ip6_output.c revision 120856
1/* $FreeBSD: head/sys/netinet6/ip6_output.c 120856 2003-10-06 14:02:09Z ume $ */ 2/* $KAME: ip6_output.c,v 1.279 2002/01/26 06:12:30 jinmei Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33/* 34 * Copyright (c) 1982, 1986, 1988, 1990, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. All advertising materials mentioning features or use of this software 46 * must display the following acknowledgement: 47 * This product includes software developed by the University of 48 * California, Berkeley and its contributors. 49 * 4. Neither the name of the University nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 63 * SUCH DAMAGE. 64 * 65 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 66 */ 67 68#include "opt_ip6fw.h" 69#include "opt_inet.h" 70#include "opt_inet6.h" 71#include "opt_ipsec.h" 72#include "opt_pfil_hooks.h" 73#include "opt_random_ip_id.h" 74 75#include <sys/param.h> 76#include <sys/malloc.h> 77#include <sys/mbuf.h> 78#include <sys/proc.h> 79#include <sys/errno.h> 80#include <sys/protosw.h> 81#include <sys/socket.h> 82#include <sys/socketvar.h> 83#include <sys/systm.h> 84#include <sys/kernel.h> 85 86#include <net/if.h> 87#include <net/route.h> 88#ifdef PFIL_HOOKS 89#include <net/pfil.h> 90#endif 91 92#include <netinet/in.h> 93#include <netinet/in_var.h> 94#include <netinet6/in6_var.h> 95#include <netinet/ip6.h> 96#include <netinet/icmp6.h> 97#include <netinet6/ip6_var.h> 98#include <netinet/in_pcb.h> 99#include <netinet6/nd6.h> 100 101#ifdef IPSEC 102#include <netinet6/ipsec.h> 103#ifdef INET6 104#include <netinet6/ipsec6.h> 105#endif 106#include <netkey/key.h> 107#endif /* IPSEC */ 108 109#ifdef FAST_IPSEC 110#include <netipsec/ipsec.h> 111#include <netipsec/ipsec6.h> 112#include <netipsec/key.h> 113#endif /* FAST_IPSEC */ 114 115#include <netinet6/ip6_fw.h> 116 117#include <net/net_osdep.h> 118 119#include <netinet6/ip6protosw.h> 120 121static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options"); 122 123struct ip6_exthdrs { 124 struct mbuf *ip6e_ip6; 125 struct mbuf *ip6e_hbh; 126 struct mbuf *ip6e_dest1; 127 struct mbuf *ip6e_rthdr; 128 struct mbuf *ip6e_dest2; 129}; 130 131static int ip6_pcbopts __P((struct ip6_pktopts **, struct mbuf *, 132 struct socket *, struct sockopt *sopt)); 133static int ip6_setmoptions __P((int, struct ip6_moptions **, struct mbuf *)); 134static int ip6_getmoptions __P((int, struct ip6_moptions *, struct mbuf **)); 135static int ip6_copyexthdr __P((struct mbuf **, caddr_t, int)); 136static int ip6_insertfraghdr __P((struct mbuf *, struct mbuf *, int, 137 struct ip6_frag **)); 138static int ip6_insert_jumboopt __P((struct ip6_exthdrs *, u_int32_t)); 139static int ip6_splithdr __P((struct mbuf *, struct ip6_exthdrs *)); 140 141/* 142 * IP6 output. The packet in mbuf chain m contains a skeletal IP6 143 * header (with pri, len, nxt, hlim, src, dst). 144 * This function may modify ver and hlim only. 145 * The mbuf chain containing the packet will be freed. 146 * The mbuf opt, if present, will not be freed. 147 * 148 * type of "mtu": rt_rmx.rmx_mtu is u_long, ifnet.ifr_mtu is int, and 149 * nd_ifinfo.linkmtu is u_int32_t. so we use u_long to hold largest one, 150 * which is rt_rmx.rmx_mtu. 151 */ 152int 153ip6_output(m0, opt, ro, flags, im6o, ifpp, inp) 154 struct mbuf *m0; 155 struct ip6_pktopts *opt; 156 struct route_in6 *ro; 157 int flags; 158 struct ip6_moptions *im6o; 159 struct ifnet **ifpp; /* XXX: just for statistics */ 160 struct inpcb *inp; 161{ 162 struct ip6_hdr *ip6, *mhip6; 163 struct ifnet *ifp, *origifp; 164 struct mbuf *m = m0; 165 int hlen, tlen, len, off; 166 struct route_in6 ip6route; 167 struct sockaddr_in6 *dst; 168 int error = 0; 169 struct in6_ifaddr *ia = NULL; 170 u_long mtu; 171 u_int32_t optlen = 0, plen = 0, unfragpartlen = 0; 172 struct ip6_exthdrs exthdrs; 173 struct in6_addr finaldst; 174 struct route_in6 *ro_pmtu = NULL; 175 int hdrsplit = 0; 176 int needipsec = 0; 177#ifdef IPSEC 178 int needipsectun = 0; 179 struct secpolicy *sp = NULL; 180 181 ip6 = mtod(m, struct ip6_hdr *); 182#endif /* IPSEC */ 183#ifdef FAST_IPSEC 184 int needipsectun = 0; 185 struct secpolicy *sp = NULL; 186 187 ip6 = mtod(m, struct ip6_hdr *); 188#endif /* FAST_IPSEC */ 189 190#define MAKE_EXTHDR(hp, mp) \ 191 do { \ 192 if (hp) { \ 193 struct ip6_ext *eh = (struct ip6_ext *)(hp); \ 194 error = ip6_copyexthdr((mp), (caddr_t)(hp), \ 195 ((eh)->ip6e_len + 1) << 3); \ 196 if (error) \ 197 goto freehdrs; \ 198 } \ 199 } while (0) 200 201 bzero(&exthdrs, sizeof(exthdrs)); 202 203 if (opt) { 204 /* Hop-by-Hop options header */ 205 MAKE_EXTHDR(opt->ip6po_hbh, &exthdrs.ip6e_hbh); 206 /* Destination options header(1st part) */ 207 MAKE_EXTHDR(opt->ip6po_dest1, &exthdrs.ip6e_dest1); 208 /* Routing header */ 209 MAKE_EXTHDR(opt->ip6po_rthdr, &exthdrs.ip6e_rthdr); 210 /* Destination options header(2nd part) */ 211 MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2); 212 } 213 214#ifdef IPSEC 215 /* get a security policy for this packet */ 216 if (inp == NULL) 217 sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error); 218 else 219 sp = ipsec6_getpolicybypcb(m, IPSEC_DIR_OUTBOUND, inp, &error); 220 221 if (sp == NULL) { 222 ipsec6stat.out_inval++; 223 goto freehdrs; 224 } 225 226 error = 0; 227 228 /* check policy */ 229 switch (sp->policy) { 230 case IPSEC_POLICY_DISCARD: 231 /* 232 * This packet is just discarded. 233 */ 234 ipsec6stat.out_polvio++; 235 goto freehdrs; 236 237 case IPSEC_POLICY_BYPASS: 238 case IPSEC_POLICY_NONE: 239 /* no need to do IPsec. */ 240 needipsec = 0; 241 break; 242 243 case IPSEC_POLICY_IPSEC: 244 if (sp->req == NULL) { 245 /* acquire a policy */ 246 error = key_spdacquire(sp); 247 goto freehdrs; 248 } 249 needipsec = 1; 250 break; 251 252 case IPSEC_POLICY_ENTRUST: 253 default: 254 printf("ip6_output: Invalid policy found. %d\n", sp->policy); 255 } 256#endif /* IPSEC */ 257#ifdef FAST_IPSEC 258 /* get a security policy for this packet */ 259 if (inp == NULL) 260 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error); 261 else 262 sp = ipsec_getpolicybysock(m, IPSEC_DIR_OUTBOUND, inp, &error); 263 264 if (sp == NULL) { 265 newipsecstat.ips_out_inval++; 266 goto freehdrs; 267 } 268 269 error = 0; 270 271 /* check policy */ 272 switch (sp->policy) { 273 case IPSEC_POLICY_DISCARD: 274 /* 275 * This packet is just discarded. 276 */ 277 newipsecstat.ips_out_polvio++; 278 goto freehdrs; 279 280 case IPSEC_POLICY_BYPASS: 281 case IPSEC_POLICY_NONE: 282 /* no need to do IPsec. */ 283 needipsec = 0; 284 break; 285 286 case IPSEC_POLICY_IPSEC: 287 if (sp->req == NULL) { 288 /* acquire a policy */ 289 error = key_spdacquire(sp); 290 goto freehdrs; 291 } 292 needipsec = 1; 293 break; 294 295 case IPSEC_POLICY_ENTRUST: 296 default: 297 printf("ip6_output: Invalid policy found. %d\n", sp->policy); 298 } 299#endif /* FAST_IPSEC */ 300 301 /* 302 * Calculate the total length of the extension header chain. 303 * Keep the length of the unfragmentable part for fragmentation. 304 */ 305 optlen = 0; 306 if (exthdrs.ip6e_hbh) optlen += exthdrs.ip6e_hbh->m_len; 307 if (exthdrs.ip6e_dest1) optlen += exthdrs.ip6e_dest1->m_len; 308 if (exthdrs.ip6e_rthdr) optlen += exthdrs.ip6e_rthdr->m_len; 309 unfragpartlen = optlen + sizeof(struct ip6_hdr); 310 /* NOTE: we don't add AH/ESP length here. do that later. */ 311 if (exthdrs.ip6e_dest2) optlen += exthdrs.ip6e_dest2->m_len; 312 313 /* 314 * If we need IPsec, or there is at least one extension header, 315 * separate IP6 header from the payload. 316 */ 317 if ((needipsec || optlen) && !hdrsplit) { 318 if ((error = ip6_splithdr(m, &exthdrs)) != 0) { 319 m = NULL; 320 goto freehdrs; 321 } 322 m = exthdrs.ip6e_ip6; 323 hdrsplit++; 324 } 325 326 /* adjust pointer */ 327 ip6 = mtod(m, struct ip6_hdr *); 328 329 /* adjust mbuf packet header length */ 330 m->m_pkthdr.len += optlen; 331 plen = m->m_pkthdr.len - sizeof(*ip6); 332 333 /* If this is a jumbo payload, insert a jumbo payload option. */ 334 if (plen > IPV6_MAXPACKET) { 335 if (!hdrsplit) { 336 if ((error = ip6_splithdr(m, &exthdrs)) != 0) { 337 m = NULL; 338 goto freehdrs; 339 } 340 m = exthdrs.ip6e_ip6; 341 hdrsplit++; 342 } 343 /* adjust pointer */ 344 ip6 = mtod(m, struct ip6_hdr *); 345 if ((error = ip6_insert_jumboopt(&exthdrs, plen)) != 0) 346 goto freehdrs; 347 ip6->ip6_plen = 0; 348 } else 349 ip6->ip6_plen = htons(plen); 350 351 /* 352 * Concatenate headers and fill in next header fields. 353 * Here we have, on "m" 354 * IPv6 payload 355 * and we insert headers accordingly. Finally, we should be getting: 356 * IPv6 hbh dest1 rthdr ah* [esp* dest2 payload] 357 * 358 * during the header composing process, "m" points to IPv6 header. 359 * "mprev" points to an extension header prior to esp. 360 */ 361 { 362 u_char *nexthdrp = &ip6->ip6_nxt; 363 struct mbuf *mprev = m; 364 365 /* 366 * we treat dest2 specially. this makes IPsec processing 367 * much easier. the goal here is to make mprev point the 368 * mbuf prior to dest2. 369 * 370 * result: IPv6 dest2 payload 371 * m and mprev will point to IPv6 header. 372 */ 373 if (exthdrs.ip6e_dest2) { 374 if (!hdrsplit) 375 panic("assumption failed: hdr not split"); 376 exthdrs.ip6e_dest2->m_next = m->m_next; 377 m->m_next = exthdrs.ip6e_dest2; 378 *mtod(exthdrs.ip6e_dest2, u_char *) = ip6->ip6_nxt; 379 ip6->ip6_nxt = IPPROTO_DSTOPTS; 380 } 381 382#define MAKE_CHAIN(m, mp, p, i)\ 383 do {\ 384 if (m) {\ 385 if (!hdrsplit) \ 386 panic("assumption failed: hdr not split"); \ 387 *mtod((m), u_char *) = *(p);\ 388 *(p) = (i);\ 389 p = mtod((m), u_char *);\ 390 (m)->m_next = (mp)->m_next;\ 391 (mp)->m_next = (m);\ 392 (mp) = (m);\ 393 }\ 394 } while (0) 395 /* 396 * result: IPv6 hbh dest1 rthdr dest2 payload 397 * m will point to IPv6 header. mprev will point to the 398 * extension header prior to dest2 (rthdr in the above case). 399 */ 400 MAKE_CHAIN(exthdrs.ip6e_hbh, mprev, 401 nexthdrp, IPPROTO_HOPOPTS); 402 MAKE_CHAIN(exthdrs.ip6e_dest1, mprev, 403 nexthdrp, IPPROTO_DSTOPTS); 404 MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev, 405 nexthdrp, IPPROTO_ROUTING); 406 407#if defined(IPSEC) || defined(FAST_IPSEC) 408 if (!needipsec) 409 goto skip_ipsec2; 410 411 /* 412 * pointers after IPsec headers are not valid any more. 413 * other pointers need a great care too. 414 * (IPsec routines should not mangle mbufs prior to AH/ESP) 415 */ 416 exthdrs.ip6e_dest2 = NULL; 417 418 { 419 struct ip6_rthdr *rh = NULL; 420 int segleft_org = 0; 421 struct ipsec_output_state state; 422 423 if (exthdrs.ip6e_rthdr) { 424 rh = mtod(exthdrs.ip6e_rthdr, struct ip6_rthdr *); 425 segleft_org = rh->ip6r_segleft; 426 rh->ip6r_segleft = 0; 427 } 428 429 bzero(&state, sizeof(state)); 430 state.m = m; 431 error = ipsec6_output_trans(&state, nexthdrp, mprev, sp, flags, 432 &needipsectun); 433 m = state.m; 434 if (error) { 435 /* mbuf is already reclaimed in ipsec6_output_trans. */ 436 m = NULL; 437 switch (error) { 438 case EHOSTUNREACH: 439 case ENETUNREACH: 440 case EMSGSIZE: 441 case ENOBUFS: 442 case ENOMEM: 443 break; 444 default: 445 printf("ip6_output (ipsec): error code %d\n", error); 446 /* fall through */ 447 case ENOENT: 448 /* don't show these error codes to the user */ 449 error = 0; 450 break; 451 } 452 goto bad; 453 } 454 if (exthdrs.ip6e_rthdr) { 455 /* ah6_output doesn't modify mbuf chain */ 456 rh->ip6r_segleft = segleft_org; 457 } 458 } 459skip_ipsec2:; 460#endif 461 } 462 463 /* 464 * If there is a routing header, replace destination address field 465 * with the first hop of the routing header. 466 */ 467 if (exthdrs.ip6e_rthdr) { 468 struct ip6_rthdr *rh = 469 (struct ip6_rthdr *)(mtod(exthdrs.ip6e_rthdr, 470 struct ip6_rthdr *)); 471 struct ip6_rthdr0 *rh0; 472 473 finaldst = ip6->ip6_dst; 474 switch (rh->ip6r_type) { 475 case IPV6_RTHDR_TYPE_0: 476 rh0 = (struct ip6_rthdr0 *)rh; 477 ip6->ip6_dst = rh0->ip6r0_addr[0]; 478 bcopy((caddr_t)&rh0->ip6r0_addr[1], 479 (caddr_t)&rh0->ip6r0_addr[0], 480 sizeof(struct in6_addr)*(rh0->ip6r0_segleft - 1) 481 ); 482 rh0->ip6r0_addr[rh0->ip6r0_segleft - 1] = finaldst; 483 break; 484 default: /* is it possible? */ 485 error = EINVAL; 486 goto bad; 487 } 488 } 489 490 /* Source address validation */ 491 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && 492 (flags & IPV6_DADOUTPUT) == 0) { 493 error = EOPNOTSUPP; 494 ip6stat.ip6s_badscope++; 495 goto bad; 496 } 497 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) { 498 error = EOPNOTSUPP; 499 ip6stat.ip6s_badscope++; 500 goto bad; 501 } 502 503 ip6stat.ip6s_localout++; 504 505 /* 506 * Route packet. 507 */ 508 if (ro == 0) { 509 ro = &ip6route; 510 bzero((caddr_t)ro, sizeof(*ro)); 511 } 512 ro_pmtu = ro; 513 if (opt && opt->ip6po_rthdr) 514 ro = &opt->ip6po_route; 515 dst = (struct sockaddr_in6 *)&ro->ro_dst; 516 /* 517 * If there is a cached route, 518 * check that it is to the same destination 519 * and is still up. If not, free it and try again. 520 */ 521 if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 || 522 dst->sin6_family != AF_INET6 || 523 !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &ip6->ip6_dst))) { 524 RTFREE(ro->ro_rt); 525 ro->ro_rt = (struct rtentry *)0; 526 } 527 if (ro->ro_rt == 0) { 528 bzero(dst, sizeof(*dst)); 529 dst->sin6_family = AF_INET6; 530 dst->sin6_len = sizeof(struct sockaddr_in6); 531 dst->sin6_addr = ip6->ip6_dst; 532#ifdef SCOPEDROUTING 533 /* XXX: sin6_scope_id should already be fixed at this point */ 534 if (IN6_IS_SCOPE_LINKLOCAL(&dst->sin6_addr)) 535 dst->sin6_scope_id = ntohs(dst->sin6_addr.s6_addr16[1]); 536#endif 537 } 538#if defined(IPSEC) || defined(FAST_IPSEC) 539 if (needipsec && needipsectun) { 540 struct ipsec_output_state state; 541 542 /* 543 * All the extension headers will become inaccessible 544 * (since they can be encrypted). 545 * Don't panic, we need no more updates to extension headers 546 * on inner IPv6 packet (since they are now encapsulated). 547 * 548 * IPv6 [ESP|AH] IPv6 [extension headers] payload 549 */ 550 bzero(&exthdrs, sizeof(exthdrs)); 551 exthdrs.ip6e_ip6 = m; 552 553 bzero(&state, sizeof(state)); 554 state.m = m; 555 state.ro = (struct route *)ro; 556 state.dst = (struct sockaddr *)dst; 557 558 error = ipsec6_output_tunnel(&state, sp, flags); 559 560 m = state.m; 561 ro = (struct route_in6 *)state.ro; 562 dst = (struct sockaddr_in6 *)state.dst; 563 if (error) { 564 /* mbuf is already reclaimed in ipsec6_output_tunnel. */ 565 m0 = m = NULL; 566 m = NULL; 567 switch (error) { 568 case EHOSTUNREACH: 569 case ENETUNREACH: 570 case EMSGSIZE: 571 case ENOBUFS: 572 case ENOMEM: 573 break; 574 default: 575 printf("ip6_output (ipsec): error code %d\n", error); 576 /* fall through */ 577 case ENOENT: 578 /* don't show these error codes to the user */ 579 error = 0; 580 break; 581 } 582 goto bad; 583 } 584 585 exthdrs.ip6e_ip6 = m; 586 } 587#endif /* IPSEC */ 588 589 if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 590 /* Unicast */ 591 592#define ifatoia6(ifa) ((struct in6_ifaddr *)(ifa)) 593#define sin6tosa(sin6) ((struct sockaddr *)(sin6)) 594 /* xxx 595 * interface selection comes here 596 * if an interface is specified from an upper layer, 597 * ifp must point it. 598 */ 599 if (ro->ro_rt == 0) { 600 /* 601 * non-bsdi always clone routes, if parent is 602 * PRF_CLONING. 603 */ 604 rtalloc((struct route *)ro); 605 } 606 if (ro->ro_rt == 0) { 607 ip6stat.ip6s_noroute++; 608 error = EHOSTUNREACH; 609 /* XXX in6_ifstat_inc(ifp, ifs6_out_discard); */ 610 goto bad; 611 } 612 ia = ifatoia6(ro->ro_rt->rt_ifa); 613 ifp = ro->ro_rt->rt_ifp; 614 ro->ro_rt->rt_use++; 615 if (ro->ro_rt->rt_flags & RTF_GATEWAY) 616 dst = (struct sockaddr_in6 *)ro->ro_rt->rt_gateway; 617 m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */ 618 619 in6_ifstat_inc(ifp, ifs6_out_request); 620 621 /* 622 * Check if the outgoing interface conflicts with 623 * the interface specified by ifi6_ifindex (if specified). 624 * Note that loopback interface is always okay. 625 * (this may happen when we are sending a packet to one of 626 * our own addresses.) 627 */ 628 if (opt && opt->ip6po_pktinfo 629 && opt->ip6po_pktinfo->ipi6_ifindex) { 630 if (!(ifp->if_flags & IFF_LOOPBACK) 631 && ifp->if_index != opt->ip6po_pktinfo->ipi6_ifindex) { 632 ip6stat.ip6s_noroute++; 633 in6_ifstat_inc(ifp, ifs6_out_discard); 634 error = EHOSTUNREACH; 635 goto bad; 636 } 637 } 638 639 if (opt && opt->ip6po_hlim != -1) 640 ip6->ip6_hlim = opt->ip6po_hlim & 0xff; 641 } else { 642 /* Multicast */ 643 struct in6_multi *in6m; 644 645 m->m_flags = (m->m_flags & ~M_BCAST) | M_MCAST; 646 647 /* 648 * See if the caller provided any multicast options 649 */ 650 ifp = NULL; 651 if (im6o != NULL) { 652 ip6->ip6_hlim = im6o->im6o_multicast_hlim; 653 if (im6o->im6o_multicast_ifp != NULL) 654 ifp = im6o->im6o_multicast_ifp; 655 } else 656 ip6->ip6_hlim = ip6_defmcasthlim; 657 658 /* 659 * See if the caller provided the outgoing interface 660 * as an ancillary data. 661 * Boundary check for ifindex is assumed to be already done. 662 */ 663 if (opt && opt->ip6po_pktinfo && opt->ip6po_pktinfo->ipi6_ifindex) 664 ifp = ifnet_byindex(opt->ip6po_pktinfo->ipi6_ifindex); 665 666 /* 667 * If the destination is a node-local scope multicast, 668 * the packet should be loop-backed only. 669 */ 670 if (IN6_IS_ADDR_MC_NODELOCAL(&ip6->ip6_dst)) { 671 /* 672 * If the outgoing interface is already specified, 673 * it should be a loopback interface. 674 */ 675 if (ifp && (ifp->if_flags & IFF_LOOPBACK) == 0) { 676 ip6stat.ip6s_badscope++; 677 error = ENETUNREACH; /* XXX: better error? */ 678 /* XXX correct ifp? */ 679 in6_ifstat_inc(ifp, ifs6_out_discard); 680 goto bad; 681 } else { 682 ifp = &loif[0]; 683 } 684 } 685 686 if (opt && opt->ip6po_hlim != -1) 687 ip6->ip6_hlim = opt->ip6po_hlim & 0xff; 688 689 /* 690 * If caller did not provide an interface lookup a 691 * default in the routing table. This is either a 692 * default for the speicfied group (i.e. a host 693 * route), or a multicast default (a route for the 694 * ``net'' ff00::/8). 695 */ 696 if (ifp == NULL) { 697 if (ro->ro_rt == 0) { 698 ro->ro_rt = rtalloc1((struct sockaddr *) 699 &ro->ro_dst, 0, 0UL); 700 } 701 if (ro->ro_rt == 0) { 702 ip6stat.ip6s_noroute++; 703 error = EHOSTUNREACH; 704 /* XXX in6_ifstat_inc(ifp, ifs6_out_discard) */ 705 goto bad; 706 } 707 ia = ifatoia6(ro->ro_rt->rt_ifa); 708 ifp = ro->ro_rt->rt_ifp; 709 ro->ro_rt->rt_use++; 710 RT_UNLOCK(ro->ro_rt); 711 } 712 713 if ((flags & IPV6_FORWARDING) == 0) 714 in6_ifstat_inc(ifp, ifs6_out_request); 715 in6_ifstat_inc(ifp, ifs6_out_mcast); 716 717 /* 718 * Confirm that the outgoing interface supports multicast. 719 */ 720 if ((ifp->if_flags & IFF_MULTICAST) == 0) { 721 ip6stat.ip6s_noroute++; 722 in6_ifstat_inc(ifp, ifs6_out_discard); 723 error = ENETUNREACH; 724 goto bad; 725 } 726 IN6_LOOKUP_MULTI(ip6->ip6_dst, ifp, in6m); 727 if (in6m != NULL && 728 (im6o == NULL || im6o->im6o_multicast_loop)) { 729 /* 730 * If we belong to the destination multicast group 731 * on the outgoing interface, and the caller did not 732 * forbid loopback, loop back a copy. 733 */ 734 ip6_mloopback(ifp, m, dst); 735 } else { 736 /* 737 * If we are acting as a multicast router, perform 738 * multicast forwarding as if the packet had just 739 * arrived on the interface to which we are about 740 * to send. The multicast forwarding function 741 * recursively calls this function, using the 742 * IPV6_FORWARDING flag to prevent infinite recursion. 743 * 744 * Multicasts that are looped back by ip6_mloopback(), 745 * above, will be forwarded by the ip6_input() routine, 746 * if necessary. 747 */ 748 if (ip6_mrouter && (flags & IPV6_FORWARDING) == 0) { 749 if (ip6_mforward(ip6, ifp, m) != 0) { 750 m_freem(m); 751 goto done; 752 } 753 } 754 } 755 /* 756 * Multicasts with a hoplimit of zero may be looped back, 757 * above, but must not be transmitted on a network. 758 * Also, multicasts addressed to the loopback interface 759 * are not sent -- the above call to ip6_mloopback() will 760 * loop back a copy if this host actually belongs to the 761 * destination group on the loopback interface. 762 */ 763 if (ip6->ip6_hlim == 0 || (ifp->if_flags & IFF_LOOPBACK)) { 764 m_freem(m); 765 goto done; 766 } 767 } 768 769 /* 770 * Fill the outgoing inteface to tell the upper layer 771 * to increment per-interface statistics. 772 */ 773 if (ifpp) 774 *ifpp = ifp; 775 776 /* 777 * Determine path MTU. 778 */ 779 if (ro_pmtu != ro) { 780 /* The first hop and the final destination may differ. */ 781 struct sockaddr_in6 *sin6_fin = 782 (struct sockaddr_in6 *)&ro_pmtu->ro_dst; 783 if (ro_pmtu->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 || 784 !IN6_ARE_ADDR_EQUAL(&sin6_fin->sin6_addr, 785 &finaldst))) { 786 RTFREE(ro_pmtu->ro_rt); 787 ro_pmtu->ro_rt = (struct rtentry *)0; 788 } 789 if (ro_pmtu->ro_rt == 0) { 790 bzero(sin6_fin, sizeof(*sin6_fin)); 791 sin6_fin->sin6_family = AF_INET6; 792 sin6_fin->sin6_len = sizeof(struct sockaddr_in6); 793 sin6_fin->sin6_addr = finaldst; 794 795 rtalloc((struct route *)ro_pmtu); 796 } 797 } 798 if (ro_pmtu->ro_rt != NULL) { 799 u_int32_t ifmtu = nd_ifinfo[ifp->if_index].linkmtu; 800 801 mtu = ro_pmtu->ro_rt->rt_rmx.rmx_mtu; 802 if (mtu > ifmtu || mtu == 0) { 803 /* 804 * The MTU on the route is larger than the MTU on 805 * the interface! This shouldn't happen, unless the 806 * MTU of the interface has been changed after the 807 * interface was brought up. Change the MTU in the 808 * route to match the interface MTU (as long as the 809 * field isn't locked). 810 * 811 * if MTU on the route is 0, we need to fix the MTU. 812 * this case happens with path MTU discovery timeouts. 813 */ 814 mtu = ifmtu; 815 if ((ro_pmtu->ro_rt->rt_rmx.rmx_locks & RTV_MTU) == 0) 816 ro_pmtu->ro_rt->rt_rmx.rmx_mtu = mtu; /* XXX */ 817 } 818 } else { 819 mtu = nd_ifinfo[ifp->if_index].linkmtu; 820 } 821 822 /* 823 * advanced API (IPV6_USE_MIN_MTU) overrides mtu setting 824 */ 825 if ((flags & IPV6_MINMTU) != 0 && mtu > IPV6_MMTU) 826 mtu = IPV6_MMTU; 827 828 /* Fake scoped addresses */ 829 if ((ifp->if_flags & IFF_LOOPBACK) != 0) { 830 /* 831 * If source or destination address is a scoped address, and 832 * the packet is going to be sent to a loopback interface, 833 * we should keep the original interface. 834 */ 835 836 /* 837 * XXX: this is a very experimental and temporary solution. 838 * We eventually have sockaddr_in6 and use the sin6_scope_id 839 * field of the structure here. 840 * We rely on the consistency between two scope zone ids 841 * of source and destination, which should already be assured. 842 * Larger scopes than link will be supported in the future. 843 */ 844 origifp = NULL; 845 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) 846 origifp = ifnet_byindex(ntohs(ip6->ip6_src.s6_addr16[1])); 847 else if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) 848 origifp = ifnet_byindex(ntohs(ip6->ip6_dst.s6_addr16[1])); 849 /* 850 * XXX: origifp can be NULL even in those two cases above. 851 * For example, if we remove the (only) link-local address 852 * from the loopback interface, and try to send a link-local 853 * address without link-id information. Then the source 854 * address is ::1, and the destination address is the 855 * link-local address with its s6_addr16[1] being zero. 856 * What is worse, if the packet goes to the loopback interface 857 * by a default rejected route, the null pointer would be 858 * passed to looutput, and the kernel would hang. 859 * The following last resort would prevent such disaster. 860 */ 861 if (origifp == NULL) 862 origifp = ifp; 863 } 864 else 865 origifp = ifp; 866#ifndef SCOPEDROUTING 867 /* 868 * clear embedded scope identifiers if necessary. 869 * in6_clearscope will touch the addresses only when necessary. 870 */ 871 in6_clearscope(&ip6->ip6_src); 872 in6_clearscope(&ip6->ip6_dst); 873#endif 874 875 /* 876 * Check with the firewall... 877 */ 878 if (ip6_fw_enable && ip6_fw_chk_ptr) { 879 u_short port = 0; 880 m->m_pkthdr.rcvif = NULL; /* XXX */ 881 /* If ipfw says divert, we have to just drop packet */ 882 if ((*ip6_fw_chk_ptr)(&ip6, ifp, &port, &m)) { 883 m_freem(m); 884 goto done; 885 } 886 if (!m) { 887 error = EACCES; 888 goto done; 889 } 890 } 891 892 /* 893 * If the outgoing packet contains a hop-by-hop options header, 894 * it must be examined and processed even by the source node. 895 * (RFC 2460, section 4.) 896 */ 897 if (exthdrs.ip6e_hbh) { 898 struct ip6_hbh *hbh = mtod(exthdrs.ip6e_hbh, struct ip6_hbh *); 899 u_int32_t dummy1; /* XXX unused */ 900 u_int32_t dummy2; /* XXX unused */ 901 902#ifdef DIAGNOSTIC 903 if ((hbh->ip6h_len + 1) << 3 > exthdrs.ip6e_hbh->m_len) 904 panic("ip6e_hbh is not continuous"); 905#endif 906 /* 907 * XXX: if we have to send an ICMPv6 error to the sender, 908 * we need the M_LOOP flag since icmp6_error() expects 909 * the IPv6 and the hop-by-hop options header are 910 * continuous unless the flag is set. 911 */ 912 m->m_flags |= M_LOOP; 913 m->m_pkthdr.rcvif = ifp; 914 if (ip6_process_hopopts(m, 915 (u_int8_t *)(hbh + 1), 916 ((hbh->ip6h_len + 1) << 3) - 917 sizeof(struct ip6_hbh), 918 &dummy1, &dummy2) < 0) { 919 /* m was already freed at this point */ 920 error = EINVAL;/* better error? */ 921 goto done; 922 } 923 m->m_flags &= ~M_LOOP; /* XXX */ 924 m->m_pkthdr.rcvif = NULL; 925 } 926 927#ifdef PFIL_HOOKS 928 /* 929 * Run through list of hooks for output packets. 930 */ 931 error = pfil_run_hooks(&inet6_pfil_hook, &m, ifp, PFIL_OUT); 932 if (error != 0 || m == NULL) 933 goto done; 934 ip6 = mtod(m, struct ip6_hdr *); 935#endif /* PFIL_HOOKS */ 936 /* 937 * Send the packet to the outgoing interface. 938 * If necessary, do IPv6 fragmentation before sending. 939 */ 940 tlen = m->m_pkthdr.len; 941 if (tlen <= mtu 942#ifdef notyet 943 /* 944 * On any link that cannot convey a 1280-octet packet in one piece, 945 * link-specific fragmentation and reassembly must be provided at 946 * a layer below IPv6. [RFC 2460, sec.5] 947 * Thus if the interface has ability of link-level fragmentation, 948 * we can just send the packet even if the packet size is 949 * larger than the link's MTU. 950 * XXX: IFF_FRAGMENTABLE (or such) flag has not been defined yet... 951 */ 952 953 || ifp->if_flags & IFF_FRAGMENTABLE 954#endif 955 ) 956 { 957 /* Record statistics for this interface address. */ 958 if (ia && !(flags & IPV6_FORWARDING)) { 959 ia->ia_ifa.if_opackets++; 960 ia->ia_ifa.if_obytes += m->m_pkthdr.len; 961 } 962#ifdef IPSEC 963 /* clean ipsec history once it goes out of the node */ 964 ipsec_delaux(m); 965#endif 966 error = nd6_output(ifp, origifp, m, dst, ro->ro_rt); 967 goto done; 968 } else if (mtu < IPV6_MMTU) { 969 /* 970 * note that path MTU is never less than IPV6_MMTU 971 * (see icmp6_input). 972 */ 973 error = EMSGSIZE; 974 in6_ifstat_inc(ifp, ifs6_out_fragfail); 975 goto bad; 976 } else if (ip6->ip6_plen == 0) { /* jumbo payload cannot be fragmented */ 977 error = EMSGSIZE; 978 in6_ifstat_inc(ifp, ifs6_out_fragfail); 979 goto bad; 980 } else { 981 struct mbuf **mnext, *m_frgpart; 982 struct ip6_frag *ip6f; 983#ifdef RANDOM_IP_ID 984 u_int32_t id = htonl(ip6_randomid()); 985#else 986 u_int32_t id = htonl(ip6_id++); 987#endif 988 u_char nextproto; 989 990 /* 991 * Too large for the destination or interface; 992 * fragment if possible. 993 * Must be able to put at least 8 bytes per fragment. 994 */ 995 hlen = unfragpartlen; 996 if (mtu > IPV6_MAXPACKET) 997 mtu = IPV6_MAXPACKET; 998 999 len = (mtu - hlen - sizeof(struct ip6_frag)) & ~7; 1000 if (len < 8) { 1001 error = EMSGSIZE; 1002 in6_ifstat_inc(ifp, ifs6_out_fragfail); 1003 goto bad; 1004 } 1005 1006 mnext = &m->m_nextpkt; 1007 1008 /* 1009 * Change the next header field of the last header in the 1010 * unfragmentable part. 1011 */ 1012 if (exthdrs.ip6e_rthdr) { 1013 nextproto = *mtod(exthdrs.ip6e_rthdr, u_char *); 1014 *mtod(exthdrs.ip6e_rthdr, u_char *) = IPPROTO_FRAGMENT; 1015 } else if (exthdrs.ip6e_dest1) { 1016 nextproto = *mtod(exthdrs.ip6e_dest1, u_char *); 1017 *mtod(exthdrs.ip6e_dest1, u_char *) = IPPROTO_FRAGMENT; 1018 } else if (exthdrs.ip6e_hbh) { 1019 nextproto = *mtod(exthdrs.ip6e_hbh, u_char *); 1020 *mtod(exthdrs.ip6e_hbh, u_char *) = IPPROTO_FRAGMENT; 1021 } else { 1022 nextproto = ip6->ip6_nxt; 1023 ip6->ip6_nxt = IPPROTO_FRAGMENT; 1024 } 1025 1026 /* 1027 * Loop through length of segment after first fragment, 1028 * make new header and copy data of each part and link onto 1029 * chain. 1030 */ 1031 m0 = m; 1032 for (off = hlen; off < tlen; off += len) { 1033 MGETHDR(m, M_DONTWAIT, MT_HEADER); 1034 if (!m) { 1035 error = ENOBUFS; 1036 ip6stat.ip6s_odropped++; 1037 goto sendorfree; 1038 } 1039 m->m_pkthdr.rcvif = NULL; 1040 m->m_flags = m0->m_flags & M_COPYFLAGS; 1041 *mnext = m; 1042 mnext = &m->m_nextpkt; 1043 m->m_data += max_linkhdr; 1044 mhip6 = mtod(m, struct ip6_hdr *); 1045 *mhip6 = *ip6; 1046 m->m_len = sizeof(*mhip6); 1047 error = ip6_insertfraghdr(m0, m, hlen, &ip6f); 1048 if (error) { 1049 ip6stat.ip6s_odropped++; 1050 goto sendorfree; 1051 } 1052 ip6f->ip6f_offlg = htons((u_short)((off - hlen) & ~7)); 1053 if (off + len >= tlen) 1054 len = tlen - off; 1055 else 1056 ip6f->ip6f_offlg |= IP6F_MORE_FRAG; 1057 mhip6->ip6_plen = htons((u_short)(len + hlen + 1058 sizeof(*ip6f) - 1059 sizeof(struct ip6_hdr))); 1060 if ((m_frgpart = m_copy(m0, off, len)) == 0) { 1061 error = ENOBUFS; 1062 ip6stat.ip6s_odropped++; 1063 goto sendorfree; 1064 } 1065 m_cat(m, m_frgpart); 1066 m->m_pkthdr.len = len + hlen + sizeof(*ip6f); 1067 m->m_pkthdr.rcvif = (struct ifnet *)0; 1068 ip6f->ip6f_reserved = 0; 1069 ip6f->ip6f_ident = id; 1070 ip6f->ip6f_nxt = nextproto; 1071 ip6stat.ip6s_ofragments++; 1072 in6_ifstat_inc(ifp, ifs6_out_fragcreat); 1073 } 1074 1075 in6_ifstat_inc(ifp, ifs6_out_fragok); 1076 } 1077 1078 /* 1079 * Remove leading garbages. 1080 */ 1081sendorfree: 1082 m = m0->m_nextpkt; 1083 m0->m_nextpkt = 0; 1084 m_freem(m0); 1085 for (m0 = m; m; m = m0) { 1086 m0 = m->m_nextpkt; 1087 m->m_nextpkt = 0; 1088 if (error == 0) { 1089 /* Record statistics for this interface address. */ 1090 if (ia) { 1091 ia->ia_ifa.if_opackets++; 1092 ia->ia_ifa.if_obytes += m->m_pkthdr.len; 1093 } 1094#ifdef IPSEC 1095 /* clean ipsec history once it goes out of the node */ 1096 ipsec_delaux(m); 1097#endif 1098 error = nd6_output(ifp, origifp, m, dst, ro->ro_rt); 1099 } else 1100 m_freem(m); 1101 } 1102 1103 if (error == 0) 1104 ip6stat.ip6s_fragmented++; 1105 1106done: 1107 if (ro == &ip6route && ro->ro_rt) { /* brace necessary for RTFREE */ 1108 RTFREE(ro->ro_rt); 1109 } else if (ro_pmtu == &ip6route && ro_pmtu->ro_rt) { 1110 RTFREE(ro_pmtu->ro_rt); 1111 } 1112 1113#ifdef IPSEC 1114 if (sp != NULL) 1115 key_freesp(sp); 1116#endif /* IPSEC */ 1117#ifdef FAST_IPSEC 1118 if (sp != NULL) 1119 KEY_FREESP(&sp); 1120#endif /* FAST_IPSEC */ 1121 1122 return (error); 1123 1124freehdrs: 1125 m_freem(exthdrs.ip6e_hbh); /* m_freem will check if mbuf is 0 */ 1126 m_freem(exthdrs.ip6e_dest1); 1127 m_freem(exthdrs.ip6e_rthdr); 1128 m_freem(exthdrs.ip6e_dest2); 1129 /* fall through */ 1130bad: 1131 m_freem(m); 1132 goto done; 1133} 1134 1135static int 1136ip6_copyexthdr(mp, hdr, hlen) 1137 struct mbuf **mp; 1138 caddr_t hdr; 1139 int hlen; 1140{ 1141 struct mbuf *m; 1142 1143 if (hlen > MCLBYTES) 1144 return (ENOBUFS); /* XXX */ 1145 1146 MGET(m, M_DONTWAIT, MT_DATA); 1147 if (!m) 1148 return (ENOBUFS); 1149 1150 if (hlen > MLEN) { 1151 MCLGET(m, M_DONTWAIT); 1152 if ((m->m_flags & M_EXT) == 0) { 1153 m_free(m); 1154 return (ENOBUFS); 1155 } 1156 } 1157 m->m_len = hlen; 1158 if (hdr) 1159 bcopy(hdr, mtod(m, caddr_t), hlen); 1160 1161 *mp = m; 1162 return (0); 1163} 1164 1165/* 1166 * Insert jumbo payload option. 1167 */ 1168static int 1169ip6_insert_jumboopt(exthdrs, plen) 1170 struct ip6_exthdrs *exthdrs; 1171 u_int32_t plen; 1172{ 1173 struct mbuf *mopt; 1174 u_char *optbuf; 1175 u_int32_t v; 1176 1177#define JUMBOOPTLEN 8 /* length of jumbo payload option and padding */ 1178 1179 /* 1180 * If there is no hop-by-hop options header, allocate new one. 1181 * If there is one but it doesn't have enough space to store the 1182 * jumbo payload option, allocate a cluster to store the whole options. 1183 * Otherwise, use it to store the options. 1184 */ 1185 if (exthdrs->ip6e_hbh == 0) { 1186 MGET(mopt, M_DONTWAIT, MT_DATA); 1187 if (mopt == 0) 1188 return (ENOBUFS); 1189 mopt->m_len = JUMBOOPTLEN; 1190 optbuf = mtod(mopt, u_char *); 1191 optbuf[1] = 0; /* = ((JUMBOOPTLEN) >> 3) - 1 */ 1192 exthdrs->ip6e_hbh = mopt; 1193 } else { 1194 struct ip6_hbh *hbh; 1195 1196 mopt = exthdrs->ip6e_hbh; 1197 if (M_TRAILINGSPACE(mopt) < JUMBOOPTLEN) { 1198 /* 1199 * XXX assumption: 1200 * - exthdrs->ip6e_hbh is not referenced from places 1201 * other than exthdrs. 1202 * - exthdrs->ip6e_hbh is not an mbuf chain. 1203 */ 1204 int oldoptlen = mopt->m_len; 1205 struct mbuf *n; 1206 1207 /* 1208 * XXX: give up if the whole (new) hbh header does 1209 * not fit even in an mbuf cluster. 1210 */ 1211 if (oldoptlen + JUMBOOPTLEN > MCLBYTES) 1212 return (ENOBUFS); 1213 1214 /* 1215 * As a consequence, we must always prepare a cluster 1216 * at this point. 1217 */ 1218 MGET(n, M_DONTWAIT, MT_DATA); 1219 if (n) { 1220 MCLGET(n, M_DONTWAIT); 1221 if ((n->m_flags & M_EXT) == 0) { 1222 m_freem(n); 1223 n = NULL; 1224 } 1225 } 1226 if (!n) 1227 return (ENOBUFS); 1228 n->m_len = oldoptlen + JUMBOOPTLEN; 1229 bcopy(mtod(mopt, caddr_t), mtod(n, caddr_t), 1230 oldoptlen); 1231 optbuf = mtod(n, caddr_t) + oldoptlen; 1232 m_freem(mopt); 1233 mopt = exthdrs->ip6e_hbh = n; 1234 } else { 1235 optbuf = mtod(mopt, u_char *) + mopt->m_len; 1236 mopt->m_len += JUMBOOPTLEN; 1237 } 1238 optbuf[0] = IP6OPT_PADN; 1239 optbuf[1] = 1; 1240 1241 /* 1242 * Adjust the header length according to the pad and 1243 * the jumbo payload option. 1244 */ 1245 hbh = mtod(mopt, struct ip6_hbh *); 1246 hbh->ip6h_len += (JUMBOOPTLEN >> 3); 1247 } 1248 1249 /* fill in the option. */ 1250 optbuf[2] = IP6OPT_JUMBO; 1251 optbuf[3] = 4; 1252 v = (u_int32_t)htonl(plen + JUMBOOPTLEN); 1253 bcopy(&v, &optbuf[4], sizeof(u_int32_t)); 1254 1255 /* finally, adjust the packet header length */ 1256 exthdrs->ip6e_ip6->m_pkthdr.len += JUMBOOPTLEN; 1257 1258 return (0); 1259#undef JUMBOOPTLEN 1260} 1261 1262/* 1263 * Insert fragment header and copy unfragmentable header portions. 1264 */ 1265static int 1266ip6_insertfraghdr(m0, m, hlen, frghdrp) 1267 struct mbuf *m0, *m; 1268 int hlen; 1269 struct ip6_frag **frghdrp; 1270{ 1271 struct mbuf *n, *mlast; 1272 1273 if (hlen > sizeof(struct ip6_hdr)) { 1274 n = m_copym(m0, sizeof(struct ip6_hdr), 1275 hlen - sizeof(struct ip6_hdr), M_DONTWAIT); 1276 if (n == 0) 1277 return (ENOBUFS); 1278 m->m_next = n; 1279 } else 1280 n = m; 1281 1282 /* Search for the last mbuf of unfragmentable part. */ 1283 for (mlast = n; mlast->m_next; mlast = mlast->m_next) 1284 ; 1285 1286 if ((mlast->m_flags & M_EXT) == 0 && 1287 M_TRAILINGSPACE(mlast) >= sizeof(struct ip6_frag)) { 1288 /* use the trailing space of the last mbuf for the fragment hdr */ 1289 *frghdrp = 1290 (struct ip6_frag *)(mtod(mlast, caddr_t) + mlast->m_len); 1291 mlast->m_len += sizeof(struct ip6_frag); 1292 m->m_pkthdr.len += sizeof(struct ip6_frag); 1293 } else { 1294 /* allocate a new mbuf for the fragment header */ 1295 struct mbuf *mfrg; 1296 1297 MGET(mfrg, M_DONTWAIT, MT_DATA); 1298 if (mfrg == 0) 1299 return (ENOBUFS); 1300 mfrg->m_len = sizeof(struct ip6_frag); 1301 *frghdrp = mtod(mfrg, struct ip6_frag *); 1302 mlast->m_next = mfrg; 1303 } 1304 1305 return (0); 1306} 1307 1308/* 1309 * IP6 socket option processing. 1310 */ 1311int 1312ip6_ctloutput(so, sopt) 1313 struct socket *so; 1314 struct sockopt *sopt; 1315{ 1316 int privileged; 1317 struct inpcb *in6p = sotoinpcb(so); 1318 int error, optval; 1319 int level, op, optname; 1320 int optlen; 1321 struct thread *td; 1322 1323 if (sopt) { 1324 level = sopt->sopt_level; 1325 op = sopt->sopt_dir; 1326 optname = sopt->sopt_name; 1327 optlen = sopt->sopt_valsize; 1328 td = sopt->sopt_td; 1329 } else { 1330 panic("ip6_ctloutput: arg soopt is NULL"); 1331 } 1332 error = optval = 0; 1333 1334 privileged = (td == 0 || suser(td)) ? 0 : 1; 1335 1336 if (level == IPPROTO_IPV6) { 1337 switch (op) { 1338 1339 case SOPT_SET: 1340 switch (optname) { 1341 case IPV6_PKTOPTIONS: 1342 { 1343 struct mbuf *m; 1344 1345 error = soopt_getm(sopt, &m); /* XXX */ 1346 if (error != 0) 1347 break; 1348 error = soopt_mcopyin(sopt, m); /* XXX */ 1349 if (error != 0) 1350 break; 1351 error = ip6_pcbopts(&in6p->in6p_outputopts, 1352 m, so, sopt); 1353 m_freem(m); /* XXX */ 1354 break; 1355 } 1356 1357 /* 1358 * Use of some Hop-by-Hop options or some 1359 * Destination options, might require special 1360 * privilege. That is, normal applications 1361 * (without special privilege) might be forbidden 1362 * from setting certain options in outgoing packets, 1363 * and might never see certain options in received 1364 * packets. [RFC 2292 Section 6] 1365 * KAME specific note: 1366 * KAME prevents non-privileged users from sending or 1367 * receiving ANY hbh/dst options in order to avoid 1368 * overhead of parsing options in the kernel. 1369 */ 1370 case IPV6_UNICAST_HOPS: 1371 case IPV6_CHECKSUM: 1372 case IPV6_FAITH: 1373 1374 case IPV6_V6ONLY: 1375 if (optlen != sizeof(int)) { 1376 error = EINVAL; 1377 break; 1378 } 1379 error = sooptcopyin(sopt, &optval, 1380 sizeof optval, sizeof optval); 1381 if (error) 1382 break; 1383 switch (optname) { 1384 1385 case IPV6_UNICAST_HOPS: 1386 if (optval < -1 || optval >= 256) 1387 error = EINVAL; 1388 else { 1389 /* -1 = kernel default */ 1390 in6p->in6p_hops = optval; 1391 1392 if ((in6p->in6p_vflag & 1393 INP_IPV4) != 0) 1394 in6p->inp_ip_ttl = optval; 1395 } 1396 break; 1397#define OPTSET(bit) \ 1398do { \ 1399 if (optval) \ 1400 in6p->in6p_flags |= (bit); \ 1401 else \ 1402 in6p->in6p_flags &= ~(bit); \ 1403} while (0) 1404#define OPTBIT(bit) (in6p->in6p_flags & (bit) ? 1 : 0) 1405 1406 case IPV6_CHECKSUM: 1407 in6p->in6p_cksum = optval; 1408 break; 1409 1410 case IPV6_FAITH: 1411 OPTSET(IN6P_FAITH); 1412 break; 1413 1414 case IPV6_V6ONLY: 1415 /* 1416 * make setsockopt(IPV6_V6ONLY) 1417 * available only prior to bind(2). 1418 * see ipng mailing list, Jun 22 2001. 1419 */ 1420 if (in6p->in6p_lport || 1421 !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) 1422 { 1423 error = EINVAL; 1424 break; 1425 } 1426 OPTSET(IN6P_IPV6_V6ONLY); 1427 if (optval) 1428 in6p->in6p_vflag &= ~INP_IPV4; 1429 else 1430 in6p->in6p_vflag |= INP_IPV4; 1431 break; 1432 } 1433 break; 1434 1435 case IPV6_PKTINFO: 1436 case IPV6_HOPLIMIT: 1437 case IPV6_HOPOPTS: 1438 case IPV6_DSTOPTS: 1439 case IPV6_RTHDR: 1440 /* RFC 2292 */ 1441 if (optlen != sizeof(int)) { 1442 error = EINVAL; 1443 break; 1444 } 1445 error = sooptcopyin(sopt, &optval, 1446 sizeof optval, sizeof optval); 1447 if (error) 1448 break; 1449 switch (optname) { 1450 case IPV6_PKTINFO: 1451 OPTSET(IN6P_PKTINFO); 1452 break; 1453 case IPV6_HOPLIMIT: 1454 OPTSET(IN6P_HOPLIMIT); 1455 break; 1456 case IPV6_HOPOPTS: 1457 /* 1458 * Check super-user privilege. 1459 * See comments for IPV6_RECVHOPOPTS. 1460 */ 1461 if (!privileged) 1462 return (EPERM); 1463 OPTSET(IN6P_HOPOPTS); 1464 break; 1465 case IPV6_DSTOPTS: 1466 if (!privileged) 1467 return (EPERM); 1468 OPTSET(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS); /* XXX */ 1469 break; 1470 case IPV6_RTHDR: 1471 OPTSET(IN6P_RTHDR); 1472 break; 1473 } 1474 break; 1475#undef OPTSET 1476 1477 case IPV6_MULTICAST_IF: 1478 case IPV6_MULTICAST_HOPS: 1479 case IPV6_MULTICAST_LOOP: 1480 case IPV6_JOIN_GROUP: 1481 case IPV6_LEAVE_GROUP: 1482 { 1483 struct mbuf *m; 1484 if (sopt->sopt_valsize > MLEN) { 1485 error = EMSGSIZE; 1486 break; 1487 } 1488 /* XXX */ 1489 MGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT, MT_HEADER); 1490 if (m == 0) { 1491 error = ENOBUFS; 1492 break; 1493 } 1494 m->m_len = sopt->sopt_valsize; 1495 error = sooptcopyin(sopt, mtod(m, char *), 1496 m->m_len, m->m_len); 1497 error = ip6_setmoptions(sopt->sopt_name, 1498 &in6p->in6p_moptions, 1499 m); 1500 (void)m_free(m); 1501 } 1502 break; 1503 1504 case IPV6_PORTRANGE: 1505 error = sooptcopyin(sopt, &optval, 1506 sizeof optval, sizeof optval); 1507 if (error) 1508 break; 1509 1510 switch (optval) { 1511 case IPV6_PORTRANGE_DEFAULT: 1512 in6p->in6p_flags &= ~(IN6P_LOWPORT); 1513 in6p->in6p_flags &= ~(IN6P_HIGHPORT); 1514 break; 1515 1516 case IPV6_PORTRANGE_HIGH: 1517 in6p->in6p_flags &= ~(IN6P_LOWPORT); 1518 in6p->in6p_flags |= IN6P_HIGHPORT; 1519 break; 1520 1521 case IPV6_PORTRANGE_LOW: 1522 in6p->in6p_flags &= ~(IN6P_HIGHPORT); 1523 in6p->in6p_flags |= IN6P_LOWPORT; 1524 break; 1525 1526 default: 1527 error = EINVAL; 1528 break; 1529 } 1530 break; 1531 1532#if defined(IPSEC) || defined(FAST_IPSEC) 1533 case IPV6_IPSEC_POLICY: 1534 { 1535 caddr_t req = NULL; 1536 size_t len = 0; 1537 struct mbuf *m; 1538 1539 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */ 1540 break; 1541 if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */ 1542 break; 1543 if (m) { 1544 req = mtod(m, caddr_t); 1545 len = m->m_len; 1546 } 1547 error = ipsec6_set_policy(in6p, optname, req, 1548 len, privileged); 1549 m_freem(m); 1550 } 1551 break; 1552#endif /* KAME IPSEC */ 1553 1554 case IPV6_FW_ADD: 1555 case IPV6_FW_DEL: 1556 case IPV6_FW_FLUSH: 1557 case IPV6_FW_ZERO: 1558 { 1559 struct mbuf *m; 1560 struct mbuf **mp = &m; 1561 1562 if (ip6_fw_ctl_ptr == NULL) 1563 return EINVAL; 1564 /* XXX */ 1565 if ((error = soopt_getm(sopt, &m)) != 0) 1566 break; 1567 /* XXX */ 1568 if ((error = soopt_mcopyin(sopt, m)) != 0) 1569 break; 1570 error = (*ip6_fw_ctl_ptr)(optname, mp); 1571 m = *mp; 1572 } 1573 break; 1574 1575 default: 1576 error = ENOPROTOOPT; 1577 break; 1578 } 1579 break; 1580 1581 case SOPT_GET: 1582 switch (optname) { 1583 1584 case IPV6_PKTOPTIONS: 1585 if (in6p->in6p_options) { 1586 struct mbuf *m; 1587 m = m_copym(in6p->in6p_options, 1588 0, M_COPYALL, M_TRYWAIT); 1589 error = soopt_mcopyout(sopt, m); 1590 if (error == 0) 1591 m_freem(m); 1592 } else 1593 sopt->sopt_valsize = 0; 1594 break; 1595 1596 case IPV6_UNICAST_HOPS: 1597 case IPV6_CHECKSUM: 1598 1599 case IPV6_FAITH: 1600 case IPV6_V6ONLY: 1601 case IPV6_PORTRANGE: 1602 switch (optname) { 1603 1604 case IPV6_UNICAST_HOPS: 1605 optval = in6p->in6p_hops; 1606 break; 1607 1608 case IPV6_CHECKSUM: 1609 optval = in6p->in6p_cksum; 1610 break; 1611 1612 case IPV6_FAITH: 1613 optval = OPTBIT(IN6P_FAITH); 1614 break; 1615 1616 case IPV6_V6ONLY: 1617 optval = OPTBIT(IN6P_IPV6_V6ONLY); 1618 break; 1619 1620 case IPV6_PORTRANGE: 1621 { 1622 int flags; 1623 flags = in6p->in6p_flags; 1624 if (flags & IN6P_HIGHPORT) 1625 optval = IPV6_PORTRANGE_HIGH; 1626 else if (flags & IN6P_LOWPORT) 1627 optval = IPV6_PORTRANGE_LOW; 1628 else 1629 optval = 0; 1630 break; 1631 } 1632 } 1633 error = sooptcopyout(sopt, &optval, 1634 sizeof optval); 1635 break; 1636 1637 case IPV6_PKTINFO: 1638 case IPV6_HOPLIMIT: 1639 case IPV6_HOPOPTS: 1640 case IPV6_RTHDR: 1641 case IPV6_DSTOPTS: 1642 if (optname == IPV6_HOPOPTS || 1643 optname == IPV6_DSTOPTS || 1644 !privileged) 1645 return (EPERM); 1646 switch (optname) { 1647 case IPV6_PKTINFO: 1648 optval = OPTBIT(IN6P_PKTINFO); 1649 break; 1650 case IPV6_HOPLIMIT: 1651 optval = OPTBIT(IN6P_HOPLIMIT); 1652 break; 1653 case IPV6_HOPOPTS: 1654 if (!privileged) 1655 return (EPERM); 1656 optval = OPTBIT(IN6P_HOPOPTS); 1657 break; 1658 case IPV6_RTHDR: 1659 optval = OPTBIT(IN6P_RTHDR); 1660 break; 1661 case IPV6_DSTOPTS: 1662 if (!privileged) 1663 return (EPERM); 1664 optval = OPTBIT(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS); 1665 break; 1666 } 1667 error = sooptcopyout(sopt, &optval, 1668 sizeof optval); 1669 break; 1670 1671 case IPV6_MULTICAST_IF: 1672 case IPV6_MULTICAST_HOPS: 1673 case IPV6_MULTICAST_LOOP: 1674 case IPV6_JOIN_GROUP: 1675 case IPV6_LEAVE_GROUP: 1676 { 1677 struct mbuf *m; 1678 error = ip6_getmoptions(sopt->sopt_name, 1679 in6p->in6p_moptions, &m); 1680 if (error == 0) 1681 error = sooptcopyout(sopt, 1682 mtod(m, char *), m->m_len); 1683 m_freem(m); 1684 } 1685 break; 1686 1687#if defined(IPSEC) || defined(FAST_IPSEC) 1688 case IPV6_IPSEC_POLICY: 1689 { 1690 caddr_t req = NULL; 1691 size_t len = 0; 1692 struct mbuf *m = NULL; 1693 struct mbuf **mp = &m; 1694 1695 error = soopt_getm(sopt, &m); /* XXX */ 1696 if (error != 0) 1697 break; 1698 error = soopt_mcopyin(sopt, m); /* XXX */ 1699 if (error != 0) 1700 break; 1701 if (m) { 1702 req = mtod(m, caddr_t); 1703 len = m->m_len; 1704 } 1705 error = ipsec6_get_policy(in6p, req, len, mp); 1706 if (error == 0) 1707 error = soopt_mcopyout(sopt, m); /*XXX*/ 1708 if (error == 0 && m) 1709 m_freem(m); 1710 break; 1711 } 1712#endif /* KAME IPSEC */ 1713 1714 case IPV6_FW_GET: 1715 { 1716 struct mbuf *m; 1717 struct mbuf **mp = &m; 1718 1719 if (ip6_fw_ctl_ptr == NULL) 1720 { 1721 return EINVAL; 1722 } 1723 error = (*ip6_fw_ctl_ptr)(optname, mp); 1724 if (error == 0) 1725 error = soopt_mcopyout(sopt, m); /* XXX */ 1726 if (error == 0 && m) 1727 m_freem(m); 1728 } 1729 break; 1730 1731 default: 1732 error = ENOPROTOOPT; 1733 break; 1734 } 1735 break; 1736 } 1737 } else { 1738 error = EINVAL; 1739 } 1740 return (error); 1741} 1742 1743/* 1744 * Set up IP6 options in pcb for insertion in output packets or 1745 * specifying behavior of outgoing packets. 1746 */ 1747static int 1748ip6_pcbopts(pktopt, m, so, sopt) 1749 struct ip6_pktopts **pktopt; 1750 struct mbuf *m; 1751 struct socket *so; 1752 struct sockopt *sopt; 1753{ 1754 struct ip6_pktopts *opt = *pktopt; 1755 int error = 0; 1756 struct thread *td = sopt->sopt_td; 1757 int priv = 0; 1758 1759 /* turn off any old options. */ 1760 if (opt) { 1761#ifdef DIAGNOSTIC 1762 if (opt->ip6po_pktinfo || opt->ip6po_nexthop || 1763 opt->ip6po_hbh || opt->ip6po_dest1 || opt->ip6po_dest2 || 1764 opt->ip6po_rhinfo.ip6po_rhi_rthdr) 1765 printf("ip6_pcbopts: all specified options are cleared.\n"); 1766#endif 1767 ip6_clearpktopts(opt, 1, -1); 1768 } else 1769 opt = malloc(sizeof(*opt), M_IP6OPT, M_WAITOK); 1770 *pktopt = NULL; 1771 1772 if (!m || m->m_len == 0) { 1773 /* 1774 * Only turning off any previous options, regardless of 1775 * whether the opt is just created or given. 1776 */ 1777 free(opt, M_IP6OPT); 1778 return (0); 1779 } 1780 1781 /* set options specified by user. */ 1782 if (td && !suser(td)) 1783 priv = 1; 1784 if ((error = ip6_setpktoptions(m, opt, priv, 1)) != 0) { 1785 ip6_clearpktopts(opt, 1, -1); /* XXX: discard all options */ 1786 free(opt, M_IP6OPT); 1787 return (error); 1788 } 1789 *pktopt = opt; 1790 return (0); 1791} 1792 1793/* 1794 * initialize ip6_pktopts. beware that there are non-zero default values in 1795 * the struct. 1796 */ 1797void 1798init_ip6pktopts(opt) 1799 struct ip6_pktopts *opt; 1800{ 1801 1802 bzero(opt, sizeof(*opt)); 1803 opt->ip6po_hlim = -1; /* -1 means default hop limit */ 1804} 1805 1806void 1807ip6_clearpktopts(pktopt, needfree, optname) 1808 struct ip6_pktopts *pktopt; 1809 int needfree, optname; 1810{ 1811 if (pktopt == NULL) 1812 return; 1813 1814 if (optname == -1) { 1815 if (needfree && pktopt->ip6po_pktinfo) 1816 free(pktopt->ip6po_pktinfo, M_IP6OPT); 1817 pktopt->ip6po_pktinfo = NULL; 1818 } 1819 if (optname == -1) 1820 pktopt->ip6po_hlim = -1; 1821 if (optname == -1) { 1822 if (needfree && pktopt->ip6po_nexthop) 1823 free(pktopt->ip6po_nexthop, M_IP6OPT); 1824 pktopt->ip6po_nexthop = NULL; 1825 } 1826 if (optname == -1) { 1827 if (needfree && pktopt->ip6po_hbh) 1828 free(pktopt->ip6po_hbh, M_IP6OPT); 1829 pktopt->ip6po_hbh = NULL; 1830 } 1831 if (optname == -1) { 1832 if (needfree && pktopt->ip6po_dest1) 1833 free(pktopt->ip6po_dest1, M_IP6OPT); 1834 pktopt->ip6po_dest1 = NULL; 1835 } 1836 if (optname == -1) { 1837 if (needfree && pktopt->ip6po_rhinfo.ip6po_rhi_rthdr) 1838 free(pktopt->ip6po_rhinfo.ip6po_rhi_rthdr, M_IP6OPT); 1839 pktopt->ip6po_rhinfo.ip6po_rhi_rthdr = NULL; 1840 if (pktopt->ip6po_route.ro_rt) { 1841 RTFREE(pktopt->ip6po_route.ro_rt); 1842 pktopt->ip6po_route.ro_rt = NULL; 1843 } 1844 } 1845 if (optname == -1) { 1846 if (needfree && pktopt->ip6po_dest2) 1847 free(pktopt->ip6po_dest2, M_IP6OPT); 1848 pktopt->ip6po_dest2 = NULL; 1849 } 1850} 1851 1852#define PKTOPT_EXTHDRCPY(type) \ 1853do {\ 1854 if (src->type) {\ 1855 int hlen =\ 1856 (((struct ip6_ext *)src->type)->ip6e_len + 1) << 3;\ 1857 dst->type = malloc(hlen, M_IP6OPT, canwait);\ 1858 if (dst->type == NULL && canwait == M_NOWAIT)\ 1859 goto bad;\ 1860 bcopy(src->type, dst->type, hlen);\ 1861 }\ 1862} while (0) 1863 1864struct ip6_pktopts * 1865ip6_copypktopts(src, canwait) 1866 struct ip6_pktopts *src; 1867 int canwait; 1868{ 1869 struct ip6_pktopts *dst; 1870 1871 if (src == NULL) { 1872 printf("ip6_clearpktopts: invalid argument\n"); 1873 return (NULL); 1874 } 1875 1876 dst = malloc(sizeof(*dst), M_IP6OPT, canwait); 1877 if (dst == NULL && canwait == M_NOWAIT) 1878 return (NULL); 1879 bzero(dst, sizeof(*dst)); 1880 1881 dst->ip6po_hlim = src->ip6po_hlim; 1882 if (src->ip6po_pktinfo) { 1883 dst->ip6po_pktinfo = malloc(sizeof(*dst->ip6po_pktinfo), 1884 M_IP6OPT, canwait); 1885 if (dst->ip6po_pktinfo == NULL && canwait == M_NOWAIT) 1886 goto bad; 1887 *dst->ip6po_pktinfo = *src->ip6po_pktinfo; 1888 } 1889 if (src->ip6po_nexthop) { 1890 dst->ip6po_nexthop = malloc(src->ip6po_nexthop->sa_len, 1891 M_IP6OPT, canwait); 1892 if (dst->ip6po_nexthop == NULL && canwait == M_NOWAIT) 1893 goto bad; 1894 bcopy(src->ip6po_nexthop, dst->ip6po_nexthop, 1895 src->ip6po_nexthop->sa_len); 1896 } 1897 PKTOPT_EXTHDRCPY(ip6po_hbh); 1898 PKTOPT_EXTHDRCPY(ip6po_dest1); 1899 PKTOPT_EXTHDRCPY(ip6po_dest2); 1900 PKTOPT_EXTHDRCPY(ip6po_rthdr); /* not copy the cached route */ 1901 return (dst); 1902 1903 bad: 1904 if (dst->ip6po_pktinfo) free(dst->ip6po_pktinfo, M_IP6OPT); 1905 if (dst->ip6po_nexthop) free(dst->ip6po_nexthop, M_IP6OPT); 1906 if (dst->ip6po_hbh) free(dst->ip6po_hbh, M_IP6OPT); 1907 if (dst->ip6po_dest1) free(dst->ip6po_dest1, M_IP6OPT); 1908 if (dst->ip6po_dest2) free(dst->ip6po_dest2, M_IP6OPT); 1909 if (dst->ip6po_rthdr) free(dst->ip6po_rthdr, M_IP6OPT); 1910 free(dst, M_IP6OPT); 1911 return (NULL); 1912} 1913#undef PKTOPT_EXTHDRCPY 1914 1915void 1916ip6_freepcbopts(pktopt) 1917 struct ip6_pktopts *pktopt; 1918{ 1919 if (pktopt == NULL) 1920 return; 1921 1922 ip6_clearpktopts(pktopt, 1, -1); 1923 1924 free(pktopt, M_IP6OPT); 1925} 1926 1927/* 1928 * Set the IP6 multicast options in response to user setsockopt(). 1929 */ 1930static int 1931ip6_setmoptions(optname, im6op, m) 1932 int optname; 1933 struct ip6_moptions **im6op; 1934 struct mbuf *m; 1935{ 1936 int error = 0; 1937 u_int loop, ifindex; 1938 struct ipv6_mreq *mreq; 1939 struct ifnet *ifp; 1940 struct ip6_moptions *im6o = *im6op; 1941 struct route_in6 ro; 1942 struct sockaddr_in6 *dst; 1943 struct in6_multi_mship *imm; 1944 struct thread *td = curthread; /* XXX */ 1945 1946 if (im6o == NULL) { 1947 /* 1948 * No multicast option buffer attached to the pcb; 1949 * allocate one and initialize to default values. 1950 */ 1951 im6o = (struct ip6_moptions *) 1952 malloc(sizeof(*im6o), M_IPMOPTS, M_WAITOK); 1953 1954 if (im6o == NULL) 1955 return (ENOBUFS); 1956 *im6op = im6o; 1957 im6o->im6o_multicast_ifp = NULL; 1958 im6o->im6o_multicast_hlim = ip6_defmcasthlim; 1959 im6o->im6o_multicast_loop = IPV6_DEFAULT_MULTICAST_LOOP; 1960 LIST_INIT(&im6o->im6o_memberships); 1961 } 1962 1963 switch (optname) { 1964 1965 case IPV6_MULTICAST_IF: 1966 /* 1967 * Select the interface for outgoing multicast packets. 1968 */ 1969 if (m == NULL || m->m_len != sizeof(u_int)) { 1970 error = EINVAL; 1971 break; 1972 } 1973 bcopy(mtod(m, u_int *), &ifindex, sizeof(ifindex)); 1974 if (ifindex < 0 || if_index < ifindex) { 1975 error = ENXIO; /* XXX EINVAL? */ 1976 break; 1977 } 1978 ifp = ifnet_byindex(ifindex); 1979 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) { 1980 error = EADDRNOTAVAIL; 1981 break; 1982 } 1983 im6o->im6o_multicast_ifp = ifp; 1984 break; 1985 1986 case IPV6_MULTICAST_HOPS: 1987 { 1988 /* 1989 * Set the IP6 hoplimit for outgoing multicast packets. 1990 */ 1991 int optval; 1992 if (m == NULL || m->m_len != sizeof(int)) { 1993 error = EINVAL; 1994 break; 1995 } 1996 bcopy(mtod(m, u_int *), &optval, sizeof(optval)); 1997 if (optval < -1 || optval >= 256) 1998 error = EINVAL; 1999 else if (optval == -1) 2000 im6o->im6o_multicast_hlim = ip6_defmcasthlim; 2001 else 2002 im6o->im6o_multicast_hlim = optval; 2003 break; 2004 } 2005 2006 case IPV6_MULTICAST_LOOP: 2007 /* 2008 * Set the loopback flag for outgoing multicast packets. 2009 * Must be zero or one. 2010 */ 2011 if (m == NULL || m->m_len != sizeof(u_int)) { 2012 error = EINVAL; 2013 break; 2014 } 2015 bcopy(mtod(m, u_int *), &loop, sizeof(loop)); 2016 if (loop > 1) { 2017 error = EINVAL; 2018 break; 2019 } 2020 im6o->im6o_multicast_loop = loop; 2021 break; 2022 2023 case IPV6_JOIN_GROUP: 2024 /* 2025 * Add a multicast group membership. 2026 * Group must be a valid IP6 multicast address. 2027 */ 2028 if (m == NULL || m->m_len != sizeof(struct ipv6_mreq)) { 2029 error = EINVAL; 2030 break; 2031 } 2032 mreq = mtod(m, struct ipv6_mreq *); 2033 if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) { 2034 /* 2035 * We use the unspecified address to specify to accept 2036 * all multicast addresses. Only super user is allowed 2037 * to do this. 2038 */ 2039 if (suser(td)) 2040 { 2041 error = EACCES; 2042 break; 2043 } 2044 } else if (!IN6_IS_ADDR_MULTICAST(&mreq->ipv6mr_multiaddr)) { 2045 error = EINVAL; 2046 break; 2047 } 2048 2049 /* 2050 * If the interface is specified, validate it. 2051 */ 2052 if (mreq->ipv6mr_interface < 0 2053 || if_index < mreq->ipv6mr_interface) { 2054 error = ENXIO; /* XXX EINVAL? */ 2055 break; 2056 } 2057 /* 2058 * If no interface was explicitly specified, choose an 2059 * appropriate one according to the given multicast address. 2060 */ 2061 if (mreq->ipv6mr_interface == 0) { 2062 /* 2063 * If the multicast address is in node-local scope, 2064 * the interface should be a loopback interface. 2065 * Otherwise, look up the routing table for the 2066 * address, and choose the outgoing interface. 2067 * XXX: is it a good approach? 2068 */ 2069 if (IN6_IS_ADDR_MC_NODELOCAL(&mreq->ipv6mr_multiaddr)) { 2070 ifp = &loif[0]; 2071 } else { 2072 ro.ro_rt = NULL; 2073 dst = (struct sockaddr_in6 *)&ro.ro_dst; 2074 bzero(dst, sizeof(*dst)); 2075 dst->sin6_len = sizeof(struct sockaddr_in6); 2076 dst->sin6_family = AF_INET6; 2077 dst->sin6_addr = mreq->ipv6mr_multiaddr; 2078 rtalloc((struct route *)&ro); 2079 if (ro.ro_rt == NULL) { 2080 error = EADDRNOTAVAIL; 2081 break; 2082 } 2083 ifp = ro.ro_rt->rt_ifp; 2084 RTFREE(ro.ro_rt); 2085 } 2086 } else 2087 ifp = ifnet_byindex(mreq->ipv6mr_interface); 2088 2089 /* 2090 * See if we found an interface, and confirm that it 2091 * supports multicast 2092 */ 2093 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) { 2094 error = EADDRNOTAVAIL; 2095 break; 2096 } 2097 /* 2098 * Put interface index into the multicast address, 2099 * if the address has link-local scope. 2100 */ 2101 if (IN6_IS_ADDR_MC_LINKLOCAL(&mreq->ipv6mr_multiaddr)) { 2102 mreq->ipv6mr_multiaddr.s6_addr16[1] 2103 = htons(mreq->ipv6mr_interface); 2104 } 2105 /* 2106 * See if the membership already exists. 2107 */ 2108 for (imm = im6o->im6o_memberships.lh_first; 2109 imm != NULL; imm = imm->i6mm_chain.le_next) 2110 if (imm->i6mm_maddr->in6m_ifp == ifp && 2111 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr, 2112 &mreq->ipv6mr_multiaddr)) 2113 break; 2114 if (imm != NULL) { 2115 error = EADDRINUSE; 2116 break; 2117 } 2118 /* 2119 * Everything looks good; add a new record to the multicast 2120 * address list for the given interface. 2121 */ 2122 imm = malloc(sizeof(*imm), M_IPMADDR, M_WAITOK); 2123 if (imm == NULL) { 2124 error = ENOBUFS; 2125 break; 2126 } 2127 if ((imm->i6mm_maddr = 2128 in6_addmulti(&mreq->ipv6mr_multiaddr, ifp, &error)) == NULL) { 2129 free(imm, M_IPMADDR); 2130 break; 2131 } 2132 LIST_INSERT_HEAD(&im6o->im6o_memberships, imm, i6mm_chain); 2133 break; 2134 2135 case IPV6_LEAVE_GROUP: 2136 /* 2137 * Drop a multicast group membership. 2138 * Group must be a valid IP6 multicast address. 2139 */ 2140 if (m == NULL || m->m_len != sizeof(struct ipv6_mreq)) { 2141 error = EINVAL; 2142 break; 2143 } 2144 mreq = mtod(m, struct ipv6_mreq *); 2145 if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) { 2146 if (suser(td)) { 2147 error = EACCES; 2148 break; 2149 } 2150 } else if (!IN6_IS_ADDR_MULTICAST(&mreq->ipv6mr_multiaddr)) { 2151 error = EINVAL; 2152 break; 2153 } 2154 /* 2155 * If an interface address was specified, get a pointer 2156 * to its ifnet structure. 2157 */ 2158 if (mreq->ipv6mr_interface < 0 2159 || if_index < mreq->ipv6mr_interface) { 2160 error = ENXIO; /* XXX EINVAL? */ 2161 break; 2162 } 2163 ifp = ifnet_byindex(mreq->ipv6mr_interface); 2164 /* 2165 * Put interface index into the multicast address, 2166 * if the address has link-local scope. 2167 */ 2168 if (IN6_IS_ADDR_MC_LINKLOCAL(&mreq->ipv6mr_multiaddr)) { 2169 mreq->ipv6mr_multiaddr.s6_addr16[1] 2170 = htons(mreq->ipv6mr_interface); 2171 } 2172 /* 2173 * Find the membership in the membership list. 2174 */ 2175 for (imm = im6o->im6o_memberships.lh_first; 2176 imm != NULL; imm = imm->i6mm_chain.le_next) { 2177 if ((ifp == NULL || 2178 imm->i6mm_maddr->in6m_ifp == ifp) && 2179 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr, 2180 &mreq->ipv6mr_multiaddr)) 2181 break; 2182 } 2183 if (imm == NULL) { 2184 /* Unable to resolve interface */ 2185 error = EADDRNOTAVAIL; 2186 break; 2187 } 2188 /* 2189 * Give up the multicast address record to which the 2190 * membership points. 2191 */ 2192 LIST_REMOVE(imm, i6mm_chain); 2193 in6_delmulti(imm->i6mm_maddr); 2194 free(imm, M_IPMADDR); 2195 break; 2196 2197 default: 2198 error = EOPNOTSUPP; 2199 break; 2200 } 2201 2202 /* 2203 * If all options have default values, no need to keep the mbuf. 2204 */ 2205 if (im6o->im6o_multicast_ifp == NULL && 2206 im6o->im6o_multicast_hlim == ip6_defmcasthlim && 2207 im6o->im6o_multicast_loop == IPV6_DEFAULT_MULTICAST_LOOP && 2208 im6o->im6o_memberships.lh_first == NULL) { 2209 free(*im6op, M_IPMOPTS); 2210 *im6op = NULL; 2211 } 2212 2213 return (error); 2214} 2215 2216/* 2217 * Return the IP6 multicast options in response to user getsockopt(). 2218 */ 2219static int 2220ip6_getmoptions(optname, im6o, mp) 2221 int optname; 2222 struct ip6_moptions *im6o; 2223 struct mbuf **mp; 2224{ 2225 u_int *hlim, *loop, *ifindex; 2226 2227 *mp = m_get(M_TRYWAIT, MT_HEADER); /* XXX */ 2228 2229 switch (optname) { 2230 2231 case IPV6_MULTICAST_IF: 2232 ifindex = mtod(*mp, u_int *); 2233 (*mp)->m_len = sizeof(u_int); 2234 if (im6o == NULL || im6o->im6o_multicast_ifp == NULL) 2235 *ifindex = 0; 2236 else 2237 *ifindex = im6o->im6o_multicast_ifp->if_index; 2238 return (0); 2239 2240 case IPV6_MULTICAST_HOPS: 2241 hlim = mtod(*mp, u_int *); 2242 (*mp)->m_len = sizeof(u_int); 2243 if (im6o == NULL) 2244 *hlim = ip6_defmcasthlim; 2245 else 2246 *hlim = im6o->im6o_multicast_hlim; 2247 return (0); 2248 2249 case IPV6_MULTICAST_LOOP: 2250 loop = mtod(*mp, u_int *); 2251 (*mp)->m_len = sizeof(u_int); 2252 if (im6o == NULL) 2253 *loop = ip6_defmcasthlim; 2254 else 2255 *loop = im6o->im6o_multicast_loop; 2256 return (0); 2257 2258 default: 2259 return (EOPNOTSUPP); 2260 } 2261} 2262 2263/* 2264 * Discard the IP6 multicast options. 2265 */ 2266void 2267ip6_freemoptions(im6o) 2268 struct ip6_moptions *im6o; 2269{ 2270 struct in6_multi_mship *imm; 2271 2272 if (im6o == NULL) 2273 return; 2274 2275 while ((imm = im6o->im6o_memberships.lh_first) != NULL) { 2276 LIST_REMOVE(imm, i6mm_chain); 2277 if (imm->i6mm_maddr) 2278 in6_delmulti(imm->i6mm_maddr); 2279 free(imm, M_IPMADDR); 2280 } 2281 free(im6o, M_IPMOPTS); 2282} 2283 2284/* 2285 * Set IPv6 outgoing packet options based on advanced API. 2286 */ 2287int 2288ip6_setpktoptions(control, opt, priv, needcopy) 2289 struct mbuf *control; 2290 struct ip6_pktopts *opt; 2291 int priv, needcopy; 2292{ 2293 struct cmsghdr *cm = 0; 2294 2295 if (control == 0 || opt == 0) 2296 return (EINVAL); 2297 2298 init_ip6pktopts(opt); 2299 2300 /* 2301 * XXX: Currently, we assume all the optional information is stored 2302 * in a single mbuf. 2303 */ 2304 if (control->m_next) 2305 return (EINVAL); 2306 2307 for (; control->m_len; control->m_data += CMSG_ALIGN(cm->cmsg_len), 2308 control->m_len -= CMSG_ALIGN(cm->cmsg_len)) { 2309 cm = mtod(control, struct cmsghdr *); 2310 if (cm->cmsg_len == 0 || cm->cmsg_len > control->m_len) 2311 return (EINVAL); 2312 if (cm->cmsg_level != IPPROTO_IPV6) 2313 continue; 2314 2315 /* 2316 * XXX should check if RFC2292 API is mixed with 2292bis API 2317 */ 2318 switch (cm->cmsg_type) { 2319 case IPV6_PKTINFO: 2320 if (cm->cmsg_len != CMSG_LEN(sizeof(struct in6_pktinfo))) 2321 return (EINVAL); 2322 if (needcopy) { 2323 /* XXX: Is it really WAITOK? */ 2324 opt->ip6po_pktinfo = 2325 malloc(sizeof(struct in6_pktinfo), 2326 M_IP6OPT, M_WAITOK); 2327 bcopy(CMSG_DATA(cm), opt->ip6po_pktinfo, 2328 sizeof(struct in6_pktinfo)); 2329 } else 2330 opt->ip6po_pktinfo = 2331 (struct in6_pktinfo *)CMSG_DATA(cm); 2332 if (opt->ip6po_pktinfo->ipi6_ifindex && 2333 IN6_IS_ADDR_LINKLOCAL(&opt->ip6po_pktinfo->ipi6_addr)) 2334 opt->ip6po_pktinfo->ipi6_addr.s6_addr16[1] = 2335 htons(opt->ip6po_pktinfo->ipi6_ifindex); 2336 2337 if (opt->ip6po_pktinfo->ipi6_ifindex > if_index 2338 || opt->ip6po_pktinfo->ipi6_ifindex < 0) { 2339 return (ENXIO); 2340 } 2341 2342 /* 2343 * Check if the requested source address is indeed a 2344 * unicast address assigned to the node, and can be 2345 * used as the packet's source address. 2346 */ 2347 if (!IN6_IS_ADDR_UNSPECIFIED(&opt->ip6po_pktinfo->ipi6_addr)) { 2348 struct in6_ifaddr *ia6; 2349 struct sockaddr_in6 sin6; 2350 2351 bzero(&sin6, sizeof(sin6)); 2352 sin6.sin6_len = sizeof(sin6); 2353 sin6.sin6_family = AF_INET6; 2354 sin6.sin6_addr = 2355 opt->ip6po_pktinfo->ipi6_addr; 2356 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(sin6tosa(&sin6)); 2357 if (ia6 == NULL || 2358 (ia6->ia6_flags & (IN6_IFF_ANYCAST | 2359 IN6_IFF_NOTREADY)) != 0) 2360 return (EADDRNOTAVAIL); 2361 } 2362 break; 2363 2364 case IPV6_HOPLIMIT: 2365 if (cm->cmsg_len != CMSG_LEN(sizeof(int))) 2366 return (EINVAL); 2367 2368 opt->ip6po_hlim = *(int *)CMSG_DATA(cm); 2369 if (opt->ip6po_hlim < -1 || opt->ip6po_hlim > 255) 2370 return (EINVAL); 2371 break; 2372 2373 case IPV6_NEXTHOP: 2374 if (!priv) 2375 return (EPERM); 2376 2377 if (cm->cmsg_len < sizeof(u_char) || 2378 /* check if cmsg_len is large enough for sa_len */ 2379 cm->cmsg_len < CMSG_LEN(*CMSG_DATA(cm))) 2380 return (EINVAL); 2381 2382 if (needcopy) { 2383 opt->ip6po_nexthop = 2384 malloc(*CMSG_DATA(cm), 2385 M_IP6OPT, M_WAITOK); 2386 bcopy(CMSG_DATA(cm), 2387 opt->ip6po_nexthop, 2388 *CMSG_DATA(cm)); 2389 } else 2390 opt->ip6po_nexthop = 2391 (struct sockaddr *)CMSG_DATA(cm); 2392 break; 2393 2394 case IPV6_HOPOPTS: 2395 { 2396 struct ip6_hbh *hbh; 2397 int hbhlen; 2398 2399 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_hbh))) 2400 return (EINVAL); 2401 hbh = (struct ip6_hbh *)CMSG_DATA(cm); 2402 hbhlen = (hbh->ip6h_len + 1) << 3; 2403 if (cm->cmsg_len != CMSG_LEN(hbhlen)) 2404 return (EINVAL); 2405 2406 if (needcopy) { 2407 opt->ip6po_hbh = 2408 malloc(hbhlen, M_IP6OPT, M_WAITOK); 2409 bcopy(hbh, opt->ip6po_hbh, hbhlen); 2410 } else 2411 opt->ip6po_hbh = hbh; 2412 break; 2413 } 2414 2415 case IPV6_DSTOPTS: 2416 { 2417 struct ip6_dest *dest, **newdest; 2418 int destlen; 2419 2420 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_dest))) 2421 return (EINVAL); 2422 dest = (struct ip6_dest *)CMSG_DATA(cm); 2423 destlen = (dest->ip6d_len + 1) << 3; 2424 if (cm->cmsg_len != CMSG_LEN(destlen)) 2425 return (EINVAL); 2426 2427 /* 2428 * The old advacned API is ambiguous on this 2429 * point. Our approach is to determine the 2430 * position based according to the existence 2431 * of a routing header. Note, however, that 2432 * this depends on the order of the extension 2433 * headers in the ancillary data; the 1st part 2434 * of the destination options header must 2435 * appear before the routing header in the 2436 * ancillary data, too. 2437 * RFC2292bis solved the ambiguity by 2438 * introducing separate cmsg types. 2439 */ 2440 if (opt->ip6po_rthdr == NULL) 2441 newdest = &opt->ip6po_dest1; 2442 else 2443 newdest = &opt->ip6po_dest2; 2444 2445 if (needcopy) { 2446 *newdest = malloc(destlen, M_IP6OPT, M_WAITOK); 2447 bcopy(dest, *newdest, destlen); 2448 } else 2449 *newdest = dest; 2450 2451 break; 2452 } 2453 2454 case IPV6_RTHDR: 2455 { 2456 struct ip6_rthdr *rth; 2457 int rthlen; 2458 2459 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_rthdr))) 2460 return (EINVAL); 2461 rth = (struct ip6_rthdr *)CMSG_DATA(cm); 2462 rthlen = (rth->ip6r_len + 1) << 3; 2463 if (cm->cmsg_len != CMSG_LEN(rthlen)) 2464 return (EINVAL); 2465 2466 switch (rth->ip6r_type) { 2467 case IPV6_RTHDR_TYPE_0: 2468 /* must contain one addr */ 2469 if (rth->ip6r_len == 0) 2470 return (EINVAL); 2471 /* length must be even */ 2472 if (rth->ip6r_len % 2) 2473 return (EINVAL); 2474 if (rth->ip6r_len / 2 != rth->ip6r_segleft) 2475 return (EINVAL); 2476 break; 2477 default: 2478 return (EINVAL); /* not supported */ 2479 } 2480 2481 if (needcopy) { 2482 opt->ip6po_rthdr = malloc(rthlen, M_IP6OPT, 2483 M_WAITOK); 2484 bcopy(rth, opt->ip6po_rthdr, rthlen); 2485 } else 2486 opt->ip6po_rthdr = rth; 2487 2488 break; 2489 } 2490 2491 default: 2492 return (ENOPROTOOPT); 2493 } 2494 } 2495 2496 return (0); 2497} 2498 2499/* 2500 * Routine called from ip6_output() to loop back a copy of an IP6 multicast 2501 * packet to the input queue of a specified interface. Note that this 2502 * calls the output routine of the loopback "driver", but with an interface 2503 * pointer that might NOT be &loif -- easier than replicating that code here. 2504 */ 2505void 2506ip6_mloopback(ifp, m, dst) 2507 struct ifnet *ifp; 2508 struct mbuf *m; 2509 struct sockaddr_in6 *dst; 2510{ 2511 struct mbuf *copym; 2512 struct ip6_hdr *ip6; 2513 2514 copym = m_copy(m, 0, M_COPYALL); 2515 if (copym == NULL) 2516 return; 2517 2518 /* 2519 * Make sure to deep-copy IPv6 header portion in case the data 2520 * is in an mbuf cluster, so that we can safely override the IPv6 2521 * header portion later. 2522 */ 2523 if ((copym->m_flags & M_EXT) != 0 || 2524 copym->m_len < sizeof(struct ip6_hdr)) { 2525 copym = m_pullup(copym, sizeof(struct ip6_hdr)); 2526 if (copym == NULL) 2527 return; 2528 } 2529 2530#ifdef DIAGNOSTIC 2531 if (copym->m_len < sizeof(*ip6)) { 2532 m_freem(copym); 2533 return; 2534 } 2535#endif 2536 2537 ip6 = mtod(copym, struct ip6_hdr *); 2538#ifndef SCOPEDROUTING 2539 /* 2540 * clear embedded scope identifiers if necessary. 2541 * in6_clearscope will touch the addresses only when necessary. 2542 */ 2543 in6_clearscope(&ip6->ip6_src); 2544 in6_clearscope(&ip6->ip6_dst); 2545#endif 2546 2547 (void)if_simloop(ifp, copym, dst->sin6_family, 0); 2548} 2549 2550/* 2551 * Chop IPv6 header off from the payload. 2552 */ 2553static int 2554ip6_splithdr(m, exthdrs) 2555 struct mbuf *m; 2556 struct ip6_exthdrs *exthdrs; 2557{ 2558 struct mbuf *mh; 2559 struct ip6_hdr *ip6; 2560 2561 ip6 = mtod(m, struct ip6_hdr *); 2562 if (m->m_len > sizeof(*ip6)) { 2563 MGETHDR(mh, M_DONTWAIT, MT_HEADER); 2564 if (mh == 0) { 2565 m_freem(m); 2566 return ENOBUFS; 2567 } 2568 M_MOVE_PKTHDR(mh, m); 2569 MH_ALIGN(mh, sizeof(*ip6)); 2570 m->m_len -= sizeof(*ip6); 2571 m->m_data += sizeof(*ip6); 2572 mh->m_next = m; 2573 m = mh; 2574 m->m_len = sizeof(*ip6); 2575 bcopy((caddr_t)ip6, mtod(m, caddr_t), sizeof(*ip6)); 2576 } 2577 exthdrs->ip6e_ip6 = m; 2578 return 0; 2579} 2580 2581/* 2582 * Compute IPv6 extension header length. 2583 */ 2584int 2585ip6_optlen(in6p) 2586 struct in6pcb *in6p; 2587{ 2588 int len; 2589 2590 if (!in6p->in6p_outputopts) 2591 return 0; 2592 2593 len = 0; 2594#define elen(x) \ 2595 (((struct ip6_ext *)(x)) ? (((struct ip6_ext *)(x))->ip6e_len + 1) << 3 : 0) 2596 2597 len += elen(in6p->in6p_outputopts->ip6po_hbh); 2598 if (in6p->in6p_outputopts->ip6po_rthdr) 2599 /* dest1 is valid with rthdr only */ 2600 len += elen(in6p->in6p_outputopts->ip6po_dest1); 2601 len += elen(in6p->in6p_outputopts->ip6po_rthdr); 2602 len += elen(in6p->in6p_outputopts->ip6po_dest2); 2603 return len; 2604#undef elen 2605} 2606