D55015.id171148.diff
No OneTemporary
Actions

Size

11 KB

Referenced Files

None

Subscribers

None

D55015.id171148.diff
View Options

	diff --git a/share/man/man4/inet6.4 b/share/man/man4/inet6.4
	--- a/share/man/man4/inet6.4
	+++ b/share/man/man4/inet6.4
	@@ -27,7 +27,7 @@
	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	.\" SUCH DAMAGE.
	.\"
	-.Dd February 22, 2023
	+.Dd January 31, 2026
	.Dt INET6 4
	.Os
	.Sh NAME
	@@ -295,6 +295,17 @@
	The packets will be generated when
	.Tn IPv6
	interface addresses are configured.
	+.It Dv IPV6CTL_GRAND_COUNT
	+.Pq ip6.grand_count
	+Integer: default number of
	+.Tn IPv6
	+GRAND
	+.Pq gratuitous neighbor discovery
	+unsolicited NA packets.
	+The packets will be generated when
	+.Tn IPv6
	+interface addresses are configured or when there are changes to
	+link-layer interface addresses.
	.It Dv IPV6CTL_AUTO_FLOWLABEL
	.Pq ip6.auto_flowlabel
	Boolean: enable/disable automatic filling of
	diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h
	--- a/sys/netinet6/in6.h
	+++ b/sys/netinet6/in6.h
	@@ -643,7 +643,8 @@
	* queue */
	#define IPV6CTL_MAXFRAGSPERPACKET 53 /* Max fragments per packet */
	#define IPV6CTL_MAXFRAGBUCKETSIZE 54 /* Max reassembly queues per bucket */
	-#define IPV6CTL_MAXID 55
	+#define IPV6CTL_GRAND_COUNT 55
	+#define IPV6CTL_MAXID 56
	#endif /* __BSD_VISIBLE */

	/*
	diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c
	--- a/sys/netinet6/in6_proto.c
	+++ b/sys/netinet6/in6_proto.c
	@@ -156,6 +156,7 @@
	VNET_DEFINE(int, ip6_hdrnestlimit) = 15;/* How many header options will we
	* process? */
	VNET_DEFINE(int, ip6_dad_count) = 1; /* DupAddrDetectionTransmits */
	+VNET_DEFINE(int, ip6_grand_count) = MAX_NEIGHBOR_ADVERTISEMENT;
	VNET_DEFINE(int, ip6_auto_flowlabel) = 1;
	VNET_DEFINE(int, ip6_use_deprecated) = 1;/* allow deprecated addr
	* (RFC2462 5.5.4) */
	@@ -291,6 +292,9 @@
	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT, dad_count,
	CTLFLAG_VNET \| CTLFLAG_RW, &VNET_NAME(ip6_dad_count), 0,
	"Number of ICMPv6 NS messages sent during duplicate address detection");
	+SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GRAND_COUNT, grand_count,
	+ CTLFLAG_VNET \| CTLFLAG_RW, &VNET_NAME(ip6_grand_count), 0,
	+ "Number of ICMPv6 NA messages sent by gratuitous ND per interface");
	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL, auto_flowlabel,
	CTLFLAG_VNET \| CTLFLAG_RW, &VNET_NAME(ip6_auto_flowlabel), 0,
	"Provide an IPv6 flowlabel in outbound packets");
	diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h
	--- a/sys/netinet6/ip6_var.h
	+++ b/sys/netinet6/ip6_var.h
	@@ -320,6 +320,7 @@
	VNET_DECLARE(int, ip6_hdrnestlimit); /* upper limit of # of extension
	* headers */
	VNET_DECLARE(int, ip6_dad_count); /* DupAddrDetectionTransmits */
	+VNET_DECLARE(int, ip6_grand_count); /* Gratuitous ND Transmits */
	#define V_ip6_mrouter VNET(ip6_mrouter)
	#define V_ip6_sendredirects VNET(ip6_sendredirects)
	#define V_ip6_accept_rtadv VNET(ip6_accept_rtadv)
	@@ -328,6 +329,7 @@
	#define V_ip6_rfc6204w3 VNET(ip6_rfc6204w3)
	#define V_ip6_hdrnestlimit VNET(ip6_hdrnestlimit)
	#define V_ip6_dad_count VNET(ip6_dad_count)
	+#define V_ip6_grand_count VNET(ip6_grand_count)

	VNET_DECLARE(int, ip6_auto_flowlabel);
	VNET_DECLARE(int, ip6_auto_linklocal);
	diff --git a/sys/netinet6/nd6.h b/sys/netinet6/nd6.h
	--- a/sys/netinet6/nd6.h
	+++ b/sys/netinet6/nd6.h
	@@ -152,6 +152,10 @@
	#define ND6_NA_OPT_LLA 0x01
	#define ND6_NA_CARP_MASTER 0x02

	+/* ND6 GRAND flags */
	+#define ND6_GRAND_FLAG_NEWGUA 0x01 /* new global unicast address event */
	+#define ND6_GRAND_FLAG_LLADDR 0x02 /* link-layer address change event */
	+
	/* protocol constants */
	#define MAX_RTR_SOLICITATION_DELAY 1 /* 1sec */
	#define RTR_SOLICITATION_INTERVAL 4 /* 4sec */
	@@ -173,6 +177,7 @@
	#define ND_COMPUTE_RTIME(x) \
	(((MIN_RANDOM_FACTOR * (x >> 10)) + (arc4random() & \
	((MAX_RANDOM_FACTOR - MIN_RANDOM_FACTOR) * (x >> 10)))) /1000)
	+#define MAX_NEIGHBOR_ADVERTISEMENT 3 /* RFC4891 Section 10 */

	struct nd_defrouter {
	TAILQ_ENTRY(nd_defrouter) dr_entry;
	@@ -366,6 +371,8 @@
	void nd6_dad_init(void);
	void nd6_dad_start(struct ifaddr *, int);
	void nd6_dad_stop(struct ifaddr *);
	+void nd6_grand_start(struct ifaddr *, uint32_t);
	+void nd6_queue_stop(struct ifaddr *);

	/* nd6_rtr.c */
	void nd6_rs_input(struct mbuf *, int, int);
	diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c
	--- a/sys/netinet6/nd6.c
	+++ b/sys/netinet6/nd6.c
	@@ -215,6 +215,21 @@
	type == RTM_ADD ? RTF_UP: 0), 0, fibnum);
	}

	+/*
	+ * Sends gratuitous NAs for each ifaddr to notify other
	+ * nodes about the address change.
	+ */
	+static __noinline void
	+nd6_handle_ifllchange(struct ifnet *ifp)
	+{
	+ struct ifaddr *ifa;
	+
	+ CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
	+ if (ifa->ifa_addr->sa_family == AF_INET6)
	+ nd6_grand_start(ifa, ND6_GRAND_FLAG_LLADDR);
	+ }
	+}
	+
	/*
	* A handler for interface link layer address change event.
	*/
	@@ -226,6 +241,9 @@
	return;

	lltable_update_ifaddr(LLTABLE6(ifp));
	+
	+ if ((ifp->if_flags & IFF_UP) != 0)
	+ nd6_handle_ifllchange(ifp);
	}

	void
	@@ -334,6 +352,9 @@
	if (ifa->ifa_addr->sa_family != AF_INET6)
	continue;

	+ /* make sure there are no queued ND6 */
	+ nd6_queue_stop(ifa);
	+
	/* stop DAD processing */
	nd6_dad_stop(ifa);
	}
	diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c
	--- a/sys/netinet6/nd6_nbr.c
	+++ b/sys/netinet6/nd6_nbr.c
	@@ -121,6 +121,28 @@
	&VNET_NAME(nd6_onlink_ns_rfc4861), 0,
	"Accept 'on-link' ICMPv6 NS messages in compliance with RFC 4861");

	+struct nd6_queue {
	+ TAILQ_ENTRY(nd6_queue) ndq_list;
	+ struct ifaddr *ndq_ifa;
	+ uint32_t ndq_flags;
	+ uint32_t ndq_refcnt;
	+ struct callout ndq_callout;
	+};
	+
	+static TAILQ_HEAD(, nd6_queue) nd6_queue = TAILQ_HEAD_INITIALIZER(nd6_queue);
	+static struct rwlock ndq_rwlock;
	+RW_SYSINIT(ndq_rwlock, &ndq_rwlock, "nd6 queue");
	+
	+#define NDQ_RLOCK() rw_rlock(&ndq_rwlock)
	+#define NDQ_RUNLOCK() rw_runlock(&ndq_rwlock)
	+#define NDQ_WLOCK() rw_wlock(&ndq_rwlock)
	+#define NDQ_WUNLOCK() rw_wunlock(&ndq_rwlock)
	+
	+#define NDQ_LOCK_ASSERT() rw_assert(&ndq_rwlock, RA_LOCKED);
	+#define NDQ_RLOCK_ASSERT() rw_assert(&ndq_rwlock, RA_RLOCKED);
	+#define NDQ_WLOCK_ASSERT() rw_assert(&ndq_rwlock, RA_WLOCKED);
	+
	+
	/*
	* Input a Neighbor Solicitation Message.
	*
	@@ -1464,6 +1486,12 @@
	ia->ia6_flags &= ~IN6_IFF_TENTATIVE;
	if ((ifp->if_inet6->nd_flags & ND6_IFF_STABLEADDR) && !(ia->ia6_flags & IN6_IFF_TEMPORARY))
	atomic_store_int(&DAD_FAILURES(ifp), 0);
	+ /*
	+ * RFC 9131 Section 6.1.2: The first advertisement
	+ * SHOULD be sent as soon as an address changes the
	+ * state from tentative to preferred.
	+ */
	+ nd6_grand_start(ifa, ND6_GRAND_FLAG_NEWGUA);
	}

	nd6log((LOG_DEBUG,
	@@ -1632,3 +1660,187 @@
	dp->dad_na_icount++;
	DADQ_RUNLOCK();
	}
	+
	+static struct nd6_queue *
	+nd6_queue_find(struct ifaddr *ifa)
	+{
	+ struct nd6_queue *ndq;
	+
	+ NDQ_RLOCK();
	+ TAILQ_FOREACH(ndq, &nd6_queue, ndq_list) {
	+ if (ndq->ndq_ifa == ifa)
	+ break;
	+ }
	+ NDQ_RUNLOCK();
	+
	+ return (ndq);
	+}
	+
	+static void
	+nd6_queue_rel(void *arg)
	+{
	+ struct nd6_queue *ndq = arg;
	+
	+ NDQ_WLOCK_ASSERT();
	+ /*
	+ * Remove ndq from the nd6_queue and release the ndq's
	+ * reference.
	+ */
	+ TAILQ_REMOVE(&nd6_queue, ndq, ndq_list);
	+ if (refcount_release(&ndq->ndq_refcnt)) {
	+ ifa_free(ndq->ndq_ifa);
	+ free(ndq, M_IP6NDP);
	+ }
	+ NDQ_WUNLOCK();
	+}
	+
	+static void
	+nd6_queue_timer(void *arg)
	+{
	+ struct nd6_queue *ndq = arg;
	+ struct ifaddr *ifa = ndq->ndq_ifa;
	+ struct ifnet *ifp = ndq->ndq_ifa->ifa_ifp;
	+ struct in6_addr taddr6 = IN6ADDR_ANY_INIT;
	+ struct epoch_tracker et;
	+ int delay, tlladdr;
	+ u_long flags;
	+
	+ CURVNET_SET(ndq->ndq_ifa->ifa_ifp->if_vnet);
	+ KASSERT(ifa != NULL, ("ND6 queue entry %p with no address", ndq));
	+
	+ NET_EPOCH_ENTER(et);
	+
	+ tlladdr = ND6_NA_OPT_LLA;
	+ flags = (V_ip6_forwarding) ? ND_NA_FLAG_ROUTER : 0;
	+ if ((ifp->if_inet6->nd_flags & ND6_IFF_ACCEPT_RTADV) != 0 && V_ip6_norbit_raif)
	+ flags &= ~ND_NA_FLAG_ROUTER;
	+
	+ /*
	+ * RFC 9131 Section 6.1.2: if new global address added,
	+ * use the all-routers multicast address.
	+ * If the address is preferred, then the Override flag SHOULD NOT be set.
	+ */
	+ if ((ndq->ndq_flags & ND6_GRAND_FLAG_NEWGUA) != 0) {
	+ taddr6 = in6addr_linklocal_allrouters;
	+ /*
	+ * XXX: If the address is in the Optimistic state,
	+ * then the Override flag MUST NOT be set.
	+ * We don't support RFC 4429 yet.
	+ */
	+ if ((ifp->if_inet6->nd_flags & ND6_IFF_PREFER_SOURCE) == 0)
	+ flags \|= ND_NA_FLAG_OVERRIDE;
	+ }
	+ /*
	+ * RFC 4891 Section 7.2.6: if link-layer address changed,
	+ * use the all-nodes multicast address.
	+ * The Override flag MAY be set to either zero or one.
	+ */
	+ if ((ndq->ndq_flags & ND6_GRAND_FLAG_LLADDR) != 0) {
	+ taddr6 = in6addr_linklocal_allnodes;
	+ flags \|= ND_NA_FLAG_OVERRIDE;
	+ }
	+
	+ /* Wait at least a RetransTimer before removing from queue */
	+ delay = ifp->if_inet6->nd_retrans * hz / 1000;
	+ callout_reset(&ndq->ndq_callout, delay, nd6_queue_rel, ndq);
	+ NDQ_WUNLOCK();
	+
	+ if (in6_setscope(&taddr6, ifp, NULL) != 0)
	+ goto bad;
	+
	+ nd6_na_output_fib(ifp, &taddr6, IFA_IN6(ifa), flags, tlladdr, NULL, ifp->if_fib);
	+
	+bad:
	+ NET_EPOCH_EXIT(et);
	+ CURVNET_RESTORE();
	+}
	+
	+static void
	+nd6_queue_add(struct ifaddr *ifa, int delay, uint32_t flags)
	+{
	+ struct nd6_queue *ndq;
	+ struct in6_ifaddr ia = (struct in6_ifaddr )ifa;
	+ char ip6buf[INET6_ADDRSTRLEN];
	+
	+ NDQ_WLOCK_ASSERT();
	+
	+ ndq = malloc(sizeof(*ndq), M_IP6NDP, M_NOWAIT \| M_ZERO);
	+ if (ndq == NULL) {
	+ log(LOG_ERR, "nd6_queue_start: memory allocation failed for "
	+ "%s(%s)\n",
	+ ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr),
	+ ifa->ifa_ifp ? if_name(ifa->ifa_ifp) : "???");
	+ return;
	+ }
	+ callout_init_rw(&ndq->ndq_callout, &ndq_rwlock, CALLOUT_RETURNUNLOCKED);
	+ nd6log((LOG_DEBUG, "%s: send GRAND for %s\n", if_name(ifa->ifa_ifp),
	+ ip6_sprintf(ip6buf, &ia->ia_addr.sin6_addr)));
	+
	+ ndq->ndq_ifa = ifa;
	+ ifa_ref(ndq->ndq_ifa);
	+ ndq->ndq_flags = flags;
	+
	+ refcount_init(&ndq->ndq_refcnt, 1);
	+ TAILQ_INSERT_TAIL(&nd6_queue, ndq, ndq_list);
	+ callout_reset(&ndq->ndq_callout, delay, nd6_queue_timer, ndq);
	+}
	+
	+/*
	+ * Start Gratuitous Neighbor Discovery (GRAND) for specified address.
	+ * Called after DAD completes and by interface link layer change event.
	+ */
	+void
	+nd6_grand_start(struct ifaddr *ifa, uint32_t flags)
	+{
	+ struct nd6_queue *ndq;
	+ int delay, count = 0;
	+
	+ /* If we don't need GRAND, don't do it. */
	+ if (V_ip6_grand_count == 0 \|\|
	+ ifa->ifa_carp != NULL)
	+ return;
	+
	+ /* Check if new address is global */
	+ if ((flags & ND6_GRAND_FLAG_NEWGUA) != 0 &&
	+ in6_addrscope(IFA_IN6(ifa)) != IPV6_ADDR_SCOPE_GLOBAL)
	+ return;
	+
	+ /*
	+ * RFC 9131 Section 6.1.2: These advertisements MUST be
	+ * separated by at least RetransTimer seconds.
	+ */
	+ NDQ_WLOCK();
	+ TAILQ_FOREACH(ndq, &nd6_queue, ndq_list) {
	+ if (ndq->ndq_ifa->ifa_ifp != ifa->ifa_ifp)
	+ continue;
	+ /*
	+ * RFC 9131 Section 6.1.2: a node SHOULD send
	+ * up to MAX_NEIGHBOR_ADVERTISEMENT Neighbor Advertisement messages.
	+ * Make sure we don't queue GRAND more than V_ip6_grand_count
	+ * per interface.
	+ */
	+ count++;
	+ if (count >= V_ip6_grand_count)
	+ goto ret;
	+ }
	+
	+ delay = ifa->ifa_ifp->if_inet6->nd_retrans * hz / 1000;
	+ nd6_queue_add(ifa, count * delay, flags);
	+ret:
	+ NDQ_WUNLOCK();
	+}
	+
	+/*
	+ * drain GRAND queue. used for address removals.
	+ */
	+void
	+nd6_queue_stop(struct ifaddr *ifa)
	+{
	+ struct nd6_queue *ndq;
	+
	+ ndq = nd6_queue_find(ifa);
	+ if (ndq == NULL)
	+ return;
	+
	+ callout_drain(&ndq->ndq_callout);
	+}

File Metadata

Mime Type: text/plain
Expires: Sun, Feb 22, 3:11 PM (18 h, 18 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28938985
Default Alt Text: D55015.id171148.diff (11 KB)

D55015.id171148.diffNo OneTemporaryActions

D55015.id171148.diffView Options

File Metadata

Event Timeline

D55015.id171148.diff
No OneTemporary
Actions

D55015.id171148.diff
View Options