2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * $KAME: nd6_nbr.c,v 1.86 2002/01/21 02:33:04 jinmei Exp $
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
36 #include "opt_inet6.h"
37 #include "opt_ipsec.h"
38 #include "opt_mpath.h"
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/malloc.h>
43 #include <sys/libkern.h>
45 #include <sys/rwlock.h>
47 #include <sys/socket.h>
48 #include <sys/sockio.h>
50 #include <sys/kernel.h>
51 #include <sys/errno.h>
52 #include <sys/sysctl.h>
53 #include <sys/syslog.h>
54 #include <sys/queue.h>
55 #include <sys/callout.h>
56 #include <sys/refcount.h>
59 #include <net/if_types.h>
60 #include <net/if_dl.h>
61 #include <net/if_var.h>
62 #include <net/route.h>
64 #include <net/radix_mpath.h>
68 #include <netinet/in.h>
69 #include <netinet/in_var.h>
70 #include <net/if_llatbl.h>
71 #include <netinet6/in6_var.h>
72 #include <netinet6/in6_ifattach.h>
73 #include <netinet/ip6.h>
74 #include <netinet6/ip6_var.h>
75 #include <netinet6/scope6_var.h>
76 #include <netinet6/nd6.h>
77 #include <netinet/icmp6.h>
78 #include <netinet/ip_carp.h>
79 #include <netinet6/send.h>
81 #define SDL(s) ((struct sockaddr_dl *)s)
84 static struct dadq *nd6_dad_find(struct ifaddr *, struct nd_opt_nonce *);
85 static void nd6_dad_add(struct dadq *dp);
86 static void nd6_dad_del(struct dadq *dp);
87 static void nd6_dad_rele(struct dadq *);
88 static void nd6_dad_starttimer(struct dadq *, int);
89 static void nd6_dad_stoptimer(struct dadq *);
90 static void nd6_dad_timer(struct dadq *);
91 static void nd6_dad_duplicated(struct ifaddr *, struct dadq *);
92 static void nd6_dad_ns_output(struct dadq *, struct ifaddr *);
93 static void nd6_dad_ns_input(struct ifaddr *, struct nd_opt_nonce *);
94 static void nd6_dad_na_input(struct ifaddr *);
95 static void nd6_na_output_fib(struct ifnet *, const struct in6_addr *,
96 const struct in6_addr *, u_long, int, struct sockaddr *, u_int);
97 static void nd6_ns_output_fib(struct ifnet *, const struct in6_addr *,
98 const struct in6_addr *, struct llentry *, uint8_t *, u_int);
100 static VNET_DEFINE(int, dad_enhanced) = 1;
101 #define V_dad_enhanced VNET(dad_enhanced)
103 SYSCTL_DECL(_net_inet6_ip6);
104 SYSCTL_INT(_net_inet6_ip6, OID_AUTO, dad_enhanced, CTLFLAG_VNET | CTLFLAG_RW,
105 &VNET_NAME(dad_enhanced), 0,
106 "Enable Enhanced DAD, which adds a random nonce to NS messages for DAD.");
108 static VNET_DEFINE(int, dad_maxtry) = 15; /* max # of *tries* to
109 transmit DAD packet */
110 #define V_dad_maxtry VNET(dad_maxtry)
113 * Input a Neighbor Solicitation Message.
116 * Based on RFC 2462 (duplicate address detection)
119 nd6_ns_input(struct mbuf *m, int off, int icmp6len)
121 struct ifnet *ifp = m->m_pkthdr.rcvif;
122 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
123 struct nd_neighbor_solicit *nd_ns;
124 struct in6_addr saddr6 = ip6->ip6_src;
125 struct in6_addr daddr6 = ip6->ip6_dst;
126 struct in6_addr taddr6;
127 struct in6_addr myaddr6;
129 struct ifaddr *ifa = NULL;
131 int anycast = 0, proxy = 0, tentative = 0;
134 union nd_opts ndopts;
135 struct sockaddr_dl proxydl;
136 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
138 rflag = (V_ip6_forwarding) ? ND_NA_FLAG_ROUTER : 0;
139 if (ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV && V_ip6_norbit_raif)
141 #ifndef PULLDOWN_TEST
142 IP6_EXTHDR_CHECK(m, off, icmp6len,);
143 nd_ns = (struct nd_neighbor_solicit *)((caddr_t)ip6 + off);
145 IP6_EXTHDR_GET(nd_ns, struct nd_neighbor_solicit *, m, off, icmp6len);
147 ICMP6STAT_INC(icp6s_tooshort);
151 ip6 = mtod(m, struct ip6_hdr *); /* adjust pointer for safety */
152 taddr6 = nd_ns->nd_ns_target;
153 if (in6_setscope(&taddr6, ifp, NULL) != 0)
156 if (ip6->ip6_hlim != 255) {
158 "nd6_ns_input: invalid hlim (%d) from %s to %s on %s\n",
159 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
160 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
164 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
165 /* dst has to be a solicited node multicast address. */
166 if (daddr6.s6_addr16[0] == IPV6_ADDR_INT16_MLL &&
167 /* don't check ifindex portion */
168 daddr6.s6_addr32[1] == 0 &&
169 daddr6.s6_addr32[2] == IPV6_ADDR_INT32_ONE &&
170 daddr6.s6_addr8[12] == 0xff) {
173 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet "
174 "(wrong ip6 dst)\n"));
177 } else if (!V_nd6_onlink_ns_rfc4861) {
178 struct sockaddr_in6 src_sa6;
181 * According to recent IETF discussions, it is not a good idea
182 * to accept a NS from an address which would not be deemed
183 * to be a neighbor otherwise. This point is expected to be
184 * clarified in future revisions of the specification.
186 bzero(&src_sa6, sizeof(src_sa6));
187 src_sa6.sin6_family = AF_INET6;
188 src_sa6.sin6_len = sizeof(src_sa6);
189 src_sa6.sin6_addr = saddr6;
190 if (nd6_is_addr_neighbor(&src_sa6, ifp) == 0) {
191 nd6log((LOG_INFO, "nd6_ns_input: "
192 "NS packet from non-neighbor\n"));
197 if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
198 nd6log((LOG_INFO, "nd6_ns_input: bad NS target (multicast)\n"));
202 icmp6len -= sizeof(*nd_ns);
203 nd6_option_init(nd_ns + 1, icmp6len, &ndopts);
204 if (nd6_options(&ndopts) < 0) {
206 "nd6_ns_input: invalid ND option, ignored\n"));
207 /* nd6_options have incremented stats */
211 if (ndopts.nd_opts_src_lladdr) {
212 lladdr = (char *)(ndopts.nd_opts_src_lladdr + 1);
213 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
216 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && lladdr) {
217 nd6log((LOG_INFO, "nd6_ns_input: bad DAD packet "
218 "(link-layer address option)\n"));
223 * Attaching target link-layer address to the NA?
226 * NS IP dst is unicast/anycast MUST NOT add
227 * NS IP dst is solicited-node multicast MUST add
229 * In implementation, we add target link-layer address by default.
230 * We do not add one in MUST NOT cases.
232 if (!IN6_IS_ADDR_MULTICAST(&daddr6))
238 * Target address (taddr6) must be either:
239 * (1) Valid unicast/anycast address for my receiving interface,
240 * (2) Unicast address for which I'm offering proxy service, or
241 * (3) "tentative" address on which DAD is being performed.
243 /* (1) and (3) check. */
245 ifa = (*carp_iamatch6_p)(ifp, &taddr6);
247 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
254 bzero(&ro, sizeof(ro));
255 ro.ro_dst.sin6_len = sizeof(struct sockaddr_in6);
256 ro.ro_dst.sin6_family = AF_INET6;
257 ro.ro_dst.sin6_addr = taddr6;
259 /* Always use the default FIB. */
261 rtalloc_mpath_fib((struct route *)&ro, ntohl(taddr6.s6_addr32[3]),
264 in6_rtalloc(&ro, RT_DEFAULT_FIB);
266 need_proxy = (ro.ro_rt &&
267 (ro.ro_rt->rt_flags & RTF_ANNOUNCE) != 0 &&
268 ro.ro_rt->rt_gateway->sa_family == AF_LINK);
269 if (ro.ro_rt != NULL) {
271 proxydl = *SDL(ro.ro_rt->rt_gateway);
276 * proxy NDP for single entry
278 ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp,
279 IN6_IFF_NOTREADY|IN6_IFF_ANYCAST);
286 * We've got an NS packet, and we don't have that adddress
287 * assigned for us. We MUST silently ignore it.
292 myaddr6 = *IFA_IN6(ifa);
293 anycast = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_ANYCAST;
294 tentative = ((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE;
295 if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_DUPLICATED)
298 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
299 nd6log((LOG_INFO, "nd6_ns_input: lladdrlen mismatch for %s "
300 "(if %d, NS packet %d)\n",
301 ip6_sprintf(ip6bufs, &taddr6),
302 ifp->if_addrlen, lladdrlen - 2));
306 if (IN6_ARE_ADDR_EQUAL(&myaddr6, &saddr6)) {
307 nd6log((LOG_INFO, "nd6_ns_input: duplicate IP6 address %s\n",
308 ip6_sprintf(ip6bufs, &saddr6)));
313 * We have neighbor solicitation packet, with target address equals to
314 * one of my tentative address.
316 * src addr how to process?
318 * multicast of course, invalid (rejected in ip6_input)
319 * unicast somebody is doing address resolution -> ignore
320 * unspec dup address detection
322 * The processing is defined in RFC 2462.
326 * If source address is unspecified address, it is for
327 * duplicate address detection.
329 * If not, the packet is for addess resolution;
330 * silently ignore it.
332 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6))
333 nd6_dad_ns_input(ifa, ndopts.nd_opts_nonce);
339 * If the source address is unspecified address, entries must not
340 * be created or updated.
341 * It looks that sender is performing DAD. Output NA toward
342 * all-node multicast address, to tell the sender that I'm using
344 * S bit ("solicited") must be zero.
346 if (IN6_IS_ADDR_UNSPECIFIED(&saddr6)) {
347 struct in6_addr in6_all;
349 in6_all = in6addr_linklocal_allnodes;
350 if (in6_setscope(&in6_all, ifp, NULL) != 0)
352 nd6_na_output_fib(ifp, &in6_all, &taddr6,
353 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) |
354 rflag, tlladdr, proxy ? (struct sockaddr *)&proxydl : NULL,
359 nd6_cache_lladdr(ifp, &saddr6, lladdr, lladdrlen,
360 ND_NEIGHBOR_SOLICIT, 0);
362 nd6_na_output_fib(ifp, &saddr6, &taddr6,
363 ((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) |
364 rflag | ND_NA_FLAG_SOLICITED, tlladdr,
365 proxy ? (struct sockaddr *)&proxydl : NULL, M_GETFIB(m));
373 nd6log((LOG_ERR, "nd6_ns_input: src=%s\n",
374 ip6_sprintf(ip6bufs, &saddr6)));
375 nd6log((LOG_ERR, "nd6_ns_input: dst=%s\n",
376 ip6_sprintf(ip6bufs, &daddr6)));
377 nd6log((LOG_ERR, "nd6_ns_input: tgt=%s\n",
378 ip6_sprintf(ip6bufs, &taddr6)));
379 ICMP6STAT_INC(icp6s_badns);
386 * Output a Neighbor Solicitation Message. Caller specifies:
387 * - ICMP6 header source IP6 address
388 * - ND6 header target IP6 address
389 * - ND6 header source datalink address
392 * Based on RFC 2462 (duplicate address detection)
394 * ln - for source address determination
395 * nonce - If non-NULL, NS is used for duplicate address detection and
396 * the value (length is ND_OPT_NONCE_LEN) is used as a random nonce.
399 nd6_ns_output_fib(struct ifnet *ifp, const struct in6_addr *daddr6,
400 const struct in6_addr *taddr6, struct llentry *ln, uint8_t *nonce,
406 struct nd_neighbor_solicit *nd_ns;
407 struct ip6_moptions im6o;
413 if (IN6_IS_ADDR_MULTICAST(taddr6))
416 /* estimate the size of message */
417 maxlen = sizeof(*ip6) + sizeof(*nd_ns);
418 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
419 KASSERT(max_linkhdr + maxlen <= MCLBYTES, (
420 "%s: max_linkhdr + maxlen > MCLBYTES (%d + %d > %d)",
421 __func__, max_linkhdr, maxlen, MCLBYTES));
423 if (max_linkhdr + maxlen > MHLEN)
424 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
426 m = m_gethdr(M_NOWAIT, MT_DATA);
431 bzero(&ro, sizeof(ro));
433 if (daddr6 == NULL || IN6_IS_ADDR_MULTICAST(daddr6)) {
434 m->m_flags |= M_MCAST;
435 im6o.im6o_multicast_ifp = ifp;
436 im6o.im6o_multicast_hlim = 255;
437 im6o.im6o_multicast_loop = 0;
440 icmp6len = sizeof(*nd_ns);
441 m->m_pkthdr.len = m->m_len = sizeof(*ip6) + icmp6len;
442 m->m_data += max_linkhdr; /* or M_ALIGN() equivalent? */
444 /* fill neighbor solicitation packet */
445 ip6 = mtod(m, struct ip6_hdr *);
447 ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
448 ip6->ip6_vfc |= IPV6_VERSION;
449 /* ip6->ip6_plen will be set later */
450 ip6->ip6_nxt = IPPROTO_ICMPV6;
453 ip6->ip6_dst = *daddr6;
455 ip6->ip6_dst.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
456 ip6->ip6_dst.s6_addr16[1] = 0;
457 ip6->ip6_dst.s6_addr32[1] = 0;
458 ip6->ip6_dst.s6_addr32[2] = IPV6_ADDR_INT32_ONE;
459 ip6->ip6_dst.s6_addr32[3] = taddr6->s6_addr32[3];
460 ip6->ip6_dst.s6_addr8[12] = 0xff;
461 if (in6_setscope(&ip6->ip6_dst, ifp, NULL) != 0)
469 * "If the source address of the packet prompting the
470 * solicitation is the same as one of the addresses assigned
471 * to the outgoing interface, that address SHOULD be placed
472 * in the IP Source Address of the outgoing solicitation.
473 * Otherwise, any one of the addresses assigned to the
474 * interface should be used."
476 * We use the source address for the prompting packet
478 * - saddr6 is given from the caller (by giving "ln"), and
479 * - saddr6 belongs to the outgoing interface.
480 * Otherwise, we perform the source address selection as usual.
482 struct in6_addr *hsrc;
487 if (ln->la_hold != NULL) {
488 struct ip6_hdr *hip6; /* hold ip6 */
491 * assuming every packet in la_hold has the same IP
494 hip6 = mtod(ln->la_hold, struct ip6_hdr *);
496 if (sizeof(*hip6) < ln->la_hold->m_len) {
497 ip6->ip6_src = hip6->ip6_src;
498 hsrc = &hip6->ip6_src;
503 if (hsrc && (ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp,
505 /* ip6_src set already. */
509 struct sockaddr_in6 dst_sa;
510 struct in6_addr src_in;
513 bzero(&dst_sa, sizeof(dst_sa));
514 dst_sa.sin6_family = AF_INET6;
515 dst_sa.sin6_len = sizeof(dst_sa);
516 dst_sa.sin6_addr = ip6->ip6_dst;
519 error = in6_selectsrc(&dst_sa, NULL,
520 NULL, &ro, NULL, &oifp, &src_in);
522 char ip6buf[INET6_ADDRSTRLEN];
523 nd6log((LOG_DEBUG, "%s: source can't be "
524 "determined: dst=%s, error=%d\n", __func__,
525 ip6_sprintf(ip6buf, &dst_sa.sin6_addr),
529 ip6->ip6_src = src_in;
533 * Source address for DAD packet must always be IPv6
534 * unspecified address. (0::0)
535 * We actually don't have to 0-clear the address (we did it
536 * above), but we do so here explicitly to make the intention
539 bzero(&ip6->ip6_src, sizeof(ip6->ip6_src));
541 nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1);
542 nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT;
543 nd_ns->nd_ns_code = 0;
544 nd_ns->nd_ns_reserved = 0;
545 nd_ns->nd_ns_target = *taddr6;
546 in6_clearscope(&nd_ns->nd_ns_target); /* XXX */
549 * Add source link-layer address option.
551 * spec implementation
553 * DAD packet MUST NOT do not add the option
554 * there's no link layer address:
555 * impossible do not add the option
556 * there's link layer address:
557 * Multicast NS MUST add one add the option
558 * Unicast NS SHOULD add one add the option
560 if (nonce == NULL && (mac = nd6_ifptomac(ifp))) {
561 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
562 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1);
563 /* 8 byte alignments... */
564 optlen = (optlen + 7) & ~7;
566 m->m_pkthdr.len += optlen;
569 bzero((caddr_t)nd_opt, optlen);
570 nd_opt->nd_opt_type = ND_OPT_SOURCE_LINKADDR;
571 nd_opt->nd_opt_len = optlen >> 3;
572 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen);
575 * Add a Nonce option (RFC 3971) to detect looped back NS messages.
576 * This behavior is documented as Enhanced Duplicate Address
577 * Detection in draft-ietf-6man-enhanced-dad-13.
578 * net.inet6.ip6.dad_enhanced=0 disables this.
580 if (V_dad_enhanced != 0 && nonce != NULL) {
581 int optlen = sizeof(struct nd_opt_hdr) + ND_OPT_NONCE_LEN;
582 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_ns + 1);
583 /* 8-byte alignment is required. */
584 optlen = (optlen + 7) & ~7;
586 m->m_pkthdr.len += optlen;
589 bzero((caddr_t)nd_opt, optlen);
590 nd_opt->nd_opt_type = ND_OPT_NONCE;
591 nd_opt->nd_opt_len = optlen >> 3;
592 bcopy(nonce, (caddr_t)(nd_opt + 1), ND_OPT_NONCE_LEN);
594 ip6->ip6_plen = htons((u_short)icmp6len);
595 nd_ns->nd_ns_cksum = 0;
597 in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), icmp6len);
599 if (send_sendso_input_hook != NULL) {
600 mtag = m_tag_get(PACKET_TAG_ND_OUTGOING,
601 sizeof(unsigned short), M_NOWAIT);
604 *(unsigned short *)(mtag + 1) = nd_ns->nd_ns_type;
605 m_tag_prepend(m, mtag);
608 ip6_output(m, NULL, &ro, (nonce != NULL) ? IPV6_UNSPECSRC : 0,
610 icmp6_ifstat_inc(ifp, ifs6_out_msg);
611 icmp6_ifstat_inc(ifp, ifs6_out_neighborsolicit);
612 ICMP6STAT_INC(icp6s_outhist[ND_NEIGHBOR_SOLICIT]);
614 /* We don't cache this route. */
629 nd6_ns_output(struct ifnet *ifp, const struct in6_addr *daddr6,
630 const struct in6_addr *taddr6, struct llentry *ln, uint8_t *nonce)
633 nd6_ns_output_fib(ifp, daddr6, taddr6, ln, nonce, RT_DEFAULT_FIB);
637 * Neighbor advertisement input handling.
640 * Based on RFC 2462 (duplicate address detection)
642 * the following items are not implemented yet:
643 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
644 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
647 nd6_na_input(struct mbuf *m, int off, int icmp6len)
649 struct ifnet *ifp = m->m_pkthdr.rcvif;
650 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
651 struct nd_neighbor_advert *nd_na;
652 struct in6_addr daddr6 = ip6->ip6_dst;
653 struct in6_addr taddr6;
662 struct llentry *ln = NULL;
663 union nd_opts ndopts;
664 struct mbuf *chain = NULL;
665 struct sockaddr_in6 sin6;
666 char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
668 if (ip6->ip6_hlim != 255) {
670 "nd6_na_input: invalid hlim (%d) from %s to %s on %s\n",
671 ip6->ip6_hlim, ip6_sprintf(ip6bufs, &ip6->ip6_src),
672 ip6_sprintf(ip6bufd, &ip6->ip6_dst), if_name(ifp)));
676 #ifndef PULLDOWN_TEST
677 IP6_EXTHDR_CHECK(m, off, icmp6len,);
678 nd_na = (struct nd_neighbor_advert *)((caddr_t)ip6 + off);
680 IP6_EXTHDR_GET(nd_na, struct nd_neighbor_advert *, m, off, icmp6len);
682 ICMP6STAT_INC(icp6s_tooshort);
687 flags = nd_na->nd_na_flags_reserved;
688 is_router = ((flags & ND_NA_FLAG_ROUTER) != 0);
689 is_solicited = ((flags & ND_NA_FLAG_SOLICITED) != 0);
690 is_override = ((flags & ND_NA_FLAG_OVERRIDE) != 0);
691 memset(&sin6, 0, sizeof(sin6));
693 taddr6 = nd_na->nd_na_target;
694 if (in6_setscope(&taddr6, ifp, NULL))
695 goto bad; /* XXX: impossible */
697 if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
699 "nd6_na_input: invalid target address %s\n",
700 ip6_sprintf(ip6bufs, &taddr6)));
703 if (IN6_IS_ADDR_MULTICAST(&daddr6))
706 "nd6_na_input: a solicited adv is multicasted\n"));
710 icmp6len -= sizeof(*nd_na);
711 nd6_option_init(nd_na + 1, icmp6len, &ndopts);
712 if (nd6_options(&ndopts) < 0) {
714 "nd6_na_input: invalid ND option, ignored\n"));
715 /* nd6_options have incremented stats */
719 if (ndopts.nd_opts_tgt_lladdr) {
720 lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1);
721 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
725 * This effectively disables the DAD check on a non-master CARP
729 ifa = (*carp_iamatch6_p)(ifp, &taddr6);
731 ifa = (struct ifaddr *)in6ifa_ifpwithaddr(ifp, &taddr6);
734 * Target address matches one of my interface address.
736 * If my address is tentative, this means that there's somebody
737 * already using the same address as mine. This indicates DAD failure.
738 * This is defined in RFC 2462.
740 * Otherwise, process as defined in RFC 2461.
743 && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) {
744 nd6_dad_na_input(ifa);
749 /* Just for safety, maybe unnecessary. */
753 "nd6_na_input: duplicate IP6 address %s\n",
754 ip6_sprintf(ip6bufs, &taddr6));
758 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) {
759 nd6log((LOG_INFO, "nd6_na_input: lladdrlen mismatch for %s "
760 "(if %d, NA packet %d)\n", ip6_sprintf(ip6bufs, &taddr6),
761 ifp->if_addrlen, lladdrlen - 2));
766 * If no neighbor cache entry is found, NA SHOULD silently be
769 IF_AFDATA_RLOCK(ifp);
770 ln = nd6_lookup(&taddr6, LLE_EXCLUSIVE, ifp);
771 IF_AFDATA_RUNLOCK(ifp);
776 if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
778 * If the link-layer has address, and no lladdr option came,
779 * discard the packet.
781 if (ifp->if_addrlen && lladdr == NULL) {
786 * Record link-layer address, and update the state.
788 bcopy(lladdr, &ln->ll_addr, ifp->if_addrlen);
789 ln->la_flags |= LLE_VALID;
790 EVENTHANDLER_INVOKE(lle_event, ln, LLENTRY_RESOLVED);
792 ln->ln_state = ND6_LLINFO_REACHABLE;
794 if (!ND6_LLINFO_PERMANENT(ln)) {
795 nd6_llinfo_settimer_locked(ln,
796 (long)ND_IFINFO(ln->lle_tbl->llt_ifp)->reachable * hz);
799 ln->ln_state = ND6_LLINFO_STALE;
800 nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz);
802 if ((ln->ln_router = is_router) != 0) {
804 * This means a router's state has changed from
805 * non-reachable to probably reachable, and might
806 * affect the status of associated prefixes..
814 * Check if the link-layer address has changed or not.
819 if (ln->la_flags & LLE_VALID) {
820 if (bcmp(lladdr, &ln->ll_addr, ifp->if_addrlen))
829 * This is VERY complex. Look at it with care.
831 * override solicit lladdr llchange action
836 * 0 0 y y (1) REACHABLE->STALE
837 * 0 1 n -- (2c) *->REACHABLE
838 * 0 1 y n (2b) L *->REACHABLE
839 * 0 1 y y (1) REACHABLE->STALE
842 * 1 0 y y (2a) L *->STALE
843 * 1 1 n -- (2a) *->REACHABLE
844 * 1 1 y n (2a) L *->REACHABLE
845 * 1 1 y y (2a) L *->REACHABLE
847 if (!is_override && (lladdr != NULL && llchange)) { /* (1) */
849 * If state is REACHABLE, make it STALE.
850 * no other updates should be done.
852 if (ln->ln_state == ND6_LLINFO_REACHABLE) {
853 ln->ln_state = ND6_LLINFO_STALE;
854 nd6_llinfo_settimer_locked(ln, (long)V_nd6_gctimer * hz);
857 } else if (is_override /* (2a) */
858 || (!is_override && (lladdr != NULL && !llchange)) /* (2b) */
859 || lladdr == NULL) { /* (2c) */
861 * Update link-local address, if any.
863 if (lladdr != NULL) {
864 bcopy(lladdr, &ln->ll_addr, ifp->if_addrlen);
865 ln->la_flags |= LLE_VALID;
866 EVENTHANDLER_INVOKE(lle_event, ln,
871 * If solicited, make the state REACHABLE.
872 * If not solicited and the link-layer address was
873 * changed, make it STALE.
876 ln->ln_state = ND6_LLINFO_REACHABLE;
878 if (!ND6_LLINFO_PERMANENT(ln)) {
879 nd6_llinfo_settimer_locked(ln,
880 (long)ND_IFINFO(ifp)->reachable * hz);
883 if (lladdr != NULL && llchange) {
884 ln->ln_state = ND6_LLINFO_STALE;
885 nd6_llinfo_settimer_locked(ln,
886 (long)V_nd6_gctimer * hz);
891 if (ln->ln_router && !is_router) {
893 * The peer dropped the router flag.
894 * Remove the sender from the Default Router List and
895 * update the Destination Cache entries.
897 struct nd_defrouter *dr;
898 struct in6_addr *in6;
900 in6 = &ln->r_l3addr.addr6;
903 * Lock to protect the default router list.
904 * XXX: this might be unnecessary, since this function
905 * is only called under the network software interrupt
906 * context. However, we keep it just for safety.
908 dr = defrouter_lookup(in6, ln->lle_tbl->llt_ifp);
911 else if (ND_IFINFO(ln->lle_tbl->llt_ifp)->flags &
912 ND6_IFF_ACCEPT_RTADV) {
914 * Even if the neighbor is not in the default
915 * router list, the neighbor may be used
916 * as a next hop for some destinations
917 * (e.g. redirect case). So we must
918 * call rt6_flush explicitly.
920 rt6_flush(&ip6->ip6_src, ifp);
923 ln->ln_router = is_router;
927 * rt->rt_flags &= ~RTF_REJECT;
930 if (ln->la_hold != NULL)
931 nd6_grab_holdchain(ln, &chain, &sin6);
937 nd6_flush_holdchain(ifp, ifp, chain, &sin6);
940 pfxlist_onlink_check();
949 ICMP6STAT_INC(icp6s_badna);
954 * Neighbor advertisement output handling.
958 * the following items are not implemented yet:
959 * - proxy advertisement delay rule (RFC2461 7.2.8, last paragraph, SHOULD)
960 * - anycast advertisement delay rule (RFC2461 7.2.7, SHOULD)
962 * tlladdr - 1 if include target link-layer address
963 * sdl0 - sockaddr_dl (= proxy NA) or NULL
966 nd6_na_output_fib(struct ifnet *ifp, const struct in6_addr *daddr6_0,
967 const struct in6_addr *taddr6, u_long flags, int tlladdr,
968 struct sockaddr *sdl0, u_int fibnum)
974 struct nd_neighbor_advert *nd_na;
975 struct ip6_moptions im6o;
976 struct in6_addr src, daddr6;
977 struct sockaddr_in6 dst_sa;
978 int icmp6len, maxlen, error;
982 bzero(&ro, sizeof(ro));
984 daddr6 = *daddr6_0; /* make a local copy for modification */
986 /* estimate the size of message */
987 maxlen = sizeof(*ip6) + sizeof(*nd_na);
988 maxlen += (sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7;
989 KASSERT(max_linkhdr + maxlen <= MCLBYTES, (
990 "%s: max_linkhdr + maxlen > MCLBYTES (%d + %d > %d)",
991 __func__, max_linkhdr, maxlen, MCLBYTES));
993 if (max_linkhdr + maxlen > MHLEN)
994 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
996 m = m_gethdr(M_NOWAIT, MT_DATA);
1001 if (IN6_IS_ADDR_MULTICAST(&daddr6)) {
1002 m->m_flags |= M_MCAST;
1003 im6o.im6o_multicast_ifp = ifp;
1004 im6o.im6o_multicast_hlim = 255;
1005 im6o.im6o_multicast_loop = 0;
1008 icmp6len = sizeof(*nd_na);
1009 m->m_pkthdr.len = m->m_len = sizeof(struct ip6_hdr) + icmp6len;
1010 m->m_data += max_linkhdr; /* or M_ALIGN() equivalent? */
1012 /* fill neighbor advertisement packet */
1013 ip6 = mtod(m, struct ip6_hdr *);
1015 ip6->ip6_vfc &= ~IPV6_VERSION_MASK;
1016 ip6->ip6_vfc |= IPV6_VERSION;
1017 ip6->ip6_nxt = IPPROTO_ICMPV6;
1018 ip6->ip6_hlim = 255;
1019 if (IN6_IS_ADDR_UNSPECIFIED(&daddr6)) {
1021 daddr6.s6_addr16[0] = IPV6_ADDR_INT16_MLL;
1022 daddr6.s6_addr16[1] = 0;
1023 daddr6.s6_addr32[1] = 0;
1024 daddr6.s6_addr32[2] = 0;
1025 daddr6.s6_addr32[3] = IPV6_ADDR_INT32_ONE;
1026 if (in6_setscope(&daddr6, ifp, NULL))
1029 flags &= ~ND_NA_FLAG_SOLICITED;
1031 ip6->ip6_dst = daddr6;
1032 bzero(&dst_sa, sizeof(struct sockaddr_in6));
1033 dst_sa.sin6_family = AF_INET6;
1034 dst_sa.sin6_len = sizeof(struct sockaddr_in6);
1035 dst_sa.sin6_addr = daddr6;
1038 * Select a source whose scope is the same as that of the dest.
1040 bcopy(&dst_sa, &ro.ro_dst, sizeof(dst_sa));
1042 error = in6_selectsrc(&dst_sa, NULL, NULL, &ro, NULL, &oifp, &src);
1044 char ip6buf[INET6_ADDRSTRLEN];
1045 nd6log((LOG_DEBUG, "nd6_na_output: source can't be "
1046 "determined: dst=%s, error=%d\n",
1047 ip6_sprintf(ip6buf, &dst_sa.sin6_addr), error));
1051 nd_na = (struct nd_neighbor_advert *)(ip6 + 1);
1052 nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
1053 nd_na->nd_na_code = 0;
1054 nd_na->nd_na_target = *taddr6;
1055 in6_clearscope(&nd_na->nd_na_target); /* XXX */
1058 * "tlladdr" indicates NS's condition for adding tlladdr or not.
1059 * see nd6_ns_input() for details.
1060 * Basically, if NS packet is sent to unicast/anycast addr,
1061 * target lladdr option SHOULD NOT be included.
1065 * sdl0 != NULL indicates proxy NA. If we do proxy, use
1066 * lladdr in sdl0. If we are not proxying (sending NA for
1067 * my address) use lladdr configured for the interface.
1071 mac = (*carp_macmatch6_p)(ifp, m, taddr6);
1073 mac = nd6_ifptomac(ifp);
1074 } else if (sdl0->sa_family == AF_LINK) {
1075 struct sockaddr_dl *sdl;
1076 sdl = (struct sockaddr_dl *)sdl0;
1077 if (sdl->sdl_alen == ifp->if_addrlen)
1081 if (tlladdr && mac) {
1082 int optlen = sizeof(struct nd_opt_hdr) + ifp->if_addrlen;
1083 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)(nd_na + 1);
1085 /* roundup to 8 bytes alignment! */
1086 optlen = (optlen + 7) & ~7;
1088 m->m_pkthdr.len += optlen;
1091 bzero((caddr_t)nd_opt, optlen);
1092 nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR;
1093 nd_opt->nd_opt_len = optlen >> 3;
1094 bcopy(mac, (caddr_t)(nd_opt + 1), ifp->if_addrlen);
1096 flags &= ~ND_NA_FLAG_OVERRIDE;
1098 ip6->ip6_plen = htons((u_short)icmp6len);
1099 nd_na->nd_na_flags_reserved = flags;
1100 nd_na->nd_na_cksum = 0;
1101 nd_na->nd_na_cksum =
1102 in6_cksum(m, IPPROTO_ICMPV6, sizeof(struct ip6_hdr), icmp6len);
1104 if (send_sendso_input_hook != NULL) {
1105 mtag = m_tag_get(PACKET_TAG_ND_OUTGOING,
1106 sizeof(unsigned short), M_NOWAIT);
1109 *(unsigned short *)(mtag + 1) = nd_na->nd_na_type;
1110 m_tag_prepend(m, mtag);
1113 ip6_output(m, NULL, &ro, 0, &im6o, NULL, NULL);
1114 icmp6_ifstat_inc(ifp, ifs6_out_msg);
1115 icmp6_ifstat_inc(ifp, ifs6_out_neighboradvert);
1116 ICMP6STAT_INC(icp6s_outhist[ND_NEIGHBOR_ADVERT]);
1118 /* We don't cache this route. */
1131 #ifndef BURN_BRIDGES
1133 nd6_na_output(struct ifnet *ifp, const struct in6_addr *daddr6_0,
1134 const struct in6_addr *taddr6, u_long flags, int tlladdr,
1135 struct sockaddr *sdl0)
1138 nd6_na_output_fib(ifp, daddr6_0, taddr6, flags, tlladdr, sdl0,
1144 nd6_ifptomac(struct ifnet *ifp)
1146 switch (ifp->if_type) {
1153 case IFT_INFINIBAND:
1156 return IF_LLADDR(ifp);
1163 TAILQ_ENTRY(dadq) dad_list;
1164 struct ifaddr *dad_ifa;
1165 int dad_count; /* max NS to send */
1166 int dad_ns_tcount; /* # of trials to send NS */
1167 int dad_ns_ocount; /* NS sent so far */
1170 int dad_ns_lcount; /* looped back NS */
1171 int dad_loopbackprobe; /* probing state for loopback detection */
1172 struct callout dad_timer_ch;
1173 struct vnet *dad_vnet;
1175 #define ND_OPT_NONCE_LEN32 \
1176 ((ND_OPT_NONCE_LEN + sizeof(uint32_t) - 1)/sizeof(uint32_t))
1177 uint32_t dad_nonce[ND_OPT_NONCE_LEN32];
1180 static VNET_DEFINE(TAILQ_HEAD(, dadq), dadq);
1181 static VNET_DEFINE(struct rwlock, dad_rwlock);
1182 #define V_dadq VNET(dadq)
1183 #define V_dad_rwlock VNET(dad_rwlock)
1185 #define DADQ_RLOCK() rw_rlock(&V_dad_rwlock)
1186 #define DADQ_RUNLOCK() rw_runlock(&V_dad_rwlock)
1187 #define DADQ_WLOCK() rw_wlock(&V_dad_rwlock)
1188 #define DADQ_WUNLOCK() rw_wunlock(&V_dad_rwlock)
1191 nd6_dad_add(struct dadq *dp)
1195 TAILQ_INSERT_TAIL(&V_dadq, dp, dad_list);
1200 nd6_dad_del(struct dadq *dp)
1204 TAILQ_REMOVE(&V_dadq, dp, dad_list);
1209 static struct dadq *
1210 nd6_dad_find(struct ifaddr *ifa, struct nd_opt_nonce *n)
1215 TAILQ_FOREACH(dp, &V_dadq, dad_list) {
1216 if (dp->dad_ifa != ifa)
1219 * Skip if the nonce matches the received one.
1220 * +2 in the length is required because of type and
1221 * length fields are included in a header.
1224 n->nd_opt_nonce_len == (ND_OPT_NONCE_LEN + 2) / 8 &&
1225 memcmp(&n->nd_opt_nonce[0], &dp->dad_nonce[0],
1226 ND_OPT_NONCE_LEN) == 0) {
1227 dp->dad_ns_lcount++;
1230 refcount_acquire(&dp->dad_refcnt);
1239 nd6_dad_starttimer(struct dadq *dp, int ticks)
1242 callout_reset(&dp->dad_timer_ch, ticks,
1243 (void (*)(void *))nd6_dad_timer, (void *)dp);
1247 nd6_dad_stoptimer(struct dadq *dp)
1250 callout_drain(&dp->dad_timer_ch);
1254 nd6_dad_rele(struct dadq *dp)
1257 if (refcount_release(&dp->dad_refcnt)) {
1258 ifa_free(dp->dad_ifa);
1267 rw_init(&V_dad_rwlock, "nd6 DAD queue");
1268 TAILQ_INIT(&V_dadq);
1272 * Start Duplicate Address Detection (DAD) for specified interface address.
1275 nd6_dad_start(struct ifaddr *ifa, int delay)
1277 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1279 char ip6buf[INET6_ADDRSTRLEN];
1282 * If we don't need DAD, don't do it.
1283 * There are several cases:
1284 * - DAD is disabled (ip6_dad_count == 0)
1285 * - the interface address is anycast
1287 if (!(ia->ia6_flags & IN6_IFF_TENTATIVE)) {
1289 "nd6_dad_start: called with non-tentative address "
1291 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
1292 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1295 if (ia->ia6_flags & IN6_IFF_ANYCAST) {
1296 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1299 if (!V_ip6_dad_count) {
1300 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1303 if (ifa->ifa_ifp == NULL)
1304 panic("nd6_dad_start: ifa->ifa_ifp == NULL");
1305 if (!(ifa->ifa_ifp->if_flags & IFF_UP)) {
1308 if (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_IFDISABLED)
1310 if ((dp = nd6_dad_find(ifa, NULL)) != NULL) {
1311 /* DAD already in progress */
1316 dp = malloc(sizeof(*dp), M_IP6NDP, M_NOWAIT | M_ZERO);
1318 log(LOG_ERR, "nd6_dad_start: memory allocation failed for "
1320 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
1321 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1324 callout_init(&dp->dad_timer_ch, 0);
1326 dp->dad_vnet = curvnet;
1328 nd6log((LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp),
1329 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
1332 * Send NS packet for DAD, ip6_dad_count times.
1333 * Note that we must delay the first transmission, if this is the
1334 * first packet to be sent from the interface after interface
1335 * (re)initialization.
1338 ifa_ref(dp->dad_ifa);
1339 dp->dad_count = V_ip6_dad_count;
1340 dp->dad_ns_icount = dp->dad_na_icount = 0;
1341 dp->dad_ns_ocount = dp->dad_ns_tcount = 0;
1342 dp->dad_ns_lcount = dp->dad_loopbackprobe = 0;
1343 refcount_init(&dp->dad_refcnt, 1);
1346 nd6_dad_ns_output(dp, ifa);
1347 nd6_dad_starttimer(dp,
1348 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
1350 nd6_dad_starttimer(dp, delay);
1355 * terminate DAD unconditionally. used for address removals.
1358 nd6_dad_stop(struct ifaddr *ifa)
1362 dp = nd6_dad_find(ifa, NULL);
1364 /* DAD wasn't started yet */
1368 nd6_dad_stoptimer(dp);
1371 * The DAD queue entry may have been removed by nd6_dad_timer() while
1372 * we were waiting for it to stop, so re-do the lookup.
1375 if (nd6_dad_find(ifa, NULL) == NULL)
1383 nd6_dad_timer(struct dadq *dp)
1385 CURVNET_SET(dp->dad_vnet);
1386 struct ifaddr *ifa = dp->dad_ifa;
1387 struct ifnet *ifp = dp->dad_ifa->ifa_ifp;
1388 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1389 char ip6buf[INET6_ADDRSTRLEN];
1393 log(LOG_ERR, "nd6_dad_timer: called with null parameter\n");
1396 if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) {
1397 /* Do not need DAD for ifdisabled interface. */
1398 log(LOG_ERR, "nd6_dad_timer: cancel DAD on %s because of "
1399 "ND6_IFF_IFDISABLED.\n", ifp->if_xname);
1402 if (ia->ia6_flags & IN6_IFF_DUPLICATED) {
1403 log(LOG_ERR, "nd6_dad_timer: called with duplicated address "
1405 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
1406 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1409 if ((ia->ia6_flags & IN6_IFF_TENTATIVE) == 0) {
1410 log(LOG_ERR, "nd6_dad_timer: called with non-tentative address "
1412 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
1413 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1417 /* Stop DAD if the interface is down even after dad_maxtry attempts. */
1418 if ((dp->dad_ns_tcount > V_dad_maxtry) &&
1419 (((ifp->if_flags & IFF_UP) == 0) ||
1420 ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0))) {
1421 nd6log((LOG_INFO, "%s: could not run DAD, driver problem?\n",
1422 if_name(ifa->ifa_ifp)));
1426 /* Need more checks? */
1427 if (dp->dad_ns_ocount < dp->dad_count) {
1429 * We have more NS to go. Send NS packet for DAD.
1431 nd6_dad_ns_output(dp, ifa);
1432 nd6_dad_starttimer(dp,
1433 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
1437 * We have transmitted sufficient number of DAD packets.
1438 * See what we've got.
1440 if (dp->dad_ns_icount > 0 || dp->dad_na_icount > 0)
1441 /* We've seen NS or NA, means DAD has failed. */
1442 nd6_dad_duplicated(ifa, dp);
1443 else if (V_dad_enhanced != 0 &&
1444 dp->dad_ns_lcount > 0 &&
1445 dp->dad_ns_lcount > dp->dad_loopbackprobe) {
1447 * Sec. 4.1 in RFC 7527 requires transmission of
1448 * additional probes until the loopback condition
1449 * becomes clear when a looped back probe is detected.
1451 log(LOG_ERR, "%s: a looped back NS message is "
1452 "detected during DAD for %s. "
1453 "Another DAD probes are being sent.\n",
1454 if_name(ifa->ifa_ifp),
1455 ip6_sprintf(ip6buf, IFA_IN6(ifa)));
1456 dp->dad_loopbackprobe = dp->dad_ns_lcount;
1458 * Send an NS immediately and increase dad_count by
1459 * V_nd6_mmaxtries - 1.
1461 nd6_dad_ns_output(dp, ifa);
1463 dp->dad_ns_ocount + V_nd6_mmaxtries - 1;
1464 nd6_dad_starttimer(dp,
1465 (long)ND_IFINFO(ifa->ifa_ifp)->retrans * hz / 1000);
1469 * We are done with DAD. No NA came, no NS came.
1470 * No duplicate address found. Check IFDISABLED flag
1471 * again in case that it is changed between the
1472 * beginning of this function and here.
1474 if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) == 0)
1475 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1478 "%s: DAD complete for %s - no duplicates found\n",
1479 if_name(ifa->ifa_ifp),
1480 ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
1481 if (dp->dad_ns_lcount > 0)
1482 log(LOG_ERR, "%s: DAD completed while "
1483 "a looped back NS message is detected "
1484 "during DAD for %s.\n",
1485 if_name(ifa->ifa_ifp),
1486 ip6_sprintf(ip6buf, IFA_IN6(ifa)));
1496 nd6_dad_duplicated(struct ifaddr *ifa, struct dadq *dp)
1498 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1500 char ip6buf[INET6_ADDRSTRLEN];
1502 log(LOG_ERR, "%s: DAD detected duplicate IPv6 address %s: "
1503 "NS in/out/loopback=%d/%d/%d, NA in=%d\n",
1504 if_name(ifa->ifa_ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
1505 dp->dad_ns_icount, dp->dad_ns_ocount, dp->dad_ns_lcount,
1508 ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
1509 ia->ia6_flags |= IN6_IFF_DUPLICATED;
1512 log(LOG_ERR, "%s: DAD complete for %s - duplicate found\n",
1513 if_name(ifp), ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr));
1514 log(LOG_ERR, "%s: manual intervention required\n",
1518 * If the address is a link-local address formed from an interface
1519 * identifier based on the hardware address which is supposed to be
1520 * uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP
1521 * operation on the interface SHOULD be disabled.
1522 * [RFC 4862, Section 5.4.5]
1524 if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) {
1525 struct in6_addr in6;
1528 * To avoid over-reaction, we only apply this logic when we are
1529 * very sure that hardware addresses are supposed to be unique.
1531 switch (ifp->if_type) {
1537 case IFT_INFINIBAND:
1538 in6 = ia->ia_addr.sin6_addr;
1539 if (in6_get_hw_ifid(ifp, &in6) == 0 &&
1540 IN6_ARE_ADDR_EQUAL(&ia->ia_addr.sin6_addr, &in6)) {
1541 ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED;
1542 log(LOG_ERR, "%s: possible hardware address "
1543 "duplication detected, disable IPv6\n",
1552 nd6_dad_ns_output(struct dadq *dp, struct ifaddr *ifa)
1554 struct in6_ifaddr *ia = (struct in6_ifaddr *)ifa;
1555 struct ifnet *ifp = ifa->ifa_ifp;
1558 dp->dad_ns_tcount++;
1559 if ((ifp->if_flags & IFF_UP) == 0) {
1562 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
1566 dp->dad_ns_ocount++;
1567 if (V_dad_enhanced != 0) {
1568 for (i = 0; i < ND_OPT_NONCE_LEN32; i++)
1569 dp->dad_nonce[i] = arc4random();
1571 * XXXHRS: Note that in the case that
1572 * DupAddrDetectTransmits > 1, multiple NS messages with
1573 * different nonces can be looped back in an unexpected
1574 * order. The current implementation recognizes only
1575 * the latest nonce on the sender side. Practically it
1576 * should work well in almost all cases.
1579 nd6_ns_output(ifp, NULL, &ia->ia_addr.sin6_addr, NULL,
1580 (uint8_t *)&dp->dad_nonce[0]);
1584 nd6_dad_ns_input(struct ifaddr *ifa, struct nd_opt_nonce *ndopt_nonce)
1586 struct in6_ifaddr *ia;
1588 const struct in6_addr *taddr6;
1592 panic("ifa == NULL in nd6_dad_ns_input");
1594 ia = (struct in6_ifaddr *)ifa;
1596 taddr6 = &ia->ia_addr.sin6_addr;
1597 /* Ignore Nonce option when Enhanced DAD is disabled. */
1598 if (V_dad_enhanced == 0)
1600 dp = nd6_dad_find(ifa, ndopt_nonce);
1604 dp->dad_ns_icount++;
1609 nd6_dad_na_input(struct ifaddr *ifa)
1614 panic("ifa == NULL in nd6_dad_na_input");
1616 dp = nd6_dad_find(ifa, NULL);
1618 dp->dad_na_icount++;