]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet6/nd6_rtr.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-7195.101.1.tar.gz
[apple/xnu.git] / bsd / netinet6 / nd6_rtr.c
1 /*
2 * Copyright (c) 2003-2020 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29 /*
30 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
31 * All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. Neither the name of the project nor the names of its contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 */
57 #include <sys/param.h>
58 #include <sys/systm.h>
59 #include <sys/malloc.h>
60 #include <sys/mbuf.h>
61 #include <sys/socket.h>
62 #include <sys/sockio.h>
63 #include <sys/time.h>
64 #include <sys/kernel.h>
65 #include <sys/errno.h>
66 #include <sys/syslog.h>
67 #include <sys/queue.h>
68 #include <sys/mcache.h>
69 #include <sys/protosw.h>
70
71 #include <dev/random/randomdev.h>
72
73 #include <kern/locks.h>
74 #include <kern/zalloc.h>
75 #include <machine/machine_routines.h>
76
77 #include <net/if.h>
78 #include <net/if_var.h>
79 #include <net/if_types.h>
80 #include <net/if_dl.h>
81 #include <net/route.h>
82 #include <net/radix.h>
83
84 #include <netinet/in.h>
85 #include <netinet6/in6_var.h>
86 #include <netinet6/in6_ifattach.h>
87 #include <netinet/ip6.h>
88 #include <netinet6/ip6_var.h>
89 #include <netinet6/nd6.h>
90 #include <netinet/icmp6.h>
91 #include <netinet6/scope6_var.h>
92
93 #include <net/net_osdep.h>
94
95 static void defrouter_addreq(struct nd_defrouter *, struct nd_route_info *, boolean_t);
96 static void defrouter_delreq(struct nd_defrouter *, struct nd_route_info *);
97 static struct nd_defrouter *defrtrlist_update_common(struct nd_defrouter *,
98 struct nd_drhead *, boolean_t);
99 static struct nd_pfxrouter *pfxrtr_lookup(struct nd_prefix *,
100 struct nd_defrouter *);
101 static void pfxrtr_add(struct nd_prefix *, struct nd_defrouter *);
102 static void pfxrtr_del(struct nd_pfxrouter *, struct nd_prefix *);
103 static struct nd_pfxrouter *find_pfxlist_reachable_router(struct nd_prefix *);
104 static void nd6_rtmsg(u_char, struct rtentry *);
105
106 static int nd6_prefix_onlink_common(struct nd_prefix *, boolean_t,
107 unsigned int);
108 static struct nd_prefix *nd6_prefix_equal_lookup(struct nd_prefix *, boolean_t);
109 static void nd6_prefix_sync(struct ifnet *);
110
111 static void in6_init_address_ltimes(struct nd_prefix *,
112 struct in6_addrlifetime *);
113
114 static int rt6_deleteroute(struct radix_node *, void *);
115
116 static struct nd_defrouter *nddr_alloc(zalloc_flags_t);
117 static void nddr_free(struct nd_defrouter *);
118 static void nddr_trace(struct nd_defrouter *, int);
119
120 static struct nd_prefix *ndpr_alloc(int);
121 static void ndpr_free(struct nd_prefix *);
122 static void ndpr_trace(struct nd_prefix *, int);
123
124 extern int nd6_recalc_reachtm_interval;
125
126 static struct ifnet *nd6_defifp = NULL;
127 int nd6_defifindex = 0;
128 static unsigned int nd6_defrouter_genid;
129
130 int ip6_use_tempaddr = IP6_USE_TMPADDR_DEFAULT; /* use temp addr by default for testing now */
131
132 int nd6_accept_6to4 = 1;
133
134 int ip6_desync_factor;
135 u_int32_t ip6_temp_preferred_lifetime = DEF_TEMP_PREFERRED_LIFETIME;
136 u_int32_t ip6_temp_valid_lifetime = DEF_TEMP_VALID_LIFETIME;
137 /*
138 * shorter lifetimes for debugging purposes.
139 * u_int32_t ip6_temp_preferred_lifetime = 800;
140 * static u_int32_t ip6_temp_valid_lifetime = 1800;
141 */
142 int ip6_temp_regen_advance = TEMPADDR_REGEN_ADVANCE;
143
144 extern lck_mtx_t *nd6_mutex;
145
146 /* Serialization variables for single thread access to nd_prefix */
147 static boolean_t nd_prefix_busy;
148 static void *nd_prefix_waitchan = &nd_prefix_busy;
149 static int nd_prefix_waiters = 0;
150
151 /* Serialization variables for single thread access to nd_defrouter */
152 static boolean_t nd_defrouter_busy;
153 static void *nd_defrouter_waitchan = &nd_defrouter_busy;
154 static int nd_defrouter_waiters = 0;
155
156 #define equal(a1, a2) (bcmp((caddr_t)(a1), (caddr_t)(a2), (a1)->sa_len) == 0)
157 /* RTPREF_MEDIUM has to be 0! */
158 #define RTPREF_HIGH 1
159 #define RTPREF_MEDIUM 0
160 #define RTPREF_LOW (-1)
161 #define RTPREF_RESERVED (-2)
162 #define RTPREF_INVALID (-3) /* internal */
163
164 #define NDPR_TRACE_HIST_SIZE 32 /* size of trace history */
165
166 /* For gdb */
167 __private_extern__ unsigned int ndpr_trace_hist_size = NDPR_TRACE_HIST_SIZE;
168
169 struct nd_prefix_dbg {
170 struct nd_prefix ndpr_pr; /* nd_prefix */
171 u_int16_t ndpr_refhold_cnt; /* # of ref */
172 u_int16_t ndpr_refrele_cnt; /* # of rele */
173 /*
174 * Circular lists of ndpr_addref and ndpr_remref callers.
175 */
176 ctrace_t ndpr_refhold[NDPR_TRACE_HIST_SIZE];
177 ctrace_t ndpr_refrele[NDPR_TRACE_HIST_SIZE];
178 };
179
180 static unsigned int ndpr_debug; /* debug flags */
181 static struct zone *ndpr_zone; /* zone for nd_prefix */
182 #define NDPR_ZONE_NAME "nd6_prefix" /* zone name */
183
184 #define NDDR_TRACE_HIST_SIZE 32 /* size of trace history */
185
186 /* For gdb */
187 __private_extern__ unsigned int nddr_trace_hist_size = NDDR_TRACE_HIST_SIZE;
188
189 struct nd_defrouter_dbg {
190 struct nd_defrouter nddr_dr; /* nd_defrouter */
191 uint16_t nddr_refhold_cnt; /* # of ref */
192 uint16_t nddr_refrele_cnt; /* # of rele */
193 /*
194 * Circular lists of nddr_addref and nddr_remref callers.
195 */
196 ctrace_t nddr_refhold[NDDR_TRACE_HIST_SIZE];
197 ctrace_t nddr_refrele[NDDR_TRACE_HIST_SIZE];
198 };
199
200 static unsigned int nddr_debug; /* debug flags */
201 static struct zone *nddr_zone; /* zone for nd_defrouter */
202 #define NDDR_ZONE_NAME "nd6_defrouter" /* zone name */
203
204 static ZONE_DECLARE(ndprtr_zone, "nd6_pfxrouter",
205 sizeof(struct nd_pfxrouter), ZC_NONE);
206
207 #define TWOHOUR (120*60)
208 extern int nd6_process_rti; /* Default to 0 for now */
209
210
211 static void
212 nd6_prefix_glb_init(void)
213 {
214 PE_parse_boot_argn("ifa_debug", &ndpr_debug, sizeof(ndpr_debug));
215 vm_size_t ndpr_size = (ndpr_debug == 0) ? sizeof(struct nd_prefix) :
216 sizeof(struct nd_prefix_dbg);
217 ndpr_zone = zone_create(NDPR_ZONE_NAME, ndpr_size, ZC_ZFREE_CLEARMEM);
218 }
219
220 static void
221 nd6_defrouter_glb_init(void)
222 {
223 PE_parse_boot_argn("ifa_debug", &nddr_debug, sizeof(nddr_debug));
224 vm_size_t nddr_size = (nddr_debug == 0) ? sizeof(struct nd_defrouter) :
225 sizeof(struct nd_defrouter_dbg);
226 nddr_zone = zone_create(NDDR_ZONE_NAME, nddr_size, ZC_ZFREE_CLEARMEM);
227 }
228
229 void
230 nd6_rtr_init(void)
231 {
232 nd6_prefix_glb_init();
233 nd6_defrouter_glb_init();
234 }
235
236 /*
237 * Receive Router Solicitation Message - just for routers.
238 * Router solicitation/advertisement is mostly managed by userland program
239 * (rtadvd) so here we have no function like nd6_ra_output().
240 *
241 * Based on RFC 2461
242 */
243 void
244 nd6_rs_input(
245 struct mbuf *m,
246 int off,
247 int icmp6len)
248 {
249 struct ifnet *ifp = m->m_pkthdr.rcvif;
250 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
251 struct nd_router_solicit *nd_rs = NULL;
252 struct in6_addr saddr6 = ip6->ip6_src;
253 char *lladdr = NULL;
254 int lladdrlen = 0;
255 union nd_opts ndopts = {};
256
257 /* Expect 32-bit aligned data pointer on strict-align platforms */
258 MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
259
260 /* If I'm not a router, ignore it. */
261 if (!ip6_forwarding || ifp->if_ipv6_router_mode == IPV6_ROUTER_MODE_DISABLED) {
262 goto freeit;
263 }
264
265 /* Sanity checks */
266 if (ip6->ip6_hlim != IPV6_MAXHLIM) {
267 nd6log(error,
268 "nd6_rs_input: invalid hlim (%d) from %s to %s on %s\n",
269 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src),
270 ip6_sprintf(&ip6->ip6_dst), if_name(ifp));
271 goto bad;
272 }
273
274 /*
275 * Don't update the neighbor cache, if src = :: or a non-neighbor.
276 * The former case indicates that the src has no IP address assigned
277 * yet. See nd6_ns_input() for the latter case.
278 */
279 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
280 goto freeit;
281 } else {
282 struct sockaddr_in6 src_sa6;
283
284 bzero(&src_sa6, sizeof(src_sa6));
285 src_sa6.sin6_family = AF_INET6;
286 src_sa6.sin6_len = sizeof(src_sa6);
287 src_sa6.sin6_addr = ip6->ip6_src;
288 if (!nd6_is_addr_neighbor(&src_sa6, ifp, 0)) {
289 nd6log(info, "nd6_rs_input: "
290 "RS packet from non-neighbor\n");
291 goto freeit;
292 }
293 }
294
295 IP6_EXTHDR_CHECK(m, off, icmp6len, return );
296 ip6 = mtod(m, struct ip6_hdr *);
297 nd_rs = (struct nd_router_solicit *)((caddr_t)ip6 + off);
298 icmp6len -= sizeof(*nd_rs);
299 nd6_option_init(nd_rs + 1, icmp6len, &ndopts);
300 if (nd6_options(&ndopts) < 0) {
301 nd6log(info,
302 "nd6_rs_input: invalid ND option, ignored\n");
303 /* nd6_options have incremented stats */
304 goto freeit;
305 }
306
307 if (ndopts.nd_opts_src_lladdr) {
308 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
309 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
310 }
311
312 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
313 nd6log(info,
314 "nd6_rs_input: lladdrlen mismatch for %s "
315 "(if %d, RS packet %d)\n",
316 ip6_sprintf(&saddr6), ifp->if_addrlen, lladdrlen - 2);
317 goto bad;
318 }
319
320 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen, ND_ROUTER_SOLICIT, 0);
321
322 freeit:
323 m_freem(m);
324 return;
325
326 bad:
327 icmp6stat.icp6s_badrs++;
328 m_freem(m);
329 }
330
331 #define ND_OPT_LEN_TO_BYTE_SCALE 3 /* ND opt len is in units of 8 octets */
332
333 #define ND_OPT_LEN_RTI_MIN 1
334 #define ND_OPT_LEN_RTI_MAX 3
335 #define ND_OPT_RTI_PFXLEN_MAX 128
336 /*
337 * Receive Router Advertisement Message.
338 *
339 * Based on RFC 2461
340 * TODO: on-link bit on prefix information
341 * TODO: ND_RA_FLAG_{OTHER,MANAGED} processing
342 */
343 void
344 nd6_ra_input(
345 struct mbuf *m,
346 int off,
347 int icmp6len)
348 {
349 struct ifnet *ifp = m->m_pkthdr.rcvif;
350 struct nd_ifinfo *ndi = NULL;
351 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
352 struct nd_router_advert *nd_ra;
353 struct in6_addr saddr6 = ip6->ip6_src;
354 int mcast = 0;
355 union nd_opts ndopts;
356 struct nd_defrouter *dr = NULL;
357 u_int32_t mtu = 0;
358 char *lladdr = NULL;
359 u_int32_t lladdrlen = 0;
360 struct nd_prefix_list *nd_prefix_list_head = NULL;
361 u_int32_t nd_prefix_list_length = 0;
362 struct in6_ifaddr *ia6 = NULL;
363 struct nd_prefix_list *prfl;
364 struct nd_defrouter dr0;
365 u_int32_t advreachable;
366 boolean_t rti_defrtr_processed = FALSE;
367
368 #if (DEVELOPMENT || DEBUG)
369 if (ip6_accept_rtadv == 0) {
370 goto freeit;
371 }
372 #endif /* (DEVELOPMENT || DEBUG) */
373 /* Expect 32-bit aligned data pointer on strict-align platforms */
374 MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
375
376 /*
377 * Accept the RA if IFEF_ACCEPT_RTADV is set, or when
378 * we're acting as a router and the RA is locally generated.
379 * For convenience, we allow locally generated (rtadvd)
380 * RAs to be processed on the advertising interface, as a router.
381 *
382 * Note that we don't test against ip6_forwarding as we could be
383 * both a host and a router on different interfaces, hence the
384 * check against the per-interface flags.
385 */
386 if ((ifp->if_eflags & IFEF_ACCEPT_RTADV) == 0) {
387 if (ifp->if_ipv6_router_mode == IPV6_ROUTER_MODE_EXCLUSIVE &&
388 (ia6 = ifa_foraddr6(&saddr6)) != NULL) {
389 /* accept locally generated RA */
390 } else {
391 goto freeit;
392 }
393 }
394
395 if (ia6 != NULL) {
396 IFA_REMREF(&ia6->ia_ifa);
397 ia6 = NULL;
398 }
399
400 if (ip6->ip6_hlim != IPV6_MAXHLIM) {
401 nd6log(error,
402 "nd6_ra_input: invalid hlim (%d) from %s to %s on %s\n",
403 ip6->ip6_hlim, ip6_sprintf(&ip6->ip6_src),
404 ip6_sprintf(&ip6->ip6_dst), if_name(ifp));
405 goto bad;
406 }
407
408 if (!IN6_IS_ADDR_LINKLOCAL(&saddr6)) {
409 nd6log(error,
410 "nd6_ra_input: src %s is not link-local\n",
411 ip6_sprintf(&saddr6));
412 goto bad;
413 }
414
415 IP6_EXTHDR_CHECK(m, off, icmp6len, return );
416 ip6 = mtod(m, struct ip6_hdr *);
417 nd_ra = (struct nd_router_advert *)((caddr_t)ip6 + off);
418
419 icmp6len -= sizeof(*nd_ra);
420 nd6_option_init(nd_ra + 1, icmp6len, &ndopts);
421 if (nd6_options(&ndopts) < 0) {
422 nd6log(info,
423 "nd6_ra_input: invalid ND option, ignored\n");
424 /* nd6_options have incremented stats */
425 goto freeit;
426 }
427
428 advreachable = nd_ra->nd_ra_reachable;
429
430 /* remember if this is a multicasted advertisement */
431 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
432 mcast = 1;
433 }
434
435 ndi = ND_IFINFO(ifp);
436 VERIFY(NULL != ndi && TRUE == ndi->initialized);
437 lck_mtx_lock(&ndi->lock);
438 /* unspecified or not? (RFC 2461 6.3.4) */
439 if (advreachable) {
440 advreachable = ntohl(advreachable);
441 if (advreachable <= MAX_REACHABLE_TIME &&
442 ndi->basereachable != advreachable) {
443 ndi->basereachable = advreachable;
444 ndi->reachable = ND_COMPUTE_RTIME(ndi->basereachable);
445 ndi->recalctm = nd6_recalc_reachtm_interval; /* reset */
446 }
447 }
448 if (nd_ra->nd_ra_retransmit) {
449 ndi->retrans = ntohl(nd_ra->nd_ra_retransmit);
450 }
451 if (nd_ra->nd_ra_curhoplimit) {
452 if (ndi->chlim < nd_ra->nd_ra_curhoplimit) {
453 ndi->chlim = nd_ra->nd_ra_curhoplimit;
454 } else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) {
455 nd6log(error,
456 "RA with a lower CurHopLimit sent from "
457 "%s on %s (current = %d, received = %d). "
458 "Ignored.\n", ip6_sprintf(&ip6->ip6_src),
459 if_name(ifp), ndi->chlim,
460 nd_ra->nd_ra_curhoplimit);
461 }
462 }
463 lck_mtx_unlock(&ndi->lock);
464
465 /* Initialize nd_defrouter invariants for RA processing */
466 bzero(&dr0, sizeof(dr0));
467 dr0.rtaddr = saddr6;
468 dr0.ifp = ifp;
469
470 /*
471 * Route Information Option
472 */
473 if (ndopts.nd_opts_rti && IFNET_IS_ETHERNET(ifp)) {
474 struct nd_opt_hdr *rt = NULL;
475 struct sockaddr_in6 rti_gateway = {0};
476
477 rti_gateway.sin6_family = AF_INET6;
478 rti_gateway.sin6_len = sizeof(rti_gateway);
479 memcpy(&rti_gateway.sin6_addr, &saddr6, sizeof(rti_gateway.sin6_addr));
480
481 for (rt = (struct nd_opt_hdr *)ndopts.nd_opts_rti;
482 rt <= (struct nd_opt_hdr *)ndopts.nd_opts_rti_end;
483 rt = (struct nd_opt_hdr *)((caddr_t)rt +
484 (rt->nd_opt_len << ND_OPT_LEN_TO_BYTE_SCALE))) {
485 struct sockaddr_in6 rti_prefix = {};
486 struct nd_route_info rti = {};
487 struct nd_opt_route_info *rti_opt = NULL;
488 u_int32_t rounded_prefix_bytes = 0;
489
490 if (rt->nd_opt_type != ND_OPT_ROUTE_INFO) {
491 continue;
492 }
493
494 rti_opt = (struct nd_opt_route_info *)rt;
495 if ((rti_opt->nd_opt_rti_len < ND_OPT_LEN_RTI_MIN) ||
496 (rti_opt->nd_opt_rti_len > ND_OPT_LEN_RTI_MAX)) {
497 nd6log(info,
498 "%s: invalid option "
499 "len %d for route information option, "
500 "ignored\n", __func__,
501 rti_opt->nd_opt_rti_len);
502 continue;
503 }
504
505 if (rti_opt->nd_opt_rti_prefixlen > ND_OPT_RTI_PFXLEN_MAX) {
506 nd6log(info,
507 "%s: invalid prefix length %d "
508 "in the route information option, "
509 "ignored\n", __func__, rti_opt->nd_opt_rti_prefixlen);
510 continue;
511 }
512
513 if (rti_opt->nd_opt_rti_prefixlen != 0 &&
514 rti_opt->nd_opt_rti_prefixlen <= 64 &&
515 rti_opt->nd_opt_rti_len == ND_OPT_LEN_RTI_MIN) {
516 nd6log(info,
517 "%s: invalid prefix "
518 "len %d is OOB for route information option, "
519 "with total option length of %d. Ignored.\n",
520 __func__, rti_opt->nd_opt_rti_prefixlen,
521 rti_opt->nd_opt_rti_len);
522 continue;
523 }
524
525 if (rti_opt->nd_opt_rti_prefixlen > 64 &&
526 rti_opt->nd_opt_rti_len != ND_OPT_LEN_RTI_MAX) {
527 nd6log(info,
528 "%s: invalid prefix "
529 "len %d is OOB for route information option, "
530 "with total option length of %d. Ignored.\n",
531 __func__, rti_opt->nd_opt_rti_prefixlen,
532 rti_opt->nd_opt_rti_len);
533 continue;
534 }
535
536 if ((rti_opt->nd_opt_rti_flags & ND_RA_FLAG_RTPREF_MASK) ==
537 ND_RA_FLAG_RTPREF_RSV) {
538 nd6log(info,
539 "%s: using reserved preference mask, "
540 "ignored\n", __func__);
541 continue;
542 }
543
544 rti_prefix.sin6_family = AF_INET6;
545 rti_prefix.sin6_len = sizeof(rti_prefix);
546
547 rounded_prefix_bytes = rti_opt->nd_opt_rti_prefixlen >> 3;
548 if (rti_opt->nd_opt_rti_prefixlen & 0x7) {
549 rounded_prefix_bytes++;
550 }
551 memcpy(&rti_prefix.sin6_addr, rti_opt + 1, rounded_prefix_bytes);
552
553 nd6log(info, "%s: received RA with route opt, "
554 "prefix %s/%u pref %u lifetime %u\n", __func__,
555 ip6_sprintf(&rti_prefix.sin6_addr),
556 rti_opt->nd_opt_rti_prefixlen,
557 rti_opt->nd_opt_rti_flags,
558 ntohl(rti_opt->nd_opt_rti_lifetime));
559
560 dr0.flags = rti_opt->nd_opt_rti_flags;
561 dr0.stateflags = 0;
562
563 /*
564 * https://tools.ietf.org/html/rfc4191#section-3.1
565 * Type C Host requirements:
566 * The Router Preference and Lifetime values in a
567 * ::/0 Route Information Option override the
568 * preference and lifetime values in the Router
569 * Advertisement header.
570 */
571 if (IN6_IS_ADDR_UNSPECIFIED(&rti_prefix.sin6_addr)) {
572 rti_defrtr_processed = TRUE;
573 /*
574 * If the router lifetime is 0, set the state flag
575 * to dummy, so that it is skipped and not used as a
576 * default router.
577 * Set the lifetime to 2 hrs to make sure we get rid
578 * of the router eventually if this was indeed for a router
579 * going away.
580 *
581 * We partly have to do this to ensure advertised prefixes
582 * stay onlink.
583 * A periodic RA would also keep refreshing the cached
584 * neighbor cache entry if it contains source link layer
585 * information.
586 */
587 if (rti_opt->nd_opt_rti_lifetime == 0) {
588 dr0.rtlifetime = TWOHOUR;
589 dr0.stateflags |= NDDRF_INELIGIBLE;
590 } else {
591 dr0.rtlifetime = ntohl(rti_opt->nd_opt_rti_lifetime);
592 }
593 dr0.expire = net_uptime() + dr0.rtlifetime;
594
595 lck_mtx_lock(nd6_mutex);
596 dr = defrtrlist_update(&dr0, NULL);
597 lck_mtx_unlock(nd6_mutex);
598 continue;
599 }
600
601 dr0.rtlifetime = ntohl(rti_opt->nd_opt_rti_lifetime);
602 dr0.expire = net_uptime() + dr0.rtlifetime;
603 bzero(&rti, sizeof(rti));
604 rti.nd_rti_prefixlen = rti_opt->nd_opt_rti_prefixlen;
605 rti.nd_rti_prefix = rti_prefix.sin6_addr;
606 nd6_rtilist_update(&rti, &dr0);
607 }
608 }
609
610 if (!rti_defrtr_processed) {
611 dr0.flags = nd_ra->nd_ra_flags_reserved;
612 dr0.stateflags = 0;
613 /*
614 * If the router lifetime is 0, set the state flag
615 * to dummy, so that it is skipped and not used as a
616 * default router.
617 * Set the lifetime to 2 hrs to make sure we get rid
618 * of the router eventually if this was indeed for a router
619 * going away.
620 *
621 * We partly have to do this to ensure advertised prefixes
622 * stay onlink.
623 * A periodic RA would also keep refreshing the cached
624 * neighbor cache entry if it contains source link layer
625 * information.
626 */
627 if (nd_ra->nd_ra_router_lifetime == 0) {
628 dr0.rtlifetime = TWOHOUR;
629 dr0.stateflags |= NDDRF_INELIGIBLE;
630 } else {
631 dr0.rtlifetime = ntohs(nd_ra->nd_ra_router_lifetime);
632 }
633 dr0.expire = net_uptime() + dr0.rtlifetime;
634 lck_mtx_lock(nd6_mutex);
635 dr = defrtrlist_update(&dr0, NULL);
636 lck_mtx_unlock(nd6_mutex);
637 }
638
639 /*
640 * prefix
641 */
642 if (ndopts.nd_opts_pi) {
643 struct nd_opt_hdr *pt;
644 struct nd_opt_prefix_info *pi = NULL;
645 struct nd_prefix pr;
646
647 for (pt = (struct nd_opt_hdr *)ndopts.nd_opts_pi;
648 pt <= (struct nd_opt_hdr *)ndopts.nd_opts_pi_end;
649 pt = (struct nd_opt_hdr *)((caddr_t)pt +
650 (pt->nd_opt_len << ND_OPT_LEN_TO_BYTE_SCALE))) {
651 struct in6_addr pi_mask;
652 bzero(&pi_mask, sizeof(pi_mask));
653
654 if (pt->nd_opt_type != ND_OPT_PREFIX_INFORMATION) {
655 continue;
656 }
657 pi = (struct nd_opt_prefix_info *)pt;
658
659 if (pi->nd_opt_pi_len != 4) {
660 nd6log(info,
661 "nd6_ra_input: invalid option "
662 "len %d for prefix information option, "
663 "ignored\n", pi->nd_opt_pi_len);
664 continue;
665 }
666
667 if (128 < pi->nd_opt_pi_prefix_len) {
668 nd6log(info,
669 "nd6_ra_input: invalid prefix "
670 "len %d for prefix information option, "
671 "ignored\n", pi->nd_opt_pi_prefix_len);
672 continue;
673 }
674
675 /*
676 * To ignore ::/64 make sure bits beyond prefixlen
677 * are set to zero
678 */
679 in6_prefixlen2mask(&pi_mask, pi->nd_opt_pi_prefix_len);
680 pi->nd_opt_pi_prefix.s6_addr32[0] &= pi_mask.s6_addr32[0];
681 pi->nd_opt_pi_prefix.s6_addr32[1] &= pi_mask.s6_addr32[1];
682 pi->nd_opt_pi_prefix.s6_addr32[2] &= pi_mask.s6_addr32[2];
683 pi->nd_opt_pi_prefix.s6_addr32[3] &= pi_mask.s6_addr32[3];
684
685 if (IN6_IS_ADDR_UNSPECIFIED(&pi->nd_opt_pi_prefix) ||
686 IN6_IS_ADDR_MULTICAST(&pi->nd_opt_pi_prefix) ||
687 IN6_IS_ADDR_LINKLOCAL(&pi->nd_opt_pi_prefix)) {
688 nd6log(info,
689 "%s: invalid prefix %s, ignored\n",
690 __func__,
691 ip6_sprintf(&pi->nd_opt_pi_prefix));
692 continue;
693 }
694
695 bzero(&pr, sizeof(pr));
696 lck_mtx_init(&pr.ndpr_lock, ifa_mtx_grp, ifa_mtx_attr);
697 NDPR_LOCK(&pr);
698 pr.ndpr_prefix.sin6_family = AF_INET6;
699 pr.ndpr_prefix.sin6_len = sizeof(pr.ndpr_prefix);
700 pr.ndpr_prefix.sin6_addr = pi->nd_opt_pi_prefix;
701 pr.ndpr_ifp = m->m_pkthdr.rcvif;
702
703 pr.ndpr_raf_onlink = (pi->nd_opt_pi_flags_reserved &
704 ND_OPT_PI_FLAG_ONLINK) ? 1 : 0;
705 pr.ndpr_raf_auto = (pi->nd_opt_pi_flags_reserved &
706 ND_OPT_PI_FLAG_AUTO) ? 1 : 0;
707 pr.ndpr_plen = pi->nd_opt_pi_prefix_len;
708 pr.ndpr_vltime = ntohl(pi->nd_opt_pi_valid_time);
709 pr.ndpr_pltime =
710 ntohl(pi->nd_opt_pi_preferred_time);
711
712 /*
713 * Exceptions to stateless autoconfiguration processing:
714 * + nd6_accept_6to4 == 0 && address has 6to4 prefix
715 * + ip6_only_allow_rfc4193_prefix != 0 &&
716 * address not RFC 4193
717 */
718 if (ip6_only_allow_rfc4193_prefix &&
719 !IN6_IS_ADDR_UNIQUE_LOCAL(&pi->nd_opt_pi_prefix)) {
720 nd6log(info,
721 "nd6_ra_input: no SLAAC on prefix %s "
722 "[not RFC 4193]\n",
723 ip6_sprintf(&pi->nd_opt_pi_prefix));
724 pr.ndpr_raf_auto = 0;
725 } else if (!nd6_accept_6to4 &&
726 IN6_IS_ADDR_6TO4(&pi->nd_opt_pi_prefix)) {
727 nd6log(info,
728 "%s: no SLAAC on prefix %s "
729 "[6to4]\n", __func__,
730 ip6_sprintf(&pi->nd_opt_pi_prefix));
731 pr.ndpr_raf_auto = 0;
732 }
733
734 if (in6_init_prefix_ltimes(&pr)) {
735 NDPR_UNLOCK(&pr);
736 lck_mtx_destroy(&pr.ndpr_lock, ifa_mtx_grp);
737 continue; /* prefix lifetime init failed */
738 } else {
739 NDPR_UNLOCK(&pr);
740 }
741 (void) prelist_update(&pr, dr, m, mcast);
742 lck_mtx_destroy(&pr.ndpr_lock, ifa_mtx_grp);
743
744 /*
745 * We have to copy the values out after the
746 * prelist_update call since some of these values won't
747 * be properly set until after the router advertisement
748 * updating can vet the values.
749 */
750 prfl = NULL;
751 MALLOC(prfl, struct nd_prefix_list *, sizeof(*prfl),
752 M_TEMP, M_WAITOK | M_ZERO);
753
754 if (prfl == NULL) {
755 log(LOG_DEBUG, "%s: unable to MALLOC RA prefix "
756 "structure\n", __func__);
757 continue;
758 }
759
760 /* this is only for nd6_post_msg(), otherwise unused */
761 bcopy(&pr.ndpr_prefix, &prfl->pr.ndpr_prefix,
762 sizeof(prfl->pr.ndpr_prefix));
763 prfl->pr.ndpr_raf = pr.ndpr_raf;
764 prfl->pr.ndpr_plen = pr.ndpr_plen;
765 prfl->pr.ndpr_vltime = pr.ndpr_vltime;
766 prfl->pr.ndpr_pltime = pr.ndpr_pltime;
767 prfl->pr.ndpr_expire = pr.ndpr_expire;
768 prfl->pr.ndpr_base_calendartime =
769 pr.ndpr_base_calendartime;
770 prfl->pr.ndpr_base_uptime = pr.ndpr_base_uptime;
771 prfl->pr.ndpr_stateflags = pr.ndpr_stateflags;
772 prfl->pr.ndpr_addrcnt = pr.ndpr_addrcnt;
773 prfl->pr.ndpr_ifp = pr.ndpr_ifp;
774
775 prfl->next = nd_prefix_list_head;
776 nd_prefix_list_head = prfl;
777 nd_prefix_list_length++;
778 }
779 }
780
781
782 /*
783 * MTU
784 */
785 if (ndopts.nd_opts_mtu && ndopts.nd_opts_mtu->nd_opt_mtu_len == 1) {
786 mtu = ntohl(ndopts.nd_opts_mtu->nd_opt_mtu_mtu);
787 /* lower bound */
788 if (mtu < IPV6_MMTU) {
789 nd6log(info, "nd6_ra_input: bogus mtu option "
790 "mtu=%d sent from %s, ignoring\n",
791 mtu, ip6_sprintf(&ip6->ip6_src));
792 goto skip;
793 }
794
795 lck_mtx_lock(&ndi->lock);
796 /* upper bound */
797 if (ndi->maxmtu) {
798 if (mtu <= ndi->maxmtu) {
799 int change = (ndi->linkmtu != mtu);
800
801 ndi->linkmtu = mtu;
802 lck_mtx_unlock(&ndi->lock);
803 if (change) { /* in6_maxmtu may change */
804 in6_setmaxmtu();
805 }
806 } else {
807 nd6log(info, "nd6_ra_input: bogus mtu "
808 "mtu=%d sent from %s; "
809 "exceeds maxmtu %d, ignoring\n",
810 mtu, ip6_sprintf(&ip6->ip6_src),
811 ndi->maxmtu);
812 lck_mtx_unlock(&ndi->lock);
813 }
814 } else {
815 lck_mtx_unlock(&ndi->lock);
816 nd6log(info, "nd6_ra_input: mtu option "
817 "mtu=%d sent from %s; maxmtu unknown, "
818 "ignoring\n",
819 mtu, ip6_sprintf(&ip6->ip6_src));
820 }
821 }
822
823 skip:
824
825 /*
826 * Source link layer address
827 */
828 if (ndopts.nd_opts_src_lladdr) {
829 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
830 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
831 }
832
833 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
834 nd6log(info,
835 "nd6_ra_input: lladdrlen mismatch for %s "
836 "(if %d, RA packet %d)\n",
837 ip6_sprintf(&saddr6), ifp->if_addrlen, lladdrlen - 2);
838 goto bad;
839 }
840
841 if (dr && dr->stateflags & NDDRF_MAPPED) {
842 saddr6 = dr->rtaddr_mapped;
843 }
844
845 nd6_cache_lladdr(ifp, &saddr6, lladdr, (int)lladdrlen,
846 ND_ROUTER_ADVERT, 0);
847
848 /* Post message */
849 nd6_post_msg(KEV_ND6_RA, nd_prefix_list_head, nd_prefix_list_length,
850 mtu);
851
852 /*
853 * Installing a link-layer address might change the state of the
854 * router's neighbor cache, which might also affect our on-link
855 * detection of adveritsed prefixes.
856 */
857 lck_mtx_lock(nd6_mutex);
858 pfxlist_onlink_check();
859 lck_mtx_unlock(nd6_mutex);
860
861 freeit:
862 m_freem(m);
863 if (dr) {
864 NDDR_REMREF(dr);
865 }
866
867 prfl = NULL;
868 while ((prfl = nd_prefix_list_head) != NULL) {
869 nd_prefix_list_head = prfl->next;
870 FREE(prfl, M_TEMP);
871 }
872
873 return;
874
875 bad:
876 icmp6stat.icp6s_badra++;
877 goto freeit;
878 }
879
880 /*
881 * default router list proccessing sub routines
882 */
883
884 /* tell the change to user processes watching the routing socket. */
885 static void
886 nd6_rtmsg(u_char cmd, struct rtentry *rt)
887 {
888 struct rt_addrinfo info;
889 struct ifnet *ifp = rt->rt_ifp;
890
891 RT_LOCK_ASSERT_HELD(rt);
892
893 bzero((caddr_t)&info, sizeof(info));
894 /* It's not necessary to lock ifp for if_lladdr */
895 info.rti_info[RTAX_DST] = rt_key(rt);
896 info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
897 info.rti_info[RTAX_NETMASK] = rt_mask(rt);
898 /*
899 * ifa_addr pointers for both should always be valid
900 * in this context; no need to hold locks.
901 */
902 info.rti_info[RTAX_IFP] = ifp->if_lladdr->ifa_addr;
903 info.rti_info[RTAX_IFA] = rt->rt_ifa->ifa_addr;
904
905 rt_missmsg(cmd, &info, rt->rt_flags, 0);
906 }
907
908 static void
909 defrouter_addreq(struct nd_defrouter *new, struct nd_route_info *rti, boolean_t scoped)
910 {
911 struct sockaddr_in6 key, mask, gate;
912 struct rtentry *newrt = NULL;
913 unsigned int ifscope;
914 int err;
915 struct nd_ifinfo *ndi = ND_IFINFO(new->ifp);
916 int rtflags = RTF_GATEWAY;
917
918 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
919 NDDR_LOCK_ASSERT_NOTHELD(new);
920 /*
921 * We're free to lock and unlock NDDR because our callers
922 * are holding an extra reference for us.
923 */
924
925 NDDR_LOCK(new);
926 if (new->stateflags & NDDRF_INSTALLED) {
927 goto out;
928 }
929 if (new->ifp->if_ipv6_router_mode == IPV6_ROUTER_MODE_EXCLUSIVE) {
930 nd6log2(info, "%s: ignoring router %s, scoped=%d, "
931 "static=%d on advertising interface\n", if_name(new->ifp),
932 ip6_sprintf(&new->rtaddr), scoped,
933 (new->stateflags & NDDRF_STATIC) ? 1 : 0);
934 goto out;
935 }
936
937 nd6log2(info, "%s: adding default router %s, scoped=%d, "
938 "static=%d\n", if_name(new->ifp), ip6_sprintf(&new->rtaddr),
939 scoped, (new->stateflags & NDDRF_STATIC) ? 1 : 0);
940
941 Bzero(&key, sizeof(key));
942 Bzero(&mask, sizeof(mask));
943 Bzero(&gate, sizeof(gate));
944
945 key.sin6_len = mask.sin6_len = gate.sin6_len
946 = sizeof(struct sockaddr_in6);
947 key.sin6_family = mask.sin6_family = gate.sin6_family = AF_INET6;
948
949 if (rti != NULL) {
950 key.sin6_addr = rti->nd_rti_prefix;
951 in6_len2mask(&mask.sin6_addr, rti->nd_rti_prefixlen);
952 if (rti->nd_rti_prefixlen == ND_OPT_RTI_PFXLEN_MAX) {
953 rtflags |= RTF_HOST;
954 } else {
955 rtflags |= RTF_PRCLONING;
956 }
957 }
958
959 if (new->stateflags & NDDRF_MAPPED) {
960 gate.sin6_addr = new->rtaddr_mapped;
961 } else {
962 gate.sin6_addr = new->rtaddr;
963 }
964
965 ifscope = scoped ? new->ifp->if_index : IFSCOPE_NONE;
966 NDDR_UNLOCK(new);
967
968 /*
969 * Cellular networks may have buggy deployments
970 * with gateway IPv6 link local address with same
971 * interface identifier as the one that has been
972 * assigned for the cellular context.
973 * If gateway is same as locally configured link local
974 * interface on cellular interface, generated a different one
975 * and store it in the nd_defrouter entry and use it to work
976 * on routing table
977 */
978 if (new->ifp->if_type == IFT_CELLULAR &&
979 !(new->stateflags & NDDRF_STATIC) &&
980 !(new->stateflags & NDDRF_MAPPED) &&
981 IN6_IS_ADDR_LINKLOCAL(&gate.sin6_addr) &&
982 ndi && !(ndi->flags & ND6_IFF_PERFORMNUD)) {
983 struct in6_ifaddr *tmp_ia6 = in6ifa_ifpforlinklocal(new->ifp, 0);
984
985 if (tmp_ia6 != NULL &&
986 !(tmp_ia6->ia6_flags & IN6_IFF_NOTMANUAL) &&
987 IN6_ARE_ADDR_EQUAL(&tmp_ia6->ia_addr.sin6_addr,
988 &gate.sin6_addr)) {
989 gate.sin6_addr.s6_addr8[15] += 1;
990 new->rtaddr_mapped = gate.sin6_addr;
991 new->stateflags |= NDDRF_MAPPED;
992
993 nd6log(info, "%s: Default router %s mapped "
994 "to ", if_name(new->ifp), ip6_sprintf(&new->rtaddr));
995 nd6log(info, "%s\n", ip6_sprintf(&new->rtaddr_mapped));
996 }
997 }
998
999 err = rtrequest_scoped(RTM_ADD, (struct sockaddr *)&key,
1000 (struct sockaddr *)&gate, (struct sockaddr *)&mask,
1001 rtflags, &newrt, ifscope);
1002
1003 if (newrt) {
1004 RT_LOCK(newrt);
1005 nd6_rtmsg(RTM_ADD, newrt); /* tell user process */
1006 RT_REMREF_LOCKED(newrt);
1007 RT_UNLOCK(newrt);
1008 NDDR_LOCK(new);
1009 new->stateflags |= NDDRF_INSTALLED;
1010 if (ifscope != IFSCOPE_NONE) {
1011 new->stateflags |= NDDRF_IFSCOPE;
1012 }
1013 } else {
1014 nd6log(error, "%s: failed to add default router "
1015 "%s on %s scoped %d (errno = %d)\n", __func__,
1016 ip6_sprintf(&gate.sin6_addr), if_name(new->ifp),
1017 (ifscope != IFSCOPE_NONE), err);
1018 NDDR_LOCK(new);
1019 }
1020 new->err = err;
1021
1022 out:
1023 NDDR_UNLOCK(new);
1024 }
1025
1026 struct nd_defrouter *
1027 defrouter_lookup(
1028 struct nd_drhead *nd_router_listp,
1029 struct in6_addr *addr,
1030 struct ifnet *ifp)
1031 {
1032 struct nd_defrouter *dr;
1033
1034 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
1035
1036 if (nd_router_listp == NULL) {
1037 nd_router_listp = &nd_defrouter_list;
1038 }
1039
1040 for (dr = TAILQ_FIRST(nd_router_listp); dr;
1041 dr = TAILQ_NEXT(dr, dr_entry)) {
1042 NDDR_LOCK(dr);
1043 if (dr->ifp == ifp && IN6_ARE_ADDR_EQUAL(addr, &dr->rtaddr)) {
1044 NDDR_ADDREF(dr);
1045 NDDR_UNLOCK(dr);
1046 return dr;
1047 }
1048 NDDR_UNLOCK(dr);
1049 }
1050
1051 return NULL; /* search failed */
1052 }
1053
1054 /*
1055 * Remove the default route for a given router.
1056 * This is just a subroutine function for defrouter_select(), and should
1057 * not be called from anywhere else.
1058 */
1059 static void
1060 defrouter_delreq(struct nd_defrouter *dr, struct nd_route_info *rti)
1061 {
1062 struct sockaddr_in6 key, mask, gate;
1063 struct rtentry *oldrt = NULL;
1064 unsigned int ifscope;
1065 int err;
1066
1067 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
1068 NDDR_LOCK_ASSERT_NOTHELD(dr);
1069 /*
1070 * We're free to lock and unlock NDDR because our callers
1071 * are holding an extra reference for us.
1072 */
1073 NDDR_LOCK(dr);
1074 /* ifp would be NULL for the "drany" case */
1075 if (dr->ifp != NULL && !(dr->stateflags & NDDRF_INSTALLED)) {
1076 goto out;
1077 }
1078
1079 nd6log2(info, "%s: removing default router %s, scoped=%d, "
1080 "static=%d\n", dr->ifp != NULL ? if_name(dr->ifp) : "ANY",
1081 ip6_sprintf(&dr->rtaddr), (dr->stateflags & NDDRF_IFSCOPE) ? 1 : 0,
1082 (dr->stateflags & NDDRF_STATIC) ? 1 : 0);
1083
1084 Bzero(&key, sizeof(key));
1085 Bzero(&mask, sizeof(mask));
1086 Bzero(&gate, sizeof(gate));
1087
1088 key.sin6_len = mask.sin6_len = gate.sin6_len
1089 = sizeof(struct sockaddr_in6);
1090 key.sin6_family = mask.sin6_family = gate.sin6_family = AF_INET6;
1091
1092
1093 if (rti != NULL) {
1094 key.sin6_addr = rti->nd_rti_prefix;
1095 in6_len2mask(&mask.sin6_addr, rti->nd_rti_prefixlen);
1096 }
1097 /*
1098 * The router entry may be mapped to a different address.
1099 * If that is the case, use the mapped address as gateway
1100 * to do operation on the routing table.
1101 * To get more context, read the related comment in
1102 * defrouter_addreq
1103 */
1104 if (dr->stateflags & NDDRF_MAPPED) {
1105 gate.sin6_addr = dr->rtaddr_mapped;
1106 } else {
1107 gate.sin6_addr = dr->rtaddr;
1108 }
1109
1110 if (dr->ifp != NULL) {
1111 ifscope = (dr->stateflags & NDDRF_IFSCOPE) ?
1112 dr->ifp->if_index : IFSCOPE_NONE;
1113 } else {
1114 ifscope = IFSCOPE_NONE;
1115 }
1116 NDDR_UNLOCK(dr);
1117
1118 err = rtrequest_scoped(RTM_DELETE,
1119 (struct sockaddr *)&key, (struct sockaddr *)&gate,
1120 (struct sockaddr *)&mask, RTF_GATEWAY, &oldrt, ifscope);
1121
1122 if (oldrt) {
1123 RT_LOCK(oldrt);
1124 nd6_rtmsg(RTM_DELETE, oldrt);
1125 RT_UNLOCK(oldrt);
1126 rtfree(oldrt);
1127 } else if (err != ESRCH) {
1128 nd6log(error, "%s: failed to delete default router "
1129 "%s on %s scoped %d (errno = %d)\n", __func__,
1130 ip6_sprintf(&gate.sin6_addr), dr->ifp != NULL ?
1131 if_name(dr->ifp) : "ANY", (ifscope != IFSCOPE_NONE), err);
1132 }
1133 NDDR_LOCK(dr);
1134 /* ESRCH means it's no longer in the routing table; ignore it */
1135 if (oldrt != NULL || err == ESRCH) {
1136 dr->stateflags &= ~NDDRF_INSTALLED;
1137 if (ifscope != IFSCOPE_NONE) {
1138 dr->stateflags &= ~NDDRF_IFSCOPE;
1139 }
1140 }
1141 dr->err = 0;
1142 out:
1143 NDDR_UNLOCK(dr);
1144 }
1145
1146
1147 /*
1148 * remove all default routes from default router list
1149 */
1150 void
1151 defrouter_reset(void)
1152 {
1153 struct nd_defrouter *dr, drany;
1154
1155 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
1156
1157 dr = TAILQ_FIRST(&nd_defrouter_list);
1158 while (dr) {
1159 NDDR_LOCK(dr);
1160 if (dr->stateflags & NDDRF_INSTALLED) {
1161 NDDR_ADDREF(dr);
1162 NDDR_UNLOCK(dr);
1163 lck_mtx_unlock(nd6_mutex);
1164 defrouter_delreq(dr, NULL);
1165 lck_mtx_lock(nd6_mutex);
1166 NDDR_REMREF(dr);
1167 dr = TAILQ_FIRST(&nd_defrouter_list);
1168 } else {
1169 NDDR_UNLOCK(dr);
1170 dr = TAILQ_NEXT(dr, dr_entry);
1171 }
1172 }
1173
1174 /* Nuke primary (non-scoped) default router */
1175 bzero(&drany, sizeof(drany));
1176 lck_mtx_init(&drany.nddr_lock, ifa_mtx_grp, ifa_mtx_attr);
1177 lck_mtx_unlock(nd6_mutex);
1178 defrouter_delreq(&drany, NULL);
1179 lck_mtx_destroy(&drany.nddr_lock, ifa_mtx_grp);
1180 lck_mtx_lock(nd6_mutex);
1181 }
1182
1183 int
1184 defrtrlist_ioctl(u_long cmd, caddr_t data)
1185 {
1186 struct nd_defrouter dr0;
1187 unsigned int ifindex;
1188 struct ifnet *dr_ifp;
1189 int error = 0, add = 0;
1190
1191 /* XXX Handle mapped default router entries */
1192 switch (cmd) {
1193 case SIOCDRADD_IN6_32: /* struct in6_defrouter_32 */
1194 case SIOCDRADD_IN6_64: /* struct in6_defrouter_64 */
1195 ++add;
1196 OS_FALLTHROUGH;
1197 case SIOCDRDEL_IN6_32: /* struct in6_defrouter_32 */
1198 case SIOCDRDEL_IN6_64: /* struct in6_defrouter_64 */
1199 bzero(&dr0, sizeof(dr0));
1200 if (cmd == SIOCDRADD_IN6_64 || cmd == SIOCDRDEL_IN6_64) {
1201 struct in6_defrouter_64 *r_64 =
1202 (struct in6_defrouter_64 *)(void *)data;
1203 u_int16_t i;
1204
1205 bcopy(&r_64->rtaddr.sin6_addr, &dr0.rtaddr,
1206 sizeof(dr0.rtaddr));
1207 dr0.flags = r_64->flags;
1208 bcopy(&r_64->if_index, &i, sizeof(i));
1209 ifindex = i;
1210 } else {
1211 struct in6_defrouter_32 *r_32 =
1212 (struct in6_defrouter_32 *)(void *)data;
1213 u_int16_t i;
1214
1215 bcopy(&r_32->rtaddr.sin6_addr, &dr0.rtaddr,
1216 sizeof(dr0.rtaddr));
1217 dr0.flags = r_32->flags;
1218 bcopy(&r_32->if_index, &i, sizeof(i));
1219 ifindex = i;
1220 }
1221 ifnet_head_lock_shared();
1222 /* Don't need to check is ifindex is < 0 since it's unsigned */
1223 if (if_index < ifindex ||
1224 (dr_ifp = ifindex2ifnet[ifindex]) == NULL) {
1225 ifnet_head_done();
1226 error = EINVAL;
1227 break;
1228 }
1229 dr0.ifp = dr_ifp;
1230 ifnet_head_done();
1231
1232 if (ND_IFINFO(dr_ifp) == NULL ||
1233 !ND_IFINFO(dr_ifp)->initialized) {
1234 error = ENXIO;
1235 break;
1236 }
1237
1238 if (IN6_IS_SCOPE_EMBED(&dr0.rtaddr)) {
1239 uint16_t *scope = &dr0.rtaddr.s6_addr16[1];
1240
1241 if (*scope == 0) {
1242 *scope = htons(dr_ifp->if_index);
1243 } else if (*scope != htons(dr_ifp->if_index)) {
1244 error = EINVAL;
1245 break;
1246 }
1247 }
1248
1249 if (add) {
1250 error = defrtrlist_add_static(&dr0);
1251 }
1252 if (!add || error != 0) {
1253 int err = defrtrlist_del_static(&dr0);
1254 if (!add) {
1255 error = err;
1256 }
1257 }
1258 break;
1259
1260 default:
1261 error = EOPNOTSUPP; /* check for safety */
1262 break;
1263 }
1264
1265 return error;
1266 }
1267
1268 /*
1269 * XXX Please make sure to remove dr from the
1270 * global default router tailq list before this
1271 * function call.
1272 * Also ensure that you release the list reference
1273 * only after calling this routine.
1274 */
1275 void
1276 defrtrlist_del(struct nd_defrouter *dr, struct nd_drhead *nd_router_listp)
1277 {
1278 #if (DEVELOPMENT || DEBUG)
1279 struct nd_defrouter *dr_itr = NULL;
1280 #endif
1281 struct nd_prefix *pr;
1282 struct ifnet *ifp = dr->ifp;
1283 struct nd_ifinfo *ndi = NULL;
1284 boolean_t resetmtu = FALSE;
1285 struct nd_route_info *rti = NULL;
1286
1287 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
1288
1289 if (nd_router_listp == NULL) {
1290 nd_router_listp = &nd_defrouter_list;
1291 }
1292
1293 if (nd_router_listp != &nd_defrouter_list) {
1294 rti = (struct nd_route_info *)nd_router_listp;
1295 }
1296
1297 #if (DEVELOPMENT || DEBUG)
1298 /*
1299 * Verify that the router is not in the global default
1300 * router list.
1301 * Can't use defrouter_lookup here because that just works
1302 * with address and ifp pointer.
1303 * We have to compare the memory here.
1304 * Also we can't use ASSERT here as that is not defined
1305 * for development builds.
1306 */
1307 TAILQ_FOREACH(dr_itr, nd_router_listp, dr_entry)
1308 VERIFY(dr != dr_itr);
1309 #endif
1310 ++nd6_defrouter_genid;
1311 /*
1312 * Flush all the routing table entries that use the router
1313 * as a next hop.
1314 *
1315 * XXX Note that for a router advertising itself as default router
1316 * and also advertising route information option, the following
1317 * code will have the default router entry and router entry of
1318 * RTI step over each other.
1319 * The following therefore may not be efficient but won't be
1320 * causing blocking issues.
1321 */
1322 NDDR_ADDREF(dr);
1323 lck_mtx_unlock(nd6_mutex);
1324 if (dr->stateflags & NDDRF_MAPPED) {
1325 rt6_flush(&dr->rtaddr_mapped, ifp);
1326 } else {
1327 rt6_flush(&dr->rtaddr, ifp);
1328 }
1329 lck_mtx_lock(nd6_mutex);
1330 NDDR_REMREF(dr);
1331 nd6log2(info, "%s: freeing route to %s with gateway %s\n", if_name(dr->ifp),
1332 (rti == NULL)? "::" : ip6_sprintf(&rti->nd_rti_prefix),
1333 ip6_sprintf(&dr->rtaddr));
1334 /*
1335 * Delete it from the routing table.
1336 */
1337 NDDR_ADDREF(dr);
1338 lck_mtx_unlock(nd6_mutex);
1339 defrouter_delreq(dr, rti);
1340 lck_mtx_lock(nd6_mutex);
1341 NDDR_REMREF(dr);
1342
1343 /*
1344 * The following should mostly be limited to when we are working
1345 * with a default router entry and not a router entry from
1346 * rti router list.
1347 */
1348 if (rti == NULL) {
1349 /*
1350 * Also delete all the pointers to the router in each prefix lists.
1351 */
1352 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) {
1353 struct nd_pfxrouter *pfxrtr;
1354
1355 NDPR_LOCK(pr);
1356 if ((pfxrtr = pfxrtr_lookup(pr, dr)) != NULL) {
1357 pfxrtr_del(pfxrtr, pr);
1358 }
1359 NDPR_UNLOCK(pr);
1360 }
1361 pfxlist_onlink_check();
1362 }
1363 ndi = ND_IFINFO(ifp);
1364 VERIFY(NULL != ndi && TRUE == ndi->initialized);
1365 lck_mtx_lock(&ndi->lock);
1366 VERIFY(ndi->ndefrouters >= 0);
1367 if (ndi->ndefrouters > 0 && --ndi->ndefrouters == 0) {
1368 nd6_ifreset(ifp);
1369 resetmtu = TRUE;
1370 }
1371 lck_mtx_unlock(&ndi->lock);
1372 /*
1373 * If the router is the primary one, choose a new one.
1374 * We always try to pick another eligible router
1375 * on this interface as we do scoped routing
1376 */
1377 defrouter_select(ifp, nd_router_listp);
1378
1379 if (resetmtu) {
1380 nd6_setmtu(ifp);
1381 }
1382 }
1383
1384 int
1385 defrtrlist_add_static(struct nd_defrouter *new)
1386 {
1387 struct nd_defrouter *dr;
1388 int err = 0;
1389
1390 new->rtlifetime = -1;
1391 new->stateflags |= NDDRF_STATIC;
1392
1393 /* we only want the preference level */
1394 new->flags &= ND_RA_FLAG_RTPREF_MASK;
1395
1396 lck_mtx_lock(nd6_mutex);
1397 dr = defrouter_lookup(NULL, &new->rtaddr, new->ifp);
1398 if (dr != NULL && !(dr->stateflags & NDDRF_STATIC)) {
1399 err = EINVAL;
1400 } else {
1401 if (dr != NULL) {
1402 NDDR_REMREF(dr);
1403 }
1404 dr = defrtrlist_update(new, NULL);
1405 if (dr != NULL) {
1406 err = dr->err;
1407 } else {
1408 err = ENOMEM;
1409 }
1410 }
1411 if (dr != NULL) {
1412 NDDR_REMREF(dr);
1413 }
1414 lck_mtx_unlock(nd6_mutex);
1415
1416 return err;
1417 }
1418
1419 int
1420 defrtrlist_del_static(struct nd_defrouter *new)
1421 {
1422 struct nd_defrouter *dr;
1423
1424 lck_mtx_lock(nd6_mutex);
1425 dr = defrouter_lookup(NULL, &new->rtaddr, new->ifp);
1426 if (dr == NULL || !(dr->stateflags & NDDRF_STATIC)) {
1427 if (dr != NULL) {
1428 NDDR_REMREF(dr);
1429 }
1430 dr = NULL;
1431 } else {
1432 TAILQ_REMOVE(&nd_defrouter_list, dr, dr_entry);
1433 defrtrlist_del(dr, NULL);
1434 NDDR_REMREF(dr); /* remove list reference */
1435 NDDR_REMREF(dr);
1436 }
1437 lck_mtx_unlock(nd6_mutex);
1438
1439 return dr != NULL ? 0 : EINVAL;
1440 }
1441
1442 /*
1443 * for default router selection
1444 * regards router-preference field as a 2-bit signed integer
1445 */
1446 static int
1447 rtpref(struct nd_defrouter *dr)
1448 {
1449 switch (dr->flags & ND_RA_FLAG_RTPREF_MASK) {
1450 case ND_RA_FLAG_RTPREF_HIGH:
1451 return RTPREF_HIGH;
1452 case ND_RA_FLAG_RTPREF_MEDIUM:
1453 case ND_RA_FLAG_RTPREF_RSV:
1454 return RTPREF_MEDIUM;
1455 case ND_RA_FLAG_RTPREF_LOW:
1456 return RTPREF_LOW;
1457 default:
1458 /*
1459 * This case should never happen. If it did, it would mean a
1460 * serious bug of kernel internal. We thus always bark here.
1461 * Or, can we even panic?
1462 */
1463 log(LOG_ERR, "rtpref: impossible RA flag %x\n", dr->flags);
1464 return RTPREF_INVALID;
1465 }
1466 /* NOTREACHED */
1467 }
1468
1469 /*
1470 * Default Router Selection according to Section 6.3.6 of RFC 2461 and RFC 4191:
1471 *
1472 * 1) Routers that are reachable or probably reachable should be preferred.
1473 * If we have more than one (probably) reachable router, prefer ones
1474 * with the highest router preference.
1475 * 2) When no routers on the list are known to be reachable or
1476 * probably reachable, routers SHOULD be selected in a round-robin
1477 * fashion, regardless of router preference values.
1478 * 3) If the Default Router List is empty, assume that all
1479 * destinations are on-link.
1480 *
1481 * When Scoped Routing is enabled, the selection logic is amended as follows:
1482 *
1483 * a) When a default interface is specified, the primary/non-scoped default
1484 * router will be set to the reachable router on that link (if any) with
1485 * the highest router preference.
1486 * b) When there are more than one routers on the same link, the one with
1487 * the highest router preference will be installed, either as scoped or
1488 * non-scoped route entry. If they all share the same preference value,
1489 * the one installed will be the static or the first encountered reachable
1490 * router, i.e. static one wins over dynamic.
1491 * c) When no routers on the list are known to be reachable, or probably
1492 * reachable, no round-robin selection will take place when the default
1493 * interface is set.
1494 *
1495 * We assume nd_defrouter is sorted by router preference value.
1496 * Since the code below covers both with and without router preference cases,
1497 * we do not need to classify the cases by ifdef.
1498 */
1499 void
1500 defrouter_select(struct ifnet *ifp, struct nd_drhead *nd_router_listp)
1501 {
1502 struct nd_defrouter *dr = NULL;
1503 struct nd_defrouter *selected_dr = NULL;
1504 struct nd_defrouter *installed_dr = NULL;
1505 struct llinfo_nd6 *ln = NULL;
1506 struct rtentry *rt = NULL;
1507 struct nd_ifinfo *ndi = NULL;
1508 unsigned int genid = 0;
1509 boolean_t is_installed_reachable = FALSE;
1510 struct nd_route_info *rti = NULL;
1511 boolean_t scoped = TRUE;
1512 boolean_t is_rti_rtrlist = FALSE;
1513
1514 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
1515
1516 if (nd_router_listp == NULL) {
1517 nd_router_listp = &nd_defrouter_list;
1518 }
1519
1520 if (nd_router_listp != &nd_defrouter_list) {
1521 rti = (struct nd_route_info *)nd_router_listp;
1522 /* XXX For now we treat RTI routes as un-scoped */
1523 scoped = FALSE;
1524 is_rti_rtrlist = TRUE;
1525 }
1526
1527
1528 if (ifp == NULL) {
1529 ifp = nd6_defifp;
1530 if (ifp == NULL) {
1531 nd6log2(info,
1532 "%s:%d: Return early. NULL interface",
1533 __func__, __LINE__);
1534 return;
1535 }
1536 nd6log2(info,
1537 "%s:%d: NULL interface passed. Setting to default interface %s.\n",
1538 __func__, __LINE__, if_name(ifp));
1539 }
1540
1541 /*
1542 * When we are working with RTI router list, the nd6_defifp may be
1543 * NULL. That is the scenario when the network may not have WAN
1544 * v6 connectivity and the only RAs we may be getting are with lifetime
1545 * 0.
1546 */
1547 if (ifp == lo_ifp && !is_rti_rtrlist) {
1548 nd6log2(info,
1549 "%s:%d: Return early. "
1550 "Default router select called for loopback.\n",
1551 __func__, __LINE__);
1552 return;
1553 }
1554
1555 if (ifp->if_ipv6_router_mode == IPV6_ROUTER_MODE_EXCLUSIVE) {
1556 nd6log2(info,
1557 "%s:%d: Return early. "
1558 "Default router select called for interface"
1559 " %s in IPV6_ROUTER_MODE_EXCLUSIVE\n",
1560 __func__, __LINE__, if_name(ifp));
1561 return;
1562 }
1563
1564 /*
1565 * Let's handle easy case (3) first:
1566 * If default router list is empty, there's nothing to be done.
1567 */
1568 if (!TAILQ_FIRST(nd_router_listp)) {
1569 nd6log2(info,
1570 "%s:%d: Return early. "
1571 "Default router is empty.\n", __func__, __LINE__);
1572 return;
1573 }
1574
1575 /*
1576 * Take an early exit if number of routers in nd_ifinfo is
1577 * 0 for the interface.
1578 */
1579 ndi = ND_IFINFO(ifp);
1580 if (!ndi || !ndi->initialized) {
1581 nd6log2(info,
1582 "%s:%d: Return early. "
1583 "Interface %s's nd_ifinfo not initialized.\n",
1584 __func__, __LINE__, if_name(ifp));
1585 return;
1586 }
1587
1588 /*
1589 * RTI router list routes are installed as unscoped.
1590 * Since there can be only one unscoped route, we need to
1591 * go through the entire list and consider all interfaces.
1592 * Further, for now, RTI option is only processed on Ethernet
1593 * type interfaces only.
1594 */
1595 if (ndi->ndefrouters == 0 && !is_rti_rtrlist) {
1596 nd6log2(info,
1597 "%s:%d: Return early. "
1598 "%s does not have any default routers.\n",
1599 __func__, __LINE__, if_name(ifp));
1600 return;
1601 }
1602
1603 /*
1604 * Due to the number of times we drop nd6_mutex, we need to
1605 * serialize this function.
1606 */
1607 while (nd_defrouter_busy) {
1608 nd_defrouter_waiters++;
1609 msleep(nd_defrouter_waitchan, nd6_mutex, (PZERO - 1),
1610 __func__, NULL);
1611 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
1612 }
1613 nd_defrouter_busy = TRUE;
1614
1615 /*
1616 * Search for a (probably) reachable router from the list.
1617 * We just pick up the first reachable one (if any), assuming that
1618 * the ordering rule of the list described in defrtrlist_update().
1619 *
1620 * For all intents and purposes of Scoped Routing:
1621 * selected_dr = candidate for primary router
1622 * installed_dr = currently installed primary router
1623 */
1624 genid = nd6_defrouter_genid;
1625 dr = TAILQ_FIRST(nd_router_listp);
1626
1627 while (dr != NULL) {
1628 struct in6_addr rtaddr;
1629 struct ifnet *drifp = NULL;
1630 struct nd_defrouter *drrele = NULL;
1631
1632 NDDR_LOCK(dr);
1633 drifp = dr->ifp;
1634 if (drifp != ifp && !is_rti_rtrlist) {
1635 NDDR_UNLOCK(dr);
1636 dr = TAILQ_NEXT(dr, dr_entry);
1637 continue;
1638 }
1639
1640 if (dr->stateflags & NDDRF_INELIGIBLE) {
1641 NDDR_UNLOCK(dr);
1642 dr = TAILQ_NEXT(dr, dr_entry);
1643 nd6log(info, "Ignoring dummy entry for default router.");
1644 continue;
1645 }
1646
1647 /*
1648 * Optimize for the common case.
1649 * When the interface has only one default router
1650 * there's no point checking for reachability as
1651 * there's nothing else to choose from.
1652 */
1653 if (ndi->ndefrouters == 1 && !is_rti_rtrlist) {
1654 nd6log2(info,
1655 "%s:%d: Fast forward default router selection "
1656 "as interface %s has learned only one default "
1657 "router and there's nothing else to choose from.\n",
1658 __func__, __LINE__, if_name(ifp));
1659 VERIFY(selected_dr == NULL && installed_dr == NULL);
1660 selected_dr = dr;
1661 if (dr->stateflags & NDDRF_INSTALLED) {
1662 installed_dr = dr;
1663 }
1664 NDDR_ADDREF(selected_dr);
1665 NDDR_UNLOCK(dr);
1666 goto install_route;
1667 }
1668
1669 if (dr->stateflags & NDDRF_MAPPED) {
1670 rtaddr = dr->rtaddr_mapped;
1671 } else {
1672 rtaddr = dr->rtaddr;
1673 }
1674
1675 NDDR_ADDREF(dr); /* for this for loop */
1676 NDDR_UNLOCK(dr);
1677
1678 /* Callee returns a locked route upon success */
1679 if (selected_dr == NULL) {
1680 lck_mtx_unlock(nd6_mutex);
1681 if ((rt = nd6_lookup(&rtaddr, 0, drifp, 0)) != NULL &&
1682 (ln = rt->rt_llinfo) != NULL &&
1683 ND6_IS_LLINFO_PROBREACH(ln)) {
1684 RT_LOCK_ASSERT_HELD(rt);
1685 selected_dr = dr;
1686 NDDR_ADDREF(selected_dr);
1687 }
1688 lck_mtx_lock(nd6_mutex);
1689 }
1690
1691 if (rt) {
1692 RT_REMREF_LOCKED(rt);
1693 RT_UNLOCK(rt);
1694 rt = NULL;
1695 }
1696
1697 /*
1698 * Handle case (b)
1699 * When there are more than one routers on the same link, the one with
1700 * the highest router preference will be installed.
1701 * Since the list is in decreasing order of preference:
1702 * 1) If selected_dr is not NULL, only use dr if it is static and has
1703 * equal preference and selected_dr is not static.
1704 * 2) Else if selected_dr is NULL, and dr is static make selected_dr = dr
1705 */
1706 NDDR_LOCK(dr);
1707 if (((selected_dr && (rtpref(dr) >= rtpref(selected_dr)) &&
1708 !(selected_dr->stateflags & NDDRF_STATIC)) ||
1709 (selected_dr == NULL)) &&
1710 (dr->stateflags & NDDRF_STATIC)) {
1711 if (selected_dr) {
1712 /* Release it later on */
1713 VERIFY(drrele == NULL);
1714 drrele = selected_dr;
1715 }
1716 selected_dr = dr;
1717 NDDR_ADDREF(selected_dr);
1718 }
1719
1720 /* Record the currently installed router */
1721 if (dr->stateflags & NDDRF_INSTALLED) {
1722 if (installed_dr == NULL) {
1723 installed_dr = dr;
1724 NDDR_ADDREF(installed_dr);
1725 if (dr->stateflags & NDDRF_MAPPED) {
1726 rtaddr = installed_dr->rtaddr_mapped;
1727 } else {
1728 rtaddr = installed_dr->rtaddr;
1729 }
1730 NDDR_UNLOCK(dr);
1731 lck_mtx_unlock(nd6_mutex);
1732 /* Callee returns a locked route upon success */
1733 if ((rt = nd6_lookup(&rtaddr, 0, installed_dr->ifp, 0)) != NULL) {
1734 RT_LOCK_ASSERT_HELD(rt);
1735 if ((ln = rt->rt_llinfo) != NULL &&
1736 ND6_IS_LLINFO_PROBREACH(ln)) {
1737 is_installed_reachable = TRUE;
1738 }
1739
1740 RT_REMREF_LOCKED(rt);
1741 RT_UNLOCK(rt);
1742 rt = NULL;
1743 }
1744 lck_mtx_lock(nd6_mutex);
1745 } else {
1746 /* this should not happen; warn for diagnosis */
1747 nd6log(error, "defrouter_select: more than one "
1748 "default router is installed for interface :%s.\n",
1749 if_name(installed_dr->ifp));
1750 NDDR_UNLOCK(dr);
1751 }
1752 } else {
1753 NDDR_UNLOCK(dr);
1754 }
1755
1756 NDDR_REMREF(dr); /* for this for loop */
1757 if (drrele != NULL) {
1758 NDDR_REMREF(drrele);
1759 }
1760
1761 /*
1762 * Check if the list changed when we gave up
1763 * the nd6_mutex lock
1764 */
1765 if (genid != nd6_defrouter_genid) {
1766 if (selected_dr) {
1767 NDDR_REMREF(selected_dr);
1768 selected_dr = NULL;
1769 }
1770
1771 if (installed_dr) {
1772 NDDR_REMREF(installed_dr);
1773 installed_dr = NULL;
1774 }
1775
1776 if (ndi->ndefrouters == 0 && !is_rti_rtrlist) {
1777 nd6log2(info,
1778 "%s:%d: Interface %s no longer "
1779 "has any default routers. Abort.\n",
1780 __func__, __LINE__, if_name(ifp));
1781 goto out;
1782 }
1783 nd6log2(info,
1784 "%s:%d: Iterate default router list again "
1785 "for interface %s, as the list seems to have "
1786 "changed during release-reaquire of global "
1787 "nd6_mutex lock.\n",
1788 __func__, __LINE__, if_name(ifp));
1789
1790 is_installed_reachable = FALSE;
1791 genid = nd6_defrouter_genid;
1792 dr = TAILQ_FIRST(nd_router_listp);
1793 } else {
1794 dr = TAILQ_NEXT(dr, dr_entry);
1795 }
1796 }
1797
1798 /*
1799 * If none of the default routers was found to be reachable,
1800 * round-robin the list regardless of preference.
1801 * Please note selected_dr equal to NULL implies that even
1802 * installed default router is not reachable
1803 */
1804 if (selected_dr == NULL) {
1805 if (installed_dr) {
1806 for (dr = TAILQ_NEXT(installed_dr, dr_entry); dr;
1807 dr = TAILQ_NEXT(dr, dr_entry)) {
1808 if (installed_dr->ifp != dr->ifp && !is_rti_rtrlist) {
1809 continue;
1810 }
1811 if (dr->stateflags & NDDRF_INELIGIBLE) {
1812 continue;
1813 }
1814 selected_dr = dr;
1815 break;
1816 }
1817 }
1818
1819 /*
1820 * If none was installed or the installed one if the last
1821 * one on the list, select the first one from the list
1822 */
1823 if ((installed_dr == NULL) || (selected_dr == NULL)) {
1824 for (dr = TAILQ_FIRST(nd_router_listp); dr;
1825 dr = TAILQ_NEXT(dr, dr_entry)) {
1826 if (dr->stateflags & NDDRF_INELIGIBLE) {
1827 continue;
1828 }
1829 if (dr->ifp == ifp || is_rti_rtrlist) {
1830 selected_dr = dr;
1831 break;
1832 }
1833 }
1834 }
1835
1836 if ((selected_dr == NULL) && (installed_dr == NULL)) {
1837 nd6log2(info,
1838 "%s:%d: Between release and reaquire of global "
1839 "nd6_mutex lock, the list seems to have changed "
1840 "and it does not have any default routers for "
1841 "interface %s.\n",
1842 __func__, __LINE__, if_name(ifp));
1843 goto out;
1844 }
1845
1846 if (selected_dr != installed_dr) {
1847 NDDR_ADDREF(selected_dr);
1848 }
1849 } else if (installed_dr != NULL) {
1850 if (installed_dr != selected_dr) {
1851 /*
1852 * This means that selected default router is reachable
1853 * while installed one may or may not be.
1854 * Static router should always be considered as reachable
1855 * for router selection process.
1856 */
1857 if ((installed_dr->stateflags & NDDRF_STATIC) &&
1858 rtpref(installed_dr) >= rtpref(selected_dr)) {
1859 NDDR_REMREF(selected_dr);
1860 selected_dr = installed_dr;
1861 } else if (is_installed_reachable) {
1862 if (rtpref(selected_dr) <= rtpref(installed_dr)) {
1863 NDDR_REMREF(selected_dr);
1864 selected_dr = installed_dr;
1865 }
1866 }
1867 } else {
1868 NDDR_REMREF(selected_dr);
1869 }
1870 }
1871
1872 install_route:
1873 /*
1874 * If the selected router is different than the installed one,
1875 * remove the installed router and install the selected one.
1876 * Note that the selected router is never NULL here.
1877 * Else check if the route entry scope has to be changed.
1878 */
1879 lck_mtx_unlock(nd6_mutex);
1880 if (installed_dr != selected_dr) {
1881 nd6log(info,
1882 "%s:%d: Found a better router for interface "
1883 "%s. Installing new default route.\n",
1884 __func__, __LINE__, if_name(ifp));
1885 if (installed_dr != NULL) {
1886 defrouter_delreq(installed_dr, rti);
1887 }
1888 /*
1889 * Install scoped route if the interface is not
1890 * the default nd6 interface.
1891 */
1892 defrouter_addreq(selected_dr, rti,
1893 scoped && (selected_dr->ifp != nd6_defifp));
1894 } else if (((installed_dr->stateflags & NDDRF_IFSCOPE) &&
1895 (installed_dr->ifp == nd6_defifp)) ||
1896 (scoped && !(installed_dr->stateflags & NDDRF_IFSCOPE) &&
1897 (installed_dr->ifp != nd6_defifp))) {
1898 nd6log(info,
1899 "%s:%d: Need to reinstall default route for interface "
1900 "%s as its scope has changed.\n",
1901 __func__, __LINE__, if_name(ifp));
1902 defrouter_delreq(installed_dr, rti);
1903 defrouter_addreq(installed_dr, rti,
1904 scoped && (installed_dr->ifp != nd6_defifp));
1905 } else {
1906 nd6log2(info,
1907 "%s:%d: No need to change the default "
1908 "route for interface %s.\n",
1909 __func__, __LINE__, if_name(ifp));
1910 }
1911 lck_mtx_lock(nd6_mutex);
1912 out:
1913 if (selected_dr && (selected_dr != installed_dr)) {
1914 NDDR_REMREF(selected_dr);
1915 }
1916 if (installed_dr) {
1917 NDDR_REMREF(installed_dr);
1918 }
1919 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
1920 VERIFY(nd_defrouter_busy);
1921 nd_defrouter_busy = FALSE;
1922 if (nd_defrouter_waiters > 0) {
1923 nd_defrouter_waiters = 0;
1924 wakeup(nd_defrouter_waitchan);
1925 }
1926 }
1927
1928 static struct nd_defrouter *
1929 defrtrlist_update_common(struct nd_defrouter *new, struct nd_drhead *nd_router_listp, boolean_t scoped)
1930 {
1931 struct nd_defrouter *dr, *n;
1932 struct ifnet *ifp = new->ifp;
1933 struct nd_ifinfo *ndi = NULL;
1934 struct timeval caltime;
1935
1936 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
1937
1938 if (nd_router_listp == NULL) {
1939 nd_router_listp = &nd_defrouter_list;
1940 }
1941
1942 /*
1943 * If we are not operating on default router list,
1944 * it implies we are operating on RTI's router list.
1945 * XXX For now we manage RTI routes un-scoped.
1946 */
1947 if (nd_router_listp != &nd_defrouter_list) {
1948 scoped = FALSE;
1949 }
1950
1951 if ((dr = defrouter_lookup(nd_router_listp, &new->rtaddr, ifp)) != NULL) {
1952 /* entry exists */
1953 /*
1954 * 1. If previous entry was not dummy and new is,
1955 * delete it and return NULL.
1956 * 2. If previous entry was dummy and the new one
1957 * is also dummy, simply return dr.
1958 * 3. If previous was dummy but new one is not,
1959 * make sure we perform default router selection again.
1960 */
1961 /* If the router was not added as a dummy and there's
1962 * been a change (lifetime advertised was 0, communicated
1963 * as NDDRF_INELIGIBLE flag), remove the entry.
1964 */
1965 if ((new->stateflags & NDDRF_INELIGIBLE) != 0 &&
1966 (dr->stateflags & NDDRF_INELIGIBLE) == 0) {
1967 TAILQ_REMOVE(nd_router_listp, dr, dr_entry);
1968 defrtrlist_del(dr, nd_router_listp);
1969 NDDR_REMREF(dr); /* remove list reference */
1970 NDDR_REMREF(dr);
1971 dr = NULL;
1972 return NULL;
1973 } else {
1974 int oldpref = rtpref(dr);
1975 struct nd_defrouter *p = NULL;
1976 boolean_t dummy_change = FALSE;
1977 /*
1978 * If new one is not dummy but the old one was,
1979 * reset the stateflag.
1980 */
1981 if ((new->stateflags & NDDRF_INELIGIBLE) == 0 &&
1982 (dr->stateflags & NDDRF_INELIGIBLE) != 0) {
1983 dummy_change = TRUE;
1984 dr->stateflags &= ~NDDRF_INELIGIBLE;
1985 }
1986
1987 /* override */
1988 dr->flags = new->flags; /* xxx flag check */
1989 dr->rtlifetime = new->rtlifetime;
1990 dr->expire = new->expire;
1991
1992 /*
1993 * If the preference does not change, there's no need
1994 * to sort the entries. If Scoped Routing is enabled,
1995 * put the primary/non-scoped router at the top of the
1996 * list of routers in the same preference band, unless
1997 * it's already at that position.
1998 */
1999 /* same preference and scoped; just return */
2000 if (rtpref(new) == oldpref && scoped && dummy_change == FALSE) {
2001 return dr;
2002 }
2003
2004 n = TAILQ_FIRST(nd_router_listp);
2005 while (n != NULL) {
2006 /* preference changed; sort it */
2007 if (rtpref(new) != oldpref) {
2008 break;
2009 }
2010
2011 /* not at the top of band; sort it */
2012 if (n != dr && rtpref(n) == oldpref &&
2013 (!p || rtpref(p) > rtpref(n))) {
2014 break;
2015 }
2016
2017 p = n;
2018 n = TAILQ_NEXT(n, dr_entry);
2019 }
2020
2021 /* nothing has changed, just return */
2022 if (n == NULL && (scoped ||
2023 !(dr->stateflags & NDDRF_IFSCOPE)) && dummy_change == FALSE) {
2024 return dr;
2025 }
2026
2027 /*
2028 * preferred router may be changed, so relocate
2029 * this router.
2030 * XXX: calling TAILQ_REMOVE directly is a bad manner.
2031 * However, since defrtrlist_del() has many side
2032 * effects, we intentionally do so here.
2033 * defrouter_select() below will handle routing
2034 * changes later.
2035 */
2036 TAILQ_REMOVE(nd_router_listp, dr, dr_entry);
2037 new->stateflags = dr->stateflags;
2038
2039 n = dr;
2040 goto insert;
2041 }
2042 }
2043
2044 VERIFY(dr == NULL);
2045 n = nddr_alloc(Z_WAITOK);
2046
2047 ndi = ND_IFINFO(ifp);
2048 VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
2049 lck_mtx_lock(&ndi->lock);
2050
2051 if (ip6_maxifdefrouters >= 0 &&
2052 ndi->ndefrouters >= ip6_maxifdefrouters) {
2053 lck_mtx_unlock(&ndi->lock);
2054 nddr_free(n);
2055 nd6log(error, "%s: ignoring router addition as we have hit the "
2056 "max limit of %d for max default routers.\n", __func__,
2057 ip6_maxifdefrouters);
2058 return NULL;
2059 }
2060
2061 NDDR_ADDREF(n); /* for the nd_defrouter list */
2062 NDDR_ADDREF(n); /* for the caller */
2063
2064 ++nd6_defrouter_genid;
2065 ndi->ndefrouters++;
2066 VERIFY(ndi->ndefrouters != 0);
2067 lck_mtx_unlock(&ndi->lock);
2068
2069 nd6log2(info, "%s: allocating defrouter %s\n", if_name(ifp),
2070 ip6_sprintf(&new->rtaddr));
2071
2072 getmicrotime(&caltime);
2073 NDDR_LOCK(n);
2074 memcpy(&n->rtaddr, &new->rtaddr, sizeof(n->rtaddr));
2075 n->flags = new->flags;
2076 n->stateflags = new->stateflags;
2077 n->rtlifetime = new->rtlifetime;
2078 n->expire = new->expire;
2079 n->base_calendartime = caltime.tv_sec;
2080 n->base_uptime = net_uptime();
2081 n->ifp = new->ifp;
2082 n->err = new->err;
2083 NDDR_UNLOCK(n);
2084 insert:
2085 /* get nd6_service() to be scheduled as soon as it's convenient */
2086 ++nd6_sched_timeout_want;
2087
2088 /*
2089 * Insert the new router in the Default Router List;
2090 * The Default Router List should be in the descending order
2091 * of router-preferece. When Scoped Routing is disabled, routers
2092 * with the same preference are sorted in the arriving time order;
2093 * otherwise, the first entry in the list of routers having the same
2094 * preference is the primary default router, when the interface used
2095 * by the entry is the default interface.
2096 */
2097
2098 /* insert at the end of the group */
2099 for (dr = TAILQ_FIRST(nd_router_listp); dr;
2100 dr = TAILQ_NEXT(dr, dr_entry)) {
2101 if (rtpref(n) > rtpref(dr) ||
2102 (!scoped && rtpref(n) == rtpref(dr))) {
2103 break;
2104 }
2105 }
2106 if (dr) {
2107 TAILQ_INSERT_BEFORE(dr, n, dr_entry);
2108 } else {
2109 TAILQ_INSERT_TAIL(nd_router_listp, n, dr_entry);
2110 }
2111
2112 defrouter_select(ifp, nd_router_listp);
2113
2114 return n;
2115 }
2116
2117 struct nd_defrouter *
2118 defrtrlist_update(struct nd_defrouter *new, struct nd_drhead *nd_router_list)
2119 {
2120 struct nd_defrouter *dr;
2121
2122 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
2123 dr = defrtrlist_update_common(new, nd_router_list,
2124 (nd6_defifp != NULL && new->ifp != nd6_defifp));
2125
2126 return dr;
2127 }
2128
2129 static struct nd_pfxrouter *
2130 pfxrtr_lookup(struct nd_prefix *pr, struct nd_defrouter *dr)
2131 {
2132 struct nd_pfxrouter *search;
2133
2134 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
2135 NDPR_LOCK_ASSERT_HELD(pr);
2136
2137 for (search = pr->ndpr_advrtrs.lh_first; search;
2138 search = search->pfr_next) {
2139 if (search->router == dr) {
2140 break;
2141 }
2142 }
2143
2144 return search;
2145 }
2146
2147 static void
2148 pfxrtr_add(struct nd_prefix *pr, struct nd_defrouter *dr)
2149 {
2150 struct nd_pfxrouter *new;
2151
2152 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
2153 NDPR_LOCK_ASSERT_NOTHELD(pr);
2154
2155 new = zalloc(ndprtr_zone);
2156 if (new == NULL) {
2157 return;
2158 }
2159 bzero(new, sizeof(*new));
2160 new->router = dr;
2161
2162 NDPR_LOCK(pr);
2163 LIST_INSERT_HEAD(&pr->ndpr_advrtrs, new, pfr_entry);
2164 pr->ndpr_genid++;
2165 NDPR_UNLOCK(pr);
2166
2167 pfxlist_onlink_check();
2168 }
2169
2170 static void
2171 pfxrtr_del(struct nd_pfxrouter *pfr, struct nd_prefix *pr)
2172 {
2173 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
2174 NDPR_LOCK_ASSERT_HELD(pr);
2175 pr->ndpr_genid++;
2176 LIST_REMOVE(pfr, pfr_entry);
2177 zfree(ndprtr_zone, pfr);
2178 }
2179
2180 /*
2181 * The routine has been modified to atomically refresh expiry
2182 * time for nd6 prefix as the part of lookup.
2183 * There's a corner case where a system going
2184 * in sleep gets rid of manual addresses configured in the system
2185 * and then schedules the prefix for deletion.
2186 * However before the prefix gets deleted, if system comes out
2187 * from sleep and configures same address before prefix deletion
2188 * , the later prefix deletion will remove the prefix route and
2189 * the system will not be able to communicate with other IPv6
2190 * neighbor nodes in the same subnet.
2191 */
2192 struct nd_prefix *
2193 nd6_prefix_lookup(struct nd_prefix *pr, int nd6_prefix_expiry)
2194 {
2195 struct nd_prefix *search;
2196
2197 lck_mtx_lock(nd6_mutex);
2198 for (search = nd_prefix.lh_first; search; search = search->ndpr_next) {
2199 NDPR_LOCK(search);
2200 if (pr->ndpr_ifp == search->ndpr_ifp &&
2201 pr->ndpr_plen == search->ndpr_plen &&
2202 in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr,
2203 &search->ndpr_prefix.sin6_addr, pr->ndpr_plen)) {
2204 if (nd6_prefix_expiry != ND6_PREFIX_EXPIRY_UNSPEC) {
2205 search->ndpr_expire = nd6_prefix_expiry;
2206 }
2207 NDPR_ADDREF(search);
2208 NDPR_UNLOCK(search);
2209 break;
2210 }
2211 NDPR_UNLOCK(search);
2212 }
2213 lck_mtx_unlock(nd6_mutex);
2214
2215 return search;
2216 }
2217
2218 int
2219 nd6_prelist_add(struct nd_prefix *pr, struct nd_defrouter *dr,
2220 struct nd_prefix **newp, boolean_t force_scoped)
2221 {
2222 struct nd_prefix *new = NULL;
2223 struct ifnet *ifp = pr->ndpr_ifp;
2224 struct nd_ifinfo *ndi = NULL;
2225 int i, error;
2226
2227 if (ip6_maxifprefixes >= 0) {
2228 ndi = ND_IFINFO(ifp);
2229 VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
2230 lck_mtx_lock(&ndi->lock);
2231 if (ndi->nprefixes >= ip6_maxifprefixes) {
2232 lck_mtx_unlock(&ndi->lock);
2233 return ENOMEM;
2234 }
2235 lck_mtx_unlock(&ndi->lock);
2236 }
2237
2238 new = ndpr_alloc(M_WAITOK);
2239 if (new == NULL) {
2240 return ENOMEM;
2241 }
2242
2243 NDPR_LOCK(new);
2244 NDPR_LOCK(pr);
2245 new->ndpr_ifp = pr->ndpr_ifp;
2246 new->ndpr_prefix = pr->ndpr_prefix;
2247 new->ndpr_plen = pr->ndpr_plen;
2248 new->ndpr_vltime = pr->ndpr_vltime;
2249 new->ndpr_pltime = pr->ndpr_pltime;
2250 new->ndpr_flags = pr->ndpr_flags;
2251 if (pr->ndpr_stateflags & NDPRF_STATIC) {
2252 new->ndpr_stateflags |= NDPRF_STATIC;
2253 }
2254 NDPR_UNLOCK(pr);
2255 if ((error = in6_init_prefix_ltimes(new)) != 0) {
2256 NDPR_UNLOCK(new);
2257 ndpr_free(new);
2258 return error;
2259 }
2260 new->ndpr_lastupdate = net_uptime();
2261 if (newp != NULL) {
2262 *newp = new;
2263 NDPR_ADDREF(new); /* for caller */
2264 }
2265 /* initialization */
2266 LIST_INIT(&new->ndpr_advrtrs);
2267 in6_prefixlen2mask(&new->ndpr_mask, new->ndpr_plen);
2268 /* make prefix in the canonical form */
2269 for (i = 0; i < 4; i++) {
2270 new->ndpr_prefix.sin6_addr.s6_addr32[i] &=
2271 new->ndpr_mask.s6_addr32[i];
2272 }
2273
2274 NDPR_UNLOCK(new);
2275
2276 /* get nd6_service() to be scheduled as soon as it's convenient */
2277 ++nd6_sched_timeout_want;
2278
2279 lck_mtx_lock(nd6_mutex);
2280 /* link ndpr_entry to nd_prefix list */
2281 LIST_INSERT_HEAD(&nd_prefix, new, ndpr_entry);
2282 new->ndpr_debug |= IFD_ATTACHED;
2283 NDPR_ADDREF(new); /* for nd_prefix list */
2284
2285 lck_mtx_lock(&ndi->lock);
2286 ndi->nprefixes++;
2287 VERIFY(ndi->nprefixes != 0);
2288 lck_mtx_unlock(&ndi->lock);
2289
2290 /* ND_OPT_PI_FLAG_ONLINK processing */
2291 if (new->ndpr_raf_onlink) {
2292 int e;
2293
2294 if ((e = nd6_prefix_onlink_common(new, force_scoped,
2295 new->ndpr_ifp->if_index)) != 0) {
2296 nd6log(error, "nd6_prelist_add: failed to make "
2297 "the prefix %s/%d on-link %s on %s (errno=%d)\n",
2298 ip6_sprintf(&new->ndpr_prefix.sin6_addr),
2299 new->ndpr_plen, force_scoped ? "scoped" :
2300 "non-scoped", if_name(ifp), e);
2301 /* proceed anyway. XXX: is it correct? */
2302 }
2303 }
2304
2305 if (dr) {
2306 pfxrtr_add(new, dr);
2307 }
2308
2309 lck_mtx_unlock(nd6_mutex);
2310
2311 return 0;
2312 }
2313
2314 /*
2315 * Caller must have held an extra reference on nd_prefix.
2316 */
2317 void
2318 prelist_remove(struct nd_prefix *pr)
2319 {
2320 struct nd_pfxrouter *pfr, *next;
2321 struct ifnet *ifp = pr->ndpr_ifp;
2322 int e;
2323 struct nd_ifinfo *ndi = NULL;
2324
2325 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
2326 NDPR_LOCK_ASSERT_HELD(pr);
2327
2328 if (pr->ndpr_stateflags & NDPRF_DEFUNCT) {
2329 return;
2330 }
2331
2332 /*
2333 * If there are no more addresses, defunct the prefix. This is needed
2334 * because we don't want multiple threads calling prelist_remove() for
2335 * the same prefix and this might happen because we unlock nd6_mutex
2336 * down below.
2337 */
2338 if (pr->ndpr_addrcnt == 0) {
2339 pr->ndpr_stateflags |= NDPRF_DEFUNCT;
2340 }
2341
2342 /* make sure to invalidate the prefix until it is really freed. */
2343 pr->ndpr_vltime = 0;
2344 pr->ndpr_pltime = 0;
2345
2346 /*
2347 * Though these flags are now meaningless, we'd rather keep the value
2348 * of pr->ndpr_raf_onlink and pr->ndpr_raf_auto not to confuse users
2349 * when executing "ndp -p".
2350 */
2351 if (pr->ndpr_stateflags & NDPRF_ONLINK) {
2352 NDPR_ADDREF(pr);
2353 NDPR_UNLOCK(pr);
2354 lck_mtx_unlock(nd6_mutex);
2355 if ((e = nd6_prefix_offlink(pr)) != 0) {
2356 nd6log(error, "prelist_remove: failed to make "
2357 "%s/%d offlink on %s, errno=%d\n",
2358 ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
2359 pr->ndpr_plen, if_name(ifp), e);
2360 /* what should we do? */
2361 }
2362 lck_mtx_lock(nd6_mutex);
2363 NDPR_LOCK(pr);
2364 if (NDPR_REMREF(pr) == NULL) {
2365 return;
2366 }
2367 }
2368
2369 if (pr->ndpr_addrcnt > 0) {
2370 /*
2371 * The state might have changed if we called
2372 * nd6_prefix_offlink().
2373 */
2374 pr->ndpr_stateflags &= ~NDPRF_DEFUNCT;
2375 return; /* notice here? */
2376 }
2377
2378 /* unlink ndpr_entry from nd_prefix list */
2379 LIST_REMOVE(pr, ndpr_entry);
2380 pr->ndpr_debug &= ~IFD_ATTACHED;
2381
2382 /* free list of routers that adversed the prefix */
2383 for (pfr = pr->ndpr_advrtrs.lh_first; pfr; pfr = next) {
2384 next = pfr->pfr_next;
2385 pfxrtr_del(pfr, pr);
2386 }
2387
2388 ndi = ND_IFINFO(ifp);
2389 VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
2390 lck_mtx_lock(&ndi->lock);
2391 VERIFY(ndi->nprefixes > 0);
2392 ndi->nprefixes--;
2393 lck_mtx_unlock(&ndi->lock);
2394
2395 /* This must not be the last reference to the nd_prefix */
2396 if (NDPR_REMREF(pr) == NULL) {
2397 panic("%s: unexpected (missing) refcnt ndpr=%p", __func__, pr);
2398 /* NOTREACHED */
2399 }
2400
2401 /*
2402 * Don't call pfxlist_onlink_check() here because we are
2403 * holding the NDPR lock and this could cause a deadlock when
2404 * there are multiple threads executing pfxlist_onlink_check().
2405 */
2406 }
2407
2408 int
2409 prelist_update(
2410 struct nd_prefix *new,
2411 struct nd_defrouter *dr, /* may be NULL */
2412 struct mbuf *m,
2413 int mcast)
2414 {
2415 struct in6_ifaddr *ia6 = NULL, *ia6_match = NULL;
2416 struct ifaddr *ifa;
2417 struct ifnet *ifp = new->ndpr_ifp;
2418 struct nd_prefix *pr;
2419 int error = 0;
2420 int newprefix = 0;
2421 int auth;
2422 struct in6_addrlifetime lt6_tmp;
2423 uint64_t timenow = net_uptime();
2424
2425 /* no need to lock "new" here, as it is local to the caller */
2426 NDPR_LOCK_ASSERT_NOTHELD(new);
2427
2428 auth = 0;
2429 if (m) {
2430 /*
2431 * Authenticity for NA consists authentication for
2432 * both IP header and IP datagrams, doesn't it ?
2433 */
2434 #if defined(M_AUTHIPHDR) && defined(M_AUTHIPDGM)
2435 auth = (m->m_flags & M_AUTHIPHDR) && (m->m_flags & M_AUTHIPDGM);
2436 #endif
2437 }
2438
2439 if ((pr = nd6_prefix_lookup(new, ND6_PREFIX_EXPIRY_UNSPEC)) != NULL) {
2440 /*
2441 * nd6_prefix_lookup() ensures that pr and new have the same
2442 * prefix on a same interface.
2443 */
2444
2445 /*
2446 * Update prefix information. Note that the on-link (L) bit
2447 * and the autonomous (A) bit should NOT be changed from 1
2448 * to 0.
2449 */
2450 lck_mtx_lock(nd6_mutex);
2451 NDPR_LOCK(pr);
2452 if (new->ndpr_raf_onlink == 1) {
2453 pr->ndpr_raf_onlink = 1;
2454 }
2455 if (new->ndpr_raf_auto == 1) {
2456 pr->ndpr_raf_auto = 1;
2457 }
2458 if (new->ndpr_raf_onlink) {
2459 pr->ndpr_vltime = new->ndpr_vltime;
2460 pr->ndpr_pltime = new->ndpr_pltime;
2461 (void) in6_init_prefix_ltimes(pr); /* XXX error case? */
2462 pr->ndpr_lastupdate = net_uptime();
2463 }
2464
2465 NDPR_ADDREF(pr);
2466 if (new->ndpr_raf_onlink &&
2467 (pr->ndpr_stateflags & NDPRF_ONLINK) == 0) {
2468 int e;
2469
2470 NDPR_UNLOCK(pr);
2471 if ((e = nd6_prefix_onlink(pr)) != 0) {
2472 nd6log(error,
2473 "prelist_update: failed to make "
2474 "the prefix %s/%d on-link on %s "
2475 "(errno=%d)\n",
2476 ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
2477 pr->ndpr_plen, if_name(pr->ndpr_ifp), e);
2478 /* proceed anyway. XXX: is it correct? */
2479 }
2480 NDPR_LOCK(pr);
2481 }
2482
2483 if (dr && pfxrtr_lookup(pr, dr) == NULL) {
2484 NDPR_UNLOCK(pr);
2485 pfxrtr_add(pr, dr);
2486 } else {
2487 NDPR_UNLOCK(pr);
2488 }
2489 NDPR_REMREF(pr);
2490 lck_mtx_unlock(nd6_mutex);
2491 } else {
2492 newprefix = 1;
2493
2494 if (new->ndpr_vltime == 0) {
2495 goto end;
2496 }
2497 if (new->ndpr_raf_onlink == 0 && new->ndpr_raf_auto == 0) {
2498 goto end;
2499 }
2500
2501 bzero(&new->ndpr_addr, sizeof(struct in6_addr));
2502
2503 error = nd6_prelist_add(new, dr, &pr, FALSE);
2504 if (error != 0 || pr == NULL) {
2505 nd6log(info, "prelist_update: "
2506 "nd6_prelist_add failed for %s/%d on %s "
2507 "errno=%d, returnpr=0x%llx\n",
2508 ip6_sprintf(&new->ndpr_prefix.sin6_addr),
2509 new->ndpr_plen, if_name(new->ndpr_ifp),
2510 error, (uint64_t)VM_KERNEL_ADDRPERM(pr));
2511 goto end; /* we should just give up in this case. */
2512 }
2513 }
2514
2515 /*
2516 * Address autoconfiguration based on Section 5.5.3 of RFC 4862.
2517 * Note that pr must be non NULL at this point.
2518 */
2519
2520 /* 5.5.3 (a). Ignore the prefix without the A bit set. */
2521 if (!new->ndpr_raf_auto) {
2522 goto end;
2523 }
2524
2525 /*
2526 * 5.5.3 (b). the link-local prefix should have been ignored in
2527 * nd6_ra_input.
2528 */
2529
2530 /* 5.5.3 (c). Consistency check on lifetimes: pltime <= vltime. */
2531 if (new->ndpr_pltime > new->ndpr_vltime) {
2532 error = EINVAL; /* XXX: won't be used */
2533 goto end;
2534 }
2535
2536 /*
2537 * 5.5.3 (d). If the prefix advertised is not equal to the prefix of
2538 * an address configured by stateless autoconfiguration already in the
2539 * list of addresses associated with the interface, and the Valid
2540 * Lifetime is not 0, form an address. We first check if we have
2541 * a matching prefix.
2542 */
2543 ifnet_lock_shared(ifp);
2544 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
2545 struct in6_ifaddr *ifa6;
2546 u_int32_t remaininglifetime;
2547
2548 IFA_LOCK(ifa);
2549 if (ifa->ifa_addr->sa_family != AF_INET6) {
2550 IFA_UNLOCK(ifa);
2551 continue;
2552 }
2553 ifa6 = (struct in6_ifaddr *)ifa;
2554
2555 /*
2556 * We only consider autoconfigured addresses as per RFC 4862.
2557 */
2558 if (!(ifa6->ia6_flags & IN6_IFF_AUTOCONF)) {
2559 IFA_UNLOCK(ifa);
2560 continue;
2561 }
2562 /*
2563 * Spec is not clear here, but I believe we should concentrate
2564 * on unicast (i.e. not anycast) addresses.
2565 * XXX: other ia6_flags? detached or duplicated?
2566 */
2567 if ((ifa6->ia6_flags & IN6_IFF_ANYCAST) != 0) {
2568 IFA_UNLOCK(ifa);
2569 continue;
2570 }
2571 /*
2572 * Ignore the address if it is not associated with a prefix
2573 * or is associated with a prefix that is different from this
2574 * one. (pr is never NULL here)
2575 */
2576 if (ifa6->ia6_ndpr != pr) {
2577 IFA_UNLOCK(ifa);
2578 continue;
2579 }
2580
2581 if (ia6_match == NULL) { /* remember the first one */
2582 ia6_match = ifa6;
2583 IFA_ADDREF_LOCKED(ifa); /* for ia6_match */
2584 }
2585
2586 /*
2587 * An already autoconfigured address matched. Now that we
2588 * are sure there is at least one matched address, we can
2589 * proceed to 5.5.3. (e): update the lifetimes according to the
2590 * "two hours" rule and the privacy extension.
2591 */
2592 /* retrieve time as uptime (last arg is 0) */
2593 in6ifa_getlifetime(ifa6, &lt6_tmp, 0);
2594
2595 if (lt6_tmp.ia6t_vltime == ND6_INFINITE_LIFETIME) {
2596 remaininglifetime = ND6_INFINITE_LIFETIME;
2597 } else if (timenow - ifa6->ia6_updatetime > lt6_tmp.ia6t_vltime) {
2598 /*
2599 * The case of "invalid" address. We should usually
2600 * not see this case.
2601 */
2602 remaininglifetime = 0;
2603 } else {
2604 remaininglifetime = lt6_tmp.ia6t_vltime -
2605 (uint32_t)(timenow - ifa6->ia6_updatetime);
2606 }
2607 /* when not updating, keep the current stored lifetime. */
2608 lt6_tmp.ia6t_vltime = remaininglifetime;
2609
2610 if (TWOHOUR < new->ndpr_vltime ||
2611 remaininglifetime < new->ndpr_vltime) {
2612 lt6_tmp.ia6t_vltime = new->ndpr_vltime;
2613 } else if (remaininglifetime <= TWOHOUR) {
2614 if (auth) {
2615 lt6_tmp.ia6t_vltime = new->ndpr_vltime;
2616 }
2617 } else {
2618 /*
2619 * new->ndpr_vltime <= TWOHOUR &&
2620 * TWOHOUR < remaininglifetime
2621 */
2622 lt6_tmp.ia6t_vltime = TWOHOUR;
2623 }
2624
2625 /* The 2 hour rule is not imposed for preferred lifetime. */
2626 lt6_tmp.ia6t_pltime = new->ndpr_pltime;
2627
2628 /* Special handling for lifetimes of temporary addresses. */
2629 if ((ifa6->ia6_flags & IN6_IFF_TEMPORARY) != 0) {
2630 u_int32_t maxvltime, maxpltime;
2631
2632 /* Constrain lifetimes to system limits. */
2633 if (lt6_tmp.ia6t_vltime > ip6_temp_valid_lifetime) {
2634 lt6_tmp.ia6t_vltime = ip6_temp_valid_lifetime;
2635 }
2636 if (lt6_tmp.ia6t_pltime > ip6_temp_preferred_lifetime) {
2637 lt6_tmp.ia6t_pltime =
2638 ip6_temp_preferred_lifetime -
2639 ip6_desync_factor;
2640 }
2641
2642 /*
2643 * According to RFC 4941, section 3.3 (1), we only
2644 * update the lifetimes when they are in the maximum
2645 * intervals.
2646 */
2647 if (ip6_temp_valid_lifetime >
2648 (u_int32_t)((timenow - ifa6->ia6_createtime) +
2649 ip6_desync_factor)) {
2650 maxvltime = ip6_temp_valid_lifetime -
2651 (uint32_t)((timenow - ifa6->ia6_createtime) +
2652 ip6_desync_factor);
2653 } else {
2654 maxvltime = 0;
2655 }
2656 if (ip6_temp_preferred_lifetime >
2657 (u_int32_t)((timenow - ifa6->ia6_createtime) +
2658 ip6_desync_factor)) {
2659 maxpltime = ip6_temp_preferred_lifetime -
2660 (uint32_t)((timenow - ifa6->ia6_createtime) +
2661 ip6_desync_factor);
2662 } else {
2663 maxpltime = 0;
2664 }
2665
2666 if (lt6_tmp.ia6t_vltime == ND6_INFINITE_LIFETIME ||
2667 lt6_tmp.ia6t_vltime > maxvltime) {
2668 lt6_tmp.ia6t_vltime = maxvltime;
2669 }
2670
2671 if (lt6_tmp.ia6t_pltime == ND6_INFINITE_LIFETIME ||
2672 lt6_tmp.ia6t_pltime > maxpltime) {
2673 lt6_tmp.ia6t_pltime = maxpltime;
2674 }
2675 }
2676
2677 in6_init_address_ltimes(pr, &lt6_tmp);
2678
2679 in6ifa_setlifetime(ifa6, &lt6_tmp);
2680 ifa6->ia6_updatetime = timenow;
2681 IFA_UNLOCK(ifa);
2682 }
2683 ifnet_lock_done(ifp);
2684 if (ia6_match == NULL && new->ndpr_vltime) {
2685 /*
2686 * 5.5.3 (d) (continued)
2687 * No address matched and the valid lifetime is non-zero.
2688 * Create a new address.
2689 */
2690 if ((ia6 = in6_pfx_newpersistaddr(new, mcast, &error, FALSE, 0))
2691 != NULL) {
2692 /*
2693 * note that we should use pr (not new) for reference.
2694 */
2695 IFA_LOCK(&ia6->ia_ifa);
2696 NDPR_LOCK(pr);
2697 ia6->ia6_ndpr = pr;
2698 NDPR_ADDREF(pr); /* for addr reference */
2699 pr->ndpr_addrcnt++;
2700 VERIFY(pr->ndpr_addrcnt != 0);
2701 NDPR_UNLOCK(pr);
2702 IFA_UNLOCK(&ia6->ia_ifa);
2703
2704 /*
2705 * RFC 4941 3.3 (2).
2706 * When a new public address is created as described
2707 * in RFC 4862, also create a new temporary address.
2708 *
2709 * RFC 4941 3.5.
2710 * When an interface connects to a new link, a new
2711 * randomized interface identifier should be generated
2712 * immediately together with a new set of temporary
2713 * addresses. Thus, we specifiy 1 as the 2nd arg of
2714 * in6_tmpifadd().
2715 */
2716 if (ip6_use_tempaddr) {
2717 int e;
2718 if ((e = in6_tmpifadd(ia6, 1)) != 0) {
2719 nd6log(info, "prelist_update: "
2720 "failed to create a temporary "
2721 "address, errno=%d\n",
2722 e);
2723 }
2724 }
2725 IFA_REMREF(&ia6->ia_ifa);
2726 ia6 = NULL;
2727
2728 /*
2729 * If the interface is marked for CLAT46 configuration
2730 * try and configure the reserved IPv6 address for
2731 * stateless translation.
2732 */
2733 if (IS_INTF_CLAT46(ifp)) {
2734 if ((ia6 = in6_pfx_newpersistaddr(new, mcast,
2735 &error, TRUE, CLAT46_COLLISION_COUNT_OFFSET))
2736 != NULL) {
2737 IFA_LOCK(&ia6->ia_ifa);
2738 NDPR_LOCK(pr);
2739 ia6->ia6_ndpr = pr;
2740 NDPR_ADDREF(pr); /* for addr reference */
2741 pr->ndpr_addrcnt++;
2742 VERIFY(pr->ndpr_addrcnt != 0);
2743 pr->ndpr_stateflags |= NDPRF_CLAT46;
2744 NDPR_UNLOCK(pr);
2745 IFA_UNLOCK(&ia6->ia_ifa);
2746 IFA_REMREF(&ia6->ia_ifa);
2747 ia6 = NULL;
2748 } else if (error != EEXIST) {
2749 uuid_t tmp_uuid = {};
2750 /*
2751 * Only report the error if it is not
2752 * EEXIST.
2753 */
2754 ip6stat.ip6s_clat464_v6addr_conffail++;
2755 in6_clat46_event_enqueue_nwk_wq_entry(
2756 IN6_CLAT46_EVENT_V6_ADDR_CONFFAIL,
2757 0,
2758 tmp_uuid);
2759 nd6log0(error, "Could not configure CLAT46 address on interface %s.\n", ifp->if_xname);
2760 }
2761 /*
2762 * Reset the error as we do not want to
2763 * treat failure of CLAT46 address configuration
2764 * as complete failure in prelist update path.
2765 */
2766 error = 0;
2767 }
2768
2769 /*
2770 * A newly added address might affect the status
2771 * of other addresses, so we check and update it.
2772 * XXX: what if address duplication happens?
2773 */
2774 lck_mtx_lock(nd6_mutex);
2775 pfxlist_onlink_check();
2776 lck_mtx_unlock(nd6_mutex);
2777 }
2778 }
2779 end:
2780 if (pr != NULL) {
2781 NDPR_REMREF(pr);
2782 }
2783 if (ia6_match != NULL) {
2784 IFA_REMREF(&ia6_match->ia_ifa);
2785 }
2786 return error;
2787 }
2788
2789 /*
2790 * Neighbor Discover Default Router structure reference counting routines.
2791 */
2792 static struct nd_defrouter *
2793 nddr_alloc(zalloc_flags_t how)
2794 {
2795 struct nd_defrouter *dr;
2796
2797 dr = zalloc_flags(nddr_zone, how | Z_ZERO);
2798 if (dr) {
2799 lck_mtx_init(&dr->nddr_lock, ifa_mtx_grp, ifa_mtx_attr);
2800 lck_mtx_init(&dr->nddr_ref_lock, ifa_mtx_grp, ifa_mtx_attr);
2801 dr->nddr_debug |= IFD_ALLOC;
2802 if (nddr_debug != 0) {
2803 dr->nddr_debug |= IFD_DEBUG;
2804 dr->nddr_trace = nddr_trace;
2805 }
2806 }
2807 return dr;
2808 }
2809
2810 static void
2811 nddr_free(struct nd_defrouter *dr)
2812 {
2813 if (dr->nddr_debug & IFD_ATTACHED) {
2814 panic("%s: attached nddr %p is being freed", __func__, dr);
2815 /* NOTREACHED */
2816 } else if (!(dr->nddr_debug & IFD_ALLOC)) {
2817 panic("%s: nddr %p cannot be freed", __func__, dr);
2818 /* NOTREACHED */
2819 }
2820 dr->nddr_debug &= ~IFD_ALLOC;
2821 lck_mtx_destroy(&dr->nddr_lock, ifa_mtx_grp);
2822 lck_mtx_destroy(&dr->nddr_ref_lock, ifa_mtx_grp);
2823 zfree(nddr_zone, dr);
2824 }
2825
2826 static void
2827 nddr_trace(struct nd_defrouter *dr, int refhold)
2828 {
2829 struct nd_defrouter_dbg *dr_dbg = (struct nd_defrouter_dbg *)dr;
2830 ctrace_t *tr;
2831 uint32_t idx;
2832 uint16_t *cnt;
2833
2834 if (!(dr->nddr_debug & IFD_DEBUG)) {
2835 panic("%s: nddr %p has no debug structure", __func__, dr);
2836 /* NOTREACHED */
2837 }
2838 if (refhold) {
2839 cnt = &dr_dbg->nddr_refhold_cnt;
2840 tr = dr_dbg->nddr_refhold;
2841 } else {
2842 cnt = &dr_dbg->nddr_refrele_cnt;
2843 tr = dr_dbg->nddr_refrele;
2844 }
2845
2846 idx = atomic_add_16_ov(cnt, 1) % NDDR_TRACE_HIST_SIZE;
2847 ctrace_record(&tr[idx]);
2848 }
2849
2850 void
2851 nddr_addref(struct nd_defrouter *nddr)
2852 {
2853 NDDR_REF_LOCK_SPIN(nddr);
2854 if (++nddr->nddr_refcount == 0) {
2855 panic("%s: nddr %p wraparound refcnt\n", __func__, nddr);
2856 /* NOTREACHED */
2857 } else if (nddr->nddr_trace != NULL) {
2858 (*nddr->nddr_trace)(nddr, TRUE);
2859 }
2860 NDDR_REF_UNLOCK(nddr);
2861 }
2862
2863 struct nd_defrouter *
2864 nddr_remref(struct nd_defrouter *nddr)
2865 {
2866 NDDR_REF_LOCK_SPIN(nddr);
2867 if (nddr->nddr_refcount == 0) {
2868 panic("%s: nddr %p negative refcnt\n", __func__, nddr);
2869 /* NOTREACHED */
2870 } else if (nddr->nddr_trace != NULL) {
2871 (*nddr->nddr_trace)(nddr, FALSE);
2872 }
2873
2874 if (--nddr->nddr_refcount == 0) {
2875 NDDR_REF_UNLOCK(nddr);
2876 nddr_free(nddr);
2877 nddr = NULL;
2878 } else {
2879 NDDR_REF_UNLOCK(nddr);
2880 }
2881 return nddr;
2882 }
2883
2884 uint64_t
2885 nddr_getexpire(struct nd_defrouter *dr)
2886 {
2887 struct timeval caltime;
2888 uint64_t expiry;
2889
2890 if (dr->expire != 0) {
2891 /* account for system time change */
2892 getmicrotime(&caltime);
2893
2894 dr->base_calendartime +=
2895 NET_CALCULATE_CLOCKSKEW(caltime,
2896 dr->base_calendartime, net_uptime(), dr->base_uptime);
2897
2898 expiry = dr->base_calendartime +
2899 dr->expire - dr->base_uptime;
2900 } else {
2901 expiry = 0;
2902 }
2903 return expiry;
2904 }
2905
2906 /*
2907 * Neighbor Discover Prefix structure reference counting routines.
2908 */
2909 static struct nd_prefix *
2910 ndpr_alloc(int how)
2911 {
2912 struct nd_prefix *pr;
2913
2914 pr = zalloc_flags(ndpr_zone, how | Z_ZERO);
2915 if (pr != NULL) {
2916 lck_mtx_init(&pr->ndpr_lock, ifa_mtx_grp, ifa_mtx_attr);
2917 lck_mtx_init(&pr->ndpr_ref_lock, ifa_mtx_grp, ifa_mtx_attr);
2918 RB_INIT(&pr->ndpr_prproxy_sols);
2919 pr->ndpr_debug |= IFD_ALLOC;
2920 if (ndpr_debug != 0) {
2921 pr->ndpr_debug |= IFD_DEBUG;
2922 pr->ndpr_trace = ndpr_trace;
2923 }
2924 }
2925 return pr;
2926 }
2927
2928 static void
2929 ndpr_free(struct nd_prefix *pr)
2930 {
2931 if (pr->ndpr_debug & IFD_ATTACHED) {
2932 panic("%s: attached ndpr %p is being freed", __func__, pr);
2933 /* NOTREACHED */
2934 } else if (!(pr->ndpr_debug & IFD_ALLOC)) {
2935 panic("%s: ndpr %p cannot be freed", __func__, pr);
2936 /* NOTREACHED */
2937 } else if (pr->ndpr_rt != NULL) {
2938 panic("%s: ndpr %p route %p not freed", __func__, pr,
2939 pr->ndpr_rt);
2940 /* NOTREACHED */
2941 } else if (pr->ndpr_prproxy_sols_cnt != 0) {
2942 panic("%s: ndpr %p non-zero solicitors count (%d)",
2943 __func__, pr, pr->ndpr_prproxy_sols_cnt);
2944 /* NOTREACHED */
2945 } else if (!RB_EMPTY(&pr->ndpr_prproxy_sols)) {
2946 panic("%s: ndpr %p non-empty solicitors tree", __func__, pr);
2947 /* NOTREACHED */
2948 }
2949 pr->ndpr_debug &= ~IFD_ALLOC;
2950 lck_mtx_destroy(&pr->ndpr_lock, ifa_mtx_grp);
2951 lck_mtx_destroy(&pr->ndpr_ref_lock, ifa_mtx_grp);
2952 zfree(ndpr_zone, pr);
2953 }
2954
2955 static void
2956 ndpr_trace(struct nd_prefix *pr, int refhold)
2957 {
2958 struct nd_prefix_dbg *pr_dbg = (struct nd_prefix_dbg *)pr;
2959 ctrace_t *tr;
2960 u_int32_t idx;
2961 u_int16_t *cnt;
2962
2963 if (!(pr->ndpr_debug & IFD_DEBUG)) {
2964 panic("%s: ndpr %p has no debug structure", __func__, pr);
2965 /* NOTREACHED */
2966 }
2967 if (refhold) {
2968 cnt = &pr_dbg->ndpr_refhold_cnt;
2969 tr = pr_dbg->ndpr_refhold;
2970 } else {
2971 cnt = &pr_dbg->ndpr_refrele_cnt;
2972 tr = pr_dbg->ndpr_refrele;
2973 }
2974
2975 idx = atomic_add_16_ov(cnt, 1) % NDPR_TRACE_HIST_SIZE;
2976 ctrace_record(&tr[idx]);
2977 }
2978
2979 void
2980 ndpr_addref(struct nd_prefix *ndpr)
2981 {
2982 NDPR_REF_LOCK_SPIN(ndpr);
2983 if (++ndpr->ndpr_refcount == 0) {
2984 panic("%s: ndpr %p wraparound refcnt\n", __func__, ndpr);
2985 /* NOTREACHED */
2986 } else if (ndpr->ndpr_trace != NULL) {
2987 (*ndpr->ndpr_trace)(ndpr, TRUE);
2988 }
2989 NDPR_REF_UNLOCK(ndpr);
2990 }
2991
2992 struct nd_prefix *
2993 ndpr_remref(struct nd_prefix *ndpr)
2994 {
2995 NDPR_REF_LOCK_SPIN(ndpr);
2996 if (ndpr->ndpr_refcount == 0) {
2997 panic("%s: ndpr %p negative refcnt\n", __func__, ndpr);
2998 /* NOTREACHED */
2999 } else if (ndpr->ndpr_trace != NULL) {
3000 (*ndpr->ndpr_trace)(ndpr, FALSE);
3001 }
3002
3003 if (--ndpr->ndpr_refcount == 0) {
3004 if (ndpr->ndpr_addrcnt != 0) {
3005 panic("%s: freeing ndpr %p with outstanding address "
3006 "reference (%d)", __func__, ndpr,
3007 ndpr->ndpr_addrcnt);
3008 /* NOTREACHED */
3009 }
3010 NDPR_REF_UNLOCK(ndpr);
3011 ndpr_free(ndpr);
3012 ndpr = NULL;
3013 } else {
3014 NDPR_REF_UNLOCK(ndpr);
3015 }
3016 return ndpr;
3017 }
3018
3019 uint64_t
3020 ndpr_getexpire(struct nd_prefix *pr)
3021 {
3022 struct timeval caltime;
3023 uint64_t expiry;
3024
3025 if (pr->ndpr_expire != 0 && pr->ndpr_vltime != ND6_INFINITE_LIFETIME) {
3026 /* account for system time change */
3027 getmicrotime(&caltime);
3028
3029 pr->ndpr_base_calendartime +=
3030 NET_CALCULATE_CLOCKSKEW(caltime,
3031 pr->ndpr_base_calendartime, net_uptime(),
3032 pr->ndpr_base_uptime);
3033
3034 expiry = pr->ndpr_base_calendartime +
3035 pr->ndpr_expire - pr->ndpr_base_uptime;
3036 } else {
3037 expiry = 0;
3038 }
3039 return expiry;
3040 }
3041
3042 /*
3043 * A supplement function used in the on-link detection below;
3044 * detect if a given prefix has a (probably) reachable advertising router.
3045 * XXX: lengthy function name...
3046 *
3047 * Callers *must* increase the reference count of nd_prefix.
3048 */
3049 static struct nd_pfxrouter *
3050 find_pfxlist_reachable_router(struct nd_prefix *pr)
3051 {
3052 struct nd_pfxrouter *pfxrtr;
3053 struct rtentry *rt;
3054 struct llinfo_nd6 *ln;
3055 struct ifnet *ifp;
3056 struct in6_addr rtaddr;
3057 unsigned int genid;
3058
3059 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
3060 NDPR_LOCK_ASSERT_HELD(pr);
3061
3062 genid = pr->ndpr_genid;
3063 pfxrtr = LIST_FIRST(&pr->ndpr_advrtrs);
3064 while (pfxrtr) {
3065 ifp = pfxrtr->router->ifp;
3066 if (pfxrtr->router->stateflags & NDDRF_MAPPED) {
3067 rtaddr = pfxrtr->router->rtaddr_mapped;
3068 } else {
3069 rtaddr = pfxrtr->router->rtaddr;
3070 }
3071
3072 NDPR_UNLOCK(pr);
3073 lck_mtx_unlock(nd6_mutex);
3074 /* Callee returns a locked route upon success */
3075 if ((rt = nd6_lookup(&rtaddr, 0, ifp, 0)) != NULL) {
3076 RT_LOCK_ASSERT_HELD(rt);
3077 if ((ln = rt->rt_llinfo) != NULL &&
3078 ND6_IS_LLINFO_PROBREACH(ln)) {
3079 RT_REMREF_LOCKED(rt);
3080 RT_UNLOCK(rt);
3081 lck_mtx_lock(nd6_mutex);
3082 NDPR_LOCK(pr);
3083 break; /* found */
3084 }
3085 RT_REMREF_LOCKED(rt);
3086 RT_UNLOCK(rt);
3087 }
3088 lck_mtx_lock(nd6_mutex);
3089 NDPR_LOCK(pr);
3090 if (pr->ndpr_genid != genid) {
3091 pfxrtr = LIST_FIRST(&pr->ndpr_advrtrs);
3092 genid = pr->ndpr_genid;
3093 } else {
3094 pfxrtr = LIST_NEXT(pfxrtr, pfr_entry);
3095 }
3096 }
3097 NDPR_LOCK_ASSERT_HELD(pr);
3098
3099 return pfxrtr;
3100 }
3101
3102 /*
3103 * Check if each prefix in the prefix list has at least one available router
3104 * that advertised the prefix (a router is "available" if its neighbor cache
3105 * entry is reachable or probably reachable).
3106 * If the check fails, the prefix may be off-link, because, for example,
3107 * we have moved from the network but the lifetime of the prefix has not
3108 * expired yet. So we should not use the prefix if there is another prefix
3109 * that has an available router.
3110 * But, if there is no prefix that has an available router, we still regards
3111 * all the prefixes as on-link. This is because we can't tell if all the
3112 * routers are simply dead or if we really moved from the network and there
3113 * is no router around us.
3114 */
3115 void
3116 pfxlist_onlink_check(void)
3117 {
3118 struct nd_prefix *pr, *prclear;
3119 struct in6_ifaddr *ifa;
3120 struct nd_defrouter *dr;
3121 struct nd_pfxrouter *pfxrtr = NULL;
3122 int err, i, found = 0;
3123 struct ifaddr **ifap = NULL;
3124 struct nd_prefix *ndpr;
3125
3126 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
3127
3128 while (nd_prefix_busy) {
3129 nd_prefix_waiters++;
3130 msleep(nd_prefix_waitchan, nd6_mutex, (PZERO - 1),
3131 __func__, NULL);
3132 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
3133 }
3134 nd_prefix_busy = TRUE;
3135
3136 /*
3137 * Check if there is a prefix that has a reachable advertising
3138 * router.
3139 */
3140 pr = nd_prefix.lh_first;
3141 while (pr) {
3142 NDPR_LOCK(pr);
3143 if (pr->ndpr_stateflags & NDPRF_PROCESSED_ONLINK) {
3144 NDPR_UNLOCK(pr);
3145 pr = pr->ndpr_next;
3146 continue;
3147 }
3148 NDPR_ADDREF(pr);
3149 if (pr->ndpr_raf_onlink && find_pfxlist_reachable_router(pr) &&
3150 (pr->ndpr_debug & IFD_ATTACHED)) {
3151 if (NDPR_REMREF(pr) == NULL) {
3152 pr = NULL;
3153 } else {
3154 NDPR_UNLOCK(pr);
3155 }
3156 break;
3157 }
3158 pr->ndpr_stateflags |= NDPRF_PROCESSED_ONLINK;
3159 NDPR_UNLOCK(pr);
3160 NDPR_REMREF(pr);
3161 /*
3162 * Since find_pfxlist_reachable_router() drops the nd6_mutex, we
3163 * have to start over, but the NDPRF_PROCESSED_ONLINK flag will
3164 * stop us from checking the same prefix twice.
3165 */
3166 pr = nd_prefix.lh_first;
3167 }
3168 LIST_FOREACH(prclear, &nd_prefix, ndpr_entry) {
3169 NDPR_LOCK(prclear);
3170 prclear->ndpr_stateflags &= ~NDPRF_PROCESSED_ONLINK;
3171 NDPR_UNLOCK(prclear);
3172 }
3173 /*
3174 * If we have no such prefix, check whether we still have a router
3175 * that does not advertise any prefixes.
3176 */
3177 if (pr == NULL) {
3178 for (dr = TAILQ_FIRST(&nd_defrouter_list); dr;
3179 dr = TAILQ_NEXT(dr, dr_entry)) {
3180 struct nd_prefix *pr0;
3181
3182 for (pr0 = nd_prefix.lh_first; pr0;
3183 pr0 = pr0->ndpr_next) {
3184 NDPR_LOCK(pr0);
3185 if ((pfxrtr = pfxrtr_lookup(pr0, dr)) != NULL) {
3186 NDPR_UNLOCK(pr0);
3187 break;
3188 }
3189 NDPR_UNLOCK(pr0);
3190 }
3191 if (pfxrtr != NULL) {
3192 break;
3193 }
3194 }
3195 }
3196 if (pr != NULL || (TAILQ_FIRST(&nd_defrouter_list) && pfxrtr == NULL)) {
3197 /*
3198 * There is at least one prefix that has a reachable router,
3199 * or at least a router which probably does not advertise
3200 * any prefixes. The latter would be the case when we move
3201 * to a new link where we have a router that does not provide
3202 * prefixes and we configure an address by hand.
3203 * Detach prefixes which have no reachable advertising
3204 * router, and attach other prefixes.
3205 */
3206 pr = nd_prefix.lh_first;
3207 while (pr) {
3208 NDPR_LOCK(pr);
3209 /*
3210 * We aren't interested prefixes already processed,
3211 * nor in prefixes without the L bit
3212 * set nor in static prefixes
3213 */
3214 if (pr->ndpr_raf_onlink == 0 ||
3215 pr->ndpr_stateflags & NDPRF_PROCESSED_ONLINK ||
3216 pr->ndpr_stateflags & NDPRF_STATIC) {
3217 NDPR_UNLOCK(pr);
3218 pr = pr->ndpr_next;
3219 continue;
3220 }
3221 NDPR_ADDREF(pr);
3222 if ((pr->ndpr_stateflags & NDPRF_DETACHED) == 0 &&
3223 find_pfxlist_reachable_router(pr) == NULL &&
3224 (pr->ndpr_debug & IFD_ATTACHED)) {
3225 pr->ndpr_stateflags |= NDPRF_DETACHED;
3226 }
3227 if ((pr->ndpr_stateflags & NDPRF_DETACHED) != 0 &&
3228 find_pfxlist_reachable_router(pr) != NULL &&
3229 (pr->ndpr_debug & IFD_ATTACHED)) {
3230 pr->ndpr_stateflags &= ~NDPRF_DETACHED;
3231 }
3232 pr->ndpr_stateflags |= NDPRF_PROCESSED_ONLINK;
3233 NDPR_UNLOCK(pr);
3234 NDPR_REMREF(pr);
3235 /*
3236 * Since find_pfxlist_reachable_router() drops the
3237 * nd6_mutex, we have to start over, but the
3238 * NDPRF_PROCESSED_ONLINK flag will stop us from
3239 * checking the same prefix twice.
3240 */
3241 pr = nd_prefix.lh_first;
3242 }
3243 } else {
3244 /* there is no prefix that has a reachable router */
3245 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) {
3246 NDPR_LOCK(pr);
3247 if (pr->ndpr_raf_onlink == 0 ||
3248 pr->ndpr_stateflags & NDPRF_STATIC) {
3249 NDPR_UNLOCK(pr);
3250 continue;
3251 }
3252 if ((pr->ndpr_stateflags & NDPRF_DETACHED) != 0) {
3253 pr->ndpr_stateflags &= ~NDPRF_DETACHED;
3254 }
3255 NDPR_UNLOCK(pr);
3256 }
3257 }
3258 LIST_FOREACH(prclear, &nd_prefix, ndpr_entry) {
3259 NDPR_LOCK(prclear);
3260 prclear->ndpr_stateflags &= ~NDPRF_PROCESSED_ONLINK;
3261 NDPR_UNLOCK(prclear);
3262 }
3263 /*
3264 * Remove each interface route associated with a (just) detached
3265 * prefix, and reinstall the interface route for a (just) attached
3266 * prefix. Note that all attempt of reinstallation does not
3267 * necessarily success, when a same prefix is shared among multiple
3268 * interfaces. Such cases will be handled in nd6_prefix_onlink,
3269 * so we don't have to care about them.
3270 */
3271 pr = nd_prefix.lh_first;
3272 while (pr) {
3273 int e;
3274
3275 NDPR_LOCK(pr);
3276 if (pr->ndpr_raf_onlink == 0 ||
3277 pr->ndpr_stateflags & NDPRF_STATIC ||
3278 pr->ndpr_stateflags & NDPRF_PROCESSED_ONLINK ||
3279 pr->ndpr_stateflags & NDPRF_DEFUNCT) {
3280 NDPR_UNLOCK(pr);
3281 pr = pr->ndpr_next;
3282 continue;
3283 }
3284 pr->ndpr_stateflags |= NDPRF_PROCESSED_ONLINK;
3285 NDPR_ADDREF(pr);
3286 if ((pr->ndpr_stateflags & NDPRF_DETACHED) != 0 &&
3287 (pr->ndpr_stateflags & NDPRF_ONLINK) != 0) {
3288 NDPR_UNLOCK(pr);
3289 lck_mtx_unlock(nd6_mutex);
3290 if ((e = nd6_prefix_offlink(pr)) != 0) {
3291 nd6log(error,
3292 "pfxlist_onlink_check: failed to "
3293 "make %s/%d offlink, errno=%d\n",
3294 ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
3295 pr->ndpr_plen, e);
3296 }
3297 lck_mtx_lock(nd6_mutex);
3298 NDPR_REMREF(pr);
3299 pr = nd_prefix.lh_first;
3300 continue;
3301 }
3302 if ((pr->ndpr_stateflags & NDPRF_DETACHED) == 0 &&
3303 (pr->ndpr_stateflags & NDPRF_ONLINK) == 0 &&
3304 pr->ndpr_raf_onlink) {
3305 NDPR_UNLOCK(pr);
3306 if ((e = nd6_prefix_onlink(pr)) != 0) {
3307 nd6log(error,
3308 "pfxlist_onlink_check: failed to "
3309 "make %s/%d offlink, errno=%d\n",
3310 ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
3311 pr->ndpr_plen, e);
3312 }
3313 NDPR_REMREF(pr);
3314 pr = nd_prefix.lh_first;
3315 continue;
3316 } else {
3317 NDPR_UNLOCK(pr);
3318 }
3319 NDPR_REMREF(pr);
3320 pr = pr->ndpr_next;
3321 }
3322 LIST_FOREACH(prclear, &nd_prefix, ndpr_entry) {
3323 NDPR_LOCK(prclear);
3324 prclear->ndpr_stateflags &= ~NDPRF_PROCESSED_ONLINK;
3325 NDPR_UNLOCK(prclear);
3326 }
3327 VERIFY(nd_prefix_busy);
3328 nd_prefix_busy = FALSE;
3329 if (nd_prefix_waiters > 0) {
3330 nd_prefix_waiters = 0;
3331 wakeup(nd_prefix_waitchan);
3332 }
3333
3334 /*
3335 * Changes on the prefix status might affect address status as well.
3336 * Make sure that all addresses derived from an attached prefix are
3337 * attached, and that all addresses derived from a detached prefix are
3338 * detached. Note, however, that a manually configured address should
3339 * always be attached.
3340 * The precise detection logic is same as the one for prefixes.
3341 *
3342 * ifnet_get_address_list_family_internal() may fail due to memory
3343 * pressure, but we will eventually be called again when we receive
3344 * another NA, RA, or when the link status changes.
3345 */
3346 err = ifnet_get_address_list_family_internal(NULL, &ifap, AF_INET6, 0,
3347 M_NOWAIT, 0);
3348 if (err != 0 || ifap == NULL) {
3349 nd6log(error, "%s: ifnet_get_address_list_family_internal "
3350 "failed", __func__);
3351 return;
3352 }
3353 for (i = 0; ifap[i]; i++) {
3354 ifa = ifatoia6(ifap[i]);
3355 IFA_LOCK(&ifa->ia_ifa);
3356 if ((ifa->ia6_flags & IN6_IFF_AUTOCONF) == 0 ||
3357 (ifap[i]->ifa_debug & IFD_ATTACHED) == 0) {
3358 IFA_UNLOCK(&ifa->ia_ifa);
3359 continue;
3360 }
3361 if ((ndpr = ifa->ia6_ndpr) == NULL) {
3362 /*
3363 * This can happen when we first configure the address
3364 * (i.e. the address exists, but the prefix does not).
3365 * XXX: complicated relationships...
3366 */
3367 IFA_UNLOCK(&ifa->ia_ifa);
3368 continue;
3369 }
3370 IFA_UNLOCK(&ifa->ia_ifa);
3371
3372 NDPR_LOCK(ndpr);
3373 NDPR_ADDREF(ndpr);
3374 if (find_pfxlist_reachable_router(ndpr)) {
3375 if (NDPR_REMREF(ndpr) == NULL) {
3376 found = 0;
3377 } else {
3378 NDPR_UNLOCK(ndpr);
3379 found = 1;
3380 }
3381 break;
3382 }
3383 NDPR_UNLOCK(ndpr);
3384 NDPR_REMREF(ndpr);
3385 }
3386 if (found) {
3387 for (i = 0; ifap[i]; i++) {
3388 ifa = ifatoia6(ifap[i]);
3389 IFA_LOCK(&ifa->ia_ifa);
3390 if ((ifa->ia6_flags & IN6_IFF_AUTOCONF) == 0 ||
3391 (ifap[i]->ifa_debug & IFD_ATTACHED) == 0) {
3392 IFA_UNLOCK(&ifa->ia_ifa);
3393 continue;
3394 }
3395 if ((ndpr = ifa->ia6_ndpr) == NULL) {
3396 /* XXX: see above. */
3397 IFA_UNLOCK(&ifa->ia_ifa);
3398 continue;
3399 }
3400 IFA_UNLOCK(&ifa->ia_ifa);
3401 NDPR_LOCK(ndpr);
3402 NDPR_ADDREF(ndpr);
3403 if (find_pfxlist_reachable_router(ndpr)) {
3404 NDPR_UNLOCK(ndpr);
3405 IFA_LOCK(&ifa->ia_ifa);
3406 if (ifa->ia6_flags & IN6_IFF_DETACHED) {
3407 ifa->ia6_flags &= ~IN6_IFF_DETACHED;
3408 in6_ifaddr_set_dadprogress((struct in6_ifaddr *)ifa);
3409 IFA_UNLOCK(&ifa->ia_ifa);
3410 nd6_dad_start((struct ifaddr *)ifa, 0);
3411 } else {
3412 IFA_UNLOCK(&ifa->ia_ifa);
3413 }
3414 } else {
3415 NDPR_UNLOCK(ndpr);
3416 IFA_LOCK(&ifa->ia_ifa);
3417 if ((ifa->ia6_flags & IN6_IFF_DETACHED) == 0) {
3418 ifa->ia6_flags |= IN6_IFF_DETACHED;
3419 in6_event_enqueue_nwk_wq_entry(IN6_ADDR_MARKED_DETACHED,
3420 ifa->ia_ifa.ifa_ifp, &ifa->ia_addr.sin6_addr,
3421 0);
3422 }
3423 IFA_UNLOCK(&ifa->ia_ifa);
3424 }
3425 NDPR_REMREF(ndpr);
3426 }
3427 } else {
3428 for (i = 0; ifap[i]; i++) {
3429 ifa = ifatoia6(ifap[i]);
3430 IFA_LOCK(&ifa->ia_ifa);
3431 if ((ifa->ia6_flags & IN6_IFF_AUTOCONF) == 0) {
3432 IFA_UNLOCK(&ifa->ia_ifa);
3433 continue;
3434 }
3435 if (ifa->ia6_flags & IN6_IFF_DETACHED) {
3436 ifa->ia6_flags &= ~IN6_IFF_DETACHED;
3437 in6_ifaddr_set_dadprogress((struct in6_ifaddr *)ifa);
3438 IFA_UNLOCK(&ifa->ia_ifa);
3439 /* Do we need a delay in this case? */
3440 nd6_dad_start((struct ifaddr *)ifa, 0);
3441 } else {
3442 IFA_UNLOCK(&ifa->ia_ifa);
3443 }
3444 }
3445 }
3446 ifnet_free_address_list(ifap);
3447 }
3448
3449 static struct nd_prefix *
3450 nd6_prefix_equal_lookup(struct nd_prefix *pr, boolean_t primary_only)
3451 {
3452 struct nd_prefix *opr;
3453
3454 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
3455
3456 for (opr = nd_prefix.lh_first; opr; opr = opr->ndpr_next) {
3457 if (opr == pr) {
3458 continue;
3459 }
3460
3461 NDPR_LOCK(opr);
3462 if ((opr->ndpr_stateflags & NDPRF_ONLINK) == 0) {
3463 NDPR_UNLOCK(opr);
3464 continue;
3465 }
3466 if (opr->ndpr_plen == pr->ndpr_plen &&
3467 in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr,
3468 &opr->ndpr_prefix.sin6_addr, pr->ndpr_plen) &&
3469 (!primary_only ||
3470 !(opr->ndpr_stateflags & NDPRF_IFSCOPE))) {
3471 NDPR_ADDREF(opr);
3472 NDPR_UNLOCK(opr);
3473 return opr;
3474 }
3475 NDPR_UNLOCK(opr);
3476 }
3477 return NULL;
3478 }
3479
3480 /*
3481 * Synchronize the interface routes of similar prefixes on different
3482 * interfaces; the one using the default interface would be (re)installed
3483 * as a primary/non-scoped entry, and the rest as scoped entri(es).
3484 */
3485 static void
3486 nd6_prefix_sync(struct ifnet *ifp)
3487 {
3488 struct nd_prefix *pr, *opr;
3489 int err = 0;
3490
3491 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
3492
3493 if (ifp == NULL) {
3494 return;
3495 }
3496
3497 for (pr = nd_prefix.lh_first; pr; pr = pr->ndpr_next) {
3498 NDPR_LOCK(pr);
3499 if (!(pr->ndpr_stateflags & NDPRF_ONLINK)) {
3500 NDPR_UNLOCK(pr);
3501 continue;
3502 }
3503 if (pr->ndpr_ifp == ifp &&
3504 (pr->ndpr_stateflags & NDPRF_IFSCOPE) &&
3505 !IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) {
3506 NDPR_UNLOCK(pr);
3507 break;
3508 }
3509 NDPR_UNLOCK(pr);
3510 }
3511
3512 if (pr == NULL) {
3513 return;
3514 }
3515
3516 /* Remove conflicting entries */
3517 opr = nd6_prefix_equal_lookup(pr, TRUE);
3518 if (opr != NULL) {
3519 lck_mtx_unlock(nd6_mutex);
3520 err = nd6_prefix_offlink(opr);
3521 lck_mtx_lock(nd6_mutex);
3522 if (err != 0) {
3523 nd6log(error,
3524 "%s: failed to make %s/%d offlink on %s, "
3525 "errno=%d\n", __func__,
3526 ip6_sprintf(&opr->ndpr_prefix.sin6_addr),
3527 opr->ndpr_plen, if_name(opr->ndpr_ifp), err);
3528 }
3529 } else {
3530 nd6log(error,
3531 "%s: scoped %s/%d on %s has no matching unscoped prefix\n",
3532 __func__, ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
3533 pr->ndpr_plen, if_name(pr->ndpr_ifp));
3534 }
3535
3536 lck_mtx_unlock(nd6_mutex);
3537 err = nd6_prefix_offlink(pr);
3538 lck_mtx_lock(nd6_mutex);
3539 if (err != 0) {
3540 nd6log(error,
3541 "%s: failed to make %s/%d offlink on %s, errno=%d\n",
3542 __func__, ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
3543 pr->ndpr_plen, if_name(pr->ndpr_ifp), err);
3544 }
3545
3546 /* Add the entries back */
3547 if (opr != NULL) {
3548 err = nd6_prefix_onlink_scoped(opr, opr->ndpr_ifp->if_index);
3549 if (err != 0) {
3550 nd6log(error,
3551 "%s: failed to make %s/%d scoped onlink on %s, "
3552 "errno=%d\n", __func__,
3553 ip6_sprintf(&opr->ndpr_prefix.sin6_addr),
3554 opr->ndpr_plen, if_name(opr->ndpr_ifp), err);
3555 }
3556 }
3557
3558 err = nd6_prefix_onlink_scoped(pr, IFSCOPE_NONE);
3559 if (err != 0) {
3560 nd6log(error,
3561 "%s: failed to make %s/%d onlink on %s, errno=%d\n",
3562 __func__, ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
3563 pr->ndpr_plen, if_name(pr->ndpr_ifp), err);
3564 }
3565
3566 if (err != 0) {
3567 nd6log(error,
3568 "%s: error promoting %s/%d to %s from %s\n",
3569 __func__, ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
3570 pr->ndpr_plen, if_name(pr->ndpr_ifp),
3571 (opr != NULL) ? if_name(opr->ndpr_ifp) : "NONE");
3572 } else {
3573 nd6log2(info,
3574 "%s: %s/%d promoted, previously on %s\n",
3575 if_name(pr->ndpr_ifp),
3576 ip6_sprintf(&pr->ndpr_prefix.sin6_addr), pr->ndpr_plen,
3577 (opr != NULL) ? if_name(opr->ndpr_ifp) : "NONE");
3578 }
3579
3580 if (opr != NULL) {
3581 NDPR_REMREF(opr);
3582 }
3583 }
3584
3585 static int
3586 nd6_prefix_onlink_common(struct nd_prefix *pr, boolean_t force_scoped,
3587 unsigned int ifscope)
3588 {
3589 struct ifaddr *ifa;
3590 struct ifnet *ifp = pr->ndpr_ifp;
3591 struct sockaddr_in6 mask6, prefix;
3592 struct nd_prefix *opr;
3593 u_int32_t rtflags;
3594 int error = 0, prproxy = 0;
3595 struct rtentry *rt = NULL;
3596 u_char prefix_len = 0;
3597
3598 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_OWNED);
3599
3600 /* sanity check */
3601 NDPR_LOCK(pr);
3602 if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0) {
3603 nd6log(error,
3604 "%s: %s/%d on %s scoped=%d is already on-link\n",
3605 __func__, ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
3606 pr->ndpr_plen, if_name(pr->ndpr_ifp),
3607 (pr->ndpr_stateflags & NDPRF_IFSCOPE) ? 1 : 0);
3608 NDPR_UNLOCK(pr);
3609 return EEXIST;
3610 }
3611 NDPR_UNLOCK(pr);
3612
3613 /*
3614 * Add the interface route associated with the prefix. Before
3615 * installing the route, check if there's the same prefix on another
3616 * interface, and the prefix has already installed the interface route.
3617 */
3618 opr = nd6_prefix_equal_lookup(pr, FALSE);
3619 if (opr != NULL) {
3620 NDPR_REMREF(opr);
3621 }
3622
3623 if (!force_scoped) {
3624 /*
3625 * If a primary/non-scoped interface route already exists,
3626 * install the new one as a scoped entry. If the existing
3627 * interface route is scoped, install new as non-scoped.
3628 */
3629 ifscope = (opr != NULL) ? ifp->if_index : IFSCOPE_NONE;
3630 opr = nd6_prefix_equal_lookup(pr, TRUE);
3631 if (opr != NULL) {
3632 NDPR_REMREF(opr);
3633 } else if (ifscope != IFSCOPE_NONE) {
3634 ifscope = IFSCOPE_NONE;
3635 }
3636 }
3637
3638 /*
3639 * We prefer link-local addresses as the associated interface address.
3640 */
3641 /* search for a link-local addr */
3642 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp,
3643 IN6_IFF_NOTREADY | IN6_IFF_ANYCAST);
3644 if (ifa == NULL) {
3645 struct in6_ifaddr *ia6;
3646 ifnet_lock_shared(ifp);
3647 IFP_TO_IA6(ifp, ia6);
3648 ifnet_lock_done(ifp);
3649 if (ia6 != NULL) {
3650 ifa = &ia6->ia_ifa;
3651 }
3652 /* should we care about ia6_flags? */
3653 }
3654 NDPR_LOCK(pr);
3655 if (ifa == NULL) {
3656 /*
3657 * This can still happen, when, for example, we receive an RA
3658 * containing a prefix with the L bit set and the A bit clear,
3659 * after removing all IPv6 addresses on the receiving
3660 * interface. This should, of course, be rare though.
3661 */
3662 nd6log(info,
3663 "nd6_prefix_onlink: failed to find any ifaddr"
3664 " to add route for a prefix(%s/%d) on %s\n",
3665 ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
3666 pr->ndpr_plen, if_name(ifp));
3667 NDPR_UNLOCK(pr);
3668 return 0;
3669 }
3670
3671 /*
3672 * in6_ifinit() sets nd6_rtrequest to ifa_rtrequest for all ifaddrs.
3673 * ifa->ifa_rtrequest = nd6_rtrequest;
3674 */
3675 bzero(&mask6, sizeof(mask6));
3676 mask6.sin6_len = sizeof(mask6);
3677 mask6.sin6_addr = pr->ndpr_mask;
3678 prefix = pr->ndpr_prefix;
3679 prefix_len = pr->ndpr_plen;
3680 if ((rt = pr->ndpr_rt) != NULL) {
3681 pr->ndpr_rt = NULL;
3682 }
3683 NDPR_ADDREF(pr); /* keep reference for this routine */
3684 NDPR_UNLOCK(pr);
3685
3686 IFA_LOCK_SPIN(ifa);
3687 rtflags = ifa->ifa_flags | RTF_CLONING | RTF_UP;
3688 IFA_UNLOCK(ifa);
3689 if (nd6_need_cache(ifp)) {
3690 /* explicitly set in case ifa_flags does not set the flag. */
3691 rtflags |= RTF_CLONING;
3692 } else {
3693 /*
3694 * explicitly clear the cloning bit in case ifa_flags sets it.
3695 */
3696 rtflags &= ~RTF_CLONING;
3697 }
3698
3699 lck_mtx_unlock(nd6_mutex);
3700
3701 /*
3702 * check if it conflicts with a indirect prefix route added by RIO
3703 * if so, remove the rti entry.
3704 */
3705 if (ifscope == IFSCOPE_NONE) {
3706 struct rtentry *temp_route = NULL;
3707 LCK_MTX_ASSERT(rnh_lock, LCK_MTX_ASSERT_NOTOWNED);
3708 lck_mtx_lock(rnh_lock);
3709 temp_route = rt_lookup(TRUE, (struct sockaddr *)&prefix, (struct sockaddr *)&mask6, rt_tables[AF_INET6], IFSCOPE_NONE);
3710 lck_mtx_unlock(rnh_lock);
3711
3712 if (temp_route != NULL && temp_route->rt_flags & RTF_GATEWAY && temp_route->rt_ifp != NULL) {
3713 struct nd_route_info rti = {};
3714 bzero(&rti, sizeof(rti));
3715 rti.nd_rti_prefixlen = prefix_len;
3716 rti.nd_rti_prefix = prefix.sin6_addr;
3717 lck_mtx_lock(nd6_mutex);
3718 nd6_rti_purge(&rti);
3719 lck_mtx_unlock(nd6_mutex);
3720 }
3721 if (temp_route != NULL) {
3722 rtfree(temp_route);
3723 }
3724 }
3725
3726 if (rt != NULL) {
3727 rtfree(rt);
3728 rt = NULL;
3729 }
3730
3731 error = rtrequest_scoped(RTM_ADD, (struct sockaddr *)&prefix,
3732 ifa->ifa_addr, (struct sockaddr *)&mask6, rtflags, &rt,
3733 ifscope);
3734
3735 /*
3736 * Serialize the setting of NDPRF_PRPROXY.
3737 */
3738 lck_mtx_lock(&proxy6_lock);
3739
3740 if (rt != NULL) {
3741 RT_LOCK(rt);
3742 nd6_rtmsg(RTM_ADD, rt);
3743 RT_UNLOCK(rt);
3744 NDPR_LOCK(pr);
3745 } else {
3746 NDPR_LOCK(pr);
3747 nd6log(error, "nd6_prefix_onlink: failed to add route for a"
3748 " prefix (%s/%d) on %s, gw=%s, mask=%s, flags=%x,"
3749 " scoped=%d, errno = %d\n",
3750 ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
3751 pr->ndpr_plen, if_name(ifp),
3752 ip6_sprintf(&((struct sockaddr_in6 *)
3753 (void *)ifa->ifa_addr)->sin6_addr),
3754 ip6_sprintf(&mask6.sin6_addr), rtflags,
3755 (ifscope != IFSCOPE_NONE), error);
3756 }
3757 NDPR_LOCK_ASSERT_HELD(pr);
3758
3759 pr->ndpr_stateflags &= ~(NDPRF_IFSCOPE | NDPRF_PRPROXY);
3760
3761 /*
3762 * TODO: If the prefix route exists, we should really find it and
3763 * refer the prefix to it; otherwise ndpr_rt is NULL.
3764 */
3765 if (!(pr->ndpr_stateflags & NDPRF_DEFUNCT) &&
3766 (rt != NULL || error == EEXIST)) {
3767 struct nd_ifinfo *ndi = NULL;
3768
3769 VERIFY(pr->ndpr_prproxy_sols_cnt == 0);
3770 VERIFY(RB_EMPTY(&pr->ndpr_prproxy_sols));
3771
3772 ndi = ND_IFINFO(ifp);
3773 VERIFY((NULL != ndi) && (TRUE == ndi->initialized));
3774 lck_mtx_lock(&ndi->lock);
3775
3776 pr->ndpr_rt = rt; /* keep reference from rtrequest */
3777 pr->ndpr_stateflags |= NDPRF_ONLINK;
3778 if (ifscope != IFSCOPE_NONE) {
3779 pr->ndpr_stateflags |= NDPRF_IFSCOPE;
3780 } else if ((rtflags & RTF_CLONING) &&
3781 (ndi->flags & ND6_IFF_PROXY_PREFIXES) &&
3782 !IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr)) {
3783 /*
3784 * At present, in order for the prefix to be eligible
3785 * as a proxying/proxied prefix, we require that the
3786 * prefix route entry be marked as a cloning route with
3787 * RTF_PROXY; i.e. nd6_need_cache() needs to return
3788 * true for the interface type, hence the test for
3789 * RTF_CLONING above.
3790 */
3791 pr->ndpr_stateflags |= NDPRF_PRPROXY;
3792 }
3793
3794 lck_mtx_unlock(&ndi->lock);
3795 } else if (rt != NULL && pr->ndpr_stateflags & NDPRF_DEFUNCT) {
3796 rtfree(rt);
3797 }
3798
3799 prproxy = (pr->ndpr_stateflags & NDPRF_PRPROXY);
3800 VERIFY(!prproxy || !(pr->ndpr_stateflags & NDPRF_IFSCOPE));
3801 NDPR_UNLOCK(pr);
3802
3803 IFA_REMREF(ifa);
3804
3805 /*
3806 * If this is an upstream prefix, find the downstream ones (if any)
3807 * and re-configure their prefix routes accordingly. Otherwise,
3808 * this could be potentially be a downstream prefix, and so find the
3809 * upstream prefix, if any.
3810 */
3811 nd6_prproxy_prelist_update(pr, prproxy ? pr : NULL);
3812
3813 NDPR_REMREF(pr); /* release reference for this routine */
3814 lck_mtx_unlock(&proxy6_lock);
3815
3816 lck_mtx_lock(nd6_mutex);
3817
3818 return error;
3819 }
3820
3821 int
3822 nd6_prefix_onlink(struct nd_prefix *pr)
3823 {
3824 return nd6_prefix_onlink_common(pr, FALSE, IFSCOPE_NONE);
3825 }
3826
3827 int
3828 nd6_prefix_onlink_scoped(struct nd_prefix *pr, unsigned int ifscope)
3829 {
3830 return nd6_prefix_onlink_common(pr, TRUE, ifscope);
3831 }
3832
3833 int
3834 nd6_prefix_offlink(struct nd_prefix *pr)
3835 {
3836 int plen, error = 0, prproxy;
3837 struct ifnet *ifp = pr->ndpr_ifp;
3838 struct sockaddr_in6 sa6, mask6, prefix;
3839 struct rtentry *rt = NULL, *ndpr_rt = NULL;
3840 unsigned int ifscope;
3841
3842 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
3843
3844 /* sanity check */
3845 NDPR_LOCK(pr);
3846 if ((pr->ndpr_stateflags & NDPRF_ONLINK) == 0) {
3847 nd6log(error,
3848 "nd6_prefix_offlink: %s/%d on %s scoped=%d is already "
3849 "off-link\n", ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
3850 pr->ndpr_plen, if_name(pr->ndpr_ifp),
3851 (pr->ndpr_stateflags & NDPRF_IFSCOPE) ? 1 : 0);
3852 NDPR_UNLOCK(pr);
3853 return EEXIST;
3854 }
3855
3856 bzero(&sa6, sizeof(sa6));
3857 sa6.sin6_family = AF_INET6;
3858 sa6.sin6_len = sizeof(sa6);
3859 bcopy(&pr->ndpr_prefix.sin6_addr, &sa6.sin6_addr,
3860 sizeof(struct in6_addr));
3861 bzero(&mask6, sizeof(mask6));
3862 mask6.sin6_family = AF_INET6;
3863 mask6.sin6_len = sizeof(sa6);
3864 bcopy(&pr->ndpr_mask, &mask6.sin6_addr, sizeof(struct in6_addr));
3865 prefix = pr->ndpr_prefix;
3866 plen = pr->ndpr_plen;
3867 if ((ndpr_rt = pr->ndpr_rt) != NULL) {
3868 pr->ndpr_rt = NULL;
3869 }
3870 NDPR_ADDREF(pr); /* keep reference for this routine */
3871 NDPR_UNLOCK(pr);
3872
3873 ifscope = (pr->ndpr_stateflags & NDPRF_IFSCOPE) ?
3874 ifp->if_index : IFSCOPE_NONE;
3875
3876 error = rtrequest_scoped(RTM_DELETE, (struct sockaddr *)&sa6,
3877 NULL, (struct sockaddr *)&mask6, 0, &rt, ifscope);
3878
3879 if (rt != NULL) {
3880 /* report the route deletion to the routing socket. */
3881 RT_LOCK(rt);
3882 nd6_rtmsg(RTM_DELETE, rt);
3883 RT_UNLOCK(rt);
3884 rtfree(rt);
3885 } else {
3886 nd6log(error,
3887 "nd6_prefix_offlink: failed to delete route: "
3888 "%s/%d on %s, scoped %d, (errno = %d)\n",
3889 ip6_sprintf(&sa6.sin6_addr), plen, if_name(ifp),
3890 (ifscope != IFSCOPE_NONE), error);
3891 }
3892
3893 if (ndpr_rt != NULL) {
3894 rtfree(ndpr_rt);
3895 }
3896
3897 lck_mtx_lock(&proxy6_lock);
3898
3899 NDPR_LOCK(pr);
3900 prproxy = (pr->ndpr_stateflags & NDPRF_PRPROXY);
3901 VERIFY(!prproxy || !(pr->ndpr_stateflags & NDPRF_IFSCOPE));
3902 pr->ndpr_stateflags &= ~(NDPRF_ONLINK | NDPRF_IFSCOPE | NDPRF_PRPROXY);
3903 if (pr->ndpr_prproxy_sols_cnt > 0) {
3904 VERIFY(prproxy);
3905 nd6_prproxy_sols_reap(pr);
3906 VERIFY(pr->ndpr_prproxy_sols_cnt == 0);
3907 VERIFY(RB_EMPTY(&pr->ndpr_prproxy_sols));
3908 }
3909 NDPR_UNLOCK(pr);
3910
3911 /*
3912 * If this was an upstream prefix, find the downstream ones and do
3913 * some cleanups. If this was a downstream prefix, the prefix route
3914 * has been removed from the routing table above, but there may be
3915 * other tasks to perform.
3916 */
3917 nd6_prproxy_prelist_update(pr, prproxy ? pr : NULL);
3918
3919 NDPR_REMREF(pr); /* release reference for this routine */
3920 lck_mtx_unlock(&proxy6_lock);
3921
3922 return error;
3923 }
3924
3925 struct in6_ifaddr *
3926 in6_pfx_newpersistaddr(struct nd_prefix *pr, int mcast, int *errorp,
3927 boolean_t is_clat46, uint8_t collision_count)
3928 {
3929 struct in6_ifaddr *ia6 = NULL;
3930 struct ifnet *ifp = NULL;
3931 struct nd_ifinfo *ndi = NULL;
3932 struct in6_addr mask;
3933 struct in6_aliasreq ifra;
3934 int error, ifaupdate, iidlen, notcga;
3935
3936 VERIFY(pr != NULL);
3937 VERIFY(errorp != NULL);
3938
3939 NDPR_LOCK(pr);
3940 ifp = pr->ndpr_ifp;
3941 ia6 = NULL;
3942 error = 0;
3943
3944 /*
3945 * Prefix Length check:
3946 * If the sum of the prefix length and interface identifier
3947 * length does not equal 128 bits, the Prefix Information
3948 * option MUST be ignored. The length of the interface
3949 * identifier is defined in a separate link-type specific
3950 * document.
3951 */
3952 iidlen = in6_if2idlen(ifp);
3953 if (iidlen < 0) {
3954 error = EADDRNOTAVAIL;
3955 /* this should not happen, so we always log it. */
3956 log(LOG_ERR, "%s: IID length undefined (%s)\n",
3957 __func__, if_name(ifp));
3958 goto unlock1;
3959 } else if (iidlen != 64) {
3960 error = EADDRNOTAVAIL;
3961 /*
3962 * stateless autoconfiguration not yet well-defined for IID
3963 * lengths other than 64 octets. Just give up for now.
3964 */
3965 nd6log(info, "%s: IID length not 64 octets (%s)\n",
3966 __func__, if_name(ifp));
3967 goto unlock1;
3968 }
3969
3970 if (iidlen + pr->ndpr_plen != 128) {
3971 error = EADDRNOTAVAIL;
3972 nd6log(info,
3973 "%s: invalid prefix length %d for %s, ignored\n",
3974 __func__, pr->ndpr_plen, if_name(ifp));
3975 goto unlock1;
3976 }
3977
3978 bzero(&ifra, sizeof(ifra));
3979 strlcpy(ifra.ifra_name, if_name(ifp), sizeof(ifra.ifra_name));
3980 ifra.ifra_addr.sin6_family = AF_INET6;
3981 ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
3982
3983 /* prefix */
3984 bcopy(&pr->ndpr_prefix.sin6_addr, &ifra.ifra_addr.sin6_addr,
3985 sizeof(ifra.ifra_addr.sin6_addr));
3986 in6_len2mask(&mask, pr->ndpr_plen);
3987 ifra.ifra_addr.sin6_addr.s6_addr32[0] &= mask.s6_addr32[0];
3988 ifra.ifra_addr.sin6_addr.s6_addr32[1] &= mask.s6_addr32[1];
3989 ifra.ifra_addr.sin6_addr.s6_addr32[2] &= mask.s6_addr32[2];
3990 ifra.ifra_addr.sin6_addr.s6_addr32[3] &= mask.s6_addr32[3];
3991
3992 ndi = ND_IFINFO(ifp);
3993 VERIFY(ndi->initialized);
3994 lck_mtx_lock(&ndi->lock);
3995
3996 notcga = nd6_send_opstate == ND6_SEND_OPMODE_DISABLED ||
3997 (ndi->flags & ND6_IFF_INSECURE) != 0;
3998
3999 lck_mtx_unlock(&ndi->lock);
4000 NDPR_UNLOCK(pr);
4001
4002 if (notcga && !is_clat46) {
4003 ia6 = in6ifa_ifpforlinklocal(ifp, 0);
4004 if (ia6 == NULL) {
4005 error = EADDRNOTAVAIL;
4006 nd6log(info, "%s: no link-local address (%s)\n",
4007 __func__, if_name(ifp));
4008 goto done;
4009 }
4010
4011 IFA_LOCK(&ia6->ia_ifa);
4012 ifra.ifra_addr.sin6_addr.s6_addr32[0] |=
4013 (ia6->ia_addr.sin6_addr.s6_addr32[0] & ~mask.s6_addr32[0]);
4014 ifra.ifra_addr.sin6_addr.s6_addr32[1] |=
4015 (ia6->ia_addr.sin6_addr.s6_addr32[1] & ~mask.s6_addr32[1]);
4016 ifra.ifra_addr.sin6_addr.s6_addr32[2] |=
4017 (ia6->ia_addr.sin6_addr.s6_addr32[2] & ~mask.s6_addr32[2]);
4018 ifra.ifra_addr.sin6_addr.s6_addr32[3] |=
4019 (ia6->ia_addr.sin6_addr.s6_addr32[3] & ~mask.s6_addr32[3]);
4020 IFA_UNLOCK(&ia6->ia_ifa);
4021 IFA_REMREF(&ia6->ia_ifa);
4022 ia6 = NULL;
4023 } else {
4024 struct in6_cga_prepare local_cga_prepare;
4025 struct in6_cga_prepare *prepare_p;
4026
4027
4028 in6_cga_node_lock();
4029
4030 if (ndi->cga_initialized) {
4031 bcopy(&(ndi->local_cga_modifier),
4032 &(local_cga_prepare.cga_modifier),
4033 sizeof(local_cga_prepare.cga_modifier));
4034 prepare_p = &local_cga_prepare;
4035 } else {
4036 prepare_p = NULL;
4037 }
4038 error = in6_cga_generate(prepare_p, collision_count,
4039 &ifra.ifra_addr.sin6_addr, ifp);
4040 in6_cga_node_unlock();
4041 if (error == 0) {
4042 ifra.ifra_flags |= IN6_IFF_SECURED;
4043 if (is_clat46) {
4044 ifra.ifra_flags |= IN6_IFF_CLAT46;
4045 }
4046 } else {
4047 if (!is_clat46) {
4048 nd6log(error, "%s: no CGA available (%s)\n",
4049 __func__, if_name(ifp));
4050 } else {
4051 nd6log(error, "%s: no CLAT46 available (%s)\n",
4052 __func__, if_name(ifp));
4053 }
4054 goto done;
4055 }
4056 }
4057
4058 VERIFY(ia6 == NULL);
4059
4060 /* new prefix mask. */
4061 ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
4062 ifra.ifra_prefixmask.sin6_family = AF_INET6;
4063 bcopy(&mask, &ifra.ifra_prefixmask.sin6_addr,
4064 sizeof(ifra.ifra_prefixmask.sin6_addr));
4065
4066 /* lifetimes. */
4067 ifra.ifra_lifetime.ia6t_vltime = pr->ndpr_vltime;
4068 ifra.ifra_lifetime.ia6t_pltime = pr->ndpr_pltime;
4069
4070 /* address flags */
4071 ifra.ifra_flags |= IN6_IFF_AUTOCONF; /* obey autoconf */
4072
4073 /*
4074 * Make sure that we do not have this address already. This should
4075 * usually not happen, but we can still see this case, e.g., if we
4076 * have manually configured the exact address to be configured.
4077 */
4078 if ((ia6 = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr))
4079 != NULL) {
4080 error = EEXIST;
4081 IFA_REMREF(&ia6->ia_ifa);
4082 ia6 = NULL;
4083
4084 /* this should be rare enough to make an explicit log */
4085 log(LOG_INFO, "%s: %s is already configured!\n",
4086 __func__, ip6_sprintf(&ifra.ifra_addr.sin6_addr));
4087 goto done;
4088 }
4089
4090 /*
4091 * Allocate ifaddr structure, link into chain, etc.
4092 * If we are going to create a new address upon receiving a multicasted
4093 * RA, we need to impose a random delay before starting DAD.
4094 * [RFC 4862, Section 5.4.2]
4095 */
4096 ifaupdate = IN6_IFAUPDATE_NOWAIT;
4097 if (mcast) {
4098 ifaupdate |= IN6_IFAUPDATE_DADDELAY;
4099 }
4100 error = in6_update_ifa(ifp, &ifra, ifaupdate, &ia6);
4101 if (error != 0) {
4102 nd6log(error,
4103 "%s: failed to make ifaddr %s on %s (errno=%d)\n",
4104 __func__, ip6_sprintf(&ifra.ifra_addr.sin6_addr),
4105 if_name(ifp), error);
4106 error = EADDRNOTAVAIL;
4107 goto done;
4108 } else {
4109 /* remember the collision count */
4110 ia6->ia6_cga_collision_count = collision_count;
4111 }
4112
4113 VERIFY(ia6 != NULL);
4114 in6_post_msg(ifp, KEV_INET6_NEW_RTADV_ADDR, ia6, NULL);
4115 goto done;
4116
4117 unlock1:
4118 NDPR_UNLOCK(pr);
4119
4120 done:
4121 *errorp = error;
4122 return ia6;
4123 }
4124
4125 #define IA6_NONCONST(i) ((struct in6_ifaddr *)(uintptr_t)(i))
4126
4127 int
4128 in6_tmpifadd(const struct in6_ifaddr *ia0, int forcegen)
4129 {
4130 struct ifnet *ifp = ia0->ia_ifa.ifa_ifp;
4131 struct in6_ifaddr *ia, *newia;
4132 struct in6_aliasreq ifra;
4133 int i, error, ifaupdate;
4134 int trylimit = 3; /* XXX: adhoc value */
4135 u_int32_t randid[2];
4136 uint32_t vltime0, pltime0;
4137 uint64_t timenow = net_uptime();
4138 struct in6_addr addr;
4139 struct nd_prefix *ndpr;
4140
4141 bzero(&ifra, sizeof(ifra));
4142 strlcpy(ifra.ifra_name, if_name(ifp), sizeof(ifra.ifra_name));
4143 IFA_LOCK(&IA6_NONCONST(ia0)->ia_ifa);
4144 ifra.ifra_addr = ia0->ia_addr;
4145 /* copy prefix mask */
4146 ifra.ifra_prefixmask = ia0->ia_prefixmask;
4147 /* clear the old IFID */
4148 for (i = 0; i < 4; i++) {
4149 ifra.ifra_addr.sin6_addr.s6_addr32[i]
4150 &= ifra.ifra_prefixmask.sin6_addr.s6_addr32[i];
4151 }
4152 addr = ia0->ia_addr.sin6_addr;
4153 IFA_UNLOCK(&IA6_NONCONST(ia0)->ia_ifa);
4154
4155 again:
4156 in6_iid_mktmp(ifp, (u_int8_t *)randid,
4157 (const u_int8_t *)&addr.s6_addr[8], forcegen);
4158
4159 ifra.ifra_addr.sin6_addr.s6_addr32[2] |=
4160 (randid[0] & ~(ifra.ifra_prefixmask.sin6_addr.s6_addr32[2]));
4161 ifra.ifra_addr.sin6_addr.s6_addr32[3] |=
4162 (randid[1] & ~(ifra.ifra_prefixmask.sin6_addr.s6_addr32[3]));
4163
4164 /*
4165 * in6_iid_mktmp() quite likely provided a unique interface ID.
4166 * However, we may still have a chance to see collision, because
4167 * there may be a time lag between generation of the ID and generation
4168 * of the address. So, we'll do one more sanity check.
4169 */
4170 if ((ia = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr)) != NULL) {
4171 IFA_REMREF(&ia->ia_ifa);
4172 if (trylimit-- == 0) {
4173 nd6log(info, "in6_tmpifadd: failed to find "
4174 "a unique random IFID\n");
4175 return EEXIST;
4176 }
4177 forcegen = 1;
4178 goto again;
4179 }
4180
4181 /*
4182 * The Valid Lifetime is the lower of the Valid Lifetime of the
4183 * public address or TEMP_VALID_LIFETIME.
4184 * The Preferred Lifetime is the lower of the Preferred Lifetime
4185 * of the public address or TEMP_PREFERRED_LIFETIME -
4186 * DESYNC_FACTOR.
4187 */
4188 IFA_LOCK(&IA6_NONCONST(ia0)->ia_ifa);
4189 if (ia0->ia6_lifetime.ia6ti_vltime != ND6_INFINITE_LIFETIME) {
4190 vltime0 = IFA6_IS_INVALID(ia0, timenow) ? 0 :
4191 (ia0->ia6_lifetime.ia6ti_vltime -
4192 (uint32_t)(timenow - ia0->ia6_updatetime));
4193 if (vltime0 > ip6_temp_valid_lifetime) {
4194 vltime0 = ip6_temp_valid_lifetime;
4195 }
4196 } else {
4197 vltime0 = ip6_temp_valid_lifetime;
4198 }
4199 if (ia0->ia6_lifetime.ia6ti_pltime != ND6_INFINITE_LIFETIME) {
4200 pltime0 = IFA6_IS_DEPRECATED(ia0, timenow) ? 0 :
4201 (ia0->ia6_lifetime.ia6ti_pltime -
4202 (uint32_t)(timenow - ia0->ia6_updatetime));
4203 if (pltime0 > ip6_temp_preferred_lifetime - ip6_desync_factor) {
4204 pltime0 = ip6_temp_preferred_lifetime -
4205 ip6_desync_factor;
4206 }
4207 } else {
4208 pltime0 = ip6_temp_preferred_lifetime - ip6_desync_factor;
4209 }
4210 ifra.ifra_lifetime.ia6t_vltime = vltime0;
4211 ifra.ifra_lifetime.ia6t_pltime = pltime0;
4212 IFA_UNLOCK(&IA6_NONCONST(ia0)->ia_ifa);
4213 /*
4214 * A temporary address is created only if this calculated Preferred
4215 * Lifetime is greater than REGEN_ADVANCE time units.
4216 */
4217 if (ifra.ifra_lifetime.ia6t_pltime <= ip6_temp_regen_advance) {
4218 return 0;
4219 }
4220
4221 /* XXX: scope zone ID? */
4222
4223 ifra.ifra_flags |= (IN6_IFF_AUTOCONF | IN6_IFF_TEMPORARY);
4224
4225 /* allocate ifaddr structure, link into chain, etc. */
4226 ifaupdate = IN6_IFAUPDATE_NOWAIT | IN6_IFAUPDATE_DADDELAY;
4227 error = in6_update_ifa(ifp, &ifra, ifaupdate, &newia);
4228 if (error != 0) {
4229 nd6log(error, "in6_tmpifadd: failed to add address.\n");
4230 return error;
4231 }
4232 VERIFY(newia != NULL);
4233
4234 IFA_LOCK(&IA6_NONCONST(ia0)->ia_ifa);
4235 ndpr = ia0->ia6_ndpr;
4236 if (ndpr == NULL) {
4237 /*
4238 * We lost the race with another thread that has purged
4239 * ia0 address; in this case, purge the tmp addr as well.
4240 */
4241 nd6log(error, "in6_tmpifadd: no public address\n");
4242 VERIFY(!(ia0->ia6_flags & IN6_IFF_AUTOCONF));
4243 IFA_UNLOCK(&IA6_NONCONST(ia0)->ia_ifa);
4244 in6_purgeaddr(&newia->ia_ifa);
4245 IFA_REMREF(&newia->ia_ifa);
4246 return EADDRNOTAVAIL;
4247 }
4248 NDPR_ADDREF(ndpr); /* for us */
4249 IFA_UNLOCK(&IA6_NONCONST(ia0)->ia_ifa);
4250 IFA_LOCK(&newia->ia_ifa);
4251 if (newia->ia6_ndpr != NULL) {
4252 NDPR_LOCK(newia->ia6_ndpr);
4253 VERIFY(newia->ia6_ndpr->ndpr_addrcnt != 0);
4254 newia->ia6_ndpr->ndpr_addrcnt--;
4255 NDPR_UNLOCK(newia->ia6_ndpr);
4256 NDPR_REMREF(newia->ia6_ndpr); /* release addr reference */
4257 }
4258 newia->ia6_ndpr = ndpr;
4259 NDPR_LOCK(newia->ia6_ndpr);
4260 newia->ia6_ndpr->ndpr_addrcnt++;
4261 VERIFY(newia->ia6_ndpr->ndpr_addrcnt != 0);
4262 NDPR_ADDREF(newia->ia6_ndpr); /* for addr reference */
4263 NDPR_UNLOCK(newia->ia6_ndpr);
4264 IFA_UNLOCK(&newia->ia_ifa);
4265 /*
4266 * A newly added address might affect the status of other addresses.
4267 * XXX: when the temporary address is generated with a new public
4268 * address, the onlink check is redundant. However, it would be safe
4269 * to do the check explicitly everywhere a new address is generated,
4270 * and, in fact, we surely need the check when we create a new
4271 * temporary address due to deprecation of an old temporary address.
4272 */
4273 lck_mtx_lock(nd6_mutex);
4274 pfxlist_onlink_check();
4275 lck_mtx_unlock(nd6_mutex);
4276 IFA_REMREF(&newia->ia_ifa);
4277
4278 /* remove our reference */
4279 NDPR_REMREF(ndpr);
4280
4281 return 0;
4282 }
4283 #undef IA6_NONCONST
4284
4285 int
4286 in6_init_prefix_ltimes(struct nd_prefix *ndpr)
4287 {
4288 struct timeval caltime;
4289 u_int64_t timenow = net_uptime();
4290
4291 NDPR_LOCK_ASSERT_HELD(ndpr);
4292
4293 getmicrotime(&caltime);
4294 ndpr->ndpr_base_calendartime = caltime.tv_sec;
4295 ndpr->ndpr_base_uptime = timenow;
4296
4297 /* check if preferred lifetime > valid lifetime. RFC 4862 5.5.3 (c) */
4298 if (ndpr->ndpr_pltime > ndpr->ndpr_vltime) {
4299 nd6log(info, "in6_init_prefix_ltimes: preferred lifetime"
4300 "(%d) is greater than valid lifetime(%d)\n",
4301 (u_int)ndpr->ndpr_pltime, (u_int)ndpr->ndpr_vltime);
4302 return EINVAL;
4303 }
4304 if (ndpr->ndpr_pltime == ND6_INFINITE_LIFETIME) {
4305 ndpr->ndpr_preferred = 0;
4306 } else {
4307 ndpr->ndpr_preferred = timenow + ndpr->ndpr_pltime;
4308 }
4309 if (ndpr->ndpr_vltime == ND6_INFINITE_LIFETIME) {
4310 ndpr->ndpr_expire = 0;
4311 } else {
4312 ndpr->ndpr_expire = timenow + ndpr->ndpr_vltime;
4313 }
4314
4315 return 0;
4316 }
4317
4318 static void
4319 in6_init_address_ltimes(struct nd_prefix *new, struct in6_addrlifetime *lt6)
4320 {
4321 #pragma unused(new)
4322 uint64_t timenow = net_uptime();
4323
4324 /* Valid lifetime must not be updated unless explicitly specified. */
4325 /* init ia6t_expire */
4326 if (lt6->ia6t_vltime == ND6_INFINITE_LIFETIME) {
4327 lt6->ia6t_expire = 0;
4328 } else {
4329 lt6->ia6t_expire = timenow;
4330 lt6->ia6t_expire += lt6->ia6t_vltime;
4331 }
4332
4333 /* init ia6t_preferred */
4334 if (lt6->ia6t_pltime == ND6_INFINITE_LIFETIME) {
4335 lt6->ia6t_preferred = 0;
4336 } else {
4337 lt6->ia6t_preferred = timenow;
4338 lt6->ia6t_preferred += lt6->ia6t_pltime;
4339 }
4340 }
4341
4342 /*
4343 * Delete all the routing table entries that use the specified gateway.
4344 * XXX: this function causes search through all entries of routing table, so
4345 * it shouldn't be called when acting as a router.
4346 *
4347 * This should really be working on entries that have a specific
4348 * parent route.
4349 */
4350 void
4351 rt6_flush(
4352 struct in6_addr *gateway,
4353 struct ifnet *ifp)
4354 {
4355 struct radix_node_head *rnh = rt_tables[AF_INET6];
4356
4357 /* We'll care only link-local addresses */
4358 if (!IN6_IS_ADDR_LINKLOCAL(gateway)) {
4359 return;
4360 }
4361 lck_mtx_lock(rnh_lock);
4362 /* XXX: hack for KAME's link-local address kludge */
4363 gateway->s6_addr16[1] = htons(ifp->if_index);
4364
4365 rnh->rnh_walktree(rnh, rt6_deleteroute, (void *)gateway);
4366 lck_mtx_unlock(rnh_lock);
4367 }
4368
4369 static int
4370 rt6_deleteroute(
4371 struct radix_node *rn,
4372 void *arg)
4373 {
4374 struct rtentry *rt = (struct rtentry *)rn;
4375 struct in6_addr *gate = (struct in6_addr *)arg;
4376
4377 LCK_MTX_ASSERT(rnh_lock, LCK_MTX_ASSERT_OWNED);
4378
4379 RT_LOCK(rt);
4380 if (rt->rt_gateway == NULL || rt->rt_gateway->sa_family != AF_INET6) {
4381 RT_UNLOCK(rt);
4382 return 0;
4383 }
4384
4385 if (!IN6_ARE_ADDR_EQUAL(gate, &SIN6(rt->rt_gateway)->sin6_addr)) {
4386 RT_UNLOCK(rt);
4387 return 0;
4388 }
4389 /*
4390 * Do not delete a static route.
4391 * XXX: this seems to be a bit ad-hoc. Should we consider the
4392 * 'cloned' bit instead?
4393 */
4394 if ((rt->rt_flags & RTF_STATIC) != 0) {
4395 RT_UNLOCK(rt);
4396 return 0;
4397 }
4398 /*
4399 * We delete only host route. This means, in particular, we don't
4400 * delete default route.
4401 */
4402 if ((rt->rt_flags & RTF_HOST) == 0) {
4403 RT_UNLOCK(rt);
4404 return 0;
4405 }
4406
4407 /*
4408 * Safe to drop rt_lock and use rt_key, rt_gateway, since holding
4409 * rnh_lock here prevents another thread from calling rt_setgate()
4410 * on this route.
4411 */
4412 RT_UNLOCK(rt);
4413 return rtrequest_locked(RTM_DELETE, rt_key(rt), rt->rt_gateway,
4414 rt_mask(rt), rt->rt_flags, 0);
4415 }
4416
4417 int
4418 nd6_setdefaultiface(
4419 int ifindex)
4420 {
4421 int error = 0;
4422 ifnet_t def_ifp = NULL;
4423
4424 LCK_MTX_ASSERT(nd6_mutex, LCK_MTX_ASSERT_NOTOWNED);
4425
4426 ifnet_head_lock_shared();
4427 if (ifindex < 0 || if_index < ifindex) {
4428 ifnet_head_done();
4429 return EINVAL;
4430 }
4431 def_ifp = ifindex2ifnet[ifindex];
4432 ifnet_head_done();
4433
4434 lck_mtx_lock(nd6_mutex);
4435 if (nd6_defifindex != ifindex) {
4436 struct ifnet *odef_ifp = nd6_defifp;
4437
4438 nd6_defifindex = ifindex;
4439 if (nd6_defifindex > 0) {
4440 nd6_defifp = def_ifp;
4441 } else {
4442 nd6_defifp = NULL;
4443 }
4444
4445 if (nd6_defifp != NULL) {
4446 nd6log(info, "%s: is now the default "
4447 "interface (was %s)\n", if_name(nd6_defifp),
4448 odef_ifp != NULL ? if_name(odef_ifp) : "NONE");
4449 } else {
4450 nd6log(info, "No default interface set\n");
4451 }
4452
4453 /*
4454 * If the Default Router List is empty, install a route
4455 * to the specified interface as default or remove the default
4456 * route when the default interface becomes canceled.
4457 * The check for the queue is actually redundant, but
4458 * we do this here to avoid re-install the default route
4459 * if the list is NOT empty.
4460 */
4461 if (odef_ifp != NULL) {
4462 defrouter_select(odef_ifp, NULL);
4463 }
4464
4465 if (nd6_defifp != NULL) {
4466 defrouter_select(nd6_defifp, NULL);
4467 nd6_prefix_sync(nd6_defifp);
4468 }
4469
4470 /*
4471 * XXX For now we managed RTI routes as un-scoped.
4472 * Therefore we ignore the change in nd6_defifindex
4473 * for RTI routes for now.
4474 */
4475 /*
4476 * Our current implementation assumes one-to-one mapping between
4477 * interfaces and links, so it would be natural to use the
4478 * default interface as the default link.
4479 */
4480 scope6_setdefault(nd6_defifp);
4481 }
4482 lck_mtx_unlock(nd6_mutex);
4483 return error;
4484 }
mirror of XNU