diff options
Diffstat (limited to 'src/net')
-rw-r--r-- | src/net/icmpv6.c | 248 | ||||
-rw-r--r-- | src/net/ipv4.c | 2 | ||||
-rw-r--r-- | src/net/ipv6.c | 879 | ||||
-rw-r--r-- | src/net/ndp.c | 448 |
4 files changed, 1097 insertions, 480 deletions
diff --git a/src/net/icmpv6.c b/src/net/icmpv6.c index 7242380..54426be 100644 --- a/src/net/icmpv6.c +++ b/src/net/icmpv6.c @@ -1,126 +1,172 @@ -#include <stdint.h> +/* + * Copyright (C) 2013 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +FILE_LICENCE ( GPL2_OR_LATER ); + #include <string.h> -#include <byteswap.h> #include <errno.h> +#include <byteswap.h> #include <ipxe/in.h> -#include <ipxe/ip6.h> -#include <ipxe/if_ether.h> #include <ipxe/iobuf.h> -#include <ipxe/ndp.h> -#include <ipxe/icmp6.h> #include <ipxe/tcpip.h> -#include <ipxe/netdevice.h> +#include <ipxe/icmpv6.h> + +/** @file + * + * ICMPv6 protocol + * + */ /** - * Send neighbour solicitation packet + * Process received ICMPv6 echo request packet * - * @v netdev Network device - * @v src Source address - * @v dest Destination address + * @v iobuf I/O buffer + * @v netdev Network device + * @v sin6_src Source socket address + * @v sin6_dest Destination socket address + * @ret rc Return status code + */ +static int icmpv6_rx_echo ( struct io_buffer *iobuf, + struct net_device *netdev, + struct sockaddr_in6 *sin6_src, + struct sockaddr_in6 *sin6_dest __unused ) { + struct sockaddr_tcpip *st_src = + ( ( struct sockaddr_tcpip * ) sin6_src ); + struct icmpv6_echo *echo = iobuf->data; + size_t len = iob_len ( iobuf ); + int rc; + + /* Sanity check */ + if ( iob_len ( iobuf ) < sizeof ( *echo ) ) { + DBGC ( netdev, "ICMPv6 echo request too short at %zd bytes " + "(min %zd bytes)\n", iob_len ( iobuf ), + sizeof ( *echo ) ); + rc = -EINVAL; + goto done; + } + DBGC ( netdev, "ICMPv6 echo request from %s (id %#04x seq %#04x)\n", + inet6_ntoa ( &sin6_dest->sin6_addr ), ntohs ( echo->ident ), + ntohs ( echo->sequence ) ); + + /* Convert echo request to echo reply and recalculate checksum */ + echo->icmp.type = ICMPV6_ECHO_REPLY; + echo->icmp.chksum = 0; + echo->icmp.chksum = tcpip_chksum ( echo, len ); + + /* Transmit echo reply */ + if ( ( rc = tcpip_tx ( iob_disown ( iobuf ), &icmpv6_protocol, NULL, + st_src, netdev, &echo->icmp.chksum ) ) != 0 ) { + DBGC ( netdev, "ICMPv6 could not transmit reply: %s\n", + strerror ( rc ) ); + goto done; + } + + done: + free_iob ( iobuf ); + return rc; +} + +/** ICMPv6 echo request handlers */ +struct icmpv6_handler icmpv6_echo_handler __icmpv6_handler = { + .type = ICMPV6_ECHO_REQUEST, + .rx = icmpv6_rx_echo, +}; + +/** + * Identify ICMPv6 handler * - * This function prepares a neighbour solicitation packet and sends it to the - * network layer. + * @v type ICMPv6 type + * @ret handler ICMPv6 handler, or NULL if not found */ -int icmp6_send_solicit ( struct net_device *netdev, struct in6_addr *src __unused, - struct in6_addr *dest ) { - union { - struct sockaddr_in6 sin6; - struct sockaddr_tcpip st; - } st_dest; - struct ll_protocol *ll_protocol = netdev->ll_protocol; - struct neighbour_solicit *nsolicit; - struct io_buffer *iobuf = alloc_iob ( sizeof ( *nsolicit ) + MIN_IOB_LEN ); - iob_reserve ( iobuf, MAX_HDR_LEN ); - nsolicit = iob_put ( iobuf, sizeof ( *nsolicit ) ); - - /* Fill up the headers */ - memset ( nsolicit, 0, sizeof ( *nsolicit ) ); - nsolicit->type = ICMP6_NSOLICIT; - nsolicit->code = 0; - nsolicit->target = *dest; - nsolicit->opt_type = 1; - nsolicit->opt_len = ( 2 + ll_protocol->ll_addr_len ) / 8; - memcpy ( nsolicit->opt_ll_addr, netdev->ll_addr, - netdev->ll_protocol->ll_addr_len ); - /* Partial checksum */ - nsolicit->csum = 0; - nsolicit->csum = tcpip_chksum ( nsolicit, sizeof ( *nsolicit ) ); - - /* Solicited multicast address */ - st_dest.sin6.sin6_family = AF_INET6; - st_dest.sin6.sin6_addr.in6_u.u6_addr8[0] = 0xff; - st_dest.sin6.sin6_addr.in6_u.u6_addr8[2] = 0x02; - st_dest.sin6.sin6_addr.in6_u.u6_addr16[1] = 0x0000; - st_dest.sin6.sin6_addr.in6_u.u6_addr32[1] = 0x00000000; - st_dest.sin6.sin6_addr.in6_u.u6_addr16[4] = 0x0000; - st_dest.sin6.sin6_addr.in6_u.u6_addr16[5] = 0x0001; - st_dest.sin6.sin6_addr.in6_u.u6_addr32[3] = dest->in6_u.u6_addr32[3]; - st_dest.sin6.sin6_addr.in6_u.u6_addr8[13] = 0xff; - - /* Send packet over IP6 */ - return tcpip_tx ( iobuf, &icmp6_protocol, NULL, &st_dest.st, - NULL, &nsolicit->csum ); +static struct icmpv6_handler * icmpv6_handler ( unsigned int type ) { + struct icmpv6_handler *handler; + + for_each_table_entry ( handler, ICMPV6_HANDLERS ) { + if ( handler->type == type ) + return handler; + } + return NULL; } /** - * Process ICMP6 headers + * Process a received packet * - * @v iobuf I/O buffer - * @v st_src Source address - * @v st_dest Destination address + * @v iobuf I/O buffer + * @v netdev Network device + * @v st_src Partially-filled source address + * @v st_dest Partially-filled destination address + * @v pshdr_csum Pseudo-header checksum + * @ret rc Return status code */ -static int icmp6_rx ( struct io_buffer *iobuf, struct net_device *netdev __unused, struct sockaddr_tcpip *st_src, - struct sockaddr_tcpip *st_dest, __unused uint16_t pshdr_csum ) { - struct icmp6_header *icmp6hdr = iobuf->data; +static int icmpv6_rx ( struct io_buffer *iobuf, struct net_device *netdev, + struct sockaddr_tcpip *st_src, + struct sockaddr_tcpip *st_dest, uint16_t pshdr_csum ) { + struct sockaddr_in6 *sin6_src = ( ( struct sockaddr_in6 * ) st_src ); + struct sockaddr_in6 *sin6_dest = ( ( struct sockaddr_in6 * ) st_dest ); + struct icmpv6_header *icmp = iobuf->data; + size_t len = iob_len ( iobuf ); + struct icmpv6_handler *handler; + unsigned int csum; + int rc; /* Sanity check */ - if ( iob_len ( iobuf ) < sizeof ( *icmp6hdr ) ) { - DBG ( "Packet too short (%zd bytes)\n", iob_len ( iobuf ) ); - free_iob ( iobuf ); - return -EINVAL; + if ( len < sizeof ( *icmp ) ) { + DBGC ( netdev, "ICMPv6 packet too short at %zd bytes (min %zd " + "bytes)\n", len, sizeof ( *icmp ) ); + rc = -EINVAL; + goto done; } - /* TODO: Verify checksum */ + /* Verify checksum */ + csum = tcpip_continue_chksum ( pshdr_csum, icmp, len ); + if ( csum != 0 ) { + DBGC ( netdev, "ICMPv6 checksum incorrect (is %04x, should be " + "0000)\n", csum ); + DBGC_HDA ( netdev, 0, icmp, len ); + rc = -EINVAL; + goto done; + } - /* Process the ICMP header */ - switch ( icmp6hdr->type ) { - case ICMP6_NADVERT: - return ndp_process_advert ( iobuf, st_src, st_dest ); + /* Identify handler */ + handler = icmpv6_handler ( icmp->type ); + if ( ! handler ) { + DBGC ( netdev, "ICMPv6 unrecognised type %d\n", icmp->type ); + rc = -ENOTSUP; + goto done; + } + + /* Pass to handler */ + if ( ( rc = handler->rx ( iob_disown ( iobuf ), netdev, sin6_src, + sin6_dest ) ) != 0 ) { + DBGC ( netdev, "ICMPv6 could not handle type %d: %s\n", + icmp->type, strerror ( rc ) ); + goto done; } - return -ENOSYS; -} -#if 0 -void icmp6_test_nadvert (struct net_device *netdev, struct sockaddr_in6 *server_p, char *ll_addr) { - - struct sockaddr_in6 server; - memcpy ( &server, server_p, sizeof ( server ) ); - struct io_buffer *rxiobuf = alloc_iob ( 500 ); - iob_reserve ( rxiobuf, MAX_HDR_LEN ); - struct neighbour_advert *nadvert = iob_put ( rxiobuf, sizeof ( *nadvert ) ); - nadvert->type = 136; - nadvert->code = 0; - nadvert->flags = ICMP6_FLAGS_SOLICITED; - nadvert->csum = 0xffff; - nadvert->target = server.sin6_addr; - nadvert->opt_type = 2; - nadvert->opt_len = 1; - memcpy ( nadvert->opt_ll_addr, ll_addr, 6 ); - struct ip6_header *ip6hdr = iob_push ( rxiobuf, sizeof ( *ip6hdr ) ); - ip6hdr->ver_traffic_class_flow_label = htonl ( 0x60000000 ); - ip6hdr->hop_limit = 255; - ip6hdr->nxt_hdr = 58; - ip6hdr->payload_len = htons ( sizeof ( *nadvert ) ); - ip6hdr->src = server.sin6_addr; - ip6hdr->dest = server.sin6_addr; - hex_dump ( rxiobuf->data, iob_len ( rxiobuf ) ); - net_rx ( rxiobuf, netdev, htons ( ETH_P_IPV6 ), ll_addr ); + done: + free_iob ( iobuf ); + return rc; } -#endif -/** ICMP6 protocol */ -struct tcpip_protocol icmp6_protocol __tcpip_protocol = { - .name = "ICMP6", - .rx = icmp6_rx, - .tcpip_proto = IP_ICMP6, // 58 +/** ICMPv6 TCP/IP protocol */ +struct tcpip_protocol icmpv6_protocol __tcpip_protocol = { + .name = "ICMPv6", + .rx = icmpv6_rx, + .tcpip_proto = IP_ICMP6, }; diff --git a/src/net/ipv4.c b/src/net/ipv4.c index bd31880..46f774e 100644 --- a/src/net/ipv4.c +++ b/src/net/ipv4.c @@ -290,7 +290,7 @@ static int ipv4_tx ( struct io_buffer *iobuf, DBGC ( sin_dest->sin_addr, "IPv4 could not hash " "multicast %s: %s\n", inet_ntoa ( next_hop ), strerror ( rc ) ); - return rc; + goto err; } ll_dest = ll_dest_buf; } else { diff --git a/src/net/ipv6.c b/src/net/ipv6.c index 077118d..69feba1 100644 --- a/src/net/ipv6.c +++ b/src/net/ipv6.c @@ -1,76 +1,162 @@ -#include <errno.h> +/* + * Copyright (C) 2013 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +FILE_LICENCE ( GPL2_OR_LATER ); + #include <stdint.h> -#include <string.h> -#include <stdlib.h> #include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <assert.h> #include <byteswap.h> -#include <ipxe/in.h> -#include <ipxe/ip6.h> -#include <ipxe/ndp.h> -#include <ipxe/list.h> -#include <ipxe/icmp6.h> -#include <ipxe/tcpip.h> -#include <ipxe/socket.h> #include <ipxe/iobuf.h> -#include <ipxe/netdevice.h> +#include <ipxe/tcpip.h> #include <ipxe/if_ether.h> +#include <ipxe/crc32.h> +#include <ipxe/fragment.h> +#include <ipxe/ndp.h> +#include <ipxe/ipv6.h> -/* Unspecified IP6 address */ -static struct in6_addr ip6_none = { - .in6_u.u6_addr32 = { 0,0,0,0 } -}; +/** @file + * + * IPv6 protocol + * + */ -/** An IPv6 routing table entry */ -struct ipv6_miniroute { - /* List of miniroutes */ - struct list_head list; +/* Disambiguate the various error causes */ +#define EINVAL_LEN __einfo_error ( EINFO_EINVAL_LEN ) +#define EINFO_EINVAL_LEN \ + __einfo_uniqify ( EINFO_EINVAL, 0x01, "Invalid length" ) +#define ENOTSUP_VER __einfo_error ( EINFO_ENOTSUP_VER ) +#define EINFO_ENOTSUP_VER \ + __einfo_uniqify ( EINFO_ENOTSUP, 0x01, "Unsupported version" ) +#define ENOTSUP_HDR __einfo_error ( EINFO_ENOTSUP_HDR ) +#define EINFO_ENOTSUP_HDR \ + __einfo_uniqify ( EINFO_ENOTSUP, 0x02, "Unsupported header type" ) +#define ENOTSUP_OPT __einfo_error ( EINFO_ENOTSUP_OPT ) +#define EINFO_ENOTSUP_OPT \ + __einfo_uniqify ( EINFO_ENOTSUP, 0x03, "Unsupported option" ) - /* Network device */ - struct net_device *netdev; +/** List of IPv6 miniroutes */ +struct list_head ipv6_miniroutes = LIST_HEAD_INIT ( ipv6_miniroutes ); - /* Destination prefix */ - struct in6_addr prefix; - /* Prefix length */ - int prefix_len; - /* IPv6 address of interface */ - struct in6_addr address; - /* Gateway address */ - struct in6_addr gateway; -}; +/** + * Determine debugging colour for IPv6 debug messages + * + * @v in IPv6 address + * @ret col Debugging colour (for DBGC()) + */ +static uint32_t ipv6col ( struct in6_addr *in ) { + return crc32_le ( 0, in, sizeof ( *in ) ); +} -/** List of IPv6 miniroutes */ -static LIST_HEAD ( miniroutes ); +/** + * Check if network device has a specific IPv6 address + * + * @v netdev Network device + * @v addr IPv6 address + * @ret has_addr Network device has this IPv6 address + */ +int ipv6_has_addr ( struct net_device *netdev, struct in6_addr *addr ) { + struct ipv6_miniroute *miniroute; + + list_for_each_entry ( miniroute, &ipv6_miniroutes, list ) { + if ( ( miniroute->netdev == netdev ) && + ( memcmp ( &miniroute->address, addr, + sizeof ( miniroute->address ) ) == 0 ) ) { + /* Found matching address */ + return 1; + } + } + return 0; +} + +/** + * Check if IPv6 address is within a routing table entry's local network + * + * @v miniroute Routing table entry + * @v address IPv6 address + * @ret is_local Address is within this entry's local network + */ +static int ipv6_is_local ( struct ipv6_miniroute *miniroute, + struct in6_addr *address ) { + unsigned int i; + + for ( i = 0 ; i < ( sizeof ( address->s6_addr32 ) / + sizeof ( address->s6_addr32[0] ) ) ; i++ ) { + if ( (( address->s6_addr32[i] ^ miniroute->address.s6_addr32[i]) + & miniroute->prefix_mask.s6_addr32[i] ) != 0 ) + return 0; + } + return 1; +} /** * Add IPv6 minirouting table entry * * @v netdev Network device - * @v prefix Destination prefix - * @v address Address of the interface - * @v gateway Gateway address (or ::0 for no gateway) - * @ret miniroute Routing table entry, or NULL + * @v address IPv6 address + * @v prefix_len Prefix length + * @v router Router address (or NULL) + * @ret miniroute Routing table entry, or NULL on failure */ -static struct ipv6_miniroute * __malloc -add_ipv6_miniroute ( struct net_device *netdev, struct in6_addr prefix, - int prefix_len, struct in6_addr address, - struct in6_addr gateway ) { +static struct ipv6_miniroute * __malloc +add_ipv6_miniroute ( struct net_device *netdev, struct in6_addr *address, + unsigned int prefix_len, struct in6_addr *router ) { struct ipv6_miniroute *miniroute; - - miniroute = malloc ( sizeof ( *miniroute ) ); - if ( miniroute ) { - /* Record routing information */ - miniroute->netdev = netdev_get ( netdev ); - miniroute->prefix = prefix; - miniroute->prefix_len = prefix_len; - miniroute->address = address; - miniroute->gateway = gateway; - - /* Add miniroute to list of miniroutes */ - if ( !IP6_EQUAL ( gateway, ip6_none ) ) { - list_add_tail ( &miniroute->list, &miniroutes ); - } else { - list_add ( &miniroute->list, &miniroutes ); - } + uint8_t *prefix_mask; + + DBGC ( netdev, "IPv6 add %s/%d ", inet6_ntoa ( address ), prefix_len ); + if ( router ) + DBGC ( netdev, "router %s ", inet6_ntoa ( router ) ); + DBGC ( netdev, "via %s\n", netdev->name ); + + /* Allocate and populate miniroute structure */ + miniroute = zalloc ( sizeof ( *miniroute ) ); + if ( ! miniroute ) + return NULL; + + /* Record routing information */ + miniroute->netdev = netdev_get ( netdev ); + memcpy ( &miniroute->address, address, sizeof ( miniroute->address ) ); + miniroute->prefix_len = prefix_len; + assert ( prefix_len <= ( 8 * sizeof ( miniroute->prefix_mask ) ) ); + for ( prefix_mask = miniroute->prefix_mask.s6_addr ; prefix_len >= 8 ; + prefix_mask++, prefix_len -= 8 ) { + *prefix_mask = 0xff; + } + if ( prefix_len ) + *prefix_mask <<= ( 8 - prefix_len ); + if ( router ) { + miniroute->has_router = 1; + memcpy ( &miniroute->router, router, + sizeof ( miniroute->router ) ); + } + + /* Add to end of list if we have a gateway, otherwise to start + * of list. + */ + if ( router ) { + list_add_tail ( &miniroute->list, &ipv6_miniroutes ); + } else { + list_add ( &miniroute->list, &ipv6_miniroutes ); } return miniroute; @@ -82,290 +168,516 @@ add_ipv6_miniroute ( struct net_device *netdev, struct in6_addr prefix, * @v miniroute Routing table entry */ static void del_ipv6_miniroute ( struct ipv6_miniroute *miniroute ) { + struct net_device *netdev = miniroute->netdev; + + DBGC ( netdev, "IPv6 del %s/%d ", inet6_ntoa ( &miniroute->address ), + miniroute->prefix_len ); + if ( miniroute->has_router ) + DBGC ( netdev, "router %s ", inet6_ntoa ( &miniroute->router )); + DBGC ( netdev, "via %s\n", netdev->name ); + netdev_put ( miniroute->netdev ); list_del ( &miniroute->list ); free ( miniroute ); } /** - * Add IPv6 interface + * Perform IPv6 routing * - * @v netdev Network device - * @v prefix Destination prefix - * @v address Address of the interface - * @v gateway Gateway address (or ::0 for no gateway) + * @v scope_id Destination address scope ID (for link-local addresses) + * @v dest Final destination address + * @ret dest Next hop destination address + * @ret miniroute Routing table entry to use, or NULL if no route */ -int add_ipv6_address ( struct net_device *netdev, struct in6_addr prefix, - int prefix_len, struct in6_addr address, - struct in6_addr gateway ) { +static struct ipv6_miniroute * ipv6_route ( unsigned int scope_id, + struct in6_addr **dest ) { struct ipv6_miniroute *miniroute; + int local; + + /* Find first usable route in routing table */ + list_for_each_entry ( miniroute, &ipv6_miniroutes, list ) { + + /* Skip closed network devices */ + if ( ! netdev_is_open ( miniroute->netdev ) ) + continue; + + /* For link-local addresses, skip devices that are not + * the specified network device. + */ + if ( IN6_IS_ADDR_LINKLOCAL ( *dest ) && + ( miniroute->netdev->index != scope_id ) ) + continue; + + /* Skip non-gateway devices for which the prefix does + * not match. + */ + local = ipv6_is_local ( miniroute, *dest ); + if ( ! ( local || miniroute->has_router ) ) + continue; + + /* Update next hop if applicable */ + if ( ! local ) + *dest = &miniroute->router; + + return miniroute; + } - /* Clear any existing address for this net device */ - del_ipv6_address ( netdev ); - - /* Add new miniroute */ - miniroute = add_ipv6_miniroute ( netdev, prefix, prefix_len, address, - gateway ); - if ( ! miniroute ) - return -ENOMEM; - - return 0; + return NULL; } /** - * Remove IPv6 interface + * Check that received options can be safely ignored * - * @v netdev Network device + * @v iphdr IPv6 header + * @v options Options extension header + * @v len Maximum length of header + * @ret rc Return status code */ -void del_ipv6_address ( struct net_device *netdev ) { - struct ipv6_miniroute *miniroute; - - list_for_each_entry ( miniroute, &miniroutes, list ) { - if ( miniroute->netdev == netdev ) { - del_ipv6_miniroute ( miniroute ); - break; +static int ipv6_check_options ( struct ipv6_header *iphdr, + struct ipv6_options_header *options, + size_t len ) { + struct ipv6_option *option = options->options; + struct ipv6_option *end = ( ( ( void * ) options ) + len ); + + while ( option < end ) { + if ( ! IPV6_CAN_IGNORE_OPT ( option->type ) ) { + DBGC ( ipv6col ( &iphdr->src ), "IPv6 unrecognised " + "option type %#02x:\n", option->type ); + DBGC_HDA ( ipv6col ( &iphdr->src ), 0, + options, len ); + return -ENOTSUP_OPT; + } + if ( option->type == IPV6_OPT_PAD1 ) { + option = ( ( ( void * ) option ) + 1 ); + } else { + option = ( ( ( void * ) option ) + option->len ); } } + return 0; } /** - * Calculate TCPIP checksum + * Check if fragment matches fragment reassembly buffer * - * @v iobuf I/O buffer - * @v tcpip TCP/IP protocol + * @v fragment Fragment reassembly buffer + * @v iobuf I/O buffer + * @v hdrlen Length of non-fragmentable potion of I/O buffer + * @ret is_fragment Fragment matches this reassembly buffer + */ +static int ipv6_is_fragment ( struct fragment *fragment, + struct io_buffer *iobuf, size_t hdrlen ) { + struct ipv6_header *frag_iphdr = fragment->iobuf->data; + struct ipv6_fragment_header *frag_fhdr = + ( fragment->iobuf->data + fragment->hdrlen - + sizeof ( *frag_fhdr ) ); + struct ipv6_header *iphdr = iobuf->data; + struct ipv6_fragment_header *fhdr = + ( iobuf->data + hdrlen - sizeof ( *fhdr ) ); + + return ( ( memcmp ( &iphdr->src, &frag_iphdr->src, + sizeof ( iphdr->src ) ) == 0 ) && + ( fhdr->ident == frag_fhdr->ident ) ); +} + +/** + * Get fragment offset * - * This function constructs the pseudo header and completes the checksum in the - * upper layer header. + * @v iobuf I/O buffer + * @v hdrlen Length of non-fragmentable potion of I/O buffer + * @ret offset Offset */ -static uint16_t ipv6_tx_csum ( struct io_buffer *iobuf, uint16_t csum ) { - struct ip6_header *ip6hdr = iobuf->data; - struct ipv6_pseudo_header pshdr; +static size_t ipv6_fragment_offset ( struct io_buffer *iobuf, size_t hdrlen ) { + struct ipv6_fragment_header *fhdr = + ( iobuf->data + hdrlen - sizeof ( *fhdr ) ); - /* Calculate pseudo header */ - memset ( &pshdr, 0, sizeof ( pshdr ) ); - pshdr.src = ip6hdr->src; - pshdr.dest = ip6hdr->dest; - pshdr.len = htons ( iob_len ( iobuf ) - sizeof ( *ip6hdr ) ); - pshdr.nxt_hdr = ip6hdr->nxt_hdr; + return ( ntohs ( fhdr->offset_more ) & IPV6_MASK_OFFSET ); +} - /* Update checksum value */ - return tcpip_continue_chksum ( csum, &pshdr, sizeof ( pshdr ) ); +/** + * Check if more fragments exist + * + * @v iobuf I/O buffer + * @v hdrlen Length of non-fragmentable potion of I/O buffer + * @ret more_frags More fragments exist + */ +static int ipv6_more_fragments ( struct io_buffer *iobuf, size_t hdrlen ) { + struct ipv6_fragment_header *fhdr = + ( iobuf->data + hdrlen - sizeof ( *fhdr ) ); + + return ( fhdr->offset_more & htons ( IPV6_MASK_MOREFRAGS ) ); } +/** Fragment reassembler */ +static struct fragment_reassembler ipv6_reassembler = { + .list = LIST_HEAD_INIT ( ipv6_reassembler.list ), + .is_fragment = ipv6_is_fragment, + .fragment_offset = ipv6_fragment_offset, + .more_fragments = ipv6_more_fragments, +}; + /** - * Dump IP6 header for debugging + * Calculate IPv6 pseudo-header checksum * - * ip6hdr IPv6 header + * @v iphdr IPv6 header + * @v len Payload length + * @v next_header Next header type + * @v csum Existing checksum + * @ret csum Updated checksum */ -void ipv6_dump ( struct ip6_header *ip6hdr ) { - DBG ( "IP6 %p src %s dest %s nxt_hdr %d len %d\n", ip6hdr, - inet6_ntoa ( ip6hdr->src ), inet6_ntoa ( ip6hdr->dest ), - ip6hdr->nxt_hdr, ntohs ( ip6hdr->payload_len ) ); +static uint16_t ipv6_pshdr_chksum ( struct ipv6_header *iphdr, size_t len, + int next_header, uint16_t csum ) { + struct ipv6_pseudo_header pshdr; + + /* Build pseudo-header */ + memcpy ( &pshdr.src, &iphdr->src, sizeof ( pshdr.src ) ); + memcpy ( &pshdr.dest, &iphdr->dest, sizeof ( pshdr.dest ) ); + pshdr.len = htonl ( len ); + memset ( pshdr.zero, 0, sizeof ( pshdr.zero ) ); + pshdr.next_header = next_header; + + /* Update the checksum value */ + return tcpip_continue_chksum ( csum, &pshdr, sizeof ( pshdr ) ); } /** - * Transmit IP6 packet + * Transmit IPv6 packet * - * iobuf I/O buffer - * tcpip TCP/IP protocol - * st_dest Destination socket address + * @v iobuf I/O buffer + * @v tcpip Transport-layer protocol + * @v st_src Source network-layer address + * @v st_dest Destination network-layer address + * @v netdev Network device to use if no route found, or NULL + * @v trans_csum Transport-layer checksum to complete, or NULL + * @ret rc Status * - * This function prepends the IPv6 headers to the payload an transmits it. + * This function expects a transport-layer segment and prepends the + * IPv6 header */ static int ipv6_tx ( struct io_buffer *iobuf, - struct tcpip_protocol *tcpip, - struct sockaddr_tcpip *st_src __unused, + struct tcpip_protocol *tcpip_protocol, + struct sockaddr_tcpip *st_src, struct sockaddr_tcpip *st_dest, struct net_device *netdev, uint16_t *trans_csum ) { - struct sockaddr_in6 *dest = ( struct sockaddr_in6* ) st_dest; - struct in6_addr next_hop; + struct sockaddr_in6 *sin6_src = ( ( struct sockaddr_in6 * ) st_src ); + struct sockaddr_in6 *sin6_dest = ( ( struct sockaddr_in6 * ) st_dest ); struct ipv6_miniroute *miniroute; + struct ipv6_header *iphdr; + struct in6_addr *next_hop; uint8_t ll_dest_buf[MAX_LL_ADDR_LEN]; - const uint8_t *ll_dest = ll_dest_buf; + const void *ll_dest; + size_t len; int rc; - /* Construct the IPv6 packet */ - struct ip6_header *ip6hdr = iob_push ( iobuf, sizeof ( *ip6hdr ) ); - memset ( ip6hdr, 0, sizeof ( *ip6hdr) ); - ip6hdr->ver_traffic_class_flow_label = htonl ( 0x60000000 );//IP6_VERSION; - ip6hdr->payload_len = htons ( iob_len ( iobuf ) - sizeof ( *ip6hdr ) ); - ip6hdr->nxt_hdr = tcpip->tcpip_proto; - ip6hdr->hop_limit = IP6_HOP_LIMIT; // 255 - - /* Determine the next hop address and interface - * - * TODO: Implement the routing table. - */ - next_hop = dest->sin6_addr; - list_for_each_entry ( miniroute, &miniroutes, list ) { - if ( ( memcmp ( &ip6hdr->dest, &miniroute->prefix, - miniroute->prefix_len ) == 0 ) || - ( IP6_EQUAL ( miniroute->gateway, ip6_none ) ) ) { - netdev = miniroute->netdev; - ip6hdr->src = miniroute->address; - if ( ! ( IS_UNSPECIFIED ( miniroute->gateway ) ) ) { - next_hop = miniroute->gateway; - } - break; - } + /* Fill up the IPv6 header, except source address */ + len = iob_len ( iobuf ); + iphdr = iob_push ( iobuf, sizeof ( *iphdr ) ); + memset ( iphdr, 0, sizeof ( *iphdr ) ); + iphdr->ver_tc_label = htonl ( IPV6_VER ); + iphdr->len = htons ( len ); + iphdr->next_header = tcpip_protocol->tcpip_proto; + iphdr->hop_limit = IPV6_HOP_LIMIT; + memcpy ( &iphdr->dest, &sin6_dest->sin6_addr, sizeof ( iphdr->dest ) ); + + /* Use routing table to identify next hop and transmitting netdev */ + next_hop = &iphdr->dest; + if ( sin6_src ) { + memcpy ( &iphdr->src, &sin6_src->sin6_addr, + sizeof ( iphdr->src ) ); + } + if ( ( ! IN6_IS_ADDR_MULTICAST ( next_hop ) ) && + ( ( miniroute = ipv6_route ( ntohl ( sin6_dest->sin6_scope_id ), + &next_hop ) ) != NULL ) ) { + memcpy ( &iphdr->src, &miniroute->address, + sizeof ( iphdr->src ) ); + netdev = miniroute->netdev; } - /* No network interface identified */ - if ( !netdev ) { - DBG ( "No route to host %s\n", inet6_ntoa ( ip6hdr->dest ) ); + if ( ! netdev ) { + DBGC ( ipv6col ( &iphdr->dest ), "IPv6 has no route to %s\n", + inet6_ntoa ( &iphdr->dest ) ); rc = -ENETUNREACH; goto err; } - /* Complete the transport layer checksum */ - if ( trans_csum ) - *trans_csum = ipv6_tx_csum ( iobuf, *trans_csum ); - - /* Print IPv6 header */ - ipv6_dump ( ip6hdr ); - - /* Resolve link layer address */ - if ( next_hop.in6_u.u6_addr8[0] == 0xff ) { - ll_dest_buf[0] = 0x33; - ll_dest_buf[1] = 0x33; - ll_dest_buf[2] = next_hop.in6_u.u6_addr8[12]; - ll_dest_buf[3] = next_hop.in6_u.u6_addr8[13]; - ll_dest_buf[4] = next_hop.in6_u.u6_addr8[14]; - ll_dest_buf[5] = next_hop.in6_u.u6_addr8[15]; - } else { - /* Unicast address needs to be resolved by NDP */ - if ( ( rc = ndp_resolve ( netdev, &next_hop, &ip6hdr->src, - ll_dest_buf ) ) != 0 ) { - DBG ( "No entry for %s\n", inet6_ntoa ( next_hop ) ); + /* Fix up checksums */ + if ( trans_csum ) { + *trans_csum = ipv6_pshdr_chksum ( iphdr, len, + tcpip_protocol->tcpip_proto, + *trans_csum ); + } + + /* Print IPv6 header for debugging */ + DBGC2 ( ipv6col ( &iphdr->dest ), "IPv6 TX %s->", + inet6_ntoa ( &iphdr->src ) ); + DBGC2 ( ipv6col ( &iphdr->dest ), "%s len %zd next %d\n", + inet6_ntoa ( &iphdr->dest ), len, iphdr->next_header ); + + /* Calculate link-layer destination address, if possible */ + if ( IN6_IS_ADDR_MULTICAST ( next_hop ) ) { + /* Multicast address */ + if ( ( rc = netdev->ll_protocol->mc_hash ( AF_INET6, next_hop, + ll_dest_buf ) ) !=0){ + DBGC ( ipv6col ( &iphdr->dest ), "IPv6 could not hash " + "multicast %s: %s\n", inet6_ntoa ( next_hop ), + strerror ( rc ) ); goto err; } + ll_dest = ll_dest_buf; + } else { + /* Unicast address */ + ll_dest = NULL; + } + + /* Hand off to link layer (via NDP if applicable) */ + if ( ll_dest ) { + if ( ( rc = net_tx ( iobuf, netdev, &ipv6_protocol, ll_dest, + netdev->ll_addr ) ) != 0 ) { + DBGC ( ipv6col ( &iphdr->dest ), "IPv6 could not " + "transmit packet via %s: %s\n", + netdev->name, strerror ( rc ) ); + return rc; + } + } else { + if ( ( rc = ndp_tx ( iobuf, netdev, next_hop, &iphdr->src, + netdev->ll_addr ) ) != 0 ) { + DBGC ( ipv6col ( &iphdr->dest ), "IPv6 could not " + "transmit packet via %s: %s\n", + netdev->name, strerror ( rc ) ); + return rc; + } } - /* Transmit packet */ - return net_tx ( iobuf, netdev, &ipv6_protocol, ll_dest, - netdev->ll_addr ); + return 0; - err: + err: free_iob ( iobuf ); return rc; } /** - * Process next IP6 header - * - * @v iobuf I/O buffer - * @v nxt_hdr Next header number - * @v src Source socket address - * @v dest Destination socket address - * - * Refer http://www.iana.org/assignments/ipv6-parameters for the numbers - */ -static int ipv6_process_nxt_hdr ( struct io_buffer *iobuf, - struct net_device *netdev, uint8_t nxt_hdr, - struct sockaddr_tcpip *src, struct sockaddr_tcpip *dest ) { - switch ( nxt_hdr ) { - case IP6_HOPBYHOP: - case IP6_ROUTING: - case IP6_FRAGMENT: - case IP6_AUTHENTICATION: - case IP6_DEST_OPTS: - case IP6_ESP: - DBG ( "Function not implemented for header %d\n", nxt_hdr ); - return -ENOSYS; - case IP6_ICMP6: - break; - case IP6_NO_HEADER: - DBG ( "No next header\n" ); - return 0; - } - /* Next header is not a IPv6 extension header */ - return tcpip_rx ( iobuf, netdev, nxt_hdr, src, dest, 0 /* fixme */ ); -} - -/** - * Process incoming IP6 packets + * Process incoming IPv6 packets * * @v iobuf I/O buffer * @v netdev Network device * @v ll_dest Link-layer destination address - * @v ll_source Link-layer source address + * @v ll_source Link-layer destination source * @v flags Packet flags + * @ret rc Return status code * - * This function processes a IPv6 packet + * This function expects an IPv6 network datagram. It processes the + * headers and sends it to the transport layer. */ -static int ipv6_rx ( struct io_buffer *iobuf, - __unused struct net_device *netdev, - __unused const void *ll_dest, - __unused const void *ll_source, - __unused unsigned int flags ) { - - struct ip6_header *ip6hdr = iobuf->data; +static int ipv6_rx ( struct io_buffer *iobuf, struct net_device *netdev, + const void *ll_dest __unused, + const void *ll_source __unused, + unsigned int flags __unused ) { + struct ipv6_header *iphdr = iobuf->data; + union ipv6_extension_header *ext; union { struct sockaddr_in6 sin6; struct sockaddr_tcpip st; } src, dest; + uint16_t pshdr_csum; + size_t len; + size_t hdrlen; + size_t extlen; + int this_header; + int next_header; + int rc; - /* Sanity check */ - if ( iob_len ( iobuf ) < sizeof ( *ip6hdr ) ) { - DBG ( "Packet too short (%zd bytes)\n", iob_len ( iobuf ) ); - goto drop; + /* Sanity check the IPv6 header */ + if ( iob_len ( iobuf ) < sizeof ( *iphdr ) ) { + DBGC ( ipv6col ( &iphdr->src ), "IPv6 packet too short at %zd " + "bytes (min %zd bytes)\n", iob_len ( iobuf ), + sizeof ( *iphdr ) ); + rc = -EINVAL_LEN; + goto err; } - - /* TODO: Verify checksum */ - - /* Print IP6 header for debugging */ - ipv6_dump ( ip6hdr ); - - /* Check header version */ - if ( ( ip6hdr->ver_traffic_class_flow_label & 0xf0000000 ) != 0x60000000 ) { - DBG ( "Invalid protocol version\n" ); - goto drop; + if ( ( iphdr->ver_tc_label & htonl ( IPV6_MASK_VER ) ) != + htonl ( IPV6_VER ) ) { + DBGC ( ipv6col ( &iphdr->src ), "IPv6 version %#08x not " + "supported\n", ntohl ( iphdr->ver_tc_label ) ); + rc = -ENOTSUP_VER; + goto err; } - /* Check the payload length */ - if ( ntohs ( ip6hdr->payload_len ) > iob_len ( iobuf ) ) { - DBG ( "Inconsistent packet length (%d bytes)\n", - ip6hdr->payload_len ); - goto drop; + /* Truncate packet to specified length */ + len = ntohs ( iphdr->len ); + if ( len > iob_len ( iobuf ) ) { + DBGC ( ipv6col ( &iphdr->src ), "IPv6 length too long at %zd " + "bytes (packet is %zd bytes)\n", len, iob_len ( iobuf )); + rc = -EINVAL_LEN; + goto err; } + iob_unput ( iobuf, ( iob_len ( iobuf ) - len - sizeof ( *iphdr ) ) ); + hdrlen = sizeof ( *iphdr ); + + /* Print IPv6 header for debugging */ + DBGC2 ( ipv6col ( &iphdr->src ), "IPv6 RX %s<-", + inet6_ntoa ( &iphdr->dest ) ); + DBGC2 ( ipv6col ( &iphdr->src ), "%s len %zd next %d\n", + inet6_ntoa ( &iphdr->src ), len, iphdr->next_header ); + + /* Discard unicast packets not destined for us */ + if ( ( ! ( flags & LL_MULTICAST ) ) && + ( ! ipv6_has_addr ( netdev, &iphdr->dest ) ) ) { + DBGC ( ipv6col ( &iphdr->src ), "IPv6 discarding non-local " + "unicast packet for %s\n", inet6_ntoa ( &iphdr->dest ) ); + rc = -EPIPE; + goto err; + } + + /* Process any extension headers */ + next_header = iphdr->next_header; + while ( 1 ) { + + /* Extract extension header */ + this_header = next_header; + ext = ( iobuf->data + hdrlen ); + extlen = sizeof ( ext->pad ); + if ( iob_len ( iobuf ) < ( hdrlen + extlen ) ) { + DBGC ( ipv6col ( &iphdr->src ), "IPv6 too short for " + "extension header type %d at %zd bytes (min " + "%zd bytes)\n", this_header, + ( iob_len ( iobuf ) - hdrlen ), extlen ); + rc = -EINVAL_LEN; + goto err; + } - /* Ignore the traffic class and flow control values */ + /* Determine size of extension header (if applicable) */ + if ( ( this_header == IPV6_HOPBYHOP ) || + ( this_header == IPV6_DESTINATION ) || + ( this_header == IPV6_ROUTING ) ) { + /* Length field is present */ + extlen += ext->common.len; + } else if ( this_header == IPV6_FRAGMENT ) { + /* Length field is reserved and ignored (RFC2460) */ + } else { + /* Not an extension header; assume rest is payload */ + break; + } + if ( iob_len ( iobuf ) < ( hdrlen + extlen ) ) { + DBGC ( ipv6col ( &iphdr->src ), "IPv6 too short for " + "extension header type %d at %zd bytes (min " + "%zd bytes)\n", this_header, + ( iob_len ( iobuf ) - hdrlen ), extlen ); + rc = -EINVAL_LEN; + goto err; + } + hdrlen += extlen; + next_header = ext->common.next_header; + DBGC2 ( ipv6col ( &iphdr->src ), "IPv6 RX %s<-", + inet6_ntoa ( &iphdr->dest ) ); + DBGC2 ( ipv6col ( &iphdr->src ), "%s ext type %d len %zd next " + "%d\n", inet6_ntoa ( &iphdr->src ), this_header, + extlen, next_header ); + + /* Process this extension header */ + if ( ( this_header == IPV6_HOPBYHOP ) || + ( this_header == IPV6_DESTINATION ) ) { + + /* Check that all options can be ignored */ + if ( ( rc = ipv6_check_options ( iphdr, &ext->options, + extlen ) ) != 0 ) + goto err; + + } else if ( this_header == IPV6_FRAGMENT ) { + + /* Reassemble fragments */ + iobuf = fragment_reassemble ( &ipv6_reassembler, iobuf, + &hdrlen ); + if ( ! iobuf ) + return 0; + iphdr = iobuf->data; + } + } - /* Construct socket address */ + /* Construct socket address, calculate pseudo-header checksum, + * and hand off to transport layer + */ memset ( &src, 0, sizeof ( src ) ); src.sin6.sin6_family = AF_INET6; - src.sin6.sin6_addr = ip6hdr->src; + memcpy ( &src.sin6.sin6_addr, &iphdr->src, + sizeof ( src.sin6.sin6_addr ) ); + src.sin6.sin6_scope_id = htonl ( netdev->index ); memset ( &dest, 0, sizeof ( dest ) ); dest.sin6.sin6_family = AF_INET6; - dest.sin6.sin6_addr = ip6hdr->dest; - - /* Strip header */ - iob_unput ( iobuf, iob_len ( iobuf ) - ntohs ( ip6hdr->payload_len ) - - sizeof ( *ip6hdr ) ); - iob_pull ( iobuf, sizeof ( *ip6hdr ) ); + memcpy ( &dest.sin6.sin6_addr, &iphdr->dest, + sizeof ( dest.sin6.sin6_addr ) ); + dest.sin6.sin6_scope_id = htonl ( netdev->index ); + iob_pull ( iobuf, hdrlen ); + pshdr_csum = ipv6_pshdr_chksum ( iphdr, iob_len ( iobuf ), + next_header, TCPIP_EMPTY_CSUM ); + if ( ( rc = tcpip_rx ( iobuf, netdev, next_header, &src.st, &dest.st, + pshdr_csum ) ) != 0 ) { + DBGC ( ipv6col ( &src.sin6.sin6_addr ), "IPv6 received packet " + "rejected by stack: %s\n", strerror ( rc ) ); + return rc; + } - /* Send it to the transport layer */ - return ipv6_process_nxt_hdr ( iobuf, netdev, ip6hdr->nxt_hdr, &src.st, &dest.st ); + return 0; - drop: - DBG ( "Packet dropped\n" ); + err: free_iob ( iobuf ); - return -1; + return rc; } /** - * Print a IP6 address as xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx + * Convert IPv6 address to standard notation + * + * @v in IPv6 address + * @ret string IPv6 address in standard notation + * + * RFC5952 defines the canonical format for IPv6 textual representation. */ -char * inet6_ntoa ( struct in6_addr in6 ) { - static char buf[40]; - uint16_t *bytes = ( uint16_t* ) &in6; - sprintf ( buf, "%x:%x:%x:%x:%x:%x:%x:%x", bytes[0], bytes[1], bytes[2], - bytes[3], bytes[4], bytes[5], bytes[6], bytes[7] ); - return buf; +char * inet6_ntoa ( const struct in6_addr *in ) { + static char buf[41]; /* ":xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx" */ + char *out = buf; + char *longest_start = NULL; + char *start = NULL; + int longest_len = 1; + int len = 0; + char *dest; + unsigned int i; + uint16_t value; + + /* Format address, keeping track of longest run of zeros */ + for ( i = 0 ; i < ( sizeof ( in->s6_addr16 ) / + sizeof ( in->s6_addr16[0] ) ) ; i++ ) { + value = ntohs ( in->s6_addr16[i] ); + if ( value == 0 ) { + if ( len++ == 0 ) + start = out; + if ( len > longest_len ) { + longest_start = start; + longest_len = len; + } + } else { + len = 0; + } + out += sprintf ( out, ":%x", value ); + } + + /* Abbreviate longest run of zeros, if applicable */ + if ( longest_start ) { + dest = strcpy ( ( longest_start + 1 ), + ( longest_start + ( 2 * longest_len ) ) ); + if ( dest[0] == '\0' ) + dest[1] = '\0'; + dest[0] = ':'; + } + return ( ( longest_start == buf ) ? buf : ( buf + 1 ) ); } +/** + * Transcribe IPv6 address + * + * @v net_addr IPv6 address + * @ret string IPv6 address in standard notation + * + */ static const char * ipv6_ntoa ( const void *net_addr ) { - return inet6_ntoa ( * ( ( struct in6_addr * ) net_addr ) ); + return inet6_ntoa ( net_addr ); } /** IPv6 protocol */ @@ -383,3 +695,72 @@ struct tcpip_net_protocol ipv6_tcpip_protocol __tcpip_net_protocol = { .sa_family = AF_INET6, .tx = ipv6_tx, }; + +/** + * Create IPv6 network device + * + * @v netdev Network device + * @ret rc Return status code + */ +static int ipv6_probe ( struct net_device *netdev ) { + struct ipv6_miniroute *miniroute; + struct in6_addr address; + int prefix_len; + int rc; + + /* Construct link-local address from EUI-64 as per RFC 2464 */ + prefix_len = ipv6_link_local ( &address, netdev ); + if ( prefix_len < 0 ) { + rc = prefix_len; + DBGC ( netdev, "IPv6 %s could not construct link-local " + "address: %s\n", netdev->name, strerror ( rc ) ); + return rc; + } + + /* Create link-local address for this network device */ + miniroute = add_ipv6_miniroute ( netdev, &address, prefix_len, NULL ); + if ( ! miniroute ) + return -ENOMEM; + + return 0; +} + +/** + * Handle IPv6 network device or link state change + * + * @v netdev Network device + */ +static void ipv6_notify ( struct net_device *netdev __unused ) { + + /* Nothing to do */ +} + +/** + * Destroy IPv6 network device + * + * @v netdev Network device + */ +static void ipv6_remove ( struct net_device *netdev ) { + struct ipv6_miniroute *miniroute; + struct ipv6_miniroute *tmp; + + /* Delete all miniroutes for this network device */ + list_for_each_entry_safe ( miniroute, tmp, &ipv6_miniroutes, list ) { + if ( miniroute->netdev == netdev ) + del_ipv6_miniroute ( miniroute ); + } +} + +/** IPv6 network device driver */ +struct net_driver ipv6_driver __net_driver = { + .name = "IPv6", + .probe = ipv6_probe, + .notify = ipv6_notify, + .remove = ipv6_remove, +}; + +/* Drag in ICMPv6 */ +REQUIRE_OBJECT ( icmpv6 ); + +/* Drag in NDP */ +REQUIRE_OBJECT ( ndp ); diff --git a/src/net/ndp.c b/src/net/ndp.c index 4d37133..48b16d0 100644 --- a/src/net/ndp.c +++ b/src/net/ndp.c @@ -1,180 +1,370 @@ -#include <stdint.h> +/* + * Copyright (C) 2013 Michael Brown <mbrown@fensystems.co.uk>. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +FILE_LICENCE ( GPL2_OR_LATER ); + #include <string.h> -#include <byteswap.h> #include <errno.h> -#include <ipxe/if_ether.h> +#include <byteswap.h> +#include <ipxe/in.h> #include <ipxe/iobuf.h> +#include <ipxe/tcpip.h> +#include <ipxe/ipv6.h> +#include <ipxe/icmpv6.h> +#include <ipxe/neighbour.h> #include <ipxe/ndp.h> -#include <ipxe/icmp6.h> -#include <ipxe/ip6.h> -#include <ipxe/netdevice.h> /** @file * - * Neighbour Discovery Protocol + * IPv6 neighbour discovery protocol * - * This file implements address resolution as specified by the neighbour - * discovery protocol in RFC2461. This protocol is part of the IPv6 protocol - * family. */ -/* A neighbour entry */ -struct ndp_entry { - /** Target IP6 address */ - struct in6_addr in6; - /** Link layer protocol */ - struct ll_protocol *ll_protocol; - /** Link-layer address */ - uint8_t ll_addr[MAX_LL_ADDR_LEN]; - /** State of the neighbour entry */ - int state; -}; - -/** Number of entries in the neighbour cache table */ -#define NUM_NDP_ENTRIES 4 - -/** The neighbour cache table */ -static struct ndp_entry ndp_table[NUM_NDP_ENTRIES]; -#define ndp_table_end &ndp_table[NUM_NDP_ENTRIES] - -static unsigned int next_new_ndp_entry = 0; - /** - * Find entry in the neighbour cache + * Transmit NDP neighbour solicitation/advertisement packet * - * @v in6 IP6 address + * @v netdev Network device + * @v sin6_src Source socket address + * @v sin6_dest Destination socket address + * @v target Neighbour target address + * @v icmp_type ICMPv6 type + * @v flags NDP flags + * @v option_type NDP option type + * @ret rc Return status code */ -static struct ndp_entry * -ndp_find_entry ( struct in6_addr *in6 ) { - struct ndp_entry *ndp; - - for ( ndp = ndp_table ; ndp < ndp_table_end ; ndp++ ) { - if ( IP6_EQUAL ( ( *in6 ), ndp->in6 ) && - ( ndp->state != NDP_STATE_INVALID ) ) { - return ndp; - } +static int ndp_tx_neighbour ( struct net_device *netdev, + struct sockaddr_in6 *sin6_src, + struct sockaddr_in6 *sin6_dest, + const struct in6_addr *target, + unsigned int icmp_type, + unsigned int flags, + unsigned int option_type ) { + struct sockaddr_tcpip *st_src = + ( ( struct sockaddr_tcpip * ) sin6_src ); + struct sockaddr_tcpip *st_dest = + ( ( struct sockaddr_tcpip * ) sin6_dest ); + struct ll_protocol *ll_protocol = netdev->ll_protocol; + struct io_buffer *iobuf; + struct ndp_header *ndp; + size_t option_len; + size_t len; + int rc; + + /* Allocate and populate buffer */ + option_len = ( ( sizeof ( ndp->option[0] ) + ll_protocol->ll_addr_len + + NDP_OPTION_BLKSZ - 1 ) & + ~( NDP_OPTION_BLKSZ - 1 ) ); + len = ( sizeof ( *ndp ) + option_len ); + iobuf = alloc_iob ( MAX_LL_NET_HEADER_LEN + len ); + if ( ! iobuf ) + return -ENOMEM; + iob_reserve ( iobuf, MAX_LL_NET_HEADER_LEN ); + ndp = iob_put ( iobuf, len ); + memset ( ndp, 0, len ); + ndp->icmp.type = icmp_type; + ndp->flags = flags; + memcpy ( &ndp->target, target, sizeof ( ndp->target ) ); + ndp->option[0].type = option_type; + ndp->option[0].blocks = ( option_len / NDP_OPTION_BLKSZ ); + memcpy ( ndp->option[0].value, netdev->ll_addr, + ll_protocol->ll_addr_len ); + ndp->icmp.chksum = tcpip_chksum ( ndp, len ); + + /* Transmit packet */ + if ( ( rc = tcpip_tx ( iobuf, &icmpv6_protocol, st_src, st_dest, + netdev, &ndp->icmp.chksum ) ) != 0 ) { + DBGC ( netdev, "NDP could not transmit packet: %s\n", + strerror ( rc ) ); + return rc; } - return NULL; + + return 0; } /** - * Add NDP entry - * - * @v netdev Network device - * @v in6 IP6 address - * @v ll_addr Link-layer address - * @v state State of the entry - one of the NDP_STATE_XXX values + * Transmit NDP neighbour discovery request + * + * @v netdev Network device + * @v net_protocol Network-layer protocol + * @v net_dest Destination network-layer address + * @v net_source Source network-layer address + * @ret rc Return status code */ -static void -add_ndp_entry ( struct net_device *netdev, struct in6_addr *in6, - void *ll_addr, int state ) { - struct ndp_entry *ndp; - ndp = &ndp_table[next_new_ndp_entry++ % NUM_NDP_ENTRIES]; - - /* Fill up entry */ - ndp->ll_protocol = netdev->ll_protocol; - memcpy ( &ndp->in6, &( *in6 ), sizeof ( *in6 ) ); - if ( ll_addr ) { - memcpy ( ndp->ll_addr, ll_addr, netdev->ll_protocol->ll_addr_len ); - } else { - memset ( ndp->ll_addr, 0, netdev->ll_protocol->ll_addr_len ); - } - ndp->state = state; - DBG ( "New neighbour cache entry: IP6 %s => %s %s\n", - inet6_ntoa ( ndp->in6 ), netdev->ll_protocol->name, - netdev->ll_protocol->ntoa ( ndp->ll_addr ) ); +static int ndp_tx_request ( struct net_device *netdev, + struct net_protocol *net_protocol __unused, + const void *net_dest, const void *net_source ) { + struct sockaddr_in6 sin6_src; + struct sockaddr_in6 sin6_dest; + + /* Construct source address */ + memset ( &sin6_src, 0, sizeof ( sin6_src ) ); + sin6_src.sin6_family = AF_INET6; + memcpy ( &sin6_src.sin6_addr, net_source, + sizeof ( sin6_src.sin6_addr ) ); + sin6_src.sin6_scope_id = htons ( netdev->index ); + + /* Construct multicast destination address */ + memset ( &sin6_dest, 0, sizeof ( sin6_dest ) ); + sin6_dest.sin6_family = AF_INET6; + sin6_dest.sin6_scope_id = htons ( netdev->index ); + ipv6_solicited_node ( &sin6_dest.sin6_addr, net_dest ); + + /* Transmit neighbour discovery packet */ + return ndp_tx_neighbour ( netdev, &sin6_src, &sin6_dest, net_dest, + ICMPV6_NDP_NEIGHBOUR_SOLICITATION, 0, + NDP_OPT_LL_SOURCE ); } +/** NDP neighbour discovery protocol */ +struct neighbour_discovery ndp_discovery = { + .name = "NDP", + .tx_request = ndp_tx_request, +}; + /** - * Resolve the link-layer address + * Process NDP neighbour solicitation source link-layer address option * * @v netdev Network device - * @v dest Destination address - * @v src Source address - * @ret dest_ll_addr Destination link-layer address or NULL - * @ret rc Status - * - * This function looks up the neighbour cache for an entry corresponding to the - * destination address. If it finds a valid entry, it fills up dest_ll_addr and - * returns 0. Otherwise it sends a neighbour solicitation to the solicited - * multicast address. + * @v sin6_src Source socket address + * @v ndp NDP packet + * @v ll_addr Source link-layer address + * @v ll_addr_len Source link-layer address length + * @ret rc Return status code */ -int ndp_resolve ( struct net_device *netdev, struct in6_addr *dest, - struct in6_addr *src, void *dest_ll_addr ) { +static int ndp_rx_neighbour_solicitation ( struct net_device *netdev, + struct sockaddr_in6 *sin6_src, + struct ndp_header *ndp __unused, + const void *ll_addr, + size_t ll_addr_len ) { struct ll_protocol *ll_protocol = netdev->ll_protocol; - struct ndp_entry *ndp; int rc; - ndp = ndp_find_entry ( dest ); - /* Check if the entry is valid */ - if ( ndp && ndp->state == NDP_STATE_REACHABLE ) { - DBG ( "Neighbour cache hit: IP6 %s => %s %s\n", - inet6_ntoa ( *dest ), ll_protocol->name, - ll_protocol->ntoa ( ndp->ll_addr ) ); - memcpy ( dest_ll_addr, ndp->ll_addr, ll_protocol->ll_addr_len ); + /* Silently ignore neighbour solicitations for addresses we do + * not own. + */ + if ( ! ipv6_has_addr ( netdev, &ndp->target ) ) return 0; - } - /* Check if the entry was already created */ - if ( ndp ) { - DBG ( "Awaiting neighbour advertisement\n" ); - /* For test */ -// ndp->state = NDP_STATE_REACHABLE; -// memcpy ( ndp->ll_addr, netdev->ll_addr, 6 ); -// assert ( ndp->ll_protocol->ll_addr_len == 6 ); -// icmp6_test_nadvert ( netdev, dest, ndp->ll_addr ); -// assert ( ndp->state == NDP_STATE_REACHABLE ); - /* Take it out till here */ - return -ENOENT; + /* Sanity check */ + if ( ll_addr_len < ll_protocol->ll_addr_len ) { + DBGC ( netdev, "NDP neighbour solicitation link-layer address " + "too short at %zd bytes (min %d bytes)\n", + ll_addr_len, ll_protocol->ll_addr_len ); + return -EINVAL; } - DBG ( "Neighbour cache miss: IP6 %s\n", inet6_ntoa ( *dest ) ); - /* Add entry in the neighbour cache */ - add_ndp_entry ( netdev, dest, NULL, NDP_STATE_INCOMPLETE ); + /* Create or update neighbour cache entry */ + if ( ( rc = neighbour_define ( netdev, &ipv6_protocol, + &sin6_src->sin6_addr, + ll_addr ) ) != 0 ) { + DBGC ( netdev, "NDP could not define %s => %s: %s\n", + inet6_ntoa ( &sin6_src->sin6_addr ), + ll_protocol->ntoa ( ll_addr ), strerror ( rc ) ); + return rc; + } - /* Send neighbour solicitation */ - if ( ( rc = icmp6_send_solicit ( netdev, src, dest ) ) != 0 ) { + /* Send neighbour advertisement */ + if ( ( rc = ndp_tx_neighbour ( netdev, NULL, sin6_src, &ndp->target, + ICMPV6_NDP_NEIGHBOUR_ADVERTISEMENT, + ( NDP_SOLICITED | NDP_OVERRIDE ), + NDP_OPT_LL_TARGET ) ) != 0 ) { return rc; } - return -ENOENT; + + return 0; } /** - * Process neighbour advertisement + * Process NDP neighbour advertisement target link-layer address option * - * @v iobuf I/O buffer - * @v st_src Source address - * @v st_dest Destination address + * @v netdev Network device + * @v sin6_src Source socket address + * @v ndp NDP packet + * @v ll_addr Target link-layer address + * @v ll_addr_len Target link-layer address length + * @ret rc Return status code */ -int ndp_process_advert ( struct io_buffer *iobuf, struct sockaddr_tcpip *st_src __unused, - struct sockaddr_tcpip *st_dest __unused ) { - struct neighbour_advert *nadvert = iobuf->data; - struct ndp_entry *ndp; +static int +ndp_rx_neighbour_advertisement ( struct net_device *netdev, + struct sockaddr_in6 *sin6_src __unused, + struct ndp_header *ndp, const void *ll_addr, + size_t ll_addr_len ) { + struct ll_protocol *ll_protocol = netdev->ll_protocol; + int rc; /* Sanity check */ - if ( iob_len ( iobuf ) < sizeof ( *nadvert ) ) { - DBG ( "Packet too short (%zd bytes)\n", iob_len ( iobuf ) ); + if ( ll_addr_len < ll_protocol->ll_addr_len ) { + DBGC ( netdev, "NDP neighbour advertisement link-layer address " + "too short at %zd bytes (min %d bytes)\n", + ll_addr_len, ll_protocol->ll_addr_len ); return -EINVAL; } - assert ( nadvert->code == 0 ); - assert ( nadvert->flags & ICMP6_FLAGS_SOLICITED ); - assert ( nadvert->opt_type == 2 ); + /* Update neighbour cache entry, if any */ + if ( ( rc = neighbour_update ( netdev, &ipv6_protocol, &ndp->target, + ll_addr ) ) != 0 ) { + DBGC ( netdev, "NDP could not update %s => %s: %s\n", + inet6_ntoa ( &ndp->target ), + ll_protocol->ntoa ( ll_addr ), strerror ( rc ) ); + return rc; + } - /* Update the neighbour cache, if entry is present */ - ndp = ndp_find_entry ( &nadvert->target ); - if ( ndp ) { + return 0; +} - assert ( nadvert->opt_len == - ( ( 2 + ndp->ll_protocol->ll_addr_len ) / 8 ) ); +/** An NDP option handler */ +struct ndp_option_handler { + /** ICMPv6 type */ + uint8_t icmp_type; + /** Option type */ + uint8_t option_type; + /** + * Handle received option + * + * @v netdev Network device + * @v sin6_src Source socket address + * @v ndp NDP packet + * @v value Option value + * @v len Option length + * @ret rc Return status code + */ + int ( * rx ) ( struct net_device *netdev, struct sockaddr_in6 *sin6_src, + struct ndp_header *ndp, const void *value, size_t len ); +}; - if ( IP6_EQUAL ( ndp->in6, nadvert->target ) ) { - memcpy ( ndp->ll_addr, nadvert->opt_ll_addr, - ndp->ll_protocol->ll_addr_len ); - ndp->state = NDP_STATE_REACHABLE; - return 0; +/** NDP option handlers */ +static struct ndp_option_handler ndp_option_handlers[] = { + { + .icmp_type = ICMPV6_NDP_NEIGHBOUR_SOLICITATION, + .option_type = NDP_OPT_LL_SOURCE, + .rx = ndp_rx_neighbour_solicitation, + }, + { + .icmp_type = ICMPV6_NDP_NEIGHBOUR_ADVERTISEMENT, + .option_type = NDP_OPT_LL_TARGET, + .rx = ndp_rx_neighbour_advertisement, + }, +}; + +/** + * Process received NDP option + * + * @v netdev Network device + * @v sin6_src Source socket address + * @v ndp NDP packet + * @v type Option type + * @v value Option value + * @v len Option length + * @ret rc Return status code + */ +static int ndp_rx_option ( struct net_device *netdev, + struct sockaddr_in6 *sin6_src, + struct ndp_header *ndp, unsigned int type, + const void *value, size_t len ) { + struct ndp_option_handler *handler; + unsigned int i; + + /* Locate a suitable option handler, if any */ + for ( i = 0 ; i < ( sizeof ( ndp_option_handlers ) / + sizeof ( ndp_option_handlers[0] ) ) ; i++ ) { + handler = &ndp_option_handlers[i]; + if ( ( handler->icmp_type == ndp->icmp.type ) && + ( handler->option_type == type ) ) { + return handler->rx ( netdev, sin6_src, ndp, + value, len ); } } - DBG ( "Unsolicited advertisement (dropping packet)\n" ); + + /* Silently ignore unknown options as per RFC 4861 */ return 0; } + +/** + * Process received NDP packet + * + * @v iobuf I/O buffer + * @v netdev Network device + * @v sin6_src Source socket address + * @v sin6_dest Destination socket address + * @ret rc Return status code + */ +static int ndp_rx ( struct io_buffer *iobuf, + struct net_device *netdev, + struct sockaddr_in6 *sin6_src, + struct sockaddr_in6 *sin6_dest __unused ) { + struct ndp_header *ndp = iobuf->data; + struct ndp_option *option; + size_t remaining; + size_t option_len; + size_t option_value_len; + int rc; + + /* Sanity check */ + if ( iob_len ( iobuf ) < sizeof ( *ndp ) ) { + DBGC ( netdev, "NDP packet too short at %zd bytes (min %zd " + "bytes)\n", iob_len ( iobuf ), sizeof ( *ndp ) ); + rc = -EINVAL; + goto done; + } + + /* Search for option */ + option = ndp->option; + remaining = ( iob_len ( iobuf ) - offsetof ( typeof ( *ndp ), option )); + while ( remaining ) { + + /* Sanity check */ + if ( ( remaining < sizeof ( *option ) ) || + ( option->blocks == 0 ) || + ( remaining < ( option->blocks * NDP_OPTION_BLKSZ ) ) ) { + DBGC ( netdev, "NDP bad option length:\n" ); + DBGC_HDA ( netdev, 0, option, remaining ); + rc = -EINVAL; + goto done; + } + option_len = ( option->blocks * NDP_OPTION_BLKSZ ); + option_value_len = ( option_len - sizeof ( *option ) ); + + /* Handle option */ + if ( ( rc = ndp_rx_option ( netdev, sin6_src, ndp, + option->type, option->value, + option_value_len ) ) != 0 ) { + goto done; + } + + /* Move to next option */ + option = ( ( ( void * ) option ) + option_len ); + remaining -= option_len; + } + + done: + free_iob ( iobuf ); + return rc; +} + +/** NDP ICMPv6 handlers */ +struct icmpv6_handler ndp_handlers[] __icmpv6_handler = { + { + .type = ICMPV6_NDP_NEIGHBOUR_SOLICITATION, + .rx = ndp_rx, + }, + { + .type = ICMPV6_NDP_NEIGHBOUR_ADVERTISEMENT, + .rx = ndp_rx, + }, +}; |