📄 nd6_rtr.c
字号:
IN6_IFF_NOTREADY|
IN6_IFF_ANYCAST);
if (ifa == NULL) {
/* XXX: freebsd does not have ifa_ifwithaf */
#if defined(__bsdi__) || (defined(__FreeBSD__) && __FreeBSD__ < 3)
for (ifa = ifp->if_addrlist; ifa; ifa = ifa->ifa_next)
#elif defined(__FreeBSD__) && __FreeBSD__ >= 4
TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list)
#else
for (ifa = ifp->if_addrlist.tqh_first;
ifa;
ifa = ifa->ifa_list.tqe_next)
#endif
{
if (ifa->ifa_addr->sa_family == AF_INET6)
break;
}
/* should we care about ia6_flags? */
}
if (ifa == NULL) {
/*
* This can still happen, when, for example, we receive an RA
* containing a prefix with the L bit set and the A bit clear,
* after removing all IPv6 addresses on the receiving
* interface. This should, of course, be rare though.
*/
nd6log((LOG_NOTICE,
"nd6_prefix_onlink: failed to find any ifaddr"
" to add route for a prefix(%s/%d) on %s\n",
ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
pr->ndpr_plen, if_name(ifp)));
return(0);
}
/*
* in6_ifinit() sets nd6_rtrequest to ifa_rtrequest for all ifaddrs.
* ifa->ifa_rtrequest = nd6_rtrequest;
*/
bzero(&mask6, sizeof(mask6));
mask6.sin6_len = sizeof(mask6);
mask6.sin6_addr = pr->ndpr_mask;
/* rtrequest() will probably set RTF_UP, but we're not sure. */
rtflags = ifa->ifa_flags | RTF_UP;
if (nd6_need_cache(ifp)) {
/* explicitly set in case ifa_flags does not set the flag. */
rtflags |= RTF_CLONING;
} else {
/*
* explicitly clear the cloning bit in case ifa_flags sets it.
*/
rtflags &= ~RTF_CLONING;
}
error = rtrequest(RTM_ADD, (struct sockaddr *)&pr->ndpr_prefix,
ifa->ifa_addr, (struct sockaddr *)&mask6,
rtflags, &rt);
if (error == 0) {
if (rt != NULL) /* this should be non NULL, though */
nd6_rtmsg(RTM_ADD, rt);
pr->ndpr_stateflags |= NDPRF_ONLINK;
}
else {
nd6log((LOG_ERR, "nd6_prefix_onlink: failed to add route for a"
" prefix (%s/%d) on %s, gw=%s, mask=%s, flags=%lx "
"errno = %d\n",
ip6_sprintf(&pr->ndpr_prefix.sin6_addr),
pr->ndpr_plen, if_name(ifp),
ip6_sprintf(&((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr),
ip6_sprintf(&mask6.sin6_addr), rtflags, error));
}
if (rt != NULL)
rt->rt_refcnt--;
return(error);
}
int
nd6_prefix_offlink(pr)
struct nd_prefix *pr;
{
int error = 0;
struct ifnet *ifp = pr->ndpr_ifp;
struct nd_prefix *opr;
struct sockaddr_in6 sa6, mask6;
struct rtentry *rt = NULL;
/* sanity check */
if ((pr->ndpr_stateflags & NDPRF_ONLINK) == 0) {
nd6log((LOG_ERR,
"nd6_prefix_offlink: %s/%d is already off-link\n",
ip6_sprintf(&pr->ndpr_prefix.sin6_addr), pr->ndpr_plen));
return(EEXIST);
}
bzero(&sa6, sizeof(sa6));
sa6.sin6_family = AF_INET6;
sa6.sin6_len = sizeof(sa6);
bcopy(&pr->ndpr_prefix.sin6_addr, &sa6.sin6_addr,
sizeof(struct in6_addr));
bzero(&mask6, sizeof(mask6));
mask6.sin6_family = AF_INET6;
mask6.sin6_len = sizeof(sa6);
bcopy(&pr->ndpr_mask, &mask6.sin6_addr, sizeof(struct in6_addr));
error = rtrequest(RTM_DELETE, (struct sockaddr *)&sa6, NULL,
(struct sockaddr *)&mask6, 0, &rt);
if (error == 0) {
pr->ndpr_stateflags &= ~NDPRF_ONLINK;
/* report the route deletion to the routing socket. */
if (rt != NULL)
nd6_rtmsg(RTM_DELETE, rt);
/*
* There might be the same prefix on another interface,
* the prefix which could not be on-link just because we have
* the interface route (see comments in nd6_prefix_onlink).
* If there's one, try to make the prefix on-link on the
* interface.
*/
for (opr = nd_prefix.lh_first; opr; opr = opr->ndpr_next) {
if (opr == pr)
continue;
if ((opr->ndpr_stateflags & NDPRF_ONLINK) != 0)
continue;
/*
* KAME specific: detached prefixes should not be
* on-link.
*/
if ((opr->ndpr_stateflags & NDPRF_DETACHED) != 0)
continue;
if (opr->ndpr_plen == pr->ndpr_plen &&
in6_are_prefix_equal(&pr->ndpr_prefix.sin6_addr,
&opr->ndpr_prefix.sin6_addr,
pr->ndpr_plen)) {
int e;
if ((e = nd6_prefix_onlink(opr)) != 0) {
nd6log((LOG_ERR,
"nd6_prefix_offlink: failed to "
"recover a prefix %s/%d from %s "
"to %s (errno = %d)\n",
ip6_sprintf(&opr->ndpr_prefix.sin6_addr),
opr->ndpr_plen, if_name(ifp),
if_name(opr->ndpr_ifp), e));
}
}
}
}
else {
/* XXX: can we still set the NDPRF_ONLINK flag? */
nd6log((LOG_ERR,
"nd6_prefix_offlink: failed to delete route: "
"%s/%d on %s (errno = %d)\n",
ip6_sprintf(&sa6.sin6_addr), pr->ndpr_plen, if_name(ifp),
error));
}
if (rt != NULL) {
if (rt->rt_refcnt <= 0) {
/* XXX: we should free the entry ourselves. */
rt->rt_refcnt++;
rtfree(rt);
}
}
return(error);
}
static struct in6_ifaddr *
in6_ifadd(pr)
struct nd_prefix *pr;
{
struct ifnet *ifp = pr->ndpr_ifp;
struct ifaddr *ifa;
struct in6_aliasreq ifra;
struct in6_ifaddr *ia, *ib;
int error, plen0;
struct in6_addr mask;
int prefixlen = pr->ndpr_plen;
in6_prefixlen2mask(&mask, prefixlen);
/*
* find a link-local address (will be interface ID).
* Is it really mandatory? Theoretically, a global or a site-local
* address can be configured without a link-local address, if we
* have a unique interface identifier...
*
* it is not mandatory to have a link-local address, we can generate
* interface identifier on the fly. we do this because:
* (1) it should be the easiest way to find interface identifier.
* (2) RFC2462 5.4 suggesting the use of the same interface identifier
* for multiple addresses on a single interface, and possible shortcut
* of DAD. we omitted DAD for this reason in the past.
* (3) a user can prevent autoconfiguration of global address
* by removing link-local address by hand (this is partly because we
* don't have other way to control the use of IPv6 on a interface.
* this has been our design choice - cf. NRL's "ifconfig auto").
* (4) it is easier to manage when an interface has addresses
* with the same interface identifier, than to have multiple addresses
* with different interface identifiers.
*/
ifa = (struct ifaddr *)in6ifa_ifpforlinklocal(ifp, 0); /* 0 is OK? */
if (ifa)
ib = (struct in6_ifaddr *)ifa;
else
return NULL;
#if 0 /* don't care link local addr state, and always do DAD */
/* if link-local address is not eligible, do not autoconfigure. */
if (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_NOTREADY) {
printf("in6_ifadd: link-local address not ready\n");
return NULL;
}
#endif
/* prefixlen + ifidlen must be equal to 128 */
plen0 = in6_mask2len(&ib->ia_prefixmask.sin6_addr, NULL);
if (prefixlen != plen0) {
nd6log((LOG_INFO, "in6_ifadd: wrong prefixlen for %s "
"(prefix=%d ifid=%d)\n",
if_name(ifp), prefixlen, 128 - plen0));
return NULL;
}
/* make ifaddr */
bzero(&ifra, sizeof(ifra));
/*
* in6_update_ifa() does not use ifra_name, but we accurately set it
* for safety.
*/
strncpy(ifra.ifra_name, if_name(ifp), sizeof(ifra.ifra_name));
ifra.ifra_addr.sin6_family = AF_INET6;
ifra.ifra_addr.sin6_len = sizeof(struct sockaddr_in6);
/* prefix */
bcopy(&pr->ndpr_prefix.sin6_addr, &ifra.ifra_addr.sin6_addr,
sizeof(ifra.ifra_addr.sin6_addr));
ifra.ifra_addr.sin6_addr.s6_addr32[0] &= mask.s6_addr32[0];
ifra.ifra_addr.sin6_addr.s6_addr32[1] &= mask.s6_addr32[1];
ifra.ifra_addr.sin6_addr.s6_addr32[2] &= mask.s6_addr32[2];
ifra.ifra_addr.sin6_addr.s6_addr32[3] &= mask.s6_addr32[3];
/* interface ID */
ifra.ifra_addr.sin6_addr.s6_addr32[0] |=
(ib->ia_addr.sin6_addr.s6_addr32[0] & ~mask.s6_addr32[0]);
ifra.ifra_addr.sin6_addr.s6_addr32[1] |=
(ib->ia_addr.sin6_addr.s6_addr32[1] & ~mask.s6_addr32[1]);
ifra.ifra_addr.sin6_addr.s6_addr32[2] |=
(ib->ia_addr.sin6_addr.s6_addr32[2] & ~mask.s6_addr32[2]);
ifra.ifra_addr.sin6_addr.s6_addr32[3] |=
(ib->ia_addr.sin6_addr.s6_addr32[3] & ~mask.s6_addr32[3]);
/* new prefix mask. */
ifra.ifra_prefixmask.sin6_len = sizeof(struct sockaddr_in6);
ifra.ifra_prefixmask.sin6_family = AF_INET6;
bcopy(&mask, &ifra.ifra_prefixmask.sin6_addr,
sizeof(ifra.ifra_prefixmask.sin6_addr));
/*
* lifetime.
* XXX: in6_init_address_ltimes would override these values later.
* We should reconsider this logic.
*/
ifra.ifra_lifetime.ia6t_vltime = pr->ndpr_vltime;
ifra.ifra_lifetime.ia6t_pltime = pr->ndpr_pltime;
/* XXX: scope zone ID? */
ifra.ifra_flags |= IN6_IFF_AUTOCONF; /* obey autoconf */
/* allocate ifaddr structure, link into chain, etc. */
if ((error = in6_update_ifa(ifp, &ifra, NULL)) != 0) {
nd6log((LOG_ERR,
"in6_ifadd: failed to make ifaddr %s on %s (errno=%d)\n",
ip6_sprintf(&ifra.ifra_addr.sin6_addr), if_name(ifp),
error));
return(NULL); /* ifaddr must not have been allocated. */
}
ia = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr);
return(ia); /* this is always non-NULL */
}
int
in6_tmpifadd(ia0, forcegen)
const struct in6_ifaddr *ia0; /* corresponding public address */
int forcegen;
{
struct ifnet *ifp = ia0->ia_ifa.ifa_ifp;
struct in6_ifaddr *newia, *ia;
struct in6_aliasreq ifra;
int i, error;
int trylimit = 3; /* XXX: adhoc value */
u_int32_t randid[2];
u_int32_t vltime0, pltime0;
#if !(defined(__FreeBSD__) && __FreeBSD__ >= 3)
time_t time_second = (time_t)time.tv_sec;
#endif
bzero(&ifra, sizeof(ifra));
strncpy(ifra.ifra_name, if_name(ifp), sizeof(ifra.ifra_name));
ifra.ifra_addr = ia0->ia_addr;
/* copy prefix mask */
ifra.ifra_prefixmask = ia0->ia_prefixmask;
/* clear the old IFID */
for (i = 0; i < 4; i++) {
ifra.ifra_addr.sin6_addr.s6_addr32[i]
&= ifra.ifra_prefixmask.sin6_addr.s6_addr32[i];
}
again:
if (in6_get_tmpifid(ifp, (u_int8_t *)randid,
(const u_int8_t *)&ia0->ia_addr.sin6_addr.s6_addr[8],
forcegen)) {
nd6log((LOG_NOTICE, "in6_tmpifadd: failed to find a good "
"random IFID\n"));
return(EINVAL);
}
ifra.ifra_addr.sin6_addr.s6_addr32[2]
|= (randid[0] & ~(ifra.ifra_prefixmask.sin6_addr.s6_addr32[2]));
ifra.ifra_addr.sin6_addr.s6_addr32[3]
|= (randid[1] & ~(ifra.ifra_prefixmask.sin6_addr.s6_addr32[3]));
/*
* in6_get_tmpifid() quite likely provided a unique interface ID.
* However, we may still have a chance to see collision, because
* there may be a time lag between generation of the ID and generation
* of the address. So, we'll do one more sanity check.
*/
for (ia = in6_ifaddr; ia; ia = ia->ia_next) {
if (SA6_ARE_ADDR_EQUAL(&ia->ia_addr,
&ifra.ifra_addr)) {
if (trylimit-- == 0) {
/*
* Give up. Something strange should have
* happened.
*/
nd6log((LOG_NOTICE, "in6_tmpifadd: failed to "
"find a unique random IFID\n"));
return(EEXIST);
}
forcegen = 1;
goto again;
}
}
/*
* The Valid Lifetime is the lower of the Valid Lifetime of the
* public address or TEMP_VALID_LIFETIME.
* The Preferred Lifetime is the lower of the Preferred Lifetime
* of the public address or TEMP_PREFERRED_LIFETIME -
* DESYNC_FACTOR.
*/
if (ia0->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME) {
vltime0 = IFA6_IS_INVALID(ia0) ? 0 :
(ia0->ia6_lifetime.ia6t_vltime -
(time_second - ia0->ia6_updatetime));
if (vltime0 > ip6_temp_valid_lifetime)
vltime0 = ip6_temp_valid_lifetime;
} else
vltime0 = ip6_temp_valid_lifetime;
if (ia0->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME) {
pltime0 = IFA6_IS_DEPRECATED(ia0) ? 0 :
(ia0->ia6_lifetime.ia6t_pltime -
(time_second - ia0->ia6_updatetime));
if (pltime0 > ip6_temp_preferred_lifetime - ip6_desync_factor){
pltime0 = ip6_temp_preferred_lifetime -
ip6_desync_factor;
}
} else
pltime0 = ip6_temp_preferred_lifetime - ip6_desync_factor;
ifra.ifra_lifetime.ia6t_vltime = vltime0;
ifra.ifra_lifetime.ia6t_pltime = pltime0;
/*
* A temporary address is created only if this calculated Preferred
* Lifetime is greater than REGEN_ADVANCE time units.
*/
if (ifra.ifra_lifetime.ia6t_pltime <= ip6_temp_regen_advance)
return(0);
/* XXX: scope zone ID? */
ifra.ifra_flags |= (IN6_IFF_AUTOCONF|IN6_IFF_TEMPORARY);
/* allocate ifaddr structure, link into chain, etc. */
if ((error = in6_update_ifa(ifp, &ifra, NULL)) != 0)
return(error);
newia = in6ifa_ifpwithaddr(ifp, &ifra.ifra_addr.sin6_addr);
if (newia == NULL) { /* XXX: can it happen? */
nd6log((LOG_ERR,
"in6_tmpifadd: ifa update succeeded, but we got "
"no ifaddr\n"));
return(EINVAL); /* XXX */
}
newia->ia6_ndpr = ia0->ia6_ndpr;
newia->ia6_ndpr->ndpr_refcnt++;
/*
* A newly added address might affect the status of other addresses.
* XXX: when the temporary address is generated with a new public
* address, the onlink check is redundant. However, it would be safe
* to do the check explicitly everywhere a new address is generated,
* and, in fact, we surely need the check when we create a new
* temporary address due to deprecation of an old temporary address.
*/
pfxlist_onlink_check();
return(0);
}
int
in6_init_prefix_ltimes(struct nd_prefix *ndpr)
{
#if !(defined(__FreeBSD__) && __FreeBSD__ >= 3)
long time_second = time.tv_sec;
#endif
/* check if preferred lifetime > valid lifetime. RFC2462 5.5.3 (c) */
if (ndpr->ndpr_pltime > ndpr->ndpr_vltime) {
nd6log((LOG_INFO, "in6_init_prefix_ltimes: preferred lifetime"
"(%d) is greater than valid lifetime(%d)\n",
(u_int)ndpr->ndpr_pltime, (u_int)ndpr->ndpr_vltime));
return (EINVAL);
}
if (ndpr->ndpr_pltime == ND6_INFINITE_LIFETIME)
ndpr->ndpr_preferred = 0;
else
ndpr->ndpr_preferred = time_second + ndpr->ndpr_pltime;
if (ndpr->ndpr_vltime == ND6_INFINITE_LIFETIME)
ndpr->ndpr_expire = 0;
else
ndpr->ndpr_expire = time_second + ndpr->ndpr_vltime;
return 0;
}
static void
in6_init_address_ltimes(struct nd_prefix *new, struct in6_addrlifetime *lt6)
{
#if !(defined(__FreeBSD__) && __FreeBSD__ >= 3)
long time_second = time.tv_sec;
#endif
/* Valid lifetime must not be updated unless explicitly specified. */
/* init ia6t⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -