ip6_forward.c revision 171167
162587Sitojun/* $FreeBSD: head/sys/netinet6/ip6_forward.c 171167 2007-07-03 12:13:45Z gnn $ */ 278064Sume/* $KAME: ip6_forward.c,v 1.69 2001/05/17 03:48:30 itojun Exp $ */ 362587Sitojun 4139826Simp/*- 553541Sshin * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 653541Sshin * All rights reserved. 753541Sshin * 853541Sshin * Redistribution and use in source and binary forms, with or without 953541Sshin * modification, are permitted provided that the following conditions 1053541Sshin * are met: 1153541Sshin * 1. Redistributions of source code must retain the above copyright 1253541Sshin * notice, this list of conditions and the following disclaimer. 1353541Sshin * 2. Redistributions in binary form must reproduce the above copyright 1453541Sshin * notice, this list of conditions and the following disclaimer in the 1553541Sshin * documentation and/or other materials provided with the distribution. 1653541Sshin * 3. Neither the name of the project nor the names of its contributors 1753541Sshin * may be used to endorse or promote products derived from this software 1853541Sshin * without specific prior written permission. 1953541Sshin * 2053541Sshin * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 2153541Sshin * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2253541Sshin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2353541Sshin * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2453541Sshin * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2553541Sshin * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2653541Sshin * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2753541Sshin * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2853541Sshin * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2953541Sshin * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3053541Sshin * SUCH DAMAGE. 3153541Sshin */ 3253541Sshin 3362587Sitojun#include "opt_inet.h" 3462587Sitojun#include "opt_inet6.h" 3555009Sshin#include "opt_ipsec.h" 36148921Ssuz#include "opt_ipstealth.h" 3753541Sshin 3853541Sshin#include <sys/param.h> 3953541Sshin#include <sys/systm.h> 4078064Sume#include <sys/malloc.h> 4153541Sshin#include <sys/mbuf.h> 4253541Sshin#include <sys/domain.h> 4353541Sshin#include <sys/protosw.h> 4453541Sshin#include <sys/socket.h> 4553541Sshin#include <sys/errno.h> 4653541Sshin#include <sys/time.h> 4778064Sume#include <sys/kernel.h> 4853541Sshin#include <sys/syslog.h> 4953541Sshin 5053541Sshin#include <net/if.h> 5153541Sshin#include <net/route.h> 5284994Sdarrenr#include <net/pfil.h> 5353541Sshin 5453541Sshin#include <netinet/in.h> 5553541Sshin#include <netinet/in_var.h> 5678064Sume#include <netinet/in_systm.h> 5778064Sume#include <netinet/ip.h> 5862587Sitojun#include <netinet/ip_var.h> 5978064Sume#include <netinet6/in6_var.h> 6062587Sitojun#include <netinet/ip6.h> 6153541Sshin#include <netinet6/ip6_var.h> 62148385Sume#include <netinet6/scope6_var.h> 6362587Sitojun#include <netinet/icmp6.h> 6453541Sshin#include <netinet6/nd6.h> 6553541Sshin 6678064Sume#include <netinet/in_pcb.h> 6778064Sume 68171167Sgnn#ifdef IPSEC 69105199Ssam#include <netipsec/ipsec.h> 70105199Ssam#include <netipsec/ipsec6.h> 71105199Ssam#include <netipsec/key.h> 72171167Sgnn#endif /* IPSEC */ 73105199Ssam 7484994Sdarrenr#include <netinet6/ip6protosw.h> 7584994Sdarrenr 7653541Sshinstruct route_in6 ip6_forward_rt; 7753541Sshin 7853541Sshin/* 7953541Sshin * Forward a packet. If some error occurs return the sender 8053541Sshin * an icmp packet. Note we can't always generate a meaningful 8153541Sshin * icmp message because icmp doesn't have a large enough repertoire 8253541Sshin * of codes and types. 8353541Sshin * 8453541Sshin * If not forwarding, just drop the packet. This could be confusing 8553541Sshin * if ipforwarding was zero but some routing protocol was advancing 8653541Sshin * us as a gateway to somewhere. However, we must let the routing 8753541Sshin * protocol deal with that. 8853541Sshin * 8953541Sshin */ 9053541Sshin 9153541Sshinvoid 9253541Sshinip6_forward(m, srcrt) 9353541Sshin struct mbuf *m; 9453541Sshin int srcrt; 9553541Sshin{ 9653541Sshin struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 97122062Sume struct sockaddr_in6 *dst = NULL; 98122062Sume struct rtentry *rt = NULL; 9953541Sshin int error, type = 0, code = 0; 10062587Sitojun struct mbuf *mcopy = NULL; 10162587Sitojun struct ifnet *origifp; /* maybe unnecessary */ 102148385Sume u_int32_t inzone, outzone; 103148385Sume struct in6_addr src_in6, dst_in6; 104171167Sgnn#ifdef IPSEC 10553541Sshin struct secpolicy *sp = NULL; 106122062Sume int ipsecrt = 0; 10753541Sshin#endif 108165118Sbz char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; 10953541Sshin 110158295Sbz GIANT_REQUIRED; /* XXX bz: ip6_forward_rt */ 111158295Sbz 112171167Sgnn#ifdef IPSEC 11353541Sshin /* 11453541Sshin * Check AH/ESP integrity. 11553541Sshin */ 11653541Sshin /* 11753541Sshin * Don't increment ip6s_cantforward because this is the check 11853541Sshin * before forwarding packet actually. 11953541Sshin */ 12053541Sshin if (ipsec6_in_reject(m, NULL)) { 12153541Sshin ipsec6stat.in_polvio++; 12253541Sshin m_freem(m); 12353541Sshin return; 12453541Sshin } 125171167Sgnn#endif /* IPSEC */ 12653541Sshin 12778064Sume /* 12878064Sume * Do not forward packets to multicast destination (should be handled 12978064Sume * by ip6_mforward(). 13078064Sume * Do not forward packets with unspecified source. It was discussed 131120913Sume * in July 2000, on the ipngwg mailing list. 13278064Sume */ 13362587Sitojun if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 || 13478064Sume IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || 13578064Sume IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) { 13653541Sshin ip6stat.ip6s_cantforward++; 13753541Sshin /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ 13853541Sshin if (ip6_log_time + ip6_log_interval < time_second) { 13953541Sshin ip6_log_time = time_second; 14053541Sshin log(LOG_DEBUG, 14153541Sshin "cannot forward " 14253541Sshin "from %s to %s nxt %d received on %s\n", 143165118Sbz ip6_sprintf(ip6bufs, &ip6->ip6_src), 144165118Sbz ip6_sprintf(ip6bufd, &ip6->ip6_dst), 14553541Sshin ip6->ip6_nxt, 14653541Sshin if_name(m->m_pkthdr.rcvif)); 14753541Sshin } 14853541Sshin m_freem(m); 14953541Sshin return; 15053541Sshin } 15153541Sshin 152148921Ssuz#ifdef IPSTEALTH 153148921Ssuz if (!ip6stealth) { 154148921Ssuz#endif 15553541Sshin if (ip6->ip6_hlim <= IPV6_HLIMDEC) { 15653541Sshin /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */ 15753541Sshin icmp6_error(m, ICMP6_TIME_EXCEEDED, 15853541Sshin ICMP6_TIME_EXCEED_TRANSIT, 0); 15953541Sshin return; 16053541Sshin } 16153541Sshin ip6->ip6_hlim -= IPV6_HLIMDEC; 16253541Sshin 163148921Ssuz#ifdef IPSTEALTH 164148921Ssuz } 165148921Ssuz#endif 166148921Ssuz 16762587Sitojun /* 16862587Sitojun * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU - 16962587Sitojun * size of IPv6 + ICMPv6 headers) bytes of the packet in case 17062587Sitojun * we need to generate an ICMP6 message to the src. 17162587Sitojun * Thanks to M_EXT, in most cases copy will not occur. 17262587Sitojun * 17362587Sitojun * It is important to save it before IPsec processing as IPsec 17462587Sitojun * processing may modify the mbuf. 17562587Sitojun */ 17662587Sitojun mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN)); 17762587Sitojun 178171167Sgnn#ifdef IPSEC 17953541Sshin /* get a security policy for this packet */ 180171133Sgnn sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 181120913Sume IP_FORWARDING, &error); 18253541Sshin if (sp == NULL) { 18353541Sshin ipsec6stat.out_inval++; 18453541Sshin ip6stat.ip6s_cantforward++; 18562587Sitojun if (mcopy) { 18662587Sitojun#if 0 18762587Sitojun /* XXX: what icmp ? */ 18862587Sitojun#else 18962587Sitojun m_freem(mcopy); 19062587Sitojun#endif 19162587Sitojun } 19253541Sshin m_freem(m); 19353541Sshin return; 19453541Sshin } 19553541Sshin 19653541Sshin error = 0; 19753541Sshin 19853541Sshin /* check policy */ 19953541Sshin switch (sp->policy) { 20053541Sshin case IPSEC_POLICY_DISCARD: 20153541Sshin /* 20253541Sshin * This packet is just discarded. 20353541Sshin */ 20453541Sshin ipsec6stat.out_polvio++; 20553541Sshin ip6stat.ip6s_cantforward++; 206171133Sgnn KEY_FREESP(&sp); 20762587Sitojun if (mcopy) { 20862587Sitojun#if 0 20962587Sitojun /* XXX: what icmp ? */ 21062587Sitojun#else 21162587Sitojun m_freem(mcopy); 21262587Sitojun#endif 21362587Sitojun } 21453541Sshin m_freem(m); 21553541Sshin return; 21653541Sshin 21753541Sshin case IPSEC_POLICY_BYPASS: 21853541Sshin case IPSEC_POLICY_NONE: 21953541Sshin /* no need to do IPsec. */ 220171133Sgnn KEY_FREESP(&sp); 22153541Sshin goto skip_ipsec; 22262587Sitojun 22353541Sshin case IPSEC_POLICY_IPSEC: 22453541Sshin if (sp->req == NULL) { 22553541Sshin /* XXX should be panic ? */ 22653541Sshin printf("ip6_forward: No IPsec request specified.\n"); 22753541Sshin ip6stat.ip6s_cantforward++; 228171133Sgnn KEY_FREESP(&sp); 22962587Sitojun if (mcopy) { 23062587Sitojun#if 0 23162587Sitojun /* XXX: what icmp ? */ 23262587Sitojun#else 23362587Sitojun m_freem(mcopy); 23462587Sitojun#endif 23562587Sitojun } 23653541Sshin m_freem(m); 23753541Sshin return; 23853541Sshin } 23953541Sshin /* do IPsec */ 24053541Sshin break; 24153541Sshin 24253541Sshin case IPSEC_POLICY_ENTRUST: 24353541Sshin default: 24453541Sshin /* should be panic ?? */ 24553541Sshin printf("ip6_forward: Invalid policy found. %d\n", sp->policy); 246171133Sgnn KEY_FREESP(&sp); 24753541Sshin goto skip_ipsec; 24853541Sshin } 24953541Sshin 25053541Sshin { 251122062Sume struct ipsecrequest *isr = NULL; 25253541Sshin struct ipsec_output_state state; 25353541Sshin 25453541Sshin /* 255122062Sume * when the kernel forwards a packet, it is not proper to apply 256122062Sume * IPsec transport mode to the packet is not proper. this check 257122062Sume * avoid from this. 258122062Sume * at present, if there is even a transport mode SA request in the 259122062Sume * security policy, the kernel does not apply IPsec to the packet. 260122062Sume * this check is not enough because the following case is valid. 261122062Sume * ipsec esp/tunnel/xxx-xxx/require esp/transport//require; 262122062Sume */ 263122062Sume for (isr = sp->req; isr; isr = isr->next) { 264126006Sume if (isr->saidx.mode == IPSEC_MODE_ANY) 265126006Sume goto doipsectunnel; 266126006Sume if (isr->saidx.mode == IPSEC_MODE_TUNNEL) 267126006Sume goto doipsectunnel; 268122062Sume } 269122062Sume 270122062Sume /* 271126006Sume * if there's no need for tunnel mode IPsec, skip. 272126006Sume */ 273126006Sume if (!isr) 274126006Sume goto skip_ipsec; 275126006Sume 276126006Sume doipsectunnel: 277126006Sume /* 27853541Sshin * All the extension headers will become inaccessible 27953541Sshin * (since they can be encrypted). 28053541Sshin * Don't panic, we need no more updates to extension headers 28153541Sshin * on inner IPv6 packet (since they are now encapsulated). 28253541Sshin * 28353541Sshin * IPv6 [ESP|AH] IPv6 [extension headers] payload 28453541Sshin */ 28553541Sshin bzero(&state, sizeof(state)); 28653541Sshin state.m = m; 28753541Sshin state.ro = NULL; /* update at ipsec6_output_tunnel() */ 28853541Sshin state.dst = NULL; /* update at ipsec6_output_tunnel() */ 28953541Sshin 29053541Sshin error = ipsec6_output_tunnel(&state, sp, 0); 29153541Sshin 29253541Sshin m = state.m; 293171133Sgnn KEY_FREESP(&sp); 29453541Sshin 29553541Sshin if (error) { 29653541Sshin /* mbuf is already reclaimed in ipsec6_output_tunnel. */ 29753541Sshin switch (error) { 29853541Sshin case EHOSTUNREACH: 29953541Sshin case ENETUNREACH: 30053541Sshin case EMSGSIZE: 30153541Sshin case ENOBUFS: 30253541Sshin case ENOMEM: 30353541Sshin break; 30453541Sshin default: 30553541Sshin printf("ip6_output (ipsec): error code %d\n", error); 306120913Sume /* FALLTHROUGH */ 30753541Sshin case ENOENT: 30853541Sshin /* don't show these error codes to the user */ 30953541Sshin break; 31053541Sshin } 31153541Sshin ip6stat.ip6s_cantforward++; 31262587Sitojun if (mcopy) { 31362587Sitojun#if 0 31462587Sitojun /* XXX: what icmp ? */ 31562587Sitojun#else 31662587Sitojun m_freem(mcopy); 31762587Sitojun#endif 31862587Sitojun } 31953541Sshin m_freem(m); 32053541Sshin return; 321171133Sgnn } else { 322171133Sgnn /* 323171133Sgnn * In the FAST IPSec case we have already 324171133Sgnn * re-injected the packet and it has been freed 325171133Sgnn * by the ipsec_done() function. So, just clean 326171133Sgnn * up after ourselves. 327171133Sgnn */ 328171133Sgnn m = NULL; 329171133Sgnn goto freecopy; 33053541Sshin } 331122062Sume 332171133Sgnn if ((m != NULL) && (ip6 != mtod(m, struct ip6_hdr *)) ){ 333126006Sume /* 334126006Sume * now tunnel mode headers are added. we are originating 335126006Sume * packet instead of forwarding the packet. 336126006Sume */ 337126006Sume ip6_output(m, NULL, NULL, IPV6_FORWARDING/*XXX*/, NULL, NULL, 338126006Sume NULL); 339126006Sume goto freecopy; 340126006Sume } 341126006Sume 342122062Sume /* adjust pointer */ 343122062Sume dst = (struct sockaddr_in6 *)state.dst; 344122062Sume rt = state.ro ? state.ro->ro_rt : NULL; 345122062Sume if (dst != NULL && rt != NULL) 346122062Sume ipsecrt = 1; 34753541Sshin } 34853541Sshin skip_ipsec: 349171167Sgnn#endif /* IPSEC */ 35053541Sshin 351171167Sgnn#ifdef IPSEC 352122062Sume if (ipsecrt) 353122062Sume goto skip_routing; 354122062Sume#endif 355122062Sume 35678064Sume dst = (struct sockaddr_in6 *)&ip6_forward_rt.ro_dst; 35753541Sshin if (!srcrt) { 358120913Sume /* ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst */ 35953541Sshin if (ip6_forward_rt.ro_rt == 0 || 36053541Sshin (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0) { 36153541Sshin if (ip6_forward_rt.ro_rt) { 36253541Sshin RTFREE(ip6_forward_rt.ro_rt); 36353541Sshin ip6_forward_rt.ro_rt = 0; 36453541Sshin } 365120913Sume 36653541Sshin /* this probably fails but give it a try again */ 367122921Sandre rtalloc((struct route *)&ip6_forward_rt); 36853541Sshin } 36962587Sitojun 37053541Sshin if (ip6_forward_rt.ro_rt == 0) { 37153541Sshin ip6stat.ip6s_noroute++; 37278064Sume in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute); 37362587Sitojun if (mcopy) { 37462587Sitojun icmp6_error(mcopy, ICMP6_DST_UNREACH, 37562587Sitojun ICMP6_DST_UNREACH_NOROUTE, 0); 37662587Sitojun } 37762587Sitojun m_freem(m); 37853541Sshin return; 37953541Sshin } 38053541Sshin } else if ((rt = ip6_forward_rt.ro_rt) == 0 || 381120913Sume !IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr)) { 38253541Sshin if (ip6_forward_rt.ro_rt) { 38353541Sshin RTFREE(ip6_forward_rt.ro_rt); 38453541Sshin ip6_forward_rt.ro_rt = 0; 38553541Sshin } 38653541Sshin bzero(dst, sizeof(*dst)); 38753541Sshin dst->sin6_len = sizeof(struct sockaddr_in6); 38853541Sshin dst->sin6_family = AF_INET6; 38953541Sshin dst->sin6_addr = ip6->ip6_dst; 39053541Sshin 391122921Sandre rtalloc((struct route *)&ip6_forward_rt); 39253541Sshin if (ip6_forward_rt.ro_rt == 0) { 39353541Sshin ip6stat.ip6s_noroute++; 39478064Sume in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute); 39562587Sitojun if (mcopy) { 39662587Sitojun icmp6_error(mcopy, ICMP6_DST_UNREACH, 39762587Sitojun ICMP6_DST_UNREACH_NOROUTE, 0); 39862587Sitojun } 39962587Sitojun m_freem(m); 40053541Sshin return; 40153541Sshin } 40253541Sshin } 40353541Sshin rt = ip6_forward_rt.ro_rt; 404171167Sgnn#ifdef IPSEC 405122062Sume skip_routing:; 406122062Sume#endif 40762587Sitojun 40862587Sitojun /* 409148385Sume * Source scope check: if a packet can't be delivered to its 410148385Sume * destination for the reason that the destination is beyond the scope 411148385Sume * of the source address, discard the packet and return an icmp6 412148385Sume * destination unreachable error with Code 2 (beyond scope of source 413148385Sume * address). We use a local copy of ip6_src, since in6_setscope() 414148385Sume * will possibly modify its first argument. 415148385Sume * [draft-ietf-ipngwg-icmp-v3-04.txt, Section 3.1] 41662587Sitojun */ 417148385Sume src_in6 = ip6->ip6_src; 418148385Sume if (in6_setscope(&src_in6, rt->rt_ifp, &outzone)) { 419122062Sume /* XXX: this should not happen */ 42062587Sitojun ip6stat.ip6s_cantforward++; 42162587Sitojun ip6stat.ip6s_badscope++; 422122062Sume m_freem(m); 423122062Sume return; 424122062Sume } 425148385Sume if (in6_setscope(&src_in6, m->m_pkthdr.rcvif, &inzone)) { 426148385Sume ip6stat.ip6s_cantforward++; 427148385Sume ip6stat.ip6s_badscope++; 428148385Sume m_freem(m); 429148385Sume return; 430148385Sume } 431148385Sume if (inzone != outzone 432171167Sgnn#ifdef IPSEC 433122062Sume && !ipsecrt 434122062Sume#endif 435122062Sume ) { 436122062Sume ip6stat.ip6s_cantforward++; 437122062Sume ip6stat.ip6s_badscope++; 43862587Sitojun in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard); 43962587Sitojun 44062587Sitojun if (ip6_log_time + ip6_log_interval < time_second) { 44162587Sitojun ip6_log_time = time_second; 44262587Sitojun log(LOG_DEBUG, 44362587Sitojun "cannot forward " 44462587Sitojun "src %s, dst %s, nxt %d, rcvif %s, outif %s\n", 445165118Sbz ip6_sprintf(ip6bufs, &ip6->ip6_src), 446165118Sbz ip6_sprintf(ip6bufd, &ip6->ip6_dst), 44762587Sitojun ip6->ip6_nxt, 44862587Sitojun if_name(m->m_pkthdr.rcvif), if_name(rt->rt_ifp)); 44962587Sitojun } 45062587Sitojun if (mcopy) 45162587Sitojun icmp6_error(mcopy, ICMP6_DST_UNREACH, 45262587Sitojun ICMP6_DST_UNREACH_BEYONDSCOPE, 0); 45362587Sitojun m_freem(m); 45462587Sitojun return; 45562587Sitojun } 45662587Sitojun 457148385Sume /* 458148385Sume * Destination scope check: if a packet is going to break the scope 459148385Sume * zone of packet's destination address, discard it. This case should 460148385Sume * usually be prevented by appropriately-configured routing table, but 461148385Sume * we need an explicit check because we may mistakenly forward the 462148385Sume * packet to a different zone by (e.g.) a default route. 463148385Sume */ 464148385Sume dst_in6 = ip6->ip6_dst; 465148385Sume if (in6_setscope(&dst_in6, m->m_pkthdr.rcvif, &inzone) != 0 || 466148385Sume in6_setscope(&dst_in6, rt->rt_ifp, &outzone) != 0 || 467148385Sume inzone != outzone) { 468148385Sume ip6stat.ip6s_cantforward++; 469148385Sume ip6stat.ip6s_badscope++; 470148385Sume m_freem(m); 471148385Sume return; 472148385Sume } 473148385Sume 474121283Sume if (m->m_pkthdr.len > IN6_LINKMTU(rt->rt_ifp)) { 47553541Sshin in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig); 47662587Sitojun if (mcopy) { 47762587Sitojun u_long mtu; 478171167Sgnn#ifdef IPSEC 47962587Sitojun struct secpolicy *sp; 48062587Sitojun int ipsecerror; 48162587Sitojun size_t ipsechdrsiz; 482171167Sgnn#endif /* IPSEC */ 48362587Sitojun 484121283Sume mtu = IN6_LINKMTU(rt->rt_ifp); 485171167Sgnn#ifdef IPSEC 48662587Sitojun /* 48762587Sitojun * When we do IPsec tunnel ingress, we need to play 488122062Sume * with the link value (decrement IPsec header size 48962587Sitojun * from mtu value). The code is much simpler than v4 49062587Sitojun * case, as we have the outgoing interface for 49162587Sitojun * encapsulated packet as "rt->rt_ifp". 49262587Sitojun */ 493171133Sgnn sp = ipsec_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND, 49462587Sitojun IP_FORWARDING, &ipsecerror); 49562587Sitojun if (sp) { 49662587Sitojun ipsechdrsiz = ipsec6_hdrsiz(mcopy, 49762587Sitojun IPSEC_DIR_OUTBOUND, NULL); 49862587Sitojun if (ipsechdrsiz < mtu) 49962587Sitojun mtu -= ipsechdrsiz; 50062587Sitojun } 50162587Sitojun 50262587Sitojun /* 50362587Sitojun * if mtu becomes less than minimum MTU, 50462587Sitojun * tell minimum MTU (and I'll need to fragment it). 50562587Sitojun */ 50662587Sitojun if (mtu < IPV6_MMTU) 50762587Sitojun mtu = IPV6_MMTU; 508171167Sgnn#endif /* IPSEC */ 50962587Sitojun icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu); 51062587Sitojun } 51162587Sitojun m_freem(m); 51253541Sshin return; 513120913Sume } 51453541Sshin 51553541Sshin if (rt->rt_flags & RTF_GATEWAY) 51653541Sshin dst = (struct sockaddr_in6 *)rt->rt_gateway; 51753541Sshin 51853541Sshin /* 51953541Sshin * If we are to forward the packet using the same interface 52053541Sshin * as one we got the packet from, perhaps we should send a redirect 52153541Sshin * to sender to shortcut a hop. 52253541Sshin * Only send redirect if source is sending directly to us, 52353541Sshin * and if packet was not source routed (or has any options). 52453541Sshin * Also, don't send redirect if forwarding using a route 52553541Sshin * modified by a redirect. 52653541Sshin */ 527162045Sjhay if (ip6_sendredirects && rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt && 528171167Sgnn#ifdef IPSEC 529122062Sume !ipsecrt && 530171167Sgnn#endif /* IPSEC */ 53178064Sume (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) { 53278064Sume if ((rt->rt_ifp->if_flags & IFF_POINTOPOINT) != 0) { 53378064Sume /* 53478064Sume * If the incoming interface is equal to the outgoing 53578064Sume * one, and the link attached to the interface is 53678064Sume * point-to-point, then it will be highly probable 53778064Sume * that a routing loop occurs. Thus, we immediately 53878064Sume * drop the packet and send an ICMPv6 error message. 53978064Sume * 54078064Sume * type/code is based on suggestion by Rich Draves. 54178064Sume * not sure if it is the best pick. 54278064Sume */ 54378064Sume icmp6_error(mcopy, ICMP6_DST_UNREACH, 54478064Sume ICMP6_DST_UNREACH_ADDR, 0); 54578064Sume m_freem(m); 54678064Sume return; 54778064Sume } 54853541Sshin type = ND_REDIRECT; 54978064Sume } 55053541Sshin 55153541Sshin /* 55262587Sitojun * Fake scoped addresses. Note that even link-local source or 55362587Sitojun * destinaion can appear, if the originating node just sends the 55462587Sitojun * packet to us (without address resolution for the destination). 55562587Sitojun * Since both icmp6_error and icmp6_redirect_output fill the embedded 55678064Sume * link identifiers, we can do this stuff after making a copy for 55778064Sume * returning an error. 55862587Sitojun */ 55962587Sitojun if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) { 56062587Sitojun /* 56162587Sitojun * See corresponding comments in ip6_output. 56262587Sitojun * XXX: but is it possible that ip6_forward() sends a packet 56362587Sitojun * to a loopback interface? I don't think so, and thus 56462587Sitojun * I bark here. (jinmei@kame.net) 56562587Sitojun * XXX: it is common to route invalid packets to loopback. 56662587Sitojun * also, the codepath will be visited on use of ::1 in 56762587Sitojun * rthdr. (itojun) 56862587Sitojun */ 56962587Sitojun#if 1 57062587Sitojun if (0) 57162587Sitojun#else 57262587Sitojun if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0) 57362587Sitojun#endif 57462587Sitojun { 57562587Sitojun printf("ip6_forward: outgoing interface is loopback. " 576120913Sume "src %s, dst %s, nxt %d, rcvif %s, outif %s\n", 577165118Sbz ip6_sprintf(ip6bufs, &ip6->ip6_src), 578165118Sbz ip6_sprintf(ip6bufd, &ip6->ip6_dst), 579120913Sume ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif), 580120913Sume if_name(rt->rt_ifp)); 58162587Sitojun } 58262587Sitojun 58378064Sume /* we can just use rcvif in forwarding. */ 58478064Sume origifp = m->m_pkthdr.rcvif; 58562587Sitojun } 58662587Sitojun else 58762587Sitojun origifp = rt->rt_ifp; 58878064Sume /* 58978064Sume * clear embedded scope identifiers if necessary. 59078064Sume * in6_clearscope will touch the addresses only when necessary. 59178064Sume */ 59278064Sume in6_clearscope(&ip6->ip6_src); 59378064Sume in6_clearscope(&ip6->ip6_dst); 59462587Sitojun 595134383Sandre /* Jump over all PFIL processing if hooks are not active. */ 596155201Scsjp if (!PFIL_HOOKED(&inet6_pfil_hook)) 597134383Sandre goto pass; 598134383Sandre 599134383Sandre /* Run through list of hooks for output packets. */ 600135920Smlaier error = pfil_run_hooks(&inet6_pfil_hook, &m, rt->rt_ifp, PFIL_OUT, NULL); 601120593Ssam if (error != 0) 602120593Ssam goto senderr; 603120386Ssam if (m == NULL) 604120386Ssam goto freecopy; 605120386Ssam ip6 = mtod(m, struct ip6_hdr *); 60684994Sdarrenr 607134383Sandrepass: 60862587Sitojun error = nd6_output(rt->rt_ifp, origifp, m, dst, rt); 60953541Sshin if (error) { 61053541Sshin in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard); 61153541Sshin ip6stat.ip6s_cantforward++; 61253541Sshin } else { 61353541Sshin ip6stat.ip6s_forward++; 61453541Sshin in6_ifstat_inc(rt->rt_ifp, ifs6_out_forward); 61553541Sshin if (type) 61653541Sshin ip6stat.ip6s_redirectsent++; 61753541Sshin else { 61853541Sshin if (mcopy) 61953541Sshin goto freecopy; 62053541Sshin } 62153541Sshin } 622120913Sume 623120593Ssamsenderr: 62453541Sshin if (mcopy == NULL) 62553541Sshin return; 62653541Sshin switch (error) { 62753541Sshin case 0: 62853541Sshin if (type == ND_REDIRECT) { 62953541Sshin icmp6_redirect_output(mcopy, rt); 63053541Sshin return; 63153541Sshin } 63253541Sshin goto freecopy; 63353541Sshin 63453541Sshin case EMSGSIZE: 63553541Sshin /* xxx MTU is constant in PPP? */ 63653541Sshin goto freecopy; 63753541Sshin 63853541Sshin case ENOBUFS: 63953541Sshin /* Tell source to slow down like source quench in IP? */ 64053541Sshin goto freecopy; 64153541Sshin 64253541Sshin case ENETUNREACH: /* shouldn't happen, checked above */ 64353541Sshin case EHOSTUNREACH: 64453541Sshin case ENETDOWN: 64553541Sshin case EHOSTDOWN: 64653541Sshin default: 64753541Sshin type = ICMP6_DST_UNREACH; 64853541Sshin code = ICMP6_DST_UNREACH_ADDR; 64953541Sshin break; 65053541Sshin } 65153541Sshin icmp6_error(mcopy, type, code, 0); 65253541Sshin return; 65353541Sshin 65453541Sshin freecopy: 65553541Sshin m_freem(mcopy); 65653541Sshin return; 65753541Sshin} 658