE__)
216 , 0
217#endif /* __FreeBSD__ */
218 );
219 if (rt && (rt->rt_flags & RTF_ANNOUNCE) != 0 &&
220 rt->rt_gateway->sa_family == AF_LINK) {
221 /*
222 * proxy NDP for single entry
223 */
224 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp,
225 IN6_IFF_NOTREADY|IN6_IFF_ANYCAST);
226 if (ifa) {
227 proxy = 1;
228 proxydl = SDL(rt->rt_gateway);
229 }
230 }
231 if (rt)
232 rtfree(rt);
233 }
234 if (!ifa) {
235 /*
236 * We've got a NS packet, and we don't have that adddress
237 * assigned for us. We MUST silently ignore it.
238 * See RFC2461 7.2.3.
239 */
240 goto freeit;
241 }
242 myaddr6 = *IFA_IN6(ifa);
243 anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST;
244 tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE;
245 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED)
246 goto freeit;
247
248 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
249 log(LOG_INFO,
250 "nd6_ns_input: lladdrlen mismatch for %s "
251 "(if %d, NS packet %d)\n",
252 ip6_sprintf(&taddr6), ifp->if_addrlen, lladdrlen - 2);
253 }
254
255 if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) {
256 log(LOG_INFO,
257 "nd6_ns_input: duplicate IP6 address %s\n",
258 ip6_sprintf(&saddr6));
259 goto freeit;
260 }
261
262 /*
263 * We have neighbor solicitation packet, with target address equals to
264 * one of my tentative address.
265 *
266 * src addr how to process?
267 * --- ---
268 * multicast of course, invalid (rejected in ip6_input)
269 * unicast somebody is doing address resolution -> ignore
270 * unspec dup address detection
271 *
272 * The processing is defined in RFC 2462.
273 */
274 if (tentative) {
275 /*
276 * If source address is unspecified address, it is for
277 * duplicated address detection.
278 *
279 * If not, the packet is for addess resolution;
280 * silently ignore it.
281 */
282 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6))
283 nd6_dad_ns_input(ifa);
284
285 goto freeit;
286 }
287
288 /*
289 * If the source address is unspecified address, entries must not
290 * be created or updated.
291 * It looks that sender is performing DAD. Output NA toward
292 * all-node multicast address, to tell the sender that I'm using
293 * the address.
294 * S bit ("solicited") must be zero.
295 */
296 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
297 saddr6 = in6addr_linklocal_allnodes;
298 saddr6.s6_addr16[1] = htons(ifp->if_index);
299 nd6_na_output(ifp, &saddr6, &taddr6,
300 ((anycast || proxy || !tlladdr)
301 ? 0 : ND_NA_FLAG_OVERRIDE)
302 | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0),
303 tlladdr, (struct sockaddr *)proxydl);
304 goto freeit;
305 }
306
307 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_NEIGHBOR_SOLICIT, 0);
308
309 nd6_na_output(ifp, &saddr6, &taddr6,
310 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE)
311 | (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0)
312 | ND_NA_FLAG_SOLICITED,
313 tlladdr, (struct sockaddr *)proxydl);
314 freeit:
315 m_freem(m);
316 return;
317
318 bad:
319 log(LOG_ERR, "nd6_ns_input: src=%s\n", ip6_sprintf(&saddr6));
320 log(LOG_ERR, "nd6_ns_input: dst=%s\n", ip6_sprintf(&daddr6));
321 log(LOG_ERR, "nd6_ns_input: tgt=%s\n", ip6_sprintf(&taddr6));
322 m_freem(m);
323}
324
325/*
326 * Output an Neighbor Solicitation Message. Caller specifies:
327 * - ICMP6 header source IP6 address
328 * - ND6 header target IP6 address
329 * - ND6 header source datalink address
330 *
331 * Based on RFC 2461
332 * Based on RFC 2462 (duplicated address detection)
333 */
334void
335nd6_ns_output(ifp, daddr6, taddr6, ln, dad)
336 struct ifnet *ifp;
337 struct in6_addr *daddr6, *taddr6;
338 struct llinfo_nd6 *ln; /* for source address determination */
339 int dad; /* duplicated address detection */
340{
341 struct mbuf *m;
342 struct ip6_hdr *ip6;
343 struct nd_neighbor_solicit *nd_ns;
344 struct in6_ifaddr *ia = NULL;
345 struct ip6_moptions im6o;
346 int icmp6len;
347 int maxlen;
348 caddr_t mac;
349 struct ifnet *outif = NULL;
350
351 if (IN6_IS_ADDR_MULTICAST(taddr6))
352 return;
353
354 /* estimate the size of message */
355 maxlen = sizeof(*ip6) + sizeof(*nd_ns);
356 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
357 if (max_linkhdr + maxlen >= MCLBYTES) {
358#ifdef DIAGNOSTIC
359 printf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES "
360 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES);
361#endif
362 return;
363 }
364
365 MGETHDR(m, M_DONTWAIT, MT_DATA);
366 if (m && max_linkhdr + maxlen >= MHLEN) {
367 MCLGET(m, M_DONTWAIT);
368 if ((m->m_flags & M_EXT) == 0) {
369 m_free(m);
370 m = NULL;
371 }
372 }
373 if (m == NULL)
374 return;
375
376 if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) {
377 m->m_flags |= M_MCAST;
378 im6o.im6o_multicast_ifp = ifp;
379 im6o.im6o_multicast_hlim = 255;
380 im6o.im6o_multicast_loop = 0;
381 }
382
383 icmp6len = sizeof(*nd_ns);
384 m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len;
385 m->m_data += max_linkhdr; /*or MH_ALIGN() equivalent?*/
386
387 /* fill neighbor solicitation packet */
388 ip6 = mtod(m, struct ip6_hdr *);
389 ip6->ip6_flow = 0;
390 ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
391 ip6->ip6_vfc |= IPV6_VERSION;
392 /* ip6->ip6_plen will be set later */
393 ip6->ip6_nxt = IPPROTO_ICMPV6;
394 ip6->ip6_hlim = 255;
395 if (daddr6)
396 ip6->ip6_dst = *daddr6;
397 else {
398 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
399 ip6->ip6_dst.s6_addr16[1] = htons(ifp->if_index);
400 ip6->ip6_dst.s6_addr32[1] = 0;
401 ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE;
402 ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3];
403 ip6->ip6_dst.s6_addr8[12] = 0xff;
404 }
405 if (!dad) {
406#if 0 /* KAME way, exact address scope match */
407 /*
408 * Select a source whose scope is the same as that of the dest.
409 * Typically, the dest is link-local solicitation multicast
410 * (i.e. neighbor discovery) or link-local/global unicast
411 * (i.e. neighbor un-reachability detection).
412 */
413 ia = in6_ifawithifp(ifp, &ip6->ip6_dst);
414 if (ia == NULL) {
415 m_freem(m);
416 return;
417 }
418 ip6->ip6_src = ia->ia_addr.sin6_addr;
419#else /* spec-wise correct */
420 /*
421 * RFC2461 7.2.2:
422 * "If the source address of the packet prompting the
423 * solicitation is the same as one of the addresses assigned
424 * to the outgoing interface, that address SHOULD be placed
425 * in the IP Source Address of the outgoing solicitation.
426 * Otherwise, any one of the addresses assigned to the
427 * interface should be used."
428 *
429 * We use the source address for the prompting packet
430 * (saddr6), if:
431 * - saddr6 is given from the caller (by giving "ln"), and
432 * - saddr6 belongs to the outgoing interface.
433 * Otherwise, we perform a scope-wise match.
434 */
435 struct ip6_hdr *hip6; /*hold ip6*/
436 struct in6_addr *saddr6;
437
438 if (ln && ln->ln_hold) {
439 hip6 = mtod(ln->ln_hold, struct ip6_hdr *);
440 /* XXX pullup? */
441 if (sizeof(*hip6) < ln->ln_hold->m_len)
442 saddr6 = &hip6->ip6_src;
443 else
444 saddr6 = NULL;
445 } else
446 saddr6 = NULL;
447 if (saddr6 && in6ifa_ifpwithaddr(ifp, saddr6))
448 bcopy(saddr6, &ip6->ip6_src, sizeof(*saddr6));
449 else {
450 ia = in6_ifawithifp(ifp, &ip6->ip6_dst);
451 if (ia == NULL) {
452 m_freem(m); /*XXX*/
453 return;
454 }
455 ip6->ip6_src = ia->ia_addr.sin6_addr;
456 }
457#endif
458 } else {
459 /*
460 * Source address for DAD packet must always be IPv6
461 * unspecified address. (0::0)
462 */
463 bzero(&ip6->ip6_src, sizeof(ip6->ip6_src));
464 }
465 nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1);
466 nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT;
467 nd_ns->nd_ns_code = 0;
468 nd_ns->nd_ns_reserved = 0;
469 nd_ns->nd_ns_target = *taddr6;
470
471 if (IN6_IS_SCOPE_LINKLOCAL(&nd_ns->nd_ns_target))
472 nd_ns->nd_ns_target.s6_addr16[1] = 0;
473
474 /*
475 * Add source link-layer address option.
476 *
477 * spec implementation
478 * --- ---
479 * DAD packet MUST NOT do not add the option
480 * there's no link layer address:
481 * impossible do not add the option
482 * there's link layer address:
483 * Multicast NS MUST add one add the option
484 * Unicast NS SHOULD add one add the option
485 */
486 if (!dad && (mac = nd6_ifptomac(ifp))) {
487 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
488 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1);
489 /* 8 byte alignments... */
490 optlen = (optlen + 7) & ~7;
491
492 m->m_pkthdr.len += optlen;
493 m->m_len += optlen;
494 icmp6len += optlen;
495 bzero((caddr_t)nd_opt, optlen);
496 nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR;
497 nd_opt->nd_opt_len = optlen >> 3;
498 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen);
499 }
500
501 ip6->ip6_plen = htons((u_short)icmp6len);
502 nd_ns->nd_ns_cksum = 0;
503 nd_ns->nd_ns_cksum
504 = in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len);
505
506#if IPSEC
507 /* Don't lookup socket */
508 ipsec_setsocket(m, NULL);
509#endif
510 ip6_output(m, NULL, NULL, dad ? IPV6_DADOUTPUT : 0, &im6o, &outif);
511 if (outif) {
512 icmp6_ifstat_inc(outif, ifs6_out_msg);
513 icmp6_ifstat_inc(outif, ifs6_out_neighborsolicit);
514 }
515 icmp6stat.icp6s_outhist[ND_NEIGHBOR_SOLICIT]++;
516}
517
518/*
519 * Neighbor advertisement input handling.
520 *
521 * Based on RFC 2461
522 * Based on RFC 2462 (duplicated address detection)
523 *
524 * the following items are not implemented yet:
525 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
526 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
527 */
528void
529nd6_na_input(m, off, icmp6len)
530 struct mbuf *m;
531 int off, icmp6len;
532{
533 struct ifnet *ifp = m->m_pkthdr.rcvif;
534 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
535 struct nd_neighbor_advert *nd_na;
536#if 0
537 struct in6_addr saddr6 = ip6->ip6_src;
538#endif
539 struct in6_addr daddr6 = ip6->ip6_dst;
540 struct in6_addr taddr6;
541 int flags;
542 int is_router;
543 int is_solicited;
544 int is_override;
545 char *lladdr = NULL;
546 int lladdrlen = 0;
547 struct ifaddr *ifa;
548 struct llinfo_nd6 *ln;
549 struct rtentry *rt;
550 struct sockaddr_dl *sdl;
551 union nd_opts ndopts;
552
553 if (ip6->ip6_hlim != 255) {
554 log(LOG_ERR,
555 "nd6_na_input: invalid hlim %d\n", ip6->ip6_hlim);
556 goto freeit;
557 }
558
559#ifndef PULLDOWN_TEST
560 IP6_EXTHDR_CHECK(m, off, icmp6len,);
561 nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off);
562#else
563 IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len);
564 if (nd_na == NULL) {
565 icmp6stat.icp6s_tooshort++;
566 return;
567 }
568#endif
569 taddr6 = nd_na->nd_na_target;
570 flags = nd_na->nd_na_flags_reserved;
571 is_router = ((flags & ND_NA_FLAG_ROUTER) != 0);
572 is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0);
573 is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0);
574
575 if (IN6_IS_SCOPE_LINKLOCAL(&taddr6))
576 taddr6.s6_addr16[1] = htons(ifp->if_index);
577
578 if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
579 log(LOG_ERR,
580 "nd6_na_input: invalid target address %s\n",
581 ip6_sprintf(&taddr6));
582 goto freeit;
583 }
584 if (IN6_IS_ADDR_MULTICAST(&daddr6))
585 if (is_solicited) {
586 log(LOG_ERR,
587 "nd6_na_input: a solicited adv is multicasted\n");
588 goto freeit;
589 }
590
591 icmp6len -= sizeof(*nd_na);
592 nd6_option_init(nd_na + 1, icmp6len, &ndopts);
593 if (nd6_options(&ndopts) < 0) {
594 log(LOG_INFO, "nd6_na_input: invalid ND option, ignored\n");
595 goto freeit;
596 }
597
598 if (ndopts.nd_opts_tgt_lladdr) {
599 lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1);
600 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
601 }
602
603 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
604
605 /*
606 * Target address matches one of my interface address.
607 *
608 * If my address is tentative, this means that there's somebody
609 * already using the same address as mine. This indicates DAD failure.
610 * This is defined in RFC 2462.
611 *
612 * Otherwise, process as defined in RFC 2461.
613 */
614 if (ifa
615 && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) {
616 nd6_dad_na_input(ifa);
617 goto freeit;
618 }
619
620 /* Just for safety, maybe unnecessery. */
621 if (ifa) {
622 log(LOG_ERR,
623 "nd6_na_input: duplicate IP6 address %s\n",
624 ip6_sprintf(&taddr6));
625 goto freeit;
626 }
627
628 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
629 log(LOG_INFO,
630 "nd6_na_input: lladdrlen mismatch for %s "
631 "(if %d, NA packet %d)\n",
632 ip6_sprintf(&taddr6), ifp->if_addrlen, lladdrlen - 2);
633 }
634
635 /*
636 * If no neighbor cache entry is found, NA SHOULD silently be discarded.
637 */
638 rt = nd6_lookup(&taddr6, 0, ifp);
639 if ((rt == NULL) ||
640 ((ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) ||
641 ((sdl = SDL(rt->rt_gateway)) == NULL))
642 goto freeit;
643
644 if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
645 /*
646 * If the link-layer has address, and no lladdr option came,
647 * discard the packet.
648 */
649 if (ifp->if_addrlen && !lladdr)
650 goto freeit;
651
652 /*
653 * Record link-layer address, and update the state.
654 */
655 sdl->sdl_alen = ifp->if_addrlen;
656 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen);
657 if (is_solicited) {
658 ln->ln_state = ND6_LLINFO_REACHABLE;
659 if (ln->ln_expire)
660#if !(defined(__FreeBSD__) && __FreeBSD__ >= 3) && !defined(__APPLE__)
661 ln->ln_expire = time.tv_sec +
662#else
663 ln->ln_expire = time_second +
664#endif
665 nd_ifinfo[rt->rt_ifp->if_index].reachable;
666 } else
667 ln->ln_state = ND6_LLINFO_STALE;
668 ln->ln_router = is_router;
669 } else {
670 int llchange;
671
672 /*
673 * Check if the link-layer address has changed or not.
674 */
675 if (!lladdr)
676 llchange = 0;
677 else {
678 if (sdl->sdl_alen) {
679 if (bcmp(lladdr, LLADDR(sdl), ifp->if_addrlen))
680 llchange = 1;
681 else
682 llchange = 0;
683 } else
684 llchange = 1;
685 }
686
687 /*
688 * This is VERY complex. Look at it with care.
689 *
690 * override solicit lladdr llchange action
691 * (L: record lladdr)
692 *
693 * 0 0 n -- (2c)
694 * 0 0 y n (2b) L
695 * 0 0 y y (1) REACHABLE->STALE
696 * 0 1 n -- (2c) *->REACHABLE
697 * 0 1 y n (2b) L *->REACHABLE
698 * 0 1 y y (1) REACHABLE->STALE
699 * 1 0 n -- (2a)
700 * 1 0 y n (2a) L
701 * 1 0 y y (2a) L *->STALE
702 * 1 1 n -- (2a) *->REACHABLE
703 * 1 1 y n (2a) L *->REACHABLE
704 * 1 1 y y (2a) L *->REACHABLE
705 */
706 if (!is_override && (lladdr && llchange)) { /* (1) */
707 /*
708 * If state is REACHABLE, make it STALE.
709 * no other updates should be done.
710 */
711 if (ln->ln_state == ND6_LLINFO_REACHABLE)
712 ln->ln_state = ND6_LLINFO_STALE;
713 goto freeit;
714 } else if (is_override /* (2a) */
715 || (!is_override && (lladdr && !llchange)) /* (2b) */
716 || !lladdr) { /* (2c) */
717 /*
718 * Update link-local address, if any.
719 */
720 if (lladdr) {
721 sdl->sdl_alen = ifp->if_addrlen;
722 bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen);
723 }
724
725 /*
726 * If solicited, make the state REACHABLE.
727 * If not solicited and the link-layer address was
728 * changed, make it STALE.
729 */
730 if (is_solicited) {
731 ln->ln_state = ND6_LLINFO_REACHABLE;
732 if (ln->ln_expire) {
733#if !(defined(__FreeBSD__) && __FreeBSD__ >= 3) && !defined(__APPLE__)
734 ln->ln_expire = time.tv_sec +
735#else
736 ln->ln_expire = time_second +
737#endif
738 nd_ifinfo[ifp->if_index].reachable;
739 }
740 } else {
741 if (lladdr && llchange)
742 ln->ln_state = ND6_LLINFO_STALE;
743 }
744 }
745
746 if (ln->ln_router && !is_router) {
747 /*
748 * The peer dropped the router flag.
749 * Remove the sender from the Default Router List and
750 * update the Destination Cache entries.
751 */
752 struct nd_defrouter *dr;
753 struct in6_addr *in6;
754 int s;
755
756 in6 = &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr;
757#if __NetBSD__
758 s = splsoftnet();
759#else
760 s = splnet();
761#endif
762 dr = defrouter_lookup(in6, rt->rt_ifp);
763 if (dr)
764 defrtrlist_del(dr);
765 else if (!ip6_forwarding && ip6_accept_rtadv) {
766 /*
767 * Even if the neighbor is not in the default
768 * router list, the neighbor may be used
769 * as a next hop for some destinations
770 * (e.g. redirect case). So we must
771 * call rt6_flush explicitly.
772 */
773 rt6_flush(&ip6->ip6_src, rt->rt_ifp);
774 }
775 splx(s);
776 }
777 ln->ln_router = is_router;
778 }
779 rt->rt_flags &= ~RTF_REJECT;
780 ln->ln_asked = 0;
781 if (ln->ln_hold) {
782#if OLDIP6OUTPUT
783 (*ifp->if_output)(ifp, ln->ln_hold, rt_key(rt), rt);
784#else
785 nd6_output(ifp, ln->ln_hold,
786 (struct sockaddr_in6 *)rt_key(rt), rt);
787#endif
788 ln->ln_hold = 0;
789 }
790
791 freeit:
792 m_freem(m);
793}
794
795/*
796 * Neighbor advertisement output handling.
797 *
798 * Based on RFC 2461
799 *
800 * the following items are not implemented yet:
801 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
802 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
803 */
804void
805nd6_na_output(ifp, daddr6, taddr6, flags, tlladdr, sdl0)
806 struct ifnet *ifp;
807 struct in6_addr *daddr6, *taddr6;
808 u_long flags;
809 int tlladdr; /* 1 if include target link-layer address */
810 struct sockaddr *sdl0; /* sockaddr_dl (= proxy NA) or NULL */
811{
812 struct mbuf *m;
813 struct ip6_hdr *ip6;
814 struct nd_neighbor_advert *nd_na;
815 struct in6_ifaddr *ia = NULL;
816 struct ip6_moptions im6o;
817 int icmp6len;
818 int maxlen;
819 caddr_t mac;
820 struct ifnet *outif = NULL;
821
822 /* estimate the size of message */
823 maxlen = sizeof(*ip6) + sizeof(*nd_na);
824 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
825 if (max_linkhdr + maxlen >= MCLBYTES) {
826#ifdef DIAGNOSTIC
827 printf("nd6_na_output: max_linkhdr + maxlen >= MCLBYTES "
828 "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES);
829#endif
830 return;
831 }
832
833 MGETHDR(m, M_DONTWAIT, MT_DATA);
834 if (m && max_linkhdr + maxlen >= MHLEN) {
835 MCLGET(m, M_DONTWAIT);
836 if ((m->m_flags & M_EXT) == 0) {
837 m_free(m);
838 m = NULL;
839 }
840 }
841 if (m == NULL)
842 return;
843
844 if (IN6_IS_ADDR_MULTICAST(daddr6)) {
845 m->m_flags |= M_MCAST;
846 im6o.im6o_multicast_ifp = ifp;
847 im6o.im6o_multicast_hlim = 255;
848 im6o.im6o_multicast_loop = 0;
849 }
850
851 icmp6len = sizeof(*nd_na);
852 m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len;
853 m->m_data += max_linkhdr; /*or MH_ALIGN() equivalent?*/
854
855 /* fill neighbor advertisement packet */
856 ip6 = mtod(m, struct ip6_hdr *);
857 ip6->ip6_flow = 0;
858 ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
859 ip6->ip6_vfc |= IPV6_VERSION;
860 ip6->ip6_nxt = IPPROTO_ICMPV6;
861 ip6->ip6_hlim = 255;
862 if (IN6_IS_ADDR_UNSPECIFIED(daddr6)) {
863 /* reply to DAD */
864 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
865 ip6->ip6_dst.s6_addr16[1] = htons(ifp->if_index);
866 ip6->ip6_dst.s6_addr32[1] = 0;
867 ip6->ip6_dst.s6_addr32[2] = 0;
868 ip6->ip6_dst.s6_addr32[3] = IPV6_ADDR_INT32_ONE;
869 flags &= ~ND_NA_FLAG_SOLICITED;
870 } else
871 ip6->ip6_dst = *daddr6;
872
873 /*
874 * Select a source whose scope is the same as that of the dest.
875 */
876 ia = in6_ifawithifp(ifp, &ip6->ip6_dst);
877 if (ia == NULL) {
878 m_freem(m);
879 return;
880 }
881 ip6->ip6_src = ia->ia_addr.sin6_addr;
882 nd_na = (struct nd_neighbor_advert *)(ip6 + 1);
883 nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
884 nd_na->nd_na_code = 0;
885 nd_na->nd_na_target = *taddr6;
886 if (IN6_IS_SCOPE_LINKLOCAL(&nd_na->nd_na_target))
887 nd_na->nd_na_target.s6_addr16[1] = 0;
888
889 /*
890 * "tlladdr" indicates NS's condition for adding tlladdr or not.
891 * see nd6_ns_input() for details.
892 * Basically, if NS packet is sent to unicast/anycast addr,
893 * target lladdr option SHOULD NOT be included.
894 */
895 if (tlladdr) {
896 mac = NULL;
897 /*
898 * sdl0 != NULL indicates proxy NA. If we do proxy, use
899 * lladdr in sdl0. If we are not proxying (sending NA for
900 * my address) use lladdr configured for the interface.
901 */
902 if (sdl0 == NULL)
903 mac = nd6_ifptomac(ifp);
904 else if (sdl0->sa_family == AF_LINK) {
905 struct sockaddr_dl *sdl;
906 sdl = (struct sockaddr_dl *)sdl0;
907 if (sdl->sdl_alen == ifp->if_addrlen)
908 mac = LLADDR(sdl);
909 }
910 }
911 if (tlladdr && mac) {
912 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
913 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1);
914
915 /* roundup to 8 bytes alignment! */
916 optlen = (optlen + 7) & ~7;
917
918 m->m_pkthdr.len += optlen;
919 m->m_len += optlen;
920 icmp6len += optlen;
921 bzero((caddr_t)nd_opt, optlen);
922 nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR;
923 nd_opt->nd_opt_len = optlen >> 3;
924 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen);
925 } else
926 flags &= ~ND_NA_FLAG_OVERRIDE;
927
928 ip6->ip6_plen = htons((u_short)icmp6len);
929 nd_na->nd_na_flags_reserved = flags;
930 nd_na->nd_na_cksum = 0;
931 nd_na->nd_na_cksum =
932 in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len);
933
934#if IPSEC
935 /* Don't lookup socket */
936 ipsec_setsocket(m, NULL);
937#endif
938 ip6_output(m, NULL, NULL, 0, &im6o, &outif);
939 if (outif) {
940 icmp6_ifstat_inc(outif, ifs6_out_msg);
941 icmp6_ifstat_inc(outif, ifs6_out_neighboradvert);
942 }
943 icmp6stat.icp6s_outhist[ND_NEIGHBOR_ADVERT]++;
944}
945
946caddr_t
947nd6_ifptomac(ifp)
948 struct ifnet *ifp;
949{
950 switch (ifp->if_type) {
951 case IFT_ARCNET:
952 case IFT_ETHER:
953 case IFT_FDDI:
954#if __NetBSD__
955 return LLADDR(ifp->if_sadl);
956#else
957 return ((caddr_t)(ifp + 1));
958#endif
959 break;
960 default:
961 return NULL;
962 }
963}
964
965TAILQ_HEAD(dadq_head, dadq);
966struct dadq {
967 TAILQ_ENTRY(dadq) dad_list;
968 struct ifaddr *dad_ifa;
969 int dad_count; /* max NS to send */
970 int dad_ns_tcount; /* # of trials to send NS */
971 int dad_ns_ocount; /* NS sent so far */
972 int dad_ns_icount;
973 int dad_na_icount;
974#if defined(__FreeBSD__) && __FreeBSD__ >= 3
975 struct callout_handle dad_timer;
976#endif
977};
978
979static struct dadq_head dadq;
980
981static struct dadq *
982nd6_dad_find(ifa)
983 struct ifaddr *ifa;
984{
985 struct dadq *dp;
986
987 for (dp = dadq.tqh_first; dp; dp = dp->dad_list.tqe_next) {
988 if (dp->dad_ifa == ifa)
989 return dp;
990 }
991 return NULL;
992}
993
994/*
995 * Start Duplicated Address Detection (DAD) for specified interface address.
996 */
997void
998nd6_dad_start(ifa, tick)
999 struct ifaddr *ifa;
1000 int *tick; /* minimum delay ticks for IFF_UP event */
1001{
1002 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1003 struct dadq *dp;
1004 static int dad_init = 0;
1005
1006 if (!dad_init) {
1007 TAILQ_INIT(&dadq);
1008 dad_init++;
1009 }
1010
1011 /*
1012 * If we don't need DAD, don't do it.
1013 * There are several cases:
1014 * - DAD is disabled (ip6_dad_count == 0)
1015 * - the interface address is anycast
1016 */
1017 if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) {
1018 log(LOG_DEBUG,
1019 "nd6_dad_start: called with non-tentative address "
1020 "%s(%s)\n",
1021 ip6_sprintf(&ia->ia_addr.sin6_addr),
1022 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1023 return;
1024 }
1025 if (ia->ia6_flags & IN6_IFF_ANYCAST) {
1026 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1027 return;
1028 }
1029 if (!ip6_dad_count) {
1030 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1031 return;
1032 }
1033 if (!ifa->ifa_ifp)
1034 panic("nd6_dad_start: ifa->ifa_ifp == NULL");
1035 if (!(ifa->ifa_ifp->if_flags & IFF_UP))
1036 return;
1037 if (nd6_dad_find(ifa) != NULL) {
1038 /* DAD already in progress */
1039 return;
1040 }
1041
1042 dp = _MALLOC(sizeof(*dp), M_IP6NDP, M_NOWAIT);
1043 if (dp == NULL) {
1044 log(LOG_ERR, "nd6_dad_start: memory allocation failed for "
1045 "%s(%s)\n",
1046 ip6_sprintf(&ia->ia_addr.sin6_addr),
1047 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1048 return;
1049 }
1050 bzero(dp, sizeof(*dp));
1051 TAILQ_INSERT_TAIL(&dadq, (struct dadq *)dp, dad_list);
1052
1053#if ND6_DEBUG
1054 log(LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp),
1055 ip6_sprintf(&ia->ia_addr.sin6_addr));
1056#endif
1057
1058 /*
1059 * Send NS packet for DAD, ip6_dad_count times.
1060 * Note that we must delay the first transmission, if this is the
1061 * first packet to be sent from the interface after interface
1062 * (re)initialization.
1063 */
1064 dp->dad_ifa = ifa;
1065 ifa->ifa_refcnt++; /*just for safety*/
1066 dp->dad_count = ip6_dad_count;
1067 dp->dad_ns_icount = dp->dad_na_icount = 0;
1068 dp->dad_ns_ocount = dp->dad_ns_tcount = 0;
1069 if (!tick) {
1070 nd6_dad_ns_output(dp, ifa);
1071#if defined(__FreeBSD__) && __FreeBSD__ >= 3
1072 dp->dad_timer =
1073#endif
1074 timeout((void (*) __P((void *)))nd6_dad_timer, (void *)ifa,
1075 nd_ifinfo[ifa->ifa_ifp->if_index].retrans * hz / 1000);
1076 } else {
1077 int ntick;
1078
1079 if (*tick == 0)
1080 ntick = random() % (MAX_RTR_SOLICITATION_DELAY * hz);
1081 else
1082 ntick = *tick + random() % (hz / 2);
1083 *tick = ntick;
1084#if defined(__FreeBSD__) && __FreeBSD__ >= 3
1085 dp->dad_timer =
1086#endif
1087 timeout((void (*) __P((void *)))nd6_dad_timer, (void *)ifa,
1088 ntick);
1089 }
1090}
1091
1092static void
1093nd6_dad_timer(ifa)
1094 struct ifaddr *ifa;
1095{
1096 int s;
1097 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1098 struct dadq *dp;
1099
1100#ifdef __APPLE__
1101 boolean_t funnel_state;
1102 funnel_state = thread_set_funneled(TRUE);
1103#endif
1104#if __NetBSD__
1105 s = splsoftnet(); /*XXX*/
1106#else
1107 s = splnet(); /*XXX*/
1108#endif
1109
1110 /* Sanity check */
1111 if (ia == NULL) {
1112 log(LOG_ERR, "nd6_dad_timer: called with null parameter\n");
1113 goto done;
1114 }
1115 dp = nd6_dad_find(ifa);
1116 if (dp == NULL) {
1117 log(LOG_ERR, "nd6_dad_timer: DAD structure not found\n");
1118 goto done;
1119 }
1120 if (ia->ia6_flags & IN6_IFF_DUPLICATED) {
1121 log(LOG_ERR, "nd6_dad_timer: called with duplicated address "
1122 "%s(%s)\n",
1123 ip6_sprintf(&ia->ia_addr.sin6_addr),
1124 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1125 goto done;
1126 }
1127 if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) {
1128 log(LOG_ERR, "nd6_dad_timer: called with non-tentative address "
1129 "%s(%s)\n",
1130 ip6_sprintf(&ia->ia_addr.sin6_addr),
1131 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1132 goto done;
1133 }
1134
1135 /* timeouted with IFF_{RUNNING,UP} check */
1136 if (dp->dad_ns_tcount > dad_maxtry) {
1137 log(LOG_ERR, "%s: could not run DAD, driver problem?\n",
1138 if_name(ifa->ifa_ifp));
1139
1140 TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list);
1141 _FREE(dp, M_IP6NDP);
1142 dp = NULL;
1143 IFAFREE(ifa);
1144 goto done;
1145 }
1146
1147 /* Need more checks? */
1148 if (dp->dad_ns_ocount < dp->dad_count) {
1149 /*
1150 * We have more NS to go. Send NS packet for DAD.
1151 */
1152 nd6_dad_ns_output(dp, ifa);
1153#if defined(__FreeBSD__) && __FreeBSD__ >= 3
1154 dp->dad_timer =
1155#endif
1156 timeout((void (*) __P((void *)))nd6_dad_timer, (void *)ifa,
1157 nd_ifinfo[ifa->ifa_ifp->if_index].retrans * hz / 1000);
1158 } else {
1159 /*
1160 * We have transmitted sufficient number of DAD packets.
1161 * See what we've got.
1162 */
1163 int duplicate;
1164
1165 duplicate = 0;
1166
1167 if (dp->dad_na_icount) {
1168 /*
1169 * the check is in nd6_dad_na_input(),
1170 * but just in case
1171 */
1172 duplicate++;
1173 }
1174
1175 if (dp->dad_ns_icount) {
1176#if 0 /*heuristics*/
1177 /*
1178 * if
1179 * - we have sent many(?) DAD NS, and
1180 * - the number of NS we sent equals to the
1181 * number of NS we've got, and
1182 * - we've got no NA
1183 * we may have a faulty network card/driver which
1184 * loops back multicasts to myself.
1185 */
1186 if (3 < dp->dad_count
1187 && dp->dad_ns_icount == dp->dad_count
1188 && dp->dad_na_icount == 0) {
1189 log(LOG_INFO, "DAD questionable for %s(%s): "
1190 "network card loops back multicast?\n",
1191 ip6_sprintf(&ia->ia_addr.sin6_addr),
1192 if_name(ifa->ifa_ifp));
1193 /* XXX consider it a duplicate or not? */
1194 /* duplicate++; */
1195 } else {
1196 /* We've seen NS, means DAD has failed. */
1197 duplicate++;
1198 }
1199#else
1200 /* We've seen NS, means DAD has failed. */
1201 duplicate++;
1202#endif
1203 }
1204
1205 if (duplicate) {
1206 /* (*dp) will be freed in nd6_dad_duplicated() */
1207 dp = NULL;
1208 nd6_dad_duplicated(ifa);
1209 } else {
1210 /*
1211 * We are done with DAD. No NA came, no NS came.
1212 * duplicated address found.
1213 */
1214 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1215
1216#if ND6_DEBUG
1217 log(LOG_INFO,
1218 "%s: DAD complete for %s - no duplicates found\n",
1219 if_name(ifa->ifa_ifp),
1220 ip6_sprintf(&ia->ia_addr.sin6_addr));
1221#endif
1222
1223 TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list);
1224 _FREE(dp, M_IP6NDP);
1225 dp = NULL;
1226 IFAFREE(ifa);
1227 }
1228 }
1229
1230done:
1231 splx(s);
1232#ifdef __APPLE__
1233 (void) thread_set_funneled(funnel_state);
1234#endif
1235}
1236
1237void
1238nd6_dad_duplicated(ifa)
1239 struct ifaddr *ifa;
1240{
1241 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1242 struct dadq *dp;
1243
1244 dp = nd6_dad_find(ifa);
1245 if (dp == NULL) {
1246 log(LOG_ERR, "nd6_dad_duplicated: DAD structure not found\n");
1247 return;
1248 }
1249
1250 log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: %d NS, "
1251 "%d NA\n", if_name(ifa->ifa_ifp),
1252 ip6_sprintf(&ia->ia_addr.sin6_addr),
1253 dp->dad_ns_icount, dp->dad_na_icount);
1254
1255 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1256 ia->ia6_flags |= IN6_IFF_DUPLICATED;
1257
1258 /* We are done with DAD, with duplicated address found. (failure) */
1259 untimeout((void (*) __P((void *)))nd6_dad_timer, (void *)ifa
1260#if defined(__FreeBSD__) && __FreeBSD__ >= 3
1261 , dp->dad_timer
1262#endif
1263 );
1264
1265 log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n",
1266 if_name(ifa->ifa_ifp), ip6_sprintf(&ia->ia_addr.sin6_addr));
1267 log(LOG_ERR, "%s: manual intervention required\n",
1268 if_name(ifa->ifa_ifp));
1269
1270 TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list);
1271 _FREE(dp, M_IP6NDP);
1272 dp = NULL;
1273 IFAFREE(ifa);
1274}
1275
1276static void
1277nd6_dad_ns_output(dp, ifa)
1278 struct dadq *dp;
1279 struct ifaddr *ifa;
1280{
1281 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1282 struct ifnet *ifp = ifa->ifa_ifp;
1283
1284 dp->dad_ns_tcount++;
1285 if ((ifp->if_flags & IFF_UP) == 0) {
1286#if 0
1287 printf("%s: interface down?\n", if_name(ifp));
1288#endif
1289 return;
1290 }
1291 if ((ifp->if_flags & IFF_RUNNING) == 0) {
1292#if 0
1293 printf("%s: interface not running?\n", if_name(ifp));
1294#endif
1295 return;
1296 }
1297
1298 dp->dad_ns_ocount++;
1299 nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL, 1);
1300}
1301
1302static void
1303nd6_dad_ns_input(ifa)
1304 struct ifaddr *ifa;
1305{
1306 struct in6_ifaddr *ia;
1307 struct ifnet *ifp;
1308 struct in6_addr *taddr6;
1309 struct dadq *dp;
1310 int duplicate;
1311
1312 if (!ifa)
1313 panic("ifa == NULL in nd6_dad_ns_input");
1314
1315 ia = (struct in6_ifaddr *)ifa;
1316 ifp = ifa->ifa_ifp;
1317 taddr6 = &ia->ia_addr.sin6_addr;
1318 duplicate = 0;
1319 dp = nd6_dad_find(ifa);
1320
1321 /*
1322 * If it is from myself, ignore this.
1323 */
1324 if (ifp && (ifp->if_flags & IFF_LOOPBACK))
1325 return;
1326
1327 /* Quickhack - completely ignore DAD NS packets */
1328 if (dad_ignore_ns) {
1329 log(LOG_INFO, "nd6_dad_ns_input: ignoring DAD NS packet for "
1330 "address %s(%s)\n", ip6_sprintf(taddr6),
1331 if_name(ifa->ifa_ifp));
1332 return;
1333 }
1334
1335 /*
1336 * if I'm yet to start DAD, someone else started using this address
1337 * first. I have a duplicate and you win.
1338 */
1339 if (!dp || dp->dad_ns_ocount == 0)
1340 duplicate++;
1341
1342 /* XXX more checks for loopback situation - see nd6_dad_timer too */
1343
1344 if (duplicate) {
1345 dp = NULL; /* will be freed in nd6_dad_duplicated() */
1346 nd6_dad_duplicated(ifa);
1347 } else {
1348 /*
1349 * not sure if I got a duplicate.
1350 * increment ns count and see what happens.
1351 */
1352 if (dp)
1353 dp->dad_ns_icount++;
1354 }
1355}
1356
1357static void
1358nd6_dad_na_input(ifa)
1359 struct ifaddr *ifa;
1360{
1361 struct dadq *dp;
1362
1363 if (!ifa)
1364 panic("ifa == NULL in nd6_dad_na_input");
1365
1366 dp = nd6_dad_find(ifa);
1367 if (dp)
1368 dp->dad_na_icount++;
1369
1370 /* remove the address. */
1371 nd6_dad_duplicated(ifa);
1372}
mirror of XNU