in6_proto.c revision 134188
1/* $FreeBSD: head/sys/netinet6/in6_proto.c 134188 2004-08-23 03:00:27Z rwatson $ */ 2/* $KAME: in6_proto.c,v 1.91 2001/05/27 13:28:35 itojun Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33/* 34 * Copyright (c) 1982, 1986, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 4. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in_proto.c 8.1 (Berkeley) 6/10/93 62 */ 63 64#include "opt_inet.h" 65#include "opt_inet6.h" 66#include "opt_ipsec.h" 67 68#include <sys/param.h> 69#include <sys/socket.h> 70#include <sys/socketvar.h> 71#include <sys/protosw.h> 72#include <sys/kernel.h> 73#include <sys/domain.h> 74#include <sys/mbuf.h> 75#include <sys/systm.h> 76#include <sys/sysctl.h> 77 78#include <net/if.h> 79#include <net/radix.h> 80#include <net/route.h> 81 82#include <netinet/in.h> 83#include <netinet/in_systm.h> 84#include <netinet/in_var.h> 85#include <netinet/ip_encap.h> 86#include <netinet/ip.h> 87#include <netinet/ip_var.h> 88#include <netinet/ip6.h> 89#include <netinet6/ip6_var.h> 90#include <netinet/icmp6.h> 91 92#include <netinet/tcp.h> 93#include <netinet/tcp_timer.h> 94#include <netinet/tcp_var.h> 95#include <netinet/udp.h> 96#include <netinet/udp_var.h> 97#include <netinet6/tcp6_var.h> 98#include <netinet6/raw_ip6.h> 99#include <netinet6/udp6_var.h> 100#include <netinet6/pim6_var.h> 101#include <netinet6/nd6.h> 102 103#ifdef IPSEC 104#include <netinet6/ipsec.h> 105#ifdef INET6 106#include <netinet6/ipsec6.h> 107#endif 108#include <netinet6/ah.h> 109#ifdef INET6 110#include <netinet6/ah6.h> 111#endif 112#ifdef IPSEC_ESP 113#include <netinet6/esp.h> 114#ifdef INET6 115#include <netinet6/esp6.h> 116#endif 117#endif 118#include <netinet6/ipcomp.h> 119#ifdef INET6 120#include <netinet6/ipcomp6.h> 121#endif 122#endif /* IPSEC */ 123 124#ifdef FAST_IPSEC 125#include <netipsec/ipsec6.h> 126#define IPSEC 127#define IPSEC_ESP 128#define ah6_input ipsec6_common_input 129#define esp6_input ipsec6_common_input 130#define ipcomp6_input ipsec6_common_input 131#endif /* FAST_IPSEC */ 132 133#include <netinet6/ip6protosw.h> 134 135#include <net/net_osdep.h> 136 137/* 138 * TCP/IP protocol family: IP6, ICMP6, UDP, TCP. 139 */ 140 141extern struct domain inet6domain; 142static struct pr_usrreqs nousrreqs; 143 144#define PR_LISTEN 0 145#define PR_ABRTACPTDIS 0 146 147struct ip6protosw inet6sw[] = { 148{ 0, &inet6domain, IPPROTO_IPV6, 0, 149 0, 0, 0, 0, 150 0, 151 ip6_init, 0, frag6_slowtimo, frag6_drain, 152 &nousrreqs, 153}, 154{ SOCK_DGRAM, &inet6domain, IPPROTO_UDP, PR_ATOMIC|PR_ADDR, 155 udp6_input, 0, udp6_ctlinput, ip6_ctloutput, 156 0, 157 0, 0, 0, 0, 158 &udp6_usrreqs, 159}, 160{ SOCK_STREAM, &inet6domain, IPPROTO_TCP, PR_CONNREQUIRED|PR_WANTRCVD|PR_LISTEN, 161 tcp6_input, 0, tcp6_ctlinput, tcp_ctloutput, 162 0, 163#ifdef INET /* don't call initialization and timeout routines twice */ 164 0, 0, 0, tcp_drain, 165#else 166 tcp_init, tcp_fasttimo, tcp_slowtimo, tcp_drain, 167#endif 168 &tcp6_usrreqs, 169}, 170{ SOCK_RAW, &inet6domain, IPPROTO_RAW, PR_ATOMIC|PR_ADDR, 171 rip6_input, rip6_output, rip6_ctlinput, rip6_ctloutput, 172 0, 173 0, 0, 0, 0, 174 &rip6_usrreqs 175}, 176{ SOCK_RAW, &inet6domain, IPPROTO_ICMPV6, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 177 icmp6_input, rip6_output, rip6_ctlinput, rip6_ctloutput, 178 0, 179 icmp6_init, icmp6_fasttimo, 0, 0, 180 &rip6_usrreqs 181}, 182{ SOCK_RAW, &inet6domain, IPPROTO_DSTOPTS,PR_ATOMIC|PR_ADDR, 183 dest6_input, 0, 0, 0, 184 0, 185 0, 0, 0, 0, 186 &nousrreqs 187}, 188{ SOCK_RAW, &inet6domain, IPPROTO_ROUTING,PR_ATOMIC|PR_ADDR, 189 route6_input, 0, 0, 0, 190 0, 191 0, 0, 0, 0, 192 &nousrreqs 193}, 194{ SOCK_RAW, &inet6domain, IPPROTO_FRAGMENT,PR_ATOMIC|PR_ADDR, 195 frag6_input, 0, 0, 0, 196 0, 197 0, 0, 0, 0, 198 &nousrreqs 199}, 200#ifdef IPSEC 201{ SOCK_RAW, &inet6domain, IPPROTO_AH, PR_ATOMIC|PR_ADDR, 202 ah6_input, 0, 0, 0, 203 0, 204 0, 0, 0, 0, 205 &nousrreqs, 206}, 207#ifdef IPSEC_ESP 208{ SOCK_RAW, &inet6domain, IPPROTO_ESP, PR_ATOMIC|PR_ADDR, 209 esp6_input, 0, 210 esp6_ctlinput, 211 0, 212 0, 213 0, 0, 0, 0, 214 &nousrreqs, 215}, 216#endif 217{ SOCK_RAW, &inet6domain, IPPROTO_IPCOMP, PR_ATOMIC|PR_ADDR, 218 ipcomp6_input, 0, 0, 0, 219 0, 220 0, 0, 0, 0, 221 &nousrreqs, 222}, 223#endif /* IPSEC */ 224#ifdef INET 225{ SOCK_RAW, &inet6domain, IPPROTO_IPV4, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 226 encap6_input, rip6_output, 0, rip6_ctloutput, 227 0, 228 encap_init, 0, 0, 0, 229 &rip6_usrreqs 230}, 231#endif /* INET */ 232{ SOCK_RAW, &inet6domain, IPPROTO_IPV6, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 233 encap6_input, rip6_output, 0, rip6_ctloutput, 234 0, 235 encap_init, 0, 0, 0, 236 &rip6_usrreqs 237}, 238{ SOCK_RAW, &inet6domain, IPPROTO_PIM, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 239 pim6_input, rip6_output, 0, rip6_ctloutput, 240 0, 241 0, 0, 0, 0, 242 &rip6_usrreqs 243}, 244/* raw wildcard */ 245{ SOCK_RAW, &inet6domain, 0, PR_ATOMIC|PR_ADDR, 246 rip6_input, rip6_output, 0, rip6_ctloutput, 247 0, 248 0, 0, 0, 0, 249 &rip6_usrreqs 250}, 251}; 252 253extern int in6_inithead __P((void **, int)); 254 255struct domain inet6domain = 256 { AF_INET6, "internet6", 0, 0, 0, 257 (struct protosw *)inet6sw, 258 (struct protosw *)&inet6sw[sizeof(inet6sw)/sizeof(inet6sw[0])], 0, 259 in6_inithead, 260 offsetof(struct sockaddr_in6, sin6_addr) << 3, 261 sizeof(struct sockaddr_in6), 262 in6_domifattach, in6_domifdetach, }; 263 264DOMAIN_SET(inet6); 265 266/* 267 * Internet configuration info 268 */ 269#ifndef IPV6FORWARDING 270#ifdef GATEWAY6 271#define IPV6FORWARDING 1 /* forward IP6 packets not for us */ 272#else 273#define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */ 274#endif /* GATEWAY6 */ 275#endif /* !IPV6FORWARDING */ 276 277#ifndef IPV6_SENDREDIRECTS 278#define IPV6_SENDREDIRECTS 1 279#endif 280 281int ip6_forwarding = IPV6FORWARDING; /* act as router? */ 282int ip6_sendredirects = IPV6_SENDREDIRECTS; 283int ip6_defhlim = IPV6_DEFHLIM; 284int ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS; 285int ip6_accept_rtadv = 0; /* "IPV6FORWARDING ? 0 : 1" is dangerous */ 286int ip6_maxfragpackets; /* initialized in frag6.c:frag6_init() */ 287int ip6_maxfrags; /* initialized in frag6.c:frag6_init() */ 288int ip6_log_interval = 5; 289int ip6_hdrnestlimit = 50; /* appropriate? */ 290int ip6_dad_count = 1; /* DupAddrDetectionTransmits */ 291int ip6_auto_flowlabel = 1; 292int ip6_gif_hlim = 0; 293int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ 294int ip6_rr_prune = 5; /* router renumbering prefix 295 * walk list every 5 sec. */ 296int ip6_v6only = 1; 297 298int ip6_keepfaith = 0; 299time_t ip6_log_time = (time_t)0L; 300 301/* icmp6 */ 302/* 303 * BSDI4 defines these variables in in_proto.c... 304 * XXX: what if we don't define INET? Should we define pmtu6_expire 305 * or so? (jinmei@kame.net 19990310) 306 */ 307int pmtu_expire = 60*10; 308int pmtu_probe = 60*2; 309 310/* raw IP6 parameters */ 311/* 312 * Nominal space allocated to a raw ip socket. 313 */ 314#define RIPV6SNDQ 8192 315#define RIPV6RCVQ 8192 316 317u_long rip6_sendspace = RIPV6SNDQ; 318u_long rip6_recvspace = RIPV6RCVQ; 319 320/* ICMPV6 parameters */ 321int icmp6_rediraccept = 1; /* accept and process redirects */ 322int icmp6_redirtimeout = 10 * 60; /* 10 minutes */ 323int icmp6errppslim = 100; /* 100pps */ 324int icmp6_nodeinfo = 3; /* enable/disable NI response */ 325 326/* UDP on IP6 parameters */ 327int udp6_sendspace = 9216; /* really max datagram size */ 328int udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6)); 329 /* 40 1K datagrams */ 330 331/* 332 * sysctl related items. 333 */ 334SYSCTL_NODE(_net, PF_INET6, inet6, CTLFLAG_RW, 0, 335 "Internet6 Family"); 336 337/* net.inet6 */ 338SYSCTL_NODE(_net_inet6, IPPROTO_IPV6, ip6, CTLFLAG_RW, 0, "IP6"); 339SYSCTL_NODE(_net_inet6, IPPROTO_ICMPV6, icmp6, CTLFLAG_RW, 0, "ICMP6"); 340SYSCTL_NODE(_net_inet6, IPPROTO_UDP, udp6, CTLFLAG_RW, 0, "UDP6"); 341SYSCTL_NODE(_net_inet6, IPPROTO_TCP, tcp6, CTLFLAG_RW, 0, "TCP6"); 342#ifdef IPSEC 343SYSCTL_NODE(_net_inet6, IPPROTO_ESP, ipsec6, CTLFLAG_RW, 0, "IPSEC6"); 344#endif /* IPSEC */ 345 346/* net.inet6.ip6 */ 347static int 348sysctl_ip6_temppltime(SYSCTL_HANDLER_ARGS) 349{ 350 int error = 0; 351 int old; 352 353 error = SYSCTL_OUT(req, arg1, sizeof(int)); 354 if (error || !req->newptr) 355 return (error); 356 old = ip6_temp_preferred_lifetime; 357 error = SYSCTL_IN(req, arg1, sizeof(int)); 358 if (ip6_temp_preferred_lifetime < 359 ip6_desync_factor + ip6_temp_regen_advance) { 360 ip6_temp_preferred_lifetime = old; 361 return (EINVAL); 362 } 363 return (error); 364} 365 366static int 367sysctl_ip6_tempvltime(SYSCTL_HANDLER_ARGS) 368{ 369 int error = 0; 370 int old; 371 372 error = SYSCTL_OUT(req, arg1, sizeof(int)); 373 if (error || !req->newptr) 374 return (error); 375 old = ip6_temp_valid_lifetime; 376 error = SYSCTL_IN(req, arg1, sizeof(int)); 377 if (ip6_temp_valid_lifetime < ip6_temp_preferred_lifetime) { 378 ip6_temp_preferred_lifetime = old; 379 return (EINVAL); 380 } 381 return (error); 382} 383 384SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING, 385 forwarding, CTLFLAG_RW, &ip6_forwarding, 0, ""); 386SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS, 387 redirect, CTLFLAG_RW, &ip6_sendredirects, 0, ""); 388SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM, 389 hlim, CTLFLAG_RW, &ip6_defhlim, 0, ""); 390SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_STATS, stats, CTLFLAG_RD, 391 &ip6stat, ip6stat, ""); 392SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, 393 maxfragpackets, CTLFLAG_RW, &ip6_maxfragpackets, 0, ""); 394SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, 395 accept_rtadv, CTLFLAG_RW, &ip6_accept_rtadv, 0, ""); 396SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH, 397 keepfaith, CTLFLAG_RW, &ip6_keepfaith, 0, ""); 398SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL, 399 log_interval, CTLFLAG_RW, &ip6_log_interval, 0, ""); 400SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT, 401 hdrnestlimit, CTLFLAG_RW, &ip6_hdrnestlimit, 0, ""); 402SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT, 403 dad_count, CTLFLAG_RW, &ip6_dad_count, 0, ""); 404SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL, 405 auto_flowlabel, CTLFLAG_RW, &ip6_auto_flowlabel, 0, ""); 406SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM, 407 defmcasthlim, CTLFLAG_RW, &ip6_defmcasthlim, 0, ""); 408SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, 409 gifhlim, CTLFLAG_RW, &ip6_gif_hlim, 0, ""); 410SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION, 411 kame_version, CTLFLAG_RD, __KAME_VERSION, 0, ""); 412SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED, 413 use_deprecated, CTLFLAG_RW, &ip6_use_deprecated, 0, ""); 414SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE, 415 rr_prune, CTLFLAG_RW, &ip6_rr_prune, 0, ""); 416SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR, 417 use_tempaddr, CTLFLAG_RW, &ip6_use_tempaddr, 0, ""); 418SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime, 419 CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_preferred_lifetime, 0, 420 sysctl_ip6_temppltime, "I", ""); 421SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime, 422 CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_valid_lifetime, 0, 423 sysctl_ip6_tempvltime, "I", ""); 424SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY, 425 v6only, CTLFLAG_RW, &ip6_v6only, 0, ""); 426SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, 427 auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal, 0, ""); 428SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD, 429 &rip6stat, rip6stat, ""); 430SYSCTL_INT(_net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR, 431 prefer_tempaddr, CTLFLAG_RW, &ip6_prefer_tempaddr, 0, ""); 432SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGS, 433 maxfrags, CTLFLAG_RW, &ip6_maxfrags, 0, ""); 434 435/* net.inet6.icmp6 */ 436SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, 437 rediraccept, CTLFLAG_RW, &icmp6_rediraccept, 0, ""); 438SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, 439 redirtimeout, CTLFLAG_RW, &icmp6_redirtimeout, 0, ""); 440SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD, 441 &icmp6stat, icmp6stat, ""); 442SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, 443 nd6_prune, CTLFLAG_RW, &nd6_prune, 0, ""); 444SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, 445 nd6_delay, CTLFLAG_RW, &nd6_delay, 0, ""); 446SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, 447 nd6_umaxtries, CTLFLAG_RW, &nd6_umaxtries, 0, ""); 448SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, 449 nd6_mmaxtries, CTLFLAG_RW, &nd6_mmaxtries, 0, ""); 450SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, 451 nd6_useloopback, CTLFLAG_RW, &nd6_useloopback, 0, ""); 452SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, 453 nodeinfo, CTLFLAG_RW, &icmp6_nodeinfo, 0, ""); 454SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, 455 errppslimit, CTLFLAG_RW, &icmp6errppslim, 0, ""); 456SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, 457 nd6_maxnudhint, CTLFLAG_RW, &nd6_maxnudhint, 0, ""); 458SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, 459 nd6_debug, CTLFLAG_RW, &nd6_debug, 0, ""); 460