1 /* $NetBSD: in6_proto.c,v 1.126 2018/08/14 14:49:14 maxv Exp $ */ 2 /* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)in_proto.c 8.1 (Berkeley) 6/10/93 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: in6_proto.c,v 1.126 2018/08/14 14:49:14 maxv Exp $"); 66 67 #ifdef _KERNEL_OPT 68 #include "opt_gateway.h" 69 #include "opt_inet.h" 70 #include "opt_ipsec.h" 71 #include "opt_dccp.h" 72 #include "opt_sctp.h" 73 #include "opt_net_mpsafe.h" 74 #endif 75 76 #include <sys/param.h> 77 #include <sys/socket.h> 78 #include <sys/protosw.h> 79 #include <sys/kernel.h> 80 #include <sys/domain.h> 81 #include <sys/mbuf.h> 82 83 #include <net/if.h> 84 85 #include <netinet/in.h> 86 #include <netinet/in_systm.h> 87 #include <netinet/in_var.h> 88 #include <netinet/ip_encap.h> 89 #include <netinet/ip.h> 90 #include <netinet/ip_var.h> 91 #include <netinet/in_pcb.h> 92 #include <netinet/ip6.h> 93 #include <netinet6/ip6_var.h> 94 #include <netinet/icmp6.h> 95 #include <netinet6/in6_pcb.h> 96 97 #include <netinet/tcp.h> 98 #include <netinet/tcp_fsm.h> 99 #include <netinet/tcp_seq.h> 100 #include <netinet/tcp_timer.h> 101 #include <netinet/tcp_var.h> 102 #include <netinet/tcp_debug.h> 103 104 #include <netinet6/udp6.h> 105 #include <netinet6/udp6_var.h> 106 107 #ifdef DCCP 108 #include <netinet/dccp.h> 109 #include <netinet/dccp_var.h> 110 #include <netinet6/dccp6_var.h> 111 #endif 112 113 #ifdef SCTP 114 #include <netinet/sctp_pcb.h> 115 #include <netinet/sctp.h> 116 #include <netinet/sctp_var.h> 117 #include <netinet6/sctp6_var.h> 118 #endif 119 120 #include <netinet6/pim6_var.h> 121 122 #ifdef IPSEC 123 #include <netipsec/ipsec.h> 124 #include <netipsec/ipsec6.h> 125 #include <netipsec/key.h> 126 #endif 127 128 #include "carp.h" 129 #if NCARP > 0 130 #include <netinet/ip_carp.h> 131 #endif 132 133 #include <netinet6/ip6protosw.h> 134 135 /* 136 * TCP/IP protocol family: IP6, ICMP6, UDP, TCP. 137 */ 138 139 DOMAIN_DEFINE(inet6domain); /* forward declare and add to link set */ 140 141 /* Wrappers to acquire kernel_lock. */ 142 143 PR_WRAP_CTLINPUT(rip6_ctlinput) 144 PR_WRAP_CTLINPUT(encap6_ctlinput) 145 PR_WRAP_CTLINPUT(udp6_ctlinput) 146 PR_WRAP_CTLINPUT(tcp6_ctlinput) 147 148 #define rip6_ctlinput rip6_ctlinput_wrapper 149 #define encap6_ctlinput encap6_ctlinput_wrapper 150 #define udp6_ctlinput udp6_ctlinput_wrapper 151 #define tcp6_ctlinput tcp6_ctlinput_wrapper 152 153 PR_WRAP_CTLOUTPUT(rip6_ctloutput) 154 PR_WRAP_CTLOUTPUT(tcp_ctloutput) 155 PR_WRAP_CTLOUTPUT(udp6_ctloutput) 156 PR_WRAP_CTLOUTPUT(icmp6_ctloutput) 157 158 #define rip6_ctloutput rip6_ctloutput_wrapper 159 #define tcp_ctloutput tcp_ctloutput_wrapper 160 #define udp6_ctloutput udp6_ctloutput_wrapper 161 #define icmp6_ctloutput icmp6_ctloutput_wrapper 162 163 #if defined(DCCP) 164 PR_WRAP_CTLINPUT(dccp6_ctlinput) 165 PR_WRAP_CTLOUTPUT(dccp_ctloutput) 166 167 #define dccp6_ctlinput dccp6_ctlinput_wrapper 168 #define dccp_ctloutput dccp_ctloutput_wrapper 169 #endif 170 171 #if defined(SCTP) 172 PR_WRAP_CTLINPUT(sctp6_ctlinput) 173 PR_WRAP_CTLOUTPUT(sctp_ctloutput) 174 175 #define sctp6_ctlinput sctp6_ctlinput_wrapper 176 #define sctp_ctloutput sctp_ctloutput_wrapper 177 #endif 178 179 #ifdef NET_MPSAFE 180 PR_WRAP_INPUT6(udp6_input) 181 PR_WRAP_INPUT6(tcp6_input) 182 #ifdef DCCP 183 PR_WRAP_INPUT6(dccp6_input) 184 #endif 185 #ifdef SCTP 186 PR_WRAP_INPUT6(sctp6_input) 187 #endif 188 PR_WRAP_INPUT6(rip6_input) 189 PR_WRAP_INPUT6(dest6_input) 190 PR_WRAP_INPUT6(route6_input) 191 PR_WRAP_INPUT6(frag6_input) 192 #if NPFSYNC > 0 193 PR_WRAP_INPUT6(pfsync_input) 194 #endif 195 PR_WRAP_INPUT6(pim6_input) 196 197 #define udp6_input udp6_input_wrapper 198 #define tcp6_input tcp6_input_wrapper 199 #define dccp6_input dccp6_input_wrapper 200 #define sctp6_input sctp6_input_wrapper 201 #define rip6_input rip6_input_wrapper 202 #define dest6_input dest6_input_wrapper 203 #define route6_input route6_input_wrapper 204 #define frag6_input frag6_input_wrapper 205 #define pim6_input pim6_input_wrapper 206 #endif 207 208 #if defined(IPSEC) 209 210 #ifdef IPSEC_RUMPKERNEL 211 /* 212 * .pr_input = ipsec6_common_input won't be resolved on loading 213 * the ipsec shared library. We need a wrapper anyway. 214 */ 215 static int 216 ipsec6_common_input_wrapper(struct mbuf **mp, int *offp, int proto) 217 { 218 219 if (ipsec_enabled) { 220 return ipsec6_common_input(mp, offp, proto); 221 } else { 222 m_freem(*mp); 223 return IPPROTO_DONE; 224 } 225 } 226 #define ipsec6_common_input ipsec6_common_input_wrapper 227 228 /* The ctlinput functions may not be loaded */ 229 #define IPSEC_WRAP_CTLINPUT(name) \ 230 static void * \ 231 name##_wrapper(int a, const struct sockaddr *b, void *c)\ 232 { \ 233 void *rv; \ 234 KERNEL_LOCK(1, NULL); \ 235 if (ipsec_enabled) \ 236 rv = name(a, b, c); \ 237 else \ 238 rv = NULL; \ 239 KERNEL_UNLOCK_ONE(NULL); \ 240 return rv; \ 241 } 242 IPSEC_WRAP_CTLINPUT(ah6_ctlinput) 243 IPSEC_WRAP_CTLINPUT(esp6_ctlinput) 244 245 #else /* !IPSEC_RUMPKERNEL */ 246 247 PR_WRAP_CTLINPUT(ah6_ctlinput) 248 PR_WRAP_CTLINPUT(esp6_ctlinput) 249 250 #endif /* !IPSEC_RUMPKERNEL */ 251 252 #define ah6_ctlinput ah6_ctlinput_wrapper 253 #define esp6_ctlinput esp6_ctlinput_wrapper 254 255 #endif /* IPSEC */ 256 257 static void 258 tcp6_init(void) 259 { 260 261 icmp6_mtudisc_callback_register(tcp6_mtudisc_callback); 262 263 tcp_init_common(sizeof(struct ip6_hdr)); 264 } 265 266 const struct ip6protosw inet6sw[] = { 267 { .pr_domain = &inet6domain, 268 .pr_protocol = IPPROTO_IPV6, 269 .pr_init = ip6_init, 270 .pr_fasttimo = frag6_fasttimo, 271 .pr_slowtimo = frag6_slowtimo, 272 .pr_drain = frag6_drainstub, 273 }, 274 { .pr_type = SOCK_RAW, 275 .pr_domain = &inet6domain, 276 .pr_protocol = IPPROTO_ICMPV6, 277 .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, 278 .pr_input = icmp6_input, 279 .pr_ctlinput = rip6_ctlinput, 280 .pr_ctloutput = icmp6_ctloutput, 281 .pr_usrreqs = &rip6_usrreqs, 282 .pr_init = icmp6_init, 283 }, 284 { .pr_type = SOCK_DGRAM, 285 .pr_domain = &inet6domain, 286 .pr_protocol = IPPROTO_UDP, 287 .pr_flags = PR_ATOMIC|PR_ADDR|PR_PURGEIF, 288 .pr_input = udp6_input, 289 .pr_ctlinput = udp6_ctlinput, 290 .pr_ctloutput = udp6_ctloutput, 291 .pr_usrreqs = &udp6_usrreqs, 292 .pr_init = udp6_init, 293 }, 294 { .pr_type = SOCK_STREAM, 295 .pr_domain = &inet6domain, 296 .pr_protocol = IPPROTO_TCP, 297 .pr_flags = PR_CONNREQUIRED|PR_WANTRCVD|PR_LISTEN|PR_ABRTACPTDIS|PR_PURGEIF, 298 .pr_input = tcp6_input, 299 .pr_ctlinput = tcp6_ctlinput, 300 .pr_ctloutput = tcp_ctloutput, 301 .pr_usrreqs = &tcp_usrreqs, 302 .pr_init = tcp6_init, 303 .pr_fasttimo = tcp_fasttimo, 304 .pr_drain = tcp_drainstub, 305 }, 306 #ifdef DCCP 307 { .pr_type = SOCK_CONN_DGRAM, 308 .pr_domain = &inet6domain, 309 .pr_protocol = IPPROTO_DCCP, 310 .pr_flags = PR_CONNREQUIRED|PR_ATOMIC|PR_LISTEN, 311 .pr_input = dccp6_input, 312 .pr_ctlinput = dccp6_ctlinput, 313 .pr_ctloutput = dccp_ctloutput, 314 .pr_usrreqs = &dccp6_usrreqs, 315 #ifndef INET 316 .pr_init = dccp_init, 317 #endif 318 }, 319 #endif /* DCCP */ 320 #ifdef SCTP 321 { .pr_type = SOCK_DGRAM, 322 .pr_domain = &inet6domain, 323 .pr_protocol = IPPROTO_SCTP, 324 .pr_flags = PR_ADDR_OPT|PR_WANTRCVD, 325 .pr_input = sctp6_input, 326 .pr_ctlinput = sctp6_ctlinput, 327 .pr_ctloutput = sctp_ctloutput, 328 .pr_usrreqs = &sctp6_usrreqs, 329 .pr_drain = sctp_drain, 330 }, 331 { .pr_type = SOCK_SEQPACKET, 332 .pr_domain = &inet6domain, 333 .pr_protocol = IPPROTO_SCTP, 334 .pr_flags = PR_ADDR_OPT|PR_WANTRCVD, 335 .pr_input = sctp6_input, 336 .pr_ctlinput = sctp6_ctlinput, 337 .pr_ctloutput = sctp_ctloutput, 338 .pr_drain = sctp_drain, 339 }, 340 { .pr_type = SOCK_STREAM, 341 .pr_domain = &inet6domain, 342 .pr_protocol = IPPROTO_SCTP, 343 .pr_flags = PR_CONNREQUIRED|PR_ADDR_OPT|PR_WANTRCVD|PR_LISTEN, 344 .pr_input = sctp6_input, 345 .pr_ctlinput = sctp6_ctlinput, 346 .pr_ctloutput = sctp_ctloutput, 347 .pr_drain = sctp_drain, 348 }, 349 #endif /* SCTP */ 350 { .pr_type = SOCK_RAW, 351 .pr_domain = &inet6domain, 352 .pr_protocol = IPPROTO_RAW, 353 .pr_flags = PR_ATOMIC|PR_ADDR|PR_PURGEIF, 354 .pr_input = rip6_input, 355 .pr_ctlinput = rip6_ctlinput, 356 .pr_ctloutput = rip6_ctloutput, 357 .pr_usrreqs = &rip6_usrreqs, 358 }, 359 #ifdef GATEWAY 360 { .pr_domain = &inet6domain, 361 .pr_protocol = IPPROTO_IPV6, 362 .pr_slowtimo = ip6flow_slowtimo, 363 .pr_init = ip6flow_poolinit, 364 }, 365 #endif /* GATEWAY */ 366 { .pr_type = SOCK_RAW, 367 .pr_domain = &inet6domain, 368 .pr_protocol = IPPROTO_DSTOPTS, 369 .pr_flags = PR_ATOMIC|PR_ADDR, 370 .pr_input = dest6_input, 371 }, 372 { .pr_type = SOCK_RAW, 373 .pr_domain = &inet6domain, 374 .pr_protocol = IPPROTO_ROUTING, 375 .pr_flags = PR_ATOMIC|PR_ADDR, 376 .pr_input = route6_input, 377 }, 378 { .pr_type = SOCK_RAW, 379 .pr_domain = &inet6domain, 380 .pr_protocol = IPPROTO_FRAGMENT, 381 .pr_flags = PR_ATOMIC|PR_ADDR, 382 .pr_input = frag6_input, 383 }, 384 #ifdef IPSEC 385 { .pr_type = SOCK_RAW, 386 .pr_domain = &inet6domain, 387 .pr_protocol = IPPROTO_AH, 388 .pr_flags = PR_ATOMIC|PR_ADDR, 389 .pr_input = ipsec6_common_input, 390 .pr_ctlinput = ah6_ctlinput, 391 }, 392 { .pr_type = SOCK_RAW, 393 .pr_domain = &inet6domain, 394 .pr_protocol = IPPROTO_ESP, 395 .pr_flags = PR_ATOMIC|PR_ADDR, 396 .pr_input = ipsec6_common_input, 397 .pr_ctlinput = esp6_ctlinput, 398 }, 399 { .pr_type = SOCK_RAW, 400 .pr_domain = &inet6domain, 401 .pr_protocol = IPPROTO_IPCOMP, 402 .pr_flags = PR_ATOMIC|PR_ADDR, 403 .pr_input = ipsec6_common_input, 404 }, 405 #endif /* IPSEC */ 406 #ifdef INET 407 { .pr_type = SOCK_RAW, 408 .pr_domain = &inet6domain, 409 .pr_protocol = IPPROTO_IPV4, 410 .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, 411 .pr_input = encap6_input, 412 .pr_ctlinput = encap6_ctlinput, 413 .pr_ctloutput = rip6_ctloutput, 414 .pr_usrreqs = &rip6_usrreqs, 415 .pr_init = encap_init, 416 }, 417 #endif 418 { .pr_type = SOCK_RAW, 419 .pr_domain = &inet6domain, 420 .pr_protocol = IPPROTO_IPV6, 421 .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, 422 .pr_input = encap6_input, 423 .pr_ctlinput = encap6_ctlinput, 424 .pr_ctloutput = rip6_ctloutput, 425 .pr_usrreqs = &rip6_usrreqs, 426 .pr_init = encap_init, 427 }, 428 #if NCARP > 0 429 { .pr_type = SOCK_RAW, 430 .pr_domain = &inet6domain, 431 .pr_protocol = IPPROTO_CARP, 432 .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, 433 .pr_input = carp6_proto_input, 434 .pr_ctloutput = rip6_ctloutput, 435 .pr_usrreqs = &rip6_usrreqs, 436 }, 437 #endif /* NCARP */ 438 { .pr_type = SOCK_RAW, 439 .pr_domain = &inet6domain, 440 .pr_protocol = IPPROTO_L2TP, 441 .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, 442 .pr_input = encap6_input, 443 .pr_ctlinput = rip6_ctlinput, 444 .pr_ctloutput = rip6_ctloutput, 445 .pr_usrreqs = &rip6_usrreqs, 446 .pr_init = encap_init, 447 }, 448 { .pr_type = SOCK_RAW, 449 .pr_domain = &inet6domain, 450 .pr_protocol = IPPROTO_PIM, 451 .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, 452 .pr_input = pim6_input, 453 .pr_ctloutput = rip6_ctloutput, 454 .pr_usrreqs = &rip6_usrreqs, 455 .pr_init = pim6_init, 456 }, 457 /* raw wildcard */ 458 { .pr_type = SOCK_RAW, 459 .pr_domain = &inet6domain, 460 .pr_flags = PR_ATOMIC|PR_ADDR|PR_LASTHDR, 461 .pr_input = rip6_input, 462 .pr_ctloutput = rip6_ctloutput, 463 .pr_usrreqs = &rip6_usrreqs, 464 .pr_init = rip6_init, 465 }, 466 }; 467 468 static const struct sockaddr_in6 in6_any = { 469 .sin6_len = sizeof(in6_any) 470 , .sin6_family = AF_INET6 471 , .sin6_port = 0 472 , .sin6_flowinfo = 0 473 , .sin6_addr = IN6ADDR_ANY_INIT 474 , .sin6_scope_id = 0 475 }; 476 477 bool in6_present = false; 478 static void 479 in6_dom_init(void) 480 { 481 482 in6_present = true; 483 } 484 485 struct domain inet6domain = { 486 .dom_family = AF_INET6, .dom_name = "internet6", 487 .dom_init = in6_dom_init, .dom_externalize = NULL, .dom_dispose = NULL, 488 .dom_protosw = (const struct protosw *)inet6sw, 489 .dom_protoswNPROTOSW = (const struct protosw *)&inet6sw[sizeof(inet6sw)/sizeof(inet6sw[0])], 490 .dom_rtattach = rt_inithead, 491 .dom_rtoffset = offsetof(struct sockaddr_in6, sin6_addr) << 3, 492 .dom_maxrtkey = sizeof(struct ip_pack6), 493 .dom_if_up = in6_if_up, .dom_if_down = in6_if_down, 494 .dom_ifattach = in6_domifattach, .dom_ifdetach = in6_domifdetach, 495 .dom_if_link_state_change = in6_if_link_state_change, 496 .dom_ifqueues = { NULL, NULL }, 497 .dom_link = { NULL }, 498 .dom_mowner = MOWNER_INIT("",""), 499 .dom_sa_cmpofs = offsetof(struct sockaddr_in6, sin6_addr), 500 .dom_sa_cmplen = sizeof(struct in6_addr), 501 .dom_sa_any = (const struct sockaddr *)&in6_any, 502 .dom_sockaddr_externalize = sockaddr_in6_externalize, 503 }; 504 505 #if 0 506 int 507 sockaddr_in6_cmp(const struct sockaddr *lsa, const struct sockaddr *rsa) 508 { 509 uint_fast8_t len; 510 const uint_fast8_t addrofs = offsetof(struct sockaddr_in6, sin6_addr), 511 addrend = addrofs + sizeof(struct in6_addr); 512 int rc; 513 const struct sockaddr_in6 *lsin6, *rsin6; 514 515 lsin6 = satocsin6(lsa); 516 rsin6 = satocsin6(rsa); 517 518 len = MIN(addrend, MIN(lsin6->sin6_len, rsin6->sin6_len)); 519 520 if (len > addrofs && 521 (rc = memcmp(&lsin6->sin6_addr, &rsin6->sin6_addr, 522 len - addrofs)) != 0) 523 return rc; 524 525 return lsin6->sin6_len - rsin6->sin6_len; 526 } 527 #endif 528 529 /* 530 * Internet configuration info 531 */ 532 #ifdef GATEWAY6 533 #define IPV6FORWARDING 1 /* forward IP6 packets not for us */ 534 #else 535 #define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */ 536 #endif 537 538 int ip6_forwarding = IPV6FORWARDING; /* act as router? */ 539 int ip6_sendredirects = 1; 540 int ip6_defhlim = IPV6_DEFHLIM; 541 int ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS; 542 int ip6_accept_rtadv = 0; 543 int ip6_maxfragpackets = 200; 544 int ip6_maxfrags = 200; 545 int ip6_log_interval = 5; 546 int ip6_hdrnestlimit = 15; 547 int ip6_dad_count = 1; /* DupAddrDetectionTransmits */ 548 int ip6_auto_flowlabel = 1; 549 int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ 550 int ip6_rr_prune = 5; /* router renumbering prefix 551 * walk list every 5 sec. */ 552 int ip6_mcast_pmtu = 0; /* enable pMTU discovery for multicast? */ 553 int ip6_v6only = 1; 554 int ip6_neighborgcthresh = 2048; /* Threshold # of NDP entries for GC */ 555 int ip6_maxifprefixes = 16; /* Max acceptable prefixes via RA per IF */ 556 int ip6_maxifdefrouters = 16; /* Max acceptable def routers via RA */ 557 int ip6_maxdynroutes = 4096; /* Max # of routes created via redirect */ 558 559 int ip6_keepfaith = 0; 560 time_t ip6_log_time = 0; 561 int ip6_rtadv_maxroutes = 100; /* (arbitrary) initial maximum number of 562 * routes via rtadv expected to be 563 * significantly larger than common use. 564 * if you need to count: 3 extra initial 565 * routes, plus 1 per interface after the 566 * first one, then one per non-linklocal 567 * prefix */ 568 569 /* icmp6 */ 570 int pmtu_expire = 60*10; 571 572 /* raw IP6 parameters */ 573 /* 574 * Nominal space allocated to a raw ip socket. 575 */ 576 #define RIPV6SNDQ 8192 577 #define RIPV6RCVQ 16384 578 579 u_long rip6_sendspace = RIPV6SNDQ; 580 u_long rip6_recvspace = RIPV6RCVQ; 581 582 /* ICMPV6 parameters */ 583 int icmp6_rediraccept = 1; /* accept and process redirects */ 584 int icmp6_redirtimeout = 10 * 60; /* 10 minutes */ 585 int icmp6errppslim = 100; /* 100pps */ 586 int icmp6_nodeinfo = 1; /* enable/disable NI response */ 587