#define SDL(s) ((struct sockaddr_dl *)s)
struct dadq;
-static struct dadq *nd6_dad_find __P((struct ifaddr *));
+static struct dadq *nd6_dad_find(struct ifaddr *);
#ifndef __APPLE__
-static void nd6_dad_starttimer __P((struct dadq *, int));
-static void nd6_dad_stoptimer __P((struct dadq *));
+static void nd6_dad_starttimer(struct dadq *, int);
+static void nd6_dad_stoptimer(struct dadq *);
#else
-void nd6_dad_stoptimer __P((struct ifaddr *));
+void nd6_dad_stoptimer(struct ifaddr *);
#endif
-static void nd6_dad_timer __P((struct ifaddr *));
-static void nd6_dad_timer_funnel __P((struct ifaddr *));
-static void nd6_dad_ns_output __P((struct dadq *, struct ifaddr *));
-static void nd6_dad_ns_input __P((struct ifaddr *));
-static void nd6_dad_na_input __P((struct ifaddr *));
+static void nd6_dad_timer(struct ifaddr *);
+static void nd6_dad_ns_output(struct dadq *, struct ifaddr *);
+static void nd6_dad_ns_input(struct ifaddr *);
+static void nd6_dad_na_input(struct ifaddr *);
static int dad_ignore_ns = 0; /* ignore NS in DAD - specwise incorrect*/
static int dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */
+extern lck_mtx_t *dad6_mutex;
+extern lck_mtx_t *nd6_mutex;
/*
* Input an Neighbor Solicitation Message.
*
* Based on RFC 2462 (duplicated address detection)
*/
void
-nd6_ns_input(m, off, icmp6len)
- struct mbuf *m;
- int off, icmp6len;
+nd6_ns_input(
+ struct mbuf *m,
+ int off,
+ int icmp6len)
{
struct ifnet *ifp = m->m_pkthdr.rcvif;
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
struct sockaddr_dl *proxydl = NULL;
#ifndef PULLDOWN_TEST
- IP6_EXTHDR_CHECK(m, off, icmp6len,);
+ IP6_EXTHDR_CHECK(m, off, icmp6len, return);
nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off);
#else
IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len);
if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
/* dst has to be solicited node multicast address. */
if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL
- /*don't check ifindex portion*/
+ /* don't check ifindex portion */
&& daddr6.s6_addr32[1] == 0
&& daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE
&& daddr6.s6_addr8[12] == 0xff) {
- ; /*good*/
+ ; /* good */
} else {
nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet "
"(wrong ip6 dst)\n"));
}
if (ndopts.nd_opts_src_lladdr) {
- lladdr = (char *)(ndopts.nd_opts_src_lladdr +1);
+ lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
}
}
if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) {
- log(LOG_INFO,
- "nd6_ns_input: duplicate IP6 address %s\n",
- ip6_sprintf(&saddr6));
+ nd6log((LOG_INFO,
+ "nd6_ns_input: duplicate IP6 address %s\n",
+ ip6_sprintf(&saddr6)));
goto freeit;
}
* Based on RFC 2462 (duplicated address detection)
*/
void
-nd6_ns_output(ifp, daddr6, taddr6, ln, dad)
- struct ifnet *ifp;
- const struct in6_addr *daddr6, *taddr6;
- struct llinfo_nd6 *ln; /* for source address determination */
- int dad; /* duplicated address detection */
+nd6_ns_output(
+ struct ifnet *ifp,
+ const struct in6_addr *daddr6,
+ const struct in6_addr *taddr6,
+ struct llinfo_nd6 *ln, /* for source address determination */
+ int dad, /* duplicated address detection */
+ int locked)
{
struct mbuf *m;
struct ip6_hdr *ip6;
icmp6len = sizeof(*nd_ns);
m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len;
- m->m_data += max_linkhdr; /*or MH_ALIGN() equivalent?*/
+ m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */
/* fill neighbor solicitation packet */
ip6 = mtod(m, struct ip6_hdr *);
* - saddr6 belongs to the outgoing interface.
* Otherwise, we perform a scope-wise match.
*/
- struct ip6_hdr *hip6; /*hold ip6*/
+ struct ip6_hdr *hip6; /* hold ip6 */
struct in6_addr *saddr6;
if (ln && ln->ln_hold) {
else {
ia = in6_ifawithifp(ifp, &ip6->ip6_dst);
if (ia == NULL) {
- m_freem(m); /*XXX*/
+ if (ln && ln->ln_hold)
+ m_freem(ln->ln_hold);
+ ln->ln_hold = NULL;
+ m_freem(m);
return;
}
ip6->ip6_src = ia->ia_addr.sin6_addr;
if (ipsec_bypass == 0)
(void)ipsec_setsocket(m, NULL);
#endif
- ip6_output(m, NULL, NULL, dad ? IPV6_DADOUTPUT : 0, &im6o, &outif);
+ ip6_output(m, NULL, NULL, dad ? IPV6_DADOUTPUT : 0, &im6o, &outif, locked);
if (outif) {
icmp6_ifstat_inc(outif, ifs6_out_msg);
icmp6_ifstat_inc(outif, ifs6_out_neighborsolicit);
* - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
*/
void
-nd6_na_input(m, off, icmp6len)
- struct mbuf *m;
- int off, icmp6len;
+nd6_na_input(
+ struct mbuf *m,
+ int off,
+ int icmp6len)
{
struct ifnet *ifp = m->m_pkthdr.rcvif;
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
struct rtentry *rt;
struct sockaddr_dl *sdl;
union nd_opts ndopts;
+ struct timeval timenow;
if (ip6->ip6_hlim != 255) {
nd6log((LOG_ERR,
}
#ifndef PULLDOWN_TEST
- IP6_EXTHDR_CHECK(m, off, icmp6len,);
+ IP6_EXTHDR_CHECK(m, off, icmp6len, return);
nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off);
#else
IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len);
goto freeit;
}
- /* Just for safety, maybe unnecessery. */
+ /* Just for safety, maybe unnecessary. */
if (ifa) {
log(LOG_ERR,
"nd6_na_input: duplicate IP6 address %s\n",
/*
* If no neighbor cache entry is found, NA SHOULD silently be discarded.
*/
- rt = nd6_lookup(&taddr6, 0, ifp);
+ rt = nd6_lookup(&taddr6, 0, ifp, 0);
if ((rt == NULL) ||
((ln = (struct llinfo_nd6 *)rt->rt_llinfo) == NULL) ||
((sdl = SDL(rt->rt_gateway)) == NULL))
goto freeit;
+ getmicrotime(&timenow);
if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
/*
* If the link-layer has address, and no lladdr option came,
ln->ln_state = ND6_LLINFO_REACHABLE;
ln->ln_byhint = 0;
if (ln->ln_expire)
- ln->ln_expire = time_second +
+ ln->ln_expire = timenow.tv_sec +
nd_ifinfo[rt->rt_ifp->if_index].reachable;
} else {
ln->ln_state = ND6_LLINFO_STALE;
- ln->ln_expire = time_second + nd6_gctimer;
+ ln->ln_expire = timenow.tv_sec + nd6_gctimer;
}
if ((ln->ln_router = is_router) != 0) {
/*
* non-reachable to probably reachable, and might
* affect the status of associated prefixes..
*/
- pfxlist_onlink_check();
+ pfxlist_onlink_check(0);
}
} else {
int llchange;
*/
if (ln->ln_state == ND6_LLINFO_REACHABLE) {
ln->ln_state = ND6_LLINFO_STALE;
- ln->ln_expire = time_second + nd6_gctimer;
+ ln->ln_expire = timenow.tv_sec + nd6_gctimer;
}
goto freeit;
} else if (is_override /* (2a) */
ln->ln_state = ND6_LLINFO_REACHABLE;
ln->ln_byhint = 0;
if (ln->ln_expire) {
- ln->ln_expire = time_second +
+ ln->ln_expire = timenow.tv_sec +
nd_ifinfo[ifp->if_index].reachable;
}
} else {
if (lladdr && llchange) {
ln->ln_state = ND6_LLINFO_STALE;
- ln->ln_expire = time_second + nd6_gctimer;
+ ln->ln_expire = timenow.tv_sec + nd6_gctimer;
}
}
}
int s;
in6 = &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr;
- s = splnet();
+
+ /*
+ * Lock to protect the default router list.
+ * XXX: this might be unnecessary, since this function
+ * is only called under the network software interrupt
+ * context. However, we keep it just for safety.
+ */
+ lck_mtx_lock(nd6_mutex);
dr = defrouter_lookup(in6, rt->rt_ifp);
- if (dr)
- defrtrlist_del(dr);
- else if (!ip6_forwarding && ip6_accept_rtadv) {
- /*
- * Even if the neighbor is not in the default
- * router list, the neighbor may be used
- * as a next hop for some destinations
- * (e.g. redirect case). So we must
- * call rt6_flush explicitly.
- */
- rt6_flush(&ip6->ip6_src, rt->rt_ifp);
+ if (dr) {
+ defrtrlist_del(dr, 1);
+ lck_mtx_unlock(nd6_mutex);
+ }
+ else {
+ lck_mtx_unlock(nd6_mutex);
+ if (!ip6_forwarding && (ip6_accept_rtadv || (rt->rt_ifp->if_eflags & IFEF_ACCEPT_RTADVD))) {
+ /*
+ * Even if the neighbor is not in the default
+ * router list, the neighbor may be used
+ * as a next hop for some destinations
+ * (e.g. redirect case). So we must
+ * call rt6_flush explicitly.
+ */
+ rt6_flush(&ip6->ip6_src, rt->rt_ifp);
+ }
}
- splx(s);
}
ln->ln_router = is_router;
}
ln->ln_asked = 0;
if (ln->ln_hold) {
/*
- * we assume ifp is not a p2p here, so just set the 2nd
+ * we assume ifp is not a loopback here, so just set the 2nd
* argument as the 1st one.
*/
nd6_output(ifp, ifp, ln->ln_hold,
- (struct sockaddr_in6 *)rt_key(rt), rt);
+ (struct sockaddr_in6 *)rt_key(rt), rt, 0);
ln->ln_hold = 0;
}
* - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
*/
void
-nd6_na_output(ifp, daddr6, taddr6, flags, tlladdr, sdl0)
- struct ifnet *ifp;
- const struct in6_addr *daddr6, *taddr6;
- u_long flags;
- int tlladdr; /* 1 if include target link-layer address */
- struct sockaddr *sdl0; /* sockaddr_dl (= proxy NA) or NULL */
+nd6_na_output(
+ struct ifnet *ifp,
+ const struct in6_addr *daddr6,
+ const struct in6_addr *taddr6,
+ u_long flags,
+ int tlladdr, /* 1 if include target link-layer address */
+ struct sockaddr *sdl0) /* sockaddr_dl (= proxy NA) or NULL */
{
struct mbuf *m;
struct ip6_hdr *ip6;
struct ip6_moptions im6o;
int icmp6len;
int maxlen;
- caddr_t mac;
+ caddr_t mac = NULL;
struct ifnet *outif = NULL;
/* estimate the size of message */
icmp6len = sizeof(*nd_na);
m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len;
- m->m_data += max_linkhdr; /*or MH_ALIGN() equivalent?*/
+ m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */
/* fill neighbor advertisement packet */
ip6 = mtod(m, struct ip6_hdr *);
* target lladdr option SHOULD NOT be included.
*/
if (tlladdr) {
- mac = NULL;
/*
* sdl0 != NULL indicates proxy NA. If we do proxy, use
* lladdr in sdl0. If we are not proxying (sending NA for
if (ipsec_bypass == 0)
(void)ipsec_setsocket(m, NULL);
#endif
- ip6_output(m, NULL, NULL, 0, &im6o, &outif);
+ ip6_output(m, NULL, NULL, 0, &im6o, &outif, 0);
if (outif) {
icmp6_ifstat_inc(outif, ifs6_out_msg);
icmp6_ifstat_inc(outif, ifs6_out_neighboradvert);
}
caddr_t
-nd6_ifptomac(ifp)
- struct ifnet *ifp;
+nd6_ifptomac(
+ struct ifnet *ifp)
{
- switch (ifp->if_type) {
- case IFT_ARCNET:
- case IFT_ETHER:
- case IFT_FDDI:
- case IFT_IEEE1394:
-#if IFT_L2VLAN
- case IFT_L2VLAN:
-#endif
-#if IFT_IEEE80211
- case IFT_IEEE80211:
-#endif
- return ((caddr_t)(ifp + 1));
- break;
- default:
- return NULL;
- }
+ return ((caddr_t)ifnet_lladdr(ifp));
}
TAILQ_HEAD(dadq_head, dadq);
int dad_ns_ocount; /* NS sent so far */
int dad_ns_icount;
int dad_na_icount;
-#if defined(__FreeBSD__) && __FreeBSD__ >= 3
- struct callout_handle dad_timer;
-#endif
};
static struct dadq_head dadq;
static int dad_init = 0;
static struct dadq *
-nd6_dad_find(ifa)
- struct ifaddr *ifa;
+nd6_dad_find(
+ struct ifaddr *ifa)
{
struct dadq *dp;
-
+ lck_mtx_lock(dad6_mutex);
for (dp = dadq.tqh_first; dp; dp = dp->dad_list.tqe_next) {
- if (dp->dad_ifa == ifa)
+ if (dp->dad_ifa == ifa) {
+ lck_mtx_unlock(dad6_mutex);
return dp;
+ }
}
+ lck_mtx_unlock(dad6_mutex);
return NULL;
}
#ifdef __APPLE__
void
-nd6_dad_stoptimer(ifa)
- struct ifaddr *ifa;
+nd6_dad_stoptimer(
+ struct ifaddr *ifa)
{
- untimeout((void (*) __P((void *)))nd6_dad_timer_funnel, (void *)ifa);
+ untimeout((void (*)(void *))nd6_dad_timer, (void *)ifa);
}
#else
static void
-nd6_dad_starttimer(dp, ticks)
- struct dadq *dp;
- int ticks;
+nd6_dad_starttimer(
+ struct dadq *dp,
+ int ticks)
{
callout_reset(&dp->dad_timer_ch, ticks,
- (void (*) __P((void *)))nd6_dad_timer, (void *)dp->dad_ifa);
+ (void (*)(void *))nd6_dad_timer, (void *)dp->dad_ifa);
}
+
static void
-nd6_dad_stoptimer(dp)
- struct dadq *dp;
+nd6_dad_stoptimer(
+ struct dadq *dp)
{
callout_stop(&dp->dad_timer_ch);
* Start Duplicated Address Detection (DAD) for specified interface address.
*/
void
-nd6_dad_start(ifa, tick)
- struct ifaddr *ifa;
- int *tick; /* minimum delay ticks for IFF_UP event */
+nd6_dad_start(
+ struct ifaddr *ifa,
+ int *tick) /* minimum delay ticks for IFF_UP event */
{
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
struct dadq *dp;
return;
}
bzero(dp, sizeof(*dp));
-#if defined(__FreeBSD__) && __FreeBSD__ >= 3
- callout_init(&dp->dad_timer_ch);
-#endif
+ lck_mtx_lock(dad6_mutex);
TAILQ_INSERT_TAIL(&dadq, (struct dadq *)dp, dad_list);
+ lck_mtx_unlock(dad6_mutex);
nd6log((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp),
ip6_sprintf(&ia->ia_addr.sin6_addr)));
dp->dad_count = ip6_dad_count;
dp->dad_ns_icount = dp->dad_na_icount = 0;
dp->dad_ns_ocount = dp->dad_ns_tcount = 0;
- if (!tick) {
+ if (tick == NULL) {
nd6_dad_ns_output(dp, ifa);
-#if defined(__FreeBSD__) && __FreeBSD__ >= 3
- dp->dad_timer =
-#endif
- timeout((void (*) __P((void *)))nd6_dad_timer_funnel, (void *)ifa,
+ timeout((void (*)(void *))nd6_dad_timer, (void *)ifa,
nd_ifinfo[ifa->ifa_ifp->if_index].retrans * hz / 1000);
} else {
int ntick;
else
ntick = *tick + random() % (hz / 2);
*tick = ntick;
-#if defined(__FreeBSD__) && __FreeBSD__ >= 3
- dp->dad_timer =
-#endif
- timeout((void (*) __P((void *)))nd6_dad_timer_funnel, (void *)ifa,
+ timeout((void (*)(void *))nd6_dad_timer, (void *)ifa,
ntick);
}
}
* terminate DAD unconditionally. used for address removals.
*/
void
-nd6_dad_stop(ifa)
- struct ifaddr *ifa;
+nd6_dad_stop(
+ struct ifaddr *ifa)
{
struct dadq *dp;
return;
}
- untimeout((void (*) __P((void *)))nd6_dad_timer_funnel, (void *)ifa);
+ untimeout((void (*)(void *))nd6_dad_timer, (void *)ifa);
+ lck_mtx_lock(dad6_mutex);
TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list);
+ lck_mtx_unlock(dad6_mutex);
FREE(dp, M_IP6NDP);
dp = NULL;
ifafree(ifa);
}
-static void
-nd6_dad_timer_funnel(ifa)
- struct ifaddr *ifa;
-{
-
-#ifdef __APPLE__
- boolean_t funnel_state;
- funnel_state = thread_funnel_set(network_flock, TRUE);
-#endif
- nd6_dad_timer(ifa);
-#ifdef __APPLE__
- (void) thread_funnel_set(network_flock, FALSE);
-#endif
-
-}
-
static void
-nd6_dad_timer(ifa)
- struct ifaddr *ifa;
+nd6_dad_timer(
+ struct ifaddr *ifa)
{
int s;
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
struct dadq *dp;
- s = splnet(); /*XXX*/
+ s = splnet(); /* XXX */
/* Sanity check */
if (ia == NULL) {
nd6log((LOG_INFO, "%s: could not run DAD, driver problem?\n",
if_name(ifa->ifa_ifp)));
+ lck_mtx_lock(dad6_mutex);
TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list);
+ lck_mtx_unlock(dad6_mutex);
FREE(dp, M_IP6NDP);
dp = NULL;
ifafree(ifa);
* We have more NS to go. Send NS packet for DAD.
*/
nd6_dad_ns_output(dp, ifa);
-#if defined(__FreeBSD__) && __FreeBSD__ >= 3
- dp->dad_timer =
-#endif
- timeout((void (*) __P((void *)))nd6_dad_timer_funnel, (void *)ifa,
+ timeout((void (*)(void *))nd6_dad_timer, (void *)ifa,
nd_ifinfo[ifa->ifa_ifp->if_index].retrans * hz / 1000);
} else {
/*
}
if (dp->dad_ns_icount) {
-#if 0 /*heuristics*/
+#if 0 /* heuristics */
/*
* if
* - we have sent many(?) DAD NS, and
if_name(ifa->ifa_ifp),
ip6_sprintf(&ia->ia_addr.sin6_addr)));
+ lck_mtx_lock(dad6_mutex);
TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list);
+ lck_mtx_unlock(dad6_mutex);
+ in6_post_msg(ia->ia_ifp, KEV_INET6_NEW_USER_ADDR, ia);
FREE(dp, M_IP6NDP);
dp = NULL;
ifafree(ifa);
}
void
-nd6_dad_duplicated(ifa)
- struct ifaddr *ifa;
+nd6_dad_duplicated(
+ struct ifaddr *ifa)
{
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
struct dadq *dp;
ia->ia6_flags |= IN6_IFF_DUPLICATED;
/* We are done with DAD, with duplicated address found. (failure) */
- untimeout((void (*) __P((void *)))nd6_dad_timer_funnel, (void *)ifa);
+ untimeout((void (*)(void *))nd6_dad_timer, (void *)ifa);
log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n",
log(LOG_ERR, "%s: manual intervention required\n",
if_name(ifa->ifa_ifp));
+ lck_mtx_lock(dad6_mutex);
TAILQ_REMOVE(&dadq, (struct dadq *)dp, dad_list);
+ lck_mtx_unlock(dad6_mutex);
FREE(dp, M_IP6NDP);
dp = NULL;
ifafree(ifa);
}
static void
-nd6_dad_ns_output(dp, ifa)
- struct dadq *dp;
- struct ifaddr *ifa;
+nd6_dad_ns_output(
+ struct dadq *dp,
+ struct ifaddr *ifa)
{
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
struct ifnet *ifp = ifa->ifa_ifp;
}
dp->dad_ns_ocount++;
- nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL, 1);
+ nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL, 1, 0);
}
static void
-nd6_dad_ns_input(ifa)
- struct ifaddr *ifa;
+nd6_dad_ns_input(
+ struct ifaddr *ifa)
{
struct in6_ifaddr *ia;
- struct ifnet *ifp;
const struct in6_addr *taddr6;
struct dadq *dp;
int duplicate;
panic("ifa == NULL in nd6_dad_ns_input");
ia = (struct in6_ifaddr *)ifa;
- ifp = ifa->ifa_ifp;
taddr6 = &ia->ia_addr.sin6_addr;
duplicate = 0;
dp = nd6_dad_find(ifa);
}
static void
-nd6_dad_na_input(ifa)
- struct ifaddr *ifa;
+nd6_dad_na_input(
+ struct ifaddr *ifa)
{
struct dadq *dp;
projects / apple / xnu.git / blobdiff