1 | /* $NetBSD: if_arp.c,v 1.232 2016/11/05 20:03:15 roy Exp $ */ |
2 | |
3 | /*- |
4 | * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc. |
5 | * All rights reserved. |
6 | * |
7 | * This code is derived from software contributed to The NetBSD Foundation |
8 | * by Public Access Networks Corporation ("Panix"). It was developed under |
9 | * contract to Panix by Eric Haszlakiewicz and Thor Lancelot Simon. |
10 | * |
11 | * Redistribution and use in source and binary forms, with or without |
12 | * modification, are permitted provided that the following conditions |
13 | * are met: |
14 | * 1. Redistributions of source code must retain the above copyright |
15 | * notice, this list of conditions and the following disclaimer. |
16 | * 2. Redistributions in binary form must reproduce the above copyright |
17 | * notice, this list of conditions and the following disclaimer in the |
18 | * documentation and/or other materials provided with the distribution. |
19 | * |
20 | * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
21 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
22 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
23 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
24 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
25 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
26 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
27 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
28 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
29 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
30 | * POSSIBILITY OF SUCH DAMAGE. |
31 | */ |
32 | |
33 | /* |
34 | * Copyright (c) 1982, 1986, 1988, 1993 |
35 | * The Regents of the University of California. All rights reserved. |
36 | * |
37 | * Redistribution and use in source and binary forms, with or without |
38 | * modification, are permitted provided that the following conditions |
39 | * are met: |
40 | * 1. Redistributions of source code must retain the above copyright |
41 | * notice, this list of conditions and the following disclaimer. |
42 | * 2. Redistributions in binary form must reproduce the above copyright |
43 | * notice, this list of conditions and the following disclaimer in the |
44 | * documentation and/or other materials provided with the distribution. |
45 | * 3. Neither the name of the University nor the names of its contributors |
46 | * may be used to endorse or promote products derived from this software |
47 | * without specific prior written permission. |
48 | * |
49 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
50 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
51 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
59 | * SUCH DAMAGE. |
60 | * |
61 | * @(#)if_ether.c 8.2 (Berkeley) 9/26/94 |
62 | */ |
63 | |
64 | /* |
65 | * Ethernet address resolution protocol. |
66 | * TODO: |
67 | * add "inuse/lock" bit (or ref. count) along with valid bit |
68 | */ |
69 | |
70 | #include <sys/cdefs.h> |
71 | __KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.232 2016/11/05 20:03:15 roy Exp $" ); |
72 | |
73 | #ifdef _KERNEL_OPT |
74 | #include "opt_ddb.h" |
75 | #include "opt_inet.h" |
76 | #include "opt_net_mpsafe.h" |
77 | #endif |
78 | |
79 | #ifdef INET |
80 | |
81 | #include "arp.h" |
82 | #include "bridge.h" |
83 | |
84 | #include <sys/param.h> |
85 | #include <sys/systm.h> |
86 | #include <sys/callout.h> |
87 | #include <sys/malloc.h> |
88 | #include <sys/mbuf.h> |
89 | #include <sys/socket.h> |
90 | #include <sys/time.h> |
91 | #include <sys/timetc.h> |
92 | #include <sys/kernel.h> |
93 | #include <sys/errno.h> |
94 | #include <sys/ioctl.h> |
95 | #include <sys/syslog.h> |
96 | #include <sys/proc.h> |
97 | #include <sys/protosw.h> |
98 | #include <sys/domain.h> |
99 | #include <sys/sysctl.h> |
100 | #include <sys/socketvar.h> |
101 | #include <sys/percpu.h> |
102 | #include <sys/cprng.h> |
103 | #include <sys/kmem.h> |
104 | |
105 | #include <net/ethertypes.h> |
106 | #include <net/if.h> |
107 | #include <net/if_dl.h> |
108 | #include <net/if_token.h> |
109 | #include <net/if_types.h> |
110 | #include <net/if_ether.h> |
111 | #include <net/if_llatbl.h> |
112 | #include <net/net_osdep.h> |
113 | #include <net/route.h> |
114 | #include <net/net_stats.h> |
115 | |
116 | #include <netinet/in.h> |
117 | #include <netinet/in_systm.h> |
118 | #include <netinet/in_var.h> |
119 | #include <netinet/ip.h> |
120 | #include <netinet/if_inarp.h> |
121 | |
122 | #include "arcnet.h" |
123 | #if NARCNET > 0 |
124 | #include <net/if_arc.h> |
125 | #endif |
126 | #include "fddi.h" |
127 | #if NFDDI > 0 |
128 | #include <net/if_fddi.h> |
129 | #endif |
130 | #include "token.h" |
131 | #include "carp.h" |
132 | #if NCARP > 0 |
133 | #include <netinet/ip_carp.h> |
134 | #endif |
135 | |
136 | #define SIN(s) ((struct sockaddr_in *)s) |
137 | #define SRP(s) ((struct sockaddr_inarp *)s) |
138 | |
139 | /* |
140 | * ARP trailer negotiation. Trailer protocol is not IP specific, |
141 | * but ARP request/response use IP addresses. |
142 | */ |
143 | #define ETHERTYPE_IPTRAILERS ETHERTYPE_TRAIL |
144 | |
145 | /* timer values */ |
146 | static int arpt_keep = (20*60); /* once resolved, good for 20 more minutes */ |
147 | static int arpt_down = 20; /* once declared down, don't send for 20 secs */ |
148 | static int arp_maxhold = 1; /* number of packets to hold per ARP entry */ |
149 | #define rt_expire rt_rmx.rmx_expire |
150 | #define rt_pksent rt_rmx.rmx_pksent |
151 | |
152 | int ip_dad_count = PROBE_NUM; |
153 | #ifdef ARP_DEBUG |
154 | int arp_debug = 1; |
155 | #else |
156 | int arp_debug = 0; |
157 | #endif |
158 | |
159 | static void arp_init(void); |
160 | |
161 | static void arprequest(struct ifnet *, |
162 | const struct in_addr *, const struct in_addr *, |
163 | const u_int8_t *); |
164 | static void arpannounce1(struct ifaddr *); |
165 | static struct sockaddr *arp_setgate(struct rtentry *, struct sockaddr *, |
166 | const struct sockaddr *); |
167 | static void arptimer(void *); |
168 | static void arp_settimer(struct llentry *, int); |
169 | static struct llentry *arplookup(struct ifnet *, struct mbuf *, |
170 | const struct in_addr *, const struct sockaddr *, int); |
171 | static struct llentry *arpcreate(struct ifnet *, struct mbuf *, |
172 | const struct in_addr *, const struct sockaddr *, int); |
173 | static void in_arpinput(struct mbuf *); |
174 | static void in_revarpinput(struct mbuf *); |
175 | static void revarprequest(struct ifnet *); |
176 | |
177 | static void arp_drainstub(void); |
178 | |
179 | static void arp_dad_timer(struct ifaddr *); |
180 | static void arp_dad_start(struct ifaddr *); |
181 | static void arp_dad_stop(struct ifaddr *); |
182 | static void arp_dad_duplicated(struct ifaddr *, const char *); |
183 | |
184 | static void arp_init_llentry(struct ifnet *, struct llentry *); |
185 | #if NTOKEN > 0 |
186 | static void arp_free_llentry_tokenring(struct llentry *); |
187 | #endif |
188 | |
189 | struct ifqueue arpintrq = { |
190 | .ifq_head = NULL, |
191 | .ifq_tail = NULL, |
192 | .ifq_len = 0, |
193 | .ifq_maxlen = 50, |
194 | .ifq_drops = 0, |
195 | }; |
196 | static int arp_maxtries = 5; |
197 | static int useloopback = 1; /* use loopback interface for local traffic */ |
198 | |
199 | static percpu_t *arpstat_percpu; |
200 | |
201 | #define ARP_STAT_GETREF() _NET_STAT_GETREF(arpstat_percpu) |
202 | #define ARP_STAT_PUTREF() _NET_STAT_PUTREF(arpstat_percpu) |
203 | |
204 | #define ARP_STATINC(x) _NET_STATINC(arpstat_percpu, x) |
205 | #define ARP_STATADD(x, v) _NET_STATADD(arpstat_percpu, x, v) |
206 | |
207 | /* revarp state */ |
208 | static struct in_addr myip, srv_ip; |
209 | static int myip_initialized = 0; |
210 | static int revarp_in_progress = 0; |
211 | static struct ifnet *myip_ifp = NULL; |
212 | |
213 | static int arp_drainwanted; |
214 | |
215 | static int log_movements = 1; |
216 | static int log_permanent_modify = 1; |
217 | static int log_wrong_iface = 1; |
218 | static int log_unknown_network = 1; |
219 | |
220 | /* |
221 | * this should be elsewhere. |
222 | */ |
223 | |
224 | static char * |
225 | lla_snprintf(u_int8_t *, int); |
226 | |
227 | static char * |
228 | lla_snprintf(u_int8_t *adrp, int len) |
229 | { |
230 | #define NUMBUFS 3 |
231 | static char buf[NUMBUFS][16*3]; |
232 | static int bnum = 0; |
233 | |
234 | int i; |
235 | char *p; |
236 | |
237 | p = buf[bnum]; |
238 | |
239 | *p++ = hexdigits[(*adrp)>>4]; |
240 | *p++ = hexdigits[(*adrp++)&0xf]; |
241 | |
242 | for (i=1; i<len && i<16; i++) { |
243 | *p++ = ':'; |
244 | *p++ = hexdigits[(*adrp)>>4]; |
245 | *p++ = hexdigits[(*adrp++)&0xf]; |
246 | } |
247 | |
248 | *p = 0; |
249 | p = buf[bnum]; |
250 | bnum = (bnum + 1) % NUMBUFS; |
251 | return p; |
252 | } |
253 | |
254 | DOMAIN_DEFINE(arpdomain); /* forward declare and add to link set */ |
255 | |
256 | static void |
257 | arp_fasttimo(void) |
258 | { |
259 | if (arp_drainwanted) { |
260 | arp_drain(); |
261 | arp_drainwanted = 0; |
262 | } |
263 | } |
264 | |
265 | const struct protosw arpsw[] = { |
266 | { .pr_type = 0, |
267 | .pr_domain = &arpdomain, |
268 | .pr_protocol = 0, |
269 | .pr_flags = 0, |
270 | .pr_input = 0, |
271 | .pr_ctlinput = 0, |
272 | .pr_ctloutput = 0, |
273 | .pr_usrreqs = 0, |
274 | .pr_init = arp_init, |
275 | .pr_fasttimo = arp_fasttimo, |
276 | .pr_slowtimo = 0, |
277 | .pr_drain = arp_drainstub, |
278 | } |
279 | }; |
280 | |
281 | struct domain arpdomain = { |
282 | .dom_family = PF_ARP, |
283 | .dom_name = "arp" , |
284 | .dom_protosw = arpsw, |
285 | .dom_protoswNPROTOSW = &arpsw[__arraycount(arpsw)], |
286 | }; |
287 | |
288 | static void sysctl_net_inet_arp_setup(struct sysctllog **); |
289 | |
290 | void |
291 | arp_init(void) |
292 | { |
293 | |
294 | sysctl_net_inet_arp_setup(NULL); |
295 | arpstat_percpu = percpu_alloc(sizeof(uint64_t) * ARP_NSTATS); |
296 | IFQ_LOCK_INIT(&arpintrq); |
297 | } |
298 | |
299 | static void |
300 | arp_drainstub(void) |
301 | { |
302 | arp_drainwanted = 1; |
303 | } |
304 | |
305 | /* |
306 | * ARP protocol drain routine. Called when memory is in short supply. |
307 | * Called at splvm(); don't acquire softnet_lock as can be called from |
308 | * hardware interrupt handlers. |
309 | */ |
310 | void |
311 | arp_drain(void) |
312 | { |
313 | |
314 | lltable_drain(AF_INET); |
315 | } |
316 | |
317 | static void |
318 | arptimer(void *arg) |
319 | { |
320 | struct llentry *lle = arg; |
321 | struct ifnet *ifp; |
322 | |
323 | if (lle == NULL) |
324 | return; |
325 | |
326 | if (lle->la_flags & LLE_STATIC) |
327 | return; |
328 | |
329 | LLE_WLOCK(lle); |
330 | if (callout_pending(&lle->la_timer)) { |
331 | /* |
332 | * Here we are a bit odd here in the treatment of |
333 | * active/pending. If the pending bit is set, it got |
334 | * rescheduled before I ran. The active |
335 | * bit we ignore, since if it was stopped |
336 | * in ll_tablefree() and was currently running |
337 | * it would have return 0 so the code would |
338 | * not have deleted it since the callout could |
339 | * not be stopped so we want to go through |
340 | * with the delete here now. If the callout |
341 | * was restarted, the pending bit will be back on and |
342 | * we just want to bail since the callout_reset would |
343 | * return 1 and our reference would have been removed |
344 | * by arpresolve() below. |
345 | */ |
346 | LLE_WUNLOCK(lle); |
347 | return; |
348 | } |
349 | ifp = lle->lle_tbl->llt_ifp; |
350 | |
351 | callout_stop(&lle->la_timer); |
352 | |
353 | /* XXX: LOR avoidance. We still have ref on lle. */ |
354 | LLE_WUNLOCK(lle); |
355 | |
356 | IF_AFDATA_LOCK(ifp); |
357 | LLE_WLOCK(lle); |
358 | |
359 | /* Guard against race with other llentry_free(). */ |
360 | if (lle->la_flags & LLE_LINKED) { |
361 | size_t pkts_dropped; |
362 | |
363 | LLE_REMREF(lle); |
364 | pkts_dropped = llentry_free(lle); |
365 | ARP_STATADD(ARP_STAT_DFRDROPPED, pkts_dropped); |
366 | ARP_STATADD(ARP_STAT_DFRTOTAL, pkts_dropped); |
367 | } else { |
368 | LLE_FREE_LOCKED(lle); |
369 | } |
370 | |
371 | IF_AFDATA_UNLOCK(ifp); |
372 | } |
373 | |
374 | static void |
375 | arp_settimer(struct llentry *la, int sec) |
376 | { |
377 | |
378 | LLE_WLOCK_ASSERT(la); |
379 | LLE_ADDREF(la); |
380 | callout_reset(&la->la_timer, hz * sec, arptimer, la); |
381 | } |
382 | |
383 | /* |
384 | * We set the gateway for RTF_CLONING routes to a "prototype" |
385 | * link-layer sockaddr whose interface type (if_type) and interface |
386 | * index (if_index) fields are prepared. |
387 | */ |
388 | static struct sockaddr * |
389 | arp_setgate(struct rtentry *rt, struct sockaddr *gate, |
390 | const struct sockaddr *netmask) |
391 | { |
392 | const struct ifnet *ifp = rt->rt_ifp; |
393 | uint8_t namelen = strlen(ifp->if_xname); |
394 | uint8_t addrlen = ifp->if_addrlen; |
395 | |
396 | /* |
397 | * XXX: If this is a manually added route to interface |
398 | * such as older version of routed or gated might provide, |
399 | * restore cloning bit. |
400 | */ |
401 | if ((rt->rt_flags & RTF_HOST) == 0 && netmask != NULL && |
402 | satocsin(netmask)->sin_addr.s_addr != 0xffffffff) |
403 | rt->rt_flags |= RTF_CONNECTED; |
404 | |
405 | if ((rt->rt_flags & (RTF_CONNECTED | RTF_LOCAL))) { |
406 | union { |
407 | struct sockaddr sa; |
408 | struct sockaddr_storage ss; |
409 | struct sockaddr_dl sdl; |
410 | } u; |
411 | /* |
412 | * Case 1: This route should come from a route to iface. |
413 | */ |
414 | sockaddr_dl_init(&u.sdl, sizeof(u.ss), |
415 | ifp->if_index, ifp->if_type, NULL, namelen, NULL, addrlen); |
416 | rt_setgate(rt, &u.sa); |
417 | gate = rt->rt_gateway; |
418 | } |
419 | return gate; |
420 | } |
421 | |
422 | static void |
423 | arp_init_llentry(struct ifnet *ifp, struct llentry *lle) |
424 | { |
425 | |
426 | switch (ifp->if_type) { |
427 | #if NTOKEN > 0 |
428 | case IFT_ISO88025: |
429 | lle->la_opaque = kmem_intr_alloc(sizeof(struct token_rif), |
430 | KM_NOSLEEP); |
431 | lle->lle_ll_free = arp_free_llentry_tokenring; |
432 | break; |
433 | #endif |
434 | } |
435 | } |
436 | |
437 | #if NTOKEN > 0 |
438 | static void |
439 | arp_free_llentry_tokenring(struct llentry *lle) |
440 | { |
441 | |
442 | kmem_intr_free(lle->la_opaque, sizeof(struct token_rif)); |
443 | } |
444 | #endif |
445 | |
446 | /* |
447 | * Parallel to llc_rtrequest. |
448 | */ |
449 | void |
450 | arp_rtrequest(int req, struct rtentry *rt, const struct rt_addrinfo *info) |
451 | { |
452 | struct sockaddr *gate = rt->rt_gateway; |
453 | struct in_ifaddr *ia; |
454 | struct ifaddr *ifa; |
455 | struct ifnet *ifp = rt->rt_ifp; |
456 | int bound; |
457 | int s; |
458 | |
459 | if (req == RTM_LLINFO_UPD) { |
460 | if ((ifa = info->rti_ifa) != NULL) |
461 | arpannounce1(ifa); |
462 | return; |
463 | } |
464 | |
465 | if ((rt->rt_flags & RTF_GATEWAY) != 0) { |
466 | if (req != RTM_ADD) |
467 | return; |
468 | |
469 | /* |
470 | * linklayers with particular link MTU limitation. |
471 | */ |
472 | switch(ifp->if_type) { |
473 | #if NFDDI > 0 |
474 | case IFT_FDDI: |
475 | if (ifp->if_mtu > FDDIIPMTU) |
476 | rt->rt_rmx.rmx_mtu = FDDIIPMTU; |
477 | break; |
478 | #endif |
479 | #if NARCNET > 0 |
480 | case IFT_ARCNET: |
481 | { |
482 | int arcipifmtu; |
483 | |
484 | if (ifp->if_flags & IFF_LINK0) |
485 | arcipifmtu = arc_ipmtu; |
486 | else |
487 | arcipifmtu = ARCMTU; |
488 | if (ifp->if_mtu > arcipifmtu) |
489 | rt->rt_rmx.rmx_mtu = arcipifmtu; |
490 | break; |
491 | } |
492 | #endif |
493 | } |
494 | return; |
495 | } |
496 | |
497 | switch (req) { |
498 | case RTM_SETGATE: |
499 | gate = arp_setgate(rt, gate, info->rti_info[RTAX_NETMASK]); |
500 | break; |
501 | case RTM_ADD: |
502 | gate = arp_setgate(rt, gate, info->rti_info[RTAX_NETMASK]); |
503 | if (gate == NULL) { |
504 | log(LOG_ERR, "%s: arp_setgate failed\n" , __func__); |
505 | break; |
506 | } |
507 | if ((rt->rt_flags & RTF_CONNECTED) || |
508 | (rt->rt_flags & RTF_LOCAL)) { |
509 | /* |
510 | * Give this route an expiration time, even though |
511 | * it's a "permanent" route, so that routes cloned |
512 | * from it do not need their expiration time set. |
513 | */ |
514 | KASSERT(time_uptime != 0); |
515 | rt->rt_expire = time_uptime; |
516 | /* |
517 | * linklayers with particular link MTU limitation. |
518 | */ |
519 | switch (ifp->if_type) { |
520 | #if NFDDI > 0 |
521 | case IFT_FDDI: |
522 | if ((rt->rt_rmx.rmx_locks & RTV_MTU) == 0 && |
523 | (rt->rt_rmx.rmx_mtu > FDDIIPMTU || |
524 | (rt->rt_rmx.rmx_mtu == 0 && |
525 | ifp->if_mtu > FDDIIPMTU))) |
526 | rt->rt_rmx.rmx_mtu = FDDIIPMTU; |
527 | break; |
528 | #endif |
529 | #if NARCNET > 0 |
530 | case IFT_ARCNET: |
531 | { |
532 | int arcipifmtu; |
533 | if (ifp->if_flags & IFF_LINK0) |
534 | arcipifmtu = arc_ipmtu; |
535 | else |
536 | arcipifmtu = ARCMTU; |
537 | |
538 | if ((rt->rt_rmx.rmx_locks & RTV_MTU) == 0 && |
539 | (rt->rt_rmx.rmx_mtu > arcipifmtu || |
540 | (rt->rt_rmx.rmx_mtu == 0 && |
541 | ifp->if_mtu > arcipifmtu))) |
542 | rt->rt_rmx.rmx_mtu = arcipifmtu; |
543 | break; |
544 | } |
545 | #endif |
546 | } |
547 | if (rt->rt_flags & RTF_CONNECTED) |
548 | break; |
549 | } |
550 | |
551 | bound = curlwp_bind(); |
552 | /* Announce a new entry if requested. */ |
553 | if (rt->rt_flags & RTF_ANNOUNCE) { |
554 | struct psref psref; |
555 | ia = in_get_ia_on_iface_psref( |
556 | satocsin(rt_getkey(rt))->sin_addr, ifp, &psref); |
557 | if (ia != NULL) { |
558 | arpannounce(ifp, &ia->ia_ifa, |
559 | CLLADDR(satocsdl(gate))); |
560 | ia4_release(ia, &psref); |
561 | } |
562 | } |
563 | |
564 | if (gate->sa_family != AF_LINK || |
565 | gate->sa_len < sockaddr_dl_measure(0, ifp->if_addrlen)) { |
566 | log(LOG_DEBUG, "%s: bad gateway value\n" , __func__); |
567 | goto out; |
568 | } |
569 | |
570 | satosdl(gate)->sdl_type = ifp->if_type; |
571 | satosdl(gate)->sdl_index = ifp->if_index; |
572 | |
573 | /* If the route is for a broadcast address mark it as such. |
574 | * This way we can avoid an expensive call to in_broadcast() |
575 | * in ip_output() most of the time (because the route passed |
576 | * to ip_output() is almost always a host route). */ |
577 | if (rt->rt_flags & RTF_HOST && |
578 | !(rt->rt_flags & RTF_BROADCAST) && |
579 | in_broadcast(satocsin(rt_getkey(rt))->sin_addr, rt->rt_ifp)) |
580 | rt->rt_flags |= RTF_BROADCAST; |
581 | /* There is little point in resolving the broadcast address */ |
582 | if (rt->rt_flags & RTF_BROADCAST) |
583 | goto out; |
584 | |
585 | /* |
586 | * When called from rt_ifa_addlocal, we cannot depend on that |
587 | * the address (rt_getkey(rt)) exits in the address list of the |
588 | * interface. So check RTF_LOCAL instead. |
589 | */ |
590 | if (rt->rt_flags & RTF_LOCAL) { |
591 | rt->rt_expire = 0; |
592 | if (useloopback) { |
593 | rt->rt_ifp = lo0ifp; |
594 | rt->rt_rmx.rmx_mtu = 0; |
595 | } |
596 | goto out; |
597 | } |
598 | |
599 | s = pserialize_read_enter(); |
600 | ia = in_get_ia_on_iface(satocsin(rt_getkey(rt))->sin_addr, ifp); |
601 | if (ia == NULL) { |
602 | pserialize_read_exit(s); |
603 | goto out; |
604 | } |
605 | |
606 | rt->rt_expire = 0; |
607 | if (useloopback) { |
608 | rt->rt_ifp = lo0ifp; |
609 | rt->rt_rmx.rmx_mtu = 0; |
610 | } |
611 | rt->rt_flags |= RTF_LOCAL; |
612 | /* |
613 | * make sure to set rt->rt_ifa to the interface |
614 | * address we are using, otherwise we will have trouble |
615 | * with source address selection. |
616 | */ |
617 | ifa = &ia->ia_ifa; |
618 | if (ifa != rt->rt_ifa) |
619 | /* Assume it doesn't sleep */ |
620 | rt_replace_ifa(rt, ifa); |
621 | pserialize_read_exit(s); |
622 | out: |
623 | curlwp_bindx(bound); |
624 | break; |
625 | } |
626 | } |
627 | |
628 | /* |
629 | * Broadcast an ARP request. Caller specifies: |
630 | * - arp header source ip address |
631 | * - arp header target ip address |
632 | * - arp header source ethernet address |
633 | */ |
634 | static void |
635 | arprequest(struct ifnet *ifp, |
636 | const struct in_addr *sip, const struct in_addr *tip, |
637 | const u_int8_t *enaddr) |
638 | { |
639 | struct mbuf *m; |
640 | struct arphdr *ah; |
641 | struct sockaddr sa; |
642 | uint64_t *arps; |
643 | |
644 | KASSERT(sip != NULL); |
645 | KASSERT(tip != NULL); |
646 | KASSERT(enaddr != NULL); |
647 | |
648 | if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL) |
649 | return; |
650 | MCLAIM(m, &arpdomain.dom_mowner); |
651 | switch (ifp->if_type) { |
652 | case IFT_IEEE1394: |
653 | m->m_len = sizeof(*ah) + 2 * sizeof(struct in_addr) + |
654 | ifp->if_addrlen; |
655 | break; |
656 | default: |
657 | m->m_len = sizeof(*ah) + 2 * sizeof(struct in_addr) + |
658 | 2 * ifp->if_addrlen; |
659 | break; |
660 | } |
661 | m->m_pkthdr.len = m->m_len; |
662 | MH_ALIGN(m, m->m_len); |
663 | ah = mtod(m, struct arphdr *); |
664 | memset(ah, 0, m->m_len); |
665 | switch (ifp->if_type) { |
666 | case IFT_IEEE1394: /* RFC2734 */ |
667 | /* fill it now for ar_tpa computation */ |
668 | ah->ar_hrd = htons(ARPHRD_IEEE1394); |
669 | break; |
670 | default: |
671 | /* ifp->if_output will fill ar_hrd */ |
672 | break; |
673 | } |
674 | ah->ar_pro = htons(ETHERTYPE_IP); |
675 | ah->ar_hln = ifp->if_addrlen; /* hardware address length */ |
676 | ah->ar_pln = sizeof(struct in_addr); /* protocol address length */ |
677 | ah->ar_op = htons(ARPOP_REQUEST); |
678 | memcpy(ar_sha(ah), enaddr, ah->ar_hln); |
679 | memcpy(ar_spa(ah), sip, ah->ar_pln); |
680 | memcpy(ar_tpa(ah), tip, ah->ar_pln); |
681 | sa.sa_family = AF_ARP; |
682 | sa.sa_len = 2; |
683 | m->m_flags |= M_BCAST; |
684 | arps = ARP_STAT_GETREF(); |
685 | arps[ARP_STAT_SNDTOTAL]++; |
686 | arps[ARP_STAT_SENDREQUEST]++; |
687 | ARP_STAT_PUTREF(); |
688 | if_output_lock(ifp, ifp, m, &sa, NULL); |
689 | } |
690 | |
691 | void |
692 | arpannounce(struct ifnet *ifp, struct ifaddr *ifa, const uint8_t *enaddr) |
693 | { |
694 | struct in_ifaddr *ia = ifatoia(ifa); |
695 | struct in_addr *ip = &IA_SIN(ifa)->sin_addr; |
696 | |
697 | if (ia->ia4_flags & (IN_IFF_NOTREADY | IN_IFF_DETACHED)) { |
698 | arplog(LOG_DEBUG, "%s not ready\n" , in_fmtaddr(*ip)); |
699 | return; |
700 | } |
701 | arprequest(ifp, ip, ip, enaddr); |
702 | } |
703 | |
704 | static void |
705 | arpannounce1(struct ifaddr *ifa) |
706 | { |
707 | |
708 | arpannounce(ifa->ifa_ifp, ifa, CLLADDR(ifa->ifa_ifp->if_sadl)); |
709 | } |
710 | |
711 | /* |
712 | * Resolve an IP address into an ethernet address. If success, |
713 | * desten is filled in. If there is no entry in arptab, |
714 | * set one up and broadcast a request for the IP address. |
715 | * Hold onto this mbuf and resend it once the address |
716 | * is finally resolved. A return value of 0 indicates |
717 | * that desten has been filled in and the packet should be sent |
718 | * normally; a return value of EWOULDBLOCK indicates that the packet has been |
719 | * held pending resolution. |
720 | * Any other value indicates an error. |
721 | */ |
722 | int |
723 | arpresolve(struct ifnet *ifp, const struct rtentry *rt, struct mbuf *m, |
724 | const struct sockaddr *dst, void *desten, size_t destlen) |
725 | { |
726 | struct llentry *la; |
727 | const char *create_lookup; |
728 | bool renew; |
729 | int error; |
730 | |
731 | KASSERT(m != NULL); |
732 | |
733 | la = arplookup(ifp, m, NULL, dst, 0); |
734 | if (la == NULL) |
735 | goto notfound; |
736 | |
737 | if ((la->la_flags & LLE_VALID) && |
738 | ((la->la_flags & LLE_STATIC) || la->la_expire > time_uptime)) { |
739 | KASSERT(destlen >= ifp->if_addrlen); |
740 | memcpy(desten, &la->ll_addr, ifp->if_addrlen); |
741 | LLE_RUNLOCK(la); |
742 | return 0; |
743 | } |
744 | |
745 | notfound: |
746 | #ifdef IFF_STATICARP /* FreeBSD */ |
747 | #define _IFF_NOARP (IFF_NOARP | IFF_STATICARP) |
748 | #else |
749 | #define _IFF_NOARP IFF_NOARP |
750 | #endif |
751 | if (ifp->if_flags & _IFF_NOARP) { |
752 | if (la != NULL) |
753 | LLE_RUNLOCK(la); |
754 | error = ENOTSUP; |
755 | goto bad; |
756 | } |
757 | #undef _IFF_NOARP |
758 | if (la == NULL) { |
759 | create_lookup = "create" ; |
760 | IF_AFDATA_WLOCK(ifp); |
761 | la = lla_create(LLTABLE(ifp), LLE_EXCLUSIVE, dst); |
762 | IF_AFDATA_WUNLOCK(ifp); |
763 | if (la == NULL) |
764 | ARP_STATINC(ARP_STAT_ALLOCFAIL); |
765 | else |
766 | arp_init_llentry(ifp, la); |
767 | } else if (LLE_TRY_UPGRADE(la) == 0) { |
768 | create_lookup = "lookup" ; |
769 | LLE_RUNLOCK(la); |
770 | IF_AFDATA_RLOCK(ifp); |
771 | la = lla_lookup(LLTABLE(ifp), LLE_EXCLUSIVE, dst); |
772 | IF_AFDATA_RUNLOCK(ifp); |
773 | } |
774 | |
775 | error = EINVAL; |
776 | if (la == NULL) { |
777 | log(LOG_DEBUG, |
778 | "%s: failed to %s llentry for %s on %s\n" , |
779 | __func__, create_lookup, inet_ntoa(satocsin(dst)->sin_addr), |
780 | ifp->if_xname); |
781 | goto bad; |
782 | } |
783 | |
784 | if ((la->la_flags & LLE_VALID) && |
785 | ((la->la_flags & LLE_STATIC) || la->la_expire > time_uptime)) |
786 | { |
787 | KASSERT(destlen >= ifp->if_addrlen); |
788 | memcpy(desten, &la->ll_addr, ifp->if_addrlen); |
789 | renew = false; |
790 | /* |
791 | * If entry has an expiry time and it is approaching, |
792 | * see if we need to send an ARP request within this |
793 | * arpt_down interval. |
794 | */ |
795 | if (!(la->la_flags & LLE_STATIC) && |
796 | time_uptime + la->la_preempt > la->la_expire) |
797 | { |
798 | renew = true; |
799 | la->la_preempt--; |
800 | } |
801 | |
802 | LLE_WUNLOCK(la); |
803 | |
804 | if (renew) { |
805 | const u_int8_t *enaddr = |
806 | #if NCARP > 0 |
807 | (ifp->if_type == IFT_CARP) ? |
808 | CLLADDR(ifp->if_sadl): |
809 | #endif |
810 | CLLADDR(ifp->if_sadl); |
811 | arprequest(ifp, |
812 | &satocsin(rt->rt_ifa->ifa_addr)->sin_addr, |
813 | &satocsin(dst)->sin_addr, enaddr); |
814 | } |
815 | |
816 | return 0; |
817 | } |
818 | |
819 | if (la->la_flags & LLE_STATIC) { /* should not happen! */ |
820 | LLE_RUNLOCK(la); |
821 | log(LOG_DEBUG, "%s: ouch, empty static llinfo for %s\n" , |
822 | __func__, inet_ntoa(satocsin(dst)->sin_addr)); |
823 | error = EINVAL; |
824 | goto bad; |
825 | } |
826 | |
827 | renew = (la->la_asked == 0 || la->la_expire != time_uptime); |
828 | |
829 | /* |
830 | * There is an arptab entry, but no ethernet address |
831 | * response yet. Add the mbuf to the list, dropping |
832 | * the oldest packet if we have exceeded the system |
833 | * setting. |
834 | */ |
835 | LLE_WLOCK_ASSERT(la); |
836 | if (la->la_numheld >= arp_maxhold) { |
837 | if (la->la_hold != NULL) { |
838 | struct mbuf *next = la->la_hold->m_nextpkt; |
839 | m_freem(la->la_hold); |
840 | la->la_hold = next; |
841 | la->la_numheld--; |
842 | ARP_STATINC(ARP_STAT_DFRDROPPED); |
843 | ARP_STATINC(ARP_STAT_DFRTOTAL); |
844 | } |
845 | } |
846 | if (la->la_hold != NULL) { |
847 | struct mbuf *curr = la->la_hold; |
848 | while (curr->m_nextpkt != NULL) |
849 | curr = curr->m_nextpkt; |
850 | curr->m_nextpkt = m; |
851 | } else |
852 | la->la_hold = m; |
853 | la->la_numheld++; |
854 | if (!renew) |
855 | LLE_DOWNGRADE(la); |
856 | |
857 | /* |
858 | * Return EWOULDBLOCK if we have tried less than arp_maxtries. It |
859 | * will be masked by ether_output(). Return EHOSTDOWN/EHOSTUNREACH |
860 | * if we have already sent arp_maxtries ARP requests. Retransmit the |
861 | * ARP request, but not faster than one request per second. |
862 | */ |
863 | if (la->la_asked < arp_maxtries) |
864 | error = EWOULDBLOCK; /* First request. */ |
865 | else |
866 | error = (rt != NULL && rt->rt_flags & RTF_GATEWAY) ? |
867 | EHOSTUNREACH : EHOSTDOWN; |
868 | |
869 | if (renew) { |
870 | const u_int8_t *enaddr = |
871 | #if NCARP > 0 |
872 | (rt != NULL && rt->rt_ifp->if_type == IFT_CARP) ? |
873 | CLLADDR(rt->rt_ifp->if_sadl): |
874 | #endif |
875 | CLLADDR(ifp->if_sadl); |
876 | la->la_expire = time_uptime; |
877 | arp_settimer(la, arpt_down); |
878 | la->la_asked++; |
879 | LLE_WUNLOCK(la); |
880 | |
881 | if (rt != NULL) { |
882 | arprequest(ifp, &satocsin(rt->rt_ifa->ifa_addr)->sin_addr, |
883 | &satocsin(dst)->sin_addr, enaddr); |
884 | } else { |
885 | struct sockaddr_in sin; |
886 | struct rtentry *_rt; |
887 | |
888 | sockaddr_in_init(&sin, &la->r_l3addr.addr4, 0); |
889 | |
890 | /* XXX */ |
891 | _rt = rtalloc1((struct sockaddr *)&sin, 0); |
892 | if (_rt == NULL) |
893 | goto bad; |
894 | arprequest(ifp, |
895 | &satocsin(_rt->rt_ifa->ifa_addr)->sin_addr, |
896 | &satocsin(dst)->sin_addr, enaddr); |
897 | rtfree(_rt); |
898 | } |
899 | return error; |
900 | } |
901 | |
902 | LLE_RUNLOCK(la); |
903 | return error; |
904 | |
905 | bad: |
906 | m_freem(m); |
907 | return error; |
908 | } |
909 | |
910 | /* |
911 | * Common length and type checks are done here, |
912 | * then the protocol-specific routine is called. |
913 | */ |
914 | void |
915 | arpintr(void) |
916 | { |
917 | struct mbuf *m; |
918 | struct arphdr *ar; |
919 | int s; |
920 | int arplen; |
921 | |
922 | #ifndef NET_MPSAFE |
923 | mutex_enter(softnet_lock); |
924 | KERNEL_LOCK(1, NULL); |
925 | #endif |
926 | for (;;) { |
927 | struct ifnet *rcvif; |
928 | |
929 | IFQ_LOCK(&arpintrq); |
930 | IF_DEQUEUE(&arpintrq, m); |
931 | IFQ_UNLOCK(&arpintrq); |
932 | if (m == NULL) |
933 | goto out; |
934 | if ((m->m_flags & M_PKTHDR) == 0) |
935 | panic("arpintr" ); |
936 | |
937 | MCLAIM(m, &arpdomain.dom_mowner); |
938 | ARP_STATINC(ARP_STAT_RCVTOTAL); |
939 | |
940 | /* |
941 | * First, make sure we have at least struct arphdr. |
942 | */ |
943 | if (m->m_len < sizeof(struct arphdr) || |
944 | (ar = mtod(m, struct arphdr *)) == NULL) |
945 | goto badlen; |
946 | |
947 | rcvif = m_get_rcvif(m, &s); |
948 | switch (rcvif->if_type) { |
949 | case IFT_IEEE1394: |
950 | arplen = sizeof(struct arphdr) + |
951 | ar->ar_hln + 2 * ar->ar_pln; |
952 | break; |
953 | default: |
954 | arplen = sizeof(struct arphdr) + |
955 | 2 * ar->ar_hln + 2 * ar->ar_pln; |
956 | break; |
957 | } |
958 | m_put_rcvif(rcvif, &s); |
959 | |
960 | if (/* XXX ntohs(ar->ar_hrd) == ARPHRD_ETHER && */ |
961 | m->m_len >= arplen) |
962 | switch (ntohs(ar->ar_pro)) { |
963 | case ETHERTYPE_IP: |
964 | case ETHERTYPE_IPTRAILERS: |
965 | in_arpinput(m); |
966 | continue; |
967 | default: |
968 | ARP_STATINC(ARP_STAT_RCVBADPROTO); |
969 | } |
970 | else { |
971 | badlen: |
972 | ARP_STATINC(ARP_STAT_RCVBADLEN); |
973 | } |
974 | m_freem(m); |
975 | } |
976 | out: |
977 | #ifndef NET_MPSAFE |
978 | KERNEL_UNLOCK_ONE(NULL); |
979 | mutex_exit(softnet_lock); |
980 | #else |
981 | return; /* XXX gcc */ |
982 | #endif |
983 | } |
984 | |
985 | /* |
986 | * ARP for Internet protocols on 10 Mb/s Ethernet. |
987 | * Algorithm is that given in RFC 826. |
988 | * In addition, a sanity check is performed on the sender |
989 | * protocol address, to catch impersonators. |
990 | * We no longer handle negotiations for use of trailer protocol: |
991 | * Formerly, ARP replied for protocol type ETHERTYPE_TRAIL sent |
992 | * along with IP replies if we wanted trailers sent to us, |
993 | * and also sent them in response to IP replies. |
994 | * This allowed either end to announce the desire to receive |
995 | * trailer packets. |
996 | * We no longer reply to requests for ETHERTYPE_TRAIL protocol either, |
997 | * but formerly didn't normally send requests. |
998 | */ |
999 | static void |
1000 | in_arpinput(struct mbuf *m) |
1001 | { |
1002 | struct arphdr *ah; |
1003 | struct ifnet *ifp, *rcvif = NULL; |
1004 | struct llentry *la = NULL; |
1005 | struct in_ifaddr *ia = NULL; |
1006 | #if NBRIDGE > 0 |
1007 | struct in_ifaddr *bridge_ia = NULL; |
1008 | #endif |
1009 | #if NCARP > 0 |
1010 | u_int32_t count = 0, index = 0; |
1011 | #endif |
1012 | struct sockaddr sa; |
1013 | struct in_addr isaddr, itaddr, myaddr; |
1014 | int op; |
1015 | void *tha; |
1016 | uint64_t *arps; |
1017 | struct psref psref, psref_ia; |
1018 | int s; |
1019 | |
1020 | if (__predict_false(m_makewritable(&m, 0, m->m_pkthdr.len, M_DONTWAIT))) |
1021 | goto out; |
1022 | ah = mtod(m, struct arphdr *); |
1023 | op = ntohs(ah->ar_op); |
1024 | |
1025 | rcvif = ifp = m_get_rcvif_psref(m, &psref); |
1026 | if (__predict_false(rcvif == NULL)) |
1027 | goto drop; |
1028 | /* |
1029 | * Fix up ah->ar_hrd if necessary, before using ar_tha() or |
1030 | * ar_tpa(). |
1031 | */ |
1032 | switch (ifp->if_type) { |
1033 | case IFT_IEEE1394: |
1034 | if (ntohs(ah->ar_hrd) == ARPHRD_IEEE1394) |
1035 | ; |
1036 | else { |
1037 | /* XXX this is to make sure we compute ar_tha right */ |
1038 | /* XXX check ar_hrd more strictly? */ |
1039 | ah->ar_hrd = htons(ARPHRD_IEEE1394); |
1040 | } |
1041 | break; |
1042 | default: |
1043 | /* XXX check ar_hrd? */ |
1044 | break; |
1045 | } |
1046 | |
1047 | memcpy(&isaddr, ar_spa(ah), sizeof (isaddr)); |
1048 | memcpy(&itaddr, ar_tpa(ah), sizeof (itaddr)); |
1049 | |
1050 | if (m->m_flags & (M_BCAST|M_MCAST)) |
1051 | ARP_STATINC(ARP_STAT_RCVMCAST); |
1052 | |
1053 | |
1054 | /* |
1055 | * Search for a matching interface address |
1056 | * or any address on the interface to use |
1057 | * as a dummy address in the rest of this function |
1058 | */ |
1059 | s = pserialize_read_enter(); |
1060 | IN_ADDRHASH_READER_FOREACH(ia, itaddr.s_addr) { |
1061 | if (!in_hosteq(ia->ia_addr.sin_addr, itaddr)) |
1062 | continue; |
1063 | #if NCARP > 0 |
1064 | if (ia->ia_ifp->if_type == IFT_CARP && |
1065 | ((ia->ia_ifp->if_flags & (IFF_UP|IFF_RUNNING)) == |
1066 | (IFF_UP|IFF_RUNNING))) { |
1067 | index++; |
1068 | if (ia->ia_ifp == rcvif && |
1069 | carp_iamatch(ia, ar_sha(ah), |
1070 | &count, index)) { |
1071 | break; |
1072 | } |
1073 | } else |
1074 | #endif |
1075 | if (ia->ia_ifp == rcvif) |
1076 | break; |
1077 | #if NBRIDGE > 0 |
1078 | /* |
1079 | * If the interface we received the packet on |
1080 | * is part of a bridge, check to see if we need |
1081 | * to "bridge" the packet to ourselves at this |
1082 | * layer. Note we still prefer a perfect match, |
1083 | * but allow this weaker match if necessary. |
1084 | */ |
1085 | if (rcvif->if_bridge != NULL && |
1086 | rcvif->if_bridge == ia->ia_ifp->if_bridge) |
1087 | bridge_ia = ia; |
1088 | #endif /* NBRIDGE > 0 */ |
1089 | } |
1090 | |
1091 | #if NBRIDGE > 0 |
1092 | if (ia == NULL && bridge_ia != NULL) { |
1093 | ia = bridge_ia; |
1094 | m_put_rcvif_psref(rcvif, &psref); |
1095 | rcvif = NULL; |
1096 | /* FIXME */ |
1097 | ifp = bridge_ia->ia_ifp; |
1098 | } |
1099 | #endif |
1100 | if (ia != NULL) |
1101 | ia4_acquire(ia, &psref_ia); |
1102 | pserialize_read_exit(s); |
1103 | |
1104 | if (ia == NULL) { |
1105 | ia = in_get_ia_on_iface_psref(isaddr, rcvif, &psref_ia); |
1106 | if (ia == NULL) { |
1107 | ia = in_get_ia_from_ifp_psref(ifp, &psref_ia); |
1108 | if (ia == NULL) { |
1109 | ARP_STATINC(ARP_STAT_RCVNOINT); |
1110 | goto out; |
1111 | } |
1112 | } |
1113 | } |
1114 | |
1115 | myaddr = ia->ia_addr.sin_addr; |
1116 | |
1117 | /* XXX checks for bridge case? */ |
1118 | if (!memcmp(ar_sha(ah), CLLADDR(ifp->if_sadl), ifp->if_addrlen)) { |
1119 | ARP_STATINC(ARP_STAT_RCVLOCALSHA); |
1120 | goto out; /* it's from me, ignore it. */ |
1121 | } |
1122 | |
1123 | /* XXX checks for bridge case? */ |
1124 | if (!memcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) { |
1125 | ARP_STATINC(ARP_STAT_RCVBCASTSHA); |
1126 | log(LOG_ERR, |
1127 | "%s: arp: link address is broadcast for IP address %s!\n" , |
1128 | ifp->if_xname, in_fmtaddr(isaddr)); |
1129 | goto out; |
1130 | } |
1131 | |
1132 | /* |
1133 | * If the source IP address is zero, this is an RFC 5227 ARP probe |
1134 | */ |
1135 | if (in_nullhost(isaddr)) |
1136 | ARP_STATINC(ARP_STAT_RCVZEROSPA); |
1137 | else if (in_hosteq(isaddr, myaddr)) |
1138 | ARP_STATINC(ARP_STAT_RCVLOCALSPA); |
1139 | |
1140 | /* |
1141 | * If the target IP address is zero, ignore the packet. |
1142 | * This prevents the code below from tring to answer |
1143 | * when we are using IP address zero (booting). |
1144 | */ |
1145 | if (in_nullhost(itaddr)) { |
1146 | ARP_STATINC(ARP_STAT_RCVZEROTPA); |
1147 | goto out; |
1148 | } |
1149 | |
1150 | /* DAD check, RFC 5227 */ |
1151 | if (in_hosteq(isaddr, myaddr) || |
1152 | (in_nullhost(isaddr) && in_hosteq(itaddr, myaddr))) |
1153 | { |
1154 | arp_dad_duplicated((struct ifaddr *)ia, |
1155 | lla_snprintf(ar_sha(ah), ah->ar_hln)); |
1156 | goto out; |
1157 | } |
1158 | |
1159 | if (in_nullhost(isaddr)) |
1160 | goto reply; |
1161 | |
1162 | if (in_hosteq(itaddr, myaddr)) |
1163 | la = arpcreate(ifp, m, &isaddr, NULL, 1); |
1164 | else |
1165 | la = arplookup(ifp, m, &isaddr, NULL, 1); |
1166 | if (la == NULL) |
1167 | goto reply; |
1168 | |
1169 | if ((la->la_flags & LLE_VALID) && |
1170 | memcmp(ar_sha(ah), &la->ll_addr, ifp->if_addrlen)) { |
1171 | if (la->la_flags & LLE_STATIC) { |
1172 | ARP_STATINC(ARP_STAT_RCVOVERPERM); |
1173 | if (!log_permanent_modify) |
1174 | goto out; |
1175 | log(LOG_INFO, |
1176 | "%s tried to overwrite permanent arp info" |
1177 | " for %s\n" , |
1178 | lla_snprintf(ar_sha(ah), ah->ar_hln), |
1179 | in_fmtaddr(isaddr)); |
1180 | goto out; |
1181 | } else if (la->lle_tbl->llt_ifp != ifp) { |
1182 | /* XXX should not happen? */ |
1183 | ARP_STATINC(ARP_STAT_RCVOVERINT); |
1184 | if (!log_wrong_iface) |
1185 | goto out; |
1186 | log(LOG_INFO, |
1187 | "%s on %s tried to overwrite " |
1188 | "arp info for %s on %s\n" , |
1189 | lla_snprintf(ar_sha(ah), ah->ar_hln), |
1190 | ifp->if_xname, in_fmtaddr(isaddr), |
1191 | la->lle_tbl->llt_ifp->if_xname); |
1192 | goto out; |
1193 | } else { |
1194 | ARP_STATINC(ARP_STAT_RCVOVER); |
1195 | if (log_movements) |
1196 | log(LOG_INFO, "arp info overwritten " |
1197 | "for %s by %s\n" , |
1198 | in_fmtaddr(isaddr), |
1199 | lla_snprintf(ar_sha(ah), |
1200 | ah->ar_hln)); |
1201 | } |
1202 | } |
1203 | |
1204 | /* XXX llentry should have addrlen? */ |
1205 | #if 0 |
1206 | /* |
1207 | * sanity check for the address length. |
1208 | * XXX this does not work for protocols with variable address |
1209 | * length. -is |
1210 | */ |
1211 | if (sdl->sdl_alen && sdl->sdl_alen != ah->ar_hln) { |
1212 | ARP_STATINC(ARP_STAT_RCVLENCHG); |
1213 | log(LOG_WARNING, |
1214 | "arp from %s: new addr len %d, was %d\n" , |
1215 | in_fmtaddr(isaddr), ah->ar_hln, sdl->sdl_alen); |
1216 | } |
1217 | #endif |
1218 | |
1219 | if (ifp->if_addrlen != ah->ar_hln) { |
1220 | ARP_STATINC(ARP_STAT_RCVBADLEN); |
1221 | log(LOG_WARNING, |
1222 | "arp from %s: addr len: new %d, i/f %d (ignored)\n" , |
1223 | in_fmtaddr(isaddr), ah->ar_hln, |
1224 | ifp->if_addrlen); |
1225 | goto reply; |
1226 | } |
1227 | |
1228 | #if NTOKEN > 0 |
1229 | /* |
1230 | * XXX uses m_data and assumes the complete answer including |
1231 | * XXX token-ring headers is in the same buf |
1232 | */ |
1233 | if (ifp->if_type == IFT_ISO88025) { |
1234 | struct token_header *trh; |
1235 | |
1236 | trh = (struct token_header *)M_TRHSTART(m); |
1237 | if (trh->token_shost[0] & TOKEN_RI_PRESENT) { |
1238 | struct token_rif *rif; |
1239 | size_t riflen; |
1240 | |
1241 | rif = TOKEN_RIF(trh); |
1242 | riflen = (ntohs(rif->tr_rcf) & |
1243 | TOKEN_RCF_LEN_MASK) >> 8; |
1244 | |
1245 | if (riflen > 2 && |
1246 | riflen < sizeof(struct token_rif) && |
1247 | (riflen & 1) == 0) { |
1248 | rif->tr_rcf ^= htons(TOKEN_RCF_DIRECTION); |
1249 | rif->tr_rcf &= htons(~TOKEN_RCF_BROADCAST_MASK); |
1250 | memcpy(TOKEN_RIF_LLE(la), rif, riflen); |
1251 | } |
1252 | } |
1253 | } |
1254 | #endif /* NTOKEN > 0 */ |
1255 | |
1256 | KASSERT(sizeof(la->ll_addr) >= ifp->if_addrlen); |
1257 | (void)memcpy(&la->ll_addr, ar_sha(ah), ifp->if_addrlen); |
1258 | la->la_flags |= LLE_VALID; |
1259 | if ((la->la_flags & LLE_STATIC) == 0) { |
1260 | la->la_expire = time_uptime + arpt_keep; |
1261 | arp_settimer(la, arpt_keep); |
1262 | } |
1263 | la->la_asked = 0; |
1264 | /* rt->rt_flags &= ~RTF_REJECT; */ |
1265 | |
1266 | if (la->la_hold != NULL) { |
1267 | int n = la->la_numheld; |
1268 | struct mbuf *m_hold, *m_hold_next; |
1269 | struct sockaddr_in sin; |
1270 | |
1271 | sockaddr_in_init(&sin, &la->r_l3addr.addr4, 0); |
1272 | |
1273 | m_hold = la->la_hold; |
1274 | la->la_hold = NULL; |
1275 | la->la_numheld = 0; |
1276 | /* |
1277 | * We have to unlock here because if_output would call |
1278 | * arpresolve |
1279 | */ |
1280 | LLE_WUNLOCK(la); |
1281 | ARP_STATADD(ARP_STAT_DFRSENT, n); |
1282 | ARP_STATADD(ARP_STAT_DFRTOTAL, n); |
1283 | for (; m_hold != NULL; m_hold = m_hold_next) { |
1284 | m_hold_next = m_hold->m_nextpkt; |
1285 | m_hold->m_nextpkt = NULL; |
1286 | if_output_lock(ifp, ifp, m_hold, sintosa(&sin), NULL); |
1287 | } |
1288 | } else |
1289 | LLE_WUNLOCK(la); |
1290 | la = NULL; |
1291 | |
1292 | reply: |
1293 | if (la != NULL) { |
1294 | LLE_WUNLOCK(la); |
1295 | la = NULL; |
1296 | } |
1297 | if (op != ARPOP_REQUEST) { |
1298 | if (op == ARPOP_REPLY) |
1299 | ARP_STATINC(ARP_STAT_RCVREPLY); |
1300 | goto out; |
1301 | } |
1302 | ARP_STATINC(ARP_STAT_RCVREQUEST); |
1303 | if (in_hosteq(itaddr, myaddr)) { |
1304 | /* If our address is unuseable, don't reply */ |
1305 | if (ia->ia4_flags & (IN_IFF_NOTREADY | IN_IFF_DETACHED)) |
1306 | goto out; |
1307 | /* I am the target */ |
1308 | tha = ar_tha(ah); |
1309 | if (tha) |
1310 | memcpy(tha, ar_sha(ah), ah->ar_hln); |
1311 | memcpy(ar_sha(ah), CLLADDR(ifp->if_sadl), ah->ar_hln); |
1312 | } else { |
1313 | /* Proxy ARP */ |
1314 | struct llentry *lle = NULL; |
1315 | struct sockaddr_in sin; |
1316 | #if NCARP > 0 |
1317 | struct ifnet *_rcvif = m_get_rcvif(m, &s); |
1318 | if (ifp->if_type == IFT_CARP && _rcvif->if_type != IFT_CARP) |
1319 | goto out; |
1320 | m_put_rcvif(_rcvif, &s); |
1321 | #endif |
1322 | |
1323 | tha = ar_tha(ah); |
1324 | |
1325 | sockaddr_in_init(&sin, &itaddr, 0); |
1326 | |
1327 | IF_AFDATA_RLOCK(ifp); |
1328 | lle = lla_lookup(LLTABLE(ifp), 0, (struct sockaddr *)&sin); |
1329 | IF_AFDATA_RUNLOCK(ifp); |
1330 | |
1331 | if ((lle != NULL) && (lle->la_flags & LLE_PUB)) { |
1332 | (void)memcpy(tha, ar_sha(ah), ah->ar_hln); |
1333 | (void)memcpy(ar_sha(ah), &lle->ll_addr, ah->ar_hln); |
1334 | LLE_RUNLOCK(lle); |
1335 | } else { |
1336 | if (lle != NULL) |
1337 | LLE_RUNLOCK(lle); |
1338 | goto drop; |
1339 | } |
1340 | } |
1341 | ia4_release(ia, &psref_ia); |
1342 | |
1343 | memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln); |
1344 | memcpy(ar_spa(ah), &itaddr, ah->ar_pln); |
1345 | ah->ar_op = htons(ARPOP_REPLY); |
1346 | ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */ |
1347 | switch (ifp->if_type) { |
1348 | case IFT_IEEE1394: |
1349 | /* |
1350 | * ieee1394 arp reply is broadcast |
1351 | */ |
1352 | m->m_flags &= ~M_MCAST; |
1353 | m->m_flags |= M_BCAST; |
1354 | m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + ah->ar_hln; |
1355 | break; |
1356 | default: |
1357 | m->m_flags &= ~(M_BCAST|M_MCAST); /* never reply by broadcast */ |
1358 | m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + (2 * ah->ar_hln); |
1359 | break; |
1360 | } |
1361 | m->m_pkthdr.len = m->m_len; |
1362 | sa.sa_family = AF_ARP; |
1363 | sa.sa_len = 2; |
1364 | arps = ARP_STAT_GETREF(); |
1365 | arps[ARP_STAT_SNDTOTAL]++; |
1366 | arps[ARP_STAT_SNDREPLY]++; |
1367 | ARP_STAT_PUTREF(); |
1368 | if_output_lock(ifp, ifp, m, &sa, NULL); |
1369 | if (rcvif != NULL) |
1370 | m_put_rcvif_psref(rcvif, &psref); |
1371 | return; |
1372 | |
1373 | out: |
1374 | if (la != NULL) |
1375 | LLE_WUNLOCK(la); |
1376 | drop: |
1377 | if (ia != NULL) |
1378 | ia4_release(ia, &psref_ia); |
1379 | if (rcvif != NULL) |
1380 | m_put_rcvif_psref(rcvif, &psref); |
1381 | m_freem(m); |
1382 | } |
1383 | |
1384 | /* |
1385 | * Lookup or a new address in arptab. |
1386 | */ |
1387 | static struct llentry * |
1388 | arplookup(struct ifnet *ifp, struct mbuf *m, const struct in_addr *addr, |
1389 | const struct sockaddr *sa, int wlock) |
1390 | { |
1391 | struct sockaddr_in sin; |
1392 | struct llentry *la; |
1393 | int flags = wlock ? LLE_EXCLUSIVE : 0; |
1394 | |
1395 | |
1396 | if (sa == NULL) { |
1397 | KASSERT(addr != NULL); |
1398 | sockaddr_in_init(&sin, addr, 0); |
1399 | sa = sintocsa(&sin); |
1400 | } |
1401 | |
1402 | IF_AFDATA_RLOCK(ifp); |
1403 | la = lla_lookup(LLTABLE(ifp), flags, sa); |
1404 | IF_AFDATA_RUNLOCK(ifp); |
1405 | |
1406 | return la; |
1407 | } |
1408 | |
1409 | static struct llentry * |
1410 | arpcreate(struct ifnet *ifp, struct mbuf *m, const struct in_addr *addr, |
1411 | const struct sockaddr *sa, int wlock) |
1412 | { |
1413 | struct sockaddr_in sin; |
1414 | struct llentry *la; |
1415 | int flags = wlock ? LLE_EXCLUSIVE : 0; |
1416 | |
1417 | if (sa == NULL) { |
1418 | KASSERT(addr != NULL); |
1419 | sockaddr_in_init(&sin, addr, 0); |
1420 | sa = sintocsa(&sin); |
1421 | } |
1422 | |
1423 | la = arplookup(ifp, m, addr, sa, wlock); |
1424 | |
1425 | if (la == NULL) { |
1426 | IF_AFDATA_WLOCK(ifp); |
1427 | la = lla_create(LLTABLE(ifp), flags, sa); |
1428 | IF_AFDATA_WUNLOCK(ifp); |
1429 | |
1430 | if (la != NULL) |
1431 | arp_init_llentry(ifp, la); |
1432 | } |
1433 | |
1434 | return la; |
1435 | } |
1436 | |
1437 | int |
1438 | arpioctl(u_long cmd, void *data) |
1439 | { |
1440 | |
1441 | return EOPNOTSUPP; |
1442 | } |
1443 | |
1444 | void |
1445 | arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa) |
1446 | { |
1447 | struct in_addr *ip; |
1448 | struct in_ifaddr *ia = (struct in_ifaddr *)ifa; |
1449 | |
1450 | /* |
1451 | * Warn the user if another station has this IP address, |
1452 | * but only if the interface IP address is not zero. |
1453 | */ |
1454 | ip = &IA_SIN(ifa)->sin_addr; |
1455 | if (!in_nullhost(*ip) && |
1456 | (ia->ia4_flags & (IN_IFF_NOTREADY | IN_IFF_DETACHED)) == 0) { |
1457 | struct llentry *lle; |
1458 | |
1459 | /* |
1460 | * interface address is considered static entry |
1461 | * because the output of the arp utility shows |
1462 | * that L2 entry as permanent |
1463 | */ |
1464 | IF_AFDATA_WLOCK(ifp); |
1465 | lle = lla_create(LLTABLE(ifp), (LLE_IFADDR | LLE_STATIC), |
1466 | (struct sockaddr *)IA_SIN(ifa)); |
1467 | IF_AFDATA_WUNLOCK(ifp); |
1468 | if (lle == NULL) |
1469 | log(LOG_INFO, "%s: cannot create arp entry for" |
1470 | " interface address\n" , __func__); |
1471 | else { |
1472 | arp_init_llentry(ifp, lle); |
1473 | LLE_RUNLOCK(lle); |
1474 | } |
1475 | } |
1476 | |
1477 | ifa->ifa_rtrequest = arp_rtrequest; |
1478 | ifa->ifa_flags |= RTF_CONNECTED; |
1479 | |
1480 | /* ARP will handle DAD for this address. */ |
1481 | if (in_nullhost(*ip)) { |
1482 | if (ia->ia_dad_stop != NULL) /* safety */ |
1483 | ia->ia_dad_stop(ifa); |
1484 | ia->ia_dad_start = NULL; |
1485 | ia->ia_dad_stop = NULL; |
1486 | ia->ia4_flags &= ~IN_IFF_TENTATIVE; |
1487 | } else { |
1488 | ia->ia_dad_start = arp_dad_start; |
1489 | ia->ia_dad_stop = arp_dad_stop; |
1490 | if (ia->ia4_flags & IN_IFF_TRYTENTATIVE) |
1491 | ia->ia4_flags |= IN_IFF_TENTATIVE; |
1492 | else |
1493 | arpannounce1(ifa); |
1494 | } |
1495 | } |
1496 | |
1497 | TAILQ_HEAD(dadq_head, dadq); |
1498 | struct dadq { |
1499 | TAILQ_ENTRY(dadq) dad_list; |
1500 | struct ifaddr *dad_ifa; |
1501 | int dad_count; /* max ARP to send */ |
1502 | int dad_arp_tcount; /* # of trials to send ARP */ |
1503 | int dad_arp_ocount; /* ARP sent so far */ |
1504 | int dad_arp_announce; /* max ARP announcements */ |
1505 | int dad_arp_acount; /* # of announcements */ |
1506 | struct callout dad_timer_ch; |
1507 | }; |
1508 | MALLOC_JUSTDEFINE(M_IPARP, "ARP DAD" , "ARP DAD Structure" ); |
1509 | |
1510 | static struct dadq_head dadq; |
1511 | static int dad_init = 0; |
1512 | static int dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */ |
1513 | static kmutex_t arp_dad_lock; |
1514 | |
1515 | static struct dadq * |
1516 | arp_dad_find(struct ifaddr *ifa) |
1517 | { |
1518 | struct dadq *dp; |
1519 | |
1520 | KASSERT(mutex_owned(&arp_dad_lock)); |
1521 | |
1522 | TAILQ_FOREACH(dp, &dadq, dad_list) { |
1523 | if (dp->dad_ifa == ifa) |
1524 | return dp; |
1525 | } |
1526 | return NULL; |
1527 | } |
1528 | |
1529 | static void |
1530 | arp_dad_starttimer(struct dadq *dp, int ticks) |
1531 | { |
1532 | |
1533 | callout_reset(&dp->dad_timer_ch, ticks, |
1534 | (void (*)(void *))arp_dad_timer, (void *)dp->dad_ifa); |
1535 | } |
1536 | |
1537 | static void |
1538 | arp_dad_stoptimer(struct dadq *dp) |
1539 | { |
1540 | |
1541 | #ifdef NET_MPSAFE |
1542 | callout_halt(&dp->dad_timer_ch, NULL); |
1543 | #else |
1544 | callout_halt(&dp->dad_timer_ch, softnet_lock); |
1545 | #endif |
1546 | } |
1547 | |
1548 | static void |
1549 | arp_dad_output(struct dadq *dp, struct ifaddr *ifa) |
1550 | { |
1551 | struct in_ifaddr *ia = (struct in_ifaddr *)ifa; |
1552 | struct ifnet *ifp = ifa->ifa_ifp; |
1553 | struct in_addr sip; |
1554 | |
1555 | dp->dad_arp_tcount++; |
1556 | if ((ifp->if_flags & IFF_UP) == 0) |
1557 | return; |
1558 | if ((ifp->if_flags & IFF_RUNNING) == 0) |
1559 | return; |
1560 | |
1561 | dp->dad_arp_tcount = 0; |
1562 | dp->dad_arp_ocount++; |
1563 | |
1564 | memset(&sip, 0, sizeof(sip)); |
1565 | arprequest(ifa->ifa_ifp, &sip, &ia->ia_addr.sin_addr, |
1566 | CLLADDR(ifa->ifa_ifp->if_sadl)); |
1567 | } |
1568 | |
1569 | /* |
1570 | * Start Duplicate Address Detection (DAD) for specified interface address. |
1571 | */ |
1572 | static void |
1573 | arp_dad_start(struct ifaddr *ifa) |
1574 | { |
1575 | struct in_ifaddr *ia = (struct in_ifaddr *)ifa; |
1576 | struct dadq *dp; |
1577 | |
1578 | if (!dad_init) { |
1579 | TAILQ_INIT(&dadq); |
1580 | mutex_init(&arp_dad_lock, MUTEX_DEFAULT, IPL_NONE); |
1581 | dad_init++; |
1582 | } |
1583 | |
1584 | /* |
1585 | * If we don't need DAD, don't do it. |
1586 | * - DAD is disabled (ip_dad_count == 0) |
1587 | */ |
1588 | if (!(ia->ia4_flags & IN_IFF_TENTATIVE)) { |
1589 | log(LOG_DEBUG, |
1590 | "%s: called with non-tentative address %s(%s)\n" , __func__, |
1591 | in_fmtaddr(ia->ia_addr.sin_addr), |
1592 | ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???" ); |
1593 | return; |
1594 | } |
1595 | if (!ip_dad_count) { |
1596 | ia->ia4_flags &= ~IN_IFF_TENTATIVE; |
1597 | rt_newaddrmsg(RTM_NEWADDR, ifa, 0, NULL); |
1598 | arpannounce1(ifa); |
1599 | return; |
1600 | } |
1601 | KASSERT(ifa->ifa_ifp != NULL); |
1602 | if (!(ifa->ifa_ifp->if_flags & IFF_UP)) |
1603 | return; |
1604 | |
1605 | mutex_enter(&arp_dad_lock); |
1606 | if (arp_dad_find(ifa) != NULL) { |
1607 | mutex_exit(&arp_dad_lock); |
1608 | /* DAD already in progress */ |
1609 | return; |
1610 | } |
1611 | |
1612 | dp = malloc(sizeof(*dp), M_IPARP, M_NOWAIT); |
1613 | if (dp == NULL) { |
1614 | mutex_exit(&arp_dad_lock); |
1615 | log(LOG_ERR, "%s: memory allocation failed for %s(%s)\n" , |
1616 | __func__, in_fmtaddr(ia->ia_addr.sin_addr), |
1617 | ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???" ); |
1618 | return; |
1619 | } |
1620 | memset(dp, 0, sizeof(*dp)); |
1621 | callout_init(&dp->dad_timer_ch, CALLOUT_MPSAFE); |
1622 | |
1623 | /* |
1624 | * Send ARP packet for DAD, ip_dad_count times. |
1625 | * Note that we must delay the first transmission. |
1626 | */ |
1627 | dp->dad_ifa = ifa; |
1628 | ifaref(ifa); /* just for safety */ |
1629 | dp->dad_count = ip_dad_count; |
1630 | dp->dad_arp_announce = 0; /* Will be set when starting to announce */ |
1631 | dp->dad_arp_acount = dp->dad_arp_ocount = dp->dad_arp_tcount = 0; |
1632 | TAILQ_INSERT_TAIL(&dadq, (struct dadq *)dp, dad_list); |
1633 | |
1634 | arplog(LOG_DEBUG, "%s: starting DAD for %s\n" , if_name(ifa->ifa_ifp), |
1635 | in_fmtaddr(ia->ia_addr.sin_addr)); |
1636 | |
1637 | arp_dad_starttimer(dp, cprng_fast32() % (PROBE_WAIT * hz)); |
1638 | |
1639 | mutex_exit(&arp_dad_lock); |
1640 | } |
1641 | |
1642 | /* |
1643 | * terminate DAD unconditionally. used for address removals. |
1644 | */ |
1645 | static void |
1646 | arp_dad_stop(struct ifaddr *ifa) |
1647 | { |
1648 | struct dadq *dp; |
1649 | |
1650 | if (!dad_init) |
1651 | return; |
1652 | |
1653 | mutex_enter(&arp_dad_lock); |
1654 | dp = arp_dad_find(ifa); |
1655 | if (dp == NULL) { |
1656 | mutex_exit(&arp_dad_lock); |
1657 | /* DAD wasn't started yet */ |
1658 | return; |
1659 | } |
1660 | |
1661 | /* Prevent the timer from running anymore. */ |
1662 | TAILQ_REMOVE(&dadq, dp, dad_list); |
1663 | mutex_exit(&arp_dad_lock); |
1664 | |
1665 | arp_dad_stoptimer(dp); |
1666 | |
1667 | free(dp, M_IPARP); |
1668 | dp = NULL; |
1669 | ifafree(ifa); |
1670 | } |
1671 | |
1672 | static void |
1673 | arp_dad_timer(struct ifaddr *ifa) |
1674 | { |
1675 | struct in_ifaddr *ia = (struct in_ifaddr *)ifa; |
1676 | struct dadq *dp; |
1677 | |
1678 | mutex_enter(softnet_lock); |
1679 | KERNEL_LOCK(1, NULL); |
1680 | mutex_enter(&arp_dad_lock); |
1681 | |
1682 | /* Sanity check */ |
1683 | if (ia == NULL) { |
1684 | log(LOG_ERR, "%s: called with null parameter\n" , __func__); |
1685 | goto done; |
1686 | } |
1687 | dp = arp_dad_find(ifa); |
1688 | if (dp == NULL) { |
1689 | /* DAD seems to be stopping, so do nothing. */ |
1690 | goto done; |
1691 | } |
1692 | if (ia->ia4_flags & IN_IFF_DUPLICATED) { |
1693 | log(LOG_ERR, "%s: called with duplicate address %s(%s)\n" , |
1694 | __func__, in_fmtaddr(ia->ia_addr.sin_addr), |
1695 | ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???" ); |
1696 | goto done; |
1697 | } |
1698 | if ((ia->ia4_flags & IN_IFF_TENTATIVE) == 0 && dp->dad_arp_acount == 0) |
1699 | { |
1700 | log(LOG_ERR, "%s: called with non-tentative address %s(%s)\n" , |
1701 | __func__, in_fmtaddr(ia->ia_addr.sin_addr), |
1702 | ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???" ); |
1703 | goto done; |
1704 | } |
1705 | |
1706 | /* timeouted with IFF_{RUNNING,UP} check */ |
1707 | if (dp->dad_arp_tcount > dad_maxtry) { |
1708 | arplog(LOG_INFO, "%s: could not run DAD, driver problem?\n" , |
1709 | if_name(ifa->ifa_ifp)); |
1710 | |
1711 | TAILQ_REMOVE(&dadq, dp, dad_list); |
1712 | free(dp, M_IPARP); |
1713 | dp = NULL; |
1714 | ifafree(ifa); |
1715 | goto done; |
1716 | } |
1717 | |
1718 | /* Need more checks? */ |
1719 | if (dp->dad_arp_ocount < dp->dad_count) { |
1720 | int adelay; |
1721 | |
1722 | /* |
1723 | * We have more ARP to go. Send ARP packet for DAD. |
1724 | */ |
1725 | arp_dad_output(dp, ifa); |
1726 | if (dp->dad_arp_ocount < dp->dad_count) |
1727 | adelay = (PROBE_MIN * hz) + |
1728 | (cprng_fast32() % |
1729 | ((PROBE_MAX * hz) - (PROBE_MIN * hz))); |
1730 | else |
1731 | adelay = ANNOUNCE_WAIT * hz; |
1732 | arp_dad_starttimer(dp, adelay); |
1733 | goto done; |
1734 | } else if (dp->dad_arp_acount == 0) { |
1735 | /* |
1736 | * We are done with DAD. |
1737 | * No duplicate address found. |
1738 | */ |
1739 | ia->ia4_flags &= ~IN_IFF_TENTATIVE; |
1740 | rt_newaddrmsg(RTM_NEWADDR, ifa, 0, NULL); |
1741 | arplog(LOG_DEBUG, |
1742 | "%s: DAD complete for %s - no duplicates found\n" , |
1743 | if_name(ifa->ifa_ifp), |
1744 | in_fmtaddr(ia->ia_addr.sin_addr)); |
1745 | dp->dad_arp_announce = ANNOUNCE_NUM; |
1746 | goto announce; |
1747 | } else if (dp->dad_arp_acount < dp->dad_arp_announce) { |
1748 | announce: |
1749 | /* |
1750 | * Announce the address. |
1751 | */ |
1752 | arpannounce1(ifa); |
1753 | dp->dad_arp_acount++; |
1754 | if (dp->dad_arp_acount < dp->dad_arp_announce) { |
1755 | arp_dad_starttimer(dp, ANNOUNCE_INTERVAL * hz); |
1756 | goto done; |
1757 | } |
1758 | arplog(LOG_DEBUG, |
1759 | "%s: ARP announcement complete for %s\n" , |
1760 | if_name(ifa->ifa_ifp), |
1761 | in_fmtaddr(ia->ia_addr.sin_addr)); |
1762 | } |
1763 | |
1764 | TAILQ_REMOVE(&dadq, dp, dad_list); |
1765 | free(dp, M_IPARP); |
1766 | dp = NULL; |
1767 | ifafree(ifa); |
1768 | |
1769 | done: |
1770 | mutex_exit(&arp_dad_lock); |
1771 | KERNEL_UNLOCK_ONE(NULL); |
1772 | mutex_exit(softnet_lock); |
1773 | } |
1774 | |
1775 | static void |
1776 | arp_dad_duplicated(struct ifaddr *ifa, const char *sha) |
1777 | { |
1778 | struct in_ifaddr *ia = (struct in_ifaddr *)ifa; |
1779 | struct ifnet *ifp = ifa->ifa_ifp; |
1780 | const char *iastr = in_fmtaddr(ia->ia_addr.sin_addr); |
1781 | |
1782 | if (ia->ia4_flags & (IN_IFF_TENTATIVE|IN_IFF_DUPLICATED)) { |
1783 | log(LOG_ERR, |
1784 | "%s: DAD duplicate address %s from %s\n" , |
1785 | if_name(ifp), iastr, sha); |
1786 | } else if (ia->ia_dad_defended == 0 || |
1787 | ia->ia_dad_defended < time_uptime - DEFEND_INTERVAL) { |
1788 | ia->ia_dad_defended = time_uptime; |
1789 | arpannounce1(ifa); |
1790 | log(LOG_ERR, |
1791 | "%s: DAD defended address %s from %s\n" , |
1792 | if_name(ifp), iastr, sha); |
1793 | return; |
1794 | } else { |
1795 | /* If DAD is disabled, just report the duplicate. */ |
1796 | if (ip_dad_count == 0) { |
1797 | log(LOG_ERR, |
1798 | "%s: DAD ignoring duplicate address %s from %s\n" , |
1799 | if_name(ifp), iastr, sha); |
1800 | return; |
1801 | } |
1802 | log(LOG_ERR, |
1803 | "%s: DAD defence failed for %s from %s\n" , |
1804 | if_name(ifp), iastr, sha); |
1805 | } |
1806 | |
1807 | arp_dad_stop(ifa); |
1808 | |
1809 | ia->ia4_flags &= ~IN_IFF_TENTATIVE; |
1810 | if ((ia->ia4_flags & IN_IFF_DUPLICATED) == 0) { |
1811 | ia->ia4_flags |= IN_IFF_DUPLICATED; |
1812 | /* Inform the routing socket of the duplicate address */ |
1813 | rt_newaddrmsg(RTM_NEWADDR, ifa, 0, NULL); |
1814 | } |
1815 | } |
1816 | |
1817 | /* |
1818 | * Called from 10 Mb/s Ethernet interrupt handlers |
1819 | * when ether packet type ETHERTYPE_REVARP |
1820 | * is received. Common length and type checks are done here, |
1821 | * then the protocol-specific routine is called. |
1822 | */ |
1823 | void |
1824 | revarpinput(struct mbuf *m) |
1825 | { |
1826 | struct arphdr *ar; |
1827 | |
1828 | if (m->m_len < sizeof(struct arphdr)) |
1829 | goto out; |
1830 | ar = mtod(m, struct arphdr *); |
1831 | #if 0 /* XXX I don't think we need this... and it will prevent other LL */ |
1832 | if (ntohs(ar->ar_hrd) != ARPHRD_ETHER) |
1833 | goto out; |
1834 | #endif |
1835 | if (m->m_len < sizeof(struct arphdr) + 2 * (ar->ar_hln + ar->ar_pln)) |
1836 | goto out; |
1837 | switch (ntohs(ar->ar_pro)) { |
1838 | case ETHERTYPE_IP: |
1839 | case ETHERTYPE_IPTRAILERS: |
1840 | in_revarpinput(m); |
1841 | return; |
1842 | |
1843 | default: |
1844 | break; |
1845 | } |
1846 | out: |
1847 | m_freem(m); |
1848 | } |
1849 | |
1850 | /* |
1851 | * RARP for Internet protocols on 10 Mb/s Ethernet. |
1852 | * Algorithm is that given in RFC 903. |
1853 | * We are only using for bootstrap purposes to get an ip address for one of |
1854 | * our interfaces. Thus we support no user-interface. |
1855 | * |
1856 | * Since the contents of the RARP reply are specific to the interface that |
1857 | * sent the request, this code must ensure that they are properly associated. |
1858 | * |
1859 | * Note: also supports ARP via RARP packets, per the RFC. |
1860 | */ |
1861 | void |
1862 | in_revarpinput(struct mbuf *m) |
1863 | { |
1864 | struct arphdr *ah; |
1865 | void *tha; |
1866 | int op; |
1867 | struct ifnet *rcvif; |
1868 | int s; |
1869 | |
1870 | ah = mtod(m, struct arphdr *); |
1871 | op = ntohs(ah->ar_op); |
1872 | |
1873 | rcvif = m_get_rcvif(m, &s); |
1874 | switch (rcvif->if_type) { |
1875 | case IFT_IEEE1394: |
1876 | /* ARP without target hardware address is not supported */ |
1877 | goto out; |
1878 | default: |
1879 | break; |
1880 | } |
1881 | |
1882 | switch (op) { |
1883 | case ARPOP_REQUEST: |
1884 | case ARPOP_REPLY: /* per RFC */ |
1885 | m_put_rcvif(rcvif, &s); |
1886 | in_arpinput(m); |
1887 | return; |
1888 | case ARPOP_REVREPLY: |
1889 | break; |
1890 | case ARPOP_REVREQUEST: /* handled by rarpd(8) */ |
1891 | default: |
1892 | goto out; |
1893 | } |
1894 | if (!revarp_in_progress) |
1895 | goto out; |
1896 | if (rcvif != myip_ifp) /* !same interface */ |
1897 | goto out; |
1898 | if (myip_initialized) |
1899 | goto wake; |
1900 | tha = ar_tha(ah); |
1901 | if (tha == NULL) |
1902 | goto out; |
1903 | if (memcmp(tha, CLLADDR(rcvif->if_sadl), rcvif->if_sadl->sdl_alen)) |
1904 | goto out; |
1905 | memcpy(&srv_ip, ar_spa(ah), sizeof(srv_ip)); |
1906 | memcpy(&myip, ar_tpa(ah), sizeof(myip)); |
1907 | myip_initialized = 1; |
1908 | wake: /* Do wakeup every time in case it was missed. */ |
1909 | wakeup((void *)&myip); |
1910 | |
1911 | out: |
1912 | m_put_rcvif(rcvif, &s); |
1913 | m_freem(m); |
1914 | } |
1915 | |
1916 | /* |
1917 | * Send a RARP request for the ip address of the specified interface. |
1918 | * The request should be RFC 903-compliant. |
1919 | */ |
1920 | static void |
1921 | revarprequest(struct ifnet *ifp) |
1922 | { |
1923 | struct sockaddr sa; |
1924 | struct mbuf *m; |
1925 | struct arphdr *ah; |
1926 | void *tha; |
1927 | |
1928 | if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL) |
1929 | return; |
1930 | MCLAIM(m, &arpdomain.dom_mowner); |
1931 | m->m_len = sizeof(*ah) + 2*sizeof(struct in_addr) + |
1932 | 2*ifp->if_addrlen; |
1933 | m->m_pkthdr.len = m->m_len; |
1934 | MH_ALIGN(m, m->m_len); |
1935 | ah = mtod(m, struct arphdr *); |
1936 | memset(ah, 0, m->m_len); |
1937 | ah->ar_pro = htons(ETHERTYPE_IP); |
1938 | ah->ar_hln = ifp->if_addrlen; /* hardware address length */ |
1939 | ah->ar_pln = sizeof(struct in_addr); /* protocol address length */ |
1940 | ah->ar_op = htons(ARPOP_REVREQUEST); |
1941 | |
1942 | memcpy(ar_sha(ah), CLLADDR(ifp->if_sadl), ah->ar_hln); |
1943 | tha = ar_tha(ah); |
1944 | if (tha == NULL) { |
1945 | m_free(m); |
1946 | return; |
1947 | } |
1948 | memcpy(tha, CLLADDR(ifp->if_sadl), ah->ar_hln); |
1949 | |
1950 | sa.sa_family = AF_ARP; |
1951 | sa.sa_len = 2; |
1952 | m->m_flags |= M_BCAST; |
1953 | |
1954 | if_output_lock(ifp, ifp, m, &sa, NULL); |
1955 | } |
1956 | |
1957 | /* |
1958 | * RARP for the ip address of the specified interface, but also |
1959 | * save the ip address of the server that sent the answer. |
1960 | * Timeout if no response is received. |
1961 | */ |
1962 | int |
1963 | revarpwhoarewe(struct ifnet *ifp, struct in_addr *serv_in, |
1964 | struct in_addr *clnt_in) |
1965 | { |
1966 | int result, count = 20; |
1967 | |
1968 | myip_initialized = 0; |
1969 | myip_ifp = ifp; |
1970 | |
1971 | revarp_in_progress = 1; |
1972 | while (count--) { |
1973 | revarprequest(ifp); |
1974 | result = tsleep((void *)&myip, PSOCK, "revarp" , hz/2); |
1975 | if (result != EWOULDBLOCK) |
1976 | break; |
1977 | } |
1978 | revarp_in_progress = 0; |
1979 | |
1980 | if (!myip_initialized) |
1981 | return ENETUNREACH; |
1982 | |
1983 | memcpy(serv_in, &srv_ip, sizeof(*serv_in)); |
1984 | memcpy(clnt_in, &myip, sizeof(*clnt_in)); |
1985 | return 0; |
1986 | } |
1987 | |
1988 | void |
1989 | arp_stat_add(int type, uint64_t count) |
1990 | { |
1991 | ARP_STATADD(type, count); |
1992 | } |
1993 | |
1994 | static int |
1995 | sysctl_net_inet_arp_stats(SYSCTLFN_ARGS) |
1996 | { |
1997 | |
1998 | return NETSTAT_SYSCTL(arpstat_percpu, ARP_NSTATS); |
1999 | } |
2000 | |
2001 | static void |
2002 | sysctl_net_inet_arp_setup(struct sysctllog **clog) |
2003 | { |
2004 | const struct sysctlnode *node; |
2005 | |
2006 | sysctl_createv(clog, 0, NULL, NULL, |
2007 | CTLFLAG_PERMANENT, |
2008 | CTLTYPE_NODE, "inet" , NULL, |
2009 | NULL, 0, NULL, 0, |
2010 | CTL_NET, PF_INET, CTL_EOL); |
2011 | sysctl_createv(clog, 0, NULL, &node, |
2012 | CTLFLAG_PERMANENT, |
2013 | CTLTYPE_NODE, "arp" , |
2014 | SYSCTL_DESCR("Address Resolution Protocol" ), |
2015 | NULL, 0, NULL, 0, |
2016 | CTL_NET, PF_INET, CTL_CREATE, CTL_EOL); |
2017 | |
2018 | sysctl_createv(clog, 0, NULL, NULL, |
2019 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
2020 | CTLTYPE_INT, "keep" , |
2021 | SYSCTL_DESCR("Valid ARP entry lifetime in seconds" ), |
2022 | NULL, 0, &arpt_keep, 0, |
2023 | CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL); |
2024 | |
2025 | sysctl_createv(clog, 0, NULL, NULL, |
2026 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
2027 | CTLTYPE_INT, "down" , |
2028 | SYSCTL_DESCR("Failed ARP entry lifetime in seconds" ), |
2029 | NULL, 0, &arpt_down, 0, |
2030 | CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL); |
2031 | |
2032 | sysctl_createv(clog, 0, NULL, NULL, |
2033 | CTLFLAG_PERMANENT, |
2034 | CTLTYPE_STRUCT, "stats" , |
2035 | SYSCTL_DESCR("ARP statistics" ), |
2036 | sysctl_net_inet_arp_stats, 0, NULL, 0, |
2037 | CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL); |
2038 | |
2039 | sysctl_createv(clog, 0, NULL, NULL, |
2040 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
2041 | CTLTYPE_INT, "log_movements" , |
2042 | SYSCTL_DESCR("log ARP replies from MACs different than" |
2043 | " the one in the cache" ), |
2044 | NULL, 0, &log_movements, 0, |
2045 | CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL); |
2046 | |
2047 | sysctl_createv(clog, 0, NULL, NULL, |
2048 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
2049 | CTLTYPE_INT, "log_permanent_modify" , |
2050 | SYSCTL_DESCR("log ARP replies from MACs different than" |
2051 | " the one in the permanent arp entry" ), |
2052 | NULL, 0, &log_permanent_modify, 0, |
2053 | CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL); |
2054 | |
2055 | sysctl_createv(clog, 0, NULL, NULL, |
2056 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
2057 | CTLTYPE_INT, "log_wrong_iface" , |
2058 | SYSCTL_DESCR("log ARP packets arriving on the wrong" |
2059 | " interface" ), |
2060 | NULL, 0, &log_wrong_iface, 0, |
2061 | CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL); |
2062 | |
2063 | sysctl_createv(clog, 0, NULL, NULL, |
2064 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
2065 | CTLTYPE_INT, "log_unknown_network" , |
2066 | SYSCTL_DESCR("log ARP packets from non-local network" ), |
2067 | NULL, 0, &log_unknown_network, 0, |
2068 | CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL); |
2069 | |
2070 | sysctl_createv(clog, 0, NULL, NULL, |
2071 | CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
2072 | CTLTYPE_INT, "debug" , |
2073 | SYSCTL_DESCR("Enable ARP DAD debug output" ), |
2074 | NULL, 0, &arp_debug, 0, |
2075 | CTL_NET, PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL); |
2076 | } |
2077 | |
2078 | #endif /* INET */ |
2079 | |