1 /* $NetBSD: ip6_input.c,v 1.183 2017/11/17 07:37:12 ozaki-r Exp $ */ 2 /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1988, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.183 2017/11/17 07:37:12 ozaki-r Exp $"); 66 67 #ifdef _KERNEL_OPT 68 #include "opt_gateway.h" 69 #include "opt_inet.h" 70 #include "opt_inet6.h" 71 #include "opt_ipsec.h" 72 #include "opt_net_mpsafe.h" 73 #endif 74 75 #include <sys/param.h> 76 #include <sys/systm.h> 77 #include <sys/mbuf.h> 78 #include <sys/domain.h> 79 #include <sys/protosw.h> 80 #include <sys/socket.h> 81 #include <sys/socketvar.h> 82 #include <sys/errno.h> 83 #include <sys/time.h> 84 #include <sys/kernel.h> 85 #include <sys/syslog.h> 86 #include <sys/proc.h> 87 #include <sys/sysctl.h> 88 #include <sys/cprng.h> 89 #include <sys/percpu.h> 90 91 #include <net/if.h> 92 #include <net/if_types.h> 93 #include <net/if_dl.h> 94 #include <net/route.h> 95 #include <net/pktqueue.h> 96 #include <net/pfil.h> 97 98 #include <netinet/in.h> 99 #include <netinet/in_systm.h> 100 #ifdef INET 101 #include <netinet/ip.h> 102 #include <netinet/ip_var.h> 103 #include <netinet/ip_icmp.h> 104 #endif /* INET */ 105 #include <netinet/ip6.h> 106 #include <netinet/portalgo.h> 107 #include <netinet6/in6_var.h> 108 #include <netinet6/ip6_var.h> 109 #include <netinet6/ip6_private.h> 110 #include <netinet6/in6_pcb.h> 111 #include <netinet/icmp6.h> 112 #include <netinet6/scope6_var.h> 113 #include <netinet6/in6_ifattach.h> 114 #include <netinet6/nd6.h> 115 116 #ifdef IPSEC 117 #include <netipsec/ipsec.h> 118 #include <netipsec/ipsec6.h> 119 #include <netipsec/key.h> 120 #endif /* IPSEC */ 121 122 #include <netinet6/ip6protosw.h> 123 124 #include "faith.h" 125 126 #include <net/net_osdep.h> 127 128 extern struct domain inet6domain; 129 130 u_char ip6_protox[IPPROTO_MAX]; 131 pktqueue_t *ip6_pktq __read_mostly; 132 133 int ip6_forward_srcrt; /* XXX */ 134 int ip6_sourcecheck; /* XXX */ 135 int ip6_sourcecheck_interval; /* XXX */ 136 137 pfil_head_t *inet6_pfil_hook; 138 139 percpu_t *ip6stat_percpu; 140 141 percpu_t *ip6_forward_rt_percpu __cacheline_aligned; 142 143 static void ip6_init2(void); 144 static void ip6intr(void *); 145 static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); 146 147 static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, 148 u_int32_t *); 149 static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); 150 static void sysctl_net_inet6_ip6_setup(struct sysctllog **); 151 152 #ifdef NET_MPSAFE 153 #define SOFTNET_LOCK() mutex_enter(softnet_lock) 154 #define SOFTNET_UNLOCK() mutex_exit(softnet_lock) 155 #else 156 #define SOFTNET_LOCK() KASSERT(mutex_owned(softnet_lock)) 157 #define SOFTNET_UNLOCK() KASSERT(mutex_owned(softnet_lock)) 158 #endif 159 160 /* 161 * IP6 initialization: fill in IP6 protocol switch table. 162 * All protocols not implemented in kernel go to raw IP6 protocol handler. 163 */ 164 void 165 ip6_init(void) 166 { 167 const struct ip6protosw *pr; 168 int i; 169 170 in6_init(); 171 172 sysctl_net_inet6_ip6_setup(NULL); 173 pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); 174 if (pr == 0) 175 panic("ip6_init"); 176 for (i = 0; i < IPPROTO_MAX; i++) 177 ip6_protox[i] = pr - inet6sw; 178 for (pr = (const struct ip6protosw *)inet6domain.dom_protosw; 179 pr < (const struct ip6protosw *)inet6domain.dom_protoswNPROTOSW; pr++) 180 if (pr->pr_domain->dom_family == PF_INET6 && 181 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) 182 ip6_protox[pr->pr_protocol] = pr - inet6sw; 183 184 ip6_pktq = pktq_create(IFQ_MAXLEN, ip6intr, NULL); 185 KASSERT(ip6_pktq != NULL); 186 187 scope6_init(); 188 addrsel_policy_init(); 189 nd6_init(); 190 frag6_init(); 191 ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; 192 193 ip6_init2(); 194 #ifdef GATEWAY 195 ip6flow_init(ip6_hashsize); 196 #endif 197 /* Register our Packet Filter hook. */ 198 inet6_pfil_hook = pfil_head_create(PFIL_TYPE_AF, (void *)AF_INET6); 199 KASSERT(inet6_pfil_hook != NULL); 200 201 ip6stat_percpu = percpu_alloc(sizeof(uint64_t) * IP6_NSTATS); 202 ip6_forward_rt_percpu = percpu_alloc(sizeof(struct route)); 203 } 204 205 static void 206 ip6_init2(void) 207 { 208 209 /* timer for regeneranation of temporary addresses randomize ID */ 210 callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); 211 callout_reset(&in6_tmpaddrtimer_ch, 212 (ip6_temp_preferred_lifetime - ip6_desync_factor - 213 ip6_temp_regen_advance) * hz, 214 in6_tmpaddrtimer, NULL); 215 } 216 217 /* 218 * IP6 input interrupt handling. Just pass the packet to ip6_input. 219 */ 220 static void 221 ip6intr(void *arg __unused) 222 { 223 struct mbuf *m; 224 225 SOFTNET_LOCK_UNLESS_NET_MPSAFE(); 226 while ((m = pktq_dequeue(ip6_pktq)) != NULL) { 227 struct psref psref; 228 struct ifnet *rcvif = m_get_rcvif_psref(m, &psref); 229 230 if (rcvif == NULL) { 231 m_freem(m); 232 continue; 233 } 234 /* 235 * Drop the packet if IPv6 is disabled on the interface. 236 */ 237 if ((ND_IFINFO(rcvif)->flags & ND6_IFF_IFDISABLED)) { 238 m_put_rcvif_psref(rcvif, &psref); 239 m_freem(m); 240 continue; 241 } 242 ip6_input(m, rcvif); 243 m_put_rcvif_psref(rcvif, &psref); 244 } 245 SOFTNET_UNLOCK_UNLESS_NET_MPSAFE(); 246 } 247 248 void 249 ip6_input(struct mbuf *m, struct ifnet *rcvif) 250 { 251 struct ip6_hdr *ip6; 252 int hit, off = sizeof(struct ip6_hdr), nest; 253 u_int32_t plen; 254 u_int32_t rtalert = ~0; 255 int nxt, ours = 0, rh_present = 0; 256 struct ifnet *deliverifp = NULL; 257 int srcrt = 0; 258 struct rtentry *rt = NULL; 259 union { 260 struct sockaddr dst; 261 struct sockaddr_in6 dst6; 262 } u; 263 struct route *ro; 264 265 /* 266 * make sure we don't have onion peering information into m_tag. 267 */ 268 ip6_delaux(m); 269 270 /* 271 * mbuf statistics 272 */ 273 if (m->m_flags & M_EXT) { 274 if (m->m_next) 275 IP6_STATINC(IP6_STAT_MEXT2M); 276 else 277 IP6_STATINC(IP6_STAT_MEXT1); 278 } else { 279 #define M2MMAX 32 280 if (m->m_next) { 281 if (m->m_flags & M_LOOP) 282 /*XXX*/ IP6_STATINC(IP6_STAT_M2M + lo0ifp->if_index); 283 else if (rcvif->if_index < M2MMAX) 284 IP6_STATINC(IP6_STAT_M2M + rcvif->if_index); 285 else 286 IP6_STATINC(IP6_STAT_M2M); 287 } else 288 IP6_STATINC(IP6_STAT_M1); 289 #undef M2MMAX 290 } 291 292 in6_ifstat_inc(rcvif, ifs6_in_receive); 293 IP6_STATINC(IP6_STAT_TOTAL); 294 295 /* 296 * If the IPv6 header is not aligned, slurp it up into a new 297 * mbuf with space for link headers, in the event we forward 298 * it. Otherwise, if it is aligned, make sure the entire base 299 * IPv6 header is in the first mbuf of the chain. 300 */ 301 if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { 302 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 303 (max_linkhdr + 3) & ~3)) == NULL) { 304 /* XXXJRT new stat, please */ 305 IP6_STATINC(IP6_STAT_TOOSMALL); 306 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 307 return; 308 } 309 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 310 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 311 IP6_STATINC(IP6_STAT_TOOSMALL); 312 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 313 return; 314 } 315 } 316 317 ip6 = mtod(m, struct ip6_hdr *); 318 319 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 320 IP6_STATINC(IP6_STAT_BADVERS); 321 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 322 goto bad; 323 } 324 325 /* 326 * Assume that we can create a fast-forward IP flow entry 327 * based on this packet. 328 */ 329 m->m_flags |= M_CANFASTFWD; 330 331 /* 332 * Run through list of hooks for input packets. If there are any 333 * filters which require that additional packets in the flow are 334 * not fast-forwarded, they must clear the M_CANFASTFWD flag. 335 * Note that filters must _never_ set this flag, as another filter 336 * in the list may have previously cleared it. 337 */ 338 /* 339 * let ipfilter look at packet on the wire, 340 * not the decapsulated packet. 341 */ 342 #if defined(IPSEC) 343 if (!ipsec_used || !ipsec_indone(m)) 344 #else 345 if (1) 346 #endif 347 { 348 struct in6_addr odst; 349 350 odst = ip6->ip6_dst; 351 if (pfil_run_hooks(inet6_pfil_hook, &m, rcvif, PFIL_IN) != 0) 352 return; 353 if (m == NULL) 354 return; 355 ip6 = mtod(m, struct ip6_hdr *); 356 srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); 357 } 358 359 IP6_STATINC(IP6_STAT_NXTHIST + ip6->ip6_nxt); 360 361 #ifdef ALTQ 362 if (altq_input != NULL) { 363 SOFTNET_LOCK(); 364 if ((*altq_input)(m, AF_INET6) == 0) { 365 SOFTNET_UNLOCK(); 366 /* packet is dropped by traffic conditioner */ 367 return; 368 } 369 SOFTNET_UNLOCK(); 370 } 371 #endif 372 373 /* 374 * Check against address spoofing/corruption. 375 */ 376 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || 377 IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { 378 /* 379 * XXX: "badscope" is not very suitable for a multicast source. 380 */ 381 IP6_STATINC(IP6_STAT_BADSCOPE); 382 in6_ifstat_inc(rcvif, ifs6_in_addrerr); 383 goto bad; 384 } 385 /* 386 * The following check is not documented in specs. A malicious 387 * party may be able to use IPv4 mapped addr to confuse tcp/udp stack 388 * and bypass security checks (act as if it was from 127.0.0.1 by using 389 * IPv6 src ::ffff:127.0.0.1). Be cautious. 390 * 391 * This check chokes if we are in an SIIT cloud. As none of BSDs 392 * support IPv4-less kernel compilation, we cannot support SIIT 393 * environment at all. So, it makes more sense for us to reject any 394 * malicious packets for non-SIIT environment, than try to do a 395 * partial support for SIIT environment. 396 */ 397 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 398 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 399 IP6_STATINC(IP6_STAT_BADSCOPE); 400 in6_ifstat_inc(rcvif, ifs6_in_addrerr); 401 goto bad; 402 } 403 #if 0 404 /* 405 * Reject packets with IPv4 compatible addresses (auto tunnel). 406 * 407 * The code forbids auto tunnel relay case in RFC1933 (the check is 408 * stronger than RFC1933). We may want to re-enable it if mech-xx 409 * is revised to forbid relaying case. 410 */ 411 if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || 412 IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { 413 IP6_STATINC(IP6_STAT_BADSCOPE); 414 in6_ifstat_inc(rcvif, ifs6_in_addrerr); 415 goto bad; 416 } 417 #endif 418 419 /* 420 * Disambiguate address scope zones (if there is ambiguity). 421 * We first make sure that the original source or destination address 422 * is not in our internal form for scoped addresses. Such addresses 423 * are not necessarily invalid spec-wise, but we cannot accept them due 424 * to the usage conflict. 425 * in6_setscope() then also checks and rejects the cases where src or 426 * dst are the loopback address and the receiving interface 427 * is not loopback. 428 */ 429 if (__predict_false( 430 m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) 431 goto bad; 432 ip6 = mtod(m, struct ip6_hdr *); 433 if (in6_clearscope(&ip6->ip6_src) || in6_clearscope(&ip6->ip6_dst)) { 434 IP6_STATINC(IP6_STAT_BADSCOPE); /* XXX */ 435 goto bad; 436 } 437 if (in6_setscope(&ip6->ip6_src, rcvif, NULL) || 438 in6_setscope(&ip6->ip6_dst, rcvif, NULL)) { 439 IP6_STATINC(IP6_STAT_BADSCOPE); 440 goto bad; 441 } 442 443 ro = percpu_getref(ip6_forward_rt_percpu); 444 /* 445 * Multicast check 446 */ 447 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 448 bool ingroup; 449 450 in6_ifstat_inc(rcvif, ifs6_in_mcast); 451 /* 452 * See if we belong to the destination multicast group on the 453 * arrival interface. 454 */ 455 ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); 456 if (ingroup) 457 ours = 1; 458 else if (!ip6_mrouter) { 459 uint64_t *ip6s = IP6_STAT_GETREF(); 460 ip6s[IP6_STAT_NOTMEMBER]++; 461 ip6s[IP6_STAT_CANTFORWARD]++; 462 IP6_STAT_PUTREF(); 463 in6_ifstat_inc(rcvif, ifs6_in_discard); 464 goto bad_unref; 465 } 466 deliverifp = rcvif; 467 goto hbhcheck; 468 } 469 470 sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); 471 472 /* 473 * Unicast check 474 */ 475 rt = rtcache_lookup2(ro, &u.dst, 1, &hit); 476 if (hit) 477 IP6_STATINC(IP6_STAT_FORWARD_CACHEHIT); 478 else 479 IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); 480 481 #define rt6_getkey(__rt) satocsin6(rt_getkey(__rt)) 482 483 /* 484 * Accept the packet if the forwarding interface to the destination 485 * according to the routing table is the loopback interface, 486 * unless the associated route has a gateway. 487 * Note that this approach causes to accept a packet if there is a 488 * route to the loopback interface for the destination of the packet. 489 * But we think it's even useful in some situations, e.g. when using 490 * a special daemon which wants to intercept the packet. 491 */ 492 if (rt != NULL && 493 (rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && 494 #if 0 495 /* 496 * The check below is redundant since the comparison of 497 * the destination and the key of the rtentry has 498 * already done through looking up the routing table. 499 */ 500 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) && 501 #endif 502 rt->rt_ifp->if_type == IFT_LOOP) { 503 struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; 504 if (ia6->ia6_flags & IN6_IFF_ANYCAST) 505 m->m_flags |= M_ANYCAST6; 506 /* 507 * packets to a tentative, duplicated, or somehow invalid 508 * address must not be accepted. 509 */ 510 if (!(ia6->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_DETACHED))) { 511 /* this address is ready */ 512 ours = 1; 513 deliverifp = ia6->ia_ifp; /* correct? */ 514 goto hbhcheck; 515 } else { 516 /* address is not ready, so discard the packet. */ 517 char ip6bufs[INET6_ADDRSTRLEN]; 518 char ip6bufd[INET6_ADDRSTRLEN]; 519 nd6log(LOG_INFO, "packet to an unready address %s->%s\n", 520 IN6_PRINT(ip6bufs, &ip6->ip6_src), 521 IN6_PRINT(ip6bufd, &ip6->ip6_dst)); 522 523 goto bad_unref; 524 } 525 } 526 527 /* 528 * FAITH (Firewall Aided Internet Translator) 529 */ 530 #if defined(NFAITH) && 0 < NFAITH 531 if (ip6_keepfaith) { 532 if (rt != NULL && rt->rt_ifp != NULL && 533 rt->rt_ifp->if_type == IFT_FAITH) { 534 /* XXX do we need more sanity checks? */ 535 ours = 1; 536 deliverifp = rt->rt_ifp; /* faith */ 537 goto hbhcheck; 538 } 539 } 540 #endif 541 542 #if 0 543 { 544 /* 545 * Last resort: check in6_ifaddr for incoming interface. 546 * The code is here until I update the "goto ours hack" code above 547 * working right. 548 */ 549 struct ifaddr *ifa; 550 IFADDR_READER_FOREACH(ifa, rcvif) { 551 if (ifa->ifa_addr->sa_family != AF_INET6) 552 continue; 553 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { 554 ours = 1; 555 deliverifp = ifa->ifa_ifp; 556 goto hbhcheck; 557 } 558 } 559 } 560 #endif 561 562 /* 563 * Now there is no reason to process the packet if it's not our own 564 * and we're not a router. 565 */ 566 if (!ip6_forwarding) { 567 IP6_STATINC(IP6_STAT_CANTFORWARD); 568 in6_ifstat_inc(rcvif, ifs6_in_discard); 569 goto bad_unref; 570 } 571 572 hbhcheck: 573 /* 574 * record address information into m_tag, if we don't have one yet. 575 * note that we are unable to record it, if the address is not listed 576 * as our interface address (e.g. multicast addresses, addresses 577 * within FAITH prefixes and such). 578 */ 579 if (deliverifp && ip6_getdstifaddr(m) == NULL) { 580 struct in6_ifaddr *ia6; 581 int s = pserialize_read_enter(); 582 583 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 584 /* Depends on ip6_setdstifaddr never sleep */ 585 if (ia6 != NULL && ip6_setdstifaddr(m, ia6) == NULL) { 586 /* 587 * XXX maybe we should drop the packet here, 588 * as we could not provide enough information 589 * to the upper layers. 590 */ 591 } 592 pserialize_read_exit(s); 593 } 594 595 /* 596 * Process Hop-by-Hop options header if it's contained. 597 * m may be modified in ip6_hopopts_input(). 598 * If a JumboPayload option is included, plen will also be modified. 599 */ 600 plen = (u_int32_t)ntohs(ip6->ip6_plen); 601 if (ip6->ip6_nxt == IPPROTO_HOPOPTS) { 602 struct ip6_hbh *hbh; 603 604 if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { 605 #if 0 /*touches NULL pointer*/ 606 in6_ifstat_inc(rcvif, ifs6_in_discard); 607 #endif 608 rtcache_unref(rt, ro); 609 percpu_putref(ip6_forward_rt_percpu); 610 return; /* m have already been freed */ 611 } 612 613 /* adjust pointer */ 614 ip6 = mtod(m, struct ip6_hdr *); 615 616 /* 617 * if the payload length field is 0 and the next header field 618 * indicates Hop-by-Hop Options header, then a Jumbo Payload 619 * option MUST be included. 620 */ 621 if (ip6->ip6_plen == 0 && plen == 0) { 622 /* 623 * Note that if a valid jumbo payload option is 624 * contained, ip6_hopopts_input() must set a valid 625 * (non-zero) payload length to the variable plen. 626 */ 627 IP6_STATINC(IP6_STAT_BADOPTIONS); 628 in6_ifstat_inc(rcvif, ifs6_in_discard); 629 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 630 icmp6_error(m, ICMP6_PARAM_PROB, 631 ICMP6_PARAMPROB_HEADER, 632 (char *)&ip6->ip6_plen - (char *)ip6); 633 rtcache_unref(rt, ro); 634 percpu_putref(ip6_forward_rt_percpu); 635 return; 636 } 637 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), 638 sizeof(struct ip6_hbh)); 639 if (hbh == NULL) { 640 IP6_STATINC(IP6_STAT_TOOSHORT); 641 rtcache_unref(rt, ro); 642 percpu_putref(ip6_forward_rt_percpu); 643 return; 644 } 645 KASSERT(IP6_HDR_ALIGNED_P(hbh)); 646 nxt = hbh->ip6h_nxt; 647 648 /* 649 * accept the packet if a router alert option is included 650 * and we act as an IPv6 router. 651 */ 652 if (rtalert != ~0 && ip6_forwarding) 653 ours = 1; 654 } else 655 nxt = ip6->ip6_nxt; 656 657 /* 658 * Check that the amount of data in the buffers 659 * is as at least much as the IPv6 header would have us expect. 660 * Trim mbufs if longer than we expect. 661 * Drop packet if shorter than we expect. 662 */ 663 if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { 664 IP6_STATINC(IP6_STAT_TOOSHORT); 665 in6_ifstat_inc(rcvif, ifs6_in_truncated); 666 goto bad_unref; 667 } 668 if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) { 669 if (m->m_len == m->m_pkthdr.len) { 670 m->m_len = sizeof(struct ip6_hdr) + plen; 671 m->m_pkthdr.len = sizeof(struct ip6_hdr) + plen; 672 } else 673 m_adj(m, sizeof(struct ip6_hdr) + plen - m->m_pkthdr.len); 674 } 675 676 /* 677 * Forward if desirable. 678 */ 679 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 680 /* 681 * If we are acting as a multicast router, all 682 * incoming multicast packets are passed to the 683 * kernel-level multicast forwarding function. 684 * The packet is returned (relatively) intact; if 685 * ip6_mforward() returns a non-zero value, the packet 686 * must be discarded, else it may be accepted below. 687 */ 688 if (ip6_mrouter != NULL) { 689 int error; 690 691 SOFTNET_LOCK(); 692 error = ip6_mforward(ip6, rcvif, m); 693 SOFTNET_UNLOCK(); 694 695 if (error != 0) { 696 rtcache_unref(rt, ro); 697 percpu_putref(ip6_forward_rt_percpu); 698 IP6_STATINC(IP6_STAT_CANTFORWARD); 699 goto bad; 700 } 701 } 702 if (!ours) 703 goto bad_unref; 704 } else if (!ours) { 705 rtcache_unref(rt, ro); 706 percpu_putref(ip6_forward_rt_percpu); 707 ip6_forward(m, srcrt); 708 return; 709 } 710 711 ip6 = mtod(m, struct ip6_hdr *); 712 713 /* 714 * Malicious party may be able to use IPv4 mapped addr to confuse 715 * tcp/udp stack and bypass security checks (act as if it was from 716 * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. 717 * 718 * For SIIT end node behavior, you may want to disable the check. 719 * However, you will become vulnerable to attacks using IPv4 mapped 720 * source. 721 */ 722 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 723 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 724 IP6_STATINC(IP6_STAT_BADSCOPE); 725 in6_ifstat_inc(rcvif, ifs6_in_addrerr); 726 goto bad_unref; 727 } 728 729 /* 730 * Tell launch routine the next header 731 */ 732 #ifdef IFA_STATS 733 if (deliverifp != NULL) { 734 struct in6_ifaddr *ia6; 735 int s = pserialize_read_enter(); 736 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 737 if (ia6) 738 ia6->ia_ifa.ifa_data.ifad_inbytes += m->m_pkthdr.len; 739 pserialize_read_exit(s); 740 } 741 #endif 742 IP6_STATINC(IP6_STAT_DELIVERED); 743 in6_ifstat_inc(deliverifp, ifs6_in_deliver); 744 nest = 0; 745 746 if (rt != NULL) { 747 rtcache_unref(rt, ro); 748 rt = NULL; 749 } 750 percpu_putref(ip6_forward_rt_percpu); 751 752 rh_present = 0; 753 while (nxt != IPPROTO_DONE) { 754 if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { 755 IP6_STATINC(IP6_STAT_TOOMANYHDR); 756 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 757 goto bad; 758 } 759 760 /* 761 * protection against faulty packet - there should be 762 * more sanity checks in header chain processing. 763 */ 764 if (m->m_pkthdr.len < off) { 765 IP6_STATINC(IP6_STAT_TOOSHORT); 766 in6_ifstat_inc(rcvif, ifs6_in_truncated); 767 goto bad; 768 } 769 770 if (nxt == IPPROTO_ROUTING) { 771 if (rh_present++) { 772 in6_ifstat_inc(rcvif, ifs6_in_hdrerr); 773 IP6_STATINC(IP6_STAT_BADOPTIONS); 774 goto bad; 775 } 776 } 777 778 #ifdef IPSEC 779 if (ipsec_used) { 780 /* 781 * enforce IPsec policy checking if we are seeing last 782 * header. note that we do not visit this with 783 * protocols with pcb layer code - like udp/tcp/raw ip. 784 */ 785 if ((inet6sw[ip_protox[nxt]].pr_flags 786 & PR_LASTHDR) != 0) { 787 int error; 788 789 error = ipsec6_input(m); 790 if (error) 791 goto bad; 792 } 793 } 794 #endif /* IPSEC */ 795 796 nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); 797 } 798 return; 799 800 bad_unref: 801 rtcache_unref(rt, ro); 802 percpu_putref(ip6_forward_rt_percpu); 803 bad: 804 m_freem(m); 805 return; 806 } 807 808 /* 809 * set/grab in6_ifaddr correspond to IPv6 destination address. 810 */ 811 static struct m_tag * 812 ip6_setdstifaddr(struct mbuf *m, const struct in6_ifaddr *ia) 813 { 814 struct m_tag *mtag; 815 struct ip6aux *ip6a; 816 817 mtag = ip6_addaux(m); 818 if (mtag == NULL) 819 return NULL; 820 821 ip6a = (struct ip6aux *)(mtag + 1); 822 if (in6_setscope(&ip6a->ip6a_src, ia->ia_ifp, &ip6a->ip6a_scope_id)) { 823 IP6_STATINC(IP6_STAT_BADSCOPE); 824 return NULL; 825 } 826 827 ip6a->ip6a_src = ia->ia_addr.sin6_addr; 828 ip6a->ip6a_flags = ia->ia6_flags; 829 return mtag; 830 } 831 832 const struct ip6aux * 833 ip6_getdstifaddr(struct mbuf *m) 834 { 835 struct m_tag *mtag; 836 837 mtag = ip6_findaux(m); 838 if (mtag != NULL) 839 return (struct ip6aux *)(mtag + 1); 840 else 841 return NULL; 842 } 843 844 /* 845 * Hop-by-Hop options header processing. If a valid jumbo payload option is 846 * included, the real payload length will be stored in plenp. 847 * 848 * rtalertp - XXX: should be stored more smart way 849 */ 850 int 851 ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, 852 struct mbuf **mp, int *offp) 853 { 854 struct mbuf *m = *mp; 855 int off = *offp, hbhlen; 856 struct ip6_hbh *hbh; 857 858 /* validation of the length of the header */ 859 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, 860 sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); 861 if (hbh == NULL) { 862 IP6_STATINC(IP6_STAT_TOOSHORT); 863 return -1; 864 } 865 hbhlen = (hbh->ip6h_len + 1) << 3; 866 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), 867 hbhlen); 868 if (hbh == NULL) { 869 IP6_STATINC(IP6_STAT_TOOSHORT); 870 return -1; 871 } 872 KASSERT(IP6_HDR_ALIGNED_P(hbh)); 873 off += hbhlen; 874 hbhlen -= sizeof(struct ip6_hbh); 875 876 if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), 877 hbhlen, rtalertp, plenp) < 0) 878 return (-1); 879 880 *offp = off; 881 *mp = m; 882 return (0); 883 } 884 885 /* 886 * Search header for all Hop-by-hop options and process each option. 887 * This function is separate from ip6_hopopts_input() in order to 888 * handle a case where the sending node itself process its hop-by-hop 889 * options header. In such a case, the function is called from ip6_output(). 890 * 891 * The function assumes that hbh header is located right after the IPv6 header 892 * (RFC2460 p7), opthead is pointer into data content in m, and opthead to 893 * opthead + hbhlen is located in continuous memory region. 894 */ 895 static int 896 ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, 897 u_int32_t *rtalertp, u_int32_t *plenp) 898 { 899 struct ip6_hdr *ip6; 900 int optlen = 0; 901 u_int8_t *opt = opthead; 902 u_int16_t rtalert_val; 903 u_int32_t jumboplen; 904 const int erroff = sizeof(struct ip6_hdr) + sizeof(struct ip6_hbh); 905 906 for (; hbhlen > 0; hbhlen -= optlen, opt += optlen) { 907 switch (*opt) { 908 case IP6OPT_PAD1: 909 optlen = 1; 910 break; 911 case IP6OPT_PADN: 912 if (hbhlen < IP6OPT_MINLEN) { 913 IP6_STATINC(IP6_STAT_TOOSMALL); 914 goto bad; 915 } 916 optlen = *(opt + 1) + 2; 917 break; 918 case IP6OPT_RTALERT: 919 /* XXX may need check for alignment */ 920 if (hbhlen < IP6OPT_RTALERT_LEN) { 921 IP6_STATINC(IP6_STAT_TOOSMALL); 922 goto bad; 923 } 924 if (*(opt + 1) != IP6OPT_RTALERT_LEN - 2) { 925 /* XXX stat */ 926 icmp6_error(m, ICMP6_PARAM_PROB, 927 ICMP6_PARAMPROB_HEADER, 928 erroff + opt + 1 - opthead); 929 return (-1); 930 } 931 optlen = IP6OPT_RTALERT_LEN; 932 memcpy((void *)&rtalert_val, (void *)(opt + 2), 2); 933 *rtalertp = ntohs(rtalert_val); 934 break; 935 case IP6OPT_JUMBO: 936 /* XXX may need check for alignment */ 937 if (hbhlen < IP6OPT_JUMBO_LEN) { 938 IP6_STATINC(IP6_STAT_TOOSMALL); 939 goto bad; 940 } 941 if (*(opt + 1) != IP6OPT_JUMBO_LEN - 2) { 942 /* XXX stat */ 943 icmp6_error(m, ICMP6_PARAM_PROB, 944 ICMP6_PARAMPROB_HEADER, 945 erroff + opt + 1 - opthead); 946 return (-1); 947 } 948 optlen = IP6OPT_JUMBO_LEN; 949 950 /* 951 * IPv6 packets that have non 0 payload length 952 * must not contain a jumbo payload option. 953 */ 954 ip6 = mtod(m, struct ip6_hdr *); 955 if (ip6->ip6_plen) { 956 IP6_STATINC(IP6_STAT_BADOPTIONS); 957 icmp6_error(m, ICMP6_PARAM_PROB, 958 ICMP6_PARAMPROB_HEADER, 959 erroff + opt - opthead); 960 return (-1); 961 } 962 963 /* 964 * We may see jumbolen in unaligned location, so 965 * we'd need to perform bcopy(). 966 */ 967 memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); 968 jumboplen = (u_int32_t)htonl(jumboplen); 969 970 #if 1 971 /* 972 * if there are multiple jumbo payload options, 973 * *plenp will be non-zero and the packet will be 974 * rejected. 975 * the behavior may need some debate in ipngwg - 976 * multiple options does not make sense, however, 977 * there's no explicit mention in specification. 978 */ 979 if (*plenp != 0) { 980 IP6_STATINC(IP6_STAT_BADOPTIONS); 981 icmp6_error(m, ICMP6_PARAM_PROB, 982 ICMP6_PARAMPROB_HEADER, 983 erroff + opt + 2 - opthead); 984 return (-1); 985 } 986 #endif 987 988 /* 989 * jumbo payload length must be larger than 65535. 990 */ 991 if (jumboplen <= IPV6_MAXPACKET) { 992 IP6_STATINC(IP6_STAT_BADOPTIONS); 993 icmp6_error(m, ICMP6_PARAM_PROB, 994 ICMP6_PARAMPROB_HEADER, 995 erroff + opt + 2 - opthead); 996 return (-1); 997 } 998 *plenp = jumboplen; 999 1000 break; 1001 default: /* unknown option */ 1002 if (hbhlen < IP6OPT_MINLEN) { 1003 IP6_STATINC(IP6_STAT_TOOSMALL); 1004 goto bad; 1005 } 1006 optlen = ip6_unknown_opt(opt, m, 1007 erroff + opt - opthead); 1008 if (optlen == -1) 1009 return (-1); 1010 optlen += 2; 1011 break; 1012 } 1013 } 1014 1015 return (0); 1016 1017 bad: 1018 m_freem(m); 1019 return (-1); 1020 } 1021 1022 /* 1023 * Unknown option processing. 1024 * The third argument `off' is the offset from the IPv6 header to the option, 1025 * which is necessary if the IPv6 header the and option header and IPv6 header 1026 * is not continuous in order to return an ICMPv6 error. 1027 */ 1028 int 1029 ip6_unknown_opt(u_int8_t *optp, struct mbuf *m, int off) 1030 { 1031 struct ip6_hdr *ip6; 1032 1033 switch (IP6OPT_TYPE(*optp)) { 1034 case IP6OPT_TYPE_SKIP: /* ignore the option */ 1035 return ((int)*(optp + 1)); 1036 case IP6OPT_TYPE_DISCARD: /* silently discard */ 1037 m_freem(m); 1038 return (-1); 1039 case IP6OPT_TYPE_FORCEICMP: /* send ICMP even if multicasted */ 1040 IP6_STATINC(IP6_STAT_BADOPTIONS); 1041 icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, off); 1042 return (-1); 1043 case IP6OPT_TYPE_ICMP: /* send ICMP if not multicasted */ 1044 IP6_STATINC(IP6_STAT_BADOPTIONS); 1045 ip6 = mtod(m, struct ip6_hdr *); 1046 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || 1047 (m->m_flags & (M_BCAST|M_MCAST))) 1048 m_freem(m); 1049 else 1050 icmp6_error(m, ICMP6_PARAM_PROB, 1051 ICMP6_PARAMPROB_OPTION, off); 1052 return (-1); 1053 } 1054 1055 m_freem(m); /* XXX: NOTREACHED */ 1056 return (-1); 1057 } 1058 1059 /* 1060 * Create the "control" list for this pcb. 1061 * 1062 * The routine will be called from upper layer handlers like tcp6_input(). 1063 * Thus the routine assumes that the caller (tcp6_input) have already 1064 * called IP6_EXTHDR_CHECK() and all the extension headers are located in the 1065 * very first mbuf on the mbuf chain. 1066 * We may want to add some infinite loop prevention or sanity checks for safety. 1067 * (This applies only when you are using KAME mbuf chain restriction, i.e. 1068 * you are using IP6_EXTHDR_CHECK() not m_pulldown()) 1069 */ 1070 void 1071 ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, 1072 struct ip6_hdr *ip6, struct mbuf *m) 1073 { 1074 struct socket *so = in6p->in6p_socket; 1075 #ifdef RFC2292 1076 #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) 1077 #else 1078 #define IS2292(x, y) (y) 1079 #endif 1080 1081 if (SOOPT_TIMESTAMP(so->so_options)) 1082 mp = sbsavetimestamp(so->so_options, m, mp); 1083 1084 /* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ 1085 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) 1086 return; 1087 1088 /* RFC 2292 sec. 5 */ 1089 if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) { 1090 struct in6_pktinfo pi6; 1091 1092 memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr)); 1093 in6_clearscope(&pi6.ipi6_addr); /* XXX */ 1094 pi6.ipi6_ifindex = m->m_pkthdr.rcvif_index; 1095 *mp = sbcreatecontrol(&pi6, sizeof(pi6), 1096 IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); 1097 if (*mp) 1098 mp = &(*mp)->m_next; 1099 } 1100 1101 if (in6p->in6p_flags & IN6P_HOPLIMIT) { 1102 int hlim = ip6->ip6_hlim & 0xff; 1103 1104 *mp = sbcreatecontrol(&hlim, sizeof(hlim), 1105 IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); 1106 if (*mp) 1107 mp = &(*mp)->m_next; 1108 } 1109 1110 if ((in6p->in6p_flags & IN6P_TCLASS) != 0) { 1111 u_int32_t flowinfo; 1112 int tclass; 1113 1114 flowinfo = (u_int32_t)ntohl(ip6->ip6_flow & IPV6_FLOWINFO_MASK); 1115 flowinfo >>= 20; 1116 1117 tclass = flowinfo & 0xff; 1118 *mp = sbcreatecontrol(&tclass, sizeof(tclass), 1119 IPV6_TCLASS, IPPROTO_IPV6); 1120 1121 if (*mp) 1122 mp = &(*mp)->m_next; 1123 } 1124 1125 /* 1126 * IPV6_HOPOPTS socket option. Recall that we required super-user 1127 * privilege for the option (see ip6_ctloutput), but it might be too 1128 * strict, since there might be some hop-by-hop options which can be 1129 * returned to normal user. 1130 * See also RFC3542 section 8 (or RFC2292 section 6). 1131 */ 1132 if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) { 1133 /* 1134 * Check if a hop-by-hop options header is contatined in the 1135 * received packet, and if so, store the options as ancillary 1136 * data. Note that a hop-by-hop options header must be 1137 * just after the IPv6 header, which fact is assured through 1138 * the IPv6 input processing. 1139 */ 1140 struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *); 1141 if (xip6->ip6_nxt == IPPROTO_HOPOPTS) { 1142 struct ip6_hbh *hbh; 1143 int hbhlen; 1144 struct mbuf *ext; 1145 1146 ext = ip6_pullexthdr(m, sizeof(struct ip6_hdr), 1147 xip6->ip6_nxt); 1148 if (ext == NULL) { 1149 IP6_STATINC(IP6_STAT_TOOSHORT); 1150 return; 1151 } 1152 hbh = mtod(ext, struct ip6_hbh *); 1153 hbhlen = (hbh->ip6h_len + 1) << 3; 1154 if (hbhlen != ext->m_len) { 1155 m_freem(ext); 1156 IP6_STATINC(IP6_STAT_TOOSHORT); 1157 return; 1158 } 1159 1160 /* 1161 * XXX: We copy whole the header even if a jumbo 1162 * payload option is included, which option is to 1163 * be removed before returning in the RFC 2292. 1164 * Note: this constraint is removed in RFC3542. 1165 */ 1166 *mp = sbcreatecontrol(hbh, hbhlen, 1167 IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), 1168 IPPROTO_IPV6); 1169 if (*mp) 1170 mp = &(*mp)->m_next; 1171 m_freem(ext); 1172 } 1173 } 1174 1175 /* IPV6_DSTOPTS and IPV6_RTHDR socket options */ 1176 if (in6p->in6p_flags & (IN6P_DSTOPTS | IN6P_RTHDR)) { 1177 struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *); 1178 int nxt = xip6->ip6_nxt, off = sizeof(struct ip6_hdr); 1179 1180 /* 1181 * Search for destination options headers or routing 1182 * header(s) through the header chain, and stores each 1183 * header as ancillary data. 1184 * Note that the order of the headers remains in 1185 * the chain of ancillary data. 1186 */ 1187 for (;;) { /* is explicit loop prevention necessary? */ 1188 struct ip6_ext *ip6e = NULL; 1189 int elen; 1190 struct mbuf *ext = NULL; 1191 1192 /* 1193 * if it is not an extension header, don't try to 1194 * pull it from the chain. 1195 */ 1196 switch (nxt) { 1197 case IPPROTO_DSTOPTS: 1198 case IPPROTO_ROUTING: 1199 case IPPROTO_HOPOPTS: 1200 case IPPROTO_AH: /* is it possible? */ 1201 break; 1202 default: 1203 goto loopend; 1204 } 1205 1206 ext = ip6_pullexthdr(m, off, nxt); 1207 if (ext == NULL) { 1208 IP6_STATINC(IP6_STAT_TOOSHORT); 1209 return; 1210 } 1211 ip6e = mtod(ext, struct ip6_ext *); 1212 if (nxt == IPPROTO_AH) 1213 elen = (ip6e->ip6e_len + 2) << 2; 1214 else 1215 elen = (ip6e->ip6e_len + 1) << 3; 1216 if (elen != ext->m_len) { 1217 m_freem(ext); 1218 IP6_STATINC(IP6_STAT_TOOSHORT); 1219 return; 1220 } 1221 KASSERT(IP6_HDR_ALIGNED_P(ip6e)); 1222 1223 switch (nxt) { 1224 case IPPROTO_DSTOPTS: 1225 if (!(in6p->in6p_flags & IN6P_DSTOPTS)) 1226 break; 1227 1228 *mp = sbcreatecontrol(ip6e, elen, 1229 IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), 1230 IPPROTO_IPV6); 1231 if (*mp) 1232 mp = &(*mp)->m_next; 1233 break; 1234 1235 case IPPROTO_ROUTING: 1236 if (!(in6p->in6p_flags & IN6P_RTHDR)) 1237 break; 1238 1239 *mp = sbcreatecontrol(ip6e, elen, 1240 IS2292(IPV6_2292RTHDR, IPV6_RTHDR), 1241 IPPROTO_IPV6); 1242 if (*mp) 1243 mp = &(*mp)->m_next; 1244 break; 1245 1246 case IPPROTO_HOPOPTS: 1247 case IPPROTO_AH: /* is it possible? */ 1248 break; 1249 1250 default: 1251 /* 1252 * other cases have been filtered in the above. 1253 * none will visit this case. here we supply 1254 * the code just in case (nxt overwritten or 1255 * other cases). 1256 */ 1257 m_freem(ext); 1258 goto loopend; 1259 1260 } 1261 1262 /* proceed with the next header. */ 1263 off += elen; 1264 nxt = ip6e->ip6e_nxt; 1265 ip6e = NULL; 1266 m_freem(ext); 1267 ext = NULL; 1268 } 1269 loopend: 1270 ; 1271 } 1272 } 1273 #undef IS2292 1274 1275 1276 void 1277 ip6_notify_pmtu(struct in6pcb *in6p, const struct sockaddr_in6 *dst, 1278 uint32_t *mtu) 1279 { 1280 struct socket *so; 1281 struct mbuf *m_mtu; 1282 struct ip6_mtuinfo mtuctl; 1283 1284 so = in6p->in6p_socket; 1285 1286 if (mtu == NULL) 1287 return; 1288 1289 KASSERT(so != NULL); 1290 1291 memset(&mtuctl, 0, sizeof(mtuctl)); /* zero-clear for safety */ 1292 mtuctl.ip6m_mtu = *mtu; 1293 mtuctl.ip6m_addr = *dst; 1294 if (sa6_recoverscope(&mtuctl.ip6m_addr)) 1295 return; 1296 1297 if ((m_mtu = sbcreatecontrol(&mtuctl, sizeof(mtuctl), 1298 IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) 1299 return; 1300 1301 if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) 1302 == 0) { 1303 m_freem(m_mtu); 1304 /* XXX: should count statistics */ 1305 } else 1306 sorwakeup(so); 1307 1308 return; 1309 } 1310 1311 /* 1312 * pull single extension header from mbuf chain. returns single mbuf that 1313 * contains the result, or NULL on error. 1314 */ 1315 static struct mbuf * 1316 ip6_pullexthdr(struct mbuf *m, size_t off, int nxt) 1317 { 1318 struct ip6_ext ip6e; 1319 size_t elen; 1320 struct mbuf *n; 1321 1322 #ifdef DIAGNOSTIC 1323 switch (nxt) { 1324 case IPPROTO_DSTOPTS: 1325 case IPPROTO_ROUTING: 1326 case IPPROTO_HOPOPTS: 1327 case IPPROTO_AH: /* is it possible? */ 1328 break; 1329 default: 1330 printf("ip6_pullexthdr: invalid nxt=%d\n", nxt); 1331 } 1332 #endif 1333 1334 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1335 if (nxt == IPPROTO_AH) 1336 elen = (ip6e.ip6e_len + 2) << 2; 1337 else 1338 elen = (ip6e.ip6e_len + 1) << 3; 1339 1340 MGET(n, M_DONTWAIT, MT_DATA); 1341 if (n && elen >= MLEN) { 1342 MCLGET(n, M_DONTWAIT); 1343 if ((n->m_flags & M_EXT) == 0) { 1344 m_free(n); 1345 n = NULL; 1346 } 1347 } 1348 if (!n) 1349 return NULL; 1350 1351 n->m_len = 0; 1352 if (elen >= M_TRAILINGSPACE(n)) { 1353 m_free(n); 1354 return NULL; 1355 } 1356 1357 m_copydata(m, off, elen, mtod(n, void *)); 1358 n->m_len = elen; 1359 return n; 1360 } 1361 1362 /* 1363 * Get pointer to the previous header followed by the header 1364 * currently processed. 1365 * XXX: This function supposes that 1366 * M includes all headers, 1367 * the next header field and the header length field of each header 1368 * are valid, and 1369 * the sum of each header length equals to OFF. 1370 * Because of these assumptions, this function must be called very 1371 * carefully. Moreover, it will not be used in the near future when 1372 * we develop `neater' mechanism to process extension headers. 1373 */ 1374 u_int8_t * 1375 ip6_get_prevhdr(struct mbuf *m, int off) 1376 { 1377 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 1378 1379 if (off == sizeof(struct ip6_hdr)) 1380 return (&ip6->ip6_nxt); 1381 else { 1382 int len, nxt; 1383 struct ip6_ext *ip6e = NULL; 1384 1385 nxt = ip6->ip6_nxt; 1386 len = sizeof(struct ip6_hdr); 1387 while (len < off) { 1388 ip6e = (struct ip6_ext *)(mtod(m, char *) + len); 1389 1390 switch (nxt) { 1391 case IPPROTO_FRAGMENT: 1392 len += sizeof(struct ip6_frag); 1393 break; 1394 case IPPROTO_AH: 1395 len += (ip6e->ip6e_len + 2) << 2; 1396 break; 1397 default: 1398 len += (ip6e->ip6e_len + 1) << 3; 1399 break; 1400 } 1401 nxt = ip6e->ip6e_nxt; 1402 } 1403 if (ip6e) 1404 return (&ip6e->ip6e_nxt); 1405 else 1406 return NULL; 1407 } 1408 } 1409 1410 /* 1411 * get next header offset. m will be retained. 1412 */ 1413 int 1414 ip6_nexthdr(struct mbuf *m, int off, int proto, int *nxtp) 1415 { 1416 struct ip6_hdr ip6; 1417 struct ip6_ext ip6e; 1418 struct ip6_frag fh; 1419 1420 /* just in case */ 1421 if (m == NULL) 1422 panic("ip6_nexthdr: m == NULL"); 1423 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) 1424 return -1; 1425 1426 switch (proto) { 1427 case IPPROTO_IPV6: 1428 /* do not chase beyond intermediate IPv6 headers */ 1429 if (off != 0) 1430 return -1; 1431 if (m->m_pkthdr.len < off + sizeof(ip6)) 1432 return -1; 1433 m_copydata(m, off, sizeof(ip6), (void *)&ip6); 1434 if (nxtp) 1435 *nxtp = ip6.ip6_nxt; 1436 off += sizeof(ip6); 1437 return off; 1438 1439 case IPPROTO_FRAGMENT: 1440 /* 1441 * terminate parsing if it is not the first fragment, 1442 * it does not make sense to parse through it. 1443 */ 1444 if (m->m_pkthdr.len < off + sizeof(fh)) 1445 return -1; 1446 m_copydata(m, off, sizeof(fh), (void *)&fh); 1447 if ((fh.ip6f_offlg & IP6F_OFF_MASK) != 0) 1448 return -1; 1449 if (nxtp) 1450 *nxtp = fh.ip6f_nxt; 1451 off += sizeof(struct ip6_frag); 1452 return off; 1453 1454 case IPPROTO_AH: 1455 if (m->m_pkthdr.len < off + sizeof(ip6e)) 1456 return -1; 1457 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1458 if (nxtp) 1459 *nxtp = ip6e.ip6e_nxt; 1460 off += (ip6e.ip6e_len + 2) << 2; 1461 if (m->m_pkthdr.len < off) 1462 return -1; 1463 return off; 1464 1465 case IPPROTO_HOPOPTS: 1466 case IPPROTO_ROUTING: 1467 case IPPROTO_DSTOPTS: 1468 if (m->m_pkthdr.len < off + sizeof(ip6e)) 1469 return -1; 1470 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1471 if (nxtp) 1472 *nxtp = ip6e.ip6e_nxt; 1473 off += (ip6e.ip6e_len + 1) << 3; 1474 if (m->m_pkthdr.len < off) 1475 return -1; 1476 return off; 1477 1478 case IPPROTO_NONE: 1479 case IPPROTO_ESP: 1480 case IPPROTO_IPCOMP: 1481 /* give up */ 1482 return -1; 1483 1484 default: 1485 return -1; 1486 } 1487 } 1488 1489 /* 1490 * get offset for the last header in the chain. m will be kept untainted. 1491 */ 1492 int 1493 ip6_lasthdr(struct mbuf *m, int off, int proto, int *nxtp) 1494 { 1495 int newoff; 1496 int nxt; 1497 1498 if (!nxtp) { 1499 nxt = -1; 1500 nxtp = &nxt; 1501 } 1502 for (;;) { 1503 newoff = ip6_nexthdr(m, off, proto, nxtp); 1504 if (newoff < 0) 1505 return off; 1506 else if (newoff < off) 1507 return -1; /* invalid */ 1508 else if (newoff == off) 1509 return newoff; 1510 1511 off = newoff; 1512 proto = *nxtp; 1513 } 1514 } 1515 1516 struct m_tag * 1517 ip6_addaux(struct mbuf *m) 1518 { 1519 struct m_tag *mtag; 1520 1521 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1522 if (!mtag) { 1523 mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), 1524 M_NOWAIT); 1525 if (mtag) { 1526 m_tag_prepend(m, mtag); 1527 memset(mtag + 1, 0, sizeof(struct ip6aux)); 1528 } 1529 } 1530 return mtag; 1531 } 1532 1533 struct m_tag * 1534 ip6_findaux(struct mbuf *m) 1535 { 1536 struct m_tag *mtag; 1537 1538 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1539 return mtag; 1540 } 1541 1542 void 1543 ip6_delaux(struct mbuf *m) 1544 { 1545 struct m_tag *mtag; 1546 1547 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1548 if (mtag) 1549 m_tag_delete(m, mtag); 1550 } 1551 1552 /* 1553 * System control for IP6 1554 */ 1555 1556 const u_char inet6ctlerrmap[PRC_NCMDS] = { 1557 0, 0, 0, 0, 1558 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1559 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1560 EMSGSIZE, EHOSTUNREACH, 0, 0, 1561 0, 0, 0, 0, 1562 ENOPROTOOPT 1563 }; 1564 1565 extern int sysctl_net_inet6_addrctlpolicy(SYSCTLFN_ARGS); 1566 1567 static int 1568 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS) 1569 { 1570 1571 return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); 1572 } 1573 1574 static void 1575 sysctl_net_inet6_ip6_setup(struct sysctllog **clog) 1576 { 1577 #ifdef RFC2292 1578 #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) 1579 #else 1580 #define IS2292(x, y) (y) 1581 #endif 1582 1583 sysctl_createv(clog, 0, NULL, NULL, 1584 CTLFLAG_PERMANENT, 1585 CTLTYPE_NODE, "inet6", 1586 SYSCTL_DESCR("PF_INET6 related settings"), 1587 NULL, 0, NULL, 0, 1588 CTL_NET, PF_INET6, CTL_EOL); 1589 sysctl_createv(clog, 0, NULL, NULL, 1590 CTLFLAG_PERMANENT, 1591 CTLTYPE_NODE, "ip6", 1592 SYSCTL_DESCR("IPv6 related settings"), 1593 NULL, 0, NULL, 0, 1594 CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_EOL); 1595 1596 sysctl_createv(clog, 0, NULL, NULL, 1597 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1598 CTLTYPE_INT, "forwarding", 1599 SYSCTL_DESCR("Enable forwarding of INET6 datagrams"), 1600 NULL, 0, &ip6_forwarding, 0, 1601 CTL_NET, PF_INET6, IPPROTO_IPV6, 1602 IPV6CTL_FORWARDING, CTL_EOL); 1603 sysctl_createv(clog, 0, NULL, NULL, 1604 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1605 CTLTYPE_INT, "redirect", 1606 SYSCTL_DESCR("Enable sending of ICMPv6 redirect messages"), 1607 NULL, 0, &ip6_sendredirects, 0, 1608 CTL_NET, PF_INET6, IPPROTO_IPV6, 1609 IPV6CTL_SENDREDIRECTS, CTL_EOL); 1610 sysctl_createv(clog, 0, NULL, NULL, 1611 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1612 CTLTYPE_INT, "hlim", 1613 SYSCTL_DESCR("Hop limit for an INET6 datagram"), 1614 NULL, 0, &ip6_defhlim, 0, 1615 CTL_NET, PF_INET6, IPPROTO_IPV6, 1616 IPV6CTL_DEFHLIM, CTL_EOL); 1617 #ifdef notyet 1618 sysctl_createv(clog, 0, NULL, NULL, 1619 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1620 CTLTYPE_INT, "mtu", NULL, 1621 NULL, 0, &, 0, 1622 CTL_NET, PF_INET6, IPPROTO_IPV6, 1623 IPV6CTL_DEFMTU, CTL_EOL); 1624 #endif 1625 #ifdef __no_idea__ 1626 sysctl_createv(clog, 0, NULL, NULL, 1627 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1628 CTLTYPE_INT, "forwsrcrt", NULL, 1629 NULL, 0, &?, 0, 1630 CTL_NET, PF_INET6, IPPROTO_IPV6, 1631 IPV6CTL_FORWSRCRT, CTL_EOL); 1632 sysctl_createv(clog, 0, NULL, NULL, 1633 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1634 CTLTYPE_STRUCT, "mrtstats", NULL, 1635 NULL, 0, &?, sizeof(?), 1636 CTL_NET, PF_INET6, IPPROTO_IPV6, 1637 IPV6CTL_MRTSTATS, CTL_EOL); 1638 sysctl_createv(clog, 0, NULL, NULL, 1639 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1640 CTLTYPE_?, "mrtproto", NULL, 1641 NULL, 0, &?, sizeof(?), 1642 CTL_NET, PF_INET6, IPPROTO_IPV6, 1643 IPV6CTL_MRTPROTO, CTL_EOL); 1644 #endif 1645 sysctl_createv(clog, 0, NULL, NULL, 1646 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1647 CTLTYPE_INT, "maxfragpackets", 1648 SYSCTL_DESCR("Maximum number of fragments to buffer " 1649 "for reassembly"), 1650 NULL, 0, &ip6_maxfragpackets, 0, 1651 CTL_NET, PF_INET6, IPPROTO_IPV6, 1652 IPV6CTL_MAXFRAGPACKETS, CTL_EOL); 1653 #ifdef __no_idea__ 1654 sysctl_createv(clog, 0, NULL, NULL, 1655 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1656 CTLTYPE_INT, "sourcecheck", NULL, 1657 NULL, 0, &?, 0, 1658 CTL_NET, PF_INET6, IPPROTO_IPV6, 1659 IPV6CTL_SOURCECHECK, CTL_EOL); 1660 sysctl_createv(clog, 0, NULL, NULL, 1661 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1662 CTLTYPE_INT, "sourcecheck_logint", NULL, 1663 NULL, 0, &?, 0, 1664 CTL_NET, PF_INET6, IPPROTO_IPV6, 1665 IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL); 1666 #endif 1667 sysctl_createv(clog, 0, NULL, NULL, 1668 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1669 CTLTYPE_INT, "accept_rtadv", 1670 SYSCTL_DESCR("Accept router advertisements"), 1671 NULL, 0, &ip6_accept_rtadv, 0, 1672 CTL_NET, PF_INET6, IPPROTO_IPV6, 1673 IPV6CTL_ACCEPT_RTADV, CTL_EOL); 1674 sysctl_createv(clog, 0, NULL, NULL, 1675 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1676 CTLTYPE_INT, "rtadv_maxroutes", 1677 SYSCTL_DESCR("Maximum number of routes accepted via router advertisements"), 1678 NULL, 0, &ip6_rtadv_maxroutes, 0, 1679 CTL_NET, PF_INET6, IPPROTO_IPV6, 1680 IPV6CTL_RTADV_MAXROUTES, CTL_EOL); 1681 sysctl_createv(clog, 0, NULL, NULL, 1682 CTLFLAG_PERMANENT, 1683 CTLTYPE_INT, "rtadv_numroutes", 1684 SYSCTL_DESCR("Current number of routes accepted via router advertisements"), 1685 NULL, 0, &nd6_numroutes, 0, 1686 CTL_NET, PF_INET6, IPPROTO_IPV6, 1687 IPV6CTL_RTADV_NUMROUTES, CTL_EOL); 1688 sysctl_createv(clog, 0, NULL, NULL, 1689 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1690 CTLTYPE_INT, "keepfaith", 1691 SYSCTL_DESCR("Activate faith interface"), 1692 NULL, 0, &ip6_keepfaith, 0, 1693 CTL_NET, PF_INET6, IPPROTO_IPV6, 1694 IPV6CTL_KEEPFAITH, CTL_EOL); 1695 sysctl_createv(clog, 0, NULL, NULL, 1696 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1697 CTLTYPE_INT, "log_interval", 1698 SYSCTL_DESCR("Minumum interval between logging " 1699 "unroutable packets"), 1700 NULL, 0, &ip6_log_interval, 0, 1701 CTL_NET, PF_INET6, IPPROTO_IPV6, 1702 IPV6CTL_LOG_INTERVAL, CTL_EOL); 1703 sysctl_createv(clog, 0, NULL, NULL, 1704 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1705 CTLTYPE_INT, "hdrnestlimit", 1706 SYSCTL_DESCR("Maximum number of nested IPv6 headers"), 1707 NULL, 0, &ip6_hdrnestlimit, 0, 1708 CTL_NET, PF_INET6, IPPROTO_IPV6, 1709 IPV6CTL_HDRNESTLIMIT, CTL_EOL); 1710 sysctl_createv(clog, 0, NULL, NULL, 1711 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1712 CTLTYPE_INT, "dad_count", 1713 SYSCTL_DESCR("Number of Duplicate Address Detection " 1714 "probes to send"), 1715 NULL, 0, &ip6_dad_count, 0, 1716 CTL_NET, PF_INET6, IPPROTO_IPV6, 1717 IPV6CTL_DAD_COUNT, CTL_EOL); 1718 sysctl_createv(clog, 0, NULL, NULL, 1719 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1720 CTLTYPE_INT, "auto_flowlabel", 1721 SYSCTL_DESCR("Assign random IPv6 flow labels"), 1722 NULL, 0, &ip6_auto_flowlabel, 0, 1723 CTL_NET, PF_INET6, IPPROTO_IPV6, 1724 IPV6CTL_AUTO_FLOWLABEL, CTL_EOL); 1725 sysctl_createv(clog, 0, NULL, NULL, 1726 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1727 CTLTYPE_INT, "defmcasthlim", 1728 SYSCTL_DESCR("Default multicast hop limit"), 1729 NULL, 0, &ip6_defmcasthlim, 0, 1730 CTL_NET, PF_INET6, IPPROTO_IPV6, 1731 IPV6CTL_DEFMCASTHLIM, CTL_EOL); 1732 sysctl_createv(clog, 0, NULL, NULL, 1733 CTLFLAG_PERMANENT, 1734 CTLTYPE_STRING, "kame_version", 1735 SYSCTL_DESCR("KAME Version"), 1736 NULL, 0, __UNCONST(__KAME_VERSION), 0, 1737 CTL_NET, PF_INET6, IPPROTO_IPV6, 1738 IPV6CTL_KAME_VERSION, CTL_EOL); 1739 sysctl_createv(clog, 0, NULL, NULL, 1740 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1741 CTLTYPE_INT, "use_deprecated", 1742 SYSCTL_DESCR("Allow use of deprecated addresses as " 1743 "source addresses"), 1744 NULL, 0, &ip6_use_deprecated, 0, 1745 CTL_NET, PF_INET6, IPPROTO_IPV6, 1746 IPV6CTL_USE_DEPRECATED, CTL_EOL); 1747 sysctl_createv(clog, 0, NULL, NULL, 1748 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1749 CTLTYPE_INT, "rr_prune", NULL, 1750 NULL, 0, &ip6_rr_prune, 0, 1751 CTL_NET, PF_INET6, IPPROTO_IPV6, 1752 IPV6CTL_RR_PRUNE, CTL_EOL); 1753 sysctl_createv(clog, 0, NULL, NULL, 1754 CTLFLAG_PERMANENT 1755 #ifndef INET6_BINDV6ONLY 1756 |CTLFLAG_READWRITE, 1757 #endif 1758 CTLTYPE_INT, "v6only", 1759 SYSCTL_DESCR("Disallow PF_INET6 sockets from connecting " 1760 "to PF_INET sockets"), 1761 NULL, 0, &ip6_v6only, 0, 1762 CTL_NET, PF_INET6, IPPROTO_IPV6, 1763 IPV6CTL_V6ONLY, CTL_EOL); 1764 sysctl_createv(clog, 0, NULL, NULL, 1765 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1766 CTLTYPE_INT, "anonportmin", 1767 SYSCTL_DESCR("Lowest ephemeral port number to assign"), 1768 sysctl_net_inet_ip_ports, 0, &ip6_anonportmin, 0, 1769 CTL_NET, PF_INET6, IPPROTO_IPV6, 1770 IPV6CTL_ANONPORTMIN, CTL_EOL); 1771 sysctl_createv(clog, 0, NULL, NULL, 1772 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1773 CTLTYPE_INT, "anonportmax", 1774 SYSCTL_DESCR("Highest ephemeral port number to assign"), 1775 sysctl_net_inet_ip_ports, 0, &ip6_anonportmax, 0, 1776 CTL_NET, PF_INET6, IPPROTO_IPV6, 1777 IPV6CTL_ANONPORTMAX, CTL_EOL); 1778 #ifndef IPNOPRIVPORTS 1779 sysctl_createv(clog, 0, NULL, NULL, 1780 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1781 CTLTYPE_INT, "lowportmin", 1782 SYSCTL_DESCR("Lowest privileged ephemeral port number " 1783 "to assign"), 1784 sysctl_net_inet_ip_ports, 0, &ip6_lowportmin, 0, 1785 CTL_NET, PF_INET6, IPPROTO_IPV6, 1786 IPV6CTL_LOWPORTMIN, CTL_EOL); 1787 sysctl_createv(clog, 0, NULL, NULL, 1788 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1789 CTLTYPE_INT, "lowportmax", 1790 SYSCTL_DESCR("Highest privileged ephemeral port number " 1791 "to assign"), 1792 sysctl_net_inet_ip_ports, 0, &ip6_lowportmax, 0, 1793 CTL_NET, PF_INET6, IPPROTO_IPV6, 1794 IPV6CTL_LOWPORTMAX, CTL_EOL); 1795 #endif /* IPNOPRIVPORTS */ 1796 sysctl_createv(clog, 0, NULL, NULL, 1797 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1798 CTLTYPE_INT, "auto_linklocal", 1799 SYSCTL_DESCR("Default value of per-interface flag for " 1800 "adding an IPv6 link-local address to " 1801 "interfaces when attached"), 1802 NULL, 0, &ip6_auto_linklocal, 0, 1803 CTL_NET, PF_INET6, IPPROTO_IPV6, 1804 IPV6CTL_AUTO_LINKLOCAL, CTL_EOL); 1805 sysctl_createv(clog, 0, NULL, NULL, 1806 CTLFLAG_PERMANENT|CTLFLAG_READONLY, 1807 CTLTYPE_STRUCT, "addctlpolicy", 1808 SYSCTL_DESCR("Return the current address control" 1809 " policy"), 1810 sysctl_net_inet6_addrctlpolicy, 0, NULL, 0, 1811 CTL_NET, PF_INET6, IPPROTO_IPV6, 1812 IPV6CTL_ADDRCTLPOLICY, CTL_EOL); 1813 sysctl_createv(clog, 0, NULL, NULL, 1814 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1815 CTLTYPE_INT, "use_tempaddr", 1816 SYSCTL_DESCR("Use temporary address"), 1817 NULL, 0, &ip6_use_tempaddr, 0, 1818 CTL_NET, PF_INET6, IPPROTO_IPV6, 1819 CTL_CREATE, CTL_EOL); 1820 sysctl_createv(clog, 0, NULL, NULL, 1821 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1822 CTLTYPE_INT, "prefer_tempaddr", 1823 SYSCTL_DESCR("Prefer temporary address as source " 1824 "address"), 1825 NULL, 0, &ip6_prefer_tempaddr, 0, 1826 CTL_NET, PF_INET6, IPPROTO_IPV6, 1827 CTL_CREATE, CTL_EOL); 1828 sysctl_createv(clog, 0, NULL, NULL, 1829 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1830 CTLTYPE_INT, "temppltime", 1831 SYSCTL_DESCR("preferred lifetime of a temporary address"), 1832 NULL, 0, &ip6_temp_preferred_lifetime, 0, 1833 CTL_NET, PF_INET6, IPPROTO_IPV6, 1834 CTL_CREATE, CTL_EOL); 1835 sysctl_createv(clog, 0, NULL, NULL, 1836 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1837 CTLTYPE_INT, "tempvltime", 1838 SYSCTL_DESCR("valid lifetime of a temporary address"), 1839 NULL, 0, &ip6_temp_valid_lifetime, 0, 1840 CTL_NET, PF_INET6, IPPROTO_IPV6, 1841 CTL_CREATE, CTL_EOL); 1842 sysctl_createv(clog, 0, NULL, NULL, 1843 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1844 CTLTYPE_INT, "maxfrags", 1845 SYSCTL_DESCR("Maximum fragments in reassembly queue"), 1846 NULL, 0, &ip6_maxfrags, 0, 1847 CTL_NET, PF_INET6, IPPROTO_IPV6, 1848 IPV6CTL_MAXFRAGS, CTL_EOL); 1849 sysctl_createv(clog, 0, NULL, NULL, 1850 CTLFLAG_PERMANENT, 1851 CTLTYPE_STRUCT, "stats", 1852 SYSCTL_DESCR("IPv6 statistics"), 1853 sysctl_net_inet6_ip6_stats, 0, NULL, 0, 1854 CTL_NET, PF_INET6, IPPROTO_IPV6, 1855 IPV6CTL_STATS, CTL_EOL); 1856 sysctl_createv(clog, 0, NULL, NULL, 1857 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1858 CTLTYPE_INT, "use_defaultzone", 1859 SYSCTL_DESCR("Whether to use the default scope zones"), 1860 NULL, 0, &ip6_use_defzone, 0, 1861 CTL_NET, PF_INET6, IPPROTO_IPV6, 1862 IPV6CTL_USE_DEFAULTZONE, CTL_EOL); 1863 sysctl_createv(clog, 0, NULL, NULL, 1864 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1865 CTLTYPE_INT, "mcast_pmtu", 1866 SYSCTL_DESCR("Enable pMTU discovery for multicast packet"), 1867 NULL, 0, &ip6_mcast_pmtu, 0, 1868 CTL_NET, PF_INET6, IPPROTO_IPV6, 1869 CTL_CREATE, CTL_EOL); 1870 /* anonportalgo RFC6056 subtree */ 1871 const struct sysctlnode *portalgo_node; 1872 sysctl_createv(clog, 0, NULL, &portalgo_node, 1873 CTLFLAG_PERMANENT, 1874 CTLTYPE_NODE, "anonportalgo", 1875 SYSCTL_DESCR("Anonymous port algorithm selection (RFC 6056)"), 1876 NULL, 0, NULL, 0, 1877 CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_CREATE, CTL_EOL); 1878 sysctl_createv(clog, 0, &portalgo_node, NULL, 1879 CTLFLAG_PERMANENT, 1880 CTLTYPE_STRING, "available", 1881 SYSCTL_DESCR("available algorithms"), 1882 sysctl_portalgo_available, 0, NULL, PORTALGO_MAXLEN, 1883 CTL_CREATE, CTL_EOL); 1884 sysctl_createv(clog, 0, &portalgo_node, NULL, 1885 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1886 CTLTYPE_STRING, "selected", 1887 SYSCTL_DESCR("selected algorithm"), 1888 sysctl_portalgo_selected6, 0, NULL, PORTALGO_MAXLEN, 1889 CTL_CREATE, CTL_EOL); 1890 sysctl_createv(clog, 0, &portalgo_node, NULL, 1891 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1892 CTLTYPE_STRUCT, "reserve", 1893 SYSCTL_DESCR("bitmap of reserved ports"), 1894 sysctl_portalgo_reserve6, 0, NULL, 0, 1895 CTL_CREATE, CTL_EOL); 1896 sysctl_createv(clog, 0, NULL, NULL, 1897 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1898 CTLTYPE_INT, "neighborgcthresh", 1899 SYSCTL_DESCR("Maximum number of entries in neighbor" 1900 " cache"), 1901 NULL, 1, &ip6_neighborgcthresh, 0, 1902 CTL_NET, PF_INET6, IPPROTO_IPV6, 1903 CTL_CREATE, CTL_EOL); 1904 sysctl_createv(clog, 0, NULL, NULL, 1905 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1906 CTLTYPE_INT, "maxifprefixes", 1907 SYSCTL_DESCR("Maximum number of prefixes created by" 1908 " route advertisement per interface"), 1909 NULL, 1, &ip6_maxifprefixes, 0, 1910 CTL_NET, PF_INET6, IPPROTO_IPV6, 1911 CTL_CREATE, CTL_EOL); 1912 sysctl_createv(clog, 0, NULL, NULL, 1913 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1914 CTLTYPE_INT, "maxifdefrouters", 1915 SYSCTL_DESCR("Maximum number of default routers created" 1916 " by route advertisement per interface"), 1917 NULL, 1, &ip6_maxifdefrouters, 0, 1918 CTL_NET, PF_INET6, IPPROTO_IPV6, 1919 CTL_CREATE, CTL_EOL); 1920 sysctl_createv(clog, 0, NULL, NULL, 1921 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1922 CTLTYPE_INT, "maxdynroutes", 1923 SYSCTL_DESCR("Maximum number of routes created via" 1924 " redirect"), 1925 NULL, 1, &ip6_maxdynroutes, 0, 1926 CTL_NET, PF_INET6, IPPROTO_IPV6, 1927 CTL_CREATE, CTL_EOL); 1928 } 1929 1930 void 1931 ip6_statinc(u_int stat) 1932 { 1933 1934 KASSERT(stat < IP6_NSTATS); 1935 IP6_STATINC(stat); 1936 } 1937