FreeBSD kernel IPv4 code
ip_carp.c
Go to the documentation of this file.
1/*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3 *
4 * Copyright (c) 2002 Michael Shalayeff.
5 * Copyright (c) 2003 Ryan McBride.
6 * Copyright (c) 2011 Gleb Smirnoff <glebius@FreeBSD.org>
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR OR HIS RELATIVES BE LIABLE FOR ANY DIRECT,
22 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
24 * SERVICES; LOSS OF MIND, USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
28 * THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31#include <sys/cdefs.h>
32__FBSDID("$FreeBSD$");
33
34#include "opt_bpf.h"
35#include "opt_inet.h"
36#include "opt_inet6.h"
37
38#include <sys/param.h>
39#include <sys/systm.h>
40#include <sys/devctl.h>
41#include <sys/jail.h>
42#include <sys/kernel.h>
43#include <sys/limits.h>
44#include <sys/malloc.h>
45#include <sys/mbuf.h>
46#include <sys/module.h>
47#include <sys/priv.h>
48#include <sys/proc.h>
49#include <sys/protosw.h>
50#include <sys/socket.h>
51#include <sys/sockio.h>
52#include <sys/sysctl.h>
53#include <sys/syslog.h>
54#include <sys/taskqueue.h>
55#include <sys/counter.h>
56
57#include <net/ethernet.h>
58#include <net/if.h>
59#include <net/if_var.h>
60#include <net/if_dl.h>
61#include <net/if_llatbl.h>
62#include <net/if_types.h>
63#include <net/route.h>
64#include <net/vnet.h>
65
66#if defined(INET) || defined(INET6)
67#include <netinet/in.h>
68#include <netinet/in_var.h>
69#include <netinet/ip_carp.h>
70#include <netinet/ip.h>
71#include <machine/in_cksum.h>
72#endif
73#ifdef INET
74#include <netinet/ip_var.h>
75#include <netinet/if_ether.h>
76#endif
77
78#ifdef INET6
79#include <netinet/icmp6.h>
80#include <netinet/ip6.h>
81#include <netinet6/in6_var.h>
82#include <netinet6/ip6_var.h>
83#include <netinet6/scope6_var.h>
84#include <netinet6/nd6.h>
85#endif
86
87#include <crypto/sha1.h>
88
89static MALLOC_DEFINE(M_CARP, "CARP", "CARP addresses");
90
91struct carp_softc {
92 struct ifnet *sc_carpdev; /* Pointer to parent ifnet. */
93 struct ifaddr **sc_ifas; /* Our ifaddrs. */
94 struct sockaddr_dl sc_addr; /* Our link level address. */
95 struct callout sc_ad_tmo; /* Advertising timeout. */
96#ifdef INET
97 struct callout sc_md_tmo; /* Master down timeout. */
98#endif
99#ifdef INET6
100 struct callout sc_md6_tmo; /* XXX: Master down timeout. */
101#endif
102 struct mtx sc_mtx;
103
104 int sc_vhid;
105 int sc_advskew;
106 int sc_advbase;
107
108 int sc_naddrs;
109 int sc_naddrs6;
110 int sc_ifasiz;
111 enum { INIT = 0, BACKUP, MASTER } sc_state;
112 int sc_suppress;
113 int sc_sendad_errors;
114#define CARP_SENDAD_MAX_ERRORS 3
115 int sc_sendad_success;
116#define CARP_SENDAD_MIN_SUCCESS 3
117
118 int sc_init_counter;
119 uint64_t sc_counter;
120
121 /* authentication */
122#define CARP_HMAC_PAD 64
123 unsigned char sc_key[CARP_KEY_LEN];
124 unsigned char sc_pad[CARP_HMAC_PAD];
125 SHA1_CTX sc_sha1;
126
127 TAILQ_ENTRY(carp_softc) sc_list; /* On the carp_if list. */
128 LIST_ENTRY(carp_softc) sc_next; /* On the global list. */
129};
130
131struct carp_if {
132#ifdef INET
133 int cif_naddrs;
134#endif
135#ifdef INET6
136 int cif_naddrs6;
137#endif
138 TAILQ_HEAD(, carp_softc) cif_vrs;
139#ifdef INET
140 struct ip_moptions cif_imo;
141#endif
142#ifdef INET6
143 struct ip6_moptions cif_im6o;
144#endif
145 struct ifnet *cif_ifp;
146 struct mtx cif_mtx;
147 uint32_t cif_flags;
148#define CIF_PROMISC 0x00000001
149};
150
151#define CARP_INET 0
152#define CARP_INET6 1
153static int proto_reg[] = {-1, -1};
154
155/*
156 * Brief design of carp(4).
157 *
158 * Any carp-capable ifnet may have a list of carp softcs hanging off
159 * its ifp->if_carp pointer. Each softc represents one unique virtual
160 * host id, or vhid. The softc has a back pointer to the ifnet. All
161 * softcs are joined in a global list, which has quite limited use.
162 *
163 * Any interface address that takes part in CARP negotiation has a
164 * pointer to the softc of its vhid, ifa->ifa_carp. That could be either
165 * AF_INET or AF_INET6 address.
166 *
167 * Although, one can get the softc's backpointer to ifnet and traverse
168 * through its ifp->if_addrhead queue to find all interface addresses
169 * involved in CARP, we keep a growable array of ifaddr pointers. This
170 * allows us to avoid grabbing the IF_ADDR_LOCK() in many traversals that
171 * do calls into the network stack, thus avoiding LORs.
172 *
173 * Locking:
174 *
175 * Each softc has a lock sc_mtx. It is used to synchronise carp_input_c(),
176 * callout-driven events and ioctl()s.
177 *
178 * To traverse the list of softcs on an ifnet we use CIF_LOCK() or carp_sx.
179 * To traverse the global list we use the mutex carp_mtx.
180 *
181 * Known issues with locking:
182 *
183 * - Sending ad, we put the pointer to the softc in an mtag, and no reference
184 * counting is done on the softc.
185 * - On module unload we may race (?) with packet processing thread
186 * dereferencing our function pointers.
187 */
188
189/* Accept incoming CARP packets. */
190VNET_DEFINE_STATIC(int, carp_allow) = 1;
191#define V_carp_allow VNET(carp_allow)
192
193/* Set DSCP in outgoing CARP packets. */
194VNET_DEFINE_STATIC(int, carp_dscp) = 56;
195#define V_carp_dscp VNET(carp_dscp)
196
197/* Preempt slower nodes. */
198VNET_DEFINE_STATIC(int, carp_preempt) = 0;
199#define V_carp_preempt VNET(carp_preempt)
200
201/* Log level. */
202VNET_DEFINE_STATIC(int, carp_log) = 1;
203#define V_carp_log VNET(carp_log)
204
205/* Global advskew demotion. */
206VNET_DEFINE_STATIC(int, carp_demotion) = 0;
207#define V_carp_demotion VNET(carp_demotion)
208
209/* Send error demotion factor. */
210VNET_DEFINE_STATIC(int, carp_senderr_adj) = CARP_MAXSKEW;
211#define V_carp_senderr_adj VNET(carp_senderr_adj)
212
213/* Iface down demotion factor. */
214VNET_DEFINE_STATIC(int, carp_ifdown_adj) = CARP_MAXSKEW;
215#define V_carp_ifdown_adj VNET(carp_ifdown_adj)
216
217static int carp_allow_sysctl(SYSCTL_HANDLER_ARGS);
218static int carp_dscp_sysctl(SYSCTL_HANDLER_ARGS);
219static int carp_demote_adj_sysctl(SYSCTL_HANDLER_ARGS);
220
221SYSCTL_NODE(_net_inet, IPPROTO_CARP, carp, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
222 "CARP");
223SYSCTL_PROC(_net_inet_carp, OID_AUTO, allow,
224 CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
225 0, 0, carp_allow_sysctl, "I",
226 "Accept incoming CARP packets");
227SYSCTL_PROC(_net_inet_carp, OID_AUTO, dscp,
228 CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
229 0, 0, carp_dscp_sysctl, "I",
230 "DSCP value for carp packets");
231SYSCTL_INT(_net_inet_carp, OID_AUTO, preempt, CTLFLAG_VNET | CTLFLAG_RW,
232 &VNET_NAME(carp_preempt), 0, "High-priority backup preemption mode");
233SYSCTL_INT(_net_inet_carp, OID_AUTO, log, CTLFLAG_VNET | CTLFLAG_RW,
234 &VNET_NAME(carp_log), 0, "CARP log level");
235SYSCTL_PROC(_net_inet_carp, OID_AUTO, demotion,
236 CTLFLAG_VNET | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
237 0, 0, carp_demote_adj_sysctl, "I",
238 "Adjust demotion factor (skew of advskew)");
239SYSCTL_INT(_net_inet_carp, OID_AUTO, senderr_demotion_factor,
240 CTLFLAG_VNET | CTLFLAG_RW,
241 &VNET_NAME(carp_senderr_adj), 0, "Send error demotion factor adjustment");
242SYSCTL_INT(_net_inet_carp, OID_AUTO, ifdown_demotion_factor,
243 CTLFLAG_VNET | CTLFLAG_RW,
244 &VNET_NAME(carp_ifdown_adj), 0,
245 "Interface down demotion factor adjustment");
246
247VNET_PCPUSTAT_DEFINE(struct carpstats, carpstats);
248VNET_PCPUSTAT_SYSINIT(carpstats);
249VNET_PCPUSTAT_SYSUNINIT(carpstats);
250
251#define CARPSTATS_ADD(name, val) \
252 counter_u64_add(VNET(carpstats)[offsetof(struct carpstats, name) / \
253 sizeof(uint64_t)], (val))
254#define CARPSTATS_INC(name) CARPSTATS_ADD(name, 1)
255
256SYSCTL_VNET_PCPUSTAT(_net_inet_carp, OID_AUTO, stats, struct carpstats,
257 carpstats, "CARP statistics (struct carpstats, netinet/ip_carp.h)");
258
259#define CARP_LOCK_INIT(sc) mtx_init(&(sc)->sc_mtx, "carp_softc", \
260 NULL, MTX_DEF)
261#define CARP_LOCK_DESTROY(sc) mtx_destroy(&(sc)->sc_mtx)
262#define CARP_LOCK_ASSERT(sc) mtx_assert(&(sc)->sc_mtx, MA_OWNED)
263#define CARP_LOCK(sc) mtx_lock(&(sc)->sc_mtx)
264#define CARP_UNLOCK(sc) mtx_unlock(&(sc)->sc_mtx)
265#define CIF_LOCK_INIT(cif) mtx_init(&(cif)->cif_mtx, "carp_if", \
266 NULL, MTX_DEF)
267#define CIF_LOCK_DESTROY(cif) mtx_destroy(&(cif)->cif_mtx)
268#define CIF_LOCK_ASSERT(cif) mtx_assert(&(cif)->cif_mtx, MA_OWNED)
269#define CIF_LOCK(cif) mtx_lock(&(cif)->cif_mtx)
270#define CIF_UNLOCK(cif) mtx_unlock(&(cif)->cif_mtx)
271#define CIF_FREE(cif) do { \
272 CIF_LOCK(cif); \
273 if (TAILQ_EMPTY(&(cif)->cif_vrs)) \
274 carp_free_if(cif); \
275 else \
276 CIF_UNLOCK(cif); \
277} while (0)
278
279#define CARP_LOG(...) do { \
280 if (V_carp_log > 0) \
281 log(LOG_INFO, "carp: " __VA_ARGS__); \
282} while (0)
283
284#define CARP_DEBUG(...) do { \
285 if (V_carp_log > 1) \
286 log(LOG_DEBUG, __VA_ARGS__); \
287} while (0)
288
289#define IFNET_FOREACH_IFA(ifp, ifa) \
290 CK_STAILQ_FOREACH((ifa), &(ifp)->if_addrhead, ifa_link) \
291 if ((ifa)->ifa_carp != NULL)
292
293#define CARP_FOREACH_IFA(sc, ifa) \
294 CARP_LOCK_ASSERT(sc); \
295 for (int _i = 0; \
296 _i < (sc)->sc_naddrs + (sc)->sc_naddrs6 && \
297 ((ifa) = sc->sc_ifas[_i]) != NULL; \
298 ++_i)
299
300#define IFNET_FOREACH_CARP(ifp, sc) \
301 KASSERT(mtx_owned(&ifp->if_carp->cif_mtx) || \
302 sx_xlocked(&carp_sx), ("cif_vrs not locked")); \
303 TAILQ_FOREACH((sc), &(ifp)->if_carp->cif_vrs, sc_list)
304
305#define DEMOTE_ADVSKEW(sc) \
306 (((sc)->sc_advskew + V_carp_demotion > CARP_MAXSKEW) ? \
307 CARP_MAXSKEW : \
308 (((sc)->sc_advskew + V_carp_demotion < 0) ? \
309 0 : ((sc)->sc_advskew + V_carp_demotion)))
310
311static void carp_input_c(struct mbuf *, struct carp_header *, sa_family_t);
312static struct carp_softc
313 *carp_alloc(struct ifnet *);
314static void carp_destroy(struct carp_softc *);
315static struct carp_if
316 *carp_alloc_if(struct ifnet *);
317static void carp_free_if(struct carp_if *);
318static void carp_set_state(struct carp_softc *, int, const char* reason);
319static void carp_sc_state(struct carp_softc *);
320static void carp_setrun(struct carp_softc *, sa_family_t);
321static void carp_master_down(void *);
322static void carp_master_down_locked(struct carp_softc *,
323 const char* reason);
324static void carp_send_ad(void *);
325static void carp_send_ad_locked(struct carp_softc *);
326static void carp_addroute(struct carp_softc *);
327static void carp_ifa_addroute(struct ifaddr *);
328static void carp_delroute(struct carp_softc *);
329static void carp_ifa_delroute(struct ifaddr *);
330static void carp_send_ad_all(void *, int);
331static void carp_demote_adj(int, char *);
332
333static LIST_HEAD(, carp_softc) carp_list;
334static struct mtx carp_mtx;
335static struct sx carp_sx;
336static struct task carp_sendall_task =
337 TASK_INITIALIZER(0, carp_send_ad_all, NULL);
338
339static void
340carp_hmac_prepare(struct carp_softc *sc)
341{
342 uint8_t version = CARP_VERSION, type = CARP_ADVERTISEMENT;
343 uint8_t vhid = sc->sc_vhid & 0xff;
344 struct ifaddr *ifa;
345 int i, found;
346#ifdef INET
347 struct in_addr last, cur, in;
348#endif
349#ifdef INET6
350 struct in6_addr last6, cur6, in6;
351#endif
352
353 CARP_LOCK_ASSERT(sc);
354
355 /* Compute ipad from key. */
356 bzero(sc->sc_pad, sizeof(sc->sc_pad));
357 bcopy(sc->sc_key, sc->sc_pad, sizeof(sc->sc_key));
358 for (i = 0; i < sizeof(sc->sc_pad); i++)
359 sc->sc_pad[i] ^= 0x36;
360
361 /* Precompute first part of inner hash. */
362 SHA1Init(&sc->sc_sha1);
363 SHA1Update(&sc->sc_sha1, sc->sc_pad, sizeof(sc->sc_pad));
364 SHA1Update(&sc->sc_sha1, (void *)&version, sizeof(version));
365 SHA1Update(&sc->sc_sha1, (void *)&type, sizeof(type));
366 SHA1Update(&sc->sc_sha1, (void *)&vhid, sizeof(vhid));
367#ifdef INET
368 cur.s_addr = 0;
369 do {
370 found = 0;
371 last = cur;
372 cur.s_addr = 0xffffffff;
373 CARP_FOREACH_IFA(sc, ifa) {
374 in.s_addr = ifatoia(ifa)->ia_addr.sin_addr.s_addr;
375 if (ifa->ifa_addr->sa_family == AF_INET &&
376 ntohl(in.s_addr) > ntohl(last.s_addr) &&
377 ntohl(in.s_addr) < ntohl(cur.s_addr)) {
378 cur.s_addr = in.s_addr;
379 found++;
380 }
381 }
382 if (found)
383 SHA1Update(&sc->sc_sha1, (void *)&cur, sizeof(cur));
384 } while (found);
385#endif /* INET */
386#ifdef INET6
387 memset(&cur6, 0, sizeof(cur6));
388 do {
389 found = 0;
390 last6 = cur6;
391 memset(&cur6, 0xff, sizeof(cur6));
392 CARP_FOREACH_IFA(sc, ifa) {
393 in6 = ifatoia6(ifa)->ia_addr.sin6_addr;
394 if (IN6_IS_SCOPE_EMBED(&in6))
395 in6.s6_addr16[1] = 0;
396 if (ifa->ifa_addr->sa_family == AF_INET6 &&
397 memcmp(&in6, &last6, sizeof(in6)) > 0 &&
398 memcmp(&in6, &cur6, sizeof(in6)) < 0) {
399 cur6 = in6;
400 found++;
401 }
402 }
403 if (found)
404 SHA1Update(&sc->sc_sha1, (void *)&cur6, sizeof(cur6));
405 } while (found);
406#endif /* INET6 */
407
408 /* convert ipad to opad */
409 for (i = 0; i < sizeof(sc->sc_pad); i++)
410 sc->sc_pad[i] ^= 0x36 ^ 0x5c;
411}
412
413static void
414carp_hmac_generate(struct carp_softc *sc, uint32_t counter[2],
415 unsigned char md[20])
416{
417 SHA1_CTX sha1ctx;
418
419 CARP_LOCK_ASSERT(sc);
420
421 /* fetch first half of inner hash */
422 bcopy(&sc->sc_sha1, &sha1ctx, sizeof(sha1ctx));
423
424 SHA1Update(&sha1ctx, (void *)counter, sizeof(sc->sc_counter));
425 SHA1Final(md, &sha1ctx);
426
427 /* outer hash */
428 SHA1Init(&sha1ctx);
429 SHA1Update(&sha1ctx, sc->sc_pad, sizeof(sc->sc_pad));
430 SHA1Update(&sha1ctx, md, 20);
431 SHA1Final(md, &sha1ctx);
432}
433
434static int
435carp_hmac_verify(struct carp_softc *sc, uint32_t counter[2],
436 unsigned char md[20])
437{
438 unsigned char md2[20];
439
440 CARP_LOCK_ASSERT(sc);
441
442 carp_hmac_generate(sc, counter, md2);
443
444 return (bcmp(md, md2, sizeof(md2)));
445}
446
447/*
448 * process input packet.
449 * we have rearranged checks order compared to the rfc,
450 * but it seems more efficient this way or not possible otherwise.
451 */
452#ifdef INET
453int
454carp_input(struct mbuf **mp, int *offp, int proto)
455{
456 struct mbuf *m = *mp;
457 struct ip *ip = mtod(m, struct ip *);
458 struct carp_header *ch;
459 int iplen, len;
460
461 iplen = *offp;
462 *mp = NULL;
463
464 CARPSTATS_INC(carps_ipackets);
465
466 if (!V_carp_allow) {
467 m_freem(m);
468 return (IPPROTO_DONE);
469 }
470
471 /* verify that the IP TTL is 255. */
472 if (ip->ip_ttl != CARP_DFLTTL) {
473 CARPSTATS_INC(carps_badttl);
474 CARP_DEBUG("%s: received ttl %d != 255 on %s\n", __func__,
475 ip->ip_ttl,
476 m->m_pkthdr.rcvif->if_xname);
477 m_freem(m);
478 return (IPPROTO_DONE);
479 }
480
481 iplen = ip->ip_hl << 2;
482
483 if (m->m_pkthdr.len < iplen + sizeof(*ch)) {
484 CARPSTATS_INC(carps_badlen);
485 CARP_DEBUG("%s: received len %zd < sizeof(struct carp_header) "
486 "on %s\n", __func__, m->m_len - sizeof(struct ip),
487 m->m_pkthdr.rcvif->if_xname);
488 m_freem(m);
489 return (IPPROTO_DONE);
490 }
491
492 if (iplen + sizeof(*ch) < m->m_len) {
493 if ((m = m_pullup(m, iplen + sizeof(*ch))) == NULL) {
494 CARPSTATS_INC(carps_hdrops);
495 CARP_DEBUG("%s: pullup failed\n", __func__);
496 return (IPPROTO_DONE);
497 }
498 ip = mtod(m, struct ip *);
499 }
500 ch = (struct carp_header *)((char *)ip + iplen);
501
502 /*
503 * verify that the received packet length is
504 * equal to the CARP header
505 */
506 len = iplen + sizeof(*ch);
507 if (len > m->m_pkthdr.len) {
508 CARPSTATS_INC(carps_badlen);
509 CARP_DEBUG("%s: packet too short %d on %s\n", __func__,
510 m->m_pkthdr.len,
511 m->m_pkthdr.rcvif->if_xname);
512 m_freem(m);
513 return (IPPROTO_DONE);
514 }
515
516 if ((m = m_pullup(m, len)) == NULL) {
517 CARPSTATS_INC(carps_hdrops);
518 return (IPPROTO_DONE);
519 }
520 ip = mtod(m, struct ip *);
521 ch = (struct carp_header *)((char *)ip + iplen);
522
523 /* verify the CARP checksum */
524 m->m_data += iplen;
525 if (in_cksum(m, len - iplen)) {
526 CARPSTATS_INC(carps_badsum);
527 CARP_DEBUG("%s: checksum failed on %s\n", __func__,
528 m->m_pkthdr.rcvif->if_xname);
529 m_freem(m);
530 return (IPPROTO_DONE);
531 }
532 m->m_data -= iplen;
533
534 carp_input_c(m, ch, AF_INET);
535 return (IPPROTO_DONE);
536}
537#endif
538
539#ifdef INET6
540int
541carp6_input(struct mbuf **mp, int *offp, int proto)
542{
543 struct mbuf *m = *mp;
544 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
545 struct carp_header *ch;
546 u_int len;
547
548 CARPSTATS_INC(carps_ipackets6);
549
550 if (!V_carp_allow) {
551 m_freem(m);
552 return (IPPROTO_DONE);
553 }
554
555 /* check if received on a valid carp interface */
556 if (m->m_pkthdr.rcvif->if_carp == NULL) {
557 CARPSTATS_INC(carps_badif);
558 CARP_DEBUG("%s: packet received on non-carp interface: %s\n",
559 __func__, m->m_pkthdr.rcvif->if_xname);
560 m_freem(m);
561 return (IPPROTO_DONE);
562 }
563
564 /* verify that the IP TTL is 255 */
565 if (ip6->ip6_hlim != CARP_DFLTTL) {
566 CARPSTATS_INC(carps_badttl);
567 CARP_DEBUG("%s: received ttl %d != 255 on %s\n", __func__,
568 ip6->ip6_hlim, m->m_pkthdr.rcvif->if_xname);
569 m_freem(m);
570 return (IPPROTO_DONE);
571 }
572
573 /* verify that we have a complete carp packet */
574 if (m->m_len < *offp + sizeof(*ch)) {
575 len = m->m_len;
576 m = m_pullup(m, *offp + sizeof(*ch));
577 if (m == NULL) {
578 CARPSTATS_INC(carps_badlen);
579 CARP_DEBUG("%s: packet size %u too small\n", __func__, len);
580 return (IPPROTO_DONE);
581 }
582 }
583 ch = (struct carp_header *)(mtod(m, char *) + *offp);
584
585 /* verify the CARP checksum */
586 m->m_data += *offp;
587 if (in_cksum(m, sizeof(*ch))) {
588 CARPSTATS_INC(carps_badsum);
589 CARP_DEBUG("%s: checksum failed, on %s\n", __func__,
590 m->m_pkthdr.rcvif->if_xname);
591 m_freem(m);
592 return (IPPROTO_DONE);
593 }
594 m->m_data -= *offp;
595
596 carp_input_c(m, ch, AF_INET6);
597 return (IPPROTO_DONE);
598}
599#endif /* INET6 */
600
601/*
602 * This routine should not be necessary at all, but some switches
603 * (VMWare ESX vswitches) can echo our own packets back at us,
604 * and we must ignore them or they will cause us to drop out of
605 * MASTER mode.
606 *
607 * We cannot catch all cases of network loops. Instead, what we
608 * do here is catch any packet that arrives with a carp header
609 * with a VHID of 0, that comes from an address that is our own.
610 * These packets are by definition "from us" (even if they are from
611 * a misconfigured host that is pretending to be us).
612 *
613 * The VHID test is outside this mini-function.
614 */
615static int
616carp_source_is_self(struct mbuf *m, struct ifaddr *ifa, sa_family_t af)
617{
618#ifdef INET
619 struct ip *ip4;
620 struct in_addr in4;
621#endif
622#ifdef INET6
623 struct ip6_hdr *ip6;
624 struct in6_addr in6;
625#endif
626
627 switch (af) {
628#ifdef INET
629 case AF_INET:
630 ip4 = mtod(m, struct ip *);
631 in4 = ifatoia(ifa)->ia_addr.sin_addr;
632 return (in4.s_addr == ip4->ip_src.s_addr);
633#endif
634#ifdef INET6
635 case AF_INET6:
636 ip6 = mtod(m, struct ip6_hdr *);
637 in6 = ifatoia6(ifa)->ia_addr.sin6_addr;
638 return (memcmp(&in6, &ip6->ip6_src, sizeof(in6)) == 0);
639#endif
640 default:
641 break;
642 }
643 return (0);
644}
645
646static void
647carp_input_c(struct mbuf *m, struct carp_header *ch, sa_family_t af)
648{
649 struct ifnet *ifp = m->m_pkthdr.rcvif;
650 struct ifaddr *ifa, *match;
651 struct carp_softc *sc;
652 uint64_t tmp_counter;
653 struct timeval sc_tv, ch_tv;
654 int error;
655
656 NET_EPOCH_ASSERT();
657
658 /*
659 * Verify that the VHID is valid on the receiving interface.
660 *
661 * There should be just one match. If there are none
662 * the VHID is not valid and we drop the packet. If
663 * there are multiple VHID matches, take just the first
664 * one, for compatibility with previous code. While we're
665 * scanning, check for obvious loops in the network topology
666 * (these should never happen, and as noted above, we may
667 * miss real loops; this is just a double-check).
668 */
669 error = 0;
670 match = NULL;
671 IFNET_FOREACH_IFA(ifp, ifa) {
672 if (match == NULL && ifa->ifa_carp != NULL &&
673 ifa->ifa_addr->sa_family == af &&
674 ifa->ifa_carp->sc_vhid == ch->carp_vhid)
675 match = ifa;
676 if (ch->carp_vhid == 0 && carp_source_is_self(m, ifa, af))
677 error = ELOOP;
678 }
679 ifa = error ? NULL : match;
680 if (ifa != NULL)
681 ifa_ref(ifa);
682
683 if (ifa == NULL) {
684 if (error == ELOOP) {
685 CARP_DEBUG("dropping looped packet on interface %s\n",
686 ifp->if_xname);
687 CARPSTATS_INC(carps_badif); /* ??? */
688 } else {
689 CARPSTATS_INC(carps_badvhid);
690 }
691 m_freem(m);
692 return;
693 }
694
695 /* verify the CARP version. */
696 if (ch->carp_version != CARP_VERSION) {
697 CARPSTATS_INC(carps_badver);
698 CARP_DEBUG("%s: invalid version %d\n", ifp->if_xname,
699 ch->carp_version);
700 ifa_free(ifa);
701 m_freem(m);
702 return;
703 }
704
705 sc = ifa->ifa_carp;
706 CARP_LOCK(sc);
707 ifa_free(ifa);
708
709 if (carp_hmac_verify(sc, ch->carp_counter, ch->carp_md)) {
710 CARPSTATS_INC(carps_badauth);
711 CARP_DEBUG("%s: incorrect hash for VHID %u@%s\n", __func__,
712 sc->sc_vhid, ifp->if_xname);
713 goto out;
714 }
715
716 tmp_counter = ntohl(ch->carp_counter[0]);
717 tmp_counter = tmp_counter<<32;
718 tmp_counter += ntohl(ch->carp_counter[1]);
719
720 /* XXX Replay protection goes here */
721
722 sc->sc_init_counter = 0;
723 sc->sc_counter = tmp_counter;
724
725 sc_tv.tv_sec = sc->sc_advbase;
726 sc_tv.tv_usec = DEMOTE_ADVSKEW(sc) * 1000000 / 256;
727 ch_tv.tv_sec = ch->carp_advbase;
728 ch_tv.tv_usec = ch->carp_advskew * 1000000 / 256;
729
730 switch (sc->sc_state) {
731 case INIT:
732 break;
733 case MASTER:
734 /*
735 * If we receive an advertisement from a master who's going to
736 * be more frequent than us, go into BACKUP state.
737 */
738 if (timevalcmp(&sc_tv, &ch_tv, >) ||
739 timevalcmp(&sc_tv, &ch_tv, ==)) {
740 callout_stop(&sc->sc_ad_tmo);
741 carp_set_state(sc, BACKUP,
742 "more frequent advertisement received");
743 carp_setrun(sc, 0);
744 carp_delroute(sc);
745 }
746 break;
747 case BACKUP:
748 /*
749 * If we're pre-empting masters who advertise slower than us,
750 * and this one claims to be slower, treat him as down.
751 */
752 if (V_carp_preempt && timevalcmp(&sc_tv, &ch_tv, <)) {
753 carp_master_down_locked(sc,
754 "preempting a slower master");
755 break;
756 }
757
758 /*
759 * If the master is going to advertise at such a low frequency
760 * that he's guaranteed to time out, we'd might as well just
761 * treat him as timed out now.
762 */
763 sc_tv.tv_sec = sc->sc_advbase * 3;
764 if (timevalcmp(&sc_tv, &ch_tv, <)) {
765 carp_master_down_locked(sc, "master will time out");
766 break;
767 }
768
769 /*
770 * Otherwise, we reset the counter and wait for the next
771 * advertisement.
772 */
773 carp_setrun(sc, af);
774 break;
775 }
776
777out:
778 CARP_UNLOCK(sc);
779 m_freem(m);
780}
781
782static int
783carp_prepare_ad(struct mbuf *m, struct carp_softc *sc, struct carp_header *ch)
784{
785 struct m_tag *mtag;
786
787 if (sc->sc_init_counter) {
788 /* this could also be seconds since unix epoch */
789 sc->sc_counter = arc4random();
790 sc->sc_counter = sc->sc_counter << 32;
791 sc->sc_counter += arc4random();
792 } else
793 sc->sc_counter++;
794
795 ch->carp_counter[0] = htonl((sc->sc_counter>>32)&0xffffffff);
796 ch->carp_counter[1] = htonl(sc->sc_counter&0xffffffff);
797
798 carp_hmac_generate(sc, ch->carp_counter, ch->carp_md);
799
800 /* Tag packet for carp_output */
801 if ((mtag = m_tag_get(PACKET_TAG_CARP, sizeof(struct carp_softc *),
802 M_NOWAIT)) == NULL) {
803 m_freem(m);
804 CARPSTATS_INC(carps_onomem);
805 return (ENOMEM);
806 }
807 bcopy(&sc, mtag + 1, sizeof(sc));
808 m_tag_prepend(m, mtag);
809
810 return (0);
811}
812
813/*
814 * To avoid LORs and possible recursions this function shouldn't
815 * be called directly, but scheduled via taskqueue.
816 */
817static void
818carp_send_ad_all(void *ctx __unused, int pending __unused)
819{
820 struct carp_softc *sc;
821 struct epoch_tracker et;
822
823 NET_EPOCH_ENTER(et);
824 mtx_lock(&carp_mtx);
825 LIST_FOREACH(sc, &carp_list, sc_next)
826 if (sc->sc_state == MASTER) {
827 CARP_LOCK(sc);
828 CURVNET_SET(sc->sc_carpdev->if_vnet);
829 carp_send_ad_locked(sc);
830 CURVNET_RESTORE();
831 CARP_UNLOCK(sc);
832 }
833 mtx_unlock(&carp_mtx);
834 NET_EPOCH_EXIT(et);
835}
836
837/* Send a periodic advertisement, executed in callout context. */
838static void
839carp_send_ad(void *v)
840{
841 struct carp_softc *sc = v;
842 struct epoch_tracker et;
843
844 NET_EPOCH_ENTER(et);
845 CARP_LOCK_ASSERT(sc);
846 CURVNET_SET(sc->sc_carpdev->if_vnet);
847 carp_send_ad_locked(sc);
848 CURVNET_RESTORE();
849 CARP_UNLOCK(sc);
850 NET_EPOCH_EXIT(et);
851}
852
853static void
854carp_send_ad_error(struct carp_softc *sc, int error)
855{
856
857 /*
858 * We track errors and successfull sends with this logic:
859 * - Any error resets success counter to 0.
860 * - MAX_ERRORS triggers demotion.
861 * - MIN_SUCCESS successes resets error counter to 0.
862 * - MIN_SUCCESS reverts demotion, if it was triggered before.
863 */
864 if (error) {
865 if (sc->sc_sendad_errors < INT_MAX)
866 sc->sc_sendad_errors++;
867 if (sc->sc_sendad_errors == CARP_SENDAD_MAX_ERRORS) {
868 static const char fmt[] = "send error %d on %s";
869 char msg[sizeof(fmt) + IFNAMSIZ];
870
871 sprintf(msg, fmt, error, sc->sc_carpdev->if_xname);
872 carp_demote_adj(V_carp_senderr_adj, msg);
873 }
874 sc->sc_sendad_success = 0;
875 } else if (sc->sc_sendad_errors > 0) {
876 if (++sc->sc_sendad_success >= CARP_SENDAD_MIN_SUCCESS) {
877 if (sc->sc_sendad_errors >= CARP_SENDAD_MAX_ERRORS) {
878 static const char fmt[] = "send ok on %s";
879 char msg[sizeof(fmt) + IFNAMSIZ];
880
881 sprintf(msg, fmt, sc->sc_carpdev->if_xname);
882 carp_demote_adj(-V_carp_senderr_adj, msg);
883 }
884 sc->sc_sendad_errors = 0;
885 }
886 }
887}
888
889/*
890 * Pick the best ifaddr on the given ifp for sending CARP
891 * advertisements.
892 *
893 * "Best" here is defined by ifa_preferred(). This function is much
894 * much like ifaof_ifpforaddr() except that we just use ifa_preferred().
895 *
896 * (This could be simplified to return the actual address, except that
897 * it has a different format in AF_INET and AF_INET6.)
898 */
899static struct ifaddr *
900carp_best_ifa(int af, struct ifnet *ifp)
901{
902 struct ifaddr *ifa, *best;
903
904 NET_EPOCH_ASSERT();
905
906 if (af >= AF_MAX)
907 return (NULL);
908 best = NULL;
909 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
910 if (ifa->ifa_addr->sa_family == af &&
911 (best == NULL || ifa_preferred(best, ifa)))
912 best = ifa;
913 }
914 if (best != NULL)
915 ifa_ref(best);
916 return (best);
917}
918
919static void
920carp_send_ad_locked(struct carp_softc *sc)
921{
922 struct carp_header ch;
923 struct timeval tv;
924 struct ifaddr *ifa;
925 struct carp_header *ch_ptr;
926 struct mbuf *m;
927 int len, advskew;
928
929 NET_EPOCH_ASSERT();
930 CARP_LOCK_ASSERT(sc);
931
932 advskew = DEMOTE_ADVSKEW(sc);
933 tv.tv_sec = sc->sc_advbase;
934 tv.tv_usec = advskew * 1000000 / 256;
935
936 ch.carp_version = CARP_VERSION;
937 ch.carp_type = CARP_ADVERTISEMENT;
938 ch.carp_vhid = sc->sc_vhid;
939 ch.carp_advbase = sc->sc_advbase;
940 ch.carp_advskew = advskew;
941 ch.carp_authlen = 7; /* XXX DEFINE */
942 ch.carp_pad1 = 0; /* must be zero */
943 ch.carp_cksum = 0;
944
945 /* XXXGL: OpenBSD picks first ifaddr with needed family. */
946
947#ifdef INET
948 if (sc->sc_naddrs) {
949 struct ip *ip;
950
951 m = m_gethdr(M_NOWAIT, MT_DATA);
952 if (m == NULL) {
953 CARPSTATS_INC(carps_onomem);
954 goto resched;
955 }
956 len = sizeof(*ip) + sizeof(ch);
957 m->m_pkthdr.len = len;
958 m->m_pkthdr.rcvif = NULL;
959 m->m_len = len;
960 M_ALIGN(m, m->m_len);
961 m->m_flags |= M_MCAST;
962 ip = mtod(m, struct ip *);
963 ip->ip_v = IPVERSION;
964 ip->ip_hl = sizeof(*ip) >> 2;
965 ip->ip_tos = V_carp_dscp << IPTOS_DSCP_OFFSET;
966 ip->ip_len = htons(len);
967 ip->ip_off = htons(IP_DF);
968 ip->ip_ttl = CARP_DFLTTL;
969 ip->ip_p = IPPROTO_CARP;
970 ip->ip_sum = 0;
971 ip_fillid(ip);
972
973 ifa = carp_best_ifa(AF_INET, sc->sc_carpdev);
974 if (ifa != NULL) {
975 ip->ip_src.s_addr =
976 ifatoia(ifa)->ia_addr.sin_addr.s_addr;
977 ifa_free(ifa);
978 } else
979 ip->ip_src.s_addr = 0;
980 ip->ip_dst.s_addr = htonl(INADDR_CARP_GROUP);
981
982 ch_ptr = (struct carp_header *)(&ip[1]);
983 bcopy(&ch, ch_ptr, sizeof(ch));
984 if (carp_prepare_ad(m, sc, ch_ptr))
985 goto resched;
986
987 m->m_data += sizeof(*ip);
988 ch_ptr->carp_cksum = in_cksum(m, len - sizeof(*ip));
989 m->m_data -= sizeof(*ip);
990
991 CARPSTATS_INC(carps_opackets);
992
993 carp_send_ad_error(sc, ip_output(m, NULL, NULL, IP_RAWOUTPUT,
994 &sc->sc_carpdev->if_carp->cif_imo, NULL));
995 }
996#endif /* INET */
997#ifdef INET6
998 if (sc->sc_naddrs6) {
999 struct ip6_hdr *ip6;
1000
1001 m = m_gethdr(M_NOWAIT, MT_DATA);
1002 if (m == NULL) {
1003 CARPSTATS_INC(carps_onomem);
1004 goto resched;
1005 }
1006 len = sizeof(*ip6) + sizeof(ch);
1007 m->m_pkthdr.len = len;
1008 m->m_pkthdr.rcvif = NULL;
1009 m->m_len = len;
1010 M_ALIGN(m, m->m_len);
1011 m->m_flags |= M_MCAST;
1012 ip6 = mtod(m, struct ip6_hdr *);
1013 bzero(ip6, sizeof(*ip6));
1014 ip6->ip6_vfc |= IPV6_VERSION;
1015 /* Traffic class isn't defined in ip6 struct instead
1016 * it gets offset into flowid field */
1017 ip6->ip6_flow |= htonl(V_carp_dscp << (IPV6_FLOWLABEL_LEN +
1018 IPTOS_DSCP_OFFSET));
1019 ip6->ip6_hlim = CARP_DFLTTL;
1020 ip6->ip6_nxt = IPPROTO_CARP;
1021
1022 /* set the source address */
1023 ifa = carp_best_ifa(AF_INET6, sc->sc_carpdev);
1024 if (ifa != NULL) {
1025 bcopy(IFA_IN6(ifa), &ip6->ip6_src,
1026 sizeof(struct in6_addr));
1027 ifa_free(ifa);
1028 } else
1029 /* This should never happen with IPv6. */
1030 bzero(&ip6->ip6_src, sizeof(struct in6_addr));
1031
1032 /* Set the multicast destination. */
1033 ip6->ip6_dst.s6_addr16[0] = htons(0xff02);
1034 ip6->ip6_dst.s6_addr8[15] = 0x12;
1035 if (in6_setscope(&ip6->ip6_dst, sc->sc_carpdev, NULL) != 0) {
1036 m_freem(m);
1037 CARP_DEBUG("%s: in6_setscope failed\n", __func__);
1038 goto resched;
1039 }
1040
1041 ch_ptr = (struct carp_header *)(&ip6[1]);
1042 bcopy(&ch, ch_ptr, sizeof(ch));
1043 if (carp_prepare_ad(m, sc, ch_ptr))
1044 goto resched;
1045
1046 m->m_data += sizeof(*ip6);
1047 ch_ptr->carp_cksum = in_cksum(m, len - sizeof(*ip6));
1048 m->m_data -= sizeof(*ip6);
1049
1050 CARPSTATS_INC(carps_opackets6);
1051
1052 carp_send_ad_error(sc, ip6_output(m, NULL, NULL, 0,
1053 &sc->sc_carpdev->if_carp->cif_im6o, NULL, NULL));
1054 }
1055#endif /* INET6 */
1056
1057resched:
1058 callout_reset(&sc->sc_ad_tmo, tvtohz(&tv), carp_send_ad, sc);
1059}
1060
1061static void
1062carp_addroute(struct carp_softc *sc)
1063{
1064 struct ifaddr *ifa;
1065
1066 CARP_FOREACH_IFA(sc, ifa)
1067 carp_ifa_addroute(ifa);
1068}
1069
1070static void
1071carp_ifa_addroute(struct ifaddr *ifa)
1072{
1073
1074 switch (ifa->ifa_addr->sa_family) {
1075#ifdef INET
1076 case AF_INET:
1077 in_addprefix(ifatoia(ifa));
1078 ifa_add_loopback_route(ifa,
1079 (struct sockaddr *)&ifatoia(ifa)->ia_addr);
1080 break;
1081#endif
1082#ifdef INET6
1083 case AF_INET6:
1084 ifa_add_loopback_route(ifa,
1085 (struct sockaddr *)&ifatoia6(ifa)->ia_addr);
1086 nd6_add_ifa_lle(ifatoia6(ifa));
1087 break;
1088#endif
1089 }
1090}
1091
1092static void
1093carp_delroute(struct carp_softc *sc)
1094{
1095 struct ifaddr *ifa;
1096
1097 CARP_FOREACH_IFA(sc, ifa)
1098 carp_ifa_delroute(ifa);
1099}
1100
1101static void
1102carp_ifa_delroute(struct ifaddr *ifa)
1103{
1104
1105 switch (ifa->ifa_addr->sa_family) {
1106#ifdef INET
1107 case AF_INET:
1108 ifa_del_loopback_route(ifa,
1109 (struct sockaddr *)&ifatoia(ifa)->ia_addr);
1110 in_scrubprefix(ifatoia(ifa), LLE_STATIC);
1111 break;
1112#endif
1113#ifdef INET6
1114 case AF_INET6:
1115 ifa_del_loopback_route(ifa,
1116 (struct sockaddr *)&ifatoia6(ifa)->ia_addr);
1117 nd6_rem_ifa_lle(ifatoia6(ifa), 1);
1118 break;
1119#endif
1120 }
1121}
1122
1123int
1124carp_master(struct ifaddr *ifa)
1125{
1126 struct carp_softc *sc = ifa->ifa_carp;
1127
1128 return (sc->sc_state == MASTER);
1129}
1130
1131#ifdef INET
1132/*
1133 * Broadcast a gratuitous ARP request containing
1134 * the virtual router MAC address for each IP address
1135 * associated with the virtual router.
1136 */
1137static void
1138carp_send_arp(struct carp_softc *sc)
1139{
1140 struct ifaddr *ifa;
1141 struct in_addr addr;
1142
1143 NET_EPOCH_ASSERT();
1144
1145 CARP_FOREACH_IFA(sc, ifa) {
1146 if (ifa->ifa_addr->sa_family != AF_INET)
1147 continue;
1148 addr = ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr;
1149 arp_announce_ifaddr(sc->sc_carpdev, addr, LLADDR(&sc->sc_addr));
1150 }
1151}
1152
1153int
1154carp_iamatch(struct ifaddr *ifa, uint8_t **enaddr)
1155{
1156 struct carp_softc *sc = ifa->ifa_carp;
1157
1158 if (sc->sc_state == MASTER) {
1159 *enaddr = LLADDR(&sc->sc_addr);
1160 return (1);
1161 }
1162
1163 return (0);
1164}
1165#endif
1166
1167#ifdef INET6
1168static void
1169carp_send_na(struct carp_softc *sc)
1170{
1171 static struct in6_addr mcast = IN6ADDR_LINKLOCAL_ALLNODES_INIT;
1172 struct ifaddr *ifa;
1173 struct in6_addr *in6;
1174
1175 CARP_FOREACH_IFA(sc, ifa) {
1176 if (ifa->ifa_addr->sa_family != AF_INET6)
1177 continue;
1178
1179 in6 = IFA_IN6(ifa);
1180 nd6_na_output(sc->sc_carpdev, &mcast, in6,
1181 ND_NA_FLAG_OVERRIDE, 1, NULL);
1182 DELAY(1000); /* XXX */
1183 }
1184}
1185
1186/*
1187 * Returns ifa in case it's a carp address and it is MASTER, or if the address
1188 * matches and is not a carp address. Returns NULL otherwise.
1189 */
1190struct ifaddr *
1191carp_iamatch6(struct ifnet *ifp, struct in6_addr *taddr)
1192{
1193 struct ifaddr *ifa;
1194
1195 NET_EPOCH_ASSERT();
1196
1197 ifa = NULL;
1198 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) {
1199 if (ifa->ifa_addr->sa_family != AF_INET6)
1200 continue;
1201 if (!IN6_ARE_ADDR_EQUAL(taddr, IFA_IN6(ifa)))
1202 continue;
1203 if (ifa->ifa_carp && ifa->ifa_carp->sc_state != MASTER)
1204 ifa = NULL;
1205 else
1206 ifa_ref(ifa);
1207 break;
1208 }
1209
1210 return (ifa);
1211}
1212
1213char *
1214carp_macmatch6(struct ifnet *ifp, struct mbuf *m, const struct in6_addr *taddr)
1215{
1216 struct ifaddr *ifa;
1217
1218 NET_EPOCH_ASSERT();
1219
1220 IFNET_FOREACH_IFA(ifp, ifa)
1221 if (ifa->ifa_addr->sa_family == AF_INET6 &&
1222 IN6_ARE_ADDR_EQUAL(taddr, IFA_IN6(ifa))) {
1223 struct carp_softc *sc = ifa->ifa_carp;
1224 struct m_tag *mtag;
1225
1226 mtag = m_tag_get(PACKET_TAG_CARP,
1227 sizeof(struct carp_softc *), M_NOWAIT);
1228 if (mtag == NULL)
1229 /* Better a bit than nothing. */
1230 return (LLADDR(&sc->sc_addr));
1231
1232 bcopy(&sc, mtag + 1, sizeof(sc));
1233 m_tag_prepend(m, mtag);
1234
1235 return (LLADDR(&sc->sc_addr));
1236 }
1237
1238 return (NULL);
1239}
1240#endif /* INET6 */
1241
1242int
1243carp_forus(struct ifnet *ifp, u_char *dhost)
1244{
1245 struct carp_softc *sc;
1246 uint8_t *ena = dhost;
1247
1248 if (ena[0] || ena[1] || ena[2] != 0x5e || ena[3] || ena[4] != 1)
1249 return (0);
1250
1251 CIF_LOCK(ifp->if_carp);
1252 IFNET_FOREACH_CARP(ifp, sc) {
1253 /*
1254 * CARP_LOCK() is not here, since would protect nothing, but
1255 * cause deadlock with if_bridge, calling this under its lock.
1256 */
1257 if (sc->sc_state == MASTER && !bcmp(dhost, LLADDR(&sc->sc_addr),
1258 ETHER_ADDR_LEN)) {
1259 CIF_UNLOCK(ifp->if_carp);
1260 return (1);
1261 }
1262 }
1263 CIF_UNLOCK(ifp->if_carp);
1264
1265 return (0);
1266}
1267
1268/* Master down timeout event, executed in callout context. */
1269static void
1270carp_master_down(void *v)
1271{
1272 struct carp_softc *sc = v;
1273 struct epoch_tracker et;
1274
1275 NET_EPOCH_ENTER(et);
1276 CARP_LOCK_ASSERT(sc);
1277
1278 CURVNET_SET(sc->sc_carpdev->if_vnet);
1279 if (sc->sc_state == BACKUP) {
1280 carp_master_down_locked(sc, "master timed out");
1281 }
1282 CURVNET_RESTORE();
1283
1284 CARP_UNLOCK(sc);
1285 NET_EPOCH_EXIT(et);
1286}
1287
1288static void
1289carp_master_down_locked(struct carp_softc *sc, const char *reason)
1290{
1291
1292 NET_EPOCH_ASSERT();
1293 CARP_LOCK_ASSERT(sc);
1294
1295 switch (sc->sc_state) {
1296 case BACKUP:
1297 carp_set_state(sc, MASTER, reason);
1298 carp_send_ad_locked(sc);
1299#ifdef INET
1300 carp_send_arp(sc);
1301#endif
1302#ifdef INET6
1303 carp_send_na(sc);
1304#endif
1305 carp_setrun(sc, 0);
1306 carp_addroute(sc);
1307 break;
1308 case INIT:
1309 case MASTER:
1310#ifdef INVARIANTS
1311 panic("carp: VHID %u@%s: master_down event in %s state\n",
1312 sc->sc_vhid,
1313 sc->sc_carpdev->if_xname,
1314 sc->sc_state ? "MASTER" : "INIT");
1315#endif
1316 break;
1317 }
1318}
1319
1320/*
1321 * When in backup state, af indicates whether to reset the master down timer
1322 * for v4 or v6. If it's set to zero, reset the ones which are already pending.
1323 */
1324static void
1325carp_setrun(struct carp_softc *sc, sa_family_t af)
1326{
1327 struct timeval tv;
1328
1329 CARP_LOCK_ASSERT(sc);
1330
1331 if ((sc->sc_carpdev->if_flags & IFF_UP) == 0 ||
1332 sc->sc_carpdev->if_link_state != LINK_STATE_UP ||
1333 (sc->sc_naddrs == 0 && sc->sc_naddrs6 == 0) ||
1334 !V_carp_allow)
1335 return;
1336
1337 switch (sc->sc_state) {
1338 case INIT:
1339 carp_set_state(sc, BACKUP, "initialization complete");
1340 carp_setrun(sc, 0);
1341 break;
1342 case BACKUP:
1343 callout_stop(&sc->sc_ad_tmo);
1344 tv.tv_sec = 3 * sc->sc_advbase;
1345 tv.tv_usec = sc->sc_advskew * 1000000 / 256;
1346 switch (af) {
1347#ifdef INET
1348 case AF_INET:
1349 callout_reset(&sc->sc_md_tmo, tvtohz(&tv),
1350 carp_master_down, sc);
1351 break;
1352#endif
1353#ifdef INET6
1354 case AF_INET6:
1355 callout_reset(&sc->sc_md6_tmo, tvtohz(&tv),
1356 carp_master_down, sc);
1357 break;
1358#endif
1359 default:
1360#ifdef INET
1361 if (sc->sc_naddrs)
1362 callout_reset(&sc->sc_md_tmo, tvtohz(&tv),
1363 carp_master_down, sc);
1364#endif
1365#ifdef INET6
1366 if (sc->sc_naddrs6)
1367 callout_reset(&sc->sc_md6_tmo, tvtohz(&tv),
1368 carp_master_down, sc);
1369#endif
1370 break;
1371 }
1372 break;
1373 case MASTER:
1374 tv.tv_sec = sc->sc_advbase;
1375 tv.tv_usec = sc->sc_advskew * 1000000 / 256;
1376 callout_reset(&sc->sc_ad_tmo, tvtohz(&tv),
1377 carp_send_ad, sc);
1378 break;
1379 }
1380}
1381
1382/*
1383 * Setup multicast structures.
1384 */
1385static int
1386carp_multicast_setup(struct carp_if *cif, sa_family_t sa)
1387{
1388 struct ifnet *ifp = cif->cif_ifp;
1389 int error = 0;
1390
1391 switch (sa) {
1392#ifdef INET
1393 case AF_INET:
1394 {
1395 struct ip_moptions *imo = &cif->cif_imo;
1396 struct in_mfilter *imf;
1397 struct in_addr addr;
1398
1399 if (ip_mfilter_first(&imo->imo_head) != NULL)
1400 return (0);
1401
1402 imf = ip_mfilter_alloc(M_WAITOK, 0, 0);
1403 ip_mfilter_init(&imo->imo_head);
1404 imo->imo_multicast_vif = -1;
1405
1406 addr.s_addr = htonl(INADDR_CARP_GROUP);
1407 if ((error = in_joingroup(ifp, &addr, NULL,
1408 &imf->imf_inm)) != 0) {
1409 ip_mfilter_free(imf);
1410 break;
1411 }
1412
1413 ip_mfilter_insert(&imo->imo_head, imf);
1414 imo->imo_multicast_ifp = ifp;
1415 imo->imo_multicast_ttl = CARP_DFLTTL;
1416 imo->imo_multicast_loop = 0;
1417 break;
1418 }
1419#endif
1420#ifdef INET6
1421 case AF_INET6:
1422 {
1423 struct ip6_moptions *im6o = &cif->cif_im6o;
1424 struct in6_mfilter *im6f[2];
1425 struct in6_addr in6;
1426
1427 if (ip6_mfilter_first(&im6o->im6o_head))
1428 return (0);
1429
1430 im6f[0] = ip6_mfilter_alloc(M_WAITOK, 0, 0);
1431 im6f[1] = ip6_mfilter_alloc(M_WAITOK, 0, 0);
1432
1433 ip6_mfilter_init(&im6o->im6o_head);
1434 im6o->im6o_multicast_hlim = CARP_DFLTTL;
1435 im6o->im6o_multicast_ifp = ifp;
1436
1437 /* Join IPv6 CARP multicast group. */
1438 bzero(&in6, sizeof(in6));
1439 in6.s6_addr16[0] = htons(0xff02);
1440 in6.s6_addr8[15] = 0x12;
1441 if ((error = in6_setscope(&in6, ifp, NULL)) != 0) {
1442 ip6_mfilter_free(im6f[0]);
1443 ip6_mfilter_free(im6f[1]);
1444 break;
1445 }
1446 if ((error = in6_joingroup(ifp, &in6, NULL, &im6f[0]->im6f_in6m, 0)) != 0) {
1447 ip6_mfilter_free(im6f[0]);
1448 ip6_mfilter_free(im6f[1]);
1449 break;
1450 }
1451
1452 /* Join solicited multicast address. */
1453 bzero(&in6, sizeof(in6));
1454 in6.s6_addr16[0] = htons(0xff02);
1455 in6.s6_addr32[1] = 0;
1456 in6.s6_addr32[2] = htonl(1);
1457 in6.s6_addr32[3] = 0;
1458 in6.s6_addr8[12] = 0xff;
1459
1460 if ((error = in6_setscope(&in6, ifp, NULL)) != 0) {
1461 ip6_mfilter_free(im6f[0]);
1462 ip6_mfilter_free(im6f[1]);
1463 break;
1464 }
1465
1466 if ((error = in6_joingroup(ifp, &in6, NULL, &im6f[1]->im6f_in6m, 0)) != 0) {
1467 in6_leavegroup(im6f[0]->im6f_in6m, NULL);
1468 ip6_mfilter_free(im6f[0]);
1469 ip6_mfilter_free(im6f[1]);
1470 break;
1471 }
1472 ip6_mfilter_insert(&im6o->im6o_head, im6f[0]);
1473 ip6_mfilter_insert(&im6o->im6o_head, im6f[1]);
1474 break;
1475 }
1476#endif
1477 }
1478
1479 return (error);
1480}
1481
1482/*
1483 * Free multicast structures.
1484 */
1485static void
1486carp_multicast_cleanup(struct carp_if *cif, sa_family_t sa)
1487{
1488#ifdef INET
1489 struct ip_moptions *imo = &cif->cif_imo;
1490 struct in_mfilter *imf;
1491#endif
1492#ifdef INET6
1493 struct ip6_moptions *im6o = &cif->cif_im6o;
1494 struct in6_mfilter *im6f;
1495#endif
1496 sx_assert(&carp_sx, SA_XLOCKED);
1497
1498 switch (sa) {
1499#ifdef INET
1500 case AF_INET:
1501 if (cif->cif_naddrs != 0)
1502 break;
1503
1504 while ((imf = ip_mfilter_first(&imo->imo_head)) != NULL) {
1505 ip_mfilter_remove(&imo->imo_head, imf);
1506 in_leavegroup(imf->imf_inm, NULL);
1507 ip_mfilter_free(imf);
1508 }
1509 break;
1510#endif
1511#ifdef INET6
1512 case AF_INET6:
1513 if (cif->cif_naddrs6 != 0)
1514 break;
1515
1516 while ((im6f = ip6_mfilter_first(&im6o->im6o_head)) != NULL) {
1517 ip6_mfilter_remove(&im6o->im6o_head, im6f);
1518 in6_leavegroup(im6f->im6f_in6m, NULL);
1519 ip6_mfilter_free(im6f);
1520 }
1521 break;
1522#endif
1523 }
1524}
1525
1526int
1527carp_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *sa)
1528{
1529 struct m_tag *mtag;
1530 struct carp_softc *sc;
1531
1532 if (!sa)
1533 return (0);
1534
1535 switch (sa->sa_family) {
1536#ifdef INET
1537 case AF_INET:
1538 break;
1539#endif
1540#ifdef INET6
1541 case AF_INET6:
1542 break;
1543#endif
1544 default:
1545 return (0);
1546 }
1547
1548 mtag = m_tag_find(m, PACKET_TAG_CARP, NULL);
1549 if (mtag == NULL)
1550 return (0);
1551
1552 bcopy(mtag + 1, &sc, sizeof(sc));
1553
1554 /* Set the source MAC address to the Virtual Router MAC Address. */
1555 switch (ifp->if_type) {
1556 case IFT_ETHER:
1557 case IFT_BRIDGE:
1558 case IFT_L2VLAN: {
1559 struct ether_header *eh;
1560
1561 eh = mtod(m, struct ether_header *);
1562 eh->ether_shost[0] = 0;
1563 eh->ether_shost[1] = 0;
1564 eh->ether_shost[2] = 0x5e;
1565 eh->ether_shost[3] = 0;
1566 eh->ether_shost[4] = 1;
1567 eh->ether_shost[5] = sc->sc_vhid;
1568 }
1569 break;
1570 default:
1571 printf("%s: carp is not supported for the %d interface type\n",
1572 ifp->if_xname, ifp->if_type);
1573 return (EOPNOTSUPP);
1574 }
1575
1576 return (0);
1577}
1578
1579static struct carp_softc*
1580carp_alloc(struct ifnet *ifp)
1581{
1582 struct carp_softc *sc;
1583 struct carp_if *cif;
1584
1585 sx_assert(&carp_sx, SA_XLOCKED);
1586
1587 if ((cif = ifp->if_carp) == NULL)
1588 cif = carp_alloc_if(ifp);
1589
1590 sc = malloc(sizeof(*sc), M_CARP, M_WAITOK|M_ZERO);
1591
1592 sc->sc_advbase = CARP_DFLTINTV;
1593 sc->sc_vhid = -1; /* required setting */
1594 sc->sc_init_counter = 1;
1595 sc->sc_state = INIT;
1596
1597 sc->sc_ifasiz = sizeof(struct ifaddr *);
1598 sc->sc_ifas = malloc(sc->sc_ifasiz, M_CARP, M_WAITOK|M_ZERO);
1599 sc->sc_carpdev = ifp;
1600
1601 CARP_LOCK_INIT(sc);
1602#ifdef INET
1603 callout_init_mtx(&sc->sc_md_tmo, &sc->sc_mtx, CALLOUT_RETURNUNLOCKED);
1604#endif
1605#ifdef INET6
1606 callout_init_mtx(&sc->sc_md6_tmo, &sc->sc_mtx, CALLOUT_RETURNUNLOCKED);
1607#endif
1608 callout_init_mtx(&sc->sc_ad_tmo, &sc->sc_mtx, CALLOUT_RETURNUNLOCKED);
1609
1610 CIF_LOCK(cif);
1611 TAILQ_INSERT_TAIL(&cif->cif_vrs, sc, sc_list);
1612 CIF_UNLOCK(cif);
1613
1614 mtx_lock(&carp_mtx);
1615 LIST_INSERT_HEAD(&carp_list, sc, sc_next);
1616 mtx_unlock(&carp_mtx);
1617
1618 return (sc);
1619}
1620
1621static void
1622carp_grow_ifas(struct carp_softc *sc)
1623{
1624 struct ifaddr **new;
1625
1626 new = malloc(sc->sc_ifasiz * 2, M_CARP, M_WAITOK | M_ZERO);
1627 CARP_LOCK(sc);
1628 bcopy(sc->sc_ifas, new, sc->sc_ifasiz);
1629 free(sc->sc_ifas, M_CARP);
1630 sc->sc_ifas = new;
1631 sc->sc_ifasiz *= 2;
1632 CARP_UNLOCK(sc);
1633}
1634
1635static void
1636carp_destroy(struct carp_softc *sc)
1637{
1638 struct ifnet *ifp = sc->sc_carpdev;
1639 struct carp_if *cif = ifp->if_carp;
1640
1641 sx_assert(&carp_sx, SA_XLOCKED);
1642
1643 if (sc->sc_suppress)
1644 carp_demote_adj(-V_carp_ifdown_adj, "vhid removed");
1645 CARP_UNLOCK(sc);
1646
1647 CIF_LOCK(cif);
1648 TAILQ_REMOVE(&cif->cif_vrs, sc, sc_list);
1649 CIF_UNLOCK(cif);
1650
1651 mtx_lock(&carp_mtx);
1652 LIST_REMOVE(sc, sc_next);
1653 mtx_unlock(&carp_mtx);
1654
1655 callout_drain(&sc->sc_ad_tmo);
1656#ifdef INET
1657 callout_drain(&sc->sc_md_tmo);
1658#endif
1659#ifdef INET6
1660 callout_drain(&sc->sc_md6_tmo);
1661#endif
1662 CARP_LOCK_DESTROY(sc);
1663
1664 free(sc->sc_ifas, M_CARP);
1665 free(sc, M_CARP);
1666}
1667
1668static struct carp_if*
1669carp_alloc_if(struct ifnet *ifp)
1670{
1671 struct carp_if *cif;
1672 int error;
1673
1674 cif = malloc(sizeof(*cif), M_CARP, M_WAITOK|M_ZERO);
1675
1676 if ((error = ifpromisc(ifp, 1)) != 0)
1677 printf("%s: ifpromisc(%s) failed: %d\n",
1678 __func__, ifp->if_xname, error);
1679 else
1680 cif->cif_flags |= CIF_PROMISC;
1681
1682 CIF_LOCK_INIT(cif);
1683 cif->cif_ifp = ifp;
1684 TAILQ_INIT(&cif->cif_vrs);
1685
1686 IF_ADDR_WLOCK(ifp);
1687 ifp->if_carp = cif;
1688 if_ref(ifp);
1689 IF_ADDR_WUNLOCK(ifp);
1690
1691 return (cif);
1692}
1693
1694static void
1695carp_free_if(struct carp_if *cif)
1696{
1697 struct ifnet *ifp = cif->cif_ifp;
1698
1699 CIF_LOCK_ASSERT(cif);
1700 KASSERT(TAILQ_EMPTY(&cif->cif_vrs), ("%s: softc list not empty",
1701 __func__));
1702
1703 IF_ADDR_WLOCK(ifp);
1704 ifp->if_carp = NULL;
1705 IF_ADDR_WUNLOCK(ifp);
1706
1707 CIF_LOCK_DESTROY(cif);
1708
1709 if (cif->cif_flags & CIF_PROMISC)
1710 ifpromisc(ifp, 0);
1711 if_rele(ifp);
1712
1713 free(cif, M_CARP);
1714}
1715
1716static void
1717carp_carprcp(struct carpreq *carpr, struct carp_softc *sc, int priv)
1718{
1719
1720 CARP_LOCK(sc);
1721 carpr->carpr_state = sc->sc_state;
1722 carpr->carpr_vhid = sc->sc_vhid;
1723 carpr->carpr_advbase = sc->sc_advbase;
1724 carpr->carpr_advskew = sc->sc_advskew;
1725 if (priv)
1726 bcopy(sc->sc_key, carpr->carpr_key, sizeof(carpr->carpr_key));
1727 else
1728 bzero(carpr->carpr_key, sizeof(carpr->carpr_key));
1729 CARP_UNLOCK(sc);
1730}
1731
1732int
1733carp_ioctl(struct ifreq *ifr, u_long cmd, struct thread *td)
1734{
1735 struct carpreq carpr;
1736 struct ifnet *ifp;
1737 struct carp_softc *sc = NULL;
1738 int error = 0, locked = 0;
1739
1740 if ((error = copyin(ifr_data_get_ptr(ifr), &carpr, sizeof carpr)))
1741 return (error);
1742
1743 ifp = ifunit_ref(ifr->ifr_name);
1744 if (ifp == NULL)
1745 return (ENXIO);
1746
1747 switch (ifp->if_type) {
1748 case IFT_ETHER:
1749 case IFT_L2VLAN:
1750 case IFT_BRIDGE:
1751 break;
1752 default:
1753 error = EOPNOTSUPP;
1754 goto out;
1755 }
1756
1757 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
1758 error = EADDRNOTAVAIL;
1759 goto out;
1760 }
1761
1762 sx_xlock(&carp_sx);
1763 switch (cmd) {
1764 case SIOCSVH:
1765 if ((error = priv_check(td, PRIV_NETINET_CARP)))
1766 break;
1767 if (carpr.carpr_vhid <= 0 || carpr.carpr_vhid > CARP_MAXVHID ||
1768 carpr.carpr_advbase < 0 || carpr.carpr_advskew < 0) {
1769 error = EINVAL;
1770 break;
1771 }
1772
1773 if (ifp->if_carp) {
1774 IFNET_FOREACH_CARP(ifp, sc)
1775 if (sc->sc_vhid == carpr.carpr_vhid)
1776 break;
1777 }
1778 if (sc == NULL) {
1779 sc = carp_alloc(ifp);
1780 CARP_LOCK(sc);
1781 sc->sc_vhid = carpr.carpr_vhid;
1782 LLADDR(&sc->sc_addr)[0] = 0;
1783 LLADDR(&sc->sc_addr)[1] = 0;
1784 LLADDR(&sc->sc_addr)[2] = 0x5e;
1785 LLADDR(&sc->sc_addr)[3] = 0;
1786 LLADDR(&sc->sc_addr)[4] = 1;
1787 LLADDR(&sc->sc_addr)[5] = sc->sc_vhid;
1788 } else
1789 CARP_LOCK(sc);
1790 locked = 1;
1791 if (carpr.carpr_advbase > 0) {
1792 if (carpr.carpr_advbase > 255 ||
1793 carpr.carpr_advbase < CARP_DFLTINTV) {
1794 error = EINVAL;
1795 break;
1796 }
1797 sc->sc_advbase = carpr.carpr_advbase;
1798 }
1799 if (carpr.carpr_advskew >= 255) {
1800 error = EINVAL;
1801 break;
1802 }
1803 sc->sc_advskew = carpr.carpr_advskew;
1804 if (carpr.carpr_key[0] != '\0') {
1805 bcopy(carpr.carpr_key, sc->sc_key, sizeof(sc->sc_key));
1806 carp_hmac_prepare(sc);
1807 }
1808 if (sc->sc_state != INIT &&
1809 carpr.carpr_state != sc->sc_state) {
1810 switch (carpr.carpr_state) {
1811 case BACKUP:
1812 callout_stop(&sc->sc_ad_tmo);
1813 carp_set_state(sc, BACKUP,
1814 "user requested via ifconfig");
1815 carp_setrun(sc, 0);
1816 carp_delroute(sc);
1817 break;
1818 case MASTER:
1819 carp_master_down_locked(sc,
1820 "user requested via ifconfig");
1821 break;
1822 default:
1823 break;
1824 }
1825 }
1826 break;
1827
1828 case SIOCGVH:
1829 {
1830 int priveleged;
1831
1832 if (carpr.carpr_vhid < 0 || carpr.carpr_vhid > CARP_MAXVHID) {
1833 error = EINVAL;
1834 break;
1835 }
1836 if (carpr.carpr_count < 1) {
1837 error = EMSGSIZE;
1838 break;
1839 }
1840 if (ifp->if_carp == NULL) {
1841 error = ENOENT;
1842 break;
1843 }
1844
1845 priveleged = (priv_check(td, PRIV_NETINET_CARP) == 0);
1846 if (carpr.carpr_vhid != 0) {
1847 IFNET_FOREACH_CARP(ifp, sc)
1848 if (sc->sc_vhid == carpr.carpr_vhid)
1849 break;
1850 if (sc == NULL) {
1851 error = ENOENT;
1852 break;
1853 }
1854 carp_carprcp(&carpr, sc, priveleged);
1855 error = copyout(&carpr, ifr_data_get_ptr(ifr),
1856 sizeof(carpr));
1857 } else {
1858 int i, count;
1859
1860 count = 0;
1861 IFNET_FOREACH_CARP(ifp, sc)
1862 count++;
1863
1864 if (count > carpr.carpr_count) {
1865 CIF_UNLOCK(ifp->if_carp);
1866 error = EMSGSIZE;
1867 break;
1868 }
1869
1870 i = 0;
1871 IFNET_FOREACH_CARP(ifp, sc) {
1872 carp_carprcp(&carpr, sc, priveleged);
1873 carpr.carpr_count = count;
1874 error = copyout(&carpr,
1875 (char *)ifr_data_get_ptr(ifr) +
1876 (i * sizeof(carpr)), sizeof(carpr));
1877 if (error) {
1878 CIF_UNLOCK(ifp->if_carp);
1879 break;
1880 }
1881 i++;
1882 }
1883 }
1884 break;
1885 }
1886 default:
1887 error = EINVAL;
1888 }
1889 sx_xunlock(&carp_sx);
1890
1891out:
1892 if (locked)
1893 CARP_UNLOCK(sc);
1894 if_rele(ifp);
1895
1896 return (error);
1897}
1898
1899static int
1900carp_get_vhid(struct ifaddr *ifa)
1901{
1902
1903 if (ifa == NULL || ifa->ifa_carp == NULL)
1904 return (0);
1905
1906 return (ifa->ifa_carp->sc_vhid);
1907}
1908
1909int
1910carp_attach(struct ifaddr *ifa, int vhid)
1911{
1912 struct ifnet *ifp = ifa->ifa_ifp;
1913 struct carp_if *cif = ifp->if_carp;
1914 struct carp_softc *sc;
1915 int index, error;
1916
1917 KASSERT(ifa->ifa_carp == NULL, ("%s: ifa %p attached", __func__, ifa));
1918
1919 switch (ifa->ifa_addr->sa_family) {
1920#ifdef INET
1921 case AF_INET:
1922#endif
1923#ifdef INET6
1924 case AF_INET6:
1925#endif
1926 break;
1927 default:
1928 return (EPROTOTYPE);
1929 }
1930
1931 sx_xlock(&carp_sx);
1932 if (ifp->if_carp == NULL) {
1933 sx_xunlock(&carp_sx);
1934 return (ENOPROTOOPT);
1935 }
1936
1937 IFNET_FOREACH_CARP(ifp, sc)
1938 if (sc->sc_vhid == vhid)
1939 break;
1940 if (sc == NULL) {
1941 sx_xunlock(&carp_sx);
1942 return (ENOENT);
1943 }
1944
1945 error = carp_multicast_setup(cif, ifa->ifa_addr->sa_family);
1946 if (error) {
1947 CIF_FREE(cif);
1948 sx_xunlock(&carp_sx);
1949 return (error);
1950 }
1951
1952 index = sc->sc_naddrs + sc->sc_naddrs6 + 1;
1953 if (index > sc->sc_ifasiz / sizeof(struct ifaddr *))
1954 carp_grow_ifas(sc);
1955
1956 switch (ifa->ifa_addr->sa_family) {
1957#ifdef INET
1958 case AF_INET:
1959 cif->cif_naddrs++;
1960 sc->sc_naddrs++;
1961 break;
1962#endif
1963#ifdef INET6
1964 case AF_INET6:
1965 cif->cif_naddrs6++;
1966 sc->sc_naddrs6++;
1967 break;
1968#endif
1969 }
1970
1971 ifa_ref(ifa);
1972
1973 CARP_LOCK(sc);
1974 sc->sc_ifas[index - 1] = ifa;
1975 ifa->ifa_carp = sc;
1976 carp_hmac_prepare(sc);
1977 carp_sc_state(sc);
1978 CARP_UNLOCK(sc);
1979
1980 sx_xunlock(&carp_sx);
1981
1982 return (0);
1983}
1984
1985void
1986carp_detach(struct ifaddr *ifa, bool keep_cif)
1987{
1988 struct ifnet *ifp = ifa->ifa_ifp;
1989 struct carp_if *cif = ifp->if_carp;
1990 struct carp_softc *sc = ifa->ifa_carp;
1991 int i, index;
1992
1993 KASSERT(sc != NULL, ("%s: %p not attached", __func__, ifa));
1994
1995 sx_xlock(&carp_sx);
1996
1997 CARP_LOCK(sc);
1998 /* Shift array. */
1999 index = sc->sc_naddrs + sc->sc_naddrs6;
2000 for (i = 0; i < index; i++)
2001 if (sc->sc_ifas[i] == ifa)
2002 break;
2003 KASSERT(i < index, ("%s: %p no backref", __func__, ifa));
2004 for (; i < index - 1; i++)
2005 sc->sc_ifas[i] = sc->sc_ifas[i+1];
2006 sc->sc_ifas[index - 1] = NULL;
2007
2008 switch (ifa->ifa_addr->sa_family) {
2009#ifdef INET
2010 case AF_INET:
2011 cif->cif_naddrs--;
2012 sc->sc_naddrs--;
2013 break;
2014#endif
2015#ifdef INET6
2016 case AF_INET6:
2017 cif->cif_naddrs6--;
2018 sc->sc_naddrs6--;
2019 break;
2020#endif
2021 }
2022
2023 carp_ifa_delroute(ifa);
2024 carp_multicast_cleanup(cif, ifa->ifa_addr->sa_family);
2025
2026 ifa->ifa_carp = NULL;
2027 ifa_free(ifa);
2028
2029 carp_hmac_prepare(sc);
2030 carp_sc_state(sc);
2031
2032 if (!keep_cif && sc->sc_naddrs == 0 && sc->sc_naddrs6 == 0)
2033 carp_destroy(sc);
2034 else
2035 CARP_UNLOCK(sc);
2036
2037 if (!keep_cif)
2038 CIF_FREE(cif);
2039
2040 sx_xunlock(&carp_sx);
2041}
2042
2043static void
2044carp_set_state(struct carp_softc *sc, int state, const char *reason)
2045{
2046
2047 CARP_LOCK_ASSERT(sc);
2048
2049 if (sc->sc_state != state) {
2050 const char *carp_states[] = { CARP_STATES };
2051 char subsys[IFNAMSIZ+5];
2052
2053 snprintf(subsys, IFNAMSIZ+5, "%u@%s", sc->sc_vhid,
2054 sc->sc_carpdev->if_xname);
2055
2056 CARP_LOG("%s: %s -> %s (%s)\n", subsys,
2057 carp_states[sc->sc_state], carp_states[state], reason);
2058
2059 sc->sc_state = state;
2060
2061 devctl_notify("CARP", subsys, carp_states[state], NULL);
2062 }
2063}
2064
2065static void
2066carp_linkstate(struct ifnet *ifp)
2067{
2068 struct carp_softc *sc;
2069
2070 CIF_LOCK(ifp->if_carp);
2071 IFNET_FOREACH_CARP(ifp, sc) {
2072 CARP_LOCK(sc);
2073 carp_sc_state(sc);
2074 CARP_UNLOCK(sc);
2075 }
2076 CIF_UNLOCK(ifp->if_carp);
2077}
2078
2079static void
2080carp_sc_state(struct carp_softc *sc)
2081{
2082
2083 CARP_LOCK_ASSERT(sc);
2084
2085 if (sc->sc_carpdev->if_link_state != LINK_STATE_UP ||
2086 !(sc->sc_carpdev->if_flags & IFF_UP) ||
2087 !V_carp_allow) {
2088 callout_stop(&sc->sc_ad_tmo);
2089#ifdef INET
2090 callout_stop(&sc->sc_md_tmo);
2091#endif
2092#ifdef INET6
2093 callout_stop(&sc->sc_md6_tmo);
2094#endif
2095 carp_set_state(sc, INIT, "hardware interface down");
2096 carp_setrun(sc, 0);
2097 if (!sc->sc_suppress)
2098 carp_demote_adj(V_carp_ifdown_adj, "interface down");
2099 sc->sc_suppress = 1;
2100 } else {
2101 carp_set_state(sc, INIT, "hardware interface up");
2102 carp_setrun(sc, 0);
2103 if (sc->sc_suppress)
2104 carp_demote_adj(-V_carp_ifdown_adj, "interface up");
2105 sc->sc_suppress = 0;
2106 }
2107}
2108
2109static void
2110carp_demote_adj(int adj, char *reason)
2111{
2112 atomic_add_int(&V_carp_demotion, adj);
2113 CARP_LOG("demoted by %d to %d (%s)\n", adj, V_carp_demotion, reason);
2114 taskqueue_enqueue(taskqueue_swi, &carp_sendall_task);
2115}
2116
2117static int
2118carp_allow_sysctl(SYSCTL_HANDLER_ARGS)
2119{
2120 int new, error;
2121 struct carp_softc *sc;
2122
2123 new = V_carp_allow;
2124 error = sysctl_handle_int(oidp, &new, 0, req);
2125 if (error || !req->newptr)
2126 return (error);
2127
2128 if (V_carp_allow != new) {
2129 V_carp_allow = new;
2130
2131 mtx_lock(&carp_mtx);
2132 LIST_FOREACH(sc, &carp_list, sc_next) {
2133 CARP_LOCK(sc);
2134 if (curvnet == sc->sc_carpdev->if_vnet)
2135 carp_sc_state(sc);
2136 CARP_UNLOCK(sc);
2137 }
2138 mtx_unlock(&carp_mtx);
2139 }
2140
2141 return (0);
2142}
2143
2144static int
2145carp_dscp_sysctl(SYSCTL_HANDLER_ARGS)
2146{
2147 int new, error;
2148
2149 new = V_carp_dscp;
2150 error = sysctl_handle_int(oidp, &new, 0, req);
2151 if (error || !req->newptr)
2152 return (error);
2153
2154 if (new < 0 || new > 63)
2155 return (EINVAL);
2156
2157 V_carp_dscp = new;
2158
2159 return (0);
2160}
2161
2162static int
2163carp_demote_adj_sysctl(SYSCTL_HANDLER_ARGS)
2164{
2165 int new, error;
2166
2167 new = V_carp_demotion;
2168 error = sysctl_handle_int(oidp, &new, 0, req);
2169 if (error || !req->newptr)
2170 return (error);
2171
2172 carp_demote_adj(new, "sysctl");
2173
2174 return (0);
2175}
2176
2177#ifdef INET
2178extern struct domain inetdomain;
2179static struct protosw in_carp_protosw = {
2180 .pr_type = SOCK_RAW,
2181 .pr_domain = &inetdomain,
2182 .pr_protocol = IPPROTO_CARP,
2183 .pr_flags = PR_ATOMIC|PR_ADDR,
2184 .pr_input = carp_input,
2185 .pr_output = rip_output,
2186 .pr_ctloutput = rip_ctloutput,
2187 .pr_usrreqs = &rip_usrreqs
2188};
2189#endif
2190
2191#ifdef INET6
2192extern struct domain inet6domain;
2193static struct protosw in6_carp_protosw = {
2194 .pr_type = SOCK_RAW,
2195 .pr_domain = &inet6domain,
2196 .pr_protocol = IPPROTO_CARP,
2197 .pr_flags = PR_ATOMIC|PR_ADDR,
2198 .pr_input = carp6_input,
2199 .pr_output = rip6_output,
2200 .pr_ctloutput = rip6_ctloutput,
2201 .pr_usrreqs = &rip6_usrreqs
2202};
2203#endif
2204
2205static void
2206carp_mod_cleanup(void)
2207{
2208
2209#ifdef INET
2210 if (proto_reg[CARP_INET] == 0) {
2211 (void)ipproto_unregister(IPPROTO_CARP);
2212 pf_proto_unregister(PF_INET, IPPROTO_CARP, SOCK_RAW);
2213 proto_reg[CARP_INET] = -1;
2214 }
2215 carp_iamatch_p = NULL;
2216#endif
2217#ifdef INET6
2218 if (proto_reg[CARP_INET6] == 0) {
2219 (void)ip6proto_unregister(IPPROTO_CARP);
2220 pf_proto_unregister(PF_INET6, IPPROTO_CARP, SOCK_RAW);
2221 proto_reg[CARP_INET6] = -1;
2222 }
2223 carp_iamatch6_p = NULL;
2224 carp_macmatch6_p = NULL;
2225#endif
2226 carp_ioctl_p = NULL;
2227 carp_attach_p = NULL;
2228 carp_detach_p = NULL;
2229 carp_get_vhid_p = NULL;
2230 carp_linkstate_p = NULL;
2231 carp_forus_p = NULL;
2232 carp_output_p = NULL;
2233 carp_demote_adj_p = NULL;
2234 carp_master_p = NULL;
2235 mtx_unlock(&carp_mtx);
2236 taskqueue_drain(taskqueue_swi, &carp_sendall_task);
2237 mtx_destroy(&carp_mtx);
2238 sx_destroy(&carp_sx);
2239}
2240
2241static int
2242carp_mod_load(void)
2243{
2244 int err;
2245
2246 mtx_init(&carp_mtx, "carp_mtx", NULL, MTX_DEF);
2247 sx_init(&carp_sx, "carp_sx");
2248 LIST_INIT(&carp_list);
2249 carp_get_vhid_p = carp_get_vhid;
2250 carp_forus_p = carp_forus;
2251 carp_output_p = carp_output;
2252 carp_linkstate_p = carp_linkstate;
2253 carp_ioctl_p = carp_ioctl;
2254 carp_attach_p = carp_attach;
2255 carp_detach_p = carp_detach;
2256 carp_demote_adj_p = carp_demote_adj;
2257 carp_master_p = carp_master;
2258#ifdef INET6
2259 carp_iamatch6_p = carp_iamatch6;
2260 carp_macmatch6_p = carp_macmatch6;
2261 proto_reg[CARP_INET6] = pf_proto_register(PF_INET6,
2262 (struct protosw *)&in6_carp_protosw);
2263 if (proto_reg[CARP_INET6]) {
2264 printf("carp: error %d attaching to PF_INET6\n",
2265 proto_reg[CARP_INET6]);
2266 carp_mod_cleanup();
2267 return (proto_reg[CARP_INET6]);
2268 }
2269 err = ip6proto_register(IPPROTO_CARP);
2270 if (err) {
2271 printf("carp: error %d registering with INET6\n", err);
2272 carp_mod_cleanup();
2273 return (err);
2274 }
2275#endif
2276#ifdef INET
2277 carp_iamatch_p = carp_iamatch;
2278 proto_reg[CARP_INET] = pf_proto_register(PF_INET, &in_carp_protosw);
2279 if (proto_reg[CARP_INET]) {
2280 printf("carp: error %d attaching to PF_INET\n",
2281 proto_reg[CARP_INET]);
2282 carp_mod_cleanup();
2283 return (proto_reg[CARP_INET]);
2284 }
2285 err = ipproto_register(IPPROTO_CARP);
2286 if (err) {
2287 printf("carp: error %d registering with INET\n", err);
2288 carp_mod_cleanup();
2289 return (err);
2290 }
2291#endif
2292 return (0);
2293}
2294
2295static int
2296carp_modevent(module_t mod, int type, void *data)
2297{
2298 switch (type) {
2299 case MOD_LOAD:
2300 return carp_mod_load();
2301 /* NOTREACHED */
2302 case MOD_UNLOAD:
2303 mtx_lock(&carp_mtx);
2304 if (LIST_EMPTY(&carp_list))
2305 carp_mod_cleanup();
2306 else {
2307 mtx_unlock(&carp_mtx);
2308 return (EBUSY);
2309 }
2310 break;
2311
2312 default:
2313 return (EINVAL);
2314 }
2315
2316 return (0);
2317}
2318
2319static moduledata_t carp_mod = {
2320 "carp",
2321 carp_modevent,
2322 0
2323};
2324
2325DECLARE_MODULE(carp, carp_mod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
TAILQ_HEAD
static TAILQ_HEAD(handler_chain, proto_handler)
Definition: alias_mod.c:57
ND_NA_FLAG_OVERRIDE
#define ND_NA_FLAG_OVERRIDE
Definition: icmp6.h:276
arp_announce_ifaddr
void arp_announce_ifaddr(struct ifnet *ifp, struct in_addr addr, u_char *enaddr)
Definition: if_ether.c:1462
if_ether.h
in_scrubprefix
int in_scrubprefix(struct in_ifaddr *target, u_int flags)
Definition: in.c:1060
in_addprefix
int in_addprefix(struct in_ifaddr *target)
Definition: in.c:992
uint32_t
__uint32_t uint32_t
Definition: in.h:62
uint8_t
__uint8_t uint8_t
Definition: in.h:52
ifatoia
#define ifatoia(ifa)
Definition: in.h:680
sa_family_t
__sa_family_t sa_family_t
Definition: in.h:77
in_joingroup
int in_joingroup(struct ifnet *ifp, const struct in_addr *gina, struct in_mfilter *imf, struct in_multi **pinm)
Definition: in_mcast.c:1201
ip_mfilter_free
void ip_mfilter_free(struct in_mfilter *imf)
Definition: in_mcast.c:351
ip_mfilter_alloc
struct in_mfilter * ip_mfilter_alloc(const int mflags, const int st0, const int st1)
Definition: in_mcast.c:339
in_leavegroup
int in_leavegroup(struct in_multi *inm, struct in_mfilter *imf)
Definition: in_mcast.c:1286
in_var.h
ip_mfilter_insert
static void ip_mfilter_insert(struct ip_mfilter_head *head, struct in_mfilter *imf)
Definition: in_var.h:250
ip_mfilter_init
static void ip_mfilter_init(struct ip_mfilter_head *head)
Definition: in_var.h:236
ip_mfilter_first
static struct in_mfilter * ip_mfilter_first(const struct ip_mfilter_head *head)
Definition: in_var.h:243
ip_mfilter_remove
static void ip_mfilter_remove(struct ip_mfilter_head *head, struct in_mfilter *imf)
Definition: in_var.h:257
IPV6_VERSION
#define IPV6_VERSION
Definition: ip6.h:95
IPV6_FLOWLABEL_LEN
#define IPV6_FLOWLABEL_LEN
Definition: ip6.h:107
IPTOS_DSCP_OFFSET
#define IPTOS_DSCP_OFFSET
Definition: ip.h:99
IPVERSION
#define IPVERSION
Definition: ip.h:46
IP_DF
#define IP_DF
Definition: ip.h:13
carp_carprcp
static void carp_carprcp(struct carpreq *carpr, struct carp_softc *sc, int priv)
Definition: ip_carp.c:1717
VNET_PCPUSTAT_DEFINE
VNET_PCPUSTAT_DEFINE(struct carpstats, carpstats)
CIF_LOCK
#define CIF_LOCK(cif)
Definition: ip_carp.c:269
carp_grow_ifas
static void carp_grow_ifas(struct carp_softc *sc)
Definition: ip_carp.c:1622
carp_set_state
static void carp_set_state(struct carp_softc *, int, const char *reason)
Definition: ip_carp.c:2044
carp_ifa_addroute
static void carp_ifa_addroute(struct ifaddr *)
Definition: ip_carp.c:1071
CARP_FOREACH_IFA
#define CARP_FOREACH_IFA(sc, ifa)
Definition: ip_carp.c:293
SYSCTL_VNET_PCPUSTAT
SYSCTL_VNET_PCPUSTAT(_net_inet_carp, OID_AUTO, stats, struct carpstats, carpstats, "CARP statistics (struct carpstats, netinet/ip_carp.h)")
carp_forus
int carp_forus(struct ifnet *ifp, u_char *dhost)
Definition: ip_carp.c:1243
carp_master_down
static void carp_master_down(void *)
Definition: ip_carp.c:1270
carp_linkstate
static void carp_linkstate(struct ifnet *ifp)
Definition: ip_carp.c:2066
CIF_LOCK_INIT
#define CIF_LOCK_INIT(cif)
Definition: ip_carp.c:265
carp_send_ad_error
static void carp_send_ad_error(struct carp_softc *sc, int error)
Definition: ip_carp.c:854
CARP_SENDAD_MIN_SUCCESS
#define CARP_SENDAD_MIN_SUCCESS
Definition: ip_carp.c:116
IFNET_FOREACH_CARP
#define IFNET_FOREACH_CARP(ifp, sc)
Definition: ip_carp.c:300
VNET_DEFINE_STATIC
VNET_DEFINE_STATIC(int, carp_allow)
CARP_INET6
#define CARP_INET6
Definition: ip_carp.c:152
carp_output
int carp_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *sa)
Definition: ip_carp.c:1527
VNET_PCPUSTAT_SYSINIT
VNET_PCPUSTAT_SYSINIT(carpstats)
carp_ifa_delroute
static void carp_ifa_delroute(struct ifaddr *)
Definition: ip_carp.c:1102
carp_ioctl
int carp_ioctl(struct ifreq *ifr, u_long cmd, struct thread *td)
Definition: ip_carp.c:1733
CARP_SENDAD_MAX_ERRORS
#define CARP_SENDAD_MAX_ERRORS
Definition: ip_carp.c:114
carp_allow_sysctl
static int carp_allow_sysctl(SYSCTL_HANDLER_ARGS)
Definition: ip_carp.c:2118
carp_free_if
static void carp_free_if(struct carp_if *)
Definition: ip_carp.c:1695
CARP_HMAC_PAD
#define CARP_HMAC_PAD
Definition: ip_carp.c:122
carp_hmac_generate
static void carp_hmac_generate(struct carp_softc *sc, uint32_t counter[2], unsigned char md[20])
Definition: ip_carp.c:414
carp_get_vhid
static int carp_get_vhid(struct ifaddr *ifa)
Definition: ip_carp.c:1900
MALLOC_DEFINE
static MALLOC_DEFINE(M_CARP, "CARP", "CARP addresses")
carp_delroute
static void carp_delroute(struct carp_softc *)
Definition: ip_carp.c:1093
carp_multicast_setup
static int carp_multicast_setup(struct carp_if *cif, sa_family_t sa)
Definition: ip_carp.c:1386
CARP_LOCK_ASSERT
#define CARP_LOCK_ASSERT(sc)
Definition: ip_carp.c:262
V_carp_ifdown_adj
#define V_carp_ifdown_adj
Definition: ip_carp.c:215
carp_demote_adj
static void carp_demote_adj(int, char *)
Definition: ip_carp.c:2110
carp_send_ad_locked
static void carp_send_ad_locked(struct carp_softc *)
Definition: ip_carp.c:920
carp_destroy
static void carp_destroy(struct carp_softc *)
Definition: ip_carp.c:1636
carp_input_c
static void carp_input_c(struct mbuf *, struct carp_header *, sa_family_t)
Definition: ip_carp.c:647
carp_send_ad
static void carp_send_ad(void *)
Definition: ip_carp.c:839
VNET_PCPUSTAT_SYSUNINIT
VNET_PCPUSTAT_SYSUNINIT(carpstats)
DEMOTE_ADVSKEW
#define DEMOTE_ADVSKEW(sc)
Definition: ip_carp.c:305
carp_prepare_ad
static int carp_prepare_ad(struct mbuf *m, struct carp_softc *sc, struct carp_header *ch)
Definition: ip_carp.c:783
CARP_UNLOCK
#define CARP_UNLOCK(sc)
Definition: ip_carp.c:264
CIF_PROMISC
#define CIF_PROMISC
CARP_LOCK
#define CARP_LOCK(sc)
Definition: ip_carp.c:263
carp_best_ifa
static struct ifaddr * carp_best_ifa(int af, struct ifnet *ifp)
Definition: ip_carp.c:900
carp_sc_state
static void carp_sc_state(struct carp_softc *)
Definition: ip_carp.c:2080
CIF_FREE
#define CIF_FREE(cif)
Definition: ip_carp.c:271
carp_mod_load
static int carp_mod_load(void)
Definition: ip_carp.c:2242
carp_dscp_sysctl
static int carp_dscp_sysctl(SYSCTL_HANDLER_ARGS)
Definition: ip_carp.c:2145
carp_demote_adj_sysctl
static int carp_demote_adj_sysctl(SYSCTL_HANDLER_ARGS)
Definition: ip_carp.c:2163
__FBSDID
__FBSDID("$FreeBSD$")
carp_alloc_if
static struct carp_if * carp_alloc_if(struct ifnet *)
Definition: ip_carp.c:1669
SYSCTL_PROC
SYSCTL_PROC(_net_inet_carp, OID_AUTO, allow, CTLFLAG_VNET|CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE, 0, 0, carp_allow_sysctl, "I", "Accept incoming CARP packets")
carp_hmac_verify
static int carp_hmac_verify(struct carp_softc *sc, uint32_t counter[2], unsigned char md[20])
Definition: ip_carp.c:435
LIST_HEAD
static LIST_HEAD(carp_softc)
Definition: ip_carp.c:333
CARP_INET
#define CARP_INET
Definition: ip_carp.c:151
V_carp_demotion
#define V_carp_demotion
Definition: ip_carp.c:207
CARP_DEBUG
#define CARP_DEBUG(...)
Definition: ip_carp.c:284
V_carp_allow
#define V_carp_allow
Definition: ip_carp.c:191
carp_detach
void carp_detach(struct ifaddr *ifa, bool keep_cif)
Definition: ip_carp.c:1986
SYSCTL_INT
SYSCTL_INT(_net_inet_carp, OID_AUTO, preempt, CTLFLAG_VNET|CTLFLAG_RW, &VNET_NAME(carp_preempt), 0, "High-priority backup preemption mode")
carp_attach
int carp_attach(struct ifaddr *ifa, int vhid)
Definition: ip_carp.c:1910
CARPSTATS_INC
#define CARPSTATS_INC(name)
Definition: ip_carp.c:254
CIF_UNLOCK
#define CIF_UNLOCK(cif)
Definition: ip_carp.c:270
CIF_LOCK_ASSERT
#define CIF_LOCK_ASSERT(cif)
Definition: ip_carp.c:268
carp_source_is_self
static int carp_source_is_self(struct mbuf *m, struct ifaddr *ifa, sa_family_t af)
Definition: ip_carp.c:616
SYSCTL_NODE
SYSCTL_NODE(_net_inet, IPPROTO_CARP, carp, CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "CARP")
carp_modevent
static int carp_modevent(module_t mod, int type, void *data)
Definition: ip_carp.c:2296
carp_addroute
static void carp_addroute(struct carp_softc *)
Definition: ip_carp.c:1062
carp_master_down_locked
static void carp_master_down_locked(struct carp_softc *, const char *reason)
Definition: ip_carp.c:1289
CARP_LOCK_INIT
#define CARP_LOCK_INIT(sc)
Definition: ip_carp.c:259
carp_mod
static moduledata_t carp_mod
Definition: ip_carp.c:2319
carp_multicast_cleanup
static void carp_multicast_cleanup(struct carp_if *cif, sa_family_t sa)
Definition: ip_carp.c:1486
CARP_LOCK_DESTROY
#define CARP_LOCK_DESTROY(sc)
Definition: ip_carp.c:261
CARP_LOG
#define CARP_LOG(...)
Definition: ip_carp.c:279
proto_reg
static int proto_reg[]
Definition: ip_carp.c:153
carp_setrun
static void carp_setrun(struct carp_softc *, sa_family_t)
Definition: ip_carp.c:1325
V_carp_dscp
#define V_carp_dscp
Definition: ip_carp.c:195
carp_alloc
static struct carp_softc * carp_alloc(struct ifnet *)
Definition: ip_carp.c:1580
carp_send_ad_all
static void carp_send_ad_all(void *, int)
DECLARE_MODULE
DECLARE_MODULE(carp, carp_mod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY)
CIF_LOCK_DESTROY
#define CIF_LOCK_DESTROY(cif)
Definition: ip_carp.c:267
carp_master
int carp_master(struct ifaddr *ifa)
Definition: ip_carp.c:1124
V_carp_senderr_adj
#define V_carp_senderr_adj
Definition: ip_carp.c:211
V_carp_preempt
#define V_carp_preempt
Definition: ip_carp.c:199
IFNET_FOREACH_IFA
#define IFNET_FOREACH_IFA(ifp, ifa)
Definition: ip_carp.c:289
carp_mod_cleanup
static void carp_mod_cleanup(void)
Definition: ip_carp.c:2206
ip_carp.h
CARP_KEY_LEN
#define CARP_KEY_LEN
Definition: ip_carp.h:93
carp_iamatch
int carp_iamatch(struct ifaddr *, uint8_t **)
carp_output_p
int(* carp_output_p)(struct ifnet *, struct mbuf *, const struct sockaddr *)
carp_input
int carp_input(struct mbuf **, int *, int)
CARP_MAXSKEW
#define CARP_MAXSKEW
Definition: ip_carp.h:133
SIOCSVH
#define SIOCSVH
Definition: ip_carp.h:137
CARP_ADVERTISEMENT
#define CARP_ADVERTISEMENT
Definition: ip_carp.h:91
CARP_STATES
#define CARP_STATES
Definition: ip_carp.h:130
CARP_DFLTINTV
#define CARP_DFLTINTV
Definition: ip_carp.h:96
CARP_DFLTTL
#define CARP_DFLTTL
Definition: ip_carp.h:85
carp_ioctl_p
int(* carp_ioctl_p)(struct ifreq *, u_long, struct thread *)
SIOCGVH
#define SIOCGVH
Definition: ip_carp.h:138
carp_get_vhid_p
int(* carp_get_vhid_p)(struct ifaddr *)
carp_master_p
int(* carp_master_p)(struct ifaddr *)
CARP_VERSION
#define CARP_VERSION
Definition: ip_carp.h:88
carp_linkstate_p
void(* carp_linkstate_p)(struct ifnet *)
carp_macmatch6
char * carp_macmatch6(struct ifnet *, struct mbuf *, const struct in6_addr *)
carp_demote_adj_p
void(* carp_demote_adj_p)(int, char *)
CARP_MAXVHID
#define CARP_MAXVHID
Definition: ip_carp.h:128
carp_detach_p
void(* carp_detach_p)(struct ifaddr *, bool)
carp6_input
int carp6_input(struct mbuf **, int *, int)
carp_iamatch6
struct ifaddr * carp_iamatch6(struct ifnet *, struct in6_addr *)
carp_forus_p
int(* carp_forus_p)(struct ifnet *, u_char *)
carp_attach_p
int(* carp_attach_p)(struct ifaddr *, int)
count
u_int16_t count
Definition: ip_fw.h:18
state
u_int32_t state
Definition: ip_fw.h:10
ip_fillid
void ip_fillid(struct ip *ip)
Definition: ip_id.c:243
ipproto_register
int ipproto_register(short ipproto)
Definition: ip_input.c:884
inetdomain
struct domain inetdomain
ipproto_unregister
int ipproto_unregister(short ipproto)
Definition: ip_input.c:915
ip_output
int ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags, struct ip_moptions *imo, struct inpcb *inp)
Definition: ip_output.c:320
ip_var.h
rip_output
int rip_output(struct mbuf *, struct socket *,...)
rip_usrreqs
struct pr_usrreqs rip_usrreqs
IP_RAWOUTPUT
#define IP_RAWOUTPUT
Definition: ip_var.h:166
rip_ctloutput
int rip_ctloutput(struct socket *, struct sockopt *)
carp_header
Definition: ip_carp.h:62
carp_header::carp_advskew
u_int8_t carp_advskew
Definition: ip_carp.h:72
carp_header::carp_advbase
u_int8_t carp_advbase
Definition: ip_carp.h:75
carp_header::carp_type
u_int8_t carp_type
Definition: ip_carp.h:64
carp_header::carp_authlen
u_int8_t carp_authlen
Definition: ip_carp.h:73
carp_header::carp_md
unsigned char carp_md[20]
Definition: ip_carp.h:78
carp_header::carp_counter
u_int32_t carp_counter[2]
Definition: ip_carp.h:77
carp_header::carp_pad1
u_int8_t carp_pad1
Definition: ip_carp.h:74
carp_header::carp_cksum
u_int16_t carp_cksum
Definition: ip_carp.h:76
carp_header::carp_vhid
u_int8_t carp_vhid
Definition: ip_carp.h:71
carp_header::carp_version
u_int8_t carp_version
Definition: ip_carp.h:65
carp_if
Definition: ip_carp.c:131
carp_softc
Definition: ip_carp.c:91
carp_softc::sc_naddrs
int sc_naddrs
Definition: ip_carp.c:108
carp_softc::sc_ifasiz
int sc_ifasiz
Definition: ip_carp.c:110
carp_softc::sc_counter
uint64_t sc_counter
Definition: ip_carp.c:119
carp_softc::sc_mtx
struct mtx sc_mtx
Definition: ip_carp.c:102
carp_softc::sc_addr
struct sockaddr_dl sc_addr
Definition: ip_carp.c:94
carp_softc::sc_ad_tmo
struct callout sc_ad_tmo
Definition: ip_carp.c:95
carp_softc::INIT
@ INIT
Definition: ip_carp.c:111
carp_softc::BACKUP
@ BACKUP
Definition: ip_carp.c:111
carp_softc::MASTER
@ MASTER
Definition: ip_carp.c:111
carp_softc::sc_pad
unsigned char sc_pad[CARP_HMAC_PAD]
Definition: ip_carp.c:124
carp_softc::sc_sendad_success
int sc_sendad_success
Definition: ip_carp.c:115
carp_softc::sc_carpdev
struct ifnet * sc_carpdev
Definition: ip_carp.c:92
carp_softc::sc_suppress
int sc_suppress
Definition: ip_carp.c:112
carp_softc::sc_ifas
struct ifaddr ** sc_ifas
Definition: ip_carp.c:93
carp_softc::sc_advskew
int sc_advskew
Definition: ip_carp.c:105
carp_softc::sc_init_counter
int sc_init_counter
Definition: ip_carp.c:118
carp_softc::sc_advbase
int sc_advbase
Definition: ip_carp.c:106
carp_softc::sc_sha1
SHA1_CTX sc_sha1
Definition: ip_carp.c:125
carp_softc::sc_sendad_errors
int sc_sendad_errors
Definition: ip_carp.c:113
carp_softc::sc_state
enum carp_softc::@10 sc_state
carp_softc::sc_vhid
int sc_vhid
Definition: ip_carp.c:104
carp_softc::sc_key
unsigned char sc_key[CARP_KEY_LEN]
Definition: ip_carp.c:123
carp_softc::sc_naddrs6
int sc_naddrs6
Definition: ip_carp.c:109
carpreq::carpr_advbase
int carpr_advbase
Definition: ip_carp.h:134
carpreq::carpr_count
int carpr_count
Definition: ip_carp.h:126
carpreq::carpr_state
int carpr_state
Definition: ip_carp.h:129
carpreq::carpr_vhid
int carpr_vhid
Definition: ip_carp.h:127
carpreq::carpr_key
unsigned char carpr_key[CARP_KEY_LEN]
Definition: ip_carp.h:135
carpreq::carpr_advskew
int carpr_advskew
Definition: ip_carp.h:132
in_addr
Definition: in.h:83
in_addr::s_addr
in_addr_t s_addr
Definition: in.h:84
in_mfilter
Definition: in_var.h:219
in_mfilter::imf_inm
struct in_multi * imf_inm
Definition: in_var.h:223
ip6_hdr
Definition: ip6.h:74
ip6_hdr::ip6_dst
struct in6_addr ip6_dst
Definition: ip6.h:85
ip6_hdr::ip6_src
struct in6_addr ip6_src
Definition: ip6.h:84
ip
Definition: ip.h:51
ip::ip_p
u_char ip_p
Definition: ip.h:69
ip::ip_dst
struct in_addr ip_src ip_dst
Definition: ip.h:71
ip::ip_tos
u_char ip_tos
Definition: ip.h:60
ip::ip_hl
u_char ip_hl
Definition: ip.h:53
ip::ip_sum
u_short ip_sum
Definition: ip.h:70
ip::ip_len
u_short ip_len
Definition: ip.h:61
ip::ip_v
u_char ip_v
Definition: ip.h:54
ip::ip_ttl
u_char ip_ttl
Definition: ip.h:68
ip::ip_off
u_short ip_off
Definition: ip.h:63
sockaddr_in
Definition: in.h:97
TAILQ_ENTRY
TAILQ_ENTRY(bbr_sendmap) r_next