ip_ndp.c revision 98e93c293033f1b35b7d58ec09c56fbf35f99a12
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
#include <sys/sysmacros.h>
#include <sys/ethernet.h>
#include <net/if_types.h>
#include <inet/ipclassifier.h>
#include <inet/ipsec_impl.h>
#include <inet/ipsec_info.h>
/*
* Function names with nce_ prefix are static while function
* names with ndp_ prefix are used by rest of the IP.
*
* Lock ordering:
*
* ndp_g_lock -> ill_lock -> nce_lock
*
* The ndp_g_lock protects the NCE hash (nce_hash_tbl, NCE_HASH_PTR) and
* nce_next. Nce_lock protects the contents of the NCE (particularly
* nce_refcnt).
*/
extern void th_trace_rrecord(th_trace_t *);
/*
* We track the time of creation of the nce in the nce_init_time field
* of IPv4 nce_t entries. If an nce is stuck in the ND_INITIAL state for
* more than NCE_STUCK_TIMEOUT milliseconds, trigger the nce-stuck dtrace
* probe to assist in debugging. This probe will be fired from
* nce_thread_exit() for debug kernels, and from nce_report1() when
* non-debug kernels.
*/
#define NCE_STUCK_TIMEOUT 120000
#ifdef NCE_DEBUG
void nce_trace_inactive(nce_t *);
#endif
NCE_TABLE_SIZE)]))
/*
* Compute default flags to use for an advertisement of this nce's address.
*/
static int
{
int flag = 0;
flag |= NDP_ISROUTER;
return (flag);
}
/* Non-tunable probe interval, based on link capabilities */
/*
* NDP Cache Entry creation routine.
* Mapped entries will never do NUD .
* This routine must always be called with ndp6->ndp_g_lock held.
* Prior to return, nce_refcnt is incremented.
*/
int
{
int err;
if (IN6_IS_ADDR_UNSPECIFIED(addr)) {
ip0dbg(("ndp_add_v6: no addr\n"));
return (EINVAL);
}
if ((flags & ~NCE_EXTERNAL_FLAGS_MASK)) {
return (EINVAL);
}
if (IN6_IS_ADDR_UNSPECIFIED(extract_mask) &&
(flags & NCE_F_MAPPING)) {
ip0dbg(("ndp_add_v6: extract mask zero for mapping"));
return (EINVAL);
}
/*
* Allocate the mblk to hold the nce.
*
* XXX This can come out of a separate cache - nce_cache.
* We don't need the mp anymore as there are no more
* "qwriter"s
*/
return (ENOMEM);
/*
* This one holds link layer address
*/
} else {
return (EINVAL);
}
}
return (ENOMEM);
}
if (state == ND_REACHABLE)
else
/* This one is for nce getting created */
} else {
}
#ifdef NCE_DEBUG
#endif
/*
* Atomically ensure that the ill is not CONDEMNED, before
* adding the NCE.
*/
return (EINVAL);
}
/* This one is for nce being used by an active thread */
/* Bump up the number of nce's referencing this ill */
ill->ill_nce_cnt++;
err = 0;
if (dropped) {
}
err = EINPROGRESS;
} else if (flags & NCE_F_UNSOL_ADV) {
/*
* We account for the transmit below by assigning one
* less than the ndd variable. Subsequent decrements
* are done in ndp_timer.
*/
ill, /* ill to be used for extracting ill_nd_lla */
B_TRUE, /* use ill_nd_lla */
addr, /* Source and target of the advertisement pkt */
&ipv6_all_hosts_mcast, /* Destination of the packet */
if (dropped)
if (nce->nce_unsolicit_count != 0) {
}
}
/*
* If the hw_addr is NULL, typically for ND_INCOMPLETE nces, then
* we call nce_fastpath as soon as the nce is resolved in ndp_process.
* We call nce_fastpath from nce_update if the link layer address of
* the peer changes from nce_update
*/
return (err);
}
int
{
int err = 0;
/* Get head of v6 hash table */
addr,
mask,
newnce);
} else {
}
return (err);
}
/*
* Remove all the CONDEMNED nces from the appropriate hash table.
* We create a private list of NCEs, these may have ires pointing
* to them, so the list will be passed through to clean up dependent
* ires and only then we can do NCE_REFRELE which can make NCE inactive.
*/
static void
{
*free_nce_list = nce;
}
}
}
/*
* 1. Mark the nce CONDEMNED. This ensures that no new nce_lookup()
* will return this NCE. Also no new IREs will be created that
* point to this NCE (See ire_add_v6). Also no new timeouts will
* be started (See NDP_RESTART_TIMER).
* 2. Cancel any currently running timeouts.
* 3. If there is an ndp walker, return. The walker will do the cleanup.
* This ensures that walkers see a consistent list of NCEs while walking.
* 4. Otherwise remove the NCE from the list of NCEs
* 5. Delete all IREs pointing to this NCE.
*/
void
{
if (ipversion == IPV4_VERSION)
else
/* Serialize deletes */
/* Some other thread is doing the delete */
return;
}
/*
* Caller has a refhold. Also 1 ref for being in the list. Thus
* refcnt has to be >= 2
*/
/*
* Cancel any running timer. Timeout can't be restarted
* since CONDEMNED is set. Can't hold nce_lock across untimeout.
* Passing invalid timeout id is fine.
*/
if (nce->nce_timeout_id != 0) {
nce->nce_timeout_id = 0;
}
/*
* The last ndp walker has already removed this nce from
* the list after we marked the nce CONDEMNED and before
* we grabbed the global lock.
*/
return;
}
if (ndp->ndp_g_walker > 0) {
/*
* Can't unlink. The walker will clean up
*/
return;
}
/*
* Now remove the nce from the list. NDP_RESTART_TIMER won't restart
* the timer since it is marked CONDEMNED.
*/
}
void
{
/* Free all nce allocated messages */
do {
}
#ifdef NCE_DEBUG
#endif
ill->ill_nce_cnt--;
/*
* If the number of nce's associated with this ill have dropped
* to zero, check whether we need to restart any operation that
* is waiting for this to happen.
*/
if (ill->ill_nce_cnt == 0) {
/* ipif_ill_refrele_tail drops the ill_lock */
} else {
}
}
/*
* ndp_walk routine. Delete the nce if it is associated with the ill
* that is going away. Always called as a writer.
*/
void
{
}
}
/*
* Walk a list of to be inactive NCEs and blow away all the ires.
*/
static void
{
/*
* It is possible for the last ndp walker (this thread)
* to come here after ndp_delete has marked the nce CONDEMNED
* and before it has removed the nce from the fastpath list
* or called untimeout. So we need to do it here. It is safe
* for both ndp_delete and this thread to do it twice or
* even simultaneously since each of the threads has a
* reference on the nce.
*/
/*
* Cancel any running timer. Timeout can't be restarted
* since CONDEMNED is set. Can't hold nce_lock across untimeout.
* Passing invalid timeout id is fine.
*/
if (nce->nce_timeout_id != 0) {
nce->nce_timeout_id = 0;
}
/*
* We might hit this func thus in the v4 case:
* ipif_down->ipif_ndp_down->ndp_walk
*/
} else {
}
}
}
/*
* Delete an ire when the nce goes away.
*/
/* ARGSUSED */
static void
{
} else {
}
}
/*
* ire_walk routine used to delete every IRE that shares this nce
*/
static void
{
}
}
/*
* Restart DAD on given NCE. Returns B_TRUE if DAD has been restarted.
*/
{
return (B_FALSE);
if (dropped) {
}
} else {
}
return (started);
}
/*
* IPv6 Cache entry lookup. Try to find an nce matching the parameters passed.
* If one is found, the refcnt on the nce will be incremented.
*/
nce_t *
{
if (!caller_holds_lock) {
}
/* Get head of v6 hash table */
if (!caller_holds_lock)
return (nce);
}
/*
* IPv4 Cache entry lookup. Try to find an nce matching the parameters passed.
* If one is found, the refcnt on the nce will be incremented.
* Since multicast mappings are handled in arp, there are no nce_mcast_entries
* so we skip the nce_lookup_mapping call.
* XXX TODO: if the nce is found to be ND_STALE, ndp_delete it and return NULL
*/
nce_t *
{
if (!caller_holds_lock) {
}
/* Get head of v4 hash table */
if (!caller_holds_lock)
return (nce);
}
/*
* Cache entry lookup. Try to find an nce matching the parameters passed.
* Look only for exact entries (no mappings). If an nce is found, increment
* the hold count on that nce. The caller passes in the start of the
* appropriate hash table, and must be holding the appropriate global
* lock (ndp_g_lock).
*/
static nce_t *
{
else
if (IN6_IS_ADDR_UNSPECIFIED(addr))
return (NULL);
&ipv6_all_ones)) {
break;
}
}
}
}
return (nce);
}
/*
* Cache entry lookup. Try to find an nce matching the parameters passed.
* Look only for mappings.
*/
static nce_t *
{
if (!IN6_IS_ADDR_MULTICAST(addr))
return (NULL);
break;
}
}
return (nce);
}
/*
* Process passed in parameters either from an incoming packet or via
* user ioctl.
*/
void
{
/*
* No updates of link layer address or the neighbor state is
* allowed, when the cache is in NONUD state. This still
* allows for responding to reachability solicitation.
*/
return;
}
/*
* Update nce state and send the queued packets
* back to ip this time ire will be added.
*/
if (flag & ND_NA_FLAG_SOLICITED) {
} else {
}
else
if (inbound_ill == NULL) {
return;
} else {
}
/*
* Send a forwarded packet back into ip_rput_v6
* just as in ire_send_v6().
* Extract the queue from b_prev (set in
* ip_rput_data_v6).
*/
/*
* Forwarded packets hop count will
* get decremented in ip_rput_data_v6
*/
} else {
/*
* Send locally originated packets back
* into * ip_wput_v6.
*/
}
} else {
}
}
return;
}
if (!is_adv) {
/* If this is a SOLICITATION request only */
if (ll_changed)
return;
}
/* If in any other state than REACHABLE, ignore */
}
return;
} else {
if (ll_changed) {
ll_updated = B_TRUE;
}
if (flag & ND_NA_FLAG_SOLICITED) {
} else {
if (ll_updated) {
}
}
NCE_F_ISROUTER)) {
/*
* Router turned to host. We need to remove the
* entry as well as any default route that may be
* using this as a next hop. This is required by
* section 7.2.5 of RFC 2461.
*/
}
}
}
}
/*
* Pass arg1 to the pfi supplied, along with each nce in existence.
* ndp_walk() places a REFHOLD on the nce and drops the lock when
* walking the hash list.
*/
void
{
/* Prevent ndp_delete from unlink and free of NCE */
ndp->ndp_g_walker++;
if (trace) {
} else {
}
}
}
}
if (trace) {
} else {
}
}
}
ndp->ndp_g_walker--;
/*
* While NCE's are removed from global list they are placed
* in a private list, to be passed to nce_ire_delete_list().
* The reason is, there may be ires pointing to this nce
* which needs to cleaned up.
*/
/* Time to delete condemned entries */
}
}
}
}
if (free_nce_list != NULL) {
}
}
/*
* Walk everything.
* Note that ill can be NULL hence can't derive the ipst from it.
*/
void
{
}
/*
* Process resolve requests. Handles both mapped entries
* as well as cases that needs to be send out on the wire.
* Lookup a NCE for a given IRE. Regardless of whether one exists
* or one is created, we defer making ire point to nce until the
* ire is actually added at which point the nce_refcnt on the nce is
* incremented. This is done primarily to have symmetry between ire_add()
* and ire_delete() which decrements the nce_refcnt, when an ire is deleted.
*/
int
{
int err = 0;
if (IN6_IS_ADDR_MULTICAST(dst)) {
return (err);
}
NULL, /* No hardware address */
dst,
0,
&nce);
switch (err) {
case 0:
/*
* New cache entry was created. Make sure that the state
* is not ND_INCOMPLETE. It can be in some other state
* even before we send out the solicitation as we could
* get un-solicited advertisements.
*
* If this is an XRESOLV interface, simply return 0,
* since we don't want to solicit just yet.
*/
return (0);
}
return (0);
}
/* The caller will free mp */
return (ENOMEM);
}
if (ms == 0) {
/* The caller will free mp */
return (EBUSY);
}
return (EINPROGRESS);
case EEXIST:
/* Resolution in progress just queue the packet */
} else {
err = EINPROGRESS;
}
} else {
/*
* Any other state implies we have
* a nce but IRE needs to be added ...
* ire_add_v6() will take care of the
* the case when the nce becomes CONDEMNED
* before the ire is added to the table.
*/
err = 0;
}
break;
default:
break;
}
return (err);
}
/*
* When there is no resolver, the link layer template is passed in
* the IRE.
* Lookup a NCE for a given IRE. Regardless of whether one exists
* or one is created, we defer making ire point to nce until the
* ire is actually added at which point the nce_refcnt on the nce is
* incremented. This is done primarily to have symmetry between ire_add()
* and ire_delete() which decrements the nce_refcnt, when an ire is deleted.
*/
int
{
int err = 0;
if (IN6_IS_ADDR_MULTICAST(dst)) {
return (err);
}
NULL, /* hardware address */
dst,
0,
&nce);
switch (err) {
case 0:
/*
* Cache entry with a proper resolver cookie was
* created.
*/
break;
case EEXIST:
err = 0;
break;
default:
break;
}
return (err);
}
/*
* For each interface an entry is added for the unspecified multicast group.
* Here that mapping is used to form the multicast cache entry for a particular
* multicast destination.
*/
static int
{
int err = 0;
return (0);
}
/* No entry, now lookup for a mapping this should never fail */
/* Something broken for the interface. */
return (ESRCH);
}
/*
* For IRE_IF_RESOLVER a hardware mapping can be
* generated, for IRE_IF_NORESOLVER, resolution cookie
* in the ill is copied in ndp_add_v6().
*/
return (ENOMEM);
}
}
/*
* IRE_IF_NORESOLVER type simply copies the resolution
* cookie passed in. So no hw_addr is needed.
*/
dst,
0,
&nce);
if (err != 0) {
return (err);
}
return (0);
}
/*
* Return the link layer address, and any flags of a nce.
*/
int
{
return (ESRCH);
/* If in INCOMPLETE state, no link layer address is available yet */
goto done;
else
sizeof (lnr->lnr_hdw_addr));
done:
return (0);
}
/*
*/
int
{
return (EINVAL);
}
return (ESRCH);
}
/*
* Update dl_addr_length and dl_addr_offset for primitives that
* have physical addresses as opposed to full saps
*/
case DL_ENABMULTI_REQ:
/* Track the state if this is the first enabmulti */
ip1dbg(("ndp_mcastreq: ENABMULTI\n"));
break;
case DL_DISABMULTI_REQ:
ip1dbg(("ndp_mcastreq: DISABMULTI\n"));
break;
default:
ip1dbg(("ndp_mcastreq: default\n"));
return (EINVAL);
}
return (0);
}
/*
* Send a neighbor solicitation.
* Returns number of milliseconds after which we should either rexmit or abort.
* Return of zero means we should abort.
* The caller holds the nce_lock to protect nce_qd_mp and nce_rcnt.
*
* NOTE: This routine drops nce_lock (and later reacquires it) when sending
* the packet.
* NOTE: This routine does not consume mp.
*/
{
return (0);
}
} else {
}
/* Handle ip_newroute_v6 giving us IPSEC packets */
/*
* This message should have been pulled up already in
* ip_wput_v6. We can't do pullups here because the message
* non-NULL.
*/
sizeof (ip6i_t) + IPV6_HDR_LEN);
}
/*
* If the src of outgoing packet is one of the assigned interface
* addresses use it, otherwise we will pick the source address below.
*/
if (!IN6_IS_ADDR_UNSPECIFIED(&src)) {
if (IN6_ARE_ADDR_EQUAL(&src,
&ipif->ipif_v6lcl_addr)) {
break;
}
}
break;
}
/*
* If no relevant ipif can be found, then it's not one of our
* addresses. Reset to :: and let nce_xmit. If an ipif can be
* found, but it's not yet done with DAD verification, then
* just postpone this transmission until later.
*/
else if (!ipif->ipif_addr_ready)
return (ill->ill_reachable_retrans_time);
}
/*
* If source address is unspecified, nce_xmit will choose
* one for us and initialize the hardware address also
* appropriately.
*/
if (IN6_IS_ADDR_UNSPECIFIED(&src))
&dst, 0);
if (dropped)
return (ill->ill_reachable_retrans_time);
}
/*
* Attempt to recover an address on an interface that's been marked as a
* duplicate. Because NCEs are destroyed when the interface goes down, there's
* no easy way to just probe the address and have the right thing happen if
* it's no longer in use. Instead, we just bring it up normally and allow the
* regular interface start-up logic to probe for a remaining duplicate and take
* us back down if necessary.
* Neither DHCP nor temporary addresses arrive here; they're excluded by
* ip_ndp_excl.
*/
/* ARGSUSED */
static void
{
/*
* We do not support recovery of proxy ARP'd interfaces,
* because the system lacks a complete proxy ARP mechanism.
*/
continue;
}
/*
* If we have already recovered or if the interface is going
* away, then ignore.
*/
continue;
}
(void) ipif_up_done_v6(ipif);
}
}
/*
* Attempt to recover an IPv6 interface that's been shut down as a duplicate.
* As long as someone else holds the address, the interface will stay down.
* When that conflict goes away, the interface is brought back up. This is
* done so that accidental shutdowns of addresses aren't made permanent. Your
* server will recover from a failure.
*
* For DHCP and temporary addresses, recovery is not done in the kernel.
* Instead, it's handled by user space processes (dhcpagent and in.ndpd).
*
* This function is entered on a timer expiry; the ID is in ipif_recovery_id.
*/
static void
ipif6_dup_recovery(void *arg)
{
ipif->ipif_recovery_id = 0;
return;
/*
* No lock, because this is just an optimization.
*/
return;
/* If the link is down, we'll retry this later */
return;
}
/*
* Perform interface recovery by forcing the duplicate interfaces up and
* allowing the system to determine which ones should stay up.
*
* Called both by recovery timer expiry and link-up notification.
*/
void
{
if (ipif->ipif_recovery_id == 0 &&
IPIF_CONDEMNED))) {
}
} else {
sizeof (ipif->ipif_v6lcl_addr));
B_FALSE);
}
}
/*
* Find the solicitation in the given message, and extract printable details
* (MAC and IP addresses) from it.
*/
static nd_neighbor_solicit_t *
{
int alen;
alen = 0;
int nslen;
/*
* If it's from the fast-path, then it can't be a probe
* message, and thus must include the source linkaddr option.
* Extract that here.
*/
ill->ill_nd_lla_len) {
}
}
/*
* We cheat a bit here for the sake of printing usable log
* messages in the rare case where the reply we got was unicast
* without a source linkaddr option, and the interface is in
* fastpath mode. (Sigh.)
*/
struct ether_header *pether;
sizeof (*pether));
alen = ETHERADDRL;
}
} else {
if (ill->ill_sap_length < 0) {
} else {
}
}
}
if (alen > 0) {
} else {
}
return (ns);
}
/*
* This is for exclusive changes due to NDP duplicate address detection
* failure.
*/
/* ARGSUSED */
static void
{
char hbuf[MAC_STR_LEN];
char sbuf[INET6_ADDRSTRLEN];
}
/*
* Ignore conflicts generated by misbehaving switches that just
* reflect our own messages back to us.
*/
goto ignore_conflict;
}
&ns->nd_ns_target)) {
continue;
}
/* If it's already marked, then don't do anything. */
continue;
/*
* If this is a failure during duplicate recovery, then don't
* complain. It may take a long time to recover.
*/
if (!ipif->ipif_was_dup) {
}
IPIF_CONDEMNED)) &&
ipst->ips_ip_dup_recovery > 0) {
}
}
}
/*
* Handle failure by tearing down the ipifs with the specified address. Note
* that tearing down the ipif also means deleting the nce through ipif_down, so
* it's not possible to do recovery by just restarting the nce timer. Instead,
* we start a timer on the ipif.
*/
static void
{
} else {
B_FALSE);
}
}
}
/*
* Handle a discovered conflict: some other system is advertising that it owns
* one of our IP addresses. We need to defend ourselves, or just shut down the
* interface.
*/
static void
{
return;
/*
* First, figure out if this address is disposable.
*/
else
/*
* Now figure out how many times we've defended ourselves. Ignore
* defenses that happened long in the past.
*/
now = gethrestime_sec();
}
nce->nce_defense_count++;
/*
* If we've defended ourselves too many times already, then give up and
* tear down the interface(s) using this address. Otherwise, defend by
* sending out an unsolicited Neighbor Advertisement.
*/
if (defs >= maxdefense) {
} else {
char hbuf[MAC_STR_LEN];
char sbuf[INET6_ADDRSTRLEN];
}
}
static void
{
int len;
int flag = 0;
if (IN6_IS_ADDR_MULTICAST(&target)) {
if (ip_debug > 2) {
/* ip1dbg */
pr_addr_dbg("ndp_input_solicit: Target is"
}
goto done;
}
if (len > sizeof (nd_neighbor_solicit_t)) {
/* Options present */
len -= sizeof (nd_neighbor_solicit_t);
ip1dbg(("ndp_input_solicit: Bad opt len\n"));
goto done;
}
}
if (IN6_IS_ADDR_UNSPECIFIED(&src)) {
/* Check to see if this is a valid DAD solicitation */
if (ip_debug > 2) {
/* ip1dbg */
pr_addr_dbg("ndp_input_solicit: IPv6 "
"Destination is not solicited node "
"multicast %s\n", AF_INET6,
}
goto done;
}
}
/*
* If this is a valid Solicitation, a permanent
* entry should exist in the cache
*/
ip1dbg(("ndp_input_solicit: Wrong target in NS?!"
if (ip_debug > 2) {
/* ip1dbg */
}
goto done;
}
/* At this point we should have a verified NS per spec */
hlen == 0) {
ip1dbg(("ndp_input_advert: bad SLLA\n"));
goto done;
}
}
}
/* If sending directly to peer, set the unicast flag */
flag |= NDP_UNICAST;
/*
* or respond to outstanding queries, don't if
* the source is unspecified address.
*/
if (!IN6_IS_ADDR_UNSPECIFIED(&src)) {
int err;
/*
* Regular solicitations *must* include the Source Link-Layer
* Address option. Ignore messages that do not.
*/
ip1dbg(("ndp_input_solicit: source link-layer address "
"option missing with a specified source.\n"));
goto done;
}
/*
* This is a regular solicitation. If we're still in the
* process of verifying the address, then don't respond at all
* and don't keep track of the sender.
*/
goto done;
/*
* If the solicitation doesn't have sender hardware address
* (legal for unicast solicitation), then process without
* installing the return NCE. Either we already know it, or
* we'll be forced to look it up when (and if) we reply to the
* packet.
*/
goto no_source;
&src, /* Soliciting nodes address */
0,
0,
&nnce);
switch (err) {
case 0:
/* done with this entry */
break;
case EEXIST:
/*
* B_FALSE indicates this is not an
* an advertisement.
*/
break;
default:
ip1dbg(("ndp_input_solicit: Can't create NCE %d\n",
err));
goto done;
}
flag |= NDP_SOLICITED;
} else {
/*
* No source link layer address option should be present in a
* valid DAD request.
*/
ip1dbg(("ndp_input_solicit: source link-layer address "
"option present with an unspecified source.\n"));
goto done;
}
/*
* Internally looped-back probes won't have DLPI
* attached to them. External ones (which are sent by
* multicast) always will. Just ignore our own
* transmissions.
*/
/*
* If someone else is probing our address, then
* we've crossed wires. Declare failure.
*/
}
goto done;
}
/*
* This is a DAD probe. Multicast the advertisement to the
* all-nodes address.
*/
}
/* Response to a solicitation */
ill, /* ill to be used for extracting ill_nd_lla */
B_TRUE, /* use ill_nd_lla */
&target, /* Source and target of the advertisement pkt */
&src, /* IP Destination (source of original pkt) */
flag);
done:
if (bad_solicit)
}
void
{
int len;
ip1dbg(("ndp_input_advert: Target is multicast but the "
"solicited flag is not zero\n"));
return;
}
if (IN6_IS_ADDR_MULTICAST(&target)) {
ip1dbg(("ndp_input_advert: Target is multicast!\n"));
return;
}
if (len > sizeof (nd_neighbor_advert_t)) {
if (!ndp_verify_optlen(opt,
len - sizeof (nd_neighbor_advert_t))) {
ip1dbg(("ndp_input_advert: cannot verify SLLA\n"));
return;
}
/* At this point we have a verified NA per spec */
len -= sizeof (nd_neighbor_advert_t);
hlen == 0) {
ip1dbg(("ndp_input_advert: bad SLLA\n"));
return;
}
}
}
/*
* If this interface is part of the group look at all the
* ills in the group.
*/
if (!ILL_CAN_LOOKUP(ill)) {
continue;
}
/* We have to drop the lock since ndp_process calls put* */
/*
* Someone else sent an advertisement for an
* address that we're trying to configure.
* Tear it down. Note that dl_mp might be NULL
* if we're getting a unicast reply. This
* isn't typically done (multicast is the norm
* in response to a probe), but ip_ndp_failure
* will handle the dl_mp == NULL case as well.
*/
/*
* Someone just announced one of our local
* addresses. If it wasn't us, then this is a
* conflict. Defend the address or shut it
* down.
*/
ill->ill_nd_lla_len))) {
dst_nce);
}
} else {
if (na->nd_na_flags_reserved &
}
/* B_TRUE indicates this an advertisement */
}
}
}
}
/*
* Process NDP neighbor solicitation/advertisement messages.
* The checksum has already checked o.k before reaching here.
*/
void
{
int len;
ip1dbg(("ndp_input: pullupmsg failed\n"));
goto done;
}
ip1dbg(("ndp_input: hoplimit != IPV6_MAX_HOPS\n"));
goto done;
}
/*
* NDP does not accept any extension headers between the
* IP header and the ICMP header since e.g. a routing
* header could be dangerous.
* This assumes that any AH or ESP headers are removed
* by ip prior to passing the packet to ndp_input.
*/
ip1dbg(("ndp_input: Wrong next header 0x%x\n",
goto done;
}
if (icmp_nd->icmp6_code != 0) {
ip1dbg(("ndp_input: icmp6 code != 0 \n"));
goto done;
}
/*
* Make sure packet length is large enough for either
* a NS or a NA icmp packet.
*/
ip1dbg(("ndp_input: packet too short\n"));
goto done;
}
} else {
}
done:
}
/*
* nce_xmit is called to form and transmit a ND solicitation or
* advertisement ICMP packet.
*
* If the source address is unspecified and this isn't a probe (used for
* duplicate address detection), an appropriate source address and link layer
* address will be chosen here. The link layer address option is included if
* the source is specified (i.e., all non-probe packets), and omitted (per the
* specification) otherwise.
*
* It returns B_FALSE only if it does a successful put() to the
* corresponding ill's ill_wq otherwise returns B_TRUE.
*/
static boolean_t
int flag)
{
/*
* If we have a unspecified source(sender) address, select a
* proper source address for the solicitation here itself so
* that we can initialize the h/w address correctly. This is
* needed for interface groups as source address can come from
* the whole group and the h/w address initialized from ill will
* be wrong if the source address comes from a different ill.
*
* If the sender is specified then we use this address in order
* to lookup the zoneid before calling ip_output_v6(). This is to
* enable unicast ND_NEIGHBOR_ADVERT packets to be routed correctly
* by IP (we cannot guarantee that the global zone has an interface
* route to the destination).
*
* Note that the NA never comes here with the unspecified source
* address. The following asserts that whenever the source
* address is specified, the haddr also should be specified.
*/
/*
* Pick a source address for this solicitation, but
* restrict the selection to addresses assigned to the
* output interface (or interface group). We do this
* because the destination will create a neighbor cache
* entry for the source address of this packet, so the
* source address had better be a valid neighbor.
*/
char buf[INET6_ADDRSTRLEN];
ip1dbg(("nce_xmit: No source ipif for dst %s\n",
sizeof (buf))));
return (B_TRUE);
}
} else if (!(IN6_IS_ADDR_UNSPECIFIED(sender))) {
/*
* It's possible for ipif_lookup_addr_zoneid_v6() to return
* ALL_ZONES if it cannot find a matching ipif for the address
* we are trying to use. In this case we err on the side of
* trying to send the packet by defaulting to the GLOBAL_ZONEID.
*/
}
/*
* spread. This is needed so that the probe packets sent
* by the in.mpathd daemon can really go out on the desired
* interface. Probe packets are made to go out on a desired
* interface by including a ip6i with ATTACH_IF flag. As these
* (neighbor doing NUD), we have to make sure that NA
* also go out on the same interface.
*/
plen * 8;
return (B_TRUE);
}
sizeof (nd_neighbor_advert_t));
if (operation == ND_NEIGHBOR_SOLICIT) {
if (!(flag & NDP_UNICAST)) {
/* Form multicast address of the target */
}
} else {
if (flag & NDP_ISROUTER)
if (flag & NDP_SOLICITED)
}
/* Fill in link layer address and option len */
}
}
/* If there's no link layer address option, then strip it. */
}
icmp6->icmp6_code = 0;
/*
* Prepare for checksum by putting icmp length in the icmp
* checksum field. The checksum is calculated in ip_wput_v6.
*/
return (B_FALSE);
}
/*
* Make a link layer address (does not include the SAP) from an nce.
* To form the link layer address, use the last four bytes of ipv6
* address passed in and the fixed offset stored in nce.
*/
static void
{
int len;
return;
while (len-- > 0)
}
/*
* Pass a cache report back out via NDD.
*/
/* ARGSUSED */
int
{
if (CONN_Q(q))
ipst = CONNQ_TO_IPST(q);
else
ipst = ILLQ_TO_IPST(q);
return (0);
}
/*
* Add a single line to the NDP Cache Entry Report.
*/
static void
{
char local_buf[INET6_ADDRSTRLEN];
uchar_t *h;
/*
* Lock the nce to protect nce_res_mp from being changed
* if an external resolver address resolution completes
* while nce_res_mp is being accessed here.
*
* Deal with all address formats, not just Ethernet-specific
* In addition, make sure that the mblk has enough space
* before writing to it. If is doesn't, allocate a new one.
*/
/*
* Don't include v4 NCEs in NDP cache entry report.
* But sanity check for lingering ND_INITIAL entries
*/
}
}
return;
}
if (flags & NCE_F_PERMANENT)
*m++ = 'P';
if (flags & NCE_F_ISROUTER)
*m++ = 'R';
if (flags & NCE_F_MAPPING)
*m++ = 'M';
*m = '\0';
char *addr_buf;
else
if (addrlen <= 0) {
(void) mi_mpprintf(mp,
"%8s %9s %5s %s/%d",
"None",
} else {
/*
*/
return;
}
(void) mac_colon_addr((uint8_t *)h,
}
} else {
(void) mi_mpprintf(mp,
"%8s %9s %5s %s/%d",
"None",
}
}
mblk_t *
{
int sap_length;
if (template_mp == NULL)
return (NULL);
/* Copy in the SAP value. */
return (template_mp);
}
/*
* NDP retransmit timer.
* This timer goes off when:
* a. It is time to retransmit NS for resolver.
* b. It is time to send reachability probes.
*/
void
{
char addrbuf[INET6_ADDRSTRLEN];
/*
* The timer has to be cancelled by ndp_delete before doing the final
* refrele. So the NCE is guaranteed to exist when the timer runs
* until it clears the timeout_id. Before clearing the timeout_id
* bump up the refcnt so that we can continue to use the nce
*/
/*
* Grab the ill_g_lock now itself to avoid lock order problems.
* nce_solicit needs ill_g_lock to be able to traverse ills
*/
nce->nce_timeout_id = 0;
/*
* Check the reachability state first.
*/
case ND_DELAY:
if (ip_debug > 3) {
/* ip2dbg */
pr_addr_dbg("ndp_timer: state for %s changed "
}
return;
case ND_PROBE:
/* must be retransmit timer */
/*
* As per RFC2461, the nce gets deleted after
* MAX_UNICAST_SOLICIT unsuccessful re-transmissions.
* Note that the first unicast solicitation is sent
* during the DELAY state.
*/
ip2dbg(("ndp_timer: pcount=%x dst %s\n",
if (dropped) {
}
/* No hope, delete the nce */
if (ip_debug > 2) {
/* ip1dbg */
pr_addr_dbg("ndp_timer: Delete IRE for"
}
/* Wait RetransTimer, before deleting the entry */
ip2dbg(("ndp_timer: pcount=%x dst %s\n",
/* Wait one interval before killing */
/*
* We're done probing, and we can now declare this
* address to be usable. Let IP know that it's ok to
* use.
*/
if (ipif->ipif_was_dup) {
char sbuf[INET6_ADDRSTRLEN];
sizeof (ibuf));
}
!ipif->ipif_addr_ready) {
}
}
/* Begin defending our new address */
nce->nce_unsolicit_count = 0;
if (dropped) {
} else if (ipst->ips_ip_ndp_defense_interval != 0) {
}
} else {
/*
* This is an address we're probing to be our own, but
* the ill is down. Wait until it comes back before
* doing anything, but switch to reachable state so
* that the restart will work.
*/
}
return;
case ND_INCOMPLETE:
/*
* Must be resolvers retransmit timer.
*/
/*
* Walk the list of packets queued, and see if there
* are any multipathing probe packets. Such packets
* are always queued at the head. Since this is a
* retransmit timer firing, mark such packets as
* delayed in ND resolution. This info will be used
* in ip_wput_v6(). Multipathing probe packets will
* always have an ip6i_t. Once we hit a packet without
* it, we can break out of this loop.
*/
else
break;
/*
* This message should have been pulled up already in
* ip_wput_v6. We can't do pullups here because the
*/
sizeof (ip6i_t) + IPV6_HDR_LEN);
/* Mark this packet as delayed due to ND resolution */
}
if (ms == 0) {
} else {
}
} else {
}
return;
}
break;
case ND_REACHABLE :
nce->nce_unsolicit_count != 0) ||
ipst->ips_ip_ndp_defense_interval != 0)) {
if (nce->nce_unsolicit_count > 0)
ill, /* ill to be used for hw addr */
B_FALSE, /* use ill_phys_addr */
if (dropped) {
}
if (nce->nce_unsolicit_count != 0) {
} else {
}
} else {
}
break;
default:
break;
}
}
/*
* Set a link layer address from the ll_addr passed in.
* Copy SAP from ill.
*/
static void
{
/* Always called before fast_path_probe */
if (ill->ill_sap_length != 0) {
/*
* Copy the SAP type specified in the
* request into the xmit template.
*/
}
if (ill->ill_phys_addr_length > 0) {
/*
* The bcopy() below used to be called for the physical address
* length rather than the link layer address length. For
* ethernet and many other media, the phys_addr and lla are
* identical.
* However, with xresolv interfaces being introduced, the
* phys_addr and lla are no longer the same, and the physical
* address may not have any useful meaning, so we use the lla
* for IPv6 address resolution and destination addressing.
*
* For PPP or other interfaces with a zero length
* physical address, don't do anything here.
* The bcopy() with a zero phys_addr length was previously
* a no-op for interfaces with a zero-length physical address.
* Using the lla for them would change the way they operate.
* Doing nothing in such cases preserves expected behavior.
*/
}
}
static boolean_t
{
return (B_FALSE);
return (B_TRUE);
return (B_FALSE);
}
/*
* Updates the link layer address or the reachability state of
* a cache entry. Reset probe counter if needed.
*/
static void
{
/*
* If this interface does not do NUD, there is no point
* in allowing an update to the cache entry. Although
* we will respond to NS.
* The only time we accept an update for a resolver when
* NUD is turned off is when it has just been created.
* Non-Resolvers will always be created as REACHABLE.
*/
if (new_state != ND_UNCHANGED) {
return;
if (new_state == ND_REACHABLE)
else {
/* We force NUD in this case */
}
}
/*
* In case of fast path we need to free the the fastpath
* M_DATA and do another probe. Otherwise we can just
* overwrite the DL_UNITDATA_REQ data, noting we'll lose
* whatever packets that happens to be transmitting at the time.
*/
if (new_ll_addr != NULL) {
}
}
if (need_stop_timer) {
nce->nce_timeout_id = 0;
}
if (need_fastpath_update)
}
void
{
if (++count >
}
}
/* put this on the list */
if (head_insert) {
} else {
}
}
static void
{
else
/*
* This message should have been pulled up already in
* ip_wput_v6. We can't do pullups here because the message
* non-NULL.
*/
sizeof (ip6i_t) + IPV6_HDR_LEN);
/*
* Multipathing probe packets have IP6I_DROP_IFDELAYED set.
* This has 2 aspects mentioned below.
* 1. Perform head insertion in the nce_qd_mp for these packets.
* This ensures that next retransmit of ND solicitation
* will use the interface specified by the probe packet,
* for both NS and NA. This corresponds to the src address
* in the IPv6 packet. If we insert at tail, we will be
* depending on the packet at the head for successful
* ND resolution. This is not reliable, because the interface
* on which the NA arrives could be different from the interface
* on which the NS was sent, and if the receiving interface is
* failed, it will appear that the sending interface is also
* failed, causing in.mpathd to misdiagnose this as link
* failure.
* 2. Drop the original packet, if the ND resolution did not
* succeed in the first attempt. However we will create the
* nce and the ire, as soon as the ND resolution succeeds.
* We don't gain anything by queueing multiple probe packets
* and sending them back-to-back once resolution succeeds.
* It is sufficient to send just 1 packet after ND resolution
* succeeds. Since mpathd is sending down probe packets at a
* constant rate, we don't need to send the queued packet. We
* need to queue it only for NDP resolution. The benefit of
* dropping the probe packets that were delayed in ND
* resolution, is that in.mpathd will not see inflated
* RTT. If the ND resolution does not succeed within
* in.mpathd's failure detection time, mpathd may detect
* a failure, and it does not matter whether the packet
* was queued or dropped.
*/
}
}
/*
* Called when address resolution failed due to a timeout.
* Send an ICMP unreachable in response to all queued packets.
*/
void
{
char buf[INET6_ADDRSTRLEN];
ip1dbg(("nce_resolv_failed: dst %s\n",
}
/*
* This message should have been pulled up already
* in ip_wput_v6. ip_hdr_complete_v6 assumes that
* the header is pulled up.
*/
sizeof (ip6i_t) + IPV6_HDR_LEN);
}
/*
* Ignore failure since icmp_unreachable_v6 will silently
* drop packets with an unspecified source address.
*/
}
}
/*
* and the corresponding attributes.
* Disallow states other than ND_REACHABLE or ND_STALE.
*/
int
{
int err;
return (EINVAL);
/* We know it can not be mapping so just look in the hash table */
case NDF_ISROUTER_ON:
break;
case NDF_ISROUTER_OFF:
new_flags &= ~NCE_F_ISROUTER;
break;
case (NDF_ISROUTER_OFF|NDF_ISROUTER_ON):
return (EINVAL);
}
case NDF_ANYCAST_ON:
break;
case NDF_ANYCAST_OFF:
new_flags &= ~NCE_F_ANYCAST;
break;
case (NDF_ANYCAST_OFF|NDF_ANYCAST_ON):
return (EINVAL);
}
addr,
0,
&nce);
if (err != 0) {
return (err);
}
}
/*
* Router turned to host, delete all ires.
* XXX Just delete the entry, but we need to add too.
*/
return (0);
}
/*
* Note that we ignore the state at this point, which
* should be either STALE or REACHABLE. Instead we let
* the link layer address passed in to determine the state
* much like incoming packets.
*/
return (0);
}
/*
* If the device driver supports it, we make nce_fp_mp to have
* an M_DATA prepend. Otherwise nce_fp_mp will be null.
* The caller ensures there is hold on nce for this function.
* Note that since ill_fastpath_probe() copies the mblk there is
* no need for the hold beyond this function.
*/
void
{
int res;
/* Already contains fastpath info */
return;
}
/*
* EAGAIN is an indication of a transient error
* i.e. allocation failure etc. leave the nce in the list it
* will be updated when another probe happens for another ire
* if not it will be taken out of the list when the ire is
* deleted.
*/
}
}
/*
* Drain the list of nce's waiting for fastpath response.
*/
void
void *arg)
{
/*
* Take it off the list if we're flushing, or if the callback
* routine tells us to do so. Otherwise, leave the nce in the
* fastpath list to handle any pending response from the lower
* layer. We can't drain the list when the callback routine
* comparison failed, because the response is asynchronous in
* nature, and may not arrive in the same order as the list
* insertion.
*/
if (current_nce == first_nce)
else
} else {
/* previous element that is still in the list */
}
}
}
/*
* Add nce to the nce fastpath list.
*/
void
{
/*
* if nce has not been deleted and
* is not already in the list add it.
*/
}
}
/*
* remove nce from the nce fastpath list.
*/
void
{
goto done;
} else {
break;
}
}
}
done:
}
/*
* Update all NCE's that are not in fastpath mode and
* have an nce_fp_mp that matches mp. mp->b_cont contains
* the fastpath header.
*
* Returns TRUE if entry should be dequeued, or FALSE otherwise.
*/
{
return (B_TRUE);
return (B_TRUE);
ip2dbg(("ndp_fastpath_update: trying\n"));
/*
* The nce is locked here to prevent any other threads
* from accessing and changing nce_res_mp when the IPv6 address
* becomes resolved to an lla while we're in the middle
* of looking at and comparing the hardware address (lla).
* It is also locked to prevent multiple threads in nce_fastpath_update
* from examining nce_res_mp atthe same time.
*/
/*
* Don't take the ire off the fastpath list yet,
* since the response may come later.
*/
return (B_FALSE);
}
/* Matched - install mp as the fastpath mp */
ip1dbg(("ndp_fastpath_update: match\n"));
}
return (B_TRUE);
}
/*
* This function handles the DL_NOTE_FASTPATH_FLUSH notification from
* driver. Note that it assumes IP is exclusive...
*/
/* ARGSUSED */
void
{
return;
/* No fastpath info? */
return;
/*
* IPv4 BROADCAST entries:
* We can't delete the nce since it is difficult to
* recreate these without going through the
*
* All access to nce->nce_fp_mp in the case of these
* is protected by nce_lock.
*/
} else {
}
} else {
/* Just delete the NCE... */
}
}
/*
* Return a pointer to a given option in the packet.
* Assumes that option part of the packet have already been validated.
*/
{
while (optlen > 0) {
return (opt);
}
return (NULL);
}
/*
* Verify all option lengths present are > 0, also check to see
* if the option lengths and packet length are consistent.
*/
{
while (optlen > 0) {
if (opt->nd_opt_len == 0)
return (B_FALSE);
if (optlen < 0)
return (B_FALSE);
}
return (B_TRUE);
}
/*
* ndp_walk function.
* Free a fraction of the NCE cache entries.
* A fraction of zero means to not free any in that category.
*/
void
{
return;
return;
}
}
/*
* ndp_walk function.
* Count the number of NCEs that can be deleted.
* These would be hosts but not routers.
*/
void
{
return;
}
#ifdef NCE_DEBUG
{
int bucket_id;
return (th_trace);
}
return (NULL);
}
void
{
int bucket_id;
/*
* Attempt to locate the trace buffer for the curthread.
* If it does not exist, then allocate a new trace buffer
* and link it in list of trace bufs for this ipif, at the head
*/
return;
return;
}
}
}
void
{
return;
}
void
{
int i;
for (i = 0; i < IP_TR_HASH_MAX; i++) {
/* unlink th_trace and free it */
}
}
}
/* ARGSUSED */
int
{
}
}
return (0);
}
/* unlink th_trace and free it */
return (0);
}
#endif
/*
* Called when address resolution fails due to a timeout.
* Send an ICMP unreachable in response to all queued packets.
*/
void
{
char buf[INET6_ADDRSTRLEN];
ip3dbg(("arp_resolv_failed: dst %s\n",
/*
* Send icmp unreachable messages
* to the hosts.
*/
ip3dbg(("arp_resolv_failed: Calling icmp_unreachable\n"));
}
}
int
{
int err;
} else {
}
return (err);
}
/*
* NDP Cache Entry creation routine for IPv4.
* Mapped entries are handled in arp.
* This routine must always be called with ndp4->ndp_g_lock held.
* Prior to return, nce_refcnt is incremented.
*/
static int
{
int err;
return (EINVAL);
/*
* Allocate the mblk to hold the nce.
*/
return (ENOMEM);
nce->nce_ll_extract_start = 0;
/* This one is for nce getting created */
#ifdef NCE_DEBUG
#endif
/*
* src_nce has been provided by the caller. The only
* caller who provides a non-null, non-broadcast
* src_nce is from ip_newroute() which must pass in
* a ND_REACHABLE src_nce (this condition is verified
* via an ASSERT for the save_ire->ire_nce in ip_newroute())
*/
/*
* src_nce has been deleted, or
* ip_arp_news is in the middle of
* flushing entries in the the nce.
* Fail the add, since we don't know
* if it is safe to copy the contents of
* src_nce
*/
goto err_ret;
}
goto err_ret;
}
} else if (flags & NCE_F_BCAST) {
/*
* broadcast nce.
*/
goto err_ret;
}
/*
* NORESOLVER entries are always created in the REACHABLE
* state. We create a nce_res_mp with the IP nexthop address
* in the destination address in the DLPI hdr if the
* physical length is exactly 4 bytes.
*
* XXX not clear which drivers set ill_phys_addr_length to
* IP_ADDR_LEN.
*/
} else {
}
goto err_ret;
}
}
if (state == ND_REACHABLE) {
} else {
if (state == ND_INITIAL)
}
/*
* Atomically ensure that the ill is not CONDEMNED, before
* adding the NCE.
*/
goto err_ret;
}
/* This one is for nce being used by an active thread */
/* Bump up the number of nce's referencing this ill */
ill->ill_nce_cnt++;
return (0);
return (err);
}
void
{
}
}
/*
* ndp_walk routine to delete all entries that have a given destination or
* gateway address and cached link layer (MAC) address. This is used when ARP
* informs us that a network-to-link-layer mapping may have changed.
*/
void
{
int saplen;
return;
return;
return;
}
else
/*
* If the hardware address is unchanged, then leave this one alone.
* Note that saplen == abs(saplen) now.
*/
return;
}
}
/*
* This function verifies whether a given IPv4 address is potentially known to
* the NCE subsystem. If so, then ARP must not delete the corresponding ace_t,
* so that it can continue to look for hardware changes on that address.
*/
{
if (addr == INADDR_ANY)
return (B_FALSE);
/* Note that only v4 mapped entries are in the table. */
/* Single flag check; no lock needed */
break;
}
}
}