diff options
Diffstat (limited to 'lwip/src/core/ipv6/nd6.c')
| -rw-r--r-- | lwip/src/core/ipv6/nd6.c | 1370 |
1 files changed, 991 insertions, 379 deletions
diff --git a/lwip/src/core/ipv6/nd6.c b/lwip/src/core/ipv6/nd6.c index 513db98..31a1f69 100644 --- a/lwip/src/core/ipv6/nd6.c +++ b/lwip/src/core/ipv6/nd6.c @@ -46,6 +46,9 @@ #if LWIP_IPV6 /* don't build if not configured for use in lwipopts.h */ #include "lwip/nd6.h" +#include "lwip/priv/nd6_priv.h" +#include "lwip/prot/nd6.h" +#include "lwip/prot/icmp6.h" #include "lwip/pbuf.h" #include "lwip/mem.h" #include "lwip/memp.h" @@ -55,10 +58,19 @@ #include "lwip/netif.h" #include "lwip/icmp6.h" #include "lwip/mld6.h" +#include "lwip/ip.h" #include "lwip/stats.h" +#include "lwip/dns.h" #include <string.h> +#ifdef LWIP_HOOK_FILENAME +#include LWIP_HOOK_FILENAME +#endif + +#if LWIP_IPV6_DUP_DETECT_ATTEMPTS > IP6_ADDR_TENTATIVE_COUNT_MASK +#error LWIP_IPV6_DUP_DETECT_ATTEMPTS > IP6_ADDR_TENTATIVE_COUNT_MASK +#endif /* Router tables. */ struct nd6_neighbor_cache_entry neighbor_cache[LWIP_ND6_NUM_NEIGHBORS]; @@ -68,7 +80,7 @@ struct nd6_router_list_entry default_router_list[LWIP_ND6_NUM_ROUTERS]; /* Default values, can be updated by a RA message. */ u32_t reachable_time = LWIP_ND6_REACHABLE_TIME; -u32_t retrans_timer = LWIP_ND6_RETRANS_TIMER; /* TODO implement this value in timer */ +u32_t retrans_timer = LWIP_ND6_RETRANS_TIMER; /* @todo implement this value in timer */ /* Index for cache entries. */ static u8_t nd6_cached_neighbor_index; @@ -77,27 +89,40 @@ static u8_t nd6_cached_destination_index; /* Multicast address holder. */ static ip6_addr_t multicast_address; -/* Static buffer to parse RA packet options (size of a prefix option, biggest option) */ -static u8_t nd6_ra_buffer[sizeof(struct prefix_option)]; +/* Static buffer to parse RA packet options */ +union ra_options { + struct lladdr_option lladdr; + struct mtu_option mtu; + struct prefix_option prefix; +#if LWIP_ND6_RDNSS_MAX_DNS_SERVERS + struct rdnss_option rdnss; +#endif +}; +static union ra_options nd6_ra_buffer; /* Forward declarations. */ -static s8_t nd6_find_neighbor_cache_entry(ip6_addr_t * ip6addr); +static s8_t nd6_find_neighbor_cache_entry(const ip6_addr_t *ip6addr); static s8_t nd6_new_neighbor_cache_entry(void); static void nd6_free_neighbor_cache_entry(s8_t i); -static s8_t nd6_find_destination_cache_entry(ip6_addr_t * ip6addr); +static s8_t nd6_find_destination_cache_entry(const ip6_addr_t *ip6addr); static s8_t nd6_new_destination_cache_entry(void); -static s8_t nd6_is_prefix_in_netif(ip6_addr_t * ip6addr, struct netif * netif); -static s8_t nd6_get_router(ip6_addr_t * router_addr, struct netif * netif); -static s8_t nd6_new_router(ip6_addr_t * router_addr, struct netif * netif); -static s8_t nd6_get_onlink_prefix(ip6_addr_t * prefix, struct netif * netif); -static s8_t nd6_new_onlink_prefix(ip6_addr_t * prefix, struct netif * netif); +static s8_t nd6_is_prefix_in_netif(const ip6_addr_t *ip6addr, struct netif *netif); +static s8_t nd6_select_router(const ip6_addr_t *ip6addr, struct netif *netif); +static s8_t nd6_get_router(const ip6_addr_t *router_addr, struct netif *netif); +static s8_t nd6_new_router(const ip6_addr_t *router_addr, struct netif *netif); +static s8_t nd6_get_onlink_prefix(const ip6_addr_t *prefix, struct netif *netif); +static s8_t nd6_new_onlink_prefix(const ip6_addr_t *prefix, struct netif *netif); +static s8_t nd6_get_next_hop_entry(const ip6_addr_t *ip6addr, struct netif *netif); +static err_t nd6_queue_packet(s8_t neighbor_index, struct pbuf *q); #define ND6_SEND_FLAG_MULTICAST_DEST 0x01 #define ND6_SEND_FLAG_ALLNODES_DEST 0x02 -static void nd6_send_ns(struct netif * netif, ip6_addr_t * target_addr, u8_t flags); -static void nd6_send_na(struct netif * netif, ip6_addr_t * target_addr, u8_t flags); +#define ND6_SEND_FLAG_ANY_SRC 0x04 +static void nd6_send_ns(struct netif *netif, const ip6_addr_t *target_addr, u8_t flags); +static void nd6_send_na(struct netif *netif, const ip6_addr_t *target_addr, u8_t flags); +static void nd6_send_neighbor_cache_probe(struct nd6_neighbor_cache_entry *entry, u8_t flags); #if LWIP_IPV6_SEND_ROUTER_SOLICIT -static void nd6_send_rs(struct netif * netif); +static err_t nd6_send_rs(struct netif *netif); #endif /* LWIP_IPV6_SEND_ROUTER_SOLICIT */ #if LWIP_ND6_QUEUEING @@ -109,6 +134,147 @@ static void nd6_send_q(s8_t i); /** + * A local address has been determined to be a duplicate. Take the appropriate + * action(s) on the address and the interface as a whole. + * + * @param netif the netif that owns the address + * @param addr_idx the index of the address detected to be a duplicate + */ +static void +nd6_duplicate_addr_detected(struct netif *netif, s8_t addr_idx) +{ + + /* Mark the address as duplicate, but leave its lifetimes alone. If this was + * a manually assigned address, it will remain in existence as duplicate, and + * as such be unusable for any practical purposes until manual intervention. + * If this was an autogenerated address, the address will follow normal + * expiration rules, and thus disappear once its valid lifetime expires. */ + netif_ip6_addr_set_state(netif, addr_idx, IP6_ADDR_DUPLICATED); + +#if LWIP_IPV6_AUTOCONFIG + /* If the affected address was the link-local address that we use to generate + * all other addresses, then we should not continue to use those derived + * addresses either, so mark them as duplicate as well. For autoconfig-only + * setups, this will make the interface effectively unusable, approaching the + * intention of RFC 4862 Sec. 5.4.5. @todo implement the full requirements */ + if (addr_idx == 0) { + s8_t i; + for (i = 1; i < LWIP_IPV6_NUM_ADDRESSES; i++) { + if (!ip6_addr_isinvalid(netif_ip6_addr_state(netif, i)) && + !netif_ip6_addr_isstatic(netif, i)) { + netif_ip6_addr_set_state(netif, i, IP6_ADDR_DUPLICATED); + } + } + } +#endif /* LWIP_IPV6_AUTOCONFIG */ +} + +#if LWIP_IPV6_AUTOCONFIG +/** + * We received a router advertisement that contains a prefix with the + * autoconfiguration flag set. Add or update an associated autogenerated + * address. + * + * @param netif the netif on which the router advertisement arrived + * @param prefix_opt a pointer to the prefix option data + * @param prefix_addr an aligned copy of the prefix address + */ +static void +nd6_process_autoconfig_prefix(struct netif *netif, + struct prefix_option *prefix_opt, const ip6_addr_t *prefix_addr) +{ + ip6_addr_t ip6addr; + u32_t valid_life, pref_life; + u8_t addr_state; + s8_t i, free_idx; + + /* The caller already checks RFC 4862 Sec. 5.5.3 points (a) and (b). We do + * the rest, starting with checks for (c) and (d) here. */ + valid_life = lwip_htonl(prefix_opt->valid_lifetime); + pref_life = lwip_htonl(prefix_opt->preferred_lifetime); + if (pref_life > valid_life || prefix_opt->prefix_length != 64) { + return; /* silently ignore this prefix for autoconfiguration purposes */ + } + + /* If an autogenerated address already exists for this prefix, update its + * lifetimes. An address is considered autogenerated if 1) it is not static + * (i.e., manually assigned), and 2) there is an advertised autoconfiguration + * prefix for it (the one we are processing here). This does not necessarily + * exclude the possibility that the address was actually assigned by, say, + * DHCPv6. If that distinction becomes important in the future, more state + * must be kept. As explained elsewhere we also update lifetimes of tentative + * and duplicate addresses. Skip address slot 0 (the link-local address). */ + for (i = 1; i < LWIP_IPV6_NUM_ADDRESSES; i++) { + addr_state = netif_ip6_addr_state(netif, i); + if (!ip6_addr_isinvalid(addr_state) && !netif_ip6_addr_isstatic(netif, i) && + ip6_addr_netcmp(prefix_addr, netif_ip6_addr(netif, i))) { + /* Update the valid lifetime, as per RFC 4862 Sec. 5.5.3 point (e). + * The valid lifetime will never drop to zero as a result of this. */ + u32_t remaining_life = netif_ip6_addr_valid_life(netif, i); + if (valid_life > ND6_2HRS || valid_life > remaining_life) { + netif_ip6_addr_set_valid_life(netif, i, valid_life); + } else if (remaining_life > ND6_2HRS) { + netif_ip6_addr_set_valid_life(netif, i, ND6_2HRS); + } + LWIP_ASSERT("bad valid lifetime", !netif_ip6_addr_isstatic(netif, i)); + /* Update the preferred lifetime. No bounds checks are needed here. In + * rare cases the advertisement may un-deprecate the address, though. + * Deprecation is left to the timer code where it is handled anyway. */ + if (pref_life > 0 && addr_state == IP6_ADDR_DEPRECATED) { + netif_ip6_addr_set_state(netif, i, IP6_ADDR_PREFERRED); + } + netif_ip6_addr_set_pref_life(netif, i, pref_life); + return; /* there should be at most one matching address */ + } + } + + /* No autogenerated address exists for this prefix yet. See if we can add a + * new one. However, if IPv6 autoconfiguration is administratively disabled, + * do not generate new addresses, but do keep updating lifetimes for existing + * addresses. Also, when adding new addresses, we must protect explicitly + * against a valid lifetime of zero, because again, we use that as a special + * value. The generated address would otherwise expire immediately anyway. + * Finally, the original link-local address must be usable at all. We start + * creating addresses even if the link-local address is still in tentative + * state though, and deal with the fallout of that upon DAD collision. */ + addr_state = netif_ip6_addr_state(netif, 0); + if (!netif->ip6_autoconfig_enabled || valid_life == IP6_ADDR_LIFE_STATIC || + ip6_addr_isinvalid(addr_state) || ip6_addr_isduplicated(addr_state)) { + return; + } + + /* Construct the new address that we intend to use, and then see if that + * address really does not exist. It might have been added manually, after + * all. As a side effect, find a free slot. Note that we cannot use + * netif_add_ip6_address() here, as it would return ERR_OK if the address + * already did exist, resulting in that address being given lifetimes. */ + IP6_ADDR(&ip6addr, prefix_addr->addr[0], prefix_addr->addr[1], + netif_ip6_addr(netif, 0)->addr[2], netif_ip6_addr(netif, 0)->addr[3]); + ip6_addr_assign_zone(&ip6addr, IP6_UNICAST, netif); + + free_idx = 0; + for (i = 1; i < LWIP_IPV6_NUM_ADDRESSES; i++) { + if (!ip6_addr_isinvalid(netif_ip6_addr_state(netif, i))) { + if (ip6_addr_cmp(&ip6addr, netif_ip6_addr(netif, i))) { + return; /* formed address already exists */ + } + } else if (free_idx == 0) { + free_idx = i; + } + } + if (free_idx == 0) { + return; /* no address slots available, try again on next advertisement */ + } + + /* Assign the new address to the interface. */ + ip_addr_copy_from_ip6(netif->ip6_addr[free_idx], ip6addr); + netif_ip6_addr_set_valid_life(netif, free_idx, valid_life); + netif_ip6_addr_set_pref_life(netif, free_idx, pref_life); + netif_ip6_addr_set_state(netif, free_idx, IP6_ADDR_TENTATIVE); +} +#endif /* LWIP_IPV6_AUTOCONFIG */ + +/** * Process an incoming neighbor discovery message * * @param p the nd packet, p->payload pointing to the icmpv6 header @@ -126,12 +292,13 @@ nd6_input(struct pbuf *p, struct netif *inp) switch (msg_type) { case ICMP6_TYPE_NA: /* Neighbor Advertisement. */ { - struct na_header * na_hdr; - struct lladdr_option * lladdr_opt; + struct na_header *na_hdr; + struct lladdr_option *lladdr_opt; + ip6_addr_t target_address; /* Check that na header fits in packet. */ if (p->len < (sizeof(struct na_header))) { - /* TODO debug message */ + /* @todo debug message */ pbuf_free(p); ND6_STATS_INC(nd6.lenerr); ND6_STATS_INC(nd6.drop); @@ -140,53 +307,36 @@ nd6_input(struct pbuf *p, struct netif *inp) na_hdr = (struct na_header *)p->payload; + /* Create an aligned, zoned copy of the target address. */ + ip6_addr_copy_from_packed(target_address, na_hdr->target_address); + ip6_addr_assign_zone(&target_address, IP6_UNICAST, inp); + + /* Check a subset of the other RFC 4861 Sec. 7.1.2 requirements. */ + if (IP6H_HOPLIM(ip6_current_header()) != ND6_HOPLIM || na_hdr->code != 0 || + ip6_addr_ismulticast(&target_address)) { + pbuf_free(p); + ND6_STATS_INC(nd6.proterr); + ND6_STATS_INC(nd6.drop); + return; + } + + /* @todo RFC MUST: if IP destination is multicast, Solicited flag is zero */ + /* @todo RFC MUST: all included options have a length greater than zero */ + /* Unsolicited NA?*/ if (ip6_addr_ismulticast(ip6_current_dest_addr())) { /* This is an unsolicited NA. * link-layer changed? * part of DAD mechanism? */ - /* Check that link-layer address option also fits in packet. */ - if (p->len < (sizeof(struct na_header) + sizeof(struct lladdr_option))) { - /* TODO debug message */ - pbuf_free(p); - ND6_STATS_INC(nd6.lenerr); - ND6_STATS_INC(nd6.drop); - return; - } - - lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct na_header)); - - /* Override ip6_current_dest_addr() so that we have an aligned copy. */ - ip6_addr_set(ip6_current_dest_addr(), &(na_hdr->target_address)); - #if LWIP_IPV6_DUP_DETECT_ATTEMPTS /* If the target address matches this netif, it is a DAD response. */ for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) { - if (ip6_addr_cmp(ip6_current_dest_addr(), netif_ip6_addr(inp, i))) { + if (!ip6_addr_isinvalid(netif_ip6_addr_state(inp, i)) && + !ip6_addr_isduplicated(netif_ip6_addr_state(inp, i)) && + ip6_addr_cmp(&target_address, netif_ip6_addr(inp, i))) { /* We are using a duplicate address. */ - netif_ip6_addr_set_state(inp, i, IP6_ADDR_INVALID); - -#if LWIP_IPV6_MLD - /* Leave solicited node multicast group. */ - ip6_addr_set_solicitednode(&multicast_address, netif_ip6_addr(inp, i)->addr[3]); - mld6_leavegroup(netif_ip6_addr(inp, i), &multicast_address); -#endif /* LWIP_IPV6_MLD */ - - - - -#if LWIP_IPV6_AUTOCONFIG - /* Check to see if this address was autoconfigured. */ - if (!ip6_addr_islinklocal(ip6_current_dest_addr())) { - i = nd6_get_onlink_prefix(ip6_current_dest_addr(), inp); - if (i >= 0) { - /* Mark this prefix as duplicate, so that we don't use it - * to generate this address again. */ - prefix_list[i].flags |= ND6_PREFIX_AUTOCONFIG_ADDRESS_DUPLICATE; - } - } -#endif /* LWIP_IPV6_AUTOCONFIG */ + nd6_duplicate_addr_detected(inp, i); pbuf_free(p); return; @@ -194,24 +344,39 @@ nd6_input(struct pbuf *p, struct netif *inp) } #endif /* LWIP_IPV6_DUP_DETECT_ATTEMPTS */ + /* Check that link-layer address option also fits in packet. */ + if (p->len < (sizeof(struct na_header) + 2)) { + /* @todo debug message */ + pbuf_free(p); + ND6_STATS_INC(nd6.lenerr); + ND6_STATS_INC(nd6.drop); + return; + } + + lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct na_header)); + + if (p->len < (sizeof(struct na_header) + (lladdr_opt->length << 3))) { + /* @todo debug message */ + pbuf_free(p); + ND6_STATS_INC(nd6.lenerr); + ND6_STATS_INC(nd6.drop); + return; + } + /* This is an unsolicited NA, most likely there was a LLADDR change. */ - i = nd6_find_neighbor_cache_entry(ip6_current_dest_addr()); + i = nd6_find_neighbor_cache_entry(&target_address); if (i >= 0) { if (na_hdr->flags & ND6_FLAG_OVERRIDE) { MEMCPY(neighbor_cache[i].lladdr, lladdr_opt->addr, inp->hwaddr_len); } } - } - else { + } else { /* This is a solicited NA. * neighbor address resolution response? * neighbor unreachability detection response? */ - /* Override ip6_current_dest_addr() so that we have an aligned copy. */ - ip6_addr_set(ip6_current_dest_addr(), &(na_hdr->target_address)); - /* Find the cache entry corresponding to this na. */ - i = nd6_find_neighbor_cache_entry(ip6_current_dest_addr()); + i = nd6_find_neighbor_cache_entry(&target_address); if (i < 0) { /* We no longer care about this target address. drop it. */ pbuf_free(p); @@ -219,13 +384,11 @@ nd6_input(struct pbuf *p, struct netif *inp) } /* Update cache entry. */ - neighbor_cache[i].netif = inp; - neighbor_cache[i].counter.reachable_time = reachable_time; if ((na_hdr->flags & ND6_FLAG_OVERRIDE) || (neighbor_cache[i].state == ND6_INCOMPLETE)) { /* Check that link-layer address option also fits in packet. */ - if (p->len < (sizeof(struct na_header) + sizeof(struct lladdr_option))) { - /* TODO debug message */ + if (p->len < (sizeof(struct na_header) + 2)) { + /* @todo debug message */ pbuf_free(p); ND6_STATS_INC(nd6.lenerr); ND6_STATS_INC(nd6.drop); @@ -234,9 +397,20 @@ nd6_input(struct pbuf *p, struct netif *inp) lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct na_header)); + if (p->len < (sizeof(struct na_header) + (lladdr_opt->length << 3))) { + /* @todo debug message */ + pbuf_free(p); + ND6_STATS_INC(nd6.lenerr); + ND6_STATS_INC(nd6.drop); + return; + } + MEMCPY(neighbor_cache[i].lladdr, lladdr_opt->addr, inp->hwaddr_len); } + + neighbor_cache[i].netif = inp; neighbor_cache[i].state = ND6_REACHABLE; + neighbor_cache[i].counter.reachable_time = reachable_time; /* Send queued packets, if any. */ if (neighbor_cache[i].q != NULL) { @@ -248,13 +422,14 @@ nd6_input(struct pbuf *p, struct netif *inp) } case ICMP6_TYPE_NS: /* Neighbor solicitation. */ { - struct ns_header * ns_hdr; - struct lladdr_option * lladdr_opt; + struct ns_header *ns_hdr; + struct lladdr_option *lladdr_opt; + ip6_addr_t target_address; u8_t accepted; /* Check that ns header fits in packet. */ if (p->len < sizeof(struct ns_header)) { - /* TODO debug message */ + /* @todo debug message */ pbuf_free(p); ND6_STATS_INC(nd6.lenerr); ND6_STATS_INC(nd6.drop); @@ -263,10 +438,31 @@ nd6_input(struct pbuf *p, struct netif *inp) ns_hdr = (struct ns_header *)p->payload; + /* Create an aligned, zoned copy of the target address. */ + ip6_addr_copy_from_packed(target_address, ns_hdr->target_address); + ip6_addr_assign_zone(&target_address, IP6_UNICAST, inp); + + /* Check a subset of the other RFC 4861 Sec. 7.1.1 requirements. */ + if (IP6H_HOPLIM(ip6_current_header()) != ND6_HOPLIM || ns_hdr->code != 0 || + ip6_addr_ismulticast(&target_address)) { + pbuf_free(p); + ND6_STATS_INC(nd6.proterr); + ND6_STATS_INC(nd6.drop); + return; + } + + /* @todo RFC MUST: all included options have a length greater than zero */ + /* @todo RFC MUST: if IP source is 'any', destination is solicited-node multicast address */ + /* @todo RFC MUST: if IP source is 'any', there is no source LL address option */ + /* Check if there is a link-layer address provided. Only point to it if in this buffer. */ - lladdr_opt = NULL; - if (p->len >= (sizeof(struct ns_header) + sizeof(struct lladdr_option))) { + if (p->len >= (sizeof(struct ns_header) + 2)) { lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct ns_header)); + if (p->len < (sizeof(struct ns_header) + (lladdr_opt->length << 3))) { + lladdr_opt = NULL; + } + } else { + lladdr_opt = NULL; } /* Check if the target address is configured on the receiving netif. */ @@ -275,7 +471,7 @@ nd6_input(struct pbuf *p, struct netif *inp) if ((ip6_addr_isvalid(netif_ip6_addr_state(inp, i)) || (ip6_addr_istentative(netif_ip6_addr_state(inp, i)) && ip6_addr_isany(ip6_current_src_addr()))) && - ip6_addr_cmp(&(ns_hdr->target_address), netif_ip6_addr(inp, i))) { + ip6_addr_cmp(&target_address, netif_ip6_addr(inp, i))) { accepted = 1; break; } @@ -291,17 +487,17 @@ nd6_input(struct pbuf *p, struct netif *inp) if (ip6_addr_isany(ip6_current_src_addr())) { /* Sender is validating this address. */ for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; ++i) { - if (ip6_addr_cmp(&(ns_hdr->target_address), netif_ip6_addr(inp, i))) { + if (!ip6_addr_isinvalid(netif_ip6_addr_state(inp, i)) && + ip6_addr_cmp(&target_address, netif_ip6_addr(inp, i))) { /* Send a NA back so that the sender does not use this address. */ nd6_send_na(inp, netif_ip6_addr(inp, i), ND6_FLAG_OVERRIDE | ND6_SEND_FLAG_ALLNODES_DEST); if (ip6_addr_istentative(netif_ip6_addr_state(inp, i))) { /* We shouldn't use this address either. */ - netif_ip6_addr_set_state(inp, i, IP6_ADDR_INVALID); + nd6_duplicate_addr_detected(inp, i); } } } - } - else { + } else { /* Sender is trying to resolve our address. */ /* Verify that they included their own link-layer address. */ if (lladdr_opt == NULL) { @@ -313,7 +509,7 @@ nd6_input(struct pbuf *p, struct netif *inp) } i = nd6_find_neighbor_cache_entry(ip6_current_src_addr()); - if ( i>= 0) { + if (i>= 0) { /* We already have a record for the solicitor. */ if (neighbor_cache[i].state == ND6_INCOMPLETE) { neighbor_cache[i].netif = inp; @@ -321,11 +517,9 @@ nd6_input(struct pbuf *p, struct netif *inp) /* Delay probe in case we get confirmation of reachability from upper layer (TCP). */ neighbor_cache[i].state = ND6_DELAY; - neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME; + neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME / ND6_TMR_INTERVAL; } - } - else - { + } else { /* Add their IPv6 address and link-layer address to neighbor cache. * We will need it at least to send a unicast NA message, but most * likely we will also be communicating with this node soon. */ @@ -344,27 +538,28 @@ nd6_input(struct pbuf *p, struct netif *inp) /* Receiving a message does not prove reachability: only in one direction. * Delay probe in case we get confirmation of reachability from upper layer (TCP). */ neighbor_cache[i].state = ND6_DELAY; - neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME; + neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME / ND6_TMR_INTERVAL; } - /* Override ip6_current_dest_addr() so that we have an aligned copy. */ - ip6_addr_set(ip6_current_dest_addr(), &(ns_hdr->target_address)); - /* Send back a NA for us. Allocate the reply pbuf. */ - nd6_send_na(inp, ip6_current_dest_addr(), ND6_FLAG_SOLICITED | ND6_FLAG_OVERRIDE); + nd6_send_na(inp, &target_address, ND6_FLAG_SOLICITED | ND6_FLAG_OVERRIDE); } break; /* ICMP6_TYPE_NS */ } case ICMP6_TYPE_RA: /* Router Advertisement. */ { - struct ra_header * ra_hdr; - u8_t * buffer; /* Used to copy options. */ + struct ra_header *ra_hdr; + u8_t *buffer; /* Used to copy options. */ u16_t offset; +#if LWIP_ND6_RDNSS_MAX_DNS_SERVERS + /* There can be multiple RDNSS options per RA */ + u8_t rdnss_server_idx = 0; +#endif /* LWIP_ND6_RDNSS_MAX_DNS_SERVERS */ /* Check that RA header fits in packet. */ if (p->len < sizeof(struct ra_header)) { - /* TODO debug message */ + /* @todo debug message */ pbuf_free(p); ND6_STATS_INC(nd6.lenerr); ND6_STATS_INC(nd6.drop); @@ -373,9 +568,24 @@ nd6_input(struct pbuf *p, struct netif *inp) ra_hdr = (struct ra_header *)p->payload; + /* Check a subset of the other RFC 4861 Sec. 6.1.2 requirements. */ + if (!ip6_addr_islinklocal(ip6_current_src_addr()) || + IP6H_HOPLIM(ip6_current_header()) != ND6_HOPLIM || ra_hdr->code != 0) { + pbuf_free(p); + ND6_STATS_INC(nd6.proterr); + ND6_STATS_INC(nd6.drop); + return; + } + + /* @todo RFC MUST: all included options have a length greater than zero */ + /* If we are sending RS messages, stop. */ #if LWIP_IPV6_SEND_ROUTER_SOLICIT - inp->rs_count = 0; + /* ensure at least one solicitation is sent */ + if ((inp->rs_count < LWIP_ND6_MAX_MULTICAST_SOLICIT) || + (nd6_send_rs(inp) == ERR_OK)) { + inp->rs_count = 0; + } #endif /* LWIP_IPV6_SEND_ROUTER_SOLICIT */ /* Get the matching default router entry. */ @@ -393,19 +603,19 @@ nd6_input(struct pbuf *p, struct netif *inp) } /* Re-set invalidation timer. */ - default_router_list[i].invalidation_timer = ra_hdr->router_lifetime; + default_router_list[i].invalidation_timer = lwip_htons(ra_hdr->router_lifetime); /* Re-set default timer values. */ #if LWIP_ND6_ALLOW_RA_UPDATES if (ra_hdr->retrans_timer > 0) { - retrans_timer = ra_hdr->retrans_timer; + retrans_timer = lwip_htonl(ra_hdr->retrans_timer); } if (ra_hdr->reachable_time > 0) { - reachable_time = ra_hdr->reachable_time; + reachable_time = lwip_htonl(ra_hdr->reachable_time); } #endif /* LWIP_ND6_ALLOW_RA_UPDATES */ - /* TODO set default hop limit... */ + /* @todo set default hop limit... */ /* ra_hdr->current_hop_limit;*/ /* Update flags in local entry (incl. preference). */ @@ -415,18 +625,44 @@ nd6_input(struct pbuf *p, struct netif *inp) offset = sizeof(struct ra_header); /* Process each option. */ - while ((p->tot_len - offset) > 0) { + while ((p->tot_len - offset) >= 2) { + u8_t option_type; + u16_t option_len; + int option_len8 = pbuf_try_get_at(p, offset + 1); + if (option_len8 <= 0) { + /* read beyond end or zero length */ + goto lenerr_drop_free_return; + } + option_len = ((u8_t)option_len8) << 3; + if (option_len > p->tot_len - offset) { + /* short packet (option does not fit in) */ + goto lenerr_drop_free_return; + } if (p->len == p->tot_len) { /* no need to copy from contiguous pbuf */ buffer = &((u8_t*)p->payload)[offset]; } else { - buffer = nd6_ra_buffer; - pbuf_copy_partial(p, buffer, sizeof(struct prefix_option), offset); + /* check if this option fits into our buffer */ + if (option_len > sizeof(nd6_ra_buffer)) { + option_type = pbuf_get_at(p, offset); + /* invalid option length */ + if (option_type != ND6_OPTION_TYPE_RDNSS) { + goto lenerr_drop_free_return; + } + /* we allow RDNSS option to be longer - we'll just drop some servers */ + option_len = sizeof(nd6_ra_buffer); + } + buffer = (u8_t*)&nd6_ra_buffer; + option_len = pbuf_copy_partial(p, &nd6_ra_buffer, option_len, offset); } - switch (buffer[0]) { + option_type = buffer[0]; + switch (option_type) { case ND6_OPTION_TYPE_SOURCE_LLADDR: { - struct lladdr_option * lladdr_opt; + struct lladdr_option *lladdr_opt; + if (option_len < sizeof(struct lladdr_option)) { + goto lenerr_drop_free_return; + } lladdr_opt = (struct lladdr_option *)buffer; if ((default_router_list[i].neighbor_entry != NULL) && (default_router_list[i].neighbor_entry->state == ND6_INCOMPLETE)) { @@ -438,73 +674,125 @@ nd6_input(struct pbuf *p, struct netif *inp) } case ND6_OPTION_TYPE_MTU: { - struct mtu_option * mtu_opt; + struct mtu_option *mtu_opt; + if (option_len < sizeof(struct mtu_option)) { + goto lenerr_drop_free_return; + } mtu_opt = (struct mtu_option *)buffer; - if (mtu_opt->mtu >= 1280) { + if (lwip_htonl(mtu_opt->mtu) >= 1280) { #if LWIP_ND6_ALLOW_RA_UPDATES - inp->mtu = mtu_opt->mtu; + inp->mtu = (u16_t)lwip_htonl(mtu_opt->mtu); #endif /* LWIP_ND6_ALLOW_RA_UPDATES */ } break; } case ND6_OPTION_TYPE_PREFIX_INFO: { - struct prefix_option * prefix_opt; + struct prefix_option *prefix_opt; + ip6_addr_t prefix_addr; + if (option_len < sizeof(struct prefix_option)) { + goto lenerr_drop_free_return; + } + prefix_opt = (struct prefix_option *)buffer; - if (prefix_opt->flags & ND6_PREFIX_FLAG_ON_LINK) { - /* Add to on-link prefix list. */ + /* Get a memory-aligned copy of the prefix. */ + ip6_addr_copy_from_packed(prefix_addr, prefix_opt->prefix); + ip6_addr_assign_zone(&prefix_addr, IP6_UNICAST, inp); - /* Get a memory-aligned copy of the prefix. */ - ip6_addr_set(ip6_current_dest_addr(), &(prefix_opt->prefix)); + if (!ip6_addr_islinklocal(&prefix_addr)) { + if ((prefix_opt->flags & ND6_PREFIX_FLAG_ON_LINK) && + (prefix_opt->prefix_length == 64)) { + /* Add to on-link prefix list. */ + u32_t valid_life; + s8_t prefix; - /* find cache entry for this prefix. */ - i = nd6_get_onlink_prefix(ip6_current_dest_addr(), inp); - if (i < 0) { - /* Create a new cache entry. */ - i = nd6_new_onlink_prefix(ip6_current_dest_addr(), inp); - } - if (i >= 0) { - prefix_list[i].invalidation_timer = prefix_opt->valid_lifetime; + valid_life = lwip_htonl(prefix_opt->valid_lifetime); -#if LWIP_IPV6_AUTOCONFIG - if (prefix_opt->flags & ND6_PREFIX_FLAG_AUTONOMOUS) { - /* Mark prefix as autonomous, so that address autoconfiguration can take place. - * Only OR flag, so that we don't over-write other flags (such as ADDRESS_DUPLICATE)*/ - prefix_list[i].flags |= ND6_PREFIX_AUTOCONFIG_AUTONOMOUS; + /* find cache entry for this prefix. */ + prefix = nd6_get_onlink_prefix(&prefix_addr, inp); + if (prefix < 0 && valid_life > 0) { + /* Create a new cache entry. */ + prefix = nd6_new_onlink_prefix(&prefix_addr, inp); + } + if (prefix >= 0) { + prefix_list[prefix].invalidation_timer = valid_life; } -#endif /* LWIP_IPV6_AUTOCONFIG */ } +#if LWIP_IPV6_AUTOCONFIG + if (prefix_opt->flags & ND6_PREFIX_FLAG_AUTONOMOUS) { + /* Perform processing for autoconfiguration. */ + nd6_process_autoconfig_prefix(inp, prefix_opt, &prefix_addr); + } +#endif /* LWIP_IPV6_AUTOCONFIG */ } break; } case ND6_OPTION_TYPE_ROUTE_INFO: - { - /* TODO implement preferred routes. + /* @todo implement preferred routes. struct route_option * route_opt; route_opt = (struct route_option *)buffer;*/ break; +#if LWIP_ND6_RDNSS_MAX_DNS_SERVERS + case ND6_OPTION_TYPE_RDNSS: + { + u8_t num, n; + u16_t copy_offset = offset + SIZEOF_RDNSS_OPTION_BASE; + struct rdnss_option * rdnss_opt; + if (option_len < SIZEOF_RDNSS_OPTION_BASE) { + goto lenerr_drop_free_return; + } + + rdnss_opt = (struct rdnss_option *)buffer; + num = (rdnss_opt->length - 1) / 2; + for (n = 0; (rdnss_server_idx < DNS_MAX_SERVERS) && (n < num); n++) { + ip_addr_t rdnss_address; + + /* Copy directly from pbuf to get an aligned, zoned copy of the prefix. */ + if (pbuf_copy_partial(p, &rdnss_address, sizeof(ip6_addr_p_t), copy_offset) == sizeof(ip6_addr_p_t)) { + IP_SET_TYPE_VAL(rdnss_address, IPADDR_TYPE_V6); + ip6_addr_assign_zone(ip_2_ip6(&rdnss_address), IP6_UNKNOWN, inp); + + if (htonl(rdnss_opt->lifetime) > 0) { + /* TODO implement Lifetime > 0 */ + dns_setserver(rdnss_server_idx++, &rdnss_address); + } else { + /* TODO implement DNS removal in dns.c */ + u8_t s; + for (s = 0; s < DNS_MAX_SERVERS; s++) { + const ip_addr_t *addr = dns_getserver(s); + if(ip_addr_cmp(addr, &rdnss_address)) { + dns_setserver(s, NULL); + } + } + } + } + } + break; } +#endif /* LWIP_ND6_RDNSS_MAX_DNS_SERVERS */ default: /* Unrecognized option, abort. */ ND6_STATS_INC(nd6.proterr); break; } - offset += 8 * ((u16_t)buffer[1]); + /* option length is checked earlier to be non-zero to make sure loop ends */ + offset += 8 * (u8_t)option_len8; } break; /* ICMP6_TYPE_RA */ } case ICMP6_TYPE_RD: /* Redirect */ { - struct redirect_header * redir_hdr; - struct lladdr_option * lladdr_opt; + struct redirect_header *redir_hdr; + struct lladdr_option *lladdr_opt; + ip6_addr_t destination_address, target_address; /* Check that Redir header fits in packet. */ if (p->len < sizeof(struct redirect_header)) { - /* TODO debug message */ + /* @todo debug message */ pbuf_free(p); ND6_STATS_INC(nd6.lenerr); ND6_STATS_INC(nd6.drop); @@ -513,43 +801,63 @@ nd6_input(struct pbuf *p, struct netif *inp) redir_hdr = (struct redirect_header *)p->payload; - lladdr_opt = NULL; - if (p->len >= (sizeof(struct redirect_header) + sizeof(struct lladdr_option))) { - lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct redirect_header)); + /* Create an aligned, zoned copy of the destination address. */ + ip6_addr_copy_from_packed(destination_address, redir_hdr->destination_address); + ip6_addr_assign_zone(&destination_address, IP6_UNICAST, inp); + + /* Check a subset of the other RFC 4861 Sec. 8.1 requirements. */ + if (!ip6_addr_islinklocal(ip6_current_src_addr()) || + IP6H_HOPLIM(ip6_current_header()) != ND6_HOPLIM || + redir_hdr->code != 0 || ip6_addr_ismulticast(&destination_address)) { + pbuf_free(p); + ND6_STATS_INC(nd6.proterr); + ND6_STATS_INC(nd6.drop); + return; } - /* Copy original destination address to current source address, to have an aligned copy. */ - ip6_addr_set(ip6_current_src_addr(), &(redir_hdr->destination_address)); + /* @todo RFC MUST: IP source address equals first-hop router for destination_address */ + /* @todo RFC MUST: ICMP target address is either link-local address or same as destination_address */ + /* @todo RFC MUST: all included options have a length greater than zero */ + + if (p->len >= (sizeof(struct redirect_header) + 2)) { + lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct redirect_header)); + if (p->len < (sizeof(struct redirect_header) + (lladdr_opt->length << 3))) { + lladdr_opt = NULL; + } + } else { + lladdr_opt = NULL; + } /* Find dest address in cache */ - i = nd6_find_destination_cache_entry(ip6_current_src_addr()); + i = nd6_find_destination_cache_entry(&destination_address); if (i < 0) { /* Destination not in cache, drop packet. */ pbuf_free(p); return; } + /* Create an aligned, zoned copy of the target address. */ + ip6_addr_copy_from_packed(target_address, redir_hdr->target_address); + ip6_addr_assign_zone(&target_address, IP6_UNICAST, inp); + /* Set the new target address. */ - ip6_addr_set(&(destination_cache[i].next_hop_addr), &(redir_hdr->target_address)); + ip6_addr_copy(destination_cache[i].next_hop_addr, target_address); /* If Link-layer address of other router is given, try to add to neighbor cache. */ if (lladdr_opt != NULL) { if (lladdr_opt->type == ND6_OPTION_TYPE_TARGET_LLADDR) { - /* Copy target address to current source address, to have an aligned copy. */ - ip6_addr_set(ip6_current_src_addr(), &(redir_hdr->target_address)); - - i = nd6_find_neighbor_cache_entry(ip6_current_src_addr()); + i = nd6_find_neighbor_cache_entry(&target_address); if (i < 0) { i = nd6_new_neighbor_cache_entry(); if (i >= 0) { neighbor_cache[i].netif = inp; MEMCPY(neighbor_cache[i].lladdr, lladdr_opt->addr, inp->hwaddr_len); - ip6_addr_set(&(neighbor_cache[i].next_hop_address), ip6_current_src_addr()); + ip6_addr_copy(neighbor_cache[i].next_hop_address, target_address); /* Receiving a message does not prove reachability: only in one direction. * Delay probe in case we get confirmation of reachability from upper layer (TCP). */ neighbor_cache[i].state = ND6_DELAY; - neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME; + neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME / ND6_TMR_INTERVAL; } } if (i >= 0) { @@ -558,7 +866,7 @@ nd6_input(struct pbuf *p, struct netif *inp) /* Receiving a message does not prove reachability: only in one direction. * Delay probe in case we get confirmation of reachability from upper layer (TCP). */ neighbor_cache[i].state = ND6_DELAY; - neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME; + neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME / ND6_TMR_INTERVAL; } } } @@ -568,7 +876,9 @@ nd6_input(struct pbuf *p, struct netif *inp) case ICMP6_TYPE_PTB: /* Packet too big */ { struct icmp6_hdr *icmp6hdr; /* Packet too big message */ - struct ip6_hdr * ip6hdr; /* IPv6 header of the packet which caused the error */ + struct ip6_hdr *ip6hdr; /* IPv6 header of the packet which caused the error */ + u32_t pmtu; + ip6_addr_t destination_address; /* Check that ICMPv6 header + IPv6 header fit in payload */ if (p->len < (sizeof(struct icmp6_hdr) + IP6_HLEN)) { @@ -582,11 +892,12 @@ nd6_input(struct pbuf *p, struct netif *inp) icmp6hdr = (struct icmp6_hdr *)p->payload; ip6hdr = (struct ip6_hdr *)((u8_t*)p->payload + sizeof(struct icmp6_hdr)); - /* Copy original destination address to current source address, to have an aligned copy. */ - ip6_addr_set(ip6_current_src_addr(), &(ip6hdr->dest)); + /* Create an aligned, zoned copy of the destination address. */ + ip6_addr_copy_from_packed(destination_address, ip6hdr->dest); + ip6_addr_assign_zone(&destination_address, IP6_UNKNOWN, inp); /* Look for entry in destination cache. */ - i = nd6_find_destination_cache_entry(ip6_current_src_addr()); + i = nd6_find_destination_cache_entry(&destination_address); if (i < 0) { /* Destination not in cache, drop packet. */ pbuf_free(p); @@ -594,7 +905,8 @@ nd6_input(struct pbuf *p, struct netif *inp) } /* Change the Path MTU. */ - destination_cache[i].pmtu = icmp6hdr->data; + pmtu = lwip_htonl(icmp6hdr->data); + destination_cache[i].pmtu = (u16_t)LWIP_MIN(pmtu, 0xFFFF); break; /* ICMP6_TYPE_PTB */ } @@ -606,6 +918,11 @@ nd6_input(struct pbuf *p, struct netif *inp) } pbuf_free(p); + return; +lenerr_drop_free_return: + ND6_STATS_INC(nd6.lenerr); + ND6_STATS_INC(nd6.drop); + pbuf_free(p); } @@ -615,6 +932,7 @@ nd6_input(struct pbuf *p, struct netif *inp) * - Update neighbor reachability states * - Update destination cache entries age * - Update invalidation timers of default routers and on-link prefixes + * - Update lifetimes of our addresses * - Perform duplicate address detection (DAD) for our addresses * - Send router solicitations */ @@ -622,23 +940,20 @@ void nd6_tmr(void) { s8_t i; -#if LWIP_IPV6_AUTOCONFIG - s8_t j; -#endif - struct netif * netif; + struct netif *netif; /* Process neighbor entries. */ for (i = 0; i < LWIP_ND6_NUM_NEIGHBORS; i++) { switch (neighbor_cache[i].state) { case ND6_INCOMPLETE: - if (neighbor_cache[i].counter.probes_sent >= LWIP_ND6_MAX_MULTICAST_SOLICIT) { + if ((neighbor_cache[i].counter.probes_sent >= LWIP_ND6_MAX_MULTICAST_SOLICIT) && + (!neighbor_cache[i].isrouter)) { /* Retries exceeded. */ nd6_free_neighbor_cache_entry(i); - } - else { + } else { /* Send a NS for this entry. */ neighbor_cache[i].counter.probes_sent++; - nd6_send_ns(neighbor_cache[i].netif, &(neighbor_cache[i].next_hop_address), ND6_SEND_FLAG_MULTICAST_DEST); + nd6_send_neighbor_cache_probe(&neighbor_cache[i], ND6_SEND_FLAG_MULTICAST_DEST); } break; case ND6_REACHABLE: @@ -650,33 +965,31 @@ nd6_tmr(void) /* Change to stale state. */ neighbor_cache[i].state = ND6_STALE; neighbor_cache[i].counter.stale_time = 0; - } - else { + } else { neighbor_cache[i].counter.reachable_time -= ND6_TMR_INTERVAL; } break; case ND6_STALE: - neighbor_cache[i].counter.stale_time += ND6_TMR_INTERVAL; + neighbor_cache[i].counter.stale_time++; break; case ND6_DELAY: - if (neighbor_cache[i].counter.delay_time <= ND6_TMR_INTERVAL) { + if (neighbor_cache[i].counter.delay_time <= 1) { /* Change to PROBE state. */ neighbor_cache[i].state = ND6_PROBE; neighbor_cache[i].counter.probes_sent = 0; - } - else { - neighbor_cache[i].counter.delay_time -= ND6_TMR_INTERVAL; + } else { + neighbor_cache[i].counter.delay_time--; } break; case ND6_PROBE: - if (neighbor_cache[i].counter.probes_sent >= LWIP_ND6_MAX_MULTICAST_SOLICIT) { + if ((neighbor_cache[i].counter.probes_sent >= LWIP_ND6_MAX_MULTICAST_SOLICIT) && + (!neighbor_cache[i].isrouter)) { /* Retries exceeded. */ nd6_free_neighbor_cache_entry(i); - } - else { + } else { /* Send a NS for this entry. */ neighbor_cache[i].counter.probes_sent++; - nd6_send_ns(neighbor_cache[i].netif, &(neighbor_cache[i].next_hop_address), 0); + nd6_send_neighbor_cache_probe(&neighbor_cache[i], 0); } break; case ND6_NO_ENTRY: @@ -695,81 +1008,112 @@ nd6_tmr(void) for (i = 0; i < LWIP_ND6_NUM_ROUTERS; i++) { if (default_router_list[i].neighbor_entry != NULL) { /* Active entry. */ - if (default_router_list[i].invalidation_timer > 0) { - default_router_list[i].invalidation_timer -= ND6_TMR_INTERVAL / 1000; - } - if (default_router_list[i].invalidation_timer < ND6_TMR_INTERVAL / 1000) { - /* Less than 1 second remainig. Clear this entry. */ + if (default_router_list[i].invalidation_timer <= ND6_TMR_INTERVAL / 1000) { + /* No more than 1 second remaining. Clear this entry. Also clear any of + * its destination cache entries, as per RFC 4861 Sec. 5.3 and 6.3.5. */ + s8_t j; + for (j = 0; j < LWIP_ND6_NUM_DESTINATIONS; j++) { + if (ip6_addr_cmp(&destination_cache[j].next_hop_addr, + &default_router_list[i].neighbor_entry->next_hop_address)) { + ip6_addr_set_any(&destination_cache[j].destination_addr); + } + } default_router_list[i].neighbor_entry->isrouter = 0; default_router_list[i].neighbor_entry = NULL; default_router_list[i].invalidation_timer = 0; default_router_list[i].flags = 0; + } else { + default_router_list[i].invalidation_timer -= ND6_TMR_INTERVAL / 1000; } } } /* Process prefix entries. */ for (i = 0; i < LWIP_ND6_NUM_PREFIXES; i++) { - if (prefix_list[i].invalidation_timer < ND6_TMR_INTERVAL / 1000) { - prefix_list[i].invalidation_timer = 0; - } - if ((prefix_list[i].invalidation_timer > 0) && - (prefix_list[i].netif != NULL)) { - prefix_list[i].invalidation_timer -= ND6_TMR_INTERVAL / 1000; - -#if LWIP_IPV6_AUTOCONFIG - /* Initiate address autoconfiguration for this prefix, if conditions are met. */ - if (prefix_list[i].netif->ip6_autoconfig_enabled && - (prefix_list[i].flags & ND6_PREFIX_AUTOCONFIG_AUTONOMOUS) && - !(prefix_list[i].flags & ND6_PREFIX_AUTOCONFIG_ADDRESS_GENERATED)) { - /* Try to get an address on this netif that is invalid. - * Skip 0 index (link-local address) */ - for (j = 1; j < LWIP_IPV6_NUM_ADDRESSES; j++) { - if (netif_ip6_addr_state(prefix_list[i].netif, j) == IP6_ADDRESS_STATE_INVALID) { - /* Generate an address using this prefix and interface ID from link-local address. */ - prefix_list[i].netif->ip6_addr[j].addr[0] = prefix_list[i].prefix.addr[0]; - prefix_list[i].netif->ip6_addr[j].addr[1] = prefix_list[i].prefix.addr[1]; - prefix_list[i].netif->ip6_addr[j].addr[2] = prefix_list[i].netif->ip6_addr[0].addr[2]; - prefix_list[i].netif->ip6_addr[j].addr[3] = prefix_list[i].netif->ip6_addr[0].addr[3]; - - /* Mark it as tentative (DAD will be performed if configured). */ - netif_ip6_addr_set_state(prefix_list[i].netif, j, IP6_ADDR_TENTATIVE); - - /* Mark this prefix with ADDRESS_GENERATED, so that we don't try again. */ - prefix_list[i].flags |= ND6_PREFIX_AUTOCONFIG_ADDRESS_GENERATED; - - /* Exit loop. */ - break; - } - } + if (prefix_list[i].netif != NULL) { + if (prefix_list[i].invalidation_timer <= ND6_TMR_INTERVAL / 1000) { + /* Entry timed out, remove it */ + prefix_list[i].invalidation_timer = 0; + prefix_list[i].netif = NULL; + } else { + prefix_list[i].invalidation_timer -= ND6_TMR_INTERVAL / 1000; } -#endif /* LWIP_IPV6_AUTOCONFIG */ } } - - /* Process our own addresses, if DAD configured. */ - for (netif = netif_list; netif != NULL; netif = netif->next) { + /* Process our own addresses, updating address lifetimes and/or DAD state. */ + NETIF_FOREACH(netif) { for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; ++i) { - if (ip6_addr_istentative(netif->ip6_addr_state[i])) { - if ((netif->ip6_addr_state[i] & 0x07) >= LWIP_IPV6_DUP_DETECT_ATTEMPTS) { - /* No NA received in response. Mark address as valid. */ - netif->ip6_addr_state[i] = IP6_ADDR_PREFERRED; - /* TODO implement preferred and valid lifetimes. */ + u8_t addr_state; +#if LWIP_IPV6_ADDRESS_LIFETIMES + /* Step 1: update address lifetimes (valid and preferred). */ + addr_state = netif_ip6_addr_state(netif, i); + /* RFC 4862 is not entirely clear as to whether address lifetimes affect + * tentative addresses, and is even less clear as to what should happen + * with duplicate addresses. We choose to track and update lifetimes for + * both those types, although for different reasons: + * - for tentative addresses, the line of thought of Sec. 5.7 combined + * with the potentially long period that an address may be in tentative + * state (due to the interface being down) suggests that lifetimes + * should be independent of external factors which would include DAD; + * - for duplicate addresses, retiring them early could result in a new + * but unwanted attempt at marking them as valid, while retiring them + * late/never could clog up address slots on the netif. + * As a result, we may end up expiring addresses of either type here. + */ + if (!ip6_addr_isinvalid(addr_state) && + !netif_ip6_addr_isstatic(netif, i)) { + u32_t life = netif_ip6_addr_valid_life(netif, i); + if (life <= ND6_TMR_INTERVAL / 1000) { + /* The address has expired. */ + netif_ip6_addr_set_valid_life(netif, i, 0); + netif_ip6_addr_set_pref_life(netif, i, 0); + netif_ip6_addr_set_state(netif, i, IP6_ADDR_INVALID); + } else { + if (!ip6_addr_life_isinfinite(life)) { + life -= ND6_TMR_INTERVAL / 1000; + LWIP_ASSERT("bad valid lifetime", life != IP6_ADDR_LIFE_STATIC); + netif_ip6_addr_set_valid_life(netif, i, life); + } + /* The address is still here. Update the preferred lifetime too. */ + life = netif_ip6_addr_pref_life(netif, i); + if (life <= ND6_TMR_INTERVAL / 1000) { + /* This case must also trigger if 'life' was already zero, so as to + * deal correctly with advertised preferred-lifetime reductions. */ + netif_ip6_addr_set_pref_life(netif, i, 0); + if (addr_state == IP6_ADDR_PREFERRED) + netif_ip6_addr_set_state(netif, i, IP6_ADDR_DEPRECATED); + } else if (!ip6_addr_life_isinfinite(life)) { + life -= ND6_TMR_INTERVAL / 1000; + netif_ip6_addr_set_pref_life(netif, i, life); + } } - else if (netif->flags & NETIF_FLAG_UP) { -#if LWIP_IPV6_MLD - if ((netif->ip6_addr_state[i] & 0x07) == 0) { - /* Join solicited node multicast group. */ - ip6_addr_set_solicitednode(&multicast_address, netif_ip6_addr(netif, i)->addr[3]); - mld6_joingroup(netif_ip6_addr(netif, i), &multicast_address); + } + /* The address state may now have changed, so reobtain it next. */ +#endif /* LWIP_IPV6_ADDRESS_LIFETIMES */ + /* Step 2: update DAD state. */ + addr_state = netif_ip6_addr_state(netif, i); + if (ip6_addr_istentative(addr_state)) { + if ((addr_state & IP6_ADDR_TENTATIVE_COUNT_MASK) >= LWIP_IPV6_DUP_DETECT_ATTEMPTS) { + /* No NA received in response. Mark address as valid. For dynamic + * addresses with an expired preferred lifetime, the state is set to + * deprecated right away. That should almost never happen, though. */ + addr_state = IP6_ADDR_PREFERRED; +#if LWIP_IPV6_ADDRESS_LIFETIMES + if (!netif_ip6_addr_isstatic(netif, i) && + netif_ip6_addr_pref_life(netif, i) == 0) { + addr_state = IP6_ADDR_DEPRECATED; } -#endif /* LWIP_IPV6_MLD */ - /* Send a NS for this address. */ - nd6_send_ns(netif, netif_ip6_addr(netif, i), ND6_SEND_FLAG_MULTICAST_DEST); - (netif->ip6_addr_state[i])++; - /* TODO send max 1 NS per tmr call? enable return*/ - /*return;*/ +#endif /* LWIP_IPV6_ADDRESS_LIFETIMES */ + netif_ip6_addr_set_state(netif, i, addr_state); + } else if (netif_is_up(netif) && netif_is_link_up(netif)) { + /* tentative: set next state by increasing by one */ + netif_ip6_addr_set_state(netif, i, addr_state + 1); + /* Send a NS for this address. Use the unspecified address as source + * address in all cases (RFC 4862 Sec. 5.4.2), not in the least + * because as it is, we only consider multicast replies for DAD. */ + nd6_send_ns(netif, netif_ip6_addr(netif, i), + ND6_SEND_FLAG_MULTICAST_DEST | ND6_SEND_FLAG_ANY_SRC); } } } @@ -777,16 +1121,31 @@ nd6_tmr(void) #if LWIP_IPV6_SEND_ROUTER_SOLICIT /* Send router solicitation messages, if necessary. */ - for (netif = netif_list; netif != NULL; netif = netif->next) { - if ((netif->rs_count > 0) && (netif->flags & NETIF_FLAG_UP)) { - nd6_send_rs(netif); - netif->rs_count--; + NETIF_FOREACH(netif) { + if ((netif->rs_count > 0) && netif_is_up(netif) && + netif_is_link_up(netif) && + !ip6_addr_isinvalid(netif_ip6_addr_state(netif, 0)) && + !ip6_addr_isduplicated(netif_ip6_addr_state(netif, 0))) { + if (nd6_send_rs(netif) == ERR_OK) { + netif->rs_count--; + } } } #endif /* LWIP_IPV6_SEND_ROUTER_SOLICIT */ } +/** Send a neighbor solicitation message for a specific neighbor cache entry + * + * @param entry the neightbor cache entry for wich to send the message + * @param flags one of ND6_SEND_FLAG_* + */ +static void +nd6_send_neighbor_cache_probe(struct nd6_neighbor_cache_entry *entry, u8_t flags) +{ + nd6_send_ns(entry->netif, &entry->next_hop_address, flags); +} + /** * Send a neighbor solicitation message * @@ -795,58 +1154,68 @@ nd6_tmr(void) * @param flags one of ND6_SEND_FLAG_* */ static void -nd6_send_ns(struct netif * netif, ip6_addr_t * target_addr, u8_t flags) +nd6_send_ns(struct netif *netif, const ip6_addr_t *target_addr, u8_t flags) { - struct ns_header * ns_hdr; - struct lladdr_option * lladdr_opt; - struct pbuf * p; - ip6_addr_t * src_addr; + struct ns_header *ns_hdr; + struct pbuf *p; + const ip6_addr_t *src_addr; + u16_t lladdr_opt_len; - if (ip6_addr_isvalid(netif_ip6_addr_state(netif,0))) { + LWIP_ASSERT("target address is required", target_addr != NULL); + + if (!(flags & ND6_SEND_FLAG_ANY_SRC) && + ip6_addr_isvalid(netif_ip6_addr_state(netif,0))) { /* Use link-local address as source address. */ src_addr = netif_ip6_addr(netif, 0); + /* calculate option length (in 8-byte-blocks) */ + lladdr_opt_len = ((netif->hwaddr_len + 2) + 7) >> 3; } else { - src_addr = IP6_ADDR_ANY; + src_addr = IP6_ADDR_ANY6; + /* Option "MUST NOT be included when the source IP address is the unspecified address." */ + lladdr_opt_len = 0; } /* Allocate a packet. */ - p = pbuf_alloc(PBUF_IP, sizeof(struct ns_header) + sizeof(struct lladdr_option), PBUF_RAM); - if ((p == NULL) || (p->len < (sizeof(struct ns_header) + sizeof(struct lladdr_option)))) { - /* We couldn't allocate a suitable pbuf for the ns. drop it. */ - if (p != NULL) { - pbuf_free(p); - } + p = pbuf_alloc(PBUF_IP, sizeof(struct ns_header) + (lladdr_opt_len << 3), PBUF_RAM); + if (p == NULL) { ND6_STATS_INC(nd6.memerr); return; } /* Set fields. */ ns_hdr = (struct ns_header *)p->payload; - lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct ns_header)); ns_hdr->type = ICMP6_TYPE_NS; ns_hdr->code = 0; ns_hdr->chksum = 0; ns_hdr->reserved = 0; - ip6_addr_set(&(ns_hdr->target_address), target_addr); + ip6_addr_copy_to_packed(ns_hdr->target_address, *target_addr); - lladdr_opt->type = ND6_OPTION_TYPE_SOURCE_LLADDR; - lladdr_opt->length = ((netif->hwaddr_len + 2) >> 3) + (((netif->hwaddr_len + 2) & 0x07) ? 1 : 0); - SMEMCPY(lladdr_opt->addr, netif->hwaddr, netif->hwaddr_len); + if (lladdr_opt_len != 0) { + struct lladdr_option *lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct ns_header)); + lladdr_opt->type = ND6_OPTION_TYPE_SOURCE_LLADDR; + lladdr_opt->length = (u8_t)lladdr_opt_len; + SMEMCPY(lladdr_opt->addr, netif->hwaddr, netif->hwaddr_len); + } /* Generate the solicited node address for the target address. */ if (flags & ND6_SEND_FLAG_MULTICAST_DEST) { ip6_addr_set_solicitednode(&multicast_address, target_addr->addr[3]); + ip6_addr_assign_zone(&multicast_address, IP6_MULTICAST, netif); target_addr = &multicast_address; } - ns_hdr->chksum = ip6_chksum_pseudo(p, IP6_NEXTH_ICMP6, p->len, src_addr, - target_addr); +#if CHECKSUM_GEN_ICMP6 + IF__NETIF_CHECKSUM_ENABLED(netif, NETIF_CHECKSUM_GEN_ICMP6) { + ns_hdr->chksum = ip6_chksum_pseudo(p, IP6_NEXTH_ICMP6, p->len, src_addr, + target_addr); + } +#endif /* CHECKSUM_GEN_ICMP6 */ /* Send the packet out. */ ND6_STATS_INC(nd6.xmit); - ip6_output_if(p, (src_addr == IP6_ADDR_ANY) ? NULL : src_addr, target_addr, - LWIP_ICMP6_HL, 0, IP6_NEXTH_ICMP6, netif); + ip6_output_if(p, (src_addr == IP6_ADDR_ANY6) ? NULL : src_addr, target_addr, + ND6_HOPLIM, 0, IP6_NEXTH_ICMP6, netif); pbuf_free(p); } @@ -858,26 +1227,26 @@ nd6_send_ns(struct netif * netif, ip6_addr_t * target_addr, u8_t flags) * @param flags one of ND6_SEND_FLAG_* */ static void -nd6_send_na(struct netif * netif, ip6_addr_t * target_addr, u8_t flags) +nd6_send_na(struct netif *netif, const ip6_addr_t *target_addr, u8_t flags) { - struct na_header * na_hdr; - struct lladdr_option * lladdr_opt; - struct pbuf * p; - ip6_addr_t * src_addr; - ip6_addr_t * dest_addr; + struct na_header *na_hdr; + struct lladdr_option *lladdr_opt; + struct pbuf *p; + const ip6_addr_t *src_addr; + const ip6_addr_t *dest_addr; + u16_t lladdr_opt_len; + + LWIP_ASSERT("target address is required", target_addr != NULL); /* Use link-local address as source address. */ - /* src_addr = &(netif->ip6_addr[0]); */ + /* src_addr = netif_ip6_addr(netif, 0); */ /* Use target address as source address. */ src_addr = target_addr; /* Allocate a packet. */ - p = pbuf_alloc(PBUF_IP, sizeof(struct na_header) + sizeof(struct lladdr_option), PBUF_RAM); - if ((p == NULL) || (p->len < (sizeof(struct na_header) + sizeof(struct lladdr_option)))) { - /* We couldn't allocate a suitable pbuf for the ns. drop it. */ - if (p != NULL) { - pbuf_free(p); - } + lladdr_opt_len = ((netif->hwaddr_len + 2) >> 3) + (((netif->hwaddr_len + 2) & 0x07) ? 1 : 0); + p = pbuf_alloc(PBUF_IP, sizeof(struct na_header) + (lladdr_opt_len << 3), PBUF_RAM); + if (p == NULL) { ND6_STATS_INC(nd6.memerr); return; } @@ -893,32 +1262,36 @@ nd6_send_na(struct netif * netif, ip6_addr_t * target_addr, u8_t flags) na_hdr->reserved[0] = 0; na_hdr->reserved[1] = 0; na_hdr->reserved[2] = 0; - ip6_addr_set(&(na_hdr->target_address), target_addr); + ip6_addr_copy_to_packed(na_hdr->target_address, *target_addr); lladdr_opt->type = ND6_OPTION_TYPE_TARGET_LLADDR; - lladdr_opt->length = ((netif->hwaddr_len + 2) >> 3) + (((netif->hwaddr_len + 2) & 0x07) ? 1 : 0); + lladdr_opt->length = (u8_t)lladdr_opt_len; SMEMCPY(lladdr_opt->addr, netif->hwaddr, netif->hwaddr_len); /* Generate the solicited node address for the target address. */ if (flags & ND6_SEND_FLAG_MULTICAST_DEST) { ip6_addr_set_solicitednode(&multicast_address, target_addr->addr[3]); + ip6_addr_assign_zone(&multicast_address, IP6_MULTICAST, netif); dest_addr = &multicast_address; - } - else if (flags & ND6_SEND_FLAG_ALLNODES_DEST) { + } else if (flags & ND6_SEND_FLAG_ALLNODES_DEST) { ip6_addr_set_allnodes_linklocal(&multicast_address); + ip6_addr_assign_zone(&multicast_address, IP6_MULTICAST, netif); dest_addr = &multicast_address; - } - else { + } else { dest_addr = ip6_current_src_addr(); } - na_hdr->chksum = ip6_chksum_pseudo(p, IP6_NEXTH_ICMP6, p->len, src_addr, - dest_addr); +#if CHECKSUM_GEN_ICMP6 + IF__NETIF_CHECKSUM_ENABLED(netif, NETIF_CHECKSUM_GEN_ICMP6) { + na_hdr->chksum = ip6_chksum_pseudo(p, IP6_NEXTH_ICMP6, p->len, src_addr, + dest_addr); + } +#endif /* CHECKSUM_GEN_ICMP6 */ /* Send the packet out. */ ND6_STATS_INC(nd6.xmit); ip6_output_if(p, src_addr, dest_addr, - LWIP_ICMP6_HL, 0, IP6_NEXTH_ICMP6, netif); + ND6_HOPLIM, 0, IP6_NEXTH_ICMP6, netif); pbuf_free(p); } @@ -928,39 +1301,35 @@ nd6_send_na(struct netif * netif, ip6_addr_t * target_addr, u8_t flags) * * @param netif the netif on which to send the message */ -static void -nd6_send_rs(struct netif * netif) +static err_t +nd6_send_rs(struct netif *netif) { - struct rs_header * rs_hdr; - struct lladdr_option * lladdr_opt; - struct pbuf * p; - ip6_addr_t * src_addr; - u16_t packet_len; + struct rs_header *rs_hdr; + struct lladdr_option *lladdr_opt; + struct pbuf *p; + const ip6_addr_t *src_addr; + err_t err; + u16_t lladdr_opt_len = 0; /* Link-local source address, or unspecified address? */ if (ip6_addr_isvalid(netif_ip6_addr_state(netif, 0))) { src_addr = netif_ip6_addr(netif, 0); - } - else { - src_addr = IP6_ADDR_ANY; + } else { + src_addr = IP6_ADDR_ANY6; } /* Generate the all routers target address. */ ip6_addr_set_allrouters_linklocal(&multicast_address); + ip6_addr_assign_zone(&multicast_address, IP6_MULTICAST, netif); /* Allocate a packet. */ - packet_len = sizeof(struct rs_header); - if (src_addr != IP6_ADDR_ANY) { - packet_len += sizeof(struct lladdr_option); + if (src_addr != IP6_ADDR_ANY6) { + lladdr_opt_len = ((netif->hwaddr_len + 2) >> 3) + (((netif->hwaddr_len + 2) & 0x07) ? 1 : 0); } - p = pbuf_alloc(PBUF_IP, packet_len, PBUF_RAM); - if ((p == NULL) || (p->len < packet_len)) { - /* We couldn't allocate a suitable pbuf for the ns. drop it. */ - if (p != NULL) { - pbuf_free(p); - } + p = pbuf_alloc(PBUF_IP, sizeof(struct rs_header) + (lladdr_opt_len << 3), PBUF_RAM); + if (p == NULL) { ND6_STATS_INC(nd6.memerr); - return; + return ERR_BUF; } /* Set fields. */ @@ -971,22 +1340,29 @@ nd6_send_rs(struct netif * netif) rs_hdr->chksum = 0; rs_hdr->reserved = 0; - if (src_addr != IP6_ADDR_ANY) { + if (src_addr != IP6_ADDR_ANY6) { /* Include our hw address. */ lladdr_opt = (struct lladdr_option *)((u8_t*)p->payload + sizeof(struct rs_header)); lladdr_opt->type = ND6_OPTION_TYPE_SOURCE_LLADDR; - lladdr_opt->length = ((netif->hwaddr_len + 2) >> 3) + (((netif->hwaddr_len + 2) & 0x07) ? 1 : 0); + lladdr_opt->length = (u8_t)lladdr_opt_len; SMEMCPY(lladdr_opt->addr, netif->hwaddr, netif->hwaddr_len); } - rs_hdr->chksum = ip6_chksum_pseudo(p, IP6_NEXTH_ICMP6, p->len, src_addr, - &multicast_address); +#if CHECKSUM_GEN_ICMP6 + IF__NETIF_CHECKSUM_ENABLED(netif, NETIF_CHECKSUM_GEN_ICMP6) { + rs_hdr->chksum = ip6_chksum_pseudo(p, IP6_NEXTH_ICMP6, p->len, src_addr, + &multicast_address); + } +#endif /* CHECKSUM_GEN_ICMP6 */ /* Send the packet out. */ ND6_STATS_INC(nd6.xmit); - ip6_output_if(p, src_addr, &multicast_address, - LWIP_ICMP6_HL, 0, IP6_NEXTH_ICMP6, netif); + + err = ip6_output_if(p, (src_addr == IP6_ADDR_ANY6) ? NULL : src_addr, &multicast_address, + ND6_HOPLIM, 0, IP6_NEXTH_ICMP6, netif); pbuf_free(p); + + return err; } #endif /* LWIP_IPV6_SEND_ROUTER_SOLICIT */ @@ -998,7 +1374,7 @@ nd6_send_rs(struct netif * netif) * entry is found */ static s8_t -nd6_find_neighbor_cache_entry(ip6_addr_t * ip6addr) +nd6_find_neighbor_cache_entry(const ip6_addr_t *ip6addr) { s8_t i; for (i = 0; i < LWIP_ND6_NUM_NEIGHBORS; i++) { @@ -1131,6 +1507,10 @@ nd6_free_neighbor_cache_entry(s8_t i) if ((i < 0) || (i >= LWIP_ND6_NUM_NEIGHBORS)) { return; } + if (neighbor_cache[i].isrouter) { + /* isrouter needs to be cleared before deleting a neighbor cache entry */ + return; + } /* Free any queued packets. */ if (neighbor_cache[i].q != NULL) { @@ -1153,9 +1533,12 @@ nd6_free_neighbor_cache_entry(s8_t i) * entry is found */ static s8_t -nd6_find_destination_cache_entry(ip6_addr_t * ip6addr) +nd6_find_destination_cache_entry(const ip6_addr_t *ip6addr) { s8_t i; + + IP6_ADDR_ZONECHECK(ip6addr); + for (i = 0; i < LWIP_ND6_NUM_DESTINATIONS; i++) { if (ip6_addr_cmp(ip6addr, &(destination_cache[i].destination_addr))) { return i; @@ -1197,15 +1580,34 @@ nd6_new_destination_cache_entry(void) } /** - * Determine whether an address matches an on-link prefix. + * Clear the destination cache. + * + * This operation may be necessary for consistency in the light of changing + * local addresses and/or use of the gateway hook. + */ +void +nd6_clear_destination_cache(void) +{ + int i; + + for (i = 0; i < LWIP_ND6_NUM_DESTINATIONS; i++) { + ip6_addr_set_any(&destination_cache[i].destination_addr); + } +} + +/** + * Determine whether an address matches an on-link prefix or the subnet of a + * statically assigned address. * * @param ip6addr the IPv6 address to match * @return 1 if the address is on-link, 0 otherwise */ static s8_t -nd6_is_prefix_in_netif(ip6_addr_t * ip6addr, struct netif * netif) +nd6_is_prefix_in_netif(const ip6_addr_t *ip6addr, struct netif *netif) { s8_t i; + + /* Check to see if the address matches an on-link prefix. */ for (i = 0; i < LWIP_ND6_NUM_PREFIXES; i++) { if ((prefix_list[i].netif == netif) && (prefix_list[i].invalidation_timer > 0) && @@ -1213,9 +1615,13 @@ nd6_is_prefix_in_netif(ip6_addr_t * ip6addr, struct netif * netif) return 1; } } - /* Check to see if address prefix matches a (manually?) configured address. */ + /* Check to see if address prefix matches a manually configured (= static) + * address. Static addresses have an implied /64 subnet assignment. Dynamic + * addresses (from autoconfiguration) have no implied subnet assignment, and + * are thus effectively /128 assignments. See RFC 5942 for more on this. */ for (i = 0; i < LWIP_IPV6_NUM_ADDRESSES; i++) { if (ip6_addr_isvalid(netif_ip6_addr_state(netif, i)) && + netif_ip6_addr_isstatic(netif, i) && ip6_addr_netcmp(ip6addr, netif_ip6_addr(netif, i))) { return 1; } @@ -1226,56 +1632,71 @@ nd6_is_prefix_in_netif(ip6_addr_t * ip6addr, struct netif * netif) /** * Select a default router for a destination. * + * This function is used both for routing and for finding a next-hop target for + * a packet. In the former case, the given netif is NULL, and the returned + * router entry must be for a netif suitable for sending packets (up, link up). + * In the latter case, the given netif is not NULL and restricts router choice. + * * @param ip6addr the destination address * @param netif the netif for the outgoing packet, if known * @return the default router entry index, or -1 if no suitable * router is found */ -s8_t -nd6_select_router(ip6_addr_t * ip6addr, struct netif * netif) +static s8_t +nd6_select_router(const ip6_addr_t *ip6addr, struct netif *netif) { - s8_t i; - /* last_router is used for round-robin router selection (as recommended - * in RFC). This is more robust in case one router is not reachable, - * we are not stuck trying to resolve it. */ + struct netif *router_netif; + s8_t i, j, valid_router; static s8_t last_router; - (void)ip6addr; /* TODO match preferred routes!! (must implement ND6_OPTION_TYPE_ROUTE_INFO) */ - /* TODO: implement default router preference */ + LWIP_UNUSED_ARG(ip6addr); /* @todo match preferred routes!! (must implement ND6_OPTION_TYPE_ROUTE_INFO) */ - /* Look for reachable routers. */ - for (i = 0; i < LWIP_ND6_NUM_ROUTERS; i++) { - if (++last_router >= LWIP_ND6_NUM_ROUTERS) { - last_router = 0; - } - if ((default_router_list[i].neighbor_entry != NULL) && - (netif != NULL ? netif == default_router_list[i].neighbor_entry->netif : 1) && - (default_router_list[i].invalidation_timer > 0) && - (default_router_list[i].neighbor_entry->state == ND6_REACHABLE)) { - return i; - } - } + /* @todo: implement default router preference */ - /* Look for router in other reachability states, but still valid according to timer. */ + /* Look for valid routers. A reachable router is preferred. */ + valid_router = -1; for (i = 0; i < LWIP_ND6_NUM_ROUTERS; i++) { - if (++last_router >= LWIP_ND6_NUM_ROUTERS) { - last_router = 0; - } - if ((default_router_list[i].neighbor_entry != NULL) && - (netif != NULL ? netif == default_router_list[i].neighbor_entry->netif : 1) && - (default_router_list[i].invalidation_timer > 0)) { - return i; + /* Is the router netif both set and apppropriate? */ + if (default_router_list[i].neighbor_entry != NULL) { + router_netif = default_router_list[i].neighbor_entry->netif; + if ((router_netif != NULL) && (netif != NULL ? netif == router_netif : + (netif_is_up(router_netif) && netif_is_link_up(router_netif)))) { + /* Is the router valid, i.e., reachable or probably reachable as per + * RFC 4861 Sec. 6.3.6? Note that we will never return a router that + * has no neighbor cache entry, due to the netif association tests. */ + if (default_router_list[i].neighbor_entry->state != ND6_INCOMPLETE) { + /* Is the router known to be reachable? */ + if (default_router_list[i].neighbor_entry->state == ND6_REACHABLE) { + return i; /* valid and reachable - done! */ + } else if (valid_router < 0) { + valid_router = i; /* valid but not known to be reachable */ + } + } + } } } + if (valid_router >= 0) { + return valid_router; + } /* Look for any router for which we have any information at all. */ - for (i = 0; i < LWIP_ND6_NUM_ROUTERS; i++) { - if (++last_router >= LWIP_ND6_NUM_ROUTERS) { - last_router = 0; + /* last_router is used for round-robin selection of incomplete routers, as + * recommended in RFC 4861 Sec. 6.3.6 point (2). Advance only when picking a + * route, to select the same router as next-hop target in the common case. */ + if ((netif == NULL) && (++last_router >= LWIP_ND6_NUM_ROUTERS)) { + last_router = 0; + } + i = last_router; + for (j = 0; j < LWIP_ND6_NUM_ROUTERS; j++) { + if (default_router_list[i].neighbor_entry != NULL) { + router_netif = default_router_list[i].neighbor_entry->netif; + if ((router_netif != NULL) && (netif != NULL ? netif == router_netif : + (netif_is_up(router_netif) && netif_is_link_up(router_netif)))) { + return i; + } } - if (default_router_list[i].neighbor_entry != NULL && - (netif != NULL ? netif == default_router_list[i].neighbor_entry->netif : 1)) { - return i; + if (++i >= LWIP_ND6_NUM_ROUTERS) { + i = 0; } } @@ -1284,6 +1705,45 @@ nd6_select_router(ip6_addr_t * ip6addr, struct netif * netif) } /** + * Find a router-announced route to the given destination. This route may be + * based on an on-link prefix or a default router. + * + * If a suitable route is found, the returned netif is guaranteed to be in a + * suitable state (up, link up) to be used for packet transmission. + * + * @param ip6addr the destination IPv6 address + * @return the netif to use for the destination, or NULL if none found + */ +struct netif * +nd6_find_route(const ip6_addr_t *ip6addr) +{ + struct netif *netif; + s8_t i; + + /* @todo decide if it makes sense to check the destination cache first */ + + /* Check if there is a matching on-link prefix. There may be multiple + * matches. Pick the first one that is associated with a suitable netif. */ + for (i = 0; i < LWIP_ND6_NUM_PREFIXES; ++i) { + netif = prefix_list[i].netif; + if ((netif != NULL) && ip6_addr_netcmp(&prefix_list[i].prefix, ip6addr) && + netif_is_up(netif) && netif_is_link_up(netif)) { + return netif; + } + } + + /* No on-link prefix match. Find a router that can forward the packet. */ + i = nd6_select_router(ip6addr, NULL); + if (i >= 0) { + LWIP_ASSERT("selected router must have a neighbor entry", + default_router_list[i].neighbor_entry != NULL); + return default_router_list[i].neighbor_entry->netif; + } + + return NULL; +} + +/** * Find an entry for a default router. * * @param router_addr the IPv6 address of the router @@ -1291,10 +1751,12 @@ nd6_select_router(ip6_addr_t * ip6addr, struct netif * netif) * @return the index of the router entry, or -1 if not found */ static s8_t -nd6_get_router(ip6_addr_t * router_addr, struct netif * netif) +nd6_get_router(const ip6_addr_t *router_addr, struct netif *netif) { s8_t i; + IP6_ADDR_ZONECHECK_NETIF(router_addr, netif); + /* Look for router. */ for (i = 0; i < LWIP_ND6_NUM_ROUTERS; i++) { if ((default_router_list[i].neighbor_entry != NULL) && @@ -1316,11 +1778,14 @@ nd6_get_router(ip6_addr_t * router_addr, struct netif * netif) * @return the index on the router table, or -1 if could not be created */ static s8_t -nd6_new_router(ip6_addr_t * router_addr, struct netif * netif) +nd6_new_router(const ip6_addr_t *router_addr, struct netif *netif) { s8_t router_index; + s8_t free_router_index; s8_t neighbor_index; + IP6_ADDR_ZONECHECK_NETIF(router_addr, netif); + /* Do we have a neighbor entry for this router? */ neighbor_index = nd6_find_neighbor_cache_entry(router_addr); if (neighbor_index < 0) { @@ -1334,19 +1799,30 @@ nd6_new_router(ip6_addr_t * router_addr, struct netif * netif) neighbor_cache[neighbor_index].netif = netif; neighbor_cache[neighbor_index].q = NULL; neighbor_cache[neighbor_index].state = ND6_INCOMPLETE; - neighbor_cache[neighbor_index].counter.probes_sent = 0; + neighbor_cache[neighbor_index].counter.probes_sent = 1; + nd6_send_neighbor_cache_probe(&neighbor_cache[neighbor_index], ND6_SEND_FLAG_MULTICAST_DEST); } /* Mark neighbor as router. */ neighbor_cache[neighbor_index].isrouter = 1; /* Look for empty entry. */ - for (router_index = 0; router_index < LWIP_ND6_NUM_ROUTERS; router_index++) { + free_router_index = LWIP_ND6_NUM_ROUTERS; + for (router_index = LWIP_ND6_NUM_ROUTERS - 1; router_index >= 0; router_index--) { + /* check if router already exists (this is a special case for 2 netifs on the same subnet + - e.g. wifi and cable) */ + if(default_router_list[router_index].neighbor_entry == &(neighbor_cache[neighbor_index])){ + return router_index; + } if (default_router_list[router_index].neighbor_entry == NULL) { - default_router_list[router_index].neighbor_entry = &(neighbor_cache[neighbor_index]); - return router_index; + /* remember lowest free index to create a new entry */ + free_router_index = router_index; } } + if (free_router_index < LWIP_ND6_NUM_ROUTERS) { + default_router_list[free_router_index].neighbor_entry = &(neighbor_cache[neighbor_index]); + return free_router_index; + } /* Could not create a router entry. */ @@ -1365,7 +1841,7 @@ nd6_new_router(ip6_addr_t * router_addr, struct netif * netif) * @return the index on the prefix table, or -1 if not found */ static s8_t -nd6_get_onlink_prefix(ip6_addr_t * prefix, struct netif * netif) +nd6_get_onlink_prefix(const ip6_addr_t *prefix, struct netif *netif) { s8_t i; @@ -1389,7 +1865,7 @@ nd6_get_onlink_prefix(ip6_addr_t * prefix, struct netif * netif) * @return the index on the prefix table, or -1 if not created */ static s8_t -nd6_new_onlink_prefix(ip6_addr_t * prefix, struct netif * netif) +nd6_new_onlink_prefix(const ip6_addr_t *prefix, struct netif *netif) { s8_t i; @@ -1400,9 +1876,6 @@ nd6_new_onlink_prefix(ip6_addr_t * prefix, struct netif * netif) /* Found empty prefix entry. */ prefix_list[i].netif = netif; ip6_addr_set(&(prefix_list[i].prefix), prefix); -#if LWIP_IPV6_AUTOCONFIG - prefix_list[i].flags = 0; -#endif return i; } } @@ -1423,15 +1896,20 @@ nd6_new_onlink_prefix(ip6_addr_t * prefix, struct netif * netif) * suitable next hop was found, ERR_MEM if no cache entry * could be created */ -s8_t -nd6_get_next_hop_entry(ip6_addr_t * ip6addr, struct netif * netif) +static s8_t +nd6_get_next_hop_entry(const ip6_addr_t *ip6addr, struct netif *netif) { +#ifdef LWIP_HOOK_ND6_GET_GW + const ip6_addr_t *next_hop_addr; +#endif /* LWIP_HOOK_ND6_GET_GW */ s8_t i; + IP6_ADDR_ZONECHECK_NETIF(ip6addr, netif); + #if LWIP_NETIF_HWADDRHINT - if (netif->addr_hint != NULL) { + if (netif->hints != NULL) { /* per-pcb cached entry was given */ - u8_t addr_hint = *(netif->addr_hint); + u8_t addr_hint = netif->hints->addr_hint; if (addr_hint < LWIP_ND6_NUM_DESTINATIONS) { nd6_cached_destination_index = addr_hint; } @@ -1449,8 +1927,7 @@ nd6_get_next_hop_entry(ip6_addr_t * ip6addr, struct netif * netif) if (i >= 0) { /* found destination entry. make it our new cached index. */ nd6_cached_destination_index = i; - } - else { + } else { /* Not found. Create a new destination entry. */ i = nd6_new_destination_cache_entry(); if (i >= 0) { @@ -1470,8 +1947,13 @@ nd6_get_next_hop_entry(ip6_addr_t * ip6addr, struct netif * netif) /* Destination in local link. */ destination_cache[nd6_cached_destination_index].pmtu = netif->mtu; ip6_addr_copy(destination_cache[nd6_cached_destination_index].next_hop_addr, destination_cache[nd6_cached_destination_index].destination_addr); - } - else { +#ifdef LWIP_HOOK_ND6_GET_GW + } else if ((next_hop_addr = LWIP_HOOK_ND6_GET_GW(netif, ip6addr)) != NULL) { + /* Next hop for destination provided by hook function. */ + destination_cache[nd6_cached_destination_index].pmtu = netif->mtu; + ip6_addr_set(&destination_cache[nd6_cached_destination_index].next_hop_addr, next_hop_addr); +#endif /* LWIP_HOOK_ND6_GET_GW */ + } else { /* We need to select a router. */ i = nd6_select_router(ip6addr, netif); if (i < 0) { @@ -1486,9 +1968,9 @@ nd6_get_next_hop_entry(ip6_addr_t * ip6addr, struct netif * netif) } #if LWIP_NETIF_HWADDRHINT - if (netif->addr_hint != NULL) { + if (netif->hints != NULL) { /* per-pcb cached entry was given */ - *(netif->addr_hint) = nd6_cached_destination_index; + netif->hints->addr_hint = nd6_cached_destination_index; } #endif /* LWIP_NETIF_HWADDRHINT */ @@ -1503,8 +1985,7 @@ nd6_get_next_hop_entry(ip6_addr_t * ip6addr, struct netif * netif) if (i >= 0) { /* Found a matching record, make it new cached entry. */ nd6_cached_neighbor_index = i; - } - else { + } else { /* Neighbor not in cache. Make a new entry. */ i = nd6_new_neighbor_cache_entry(); if (i >= 0) { @@ -1521,7 +2002,8 @@ nd6_get_next_hop_entry(ip6_addr_t * ip6addr, struct netif * netif) neighbor_cache[i].isrouter = 0; neighbor_cache[i].netif = netif; neighbor_cache[i].state = ND6_INCOMPLETE; - neighbor_cache[i].counter.probes_sent = 0; + neighbor_cache[i].counter.probes_sent = 1; + nd6_send_neighbor_cache_probe(&neighbor_cache[i], ND6_SEND_FLAG_MULTICAST_DEST); } } @@ -1538,8 +2020,8 @@ nd6_get_next_hop_entry(ip6_addr_t * ip6addr, struct netif * netif) * @param q packet to be queued * @return ERR_OK if succeeded, ERR_MEM if out of memory */ -err_t -nd6_queue_packet(s8_t neighbor_index, struct pbuf * q) +static err_t +nd6_queue_packet(s8_t neighbor_index, struct pbuf *q) { err_t result = ERR_MEM; struct pbuf *p; @@ -1552,18 +2034,17 @@ nd6_queue_packet(s8_t neighbor_index, struct pbuf * q) return ERR_ARG; } - /* IF q includes a PBUF_REF, PBUF_POOL or PBUF_RAM, we have no choice but - * to copy the whole queue into a new PBUF_RAM (see bug #11400) - * PBUF_ROMs can be left as they are, since ROM must not get changed. */ + /* IF q includes a pbuf that must be copied, we have to copy the whole chain + * into a new PBUF_RAM. See the definition of PBUF_NEEDS_COPY for details. */ p = q; while (p) { - if(p->type != PBUF_ROM) { + if (PBUF_NEEDS_COPY(p)) { copy_needed = 1; break; } p = p->next; } - if(copy_needed) { + if (copy_needed) { /* copy the whole packet into new pbufs */ p = pbuf_alloc(PBUF_LINK, q->tot_len, PBUF_RAM); while ((p == NULL) && (neighbor_cache[neighbor_index].q != NULL)) { @@ -1579,7 +2060,7 @@ nd6_queue_packet(s8_t neighbor_index, struct pbuf * q) #endif /* LWIP_ND6_QUEUEING */ p = pbuf_alloc(PBUF_LINK, q->tot_len, PBUF_RAM); } - if(p != NULL) { + if (p != NULL) { if (pbuf_copy(p, q) != ERR_OK) { pbuf_free(p); p = NULL; @@ -1607,7 +2088,7 @@ nd6_queue_packet(s8_t neighbor_index, struct pbuf * q) if (new_entry != NULL) { new_entry->next = NULL; new_entry->p = p; - if(neighbor_cache[neighbor_index].q != NULL) { + if (neighbor_cache[neighbor_index].q != NULL) { /* queue was already existent, append the new entry to the end */ r = neighbor_cache[neighbor_index].q; while (r->next != NULL) { @@ -1674,6 +2155,7 @@ static void nd6_send_q(s8_t i) { struct ip6_hdr *ip6hdr; + ip6_addr_t dest; #if LWIP_ND6_QUEUEING struct nd6_q_entry *q; #endif /* LWIP_ND6_QUEUEING */ @@ -1690,10 +2172,12 @@ nd6_send_q(s8_t i) neighbor_cache[i].q = q->next; /* Get ipv6 header. */ ip6hdr = (struct ip6_hdr *)(q->p->payload); - /* Override ip6_current_dest_addr() so that we have an aligned copy. */ - ip6_addr_set(ip6_current_dest_addr(), &(ip6hdr->dest)); + /* Create an aligned copy. */ + ip6_addr_copy_from_packed(dest, ip6hdr->dest); + /* Restore the zone, if applicable. */ + ip6_addr_assign_zone(&dest, IP6_UNKNOWN, neighbor_cache[i].netif); /* send the queued IPv6 packet */ - (neighbor_cache[i].netif)->output_ip6(neighbor_cache[i].netif, q->p, ip6_current_dest_addr()); + (neighbor_cache[i].netif)->output_ip6(neighbor_cache[i].netif, q->p, &dest); /* free the queued IP packet */ pbuf_free(q->p); /* now queue entry can be freed */ @@ -1703,10 +2187,12 @@ nd6_send_q(s8_t i) if (neighbor_cache[i].q != NULL) { /* Get ipv6 header. */ ip6hdr = (struct ip6_hdr *)(neighbor_cache[i].q->payload); - /* Override ip6_current_dest_addr() so that we have an aligned copy. */ - ip6_addr_set(ip6_current_dest_addr(), &(ip6hdr->dest)); + /* Create an aligned copy. */ + ip6_addr_copy_from_packed(dest, ip6hdr->dest); + /* Restore the zone, if applicable. */ + ip6_addr_assign_zone(&dest, IP6_UNKNOWN, neighbor_cache[i].netif); /* send the queued IPv6 packet */ - (neighbor_cache[i].netif)->output_ip6(neighbor_cache[i].netif, neighbor_cache[i].q, ip6_current_dest_addr()); + (neighbor_cache[i].netif)->output_ip6(neighbor_cache[i].netif, neighbor_cache[i].q, &dest); /* free the queued IP packet */ pbuf_free(neighbor_cache[i].q); neighbor_cache[i].q = NULL; @@ -1714,6 +2200,61 @@ nd6_send_q(s8_t i) #endif /* LWIP_ND6_QUEUEING */ } +/** + * A packet is to be transmitted to a specific IPv6 destination on a specific + * interface. Check if we can find the hardware address of the next hop to use + * for the packet. If so, give the hardware address to the caller, which should + * use it to send the packet right away. Otherwise, enqueue the packet for + * later transmission while looking up the hardware address, if possible. + * + * As such, this function returns one of three different possible results: + * + * - ERR_OK with a non-NULL 'hwaddrp': the caller should send the packet now. + * - ERR_OK with a NULL 'hwaddrp': the packet has been enqueued for later. + * - not ERR_OK: something went wrong; forward the error upward in the stack. + * + * @param netif The lwIP network interface on which the IP packet will be sent. + * @param q The pbuf(s) containing the IP packet to be sent. + * @param ip6addr The destination IPv6 address of the packet. + * @param hwaddrp On success, filled with a pointer to a HW address or NULL (meaning + * the packet has been queued). + * @return + * - ERR_OK on success, ERR_RTE if no route was found for the packet, + * or ERR_MEM if low memory conditions prohibit sending the packet at all. + */ +err_t +nd6_get_next_hop_addr_or_queue(struct netif *netif, struct pbuf *q, const ip6_addr_t *ip6addr, const u8_t **hwaddrp) +{ + s8_t i; + + /* Get next hop record. */ + i = nd6_get_next_hop_entry(ip6addr, netif); + if (i < 0) { + /* failed to get a next hop neighbor record. */ + return i; + } + + /* Now that we have a destination record, send or queue the packet. */ + if (neighbor_cache[i].state == ND6_STALE) { + /* Switch to delay state. */ + neighbor_cache[i].state = ND6_DELAY; + neighbor_cache[i].counter.delay_time = LWIP_ND6_DELAY_FIRST_PROBE_TIME / ND6_TMR_INTERVAL; + } + /* @todo should we send or queue if PROBE? send for now, to let unicast NS pass. */ + if ((neighbor_cache[i].state == ND6_REACHABLE) || + (neighbor_cache[i].state == ND6_DELAY) || + (neighbor_cache[i].state == ND6_PROBE)) { + + /* Tell the caller to send out the packet now. */ + *hwaddrp = neighbor_cache[i].lladdr; + return ERR_OK; + } + + /* We should queue packet on this interface. */ + *hwaddrp = NULL; + return nd6_queue_packet(i, q); +} + /** * Get the Path MTU for a destination. @@ -1723,7 +2264,7 @@ nd6_send_q(s8_t i) * @return the Path MTU, if known, or the netif default MTU */ u16_t -nd6_get_destination_mtu(ip6_addr_t * ip6addr, struct netif * netif) +nd6_get_destination_mtu(const ip6_addr_t *ip6addr, struct netif *netif) { s8_t i; @@ -1753,7 +2294,7 @@ nd6_get_destination_mtu(ip6_addr_t * ip6addr, struct netif * netif) * by an upper layer protocol (TCP) */ void -nd6_reachability_hint(ip6_addr_t * ip6addr) +nd6_reachability_hint(const ip6_addr_t *ip6addr) { s8_t i; @@ -1761,8 +2302,7 @@ nd6_reachability_hint(ip6_addr_t * ip6addr) if (ip6_addr_cmp(ip6addr, &(destination_cache[nd6_cached_destination_index].destination_addr))) { i = nd6_cached_destination_index; ND6_STATS_INC(nd6.cachehit); - } - else { + } else { i = nd6_find_destination_cache_entry(ip6addr); } if (i < 0) { @@ -1773,18 +2313,90 @@ nd6_reachability_hint(ip6_addr_t * ip6addr) if (ip6_addr_cmp(&(destination_cache[i].next_hop_addr), &(neighbor_cache[nd6_cached_neighbor_index].next_hop_address))) { i = nd6_cached_neighbor_index; ND6_STATS_INC(nd6.cachehit); - } - else { + } else { i = nd6_find_neighbor_cache_entry(&(destination_cache[i].next_hop_addr)); } if (i < 0) { return; } + /* For safety: don't set as reachable if we don't have a LL address yet. Misuse protection. */ + if (neighbor_cache[i].state == ND6_INCOMPLETE || neighbor_cache[i].state == ND6_NO_ENTRY) { + return; + } + /* Set reachability state. */ neighbor_cache[i].state = ND6_REACHABLE; neighbor_cache[i].counter.reachable_time = reachable_time; } #endif /* LWIP_ND6_TCP_REACHABILITY_HINTS */ +/** + * Remove all prefix, neighbor_cache and router entries of the specified netif. + * + * @param netif points to a network interface + */ +void +nd6_cleanup_netif(struct netif *netif) +{ + u8_t i; + s8_t router_index; + for (i = 0; i < LWIP_ND6_NUM_PREFIXES; i++) { + if (prefix_list[i].netif == netif) { + prefix_list[i].netif = NULL; + } + } + for (i = 0; i < LWIP_ND6_NUM_NEIGHBORS; i++) { + if (neighbor_cache[i].netif == netif) { + for (router_index = 0; router_index < LWIP_ND6_NUM_ROUTERS; router_index++) { + if (default_router_list[router_index].neighbor_entry == &neighbor_cache[i]) { + default_router_list[router_index].neighbor_entry = NULL; + default_router_list[router_index].flags = 0; + } + } + neighbor_cache[i].isrouter = 0; + nd6_free_neighbor_cache_entry(i); + } + } + /* Clear the destination cache, since many entries may now have become + * invalid for one of several reasons. As destination cache entries have no + * netif association, use a sledgehammer approach (this can be improved). */ + nd6_clear_destination_cache(); +} + +#if LWIP_IPV6_MLD +/** + * The state of a local IPv6 address entry is about to change. If needed, join + * or leave the solicited-node multicast group for the address. + * + * @param netif The netif that owns the address. + * @param addr_idx The index of the address. + * @param new_state The new (IP6_ADDR_) state for the address. + */ +void +nd6_adjust_mld_membership(struct netif *netif, s8_t addr_idx, u8_t new_state) +{ + u8_t old_state, old_member, new_member; + + old_state = netif_ip6_addr_state(netif, addr_idx); + + /* Determine whether we were, and should be, a member of the solicited-node + * multicast group for this address. For tentative addresses, the group is + * not joined until the address enters the TENTATIVE_1 (or VALID) state. */ + old_member = (old_state != IP6_ADDR_INVALID && old_state != IP6_ADDR_DUPLICATED && old_state != IP6_ADDR_TENTATIVE); + new_member = (new_state != IP6_ADDR_INVALID && new_state != IP6_ADDR_DUPLICATED && new_state != IP6_ADDR_TENTATIVE); + + if (old_member != new_member) { + ip6_addr_set_solicitednode(&multicast_address, netif_ip6_addr(netif, addr_idx)->addr[3]); + ip6_addr_assign_zone(&multicast_address, IP6_MULTICAST, netif); + + if (new_member) { + mld6_joingroup_netif(netif, &multicast_address); + } else { + mld6_leavegroup_netif(netif, &multicast_address); + } + } +} +#endif /* LWIP_IPV6_MLD */ + #endif /* LWIP_IPV6 */ |