2005-01-07 02:30:35 +00:00
|
|
|
/*-
|
2017-11-20 19:43:44 +00:00
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
*
|
1999-11-22 02:45:11 +00:00
|
|
|
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
2007-12-10 16:03:40 +00:00
|
|
|
*
|
|
|
|
* $KAME: nd6_nbr.c,v 1.86 2002/01/21 02:33:04 jinmei Exp $
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
|
2007-12-10 16:03:40 +00:00
|
|
|
#include <sys/cdefs.h>
|
|
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
#include "opt_inet.h"
|
|
|
|
#include "opt_inet6.h"
|
2005-02-22 13:04:05 +00:00
|
|
|
#include "opt_ipsec.h"
|
This patch provides the back end support for equal-cost multi-path
(ECMP) for both IPv4 and IPv6. Previously, multipath route insertion
is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1
route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of
"add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat
output:
default 10.2.5.1 UGS 0 3074 bge0 =>
default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires
a specific gateway to be specified or else an error message would
be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process"
"delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single
route for a particular destination.
I need to perform more testings on address aliases and multiple
interfaces that have the same IP prefixes. This patch as it
stands today is not yet ready for prime time. Therefore, the ECMP
code fragments are fully guarded by the RADIX_MPATH macro.
Include the "options RADIX_MPATH" in the kernel configuration
to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
2008-04-13 05:45:14 +00:00
|
|
|
#include "opt_mpath.h"
|
1999-12-22 19:13:38 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/systm.h>
|
Extract eventfilter declarations to sys/_eventfilter.h
This allows replacing "sys/eventfilter.h" includes with "sys/_eventfilter.h"
in other header files (e.g., sys/{bus,conf,cpu}.h) and reduces header
pollution substantially.
EVENTHANDLER_DECLARE and EVENTHANDLER_LIST_DECLAREs were moved out of .c
files into appropriate headers (e.g., sys/proc.h, powernv/opal.h).
As a side effect of reduced header pollution, many .c files and headers no
longer contain needed definitions. The remainder of the patch addresses
adding appropriate includes to fix those files.
LOCK_DEBUG and LOCK_FILE_LINE_ARG are moved to sys/_lock.h, as required by
sys/mutex.h since r326106 (but silently protected by header pollution prior
to this change).
No functional change (intended). Of course, any out of tree modules that
relied on header pollution for sys/eventhandler.h, sys/lock.h, or
sys/mutex.h inclusion need to be fixed. __FreeBSD_version has been bumped.
2019-05-20 00:38:23 +00:00
|
|
|
#include <sys/eventhandler.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <sys/malloc.h>
|
2015-03-02 17:30:26 +00:00
|
|
|
#include <sys/libkern.h>
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
#include <sys/lock.h>
|
|
|
|
#include <sys/rwlock.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <sys/mbuf.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/sockio.h>
|
|
|
|
#include <sys/time.h>
|
|
|
|
#include <sys/kernel.h>
|
|
|
|
#include <sys/errno.h>
|
2015-03-02 17:30:26 +00:00
|
|
|
#include <sys/sysctl.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <sys/syslog.h>
|
|
|
|
#include <sys/queue.h>
|
2001-06-11 12:39:29 +00:00
|
|
|
#include <sys/callout.h>
|
2014-12-08 04:44:40 +00:00
|
|
|
#include <sys/refcount.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
#include <net/if.h>
|
|
|
|
#include <net/if_types.h>
|
|
|
|
#include <net/if_dl.h>
|
2005-06-12 00:45:24 +00:00
|
|
|
#include <net/if_var.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <net/route.h>
|
This patch provides the back end support for equal-cost multi-path
(ECMP) for both IPv4 and IPv6. Previously, multipath route insertion
is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1
route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of
"add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat
output:
default 10.2.5.1 UGS 0 3074 bge0 =>
default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires
a specific gateway to be specified or else an error message would
be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process"
"delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single
route for a particular destination.
I need to perform more testings on address aliases and multiple
interfaces that have the same IP prefixes. This patch as it
stands today is not yet ready for prime time. Therefore, the ECMP
code fragments are fully guarded by the RADIX_MPATH macro.
Include the "options RADIX_MPATH" in the kernel configuration
to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
2008-04-13 05:45:14 +00:00
|
|
|
#ifdef RADIX_MPATH
|
|
|
|
#include <net/radix_mpath.h>
|
|
|
|
#endif
|
2015-03-02 17:30:26 +00:00
|
|
|
#include <net/vnet.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <netinet/in_var.h>
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
#include <net/if_llatbl.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <netinet6/in6_var.h>
|
2005-10-19 16:43:57 +00:00
|
|
|
#include <netinet6/in6_ifattach.h>
|
2000-07-04 16:35:15 +00:00
|
|
|
#include <netinet/ip6.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <netinet6/ip6_var.h>
|
2005-07-25 12:31:43 +00:00
|
|
|
#include <netinet6/scope6_var.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <netinet6/nd6.h>
|
2000-07-04 16:35:15 +00:00
|
|
|
#include <netinet/icmp6.h>
|
2010-08-11 20:18:19 +00:00
|
|
|
#include <netinet/ip_carp.h>
|
2010-08-19 11:31:03 +00:00
|
|
|
#include <netinet6/send.h>
|
2000-07-04 16:35:15 +00:00
|
|
|
|
|
|
|
#define SDL(s) ((struct sockaddr_dl *)s)
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
struct dadq;
|
2015-03-02 17:30:26 +00:00
|
|
|
static struct dadq *nd6_dad_find(struct ifaddr *, struct nd_opt_nonce *);
|
2014-11-10 16:01:39 +00:00
|
|
|
static void nd6_dad_add(struct dadq *dp);
|
|
|
|
static void nd6_dad_del(struct dadq *dp);
|
2014-12-08 04:44:40 +00:00
|
|
|
static void nd6_dad_rele(struct dadq *);
|
2015-10-03 12:09:12 +00:00
|
|
|
static void nd6_dad_starttimer(struct dadq *, int, int);
|
2008-01-08 19:08:58 +00:00
|
|
|
static void nd6_dad_stoptimer(struct dadq *);
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
static void nd6_dad_timer(struct dadq *);
|
2014-11-10 16:01:39 +00:00
|
|
|
static void nd6_dad_duplicated(struct ifaddr *, struct dadq *);
|
2015-10-03 12:09:12 +00:00
|
|
|
static void nd6_dad_ns_output(struct dadq *);
|
2015-03-02 17:30:26 +00:00
|
|
|
static void nd6_dad_ns_input(struct ifaddr *, struct nd_opt_nonce *);
|
2008-01-08 19:08:58 +00:00
|
|
|
static void nd6_dad_na_input(struct ifaddr *);
|
2012-02-14 11:51:32 +00:00
|
|
|
static void nd6_na_output_fib(struct ifnet *, const struct in6_addr *,
|
|
|
|
const struct in6_addr *, u_long, int, struct sockaddr *, u_int);
|
2015-03-03 10:50:03 +00:00
|
|
|
static void nd6_ns_output_fib(struct ifnet *, const struct in6_addr *,
|
2015-09-05 14:14:03 +00:00
|
|
|
const struct in6_addr *, const struct in6_addr *, uint8_t *, u_int);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2018-07-24 16:35:52 +00:00
|
|
|
VNET_DEFINE_STATIC(int, dad_enhanced) = 1;
|
2015-03-02 17:30:26 +00:00
|
|
|
#define V_dad_enhanced VNET(dad_enhanced)
|
|
|
|
|
|
|
|
SYSCTL_DECL(_net_inet6_ip6);
|
|
|
|
SYSCTL_INT(_net_inet6_ip6, OID_AUTO, dad_enhanced, CTLFLAG_VNET | CTLFLAG_RW,
|
|
|
|
&VNET_NAME(dad_enhanced), 0,
|
|
|
|
"Enable Enhanced DAD, which adds a random nonce to NS messages for DAD.");
|
|
|
|
|
2018-07-24 16:35:52 +00:00
|
|
|
VNET_DEFINE_STATIC(int, dad_maxtry) = 15; /* max # of *tries* to
|
2014-05-29 20:53:53 +00:00
|
|
|
transmit DAD packet */
|
2009-07-16 21:13:04 +00:00
|
|
|
#define V_dad_maxtry VNET(dad_maxtry)
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
2002-12-30 21:18:15 +00:00
|
|
|
* Input a Neighbor Solicitation Message.
|
1999-11-22 02:45:11 +00:00
|
|
|
*
|
|
|
|
* Based on RFC 2461
|
2005-08-12 15:27:25 +00:00
|
|
|
* Based on RFC 2462 (duplicate address detection)
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_ns_input(struct mbuf *m, int off, int icmp6len)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
2019-11-07 18:29:51 +00:00
|
|
|
struct ifnet *ifp;
|
|
|
|
struct ip6_hdr *ip6;
|
2000-07-04 16:35:15 +00:00
|
|
|
struct nd_neighbor_solicit *nd_ns;
|
2019-11-07 18:29:51 +00:00
|
|
|
struct in6_addr daddr6, myaddr6, saddr6, taddr6;
|
|
|
|
struct ifaddr *ifa;
|
2011-03-12 09:41:25 +00:00
|
|
|
struct sockaddr_dl proxydl;
|
2019-11-07 18:29:51 +00:00
|
|
|
union nd_opts ndopts;
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
|
2019-11-07 18:29:51 +00:00
|
|
|
char *lladdr;
|
|
|
|
int anycast, lladdrlen, proxy, rflag, tentative, tlladdr;
|
|
|
|
|
|
|
|
ifa = NULL;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2017-12-15 12:37:32 +00:00
|
|
|
/* RFC 6980: Nodes MUST silently ignore fragments */
|
|
|
|
if(m->m_flags & M_FRAGMENTED)
|
|
|
|
goto freeit;
|
|
|
|
|
2019-11-07 18:29:51 +00:00
|
|
|
ifp = m->m_pkthdr.rcvif;
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
if (ip6->ip6_hlim != 255) {
|
|
|
|
nd6log((LOG_ERR,
|
|
|
|
"nd6_ns_input: invalid hlim (%d) from %s to %s on %s\n",
|
|
|
|
ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
|
|
|
|
ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
|
|
|
|
goto bads;
|
|
|
|
}
|
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
#ifndef PULLDOWN_TEST
|
|
|
|
IP6_EXTHDR_CHECK(m, off, icmp6len,);
|
|
|
|
nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off);
|
|
|
|
#else
|
|
|
|
IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len);
|
|
|
|
if (nd_ns == NULL) {
|
2009-04-12 13:22:33 +00:00
|
|
|
ICMP6STAT_INC(icp6s_tooshort);
|
2001-06-11 12:39:29 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *); /* adjust pointer for safety */
|
2019-11-07 18:29:51 +00:00
|
|
|
|
|
|
|
saddr6 = ip6->ip6_src;
|
|
|
|
daddr6 = ip6->ip6_dst;
|
2001-06-11 12:39:29 +00:00
|
|
|
taddr6 = nd_ns->nd_ns_target;
|
2005-07-25 12:31:43 +00:00
|
|
|
if (in6_setscope(&taddr6, ifp, NULL) != 0)
|
|
|
|
goto bad;
|
2001-06-11 12:39:29 +00:00
|
|
|
|
2019-11-07 18:29:51 +00:00
|
|
|
rflag = (V_ip6_forwarding) ? ND_NA_FLAG_ROUTER : 0;
|
|
|
|
if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && V_ip6_norbit_raif)
|
|
|
|
rflag = 0;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
|
2005-08-12 15:27:25 +00:00
|
|
|
/* dst has to be a solicited node multicast address. */
|
2003-10-09 16:13:47 +00:00
|
|
|
if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL &&
|
2002-04-19 04:46:24 +00:00
|
|
|
/* don't check ifindex portion */
|
2003-10-09 16:13:47 +00:00
|
|
|
daddr6.s6_addr32[1] == 0 &&
|
|
|
|
daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE &&
|
|
|
|
daddr6.s6_addr8[12] == 0xff) {
|
2002-04-19 04:46:24 +00:00
|
|
|
; /* good */
|
1999-11-22 02:45:11 +00:00
|
|
|
} else {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet "
|
2003-10-09 16:13:47 +00:00
|
|
|
"(wrong ip6 dst)\n"));
|
1999-11-22 02:45:11 +00:00
|
|
|
goto bad;
|
|
|
|
}
|
2008-11-26 22:32:07 +00:00
|
|
|
} else if (!V_nd6_onlink_ns_rfc4861) {
|
2008-10-02 00:32:59 +00:00
|
|
|
struct sockaddr_in6 src_sa6;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* According to recent IETF discussions, it is not a good idea
|
|
|
|
* to accept a NS from an address which would not be deemed
|
|
|
|
* to be a neighbor otherwise. This point is expected to be
|
|
|
|
* clarified in future revisions of the specification.
|
|
|
|
*/
|
|
|
|
bzero(&src_sa6, sizeof(src_sa6));
|
|
|
|
src_sa6.sin6_family = AF_INET6;
|
|
|
|
src_sa6.sin6_len = sizeof(src_sa6);
|
|
|
|
src_sa6.sin6_addr = saddr6;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
if (nd6_is_addr_neighbor(&src_sa6, ifp) == 0) {
|
2008-10-02 00:32:59 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_ns_input: "
|
|
|
|
"NS packet from non-neighbor\n"));
|
|
|
|
goto bad;
|
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n"));
|
1999-11-22 02:45:11 +00:00
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
icmp6len -= sizeof(*nd_ns);
|
|
|
|
nd6_option_init(nd_ns + 1, icmp6len, &ndopts);
|
|
|
|
if (nd6_options(&ndopts) < 0) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_INFO,
|
|
|
|
"nd6_ns_input: invalid ND option, ignored\n"));
|
|
|
|
/* nd6_options have incremented stats */
|
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2019-11-07 18:29:51 +00:00
|
|
|
lladdr = NULL;
|
|
|
|
lladdrlen = 0;
|
1999-11-22 02:45:11 +00:00
|
|
|
if (ndopts.nd_opts_src_lladdr) {
|
2002-04-19 04:46:24 +00:00
|
|
|
lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
|
1999-11-22 02:45:11 +00:00
|
|
|
lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
|
|
|
|
}
|
2003-10-09 16:13:47 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet "
|
|
|
|
"(link-layer address option)\n"));
|
1999-11-22 02:45:11 +00:00
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Attaching target link-layer address to the NA?
|
|
|
|
* (RFC 2461 7.2.4)
|
|
|
|
*
|
|
|
|
* NS IP dst is unicast/anycast MUST NOT add
|
|
|
|
* NS IP dst is solicited-node multicast MUST add
|
|
|
|
*
|
|
|
|
* In implementation, we add target link-layer address by default.
|
|
|
|
* We do not add one in MUST NOT cases.
|
|
|
|
*/
|
2015-12-17 14:41:30 +00:00
|
|
|
if (!IN6_IS_ADDR_MULTICAST(&daddr6))
|
|
|
|
tlladdr = 0;
|
|
|
|
else
|
|
|
|
tlladdr = 1;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Target address (taddr6) must be either:
|
|
|
|
* (1) Valid unicast/anycast address for my receiving interface,
|
|
|
|
* (2) Unicast address for which I'm offering proxy service, or
|
|
|
|
* (3) "tentative" address on which DAD is being performed.
|
|
|
|
*/
|
|
|
|
/* (1) and (3) check. */
|
2005-02-22 13:04:05 +00:00
|
|
|
if (ifp->if_carp)
|
2010-08-11 00:51:50 +00:00
|
|
|
ifa = (*carp_iamatch6_p)(ifp, &taddr6);
|
A major overhaul of the CARP implementation. The ip_carp.c was started
from scratch, copying needed functionality from the old implemenation
on demand, with a thorough review of all code. The main change is that
interface layer has been removed from the CARP. Now redundant addresses
are configured exactly on the interfaces, they run on.
The CARP configuration itself is, as before, configured and read via
SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or
SIOCAIFADDR_IN6 may now be configured to a particular virtual host id,
which makes the prefix redundant.
ifconfig(8) semantics has been changed too: now one doesn't need
to clone carpXX interface, he/she should directly configure a vhid
on a Ethernet interface.
To supply vhid data from the kernel to an application the getifaddrs(8)
function had been changed to pass ifam_data with each address. [1]
The new implementation definitely closes all PRs related to carp(4)
being an interface, and may close several others. It also allows
to run a single redundant IP per interface.
Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for
idea on using ifam_data and for several rounds of reviewing!
PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448
Reviewed by: bz
Submitted by: bz [1]
2011-12-16 12:16:56 +00:00
|
|
|
else
|
2005-02-22 13:04:05 +00:00
|
|
|
ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/* (2) check. */
|
2019-11-07 18:29:51 +00:00
|
|
|
proxy = 0;
|
2005-10-19 10:09:19 +00:00
|
|
|
if (ifa == NULL) {
|
2016-01-04 15:03:20 +00:00
|
|
|
struct sockaddr_dl rt_gateway;
|
|
|
|
struct rt_addrinfo info;
|
|
|
|
struct sockaddr_in6 dst6;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2016-01-04 15:03:20 +00:00
|
|
|
bzero(&dst6, sizeof(dst6));
|
|
|
|
dst6.sin6_len = sizeof(struct sockaddr_in6);
|
|
|
|
dst6.sin6_family = AF_INET6;
|
|
|
|
dst6.sin6_addr = taddr6;
|
|
|
|
|
|
|
|
bzero(&rt_gateway, sizeof(rt_gateway));
|
|
|
|
rt_gateway.sdl_len = sizeof(rt_gateway);
|
|
|
|
bzero(&info, sizeof(info));
|
|
|
|
info.rti_info[RTAX_GATEWAY] = (struct sockaddr *)&rt_gateway;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0
sys/netinet6/icmp6.c
Use the interface's FIB for source address selection in ICMPv6 error
responses.
sys/netinet6/in6.c
In in6_newaddrmsg, announce arrival of local addresses on the
interface's FIB only. In in6_lltable_rtcheck, use a per-fib ND6
cache instead of a single cache.
sys/netinet6/in6_src.c
In in6_selectsrc, use the caller's fib instead of the default fib.
In in6_selectsrc_socket, remove a superfluous check.
sys/netinet6/nd6.c
In nd6_lle_event, use the interface's fib for routing socket
messages. In nd6_is_new_addr_neighbor, check all FIBs when trying
to determine whether an address is a neighbor. Also, simplify the
code for point to point interfaces.
sys/netinet6/nd6.h
sys/netinet6/nd6.c
sys/netinet6/nd6_rtr.c
Make defrouter_select fib-aware, and make all of its callers pass in
the interface fib.
sys/netinet6/nd6_nbr.c
When inputting a Neighbor Solicitation packet, consider the
interface fib instead of the default fib for DAD. Output NS and
Neighbor Advertisement packets on the correct fib.
sys/netinet6/nd6_rtr.c
Allow installing the same host route on different interfaces in
different FIBs. If rt_add_addr_allfibs=0, only install or delete
the prefix route on the interface fib.
tests/sys/netinet/fibs_test.sh
Clear some expected failures, but add a skip for the newly revealed
BUG217871.
PR: 196361
Submitted by: Erick Turnquist <jhujhiti@adjectivism.org>
Reported by: Jason Healy <jhealy@logn.net>
Reviewed by: asomers
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D9451
2017-03-17 16:50:37 +00:00
|
|
|
if (rib_lookup_info(ifp->if_fib, (struct sockaddr *)&dst6,
|
2016-01-04 15:03:20 +00:00
|
|
|
0, 0, &info) == 0) {
|
|
|
|
if ((info.rti_flags & RTF_ANNOUNCE) != 0 &&
|
|
|
|
rt_gateway.sdl_family == AF_LINK) {
|
|
|
|
|
|
|
|
/*
|
|
|
|
* proxy NDP for single entry
|
|
|
|
*/
|
|
|
|
proxydl = *SDL(&rt_gateway);
|
|
|
|
ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(
|
|
|
|
ifp, IN6_IFF_NOTREADY|IN6_IFF_ANYCAST);
|
|
|
|
if (ifa)
|
|
|
|
proxy = 1;
|
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
}
|
2005-10-19 17:18:49 +00:00
|
|
|
if (ifa == NULL) {
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
2001-06-11 12:39:29 +00:00
|
|
|
* We've got an NS packet, and we don't have that adddress
|
1999-11-22 02:45:11 +00:00
|
|
|
* assigned for us. We MUST silently ignore it.
|
|
|
|
* See RFC2461 7.2.3.
|
|
|
|
*/
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2015-12-17 14:41:30 +00:00
|
|
|
myaddr6 = *IFA_IN6(ifa);
|
|
|
|
anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST;
|
|
|
|
tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE;
|
1999-11-22 02:45:11 +00:00
|
|
|
if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED)
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
|
2003-10-09 16:13:47 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_ns_input: lladdrlen mismatch for %s "
|
1999-11-22 02:45:11 +00:00
|
|
|
"(if %d, NS packet %d)\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6bufs, &taddr6),
|
2003-10-09 16:13:47 +00:00
|
|
|
ifp->if_addrlen, lladdrlen - 2));
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2015-12-17 14:41:30 +00:00
|
|
|
if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) {
|
2003-10-09 16:13:47 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_ns_input: duplicate IP6 address %s\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6bufs, &saddr6)));
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We have neighbor solicitation packet, with target address equals to
|
|
|
|
* one of my tentative address.
|
|
|
|
*
|
|
|
|
* src addr how to process?
|
|
|
|
* --- ---
|
|
|
|
* multicast of course, invalid (rejected in ip6_input)
|
|
|
|
* unicast somebody is doing address resolution -> ignore
|
|
|
|
* unspec dup address detection
|
|
|
|
*
|
|
|
|
* The processing is defined in RFC 2462.
|
|
|
|
*/
|
2015-12-17 14:41:30 +00:00
|
|
|
if (tentative) {
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
* If source address is unspecified address, it is for
|
2005-08-12 15:27:25 +00:00
|
|
|
* duplicate address detection.
|
1999-11-22 02:45:11 +00:00
|
|
|
*
|
|
|
|
* If not, the packet is for addess resolution;
|
|
|
|
* silently ignore it.
|
|
|
|
*/
|
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&saddr6))
|
2015-03-02 17:30:26 +00:00
|
|
|
nd6_dad_ns_input(ifa, ndopts.nd_opts_nonce);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the source address is unspecified address, entries must not
|
|
|
|
* be created or updated.
|
|
|
|
* It looks that sender is performing DAD. Output NA toward
|
|
|
|
* all-node multicast address, to tell the sender that I'm using
|
|
|
|
* the address.
|
|
|
|
* S bit ("solicited") must be zero.
|
|
|
|
*/
|
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
|
2005-07-25 12:31:43 +00:00
|
|
|
struct in6_addr in6_all;
|
|
|
|
|
|
|
|
in6_all = in6addr_linklocal_allnodes;
|
|
|
|
if (in6_setscope(&in6_all, ifp, NULL) != 0)
|
|
|
|
goto bad;
|
2015-12-17 14:41:30 +00:00
|
|
|
nd6_na_output_fib(ifp, &in6_all, &taddr6,
|
|
|
|
((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) |
|
|
|
|
rflag, tlladdr, proxy ? (struct sockaddr *)&proxydl : NULL,
|
|
|
|
M_GETFIB(m));
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2003-10-09 16:13:47 +00:00
|
|
|
nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen,
|
|
|
|
ND_NEIGHBOR_SOLICIT, 0);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2015-12-17 14:41:30 +00:00
|
|
|
nd6_na_output_fib(ifp, &saddr6, &taddr6,
|
|
|
|
((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) |
|
|
|
|
rflag | ND_NA_FLAG_SOLICITED, tlladdr,
|
|
|
|
proxy ? (struct sockaddr *)&proxydl : NULL, M_GETFIB(m));
|
2000-07-04 16:35:15 +00:00
|
|
|
freeit:
|
2009-06-23 20:19:09 +00:00
|
|
|
if (ifa != NULL)
|
|
|
|
ifa_free(ifa);
|
2000-07-04 16:35:15 +00:00
|
|
|
m_freem(m);
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
bad:
|
2006-12-12 12:17:58 +00:00
|
|
|
nd6log((LOG_ERR, "nd6_ns_input: src=%s\n",
|
|
|
|
ip6_sprintf(ip6bufs, &saddr6)));
|
|
|
|
nd6log((LOG_ERR, "nd6_ns_input: dst=%s\n",
|
|
|
|
ip6_sprintf(ip6bufs, &daddr6)));
|
|
|
|
nd6log((LOG_ERR, "nd6_ns_input: tgt=%s\n",
|
|
|
|
ip6_sprintf(ip6bufs, &taddr6)));
|
2019-11-07 18:29:51 +00:00
|
|
|
bads:
|
2009-04-12 13:22:33 +00:00
|
|
|
ICMP6STAT_INC(icp6s_badns);
|
2009-06-23 20:19:09 +00:00
|
|
|
if (ifa != NULL)
|
|
|
|
ifa_free(ifa);
|
2000-07-04 16:35:15 +00:00
|
|
|
m_freem(m);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2002-12-30 21:18:15 +00:00
|
|
|
* Output a Neighbor Solicitation Message. Caller specifies:
|
1999-11-22 02:45:11 +00:00
|
|
|
* - ICMP6 header source IP6 address
|
|
|
|
* - ND6 header target IP6 address
|
|
|
|
* - ND6 header source datalink address
|
|
|
|
*
|
|
|
|
* Based on RFC 2461
|
2005-08-12 15:27:25 +00:00
|
|
|
* Based on RFC 2462 (duplicate address detection)
|
2007-07-05 16:23:49 +00:00
|
|
|
*
|
2015-03-02 17:30:26 +00:00
|
|
|
* ln - for source address determination
|
|
|
|
* nonce - If non-NULL, NS is used for duplicate address detection and
|
|
|
|
* the value (length is ND_OPT_NONCE_LEN) is used as a random nonce.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2015-03-03 10:50:03 +00:00
|
|
|
static void
|
2015-09-05 14:14:03 +00:00
|
|
|
nd6_ns_output_fib(struct ifnet *ifp, const struct in6_addr *saddr6,
|
|
|
|
const struct in6_addr *daddr6, const struct in6_addr *taddr6,
|
|
|
|
uint8_t *nonce, u_int fibnum)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct mbuf *m;
|
2010-08-19 11:31:03 +00:00
|
|
|
struct m_tag *mtag;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ip6_hdr *ip6;
|
|
|
|
struct nd_neighbor_solicit *nd_ns;
|
|
|
|
struct ip6_moptions im6o;
|
|
|
|
int icmp6len;
|
2000-07-04 16:35:15 +00:00
|
|
|
int maxlen;
|
1999-11-22 02:45:11 +00:00
|
|
|
caddr_t mac;
|
2005-07-25 12:31:43 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
if (IN6_IS_ADDR_MULTICAST(taddr6))
|
|
|
|
return;
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
/* estimate the size of message */
|
|
|
|
maxlen = sizeof(*ip6) + sizeof(*nd_ns);
|
|
|
|
maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
|
2015-04-09 12:57:58 +00:00
|
|
|
KASSERT(max_linkhdr + maxlen <= MCLBYTES, (
|
|
|
|
"%s: max_linkhdr + maxlen > MCLBYTES (%d + %d > %d)",
|
|
|
|
__func__, max_linkhdr, maxlen, MCLBYTES));
|
2000-07-04 16:35:15 +00:00
|
|
|
|
2013-03-15 13:48:53 +00:00
|
|
|
if (max_linkhdr + maxlen > MHLEN)
|
|
|
|
m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
|
|
|
|
else
|
|
|
|
m = m_gethdr(M_NOWAIT, MT_DATA);
|
2000-07-04 16:35:15 +00:00
|
|
|
if (m == NULL)
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
2015-03-03 10:50:03 +00:00
|
|
|
M_SETFIB(m, fibnum);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) {
|
|
|
|
m->m_flags |= M_MCAST;
|
|
|
|
im6o.im6o_multicast_ifp = ifp;
|
|
|
|
im6o.im6o_multicast_hlim = 255;
|
|
|
|
im6o.im6o_multicast_loop = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
icmp6len = sizeof(*nd_ns);
|
|
|
|
m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len;
|
To ease changes to underlying mbuf structure and the mbuf allocator, reduce
the knowledge of mbuf layout, and in particular constants such as M_EXT,
MLEN, MHLEN, and so on, in mbuf consumers by unifying various alignment
utility functions (M_ALIGN(), MH_ALIGN(), MEXT_ALIGN() in a single
M_ALIGN() macro, implemented by a now-inlined m_align() function:
- Move m_align() from uipc_mbuf.c to mbuf.h; mark as __inline.
- Reimplement M_ALIGN(), MH_ALIGN(), and MEXT_ALIGN() using m_align().
- Update consumers around the tree to simply use M_ALIGN().
This change eliminates a number of cases where mbuf consumers must be aware
of whether or not mbufs returned by the allocator use external storage, but
also assumptions about the size of the returned mbuf. This will make it
easier to introduce changes in how we use external storage, as well as
features such as variable-size mbufs.
Differential Revision: https://reviews.freebsd.org/D1436
Reviewed by: glebius, trasz, gnn, bz
Sponsored by: EMC / Isilon Storage Division
2015-01-05 09:58:32 +00:00
|
|
|
m->m_data += max_linkhdr; /* or M_ALIGN() equivalent? */
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/* fill neighbor solicitation packet */
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
ip6->ip6_flow = 0;
|
2000-07-04 16:35:15 +00:00
|
|
|
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
|
|
|
|
ip6->ip6_vfc |= IPV6_VERSION;
|
1999-11-22 02:45:11 +00:00
|
|
|
/* ip6->ip6_plen will be set later */
|
|
|
|
ip6->ip6_nxt = IPPROTO_ICMPV6;
|
|
|
|
ip6->ip6_hlim = 255;
|
|
|
|
if (daddr6)
|
|
|
|
ip6->ip6_dst = *daddr6;
|
|
|
|
else {
|
|
|
|
ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
|
2005-07-25 12:31:43 +00:00
|
|
|
ip6->ip6_dst.s6_addr16[1] = 0;
|
1999-11-22 02:45:11 +00:00
|
|
|
ip6->ip6_dst.s6_addr32[1] = 0;
|
|
|
|
ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE;
|
|
|
|
ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3];
|
|
|
|
ip6->ip6_dst.s6_addr8[12] = 0xff;
|
2005-07-25 12:31:43 +00:00
|
|
|
if (in6_setscope(&ip6->ip6_dst, ifp, NULL) != 0)
|
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2015-03-02 17:30:26 +00:00
|
|
|
if (nonce == NULL) {
|
2015-09-05 14:14:03 +00:00
|
|
|
struct ifaddr *ifa = NULL;
|
2009-06-23 20:19:09 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
* RFC2461 7.2.2:
|
|
|
|
* "If the source address of the packet prompting the
|
|
|
|
* solicitation is the same as one of the addresses assigned
|
|
|
|
* to the outgoing interface, that address SHOULD be placed
|
|
|
|
* in the IP Source Address of the outgoing solicitation.
|
|
|
|
* Otherwise, any one of the addresses assigned to the
|
|
|
|
* interface should be used."
|
|
|
|
*
|
|
|
|
* We use the source address for the prompting packet
|
2015-09-05 14:14:03 +00:00
|
|
|
* (saddr6), if saddr6 belongs to the outgoing interface.
|
2005-07-25 12:31:43 +00:00
|
|
|
* Otherwise, we perform the source address selection as usual.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2010-11-29 00:04:08 +00:00
|
|
|
|
2015-09-05 14:14:03 +00:00
|
|
|
if (saddr6 != NULL)
|
|
|
|
ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, saddr6);
|
|
|
|
if (ifa != NULL) {
|
2010-11-29 00:04:08 +00:00
|
|
|
/* ip6_src set already. */
|
2015-09-05 14:14:03 +00:00
|
|
|
ip6->ip6_src = *saddr6;
|
2009-06-23 20:19:09 +00:00
|
|
|
ifa_free(ifa);
|
|
|
|
} else {
|
2005-07-25 12:31:43 +00:00
|
|
|
int error;
|
2016-01-10 13:40:29 +00:00
|
|
|
struct in6_addr dst6, src6;
|
|
|
|
uint32_t scopeid;
|
|
|
|
|
|
|
|
in6_splitscope(&ip6->ip6_dst, &dst6, &scopeid);
|
Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0
sys/netinet6/icmp6.c
Use the interface's FIB for source address selection in ICMPv6 error
responses.
sys/netinet6/in6.c
In in6_newaddrmsg, announce arrival of local addresses on the
interface's FIB only. In in6_lltable_rtcheck, use a per-fib ND6
cache instead of a single cache.
sys/netinet6/in6_src.c
In in6_selectsrc, use the caller's fib instead of the default fib.
In in6_selectsrc_socket, remove a superfluous check.
sys/netinet6/nd6.c
In nd6_lle_event, use the interface's fib for routing socket
messages. In nd6_is_new_addr_neighbor, check all FIBs when trying
to determine whether an address is a neighbor. Also, simplify the
code for point to point interfaces.
sys/netinet6/nd6.h
sys/netinet6/nd6.c
sys/netinet6/nd6_rtr.c
Make defrouter_select fib-aware, and make all of its callers pass in
the interface fib.
sys/netinet6/nd6_nbr.c
When inputting a Neighbor Solicitation packet, consider the
interface fib instead of the default fib for DAD. Output NS and
Neighbor Advertisement packets on the correct fib.
sys/netinet6/nd6_rtr.c
Allow installing the same host route on different interfaces in
different FIBs. If rt_add_addr_allfibs=0, only install or delete
the prefix route on the interface fib.
tests/sys/netinet/fibs_test.sh
Clear some expected failures, but add a skip for the newly revealed
BUG217871.
PR: 196361
Submitted by: Erick Turnquist <jhujhiti@adjectivism.org>
Reported by: Jason Healy <jhealy@logn.net>
Reviewed by: asomers
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D9451
2017-03-17 16:50:37 +00:00
|
|
|
error = in6_selectsrc_addr(fibnum, &dst6,
|
2016-01-10 13:40:29 +00:00
|
|
|
scopeid, ifp, &src6, NULL);
|
2009-06-23 22:08:55 +00:00
|
|
|
if (error) {
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
2015-03-03 10:50:03 +00:00
|
|
|
nd6log((LOG_DEBUG, "%s: source can't be "
|
|
|
|
"determined: dst=%s, error=%d\n", __func__,
|
2016-01-10 13:40:29 +00:00
|
|
|
ip6_sprintf(ip6buf, &dst6),
|
2006-12-12 12:17:58 +00:00
|
|
|
error));
|
2005-07-25 12:31:43 +00:00
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2016-01-10 13:40:29 +00:00
|
|
|
ip6->ip6_src = src6;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Source address for DAD packet must always be IPv6
|
|
|
|
* unspecified address. (0::0)
|
2005-07-25 12:31:43 +00:00
|
|
|
* We actually don't have to 0-clear the address (we did it
|
|
|
|
* above), but we do so here explicitly to make the intention
|
|
|
|
* clearer.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2010-11-29 00:04:08 +00:00
|
|
|
bzero(&ip6->ip6_src, sizeof(ip6->ip6_src));
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1);
|
|
|
|
nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT;
|
|
|
|
nd_ns->nd_ns_code = 0;
|
|
|
|
nd_ns->nd_ns_reserved = 0;
|
|
|
|
nd_ns->nd_ns_target = *taddr6;
|
2003-10-21 20:05:32 +00:00
|
|
|
in6_clearscope(&nd_ns->nd_ns_target); /* XXX */
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Add source link-layer address option.
|
|
|
|
*
|
|
|
|
* spec implementation
|
|
|
|
* --- ---
|
|
|
|
* DAD packet MUST NOT do not add the option
|
|
|
|
* there's no link layer address:
|
|
|
|
* impossible do not add the option
|
|
|
|
* there's link layer address:
|
|
|
|
* Multicast NS MUST add one add the option
|
|
|
|
* Unicast NS SHOULD add one add the option
|
|
|
|
*/
|
2015-03-02 17:30:26 +00:00
|
|
|
if (nonce == NULL && (mac = nd6_ifptomac(ifp))) {
|
1999-11-22 02:45:11 +00:00
|
|
|
int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
|
|
|
|
struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1);
|
|
|
|
/* 8 byte alignments... */
|
|
|
|
optlen = (optlen + 7) & ~7;
|
2003-10-09 16:13:47 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
m->m_pkthdr.len += optlen;
|
|
|
|
m->m_len += optlen;
|
|
|
|
icmp6len += optlen;
|
|
|
|
bzero((caddr_t)nd_opt, optlen);
|
|
|
|
nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR;
|
|
|
|
nd_opt->nd_opt_len = optlen >> 3;
|
|
|
|
bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen);
|
|
|
|
}
|
2015-03-02 17:30:26 +00:00
|
|
|
/*
|
|
|
|
* Add a Nonce option (RFC 3971) to detect looped back NS messages.
|
|
|
|
* This behavior is documented as Enhanced Duplicate Address
|
2015-08-24 05:21:49 +00:00
|
|
|
* Detection in RFC 7527.
|
2015-03-02 17:30:26 +00:00
|
|
|
* net.inet6.ip6.dad_enhanced=0 disables this.
|
|
|
|
*/
|
|
|
|
if (V_dad_enhanced != 0 && nonce != NULL) {
|
|
|
|
int optlen = sizeof(struct nd_opt_hdr) + ND_OPT_NONCE_LEN;
|
|
|
|
struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1);
|
|
|
|
/* 8-byte alignment is required. */
|
|
|
|
optlen = (optlen + 7) & ~7;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2015-03-02 17:30:26 +00:00
|
|
|
m->m_pkthdr.len += optlen;
|
|
|
|
m->m_len += optlen;
|
|
|
|
icmp6len += optlen;
|
|
|
|
bzero((caddr_t)nd_opt, optlen);
|
|
|
|
nd_opt->nd_opt_type = ND_OPT_NONCE;
|
|
|
|
nd_opt->nd_opt_len = optlen >> 3;
|
|
|
|
bcopy(nonce, (caddr_t)(nd_opt + 1), ND_OPT_NONCE_LEN);
|
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
ip6->ip6_plen = htons((u_short)icmp6len);
|
|
|
|
nd_ns->nd_ns_cksum = 0;
|
2003-10-09 16:13:47 +00:00
|
|
|
nd_ns->nd_ns_cksum =
|
|
|
|
in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2010-08-19 11:31:03 +00:00
|
|
|
if (send_sendso_input_hook != NULL) {
|
|
|
|
mtag = m_tag_get(PACKET_TAG_ND_OUTGOING,
|
|
|
|
sizeof(unsigned short), M_NOWAIT);
|
|
|
|
if (mtag == NULL)
|
|
|
|
goto bad;
|
|
|
|
*(unsigned short *)(mtag + 1) = nd_ns->nd_ns_type;
|
|
|
|
m_tag_prepend(m, mtag);
|
|
|
|
}
|
|
|
|
|
2016-01-03 10:43:23 +00:00
|
|
|
ip6_output(m, NULL, NULL, (nonce != NULL) ? IPV6_UNSPECSRC : 0,
|
2015-03-02 17:30:26 +00:00
|
|
|
&im6o, NULL, NULL);
|
2005-07-25 12:31:43 +00:00
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_msg);
|
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_neighborsolicit);
|
2009-04-12 13:22:33 +00:00
|
|
|
ICMP6STAT_INC(icp6s_outhist[ND_NEIGHBOR_SOLICIT]);
|
2005-07-25 12:31:43 +00:00
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
bad:
|
|
|
|
m_freem(m);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2015-03-03 10:50:03 +00:00
|
|
|
#ifndef BURN_BRIDGES
|
|
|
|
void
|
2015-09-05 14:14:03 +00:00
|
|
|
nd6_ns_output(struct ifnet *ifp, const struct in6_addr *saddr6,
|
|
|
|
const struct in6_addr *daddr6, const struct in6_addr *taddr6,uint8_t *nonce)
|
2015-03-03 10:50:03 +00:00
|
|
|
{
|
|
|
|
|
2015-09-05 14:14:03 +00:00
|
|
|
nd6_ns_output_fib(ifp, saddr6, daddr6, taddr6, nonce, RT_DEFAULT_FIB);
|
2015-03-03 10:50:03 +00:00
|
|
|
}
|
|
|
|
#endif
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
* Neighbor advertisement input handling.
|
|
|
|
*
|
|
|
|
* Based on RFC 2461
|
2005-08-12 15:27:25 +00:00
|
|
|
* Based on RFC 2462 (duplicate address detection)
|
2000-07-04 16:35:15 +00:00
|
|
|
*
|
|
|
|
* the following items are not implemented yet:
|
|
|
|
* - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
|
|
|
|
* - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_na_input(struct mbuf *m, int off, int icmp6len)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
2019-11-07 18:29:51 +00:00
|
|
|
struct ifnet *ifp;
|
|
|
|
struct ip6_hdr *ip6;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ifaddr *ifa;
|
2019-11-07 18:29:51 +00:00
|
|
|
struct llentry *ln;
|
|
|
|
struct mbuf *chain;
|
|
|
|
struct nd_neighbor_advert *nd_na;
|
|
|
|
struct in6_addr daddr6, taddr6;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
struct sockaddr_in6 sin6;
|
2019-11-07 18:29:51 +00:00
|
|
|
union nd_opts ndopts;
|
2015-12-31 05:03:27 +00:00
|
|
|
u_char linkhdr[LLE_MAX_LINKHDR];
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
|
2019-11-07 18:29:51 +00:00
|
|
|
char *lladdr;
|
|
|
|
size_t linkhdrsize;
|
|
|
|
int flags, is_override, is_router, is_solicited;
|
|
|
|
int lladdr_off, lladdrlen, checklink;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
Widen NET_EPOCH coverage.
When epoch(9) was introduced to network stack, it was basically
dropped in place of existing locking, which was mutexes and
rwlocks. For the sake of performance mutex covered areas were
as small as possible, so became epoch covered areas.
However, epoch doesn't introduce any contention, it just delays
memory reclaim. So, there is no point to minimise epoch covered
areas in sense of performance. Meanwhile entering/exiting epoch
also has non-zero CPU usage, so doing this less often is a win.
Not the least is also code maintainability. In the new paradigm
we can assume that at any stage of processing a packet, we are
inside network epoch. This makes coding both input and output
path way easier.
On output path we already enter epoch quite early - in the
ip_output(), in the ip6_output().
This patch does the same for the input path. All ISR processing,
network related callouts, other ways of packet injection to the
network stack shall be performed in net_epoch. Any leaf function
that walks network configuration now asserts epoch.
Tricky part is configuration code paths - ioctls, sysctls. They
also call into leaf functions, so some need to be changed.
This patch would introduce more epoch recursions (see EPOCH_TRACE)
than we had before. They will be cleaned up separately, as several
of them aren't trivial. Note, that unlike a lock recursion the
epoch recursion is safe and just wastes a bit of resources.
Reviewed by: gallatin, hselasky, cy, adrian, kristof
Differential Revision: https://reviews.freebsd.org/D19111
2019-10-07 22:40:05 +00:00
|
|
|
NET_EPOCH_ASSERT();
|
|
|
|
|
2019-11-07 18:29:51 +00:00
|
|
|
chain = NULL;
|
|
|
|
ln = NULL;
|
|
|
|
checklink = 0;
|
|
|
|
|
2017-12-15 12:37:32 +00:00
|
|
|
/* RFC 6980: Nodes MUST silently ignore fragments */
|
|
|
|
if(m->m_flags & M_FRAGMENTED)
|
|
|
|
goto freeit;
|
|
|
|
|
2019-11-07 18:29:51 +00:00
|
|
|
ifp = m->m_pkthdr.rcvif;
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
1999-11-22 02:45:11 +00:00
|
|
|
if (ip6->ip6_hlim != 255) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_ERR,
|
|
|
|
"nd6_na_input: invalid hlim (%d) from %s to %s on %s\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
|
|
|
|
ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
2000-07-04 16:35:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#ifndef PULLDOWN_TEST
|
|
|
|
IP6_EXTHDR_CHECK(m, off, icmp6len,);
|
|
|
|
nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off);
|
|
|
|
#else
|
|
|
|
IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len);
|
|
|
|
if (nd_na == NULL) {
|
2009-04-12 13:22:33 +00:00
|
|
|
ICMP6STAT_INC(icp6s_tooshort);
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
|
|
|
}
|
2000-07-04 16:35:15 +00:00
|
|
|
#endif
|
2005-07-25 12:31:43 +00:00
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
flags = nd_na->nd_na_flags_reserved;
|
|
|
|
is_router = ((flags & ND_NA_FLAG_ROUTER) != 0);
|
|
|
|
is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0);
|
|
|
|
is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2005-07-25 12:31:43 +00:00
|
|
|
taddr6 = nd_na->nd_na_target;
|
|
|
|
if (in6_setscope(&taddr6, ifp, NULL))
|
2005-09-16 01:42:50 +00:00
|
|
|
goto bad; /* XXX: impossible */
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_ERR,
|
1999-11-22 02:45:11 +00:00
|
|
|
"nd6_na_input: invalid target address %s\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6bufs, &taddr6)));
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2019-11-07 18:29:51 +00:00
|
|
|
|
|
|
|
daddr6 = ip6->ip6_dst;
|
1999-11-22 02:45:11 +00:00
|
|
|
if (IN6_IS_ADDR_MULTICAST(&daddr6))
|
|
|
|
if (is_solicited) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_ERR,
|
|
|
|
"nd6_na_input: a solicited adv is multicasted\n"));
|
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
icmp6len -= sizeof(*nd_na);
|
|
|
|
nd6_option_init(nd_na + 1, icmp6len, &ndopts);
|
|
|
|
if (nd6_options(&ndopts) < 0) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_INFO,
|
|
|
|
"nd6_na_input: invalid ND option, ignored\n"));
|
|
|
|
/* nd6_options have incremented stats */
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2019-11-07 18:29:51 +00:00
|
|
|
lladdr = NULL;
|
|
|
|
lladdrlen = 0;
|
1999-11-22 02:45:11 +00:00
|
|
|
if (ndopts.nd_opts_tgt_lladdr) {
|
|
|
|
lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1);
|
|
|
|
lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
|
|
|
|
}
|
|
|
|
|
A major overhaul of the CARP implementation. The ip_carp.c was started
from scratch, copying needed functionality from the old implemenation
on demand, with a thorough review of all code. The main change is that
interface layer has been removed from the CARP. Now redundant addresses
are configured exactly on the interfaces, they run on.
The CARP configuration itself is, as before, configured and read via
SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or
SIOCAIFADDR_IN6 may now be configured to a particular virtual host id,
which makes the prefix redundant.
ifconfig(8) semantics has been changed too: now one doesn't need
to clone carpXX interface, he/she should directly configure a vhid
on a Ethernet interface.
To supply vhid data from the kernel to an application the getifaddrs(8)
function had been changed to pass ifam_data with each address. [1]
The new implementation definitely closes all PRs related to carp(4)
being an interface, and may close several others. It also allows
to run a single redundant IP per interface.
Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for
idea on using ifam_data and for several rounds of reviewing!
PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448
Reviewed by: bz
Submitted by: bz [1]
2011-12-16 12:16:56 +00:00
|
|
|
/*
|
|
|
|
* This effectively disables the DAD check on a non-master CARP
|
|
|
|
* address.
|
|
|
|
*/
|
|
|
|
if (ifp->if_carp)
|
|
|
|
ifa = (*carp_iamatch6_p)(ifp, &taddr6);
|
|
|
|
else
|
|
|
|
ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Target address matches one of my interface address.
|
|
|
|
*
|
|
|
|
* If my address is tentative, this means that there's somebody
|
|
|
|
* already using the same address as mine. This indicates DAD failure.
|
|
|
|
* This is defined in RFC 2462.
|
|
|
|
*
|
|
|
|
* Otherwise, process as defined in RFC 2461.
|
|
|
|
*/
|
|
|
|
if (ifa
|
|
|
|
&& (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) {
|
|
|
|
nd6_dad_na_input(ifa);
|
2015-03-19 00:04:25 +00:00
|
|
|
ifa_free(ifa);
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2002-04-19 04:46:24 +00:00
|
|
|
/* Just for safety, maybe unnecessary. */
|
1999-11-22 02:45:11 +00:00
|
|
|
if (ifa) {
|
2009-06-23 20:19:09 +00:00
|
|
|
ifa_free(ifa);
|
1999-11-22 02:45:11 +00:00
|
|
|
log(LOG_ERR,
|
|
|
|
"nd6_na_input: duplicate IP6 address %s\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6bufs, &taddr6));
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
|
2003-10-09 16:13:47 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_na_input: lladdrlen mismatch for %s "
|
2006-12-12 12:17:58 +00:00
|
|
|
"(if %d, NA packet %d)\n", ip6_sprintf(ip6bufs, &taddr6),
|
2003-10-09 16:13:47 +00:00
|
|
|
ifp->if_addrlen, lladdrlen - 2));
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2003-10-09 16:13:47 +00:00
|
|
|
* If no neighbor cache entry is found, NA SHOULD silently be
|
|
|
|
* discarded.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
ln = nd6_lookup(&taddr6, LLE_EXCLUSIVE, ifp);
|
|
|
|
if (ln == NULL) {
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
|
|
|
|
/*
|
|
|
|
* If the link-layer has address, and no lladdr option came,
|
|
|
|
* discard the packet.
|
|
|
|
*/
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
if (ifp->if_addrlen && lladdr == NULL) {
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Record link-layer address, and update the state.
|
|
|
|
*/
|
2015-12-31 05:03:27 +00:00
|
|
|
linkhdrsize = sizeof(linkhdr);
|
|
|
|
if (lltable_calc_llheader(ifp, AF_INET6, lladdr,
|
|
|
|
linkhdr, &linkhdrsize, &lladdr_off) != 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (lltable_try_set_entry_addr(ifp, ln, linkhdr, linkhdrsize,
|
|
|
|
lladdr_off) == 0) {
|
2015-12-13 07:39:49 +00:00
|
|
|
ln = NULL;
|
|
|
|
goto freeit;
|
|
|
|
}
|
2013-01-26 00:05:22 +00:00
|
|
|
EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED);
|
2015-09-27 05:29:34 +00:00
|
|
|
if (is_solicited)
|
2015-09-21 11:19:53 +00:00
|
|
|
nd6_llinfo_setstate(ln, ND6_LLINFO_REACHABLE);
|
2015-09-27 05:29:34 +00:00
|
|
|
else
|
2015-09-21 11:19:53 +00:00
|
|
|
nd6_llinfo_setstate(ln, ND6_LLINFO_STALE);
|
2001-06-11 12:39:29 +00:00
|
|
|
if ((ln->ln_router = is_router) != 0) {
|
|
|
|
/*
|
|
|
|
* This means a router's state has changed from
|
|
|
|
* non-reachable to probably reachable, and might
|
|
|
|
* affect the status of associated prefixes..
|
|
|
|
*/
|
2008-12-24 01:08:18 +00:00
|
|
|
checklink = 1;
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
} else {
|
|
|
|
int llchange;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check if the link-layer address has changed or not.
|
|
|
|
*/
|
2005-10-19 10:09:19 +00:00
|
|
|
if (lladdr == NULL)
|
1999-11-22 02:45:11 +00:00
|
|
|
llchange = 0;
|
|
|
|
else {
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
if (ln->la_flags & LLE_VALID) {
|
2015-12-31 05:03:27 +00:00
|
|
|
if (bcmp(lladdr, ln->ll_addr, ifp->if_addrlen))
|
1999-11-22 02:45:11 +00:00
|
|
|
llchange = 1;
|
|
|
|
else
|
|
|
|
llchange = 0;
|
|
|
|
} else
|
|
|
|
llchange = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This is VERY complex. Look at it with care.
|
|
|
|
*
|
|
|
|
* override solicit lladdr llchange action
|
|
|
|
* (L: record lladdr)
|
|
|
|
*
|
|
|
|
* 0 0 n -- (2c)
|
|
|
|
* 0 0 y n (2b) L
|
|
|
|
* 0 0 y y (1) REACHABLE->STALE
|
|
|
|
* 0 1 n -- (2c) *->REACHABLE
|
|
|
|
* 0 1 y n (2b) L *->REACHABLE
|
|
|
|
* 0 1 y y (1) REACHABLE->STALE
|
|
|
|
* 1 0 n -- (2a)
|
|
|
|
* 1 0 y n (2a) L
|
|
|
|
* 1 0 y y (2a) L *->STALE
|
|
|
|
* 1 1 n -- (2a) *->REACHABLE
|
|
|
|
* 1 1 y n (2a) L *->REACHABLE
|
|
|
|
* 1 1 y y (2a) L *->REACHABLE
|
|
|
|
*/
|
2005-10-21 16:23:01 +00:00
|
|
|
if (!is_override && (lladdr != NULL && llchange)) { /* (1) */
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
* If state is REACHABLE, make it STALE.
|
|
|
|
* no other updates should be done.
|
|
|
|
*/
|
2015-09-21 11:19:53 +00:00
|
|
|
if (ln->ln_state == ND6_LLINFO_REACHABLE)
|
|
|
|
nd6_llinfo_setstate(ln, ND6_LLINFO_STALE);
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
} else if (is_override /* (2a) */
|
2005-10-19 10:09:19 +00:00
|
|
|
|| (!is_override && (lladdr != NULL && !llchange)) /* (2b) */
|
|
|
|
|| lladdr == NULL) { /* (2c) */
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
* Update link-local address, if any.
|
|
|
|
*/
|
2005-10-19 10:09:19 +00:00
|
|
|
if (lladdr != NULL) {
|
2015-12-31 05:03:27 +00:00
|
|
|
linkhdrsize = sizeof(linkhdr);
|
|
|
|
if (lltable_calc_llheader(ifp, AF_INET6, lladdr,
|
|
|
|
linkhdr, &linkhdrsize, &lladdr_off) != 0)
|
|
|
|
goto freeit;
|
|
|
|
if (lltable_try_set_entry_addr(ifp, ln, linkhdr,
|
|
|
|
linkhdrsize, lladdr_off) == 0) {
|
2015-12-13 07:39:49 +00:00
|
|
|
ln = NULL;
|
|
|
|
goto freeit;
|
|
|
|
}
|
2013-01-26 00:05:22 +00:00
|
|
|
EVENTHANDLER_INVOKE(lle_event, ln,
|
|
|
|
LLENTRY_RESOLVED);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If solicited, make the state REACHABLE.
|
|
|
|
* If not solicited and the link-layer address was
|
|
|
|
* changed, make it STALE.
|
|
|
|
*/
|
2015-09-27 05:29:34 +00:00
|
|
|
if (is_solicited)
|
2015-09-21 11:19:53 +00:00
|
|
|
nd6_llinfo_setstate(ln, ND6_LLINFO_REACHABLE);
|
2015-09-27 05:29:34 +00:00
|
|
|
else {
|
2015-09-21 11:19:53 +00:00
|
|
|
if (lladdr != NULL && llchange)
|
|
|
|
nd6_llinfo_setstate(ln, ND6_LLINFO_STALE);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ln->ln_router && !is_router) {
|
|
|
|
/*
|
|
|
|
* The peer dropped the router flag.
|
|
|
|
* Remove the sender from the Default Router List and
|
|
|
|
* update the Destination Cache entries.
|
|
|
|
*/
|
2016-01-01 12:35:33 +00:00
|
|
|
struct ifnet *nd6_ifp;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2016-01-01 12:35:33 +00:00
|
|
|
nd6_ifp = lltable_get_ifp(ln->lle_tbl);
|
2016-03-17 19:01:44 +00:00
|
|
|
if (!defrouter_remove(&ln->r_l3addr.addr6, nd6_ifp) &&
|
|
|
|
(ND_IFINFO(nd6_ifp)->flags &
|
|
|
|
ND6_IFF_ACCEPT_RTADV) != 0)
|
|
|
|
/*
|
|
|
|
* Even if the neighbor is not in the default
|
|
|
|
* router list, the neighbor may be used as a
|
|
|
|
* next hop for some destinations (e.g. redirect
|
|
|
|
* case). So we must call rt6_flush explicitly.
|
|
|
|
*/
|
|
|
|
rt6_flush(&ip6->ip6_src, ifp);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
ln->ln_router = is_router;
|
|
|
|
}
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
/* XXX - QL
|
|
|
|
* Does this matter?
|
|
|
|
* rt->rt_flags &= ~RTF_REJECT;
|
|
|
|
*/
|
|
|
|
ln->la_asked = 0;
|
2019-11-07 18:29:51 +00:00
|
|
|
if (ln->la_hold != NULL) {
|
|
|
|
memset(&sin6, 0, sizeof(sin6));
|
2015-01-08 18:02:05 +00:00
|
|
|
nd6_grab_holdchain(ln, &chain, &sin6);
|
2019-11-07 18:29:51 +00:00
|
|
|
}
|
2000-07-04 16:35:15 +00:00
|
|
|
freeit:
|
2015-01-08 18:02:05 +00:00
|
|
|
if (ln != NULL)
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
LLE_WUNLOCK(ln);
|
|
|
|
|
2015-01-08 18:02:05 +00:00
|
|
|
if (chain != NULL)
|
2017-12-25 04:48:39 +00:00
|
|
|
nd6_flush_holdchain(ifp, chain, &sin6);
|
2015-01-08 18:02:05 +00:00
|
|
|
|
2008-12-24 01:08:18 +00:00
|
|
|
if (checklink)
|
|
|
|
pfxlist_onlink_check();
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
m_freem(m);
|
2001-06-11 12:39:29 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
bad:
|
2008-12-16 02:47:22 +00:00
|
|
|
if (ln != NULL)
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
LLE_WUNLOCK(ln);
|
|
|
|
|
2009-04-12 13:22:33 +00:00
|
|
|
ICMP6STAT_INC(icp6s_badna);
|
2001-06-11 12:39:29 +00:00
|
|
|
m_freem(m);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Neighbor advertisement output handling.
|
|
|
|
*
|
|
|
|
* Based on RFC 2461
|
|
|
|
*
|
2000-07-04 16:35:15 +00:00
|
|
|
* the following items are not implemented yet:
|
|
|
|
* - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
|
|
|
|
* - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
|
2007-07-05 16:23:49 +00:00
|
|
|
*
|
|
|
|
* tlladdr - 1 if include target link-layer address
|
|
|
|
* sdl0 - sockaddr_dl (= proxy NA) or NULL
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2012-02-14 11:51:32 +00:00
|
|
|
static void
|
|
|
|
nd6_na_output_fib(struct ifnet *ifp, const struct in6_addr *daddr6_0,
|
2007-07-05 16:23:49 +00:00
|
|
|
const struct in6_addr *taddr6, u_long flags, int tlladdr,
|
2012-02-14 11:51:32 +00:00
|
|
|
struct sockaddr *sdl0, u_int fibnum)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct mbuf *m;
|
2010-08-19 11:31:03 +00:00
|
|
|
struct m_tag *mtag;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ip6_hdr *ip6;
|
|
|
|
struct nd_neighbor_advert *nd_na;
|
|
|
|
struct ip6_moptions im6o;
|
2016-01-10 13:40:29 +00:00
|
|
|
struct in6_addr daddr6, dst6, src6;
|
|
|
|
uint32_t scopeid;
|
|
|
|
|
2005-07-25 12:31:43 +00:00
|
|
|
int icmp6len, maxlen, error;
|
2002-03-19 23:26:37 +00:00
|
|
|
caddr_t mac = NULL;
|
2005-07-25 12:31:43 +00:00
|
|
|
|
|
|
|
daddr6 = *daddr6_0; /* make a local copy for modification */
|
2000-07-04 16:35:15 +00:00
|
|
|
|
|
|
|
/* estimate the size of message */
|
|
|
|
maxlen = sizeof(*ip6) + sizeof(*nd_na);
|
|
|
|
maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
|
2015-04-09 12:57:58 +00:00
|
|
|
KASSERT(max_linkhdr + maxlen <= MCLBYTES, (
|
|
|
|
"%s: max_linkhdr + maxlen > MCLBYTES (%d + %d > %d)",
|
|
|
|
__func__, max_linkhdr, maxlen, MCLBYTES));
|
2000-07-04 16:35:15 +00:00
|
|
|
|
2013-03-15 13:48:53 +00:00
|
|
|
if (max_linkhdr + maxlen > MHLEN)
|
|
|
|
m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
|
|
|
|
else
|
|
|
|
m = m_gethdr(M_NOWAIT, MT_DATA);
|
2000-07-04 16:35:15 +00:00
|
|
|
if (m == NULL)
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
2012-02-14 11:51:32 +00:00
|
|
|
M_SETFIB(m, fibnum);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2005-07-25 12:31:43 +00:00
|
|
|
if (IN6_IS_ADDR_MULTICAST(&daddr6)) {
|
1999-11-22 02:45:11 +00:00
|
|
|
m->m_flags |= M_MCAST;
|
|
|
|
im6o.im6o_multicast_ifp = ifp;
|
|
|
|
im6o.im6o_multicast_hlim = 255;
|
|
|
|
im6o.im6o_multicast_loop = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
icmp6len = sizeof(*nd_na);
|
|
|
|
m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len;
|
To ease changes to underlying mbuf structure and the mbuf allocator, reduce
the knowledge of mbuf layout, and in particular constants such as M_EXT,
MLEN, MHLEN, and so on, in mbuf consumers by unifying various alignment
utility functions (M_ALIGN(), MH_ALIGN(), MEXT_ALIGN() in a single
M_ALIGN() macro, implemented by a now-inlined m_align() function:
- Move m_align() from uipc_mbuf.c to mbuf.h; mark as __inline.
- Reimplement M_ALIGN(), MH_ALIGN(), and MEXT_ALIGN() using m_align().
- Update consumers around the tree to simply use M_ALIGN().
This change eliminates a number of cases where mbuf consumers must be aware
of whether or not mbufs returned by the allocator use external storage, but
also assumptions about the size of the returned mbuf. This will make it
easier to introduce changes in how we use external storage, as well as
features such as variable-size mbufs.
Differential Revision: https://reviews.freebsd.org/D1436
Reviewed by: glebius, trasz, gnn, bz
Sponsored by: EMC / Isilon Storage Division
2015-01-05 09:58:32 +00:00
|
|
|
m->m_data += max_linkhdr; /* or M_ALIGN() equivalent? */
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/* fill neighbor advertisement packet */
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
ip6->ip6_flow = 0;
|
2000-07-04 16:35:15 +00:00
|
|
|
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
|
|
|
|
ip6->ip6_vfc |= IPV6_VERSION;
|
1999-11-22 02:45:11 +00:00
|
|
|
ip6->ip6_nxt = IPPROTO_ICMPV6;
|
|
|
|
ip6->ip6_hlim = 255;
|
2005-07-25 12:31:43 +00:00
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&daddr6)) {
|
1999-11-22 02:45:11 +00:00
|
|
|
/* reply to DAD */
|
2005-12-08 06:43:39 +00:00
|
|
|
daddr6.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
|
|
|
|
daddr6.s6_addr16[1] = 0;
|
|
|
|
daddr6.s6_addr32[1] = 0;
|
|
|
|
daddr6.s6_addr32[2] = 0;
|
|
|
|
daddr6.s6_addr32[3] = IPV6_ADDR_INT32_ONE;
|
2005-07-25 12:31:43 +00:00
|
|
|
if (in6_setscope(&daddr6, ifp, NULL))
|
|
|
|
goto bad;
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
flags &= ~ND_NA_FLAG_SOLICITED;
|
2005-07-25 12:31:43 +00:00
|
|
|
}
|
|
|
|
ip6->ip6_dst = daddr6;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Select a source whose scope is the same as that of the dest.
|
|
|
|
*/
|
2016-01-10 13:40:29 +00:00
|
|
|
in6_splitscope(&daddr6, &dst6, &scopeid);
|
Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0
sys/netinet6/icmp6.c
Use the interface's FIB for source address selection in ICMPv6 error
responses.
sys/netinet6/in6.c
In in6_newaddrmsg, announce arrival of local addresses on the
interface's FIB only. In in6_lltable_rtcheck, use a per-fib ND6
cache instead of a single cache.
sys/netinet6/in6_src.c
In in6_selectsrc, use the caller's fib instead of the default fib.
In in6_selectsrc_socket, remove a superfluous check.
sys/netinet6/nd6.c
In nd6_lle_event, use the interface's fib for routing socket
messages. In nd6_is_new_addr_neighbor, check all FIBs when trying
to determine whether an address is a neighbor. Also, simplify the
code for point to point interfaces.
sys/netinet6/nd6.h
sys/netinet6/nd6.c
sys/netinet6/nd6_rtr.c
Make defrouter_select fib-aware, and make all of its callers pass in
the interface fib.
sys/netinet6/nd6_nbr.c
When inputting a Neighbor Solicitation packet, consider the
interface fib instead of the default fib for DAD. Output NS and
Neighbor Advertisement packets on the correct fib.
sys/netinet6/nd6_rtr.c
Allow installing the same host route on different interfaces in
different FIBs. If rt_add_addr_allfibs=0, only install or delete
the prefix route on the interface fib.
tests/sys/netinet/fibs_test.sh
Clear some expected failures, but add a skip for the newly revealed
BUG217871.
PR: 196361
Submitted by: Erick Turnquist <jhujhiti@adjectivism.org>
Reported by: Jason Healy <jhealy@logn.net>
Reviewed by: asomers
MFC after: 3 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D9451
2017-03-17 16:50:37 +00:00
|
|
|
error = in6_selectsrc_addr(fibnum, &dst6,
|
2016-01-10 13:40:29 +00:00
|
|
|
scopeid, ifp, &src6, NULL);
|
2009-06-23 22:08:55 +00:00
|
|
|
if (error) {
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
2005-07-25 12:31:43 +00:00
|
|
|
nd6log((LOG_DEBUG, "nd6_na_output: source can't be "
|
|
|
|
"determined: dst=%s, error=%d\n",
|
2016-01-10 13:40:29 +00:00
|
|
|
ip6_sprintf(ip6buf, &daddr6), error));
|
2005-07-25 12:31:43 +00:00
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2016-01-10 13:40:29 +00:00
|
|
|
ip6->ip6_src = src6;
|
1999-11-22 02:45:11 +00:00
|
|
|
nd_na = (struct nd_neighbor_advert *)(ip6 + 1);
|
|
|
|
nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
|
|
|
|
nd_na->nd_na_code = 0;
|
|
|
|
nd_na->nd_na_target = *taddr6;
|
2003-10-21 20:05:32 +00:00
|
|
|
in6_clearscope(&nd_na->nd_na_target); /* XXX */
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* "tlladdr" indicates NS's condition for adding tlladdr or not.
|
|
|
|
* see nd6_ns_input() for details.
|
|
|
|
* Basically, if NS packet is sent to unicast/anycast addr,
|
|
|
|
* target lladdr option SHOULD NOT be included.
|
|
|
|
*/
|
2000-07-04 16:35:15 +00:00
|
|
|
if (tlladdr) {
|
|
|
|
/*
|
|
|
|
* sdl0 != NULL indicates proxy NA. If we do proxy, use
|
|
|
|
* lladdr in sdl0. If we are not proxying (sending NA for
|
|
|
|
* my address) use lladdr configured for the interface.
|
|
|
|
*/
|
2005-02-22 13:04:05 +00:00
|
|
|
if (sdl0 == NULL) {
|
|
|
|
if (ifp->if_carp)
|
2010-08-11 00:51:50 +00:00
|
|
|
mac = (*carp_macmatch6_p)(ifp, m, taddr6);
|
2005-02-22 13:04:05 +00:00
|
|
|
if (mac == NULL)
|
|
|
|
mac = nd6_ifptomac(ifp);
|
|
|
|
} else if (sdl0->sa_family == AF_LINK) {
|
2000-07-04 16:35:15 +00:00
|
|
|
struct sockaddr_dl *sdl;
|
|
|
|
sdl = (struct sockaddr_dl *)sdl0;
|
|
|
|
if (sdl->sdl_alen == ifp->if_addrlen)
|
|
|
|
mac = LLADDR(sdl);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (tlladdr && mac) {
|
1999-11-22 02:45:11 +00:00
|
|
|
int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
|
|
|
|
struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1);
|
2003-10-09 16:13:47 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/* roundup to 8 bytes alignment! */
|
|
|
|
optlen = (optlen + 7) & ~7;
|
|
|
|
|
|
|
|
m->m_pkthdr.len += optlen;
|
|
|
|
m->m_len += optlen;
|
|
|
|
icmp6len += optlen;
|
|
|
|
bzero((caddr_t)nd_opt, optlen);
|
|
|
|
nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR;
|
|
|
|
nd_opt->nd_opt_len = optlen >> 3;
|
|
|
|
bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen);
|
|
|
|
} else
|
|
|
|
flags &= ~ND_NA_FLAG_OVERRIDE;
|
|
|
|
|
|
|
|
ip6->ip6_plen = htons((u_short)icmp6len);
|
|
|
|
nd_na->nd_na_flags_reserved = flags;
|
|
|
|
nd_na->nd_na_cksum = 0;
|
|
|
|
nd_na->nd_na_cksum =
|
2003-10-09 16:13:47 +00:00
|
|
|
in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2010-08-19 11:31:03 +00:00
|
|
|
if (send_sendso_input_hook != NULL) {
|
|
|
|
mtag = m_tag_get(PACKET_TAG_ND_OUTGOING,
|
|
|
|
sizeof(unsigned short), M_NOWAIT);
|
|
|
|
if (mtag == NULL)
|
|
|
|
goto bad;
|
|
|
|
*(unsigned short *)(mtag + 1) = nd_na->nd_na_type;
|
|
|
|
m_tag_prepend(m, mtag);
|
|
|
|
}
|
|
|
|
|
2016-01-03 10:43:23 +00:00
|
|
|
ip6_output(m, NULL, NULL, 0, &im6o, NULL, NULL);
|
2005-07-25 12:31:43 +00:00
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_msg);
|
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_neighboradvert);
|
2009-04-12 13:22:33 +00:00
|
|
|
ICMP6STAT_INC(icp6s_outhist[ND_NEIGHBOR_ADVERT]);
|
2005-07-25 12:31:43 +00:00
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
bad:
|
|
|
|
m_freem(m);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2012-02-14 11:51:32 +00:00
|
|
|
#ifndef BURN_BRIDGES
|
|
|
|
void
|
|
|
|
nd6_na_output(struct ifnet *ifp, const struct in6_addr *daddr6_0,
|
|
|
|
const struct in6_addr *taddr6, u_long flags, int tlladdr,
|
|
|
|
struct sockaddr *sdl0)
|
|
|
|
{
|
|
|
|
|
|
|
|
nd6_na_output_fib(ifp, daddr6_0, taddr6, flags, tlladdr, sdl0,
|
|
|
|
RT_DEFAULT_FIB);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
caddr_t
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_ifptomac(struct ifnet *ifp)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
switch (ifp->if_type) {
|
|
|
|
case IFT_ETHER:
|
2001-06-11 12:39:29 +00:00
|
|
|
case IFT_IEEE1394:
|
2001-06-19 14:48:02 +00:00
|
|
|
case IFT_L2VLAN:
|
2011-03-21 09:40:01 +00:00
|
|
|
case IFT_INFINIBAND:
|
2005-09-06 21:11:59 +00:00
|
|
|
case IFT_BRIDGE:
|
2005-06-12 00:45:24 +00:00
|
|
|
return IF_LLADDR(ifp);
|
1999-11-22 02:45:11 +00:00
|
|
|
default:
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
struct dadq {
|
2000-05-26 02:09:24 +00:00
|
|
|
TAILQ_ENTRY(dadq) dad_list;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ifaddr *dad_ifa;
|
|
|
|
int dad_count; /* max NS to send */
|
2000-07-04 16:35:15 +00:00
|
|
|
int dad_ns_tcount; /* # of trials to send NS */
|
1999-11-22 02:45:11 +00:00
|
|
|
int dad_ns_ocount; /* NS sent so far */
|
|
|
|
int dad_ns_icount;
|
|
|
|
int dad_na_icount;
|
2015-03-02 17:30:26 +00:00
|
|
|
int dad_ns_lcount; /* looped back NS */
|
2015-03-05 21:27:49 +00:00
|
|
|
int dad_loopbackprobe; /* probing state for loopback detection */
|
2001-06-11 12:39:29 +00:00
|
|
|
struct callout dad_timer_ch;
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
struct vnet *dad_vnet;
|
2014-12-08 04:44:40 +00:00
|
|
|
u_int dad_refcnt;
|
2015-03-02 17:30:26 +00:00
|
|
|
#define ND_OPT_NONCE_LEN32 \
|
|
|
|
((ND_OPT_NONCE_LEN + sizeof(uint32_t) - 1)/sizeof(uint32_t))
|
|
|
|
uint32_t dad_nonce[ND_OPT_NONCE_LEN32];
|
2018-03-24 13:18:09 +00:00
|
|
|
bool dad_ondadq; /* on dadq? Protected by DADQ_WLOCK. */
|
1999-11-22 02:45:11 +00:00
|
|
|
};
|
|
|
|
|
2018-07-24 16:35:52 +00:00
|
|
|
VNET_DEFINE_STATIC(TAILQ_HEAD(, dadq), dadq);
|
|
|
|
VNET_DEFINE_STATIC(struct rwlock, dad_rwlock);
|
2014-05-29 20:53:53 +00:00
|
|
|
#define V_dadq VNET(dadq)
|
|
|
|
#define V_dad_rwlock VNET(dad_rwlock)
|
|
|
|
|
|
|
|
#define DADQ_RLOCK() rw_rlock(&V_dad_rwlock)
|
|
|
|
#define DADQ_RUNLOCK() rw_runlock(&V_dad_rwlock)
|
|
|
|
#define DADQ_WLOCK() rw_wlock(&V_dad_rwlock)
|
|
|
|
#define DADQ_WUNLOCK() rw_wunlock(&V_dad_rwlock)
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2014-11-10 16:01:39 +00:00
|
|
|
static void
|
|
|
|
nd6_dad_add(struct dadq *dp)
|
|
|
|
{
|
|
|
|
|
|
|
|
DADQ_WLOCK();
|
2014-12-08 04:44:40 +00:00
|
|
|
TAILQ_INSERT_TAIL(&V_dadq, dp, dad_list);
|
2018-03-24 13:18:09 +00:00
|
|
|
dp->dad_ondadq = true;
|
2014-11-10 16:01:39 +00:00
|
|
|
DADQ_WUNLOCK();
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
nd6_dad_del(struct dadq *dp)
|
|
|
|
{
|
|
|
|
|
|
|
|
DADQ_WLOCK();
|
2018-03-24 13:18:09 +00:00
|
|
|
if (dp->dad_ondadq) {
|
|
|
|
/*
|
|
|
|
* Remove dp from the dadq and release the dadq's
|
|
|
|
* reference.
|
|
|
|
*/
|
|
|
|
TAILQ_REMOVE(&V_dadq, dp, dad_list);
|
|
|
|
dp->dad_ondadq = false;
|
|
|
|
DADQ_WUNLOCK();
|
|
|
|
nd6_dad_rele(dp);
|
|
|
|
} else
|
|
|
|
DADQ_WUNLOCK();
|
2014-11-10 16:01:39 +00:00
|
|
|
}
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
static struct dadq *
|
2015-03-02 17:30:26 +00:00
|
|
|
nd6_dad_find(struct ifaddr *ifa, struct nd_opt_nonce *n)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct dadq *dp;
|
|
|
|
|
2014-05-29 20:53:53 +00:00
|
|
|
DADQ_RLOCK();
|
2015-03-02 17:30:26 +00:00
|
|
|
TAILQ_FOREACH(dp, &V_dadq, dad_list) {
|
|
|
|
if (dp->dad_ifa != ifa)
|
|
|
|
continue;
|
|
|
|
/*
|
|
|
|
* Skip if the nonce matches the received one.
|
|
|
|
* +2 in the length is required because of type and
|
|
|
|
* length fields are included in a header.
|
|
|
|
*/
|
|
|
|
if (n != NULL &&
|
|
|
|
n->nd_opt_nonce_len == (ND_OPT_NONCE_LEN + 2) / 8 &&
|
|
|
|
memcmp(&n->nd_opt_nonce[0], &dp->dad_nonce[0],
|
|
|
|
ND_OPT_NONCE_LEN) == 0) {
|
|
|
|
dp->dad_ns_lcount++;
|
|
|
|
continue;
|
2014-12-08 04:44:40 +00:00
|
|
|
}
|
2015-03-02 17:30:26 +00:00
|
|
|
refcount_acquire(&dp->dad_refcnt);
|
|
|
|
break;
|
|
|
|
}
|
2014-05-29 20:53:53 +00:00
|
|
|
DADQ_RUNLOCK();
|
2011-10-13 13:33:23 +00:00
|
|
|
|
2014-12-11 09:16:45 +00:00
|
|
|
return (dp);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
static void
|
2015-10-03 12:09:12 +00:00
|
|
|
nd6_dad_starttimer(struct dadq *dp, int ticks, int send_ns)
|
2001-06-11 12:39:29 +00:00
|
|
|
{
|
|
|
|
|
2019-10-22 16:06:33 +00:00
|
|
|
NET_EPOCH_ASSERT();
|
Widen NET_EPOCH coverage.
When epoch(9) was introduced to network stack, it was basically
dropped in place of existing locking, which was mutexes and
rwlocks. For the sake of performance mutex covered areas were
as small as possible, so became epoch covered areas.
However, epoch doesn't introduce any contention, it just delays
memory reclaim. So, there is no point to minimise epoch covered
areas in sense of performance. Meanwhile entering/exiting epoch
also has non-zero CPU usage, so doing this less often is a win.
Not the least is also code maintainability. In the new paradigm
we can assume that at any stage of processing a packet, we are
inside network epoch. This makes coding both input and output
path way easier.
On output path we already enter epoch quite early - in the
ip_output(), in the ip6_output().
This patch does the same for the input path. All ISR processing,
network related callouts, other ways of packet injection to the
network stack shall be performed in net_epoch. Any leaf function
that walks network configuration now asserts epoch.
Tricky part is configuration code paths - ioctls, sysctls. They
also call into leaf functions, so some need to be changed.
This patch would introduce more epoch recursions (see EPOCH_TRACE)
than we had before. They will be cleaned up separately, as several
of them aren't trivial. Note, that unlike a lock recursion the
epoch recursion is safe and just wastes a bit of resources.
Reviewed by: gallatin, hselasky, cy, adrian, kristof
Differential Revision: https://reviews.freebsd.org/D19111
2019-10-07 22:40:05 +00:00
|
|
|
|
2019-10-22 16:06:33 +00:00
|
|
|
if (send_ns != 0)
|
2015-10-03 12:09:12 +00:00
|
|
|
nd6_dad_ns_output(dp);
|
2001-06-11 12:39:29 +00:00
|
|
|
callout_reset(&dp->dad_timer_ch, ticks,
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
(void (*)(void *))nd6_dad_timer, (void *)dp);
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_stoptimer(struct dadq *dp)
|
2001-06-11 12:39:29 +00:00
|
|
|
{
|
|
|
|
|
2014-12-08 04:44:40 +00:00
|
|
|
callout_drain(&dp->dad_timer_ch);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
nd6_dad_rele(struct dadq *dp)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (refcount_release(&dp->dad_refcnt)) {
|
|
|
|
ifa_free(dp->dad_ifa);
|
|
|
|
free(dp, M_IP6NDP);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
nd6_dad_init(void)
|
|
|
|
{
|
|
|
|
|
|
|
|
rw_init(&V_dad_rwlock, "nd6 DAD queue");
|
|
|
|
TAILQ_INIT(&V_dadq);
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
2005-08-12 15:27:25 +00:00
|
|
|
* Start Duplicate Address Detection (DAD) for specified interface address.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_start(struct ifaddr *ifa, int delay)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
|
|
|
|
struct dadq *dp;
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
2019-10-22 16:06:33 +00:00
|
|
|
struct epoch_tracker et;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2016-09-24 21:40:24 +00:00
|
|
|
KASSERT((ia->ia6_flags & IN6_IFF_TENTATIVE) != 0,
|
|
|
|
("starting DAD on non-tentative address %p", ifa));
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
* If we don't need DAD, don't do it.
|
|
|
|
* There are several cases:
|
2016-09-24 21:40:24 +00:00
|
|
|
* - DAD is disabled globally or on the interface
|
1999-11-22 02:45:11 +00:00
|
|
|
* - the interface address is anycast
|
|
|
|
*/
|
2016-09-24 21:40:24 +00:00
|
|
|
if ((ia->ia6_flags & IN6_IFF_ANYCAST) != 0 ||
|
|
|
|
V_ip6_dad_count == 0 ||
|
|
|
|
(ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_NO_DAD) != 0) {
|
2015-08-24 05:21:49 +00:00
|
|
|
ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
2003-10-09 16:13:47 +00:00
|
|
|
}
|
2016-09-24 21:40:24 +00:00
|
|
|
if ((ifa->ifa_ifp->if_flags & IFF_UP) == 0 ||
|
|
|
|
(ifa->ifa_ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
|
|
|
|
(ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_IFDISABLED) != 0)
|
2009-09-12 22:08:20 +00:00
|
|
|
return;
|
2016-09-24 21:40:24 +00:00
|
|
|
|
2015-03-02 17:30:26 +00:00
|
|
|
if ((dp = nd6_dad_find(ifa, NULL)) != NULL) {
|
2015-10-03 12:09:12 +00:00
|
|
|
/*
|
2016-02-18 00:00:51 +00:00
|
|
|
* DAD is already in progress. Let the existing entry
|
|
|
|
* finish it.
|
2015-10-03 12:09:12 +00:00
|
|
|
*/
|
2016-02-18 00:00:51 +00:00
|
|
|
nd6_dad_rele(dp);
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2014-12-08 04:44:40 +00:00
|
|
|
dp = malloc(sizeof(*dp), M_IP6NDP, M_NOWAIT | M_ZERO);
|
1999-11-22 02:45:11 +00:00
|
|
|
if (dp == NULL) {
|
2000-07-04 16:35:15 +00:00
|
|
|
log(LOG_ERR, "nd6_dad_start: memory allocation failed for "
|
1999-11-22 02:45:11 +00:00
|
|
|
"%s(%s)\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
|
1999-11-22 02:45:11 +00:00
|
|
|
ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
|
|
|
|
return;
|
|
|
|
}
|
2001-06-11 12:39:29 +00:00
|
|
|
callout_init(&dp->dad_timer_ch, 0);
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
#ifdef VIMAGE
|
|
|
|
dp->dad_vnet = curvnet;
|
|
|
|
#endif
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp),
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Send NS packet for DAD, ip6_dad_count times.
|
|
|
|
* Note that we must delay the first transmission, if this is the
|
|
|
|
* first packet to be sent from the interface after interface
|
|
|
|
* (re)initialization.
|
|
|
|
*/
|
|
|
|
dp->dad_ifa = ifa;
|
2014-12-08 04:44:40 +00:00
|
|
|
ifa_ref(dp->dad_ifa);
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
dp->dad_count = V_ip6_dad_count;
|
1999-11-22 02:45:11 +00:00
|
|
|
dp->dad_ns_icount = dp->dad_na_icount = 0;
|
2000-07-04 16:35:15 +00:00
|
|
|
dp->dad_ns_ocount = dp->dad_ns_tcount = 0;
|
2015-03-05 21:27:49 +00:00
|
|
|
dp->dad_ns_lcount = dp->dad_loopbackprobe = 0;
|
2018-03-24 13:18:09 +00:00
|
|
|
|
|
|
|
/* Add this to the dadq and add a reference for the dadq. */
|
2014-12-08 04:44:40 +00:00
|
|
|
refcount_init(&dp->dad_refcnt, 1);
|
2014-11-10 16:01:39 +00:00
|
|
|
nd6_dad_add(dp);
|
2019-10-22 16:06:33 +00:00
|
|
|
NET_EPOCH_ENTER(et);
|
2016-06-02 17:17:15 +00:00
|
|
|
nd6_dad_starttimer(dp, delay, 0);
|
2019-10-22 16:06:33 +00:00
|
|
|
NET_EPOCH_EXIT(et);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
/*
|
|
|
|
* terminate DAD unconditionally. used for address removals.
|
|
|
|
*/
|
|
|
|
void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_stop(struct ifaddr *ifa)
|
2001-06-11 12:39:29 +00:00
|
|
|
{
|
|
|
|
struct dadq *dp;
|
|
|
|
|
2015-03-02 17:30:26 +00:00
|
|
|
dp = nd6_dad_find(ifa, NULL);
|
2001-06-11 12:39:29 +00:00
|
|
|
if (!dp) {
|
|
|
|
/* DAD wasn't started yet */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
nd6_dad_stoptimer(dp);
|
2014-11-10 16:01:39 +00:00
|
|
|
nd6_dad_del(dp);
|
2018-03-24 13:18:09 +00:00
|
|
|
|
|
|
|
/* Release this function's reference, acquired by nd6_dad_find(). */
|
2014-12-08 04:44:40 +00:00
|
|
|
nd6_dad_rele(dp);
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
static void
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
nd6_dad_timer(struct dadq *dp)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
Step 1.5 of importing the network stack virtualization infrastructure
from the vimage project, as per plan established at devsummit 08/08:
http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator
macros, and CURVNET_SET() context setting macros, all currently
resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a
family of SYSCTL_V_*() macros, currently resolving to their global
counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header
files specific to virtualized subsystems (sys/net/vnet.h,
sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this
point in time by doing MD5 comparision between pre- and post-change
object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec
Reviewed by: julian, bz, brooks, kris, rwatson, ...
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation
2008-10-02 15:37:58 +00:00
|
|
|
CURVNET_SET(dp->dad_vnet);
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
struct ifaddr *ifa = dp->dad_ifa;
|
2014-05-16 15:53:31 +00:00
|
|
|
struct ifnet *ifp = dp->dad_ifa->ifa_ifp;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
2019-10-22 16:06:33 +00:00
|
|
|
struct epoch_tracker et;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2016-09-24 21:40:24 +00:00
|
|
|
KASSERT(ia != NULL, ("DAD entry %p with no address", dp));
|
|
|
|
|
2019-10-22 16:06:33 +00:00
|
|
|
NET_EPOCH_ENTER(et);
|
2014-05-16 15:53:31 +00:00
|
|
|
if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) {
|
|
|
|
/* Do not need DAD for ifdisabled interface. */
|
|
|
|
log(LOG_ERR, "nd6_dad_timer: cancel DAD on %s because of "
|
|
|
|
"ND6_IFF_IFDISABLED.\n", ifp->if_xname);
|
2014-12-08 04:44:40 +00:00
|
|
|
goto err;
|
2014-05-16 15:53:31 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
if (ia->ia6_flags & IN6_IFF_DUPLICATED) {
|
2000-07-04 16:35:15 +00:00
|
|
|
log(LOG_ERR, "nd6_dad_timer: called with duplicated address "
|
1999-11-22 02:45:11 +00:00
|
|
|
"%s(%s)\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
|
1999-11-22 02:45:11 +00:00
|
|
|
ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
|
2014-12-08 04:44:40 +00:00
|
|
|
goto err;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2016-10-01 01:30:34 +00:00
|
|
|
if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) {
|
|
|
|
log(LOG_ERR, "nd6_dad_timer: called with non-tentative address "
|
|
|
|
"%s(%s)\n",
|
|
|
|
ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
|
|
|
|
ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
|
|
|
|
goto err;
|
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2015-03-05 21:27:49 +00:00
|
|
|
/* Stop DAD if the interface is down even after dad_maxtry attempts. */
|
|
|
|
if ((dp->dad_ns_tcount > V_dad_maxtry) &&
|
|
|
|
(((ifp->if_flags & IFF_UP) == 0) ||
|
|
|
|
((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0))) {
|
2015-10-03 12:09:12 +00:00
|
|
|
nd6log((LOG_INFO, "%s: could not run DAD "
|
|
|
|
"because the interface was down or not running.\n",
|
2003-10-09 16:13:47 +00:00
|
|
|
if_name(ifa->ifa_ifp)));
|
2014-12-08 04:44:40 +00:00
|
|
|
goto err;
|
2000-07-04 16:35:15 +00:00
|
|
|
}
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/* Need more checks? */
|
|
|
|
if (dp->dad_ns_ocount < dp->dad_count) {
|
|
|
|
/*
|
|
|
|
* We have more NS to go. Send NS packet for DAD.
|
|
|
|
*/
|
2003-10-09 16:13:47 +00:00
|
|
|
nd6_dad_starttimer(dp,
|
2015-10-03 12:09:12 +00:00
|
|
|
(long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000, 1);
|
2014-12-08 04:44:40 +00:00
|
|
|
goto done;
|
1999-11-22 02:45:11 +00:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* We have transmitted sufficient number of DAD packets.
|
|
|
|
* See what we've got.
|
|
|
|
*/
|
2014-12-08 04:44:40 +00:00
|
|
|
if (dp->dad_ns_icount > 0 || dp->dad_na_icount > 0)
|
|
|
|
/* We've seen NS or NA, means DAD has failed. */
|
2014-11-10 16:01:39 +00:00
|
|
|
nd6_dad_duplicated(ifa, dp);
|
2015-03-05 21:27:49 +00:00
|
|
|
else if (V_dad_enhanced != 0 &&
|
|
|
|
dp->dad_ns_lcount > 0 &&
|
|
|
|
dp->dad_ns_lcount > dp->dad_loopbackprobe) {
|
|
|
|
/*
|
2015-05-12 03:31:57 +00:00
|
|
|
* Sec. 4.1 in RFC 7527 requires transmission of
|
|
|
|
* additional probes until the loopback condition
|
|
|
|
* becomes clear when a looped back probe is detected.
|
2015-03-05 21:27:49 +00:00
|
|
|
*/
|
|
|
|
log(LOG_ERR, "%s: a looped back NS message is "
|
|
|
|
"detected during DAD for %s. "
|
|
|
|
"Another DAD probes are being sent.\n",
|
|
|
|
if_name(ifa->ifa_ifp),
|
|
|
|
ip6_sprintf(ip6buf, IFA_IN6(ifa)));
|
|
|
|
dp->dad_loopbackprobe = dp->dad_ns_lcount;
|
|
|
|
/*
|
|
|
|
* Send an NS immediately and increase dad_count by
|
|
|
|
* V_nd6_mmaxtries - 1.
|
|
|
|
*/
|
|
|
|
dp->dad_count =
|
|
|
|
dp->dad_ns_ocount + V_nd6_mmaxtries - 1;
|
|
|
|
nd6_dad_starttimer(dp,
|
2015-10-03 12:09:12 +00:00
|
|
|
(long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000,
|
|
|
|
1);
|
2015-03-05 21:27:49 +00:00
|
|
|
goto done;
|
|
|
|
} else {
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
* We are done with DAD. No NA came, no NS came.
|
2014-05-16 15:53:31 +00:00
|
|
|
* No duplicate address found. Check IFDISABLED flag
|
|
|
|
* again in case that it is changed between the
|
|
|
|
* beginning of this function and here.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2014-05-16 15:53:31 +00:00
|
|
|
if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) == 0)
|
|
|
|
ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_DEBUG,
|
2000-07-04 16:35:15 +00:00
|
|
|
"%s: DAD complete for %s - no duplicates found\n",
|
|
|
|
if_name(ifa->ifa_ifp),
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
|
2015-03-05 21:27:49 +00:00
|
|
|
if (dp->dad_ns_lcount > 0)
|
|
|
|
log(LOG_ERR, "%s: DAD completed while "
|
|
|
|
"a looped back NS message is detected "
|
|
|
|
"during DAD for %s.\n",
|
|
|
|
if_name(ifa->ifa_ifp),
|
|
|
|
ip6_sprintf(ip6buf, IFA_IN6(ifa)));
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
}
|
2014-12-08 04:44:40 +00:00
|
|
|
err:
|
|
|
|
nd6_dad_del(dp);
|
1999-11-22 02:45:11 +00:00
|
|
|
done:
|
2019-10-22 16:06:33 +00:00
|
|
|
NET_EPOCH_EXIT(et);
|
Step 1.5 of importing the network stack virtualization infrastructure
from the vimage project, as per plan established at devsummit 08/08:
http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator
macros, and CURVNET_SET() context setting macros, all currently
resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a
family of SYSCTL_V_*() macros, currently resolving to their global
counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header
files specific to virtualized subsystems (sys/net/vnet.h,
sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this
point in time by doing MD5 comparision between pre- and post-change
object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec
Reviewed by: julian, bz, brooks, kris, rwatson, ...
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation
2008-10-02 15:37:58 +00:00
|
|
|
CURVNET_RESTORE();
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2014-12-08 04:44:40 +00:00
|
|
|
static void
|
2014-11-10 16:01:39 +00:00
|
|
|
nd6_dad_duplicated(struct ifaddr *ifa, struct dadq *dp)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
|
2005-10-19 16:43:57 +00:00
|
|
|
struct ifnet *ifp;
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: "
|
2015-03-02 17:30:26 +00:00
|
|
|
"NS in/out/loopback=%d/%d/%d, NA in=%d\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
if_name(ifa->ifa_ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
|
2015-03-02 17:30:26 +00:00
|
|
|
dp->dad_ns_icount, dp->dad_ns_ocount, dp->dad_ns_lcount,
|
|
|
|
dp->dad_na_icount);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
|
|
|
|
ia->ia6_flags |= IN6_IFF_DUPLICATED;
|
|
|
|
|
2005-10-19 16:43:57 +00:00
|
|
|
ifp = ifa->ifa_ifp;
|
2000-07-04 16:35:15 +00:00
|
|
|
log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
if_name(ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr));
|
2000-07-04 16:35:15 +00:00
|
|
|
log(LOG_ERR, "%s: manual intervention required\n",
|
2005-10-19 16:43:57 +00:00
|
|
|
if_name(ifp));
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the address is a link-local address formed from an interface
|
|
|
|
* identifier based on the hardware address which is supposed to be
|
|
|
|
* uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP
|
|
|
|
* operation on the interface SHOULD be disabled.
|
2009-09-12 22:08:20 +00:00
|
|
|
* [RFC 4862, Section 5.4.5]
|
2005-10-19 16:43:57 +00:00
|
|
|
*/
|
|
|
|
if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
|
|
|
|
struct in6_addr in6;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* To avoid over-reaction, we only apply this logic when we are
|
|
|
|
* very sure that hardware addresses are supposed to be unique.
|
|
|
|
*/
|
|
|
|
switch (ifp->if_type) {
|
|
|
|
case IFT_ETHER:
|
|
|
|
case IFT_ATM:
|
|
|
|
case IFT_IEEE1394:
|
2011-03-21 09:40:01 +00:00
|
|
|
case IFT_INFINIBAND:
|
2005-10-19 16:43:57 +00:00
|
|
|
in6 = ia->ia_addr.sin6_addr;
|
|
|
|
if (in6_get_hw_ifid(ifp, &in6) == 0 &&
|
|
|
|
IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, &in6)) {
|
|
|
|
ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED;
|
|
|
|
log(LOG_ERR, "%s: possible hardware address "
|
|
|
|
"duplication detected, disable IPv6\n",
|
|
|
|
if_name(ifp));
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
static void
|
2015-10-03 12:09:12 +00:00
|
|
|
nd6_dad_ns_output(struct dadq *dp)
|
2000-07-04 16:35:15 +00:00
|
|
|
{
|
2015-10-03 12:09:12 +00:00
|
|
|
struct in6_ifaddr *ia = (struct in6_ifaddr *)dp->dad_ifa;
|
|
|
|
struct ifnet *ifp = dp->dad_ifa->ifa_ifp;
|
2015-03-02 17:30:26 +00:00
|
|
|
int i;
|
2000-07-04 16:35:15 +00:00
|
|
|
|
|
|
|
dp->dad_ns_tcount++;
|
|
|
|
if ((ifp->if_flags & IFF_UP) == 0) {
|
|
|
|
return;
|
|
|
|
}
|
2005-08-09 10:20:02 +00:00
|
|
|
if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
|
2000-07-04 16:35:15 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
dp->dad_ns_ocount++;
|
2015-03-02 17:30:26 +00:00
|
|
|
if (V_dad_enhanced != 0) {
|
|
|
|
for (i = 0; i < ND_OPT_NONCE_LEN32; i++)
|
|
|
|
dp->dad_nonce[i] = arc4random();
|
|
|
|
/*
|
|
|
|
* XXXHRS: Note that in the case that
|
|
|
|
* DupAddrDetectTransmits > 1, multiple NS messages with
|
|
|
|
* different nonces can be looped back in an unexpected
|
|
|
|
* order. The current implementation recognizes only
|
|
|
|
* the latest nonce on the sender side. Practically it
|
|
|
|
* should work well in almost all cases.
|
|
|
|
*/
|
2015-03-03 04:28:19 +00:00
|
|
|
}
|
2015-09-05 14:14:03 +00:00
|
|
|
nd6_ns_output(ifp, NULL, NULL, &ia->ia_addr.sin6_addr,
|
2015-03-03 04:28:19 +00:00
|
|
|
(uint8_t *)&dp->dad_nonce[0]);
|
2000-07-04 16:35:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2015-03-02 17:30:26 +00:00
|
|
|
nd6_dad_ns_input(struct ifaddr *ifa, struct nd_opt_nonce *ndopt_nonce)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct dadq *dp;
|
|
|
|
|
2005-10-19 10:09:19 +00:00
|
|
|
if (ifa == NULL)
|
1999-11-22 02:45:11 +00:00
|
|
|
panic("ifa == NULL in nd6_dad_ns_input");
|
|
|
|
|
2015-03-02 17:30:26 +00:00
|
|
|
/* Ignore Nonce option when Enhanced DAD is disabled. */
|
|
|
|
if (V_dad_enhanced == 0)
|
|
|
|
ndopt_nonce = NULL;
|
|
|
|
dp = nd6_dad_find(ifa, ndopt_nonce);
|
2014-12-08 04:44:40 +00:00
|
|
|
if (dp == NULL)
|
|
|
|
return;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2014-12-08 04:44:40 +00:00
|
|
|
dp->dad_ns_icount++;
|
|
|
|
nd6_dad_rele(dp);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
static void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_na_input(struct ifaddr *ifa)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct dadq *dp;
|
|
|
|
|
2005-10-19 10:09:19 +00:00
|
|
|
if (ifa == NULL)
|
1999-11-22 02:45:11 +00:00
|
|
|
panic("ifa == NULL in nd6_dad_na_input");
|
|
|
|
|
2015-03-02 17:30:26 +00:00
|
|
|
dp = nd6_dad_find(ifa, NULL);
|
2014-12-08 04:44:40 +00:00
|
|
|
if (dp != NULL) {
|
1999-11-22 02:45:11 +00:00
|
|
|
dp->dad_na_icount++;
|
2014-12-08 04:44:40 +00:00
|
|
|
nd6_dad_rele(dp);
|
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|