ip6_forward.c (120593) | ip6_forward.c (120913) |
---|---|
1/* $FreeBSD: head/sys/netinet6/ip6_forward.c 120593 2003-09-30 04:46:08Z sam $ */ | 1/* $FreeBSD: head/sys/netinet6/ip6_forward.c 120913 2003-10-08 18:26:08Z ume $ */ |
2/* $KAME: ip6_forward.c,v 1.69 2001/05/17 03:48:30 itojun Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 124 unchanged lines hidden (view full) --- 134 return; 135 } 136#endif /* IPSEC */ 137 138 /* 139 * Do not forward packets to multicast destination (should be handled 140 * by ip6_mforward(). 141 * Do not forward packets with unspecified source. It was discussed | 2/* $KAME: ip6_forward.c,v 1.69 2001/05/17 03:48:30 itojun Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 124 unchanged lines hidden (view full) --- 134 return; 135 } 136#endif /* IPSEC */ 137 138 /* 139 * Do not forward packets to multicast destination (should be handled 140 * by ip6_mforward(). 141 * Do not forward packets with unspecified source. It was discussed |
142 * in July 2000, on ipngwg mailing list. | 142 * in July 2000, on the ipngwg mailing list. |
143 */ 144 if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 || 145 IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || 146 IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) { 147 ip6stat.ip6s_cantforward++; 148 /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ 149 if (ip6_log_time + ip6_log_interval < time_second) { 150 ip6_log_time = time_second; --- 25 unchanged lines hidden (view full) --- 176 * 177 * It is important to save it before IPsec processing as IPsec 178 * processing may modify the mbuf. 179 */ 180 mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN)); 181 182#ifdef IPSEC 183 /* get a security policy for this packet */ | 143 */ 144 if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 || 145 IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || 146 IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) { 147 ip6stat.ip6s_cantforward++; 148 /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ 149 if (ip6_log_time + ip6_log_interval < time_second) { 150 ip6_log_time = time_second; --- 25 unchanged lines hidden (view full) --- 176 * 177 * It is important to save it before IPsec processing as IPsec 178 * processing may modify the mbuf. 179 */ 180 mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN)); 181 182#ifdef IPSEC 183 /* get a security policy for this packet */ |
184 sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, IP_FORWARDING, 185 &error); | 184 sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 185 IP_FORWARDING, &error); |
186 if (sp == NULL) { 187 ipsec6stat.out_inval++; 188 ip6stat.ip6s_cantforward++; 189 if (mcopy) { 190#if 0 191 /* XXX: what icmp ? */ 192#else 193 m_freem(mcopy); --- 84 unchanged lines hidden (view full) --- 278 case EHOSTUNREACH: 279 case ENETUNREACH: 280 case EMSGSIZE: 281 case ENOBUFS: 282 case ENOMEM: 283 break; 284 default: 285 printf("ip6_output (ipsec): error code %d\n", error); | 186 if (sp == NULL) { 187 ipsec6stat.out_inval++; 188 ip6stat.ip6s_cantforward++; 189 if (mcopy) { 190#if 0 191 /* XXX: what icmp ? */ 192#else 193 m_freem(mcopy); --- 84 unchanged lines hidden (view full) --- 278 case EHOSTUNREACH: 279 case ENETUNREACH: 280 case EMSGSIZE: 281 case ENOBUFS: 282 case ENOMEM: 283 break; 284 default: 285 printf("ip6_output (ipsec): error code %d\n", error); |
286 /* fall through */ | 286 /* FALLTHROUGH */ |
287 case ENOENT: 288 /* don't show these error codes to the user */ 289 break; 290 } 291 ip6stat.ip6s_cantforward++; 292 if (mcopy) { 293#if 0 294 /* XXX: what icmp ? */ --- 5 unchanged lines hidden (view full) --- 300 return; 301 } 302 } 303 skip_ipsec: 304#endif /* IPSEC */ 305 306 dst = (struct sockaddr_in6 *)&ip6_forward_rt.ro_dst; 307 if (!srcrt) { | 287 case ENOENT: 288 /* don't show these error codes to the user */ 289 break; 290 } 291 ip6stat.ip6s_cantforward++; 292 if (mcopy) { 293#if 0 294 /* XXX: what icmp ? */ --- 5 unchanged lines hidden (view full) --- 300 return; 301 } 302 } 303 skip_ipsec: 304#endif /* IPSEC */ 305 306 dst = (struct sockaddr_in6 *)&ip6_forward_rt.ro_dst; 307 if (!srcrt) { |
308 /* 309 * ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst 310 */ | 308 /* ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst */ |
311 if (ip6_forward_rt.ro_rt == 0 || 312 (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0) { 313 if (ip6_forward_rt.ro_rt) { 314 RTFREE(ip6_forward_rt.ro_rt); 315 ip6_forward_rt.ro_rt = 0; 316 } | 309 if (ip6_forward_rt.ro_rt == 0 || 310 (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0) { 311 if (ip6_forward_rt.ro_rt) { 312 RTFREE(ip6_forward_rt.ro_rt); 313 ip6_forward_rt.ro_rt = 0; 314 } |
315 |
|
317 /* this probably fails but give it a try again */ 318 rtalloc_ign((struct route *)&ip6_forward_rt, 319 RTF_PRCLONING); 320 } 321 322 if (ip6_forward_rt.ro_rt == 0) { 323 ip6stat.ip6s_noroute++; 324 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute); 325 if (mcopy) { 326 icmp6_error(mcopy, ICMP6_DST_UNREACH, 327 ICMP6_DST_UNREACH_NOROUTE, 0); 328 } 329 m_freem(m); 330 return; 331 } 332 } else if ((rt = ip6_forward_rt.ro_rt) == 0 || | 316 /* this probably fails but give it a try again */ 317 rtalloc_ign((struct route *)&ip6_forward_rt, 318 RTF_PRCLONING); 319 } 320 321 if (ip6_forward_rt.ro_rt == 0) { 322 ip6stat.ip6s_noroute++; 323 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute); 324 if (mcopy) { 325 icmp6_error(mcopy, ICMP6_DST_UNREACH, 326 ICMP6_DST_UNREACH_NOROUTE, 0); 327 } 328 m_freem(m); 329 return; 330 } 331 } else if ((rt = ip6_forward_rt.ro_rt) == 0 || |
333 !IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr)) { | 332 !IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr)) { |
334 if (ip6_forward_rt.ro_rt) { 335 RTFREE(ip6_forward_rt.ro_rt); 336 ip6_forward_rt.ro_rt = 0; 337 } 338 bzero(dst, sizeof(*dst)); 339 dst->sin6_len = sizeof(struct sockaddr_in6); 340 dst->sin6_family = AF_INET6; 341 dst->sin6_addr = ip6->ip6_dst; --- 76 unchanged lines hidden (view full) --- 418 */ 419 if (mtu < IPV6_MMTU) 420 mtu = IPV6_MMTU; 421#endif 422 icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu); 423 } 424 m_freem(m); 425 return; | 333 if (ip6_forward_rt.ro_rt) { 334 RTFREE(ip6_forward_rt.ro_rt); 335 ip6_forward_rt.ro_rt = 0; 336 } 337 bzero(dst, sizeof(*dst)); 338 dst->sin6_len = sizeof(struct sockaddr_in6); 339 dst->sin6_family = AF_INET6; 340 dst->sin6_addr = ip6->ip6_dst; --- 76 unchanged lines hidden (view full) --- 417 */ 418 if (mtu < IPV6_MMTU) 419 mtu = IPV6_MMTU; 420#endif 421 icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu); 422 } 423 m_freem(m); 424 return; |
426 } | 425 } |
427 428 if (rt->rt_flags & RTF_GATEWAY) 429 dst = (struct sockaddr_in6 *)rt->rt_gateway; 430 431 /* 432 * If we are to forward the packet using the same interface 433 * as one we got the packet from, perhaps we should send a redirect 434 * to sender to shortcut a hop. --- 57 unchanged lines hidden (view full) --- 492 */ 493#if 1 494 if (0) 495#else 496 if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0) 497#endif 498 { 499 printf("ip6_forward: outgoing interface is loopback. " | 426 427 if (rt->rt_flags & RTF_GATEWAY) 428 dst = (struct sockaddr_in6 *)rt->rt_gateway; 429 430 /* 431 * If we are to forward the packet using the same interface 432 * as one we got the packet from, perhaps we should send a redirect 433 * to sender to shortcut a hop. --- 57 unchanged lines hidden (view full) --- 491 */ 492#if 1 493 if (0) 494#else 495 if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0) 496#endif 497 { 498 printf("ip6_forward: outgoing interface is loopback. " |
500 "src %s, dst %s, nxt %d, rcvif %s, outif %s\n", 501 ip6_sprintf(&ip6->ip6_src), 502 ip6_sprintf(&ip6->ip6_dst), 503 ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif), 504 if_name(rt->rt_ifp)); | 499 "src %s, dst %s, nxt %d, rcvif %s, outif %s\n", 500 ip6_sprintf(&ip6->ip6_src), 501 ip6_sprintf(&ip6->ip6_dst), 502 ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif), 503 if_name(rt->rt_ifp)); |
505 } 506 507 /* we can just use rcvif in forwarding. */ 508 origifp = m->m_pkthdr.rcvif; 509 } 510 else 511 origifp = rt->rt_ifp; 512#ifndef SCOPEDROUTING --- 26 unchanged lines hidden (view full) --- 539 in6_ifstat_inc(rt->rt_ifp, ifs6_out_forward); 540 if (type) 541 ip6stat.ip6s_redirectsent++; 542 else { 543 if (mcopy) 544 goto freecopy; 545 } 546 } | 504 } 505 506 /* we can just use rcvif in forwarding. */ 507 origifp = m->m_pkthdr.rcvif; 508 } 509 else 510 origifp = rt->rt_ifp; 511#ifndef SCOPEDROUTING --- 26 unchanged lines hidden (view full) --- 538 in6_ifstat_inc(rt->rt_ifp, ifs6_out_forward); 539 if (type) 540 ip6stat.ip6s_redirectsent++; 541 else { 542 if (mcopy) 543 goto freecopy; 544 } 545 } |
546 |
|
547#ifdef PFIL_HOOKS 548senderr: 549#endif 550 if (mcopy == NULL) 551 return; 552 switch (error) { 553 case 0: | 547#ifdef PFIL_HOOKS 548senderr: 549#endif 550 if (mcopy == NULL) 551 return; 552 switch (error) { 553 case 0: |
554#if 1 | |
555 if (type == ND_REDIRECT) { 556 icmp6_redirect_output(mcopy, rt); 557 return; 558 } | 554 if (type == ND_REDIRECT) { 555 icmp6_redirect_output(mcopy, rt); 556 return; 557 } |
559#endif | |
560 goto freecopy; 561 562 case EMSGSIZE: 563 /* xxx MTU is constant in PPP? */ 564 goto freecopy; 565 566 case ENOBUFS: 567 /* Tell source to slow down like source quench in IP? */ --- 18 unchanged lines hidden --- | 558 goto freecopy; 559 560 case EMSGSIZE: 561 /* xxx MTU is constant in PPP? */ 562 goto freecopy; 563 564 case ENOBUFS: 565 /* Tell source to slow down like source quench in IP? */ --- 18 unchanged lines hidden --- |