in6_proto.c revision 120913 
1/*	$FreeBSD: head/sys/netinet6/in6_proto.c 120913 2003-10-08 18:26:08Z ume $	*/
2/*	$KAME: in6_proto.c,v 1.91 2001/05/27 13:28:35 itojun Exp $	*/
3
4/*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 *    may be used to endorse or promote products derived from this software
18 *    without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33/*
34 * Copyright (c) 1982, 1986, 1993
35 *	The Regents of the University of California.  All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 *    notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 *    notice, this list of conditions and the following disclaimer in the
44 *    documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 *    must display the following acknowledgement:
47 *	This product includes software developed by the University of
48 *	California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 *    may be used to endorse or promote products derived from this software
51 *    without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 *	@(#)in_proto.c	8.1 (Berkeley) 6/10/93
66 */
67
68#include "opt_inet.h"
69#include "opt_inet6.h"
70#include "opt_ipsec.h"
71#include "opt_random_ip_id.h"
72
73#include <sys/param.h>
74#include <sys/socket.h>
75#include <sys/socketvar.h>
76#include <sys/protosw.h>
77#include <sys/kernel.h>
78#include <sys/domain.h>
79#include <sys/mbuf.h>
80#include <sys/systm.h>
81#include <sys/sysctl.h>
82
83#include <net/if.h>
84#include <net/radix.h>
85#include <net/route.h>
86
87#include <netinet/in.h>
88#include <netinet/in_systm.h>
89#include <netinet/in_var.h>
90#include <netinet/ip_encap.h>
91#include <netinet/ip.h>
92#include <netinet/ip_var.h>
93#include <netinet/ip6.h>
94#include <netinet6/ip6_var.h>
95#include <netinet/icmp6.h>
96
97#include <netinet/tcp.h>
98#include <netinet/tcp_timer.h>
99#include <netinet/tcp_var.h>
100#include <netinet/udp.h>
101#include <netinet/udp_var.h>
102#include <netinet6/tcp6_var.h>
103#include <netinet6/raw_ip6.h>
104#include <netinet6/udp6_var.h>
105#include <netinet6/pim6_var.h>
106#include <netinet6/nd6.h>
107#include <netinet6/in6_prefix.h>
108
109#ifdef IPSEC
110#include <netinet6/ipsec.h>
111#ifdef INET6
112#include <netinet6/ipsec6.h>
113#endif
114#include <netinet6/ah.h>
115#ifdef INET6
116#include <netinet6/ah6.h>
117#endif
118#ifdef IPSEC_ESP
119#include <netinet6/esp.h>
120#ifdef INET6
121#include <netinet6/esp6.h>
122#endif
123#endif
124#include <netinet6/ipcomp.h>
125#ifdef INET6
126#include <netinet6/ipcomp6.h>
127#endif
128#endif /* IPSEC */
129
130#ifdef FAST_IPSEC
131#include <netipsec/ipsec6.h>
132#define	IPSEC
133#define	IPSEC_ESP
134#define	ah6_input	ipsec6_common_input
135#define	esp6_input	ipsec6_common_input
136#define	ipcomp6_input	ipsec6_common_input
137#endif /* FAST_IPSEC */
138
139#include <netinet6/ip6protosw.h>
140
141#include <net/net_osdep.h>
142
143/*
144 * TCP/IP protocol family: IP6, ICMP6, UDP, TCP.
145 */
146
147extern	struct domain inet6domain;
148static struct pr_usrreqs nousrreqs;
149
150#define PR_LISTEN	0
151#define PR_ABRTACPTDIS	0
152
153struct ip6protosw inet6sw[] = {
154{ 0,		&inet6domain,	IPPROTO_IPV6,	0,
155  0,		0,		0,		0,
156  0,
157  ip6_init,	0,		frag6_slowtimo,	frag6_drain,
158  &nousrreqs,
159},
160{ SOCK_DGRAM,	&inet6domain,	IPPROTO_UDP,	PR_ATOMIC|PR_ADDR,
161  udp6_input,	0,		udp6_ctlinput,	ip6_ctloutput,
162  0,
163  0,		0,		0,		0,
164  &udp6_usrreqs,
165},
166{ SOCK_STREAM,	&inet6domain,	IPPROTO_TCP,	PR_CONNREQUIRED|PR_WANTRCVD|PR_LISTEN,
167  tcp6_input,	0,		tcp6_ctlinput,	tcp_ctloutput,
168  0,
169#ifdef INET	/* don't call initialization and timeout routines twice */
170  0,		0,		0,		tcp_drain,
171#else
172  tcp_init,	tcp_fasttimo,	tcp_slowtimo,	tcp_drain,
173#endif
174  &tcp6_usrreqs,
175},
176{ SOCK_RAW,	&inet6domain,	IPPROTO_RAW,	PR_ATOMIC|PR_ADDR,
177  rip6_input,	rip6_output,	rip6_ctlinput,	rip6_ctloutput,
178  0,
179  0,		0,		0,		0,
180  &rip6_usrreqs
181},
182{ SOCK_RAW,	&inet6domain,	IPPROTO_ICMPV6,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
183  icmp6_input,	rip6_output,	rip6_ctlinput,	rip6_ctloutput,
184  0,
185  icmp6_init,	icmp6_fasttimo,	0,		0,
186  &rip6_usrreqs
187},
188{ SOCK_RAW,	&inet6domain,	IPPROTO_DSTOPTS,PR_ATOMIC|PR_ADDR,
189  dest6_input,	0,	 	0,		0,
190  0,
191  0,		0,		0,		0,
192  &nousrreqs
193},
194{ SOCK_RAW,	&inet6domain,	IPPROTO_ROUTING,PR_ATOMIC|PR_ADDR,
195  route6_input,	0,	 	0,		0,
196  0,
197  0,		0,		0,		0,
198  &nousrreqs
199},
200{ SOCK_RAW,	&inet6domain,	IPPROTO_FRAGMENT,PR_ATOMIC|PR_ADDR,
201  frag6_input,	0,	 	0,		0,
202  0,
203  0,		0,		0,		0,
204  &nousrreqs
205},
206#ifdef IPSEC
207{ SOCK_RAW,	&inet6domain,	IPPROTO_AH,	PR_ATOMIC|PR_ADDR,
208  ah6_input,	0,		0,		0,
209  0,
210  0,		0,		0,		0,
211  &nousrreqs,
212},
213#ifdef IPSEC_ESP
214{ SOCK_RAW,	&inet6domain,	IPPROTO_ESP,	PR_ATOMIC|PR_ADDR,
215  esp6_input,	0,
216  esp6_ctlinput,
217  0,
218  0,
219  0,		0,		0,		0,
220  &nousrreqs,
221},
222#endif
223{ SOCK_RAW,	&inet6domain,	IPPROTO_IPCOMP,	PR_ATOMIC|PR_ADDR,
224  ipcomp6_input, 0,	 	0,		0,
225  0,
226  0,		0,		0,		0,
227  &nousrreqs,
228},
229#endif /* IPSEC */
230#ifdef INET
231{ SOCK_RAW,	&inet6domain,	IPPROTO_IPV4,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
232  encap6_input,	rip6_output, 	0,		rip6_ctloutput,
233  0,
234  encap_init,	0,		0,		0,
235  &rip6_usrreqs
236},
237#endif /* INET */
238{ SOCK_RAW,	&inet6domain,	IPPROTO_IPV6,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
239  encap6_input, rip6_output,	0,		rip6_ctloutput,
240  0,
241  encap_init,	0,		0,		0,
242  &rip6_usrreqs
243},
244{ SOCK_RAW,     &inet6domain,	IPPROTO_PIM,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
245  pim6_input,	rip6_output,	0,              rip6_ctloutput,
246  0,
247  0,            0,              0,              0,
248  &rip6_usrreqs
249},
250/* raw wildcard */
251{ SOCK_RAW,	&inet6domain,	0,		PR_ATOMIC|PR_ADDR,
252  rip6_input,	rip6_output,	0,		rip6_ctloutput,
253  0,
254  0,		0,		0,		0,
255  &rip6_usrreqs
256},
257};
258
259extern int in6_inithead __P((void **, int));
260
261struct domain inet6domain =
262    { AF_INET6, "internet6", 0, 0, 0,
263      (struct protosw *)inet6sw,
264      (struct protosw *)&inet6sw[sizeof(inet6sw)/sizeof(inet6sw[0])], 0,
265      in6_inithead,
266      offsetof(struct sockaddr_in6, sin6_addr) << 3,
267      sizeof(struct sockaddr_in6) };
268
269DOMAIN_SET(inet6);
270
271/*
272 * Internet configuration info
273 */
274#ifndef	IPV6FORWARDING
275#ifdef GATEWAY6
276#define	IPV6FORWARDING	1	/* forward IP6 packets not for us */
277#else
278#define	IPV6FORWARDING	0	/* don't forward IP6 packets not for us */
279#endif /* GATEWAY6 */
280#endif /* !IPV6FORWARDING */
281
282#ifndef	IPV6_SENDREDIRECTS
283#define	IPV6_SENDREDIRECTS	1
284#endif
285
286int	ip6_forwarding = IPV6FORWARDING;	/* act as router? */
287int	ip6_sendredirects = IPV6_SENDREDIRECTS;
288int	ip6_defhlim = IPV6_DEFHLIM;
289int	ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS;
290int	ip6_accept_rtadv = 0;	/* "IPV6FORWARDING ? 0 : 1" is dangerous */
291int	ip6_maxfragpackets;	/* initialized in frag6.c:frag6_init() */
292int	ip6_log_interval = 5;
293int	ip6_hdrnestlimit = 50;	/* appropriate? */
294int	ip6_dad_count = 1;	/* DupAddrDetectionTransmits */
295#ifndef RANDOM_IP_ID
296u_int32_t ip6_flow_seq;
297#endif
298int	ip6_auto_flowlabel = 1;
299int	ip6_gif_hlim = 0;
300int	ip6_use_deprecated = 1;	/* allow deprecated addr (RFC2462 5.5.4) */
301int	ip6_rr_prune = 5;	/* router renumbering prefix
302				 * walk list every 5 sec. */
303int	ip6_v6only = 1;
304
305#ifndef RANDOM_IP_ID
306u_int32_t ip6_id = 0UL;
307#endif
308int	ip6_keepfaith = 0;
309time_t	ip6_log_time = (time_t)0L;
310
311/* icmp6 */
312/*
313 * BSDI4 defines these variables in in_proto.c...
314 * XXX: what if we don't define INET? Should we define pmtu6_expire
315 * or so? (jinmei@kame.net 19990310)
316 */
317int pmtu_expire = 60*10;
318int pmtu_probe = 60*2;
319
320/* raw IP6 parameters */
321/*
322 * Nominal space allocated to a raw ip socket.
323 */
324#define	RIPV6SNDQ	8192
325#define	RIPV6RCVQ	8192
326
327u_long	rip6_sendspace = RIPV6SNDQ;
328u_long	rip6_recvspace = RIPV6RCVQ;
329
330/* ICMPV6 parameters */
331int	icmp6_rediraccept = 1;		/* accept and process redirects */
332int	icmp6_redirtimeout = 10 * 60;	/* 10 minutes */
333int	icmp6errppslim = 100;		/* 100pps */
334int	icmp6_nodeinfo = 3;		/* enable/disable NI response */
335
336/* UDP on IP6 parameters */
337int	udp6_sendspace = 9216;		/* really max datagram size */
338int	udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6));
339					/* 40 1K datagrams */
340
341/*
342 * sysctl related items.
343 */
344SYSCTL_NODE(_net,	PF_INET6,	inet6,	CTLFLAG_RW,	0,
345	"Internet6 Family");
346
347/* net.inet6 */
348SYSCTL_NODE(_net_inet6,	IPPROTO_IPV6,	ip6,	CTLFLAG_RW, 0,	"IP6");
349SYSCTL_NODE(_net_inet6,	IPPROTO_ICMPV6,	icmp6,	CTLFLAG_RW, 0,	"ICMP6");
350SYSCTL_NODE(_net_inet6,	IPPROTO_UDP,	udp6,	CTLFLAG_RW, 0,	"UDP6");
351SYSCTL_NODE(_net_inet6,	IPPROTO_TCP,	tcp6,	CTLFLAG_RW, 0,	"TCP6");
352#ifdef IPSEC
353SYSCTL_NODE(_net_inet6,	IPPROTO_ESP,	ipsec6,	CTLFLAG_RW, 0,	"IPSEC6");
354#endif /* IPSEC */
355
356/* net.inet6.ip6 */
357static int
358sysctl_ip6_temppltime(SYSCTL_HANDLER_ARGS)
359{
360	int error = 0;
361	int old;
362
363	error = SYSCTL_OUT(req, arg1, sizeof(int));
364	if (error || !req->newptr)
365		return (error);
366	old = ip6_temp_preferred_lifetime;
367	error = SYSCTL_IN(req, arg1, sizeof(int));
368	if (ip6_temp_preferred_lifetime <
369	    ip6_desync_factor + ip6_temp_regen_advance) {
370		ip6_temp_preferred_lifetime = old;
371		return (EINVAL);
372	}
373	return (error);
374}
375
376static int
377sysctl_ip6_tempvltime(SYSCTL_HANDLER_ARGS)
378{
379	int error = 0;
380	int old;
381
382	error = SYSCTL_OUT(req, arg1, sizeof(int));
383	if (error || !req->newptr)
384		return (error);
385	old = ip6_temp_valid_lifetime;
386	error = SYSCTL_IN(req, arg1, sizeof(int));
387	if (ip6_temp_valid_lifetime < ip6_temp_preferred_lifetime) {
388		ip6_temp_preferred_lifetime = old;
389		return (EINVAL);
390	}
391	return (error);
392}
393
394SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING,
395	forwarding, CTLFLAG_RW, 	&ip6_forwarding,	0, "");
396SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS,
397	redirect, CTLFLAG_RW,		&ip6_sendredirects,	0, "");
398SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM,
399	hlim, CTLFLAG_RW,		&ip6_defhlim,	0, "");
400SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_STATS, stats, CTLFLAG_RD,
401	&ip6stat, ip6stat, "");
402SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS,
403	maxfragpackets, CTLFLAG_RW,	&ip6_maxfragpackets,	0, "");
404SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV,
405	accept_rtadv, CTLFLAG_RW,	&ip6_accept_rtadv,	0, "");
406SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH,
407	keepfaith, CTLFLAG_RW,		&ip6_keepfaith,	0, "");
408SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL,
409	log_interval, CTLFLAG_RW,	&ip6_log_interval,	0, "");
410SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT,
411	hdrnestlimit, CTLFLAG_RW,	&ip6_hdrnestlimit,	0, "");
412SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT,
413	dad_count, CTLFLAG_RW,	&ip6_dad_count,	0, "");
414SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL,
415	auto_flowlabel, CTLFLAG_RW,	&ip6_auto_flowlabel,	0, "");
416SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM,
417	defmcasthlim, CTLFLAG_RW,	&ip6_defmcasthlim,	0, "");
418SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM,
419	gifhlim, CTLFLAG_RW,	&ip6_gif_hlim,			0, "");
420SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION,
421	kame_version, CTLFLAG_RD,	__KAME_VERSION,		0, "");
422SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED,
423	use_deprecated, CTLFLAG_RW,	&ip6_use_deprecated,	0, "");
424SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE,
425	rr_prune, CTLFLAG_RW,	&ip6_rr_prune,			0, "");
426SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR,
427	use_tempaddr, CTLFLAG_RW, &ip6_use_tempaddr,		0, "");
428SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime,
429	   CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_preferred_lifetime, 0,
430	   sysctl_ip6_temppltime, "I", "");
431SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime,
432	   CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_valid_lifetime, 0,
433	   sysctl_ip6_tempvltime, "I", "");
434SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY,
435	v6only,	CTLFLAG_RW,	&ip6_v6only,			0, "");
436SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL,
437	auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal,	0, "");
438SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD,
439	&rip6stat, rip6stat, "");
440
441/* net.inet6.icmp6 */
442SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
443	rediraccept, CTLFLAG_RW,	&icmp6_rediraccept,	0, "");
444SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT,
445	redirtimeout, CTLFLAG_RW,	&icmp6_redirtimeout,	0, "");
446SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD,
447	&icmp6stat, icmp6stat, "");
448SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE,
449	nd6_prune, CTLFLAG_RW,		&nd6_prune,	0, "");
450SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY,
451	nd6_delay, CTLFLAG_RW,		&nd6_delay,	0, "");
452SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES,
453	nd6_umaxtries, CTLFLAG_RW,	&nd6_umaxtries,	0, "");
454SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES,
455	nd6_mmaxtries, CTLFLAG_RW,	&nd6_mmaxtries,	0, "");
456SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK,
457	nd6_useloopback, CTLFLAG_RW,	&nd6_useloopback, 0, "");
458SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO,
459	nodeinfo, CTLFLAG_RW,	&icmp6_nodeinfo,	0, "");
460SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT,
461	errppslimit, CTLFLAG_RW,	&icmp6errppslim,	0, "");
462SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT,
463	nd6_maxnudhint, CTLFLAG_RW,	&nd6_maxnudhint, 0, "");
464SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG,
465	nd6_debug, CTLFLAG_RW,	&nd6_debug,		0, "");
466