1/* 2 * Copyright (c) 2008-2013 Apple Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29/* 30 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 31 * All rights reserved. 32 * 33 * Redistribution and use in source and binary forms, with or without 34 * modification, are permitted provided that the following conditions 35 * are met: 36 * 1. Redistributions of source code must retain the above copyright 37 * notice, this list of conditions and the following disclaimer. 38 * 2. Redistributions in binary form must reproduce the above copyright 39 * notice, this list of conditions and the following disclaimer in the 40 * documentation and/or other materials provided with the distribution. 41 * 3. Neither the name of the project nor the names of its contributors 42 * may be used to endorse or promote products derived from this software 43 * without specific prior written permission. 44 * 45 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 48 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 55 * SUCH DAMAGE. 56 */ 57 58/* 59 * Copyright (c) 1982, 1986, 1993 60 * The Regents of the University of California. All rights reserved. 61 * 62 * Redistribution and use in source and binary forms, with or without 63 * modification, are permitted provided that the following conditions 64 * are met: 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 2. Redistributions in binary form must reproduce the above copyright 68 * notice, this list of conditions and the following disclaimer in the 69 * documentation and/or other materials provided with the distribution. 70 * 3. All advertising materials mentioning features or use of this software 71 * must display the following acknowledgement: 72 * This product includes software developed by the University of 73 * California, Berkeley and its contributors. 74 * 4. Neither the name of the University nor the names of its contributors 75 * may be used to endorse or promote products derived from this software 76 * without specific prior written permission. 77 * 78 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 79 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 80 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 81 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 82 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 83 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 84 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 85 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 86 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 87 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 88 * SUCH DAMAGE. 89 * 90 * @(#)in_proto.c 8.1 (Berkeley) 6/10/93 91 */ 92 93 94#include <sys/param.h> 95#include <sys/socket.h> 96#include <sys/socketvar.h> 97#include <sys/protosw.h> 98#include <sys/kernel.h> 99#include <sys/domain.h> 100#include <sys/mbuf.h> 101#include <sys/systm.h> 102#include <sys/sysctl.h> 103 104#include <net/if.h> 105#include <net/radix.h> 106#include <net/route.h> 107 108#include <netinet/in.h> 109#include <netinet/in_systm.h> 110#include <netinet/in_var.h> 111#include <netinet/ip_encap.h> 112#include <netinet/ip.h> 113#include <netinet/ip_var.h> 114#include <netinet/ip6.h> 115#include <netinet6/ip6_var.h> 116#include <netinet6/in6_var.h> 117#include <netinet/icmp6.h> 118 119#include <netinet/tcp.h> 120#include <netinet/tcp_timer.h> 121#include <netinet/tcp_var.h> 122#include <netinet/udp.h> 123#include <netinet/udp_var.h> 124#include <netinet6/tcp6_var.h> 125#include <netinet6/raw_ip6.h> 126#include <netinet6/udp6_var.h> 127#include <netinet6/nd6.h> 128#include <netinet6/mld6_var.h> 129 130#if IPSEC 131#include <netinet6/ipsec.h> 132#if INET6 133#include <netinet6/ipsec6.h> 134#endif 135#include <netinet6/ah.h> 136#if INET6 137#include <netinet6/ah6.h> 138#endif 139#if IPSEC_ESP 140#include <netinet6/esp.h> 141#if INET6 142#include <netinet6/esp6.h> 143#endif 144#endif 145#include <netinet6/ipcomp.h> 146#if INET6 147#include <netinet6/ipcomp6.h> 148#endif 149#endif /*IPSEC*/ 150 151#include <netinet6/ip6protosw.h> 152 153#include <net/net_osdep.h> 154 155/* 156 * TCP/IP protocol family: IP6, ICMP6, UDP, TCP. 157 */ 158 159extern struct domain inet6domain_s; 160struct domain *inet6domain = NULL; 161 162static struct pr_usrreqs nousrreqs; 163lck_mtx_t *inet6_domain_mutex; 164 165static void in6_dinit(struct domain *); 166static int rip6_pr_output(struct mbuf *, struct socket *, 167 struct sockaddr_in6 *, struct mbuf *); 168 169struct ip6protosw inet6sw[] = { 170{ 171 .pr_type = 0, 172 .pr_protocol = IPPROTO_IPV6, 173 .pr_init = ip6_init, 174 .pr_drain = ip6_drain, 175 .pr_usrreqs = &nousrreqs, 176}, 177{ 178 .pr_type = SOCK_DGRAM, 179 .pr_protocol = IPPROTO_UDP, 180 .pr_flags = PR_ATOMIC|PR_ADDR|PR_PROTOLOCK|PR_PCBLOCK| 181 PR_EVCONNINFO, 182 .pr_input = udp6_input, 183 .pr_ctlinput = udp6_ctlinput, 184 .pr_ctloutput = ip6_ctloutput, 185#if !INET /* don't call initialization twice */ 186 .pr_init = udp_init, 187#endif /* !INET */ 188 .pr_usrreqs = &udp6_usrreqs, 189 .pr_lock = udp_lock, 190 .pr_unlock = udp_unlock, 191 .pr_getlock = udp_getlock, 192}, 193{ 194 .pr_type = SOCK_STREAM, 195 .pr_protocol = IPPROTO_TCP, 196 .pr_flags = PR_CONNREQUIRED|PR_WANTRCVD|PR_PCBLOCK| 197 PR_PROTOLOCK|PR_DISPOSE|PR_EVCONNINFO, 198 .pr_input = tcp6_input, 199 .pr_ctlinput = tcp6_ctlinput, 200 .pr_ctloutput = tcp_ctloutput, 201#if !INET /* don't call initialization and timeout routines twice */ 202 .pr_init = tcp_init, 203#endif /* !INET */ 204 .pr_drain = tcp_drain, 205 .pr_usrreqs = &tcp6_usrreqs, 206 .pr_lock = tcp_lock, 207 .pr_unlock = tcp_unlock, 208 .pr_getlock = tcp_getlock, 209}, 210{ 211 .pr_type = SOCK_RAW, 212 .pr_protocol = IPPROTO_RAW, 213 .pr_flags = PR_ATOMIC|PR_ADDR, 214 .pr_input = rip6_input, 215 .pr_output = rip6_pr_output, 216 .pr_ctlinput = rip6_ctlinput, 217 .pr_ctloutput = rip6_ctloutput, 218#if !INET /* don't call initialization and timeout routines twice */ 219 .pr_init = rip_init, 220#endif /* !INET */ 221 .pr_usrreqs = &rip6_usrreqs, 222 .pr_unlock = rip_unlock, 223}, 224{ 225 .pr_type = SOCK_RAW, 226 .pr_protocol = IPPROTO_ICMPV6, 227 .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, 228 .pr_input = icmp6_input, 229 .pr_output = rip6_pr_output, 230 .pr_ctlinput = rip6_ctlinput, 231 .pr_ctloutput = rip6_ctloutput, 232 .pr_init = icmp6_init, 233 .pr_usrreqs = &rip6_usrreqs, 234 .pr_unlock = rip_unlock, 235}, 236{ 237 .pr_type = SOCK_DGRAM, 238 .pr_protocol = IPPROTO_ICMPV6, 239 .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, 240 .pr_input = icmp6_input, 241 .pr_output = rip6_pr_output, 242 .pr_ctlinput = rip6_ctlinput, 243 .pr_ctloutput = icmp6_dgram_ctloutput, 244 .pr_init = icmp6_init, 245 .pr_usrreqs = &icmp6_dgram_usrreqs, 246 .pr_unlock = rip_unlock, 247}, 248{ 249 .pr_type = SOCK_RAW, 250 .pr_protocol = IPPROTO_DSTOPTS, 251 .pr_flags = PR_ATOMIC|PR_ADDR, 252 .pr_input = dest6_input, 253 .pr_usrreqs = &nousrreqs, 254}, 255{ 256 .pr_type = SOCK_RAW, 257 .pr_protocol = IPPROTO_ROUTING, 258 .pr_flags = PR_ATOMIC|PR_ADDR, 259 .pr_input = route6_input, 260 .pr_usrreqs = &nousrreqs, 261}, 262{ 263 .pr_type = SOCK_RAW, 264 .pr_protocol = IPPROTO_FRAGMENT, 265 .pr_flags = PR_ATOMIC|PR_ADDR|PR_PROTOLOCK, 266 .pr_input = frag6_input, 267 .pr_usrreqs = &nousrreqs, 268}, 269#if IPSEC 270{ 271 .pr_type = SOCK_RAW, 272 .pr_protocol = IPPROTO_AH, 273 .pr_flags = PR_ATOMIC|PR_ADDR|PR_PROTOLOCK, 274 .pr_input = ah6_input, 275 .pr_usrreqs = &nousrreqs, 276}, 277#if IPSEC_ESP 278{ 279 .pr_type = SOCK_RAW, 280 .pr_protocol = IPPROTO_ESP, 281 .pr_flags = PR_ATOMIC|PR_ADDR|PR_PROTOLOCK, 282 .pr_input = esp6_input, 283 .pr_ctlinput = esp6_ctlinput, 284 .pr_usrreqs = &nousrreqs, 285}, 286#endif /* IPSEC_ESP */ 287{ 288 .pr_type = SOCK_RAW, 289 .pr_protocol = IPPROTO_IPCOMP, 290 .pr_flags = PR_ATOMIC|PR_ADDR|PR_PROTOLOCK, 291 .pr_input = ipcomp6_input, 292 .pr_usrreqs = &nousrreqs, 293}, 294#endif /* IPSEC */ 295#if INET 296{ 297 .pr_type = SOCK_RAW, 298 .pr_protocol = IPPROTO_IPV4, 299 .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, 300 .pr_input = encap6_input, 301 .pr_output = rip6_pr_output, 302 .pr_ctloutput = rip6_ctloutput, 303 .pr_init = encap6_init, 304 .pr_usrreqs = &rip6_usrreqs, 305 .pr_unlock = rip_unlock, 306}, 307#endif /*INET*/ 308{ 309 .pr_type = SOCK_RAW, 310 .pr_protocol = IPPROTO_IPV6, 311 .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, 312 .pr_input = encap6_input, 313 .pr_output = rip6_pr_output, 314 .pr_ctloutput = rip6_ctloutput, 315 .pr_init = encap6_init, 316 .pr_usrreqs = &rip6_usrreqs, 317 .pr_unlock = rip_unlock, 318}, 319/* raw wildcard */ 320{ 321 .pr_type = SOCK_RAW, 322 .pr_protocol = 0, 323 .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, 324 .pr_input = rip6_input, 325 .pr_output = rip6_pr_output, 326 .pr_ctloutput = rip6_ctloutput, 327 .pr_usrreqs = &rip6_usrreqs, 328 .pr_unlock = rip_unlock, 329}, 330}; 331 332int in6_proto_count = (sizeof (inet6sw) / sizeof (struct ip6protosw)); 333 334struct domain inet6domain_s = { 335 .dom_family = PF_INET6, 336 .dom_flags = DOM_REENTRANT, 337 .dom_name = "internet6", 338 .dom_init = in6_dinit, 339 .dom_rtattach = in6_inithead, 340 .dom_rtoffset = offsetof(struct sockaddr_in6, sin6_addr) << 3, 341 .dom_maxrtkey = sizeof (struct sockaddr_in6), 342 .dom_protohdrlen = sizeof (struct sockaddr_in6), 343}; 344 345/* Initialize the PF_INET6 domain, and add in the pre-defined protos */ 346void 347in6_dinit(struct domain *dp) 348{ 349 struct ip6protosw *pr; 350 int i; 351 352 VERIFY(!(dp->dom_flags & DOM_INITIALIZED)); 353 VERIFY(inet6domain == NULL); 354 355 inet6domain = dp; 356 357 _CASSERT(sizeof (struct protosw) == sizeof (struct ip6protosw)); 358 _CASSERT(offsetof(struct ip6protosw, pr_entry) == 359 offsetof(struct protosw, pr_entry)); 360 _CASSERT(offsetof(struct ip6protosw, pr_domain) == 361 offsetof(struct protosw, pr_domain)); 362 _CASSERT(offsetof(struct ip6protosw, pr_protosw) == 363 offsetof(struct protosw, pr_protosw)); 364 _CASSERT(offsetof(struct ip6protosw, pr_type) == 365 offsetof(struct protosw, pr_type)); 366 _CASSERT(offsetof(struct ip6protosw, pr_protocol) == 367 offsetof(struct protosw, pr_protocol)); 368 _CASSERT(offsetof(struct ip6protosw, pr_flags) == 369 offsetof(struct protosw, pr_flags)); 370 _CASSERT(offsetof(struct ip6protosw, pr_input) == 371 offsetof(struct protosw, pr_input)); 372 _CASSERT(offsetof(struct ip6protosw, pr_output) == 373 offsetof(struct protosw, pr_output)); 374 _CASSERT(offsetof(struct ip6protosw, pr_ctlinput) == 375 offsetof(struct protosw, pr_ctlinput)); 376 _CASSERT(offsetof(struct ip6protosw, pr_ctloutput) == 377 offsetof(struct protosw, pr_ctloutput)); 378 _CASSERT(offsetof(struct ip6protosw, pr_usrreqs) == 379 offsetof(struct protosw, pr_usrreqs)); 380 _CASSERT(offsetof(struct ip6protosw, pr_init) == 381 offsetof(struct protosw, pr_init)); 382 _CASSERT(offsetof(struct ip6protosw, pr_drain) == 383 offsetof(struct protosw, pr_drain)); 384 _CASSERT(offsetof(struct ip6protosw, pr_sysctl) == 385 offsetof(struct protosw, pr_sysctl)); 386 _CASSERT(offsetof(struct ip6protosw, pr_lock) == 387 offsetof(struct protosw, pr_lock)); 388 _CASSERT(offsetof(struct ip6protosw, pr_unlock) == 389 offsetof(struct protosw, pr_unlock)); 390 _CASSERT(offsetof(struct ip6protosw, pr_getlock) == 391 offsetof(struct protosw, pr_getlock)); 392 _CASSERT(offsetof(struct ip6protosw, pr_filter_head) == 393 offsetof(struct protosw, pr_filter_head)); 394 _CASSERT(offsetof(struct ip6protosw, pr_old) == 395 offsetof(struct protosw, pr_old)); 396 397 /* 398 * Attach first, then initialize. ip6_init() needs raw IP6 handler. 399 */ 400 for (i = 0, pr = &inet6sw[0]; i < in6_proto_count; i++, pr++) 401 net_add_proto((struct protosw *)pr, dp, 0); 402 for (i = 0, pr = &inet6sw[0]; i < in6_proto_count; i++, pr++) 403 net_init_proto((struct protosw *)pr, dp); 404 405 inet6_domain_mutex = dp->dom_mtx; 406} 407 408static int 409rip6_pr_output(struct mbuf *m, struct socket *so, struct sockaddr_in6 *sin6, 410 struct mbuf *m1) 411{ 412#pragma unused(m, so, sin6, m1) 413 panic("%s\n", __func__); 414 /* NOTREACHED */ 415 return (0); 416} 417 418/* 419 * Internet configuration info 420 */ 421#ifndef IPV6FORWARDING 422#if GATEWAY6 423#define IPV6FORWARDING 1 /* forward IP6 packets not for us */ 424#else 425#define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */ 426#endif /* GATEWAY6 */ 427#endif /* !IPV6FORWARDING */ 428 429#ifndef IPV6_SENDREDIRECTS 430#define IPV6_SENDREDIRECTS 1 431#endif 432 433int ip6_forwarding = IPV6FORWARDING; /* act as router? */ 434int ip6_sendredirects = IPV6_SENDREDIRECTS; 435int ip6_defhlim = IPV6_DEFHLIM; 436int ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS; 437int ip6_accept_rtadv = 1; /* deprecated */ 438int ip6_log_interval = 5; 439int ip6_hdrnestlimit = 15; /* How many header options will we process? */ 440int ip6_dad_count = 1; /* DupAddrDetectionTransmits */ 441int ip6_auto_flowlabel = 1; 442int ip6_gif_hlim = 0; 443int ip6_use_deprecated = 1; /* allow deprecated addr [RFC 4862, 5.5.4] */ 444int ip6_rr_prune = 5; /* router renumbering prefix 445 * walk list every 5 sec. */ 446int ip6_mcast_pmtu = 0; /* enable pMTU discovery for multicast? */ 447int ip6_v6only = 0; /* Mapped addresses off by default - Radar 3347718 -- REVISITING FOR 10.7 -- TESTING WITH MAPPED@ OFF */ 448 449int ip6_neighborgcthresh = 1024; /* Threshold # of NDP entries for GC */ 450int ip6_maxifprefixes = 16; /* Max acceptable prefixes via RA per IF */ 451int ip6_maxifdefrouters = 16; /* Max acceptable def routers via RA */ 452int ip6_maxdynroutes = 1024; /* Max # of routes created via redirect */ 453int ip6_only_allow_rfc4193_prefix = 0; /* Only allow RFC4193 style Unique Local IPv6 Unicast prefixes */ 454 455static int ip6_keepfaith = 0; 456uint64_t ip6_log_time = 0; 457int nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (as in RFC 4861) */ 458 459/* icmp6 */ 460/* 461 * BSDI4 defines these variables in in_proto.c... 462 * XXX: what if we don't define INET? Should we define pmtu6_expire 463 * or so? (jinmei@kame.net 19990310) 464 */ 465int pmtu_expire = 60*10; 466int pmtu_probe = 60*2; 467 468/* raw IP6 parameters */ 469/* 470 * Nominal space allocated to a raw ip socket. 471 */ 472#define RIPV6SNDQ 8192 473#define RIPV6RCVQ 8192 474 475u_int32_t rip6_sendspace = RIPV6SNDQ; 476u_int32_t rip6_recvspace = RIPV6RCVQ; 477 478/* ICMPV6 parameters */ 479int icmp6_rediraccept = 1; /* accept and process redirects */ 480int icmp6_redirtimeout = 10 * 60; /* 10 minutes */ 481int icmp6errppslim = 500; /* 500 packets per second */ 482int icmp6rappslim = 10; /* 10 packets per second */ 483int icmp6_nodeinfo = 3; /* enable/disable NI response */ 484 485/* UDP on IP6 parameters */ 486int udp6_sendspace = 9216; /* really max datagram size */ 487int udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6)); 488 /* 40 1K datagrams */ 489 490/* 491 * sysctl related items. 492 */ 493SYSCTL_NODE(_net, PF_INET6, inet6, 494 CTLFLAG_RW | CTLFLAG_LOCKED, 0, "Internet6 Family"); 495 496/* net.inet6 */ 497SYSCTL_NODE(_net_inet6, IPPROTO_IPV6, ip6, 498 CTLFLAG_RW|CTLFLAG_LOCKED, 0, "IP6"); 499SYSCTL_NODE(_net_inet6, IPPROTO_ICMPV6, icmp6, 500 CTLFLAG_RW|CTLFLAG_LOCKED, 0, "ICMP6"); 501SYSCTL_NODE(_net_inet6, IPPROTO_UDP, udp6, 502 CTLFLAG_RW|CTLFLAG_LOCKED, 0, "UDP6"); 503SYSCTL_NODE(_net_inet6, IPPROTO_TCP, tcp6, 504 CTLFLAG_RW|CTLFLAG_LOCKED, 0, "TCP6"); 505#if IPSEC 506SYSCTL_NODE(_net_inet6, IPPROTO_ESP, ipsec6, 507 CTLFLAG_RW|CTLFLAG_LOCKED, 0, "IPSEC6"); 508#endif /* IPSEC */ 509 510/* net.inet6.ip6 */ 511static int 512sysctl_ip6_temppltime SYSCTL_HANDLER_ARGS 513{ 514#pragma unused(oidp, arg2) 515 int error = 0; 516 int old; 517 518 error = SYSCTL_OUT(req, arg1, sizeof(int)); 519 if (error || !req->newptr) 520 return (error); 521 old = ip6_temp_preferred_lifetime; 522 error = SYSCTL_IN(req, arg1, sizeof(int)); 523 if (ip6_temp_preferred_lifetime > ND6_MAX_LIFETIME || 524 ip6_temp_preferred_lifetime < 525 ip6_desync_factor + ip6_temp_regen_advance) { 526 ip6_temp_preferred_lifetime = old; 527 return (EINVAL); 528 } 529 return (error); 530} 531 532static int 533sysctl_ip6_tempvltime SYSCTL_HANDLER_ARGS 534{ 535#pragma unused(oidp, arg2) 536 int error = 0; 537 int old; 538 539 error = SYSCTL_OUT(req, arg1, sizeof(int)); 540 if (error || !req->newptr) 541 return (error); 542 old = ip6_temp_valid_lifetime; 543 error = SYSCTL_IN(req, arg1, sizeof(int)); 544 if (ip6_temp_valid_lifetime > ND6_MAX_LIFETIME || 545 ip6_temp_valid_lifetime < ip6_temp_preferred_lifetime) { 546 ip6_temp_valid_lifetime = old; 547 return (EINVAL); 548 } 549 return (error); 550} 551 552static int 553ip6_getstat SYSCTL_HANDLER_ARGS 554{ 555#pragma unused(oidp, arg1, arg2) 556 if (req->oldptr == USER_ADDR_NULL) 557 req->oldlen = (size_t)sizeof (struct ip6stat); 558 559 return (SYSCTL_OUT(req, &ip6stat, MIN(sizeof (ip6stat), req->oldlen))); 560} 561 562SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING, 563 forwarding, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_forwarding, 0, ""); 564SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS, 565 redirect, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_sendredirects, 0, ""); 566SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM, 567 hlim, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_defhlim, 0, ""); 568SYSCTL_PROC(_net_inet6_ip6, IPV6CTL_STATS, stats, 569 CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_LOCKED, 570 0, 0, ip6_getstat, "S,ip6stat", ""); 571SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, 572 accept_rtadv, CTLFLAG_RD | CTLFLAG_LOCKED, 573 &ip6_accept_rtadv, 0, ""); 574SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH, 575 keepfaith, CTLFLAG_RD | CTLFLAG_LOCKED, &ip6_keepfaith, 0, ""); 576SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL, 577 log_interval, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_log_interval, 0, ""); 578SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT, 579 hdrnestlimit, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_hdrnestlimit, 0, ""); 580SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT, 581 dad_count, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_dad_count, 0, ""); 582SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL, 583 auto_flowlabel, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_auto_flowlabel, 0, ""); 584SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM, 585 defmcasthlim, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_defmcasthlim, 0, ""); 586SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, 587 gifhlim, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_gif_hlim, 0, ""); 588SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION, 589 kame_version, CTLFLAG_RD | CTLFLAG_LOCKED, (void *)((uintptr_t)(__KAME_VERSION)), 0, ""); 590SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED, 591 use_deprecated, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_use_deprecated, 0, ""); 592SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE, 593 rr_prune, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_rr_prune, 0, ""); 594SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR, 595 use_tempaddr, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_use_tempaddr, 0, ""); 596SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime, 597 CTLTYPE_INT|CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_temp_preferred_lifetime, 0, 598 sysctl_ip6_temppltime, "I", ""); 599SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime, 600 CTLTYPE_INT|CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_temp_valid_lifetime, 0, 601 sysctl_ip6_tempvltime, "I", ""); 602SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY, 603 v6only, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_v6only, 0, ""); 604SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, 605 auto_linklocal, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_auto_linklocal, 0, ""); 606SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD | CTLFLAG_LOCKED, 607 &rip6stat, rip6stat, ""); 608SYSCTL_INT(_net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR, 609 prefer_tempaddr, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_prefer_tempaddr, 0, ""); 610SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEFAULTZONE, 611 use_defaultzone, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_use_defzone, 0,""); 612SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MCAST_PMTU, 613 mcast_pmtu, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_mcast_pmtu, 0, ""); 614SYSCTL_INT(_net_inet6_ip6, IPV6CTL_NEIGHBORGCTHRESH, 615 neighborgcthresh, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_neighborgcthresh, 0, ""); 616SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXIFPREFIXES, 617 maxifprefixes, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_maxifprefixes, 0, ""); 618SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXIFDEFROUTERS, 619 maxifdefrouters, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_maxifdefrouters, 0, ""); 620SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXDYNROUTES, 621 maxdynroutes, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_maxdynroutes, 0, ""); 622SYSCTL_INT(_net_inet6_ip6, OID_AUTO, 623 only_allow_rfc4193_prefixes, CTLFLAG_RW | CTLFLAG_LOCKED, 624 &ip6_only_allow_rfc4193_prefix, 0, ""); 625 626/* net.inet6.icmp6 */ 627SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, 628 rediraccept, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp6_rediraccept, 0, ""); 629SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, 630 redirtimeout, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp6_redirtimeout, 0, ""); 631SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD | CTLFLAG_LOCKED, 632 &icmp6stat, icmp6stat, ""); 633SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, 634 nd6_prune, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_prune, 0, ""); 635SYSCTL_INT(_net_inet6_icmp6, OID_AUTO, 636 nd6_prune_lazy, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_prune_lazy, 0, ""); 637SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, 638 nd6_delay, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_delay, 0, ""); 639SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, 640 nd6_umaxtries, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_umaxtries, 0, ""); 641SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, 642 nd6_mmaxtries, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_mmaxtries, 0, ""); 643SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, 644 nd6_useloopback, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_useloopback, 0, ""); 645SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ACCEPT_6TO4, 646 nd6_accept_6to4, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_accept_6to4, 0, ""); 647SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, 648 nodeinfo, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp6_nodeinfo, 0, ""); 649SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, 650 errppslimit, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp6errppslim, 0, ""); 651SYSCTL_INT(_net_inet6_icmp6, OID_AUTO, 652 rappslimit, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp6rappslim, 0, ""); 653SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, 654 nd6_debug, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_debug, 0, ""); 655SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861, 656 nd6_onlink_ns_rfc4861, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_onlink_ns_rfc4861, 0, 657 "Accept 'on-link' nd6 NS in compliance with RFC 4861."); 658SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_OPTIMISTIC_DAD, 659 nd6_optimistic_dad, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_optimistic_dad, 0, ""); 660