Cross Reference: /freebsd-9.3-release/sys/netinet6/ip6

Deleted Added

sdiff udiff text old ( 77003 ) new ( 78064 )

full compact

ip6_input.c (77003)	ip6_input.c (78064)
1/* $FreeBSD: head/sys/netinet6/ip6_input.c 77003 2001-05-22 17:32:02Z ume $ / 2/ $KAME: ip6_input.c,v 1.95 2000/07/02 07:49:37 jinmei Exp $ */	1/* $FreeBSD: head/sys/netinet6/ip6_input.c 78064 2001-06-11 12:39:29Z ume $ / 2/ $KAME: ip6_input.c,v 1.194 2001/05/27 13:28:35 itojun Exp $ */
3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: --- 57 unchanged lines hidden (view full) --- 68#include "opt_ip6fw.h" 69#include "opt_inet.h" 70#include "opt_inet6.h" 71#include "opt_ipsec.h" 72#include "opt_pfil_hooks.h" 73 74#include <sys/param.h> 75#include <sys/systm.h>	3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: --- 57 unchanged lines hidden (view full) --- 68#include "opt_ip6fw.h" 69#include "opt_inet.h" 70#include "opt_inet6.h" 71#include "opt_ipsec.h" 72#include "opt_pfil_hooks.h" 73 74#include <sys/param.h> 75#include <sys/systm.h>
	76#include <sys/malloc.h>
76#include <sys/mbuf.h> 77#include <sys/domain.h> 78#include <sys/protosw.h> 79#include <sys/socket.h> 80#include <sys/socketvar.h> 81#include <sys/errno.h> 82#include <sys/time.h> 83#include <sys/kernel.h> --- 19 unchanged lines hidden (view full) --- 103#include <netinet6/in6_var.h> 104#include <netinet6/ip6_var.h> 105#include <netinet/in_pcb.h> 106#include <netinet/icmp6.h> 107#include <netinet6/in6_ifattach.h> 108#include <netinet6/nd6.h> 109#include <netinet6/in6_prefix.h> 110	77#include <sys/mbuf.h> 78#include <sys/domain.h> 79#include <sys/protosw.h> 80#include <sys/socket.h> 81#include <sys/socketvar.h> 82#include <sys/errno.h> 83#include <sys/time.h> 84#include <sys/kernel.h> --- 19 unchanged lines hidden (view full) --- 104#include <netinet6/in6_var.h> 105#include <netinet6/ip6_var.h> 106#include <netinet/in_pcb.h> 107#include <netinet/icmp6.h> 108#include <netinet6/in6_ifattach.h> 109#include <netinet6/nd6.h> 110#include <netinet6/in6_prefix.h> 111
	112#ifdef IPSEC 113#include <netinet6/ipsec.h> 114#ifdef INET6 115#include <netinet6/ipsec6.h> 116#endif 117#endif 118
111#include <netinet6/ip6_fw.h> 112 113#include <netinet6/ip6protosw.h> 114 115#include "faith.h" 116#include "gif.h" 117 118#include <net/net_osdep.h> 119 120extern struct domain inet6domain; 121extern struct ip6protosw inet6sw[]; 122 123u_char ip6_protox[IPPROTO_MAX]; 124static int ip6qmaxlen = IFQ_MAXLEN; 125struct in6_ifaddr in6_ifaddr; 126*	119#include <netinet6/ip6_fw.h> 120 121#include <netinet6/ip6protosw.h> 122 123#include "faith.h" 124#include "gif.h" 125 126#include <net/net_osdep.h> 127 128extern struct domain inet6domain; 129extern struct ip6protosw inet6sw[]; 130 131u_char ip6_protox[IPPROTO_MAX]; 132static int ip6qmaxlen = IFQ_MAXLEN; 133struct in6_ifaddr in6_ifaddr; 134*
	135extern struct callout in6_tmpaddrtimer_ch; 136
127int ip6_forward_srcrt; /* XXX / 128int ip6_sourcecheck; / XXX / 129int ip6_sourcecheck_interval; / XXX / 130const int int6intrq_present = 1; 131*	137int ip6_forward_srcrt; /* XXX / 138int ip6_sourcecheck; / XXX / 139int ip6_sourcecheck_interval; / XXX / 140const int int6intrq_present = 1; 141*
	142int ip6_ours_check_algorithm; 143 144
132/* firewall hooks / 133ip6_fw_chk_t ip6_fw_chk_ptr; 134ip6_fw_ctl_t ip6_fw_ctl_ptr; 135int ip6_fw_enable = 1; 136* 137struct ip6stat ip6stat; 138 139static void ip6_init2 __P((void *));	145/* firewall hooks / 146ip6_fw_chk_t ip6_fw_chk_ptr; 147ip6_fw_ctl_t ip6_fw_ctl_ptr; 148int ip6_fw_enable = 1; 149* 150struct ip6stat ip6stat; 151 152static void ip6_init2 __P((void *));
	153static struct mbuf ip6_setdstifaddr __P((struct mbuf , struct in6_ifaddr *));
140 141static int ip6_hopopts_input __P((u_int32_t , u_int32_t , struct mbuf *, int )); 142#ifdef PULLDOWN_TEST 143static struct mbuf ip6_pullexthdr __P((struct mbuf , size_t, int)); 144#endif 145	154 155static int ip6_hopopts_input __P((u_int32_t , u_int32_t , struct mbuf *, int )); 156#ifdef PULLDOWN_TEST 157static struct mbuf ip6_pullexthdr __P((struct mbuf , size_t, int)); 158#endif 159
	160
146/* 147 * IP6 initialization: fill in IP6 protocol switch table. 148 * All protocols not implemented in kernel go to raw IP6 protocol handler. 149 / 150void 151ip6_init() 152*{	161/* 162 * IP6 initialization: fill in IP6 protocol switch table. 163 * All protocols not implemented in kernel go to raw IP6 protocol handler. 164 / 165void 166ip6_init() 167*{
153 register struct ip6protosw pr; 154* register int i;	168 struct ip6protosw pr; 169* int i;
155 struct timeval tv; 156	170 struct timeval tv; 171
	172#ifdef DIAGNOSTIC 173 if (sizeof(struct protosw) != sizeof(struct ip6protosw)) 174 panic("sizeof(protosw) != sizeof(ip6protosw)"); 175#endif
157 pr = (struct ip6protosw )pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); 158* if (pr == 0) 159 panic("ip6_init"); 160 for (i = 0; i < IPPROTO_MAX; i++) 161 ip6_protox[i] = pr - inet6sw; 162 for (pr = (struct ip6protosw )inet6domain.dom_protosw; 163* pr < (struct ip6protosw )inet6domain.dom_protoswNPROTOSW; pr++) 164* if (pr->pr_domain->dom_family == PF_INET6 && --- 5 unchanged lines hidden (view full) --- 170 nd6_init(); 171 frag6_init(); 172 /* 173 * in many cases, random() here does NOT return random number 174 * as initialization during bootstrap time occur in fixed order. 175 / 176* microtime(&tv); 177 ip6_flow_seq = random() ^ tv.tv_usec;	176 pr = (struct ip6protosw )pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); 177* if (pr == 0) 178 panic("ip6_init"); 179 for (i = 0; i < IPPROTO_MAX; i++) 180 ip6_protox[i] = pr - inet6sw; 181 for (pr = (struct ip6protosw )inet6domain.dom_protosw; 182* pr < (struct ip6protosw )inet6domain.dom_protoswNPROTOSW; pr++) 183* if (pr->pr_domain->dom_family == PF_INET6 && --- 5 unchanged lines hidden (view full) --- 189 nd6_init(); 190 frag6_init(); 191 /* 192 * in many cases, random() here does NOT return random number 193 * as initialization during bootstrap time occur in fixed order. 194 / 195* microtime(&tv); 196 ip6_flow_seq = random() ^ tv.tv_usec;
	197 microtime(&tv); 198 ip6_desync_factor = (random() ^ tv.tv_usec) % MAX_TEMP_DESYNC_FACTOR;
178} 179 180static void 181ip6_init2(dummy) 182 void dummy; 183{ 184* 185 /* 186 * to route local address of p2p link to loopback, 187 * assign loopback address first. 188 / 189* in6_ifattach(&loif[0], NULL); 190 191 /* nd6_timer_init */	199} 200 201static void 202ip6_init2(dummy) 203 void dummy; 204{ 205* 206 /* 207 * to route local address of p2p link to loopback, 208 * assign loopback address first. 209 / 210* in6_ifattach(&loif[0], NULL); 211 212 /* nd6_timer_init */
192 timeout(nd6_timer, (caddr_t)0, hz);	213 callout_init(&nd6_timer_ch, 0); 214 callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL); 215
193 /* router renumbering prefix list maintenance */	216 /* router renumbering prefix list maintenance */
194 timeout(in6_rr_timer, (caddr_t)0, hz);	217 callout_init(&in6_rr_timer_ch, 0); 218 callout_reset(&in6_rr_timer_ch, hz, in6_rr_timer, NULL); 219 220 /* timer for regeneranation of temporary addresses randomize ID / 221* callout_reset(&in6_tmpaddrtimer_ch, 222 (ip6_temp_preferred_lifetime - ip6_desync_factor - 223 ip6_temp_regen_advance) * hz, 224 in6_tmpaddrtimer, NULL);
195} 196 197/* cheat / 198/ This must be after route_init(), which is now SI_ORDER_THIRD / 199SYSINIT(netinet6init2, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ip6_init2, NULL); 200* 201/* 202 * IP6 input interrupt handling. Just pass the packet to ip6_input. --- 39 unchanged lines hidden (view full) --- 242 / 243* if (m) { 244 m->m_flags &= ~M_AUTHIPHDR; 245 m->m_flags &= ~M_AUTHIPDGM; 246 } 247#endif 248 249 /*	225} 226 227/* cheat / 228/ This must be after route_init(), which is now SI_ORDER_THIRD / 229SYSINIT(netinet6init2, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ip6_init2, NULL); 230* 231/* 232 * IP6 input interrupt handling. Just pass the packet to ip6_input. --- 39 unchanged lines hidden (view full) --- 272 / 273* if (m) { 274 m->m_flags &= ~M_AUTHIPHDR; 275 m->m_flags &= ~M_AUTHIPDGM; 276 } 277#endif 278 279 /*
	280 * make sure we don't have onion peering information into m_aux. 281 / 282* ip6_delaux(m); 283 284 /*
250 * mbuf statistics by kazu 251 / 252* if (m->m_flags & M_EXT) { 253 if (m->m_next) 254 ip6stat.ip6s_mext2m++; 255 else 256 ip6stat.ip6s_mext1++; 257 } else {	285 * mbuf statistics by kazu 286 / 287* if (m->m_flags & M_EXT) { 288 if (m->m_next) 289 ip6stat.ip6s_mext2m++; 290 else 291 ip6stat.ip6s_mext1++; 292 } else {
	293#define M2MMAX (sizeof(ip6stat.ip6s_m2m)/sizeof(ip6stat.ip6s_m2m[0]))
258 if (m->m_next) { 259 if (m->m_flags & M_LOOP) { 260 ip6stat.ip6s_m2m[loif[0].if_index]++; /XXX/	294 if (m->m_next) { 295 if (m->m_flags & M_LOOP) { 296 ip6stat.ip6s_m2m[loif[0].if_index]++; /XXX/
261 } else if (m->m_pkthdr.rcvif->if_index <= 31)	297 } else if (m->m_pkthdr.rcvif->if_index < M2MMAX)
262 ip6stat.ip6s_m2m[m->m_pkthdr.rcvif->if_index]++; 263 else 264 ip6stat.ip6s_m2m[0]++; 265 } else 266 ip6stat.ip6s_m1++;	298 ip6stat.ip6s_m2m[m->m_pkthdr.rcvif->if_index]++; 299 else 300 ip6stat.ip6s_m2m[0]++; 301 } else 302 ip6stat.ip6s_m1++;
	303#undef M2MMAX
267 } 268 269 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive); 270 ip6stat.ip6s_total++; 271 272#ifndef PULLDOWN_TEST 273 /* 274 * L2 bridge code and some other code can return mbuf chain --- 80 unchanged lines hidden (view full) --- 355 m_freem(m); 356 m = NULL; 357 } 358 if (!m) 359 return; 360 } 361 362 /*	304 } 305 306 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive); 307 ip6stat.ip6s_total++; 308 309#ifndef PULLDOWN_TEST 310 /* 311 * L2 bridge code and some other code can return mbuf chain --- 80 unchanged lines hidden (view full) --- 392 m_freem(m); 393 m = NULL; 394 } 395 if (!m) 396 return; 397 } 398 399 /*
363 * Scope check	400 * Check against address spoofing/corruption.
364 / 365* if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) \|\| 366 IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) {	401 / 402* if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) \|\| 403 IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) {
	404 /* 405 * XXX: "badscope" is not very suitable for a multicast source. 406 */
367 ip6stat.ip6s_badscope++; 368 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 369 goto bad; 370 }	407 ip6stat.ip6s_badscope++; 408 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 409 goto bad; 410 }
371	411 if ((IN6_IS_ADDR_LOOPBACK(&ip6->ip6_src) \|\| 412 IN6_IS_ADDR_LOOPBACK(&ip6->ip6_dst)) && 413 (m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) { 414 ip6stat.ip6s_badscope++; 415 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 416 goto bad; 417 }
372 /*	418 /*
373 * Don't check IPv4 mapped address here. SIIT assumes that 374 * routers would forward IPv6 native packets with IPv4 mapped 375 * address normally.	419 * The following check is not documented in specs. A malicious 420 * party may be able to use IPv4 mapped addr to confuse tcp/udp stack 421 * and bypass security checks (act as if it was from 127.0.0.1 by using 422 * IPv6 src ::ffff:127.0.0.1). Be cautious. 423 * 424 * This check chokes if we are in an SIIT cloud. As none of BSDs 425 * support IPv4-less kernel compilation, we cannot support SIIT 426 * environment at all. So, it makes more sense for us to reject any 427 * malicious packets for non-SIIT environment, than try to do a 428 * partical support for SIIT environment.
376 */	429 */
	430 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) \|\| 431 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 432 ip6stat.ip6s_badscope++; 433 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 434 goto bad; 435 }
377#if 0 378 /* 379 * Reject packets with IPv4 compatible addresses (auto tunnel). 380 * 381 * The code forbids auto tunnel relay case in RFC1933 (the check is 382 * stronger than RFC1933). We may want to re-enable it if mech-xx 383 * is revised to forbid relaying case. 384 / 385* if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) \|\| 386 IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { 387 ip6stat.ip6s_badscope++; 388 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 389 goto bad; 390 } 391#endif	436#if 0 437 /* 438 * Reject packets with IPv4 compatible addresses (auto tunnel). 439 * 440 * The code forbids auto tunnel relay case in RFC1933 (the check is 441 * stronger than RFC1933). We may want to re-enable it if mech-xx 442 * is revised to forbid relaying case. 443 / 444* if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) \|\| 445 IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { 446 ip6stat.ip6s_badscope++; 447 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 448 goto bad; 449 } 450#endif
392 if (IN6_IS_ADDR_LOOPBACK(&ip6->ip6_src) \|\| 393 IN6_IS_ADDR_LOOPBACK(&ip6->ip6_dst)) { 394 if (m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) { 395 struct in6_ifaddr *ia6;
396	451
397 if ((ia6 = in6ifa_ifpwithaddr(m->m_pkthdr.rcvif, 398 &ip6->ip6_dst)) != NULL) { 399 ia6->ia_ifa.if_ipackets++; 400 ia6->ia_ifa.if_ibytes += m->m_pkthdr.len; 401 } else { 402 /* 403 * The packet is looped back, but we do not 404 * have the destination address for some 405 * reason. 406 * XXX: should we return an icmp6 error? 407 / 408* goto bad; 409 } 410 ours = 1; 411 deliverifp = m->m_pkthdr.rcvif; 412 goto hbhcheck; 413 } else {	452 /* drop packets if interface ID portion is already filled / 453* if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) { 454 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src) && 455 ip6->ip6_src.s6_addr16[1]) {
414 ip6stat.ip6s_badscope++;	456 ip6stat.ip6s_badscope++;
415 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
416 goto bad; 417 }	457 goto bad; 458 }
	459 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst) && 460 ip6->ip6_dst.s6_addr16[1]) { 461 ip6stat.ip6s_badscope++; 462 goto bad; 463 }
418 } 419	464 } 465
420#ifndef FAKE_LOOPBACK_IF 421 if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) 422#else 423 if (1) 424#endif 425 { 426 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) 427 ip6->ip6_src.s6_addr16[1] 428 = htons(m->m_pkthdr.rcvif->if_index); 429 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) 430 ip6->ip6_dst.s6_addr16[1] 431 = htons(m->m_pkthdr.rcvif->if_index); 432 }	466 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) 467 ip6->ip6_src.s6_addr16[1] 468 = htons(m->m_pkthdr.rcvif->if_index); 469 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) 470 ip6->ip6_dst.s6_addr16[1] 471 = htons(m->m_pkthdr.rcvif->if_index);
433	472
	473#if 0 /* this case seems to be unnecessary. (jinmei, 20010401) */
434 /*	474 /*
435 * XXX we need this since we do not have "goto ours" hack route 436 * for some of our ifaddrs on loopback interface. 437 * we should correct it by changing in6_ifattach to install 438 * "goto ours" hack route.	475 * We use rt->rt_ifp to determine if the address is ours or not. 476 * If rt_ifp is lo0, the address is ours. 477 * The problem here is, rt->rt_ifp for fe80::%lo0/64 is set to lo0, 478 * so any address under fe80::%lo0/64 will be mistakenly considered 479 * local. The special case is supplied to handle the case properly 480 * by actually looking at interface addresses 481 * (using in6ifa_ifpwithaddr).
439 */	482 */
440 if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) != 0) { 441 if (IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_dst)) { 442 struct in6_ifaddr ia6; 443#ifndef FAKE_LOOPBACK_IF 444* int deliverifid; 445 446 /* 447 * Get the "real" delivered interface, which should be 448 * embedded in the second 16 bits of the destination 449 * address. We can probably trust the value, but we 450 * add validation for the value just for safety. 451 / 452* deliverifid = ntohs(ip6->ip6_dst.s6_addr16[1]); 453 if (deliverifid > 0 && deliverifid <= if_index) { 454 deliverifp = ifindex2ifnet[deliverifid]; 455 456 /* 457 * XXX: fake the rcvif to the real interface. 458 * Since m_pkthdr.rcvif should be lo0 (or a 459 * variant), it would confuse scope handling 460 * code later. 461 / 462* m->m_pkthdr.rcvif = deliverifp; 463 } 464 else { 465 /* 466 * Last resort; just use rcvif. 467 * XXX: the packet would be discarded by the 468 * succeeding check. 469 / 470* deliverifp = m->m_pkthdr.rcvif; 471 } 472#else 473 deliverifp = m->m_pkthdr.rcvif; 474#endif 475 if ((ia6 = in6ifa_ifpwithaddr(deliverifp, 476 &ip6->ip6_dst)) != NULL) { 477 ia6->ia_ifa.if_ipackets++; 478 ia6->ia_ifa.if_ibytes += m->m_pkthdr.len; 479 } else { 480 /* 481 * We do not have the link-local address 482 * specified as the destination. 483 * XXX: should we return an icmp6 error? 484 / 485* goto bad; 486 } 487 ours = 1; 488 goto hbhcheck;	483 if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) != 0 && 484 IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_dst)) { 485 if (!in6ifa_ifpwithaddr(m->m_pkthdr.rcvif, &ip6->ip6_dst)) { 486 icmp6_error(m, ICMP6_DST_UNREACH, 487 ICMP6_DST_UNREACH_ADDR, 0); 488 /* m is already freed / 489* return;
489 }	490 }
	491 492 ours = 1; 493 deliverifp = m->m_pkthdr.rcvif; 494 goto hbhcheck;
490 }	495 }
	496#endif
491 492 /* 493 * Multicast check 494 / 495* if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 496 struct in6_multi in6m = 0; 497* 498 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mcast); --- 12 unchanged lines hidden (view full) --- 511 } 512 deliverifp = m->m_pkthdr.rcvif; 513 goto hbhcheck; 514 } 515 516 /* 517 * Unicast check 518 */	497 498 /* 499 * Multicast check 500 / 501* if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 502 struct in6_multi in6m = 0; 503* 504 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mcast); --- 12 unchanged lines hidden (view full) --- 517 } 518 deliverifp = m->m_pkthdr.rcvif; 519 goto hbhcheck; 520 } 521 522 /* 523 * Unicast check 524 */
	525 switch (ip6_ours_check_algorithm) { 526 default: 527 /* 528 * XXX: I intentionally broke our indentation rule here, 529 * since this switch-case is just for measurement and 530 * therefore should soon be removed. 531 */
519 if (ip6_forward_rt.ro_rt != NULL && 520 (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 && 521 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,	532 if (ip6_forward_rt.ro_rt != NULL && 533 (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 && 534 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
522 &ip6_forward_rt.ro_dst.sin6_addr))	535 &((struct sockaddr_in6 *)(&ip6_forward_rt.ro_dst))->sin6_addr))
523 ip6stat.ip6s_forward_cachehit++; 524 else {	536 ip6stat.ip6s_forward_cachehit++; 537 else {
	538 struct sockaddr_in6 dst6; 539*
525 if (ip6_forward_rt.ro_rt) { 526 /* route is down or destination is different / 527* ip6stat.ip6s_forward_cachemiss++; 528 RTFREE(ip6_forward_rt.ro_rt); 529 ip6_forward_rt.ro_rt = 0; 530 } 531 532 bzero(&ip6_forward_rt.ro_dst, sizeof(struct sockaddr_in6));	540 if (ip6_forward_rt.ro_rt) { 541 /* route is down or destination is different / 542* ip6stat.ip6s_forward_cachemiss++; 543 RTFREE(ip6_forward_rt.ro_rt); 544 ip6_forward_rt.ro_rt = 0; 545 } 546 547 bzero(&ip6_forward_rt.ro_dst, sizeof(struct sockaddr_in6));
533 ip6_forward_rt.ro_dst.sin6_len = sizeof(struct sockaddr_in6); 534 ip6_forward_rt.ro_dst.sin6_family = AF_INET6; 535 ip6_forward_rt.ro_dst.sin6_addr = ip6->ip6_dst;	548 dst6 = (struct sockaddr_in6 )&ip6_forward_rt.ro_dst; 549* dst6->sin6_len = sizeof(struct sockaddr_in6); 550 dst6->sin6_family = AF_INET6; 551 dst6->sin6_addr = ip6->ip6_dst;
536#ifdef SCOPEDROUTING 537 ip6_forward_rt.ro_dst.sin6_scope_id = 538 in6_addr2scopeid(m->m_pkthdr.rcvif, &ip6->ip6_dst); 539#endif 540 541 rtalloc_ign((struct route )&ip6_forward_rt, RTF_PRCLONING); 542* } 543 544#define rt6_key(r) ((struct sockaddr_in6 )((r)->rt_nodes->rn_key)) 545* 546 /* 547 * Accept the packet if the forwarding interface to the destination 548 * according to the routing table is the loopback interface, 549 * unless the associated route has a gateway. 550 * Note that this approach causes to accept a packet if there is a 551 * route to the loopback interface for the destination of the packet. 552 * But we think it's even useful in some situations, e.g. when using 553 * a special daemon which wants to intercept the packet.	552#ifdef SCOPEDROUTING 553 ip6_forward_rt.ro_dst.sin6_scope_id = 554 in6_addr2scopeid(m->m_pkthdr.rcvif, &ip6->ip6_dst); 555#endif 556 557 rtalloc_ign((struct route )&ip6_forward_rt, RTF_PRCLONING); 558* } 559 560#define rt6_key(r) ((struct sockaddr_in6 )((r)->rt_nodes->rn_key)) 561* 562 /* 563 * Accept the packet if the forwarding interface to the destination 564 * according to the routing table is the loopback interface, 565 * unless the associated route has a gateway. 566 * Note that this approach causes to accept a packet if there is a 567 * route to the loopback interface for the destination of the packet. 568 * But we think it's even useful in some situations, e.g. when using 569 * a special daemon which wants to intercept the packet.
	570 * 571 * XXX: some OSes automatically make a cloned route for the destination 572 * of an outgoing packet. If the outgoing interface of the packet 573 * is a loopback one, the kernel would consider the packet to be 574 * accepted, even if we have no such address assinged on the interface. 575 * We check the cloned flag of the route entry to reject such cases, 576 * assuming that route entries for our own addresses are not made by 577 * cloning (it should be true because in6_addloop explicitly installs 578 * the host route). However, we might have to do an explicit check 579 * while it would be less efficient. Or, should we rather install a 580 * reject route for such a case?
554 / 555* if (ip6_forward_rt.ro_rt && 556 (ip6_forward_rt.ro_rt->rt_flags & 557 (RTF_HOST\|RTF_GATEWAY)) == RTF_HOST &&	581 / 582* if (ip6_forward_rt.ro_rt && 583 (ip6_forward_rt.ro_rt->rt_flags & 584 (RTF_HOST\|RTF_GATEWAY)) == RTF_HOST &&
	585#ifdef RTF_WASCLONED 586 !(ip6_forward_rt.ro_rt->rt_flags & RTF_WASCLONED) && 587#endif 588#ifdef RTF_CLONED 589 !(ip6_forward_rt.ro_rt->rt_flags & RTF_CLONED) && 590#endif
558#if 0 559 /* 560 * The check below is redundant since the comparison of 561 * the destination and the key of the rtentry has 562 * already done through looking up the routing table. 563 / 564* IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,	591#if 0 592 /* 593 * The check below is redundant since the comparison of 594 * the destination and the key of the rtentry has 595 * already done through looking up the routing table. 596 / 597* IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
565 &rt6_key(ip6_forward_rt.ro_rt)->sin6_addr) &&	598 &rt6_key(ip6_forward_rt.ro_rt)->sin6_addr)
566#endif 567 ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) { 568 struct in6_ifaddr ia6 = 569* (struct in6_ifaddr *)ip6_forward_rt.ro_rt->rt_ifa;	599#endif 600 ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) { 601 struct in6_ifaddr ia6 = 602* (struct in6_ifaddr *)ip6_forward_rt.ro_rt->rt_ifa;
570 if (ia6->ia6_flags & IN6_IFF_ANYCAST) 571 m->m_flags \|= M_ANYCAST6;	603
572 /*	604 /*
	605 * record address information into m_aux. 606 / 607* (void)ip6_setdstifaddr(m, ia6); 608 609 /*
573 * packets to a tentative, duplicated, or somehow invalid 574 * address must not be accepted. 575 / 576* if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) { 577 /* this address is ready / 578* ours = 1; 579 deliverifp = ia6->ia_ifp; /* correct? */	610 * packets to a tentative, duplicated, or somehow invalid 611 * address must not be accepted. 612 / 613* if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) { 614 /* this address is ready / 615* ours = 1; 616 deliverifp = ia6->ia_ifp; /* correct? */
580
581 /* Count the packet in the ip address stats / 582* ia6->ia_ifa.if_ipackets++; 583 ia6->ia_ifa.if_ibytes += m->m_pkthdr.len;	617 /* Count the packet in the ip address stats / 618* ia6->ia_ifa.if_ipackets++; 619 ia6->ia_ifa.if_ibytes += m->m_pkthdr.len;
584
585 goto hbhcheck; 586 } else { 587 /* address is not ready, so discard the packet. */	620 goto hbhcheck; 621 } else { 622 /* address is not ready, so discard the packet. */
588 log(LOG_INFO, 589 "ip6_input: packet to an unready address %s->%s",	623 nd6log((LOG_INFO, 624 "ip6_input: packet to an unready address %s->%s\n",
590 ip6_sprintf(&ip6->ip6_src),	625 ip6_sprintf(&ip6->ip6_src),
591 ip6_sprintf(&ip6->ip6_dst));	626 ip6_sprintf(&ip6->ip6_dst)));
592 593 goto bad; 594 } 595 }	627 628 goto bad; 629 } 630 }
	631 } /* XXX indentation (see above) */
596 597 /* 598 * FAITH(Firewall Aided Internet Translator) 599 / 600#if defined(NFAITH) && 0 < NFAITH 601* if (ip6_keepfaith) { 602 if (ip6_forward_rt.ro_rt && ip6_forward_rt.ro_rt->rt_ifp 603 && ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_FAITH) { --- 12 unchanged lines hidden (view full) --- 616 if (!ip6_forwarding) { 617 ip6stat.ip6s_cantforward++; 618 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 619 goto bad; 620 } 621 622 hbhcheck: 623 /*	632 633 /* 634 * FAITH(Firewall Aided Internet Translator) 635 / 636#if defined(NFAITH) && 0 < NFAITH 637* if (ip6_keepfaith) { 638 if (ip6_forward_rt.ro_rt && ip6_forward_rt.ro_rt->rt_ifp 639 && ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_FAITH) { --- 12 unchanged lines hidden (view full) --- 652 if (!ip6_forwarding) { 653 ip6stat.ip6s_cantforward++; 654 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 655 goto bad; 656 } 657 658 hbhcheck: 659 /*
	660 * record address information into m_aux, if we don't have one yet. 661 * note that we are unable to record it, if the address is not listed 662 * as our interface address (e.g. multicast addresses, addresses 663 * within FAITH prefixes and such). 664 / 665* if (deliverifp && !ip6_getdstifaddr(m)) { 666 struct in6_ifaddr ia6; 667* 668 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 669 if (ia6) { 670 if (!ip6_setdstifaddr(m, ia6)) { 671 /* 672 * XXX maybe we should drop the packet here, 673 * as we could not provide enough information 674 * to the upper layers. 675 / 676* } 677 } 678 } 679 680 /*
624 * Process Hop-by-Hop options header if it's contained. 625 * m may be modified in ip6_hopopts_input(). 626 * If a JumboPayload option is included, plen will also be modified. 627 / 628* plen = (u_int32_t)ntohs(ip6->ip6_plen); 629 if (ip6->ip6_nxt == IPPROTO_HOPOPTS) { 630 struct ip6_hbh hbh; 631* --- 112 unchanged lines hidden (view full) --- 744 } 745 746 /* 747 * Tell launch routine the next header 748 / 749* ip6stat.ip6s_delivered++; 750 in6_ifstat_inc(deliverifp, ifs6_in_deliver); 751 nest = 0;	681 * Process Hop-by-Hop options header if it's contained. 682 * m may be modified in ip6_hopopts_input(). 683 * If a JumboPayload option is included, plen will also be modified. 684 / 685* plen = (u_int32_t)ntohs(ip6->ip6_plen); 686 if (ip6->ip6_nxt == IPPROTO_HOPOPTS) { 687 struct ip6_hbh hbh; 688* --- 112 unchanged lines hidden (view full) --- 801 } 802 803 /* 804 * Tell launch routine the next header 805 / 806* ip6stat.ip6s_delivered++; 807 in6_ifstat_inc(deliverifp, ifs6_in_deliver); 808 nest = 0;
	809
752 while (nxt != IPPROTO_DONE) { 753 if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { 754 ip6stat.ip6s_toomanyhdr++; 755 goto bad; 756 } 757 758 /* 759 * protection against faulty packet - there should be 760 * more sanity checks in header chain processing. 761 / 762* if (m->m_pkthdr.len < off) { 763 ip6stat.ip6s_tooshort++; 764 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); 765 goto bad; 766 } 767	810 while (nxt != IPPROTO_DONE) { 811 if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { 812 ip6stat.ip6s_toomanyhdr++; 813 goto bad; 814 } 815 816 /* 817 * protection against faulty packet - there should be 818 * more sanity checks in header chain processing. 819 / 820* if (m->m_pkthdr.len < off) { 821 ip6stat.ip6s_tooshort++; 822 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); 823 goto bad; 824 } 825
	826#if 0 827 /* 828 * do we need to do it for every header? yeah, other 829 * functions can play with it (like re-allocate and copy). 830 / 831* mhist = ip6_addaux(m); 832 if (mhist && M_TRAILINGSPACE(mhist) >= sizeof(nxt)) { 833 hist = mtod(mhist, caddr_t) + mhist->m_len; 834 bcopy(&nxt, hist, sizeof(nxt)); 835 mhist->m_len += sizeof(nxt); 836 } else { 837 ip6stat.ip6s_toomanyhdr++; 838 goto bad; 839 } 840#endif 841 842#ifdef IPSEC 843 /* 844 * enforce IPsec policy checking if we are seeing last header. 845 * note that we do not visit this with protocols with pcb layer 846 * code - like udp/tcp/raw ip. 847 / 848* if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && 849 ipsec6_in_reject(m, NULL)) { 850 ipsec6stat.in_polvio++; 851 goto bad; 852 } 853#endif 854
768 nxt = (inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); 769* } 770 return; 771 bad: 772 m_freem(m); 773} 774 775/*	855 nxt = (inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); 856* } 857 return; 858 bad: 859 m_freem(m); 860} 861 862/*
	863 * set/grab in6_ifaddr correspond to IPv6 destination address. 864 * XXX backward compatibility wrapper 865 / 866static struct mbuf 867ip6_setdstifaddr(m, ia6) 868 struct mbuf m; 869* struct in6_ifaddr ia6; 870{ 871* struct mbuf n; 872* 873 n = ip6_addaux(m); 874 if (n) 875 mtod(n, struct ip6aux )->ip6a_dstia6 = ia6; 876* return n; /* NULL if failed to set / 877} 878* 879struct in6_ifaddr * 880ip6_getdstifaddr(m) 881 struct mbuf m; 882{ 883* struct mbuf n; 884* 885 n = ip6_findaux(m); 886 if (n) 887 return mtod(n, struct ip6aux )->ip6a_dstia6; 888* else 889 return NULL; 890} 891 892/*
776 * Hop-by-Hop options header processing. If a valid jumbo payload option is 777 * included, the real payload length will be stored in plenp. 778 / 779static int 780ip6_hopopts_input(plenp, rtalertp, mp, offp) 781* u_int32_t plenp; 782* u_int32_t rtalertp; / XXX: should be stored more smart way / 783* struct mbuf *mp; 784* int offp; 785*{	893 * Hop-by-Hop options header processing. If a valid jumbo payload option is 894 * included, the real payload length will be stored in plenp. 895 / 896static int 897ip6_hopopts_input(plenp, rtalertp, mp, offp) 898* u_int32_t plenp; 899* u_int32_t rtalertp; / XXX: should be stored more smart way / 900* struct mbuf *mp; 901* int offp; 902*{
786 register struct mbuf m = mp;	903 struct mbuf m = mp;
787 int off = offp, hbhlen; 788* struct ip6_hbh hbh; 789* u_int8_t opt; 790* 791 /* validation of the length of the header / 792#ifndef PULLDOWN_TEST 793* IP6_EXTHDR_CHECK(m, off, sizeof(hbh), -1); 794* hbh = (struct ip6_hbh )(mtod(m, caddr_t) + off); --- 29 unchanged lines hidden* (view full) --- 824 return(0); 825} 826 827/* 828 * Search header for all Hop-by-hop options and process each option. 829 * This function is separate from ip6_hopopts_input() in order to 830 * handle a case where the sending node itself process its hop-by-hop 831 * options header. In such a case, the function is called from ip6_output().	904 int off = offp, hbhlen; 905* struct ip6_hbh hbh; 906* u_int8_t opt; 907* 908 /* validation of the length of the header / 909#ifndef PULLDOWN_TEST 910* IP6_EXTHDR_CHECK(m, off, sizeof(hbh), -1); 911* hbh = (struct ip6_hbh )(mtod(m, caddr_t) + off); --- 29 unchanged lines hidden* (view full) --- 941 return(0); 942} 943 944/* 945 * Search header for all Hop-by-hop options and process each option. 946 * This function is separate from ip6_hopopts_input() in order to 947 * handle a case where the sending node itself process its hop-by-hop 948 * options header. In such a case, the function is called from ip6_output().
	949 * 950 * The function assumes that hbh header is located right after the IPv6 header 951 * (RFC2460 p7), opthead is pointer into data content in m, and opthead to 952 * opthead + hbhlen is located in continuous memory region.
832 / 833int 834ip6_process_hopopts(m, opthead, hbhlen, rtalertp, plenp) 835* struct mbuf m; 836* u_int8_t opthead; 837* int hbhlen; 838 u_int32_t rtalertp; 839* u_int32_t plenp; 840{ 841* struct ip6_hdr ip6; 842* int optlen = 0; 843 u_int8_t opt = opthead; 844* u_int16_t rtalert_val; 845 u_int32_t jumboplen;	953 / 954int 955ip6_process_hopopts(m, opthead, hbhlen, rtalertp, plenp) 956* struct mbuf m; 957* u_int8_t opthead; 958* int hbhlen; 959 u_int32_t rtalertp; 960* u_int32_t plenp; 961{ 962* struct ip6_hdr ip6; 963* int optlen = 0; 964 u_int8_t opt = opthead; 965* u_int16_t rtalert_val; 966 u_int32_t jumboplen;
	967 const int erroff = sizeof(struct ip6_hdr) + sizeof(struct ip6_hbh);
846 847 for (; hbhlen > 0; hbhlen -= optlen, opt += optlen) {	968 969 for (; hbhlen > 0; hbhlen -= optlen, opt += optlen) {
848 switch(opt) { 849* case IP6OPT_PAD1: 850 optlen = 1; 851 break; 852 case IP6OPT_PADN: 853 if (hbhlen < IP6OPT_MINLEN) { 854 ip6stat.ip6s_toosmall++; 855 goto bad; 856 } 857 optlen = (opt + 1) + 2; 858* break; 859 case IP6OPT_RTALERT: 860 /* XXX may need check for alignment / 861* if (hbhlen < IP6OPT_RTALERT_LEN) { 862 ip6stat.ip6s_toosmall++; 863 goto bad; 864 } 865 if ((opt + 1) != IP6OPT_RTALERT_LEN - 2) 866* /* XXX: should we discard the packet? / 867* log(LOG_ERR, "length of router alert opt is inconsitent(%d)", 868 (opt + 1)); 869* optlen = IP6OPT_RTALERT_LEN; 870 bcopy((caddr_t)(opt + 2), (caddr_t)&rtalert_val, 2); 871 rtalertp = ntohs(rtalert_val); 872* break; 873 case IP6OPT_JUMBO:	970 switch (opt) { 971* case IP6OPT_PAD1: 972 optlen = 1; 973 break; 974 case IP6OPT_PADN: 975 if (hbhlen < IP6OPT_MINLEN) { 976 ip6stat.ip6s_toosmall++; 977 goto bad; 978 } 979 optlen = (opt + 1) + 2; 980* break; 981 case IP6OPT_RTALERT:
874 /* XXX may need check for alignment */	982 /* XXX may need check for alignment */
	983 if (hbhlen < IP6OPT_RTALERT_LEN) { 984 ip6stat.ip6s_toosmall++; 985 goto bad; 986 } 987 if ((opt + 1) != IP6OPT_RTALERT_LEN - 2) { 988* /* XXX stat / 989* icmp6_error(m, ICMP6_PARAM_PROB, 990 ICMP6_PARAMPROB_HEADER, 991 erroff + opt + 1 - opthead); 992 return(-1); 993 } 994 optlen = IP6OPT_RTALERT_LEN; 995 bcopy((caddr_t)(opt + 2), (caddr_t)&rtalert_val, 2); 996 rtalertp = ntohs(rtalert_val); 997* break; 998 case IP6OPT_JUMBO: 999 /* XXX may need check for alignment */
875 if (hbhlen < IP6OPT_JUMBO_LEN) { 876 ip6stat.ip6s_toosmall++; 877 goto bad; 878 }	1000 if (hbhlen < IP6OPT_JUMBO_LEN) { 1001 ip6stat.ip6s_toosmall++; 1002 goto bad; 1003 }
879 if ((opt + 1) != IP6OPT_JUMBO_LEN - 2) 880* /* XXX: should we discard the packet? / 881* log(LOG_ERR, "length of jumbopayload opt " 882 "is inconsistent(%d)", 883 *(opt + 1));	1004 if ((opt + 1) != IP6OPT_JUMBO_LEN - 2) { 1005* /* XXX stat / 1006* icmp6_error(m, ICMP6_PARAM_PROB, 1007 ICMP6_PARAMPROB_HEADER, 1008 erroff + opt + 1 - opthead); 1009 return(-1); 1010 }
884 optlen = IP6OPT_JUMBO_LEN; 885 886 /* 887 * IPv6 packets that have non 0 payload length	1011 optlen = IP6OPT_JUMBO_LEN; 1012 1013 /* 1014 * IPv6 packets that have non 0 payload length
888 * must not contain a jumbo paylod option.	1015 * must not contain a jumbo payload option.
889 / 890* ip6 = mtod(m, struct ip6_hdr ); 891* if (ip6->ip6_plen) { 892 ip6stat.ip6s_badoptions++; 893 icmp6_error(m, ICMP6_PARAM_PROB, 894 ICMP6_PARAMPROB_HEADER,	1016 / 1017* ip6 = mtod(m, struct ip6_hdr ); 1018* if (ip6->ip6_plen) { 1019 ip6stat.ip6s_badoptions++; 1020 icmp6_error(m, ICMP6_PARAM_PROB, 1021 ICMP6_PARAMPROB_HEADER,
895 sizeof(struct ip6_hdr) + 896 sizeof(struct ip6_hbh) + 897 opt - opthead);	1022 erroff + opt - opthead);
898 return(-1); 899 } 900 901 /* 902 * We may see jumbolen in unaligned location, so 903 * we'd need to perform bcopy(). 904 / 905* bcopy(opt + 2, &jumboplen, sizeof(jumboplen)); --- 7 unchanged lines hidden (view full) --- 913 * the behavior may need some debate in ipngwg - 914 * multiple options does not make sense, however, 915 * there's no explicit mention in specification. 916 / 917* if (plenp != 0) { 918* ip6stat.ip6s_badoptions++; 919 icmp6_error(m, ICMP6_PARAM_PROB, 920 ICMP6_PARAMPROB_HEADER,	1023 return(-1); 1024 } 1025 1026 /* 1027 * We may see jumbolen in unaligned location, so 1028 * we'd need to perform bcopy(). 1029 / 1030* bcopy(opt + 2, &jumboplen, sizeof(jumboplen)); --- 7 unchanged lines hidden (view full) --- 1038 * the behavior may need some debate in ipngwg - 1039 * multiple options does not make sense, however, 1040 * there's no explicit mention in specification. 1041 / 1042* if (plenp != 0) { 1043* ip6stat.ip6s_badoptions++; 1044 icmp6_error(m, ICMP6_PARAM_PROB, 1045 ICMP6_PARAMPROB_HEADER,
921 sizeof(struct ip6_hdr) + 922 sizeof(struct ip6_hbh) + 923 opt + 2 - opthead);	1046 erroff + opt + 2 - opthead);
924 return(-1); 925 } 926#endif 927 928 /* 929 * jumbo payload length must be larger than 65535. 930 / 931* if (jumboplen <= IPV6_MAXPACKET) { 932 ip6stat.ip6s_badoptions++; 933 icmp6_error(m, ICMP6_PARAM_PROB, 934 ICMP6_PARAMPROB_HEADER,	1047 return(-1); 1048 } 1049#endif 1050 1051 /* 1052 * jumbo payload length must be larger than 65535. 1053 / 1054* if (jumboplen <= IPV6_MAXPACKET) { 1055 ip6stat.ip6s_badoptions++; 1056 icmp6_error(m, ICMP6_PARAM_PROB, 1057 ICMP6_PARAMPROB_HEADER,
935 sizeof(struct ip6_hdr) + 936 sizeof(struct ip6_hbh) + 937 opt + 2 - opthead);	1058 erroff + opt + 2 - opthead);
938 return(-1); 939 } 940 plenp = jumboplen; 941* 942 break;	1059 return(-1); 1060 } 1061 plenp = jumboplen; 1062* 1063 break;
943 default: /* unknown option / 944* if (hbhlen < IP6OPT_MINLEN) { 945 ip6stat.ip6s_toosmall++; 946 goto bad; 947 } 948 if ((optlen = ip6_unknown_opt(opt, m, 949 sizeof(struct ip6_hdr) + 950 sizeof(struct ip6_hbh) + 951 opt - opthead)) == -1) 952 return(-1); 953 optlen += 2; 954 break;	1064 default: /* unknown option / 1065* if (hbhlen < IP6OPT_MINLEN) { 1066 ip6stat.ip6s_toosmall++; 1067 goto bad; 1068 } 1069 optlen = ip6_unknown_opt(opt, m, 1070 erroff + opt - opthead); 1071 if (optlen == -1) 1072 return(-1); 1073 optlen += 2; 1074 break;
955 } 956 } 957 958 return(0); 959 960 bad: 961 m_freem(m); 962 return(-1); --- 8 unchanged lines hidden (view full) --- 971int 972ip6_unknown_opt(optp, m, off) 973 u_int8_t optp; 974* struct mbuf m; 975* int off; 976{ 977 struct ip6_hdr ip6; 978*	1075 } 1076 } 1077 1078 return(0); 1079 1080 bad: 1081 m_freem(m); 1082 return(-1); --- 8 unchanged lines hidden (view full) --- 1091int 1092ip6_unknown_opt(optp, m, off) 1093 u_int8_t optp; 1094* struct mbuf m; 1095* int off; 1096{ 1097 struct ip6_hdr ip6; 1098*
979 switch(IP6OPT_TYPE(optp)) { 980* case IP6OPT_TYPE_SKIP: /* ignore the option / 981* return((int)(optp + 1)); 982* case IP6OPT_TYPE_DISCARD: /* silently discard / 983* m_freem(m); 984 return(-1); 985 case IP6OPT_TYPE_FORCEICMP: /* send ICMP even if multicasted / 986* ip6stat.ip6s_badoptions++; 987 icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, off); 988 return(-1); 989 case IP6OPT_TYPE_ICMP: /* send ICMP if not multicasted / 990* ip6stat.ip6s_badoptions++; 991 ip6 = mtod(m, struct ip6_hdr ); 992* if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) \|\| 993 (m->m_flags & (M_BCAST\|M_MCAST))) 994 m_freem(m); 995 else 996 icmp6_error(m, ICMP6_PARAM_PROB, 997 ICMP6_PARAMPROB_OPTION, off); 998 return(-1);	1099 switch (IP6OPT_TYPE(optp)) { 1100* case IP6OPT_TYPE_SKIP: /* ignore the option / 1101* return((int)(optp + 1)); 1102* case IP6OPT_TYPE_DISCARD: /* silently discard / 1103* m_freem(m); 1104 return(-1); 1105 case IP6OPT_TYPE_FORCEICMP: /* send ICMP even if multicasted / 1106* ip6stat.ip6s_badoptions++; 1107 icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, off); 1108 return(-1); 1109 case IP6OPT_TYPE_ICMP: /* send ICMP if not multicasted / 1110* ip6stat.ip6s_badoptions++; 1111 ip6 = mtod(m, struct ip6_hdr ); 1112* if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) \|\| 1113 (m->m_flags & (M_BCAST\|M_MCAST))) 1114 m_freem(m); 1115 else 1116 icmp6_error(m, ICMP6_PARAM_PROB, 1117 ICMP6_PARAMPROB_OPTION, off); 1118 return(-1);
999 } 1000 1001 m_freem(m); /* XXX: NOTREACHED / 1002* return(-1); 1003} 1004 1005/* 1006 * Create the "control" list for this pcb.	1119 } 1120 1121 m_freem(m); /* XXX: NOTREACHED / 1122* return(-1); 1123} 1124 1125/* 1126 * Create the "control" list for this pcb.
	1127 * The function will not modify mbuf chain at all.
1007 *	1128 *
	1129 * with KAME mbuf chain restriction:
1008 * The routine will be called from upper layer handlers like tcp6_input(). 1009 * Thus the routine assumes that the caller (tcp6_input) have already 1010 * called IP6_EXTHDR_CHECK() and all the extension headers are located in the 1011 * very first mbuf on the mbuf chain.	1130 * The routine will be called from upper layer handlers like tcp6_input(). 1131 * Thus the routine assumes that the caller (tcp6_input) have already 1132 * called IP6_EXTHDR_CHECK() and all the extension headers are located in the 1133 * very first mbuf on the mbuf chain.
1012 * We may want to add some infinite loop prevention or sanity checks for safety. 1013 * (This applies only when you are using KAME mbuf chain restriction, i.e. 1014 * you are using IP6_EXTHDR_CHECK() not m_pulldown())
1015 / 1016void 1017*ip6_savecontrol(in6p, mp, ip6, m)	1134 / 1135void 1136*ip6_savecontrol(in6p, mp, ip6, m)
1018 register struct in6pcb in6p; 1019* register struct mbuf *mp; 1020* register struct ip6_hdr ip6; 1021* register struct mbuf *m;	1137 struct inpcb in6p; 1138* struct mbuf *mp; 1139* struct ip6_hdr ip6; 1140* struct mbuf *m;
1022{ 1023 struct proc p = curproc; / XXX */	1141{ 1142 struct proc p = curproc; / XXX */
1024 int privileged;	1143 int privileged = 0; 1144 int rthdr_exist = 0;
1025	1145
1026 privileged = 0;	1146
1027 if (p && !suser(p))	1147 if (p && !suser(p))
1028 privileged++;	1148 privileged++;
1029	1149
1030 if (in6p->in6p_socket->so_options & SO_TIMESTAMP) {	1150#ifdef SO_TIMESTAMP 1151 if ((in6p->in6p_socket->so_options & SO_TIMESTAMP) != 0) {
1031 struct timeval tv; 1032 1033 microtime(&tv); 1034 *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv),	1152 struct timeval tv; 1153 1154 microtime(&tv); 1155 *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv),
1035 SCM_TIMESTAMP, SOL_SOCKET); 1036 if (*mp)	1156 SCM_TIMESTAMP, SOL_SOCKET); 1157 if (*mp) {
1037 mp = &(*mp)->m_next;	1158 mp = &(*mp)->m_next;
	1159 }
1038 }	1160 }
1039 1040#ifdef noyet 1041 /* options were tossed above / 1042* if (in6p->in6p_flags & IN6P_RECVOPTS) 1043 /* broken / 1044* /* ip6_srcroute doesn't do what we want here, need to fix / 1045* if (in6p->in6p_flags & IPV6P_RECVRETOPTS) 1046 /* broken */
1047#endif 1048 1049 /* RFC 2292 sec. 5 */	1161#endif 1162 1163 /* RFC 2292 sec. 5 */
1050 if (in6p->in6p_flags & IN6P_PKTINFO) {	1164 if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) {
1051 struct in6_pktinfo pi6; 1052 bcopy(&ip6->ip6_dst, &pi6.ipi6_addr, sizeof(struct in6_addr)); 1053 if (IN6_IS_SCOPE_LINKLOCAL(&pi6.ipi6_addr)) 1054 pi6.ipi6_addr.s6_addr16[1] = 0; 1055 pi6.ipi6_ifindex = (m && m->m_pkthdr.rcvif) 1056 ? m->m_pkthdr.rcvif->if_index 1057 : 0; 1058 mp = sbcreatecontrol((caddr_t) &pi6, 1059* sizeof(struct in6_pktinfo), IPV6_PKTINFO, 1060 IPPROTO_IPV6); 1061 if (mp) 1062* mp = &(mp)->m_next; 1063* }	1165 struct in6_pktinfo pi6; 1166 bcopy(&ip6->ip6_dst, &pi6.ipi6_addr, sizeof(struct in6_addr)); 1167 if (IN6_IS_SCOPE_LINKLOCAL(&pi6.ipi6_addr)) 1168 pi6.ipi6_addr.s6_addr16[1] = 0; 1169 pi6.ipi6_ifindex = (m && m->m_pkthdr.rcvif) 1170 ? m->m_pkthdr.rcvif->if_index 1171 : 0; 1172 mp = sbcreatecontrol((caddr_t) &pi6, 1173* sizeof(struct in6_pktinfo), IPV6_PKTINFO, 1174 IPPROTO_IPV6); 1175 if (mp) 1176* mp = &(mp)->m_next; 1177* }
1064 if (in6p->in6p_flags & IN6P_HOPLIMIT) {	1178 1179 if ((in6p->in6p_flags & IN6P_HOPLIMIT) != 0) {
1065 int hlim = ip6->ip6_hlim & 0xff; 1066 mp = sbcreatecontrol((caddr_t) &hlim, 1067* sizeof(int), IPV6_HOPLIMIT, IPPROTO_IPV6); 1068 if (mp) 1069* mp = &(mp)->m_next; 1070* }	1180 int hlim = ip6->ip6_hlim & 0xff; 1181 mp = sbcreatecontrol((caddr_t) &hlim, 1182* sizeof(int), IPV6_HOPLIMIT, IPPROTO_IPV6); 1183 if (mp) 1184* mp = &(mp)->m_next; 1185* }
1071 /* IN6P_NEXTHOP - for outgoing packet only */
1072 1073 /* 1074 * IPV6_HOPOPTS socket option. We require super-user privilege 1075 * for the option, but it might be too strict, since there might 1076 * be some hop-by-hop options which can be returned to normal user. 1077 * See RFC 2292 section 6. 1078 */	1186 1187 /* 1188 * IPV6_HOPOPTS socket option. We require super-user privilege 1189 * for the option, but it might be too strict, since there might 1190 * be some hop-by-hop options which can be returned to normal user. 1191 * See RFC 2292 section 6. 1192 */
1079 if ((in6p->in6p_flags & IN6P_HOPOPTS) && privileged) {	1193 if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0 && privileged) {
1080 /* 1081 * Check if a hop-by-hop options header is contatined in the 1082 * received packet, and if so, store the options as ancillary 1083 * data. Note that a hop-by-hop options header must be 1084 * just after the IPv6 header, which fact is assured through 1085 * the IPv6 input processing. 1086 / 1087* struct ip6_hdr ip6 = mtod(m, struct ip6_hdr ); 1088 if (ip6->ip6_nxt == IPPROTO_HOPOPTS) { 1089 struct ip6_hbh *hbh;	1194 /* 1195 * Check if a hop-by-hop options header is contatined in the 1196 * received packet, and if so, store the options as ancillary 1197 * data. Note that a hop-by-hop options header must be 1198 * just after the IPv6 header, which fact is assured through 1199 * the IPv6 input processing. 1200 / 1201* struct ip6_hdr ip6 = mtod(m, struct ip6_hdr ); 1202 if (ip6->ip6_nxt == IPPROTO_HOPOPTS) { 1203 struct ip6_hbh *hbh;
1090 int hbhlen;	1204 int hbhlen = 0; 1205#ifdef PULLDOWN_TEST 1206 struct mbuf ext; 1207*#endif
1091 1092#ifndef PULLDOWN_TEST 1093 hbh = (struct ip6_hbh )(ip6 + 1); 1094* hbhlen = (hbh->ip6h_len + 1) << 3; 1095#else	1208 1209#ifndef PULLDOWN_TEST 1210 hbh = (struct ip6_hbh )(ip6 + 1); 1211* hbhlen = (hbh->ip6h_len + 1) << 3; 1212#else
1096 IP6_EXTHDR_GET(hbh, struct ip6_hbh , m, 1097* sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); 1098 if (hbh == NULL) {	1213 ext = ip6_pullexthdr(m, sizeof(struct ip6_hdr), 1214 ip6->ip6_nxt); 1215 if (ext == NULL) {
1099 ip6stat.ip6s_tooshort++; 1100 return; 1101 }	1216 ip6stat.ip6s_tooshort++; 1217 return; 1218 }
	1219 hbh = mtod(ext, struct ip6_hbh *);
1102 hbhlen = (hbh->ip6h_len + 1) << 3;	1220 hbhlen = (hbh->ip6h_len + 1) << 3;
1103 IP6_EXTHDR_GET(hbh, struct ip6_hbh , m, 1104* sizeof(struct ip6_hdr), hbhlen); 1105 if (hbh == NULL) {	1221 if (hbhlen != ext->m_len) { 1222 m_freem(ext);
1106 ip6stat.ip6s_tooshort++; 1107 return; 1108 } 1109#endif 1110 1111 /* 1112 * XXX: We copy whole the header even if a jumbo 1113 * payload option is included, which option is to 1114 * be removed before returning in the RFC 2292.	1223 ip6stat.ip6s_tooshort++; 1224 return; 1225 } 1226#endif 1227 1228 /* 1229 * XXX: We copy whole the header even if a jumbo 1230 * payload option is included, which option is to 1231 * be removed before returning in the RFC 2292.
1115 * But it's too painful operation...	1232 * Note: this constraint is removed in 2292bis.
1116 / 1117* mp = sbcreatecontrol((caddr_t)hbh, hbhlen, 1118* IPV6_HOPOPTS, IPPROTO_IPV6); 1119 if (mp) 1120* mp = &(*mp)->m_next;	1233 / 1234* mp = sbcreatecontrol((caddr_t)hbh, hbhlen, 1235* IPV6_HOPOPTS, IPPROTO_IPV6); 1236 if (mp) 1237* mp = &(*mp)->m_next;
	1238#ifdef PULLDOWN_TEST 1239 m_freem(ext); 1240#endif
1121 } 1122 } 1123 1124 /* IPV6_DSTOPTS and IPV6_RTHDR socket options */	1241 } 1242 } 1243 1244 /* IPV6_DSTOPTS and IPV6_RTHDR socket options */
1125 if (in6p->in6p_flags & (IN6P_DSTOPTS \| IN6P_RTHDR)) {	1245 if ((in6p->in6p_flags & (IN6P_DSTOPTS \| IN6P_RTHDRDSTOPTS)) != 0) { 1246 int proto, off, nxt; 1247 1248 /* 1249 * go through the header chain to see if a routing header is 1250 * contained in the packet. We need this information to store 1251 * destination options headers (if any) properly. 1252 * XXX: performance issue. We should record this info when 1253 * processing extension headers in incoming routine. 1254 * (todo) use m_aux? 1255 / 1256* proto = IPPROTO_IPV6; 1257 off = 0; 1258 nxt = -1; 1259 while (1) { 1260 int newoff; 1261 1262 newoff = ip6_nexthdr(m, off, proto, &nxt); 1263 if (newoff < 0) 1264 break; 1265 if (newoff < off) /* invalid, check for safety / 1266* break; 1267 if ((proto = nxt) == IPPROTO_ROUTING) { 1268 rthdr_exist = 1; 1269 break; 1270 } 1271 off = newoff; 1272 } 1273 } 1274 1275 if ((in6p->in6p_flags & 1276 (IN6P_RTHDR \| IN6P_DSTOPTS \| IN6P_RTHDRDSTOPTS)) != 0) {
1126 struct ip6_hdr ip6 = mtod(m, struct ip6_hdr );	1277 struct ip6_hdr ip6 = mtod(m, struct ip6_hdr );
1127 int nxt = ip6->ip6_nxt, off = sizeof(struct ip6_hdr);;	1278 int nxt = ip6->ip6_nxt, off = sizeof(struct ip6_hdr);
1128 1129 /* 1130 * Search for destination options headers or routing 1131 * header(s) through the header chain, and stores each 1132 * header as ancillary data. 1133 * Note that the order of the headers remains in 1134 * the chain of ancillary data. 1135 */	1279 1280 /* 1281 * Search for destination options headers or routing 1282 * header(s) through the header chain, and stores each 1283 * header as ancillary data. 1284 * Note that the order of the headers remains in 1285 * the chain of ancillary data. 1286 */
1136 while(1) { /* is explicit loop prevention necessary? / 1137* struct ip6_ext *ip6e;	1287 while (1) { /* is explicit loop prevention necessary? / 1288* struct ip6_ext *ip6e = NULL;
1138 int elen;	1289 int elen;
	1290#ifdef PULLDOWN_TEST 1291 struct mbuf ext = NULL; 1292*#endif
1139	1293
	1294 /* 1295 * if it is not an extension header, don't try to 1296 * pull it from the chain. 1297 / 1298* switch (nxt) { 1299 case IPPROTO_DSTOPTS: 1300 case IPPROTO_ROUTING: 1301 case IPPROTO_HOPOPTS: 1302 case IPPROTO_AH: /* is it possible? / 1303* break; 1304 default: 1305 goto loopend; 1306 } 1307
1140#ifndef PULLDOWN_TEST	1308#ifndef PULLDOWN_TEST
	1309 if (off + sizeof(ip6e) > m->m_len) 1310* goto loopend;
1141 ip6e = (struct ip6_ext )(mtod(m, caddr_t) + off); 1142* if (nxt == IPPROTO_AH) 1143 elen = (ip6e->ip6e_len + 2) << 2; 1144 else 1145 elen = (ip6e->ip6e_len + 1) << 3;	1311 ip6e = (struct ip6_ext )(mtod(m, caddr_t) + off); 1312* if (nxt == IPPROTO_AH) 1313 elen = (ip6e->ip6e_len + 2) << 2; 1314 else 1315 elen = (ip6e->ip6e_len + 1) << 3;
	1316 if (off + elen > m->m_len) 1317 goto loopend;
1146#else	1318#else
1147 IP6_EXTHDR_GET(ip6e, struct ip6_ext , m, off, 1148* sizeof(struct ip6_ext)); 1149 if (ip6e == NULL) {	1319 ext = ip6_pullexthdr(m, off, nxt); 1320 if (ext == NULL) {
1150 ip6stat.ip6s_tooshort++; 1151 return; 1152 }	1321 ip6stat.ip6s_tooshort++; 1322 return; 1323 }
	1324 ip6e = mtod(ext, struct ip6_ext *);
1153 if (nxt == IPPROTO_AH) 1154 elen = (ip6e->ip6e_len + 2) << 2; 1155 else 1156 elen = (ip6e->ip6e_len + 1) << 3;	1325 if (nxt == IPPROTO_AH) 1326 elen = (ip6e->ip6e_len + 2) << 2; 1327 else 1328 elen = (ip6e->ip6e_len + 1) << 3;
1157 IP6_EXTHDR_GET(ip6e, struct ip6_ext , m, off, elen); 1158* if (ip6e == NULL) {	1329 if (elen != ext->m_len) { 1330 m_freem(ext);
1159 ip6stat.ip6s_tooshort++; 1160 return; 1161 } 1162#endif 1163	1331 ip6stat.ip6s_tooshort++; 1332 return; 1333 } 1334#endif 1335
1164 switch(nxt) { 1165 case IPPROTO_DSTOPTS: 1166 if (!in6p->in6p_flags & IN6P_DSTOPTS) 1167 break;	1336 switch (nxt) { 1337 case IPPROTO_DSTOPTS: 1338 if ((in6p->in6p_flags & IN6P_DSTOPTS) == 0) 1339 break;
1168	1340
1169 /* 1170 * We also require super-user privilege for 1171 * the option. 1172 * See the comments on IN6_HOPOPTS. 1173 / 1174* if (!privileged) 1175 break;	1341 /* 1342 * We also require super-user privilege for 1343 * the option. 1344 * See the comments on IN6_HOPOPTS. 1345 / 1346* if (!privileged) 1347 break;
1176	1348
1177 mp = sbcreatecontrol((caddr_t)ip6e, elen, 1178* IPV6_DSTOPTS, 1179 IPPROTO_IPV6); 1180 if (mp) 1181* mp = &(mp)->m_next; 1182* break;	1349 mp = sbcreatecontrol((caddr_t)ip6e, elen, 1350* IPV6_DSTOPTS, 1351 IPPROTO_IPV6); 1352 if (mp) 1353* mp = &(mp)->m_next; 1354* break; 1355 case IPPROTO_ROUTING: 1356 if (!in6p->in6p_flags & IN6P_RTHDR) 1357 break;
1183	1358
1184 case IPPROTO_ROUTING: 1185 if (!in6p->in6p_flags & IN6P_RTHDR) 1186 break;	1359 mp = sbcreatecontrol((caddr_t)ip6e, elen, 1360* IPV6_RTHDR, 1361 IPPROTO_IPV6); 1362 if (mp) 1363* mp = &(mp)->m_next; 1364* break; 1365 case IPPROTO_HOPOPTS: 1366 case IPPROTO_AH: /* is it possible? / 1367* break;
1187	1368
1188 mp = sbcreatecontrol((caddr_t)ip6e, elen, 1189* IPV6_RTHDR, 1190 IPPROTO_IPV6); 1191 if (mp) 1192* mp = &(mp)->m_next; 1193* break;	1369 default: 1370 /* 1371 * other cases have been filtered in the above. 1372 * none will visit this case. here we supply 1373 * the code just in case (nxt overwritten or 1374 * other cases). 1375 / 1376#ifdef PULLDOWN_TEST 1377* m_freem(ext); 1378#endif 1379 goto loopend;
1194	1380
1195 case IPPROTO_UDP: 1196 case IPPROTO_TCP: 1197 case IPPROTO_ICMPV6: 1198 default: 1199 /* 1200 * stop search if we encounter an upper 1201 * layer protocol headers. 1202 / 1203* goto loopend; 1204 1205 case IPPROTO_HOPOPTS: 1206 case IPPROTO_AH: /* is it possible? / 1207* break;
1208 } 1209 1210 /* proceed with the next header. / 1211* off += elen; 1212 nxt = ip6e->ip6e_nxt;	1381 } 1382 1383 /* proceed with the next header. / 1384* off += elen; 1385 nxt = ip6e->ip6e_nxt;
	1386 ip6e = NULL; 1387#ifdef PULLDOWN_TEST 1388 m_freem(ext); 1389 ext = NULL; 1390#endif
1213 } 1214 loopend:	1391 } 1392 loopend:
	1393 ;
1215 }	1394 }
1216 if ((in6p->in6p_flags & IN6P_HOPOPTS) && privileged) { 1217 /* to be done */	1395 1396} 1397 1398#ifdef PULLDOWN_TEST 1399/* 1400 * pull single extension header from mbuf chain. returns single mbuf that 1401 * contains the result, or NULL on error. 1402 / 1403static struct mbuf 1404ip6_pullexthdr(m, off, nxt) 1405 struct mbuf m; 1406* size_t off; 1407 int nxt; 1408{ 1409 struct ip6_ext ip6e; 1410 size_t elen; 1411 struct mbuf n; 1412* 1413#ifdef DIAGNOSTIC 1414 switch (nxt) { 1415 case IPPROTO_DSTOPTS: 1416 case IPPROTO_ROUTING: 1417 case IPPROTO_HOPOPTS: 1418 case IPPROTO_AH: /* is it possible? / 1419* break; 1420 default: 1421 printf("ip6_pullexthdr: invalid nxt=%d\n", nxt);
1218 }	1422 }
1219 if ((in6p->in6p_flags & IN6P_DSTOPTS) && privileged) { 1220 /* to be done */	1423#endif 1424 1425 m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e); 1426 if (nxt == IPPROTO_AH) 1427 elen = (ip6e.ip6e_len + 2) << 2; 1428 else 1429 elen = (ip6e.ip6e_len + 1) << 3; 1430 1431 MGET(n, M_DONTWAIT, MT_DATA); 1432 if (n && elen >= MLEN) { 1433 MCLGET(n, M_DONTWAIT); 1434 if ((n->m_flags & M_EXT) == 0) { 1435 m_free(n); 1436 n = NULL; 1437 }
1221 }	1438 }
1222 /* IN6P_RTHDR - to be done */	1439 if (!n) 1440 return NULL;
1223	1441
	1442 n->m_len = 0; 1443 if (elen >= M_TRAILINGSPACE(n)) { 1444 m_free(n); 1445 return NULL; 1446 } 1447 1448 m_copydata(m, off, elen, mtod(n, caddr_t)); 1449 n->m_len = elen; 1450 return n;
1224}	1451}
	1452#endif
1225 1226/* 1227 * Get pointer to the previous header followed by the header 1228 * currently processed. 1229 * XXX: This function supposes that 1230 * M includes all headers, 1231 * the next header field and the header length field of each header 1232 * are valid, and --- 15 unchanged lines hidden (view full) --- 1248 int len, nxt; 1249 struct ip6_ext ip6e = NULL; 1250* 1251 nxt = ip6->ip6_nxt; 1252 len = sizeof(struct ip6_hdr); 1253 while (len < off) { 1254 ip6e = (struct ip6_ext )(mtod(m, caddr_t) + len); 1255*	1453 1454/* 1455 * Get pointer to the previous header followed by the header 1456 * currently processed. 1457 * XXX: This function supposes that 1458 * M includes all headers, 1459 * the next header field and the header length field of each header 1460 * are valid, and --- 15 unchanged lines hidden (view full) --- 1476 int len, nxt; 1477 struct ip6_ext ip6e = NULL; 1478* 1479 nxt = ip6->ip6_nxt; 1480 len = sizeof(struct ip6_hdr); 1481 while (len < off) { 1482 ip6e = (struct ip6_ext )(mtod(m, caddr_t) + len); 1483*
1256 switch(nxt) {	1484 switch (nxt) {
1257 case IPPROTO_FRAGMENT: 1258 len += sizeof(struct ip6_frag); 1259 break; 1260 case IPPROTO_AH: 1261 len += (ip6e->ip6e_len + 2) << 2; 1262 break; 1263 default: 1264 len += (ip6e->ip6e_len + 1) << 3; --- 112 unchanged lines hidden (view full) --- 1377 else if (newoff == off) 1378 return newoff; 1379 1380 off = newoff; 1381 proto = nxtp; 1382* } 1383} 1384	1485 case IPPROTO_FRAGMENT: 1486 len += sizeof(struct ip6_frag); 1487 break; 1488 case IPPROTO_AH: 1489 len += (ip6e->ip6e_len + 2) << 2; 1490 break; 1491 default: 1492 len += (ip6e->ip6e_len + 1) << 3; --- 112 unchanged lines hidden (view full) --- 1605 else if (newoff == off) 1606 return newoff; 1607 1608 off = newoff; 1609 proto = nxtp; 1610* } 1611} 1612
	1613struct mbuf * 1614ip6_addaux(m) 1615 struct mbuf m; 1616{ 1617* struct mbuf n; 1618* 1619#ifdef DIAGNOSTIC 1620 if (sizeof(struct ip6aux) > MHLEN) 1621 panic("assumption failed on sizeof(ip6aux)"); 1622#endif 1623 n = m_aux_find(m, AF_INET6, -1); 1624 if (n) { 1625 if (n->m_len < sizeof(struct ip6aux)) { 1626 printf("conflicting use of ip6aux"); 1627 return NULL; 1628 } 1629 } else { 1630 n = m_aux_add(m, AF_INET6, -1); 1631 n->m_len = sizeof(struct ip6aux); 1632 bzero(mtod(n, caddr_t), n->m_len); 1633 } 1634 return n; 1635} 1636 1637struct mbuf * 1638ip6_findaux(m) 1639 struct mbuf m; 1640{ 1641* struct mbuf n; 1642* 1643 n = m_aux_find(m, AF_INET6, -1); 1644 if (n && n->m_len < sizeof(struct ip6aux)) { 1645 printf("conflicting use of ip6aux"); 1646 n = NULL; 1647 } 1648 return n; 1649} 1650 1651void 1652ip6_delaux(m) 1653 struct mbuf m; 1654{ 1655* struct mbuf n; 1656* 1657 n = m_aux_find(m, AF_INET6, -1); 1658 if (n) 1659 m_aux_delete(m, n); 1660} 1661
1385/* 1386 * System control for IP6 1387 / 1388* 1389u_char inet6ctlerrmap[PRC_NCMDS] = { 1390 0, 0, 0, 0, 1391 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1392 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1393 EMSGSIZE, EHOSTUNREACH, 0, 0, 1394 0, 0, 0, 0, 1395 ENOPROTOOPT 1396};	1662/* 1663 * System control for IP6 1664 / 1665* 1666u_char inet6ctlerrmap[PRC_NCMDS] = { 1667 0, 0, 0, 0, 1668 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1669 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1670 EMSGSIZE, EHOSTUNREACH, 0, 0, 1671 0, 0, 0, 0, 1672 ENOPROTOOPT 1673};