1 /* 2 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved. 3 * Copyright (c) 2003, 2004 The DragonFly Project. All rights reserved. 4 * 5 * This code is derived from software contributed to The DragonFly Project 6 * by Jeffrey M. Hsu. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of The DragonFly Project nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific, prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 30 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved. 36 * 37 * License terms: all terms for the DragonFly license above plus the following: 38 * 39 * 4. All advertising materials mentioning features or use of this software 40 * must display the following acknowledgement: 41 * 42 * This product includes software developed by Jeffrey M. Hsu 43 * for the DragonFly Project. 44 * 45 * This requirement may be waived with permission from Jeffrey Hsu. 46 * This requirement will sunset and may be removed on July 8 2005, 47 * after which the standard DragonFly license (as shown above) will 48 * apply. 49 */ 50 51 /* 52 * Copyright (c) 1982, 1986, 1988, 1993 53 * The Regents of the University of California. All rights reserved. 54 * 55 * Redistribution and use in source and binary forms, with or without 56 * modification, are permitted provided that the following conditions 57 * are met: 58 * 1. Redistributions of source code must retain the above copyright 59 * notice, this list of conditions and the following disclaimer. 60 * 2. Redistributions in binary form must reproduce the above copyright 61 * notice, this list of conditions and the following disclaimer in the 62 * documentation and/or other materials provided with the distribution. 63 * 3. All advertising materials mentioning features or use of this software 64 * must display the following acknowledgement: 65 * This product includes software developed by the University of 66 * California, Berkeley and its contributors. 67 * 4. Neither the name of the University nor the names of its contributors 68 * may be used to endorse or promote products derived from this software 69 * without specific prior written permission. 70 * 71 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 72 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 73 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 74 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 75 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 76 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 77 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 78 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 79 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 80 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 81 * SUCH DAMAGE. 82 * 83 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 84 * $FreeBSD: src/sys/netinet/ip_input.c,v 1.130.2.52 2003/03/07 07:01:28 silby Exp $ 85 * $DragonFly: src/sys/netinet/ip_input.c,v 1.46 2005/02/11 22:25:57 joerg Exp $ 86 */ 87 88 #define _IP_VHL 89 90 #include "opt_bootp.h" 91 #include "opt_ipfw.h" 92 #include "opt_ipdn.h" 93 #include "opt_ipdivert.h" 94 #include "opt_ipfilter.h" 95 #include "opt_ipstealth.h" 96 #include "opt_ipsec.h" 97 #include "opt_random_ip_id.h" 98 99 #include <sys/param.h> 100 #include <sys/systm.h> 101 #include <sys/mbuf.h> 102 #include <sys/malloc.h> 103 #include <sys/mpipe.h> 104 #include <sys/domain.h> 105 #include <sys/protosw.h> 106 #include <sys/socket.h> 107 #include <sys/time.h> 108 #include <sys/globaldata.h> 109 #include <sys/thread.h> 110 #include <sys/kernel.h> 111 #include <sys/syslog.h> 112 #include <sys/sysctl.h> 113 #include <sys/in_cksum.h> 114 115 #include <sys/thread2.h> 116 #include <sys/msgport2.h> 117 118 #include <machine/stdarg.h> 119 120 #include <net/if.h> 121 #include <net/if_types.h> 122 #include <net/if_var.h> 123 #include <net/if_dl.h> 124 #include <net/pfil.h> 125 #include <net/route.h> 126 #include <net/netisr.h> 127 #include <net/intrq.h> 128 129 #include <netinet/in.h> 130 #include <netinet/in_systm.h> 131 #include <netinet/in_var.h> 132 #include <netinet/ip.h> 133 #include <netinet/in_pcb.h> 134 #include <netinet/ip_var.h> 135 #include <netinet/ip_icmp.h> 136 137 138 #include <sys/socketvar.h> 139 140 #include <net/ipfw/ip_fw.h> 141 #include <net/dummynet/ip_dummynet.h> 142 143 #ifdef IPSEC 144 #include <netinet6/ipsec.h> 145 #include <netproto/key/key.h> 146 #endif 147 148 #ifdef FAST_IPSEC 149 #include <netproto/ipsec/ipsec.h> 150 #include <netproto/ipsec/key.h> 151 #endif 152 153 int rsvp_on = 0; 154 static int ip_rsvp_on; 155 struct socket *ip_rsvpd; 156 157 int ipforwarding = 0; 158 SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, 159 &ipforwarding, 0, "Enable IP forwarding between interfaces"); 160 161 static int ipsendredirects = 1; /* XXX */ 162 SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, 163 &ipsendredirects, 0, "Enable sending IP redirects"); 164 165 int ip_defttl = IPDEFTTL; 166 SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, 167 &ip_defttl, 0, "Maximum TTL on IP packets"); 168 169 static int ip_dosourceroute = 0; 170 SYSCTL_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW, 171 &ip_dosourceroute, 0, "Enable forwarding source routed IP packets"); 172 173 static int ip_acceptsourceroute = 0; 174 SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute, 175 CTLFLAG_RW, &ip_acceptsourceroute, 0, 176 "Enable accepting source routed IP packets"); 177 178 static int ip_keepfaith = 0; 179 SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, 180 &ip_keepfaith, 0, 181 "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); 182 183 static int nipq = 0; /* total # of reass queues */ 184 static int maxnipq; 185 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragpackets, CTLFLAG_RW, 186 &maxnipq, 0, 187 "Maximum number of IPv4 fragment reassembly queue entries"); 188 189 static int maxfragsperpacket; 190 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, 191 &maxfragsperpacket, 0, 192 "Maximum number of IPv4 fragments allowed per packet"); 193 194 static int ip_sendsourcequench = 0; 195 SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, 196 &ip_sendsourcequench, 0, 197 "Enable the transmission of source quench packets"); 198 199 /* 200 * XXX - Setting ip_checkinterface mostly implements the receive side of 201 * the Strong ES model described in RFC 1122, but since the routing table 202 * and transmit implementation do not implement the Strong ES model, 203 * setting this to 1 results in an odd hybrid. 204 * 205 * XXX - ip_checkinterface currently must be disabled if you use ipnat 206 * to translate the destination address to another local interface. 207 * 208 * XXX - ip_checkinterface must be disabled if you add IP aliases 209 * to the loopback interface instead of the interface where the 210 * packets for those addresses are received. 211 */ 212 static int ip_checkinterface = 0; 213 SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, 214 &ip_checkinterface, 0, "Verify packet arrives on correct interface"); 215 216 #ifdef DIAGNOSTIC 217 static int ipprintfs = 0; 218 #endif 219 220 static struct ifqueue ipintrq; 221 static int ipqmaxlen = IFQ_MAXLEN; 222 223 extern struct domain inetdomain; 224 extern struct protosw inetsw[]; 225 u_char ip_protox[IPPROTO_MAX]; 226 struct in_ifaddrhead in_ifaddrhead; /* first inet address */ 227 struct in_ifaddrhashhead *in_ifaddrhashtbl; /* inet addr hash table */ 228 u_long in_ifaddrhmask; /* mask for hash table */ 229 230 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQMAXLEN, intr_queue_maxlen, CTLFLAG_RW, 231 &ipintrq.ifq_maxlen, 0, "Maximum size of the IP input queue"); 232 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQDROPS, intr_queue_drops, CTLFLAG_RD, 233 &ipintrq.ifq_drops, 0, "Number of packets dropped from the IP input queue"); 234 235 struct ip_stats ipstats_ary[MAXCPU]; 236 #ifdef SMP 237 static int 238 sysctl_ipstats(SYSCTL_HANDLER_ARGS) 239 { 240 int cpu, error = 0; 241 242 for (cpu = 0; cpu < ncpus; ++cpu) { 243 if ((error = SYSCTL_OUT(req, &ipstats_ary[cpu], 244 sizeof(struct ip_stats)))) 245 break; 246 if ((error = SYSCTL_IN(req, &ipstats_ary[cpu], 247 sizeof(struct ip_stats)))) 248 break; 249 } 250 251 return (error); 252 } 253 SYSCTL_PROC(_net_inet_ip, IPCTL_STATS, stats, (CTLTYPE_OPAQUE | CTLFLAG_RW), 254 0, 0, sysctl_ipstats, "S,ip_stats", "IP statistics"); 255 #else 256 SYSCTL_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, 257 &ipstat, ip_stats, "IP statistics"); 258 #endif 259 260 /* Packet reassembly stuff */ 261 #define IPREASS_NHASH_LOG2 6 262 #define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2) 263 #define IPREASS_HMASK (IPREASS_NHASH - 1) 264 #define IPREASS_HASH(x,y) \ 265 (((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK) 266 267 static struct ipq ipq[IPREASS_NHASH]; 268 const int ipintrq_present = 1; 269 270 #ifdef IPCTL_DEFMTU 271 SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW, 272 &ip_mtu, 0, "Default MTU"); 273 #endif 274 275 #ifdef IPSTEALTH 276 static int ipstealth = 0; 277 SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, &ipstealth, 0, ""); 278 #else 279 static const int ipstealth = 0; 280 #endif 281 282 283 /* Firewall hooks */ 284 ip_fw_chk_t *ip_fw_chk_ptr; 285 int fw_enable = 1; 286 int fw_one_pass = 1; 287 288 /* Dummynet hooks */ 289 ip_dn_io_t *ip_dn_io_ptr; 290 291 struct pfil_head inet_pfil_hook; 292 293 /* 294 * XXX this is ugly -- the following two global variables are 295 * used to store packet state while it travels through the stack. 296 * Note that the code even makes assumptions on the size and 297 * alignment of fields inside struct ip_srcrt so e.g. adding some 298 * fields will break the code. This needs to be fixed. 299 * 300 * We need to save the IP options in case a protocol wants to respond 301 * to an incoming packet over the same route if the packet got here 302 * using IP source routing. This allows connection establishment and 303 * maintenance when the remote end is on a network that is not known 304 * to us. 305 */ 306 static int ip_nhops = 0; 307 308 static struct ip_srcrt { 309 struct in_addr dst; /* final destination */ 310 char nop; /* one NOP to align */ 311 char srcopt[IPOPT_OFFSET + 1]; /* OPTVAL, OLEN and OFFSET */ 312 struct in_addr route[MAX_IPOPTLEN/sizeof(struct in_addr)]; 313 } ip_srcrt; 314 315 static MALLOC_DEFINE(M_IPQ, "ipq", "IP Fragment Management"); 316 static struct malloc_pipe ipq_mpipe; 317 318 static void save_rte (u_char *, struct in_addr); 319 static int ip_dooptions (struct mbuf *m, int, 320 struct sockaddr_in *next_hop); 321 static void ip_forward (struct mbuf *m, int srcrt, 322 struct sockaddr_in *next_hop); 323 static void ip_freef (struct ipq *); 324 static int ip_input_handler (struct netmsg *); 325 static struct mbuf *ip_reass (struct mbuf *, struct ipq *, 326 struct ipq *, u_int32_t *, u_int16_t *); 327 328 /* 329 * IP initialization: fill in IP protocol switch table. 330 * All protocols not implemented in kernel go to raw IP protocol handler. 331 */ 332 void 333 ip_init(void) 334 { 335 struct protosw *pr; 336 int i; 337 #ifdef SMP 338 int cpu; 339 #endif 340 341 /* 342 * Make sure we can handle a reasonable number of fragments but 343 * cap it at 4000 (XXX). 344 */ 345 mpipe_init(&ipq_mpipe, M_IPQ, sizeof(struct ipq), 346 IFQ_MAXLEN, 4000, 0, NULL); 347 TAILQ_INIT(&in_ifaddrhead); 348 in_ifaddrhashtbl = hashinit(INADDR_NHASH, M_IFADDR, &in_ifaddrhmask); 349 pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); 350 if (pr == NULL) 351 panic("ip_init"); 352 for (i = 0; i < IPPROTO_MAX; i++) 353 ip_protox[i] = pr - inetsw; 354 for (pr = inetdomain.dom_protosw; 355 pr < inetdomain.dom_protoswNPROTOSW; pr++) 356 if (pr->pr_domain->dom_family == PF_INET && 357 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) 358 ip_protox[pr->pr_protocol] = pr - inetsw; 359 360 inet_pfil_hook.ph_type = PFIL_TYPE_AF; 361 inet_pfil_hook.ph_af = AF_INET; 362 if ((i = pfil_head_register(&inet_pfil_hook)) != 0) { 363 printf("%s: WARNING: unable to register pfil hook, " 364 "error %d\n", __func__, i); 365 } 366 367 for (i = 0; i < IPREASS_NHASH; i++) 368 ipq[i].next = ipq[i].prev = &ipq[i]; 369 370 maxnipq = nmbclusters / 32; 371 maxfragsperpacket = 16; 372 373 #ifndef RANDOM_IP_ID 374 ip_id = time_second & 0xffff; 375 #endif 376 ipintrq.ifq_maxlen = ipqmaxlen; 377 378 /* 379 * Initialize IP statistics. 380 * 381 * It is layed out as an array which is has one element for UP, 382 * and SMP_MAXCPU elements for SMP. This allows us to retain 383 * the access mechanism from userland for both UP and SMP. 384 */ 385 #ifdef SMP 386 for (cpu = 0; cpu < ncpus; ++cpu) { 387 bzero(&ipstats_ary[cpu], sizeof(struct ip_stats)); 388 } 389 #else 390 bzero(&ipstat, sizeof(struct ip_stats)); 391 #endif 392 393 netisr_register(NETISR_IP, ip_mport, ip_input_handler); 394 } 395 396 /* 397 * XXX watch out this one. It is perhaps used as a cache for 398 * the most recently used route ? it is cleared in in_addroute() 399 * when a new route is successfully created. 400 */ 401 struct route ipforward_rt; 402 403 /* Do transport protocol processing. */ 404 static void 405 transport_processing_oncpu(struct mbuf *m, int hlen, struct ip *ip, 406 struct sockaddr_in *nexthop) 407 { 408 /* 409 * Switch out to protocol's input routine. 410 */ 411 if (nexthop && ip->ip_p == IPPROTO_TCP) { 412 /* TCP needs IPFORWARD info if available */ 413 struct m_hdr tag; 414 415 tag.mh_type = MT_TAG; 416 tag.mh_flags = PACKET_TAG_IPFORWARD; 417 tag.mh_data = (caddr_t)nexthop; 418 tag.mh_next = m; 419 420 (*inetsw[ip_protox[ip->ip_p]].pr_input) 421 ((struct mbuf *)&tag, hlen, ip->ip_p); 422 } else { 423 (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen, ip->ip_p); 424 } 425 } 426 427 struct netmsg_transport_packet { 428 struct lwkt_msg nm_lmsg; 429 struct mbuf *nm_mbuf; 430 int nm_hlen; 431 boolean_t nm_hasnexthop; 432 struct sockaddr_in nm_nexthop; 433 }; 434 435 static int 436 transport_processing_handler(lwkt_msg_t lmsg) 437 { 438 struct netmsg_transport_packet *msg = (void *)lmsg; 439 struct sockaddr_in *nexthop; 440 struct ip *ip; 441 442 ip = mtod(msg->nm_mbuf, struct ip *); 443 nexthop = msg->nm_hasnexthop ? &msg->nm_nexthop : NULL; 444 transport_processing_oncpu(msg->nm_mbuf, msg->nm_hlen, ip, nexthop); 445 lwkt_replymsg(lmsg, 0); 446 return(EASYNC); 447 } 448 449 static int 450 ip_input_handler(struct netmsg *msg0) 451 { 452 struct mbuf *m = ((struct netmsg_packet *)msg0)->nm_packet; 453 454 ip_input(m); 455 lwkt_replymsg(&msg0->nm_lmsg, 0); 456 return(EASYNC); 457 } 458 459 /* 460 * IP input routine. Checksum and byte swap header. If fragmented 461 * try to reassemble. Process options. Pass to next level. 462 */ 463 void 464 ip_input(struct mbuf *m) 465 { 466 struct ip *ip; 467 struct ipq *fp; 468 struct in_ifaddr *ia = NULL; 469 struct ifaddr *ifa; 470 int i, hlen, checkif; 471 u_short sum; 472 struct in_addr pkt_dst; 473 u_int32_t divert_info = 0; /* packet divert/tee info */ 474 struct ip_fw_args args; 475 boolean_t using_srcrt = FALSE; /* forward (by PFIL_HOOKS) */ 476 boolean_t needredispatch = FALSE; 477 struct in_addr odst; /* original dst address(NAT) */ 478 #ifdef FAST_IPSEC 479 struct m_tag *mtag; 480 struct tdb_ident *tdbi; 481 struct secpolicy *sp; 482 int s, error; 483 #endif 484 485 args.eh = NULL; 486 args.oif = NULL; 487 args.rule = NULL; 488 args.divert_rule = 0; /* divert cookie */ 489 args.next_hop = NULL; 490 491 /* Grab info from MT_TAG mbufs prepended to the chain. */ 492 while (m != NULL && m->m_type == MT_TAG) { 493 switch(m->_m_tag_id) { 494 case PACKET_TAG_DUMMYNET: 495 args.rule = ((struct dn_pkt *)m)->rule; 496 break; 497 case PACKET_TAG_DIVERT: 498 args.divert_rule = (int)m->m_hdr.mh_data & 0xffff; 499 break; 500 case PACKET_TAG_IPFORWARD: 501 args.next_hop = (struct sockaddr_in *)m->m_hdr.mh_data; 502 break; 503 default: 504 printf("ip_input: unrecognised MT_TAG tag %d\n", 505 m->_m_tag_id); 506 break; 507 } 508 m = m->m_next; 509 } 510 KASSERT(m != NULL && (m->m_flags & M_PKTHDR), ("ip_input: no HDR")); 511 512 if (args.rule != NULL) { /* dummynet already filtered us */ 513 ip = mtod(m, struct ip *); 514 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 515 goto iphack; 516 } 517 518 ipstat.ips_total++; 519 520 /* length checks already done in ip_demux() */ 521 KASSERT(m->m_len >= sizeof(ip), ("IP header not in one mbuf")); 522 523 ip = mtod(m, struct ip *); 524 525 if (IP_VHL_V(ip->ip_vhl) != IPVERSION) { 526 ipstat.ips_badvers++; 527 goto bad; 528 } 529 530 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 531 /* length checks already done in ip_demux() */ 532 KASSERT(hlen >= sizeof(struct ip), ("IP header len too small")); 533 KASSERT(m->m_len >= hlen, ("packet shorter than IP header length")); 534 535 /* 127/8 must not appear on wire - RFC1122 */ 536 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || 537 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { 538 if (!(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK)) { 539 ipstat.ips_badaddr++; 540 goto bad; 541 } 542 } 543 544 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 545 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 546 } else { 547 if (hlen == sizeof(struct ip)) { 548 sum = in_cksum_hdr(ip); 549 } else { 550 sum = in_cksum(m, hlen); 551 } 552 } 553 if (sum != 0) { 554 ipstat.ips_badsum++; 555 goto bad; 556 } 557 558 #ifdef ALTQ 559 if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) { 560 /* packet is dropped by traffic conditioner */ 561 return; 562 } 563 #endif 564 /* 565 * Convert fields to host representation. 566 */ 567 ip->ip_len = ntohs(ip->ip_len); 568 if (ip->ip_len < hlen) { 569 ipstat.ips_badlen++; 570 goto bad; 571 } 572 ip->ip_off = ntohs(ip->ip_off); 573 574 /* 575 * Check that the amount of data in the buffers 576 * is as at least much as the IP header would have us expect. 577 * Trim mbufs if longer than we expect. 578 * Drop packet if shorter than we expect. 579 */ 580 if (m->m_pkthdr.len < ip->ip_len) { 581 ipstat.ips_tooshort++; 582 goto bad; 583 } 584 if (m->m_pkthdr.len > ip->ip_len) { 585 if (m->m_len == m->m_pkthdr.len) { 586 m->m_len = ip->ip_len; 587 m->m_pkthdr.len = ip->ip_len; 588 } else 589 m_adj(m, ip->ip_len - m->m_pkthdr.len); 590 } 591 #if defined(IPSEC) && !defined(IPSEC_FILTERGIF) 592 /* 593 * Bypass packet filtering for packets from a tunnel (gif). 594 */ 595 if (ipsec_gethist(m, NULL)) 596 goto pass; 597 #endif 598 599 /* 600 * IpHack's section. 601 * Right now when no processing on packet has done 602 * and it is still fresh out of network we do our black 603 * deals with it. 604 * - Firewall: deny/allow/divert 605 * - Xlate: translate packet's addr/port (NAT). 606 * - Pipe: pass pkt through dummynet. 607 * - Wrap: fake packet's addr/port <unimpl.> 608 * - Encapsulate: put it in another IP and send out. <unimp.> 609 */ 610 611 iphack: 612 613 /* 614 * Run through list of hooks for input packets. 615 * 616 * NB: Beware of the destination address changing (e.g. 617 * by NAT rewriting). When this happens, tell 618 * ip_forward to do the right thing. 619 */ 620 if (pfil_has_hooks(&inet_pfil_hook)) { 621 odst = ip->ip_dst; 622 if (pfil_run_hooks(&inet_pfil_hook, &m, 623 m->m_pkthdr.rcvif, PFIL_IN)) { 624 return; 625 } 626 if (m == NULL) /* consumed by filter */ 627 return; 628 ip = mtod(m, struct ip *); 629 using_srcrt = (odst.s_addr != ip->ip_dst.s_addr); 630 } 631 632 if (fw_enable && IPFW_LOADED) { 633 /* 634 * If we've been forwarded from the output side, then 635 * skip the firewall a second time 636 */ 637 if (args.next_hop != NULL) 638 goto ours; 639 640 args.m = m; 641 i = ip_fw_chk_ptr(&args); 642 m = args.m; 643 644 if ((i & IP_FW_PORT_DENY_FLAG) || m == NULL) { /* drop */ 645 if (m != NULL) 646 m_freem(m); 647 return; 648 } 649 ip = mtod(m, struct ip *); /* just in case m changed */ 650 if (i == 0 && args.next_hop == NULL) /* common case */ 651 goto pass; 652 if (DUMMYNET_LOADED && (i & IP_FW_PORT_DYNT_FLAG)) { 653 /* Send packet to the appropriate pipe */ 654 ip_dn_io_ptr(m, i&0xffff, DN_TO_IP_IN, &args); 655 return; 656 } 657 #ifdef IPDIVERT 658 if (i != 0 && !(i & IP_FW_PORT_DYNT_FLAG)) { 659 /* Divert or tee packet */ 660 divert_info = i; 661 goto ours; 662 } 663 #endif 664 if (i == 0 && args.next_hop != NULL) 665 goto pass; 666 /* 667 * if we get here, the packet must be dropped 668 */ 669 m_freem(m); 670 return; 671 } 672 pass: 673 674 /* 675 * Process options and, if not destined for us, 676 * ship it on. ip_dooptions returns 1 when an 677 * error was detected (causing an icmp message 678 * to be sent and the original packet to be freed). 679 */ 680 ip_nhops = 0; /* for source routed packets */ 681 if (hlen > sizeof(struct ip) && ip_dooptions(m, 0, args.next_hop)) 682 return; 683 684 /* greedy RSVP, snatches any PATH packet of the RSVP protocol and no 685 * matter if it is destined to another node, or whether it is 686 * a multicast one, RSVP wants it! and prevents it from being forwarded 687 * anywhere else. Also checks if the rsvp daemon is running before 688 * grabbing the packet. 689 */ 690 if (rsvp_on && ip->ip_p == IPPROTO_RSVP) 691 goto ours; 692 693 /* 694 * Check our list of addresses, to see if the packet is for us. 695 * If we don't have any addresses, assume any unicast packet 696 * we receive might be for us (and let the upper layers deal 697 * with it). 698 */ 699 if (TAILQ_EMPTY(&in_ifaddrhead) && !(m->m_flags & (M_MCAST | M_BCAST))) 700 goto ours; 701 702 /* 703 * Cache the destination address of the packet; this may be 704 * changed by use of 'ipfw fwd'. 705 */ 706 pkt_dst = args.next_hop ? args.next_hop->sin_addr : ip->ip_dst; 707 708 /* 709 * Enable a consistency check between the destination address 710 * and the arrival interface for a unicast packet (the RFC 1122 711 * strong ES model) if IP forwarding is disabled and the packet 712 * is not locally generated and the packet is not subject to 713 * 'ipfw fwd'. 714 * 715 * XXX - Checking also should be disabled if the destination 716 * address is ipnat'ed to a different interface. 717 * 718 * XXX - Checking is incompatible with IP aliases added 719 * to the loopback interface instead of the interface where 720 * the packets are received. 721 */ 722 checkif = ip_checkinterface && 723 !ipforwarding && 724 m->m_pkthdr.rcvif != NULL && 725 !(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) && 726 (args.next_hop == NULL); 727 728 /* 729 * Check for exact addresses in the hash bucket. 730 */ 731 LIST_FOREACH(ia, INADDR_HASH(pkt_dst.s_addr), ia_hash) { 732 /* 733 * If the address matches, verify that the packet 734 * arrived via the correct interface if checking is 735 * enabled. 736 */ 737 if (IA_SIN(ia)->sin_addr.s_addr == pkt_dst.s_addr && 738 (!checkif || ia->ia_ifp == m->m_pkthdr.rcvif)) 739 goto ours; 740 } 741 /* 742 * Check for broadcast addresses. 743 * 744 * Only accept broadcast packets that arrive via the matching 745 * interface. Reception of forwarded directed broadcasts would 746 * be handled via ip_forward() and ether_output() with the loopback 747 * into the stack for SIMPLEX interfaces handled by ether_output(). 748 */ 749 if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { 750 TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) { 751 if (ifa->ifa_addr == NULL) /* shutdown/startup race */ 752 continue; 753 if (ifa->ifa_addr->sa_family != AF_INET) 754 continue; 755 ia = ifatoia(ifa); 756 if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr == 757 pkt_dst.s_addr) 758 goto ours; 759 if (ia->ia_netbroadcast.s_addr == pkt_dst.s_addr) 760 goto ours; 761 #ifdef BOOTP_COMPAT 762 if (IA_SIN(ia)->sin_addr.s_addr == INADDR_ANY) 763 goto ours; 764 #endif 765 } 766 } 767 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { 768 struct in_multi *inm; 769 770 if (ip_mrouter != NULL) { 771 /* 772 * If we are acting as a multicast router, all 773 * incoming multicast packets are passed to the 774 * kernel-level multicast forwarding function. 775 * The packet is returned (relatively) intact; if 776 * ip_mforward() returns a non-zero value, the packet 777 * must be discarded, else it may be accepted below. 778 */ 779 if (ip_mforward != NULL && 780 ip_mforward(ip, m->m_pkthdr.rcvif, m, NULL) != 0) { 781 ipstat.ips_cantforward++; 782 m_freem(m); 783 return; 784 } 785 786 /* 787 * The process-level routing daemon needs to receive 788 * all multicast IGMP packets, whether or not this 789 * host belongs to their destination groups. 790 */ 791 if (ip->ip_p == IPPROTO_IGMP) 792 goto ours; 793 ipstat.ips_forward++; 794 } 795 /* 796 * See if we belong to the destination multicast group on the 797 * arrival interface. 798 */ 799 IN_LOOKUP_MULTI(ip->ip_dst, m->m_pkthdr.rcvif, inm); 800 if (inm == NULL) { 801 ipstat.ips_notmember++; 802 m_freem(m); 803 return; 804 } 805 goto ours; 806 } 807 if (ip->ip_dst.s_addr == INADDR_BROADCAST) 808 goto ours; 809 if (ip->ip_dst.s_addr == INADDR_ANY) 810 goto ours; 811 812 /* 813 * FAITH(Firewall Aided Internet Translator) 814 */ 815 if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 816 if (ip_keepfaith) { 817 if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_ICMP) 818 goto ours; 819 } 820 m_freem(m); 821 return; 822 } 823 824 /* 825 * Not for us; forward if possible and desirable. 826 */ 827 if (!ipforwarding) { 828 ipstat.ips_cantforward++; 829 m_freem(m); 830 } else { 831 #ifdef IPSEC 832 /* 833 * Enforce inbound IPsec SPD. 834 */ 835 if (ipsec4_in_reject(m, NULL)) { 836 ipsecstat.in_polvio++; 837 goto bad; 838 } 839 #endif 840 #ifdef FAST_IPSEC 841 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 842 s = splnet(); 843 if (mtag != NULL) { 844 tdbi = (struct tdb_ident *)(mtag + 1); 845 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 846 } else { 847 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 848 IP_FORWARDING, &error); 849 } 850 if (sp == NULL) { /* NB: can happen if error */ 851 splx(s); 852 /*XXX error stat???*/ 853 DPRINTF(("ip_input: no SP for forwarding\n")); /*XXX*/ 854 goto bad; 855 } 856 857 /* 858 * Check security policy against packet attributes. 859 */ 860 error = ipsec_in_reject(sp, m); 861 KEY_FREESP(&sp); 862 splx(s); 863 if (error) { 864 ipstat.ips_cantforward++; 865 goto bad; 866 } 867 #endif 868 ip_forward(m, using_srcrt, args.next_hop); 869 } 870 return; 871 872 ours: 873 874 /* 875 * IPSTEALTH: Process non-routing options only 876 * if the packet is destined for us. 877 */ 878 if (ipstealth && 879 hlen > sizeof(struct ip) && 880 ip_dooptions(m, 1, args.next_hop)) 881 return; 882 883 /* Count the packet in the ip address stats */ 884 if (ia != NULL) { 885 ia->ia_ifa.if_ipackets++; 886 ia->ia_ifa.if_ibytes += m->m_pkthdr.len; 887 } 888 889 /* 890 * If offset or IP_MF are set, must reassemble. 891 * Otherwise, nothing need be done. 892 * (We could look in the reassembly queue to see 893 * if the packet was previously fragmented, 894 * but it's not worth the time; just let them time out.) 895 */ 896 if (ip->ip_off & (IP_MF | IP_OFFMASK)) { 897 898 /* If maxnipq is 0, never accept fragments. */ 899 if (maxnipq == 0) { 900 ipstat.ips_fragments++; 901 ipstat.ips_fragdropped++; 902 goto bad; 903 } 904 905 sum = IPREASS_HASH(ip->ip_src.s_addr, ip->ip_id); 906 /* 907 * Look for queue of fragments 908 * of this datagram. 909 */ 910 for (fp = ipq[sum].next; fp != &ipq[sum]; fp = fp->next) 911 if (ip->ip_id == fp->ipq_id && 912 ip->ip_src.s_addr == fp->ipq_src.s_addr && 913 ip->ip_dst.s_addr == fp->ipq_dst.s_addr && 914 ip->ip_p == fp->ipq_p) 915 goto found; 916 917 fp = NULL; 918 919 /* 920 * Enforce upper bound on number of fragmented packets 921 * for which we attempt reassembly; 922 * If maxnipq is -1, accept all fragments without limitation. 923 */ 924 if ((nipq > maxnipq) && (maxnipq > 0)) { 925 /* 926 * drop something from the tail of the current queue 927 * before proceeding further 928 */ 929 if (ipq[sum].prev == &ipq[sum]) { /* gak */ 930 for (i = 0; i < IPREASS_NHASH; i++) { 931 if (ipq[i].prev != &ipq[i]) { 932 ipstat.ips_fragtimeout += 933 ipq[i].prev->ipq_nfrags; 934 ip_freef(ipq[i].prev); 935 break; 936 } 937 } 938 } else { 939 ipstat.ips_fragtimeout += 940 ipq[sum].prev->ipq_nfrags; 941 ip_freef(ipq[sum].prev); 942 } 943 } 944 found: 945 /* 946 * Adjust ip_len to not reflect header, 947 * convert offset of this to bytes. 948 */ 949 ip->ip_len -= hlen; 950 if (ip->ip_off & IP_MF) { 951 /* 952 * Make sure that fragments have a data length 953 * that's a non-zero multiple of 8 bytes. 954 */ 955 if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) { 956 ipstat.ips_toosmall++; /* XXX */ 957 goto bad; 958 } 959 m->m_flags |= M_FRAG; 960 } else 961 m->m_flags &= ~M_FRAG; 962 ip->ip_off <<= 3; 963 964 /* 965 * Attempt reassembly; if it succeeds, proceed. 966 * ip_reass() will return a different mbuf, and update 967 * the divert info in divert_info and args.divert_rule. 968 */ 969 ipstat.ips_fragments++; 970 m->m_pkthdr.header = ip; 971 m = ip_reass(m, fp, &ipq[sum], &divert_info, &args.divert_rule); 972 if (m == NULL) 973 return; 974 ipstat.ips_reassembled++; 975 needredispatch = TRUE; 976 ip = mtod(m, struct ip *); 977 /* Get the header length of the reassembled packet */ 978 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 979 #ifdef IPDIVERT 980 /* Restore original checksum before diverting packet */ 981 if (divert_info != 0) { 982 ip->ip_len += hlen; 983 ip->ip_len = htons(ip->ip_len); 984 ip->ip_off = htons(ip->ip_off); 985 ip->ip_sum = 0; 986 if (hlen == sizeof(struct ip)) 987 ip->ip_sum = in_cksum_hdr(ip); 988 else 989 ip->ip_sum = in_cksum(m, hlen); 990 ip->ip_off = ntohs(ip->ip_off); 991 ip->ip_len = ntohs(ip->ip_len); 992 ip->ip_len -= hlen; 993 } 994 #endif 995 } else { 996 ip->ip_len -= hlen; 997 } 998 999 #ifdef IPDIVERT 1000 /* 1001 * Divert or tee packet to the divert protocol if required. 1002 */ 1003 if (divert_info != 0) { 1004 struct mbuf *clone = NULL; 1005 1006 /* Clone packet if we're doing a 'tee' */ 1007 if ((divert_info & IP_FW_PORT_TEE_FLAG) != 0) 1008 clone = m_dup(m, MB_DONTWAIT); 1009 1010 /* Restore packet header fields to original values */ 1011 ip->ip_len += hlen; 1012 ip->ip_len = htons(ip->ip_len); 1013 ip->ip_off = htons(ip->ip_off); 1014 1015 /* Deliver packet to divert input routine */ 1016 divert_packet(m, 1, divert_info & 0xffff, args.divert_rule); 1017 ipstat.ips_delivered++; 1018 1019 /* If 'tee', continue with original packet */ 1020 if (clone == NULL) 1021 return; 1022 m = clone; 1023 ip = mtod(m, struct ip *); 1024 ip->ip_len += hlen; 1025 /* 1026 * Jump backwards to complete processing of the 1027 * packet. But first clear divert_info to avoid 1028 * entering this block again. 1029 * We do not need to clear args.divert_rule 1030 * or args.next_hop as they will not be used. 1031 */ 1032 divert_info = 0; 1033 goto pass; 1034 } 1035 #endif 1036 1037 #ifdef IPSEC 1038 /* 1039 * enforce IPsec policy checking if we are seeing last header. 1040 * note that we do not visit this with protocols with pcb layer 1041 * code - like udp/tcp/raw ip. 1042 */ 1043 if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) && 1044 ipsec4_in_reject(m, NULL)) { 1045 ipsecstat.in_polvio++; 1046 goto bad; 1047 } 1048 #endif 1049 #if FAST_IPSEC 1050 /* 1051 * enforce IPsec policy checking if we are seeing last header. 1052 * note that we do not visit this with protocols with pcb layer 1053 * code - like udp/tcp/raw ip. 1054 */ 1055 if (inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) { 1056 /* 1057 * Check if the packet has already had IPsec processing 1058 * done. If so, then just pass it along. This tag gets 1059 * set during AH, ESP, etc. input handling, before the 1060 * packet is returned to the ip input queue for delivery. 1061 */ 1062 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 1063 s = splnet(); 1064 if (mtag != NULL) { 1065 tdbi = (struct tdb_ident *)(mtag + 1); 1066 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 1067 } else { 1068 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 1069 IP_FORWARDING, &error); 1070 } 1071 if (sp != NULL) { 1072 /* 1073 * Check security policy against packet attributes. 1074 */ 1075 error = ipsec_in_reject(sp, m); 1076 KEY_FREESP(&sp); 1077 } else { 1078 /* XXX error stat??? */ 1079 error = EINVAL; 1080 DPRINTF(("ip_input: no SP, packet discarded\n"));/*XXX*/ 1081 goto bad; 1082 } 1083 splx(s); 1084 if (error) 1085 goto bad; 1086 } 1087 #endif /* FAST_IPSEC */ 1088 1089 ipstat.ips_delivered++; 1090 if (needredispatch) { 1091 struct netmsg_transport_packet *msg; 1092 lwkt_port_t port; 1093 1094 msg = malloc(sizeof(struct netmsg_transport_packet), 1095 M_LWKTMSG, M_INTWAIT | M_NULLOK); 1096 if (msg == NULL) 1097 goto bad; 1098 1099 lwkt_initmsg(&msg->nm_lmsg, &netisr_afree_rport, 0, 1100 lwkt_cmd_func(transport_processing_handler), 1101 lwkt_cmd_op_none); 1102 msg->nm_hlen = hlen; 1103 msg->nm_hasnexthop = (args.next_hop != NULL); 1104 if (msg->nm_hasnexthop) 1105 msg->nm_nexthop = *args.next_hop; /* structure copy */ 1106 1107 ip->ip_off = htons(ip->ip_off); 1108 ip->ip_len = htons(ip->ip_len); 1109 port = ip_mport(&m); 1110 if (port) { 1111 msg->nm_mbuf = m; 1112 ip = mtod(m, struct ip *); 1113 ip->ip_len = ntohs(ip->ip_len); 1114 ip->ip_off = ntohs(ip->ip_off); 1115 lwkt_sendmsg(port, &msg->nm_lmsg); 1116 } 1117 } else { 1118 transport_processing_oncpu(m, hlen, ip, args.next_hop); 1119 } 1120 return; 1121 1122 bad: 1123 m_freem(m); 1124 } 1125 1126 /* 1127 * Take incoming datagram fragment and try to reassemble it into 1128 * whole datagram. If a chain for reassembly of this datagram already 1129 * exists, then it is given as fp; otherwise have to make a chain. 1130 * 1131 * When IPDIVERT enabled, keep additional state with each packet that 1132 * tells us if we need to divert or tee the packet we're building. 1133 * In particular, *divinfo includes the port and TEE flag, 1134 * *divert_rule is the number of the matching rule. 1135 */ 1136 1137 static struct mbuf * 1138 ip_reass(struct mbuf *m, struct ipq *fp, struct ipq *where, 1139 u_int32_t *divinfo, u_int16_t *divert_rule) 1140 { 1141 struct ip *ip = mtod(m, struct ip *); 1142 struct mbuf *p = NULL, *q, *nq; 1143 struct mbuf *n; 1144 int hlen = IP_VHL_HL(ip->ip_vhl) << 2; 1145 int i, next; 1146 1147 /* 1148 * Presence of header sizes in mbufs 1149 * would confuse code below. 1150 */ 1151 m->m_data += hlen; 1152 m->m_len -= hlen; 1153 1154 /* 1155 * If first fragment to arrive, create a reassembly queue. 1156 */ 1157 if (fp == NULL) { 1158 if ((fp = mpipe_alloc_nowait(&ipq_mpipe)) == NULL) 1159 goto dropfrag; 1160 insque(fp, where); 1161 nipq++; 1162 fp->ipq_nfrags = 1; 1163 fp->ipq_ttl = IPFRAGTTL; 1164 fp->ipq_p = ip->ip_p; 1165 fp->ipq_id = ip->ip_id; 1166 fp->ipq_src = ip->ip_src; 1167 fp->ipq_dst = ip->ip_dst; 1168 fp->ipq_frags = m; 1169 m->m_nextpkt = NULL; 1170 #ifdef IPDIVERT 1171 fp->ipq_div_info = 0; 1172 fp->ipq_div_cookie = 0; 1173 #endif 1174 goto inserted; 1175 } else { 1176 fp->ipq_nfrags++; 1177 } 1178 1179 #define GETIP(m) ((struct ip*)((m)->m_pkthdr.header)) 1180 1181 /* 1182 * Find a segment which begins after this one does. 1183 */ 1184 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) 1185 if (GETIP(q)->ip_off > ip->ip_off) 1186 break; 1187 1188 /* 1189 * If there is a preceding segment, it may provide some of 1190 * our data already. If so, drop the data from the incoming 1191 * segment. If it provides all of our data, drop us, otherwise 1192 * stick new segment in the proper place. 1193 * 1194 * If some of the data is dropped from the the preceding 1195 * segment, then it's checksum is invalidated. 1196 */ 1197 if (p) { 1198 i = GETIP(p)->ip_off + GETIP(p)->ip_len - ip->ip_off; 1199 if (i > 0) { 1200 if (i >= ip->ip_len) 1201 goto dropfrag; 1202 m_adj(m, i); 1203 m->m_pkthdr.csum_flags = 0; 1204 ip->ip_off += i; 1205 ip->ip_len -= i; 1206 } 1207 m->m_nextpkt = p->m_nextpkt; 1208 p->m_nextpkt = m; 1209 } else { 1210 m->m_nextpkt = fp->ipq_frags; 1211 fp->ipq_frags = m; 1212 } 1213 1214 /* 1215 * While we overlap succeeding segments trim them or, 1216 * if they are completely covered, dequeue them. 1217 */ 1218 for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off; 1219 q = nq) { 1220 i = (ip->ip_off + ip->ip_len) - GETIP(q)->ip_off; 1221 if (i < GETIP(q)->ip_len) { 1222 GETIP(q)->ip_len -= i; 1223 GETIP(q)->ip_off += i; 1224 m_adj(q, i); 1225 q->m_pkthdr.csum_flags = 0; 1226 break; 1227 } 1228 nq = q->m_nextpkt; 1229 m->m_nextpkt = nq; 1230 ipstat.ips_fragdropped++; 1231 fp->ipq_nfrags--; 1232 m_freem(q); 1233 } 1234 1235 inserted: 1236 1237 #ifdef IPDIVERT 1238 /* 1239 * Transfer firewall instructions to the fragment structure. 1240 * Only trust info in the fragment at offset 0. 1241 */ 1242 if (ip->ip_off == 0) { 1243 fp->ipq_div_info = *divinfo; 1244 fp->ipq_div_cookie = *divert_rule; 1245 } 1246 *divinfo = 0; 1247 *divert_rule = 0; 1248 #endif 1249 1250 /* 1251 * Check for complete reassembly and perform frag per packet 1252 * limiting. 1253 * 1254 * Frag limiting is performed here so that the nth frag has 1255 * a chance to complete the packet before we drop the packet. 1256 * As a result, n+1 frags are actually allowed per packet, but 1257 * only n will ever be stored. (n = maxfragsperpacket.) 1258 * 1259 */ 1260 next = 0; 1261 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) { 1262 if (GETIP(q)->ip_off != next) { 1263 if (fp->ipq_nfrags > maxfragsperpacket) { 1264 ipstat.ips_fragdropped += fp->ipq_nfrags; 1265 ip_freef(fp); 1266 } 1267 return (NULL); 1268 } 1269 next += GETIP(q)->ip_len; 1270 } 1271 /* Make sure the last packet didn't have the IP_MF flag */ 1272 if (p->m_flags & M_FRAG) { 1273 if (fp->ipq_nfrags > maxfragsperpacket) { 1274 ipstat.ips_fragdropped += fp->ipq_nfrags; 1275 ip_freef(fp); 1276 } 1277 return (NULL); 1278 } 1279 1280 /* 1281 * Reassembly is complete. Make sure the packet is a sane size. 1282 */ 1283 q = fp->ipq_frags; 1284 ip = GETIP(q); 1285 if (next + (IP_VHL_HL(ip->ip_vhl) << 2) > IP_MAXPACKET) { 1286 ipstat.ips_toolong++; 1287 ipstat.ips_fragdropped += fp->ipq_nfrags; 1288 ip_freef(fp); 1289 return (NULL); 1290 } 1291 1292 /* 1293 * Concatenate fragments. 1294 */ 1295 m = q; 1296 n = m->m_next; 1297 m->m_next = NULL; 1298 m_cat(m, n); 1299 nq = q->m_nextpkt; 1300 q->m_nextpkt = NULL; 1301 for (q = nq; q != NULL; q = nq) { 1302 nq = q->m_nextpkt; 1303 q->m_nextpkt = NULL; 1304 m->m_pkthdr.csum_flags &= q->m_pkthdr.csum_flags; 1305 m->m_pkthdr.csum_data += q->m_pkthdr.csum_data; 1306 m_cat(m, q); 1307 } 1308 1309 #ifdef IPDIVERT 1310 /* 1311 * Extract firewall instructions from the fragment structure. 1312 */ 1313 *divinfo = fp->ipq_div_info; 1314 *divert_rule = fp->ipq_div_cookie; 1315 #endif 1316 1317 /* 1318 * Create header for new ip packet by 1319 * modifying header of first packet; 1320 * dequeue and discard fragment reassembly header. 1321 * Make header visible. 1322 */ 1323 ip->ip_len = next; 1324 ip->ip_src = fp->ipq_src; 1325 ip->ip_dst = fp->ipq_dst; 1326 remque(fp); 1327 nipq--; 1328 mpipe_free(&ipq_mpipe, fp); 1329 m->m_len += (IP_VHL_HL(ip->ip_vhl) << 2); 1330 m->m_data -= (IP_VHL_HL(ip->ip_vhl) << 2); 1331 /* some debugging cruft by sklower, below, will go away soon */ 1332 if (m->m_flags & M_PKTHDR) { /* XXX this should be done elsewhere */ 1333 int plen = 0; 1334 1335 for (n = m; n; n = n->m_next) 1336 plen += n->m_len; 1337 m->m_pkthdr.len = plen; 1338 } 1339 return (m); 1340 1341 dropfrag: 1342 #ifdef IPDIVERT 1343 *divinfo = 0; 1344 *divert_rule = 0; 1345 #endif 1346 ipstat.ips_fragdropped++; 1347 if (fp != NULL) 1348 fp->ipq_nfrags--; 1349 m_freem(m); 1350 return (NULL); 1351 1352 #undef GETIP 1353 } 1354 1355 /* 1356 * Free a fragment reassembly header and all 1357 * associated datagrams. 1358 */ 1359 static void 1360 ip_freef(struct ipq *fp) 1361 { 1362 struct mbuf *q; 1363 1364 while (fp->ipq_frags) { 1365 q = fp->ipq_frags; 1366 fp->ipq_frags = q->m_nextpkt; 1367 m_freem(q); 1368 } 1369 remque(fp); 1370 mpipe_free(&ipq_mpipe, fp); 1371 nipq--; 1372 } 1373 1374 /* 1375 * IP timer processing; 1376 * if a timer expires on a reassembly 1377 * queue, discard it. 1378 */ 1379 void 1380 ip_slowtimo(void) 1381 { 1382 struct ipq *fp; 1383 int s = splnet(); 1384 int i; 1385 1386 for (i = 0; i < IPREASS_NHASH; i++) { 1387 fp = ipq[i].next; 1388 if (fp == NULL) 1389 continue; 1390 while (fp != &ipq[i]) { 1391 --fp->ipq_ttl; 1392 fp = fp->next; 1393 if (fp->prev->ipq_ttl == 0) { 1394 ipstat.ips_fragtimeout += fp->prev->ipq_nfrags; 1395 ip_freef(fp->prev); 1396 } 1397 } 1398 } 1399 /* 1400 * If we are over the maximum number of fragments 1401 * (due to the limit being lowered), drain off 1402 * enough to get down to the new limit. 1403 */ 1404 if (maxnipq >= 0 && nipq > maxnipq) { 1405 for (i = 0; i < IPREASS_NHASH; i++) { 1406 while (nipq > maxnipq && 1407 (ipq[i].next != &ipq[i])) { 1408 ipstat.ips_fragdropped += 1409 ipq[i].next->ipq_nfrags; 1410 ip_freef(ipq[i].next); 1411 } 1412 } 1413 } 1414 ipflow_slowtimo(); 1415 splx(s); 1416 } 1417 1418 /* 1419 * Drain off all datagram fragments. 1420 */ 1421 void 1422 ip_drain(void) 1423 { 1424 int i; 1425 1426 for (i = 0; i < IPREASS_NHASH; i++) { 1427 while (ipq[i].next != &ipq[i]) { 1428 ipstat.ips_fragdropped += ipq[i].next->ipq_nfrags; 1429 ip_freef(ipq[i].next); 1430 } 1431 } 1432 in_rtqdrain(); 1433 } 1434 1435 /* 1436 * Do option processing on a datagram, 1437 * possibly discarding it if bad options are encountered, 1438 * or forwarding it if source-routed. 1439 * The pass argument is used when operating in the IPSTEALTH 1440 * mode to tell what options to process: 1441 * [LS]SRR (pass 0) or the others (pass 1). 1442 * The reason for as many as two passes is that when doing IPSTEALTH, 1443 * non-routing options should be processed only if the packet is for us. 1444 * Returns 1 if packet has been forwarded/freed, 1445 * 0 if the packet should be processed further. 1446 */ 1447 static int 1448 ip_dooptions(struct mbuf *m, int pass, struct sockaddr_in *next_hop) 1449 { 1450 struct sockaddr_in ipaddr = { sizeof ipaddr, AF_INET }; 1451 struct ip *ip = mtod(m, struct ip *); 1452 u_char *cp; 1453 struct in_ifaddr *ia; 1454 int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB; 1455 boolean_t forward = FALSE; 1456 struct in_addr *sin, dst; 1457 n_time ntime; 1458 1459 dst = ip->ip_dst; 1460 cp = (u_char *)(ip + 1); 1461 cnt = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof(struct ip); 1462 for (; cnt > 0; cnt -= optlen, cp += optlen) { 1463 opt = cp[IPOPT_OPTVAL]; 1464 if (opt == IPOPT_EOL) 1465 break; 1466 if (opt == IPOPT_NOP) 1467 optlen = 1; 1468 else { 1469 if (cnt < IPOPT_OLEN + sizeof(*cp)) { 1470 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1471 goto bad; 1472 } 1473 optlen = cp[IPOPT_OLEN]; 1474 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { 1475 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1476 goto bad; 1477 } 1478 } 1479 switch (opt) { 1480 1481 default: 1482 break; 1483 1484 /* 1485 * Source routing with record. 1486 * Find interface with current destination address. 1487 * If none on this machine then drop if strictly routed, 1488 * or do nothing if loosely routed. 1489 * Record interface address and bring up next address 1490 * component. If strictly routed make sure next 1491 * address is on directly accessible net. 1492 */ 1493 case IPOPT_LSRR: 1494 case IPOPT_SSRR: 1495 if (ipstealth && pass > 0) 1496 break; 1497 if (optlen < IPOPT_OFFSET + sizeof(*cp)) { 1498 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1499 goto bad; 1500 } 1501 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { 1502 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1503 goto bad; 1504 } 1505 ipaddr.sin_addr = ip->ip_dst; 1506 ia = (struct in_ifaddr *) 1507 ifa_ifwithaddr((struct sockaddr *)&ipaddr); 1508 if (ia == NULL) { 1509 if (opt == IPOPT_SSRR) { 1510 type = ICMP_UNREACH; 1511 code = ICMP_UNREACH_SRCFAIL; 1512 goto bad; 1513 } 1514 if (!ip_dosourceroute) 1515 goto nosourcerouting; 1516 /* 1517 * Loose routing, and not at next destination 1518 * yet; nothing to do except forward. 1519 */ 1520 break; 1521 } 1522 off--; /* 0 origin */ 1523 if (off > optlen - (int)sizeof(struct in_addr)) { 1524 /* 1525 * End of source route. Should be for us. 1526 */ 1527 if (!ip_acceptsourceroute) 1528 goto nosourcerouting; 1529 save_rte(cp, ip->ip_src); 1530 break; 1531 } 1532 if (ipstealth) 1533 goto dropit; 1534 if (!ip_dosourceroute) { 1535 if (ipforwarding) { 1536 char buf[sizeof "aaa.bbb.ccc.ddd"]; 1537 1538 /* 1539 * Acting as a router, so generate ICMP 1540 */ 1541 nosourcerouting: 1542 strcpy(buf, inet_ntoa(ip->ip_dst)); 1543 log(LOG_WARNING, 1544 "attempted source route from %s to %s\n", 1545 inet_ntoa(ip->ip_src), buf); 1546 type = ICMP_UNREACH; 1547 code = ICMP_UNREACH_SRCFAIL; 1548 goto bad; 1549 } else { 1550 /* 1551 * Not acting as a router, 1552 * so silently drop. 1553 */ 1554 dropit: 1555 ipstat.ips_cantforward++; 1556 m_freem(m); 1557 return (1); 1558 } 1559 } 1560 1561 /* 1562 * locate outgoing interface 1563 */ 1564 memcpy(&ipaddr.sin_addr, cp + off, 1565 sizeof ipaddr.sin_addr); 1566 1567 if (opt == IPOPT_SSRR) { 1568 #define INA struct in_ifaddr * 1569 #define SA struct sockaddr * 1570 if ((ia = (INA)ifa_ifwithdstaddr((SA)&ipaddr)) 1571 == NULL) 1572 ia = (INA)ifa_ifwithnet((SA)&ipaddr); 1573 } else 1574 ia = ip_rtaddr(ipaddr.sin_addr, &ipforward_rt); 1575 if (ia == NULL) { 1576 type = ICMP_UNREACH; 1577 code = ICMP_UNREACH_SRCFAIL; 1578 goto bad; 1579 } 1580 ip->ip_dst = ipaddr.sin_addr; 1581 memcpy(cp + off, &IA_SIN(ia)->sin_addr, 1582 sizeof(struct in_addr)); 1583 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1584 /* 1585 * Let ip_intr's mcast routing check handle mcast pkts 1586 */ 1587 forward = !IN_MULTICAST(ntohl(ip->ip_dst.s_addr)); 1588 break; 1589 1590 case IPOPT_RR: 1591 if (ipstealth && pass == 0) 1592 break; 1593 if (optlen < IPOPT_OFFSET + sizeof(*cp)) { 1594 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1595 goto bad; 1596 } 1597 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { 1598 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1599 goto bad; 1600 } 1601 /* 1602 * If no space remains, ignore. 1603 */ 1604 off--; /* 0 origin */ 1605 if (off > optlen - (int)sizeof(struct in_addr)) 1606 break; 1607 memcpy(&ipaddr.sin_addr, &ip->ip_dst, 1608 sizeof ipaddr.sin_addr); 1609 /* 1610 * locate outgoing interface; if we're the destination, 1611 * use the incoming interface (should be same). 1612 */ 1613 if ((ia = (INA)ifa_ifwithaddr((SA)&ipaddr)) == NULL && 1614 (ia = ip_rtaddr(ipaddr.sin_addr, &ipforward_rt)) 1615 == NULL) { 1616 type = ICMP_UNREACH; 1617 code = ICMP_UNREACH_HOST; 1618 goto bad; 1619 } 1620 memcpy(cp + off, &IA_SIN(ia)->sin_addr, 1621 sizeof(struct in_addr)); 1622 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1623 break; 1624 1625 case IPOPT_TS: 1626 if (ipstealth && pass == 0) 1627 break; 1628 code = cp - (u_char *)ip; 1629 if (optlen < 4 || optlen > 40) { 1630 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1631 goto bad; 1632 } 1633 if ((off = cp[IPOPT_OFFSET]) < 5) { 1634 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1635 goto bad; 1636 } 1637 if (off > optlen - (int)sizeof(int32_t)) { 1638 cp[IPOPT_OFFSET + 1] += (1 << 4); 1639 if ((cp[IPOPT_OFFSET + 1] & 0xf0) == 0) { 1640 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1641 goto bad; 1642 } 1643 break; 1644 } 1645 off--; /* 0 origin */ 1646 sin = (struct in_addr *)(cp + off); 1647 switch (cp[IPOPT_OFFSET + 1] & 0x0f) { 1648 1649 case IPOPT_TS_TSONLY: 1650 break; 1651 1652 case IPOPT_TS_TSANDADDR: 1653 if (off + sizeof(n_time) + 1654 sizeof(struct in_addr) > optlen) { 1655 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1656 goto bad; 1657 } 1658 ipaddr.sin_addr = dst; 1659 ia = (INA)ifaof_ifpforaddr((SA)&ipaddr, 1660 m->m_pkthdr.rcvif); 1661 if (ia == NULL) 1662 continue; 1663 memcpy(sin, &IA_SIN(ia)->sin_addr, 1664 sizeof(struct in_addr)); 1665 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1666 off += sizeof(struct in_addr); 1667 break; 1668 1669 case IPOPT_TS_PRESPEC: 1670 if (off + sizeof(n_time) + 1671 sizeof(struct in_addr) > optlen) { 1672 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1673 goto bad; 1674 } 1675 memcpy(&ipaddr.sin_addr, sin, 1676 sizeof(struct in_addr)); 1677 if (ifa_ifwithaddr((SA)&ipaddr) == NULL) 1678 continue; 1679 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1680 off += sizeof(struct in_addr); 1681 break; 1682 1683 default: 1684 code = &cp[IPOPT_OFFSET + 1] - (u_char *)ip; 1685 goto bad; 1686 } 1687 ntime = iptime(); 1688 memcpy(cp + off, &ntime, sizeof(n_time)); 1689 cp[IPOPT_OFFSET] += sizeof(n_time); 1690 } 1691 } 1692 if (forward && ipforwarding) { 1693 ip_forward(m, 1, next_hop); 1694 return (1); 1695 } 1696 return (0); 1697 bad: 1698 icmp_error(m, type, code, 0, NULL); 1699 ipstat.ips_badoptions++; 1700 return (1); 1701 } 1702 1703 /* 1704 * Given address of next destination (final or next hop), 1705 * return internet address info of interface to be used to get there. 1706 */ 1707 struct in_ifaddr * 1708 ip_rtaddr(struct in_addr dst, struct route *rt) 1709 { 1710 struct sockaddr_in *sin; 1711 1712 sin = (struct sockaddr_in *)&rt->ro_dst; 1713 1714 if (rt->ro_rt == NULL || dst.s_addr != sin->sin_addr.s_addr) { 1715 if (rt->ro_rt != NULL) { 1716 RTFREE(rt->ro_rt); 1717 rt->ro_rt = NULL; 1718 } 1719 sin->sin_family = AF_INET; 1720 sin->sin_len = sizeof *sin; 1721 sin->sin_addr = dst; 1722 rtalloc_ign(rt, RTF_PRCLONING); 1723 } 1724 1725 if (rt->ro_rt == NULL) 1726 return (NULL); 1727 1728 return (ifatoia(rt->ro_rt->rt_ifa)); 1729 } 1730 1731 /* 1732 * Save incoming source route for use in replies, 1733 * to be picked up later by ip_srcroute if the receiver is interested. 1734 */ 1735 void 1736 save_rte(u_char *option, struct in_addr dst) 1737 { 1738 unsigned olen; 1739 1740 olen = option[IPOPT_OLEN]; 1741 #ifdef DIAGNOSTIC 1742 if (ipprintfs) 1743 printf("save_rte: olen %d\n", olen); 1744 #endif 1745 if (olen > sizeof(ip_srcrt) - (1 + sizeof(dst))) 1746 return; 1747 bcopy(option, ip_srcrt.srcopt, olen); 1748 ip_nhops = (olen - IPOPT_OFFSET - 1) / sizeof(struct in_addr); 1749 ip_srcrt.dst = dst; 1750 } 1751 1752 /* 1753 * Retrieve incoming source route for use in replies, 1754 * in the same form used by setsockopt. 1755 * The first hop is placed before the options, will be removed later. 1756 */ 1757 struct mbuf * 1758 ip_srcroute(void) 1759 { 1760 struct in_addr *p, *q; 1761 struct mbuf *m; 1762 1763 if (ip_nhops == 0) 1764 return (NULL); 1765 m = m_get(MB_DONTWAIT, MT_HEADER); 1766 if (m == NULL) 1767 return (NULL); 1768 1769 #define OPTSIZ (sizeof(ip_srcrt.nop) + sizeof(ip_srcrt.srcopt)) 1770 1771 /* length is (nhops+1)*sizeof(addr) + sizeof(nop + srcrt header) */ 1772 m->m_len = ip_nhops * sizeof(struct in_addr) + sizeof(struct in_addr) + 1773 OPTSIZ; 1774 #ifdef DIAGNOSTIC 1775 if (ipprintfs) 1776 printf("ip_srcroute: nhops %d mlen %d", ip_nhops, m->m_len); 1777 #endif 1778 1779 /* 1780 * First save first hop for return route 1781 */ 1782 p = &ip_srcrt.route[ip_nhops - 1]; 1783 *(mtod(m, struct in_addr *)) = *p--; 1784 #ifdef DIAGNOSTIC 1785 if (ipprintfs) 1786 printf(" hops %x", ntohl(mtod(m, struct in_addr *)->s_addr)); 1787 #endif 1788 1789 /* 1790 * Copy option fields and padding (nop) to mbuf. 1791 */ 1792 ip_srcrt.nop = IPOPT_NOP; 1793 ip_srcrt.srcopt[IPOPT_OFFSET] = IPOPT_MINOFF; 1794 memcpy(mtod(m, caddr_t) + sizeof(struct in_addr), &ip_srcrt.nop, 1795 OPTSIZ); 1796 q = (struct in_addr *)(mtod(m, caddr_t) + 1797 sizeof(struct in_addr) + OPTSIZ); 1798 #undef OPTSIZ 1799 /* 1800 * Record return path as an IP source route, 1801 * reversing the path (pointers are now aligned). 1802 */ 1803 while (p >= ip_srcrt.route) { 1804 #ifdef DIAGNOSTIC 1805 if (ipprintfs) 1806 printf(" %x", ntohl(q->s_addr)); 1807 #endif 1808 *q++ = *p--; 1809 } 1810 /* 1811 * Last hop goes to final destination. 1812 */ 1813 *q = ip_srcrt.dst; 1814 #ifdef DIAGNOSTIC 1815 if (ipprintfs) 1816 printf(" %x\n", ntohl(q->s_addr)); 1817 #endif 1818 return (m); 1819 } 1820 1821 /* 1822 * Strip out IP options. 1823 */ 1824 void 1825 ip_stripoptions(struct mbuf *m) 1826 { 1827 int datalen; 1828 struct ip *ip = mtod(m, struct ip *); 1829 caddr_t opts; 1830 int optlen; 1831 1832 optlen = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof(struct ip); 1833 opts = (caddr_t)(ip + 1); 1834 datalen = m->m_len - (sizeof(struct ip) + optlen); 1835 bcopy(opts + optlen, opts, datalen); 1836 m->m_len -= optlen; 1837 if (m->m_flags & M_PKTHDR) 1838 m->m_pkthdr.len -= optlen; 1839 ip->ip_vhl = IP_MAKE_VHL(IPVERSION, sizeof(struct ip) >> 2); 1840 } 1841 1842 u_char inetctlerrmap[PRC_NCMDS] = { 1843 0, 0, 0, 0, 1844 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1845 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1846 EMSGSIZE, EHOSTUNREACH, 0, 0, 1847 0, 0, 0, 0, 1848 ENOPROTOOPT, ECONNREFUSED 1849 }; 1850 1851 /* 1852 * Forward a packet. If some error occurs return the sender 1853 * an icmp packet. Note we can't always generate a meaningful 1854 * icmp message because icmp doesn't have a large enough repertoire 1855 * of codes and types. 1856 * 1857 * If not forwarding, just drop the packet. This could be confusing 1858 * if ipforwarding was zero but some routing protocol was advancing 1859 * us as a gateway to somewhere. However, we must let the routing 1860 * protocol deal with that. 1861 * 1862 * The using_srcrt parameter indicates whether the packet is being forwarded 1863 * via a source route. 1864 */ 1865 static void 1866 ip_forward(struct mbuf *m, int using_srcrt, struct sockaddr_in *next_hop) 1867 { 1868 struct ip *ip = mtod(m, struct ip *); 1869 struct sockaddr_in *sin; 1870 struct rtentry *rt; 1871 int error, type = 0, code = 0; 1872 struct mbuf *mcopy; 1873 n_long dest; 1874 struct in_addr pkt_dst; 1875 struct ifnet *destifp; 1876 struct m_hdr tag; 1877 #if defined(IPSEC) || defined(FAST_IPSEC) 1878 struct ifnet dummyifp; 1879 #endif 1880 1881 dest = 0; 1882 /* 1883 * Cache the destination address of the packet; this may be 1884 * changed by use of 'ipfw fwd'. 1885 */ 1886 pkt_dst = (next_hop != NULL) ? next_hop->sin_addr : ip->ip_dst; 1887 1888 #ifdef DIAGNOSTIC 1889 if (ipprintfs) 1890 printf("forward: src %x dst %x ttl %x\n", 1891 ip->ip_src.s_addr, pkt_dst.s_addr, ip->ip_ttl); 1892 #endif 1893 1894 if (m->m_flags & (M_BCAST | M_MCAST) || !in_canforward(pkt_dst)) { 1895 ipstat.ips_cantforward++; 1896 m_freem(m); 1897 return; 1898 } 1899 if (!ipstealth && ip->ip_ttl <= IPTTLDEC) { 1900 icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, NULL); 1901 return; 1902 } 1903 1904 sin = (struct sockaddr_in *)&ipforward_rt.ro_dst; 1905 if ((rt = ipforward_rt.ro_rt) == NULL || 1906 pkt_dst.s_addr != sin->sin_addr.s_addr) { 1907 if (ipforward_rt.ro_rt != NULL) { 1908 RTFREE(ipforward_rt.ro_rt); 1909 ipforward_rt.ro_rt = NULL; 1910 } 1911 sin->sin_family = AF_INET; 1912 sin->sin_len = sizeof(*sin); 1913 sin->sin_addr = pkt_dst; 1914 1915 rtalloc_ign(&ipforward_rt, RTF_PRCLONING); 1916 if (ipforward_rt.ro_rt == NULL) { 1917 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, dest, 1918 NULL); 1919 return; 1920 } 1921 rt = ipforward_rt.ro_rt; 1922 } 1923 1924 /* 1925 * Save the IP header and at most 8 bytes of the payload, 1926 * in case we need to generate an ICMP message to the src. 1927 * 1928 * XXX this can be optimized a lot by saving the data in a local 1929 * buffer on the stack (72 bytes at most), and only allocating the 1930 * mbuf if really necessary. The vast majority of the packets 1931 * are forwarded without having to send an ICMP back (either 1932 * because unnecessary, or because rate limited), so we are 1933 * really we are wasting a lot of work here. 1934 * 1935 * We don't use m_copy() because it might return a reference 1936 * to a shared cluster. Both this function and ip_output() 1937 * assume exclusive access to the IP header in `m', so any 1938 * data in a cluster may change before we reach icmp_error(). 1939 */ 1940 MGET(mcopy, MB_DONTWAIT, m->m_type); 1941 if (mcopy != NULL && !m_dup_pkthdr(mcopy, m, MB_DONTWAIT)) { 1942 /* 1943 * It's probably ok if the pkthdr dup fails (because 1944 * the deep copy of the tag chain failed), but for now 1945 * be conservative and just discard the copy since 1946 * code below may some day want the tags. 1947 */ 1948 m_free(mcopy); 1949 mcopy = NULL; 1950 } 1951 if (mcopy != NULL) { 1952 mcopy->m_len = imin((IP_VHL_HL(ip->ip_vhl) << 2) + 8, 1953 (int)ip->ip_len); 1954 mcopy->m_pkthdr.len = mcopy->m_len; 1955 m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t)); 1956 } 1957 1958 if (!ipstealth) 1959 ip->ip_ttl -= IPTTLDEC; 1960 1961 /* 1962 * If forwarding packet using same interface that it came in on, 1963 * perhaps should send a redirect to sender to shortcut a hop. 1964 * Only send redirect if source is sending directly to us, 1965 * and if packet was not source routed (or has any options). 1966 * Also, don't send redirect if forwarding using a default route 1967 * or a route modified by a redirect. 1968 */ 1969 if (rt->rt_ifp == m->m_pkthdr.rcvif && 1970 !(rt->rt_flags & (RTF_DYNAMIC | RTF_MODIFIED)) && 1971 satosin(rt_key(rt))->sin_addr.s_addr != INADDR_ANY && 1972 ipsendredirects && !using_srcrt && next_hop == NULL) { 1973 u_long src = ntohl(ip->ip_src.s_addr); 1974 1975 #define RTA(rt) ((struct in_ifaddr *)(rt->rt_ifa)) 1976 if (RTA(rt) != NULL && 1977 (src & RTA(rt)->ia_subnetmask) == RTA(rt)->ia_subnet) { 1978 if (rt->rt_flags & RTF_GATEWAY) 1979 dest = satosin(rt->rt_gateway)->sin_addr.s_addr; 1980 else 1981 dest = pkt_dst.s_addr; 1982 /* 1983 * Router requirements says to only send 1984 * host redirects. 1985 */ 1986 type = ICMP_REDIRECT; 1987 code = ICMP_REDIRECT_HOST; 1988 #ifdef DIAGNOSTIC 1989 if (ipprintfs) 1990 printf("redirect (%d) to %x\n", code, dest); 1991 #endif 1992 } 1993 } 1994 1995 if (next_hop != NULL) { 1996 /* Pass IPFORWARD info if available */ 1997 tag.mh_type = MT_TAG; 1998 tag.mh_flags = PACKET_TAG_IPFORWARD; 1999 tag.mh_data = (caddr_t)next_hop; 2000 tag.mh_next = m; 2001 m = (struct mbuf *)&tag; 2002 } 2003 2004 error = ip_output(m, NULL, &ipforward_rt, IP_FORWARDING, NULL, NULL); 2005 2006 if (error) 2007 ipstat.ips_cantforward++; 2008 else { 2009 ipstat.ips_forward++; 2010 if (type) 2011 ipstat.ips_redirectsent++; 2012 else { 2013 if (mcopy) { 2014 ipflow_create(&ipforward_rt, mcopy); 2015 m_freem(mcopy); 2016 } 2017 return; 2018 } 2019 } 2020 if (mcopy == NULL) 2021 return; 2022 destifp = NULL; 2023 2024 switch (error) { 2025 2026 case 0: /* forwarded, but need redirect */ 2027 /* type, code set above */ 2028 break; 2029 2030 case ENETUNREACH: /* shouldn't happen, checked above */ 2031 case EHOSTUNREACH: 2032 case ENETDOWN: 2033 case EHOSTDOWN: 2034 default: 2035 type = ICMP_UNREACH; 2036 code = ICMP_UNREACH_HOST; 2037 break; 2038 2039 case EMSGSIZE: 2040 type = ICMP_UNREACH; 2041 code = ICMP_UNREACH_NEEDFRAG; 2042 #ifdef IPSEC 2043 /* 2044 * If the packet is routed over IPsec tunnel, tell the 2045 * originator the tunnel MTU. 2046 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz 2047 * XXX quickhack!!! 2048 */ 2049 if (ipforward_rt.ro_rt != NULL) { 2050 struct secpolicy *sp = NULL; 2051 int ipsecerror; 2052 int ipsechdr; 2053 struct route *ro; 2054 2055 sp = ipsec4_getpolicybyaddr(mcopy, 2056 IPSEC_DIR_OUTBOUND, 2057 IP_FORWARDING, 2058 &ipsecerror); 2059 2060 if (sp == NULL) 2061 destifp = ipforward_rt.ro_rt->rt_ifp; 2062 else { 2063 /* count IPsec header size */ 2064 ipsechdr = ipsec4_hdrsiz(mcopy, 2065 IPSEC_DIR_OUTBOUND, 2066 NULL); 2067 2068 /* 2069 * find the correct route for outer IPv4 2070 * header, compute tunnel MTU. 2071 * 2072 * XXX BUG ALERT 2073 * The "dummyifp" code relies upon the fact 2074 * that icmp_error() touches only ifp->if_mtu. 2075 */ 2076 /*XXX*/ 2077 destifp = NULL; 2078 if (sp->req != NULL && sp->req->sav != NULL && 2079 sp->req->sav->sah != NULL) { 2080 ro = &sp->req->sav->sah->sa_route; 2081 if (ro->ro_rt != NULL && 2082 ro->ro_rt->rt_ifp != NULL) { 2083 dummyifp.if_mtu = 2084 ro->ro_rt->rt_ifp->if_mtu; 2085 dummyifp.if_mtu -= ipsechdr; 2086 destifp = &dummyifp; 2087 } 2088 } 2089 2090 key_freesp(sp); 2091 } 2092 } 2093 #elif FAST_IPSEC 2094 /* 2095 * If the packet is routed over IPsec tunnel, tell the 2096 * originator the tunnel MTU. 2097 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz 2098 * XXX quickhack!!! 2099 */ 2100 if (ipforward_rt.ro_rt != NULL) { 2101 struct secpolicy *sp = NULL; 2102 int ipsecerror; 2103 int ipsechdr; 2104 struct route *ro; 2105 2106 sp = ipsec_getpolicybyaddr(mcopy, 2107 IPSEC_DIR_OUTBOUND, 2108 IP_FORWARDING, 2109 &ipsecerror); 2110 2111 if (sp == NULL) 2112 destifp = ipforward_rt.ro_rt->rt_ifp; 2113 else { 2114 /* count IPsec header size */ 2115 ipsechdr = ipsec4_hdrsiz(mcopy, 2116 IPSEC_DIR_OUTBOUND, 2117 NULL); 2118 2119 /* 2120 * find the correct route for outer IPv4 2121 * header, compute tunnel MTU. 2122 * 2123 * XXX BUG ALERT 2124 * The "dummyifp" code relies upon the fact 2125 * that icmp_error() touches only ifp->if_mtu. 2126 */ 2127 /*XXX*/ 2128 destifp = NULL; 2129 if (sp->req != NULL && 2130 sp->req->sav != NULL && 2131 sp->req->sav->sah != NULL) { 2132 ro = &sp->req->sav->sah->sa_route; 2133 if (ro->ro_rt != NULL && 2134 ro->ro_rt->rt_ifp != NULL) { 2135 dummyifp.if_mtu = 2136 ro->ro_rt->rt_ifp->if_mtu; 2137 dummyifp.if_mtu -= ipsechdr; 2138 destifp = &dummyifp; 2139 } 2140 } 2141 2142 KEY_FREESP(&sp); 2143 } 2144 } 2145 #else /* !IPSEC && !FAST_IPSEC */ 2146 if (ipforward_rt.ro_rt != NULL) 2147 destifp = ipforward_rt.ro_rt->rt_ifp; 2148 #endif /*IPSEC*/ 2149 ipstat.ips_cantfrag++; 2150 break; 2151 2152 case ENOBUFS: 2153 /* 2154 * A router should not generate ICMP_SOURCEQUENCH as 2155 * required in RFC1812 Requirements for IP Version 4 Routers. 2156 * Source quench could be a big problem under DoS attacks, 2157 * or if the underlying interface is rate-limited. 2158 * Those who need source quench packets may re-enable them 2159 * via the net.inet.ip.sendsourcequench sysctl. 2160 */ 2161 if (!ip_sendsourcequench) { 2162 m_freem(mcopy); 2163 return; 2164 } else { 2165 type = ICMP_SOURCEQUENCH; 2166 code = 0; 2167 } 2168 break; 2169 2170 case EACCES: /* ipfw denied packet */ 2171 m_freem(mcopy); 2172 return; 2173 } 2174 icmp_error(mcopy, type, code, dest, destifp); 2175 } 2176 2177 void 2178 ip_savecontrol(struct inpcb *inp, struct mbuf **mp, struct ip *ip, 2179 struct mbuf *m) 2180 { 2181 if (inp->inp_socket->so_options & SO_TIMESTAMP) { 2182 struct timeval tv; 2183 2184 microtime(&tv); 2185 *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), 2186 SCM_TIMESTAMP, SOL_SOCKET); 2187 if (*mp) 2188 mp = &(*mp)->m_next; 2189 } 2190 if (inp->inp_flags & INP_RECVDSTADDR) { 2191 *mp = sbcreatecontrol((caddr_t) &ip->ip_dst, 2192 sizeof(struct in_addr), IP_RECVDSTADDR, IPPROTO_IP); 2193 if (*mp) 2194 mp = &(*mp)->m_next; 2195 } 2196 #ifdef notyet 2197 /* XXX 2198 * Moving these out of udp_input() made them even more broken 2199 * than they already were. 2200 */ 2201 /* options were tossed already */ 2202 if (inp->inp_flags & INP_RECVOPTS) { 2203 *mp = sbcreatecontrol((caddr_t) opts_deleted_above, 2204 sizeof(struct in_addr), IP_RECVOPTS, IPPROTO_IP); 2205 if (*mp) 2206 mp = &(*mp)->m_next; 2207 } 2208 /* ip_srcroute doesn't do what we want here, need to fix */ 2209 if (inp->inp_flags & INP_RECVRETOPTS) { 2210 *mp = sbcreatecontrol((caddr_t) ip_srcroute(), 2211 sizeof(struct in_addr), IP_RECVRETOPTS, IPPROTO_IP); 2212 if (*mp) 2213 mp = &(*mp)->m_next; 2214 } 2215 #endif 2216 if (inp->inp_flags & INP_RECVIF) { 2217 struct ifnet *ifp; 2218 struct sdlbuf { 2219 struct sockaddr_dl sdl; 2220 u_char pad[32]; 2221 } sdlbuf; 2222 struct sockaddr_dl *sdp; 2223 struct sockaddr_dl *sdl2 = &sdlbuf.sdl; 2224 2225 if (((ifp = m->m_pkthdr.rcvif)) && 2226 ((ifp->if_index != 0) && (ifp->if_index <= if_index))) { 2227 sdp = (struct sockaddr_dl *) 2228 ifnet_addrs[ifp->if_index - 1]->ifa_addr; 2229 /* 2230 * Change our mind and don't try copy. 2231 */ 2232 if ((sdp->sdl_family != AF_LINK) || 2233 (sdp->sdl_len > sizeof(sdlbuf))) { 2234 goto makedummy; 2235 } 2236 bcopy(sdp, sdl2, sdp->sdl_len); 2237 } else { 2238 makedummy: 2239 sdl2->sdl_len = 2240 offsetof(struct sockaddr_dl, sdl_data[0]); 2241 sdl2->sdl_family = AF_LINK; 2242 sdl2->sdl_index = 0; 2243 sdl2->sdl_nlen = sdl2->sdl_alen = sdl2->sdl_slen = 0; 2244 } 2245 *mp = sbcreatecontrol((caddr_t) sdl2, sdl2->sdl_len, 2246 IP_RECVIF, IPPROTO_IP); 2247 if (*mp) 2248 mp = &(*mp)->m_next; 2249 } 2250 } 2251 2252 /* 2253 * XXX these routines are called from the upper part of the kernel. 2254 * 2255 * They could also be moved to ip_mroute.c, since all the RSVP 2256 * handling is done there already. 2257 */ 2258 int 2259 ip_rsvp_init(struct socket *so) 2260 { 2261 if (so->so_type != SOCK_RAW || 2262 so->so_proto->pr_protocol != IPPROTO_RSVP) 2263 return EOPNOTSUPP; 2264 2265 if (ip_rsvpd != NULL) 2266 return EADDRINUSE; 2267 2268 ip_rsvpd = so; 2269 /* 2270 * This may seem silly, but we need to be sure we don't over-increment 2271 * the RSVP counter, in case something slips up. 2272 */ 2273 if (!ip_rsvp_on) { 2274 ip_rsvp_on = 1; 2275 rsvp_on++; 2276 } 2277 2278 return 0; 2279 } 2280 2281 int 2282 ip_rsvp_done(void) 2283 { 2284 ip_rsvpd = NULL; 2285 /* 2286 * This may seem silly, but we need to be sure we don't over-decrement 2287 * the RSVP counter, in case something slips up. 2288 */ 2289 if (ip_rsvp_on) { 2290 ip_rsvp_on = 0; 2291 rsvp_on--; 2292 } 2293 return 0; 2294 } 2295 2296 void 2297 rsvp_input(struct mbuf *m, ...) /* XXX must fixup manually */ 2298 { 2299 int off, proto; 2300 __va_list ap; 2301 2302 __va_start(ap, m); 2303 off = __va_arg(ap, int); 2304 proto = __va_arg(ap, int); 2305 __va_end(ap); 2306 2307 if (rsvp_input_p) { /* call the real one if loaded */ 2308 rsvp_input_p(m, off, proto); 2309 return; 2310 } 2311 2312 /* Can still get packets with rsvp_on = 0 if there is a local member 2313 * of the group to which the RSVP packet is addressed. But in this 2314 * case we want to throw the packet away. 2315 */ 2316 2317 if (!rsvp_on) { 2318 m_freem(m); 2319 return; 2320 } 2321 2322 if (ip_rsvpd != NULL) { 2323 rip_input(m, off, proto); 2324 return; 2325 } 2326 /* Drop the packet */ 2327 m_freem(m); 2328 } 2329