in6_proto.c revision 78064 
1/*	$FreeBSD: head/sys/netinet6/in6_proto.c 78064 2001-06-11 12:39:29Z ume $	*/
2/*	$KAME: in6_proto.c,v 1.91 2001/05/27 13:28:35 itojun Exp $	*/
3
4/*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 *    may be used to endorse or promote products derived from this software
18 *    without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33/*
34 * Copyright (c) 1982, 1986, 1993
35 *	The Regents of the University of California.  All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 *    notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 *    notice, this list of conditions and the following disclaimer in the
44 *    documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 *    must display the following acknowledgement:
47 *	This product includes software developed by the University of
48 *	California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 *    may be used to endorse or promote products derived from this software
51 *    without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 *	@(#)in_proto.c	8.1 (Berkeley) 6/10/93
66 */
67
68#include "opt_inet.h"
69#include "opt_inet6.h"
70#include "opt_ipsec.h"
71
72#include <sys/param.h>
73#include <sys/socket.h>
74#include <sys/socketvar.h>
75#include <sys/protosw.h>
76#include <sys/kernel.h>
77#include <sys/domain.h>
78#include <sys/mbuf.h>
79#include <sys/systm.h>
80#include <sys/sysctl.h>
81
82#include <net/if.h>
83#include <net/radix.h>
84#include <net/route.h>
85
86#include <netinet/in.h>
87#include <netinet/in_systm.h>
88#include <netinet/in_var.h>
89#include <netinet/ip_encap.h>
90#include <netinet/ip.h>
91#include <netinet/ip_var.h>
92#include <netinet/ip6.h>
93#include <netinet6/ip6_var.h>
94#include <netinet/icmp6.h>
95
96#include <netinet/tcp.h>
97#include <netinet/tcp_timer.h>
98#include <netinet/tcp_var.h>
99#include <netinet/udp.h>
100#include <netinet/udp_var.h>
101#include <netinet6/tcp6_var.h>
102#include <netinet6/raw_ip6.h>
103#include <netinet6/udp6_var.h>
104#include <netinet6/pim6_var.h>
105#include <netinet6/nd6.h>
106#include <netinet6/in6_prefix.h>
107
108#ifdef IPSEC
109#include <netinet6/ipsec.h>
110#ifdef INET6
111#include <netinet6/ipsec6.h>
112#endif
113#include <netinet6/ah.h>
114#ifdef INET6
115#include <netinet6/ah6.h>
116#endif
117#ifdef IPSEC_ESP
118#include <netinet6/esp.h>
119#ifdef INET6
120#include <netinet6/esp6.h>
121#endif
122#endif
123#include <netinet6/ipcomp.h>
124#ifdef INET6
125#include <netinet6/ipcomp6.h>
126#endif
127#endif /*IPSEC*/
128
129#include <netinet6/ip6protosw.h>
130
131#include "gif.h"
132#if NGIF > 0
133#include <netinet6/in6_gif.h>
134#endif
135
136#include <net/net_osdep.h>
137
138/*
139 * TCP/IP protocol family: IP6, ICMP6, UDP, TCP.
140 */
141
142extern	struct domain inet6domain;
143static struct pr_usrreqs nousrreqs;
144
145#define PR_LISTEN	0
146#define PR_ABRTACPTDIS	0
147
148struct ip6protosw inet6sw[] = {
149{ 0,		&inet6domain,	IPPROTO_IPV6,	0,
150  0,		0,		0,		0,
151  0,
152  ip6_init,	0,		frag6_slowtimo,	frag6_drain,
153  &nousrreqs,
154},
155{ SOCK_DGRAM,	&inet6domain,	IPPROTO_UDP,	PR_ATOMIC|PR_ADDR,
156  udp6_input,	0,		udp6_ctlinput,	ip6_ctloutput,
157  0,
158  0,		0,		0,		0,
159  &udp6_usrreqs,
160},
161{ SOCK_STREAM,	&inet6domain,	IPPROTO_TCP,	PR_CONNREQUIRED|PR_WANTRCVD|PR_LISTEN,
162  tcp6_input,	0,		tcp6_ctlinput,	tcp_ctloutput,
163  0,
164#ifdef INET	/* don't call initialization and timeout routines twice */
165  0,		0,		0,		tcp_drain,
166#else
167  tcp_init,	tcp_fasttimo,	tcp_slowtimo,	tcp_drain,
168#endif
169  &tcp6_usrreqs,
170},
171{ SOCK_RAW,	&inet6domain,	IPPROTO_RAW,	PR_ATOMIC|PR_ADDR,
172  rip6_input,	rip6_output,	rip6_ctlinput,	rip6_ctloutput,
173  0,
174  0,		0,		0,		0,
175  &rip6_usrreqs
176},
177{ SOCK_RAW,	&inet6domain,	IPPROTO_ICMPV6,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
178  icmp6_input,	rip6_output,	rip6_ctlinput,	rip6_ctloutput,
179  0,
180  icmp6_init,	icmp6_fasttimo,	0,		0,
181  &rip6_usrreqs
182},
183{ SOCK_RAW,	&inet6domain,	IPPROTO_DSTOPTS,PR_ATOMIC|PR_ADDR,
184  dest6_input,	0,	 	0,		0,
185  0,
186  0,		0,		0,		0,
187  &nousrreqs
188},
189{ SOCK_RAW,	&inet6domain,	IPPROTO_ROUTING,PR_ATOMIC|PR_ADDR,
190  route6_input,	0,	 	0,		0,
191  0,
192  0,		0,		0,		0,
193  &nousrreqs
194},
195{ SOCK_RAW,	&inet6domain,	IPPROTO_FRAGMENT,PR_ATOMIC|PR_ADDR,
196  frag6_input,	0,	 	0,		0,
197  0,
198  0,		0,		0,		0,
199  &nousrreqs
200},
201#ifdef IPSEC
202{ SOCK_RAW,	&inet6domain,	IPPROTO_AH,	PR_ATOMIC|PR_ADDR,
203  ah6_input,	0,		0,		0,
204  0,
205  0,		0,		0,		0,
206  &nousrreqs,
207},
208#ifdef IPSEC_ESP
209{ SOCK_RAW,	&inet6domain,	IPPROTO_ESP,	PR_ATOMIC|PR_ADDR,
210  esp6_input,	0,
211  esp6_ctlinput,
212  0,
213  0,
214  0,		0,		0,		0,
215  &nousrreqs,
216},
217#endif
218{ SOCK_RAW,	&inet6domain,	IPPROTO_IPCOMP,	PR_ATOMIC|PR_ADDR,
219  ipcomp6_input, 0,	 	0,		0,
220  0,
221  0,		0,		0,		0,
222  &nousrreqs,
223},
224#endif /* IPSEC */
225#ifdef INET
226{ SOCK_RAW,	&inet6domain,	IPPROTO_IPV4,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
227  encap6_input,	rip6_output, 	0,		rip6_ctloutput,
228  0,
229  encap_init,	0,		0,		0,
230  &rip6_usrreqs
231},
232#endif /*INET*/
233{ SOCK_RAW,	&inet6domain,	IPPROTO_IPV6,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
234  encap6_input, rip6_output,	0,		rip6_ctloutput,
235  0,
236  encap_init,	0,		0,		0,
237  &rip6_usrreqs
238},
239{ SOCK_RAW,     &inet6domain,	IPPROTO_PIM,	PR_ATOMIC|PR_ADDR|PR_LASTHDR,
240  pim6_input,	rip6_output,	0,              rip6_ctloutput,
241  0,
242  0,            0,              0,              0,
243  &rip6_usrreqs
244},
245/* raw wildcard */
246{ SOCK_RAW,	&inet6domain,	0,		PR_ATOMIC|PR_ADDR,
247  rip6_input,	rip6_output,	0,		rip6_ctloutput,
248  0,
249  0,		0,		0,		0,
250  &rip6_usrreqs
251},
252};
253
254#if NGIF > 0
255struct ip6protosw in6_gif_protosw =
256{ SOCK_RAW,	&inet6domain,	0/*IPPROTO_IPV[46]*/,	PR_ATOMIC|PR_ADDR,
257  in6_gif_input, rip6_output,	0,		rip6_ctloutput,
258  0,
259  0,            0,              0,              0,
260  &rip6_usrreqs
261};
262#endif /*NGIF*/
263
264extern int in6_inithead __P((void **, int));
265
266struct domain inet6domain =
267    { AF_INET6, "internet6", 0, 0, 0,
268      (struct protosw *)inet6sw,
269      (struct protosw *)&inet6sw[sizeof(inet6sw)/sizeof(inet6sw[0])], 0,
270      in6_inithead,
271      offsetof(struct sockaddr_in6, sin6_addr) << 3,
272      sizeof(struct sockaddr_in6) };
273
274DOMAIN_SET(inet6);
275
276/*
277 * Internet configuration info
278 */
279#ifndef	IPV6FORWARDING
280#ifdef GATEWAY6
281#define	IPV6FORWARDING	1	/* forward IP6 packets not for us */
282#else
283#define	IPV6FORWARDING	0	/* don't forward IP6 packets not for us */
284#endif /* GATEWAY6 */
285#endif /* !IPV6FORWARDING */
286
287#ifndef	IPV6_SENDREDIRECTS
288#define	IPV6_SENDREDIRECTS	1
289#endif
290
291int	ip6_forwarding = IPV6FORWARDING;	/* act as router? */
292int	ip6_sendredirects = IPV6_SENDREDIRECTS;
293int	ip6_defhlim = IPV6_DEFHLIM;
294int	ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS;
295int	ip6_accept_rtadv = 0;	/* "IPV6FORWARDING ? 0 : 1" is dangerous */
296int	ip6_maxfragpackets;	/* initialized in frag6.c:frag6_init() */
297int	ip6_log_interval = 5;
298int	ip6_hdrnestlimit = 50;	/* appropriate? */
299int	ip6_dad_count = 1;	/* DupAddrDetectionTransmits */
300u_int32_t ip6_flow_seq;
301int	ip6_auto_flowlabel = 1;
302#if NGIF > 0
303int	ip6_gif_hlim = GIF_HLIM;
304#else
305int	ip6_gif_hlim = 0;
306#endif
307int	ip6_use_deprecated = 1;	/* allow deprecated addr (RFC2462 5.5.4) */
308int	ip6_rr_prune = 5;	/* router renumbering prefix
309				 * walk list every 5 sec.    */
310int	ip6_v6only = 0;
311
312u_int32_t ip6_id = 0UL;
313int	ip6_keepfaith = 0;
314time_t	ip6_log_time = (time_t)0L;
315
316/* icmp6 */
317/*
318 * BSDI4 defines these variables in in_proto.c...
319 * XXX: what if we don't define INET? Should we define pmtu6_expire
320 * or so? (jinmei@kame.net 19990310)
321 */
322int pmtu_expire = 60*10;
323int pmtu_probe = 60*2;
324
325/* raw IP6 parameters */
326/*
327 * Nominal space allocated to a raw ip socket.
328 */
329#define	RIPV6SNDQ	8192
330#define	RIPV6RCVQ	8192
331
332u_long	rip6_sendspace = RIPV6SNDQ;
333u_long	rip6_recvspace = RIPV6RCVQ;
334
335/* ICMPV6 parameters */
336int	icmp6_rediraccept = 1;		/* accept and process redirects */
337int	icmp6_redirtimeout = 10 * 60;	/* 10 minutes */
338int	icmp6errppslim = 100;		/* 100pps */
339int	icmp6_nodeinfo = 3;		/* enable/disable NI response */
340
341/* UDP on IP6 parameters */
342int	udp6_sendspace = 9216;		/* really max datagram size */
343int	udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6));
344					/* 40 1K datagrams */
345
346/*
347 * sysctl related items.
348 */
349SYSCTL_NODE(_net,	PF_INET6,	inet6,	CTLFLAG_RW,	0,
350	"Internet6 Family");
351
352/* net.inet6 */
353SYSCTL_NODE(_net_inet6,	IPPROTO_IPV6,	ip6,	CTLFLAG_RW, 0,	"IP6");
354SYSCTL_NODE(_net_inet6,	IPPROTO_ICMPV6,	icmp6,	CTLFLAG_RW, 0,	"ICMP6");
355SYSCTL_NODE(_net_inet6,	IPPROTO_UDP,	udp6,	CTLFLAG_RW, 0,	"UDP6");
356SYSCTL_NODE(_net_inet6,	IPPROTO_TCP,	tcp6,	CTLFLAG_RW, 0,	"TCP6");
357#ifdef IPSEC
358SYSCTL_NODE(_net_inet6,	IPPROTO_ESP,	ipsec6,	CTLFLAG_RW, 0,	"IPSEC6");
359#endif /* IPSEC */
360
361/* net.inet6.ip6 */
362static int
363sysctl_ip6_temppltime(SYSCTL_HANDLER_ARGS)
364{
365	int error = 0;
366	int old;
367
368	error = SYSCTL_OUT(req, arg1, sizeof(int));
369	if (error || !req->newptr)
370		return (error);
371	old = ip6_temp_preferred_lifetime;
372	error = SYSCTL_IN(req, arg1, sizeof(int));
373	if (ip6_temp_preferred_lifetime <
374	    ip6_desync_factor + ip6_temp_regen_advance) {
375		ip6_temp_preferred_lifetime = old;
376		return(EINVAL);
377	}
378	return(error);
379}
380
381static int
382sysctl_ip6_tempvltime(SYSCTL_HANDLER_ARGS)
383{
384	int error = 0;
385	int old;
386
387	error = SYSCTL_OUT(req, arg1, sizeof(int));
388	if (error || !req->newptr)
389		return (error);
390	old = ip6_temp_valid_lifetime;
391	error = SYSCTL_IN(req, arg1, sizeof(int));
392	if (ip6_temp_valid_lifetime < ip6_temp_preferred_lifetime) {
393		ip6_temp_preferred_lifetime = old;
394		return(EINVAL);
395	}
396	return(error);
397}
398
399SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING,
400	forwarding, CTLFLAG_RW, 	&ip6_forwarding,	0, "");
401SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS,
402	redirect, CTLFLAG_RW,		&ip6_sendredirects,	0, "");
403SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM,
404	hlim, CTLFLAG_RW,		&ip6_defhlim,	0, "");
405SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS,
406	maxfragpackets, CTLFLAG_RW,	&ip6_maxfragpackets,	0, "");
407SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV,
408	accept_rtadv, CTLFLAG_RW,	&ip6_accept_rtadv,	0, "");
409SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH,
410	keepfaith, CTLFLAG_RW,		&ip6_keepfaith,	0, "");
411SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL,
412	log_interval, CTLFLAG_RW,	&ip6_log_interval,	0, "");
413SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT,
414	hdrnestlimit, CTLFLAG_RW,	&ip6_hdrnestlimit,	0, "");
415SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT,
416	dad_count, CTLFLAG_RW,	&ip6_dad_count,	0, "");
417SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL,
418	auto_flowlabel, CTLFLAG_RW,	&ip6_auto_flowlabel,	0, "");
419SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM,
420	defmcasthlim, CTLFLAG_RW,	&ip6_defmcasthlim,	0, "");
421SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM,
422	gifhlim, CTLFLAG_RW,	&ip6_gif_hlim,			0, "");
423SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION,
424	kame_version, CTLFLAG_RD,	__KAME_VERSION,		0, "");
425SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED,
426	use_deprecated, CTLFLAG_RW,	&ip6_use_deprecated,	0, "");
427SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE,
428	rr_prune, CTLFLAG_RW,	&ip6_rr_prune,			0, "");
429SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR,
430	use_tempaddr, CTLFLAG_RW, &ip6_use_tempaddr,		0, "");
431SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime,
432	   CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_preferred_lifetime, 0,
433	   sysctl_ip6_temppltime, "I", "");
434SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime,
435	   CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_valid_lifetime, 0,
436	   sysctl_ip6_tempvltime, "I", "");
437SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY,
438	v6only,	CTLFLAG_RW,	&ip6_v6only,			0, "");
439SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL,
440	auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal,	0, "");
441SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD,
442	&rip6stat, rip6stat, "");
443
444/* net.inet6.icmp6 */
445SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
446	rediraccept, CTLFLAG_RW,	&icmp6_rediraccept,	0, "");
447SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT,
448	redirtimeout, CTLFLAG_RW,	&icmp6_redirtimeout,	0, "");
449SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD,
450	&icmp6stat, icmp6stat, "");
451SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE,
452	nd6_prune, CTLFLAG_RW,		&nd6_prune,	0, "");
453SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY,
454	nd6_delay, CTLFLAG_RW,		&nd6_delay,	0, "");
455SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES,
456	nd6_umaxtries, CTLFLAG_RW,	&nd6_umaxtries,	0, "");
457SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES,
458	nd6_mmaxtries, CTLFLAG_RW,	&nd6_mmaxtries,	0, "");
459SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK,
460	nd6_useloopback, CTLFLAG_RW,	&nd6_useloopback, 0, "");
461SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO,
462	nodeinfo, CTLFLAG_RW,	&icmp6_nodeinfo,	0, "");
463SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT,
464	errppslimit, CTLFLAG_RW,	&icmp6errppslim,	0, "");
465SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT,
466	nd6_maxnudhint, CTLFLAG_RW,	&nd6_maxnudhint, 0, "");
467SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG,
468	nd6_debug, CTLFLAG_RW,	&nd6_debug,		0, "");
469