ip6_forward.c revision 197952
1139826Simp/*- 253541Sshin * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 353541Sshin * All rights reserved. 453541Sshin * 553541Sshin * Redistribution and use in source and binary forms, with or without 653541Sshin * modification, are permitted provided that the following conditions 753541Sshin * are met: 853541Sshin * 1. Redistributions of source code must retain the above copyright 953541Sshin * notice, this list of conditions and the following disclaimer. 1053541Sshin * 2. Redistributions in binary form must reproduce the above copyright 1153541Sshin * notice, this list of conditions and the following disclaimer in the 1253541Sshin * documentation and/or other materials provided with the distribution. 1353541Sshin * 3. Neither the name of the project nor the names of its contributors 1453541Sshin * may be used to endorse or promote products derived from this software 1553541Sshin * without specific prior written permission. 1653541Sshin * 1753541Sshin * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 1853541Sshin * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1953541Sshin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2053541Sshin * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2153541Sshin * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2253541Sshin * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2353541Sshin * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2453541Sshin * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2553541Sshin * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2653541Sshin * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2753541Sshin * SUCH DAMAGE. 28174510Sobrien * 29174510Sobrien * $KAME: ip6_forward.c,v 1.69 2001/05/17 03:48:30 itojun Exp $ 3053541Sshin */ 3153541Sshin 32174510Sobrien#include <sys/cdefs.h> 33174510Sobrien__FBSDID("$FreeBSD: head/sys/netinet6/ip6_forward.c 197952 2009-10-11 05:59:43Z julian $"); 34174510Sobrien 3562587Sitojun#include "opt_inet.h" 3662587Sitojun#include "opt_inet6.h" 3755009Sshin#include "opt_ipsec.h" 38148921Ssuz#include "opt_ipstealth.h" 3953541Sshin 4053541Sshin#include <sys/param.h> 4153541Sshin#include <sys/systm.h> 4278064Sume#include <sys/malloc.h> 4353541Sshin#include <sys/mbuf.h> 4453541Sshin#include <sys/domain.h> 4553541Sshin#include <sys/protosw.h> 4653541Sshin#include <sys/socket.h> 4753541Sshin#include <sys/errno.h> 4853541Sshin#include <sys/time.h> 4978064Sume#include <sys/kernel.h> 5053541Sshin#include <sys/syslog.h> 5153541Sshin 5253541Sshin#include <net/if.h> 5353541Sshin#include <net/route.h> 5484994Sdarrenr#include <net/pfil.h> 5553541Sshin 5653541Sshin#include <netinet/in.h> 5753541Sshin#include <netinet/in_var.h> 5878064Sume#include <netinet/in_systm.h> 5978064Sume#include <netinet/ip.h> 6062587Sitojun#include <netinet/ip_var.h> 6178064Sume#include <netinet6/in6_var.h> 6262587Sitojun#include <netinet/ip6.h> 6353541Sshin#include <netinet6/ip6_var.h> 64148385Sume#include <netinet6/scope6_var.h> 6562587Sitojun#include <netinet/icmp6.h> 6653541Sshin#include <netinet6/nd6.h> 6753541Sshin 6878064Sume#include <netinet/in_pcb.h> 6978064Sume 70171167Sgnn#ifdef IPSEC 71105199Ssam#include <netipsec/ipsec.h> 72105199Ssam#include <netipsec/ipsec6.h> 73105199Ssam#include <netipsec/key.h> 74171167Sgnn#endif /* IPSEC */ 75105199Ssam 7684994Sdarrenr#include <netinet6/ip6protosw.h> 7784994Sdarrenr 7853541Sshin/* 7953541Sshin * Forward a packet. If some error occurs return the sender 8053541Sshin * an icmp packet. Note we can't always generate a meaningful 8153541Sshin * icmp message because icmp doesn't have a large enough repertoire 8253541Sshin * of codes and types. 8353541Sshin * 8453541Sshin * If not forwarding, just drop the packet. This could be confusing 8553541Sshin * if ipforwarding was zero but some routing protocol was advancing 8653541Sshin * us as a gateway to somewhere. However, we must let the routing 8753541Sshin * protocol deal with that. 8853541Sshin * 8953541Sshin */ 9053541Sshinvoid 91171259Sdelphijip6_forward(struct mbuf *m, int srcrt) 9253541Sshin{ 9353541Sshin struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 94122062Sume struct sockaddr_in6 *dst = NULL; 95122062Sume struct rtentry *rt = NULL; 96187989Sbz struct route_in6 rin6; 9753541Sshin int error, type = 0, code = 0; 9862587Sitojun struct mbuf *mcopy = NULL; 9962587Sitojun struct ifnet *origifp; /* maybe unnecessary */ 100148385Sume u_int32_t inzone, outzone; 101148385Sume struct in6_addr src_in6, dst_in6; 102171167Sgnn#ifdef IPSEC 10353541Sshin struct secpolicy *sp = NULL; 104122062Sume int ipsecrt = 0; 10553541Sshin#endif 106165118Sbz char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; 10753541Sshin 108171167Sgnn#ifdef IPSEC 10953541Sshin /* 11053541Sshin * Check AH/ESP integrity. 11153541Sshin */ 11253541Sshin /* 11353541Sshin * Don't increment ip6s_cantforward because this is the check 11453541Sshin * before forwarding packet actually. 11553541Sshin */ 11653541Sshin if (ipsec6_in_reject(m, NULL)) { 117181803Sbz V_ipsec6stat.in_polvio++; 11853541Sshin m_freem(m); 11953541Sshin return; 12053541Sshin } 121171167Sgnn#endif /* IPSEC */ 12253541Sshin 12378064Sume /* 12478064Sume * Do not forward packets to multicast destination (should be handled 12578064Sume * by ip6_mforward(). 12678064Sume * Do not forward packets with unspecified source. It was discussed 127120913Sume * in July 2000, on the ipngwg mailing list. 12878064Sume */ 12962587Sitojun if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 || 13078064Sume IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || 13178064Sume IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) { 132181803Sbz V_ip6stat.ip6s_cantforward++; 13353541Sshin /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ 134181803Sbz if (V_ip6_log_time + V_ip6_log_interval < time_second) { 135181803Sbz V_ip6_log_time = time_second; 13653541Sshin log(LOG_DEBUG, 13753541Sshin "cannot forward " 13853541Sshin "from %s to %s nxt %d received on %s\n", 139165118Sbz ip6_sprintf(ip6bufs, &ip6->ip6_src), 140165118Sbz ip6_sprintf(ip6bufd, &ip6->ip6_dst), 14153541Sshin ip6->ip6_nxt, 14253541Sshin if_name(m->m_pkthdr.rcvif)); 14353541Sshin } 14453541Sshin m_freem(m); 14553541Sshin return; 14653541Sshin } 14753541Sshin 148148921Ssuz#ifdef IPSTEALTH 149181803Sbz if (!V_ip6stealth) { 150148921Ssuz#endif 15153541Sshin if (ip6->ip6_hlim <= IPV6_HLIMDEC) { 15253541Sshin /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ 15353541Sshin icmp6_error(m, ICMP6_TIME_EXCEEDED, 15453541Sshin ICMP6_TIME_EXCEED_TRANSIT, 0); 15553541Sshin return; 15653541Sshin } 15753541Sshin ip6->ip6_hlim -= IPV6_HLIMDEC; 15853541Sshin 159148921Ssuz#ifdef IPSTEALTH 160148921Ssuz } 161148921Ssuz#endif 162148921Ssuz 16362587Sitojun /* 16462587Sitojun * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU - 16562587Sitojun * size of IPv6 + ICMPv6 headers) bytes of the packet in case 16662587Sitojun * we need to generate an ICMP6 message to the src. 16762587Sitojun * Thanks to M_EXT, in most cases copy will not occur. 16862587Sitojun * 16962587Sitojun * It is important to save it before IPsec processing as IPsec 17062587Sitojun * processing may modify the mbuf. 17162587Sitojun */ 17262587Sitojun mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN)); 17362587Sitojun 174171167Sgnn#ifdef IPSEC 17553541Sshin /* get a security policy for this packet */ 176171133Sgnn sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 177120913Sume IP_FORWARDING, &error); 17853541Sshin if (sp == NULL) { 179181803Sbz V_ipsec6stat.out_inval++; 180181803Sbz V_ip6stat.ip6s_cantforward++; 18162587Sitojun if (mcopy) { 18262587Sitojun#if 0 18362587Sitojun /* XXX: what icmp ? */ 18462587Sitojun#else 18562587Sitojun m_freem(mcopy); 18662587Sitojun#endif 18762587Sitojun } 18853541Sshin m_freem(m); 18953541Sshin return; 19053541Sshin } 19153541Sshin 19253541Sshin error = 0; 19353541Sshin 19453541Sshin /* check policy */ 19553541Sshin switch (sp->policy) { 19653541Sshin case IPSEC_POLICY_DISCARD: 19753541Sshin /* 19853541Sshin * This packet is just discarded. 19953541Sshin */ 200181803Sbz V_ipsec6stat.out_polvio++; 201181803Sbz V_ip6stat.ip6s_cantforward++; 202171133Sgnn KEY_FREESP(&sp); 20362587Sitojun if (mcopy) { 20462587Sitojun#if 0 20562587Sitojun /* XXX: what icmp ? */ 20662587Sitojun#else 20762587Sitojun m_freem(mcopy); 20862587Sitojun#endif 20962587Sitojun } 21053541Sshin m_freem(m); 21153541Sshin return; 21253541Sshin 21353541Sshin case IPSEC_POLICY_BYPASS: 21453541Sshin case IPSEC_POLICY_NONE: 21553541Sshin /* no need to do IPsec. */ 216171133Sgnn KEY_FREESP(&sp); 21753541Sshin goto skip_ipsec; 21862587Sitojun 21953541Sshin case IPSEC_POLICY_IPSEC: 22053541Sshin if (sp->req == NULL) { 22153541Sshin /* XXX should be panic ? */ 22253541Sshin printf("ip6_forward: No IPsec request specified.\n"); 223181803Sbz V_ip6stat.ip6s_cantforward++; 224171133Sgnn KEY_FREESP(&sp); 22562587Sitojun if (mcopy) { 22662587Sitojun#if 0 22762587Sitojun /* XXX: what icmp ? */ 22862587Sitojun#else 22962587Sitojun m_freem(mcopy); 23062587Sitojun#endif 23162587Sitojun } 23253541Sshin m_freem(m); 23353541Sshin return; 23453541Sshin } 23553541Sshin /* do IPsec */ 23653541Sshin break; 23753541Sshin 23853541Sshin case IPSEC_POLICY_ENTRUST: 23953541Sshin default: 24053541Sshin /* should be panic ?? */ 24153541Sshin printf("ip6_forward: Invalid policy found. %d\n", sp->policy); 242171133Sgnn KEY_FREESP(&sp); 24353541Sshin goto skip_ipsec; 24453541Sshin } 24553541Sshin 24653541Sshin { 247122062Sume struct ipsecrequest *isr = NULL; 24853541Sshin struct ipsec_output_state state; 24953541Sshin 25053541Sshin /* 251122062Sume * when the kernel forwards a packet, it is not proper to apply 252122062Sume * IPsec transport mode to the packet is not proper. this check 253122062Sume * avoid from this. 254122062Sume * at present, if there is even a transport mode SA request in the 255122062Sume * security policy, the kernel does not apply IPsec to the packet. 256122062Sume * this check is not enough because the following case is valid. 257122062Sume * ipsec esp/tunnel/xxx-xxx/require esp/transport//require; 258122062Sume */ 259122062Sume for (isr = sp->req; isr; isr = isr->next) { 260126006Sume if (isr->saidx.mode == IPSEC_MODE_ANY) 261126006Sume goto doipsectunnel; 262126006Sume if (isr->saidx.mode == IPSEC_MODE_TUNNEL) 263126006Sume goto doipsectunnel; 264122062Sume } 265122062Sume 266122062Sume /* 267126006Sume * if there's no need for tunnel mode IPsec, skip. 268126006Sume */ 269126006Sume if (!isr) 270126006Sume goto skip_ipsec; 271126006Sume 272126006Sume doipsectunnel: 273126006Sume /* 27453541Sshin * All the extension headers will become inaccessible 27553541Sshin * (since they can be encrypted). 27653541Sshin * Don't panic, we need no more updates to extension headers 27753541Sshin * on inner IPv6 packet (since they are now encapsulated). 27853541Sshin * 27953541Sshin * IPv6 [ESP|AH] IPv6 [extension headers] payload 28053541Sshin */ 28153541Sshin bzero(&state, sizeof(state)); 28253541Sshin state.m = m; 28353541Sshin state.ro = NULL; /* update at ipsec6_output_tunnel() */ 28453541Sshin state.dst = NULL; /* update at ipsec6_output_tunnel() */ 28553541Sshin 28653541Sshin error = ipsec6_output_tunnel(&state, sp, 0); 28753541Sshin 28853541Sshin m = state.m; 289171133Sgnn KEY_FREESP(&sp); 29053541Sshin 29153541Sshin if (error) { 29253541Sshin /* mbuf is already reclaimed in ipsec6_output_tunnel. */ 29353541Sshin switch (error) { 29453541Sshin case EHOSTUNREACH: 29553541Sshin case ENETUNREACH: 29653541Sshin case EMSGSIZE: 29753541Sshin case ENOBUFS: 29853541Sshin case ENOMEM: 29953541Sshin break; 30053541Sshin default: 30153541Sshin printf("ip6_output (ipsec): error code %d\n", error); 302120913Sume /* FALLTHROUGH */ 30353541Sshin case ENOENT: 30453541Sshin /* don't show these error codes to the user */ 30553541Sshin break; 30653541Sshin } 307181803Sbz V_ip6stat.ip6s_cantforward++; 30862587Sitojun if (mcopy) { 30962587Sitojun#if 0 31062587Sitojun /* XXX: what icmp ? */ 31162587Sitojun#else 31262587Sitojun m_freem(mcopy); 31362587Sitojun#endif 31462587Sitojun } 31553541Sshin m_freem(m); 31653541Sshin return; 317171133Sgnn } else { 318171260Sdelphij /* 319171260Sdelphij * In the FAST IPSec case we have already 320171133Sgnn * re-injected the packet and it has been freed 321171260Sdelphij * by the ipsec_done() function. So, just clean 322171133Sgnn * up after ourselves. 323171133Sgnn */ 324171133Sgnn m = NULL; 325171133Sgnn goto freecopy; 32653541Sshin } 327122062Sume 328171133Sgnn if ((m != NULL) && (ip6 != mtod(m, struct ip6_hdr *)) ){ 329126006Sume /* 330126006Sume * now tunnel mode headers are added. we are originating 331126006Sume * packet instead of forwarding the packet. 332126006Sume */ 333126006Sume ip6_output(m, NULL, NULL, IPV6_FORWARDING/*XXX*/, NULL, NULL, 334126006Sume NULL); 335126006Sume goto freecopy; 336126006Sume } 337126006Sume 338122062Sume /* adjust pointer */ 339122062Sume dst = (struct sockaddr_in6 *)state.dst; 340122062Sume rt = state.ro ? state.ro->ro_rt : NULL; 341122062Sume if (dst != NULL && rt != NULL) 342122062Sume ipsecrt = 1; 34353541Sshin } 344122062Sume if (ipsecrt) 345122062Sume goto skip_routing; 346187949Sbzskip_ipsec: 347122062Sume#endif 348122062Sume 349187989Sbz bzero(&rin6, sizeof(struct route_in6)); 350187989Sbz dst = (struct sockaddr_in6 *)&rin6.ro_dst; 351187989Sbz dst->sin6_len = sizeof(struct sockaddr_in6); 352187989Sbz dst->sin6_family = AF_INET6; 353187989Sbz dst->sin6_addr = ip6->ip6_dst; 354120913Sume 355187989Sbz rin6.ro_rt = rtalloc1((struct sockaddr *)dst, 0, 0); 356187989Sbz if (rin6.ro_rt != NULL) 357187989Sbz RT_UNLOCK(rin6.ro_rt); 358187989Sbz else { 359187989Sbz V_ip6stat.ip6s_noroute++; 360187989Sbz in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute); 361187989Sbz if (mcopy) { 362187989Sbz icmp6_error(mcopy, ICMP6_DST_UNREACH, 363187989Sbz ICMP6_DST_UNREACH_NOROUTE, 0); 36453541Sshin } 365187989Sbz goto bad; 36653541Sshin } 367187989Sbz rt = rin6.ro_rt; 368171167Sgnn#ifdef IPSEC 369187989Sbzskip_routing: 370122062Sume#endif 37162587Sitojun 37262587Sitojun /* 373148385Sume * Source scope check: if a packet can't be delivered to its 374148385Sume * destination for the reason that the destination is beyond the scope 375148385Sume * of the source address, discard the packet and return an icmp6 376148385Sume * destination unreachable error with Code 2 (beyond scope of source 377148385Sume * address). We use a local copy of ip6_src, since in6_setscope() 378148385Sume * will possibly modify its first argument. 379148385Sume * [draft-ietf-ipngwg-icmp-v3-04.txt, Section 3.1] 38062587Sitojun */ 381148385Sume src_in6 = ip6->ip6_src; 382148385Sume if (in6_setscope(&src_in6, rt->rt_ifp, &outzone)) { 383122062Sume /* XXX: this should not happen */ 384181803Sbz V_ip6stat.ip6s_cantforward++; 385181803Sbz V_ip6stat.ip6s_badscope++; 386187989Sbz goto bad; 387122062Sume } 388148385Sume if (in6_setscope(&src_in6, m->m_pkthdr.rcvif, &inzone)) { 389181803Sbz V_ip6stat.ip6s_cantforward++; 390181803Sbz V_ip6stat.ip6s_badscope++; 391187989Sbz goto bad; 392148385Sume } 393148385Sume if (inzone != outzone 394171167Sgnn#ifdef IPSEC 395122062Sume && !ipsecrt 396122062Sume#endif 397122062Sume ) { 398181803Sbz V_ip6stat.ip6s_cantforward++; 399181803Sbz V_ip6stat.ip6s_badscope++; 40062587Sitojun in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard); 40162587Sitojun 402181803Sbz if (V_ip6_log_time + V_ip6_log_interval < time_second) { 403181803Sbz V_ip6_log_time = time_second; 40462587Sitojun log(LOG_DEBUG, 40562587Sitojun "cannot forward " 40662587Sitojun "src %s, dst %s, nxt %d, rcvif %s, outif %s\n", 407165118Sbz ip6_sprintf(ip6bufs, &ip6->ip6_src), 408165118Sbz ip6_sprintf(ip6bufd, &ip6->ip6_dst), 40962587Sitojun ip6->ip6_nxt, 41062587Sitojun if_name(m->m_pkthdr.rcvif), if_name(rt->rt_ifp)); 41162587Sitojun } 41262587Sitojun if (mcopy) 41362587Sitojun icmp6_error(mcopy, ICMP6_DST_UNREACH, 41462587Sitojun ICMP6_DST_UNREACH_BEYONDSCOPE, 0); 415187989Sbz goto bad; 41662587Sitojun } 41762587Sitojun 418148385Sume /* 419148385Sume * Destination scope check: if a packet is going to break the scope 420148385Sume * zone of packet's destination address, discard it. This case should 421148385Sume * usually be prevented by appropriately-configured routing table, but 422148385Sume * we need an explicit check because we may mistakenly forward the 423148385Sume * packet to a different zone by (e.g.) a default route. 424148385Sume */ 425148385Sume dst_in6 = ip6->ip6_dst; 426148385Sume if (in6_setscope(&dst_in6, m->m_pkthdr.rcvif, &inzone) != 0 || 427148385Sume in6_setscope(&dst_in6, rt->rt_ifp, &outzone) != 0 || 428148385Sume inzone != outzone) { 429181803Sbz V_ip6stat.ip6s_cantforward++; 430181803Sbz V_ip6stat.ip6s_badscope++; 431187989Sbz goto bad; 432148385Sume } 433148385Sume 434121283Sume if (m->m_pkthdr.len > IN6_LINKMTU(rt->rt_ifp)) { 43553541Sshin in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig); 43662587Sitojun if (mcopy) { 43762587Sitojun u_long mtu; 438171167Sgnn#ifdef IPSEC 43962587Sitojun struct secpolicy *sp; 44062587Sitojun int ipsecerror; 44162587Sitojun size_t ipsechdrsiz; 442171167Sgnn#endif /* IPSEC */ 44362587Sitojun 444121283Sume mtu = IN6_LINKMTU(rt->rt_ifp); 445171167Sgnn#ifdef IPSEC 44662587Sitojun /* 44762587Sitojun * When we do IPsec tunnel ingress, we need to play 448122062Sume * with the link value (decrement IPsec header size 44962587Sitojun * from mtu value). The code is much simpler than v4 45062587Sitojun * case, as we have the outgoing interface for 45162587Sitojun * encapsulated packet as "rt->rt_ifp". 45262587Sitojun */ 453171133Sgnn sp = ipsec_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND, 45462587Sitojun IP_FORWARDING, &ipsecerror); 45562587Sitojun if (sp) { 456188306Sbz ipsechdrsiz = ipsec_hdrsiz(mcopy, 45762587Sitojun IPSEC_DIR_OUTBOUND, NULL); 45862587Sitojun if (ipsechdrsiz < mtu) 45962587Sitojun mtu -= ipsechdrsiz; 46062587Sitojun } 46162587Sitojun 46262587Sitojun /* 46362587Sitojun * if mtu becomes less than minimum MTU, 46462587Sitojun * tell minimum MTU (and I'll need to fragment it). 46562587Sitojun */ 46662587Sitojun if (mtu < IPV6_MMTU) 46762587Sitojun mtu = IPV6_MMTU; 468171167Sgnn#endif /* IPSEC */ 46962587Sitojun icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu); 47062587Sitojun } 471187989Sbz goto bad; 472120913Sume } 47353541Sshin 47453541Sshin if (rt->rt_flags & RTF_GATEWAY) 47553541Sshin dst = (struct sockaddr_in6 *)rt->rt_gateway; 47653541Sshin 47753541Sshin /* 47853541Sshin * If we are to forward the packet using the same interface 47953541Sshin * as one we got the packet from, perhaps we should send a redirect 48053541Sshin * to sender to shortcut a hop. 48153541Sshin * Only send redirect if source is sending directly to us, 48253541Sshin * and if packet was not source routed (or has any options). 48353541Sshin * Also, don't send redirect if forwarding using a route 48453541Sshin * modified by a redirect. 48553541Sshin */ 486181803Sbz if (V_ip6_sendredirects && rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt && 487171167Sgnn#ifdef IPSEC 488122062Sume !ipsecrt && 489171167Sgnn#endif /* IPSEC */ 49078064Sume (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) { 49178064Sume if ((rt->rt_ifp->if_flags & IFF_POINTOPOINT) != 0) { 49278064Sume /* 49378064Sume * If the incoming interface is equal to the outgoing 49478064Sume * one, and the link attached to the interface is 49578064Sume * point-to-point, then it will be highly probable 49678064Sume * that a routing loop occurs. Thus, we immediately 49778064Sume * drop the packet and send an ICMPv6 error message. 49878064Sume * 49978064Sume * type/code is based on suggestion by Rich Draves. 50078064Sume * not sure if it is the best pick. 50178064Sume */ 50278064Sume icmp6_error(mcopy, ICMP6_DST_UNREACH, 50378064Sume ICMP6_DST_UNREACH_ADDR, 0); 504187989Sbz goto bad; 50578064Sume } 50653541Sshin type = ND_REDIRECT; 50778064Sume } 50853541Sshin 50953541Sshin /* 51062587Sitojun * Fake scoped addresses. Note that even link-local source or 51162587Sitojun * destinaion can appear, if the originating node just sends the 51262587Sitojun * packet to us (without address resolution for the destination). 51362587Sitojun * Since both icmp6_error and icmp6_redirect_output fill the embedded 51478064Sume * link identifiers, we can do this stuff after making a copy for 51578064Sume * returning an error. 51662587Sitojun */ 51762587Sitojun if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) { 51862587Sitojun /* 51962587Sitojun * See corresponding comments in ip6_output. 52062587Sitojun * XXX: but is it possible that ip6_forward() sends a packet 52162587Sitojun * to a loopback interface? I don't think so, and thus 52262587Sitojun * I bark here. (jinmei@kame.net) 52362587Sitojun * XXX: it is common to route invalid packets to loopback. 52462587Sitojun * also, the codepath will be visited on use of ::1 in 52562587Sitojun * rthdr. (itojun) 52662587Sitojun */ 52762587Sitojun#if 1 52862587Sitojun if (0) 52962587Sitojun#else 53062587Sitojun if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0) 53162587Sitojun#endif 53262587Sitojun { 53362587Sitojun printf("ip6_forward: outgoing interface is loopback. " 534120913Sume "src %s, dst %s, nxt %d, rcvif %s, outif %s\n", 535165118Sbz ip6_sprintf(ip6bufs, &ip6->ip6_src), 536165118Sbz ip6_sprintf(ip6bufd, &ip6->ip6_dst), 537120913Sume ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif), 538120913Sume if_name(rt->rt_ifp)); 53962587Sitojun } 54062587Sitojun 54178064Sume /* we can just use rcvif in forwarding. */ 54278064Sume origifp = m->m_pkthdr.rcvif; 54362587Sitojun } 54462587Sitojun else 54562587Sitojun origifp = rt->rt_ifp; 54678064Sume /* 54778064Sume * clear embedded scope identifiers if necessary. 54878064Sume * in6_clearscope will touch the addresses only when necessary. 54978064Sume */ 55078064Sume in6_clearscope(&ip6->ip6_src); 55178064Sume in6_clearscope(&ip6->ip6_dst); 55262587Sitojun 553134383Sandre /* Jump over all PFIL processing if hooks are not active. */ 554197952Sjulian if (!PFIL_HOOKED(&V_inet6_pfil_hook)) 555134383Sandre goto pass; 556134383Sandre 557134383Sandre /* Run through list of hooks for output packets. */ 558197952Sjulian error = pfil_run_hooks(&V_inet6_pfil_hook, &m, rt->rt_ifp, PFIL_OUT, NULL); 559120593Ssam if (error != 0) 560120593Ssam goto senderr; 561120386Ssam if (m == NULL) 562120386Ssam goto freecopy; 563120386Ssam ip6 = mtod(m, struct ip6_hdr *); 56484994Sdarrenr 565134383Sandrepass: 56662587Sitojun error = nd6_output(rt->rt_ifp, origifp, m, dst, rt); 56753541Sshin if (error) { 56853541Sshin in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard); 569181803Sbz V_ip6stat.ip6s_cantforward++; 57053541Sshin } else { 571181803Sbz V_ip6stat.ip6s_forward++; 57253541Sshin in6_ifstat_inc(rt->rt_ifp, ifs6_out_forward); 57353541Sshin if (type) 574181803Sbz V_ip6stat.ip6s_redirectsent++; 57553541Sshin else { 57653541Sshin if (mcopy) 57753541Sshin goto freecopy; 57853541Sshin } 57953541Sshin } 580120913Sume 581120593Ssamsenderr: 58253541Sshin if (mcopy == NULL) 583187989Sbz goto out; 58453541Sshin switch (error) { 58553541Sshin case 0: 58653541Sshin if (type == ND_REDIRECT) { 58753541Sshin icmp6_redirect_output(mcopy, rt); 588187989Sbz goto out; 58953541Sshin } 59053541Sshin goto freecopy; 59153541Sshin 59253541Sshin case EMSGSIZE: 59353541Sshin /* xxx MTU is constant in PPP? */ 59453541Sshin goto freecopy; 59553541Sshin 59653541Sshin case ENOBUFS: 59753541Sshin /* Tell source to slow down like source quench in IP? */ 59853541Sshin goto freecopy; 59953541Sshin 60053541Sshin case ENETUNREACH: /* shouldn't happen, checked above */ 60153541Sshin case EHOSTUNREACH: 60253541Sshin case ENETDOWN: 60353541Sshin case EHOSTDOWN: 60453541Sshin default: 60553541Sshin type = ICMP6_DST_UNREACH; 60653541Sshin code = ICMP6_DST_UNREACH_ADDR; 60753541Sshin break; 60853541Sshin } 60953541Sshin icmp6_error(mcopy, type, code, 0); 610187989Sbz goto out; 61153541Sshin 61253541Sshin freecopy: 61353541Sshin m_freem(mcopy); 614187989Sbz goto out; 615187989Sbzbad: 616187989Sbz m_freem(m); 617187989Sbzout: 618187989Sbz if (rt != NULL 619187989Sbz#ifdef IPSEC 620187989Sbz && !ipsecrt 621187989Sbz#endif 622187989Sbz ) 623187989Sbz RTFREE(rt); 62453541Sshin} 625