ip6_forward.c revision 162045
162587Sitojun/* $FreeBSD: head/sys/netinet6/ip6_forward.c 162045 2006-09-05 19:20:42Z jhay $ */ 278064Sume/* $KAME: ip6_forward.c,v 1.69 2001/05/17 03:48:30 itojun Exp $ */ 362587Sitojun 4139826Simp/*- 553541Sshin * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 653541Sshin * All rights reserved. 753541Sshin * 853541Sshin * Redistribution and use in source and binary forms, with or without 953541Sshin * modification, are permitted provided that the following conditions 1053541Sshin * are met: 1153541Sshin * 1. Redistributions of source code must retain the above copyright 1253541Sshin * notice, this list of conditions and the following disclaimer. 1353541Sshin * 2. Redistributions in binary form must reproduce the above copyright 1453541Sshin * notice, this list of conditions and the following disclaimer in the 1553541Sshin * documentation and/or other materials provided with the distribution. 1653541Sshin * 3. Neither the name of the project nor the names of its contributors 1753541Sshin * may be used to endorse or promote products derived from this software 1853541Sshin * without specific prior written permission. 1953541Sshin * 2053541Sshin * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 2153541Sshin * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2253541Sshin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2353541Sshin * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2453541Sshin * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2553541Sshin * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2653541Sshin * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2753541Sshin * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2853541Sshin * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2953541Sshin * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3053541Sshin * SUCH DAMAGE. 3153541Sshin */ 3253541Sshin 3362587Sitojun#include "opt_inet.h" 3462587Sitojun#include "opt_inet6.h" 3555009Sshin#include "opt_ipsec.h" 36148921Ssuz#include "opt_ipstealth.h" 3753541Sshin 3853541Sshin#include <sys/param.h> 3953541Sshin#include <sys/systm.h> 4078064Sume#include <sys/malloc.h> 4153541Sshin#include <sys/mbuf.h> 4253541Sshin#include <sys/domain.h> 4353541Sshin#include <sys/protosw.h> 4453541Sshin#include <sys/socket.h> 4553541Sshin#include <sys/errno.h> 4653541Sshin#include <sys/time.h> 4778064Sume#include <sys/kernel.h> 4853541Sshin#include <sys/syslog.h> 4953541Sshin 5053541Sshin#include <net/if.h> 5153541Sshin#include <net/route.h> 5284994Sdarrenr#include <net/pfil.h> 5353541Sshin 5453541Sshin#include <netinet/in.h> 5553541Sshin#include <netinet/in_var.h> 5678064Sume#include <netinet/in_systm.h> 5778064Sume#include <netinet/ip.h> 5862587Sitojun#include <netinet/ip_var.h> 5978064Sume#include <netinet6/in6_var.h> 6062587Sitojun#include <netinet/ip6.h> 6153541Sshin#include <netinet6/ip6_var.h> 62148385Sume#include <netinet6/scope6_var.h> 6362587Sitojun#include <netinet/icmp6.h> 6453541Sshin#include <netinet6/nd6.h> 6553541Sshin 6678064Sume#include <netinet/in_pcb.h> 6778064Sume 6863256Sitojun#ifdef IPSEC 6953541Sshin#include <netinet6/ipsec.h> 7078064Sume#ifdef INET6 7162601Sitojun#include <netinet6/ipsec6.h> 7278064Sume#endif 7353541Sshin#include <netkey/key.h> 7463256Sitojun#endif /* IPSEC */ 7553541Sshin 76105199Ssam#ifdef FAST_IPSEC 77105199Ssam#include <netipsec/ipsec.h> 78105199Ssam#include <netipsec/ipsec6.h> 79105199Ssam#include <netipsec/key.h> 80105199Ssam#define IPSEC 81105199Ssam#endif /* FAST_IPSEC */ 82105199Ssam 8384994Sdarrenr#include <netinet6/ip6protosw.h> 8484994Sdarrenr 8553541Sshinstruct route_in6 ip6_forward_rt; 8653541Sshin 8753541Sshin/* 8853541Sshin * Forward a packet. If some error occurs return the sender 8953541Sshin * an icmp packet. Note we can't always generate a meaningful 9053541Sshin * icmp message because icmp doesn't have a large enough repertoire 9153541Sshin * of codes and types. 9253541Sshin * 9353541Sshin * If not forwarding, just drop the packet. This could be confusing 9453541Sshin * if ipforwarding was zero but some routing protocol was advancing 9553541Sshin * us as a gateway to somewhere. However, we must let the routing 9653541Sshin * protocol deal with that. 9753541Sshin * 9853541Sshin */ 9953541Sshin 10053541Sshinvoid 10153541Sshinip6_forward(m, srcrt) 10253541Sshin struct mbuf *m; 10353541Sshin int srcrt; 10453541Sshin{ 10553541Sshin struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 106122062Sume struct sockaddr_in6 *dst = NULL; 107122062Sume struct rtentry *rt = NULL; 10853541Sshin int error, type = 0, code = 0; 10962587Sitojun struct mbuf *mcopy = NULL; 11062587Sitojun struct ifnet *origifp; /* maybe unnecessary */ 111148385Sume u_int32_t inzone, outzone; 112148385Sume struct in6_addr src_in6, dst_in6; 11363256Sitojun#ifdef IPSEC 11453541Sshin struct secpolicy *sp = NULL; 115122062Sume int ipsecrt = 0; 11653541Sshin#endif 11753541Sshin 118158295Sbz GIANT_REQUIRED; /* XXX bz: ip6_forward_rt */ 119158295Sbz 12063256Sitojun#ifdef IPSEC 12153541Sshin /* 12253541Sshin * Check AH/ESP integrity. 12353541Sshin */ 12453541Sshin /* 12553541Sshin * Don't increment ip6s_cantforward because this is the check 12653541Sshin * before forwarding packet actually. 12753541Sshin */ 12853541Sshin if (ipsec6_in_reject(m, NULL)) { 129105199Ssam#if !defined(FAST_IPSEC) 13053541Sshin ipsec6stat.in_polvio++; 131105199Ssam#endif 13253541Sshin m_freem(m); 13353541Sshin return; 13453541Sshin } 13595023Ssuz#endif /* IPSEC */ 13653541Sshin 13778064Sume /* 13878064Sume * Do not forward packets to multicast destination (should be handled 13978064Sume * by ip6_mforward(). 14078064Sume * Do not forward packets with unspecified source. It was discussed 141120913Sume * in July 2000, on the ipngwg mailing list. 14278064Sume */ 14362587Sitojun if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 || 14478064Sume IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || 14578064Sume IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) { 14653541Sshin ip6stat.ip6s_cantforward++; 14753541Sshin /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ 14853541Sshin if (ip6_log_time + ip6_log_interval < time_second) { 14953541Sshin ip6_log_time = time_second; 15053541Sshin log(LOG_DEBUG, 15153541Sshin "cannot forward " 15253541Sshin "from %s to %s nxt %d received on %s\n", 15362587Sitojun ip6_sprintf(&ip6->ip6_src), 15462587Sitojun ip6_sprintf(&ip6->ip6_dst), 15553541Sshin ip6->ip6_nxt, 15653541Sshin if_name(m->m_pkthdr.rcvif)); 15753541Sshin } 15853541Sshin m_freem(m); 15953541Sshin return; 16053541Sshin } 16153541Sshin 162148921Ssuz#ifdef IPSTEALTH 163148921Ssuz if (!ip6stealth) { 164148921Ssuz#endif 16553541Sshin if (ip6->ip6_hlim <= IPV6_HLIMDEC) { 16653541Sshin /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ 16753541Sshin icmp6_error(m, ICMP6_TIME_EXCEEDED, 16853541Sshin ICMP6_TIME_EXCEED_TRANSIT, 0); 16953541Sshin return; 17053541Sshin } 17153541Sshin ip6->ip6_hlim -= IPV6_HLIMDEC; 17253541Sshin 173148921Ssuz#ifdef IPSTEALTH 174148921Ssuz } 175148921Ssuz#endif 176148921Ssuz 17762587Sitojun /* 17862587Sitojun * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU - 17962587Sitojun * size of IPv6 + ICMPv6 headers) bytes of the packet in case 18062587Sitojun * we need to generate an ICMP6 message to the src. 18162587Sitojun * Thanks to M_EXT, in most cases copy will not occur. 18262587Sitojun * 18362587Sitojun * It is important to save it before IPsec processing as IPsec 18462587Sitojun * processing may modify the mbuf. 18562587Sitojun */ 18662587Sitojun mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN)); 18762587Sitojun 18863256Sitojun#ifdef IPSEC 18953541Sshin /* get a security policy for this packet */ 190120913Sume sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 191120913Sume IP_FORWARDING, &error); 19253541Sshin if (sp == NULL) { 19353541Sshin ipsec6stat.out_inval++; 19453541Sshin ip6stat.ip6s_cantforward++; 19562587Sitojun if (mcopy) { 19662587Sitojun#if 0 19762587Sitojun /* XXX: what icmp ? */ 19862587Sitojun#else 19962587Sitojun m_freem(mcopy); 20062587Sitojun#endif 20162587Sitojun } 20253541Sshin m_freem(m); 20353541Sshin return; 20453541Sshin } 20553541Sshin 20653541Sshin error = 0; 20753541Sshin 20853541Sshin /* check policy */ 20953541Sshin switch (sp->policy) { 21053541Sshin case IPSEC_POLICY_DISCARD: 21153541Sshin /* 21253541Sshin * This packet is just discarded. 21353541Sshin */ 21453541Sshin ipsec6stat.out_polvio++; 21553541Sshin ip6stat.ip6s_cantforward++; 21653541Sshin key_freesp(sp); 21762587Sitojun if (mcopy) { 21862587Sitojun#if 0 21962587Sitojun /* XXX: what icmp ? */ 22062587Sitojun#else 22162587Sitojun m_freem(mcopy); 22262587Sitojun#endif 22362587Sitojun } 22453541Sshin m_freem(m); 22553541Sshin return; 22653541Sshin 22753541Sshin case IPSEC_POLICY_BYPASS: 22853541Sshin case IPSEC_POLICY_NONE: 22953541Sshin /* no need to do IPsec. */ 23053541Sshin key_freesp(sp); 23153541Sshin goto skip_ipsec; 23262587Sitojun 23353541Sshin case IPSEC_POLICY_IPSEC: 23453541Sshin if (sp->req == NULL) { 23553541Sshin /* XXX should be panic ? */ 23653541Sshin printf("ip6_forward: No IPsec request specified.\n"); 23753541Sshin ip6stat.ip6s_cantforward++; 23853541Sshin key_freesp(sp); 23962587Sitojun if (mcopy) { 24062587Sitojun#if 0 24162587Sitojun /* XXX: what icmp ? */ 24262587Sitojun#else 24362587Sitojun m_freem(mcopy); 24462587Sitojun#endif 24562587Sitojun } 24653541Sshin m_freem(m); 24753541Sshin return; 24853541Sshin } 24953541Sshin /* do IPsec */ 25053541Sshin break; 25153541Sshin 25253541Sshin case IPSEC_POLICY_ENTRUST: 25353541Sshin default: 25453541Sshin /* should be panic ?? */ 25553541Sshin printf("ip6_forward: Invalid policy found. %d\n", sp->policy); 25653541Sshin key_freesp(sp); 25753541Sshin goto skip_ipsec; 25853541Sshin } 25953541Sshin 26053541Sshin { 261122062Sume struct ipsecrequest *isr = NULL; 26253541Sshin struct ipsec_output_state state; 26353541Sshin 26453541Sshin /* 265122062Sume * when the kernel forwards a packet, it is not proper to apply 266122062Sume * IPsec transport mode to the packet is not proper. this check 267122062Sume * avoid from this. 268122062Sume * at present, if there is even a transport mode SA request in the 269122062Sume * security policy, the kernel does not apply IPsec to the packet. 270122062Sume * this check is not enough because the following case is valid. 271122062Sume * ipsec esp/tunnel/xxx-xxx/require esp/transport//require; 272122062Sume */ 273122062Sume for (isr = sp->req; isr; isr = isr->next) { 274126006Sume if (isr->saidx.mode == IPSEC_MODE_ANY) 275126006Sume goto doipsectunnel; 276126006Sume if (isr->saidx.mode == IPSEC_MODE_TUNNEL) 277126006Sume goto doipsectunnel; 278122062Sume } 279122062Sume 280122062Sume /* 281126006Sume * if there's no need for tunnel mode IPsec, skip. 282126006Sume */ 283126006Sume if (!isr) 284126006Sume goto skip_ipsec; 285126006Sume 286126006Sume doipsectunnel: 287126006Sume /* 28853541Sshin * All the extension headers will become inaccessible 28953541Sshin * (since they can be encrypted). 29053541Sshin * Don't panic, we need no more updates to extension headers 29153541Sshin * on inner IPv6 packet (since they are now encapsulated). 29253541Sshin * 29353541Sshin * IPv6 [ESP|AH] IPv6 [extension headers] payload 29453541Sshin */ 29553541Sshin bzero(&state, sizeof(state)); 29653541Sshin state.m = m; 29753541Sshin state.ro = NULL; /* update at ipsec6_output_tunnel() */ 29853541Sshin state.dst = NULL; /* update at ipsec6_output_tunnel() */ 29953541Sshin 30053541Sshin error = ipsec6_output_tunnel(&state, sp, 0); 30153541Sshin 30253541Sshin m = state.m; 30353541Sshin key_freesp(sp); 30453541Sshin 30553541Sshin if (error) { 30653541Sshin /* mbuf is already reclaimed in ipsec6_output_tunnel. */ 30753541Sshin switch (error) { 30853541Sshin case EHOSTUNREACH: 30953541Sshin case ENETUNREACH: 31053541Sshin case EMSGSIZE: 31153541Sshin case ENOBUFS: 31253541Sshin case ENOMEM: 31353541Sshin break; 31453541Sshin default: 31553541Sshin printf("ip6_output (ipsec): error code %d\n", error); 316120913Sume /* FALLTHROUGH */ 31753541Sshin case ENOENT: 31853541Sshin /* don't show these error codes to the user */ 31953541Sshin break; 32053541Sshin } 32153541Sshin ip6stat.ip6s_cantforward++; 32262587Sitojun if (mcopy) { 32362587Sitojun#if 0 32462587Sitojun /* XXX: what icmp ? */ 32562587Sitojun#else 32662587Sitojun m_freem(mcopy); 32762587Sitojun#endif 32862587Sitojun } 32953541Sshin m_freem(m); 33053541Sshin return; 33153541Sshin } 332122062Sume 333126006Sume if (ip6 != mtod(m, struct ip6_hdr *)) { 334126006Sume /* 335126006Sume * now tunnel mode headers are added. we are originating 336126006Sume * packet instead of forwarding the packet. 337126006Sume */ 338126006Sume ip6_output(m, NULL, NULL, IPV6_FORWARDING/*XXX*/, NULL, NULL, 339126006Sume NULL); 340126006Sume goto freecopy; 341126006Sume } 342126006Sume 343122062Sume /* adjust pointer */ 344122062Sume dst = (struct sockaddr_in6 *)state.dst; 345122062Sume rt = state.ro ? state.ro->ro_rt : NULL; 346122062Sume if (dst != NULL && rt != NULL) 347122062Sume ipsecrt = 1; 34853541Sshin } 34953541Sshin skip_ipsec: 35063256Sitojun#endif /* IPSEC */ 35153541Sshin 352122062Sume#ifdef IPSEC 353122062Sume if (ipsecrt) 354122062Sume goto skip_routing; 355122062Sume#endif 356122062Sume 35778064Sume dst = (struct sockaddr_in6 *)&ip6_forward_rt.ro_dst; 35853541Sshin if (!srcrt) { 359120913Sume /* ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst */ 36053541Sshin if (ip6_forward_rt.ro_rt == 0 || 36153541Sshin (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0) { 36253541Sshin if (ip6_forward_rt.ro_rt) { 36353541Sshin RTFREE(ip6_forward_rt.ro_rt); 36453541Sshin ip6_forward_rt.ro_rt = 0; 36553541Sshin } 366120913Sume 36753541Sshin /* this probably fails but give it a try again */ 368122921Sandre rtalloc((struct route *)&ip6_forward_rt); 36953541Sshin } 37062587Sitojun 37153541Sshin if (ip6_forward_rt.ro_rt == 0) { 37253541Sshin ip6stat.ip6s_noroute++; 37378064Sume in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute); 37462587Sitojun if (mcopy) { 37562587Sitojun icmp6_error(mcopy, ICMP6_DST_UNREACH, 37662587Sitojun ICMP6_DST_UNREACH_NOROUTE, 0); 37762587Sitojun } 37862587Sitojun m_freem(m); 37953541Sshin return; 38053541Sshin } 38153541Sshin } else if ((rt = ip6_forward_rt.ro_rt) == 0 || 382120913Sume !IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr)) { 38353541Sshin if (ip6_forward_rt.ro_rt) { 38453541Sshin RTFREE(ip6_forward_rt.ro_rt); 38553541Sshin ip6_forward_rt.ro_rt = 0; 38653541Sshin } 38753541Sshin bzero(dst, sizeof(*dst)); 38853541Sshin dst->sin6_len = sizeof(struct sockaddr_in6); 38953541Sshin dst->sin6_family = AF_INET6; 39053541Sshin dst->sin6_addr = ip6->ip6_dst; 39153541Sshin 392122921Sandre rtalloc((struct route *)&ip6_forward_rt); 39353541Sshin if (ip6_forward_rt.ro_rt == 0) { 39453541Sshin ip6stat.ip6s_noroute++; 39578064Sume in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute); 39662587Sitojun if (mcopy) { 39762587Sitojun icmp6_error(mcopy, ICMP6_DST_UNREACH, 39862587Sitojun ICMP6_DST_UNREACH_NOROUTE, 0); 39962587Sitojun } 40062587Sitojun m_freem(m); 40153541Sshin return; 40253541Sshin } 40353541Sshin } 40453541Sshin rt = ip6_forward_rt.ro_rt; 405122062Sume#ifdef IPSEC 406122062Sume skip_routing:; 407122062Sume#endif 40862587Sitojun 40962587Sitojun /* 410148385Sume * Source scope check: if a packet can't be delivered to its 411148385Sume * destination for the reason that the destination is beyond the scope 412148385Sume * of the source address, discard the packet and return an icmp6 413148385Sume * destination unreachable error with Code 2 (beyond scope of source 414148385Sume * address). We use a local copy of ip6_src, since in6_setscope() 415148385Sume * will possibly modify its first argument. 416148385Sume * [draft-ietf-ipngwg-icmp-v3-04.txt, Section 3.1] 41762587Sitojun */ 418148385Sume src_in6 = ip6->ip6_src; 419148385Sume if (in6_setscope(&src_in6, rt->rt_ifp, &outzone)) { 420122062Sume /* XXX: this should not happen */ 42162587Sitojun ip6stat.ip6s_cantforward++; 42262587Sitojun ip6stat.ip6s_badscope++; 423122062Sume m_freem(m); 424122062Sume return; 425122062Sume } 426148385Sume if (in6_setscope(&src_in6, m->m_pkthdr.rcvif, &inzone)) { 427148385Sume ip6stat.ip6s_cantforward++; 428148385Sume ip6stat.ip6s_badscope++; 429148385Sume m_freem(m); 430148385Sume return; 431148385Sume } 432148385Sume if (inzone != outzone 433122062Sume#ifdef IPSEC 434122062Sume && !ipsecrt 435122062Sume#endif 436122062Sume ) { 437122062Sume ip6stat.ip6s_cantforward++; 438122062Sume ip6stat.ip6s_badscope++; 43962587Sitojun in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard); 44062587Sitojun 44162587Sitojun if (ip6_log_time + ip6_log_interval < time_second) { 44262587Sitojun ip6_log_time = time_second; 44362587Sitojun log(LOG_DEBUG, 44462587Sitojun "cannot forward " 44562587Sitojun "src %s, dst %s, nxt %d, rcvif %s, outif %s\n", 44662587Sitojun ip6_sprintf(&ip6->ip6_src), 44762587Sitojun ip6_sprintf(&ip6->ip6_dst), 44862587Sitojun ip6->ip6_nxt, 44962587Sitojun if_name(m->m_pkthdr.rcvif), if_name(rt->rt_ifp)); 45062587Sitojun } 45162587Sitojun if (mcopy) 45262587Sitojun icmp6_error(mcopy, ICMP6_DST_UNREACH, 45362587Sitojun ICMP6_DST_UNREACH_BEYONDSCOPE, 0); 45462587Sitojun m_freem(m); 45562587Sitojun return; 45662587Sitojun } 45762587Sitojun 458148385Sume /* 459148385Sume * Destination scope check: if a packet is going to break the scope 460148385Sume * zone of packet's destination address, discard it. This case should 461148385Sume * usually be prevented by appropriately-configured routing table, but 462148385Sume * we need an explicit check because we may mistakenly forward the 463148385Sume * packet to a different zone by (e.g.) a default route. 464148385Sume */ 465148385Sume dst_in6 = ip6->ip6_dst; 466148385Sume if (in6_setscope(&dst_in6, m->m_pkthdr.rcvif, &inzone) != 0 || 467148385Sume in6_setscope(&dst_in6, rt->rt_ifp, &outzone) != 0 || 468148385Sume inzone != outzone) { 469148385Sume ip6stat.ip6s_cantforward++; 470148385Sume ip6stat.ip6s_badscope++; 471148385Sume m_freem(m); 472148385Sume return; 473148385Sume } 474148385Sume 475121283Sume if (m->m_pkthdr.len > IN6_LINKMTU(rt->rt_ifp)) { 47653541Sshin in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig); 47762587Sitojun if (mcopy) { 47862587Sitojun u_long mtu; 47963256Sitojun#ifdef IPSEC 48062587Sitojun struct secpolicy *sp; 48162587Sitojun int ipsecerror; 48262587Sitojun size_t ipsechdrsiz; 48362587Sitojun#endif 48462587Sitojun 485121283Sume mtu = IN6_LINKMTU(rt->rt_ifp); 48663256Sitojun#ifdef IPSEC 48762587Sitojun /* 48862587Sitojun * When we do IPsec tunnel ingress, we need to play 489122062Sume * with the link value (decrement IPsec header size 49062587Sitojun * from mtu value). The code is much simpler than v4 49162587Sitojun * case, as we have the outgoing interface for 49262587Sitojun * encapsulated packet as "rt->rt_ifp". 49362587Sitojun */ 49462587Sitojun sp = ipsec6_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND, 49562587Sitojun IP_FORWARDING, &ipsecerror); 49662587Sitojun if (sp) { 49762587Sitojun ipsechdrsiz = ipsec6_hdrsiz(mcopy, 49862587Sitojun IPSEC_DIR_OUTBOUND, NULL); 49962587Sitojun if (ipsechdrsiz < mtu) 50062587Sitojun mtu -= ipsechdrsiz; 50162587Sitojun } 50262587Sitojun 50362587Sitojun /* 50462587Sitojun * if mtu becomes less than minimum MTU, 50562587Sitojun * tell minimum MTU (and I'll need to fragment it). 50662587Sitojun */ 50762587Sitojun if (mtu < IPV6_MMTU) 50862587Sitojun mtu = IPV6_MMTU; 50962587Sitojun#endif 51062587Sitojun icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu); 51162587Sitojun } 51262587Sitojun m_freem(m); 51353541Sshin return; 514120913Sume } 51553541Sshin 51653541Sshin if (rt->rt_flags & RTF_GATEWAY) 51753541Sshin dst = (struct sockaddr_in6 *)rt->rt_gateway; 51853541Sshin 51953541Sshin /* 52053541Sshin * If we are to forward the packet using the same interface 52153541Sshin * as one we got the packet from, perhaps we should send a redirect 52253541Sshin * to sender to shortcut a hop. 52353541Sshin * Only send redirect if source is sending directly to us, 52453541Sshin * and if packet was not source routed (or has any options). 52553541Sshin * Also, don't send redirect if forwarding using a route 52653541Sshin * modified by a redirect. 52753541Sshin */ 528162045Sjhay if (ip6_sendredirects && rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt && 529122062Sume#ifdef IPSEC 530122062Sume !ipsecrt && 531122062Sume#endif 53278064Sume (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) { 53378064Sume if ((rt->rt_ifp->if_flags & IFF_POINTOPOINT) != 0) { 53478064Sume /* 53578064Sume * If the incoming interface is equal to the outgoing 53678064Sume * one, and the link attached to the interface is 53778064Sume * point-to-point, then it will be highly probable 53878064Sume * that a routing loop occurs. Thus, we immediately 53978064Sume * drop the packet and send an ICMPv6 error message. 54078064Sume * 54178064Sume * type/code is based on suggestion by Rich Draves. 54278064Sume * not sure if it is the best pick. 54378064Sume */ 54478064Sume icmp6_error(mcopy, ICMP6_DST_UNREACH, 54578064Sume ICMP6_DST_UNREACH_ADDR, 0); 54678064Sume m_freem(m); 54778064Sume return; 54878064Sume } 54953541Sshin type = ND_REDIRECT; 55078064Sume } 55153541Sshin 55253541Sshin /* 55362587Sitojun * Fake scoped addresses. Note that even link-local source or 55462587Sitojun * destinaion can appear, if the originating node just sends the 55562587Sitojun * packet to us (without address resolution for the destination). 55662587Sitojun * Since both icmp6_error and icmp6_redirect_output fill the embedded 55778064Sume * link identifiers, we can do this stuff after making a copy for 55878064Sume * returning an error. 55962587Sitojun */ 56062587Sitojun if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) { 56162587Sitojun /* 56262587Sitojun * See corresponding comments in ip6_output. 56362587Sitojun * XXX: but is it possible that ip6_forward() sends a packet 56462587Sitojun * to a loopback interface? I don't think so, and thus 56562587Sitojun * I bark here. (jinmei@kame.net) 56662587Sitojun * XXX: it is common to route invalid packets to loopback. 56762587Sitojun * also, the codepath will be visited on use of ::1 in 56862587Sitojun * rthdr. (itojun) 56962587Sitojun */ 57062587Sitojun#if 1 57162587Sitojun if (0) 57262587Sitojun#else 57362587Sitojun if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0) 57462587Sitojun#endif 57562587Sitojun { 57662587Sitojun printf("ip6_forward: outgoing interface is loopback. " 577120913Sume "src %s, dst %s, nxt %d, rcvif %s, outif %s\n", 578120913Sume ip6_sprintf(&ip6->ip6_src), 579120913Sume ip6_sprintf(&ip6->ip6_dst), 580120913Sume ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif), 581120913Sume if_name(rt->rt_ifp)); 58262587Sitojun } 58362587Sitojun 58478064Sume /* we can just use rcvif in forwarding. */ 58578064Sume origifp = m->m_pkthdr.rcvif; 58662587Sitojun } 58762587Sitojun else 58862587Sitojun origifp = rt->rt_ifp; 58978064Sume /* 59078064Sume * clear embedded scope identifiers if necessary. 59178064Sume * in6_clearscope will touch the addresses only when necessary. 59278064Sume */ 59378064Sume in6_clearscope(&ip6->ip6_src); 59478064Sume in6_clearscope(&ip6->ip6_dst); 59562587Sitojun 596134383Sandre /* Jump over all PFIL processing if hooks are not active. */ 597155201Scsjp if (!PFIL_HOOKED(&inet6_pfil_hook)) 598134383Sandre goto pass; 599134383Sandre 600134383Sandre /* Run through list of hooks for output packets. */ 601135920Smlaier error = pfil_run_hooks(&inet6_pfil_hook, &m, rt->rt_ifp, PFIL_OUT, NULL); 602120593Ssam if (error != 0) 603120593Ssam goto senderr; 604120386Ssam if (m == NULL) 605120386Ssam goto freecopy; 606120386Ssam ip6 = mtod(m, struct ip6_hdr *); 60784994Sdarrenr 608134383Sandrepass: 60962587Sitojun error = nd6_output(rt->rt_ifp, origifp, m, dst, rt); 61053541Sshin if (error) { 61153541Sshin in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard); 61253541Sshin ip6stat.ip6s_cantforward++; 61353541Sshin } else { 61453541Sshin ip6stat.ip6s_forward++; 61553541Sshin in6_ifstat_inc(rt->rt_ifp, ifs6_out_forward); 61653541Sshin if (type) 61753541Sshin ip6stat.ip6s_redirectsent++; 61853541Sshin else { 61953541Sshin if (mcopy) 62053541Sshin goto freecopy; 62153541Sshin } 62253541Sshin } 623120913Sume 624120593Ssamsenderr: 62553541Sshin if (mcopy == NULL) 62653541Sshin return; 62753541Sshin switch (error) { 62853541Sshin case 0: 62953541Sshin if (type == ND_REDIRECT) { 63053541Sshin icmp6_redirect_output(mcopy, rt); 63153541Sshin return; 63253541Sshin } 63353541Sshin goto freecopy; 63453541Sshin 63553541Sshin case EMSGSIZE: 63653541Sshin /* xxx MTU is constant in PPP? */ 63753541Sshin goto freecopy; 63853541Sshin 63953541Sshin case ENOBUFS: 64053541Sshin /* Tell source to slow down like source quench in IP? */ 64153541Sshin goto freecopy; 64253541Sshin 64353541Sshin case ENETUNREACH: /* shouldn't happen, checked above */ 64453541Sshin case EHOSTUNREACH: 64553541Sshin case ENETDOWN: 64653541Sshin case EHOSTDOWN: 64753541Sshin default: 64853541Sshin type = ICMP6_DST_UNREACH; 64953541Sshin code = ICMP6_DST_UNREACH_ADDR; 65053541Sshin break; 65153541Sshin } 65253541Sshin icmp6_error(mcopy, type, code, 0); 65353541Sshin return; 65453541Sshin 65553541Sshin freecopy: 65653541Sshin m_freem(mcopy); 65753541Sshin return; 65853541Sshin} 659