1/*
2 * Copyright (c) 2008-2012 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29/*	$FreeBSD: src/sys/netinet6/in6_proto.c,v 1.19 2002/10/16 02:25:05 sam Exp $	*/
30/*	$KAME: in6_proto.c,v 1.91 2001/05/27 13:28:35 itojun Exp $	*/
31
32/*
33 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
34 * All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 *    notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 *    notice, this list of conditions and the following disclaimer in the
43 *    documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the project nor the names of its contributors
45 *    may be used to endorse or promote products derived from this software
46 *    without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 */
60
61/*
62 * Copyright (c) 1982, 1986, 1993
63 *	The Regents of the University of California.  All rights reserved.
64 *
65 * Redistribution and use in source and binary forms, with or without
66 * modification, are permitted provided that the following conditions
67 * are met:
68 * 1. Redistributions of source code must retain the above copyright
69 *    notice, this list of conditions and the following disclaimer.
70 * 2. Redistributions in binary form must reproduce the above copyright
71 *    notice, this list of conditions and the following disclaimer in the
72 *    documentation and/or other materials provided with the distribution.
73 * 3. All advertising materials mentioning features or use of this software
74 *    must display the following acknowledgement:
75 *	This product includes software developed by the University of
76 *	California, Berkeley and its contributors.
77 * 4. Neither the name of the University nor the names of its contributors
78 *    may be used to endorse or promote products derived from this software
79 *    without specific prior written permission.
80 *
81 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
82 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
83 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
84 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
85 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
86 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
87 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
88 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
89 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
90 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
91 * SUCH DAMAGE.
92 *
93 *	@(#)in_proto.c	8.1 (Berkeley) 6/10/93
94 */
95
96
97#include <sys/param.h>
98#include <sys/socket.h>
99#include <sys/socketvar.h>
100#include <sys/protosw.h>
101#include <sys/kernel.h>
102#include <sys/domain.h>
103#include <sys/mbuf.h>
104#include <sys/systm.h>
105#include <sys/sysctl.h>
106
107#include <net/if.h>
108#include <net/radix.h>
109#include <net/route.h>
110
111#include <netinet/in.h>
112#include <netinet/in_systm.h>
113#include <netinet/in_var.h>
114#include <netinet/ip_encap.h>
115#include <netinet/ip.h>
116#include <netinet/ip_var.h>
117#include <netinet/ip6.h>
118#include <netinet6/ip6_var.h>
119#include <netinet/icmp6.h>
120
121#include <netinet/tcp.h>
122#include <netinet/tcp_timer.h>
123#include <netinet/tcp_var.h>
124#include <netinet/udp.h>
125#include <netinet/udp_var.h>
126#include <netinet6/tcp6_var.h>
127#include <netinet6/raw_ip6.h>
128#include <netinet6/udp6_var.h>
129#include <netinet6/pim6_var.h>
130#include <netinet6/nd6.h>
131#include <netinet6/in6_prefix.h>
132#include <netinet6/mld6_var.h>
133
134#include <netinet6/ip6_mroute.h>
135
136#if IPSEC
137#include <netinet6/ipsec.h>
138#if INET6
139#include <netinet6/ipsec6.h>
140#endif
141#include <netinet6/ah.h>
142#if INET6
143#include <netinet6/ah6.h>
144#endif
145#if IPSEC_ESP
146#include <netinet6/esp.h>
147#if INET6
148#include <netinet6/esp6.h>
149#endif
150#endif
151#include <netinet6/ipcomp.h>
152#if INET6
153#include <netinet6/ipcomp6.h>
154#endif
155#endif /*IPSEC*/
156
157#include <netinet6/ip6protosw.h>
158
159#include <net/net_osdep.h>
160
161/*
162 * TCP/IP protocol family: IP6, ICMP6, UDP, TCP.
163 */
164
165extern	struct domain inet6domain;
166static struct pr_usrreqs nousrreqs;
167lck_mtx_t *inet6_domain_mutex;
168
169#define PR_LISTEN	0
170#define PR_ABRTACPTDIS	0
171
172extern int in6_inithead(void **, int);
173void in6_dinit(void) __attribute__((section("__TEXT, initcode")));
174
175static int rip6_pr_output(struct mbuf *m, struct socket *so, struct sockaddr_in6 *, struct mbuf *);
176
177struct ip6protosw inet6sw[] = {
178{ 0,		&inet6domain,	IPPROTO_IPV6,	0,
179  0,		0,		0,		0,
180  0,
181  ip6_init,	0,		frag6_slowtimo,	frag6_drain,
182  0,
183  &nousrreqs,
184  0,		0,		0,
185  { 0, 0 }, NULL, { 0 }
186},
187{ SOCK_DGRAM,	&inet6domain,	IPPROTO_UDP,	PR_ATOMIC|PR_ADDR|PR_PROTOLOCK|PR_PCBLOCK,
188  udp6_input,	0,		udp6_ctlinput,	ip6_ctloutput,
189  0,
190  0,		0,		0,		0,
191  0,
192  &udp6_usrreqs,
193  udp_lock,	udp_unlock,	udp_getlock,
194  { 0, 0 }, NULL, { 0 }
195},
196{ SOCK_STREAM,	&inet6domain,	IPPROTO_TCP,	PR_CONNREQUIRED|PR_WANTRCVD|PR_LISTEN|PR_PROTOLOCK|PR_PCBLOCK|PR_DISPOSE,
197  tcp6_input,	0,		tcp6_ctlinput,	tcp_ctloutput,
198  0,
199#if INET	/* don't call initialization and timeout routines twice */
200  0,		0,		0,		tcp_drain,
201#else
202  tcp_init,	0,	tcp_slowtimo,	tcp_drain,
203#endif
204  0,
205  &tcp6_usrreqs,
206  tcp_lock,	tcp_unlock,	tcp_getlock,
207  { 0, 0 }, NULL, { 0 }
208},
209{ SOCK_RAW,	&inet6domain,	IPPROTO_RAW,	PR_ATOMIC|PR_ADDR,
210  rip6_input,	rip6_pr_output,	rip6_ctlinput,	rip6_ctloutput,
211  0,
212  0,		0,		0,		0,
213  0,
214  &rip6_usrreqs,
215  0,		rip_unlock,	0,
216  { 0, 0 }, NULL, { 0 }
217},
218{ SOCK_RAW,	&inet6domain,	IPPROTO_ICMPV6,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
219  icmp6_input,	rip6_pr_output,	rip6_ctlinput,	rip6_ctloutput,
220  0,
221  icmp6_init,	0,		mld_slowtimo,		0,
222  0,
223  &rip6_usrreqs,
224  0,		rip_unlock,		0,
225  { 0, 0 }, NULL, { 0 }
226},
227{ SOCK_DGRAM,     &inet6domain,   IPPROTO_ICMPV6, PR_ATOMIC|PR_ADDR|PR_LASTHDR,
228  icmp6_input,  rip6_pr_output, rip6_ctlinput,  icmp6_dgram_ctloutput,
229  0,
230  icmp6_init,   0, 		mld_slowtimo,              0,
231  0,
232  &icmp6_dgram_usrreqs,
233  0,            rip_unlock,             0,
234  { 0, 0 }, NULL, { 0 }
235},
236{ SOCK_RAW,	&inet6domain,	IPPROTO_DSTOPTS,PR_ATOMIC|PR_ADDR,
237  dest6_input,	0,	 	0,		0,
238  0,
239  0,		0,		0,		0,
240  0,
241  &nousrreqs,
242  0,		0,		0,
243  { 0, 0 }, NULL, { 0 }
244},
245{ SOCK_RAW,	&inet6domain,	IPPROTO_ROUTING,PR_ATOMIC|PR_ADDR,
246  route6_input,	0,	 	0,		0,
247  0,
248  0,		0,		0,		0,
249  0,
250  &nousrreqs,
251  0,		0,		0,
252  { 0, 0 }, NULL, { 0 }
253},
254{ SOCK_RAW,	&inet6domain,	IPPROTO_FRAGMENT,PR_ATOMIC|PR_ADDR,
255  frag6_input,	0,	 	0,		0,
256  0,
257  0,		0,		0,		0,
258  0,
259  &nousrreqs,
260  0,		0,		0,
261  { 0, 0 }, NULL, { 0 }
262},
263#if IPSEC
264{ SOCK_RAW,	&inet6domain,	IPPROTO_AH,	PR_ATOMIC|PR_ADDR|PR_PROTOLOCK,
265  ah6_input,	0,	 	0,		0,
266  0,
267  0,		0,		0,		0,
268  0,
269  &nousrreqs,
270  0,		0,		0,
271  { 0, 0 }, NULL, { 0 }
272},
273#if IPSEC_ESP
274{ SOCK_RAW,	&inet6domain,	IPPROTO_ESP,	PR_ATOMIC|PR_ADDR|PR_PROTOLOCK,
275  esp6_input,	0,
276  esp6_ctlinput,
277  0,
278  0,
279  0,		0,		0,		0,
280  0,
281  &nousrreqs,
282  0,		0,		0,
283  { 0, 0 }, NULL, { 0 }
284},
285#endif
286{ SOCK_RAW,	&inet6domain,	IPPROTO_IPCOMP,	PR_ATOMIC|PR_ADDR|PR_PROTOLOCK,
287  ipcomp6_input, 0,	 	0,		0,
288  0,
289  0,		0,		0,		0,
290  0,
291  &nousrreqs,
292  0,		0,		0,
293  { 0, 0 }, NULL, { 0 }
294},
295#endif /* IPSEC */
296#if INET
297{ SOCK_RAW,	&inet6domain,	IPPROTO_IPV4,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
298  encap6_input,	rip6_pr_output, 	0,		rip6_ctloutput,
299  0,
300  encap_init,	0,		0,		0,
301  0,
302  &rip6_usrreqs,
303  0,		rip_unlock,	0,
304  { 0, 0 }, NULL, { 0 }
305},
306#endif /*INET*/
307{ SOCK_RAW,	&inet6domain,	IPPROTO_IPV6,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
308  encap6_input, rip6_pr_output,	0,		rip6_ctloutput,
309  0,
310  encap_init,	0,		0,		0,
311  0,
312  &rip6_usrreqs,
313  0,		rip_unlock,	0,
314  { 0, 0 }, NULL, { 0 }
315},
316#if MROUTING
317{ SOCK_RAW,     &inet6domain,	IPPROTO_PIM,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
318  pim6_input,	rip6_pr_output,	0,              rip6_ctloutput,
319  0,
320  0,		0,		0,		0,
321  0,
322  &rip6_usrreqs,
323  0,		rip_unlock,	0,
324  { 0, 0 }, NULL, { 0 }
325},
326#endif
327/* raw wildcard */
328{ SOCK_RAW,	&inet6domain,	0,		PR_ATOMIC|PR_ADDR|PR_LASTHDR,
329  rip6_input,	rip6_pr_output,	0,		rip6_ctloutput,
330  0,
331  0,		0,		0,		0,
332  0,
333  &rip6_usrreqs,
334  0,		rip_unlock,	0,
335  { 0, 0 }, NULL, { 0 }
336},
337};
338
339
340int in6_proto_count = (sizeof (inet6sw) / sizeof (struct ip6protosw));
341
342struct domain inet6domain =
343    { AF_INET6, "internet6", in6_dinit, 0, 0,
344      (struct protosw *)inet6sw, 0,
345      in6_inithead, offsetof(struct sockaddr_in6, sin6_addr) << 3, sizeof(struct sockaddr_in6) ,
346      sizeof(struct sockaddr_in6), 0,
347      NULL, 0, {0,0}
348    };
349
350DOMAIN_SET(inet6);
351
352/* Initialize the PF_INET6 domain, and add in the pre-defined protos */
353void
354in6_dinit(void)
355{
356	register int i;
357	register struct ip6protosw *pr;
358	register struct domain *dp;
359	static int inet6domain_initted = 0;
360
361	if (!inet6domain_initted) {
362		dp = &inet6domain;
363
364		for (i=0, pr = &inet6sw[0]; i<in6_proto_count; i++, pr++)
365			net_add_proto((struct protosw*)pr, dp);
366
367		inet6_domain_mutex = dp->dom_mtx;
368		inet6domain_initted = 1;
369	}
370}
371
372int rip6_pr_output(__unused struct mbuf *m, __unused struct socket *so,
373					__unused struct sockaddr_in6 *sin6, __unused struct mbuf *m1)
374{
375	panic("rip6_pr_output\n");
376	return 0;
377}
378
379/*
380 * Internet configuration info
381 */
382#ifndef	IPV6FORWARDING
383#if GATEWAY6
384#define	IPV6FORWARDING	1	/* forward IP6 packets not for us */
385#else
386#define	IPV6FORWARDING	0	/* don't forward IP6 packets not for us */
387#endif /* GATEWAY6 */
388#endif /* !IPV6FORWARDING */
389
390#ifndef	IPV6_SENDREDIRECTS
391#define	IPV6_SENDREDIRECTS	1
392#endif
393
394int	ip6_forwarding = IPV6FORWARDING;	/* act as router? */
395int	ip6_sendredirects = IPV6_SENDREDIRECTS;
396int	ip6_defhlim = IPV6_DEFHLIM;
397int	ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS;
398int	ip6_accept_rtadv = 1;	/* deprecated */
399int	ip6_maxfragpackets;	/* initialized in frag6.c:frag6_init() */
400int	ip6_maxfrags;
401int	ip6_log_interval = 5;
402int	ip6_hdrnestlimit = 15;	/* How many header options will we process? */
403int	ip6_dad_count = 1;	/* DupAddrDetectionTransmits */
404u_int32_t ip6_flow_seq;
405int	ip6_auto_flowlabel = 1;
406int	ip6_gif_hlim = 0;
407int	ip6_use_deprecated = 1;	/* allow deprecated addr (RFC2462 5.5.4) */
408int	ip6_rr_prune = 5;	/* router renumbering prefix
409				 * walk list every 5 sec.    */
410int	ip6_mcast_pmtu = 0;	/* enable pMTU discovery for multicast? */
411int	ip6_v6only = 0;		/* Mapped addresses off by default -  Radar 3347718  -- REVISITING FOR 10.7 -- TESTING WITH MAPPED@ OFF */
412
413int	ip6_neighborgcthresh = 1024;	/* Threshold # of NDP entries for GC */
414int	ip6_maxifprefixes = 16;		/* Max acceptable prefixes via RA per IF */
415int	ip6_maxifdefrouters = 16;	/* Max acceptable def routers via RA */
416int	ip6_maxdynroutes = 1024;	/* Max # of routes created via redirect */
417int	ip6_only_allow_rfc4193_prefix = 0;	/* Only allow RFC4193 style Unique Local IPv6 Unicast prefixes */
418
419u_int32_t ip6_id = 0UL;
420static int ip6_keepfaith = 0;
421time_t	ip6_log_time = (time_t)0L;
422int	nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (as in RFC 4861) */
423
424/* icmp6 */
425/*
426 * BSDI4 defines these variables in in_proto.c...
427 * XXX: what if we don't define INET? Should we define pmtu6_expire
428 * or so? (jinmei@kame.net 19990310)
429 */
430int pmtu_expire = 60*10;
431int pmtu_probe = 60*2;
432
433/* raw IP6 parameters */
434/*
435 * Nominal space allocated to a raw ip socket.
436 */
437#define	RIPV6SNDQ	8192
438#define	RIPV6RCVQ	8192
439
440u_int32_t	rip6_sendspace = RIPV6SNDQ;
441u_int32_t	rip6_recvspace = RIPV6RCVQ;
442
443/* ICMPV6 parameters */
444int	icmp6_rediraccept = 1;		/* accept and process redirects */
445int	icmp6_redirtimeout = 10 * 60;	/* 10 minutes */
446int	icmp6errppslim = 500;		/* 500 packets per second */
447int	icmp6_nodeinfo = 3;		/* enable/disable NI response */
448
449/* UDP on IP6 parameters */
450int	udp6_sendspace = 9216;		/* really max datagram size */
451int	udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6));
452					/* 40 1K datagrams */
453
454/*
455 * sysctl related items.
456 */
457SYSCTL_NODE(_net,	PF_INET6,	inet6,	CTLFLAG_RW | CTLFLAG_LOCKED,	0,
458	"Internet6 Family");
459
460/* net.inet6 */
461SYSCTL_NODE(_net_inet6,	IPPROTO_IPV6,	ip6,	CTLFLAG_RW|CTLFLAG_LOCKED, 0,	"IP6");
462SYSCTL_NODE(_net_inet6,	IPPROTO_ICMPV6,	icmp6,	CTLFLAG_RW|CTLFLAG_LOCKED, 0,	"ICMP6");
463SYSCTL_NODE(_net_inet6,	IPPROTO_UDP,	udp6,	CTLFLAG_RW|CTLFLAG_LOCKED, 0,	"UDP6");
464SYSCTL_NODE(_net_inet6,	IPPROTO_TCP,	tcp6,	CTLFLAG_RW|CTLFLAG_LOCKED, 0,	"TCP6");
465#if IPSEC
466SYSCTL_NODE(_net_inet6,	IPPROTO_ESP,	ipsec6,	CTLFLAG_RW|CTLFLAG_LOCKED, 0,	"IPSEC6");
467#endif /* IPSEC */
468
469/* net.inet6.ip6 */
470static int
471sysctl_ip6_temppltime SYSCTL_HANDLER_ARGS
472{
473#pragma unused(oidp, arg2)
474	int error = 0;
475	int old;
476
477	error = SYSCTL_OUT(req, arg1, sizeof(int));
478	if (error || !req->newptr)
479		return (error);
480	old = ip6_temp_preferred_lifetime;
481	error = SYSCTL_IN(req, arg1, sizeof(int));
482	if (ip6_temp_preferred_lifetime > ND6_MAX_LIFETIME ||
483	    ip6_temp_preferred_lifetime <
484	    ip6_desync_factor + ip6_temp_regen_advance) {
485		ip6_temp_preferred_lifetime = old;
486		return(EINVAL);
487	}
488	return(error);
489}
490
491static int
492sysctl_ip6_tempvltime SYSCTL_HANDLER_ARGS
493{
494#pragma unused(oidp, arg2)
495	int error = 0;
496	int old;
497
498	error = SYSCTL_OUT(req, arg1, sizeof(int));
499	if (error || !req->newptr)
500		return (error);
501	old = ip6_temp_valid_lifetime;
502	error = SYSCTL_IN(req, arg1, sizeof(int));
503	if (ip6_temp_valid_lifetime > ND6_MAX_LIFETIME ||
504	    ip6_temp_valid_lifetime < ip6_temp_preferred_lifetime) {
505		ip6_temp_preferred_lifetime = old;
506		return(EINVAL);
507	}
508	return(error);
509}
510
511SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING,
512	forwarding, CTLFLAG_RW | CTLFLAG_LOCKED, 	&ip6_forwarding,	0, "");
513SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS,
514	redirect, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_sendredirects,	0, "");
515SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM,
516	hlim, CTLFLAG_RW | CTLFLAG_LOCKED,		&ip6_defhlim,	0, "");
517SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_STATS, stats, CTLFLAG_RD | CTLFLAG_LOCKED,
518	&ip6stat, ip6stat, "");
519SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS,
520	maxfragpackets, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_maxfragpackets,	0, "");
521SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGS,
522        maxfrags, CTLFLAG_RW | CTLFLAG_LOCKED,           &ip6_maxfrags,  0, "");
523SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV,
524	accept_rtadv, CTLFLAG_RD | CTLFLAG_LOCKED,
525	&ip6_accept_rtadv,	0, "");
526SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH,
527	keepfaith, CTLFLAG_RD | CTLFLAG_LOCKED,		&ip6_keepfaith,	0, "");
528SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL,
529	log_interval, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_log_interval,	0, "");
530SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT,
531	hdrnestlimit, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_hdrnestlimit,	0, "");
532SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT,
533	dad_count, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_dad_count,	0, "");
534SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL,
535	auto_flowlabel, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_auto_flowlabel,	0, "");
536SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM,
537	defmcasthlim, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_defmcasthlim,	0, "");
538SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM,
539	gifhlim, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_gif_hlim,			0, "");
540SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION,
541	kame_version, CTLFLAG_RD | CTLFLAG_LOCKED, (void *)((uintptr_t)(__KAME_VERSION)),		0, "");
542SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED,
543	use_deprecated, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_use_deprecated,	0, "");
544SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE,
545	rr_prune, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_rr_prune,			0, "");
546SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR,
547	use_tempaddr, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_use_tempaddr,		0, "");
548SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime,
549	   CTLTYPE_INT|CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_temp_preferred_lifetime, 0,
550	   sysctl_ip6_temppltime, "I", "");
551SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime,
552	   CTLTYPE_INT|CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_temp_valid_lifetime, 0,
553	   sysctl_ip6_tempvltime, "I", "");
554SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY,
555	v6only,	CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_v6only,		0, "");
556SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL,
557	auto_linklocal, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_auto_linklocal,	0, "");
558SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD | CTLFLAG_LOCKED,
559	&rip6stat, rip6stat, "");
560SYSCTL_INT(_net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR,
561	prefer_tempaddr, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_prefer_tempaddr,	0, "");
562SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEFAULTZONE,
563	use_defaultzone, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_use_defzone,		0,"");
564SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MCAST_PMTU,
565	mcast_pmtu, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_mcast_pmtu,	0, "");
566#if MROUTING
567SYSCTL_STRUCT(_net_inet6_ip6, OID_AUTO, mrt6stat, CTLFLAG_RD | CTLFLAG_LOCKED,
568        &mrt6stat, mrt6stat, "");
569#endif
570SYSCTL_INT(_net_inet6_ip6, IPV6CTL_NEIGHBORGCTHRESH,
571	neighborgcthresh, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_neighborgcthresh,	0, "");
572SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXIFPREFIXES,
573	maxifprefixes, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_maxifprefixes,	0, "");
574SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXIFDEFROUTERS,
575	maxifdefrouters, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_maxifdefrouters,	0, "");
576SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXDYNROUTES,
577	maxdynroutes, CTLFLAG_RW | CTLFLAG_LOCKED,	&ip6_maxdynroutes,	0, "");
578SYSCTL_INT(_net_inet6_ip6, OID_AUTO,
579	only_allow_rfc4193_prefixes, CTLFLAG_RW | CTLFLAG_LOCKED,
580	&ip6_only_allow_rfc4193_prefix,	0, "");
581
582/* net.inet6.icmp6 */
583SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
584	rediraccept, CTLFLAG_RW | CTLFLAG_LOCKED,	&icmp6_rediraccept,	0, "");
585SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT,
586	redirtimeout, CTLFLAG_RW | CTLFLAG_LOCKED,	&icmp6_redirtimeout,	0, "");
587SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD | CTLFLAG_LOCKED,
588	&icmp6stat, icmp6stat, "");
589SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE,
590	nd6_prune, CTLFLAG_RW | CTLFLAG_LOCKED,		&nd6_prune,	0, "");
591SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY,
592	nd6_delay, CTLFLAG_RW | CTLFLAG_LOCKED,		&nd6_delay,	0, "");
593SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES,
594	nd6_umaxtries, CTLFLAG_RW | CTLFLAG_LOCKED,	&nd6_umaxtries,	0, "");
595SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES,
596	nd6_mmaxtries, CTLFLAG_RW | CTLFLAG_LOCKED,	&nd6_mmaxtries,	0, "");
597SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK,
598	nd6_useloopback, CTLFLAG_RW | CTLFLAG_LOCKED,	&nd6_useloopback, 0, "");
599SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ACCEPT_6TO4,
600	nd6_accept_6to4, CTLFLAG_RW | CTLFLAG_LOCKED,	&nd6_accept_6to4, 0, "");
601SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO,
602	nodeinfo, CTLFLAG_RW | CTLFLAG_LOCKED,	&icmp6_nodeinfo,	0, "");
603SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT,
604	errppslimit, CTLFLAG_RW | CTLFLAG_LOCKED,	&icmp6errppslim,	0, "");
605SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT,
606	nd6_maxnudhint, CTLFLAG_RW | CTLFLAG_LOCKED,	&nd6_maxnudhint, 0, "");
607SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG,
608	nd6_debug, CTLFLAG_RW | CTLFLAG_LOCKED,	&nd6_debug,		0, "");
609SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
610	nd6_onlink_ns_rfc4861, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_onlink_ns_rfc4861, 0,
611	"Accept 'on-link' nd6 NS in compliance with RFC 4861.");
612SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_OPTIMISTIC_DAD,
613	nd6_optimistic_dad, CTLFLAG_RW | CTLFLAG_LOCKED,	&nd6_optimistic_dad,		0, "");
614