1/* $NetBSD: ip6_input.c,v 1.136 2012/01/10 20:01:56 drochner Exp $ */ 2/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33/* 34 * Copyright (c) 1982, 1986, 1988, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 62 */ 63 64#include <sys/cdefs.h> 65__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.136 2012/01/10 20:01:56 drochner Exp $"); 66 67#include "opt_gateway.h" 68#include "opt_inet.h" 69#include "opt_inet6.h" 70#include "opt_ipsec.h" 71#include "opt_pfil_hooks.h" 72#include "opt_compat_netbsd.h" 73 74#include <sys/param.h> 75#include <sys/systm.h> 76#include <sys/malloc.h> 77#include <sys/mbuf.h> 78#include <sys/domain.h> 79#include <sys/protosw.h> 80#include <sys/socket.h> 81#include <sys/socketvar.h> 82#include <sys/errno.h> 83#include <sys/time.h> 84#include <sys/kernel.h> 85#include <sys/syslog.h> 86#include <sys/proc.h> 87#include <sys/sysctl.h> 88#include <sys/cprng.h> 89 90#include <net/if.h> 91#include <net/if_types.h> 92#include <net/if_dl.h> 93#include <net/route.h> 94#include <net/netisr.h> 95#ifdef PFIL_HOOKS 96#include <net/pfil.h> 97#endif 98 99#include <netinet/in.h> 100#include <netinet/in_systm.h> 101#ifdef INET 102#include <netinet/ip.h> 103#include <netinet/ip_icmp.h> 104#endif /* INET */ 105#include <netinet/ip6.h> 106#include <netinet6/in6_var.h> 107#include <netinet6/ip6_var.h> 108#include <netinet6/ip6_private.h> 109#include <netinet6/in6_pcb.h> 110#include <netinet/icmp6.h> 111#include <netinet6/scope6_var.h> 112#include <netinet6/in6_ifattach.h> 113#include <netinet6/nd6.h> 114 115#ifdef KAME_IPSEC 116#include <netinet6/ipsec.h> 117#include <netinet6/ipsec_private.h> 118#endif 119 120#ifdef FAST_IPSEC 121#include <netipsec/ipsec.h> 122#include <netipsec/ipsec6.h> 123#include <netipsec/key.h> 124#endif /* FAST_IPSEC */ 125 126#ifdef COMPAT_50 127#include <compat/sys/time.h> 128#include <compat/sys/socket.h> 129#endif 130 131#include <netinet6/ip6protosw.h> 132 133#include "faith.h" 134#include "gif.h" 135 136#if NGIF > 0 137#include <netinet6/in6_gif.h> 138#endif 139 140#include <net/net_osdep.h> 141 142extern struct domain inet6domain; 143 144u_char ip6_protox[IPPROTO_MAX]; 145static int ip6qmaxlen = IFQ_MAXLEN; 146struct in6_ifaddr *in6_ifaddr; 147struct ifqueue ip6intrq; 148 149extern callout_t in6_tmpaddrtimer_ch; 150 151int ip6_forward_srcrt; /* XXX */ 152int ip6_sourcecheck; /* XXX */ 153int ip6_sourcecheck_interval; /* XXX */ 154 155#ifdef PFIL_HOOKS 156struct pfil_head inet6_pfil_hook; 157#endif 158 159percpu_t *ip6stat_percpu; 160 161static void ip6_init2(void *); 162static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); 163 164static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, 165 u_int32_t *); 166static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); 167static void sysctl_net_inet6_ip6_setup(struct sysctllog **); 168 169/* 170 * IP6 initialization: fill in IP6 protocol switch table. 171 * All protocols not implemented in kernel go to raw IP6 protocol handler. 172 */ 173void 174ip6_init(void) 175{ 176 const struct ip6protosw *pr; 177 int i; 178 179 sysctl_net_inet6_ip6_setup(NULL); 180 pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); 181 if (pr == 0) 182 panic("ip6_init"); 183 for (i = 0; i < IPPROTO_MAX; i++) 184 ip6_protox[i] = pr - inet6sw; 185 for (pr = (const struct ip6protosw *)inet6domain.dom_protosw; 186 pr < (const struct ip6protosw *)inet6domain.dom_protoswNPROTOSW; pr++) 187 if (pr->pr_domain->dom_family == PF_INET6 && 188 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) 189 ip6_protox[pr->pr_protocol] = pr - inet6sw; 190 ip6intrq.ifq_maxlen = ip6qmaxlen; 191 scope6_init(); 192 addrsel_policy_init(); 193 nd6_init(); 194 frag6_init(); 195 ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; 196 197 ip6_init2(NULL); 198#ifdef GATEWAY 199 ip6flow_init(ip6_hashsize); 200#endif 201 202#ifdef PFIL_HOOKS 203 /* Register our Packet Filter hook. */ 204 inet6_pfil_hook.ph_type = PFIL_TYPE_AF; 205 inet6_pfil_hook.ph_af = AF_INET6; 206 i = pfil_head_register(&inet6_pfil_hook); 207 if (i != 0) 208 printf("ip6_init: WARNING: unable to register pfil hook, " 209 "error %d\n", i); 210#endif /* PFIL_HOOKS */ 211 212 ip6stat_percpu = percpu_alloc(sizeof(uint64_t) * IP6_NSTATS); 213} 214 215static void 216ip6_init2(void *dummy) 217{ 218 219 /* nd6_timer_init */ 220 callout_init(&nd6_timer_ch, CALLOUT_MPSAFE); 221 callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL); 222 223 /* timer for regeneranation of temporary addresses randomize ID */ 224 callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); 225 callout_reset(&in6_tmpaddrtimer_ch, 226 (ip6_temp_preferred_lifetime - ip6_desync_factor - 227 ip6_temp_regen_advance) * hz, 228 in6_tmpaddrtimer, NULL); 229} 230 231/* 232 * IP6 input interrupt handling. Just pass the packet to ip6_input. 233 */ 234void 235ip6intr(void) 236{ 237 int s; 238 struct mbuf *m; 239 240 mutex_enter(softnet_lock); 241 KERNEL_LOCK(1, NULL); 242 for (;;) { 243 s = splnet(); 244 IF_DEQUEUE(&ip6intrq, m); 245 splx(s); 246 if (m == 0) 247 break; 248 /* drop the packet if IPv6 operation is disabled on the IF */ 249 if ((ND_IFINFO(m->m_pkthdr.rcvif)->flags & ND6_IFF_IFDISABLED)) { 250 m_freem(m); 251 break; 252 } 253 ip6_input(m); 254 } 255 KERNEL_UNLOCK_ONE(NULL); 256 mutex_exit(softnet_lock); 257} 258 259extern struct route ip6_forward_rt; 260 261void 262ip6_input(struct mbuf *m) 263{ 264 struct ip6_hdr *ip6; 265 int hit, off = sizeof(struct ip6_hdr), nest; 266 u_int32_t plen; 267 u_int32_t rtalert = ~0; 268 int nxt, ours = 0, rh_present = 0; 269 struct ifnet *deliverifp = NULL; 270 int srcrt = 0; 271 const struct rtentry *rt; 272 union { 273 struct sockaddr dst; 274 struct sockaddr_in6 dst6; 275 } u; 276#ifdef FAST_IPSEC 277 struct m_tag *mtag; 278 struct tdb_ident *tdbi; 279 struct secpolicy *sp; 280 int s, error; 281#endif 282 283#ifdef KAME_IPSEC 284 /* 285 * should the inner packet be considered authentic? 286 * see comment in ah4_input(). 287 */ 288 m->m_flags &= ~M_AUTHIPHDR; 289 m->m_flags &= ~M_AUTHIPDGM; 290#endif 291 292 /* 293 * make sure we don't have onion peering information into m_tag. 294 */ 295 ip6_delaux(m); 296 297 /* 298 * mbuf statistics 299 */ 300 if (m->m_flags & M_EXT) { 301 if (m->m_next) 302 IP6_STATINC(IP6_STAT_MEXT2M); 303 else 304 IP6_STATINC(IP6_STAT_MEXT1); 305 } else { 306#define M2MMAX 32 307 if (m->m_next) { 308 if (m->m_flags & M_LOOP) { 309 /*XXX*/ IP6_STATINC(IP6_STAT_M2M + lo0ifp->if_index); 310 } else if (m->m_pkthdr.rcvif->if_index < M2MMAX) { 311 IP6_STATINC(IP6_STAT_M2M + 312 m->m_pkthdr.rcvif->if_index); 313 } else 314 IP6_STATINC(IP6_STAT_M2M); 315 } else 316 IP6_STATINC(IP6_STAT_M1); 317#undef M2MMAX 318 } 319 320 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive); 321 IP6_STATINC(IP6_STAT_TOTAL); 322 323 /* 324 * If the IPv6 header is not aligned, slurp it up into a new 325 * mbuf with space for link headers, in the event we forward 326 * it. Otherwise, if it is aligned, make sure the entire base 327 * IPv6 header is in the first mbuf of the chain. 328 */ 329 if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { 330 struct ifnet *inifp = m->m_pkthdr.rcvif; 331 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 332 (max_linkhdr + 3) & ~3)) == NULL) { 333 /* XXXJRT new stat, please */ 334 IP6_STATINC(IP6_STAT_TOOSMALL); 335 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 336 return; 337 } 338 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 339 struct ifnet *inifp = m->m_pkthdr.rcvif; 340 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 341 IP6_STATINC(IP6_STAT_TOOSMALL); 342 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 343 return; 344 } 345 } 346 347 ip6 = mtod(m, struct ip6_hdr *); 348 349 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 350 IP6_STATINC(IP6_STAT_BADVERS); 351 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 352 goto bad; 353 } 354 355#if defined(KAME_IPSEC) 356 /* IPv6 fast forwarding is not compatible with IPsec. */ 357 m->m_flags &= ~M_CANFASTFWD; 358#else 359 /* 360 * Assume that we can create a fast-forward IP flow entry 361 * based on this packet. 362 */ 363 m->m_flags |= M_CANFASTFWD; 364#endif 365 366#ifdef PFIL_HOOKS 367 /* 368 * Run through list of hooks for input packets. If there are any 369 * filters which require that additional packets in the flow are 370 * not fast-forwarded, they must clear the M_CANFASTFWD flag. 371 * Note that filters must _never_ set this flag, as another filter 372 * in the list may have previously cleared it. 373 */ 374 /* 375 * let ipfilter look at packet on the wire, 376 * not the decapsulated packet. 377 */ 378#ifdef KAME_IPSEC 379 if (!ipsec_getnhist(m)) 380#elif defined(FAST_IPSEC) 381 if (!ipsec_indone(m)) 382#else 383 if (1) 384#endif 385 { 386 struct in6_addr odst; 387 388 odst = ip6->ip6_dst; 389 if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, 390 PFIL_IN) != 0) 391 return; 392 if (m == NULL) 393 return; 394 ip6 = mtod(m, struct ip6_hdr *); 395 srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); 396 } 397#endif /* PFIL_HOOKS */ 398 399 IP6_STATINC(IP6_STAT_NXTHIST + ip6->ip6_nxt); 400 401#ifdef ALTQ 402 if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) { 403 /* packet is dropped by traffic conditioner */ 404 return; 405 } 406#endif 407 408 /* 409 * Check against address spoofing/corruption. 410 */ 411 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || 412 IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { 413 /* 414 * XXX: "badscope" is not very suitable for a multicast source. 415 */ 416 IP6_STATINC(IP6_STAT_BADSCOPE); 417 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 418 goto bad; 419 } 420 /* 421 * The following check is not documented in specs. A malicious 422 * party may be able to use IPv4 mapped addr to confuse tcp/udp stack 423 * and bypass security checks (act as if it was from 127.0.0.1 by using 424 * IPv6 src ::ffff:127.0.0.1). Be cautious. 425 * 426 * This check chokes if we are in an SIIT cloud. As none of BSDs 427 * support IPv4-less kernel compilation, we cannot support SIIT 428 * environment at all. So, it makes more sense for us to reject any 429 * malicious packets for non-SIIT environment, than try to do a 430 * partial support for SIIT environment. 431 */ 432 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 433 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 434 IP6_STATINC(IP6_STAT_BADSCOPE); 435 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 436 goto bad; 437 } 438#if 0 439 /* 440 * Reject packets with IPv4 compatible addresses (auto tunnel). 441 * 442 * The code forbids auto tunnel relay case in RFC1933 (the check is 443 * stronger than RFC1933). We may want to re-enable it if mech-xx 444 * is revised to forbid relaying case. 445 */ 446 if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || 447 IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { 448 IP6_STATINC(IP6_STAT_BADSCOPE); 449 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 450 goto bad; 451 } 452#endif 453 454 /* 455 * Disambiguate address scope zones (if there is ambiguity). 456 * We first make sure that the original source or destination address 457 * is not in our internal form for scoped addresses. Such addresses 458 * are not necessarily invalid spec-wise, but we cannot accept them due 459 * to the usage conflict. 460 * in6_setscope() then also checks and rejects the cases where src or 461 * dst are the loopback address and the receiving interface 462 * is not loopback. 463 */ 464 if (__predict_false( 465 m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) 466 goto bad; 467 ip6 = mtod(m, struct ip6_hdr *); 468 if (in6_clearscope(&ip6->ip6_src) || in6_clearscope(&ip6->ip6_dst)) { 469 IP6_STATINC(IP6_STAT_BADSCOPE); /* XXX */ 470 goto bad; 471 } 472 if (in6_setscope(&ip6->ip6_src, m->m_pkthdr.rcvif, NULL) || 473 in6_setscope(&ip6->ip6_dst, m->m_pkthdr.rcvif, NULL)) { 474 IP6_STATINC(IP6_STAT_BADSCOPE); 475 goto bad; 476 } 477 478 /* 479 * Multicast check 480 */ 481 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 482 struct in6_multi *in6m = 0; 483 484 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mcast); 485 /* 486 * See if we belong to the destination multicast group on the 487 * arrival interface. 488 */ 489 IN6_LOOKUP_MULTI(ip6->ip6_dst, m->m_pkthdr.rcvif, in6m); 490 if (in6m) 491 ours = 1; 492 else if (!ip6_mrouter) { 493 uint64_t *ip6s = IP6_STAT_GETREF(); 494 ip6s[IP6_STAT_NOTMEMBER]++; 495 ip6s[IP6_STAT_CANTFORWARD]++; 496 IP6_STAT_PUTREF(); 497 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 498 goto bad; 499 } 500 deliverifp = m->m_pkthdr.rcvif; 501 goto hbhcheck; 502 } 503 504 sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); 505 506 /* 507 * Unicast check 508 */ 509 rt = rtcache_lookup2(&ip6_forward_rt, &u.dst, 1, &hit); 510 if (hit) 511 IP6_STATINC(IP6_STAT_FORWARD_CACHEHIT); 512 else 513 IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); 514 515#define rt6_getkey(__rt) satocsin6(rt_getkey(__rt)) 516 517 /* 518 * Accept the packet if the forwarding interface to the destination 519 * according to the routing table is the loopback interface, 520 * unless the associated route has a gateway. 521 * Note that this approach causes to accept a packet if there is a 522 * route to the loopback interface for the destination of the packet. 523 * But we think it's even useful in some situations, e.g. when using 524 * a special daemon which wants to intercept the packet. 525 */ 526 if (rt != NULL && 527 (rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && 528 !(rt->rt_flags & RTF_CLONED) && 529#if 0 530 /* 531 * The check below is redundant since the comparison of 532 * the destination and the key of the rtentry has 533 * already done through looking up the routing table. 534 */ 535 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) && 536#endif 537 rt->rt_ifp->if_type == IFT_LOOP) { 538 struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; 539 if (ia6->ia6_flags & IN6_IFF_ANYCAST) 540 m->m_flags |= M_ANYCAST6; 541 /* 542 * packets to a tentative, duplicated, or somehow invalid 543 * address must not be accepted. 544 */ 545 if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) { 546 /* this address is ready */ 547 ours = 1; 548 deliverifp = ia6->ia_ifp; /* correct? */ 549 goto hbhcheck; 550 } else { 551 /* address is not ready, so discard the packet. */ 552 nd6log((LOG_INFO, 553 "ip6_input: packet to an unready address %s->%s\n", 554 ip6_sprintf(&ip6->ip6_src), 555 ip6_sprintf(&ip6->ip6_dst))); 556 557 goto bad; 558 } 559 } 560 561 /* 562 * FAITH (Firewall Aided Internet Translator) 563 */ 564#if defined(NFAITH) && 0 < NFAITH 565 if (ip6_keepfaith) { 566 if (rt != NULL && rt->rt_ifp != NULL && 567 rt->rt_ifp->if_type == IFT_FAITH) { 568 /* XXX do we need more sanity checks? */ 569 ours = 1; 570 deliverifp = rt->rt_ifp; /* faith */ 571 goto hbhcheck; 572 } 573 } 574#endif 575 576#if 0 577 { 578 /* 579 * Last resort: check in6_ifaddr for incoming interface. 580 * The code is here until I update the "goto ours hack" code above 581 * working right. 582 */ 583 struct ifaddr *ifa; 584 IFADDR_FOREACH(ifa, m->m_pkthdr.rcvif) { 585 if (ifa->ifa_addr == NULL) 586 continue; /* just for safety */ 587 if (ifa->ifa_addr->sa_family != AF_INET6) 588 continue; 589 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { 590 ours = 1; 591 deliverifp = ifa->ifa_ifp; 592 goto hbhcheck; 593 } 594 } 595 } 596#endif 597 598 /* 599 * Now there is no reason to process the packet if it's not our own 600 * and we're not a router. 601 */ 602 if (!ip6_forwarding) { 603 IP6_STATINC(IP6_STAT_CANTFORWARD); 604 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 605 goto bad; 606 } 607 608 hbhcheck: 609 /* 610 * record address information into m_tag, if we don't have one yet. 611 * note that we are unable to record it, if the address is not listed 612 * as our interface address (e.g. multicast addresses, addresses 613 * within FAITH prefixes and such). 614 */ 615 if (deliverifp && ip6_getdstifaddr(m) == NULL) { 616 struct in6_ifaddr *ia6; 617 618 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 619 if (ia6 != NULL && ip6_setdstifaddr(m, ia6) == NULL) { 620 /* 621 * XXX maybe we should drop the packet here, 622 * as we could not provide enough information 623 * to the upper layers. 624 */ 625 } 626 } 627 628 /* 629 * Process Hop-by-Hop options header if it's contained. 630 * m may be modified in ip6_hopopts_input(). 631 * If a JumboPayload option is included, plen will also be modified. 632 */ 633 plen = (u_int32_t)ntohs(ip6->ip6_plen); 634 if (ip6->ip6_nxt == IPPROTO_HOPOPTS) { 635 struct ip6_hbh *hbh; 636 637 if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { 638#if 0 /*touches NULL pointer*/ 639 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 640#endif 641 return; /* m have already been freed */ 642 } 643 644 /* adjust pointer */ 645 ip6 = mtod(m, struct ip6_hdr *); 646 647 /* 648 * if the payload length field is 0 and the next header field 649 * indicates Hop-by-Hop Options header, then a Jumbo Payload 650 * option MUST be included. 651 */ 652 if (ip6->ip6_plen == 0 && plen == 0) { 653 /* 654 * Note that if a valid jumbo payload option is 655 * contained, ip6_hopopts_input() must set a valid 656 * (non-zero) payload length to the variable plen. 657 */ 658 IP6_STATINC(IP6_STAT_BADOPTIONS); 659 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 660 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 661 icmp6_error(m, ICMP6_PARAM_PROB, 662 ICMP6_PARAMPROB_HEADER, 663 (char *)&ip6->ip6_plen - (char *)ip6); 664 return; 665 } 666 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), 667 sizeof(struct ip6_hbh)); 668 if (hbh == NULL) { 669 IP6_STATINC(IP6_STAT_TOOSHORT); 670 return; 671 } 672 KASSERT(IP6_HDR_ALIGNED_P(hbh)); 673 nxt = hbh->ip6h_nxt; 674 675 /* 676 * accept the packet if a router alert option is included 677 * and we act as an IPv6 router. 678 */ 679 if (rtalert != ~0 && ip6_forwarding) 680 ours = 1; 681 } else 682 nxt = ip6->ip6_nxt; 683 684 /* 685 * Check that the amount of data in the buffers 686 * is as at least much as the IPv6 header would have us expect. 687 * Trim mbufs if longer than we expect. 688 * Drop packet if shorter than we expect. 689 */ 690 if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { 691 IP6_STATINC(IP6_STAT_TOOSHORT); 692 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); 693 goto bad; 694 } 695 if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) { 696 if (m->m_len == m->m_pkthdr.len) { 697 m->m_len = sizeof(struct ip6_hdr) + plen; 698 m->m_pkthdr.len = sizeof(struct ip6_hdr) + plen; 699 } else 700 m_adj(m, sizeof(struct ip6_hdr) + plen - m->m_pkthdr.len); 701 } 702 703 /* 704 * Forward if desirable. 705 */ 706 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 707 /* 708 * If we are acting as a multicast router, all 709 * incoming multicast packets are passed to the 710 * kernel-level multicast forwarding function. 711 * The packet is returned (relatively) intact; if 712 * ip6_mforward() returns a non-zero value, the packet 713 * must be discarded, else it may be accepted below. 714 */ 715 if (ip6_mrouter && ip6_mforward(ip6, m->m_pkthdr.rcvif, m)) { 716 IP6_STATINC(IP6_STAT_CANTFORWARD); 717 m_freem(m); 718 return; 719 } 720 if (!ours) { 721 m_freem(m); 722 return; 723 } 724 } else if (!ours) { 725 ip6_forward(m, srcrt); 726 return; 727 } 728 729 ip6 = mtod(m, struct ip6_hdr *); 730 731 /* 732 * Malicious party may be able to use IPv4 mapped addr to confuse 733 * tcp/udp stack and bypass security checks (act as if it was from 734 * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. 735 * 736 * For SIIT end node behavior, you may want to disable the check. 737 * However, you will become vulnerable to attacks using IPv4 mapped 738 * source. 739 */ 740 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 741 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 742 IP6_STATINC(IP6_STAT_BADSCOPE); 743 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 744 goto bad; 745 } 746 747 /* 748 * Tell launch routine the next header 749 */ 750#ifdef IFA_STATS 751 if (deliverifp != NULL) { 752 struct in6_ifaddr *ia6; 753 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 754 if (ia6) 755 ia6->ia_ifa.ifa_data.ifad_inbytes += m->m_pkthdr.len; 756 } 757#endif 758 IP6_STATINC(IP6_STAT_DELIVERED); 759 in6_ifstat_inc(deliverifp, ifs6_in_deliver); 760 nest = 0; 761 762 rh_present = 0; 763 while (nxt != IPPROTO_DONE) { 764 if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { 765 IP6_STATINC(IP6_STAT_TOOMANYHDR); 766 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 767 goto bad; 768 } 769 770 /* 771 * protection against faulty packet - there should be 772 * more sanity checks in header chain processing. 773 */ 774 if (m->m_pkthdr.len < off) { 775 IP6_STATINC(IP6_STAT_TOOSHORT); 776 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); 777 goto bad; 778 } 779 780 if (nxt == IPPROTO_ROUTING) { 781 if (rh_present++) { 782 in6_ifstat_inc(m->m_pkthdr.rcvif, 783 ifs6_in_hdrerr); 784 IP6_STATINC(IP6_STAT_BADOPTIONS); 785 goto bad; 786 } 787 } 788 789#ifdef KAME_IPSEC 790 /* 791 * enforce IPsec policy checking if we are seeing last header. 792 * note that we do not visit this with protocols with pcb layer 793 * code - like udp/tcp/raw ip. 794 */ 795 if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && 796 ipsec6_in_reject(m, NULL)) { 797 IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); 798 goto bad; 799 } 800#endif 801#ifdef FAST_IPSEC 802 /* 803 * enforce IPsec policy checking if we are seeing last header. 804 * note that we do not visit this with protocols with pcb layer 805 * code - like udp/tcp/raw ip. 806 */ 807 if ((inet6sw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0) { 808 /* 809 * Check if the packet has already had IPsec processing 810 * done. If so, then just pass it along. This tag gets 811 * set during AH, ESP, etc. input handling, before the 812 * packet is returned to the ip input queue for delivery. 813 */ 814 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 815 s = splsoftnet(); 816 if (mtag != NULL) { 817 tdbi = (struct tdb_ident *)(mtag + 1); 818 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 819 } else { 820 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 821 IP_FORWARDING, &error); 822 } 823 if (sp != NULL) { 824 /* 825 * Check security policy against packet attributes. 826 */ 827 error = ipsec_in_reject(sp, m); 828 KEY_FREESP(&sp); 829 } else { 830 /* XXX error stat??? */ 831 error = EINVAL; 832 DPRINTF(("ip6_input: no SP, packet discarded\n"));/*XXX*/ 833 } 834 splx(s); 835 if (error) 836 goto bad; 837 } 838#endif /* FAST_IPSEC */ 839 840 841 nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); 842 } 843 return; 844 bad: 845 m_freem(m); 846} 847 848/* 849 * set/grab in6_ifaddr correspond to IPv6 destination address. 850 */ 851static struct m_tag * 852ip6_setdstifaddr(struct mbuf *m, const struct in6_ifaddr *ia) 853{ 854 struct m_tag *mtag; 855 856 mtag = ip6_addaux(m); 857 if (mtag != NULL) { 858 struct ip6aux *ip6a; 859 860 ip6a = (struct ip6aux *)(mtag + 1); 861 in6_setscope(&ip6a->ip6a_src, ia->ia_ifp, &ip6a->ip6a_scope_id); 862 ip6a->ip6a_src = ia->ia_addr.sin6_addr; 863 ip6a->ip6a_flags = ia->ia6_flags; 864 } 865 return mtag; /* NULL if failed to set */ 866} 867 868const struct ip6aux * 869ip6_getdstifaddr(struct mbuf *m) 870{ 871 struct m_tag *mtag; 872 873 mtag = ip6_findaux(m); 874 if (mtag != NULL) 875 return (struct ip6aux *)(mtag + 1); 876 else 877 return NULL; 878} 879 880/* 881 * Hop-by-Hop options header processing. If a valid jumbo payload option is 882 * included, the real payload length will be stored in plenp. 883 * 884 * rtalertp - XXX: should be stored more smart way 885 */ 886int 887ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, 888 struct mbuf **mp, int *offp) 889{ 890 struct mbuf *m = *mp; 891 int off = *offp, hbhlen; 892 struct ip6_hbh *hbh; 893 894 /* validation of the length of the header */ 895 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, 896 sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); 897 if (hbh == NULL) { 898 IP6_STATINC(IP6_STAT_TOOSHORT); 899 return -1; 900 } 901 hbhlen = (hbh->ip6h_len + 1) << 3; 902 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), 903 hbhlen); 904 if (hbh == NULL) { 905 IP6_STATINC(IP6_STAT_TOOSHORT); 906 return -1; 907 } 908 KASSERT(IP6_HDR_ALIGNED_P(hbh)); 909 off += hbhlen; 910 hbhlen -= sizeof(struct ip6_hbh); 911 912 if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), 913 hbhlen, rtalertp, plenp) < 0) 914 return (-1); 915 916 *offp = off; 917 *mp = m; 918 return (0); 919} 920 921/* 922 * Search header for all Hop-by-hop options and process each option. 923 * This function is separate from ip6_hopopts_input() in order to 924 * handle a case where the sending node itself process its hop-by-hop 925 * options header. In such a case, the function is called from ip6_output(). 926 * 927 * The function assumes that hbh header is located right after the IPv6 header 928 * (RFC2460 p7), opthead is pointer into data content in m, and opthead to 929 * opthead + hbhlen is located in continuous memory region. 930 */ 931static int 932ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, 933 u_int32_t *rtalertp, u_int32_t *plenp) 934{ 935 struct ip6_hdr *ip6; 936 int optlen = 0; 937 u_int8_t *opt = opthead; 938 u_int16_t rtalert_val; 939 u_int32_t jumboplen; 940 const int erroff = sizeof(struct ip6_hdr) + sizeof(struct ip6_hbh); 941 942 for (; hbhlen > 0; hbhlen -= optlen, opt += optlen) { 943 switch (*opt) { 944 case IP6OPT_PAD1: 945 optlen = 1; 946 break; 947 case IP6OPT_PADN: 948 if (hbhlen < IP6OPT_MINLEN) { 949 IP6_STATINC(IP6_STAT_TOOSMALL); 950 goto bad; 951 } 952 optlen = *(opt + 1) + 2; 953 break; 954 case IP6OPT_RTALERT: 955 /* XXX may need check for alignment */ 956 if (hbhlen < IP6OPT_RTALERT_LEN) { 957 IP6_STATINC(IP6_STAT_TOOSMALL); 958 goto bad; 959 } 960 if (*(opt + 1) != IP6OPT_RTALERT_LEN - 2) { 961 /* XXX stat */ 962 icmp6_error(m, ICMP6_PARAM_PROB, 963 ICMP6_PARAMPROB_HEADER, 964 erroff + opt + 1 - opthead); 965 return (-1); 966 } 967 optlen = IP6OPT_RTALERT_LEN; 968 memcpy((void *)&rtalert_val, (void *)(opt + 2), 2); 969 *rtalertp = ntohs(rtalert_val); 970 break; 971 case IP6OPT_JUMBO: 972 /* XXX may need check for alignment */ 973 if (hbhlen < IP6OPT_JUMBO_LEN) { 974 IP6_STATINC(IP6_STAT_TOOSMALL); 975 goto bad; 976 } 977 if (*(opt + 1) != IP6OPT_JUMBO_LEN - 2) { 978 /* XXX stat */ 979 icmp6_error(m, ICMP6_PARAM_PROB, 980 ICMP6_PARAMPROB_HEADER, 981 erroff + opt + 1 - opthead); 982 return (-1); 983 } 984 optlen = IP6OPT_JUMBO_LEN; 985 986 /* 987 * IPv6 packets that have non 0 payload length 988 * must not contain a jumbo payload option. 989 */ 990 ip6 = mtod(m, struct ip6_hdr *); 991 if (ip6->ip6_plen) { 992 IP6_STATINC(IP6_STAT_BADOPTIONS); 993 icmp6_error(m, ICMP6_PARAM_PROB, 994 ICMP6_PARAMPROB_HEADER, 995 erroff + opt - opthead); 996 return (-1); 997 } 998 999 /* 1000 * We may see jumbolen in unaligned location, so 1001 * we'd need to perform bcopy(). 1002 */ 1003 memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); 1004 jumboplen = (u_int32_t)htonl(jumboplen); 1005 1006#if 1 1007 /* 1008 * if there are multiple jumbo payload options, 1009 * *plenp will be non-zero and the packet will be 1010 * rejected. 1011 * the behavior may need some debate in ipngwg - 1012 * multiple options does not make sense, however, 1013 * there's no explicit mention in specification. 1014 */ 1015 if (*plenp != 0) { 1016 IP6_STATINC(IP6_STAT_BADOPTIONS); 1017 icmp6_error(m, ICMP6_PARAM_PROB, 1018 ICMP6_PARAMPROB_HEADER, 1019 erroff + opt + 2 - opthead); 1020 return (-1); 1021 } 1022#endif 1023 1024 /* 1025 * jumbo payload length must be larger than 65535. 1026 */ 1027 if (jumboplen <= IPV6_MAXPACKET) { 1028 IP6_STATINC(IP6_STAT_BADOPTIONS); 1029 icmp6_error(m, ICMP6_PARAM_PROB, 1030 ICMP6_PARAMPROB_HEADER, 1031 erroff + opt + 2 - opthead); 1032 return (-1); 1033 } 1034 *plenp = jumboplen; 1035 1036 break; 1037 default: /* unknown option */ 1038 if (hbhlen < IP6OPT_MINLEN) { 1039 IP6_STATINC(IP6_STAT_TOOSMALL); 1040 goto bad; 1041 } 1042 optlen = ip6_unknown_opt(opt, m, 1043 erroff + opt - opthead); 1044 if (optlen == -1) 1045 return (-1); 1046 optlen += 2; 1047 break; 1048 } 1049 } 1050 1051 return (0); 1052 1053 bad: 1054 m_freem(m); 1055 return (-1); 1056} 1057 1058/* 1059 * Unknown option processing. 1060 * The third argument `off' is the offset from the IPv6 header to the option, 1061 * which is necessary if the IPv6 header the and option header and IPv6 header 1062 * is not continuous in order to return an ICMPv6 error. 1063 */ 1064int 1065ip6_unknown_opt(u_int8_t *optp, struct mbuf *m, int off) 1066{ 1067 struct ip6_hdr *ip6; 1068 1069 switch (IP6OPT_TYPE(*optp)) { 1070 case IP6OPT_TYPE_SKIP: /* ignore the option */ 1071 return ((int)*(optp + 1)); 1072 case IP6OPT_TYPE_DISCARD: /* silently discard */ 1073 m_freem(m); 1074 return (-1); 1075 case IP6OPT_TYPE_FORCEICMP: /* send ICMP even if multicasted */ 1076 IP6_STATINC(IP6_STAT_BADOPTIONS); 1077 icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, off); 1078 return (-1); 1079 case IP6OPT_TYPE_ICMP: /* send ICMP if not multicasted */ 1080 IP6_STATINC(IP6_STAT_BADOPTIONS); 1081 ip6 = mtod(m, struct ip6_hdr *); 1082 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || 1083 (m->m_flags & (M_BCAST|M_MCAST))) 1084 m_freem(m); 1085 else 1086 icmp6_error(m, ICMP6_PARAM_PROB, 1087 ICMP6_PARAMPROB_OPTION, off); 1088 return (-1); 1089 } 1090 1091 m_freem(m); /* XXX: NOTREACHED */ 1092 return (-1); 1093} 1094 1095/* 1096 * Create the "control" list for this pcb. 1097 * 1098 * The routine will be called from upper layer handlers like tcp6_input(). 1099 * Thus the routine assumes that the caller (tcp6_input) have already 1100 * called IP6_EXTHDR_CHECK() and all the extension headers are located in the 1101 * very first mbuf on the mbuf chain. 1102 * We may want to add some infinite loop prevention or sanity checks for safety. 1103 * (This applies only when you are using KAME mbuf chain restriction, i.e. 1104 * you are using IP6_EXTHDR_CHECK() not m_pulldown()) 1105 */ 1106void 1107ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, 1108 struct ip6_hdr *ip6, struct mbuf *m) 1109{ 1110#ifdef RFC2292 1111#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) 1112#else 1113#define IS2292(x, y) (y) 1114#endif 1115 1116 if (in6p->in6p_socket->so_options & SO_TIMESTAMP 1117#ifdef SO_OTIMESTAMP 1118 || in6p->in6p_socket->so_options & SO_OTIMESTAMP 1119#endif 1120 ) { 1121 struct timeval tv; 1122 1123 microtime(&tv); 1124#ifdef SO_OTIMESTAMP 1125 if (in6p->in6p_socket->so_options & SO_OTIMESTAMP) { 1126 struct timeval50 tv50; 1127 timeval_to_timeval50(&tv, &tv50); 1128 *mp = sbcreatecontrol((void *) &tv50, sizeof(tv50), 1129 SCM_OTIMESTAMP, SOL_SOCKET); 1130 } else 1131#endif 1132 *mp = sbcreatecontrol((void *) &tv, sizeof(tv), 1133 SCM_TIMESTAMP, SOL_SOCKET); 1134 if (*mp) 1135 mp = &(*mp)->m_next; 1136 } 1137 1138 /* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ 1139 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) 1140 return; 1141 1142 /* RFC 2292 sec. 5 */ 1143 if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) { 1144 struct in6_pktinfo pi6; 1145 1146 memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr)); 1147 in6_clearscope(&pi6.ipi6_addr); /* XXX */ 1148 pi6.ipi6_ifindex = m->m_pkthdr.rcvif ? 1149 m->m_pkthdr.rcvif->if_index : 0; 1150 *mp = sbcreatecontrol((void *) &pi6, 1151 sizeof(struct in6_pktinfo), 1152 IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); 1153 if (*mp) 1154 mp = &(*mp)->m_next; 1155 } 1156 1157 if (in6p->in6p_flags & IN6P_HOPLIMIT) { 1158 int hlim = ip6->ip6_hlim & 0xff; 1159 1160 *mp = sbcreatecontrol((void *) &hlim, sizeof(int), 1161 IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); 1162 if (*mp) 1163 mp = &(*mp)->m_next; 1164 } 1165 1166 if ((in6p->in6p_flags & IN6P_TCLASS) != 0) { 1167 u_int32_t flowinfo; 1168 int tclass; 1169 1170 flowinfo = (u_int32_t)ntohl(ip6->ip6_flow & IPV6_FLOWINFO_MASK); 1171 flowinfo >>= 20; 1172 1173 tclass = flowinfo & 0xff; 1174 *mp = sbcreatecontrol((void *)&tclass, sizeof(tclass), 1175 IPV6_TCLASS, IPPROTO_IPV6); 1176 1177 if (*mp) 1178 mp = &(*mp)->m_next; 1179 } 1180 1181 /* 1182 * IPV6_HOPOPTS socket option. Recall that we required super-user 1183 * privilege for the option (see ip6_ctloutput), but it might be too 1184 * strict, since there might be some hop-by-hop options which can be 1185 * returned to normal user. 1186 * See also RFC3542 section 8 (or RFC2292 section 6). 1187 */ 1188 if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) { 1189 /* 1190 * Check if a hop-by-hop options header is contatined in the 1191 * received packet, and if so, store the options as ancillary 1192 * data. Note that a hop-by-hop options header must be 1193 * just after the IPv6 header, which fact is assured through 1194 * the IPv6 input processing. 1195 */ 1196 struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *); 1197 if (xip6->ip6_nxt == IPPROTO_HOPOPTS) { 1198 struct ip6_hbh *hbh; 1199 int hbhlen; 1200 struct mbuf *ext; 1201 1202 ext = ip6_pullexthdr(m, sizeof(struct ip6_hdr), 1203 xip6->ip6_nxt); 1204 if (ext == NULL) { 1205 IP6_STATINC(IP6_STAT_TOOSHORT); 1206 return; 1207 } 1208 hbh = mtod(ext, struct ip6_hbh *); 1209 hbhlen = (hbh->ip6h_len + 1) << 3; 1210 if (hbhlen != ext->m_len) { 1211 m_freem(ext); 1212 IP6_STATINC(IP6_STAT_TOOSHORT); 1213 return; 1214 } 1215 1216 /* 1217 * XXX: We copy whole the header even if a jumbo 1218 * payload option is included, which option is to 1219 * be removed before returning in the RFC 2292. 1220 * Note: this constraint is removed in RFC3542. 1221 */ 1222 *mp = sbcreatecontrol((void *)hbh, hbhlen, 1223 IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), 1224 IPPROTO_IPV6); 1225 if (*mp) 1226 mp = &(*mp)->m_next; 1227 m_freem(ext); 1228 } 1229 } 1230 1231 /* IPV6_DSTOPTS and IPV6_RTHDR socket options */ 1232 if (in6p->in6p_flags & (IN6P_DSTOPTS | IN6P_RTHDR)) { 1233 struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *); 1234 int nxt = xip6->ip6_nxt, off = sizeof(struct ip6_hdr); 1235 1236 /* 1237 * Search for destination options headers or routing 1238 * header(s) through the header chain, and stores each 1239 * header as ancillary data. 1240 * Note that the order of the headers remains in 1241 * the chain of ancillary data. 1242 */ 1243 for (;;) { /* is explicit loop prevention necessary? */ 1244 struct ip6_ext *ip6e = NULL; 1245 int elen; 1246 struct mbuf *ext = NULL; 1247 1248 /* 1249 * if it is not an extension header, don't try to 1250 * pull it from the chain. 1251 */ 1252 switch (nxt) { 1253 case IPPROTO_DSTOPTS: 1254 case IPPROTO_ROUTING: 1255 case IPPROTO_HOPOPTS: 1256 case IPPROTO_AH: /* is it possible? */ 1257 break; 1258 default: 1259 goto loopend; 1260 } 1261 1262 ext = ip6_pullexthdr(m, off, nxt); 1263 if (ext == NULL) { 1264 IP6_STATINC(IP6_STAT_TOOSHORT); 1265 return; 1266 } 1267 ip6e = mtod(ext, struct ip6_ext *); 1268 if (nxt == IPPROTO_AH) 1269 elen = (ip6e->ip6e_len + 2) << 2; 1270 else 1271 elen = (ip6e->ip6e_len + 1) << 3; 1272 if (elen != ext->m_len) { 1273 m_freem(ext); 1274 IP6_STATINC(IP6_STAT_TOOSHORT); 1275 return; 1276 } 1277 KASSERT(IP6_HDR_ALIGNED_P(ip6e)); 1278 1279 switch (nxt) { 1280 case IPPROTO_DSTOPTS: 1281 if (!(in6p->in6p_flags & IN6P_DSTOPTS)) 1282 break; 1283 1284 *mp = sbcreatecontrol((void *)ip6e, elen, 1285 IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), 1286 IPPROTO_IPV6); 1287 if (*mp) 1288 mp = &(*mp)->m_next; 1289 break; 1290 1291 case IPPROTO_ROUTING: 1292 if (!(in6p->in6p_flags & IN6P_RTHDR)) 1293 break; 1294 1295 *mp = sbcreatecontrol((void *)ip6e, elen, 1296 IS2292(IPV6_2292RTHDR, IPV6_RTHDR), 1297 IPPROTO_IPV6); 1298 if (*mp) 1299 mp = &(*mp)->m_next; 1300 break; 1301 1302 case IPPROTO_HOPOPTS: 1303 case IPPROTO_AH: /* is it possible? */ 1304 break; 1305 1306 default: 1307 /* 1308 * other cases have been filtered in the above. 1309 * none will visit this case. here we supply 1310 * the code just in case (nxt overwritten or 1311 * other cases). 1312 */ 1313 m_freem(ext); 1314 goto loopend; 1315 1316 } 1317 1318 /* proceed with the next header. */ 1319 off += elen; 1320 nxt = ip6e->ip6e_nxt; 1321 ip6e = NULL; 1322 m_freem(ext); 1323 ext = NULL; 1324 } 1325 loopend: 1326 ; 1327 } 1328} 1329#undef IS2292 1330 1331 1332void 1333ip6_notify_pmtu(struct in6pcb *in6p, const struct sockaddr_in6 *dst, 1334 uint32_t *mtu) 1335{ 1336 struct socket *so; 1337 struct mbuf *m_mtu; 1338 struct ip6_mtuinfo mtuctl; 1339 1340 so = in6p->in6p_socket; 1341 1342 if (mtu == NULL) 1343 return; 1344 1345#ifdef DIAGNOSTIC 1346 if (so == NULL) /* I believe this is impossible */ 1347 panic("ip6_notify_pmtu: socket is NULL"); 1348#endif 1349 1350 memset(&mtuctl, 0, sizeof(mtuctl)); /* zero-clear for safety */ 1351 mtuctl.ip6m_mtu = *mtu; 1352 mtuctl.ip6m_addr = *dst; 1353 if (sa6_recoverscope(&mtuctl.ip6m_addr)) 1354 return; 1355 1356 if ((m_mtu = sbcreatecontrol((void *)&mtuctl, sizeof(mtuctl), 1357 IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) 1358 return; 1359 1360 if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) 1361 == 0) { 1362 m_freem(m_mtu); 1363 /* XXX: should count statistics */ 1364 } else 1365 sorwakeup(so); 1366 1367 return; 1368} 1369 1370/* 1371 * pull single extension header from mbuf chain. returns single mbuf that 1372 * contains the result, or NULL on error. 1373 */ 1374static struct mbuf * 1375ip6_pullexthdr(struct mbuf *m, size_t off, int nxt) 1376{ 1377 struct ip6_ext ip6e; 1378 size_t elen; 1379 struct mbuf *n; 1380 1381#ifdef DIAGNOSTIC 1382 switch (nxt) { 1383 case IPPROTO_DSTOPTS: 1384 case IPPROTO_ROUTING: 1385 case IPPROTO_HOPOPTS: 1386 case IPPROTO_AH: /* is it possible? */ 1387 break; 1388 default: 1389 printf("ip6_pullexthdr: invalid nxt=%d\n", nxt); 1390 } 1391#endif 1392 1393 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1394 if (nxt == IPPROTO_AH) 1395 elen = (ip6e.ip6e_len + 2) << 2; 1396 else 1397 elen = (ip6e.ip6e_len + 1) << 3; 1398 1399 MGET(n, M_DONTWAIT, MT_DATA); 1400 if (n && elen >= MLEN) { 1401 MCLGET(n, M_DONTWAIT); 1402 if ((n->m_flags & M_EXT) == 0) { 1403 m_free(n); 1404 n = NULL; 1405 } 1406 } 1407 if (!n) 1408 return NULL; 1409 1410 n->m_len = 0; 1411 if (elen >= M_TRAILINGSPACE(n)) { 1412 m_free(n); 1413 return NULL; 1414 } 1415 1416 m_copydata(m, off, elen, mtod(n, void *)); 1417 n->m_len = elen; 1418 return n; 1419} 1420 1421/* 1422 * Get pointer to the previous header followed by the header 1423 * currently processed. 1424 * XXX: This function supposes that 1425 * M includes all headers, 1426 * the next header field and the header length field of each header 1427 * are valid, and 1428 * the sum of each header length equals to OFF. 1429 * Because of these assumptions, this function must be called very 1430 * carefully. Moreover, it will not be used in the near future when 1431 * we develop `neater' mechanism to process extension headers. 1432 */ 1433u_int8_t * 1434ip6_get_prevhdr(struct mbuf *m, int off) 1435{ 1436 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 1437 1438 if (off == sizeof(struct ip6_hdr)) 1439 return (&ip6->ip6_nxt); 1440 else { 1441 int len, nxt; 1442 struct ip6_ext *ip6e = NULL; 1443 1444 nxt = ip6->ip6_nxt; 1445 len = sizeof(struct ip6_hdr); 1446 while (len < off) { 1447 ip6e = (struct ip6_ext *)(mtod(m, char *) + len); 1448 1449 switch (nxt) { 1450 case IPPROTO_FRAGMENT: 1451 len += sizeof(struct ip6_frag); 1452 break; 1453 case IPPROTO_AH: 1454 len += (ip6e->ip6e_len + 2) << 2; 1455 break; 1456 default: 1457 len += (ip6e->ip6e_len + 1) << 3; 1458 break; 1459 } 1460 nxt = ip6e->ip6e_nxt; 1461 } 1462 if (ip6e) 1463 return (&ip6e->ip6e_nxt); 1464 else 1465 return NULL; 1466 } 1467} 1468 1469/* 1470 * get next header offset. m will be retained. 1471 */ 1472int 1473ip6_nexthdr(struct mbuf *m, int off, int proto, int *nxtp) 1474{ 1475 struct ip6_hdr ip6; 1476 struct ip6_ext ip6e; 1477 struct ip6_frag fh; 1478 1479 /* just in case */ 1480 if (m == NULL) 1481 panic("ip6_nexthdr: m == NULL"); 1482 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) 1483 return -1; 1484 1485 switch (proto) { 1486 case IPPROTO_IPV6: 1487 /* do not chase beyond intermediate IPv6 headers */ 1488 if (off != 0) 1489 return -1; 1490 if (m->m_pkthdr.len < off + sizeof(ip6)) 1491 return -1; 1492 m_copydata(m, off, sizeof(ip6), (void *)&ip6); 1493 if (nxtp) 1494 *nxtp = ip6.ip6_nxt; 1495 off += sizeof(ip6); 1496 return off; 1497 1498 case IPPROTO_FRAGMENT: 1499 /* 1500 * terminate parsing if it is not the first fragment, 1501 * it does not make sense to parse through it. 1502 */ 1503 if (m->m_pkthdr.len < off + sizeof(fh)) 1504 return -1; 1505 m_copydata(m, off, sizeof(fh), (void *)&fh); 1506 if ((fh.ip6f_offlg & IP6F_OFF_MASK) != 0) 1507 return -1; 1508 if (nxtp) 1509 *nxtp = fh.ip6f_nxt; 1510 off += sizeof(struct ip6_frag); 1511 return off; 1512 1513 case IPPROTO_AH: 1514 if (m->m_pkthdr.len < off + sizeof(ip6e)) 1515 return -1; 1516 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1517 if (nxtp) 1518 *nxtp = ip6e.ip6e_nxt; 1519 off += (ip6e.ip6e_len + 2) << 2; 1520 if (m->m_pkthdr.len < off) 1521 return -1; 1522 return off; 1523 1524 case IPPROTO_HOPOPTS: 1525 case IPPROTO_ROUTING: 1526 case IPPROTO_DSTOPTS: 1527 if (m->m_pkthdr.len < off + sizeof(ip6e)) 1528 return -1; 1529 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1530 if (nxtp) 1531 *nxtp = ip6e.ip6e_nxt; 1532 off += (ip6e.ip6e_len + 1) << 3; 1533 if (m->m_pkthdr.len < off) 1534 return -1; 1535 return off; 1536 1537 case IPPROTO_NONE: 1538 case IPPROTO_ESP: 1539 case IPPROTO_IPCOMP: 1540 /* give up */ 1541 return -1; 1542 1543 default: 1544 return -1; 1545 } 1546} 1547 1548/* 1549 * get offset for the last header in the chain. m will be kept untainted. 1550 */ 1551int 1552ip6_lasthdr(struct mbuf *m, int off, int proto, int *nxtp) 1553{ 1554 int newoff; 1555 int nxt; 1556 1557 if (!nxtp) { 1558 nxt = -1; 1559 nxtp = &nxt; 1560 } 1561 for (;;) { 1562 newoff = ip6_nexthdr(m, off, proto, nxtp); 1563 if (newoff < 0) 1564 return off; 1565 else if (newoff < off) 1566 return -1; /* invalid */ 1567 else if (newoff == off) 1568 return newoff; 1569 1570 off = newoff; 1571 proto = *nxtp; 1572 } 1573} 1574 1575struct m_tag * 1576ip6_addaux(struct mbuf *m) 1577{ 1578 struct m_tag *mtag; 1579 1580 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1581 if (!mtag) { 1582 mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), 1583 M_NOWAIT); 1584 if (mtag) { 1585 m_tag_prepend(m, mtag); 1586 memset(mtag + 1, 0, sizeof(struct ip6aux)); 1587 } 1588 } 1589 return mtag; 1590} 1591 1592struct m_tag * 1593ip6_findaux(struct mbuf *m) 1594{ 1595 struct m_tag *mtag; 1596 1597 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1598 return mtag; 1599} 1600 1601void 1602ip6_delaux(struct mbuf *m) 1603{ 1604 struct m_tag *mtag; 1605 1606 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1607 if (mtag) 1608 m_tag_delete(m, mtag); 1609} 1610 1611#ifdef GATEWAY 1612/* 1613 * sysctl helper routine for net.inet.ip6.maxflows. Since 1614 * we could reduce this value, call ip6flow_reap(); 1615 */ 1616static int 1617sysctl_net_inet6_ip6_maxflows(SYSCTLFN_ARGS) 1618{ 1619 int error; 1620 1621 error = sysctl_lookup(SYSCTLFN_CALL(rnode)); 1622 if (error || newp == NULL) 1623 return (error); 1624 1625 mutex_enter(softnet_lock); 1626 KERNEL_LOCK(1, NULL); 1627 1628 ip6flow_reap(0); 1629 1630 KERNEL_UNLOCK_ONE(NULL); 1631 mutex_exit(softnet_lock); 1632 1633 return (0); 1634} 1635 1636static int 1637sysctl_net_inet6_ip6_hashsize(SYSCTLFN_ARGS) 1638{ 1639 int error, tmp; 1640 struct sysctlnode node; 1641 1642 node = *rnode; 1643 tmp = ip6_hashsize; 1644 node.sysctl_data = &tmp; 1645 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1646 if (error || newp == NULL) 1647 return (error); 1648 1649 if ((tmp & (tmp - 1)) == 0 && tmp != 0) { 1650 /* 1651 * Can only fail due to malloc() 1652 */ 1653 mutex_enter(softnet_lock); 1654 KERNEL_LOCK(1, NULL); 1655 1656 error = ip6flow_invalidate_all(tmp); 1657 1658 KERNEL_UNLOCK_ONE(NULL); 1659 mutex_exit(softnet_lock); 1660 } else { 1661 /* 1662 * EINVAL if not a power of 2 1663 */ 1664 error = EINVAL; 1665 } 1666 1667 return error; 1668} 1669#endif /* GATEWAY */ 1670 1671/* 1672 * System control for IP6 1673 */ 1674 1675const u_char inet6ctlerrmap[PRC_NCMDS] = { 1676 0, 0, 0, 0, 1677 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1678 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1679 EMSGSIZE, EHOSTUNREACH, 0, 0, 1680 0, 0, 0, 0, 1681 ENOPROTOOPT 1682}; 1683 1684static int 1685sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS) 1686{ 1687 1688 return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); 1689} 1690 1691static void 1692sysctl_net_inet6_ip6_setup(struct sysctllog **clog) 1693{ 1694#ifdef RFC2292 1695#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) 1696#else 1697#define IS2292(x, y) (y) 1698#endif 1699 1700 sysctl_createv(clog, 0, NULL, NULL, 1701 CTLFLAG_PERMANENT, 1702 CTLTYPE_NODE, "net", NULL, 1703 NULL, 0, NULL, 0, 1704 CTL_NET, CTL_EOL); 1705 sysctl_createv(clog, 0, NULL, NULL, 1706 CTLFLAG_PERMANENT, 1707 CTLTYPE_NODE, "inet6", 1708 SYSCTL_DESCR("PF_INET6 related settings"), 1709 NULL, 0, NULL, 0, 1710 CTL_NET, PF_INET6, CTL_EOL); 1711 sysctl_createv(clog, 0, NULL, NULL, 1712 CTLFLAG_PERMANENT, 1713 CTLTYPE_NODE, "ip6", 1714 SYSCTL_DESCR("IPv6 related settings"), 1715 NULL, 0, NULL, 0, 1716 CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_EOL); 1717 1718 sysctl_createv(clog, 0, NULL, NULL, 1719 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1720 CTLTYPE_INT, "forwarding", 1721 SYSCTL_DESCR("Enable forwarding of INET6 datagrams"), 1722 NULL, 0, &ip6_forwarding, 0, 1723 CTL_NET, PF_INET6, IPPROTO_IPV6, 1724 IPV6CTL_FORWARDING, CTL_EOL); 1725 sysctl_createv(clog, 0, NULL, NULL, 1726 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1727 CTLTYPE_INT, "redirect", 1728 SYSCTL_DESCR("Enable sending of ICMPv6 redirect messages"), 1729 NULL, 0, &ip6_sendredirects, 0, 1730 CTL_NET, PF_INET6, IPPROTO_IPV6, 1731 IPV6CTL_SENDREDIRECTS, CTL_EOL); 1732 sysctl_createv(clog, 0, NULL, NULL, 1733 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1734 CTLTYPE_INT, "hlim", 1735 SYSCTL_DESCR("Hop limit for an INET6 datagram"), 1736 NULL, 0, &ip6_defhlim, 0, 1737 CTL_NET, PF_INET6, IPPROTO_IPV6, 1738 IPV6CTL_DEFHLIM, CTL_EOL); 1739#ifdef notyet 1740 sysctl_createv(clog, 0, NULL, NULL, 1741 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1742 CTLTYPE_INT, "mtu", NULL, 1743 NULL, 0, &, 0, 1744 CTL_NET, PF_INET6, IPPROTO_IPV6, 1745 IPV6CTL_DEFMTU, CTL_EOL); 1746#endif 1747#ifdef __no_idea__ 1748 sysctl_createv(clog, 0, NULL, NULL, 1749 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1750 CTLTYPE_INT, "forwsrcrt", NULL, 1751 NULL, 0, &?, 0, 1752 CTL_NET, PF_INET6, IPPROTO_IPV6, 1753 IPV6CTL_FORWSRCRT, CTL_EOL); 1754 sysctl_createv(clog, 0, NULL, NULL, 1755 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1756 CTLTYPE_STRUCT, "mrtstats", NULL, 1757 NULL, 0, &?, sizeof(?), 1758 CTL_NET, PF_INET6, IPPROTO_IPV6, 1759 IPV6CTL_MRTSTATS, CTL_EOL); 1760 sysctl_createv(clog, 0, NULL, NULL, 1761 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1762 CTLTYPE_?, "mrtproto", NULL, 1763 NULL, 0, &?, sizeof(?), 1764 CTL_NET, PF_INET6, IPPROTO_IPV6, 1765 IPV6CTL_MRTPROTO, CTL_EOL); 1766#endif 1767 sysctl_createv(clog, 0, NULL, NULL, 1768 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1769 CTLTYPE_INT, "maxfragpackets", 1770 SYSCTL_DESCR("Maximum number of fragments to buffer " 1771 "for reassembly"), 1772 NULL, 0, &ip6_maxfragpackets, 0, 1773 CTL_NET, PF_INET6, IPPROTO_IPV6, 1774 IPV6CTL_MAXFRAGPACKETS, CTL_EOL); 1775#ifdef __no_idea__ 1776 sysctl_createv(clog, 0, NULL, NULL, 1777 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1778 CTLTYPE_INT, "sourcecheck", NULL, 1779 NULL, 0, &?, 0, 1780 CTL_NET, PF_INET6, IPPROTO_IPV6, 1781 IPV6CTL_SOURCECHECK, CTL_EOL); 1782 sysctl_createv(clog, 0, NULL, NULL, 1783 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1784 CTLTYPE_INT, "sourcecheck_logint", NULL, 1785 NULL, 0, &?, 0, 1786 CTL_NET, PF_INET6, IPPROTO_IPV6, 1787 IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL); 1788#endif 1789 sysctl_createv(clog, 0, NULL, NULL, 1790 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1791 CTLTYPE_INT, "accept_rtadv", 1792 SYSCTL_DESCR("Accept router advertisements"), 1793 NULL, 0, &ip6_accept_rtadv, 0, 1794 CTL_NET, PF_INET6, IPPROTO_IPV6, 1795 IPV6CTL_ACCEPT_RTADV, CTL_EOL); 1796 sysctl_createv(clog, 0, NULL, NULL, 1797 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1798 CTLTYPE_INT, "rtadv_maxroutes", 1799 SYSCTL_DESCR("Maximum number of routes accepted via router advertisements"), 1800 NULL, 0, &ip6_rtadv_maxroutes, 0, 1801 CTL_NET, PF_INET6, IPPROTO_IPV6, 1802 IPV6CTL_RTADV_MAXROUTES, CTL_EOL); 1803 sysctl_createv(clog, 0, NULL, NULL, 1804 CTLFLAG_PERMANENT, 1805 CTLTYPE_INT, "rtadv_numroutes", 1806 SYSCTL_DESCR("Current number of routes accepted via router advertisements"), 1807 NULL, 0, &nd6_numroutes, 0, 1808 CTL_NET, PF_INET6, IPPROTO_IPV6, 1809 IPV6CTL_RTADV_NUMROUTES, CTL_EOL); 1810 sysctl_createv(clog, 0, NULL, NULL, 1811 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1812 CTLTYPE_INT, "keepfaith", 1813 SYSCTL_DESCR("Activate faith interface"), 1814 NULL, 0, &ip6_keepfaith, 0, 1815 CTL_NET, PF_INET6, IPPROTO_IPV6, 1816 IPV6CTL_KEEPFAITH, CTL_EOL); 1817 sysctl_createv(clog, 0, NULL, NULL, 1818 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1819 CTLTYPE_INT, "log_interval", 1820 SYSCTL_DESCR("Minumum interval between logging " 1821 "unroutable packets"), 1822 NULL, 0, &ip6_log_interval, 0, 1823 CTL_NET, PF_INET6, IPPROTO_IPV6, 1824 IPV6CTL_LOG_INTERVAL, CTL_EOL); 1825 sysctl_createv(clog, 0, NULL, NULL, 1826 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1827 CTLTYPE_INT, "hdrnestlimit", 1828 SYSCTL_DESCR("Maximum number of nested IPv6 headers"), 1829 NULL, 0, &ip6_hdrnestlimit, 0, 1830 CTL_NET, PF_INET6, IPPROTO_IPV6, 1831 IPV6CTL_HDRNESTLIMIT, CTL_EOL); 1832 sysctl_createv(clog, 0, NULL, NULL, 1833 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1834 CTLTYPE_INT, "dad_count", 1835 SYSCTL_DESCR("Number of Duplicate Address Detection " 1836 "probes to send"), 1837 NULL, 0, &ip6_dad_count, 0, 1838 CTL_NET, PF_INET6, IPPROTO_IPV6, 1839 IPV6CTL_DAD_COUNT, CTL_EOL); 1840 sysctl_createv(clog, 0, NULL, NULL, 1841 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1842 CTLTYPE_INT, "auto_flowlabel", 1843 SYSCTL_DESCR("Assign random IPv6 flow labels"), 1844 NULL, 0, &ip6_auto_flowlabel, 0, 1845 CTL_NET, PF_INET6, IPPROTO_IPV6, 1846 IPV6CTL_AUTO_FLOWLABEL, CTL_EOL); 1847 sysctl_createv(clog, 0, NULL, NULL, 1848 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1849 CTLTYPE_INT, "defmcasthlim", 1850 SYSCTL_DESCR("Default multicast hop limit"), 1851 NULL, 0, &ip6_defmcasthlim, 0, 1852 CTL_NET, PF_INET6, IPPROTO_IPV6, 1853 IPV6CTL_DEFMCASTHLIM, CTL_EOL); 1854#if NGIF > 0 1855 sysctl_createv(clog, 0, NULL, NULL, 1856 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1857 CTLTYPE_INT, "gifhlim", 1858 SYSCTL_DESCR("Default hop limit for a gif tunnel datagram"), 1859 NULL, 0, &ip6_gif_hlim, 0, 1860 CTL_NET, PF_INET6, IPPROTO_IPV6, 1861 IPV6CTL_GIF_HLIM, CTL_EOL); 1862#endif /* NGIF */ 1863 sysctl_createv(clog, 0, NULL, NULL, 1864 CTLFLAG_PERMANENT, 1865 CTLTYPE_STRING, "kame_version", 1866 SYSCTL_DESCR("KAME Version"), 1867 NULL, 0, __UNCONST(__KAME_VERSION), 0, 1868 CTL_NET, PF_INET6, IPPROTO_IPV6, 1869 IPV6CTL_KAME_VERSION, CTL_EOL); 1870 sysctl_createv(clog, 0, NULL, NULL, 1871 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1872 CTLTYPE_INT, "use_deprecated", 1873 SYSCTL_DESCR("Allow use of deprecated addresses as " 1874 "source addresses"), 1875 NULL, 0, &ip6_use_deprecated, 0, 1876 CTL_NET, PF_INET6, IPPROTO_IPV6, 1877 IPV6CTL_USE_DEPRECATED, CTL_EOL); 1878 sysctl_createv(clog, 0, NULL, NULL, 1879 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1880 CTLTYPE_INT, "rr_prune", NULL, 1881 NULL, 0, &ip6_rr_prune, 0, 1882 CTL_NET, PF_INET6, IPPROTO_IPV6, 1883 IPV6CTL_RR_PRUNE, CTL_EOL); 1884 sysctl_createv(clog, 0, NULL, NULL, 1885 CTLFLAG_PERMANENT 1886#ifndef INET6_BINDV6ONLY 1887 |CTLFLAG_READWRITE, 1888#endif 1889 CTLTYPE_INT, "v6only", 1890 SYSCTL_DESCR("Disallow PF_INET6 sockets from connecting " 1891 "to PF_INET sockets"), 1892 NULL, 0, &ip6_v6only, 0, 1893 CTL_NET, PF_INET6, IPPROTO_IPV6, 1894 IPV6CTL_V6ONLY, CTL_EOL); 1895 sysctl_createv(clog, 0, NULL, NULL, 1896 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1897 CTLTYPE_INT, "anonportmin", 1898 SYSCTL_DESCR("Lowest ephemeral port number to assign"), 1899 sysctl_net_inet_ip_ports, 0, &ip6_anonportmin, 0, 1900 CTL_NET, PF_INET6, IPPROTO_IPV6, 1901 IPV6CTL_ANONPORTMIN, CTL_EOL); 1902 sysctl_createv(clog, 0, NULL, NULL, 1903 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1904 CTLTYPE_INT, "anonportmax", 1905 SYSCTL_DESCR("Highest ephemeral port number to assign"), 1906 sysctl_net_inet_ip_ports, 0, &ip6_anonportmax, 0, 1907 CTL_NET, PF_INET6, IPPROTO_IPV6, 1908 IPV6CTL_ANONPORTMAX, CTL_EOL); 1909#ifndef IPNOPRIVPORTS 1910 sysctl_createv(clog, 0, NULL, NULL, 1911 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1912 CTLTYPE_INT, "lowportmin", 1913 SYSCTL_DESCR("Lowest privileged ephemeral port number " 1914 "to assign"), 1915 sysctl_net_inet_ip_ports, 0, &ip6_lowportmin, 0, 1916 CTL_NET, PF_INET6, IPPROTO_IPV6, 1917 IPV6CTL_LOWPORTMIN, CTL_EOL); 1918 sysctl_createv(clog, 0, NULL, NULL, 1919 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1920 CTLTYPE_INT, "lowportmax", 1921 SYSCTL_DESCR("Highest privileged ephemeral port number " 1922 "to assign"), 1923 sysctl_net_inet_ip_ports, 0, &ip6_lowportmax, 0, 1924 CTL_NET, PF_INET6, IPPROTO_IPV6, 1925 IPV6CTL_LOWPORTMAX, CTL_EOL); 1926#endif /* IPNOPRIVPORTS */ 1927 sysctl_createv(clog, 0, NULL, NULL, 1928 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1929 CTLTYPE_INT, "use_tempaddr", 1930 SYSCTL_DESCR("Use temporary address"), 1931 NULL, 0, &ip6_use_tempaddr, 0, 1932 CTL_NET, PF_INET6, IPPROTO_IPV6, 1933 CTL_CREATE, CTL_EOL); 1934 sysctl_createv(clog, 0, NULL, NULL, 1935 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1936 CTLTYPE_INT, "temppltime", 1937 SYSCTL_DESCR("preferred lifetime of a temporary address"), 1938 NULL, 0, &ip6_temp_preferred_lifetime, 0, 1939 CTL_NET, PF_INET6, IPPROTO_IPV6, 1940 CTL_CREATE, CTL_EOL); 1941 sysctl_createv(clog, 0, NULL, NULL, 1942 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1943 CTLTYPE_INT, "tempvltime", 1944 SYSCTL_DESCR("valid lifetime of a temporary address"), 1945 NULL, 0, &ip6_temp_valid_lifetime, 0, 1946 CTL_NET, PF_INET6, IPPROTO_IPV6, 1947 CTL_CREATE, CTL_EOL); 1948 sysctl_createv(clog, 0, NULL, NULL, 1949 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1950 CTLTYPE_INT, "maxfrags", 1951 SYSCTL_DESCR("Maximum fragments in reassembly queue"), 1952 NULL, 0, &ip6_maxfrags, 0, 1953 CTL_NET, PF_INET6, IPPROTO_IPV6, 1954 IPV6CTL_MAXFRAGS, CTL_EOL); 1955 sysctl_createv(clog, 0, NULL, NULL, 1956 CTLFLAG_PERMANENT, 1957 CTLTYPE_STRUCT, "stats", 1958 SYSCTL_DESCR("IPv6 statistics"), 1959 sysctl_net_inet6_ip6_stats, 0, NULL, 0, 1960 CTL_NET, PF_INET6, IPPROTO_IPV6, 1961 IPV6CTL_STATS, CTL_EOL); 1962 sysctl_createv(clog, 0, NULL, NULL, 1963 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1964 CTLTYPE_INT, "use_defaultzone", 1965 SYSCTL_DESCR("Whether to use the default scope zones"), 1966 NULL, 0, &ip6_use_defzone, 0, 1967 CTL_NET, PF_INET6, IPPROTO_IPV6, 1968 IPV6CTL_USE_DEFAULTZONE, CTL_EOL); 1969 sysctl_createv(clog, 0, NULL, NULL, 1970 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1971 CTLTYPE_INT, "mcast_pmtu", 1972 SYSCTL_DESCR("Enable pMTU discovery for multicast packet"), 1973 NULL, 0, &ip6_mcast_pmtu, 0, 1974 CTL_NET, PF_INET6, IPPROTO_IPV6, 1975 CTL_CREATE, CTL_EOL); 1976#ifdef GATEWAY 1977 sysctl_createv(clog, 0, NULL, NULL, 1978 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1979 CTLTYPE_INT, "maxflows", 1980 SYSCTL_DESCR("Number of flows for fast forwarding (IPv6)"), 1981 sysctl_net_inet6_ip6_maxflows, 0, &ip6_maxflows, 0, 1982 CTL_NET, PF_INET6, IPPROTO_IPV6, 1983 CTL_CREATE, CTL_EOL); 1984 sysctl_createv(clog, 0, NULL, NULL, 1985 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1986 CTLTYPE_INT, "hashsize", 1987 SYSCTL_DESCR("Size of hash table for fast forwarding (IPv6)"), 1988 sysctl_net_inet6_ip6_hashsize, 0, &ip6_hashsize, 0, 1989 CTL_NET, PF_INET6, IPPROTO_IPV6, 1990 CTL_CREATE, CTL_EOL); 1991#endif 1992 sysctl_createv(clog, 0, NULL, NULL, 1993 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1994 CTLTYPE_INT, "neighborgcthresh", 1995 SYSCTL_DESCR("Maximum number of entries in neighbor" 1996 " cache"), 1997 NULL, 1, &ip6_neighborgcthresh, 0, 1998 CTL_NET, PF_INET6, IPPROTO_IPV6, 1999 CTL_CREATE, CTL_EOL); 2000 sysctl_createv(clog, 0, NULL, NULL, 2001 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 2002 CTLTYPE_INT, "maxifprefixes", 2003 SYSCTL_DESCR("Maximum number of prefixes created by" 2004 " route advertisement per interface"), 2005 NULL, 1, &ip6_maxifprefixes, 0, 2006 CTL_NET, PF_INET6, IPPROTO_IPV6, 2007 CTL_CREATE, CTL_EOL); 2008 sysctl_createv(clog, 0, NULL, NULL, 2009 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 2010 CTLTYPE_INT, "maxifdefrouters", 2011 SYSCTL_DESCR("Maximum number of default routers created" 2012 " by route advertisement per interface"), 2013 NULL, 1, &ip6_maxifdefrouters, 0, 2014 CTL_NET, PF_INET6, IPPROTO_IPV6, 2015 CTL_CREATE, CTL_EOL); 2016 sysctl_createv(clog, 0, NULL, NULL, 2017 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 2018 CTLTYPE_INT, "maxdynroutes", 2019 SYSCTL_DESCR("Maximum number of routes created via" 2020 " redirect"), 2021 NULL, 1, &ip6_maxdynroutes, 0, 2022 CTL_NET, PF_INET6, IPPROTO_IPV6, 2023 CTL_CREATE, CTL_EOL); 2024} 2025 2026void 2027ip6_statinc(u_int stat) 2028{ 2029 2030 KASSERT(stat < IP6_NSTATS); 2031 IP6_STATINC(stat); 2032} 2033