ip6_forward.c revision 158295 
1/*	$FreeBSD: head/sys/netinet6/ip6_forward.c 158295 2006-05-04 18:41:08Z bz $	*/
2/*	$KAME: ip6_forward.c,v 1.69 2001/05/17 03:48:30 itojun Exp $	*/
3
4/*-
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 *    may be used to endorse or promote products derived from this software
18 *    without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33#include "opt_ip6fw.h"
34#include "opt_inet.h"
35#include "opt_inet6.h"
36#include "opt_ipsec.h"
37#include "opt_ipstealth.h"
38
39#include <sys/param.h>
40#include <sys/systm.h>
41#include <sys/malloc.h>
42#include <sys/mbuf.h>
43#include <sys/domain.h>
44#include <sys/protosw.h>
45#include <sys/socket.h>
46#include <sys/errno.h>
47#include <sys/time.h>
48#include <sys/kernel.h>
49#include <sys/syslog.h>
50
51#include <net/if.h>
52#include <net/route.h>
53#include <net/pfil.h>
54
55#include <netinet/in.h>
56#include <netinet/in_var.h>
57#include <netinet/in_systm.h>
58#include <netinet/ip.h>
59#include <netinet/ip_var.h>
60#include <netinet6/in6_var.h>
61#include <netinet/ip6.h>
62#include <netinet6/ip6_var.h>
63#include <netinet6/scope6_var.h>
64#include <netinet/icmp6.h>
65#include <netinet6/nd6.h>
66
67#include <netinet/in_pcb.h>
68
69#ifdef IPSEC
70#include <netinet6/ipsec.h>
71#ifdef INET6
72#include <netinet6/ipsec6.h>
73#endif
74#include <netkey/key.h>
75#endif /* IPSEC */
76
77#ifdef FAST_IPSEC
78#include <netipsec/ipsec.h>
79#include <netipsec/ipsec6.h>
80#include <netipsec/key.h>
81#define	IPSEC
82#endif /* FAST_IPSEC */
83
84#include <netinet6/ip6_fw.h>
85
86#include <net/net_osdep.h>
87
88#include <netinet6/ip6protosw.h>
89
90struct	route_in6 ip6_forward_rt;
91
92/*
93 * Forward a packet.  If some error occurs return the sender
94 * an icmp packet.  Note we can't always generate a meaningful
95 * icmp message because icmp doesn't have a large enough repertoire
96 * of codes and types.
97 *
98 * If not forwarding, just drop the packet.  This could be confusing
99 * if ipforwarding was zero but some routing protocol was advancing
100 * us as a gateway to somewhere.  However, we must let the routing
101 * protocol deal with that.
102 *
103 */
104
105void
106ip6_forward(m, srcrt)
107	struct mbuf *m;
108	int srcrt;
109{
110	struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
111	struct sockaddr_in6 *dst = NULL;
112	struct rtentry *rt = NULL;
113	int error, type = 0, code = 0;
114	struct mbuf *mcopy = NULL;
115	struct ifnet *origifp;	/* maybe unnecessary */
116	u_int32_t inzone, outzone;
117	struct in6_addr src_in6, dst_in6;
118#ifdef IPSEC
119	struct secpolicy *sp = NULL;
120	int ipsecrt = 0;
121#endif
122
123	GIANT_REQUIRED; /* XXX bz: ip6_forward_rt */
124
125#ifdef IPSEC
126	/*
127	 * Check AH/ESP integrity.
128	 */
129	/*
130	 * Don't increment ip6s_cantforward because this is the check
131	 * before forwarding packet actually.
132	 */
133	if (ipsec6_in_reject(m, NULL)) {
134#if !defined(FAST_IPSEC)
135		ipsec6stat.in_polvio++;
136#endif
137		m_freem(m);
138		return;
139	}
140#endif /* IPSEC */
141
142	/*
143	 * Do not forward packets to multicast destination (should be handled
144	 * by ip6_mforward().
145	 * Do not forward packets with unspecified source.  It was discussed
146	 * in July 2000, on the ipngwg mailing list.
147	 */
148	if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
149	    IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
150	    IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
151		ip6stat.ip6s_cantforward++;
152		/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
153		if (ip6_log_time + ip6_log_interval < time_second) {
154			ip6_log_time = time_second;
155			log(LOG_DEBUG,
156			    "cannot forward "
157			    "from %s to %s nxt %d received on %s\n",
158			    ip6_sprintf(&ip6->ip6_src),
159			    ip6_sprintf(&ip6->ip6_dst),
160			    ip6->ip6_nxt,
161			    if_name(m->m_pkthdr.rcvif));
162		}
163		m_freem(m);
164		return;
165	}
166
167#ifdef IPSTEALTH
168	if (!ip6stealth) {
169#endif
170	if (ip6->ip6_hlim <= IPV6_HLIMDEC) {
171		/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
172		icmp6_error(m, ICMP6_TIME_EXCEEDED,
173				ICMP6_TIME_EXCEED_TRANSIT, 0);
174		return;
175	}
176	ip6->ip6_hlim -= IPV6_HLIMDEC;
177
178#ifdef IPSTEALTH
179	}
180#endif
181
182	/*
183	 * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU -
184	 * size of IPv6 + ICMPv6 headers) bytes of the packet in case
185	 * we need to generate an ICMP6 message to the src.
186	 * Thanks to M_EXT, in most cases copy will not occur.
187	 *
188	 * It is important to save it before IPsec processing as IPsec
189	 * processing may modify the mbuf.
190	 */
191	mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));
192
193#ifdef IPSEC
194	/* get a security policy for this packet */
195	sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND,
196	    IP_FORWARDING, &error);
197	if (sp == NULL) {
198		ipsec6stat.out_inval++;
199		ip6stat.ip6s_cantforward++;
200		if (mcopy) {
201#if 0
202			/* XXX: what icmp ? */
203#else
204			m_freem(mcopy);
205#endif
206		}
207		m_freem(m);
208		return;
209	}
210
211	error = 0;
212
213	/* check policy */
214	switch (sp->policy) {
215	case IPSEC_POLICY_DISCARD:
216		/*
217		 * This packet is just discarded.
218		 */
219		ipsec6stat.out_polvio++;
220		ip6stat.ip6s_cantforward++;
221		key_freesp(sp);
222		if (mcopy) {
223#if 0
224			/* XXX: what icmp ? */
225#else
226			m_freem(mcopy);
227#endif
228		}
229		m_freem(m);
230		return;
231
232	case IPSEC_POLICY_BYPASS:
233	case IPSEC_POLICY_NONE:
234		/* no need to do IPsec. */
235		key_freesp(sp);
236		goto skip_ipsec;
237
238	case IPSEC_POLICY_IPSEC:
239		if (sp->req == NULL) {
240			/* XXX should be panic ? */
241			printf("ip6_forward: No IPsec request specified.\n");
242			ip6stat.ip6s_cantforward++;
243			key_freesp(sp);
244			if (mcopy) {
245#if 0
246				/* XXX: what icmp ? */
247#else
248				m_freem(mcopy);
249#endif
250			}
251			m_freem(m);
252			return;
253		}
254		/* do IPsec */
255		break;
256
257	case IPSEC_POLICY_ENTRUST:
258	default:
259		/* should be panic ?? */
260		printf("ip6_forward: Invalid policy found. %d\n", sp->policy);
261		key_freesp(sp);
262		goto skip_ipsec;
263	}
264
265    {
266	struct ipsecrequest *isr = NULL;
267	struct ipsec_output_state state;
268
269	/*
270	 * when the kernel forwards a packet, it is not proper to apply
271	 * IPsec transport mode to the packet is not proper.  this check
272	 * avoid from this.
273	 * at present, if there is even a transport mode SA request in the
274	 * security policy, the kernel does not apply IPsec to the packet.
275	 * this check is not enough because the following case is valid.
276	 *      ipsec esp/tunnel/xxx-xxx/require esp/transport//require;
277	 */
278	for (isr = sp->req; isr; isr = isr->next) {
279		if (isr->saidx.mode == IPSEC_MODE_ANY)
280			goto doipsectunnel;
281		if (isr->saidx.mode == IPSEC_MODE_TUNNEL)
282			goto doipsectunnel;
283	}
284
285	/*
286	 * if there's no need for tunnel mode IPsec, skip.
287	 */
288	if (!isr)
289		goto skip_ipsec;
290
291    doipsectunnel:
292	/*
293	 * All the extension headers will become inaccessible
294	 * (since they can be encrypted).
295	 * Don't panic, we need no more updates to extension headers
296	 * on inner IPv6 packet (since they are now encapsulated).
297	 *
298	 * IPv6 [ESP|AH] IPv6 [extension headers] payload
299	 */
300	bzero(&state, sizeof(state));
301	state.m = m;
302	state.ro = NULL;	/* update at ipsec6_output_tunnel() */
303	state.dst = NULL;	/* update at ipsec6_output_tunnel() */
304
305	error = ipsec6_output_tunnel(&state, sp, 0);
306
307	m = state.m;
308	key_freesp(sp);
309
310	if (error) {
311		/* mbuf is already reclaimed in ipsec6_output_tunnel. */
312		switch (error) {
313		case EHOSTUNREACH:
314		case ENETUNREACH:
315		case EMSGSIZE:
316		case ENOBUFS:
317		case ENOMEM:
318			break;
319		default:
320			printf("ip6_output (ipsec): error code %d\n", error);
321			/* FALLTHROUGH */
322		case ENOENT:
323			/* don't show these error codes to the user */
324			break;
325		}
326		ip6stat.ip6s_cantforward++;
327		if (mcopy) {
328#if 0
329			/* XXX: what icmp ? */
330#else
331			m_freem(mcopy);
332#endif
333		}
334		m_freem(m);
335		return;
336	}
337
338	if (ip6 != mtod(m, struct ip6_hdr *)) {
339		/*
340		 * now tunnel mode headers are added.  we are originating
341		 * packet instead of forwarding the packet.
342		 */
343		ip6_output(m, NULL, NULL, IPV6_FORWARDING/*XXX*/, NULL, NULL,
344		    NULL);
345		goto freecopy;
346	}
347
348	/* adjust pointer */
349	dst = (struct sockaddr_in6 *)state.dst;
350	rt = state.ro ? state.ro->ro_rt : NULL;
351	if (dst != NULL && rt != NULL)
352		ipsecrt = 1;
353    }
354    skip_ipsec:
355#endif /* IPSEC */
356
357#ifdef IPSEC
358	if (ipsecrt)
359		goto skip_routing;
360#endif
361
362	dst = (struct sockaddr_in6 *)&ip6_forward_rt.ro_dst;
363	if (!srcrt) {
364		/* ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst */
365		if (ip6_forward_rt.ro_rt == 0 ||
366		    (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0) {
367			if (ip6_forward_rt.ro_rt) {
368				RTFREE(ip6_forward_rt.ro_rt);
369				ip6_forward_rt.ro_rt = 0;
370			}
371
372			/* this probably fails but give it a try again */
373			rtalloc((struct route *)&ip6_forward_rt);
374		}
375
376		if (ip6_forward_rt.ro_rt == 0) {
377			ip6stat.ip6s_noroute++;
378			in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute);
379			if (mcopy) {
380				icmp6_error(mcopy, ICMP6_DST_UNREACH,
381					    ICMP6_DST_UNREACH_NOROUTE, 0);
382			}
383			m_freem(m);
384			return;
385		}
386	} else if ((rt = ip6_forward_rt.ro_rt) == 0 ||
387		   !IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr)) {
388		if (ip6_forward_rt.ro_rt) {
389			RTFREE(ip6_forward_rt.ro_rt);
390			ip6_forward_rt.ro_rt = 0;
391		}
392		bzero(dst, sizeof(*dst));
393		dst->sin6_len = sizeof(struct sockaddr_in6);
394		dst->sin6_family = AF_INET6;
395		dst->sin6_addr = ip6->ip6_dst;
396
397  		rtalloc((struct route *)&ip6_forward_rt);
398		if (ip6_forward_rt.ro_rt == 0) {
399			ip6stat.ip6s_noroute++;
400			in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute);
401			if (mcopy) {
402				icmp6_error(mcopy, ICMP6_DST_UNREACH,
403					    ICMP6_DST_UNREACH_NOROUTE, 0);
404			}
405			m_freem(m);
406			return;
407		}
408	}
409	rt = ip6_forward_rt.ro_rt;
410#ifdef IPSEC
411    skip_routing:;
412#endif
413
414	/*
415	 * Source scope check: if a packet can't be delivered to its
416	 * destination for the reason that the destination is beyond the scope
417	 * of the source address, discard the packet and return an icmp6
418	 * destination unreachable error with Code 2 (beyond scope of source
419	 * address).  We use a local copy of ip6_src, since in6_setscope()
420	 * will possibly modify its first argument.
421	 * [draft-ietf-ipngwg-icmp-v3-04.txt, Section 3.1]
422	 */
423	src_in6 = ip6->ip6_src;
424	if (in6_setscope(&src_in6, rt->rt_ifp, &outzone)) {
425		/* XXX: this should not happen */
426		ip6stat.ip6s_cantforward++;
427		ip6stat.ip6s_badscope++;
428		m_freem(m);
429		return;
430	}
431	if (in6_setscope(&src_in6, m->m_pkthdr.rcvif, &inzone)) {
432		ip6stat.ip6s_cantforward++;
433		ip6stat.ip6s_badscope++;
434		m_freem(m);
435		return;
436	}
437	if (inzone != outzone
438#ifdef IPSEC
439	    && !ipsecrt
440#endif
441	    ) {
442		ip6stat.ip6s_cantforward++;
443		ip6stat.ip6s_badscope++;
444		in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard);
445
446		if (ip6_log_time + ip6_log_interval < time_second) {
447			ip6_log_time = time_second;
448			log(LOG_DEBUG,
449			    "cannot forward "
450			    "src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
451			    ip6_sprintf(&ip6->ip6_src),
452			    ip6_sprintf(&ip6->ip6_dst),
453			    ip6->ip6_nxt,
454			    if_name(m->m_pkthdr.rcvif), if_name(rt->rt_ifp));
455		}
456		if (mcopy)
457			icmp6_error(mcopy, ICMP6_DST_UNREACH,
458				    ICMP6_DST_UNREACH_BEYONDSCOPE, 0);
459		m_freem(m);
460		return;
461	}
462
463	/*
464	 * Destination scope check: if a packet is going to break the scope
465	 * zone of packet's destination address, discard it.  This case should
466	 * usually be prevented by appropriately-configured routing table, but
467	 * we need an explicit check because we may mistakenly forward the
468	 * packet to a different zone by (e.g.) a default route.
469	 */
470	dst_in6 = ip6->ip6_dst;
471	if (in6_setscope(&dst_in6, m->m_pkthdr.rcvif, &inzone) != 0 ||
472	    in6_setscope(&dst_in6, rt->rt_ifp, &outzone) != 0 ||
473	    inzone != outzone) {
474		ip6stat.ip6s_cantforward++;
475		ip6stat.ip6s_badscope++;
476		m_freem(m);
477		return;
478	}
479
480	if (m->m_pkthdr.len > IN6_LINKMTU(rt->rt_ifp)) {
481		in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig);
482		if (mcopy) {
483			u_long mtu;
484#ifdef IPSEC
485			struct secpolicy *sp;
486			int ipsecerror;
487			size_t ipsechdrsiz;
488#endif
489
490			mtu = IN6_LINKMTU(rt->rt_ifp);
491#ifdef IPSEC
492			/*
493			 * When we do IPsec tunnel ingress, we need to play
494			 * with the link value (decrement IPsec header size
495			 * from mtu value).  The code is much simpler than v4
496			 * case, as we have the outgoing interface for
497			 * encapsulated packet as "rt->rt_ifp".
498			 */
499			sp = ipsec6_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND,
500				IP_FORWARDING, &ipsecerror);
501			if (sp) {
502				ipsechdrsiz = ipsec6_hdrsiz(mcopy,
503					IPSEC_DIR_OUTBOUND, NULL);
504				if (ipsechdrsiz < mtu)
505					mtu -= ipsechdrsiz;
506			}
507
508			/*
509			 * if mtu becomes less than minimum MTU,
510			 * tell minimum MTU (and I'll need to fragment it).
511			 */
512			if (mtu < IPV6_MMTU)
513				mtu = IPV6_MMTU;
514#endif
515			icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu);
516		}
517		m_freem(m);
518		return;
519	}
520
521	if (rt->rt_flags & RTF_GATEWAY)
522		dst = (struct sockaddr_in6 *)rt->rt_gateway;
523
524	/*
525	 * If we are to forward the packet using the same interface
526	 * as one we got the packet from, perhaps we should send a redirect
527	 * to sender to shortcut a hop.
528	 * Only send redirect if source is sending directly to us,
529	 * and if packet was not source routed (or has any options).
530	 * Also, don't send redirect if forwarding using a route
531	 * modified by a redirect.
532	 */
533	if (rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt &&
534#ifdef IPSEC
535	    !ipsecrt &&
536#endif
537	    (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) {
538		if ((rt->rt_ifp->if_flags & IFF_POINTOPOINT) != 0) {
539			/*
540			 * If the incoming interface is equal to the outgoing
541			 * one, and the link attached to the interface is
542			 * point-to-point, then it will be highly probable
543			 * that a routing loop occurs. Thus, we immediately
544			 * drop the packet and send an ICMPv6 error message.
545			 *
546			 * type/code is based on suggestion by Rich Draves.
547			 * not sure if it is the best pick.
548			 */
549			icmp6_error(mcopy, ICMP6_DST_UNREACH,
550				    ICMP6_DST_UNREACH_ADDR, 0);
551			m_freem(m);
552			return;
553		}
554		type = ND_REDIRECT;
555	}
556
557	/*
558	 * Check with the firewall...
559	 */
560	if (ip6_fw_enable && ip6_fw_chk_ptr) {
561		u_short port = 0;
562		/* If ipfw says divert, we have to just drop packet */
563		if ((*ip6_fw_chk_ptr)(&ip6, rt->rt_ifp, &port, &m)) {
564			m_freem(m);
565			goto freecopy;
566		}
567		if (!m)
568			goto freecopy;
569	}
570
571	/*
572	 * Fake scoped addresses. Note that even link-local source or
573	 * destinaion can appear, if the originating node just sends the
574	 * packet to us (without address resolution for the destination).
575	 * Since both icmp6_error and icmp6_redirect_output fill the embedded
576	 * link identifiers, we can do this stuff after making a copy for
577	 * returning an error.
578	 */
579	if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) {
580		/*
581		 * See corresponding comments in ip6_output.
582		 * XXX: but is it possible that ip6_forward() sends a packet
583		 *      to a loopback interface? I don't think so, and thus
584		 *      I bark here. (jinmei@kame.net)
585		 * XXX: it is common to route invalid packets to loopback.
586		 *	also, the codepath will be visited on use of ::1 in
587		 *	rthdr. (itojun)
588		 */
589#if 1
590		if (0)
591#else
592		if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0)
593#endif
594		{
595			printf("ip6_forward: outgoing interface is loopback. "
596			       "src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
597			       ip6_sprintf(&ip6->ip6_src),
598			       ip6_sprintf(&ip6->ip6_dst),
599			       ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif),
600			       if_name(rt->rt_ifp));
601		}
602
603		/* we can just use rcvif in forwarding. */
604		origifp = m->m_pkthdr.rcvif;
605	}
606	else
607		origifp = rt->rt_ifp;
608	/*
609	 * clear embedded scope identifiers if necessary.
610	 * in6_clearscope will touch the addresses only when necessary.
611	 */
612	in6_clearscope(&ip6->ip6_src);
613	in6_clearscope(&ip6->ip6_dst);
614
615	/* Jump over all PFIL processing if hooks are not active. */
616	if (!PFIL_HOOKED(&inet6_pfil_hook))
617		goto pass;
618
619	/* Run through list of hooks for output packets. */
620	error = pfil_run_hooks(&inet6_pfil_hook, &m, rt->rt_ifp, PFIL_OUT, NULL);
621	if (error != 0)
622		goto senderr;
623	if (m == NULL)
624		goto freecopy;
625	ip6 = mtod(m, struct ip6_hdr *);
626
627pass:
628	error = nd6_output(rt->rt_ifp, origifp, m, dst, rt);
629	if (error) {
630		in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard);
631		ip6stat.ip6s_cantforward++;
632	} else {
633		ip6stat.ip6s_forward++;
634		in6_ifstat_inc(rt->rt_ifp, ifs6_out_forward);
635		if (type)
636			ip6stat.ip6s_redirectsent++;
637		else {
638			if (mcopy)
639				goto freecopy;
640		}
641	}
642
643senderr:
644	if (mcopy == NULL)
645		return;
646	switch (error) {
647	case 0:
648		if (type == ND_REDIRECT) {
649			icmp6_redirect_output(mcopy, rt);
650			return;
651		}
652		goto freecopy;
653
654	case EMSGSIZE:
655		/* xxx MTU is constant in PPP? */
656		goto freecopy;
657
658	case ENOBUFS:
659		/* Tell source to slow down like source quench in IP? */
660		goto freecopy;
661
662	case ENETUNREACH:	/* shouldn't happen, checked above */
663	case EHOSTUNREACH:
664	case ENETDOWN:
665	case EHOSTDOWN:
666	default:
667		type = ICMP6_DST_UNREACH;
668		code = ICMP6_DST_UNREACH_ADDR;
669		break;
670	}
671	icmp6_error(mcopy, type, code, 0);
672	return;
673
674 freecopy:
675	m_freem(mcopy);
676	return;
677}
678