1 /* $NetBSD: ip6_input.c,v 1.222 2020/08/28 06:32:24 ozaki-r Exp $ */ 2 /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1988, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.222 2020/08/28 06:32:24 ozaki-r Exp $"); 66 67 #ifdef _KERNEL_OPT 68 #include "opt_gateway.h" 69 #include "opt_inet.h" 70 #include "opt_inet6.h" 71 #include "opt_ipsec.h" 72 #include "opt_net_mpsafe.h" 73 #endif 74 75 #include <sys/param.h> 76 #include <sys/systm.h> 77 #include <sys/mbuf.h> 78 #include <sys/domain.h> 79 #include <sys/protosw.h> 80 #include <sys/socket.h> 81 #include <sys/socketvar.h> 82 #include <sys/errno.h> 83 #include <sys/time.h> 84 #include <sys/kernel.h> 85 #include <sys/syslog.h> 86 #include <sys/proc.h> 87 #include <sys/sysctl.h> 88 #include <sys/cprng.h> 89 #include <sys/percpu.h> 90 91 #include <net/if.h> 92 #include <net/if_types.h> 93 #include <net/if_dl.h> 94 #include <net/route.h> 95 #include <net/pktqueue.h> 96 #include <net/pfil.h> 97 98 #include <netinet/in.h> 99 #include <netinet/in_systm.h> 100 #ifdef INET 101 #include <netinet/ip.h> 102 #include <netinet/ip_var.h> 103 #include <netinet/ip_icmp.h> 104 #endif /* INET */ 105 #include <netinet/ip6.h> 106 #include <netinet/portalgo.h> 107 #include <netinet6/in6_var.h> 108 #include <netinet6/ip6_var.h> 109 #include <netinet6/ip6_private.h> 110 #include <netinet6/in6_pcb.h> 111 #include <netinet/icmp6.h> 112 #include <netinet6/scope6_var.h> 113 #include <netinet6/in6_ifattach.h> 114 #include <netinet6/nd6.h> 115 116 #ifdef IPSEC 117 #include <netipsec/ipsec.h> 118 #include <netipsec/ipsec6.h> 119 #include <netipsec/key.h> 120 #endif /* IPSEC */ 121 122 #include <netinet6/ip6protosw.h> 123 124 #include "faith.h" 125 126 extern struct domain inet6domain; 127 128 u_char ip6_protox[IPPROTO_MAX]; 129 pktqueue_t *ip6_pktq __read_mostly; 130 131 pfil_head_t *inet6_pfil_hook; 132 133 percpu_t *ip6stat_percpu; 134 135 percpu_t *ip6_forward_rt_percpu __cacheline_aligned; 136 137 static void ip6intr(void *); 138 static void ip6_input(struct mbuf *, struct ifnet *); 139 static bool ip6_badaddr(struct ip6_hdr *); 140 static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); 141 142 static struct m_tag *ip6_addaux(struct mbuf *); 143 static struct m_tag *ip6_findaux(struct mbuf *); 144 static void ip6_delaux(struct mbuf *); 145 146 static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, 147 u_int32_t *); 148 static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); 149 static void sysctl_net_inet6_ip6_setup(struct sysctllog **); 150 151 #ifdef NET_MPSAFE 152 #define SOFTNET_LOCK() mutex_enter(softnet_lock) 153 #define SOFTNET_UNLOCK() mutex_exit(softnet_lock) 154 #else 155 #define SOFTNET_LOCK() KASSERT(mutex_owned(softnet_lock)) 156 #define SOFTNET_UNLOCK() KASSERT(mutex_owned(softnet_lock)) 157 #endif 158 159 /* Ensure that non packed structures are the desired size. */ 160 __CTASSERT(sizeof(struct ip6_hdr) == 40); 161 __CTASSERT(sizeof(struct ip6_ext) == 2); 162 __CTASSERT(sizeof(struct ip6_hbh) == 2); 163 __CTASSERT(sizeof(struct ip6_dest) == 2); 164 __CTASSERT(sizeof(struct ip6_opt) == 2); 165 __CTASSERT(sizeof(struct ip6_opt_jumbo) == 6); 166 __CTASSERT(sizeof(struct ip6_opt_nsap) == 4); 167 __CTASSERT(sizeof(struct ip6_opt_tunnel) == 3); 168 __CTASSERT(sizeof(struct ip6_opt_router) == 4); 169 __CTASSERT(sizeof(struct ip6_rthdr) == 4); 170 __CTASSERT(sizeof(struct ip6_rthdr0) == 8); 171 __CTASSERT(sizeof(struct ip6_frag) == 8); 172 173 /* 174 * IP6 initialization: fill in IP6 protocol switch table. 175 * All protocols not implemented in kernel go to raw IP6 protocol handler. 176 */ 177 void 178 ip6_init(void) 179 { 180 const struct ip6protosw *pr; 181 int i; 182 183 in6_init(); 184 185 sysctl_net_inet6_ip6_setup(NULL); 186 pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); 187 if (pr == 0) 188 panic("ip6_init"); 189 for (i = 0; i < IPPROTO_MAX; i++) 190 ip6_protox[i] = pr - inet6sw; 191 for (pr = (const struct ip6protosw *)inet6domain.dom_protosw; 192 pr < (const struct ip6protosw *)inet6domain.dom_protoswNPROTOSW; pr++) 193 if (pr->pr_domain->dom_family == PF_INET6 && 194 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) 195 ip6_protox[pr->pr_protocol] = pr - inet6sw; 196 197 ip6_pktq = pktq_create(IFQ_MAXLEN, ip6intr, NULL); 198 KASSERT(ip6_pktq != NULL); 199 200 scope6_init(); 201 addrsel_policy_init(); 202 nd6_init(); 203 frag6_init(); 204 205 #ifdef GATEWAY 206 ip6flow_init(ip6_hashsize); 207 #endif 208 /* Register our Packet Filter hook. */ 209 inet6_pfil_hook = pfil_head_create(PFIL_TYPE_AF, (void *)AF_INET6); 210 KASSERT(inet6_pfil_hook != NULL); 211 212 ip6stat_percpu = percpu_alloc(sizeof(uint64_t) * IP6_NSTATS); 213 ip6_forward_rt_percpu = rtcache_percpu_alloc(); 214 } 215 216 /* 217 * IP6 input interrupt handling. Just pass the packet to ip6_input. 218 */ 219 static void 220 ip6intr(void *arg __unused) 221 { 222 struct mbuf *m; 223 224 SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE(); 225 while ((m = pktq_dequeue(ip6_pktq)) != NULL) { 226 struct psref psref; 227 struct ifnet *rcvif = m_get_rcvif_psref(m, &psref); 228 229 if (rcvif == NULL) { 230 IP6_STATINC(IP6_STAT_IFDROP); 231 m_freem(m); 232 continue; 233 } 234 /* 235 * Drop the packet if IPv6 is disabled on the interface. 236 */ 237 if ((ND_IFINFO(rcvif)->flags & ND6_IFF_IFDISABLED)) { 238 m_put_rcvif_psref(rcvif, &psref); 239 IP6_STATINC(IP6_STAT_IFDROP); 240 m_freem(m); 241 continue; 242 } 243 ip6_input(m, rcvif); 244 m_put_rcvif_psref(rcvif, &psref); 245 } 246 SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); 247 } 248 249 static void 250 ip6_input(struct mbuf *m, struct ifnet *rcvif) 251 { 252 struct ip6_hdr *ip6; 253 int hit, off = sizeof(struct ip6_hdr), nest; 254 u_int32_t plen; 255 u_int32_t rtalert = ~0; 256 int nxt, ours = 0, rh_present = 0, frg_present; 257 struct ifnet *deliverifp = NULL; 258 int srcrt = 0; 259 struct rtentry *rt = NULL; 260 union { 261 struct sockaddr dst; 262 struct sockaddr_in6 dst6; 263 } u; 264 struct route *ro; 265 266 KASSERT(rcvif != NULL); 267 268 /* 269 * make sure we don't have onion peering information into m_tag. 270 */ 271 ip6_delaux(m); 272 273 /* 274 * mbuf statistics 275 */ 276 if (m->m_flags & M_EXT) { 277 if (m->m_next) 278 IP6_STATINC(IP6_STAT_MEXT2M); 279 else 280 IP6_STATINC(IP6_STAT_MEXT1); 281 } else { 282 #define M2MMAX 32 283 if (m->m_next) { 284 if (m->m_flags & M_LOOP) 285 /*XXX*/ IP6_STATINC(IP6_STAT_M2M + lo0ifp->if_index); 286 else if (rcvif->if_index < M2MMAX) 287 IP6_STATINC(IP6_STAT_M2M + rcvif->if_index); 288 else 289 IP6_STATINC(IP6_STAT_M2M); 290 } else 291 IP6_STATINC(IP6_STAT_M1); 292 #undef M2MMAX 293 } 294 295 in6_ifstat_inc(rcvif, ifs6_in_receive); 296 IP6_STATINC(IP6_STAT_TOTAL); 297 298 /* 299 * If the IPv6 header is not aligned, slurp it up into a new 300 * mbuf with space for link headers, in the event we forward 301 * it. Otherwise, if it is aligned, make sure the entire base 302 * IPv6 header is in the first mbuf of the chain. 303 */ 304 if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { 305 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 306 (max_linkhdr + 3) & ~3)) == NULL) { 307 /* XXXJRT new stat, please */ 308 IP6_STATINC(IP6_STAT_TOOSMALL); 309 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 310 return; 311 } 312 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 313 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 314 IP6_STATINC(IP6_STAT_TOOSMALL); 315 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 316 return; 317 } 318 } 319 320 ip6 = mtod(m, struct ip6_hdr *); 321 322 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 323 IP6_STATINC(IP6_STAT_BADVERS); 324 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 325 goto bad; 326 } 327 328 if (ip6_badaddr(ip6)) { 329 IP6_STATINC(IP6_STAT_BADSCOPE); 330 in6_ifstat_inc(rcvif, ifs6_in_addrerr); 331 goto bad; 332 } 333 334 /* 335 * Assume that we can create a fast-forward IP flow entry 336 * based on this packet. 337 */ 338 m->m_flags |= M_CANFASTFWD; 339 340 /* 341 * Run through list of hooks for input packets. If there are any 342 * filters which require that additional packets in the flow are 343 * not fast-forwarded, they must clear the M_CANFASTFWD flag. 344 * Note that filters must _never_ set this flag, as another filter 345 * in the list may have previously cleared it. 346 * 347 * Don't call hooks if the packet has already been processed by 348 * IPsec (encapsulated, tunnel mode). 349 */ 350 #if defined(IPSEC) 351 if (!ipsec_used || !ipsec_skip_pfil(m)) 352 #else 353 if (1) 354 #endif 355 { 356 struct in6_addr odst; 357 int error; 358 359 odst = ip6->ip6_dst; 360 error = pfil_run_hooks(inet6_pfil_hook, &m, rcvif, PFIL_IN); 361 if (error != 0 || m == NULL) { 362 IP6_STATINC(IP6_STAT_PFILDROP_IN); 363 return; 364 } 365 if (m->m_len < sizeof(struct ip6_hdr)) { 366 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 367 IP6_STATINC(IP6_STAT_TOOSMALL); 368 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 369 return; 370 } 371 } 372 ip6 = mtod(m, struct ip6_hdr *); 373 srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); 374 } 375 376 IP6_STATINC(IP6_STAT_NXTHIST + ip6->ip6_nxt); 377 378 #ifdef ALTQ 379 if (altq_input != NULL) { 380 SOFTNET_LOCK(); 381 if ((*altq_input)(m, AF_INET6) == 0) { 382 SOFTNET_UNLOCK(); 383 /* packet is dropped by traffic conditioner */ 384 return; 385 } 386 SOFTNET_UNLOCK(); 387 } 388 #endif 389 390 /* 391 * Disambiguate address scope zones (if there is ambiguity). 392 * We first make sure that the original source or destination address 393 * is not in our internal form for scoped addresses. Such addresses 394 * are not necessarily invalid spec-wise, but we cannot accept them due 395 * to the usage conflict. 396 * in6_setscope() then also checks and rejects the cases where src or 397 * dst are the loopback address and the receiving interface 398 * is not loopback. 399 */ 400 if (__predict_false( 401 m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) { 402 IP6_STATINC(IP6_STAT_IDROPPED); 403 goto bad; 404 } 405 ip6 = mtod(m, struct ip6_hdr *); 406 if (in6_clearscope(&ip6->ip6_src) || in6_clearscope(&ip6->ip6_dst)) { 407 IP6_STATINC(IP6_STAT_BADSCOPE); /* XXX */ 408 goto bad; 409 } 410 if (in6_setscope(&ip6->ip6_src, rcvif, NULL) || 411 in6_setscope(&ip6->ip6_dst, rcvif, NULL)) { 412 IP6_STATINC(IP6_STAT_BADSCOPE); 413 goto bad; 414 } 415 416 ro = rtcache_percpu_getref(ip6_forward_rt_percpu); 417 418 /* 419 * Multicast check 420 */ 421 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 422 bool ingroup; 423 424 in6_ifstat_inc(rcvif, ifs6_in_mcast); 425 /* 426 * See if we belong to the destination multicast group on the 427 * arrival interface. 428 */ 429 ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); 430 if (ingroup) { 431 ours = 1; 432 } else if (!ip6_mrouter) { 433 uint64_t *ip6s = IP6_STAT_GETREF(); 434 ip6s[IP6_STAT_NOTMEMBER]++; 435 ip6s[IP6_STAT_CANTFORWARD]++; 436 IP6_STAT_PUTREF(); 437 in6_ifstat_inc(rcvif, ifs6_in_discard); 438 goto bad_unref; 439 } 440 deliverifp = rcvif; 441 goto hbhcheck; 442 } 443 444 sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); 445 446 /* 447 * Unicast check 448 */ 449 rt = rtcache_lookup2(ro, &u.dst, 1, &hit); 450 if (hit) 451 IP6_STATINC(IP6_STAT_FORWARD_CACHEHIT); 452 else 453 IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); 454 455 /* 456 * Accept the packet if the forwarding interface to the destination 457 * (according to the routing table) is the loopback interface, 458 * unless the associated route has a gateway. 459 * 460 * We don't explicitly match ip6_dst against an interface here. It 461 * is already done in rtcache_lookup2: rt->rt_ifp->if_type will be 462 * IFT_LOOP if the packet is for us. 463 * 464 * Note that this approach causes to accept a packet if there is a 465 * route to the loopback interface for the destination of the packet. 466 * But we think it's even useful in some situations, e.g. when using 467 * a special daemon which wants to intercept the packet. 468 */ 469 if (rt != NULL && 470 (rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && 471 rt->rt_ifp->if_type == IFT_LOOP) { 472 struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; 473 int addrok; 474 475 if (ia6->ia6_flags & IN6_IFF_ANYCAST) 476 m->m_flags |= M_ANYCAST6; 477 /* 478 * packets to a tentative, duplicated, or somehow invalid 479 * address must not be accepted. 480 */ 481 if (ia6->ia6_flags & IN6_IFF_NOTREADY) 482 addrok = 0; 483 else if (ia6->ia6_flags & IN6_IFF_DETACHED && 484 !IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) 485 { 486 /* Allow internal traffic to DETACHED addresses */ 487 struct sockaddr_in6 sin6; 488 int s; 489 490 memset(&sin6, 0, sizeof(sin6)); 491 sin6.sin6_family = AF_INET6; 492 sin6.sin6_len = sizeof(sin6); 493 sin6.sin6_addr = ip6->ip6_src; 494 s = pserialize_read_enter(); 495 addrok = (ifa_ifwithaddr(sin6tosa(&sin6)) != NULL); 496 pserialize_read_exit(s); 497 } else 498 addrok = 1; 499 if (addrok) { 500 /* this address is ready */ 501 ours = 1; 502 deliverifp = ia6->ia_ifp; /* correct? */ 503 goto hbhcheck; 504 } else { 505 /* address is not ready, so discard the packet. */ 506 char ip6bufs[INET6_ADDRSTRLEN]; 507 char ip6bufd[INET6_ADDRSTRLEN]; 508 nd6log(LOG_INFO, "packet to an unready address %s->%s\n", 509 IN6_PRINT(ip6bufs, &ip6->ip6_src), 510 IN6_PRINT(ip6bufd, &ip6->ip6_dst)); 511 512 IP6_STATINC(IP6_STAT_IDROPPED); 513 goto bad_unref; 514 } 515 } 516 517 /* 518 * FAITH (Firewall Aided Internet Translator) 519 */ 520 #if defined(NFAITH) && 0 < NFAITH 521 if (ip6_keepfaith) { 522 if (rt != NULL && rt->rt_ifp != NULL && 523 rt->rt_ifp->if_type == IFT_FAITH) { 524 /* XXX do we need more sanity checks? */ 525 ours = 1; 526 deliverifp = rt->rt_ifp; /* faith */ 527 goto hbhcheck; 528 } 529 } 530 #endif 531 532 /* 533 * Now there is no reason to process the packet if it's not our own 534 * and we're not a router. 535 */ 536 if (!ip6_forwarding) { 537 IP6_STATINC(IP6_STAT_CANTFORWARD); 538 in6_ifstat_inc(rcvif, ifs6_in_discard); 539 goto bad_unref; 540 } 541 542 hbhcheck: 543 /* 544 * Record address information into m_tag, if we don't have one yet. 545 * Note that we are unable to record it, if the address is not listed 546 * as our interface address (e.g. multicast addresses, addresses 547 * within FAITH prefixes and such). 548 */ 549 if (deliverifp && ip6_getdstifaddr(m) == NULL) { 550 struct in6_ifaddr *ia6; 551 int s = pserialize_read_enter(); 552 553 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 554 /* Depends on ip6_setdstifaddr never sleep */ 555 if (ia6 != NULL && ip6_setdstifaddr(m, ia6) == NULL) { 556 /* 557 * XXX maybe we should drop the packet here, 558 * as we could not provide enough information 559 * to the upper layers. 560 */ 561 } 562 pserialize_read_exit(s); 563 } 564 565 /* 566 * Process Hop-by-Hop options header if it's contained. 567 * m may be modified in ip6_hopopts_input(). 568 * If a JumboPayload option is included, plen will also be modified. 569 */ 570 plen = (u_int32_t)ntohs(ip6->ip6_plen); 571 if (ip6->ip6_nxt == IPPROTO_HOPOPTS) { 572 struct ip6_hbh *hbh; 573 574 if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { 575 /* m already freed */ 576 in6_ifstat_inc(rcvif, ifs6_in_discard); 577 rtcache_unref(rt, ro); 578 rtcache_percpu_putref(ip6_forward_rt_percpu); 579 return; 580 } 581 582 /* adjust pointer */ 583 ip6 = mtod(m, struct ip6_hdr *); 584 585 /* 586 * if the payload length field is 0 and the next header field 587 * indicates Hop-by-Hop Options header, then a Jumbo Payload 588 * option MUST be included. 589 */ 590 if (ip6->ip6_plen == 0 && plen == 0) { 591 /* 592 * Note that if a valid jumbo payload option is 593 * contained, ip6_hopopts_input() must set a valid 594 * (non-zero) payload length to the variable plen. 595 */ 596 IP6_STATINC(IP6_STAT_BADOPTIONS); 597 in6_ifstat_inc(rcvif, ifs6_in_discard); 598 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 599 icmp6_error(m, ICMP6_PARAM_PROB, 600 ICMP6_PARAMPROB_HEADER, 601 (char *)&ip6->ip6_plen - (char *)ip6); 602 rtcache_unref(rt, ro); 603 rtcache_percpu_putref(ip6_forward_rt_percpu); 604 return; 605 } 606 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), 607 sizeof(struct ip6_hbh)); 608 if (hbh == NULL) { 609 IP6_STATINC(IP6_STAT_TOOSHORT); 610 rtcache_unref(rt, ro); 611 rtcache_percpu_putref(ip6_forward_rt_percpu); 612 return; 613 } 614 KASSERT(IP6_HDR_ALIGNED_P(hbh)); 615 nxt = hbh->ip6h_nxt; 616 617 /* 618 * accept the packet if a router alert option is included 619 * and we act as an IPv6 router. 620 */ 621 if (rtalert != ~0 && ip6_forwarding) 622 ours = 1; 623 } else 624 nxt = ip6->ip6_nxt; 625 626 /* 627 * Check that the amount of data in the buffers is at least much as 628 * the IPv6 header would have us expect. Trim mbufs if longer than we 629 * expect. Drop packet if shorter than we expect. 630 */ 631 if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { 632 IP6_STATINC(IP6_STAT_TOOSHORT); 633 in6_ifstat_inc(rcvif, ifs6_in_truncated); 634 goto bad_unref; 635 } 636 if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) { 637 if (m->m_len == m->m_pkthdr.len) { 638 m->m_len = sizeof(struct ip6_hdr) + plen; 639 m->m_pkthdr.len = sizeof(struct ip6_hdr) + plen; 640 } else 641 m_adj(m, sizeof(struct ip6_hdr) + plen - m->m_pkthdr.len); 642 } 643 644 /* 645 * Forward if desirable. 646 */ 647 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 648 /* 649 * If we are acting as a multicast router, all 650 * incoming multicast packets are passed to the 651 * kernel-level multicast forwarding function. 652 * The packet is returned (relatively) intact; if 653 * ip6_mforward() returns a non-zero value, the packet 654 * must be discarded, else it may be accepted below. 655 */ 656 if (ip6_mrouter != NULL) { 657 int error; 658 659 SOFTNET_LOCK(); 660 error = ip6_mforward(ip6, rcvif, m); 661 SOFTNET_UNLOCK(); 662 663 if (error != 0) { 664 rtcache_unref(rt, ro); 665 rtcache_percpu_putref(ip6_forward_rt_percpu); 666 IP6_STATINC(IP6_STAT_CANTFORWARD); 667 goto bad; 668 } 669 } 670 if (!ours) { 671 IP6_STATINC(IP6_STAT_CANTFORWARD); 672 goto bad_unref; 673 } 674 } else if (!ours) { 675 rtcache_unref(rt, ro); 676 rtcache_percpu_putref(ip6_forward_rt_percpu); 677 ip6_forward(m, srcrt, rcvif); 678 return; 679 } 680 681 ip6 = mtod(m, struct ip6_hdr *); 682 683 /* 684 * Malicious party may be able to use IPv4 mapped addr to confuse 685 * tcp/udp stack and bypass security checks (act as if it was from 686 * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. 687 * 688 * For SIIT end node behavior, you may want to disable the check. 689 * However, you will become vulnerable to attacks using IPv4 mapped 690 * source. 691 */ 692 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 693 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 694 IP6_STATINC(IP6_STAT_BADSCOPE); 695 in6_ifstat_inc(rcvif, ifs6_in_addrerr); 696 goto bad_unref; 697 } 698 699 #ifdef IFA_STATS 700 if (deliverifp != NULL) { 701 struct in6_ifaddr *ia6; 702 int s = pserialize_read_enter(); 703 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 704 if (ia6) 705 ia6->ia_ifa.ifa_data.ifad_inbytes += m->m_pkthdr.len; 706 pserialize_read_exit(s); 707 } 708 #endif 709 IP6_STATINC(IP6_STAT_DELIVERED); 710 in6_ifstat_inc(deliverifp, ifs6_in_deliver); 711 nest = 0; 712 713 if (rt != NULL) { 714 rtcache_unref(rt, ro); 715 rt = NULL; 716 } 717 rtcache_percpu_putref(ip6_forward_rt_percpu); 718 719 rh_present = 0; 720 frg_present = 0; 721 while (nxt != IPPROTO_DONE) { 722 if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { 723 IP6_STATINC(IP6_STAT_TOOMANYHDR); 724 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 725 goto bad; 726 } 727 728 M_VERIFY_PACKET(m); 729 730 /* 731 * protection against faulty packet - there should be 732 * more sanity checks in header chain processing. 733 */ 734 if (m->m_pkthdr.len < off) { 735 IP6_STATINC(IP6_STAT_TOOSHORT); 736 in6_ifstat_inc(rcvif, ifs6_in_truncated); 737 goto bad; 738 } 739 740 if (nxt == IPPROTO_ROUTING) { 741 if (rh_present++) { 742 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 743 IP6_STATINC(IP6_STAT_BADOPTIONS); 744 goto bad; 745 } 746 } else if (nxt == IPPROTO_FRAGMENT) { 747 if (frg_present++) { 748 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 749 IP6_STATINC(IP6_STAT_BADOPTIONS); 750 goto bad; 751 } 752 } 753 754 #ifdef IPSEC 755 if (ipsec_used) { 756 /* 757 * Enforce IPsec policy checking if we are seeing last 758 * header. Note that we do not visit this with 759 * protocols with pcb layer code - like udp/tcp/raw ip. 760 */ 761 if ((inet6sw[ip6_protox[nxt]].pr_flags 762 & PR_LASTHDR) != 0) { 763 int error; 764 765 error = ipsec_ip_input_checkpolicy(m, false); 766 if (error) { 767 IP6_STATINC(IP6_STAT_IPSECDROP_IN); 768 goto bad; 769 } 770 } 771 } 772 #endif 773 774 nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); 775 } 776 return; 777 778 bad_unref: 779 rtcache_unref(rt, ro); 780 rtcache_percpu_putref(ip6_forward_rt_percpu); 781 bad: 782 m_freem(m); 783 return; 784 } 785 786 static bool 787 ip6_badaddr(struct ip6_hdr *ip6) 788 { 789 /* Check against address spoofing/corruption. */ 790 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || 791 IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { 792 return true; 793 } 794 795 /* 796 * The following check is not documented in specs. A malicious 797 * party may be able to use IPv4 mapped addr to confuse tcp/udp stack 798 * and bypass security checks (act as if it was from 127.0.0.1 by using 799 * IPv6 src ::ffff:127.0.0.1). Be cautious. 800 * 801 * This check chokes if we are in an SIIT cloud. As none of BSDs 802 * support IPv4-less kernel compilation, we cannot support SIIT 803 * environment at all. So, it makes more sense for us to reject any 804 * malicious packets for non-SIIT environment, than try to do a 805 * partial support for SIIT environment. 806 */ 807 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 808 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 809 return true; 810 } 811 812 /* 813 * Reject packets with IPv4-compatible IPv6 addresses (RFC4291). 814 */ 815 if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || 816 IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { 817 return true; 818 } 819 820 return false; 821 } 822 823 /* 824 * set/grab in6_ifaddr correspond to IPv6 destination address. 825 */ 826 static struct m_tag * 827 ip6_setdstifaddr(struct mbuf *m, const struct in6_ifaddr *ia) 828 { 829 struct m_tag *mtag; 830 struct ip6aux *ip6a; 831 832 mtag = ip6_addaux(m); 833 if (mtag == NULL) 834 return NULL; 835 836 ip6a = (struct ip6aux *)(mtag + 1); 837 if (in6_setscope(&ip6a->ip6a_src, ia->ia_ifp, &ip6a->ip6a_scope_id)) { 838 IP6_STATINC(IP6_STAT_BADSCOPE); 839 return NULL; 840 } 841 842 ip6a->ip6a_src = ia->ia_addr.sin6_addr; 843 ip6a->ip6a_flags = ia->ia6_flags; 844 return mtag; 845 } 846 847 const struct ip6aux * 848 ip6_getdstifaddr(struct mbuf *m) 849 { 850 struct m_tag *mtag; 851 852 mtag = ip6_findaux(m); 853 if (mtag != NULL) 854 return (struct ip6aux *)(mtag + 1); 855 else 856 return NULL; 857 } 858 859 /* 860 * Hop-by-Hop options header processing. If a valid jumbo payload option is 861 * included, the real payload length will be stored in plenp. 862 * 863 * rtalertp - XXX: should be stored more smart way 864 */ 865 int 866 ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, 867 struct mbuf **mp, int *offp) 868 { 869 struct mbuf *m = *mp; 870 int off = *offp, hbhlen; 871 struct ip6_hbh *hbh; 872 873 /* validation of the length of the header */ 874 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, 875 sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); 876 if (hbh == NULL) { 877 IP6_STATINC(IP6_STAT_TOOSHORT); 878 return -1; 879 } 880 hbhlen = (hbh->ip6h_len + 1) << 3; 881 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), 882 hbhlen); 883 if (hbh == NULL) { 884 IP6_STATINC(IP6_STAT_TOOSHORT); 885 return -1; 886 } 887 KASSERT(IP6_HDR_ALIGNED_P(hbh)); 888 off += hbhlen; 889 hbhlen -= sizeof(struct ip6_hbh); 890 891 if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), 892 hbhlen, rtalertp, plenp) < 0) 893 return -1; 894 895 *offp = off; 896 *mp = m; 897 return 0; 898 } 899 900 /* 901 * Search header for all Hop-by-hop options and process each option. 902 * This function is separate from ip6_hopopts_input() in order to 903 * handle a case where the sending node itself process its hop-by-hop 904 * options header. In such a case, the function is called from ip6_output(). 905 * 906 * The function assumes that hbh header is located right after the IPv6 header 907 * (RFC2460 p7), opthead is pointer into data content in m, and opthead to 908 * opthead + hbhlen is located in continuous memory region. 909 */ 910 static int 911 ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, 912 u_int32_t *rtalertp, u_int32_t *plenp) 913 { 914 struct ip6_hdr *ip6; 915 int optlen = 0; 916 u_int8_t *opt = opthead; 917 u_int16_t rtalert_val; 918 u_int32_t jumboplen; 919 const int erroff = sizeof(struct ip6_hdr) + sizeof(struct ip6_hbh); 920 921 for (; hbhlen > 0; hbhlen -= optlen, opt += optlen) { 922 switch (*opt) { 923 case IP6OPT_PAD1: 924 optlen = 1; 925 break; 926 case IP6OPT_PADN: 927 if (hbhlen < IP6OPT_MINLEN) { 928 IP6_STATINC(IP6_STAT_TOOSMALL); 929 goto bad; 930 } 931 optlen = *(opt + 1) + 2; 932 break; 933 case IP6OPT_RTALERT: 934 /* XXX may need check for alignment */ 935 if (hbhlen < IP6OPT_RTALERT_LEN) { 936 IP6_STATINC(IP6_STAT_TOOSMALL); 937 goto bad; 938 } 939 if (*(opt + 1) != IP6OPT_RTALERT_LEN - 2) { 940 IP6_STATINC(IP6_STAT_BADOPTIONS); 941 icmp6_error(m, ICMP6_PARAM_PROB, 942 ICMP6_PARAMPROB_HEADER, 943 erroff + opt + 1 - opthead); 944 return (-1); 945 } 946 optlen = IP6OPT_RTALERT_LEN; 947 memcpy((void *)&rtalert_val, (void *)(opt + 2), 2); 948 *rtalertp = ntohs(rtalert_val); 949 break; 950 case IP6OPT_JUMBO: 951 /* XXX may need check for alignment */ 952 if (hbhlen < IP6OPT_JUMBO_LEN) { 953 IP6_STATINC(IP6_STAT_TOOSMALL); 954 goto bad; 955 } 956 if (*(opt + 1) != IP6OPT_JUMBO_LEN - 2) { 957 IP6_STATINC(IP6_STAT_BADOPTIONS); 958 icmp6_error(m, ICMP6_PARAM_PROB, 959 ICMP6_PARAMPROB_HEADER, 960 erroff + opt + 1 - opthead); 961 return (-1); 962 } 963 optlen = IP6OPT_JUMBO_LEN; 964 965 /* 966 * IPv6 packets that have non 0 payload length 967 * must not contain a jumbo payload option. 968 */ 969 ip6 = mtod(m, struct ip6_hdr *); 970 if (ip6->ip6_plen) { 971 IP6_STATINC(IP6_STAT_BADOPTIONS); 972 icmp6_error(m, ICMP6_PARAM_PROB, 973 ICMP6_PARAMPROB_HEADER, 974 erroff + opt - opthead); 975 return (-1); 976 } 977 978 /* 979 * We may see jumbolen in unaligned location, so 980 * we'd need to perform memcpy(). 981 */ 982 memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); 983 jumboplen = (u_int32_t)htonl(jumboplen); 984 985 #if 1 986 /* 987 * if there are multiple jumbo payload options, 988 * *plenp will be non-zero and the packet will be 989 * rejected. 990 * the behavior may need some debate in ipngwg - 991 * multiple options does not make sense, however, 992 * there's no explicit mention in specification. 993 */ 994 if (*plenp != 0) { 995 IP6_STATINC(IP6_STAT_BADOPTIONS); 996 icmp6_error(m, ICMP6_PARAM_PROB, 997 ICMP6_PARAMPROB_HEADER, 998 erroff + opt + 2 - opthead); 999 return (-1); 1000 } 1001 #endif 1002 1003 /* 1004 * jumbo payload length must be larger than 65535. 1005 */ 1006 if (jumboplen <= IPV6_MAXPACKET) { 1007 IP6_STATINC(IP6_STAT_BADOPTIONS); 1008 icmp6_error(m, ICMP6_PARAM_PROB, 1009 ICMP6_PARAMPROB_HEADER, 1010 erroff + opt + 2 - opthead); 1011 return (-1); 1012 } 1013 *plenp = jumboplen; 1014 1015 break; 1016 default: /* unknown option */ 1017 if (hbhlen < IP6OPT_MINLEN) { 1018 IP6_STATINC(IP6_STAT_TOOSMALL); 1019 goto bad; 1020 } 1021 optlen = ip6_unknown_opt(opt, m, 1022 erroff + opt - opthead); 1023 if (optlen == -1) 1024 return (-1); 1025 optlen += 2; 1026 break; 1027 } 1028 } 1029 1030 return (0); 1031 1032 bad: 1033 m_freem(m); 1034 return (-1); 1035 } 1036 1037 /* 1038 * Unknown option processing. 1039 * The third argument `off' is the offset from the IPv6 header to the option, 1040 * which is necessary if the IPv6 header the and option header and IPv6 header 1041 * is not continuous in order to return an ICMPv6 error. 1042 */ 1043 int 1044 ip6_unknown_opt(u_int8_t *optp, struct mbuf *m, int off) 1045 { 1046 struct ip6_hdr *ip6; 1047 1048 switch (IP6OPT_TYPE(*optp)) { 1049 case IP6OPT_TYPE_SKIP: /* ignore the option */ 1050 return ((int)*(optp + 1)); 1051 case IP6OPT_TYPE_DISCARD: /* silently discard */ 1052 m_freem(m); 1053 return (-1); 1054 case IP6OPT_TYPE_FORCEICMP: /* send ICMP even if multicasted */ 1055 IP6_STATINC(IP6_STAT_BADOPTIONS); 1056 icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, off); 1057 return (-1); 1058 case IP6OPT_TYPE_ICMP: /* send ICMP if not multicasted */ 1059 IP6_STATINC(IP6_STAT_BADOPTIONS); 1060 ip6 = mtod(m, struct ip6_hdr *); 1061 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || 1062 (m->m_flags & (M_BCAST|M_MCAST))) 1063 m_freem(m); 1064 else 1065 icmp6_error(m, ICMP6_PARAM_PROB, 1066 ICMP6_PARAMPROB_OPTION, off); 1067 return (-1); 1068 } 1069 1070 m_freem(m); /* XXX: NOTREACHED */ 1071 return (-1); 1072 } 1073 1074 void 1075 ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, 1076 struct ip6_hdr *ip6, struct mbuf *m) 1077 { 1078 struct socket *so = in6p->in6p_socket; 1079 #ifdef RFC2292 1080 #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) 1081 #else 1082 #define IS2292(x, y) (y) 1083 #endif 1084 1085 KASSERT(m->m_flags & M_PKTHDR); 1086 1087 if (SOOPT_TIMESTAMP(so->so_options)) 1088 mp = sbsavetimestamp(so->so_options, mp); 1089 1090 /* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ 1091 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) 1092 return; 1093 1094 /* RFC 2292 sec. 5 */ 1095 if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) { 1096 struct in6_pktinfo pi6; 1097 1098 memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr)); 1099 in6_clearscope(&pi6.ipi6_addr); /* XXX */ 1100 pi6.ipi6_ifindex = m->m_pkthdr.rcvif_index; 1101 *mp = sbcreatecontrol(&pi6, sizeof(pi6), 1102 IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); 1103 if (*mp) 1104 mp = &(*mp)->m_next; 1105 } 1106 1107 if (in6p->in6p_flags & IN6P_HOPLIMIT) { 1108 int hlim = ip6->ip6_hlim & 0xff; 1109 1110 *mp = sbcreatecontrol(&hlim, sizeof(hlim), 1111 IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); 1112 if (*mp) 1113 mp = &(*mp)->m_next; 1114 } 1115 1116 if ((in6p->in6p_flags & IN6P_TCLASS) != 0) { 1117 u_int32_t flowinfo; 1118 int tclass; 1119 1120 flowinfo = (u_int32_t)ntohl(ip6->ip6_flow & IPV6_FLOWINFO_MASK); 1121 flowinfo >>= 20; 1122 1123 tclass = flowinfo & 0xff; 1124 *mp = sbcreatecontrol(&tclass, sizeof(tclass), 1125 IPV6_TCLASS, IPPROTO_IPV6); 1126 1127 if (*mp) 1128 mp = &(*mp)->m_next; 1129 } 1130 1131 /* 1132 * IPV6_HOPOPTS socket option. Recall that we required super-user 1133 * privilege for the option (see ip6_ctloutput), but it might be too 1134 * strict, since there might be some hop-by-hop options which can be 1135 * returned to normal user. 1136 * See also RFC3542 section 8 (or RFC2292 section 6). 1137 */ 1138 if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) { 1139 /* 1140 * Check if a hop-by-hop options header is contatined in the 1141 * received packet, and if so, store the options as ancillary 1142 * data. Note that a hop-by-hop options header must be 1143 * just after the IPv6 header, which fact is assured through 1144 * the IPv6 input processing. 1145 */ 1146 struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *); 1147 if (xip6->ip6_nxt == IPPROTO_HOPOPTS) { 1148 struct ip6_hbh *hbh; 1149 int hbhlen; 1150 struct mbuf *ext; 1151 1152 ext = ip6_pullexthdr(m, sizeof(struct ip6_hdr), 1153 xip6->ip6_nxt); 1154 if (ext == NULL) { 1155 IP6_STATINC(IP6_STAT_TOOSHORT); 1156 return; 1157 } 1158 hbh = mtod(ext, struct ip6_hbh *); 1159 hbhlen = (hbh->ip6h_len + 1) << 3; 1160 if (hbhlen != ext->m_len) { 1161 m_freem(ext); 1162 IP6_STATINC(IP6_STAT_TOOSHORT); 1163 return; 1164 } 1165 1166 /* 1167 * XXX: We copy whole the header even if a jumbo 1168 * payload option is included, which option is to 1169 * be removed before returning in the RFC 2292. 1170 * Note: this constraint is removed in RFC3542. 1171 */ 1172 *mp = sbcreatecontrol(hbh, hbhlen, 1173 IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), 1174 IPPROTO_IPV6); 1175 if (*mp) 1176 mp = &(*mp)->m_next; 1177 m_freem(ext); 1178 } 1179 } 1180 1181 /* IPV6_DSTOPTS and IPV6_RTHDR socket options */ 1182 if (in6p->in6p_flags & (IN6P_DSTOPTS | IN6P_RTHDR)) { 1183 struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *); 1184 int nxt = xip6->ip6_nxt, off = sizeof(struct ip6_hdr); 1185 1186 /* 1187 * Search for destination options headers or routing 1188 * header(s) through the header chain, and stores each 1189 * header as ancillary data. 1190 * Note that the order of the headers remains in 1191 * the chain of ancillary data. 1192 */ 1193 for (;;) { /* is explicit loop prevention necessary? */ 1194 struct ip6_ext *ip6e = NULL; 1195 int elen; 1196 struct mbuf *ext = NULL; 1197 1198 /* 1199 * if it is not an extension header, don't try to 1200 * pull it from the chain. 1201 */ 1202 switch (nxt) { 1203 case IPPROTO_DSTOPTS: 1204 case IPPROTO_ROUTING: 1205 case IPPROTO_HOPOPTS: 1206 case IPPROTO_AH: /* is it possible? */ 1207 break; 1208 default: 1209 goto loopend; 1210 } 1211 1212 ext = ip6_pullexthdr(m, off, nxt); 1213 if (ext == NULL) { 1214 IP6_STATINC(IP6_STAT_TOOSHORT); 1215 return; 1216 } 1217 ip6e = mtod(ext, struct ip6_ext *); 1218 if (nxt == IPPROTO_AH) 1219 elen = (ip6e->ip6e_len + 2) << 2; 1220 else 1221 elen = (ip6e->ip6e_len + 1) << 3; 1222 if (elen != ext->m_len) { 1223 m_freem(ext); 1224 IP6_STATINC(IP6_STAT_TOOSHORT); 1225 return; 1226 } 1227 KASSERT(IP6_HDR_ALIGNED_P(ip6e)); 1228 1229 switch (nxt) { 1230 case IPPROTO_DSTOPTS: 1231 if (!(in6p->in6p_flags & IN6P_DSTOPTS)) 1232 break; 1233 1234 *mp = sbcreatecontrol(ip6e, elen, 1235 IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), 1236 IPPROTO_IPV6); 1237 if (*mp) 1238 mp = &(*mp)->m_next; 1239 break; 1240 1241 case IPPROTO_ROUTING: 1242 if (!(in6p->in6p_flags & IN6P_RTHDR)) 1243 break; 1244 1245 *mp = sbcreatecontrol(ip6e, elen, 1246 IS2292(IPV6_2292RTHDR, IPV6_RTHDR), 1247 IPPROTO_IPV6); 1248 if (*mp) 1249 mp = &(*mp)->m_next; 1250 break; 1251 1252 case IPPROTO_HOPOPTS: 1253 case IPPROTO_AH: /* is it possible? */ 1254 break; 1255 1256 default: 1257 /* 1258 * other cases have been filtered in the above. 1259 * none will visit this case. here we supply 1260 * the code just in case (nxt overwritten or 1261 * other cases). 1262 */ 1263 m_freem(ext); 1264 goto loopend; 1265 1266 } 1267 1268 /* proceed with the next header. */ 1269 off += elen; 1270 nxt = ip6e->ip6e_nxt; 1271 ip6e = NULL; 1272 m_freem(ext); 1273 ext = NULL; 1274 } 1275 loopend: 1276 ; 1277 } 1278 } 1279 #undef IS2292 1280 1281 1282 void 1283 ip6_notify_pmtu(struct in6pcb *in6p, const struct sockaddr_in6 *dst, 1284 uint32_t *mtu) 1285 { 1286 struct socket *so; 1287 struct mbuf *m_mtu; 1288 struct ip6_mtuinfo mtuctl; 1289 1290 so = in6p->in6p_socket; 1291 1292 if (mtu == NULL) 1293 return; 1294 1295 KASSERT(so != NULL); 1296 1297 memset(&mtuctl, 0, sizeof(mtuctl)); /* zero-clear for safety */ 1298 mtuctl.ip6m_mtu = *mtu; 1299 mtuctl.ip6m_addr = *dst; 1300 if (sa6_recoverscope(&mtuctl.ip6m_addr)) 1301 return; 1302 1303 if ((m_mtu = sbcreatecontrol(&mtuctl, sizeof(mtuctl), 1304 IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) 1305 return; 1306 1307 if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) 1308 == 0) { 1309 soroverflow(so); 1310 m_freem(m_mtu); 1311 } else 1312 sorwakeup(so); 1313 1314 return; 1315 } 1316 1317 /* 1318 * pull single extension header from mbuf chain. returns single mbuf that 1319 * contains the result, or NULL on error. 1320 */ 1321 static struct mbuf * 1322 ip6_pullexthdr(struct mbuf *m, size_t off, int nxt) 1323 { 1324 struct ip6_ext ip6e; 1325 size_t elen; 1326 struct mbuf *n; 1327 1328 if (off + sizeof(ip6e) > m->m_pkthdr.len) 1329 return NULL; 1330 1331 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1332 if (nxt == IPPROTO_AH) 1333 elen = (ip6e.ip6e_len + 2) << 2; 1334 else 1335 elen = (ip6e.ip6e_len + 1) << 3; 1336 1337 if (off + elen > m->m_pkthdr.len) 1338 return NULL; 1339 1340 MGET(n, M_DONTWAIT, MT_DATA); 1341 if (n && elen >= MLEN) { 1342 MCLGET(n, M_DONTWAIT); 1343 if ((n->m_flags & M_EXT) == 0) { 1344 m_free(n); 1345 n = NULL; 1346 } 1347 } 1348 if (!n) 1349 return NULL; 1350 1351 n->m_len = 0; 1352 if (elen >= M_TRAILINGSPACE(n)) { 1353 m_free(n); 1354 return NULL; 1355 } 1356 1357 m_copydata(m, off, elen, mtod(n, void *)); 1358 n->m_len = elen; 1359 return n; 1360 } 1361 1362 /* 1363 * Get offset to the previous header followed by the header 1364 * currently processed. 1365 */ 1366 int 1367 ip6_get_prevhdr(struct mbuf *m, int off) 1368 { 1369 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 1370 1371 if (off == sizeof(struct ip6_hdr)) { 1372 return offsetof(struct ip6_hdr, ip6_nxt); 1373 } else if (off < sizeof(struct ip6_hdr)) { 1374 panic("%s: off < sizeof(struct ip6_hdr)", __func__); 1375 } else { 1376 int len, nlen, nxt; 1377 struct ip6_ext ip6e; 1378 1379 nxt = ip6->ip6_nxt; 1380 len = sizeof(struct ip6_hdr); 1381 nlen = 0; 1382 while (len < off) { 1383 m_copydata(m, len, sizeof(ip6e), &ip6e); 1384 1385 switch (nxt) { 1386 case IPPROTO_FRAGMENT: 1387 nlen = sizeof(struct ip6_frag); 1388 break; 1389 case IPPROTO_AH: 1390 nlen = (ip6e.ip6e_len + 2) << 2; 1391 break; 1392 default: 1393 nlen = (ip6e.ip6e_len + 1) << 3; 1394 break; 1395 } 1396 len += nlen; 1397 nxt = ip6e.ip6e_nxt; 1398 } 1399 1400 return (len - nlen); 1401 } 1402 } 1403 1404 /* 1405 * get next header offset. m will be retained. 1406 */ 1407 int 1408 ip6_nexthdr(struct mbuf *m, int off, int proto, int *nxtp) 1409 { 1410 struct ip6_hdr ip6; 1411 struct ip6_ext ip6e; 1412 struct ip6_frag fh; 1413 1414 /* just in case */ 1415 if (m == NULL) 1416 panic("%s: m == NULL", __func__); 1417 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) 1418 return -1; 1419 1420 switch (proto) { 1421 case IPPROTO_IPV6: 1422 /* do not chase beyond intermediate IPv6 headers */ 1423 if (off != 0) 1424 return -1; 1425 if (m->m_pkthdr.len < off + sizeof(ip6)) 1426 return -1; 1427 m_copydata(m, off, sizeof(ip6), (void *)&ip6); 1428 if (nxtp) 1429 *nxtp = ip6.ip6_nxt; 1430 off += sizeof(ip6); 1431 return off; 1432 1433 case IPPROTO_FRAGMENT: 1434 /* 1435 * terminate parsing if it is not the first fragment, 1436 * it does not make sense to parse through it. 1437 */ 1438 if (m->m_pkthdr.len < off + sizeof(fh)) 1439 return -1; 1440 m_copydata(m, off, sizeof(fh), (void *)&fh); 1441 if ((fh.ip6f_offlg & IP6F_OFF_MASK) != 0) 1442 return -1; 1443 if (nxtp) 1444 *nxtp = fh.ip6f_nxt; 1445 off += sizeof(struct ip6_frag); 1446 return off; 1447 1448 case IPPROTO_AH: 1449 if (m->m_pkthdr.len < off + sizeof(ip6e)) 1450 return -1; 1451 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1452 if (nxtp) 1453 *nxtp = ip6e.ip6e_nxt; 1454 off += (ip6e.ip6e_len + 2) << 2; 1455 if (m->m_pkthdr.len < off) 1456 return -1; 1457 return off; 1458 1459 case IPPROTO_HOPOPTS: 1460 case IPPROTO_ROUTING: 1461 case IPPROTO_DSTOPTS: 1462 if (m->m_pkthdr.len < off + sizeof(ip6e)) 1463 return -1; 1464 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1465 if (nxtp) 1466 *nxtp = ip6e.ip6e_nxt; 1467 off += (ip6e.ip6e_len + 1) << 3; 1468 if (m->m_pkthdr.len < off) 1469 return -1; 1470 return off; 1471 1472 case IPPROTO_NONE: 1473 case IPPROTO_ESP: 1474 case IPPROTO_IPCOMP: 1475 /* give up */ 1476 return -1; 1477 1478 default: 1479 return -1; 1480 } 1481 } 1482 1483 /* 1484 * get offset for the last header in the chain. m will be kept untainted. 1485 */ 1486 int 1487 ip6_lasthdr(struct mbuf *m, int off, int proto, int *nxtp) 1488 { 1489 int newoff; 1490 int nxt; 1491 1492 if (!nxtp) { 1493 nxt = -1; 1494 nxtp = &nxt; 1495 } 1496 for (;;) { 1497 newoff = ip6_nexthdr(m, off, proto, nxtp); 1498 if (newoff < 0) 1499 return off; 1500 else if (newoff < off) 1501 return -1; /* invalid */ 1502 else if (newoff == off) 1503 return newoff; 1504 1505 off = newoff; 1506 proto = *nxtp; 1507 } 1508 } 1509 1510 static struct m_tag * 1511 ip6_addaux(struct mbuf *m) 1512 { 1513 struct m_tag *mtag; 1514 1515 mtag = m_tag_find(m, PACKET_TAG_INET6); 1516 if (!mtag) { 1517 mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), 1518 M_NOWAIT); 1519 if (mtag) { 1520 m_tag_prepend(m, mtag); 1521 memset(mtag + 1, 0, sizeof(struct ip6aux)); 1522 } 1523 } 1524 return mtag; 1525 } 1526 1527 static struct m_tag * 1528 ip6_findaux(struct mbuf *m) 1529 { 1530 struct m_tag *mtag; 1531 1532 mtag = m_tag_find(m, PACKET_TAG_INET6); 1533 return mtag; 1534 } 1535 1536 static void 1537 ip6_delaux(struct mbuf *m) 1538 { 1539 struct m_tag *mtag; 1540 1541 mtag = m_tag_find(m, PACKET_TAG_INET6); 1542 if (mtag) 1543 m_tag_delete(m, mtag); 1544 } 1545 1546 /* 1547 * System control for IP6 1548 */ 1549 1550 const u_char inet6ctlerrmap[PRC_NCMDS] = { 1551 0, 0, 0, 0, 1552 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1553 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1554 EMSGSIZE, EHOSTUNREACH, 0, 0, 1555 0, 0, 0, 0, 1556 ENOPROTOOPT 1557 }; 1558 1559 extern int sysctl_net_inet6_addrctlpolicy(SYSCTLFN_ARGS); 1560 1561 static int 1562 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS) 1563 { 1564 1565 return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); 1566 } 1567 1568 static void 1569 sysctl_net_inet6_ip6_setup(struct sysctllog **clog) 1570 { 1571 1572 sysctl_createv(clog, 0, NULL, NULL, 1573 CTLFLAG_PERMANENT, 1574 CTLTYPE_NODE, "inet6", 1575 SYSCTL_DESCR("PF_INET6 related settings"), 1576 NULL, 0, NULL, 0, 1577 CTL_NET, PF_INET6, CTL_EOL); 1578 sysctl_createv(clog, 0, NULL, NULL, 1579 CTLFLAG_PERMANENT, 1580 CTLTYPE_NODE, "ip6", 1581 SYSCTL_DESCR("IPv6 related settings"), 1582 NULL, 0, NULL, 0, 1583 CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_EOL); 1584 1585 sysctl_createv(clog, 0, NULL, NULL, 1586 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1587 CTLTYPE_INT, "forwarding", 1588 SYSCTL_DESCR("Enable forwarding of INET6 datagrams"), 1589 NULL, 0, &ip6_forwarding, 0, 1590 CTL_NET, PF_INET6, IPPROTO_IPV6, 1591 IPV6CTL_FORWARDING, CTL_EOL); 1592 sysctl_createv(clog, 0, NULL, NULL, 1593 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1594 CTLTYPE_INT, "redirect", 1595 SYSCTL_DESCR("Enable sending of ICMPv6 redirect messages"), 1596 NULL, 0, &ip6_sendredirects, 0, 1597 CTL_NET, PF_INET6, IPPROTO_IPV6, 1598 IPV6CTL_SENDREDIRECTS, CTL_EOL); 1599 sysctl_createv(clog, 0, NULL, NULL, 1600 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1601 CTLTYPE_INT, "hlim", 1602 SYSCTL_DESCR("Hop limit for an INET6 datagram"), 1603 NULL, 0, &ip6_defhlim, 0, 1604 CTL_NET, PF_INET6, IPPROTO_IPV6, 1605 IPV6CTL_DEFHLIM, CTL_EOL); 1606 sysctl_createv(clog, 0, NULL, NULL, 1607 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1608 CTLTYPE_INT, "maxfragpackets", 1609 SYSCTL_DESCR("Maximum number of fragments to buffer " 1610 "for reassembly"), 1611 NULL, 0, &ip6_maxfragpackets, 0, 1612 CTL_NET, PF_INET6, IPPROTO_IPV6, 1613 IPV6CTL_MAXFRAGPACKETS, CTL_EOL); 1614 sysctl_createv(clog, 0, NULL, NULL, 1615 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1616 CTLTYPE_INT, "keepfaith", 1617 SYSCTL_DESCR("Activate faith interface"), 1618 NULL, 0, &ip6_keepfaith, 0, 1619 CTL_NET, PF_INET6, IPPROTO_IPV6, 1620 IPV6CTL_KEEPFAITH, CTL_EOL); 1621 sysctl_createv(clog, 0, NULL, NULL, 1622 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1623 CTLTYPE_INT, "log_interval", 1624 SYSCTL_DESCR("Minimum interval between logging " 1625 "unroutable packets"), 1626 NULL, 0, &ip6_log_interval, 0, 1627 CTL_NET, PF_INET6, IPPROTO_IPV6, 1628 IPV6CTL_LOG_INTERVAL, CTL_EOL); 1629 sysctl_createv(clog, 0, NULL, NULL, 1630 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1631 CTLTYPE_INT, "hdrnestlimit", 1632 SYSCTL_DESCR("Maximum number of nested IPv6 headers"), 1633 NULL, 0, &ip6_hdrnestlimit, 0, 1634 CTL_NET, PF_INET6, IPPROTO_IPV6, 1635 IPV6CTL_HDRNESTLIMIT, CTL_EOL); 1636 sysctl_createv(clog, 0, NULL, NULL, 1637 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1638 CTLTYPE_INT, "dad_count", 1639 SYSCTL_DESCR("Number of Duplicate Address Detection " 1640 "probes to send"), 1641 NULL, 0, &ip6_dad_count, 0, 1642 CTL_NET, PF_INET6, IPPROTO_IPV6, 1643 IPV6CTL_DAD_COUNT, CTL_EOL); 1644 sysctl_createv(clog, 0, NULL, NULL, 1645 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1646 CTLTYPE_INT, "auto_flowlabel", 1647 SYSCTL_DESCR("Assign random IPv6 flow labels"), 1648 NULL, 0, &ip6_auto_flowlabel, 0, 1649 CTL_NET, PF_INET6, IPPROTO_IPV6, 1650 IPV6CTL_AUTO_FLOWLABEL, CTL_EOL); 1651 sysctl_createv(clog, 0, NULL, NULL, 1652 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1653 CTLTYPE_INT, "defmcasthlim", 1654 SYSCTL_DESCR("Default multicast hop limit"), 1655 NULL, 0, &ip6_defmcasthlim, 0, 1656 CTL_NET, PF_INET6, IPPROTO_IPV6, 1657 IPV6CTL_DEFMCASTHLIM, CTL_EOL); 1658 sysctl_createv(clog, 0, NULL, NULL, 1659 CTLFLAG_PERMANENT, 1660 CTLTYPE_STRING, "kame_version", 1661 SYSCTL_DESCR("KAME Version"), 1662 NULL, 0, __UNCONST(__KAME_VERSION), 0, 1663 CTL_NET, PF_INET6, IPPROTO_IPV6, 1664 IPV6CTL_KAME_VERSION, CTL_EOL); 1665 sysctl_createv(clog, 0, NULL, NULL, 1666 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1667 CTLTYPE_INT, "use_deprecated", 1668 SYSCTL_DESCR("Allow use of deprecated addresses as " 1669 "source addresses"), 1670 NULL, 0, &ip6_use_deprecated, 0, 1671 CTL_NET, PF_INET6, IPPROTO_IPV6, 1672 IPV6CTL_USE_DEPRECATED, CTL_EOL); 1673 sysctl_createv(clog, 0, NULL, NULL, 1674 CTLFLAG_PERMANENT 1675 #ifndef INET6_BINDV6ONLY 1676 |CTLFLAG_READWRITE, 1677 #endif 1678 CTLTYPE_INT, "v6only", 1679 SYSCTL_DESCR("Disallow PF_INET6 sockets from connecting " 1680 "to PF_INET sockets"), 1681 NULL, 0, &ip6_v6only, 0, 1682 CTL_NET, PF_INET6, IPPROTO_IPV6, 1683 IPV6CTL_V6ONLY, CTL_EOL); 1684 sysctl_createv(clog, 0, NULL, NULL, 1685 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1686 CTLTYPE_INT, "anonportmin", 1687 SYSCTL_DESCR("Lowest ephemeral port number to assign"), 1688 sysctl_net_inet_ip_ports, 0, &ip6_anonportmin, 0, 1689 CTL_NET, PF_INET6, IPPROTO_IPV6, 1690 IPV6CTL_ANONPORTMIN, CTL_EOL); 1691 sysctl_createv(clog, 0, NULL, NULL, 1692 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1693 CTLTYPE_INT, "anonportmax", 1694 SYSCTL_DESCR("Highest ephemeral port number to assign"), 1695 sysctl_net_inet_ip_ports, 0, &ip6_anonportmax, 0, 1696 CTL_NET, PF_INET6, IPPROTO_IPV6, 1697 IPV6CTL_ANONPORTMAX, CTL_EOL); 1698 #ifndef IPNOPRIVPORTS 1699 sysctl_createv(clog, 0, NULL, NULL, 1700 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1701 CTLTYPE_INT, "lowportmin", 1702 SYSCTL_DESCR("Lowest privileged ephemeral port number " 1703 "to assign"), 1704 sysctl_net_inet_ip_ports, 0, &ip6_lowportmin, 0, 1705 CTL_NET, PF_INET6, IPPROTO_IPV6, 1706 IPV6CTL_LOWPORTMIN, CTL_EOL); 1707 sysctl_createv(clog, 0, NULL, NULL, 1708 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1709 CTLTYPE_INT, "lowportmax", 1710 SYSCTL_DESCR("Highest privileged ephemeral port number " 1711 "to assign"), 1712 sysctl_net_inet_ip_ports, 0, &ip6_lowportmax, 0, 1713 CTL_NET, PF_INET6, IPPROTO_IPV6, 1714 IPV6CTL_LOWPORTMAX, CTL_EOL); 1715 #endif /* IPNOPRIVPORTS */ 1716 sysctl_createv(clog, 0, NULL, NULL, 1717 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1718 CTLTYPE_INT, "auto_linklocal", 1719 SYSCTL_DESCR("Default value of per-interface flag for " 1720 "adding an IPv6 link-local address to " 1721 "interfaces when attached"), 1722 NULL, 0, &ip6_auto_linklocal, 0, 1723 CTL_NET, PF_INET6, IPPROTO_IPV6, 1724 IPV6CTL_AUTO_LINKLOCAL, CTL_EOL); 1725 sysctl_createv(clog, 0, NULL, NULL, 1726 CTLFLAG_PERMANENT|CTLFLAG_READONLY, 1727 CTLTYPE_STRUCT, "addctlpolicy", 1728 SYSCTL_DESCR("Return the current address control" 1729 " policy"), 1730 sysctl_net_inet6_addrctlpolicy, 0, NULL, 0, 1731 CTL_NET, PF_INET6, IPPROTO_IPV6, 1732 IPV6CTL_ADDRCTLPOLICY, CTL_EOL); 1733 sysctl_createv(clog, 0, NULL, NULL, 1734 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1735 CTLTYPE_INT, "prefer_tempaddr", 1736 SYSCTL_DESCR("Prefer temporary address as source " 1737 "address"), 1738 NULL, 0, &ip6_prefer_tempaddr, 0, 1739 CTL_NET, PF_INET6, IPPROTO_IPV6, 1740 CTL_CREATE, CTL_EOL); 1741 sysctl_createv(clog, 0, NULL, NULL, 1742 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1743 CTLTYPE_INT, "maxfrags", 1744 SYSCTL_DESCR("Maximum fragments in reassembly queue"), 1745 NULL, 0, &ip6_maxfrags, 0, 1746 CTL_NET, PF_INET6, IPPROTO_IPV6, 1747 IPV6CTL_MAXFRAGS, CTL_EOL); 1748 sysctl_createv(clog, 0, NULL, NULL, 1749 CTLFLAG_PERMANENT, 1750 CTLTYPE_STRUCT, "stats", 1751 SYSCTL_DESCR("IPv6 statistics"), 1752 sysctl_net_inet6_ip6_stats, 0, NULL, 0, 1753 CTL_NET, PF_INET6, IPPROTO_IPV6, 1754 IPV6CTL_STATS, CTL_EOL); 1755 sysctl_createv(clog, 0, NULL, NULL, 1756 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1757 CTLTYPE_INT, "use_defaultzone", 1758 SYSCTL_DESCR("Whether to use the default scope zones"), 1759 NULL, 0, &ip6_use_defzone, 0, 1760 CTL_NET, PF_INET6, IPPROTO_IPV6, 1761 IPV6CTL_USE_DEFAULTZONE, CTL_EOL); 1762 sysctl_createv(clog, 0, NULL, NULL, 1763 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1764 CTLTYPE_INT, "mcast_pmtu", 1765 SYSCTL_DESCR("Enable pMTU discovery for multicast packet"), 1766 NULL, 0, &ip6_mcast_pmtu, 0, 1767 CTL_NET, PF_INET6, IPPROTO_IPV6, 1768 CTL_CREATE, CTL_EOL); 1769 /* anonportalgo RFC6056 subtree */ 1770 const struct sysctlnode *portalgo_node; 1771 sysctl_createv(clog, 0, NULL, &portalgo_node, 1772 CTLFLAG_PERMANENT, 1773 CTLTYPE_NODE, "anonportalgo", 1774 SYSCTL_DESCR("Anonymous port algorithm selection (RFC 6056)"), 1775 NULL, 0, NULL, 0, 1776 CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_CREATE, CTL_EOL); 1777 sysctl_createv(clog, 0, &portalgo_node, NULL, 1778 CTLFLAG_PERMANENT, 1779 CTLTYPE_STRING, "available", 1780 SYSCTL_DESCR("available algorithms"), 1781 sysctl_portalgo_available, 0, NULL, PORTALGO_MAXLEN, 1782 CTL_CREATE, CTL_EOL); 1783 sysctl_createv(clog, 0, &portalgo_node, NULL, 1784 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1785 CTLTYPE_STRING, "selected", 1786 SYSCTL_DESCR("selected algorithm"), 1787 sysctl_portalgo_selected6, 0, NULL, PORTALGO_MAXLEN, 1788 CTL_CREATE, CTL_EOL); 1789 sysctl_createv(clog, 0, &portalgo_node, NULL, 1790 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1791 CTLTYPE_STRUCT, "reserve", 1792 SYSCTL_DESCR("bitmap of reserved ports"), 1793 sysctl_portalgo_reserve6, 0, NULL, 0, 1794 CTL_CREATE, CTL_EOL); 1795 sysctl_createv(clog, 0, NULL, NULL, 1796 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1797 CTLTYPE_INT, "neighborgcthresh", 1798 SYSCTL_DESCR("Maximum number of entries in neighbor" 1799 " cache"), 1800 NULL, 1, &ip6_neighborgcthresh, 0, 1801 CTL_NET, PF_INET6, IPPROTO_IPV6, 1802 CTL_CREATE, CTL_EOL); 1803 sysctl_createv(clog, 0, NULL, NULL, 1804 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1805 CTLTYPE_INT, "maxdynroutes", 1806 SYSCTL_DESCR("Maximum number of routes created via" 1807 " redirect"), 1808 NULL, 1, &ip6_maxdynroutes, 0, 1809 CTL_NET, PF_INET6, IPPROTO_IPV6, 1810 CTL_CREATE, CTL_EOL); 1811 } 1812 1813 void 1814 ip6_statinc(u_int stat) 1815 { 1816 1817 KASSERT(stat < IP6_NSTATS); 1818 IP6_STATINC(stat); 1819 } 1820