ip6_if.c revision b127ac411761a3d8d642d9342d9cac2785e1faaa
* Look for an ipif with the specified interface address and destination. * The destination address is used only for matching point-to-point interfaces. * First match all the point-to-point interfaces * before looking at non-point-to-point interfaces. * This is done to avoid returning non-point-to-point * ipif instead of unnumbered point-to-point ipif. /* Allow the ipif to be down */ /* lookup the ipif based on interface address */ * Look for an ipif with the specified address. For point-point links * we look for matches on either the destination address and the local * address, but we ignore the check on the local address if IPIF_UNNUMBERED * Matches on a specific ill if match_ill is set. * Repeat twice, first based on local addresses and * next time for pointopoint. /* Allow the ipif to be down */ /* If we already did the ptp case, then we are done */ * Look for an ipif with the specified address. For point-point links * we look for matches on either the destination address and the local * address, but we ignore the check on the local address if IPIF_UNNUMBERED * Matches on a specific ill if match_ill is set. * Return the zoneid for the ipif. ALL_ZONES if none found. * Repeat twice, first based on local addresses and * next time for pointopoint. /* Allow the ipif to be down */ * If ipif_zoneid was ALL_ZONES then we have * a trusted extensions shared IP address. * In that case GLOBAL_ZONEID works to send. /* If we already did the ptp case, then we are done */ * Perform various checks to verify that an address would make sense as a local * interface address. This is currently only called when an attempt is made * to set a local address. * Does not allow a v4-mapped address, an address that equals the subnet * anycast address, ... a multicast address, ... return (
B_TRUE);
/* Allow all zeros */ * Don't allow all zeroes or host part, but allow * Perform various checks to verify that an address would make sense as a return (
B_TRUE);
/* Allow all zeros */ * ip_rt_add_v6 is called to add an IPv6 route to the forwarding table. * ipif_arg is passed in to associate it with the correct interface * (for link-local destinations and gateways). * Prevent routes with a zero gateway from being created (since * interfaces can currently be plumbed and brought up with no assigned * If this is the case of RTF_HOST being set, then we set the netmask * to all ones (regardless if one was supplied). * Get the ipif, if any, corresponding to the gw_addr ip1dbg((
"ip_rt_add_v6: null and EINPROGRESS"));
* GateD will attempt to create routes with a loopback interface * address as the gateway and with RTF_GATEWAY set. We allow * these routes to be added, but create them as interface routes * since the gateway is an interface address. ip1dbg((
"ipif_up_done: 0x%p creating IRE 0x%x" "for 0x%x\n", (
void *)
ipif,
* In the result of failure, ire_add() will have already * deleted the ire in question, so there is no need to * Traditionally, interface routes are ones where RTF_GATEWAY isn't set * and the gateway address provided is one of the system's interface * addresses. By using the routing socket interface and supplying an * RTA_IFP sockaddr with an interface index, an alternate method of * specifying an interface route to be created is available which uses * the interface index that specifies the outgoing interface rather than * the address of an outgoing interface (which may not be able to * uniquely identify an interface). When coupled with the RTF_GATEWAY * flag, routes can be specified which not only specify the next-hop to * be used when routing to a certain prefix, but also which outgoing * interface should be used. * Previously, interfaces would have unique addresses assigned to them * and so the address assigned to a particular interface could be used * to identify a particular interface. One exception to this was the * case of an unnumbered interface (where IPIF_UNNUMBERED was set). * With the advent of IPv6 and its link-local addresses, this * restriction was relaxed and interfaces could share addresses between * themselves. In fact, typically all of the link-local interfaces on * an IPv6 node or router will have the same link-local address. In * order to differentiate between these interfaces, the use of an * interface index is necessary and this index can be carried inside a * RTA_IFP sockaddr (which is actually a sockaddr_dl). One restriction * of using the interface index, however, is that all of the ipif's that * are part of an ill have the same index and so the RTA_IFP sockaddr * cannot be used to differentiate between ipif's (or logical * interfaces) that belong to the same ill (physical interface). * For example, in the following case involving IPv4 interfaces and * 192.0.2.32 255.255.255.224 192.0.2.33 U if0 * 192.0.2.32 255.255.255.224 192.0.2.34 U if0:1 * 192.0.2.32 255.255.255.224 192.0.2.35 U if0:2 * the ipif's corresponding to each of these interface routes can be * uniquely identified by the "gateway" (actually interface address). * In this case involving multiple IPv6 default routes to a particular * link-local gateway, the use of RTA_IFP is necessary to specify which * default route is of interest: * default fe80::123:4567:89ab:cdef U if0 * default fe80::123:4567:89ab:cdef U if1 /* RTF_GATEWAY not set */ ip2dbg((
"ip_rt_add_v6: gateway security attributes " "cannot be set with interface route\n"));
* As the interface index specified with the RTA_IFP sockaddr is * the same for all ipif's off of an ill, the matching logic * below uses MATCH_IRE_ILL if such an index was specified. * This means that routes sharing the same prefix when added * using a RTA_IFP sockaddr must have distinct interface * indices (namely, they must be on distinct ill's). * On the other hand, since the gateway address will usually be * different for each ipif on the system, the matching logic * uses MATCH_IRE_IPIF in the case of a traditional interface * route. This means that interface routes for the same prefix * can be created if they belong to distinct ipif's and if a * RTA_IFP sockaddr is not present. * Check the ipif corresponding to the gw_addr * We check for an existing entry at this point. * Create a copy of the IRE_LOOPBACK, IRE_IF_NORESOLVER or * IRE_IF_RESOLVER with the modified address and netmask. * Some software (for example, GateD and Sun Cluster) attempts * to create (what amount to) IRE_PREFIX routes with the * loopback address as the gateway. This is primarily done to * set up prefixes with the RTF_REJECT flag set (for example, * when generating aggregate routes). We also OR in the * RTF_BLACKHOLE flag as these interface routes, by * definition, can only be that. * If the IRE type (as defined by ipif->ipif_net_type) is * IRE_LOOPBACK, then we map the request into a * Needless to say, the real IRE_LOOPBACK is NOT created by this * routine, but rather using ire_create_v6() directly. * In the result of failure, ire_add() will have already * deleted the ire in question, so there is no need to * Get an interface IRE for the specified gateway. * If we don't have an IRE_IF_NORESOLVER or IRE_IF_RESOLVER for the * gateway, it is currently unreachable and we fail the request * We create one of three types of IREs as a result of this request * based on the netmask. A netmask of all ones (which is automatically * assumed when RTF_HOST is set) results in an IRE_HOST being created. * An all zeroes netmask implies a default route so an IRE_DEFAULT is * created. Otherwise, an IRE_PREFIX route is created for the /* check for a duplicate entry */ /* Security attribute exists */ /* find or create the gateway credentials group */ /* we hold reference to it upon success */ * Create and add the security attribute to the group; a * reference to the group is made upon allocating a new * entry successfully. If it finds an already-existing * entry for the security attribute in the group, it simply * returns it and no new reference is made to the group. /* release reference held by gcgrp_lookup */ /* src address assigned by the caller? */ NULL,
/* no recv-from queue */ NULL,
/* no send-to queue */ gc,
/* security attribute */ * The ire holds a reference to the 'gc' and the 'gc' holds a * reference to the 'gcgrp'. We can now release the extra reference * the 'gcgrp' acquired in the gcgrp_lookup, if it was not used. * POLICY: should we allow an RTF_HOST with address INADDR_ANY? * SUN/OS socket stuff does but do we really want to allow ::0 ? * In the result of failure, ire_add() will have already * deleted the ire in question, so there is no need to * Invoke the CGTP (multirouting) filtering module * to add the dst address in the filtering database. * Replicated inbound packets coming from that address * will be filtered to discard the duplicates. * It is not necessary to call the CGTP filter hook * when the dst address is a multicast, because an * IP source address cannot be a multicast. * Now that the prefix IRE entry has been created, delete any * existing gateway IRE cache entries as well as any IRE caches * using the gateway, and force them to be created through * Save enough information so that we can recreate the IRE if * the interface goes down and then up. The metrics associated * with the route will be saved as well when rts_setmetrics() is * called after the IRE has been created. In the case where * memory cannot be allocated, none of this information will be * Store the ire that was successfully added into where ire_arg * points to so that callers don't have to look it up * themselves (but they are responsible for ire_refrele()ing * the ire when they are finished with it). * ip_rt_delete_v6 is called to delete an IPv6 route. * ipif_arg is passed in to associate it with the correct interface * (for link-local destinations and gateways). * If this is the case of RTF_HOST being set, then we set the netmask * to all ones. Otherwise, we use the netmask if one was supplied. * Note that RTF_GATEWAY is never set on a delete, therefore * we check if the gateway address is one of our interfaces first, * and fall back on RTF_GATEWAY routes. * This makes it possible to delete an original * As the interface index specified with the RTA_IFP sockaddr is the * same for all ipif's off of an ill, the matching logic below uses * MATCH_IRE_ILL if such an index was specified. This means a route * sharing the same prefix and interface index as the the route * intended to be deleted might be deleted instead if a RTA_IFP sockaddr * is specified in the request. * On the other hand, since the gateway address will usually be * different for each ipif on the system, the matching logic * uses MATCH_IRE_IPIF in the case of a traditional interface * route. This means that interface routes for the same prefix can be * uniquely identified if they belong to distinct ipif's and if a * RTA_IFP sockaddr is not present. * For more detail on specifying routes by gateway address and by * interface index, see the comments in ip_rt_add_v6(). * At this point, the gateway address is not one of our own * addresses or a matching interface route was not found. We * set the IRE type to lookup based on whether * this is a host route, a default route or just a prefix. * If an ipif_arg was passed in, then the lookup is based on an * interface index so MATCH_IRE_ILL is added to match_flags. * In any case, MATCH_IRE_IPIF is cleared and MATCH_IRE_GW is * set as the route being looked up is not a traditional * Invoke the CGTP (multirouting) filtering module * to remove the dst address from the filtering database. * Packets coming from that address will no longer be * filtered to remove duplicates. /* Remove from ipif_saved_ire_mp list if it is there */ * On a given ipif, the triple of address, gateway and * mask is unique for each saved IRE (in the case of * ordinary interface routes, the gateway address is * Derive a token from the link layer address. * Create a link-local address from a token. for (i = 0; i <
4; i++) {
* Set a nice default address for either automatic tunnels tsrc/96 or * 6to4 tunnels 2002:<tsrc>::1/64 * Check the tunnel type by examining q_next->q_ptr /* this is an automatic tunnel */ /* this is a 6to4 tunnel */ /* create a 6to4 address from the IPv4 tsrc */ ip1dbg((
"ipif_set_tun_auto_addr: Unknown tunnel type"));
* Set link local for ipif_id 0 of a configured tunnel based on the * For tunnels over IPv4 use the IPv4 address prepended with 32 zeros as * For tunnels over IPv6 use the low-order 64 bits of the "inner" IPv6 address * as the token for the "outer" link. /* The first ipif must be id zero. */ /* no link local for automatic tunnels */ /* Set the token if it isn't already set */ * Attempt to set the link local address if it isn't set. * Is it not possible to set the link local address? * The address can be set if the token is set, and the token * Return B_TRUE if the address can't be set, or B_FALSE if it can. * Generate a link-local address from the token. * Return zero if the address was set, or non-zero if it couldn't be set. * This function sets up the multicast mappings in NDP. * Unlike ARP, there are no mapping_mps here. We delete the * mapping nces and add a new one. * Returns non-zero on error and 0 on success. * Delete the mapping nce. Normally these should not exist * as a previous ipif_down -> ipif_ndp_down should have deleted * all the nces. But they can exist if ip_rput_dlpi_writer * calls this when PHYI_MULTI_BCAST is set. * Get media specific v6 mapping information. Note that * nd_lla_len can be 0 for tunnels. * Determine the broadcast address. * Check PHYI_MULTI_BCAST and possible length of physical * address to determine if we use the mapping or the /* Use the link-layer broadcast address for MULTI_BCAST */ * Get the resolver set up for a new ipif. (Always called as writer.) * ND not supported on XRESOLV interfaces. If ND support (multicast) * added later, take out this check. * Need to setup multicast mapping only when the first * interface is coming UP. * We set the multicast before setting up the mapping for * local address because ipif_ndp_setup_multicast does * ndp_walk to delete nces which will delete the mapping * for local address also if we added the mapping for /* Permanent entries don't need NUD */ * Addresses are failing over to this ill. * Don't wait for NUD to see this change. * Publish our new link-layer address. ND_PROBE,
/* Causes Duplicate Address Detection to run */ ip1dbg((
"ipif_ndp_up: NCE created for %s\n",
ip1dbg((
"ipif_ndp_up: running DAD now for %s\n",
ip1dbg((
"ipif_ndp_up: NCE already exists for %s\n",
ip1dbg((
"ipif_ndp_up: NCE creation failed %s\n",
/* No local NCE for this entry */ /* Remove all cache entries for this logical interface */ * Remove mapping and all other nces dependent on this ill * when the last ipif is going away. * Used when an interface comes up to recreate any extra routes on this * When the ire was initially created and then added in * ip_rt_add_v6(), it was created either using * ipif->ipif_net_type in the case of a traditional interface * route, or as one of the IRE_OFFSUBNET types (with the * exception of IRE_HOST type redirect ire which is created by * icmp_redirect_v6() and which we don't need to save or * recover). In the case where ipif->ipif_net_type was * IRE_LOOPBACK, ip_rt_add_v6() will update the ire_type to * IRE_IF_NORESOLVER before calling ire_add_v6() to satisfy * software like GateD and Sun Cluster which creates routes * using the the loopback interface's address as a gateway. * As ifrt->ifrt_type reflects the already updated ire_type, * ire_create_v6() will be called in the same way here as in * ip_rt_add_v6(), namely using ipif->ipif_net_type when the * route looks like a traditional interface route (where * ifrt->ifrt_type & IRE_INTERFACE is true) and otherwise * using the saved ifrt->ifrt_type. This means that in * the case where ipif->ipif_net_type is IRE_LOOPBACK, * the ire created by ire_create_v6() will be an IRE_LOOPBACK, * it will then be turned into an IRE_IF_NORESOLVER and then * Create a copy of the IRE with the saved address and netmask. ip1dbg((
"ipif_recover_ire_v6: creating IRE %s (%d) for %s/%d\n",
* Some software (for example, GateD and Sun Cluster) attempts * to create (what amount to) IRE_PREFIX routes with the * loopback address as the gateway. This is primarily done to * set up prefixes with the RTF_REJECT flag set (for example, * when generating aggregate routes.) * If the IRE type (as defined by ipif->ipif_net_type) is * IRE_LOOPBACK, then we map the request into a * ire held by ire_add, will be refreled' in ipif_up_done ip1dbg((
"ipif_recover_ire_v6: added ire %p\n", (
void *)
ire));
* Return the scope of the given IPv6 address. If the address is an * IPv4 mapped IPv6 address, return the scope of the corresponding /* link-local and loopback addresses are of link-local scope */ * Returns the length of the common prefix of a1 and a2, as per * CommonPrefixLen() defined in RFC 3484. for (i = 0; i <
4; i++) {
/* source address candidate */ /* The properties of this candidate */ /* information about the destination for source address selection */ * The following functions are rules used to select a source address in * ipif_select_source_v6(). Each rule compares a current candidate (cc) * against the best candidate (bc). Each rule has three possible outcomes; * the candidate is preferred over the best candidate (CAND_PREFER), the * candidate is not preferred over the best candidate (CAND_AVOID), or the * candidate is of equal value as the best candidate (CAND_TIE). * These rules are part of a greater "Default Address Selection for IPv6" * sheme, which is standards based work coming out of the IETF ipv6 working * group. The IETF document defines both IPv6 source address selection and * destination address ordering. The rules defined here implement the IPv6 * source address selection. Destination address ordering is done by * libnsl, and uses a similar set of rules to implement the sorting. * Most of the rules are defined by the RFC and are not typically altered. The * last rule, number 8, has language that allows for local preferences. In the * scheme below, this means that new Solaris rules should normally go between * rule_ifprefix and rule_prefix. /* Prefer an address if it is equal to the destination address. */ * Prefer addresses that are of closest scope to the destination. Always * prefer addresses that are of greater scope than the destination over * those that are of lesser scope than the destination. * Prefer non-deprecated source addresses. * Prefer source addresses that have the IPIF_PREFERRED flag set. This * rule must be before rule_interface because the flag could be set on any * interface, not just the interface being used for outgoing packets (for * example, the IFF_PREFERRED could be set on an address assigned to the * Prefer source addresses that are assigned to the outgoing interface, or * to an interface that is in the same IPMP group as the outgoing * If dstinfo->dst_restrict_ill is set, this rule is unnecessary * since we know all candidates will be on the same link. * Prefer source addresses whose label matches the destination's label. * Prefer public addresses over temporary ones. An application can reverse * the logic of this rule and prefer temporary addresses by using the * IPV6_SRC_PREFERENCES socket option. * Prefer source addresses with longer matching prefix with the destination * under the interface mask. This gets us on the same subnet before applying * any Solaris-specific rules. * Prefer to use zone-specific addresses when possible instead of all-zones * Prefer to use DHCPv6 (first) and static addresses (second) when possible * instead of statelessly autoconfigured addresses. * This is done after trying all other preferences (and before the final tie * breaker) so that, if all else is equal, we select addresses configured by * DHCPv6 over other addresses. We presume that DHCPv6 addresses, unlike * stateless autoconfigured addresses, are deliberately configured by an * administrator, and thus are correctly set up in DNS and network packet * Prefer source addresses with longer matching prefix with the destination. * We do the longest matching prefix calculation by doing an xor of both * addresses with the destination, and pick the address with the longest string * of leading zeros, as per CommonPrefixLen() defined in RFC 3484. * Last rule: we must pick something, so just prefer the current best * Determine the best source address given a destination address and a * destination ill. If no suitable source address is found, it returns * NULL. If there is a usable address pointed to by the usesrc * (i.e ill_usesrc_ifindex != 0) then return that first since it is more * fine grained (i.e per interface) * This implementation is based on the "Default Address Selection for IPv6" * specification produced by the IETF IPv6 working group. It has been * implemented so that the list of addresses is only traversed once (the * specification's algorithm could traverse the list of addresses once for * The restrict_ill argument restricts the algorithm to chose a source * address that is assigned to the destination ill or an ill in the same * IPMP group as the destination ill. This is used when the destination * address is a link-local or multicast address, and when * ipv6_strict_dst_multihoming is turned on. * src_prefs is the caller's set of source address preferences. If source * address selection is being called to determine the source address of a * connected socket (from ip_bind_connected_v6()), then the preferences are * taken from conn_src_preferences. These preferences can be set on a * per-socket basis using the IPV6_SRC_PREFERENCES socket option. The only * preference currently implemented is for rfc3041 temporary addresses. * The list of ordering rules. They are applied in the order they * Solaris doesn't currently support Mobile IPv6, so there's no * rule_mipv6 corresponding to rule 4 in the specification. * Check if there is a usable src address pointed to by the * usesrc ifindex. This has higher precedence since it is * finer grained (i.e per interface) v/s being system wide. * If we're dealing with an unlabeled destination on a labeled system, * make sure that we ignore source addresses that are incompatible with * the destination's default label. That destination's default label * must dominate the minimum label on the source address. * (Note that this has to do with Trusted Solaris. It's not related to * the labels described by ip6_asp_lookup.) * Section three of the I-D states that for multicast and * link-local destinations, the candidate set must be restricted to * an interface that is on the same link as the outgoing interface. * Also, when ipv6_strict_dst_multihoming is turned on, always * restrict the source address to the destination link as doing * otherwise will almost certainly cause problems. * Take a pass through the list of IPv6 interfaces to chose the * best possible source address. If restrict_ill is true, we only * iterate through the ill's that are in the same IPMP group as the * destination's outgoing ill. If restrict_ill is false, we walk * the entire list of IPv6 ill's. * Global and site local addresses will failover and * will be available on the new ill. * But link local addresses don't move. * Check compatibility of local address for * destination's default label if we're on a labeled * system. Incompatible addresses can't be used at * all and must be skipped over. * This is first valid address in the list. * It is automatically the best candidate * Compare this current candidate (curr_c) with the * best candidate (best_c) by applying the * comparison rules in order until one breaks the /* Apply a comparison rule. */ * The best candidate is still the * best candidate. Forget about * this current candidate and go on * This candidate is prefered. It * becomes the best candidate so * far. Go on to the next address. /* We have a tie, apply the next rule. */ * The last rule must be a tie breaker rule and * must never produce a tie. At this point, the * candidate should have either been rejected, or * have been prefered as the best candidate so far. * We may be walking the linked-list of ill's in an * IPMP group or traversing the IPv6 ill avl tree. If it is a * usesrc ILL then it can't be part of IPMP group and we * will exit the while loop. ip1dbg((
"ipif_select_source_v6(%s, %s) -> %s\n",
ip1dbg((
"ipif_select_source_v6 cannot lookup ipif %p" " returning null \n", (
void *)
ipif));
* If old_ipif is not NULL, see if ipif was derived from old * ipif and if so, recreate the interface route by re-doing * source address selection. This happens when ipif_down -> * ipif_update_other_ipifs calls us. * If old_ipif is NULL, just redo the source address selection * if needed. This happens when illgrp_insert or ipif_up_done_v6 * Can't possibly have borrowed the source * Is there any work to be done? No work if the address * is INADDR_ANY, loopback or NOLOCAL or ANYCAST ( * ipif_select_source_v6() does not borrow addresses from * NOLOCAL and ANYCAST interfaces). * Perform the same checks as when creating the * IRE_INTERFACE in ipif_up_done_v6. * We know that ipif uses some other source for its * IRE_INTERFACE. Is it using the source of this pr_addr_dbg(
"ipif_recreate_interface_routes_v6: deleting IRE" * Can't use our source address. Select a different source address * for the IRE_INTERFACE. We restrict interface route source * address selection to ipif's assigned to the same link as the /* Last resort - all ipif's have IPIF_NOLOCAL */ NULL,
/* no recv from queue */ * We don't need ipif_ire anymore. We need to delete * before we add so that ire_add does not detect * Either we are falling through from above or could not * allocate a replacement. * This old_ipif is going away. * Determine if any other ipif's are using our address as * ipif_v6lcl_addr (due to those being IPIF_NOLOCAL, IPIF_ANYCAST, or * Find the IRE_INTERFACE for such ipif's and recreate them * to use an different source address following the rules in * This function takes an illgrp as an argument so that illgrp_delete * can call this to update source address even after deleting the * old_ipif->ipif_ill from the ill group. ip1dbg((
"ipif_update_other_ipifs_v6(%s, %s)\n",
* If this part of a group, look at all ills as ipif_select_source * borrows a source address across all the ills in the group. /* Don't need a lock since this is a writer */ * Perform an attach and bind to get phys addr plus info_req for * q and mp represents an ioctl which will be queued waiting for * completion of the DLPI message exchange. * MUST be called on an ill queue. Can not set conn_pending_ill for that * reason thus the DL_PHYS_ADDR_ACK code does not assume ill_pending_q. * Returns EINPROGRESS when mp has been consumed by queueing it on * ill_pending_mp and the ioctl will complete in ip_rput. * Allocate a DL_NOTIFY_REQ and set the notifications we want. /* If we need to attach, pre-alloc and initialize the mblk */ * Here we are going to delay the ioctl ack until after * ACKs from DL_PHYS_ADDR_REQ. So need to save the * original ioctl message before sending the requests /* ipsq_pending_mp_add won't fail since we pass in a NULL connp */ * Set ill_phys_addr_pend to zero. It will be set to the addr_type of * the DL_PHYS_ADDR_REQ in ill_dlpi_send() and ill_dlpi_done(). It will * be used to track which DL_PHYS_ADDR_REQ is being ACK'd/NAK'd. ip1dbg((
"ill_dl_phys: attach\n"));
* This operation will complete in ip_rput_dlpi_writer with either * a DL_PHYS_ADDR_ACK or DL_ERROR_ACK. * Create all the IREs associated with an interface bring up multicast. * Set the interface flag and finish other initialization * that potentially had to be differed to after DL_BIND_ACK. ip1dbg((
"ipif_up_done_v6(%s:%u)\n",
/* Check if this is a loopback interface */ * If all other interfaces for this ill are down or DEPRECATED, * or otherwise unsuitable for source address selection, remove * any IRE_CACHE entries for this ill to make sure source * address selection gets to take this new ipif into account. * No need to hold ill_lock while traversing the ipif list since /* first useable pre-existing interface */ * Figure out which way the send-to queue should go. Only * IRE_IF_RESOLVER or IRE_IF_NORESOLVER should show up here. * lo0:1 and subsequent ipifs were marked IRE_LOCAL in * ipif_lookup_on_name(), but in the case of zones we can have * several loopback addresses on lo0. So all the interfaces with * loopback addresses need to be marked IRE_LOOPBACK. * Can't use our source address. Select a different * source address for the IRE_INTERFACE and IRE_LOCAL * If we're on a labeled system then make sure that zone- * private addresses have proper remote host database entries. /* Register the source address for __sin6_src_id */ ip0dbg((
"ipif_up_done_v6: srcid_insert %d\n",
err));
* If the interface address is set, create the LOCAL ip1dbg((
"ipif_up_done_v6: creating IRE %d for %s\n",
NULL,
/* no send-to queue */ * Set up the IRE_IF_RESOLVER or IRE_IF_NORESOLVER, as appropriate. * Note that atun interfaces have an all-zero ipif_v6subnet. * Thus we allow a zero subnet as long as the mask is non-zero. /* ipif_v6subnet is ipif_v6pp_dst_addr for pt-pt */ ip1dbg((
"ipif_up_done_v6: creating if IRE %d for %s\n",
NULL,
/* no recv from queue */ * Setup 2002::/16 route, if this interface is a 6to4 tunnel * Destination address is 2002::/16 * check to see if this route has already been added for ip1dbg((
"ipif_up_done_v6: creating if IRE %d for %s",
/* If an earlier ire_create failed, get out now */ ip1dbg((
"ipif_up_done_v6: NULL ire found in" * Need to atomically check for ip_addr_availablity_check * now under ill_g_lock, and if it fails got bad, and remove * Our address may already be up on the same ill. In this case, * the external resolver entry for our ipif replaced the one for * the other ipif. So we don't want to delete it (otherwise the * other ipif would be unable to send packets). * ip_addr_availability_check() identifies this case for us and * returns EADDRINUSE; we need to turn it into EADDRNOTAVAIL * which is the expected error code. * Add in all newly created IREs. We want to add before * we call ifgrp_insert which wants to know whether * IRE_IF_RESOLVER exists or not. * NOTE : We refrele the ire though we may branch to "bad" * later on where we do ire_delete. This is okay * because nobody can delete it as we are running /* Shouldn't be adding any bcast ire's */ * refheld by ire_add. refele towards the end of the func * Form groups if possible. * If we are supposed to be in a ill_group with a name, insert it * now as we know that at least one ipif is UP. Otherwise form * If ip_enable_group_ifs is set and ipif address is not ::0, insert * this ipif into the appropriate interface group, or create a * new one. If this is already in a nameless group, we try to form * a bigger group looking at other ills potentially sharing this ip1dbg((
"ipif_up_done_v6: illgrp allocation " "failed, error %d\n",
err));
/* Recover any additional IRE_IF_[NO]RESOLVER entries for this ipif */ * Need to recover all multicast memberships in the driver. * This had to be deferred until we had attached. /* Join the allhosts multicast address and the solicited node MC */ * See whether anybody else would benefit from the * new ipif that we added. We call this always rather * ipif for the benefit of illgrp_insert (done above) * which does not do source address selection as it does * not want to re-create interface routes that we are * having reference to it here. /* was held in ire_add */ /* was held in ire_add */ * We don't have to bother removing from ill groups because * 1) For groups with names, we insert only when the first ipif * comes up. In that case if it fails, it will not be in any * group. So, we need not try to remove for that case. * 2) For groups without names, either we tried to insert ipif_ill * in a group as singleton or found some other group to become * a bigger group. For the former, if it fails we don't have * anything to do as ipif_ill is not in the group and for the * (ENOMEM can't occur for this. Check ifgrp_insert). * Delete an ND entry and the corresponding IRE_CACHE entry if it exists. /* Only allow for logical unit zero i.e. not on "le0:17" */ /* Only allow for logical unit zero i.e. not on "le0:17" */ * Perform an update of the nd entry for the specified address. /* Only allow for logical unit zero i.e. not on "le0:17" */