1/*
2 * Copyright (c) 2000-2011 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
29/*	$FreeBSD: src/sys/netinet6/route6.c,v 1.1.2.3 2001/07/03 11:01:55 ume Exp $	*/
30/*	$KAME: route6.c,v 1.24 2001/03/14 03:07:05 itojun Exp $	*/
31
32/*
33 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
34 * All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 *    notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 *    notice, this list of conditions and the following disclaimer in the
43 *    documentation and/or other materials provided with the distribution.
44 * 3. Neither the name of the project nor the names of its contributors
45 *    may be used to endorse or promote products derived from this software
46 *    without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 */
60
61#include <sys/param.h>
62#include <sys/mcache.h>
63#include <sys/mbuf.h>
64#include <sys/socket.h>
65#include <sys/queue.h>
66#include <kern/debug.h>
67#include <string.h>
68
69#include <net/if.h>
70#include <net/route.h>
71
72#include <netinet/in.h>
73#include <netinet6/in6_var.h>
74#include <netinet/ip6.h>
75#include <netinet6/ip6_var.h>
76
77#include <netinet/icmp6.h>
78
79#if IP6_RTHDR0_ALLOWED
80static int ip6_rthdr0(struct mbuf *, struct ip6_hdr *,
81    struct ip6_rthdr0 *);
82#endif /* IP6_RTHDR0_ALLOWED */
83
84int
85route6_input(struct mbuf **mp, int *offp, int proto)
86{
87#pragma unused(proto)
88	struct ip6_hdr *ip6;
89	struct mbuf *m = *mp;
90	struct ip6_rthdr *rh;
91	int off = *offp, rhlen;
92	struct ip6aux *ip6a;
93
94	ip6a = ip6_findaux(m);
95	if (ip6a) {
96		/* XXX reject home-address option before rthdr */
97		if (ip6a->ip6a_flags & IP6A_SWAP) {
98			ip6stat.ip6s_badoptions++;
99			m_freem(m);
100			return IPPROTO_DONE;
101		}
102	}
103
104#ifndef PULLDOWN_TEST
105	IP6_EXTHDR_CHECK(m, off, sizeof(*rh), return IPPROTO_DONE);
106
107	/* Expect 32-bit aligned data pointer on strict-align platforms */
108	MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
109
110	ip6 = mtod(m, struct ip6_hdr *);
111	rh = (struct ip6_rthdr *)((caddr_t)ip6 + off);
112#else
113	/* Expect 32-bit aligned data pointer on strict-align platforms */
114	MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
115
116	ip6 = mtod(m, struct ip6_hdr *);
117	IP6_EXTHDR_GET(rh, struct ip6_rthdr *, m, off, sizeof(*rh));
118	if (rh == NULL) {
119		ip6stat.ip6s_tooshort++;
120		return IPPROTO_DONE;
121	}
122#endif
123
124	switch (rh->ip6r_type) {
125#if IP6_RTHDR0_ALLOWED
126	case IPV6_RTHDR_TYPE_0:
127		rhlen = (rh->ip6r_len + 1) << 3;
128#ifndef PULLDOWN_TEST
129		/*
130		 * note on option length:
131		 * due to IP6_EXTHDR_CHECK assumption, we cannot handle
132		 * very big routing header (max rhlen == 2048).
133		 */
134		IP6_EXTHDR_CHECK(m, off, rhlen, return IPPROTO_DONE);
135#else
136		/*
137		 * note on option length:
138		 * maximum rhlen: 2048
139		 * max mbuf m_pulldown can handle: MCLBYTES == usually 2048
140		 * so, here we are assuming that m_pulldown can handle
141		 * rhlen == 2048 case.  this may not be a good thing to
142		 * assume - we may want to avoid pulling it up altogether.
143		 */
144		IP6_EXTHDR_GET(rh, struct ip6_rthdr *, m, off, rhlen);
145		if (rh == NULL) {
146			ip6stat.ip6s_tooshort++;
147			return IPPROTO_DONE;
148		}
149#endif
150		if (ip6_rthdr0(m, ip6, (struct ip6_rthdr0 *)rh))
151			return(IPPROTO_DONE);
152		break;
153#endif /* IP6_RTHDR0_ALLOWED */
154	default:
155		/* unknown routing type */
156		if (rh->ip6r_segleft == 0) {
157			rhlen = (rh->ip6r_len + 1) << 3;
158			break;	/* Final dst. Just ignore the header. */
159		}
160		ip6stat.ip6s_badoptions++;
161		icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER,
162			    (caddr_t)&rh->ip6r_type - (caddr_t)ip6);
163		return(IPPROTO_DONE);
164	}
165
166	*offp += rhlen;
167	return(rh->ip6r_nxt);
168}
169
170#if IP6_RTHDR0_ALLOWED
171/*
172 * Type0 routing header processing
173 *
174 * RFC2292 backward compatibility warning: no support for strict/loose bitmap,
175 * as it was dropped between RFC1883 and RFC2460.
176 */
177static int
178ip6_rthdr0(m, ip6, rh0)
179	struct mbuf *m;
180	struct ip6_hdr *ip6;
181	struct ip6_rthdr0 *rh0;
182{
183	int addrs, index;
184	struct in6_addr *nextaddr, tmpaddr, ia6 = NULL;
185	struct route_in6 ip6forward_rt;
186
187	if (rh0->ip6r0_segleft == 0)
188		return(0);
189
190	if (rh0->ip6r0_len % 2
191#if COMPAT_RFC1883
192	    || rh0->ip6r0_len > 46
193#endif
194		) {
195		/*
196		 * Type 0 routing header can't contain more than 23 addresses.
197		 * RFC 2462: this limitation was removed since strict/loose
198		 * bitmap field was deleted.
199		 */
200		ip6stat.ip6s_badoptions++;
201		icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER,
202			    (caddr_t)&rh0->ip6r0_len - (caddr_t)ip6);
203		return (-1);
204	}
205
206	if ((addrs = rh0->ip6r0_len / 2) < rh0->ip6r0_segleft) {
207		ip6stat.ip6s_badoptions++;
208		icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER,
209			    (caddr_t)&rh0->ip6r0_segleft - (caddr_t)ip6);
210		return (-1);
211	}
212
213	index = addrs - rh0->ip6r0_segleft;
214	rh0->ip6r0_segleft--;
215	/* note that ip6r0_addr does not exist in RFC2292bis */
216	nextaddr = rh0->ip6r0_addr + index;
217
218	/*
219	 * reject invalid addresses.  be proactive about malicious use of
220	 * IPv4 mapped/compat address.
221	 * XXX need more checks?
222	 */
223	if (IN6_IS_ADDR_MULTICAST(nextaddr) ||
224	    IN6_IS_ADDR_UNSPECIFIED(nextaddr) ||
225	    IN6_IS_ADDR_V4MAPPED(nextaddr) ||
226	    IN6_IS_ADDR_V4COMPAT(nextaddr)) {
227		ip6stat.ip6s_badoptions++;
228		m_freem(m);
229		return (-1);
230	}
231	if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
232	    IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst) ||
233	    IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst) ||
234	    IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) {
235		ip6stat.ip6s_badoptions++;
236		m_freem(m);
237		return (-1);
238	}
239
240	/*
241	 * Determine the scope zone of the next hop, based on the interface
242	 * of the current hop. [RFC4007, Section 9]
243	 * Then disambiguate the scope zone for the next hop (if necessary).
244	 */
245	if ((ia6 = ip6_getdstifaddr(m)) == NULL)
246		goto bad;
247	if (in6_setscope(nextaddr, ia6->ia_ifp, NULL) != 0) {
248		ip6stat.ip6s_badscope++;
249		IFA_REMREF(&ia6->ia_ifa);
250		ia6 = NULL;
251		goto bad;
252	}
253	IFA_REMREF(&ia6->ia_ifa);
254	ia6 = NULL;
255
256	/*
257	 * Swap the IPv6 destination address and nextaddr. Forward the packet.
258	 */
259	tmpaddr = *nextaddr;
260	*nextaddr = ip6->ip6_dst;
261	in6_clearscope(nextaddr); /* XXX */
262	ip6->ip6_dst = tmpaddr;
263	if (IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_dst))
264		ip6->ip6_dst.s6_addr16[1] = htons(m->m_pkthdr.rcvif->if_index);
265
266	/*
267	 * Don't use the globally cached route to forward packet having
268	 * Type 0 routing header(s); instead, do an explicit lookup using
269	 * a local route entry variable, in case the next address in the
270	 * packet is bogus (which would otherwise unnecessarily invalidate
271	 * the globally cached route).
272	 */
273	bzero(&ip6forward_rt, sizeof (ip6forward_rt));
274
275#if COMPAT_RFC1883
276	if (rh0->ip6r0_slmap[index / 8] & (1 << (7 - (index % 8))))
277		ip6_forward(m, &ip6forward_rt, IPV6_SRCRT_NEIGHBOR, 0);
278	else
279		ip6_forward(m, &ip6forward_rt, IPV6_SRCRT_NOTNEIGHBOR, 0);
280#else
281	ip6_forward(m, &ip6forward_rt, 1, 0);
282#endif
283
284	/* Release reference to the looked up route */
285	if (ip6forward_rt.ro_rt != NULL) {
286		rtfree(ip6forward_rt.ro_rt);
287		ip6forward_rt.ro_rt = NULL;
288	}
289
290	return(-1);			/* m would be freed in ip6_forward() */
291}
292#endif /* IP6_RTHDR0_ALLOWED */
293
294