in6_proto.c revision 134188 
1/*	$FreeBSD: head/sys/netinet6/in6_proto.c 134188 2004-08-23 03:00:27Z rwatson $	*/
2/*	$KAME: in6_proto.c,v 1.91 2001/05/27 13:28:35 itojun Exp $	*/
3
4/*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 *    may be used to endorse or promote products derived from this software
18 *    without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33/*
34 * Copyright (c) 1982, 1986, 1993
35 *	The Regents of the University of California.  All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 *    notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 *    notice, this list of conditions and the following disclaimer in the
44 *    documentation and/or other materials provided with the distribution.
45 * 4. Neither the name of the University nor the names of its contributors
46 *    may be used to endorse or promote products derived from this software
47 *    without specific prior written permission.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59 * SUCH DAMAGE.
60 *
61 *	@(#)in_proto.c	8.1 (Berkeley) 6/10/93
62 */
63
64#include "opt_inet.h"
65#include "opt_inet6.h"
66#include "opt_ipsec.h"
67
68#include <sys/param.h>
69#include <sys/socket.h>
70#include <sys/socketvar.h>
71#include <sys/protosw.h>
72#include <sys/kernel.h>
73#include <sys/domain.h>
74#include <sys/mbuf.h>
75#include <sys/systm.h>
76#include <sys/sysctl.h>
77
78#include <net/if.h>
79#include <net/radix.h>
80#include <net/route.h>
81
82#include <netinet/in.h>
83#include <netinet/in_systm.h>
84#include <netinet/in_var.h>
85#include <netinet/ip_encap.h>
86#include <netinet/ip.h>
87#include <netinet/ip_var.h>
88#include <netinet/ip6.h>
89#include <netinet6/ip6_var.h>
90#include <netinet/icmp6.h>
91
92#include <netinet/tcp.h>
93#include <netinet/tcp_timer.h>
94#include <netinet/tcp_var.h>
95#include <netinet/udp.h>
96#include <netinet/udp_var.h>
97#include <netinet6/tcp6_var.h>
98#include <netinet6/raw_ip6.h>
99#include <netinet6/udp6_var.h>
100#include <netinet6/pim6_var.h>
101#include <netinet6/nd6.h>
102
103#ifdef IPSEC
104#include <netinet6/ipsec.h>
105#ifdef INET6
106#include <netinet6/ipsec6.h>
107#endif
108#include <netinet6/ah.h>
109#ifdef INET6
110#include <netinet6/ah6.h>
111#endif
112#ifdef IPSEC_ESP
113#include <netinet6/esp.h>
114#ifdef INET6
115#include <netinet6/esp6.h>
116#endif
117#endif
118#include <netinet6/ipcomp.h>
119#ifdef INET6
120#include <netinet6/ipcomp6.h>
121#endif
122#endif /* IPSEC */
123
124#ifdef FAST_IPSEC
125#include <netipsec/ipsec6.h>
126#define	IPSEC
127#define	IPSEC_ESP
128#define	ah6_input	ipsec6_common_input
129#define	esp6_input	ipsec6_common_input
130#define	ipcomp6_input	ipsec6_common_input
131#endif /* FAST_IPSEC */
132
133#include <netinet6/ip6protosw.h>
134
135#include <net/net_osdep.h>
136
137/*
138 * TCP/IP protocol family: IP6, ICMP6, UDP, TCP.
139 */
140
141extern	struct domain inet6domain;
142static struct pr_usrreqs nousrreqs;
143
144#define PR_LISTEN	0
145#define PR_ABRTACPTDIS	0
146
147struct ip6protosw inet6sw[] = {
148{ 0,		&inet6domain,	IPPROTO_IPV6,	0,
149  0,		0,		0,		0,
150  0,
151  ip6_init,	0,		frag6_slowtimo,	frag6_drain,
152  &nousrreqs,
153},
154{ SOCK_DGRAM,	&inet6domain,	IPPROTO_UDP,	PR_ATOMIC|PR_ADDR,
155  udp6_input,	0,		udp6_ctlinput,	ip6_ctloutput,
156  0,
157  0,		0,		0,		0,
158  &udp6_usrreqs,
159},
160{ SOCK_STREAM,	&inet6domain,	IPPROTO_TCP,	PR_CONNREQUIRED|PR_WANTRCVD|PR_LISTEN,
161  tcp6_input,	0,		tcp6_ctlinput,	tcp_ctloutput,
162  0,
163#ifdef INET	/* don't call initialization and timeout routines twice */
164  0,		0,		0,		tcp_drain,
165#else
166  tcp_init,	tcp_fasttimo,	tcp_slowtimo,	tcp_drain,
167#endif
168  &tcp6_usrreqs,
169},
170{ SOCK_RAW,	&inet6domain,	IPPROTO_RAW,	PR_ATOMIC|PR_ADDR,
171  rip6_input,	rip6_output,	rip6_ctlinput,	rip6_ctloutput,
172  0,
173  0,		0,		0,		0,
174  &rip6_usrreqs
175},
176{ SOCK_RAW,	&inet6domain,	IPPROTO_ICMPV6,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
177  icmp6_input,	rip6_output,	rip6_ctlinput,	rip6_ctloutput,
178  0,
179  icmp6_init,	icmp6_fasttimo,	0,		0,
180  &rip6_usrreqs
181},
182{ SOCK_RAW,	&inet6domain,	IPPROTO_DSTOPTS,PR_ATOMIC|PR_ADDR,
183  dest6_input,	0,	 	0,		0,
184  0,
185  0,		0,		0,		0,
186  &nousrreqs
187},
188{ SOCK_RAW,	&inet6domain,	IPPROTO_ROUTING,PR_ATOMIC|PR_ADDR,
189  route6_input,	0,	 	0,		0,
190  0,
191  0,		0,		0,		0,
192  &nousrreqs
193},
194{ SOCK_RAW,	&inet6domain,	IPPROTO_FRAGMENT,PR_ATOMIC|PR_ADDR,
195  frag6_input,	0,	 	0,		0,
196  0,
197  0,		0,		0,		0,
198  &nousrreqs
199},
200#ifdef IPSEC
201{ SOCK_RAW,	&inet6domain,	IPPROTO_AH,	PR_ATOMIC|PR_ADDR,
202  ah6_input,	0,		0,		0,
203  0,
204  0,		0,		0,		0,
205  &nousrreqs,
206},
207#ifdef IPSEC_ESP
208{ SOCK_RAW,	&inet6domain,	IPPROTO_ESP,	PR_ATOMIC|PR_ADDR,
209  esp6_input,	0,
210  esp6_ctlinput,
211  0,
212  0,
213  0,		0,		0,		0,
214  &nousrreqs,
215},
216#endif
217{ SOCK_RAW,	&inet6domain,	IPPROTO_IPCOMP,	PR_ATOMIC|PR_ADDR,
218  ipcomp6_input, 0,	 	0,		0,
219  0,
220  0,		0,		0,		0,
221  &nousrreqs,
222},
223#endif /* IPSEC */
224#ifdef INET
225{ SOCK_RAW,	&inet6domain,	IPPROTO_IPV4,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
226  encap6_input,	rip6_output, 	0,		rip6_ctloutput,
227  0,
228  encap_init,	0,		0,		0,
229  &rip6_usrreqs
230},
231#endif /* INET */
232{ SOCK_RAW,	&inet6domain,	IPPROTO_IPV6,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
233  encap6_input, rip6_output,	0,		rip6_ctloutput,
234  0,
235  encap_init,	0,		0,		0,
236  &rip6_usrreqs
237},
238{ SOCK_RAW,     &inet6domain,	IPPROTO_PIM,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
239  pim6_input,	rip6_output,	0,              rip6_ctloutput,
240  0,
241  0,            0,              0,              0,
242  &rip6_usrreqs
243},
244/* raw wildcard */
245{ SOCK_RAW,	&inet6domain,	0,		PR_ATOMIC|PR_ADDR,
246  rip6_input,	rip6_output,	0,		rip6_ctloutput,
247  0,
248  0,		0,		0,		0,
249  &rip6_usrreqs
250},
251};
252
253extern int in6_inithead __P((void **, int));
254
255struct domain inet6domain =
256    { AF_INET6, "internet6", 0, 0, 0,
257      (struct protosw *)inet6sw,
258      (struct protosw *)&inet6sw[sizeof(inet6sw)/sizeof(inet6sw[0])], 0,
259      in6_inithead,
260      offsetof(struct sockaddr_in6, sin6_addr) << 3,
261      sizeof(struct sockaddr_in6),
262      in6_domifattach, in6_domifdetach, };
263
264DOMAIN_SET(inet6);
265
266/*
267 * Internet configuration info
268 */
269#ifndef	IPV6FORWARDING
270#ifdef GATEWAY6
271#define	IPV6FORWARDING	1	/* forward IP6 packets not for us */
272#else
273#define	IPV6FORWARDING	0	/* don't forward IP6 packets not for us */
274#endif /* GATEWAY6 */
275#endif /* !IPV6FORWARDING */
276
277#ifndef	IPV6_SENDREDIRECTS
278#define	IPV6_SENDREDIRECTS	1
279#endif
280
281int	ip6_forwarding = IPV6FORWARDING;	/* act as router? */
282int	ip6_sendredirects = IPV6_SENDREDIRECTS;
283int	ip6_defhlim = IPV6_DEFHLIM;
284int	ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS;
285int	ip6_accept_rtadv = 0;	/* "IPV6FORWARDING ? 0 : 1" is dangerous */
286int	ip6_maxfragpackets;	/* initialized in frag6.c:frag6_init() */
287int	ip6_maxfrags;	/* initialized in frag6.c:frag6_init() */
288int	ip6_log_interval = 5;
289int	ip6_hdrnestlimit = 50;	/* appropriate? */
290int	ip6_dad_count = 1;	/* DupAddrDetectionTransmits */
291int	ip6_auto_flowlabel = 1;
292int	ip6_gif_hlim = 0;
293int	ip6_use_deprecated = 1;	/* allow deprecated addr (RFC2462 5.5.4) */
294int	ip6_rr_prune = 5;	/* router renumbering prefix
295				 * walk list every 5 sec. */
296int	ip6_v6only = 1;
297
298int	ip6_keepfaith = 0;
299time_t	ip6_log_time = (time_t)0L;
300
301/* icmp6 */
302/*
303 * BSDI4 defines these variables in in_proto.c...
304 * XXX: what if we don't define INET? Should we define pmtu6_expire
305 * or so? (jinmei@kame.net 19990310)
306 */
307int pmtu_expire = 60*10;
308int pmtu_probe = 60*2;
309
310/* raw IP6 parameters */
311/*
312 * Nominal space allocated to a raw ip socket.
313 */
314#define	RIPV6SNDQ	8192
315#define	RIPV6RCVQ	8192
316
317u_long	rip6_sendspace = RIPV6SNDQ;
318u_long	rip6_recvspace = RIPV6RCVQ;
319
320/* ICMPV6 parameters */
321int	icmp6_rediraccept = 1;		/* accept and process redirects */
322int	icmp6_redirtimeout = 10 * 60;	/* 10 minutes */
323int	icmp6errppslim = 100;		/* 100pps */
324int	icmp6_nodeinfo = 3;		/* enable/disable NI response */
325
326/* UDP on IP6 parameters */
327int	udp6_sendspace = 9216;		/* really max datagram size */
328int	udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6));
329					/* 40 1K datagrams */
330
331/*
332 * sysctl related items.
333 */
334SYSCTL_NODE(_net,	PF_INET6,	inet6,	CTLFLAG_RW,	0,
335	"Internet6 Family");
336
337/* net.inet6 */
338SYSCTL_NODE(_net_inet6,	IPPROTO_IPV6,	ip6,	CTLFLAG_RW, 0,	"IP6");
339SYSCTL_NODE(_net_inet6,	IPPROTO_ICMPV6,	icmp6,	CTLFLAG_RW, 0,	"ICMP6");
340SYSCTL_NODE(_net_inet6,	IPPROTO_UDP,	udp6,	CTLFLAG_RW, 0,	"UDP6");
341SYSCTL_NODE(_net_inet6,	IPPROTO_TCP,	tcp6,	CTLFLAG_RW, 0,	"TCP6");
342#ifdef IPSEC
343SYSCTL_NODE(_net_inet6,	IPPROTO_ESP,	ipsec6,	CTLFLAG_RW, 0,	"IPSEC6");
344#endif /* IPSEC */
345
346/* net.inet6.ip6 */
347static int
348sysctl_ip6_temppltime(SYSCTL_HANDLER_ARGS)
349{
350	int error = 0;
351	int old;
352
353	error = SYSCTL_OUT(req, arg1, sizeof(int));
354	if (error || !req->newptr)
355		return (error);
356	old = ip6_temp_preferred_lifetime;
357	error = SYSCTL_IN(req, arg1, sizeof(int));
358	if (ip6_temp_preferred_lifetime <
359	    ip6_desync_factor + ip6_temp_regen_advance) {
360		ip6_temp_preferred_lifetime = old;
361		return (EINVAL);
362	}
363	return (error);
364}
365
366static int
367sysctl_ip6_tempvltime(SYSCTL_HANDLER_ARGS)
368{
369	int error = 0;
370	int old;
371
372	error = SYSCTL_OUT(req, arg1, sizeof(int));
373	if (error || !req->newptr)
374		return (error);
375	old = ip6_temp_valid_lifetime;
376	error = SYSCTL_IN(req, arg1, sizeof(int));
377	if (ip6_temp_valid_lifetime < ip6_temp_preferred_lifetime) {
378		ip6_temp_preferred_lifetime = old;
379		return (EINVAL);
380	}
381	return (error);
382}
383
384SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING,
385	forwarding, CTLFLAG_RW, 	&ip6_forwarding,	0, "");
386SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS,
387	redirect, CTLFLAG_RW,		&ip6_sendredirects,	0, "");
388SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM,
389	hlim, CTLFLAG_RW,		&ip6_defhlim,	0, "");
390SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_STATS, stats, CTLFLAG_RD,
391	&ip6stat, ip6stat, "");
392SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS,
393	maxfragpackets, CTLFLAG_RW,	&ip6_maxfragpackets,	0, "");
394SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV,
395	accept_rtadv, CTLFLAG_RW,	&ip6_accept_rtadv,	0, "");
396SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH,
397	keepfaith, CTLFLAG_RW,		&ip6_keepfaith,	0, "");
398SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL,
399	log_interval, CTLFLAG_RW,	&ip6_log_interval,	0, "");
400SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT,
401	hdrnestlimit, CTLFLAG_RW,	&ip6_hdrnestlimit,	0, "");
402SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT,
403	dad_count, CTLFLAG_RW,	&ip6_dad_count,	0, "");
404SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL,
405	auto_flowlabel, CTLFLAG_RW,	&ip6_auto_flowlabel,	0, "");
406SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM,
407	defmcasthlim, CTLFLAG_RW,	&ip6_defmcasthlim,	0, "");
408SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM,
409	gifhlim, CTLFLAG_RW,	&ip6_gif_hlim,			0, "");
410SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION,
411	kame_version, CTLFLAG_RD,	__KAME_VERSION,		0, "");
412SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED,
413	use_deprecated, CTLFLAG_RW,	&ip6_use_deprecated,	0, "");
414SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE,
415	rr_prune, CTLFLAG_RW,	&ip6_rr_prune,			0, "");
416SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR,
417	use_tempaddr, CTLFLAG_RW, &ip6_use_tempaddr,		0, "");
418SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime,
419	   CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_preferred_lifetime, 0,
420	   sysctl_ip6_temppltime, "I", "");
421SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime,
422	   CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_valid_lifetime, 0,
423	   sysctl_ip6_tempvltime, "I", "");
424SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY,
425	v6only,	CTLFLAG_RW,	&ip6_v6only,			0, "");
426SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL,
427	auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal,	0, "");
428SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD,
429	&rip6stat, rip6stat, "");
430SYSCTL_INT(_net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR,
431	prefer_tempaddr, CTLFLAG_RW, &ip6_prefer_tempaddr,	0, "");
432SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGS,
433	maxfrags, CTLFLAG_RW,		&ip6_maxfrags,	0, "");
434
435/* net.inet6.icmp6 */
436SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
437	rediraccept, CTLFLAG_RW,	&icmp6_rediraccept,	0, "");
438SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT,
439	redirtimeout, CTLFLAG_RW,	&icmp6_redirtimeout,	0, "");
440SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD,
441	&icmp6stat, icmp6stat, "");
442SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE,
443	nd6_prune, CTLFLAG_RW,		&nd6_prune,	0, "");
444SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY,
445	nd6_delay, CTLFLAG_RW,		&nd6_delay,	0, "");
446SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES,
447	nd6_umaxtries, CTLFLAG_RW,	&nd6_umaxtries,	0, "");
448SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES,
449	nd6_mmaxtries, CTLFLAG_RW,	&nd6_mmaxtries,	0, "");
450SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK,
451	nd6_useloopback, CTLFLAG_RW,	&nd6_useloopback, 0, "");
452SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO,
453	nodeinfo, CTLFLAG_RW,	&icmp6_nodeinfo,	0, "");
454SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT,
455	errppslimit, CTLFLAG_RW,	&icmp6errppslim,	0, "");
456SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT,
457	nd6_maxnudhint, CTLFLAG_RW,	&nd6_maxnudhint, 0, "");
458SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG,
459	nd6_debug, CTLFLAG_RW,	&nd6_debug,		0, "");
460