1 /* $NetBSD: if_arp.c,v 1.317 2024/11/13 09:25:52 roy Exp $ */
2
3 /*
4 * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Public Access Networks Corporation ("Panix"). It was developed under
9 * contract to Panix by Eric Haszlakiewicz and Thor Lancelot Simon.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 /*
34 * Copyright (c) 1982, 1986, 1988, 1993
35 * The Regents of the University of California. All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. Neither the name of the University nor the names of its contributors
46 * may be used to endorse or promote products derived from this software
47 * without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59 * SUCH DAMAGE.
60 *
61 * @(#)if_ether.c 8.2 (Berkeley) 9/26/94
62 */
63
64 /*
65 * Ethernet address resolution protocol.
66 * TODO:
67 * add "inuse/lock" bit (or ref. count) along with valid bit
68 */
69
70 #include <sys/cdefs.h>
71 __KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.317 2024/11/13 09:25:52 roy Exp $");
72
73 #ifdef _KERNEL_OPT
74 #include "opt_ddb.h"
75 #include "opt_inet.h"
76 #include "opt_net_mpsafe.h"
77 #endif
78
79 #ifdef INET
80
81 #include "arp.h"
82 #include "bridge.h"
83
84 #include <sys/param.h>
85 #include <sys/systm.h>
86 #include <sys/callout.h>
87 #include <sys/kmem.h>
88 #include <sys/mbuf.h>
89 #include <sys/socket.h>
90 #include <sys/time.h>
91 #include <sys/timetc.h>
92 #include <sys/kernel.h>
93 #include <sys/errno.h>
94 #include <sys/ioctl.h>
95 #include <sys/syslog.h>
96 #include <sys/proc.h>
97 #include <sys/protosw.h>
98 #include <sys/domain.h>
99 #include <sys/sysctl.h>
100 #include <sys/socketvar.h>
101 #include <sys/percpu.h>
102 #include <sys/cprng.h>
103 #include <sys/kmem.h>
104
105 #include <net/ethertypes.h>
106 #include <net/if.h>
107 #include <net/if_dl.h>
108 #include <net/if_types.h>
109 #include <net/if_ether.h>
110 #include <net/if_llatbl.h>
111 #include <net/nd.h>
112 #include <net/route.h>
113 #include <net/net_stats.h>
114
115 #include <netinet/in.h>
116 #include <netinet/in_systm.h>
117 #include <netinet/in_var.h>
118 #include <netinet/ip.h>
119 #include <netinet/if_inarp.h>
120
121 #include "arcnet.h"
122 #if NARCNET > 0
123 #include <net/if_arc.h>
124 #endif
125 #include "carp.h"
126 #if NCARP > 0
127 #include <netinet/ip_carp.h>
128 #endif
129
130 /*
131 * ARP trailer negotiation. Trailer protocol is not IP specific,
132 * but ARP request/response use IP addresses.
133 */
134 #define ETHERTYPE_IPTRAILERS ETHERTYPE_TRAIL
135
136 /* timers */
137 static int arp_reachable = REACHABLE_TIME;
138 static int arp_retrans = RETRANS_TIMER;
139 static int arp_perform_nud = 1;
140
141 static bool arp_nud_enabled(struct ifnet *);
142 static unsigned int arp_llinfo_reachable(struct ifnet *);
143 static unsigned int arp_llinfo_retrans(struct ifnet *);
144 static union l3addr *arp_llinfo_holdsrc(struct llentry *, union l3addr *);
145 static void arp_llinfo_output(struct ifnet *, const union l3addr *,
146 const union l3addr *, const uint8_t *, const union l3addr *);
147 static void arp_llinfo_missed(struct ifnet *, const union l3addr *,
148 int16_t, struct mbuf *);
149 static void arp_free(struct llentry *, int);
150
151 static struct nd_domain arp_nd_domain = {
152 .nd_family = AF_INET,
153 .nd_delay = 5, /* delay first probe time 5 second */
154 .nd_mmaxtries = 3, /* maximum broadcast query */
155 .nd_umaxtries = 3, /* maximum unicast query */
156 .nd_retransmultiple = BACKOFF_MULTIPLE,
157 .nd_maxretrans = MAX_RETRANS_TIMER,
158 .nd_maxnudhint = 0, /* max # of subsequent upper layer hints */
159 .nd_maxqueuelen = 1, /* max # of packets in unresolved ND entries */
160 .nd_nud_enabled = arp_nud_enabled,
161 .nd_reachable = arp_llinfo_reachable,
162 .nd_retrans = arp_llinfo_retrans,
163 .nd_holdsrc = arp_llinfo_holdsrc,
164 .nd_output = arp_llinfo_output,
165 .nd_missed = arp_llinfo_missed,
166 .nd_free = arp_free,
167 };
168
169 int ip_dad_count = PROBE_NUM;
170 #ifdef ARP_DEBUG
171 int arp_debug = 1;
172 #else
173 int arp_debug = 0;
174 #endif
175
176 static void arp_init(void);
177 static void arp_dad_init(void);
178
179 static void arprequest(struct ifnet *,
180 const struct in_addr *, const struct in_addr *,
181 const uint8_t *, const uint8_t *);
182 static void arpannounce1(struct ifaddr *);
183 static struct sockaddr *arp_setgate(struct rtentry *, struct sockaddr *,
184 const struct sockaddr *);
185 static struct llentry *arpcreate(struct ifnet *,
186 const struct in_addr *, const struct sockaddr *, int);
187 static void in_arpinput(struct mbuf *);
188 static void in_revarpinput(struct mbuf *);
189 static void revarprequest(struct ifnet *);
190
191 static void arp_drainstub(void);
192
193 struct dadq;
194 static void arp_dad_timer(struct dadq *);
195 static void arp_dad_start(struct ifaddr *);
196 static void arp_dad_stop(struct ifaddr *);
197 static void arp_dad_duplicated(struct ifaddr *, const struct sockaddr_dl *);
198
199 #define ARP_MAXQLEN 50
200 pktqueue_t * arp_pktq __read_mostly;
201
202 static int useloopback = 1; /* use loopback interface for local traffic */
203
204 static percpu_t *arpstat_percpu;
205
206 #define ARP_STAT_GETREF() _NET_STAT_GETREF(arpstat_percpu)
207 #define ARP_STAT_PUTREF() _NET_STAT_PUTREF(arpstat_percpu)
208
209 #define ARP_STATINC(x) _NET_STATINC(arpstat_percpu, x)
210 #define ARP_STATADD(x, v) _NET_STATADD(arpstat_percpu, x, v)
211
212 /* revarp state */
213 static struct in_addr myip, srv_ip;
214 static int myip_initialized = 0;
215 static int revarp_in_progress = 0;
216 static struct ifnet *myip_ifp = NULL;
217
218 static int arp_drainwanted;
219
220 static int log_movements = 0;
221 static int log_permanent_modify = 1;
222 static int log_wrong_iface = 1;
223
224 DOMAIN_DEFINE(arpdomain); /* forward declare and add to link set */
225
226 static void
arp_fasttimo(void)227 arp_fasttimo(void)
228 {
229 if (arp_drainwanted) {
230 arp_drain();
231 arp_drainwanted = 0;
232 }
233 }
234
235 static const struct protosw arpsw[] = {
236 {
237 .pr_type = 0,
238 .pr_domain = &arpdomain,
239 .pr_protocol = 0,
240 .pr_flags = 0,
241 .pr_input = 0,
242 .pr_ctlinput = 0,
243 .pr_ctloutput = 0,
244 .pr_usrreqs = 0,
245 .pr_init = arp_init,
246 .pr_fasttimo = arp_fasttimo,
247 .pr_slowtimo = 0,
248 .pr_drain = arp_drainstub,
249 }
250 };
251
252 struct domain arpdomain = {
253 .dom_family = PF_ARP,
254 .dom_name = "arp",
255 .dom_protosw = arpsw,
256 .dom_protoswNPROTOSW = &arpsw[__arraycount(arpsw)],
257 #ifdef MBUFTRACE
258 .dom_mowner = MOWNER_INIT("internet", "arp"),
259 #endif
260 };
261
262 static void sysctl_net_inet_arp_setup(struct sysctllog **);
263
264 void
arp_init(void)265 arp_init(void)
266 {
267
268 arp_pktq = pktq_create(ARP_MAXQLEN, arpintr, NULL);
269 KASSERT(arp_pktq != NULL);
270
271 sysctl_net_inet_arp_setup(NULL);
272 arpstat_percpu = percpu_alloc(sizeof(uint64_t) * ARP_NSTATS);
273
274 #ifdef MBUFTRACE
275 MOWNER_ATTACH(&arpdomain.dom_mowner);
276 #endif
277
278 nd_attach_domain(&arp_nd_domain);
279 arp_dad_init();
280 }
281
282 static void
arp_drainstub(void)283 arp_drainstub(void)
284 {
285 arp_drainwanted = 1;
286 }
287
288 /*
289 * ARP protocol drain routine. Called when memory is in short supply.
290 * Called at splvm(); don't acquire softnet_lock as can be called from
291 * hardware interrupt handlers.
292 */
293 void
arp_drain(void)294 arp_drain(void)
295 {
296
297 lltable_drain(AF_INET);
298 }
299
300 /*
301 * We set the gateway for RTF_CLONING routes to a "prototype"
302 * link-layer sockaddr whose interface type (if_type) and interface
303 * index (if_index) fields are prepared.
304 */
305 static struct sockaddr *
arp_setgate(struct rtentry * rt,struct sockaddr * gate,const struct sockaddr * netmask)306 arp_setgate(struct rtentry *rt, struct sockaddr *gate,
307 const struct sockaddr *netmask)
308 {
309 const struct ifnet *ifp = rt->rt_ifp;
310 uint8_t namelen = strlen(ifp->if_xname);
311 uint8_t addrlen = ifp->if_addrlen;
312
313 /*
314 * XXX: If this is a manually added route to interface
315 * such as older version of routed or gated might provide,
316 * restore cloning bit.
317 */
318 if ((rt->rt_flags & RTF_HOST) == 0 && netmask != NULL &&
319 satocsin(netmask)->sin_addr.s_addr != 0xffffffff)
320 rt->rt_flags |= RTF_CONNECTED;
321
322 if ((rt->rt_flags & (RTF_CONNECTED | RTF_LOCAL))) {
323 union {
324 struct sockaddr sa;
325 struct sockaddr_storage ss;
326 struct sockaddr_dl sdl;
327 } u;
328 /*
329 * Case 1: This route should come from a route to iface.
330 */
331 sockaddr_dl_init(&u.sdl, sizeof(u.ss),
332 ifp->if_index, ifp->if_type, NULL, namelen, NULL, addrlen);
333 rt_setgate(rt, &u.sa);
334 gate = rt->rt_gateway;
335 }
336 return gate;
337 }
338
339 /*
340 * Parallel to llc_rtrequest.
341 */
342 void
arp_rtrequest(int req,struct rtentry * rt,const struct rt_addrinfo * info)343 arp_rtrequest(int req, struct rtentry *rt, const struct rt_addrinfo *info)
344 {
345 struct sockaddr *gate = rt->rt_gateway;
346 struct in_ifaddr *ia;
347 struct ifaddr *ifa;
348 struct ifnet *ifp = rt->rt_ifp;
349 int bound;
350 int s;
351
352 if (req == RTM_LLINFO_UPD) {
353 if ((ifa = info->rti_ifa) != NULL)
354 arpannounce1(ifa);
355 return;
356 }
357
358 if ((rt->rt_flags & RTF_GATEWAY) != 0) {
359 if (req != RTM_ADD)
360 return;
361
362 /*
363 * linklayers with particular link MTU limitation.
364 */
365 switch(ifp->if_type) {
366 #if NARCNET > 0
367 case IFT_ARCNET:
368 {
369 int arcipifmtu;
370
371 if (ifp->if_flags & IFF_LINK0)
372 arcipifmtu = arc_ipmtu;
373 else
374 arcipifmtu = ARCMTU;
375 if (ifp->if_mtu > arcipifmtu)
376 rt->rt_rmx.rmx_mtu = arcipifmtu;
377 break;
378 }
379 #endif
380 }
381 return;
382 }
383
384 switch (req) {
385 case RTM_SETGATE:
386 gate = arp_setgate(rt, gate, info->rti_info[RTAX_NETMASK]);
387 break;
388 case RTM_ADD:
389 gate = arp_setgate(rt, gate, info->rti_info[RTAX_NETMASK]);
390 if (gate == NULL) {
391 log(LOG_ERR, "%s: arp_setgate failed\n", __func__);
392 break;
393 }
394 if ((rt->rt_flags & RTF_CONNECTED) ||
395 (rt->rt_flags & RTF_LOCAL)) {
396 /*
397 * linklayers with particular link MTU limitation.
398 */
399 switch (ifp->if_type) {
400 #if NARCNET > 0
401 case IFT_ARCNET:
402 {
403 int arcipifmtu;
404 if (ifp->if_flags & IFF_LINK0)
405 arcipifmtu = arc_ipmtu;
406 else
407 arcipifmtu = ARCMTU;
408
409 if ((rt->rt_rmx.rmx_locks & RTV_MTU) == 0 &&
410 (rt->rt_rmx.rmx_mtu > arcipifmtu ||
411 (rt->rt_rmx.rmx_mtu == 0 &&
412 ifp->if_mtu > arcipifmtu)))
413 rt->rt_rmx.rmx_mtu = arcipifmtu;
414 break;
415 }
416 #endif
417 }
418 if (rt->rt_flags & RTF_CONNECTED)
419 break;
420 }
421
422 bound = curlwp_bind();
423 /* Announce a new entry if requested. */
424 if (rt->rt_flags & RTF_ANNOUNCE) {
425 struct psref psref;
426 ia = in_get_ia_on_iface_psref(
427 satocsin(rt_getkey(rt))->sin_addr, ifp, &psref);
428 if (ia != NULL) {
429 arpannounce(ifp, &ia->ia_ifa,
430 CLLADDR(satocsdl(gate)));
431 ia4_release(ia, &psref);
432 }
433 }
434
435 if (gate->sa_family != AF_LINK ||
436 gate->sa_len < sockaddr_dl_measure(0, ifp->if_addrlen)) {
437 log(LOG_DEBUG, "%s: bad gateway value\n", __func__);
438 goto out;
439 }
440
441 satosdl(gate)->sdl_type = ifp->if_type;
442 satosdl(gate)->sdl_index = ifp->if_index;
443
444 /*
445 * If the route is for a broadcast address mark it as such.
446 * This way we can avoid an expensive call to in_broadcast()
447 * in ip_output() most of the time (because the route passed
448 * to ip_output() is almost always a host route).
449 */
450 if (rt->rt_flags & RTF_HOST &&
451 !(rt->rt_flags & RTF_BROADCAST) &&
452 in_broadcast(satocsin(rt_getkey(rt))->sin_addr, rt->rt_ifp))
453 rt->rt_flags |= RTF_BROADCAST;
454 /* There is little point in resolving the broadcast address */
455 if (rt->rt_flags & RTF_BROADCAST)
456 goto out;
457
458 /*
459 * When called from rt_ifa_addlocal, we cannot depend on that
460 * the address (rt_getkey(rt)) exits in the address list of the
461 * interface. So check RTF_LOCAL instead.
462 */
463 if (rt->rt_flags & RTF_LOCAL) {
464 if (useloopback) {
465 rt->rt_ifp = lo0ifp;
466 rt->rt_rmx.rmx_mtu = 0;
467 }
468 goto out;
469 }
470
471 s = pserialize_read_enter();
472 ia = in_get_ia_on_iface(satocsin(rt_getkey(rt))->sin_addr, ifp);
473 if (ia == NULL) {
474 pserialize_read_exit(s);
475 goto out;
476 }
477
478 if (useloopback) {
479 rt->rt_ifp = lo0ifp;
480 rt->rt_rmx.rmx_mtu = 0;
481 }
482 rt->rt_flags |= RTF_LOCAL;
483
484 if (ISSET(info->rti_flags, RTF_DONTCHANGEIFA)) {
485 pserialize_read_exit(s);
486 goto out;
487 }
488 /*
489 * make sure to set rt->rt_ifa to the interface
490 * address we are using, otherwise we will have trouble
491 * with source address selection.
492 */
493 ifa = &ia->ia_ifa;
494 if (ifa != rt->rt_ifa)
495 /* Assume it doesn't sleep */
496 rt_replace_ifa(rt, ifa);
497 pserialize_read_exit(s);
498 out:
499 curlwp_bindx(bound);
500 break;
501 }
502 }
503
504 /*
505 * Broadcast an ARP request. Caller specifies:
506 * - arp header source ip address
507 * - arp header target ip address
508 * - arp header source ethernet address
509 */
510 static void
arprequest(struct ifnet * ifp,const struct in_addr * sip,const struct in_addr * tip,const uint8_t * saddr,const uint8_t * taddr)511 arprequest(struct ifnet *ifp,
512 const struct in_addr *sip, const struct in_addr *tip,
513 const uint8_t *saddr, const uint8_t *taddr)
514 {
515 struct mbuf *m;
516 struct arphdr *ah;
517 struct sockaddr sa;
518 net_stat_ref_t arps;
519
520 KASSERT(sip != NULL);
521 KASSERT(tip != NULL);
522 KASSERT(saddr != NULL);
523
524 if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL)
525 return;
526 MCLAIM(m, &arpdomain.dom_mowner);
527 switch (ifp->if_type) {
528 case IFT_IEEE1394:
529 m->m_len = sizeof(*ah) + 2 * sizeof(struct in_addr) +
530 ifp->if_addrlen;
531 break;
532 default:
533 m->m_len = sizeof(*ah) + 2 * sizeof(struct in_addr) +
534 2 * ifp->if_addrlen;
535 break;
536 }
537 m->m_pkthdr.len = m->m_len;
538 m_align(m, m->m_len);
539 ah = mtod(m, struct arphdr *);
540 memset(ah, 0, m->m_len);
541 switch (ifp->if_type) {
542 case IFT_IEEE1394: /* RFC2734 */
543 /* fill it now for ar_tpa computation */
544 ah->ar_hrd = htons(ARPHRD_IEEE1394);
545 break;
546 default:
547 /* ifp->if_output will fill ar_hrd */
548 break;
549 }
550 ah->ar_pro = htons(ETHERTYPE_IP);
551 ah->ar_hln = ifp->if_addrlen; /* hardware address length */
552 ah->ar_pln = sizeof(struct in_addr); /* protocol address length */
553 ah->ar_op = htons(ARPOP_REQUEST);
554 memcpy(ar_sha(ah), saddr, ah->ar_hln);
555 if (taddr == NULL)
556 m->m_flags |= M_BCAST;
557 else
558 memcpy(ar_tha(ah), taddr, ah->ar_hln);
559 memcpy(ar_spa(ah), sip, ah->ar_pln);
560 memcpy(ar_tpa(ah), tip, ah->ar_pln);
561 sa.sa_family = AF_ARP;
562 sa.sa_len = 2;
563 arps = ARP_STAT_GETREF();
564 _NET_STATINC_REF(arps, ARP_STAT_SNDTOTAL);
565 _NET_STATINC_REF(arps, ARP_STAT_SENDREQUEST);
566 ARP_STAT_PUTREF();
567 if_output_lock(ifp, ifp, m, &sa, NULL);
568 }
569
570 void
arpannounce(struct ifnet * ifp,struct ifaddr * ifa,const uint8_t * enaddr)571 arpannounce(struct ifnet *ifp, struct ifaddr *ifa, const uint8_t *enaddr)
572 {
573 struct in_ifaddr *ia = ifatoia(ifa);
574 struct in_addr *ip = &IA_SIN(ifa)->sin_addr;
575
576 if (ia->ia4_flags & (IN_IFF_NOTREADY | IN_IFF_DETACHED)) {
577 ARPLOG(LOG_DEBUG, "%s not ready\n", ARPLOGADDR(ip));
578 return;
579 }
580 arprequest(ifp, ip, ip, enaddr, NULL);
581 }
582
583 static void
arpannounce1(struct ifaddr * ifa)584 arpannounce1(struct ifaddr *ifa)
585 {
586
587 arpannounce(ifa->ifa_ifp, ifa, CLLADDR(ifa->ifa_ifp->if_sadl));
588 }
589
590 /*
591 * Resolve an IP address into an ethernet address. If success, desten is
592 * filled in. If there is no entry in arptab, set one up and broadcast a
593 * request for the IP address. Hold onto this mbuf and resend it once the
594 * address is finally resolved.
595 *
596 * A return value of 0 indicates that desten has been filled in and the packet
597 * should be sent normally; a return value of EWOULDBLOCK indicates that the
598 * packet has been held pending resolution. Any other value indicates an
599 * error.
600 */
601 int
arpresolve(struct ifnet * ifp,const struct rtentry * rt,struct mbuf * m,const struct sockaddr * dst,void * desten,size_t destlen)602 arpresolve(struct ifnet *ifp, const struct rtentry *rt, struct mbuf *m,
603 const struct sockaddr *dst, void *desten, size_t destlen)
604 {
605 struct llentry *la;
606 const char *create_lookup;
607 int error;
608
609 #if NCARP > 0
610 if (rt != NULL && rt->rt_ifp->if_type == IFT_CARP)
611 ifp = rt->rt_ifp;
612 #endif
613
614 KASSERT(m != NULL);
615
616 la = arplookup(ifp, NULL, dst, 0);
617 if (la == NULL)
618 goto notfound;
619
620 if (la->la_flags & LLE_VALID && la->ln_state == ND_LLINFO_REACHABLE) {
621 KASSERT(destlen >= ifp->if_addrlen);
622 memcpy(desten, &la->ll_addr, ifp->if_addrlen);
623 LLE_RUNLOCK(la);
624 return 0;
625 }
626
627 notfound:
628 if (ifp->if_flags & IFF_NOARP) {
629 if (la != NULL)
630 LLE_RUNLOCK(la);
631 error = ENOTSUP;
632 goto bad;
633 }
634
635 if (la == NULL) {
636 struct rtentry *_rt;
637
638 create_lookup = "create";
639 _rt = rtalloc1(dst, 0);
640 IF_AFDATA_WLOCK(ifp);
641 la = lla_create(LLTABLE(ifp), LLE_EXCLUSIVE, dst, _rt);
642 IF_AFDATA_WUNLOCK(ifp);
643 if (_rt != NULL)
644 rt_unref(_rt);
645 if (la == NULL)
646 ARP_STATINC(ARP_STAT_ALLOCFAIL);
647 else
648 la->ln_state = ND_LLINFO_NOSTATE;
649 } else if (LLE_TRY_UPGRADE(la) == 0) {
650 create_lookup = "lookup";
651 LLE_RUNLOCK(la);
652 IF_AFDATA_RLOCK(ifp);
653 la = lla_lookup(LLTABLE(ifp), LLE_EXCLUSIVE, dst);
654 IF_AFDATA_RUNLOCK(ifp);
655 }
656
657 error = EINVAL;
658 if (la == NULL) {
659 log(LOG_DEBUG,
660 "%s: failed to %s llentry for %s on %s\n",
661 __func__, create_lookup, inet_ntoa(satocsin(dst)->sin_addr),
662 ifp->if_xname);
663 goto bad;
664 }
665
666 error = nd_resolve(la, rt, m, desten, destlen);
667 return error;
668
669 bad:
670 m_freem(m);
671 return error;
672 }
673
674 /*
675 * Common length and type checks are done here,
676 * then the protocol-specific routine is called.
677 */
678 void
arpintr(void * arg __unused)679 arpintr(void *arg __unused)
680 {
681 struct mbuf *m;
682 struct arphdr *ar;
683 int s;
684 int arplen;
685 struct ifnet *rcvif;
686 bool badhrd;
687
688 SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE();
689 while ((m = pktq_dequeue(arp_pktq)) != NULL) {
690 if ((m->m_flags & M_PKTHDR) == 0)
691 panic("arpintr");
692
693 MCLAIM(m, &arpdomain.dom_mowner);
694 ARP_STATINC(ARP_STAT_RCVTOTAL);
695
696 if (__predict_false(m->m_len < sizeof(*ar))) {
697 if ((m = m_pullup(m, sizeof(*ar))) == NULL)
698 goto badlen;
699 }
700 ar = mtod(m, struct arphdr *);
701 KASSERT(ACCESSIBLE_POINTER(ar, struct arphdr));
702
703 rcvif = m_get_rcvif(m, &s);
704 if (__predict_false(rcvif == NULL)) {
705 ARP_STATINC(ARP_STAT_RCVNOINT);
706 goto free;
707 }
708
709 /*
710 * We don't want non-IEEE1394 ARP packets on IEEE1394
711 * interfaces, and vice versa. Our life depends on that.
712 */
713 if (ntohs(ar->ar_hrd) == ARPHRD_IEEE1394)
714 badhrd = rcvif->if_type != IFT_IEEE1394;
715 else
716 badhrd = rcvif->if_type == IFT_IEEE1394;
717
718 m_put_rcvif(rcvif, &s);
719
720 if (badhrd) {
721 ARP_STATINC(ARP_STAT_RCVBADPROTO);
722 goto free;
723 }
724
725 arplen = sizeof(*ar) + 2 * ar->ar_hln + 2 * ar->ar_pln;
726 if (__predict_false(m->m_len < arplen)) {
727 if ((m = m_pullup(m, arplen)) == NULL)
728 goto badlen;
729 ar = mtod(m, struct arphdr *);
730 KASSERT(ACCESSIBLE_POINTER(ar, struct arphdr));
731 }
732
733 switch (ntohs(ar->ar_pro)) {
734 case ETHERTYPE_IP:
735 case ETHERTYPE_IPTRAILERS:
736 in_arpinput(m);
737 continue;
738 default:
739 ARP_STATINC(ARP_STAT_RCVBADPROTO);
740 goto free;
741 }
742
743 badlen:
744 ARP_STATINC(ARP_STAT_RCVBADLEN);
745 free:
746 m_freem(m);
747 }
748 SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE();
749 return; /* XXX gcc */
750 }
751
752 /*
753 * ARP for Internet protocols on 10 Mb/s Ethernet. Algorithm is that given in
754 * RFC 826. In addition, a sanity check is performed on the sender protocol
755 * address, to catch impersonators.
756 *
757 * We no longer handle negotiations for use of trailer protocol: formerly, ARP
758 * replied for protocol type ETHERTYPE_TRAIL sent along with IP replies if we
759 * wanted trailers sent to us, and also sent them in response to IP replies.
760 * This allowed either end to announce the desire to receive trailer packets.
761 *
762 * We no longer reply to requests for ETHERTYPE_TRAIL protocol either, but
763 * formerly didn't normally send requests.
764 */
765 static void
in_arpinput(struct mbuf * m)766 in_arpinput(struct mbuf *m)
767 {
768 struct arphdr *ah;
769 struct ifnet *ifp, *rcvif = NULL;
770 struct llentry *la = NULL;
771 struct in_ifaddr *ia = NULL;
772 #if NBRIDGE > 0
773 struct in_ifaddr *bridge_ia = NULL;
774 #endif
775 #if NCARP > 0
776 uint32_t count = 0, index = 0;
777 #endif
778 struct sockaddr sa;
779 struct in_addr isaddr, itaddr, myaddr;
780 int op, rt_cmd, new_state = 0;
781 void *tha;
782 net_stat_ref_t arps;
783 struct psref psref, psref_ia;
784 int s;
785 char ipbuf[INET_ADDRSTRLEN];
786 bool find_source, do_dad;
787
788 if (__predict_false(m_makewritable(&m, 0, m->m_pkthdr.len, M_DONTWAIT)))
789 goto out;
790 ah = mtod(m, struct arphdr *);
791 op = ntohs(ah->ar_op);
792
793 if (ah->ar_pln != sizeof(struct in_addr))
794 goto out;
795
796 /* RFC5227 2.4 says any of the host's own interface addresses
797 * are not conflicting ARP packets. */
798 ifp = if_get_bylla(ar_sha(ah), ah->ar_hln, &psref);
799 if (ifp) {
800 /* it's from me, ignore it. */
801 if_put(ifp, &psref);
802 ARP_STATINC(ARP_STAT_RCVLOCALSHA);
803 goto out;
804 }
805
806 rcvif = ifp = m_get_rcvif_psref(m, &psref);
807 if (__predict_false(rcvif == NULL))
808 goto out;
809 if (rcvif->if_flags & IFF_NOARP)
810 goto out;
811
812 memcpy(&isaddr, ar_spa(ah), sizeof(isaddr));
813 memcpy(&itaddr, ar_tpa(ah), sizeof(itaddr));
814
815 if (m->m_flags & (M_BCAST|M_MCAST))
816 ARP_STATINC(ARP_STAT_RCVMCAST);
817
818 /*
819 * Search for a matching interface address
820 * or any address on the interface to use
821 * as a dummy address in the rest of this function.
822 *
823 * First try and find the source address for early
824 * duplicate address detection.
825 */
826 if (in_nullhost(isaddr)) {
827 if (in_nullhost(itaddr)) /* very bogus ARP */
828 goto out;
829 find_source = false;
830 myaddr = itaddr;
831 } else {
832 find_source = true;
833 myaddr = isaddr;
834 }
835 s = pserialize_read_enter();
836 again:
837 IN_ADDRHASH_READER_FOREACH(ia, myaddr.s_addr) {
838 if (!in_hosteq(ia->ia_addr.sin_addr, myaddr))
839 continue;
840 #if NCARP > 0
841 if (ia->ia_ifp->if_type == IFT_CARP &&
842 ((ia->ia_ifp->if_flags & (IFF_UP|IFF_RUNNING)) ==
843 (IFF_UP|IFF_RUNNING))) {
844 index++;
845 /* XXX: ar_hln? */
846 if (ia->ia_ifp == rcvif && (ah->ar_hln >= 6) &&
847 carp_iamatch(ia, ar_sha(ah),
848 &count, index)) {
849 break;
850 }
851 } else
852 #endif
853 if (ia->ia_ifp == rcvif)
854 break;
855 #if NBRIDGE > 0
856 /*
857 * If the interface we received the packet on
858 * is part of a bridge, check to see if we need
859 * to "bridge" the packet to ourselves at this
860 * layer. Note we still prefer a perfect match,
861 * but allow this weaker match if necessary.
862 */
863 if (rcvif->if_bridge != NULL &&
864 rcvif->if_bridge == ia->ia_ifp->if_bridge)
865 bridge_ia = ia;
866 #endif
867 }
868
869 #if NBRIDGE > 0
870 if (ia == NULL && bridge_ia != NULL) {
871 ia = bridge_ia;
872 m_put_rcvif_psref(rcvif, &psref);
873 rcvif = NULL;
874 /* FIXME */
875 ifp = bridge_ia->ia_ifp;
876 }
877 #endif
878
879 /* If we failed to find the source address then find
880 * the target address. */
881 if (ia == NULL && find_source && !in_nullhost(itaddr)) {
882 find_source = false;
883 myaddr = itaddr;
884 goto again;
885 }
886
887 if (ia != NULL)
888 ia4_acquire(ia, &psref_ia);
889 pserialize_read_exit(s);
890
891 if (ah->ar_hln != ifp->if_addrlen) {
892 ARP_STATINC(ARP_STAT_RCVBADLEN);
893 log(LOG_WARNING,
894 "arp from %s: addr len: new %d, i/f %d (ignored)\n",
895 IN_PRINT(ipbuf, &isaddr), ah->ar_hln, ifp->if_addrlen);
896 goto out;
897 }
898
899 /* Only do DaD if we have a matching address. */
900 do_dad = (ia != NULL);
901
902 if (ia == NULL) {
903 ia = in_get_ia_on_iface_psref(isaddr, rcvif, &psref_ia);
904 if (ia == NULL) {
905 ia = in_get_ia_from_ifp_psref(ifp, &psref_ia);
906 if (ia == NULL) {
907 ARP_STATINC(ARP_STAT_RCVNOINT);
908 goto out;
909 }
910 }
911 }
912
913 myaddr = ia->ia_addr.sin_addr;
914
915 /* XXX checks for bridge case? */
916 if (!memcmp(ar_sha(ah), ifp->if_broadcastaddr, ifp->if_addrlen)) {
917 ARP_STATINC(ARP_STAT_RCVBCASTSHA);
918 log(LOG_ERR,
919 "%s: arp: link address is broadcast for IP address %s!\n",
920 ifp->if_xname, IN_PRINT(ipbuf, &isaddr));
921 goto out;
922 }
923
924 /*
925 * If the source IP address is zero, this is an RFC 5227 ARP probe
926 */
927 if (in_nullhost(isaddr))
928 ARP_STATINC(ARP_STAT_RCVZEROSPA);
929 else if (in_hosteq(isaddr, myaddr)) {
930 ARP_STATINC(ARP_STAT_RCVLOCALSPA);
931 /* This is the original behavior prior to supporting IPv4 DAD */
932 if (!ip_dad_enabled()) {
933 char llabuf[LLA_ADDRSTRLEN];
934 log(LOG_ERR,
935 "duplicate IP address %s sent from link address %s\n",
936 IN_PRINT(ipbuf, &isaddr),
937 lla_snprintf(llabuf, sizeof(llabuf), ar_sha(ah),
938 ah->ar_hln));
939 itaddr = myaddr;
940 goto reply;
941 }
942 }
943
944 if (in_nullhost(itaddr))
945 ARP_STATINC(ARP_STAT_RCVZEROTPA);
946
947 /*
948 * DAD check, RFC 5227.
949 * ARP sender hardware address must match the interface
950 * address of the interface sending the packet.
951 * Collision on sender address is always a duplicate.
952 * Collision on target address is only a duplicate
953 * IF the sender address is the null host (ie a DAD probe)
954 * AND the message was broadcast
955 * AND our address is either tentative or duplicated
956 * If it was unicast then it's a valid Unicast Poll from RFC 1122.
957 */
958 if (ip_dad_enabled() && do_dad &&
959 (in_hosteq(isaddr, myaddr) ||
960 (in_nullhost(isaddr) && in_hosteq(itaddr, myaddr) &&
961 m->m_flags & M_BCAST &&
962 ia->ia4_flags & (IN_IFF_TENTATIVE | IN_IFF_DUPLICATED))))
963 {
964 struct m_tag *mtag;
965
966 mtag = m_tag_find(m, PACKET_TAG_ETHERNET_SRC);
967 if (mtag == NULL || (ah->ar_hln == ETHER_ADDR_LEN &&
968 memcmp(mtag + 1, ar_sha(ah), ah->ar_hln) == 0)) {
969 struct sockaddr_dl sdl, *sdlp;
970
971 sdlp = sockaddr_dl_init(&sdl, sizeof(sdl),
972 ifp->if_index, ifp->if_type,
973 NULL, 0, ar_sha(ah), ah->ar_hln);
974 arp_dad_duplicated((struct ifaddr *)ia, sdlp);
975 goto out;
976 }
977 }
978
979 /*
980 * If the target IP address is zero, ignore the packet.
981 * This prevents the code below from trying to answer
982 * when we are using IP address zero (booting).
983 */
984 if (in_nullhost(itaddr))
985 goto out;
986
987 if (in_nullhost(isaddr))
988 goto reply;
989
990 if (in_hosteq(itaddr, myaddr))
991 la = arpcreate(ifp, &isaddr, NULL, 1);
992 else
993 la = arplookup(ifp, &isaddr, NULL, 1);
994 if (la == NULL)
995 goto reply;
996
997 if ((la->la_flags & LLE_VALID) &&
998 memcmp(ar_sha(ah), &la->ll_addr, ifp->if_addrlen))
999 {
1000 char llabuf[LLA_ADDRSTRLEN], *llastr;
1001
1002 llastr = lla_snprintf(llabuf, sizeof(llabuf),
1003 ar_sha(ah), ah->ar_hln);
1004
1005 if (la->la_flags & LLE_STATIC) {
1006 ARP_STATINC(ARP_STAT_RCVOVERPERM);
1007 if (!log_permanent_modify)
1008 goto out;
1009 log(LOG_INFO,
1010 "%s tried to overwrite permanent arp info"
1011 " for %s\n", llastr, IN_PRINT(ipbuf, &isaddr));
1012 goto out;
1013 } else if (la->lle_tbl->llt_ifp != ifp) {
1014 /* XXX should not happen? */
1015 ARP_STATINC(ARP_STAT_RCVOVERINT);
1016 if (!log_wrong_iface)
1017 goto out;
1018 log(LOG_INFO,
1019 "%s on %s tried to overwrite "
1020 "arp info for %s on %s\n",
1021 llastr,
1022 ifp->if_xname, IN_PRINT(ipbuf, &isaddr),
1023 la->lle_tbl->llt_ifp->if_xname);
1024 goto out;
1025 } else {
1026 ARP_STATINC(ARP_STAT_RCVOVER);
1027 if (log_movements)
1028 log(LOG_INFO, "arp info overwritten "
1029 "for %s by %s\n",
1030 IN_PRINT(ipbuf, &isaddr), llastr);
1031 }
1032 rt_cmd = RTM_CHANGE;
1033 new_state = ND_LLINFO_STALE;
1034 } else {
1035 if (op == ARPOP_REPLY && in_hosteq(itaddr, myaddr)) {
1036 /* This was a solicited ARP reply. */
1037 la->ln_byhint = 0;
1038 new_state = ND_LLINFO_REACHABLE;
1039 } else if (op == ARPOP_REQUEST &&
1040 (la->ln_state == ND_LLINFO_NOSTATE ||
1041 la->ln_state == ND_LLINFO_INCOMPLETE)) {
1042 /*
1043 * If an ARP request comes but there is no entry
1044 * and a new one has been created or an entry exists
1045 * but incomplete, make it stale to allow to send
1046 * packets to the requester without an ARP resolution.
1047 */
1048 la->ln_byhint = 0;
1049 new_state = ND_LLINFO_STALE;
1050 }
1051 rt_cmd = la->la_flags & LLE_VALID ? 0 : RTM_ADD;
1052 }
1053
1054 KASSERT(ifp->if_sadl->sdl_alen == ifp->if_addrlen);
1055
1056 KASSERT(sizeof(la->ll_addr) >= ifp->if_addrlen);
1057 memcpy(&la->ll_addr, ar_sha(ah), ifp->if_addrlen);
1058 la->la_flags |= LLE_VALID;
1059 la->ln_asked = 0;
1060 if (new_state != 0) {
1061 la->ln_state = new_state;
1062
1063 if (new_state != ND_LLINFO_REACHABLE ||
1064 !(la->la_flags & LLE_STATIC))
1065 {
1066 int timer = ND_TIMER_GC;
1067
1068 if (new_state == ND_LLINFO_REACHABLE)
1069 timer = ND_TIMER_REACHABLE;
1070 nd_set_timer(la, timer);
1071 }
1072 }
1073
1074 if (rt_cmd != 0) {
1075 struct sockaddr_in sin;
1076
1077 sockaddr_in_init(&sin, &la->r_l3addr.addr4, 0);
1078 rt_clonedmsg(rt_cmd, NULL, sintosa(&sin), ar_sha(ah), ifp);
1079 }
1080
1081 if (la->la_hold != NULL) {
1082 int n = la->la_numheld;
1083 struct mbuf *m_hold, *m_hold_next;
1084 struct sockaddr_in sin;
1085
1086 sockaddr_in_init(&sin, &la->r_l3addr.addr4, 0);
1087
1088 m_hold = la->la_hold;
1089 la->la_hold = NULL;
1090 la->la_numheld = 0;
1091 /*
1092 * We have to unlock here because if_output would call
1093 * arpresolve
1094 */
1095 LLE_WUNLOCK(la);
1096 ARP_STATADD(ARP_STAT_DFRSENT, n);
1097 ARP_STATADD(ARP_STAT_DFRTOTAL, n);
1098 for (; m_hold != NULL; m_hold = m_hold_next) {
1099 m_hold_next = m_hold->m_nextpkt;
1100 m_hold->m_nextpkt = NULL;
1101 if_output_lock(ifp, ifp, m_hold, sintosa(&sin), NULL);
1102 }
1103 } else
1104 LLE_WUNLOCK(la);
1105 la = NULL;
1106
1107 reply:
1108 if (la != NULL) {
1109 LLE_WUNLOCK(la);
1110 la = NULL;
1111 }
1112 if (op != ARPOP_REQUEST) {
1113 if (op == ARPOP_REPLY)
1114 ARP_STATINC(ARP_STAT_RCVREPLY);
1115 goto out;
1116 }
1117 ARP_STATINC(ARP_STAT_RCVREQUEST);
1118 if (in_hosteq(itaddr, myaddr)) {
1119 /* If our address is unusable, don't reply */
1120 if (ia->ia4_flags & (IN_IFF_NOTREADY | IN_IFF_DETACHED))
1121 goto out;
1122 /* I am the target */
1123 tha = ar_tha(ah);
1124 if (tha)
1125 memcpy(tha, ar_sha(ah), ah->ar_hln);
1126 memcpy(ar_sha(ah), CLLADDR(ifp->if_sadl), ah->ar_hln);
1127 } else {
1128 /* Proxy ARP */
1129 struct llentry *lle = NULL;
1130 struct sockaddr_in sin;
1131
1132 #if NCARP > 0
1133 if (ifp->if_type == IFT_CARP) {
1134 struct ifnet *_rcvif = m_get_rcvif(m, &s);
1135 int iftype = 0;
1136 if (__predict_true(_rcvif != NULL))
1137 iftype = _rcvif->if_type;
1138 m_put_rcvif(_rcvif, &s);
1139 if (iftype != IFT_CARP)
1140 goto out;
1141 }
1142 #endif
1143
1144 tha = ar_tha(ah);
1145
1146 sockaddr_in_init(&sin, &itaddr, 0);
1147
1148 IF_AFDATA_RLOCK(ifp);
1149 lle = lla_lookup(LLTABLE(ifp), 0, (struct sockaddr *)&sin);
1150 IF_AFDATA_RUNLOCK(ifp);
1151
1152 if ((lle != NULL) && (lle->la_flags & LLE_PUB)) {
1153 if (tha)
1154 memcpy(tha, ar_sha(ah), ah->ar_hln);
1155 memcpy(ar_sha(ah), &lle->ll_addr, ah->ar_hln);
1156 LLE_RUNLOCK(lle);
1157 } else {
1158 if (lle != NULL)
1159 LLE_RUNLOCK(lle);
1160 goto out;
1161 }
1162 }
1163 ia4_release(ia, &psref_ia);
1164
1165 /*
1166 * XXX XXX: Here we're recycling the mbuf. But the mbuf could have
1167 * other mbufs in its chain, and just overwriting m->m_pkthdr.len
1168 * would be wrong in this case (the length becomes smaller than the
1169 * real chain size).
1170 *
1171 * This can theoretically cause bugs in the lower layers (drivers,
1172 * and L2encap), in some corner cases.
1173 */
1174 memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln);
1175 memcpy(ar_spa(ah), &itaddr, ah->ar_pln);
1176 ah->ar_op = htons(ARPOP_REPLY);
1177 ah->ar_pro = htons(ETHERTYPE_IP); /* let's be sure! */
1178 switch (ifp->if_type) {
1179 case IFT_IEEE1394:
1180 /* ieee1394 arp reply is broadcast */
1181 m->m_flags &= ~M_MCAST;
1182 m->m_flags |= M_BCAST;
1183 m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + ah->ar_hln;
1184 break;
1185 default:
1186 m->m_flags &= ~(M_BCAST|M_MCAST); /* never reply by broadcast */
1187 m->m_len = sizeof(*ah) + (2 * ah->ar_pln) + (2 * ah->ar_hln);
1188 break;
1189 }
1190 m->m_pkthdr.len = m->m_len;
1191 sa.sa_family = AF_ARP;
1192 sa.sa_len = 2;
1193 arps = ARP_STAT_GETREF();
1194 _NET_STATINC_REF(arps, ARP_STAT_SNDTOTAL);
1195 _NET_STATINC_REF(arps, ARP_STAT_SNDREPLY);
1196 ARP_STAT_PUTREF();
1197 if_output_lock(ifp, ifp, m, &sa, NULL);
1198 if (rcvif != NULL)
1199 m_put_rcvif_psref(rcvif, &psref);
1200 return;
1201
1202 out:
1203 if (la != NULL)
1204 LLE_WUNLOCK(la);
1205 if (ia != NULL)
1206 ia4_release(ia, &psref_ia);
1207 if (rcvif != NULL)
1208 m_put_rcvif_psref(rcvif, &psref);
1209 m_freem(m);
1210 }
1211
1212 /*
1213 * Lookup or a new address in arptab.
1214 */
1215 struct llentry *
arplookup(struct ifnet * ifp,const struct in_addr * addr,const struct sockaddr * sa,int wlock)1216 arplookup(struct ifnet *ifp, const struct in_addr *addr,
1217 const struct sockaddr *sa, int wlock)
1218 {
1219 struct sockaddr_in sin;
1220 struct llentry *la;
1221 int flags = wlock ? LLE_EXCLUSIVE : 0;
1222
1223 if (sa == NULL) {
1224 KASSERT(addr != NULL);
1225 sockaddr_in_init(&sin, addr, 0);
1226 sa = sintocsa(&sin);
1227 }
1228
1229 IF_AFDATA_RLOCK(ifp);
1230 la = lla_lookup(LLTABLE(ifp), flags, sa);
1231 IF_AFDATA_RUNLOCK(ifp);
1232
1233 return la;
1234 }
1235
1236 static struct llentry *
arpcreate(struct ifnet * ifp,const struct in_addr * addr,const struct sockaddr * sa,int wlock)1237 arpcreate(struct ifnet *ifp, const struct in_addr *addr,
1238 const struct sockaddr *sa, int wlock)
1239 {
1240 struct sockaddr_in sin;
1241 struct llentry *la;
1242 int flags = wlock ? LLE_EXCLUSIVE : 0;
1243
1244 if (sa == NULL) {
1245 KASSERT(addr != NULL);
1246 sockaddr_in_init(&sin, addr, 0);
1247 sa = sintocsa(&sin);
1248 }
1249
1250 la = arplookup(ifp, addr, sa, wlock);
1251
1252 if (la == NULL) {
1253 struct rtentry *rt;
1254
1255 rt = rtalloc1(sa, 0);
1256 IF_AFDATA_WLOCK(ifp);
1257 la = lla_create(LLTABLE(ifp), flags, sa, rt);
1258 IF_AFDATA_WUNLOCK(ifp);
1259 if (rt != NULL)
1260 rt_unref(rt);
1261
1262 if (la != NULL)
1263 la->ln_state = ND_LLINFO_NOSTATE;
1264 }
1265
1266 return la;
1267 }
1268
1269 int
arpioctl(u_long cmd,void * data)1270 arpioctl(u_long cmd, void *data)
1271 {
1272
1273 return EOPNOTSUPP;
1274 }
1275
1276 void
arp_ifinit(struct ifnet * ifp,struct ifaddr * ifa)1277 arp_ifinit(struct ifnet *ifp, struct ifaddr *ifa)
1278 {
1279 struct in_ifaddr *ia = (struct in_ifaddr *)ifa;
1280
1281 ifa->ifa_rtrequest = arp_rtrequest;
1282 ifa->ifa_flags |= RTF_CONNECTED;
1283
1284 /* ARP will handle DAD for this address. */
1285 if (in_nullhost(IA_SIN(ifa)->sin_addr)) {
1286 if (ia->ia_dad_stop != NULL) /* safety */
1287 ia->ia_dad_stop(ifa);
1288 ia->ia_dad_start = NULL;
1289 ia->ia_dad_stop = NULL;
1290 ia->ia4_flags &= ~IN_IFF_TENTATIVE;
1291 } else {
1292 ia->ia_dad_start = arp_dad_start;
1293 ia->ia_dad_stop = arp_dad_stop;
1294 if (ia->ia4_flags & IN_IFF_TRYTENTATIVE && ip_dad_enabled())
1295 ia->ia4_flags |= IN_IFF_TENTATIVE;
1296 else
1297 arpannounce1(ifa);
1298 }
1299 }
1300
1301 static bool
arp_nud_enabled(__unused struct ifnet * ifp)1302 arp_nud_enabled(__unused struct ifnet *ifp)
1303 {
1304
1305 return arp_perform_nud != 0;
1306 }
1307
1308 static unsigned int
arp_llinfo_reachable(__unused struct ifnet * ifp)1309 arp_llinfo_reachable(__unused struct ifnet *ifp)
1310 {
1311
1312 return arp_reachable;
1313 }
1314
1315 static unsigned int
arp_llinfo_retrans(__unused struct ifnet * ifp)1316 arp_llinfo_retrans(__unused struct ifnet *ifp)
1317 {
1318
1319 return arp_retrans;
1320 }
1321
1322 /*
1323 * Gets source address of the first packet in hold queue
1324 * and stores it in @src.
1325 * Returns pointer to @src (if hold queue is not empty) or NULL.
1326 */
1327 static union l3addr *
arp_llinfo_holdsrc(struct llentry * ln,union l3addr * src)1328 arp_llinfo_holdsrc(struct llentry *ln, union l3addr *src)
1329 {
1330 struct ip *ip;
1331
1332 if (ln == NULL || ln->ln_hold == NULL)
1333 return NULL;
1334
1335 /*
1336 * assuming every packet in ln_hold has the same IP header
1337 */
1338 ip = mtod(ln->ln_hold, struct ip *);
1339 /* XXX pullup? */
1340 if (sizeof(*ip) < ln->ln_hold->m_len)
1341 src->addr4 = ip->ip_src;
1342 else
1343 src = NULL;
1344
1345 return src;
1346 }
1347
1348 static void
arp_llinfo_output(struct ifnet * ifp,__unused const union l3addr * daddr,const union l3addr * taddr,const uint8_t * tlladdr,const union l3addr * hsrc)1349 arp_llinfo_output(struct ifnet *ifp, __unused const union l3addr *daddr,
1350 const union l3addr *taddr, const uint8_t *tlladdr,
1351 const union l3addr *hsrc)
1352 {
1353 struct in_addr tip = taddr->addr4, sip = zeroin_addr;
1354 const uint8_t *slladdr = CLLADDR(ifp->if_sadl);
1355
1356 if (hsrc != NULL) {
1357 struct in_ifaddr *ia;
1358 struct psref psref;
1359
1360 ia = in_get_ia_on_iface_psref(hsrc->addr4, ifp, &psref);
1361 if (ia != NULL) {
1362 sip = hsrc->addr4;
1363 ia4_release(ia, &psref);
1364 }
1365 }
1366
1367 if (sip.s_addr == INADDR_ANY) {
1368 struct sockaddr_in dst;
1369 struct rtentry *rt;
1370
1371 sockaddr_in_init(&dst, &tip, 0);
1372 rt = rtalloc1(sintosa(&dst), 0);
1373 if (rt != NULL) {
1374 if (rt->rt_ifp == ifp &&
1375 rt->rt_ifa != NULL &&
1376 rt->rt_ifa->ifa_addr->sa_family == AF_INET)
1377 sip = satosin(rt->rt_ifa->ifa_addr)->sin_addr;
1378 rt_unref(rt);
1379 }
1380 if (sip.s_addr == INADDR_ANY) {
1381 char ipbuf[INET_ADDRSTRLEN];
1382
1383 log(LOG_DEBUG, "%s: source can't be "
1384 "determined: dst=%s\n", __func__,
1385 IN_PRINT(ipbuf, &tip));
1386 return;
1387 }
1388 }
1389
1390 arprequest(ifp, &sip, &tip, slladdr, tlladdr);
1391 }
1392
1393
1394 static void
arp_llinfo_missed(struct ifnet * ifp,const union l3addr * taddr,__unused int16_t type,struct mbuf * m)1395 arp_llinfo_missed(struct ifnet *ifp, const union l3addr *taddr,
1396 __unused int16_t type, struct mbuf *m)
1397 {
1398 struct in_addr mdaddr = zeroin_addr;
1399 struct sockaddr_in dsin, tsin;
1400 struct sockaddr *sa;
1401
1402 if (m != NULL) {
1403 struct ip *ip = mtod(m, struct ip *);
1404
1405 if (sizeof(*ip) < m->m_len)
1406 mdaddr = ip->ip_src;
1407
1408 /* ip_input() will send ICMP_UNREACH_HOST, not us. */
1409 m_freem(m);
1410 }
1411
1412 if (mdaddr.s_addr != INADDR_ANY) {
1413 sockaddr_in_init(&dsin, &mdaddr, 0);
1414 sa = sintosa(&dsin);
1415 } else
1416 sa = NULL;
1417
1418 sockaddr_in_init(&tsin, &taddr->addr4, 0);
1419 rt_clonedmsg(RTM_MISS, sa, sintosa(&tsin), NULL, ifp);
1420 }
1421
1422 static void
arp_free(struct llentry * ln,int gc)1423 arp_free(struct llentry *ln, int gc)
1424 {
1425 struct ifnet *ifp;
1426
1427 KASSERT(ln != NULL);
1428 LLE_WLOCK_ASSERT(ln);
1429
1430 ifp = ln->lle_tbl->llt_ifp;
1431
1432 if (ln->la_flags & LLE_VALID || gc) {
1433 struct sockaddr_in sin;
1434 const char *lladdr;
1435
1436 sockaddr_in_init(&sin, &ln->r_l3addr.addr4, 0);
1437 lladdr = ln->la_flags & LLE_VALID ?
1438 (const char *)&ln->ll_addr : NULL;
1439 rt_clonedmsg(RTM_DELETE, NULL, sintosa(&sin), lladdr, ifp);
1440 }
1441
1442 /*
1443 * Save to unlock. We still hold an extra reference and will not
1444 * free(9) in llentry_free() if someone else holds one as well.
1445 */
1446 LLE_WUNLOCK(ln);
1447 IF_AFDATA_LOCK(ifp);
1448 LLE_WLOCK(ln);
1449
1450 lltable_free_entry(LLTABLE(ifp), ln);
1451
1452 IF_AFDATA_UNLOCK(ifp);
1453 }
1454
1455 /*
1456 * Upper-layer reachability hint for Neighbor Unreachability Detection.
1457 *
1458 * XXX cost-effective methods?
1459 */
1460 void
arp_nud_hint(struct rtentry * rt)1461 arp_nud_hint(struct rtentry *rt)
1462 {
1463 struct llentry *ln;
1464 struct ifnet *ifp;
1465
1466 if (rt == NULL)
1467 return;
1468
1469 ifp = rt->rt_ifp;
1470 ln = arplookup(ifp, NULL, rt_getkey(rt), 1);
1471 nd_nud_hint(ln);
1472 }
1473
1474 TAILQ_HEAD(dadq_head, dadq);
1475 struct dadq {
1476 TAILQ_ENTRY(dadq) dad_list;
1477 struct ifaddr *dad_ifa;
1478 int dad_count; /* max ARP to send */
1479 int dad_arp_tcount; /* # of trials to send ARP */
1480 int dad_arp_ocount; /* ARP sent so far */
1481 int dad_arp_announce; /* max ARP announcements */
1482 int dad_arp_acount; /* # of announcements */
1483 struct callout dad_timer_ch;
1484 };
1485
1486 static struct dadq_head dadq;
1487 static int dad_maxtry = 15; /* max # of *tries* to transmit DAD packet */
1488 static kmutex_t arp_dad_lock;
1489
1490 static void
arp_dad_init(void)1491 arp_dad_init(void)
1492 {
1493
1494 TAILQ_INIT(&dadq);
1495 mutex_init(&arp_dad_lock, MUTEX_DEFAULT, IPL_NONE);
1496 }
1497
1498 static struct dadq *
arp_dad_find(struct ifaddr * ifa)1499 arp_dad_find(struct ifaddr *ifa)
1500 {
1501 struct dadq *dp;
1502
1503 KASSERT(mutex_owned(&arp_dad_lock));
1504
1505 TAILQ_FOREACH(dp, &dadq, dad_list) {
1506 if (dp->dad_ifa == ifa)
1507 return dp;
1508 }
1509 return NULL;
1510 }
1511
1512 static void
arp_dad_starttimer(struct dadq * dp,int ticks)1513 arp_dad_starttimer(struct dadq *dp, int ticks)
1514 {
1515
1516 callout_reset(&dp->dad_timer_ch, ticks,
1517 (void (*)(void *))arp_dad_timer, dp);
1518 }
1519
1520 static void
arp_dad_stoptimer(struct dadq * dp)1521 arp_dad_stoptimer(struct dadq *dp)
1522 {
1523
1524 KASSERT(mutex_owned(&arp_dad_lock));
1525
1526 TAILQ_REMOVE(&dadq, dp, dad_list);
1527 /* Tell the timer that dp is being destroyed. */
1528 dp->dad_ifa = NULL;
1529 callout_halt(&dp->dad_timer_ch, &arp_dad_lock);
1530 }
1531
1532 static void
arp_dad_destroytimer(struct dadq * dp)1533 arp_dad_destroytimer(struct dadq *dp)
1534 {
1535
1536 callout_destroy(&dp->dad_timer_ch);
1537 KASSERT(dp->dad_ifa == NULL);
1538 kmem_intr_free(dp, sizeof(*dp));
1539 }
1540
1541 static void
arp_dad_output(struct dadq * dp,struct ifaddr * ifa)1542 arp_dad_output(struct dadq *dp, struct ifaddr *ifa)
1543 {
1544 struct in_ifaddr *ia = (struct in_ifaddr *)ifa;
1545 struct ifnet *ifp = ifa->ifa_ifp;
1546 struct in_addr sip;
1547
1548 dp->dad_arp_tcount++;
1549 if ((ifp->if_flags & IFF_UP) == 0)
1550 return;
1551 if ((ifp->if_flags & IFF_RUNNING) == 0)
1552 return;
1553
1554 dp->dad_arp_tcount = 0;
1555 dp->dad_arp_ocount++;
1556
1557 memset(&sip, 0, sizeof(sip));
1558 arprequest(ifa->ifa_ifp, &sip, &ia->ia_addr.sin_addr,
1559 CLLADDR(ifa->ifa_ifp->if_sadl), NULL);
1560 }
1561
1562 /*
1563 * Start Duplicate Address Detection (DAD) for specified interface address.
1564 */
1565 static void
arp_dad_start(struct ifaddr * ifa)1566 arp_dad_start(struct ifaddr *ifa)
1567 {
1568 struct in_ifaddr *ia = (struct in_ifaddr *)ifa;
1569 struct dadq *dp;
1570 char ipbuf[INET_ADDRSTRLEN];
1571
1572 /*
1573 * If we don't need DAD, don't do it.
1574 * - DAD is disabled
1575 */
1576 if (!(ia->ia4_flags & IN_IFF_TENTATIVE)) {
1577 log(LOG_DEBUG,
1578 "%s: called with non-tentative address %s(%s)\n", __func__,
1579 IN_PRINT(ipbuf, &ia->ia_addr.sin_addr),
1580 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1581 return;
1582 }
1583 if (!ip_dad_enabled()) {
1584 ia->ia4_flags &= ~IN_IFF_TENTATIVE;
1585 rt_addrmsg(RTM_NEWADDR, ifa);
1586 arpannounce1(ifa);
1587 return;
1588 }
1589 KASSERT(ifa->ifa_ifp != NULL);
1590 if (!(ifa->ifa_ifp->if_flags & IFF_UP))
1591 return;
1592
1593 dp = kmem_intr_alloc(sizeof(*dp), KM_NOSLEEP);
1594
1595 mutex_enter(&arp_dad_lock);
1596 if (arp_dad_find(ifa) != NULL) {
1597 mutex_exit(&arp_dad_lock);
1598 /* DAD already in progress */
1599 if (dp != NULL)
1600 kmem_intr_free(dp, sizeof(*dp));
1601 return;
1602 }
1603
1604 if (dp == NULL) {
1605 mutex_exit(&arp_dad_lock);
1606 log(LOG_ERR, "%s: memory allocation failed for %s(%s)\n",
1607 __func__, IN_PRINT(ipbuf, &ia->ia_addr.sin_addr),
1608 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1609 return;
1610 }
1611
1612 /*
1613 * Send ARP packet for DAD, ip_dad_count times.
1614 * Note that we must delay the first transmission.
1615 */
1616 callout_init(&dp->dad_timer_ch, CALLOUT_MPSAFE);
1617 dp->dad_ifa = ifa;
1618 ifaref(ifa); /* just for safety */
1619 dp->dad_count = ip_dad_count;
1620 dp->dad_arp_announce = 0; /* Will be set when starting to announce */
1621 dp->dad_arp_acount = dp->dad_arp_ocount = dp->dad_arp_tcount = 0;
1622 TAILQ_INSERT_TAIL(&dadq, (struct dadq *)dp, dad_list);
1623
1624 ARPLOG(LOG_DEBUG, "%s: starting DAD for %s\n", if_name(ifa->ifa_ifp),
1625 ARPLOGADDR(&ia->ia_addr.sin_addr));
1626
1627 arp_dad_starttimer(dp, cprng_fast32() % (PROBE_WAIT * hz));
1628
1629 mutex_exit(&arp_dad_lock);
1630 }
1631
1632 /*
1633 * terminate DAD unconditionally. used for address removals.
1634 */
1635 static void
arp_dad_stop(struct ifaddr * ifa)1636 arp_dad_stop(struct ifaddr *ifa)
1637 {
1638 struct dadq *dp;
1639
1640 mutex_enter(&arp_dad_lock);
1641 dp = arp_dad_find(ifa);
1642 if (dp == NULL) {
1643 mutex_exit(&arp_dad_lock);
1644 /* DAD wasn't started yet */
1645 return;
1646 }
1647
1648 arp_dad_stoptimer(dp);
1649
1650 mutex_exit(&arp_dad_lock);
1651
1652 arp_dad_destroytimer(dp);
1653 ifafree(ifa);
1654 }
1655
1656 static void
arp_dad_timer(struct dadq * dp)1657 arp_dad_timer(struct dadq *dp)
1658 {
1659 struct ifaddr *ifa;
1660 struct in_ifaddr *ia;
1661 char ipbuf[INET_ADDRSTRLEN];
1662 bool need_free = false;
1663
1664 KERNEL_LOCK_UNLESS_NET_MPSAFE();
1665 mutex_enter(&arp_dad_lock);
1666
1667 ifa = dp->dad_ifa;
1668 if (ifa == NULL) {
1669 /* dp is being destroyed by someone. Do nothing. */
1670 goto done;
1671 }
1672
1673 ia = (struct in_ifaddr *)ifa;
1674 if (ia->ia4_flags & IN_IFF_DUPLICATED) {
1675 log(LOG_ERR, "%s: called with duplicate address %s(%s)\n",
1676 __func__, IN_PRINT(ipbuf, &ia->ia_addr.sin_addr),
1677 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1678 goto done;
1679 }
1680 if ((ia->ia4_flags & IN_IFF_TENTATIVE) == 0 && dp->dad_arp_acount == 0)
1681 {
1682 log(LOG_ERR, "%s: called with non-tentative address %s(%s)\n",
1683 __func__, IN_PRINT(ipbuf, &ia->ia_addr.sin_addr),
1684 ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
1685 goto done;
1686 }
1687
1688 /* timeouted with IFF_{RUNNING,UP} check */
1689 if (dp->dad_arp_tcount > dad_maxtry) {
1690 ARPLOG(LOG_INFO, "%s: could not run DAD, driver problem?\n",
1691 if_name(ifa->ifa_ifp));
1692
1693 arp_dad_stoptimer(dp);
1694 need_free = true;
1695 goto done;
1696 }
1697
1698 /* Need more checks? */
1699 if (dp->dad_arp_ocount < dp->dad_count) {
1700 int adelay;
1701
1702 /*
1703 * We have more ARP to go. Send ARP packet for DAD.
1704 */
1705 arp_dad_output(dp, ifa);
1706 if (dp->dad_arp_ocount < dp->dad_count)
1707 adelay = (PROBE_MIN * hz) +
1708 (cprng_fast32() %
1709 ((PROBE_MAX * hz) - (PROBE_MIN * hz)));
1710 else
1711 adelay = ANNOUNCE_WAIT * hz;
1712 arp_dad_starttimer(dp, adelay);
1713 goto done;
1714 } else if (dp->dad_arp_acount == 0) {
1715 /*
1716 * We are done with DAD.
1717 * No duplicate address found.
1718 */
1719 ia->ia4_flags &= ~IN_IFF_TENTATIVE;
1720 rt_addrmsg(RTM_NEWADDR, ifa);
1721 ARPLOG(LOG_DEBUG,
1722 "%s: DAD complete for %s - no duplicates found\n",
1723 if_name(ifa->ifa_ifp), ARPLOGADDR(&ia->ia_addr.sin_addr));
1724 dp->dad_arp_announce = ANNOUNCE_NUM;
1725 goto announce;
1726 } else if (dp->dad_arp_acount < dp->dad_arp_announce) {
1727 announce:
1728 /*
1729 * Announce the address.
1730 */
1731 arpannounce1(ifa);
1732 dp->dad_arp_acount++;
1733 if (dp->dad_arp_acount < dp->dad_arp_announce) {
1734 arp_dad_starttimer(dp, ANNOUNCE_INTERVAL * hz);
1735 goto done;
1736 }
1737 ARPLOG(LOG_DEBUG,
1738 "%s: ARP announcement complete for %s\n",
1739 if_name(ifa->ifa_ifp), ARPLOGADDR(&ia->ia_addr.sin_addr));
1740 }
1741
1742 arp_dad_stoptimer(dp);
1743 need_free = true;
1744 done:
1745 mutex_exit(&arp_dad_lock);
1746
1747 if (need_free) {
1748 arp_dad_destroytimer(dp);
1749 KASSERT(ifa != NULL);
1750 ifafree(ifa);
1751 }
1752
1753 KERNEL_UNLOCK_UNLESS_NET_MPSAFE();
1754 }
1755
1756 static void
arp_dad_duplicated(struct ifaddr * ifa,const struct sockaddr_dl * from)1757 arp_dad_duplicated(struct ifaddr *ifa, const struct sockaddr_dl *from)
1758 {
1759 struct in_ifaddr *ia = ifatoia(ifa);
1760 struct ifnet *ifp = ifa->ifa_ifp;
1761 char ipbuf[INET_ADDRSTRLEN], llabuf[LLA_ADDRSTRLEN];
1762 const char *iastr, *llastr;
1763
1764 iastr = IN_PRINT(ipbuf, &ia->ia_addr.sin_addr);
1765 if (__predict_false(from == NULL))
1766 llastr = NULL;
1767 else
1768 llastr = lla_snprintf(llabuf, sizeof(llabuf),
1769 CLLADDR(from), from->sdl_alen);
1770
1771 if (ia->ia4_flags & (IN_IFF_TENTATIVE|IN_IFF_DUPLICATED)) {
1772 log(LOG_ERR,
1773 "%s: DAD duplicate address %s from %s\n",
1774 if_name(ifp), iastr, llastr);
1775 } else if (ia->ia_dad_defended == 0 ||
1776 ia->ia_dad_defended < time_uptime - DEFEND_INTERVAL) {
1777 ia->ia_dad_defended = time_uptime;
1778 arpannounce1(ifa);
1779 log(LOG_ERR,
1780 "%s: DAD defended address %s from %s\n",
1781 if_name(ifp), iastr, llastr);
1782 return;
1783 } else {
1784 /* If DAD is disabled, just report the duplicate. */
1785 if (!ip_dad_enabled()) {
1786 log(LOG_ERR,
1787 "%s: DAD ignoring duplicate address %s from %s\n",
1788 if_name(ifp), iastr, llastr);
1789 return;
1790 }
1791 log(LOG_ERR,
1792 "%s: DAD defence failed for %s from %s\n",
1793 if_name(ifp), iastr, llastr);
1794 }
1795
1796 arp_dad_stop(ifa);
1797
1798 ia->ia4_flags &= ~IN_IFF_TENTATIVE;
1799 if ((ia->ia4_flags & IN_IFF_DUPLICATED) == 0) {
1800 ia->ia4_flags |= IN_IFF_DUPLICATED;
1801 /* Inform the routing socket of the duplicate address */
1802 rt_addrmsg_src(RTM_NEWADDR, ifa, (const struct sockaddr *)from);
1803 }
1804 }
1805
1806 /*
1807 * Called from 10 Mb/s Ethernet interrupt handlers
1808 * when ether packet type ETHERTYPE_REVARP
1809 * is received. Common length and type checks are done here,
1810 * then the protocol-specific routine is called.
1811 */
1812 void
revarpinput(struct mbuf * m)1813 revarpinput(struct mbuf *m)
1814 {
1815 struct arphdr *ar;
1816 int arplen;
1817
1818 arplen = sizeof(struct arphdr);
1819 if (m->m_len < arplen && (m = m_pullup(m, arplen)) == NULL)
1820 return;
1821 ar = mtod(m, struct arphdr *);
1822
1823 if (ntohs(ar->ar_hrd) == ARPHRD_IEEE1394) {
1824 goto out;
1825 }
1826
1827 arplen = sizeof(struct arphdr) + 2 * (ar->ar_hln + ar->ar_pln);
1828 if (m->m_len < arplen && (m = m_pullup(m, arplen)) == NULL)
1829 return;
1830 ar = mtod(m, struct arphdr *);
1831
1832 switch (ntohs(ar->ar_pro)) {
1833 case ETHERTYPE_IP:
1834 case ETHERTYPE_IPTRAILERS:
1835 in_revarpinput(m);
1836 return;
1837
1838 default:
1839 break;
1840 }
1841
1842 out:
1843 m_freem(m);
1844 }
1845
1846 /*
1847 * RARP for Internet protocols on 10 Mb/s Ethernet.
1848 * Algorithm is that given in RFC 903.
1849 * We are only using for bootstrap purposes to get an ip address for one of
1850 * our interfaces. Thus we support no user-interface.
1851 *
1852 * Since the contents of the RARP reply are specific to the interface that
1853 * sent the request, this code must ensure that they are properly associated.
1854 *
1855 * Note: also supports ARP via RARP packets, per the RFC.
1856 */
1857 void
in_revarpinput(struct mbuf * m)1858 in_revarpinput(struct mbuf *m)
1859 {
1860 struct arphdr *ah;
1861 void *tha;
1862 int op;
1863 struct ifnet *rcvif;
1864 int s;
1865
1866 ah = mtod(m, struct arphdr *);
1867 op = ntohs(ah->ar_op);
1868
1869 rcvif = m_get_rcvif(m, &s);
1870 if (__predict_false(rcvif == NULL))
1871 goto out;
1872 if (rcvif->if_flags & IFF_NOARP)
1873 goto out;
1874
1875 switch (rcvif->if_type) {
1876 case IFT_IEEE1394:
1877 /* ARP without target hardware address is not supported */
1878 goto out;
1879 default:
1880 break;
1881 }
1882
1883 switch (op) {
1884 case ARPOP_REQUEST:
1885 case ARPOP_REPLY: /* per RFC */
1886 m_put_rcvif(rcvif, &s);
1887 in_arpinput(m);
1888 return;
1889 case ARPOP_REVREPLY:
1890 break;
1891 case ARPOP_REVREQUEST: /* handled by rarpd(8) */
1892 default:
1893 goto out;
1894 }
1895 if (!revarp_in_progress)
1896 goto out;
1897 if (rcvif != myip_ifp) /* !same interface */
1898 goto out;
1899 if (myip_initialized)
1900 goto wake;
1901 tha = ar_tha(ah);
1902 if (tha == NULL)
1903 goto out;
1904 if (ah->ar_pln != sizeof(struct in_addr))
1905 goto out;
1906 if (ah->ar_hln != rcvif->if_sadl->sdl_alen)
1907 goto out;
1908 if (memcmp(tha, CLLADDR(rcvif->if_sadl), rcvif->if_sadl->sdl_alen))
1909 goto out;
1910 memcpy(&srv_ip, ar_spa(ah), sizeof(srv_ip));
1911 memcpy(&myip, ar_tpa(ah), sizeof(myip));
1912 myip_initialized = 1;
1913 wake: /* Do wakeup every time in case it was missed. */
1914 wakeup((void *)&myip);
1915
1916 out:
1917 m_put_rcvif(rcvif, &s);
1918 m_freem(m);
1919 }
1920
1921 /*
1922 * Send a RARP request for the ip address of the specified interface.
1923 * The request should be RFC 903-compliant.
1924 */
1925 static void
revarprequest(struct ifnet * ifp)1926 revarprequest(struct ifnet *ifp)
1927 {
1928 struct sockaddr sa;
1929 struct mbuf *m;
1930 struct arphdr *ah;
1931 void *tha;
1932
1933 if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL)
1934 return;
1935 MCLAIM(m, &arpdomain.dom_mowner);
1936 m->m_len = sizeof(*ah) + 2*sizeof(struct in_addr) +
1937 2*ifp->if_addrlen;
1938 m->m_pkthdr.len = m->m_len;
1939 m_align(m, m->m_len);
1940 ah = mtod(m, struct arphdr *);
1941 memset(ah, 0, m->m_len);
1942 ah->ar_pro = htons(ETHERTYPE_IP);
1943 ah->ar_hln = ifp->if_addrlen; /* hardware address length */
1944 ah->ar_pln = sizeof(struct in_addr); /* protocol address length */
1945 ah->ar_op = htons(ARPOP_REVREQUEST);
1946
1947 memcpy(ar_sha(ah), CLLADDR(ifp->if_sadl), ah->ar_hln);
1948 tha = ar_tha(ah);
1949 if (tha == NULL) {
1950 m_free(m);
1951 return;
1952 }
1953 memcpy(tha, CLLADDR(ifp->if_sadl), ah->ar_hln);
1954
1955 sa.sa_family = AF_ARP;
1956 sa.sa_len = 2;
1957 m->m_flags |= M_BCAST;
1958
1959 if_output_lock(ifp, ifp, m, &sa, NULL);
1960 }
1961
1962 /*
1963 * RARP for the ip address of the specified interface, but also
1964 * save the ip address of the server that sent the answer.
1965 * Timeout if no response is received.
1966 */
1967 int
revarpwhoarewe(struct ifnet * ifp,struct in_addr * serv_in,struct in_addr * clnt_in)1968 revarpwhoarewe(struct ifnet *ifp, struct in_addr *serv_in,
1969 struct in_addr *clnt_in)
1970 {
1971 int result, count = 20;
1972
1973 myip_initialized = 0;
1974 myip_ifp = ifp;
1975
1976 revarp_in_progress = 1;
1977 while (count--) {
1978 revarprequest(ifp);
1979 result = tsleep((void *)&myip, PSOCK, "revarp", hz/2);
1980 if (result != EWOULDBLOCK)
1981 break;
1982 }
1983 revarp_in_progress = 0;
1984
1985 if (!myip_initialized)
1986 return ENETUNREACH;
1987
1988 memcpy(serv_in, &srv_ip, sizeof(*serv_in));
1989 memcpy(clnt_in, &myip, sizeof(*clnt_in));
1990 return 0;
1991 }
1992
1993 void
arp_stat_add(int type,uint64_t count)1994 arp_stat_add(int type, uint64_t count)
1995 {
1996 ARP_STATADD(type, count);
1997 }
1998
1999 static int
sysctl_net_inet_arp_stats(SYSCTLFN_ARGS)2000 sysctl_net_inet_arp_stats(SYSCTLFN_ARGS)
2001 {
2002
2003 return NETSTAT_SYSCTL(arpstat_percpu, ARP_NSTATS);
2004 }
2005
2006 static void
sysctl_net_inet_arp_setup(struct sysctllog ** clog)2007 sysctl_net_inet_arp_setup(struct sysctllog **clog)
2008 {
2009 const struct sysctlnode *node;
2010
2011 sysctl_createv(clog, 0, NULL, NULL,
2012 CTLFLAG_PERMANENT,
2013 CTLTYPE_NODE, "inet", NULL,
2014 NULL, 0, NULL, 0,
2015 CTL_NET, PF_INET, CTL_EOL);
2016 sysctl_createv(clog, 0, NULL, &node,
2017 CTLFLAG_PERMANENT,
2018 CTLTYPE_NODE, "arp",
2019 SYSCTL_DESCR("Address Resolution Protocol"),
2020 NULL, 0, NULL, 0,
2021 CTL_NET, PF_INET, CTL_CREATE, CTL_EOL);
2022
2023 sysctl_createv(clog, 0, NULL, NULL,
2024 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2025 CTLTYPE_INT, "nd_delay",
2026 SYSCTL_DESCR("First probe delay time"),
2027 NULL, 0, &arp_nd_domain.nd_delay, 0,
2028 CTL_NET, PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2029 sysctl_createv(clog, 0, NULL, NULL,
2030 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2031 CTLTYPE_INT, "nd_bmaxtries",
2032 SYSCTL_DESCR("Number of broadcast discovery attempts"),
2033 NULL, 0, &arp_nd_domain.nd_mmaxtries, 0,
2034 CTL_NET, PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2035 sysctl_createv(clog, 0, NULL, NULL,
2036 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2037 CTLTYPE_INT, "nd_umaxtries",
2038 SYSCTL_DESCR("Number of unicast discovery attempts"),
2039 NULL, 0, &arp_nd_domain.nd_umaxtries, 0,
2040 CTL_NET, PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2041 sysctl_createv(clog, 0, NULL, NULL,
2042 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2043 CTLTYPE_INT, "nd_reachable",
2044 SYSCTL_DESCR("Reachable time"),
2045 NULL, 0, &arp_reachable, 0,
2046 CTL_NET, PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2047 sysctl_createv(clog, 0, NULL, NULL,
2048 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2049 CTLTYPE_INT, "nd_retrans",
2050 SYSCTL_DESCR("Retransmission time"),
2051 NULL, 0, &arp_retrans, 0,
2052 CTL_NET, PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2053 sysctl_createv(clog, 0, NULL, NULL,
2054 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2055 CTLTYPE_INT, "nd_nud",
2056 SYSCTL_DESCR("Perform neighbour unreachability detection"),
2057 NULL, 0, &arp_perform_nud, 0,
2058 CTL_NET, PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2059 sysctl_createv(clog, 0, NULL, NULL,
2060 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2061 CTLTYPE_INT, "nd_maxnudhint",
2062 SYSCTL_DESCR("Maximum neighbor unreachable hint count"),
2063 NULL, 0, &arp_nd_domain.nd_maxnudhint, 0,
2064 CTL_NET, PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2065 sysctl_createv(clog, 0, NULL, NULL,
2066 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2067 CTLTYPE_INT, "maxqueuelen",
2068 SYSCTL_DESCR("max packet queue len for a unresolved ARP"),
2069 NULL, 1, &arp_nd_domain.nd_maxqueuelen, 0,
2070 CTL_NET, PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2071
2072 sysctl_createv(clog, 0, NULL, NULL,
2073 CTLFLAG_PERMANENT,
2074 CTLTYPE_STRUCT, "stats",
2075 SYSCTL_DESCR("ARP statistics"),
2076 sysctl_net_inet_arp_stats, 0, NULL, 0,
2077 CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2078
2079 sysctl_createv(clog, 0, NULL, NULL,
2080 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2081 CTLTYPE_INT, "log_movements",
2082 SYSCTL_DESCR("log ARP replies from MACs different than"
2083 " the one in the cache"),
2084 NULL, 0, &log_movements, 0,
2085 CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2086
2087 sysctl_createv(clog, 0, NULL, NULL,
2088 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2089 CTLTYPE_INT, "log_permanent_modify",
2090 SYSCTL_DESCR("log ARP replies from MACs different than"
2091 " the one in the permanent arp entry"),
2092 NULL, 0, &log_permanent_modify, 0,
2093 CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2094
2095 sysctl_createv(clog, 0, NULL, NULL,
2096 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2097 CTLTYPE_INT, "log_wrong_iface",
2098 SYSCTL_DESCR("log ARP packets arriving on the wrong"
2099 " interface"),
2100 NULL, 0, &log_wrong_iface, 0,
2101 CTL_NET,PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2102
2103 sysctl_createv(clog, 0, NULL, NULL,
2104 CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
2105 CTLTYPE_INT, "debug",
2106 SYSCTL_DESCR("Enable ARP DAD debug output"),
2107 NULL, 0, &arp_debug, 0,
2108 CTL_NET, PF_INET, node->sysctl_num, CTL_CREATE, CTL_EOL);
2109 }
2110
2111 #endif /* INET */
2112