]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet/in_arp.c
projects / apple / xnu.git / blob
? search:


a18147ce2369129bd75ac74f68e86f2de1d25b4d
[apple/xnu.git] / bsd / netinet / in_arp.c
1 /*
2 * Copyright (c) 2004-2013 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * Copyright (c) 1982, 1989, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * Redistribution and use in source and binary forms, with or without
33 * modification, are permitted provided that the following conditions
34 * are met:
35 * 1. Redistributions of source code must retain the above copyright
36 * notice, this list of conditions and the following disclaimer.
37 * 2. Redistributions in binary form must reproduce the above copyright
38 * notice, this list of conditions and the following disclaimer in the
39 * documentation and/or other materials provided with the distribution.
40 * 3. All advertising materials mentioning features or use of this software
41 * must display the following acknowledgement:
42 * This product includes software developed by the University of
43 * California, Berkeley and its contributors.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 */
61
62 #include <kern/debug.h>
63 #include <netinet/in_arp.h>
64 #include <sys/types.h>
65 #include <sys/param.h>
66 #include <sys/kernel_types.h>
67 #include <sys/syslog.h>
68 #include <sys/systm.h>
69 #include <sys/time.h>
70 #include <sys/kernel.h>
71 #include <sys/mbuf.h>
72 #include <sys/sysctl.h>
73 #include <sys/mcache.h>
74 #include <sys/protosw.h>
75 #include <string.h>
76 #include <net/if_arp.h>
77 #include <net/if_dl.h>
78 #include <net/dlil.h>
79 #include <net/if_types.h>
80 #include <net/if_llreach.h>
81 #include <net/route.h>
82
83 #include <netinet/if_ether.h>
84 #include <netinet/in_var.h>
85 #include <kern/zalloc.h>
86
87 #define CONST_LLADDR(s) ((const u_char*)((s)->sdl_data + (s)->sdl_nlen))
88
89 static const size_t MAX_HW_LEN = 10;
90
91 /*
92 * Synchronization notes:
93 *
94 * The global list of ARP entries are stored in llinfo_arp; an entry
95 * gets inserted into the list when the route is created and gets
96 * removed from the list when it is deleted; this is done as part
97 * of RTM_ADD/RTM_RESOLVE/RTM_DELETE in arp_rtrequest().
98 *
99 * Because rnh_lock and rt_lock for the entry are held during those
100 * operations, the same locks (and thus lock ordering) must be used
101 * elsewhere to access the relevant data structure fields:
102 *
103 * la_le.{le_next,le_prev}, la_rt
104 *
105 * - Routing lock (rnh_lock)
106 *
107 * la_hold, la_asked, la_llreach, la_lastused
108 *
109 * - Routing entry lock (rt_lock)
110 *
111 * Due to the dependency on rt_lock, llinfo_arp has the same lifetime
112 * as the route entry itself. When a route is deleted (RTM_DELETE),
113 * it is simply removed from the global list but the memory is not
114 * freed until the route itself is freed.
115 */
116 struct llinfo_arp {
117 /*
118 * The following are protected by rnh_lock
119 */
120 LIST_ENTRY(llinfo_arp) la_le;
121 struct rtentry *la_rt;
122 /*
123 * The following are protected by rt_lock
124 */
125 struct mbuf *la_hold; /* last packet until resolved/timeout */
126 struct if_llreach *la_llreach; /* link-layer reachability record */
127 u_int64_t la_lastused; /* last used timestamp */
128 u_int32_t la_asked; /* # of requests sent */
129 u_int32_t la_maxtries; /* retry limit */
130 };
131 static LIST_HEAD(, llinfo_arp) llinfo_arp;
132
133 static int arp_timeout_run; /* arp_timeout is scheduled to run */
134 static void arp_timeout(void *);
135 static void arp_sched_timeout(struct timeval *);
136
137 static void arptfree(struct llinfo_arp *, void *);
138 static errno_t arp_lookup_route(const struct in_addr *, int,
139 int, route_t *, unsigned int);
140 static int arp_getstat SYSCTL_HANDLER_ARGS;
141
142 static struct llinfo_arp *arp_llinfo_alloc(int);
143 static void arp_llinfo_free(void *);
144 static void arp_llinfo_purge(struct rtentry *);
145 static void arp_llinfo_get_ri(struct rtentry *, struct rt_reach_info *);
146 static void arp_llinfo_get_iflri(struct rtentry *, struct ifnet_llreach_info *);
147
148 static __inline void arp_llreach_use(struct llinfo_arp *);
149 static __inline int arp_llreach_reachable(struct llinfo_arp *);
150 static void arp_llreach_alloc(struct rtentry *, struct ifnet *, void *,
151 unsigned int, boolean_t);
152
153 extern int tvtohz(struct timeval *);
154
155 static int arpinit_done;
156
157 SYSCTL_DECL(_net_link_ether);
158 SYSCTL_NODE(_net_link_ether, PF_INET, inet, CTLFLAG_RW|CTLFLAG_LOCKED, 0, "");
159
160 /* timer values */
161 static int arpt_prune = (5*60*1); /* walk list every 5 minutes */
162 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, prune_intvl,
163 CTLFLAG_RW | CTLFLAG_LOCKED, &arpt_prune, 0, "");
164
165 static int arpt_keep = (20*60); /* once resolved, good for 20 more minutes */
166 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age,
167 CTLFLAG_RW | CTLFLAG_LOCKED, &arpt_keep, 0, "");
168
169 static int arpt_down = 20; /* once declared down, don't send for 20 sec */
170 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, host_down_time,
171 CTLFLAG_RW | CTLFLAG_LOCKED, &arpt_down, 0, "");
172
173 static int arp_llreach_base = (LL_BASE_REACHABLE / 1000); /* seconds */
174 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, arp_llreach_base,
175 CTLFLAG_RW | CTLFLAG_LOCKED, &arp_llreach_base, LL_BASE_REACHABLE,
176 "default ARP link-layer reachability max lifetime (in seconds)");
177
178 #define ARP_UNICAST_LIMIT 5 /* # of probes until ARP refresh broadcast */
179 static u_int32_t arp_unicast_lim = ARP_UNICAST_LIMIT;
180 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, arp_unicast_lim,
181 CTLFLAG_RW | CTLFLAG_LOCKED, &arp_unicast_lim, ARP_UNICAST_LIMIT,
182 "number of unicast ARP refresh probes before using broadcast");
183
184 static u_int32_t arp_maxtries = 5;
185 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries,
186 CTLFLAG_RW | CTLFLAG_LOCKED, &arp_maxtries, 0, "");
187
188 static int useloopback = 1; /* use loopback interface for local traffic */
189 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, useloopback,
190 CTLFLAG_RW | CTLFLAG_LOCKED, &useloopback, 0, "");
191
192 static int arp_proxyall = 0;
193 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall,
194 CTLFLAG_RW | CTLFLAG_LOCKED, &arp_proxyall, 0, "");
195
196 static int arp_sendllconflict = 0;
197 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, sendllconflict,
198 CTLFLAG_RW | CTLFLAG_LOCKED, &arp_sendllconflict, 0, "");
199
200 static int log_arp_warnings = 0; /* Thread safe: no accumulated state */
201 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, log_arp_warnings,
202 CTLFLAG_RW | CTLFLAG_LOCKED,
203 &log_arp_warnings, 0,
204 "log arp warning messages");
205
206 static int keep_announcements = 1; /* Thread safe: no aging of state */
207 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, keep_announcements,
208 CTLFLAG_RW | CTLFLAG_LOCKED,
209 &keep_announcements, 0,
210 "keep arp announcements");
211
212 static int send_conflicting_probes = 1; /* Thread safe: no accumulated state */
213 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, send_conflicting_probes,
214 CTLFLAG_RW | CTLFLAG_LOCKED,
215 &send_conflicting_probes, 0,
216 "send conflicting link-local arp probes");
217
218 static int arp_verbose;
219 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, verbose,
220 CTLFLAG_RW | CTLFLAG_LOCKED, &arp_verbose, 0, "");
221
222 struct arpstat arpstat;
223 SYSCTL_PROC(_net_link_ether_inet, OID_AUTO, stats, CTLFLAG_RD | CTLFLAG_LOCKED,
224 0, 0, arp_getstat, "S,arpstat",
225 "ARP statistics (struct arpstat, net/if_arp.h)");
226
227 /* these are deprecated (read-only); use net.link.generic.system node instead */
228 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, apple_hwcksum_tx,
229 CTLFLAG_RD | CTLFLAG_LOCKED, &hwcksum_tx, 0, "");
230
231 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, apple_hwcksum_rx,
232 CTLFLAG_RD | CTLFLAG_LOCKED, &hwcksum_rx, 0, "");
233
234 static struct zone *llinfo_arp_zone;
235 #define LLINFO_ARP_ZONE_MAX 256 /* maximum elements in zone */
236 #define LLINFO_ARP_ZONE_NAME "llinfo_arp" /* name for zone */
237
238 void
239 arp_init(void)
240 {
241 VERIFY(!arpinit_done);
242
243 LIST_INIT(&llinfo_arp);
244
245 llinfo_arp_zone = zinit(sizeof (struct llinfo_arp),
246 LLINFO_ARP_ZONE_MAX * sizeof (struct llinfo_arp), 0,
247 LLINFO_ARP_ZONE_NAME);
248 if (llinfo_arp_zone == NULL)
249 panic("%s: failed allocating llinfo_arp_zone", __func__);
250
251 zone_change(llinfo_arp_zone, Z_EXPAND, TRUE);
252 zone_change(llinfo_arp_zone, Z_CALLERACCT, FALSE);
253
254 arpinit_done = 1;
255 }
256
257 static struct llinfo_arp *
258 arp_llinfo_alloc(int how)
259 {
260 struct llinfo_arp *la;
261
262 la = (how == M_WAITOK) ? zalloc(llinfo_arp_zone) :
263 zalloc_noblock(llinfo_arp_zone);
264 if (la != NULL)
265 bzero(la, sizeof (*la));
266
267 return (la);
268 }
269
270 static void
271 arp_llinfo_free(void *arg)
272 {
273 struct llinfo_arp *la = arg;
274
275 if (la->la_le.le_next != NULL || la->la_le.le_prev != NULL) {
276 panic("%s: trying to free %p when it is in use", __func__, la);
277 /* NOTREACHED */
278 }
279
280 /* Just in case there's anything there, free it */
281 if (la->la_hold != NULL) {
282 m_freem(la->la_hold);
283 la->la_hold = NULL;
284 arpstat.purged++;
285 }
286
287 /* Purge any link-layer info caching */
288 VERIFY(la->la_rt->rt_llinfo == la);
289 if (la->la_rt->rt_llinfo_purge != NULL)
290 la->la_rt->rt_llinfo_purge(la->la_rt);
291
292 zfree(llinfo_arp_zone, la);
293 }
294
295 static void
296 arp_llinfo_purge(struct rtentry *rt)
297 {
298 struct llinfo_arp *la = rt->rt_llinfo;
299
300 RT_LOCK_ASSERT_HELD(rt);
301 VERIFY(rt->rt_llinfo_purge == arp_llinfo_purge && la != NULL);
302
303 if (la->la_llreach != NULL) {
304 RT_CONVERT_LOCK(rt);
305 ifnet_llreach_free(la->la_llreach);
306 la->la_llreach = NULL;
307 }
308 la->la_lastused = 0;
309 }
310
311 static void
312 arp_llinfo_get_ri(struct rtentry *rt, struct rt_reach_info *ri)
313 {
314 struct llinfo_arp *la = rt->rt_llinfo;
315 struct if_llreach *lr = la->la_llreach;
316
317 if (lr == NULL) {
318 bzero(ri, sizeof (*ri));
319 ri->ri_rssi = IFNET_RSSI_UNKNOWN;
320 ri->ri_lqm = IFNET_LQM_THRESH_OFF;
321 ri->ri_npm = IFNET_NPM_THRESH_UNKNOWN;
322 } else {
323 IFLR_LOCK(lr);
324 /* Export to rt_reach_info structure */
325 ifnet_lr2ri(lr, ri);
326 /* Export ARP send expiration (calendar) time */
327 ri->ri_snd_expire =
328 ifnet_llreach_up2calexp(lr, la->la_lastused);
329 IFLR_UNLOCK(lr);
330 }
331 }
332
333 static void
334 arp_llinfo_get_iflri(struct rtentry *rt, struct ifnet_llreach_info *iflri)
335 {
336 struct llinfo_arp *la = rt->rt_llinfo;
337 struct if_llreach *lr = la->la_llreach;
338
339 if (lr == NULL) {
340 bzero(iflri, sizeof (*iflri));
341 iflri->iflri_rssi = IFNET_RSSI_UNKNOWN;
342 iflri->iflri_lqm = IFNET_LQM_THRESH_OFF;
343 iflri->iflri_npm = IFNET_NPM_THRESH_UNKNOWN;
344 } else {
345 IFLR_LOCK(lr);
346 /* Export to ifnet_llreach_info structure */
347 ifnet_lr2iflri(lr, iflri);
348 /* Export ARP send expiration (uptime) time */
349 iflri->iflri_snd_expire =
350 ifnet_llreach_up2upexp(lr, la->la_lastused);
351 IFLR_UNLOCK(lr);
352 }
353 }
354
355 void
356 arp_llreach_set_reachable(struct ifnet *ifp, void *addr, unsigned int alen)
357 {
358 /* Nothing more to do if it's disabled */
359 if (arp_llreach_base == 0)
360 return;
361
362 ifnet_llreach_set_reachable(ifp, ETHERTYPE_IP, addr, alen);
363 }
364
365 static __inline void
366 arp_llreach_use(struct llinfo_arp *la)
367 {
368 if (la->la_llreach != NULL)
369 la->la_lastused = net_uptime();
370 }
371
372 static __inline int
373 arp_llreach_reachable(struct llinfo_arp *la)
374 {
375 struct if_llreach *lr;
376 const char *why = NULL;
377
378 /* Nothing more to do if it's disabled; pretend it's reachable */
379 if (arp_llreach_base == 0)
380 return (1);
381
382 if ((lr = la->la_llreach) == NULL) {
383 /*
384 * Link-layer reachability record isn't present for this
385 * ARP entry; pretend it's reachable and use it as is.
386 */
387 return (1);
388 } else if (ifnet_llreach_reachable(lr)) {
389 /*
390 * Record is present, it's not shared with other ARP
391 * entries and a packet has recently been received
392 * from the remote host; consider it reachable.
393 */
394 if (lr->lr_reqcnt == 1)
395 return (1);
396
397 /* Prime it up, if this is the first time */
398 if (la->la_lastused == 0) {
399 VERIFY(la->la_llreach != NULL);
400 arp_llreach_use(la);
401 }
402
403 /*
404 * Record is present and shared with one or more ARP
405 * entries, and a packet has recently been received
406 * from the remote host. Since it's shared by more
407 * than one IP addresses, we can't rely on the link-
408 * layer reachability alone; consider it reachable if
409 * this ARP entry has been used "recently."
410 */
411 if (ifnet_llreach_reachable_delta(lr, la->la_lastused))
412 return (1);
413
414 why = "has alias(es) and hasn't been used in a while";
415 } else {
416 why = "haven't heard from it in a while";
417 }
418
419 if (arp_verbose > 1) {
420 char tmp[MAX_IPv4_STR_LEN];
421 u_int64_t now = net_uptime();
422
423 log(LOG_DEBUG, "%s: ARP probe(s) needed for %s; "
424 "%s [lastused %lld, lastrcvd %lld] secs ago\n",
425 if_name(lr->lr_ifp), inet_ntop(AF_INET,
426 &SIN(rt_key(la->la_rt))->sin_addr, tmp, sizeof (tmp)), why,
427 (la->la_lastused ? (int64_t)(now - la->la_lastused) : -1),
428 (lr->lr_lastrcvd ? (int64_t)(now - lr->lr_lastrcvd) : -1));
429
430 }
431 return (0);
432 }
433
434 /*
435 * Obtain a link-layer source cache entry for the sender.
436 *
437 * NOTE: This is currently only for ARP/Ethernet.
438 */
439 static void
440 arp_llreach_alloc(struct rtentry *rt, struct ifnet *ifp, void *addr,
441 unsigned int alen, boolean_t solicited)
442 {
443 VERIFY(rt->rt_expire == 0 || rt->rt_rmx.rmx_expire != 0);
444 VERIFY(rt->rt_expire != 0 || rt->rt_rmx.rmx_expire == 0);
445
446 if (arp_llreach_base != 0 && rt->rt_expire != 0 &&
447 !(rt->rt_ifp->if_flags & IFF_LOOPBACK) &&
448 ifp->if_addrlen == IF_LLREACH_MAXLEN && /* Ethernet */
449 alen == ifp->if_addrlen) {
450 struct llinfo_arp *la = rt->rt_llinfo;
451 struct if_llreach *lr;
452 const char *why = NULL, *type = "";
453
454 /* Become a regular mutex, just in case */
455 RT_CONVERT_LOCK(rt);
456
457 if ((lr = la->la_llreach) != NULL) {
458 type = (solicited ? "ARP reply" : "ARP announcement");
459 /*
460 * If target has changed, create a new record;
461 * otherwise keep existing record.
462 */
463 IFLR_LOCK(lr);
464 if (bcmp(addr, lr->lr_key.addr, alen) != 0) {
465 IFLR_UNLOCK(lr);
466 /* Purge any link-layer info caching */
467 VERIFY(rt->rt_llinfo_purge != NULL);
468 rt->rt_llinfo_purge(rt);
469 lr = NULL;
470 why = " for different target HW address; "
471 "using new llreach record";
472 } else {
473 lr->lr_probes = 0; /* reset probe count */
474 IFLR_UNLOCK(lr);
475 if (solicited) {
476 why = " for same target HW address; "
477 "keeping existing llreach record";
478 }
479 }
480 }
481
482 if (lr == NULL) {
483 lr = la->la_llreach = ifnet_llreach_alloc(ifp,
484 ETHERTYPE_IP, addr, alen, arp_llreach_base);
485 if (lr != NULL) {
486 lr->lr_probes = 0; /* reset probe count */
487 if (why == NULL)
488 why = "creating new llreach record";
489 }
490 }
491
492 /* Bump up retry ceiling to accomodate unicast retries */
493 if (lr != NULL)
494 la->la_maxtries = arp_maxtries + arp_unicast_lim;
495
496 if (arp_verbose > 1 && lr != NULL && why != NULL) {
497 char tmp[MAX_IPv4_STR_LEN];
498
499 log(LOG_DEBUG, "%s: %s%s for %s\n", if_name(ifp),
500 type, why, inet_ntop(AF_INET,
501 &SIN(rt_key(rt))->sin_addr, tmp, sizeof (tmp)));
502 }
503 }
504 }
505
506 struct arptf_arg {
507 int draining;
508 uint32_t killed;
509 uint32_t aging;
510 uint32_t sticky;
511 uint32_t found;
512 };
513
514 /*
515 * Free an arp entry.
516 */
517 static void
518 arptfree(struct llinfo_arp *la, void *arg)
519 {
520 struct arptf_arg *ap = arg;
521 struct rtentry *rt = la->la_rt;
522
523 lck_mtx_assert(rnh_lock, LCK_MTX_ASSERT_OWNED);
524
525 /* rnh_lock acquired by caller protects rt from going away */
526 RT_LOCK(rt);
527
528 VERIFY(rt->rt_expire == 0 || rt->rt_rmx.rmx_expire != 0);
529 VERIFY(rt->rt_expire != 0 || rt->rt_rmx.rmx_expire == 0);
530
531 ap->found++;
532 if (rt->rt_expire == 0 || (rt->rt_flags & RTF_STATIC)) {
533 ap->sticky++;
534 /* ARP entry is permanent? */
535 if (!(rt->rt_flags & RTF_STATIC)) {
536 RT_UNLOCK(rt);
537 return;
538 }
539 }
540
541 /* ARP entry hasn't expired and we're not draining? */
542 if (!ap->draining && rt->rt_expire > net_uptime()) {
543 RT_UNLOCK(rt);
544 ap->aging++;
545 return;
546 }
547
548 if (rt->rt_refcnt > 0) {
549 /*
550 * ARP entry has expired, with outstanding refcnt.
551 * If we're not draining, force ARP query to be
552 * generated next time this entry is used.
553 */
554 if (!ap->draining) {
555 struct sockaddr_dl *sdl = SDL(rt->rt_gateway);
556 if (sdl != NULL)
557 sdl->sdl_alen = 0;
558 la->la_asked = 0;
559 rt->rt_flags &= ~RTF_REJECT;
560 }
561 RT_UNLOCK(rt);
562 } else if (!(rt->rt_flags & RTF_STATIC)) {
563 /*
564 * ARP entry has no outstanding refcnt, and we're either
565 * draining or it has expired; delete it from the routing
566 * table. Safe to drop rt_lock and use rt_key, since holding
567 * rnh_lock here prevents another thread from calling
568 * rt_setgate() on this route.
569 */
570 RT_UNLOCK(rt);
571 rtrequest_locked(RTM_DELETE, rt_key(rt), NULL,
572 rt_mask(rt), 0, NULL);
573 arpstat.timeouts++;
574 ap->killed++;
575 } else {
576 /* ARP entry is static; let it linger */
577 RT_UNLOCK(rt);
578 }
579 }
580
581 void
582 in_arpdrain(void *arg)
583 {
584 #pragma unused(arg)
585 struct llinfo_arp *la, *ola;
586 struct arptf_arg farg;
587
588 if (arp_verbose)
589 log(LOG_DEBUG, "%s: draining ARP entries\n", __func__);
590
591 lck_mtx_lock(rnh_lock);
592 la = llinfo_arp.lh_first;
593 bzero(&farg, sizeof (farg));
594 farg.draining = 1;
595 while ((ola = la) != NULL) {
596 la = la->la_le.le_next;
597 arptfree(ola, &farg);
598 }
599 if (arp_verbose) {
600 log(LOG_DEBUG, "%s: found %u, aging %u, sticky %u, killed %u\n",
601 __func__, farg.found, farg.aging, farg.sticky, farg.killed);
602 }
603 lck_mtx_unlock(rnh_lock);
604 }
605
606 /*
607 * Timeout routine. Age arp_tab entries periodically.
608 */
609 static void
610 arp_timeout(void *arg)
611 {
612 #pragma unused(arg)
613 struct llinfo_arp *la, *ola;
614 struct timeval atv;
615 struct arptf_arg farg;
616
617 lck_mtx_lock(rnh_lock);
618 la = llinfo_arp.lh_first;
619 bzero(&farg, sizeof (farg));
620 while ((ola = la) != NULL) {
621 la = la->la_le.le_next;
622 arptfree(ola, &farg);
623 }
624 if (arp_verbose) {
625 log(LOG_DEBUG, "%s: found %u, aging %u, sticky %u, killed %u\n",
626 __func__, farg.found, farg.aging, farg.sticky, farg.killed);
627 }
628 atv.tv_usec = 0;
629 atv.tv_sec = arpt_prune;
630 /* re-arm the timer if there's work to do */
631 arp_timeout_run = 0;
632 if (farg.aging > 0)
633 arp_sched_timeout(&atv);
634 else if (arp_verbose)
635 log(LOG_DEBUG, "%s: not rescheduling timer\n", __func__);
636 lck_mtx_unlock(rnh_lock);
637 }
638
639 static void
640 arp_sched_timeout(struct timeval *atv)
641 {
642 lck_mtx_assert(rnh_lock, LCK_MTX_ASSERT_OWNED);
643
644 if (!arp_timeout_run) {
645 struct timeval tv;
646
647 if (atv == NULL) {
648 tv.tv_usec = 0;
649 tv.tv_sec = MAX(arpt_prune / 5, 1);
650 atv = &tv;
651 }
652 if (arp_verbose) {
653 log(LOG_DEBUG, "%s: timer scheduled in "
654 "T+%llus.%lluu\n", __func__,
655 (uint64_t)atv->tv_sec, (uint64_t)atv->tv_usec);
656 }
657 arp_timeout_run = 1;
658 timeout(arp_timeout, NULL, tvtohz(atv));
659 }
660 }
661
662 /*
663 * ifa_rtrequest() callback
664 */
665 static void
666 arp_rtrequest(int req, struct rtentry *rt, struct sockaddr *sa)
667 {
668 #pragma unused(sa)
669 struct sockaddr *gate = rt->rt_gateway;
670 struct llinfo_arp *la = rt->rt_llinfo;
671 static struct sockaddr_dl null_sdl =
672 { .sdl_len = sizeof (null_sdl), .sdl_family = AF_LINK };
673 uint64_t timenow;
674 char buf[MAX_IPv4_STR_LEN];
675
676 VERIFY(arpinit_done);
677 lck_mtx_assert(rnh_lock, LCK_MTX_ASSERT_OWNED);
678 RT_LOCK_ASSERT_HELD(rt);
679
680 if (rt->rt_flags & RTF_GATEWAY)
681 return;
682
683 timenow = net_uptime();
684 switch (req) {
685 case RTM_ADD:
686 /*
687 * XXX: If this is a manually added route to interface
688 * such as older version of routed or gated might provide,
689 * restore cloning bit.
690 */
691 if (!(rt->rt_flags & RTF_HOST) && rt_mask(rt) != NULL &&
692 SIN(rt_mask(rt))->sin_addr.s_addr != INADDR_BROADCAST)
693 rt->rt_flags |= RTF_CLONING;
694
695 if (rt->rt_flags & RTF_CLONING) {
696 /*
697 * Case 1: This route should come from a route to iface.
698 */
699 if (rt_setgate(rt, rt_key(rt), SA(&null_sdl)) == 0) {
700 gate = rt->rt_gateway;
701 SDL(gate)->sdl_type = rt->rt_ifp->if_type;
702 SDL(gate)->sdl_index = rt->rt_ifp->if_index;
703 /*
704 * In case we're called before 1.0 sec.
705 * has elapsed.
706 */
707 rt_setexpire(rt, MAX(timenow, 1));
708 }
709 break;
710 }
711 /* Announce a new entry if requested. */
712 if (rt->rt_flags & RTF_ANNOUNCE) {
713 if (la != NULL)
714 arp_llreach_use(la); /* Mark use timestamp */
715 RT_UNLOCK(rt);
716 dlil_send_arp(rt->rt_ifp, ARPOP_REQUEST,
717 SDL(gate), rt_key(rt), NULL, rt_key(rt), 0);
718 RT_LOCK(rt);
719 arpstat.txannounces++;
720 }
721 /* FALLTHRU */
722 case RTM_RESOLVE:
723 if (gate->sa_family != AF_LINK ||
724 gate->sa_len < sizeof (null_sdl)) {
725 arpstat.invalidreqs++;
726 log(LOG_ERR, "%s: route to %s has bad gateway address "
727 "(sa_family %u sa_len %u) on %s\n",
728 __func__, inet_ntop(AF_INET,
729 &SIN(rt_key(rt))->sin_addr.s_addr, buf,
730 sizeof (buf)), gate->sa_family, gate->sa_len,
731 if_name(rt->rt_ifp));
732 break;
733 }
734 SDL(gate)->sdl_type = rt->rt_ifp->if_type;
735 SDL(gate)->sdl_index = rt->rt_ifp->if_index;
736
737 if (la != NULL)
738 break; /* This happens on a route change */
739
740 /*
741 * Case 2: This route may come from cloning, or a manual route
742 * add with a LL address.
743 */
744 rt->rt_llinfo = la = arp_llinfo_alloc(M_WAITOK);
745 if (la == NULL) {
746 arpstat.reqnobufs++;
747 break;
748 }
749 rt->rt_llinfo_get_ri = arp_llinfo_get_ri;
750 rt->rt_llinfo_get_iflri = arp_llinfo_get_iflri;
751 rt->rt_llinfo_purge = arp_llinfo_purge;
752 rt->rt_llinfo_free = arp_llinfo_free;
753 rt->rt_flags |= RTF_LLINFO;
754 la->la_rt = rt;
755 LIST_INSERT_HEAD(&llinfo_arp, la, la_le);
756 arpstat.inuse++;
757
758 /* We have at least one entry; arm the timer if not already */
759 arp_sched_timeout(NULL);
760
761 /*
762 * This keeps the multicast addresses from showing up
763 * in `arp -a' listings as unresolved. It's not actually
764 * functional. Then the same for broadcast. For IPv4
765 * link-local address, keep the entry around even after
766 * it has expired.
767 */
768 if (IN_MULTICAST(ntohl(SIN(rt_key(rt))->sin_addr.s_addr))) {
769 RT_UNLOCK(rt);
770 dlil_resolve_multi(rt->rt_ifp, rt_key(rt), gate,
771 sizeof (struct sockaddr_dl));
772 RT_LOCK(rt);
773 rt_setexpire(rt, 0);
774 } else if (in_broadcast(SIN(rt_key(rt))->sin_addr,
775 rt->rt_ifp)) {
776 struct sockaddr_dl *gate_ll = SDL(gate);
777 size_t broadcast_len;
778 ifnet_llbroadcast_copy_bytes(rt->rt_ifp,
779 LLADDR(gate_ll), sizeof (gate_ll->sdl_data),
780 &broadcast_len);
781 gate_ll->sdl_alen = broadcast_len;
782 gate_ll->sdl_family = AF_LINK;
783 gate_ll->sdl_len = sizeof (struct sockaddr_dl);
784 /* In case we're called before 1.0 sec. has elapsed */
785 rt_setexpire(rt, MAX(timenow, 1));
786 } else if (IN_LINKLOCAL(ntohl(SIN(rt_key(rt))->
787 sin_addr.s_addr))) {
788 rt->rt_flags |= RTF_STATIC;
789 }
790
791 /* Set default maximum number of retries */
792 la->la_maxtries = arp_maxtries;
793
794 /* Become a regular mutex, just in case */
795 RT_CONVERT_LOCK(rt);
796 IFA_LOCK_SPIN(rt->rt_ifa);
797 if (SIN(rt_key(rt))->sin_addr.s_addr ==
798 (IA_SIN(rt->rt_ifa))->sin_addr.s_addr) {
799 IFA_UNLOCK(rt->rt_ifa);
800 /*
801 * This test used to be
802 * if (loif.if_flags & IFF_UP)
803 * It allowed local traffic to be forced through the
804 * hardware by configuring the loopback down. However,
805 * it causes problems during network configuration
806 * for boards that can't receive packets they send.
807 * It is now necessary to clear "useloopback" and
808 * remove the route to force traffic out to the
809 * hardware.
810 */
811 rt_setexpire(rt, 0);
812 ifnet_lladdr_copy_bytes(rt->rt_ifp, LLADDR(SDL(gate)),
813 SDL(gate)->sdl_alen = rt->rt_ifp->if_addrlen);
814 if (useloopback) {
815 if (rt->rt_ifp != lo_ifp) {
816 /*
817 * Purge any link-layer info caching.
818 */
819 if (rt->rt_llinfo_purge != NULL)
820 rt->rt_llinfo_purge(rt);
821
822 /*
823 * Adjust route ref count for the
824 * interfaces.
825 */
826 if (rt->rt_if_ref_fn != NULL) {
827 rt->rt_if_ref_fn(lo_ifp, 1);
828 rt->rt_if_ref_fn(rt->rt_ifp, -1);
829 }
830 }
831 rt->rt_ifp = lo_ifp;
832 /*
833 * If rmx_mtu is not locked, update it
834 * to the MTU used by the new interface.
835 */
836 if (!(rt->rt_rmx.rmx_locks & RTV_MTU))
837 rt->rt_rmx.rmx_mtu = rt->rt_ifp->if_mtu;
838 }
839 } else {
840 IFA_UNLOCK(rt->rt_ifa);
841 }
842 break;
843
844 case RTM_DELETE:
845 if (la == NULL)
846 break;
847 /*
848 * Unchain it but defer the actual freeing until the route
849 * itself is to be freed. rt->rt_llinfo still points to
850 * llinfo_arp, and likewise, la->la_rt still points to this
851 * route entry, except that RTF_LLINFO is now cleared.
852 */
853 LIST_REMOVE(la, la_le);
854 la->la_le.le_next = NULL;
855 la->la_le.le_prev = NULL;
856 arpstat.inuse--;
857
858 /*
859 * Purge any link-layer info caching.
860 */
861 if (rt->rt_llinfo_purge != NULL)
862 rt->rt_llinfo_purge(rt);
863
864 rt->rt_flags &= ~RTF_LLINFO;
865 if (la->la_hold != NULL) {
866 m_freem(la->la_hold);
867 la->la_hold = NULL;
868 arpstat.purged++;
869 }
870 }
871 }
872
873 /*
874 * convert hardware address to hex string for logging errors.
875 */
876 static const char *
877 sdl_addr_to_hex(const struct sockaddr_dl *sdl, char *orig_buf, int buflen)
878 {
879 char *buf = orig_buf;
880 int i;
881 const u_char *lladdr = (u_char *)(size_t)sdl->sdl_data;
882 int maxbytes = buflen / 3;
883
884 if (maxbytes > sdl->sdl_alen) {
885 maxbytes = sdl->sdl_alen;
886 }
887 *buf = '\0';
888 for (i = 0; i < maxbytes; i++) {
889 snprintf(buf, 3, "%02x", lladdr[i]);
890 buf += 2;
891 *buf = (i == maxbytes - 1) ? '\0' : ':';
892 buf++;
893 }
894 return (orig_buf);
895 }
896
897 /*
898 * arp_lookup_route will lookup the route for a given address.
899 *
900 * The address must be for a host on a local network on this interface.
901 * If the returned route is non-NULL, the route is locked and the caller
902 * is responsible for unlocking it and releasing its reference.
903 */
904 static errno_t
905 arp_lookup_route(const struct in_addr *addr, int create, int proxy,
906 route_t *route, unsigned int ifscope)
907 {
908 struct sockaddr_inarp sin =
909 { sizeof (sin), AF_INET, 0, { 0 }, { 0 }, 0, 0 };
910 const char *why = NULL;
911 errno_t error = 0;
912 route_t rt;
913
914 *route = NULL;
915
916 sin.sin_addr.s_addr = addr->s_addr;
917 sin.sin_other = proxy ? SIN_PROXY : 0;
918
919 /*
920 * If the destination is a link-local address, don't
921 * constrain the lookup (don't scope it).
922 */
923 if (IN_LINKLOCAL(ntohl(addr->s_addr)))
924 ifscope = IFSCOPE_NONE;
925
926 rt = rtalloc1_scoped((struct sockaddr *)&sin, create, 0, ifscope);
927 if (rt == NULL)
928 return (ENETUNREACH);
929
930 RT_LOCK(rt);
931
932 if (rt->rt_flags & RTF_GATEWAY) {
933 why = "host is not on local network";
934 error = ENETUNREACH;
935 } else if (!(rt->rt_flags & RTF_LLINFO)) {
936 why = "could not allocate llinfo";
937 error = ENOMEM;
938 } else if (rt->rt_gateway->sa_family != AF_LINK) {
939 why = "gateway route is not ours";
940 error = EPROTONOSUPPORT;
941 }
942
943 if (error != 0) {
944 if (create && (arp_verbose || log_arp_warnings)) {
945 char tmp[MAX_IPv4_STR_LEN];
946 log(LOG_DEBUG, "%s: link#%d %s failed: %s\n",
947 __func__, ifscope, inet_ntop(AF_INET, addr, tmp,
948 sizeof (tmp)), why);
949 }
950
951 /*
952 * If there are no references to this route, and it is
953 * a cloned route, and not static, and ARP had created
954 * the route, then purge it from the routing table as
955 * it is probably bogus.
956 */
957 if (rt->rt_refcnt == 1 &&
958 (rt->rt_flags & (RTF_WASCLONED | RTF_STATIC)) ==
959 RTF_WASCLONED) {
960 /*
961 * Prevent another thread from modiying rt_key,
962 * rt_gateway via rt_setgate() after rt_lock is
963 * dropped by marking the route as defunct.
964 */
965 rt->rt_flags |= RTF_CONDEMNED;
966 RT_UNLOCK(rt);
967 rtrequest(RTM_DELETE, rt_key(rt), rt->rt_gateway,
968 rt_mask(rt), rt->rt_flags, NULL);
969 rtfree(rt);
970 } else {
971 RT_REMREF_LOCKED(rt);
972 RT_UNLOCK(rt);
973 }
974 return (error);
975 }
976
977 /*
978 * Caller releases reference and does RT_UNLOCK(rt).
979 */
980 *route = rt;
981 return (0);
982 }
983
984 /*
985 * This is the ARP pre-output routine; care must be taken to ensure that
986 * the "hint" route never gets freed via rtfree(), since the caller may
987 * have stored it inside a struct route with a reference held for that
988 * placeholder.
989 */
990 errno_t
991 arp_lookup_ip(ifnet_t ifp, const struct sockaddr_in *net_dest,
992 struct sockaddr_dl *ll_dest, size_t ll_dest_len, route_t hint,
993 mbuf_t packet)
994 {
995 route_t route = NULL; /* output route */
996 errno_t result = 0;
997 struct sockaddr_dl *gateway;
998 struct llinfo_arp *llinfo = NULL;
999 uint64_t timenow;
1000 int unreachable = 0;
1001
1002 if (net_dest->sin_family != AF_INET)
1003 return (EAFNOSUPPORT);
1004
1005 if ((ifp->if_flags & (IFF_UP|IFF_RUNNING)) != (IFF_UP|IFF_RUNNING))
1006 return (ENETDOWN);
1007
1008 /*
1009 * If we were given a route, verify the route and grab the gateway
1010 */
1011 if (hint != NULL) {
1012 /*
1013 * Callee holds a reference on the route and returns
1014 * with the route entry locked, upon success.
1015 */
1016 result = route_to_gwroute((const struct sockaddr *)
1017 net_dest, hint, &route);
1018 if (result != 0)
1019 return (result);
1020 if (route != NULL)
1021 RT_LOCK_ASSERT_HELD(route);
1022 }
1023
1024 if (packet->m_flags & M_BCAST) {
1025 size_t broadcast_len;
1026 bzero(ll_dest, ll_dest_len);
1027 result = ifnet_llbroadcast_copy_bytes(ifp, LLADDR(ll_dest),
1028 ll_dest_len - offsetof(struct sockaddr_dl, sdl_data),
1029 &broadcast_len);
1030 if (result == 0) {
1031 ll_dest->sdl_alen = broadcast_len;
1032 ll_dest->sdl_family = AF_LINK;
1033 ll_dest->sdl_len = sizeof (struct sockaddr_dl);
1034 }
1035 goto release;
1036 }
1037 if (packet->m_flags & M_MCAST) {
1038 if (route != NULL)
1039 RT_UNLOCK(route);
1040 result = dlil_resolve_multi(ifp,
1041 (const struct sockaddr *)net_dest,
1042 (struct sockaddr *)ll_dest, ll_dest_len);
1043 if (route != NULL)
1044 RT_LOCK(route);
1045 goto release;
1046 }
1047
1048 /*
1049 * If we didn't find a route, or the route doesn't have
1050 * link layer information, trigger the creation of the
1051 * route and link layer information.
1052 */
1053 if (route == NULL || route->rt_llinfo == NULL) {
1054 /* Clean up now while we can */
1055 if (route != NULL) {
1056 if (route == hint) {
1057 RT_REMREF_LOCKED(route);
1058 RT_UNLOCK(route);
1059 } else {
1060 RT_UNLOCK(route);
1061 rtfree(route);
1062 }
1063 }
1064 /*
1065 * Callee holds a reference on the route and returns
1066 * with the route entry locked, upon success.
1067 */
1068 result = arp_lookup_route(&net_dest->sin_addr, 1, 0, &route,
1069 ifp->if_index);
1070 if (result == 0)
1071 RT_LOCK_ASSERT_HELD(route);
1072 }
1073
1074 if (result || route == NULL || (llinfo = route->rt_llinfo) == NULL) {
1075 /* In case result is 0 but no route, return an error */
1076 if (result == 0)
1077 result = EHOSTUNREACH;
1078
1079 if (route != NULL && route->rt_llinfo == NULL) {
1080 char tmp[MAX_IPv4_STR_LEN];
1081 log(LOG_ERR, "%s: can't allocate llinfo for %s\n",
1082 __func__, inet_ntop(AF_INET, &net_dest->sin_addr,
1083 tmp, sizeof (tmp)));
1084 }
1085 goto release;
1086 }
1087
1088 /*
1089 * Now that we have the right route, is it filled in?
1090 */
1091 gateway = SDL(route->rt_gateway);
1092 timenow = net_uptime();
1093 VERIFY(route->rt_expire == 0 || route->rt_rmx.rmx_expire != 0);
1094 VERIFY(route->rt_expire != 0 || route->rt_rmx.rmx_expire == 0);
1095 if ((route->rt_expire == 0 ||
1096 route->rt_expire > timenow) && gateway != NULL &&
1097 gateway->sdl_family == AF_LINK && gateway->sdl_alen != 0 &&
1098 !(unreachable = !arp_llreach_reachable(llinfo))) {
1099 bcopy(gateway, ll_dest, MIN(gateway->sdl_len, ll_dest_len));
1100 result = 0;
1101 arp_llreach_use(llinfo); /* Mark use timestamp */
1102 goto release;
1103 } else if (unreachable) {
1104 /*
1105 * Discard existing answer in case we need to probe.
1106 */
1107 gateway->sdl_alen = 0;
1108 }
1109
1110 if (ifp->if_flags & IFF_NOARP) {
1111 result = ENOTSUP;
1112 goto release;
1113 }
1114
1115 /*
1116 * Route wasn't complete/valid. We need to arp.
1117 */
1118 if (packet != NULL) {
1119 if (llinfo->la_hold != NULL) {
1120 m_freem(llinfo->la_hold);
1121 arpstat.dropped++;
1122 }
1123 llinfo->la_hold = packet;
1124 }
1125
1126 if (route->rt_expire) {
1127 route->rt_flags &= ~RTF_REJECT;
1128 if (llinfo->la_asked == 0 || route->rt_expire != timenow) {
1129 rt_setexpire(route, timenow);
1130 if (llinfo->la_asked++ < llinfo->la_maxtries) {
1131 struct if_llreach *lr = llinfo->la_llreach;
1132 struct ifaddr *rt_ifa = route->rt_ifa;
1133 struct sockaddr_dl *hw_dest = NULL, sdl;
1134 struct sockaddr *sa;
1135 u_int32_t rtflags, alen;
1136
1137 /* Become a regular mutex, just in case */
1138 RT_CONVERT_LOCK(route);
1139 /* Update probe count, if applicable */
1140 if (lr != NULL) {
1141 IFLR_LOCK_SPIN(lr);
1142 lr->lr_probes++;
1143 alen = ifp->if_addrlen;
1144 /* Ethernet only for now */
1145 if (alen == IF_LLREACH_MAXLEN &&
1146 lr->lr_probes <= arp_unicast_lim) {
1147 bzero(&sdl, sizeof (sdl));
1148 sdl.sdl_alen = alen;
1149 bcopy(&lr->lr_key.addr,
1150 LLADDR(&sdl), alen);
1151 hw_dest = &sdl;
1152 }
1153 IFLR_UNLOCK(lr);
1154 }
1155 IFA_LOCK_SPIN(rt_ifa);
1156 IFA_ADDREF_LOCKED(rt_ifa);
1157 sa = rt_ifa->ifa_addr;
1158 IFA_UNLOCK(rt_ifa);
1159 arp_llreach_use(llinfo); /* Mark use tstamp */
1160 rtflags = route->rt_flags;
1161 RT_UNLOCK(route);
1162 dlil_send_arp(ifp, ARPOP_REQUEST, NULL, sa,
1163 (const struct sockaddr_dl *)hw_dest,
1164 (const struct sockaddr *)net_dest, rtflags);
1165 IFA_REMREF(rt_ifa);
1166 RT_LOCK(route);
1167 result = EJUSTRETURN;
1168 goto release;
1169 } else {
1170 route->rt_flags |= RTF_REJECT;
1171 rt_setexpire(route,
1172 route->rt_expire + arpt_down);
1173 llinfo->la_asked = 0;
1174 /*
1175 * Clear la_hold; don't free the packet since
1176 * we're not returning EJUSTRETURN; the caller
1177 * will handle the freeing.
1178 */
1179 llinfo->la_hold = NULL;
1180 result = EHOSTUNREACH;
1181 goto release;
1182 }
1183 }
1184 }
1185
1186 /* The packet is now held inside la_hold (can "packet" be NULL?) */
1187 result = EJUSTRETURN;
1188
1189 release:
1190 if (result == EHOSTUNREACH)
1191 arpstat.dropped++;
1192
1193 if (route != NULL) {
1194 if (route == hint) {
1195 RT_REMREF_LOCKED(route);
1196 RT_UNLOCK(route);
1197 } else {
1198 RT_UNLOCK(route);
1199 rtfree(route);
1200 }
1201 }
1202 return (result);
1203 }
1204
1205 errno_t
1206 arp_ip_handle_input(ifnet_t ifp, u_short arpop,
1207 const struct sockaddr_dl *sender_hw, const struct sockaddr_in *sender_ip,
1208 const struct sockaddr_in *target_ip)
1209 {
1210 char ipv4str[MAX_IPv4_STR_LEN];
1211 struct sockaddr_dl proxied;
1212 struct sockaddr_dl *gateway, *target_hw = NULL;
1213 struct ifaddr *ifa;
1214 struct in_ifaddr *ia;
1215 struct in_ifaddr *best_ia = NULL;
1216 struct sockaddr_in best_ia_sin;
1217 route_t route = NULL;
1218 char buf[3 * MAX_HW_LEN]; /* enough for MAX_HW_LEN byte hw address */
1219 struct llinfo_arp *llinfo;
1220 errno_t error;
1221 int created_announcement = 0;
1222 int bridged = 0, is_bridge = 0;
1223
1224 arpstat.received++;
1225
1226 /* Do not respond to requests for 0.0.0.0 */
1227 if (target_ip->sin_addr.s_addr == INADDR_ANY && arpop == ARPOP_REQUEST)
1228 goto done;
1229
1230 if (ifp->if_bridge)
1231 bridged = 1;
1232 if (ifp->if_type == IFT_BRIDGE)
1233 is_bridge = 1;
1234
1235 if (arpop == ARPOP_REPLY)
1236 arpstat.rxreplies++;
1237
1238 /*
1239 * Determine if this ARP is for us
1240 * For a bridge, we want to check the address irrespective
1241 * of the receive interface.
1242 */
1243 lck_rw_lock_shared(in_ifaddr_rwlock);
1244 TAILQ_FOREACH(ia, INADDR_HASH(target_ip->sin_addr.s_addr), ia_hash) {
1245 IFA_LOCK_SPIN(&ia->ia_ifa);
1246 if (((bridged && ia->ia_ifp->if_bridge != NULL) ||
1247 (ia->ia_ifp == ifp)) &&
1248 ia->ia_addr.sin_addr.s_addr == target_ip->sin_addr.s_addr) {
1249 best_ia = ia;
1250 best_ia_sin = best_ia->ia_addr;
1251 IFA_ADDREF_LOCKED(&ia->ia_ifa);
1252 IFA_UNLOCK(&ia->ia_ifa);
1253 lck_rw_done(in_ifaddr_rwlock);
1254 goto match;
1255 }
1256 IFA_UNLOCK(&ia->ia_ifa);
1257 }
1258
1259 TAILQ_FOREACH(ia, INADDR_HASH(sender_ip->sin_addr.s_addr), ia_hash) {
1260 IFA_LOCK_SPIN(&ia->ia_ifa);
1261 if (((bridged && ia->ia_ifp->if_bridge != NULL) ||
1262 (ia->ia_ifp == ifp)) &&
1263 ia->ia_addr.sin_addr.s_addr == sender_ip->sin_addr.s_addr) {
1264 best_ia = ia;
1265 best_ia_sin = best_ia->ia_addr;
1266 IFA_ADDREF_LOCKED(&ia->ia_ifa);
1267 IFA_UNLOCK(&ia->ia_ifa);
1268 lck_rw_done(in_ifaddr_rwlock);
1269 goto match;
1270 }
1271 IFA_UNLOCK(&ia->ia_ifa);
1272 }
1273
1274 #define BDG_MEMBER_MATCHES_ARP(addr, ifp, ia) \
1275 (ia->ia_ifp->if_bridge == ifp->if_softc && \
1276 bcmp(IF_LLADDR(ia->ia_ifp), IF_LLADDR(ifp), ifp->if_addrlen) == 0 && \
1277 addr == ia->ia_addr.sin_addr.s_addr)
1278 /*
1279 * Check the case when bridge shares its MAC address with
1280 * some of its children, so packets are claimed by bridge
1281 * itself (bridge_input() does it first), but they are really
1282 * meant to be destined to the bridge member.
1283 */
1284 if (is_bridge) {
1285 TAILQ_FOREACH(ia, INADDR_HASH(target_ip->sin_addr.s_addr),
1286 ia_hash) {
1287 IFA_LOCK_SPIN(&ia->ia_ifa);
1288 if (BDG_MEMBER_MATCHES_ARP(target_ip->sin_addr.s_addr,
1289 ifp, ia)) {
1290 ifp = ia->ia_ifp;
1291 best_ia = ia;
1292 best_ia_sin = best_ia->ia_addr;
1293 IFA_ADDREF_LOCKED(&ia->ia_ifa);
1294 IFA_UNLOCK(&ia->ia_ifa);
1295 lck_rw_done(in_ifaddr_rwlock);
1296 goto match;
1297 }
1298 IFA_UNLOCK(&ia->ia_ifa);
1299 }
1300 }
1301 #undef BDG_MEMBER_MATCHES_ARP
1302 lck_rw_done(in_ifaddr_rwlock);
1303
1304 /*
1305 * No match, use the first inet address on the receive interface
1306 * as a dummy address for the rest of the function; we may be
1307 * proxying for another address.
1308 */
1309 ifnet_lock_shared(ifp);
1310 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1311 IFA_LOCK_SPIN(ifa);
1312 if (ifa->ifa_addr->sa_family != AF_INET) {
1313 IFA_UNLOCK(ifa);
1314 continue;
1315 }
1316 best_ia = (struct in_ifaddr *)ifa;
1317 best_ia_sin = best_ia->ia_addr;
1318 IFA_ADDREF_LOCKED(ifa);
1319 IFA_UNLOCK(ifa);
1320 ifnet_lock_done(ifp);
1321 goto match;
1322 }
1323 ifnet_lock_done(ifp);
1324
1325 /*
1326 * If we're not a bridge member, or if we are but there's no
1327 * IPv4 address to use for the interface, drop the packet.
1328 */
1329 if (!bridged || best_ia == NULL)
1330 goto done;
1331
1332 match:
1333 /* If the packet is from this interface, ignore the packet */
1334 if (bcmp(CONST_LLADDR(sender_hw), IF_LLADDR(ifp),
1335 sender_hw->sdl_alen) == 0)
1336 goto done;
1337
1338 /* Check for a conflict */
1339 if (!bridged &&
1340 sender_ip->sin_addr.s_addr == best_ia_sin.sin_addr.s_addr) {
1341 struct kev_msg ev_msg;
1342 struct kev_in_collision *in_collision;
1343 u_char storage[sizeof (struct kev_in_collision) + MAX_HW_LEN];
1344
1345 bzero(&ev_msg, sizeof (struct kev_msg));
1346 bzero(storage, (sizeof (struct kev_in_collision) + MAX_HW_LEN));
1347 in_collision = (struct kev_in_collision *)(void *)storage;
1348 log(LOG_ERR, "%s duplicate IP address %s sent from "
1349 "address %s\n", if_name(ifp),
1350 inet_ntop(AF_INET, &sender_ip->sin_addr, ipv4str,
1351 sizeof (ipv4str)), sdl_addr_to_hex(sender_hw, buf,
1352 sizeof (buf)));
1353
1354 /* Send a kernel event so anyone can learn of the conflict */
1355 in_collision->link_data.if_family = ifp->if_family;
1356 in_collision->link_data.if_unit = ifp->if_unit;
1357 strncpy(&in_collision->link_data.if_name[0],
1358 ifp->if_name, IFNAMSIZ);
1359 in_collision->ia_ipaddr = sender_ip->sin_addr;
1360 in_collision->hw_len = (sender_hw->sdl_alen < MAX_HW_LEN) ?
1361 sender_hw->sdl_alen : MAX_HW_LEN;
1362 bcopy(CONST_LLADDR(sender_hw), (caddr_t)in_collision->hw_addr,
1363 in_collision->hw_len);
1364 ev_msg.vendor_code = KEV_VENDOR_APPLE;
1365 ev_msg.kev_class = KEV_NETWORK_CLASS;
1366 ev_msg.kev_subclass = KEV_INET_SUBCLASS;
1367 ev_msg.event_code = KEV_INET_ARPCOLLISION;
1368 ev_msg.dv[0].data_ptr = in_collision;
1369 ev_msg.dv[0].data_length =
1370 sizeof (struct kev_in_collision) + in_collision->hw_len;
1371 ev_msg.dv[1].data_length = 0;
1372 kev_post_msg(&ev_msg);
1373 arpstat.dupips++;
1374 goto respond;
1375 }
1376
1377 /*
1378 * Look up the routing entry. If it doesn't exist and we are the
1379 * target, and the sender isn't 0.0.0.0, go ahead and create one.
1380 * Callee holds a reference on the route and returns with the route
1381 * entry locked, upon success.
1382 */
1383 error = arp_lookup_route(&sender_ip->sin_addr,
1384 (target_ip->sin_addr.s_addr == best_ia_sin.sin_addr.s_addr &&
1385 sender_ip->sin_addr.s_addr != 0), 0, &route, ifp->if_index);
1386
1387 if (error == 0)
1388 RT_LOCK_ASSERT_HELD(route);
1389
1390 if (error || route == NULL || route->rt_gateway == NULL) {
1391 if (arpop != ARPOP_REQUEST)
1392 goto respond;
1393
1394 if (arp_sendllconflict && send_conflicting_probes != 0 &&
1395 (ifp->if_eflags & IFEF_ARPLL) &&
1396 IN_LINKLOCAL(ntohl(target_ip->sin_addr.s_addr)) &&
1397 sender_ip->sin_addr.s_addr == INADDR_ANY) {
1398 /*
1399 * Verify this ARP probe doesn't conflict with
1400 * an IPv4LL we know of on another interface.
1401 */
1402 if (route != NULL) {
1403 RT_REMREF_LOCKED(route);
1404 RT_UNLOCK(route);
1405 route = NULL;
1406 }
1407 /*
1408 * Callee holds a reference on the route and returns
1409 * with the route entry locked, upon success.
1410 */
1411 error = arp_lookup_route(&target_ip->sin_addr, 0, 0,
1412 &route, ifp->if_index);
1413
1414 if (error != 0 || route == NULL ||
1415 route->rt_gateway == NULL)
1416 goto respond;
1417
1418 RT_LOCK_ASSERT_HELD(route);
1419
1420 gateway = SDL(route->rt_gateway);
1421 if (route->rt_ifp != ifp && gateway->sdl_alen != 0 &&
1422 (gateway->sdl_alen != sender_hw->sdl_alen ||
1423 bcmp(CONST_LLADDR(gateway), CONST_LLADDR(sender_hw),
1424 gateway->sdl_alen) != 0)) {
1425 /*
1426 * A node is probing for an IPv4LL we know
1427 * exists on a different interface. We respond
1428 * with a conflicting probe to force the new
1429 * device to pick a different IPv4LL address.
1430 */
1431 if (arp_verbose || log_arp_warnings) {
1432 log(LOG_INFO, "arp: %s on %s sent "
1433 "probe for %s, already on %s\n",
1434 sdl_addr_to_hex(sender_hw, buf,
1435 sizeof (buf)), if_name(ifp),
1436 inet_ntop(AF_INET,
1437 &target_ip->sin_addr, ipv4str,
1438 sizeof (ipv4str)),
1439 if_name(route->rt_ifp));
1440 log(LOG_INFO, "arp: sending "
1441 "conflicting probe to %s on %s\n",
1442 sdl_addr_to_hex(sender_hw, buf,
1443 sizeof (buf)), if_name(ifp));
1444 }
1445 /* Mark use timestamp */
1446 if (route->rt_llinfo != NULL)
1447 arp_llreach_use(route->rt_llinfo);
1448 /* We're done with the route */
1449 RT_REMREF_LOCKED(route);
1450 RT_UNLOCK(route);
1451 route = NULL;
1452 /*
1453 * Send a conservative unicast "ARP probe".
1454 * This should force the other device to pick
1455 * a new number. This will not force the
1456 * device to pick a new number if the device
1457 * has already assigned that number. This will
1458 * not imply to the device that we own that
1459 * address. The link address is always
1460 * present; it's never freed.
1461 */
1462 ifnet_lock_shared(ifp);
1463 ifa = ifp->if_lladdr;
1464 IFA_ADDREF(ifa);
1465 ifnet_lock_done(ifp);
1466 dlil_send_arp_internal(ifp, ARPOP_REQUEST,
1467 SDL(ifa->ifa_addr),
1468 (const struct sockaddr *)sender_ip,
1469 sender_hw,
1470 (const struct sockaddr *)target_ip);
1471 IFA_REMREF(ifa);
1472 ifa = NULL;
1473 arpstat.txconflicts++;
1474 }
1475 goto respond;
1476 } else if (keep_announcements != 0 &&
1477 target_ip->sin_addr.s_addr == sender_ip->sin_addr.s_addr) {
1478 /*
1479 * Don't create entry if link-local address and
1480 * link-local is disabled
1481 */
1482 if (!IN_LINKLOCAL(ntohl(sender_ip->sin_addr.s_addr)) ||
1483 (ifp->if_eflags & IFEF_ARPLL)) {
1484 if (route != NULL) {
1485 RT_REMREF_LOCKED(route);
1486 RT_UNLOCK(route);
1487 route = NULL;
1488 }
1489 /*
1490 * Callee holds a reference on the route and
1491 * returns with the route entry locked, upon
1492 * success.
1493 */
1494 error = arp_lookup_route(&sender_ip->sin_addr,
1495 1, 0, &route, ifp->if_index);
1496
1497 if (error == 0)
1498 RT_LOCK_ASSERT_HELD(route);
1499
1500 if (error == 0 && route != NULL &&
1501 route->rt_gateway != NULL)
1502 created_announcement = 1;
1503 }
1504 if (created_announcement == 0)
1505 goto respond;
1506 } else {
1507 goto respond;
1508 }
1509 }
1510
1511 RT_LOCK_ASSERT_HELD(route);
1512 VERIFY(route->rt_expire == 0 || route->rt_rmx.rmx_expire != 0);
1513 VERIFY(route->rt_expire != 0 || route->rt_rmx.rmx_expire == 0);
1514
1515 gateway = SDL(route->rt_gateway);
1516 if (!bridged && route->rt_ifp != ifp) {
1517 if (!IN_LINKLOCAL(ntohl(sender_ip->sin_addr.s_addr)) ||
1518 !(ifp->if_eflags & IFEF_ARPLL)) {
1519 if (arp_verbose || log_arp_warnings)
1520 log(LOG_ERR, "arp: %s is on %s but got "
1521 "reply from %s on %s\n",
1522 inet_ntop(AF_INET, &sender_ip->sin_addr,
1523 ipv4str, sizeof (ipv4str)),
1524 if_name(route->rt_ifp),
1525 sdl_addr_to_hex(sender_hw, buf,
1526 sizeof (buf)), if_name(ifp));
1527 goto respond;
1528 } else {
1529 /* Don't change a permanent address */
1530 if (route->rt_expire == 0)
1531 goto respond;
1532
1533 /*
1534 * We're about to check and/or change the route's ifp
1535 * and ifa, so do the lock dance: drop rt_lock, hold
1536 * rnh_lock and re-hold rt_lock to avoid violating the
1537 * lock ordering. We have an extra reference on the
1538 * route, so it won't go away while we do this.
1539 */
1540 RT_UNLOCK(route);
1541 lck_mtx_lock(rnh_lock);
1542 RT_LOCK(route);
1543 /*
1544 * Don't change the cloned route away from the
1545 * parent's interface if the address did resolve
1546 * or if the route is defunct. rt_ifp on both
1547 * the parent and the clone can now be freely
1548 * accessed now that we have acquired rnh_lock.
1549 */
1550 gateway = SDL(route->rt_gateway);
1551 if ((gateway->sdl_alen != 0 &&
1552 route->rt_parent != NULL &&
1553 route->rt_parent->rt_ifp == route->rt_ifp) ||
1554 (route->rt_flags & RTF_CONDEMNED)) {
1555 RT_REMREF_LOCKED(route);
1556 RT_UNLOCK(route);
1557 route = NULL;
1558 lck_mtx_unlock(rnh_lock);
1559 goto respond;
1560 }
1561 if (route->rt_ifp != ifp) {
1562 /*
1563 * Purge any link-layer info caching.
1564 */
1565 if (route->rt_llinfo_purge != NULL)
1566 route->rt_llinfo_purge(route);
1567
1568 /* Adjust route ref count for the interfaces */
1569 if (route->rt_if_ref_fn != NULL) {
1570 route->rt_if_ref_fn(ifp, 1);
1571 route->rt_if_ref_fn(route->rt_ifp, -1);
1572 }
1573 }
1574 /* Change the interface when the existing route is on */
1575 route->rt_ifp = ifp;
1576 /*
1577 * If rmx_mtu is not locked, update it
1578 * to the MTU used by the new interface.
1579 */
1580 if (!(route->rt_rmx.rmx_locks & RTV_MTU))
1581 route->rt_rmx.rmx_mtu = route->rt_ifp->if_mtu;
1582
1583 rtsetifa(route, &best_ia->ia_ifa);
1584 gateway->sdl_index = ifp->if_index;
1585 RT_UNLOCK(route);
1586 lck_mtx_unlock(rnh_lock);
1587 RT_LOCK(route);
1588 /* Don't bother if the route is down */
1589 if (!(route->rt_flags & RTF_UP))
1590 goto respond;
1591 /* Refresh gateway pointer */
1592 gateway = SDL(route->rt_gateway);
1593 }
1594 RT_LOCK_ASSERT_HELD(route);
1595 }
1596
1597 if (gateway->sdl_alen != 0 && bcmp(LLADDR(gateway),
1598 CONST_LLADDR(sender_hw), gateway->sdl_alen) != 0) {
1599 if (route->rt_expire != 0 &&
1600 (arp_verbose || log_arp_warnings)) {
1601 char buf2[3 * MAX_HW_LEN];
1602 log(LOG_INFO, "arp: %s moved from %s to %s on %s\n",
1603 inet_ntop(AF_INET, &sender_ip->sin_addr, ipv4str,
1604 sizeof (ipv4str)),
1605 sdl_addr_to_hex(gateway, buf, sizeof (buf)),
1606 sdl_addr_to_hex(sender_hw, buf2, sizeof (buf2)),
1607 if_name(ifp));
1608 } else if (route->rt_expire == 0) {
1609 if (arp_verbose || log_arp_warnings) {
1610 log(LOG_ERR, "arp: %s attempts to modify "
1611 "permanent entry for %s on %s\n",
1612 sdl_addr_to_hex(sender_hw, buf,
1613 sizeof (buf)),
1614 inet_ntop(AF_INET, &sender_ip->sin_addr,
1615 ipv4str, sizeof (ipv4str)),
1616 if_name(ifp));
1617 }
1618 goto respond;
1619 }
1620 }
1621
1622 /* Copy the sender hardware address in to the route's gateway address */
1623 gateway->sdl_alen = sender_hw->sdl_alen;
1624 bcopy(CONST_LLADDR(sender_hw), LLADDR(gateway), gateway->sdl_alen);
1625
1626 /* Update the expire time for the route and clear the reject flag */
1627 if (route->rt_expire != 0)
1628 rt_setexpire(route, net_uptime() + arpt_keep);
1629 route->rt_flags &= ~RTF_REJECT;
1630
1631 /* cache the gateway (sender HW) address */
1632 arp_llreach_alloc(route, ifp, LLADDR(gateway), gateway->sdl_alen,
1633 (arpop == ARPOP_REPLY));
1634
1635 /* update the llinfo, send a queued packet if there is one */
1636 llinfo = route->rt_llinfo;
1637 llinfo->la_asked = 0;
1638 if (llinfo->la_hold) {
1639 struct mbuf *m0 = llinfo->la_hold;
1640 llinfo->la_hold = NULL;
1641 RT_UNLOCK(route);
1642 dlil_output(ifp, PF_INET, m0, (caddr_t)route,
1643 rt_key(route), 0, NULL);
1644 RT_REMREF(route);
1645 route = NULL;
1646 }
1647
1648 respond:
1649 if (route != NULL) {
1650 /* Mark use timestamp if we're going to send a reply */
1651 if (arpop == ARPOP_REQUEST && route->rt_llinfo != NULL)
1652 arp_llreach_use(route->rt_llinfo);
1653 RT_REMREF_LOCKED(route);
1654 RT_UNLOCK(route);
1655 route = NULL;
1656 }
1657
1658 if (arpop != ARPOP_REQUEST)
1659 goto done;
1660
1661 arpstat.rxrequests++;
1662
1663 /* If we are not the target, check if we should proxy */
1664 if (target_ip->sin_addr.s_addr != best_ia_sin.sin_addr.s_addr) {
1665 /*
1666 * Find a proxy route; callee holds a reference on the
1667 * route and returns with the route entry locked, upon
1668 * success.
1669 */
1670 error = arp_lookup_route(&target_ip->sin_addr, 0, SIN_PROXY,
1671 &route, ifp->if_index);
1672
1673 if (error == 0) {
1674 RT_LOCK_ASSERT_HELD(route);
1675 /*
1676 * Return proxied ARP replies only on the interface
1677 * or bridge cluster where this network resides.
1678 * Otherwise we may conflict with the host we are
1679 * proxying for.
1680 */
1681 if (route->rt_ifp != ifp &&
1682 (route->rt_ifp->if_bridge != ifp->if_bridge ||
1683 ifp->if_bridge == NULL)) {
1684 RT_REMREF_LOCKED(route);
1685 RT_UNLOCK(route);
1686 goto done;
1687 }
1688 proxied = *SDL(route->rt_gateway);
1689 target_hw = &proxied;
1690 } else {
1691 /*
1692 * We don't have a route entry indicating we should
1693 * use proxy. If we aren't supposed to proxy all,
1694 * we are done.
1695 */
1696 if (!arp_proxyall)
1697 goto done;
1698
1699 /*
1700 * See if we have a route to the target ip before
1701 * we proxy it.
1702 */
1703 route = rtalloc1_scoped((struct sockaddr *)
1704 (size_t)target_ip, 0, 0, ifp->if_index);
1705 if (!route)
1706 goto done;
1707
1708 /*
1709 * Don't proxy for hosts already on the same interface.
1710 */
1711 RT_LOCK(route);
1712 if (route->rt_ifp == ifp) {
1713 RT_UNLOCK(route);
1714 rtfree(route);
1715 goto done;
1716 }
1717 }
1718 /* Mark use timestamp */
1719 if (route->rt_llinfo != NULL)
1720 arp_llreach_use(route->rt_llinfo);
1721 RT_REMREF_LOCKED(route);
1722 RT_UNLOCK(route);
1723 }
1724
1725 dlil_send_arp(ifp, ARPOP_REPLY,
1726 target_hw, (const struct sockaddr *)target_ip,
1727 sender_hw, (const struct sockaddr *)sender_ip, 0);
1728
1729 done:
1730 if (best_ia != NULL)
1731 IFA_REMREF(&best_ia->ia_ifa);
1732 return (0);
1733 }
1734
1735 void
1736 arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa)
1737 {
1738 struct sockaddr *sa;
1739
1740 IFA_LOCK(ifa);
1741 ifa->ifa_rtrequest = arp_rtrequest;
1742 ifa->ifa_flags |= RTF_CLONING;
1743 sa = ifa->ifa_addr;
1744 IFA_UNLOCK(ifa);
1745 dlil_send_arp(ifp, ARPOP_REQUEST, NULL, sa, NULL, sa, 0);
1746 }
1747
1748 static int
1749 arp_getstat SYSCTL_HANDLER_ARGS
1750 {
1751 #pragma unused(oidp, arg1, arg2)
1752 if (req->oldptr == USER_ADDR_NULL)
1753 req->oldlen = (size_t)sizeof (struct arpstat);
1754
1755 return (SYSCTL_OUT(req, &arpstat, MIN(sizeof (arpstat), req->oldlen)));
1756 }
mirror of XNU