| ip6_forward.c (62601) | ip6_forward.c (63256) |
|---|---|
| 1/* $FreeBSD: head/sys/netinet6/ip6_forward.c 62601 2000-07-05 01:14:45Z itojun $ */ 2/* $KAME: ip6_forward.c,v 1.39 2000/07/03 13:23:28 itojun Exp $ */ | 1/* $FreeBSD: head/sys/netinet6/ip6_forward.c 63256 2000-07-16 07:56:54Z itojun $ */ 2/* $KAME: ip6_forward.c,v 1.43 2000/07/16 07:50:49 itojun Exp $ */ |
| 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: --- 40 unchanged lines hidden (view full) --- 51#include <netinet/in.h> 52#include <netinet/in_var.h> 53#include <netinet/ip_var.h> 54#include <netinet/ip6.h> 55#include <netinet6/ip6_var.h> 56#include <netinet/icmp6.h> 57#include <netinet6/nd6.h> 58 | 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: --- 40 unchanged lines hidden (view full) --- 51#include <netinet/in.h> 52#include <netinet/in_var.h> 53#include <netinet/ip_var.h> 54#include <netinet/ip6.h> 55#include <netinet6/ip6_var.h> 56#include <netinet/icmp6.h> 57#include <netinet6/nd6.h> 58 |
| 59#ifdef IPSEC_IPV6FWD | 59#ifdef IPSEC |
| 60#include <netinet6/ipsec.h> 61#include <netinet6/ipsec6.h> 62#include <netkey/key.h> | 60#include <netinet6/ipsec.h> 61#include <netinet6/ipsec6.h> 62#include <netkey/key.h> |
| 63#endif /* IPSEC_IPV6FWD */ | 63#endif /* IPSEC */ |
| 64 65#ifdef IPV6FIREWALL 66#include <netinet6/ip6_fw.h> 67#endif 68 69#include <net/net_osdep.h> 70 71struct route_in6 ip6_forward_rt; --- 17 unchanged lines hidden (view full) --- 89 int srcrt; 90{ 91 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 92 register struct sockaddr_in6 *dst; 93 register struct rtentry *rt; 94 int error, type = 0, code = 0; 95 struct mbuf *mcopy = NULL; 96 struct ifnet *origifp; /* maybe unnecessary */ | 64 65#ifdef IPV6FIREWALL 66#include <netinet6/ip6_fw.h> 67#endif 68 69#include <net/net_osdep.h> 70 71struct route_in6 ip6_forward_rt; --- 17 unchanged lines hidden (view full) --- 89 int srcrt; 90{ 91 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 92 register struct sockaddr_in6 *dst; 93 register struct rtentry *rt; 94 int error, type = 0, code = 0; 95 struct mbuf *mcopy = NULL; 96 struct ifnet *origifp; /* maybe unnecessary */ |
| 97#ifdef IPSEC_IPV6FWD | 97#ifdef IPSEC |
| 98 struct secpolicy *sp = NULL; 99#endif 100 | 98 struct secpolicy *sp = NULL; 99#endif 100 |
| 101#ifdef IPSEC_IPV6FWD | 101#ifdef IPSEC |
| 102 /* 103 * Check AH/ESP integrity. 104 */ 105 /* 106 * Don't increment ip6s_cantforward because this is the check 107 * before forwarding packet actually. 108 */ 109 if (ipsec6_in_reject(m, NULL)) { 110 ipsec6stat.in_polvio++; 111 m_freem(m); 112 return; 113 } | 102 /* 103 * Check AH/ESP integrity. 104 */ 105 /* 106 * Don't increment ip6s_cantforward because this is the check 107 * before forwarding packet actually. 108 */ 109 if (ipsec6_in_reject(m, NULL)) { 110 ipsec6stat.in_polvio++; 111 m_freem(m); 112 return; 113 } |
| 114#endif /*IPSEC_IPV6FWD*/ | 114#endif /*IPSEC*/ |
| 115 116 if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 || 117 IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 118 ip6stat.ip6s_cantforward++; 119 /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ 120 if (ip6_log_time + ip6_log_interval < time_second) { 121 ip6_log_time = time_second; 122 log(LOG_DEBUG, --- 22 unchanged lines hidden (view full) --- 145 * we need to generate an ICMP6 message to the src. 146 * Thanks to M_EXT, in most cases copy will not occur. 147 * 148 * It is important to save it before IPsec processing as IPsec 149 * processing may modify the mbuf. 150 */ 151 mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN)); 152 | 115 116 if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 || 117 IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 118 ip6stat.ip6s_cantforward++; 119 /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ 120 if (ip6_log_time + ip6_log_interval < time_second) { 121 ip6_log_time = time_second; 122 log(LOG_DEBUG, --- 22 unchanged lines hidden (view full) --- 145 * we need to generate an ICMP6 message to the src. 146 * Thanks to M_EXT, in most cases copy will not occur. 147 * 148 * It is important to save it before IPsec processing as IPsec 149 * processing may modify the mbuf. 150 */ 151 mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN)); 152 |
| 153#ifdef IPSEC_IPV6FWD | 153#ifdef IPSEC |
| 154 /* get a security policy for this packet */ 155 sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error); 156 if (sp == NULL) { 157 ipsec6stat.out_inval++; 158 ip6stat.ip6s_cantforward++; 159 if (mcopy) { 160#if 0 161 /* XXX: what icmp ? */ --- 108 unchanged lines hidden (view full) --- 270 m_freem(mcopy); 271#endif 272 } 273 m_freem(m); 274 return; 275 } 276 } 277 skip_ipsec: | 154 /* get a security policy for this packet */ 155 sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error); 156 if (sp == NULL) { 157 ipsec6stat.out_inval++; 158 ip6stat.ip6s_cantforward++; 159 if (mcopy) { 160#if 0 161 /* XXX: what icmp ? */ --- 108 unchanged lines hidden (view full) --- 270 m_freem(mcopy); 271#endif 272 } 273 m_freem(m); 274 return; 275 } 276 } 277 skip_ipsec: |
| 278#endif /* IPSEC_IPV6FWD */ | 278#endif /* IPSEC */ |
| 279 280 dst = &ip6_forward_rt.ro_dst; 281 if (!srcrt) { 282 /* 283 * ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst 284 */ 285 if (ip6_forward_rt.ro_rt == 0 || 286 (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0) { --- 70 unchanged lines hidden (view full) --- 357 m_freem(m); 358 return; 359 } 360 361 if (m->m_pkthdr.len > rt->rt_ifp->if_mtu) { 362 in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig); 363 if (mcopy) { 364 u_long mtu; | 279 280 dst = &ip6_forward_rt.ro_dst; 281 if (!srcrt) { 282 /* 283 * ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst 284 */ 285 if (ip6_forward_rt.ro_rt == 0 || 286 (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0) { --- 70 unchanged lines hidden (view full) --- 357 m_freem(m); 358 return; 359 } 360 361 if (m->m_pkthdr.len > rt->rt_ifp->if_mtu) { 362 in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig); 363 if (mcopy) { 364 u_long mtu; |
| 365#ifdef IPSEC_IPV6FWD | 365#ifdef IPSEC |
| 366 struct secpolicy *sp; 367 int ipsecerror; 368 size_t ipsechdrsiz; 369#endif 370 371 mtu = rt->rt_ifp->if_mtu; | 366 struct secpolicy *sp; 367 int ipsecerror; 368 size_t ipsechdrsiz; 369#endif 370 371 mtu = rt->rt_ifp->if_mtu; |
| 372#ifdef IPSEC_IPV6FWD | 372#ifdef IPSEC |
| 373 /* 374 * When we do IPsec tunnel ingress, we need to play 375 * with if_mtu value (decrement IPsec header size 376 * from mtu value). The code is much simpler than v4 377 * case, as we have the outgoing interface for 378 * encapsulated packet as "rt->rt_ifp". 379 */ 380 sp = ipsec6_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND, --- 163 unchanged lines hidden --- | 373 /* 374 * When we do IPsec tunnel ingress, we need to play 375 * with if_mtu value (decrement IPsec header size 376 * from mtu value). The code is much simpler than v4 377 * case, as we have the outgoing interface for 378 * encapsulated packet as "rt->rt_ifp". 379 */ 380 sp = ipsec6_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND, --- 163 unchanged lines hidden --- |