raw_ip6.c revision 55009
1/* 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $FreeBSD: head/sys/netinet6/raw_ip6.c 55009 1999-12-22 19:13:38Z shin $ 30 */ 31 32/* 33 * Copyright (c) 1982, 1986, 1988, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. All advertising materials mentioning features or use of this software 45 * must display the following acknowledgement: 46 * This product includes software developed by the University of 47 * California, Berkeley and its contributors. 48 * 4. Neither the name of the University nor the names of its contributors 49 * may be used to endorse or promote products derived from this software 50 * without specific prior written permission. 51 * 52 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 53 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 54 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 55 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 56 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 57 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 58 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 59 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 60 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 61 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 62 * SUCH DAMAGE. 63 * 64 * @(#)raw_ip.c 8.2 (Berkeley) 1/4/94 65 */ 66 67#include "opt_ipsec.h" 68 69#include <stddef.h> 70 71#include <sys/param.h> 72#include <sys/malloc.h> 73#include <sys/proc.h> 74#include <sys/mbuf.h> 75#include <sys/socket.h> 76#include <sys/protosw.h> 77#include <sys/socketvar.h> 78#include <sys/errno.h> 79#include <sys/systm.h> 80 81#include <net/if.h> 82#include <net/route.h> 83#include <net/if_types.h> 84 85#include <netinet/in.h> 86#include <netinet/in_var.h> 87#include <netinet/in_systm.h> 88#include <netinet6/ip6.h> 89#include <netinet6/ip6_var.h> 90#include <netinet6/icmp6.h> 91#include <netinet/in_pcb.h> 92#include <netinet6/in6_pcb.h> 93#include <netinet6/nd6.h> 94 95#ifdef IPSEC 96#include <netinet6/ipsec.h> 97#include <netinet6/ipsec6.h> 98#endif /*IPSEC*/ 99 100#include <machine/stdarg.h> 101 102#include "faith.h" 103 104#define satosin6(sa) ((struct sockaddr_in6 *)(sa)) 105#define ifatoia6(ifa) ((struct in6_ifaddr *)(ifa)) 106 107/* 108 * Raw interface to IP6 protocol. 109 */ 110 111extern struct inpcbhead ripcb; 112extern struct inpcbinfo ripcbinfo; 113extern u_long rip_sendspace; 114extern u_long rip_recvspace; 115 116/* 117 * Setup generic address and protocol structures 118 * for raw_input routine, then pass them along with 119 * mbuf chain. 120 */ 121int 122rip6_input(mp, offp, proto) 123 struct mbuf **mp; 124 int *offp, proto; 125{ 126 struct mbuf *m = *mp; 127 register struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 128 register struct inpcb *in6p; 129 struct inpcb *last = 0; 130 struct mbuf *opts = 0; 131 struct sockaddr_in6 rip6src; 132 133#if defined(NFAITH) && 0 < NFAITH 134 if (m->m_pkthdr.rcvif) { 135 if (m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 136 /* XXX send icmp6 host/port unreach? */ 137 m_freem(m); 138 return IPPROTO_DONE; 139 } 140 } 141#endif 142 init_sin6(&rip6src, m); /* general init */ 143 144 LIST_FOREACH(in6p, &ripcb, inp_list) { 145 if ((in6p->in6p_vflag & INP_IPV6) == 0) 146 continue; 147 if (in6p->in6p_ip6_nxt && 148 in6p->in6p_ip6_nxt != proto) 149 continue; 150 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) && 151 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, &ip6->ip6_dst)) 152 continue; 153 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr) && 154 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, &ip6->ip6_src)) 155 continue; 156 if (in6p->in6p_cksum != -1 157 && in6_cksum(m, ip6->ip6_nxt, *offp, 158 m->m_pkthdr.len - *offp)) { 159 /* XXX bark something */ 160 continue; 161 } 162 if (last) { 163 struct mbuf *n = m_copy(m, 0, (int)M_COPYALL); 164 if (n) { 165 if (last->in6p_flags & IN6P_CONTROLOPTS || 166 last->in6p_socket->so_options & SO_TIMESTAMP) 167 ip6_savecontrol(last, &opts, ip6, n); 168 /* strip intermediate headers */ 169 m_adj(n, *offp); 170 if (sbappendaddr(&last->in6p_socket->so_rcv, 171 (struct sockaddr *)&rip6src, 172 n, opts) == 0) { 173 /* should notify about lost packet */ 174 m_freem(n); 175 if (opts) 176 m_freem(opts); 177 } else 178 sorwakeup(last->in6p_socket); 179 opts = NULL; 180 } 181 } 182 last = in6p; 183 } 184 if (last) { 185 if (last->in6p_flags & IN6P_CONTROLOPTS || 186 last->in6p_socket->so_options & SO_TIMESTAMP) 187 ip6_savecontrol(last, &opts, ip6, m); 188 /* strip intermediate headers */ 189 m_adj(m, *offp); 190 if (sbappendaddr(&last->in6p_socket->so_rcv, 191 (struct sockaddr *)&rip6src, m, opts) == 0) { 192 m_freem(m); 193 if (opts) 194 m_freem(opts); 195 } else 196 sorwakeup(last->in6p_socket); 197 } else { 198 if (proto == IPPROTO_NONE) 199 m_freem(m); 200 else { 201 char *prvnxtp = ip6_get_prevhdr(m, *offp); /* XXX */ 202 icmp6_error(m, ICMP6_PARAM_PROB, 203 ICMP6_PARAMPROB_NEXTHEADER, 204 prvnxtp - mtod(m, char *)); 205 } 206 ip6stat.ip6s_delivered--; 207 } 208 return IPPROTO_DONE; 209} 210 211/* 212 * Generate IPv6 header and pass packet to ip6_output. 213 * Tack on options user may have setup with control call. 214 */ 215int 216#if __STDC__ 217rip6_output(struct mbuf *m, ...) 218#else 219rip6_output(m, va_alist) 220 struct mbuf *m; 221 va_dcl 222#endif 223{ 224 struct socket *so; 225 struct sockaddr_in6 *dstsock; 226 struct mbuf *control; 227 struct in6_addr *dst; 228 struct ip6_hdr *ip6; 229 struct inpcb *in6p; 230 u_int plen = m->m_pkthdr.len; 231 int error = 0; 232 struct ip6_pktopts opt, *optp = 0; 233 struct ifnet *oifp = NULL; 234 int type = 0, code = 0; /* for ICMPv6 output statistics only */ 235 int priv = 0; 236 va_list ap; 237 238 va_start(ap, m); 239 so = va_arg(ap, struct socket *); 240 dstsock = va_arg(ap, struct sockaddr_in6 *); 241 control = va_arg(ap, struct mbuf *); 242 va_end(ap); 243 244 in6p = sotoin6pcb(so); 245 246 priv = 0; 247 if (so->so_cred->cr_uid == 0) 248 priv = 1; 249 dst = &dstsock->sin6_addr; 250 if (control) { 251 if ((error = ip6_setpktoptions(control, &opt, priv)) != 0) 252 goto bad; 253 optp = &opt; 254 } else 255 optp = in6p->in6p_outputopts; 256 257 /* 258 * For an ICMPv6 packet, we should know its type and code 259 * to update statistics. 260 */ 261 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) { 262 struct icmp6_hdr *icmp6; 263 if (m->m_len < sizeof(struct icmp6_hdr) && 264 (m = m_pullup(m, sizeof(struct icmp6_hdr))) == NULL) { 265 error = ENOBUFS; 266 goto bad; 267 } 268 icmp6 = mtod(m, struct icmp6_hdr *); 269 type = icmp6->icmp6_type; 270 code = icmp6->icmp6_code; 271 } 272 273 M_PREPEND(m, sizeof(*ip6), M_WAIT); 274 ip6 = mtod(m, struct ip6_hdr *); 275 276 /* 277 * Next header might not be ICMP6 but use its pseudo header anyway. 278 */ 279 ip6->ip6_dst = *dst; 280 281 /* 282 * If the scope of the destination is link-local, embed the interface 283 * index in the address. 284 * 285 * XXX advanced-api value overrides sin6_scope_id 286 */ 287 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) { 288 struct in6_pktinfo *pi; 289 290 /* 291 * XXX Boundary check is assumed to be already done in 292 * ip6_setpktoptions(). 293 */ 294 if (optp && (pi = optp->ip6po_pktinfo) && pi->ipi6_ifindex) { 295 ip6->ip6_dst.s6_addr16[1] = htons(pi->ipi6_ifindex); 296 oifp = ifindex2ifnet[pi->ipi6_ifindex]; 297 } else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) && 298 in6p->in6p_moptions && 299 in6p->in6p_moptions->im6o_multicast_ifp) { 300 oifp = in6p->in6p_moptions->im6o_multicast_ifp; 301 ip6->ip6_dst.s6_addr16[1] = htons(oifp->if_index); 302 } else if (dstsock->sin6_scope_id) { 303 /* boundary check */ 304 if (dstsock->sin6_scope_id < 0 305 || if_index < dstsock->sin6_scope_id) { 306 error = ENXIO; /* XXX EINVAL? */ 307 goto bad; 308 } 309 ip6->ip6_dst.s6_addr16[1] 310 = htons(dstsock->sin6_scope_id & 0xffff);/*XXX*/ 311 } 312 } 313 314 /* 315 * Source address selection. 316 */ 317 { 318 struct in6_addr *in6a; 319 320 if ((in6a = in6_selectsrc(dstsock, optp, 321 in6p->in6p_moptions, 322 &in6p->in6p_route, 323 &in6p->in6p_laddr, 324 &error)) == 0) { 325 if (error == 0) 326 error = EADDRNOTAVAIL; 327 goto bad; 328 } 329 ip6->ip6_src = *in6a; 330 if (in6p->in6p_route.ro_rt) 331 oifp = ifindex2ifnet[in6p->in6p_route.ro_rt->rt_ifp->if_index]; 332 } 333 ip6->ip6_flow = (ip6->ip6_flow & ~IPV6_FLOWINFO_MASK) | 334 (in6p->in6p_flowinfo & IPV6_FLOWINFO_MASK); 335 ip6->ip6_vfc = (ip6->ip6_vfc & ~IPV6_VERSION_MASK) | 336 (IPV6_VERSION & IPV6_VERSION_MASK); 337 /* ip6_plen will be filled in ip6_output, so not fill it here. */ 338 ip6->ip6_nxt = in6p->in6p_ip6_nxt; 339 ip6->ip6_hlim = in6_selecthlim(in6p, oifp); 340 341 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6 || 342 in6p->in6p_cksum != -1) { 343 struct mbuf *n; 344 int off; 345 u_int16_t *p; 346 347#define offsetof(type, member) ((size_t)(&((type *)0)->member)) /* XXX */ 348 349 /* compute checksum */ 350 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) 351 off = offsetof(struct icmp6_hdr, icmp6_cksum); 352 else 353 off = in6p->in6p_cksum; 354 if (plen < off + 1) { 355 error = EINVAL; 356 goto bad; 357 } 358 off += sizeof(struct ip6_hdr); 359 360 n = m; 361 while (n && n->m_len <= off) { 362 off -= n->m_len; 363 n = n->m_next; 364 } 365 if (!n) 366 goto bad; 367 p = (u_int16_t *)(mtod(n, caddr_t) + off); 368 *p = 0; 369 *p = in6_cksum(m, ip6->ip6_nxt, sizeof(*ip6), plen); 370 } 371 372#ifdef IPSEC 373 m->m_pkthdr.rcvif = (struct ifnet *)so; 374#endif /*IPSEC*/ 375 376 error = ip6_output(m, optp, &in6p->in6p_route, IPV6_SOCKINMRCVIF, 377 in6p->in6p_moptions, &oifp); 378 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) { 379 if (oifp) 380 icmp6_ifoutstat_inc(oifp, type, code); 381 icmp6stat.icp6s_outhist[type]++; 382 } 383 384 goto freectl; 385 386 bad: 387 if (m) 388 m_freem(m); 389 390 freectl: 391 if (optp == &opt && optp->ip6po_rthdr && optp->ip6po_route.ro_rt) 392 RTFREE(optp->ip6po_route.ro_rt); 393 if (control) 394 m_freem(control); 395 return(error); 396} 397 398/* 399 * Raw IPv6 socket option processing. 400 */ 401int 402rip6_ctloutput(so, sopt) 403 struct socket *so; 404 struct sockopt *sopt; 405{ 406 int error; 407 408 if (sopt->sopt_level == IPPROTO_ICMPV6) 409 /* 410 * XXX: is it better to call icmp6_ctloutput() directly 411 * from protosw? 412 */ 413 return(icmp6_ctloutput(so, sopt)); 414 else if (sopt->sopt_level != IPPROTO_IPV6) 415 return (EINVAL); 416 417 error = 0; 418 419 switch (sopt->sopt_dir) { 420 case SOPT_GET: 421 switch (sopt->sopt_name) { 422 default: 423 error = ip6_ctloutput(so, sopt); 424 break; 425 } 426 break; 427 428 case SOPT_SET: 429 switch (sopt->sopt_name) { 430 default: 431 error = ip6_ctloutput(so, sopt); 432 break; 433 } 434 break; 435 } 436 437 return (error); 438} 439 440static int 441rip6_attach(struct socket *so, int proto, struct proc *p) 442{ 443 struct inpcb *inp; 444 int error, s; 445 446 inp = sotoinpcb(so); 447 if (inp) 448 panic("rip6_attach"); 449 if (p && (error = suser(p)) != 0) 450 return error; 451 452 error = soreserve(so, rip_sendspace, rip_recvspace); 453 if (error) 454 return error; 455 s = splnet(); 456 error = in_pcballoc(so, &ripcbinfo, p); 457 splx(s); 458 if (error) 459 return error; 460 inp = (struct inpcb *)so->so_pcb; 461 inp->inp_vflag |= INP_IPV6; 462 inp->in6p_ip6_nxt = (long)proto; 463 inp->in6p_hops = -1; /* use kernel default */ 464 inp->in6p_cksum = -1; 465#ifdef IPSEC 466 error = ipsec_init_policy(so, &inp->in6p_sp); 467 if (error != 0) { 468 in6_pcbdetach(inp); 469 return (error); 470 } 471#endif /*IPSEC*/ 472 MALLOC(inp->in6p_icmp6filt, struct icmp6_filter *, 473 sizeof(struct icmp6_filter), M_PCB, M_NOWAIT); 474 ICMP6_FILTER_SETPASSALL(inp->in6p_icmp6filt); 475 return 0; 476} 477 478static int 479rip6_detach(struct socket *so) 480{ 481 struct inpcb *inp; 482 483 inp = sotoinpcb(so); 484 if (inp == 0) 485 panic("rip6_detach"); 486 /* xxx: RSVP */ 487 if (inp->in6p_icmp6filt) { 488 FREE(inp->in6p_icmp6filt, M_PCB); 489 inp->in6p_icmp6filt = NULL; 490 } 491 in6_pcbdetach(inp); 492 return 0; 493} 494 495static int 496rip6_abort(struct socket *so) 497{ 498 soisdisconnected(so); 499 return rip6_detach(so); 500} 501 502static int 503rip6_disconnect(struct socket *so) 504{ 505 struct inpcb *inp = sotoinpcb(so); 506 507 if ((so->so_state & SS_ISCONNECTED) == 0) 508 return ENOTCONN; 509 inp->in6p_faddr = in6addr_any; 510 return rip6_abort(so); 511} 512 513static int 514rip6_bind(struct socket *so, struct sockaddr *nam, struct proc *p) 515{ 516 struct inpcb *inp = sotoinpcb(so); 517 struct sockaddr_in6 *addr = (struct sockaddr_in6 *)nam; 518 struct ifaddr *ia = NULL; 519 520 if (nam->sa_len != sizeof(*addr)) 521 return EINVAL; 522 523 if (TAILQ_EMPTY(&ifnet) || addr->sin6_family != AF_INET6) 524 return EADDRNOTAVAIL; 525 if (!IN6_IS_ADDR_UNSPECIFIED(&addr->sin6_addr) && 526 (ia = ifa_ifwithaddr((struct sockaddr *)addr)) == 0) 527 return EADDRNOTAVAIL; 528 if (ia && 529 ((struct in6_ifaddr *)ia)->ia6_flags & 530 (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY| 531 IN6_IFF_DETACHED|IN6_IFF_DEPRECATED)) { 532 return(EADDRNOTAVAIL); 533 } 534 inp->in6p_laddr = addr->sin6_addr; 535 return 0; 536} 537 538static int 539rip6_connect(struct socket *so, struct sockaddr *nam, struct proc *p) 540{ 541 struct inpcb *inp = sotoinpcb(so); 542 struct sockaddr_in6 *addr = (struct sockaddr_in6 *)nam; 543 struct in6_addr *in6a = NULL; 544 int error = 0; 545 546 if (nam->sa_len != sizeof(*addr)) 547 return EINVAL; 548 if (TAILQ_EMPTY(&ifnet)) 549 return EADDRNOTAVAIL; 550 if (addr->sin6_family != AF_INET6) 551 return EAFNOSUPPORT; 552 553 /* Source address selection. XXX: need pcblookup? */ 554 in6a = in6_selectsrc(addr, inp->in6p_outputopts, 555 inp->in6p_moptions, &inp->in6p_route, 556 &inp->in6p_laddr, &error); 557 if (in6a == NULL) 558 return (error ? error : EADDRNOTAVAIL); 559 inp->in6p_laddr = *in6a; 560 inp->in6p_faddr = addr->sin6_addr; 561 soisconnected(so); 562 return 0; 563} 564 565static int 566rip6_shutdown(struct socket *so) 567{ 568 socantsendmore(so); 569 return 0; 570} 571 572static int 573rip6_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, 574 struct mbuf *control, struct proc *p) 575{ 576 struct inpcb *inp = sotoinpcb(so); 577 struct sockaddr_in6 tmp; 578 struct sockaddr_in6 *dst; 579 580 if (so->so_state & SS_ISCONNECTED) { 581 if (nam) { 582 m_freem(m); 583 return EISCONN; 584 } 585 /* XXX */ 586 bzero(&tmp, sizeof(tmp)); 587 tmp.sin6_family = AF_INET6; 588 tmp.sin6_len = sizeof(struct sockaddr_in6); 589 bcopy(&inp->in6p_faddr, &tmp.sin6_addr, 590 sizeof(struct in6_addr)); 591 dst = &tmp; 592 } else { 593 if (nam == NULL) { 594 m_freem(m); 595 return ENOTCONN; 596 } 597 dst = (struct sockaddr_in6 *)nam; 598 } 599 return rip6_output(m, so, dst, control); 600} 601 602struct pr_usrreqs rip6_usrreqs = { 603 rip6_abort, pru_accept_notsupp, rip6_attach, rip6_bind, rip6_connect, 604 pru_connect2_notsupp, in6_control, rip6_detach, rip6_disconnect, 605 pru_listen_notsupp, in6_setpeeraddr, pru_rcvd_notsupp, 606 pru_rcvoob_notsupp, rip6_send, pru_sense_null, rip6_shutdown, 607 in6_setsockaddr, sosend, soreceive, sopoll 608}; 609