2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * $KAME: nd6.c,v 1.144 2001/05/24 07:44:00 itojun Exp $
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
36 #include "opt_inet6.h"
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/callout.h>
41 #include <sys/malloc.h>
43 #include <sys/socket.h>
44 #include <sys/sockio.h>
46 #include <sys/kernel.h>
47 #include <sys/protosw.h>
48 #include <sys/errno.h>
49 #include <sys/syslog.h>
51 #include <sys/rwlock.h>
52 #include <sys/queue.h>
54 #include <sys/sysctl.h>
57 #include <net/if_var.h>
58 #include <net/if_arc.h>
59 #include <net/if_dl.h>
60 #include <net/if_types.h>
61 #include <net/iso88025.h>
63 #include <net/route.h>
66 #include <netinet/in.h>
67 #include <netinet/in_kdtrace.h>
68 #include <net/if_llatbl.h>
69 #include <netinet/if_ether.h>
70 #include <netinet6/in6_var.h>
71 #include <netinet/ip6.h>
72 #include <netinet6/ip6_var.h>
73 #include <netinet6/scope6_var.h>
74 #include <netinet6/nd6.h>
75 #include <netinet6/in6_ifattach.h>
76 #include <netinet/icmp6.h>
77 #include <netinet6/send.h>
79 #include <sys/limits.h>
81 #include <security/mac/mac_framework.h>
83 #define ND6_SLOWTIMER_INTERVAL (60 * 60) /* 1 hour */
84 #define ND6_RECALC_REACHTM_INTERVAL (60 * 120) /* 2 hours */
86 #define SIN6(s) ((const struct sockaddr_in6 *)(s))
89 VNET_DEFINE(int, nd6_prune) = 1; /* walk list every 1 seconds */
90 VNET_DEFINE(int, nd6_delay) = 5; /* delay first probe time 5 second */
91 VNET_DEFINE(int, nd6_umaxtries) = 3; /* maximum unicast query */
92 VNET_DEFINE(int, nd6_mmaxtries) = 3; /* maximum multicast query */
93 VNET_DEFINE(int, nd6_useloopback) = 1; /* use loopback interface for
95 VNET_DEFINE(int, nd6_gctimer) = (60 * 60 * 24); /* 1 day: garbage
98 /* preventing too many loops in ND option parsing */
99 static VNET_DEFINE(int, nd6_maxndopt) = 10; /* max # of ND options allowed */
101 VNET_DEFINE(int, nd6_maxnudhint) = 0; /* max # of subsequent upper
103 static VNET_DEFINE(int, nd6_maxqueuelen) = 1; /* max pkts cached in unresolved
105 #define V_nd6_maxndopt VNET(nd6_maxndopt)
106 #define V_nd6_maxqueuelen VNET(nd6_maxqueuelen)
109 VNET_DEFINE(int, nd6_debug) = 1;
111 VNET_DEFINE(int, nd6_debug) = 0;
114 static eventhandler_tag lle_event_eh;
118 static int nd6_inuse, nd6_allocated;
121 VNET_DEFINE(struct nd_drhead, nd_defrouter);
122 VNET_DEFINE(struct nd_prhead, nd_prefix);
124 VNET_DEFINE(int, nd6_recalc_reachtm_interval) = ND6_RECALC_REACHTM_INTERVAL;
125 #define V_nd6_recalc_reachtm_interval VNET(nd6_recalc_reachtm_interval)
127 int (*send_sendso_input_hook)(struct mbuf *, struct ifnet *, int, int);
129 static int nd6_is_new_addr_neighbor(struct sockaddr_in6 *,
131 static void nd6_setmtu0(struct ifnet *, struct nd_ifinfo *);
132 static void nd6_slowtimo(void *);
133 static int regen_tmpaddr(struct in6_ifaddr *);
134 static struct llentry *nd6_free(struct llentry *, int);
135 static void nd6_llinfo_timer(void *);
136 static void clear_llinfo_pqueue(struct llentry *);
137 static void nd6_rtrequest(int, struct rtentry *, struct rt_addrinfo *);
138 static int nd6_output_lle(struct ifnet *, struct ifnet *, struct mbuf *,
139 struct sockaddr_in6 *);
140 static int nd6_output_ifp(struct ifnet *, struct ifnet *, struct mbuf *,
141 struct sockaddr_in6 *);
143 static VNET_DEFINE(struct callout, nd6_slowtimo_ch);
144 #define V_nd6_slowtimo_ch VNET(nd6_slowtimo_ch)
146 VNET_DEFINE(struct callout, nd6_timer_ch);
149 nd6_lle_event(void *arg __unused, struct llentry *lle, int evt)
151 struct rt_addrinfo rtinfo;
152 struct sockaddr_in6 dst;
153 struct sockaddr_dl gw;
157 LLE_WLOCK_ASSERT(lle);
159 if (lltable_get_af(lle->lle_tbl) != AF_INET6)
163 case LLENTRY_RESOLVED:
165 KASSERT(lle->la_flags & LLE_VALID,
166 ("%s: %p resolved but not valid?", __func__, lle));
168 case LLENTRY_EXPIRED:
175 ifp = lltable_get_ifp(lle->lle_tbl);
177 bzero(&dst, sizeof(dst));
178 bzero(&gw, sizeof(gw));
179 bzero(&rtinfo, sizeof(rtinfo));
180 lltable_fill_sa_entry(lle, (struct sockaddr *)&dst);
181 dst.sin6_scope_id = in6_getscopezone(ifp,
182 in6_addrscope(&dst.sin6_addr));
183 gw.sdl_len = sizeof(struct sockaddr_dl);
184 gw.sdl_family = AF_LINK;
185 gw.sdl_alen = ifp->if_addrlen;
186 gw.sdl_index = ifp->if_index;
187 gw.sdl_type = ifp->if_type;
188 if (evt == LLENTRY_RESOLVED)
189 bcopy(&lle->ll_addr, gw.sdl_data, ifp->if_addrlen);
190 rtinfo.rti_info[RTAX_DST] = (struct sockaddr *)&dst;
191 rtinfo.rti_info[RTAX_GATEWAY] = (struct sockaddr *)&gw;
192 rtinfo.rti_addrs = RTA_DST | RTA_GATEWAY;
193 rt_missmsg_fib(type, &rtinfo, RTF_HOST | RTF_LLDATA | (
194 type == RTM_ADD ? RTF_UP: 0), 0, RT_DEFAULT_FIB);
201 LIST_INIT(&V_nd_prefix);
203 /* initialization of the default router list */
204 TAILQ_INIT(&V_nd_defrouter);
207 callout_init(&V_nd6_slowtimo_ch, 0);
208 callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz,
209 nd6_slowtimo, curvnet);
212 if (IS_DEFAULT_VNET(curvnet))
213 lle_event_eh = EVENTHANDLER_REGISTER(lle_event, nd6_lle_event,
214 NULL, EVENTHANDLER_PRI_ANY);
222 callout_drain(&V_nd6_slowtimo_ch);
223 callout_drain(&V_nd6_timer_ch);
224 if (IS_DEFAULT_VNET(curvnet))
225 EVENTHANDLER_DEREGISTER(lle_event, lle_event_eh);
230 nd6_ifattach(struct ifnet *ifp)
232 struct nd_ifinfo *nd;
234 nd = (struct nd_ifinfo *)malloc(sizeof(*nd), M_IP6NDP, M_WAITOK|M_ZERO);
237 nd->chlim = IPV6_DEFHLIM;
238 nd->basereachable = REACHABLE_TIME;
239 nd->reachable = ND_COMPUTE_RTIME(nd->basereachable);
240 nd->retrans = RETRANS_TIMER;
242 nd->flags = ND6_IFF_PERFORMNUD;
244 /* A loopback interface always has ND6_IFF_AUTO_LINKLOCAL.
245 * XXXHRS: Clear ND6_IFF_AUTO_LINKLOCAL on an IFT_BRIDGE interface by
246 * default regardless of the V_ip6_auto_linklocal configuration to
247 * give a reasonable default behavior.
249 if ((V_ip6_auto_linklocal && ifp->if_type != IFT_BRIDGE) ||
250 (ifp->if_flags & IFF_LOOPBACK))
251 nd->flags |= ND6_IFF_AUTO_LINKLOCAL;
253 * A loopback interface does not need to accept RTADV.
254 * XXXHRS: Clear ND6_IFF_ACCEPT_RTADV on an IFT_BRIDGE interface by
255 * default regardless of the V_ip6_accept_rtadv configuration to
256 * prevent the interface from accepting RA messages arrived
257 * on one of the member interfaces with ND6_IFF_ACCEPT_RTADV.
259 if (V_ip6_accept_rtadv &&
260 !(ifp->if_flags & IFF_LOOPBACK) &&
261 (ifp->if_type != IFT_BRIDGE))
262 nd->flags |= ND6_IFF_ACCEPT_RTADV;
263 if (V_ip6_no_radr && !(ifp->if_flags & IFF_LOOPBACK))
264 nd->flags |= ND6_IFF_NO_RADR;
266 /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */
267 nd6_setmtu0(ifp, nd);
273 nd6_ifdetach(struct nd_ifinfo *nd)
280 * Reset ND level link MTU. This function is called when the physical MTU
281 * changes, which means we might have to adjust the ND level MTU.
284 nd6_setmtu(struct ifnet *ifp)
287 nd6_setmtu0(ifp, ND_IFINFO(ifp));
290 /* XXX todo: do not maintain copy of ifp->if_mtu in ndi->maxmtu */
292 nd6_setmtu0(struct ifnet *ifp, struct nd_ifinfo *ndi)
296 omaxmtu = ndi->maxmtu;
298 switch (ifp->if_type) {
300 ndi->maxmtu = MIN(ARC_PHDS_MAXMTU, ifp->if_mtu); /* RFC2497 */
303 ndi->maxmtu = MIN(FDDIIPMTU, ifp->if_mtu); /* RFC2467 */
306 ndi->maxmtu = MIN(ISO88025_MAX_MTU, ifp->if_mtu);
309 ndi->maxmtu = ifp->if_mtu;
314 * Decreasing the interface MTU under IPV6 minimum MTU may cause
315 * undesirable situation. We thus notify the operator of the change
316 * explicitly. The check for omaxmtu is necessary to restrict the
317 * log to the case of changing the MTU, not initializing it.
319 if (omaxmtu >= IPV6_MMTU && ndi->maxmtu < IPV6_MMTU) {
320 log(LOG_NOTICE, "nd6_setmtu0: "
321 "new link MTU on %s (%lu) is too small for IPv6\n",
322 if_name(ifp), (unsigned long)ndi->maxmtu);
325 if (ndi->maxmtu > V_in6_maxmtu)
326 in6_setmaxmtu(); /* check all interfaces just in case */
331 nd6_option_init(void *opt, int icmp6len, union nd_opts *ndopts)
334 bzero(ndopts, sizeof(*ndopts));
335 ndopts->nd_opts_search = (struct nd_opt_hdr *)opt;
337 = (struct nd_opt_hdr *)(((u_char *)opt) + icmp6len);
340 ndopts->nd_opts_done = 1;
341 ndopts->nd_opts_search = NULL;
346 * Take one ND option.
349 nd6_option(union nd_opts *ndopts)
351 struct nd_opt_hdr *nd_opt;
354 KASSERT(ndopts != NULL, ("%s: ndopts == NULL", __func__));
355 KASSERT(ndopts->nd_opts_last != NULL, ("%s: uninitialized ndopts",
357 if (ndopts->nd_opts_search == NULL)
359 if (ndopts->nd_opts_done)
362 nd_opt = ndopts->nd_opts_search;
364 /* make sure nd_opt_len is inside the buffer */
365 if ((caddr_t)&nd_opt->nd_opt_len >= (caddr_t)ndopts->nd_opts_last) {
366 bzero(ndopts, sizeof(*ndopts));
370 olen = nd_opt->nd_opt_len << 3;
373 * Message validation requires that all included
374 * options have a length that is greater than zero.
376 bzero(ndopts, sizeof(*ndopts));
380 ndopts->nd_opts_search = (struct nd_opt_hdr *)((caddr_t)nd_opt + olen);
381 if (ndopts->nd_opts_search > ndopts->nd_opts_last) {
382 /* option overruns the end of buffer, invalid */
383 bzero(ndopts, sizeof(*ndopts));
385 } else if (ndopts->nd_opts_search == ndopts->nd_opts_last) {
386 /* reached the end of options chain */
387 ndopts->nd_opts_done = 1;
388 ndopts->nd_opts_search = NULL;
394 * Parse multiple ND options.
395 * This function is much easier to use, for ND routines that do not need
396 * multiple options of the same type.
399 nd6_options(union nd_opts *ndopts)
401 struct nd_opt_hdr *nd_opt;
404 KASSERT(ndopts != NULL, ("%s: ndopts == NULL", __func__));
405 KASSERT(ndopts->nd_opts_last != NULL, ("%s: uninitialized ndopts",
407 if (ndopts->nd_opts_search == NULL)
411 nd_opt = nd6_option(ndopts);
412 if (nd_opt == NULL && ndopts->nd_opts_last == NULL) {
414 * Message validation requires that all included
415 * options have a length that is greater than zero.
417 ICMP6STAT_INC(icp6s_nd_badopt);
418 bzero(ndopts, sizeof(*ndopts));
425 switch (nd_opt->nd_opt_type) {
426 case ND_OPT_SOURCE_LINKADDR:
427 case ND_OPT_TARGET_LINKADDR:
429 case ND_OPT_REDIRECTED_HEADER:
431 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
433 "duplicated ND6 option found (type=%d)\n",
434 nd_opt->nd_opt_type));
437 ndopts->nd_opt_array[nd_opt->nd_opt_type]
441 case ND_OPT_PREFIX_INFORMATION:
442 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) {
443 ndopts->nd_opt_array[nd_opt->nd_opt_type]
446 ndopts->nd_opts_pi_end =
447 (struct nd_opt_prefix_info *)nd_opt;
449 /* What about ND_OPT_ROUTE_INFO? RFC 4191 */
450 case ND_OPT_RDNSS: /* RFC 6106 */
451 case ND_OPT_DNSSL: /* RFC 6106 */
453 * Silently ignore options we know and do not care about
459 * Unknown options must be silently ignored,
460 * to accomodate future extension to the protocol.
463 "nd6_options: unsupported option %d - "
464 "option ignored\n", nd_opt->nd_opt_type));
469 if (i > V_nd6_maxndopt) {
470 ICMP6STAT_INC(icp6s_nd_toomanyopt);
471 nd6log((LOG_INFO, "too many loop in nd opt\n"));
475 if (ndopts->nd_opts_done)
483 * ND6 timer routine to handle ND6 entries
486 nd6_llinfo_settimer_locked(struct llentry *ln, long tick)
490 LLE_WLOCK_ASSERT(ln);
495 canceled = callout_stop(&ln->lle_timer);
497 ln->la_expire = time_uptime + tick / hz;
499 if (tick > INT_MAX) {
500 ln->ln_ntick = tick - INT_MAX;
501 canceled = callout_reset(&ln->lle_timer, INT_MAX,
502 nd6_llinfo_timer, ln);
505 canceled = callout_reset(&ln->lle_timer, tick,
506 nd6_llinfo_timer, ln);
514 nd6_llinfo_settimer(struct llentry *ln, long tick)
518 nd6_llinfo_settimer_locked(ln, tick);
523 nd6_llinfo_timer(void *arg)
526 struct in6_addr *dst;
528 struct nd_ifinfo *ndi = NULL;
530 KASSERT(arg != NULL, ("%s: arg NULL", __func__));
531 ln = (struct llentry *)arg;
533 if (callout_pending(&ln->lle_timer)) {
535 * Here we are a bit odd here in the treatment of
536 * active/pending. If the pending bit is set, it got
537 * rescheduled before I ran. The active
538 * bit we ignore, since if it was stopped
539 * in ll_tablefree() and was currently running
540 * it would have return 0 so the code would
541 * not have deleted it since the callout could
542 * not be stopped so we want to go through
543 * with the delete here now. If the callout
544 * was restarted, the pending bit will be back on and
545 * we just want to bail since the callout_reset would
546 * return 1 and our reference would have been removed
547 * by nd6_llinfo_settimer_locked above since canceled
553 ifp = ln->lle_tbl->llt_ifp;
554 CURVNET_SET(ifp->if_vnet);
556 if (ln->ln_ntick > 0) {
557 if (ln->ln_ntick > INT_MAX) {
558 ln->ln_ntick -= INT_MAX;
559 nd6_llinfo_settimer_locked(ln, INT_MAX);
562 nd6_llinfo_settimer_locked(ln, ln->ln_ntick);
567 ndi = ND_IFINFO(ifp);
568 dst = &ln->r_l3addr.addr6;
569 if (ln->la_flags & LLE_STATIC) {
573 if (ln->la_flags & LLE_DELETED) {
574 (void)nd6_free(ln, 0);
579 switch (ln->ln_state) {
580 case ND6_LLINFO_INCOMPLETE:
581 if (ln->la_asked < V_nd6_mmaxtries) {
583 nd6_llinfo_settimer_locked(ln, (long)ndi->retrans * hz / 1000);
585 nd6_ns_output(ifp, NULL, dst, ln, NULL);
588 struct mbuf *m = ln->la_hold;
593 * assuming every packet in la_hold has the
594 * same IP header. Send error after unlock.
599 clear_llinfo_pqueue(ln);
601 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_TIMEDOUT);
602 (void)nd6_free(ln, 0);
605 icmp6_error2(m, ICMP6_DST_UNREACH,
606 ICMP6_DST_UNREACH_ADDR, 0, ifp);
609 case ND6_LLINFO_REACHABLE:
610 if (!ND6_LLINFO_PERMANENT(ln)) {
611 ln->ln_state = ND6_LLINFO_STALE;
612 nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz);
616 case ND6_LLINFO_STALE:
617 /* Garbage Collection(RFC 2461 5.3) */
618 if (!ND6_LLINFO_PERMANENT(ln)) {
619 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_EXPIRED);
620 (void)nd6_free(ln, 1);
625 case ND6_LLINFO_DELAY:
626 if (ndi && (ndi->flags & ND6_IFF_PERFORMNUD) != 0) {
629 ln->ln_state = ND6_LLINFO_PROBE;
630 nd6_llinfo_settimer_locked(ln, (long)ndi->retrans * hz / 1000);
632 nd6_ns_output(ifp, dst, dst, ln, NULL);
635 ln->ln_state = ND6_LLINFO_STALE; /* XXX */
636 nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz);
639 case ND6_LLINFO_PROBE:
640 if (ln->la_asked < V_nd6_umaxtries) {
642 nd6_llinfo_settimer_locked(ln, (long)ndi->retrans * hz / 1000);
644 nd6_ns_output(ifp, dst, dst, ln, NULL);
647 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_EXPIRED);
648 (void)nd6_free(ln, 0);
653 panic("%s: paths in a dark night can be confusing: %d",
654 __func__, ln->ln_state);
664 * ND6 timer routine to expire default route list and prefix list
669 CURVNET_SET((struct vnet *) arg);
670 struct nd_defrouter *dr, *ndr;
671 struct nd_prefix *pr, *npr;
672 struct in6_ifaddr *ia6, *nia6;
674 callout_reset(&V_nd6_timer_ch, V_nd6_prune * hz,
677 /* expire default router list */
678 TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, ndr) {
679 if (dr->expire && dr->expire < time_uptime)
684 * expire interface addresses.
685 * in the past the loop was inside prefix expiry processing.
686 * However, from a stricter speci-confrmance standpoint, we should
687 * rather separate address lifetimes and prefix lifetimes.
689 * XXXRW: in6_ifaddrhead locking.
692 TAILQ_FOREACH_SAFE(ia6, &V_in6_ifaddrhead, ia_link, nia6) {
693 /* check address lifetime */
694 if (IFA6_IS_INVALID(ia6)) {
698 * If the expiring address is temporary, try
699 * regenerating a new one. This would be useful when
700 * we suspended a laptop PC, then turned it on after a
701 * period that could invalidate all temporary
702 * addresses. Although we may have to restart the
703 * loop (see below), it must be after purging the
704 * address. Otherwise, we'd see an infinite loop of
707 if (V_ip6_use_tempaddr &&
708 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0) {
709 if (regen_tmpaddr(ia6) == 0)
713 in6_purgeaddr(&ia6->ia_ifa);
716 goto addrloop; /* XXX: see below */
717 } else if (IFA6_IS_DEPRECATED(ia6)) {
718 int oldflags = ia6->ia6_flags;
720 ia6->ia6_flags |= IN6_IFF_DEPRECATED;
723 * If a temporary address has just become deprecated,
724 * regenerate a new one if possible.
726 if (V_ip6_use_tempaddr &&
727 (ia6->ia6_flags & IN6_IFF_TEMPORARY) != 0 &&
728 (oldflags & IN6_IFF_DEPRECATED) == 0) {
730 if (regen_tmpaddr(ia6) == 0) {
732 * A new temporary address is
734 * XXX: this means the address chain
735 * has changed while we are still in
736 * the loop. Although the change
737 * would not cause disaster (because
738 * it's not a deletion, but an
739 * addition,) we'd rather restart the
740 * loop just for safety. Or does this
741 * significantly reduce performance??
748 * A new RA might have made a deprecated address
751 ia6->ia6_flags &= ~IN6_IFF_DEPRECATED;
755 /* expire prefix list */
756 LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) {
758 * check prefix lifetime.
759 * since pltime is just for autoconf, pltime processing for
760 * prefix is not necessary.
762 if (pr->ndpr_vltime != ND6_INFINITE_LIFETIME &&
763 time_uptime - pr->ndpr_lastupdate > pr->ndpr_vltime) {
766 * address expiration and prefix expiration are
767 * separate. NEVER perform in6_purgeaddr here.
776 * ia6 - deprecated/invalidated temporary address
779 regen_tmpaddr(struct in6_ifaddr *ia6)
783 struct in6_ifaddr *public_ifa6 = NULL;
785 ifp = ia6->ia_ifa.ifa_ifp;
787 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
788 struct in6_ifaddr *it6;
790 if (ifa->ifa_addr->sa_family != AF_INET6)
793 it6 = (struct in6_ifaddr *)ifa;
795 /* ignore no autoconf addresses. */
796 if ((it6->ia6_flags & IN6_IFF_AUTOCONF) == 0)
799 /* ignore autoconf addresses with different prefixes. */
800 if (it6->ia6_ndpr == NULL || it6->ia6_ndpr != ia6->ia6_ndpr)
804 * Now we are looking at an autoconf address with the same
805 * prefix as ours. If the address is temporary and is still
806 * preferred, do not create another one. It would be rare, but
807 * could happen, for example, when we resume a laptop PC after
810 if ((it6->ia6_flags & IN6_IFF_TEMPORARY) != 0 &&
811 !IFA6_IS_DEPRECATED(it6)) {
817 * This is a public autoconf address that has the same prefix
818 * as ours. If it is preferred, keep it. We can't break the
819 * loop here, because there may be a still-preferred temporary
820 * address with the prefix.
822 if (!IFA6_IS_DEPRECATED(it6))
825 if (public_ifa6 != NULL)
826 ifa_ref(&public_ifa6->ia_ifa);
827 IF_ADDR_RUNLOCK(ifp);
829 if (public_ifa6 != NULL) {
832 if ((e = in6_tmpifadd(public_ifa6, 0, 0)) != 0) {
833 ifa_free(&public_ifa6->ia_ifa);
834 log(LOG_NOTICE, "regen_tmpaddr: failed to create a new"
835 " tmp addr,errno=%d\n", e);
838 ifa_free(&public_ifa6->ia_ifa);
846 * Nuke neighbor cache/prefix/default router management table, right before
850 nd6_purge(struct ifnet *ifp)
852 struct nd_defrouter *dr, *ndr;
853 struct nd_prefix *pr, *npr;
856 * Nuke default router list entries toward ifp.
857 * We defer removal of default router list entries that is installed
858 * in the routing table, in order to keep additional side effects as
861 TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, ndr) {
869 TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, ndr) {
877 /* Nuke prefix list entries toward ifp */
878 LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, npr) {
879 if (pr->ndpr_ifp == ifp) {
881 * Because if_detach() does *not* release prefixes
882 * while purging addresses the reference count will
883 * still be above zero. We therefore reset it to
884 * make sure that the prefix really gets purged.
889 * Previously, pr->ndpr_addr is removed as well,
890 * but I strongly believe we don't have to do it.
891 * nd6_purge() is only called from in6_ifdetach(),
892 * which removes all the associated interface addresses
894 * (jinmei@kame.net 20010129)
900 /* cancel default outgoing interface setting */
901 if (V_nd6_defifindex == ifp->if_index)
902 nd6_setdefaultiface(0);
904 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) {
905 /* Refresh default router list. */
910 * We do not nuke the neighbor cache entries here any more
911 * because the neighbor cache is kept in if_afdata[AF_INET6].
912 * nd6_purge() is invoked by in6_ifdetach() which is called
913 * from if_detach() where everything gets purged. So let
914 * in6_domifdetach() do the actual L2 table purging work.
919 * the caller acquires and releases the lock on the lltbls
920 * Returns the llentry locked
923 nd6_lookup(struct in6_addr *addr6, int flags, struct ifnet *ifp)
925 struct sockaddr_in6 sin6;
929 bzero(&sin6, sizeof(sin6));
930 sin6.sin6_len = sizeof(struct sockaddr_in6);
931 sin6.sin6_family = AF_INET6;
932 sin6.sin6_addr = *addr6;
934 IF_AFDATA_LOCK_ASSERT(ifp);
936 llflags = (flags & ND6_EXCLUSIVE) ? LLE_EXCLUSIVE : 0;
937 ln = lla_lookup(LLTABLE6(ifp), llflags, (struct sockaddr *)&sin6);
943 nd6_alloc(struct in6_addr *addr6, int flags, struct ifnet *ifp)
945 struct sockaddr_in6 sin6;
948 bzero(&sin6, sizeof(sin6));
949 sin6.sin6_len = sizeof(struct sockaddr_in6);
950 sin6.sin6_family = AF_INET6;
951 sin6.sin6_addr = *addr6;
953 ln = lltable_alloc_entry(LLTABLE6(ifp), 0, (struct sockaddr *)&sin6);
955 ln->ln_state = ND6_LLINFO_NOSTATE;
961 * Test whether a given IPv6 address is a neighbor or not, ignoring
962 * the actual neighbor cache. The neighbor cache is ignored in order
963 * to not reenter the routing code from within itself.
966 nd6_is_new_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp)
968 struct nd_prefix *pr;
969 struct ifaddr *dstaddr;
972 * A link-local address is always a neighbor.
973 * XXX: a link does not necessarily specify a single interface.
975 if (IN6_IS_ADDR_LINKLOCAL(&addr->sin6_addr)) {
976 struct sockaddr_in6 sin6_copy;
980 * We need sin6_copy since sa6_recoverscope() may modify the
984 if (sa6_recoverscope(&sin6_copy))
985 return (0); /* XXX: should be impossible */
986 if (in6_setscope(&sin6_copy.sin6_addr, ifp, &zone))
988 if (sin6_copy.sin6_scope_id == zone)
995 * If the address matches one of our addresses,
996 * it should be a neighbor.
997 * If the address matches one of our on-link prefixes, it should be a
1000 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
1001 if (pr->ndpr_ifp != ifp)
1004 if (!(pr->ndpr_stateflags & NDPRF_ONLINK)) {
1007 /* Always use the default FIB here. */
1008 rt = in6_rtalloc1((struct sockaddr *)&pr->ndpr_prefix,
1009 0, 0, RT_DEFAULT_FIB);
1013 * This is the case where multiple interfaces
1014 * have the same prefix, but only one is installed
1015 * into the routing table and that prefix entry
1016 * is not the one being examined here. In the case
1017 * where RADIX_MPATH is enabled, multiple route
1018 * entries (of the same rt_key value) will be
1019 * installed because the interface addresses all
1022 if (!IN6_ARE_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr,
1023 &((struct sockaddr_in6 *)rt_key(rt))->sin6_addr)) {
1030 if (IN6_ARE_MASKED_ADDR_EQUAL(&pr->ndpr_prefix.sin6_addr,
1031 &addr->sin6_addr, &pr->ndpr_mask))
1036 * If the address is assigned on the node of the other side of
1037 * a p2p interface, the address should be a neighbor.
1039 dstaddr = ifa_ifwithdstaddr((struct sockaddr *)addr, RT_ALL_FIBS);
1040 if (dstaddr != NULL) {
1041 if (dstaddr->ifa_ifp == ifp) {
1049 * If the default router list is empty, all addresses are regarded
1050 * as on-link, and thus, as a neighbor.
1052 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV &&
1053 TAILQ_EMPTY(&V_nd_defrouter) &&
1054 V_nd6_defifindex == ifp->if_index) {
1063 * Detect if a given IPv6 address identifies a neighbor on a given link.
1064 * XXX: should take care of the destination of a p2p link?
1067 nd6_is_addr_neighbor(struct sockaddr_in6 *addr, struct ifnet *ifp)
1069 struct llentry *lle;
1072 IF_AFDATA_UNLOCK_ASSERT(ifp);
1073 if (nd6_is_new_addr_neighbor(addr, ifp))
1077 * Even if the address matches none of our addresses, it might be
1078 * in the neighbor cache.
1080 IF_AFDATA_RLOCK(ifp);
1081 if ((lle = nd6_lookup(&addr->sin6_addr, 0, ifp)) != NULL) {
1085 IF_AFDATA_RUNLOCK(ifp);
1090 * Free an nd6 llinfo entry.
1091 * Since the function would cause significant changes in the kernel, DO NOT
1092 * make it global, unless you have a strong reason for the change, and are sure
1093 * that the change is safe.
1095 static struct llentry *
1096 nd6_free(struct llentry *ln, int gc)
1098 struct llentry *next;
1099 struct nd_defrouter *dr;
1102 LLE_WLOCK_ASSERT(ln);
1105 * we used to have pfctlinput(PRC_HOSTDEAD) here.
1106 * even though it is not harmful, it was not really necessary.
1110 nd6_llinfo_settimer_locked(ln, -1);
1112 ifp = ln->lle_tbl->llt_ifp;
1114 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) {
1115 dr = defrouter_lookup(&ln->r_l3addr.addr6, ifp);
1117 if (dr != NULL && dr->expire &&
1118 ln->ln_state == ND6_LLINFO_STALE && gc) {
1120 * If the reason for the deletion is just garbage
1121 * collection, and the neighbor is an active default
1122 * router, do not delete it. Instead, reset the GC
1123 * timer using the router's lifetime.
1124 * Simply deleting the entry would affect default
1125 * router selection, which is not necessarily a good
1126 * thing, especially when we're using router preference
1128 * XXX: the check for ln_state would be redundant,
1129 * but we intentionally keep it just in case.
1131 if (dr->expire > time_uptime)
1132 nd6_llinfo_settimer_locked(ln,
1133 (dr->expire - time_uptime) * hz);
1135 nd6_llinfo_settimer_locked(ln,
1136 (long)V_nd6_gctimer * hz);
1138 next = LIST_NEXT(ln, lle_next);
1146 * Unreachablity of a router might affect the default
1147 * router selection and on-link detection of advertised
1152 * Temporarily fake the state to choose a new default
1153 * router and to perform on-link determination of
1154 * prefixes correctly.
1155 * Below the state will be set correctly,
1156 * or the entry itself will be deleted.
1158 ln->ln_state = ND6_LLINFO_INCOMPLETE;
1161 if (ln->ln_router || dr) {
1164 * We need to unlock to avoid a LOR with rt6_flush() with the
1165 * rnh and for the calls to pfxlist_onlink_check() and
1166 * defrouter_select() in the block further down for calls
1167 * into nd6_lookup(). We still hold a ref.
1172 * rt6_flush must be called whether or not the neighbor
1173 * is in the Default Router List.
1174 * See a corresponding comment in nd6_na_input().
1176 rt6_flush(&ln->r_l3addr.addr6, ifp);
1181 * Since defrouter_select() does not affect the
1182 * on-link determination and MIP6 needs the check
1183 * before the default router selection, we perform
1186 pfxlist_onlink_check();
1189 * Refresh default router list.
1194 if (ln->ln_router || dr)
1199 * Before deleting the entry, remember the next entry as the
1200 * return value. We need this because pfxlist_onlink_check() above
1201 * might have freed other entries (particularly the old next entry) as
1202 * a side effect (XXX).
1204 next = LIST_NEXT(ln, lle_next);
1207 * Save to unlock. We still hold an extra reference and will not
1208 * free(9) in llentry_free() if someone else holds one as well.
1211 IF_AFDATA_LOCK(ifp);
1214 /* Guard against race with other llentry_free(). */
1215 if (ln->la_flags & LLE_LINKED) {
1219 LLE_FREE_LOCKED(ln);
1221 IF_AFDATA_UNLOCK(ifp);
1227 * Upper-layer reachability hint for Neighbor Unreachability Detection.
1229 * XXX cost-effective methods?
1232 nd6_nud_hint(struct rtentry *rt, struct in6_addr *dst6, int force)
1237 if ((dst6 == NULL) || (rt == NULL))
1241 IF_AFDATA_RLOCK(ifp);
1242 ln = nd6_lookup(dst6, ND6_EXCLUSIVE, NULL);
1243 IF_AFDATA_RUNLOCK(ifp);
1247 if (ln->ln_state < ND6_LLINFO_REACHABLE)
1251 * if we get upper-layer reachability confirmation many times,
1252 * it is possible we have false information.
1256 if (ln->ln_byhint > V_nd6_maxnudhint) {
1261 ln->ln_state = ND6_LLINFO_REACHABLE;
1262 if (!ND6_LLINFO_PERMANENT(ln)) {
1263 nd6_llinfo_settimer_locked(ln,
1264 (long)ND_IFINFO(rt->rt_ifp)->reachable * hz);
1272 * Rejuvenate this function for routing operations related
1276 nd6_rtrequest(int req, struct rtentry *rt, struct rt_addrinfo *info)
1278 struct sockaddr_in6 *gateway;
1279 struct nd_defrouter *dr;
1282 gateway = (struct sockaddr_in6 *)rt->rt_gateway;
1293 * Only indirect routes are interesting.
1295 if ((rt->rt_flags & RTF_GATEWAY) == 0)
1298 * check for default route
1300 if (IN6_ARE_ADDR_EQUAL(&in6addr_any,
1301 &SIN6(rt_key(rt))->sin6_addr)) {
1303 dr = defrouter_lookup(&gateway->sin6_addr, ifp);
1313 nd6_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp)
1315 struct in6_drlist *drl = (struct in6_drlist *)data;
1316 struct in6_oprlist *oprl = (struct in6_oprlist *)data;
1317 struct in6_ndireq *ndi = (struct in6_ndireq *)data;
1318 struct in6_nbrinfo *nbi = (struct in6_nbrinfo *)data;
1319 struct in6_ndifreq *ndif = (struct in6_ndifreq *)data;
1320 struct nd_defrouter *dr;
1321 struct nd_prefix *pr;
1322 int i = 0, error = 0;
1324 if (ifp->if_afdata[AF_INET6] == NULL)
1325 return (EPFNOSUPPORT);
1327 case SIOCGDRLST_IN6:
1329 * obsolete API, use sysctl under net.inet6.icmp6
1331 bzero(drl, sizeof(*drl));
1332 TAILQ_FOREACH(dr, &V_nd_defrouter, dr_entry) {
1335 drl->defrouter[i].rtaddr = dr->rtaddr;
1336 in6_clearscope(&drl->defrouter[i].rtaddr);
1338 drl->defrouter[i].flags = dr->flags;
1339 drl->defrouter[i].rtlifetime = dr->rtlifetime;
1340 drl->defrouter[i].expire = dr->expire +
1341 (time_second - time_uptime);
1342 drl->defrouter[i].if_index = dr->ifp->if_index;
1346 case SIOCGPRLST_IN6:
1348 * obsolete API, use sysctl under net.inet6.icmp6
1350 * XXX the structure in6_prlist was changed in backward-
1351 * incompatible manner. in6_oprlist is used for SIOCGPRLST_IN6,
1352 * in6_prlist is used for nd6_sysctl() - fill_prlist().
1355 * XXX meaning of fields, especialy "raflags", is very
1356 * differnet between RA prefix list and RR/static prefix list.
1357 * how about separating ioctls into two?
1359 bzero(oprl, sizeof(*oprl));
1360 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
1361 struct nd_pfxrouter *pfr;
1366 oprl->prefix[i].prefix = pr->ndpr_prefix.sin6_addr;
1367 oprl->prefix[i].raflags = pr->ndpr_raf;
1368 oprl->prefix[i].prefixlen = pr->ndpr_plen;
1369 oprl->prefix[i].vltime = pr->ndpr_vltime;
1370 oprl->prefix[i].pltime = pr->ndpr_pltime;
1371 oprl->prefix[i].if_index = pr->ndpr_ifp->if_index;
1372 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME)
1373 oprl->prefix[i].expire = 0;
1377 /* XXX: we assume time_t is signed. */
1380 ((sizeof(maxexpire) * 8) - 1));
1381 if (pr->ndpr_vltime <
1382 maxexpire - pr->ndpr_lastupdate) {
1383 oprl->prefix[i].expire =
1384 pr->ndpr_lastupdate +
1386 (time_second - time_uptime);
1388 oprl->prefix[i].expire = maxexpire;
1392 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) {
1394 #define RTRADDR oprl->prefix[i].advrtr[j]
1395 RTRADDR = pfr->router->rtaddr;
1396 in6_clearscope(&RTRADDR);
1401 oprl->prefix[i].advrtrs = j;
1402 oprl->prefix[i].origin = PR_ORIG_RA;
1408 case OSIOCGIFINFO_IN6:
1410 /* XXX: old ndp(8) assumes a positive value for linkmtu. */
1411 bzero(&ND, sizeof(ND));
1412 ND.linkmtu = IN6_LINKMTU(ifp);
1413 ND.maxmtu = ND_IFINFO(ifp)->maxmtu;
1414 ND.basereachable = ND_IFINFO(ifp)->basereachable;
1415 ND.reachable = ND_IFINFO(ifp)->reachable;
1416 ND.retrans = ND_IFINFO(ifp)->retrans;
1417 ND.flags = ND_IFINFO(ifp)->flags;
1418 ND.recalctm = ND_IFINFO(ifp)->recalctm;
1419 ND.chlim = ND_IFINFO(ifp)->chlim;
1421 case SIOCGIFINFO_IN6:
1422 ND = *ND_IFINFO(ifp);
1424 case SIOCSIFINFO_IN6:
1426 * used to change host variables from userland.
1427 * intented for a use on router to reflect RA configurations.
1429 /* 0 means 'unspecified' */
1430 if (ND.linkmtu != 0) {
1431 if (ND.linkmtu < IPV6_MMTU ||
1432 ND.linkmtu > IN6_LINKMTU(ifp)) {
1436 ND_IFINFO(ifp)->linkmtu = ND.linkmtu;
1439 if (ND.basereachable != 0) {
1440 int obasereachable = ND_IFINFO(ifp)->basereachable;
1442 ND_IFINFO(ifp)->basereachable = ND.basereachable;
1443 if (ND.basereachable != obasereachable)
1444 ND_IFINFO(ifp)->reachable =
1445 ND_COMPUTE_RTIME(ND.basereachable);
1447 if (ND.retrans != 0)
1448 ND_IFINFO(ifp)->retrans = ND.retrans;
1450 ND_IFINFO(ifp)->chlim = ND.chlim;
1452 case SIOCSIFINFO_FLAGS:
1455 struct in6_ifaddr *ia;
1457 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) &&
1458 !(ND.flags & ND6_IFF_IFDISABLED)) {
1459 /* ifdisabled 1->0 transision */
1462 * If the interface is marked as ND6_IFF_IFDISABLED and
1463 * has an link-local address with IN6_IFF_DUPLICATED,
1464 * do not clear ND6_IFF_IFDISABLED.
1465 * See RFC 4862, Section 5.4.5.
1467 int duplicated_linklocal = 0;
1470 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1471 if (ifa->ifa_addr->sa_family != AF_INET6)
1473 ia = (struct in6_ifaddr *)ifa;
1474 if ((ia->ia6_flags & IN6_IFF_DUPLICATED) &&
1475 IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))) {
1476 duplicated_linklocal = 1;
1480 IF_ADDR_RUNLOCK(ifp);
1482 if (duplicated_linklocal) {
1483 ND.flags |= ND6_IFF_IFDISABLED;
1484 log(LOG_ERR, "Cannot enable an interface"
1485 " with a link-local address marked"
1488 ND_IFINFO(ifp)->flags &= ~ND6_IFF_IFDISABLED;
1489 if (ifp->if_flags & IFF_UP)
1492 } else if (!(ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) &&
1493 (ND.flags & ND6_IFF_IFDISABLED)) {
1494 /* ifdisabled 0->1 transision */
1495 /* Mark all IPv6 address as tentative. */
1497 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED;
1499 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1500 if (ifa->ifa_addr->sa_family != AF_INET6)
1502 ia = (struct in6_ifaddr *)ifa;
1503 ia->ia6_flags |= IN6_IFF_TENTATIVE;
1505 IF_ADDR_RUNLOCK(ifp);
1508 if (ND.flags & ND6_IFF_AUTO_LINKLOCAL) {
1509 if (!(ND_IFINFO(ifp)->flags & ND6_IFF_AUTO_LINKLOCAL)) {
1510 /* auto_linklocal 0->1 transision */
1512 /* If no link-local address on ifp, configure */
1513 ND_IFINFO(ifp)->flags |= ND6_IFF_AUTO_LINKLOCAL;
1514 in6_ifattach(ifp, NULL);
1515 } else if (!(ND.flags & ND6_IFF_IFDISABLED) &&
1516 ifp->if_flags & IFF_UP) {
1518 * When the IF already has
1519 * ND6_IFF_AUTO_LINKLOCAL, no link-local
1520 * address is assigned, and IFF_UP, try to
1523 int haslinklocal = 0;
1526 TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1527 if (ifa->ifa_addr->sa_family != AF_INET6)
1529 ia = (struct in6_ifaddr *)ifa;
1530 if (IN6_IS_ADDR_LINKLOCAL(IA6_IN6(ia))) {
1535 IF_ADDR_RUNLOCK(ifp);
1537 in6_ifattach(ifp, NULL);
1541 ND_IFINFO(ifp)->flags = ND.flags;
1544 case SIOCSNDFLUSH_IN6: /* XXX: the ioctl name is confusing... */
1545 /* sync kernel routing table with the default router list */
1549 case SIOCSPFXFLUSH_IN6:
1551 /* flush all the prefix advertised by routers */
1552 struct nd_prefix *pr, *next;
1554 LIST_FOREACH_SAFE(pr, &V_nd_prefix, ndpr_entry, next) {
1555 struct in6_ifaddr *ia, *ia_next;
1557 if (IN6_IS_ADDR_LINKLOCAL(&pr->ndpr_prefix.sin6_addr))
1560 /* do we really have to remove addresses as well? */
1561 /* XXXRW: in6_ifaddrhead locking. */
1562 TAILQ_FOREACH_SAFE(ia, &V_in6_ifaddrhead, ia_link,
1564 if ((ia->ia6_flags & IN6_IFF_AUTOCONF) == 0)
1567 if (ia->ia6_ndpr == pr)
1568 in6_purgeaddr(&ia->ia_ifa);
1574 case SIOCSRTRFLUSH_IN6:
1576 /* flush all the default routers */
1577 struct nd_defrouter *dr, *next;
1580 TAILQ_FOREACH_SAFE(dr, &V_nd_defrouter, dr_entry, next) {
1586 case SIOCGNBRINFO_IN6:
1589 struct in6_addr nb_addr = nbi->addr; /* make local for safety */
1591 if ((error = in6_setscope(&nb_addr, ifp, NULL)) != 0)
1594 IF_AFDATA_RLOCK(ifp);
1595 ln = nd6_lookup(&nb_addr, 0, ifp);
1596 IF_AFDATA_RUNLOCK(ifp);
1602 nbi->state = ln->ln_state;
1603 nbi->asked = ln->la_asked;
1604 nbi->isrouter = ln->ln_router;
1605 if (ln->la_expire == 0)
1608 nbi->expire = ln->la_expire +
1609 (time_second - time_uptime);
1613 case SIOCGDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */
1614 ndif->ifindex = V_nd6_defifindex;
1616 case SIOCSDEFIFACE_IN6: /* XXX: should be implemented as a sysctl? */
1617 return (nd6_setdefaultiface(ndif->ifindex));
1623 * Create neighbor cache entry and cache link-layer address,
1624 * on reception of inbound ND6 packets. (RS/RA/NS/redirect)
1627 * code - type dependent information
1630 * The caller of this function already acquired the ndp
1631 * cache table lock because the cache entry is returned.
1634 nd6_cache_lladdr(struct ifnet *ifp, struct in6_addr *from, char *lladdr,
1635 int lladdrlen, int type, int code)
1637 struct llentry *ln = NULL, *ln_tmp;
1644 uint16_t router = 0;
1645 struct sockaddr_in6 sin6;
1646 struct mbuf *chain = NULL;
1647 int static_route = 0;
1649 IF_AFDATA_UNLOCK_ASSERT(ifp);
1651 KASSERT(ifp != NULL, ("%s: ifp == NULL", __func__));
1652 KASSERT(from != NULL, ("%s: from == NULL", __func__));
1654 /* nothing must be updated for unspecified address */
1655 if (IN6_IS_ADDR_UNSPECIFIED(from))
1659 * Validation about ifp->if_addrlen and lladdrlen must be done in
1662 * XXX If the link does not have link-layer adderss, what should
1663 * we do? (ifp->if_addrlen == 0)
1664 * Spec says nothing in sections for RA, RS and NA. There's small
1665 * description on it in NS section (RFC 2461 7.2.3).
1667 flags = lladdr ? ND6_EXCLUSIVE : 0;
1668 IF_AFDATA_RLOCK(ifp);
1669 ln = nd6_lookup(from, flags, ifp);
1670 IF_AFDATA_RUNLOCK(ifp);
1673 flags |= ND6_EXCLUSIVE;
1674 ln = nd6_alloc(from, 0, ifp);
1677 IF_AFDATA_WLOCK(ifp);
1679 /* Prefer any existing lle over newly-created one */
1680 ln_tmp = nd6_lookup(from, ND6_EXCLUSIVE, ifp);
1682 lltable_link_entry(LLTABLE6(ifp), ln);
1683 IF_AFDATA_WUNLOCK(ifp);
1685 /* No existing lle, mark as new entry */
1688 lltable_free_entry(LLTABLE6(ifp), ln);
1693 /* do nothing if static ndp is set */
1694 if ((ln->la_flags & LLE_STATIC)) {
1699 olladdr = (ln->la_flags & LLE_VALID) ? 1 : 0;
1700 if (olladdr && lladdr) {
1701 llchange = bcmp(lladdr, &ln->ll_addr,
1707 * newentry olladdr lladdr llchange (*=record)
1710 * 0 n y -- (3) * STALE
1712 * 0 y y y (5) * STALE
1713 * 1 -- n -- (6) NOSTATE(= PASSIVE)
1714 * 1 -- y -- (7) * STALE
1717 if (lladdr) { /* (3-5) and (7) */
1719 * Record source link-layer address
1720 * XXX is it dependent to ifp->if_type?
1722 bcopy(lladdr, &ln->ll_addr, ifp->if_addrlen);
1723 ln->la_flags |= LLE_VALID;
1724 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED);
1728 if ((!olladdr && lladdr != NULL) || /* (3) */
1729 (olladdr && lladdr != NULL && llchange)) { /* (5) */
1731 newstate = ND6_LLINFO_STALE;
1732 } else /* (1-2,4) */
1736 if (lladdr == NULL) /* (6) */
1737 newstate = ND6_LLINFO_NOSTATE;
1739 newstate = ND6_LLINFO_STALE;
1744 * Update the state of the neighbor cache.
1746 ln->ln_state = newstate;
1748 if (ln->ln_state == ND6_LLINFO_STALE) {
1749 if (ln->la_hold != NULL)
1750 nd6_grab_holdchain(ln, &chain, &sin6);
1751 } else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
1752 /* probe right away */
1753 nd6_llinfo_settimer_locked((void *)ln, 0);
1758 * ICMP6 type dependent behavior.
1760 * NS: clear IsRouter if new entry
1761 * RS: clear IsRouter
1762 * RA: set IsRouter if there's lladdr
1763 * redir: clear IsRouter if new entry
1766 * The spec says that we must set IsRouter in the following cases:
1767 * - If lladdr exist, set IsRouter. This means (1-5).
1768 * - If it is old entry (!newentry), set IsRouter. This means (7).
1769 * So, based on the spec, in (1-5) and (7) cases we must set IsRouter.
1770 * A quetion arises for (1) case. (1) case has no lladdr in the
1771 * neighbor cache, this is similar to (6).
1772 * This case is rare but we figured that we MUST NOT set IsRouter.
1774 * newentry olladdr lladdr llchange NS RS RA redir
1776 * 0 n n -- (1) c ? s
1777 * 0 y n -- (2) c s s
1778 * 0 n y -- (3) c s s
1781 * 1 -- n -- (6) c c c s
1782 * 1 -- y -- (7) c c s c s
1786 switch (type & 0xff) {
1787 case ND_NEIGHBOR_SOLICIT:
1789 * New entry must have is_router flag cleared.
1791 if (is_newentry) /* (6-7) */
1796 * If the icmp is a redirect to a better router, always set the
1797 * is_router flag. Otherwise, if the entry is newly created,
1798 * clear the flag. [RFC 2461, sec 8.3]
1800 if (code == ND_REDIRECT_ROUTER)
1802 else if (is_newentry) /* (6-7) */
1805 case ND_ROUTER_SOLICIT:
1807 * is_router flag must always be cleared.
1811 case ND_ROUTER_ADVERT:
1813 * Mark an entry with lladdr as a router.
1815 if ((!is_newentry && (olladdr || lladdr)) || /* (2-5) */
1816 (is_newentry && lladdr)) { /* (7) */
1823 static_route = (ln->la_flags & LLE_STATIC);
1824 router = ln->ln_router;
1826 if (flags & ND6_EXCLUSIVE)
1834 nd6_flush_holdchain(ifp, ifp, chain, &sin6);
1837 * When the link-layer address of a router changes, select the
1838 * best router again. In particular, when the neighbor entry is newly
1839 * created, it might affect the selection policy.
1840 * Question: can we restrict the first condition to the "is_newentry"
1842 * XXX: when we hear an RA from a new router with the link-layer
1843 * address option, defrouter_select() is called twice, since
1844 * defrtrlist_update called the function as well. However, I believe
1845 * we can compromise the overhead, since it only happens the first
1847 * XXX: although defrouter_select() should not have a bad effect
1848 * for those are not autoconfigured hosts, we explicitly avoid such
1851 if (do_update && router &&
1852 ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) {
1854 * guaranteed recursion
1862 if (flags & ND6_EXCLUSIVE)
1873 nd6_slowtimo(void *arg)
1875 CURVNET_SET((struct vnet *) arg);
1876 struct nd_ifinfo *nd6if;
1879 callout_reset(&V_nd6_slowtimo_ch, ND6_SLOWTIMER_INTERVAL * hz,
1880 nd6_slowtimo, curvnet);
1881 IFNET_RLOCK_NOSLEEP();
1882 TAILQ_FOREACH(ifp, &V_ifnet, if_link) {
1883 if (ifp->if_afdata[AF_INET6] == NULL)
1885 nd6if = ND_IFINFO(ifp);
1886 if (nd6if->basereachable && /* already initialized */
1887 (nd6if->recalctm -= ND6_SLOWTIMER_INTERVAL) <= 0) {
1889 * Since reachable time rarely changes by router
1890 * advertisements, we SHOULD insure that a new random
1891 * value gets recomputed at least once every few hours.
1894 nd6if->recalctm = V_nd6_recalc_reachtm_interval;
1895 nd6if->reachable = ND_COMPUTE_RTIME(nd6if->basereachable);
1898 IFNET_RUNLOCK_NOSLEEP();
1903 nd6_grab_holdchain(struct llentry *ln, struct mbuf **chain,
1904 struct sockaddr_in6 *sin6)
1907 LLE_WLOCK_ASSERT(ln);
1909 *chain = ln->la_hold;
1911 lltable_fill_sa_entry(ln, (struct sockaddr *)sin6);
1913 if (ln->ln_state == ND6_LLINFO_STALE) {
1916 * The first time we send a packet to a
1917 * neighbor whose entry is STALE, we have
1918 * to change the state to DELAY and a sets
1919 * a timer to expire in DELAY_FIRST_PROBE_TIME
1920 * seconds to ensure do neighbor unreachability
1921 * detection on expiration.
1925 ln->ln_state = ND6_LLINFO_DELAY;
1926 nd6_llinfo_settimer_locked(ln, (long)V_nd6_delay * hz);
1931 nd6_output_ifp(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m,
1932 struct sockaddr_in6 *dst)
1936 struct ip6_hdr *ip6;
1940 mac_netinet6_nd6_send(ifp, m);
1944 * If called from nd6_ns_output() (NS), nd6_na_output() (NA),
1945 * icmp6_redirect_output() (REDIRECT) or from rip6_output() (RS, RA
1946 * as handled by rtsol and rtadvd), mbufs will be tagged for SeND
1947 * to be diverted to user space. When re-injected into the kernel,
1948 * send_output() will directly dispatch them to the outgoing interface.
1950 if (send_sendso_input_hook != NULL) {
1951 mtag = m_tag_find(m, PACKET_TAG_ND_OUTGOING, NULL);
1953 ip6 = mtod(m, struct ip6_hdr *);
1954 ip6len = sizeof(struct ip6_hdr) + ntohs(ip6->ip6_plen);
1955 /* Use the SEND socket */
1956 error = send_sendso_input_hook(m, ifp, SND_OUT,
1958 /* -1 == no app on SEND socket */
1959 if (error == 0 || error != -1)
1964 m_clrprotoflags(m); /* Avoid confusing lower layers. */
1965 IP_PROBE(send, NULL, NULL, mtod(m, struct ip6_hdr *), ifp, NULL,
1966 mtod(m, struct ip6_hdr *));
1968 if ((ifp->if_flags & IFF_LOOPBACK) == 0)
1971 error = (*ifp->if_output)(origifp, m, (struct sockaddr *)dst, NULL);
1976 * IPv6 packet output - light version.
1977 * Checks if destination LLE exists and is in proper state
1978 * (e.g no modification required). If not true, fall back to
1982 nd6_output(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m,
1983 struct sockaddr_in6 *dst, struct rtentry *rt0)
1985 struct llentry *ln = NULL;
1987 /* discard the packet if IPv6 operation is disabled on the interface */
1988 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) {
1990 return (ENETDOWN); /* better error? */
1993 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr))
1996 if (nd6_need_cache(ifp) == 0)
1999 IF_AFDATA_RLOCK(ifp);
2000 ln = nd6_lookup(&dst->sin6_addr, 0, ifp);
2001 IF_AFDATA_RUNLOCK(ifp);
2004 * Perform fast path for the following cases:
2005 * 1) lle state is REACHABLE
2006 * 2) lle state is DELAY (NS message sentNS message sent)
2008 * Every other case involves lle modification, so we handle
2011 if (ln == NULL || (ln->ln_state != ND6_LLINFO_REACHABLE &&
2012 ln->ln_state != ND6_LLINFO_DELAY)) {
2013 /* Fall back to slow processing path */
2016 return (nd6_output_lle(ifp, origifp, m, dst));
2023 return (nd6_output_ifp(ifp, origifp, m, dst));
2028 * Output IPv6 packet - heavy version.
2029 * Function assume that either
2030 * 1) destination LLE does not exist, is invalid or stale, so
2031 * ND6_EXCLUSIVE lock needs to be acquired
2032 * 2) destination lle is provided (with ND6_EXCLUSIVE lock),
2033 * in that case packets are queued in &chain.
2037 nd6_output_lle(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *m,
2038 struct sockaddr_in6 *dst)
2040 struct llentry *lle = NULL, *lle_tmp;
2042 KASSERT(m != NULL, ("NULL mbuf, nothing to send"));
2043 /* discard the packet if IPv6 operation is disabled on the interface */
2044 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED)) {
2046 return (ENETDOWN); /* better error? */
2049 if (IN6_IS_ADDR_MULTICAST(&dst->sin6_addr))
2052 if (nd6_need_cache(ifp) == 0)
2056 * Address resolution or Neighbor Unreachability Detection
2058 * At this point, the destination of the packet must be a unicast
2059 * or an anycast address(i.e. not a multicast).
2062 IF_AFDATA_RLOCK(ifp);
2063 lle = nd6_lookup(&dst->sin6_addr, ND6_EXCLUSIVE, ifp);
2064 IF_AFDATA_RUNLOCK(ifp);
2065 if ((lle == NULL) && nd6_is_addr_neighbor(dst, ifp)) {
2067 * Since nd6_is_addr_neighbor() internally calls nd6_lookup(),
2068 * the condition below is not very efficient. But we believe
2069 * it is tolerable, because this should be a rare case.
2071 lle = nd6_alloc(&dst->sin6_addr, 0, ifp);
2073 char ip6buf[INET6_ADDRSTRLEN];
2075 "nd6_output: can't allocate llinfo for %s "
2077 ip6_sprintf(ip6buf, &dst->sin6_addr), lle);
2081 lle->ln_state = ND6_LLINFO_NOSTATE;
2083 IF_AFDATA_WLOCK(ifp);
2085 /* Prefer any existing entry over newly-created one */
2086 lle_tmp = nd6_lookup(&dst->sin6_addr, ND6_EXCLUSIVE, ifp);
2087 if (lle_tmp == NULL)
2088 lltable_link_entry(LLTABLE6(ifp), lle);
2089 IF_AFDATA_WUNLOCK(ifp);
2090 if (lle_tmp != NULL) {
2091 lltable_free_entry(LLTABLE6(ifp), lle);
2098 if ((ifp->if_flags & IFF_POINTOPOINT) == 0 &&
2099 !(ND_IFINFO(ifp)->flags & ND6_IFF_PERFORMNUD)) {
2103 goto sendpkt; /* send anyway */
2106 LLE_WLOCK_ASSERT(lle);
2108 /* We don't have to do link-layer address resolution on a p2p link. */
2109 if ((ifp->if_flags & IFF_POINTOPOINT) != 0 &&
2110 lle->ln_state < ND6_LLINFO_REACHABLE) {
2111 lle->ln_state = ND6_LLINFO_STALE;
2112 nd6_llinfo_settimer_locked(lle, (long)V_nd6_gctimer * hz);
2116 * The first time we send a packet to a neighbor whose entry is
2117 * STALE, we have to change the state to DELAY and a sets a timer to
2118 * expire in DELAY_FIRST_PROBE_TIME seconds to ensure do
2119 * neighbor unreachability detection on expiration.
2122 if (lle->ln_state == ND6_LLINFO_STALE) {
2124 lle->ln_state = ND6_LLINFO_DELAY;
2125 nd6_llinfo_settimer_locked(lle, (long)V_nd6_delay * hz);
2129 * If the neighbor cache entry has a state other than INCOMPLETE
2130 * (i.e. its link-layer address is already resolved), just
2133 if (lle->ln_state > ND6_LLINFO_INCOMPLETE)
2137 * There is a neighbor cache entry, but no ethernet address
2138 * response yet. Append this latest packet to the end of the
2139 * packet queue in the mbuf, unless the number of the packet
2140 * does not exceed nd6_maxqueuelen. When it exceeds nd6_maxqueuelen,
2141 * the oldest packet in the queue will be removed.
2143 if (lle->ln_state == ND6_LLINFO_NOSTATE)
2144 lle->ln_state = ND6_LLINFO_INCOMPLETE;
2146 if (lle->la_hold != NULL) {
2147 struct mbuf *m_hold;
2151 for (m_hold = lle->la_hold; m_hold; m_hold = m_hold->m_nextpkt){
2153 if (m_hold->m_nextpkt == NULL) {
2154 m_hold->m_nextpkt = m;
2158 while (i >= V_nd6_maxqueuelen) {
2159 m_hold = lle->la_hold;
2160 lle->la_hold = lle->la_hold->m_nextpkt;
2169 * If there has been no NS for the neighbor after entering the
2170 * INCOMPLETE state, send the first solicitation.
2172 if (!ND6_LLINFO_PERMANENT(lle) && lle->la_asked == 0) {
2175 nd6_llinfo_settimer_locked(lle,
2176 (long)ND_IFINFO(ifp)->retrans * hz / 1000);
2178 nd6_ns_output(ifp, NULL, &dst->sin6_addr, lle, NULL);
2180 /* We did the lookup so we need to do the unlock here. */
2190 return (nd6_output_ifp(ifp, origifp, m, dst));
2195 nd6_flush_holdchain(struct ifnet *ifp, struct ifnet *origifp, struct mbuf *chain,
2196 struct sockaddr_in6 *dst)
2198 struct mbuf *m, *m_head;
2199 struct ifnet *outifp;
2203 if ((ifp->if_flags & IFF_LOOPBACK) != 0)
2210 m_head = m_head->m_nextpkt;
2211 error = nd6_output_ifp(ifp, origifp, m, dst);
2216 * note that intermediate errors are blindly ignored - but this is
2217 * the same convention as used with nd6_output when called by
2225 nd6_need_cache(struct ifnet *ifp)
2228 * XXX: we currently do not make neighbor cache on any interface
2229 * other than ARCnet, Ethernet, FDDI and GIF.
2232 * - unidirectional tunnels needs no ND
2234 switch (ifp->if_type) {
2241 case IFT_INFINIBAND:
2243 case IFT_PROPVIRTUAL:
2251 * Add pernament ND6 link-layer record for given
2252 * interface address.
2254 * Very similar to IPv4 arp_ifinit(), but:
2255 * 1) IPv6 DAD is performed in different place
2256 * 2) It is called by IPv6 protocol stack in contrast to
2257 * arp_ifinit() which is typically called in SIOCSIFADDR
2258 * driver ioctl handler.
2262 nd6_add_ifa_lle(struct in6_ifaddr *ia)
2265 struct llentry *ln, *ln_tmp;
2266 struct sockaddr *dst;
2268 ifp = ia->ia_ifa.ifa_ifp;
2269 if (nd6_need_cache(ifp) == 0)
2272 ia->ia_ifa.ifa_rtrequest = nd6_rtrequest;
2273 dst = (struct sockaddr *)&ia->ia_addr;
2274 ln = lltable_alloc_entry(LLTABLE6(ifp), LLE_IFADDR, dst);
2278 ln->la_expire = 0; /* for IPv6 this means permanent */
2279 ln->ln_state = ND6_LLINFO_REACHABLE;
2281 IF_AFDATA_WLOCK(ifp);
2283 /* Unlink any entry if exists */
2284 ln_tmp = lla_lookup(LLTABLE6(ifp), LLE_EXCLUSIVE, dst);
2286 lltable_unlink_entry(LLTABLE6(ifp), ln_tmp);
2287 lltable_link_entry(LLTABLE6(ifp), ln);
2288 IF_AFDATA_WUNLOCK(ifp);
2291 EVENTHANDLER_INVOKE(lle_event, ln_tmp, LLENTRY_EXPIRED);
2292 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED);
2296 llentry_free(ln_tmp);
2302 * Removes ALL lle records for interface address prefix.
2303 * XXXME: That's probably not we really want to do, we need
2304 * to remove address record only and keep other records
2305 * until we determine if given prefix is really going
2309 nd6_rem_ifa_lle(struct in6_ifaddr *ia)
2311 struct sockaddr_in6 mask, addr;
2314 ifp = ia->ia_ifa.ifa_ifp;
2315 memcpy(&addr, &ia->ia_addr, sizeof(ia->ia_addr));
2316 memcpy(&mask, &ia->ia_prefixmask, sizeof(ia->ia_prefixmask));
2317 lltable_prefix_free(AF_INET6, (struct sockaddr *)&addr,
2318 (struct sockaddr *)&mask, LLE_STATIC);
2322 * the callers of this function need to be re-worked to drop
2323 * the lle lock, drop here for now
2326 nd6_storelladdr(struct ifnet *ifp, struct mbuf *m,
2327 const struct sockaddr *dst, u_char *desten, uint32_t *pflags)
2333 IF_AFDATA_UNLOCK_ASSERT(ifp);
2334 if (m != NULL && m->m_flags & M_MCAST) {
2335 switch (ifp->if_type) {
2342 ETHER_MAP_IPV6_MULTICAST(&SIN6(dst)->sin6_addr,
2347 return (EAFNOSUPPORT);
2353 * the entry should have been created in nd6_store_lladdr
2355 IF_AFDATA_RLOCK(ifp);
2356 ln = lla_lookup(LLTABLE6(ifp), 0, dst);
2357 IF_AFDATA_RUNLOCK(ifp);
2358 if ((ln == NULL) || !(ln->la_flags & LLE_VALID)) {
2361 /* this could happen, if we could not allocate memory */
2366 bcopy(&ln->ll_addr, desten, ifp->if_addrlen);
2368 *pflags = ln->la_flags;
2371 * A *small* use after free race exists here
2377 clear_llinfo_pqueue(struct llentry *ln)
2379 struct mbuf *m_hold, *m_hold_next;
2381 for (m_hold = ln->la_hold; m_hold; m_hold = m_hold_next) {
2382 m_hold_next = m_hold->m_nextpkt;
2390 static int nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS);
2391 static int nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS);
2393 SYSCTL_DECL(_net_inet6_icmp6);
2395 SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_DRLIST, nd6_drlist,
2396 CTLFLAG_RD, nd6_sysctl_drlist, "");
2397 SYSCTL_NODE(_net_inet6_icmp6, ICMPV6CTL_ND6_PRLIST, nd6_prlist,
2398 CTLFLAG_RD, nd6_sysctl_prlist, "");
2399 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXQLEN, nd6_maxqueuelen,
2400 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_maxqueuelen), 1, "");
2401 SYSCTL_INT(_net_inet6_icmp6, OID_AUTO, nd6_gctimer,
2402 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(nd6_gctimer), (60 * 60 * 24), "");
2405 nd6_sysctl_drlist(SYSCTL_HANDLER_ARGS)
2407 struct in6_defrouter d;
2408 struct nd_defrouter *dr;
2414 bzero(&d, sizeof(d));
2415 d.rtaddr.sin6_family = AF_INET6;
2416 d.rtaddr.sin6_len = sizeof(d.rtaddr);
2421 TAILQ_FOREACH(dr, &V_nd_defrouter, dr_entry) {
2422 d.rtaddr.sin6_addr = dr->rtaddr;
2423 error = sa6_recoverscope(&d.rtaddr);
2426 d.flags = dr->flags;
2427 d.rtlifetime = dr->rtlifetime;
2428 d.expire = dr->expire + (time_second - time_uptime);
2429 d.if_index = dr->ifp->if_index;
2430 error = SYSCTL_OUT(req, &d, sizeof(d));
2438 nd6_sysctl_prlist(SYSCTL_HANDLER_ARGS)
2440 struct in6_prefix p;
2441 struct sockaddr_in6 s6;
2442 struct nd_prefix *pr;
2443 struct nd_pfxrouter *pfr;
2446 char ip6buf[INET6_ADDRSTRLEN];
2451 bzero(&p, sizeof(p));
2452 p.origin = PR_ORIG_RA;
2453 bzero(&s6, sizeof(s6));
2454 s6.sin6_family = AF_INET6;
2455 s6.sin6_len = sizeof(s6);
2460 LIST_FOREACH(pr, &V_nd_prefix, ndpr_entry) {
2461 p.prefix = pr->ndpr_prefix;
2462 if (sa6_recoverscope(&p.prefix)) {
2463 log(LOG_ERR, "scope error in prefix list (%s)\n",
2464 ip6_sprintf(ip6buf, &p.prefix.sin6_addr));
2465 /* XXX: press on... */
2467 p.raflags = pr->ndpr_raf;
2468 p.prefixlen = pr->ndpr_plen;
2469 p.vltime = pr->ndpr_vltime;
2470 p.pltime = pr->ndpr_pltime;
2471 p.if_index = pr->ndpr_ifp->if_index;
2472 if (pr->ndpr_vltime == ND6_INFINITE_LIFETIME)
2475 /* XXX: we assume time_t is signed. */
2477 ~((time_t)1 << ((sizeof(maxexpire) * 8) - 1));
2478 if (pr->ndpr_vltime < maxexpire - pr->ndpr_lastupdate)
2479 p.expire = pr->ndpr_lastupdate +
2481 (time_second - time_uptime);
2483 p.expire = maxexpire;
2485 p.refcnt = pr->ndpr_refcnt;
2486 p.flags = pr->ndpr_stateflags;
2488 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry)
2490 error = SYSCTL_OUT(req, &p, sizeof(p));
2493 LIST_FOREACH(pfr, &pr->ndpr_advrtrs, pfr_entry) {
2494 s6.sin6_addr = pfr->router->rtaddr;
2495 if (sa6_recoverscope(&s6))
2497 "scope error in prefix list (%s)\n",
2498 ip6_sprintf(ip6buf, &pfr->router->rtaddr));
2499 error = SYSCTL_OUT(req, &s6, sizeof(s6));