Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/netinet6/nd6.c
103823 views
1
/*-

2
 * SPDX-License-Identifier: BSD-3-Clause

3
 *

4
 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.

5
 * All rights reserved.

6
 *

7
 * Redistribution and use in source and binary forms, with or without

8
 * modification, are permitted provided that the following conditions

9
 * are met:

10
 * 1. Redistributions of source code must retain the above copyright

11
 *    notice, this list of conditions and the following disclaimer.

12
 * 2. Redistributions in binary form must reproduce the above copyright

13
 *    notice, this list of conditions and the following disclaimer in the

14
 *    documentation and/or other materials provided with the distribution.

15
 * 3. Neither the name of the project nor the names of its contributors

16
 *    may be used to endorse or promote products derived from this software

17
 *    without specific prior written permission.

18
 *

19
 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND

20
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

21
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

22
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE

23
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

24
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

25
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

26
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

27
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

28
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

29
 * SUCH DAMAGE.

30
 *

31
 *	$KAME: nd6.c,v 1.144 2001/05/24 07:44:00 itojun Exp $

32
 */

33


34
#include "opt_inet.h"

35
#include "opt_inet6.h"

36
#include "opt_route.h"

37


38
#include <sys/param.h>

39
#include <sys/systm.h>

40
#include <sys/eventhandler.h>

41
#include <sys/callout.h>

42
#include <sys/lock.h>

43
#include <sys/malloc.h>

44
#include <sys/mbuf.h>

45
#include <sys/mutex.h>

46
#include <sys/socket.h>

47
#include <sys/sockio.h>

48
#include <sys/time.h>

49
#include <sys/kernel.h>

50
#include <sys/protosw.h>

51
#include <sys/errno.h>

52
#include <sys/syslog.h>

53
#include <sys/rwlock.h>

54
#include <sys/queue.h>

55
#include <sys/sdt.h>

56
#include <sys/sysctl.h>

57


58
#include <net/if.h>

59
#include <net/if_var.h>

60
#include <net/if_dl.h>

61
#include <net/if_private.h>

62
#include <net/if_types.h>

63
#include <net/route.h>

64
#include <net/route/route_ctl.h>

65
#include <net/route/nhop.h>

66
#include <net/vnet.h>

67


68
#include <netinet/in.h>

69
#include <netinet/in_kdtrace.h>

70
#include <net/if_llatbl.h>

71
#include <netinet/if_ether.h>

72
#include <netinet6/in6_fib.h>

73
#include <netinet6/in6_var.h>

74
#include <netinet/ip6.h>

75
#include <netinet6/ip6_var.h>

76
#include <netinet6/scope6_var.h>

77
#include <netinet6/nd6.h>

78
#include <netinet6/in6_ifattach.h>

79
#include <netinet/icmp6.h>

80
#include <netinet6/send.h>

81


82
#include <sys/limits.h>

83


84
#include <security/mac/mac_framework.h>

85


86
#define	ND6_PREFIX_WITH_ROUTER(pr)	!LIST_EMPTY(&(pr)->ndpr_advrtrs)

87


88
#define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */

89
#define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */

90


91
VNET_DEFINE_STATIC(int, nd6_prune) = 1;

92
#define	V_nd6_prune	VNET(nd6_prune)

93
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, nd6_prune,

94
    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_prune), 0,

95
    "Frequency in seconds of checks for expired prefixes and routers");

96


97
VNET_DEFINE_STATIC(int, nd6_delay) = 5;

98
#define	V_nd6_delay	VNET(nd6_delay)

99
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, nd6_delay,

100
    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_delay), 0,

101
    "Delay in seconds before probing for reachability");

102


103
VNET_DEFINE_STATIC(int, nd6_umaxtries) = 3;

104
#define	V_nd6_umaxtries	VNET(nd6_umaxtries)

105
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, nd6_umaxtries,

106
    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_umaxtries), 0,

107
    "Number of ICMPv6 NS messages sent during reachability detection");

108


109
VNET_DEFINE(int, nd6_mmaxtries) = 3;

110
#define	V_nd6_mmaxtries	VNET(nd6_mmaxtries)

111
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, nd6_mmaxtries,

112
    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_mmaxtries), 0,

113
    "Number of ICMPv6 NS messages sent during address resolution");

114


115
VNET_DEFINE_STATIC(int, nd6_gctimer) = (60 * 60 * 24); /* 1 day: garbage

116
							* collection timer */

117
#define	V_nd6_gctimer	VNET(nd6_gctimer)

118


119
/* preventing too many loops in ND option parsing */

120
VNET_DEFINE_STATIC(int, nd6_maxndopt) = 10; /* max # of ND options allowed */

121


122
VNET_DEFINE_STATIC(int, nd6_maxqueuelen) = 16; /* max pkts cached in unresolved

123
					 * ND entries */

124
#define	V_nd6_maxndopt			VNET(nd6_maxndopt)

125
#define	V_nd6_maxqueuelen		VNET(nd6_maxqueuelen)

126


127
#ifdef ND6_DEBUG

128
VNET_DEFINE(int, nd6_debug) = 1;

129
#else

130
VNET_DEFINE(int, nd6_debug) = 0;

131
#endif

132
#define	V_nd6_debug	VNET(nd6_debug)

133
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, nd6_debug,

134
    CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_debug), 0,

135
    "Log NDP debug messages");

136


137
static eventhandler_tag lle_event_eh, iflladdr_event_eh, ifnet_link_event_eh;

138


139
VNET_DEFINE(struct nd_prhead, nd_prefix);

140
VNET_DEFINE(struct rwlock, nd6_lock);

141
VNET_DEFINE(uint64_t, nd6_list_genid);

142
VNET_DEFINE(struct mtx, nd6_onlink_mtx);

143


144
VNET_DEFINE(int, nd6_recalc_reachtm_interval) = ND6_RECALC_REACHTM_INTERVAL;

145
#define	V_nd6_recalc_reachtm_interval	VNET(nd6_recalc_reachtm_interval)

146


147
int	(*send_sendso_input_hook)(struct mbuf *, struct ifnet *, int, int);

148


149
static bool nd6_is_new_addr_neighbor(const struct sockaddr_in6 *,

150
	struct ifnet *);

151
static void nd6_slowtimo(void *);

152
static int regen_tmpaddr(struct in6_ifaddr *);

153
static void nd6_free(struct llentry **, int);

154
static void nd6_free_redirect(const struct llentry *);

155
static void nd6_llinfo_timer(void *);

156
static void nd6_llinfo_settimer_locked(struct llentry *, long);

157
static int nd6_resolve_slow(struct ifnet *, int, int, struct mbuf *,

158
    const struct sockaddr_in6 *, u_char *, uint32_t *, struct llentry **);

159
static int nd6_need_cache(struct ifnet *);

160


161
VNET_DEFINE_STATIC(struct callout, nd6_slowtimo_ch);

162
#define	V_nd6_slowtimo_ch		VNET(nd6_slowtimo_ch)

163


164
VNET_DEFINE_STATIC(struct callout, nd6_timer_ch);

165
#define	V_nd6_timer_ch			VNET(nd6_timer_ch)

166


167
static void

168
nd6_lle_event(void *arg __unused, struct llentry *lle, int evt)

169
{

170
	struct rt_addrinfo rtinfo;

171
	struct sockaddr_in6 dst;

172
	struct sockaddr_dl gw;

173
	struct ifnet *ifp;

174
	int type;

175
	int fibnum;

176


177
	LLE_WLOCK_ASSERT(lle);

178


179
	if (lltable_get_af(lle->lle_tbl) != AF_INET6)

180
		return;

181


182
	switch (evt) {

183
	case LLENTRY_RESOLVED:

184
		type = RTM_ADD;

185
		KASSERT(lle->la_flags & LLE_VALID,

186
		    ("%s: %p resolved but not valid?", __func__, lle));

187
		break;

188
	case LLENTRY_EXPIRED:

189
		type = RTM_DELETE;

190
		break;

191
	default:

192
		return;

193
	}

194


195
	ifp = lltable_get_ifp(lle->lle_tbl);

196


197
	bzero(&dst, sizeof(dst));

198
	bzero(&gw, sizeof(gw));

199
	bzero(&rtinfo, sizeof(rtinfo));

200
	lltable_fill_sa_entry(lle, (struct sockaddr *)&dst);

201
	dst.sin6_scope_id = in6_getscopezone(ifp,

202
	    in6_addrscope(&dst.sin6_addr));

203
	gw.sdl_len = sizeof(struct sockaddr_dl);

204
	gw.sdl_family = AF_LINK;

205
	gw.sdl_alen = ifp->if_addrlen;

206
	gw.sdl_index = ifp->if_index;

207
	gw.sdl_type = ifp->if_type;

208
	if (evt == LLENTRY_RESOLVED)

209
		bcopy(lle->ll_addr, gw.sdl_data, ifp->if_addrlen);

210
	rtinfo.rti_info[RTAX_DST] = (struct sockaddr *)&dst;

211
	rtinfo.rti_info[RTAX_GATEWAY] = (struct sockaddr *)&gw;

212
	rtinfo.rti_addrs = RTA_DST | RTA_GATEWAY;

213
	fibnum = V_rt_add_addr_allfibs ? RT_ALL_FIBS : ifp->if_fib;

214
	rt_missmsg_fib(type, &rtinfo, RTF_HOST | RTF_LLDATA | (

215
	    type == RTM_ADD ? RTF_UP: 0), 0, fibnum);

216
}

217


218
/*

219
 * A handler for interface link layer address change event.

220
 */

221
static void

222
nd6_iflladdr(void *arg __unused, struct ifnet *ifp)

223
{

224
	/* XXXGL: ??? */

225
	if (ifp->if_inet6 == NULL)

226
		return;

227


228
	lltable_update_ifaddr(LLTABLE6(ifp));

229
}

230


231
void

232
nd6_init(void)

233
{

234


235
	mtx_init(&V_nd6_onlink_mtx, "nd6 onlink", NULL, MTX_DEF);

236
	rw_init(&V_nd6_lock, "nd6 list");

237


238
	LIST_INIT(&V_nd_prefix);

239
	nd6_defrouter_init();

240


241
	/* Start timers. */

242
	callout_init(&V_nd6_slowtimo_ch, 1);

243
	callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz,

244
	    nd6_slowtimo, curvnet);

245


246
	callout_init(&V_nd6_timer_ch, 1);

247
	callout_reset(&V_nd6_timer_ch, hz, nd6_timer, curvnet);

248


249
	nd6_dad_init();

250
	if (IS_DEFAULT_VNET(curvnet)) {

251
		lle_event_eh = EVENTHANDLER_REGISTER(lle_event, nd6_lle_event,

252
		    NULL, EVENTHANDLER_PRI_ANY);

253
		iflladdr_event_eh = EVENTHANDLER_REGISTER(iflladdr_event,

254
		    nd6_iflladdr, NULL, EVENTHANDLER_PRI_ANY);

255
		ifnet_link_event_eh = EVENTHANDLER_REGISTER(ifnet_link_event,

256
		    nd6_ifnet_link_event, NULL, EVENTHANDLER_PRI_ANY);

257
	}

258
}

259


260
#ifdef VIMAGE

261
void

262
nd6_destroy(void)

263
{

264


265
	callout_drain(&V_nd6_slowtimo_ch);

266
	callout_drain(&V_nd6_timer_ch);

267
	if (IS_DEFAULT_VNET(curvnet)) {

268
		EVENTHANDLER_DEREGISTER(ifnet_link_event, ifnet_link_event_eh);

269
		EVENTHANDLER_DEREGISTER(lle_event, lle_event_eh);

270
		EVENTHANDLER_DEREGISTER(iflladdr_event, iflladdr_event_eh);

271
	}

272
	rw_destroy(&V_nd6_lock);

273
	mtx_destroy(&V_nd6_onlink_mtx);

274
}

275
#endif

276


277
void

278
nd6_ifattach(struct ifnet *ifp)

279
{

280
	struct in6_ifextra *nd = ifp->if_inet6;

281


282
	nd->nd_linkmtu = 0;

283
	nd->nd_maxmtu = ifp->if_mtu;

284
	nd->nd_basereachable = REACHABLE_TIME;

285
	nd->nd_reachable = ND_COMPUTE_RTIME(nd->nd_basereachable);

286
	nd->nd_retrans = RETRANS_TIMER;

287
	nd->nd_recalc_timer = 0;

288
	nd->nd_dad_failures = 0;

289
	nd->nd_curhoplimit = IPV6_DEFHLIM;

290


291
	nd->nd_flags = ND6_IFF_PERFORMNUD;

292


293
	/* Set IPv6 disabled on all interfaces but loopback by default. */

294
	if ((ifp->if_flags & IFF_LOOPBACK) == 0) {

295
		nd->nd_flags |= ND6_IFF_IFDISABLED;

296
		if (V_ip6_no_radr)

297
			nd->nd_flags |= ND6_IFF_NO_RADR;

298
		if (V_ip6_use_stableaddr)

299
			nd->nd_flags |= ND6_IFF_STABLEADDR;

300
	}

301


302
	/* A loopback interface always has ND6_IFF_AUTO_LINKLOCAL.

303
	 * XXXHRS: Clear ND6_IFF_AUTO_LINKLOCAL on an IFT_BRIDGE interface by

304
	 * default regardless of the V_ip6_auto_linklocal configuration to

305
	 * give a reasonable default behavior.

306
	 */

307
	if ((V_ip6_auto_linklocal && ifp->if_type != IFT_BRIDGE &&

308
	    ifp->if_type != IFT_WIREGUARD) || (ifp->if_flags & IFF_LOOPBACK))

309
		nd->nd_flags |= ND6_IFF_AUTO_LINKLOCAL;

310
	/*

311
	 * A loopback interface does not need to accept RTADV.

312
	 * XXXHRS: Clear ND6_IFF_ACCEPT_RTADV on an IFT_BRIDGE interface by

313
	 * default regardless of the V_ip6_accept_rtadv configuration to

314
	 * prevent the interface from accepting RA messages arrived

315
	 * on one of the member interfaces with ND6_IFF_ACCEPT_RTADV.

316
	 */

317
	if (V_ip6_accept_rtadv &&

318
	    !(ifp->if_flags & IFF_LOOPBACK) &&

319
	    (ifp->if_type != IFT_BRIDGE)) {

320
			nd->nd_flags |= ND6_IFF_ACCEPT_RTADV;

321
			/* If we globally accept rtadv, assume IPv6 on. */

322
			nd->nd_flags &= ~ND6_IFF_IFDISABLED;

323
	}

324
}

325


326
void

327
nd6_ifdetach(struct ifnet *ifp)

328
{

329
	struct epoch_tracker et;

330
	struct ifaddr *ifa, *next;

331


332
	NET_EPOCH_ENTER(et);

333
	CK_STAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, next) {

334
		if (ifa->ifa_addr->sa_family != AF_INET6)

335
			continue;

336


337
		/* stop DAD processing */

338
		nd6_dad_stop(ifa);

339
	}

340
	NET_EPOCH_EXIT(et);

341
}

342


343
/*

344
 * Reset ND level link MTU. This function is called when the physical MTU

345
 * changes, which means we might have to adjust the ND level MTU.

346
 * XXX todo: do not maintain copy of ifp->if_mtu in if_inet6->nd_maxmtu.

347
 */

348
void

349
nd6_setmtu(struct ifnet *ifp)

350
{

351
	struct in6_ifextra *ndi = ifp->if_inet6;

352
	uint32_t omaxmtu;

353


354
	/* XXXGL: safety against IFT_PFSYNC & IFT_PFLOG */

355
	if (ndi == NULL)

356
		return;

357


358
	omaxmtu = ndi->nd_maxmtu;

359
	ndi->nd_maxmtu = ifp->if_mtu;

360


361
	/*

362
	 * Decreasing the interface MTU under IPV6 minimum MTU may cause

363
	 * undesirable situation.  We thus notify the operator of the change

364
	 * explicitly.  The check for omaxmtu is necessary to restrict the

365
	 * log to the case of changing the MTU, not initializing it.

366
	 */

367
	if (omaxmtu >= IPV6_MMTU && ndi->nd_maxmtu < IPV6_MMTU) {

368
		log(LOG_NOTICE, "%s: "

369
		    "new link MTU on %s (%lu) is too small for IPv6\n",

370
		    __func__, if_name(ifp), (unsigned long)ndi->nd_maxmtu);

371
	}

372
}

373


374
void

375
nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts)

376
{

377


378
	bzero(ndopts, sizeof(*ndopts));

379
	ndopts->nd_opts_search = (struct nd_opt_hdr *)opt;

380
	ndopts->nd_opts_last

381
		= (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len);

382


383
	if (icmp6len == 0) {

384
		ndopts->nd_opts_done = 1;

385
		ndopts->nd_opts_search = NULL;

386
	}

387
}

388


389
/*

390
 * Take one ND option.

391
 */

392
struct nd_opt_hdr *

393
nd6_option(union nd_opts *ndopts)

394
{

395
	struct nd_opt_hdr *nd_opt;

396
	int olen;

397


398
	KASSERT(ndopts != NULL, ("%s: ndopts == NULL", __func__));

399
	KASSERT(ndopts->nd_opts_last != NULL, ("%s: uninitialized ndopts",

400
	    __func__));

401
	if (ndopts->nd_opts_search == NULL)

402
		return NULL;

403
	if (ndopts->nd_opts_done)

404
		return NULL;

405


406
	nd_opt = ndopts->nd_opts_search;

407


408
	/* make sure nd_opt_len is inside the buffer */

409
	if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) {

410
		bzero(ndopts, sizeof(*ndopts));

411
		return NULL;

412
	}

413


414
	olen = nd_opt->nd_opt_len << 3;

415
	if (olen == 0) {

416
		/*

417
		 * Message validation requires that all included

418
		 * options have a length that is greater than zero.

419
		 */

420
		bzero(ndopts, sizeof(*ndopts));

421
		return NULL;

422
	}

423


424
	ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen);

425
	if (ndopts->nd_opts_search > ndopts->nd_opts_last) {

426
		/* option overruns the end of buffer, invalid */

427
		bzero(ndopts, sizeof(*ndopts));

428
		return NULL;

429
	} else if (ndopts->nd_opts_search == ndopts->nd_opts_last) {

430
		/* reached the end of options chain */

431
		ndopts->nd_opts_done = 1;

432
		ndopts->nd_opts_search = NULL;

433
	}

434
	return nd_opt;

435
}

436


437
/*

438
 * Parse multiple ND options.

439
 * This function is much easier to use, for ND routines that do not need

440
 * multiple options of the same type.

441
 */

442
int

443
nd6_options(union nd_opts *ndopts)

444
{

445
	struct nd_opt_hdr *nd_opt;

446
	int i = 0;

447


448
	KASSERT(ndopts != NULL, ("%s: ndopts == NULL", __func__));

449
	KASSERT(ndopts->nd_opts_last != NULL, ("%s: uninitialized ndopts",

450
	    __func__));

451
	if (ndopts->nd_opts_search == NULL)

452
		return 0;

453


454
	while (1) {

455
		nd_opt = nd6_option(ndopts);

456
		if (nd_opt == NULL && ndopts->nd_opts_last == NULL) {

457
			/*

458
			 * Message validation requires that all included

459
			 * options have a length that is greater than zero.

460
			 */

461
			ICMP6STAT_INC(icp6s_nd_badopt);

462
			bzero(ndopts, sizeof(*ndopts));

463
			return -1;

464
		}

465


466
		if (nd_opt == NULL)

467
			goto skip1;

468


469
		switch (nd_opt->nd_opt_type) {

470
		case ND_OPT_SOURCE_LINKADDR:

471
		case ND_OPT_TARGET_LINKADDR:

472
		case ND_OPT_MTU:

473
		case ND_OPT_REDIRECTED_HEADER:

474
		case ND_OPT_NONCE:

475
			if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {

476
				nd6log((LOG_INFO,

477
				    "duplicated ND6 option found (type=%d)\n",

478
				    nd_opt->nd_opt_type));

479
				/* XXX bark? */

480
			} else {

481
				ndopts->nd_opt_array[nd_opt->nd_opt_type]

482
					= nd_opt;

483
			}

484
			break;

485
		case ND_OPT_PREFIX_INFORMATION:

486
			if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) {

487
				ndopts->nd_opt_array[nd_opt->nd_opt_type]

488
					= nd_opt;

489
			}

490
			ndopts->nd_opts_pi_end =

491
				(struct nd_opt_prefix_info *)nd_opt;

492
			break;

493
		/* What about ND_OPT_ROUTE_INFO? RFC 4191 */

494
		case ND_OPT_RDNSS:	/* RFC 6106 */

495
		case ND_OPT_DNSSL:	/* RFC 6106 */

496
			/*

497
			 * Silently ignore options we know and do not care about

498
			 * in the kernel.

499
			 */

500
			break;

501
		default:

502
			/*

503
			 * Unknown options must be silently ignored,

504
			 * to accommodate future extension to the protocol.

505
			 */

506
			nd6log((LOG_DEBUG,

507
			    "nd6_options: unsupported option %d - "

508
			    "option ignored\n", nd_opt->nd_opt_type));

509
		}

510


511
skip1:

512
		i++;

513
		if (i > V_nd6_maxndopt) {

514
			ICMP6STAT_INC(icp6s_nd_toomanyopt);

515
			nd6log((LOG_INFO, "too many loop in nd opt\n"));

516
			break;

517
		}

518


519
		if (ndopts->nd_opts_done)

520
			break;

521
	}

522


523
	return 0;

524
}

525


526
/*

527
 * ND6 timer routine to handle ND6 entries

528
 */

529
static void

530
nd6_llinfo_settimer_locked(struct llentry *ln, long tick)

531
{

532
	int canceled;

533


534
	LLE_WLOCK_ASSERT(ln);

535


536
	/* Do not schedule timers for child LLEs. */

537
	if (ln->la_flags & LLE_CHILD)

538
		return;

539


540
	if (tick < 0) {

541
		ln->la_expire = 0;

542
		ln->ln_ntick = 0;

543
		canceled = callout_stop(&ln->lle_timer);

544
	} else {

545
		ln->la_expire = time_uptime + tick / hz;

546
		LLE_ADDREF(ln);

547
		if (tick > INT_MAX) {

548
			ln->ln_ntick = tick - INT_MAX;

549
			canceled = callout_reset(&ln->lle_timer, INT_MAX,

550
			    nd6_llinfo_timer, ln);

551
		} else {

552
			ln->ln_ntick = 0;

553
			canceled = callout_reset(&ln->lle_timer, tick,

554
			    nd6_llinfo_timer, ln);

555
		}

556
	}

557
	if (canceled > 0)

558
		LLE_REMREF(ln);

559
}

560


561
/*

562
 * Gets source address of the first packet in hold queue

563
 * and stores it in @src.

564
 * Returns pointer to @src (if hold queue is not empty) or NULL.

565
 *

566
 * Set noinline to be dtrace-friendly

567
 */

568
static __noinline struct in6_addr *

569
nd6_llinfo_get_holdsrc(struct llentry *ln, struct in6_addr *src)

570
{

571
	struct ip6_hdr hdr;

572
	struct mbuf *m;

573


574
	if (ln->la_hold == NULL)

575
		return (NULL);

576


577
	/*

578
	 * assume every packet in la_hold has the same IP header

579
	 */

580
	m = ln->la_hold;

581
	if (sizeof(hdr) > m->m_len)

582
		return (NULL);

583


584
	m_copydata(m, 0, sizeof(hdr), (caddr_t)&hdr);

585
	*src = hdr.ip6_src;

586


587
	return (src);

588
}

589


590
/*

591
 * Checks if we need to switch from STALE state.

592
 *

593
 * RFC 4861 requires switching from STALE to DELAY state

594
 * on first packet matching entry, waiting V_nd6_delay and

595
 * transition to PROBE state (if upper layer confirmation was

596
 * not received).

597
 *

598
 * This code performs a bit differently:

599
 * On packet hit we don't change state (but desired state

600
 * can be guessed by control plane). However, after V_nd6_delay

601
 * seconds code will transition to PROBE state (so DELAY state

602
 * is kinda skipped in most situations).

603
 *

604
 * Typically, V_nd6_gctimer is bigger than V_nd6_delay, so

605
 * we perform the following upon entering STALE state:

606
 *

607
 * 1) Arm timer to run each V_nd6_delay seconds to make sure that

608
 * if packet was transmitted at the start of given interval, we

609
 * would be able to switch to PROBE state in V_nd6_delay seconds

610
 * as user expects.

611
 *

612
 * 2) Reschedule timer until original V_nd6_gctimer expires keeping

613
 * lle in STALE state (remaining timer value stored in lle_remtime).

614
 *

615
 * 3) Reschedule timer if packet was transmitted less that V_nd6_delay

616
 * seconds ago.

617
 *

618
 * Returns non-zero value if the entry is still STALE (storing

619
 * the next timer interval in @pdelay).

620
 *

621
 * Returns zero value if original timer expired or we need to switch to

622
 * PROBE (store that in @do_switch variable).

623
 */

624
static int

625
nd6_is_stale(struct llentry *lle, long *pdelay, int *do_switch)

626
{

627
	int nd_delay, nd_gctimer;

628
	time_t lle_hittime;

629
	long delay;

630


631
	*do_switch = 0;

632
	nd_gctimer = V_nd6_gctimer;

633
	nd_delay = V_nd6_delay;

634


635
	lle_hittime = llentry_get_hittime(lle);

636


637
	if (lle_hittime == 0) {

638
		/*

639
		 * Datapath feedback has been requested upon entering

640
		 * STALE state. No packets has been passed using this lle.

641
		 * Ask for the timer reschedule and keep STALE state.

642
		 */

643
		delay = (long)(MIN(nd_gctimer, nd_delay));

644
		delay *= hz;

645
		if (lle->lle_remtime > delay)

646
			lle->lle_remtime -= delay;

647
		else {

648
			delay = lle->lle_remtime;

649
			lle->lle_remtime = 0;

650
		}

651


652
		if (delay == 0) {

653
			/*

654
			 * The original ng6_gctime timeout ended,

655
			 * no more rescheduling.

656
			 */

657
			return (0);

658
		}

659


660
		*pdelay = delay;

661
		return (1);

662
	}

663


664
	/*

665
	 * Packet received. Verify timestamp

666
	 */

667
	delay = (long)(time_uptime - lle_hittime);

668
	if (delay < nd_delay) {

669
		/*

670
		 * V_nd6_delay still not passed since the first

671
		 * hit in STALE state.

672
		 * Reschedule timer and return.

673
		 */

674
		*pdelay = (long)(nd_delay - delay) * hz;

675
		return (1);

676
	}

677


678
	/* Request switching to probe */

679
	*do_switch = 1;

680
	return (0);

681
}

682


683
/*

684
 * Switch @lle state to new state optionally arming timers.

685
 *

686
 * Set noinline to be dtrace-friendly

687
 */

688
__noinline void

689
nd6_llinfo_setstate(struct llentry *lle, int newstate)

690
{

691
	struct ifnet *ifp;

692
	int nd_gctimer, nd_delay;

693
	long delay, remtime;

694


695
	delay = 0;

696
	remtime = 0;

697


698
	switch (newstate) {

699
	case ND6_LLINFO_INCOMPLETE:

700
		ifp = lle->lle_tbl->llt_ifp;

701
		delay = (long)ifp->if_inet6->nd_retrans * hz / 1000;

702
		break;

703
	case ND6_LLINFO_REACHABLE:

704
		if (!ND6_LLINFO_PERMANENT(lle)) {

705
			ifp = lle->lle_tbl->llt_ifp;

706
			delay = (long)ifp->if_inet6->nd_reachable * hz;

707
		}

708
		break;

709
	case ND6_LLINFO_STALE:

710


711
		llentry_request_feedback(lle);

712
		nd_delay = V_nd6_delay;

713
		nd_gctimer = V_nd6_gctimer;

714


715
		delay = (long)(MIN(nd_gctimer, nd_delay)) * hz;

716
		remtime = (long)nd_gctimer * hz - delay;

717
		break;

718
	case ND6_LLINFO_DELAY:

719
		lle->la_asked = 0;

720
		delay = (long)V_nd6_delay * hz;

721
		break;

722
	}

723


724
	if (delay > 0)

725
		nd6_llinfo_settimer_locked(lle, delay);

726


727
	lle->lle_remtime = remtime;

728
	lle->ln_state = newstate;

729
}

730


731
/*

732
 * Timer-dependent part of nd state machine.

733
 *

734
 * Set noinline to be dtrace-friendly

735
 */

736
static __noinline void

737
nd6_llinfo_timer(void *arg)

738
{

739
	struct epoch_tracker et;

740
	struct llentry *ln;

741
	struct in6_addr *dst, *pdst, *psrc, src;

742
	struct ifnet *ifp;

743
	struct in6_ifextra *ndi;

744
	int do_switch, send_ns;

745
	long delay;

746


747
	KASSERT(arg != NULL, ("%s: arg NULL", __func__));

748
	ln = (struct llentry *)arg;

749
	ifp = lltable_get_ifp(ln->lle_tbl);

750
	CURVNET_SET(ifp->if_vnet);

751


752
	ND6_RLOCK();

753
	LLE_WLOCK(ln);

754
	if (callout_pending(&ln->lle_timer)) {

755
		/*

756
		 * Here we are a bit odd here in the treatment of 

757
		 * active/pending. If the pending bit is set, it got

758
		 * rescheduled before I ran. The active

759
		 * bit we ignore, since if it was stopped

760
		 * in ll_tablefree() and was currently running

761
		 * it would have return 0 so the code would

762
		 * not have deleted it since the callout could

763
		 * not be stopped so we want to go through

764
		 * with the delete here now. If the callout

765
		 * was restarted, the pending bit will be back on and

766
		 * we just want to bail since the callout_reset would

767
		 * return 1 and our reference would have been removed

768
		 * by nd6_llinfo_settimer_locked above since canceled

769
		 * would have been 1.

770
		 */

771
		LLE_WUNLOCK(ln);

772
		ND6_RUNLOCK();

773
		CURVNET_RESTORE();

774
		return;

775
	}

776
	NET_EPOCH_ENTER(et);

777
	ndi = ifp->if_inet6;

778
	send_ns = 0;

779
	dst = &ln->r_l3addr.addr6;

780
	pdst = dst;

781


782
	if (ln->ln_ntick > 0) {

783
		if (ln->ln_ntick > INT_MAX) {

784
			ln->ln_ntick -= INT_MAX;

785
			nd6_llinfo_settimer_locked(ln, INT_MAX);

786
		} else {

787
			ln->ln_ntick = 0;

788
			nd6_llinfo_settimer_locked(ln, ln->ln_ntick);

789
		}

790
		goto done;

791
	}

792


793
	if (ln->la_flags & LLE_STATIC) {

794
		goto done;

795
	}

796


797
	if (ln->la_flags & LLE_DELETED) {

798
		nd6_free(&ln, 0);

799
		goto done;

800
	}

801


802
	switch (ln->ln_state) {

803
	case ND6_LLINFO_INCOMPLETE:

804
		if (ln->la_asked < V_nd6_mmaxtries) {

805
			ln->la_asked++;

806
			send_ns = 1;

807
			/* Send NS to multicast address */

808
			pdst = NULL;

809
		} else {

810
			struct mbuf *m;

811


812
			ICMP6STAT_ADD(icp6s_dropped, ln->la_numheld);

813


814
			m = ln->la_hold;

815
			if (m != NULL) {

816
				/*

817
				 * assuming every packet in la_hold has the

818
				 * same IP header.  Send error after unlock.

819
				 */

820
				ln->la_hold = m->m_nextpkt;

821
				m->m_nextpkt = NULL;

822
				ln->la_numheld--;

823
			}

824
			nd6_free(&ln, 0);

825
			if (m != NULL) {

826
				struct mbuf *n = m;

827


828
				/*

829
				 * if there are any ummapped mbufs, we

830
				 * must free them, rather than using

831
				 * them for an ICMP, as they cannot be

832
				 * checksummed.

833
				 */

834
				while ((n = n->m_next) != NULL) {

835
					if (n->m_flags & M_EXTPG)

836
						break;

837
				}

838
				if (n != NULL) {

839
					m_freem(m);

840
					m = NULL;

841
				} else {

842
					icmp6_error2(m, ICMP6_DST_UNREACH,

843
					    ICMP6_DST_UNREACH_ADDR, 0, ifp);

844
				}

845
			}

846
		}

847
		break;

848
	case ND6_LLINFO_REACHABLE:

849
		if (!ND6_LLINFO_PERMANENT(ln))

850
			nd6_llinfo_setstate(ln, ND6_LLINFO_STALE);

851
		break;

852


853
	case ND6_LLINFO_STALE:

854
		if (nd6_is_stale(ln, &delay, &do_switch) != 0) {

855
			/*

856
			 * No packet has used this entry and GC timeout

857
			 * has not been passed. Reschedule timer and

858
			 * return.

859
			 */

860
			nd6_llinfo_settimer_locked(ln, delay);

861
			break;

862
		}

863


864
		if (do_switch == 0) {

865
			/*

866
			 * GC timer has ended and entry hasn't been used.

867
			 * Run Garbage collector (RFC 4861, 5.3)

868
			 */

869
			if (!ND6_LLINFO_PERMANENT(ln))

870
				nd6_free(&ln, 1);

871
			break;

872
		}

873


874
		/* Entry has been used AND delay timer has ended. */

875


876
		/* FALLTHROUGH */

877


878
	case ND6_LLINFO_DELAY:

879
		if ((ndi->nd_flags & ND6_IFF_PERFORMNUD) != 0) {

880
			/* We need NUD */

881
			ln->la_asked = 1;

882
			nd6_llinfo_setstate(ln, ND6_LLINFO_PROBE);

883
			send_ns = 1;

884
		} else

885
			nd6_llinfo_setstate(ln, ND6_LLINFO_STALE); /* XXX */

886
		break;

887
	case ND6_LLINFO_PROBE:

888
		if (ln->la_asked < V_nd6_umaxtries) {

889
			ln->la_asked++;

890
			send_ns = 1;

891
		} else {

892
			nd6_free(&ln, 0);

893
		}

894
		break;

895
	default:

896
		panic("%s: paths in a dark night can be confusing: %d",

897
		    __func__, ln->ln_state);

898
	}

899
done:

900
	if (ln != NULL)

901
		ND6_RUNLOCK();

902
	if (send_ns != 0) {

903
		nd6_llinfo_settimer_locked(ln,

904
		    (long)ndi->nd_retrans * hz / 1000);

905
		psrc = nd6_llinfo_get_holdsrc(ln, &src);

906
		LLE_FREE_LOCKED(ln);

907
		ln = NULL;

908
		nd6_ns_output(ifp, psrc, pdst, dst, NULL);

909
	}

910


911
	if (ln != NULL)

912
		LLE_FREE_LOCKED(ln);

913
	NET_EPOCH_EXIT(et);

914
	CURVNET_RESTORE();

915
}

916


917
/*

918
 * ND6 timer routine to expire default route list and prefix list

919
 */

920
void

921
nd6_timer(void *arg)

922
{

923
	CURVNET_SET((struct vnet *) arg);

924
	struct epoch_tracker et;

925
	struct nd_prhead prl;

926
	struct nd_prefix *pr, *npr;

927
	struct ifnet *ifp;

928
	struct in6_ifaddr *ia6, *nia6;

929
	uint64_t genid;

930


931
	LIST_INIT(&prl);

932


933
	NET_EPOCH_ENTER(et);

934
	nd6_defrouter_timer();

935


936
	/*

937
	 * expire interface addresses.

938
	 * in the past the loop was inside prefix expiry processing.

939
	 * However, from a stricter speci-confrmance standpoint, we should

940
	 * rather separate address lifetimes and prefix lifetimes.

941
	 *

942
	 * XXXRW: in6_ifaddrhead locking.

943
	 */

944
  addrloop:

945
	CK_STAILQ_FOREACH_SAFE(ia6, &V_in6_ifaddrhead, ia_link, nia6) {

946
		/* check address lifetime */

947
		if (IFA6_IS_INVALID(ia6)) {

948
			int regen = 0;

949


950
			/*

951
			 * If the expiring address is temporary, try

952
			 * regenerating a new one.  This would be useful when

953
			 * we suspended a laptop PC, then turned it on after a

954
			 * period that could invalidate all temporary

955
			 * addresses.  Although we may have to restart the

956
			 * loop (see below), it must be after purging the

957
			 * address.  Otherwise, we'd see an infinite loop of

958
			 * regeneration.

959
			 */

960
			if (V_ip6_use_tempaddr &&

961
			    (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) {

962
				if (regen_tmpaddr(ia6) == 0)

963
					regen = 1;

964
			}

965


966
			in6_purgeaddr(&ia6->ia_ifa);

967


968
			if (regen)

969
				goto addrloop; /* XXX: see below */

970
		} else if (IFA6_IS_DEPRECATED(ia6)) {

971
			int oldflags = ia6->ia6_flags;

972


973
			ia6->ia6_flags |= IN6_IFF_DEPRECATED;

974


975
			/*

976
			 * If a temporary address has just become deprecated,

977
			 * regenerate a new one if possible.

978
			 */

979
			if (V_ip6_use_tempaddr &&

980
			    (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 &&

981
			    (oldflags & IN6_IFF_DEPRECATED) == 0) {

982
				if (regen_tmpaddr(ia6) == 0) {

983
					/*

984
					 * A new temporary address is

985
					 * generated.

986
					 * XXX: this means the address chain

987
					 * has changed while we are still in

988
					 * the loop.  Although the change

989
					 * would not cause disaster (because

990
					 * it's not a deletion, but an

991
					 * addition,) we'd rather restart the

992
					 * loop just for safety.  Or does this

993
					 * significantly reduce performance??

994
					 */

995
					goto addrloop;

996
				}

997
			}

998
		} else if ((ia6->ia6_flags & IN6_IFF_TENTATIVE) != 0) {

999
			/*

1000
			 * Schedule DAD for a tentative address.  This happens

1001
			 * if the interface was down or not running

1002
			 * when the address was configured.

1003
			 */

1004
			int delay;

1005


1006
			delay = arc4random() %

1007
			    (MAX_RTR_SOLICITATION_DELAY * hz);

1008
			nd6_dad_start((struct ifaddr *)ia6, delay);

1009
		} else {

1010
			/*

1011
			 * Check status of the interface.  If it is down,

1012
			 * mark the address as tentative for future DAD.

1013
			 */

1014
			ifp = ia6->ia_ifp;

1015
			if ((ifp->if_inet6->nd_flags & ND6_IFF_NO_DAD) == 0 &&

1016
			    ((ifp->if_flags & IFF_UP) == 0 ||

1017
			    (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||

1018
			    (ifp->if_inet6->nd_flags & ND6_IFF_IFDISABLED))){

1019
				ia6->ia6_flags &= ~IN6_IFF_DUPLICATED;

1020
				ia6->ia6_flags |= IN6_IFF_TENTATIVE;

1021
			}

1022


1023
			/*

1024
			 * A new RA might have made a deprecated address

1025
			 * preferred.

1026
			 */

1027
			ia6->ia6_flags &= ~IN6_IFF_DEPRECATED;

1028
		}

1029
	}

1030
	NET_EPOCH_EXIT(et);

1031


1032
	ND6_WLOCK();

1033
restart:

1034
	LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) {

1035
		/*

1036
		 * Expire prefixes. Since the pltime is only used for

1037
		 * autoconfigured addresses, pltime processing for prefixes is

1038
		 * not necessary.

1039
		 *

1040
		 * Only unlink after all derived addresses have expired. This

1041
		 * may not occur until two hours after the prefix has expired

1042
		 * per RFC 4862. If the prefix expires before its derived

1043
		 * addresses, mark it off-link. This will be done automatically

1044
		 * after unlinking if no address references remain.

1045
		 */

1046
		if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME ||

1047
		    time_uptime - pr->ndpr_lastupdate <= pr->ndpr_vltime)

1048
			continue;

1049


1050
		if (pr->ndpr_addrcnt == 0) {

1051
			nd6_prefix_unlink(pr, &prl);

1052
			continue;

1053
		}

1054
		if ((pr->ndpr_stateflags & NDPRF_ONLINK) != 0) {

1055
			genid = V_nd6_list_genid;

1056
			nd6_prefix_ref(pr);

1057
			ND6_WUNLOCK();

1058
			ND6_ONLINK_LOCK();

1059
			(void)nd6_prefix_offlink(pr);

1060
			ND6_ONLINK_UNLOCK();

1061
			ND6_WLOCK();

1062
			nd6_prefix_rele(pr);

1063
			if (genid != V_nd6_list_genid)

1064
				goto restart;

1065
		}

1066
	}

1067
	ND6_WUNLOCK();

1068


1069
	while ((pr = LIST_FIRST(&prl)) != NULL) {

1070
		LIST_REMOVE(pr, ndpr_entry);

1071
		nd6_prefix_del(pr);

1072
	}

1073


1074
	callout_reset(&V_nd6_timer_ch, V_nd6_prune * hz,

1075
	    nd6_timer, curvnet);

1076


1077
	CURVNET_RESTORE();

1078
}

1079


1080
/*

1081
 * ia6 - deprecated/invalidated temporary address

1082
 */

1083
static int

1084
regen_tmpaddr(struct in6_ifaddr *ia6)

1085
{

1086
	struct ifaddr *ifa;

1087
	struct ifnet *ifp;

1088
	struct in6_ifaddr *public_ifa6 = NULL;

1089


1090
	NET_EPOCH_ASSERT();

1091


1092
	ifp = ia6->ia_ifa.ifa_ifp;

1093
	CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {

1094
		struct in6_ifaddr *it6;

1095


1096
		if (ifa->ifa_addr->sa_family != AF_INET6)

1097
			continue;

1098


1099
		it6 = (struct in6_ifaddr *)ifa;

1100


1101
		/* ignore no autoconf addresses. */

1102
		if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0)

1103
			continue;

1104


1105
		/* ignore autoconf addresses with different prefixes. */

1106
		if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr)

1107
			continue;

1108


1109
		/*

1110
		 * Now we are looking at an autoconf address with the same

1111
		 * prefix as ours.  If the address is temporary and is still

1112
		 * preferred, do not create another one.  It would be rare, but

1113
		 * could happen, for example, when we resume a laptop PC after

1114
		 * a long period.

1115
		 */

1116
		if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 &&

1117
		    !IFA6_IS_DEPRECATED(it6)) {

1118
			public_ifa6 = NULL;

1119
			break;

1120
		}

1121


1122
		/*

1123
		 * This is a public autoconf address that has the same prefix

1124
		 * as ours.  If it is preferred, keep it.  We can't break the

1125
		 * loop here, because there may be a still-preferred temporary

1126
		 * address with the prefix.

1127
		 */

1128
		if (!IFA6_IS_DEPRECATED(it6))

1129
			public_ifa6 = it6;

1130
	}

1131
	if (public_ifa6 != NULL)

1132
		ifa_ref(&public_ifa6->ia_ifa);

1133


1134
	if (public_ifa6 != NULL) {

1135
		int e;

1136


1137
		if ((e = in6_tmpifadd(public_ifa6, 0, 0)) != 0) {

1138
			ifa_free(&public_ifa6->ia_ifa);

1139
			log(LOG_NOTICE, "regen_tmpaddr: failed to create a new"

1140
			    " tmp addr,errno=%d\n", e);

1141
			return (-1);

1142
		}

1143
		ifa_free(&public_ifa6->ia_ifa);

1144
		return (0);

1145
	}

1146


1147
	return (-1);

1148
}

1149


1150
/*

1151
 * Remove prefix and default router list entries corresponding to ifp. Neighbor

1152
 * cache entries are freed in in6_domifdetach().

1153
 */

1154
void

1155
nd6_purge(struct ifnet *ifp)

1156
{

1157
	struct nd_prhead prl;

1158
	struct nd_prefix *pr, *npr;

1159


1160
	LIST_INIT(&prl);

1161


1162
	/* Purge default router list entries toward ifp. */

1163
	nd6_defrouter_purge(ifp);

1164


1165
	ND6_WLOCK();

1166
	/*

1167
	 * Remove prefixes on ifp. We should have already removed addresses on

1168
	 * this interface, so no addresses should be referencing these prefixes.

1169
	 */

1170
	LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) {

1171
		if (pr->ndpr_ifp == ifp)

1172
			nd6_prefix_unlink(pr, &prl);

1173
	}

1174
	ND6_WUNLOCK();

1175


1176
	/* Delete the unlinked prefix objects. */

1177
	while ((pr = LIST_FIRST(&prl)) != NULL) {

1178
		LIST_REMOVE(pr, ndpr_entry);

1179
		nd6_prefix_del(pr);

1180
	}

1181


1182
	/* cancel default outgoing interface setting */

1183
	if (V_nd6_defifindex == ifp->if_index)

1184
		nd6_setdefaultiface(0);

1185


1186
	if (ifp->if_inet6->nd_flags & ND6_IFF_ACCEPT_RTADV) {

1187
		/* Refresh default router list. */

1188
		defrouter_select_fib(ifp->if_fib);

1189
	}

1190
}

1191


1192
/* 

1193
 * the caller acquires and releases the lock on the lltbls

1194
 * Returns the llentry locked

1195
 */

1196
struct llentry *

1197
nd6_lookup(const struct in6_addr *addr6, int flags, struct ifnet *ifp)

1198
{

1199
	struct sockaddr_in6 sin6;

1200
	struct llentry *ln;

1201


1202
	bzero(&sin6, sizeof(sin6));

1203
	sin6.sin6_len = sizeof(struct sockaddr_in6);

1204
	sin6.sin6_family = AF_INET6;

1205
	sin6.sin6_addr = *addr6;

1206


1207
	LLTABLE_RLOCK_ASSERT(LLTABLE6(ifp));

1208


1209
	ln = lla_lookup(LLTABLE6(ifp), flags, (struct sockaddr *)&sin6);

1210


1211
	return (ln);

1212
}

1213


1214
static struct llentry *

1215
nd6_alloc(const struct in6_addr *addr6, int flags, struct ifnet *ifp)

1216
{

1217
	struct sockaddr_in6 sin6;

1218
	struct llentry *ln;

1219


1220
	bzero(&sin6, sizeof(sin6));

1221
	sin6.sin6_len = sizeof(struct sockaddr_in6);

1222
	sin6.sin6_family = AF_INET6;

1223
	sin6.sin6_addr = *addr6;

1224


1225
	ln = lltable_alloc_entry(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6);

1226
	if (ln != NULL)

1227
		ln->ln_state = ND6_LLINFO_NOSTATE;

1228


1229
	return (ln);

1230
}

1231


1232
/*

1233
 * Test whether a given IPv6 address can be a neighbor.

1234
 */

1235
static bool

1236
nd6_is_new_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp)

1237
{

1238


1239
	/*

1240
	 * A link-local address is always a neighbor.

1241
	 * XXX: a link does not necessarily specify a single interface.

1242
	 */

1243
	if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) {

1244
		struct sockaddr_in6 sin6_copy;

1245
		u_int32_t zone;

1246


1247
		/*

1248
		 * We need sin6_copy since sa6_recoverscope() may modify the

1249
		 * content (XXX).

1250
		 */

1251
		sin6_copy = *addr;

1252
		if (sa6_recoverscope(&sin6_copy))

1253
			return (0); /* XXX: should be impossible */

1254
		if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone))

1255
			return (0);

1256
		if (sin6_copy.sin6_scope_id == zone)

1257
			return (1);

1258
		else

1259
			return (0);

1260
	}

1261
	/* Checking global unicast */

1262


1263
	/* If an address is directly reachable, it is a neigbor */

1264
	struct nhop_object *nh;

1265
	nh = fib6_lookup(ifp->if_fib, &addr->sin6_addr, 0, NHR_NONE, 0);

1266
	if (nh != NULL && nh->nh_aifp == ifp && (nh->nh_flags & NHF_GATEWAY) == 0)

1267
		return (true);

1268


1269
	/*

1270
	 * Check prefixes with desired on-link state, as some may be not

1271
	 * installed in the routing table.

1272
	 */

1273
	bool matched = false;

1274
	struct nd_prefix *pr;

1275
	ND6_RLOCK();

1276
	LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {

1277
		if (pr->ndpr_ifp != ifp)

1278
			continue;

1279
		if ((pr->ndpr_stateflags & NDPRF_ONLINK) == 0)

1280
			continue;

1281
		if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr,

1282
		    &addr->sin6_addr, &pr->ndpr_mask)) {

1283
			matched = true;

1284
			break;

1285
		}

1286
	}

1287
	ND6_RUNLOCK();

1288
	if (matched)

1289
		return (true);

1290


1291
	/*

1292
	 * If the address is assigned on the node of the other side of

1293
	 * a p2p interface, the address should be a neighbor.

1294
	 */

1295
	if (ifp->if_flags & IFF_POINTOPOINT) {

1296
		struct ifaddr *ifa;

1297


1298
		CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {

1299
			if (ifa->ifa_addr->sa_family != addr->sin6_family)

1300
				continue;

1301
			if (ifa->ifa_dstaddr != NULL &&

1302
			    sa_equal(addr, ifa->ifa_dstaddr)) {

1303
				return (true);

1304
			}

1305
		}

1306
	}

1307


1308
	/*

1309
	 * If the default router list is empty, all addresses are regarded

1310
	 * as on-link, and thus, as a neighbor.

1311
	 */

1312
	if (ifp->if_inet6->nd_flags & ND6_IFF_ACCEPT_RTADV &&

1313
	    nd6_defrouter_list_empty() &&

1314
	    V_nd6_defifindex == ifp->if_index) {

1315
		return (1);

1316
	}

1317


1318
	return (0);

1319
}

1320


1321
/*

1322
 * Detect if a given IPv6 address identifies a neighbor on a given link.

1323
 * XXX: should take care of the destination of a p2p link?

1324
 */

1325
int

1326
nd6_is_addr_neighbor(const struct sockaddr_in6 *addr, struct ifnet *ifp)

1327
{

1328
	struct llentry *lle;

1329
	int rc = 0;

1330


1331
	NET_EPOCH_ASSERT();

1332


1333
	if (nd6_is_new_addr_neighbor(addr, ifp))

1334
		return (1);

1335


1336
	/*

1337
	 * Even if the address matches none of our addresses, it might be

1338
	 * in the neighbor cache.

1339
	 */

1340
	if ((lle = nd6_lookup(&addr->sin6_addr, LLE_SF(AF_INET6, 0), ifp)) != NULL) {

1341
		LLE_RUNLOCK(lle);

1342
		rc = 1;

1343
	}

1344
	return (rc);

1345
}

1346


1347
static __noinline void

1348
nd6_free_children(struct llentry *lle)

1349
{

1350
	struct llentry *child_lle;

1351


1352
	NET_EPOCH_ASSERT();

1353
	LLE_WLOCK_ASSERT(lle);

1354


1355
	while ((child_lle = CK_SLIST_FIRST(&lle->lle_children)) != NULL) {

1356
		LLE_WLOCK(child_lle);

1357
		lltable_unlink_child_entry(child_lle);

1358
		llentry_free(child_lle);

1359
	}

1360
}

1361


1362
/*

1363
 * Tries to update @lle address/prepend data with new @lladdr.

1364
 *

1365
 * Returns true on success.

1366
 * In any case, @lle is returned wlocked.

1367
 */

1368
static __noinline bool

1369
nd6_try_set_entry_addr_locked(struct ifnet *ifp, struct llentry *lle, char *lladdr)

1370
{

1371
	u_char buf[LLE_MAX_LINKHDR];

1372
	int fam, off;

1373
	size_t sz;

1374


1375
	sz = sizeof(buf);

1376
	if (lltable_calc_llheader(ifp, AF_INET6, lladdr, buf, &sz, &off) != 0)

1377
		return (false);

1378


1379
	/* Update data */

1380
	lltable_set_entry_addr(ifp, lle, buf, sz, off);

1381


1382
	struct llentry *child_lle;

1383
	CK_SLIST_FOREACH(child_lle, &lle->lle_children, lle_child_next) {

1384
		LLE_WLOCK(child_lle);

1385
		fam = child_lle->r_family;

1386
		sz = sizeof(buf);

1387
		if (lltable_calc_llheader(ifp, fam, lladdr, buf, &sz, &off) == 0) {

1388
			/* success */

1389
			lltable_set_entry_addr(ifp, child_lle, buf, sz, off);

1390
			child_lle->ln_state = ND6_LLINFO_REACHABLE;

1391
		}

1392
		LLE_WUNLOCK(child_lle);

1393
	}

1394


1395
	return (true);

1396
}

1397


1398
bool

1399
nd6_try_set_entry_addr(struct ifnet *ifp, struct llentry *lle, char *lladdr)

1400
{

1401
	NET_EPOCH_ASSERT();

1402
	LLE_WLOCK_ASSERT(lle);

1403


1404
	if (!lltable_trylock(lle))

1405
		return (false);

1406
	bool ret = nd6_try_set_entry_addr_locked(ifp, lle, lladdr);

1407
	LLTABLE_UNLOCK(lle->lle_tbl);

1408


1409
	return (ret);

1410
}

1411


1412
/*

1413
 * Free an nd6 llinfo entry.

1414
 * Since the function would cause significant changes in the kernel, DO NOT

1415
 * make it global, unless you have a strong reason for the change, and are sure

1416
 * that the change is safe.

1417
 *

1418
 * Set noinline to be dtrace-friendly

1419
 */

1420
static __noinline void

1421
nd6_free(struct llentry **lnp, int gc)

1422
{

1423
	struct ifnet *ifp;

1424
	struct llentry *ln;

1425
	struct nd_defrouter *dr;

1426


1427
	ln = *lnp;

1428
	*lnp = NULL;

1429


1430
	LLE_WLOCK_ASSERT(ln);

1431
	ND6_RLOCK_ASSERT();

1432


1433
	KASSERT((ln->la_flags & LLE_CHILD) == 0, ("child lle"));

1434


1435
	ifp = lltable_get_ifp(ln->lle_tbl);

1436
	if ((ifp->if_inet6->nd_flags & ND6_IFF_ACCEPT_RTADV) != 0)

1437
		dr = defrouter_lookup_locked(&ln->r_l3addr.addr6, ifp);

1438
	else

1439
		dr = NULL;

1440
	ND6_RUNLOCK();

1441


1442
	if ((ln->la_flags & LLE_DELETED) == 0)

1443
		EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_EXPIRED);

1444


1445
	/*

1446
	 * we used to have pfctlinput(PRC_HOSTDEAD) here.

1447
	 * even though it is not harmful, it was not really necessary.

1448
	 */

1449


1450
	/* cancel timer */

1451
	nd6_llinfo_settimer_locked(ln, -1);

1452


1453
	if (ifp->if_inet6->nd_flags & ND6_IFF_ACCEPT_RTADV) {

1454
		if (dr != NULL && dr->expire &&

1455
		    ln->ln_state == ND6_LLINFO_STALE && gc) {

1456
			/*

1457
			 * If the reason for the deletion is just garbage

1458
			 * collection, and the neighbor is an active default

1459
			 * router, do not delete it.  Instead, reset the GC

1460
			 * timer using the router's lifetime.

1461
			 * Simply deleting the entry would affect default

1462
			 * router selection, which is not necessarily a good

1463
			 * thing, especially when we're using router preference

1464
			 * values.

1465
			 * XXX: the check for ln_state would be redundant,

1466
			 *      but we intentionally keep it just in case.

1467
			 */

1468
			if (dr->expire > time_uptime)

1469
				nd6_llinfo_settimer_locked(ln,

1470
				    (dr->expire - time_uptime) * hz);

1471
			else

1472
				nd6_llinfo_settimer_locked(ln,

1473
				    (long)V_nd6_gctimer * hz);

1474


1475
			LLE_REMREF(ln);

1476
			LLE_WUNLOCK(ln);

1477
			defrouter_rele(dr);

1478
			return;

1479
		}

1480


1481
		if (dr) {

1482
			/*

1483
			 * Unreachability of a router might affect the default

1484
			 * router selection and on-link detection of advertised

1485
			 * prefixes.

1486
			 */

1487


1488
			/*

1489
			 * Temporarily fake the state to choose a new default

1490
			 * router and to perform on-link determination of

1491
			 * prefixes correctly.

1492
			 * Below the state will be set correctly,

1493
			 * or the entry itself will be deleted.

1494
			 */

1495
			ln->ln_state = ND6_LLINFO_INCOMPLETE;

1496
		}

1497


1498
		if (ln->ln_router || dr) {

1499
			/*

1500
			 * We need to unlock to avoid a LOR with rt6_flush() with the

1501
			 * rnh and for the calls to pfxlist_onlink_check() and

1502
			 * defrouter_select_fib() in the block further down for calls

1503
			 * into nd6_lookup().  We still hold a ref.

1504
			 */

1505
			LLE_WUNLOCK(ln);

1506


1507
			/*

1508
			 * rt6_flush must be called whether or not the neighbor

1509
			 * is in the Default Router List.

1510
			 * See a corresponding comment in nd6_na_input().

1511
			 */

1512
			rt6_flush(&ln->r_l3addr.addr6, ifp);

1513
		}

1514


1515
		if (dr) {

1516
			/*

1517
			 * Since defrouter_select_fib() does not affect the

1518
			 * on-link determination and MIP6 needs the check

1519
			 * before the default router selection, we perform

1520
			 * the check now.

1521
			 */

1522
			pfxlist_onlink_check();

1523


1524
			/*

1525
			 * Refresh default router list.

1526
			 */

1527
			defrouter_select_fib(dr->ifp->if_fib);

1528
		}

1529


1530
		/*

1531
		 * If this entry was added by an on-link redirect, remove the

1532
		 * corresponding host route.

1533
		 */

1534
		if (ln->la_flags & LLE_REDIRECT)

1535
			nd6_free_redirect(ln);

1536


1537
		if (ln->ln_router || dr)

1538
			LLE_WLOCK(ln);

1539
	}

1540


1541
	/*

1542
	 * Save to unlock. We still hold an extra reference and will not

1543
	 * free(9) in llentry_free() if someone else holds one as well.

1544
	 */

1545
	LLE_WUNLOCK(ln);

1546
	LLTABLE_LOCK(ln->lle_tbl);

1547
	LLE_WLOCK(ln);

1548
	/* Guard against race with other llentry_free(). */

1549
	if (ln->la_flags & LLE_LINKED) {

1550
		/* Remove callout reference */

1551
		LLE_REMREF(ln);

1552
		lltable_unlink_entry(ln->lle_tbl, ln);

1553
	}

1554
	LLTABLE_UNLOCK(ln->lle_tbl);

1555


1556
	nd6_free_children(ln);

1557


1558
	llentry_free(ln);

1559
	if (dr != NULL)

1560
		defrouter_rele(dr);

1561
}

1562


1563
static int

1564
nd6_isdynrte(const struct rtentry *rt, const struct nhop_object *nh, void *xap)

1565
{

1566


1567
	if (nh->nh_flags & NHF_REDIRECT)

1568
		return (1);

1569


1570
	return (0);

1571
}

1572


1573
/*

1574
 * Remove the rtentry for the given llentry,

1575
 * both of which were installed by a redirect.

1576
 */

1577
static void

1578
nd6_free_redirect(const struct llentry *ln)

1579
{

1580
	int fibnum;

1581
	struct sockaddr_in6 sin6;

1582
	struct rib_cmd_info rc;

1583
	struct epoch_tracker et;

1584


1585
	lltable_fill_sa_entry(ln, (struct sockaddr *)&sin6);

1586


1587
	NET_EPOCH_ENTER(et);

1588
	for (fibnum = 0; fibnum < rt_numfibs; fibnum++)

1589
		rib_del_route_px(fibnum, (struct sockaddr *)&sin6, 128,

1590
		    nd6_isdynrte, NULL, 0, &rc);

1591
	NET_EPOCH_EXIT(et);

1592
}

1593


1594
/*

1595
 * Updates status of the default router route.

1596
 */

1597
static void

1598
check_release_defrouter(const struct rib_cmd_info *rc, void *_cbdata)

1599
{

1600
	struct nd_defrouter *dr;

1601
	struct nhop_object *nh;

1602


1603
	nh = rc->rc_nh_old;

1604
	if (rc->rc_cmd == RTM_DELETE && (nh->nh_flags & NHF_DEFAULT) != 0) {

1605
		dr = defrouter_lookup(&nh->gw6_sa.sin6_addr, nh->nh_ifp);

1606
		if (dr != NULL) {

1607
			dr->installed = 0;

1608
			defrouter_rele(dr);

1609
		}

1610
	}

1611
}

1612


1613
void

1614
nd6_subscription_cb(struct rib_head *rnh, struct rib_cmd_info *rc, void *arg)

1615
{

1616
#ifdef ROUTE_MPATH

1617
	rib_decompose_notification(rc, check_release_defrouter, NULL);

1618
	if (rc->rc_cmd == RTM_DELETE && !NH_IS_NHGRP(rc->rc_nh_old))

1619
		check_release_defrouter(rc, NULL);

1620
#else

1621
	check_release_defrouter(rc, NULL);

1622
#endif

1623
}

1624


1625
int

1626
nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp)

1627
{

1628
	struct epoch_tracker et;

1629
	struct in6_ndireq *ndi = (struct in6_ndireq *)data;

1630
	struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data;

1631
	struct in6_ndifreq *ndif = (struct in6_ndifreq *)data;

1632
	struct in6_ifextra *ext = ifp->if_inet6;

1633
	int error = 0;

1634


1635
	/* XXXGL: safety against IFT_PFSYNC & IFT_PFLOG */

1636
	if (ext == NULL)

1637
		return (EPFNOSUPPORT);

1638
#define ND	ndi->ndi

1639
	switch (cmd) {

1640
	case SIOCGIFINFO_IN6:

1641
		ND = (struct nd_ifinfo){

1642
			.linkmtu = ext->nd_linkmtu,

1643
			.maxmtu = ext->nd_maxmtu,

1644
			.basereachable = ext->nd_basereachable,

1645
			.reachable = ext->nd_reachable,

1646
			.retrans = ext->nd_retrans,

1647
			.flags = ext->nd_flags,

1648
			.recalctm = ext->nd_recalc_timer,

1649
			.chlim = ext->nd_curhoplimit,

1650
			.initialized = 1,

1651
		};

1652
		break;

1653
	case SIOCSIFINFO_IN6:

1654
		/*

1655
		 * used to change host variables from userland.

1656
		 * intended for a use on router to reflect RA configurations.

1657
		 */

1658
		/* 0 means 'unspecified' */

1659
		if (ND.linkmtu != 0) {

1660
			if (ND.linkmtu < IPV6_MMTU ||

1661
			    ND.linkmtu > in6_ifmtu(ifp)) {

1662
				error = EINVAL;

1663
				break;

1664
			}

1665
			ext->nd_linkmtu = ND.linkmtu;

1666
		}

1667


1668
		if (ND.basereachable != 0) {

1669
			uint32_t obasereachable = ext->nd_basereachable;

1670


1671
			ext->nd_basereachable = ND.basereachable;

1672
			if (ND.basereachable != obasereachable)

1673
				ext->nd_reachable =

1674
				    ND_COMPUTE_RTIME(ND.basereachable);

1675
		}

1676
		if (ND.retrans != 0)

1677
			ext->nd_retrans = ND.retrans;

1678
		if (ND.chlim != 0)

1679
			ext->nd_curhoplimit = ND.chlim;

1680
		/* FALLTHROUGH */

1681
	case SIOCSIFINFO_FLAGS:

1682
	{

1683
		struct ifaddr *ifa;

1684
		struct in6_ifaddr *ia;

1685


1686
		if ((ext->nd_flags & ND6_IFF_IFDISABLED) &&

1687
		    !(ND.flags & ND6_IFF_IFDISABLED)) {

1688
			/* ifdisabled 1->0 transision */

1689


1690
			/*

1691
			 * If the interface is marked as ND6_IFF_IFDISABLED and

1692
			 * has an link-local address with IN6_IFF_DUPLICATED,

1693
			 * do not clear ND6_IFF_IFDISABLED.

1694
			 * See RFC 4862, Section 5.4.5.

1695
			 */

1696
			NET_EPOCH_ENTER(et);

1697
			CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {

1698
				if (ifa->ifa_addr->sa_family != AF_INET6)

1699
					continue;

1700
				ia = (struct in6_ifaddr *)ifa;

1701
				if ((ia->ia6_flags & IN6_IFF_DUPLICATED) &&

1702
				    IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia)))

1703
					break;

1704
			}

1705
			NET_EPOCH_EXIT(et);

1706


1707
			if (ifa != NULL) {

1708
				/* LLA is duplicated. */

1709
				ND.flags |= ND6_IFF_IFDISABLED;

1710
				log(LOG_ERR, "Cannot enable an interface"

1711
				    " with a link-local address marked"

1712
				    " duplicate.\n");

1713
			} else {

1714
				ext->nd_flags &= ~ND6_IFF_IFDISABLED;

1715
				if (ifp->if_flags & IFF_UP)

1716
					in6_if_up(ifp);

1717
			}

1718
		} else if (!(ext->nd_flags & ND6_IFF_IFDISABLED) &&

1719
			    (ND.flags & ND6_IFF_IFDISABLED)) {

1720
			/* ifdisabled 0->1 transision */

1721
			/* Mark all IPv6 address as tentative. */

1722


1723
			ext->nd_flags |= ND6_IFF_IFDISABLED;

1724
			if (V_ip6_dad_count > 0 &&

1725
			    (ext->nd_flags & ND6_IFF_NO_DAD) == 0) {

1726
				NET_EPOCH_ENTER(et);

1727
				CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead,

1728
				    ifa_link) {

1729
					if (ifa->ifa_addr->sa_family !=

1730
					    AF_INET6)

1731
						continue;

1732
					ia = (struct in6_ifaddr *)ifa;

1733
					ia->ia6_flags |= IN6_IFF_TENTATIVE;

1734
				}

1735
				NET_EPOCH_EXIT(et);

1736
			}

1737
		}

1738


1739
		if (ND.flags & ND6_IFF_AUTO_LINKLOCAL) {

1740
			if (!(ext->nd_flags & ND6_IFF_AUTO_LINKLOCAL)) {

1741
				/* auto_linklocal 0->1 transision */

1742


1743
				/* If no link-local address on ifp, configure */

1744
				ext->nd_flags |= ND6_IFF_AUTO_LINKLOCAL;

1745
				in6_ifattach(ifp, NULL);

1746
			} else if (!(ND.flags & ND6_IFF_IFDISABLED) &&

1747
			    ifp->if_flags & IFF_UP) {

1748
				/*

1749
				 * When the IF already has

1750
				 * ND6_IFF_AUTO_LINKLOCAL, no link-local

1751
				 * address is assigned, and IFF_UP, try to

1752
				 * assign one.

1753
				 */

1754
				NET_EPOCH_ENTER(et);

1755
				CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead,

1756
				    ifa_link) {

1757
					if (ifa->ifa_addr->sa_family !=

1758
					    AF_INET6)

1759
						continue;

1760
					ia = (struct in6_ifaddr *)ifa;

1761
					if (IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia)))

1762
						break;

1763
				}

1764
				NET_EPOCH_EXIT(et);

1765
				if (ifa != NULL)

1766
					/* No LLA is configured. */

1767
					in6_ifattach(ifp, NULL);

1768
			}

1769
		}

1770
		ext->nd_flags = ND.flags;

1771
		break;

1772
	}

1773
#undef ND

1774
	case SIOCSNDFLUSH_IN6:	/* XXX: the ioctl name is confusing... */

1775
		/* sync kernel routing table with the default router list */

1776
		defrouter_reset();

1777
		defrouter_select_fib(RT_ALL_FIBS);

1778
		break;

1779
	case SIOCSPFXFLUSH_IN6:

1780
	{

1781
		/* flush all the prefix advertised by routers */

1782
		struct in6_ifaddr *ia, *ia_next;

1783
		struct nd_prefix *pr, *next;

1784
		struct nd_prhead prl;

1785


1786
		LIST_INIT(&prl);

1787


1788
		ND6_WLOCK();

1789
		LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, next) {

1790
			if (ND6_PREFIX_WITH_ROUTER(pr))

1791
				nd6_prefix_unlink(pr, &prl);

1792
		}

1793
		ND6_WUNLOCK();

1794


1795
		while ((pr = LIST_FIRST(&prl)) != NULL) {

1796
			LIST_REMOVE(pr, ndpr_entry);

1797
			/* XXXRW: in6_ifaddrhead locking. */

1798
			CK_STAILQ_FOREACH_SAFE(ia, &V_in6_ifaddrhead, ia_link,

1799
			    ia_next) {

1800
				if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0)

1801
					continue;

1802


1803
				if (ia->ia6_ndpr == pr)

1804
					in6_purgeaddr(&ia->ia_ifa);

1805
			}

1806
			nd6_prefix_del(pr);

1807
		}

1808
		break;

1809
	}

1810
	case SIOCSRTRFLUSH_IN6:

1811
	{

1812
		/* flush all the default routers */

1813


1814
		defrouter_reset();

1815
		nd6_defrouter_flush_all();

1816
		defrouter_select_fib(RT_ALL_FIBS);

1817
		break;

1818
	}

1819
	case SIOCGNBRINFO_IN6:

1820
	{

1821
		struct llentry *ln;

1822
		struct in6_addr nb_addr = nbi->addr; /* make local for safety */

1823


1824
		if ((error = in6_setscope(&nb_addr, ifp, NULL)) != 0)

1825
			return (error);

1826


1827
		NET_EPOCH_ENTER(et);

1828
		ln = nd6_lookup(&nb_addr, LLE_SF(AF_INET6, 0), ifp);

1829
		NET_EPOCH_EXIT(et);

1830


1831
		if (ln == NULL) {

1832
			error = EINVAL;

1833
			break;

1834
		}

1835
		nbi->state = ln->ln_state;

1836
		nbi->asked = ln->la_asked;

1837
		nbi->isrouter = ln->ln_router;

1838
		if (ln->la_expire == 0)

1839
			nbi->expire = 0;

1840
		else

1841
			nbi->expire = ln->la_expire + ln->lle_remtime / hz +

1842
			    (time_second - time_uptime);

1843
		LLE_RUNLOCK(ln);

1844
		break;

1845
	}

1846
	case SIOCGDEFIFACE_IN6:	/* XXX: should be implemented as a sysctl? */

1847
		ndif->ifindex = V_nd6_defifindex;

1848
		break;

1849
	case SIOCSDEFIFACE_IN6:	/* XXX: should be implemented as a sysctl? */

1850
		return (nd6_setdefaultiface(ndif->ifindex));

1851
	}

1852
	return (error);

1853
}

1854


1855
/*

1856
 * Calculates new isRouter value based on provided parameters and

1857
 * returns it.

1858
 */

1859
static int

1860
nd6_is_router(int type, int code, int is_new, int old_addr, int new_addr,

1861
    int ln_router)

1862
{

1863


1864
	/*

1865
	 * ICMP6 type dependent behavior.

1866
	 *

1867
	 * NS: clear IsRouter if new entry

1868
	 * RS: clear IsRouter

1869
	 * RA: set IsRouter if there's lladdr

1870
	 * redir: clear IsRouter if new entry

1871
	 *

1872
	 * RA case, (1):

1873
	 * The spec says that we must set IsRouter in the following cases:

1874
	 * - If lladdr exist, set IsRouter.  This means (1-5).

1875
	 * - If it is old entry (!newentry), set IsRouter.  This means (7).

1876
	 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter.

1877
	 * A quetion arises for (1) case.  (1) case has no lladdr in the

1878
	 * neighbor cache, this is similar to (6).

1879
	 * This case is rare but we figured that we MUST NOT set IsRouter.

1880
	 *

1881
	 *   is_new  old_addr new_addr 	    NS  RS  RA	redir

1882
	 *							D R

1883
	 *	0	n	n	(1)	c   ?     s

1884
	 *	0	y	n	(2)	c   s     s

1885
	 *	0	n	y	(3)	c   s     s

1886
	 *	0	y	y	(4)	c   s     s

1887
	 *	0	y	y	(5)	c   s     s

1888
	 *	1	--	n	(6) c	c	c s

1889
	 *	1	--	y	(7) c	c   s	c s

1890
	 *

1891
	 *					(c=clear s=set)

1892
	 */

1893
	switch (type & 0xff) {

1894
	case ND_NEIGHBOR_SOLICIT:

1895
		/*

1896
		 * New entry must have is_router flag cleared.

1897
		 */

1898
		if (is_new)					/* (6-7) */

1899
			ln_router = 0;

1900
		break;

1901
	case ND_REDIRECT:

1902
		/*

1903
		 * If the icmp is a redirect to a better router, always set the

1904
		 * is_router flag.  Otherwise, if the entry is newly created,

1905
		 * clear the flag.  [RFC 2461, sec 8.3]

1906
		 */

1907
		if (code == ND_REDIRECT_ROUTER)

1908
			ln_router = 1;

1909
		else {

1910
			if (is_new)				/* (6-7) */

1911
				ln_router = 0;

1912
		}

1913
		break;

1914
	case ND_ROUTER_SOLICIT:

1915
		/*

1916
		 * is_router flag must always be cleared.

1917
		 */

1918
		ln_router = 0;

1919
		break;

1920
	case ND_ROUTER_ADVERT:

1921
		/*

1922
		 * Mark an entry with lladdr as a router.

1923
		 */

1924
		if ((!is_new && (old_addr || new_addr)) ||	/* (2-5) */

1925
		    (is_new && new_addr)) {			/* (7) */

1926
			ln_router = 1;

1927
		}

1928
		break;

1929
	}

1930


1931
	return (ln_router);

1932
}

1933


1934
/*

1935
 * Create neighbor cache entry and cache link-layer address,

1936
 * on reception of inbound ND6 packets.  (RS/RA/NS/redirect)

1937
 *

1938
 * type - ICMP6 type

1939
 * code - type dependent information

1940
 *

1941
 */

1942
void

1943
nd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr,

1944
    int lladdrlen, int type, int code)

1945
{

1946
	struct llentry *ln = NULL, *ln_tmp;

1947
	int is_newentry;

1948
	int do_update;

1949
	int olladdr;

1950
	int llchange;

1951
	int flags;

1952
	uint16_t router = 0;

1953
	struct mbuf *chain = NULL;

1954
	u_char linkhdr[LLE_MAX_LINKHDR];

1955
	size_t linkhdrsize;

1956
	int lladdr_off;

1957


1958
	NET_EPOCH_ASSERT();

1959


1960
	KASSERT(ifp != NULL, ("%s: ifp == NULL", __func__));

1961
	KASSERT(from != NULL, ("%s: from == NULL", __func__));

1962


1963
	/* nothing must be updated for unspecified address */

1964
	if (IN6_IS_ADDR_UNSPECIFIED(from))

1965
		return;

1966


1967
	/*

1968
	 * Validation about ifp->if_addrlen and lladdrlen must be done in

1969
	 * the caller.

1970
	 *

1971
	 * XXX If the link does not have link-layer adderss, what should

1972
	 * we do? (ifp->if_addrlen == 0)

1973
	 * Spec says nothing in sections for RA, RS and NA.  There's small

1974
	 * description on it in NS section (RFC 2461 7.2.3).

1975
	 */

1976
	flags = lladdr ? LLE_EXCLUSIVE : 0;

1977
	ln = nd6_lookup(from, LLE_SF(AF_INET6, flags), ifp);

1978
	is_newentry = 0;

1979
	if (ln == NULL) {

1980
		flags |= LLE_EXCLUSIVE;

1981
		ln = nd6_alloc(from, 0, ifp);

1982
		if (ln == NULL)

1983
			return;

1984


1985
		/*

1986
		 * Since we already know all the data for the new entry,

1987
		 * fill it before insertion.

1988
		 */

1989
		if (lladdr != NULL) {

1990
			linkhdrsize = sizeof(linkhdr);

1991
			if (lltable_calc_llheader(ifp, AF_INET6, lladdr,

1992
			    linkhdr, &linkhdrsize, &lladdr_off) != 0) {

1993
				lltable_free_entry(LLTABLE6(ifp), ln);

1994
				return;

1995
			}

1996
			lltable_set_entry_addr(ifp, ln, linkhdr, linkhdrsize,

1997
			    lladdr_off);

1998
		}

1999


2000
		LLTABLE_LOCK(LLTABLE6(ifp));

2001
		LLE_WLOCK(ln);

2002
		/* Prefer any existing lle over newly-created one */

2003
		ln_tmp = nd6_lookup(from, LLE_SF(AF_INET6, LLE_EXCLUSIVE), ifp);

2004
		if (ln_tmp == NULL)

2005
			lltable_link_entry(LLTABLE6(ifp), ln);

2006
		LLTABLE_UNLOCK(LLTABLE6(ifp));

2007
		if (ln_tmp == NULL) {

2008
			/* No existing lle, mark as new entry (6,7) */

2009
			is_newentry = 1;

2010
			if (lladdr != NULL) {	/* (7) */

2011
				nd6_llinfo_setstate(ln, ND6_LLINFO_STALE);

2012
				EVENTHANDLER_INVOKE(lle_event, ln,

2013
				    LLENTRY_RESOLVED);

2014
			}

2015
		} else {

2016
			lltable_free_entry(LLTABLE6(ifp), ln);

2017
			ln = ln_tmp;

2018
			ln_tmp = NULL;

2019
		}

2020
	} 

2021
	/* do nothing if static ndp is set */

2022
	if ((ln->la_flags & LLE_STATIC)) {

2023
		if (flags & LLE_EXCLUSIVE)

2024
			LLE_WUNLOCK(ln);

2025
		else

2026
			LLE_RUNLOCK(ln);

2027
		return;

2028
	}

2029


2030
	olladdr = (ln->la_flags & LLE_VALID) ? 1 : 0;

2031
	if (olladdr && lladdr) {

2032
		llchange = bcmp(lladdr, ln->ll_addr,

2033
		    ifp->if_addrlen);

2034
	} else if (!olladdr && lladdr)

2035
		llchange = 1;

2036
	else

2037
		llchange = 0;

2038


2039
	/*

2040
	 * newentry olladdr  lladdr  llchange	(*=record)

2041
	 *	0	n	n	--	(1)

2042
	 *	0	y	n	--	(2)

2043
	 *	0	n	y	y	(3) * STALE

2044
	 *	0	y	y	n	(4) *

2045
	 *	0	y	y	y	(5) * STALE

2046
	 *	1	--	n	--	(6)   NOSTATE(= PASSIVE)

2047
	 *	1	--	y	--	(7) * STALE

2048
	 */

2049


2050
	do_update = 0;

2051
	if (is_newentry == 0 && llchange != 0) {

2052
		do_update = 1;	/* (3,5) */

2053


2054
		/*

2055
		 * Record source link-layer address

2056
		 * XXX is it dependent to ifp->if_type?

2057
		 */

2058
		if (!nd6_try_set_entry_addr(ifp, ln, lladdr)) {

2059
			/* Entry was deleted */

2060
			LLE_WUNLOCK(ln);

2061
			return;

2062
		}

2063


2064
		nd6_llinfo_setstate(ln, ND6_LLINFO_STALE);

2065


2066
		EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED);

2067


2068
		if (ln->la_hold != NULL)

2069
			chain = nd6_grab_holdchain(ln);

2070
	}

2071


2072
	/* Calculates new router status */

2073
	router = nd6_is_router(type, code, is_newentry, olladdr,

2074
	    lladdr != NULL ? 1 : 0, ln->ln_router);

2075


2076
	ln->ln_router = router;

2077
	/* Mark non-router redirects with special flag */

2078
	if ((type & 0xFF) == ND_REDIRECT && code != ND_REDIRECT_ROUTER)

2079
		ln->la_flags |= LLE_REDIRECT;

2080


2081
	if (flags & LLE_EXCLUSIVE)

2082
		LLE_WUNLOCK(ln);

2083
	else

2084
		LLE_RUNLOCK(ln);

2085


2086
	if (chain != NULL)

2087
		nd6_flush_holdchain(ifp, ln, chain);

2088
	if (do_update)

2089
		nd6_flush_children_holdchain(ifp, ln);

2090


2091
	/*

2092
	 * When the link-layer address of a router changes, select the

2093
	 * best router again.  In particular, when the neighbor entry is newly

2094
	 * created, it might affect the selection policy.

2095
	 * Question: can we restrict the first condition to the "is_newentry"

2096
	 * case?

2097
	 * XXX: when we hear an RA from a new router with the link-layer

2098
	 * address option, defrouter_select_fib() is called twice, since

2099
	 * defrtrlist_update called the function as well.  However, I believe

2100
	 * we can compromise the overhead, since it only happens the first

2101
	 * time.

2102
	 * XXX: although defrouter_select_fib() should not have a bad effect

2103
	 * for those are not autoconfigured hosts, we explicitly avoid such

2104
	 * cases for safety.

2105
	 */

2106
	if ((do_update || is_newentry) && router &&

2107
	    ifp->if_inet6->nd_flags & ND6_IFF_ACCEPT_RTADV) {

2108
		/*

2109
		 * guaranteed recursion

2110
		 */

2111
		defrouter_select_fib(ifp->if_fib);

2112
	}

2113
}

2114


2115
static void

2116
nd6_slowtimo(void *arg)

2117
{

2118
	struct epoch_tracker et;

2119
	CURVNET_SET((struct vnet *) arg);

2120
	struct in6_ifextra *nd6if;

2121
	struct ifnet *ifp;

2122


2123
	callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz,

2124
	    nd6_slowtimo, curvnet);

2125
	NET_EPOCH_ENTER(et);

2126
	CK_STAILQ_FOREACH(ifp, &V_ifnet, if_link) {

2127
		if ((nd6if = ifp->if_inet6) == NULL)

2128
			continue;

2129
		if (nd6if->nd_basereachable && /* already initialized */

2130
		    (nd6if->nd_recalc_timer -= ND6_SLOWTIMER_INTERVAL) <= 0) {

2131
			/*

2132
			 * Since reachable time rarely changes by router

2133
			 * advertisements, we SHOULD insure that a new random

2134
			 * value gets recomputed at least once every few hours.

2135
			 * (RFC 2461, 6.3.4)

2136
			 */

2137
			nd6if->nd_recalc_timer = V_nd6_recalc_reachtm_interval;

2138
			nd6if->nd_reachable =

2139
			    ND_COMPUTE_RTIME(nd6if->nd_basereachable);

2140
		}

2141
	}

2142
	NET_EPOCH_EXIT(et);

2143
	CURVNET_RESTORE();

2144
}

2145


2146
struct mbuf *

2147
nd6_grab_holdchain(struct llentry *ln)

2148
{

2149
	struct mbuf *chain;

2150


2151
	LLE_WLOCK_ASSERT(ln);

2152


2153
	chain = ln->la_hold;

2154
	ln->la_hold = NULL;

2155
	ln->la_numheld = 0;

2156


2157
	if (ln->ln_state == ND6_LLINFO_STALE) {

2158
		/*

2159
		 * The first time we send a packet to a

2160
		 * neighbor whose entry is STALE, we have

2161
		 * to change the state to DELAY and a sets

2162
		 * a timer to expire in DELAY_FIRST_PROBE_TIME

2163
		 * seconds to ensure do neighbor unreachability

2164
		 * detection on expiration.

2165
		 * (RFC 2461 7.3.3)

2166
		 */

2167
		nd6_llinfo_setstate(ln, ND6_LLINFO_DELAY);

2168
	}

2169


2170
	return (chain);

2171
}

2172


2173
int

2174
nd6_output_ifp(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m,

2175
    struct sockaddr_in6 *dst, struct route *ro)

2176
{

2177
	int error;

2178
	int ip6len;

2179
	struct ip6_hdr *ip6;

2180
	struct m_tag *mtag;

2181


2182
#ifdef MAC

2183
	mac_netinet6_nd6_send(ifp, m);

2184
#endif

2185


2186
	/*

2187
	 * If called from nd6_ns_output() (NS), nd6_na_output() (NA),

2188
	 * icmp6_redirect_output() (REDIRECT) or from rip6_output() (RS, RA

2189
	 * as handled by rtsol and rtadvd), mbufs will be tagged for SeND

2190
	 * to be diverted to user space.  When re-injected into the kernel,

2191
	 * send_output() will directly dispatch them to the outgoing interface.

2192
	 */

2193
	if (send_sendso_input_hook != NULL) {

2194
		mtag = m_tag_find(m, PACKET_TAG_ND_OUTGOING, NULL);

2195
		if (mtag != NULL) {

2196
			ip6 = mtod(m, struct ip6_hdr *);

2197
			ip6len = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen);

2198
			/* Use the SEND socket */

2199
			error = send_sendso_input_hook(m, ifp, SND_OUT,

2200
			    ip6len);

2201
			/* -1 == no app on SEND socket */

2202
			if (error == 0 || error != -1)

2203
			    return (error);

2204
		}

2205
	}

2206


2207
	m_clrprotoflags(m);	/* Avoid confusing lower layers. */

2208
	IP_PROBE(send, NULL, NULL, mtod(m, struct ip6_hdr *), ifp, NULL,

2209
	    mtod(m, struct ip6_hdr *));

2210


2211
	if ((ifp->if_flags & IFF_LOOPBACK) == 0)

2212
		origifp = ifp;

2213


2214
	error = (*ifp->if_output)(origifp, m, (struct sockaddr *)dst, ro);

2215
	return (error);

2216
}

2217


2218
/*

2219
 * Lookup link headerfor @sa_dst address. Stores found

2220
 * data in @desten buffer. Copy of lle ln_flags can be also

2221
 * saved in @pflags if @pflags is non-NULL.

2222
 *

2223
 * If destination LLE does not exists or lle state modification

2224
 * is required, call "slow" version.

2225
 *

2226
 * Return values:

2227
 * - 0 on success (address copied to buffer).

2228
 * - EWOULDBLOCK (no local error, but address is still unresolved)

2229
 * - other errors (alloc failure, etc)

2230
 */

2231
int

2232
nd6_resolve(struct ifnet *ifp, int gw_flags, struct mbuf *m,

2233
    const struct sockaddr *sa_dst, u_char *desten, uint32_t *pflags,

2234
    struct llentry **plle)

2235
{

2236
	struct llentry *ln = NULL;

2237
	const struct sockaddr_in6 *dst6;

2238


2239
	NET_EPOCH_ASSERT();

2240


2241
	if (pflags != NULL)

2242
		*pflags = 0;

2243


2244
	dst6 = (const struct sockaddr_in6 *)sa_dst;

2245


2246
	/* discard the packet if IPv6 operation is disabled on the interface */

2247
	if ((ifp->if_inet6->nd_flags & ND6_IFF_IFDISABLED)) {

2248
		m_freem(m);

2249
		return (ENETDOWN); /* better error? */

2250
	}

2251


2252
	if (m != NULL && m->m_flags & M_MCAST) {

2253
		switch (ifp->if_type) {

2254
		case IFT_ETHER:

2255
		case IFT_L2VLAN:

2256
		case IFT_BRIDGE:

2257
			ETHER_MAP_IPV6_MULTICAST(&dst6->sin6_addr,

2258
						 desten);

2259
			return (0);

2260
		default:

2261
			m_freem(m);

2262
			return (EAFNOSUPPORT);

2263
		}

2264
	}

2265


2266
	int family = gw_flags >> 16;

2267
	int lookup_flags = plle ? LLE_EXCLUSIVE : LLE_UNLOCKED;

2268
	ln = nd6_lookup(&dst6->sin6_addr, LLE_SF(family, lookup_flags), ifp);

2269
	if (ln != NULL && (ln->r_flags & RLLE_VALID) != 0) {

2270
		/* Entry found, let's copy lle info */

2271
		bcopy(ln->r_linkdata, desten, ln->r_hdrlen);

2272
		if (pflags != NULL)

2273
			*pflags = LLE_VALID | (ln->r_flags & RLLE_IFADDR);

2274
		llentry_provide_feedback(ln);

2275
		if (plle) {

2276
			LLE_ADDREF(ln);

2277
			*plle = ln;

2278
			LLE_WUNLOCK(ln);

2279
		}

2280
		return (0);

2281
	} else if (plle && ln)

2282
		LLE_WUNLOCK(ln);

2283


2284
	return (nd6_resolve_slow(ifp, family, 0, m, dst6, desten, pflags, plle));

2285
}

2286


2287
/*

2288
 * Finds or creates a new llentry for @addr and @family.

2289
 * Returns wlocked llentry or NULL.

2290
 *

2291
 *

2292
 * Child LLEs.

2293
 *

2294
 * Do not have their own state machine (gets marked as static)

2295
 *  settimer bails out for child LLEs just in case.

2296
 *

2297
 * Locking order: parent lle gets locked first, chen goes the child.

2298
 */

2299
static __noinline struct llentry *

2300
nd6_get_llentry(struct ifnet *ifp, const struct in6_addr *addr, int family)

2301
{

2302
	struct llentry *child_lle = NULL;

2303
	struct llentry *lle, *lle_tmp;

2304


2305
	lle = nd6_alloc(addr, 0, ifp);

2306
	if (lle != NULL && family != AF_INET6) {

2307
		child_lle = nd6_alloc(addr, 0, ifp);

2308
		if (child_lle == NULL) {

2309
			lltable_free_entry(LLTABLE6(ifp), lle);

2310
			return (NULL);

2311
		}

2312
		child_lle->r_family = family;

2313
		child_lle->la_flags |= LLE_CHILD | LLE_STATIC;

2314
		child_lle->ln_state = ND6_LLINFO_INCOMPLETE;

2315
	}

2316


2317
	if (lle == NULL) {

2318
		char ip6buf[INET6_ADDRSTRLEN];

2319
		log(LOG_DEBUG,

2320
		    "nd6_get_llentry: can't allocate llinfo for %s "

2321
		    "(ln=%p)\n",

2322
		    ip6_sprintf(ip6buf, addr), lle);

2323
		return (NULL);

2324
	}

2325


2326
	LLTABLE_LOCK(LLTABLE6(ifp));

2327
	LLE_WLOCK(lle);

2328
	/* Prefer any existing entry over newly-created one */

2329
	lle_tmp = nd6_lookup(addr, LLE_SF(AF_INET6, LLE_EXCLUSIVE), ifp);

2330
	if (lle_tmp == NULL)

2331
		lltable_link_entry(LLTABLE6(ifp), lle);

2332
	else {

2333
		lltable_free_entry(LLTABLE6(ifp), lle);

2334
		lle = lle_tmp;

2335
	}

2336
	if (child_lle != NULL) {

2337
		/* Check if child lle for the same family exists */

2338
		lle_tmp = llentry_lookup_family(lle, child_lle->r_family);

2339
		LLE_WLOCK(child_lle);

2340
		if (lle_tmp == NULL) {

2341
			/* Attach */

2342
			lltable_link_child_entry(lle, child_lle);

2343
		} else {

2344
			/* child lle already exists, free newly-created one */

2345
			lltable_free_entry(LLTABLE6(ifp), child_lle);

2346
			LLE_WLOCK(lle_tmp);

2347
			child_lle = lle_tmp;

2348
		}

2349
		LLE_WUNLOCK(lle);

2350
		lle = child_lle;

2351
	}

2352
	LLTABLE_UNLOCK(LLTABLE6(ifp));

2353
	return (lle);

2354
}

2355


2356
/*

2357
 * Do L2 address resolution for @sa_dst address. Stores found

2358
 * address in @desten buffer. Copy of lle ln_flags can be also

2359
 * saved in @pflags if @pflags is non-NULL.

2360
 *

2361
 * Heavy version.

2362
 * Function assume that destination LLE does not exist,

2363
 * is invalid or stale, so LLE_EXCLUSIVE lock needs to be acquired.

2364
 *

2365
 * Set noinline to be dtrace-friendly

2366
 */

2367
static __noinline int

2368
nd6_resolve_slow(struct ifnet *ifp, int family, int flags, struct mbuf *m,

2369
    const struct sockaddr_in6 *dst, u_char *desten, uint32_t *pflags,

2370
    struct llentry **plle)

2371
{

2372
	struct llentry *lle = NULL;

2373
	struct in6_addr *psrc, src;

2374
	int send_ns, ll_len;

2375
	char *lladdr;

2376


2377
	NET_EPOCH_ASSERT();

2378


2379
	/*

2380
	 * Address resolution or Neighbor Unreachability Detection

2381
	 * for the next hop.

2382
	 * At this point, the destination of the packet must be a unicast

2383
	 * or an anycast address(i.e. not a multicast).

2384
	 */

2385
	lle = nd6_lookup(&dst->sin6_addr, LLE_SF(family, LLE_EXCLUSIVE), ifp);

2386
	if ((lle == NULL) && nd6_is_addr_neighbor(dst, ifp))  {

2387
		/*

2388
		 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(),

2389
		 * the condition below is not very efficient.  But we believe

2390
		 * it is tolerable, because this should be a rare case.

2391
		 */

2392
		lle = nd6_get_llentry(ifp, &dst->sin6_addr, family);

2393
	}

2394


2395
	if (lle == NULL) {

2396
		m_freem(m);

2397
		return (ENOBUFS);

2398
	}

2399


2400
	LLE_WLOCK_ASSERT(lle);

2401


2402
	/*

2403
	 * The first time we send a packet to a neighbor whose entry is

2404
	 * STALE, we have to change the state to DELAY and a sets a timer to

2405
	 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do

2406
	 * neighbor unreachability detection on expiration.

2407
	 * (RFC 2461 7.3.3)

2408
	 */

2409
	if ((!(lle->la_flags & LLE_CHILD)) && (lle->ln_state == ND6_LLINFO_STALE))

2410
		nd6_llinfo_setstate(lle, ND6_LLINFO_DELAY);

2411


2412
	/*

2413
	 * If the neighbor cache entry has a state other than INCOMPLETE

2414
	 * (i.e. its link-layer address is already resolved), just

2415
	 * send the packet.

2416
	 */

2417
	if (lle->ln_state > ND6_LLINFO_INCOMPLETE) {

2418
		if (flags & LLE_ADDRONLY) {

2419
			lladdr = lle->ll_addr;

2420
			ll_len = ifp->if_addrlen;

2421
		} else {

2422
			lladdr = lle->r_linkdata;

2423
			ll_len = lle->r_hdrlen;

2424
		}

2425
		bcopy(lladdr, desten, ll_len);

2426
		if (pflags != NULL)

2427
			*pflags = lle->la_flags;

2428
		if (plle) {

2429
			LLE_ADDREF(lle);

2430
			*plle = lle;

2431
		}

2432
		LLE_WUNLOCK(lle);

2433
		return (0);

2434
	}

2435


2436
	/*

2437
	 * There is a neighbor cache entry, but no ethernet address

2438
	 * response yet.  Append this latest packet to the end of the

2439
	 * packet queue in the mbuf.  When it exceeds nd6_maxqueuelen,

2440
	 * the oldest packet in the queue will be removed.

2441
	 */

2442
	if (m != NULL) {

2443
		size_t dropped;

2444


2445
		dropped = lltable_append_entry_queue(lle, m, V_nd6_maxqueuelen);

2446
		ICMP6STAT_ADD(icp6s_dropped, dropped);

2447
	}

2448


2449
	/*

2450
	 * If there has been no NS for the neighbor after entering the

2451
	 * INCOMPLETE state, send the first solicitation.

2452
	 * Note that for newly-created lle la_asked will be 0,

2453
	 * so we will transition from ND6_LLINFO_NOSTATE to

2454
	 * ND6_LLINFO_INCOMPLETE state here.

2455
	 */

2456
	psrc = NULL;

2457
	send_ns = 0;

2458


2459
	/* If we have child lle, switch to the parent to send NS */

2460
	if (lle->la_flags & LLE_CHILD) {

2461
		struct llentry *lle_parent = lle->lle_parent;

2462
		LLE_WUNLOCK(lle);

2463
		lle = lle_parent;

2464
		LLE_WLOCK(lle);

2465
	}

2466
	if (lle->la_asked == 0) {

2467
		lle->la_asked++;

2468
		send_ns = 1;

2469
		psrc = nd6_llinfo_get_holdsrc(lle, &src);

2470


2471
		nd6_llinfo_setstate(lle, ND6_LLINFO_INCOMPLETE);

2472
	}

2473
	LLE_WUNLOCK(lle);

2474
	if (send_ns != 0)

2475
		nd6_ns_output(ifp, psrc, NULL, &dst->sin6_addr, NULL);

2476


2477
	return (EWOULDBLOCK);

2478
}

2479


2480
/*

2481
 * Do L2 address resolution for @sa_dst address. Stores found

2482
 * address in @desten buffer. Copy of lle ln_flags can be also

2483
 * saved in @pflags if @pflags is non-NULL.

2484
 *

2485
 * Return values:

2486
 * - 0 on success (address copied to buffer).

2487
 * - EWOULDBLOCK (no local error, but address is still unresolved)

2488
 * - other errors (alloc failure, etc)

2489
 */

2490
int

2491
nd6_resolve_addr(struct ifnet *ifp, int flags, const struct sockaddr *dst,

2492
    char *desten, uint32_t *pflags)

2493
{

2494
	int error;

2495


2496
	flags |= LLE_ADDRONLY;

2497
	error = nd6_resolve_slow(ifp, AF_INET6, flags, NULL,

2498
	    (const struct sockaddr_in6 *)dst, desten, pflags, NULL);

2499
	return (error);

2500
}

2501


2502
int

2503
nd6_flush_holdchain(struct ifnet *ifp, struct llentry *lle, struct mbuf *chain)

2504
{

2505
	struct mbuf *m, *m_head;

2506
	struct sockaddr_in6 dst6;

2507
	int error = 0;

2508


2509
	NET_EPOCH_ASSERT();

2510


2511
	struct route_in6 ro = {

2512
		.ro_prepend = lle->r_linkdata,

2513
		.ro_plen = lle->r_hdrlen,

2514
	};

2515


2516
	lltable_fill_sa_entry(lle, (struct sockaddr *)&dst6);

2517
	m_head = chain;

2518


2519
	while (m_head) {

2520
		m = m_head;

2521
		m_head = m_head->m_nextpkt;

2522
		m->m_nextpkt = NULL;

2523
		error = nd6_output_ifp(ifp, ifp, m, &dst6, (struct route *)&ro);

2524
	}

2525


2526
	/*

2527
	 * XXX

2528
	 * note that intermediate errors are blindly ignored

2529
	 */

2530
	return (error);

2531
}

2532


2533
__noinline void

2534
nd6_flush_children_holdchain(struct ifnet *ifp, struct llentry *lle)

2535
{

2536
	struct llentry *child_lle;

2537
	struct mbuf *chain;

2538


2539
	NET_EPOCH_ASSERT();

2540


2541
	CK_SLIST_FOREACH(child_lle, &lle->lle_children, lle_child_next) {

2542
		LLE_WLOCK(child_lle);

2543
		chain = nd6_grab_holdchain(child_lle);

2544
		LLE_WUNLOCK(child_lle);

2545
		nd6_flush_holdchain(ifp, child_lle, chain);

2546
	}

2547
}

2548


2549
static int

2550
nd6_need_cache(struct ifnet *ifp)

2551
{

2552
	/*

2553
	 * XXX: we currently do not make neighbor cache on any interface

2554
	 * other than Ethernet and GIF.

2555
	 *

2556
	 * RFC2893 says:

2557
	 * - unidirectional tunnels needs no ND

2558
	 */

2559
	switch (ifp->if_type) {

2560
	case IFT_ETHER:

2561
	case IFT_IEEE1394:

2562
	case IFT_L2VLAN:

2563
	case IFT_INFINIBAND:

2564
	case IFT_BRIDGE:

2565
	case IFT_PROPVIRTUAL:

2566
		return (1);

2567
	default:

2568
		return (0);

2569
	}

2570
}

2571


2572
/*

2573
 * Add pernament ND6 link-layer record for given

2574
 * interface address.

2575
 *

2576
 * Very similar to IPv4 arp_ifinit(), but:

2577
 * 1) IPv6 DAD is performed in different place

2578
 * 2) It is called by IPv6 protocol stack in contrast to

2579
 * arp_ifinit() which is typically called in SIOCSIFADDR

2580
 * driver ioctl handler.

2581
 *

2582
 */

2583
int

2584
nd6_add_ifa_lle(struct in6_ifaddr *ia)

2585
{

2586
	struct ifnet *ifp;

2587
	struct llentry *ln, *ln_tmp;

2588
	struct sockaddr *dst;

2589


2590
	ifp = ia->ia_ifa.ifa_ifp;

2591
	if (nd6_need_cache(ifp) == 0)

2592
		return (0);

2593


2594
	dst = (struct sockaddr *)&ia->ia_addr;

2595
	ln = lltable_alloc_entry(LLTABLE6(ifp), LLE_IFADDR, dst);

2596
	if (ln == NULL)

2597
		return (ENOBUFS);

2598


2599
	LLTABLE_LOCK(LLTABLE6(ifp));

2600
	LLE_WLOCK(ln);

2601
	/* Unlink any entry if exists */

2602
	ln_tmp = lla_lookup(LLTABLE6(ifp), LLE_SF(AF_INET6, LLE_EXCLUSIVE), dst);

2603
	if (ln_tmp != NULL)

2604
		lltable_unlink_entry(LLTABLE6(ifp), ln_tmp);

2605
	lltable_link_entry(LLTABLE6(ifp), ln);

2606
	LLTABLE_UNLOCK(LLTABLE6(ifp));

2607


2608
	if (ln_tmp != NULL)

2609
		EVENTHANDLER_INVOKE(lle_event, ln_tmp, LLENTRY_EXPIRED);

2610
	EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED);

2611


2612
	LLE_WUNLOCK(ln);

2613
	if (ln_tmp != NULL)

2614
		llentry_free(ln_tmp);

2615


2616
	return (0);

2617
}

2618


2619
/*

2620
 * Removes either all lle entries for given @ia, or lle

2621
 * corresponding to @ia address.

2622
 */

2623
void

2624
nd6_rem_ifa_lle(struct in6_ifaddr *ia, int all)

2625
{

2626
	struct sockaddr_in6 mask, addr;

2627
	struct sockaddr *saddr, *smask;

2628
	struct ifnet *ifp;

2629


2630
	ifp = ia->ia_ifa.ifa_ifp;

2631
	memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr));

2632
	memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask));

2633
	saddr = (struct sockaddr *)&addr;

2634
	smask = (struct sockaddr *)&mask;

2635


2636
	if (all != 0)

2637
		lltable_prefix_free(AF_INET6, saddr, smask, LLE_STATIC);

2638
	else

2639
		lltable_delete_addr(LLTABLE6(ifp), LLE_IFADDR, saddr);

2640
}

2641


2642
static int

2643
nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS)

2644
{

2645
	struct in6_prefix p;

2646
	struct sockaddr_in6 s6;

2647
	struct nd_prefix *pr;

2648
	struct nd_pfxrouter *pfr;

2649
	time_t maxexpire;

2650
	int error;

2651
	char ip6buf[INET6_ADDRSTRLEN];

2652


2653
	if (req->newptr)

2654
		return (EPERM);

2655


2656
	error = sysctl_wire_old_buffer(req, 0);

2657
	if (error != 0)

2658
		return (error);

2659


2660
	bzero(&p, sizeof(p));

2661
	p.origin = PR_ORIG_RA;

2662
	bzero(&s6, sizeof(s6));

2663
	s6.sin6_family = AF_INET6;

2664
	s6.sin6_len = sizeof(s6);

2665


2666
	ND6_RLOCK();

2667
	LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {

2668
		p.prefix = pr->ndpr_prefix;

2669
		if (sa6_recoverscope(&p.prefix)) {

2670
			log(LOG_ERR, "scope error in prefix list (%s)\n",

2671
			    ip6_sprintf(ip6buf, &p.prefix.sin6_addr));

2672
			/* XXX: press on... */

2673
		}

2674
		p.raflags = pr->ndpr_raf;

2675
		p.prefixlen = pr->ndpr_plen;

2676
		p.vltime = pr->ndpr_vltime;

2677
		p.pltime = pr->ndpr_pltime;

2678
		p.if_index = pr->ndpr_ifp->if_index;

2679
		if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME)

2680
			p.expire = 0;

2681
		else {

2682
			/* XXX: we assume time_t is signed. */

2683
			maxexpire = (-1) &

2684
			    ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1));

2685
			if (pr->ndpr_vltime < maxexpire - pr->ndpr_lastupdate)

2686
				p.expire = pr->ndpr_lastupdate +

2687
				    pr->ndpr_vltime +

2688
				    (time_second - time_uptime);

2689
			else

2690
				p.expire = maxexpire;

2691
		}

2692
		p.refcnt = pr->ndpr_addrcnt;

2693
		p.flags = pr->ndpr_stateflags;

2694
		p.advrtrs = 0;

2695
		LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry)

2696
			p.advrtrs++;

2697
		error = SYSCTL_OUT(req, &p, sizeof(p));

2698
		if (error != 0)

2699
			break;

2700
		LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) {

2701
			s6.sin6_addr = pfr->router->rtaddr;

2702
			if (sa6_recoverscope(&s6))

2703
				log(LOG_ERR,

2704
				    "scope error in prefix list (%s)\n",

2705
				    ip6_sprintf(ip6buf, &pfr->router->rtaddr));

2706
			error = SYSCTL_OUT(req, &s6, sizeof(s6));

2707
			if (error != 0)

2708
				goto out;

2709
		}

2710
	}

2711
out:

2712
	ND6_RUNLOCK();

2713
	return (error);

2714
}

2715
SYSCTL_PROC(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist,

2716
	CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE,

2717
	NULL, 0, nd6_sysctl_prlist, "S,in6_prefix",

2718
	"NDP prefix list");

2719
SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, nd6_maxqueuelen,

2720
	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_maxqueuelen), 1, "");

2721
SYSCTL_INT(_net_inet6_icmp6, OID_AUTO, nd6_gctimer,

2722
	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_gctimer), (60 * 60 * 24), "");

2723


2724