2005-01-07 02:30:35 +00:00
|
|
|
/*-
|
1999-11-22 02:45:11 +00:00
|
|
|
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
2007-12-10 16:03:40 +00:00
|
|
|
*
|
|
|
|
* $KAME: nd6_nbr.c,v 1.86 2002/01/21 02:33:04 jinmei Exp $
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
|
2007-12-10 16:03:40 +00:00
|
|
|
#include <sys/cdefs.h>
|
|
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
#include "opt_inet.h"
|
|
|
|
#include "opt_inet6.h"
|
2005-02-22 13:04:05 +00:00
|
|
|
#include "opt_ipsec.h"
|
This patch provides the back end support for equal-cost multi-path
(ECMP) for both IPv4 and IPv6. Previously, multipath route insertion
is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1
route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of
"add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat
output:
default 10.2.5.1 UGS 0 3074 bge0 =>
default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires
a specific gateway to be specified or else an error message would
be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process"
"delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single
route for a particular destination.
I need to perform more testings on address aliases and multiple
interfaces that have the same IP prefixes. This patch as it
stands today is not yet ready for prime time. Therefore, the ECMP
code fragments are fully guarded by the RADIX_MPATH macro.
Include the "options RADIX_MPATH" in the kernel configuration
to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
2008-04-13 05:45:14 +00:00
|
|
|
#include "opt_mpath.h"
|
1999-12-22 19:13:38 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/systm.h>
|
|
|
|
#include <sys/malloc.h>
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
#include <sys/lock.h>
|
|
|
|
#include <sys/rwlock.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <sys/mbuf.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/sockio.h>
|
|
|
|
#include <sys/time.h>
|
|
|
|
#include <sys/kernel.h>
|
|
|
|
#include <sys/errno.h>
|
|
|
|
#include <sys/syslog.h>
|
|
|
|
#include <sys/queue.h>
|
2001-06-11 12:39:29 +00:00
|
|
|
#include <sys/callout.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
#include <net/if.h>
|
|
|
|
#include <net/if_types.h>
|
|
|
|
#include <net/if_dl.h>
|
2005-06-12 00:45:24 +00:00
|
|
|
#include <net/if_var.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <net/route.h>
|
This patch provides the back end support for equal-cost multi-path
(ECMP) for both IPv4 and IPv6. Previously, multipath route insertion
is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1
route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of
"add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat
output:
default 10.2.5.1 UGS 0 3074 bge0 =>
default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires
a specific gateway to be specified or else an error message would
be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process"
"delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single
route for a particular destination.
I need to perform more testings on address aliases and multiple
interfaces that have the same IP prefixes. This patch as it
stands today is not yet ready for prime time. Therefore, the ECMP
code fragments are fully guarded by the RADIX_MPATH macro.
Include the "options RADIX_MPATH" in the kernel configuration
to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
2008-04-13 05:45:14 +00:00
|
|
|
#ifdef RADIX_MPATH
|
|
|
|
#include <net/radix_mpath.h>
|
|
|
|
#endif
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <netinet/in_var.h>
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
#include <net/if_llatbl.h>
|
|
|
|
#define L3_ADDR_SIN6(le) ((struct sockaddr_in6 *) L3_ADDR(le))
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <netinet6/in6_var.h>
|
2005-10-19 16:43:57 +00:00
|
|
|
#include <netinet6/in6_ifattach.h>
|
2000-07-04 16:35:15 +00:00
|
|
|
#include <netinet/ip6.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <netinet6/ip6_var.h>
|
2005-07-25 12:31:43 +00:00
|
|
|
#include <netinet6/scope6_var.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <netinet6/nd6.h>
|
2000-07-04 16:35:15 +00:00
|
|
|
#include <netinet/icmp6.h>
|
2010-08-11 20:18:19 +00:00
|
|
|
#include <netinet/ip_carp.h>
|
2010-08-19 11:31:03 +00:00
|
|
|
#include <netinet6/send.h>
|
2000-07-04 16:35:15 +00:00
|
|
|
|
|
|
|
#define SDL(s) ((struct sockaddr_dl *)s)
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
struct dadq;
|
2008-01-08 19:08:58 +00:00
|
|
|
static struct dadq *nd6_dad_find(struct ifaddr *);
|
|
|
|
static void nd6_dad_starttimer(struct dadq *, int);
|
|
|
|
static void nd6_dad_stoptimer(struct dadq *);
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
static void nd6_dad_timer(struct dadq *);
|
2008-01-08 19:08:58 +00:00
|
|
|
static void nd6_dad_ns_output(struct dadq *, struct ifaddr *);
|
|
|
|
static void nd6_dad_ns_input(struct ifaddr *);
|
|
|
|
static void nd6_dad_na_input(struct ifaddr *);
|
2012-02-17 02:39:58 +00:00
|
|
|
static void nd6_na_output_fib(struct ifnet *, const struct in6_addr *,
|
|
|
|
const struct in6_addr *, u_long, int, struct sockaddr *, u_int);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2010-04-29 11:52:42 +00:00
|
|
|
VNET_DEFINE(int, dad_ignore_ns) = 0; /* ignore NS in DAD - specwise incorrect*/
|
|
|
|
VNET_DEFINE(int, dad_maxtry) = 15; /* max # of *tries* to transmit DAD packet */
|
2009-07-16 21:13:04 +00:00
|
|
|
#define V_dad_ignore_ns VNET(dad_ignore_ns)
|
|
|
|
#define V_dad_maxtry VNET(dad_maxtry)
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
2002-12-30 21:18:15 +00:00
|
|
|
* Input a Neighbor Solicitation Message.
|
1999-11-22 02:45:11 +00:00
|
|
|
*
|
|
|
|
* Based on RFC 2461
|
2005-08-12 15:27:25 +00:00
|
|
|
* Based on RFC 2462 (duplicate address detection)
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_ns_input(struct mbuf *m, int off, int icmp6len)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct ifnet *ifp = m->m_pkthdr.rcvif;
|
|
|
|
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
|
2000-07-04 16:35:15 +00:00
|
|
|
struct nd_neighbor_solicit *nd_ns;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct in6_addr saddr6 = ip6->ip6_src;
|
|
|
|
struct in6_addr daddr6 = ip6->ip6_dst;
|
2000-07-04 16:35:15 +00:00
|
|
|
struct in6_addr taddr6;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct in6_addr myaddr6;
|
|
|
|
char *lladdr = NULL;
|
2005-02-22 13:04:05 +00:00
|
|
|
struct ifaddr *ifa = NULL;
|
1999-11-22 02:45:11 +00:00
|
|
|
int lladdrlen = 0;
|
|
|
|
int anycast = 0, proxy = 0, tentative = 0;
|
|
|
|
int tlladdr;
|
- Accept Router Advertisement messages even when net.inet6.ip6.forwarding=1.
- A new per-interface knob IFF_ND6_NO_RADR and sysctl IPV6CTL_NO_RADR.
This controls if accepting a route in an RA message as the default route.
The default value for each interface can be set by net.inet6.ip6.no_radr.
The system wide default value is 0.
- A new sysctl: net.inet6.ip6.norbit_raif. This controls if setting R-bit in
NA on RA accepting interfaces. The default is 0 (R-bit is set based on
net.inet6.ip6.forwarding).
Background:
IPv6 host/router model suggests a router sends an RA and a host accepts it for
router discovery. Because of that, KAME implementation does not allow
accepting RAs when net.inet6.ip6.forwarding=1. Accepting RAs on a router can
make the routing table confused since it can change the default router
unintentionally.
However, in practice there are cases where we cannot distinguish a host from
a router clearly. For example, a customer edge router often works as a host
against the ISP, and as a router against the LAN at the same time. Another
example is a complex network configurations like an L2TP tunnel for IPv6
connection to Internet over an Ethernet link with another native IPv6 subnet.
In this case, the physical interface for the native IPv6 subnet works as a
host, and the pseudo-interface for L2TP works as the default IP forwarding
route.
Problem:
Disabling processing RA messages when net.inet6.ip6.forwarding=1 and
accepting them when net.inet6.ip6.forward=0 cause the following practical
issues:
- A router cannot perform SLAAC. It becomes a problem if a box has
multiple interfaces and you want to use SLAAC on some of them, for
example. A customer edge router for IPv6 Internet access service
using an IPv6-over-IPv6 tunnel sometimes needs SLAAC on the
physical interface for administration purpose; updating firmware
and so on (link-local addresses can be used there, but GUAs by
SLAAC are often used for scalability).
- When a host has multiple IPv6 interfaces and it receives multiple RAs on
them, controlling the default route is difficult. Router preferences
defined in RFC 4191 works only when the routers on the links are
under your control.
Details of Implementation Changes:
Router Advertisement messages will be accepted even when
net.inet6.ip6.forwarding=1. More precisely, the conditions are as
follow:
(ACCEPT_RTADV && !NO_RADR && !ip6.forwarding)
=> Normal RA processing on that interface. (as IPv6 host)
(ACCEPT_RTADV && (NO_RADR || ip6.forwarding))
=> Accept RA but add the router to the defroute list with
rtlifetime=0 unconditionally. This effectively prevents
from setting the received router address as the box's
default route.
(!ACCEPT_RTADV)
=> No RA processing on that interface.
ACCEPT_RTADV and NO_RADR are per-interface knob. In short, all interface
are classified as "RA-accepting" or not. An RA-accepting interface always
processes RA messages regardless of ip6.forwarding. The difference caused by
NO_RADR or ip6.forwarding is whether the RA source address is considered as
the default router or not.
R-bit in NA on the RA accepting interfaces is set based on
net.inet6.ip6.forwarding. While RFC 6204 W-1 rule (for CPE case) suggests
a router should disable the R-bit completely even when the box has
net.inet6.ip6.forwarding=1, I believe there is no technical reason with
doing so. This behavior can be set by a new sysctl net.inet6.ip6.norbit_raif
(the default is 0).
Usage:
# ifconfig fxp0 inet6 accept_rtadv
=> accept RA on fxp0
# ifconfig fxp0 inet6 accept_rtadv no_radr
=> accept RA on fxp0 but ignore default route information in it.
# sysctl net.inet6.ip6.norbit_no_radr=1
=> R-bit in NAs on RA accepting interfaces will always be set to 0.
2011-06-06 02:14:23 +00:00
|
|
|
int rflag;
|
1999-11-22 02:45:11 +00:00
|
|
|
union nd_opts ndopts;
|
2011-03-12 09:41:25 +00:00
|
|
|
struct sockaddr_dl proxydl;
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
|
1999-11-22 02:45:11 +00:00
|
|
|
|
- Accept Router Advertisement messages even when net.inet6.ip6.forwarding=1.
- A new per-interface knob IFF_ND6_NO_RADR and sysctl IPV6CTL_NO_RADR.
This controls if accepting a route in an RA message as the default route.
The default value for each interface can be set by net.inet6.ip6.no_radr.
The system wide default value is 0.
- A new sysctl: net.inet6.ip6.norbit_raif. This controls if setting R-bit in
NA on RA accepting interfaces. The default is 0 (R-bit is set based on
net.inet6.ip6.forwarding).
Background:
IPv6 host/router model suggests a router sends an RA and a host accepts it for
router discovery. Because of that, KAME implementation does not allow
accepting RAs when net.inet6.ip6.forwarding=1. Accepting RAs on a router can
make the routing table confused since it can change the default router
unintentionally.
However, in practice there are cases where we cannot distinguish a host from
a router clearly. For example, a customer edge router often works as a host
against the ISP, and as a router against the LAN at the same time. Another
example is a complex network configurations like an L2TP tunnel for IPv6
connection to Internet over an Ethernet link with another native IPv6 subnet.
In this case, the physical interface for the native IPv6 subnet works as a
host, and the pseudo-interface for L2TP works as the default IP forwarding
route.
Problem:
Disabling processing RA messages when net.inet6.ip6.forwarding=1 and
accepting them when net.inet6.ip6.forward=0 cause the following practical
issues:
- A router cannot perform SLAAC. It becomes a problem if a box has
multiple interfaces and you want to use SLAAC on some of them, for
example. A customer edge router for IPv6 Internet access service
using an IPv6-over-IPv6 tunnel sometimes needs SLAAC on the
physical interface for administration purpose; updating firmware
and so on (link-local addresses can be used there, but GUAs by
SLAAC are often used for scalability).
- When a host has multiple IPv6 interfaces and it receives multiple RAs on
them, controlling the default route is difficult. Router preferences
defined in RFC 4191 works only when the routers on the links are
under your control.
Details of Implementation Changes:
Router Advertisement messages will be accepted even when
net.inet6.ip6.forwarding=1. More precisely, the conditions are as
follow:
(ACCEPT_RTADV && !NO_RADR && !ip6.forwarding)
=> Normal RA processing on that interface. (as IPv6 host)
(ACCEPT_RTADV && (NO_RADR || ip6.forwarding))
=> Accept RA but add the router to the defroute list with
rtlifetime=0 unconditionally. This effectively prevents
from setting the received router address as the box's
default route.
(!ACCEPT_RTADV)
=> No RA processing on that interface.
ACCEPT_RTADV and NO_RADR are per-interface knob. In short, all interface
are classified as "RA-accepting" or not. An RA-accepting interface always
processes RA messages regardless of ip6.forwarding. The difference caused by
NO_RADR or ip6.forwarding is whether the RA source address is considered as
the default router or not.
R-bit in NA on the RA accepting interfaces is set based on
net.inet6.ip6.forwarding. While RFC 6204 W-1 rule (for CPE case) suggests
a router should disable the R-bit completely even when the box has
net.inet6.ip6.forwarding=1, I believe there is no technical reason with
doing so. This behavior can be set by a new sysctl net.inet6.ip6.norbit_raif
(the default is 0).
Usage:
# ifconfig fxp0 inet6 accept_rtadv
=> accept RA on fxp0
# ifconfig fxp0 inet6 accept_rtadv no_radr
=> accept RA on fxp0 but ignore default route information in it.
# sysctl net.inet6.ip6.norbit_no_radr=1
=> R-bit in NAs on RA accepting interfaces will always be set to 0.
2011-06-06 02:14:23 +00:00
|
|
|
rflag = (V_ip6_forwarding) ? ND_NA_FLAG_ROUTER : 0;
|
|
|
|
if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && V_ip6_norbit_raif)
|
|
|
|
rflag = 0;
|
2001-06-11 12:39:29 +00:00
|
|
|
#ifndef PULLDOWN_TEST
|
|
|
|
IP6_EXTHDR_CHECK(m, off, icmp6len,);
|
|
|
|
nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off);
|
|
|
|
#else
|
|
|
|
IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len);
|
|
|
|
if (nd_ns == NULL) {
|
2009-04-12 13:22:33 +00:00
|
|
|
ICMP6STAT_INC(icp6s_tooshort);
|
2001-06-11 12:39:29 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *); /* adjust pointer for safety */
|
|
|
|
taddr6 = nd_ns->nd_ns_target;
|
2005-07-25 12:31:43 +00:00
|
|
|
if (in6_setscope(&taddr6, ifp, NULL) != 0)
|
|
|
|
goto bad;
|
2001-06-11 12:39:29 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
if (ip6->ip6_hlim != 255) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_ERR,
|
|
|
|
"nd6_ns_input: invalid hlim (%d) from %s to %s on %s\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
|
|
|
|
ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
|
2005-08-12 15:27:25 +00:00
|
|
|
/* dst has to be a solicited node multicast address. */
|
2003-10-09 16:13:47 +00:00
|
|
|
if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL &&
|
2002-04-19 04:46:24 +00:00
|
|
|
/* don't check ifindex portion */
|
2003-10-09 16:13:47 +00:00
|
|
|
daddr6.s6_addr32[1] == 0 &&
|
|
|
|
daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE &&
|
|
|
|
daddr6.s6_addr8[12] == 0xff) {
|
2002-04-19 04:46:24 +00:00
|
|
|
; /* good */
|
1999-11-22 02:45:11 +00:00
|
|
|
} else {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet "
|
2003-10-09 16:13:47 +00:00
|
|
|
"(wrong ip6 dst)\n"));
|
1999-11-22 02:45:11 +00:00
|
|
|
goto bad;
|
|
|
|
}
|
2008-11-26 22:32:07 +00:00
|
|
|
} else if (!V_nd6_onlink_ns_rfc4861) {
|
2008-10-02 00:32:59 +00:00
|
|
|
struct sockaddr_in6 src_sa6;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* According to recent IETF discussions, it is not a good idea
|
|
|
|
* to accept a NS from an address which would not be deemed
|
|
|
|
* to be a neighbor otherwise. This point is expected to be
|
|
|
|
* clarified in future revisions of the specification.
|
|
|
|
*/
|
|
|
|
bzero(&src_sa6, sizeof(src_sa6));
|
|
|
|
src_sa6.sin6_family = AF_INET6;
|
|
|
|
src_sa6.sin6_len = sizeof(src_sa6);
|
|
|
|
src_sa6.sin6_addr = saddr6;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
if (nd6_is_addr_neighbor(&src_sa6, ifp) == 0) {
|
2008-10-02 00:32:59 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_ns_input: "
|
|
|
|
"NS packet from non-neighbor\n"));
|
|
|
|
goto bad;
|
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n"));
|
1999-11-22 02:45:11 +00:00
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
icmp6len -= sizeof(*nd_ns);
|
|
|
|
nd6_option_init(nd_ns + 1, icmp6len, &ndopts);
|
|
|
|
if (nd6_options(&ndopts) < 0) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_INFO,
|
|
|
|
"nd6_ns_input: invalid ND option, ignored\n"));
|
|
|
|
/* nd6_options have incremented stats */
|
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (ndopts.nd_opts_src_lladdr) {
|
2002-04-19 04:46:24 +00:00
|
|
|
lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
|
1999-11-22 02:45:11 +00:00
|
|
|
lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
|
|
|
|
}
|
2003-10-09 16:13:47 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet "
|
|
|
|
"(link-layer address option)\n"));
|
1999-11-22 02:45:11 +00:00
|
|
|
goto bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Attaching target link-layer address to the NA?
|
|
|
|
* (RFC 2461 7.2.4)
|
|
|
|
*
|
|
|
|
* NS IP dst is unicast/anycast MUST NOT add
|
|
|
|
* NS IP dst is solicited-node multicast MUST add
|
|
|
|
*
|
|
|
|
* In implementation, we add target link-layer address by default.
|
|
|
|
* We do not add one in MUST NOT cases.
|
|
|
|
*/
|
|
|
|
if (!IN6_IS_ADDR_MULTICAST(&daddr6))
|
|
|
|
tlladdr = 0;
|
|
|
|
else
|
|
|
|
tlladdr = 1;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Target address (taddr6) must be either:
|
|
|
|
* (1) Valid unicast/anycast address for my receiving interface,
|
|
|
|
* (2) Unicast address for which I'm offering proxy service, or
|
|
|
|
* (3) "tentative" address on which DAD is being performed.
|
|
|
|
*/
|
|
|
|
/* (1) and (3) check. */
|
2005-02-22 13:04:05 +00:00
|
|
|
if (ifp->if_carp)
|
2010-08-11 00:51:50 +00:00
|
|
|
ifa = (*carp_iamatch6_p)(ifp, &taddr6);
|
A major overhaul of the CARP implementation. The ip_carp.c was started
from scratch, copying needed functionality from the old implemenation
on demand, with a thorough review of all code. The main change is that
interface layer has been removed from the CARP. Now redundant addresses
are configured exactly on the interfaces, they run on.
The CARP configuration itself is, as before, configured and read via
SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or
SIOCAIFADDR_IN6 may now be configured to a particular virtual host id,
which makes the prefix redundant.
ifconfig(8) semantics has been changed too: now one doesn't need
to clone carpXX interface, he/she should directly configure a vhid
on a Ethernet interface.
To supply vhid data from the kernel to an application the getifaddrs(8)
function had been changed to pass ifam_data with each address. [1]
The new implementation definitely closes all PRs related to carp(4)
being an interface, and may close several others. It also allows
to run a single redundant IP per interface.
Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for
idea on using ifam_data and for several rounds of reviewing!
PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448
Reviewed by: bz
Submitted by: bz [1]
2011-12-16 12:16:56 +00:00
|
|
|
else
|
2005-02-22 13:04:05 +00:00
|
|
|
ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/* (2) check. */
|
2005-10-19 10:09:19 +00:00
|
|
|
if (ifa == NULL) {
|
1999-11-22 02:45:11 +00:00
|
|
|
struct rtentry *rt;
|
|
|
|
struct sockaddr_in6 tsin6;
|
2003-10-30 22:56:13 +00:00
|
|
|
int need_proxy;
|
This patch provides the back end support for equal-cost multi-path
(ECMP) for both IPv4 and IPv6. Previously, multipath route insertion
is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1
route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of
"add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat
output:
default 10.2.5.1 UGS 0 3074 bge0 =>
default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires
a specific gateway to be specified or else an error message would
be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process"
"delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single
route for a particular destination.
I need to perform more testings on address aliases and multiple
interfaces that have the same IP prefixes. This patch as it
stands today is not yet ready for prime time. Therefore, the ECMP
code fragments are fully guarded by the RADIX_MPATH macro.
Include the "options RADIX_MPATH" in the kernel configuration
to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
2008-04-13 05:45:14 +00:00
|
|
|
#ifdef RADIX_MPATH
|
|
|
|
struct route_in6 ro;
|
|
|
|
#endif
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2007-07-05 16:29:40 +00:00
|
|
|
bzero(&tsin6, sizeof tsin6);
|
1999-11-22 02:45:11 +00:00
|
|
|
tsin6.sin6_len = sizeof(struct sockaddr_in6);
|
|
|
|
tsin6.sin6_family = AF_INET6;
|
|
|
|
tsin6.sin6_addr = taddr6;
|
|
|
|
|
2012-02-17 02:39:58 +00:00
|
|
|
/* Always use the default FIB. */
|
This patch provides the back end support for equal-cost multi-path
(ECMP) for both IPv4 and IPv6. Previously, multipath route insertion
is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1
route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of
"add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat
output:
default 10.2.5.1 UGS 0 3074 bge0 =>
default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires
a specific gateway to be specified or else an error message would
be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process"
"delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single
route for a particular destination.
I need to perform more testings on address aliases and multiple
interfaces that have the same IP prefixes. This patch as it
stands today is not yet ready for prime time. Therefore, the ECMP
code fragments are fully guarded by the RADIX_MPATH macro.
Include the "options RADIX_MPATH" in the kernel configuration
to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
2008-04-13 05:45:14 +00:00
|
|
|
#ifdef RADIX_MPATH
|
|
|
|
bzero(&ro, sizeof(ro));
|
|
|
|
ro.ro_dst = tsin6;
|
2012-02-17 02:39:58 +00:00
|
|
|
rtalloc_mpath_fib((struct route *)&ro, RTF_ANNOUNCE,
|
|
|
|
RT_DEFAULT_FIB);
|
This patch provides the back end support for equal-cost multi-path
(ECMP) for both IPv4 and IPv6. Previously, multipath route insertion
is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1
route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of
"add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat
output:
default 10.2.5.1 UGS 0 3074 bge0 =>
default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires
a specific gateway to be specified or else an error message would
be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process"
"delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single
route for a particular destination.
I need to perform more testings on address aliases and multiple
interfaces that have the same IP prefixes. This patch as it
stands today is not yet ready for prime time. Therefore, the ECMP
code fragments are fully guarded by the RADIX_MPATH macro.
Include the "options RADIX_MPATH" in the kernel configuration
to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
2008-04-13 05:45:14 +00:00
|
|
|
rt = ro.ro_rt;
|
|
|
|
#else
|
2012-02-17 02:39:58 +00:00
|
|
|
rt = in6_rtalloc1((struct sockaddr *)&tsin6, 0, 0,
|
|
|
|
RT_DEFAULT_FIB);
|
This patch provides the back end support for equal-cost multi-path
(ECMP) for both IPv4 and IPv6. Previously, multipath route insertion
is disallowed. For example,
route add -net 192.103.54.0/24 10.9.44.1
route add -net 192.103.54.0/24 10.9.44.2
The second route insertion will trigger an error message of
"add net 192.103.54.0/24: gateway 10.2.5.2: route already in table"
Multiple default routes can also be inserted. Here is the netstat
output:
default 10.2.5.1 UGS 0 3074 bge0 =>
default 10.2.5.2 UGS 0 0 bge0
When multipath routes exist, the "route delete" command requires
a specific gateway to be specified or else an error message would
be displayed. For example,
route delete default
would fail and trigger the following error message:
"route: writing to routing socket: No such process"
"delete net default: not in table"
On the other hand,
route delete default 10.2.5.2
would be successful: "delete net default: gateway 10.2.5.2"
One does not have to specify a gateway if there is only a single
route for a particular destination.
I need to perform more testings on address aliases and multiple
interfaces that have the same IP prefixes. This patch as it
stands today is not yet ready for prime time. Therefore, the ECMP
code fragments are fully guarded by the RADIX_MPATH macro.
Include the "options RADIX_MPATH" in the kernel configuration
to enable this feature.
Reviewed by: robert, sam, gnn, julian, kmacy
2008-04-13 05:45:14 +00:00
|
|
|
#endif
|
2003-10-30 22:56:13 +00:00
|
|
|
need_proxy = (rt && (rt->rt_flags & RTF_ANNOUNCE) != 0 &&
|
|
|
|
rt->rt_gateway->sa_family == AF_LINK);
|
2011-03-12 09:41:25 +00:00
|
|
|
if (rt != NULL) {
|
|
|
|
/*
|
|
|
|
* Make a copy while we can be sure that rt_gateway
|
|
|
|
* is still stable before unlocking to avoid lock
|
|
|
|
* order problems. proxydl will only be used if
|
|
|
|
* proxy will be set in the next block.
|
|
|
|
*/
|
|
|
|
if (need_proxy)
|
|
|
|
proxydl = *SDL(rt->rt_gateway);
|
2009-01-31 10:48:02 +00:00
|
|
|
RTFREE_LOCKED(rt);
|
2011-03-12 09:41:25 +00:00
|
|
|
}
|
2003-10-30 22:56:13 +00:00
|
|
|
if (need_proxy) {
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
2000-07-04 16:35:15 +00:00
|
|
|
* proxy NDP for single entry
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2000-07-04 16:35:15 +00:00
|
|
|
ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp,
|
|
|
|
IN6_IFF_NOTREADY|IN6_IFF_ANYCAST);
|
2011-03-12 09:41:25 +00:00
|
|
|
if (ifa)
|
1999-11-22 02:45:11 +00:00
|
|
|
proxy = 1;
|
|
|
|
}
|
|
|
|
}
|
2005-10-19 17:18:49 +00:00
|
|
|
if (ifa == NULL) {
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
2001-06-11 12:39:29 +00:00
|
|
|
* We've got an NS packet, and we don't have that adddress
|
1999-11-22 02:45:11 +00:00
|
|
|
* assigned for us. We MUST silently ignore it.
|
|
|
|
* See RFC2461 7.2.3.
|
|
|
|
*/
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
myaddr6 = *IFA_IN6(ifa);
|
|
|
|
anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST;
|
|
|
|
tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE;
|
|
|
|
if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED)
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
|
2003-10-09 16:13:47 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_ns_input: lladdrlen mismatch for %s "
|
1999-11-22 02:45:11 +00:00
|
|
|
"(if %d, NS packet %d)\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6bufs, &taddr6),
|
2003-10-09 16:13:47 +00:00
|
|
|
ifp->if_addrlen, lladdrlen - 2));
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) {
|
2003-10-09 16:13:47 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_ns_input: duplicate IP6 address %s\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6bufs, &saddr6)));
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We have neighbor solicitation packet, with target address equals to
|
|
|
|
* one of my tentative address.
|
|
|
|
*
|
|
|
|
* src addr how to process?
|
|
|
|
* --- ---
|
|
|
|
* multicast of course, invalid (rejected in ip6_input)
|
|
|
|
* unicast somebody is doing address resolution -> ignore
|
|
|
|
* unspec dup address detection
|
|
|
|
*
|
|
|
|
* The processing is defined in RFC 2462.
|
|
|
|
*/
|
|
|
|
if (tentative) {
|
|
|
|
/*
|
|
|
|
* If source address is unspecified address, it is for
|
2005-08-12 15:27:25 +00:00
|
|
|
* duplicate address detection.
|
1999-11-22 02:45:11 +00:00
|
|
|
*
|
|
|
|
* If not, the packet is for addess resolution;
|
|
|
|
* silently ignore it.
|
|
|
|
*/
|
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&saddr6))
|
|
|
|
nd6_dad_ns_input(ifa);
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the source address is unspecified address, entries must not
|
|
|
|
* be created or updated.
|
|
|
|
* It looks that sender is performing DAD. Output NA toward
|
|
|
|
* all-node multicast address, to tell the sender that I'm using
|
|
|
|
* the address.
|
|
|
|
* S bit ("solicited") must be zero.
|
|
|
|
*/
|
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
|
2005-07-25 12:31:43 +00:00
|
|
|
struct in6_addr in6_all;
|
|
|
|
|
|
|
|
in6_all = in6addr_linklocal_allnodes;
|
|
|
|
if (in6_setscope(&in6_all, ifp, NULL) != 0)
|
|
|
|
goto bad;
|
2012-02-17 02:39:58 +00:00
|
|
|
nd6_na_output_fib(ifp, &in6_all, &taddr6,
|
2003-10-09 16:13:47 +00:00
|
|
|
((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) |
|
2012-02-17 02:39:58 +00:00
|
|
|
rflag, tlladdr, proxy ? (struct sockaddr *)&proxydl : NULL,
|
|
|
|
M_GETFIB(m));
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2003-10-09 16:13:47 +00:00
|
|
|
nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen,
|
|
|
|
ND_NEIGHBOR_SOLICIT, 0);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2012-02-17 02:39:58 +00:00
|
|
|
nd6_na_output_fib(ifp, &saddr6, &taddr6,
|
2003-10-09 16:13:47 +00:00
|
|
|
((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) |
|
- Accept Router Advertisement messages even when net.inet6.ip6.forwarding=1.
- A new per-interface knob IFF_ND6_NO_RADR and sysctl IPV6CTL_NO_RADR.
This controls if accepting a route in an RA message as the default route.
The default value for each interface can be set by net.inet6.ip6.no_radr.
The system wide default value is 0.
- A new sysctl: net.inet6.ip6.norbit_raif. This controls if setting R-bit in
NA on RA accepting interfaces. The default is 0 (R-bit is set based on
net.inet6.ip6.forwarding).
Background:
IPv6 host/router model suggests a router sends an RA and a host accepts it for
router discovery. Because of that, KAME implementation does not allow
accepting RAs when net.inet6.ip6.forwarding=1. Accepting RAs on a router can
make the routing table confused since it can change the default router
unintentionally.
However, in practice there are cases where we cannot distinguish a host from
a router clearly. For example, a customer edge router often works as a host
against the ISP, and as a router against the LAN at the same time. Another
example is a complex network configurations like an L2TP tunnel for IPv6
connection to Internet over an Ethernet link with another native IPv6 subnet.
In this case, the physical interface for the native IPv6 subnet works as a
host, and the pseudo-interface for L2TP works as the default IP forwarding
route.
Problem:
Disabling processing RA messages when net.inet6.ip6.forwarding=1 and
accepting them when net.inet6.ip6.forward=0 cause the following practical
issues:
- A router cannot perform SLAAC. It becomes a problem if a box has
multiple interfaces and you want to use SLAAC on some of them, for
example. A customer edge router for IPv6 Internet access service
using an IPv6-over-IPv6 tunnel sometimes needs SLAAC on the
physical interface for administration purpose; updating firmware
and so on (link-local addresses can be used there, but GUAs by
SLAAC are often used for scalability).
- When a host has multiple IPv6 interfaces and it receives multiple RAs on
them, controlling the default route is difficult. Router preferences
defined in RFC 4191 works only when the routers on the links are
under your control.
Details of Implementation Changes:
Router Advertisement messages will be accepted even when
net.inet6.ip6.forwarding=1. More precisely, the conditions are as
follow:
(ACCEPT_RTADV && !NO_RADR && !ip6.forwarding)
=> Normal RA processing on that interface. (as IPv6 host)
(ACCEPT_RTADV && (NO_RADR || ip6.forwarding))
=> Accept RA but add the router to the defroute list with
rtlifetime=0 unconditionally. This effectively prevents
from setting the received router address as the box's
default route.
(!ACCEPT_RTADV)
=> No RA processing on that interface.
ACCEPT_RTADV and NO_RADR are per-interface knob. In short, all interface
are classified as "RA-accepting" or not. An RA-accepting interface always
processes RA messages regardless of ip6.forwarding. The difference caused by
NO_RADR or ip6.forwarding is whether the RA source address is considered as
the default router or not.
R-bit in NA on the RA accepting interfaces is set based on
net.inet6.ip6.forwarding. While RFC 6204 W-1 rule (for CPE case) suggests
a router should disable the R-bit completely even when the box has
net.inet6.ip6.forwarding=1, I believe there is no technical reason with
doing so. This behavior can be set by a new sysctl net.inet6.ip6.norbit_raif
(the default is 0).
Usage:
# ifconfig fxp0 inet6 accept_rtadv
=> accept RA on fxp0
# ifconfig fxp0 inet6 accept_rtadv no_radr
=> accept RA on fxp0 but ignore default route information in it.
# sysctl net.inet6.ip6.norbit_no_radr=1
=> R-bit in NAs on RA accepting interfaces will always be set to 0.
2011-06-06 02:14:23 +00:00
|
|
|
rflag | ND_NA_FLAG_SOLICITED, tlladdr,
|
2012-02-17 02:39:58 +00:00
|
|
|
proxy ? (struct sockaddr *)&proxydl : NULL, M_GETFIB(m));
|
2000-07-04 16:35:15 +00:00
|
|
|
freeit:
|
2009-06-23 20:19:09 +00:00
|
|
|
if (ifa != NULL)
|
|
|
|
ifa_free(ifa);
|
2000-07-04 16:35:15 +00:00
|
|
|
m_freem(m);
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
bad:
|
2006-12-12 12:17:58 +00:00
|
|
|
nd6log((LOG_ERR, "nd6_ns_input: src=%s\n",
|
|
|
|
ip6_sprintf(ip6bufs, &saddr6)));
|
|
|
|
nd6log((LOG_ERR, "nd6_ns_input: dst=%s\n",
|
|
|
|
ip6_sprintf(ip6bufs, &daddr6)));
|
|
|
|
nd6log((LOG_ERR, "nd6_ns_input: tgt=%s\n",
|
|
|
|
ip6_sprintf(ip6bufs, &taddr6)));
|
2009-04-12 13:22:33 +00:00
|
|
|
ICMP6STAT_INC(icp6s_badns);
|
2009-06-23 20:19:09 +00:00
|
|
|
if (ifa != NULL)
|
|
|
|
ifa_free(ifa);
|
2000-07-04 16:35:15 +00:00
|
|
|
m_freem(m);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2002-12-30 21:18:15 +00:00
|
|
|
* Output a Neighbor Solicitation Message. Caller specifies:
|
1999-11-22 02:45:11 +00:00
|
|
|
* - ICMP6 header source IP6 address
|
|
|
|
* - ND6 header target IP6 address
|
|
|
|
* - ND6 header source datalink address
|
|
|
|
*
|
|
|
|
* Based on RFC 2461
|
2005-08-12 15:27:25 +00:00
|
|
|
* Based on RFC 2462 (duplicate address detection)
|
2007-07-05 16:23:49 +00:00
|
|
|
*
|
|
|
|
* ln - for source address determination
|
|
|
|
* dad - duplicate address detection
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
void
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
nd6_ns_output(struct ifnet *ifp, const struct in6_addr *daddr6,
|
|
|
|
const struct in6_addr *taddr6, struct llentry *ln, int dad)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct mbuf *m;
|
2010-08-19 11:31:03 +00:00
|
|
|
struct m_tag *mtag;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ip6_hdr *ip6;
|
|
|
|
struct nd_neighbor_solicit *nd_ns;
|
|
|
|
struct ip6_moptions im6o;
|
|
|
|
int icmp6len;
|
2000-07-04 16:35:15 +00:00
|
|
|
int maxlen;
|
1999-11-22 02:45:11 +00:00
|
|
|
caddr_t mac;
|
2005-07-25 12:31:43 +00:00
|
|
|
struct route_in6 ro;
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
if (IN6_IS_ADDR_MULTICAST(taddr6))
|
|
|
|
return;
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
/* estimate the size of message */
|
|
|
|
maxlen = sizeof(*ip6) + sizeof(*nd_ns);
|
|
|
|
maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
|
|
|
|
if (max_linkhdr + maxlen >= MCLBYTES) {
|
|
|
|
#ifdef DIAGNOSTIC
|
|
|
|
printf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES "
|
|
|
|
"(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES);
|
|
|
|
#endif
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2012-12-05 08:04:20 +00:00
|
|
|
MGETHDR(m, M_NOWAIT, MT_DATA);
|
2000-07-04 16:35:15 +00:00
|
|
|
if (m && max_linkhdr + maxlen >= MHLEN) {
|
2012-12-05 08:04:20 +00:00
|
|
|
MCLGET(m, M_NOWAIT);
|
2000-07-04 16:35:15 +00:00
|
|
|
if ((m->m_flags & M_EXT) == 0) {
|
|
|
|
m_free(m);
|
|
|
|
m = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (m == NULL)
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
2001-06-11 12:39:29 +00:00
|
|
|
m->m_pkthdr.rcvif = NULL;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2010-11-20 12:27:40 +00:00
|
|
|
bzero(&ro, sizeof(ro));
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) {
|
|
|
|
m->m_flags |= M_MCAST;
|
|
|
|
im6o.im6o_multicast_ifp = ifp;
|
|
|
|
im6o.im6o_multicast_hlim = 255;
|
|
|
|
im6o.im6o_multicast_loop = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
icmp6len = sizeof(*nd_ns);
|
|
|
|
m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len;
|
2002-04-19 04:46:24 +00:00
|
|
|
m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/* fill neighbor solicitation packet */
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
ip6->ip6_flow = 0;
|
2000-07-04 16:35:15 +00:00
|
|
|
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
|
|
|
|
ip6->ip6_vfc |= IPV6_VERSION;
|
1999-11-22 02:45:11 +00:00
|
|
|
/* ip6->ip6_plen will be set later */
|
|
|
|
ip6->ip6_nxt = IPPROTO_ICMPV6;
|
|
|
|
ip6->ip6_hlim = 255;
|
|
|
|
if (daddr6)
|
|
|
|
ip6->ip6_dst = *daddr6;
|
|
|
|
else {
|
|
|
|
ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
|
2005-07-25 12:31:43 +00:00
|
|
|
ip6->ip6_dst.s6_addr16[1] = 0;
|
1999-11-22 02:45:11 +00:00
|
|
|
ip6->ip6_dst.s6_addr32[1] = 0;
|
|
|
|
ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE;
|
|
|
|
ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3];
|
|
|
|
ip6->ip6_dst.s6_addr8[12] = 0xff;
|
2005-07-25 12:31:43 +00:00
|
|
|
if (in6_setscope(&ip6->ip6_dst, ifp, NULL) != 0)
|
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
if (!dad) {
|
2009-06-23 20:19:09 +00:00
|
|
|
struct ifaddr *ifa;
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
* RFC2461 7.2.2:
|
|
|
|
* "If the source address of the packet prompting the
|
|
|
|
* solicitation is the same as one of the addresses assigned
|
|
|
|
* to the outgoing interface, that address SHOULD be placed
|
|
|
|
* in the IP Source Address of the outgoing solicitation.
|
|
|
|
* Otherwise, any one of the addresses assigned to the
|
|
|
|
* interface should be used."
|
|
|
|
*
|
|
|
|
* We use the source address for the prompting packet
|
|
|
|
* (saddr6), if:
|
|
|
|
* - saddr6 is given from the caller (by giving "ln"), and
|
|
|
|
* - saddr6 belongs to the outgoing interface.
|
2005-07-25 12:31:43 +00:00
|
|
|
* Otherwise, we perform the source address selection as usual.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2010-11-29 00:04:08 +00:00
|
|
|
struct in6_addr *hsrc;
|
|
|
|
|
|
|
|
hsrc = NULL;
|
|
|
|
if (ln != NULL) {
|
|
|
|
LLE_RLOCK(ln);
|
|
|
|
if (ln->la_hold != NULL) {
|
|
|
|
struct ip6_hdr *hip6; /* hold ip6 */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* assuming every packet in la_hold has the same IP
|
|
|
|
* header
|
|
|
|
*/
|
|
|
|
hip6 = mtod(ln->la_hold, struct ip6_hdr *);
|
|
|
|
/* XXX pullup? */
|
|
|
|
if (sizeof(*hip6) < ln->la_hold->m_len) {
|
|
|
|
ip6->ip6_src = hip6->ip6_src;
|
|
|
|
hsrc = &hip6->ip6_src;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
LLE_RUNLOCK(ln);
|
2005-07-25 12:31:43 +00:00
|
|
|
}
|
2009-06-23 20:19:09 +00:00
|
|
|
if (hsrc && (ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp,
|
|
|
|
hsrc)) != NULL) {
|
2010-11-29 00:04:08 +00:00
|
|
|
/* ip6_src set already. */
|
2009-06-23 20:19:09 +00:00
|
|
|
ifa_free(ifa);
|
|
|
|
} else {
|
2005-07-25 12:31:43 +00:00
|
|
|
int error;
|
|
|
|
struct sockaddr_in6 dst_sa;
|
2010-11-29 00:04:08 +00:00
|
|
|
struct in6_addr src_in;
|
2012-02-17 02:39:58 +00:00
|
|
|
struct ifnet *oifp;
|
2005-07-25 12:31:43 +00:00
|
|
|
|
|
|
|
bzero(&dst_sa, sizeof(dst_sa));
|
|
|
|
dst_sa.sin6_family = AF_INET6;
|
|
|
|
dst_sa.sin6_len = sizeof(dst_sa);
|
|
|
|
dst_sa.sin6_addr = ip6->ip6_dst;
|
|
|
|
|
2012-02-17 02:39:58 +00:00
|
|
|
oifp = ifp;
|
2009-06-23 22:08:55 +00:00
|
|
|
error = in6_selectsrc(&dst_sa, NULL,
|
2012-02-17 02:39:58 +00:00
|
|
|
NULL, &ro, NULL, &oifp, &src_in);
|
2009-06-23 22:08:55 +00:00
|
|
|
if (error) {
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
2005-07-25 12:31:43 +00:00
|
|
|
nd6log((LOG_DEBUG,
|
|
|
|
"nd6_ns_output: source can't be "
|
|
|
|
"determined: dst=%s, error=%d\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6buf, &dst_sa.sin6_addr),
|
|
|
|
error));
|
2005-07-25 12:31:43 +00:00
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2010-11-29 00:04:08 +00:00
|
|
|
ip6->ip6_src = src_in;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Source address for DAD packet must always be IPv6
|
|
|
|
* unspecified address. (0::0)
|
2005-07-25 12:31:43 +00:00
|
|
|
* We actually don't have to 0-clear the address (we did it
|
|
|
|
* above), but we do so here explicitly to make the intention
|
|
|
|
* clearer.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2010-11-29 00:04:08 +00:00
|
|
|
bzero(&ip6->ip6_src, sizeof(ip6->ip6_src));
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1);
|
|
|
|
nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT;
|
|
|
|
nd_ns->nd_ns_code = 0;
|
|
|
|
nd_ns->nd_ns_reserved = 0;
|
|
|
|
nd_ns->nd_ns_target = *taddr6;
|
2003-10-21 20:05:32 +00:00
|
|
|
in6_clearscope(&nd_ns->nd_ns_target); /* XXX */
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Add source link-layer address option.
|
|
|
|
*
|
|
|
|
* spec implementation
|
|
|
|
* --- ---
|
|
|
|
* DAD packet MUST NOT do not add the option
|
|
|
|
* there's no link layer address:
|
|
|
|
* impossible do not add the option
|
|
|
|
* there's link layer address:
|
|
|
|
* Multicast NS MUST add one add the option
|
|
|
|
* Unicast NS SHOULD add one add the option
|
|
|
|
*/
|
|
|
|
if (!dad && (mac = nd6_ifptomac(ifp))) {
|
|
|
|
int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
|
|
|
|
struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1);
|
|
|
|
/* 8 byte alignments... */
|
|
|
|
optlen = (optlen + 7) & ~7;
|
2003-10-09 16:13:47 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
m->m_pkthdr.len += optlen;
|
|
|
|
m->m_len += optlen;
|
|
|
|
icmp6len += optlen;
|
|
|
|
bzero((caddr_t)nd_opt, optlen);
|
|
|
|
nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR;
|
|
|
|
nd_opt->nd_opt_len = optlen >> 3;
|
|
|
|
bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen);
|
|
|
|
}
|
|
|
|
|
|
|
|
ip6->ip6_plen = htons((u_short)icmp6len);
|
|
|
|
nd_ns->nd_ns_cksum = 0;
|
2003-10-09 16:13:47 +00:00
|
|
|
nd_ns->nd_ns_cksum =
|
|
|
|
in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2010-08-19 11:31:03 +00:00
|
|
|
if (send_sendso_input_hook != NULL) {
|
|
|
|
mtag = m_tag_get(PACKET_TAG_ND_OUTGOING,
|
|
|
|
sizeof(unsigned short), M_NOWAIT);
|
|
|
|
if (mtag == NULL)
|
|
|
|
goto bad;
|
|
|
|
*(unsigned short *)(mtag + 1) = nd_ns->nd_ns_type;
|
|
|
|
m_tag_prepend(m, mtag);
|
|
|
|
}
|
|
|
|
|
2005-10-21 15:45:13 +00:00
|
|
|
ip6_output(m, NULL, &ro, dad ? IPV6_UNSPECSRC : 0, &im6o, NULL, NULL);
|
2005-07-25 12:31:43 +00:00
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_msg);
|
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_neighborsolicit);
|
2009-04-12 13:22:33 +00:00
|
|
|
ICMP6STAT_INC(icp6s_outhist[ND_NEIGHBOR_SOLICIT]);
|
2005-07-25 12:31:43 +00:00
|
|
|
|
2012-07-04 07:37:53 +00:00
|
|
|
/* We don't cache this route. */
|
|
|
|
RO_RTFREE(&ro);
|
|
|
|
|
2005-07-25 12:31:43 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
bad:
|
|
|
|
if (ro.ro_rt) {
|
|
|
|
RTFREE(ro.ro_rt);
|
|
|
|
}
|
|
|
|
m_freem(m);
|
|
|
|
return;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Neighbor advertisement input handling.
|
|
|
|
*
|
|
|
|
* Based on RFC 2461
|
2005-08-12 15:27:25 +00:00
|
|
|
* Based on RFC 2462 (duplicate address detection)
|
2000-07-04 16:35:15 +00:00
|
|
|
*
|
|
|
|
* the following items are not implemented yet:
|
|
|
|
* - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
|
|
|
|
* - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_na_input(struct mbuf *m, int off, int icmp6len)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct ifnet *ifp = m->m_pkthdr.rcvif;
|
|
|
|
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
|
2000-07-04 16:35:15 +00:00
|
|
|
struct nd_neighbor_advert *nd_na;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct in6_addr daddr6 = ip6->ip6_dst;
|
2000-07-04 16:35:15 +00:00
|
|
|
struct in6_addr taddr6;
|
|
|
|
int flags;
|
|
|
|
int is_router;
|
|
|
|
int is_solicited;
|
|
|
|
int is_override;
|
1999-11-22 02:45:11 +00:00
|
|
|
char *lladdr = NULL;
|
|
|
|
int lladdrlen = 0;
|
2008-12-24 01:08:18 +00:00
|
|
|
int checklink = 0;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ifaddr *ifa;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
struct llentry *ln = NULL;
|
1999-11-22 02:45:11 +00:00
|
|
|
union nd_opts ndopts;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
struct mbuf *chain = NULL;
|
2010-08-19 11:31:03 +00:00
|
|
|
struct m_tag *mtag;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
struct sockaddr_in6 sin6;
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
if (ip6->ip6_hlim != 255) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_ERR,
|
|
|
|
"nd6_na_input: invalid hlim (%d) from %s to %s on %s\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
|
|
|
|
ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
2000-07-04 16:35:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#ifndef PULLDOWN_TEST
|
|
|
|
IP6_EXTHDR_CHECK(m, off, icmp6len,);
|
|
|
|
nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off);
|
|
|
|
#else
|
|
|
|
IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len);
|
|
|
|
if (nd_na == NULL) {
|
2009-04-12 13:22:33 +00:00
|
|
|
ICMP6STAT_INC(icp6s_tooshort);
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
|
|
|
}
|
2000-07-04 16:35:15 +00:00
|
|
|
#endif
|
2005-07-25 12:31:43 +00:00
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
flags = nd_na->nd_na_flags_reserved;
|
|
|
|
is_router = ((flags & ND_NA_FLAG_ROUTER) != 0);
|
|
|
|
is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0);
|
|
|
|
is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2005-07-25 12:31:43 +00:00
|
|
|
taddr6 = nd_na->nd_na_target;
|
|
|
|
if (in6_setscope(&taddr6, ifp, NULL))
|
2005-09-16 01:42:50 +00:00
|
|
|
goto bad; /* XXX: impossible */
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_ERR,
|
1999-11-22 02:45:11 +00:00
|
|
|
"nd6_na_input: invalid target address %s\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6bufs, &taddr6)));
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
if (IN6_IS_ADDR_MULTICAST(&daddr6))
|
|
|
|
if (is_solicited) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_ERR,
|
|
|
|
"nd6_na_input: a solicited adv is multicasted\n"));
|
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
icmp6len -= sizeof(*nd_na);
|
|
|
|
nd6_option_init(nd_na + 1, icmp6len, &ndopts);
|
|
|
|
if (nd6_options(&ndopts) < 0) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_INFO,
|
|
|
|
"nd6_na_input: invalid ND option, ignored\n"));
|
|
|
|
/* nd6_options have incremented stats */
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (ndopts.nd_opts_tgt_lladdr) {
|
|
|
|
lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1);
|
|
|
|
lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
|
|
|
|
}
|
|
|
|
|
A major overhaul of the CARP implementation. The ip_carp.c was started
from scratch, copying needed functionality from the old implemenation
on demand, with a thorough review of all code. The main change is that
interface layer has been removed from the CARP. Now redundant addresses
are configured exactly on the interfaces, they run on.
The CARP configuration itself is, as before, configured and read via
SIOCSVH/SIOCGVH ioctls. A new prefix created with SIOCAIFADDR or
SIOCAIFADDR_IN6 may now be configured to a particular virtual host id,
which makes the prefix redundant.
ifconfig(8) semantics has been changed too: now one doesn't need
to clone carpXX interface, he/she should directly configure a vhid
on a Ethernet interface.
To supply vhid data from the kernel to an application the getifaddrs(8)
function had been changed to pass ifam_data with each address. [1]
The new implementation definitely closes all PRs related to carp(4)
being an interface, and may close several others. It also allows
to run a single redundant IP per interface.
Big thanks to Bjoern Zeeb for his help with inet6 part of patch, for
idea on using ifam_data and for several rounds of reviewing!
PR: kern/117000, kern/126945, kern/126714, kern/120130, kern/117448
Reviewed by: bz
Submitted by: bz [1]
2011-12-16 12:16:56 +00:00
|
|
|
/*
|
|
|
|
* This effectively disables the DAD check on a non-master CARP
|
|
|
|
* address.
|
|
|
|
*/
|
|
|
|
if (ifp->if_carp)
|
|
|
|
ifa = (*carp_iamatch6_p)(ifp, &taddr6);
|
|
|
|
else
|
|
|
|
ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Target address matches one of my interface address.
|
|
|
|
*
|
|
|
|
* If my address is tentative, this means that there's somebody
|
|
|
|
* already using the same address as mine. This indicates DAD failure.
|
|
|
|
* This is defined in RFC 2462.
|
|
|
|
*
|
|
|
|
* Otherwise, process as defined in RFC 2461.
|
|
|
|
*/
|
|
|
|
if (ifa
|
|
|
|
&& (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) {
|
2009-06-23 20:19:09 +00:00
|
|
|
ifa_free(ifa);
|
1999-11-22 02:45:11 +00:00
|
|
|
nd6_dad_na_input(ifa);
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2002-04-19 04:46:24 +00:00
|
|
|
/* Just for safety, maybe unnecessary. */
|
1999-11-22 02:45:11 +00:00
|
|
|
if (ifa) {
|
2009-06-23 20:19:09 +00:00
|
|
|
ifa_free(ifa);
|
1999-11-22 02:45:11 +00:00
|
|
|
log(LOG_ERR,
|
|
|
|
"nd6_na_input: duplicate IP6 address %s\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6bufs, &taddr6));
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
|
2003-10-09 16:13:47 +00:00
|
|
|
nd6log((LOG_INFO, "nd6_na_input: lladdrlen mismatch for %s "
|
2006-12-12 12:17:58 +00:00
|
|
|
"(if %d, NA packet %d)\n", ip6_sprintf(ip6bufs, &taddr6),
|
2003-10-09 16:13:47 +00:00
|
|
|
ifp->if_addrlen, lladdrlen - 2));
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2003-10-09 16:13:47 +00:00
|
|
|
* If no neighbor cache entry is found, NA SHOULD silently be
|
|
|
|
* discarded.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
IF_AFDATA_LOCK(ifp);
|
|
|
|
ln = nd6_lookup(&taddr6, LLE_EXCLUSIVE, ifp);
|
|
|
|
IF_AFDATA_UNLOCK(ifp);
|
|
|
|
if (ln == NULL) {
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
|
|
|
|
/*
|
|
|
|
* If the link-layer has address, and no lladdr option came,
|
|
|
|
* discard the packet.
|
|
|
|
*/
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
if (ifp->if_addrlen && lladdr == NULL) {
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Record link-layer address, and update the state.
|
|
|
|
*/
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
bcopy(lladdr, &ln->ll_addr, ifp->if_addrlen);
|
|
|
|
ln->la_flags |= LLE_VALID;
|
2013-01-26 00:05:22 +00:00
|
|
|
EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED);
|
1999-11-22 02:45:11 +00:00
|
|
|
if (is_solicited) {
|
|
|
|
ln->ln_state = ND6_LLINFO_REACHABLE;
|
2000-07-04 16:35:15 +00:00
|
|
|
ln->ln_byhint = 0;
|
2005-10-21 16:23:01 +00:00
|
|
|
if (!ND6_LLINFO_PERMANENT(ln)) {
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
nd6_llinfo_settimer_locked(ln,
|
|
|
|
(long)ND_IFINFO(ln->lle_tbl->llt_ifp)->reachable * hz);
|
2003-10-09 16:13:47 +00:00
|
|
|
}
|
2001-06-11 12:39:29 +00:00
|
|
|
} else {
|
1999-11-22 02:45:11 +00:00
|
|
|
ln->ln_state = ND6_LLINFO_STALE;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz);
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
|
|
|
if ((ln->ln_router = is_router) != 0) {
|
|
|
|
/*
|
|
|
|
* This means a router's state has changed from
|
|
|
|
* non-reachable to probably reachable, and might
|
|
|
|
* affect the status of associated prefixes..
|
|
|
|
*/
|
2008-12-24 01:08:18 +00:00
|
|
|
checklink = 1;
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
} else {
|
|
|
|
int llchange;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check if the link-layer address has changed or not.
|
|
|
|
*/
|
2005-10-19 10:09:19 +00:00
|
|
|
if (lladdr == NULL)
|
1999-11-22 02:45:11 +00:00
|
|
|
llchange = 0;
|
|
|
|
else {
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
if (ln->la_flags & LLE_VALID) {
|
|
|
|
if (bcmp(lladdr, &ln->ll_addr, ifp->if_addrlen))
|
1999-11-22 02:45:11 +00:00
|
|
|
llchange = 1;
|
|
|
|
else
|
|
|
|
llchange = 0;
|
|
|
|
} else
|
|
|
|
llchange = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This is VERY complex. Look at it with care.
|
|
|
|
*
|
|
|
|
* override solicit lladdr llchange action
|
|
|
|
* (L: record lladdr)
|
|
|
|
*
|
|
|
|
* 0 0 n -- (2c)
|
|
|
|
* 0 0 y n (2b) L
|
|
|
|
* 0 0 y y (1) REACHABLE->STALE
|
|
|
|
* 0 1 n -- (2c) *->REACHABLE
|
|
|
|
* 0 1 y n (2b) L *->REACHABLE
|
|
|
|
* 0 1 y y (1) REACHABLE->STALE
|
|
|
|
* 1 0 n -- (2a)
|
|
|
|
* 1 0 y n (2a) L
|
|
|
|
* 1 0 y y (2a) L *->STALE
|
|
|
|
* 1 1 n -- (2a) *->REACHABLE
|
|
|
|
* 1 1 y n (2a) L *->REACHABLE
|
|
|
|
* 1 1 y y (2a) L *->REACHABLE
|
|
|
|
*/
|
2005-10-21 16:23:01 +00:00
|
|
|
if (!is_override && (lladdr != NULL && llchange)) { /* (1) */
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
* If state is REACHABLE, make it STALE.
|
|
|
|
* no other updates should be done.
|
|
|
|
*/
|
2001-06-11 12:39:29 +00:00
|
|
|
if (ln->ln_state == ND6_LLINFO_REACHABLE) {
|
1999-11-22 02:45:11 +00:00
|
|
|
ln->ln_state = ND6_LLINFO_STALE;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz);
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
2000-07-04 16:35:15 +00:00
|
|
|
goto freeit;
|
1999-11-22 02:45:11 +00:00
|
|
|
} else if (is_override /* (2a) */
|
2005-10-19 10:09:19 +00:00
|
|
|
|| (!is_override && (lladdr != NULL && !llchange)) /* (2b) */
|
|
|
|
|| lladdr == NULL) { /* (2c) */
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
* Update link-local address, if any.
|
|
|
|
*/
|
2005-10-19 10:09:19 +00:00
|
|
|
if (lladdr != NULL) {
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
bcopy(lladdr, &ln->ll_addr, ifp->if_addrlen);
|
|
|
|
ln->la_flags |= LLE_VALID;
|
2013-01-26 00:05:22 +00:00
|
|
|
EVENTHANDLER_INVOKE(lle_event, ln,
|
|
|
|
LLENTRY_RESOLVED);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If solicited, make the state REACHABLE.
|
|
|
|
* If not solicited and the link-layer address was
|
|
|
|
* changed, make it STALE.
|
|
|
|
*/
|
|
|
|
if (is_solicited) {
|
|
|
|
ln->ln_state = ND6_LLINFO_REACHABLE;
|
2000-07-04 16:35:15 +00:00
|
|
|
ln->ln_byhint = 0;
|
2005-10-21 16:23:01 +00:00
|
|
|
if (!ND6_LLINFO_PERMANENT(ln)) {
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
nd6_llinfo_settimer_locked(ln,
|
2005-10-21 16:23:01 +00:00
|
|
|
(long)ND_IFINFO(ifp)->reachable * hz);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
} else {
|
2005-10-19 10:09:19 +00:00
|
|
|
if (lladdr != NULL && llchange) {
|
1999-11-22 02:45:11 +00:00
|
|
|
ln->ln_state = ND6_LLINFO_STALE;
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
nd6_llinfo_settimer_locked(ln,
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
(long)V_nd6_gctimer * hz);
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ln->ln_router && !is_router) {
|
|
|
|
/*
|
|
|
|
* The peer dropped the router flag.
|
|
|
|
* Remove the sender from the Default Router List and
|
|
|
|
* update the Destination Cache entries.
|
|
|
|
*/
|
|
|
|
struct nd_defrouter *dr;
|
|
|
|
struct in6_addr *in6;
|
|
|
|
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
in6 = &L3_ADDR_SIN6(ln)->sin6_addr;
|
2002-04-19 04:46:24 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Lock to protect the default router list.
|
|
|
|
* XXX: this might be unnecessary, since this function
|
|
|
|
* is only called under the network software interrupt
|
2003-10-09 16:13:47 +00:00
|
|
|
* context. However, we keep it just for safety.
|
2002-04-19 04:46:24 +00:00
|
|
|
*/
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
dr = defrouter_lookup(in6, ln->lle_tbl->llt_ifp);
|
1999-11-22 02:45:11 +00:00
|
|
|
if (dr)
|
|
|
|
defrtrlist_del(dr);
|
- Accept Router Advertisement messages even when net.inet6.ip6.forwarding=1.
- A new per-interface knob IFF_ND6_NO_RADR and sysctl IPV6CTL_NO_RADR.
This controls if accepting a route in an RA message as the default route.
The default value for each interface can be set by net.inet6.ip6.no_radr.
The system wide default value is 0.
- A new sysctl: net.inet6.ip6.norbit_raif. This controls if setting R-bit in
NA on RA accepting interfaces. The default is 0 (R-bit is set based on
net.inet6.ip6.forwarding).
Background:
IPv6 host/router model suggests a router sends an RA and a host accepts it for
router discovery. Because of that, KAME implementation does not allow
accepting RAs when net.inet6.ip6.forwarding=1. Accepting RAs on a router can
make the routing table confused since it can change the default router
unintentionally.
However, in practice there are cases where we cannot distinguish a host from
a router clearly. For example, a customer edge router often works as a host
against the ISP, and as a router against the LAN at the same time. Another
example is a complex network configurations like an L2TP tunnel for IPv6
connection to Internet over an Ethernet link with another native IPv6 subnet.
In this case, the physical interface for the native IPv6 subnet works as a
host, and the pseudo-interface for L2TP works as the default IP forwarding
route.
Problem:
Disabling processing RA messages when net.inet6.ip6.forwarding=1 and
accepting them when net.inet6.ip6.forward=0 cause the following practical
issues:
- A router cannot perform SLAAC. It becomes a problem if a box has
multiple interfaces and you want to use SLAAC on some of them, for
example. A customer edge router for IPv6 Internet access service
using an IPv6-over-IPv6 tunnel sometimes needs SLAAC on the
physical interface for administration purpose; updating firmware
and so on (link-local addresses can be used there, but GUAs by
SLAAC are often used for scalability).
- When a host has multiple IPv6 interfaces and it receives multiple RAs on
them, controlling the default route is difficult. Router preferences
defined in RFC 4191 works only when the routers on the links are
under your control.
Details of Implementation Changes:
Router Advertisement messages will be accepted even when
net.inet6.ip6.forwarding=1. More precisely, the conditions are as
follow:
(ACCEPT_RTADV && !NO_RADR && !ip6.forwarding)
=> Normal RA processing on that interface. (as IPv6 host)
(ACCEPT_RTADV && (NO_RADR || ip6.forwarding))
=> Accept RA but add the router to the defroute list with
rtlifetime=0 unconditionally. This effectively prevents
from setting the received router address as the box's
default route.
(!ACCEPT_RTADV)
=> No RA processing on that interface.
ACCEPT_RTADV and NO_RADR are per-interface knob. In short, all interface
are classified as "RA-accepting" or not. An RA-accepting interface always
processes RA messages regardless of ip6.forwarding. The difference caused by
NO_RADR or ip6.forwarding is whether the RA source address is considered as
the default router or not.
R-bit in NA on the RA accepting interfaces is set based on
net.inet6.ip6.forwarding. While RFC 6204 W-1 rule (for CPE case) suggests
a router should disable the R-bit completely even when the box has
net.inet6.ip6.forwarding=1, I believe there is no technical reason with
doing so. This behavior can be set by a new sysctl net.inet6.ip6.norbit_raif
(the default is 0).
Usage:
# ifconfig fxp0 inet6 accept_rtadv
=> accept RA on fxp0
# ifconfig fxp0 inet6 accept_rtadv no_radr
=> accept RA on fxp0 but ignore default route information in it.
# sysctl net.inet6.ip6.norbit_no_radr=1
=> R-bit in NAs on RA accepting interfaces will always be set to 0.
2011-06-06 02:14:23 +00:00
|
|
|
else if (ND_IFINFO(ln->lle_tbl->llt_ifp)->flags &
|
|
|
|
ND6_IFF_ACCEPT_RTADV) {
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
* Even if the neighbor is not in the default
|
|
|
|
* router list, the neighbor may be used
|
|
|
|
* as a next hop for some destinations
|
|
|
|
* (e.g. redirect case). So we must
|
|
|
|
* call rt6_flush explicitly.
|
|
|
|
*/
|
2004-04-19 08:02:52 +00:00
|
|
|
rt6_flush(&ip6->ip6_src, ifp);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
ln->ln_router = is_router;
|
|
|
|
}
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
/* XXX - QL
|
|
|
|
* Does this matter?
|
|
|
|
* rt->rt_flags &= ~RTF_REJECT;
|
|
|
|
*/
|
|
|
|
ln->la_asked = 0;
|
|
|
|
if (ln->la_hold) {
|
2005-10-21 16:23:01 +00:00
|
|
|
struct mbuf *m_hold, *m_hold_next;
|
|
|
|
|
2007-05-05 04:24:01 +00:00
|
|
|
/*
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
* reset the la_hold in advance, to explicitly
|
|
|
|
* prevent a la_hold lookup in nd6_output()
|
2007-05-05 04:24:01 +00:00
|
|
|
* (wouldn't happen, though...)
|
|
|
|
*/
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
for (m_hold = ln->la_hold, ln->la_hold = NULL;
|
2007-05-04 02:34:17 +00:00
|
|
|
m_hold; m_hold = m_hold_next) {
|
2005-10-21 16:23:01 +00:00
|
|
|
m_hold_next = m_hold->m_nextpkt;
|
2007-05-04 02:34:17 +00:00
|
|
|
m_hold->m_nextpkt = NULL;
|
2005-10-21 16:23:01 +00:00
|
|
|
/*
|
|
|
|
* we assume ifp is not a loopback here, so just set
|
|
|
|
* the 2nd argument as the 1st one.
|
|
|
|
*/
|
2010-08-19 11:31:03 +00:00
|
|
|
|
|
|
|
if (send_sendso_input_hook != NULL) {
|
|
|
|
mtag = m_tag_get(PACKET_TAG_ND_OUTGOING,
|
|
|
|
sizeof(unsigned short), M_NOWAIT);
|
|
|
|
if (mtag == NULL)
|
|
|
|
goto bad;
|
|
|
|
m_tag_prepend(m, mtag);
|
|
|
|
}
|
|
|
|
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
nd6_output_lle(ifp, ifp, m_hold, L3_ADDR_SIN6(ln), NULL, ln, &chain);
|
2005-10-21 16:23:01 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2000-07-04 16:35:15 +00:00
|
|
|
freeit:
|
2008-12-16 02:47:22 +00:00
|
|
|
if (ln != NULL) {
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
if (chain)
|
|
|
|
memcpy(&sin6, L3_ADDR_SIN6(ln), sizeof(sin6));
|
|
|
|
LLE_WUNLOCK(ln);
|
|
|
|
|
|
|
|
if (chain)
|
|
|
|
nd6_output_flush(ifp, ifp, chain, &sin6, NULL);
|
|
|
|
}
|
2008-12-24 01:08:18 +00:00
|
|
|
if (checklink)
|
|
|
|
pfxlist_onlink_check();
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
m_freem(m);
|
2001-06-11 12:39:29 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
bad:
|
2008-12-16 02:47:22 +00:00
|
|
|
if (ln != NULL)
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
LLE_WUNLOCK(ln);
|
|
|
|
|
2009-04-12 13:22:33 +00:00
|
|
|
ICMP6STAT_INC(icp6s_badna);
|
2001-06-11 12:39:29 +00:00
|
|
|
m_freem(m);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Neighbor advertisement output handling.
|
|
|
|
*
|
|
|
|
* Based on RFC 2461
|
|
|
|
*
|
2000-07-04 16:35:15 +00:00
|
|
|
* the following items are not implemented yet:
|
|
|
|
* - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
|
|
|
|
* - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
|
2007-07-05 16:23:49 +00:00
|
|
|
*
|
|
|
|
* tlladdr - 1 if include target link-layer address
|
|
|
|
* sdl0 - sockaddr_dl (= proxy NA) or NULL
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2012-02-17 02:39:58 +00:00
|
|
|
static void
|
|
|
|
nd6_na_output_fib(struct ifnet *ifp, const struct in6_addr *daddr6_0,
|
2007-07-05 16:23:49 +00:00
|
|
|
const struct in6_addr *taddr6, u_long flags, int tlladdr,
|
2012-02-17 02:39:58 +00:00
|
|
|
struct sockaddr *sdl0, u_int fibnum)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct mbuf *m;
|
2010-08-19 11:31:03 +00:00
|
|
|
struct m_tag *mtag;
|
2012-02-17 02:39:58 +00:00
|
|
|
struct ifnet *oifp;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ip6_hdr *ip6;
|
|
|
|
struct nd_neighbor_advert *nd_na;
|
|
|
|
struct ip6_moptions im6o;
|
2009-06-23 22:08:55 +00:00
|
|
|
struct in6_addr src, daddr6;
|
2005-07-25 12:31:43 +00:00
|
|
|
struct sockaddr_in6 dst_sa;
|
|
|
|
int icmp6len, maxlen, error;
|
2002-03-19 23:26:37 +00:00
|
|
|
caddr_t mac = NULL;
|
2005-07-25 12:31:43 +00:00
|
|
|
struct route_in6 ro;
|
|
|
|
|
|
|
|
bzero(&ro, sizeof(ro));
|
|
|
|
|
|
|
|
daddr6 = *daddr6_0; /* make a local copy for modification */
|
2000-07-04 16:35:15 +00:00
|
|
|
|
|
|
|
/* estimate the size of message */
|
|
|
|
maxlen = sizeof(*ip6) + sizeof(*nd_na);
|
|
|
|
maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
|
|
|
|
if (max_linkhdr + maxlen >= MCLBYTES) {
|
|
|
|
#ifdef DIAGNOSTIC
|
|
|
|
printf("nd6_na_output: max_linkhdr + maxlen >= MCLBYTES "
|
|
|
|
"(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES);
|
|
|
|
#endif
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2012-12-05 08:04:20 +00:00
|
|
|
MGETHDR(m, M_NOWAIT, MT_DATA);
|
2000-07-04 16:35:15 +00:00
|
|
|
if (m && max_linkhdr + maxlen >= MHLEN) {
|
2012-12-05 08:04:20 +00:00
|
|
|
MCLGET(m, M_NOWAIT);
|
2000-07-04 16:35:15 +00:00
|
|
|
if ((m->m_flags & M_EXT) == 0) {
|
|
|
|
m_free(m);
|
|
|
|
m = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (m == NULL)
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
2001-06-11 12:39:29 +00:00
|
|
|
m->m_pkthdr.rcvif = NULL;
|
2012-02-17 02:39:58 +00:00
|
|
|
M_SETFIB(m, fibnum);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2005-07-25 12:31:43 +00:00
|
|
|
if (IN6_IS_ADDR_MULTICAST(&daddr6)) {
|
1999-11-22 02:45:11 +00:00
|
|
|
m->m_flags |= M_MCAST;
|
|
|
|
im6o.im6o_multicast_ifp = ifp;
|
|
|
|
im6o.im6o_multicast_hlim = 255;
|
|
|
|
im6o.im6o_multicast_loop = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
icmp6len = sizeof(*nd_na);
|
|
|
|
m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len;
|
2002-04-19 04:46:24 +00:00
|
|
|
m->m_data += max_linkhdr; /* or MH_ALIGN() equivalent? */
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/* fill neighbor advertisement packet */
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
ip6->ip6_flow = 0;
|
2000-07-04 16:35:15 +00:00
|
|
|
ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
|
|
|
|
ip6->ip6_vfc |= IPV6_VERSION;
|
1999-11-22 02:45:11 +00:00
|
|
|
ip6->ip6_nxt = IPPROTO_ICMPV6;
|
|
|
|
ip6->ip6_hlim = 255;
|
2005-07-25 12:31:43 +00:00
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&daddr6)) {
|
1999-11-22 02:45:11 +00:00
|
|
|
/* reply to DAD */
|
2005-12-08 06:43:39 +00:00
|
|
|
daddr6.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
|
|
|
|
daddr6.s6_addr16[1] = 0;
|
|
|
|
daddr6.s6_addr32[1] = 0;
|
|
|
|
daddr6.s6_addr32[2] = 0;
|
|
|
|
daddr6.s6_addr32[3] = IPV6_ADDR_INT32_ONE;
|
2005-07-25 12:31:43 +00:00
|
|
|
if (in6_setscope(&daddr6, ifp, NULL))
|
|
|
|
goto bad;
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
flags &= ~ND_NA_FLAG_SOLICITED;
|
2005-07-25 12:31:43 +00:00
|
|
|
}
|
|
|
|
ip6->ip6_dst = daddr6;
|
|
|
|
bzero(&dst_sa, sizeof(struct sockaddr_in6));
|
|
|
|
dst_sa.sin6_family = AF_INET6;
|
|
|
|
dst_sa.sin6_len = sizeof(struct sockaddr_in6);
|
|
|
|
dst_sa.sin6_addr = daddr6;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Select a source whose scope is the same as that of the dest.
|
|
|
|
*/
|
2005-07-25 12:31:43 +00:00
|
|
|
bcopy(&dst_sa, &ro.ro_dst, sizeof(dst_sa));
|
2012-02-17 02:39:58 +00:00
|
|
|
oifp = ifp;
|
|
|
|
error = in6_selectsrc(&dst_sa, NULL, NULL, &ro, NULL, &oifp, &src);
|
2009-06-23 22:08:55 +00:00
|
|
|
if (error) {
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
2005-07-25 12:31:43 +00:00
|
|
|
nd6log((LOG_DEBUG, "nd6_na_output: source can't be "
|
|
|
|
"determined: dst=%s, error=%d\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6buf, &dst_sa.sin6_addr), error));
|
2005-07-25 12:31:43 +00:00
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2009-06-23 22:08:55 +00:00
|
|
|
ip6->ip6_src = src;
|
1999-11-22 02:45:11 +00:00
|
|
|
nd_na = (struct nd_neighbor_advert *)(ip6 + 1);
|
|
|
|
nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
|
|
|
|
nd_na->nd_na_code = 0;
|
|
|
|
nd_na->nd_na_target = *taddr6;
|
2003-10-21 20:05:32 +00:00
|
|
|
in6_clearscope(&nd_na->nd_na_target); /* XXX */
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* "tlladdr" indicates NS's condition for adding tlladdr or not.
|
|
|
|
* see nd6_ns_input() for details.
|
|
|
|
* Basically, if NS packet is sent to unicast/anycast addr,
|
|
|
|
* target lladdr option SHOULD NOT be included.
|
|
|
|
*/
|
2000-07-04 16:35:15 +00:00
|
|
|
if (tlladdr) {
|
|
|
|
/*
|
|
|
|
* sdl0 != NULL indicates proxy NA. If we do proxy, use
|
|
|
|
* lladdr in sdl0. If we are not proxying (sending NA for
|
|
|
|
* my address) use lladdr configured for the interface.
|
|
|
|
*/
|
2005-02-22 13:04:05 +00:00
|
|
|
if (sdl0 == NULL) {
|
|
|
|
if (ifp->if_carp)
|
2010-08-11 00:51:50 +00:00
|
|
|
mac = (*carp_macmatch6_p)(ifp, m, taddr6);
|
2005-02-22 13:04:05 +00:00
|
|
|
if (mac == NULL)
|
|
|
|
mac = nd6_ifptomac(ifp);
|
|
|
|
} else if (sdl0->sa_family == AF_LINK) {
|
2000-07-04 16:35:15 +00:00
|
|
|
struct sockaddr_dl *sdl;
|
|
|
|
sdl = (struct sockaddr_dl *)sdl0;
|
|
|
|
if (sdl->sdl_alen == ifp->if_addrlen)
|
|
|
|
mac = LLADDR(sdl);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (tlladdr && mac) {
|
1999-11-22 02:45:11 +00:00
|
|
|
int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
|
|
|
|
struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1);
|
2003-10-09 16:13:47 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/* roundup to 8 bytes alignment! */
|
|
|
|
optlen = (optlen + 7) & ~7;
|
|
|
|
|
|
|
|
m->m_pkthdr.len += optlen;
|
|
|
|
m->m_len += optlen;
|
|
|
|
icmp6len += optlen;
|
|
|
|
bzero((caddr_t)nd_opt, optlen);
|
|
|
|
nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR;
|
|
|
|
nd_opt->nd_opt_len = optlen >> 3;
|
|
|
|
bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen);
|
|
|
|
} else
|
|
|
|
flags &= ~ND_NA_FLAG_OVERRIDE;
|
|
|
|
|
|
|
|
ip6->ip6_plen = htons((u_short)icmp6len);
|
|
|
|
nd_na->nd_na_flags_reserved = flags;
|
|
|
|
nd_na->nd_na_cksum = 0;
|
|
|
|
nd_na->nd_na_cksum =
|
2003-10-09 16:13:47 +00:00
|
|
|
in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2010-08-19 11:31:03 +00:00
|
|
|
if (send_sendso_input_hook != NULL) {
|
|
|
|
mtag = m_tag_get(PACKET_TAG_ND_OUTGOING,
|
|
|
|
sizeof(unsigned short), M_NOWAIT);
|
|
|
|
if (mtag == NULL)
|
|
|
|
goto bad;
|
|
|
|
*(unsigned short *)(mtag + 1) = nd_na->nd_na_type;
|
|
|
|
m_tag_prepend(m, mtag);
|
|
|
|
}
|
|
|
|
|
2005-07-25 12:31:43 +00:00
|
|
|
ip6_output(m, NULL, &ro, 0, &im6o, NULL, NULL);
|
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_msg);
|
|
|
|
icmp6_ifstat_inc(ifp, ifs6_out_neighboradvert);
|
2009-04-12 13:22:33 +00:00
|
|
|
ICMP6STAT_INC(icp6s_outhist[ND_NEIGHBOR_ADVERT]);
|
2005-07-25 12:31:43 +00:00
|
|
|
|
2012-07-04 07:37:53 +00:00
|
|
|
/* We don't cache this route. */
|
|
|
|
RO_RTFREE(&ro);
|
|
|
|
|
2005-07-25 12:31:43 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
bad:
|
|
|
|
if (ro.ro_rt) {
|
|
|
|
RTFREE(ro.ro_rt);
|
|
|
|
}
|
|
|
|
m_freem(m);
|
|
|
|
return;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2012-02-17 02:39:58 +00:00
|
|
|
#ifndef BURN_BRIDGES
|
|
|
|
void
|
|
|
|
nd6_na_output(struct ifnet *ifp, const struct in6_addr *daddr6_0,
|
|
|
|
const struct in6_addr *taddr6, u_long flags, int tlladdr,
|
|
|
|
struct sockaddr *sdl0)
|
|
|
|
{
|
|
|
|
|
|
|
|
nd6_na_output_fib(ifp, daddr6_0, taddr6, flags, tlladdr, sdl0,
|
|
|
|
RT_DEFAULT_FIB);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
caddr_t
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_ifptomac(struct ifnet *ifp)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
switch (ifp->if_type) {
|
|
|
|
case IFT_ARCNET:
|
|
|
|
case IFT_ETHER:
|
|
|
|
case IFT_FDDI:
|
2001-06-11 12:39:29 +00:00
|
|
|
case IFT_IEEE1394:
|
2001-06-19 14:48:02 +00:00
|
|
|
#ifdef IFT_L2VLAN
|
|
|
|
case IFT_L2VLAN:
|
|
|
|
#endif
|
2001-06-11 12:39:29 +00:00
|
|
|
#ifdef IFT_IEEE80211
|
|
|
|
case IFT_IEEE80211:
|
|
|
|
#endif
|
2011-03-21 09:40:01 +00:00
|
|
|
case IFT_INFINIBAND:
|
2005-09-06 21:11:59 +00:00
|
|
|
case IFT_BRIDGE:
|
2003-09-14 02:32:31 +00:00
|
|
|
case IFT_ISO88025:
|
2005-06-12 00:45:24 +00:00
|
|
|
return IF_LLADDR(ifp);
|
1999-11-22 02:45:11 +00:00
|
|
|
default:
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
struct dadq {
|
2000-05-26 02:09:24 +00:00
|
|
|
TAILQ_ENTRY(dadq) dad_list;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ifaddr *dad_ifa;
|
|
|
|
int dad_count; /* max NS to send */
|
2000-07-04 16:35:15 +00:00
|
|
|
int dad_ns_tcount; /* # of trials to send NS */
|
1999-11-22 02:45:11 +00:00
|
|
|
int dad_ns_ocount; /* NS sent so far */
|
|
|
|
int dad_ns_icount;
|
|
|
|
int dad_na_icount;
|
2001-06-11 12:39:29 +00:00
|
|
|
struct callout dad_timer_ch;
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
struct vnet *dad_vnet;
|
1999-11-22 02:45:11 +00:00
|
|
|
};
|
|
|
|
|
2010-11-22 19:32:54 +00:00
|
|
|
static VNET_DEFINE(TAILQ_HEAD(, dadq), dadq);
|
2010-04-29 11:52:42 +00:00
|
|
|
VNET_DEFINE(int, dad_init) = 0;
|
2009-07-16 21:13:04 +00:00
|
|
|
#define V_dadq VNET(dadq)
|
|
|
|
#define V_dad_init VNET(dad_init)
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
static struct dadq *
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_find(struct ifaddr *ifa)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct dadq *dp;
|
|
|
|
|
2011-10-13 13:33:23 +00:00
|
|
|
TAILQ_FOREACH(dp, &V_dadq, dad_list)
|
1999-11-22 02:45:11 +00:00
|
|
|
if (dp->dad_ifa == ifa)
|
2011-10-13 13:33:23 +00:00
|
|
|
return (dp);
|
|
|
|
|
|
|
|
return (NULL);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
static void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_starttimer(struct dadq *dp, int ticks)
|
2001-06-11 12:39:29 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
callout_reset(&dp->dad_timer_ch, ticks,
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
(void (*)(void *))nd6_dad_timer, (void *)dp);
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_stoptimer(struct dadq *dp)
|
2001-06-11 12:39:29 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
callout_stop(&dp->dad_timer_ch);
|
|
|
|
}
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
2005-08-12 15:27:25 +00:00
|
|
|
* Start Duplicate Address Detection (DAD) for specified interface address.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_start(struct ifaddr *ifa, int delay)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
|
|
|
|
struct dadq *dp;
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
1999-11-22 02:45:11 +00:00
|
|
|
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
if (!V_dad_init) {
|
|
|
|
TAILQ_INIT(&V_dadq);
|
|
|
|
V_dad_init++;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we don't need DAD, don't do it.
|
|
|
|
* There are several cases:
|
|
|
|
* - DAD is disabled (ip6_dad_count == 0)
|
|
|
|
* - the interface address is anycast
|
|
|
|
*/
|
|
|
|
if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) {
|
2000-07-04 16:35:15 +00:00
|
|
|
log(LOG_DEBUG,
|
|
|
|
"nd6_dad_start: called with non-tentative address "
|
1999-11-22 02:45:11 +00:00
|
|
|
"%s(%s)\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
|
1999-11-22 02:45:11 +00:00
|
|
|
ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (ia->ia6_flags & IN6_IFF_ANYCAST) {
|
|
|
|
ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
|
|
|
|
return;
|
|
|
|
}
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
if (!V_ip6_dad_count) {
|
1999-11-22 02:45:11 +00:00
|
|
|
ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
|
|
|
|
return;
|
|
|
|
}
|
2005-10-19 10:09:19 +00:00
|
|
|
if (ifa->ifa_ifp == NULL)
|
1999-11-22 02:45:11 +00:00
|
|
|
panic("nd6_dad_start: ifa->ifa_ifp == NULL");
|
2003-10-09 16:13:47 +00:00
|
|
|
if (!(ifa->ifa_ifp->if_flags & IFF_UP)) {
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
2003-10-09 16:13:47 +00:00
|
|
|
}
|
2009-09-12 22:08:20 +00:00
|
|
|
if (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_IFDISABLED)
|
|
|
|
return;
|
1999-11-22 02:45:11 +00:00
|
|
|
if (nd6_dad_find(ifa) != NULL) {
|
|
|
|
/* DAD already in progress */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
dp = malloc(sizeof(*dp), M_IP6NDP, M_NOWAIT);
|
|
|
|
if (dp == NULL) {
|
2000-07-04 16:35:15 +00:00
|
|
|
log(LOG_ERR, "nd6_dad_start: memory allocation failed for "
|
1999-11-22 02:45:11 +00:00
|
|
|
"%s(%s)\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
|
1999-11-22 02:45:11 +00:00
|
|
|
ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
bzero(dp, sizeof(*dp));
|
2001-06-11 12:39:29 +00:00
|
|
|
callout_init(&dp->dad_timer_ch, 0);
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
#ifdef VIMAGE
|
|
|
|
dp->dad_vnet = curvnet;
|
|
|
|
#endif
|
2008-08-25 06:09:32 +00:00
|
|
|
TAILQ_INSERT_TAIL(&V_dadq, (struct dadq *)dp, dad_list);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp),
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Send NS packet for DAD, ip6_dad_count times.
|
|
|
|
* Note that we must delay the first transmission, if this is the
|
|
|
|
* first packet to be sent from the interface after interface
|
|
|
|
* (re)initialization.
|
|
|
|
*/
|
|
|
|
dp->dad_ifa = ifa;
|
2009-06-21 19:30:33 +00:00
|
|
|
ifa_ref(ifa); /* just for safety */
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
dp->dad_count = V_ip6_dad_count;
|
1999-11-22 02:45:11 +00:00
|
|
|
dp->dad_ns_icount = dp->dad_na_icount = 0;
|
2000-07-04 16:35:15 +00:00
|
|
|
dp->dad_ns_ocount = dp->dad_ns_tcount = 0;
|
2005-10-21 16:23:01 +00:00
|
|
|
if (delay == 0) {
|
2000-07-04 16:35:15 +00:00
|
|
|
nd6_dad_ns_output(dp, ifa);
|
2003-10-17 15:46:31 +00:00
|
|
|
nd6_dad_starttimer(dp,
|
2005-10-21 16:23:01 +00:00
|
|
|
(long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
|
1999-11-22 02:45:11 +00:00
|
|
|
} else {
|
2005-10-21 16:23:01 +00:00
|
|
|
nd6_dad_starttimer(dp, delay);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
/*
|
|
|
|
* terminate DAD unconditionally. used for address removals.
|
|
|
|
*/
|
|
|
|
void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_stop(struct ifaddr *ifa)
|
2001-06-11 12:39:29 +00:00
|
|
|
{
|
|
|
|
struct dadq *dp;
|
|
|
|
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
if (!V_dad_init)
|
2001-06-11 12:39:29 +00:00
|
|
|
return;
|
|
|
|
dp = nd6_dad_find(ifa);
|
|
|
|
if (!dp) {
|
|
|
|
/* DAD wasn't started yet */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
nd6_dad_stoptimer(dp);
|
|
|
|
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
TAILQ_REMOVE(&V_dadq, (struct dadq *)dp, dad_list);
|
2001-06-11 12:39:29 +00:00
|
|
|
free(dp, M_IP6NDP);
|
|
|
|
dp = NULL;
|
2009-06-21 19:30:33 +00:00
|
|
|
ifa_free(ifa);
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
static void
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
nd6_dad_timer(struct dadq *dp)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
Step 1.5 of importing the network stack virtualization infrastructure
from the vimage project, as per plan established at devsummit 08/08:
http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator
macros, and CURVNET_SET() context setting macros, all currently
resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a
family of SYSCTL_V_*() macros, currently resolving to their global
counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header
files specific to virtualized subsystems (sys/net/vnet.h,
sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this
point in time by doing MD5 comparision between pre- and post-change
object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec
Reviewed by: julian, bz, brooks, kris, rwatson, ...
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation
2008-10-02 15:37:58 +00:00
|
|
|
CURVNET_SET(dp->dad_vnet);
|
Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
2009-05-05 10:56:12 +00:00
|
|
|
struct ifaddr *ifa = dp->dad_ifa;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
/* Sanity check */
|
|
|
|
if (ia == NULL) {
|
2000-07-04 16:35:15 +00:00
|
|
|
log(LOG_ERR, "nd6_dad_timer: called with null parameter\n");
|
1999-11-22 02:45:11 +00:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
if (ia->ia6_flags & IN6_IFF_DUPLICATED) {
|
2000-07-04 16:35:15 +00:00
|
|
|
log(LOG_ERR, "nd6_dad_timer: called with duplicated address "
|
1999-11-22 02:45:11 +00:00
|
|
|
"%s(%s)\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
|
1999-11-22 02:45:11 +00:00
|
|
|
ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) {
|
2000-07-04 16:35:15 +00:00
|
|
|
log(LOG_ERR, "nd6_dad_timer: called with non-tentative address "
|
1999-11-22 02:45:11 +00:00
|
|
|
"%s(%s)\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
|
1999-11-22 02:45:11 +00:00
|
|
|
ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
/* timeouted with IFF_{RUNNING,UP} check */
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
if (dp->dad_ns_tcount > V_dad_maxtry) {
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_INFO, "%s: could not run DAD, driver problem?\n",
|
2003-10-09 16:13:47 +00:00
|
|
|
if_name(ifa->ifa_ifp)));
|
2000-07-04 16:35:15 +00:00
|
|
|
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
TAILQ_REMOVE(&V_dadq, (struct dadq *)dp, dad_list);
|
2000-07-04 16:35:15 +00:00
|
|
|
free(dp, M_IP6NDP);
|
|
|
|
dp = NULL;
|
2009-06-21 19:30:33 +00:00
|
|
|
ifa_free(ifa);
|
2000-07-04 16:35:15 +00:00
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/* Need more checks? */
|
|
|
|
if (dp->dad_ns_ocount < dp->dad_count) {
|
|
|
|
/*
|
|
|
|
* We have more NS to go. Send NS packet for DAD.
|
|
|
|
*/
|
2000-07-04 16:35:15 +00:00
|
|
|
nd6_dad_ns_output(dp, ifa);
|
2003-10-09 16:13:47 +00:00
|
|
|
nd6_dad_starttimer(dp,
|
2005-10-21 16:23:01 +00:00
|
|
|
(long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
|
1999-11-22 02:45:11 +00:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* We have transmitted sufficient number of DAD packets.
|
|
|
|
* See what we've got.
|
|
|
|
*/
|
|
|
|
int duplicate;
|
|
|
|
|
|
|
|
duplicate = 0;
|
|
|
|
|
|
|
|
if (dp->dad_na_icount) {
|
|
|
|
/*
|
|
|
|
* the check is in nd6_dad_na_input(),
|
|
|
|
* but just in case
|
|
|
|
*/
|
|
|
|
duplicate++;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (dp->dad_ns_icount) {
|
|
|
|
/* We've seen NS, means DAD has failed. */
|
|
|
|
duplicate++;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (duplicate) {
|
|
|
|
/* (*dp) will be freed in nd6_dad_duplicated() */
|
|
|
|
dp = NULL;
|
|
|
|
nd6_dad_duplicated(ifa);
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* We are done with DAD. No NA came, no NS came.
|
2005-08-12 15:27:25 +00:00
|
|
|
* No duplicate address found.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
|
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_DEBUG,
|
2000-07-04 16:35:15 +00:00
|
|
|
"%s: DAD complete for %s - no duplicates found\n",
|
|
|
|
if_name(ifa->ifa_ifp),
|
2006-12-12 12:17:58 +00:00
|
|
|
ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
|
1999-11-22 02:45:11 +00:00
|
|
|
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
TAILQ_REMOVE(&V_dadq, (struct dadq *)dp, dad_list);
|
1999-11-22 02:45:11 +00:00
|
|
|
free(dp, M_IP6NDP);
|
|
|
|
dp = NULL;
|
2009-06-21 19:30:33 +00:00
|
|
|
ifa_free(ifa);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
done:
|
Step 1.5 of importing the network stack virtualization infrastructure
from the vimage project, as per plan established at devsummit 08/08:
http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator
macros, and CURVNET_SET() context setting macros, all currently
resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a
family of SYSCTL_V_*() macros, currently resolving to their global
counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header
files specific to virtualized subsystems (sys/net/vnet.h,
sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this
point in time by doing MD5 comparision between pre- and post-change
object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec
Reviewed by: julian, bz, brooks, kris, rwatson, ...
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation
2008-10-02 15:37:58 +00:00
|
|
|
CURVNET_RESTORE();
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_duplicated(struct ifaddr *ifa)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
|
2005-10-19 16:43:57 +00:00
|
|
|
struct ifnet *ifp;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct dadq *dp;
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
dp = nd6_dad_find(ifa);
|
|
|
|
if (dp == NULL) {
|
2000-07-04 16:35:15 +00:00
|
|
|
log(LOG_ERR, "nd6_dad_duplicated: DAD structure not found\n");
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: "
|
|
|
|
"NS in/out=%d/%d, NA in=%d\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
if_name(ifa->ifa_ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
|
2001-06-11 12:39:29 +00:00
|
|
|
dp->dad_ns_icount, dp->dad_ns_ocount, dp->dad_na_icount);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
|
|
|
|
ia->ia6_flags |= IN6_IFF_DUPLICATED;
|
|
|
|
|
2005-08-12 15:27:25 +00:00
|
|
|
/* We are done with DAD, with duplicate address found. (failure) */
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6_dad_stoptimer(dp);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2005-10-19 16:43:57 +00:00
|
|
|
ifp = ifa->ifa_ifp;
|
2000-07-04 16:35:15 +00:00
|
|
|
log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n",
|
2006-12-12 12:17:58 +00:00
|
|
|
if_name(ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr));
|
2000-07-04 16:35:15 +00:00
|
|
|
log(LOG_ERR, "%s: manual intervention required\n",
|
2005-10-19 16:43:57 +00:00
|
|
|
if_name(ifp));
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the address is a link-local address formed from an interface
|
|
|
|
* identifier based on the hardware address which is supposed to be
|
|
|
|
* uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP
|
|
|
|
* operation on the interface SHOULD be disabled.
|
2009-09-12 22:08:20 +00:00
|
|
|
* [RFC 4862, Section 5.4.5]
|
2005-10-19 16:43:57 +00:00
|
|
|
*/
|
|
|
|
if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
|
|
|
|
struct in6_addr in6;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* To avoid over-reaction, we only apply this logic when we are
|
|
|
|
* very sure that hardware addresses are supposed to be unique.
|
|
|
|
*/
|
|
|
|
switch (ifp->if_type) {
|
|
|
|
case IFT_ETHER:
|
|
|
|
case IFT_FDDI:
|
|
|
|
case IFT_ATM:
|
|
|
|
case IFT_IEEE1394:
|
|
|
|
#ifdef IFT_IEEE80211
|
|
|
|
case IFT_IEEE80211:
|
|
|
|
#endif
|
2011-03-21 09:40:01 +00:00
|
|
|
case IFT_INFINIBAND:
|
2005-10-19 16:43:57 +00:00
|
|
|
in6 = ia->ia_addr.sin6_addr;
|
|
|
|
if (in6_get_hw_ifid(ifp, &in6) == 0 &&
|
|
|
|
IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, &in6)) {
|
|
|
|
ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED;
|
|
|
|
log(LOG_ERR, "%s: possible hardware address "
|
|
|
|
"duplication detected, disable IPv6\n",
|
|
|
|
if_name(ifp));
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
TAILQ_REMOVE(&V_dadq, (struct dadq *)dp, dad_list);
|
1999-11-22 02:45:11 +00:00
|
|
|
free(dp, M_IP6NDP);
|
|
|
|
dp = NULL;
|
2009-06-21 19:30:33 +00:00
|
|
|
ifa_free(ifa);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
static void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_ns_output(struct dadq *dp, struct ifaddr *ifa)
|
2000-07-04 16:35:15 +00:00
|
|
|
{
|
|
|
|
struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
|
|
|
|
struct ifnet *ifp = ifa->ifa_ifp;
|
|
|
|
|
|
|
|
dp->dad_ns_tcount++;
|
|
|
|
if ((ifp->if_flags & IFF_UP) == 0) {
|
|
|
|
return;
|
|
|
|
}
|
2005-08-09 10:20:02 +00:00
|
|
|
if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
|
2000-07-04 16:35:15 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
dp->dad_ns_ocount++;
|
|
|
|
nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL, 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_ns_input(struct ifaddr *ifa)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct in6_ifaddr *ia;
|
|
|
|
struct ifnet *ifp;
|
2001-06-11 12:39:29 +00:00
|
|
|
const struct in6_addr *taddr6;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct dadq *dp;
|
|
|
|
int duplicate;
|
|
|
|
|
2005-10-19 10:09:19 +00:00
|
|
|
if (ifa == NULL)
|
1999-11-22 02:45:11 +00:00
|
|
|
panic("ifa == NULL in nd6_dad_ns_input");
|
|
|
|
|
|
|
|
ia = (struct in6_ifaddr *)ifa;
|
|
|
|
ifp = ifa->ifa_ifp;
|
|
|
|
taddr6 = &ia->ia_addr.sin6_addr;
|
|
|
|
duplicate = 0;
|
|
|
|
dp = nd6_dad_find(ifa);
|
|
|
|
|
|
|
|
/* Quickhack - completely ignore DAD NS packets */
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
if (V_dad_ignore_ns) {
|
2006-12-12 12:17:58 +00:00
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
2001-06-11 12:39:29 +00:00
|
|
|
nd6log((LOG_INFO,
|
|
|
|
"nd6_dad_ns_input: ignoring DAD NS packet for "
|
2006-12-12 12:17:58 +00:00
|
|
|
"address %s(%s)\n", ip6_sprintf(ip6buf, taddr6),
|
2001-06-11 12:39:29 +00:00
|
|
|
if_name(ifa->ifa_ifp)));
|
1999-11-22 02:45:11 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* if I'm yet to start DAD, someone else started using this address
|
|
|
|
* first. I have a duplicate and you win.
|
|
|
|
*/
|
2005-10-19 10:09:19 +00:00
|
|
|
if (dp == NULL || dp->dad_ns_ocount == 0)
|
1999-11-22 02:45:11 +00:00
|
|
|
duplicate++;
|
|
|
|
|
|
|
|
/* XXX more checks for loopback situation - see nd6_dad_timer too */
|
|
|
|
|
|
|
|
if (duplicate) {
|
|
|
|
dp = NULL; /* will be freed in nd6_dad_duplicated() */
|
|
|
|
nd6_dad_duplicated(ifa);
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* not sure if I got a duplicate.
|
|
|
|
* increment ns count and see what happens.
|
|
|
|
*/
|
|
|
|
if (dp)
|
|
|
|
dp->dad_ns_icount++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
static void
|
2007-07-05 16:23:49 +00:00
|
|
|
nd6_dad_na_input(struct ifaddr *ifa)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
struct dadq *dp;
|
|
|
|
|
2005-10-19 10:09:19 +00:00
|
|
|
if (ifa == NULL)
|
1999-11-22 02:45:11 +00:00
|
|
|
panic("ifa == NULL in nd6_dad_na_input");
|
|
|
|
|
|
|
|
dp = nd6_dad_find(ifa);
|
|
|
|
if (dp)
|
|
|
|
dp->dad_na_icount++;
|
|
|
|
|
|
|
|
/* remove the address. */
|
|
|
|
nd6_dad_duplicated(ifa);
|
|
|
|
}
|