Accept neighbor discovery packets from source IPv6 addresses for

which we have a cloning or cloned route.  The old check was based
on configured interface addresses, now we use a route lookup.  This
allows us to use prefixes for the local network that ospf6d has
added.
ok claudio@

3 files changed, 26 insertions, 24 deletions

diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index 141f2a479b7..12d7026d48d 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in6.c,v 1.90 2011/04/03 13:55:36 stsp Exp $	*/
+/*	$OpenBSD: in6.c,v 1.91 2011/07/26 21:19:51 bluhm Exp $	*/
 /*	$KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $	*/
 
 /*
@@ -1927,28 +1927,31 @@ in6ifa_ifpwithaddr(struct ifnet *ifp, struct in6_addr *addr)
 }
 
 /*
- * find the internet address on a given interface corresponding to a neighbor's
- * address.
+ * Check wether an interface has a prefix by looking up the cloning route.
  */
-struct in6_ifaddr *
-in6ifa_ifplocaladdr(const struct ifnet *ifp, const struct in6_addr *addr)
+int
+in6_ifpprefix(const struct ifnet *ifp, const struct in6_addr *addr)
 {
-	struct ifaddr *ifa;
-	struct in6_ifaddr *ia;
+	struct sockaddr_in6 dst;
+	struct rtentry *rt;
+	u_int tableid = 0;  /* XXX */
 
-	TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
-		if (ifa->ifa_addr == NULL)
-			continue;	/* just for safety */
-		if (ifa->ifa_addr->sa_family != AF_INET6)
-			continue;
-		ia = (struct in6_ifaddr *)ifa;
-		if (IN6_ARE_MASKED_ADDR_EQUAL(addr,
-				&ia->ia_addr.sin6_addr,
-				&ia->ia_prefixmask.sin6_addr))
-			return ia;
+	bzero(&dst, sizeof(dst));
+	dst.sin6_len = sizeof(struct sockaddr_in6);
+	dst.sin6_family = AF_INET6;
+	dst.sin6_addr = *addr;
+	rt = rtalloc1((struct sockaddr *)&dst, RT_NOCLONING, tableid);
+
+	if (rt == NULL)
+		return (0);
+	if ((rt->rt_flags & (RTF_CLONING | RTF_CLONED)) == 0 ||
+	    rt->rt_ifp != ifp) {
+		RTFREE(rt);
+		return (0);
 	}
 
-	return NULL;
+	RTFREE(rt);
+	return (1);
 }
 
 /*
diff --git a/sys/netinet6/in6_var.h b/sys/netinet6/in6_var.h
index 27efbf397b6..6c485d39f85 100644
--- a/sys/netinet6/in6_var.h
+++ b/sys/netinet6/in6_var.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in6_var.h,v 1.32 2010/07/08 19:42:46 jsg Exp $	*/
+/*	$OpenBSD: in6_var.h,v 1.33 2011/07/26 21:19:51 bluhm Exp $	*/
 /*	$KAME: in6_var.h,v 1.55 2001/02/16 12:49:45 itojun Exp $	*/
 
 /*
@@ -588,8 +588,7 @@ void	in6_createmkludge(struct ifnet *);
 void	in6_purgemkludge(struct ifnet *);
 struct in6_ifaddr *in6ifa_ifpforlinklocal(struct ifnet *, int);
 struct in6_ifaddr *in6ifa_ifpwithaddr(struct ifnet *, struct in6_addr *);
-struct in6_ifaddr *in6ifa_ifplocaladdr(const struct ifnet *,
-	    const struct in6_addr *);
+int	in6_ifpprefix(const struct ifnet *, const struct in6_addr *);
 char	*ip6_sprintf(struct in6_addr *);
 int	in6_addr2scopeid(struct ifnet *, struct in6_addr *);
 int	in6_matchlen(struct in6_addr *, struct in6_addr *);
diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c
index f1ef2abc899..f342a1ba52f 100644
--- a/sys/netinet6/nd6_nbr.c
+++ b/sys/netinet6/nd6_nbr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: nd6_nbr.c,v 1.56 2011/03/09 23:31:25 bluhm Exp $	*/
+/*	$OpenBSD: nd6_nbr.c,v 1.57 2011/07/26 21:19:51 bluhm Exp $	*/
 /*	$KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $	*/
 
 /*
@@ -136,7 +136,7 @@ nd6_ns_input(struct mbuf *m, int off, int icmp6len)
 		/*
 		 * Make sure the source address is from a neighbor's address.
 		 */
-		if (in6ifa_ifplocaladdr(ifp, &saddr6) == NULL) {
+		if (!in6_ifpprefix(ifp, &saddr6)) {
 			nd6log((LOG_INFO, "nd6_ns_input: "
 			    "NS packet from non-neighbor\n"));
 			goto bad;
@@ -640,7 +640,7 @@ nd6_na_input(struct mbuf *m, int off, int icmp6len)
 	/*
 	 * Make sure the source address is from a neighbor's address.
 	 */
-	if (in6ifa_ifplocaladdr(ifp, &saddr6) == NULL) {
+	if (!in6_ifpprefix(ifp, &saddr6)) {
 		nd6log((LOG_INFO, "nd6_na_input: "
 		    "ND packet from non-neighbor\n"));
 		goto bad;