ip6_forward.c revision 62587 
1/*	$FreeBSD: head/sys/netinet6/ip6_forward.c 62587 2000-07-04 16:35:15Z itojun $	*/
2/*	$KAME: ip6_forward.c,v 1.39 2000/07/03 13:23:28 itojun Exp $	*/
3
4/*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 *    may be used to endorse or promote products derived from this software
18 *    without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33#include "opt_ip6fw.h"
34#include "opt_inet.h"
35#include "opt_inet6.h"
36#include "opt_ipsec.h"
37
38#include <sys/param.h>
39#include <sys/systm.h>
40#include <sys/mbuf.h>
41#include <sys/domain.h>
42#include <sys/protosw.h>
43#include <sys/socket.h>
44#include <sys/errno.h>
45#include <sys/time.h>
46#include <sys/syslog.h>
47
48#include <net/if.h>
49#include <net/route.h>
50
51#include <netinet/in.h>
52#include <netinet/in_var.h>
53#include <netinet/ip_var.h>
54#include <netinet/ip6.h>
55#include <netinet6/ip6_var.h>
56#include <netinet/icmp6.h>
57#include <netinet6/nd6.h>
58
59#ifdef IPSEC_IPV6FWD
60#include <netinet6/ipsec.h>
61#include <netkey/key.h>
62#endif /* IPSEC_IPV6FWD */
63
64#ifdef IPV6FIREWALL
65#include <netinet6/ip6_fw.h>
66#endif
67
68#include <net/net_osdep.h>
69
70struct	route_in6 ip6_forward_rt;
71
72/*
73 * Forward a packet.  If some error occurs return the sender
74 * an icmp packet.  Note we can't always generate a meaningful
75 * icmp message because icmp doesn't have a large enough repertoire
76 * of codes and types.
77 *
78 * If not forwarding, just drop the packet.  This could be confusing
79 * if ipforwarding was zero but some routing protocol was advancing
80 * us as a gateway to somewhere.  However, we must let the routing
81 * protocol deal with that.
82 *
83 */
84
85void
86ip6_forward(m, srcrt)
87	struct mbuf *m;
88	int srcrt;
89{
90	struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
91	register struct sockaddr_in6 *dst;
92	register struct rtentry *rt;
93	int error, type = 0, code = 0;
94	struct mbuf *mcopy = NULL;
95	struct ifnet *origifp;	/* maybe unnecessary */
96#ifdef IPSEC_IPV6FWD
97	struct secpolicy *sp = NULL;
98#endif
99
100#ifdef IPSEC_IPV6FWD
101	/*
102	 * Check AH/ESP integrity.
103	 */
104	/*
105	 * Don't increment ip6s_cantforward because this is the check
106	 * before forwarding packet actually.
107	 */
108	if (ipsec6_in_reject(m, NULL)) {
109		ipsec6stat.in_polvio++;
110		m_freem(m);
111		return;
112	}
113#endif /*IPSEC_IPV6FWD*/
114
115	if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
116	    IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
117		ip6stat.ip6s_cantforward++;
118		/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
119		if (ip6_log_time + ip6_log_interval < time_second) {
120			ip6_log_time = time_second;
121			log(LOG_DEBUG,
122			    "cannot forward "
123			    "from %s to %s nxt %d received on %s\n",
124			    ip6_sprintf(&ip6->ip6_src),
125			    ip6_sprintf(&ip6->ip6_dst),
126			    ip6->ip6_nxt,
127			    if_name(m->m_pkthdr.rcvif));
128		}
129		m_freem(m);
130		return;
131	}
132
133	if (ip6->ip6_hlim <= IPV6_HLIMDEC) {
134		/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
135		icmp6_error(m, ICMP6_TIME_EXCEEDED,
136				ICMP6_TIME_EXCEED_TRANSIT, 0);
137		return;
138	}
139	ip6->ip6_hlim -= IPV6_HLIMDEC;
140
141	/*
142	 * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU -
143	 * size of IPv6 + ICMPv6 headers) bytes of the packet in case
144	 * we need to generate an ICMP6 message to the src.
145	 * Thanks to M_EXT, in most cases copy will not occur.
146	 *
147	 * It is important to save it before IPsec processing as IPsec
148	 * processing may modify the mbuf.
149	 */
150	mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));
151
152#ifdef IPSEC_IPV6FWD
153	/* get a security policy for this packet */
154	sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
155	if (sp == NULL) {
156		ipsec6stat.out_inval++;
157		ip6stat.ip6s_cantforward++;
158		if (mcopy) {
159#if 0
160			/* XXX: what icmp ? */
161#else
162			m_freem(mcopy);
163#endif
164		}
165		m_freem(m);
166		return;
167	}
168
169	error = 0;
170
171	/* check policy */
172	switch (sp->policy) {
173	case IPSEC_POLICY_DISCARD:
174		/*
175		 * This packet is just discarded.
176		 */
177		ipsec6stat.out_polvio++;
178		ip6stat.ip6s_cantforward++;
179		key_freesp(sp);
180		if (mcopy) {
181#if 0
182			/* XXX: what icmp ? */
183#else
184			m_freem(mcopy);
185#endif
186		}
187		m_freem(m);
188		return;
189
190	case IPSEC_POLICY_BYPASS:
191	case IPSEC_POLICY_NONE:
192		/* no need to do IPsec. */
193		key_freesp(sp);
194		goto skip_ipsec;
195
196	case IPSEC_POLICY_IPSEC:
197		if (sp->req == NULL) {
198			/* XXX should be panic ? */
199			printf("ip6_forward: No IPsec request specified.\n");
200			ip6stat.ip6s_cantforward++;
201			key_freesp(sp);
202			if (mcopy) {
203#if 0
204				/* XXX: what icmp ? */
205#else
206				m_freem(mcopy);
207#endif
208			}
209			m_freem(m);
210			return;
211		}
212		/* do IPsec */
213		break;
214
215	case IPSEC_POLICY_ENTRUST:
216	default:
217		/* should be panic ?? */
218		printf("ip6_forward: Invalid policy found. %d\n", sp->policy);
219		key_freesp(sp);
220		goto skip_ipsec;
221	}
222
223    {
224	struct ipsec_output_state state;
225
226	/*
227	 * All the extension headers will become inaccessible
228	 * (since they can be encrypted).
229	 * Don't panic, we need no more updates to extension headers
230	 * on inner IPv6 packet (since they are now encapsulated).
231	 *
232	 * IPv6 [ESP|AH] IPv6 [extension headers] payload
233	 */
234	bzero(&state, sizeof(state));
235	state.m = m;
236	state.ro = NULL;	/* update at ipsec6_output_tunnel() */
237	state.dst = NULL;	/* update at ipsec6_output_tunnel() */
238
239	error = ipsec6_output_tunnel(&state, sp, 0);
240
241	m = state.m;
242#if 0	/* XXX allocate a route (ro, dst) again later */
243	ro = (struct route_in6 *)state.ro;
244	dst = (struct sockaddr_in6 *)state.dst;
245#endif
246	key_freesp(sp);
247
248	if (error) {
249		/* mbuf is already reclaimed in ipsec6_output_tunnel. */
250		switch (error) {
251		case EHOSTUNREACH:
252		case ENETUNREACH:
253		case EMSGSIZE:
254		case ENOBUFS:
255		case ENOMEM:
256			break;
257		default:
258			printf("ip6_output (ipsec): error code %d\n", error);
259			/*fall through*/
260		case ENOENT:
261			/* don't show these error codes to the user */
262			break;
263		}
264		ip6stat.ip6s_cantforward++;
265		if (mcopy) {
266#if 0
267			/* XXX: what icmp ? */
268#else
269			m_freem(mcopy);
270#endif
271		}
272		m_freem(m);
273		return;
274	}
275    }
276    skip_ipsec:
277#endif /* IPSEC_IPV6FWD */
278
279	dst = &ip6_forward_rt.ro_dst;
280	if (!srcrt) {
281		/*
282		 * ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst
283		 */
284		if (ip6_forward_rt.ro_rt == 0 ||
285		    (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0) {
286			if (ip6_forward_rt.ro_rt) {
287				RTFREE(ip6_forward_rt.ro_rt);
288				ip6_forward_rt.ro_rt = 0;
289			}
290			/* this probably fails but give it a try again */
291			rtalloc_ign((struct route *)&ip6_forward_rt,
292				    RTF_PRCLONING);
293		}
294
295		if (ip6_forward_rt.ro_rt == 0) {
296			ip6stat.ip6s_noroute++;
297			/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_noroute) */
298			if (mcopy) {
299				icmp6_error(mcopy, ICMP6_DST_UNREACH,
300					    ICMP6_DST_UNREACH_NOROUTE, 0);
301			}
302			m_freem(m);
303			return;
304		}
305	} else if ((rt = ip6_forward_rt.ro_rt) == 0 ||
306		 !IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr)) {
307		if (ip6_forward_rt.ro_rt) {
308			RTFREE(ip6_forward_rt.ro_rt);
309			ip6_forward_rt.ro_rt = 0;
310		}
311		bzero(dst, sizeof(*dst));
312		dst->sin6_len = sizeof(struct sockaddr_in6);
313		dst->sin6_family = AF_INET6;
314		dst->sin6_addr = ip6->ip6_dst;
315
316  		rtalloc_ign((struct route *)&ip6_forward_rt, RTF_PRCLONING);
317		if (ip6_forward_rt.ro_rt == 0) {
318			ip6stat.ip6s_noroute++;
319			/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_noroute) */
320			if (mcopy) {
321				icmp6_error(mcopy, ICMP6_DST_UNREACH,
322					    ICMP6_DST_UNREACH_NOROUTE, 0);
323			}
324			m_freem(m);
325			return;
326		}
327	}
328	rt = ip6_forward_rt.ro_rt;
329
330	/*
331	 * Scope check: if a packet can't be delivered to its destination
332	 * for the reason that the destination is beyond the scope of the
333	 * source address, discard the packet and return an icmp6 destination
334	 * unreachable error with Code 2 (beyond scope of source address).
335	 * [draft-ietf-ipngwg-icmp-v3-00.txt, Section 3.1]
336	 */
337	if (in6_addr2scopeid(m->m_pkthdr.rcvif, &ip6->ip6_src) !=
338	    in6_addr2scopeid(rt->rt_ifp, &ip6->ip6_src)) {
339		ip6stat.ip6s_cantforward++;
340		ip6stat.ip6s_badscope++;
341		in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard);
342
343		if (ip6_log_time + ip6_log_interval < time_second) {
344			ip6_log_time = time_second;
345			log(LOG_DEBUG,
346			    "cannot forward "
347			    "src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
348			    ip6_sprintf(&ip6->ip6_src),
349			    ip6_sprintf(&ip6->ip6_dst),
350			    ip6->ip6_nxt,
351			    if_name(m->m_pkthdr.rcvif), if_name(rt->rt_ifp));
352		}
353		if (mcopy)
354			icmp6_error(mcopy, ICMP6_DST_UNREACH,
355				    ICMP6_DST_UNREACH_BEYONDSCOPE, 0);
356		m_freem(m);
357		return;
358	}
359
360	if (m->m_pkthdr.len > rt->rt_ifp->if_mtu) {
361		in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig);
362		if (mcopy) {
363			u_long mtu;
364#ifdef IPSEC_IPV6FWD
365			struct secpolicy *sp;
366			int ipsecerror;
367			size_t ipsechdrsiz;
368#endif
369
370			mtu = rt->rt_ifp->if_mtu;
371#ifdef IPSEC_IPV6FWD
372			/*
373			 * When we do IPsec tunnel ingress, we need to play
374			 * with if_mtu value (decrement IPsec header size
375			 * from mtu value).  The code is much simpler than v4
376			 * case, as we have the outgoing interface for
377			 * encapsulated packet as "rt->rt_ifp".
378			 */
379			sp = ipsec6_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND,
380				IP_FORWARDING, &ipsecerror);
381			if (sp) {
382				ipsechdrsiz = ipsec6_hdrsiz(mcopy,
383					IPSEC_DIR_OUTBOUND, NULL);
384				if (ipsechdrsiz < mtu)
385					mtu -= ipsechdrsiz;
386			}
387
388			/*
389			 * if mtu becomes less than minimum MTU,
390			 * tell minimum MTU (and I'll need to fragment it).
391			 */
392			if (mtu < IPV6_MMTU)
393				mtu = IPV6_MMTU;
394#endif
395			icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu);
396		}
397		m_freem(m);
398		return;
399 	}
400
401	if (rt->rt_flags & RTF_GATEWAY)
402		dst = (struct sockaddr_in6 *)rt->rt_gateway;
403
404	/*
405	 * If we are to forward the packet using the same interface
406	 * as one we got the packet from, perhaps we should send a redirect
407	 * to sender to shortcut a hop.
408	 * Only send redirect if source is sending directly to us,
409	 * and if packet was not source routed (or has any options).
410	 * Also, don't send redirect if forwarding using a route
411	 * modified by a redirect.
412	 */
413	if (rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt &&
414	    (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0)
415		type = ND_REDIRECT;
416
417#ifdef IPV6FIREWALL
418	/*
419	 * Check with the firewall...
420	 */
421	if (ip6_fw_chk_ptr) {
422		u_short port = 0;
423		/* If ipfw says divert, we have to just drop packet */
424		if ((*ip6_fw_chk_ptr)(&ip6, rt->rt_ifp, &port, &m)) {
425			m_freem(m);
426			goto freecopy;
427		}
428		if (!m)
429			goto freecopy;
430	}
431#endif
432
433	/*
434	 * Fake scoped addresses. Note that even link-local source or
435	 * destinaion can appear, if the originating node just sends the
436	 * packet to us (without address resolution for the destination).
437	 * Since both icmp6_error and icmp6_redirect_output fill the embedded
438	 * link identifiers, we can do this stuff after make a copy for
439	 * returning error.
440	 */
441	if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) {
442		/*
443		 * See corresponding comments in ip6_output.
444		 * XXX: but is it possible that ip6_forward() sends a packet
445		 *      to a loopback interface? I don't think so, and thus
446		 *      I bark here. (jinmei@kame.net)
447		 * XXX: it is common to route invalid packets to loopback.
448		 *	also, the codepath will be visited on use of ::1 in
449		 *	rthdr. (itojun)
450		 */
451#if 1
452		if (0)
453#else
454		if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0)
455#endif
456		{
457			printf("ip6_forward: outgoing interface is loopback. "
458			       "src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
459			       ip6_sprintf(&ip6->ip6_src),
460			       ip6_sprintf(&ip6->ip6_dst),
461			       ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif),
462			       if_name(rt->rt_ifp));
463		}
464
465		if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))
466			origifp = ifindex2ifnet[ntohs(ip6->ip6_src.s6_addr16[1])];
467		else if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
468			origifp = ifindex2ifnet[ntohs(ip6->ip6_dst.s6_addr16[1])];
469		else
470			origifp = rt->rt_ifp;
471	}
472	else
473		origifp = rt->rt_ifp;
474#ifndef FAKE_LOOPBACK_IF
475	if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) == 0)
476#else
477	if (1)
478#endif
479	{
480		if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))
481			ip6->ip6_src.s6_addr16[1] = 0;
482		if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
483			ip6->ip6_dst.s6_addr16[1] = 0;
484	}
485
486#ifdef OLDIP6OUTPUT
487	error = (*rt->rt_ifp->if_output)(rt->rt_ifp, m,
488					 (struct sockaddr *)dst,
489					 ip6_forward_rt.ro_rt);
490#else
491	error = nd6_output(rt->rt_ifp, origifp, m, dst, rt);
492#endif
493	if (error) {
494		in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard);
495		ip6stat.ip6s_cantforward++;
496	} else {
497		ip6stat.ip6s_forward++;
498		in6_ifstat_inc(rt->rt_ifp, ifs6_out_forward);
499		if (type)
500			ip6stat.ip6s_redirectsent++;
501		else {
502			if (mcopy)
503				goto freecopy;
504		}
505	}
506	if (mcopy == NULL)
507		return;
508
509	switch (error) {
510	case 0:
511#if 1
512		if (type == ND_REDIRECT) {
513			icmp6_redirect_output(mcopy, rt);
514			return;
515		}
516#endif
517		goto freecopy;
518
519	case EMSGSIZE:
520		/* xxx MTU is constant in PPP? */
521		goto freecopy;
522
523	case ENOBUFS:
524		/* Tell source to slow down like source quench in IP? */
525		goto freecopy;
526
527	case ENETUNREACH:	/* shouldn't happen, checked above */
528	case EHOSTUNREACH:
529	case ENETDOWN:
530	case EHOSTDOWN:
531	default:
532		type = ICMP6_DST_UNREACH;
533		code = ICMP6_DST_UNREACH_ADDR;
534		break;
535	}
536	icmp6_error(mcopy, type, code, 0);
537	return;
538
539 freecopy:
540	m_freem(mcopy);
541	return;
542}
543