in6_proto.c revision 120913
1/* $FreeBSD: head/sys/netinet6/in6_proto.c 120913 2003-10-08 18:26:08Z ume $ */ 2/* $KAME: in6_proto.c,v 1.91 2001/05/27 13:28:35 itojun Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33/* 34 * Copyright (c) 1982, 1986, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. All advertising materials mentioning features or use of this software 46 * must display the following acknowledgement: 47 * This product includes software developed by the University of 48 * California, Berkeley and its contributors. 49 * 4. Neither the name of the University nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 63 * SUCH DAMAGE. 64 * 65 * @(#)in_proto.c 8.1 (Berkeley) 6/10/93 66 */ 67 68#include "opt_inet.h" 69#include "opt_inet6.h" 70#include "opt_ipsec.h" 71#include "opt_random_ip_id.h" 72 73#include <sys/param.h> 74#include <sys/socket.h> 75#include <sys/socketvar.h> 76#include <sys/protosw.h> 77#include <sys/kernel.h> 78#include <sys/domain.h> 79#include <sys/mbuf.h> 80#include <sys/systm.h> 81#include <sys/sysctl.h> 82 83#include <net/if.h> 84#include <net/radix.h> 85#include <net/route.h> 86 87#include <netinet/in.h> 88#include <netinet/in_systm.h> 89#include <netinet/in_var.h> 90#include <netinet/ip_encap.h> 91#include <netinet/ip.h> 92#include <netinet/ip_var.h> 93#include <netinet/ip6.h> 94#include <netinet6/ip6_var.h> 95#include <netinet/icmp6.h> 96 97#include <netinet/tcp.h> 98#include <netinet/tcp_timer.h> 99#include <netinet/tcp_var.h> 100#include <netinet/udp.h> 101#include <netinet/udp_var.h> 102#include <netinet6/tcp6_var.h> 103#include <netinet6/raw_ip6.h> 104#include <netinet6/udp6_var.h> 105#include <netinet6/pim6_var.h> 106#include <netinet6/nd6.h> 107#include <netinet6/in6_prefix.h> 108 109#ifdef IPSEC 110#include <netinet6/ipsec.h> 111#ifdef INET6 112#include <netinet6/ipsec6.h> 113#endif 114#include <netinet6/ah.h> 115#ifdef INET6 116#include <netinet6/ah6.h> 117#endif 118#ifdef IPSEC_ESP 119#include <netinet6/esp.h> 120#ifdef INET6 121#include <netinet6/esp6.h> 122#endif 123#endif 124#include <netinet6/ipcomp.h> 125#ifdef INET6 126#include <netinet6/ipcomp6.h> 127#endif 128#endif /* IPSEC */ 129 130#ifdef FAST_IPSEC 131#include <netipsec/ipsec6.h> 132#define IPSEC 133#define IPSEC_ESP 134#define ah6_input ipsec6_common_input 135#define esp6_input ipsec6_common_input 136#define ipcomp6_input ipsec6_common_input 137#endif /* FAST_IPSEC */ 138 139#include <netinet6/ip6protosw.h> 140 141#include <net/net_osdep.h> 142 143/* 144 * TCP/IP protocol family: IP6, ICMP6, UDP, TCP. 145 */ 146 147extern struct domain inet6domain; 148static struct pr_usrreqs nousrreqs; 149 150#define PR_LISTEN 0 151#define PR_ABRTACPTDIS 0 152 153struct ip6protosw inet6sw[] = { 154{ 0, &inet6domain, IPPROTO_IPV6, 0, 155 0, 0, 0, 0, 156 0, 157 ip6_init, 0, frag6_slowtimo, frag6_drain, 158 &nousrreqs, 159}, 160{ SOCK_DGRAM, &inet6domain, IPPROTO_UDP, PR_ATOMIC|PR_ADDR, 161 udp6_input, 0, udp6_ctlinput, ip6_ctloutput, 162 0, 163 0, 0, 0, 0, 164 &udp6_usrreqs, 165}, 166{ SOCK_STREAM, &inet6domain, IPPROTO_TCP, PR_CONNREQUIRED|PR_WANTRCVD|PR_LISTEN, 167 tcp6_input, 0, tcp6_ctlinput, tcp_ctloutput, 168 0, 169#ifdef INET /* don't call initialization and timeout routines twice */ 170 0, 0, 0, tcp_drain, 171#else 172 tcp_init, tcp_fasttimo, tcp_slowtimo, tcp_drain, 173#endif 174 &tcp6_usrreqs, 175}, 176{ SOCK_RAW, &inet6domain, IPPROTO_RAW, PR_ATOMIC|PR_ADDR, 177 rip6_input, rip6_output, rip6_ctlinput, rip6_ctloutput, 178 0, 179 0, 0, 0, 0, 180 &rip6_usrreqs 181}, 182{ SOCK_RAW, &inet6domain, IPPROTO_ICMPV6, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 183 icmp6_input, rip6_output, rip6_ctlinput, rip6_ctloutput, 184 0, 185 icmp6_init, icmp6_fasttimo, 0, 0, 186 &rip6_usrreqs 187}, 188{ SOCK_RAW, &inet6domain, IPPROTO_DSTOPTS,PR_ATOMIC|PR_ADDR, 189 dest6_input, 0, 0, 0, 190 0, 191 0, 0, 0, 0, 192 &nousrreqs 193}, 194{ SOCK_RAW, &inet6domain, IPPROTO_ROUTING,PR_ATOMIC|PR_ADDR, 195 route6_input, 0, 0, 0, 196 0, 197 0, 0, 0, 0, 198 &nousrreqs 199}, 200{ SOCK_RAW, &inet6domain, IPPROTO_FRAGMENT,PR_ATOMIC|PR_ADDR, 201 frag6_input, 0, 0, 0, 202 0, 203 0, 0, 0, 0, 204 &nousrreqs 205}, 206#ifdef IPSEC 207{ SOCK_RAW, &inet6domain, IPPROTO_AH, PR_ATOMIC|PR_ADDR, 208 ah6_input, 0, 0, 0, 209 0, 210 0, 0, 0, 0, 211 &nousrreqs, 212}, 213#ifdef IPSEC_ESP 214{ SOCK_RAW, &inet6domain, IPPROTO_ESP, PR_ATOMIC|PR_ADDR, 215 esp6_input, 0, 216 esp6_ctlinput, 217 0, 218 0, 219 0, 0, 0, 0, 220 &nousrreqs, 221}, 222#endif 223{ SOCK_RAW, &inet6domain, IPPROTO_IPCOMP, PR_ATOMIC|PR_ADDR, 224 ipcomp6_input, 0, 0, 0, 225 0, 226 0, 0, 0, 0, 227 &nousrreqs, 228}, 229#endif /* IPSEC */ 230#ifdef INET 231{ SOCK_RAW, &inet6domain, IPPROTO_IPV4, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 232 encap6_input, rip6_output, 0, rip6_ctloutput, 233 0, 234 encap_init, 0, 0, 0, 235 &rip6_usrreqs 236}, 237#endif /* INET */ 238{ SOCK_RAW, &inet6domain, IPPROTO_IPV6, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 239 encap6_input, rip6_output, 0, rip6_ctloutput, 240 0, 241 encap_init, 0, 0, 0, 242 &rip6_usrreqs 243}, 244{ SOCK_RAW, &inet6domain, IPPROTO_PIM, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 245 pim6_input, rip6_output, 0, rip6_ctloutput, 246 0, 247 0, 0, 0, 0, 248 &rip6_usrreqs 249}, 250/* raw wildcard */ 251{ SOCK_RAW, &inet6domain, 0, PR_ATOMIC|PR_ADDR, 252 rip6_input, rip6_output, 0, rip6_ctloutput, 253 0, 254 0, 0, 0, 0, 255 &rip6_usrreqs 256}, 257}; 258 259extern int in6_inithead __P((void **, int)); 260 261struct domain inet6domain = 262 { AF_INET6, "internet6", 0, 0, 0, 263 (struct protosw *)inet6sw, 264 (struct protosw *)&inet6sw[sizeof(inet6sw)/sizeof(inet6sw[0])], 0, 265 in6_inithead, 266 offsetof(struct sockaddr_in6, sin6_addr) << 3, 267 sizeof(struct sockaddr_in6) }; 268 269DOMAIN_SET(inet6); 270 271/* 272 * Internet configuration info 273 */ 274#ifndef IPV6FORWARDING 275#ifdef GATEWAY6 276#define IPV6FORWARDING 1 /* forward IP6 packets not for us */ 277#else 278#define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */ 279#endif /* GATEWAY6 */ 280#endif /* !IPV6FORWARDING */ 281 282#ifndef IPV6_SENDREDIRECTS 283#define IPV6_SENDREDIRECTS 1 284#endif 285 286int ip6_forwarding = IPV6FORWARDING; /* act as router? */ 287int ip6_sendredirects = IPV6_SENDREDIRECTS; 288int ip6_defhlim = IPV6_DEFHLIM; 289int ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS; 290int ip6_accept_rtadv = 0; /* "IPV6FORWARDING ? 0 : 1" is dangerous */ 291int ip6_maxfragpackets; /* initialized in frag6.c:frag6_init() */ 292int ip6_log_interval = 5; 293int ip6_hdrnestlimit = 50; /* appropriate? */ 294int ip6_dad_count = 1; /* DupAddrDetectionTransmits */ 295#ifndef RANDOM_IP_ID 296u_int32_t ip6_flow_seq; 297#endif 298int ip6_auto_flowlabel = 1; 299int ip6_gif_hlim = 0; 300int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ 301int ip6_rr_prune = 5; /* router renumbering prefix 302 * walk list every 5 sec. */ 303int ip6_v6only = 1; 304 305#ifndef RANDOM_IP_ID 306u_int32_t ip6_id = 0UL; 307#endif 308int ip6_keepfaith = 0; 309time_t ip6_log_time = (time_t)0L; 310 311/* icmp6 */ 312/* 313 * BSDI4 defines these variables in in_proto.c... 314 * XXX: what if we don't define INET? Should we define pmtu6_expire 315 * or so? (jinmei@kame.net 19990310) 316 */ 317int pmtu_expire = 60*10; 318int pmtu_probe = 60*2; 319 320/* raw IP6 parameters */ 321/* 322 * Nominal space allocated to a raw ip socket. 323 */ 324#define RIPV6SNDQ 8192 325#define RIPV6RCVQ 8192 326 327u_long rip6_sendspace = RIPV6SNDQ; 328u_long rip6_recvspace = RIPV6RCVQ; 329 330/* ICMPV6 parameters */ 331int icmp6_rediraccept = 1; /* accept and process redirects */ 332int icmp6_redirtimeout = 10 * 60; /* 10 minutes */ 333int icmp6errppslim = 100; /* 100pps */ 334int icmp6_nodeinfo = 3; /* enable/disable NI response */ 335 336/* UDP on IP6 parameters */ 337int udp6_sendspace = 9216; /* really max datagram size */ 338int udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6)); 339 /* 40 1K datagrams */ 340 341/* 342 * sysctl related items. 343 */ 344SYSCTL_NODE(_net, PF_INET6, inet6, CTLFLAG_RW, 0, 345 "Internet6 Family"); 346 347/* net.inet6 */ 348SYSCTL_NODE(_net_inet6, IPPROTO_IPV6, ip6, CTLFLAG_RW, 0, "IP6"); 349SYSCTL_NODE(_net_inet6, IPPROTO_ICMPV6, icmp6, CTLFLAG_RW, 0, "ICMP6"); 350SYSCTL_NODE(_net_inet6, IPPROTO_UDP, udp6, CTLFLAG_RW, 0, "UDP6"); 351SYSCTL_NODE(_net_inet6, IPPROTO_TCP, tcp6, CTLFLAG_RW, 0, "TCP6"); 352#ifdef IPSEC 353SYSCTL_NODE(_net_inet6, IPPROTO_ESP, ipsec6, CTLFLAG_RW, 0, "IPSEC6"); 354#endif /* IPSEC */ 355 356/* net.inet6.ip6 */ 357static int 358sysctl_ip6_temppltime(SYSCTL_HANDLER_ARGS) 359{ 360 int error = 0; 361 int old; 362 363 error = SYSCTL_OUT(req, arg1, sizeof(int)); 364 if (error || !req->newptr) 365 return (error); 366 old = ip6_temp_preferred_lifetime; 367 error = SYSCTL_IN(req, arg1, sizeof(int)); 368 if (ip6_temp_preferred_lifetime < 369 ip6_desync_factor + ip6_temp_regen_advance) { 370 ip6_temp_preferred_lifetime = old; 371 return (EINVAL); 372 } 373 return (error); 374} 375 376static int 377sysctl_ip6_tempvltime(SYSCTL_HANDLER_ARGS) 378{ 379 int error = 0; 380 int old; 381 382 error = SYSCTL_OUT(req, arg1, sizeof(int)); 383 if (error || !req->newptr) 384 return (error); 385 old = ip6_temp_valid_lifetime; 386 error = SYSCTL_IN(req, arg1, sizeof(int)); 387 if (ip6_temp_valid_lifetime < ip6_temp_preferred_lifetime) { 388 ip6_temp_preferred_lifetime = old; 389 return (EINVAL); 390 } 391 return (error); 392} 393 394SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING, 395 forwarding, CTLFLAG_RW, &ip6_forwarding, 0, ""); 396SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS, 397 redirect, CTLFLAG_RW, &ip6_sendredirects, 0, ""); 398SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM, 399 hlim, CTLFLAG_RW, &ip6_defhlim, 0, ""); 400SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_STATS, stats, CTLFLAG_RD, 401 &ip6stat, ip6stat, ""); 402SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, 403 maxfragpackets, CTLFLAG_RW, &ip6_maxfragpackets, 0, ""); 404SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, 405 accept_rtadv, CTLFLAG_RW, &ip6_accept_rtadv, 0, ""); 406SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH, 407 keepfaith, CTLFLAG_RW, &ip6_keepfaith, 0, ""); 408SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL, 409 log_interval, CTLFLAG_RW, &ip6_log_interval, 0, ""); 410SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT, 411 hdrnestlimit, CTLFLAG_RW, &ip6_hdrnestlimit, 0, ""); 412SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT, 413 dad_count, CTLFLAG_RW, &ip6_dad_count, 0, ""); 414SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL, 415 auto_flowlabel, CTLFLAG_RW, &ip6_auto_flowlabel, 0, ""); 416SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM, 417 defmcasthlim, CTLFLAG_RW, &ip6_defmcasthlim, 0, ""); 418SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, 419 gifhlim, CTLFLAG_RW, &ip6_gif_hlim, 0, ""); 420SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION, 421 kame_version, CTLFLAG_RD, __KAME_VERSION, 0, ""); 422SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED, 423 use_deprecated, CTLFLAG_RW, &ip6_use_deprecated, 0, ""); 424SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE, 425 rr_prune, CTLFLAG_RW, &ip6_rr_prune, 0, ""); 426SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR, 427 use_tempaddr, CTLFLAG_RW, &ip6_use_tempaddr, 0, ""); 428SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime, 429 CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_preferred_lifetime, 0, 430 sysctl_ip6_temppltime, "I", ""); 431SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime, 432 CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_valid_lifetime, 0, 433 sysctl_ip6_tempvltime, "I", ""); 434SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY, 435 v6only, CTLFLAG_RW, &ip6_v6only, 0, ""); 436SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, 437 auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal, 0, ""); 438SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD, 439 &rip6stat, rip6stat, ""); 440 441/* net.inet6.icmp6 */ 442SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, 443 rediraccept, CTLFLAG_RW, &icmp6_rediraccept, 0, ""); 444SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, 445 redirtimeout, CTLFLAG_RW, &icmp6_redirtimeout, 0, ""); 446SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD, 447 &icmp6stat, icmp6stat, ""); 448SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, 449 nd6_prune, CTLFLAG_RW, &nd6_prune, 0, ""); 450SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, 451 nd6_delay, CTLFLAG_RW, &nd6_delay, 0, ""); 452SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, 453 nd6_umaxtries, CTLFLAG_RW, &nd6_umaxtries, 0, ""); 454SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, 455 nd6_mmaxtries, CTLFLAG_RW, &nd6_mmaxtries, 0, ""); 456SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, 457 nd6_useloopback, CTLFLAG_RW, &nd6_useloopback, 0, ""); 458SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, 459 nodeinfo, CTLFLAG_RW, &icmp6_nodeinfo, 0, ""); 460SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, 461 errppslimit, CTLFLAG_RW, &icmp6errppslim, 0, ""); 462SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, 463 nd6_maxnudhint, CTLFLAG_RW, &nd6_maxnudhint, 0, ""); 464SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, 465 nd6_debug, CTLFLAG_RW, &nd6_debug, 0, ""); 466