1 /* $NetBSD: ip6_input.c,v 1.88 2006/05/25 21:32:47 bouyer Exp $ */ 2 /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1988, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.88 2006/05/25 21:32:47 bouyer Exp $"); 66 67 #include "opt_inet.h" 68 #include "opt_inet6.h" 69 #include "opt_ipsec.h" 70 #include "opt_pfil_hooks.h" 71 72 #include <sys/param.h> 73 #include <sys/systm.h> 74 #include <sys/malloc.h> 75 #include <sys/mbuf.h> 76 #include <sys/domain.h> 77 #include <sys/protosw.h> 78 #include <sys/socket.h> 79 #include <sys/socketvar.h> 80 #include <sys/errno.h> 81 #include <sys/time.h> 82 #include <sys/kernel.h> 83 #include <sys/syslog.h> 84 #include <sys/proc.h> 85 #include <sys/sysctl.h> 86 87 #include <net/if.h> 88 #include <net/if_types.h> 89 #include <net/if_dl.h> 90 #include <net/route.h> 91 #include <net/netisr.h> 92 #ifdef PFIL_HOOKS 93 #include <net/pfil.h> 94 #endif 95 96 #include <netinet/in.h> 97 #include <netinet/in_systm.h> 98 #ifdef INET 99 #include <netinet/ip.h> 100 #include <netinet/ip_icmp.h> 101 #endif /* INET */ 102 #include <netinet/ip6.h> 103 #include <netinet6/in6_var.h> 104 #include <netinet6/ip6_var.h> 105 #include <netinet6/in6_pcb.h> 106 #include <netinet/icmp6.h> 107 #include <netinet6/scope6_var.h> 108 #include <netinet6/in6_ifattach.h> 109 #include <netinet6/nd6.h> 110 111 #ifdef IPSEC 112 #include <netinet6/ipsec.h> 113 #endif 114 115 #include <netinet6/ip6protosw.h> 116 117 #include "faith.h" 118 #include "gif.h" 119 120 #if NGIF > 0 121 #include <netinet6/in6_gif.h> 122 #endif 123 124 #include <net/net_osdep.h> 125 126 extern struct domain inet6domain; 127 128 u_char ip6_protox[IPPROTO_MAX]; 129 static int ip6qmaxlen = IFQ_MAXLEN; 130 struct in6_ifaddr *in6_ifaddr; 131 struct ifqueue ip6intrq; 132 133 extern struct callout in6_tmpaddrtimer_ch; 134 135 int ip6_forward_srcrt; /* XXX */ 136 int ip6_sourcecheck; /* XXX */ 137 int ip6_sourcecheck_interval; /* XXX */ 138 139 #ifdef PFIL_HOOKS 140 struct pfil_head inet6_pfil_hook; 141 #endif 142 143 struct ip6stat ip6stat; 144 145 static void ip6_init2 __P((void *)); 146 static struct m_tag *ip6_setdstifaddr __P((struct mbuf *, struct in6_ifaddr *)); 147 148 static int ip6_hopopts_input __P((u_int32_t *, u_int32_t *, struct mbuf **, int *)); 149 static struct mbuf *ip6_pullexthdr __P((struct mbuf *, size_t, int)); 150 151 /* 152 * IP6 initialization: fill in IP6 protocol switch table. 153 * All protocols not implemented in kernel go to raw IP6 protocol handler. 154 */ 155 void 156 ip6_init() 157 { 158 const struct ip6protosw *pr; 159 int i; 160 161 pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); 162 if (pr == 0) 163 panic("ip6_init"); 164 for (i = 0; i < IPPROTO_MAX; i++) 165 ip6_protox[i] = pr - inet6sw; 166 for (pr = (const struct ip6protosw *)inet6domain.dom_protosw; 167 pr < (const struct ip6protosw *)inet6domain.dom_protoswNPROTOSW; pr++) 168 if (pr->pr_domain->dom_family == PF_INET6 && 169 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) 170 ip6_protox[pr->pr_protocol] = pr - inet6sw; 171 ip6intrq.ifq_maxlen = ip6qmaxlen; 172 scope6_init(); 173 addrsel_policy_init(); 174 nd6_init(); 175 frag6_init(); 176 ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; 177 178 ip6_init2((void *)0); 179 180 #ifdef PFIL_HOOKS 181 /* Register our Packet Filter hook. */ 182 inet6_pfil_hook.ph_type = PFIL_TYPE_AF; 183 inet6_pfil_hook.ph_af = AF_INET6; 184 i = pfil_head_register(&inet6_pfil_hook); 185 if (i != 0) 186 printf("ip6_init: WARNING: unable to register pfil hook, " 187 "error %d\n", i); 188 #endif /* PFIL_HOOKS */ 189 } 190 191 static void 192 ip6_init2(dummy) 193 void *dummy; 194 { 195 196 /* nd6_timer_init */ 197 callout_init(&nd6_timer_ch); 198 callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL); 199 200 /* timer for regeneranation of temporary addresses randomize ID */ 201 callout_init(&in6_tmpaddrtimer_ch); 202 callout_reset(&in6_tmpaddrtimer_ch, 203 (ip6_temp_preferred_lifetime - ip6_desync_factor - 204 ip6_temp_regen_advance) * hz, 205 in6_tmpaddrtimer, NULL); 206 } 207 208 /* 209 * IP6 input interrupt handling. Just pass the packet to ip6_input. 210 */ 211 void 212 ip6intr() 213 { 214 int s; 215 struct mbuf *m; 216 217 for (;;) { 218 s = splnet(); 219 IF_DEQUEUE(&ip6intrq, m); 220 splx(s); 221 if (m == 0) 222 return; 223 /* drop the packet if IPv6 operation is disabled on the IF */ 224 if ((ND_IFINFO(m->m_pkthdr.rcvif)->flags & ND6_IFF_IFDISABLED)) { 225 m_freem(m); 226 return; 227 } 228 ip6_input(m); 229 } 230 } 231 232 extern struct route_in6 ip6_forward_rt; 233 234 void 235 ip6_input(m) 236 struct mbuf *m; 237 { 238 struct ip6_hdr *ip6; 239 int off = sizeof(struct ip6_hdr), nest; 240 u_int32_t plen; 241 u_int32_t rtalert = ~0; 242 int nxt, ours = 0; 243 struct ifnet *deliverifp = NULL; 244 int srcrt = 0; 245 246 #ifdef IPSEC 247 /* 248 * should the inner packet be considered authentic? 249 * see comment in ah4_input(). 250 */ 251 m->m_flags &= ~M_AUTHIPHDR; 252 m->m_flags &= ~M_AUTHIPDGM; 253 #endif 254 255 /* 256 * make sure we don't have onion peering information into m_tag. 257 */ 258 ip6_delaux(m); 259 260 /* 261 * mbuf statistics 262 */ 263 if (m->m_flags & M_EXT) { 264 if (m->m_next) 265 ip6stat.ip6s_mext2m++; 266 else 267 ip6stat.ip6s_mext1++; 268 } else { 269 #define M2MMAX (sizeof(ip6stat.ip6s_m2m)/sizeof(ip6stat.ip6s_m2m[0])) 270 if (m->m_next) { 271 if (m->m_flags & M_LOOP) { 272 ip6stat.ip6s_m2m[lo0ifp->if_index]++; /* XXX */ 273 } else if (m->m_pkthdr.rcvif->if_index < M2MMAX) 274 ip6stat.ip6s_m2m[m->m_pkthdr.rcvif->if_index]++; 275 else 276 ip6stat.ip6s_m2m[0]++; 277 } else 278 ip6stat.ip6s_m1++; 279 #undef M2MMAX 280 } 281 282 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive); 283 ip6stat.ip6s_total++; 284 285 /* 286 * If the IPv6 header is not aligned, slurp it up into a new 287 * mbuf with space for link headers, in the event we forward 288 * it. Otherwise, if it is aligned, make sure the entire base 289 * IPv6 header is in the first mbuf of the chain. 290 */ 291 if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { 292 struct ifnet *inifp = m->m_pkthdr.rcvif; 293 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 294 (max_linkhdr + 3) & ~3)) == NULL) { 295 /* XXXJRT new stat, please */ 296 ip6stat.ip6s_toosmall++; 297 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 298 return; 299 } 300 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 301 struct ifnet *inifp = m->m_pkthdr.rcvif; 302 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 303 ip6stat.ip6s_toosmall++; 304 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 305 return; 306 } 307 } 308 309 ip6 = mtod(m, struct ip6_hdr *); 310 311 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 312 ip6stat.ip6s_badvers++; 313 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 314 goto bad; 315 } 316 317 #ifdef PFIL_HOOKS 318 /* 319 * Run through list of hooks for input packets. If there are any 320 * filters which require that additional packets in the flow are 321 * not fast-forwarded, they must clear the M_CANFASTFWD flag. 322 * Note that filters must _never_ set this flag, as another filter 323 * in the list may have previously cleared it. 324 */ 325 /* 326 * let ipfilter look at packet on the wire, 327 * not the decapsulated packet. 328 */ 329 #ifdef IPSEC 330 if (!ipsec_getnhist(m)) 331 #else 332 if (1) 333 #endif 334 { 335 struct in6_addr odst; 336 337 odst = ip6->ip6_dst; 338 if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, 339 PFIL_IN) != 0) 340 return; 341 if (m == NULL) 342 return; 343 ip6 = mtod(m, struct ip6_hdr *); 344 srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); 345 } 346 #endif /* PFIL_HOOKS */ 347 348 ip6stat.ip6s_nxthist[ip6->ip6_nxt]++; 349 350 #ifdef ALTQ 351 if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) { 352 /* packet is dropped by traffic conditioner */ 353 return; 354 } 355 #endif 356 357 /* 358 * Check against address spoofing/corruption. 359 */ 360 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || 361 IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { 362 /* 363 * XXX: "badscope" is not very suitable for a multicast source. 364 */ 365 ip6stat.ip6s_badscope++; 366 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 367 goto bad; 368 } 369 /* 370 * The following check is not documented in specs. A malicious 371 * party may be able to use IPv4 mapped addr to confuse tcp/udp stack 372 * and bypass security checks (act as if it was from 127.0.0.1 by using 373 * IPv6 src ::ffff:127.0.0.1). Be cautious. 374 * 375 * This check chokes if we are in an SIIT cloud. As none of BSDs 376 * support IPv4-less kernel compilation, we cannot support SIIT 377 * environment at all. So, it makes more sense for us to reject any 378 * malicious packets for non-SIIT environment, than try to do a 379 * partial support for SIIT environment. 380 */ 381 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 382 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 383 ip6stat.ip6s_badscope++; 384 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 385 goto bad; 386 } 387 #if 0 388 /* 389 * Reject packets with IPv4 compatible addresses (auto tunnel). 390 * 391 * The code forbids auto tunnel relay case in RFC1933 (the check is 392 * stronger than RFC1933). We may want to re-enable it if mech-xx 393 * is revised to forbid relaying case. 394 */ 395 if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || 396 IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { 397 ip6stat.ip6s_badscope++; 398 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 399 goto bad; 400 } 401 #endif 402 403 /* 404 * Disambiguate address scope zones (if there is ambiguity). 405 * We first make sure that the original source or destination address 406 * is not in our internal form for scoped addresses. Such addresses 407 * are not necessarily invalid spec-wise, but we cannot accept them due 408 * to the usage conflict. 409 * in6_setscope() then also checks and rejects the cases where src or 410 * dst are the loopback address and the receiving interface 411 * is not loopback. 412 */ 413 if (__predict_false( 414 m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) 415 goto bad; 416 ip6 = mtod(m, struct ip6_hdr *); 417 if (in6_clearscope(&ip6->ip6_src) || in6_clearscope(&ip6->ip6_dst)) { 418 ip6stat.ip6s_badscope++; /* XXX */ 419 goto bad; 420 } 421 if (in6_setscope(&ip6->ip6_src, m->m_pkthdr.rcvif, NULL) || 422 in6_setscope(&ip6->ip6_dst, m->m_pkthdr.rcvif, NULL)) { 423 ip6stat.ip6s_badscope++; 424 goto bad; 425 } 426 427 /* 428 * Multicast check 429 */ 430 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 431 struct in6_multi *in6m = 0; 432 433 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mcast); 434 /* 435 * See if we belong to the destination multicast group on the 436 * arrival interface. 437 */ 438 IN6_LOOKUP_MULTI(ip6->ip6_dst, m->m_pkthdr.rcvif, in6m); 439 if (in6m) 440 ours = 1; 441 else if (!ip6_mrouter) { 442 ip6stat.ip6s_notmember++; 443 ip6stat.ip6s_cantforward++; 444 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 445 goto bad; 446 } 447 deliverifp = m->m_pkthdr.rcvif; 448 goto hbhcheck; 449 } 450 451 /* 452 * Unicast check 453 */ 454 if (ip6_forward_rt.ro_rt != NULL && 455 (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 && 456 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, 457 &((struct sockaddr_in6 *)(&ip6_forward_rt.ro_dst))->sin6_addr)) 458 ip6stat.ip6s_forward_cachehit++; 459 else { 460 struct sockaddr_in6 *dst6; 461 462 if (ip6_forward_rt.ro_rt) { 463 /* route is down or destination is different */ 464 ip6stat.ip6s_forward_cachemiss++; 465 RTFREE(ip6_forward_rt.ro_rt); 466 ip6_forward_rt.ro_rt = 0; 467 } 468 469 bzero(&ip6_forward_rt.ro_dst, sizeof(struct sockaddr_in6)); 470 dst6 = (struct sockaddr_in6 *)&ip6_forward_rt.ro_dst; 471 dst6->sin6_len = sizeof(struct sockaddr_in6); 472 dst6->sin6_family = AF_INET6; 473 dst6->sin6_addr = ip6->ip6_dst; 474 475 rtalloc((struct route *)&ip6_forward_rt); 476 } 477 478 #define rt6_key(r) ((struct sockaddr_in6 *)((r)->rt_nodes->rn_key)) 479 480 /* 481 * Accept the packet if the forwarding interface to the destination 482 * according to the routing table is the loopback interface, 483 * unless the associated route has a gateway. 484 * Note that this approach causes to accept a packet if there is a 485 * route to the loopback interface for the destination of the packet. 486 * But we think it's even useful in some situations, e.g. when using 487 * a special daemon which wants to intercept the packet. 488 */ 489 if (ip6_forward_rt.ro_rt && 490 (ip6_forward_rt.ro_rt->rt_flags & 491 (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && 492 !(ip6_forward_rt.ro_rt->rt_flags & RTF_CLONED) && 493 #if 0 494 /* 495 * The check below is redundant since the comparison of 496 * the destination and the key of the rtentry has 497 * already done through looking up the routing table. 498 */ 499 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, 500 &rt6_key(ip6_forward_rt.ro_rt)->sin6_addr) && 501 #endif 502 ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) { 503 struct in6_ifaddr *ia6 = 504 (struct in6_ifaddr *)ip6_forward_rt.ro_rt->rt_ifa; 505 if (ia6->ia6_flags & IN6_IFF_ANYCAST) 506 m->m_flags |= M_ANYCAST6; 507 /* 508 * packets to a tentative, duplicated, or somehow invalid 509 * address must not be accepted. 510 */ 511 if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) { 512 /* this address is ready */ 513 ours = 1; 514 deliverifp = ia6->ia_ifp; /* correct? */ 515 goto hbhcheck; 516 } else { 517 /* address is not ready, so discard the packet. */ 518 nd6log((LOG_INFO, 519 "ip6_input: packet to an unready address %s->%s\n", 520 ip6_sprintf(&ip6->ip6_src), 521 ip6_sprintf(&ip6->ip6_dst))); 522 523 goto bad; 524 } 525 } 526 527 /* 528 * FAITH (Firewall Aided Internet Translator) 529 */ 530 #if defined(NFAITH) && 0 < NFAITH 531 if (ip6_keepfaith) { 532 if (ip6_forward_rt.ro_rt && ip6_forward_rt.ro_rt->rt_ifp && 533 ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_FAITH) { 534 /* XXX do we need more sanity checks? */ 535 ours = 1; 536 deliverifp = ip6_forward_rt.ro_rt->rt_ifp; /* faith */ 537 goto hbhcheck; 538 } 539 } 540 #endif 541 542 #if 0 543 { 544 /* 545 * Last resort: check in6_ifaddr for incoming interface. 546 * The code is here until I update the "goto ours hack" code above 547 * working right. 548 */ 549 struct ifaddr *ifa; 550 for (ifa = m->m_pkthdr.rcvif->if_addrlist.tqh_first; 551 ifa; 552 ifa = ifa->ifa_list.tqe_next) { 553 if (ifa->ifa_addr == NULL) 554 continue; /* just for safety */ 555 if (ifa->ifa_addr->sa_family != AF_INET6) 556 continue; 557 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { 558 ours = 1; 559 deliverifp = ifa->ifa_ifp; 560 goto hbhcheck; 561 } 562 } 563 } 564 #endif 565 566 /* 567 * Now there is no reason to process the packet if it's not our own 568 * and we're not a router. 569 */ 570 if (!ip6_forwarding) { 571 ip6stat.ip6s_cantforward++; 572 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 573 goto bad; 574 } 575 576 hbhcheck: 577 /* 578 * record address information into m_tag, if we don't have one yet. 579 * note that we are unable to record it, if the address is not listed 580 * as our interface address (e.g. multicast addresses, addresses 581 * within FAITH prefixes and such). 582 */ 583 if (deliverifp && !ip6_getdstifaddr(m)) { 584 struct in6_ifaddr *ia6; 585 586 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 587 if (ia6) { 588 if (!ip6_setdstifaddr(m, ia6)) { 589 /* 590 * XXX maybe we should drop the packet here, 591 * as we could not provide enough information 592 * to the upper layers. 593 */ 594 } 595 } 596 } 597 598 /* 599 * Process Hop-by-Hop options header if it's contained. 600 * m may be modified in ip6_hopopts_input(). 601 * If a JumboPayload option is included, plen will also be modified. 602 */ 603 plen = (u_int32_t)ntohs(ip6->ip6_plen); 604 if (ip6->ip6_nxt == IPPROTO_HOPOPTS) { 605 struct ip6_hbh *hbh; 606 607 if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { 608 #if 0 /*touches NULL pointer*/ 609 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 610 #endif 611 return; /* m have already been freed */ 612 } 613 614 /* adjust pointer */ 615 ip6 = mtod(m, struct ip6_hdr *); 616 617 /* 618 * if the payload length field is 0 and the next header field 619 * indicates Hop-by-Hop Options header, then a Jumbo Payload 620 * option MUST be included. 621 */ 622 if (ip6->ip6_plen == 0 && plen == 0) { 623 /* 624 * Note that if a valid jumbo payload option is 625 * contained, ip6_hopopts_input() must set a valid 626 * (non-zero) payload length to the variable plen. 627 */ 628 ip6stat.ip6s_badoptions++; 629 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 630 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 631 icmp6_error(m, ICMP6_PARAM_PROB, 632 ICMP6_PARAMPROB_HEADER, 633 (caddr_t)&ip6->ip6_plen - (caddr_t)ip6); 634 return; 635 } 636 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), 637 sizeof(struct ip6_hbh)); 638 if (hbh == NULL) { 639 ip6stat.ip6s_tooshort++; 640 return; 641 } 642 KASSERT(IP6_HDR_ALIGNED_P(hbh)); 643 nxt = hbh->ip6h_nxt; 644 645 /* 646 * accept the packet if a router alert option is included 647 * and we act as an IPv6 router. 648 */ 649 if (rtalert != ~0 && ip6_forwarding) 650 ours = 1; 651 } else 652 nxt = ip6->ip6_nxt; 653 654 /* 655 * Check that the amount of data in the buffers 656 * is as at least much as the IPv6 header would have us expect. 657 * Trim mbufs if longer than we expect. 658 * Drop packet if shorter than we expect. 659 */ 660 if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { 661 ip6stat.ip6s_tooshort++; 662 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); 663 goto bad; 664 } 665 if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) { 666 if (m->m_len == m->m_pkthdr.len) { 667 m->m_len = sizeof(struct ip6_hdr) + plen; 668 m->m_pkthdr.len = sizeof(struct ip6_hdr) + plen; 669 } else 670 m_adj(m, sizeof(struct ip6_hdr) + plen - m->m_pkthdr.len); 671 } 672 673 /* 674 * Forward if desirable. 675 */ 676 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 677 /* 678 * If we are acting as a multicast router, all 679 * incoming multicast packets are passed to the 680 * kernel-level multicast forwarding function. 681 * The packet is returned (relatively) intact; if 682 * ip6_mforward() returns a non-zero value, the packet 683 * must be discarded, else it may be accepted below. 684 */ 685 if (ip6_mrouter && ip6_mforward(ip6, m->m_pkthdr.rcvif, m)) { 686 ip6stat.ip6s_cantforward++; 687 m_freem(m); 688 return; 689 } 690 if (!ours) { 691 m_freem(m); 692 return; 693 } 694 } else if (!ours) { 695 ip6_forward(m, srcrt); 696 return; 697 } 698 699 ip6 = mtod(m, struct ip6_hdr *); 700 701 /* 702 * Malicious party may be able to use IPv4 mapped addr to confuse 703 * tcp/udp stack and bypass security checks (act as if it was from 704 * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. 705 * 706 * For SIIT end node behavior, you may want to disable the check. 707 * However, you will become vulnerable to attacks using IPv4 mapped 708 * source. 709 */ 710 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 711 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 712 ip6stat.ip6s_badscope++; 713 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 714 goto bad; 715 } 716 717 /* 718 * Tell launch routine the next header 719 */ 720 #ifdef IFA_STATS 721 if (deliverifp != NULL) { 722 struct in6_ifaddr *ia6; 723 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 724 if (ia6) 725 ia6->ia_ifa.ifa_data.ifad_inbytes += m->m_pkthdr.len; 726 } 727 #endif 728 ip6stat.ip6s_delivered++; 729 in6_ifstat_inc(deliverifp, ifs6_in_deliver); 730 nest = 0; 731 732 while (nxt != IPPROTO_DONE) { 733 if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { 734 ip6stat.ip6s_toomanyhdr++; 735 goto bad; 736 } 737 738 /* 739 * protection against faulty packet - there should be 740 * more sanity checks in header chain processing. 741 */ 742 if (m->m_pkthdr.len < off) { 743 ip6stat.ip6s_tooshort++; 744 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); 745 goto bad; 746 } 747 748 #ifdef IPSEC 749 /* 750 * enforce IPsec policy checking if we are seeing last header. 751 * note that we do not visit this with protocols with pcb layer 752 * code - like udp/tcp/raw ip. 753 */ 754 if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && 755 ipsec6_in_reject(m, NULL)) { 756 ipsec6stat.in_polvio++; 757 goto bad; 758 } 759 #endif 760 761 nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); 762 } 763 return; 764 bad: 765 m_freem(m); 766 } 767 768 /* 769 * set/grab in6_ifaddr correspond to IPv6 destination address. 770 */ 771 static struct m_tag * 772 ip6_setdstifaddr(m, ia6) 773 struct mbuf *m; 774 struct in6_ifaddr *ia6; 775 { 776 struct m_tag *mtag; 777 778 mtag = ip6_addaux(m); 779 if (mtag) 780 ((struct ip6aux *)(mtag + 1))->ip6a_dstia6 = ia6; 781 return mtag; /* NULL if failed to set */ 782 } 783 784 struct in6_ifaddr * 785 ip6_getdstifaddr(m) 786 struct mbuf *m; 787 { 788 struct m_tag *mtag; 789 790 mtag = ip6_findaux(m); 791 if (mtag) 792 return ((struct ip6aux *)(mtag + 1))->ip6a_dstia6; 793 else 794 return NULL; 795 } 796 797 /* 798 * Hop-by-Hop options header processing. If a valid jumbo payload option is 799 * included, the real payload length will be stored in plenp. 800 */ 801 static int 802 ip6_hopopts_input(plenp, rtalertp, mp, offp) 803 u_int32_t *plenp; 804 u_int32_t *rtalertp; /* XXX: should be stored more smart way */ 805 struct mbuf **mp; 806 int *offp; 807 { 808 struct mbuf *m = *mp; 809 int off = *offp, hbhlen; 810 struct ip6_hbh *hbh; 811 812 /* validation of the length of the header */ 813 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, 814 sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); 815 if (hbh == NULL) { 816 ip6stat.ip6s_tooshort++; 817 return -1; 818 } 819 hbhlen = (hbh->ip6h_len + 1) << 3; 820 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), 821 hbhlen); 822 if (hbh == NULL) { 823 ip6stat.ip6s_tooshort++; 824 return -1; 825 } 826 KASSERT(IP6_HDR_ALIGNED_P(hbh)); 827 off += hbhlen; 828 hbhlen -= sizeof(struct ip6_hbh); 829 830 if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), 831 hbhlen, rtalertp, plenp) < 0) 832 return (-1); 833 834 *offp = off; 835 *mp = m; 836 return (0); 837 } 838 839 /* 840 * Search header for all Hop-by-hop options and process each option. 841 * This function is separate from ip6_hopopts_input() in order to 842 * handle a case where the sending node itself process its hop-by-hop 843 * options header. In such a case, the function is called from ip6_output(). 844 * 845 * The function assumes that hbh header is located right after the IPv6 header 846 * (RFC2460 p7), opthead is pointer into data content in m, and opthead to 847 * opthead + hbhlen is located in continuous memory region. 848 */ 849 int 850 ip6_process_hopopts(m, opthead, hbhlen, rtalertp, plenp) 851 struct mbuf *m; 852 u_int8_t *opthead; 853 int hbhlen; 854 u_int32_t *rtalertp; 855 u_int32_t *plenp; 856 { 857 struct ip6_hdr *ip6; 858 int optlen = 0; 859 u_int8_t *opt = opthead; 860 u_int16_t rtalert_val; 861 u_int32_t jumboplen; 862 const int erroff = sizeof(struct ip6_hdr) + sizeof(struct ip6_hbh); 863 864 for (; hbhlen > 0; hbhlen -= optlen, opt += optlen) { 865 switch (*opt) { 866 case IP6OPT_PAD1: 867 optlen = 1; 868 break; 869 case IP6OPT_PADN: 870 if (hbhlen < IP6OPT_MINLEN) { 871 ip6stat.ip6s_toosmall++; 872 goto bad; 873 } 874 optlen = *(opt + 1) + 2; 875 break; 876 case IP6OPT_RTALERT: 877 /* XXX may need check for alignment */ 878 if (hbhlen < IP6OPT_RTALERT_LEN) { 879 ip6stat.ip6s_toosmall++; 880 goto bad; 881 } 882 if (*(opt + 1) != IP6OPT_RTALERT_LEN - 2) { 883 /* XXX stat */ 884 icmp6_error(m, ICMP6_PARAM_PROB, 885 ICMP6_PARAMPROB_HEADER, 886 erroff + opt + 1 - opthead); 887 return (-1); 888 } 889 optlen = IP6OPT_RTALERT_LEN; 890 bcopy((caddr_t)(opt + 2), (caddr_t)&rtalert_val, 2); 891 *rtalertp = ntohs(rtalert_val); 892 break; 893 case IP6OPT_JUMBO: 894 /* XXX may need check for alignment */ 895 if (hbhlen < IP6OPT_JUMBO_LEN) { 896 ip6stat.ip6s_toosmall++; 897 goto bad; 898 } 899 if (*(opt + 1) != IP6OPT_JUMBO_LEN - 2) { 900 /* XXX stat */ 901 icmp6_error(m, ICMP6_PARAM_PROB, 902 ICMP6_PARAMPROB_HEADER, 903 erroff + opt + 1 - opthead); 904 return (-1); 905 } 906 optlen = IP6OPT_JUMBO_LEN; 907 908 /* 909 * IPv6 packets that have non 0 payload length 910 * must not contain a jumbo payload option. 911 */ 912 ip6 = mtod(m, struct ip6_hdr *); 913 if (ip6->ip6_plen) { 914 ip6stat.ip6s_badoptions++; 915 icmp6_error(m, ICMP6_PARAM_PROB, 916 ICMP6_PARAMPROB_HEADER, 917 erroff + opt - opthead); 918 return (-1); 919 } 920 921 /* 922 * We may see jumbolen in unaligned location, so 923 * we'd need to perform bcopy(). 924 */ 925 bcopy(opt + 2, &jumboplen, sizeof(jumboplen)); 926 jumboplen = (u_int32_t)htonl(jumboplen); 927 928 #if 1 929 /* 930 * if there are multiple jumbo payload options, 931 * *plenp will be non-zero and the packet will be 932 * rejected. 933 * the behavior may need some debate in ipngwg - 934 * multiple options does not make sense, however, 935 * there's no explicit mention in specification. 936 */ 937 if (*plenp != 0) { 938 ip6stat.ip6s_badoptions++; 939 icmp6_error(m, ICMP6_PARAM_PROB, 940 ICMP6_PARAMPROB_HEADER, 941 erroff + opt + 2 - opthead); 942 return (-1); 943 } 944 #endif 945 946 /* 947 * jumbo payload length must be larger than 65535. 948 */ 949 if (jumboplen <= IPV6_MAXPACKET) { 950 ip6stat.ip6s_badoptions++; 951 icmp6_error(m, ICMP6_PARAM_PROB, 952 ICMP6_PARAMPROB_HEADER, 953 erroff + opt + 2 - opthead); 954 return (-1); 955 } 956 *plenp = jumboplen; 957 958 break; 959 default: /* unknown option */ 960 if (hbhlen < IP6OPT_MINLEN) { 961 ip6stat.ip6s_toosmall++; 962 goto bad; 963 } 964 optlen = ip6_unknown_opt(opt, m, 965 erroff + opt - opthead); 966 if (optlen == -1) 967 return (-1); 968 optlen += 2; 969 break; 970 } 971 } 972 973 return (0); 974 975 bad: 976 m_freem(m); 977 return (-1); 978 } 979 980 /* 981 * Unknown option processing. 982 * The third argument `off' is the offset from the IPv6 header to the option, 983 * which is necessary if the IPv6 header the and option header and IPv6 header 984 * is not continuous in order to return an ICMPv6 error. 985 */ 986 int 987 ip6_unknown_opt(optp, m, off) 988 u_int8_t *optp; 989 struct mbuf *m; 990 int off; 991 { 992 struct ip6_hdr *ip6; 993 994 switch (IP6OPT_TYPE(*optp)) { 995 case IP6OPT_TYPE_SKIP: /* ignore the option */ 996 return ((int)*(optp + 1)); 997 case IP6OPT_TYPE_DISCARD: /* silently discard */ 998 m_freem(m); 999 return (-1); 1000 case IP6OPT_TYPE_FORCEICMP: /* send ICMP even if multicasted */ 1001 ip6stat.ip6s_badoptions++; 1002 icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, off); 1003 return (-1); 1004 case IP6OPT_TYPE_ICMP: /* send ICMP if not multicasted */ 1005 ip6stat.ip6s_badoptions++; 1006 ip6 = mtod(m, struct ip6_hdr *); 1007 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || 1008 (m->m_flags & (M_BCAST|M_MCAST))) 1009 m_freem(m); 1010 else 1011 icmp6_error(m, ICMP6_PARAM_PROB, 1012 ICMP6_PARAMPROB_OPTION, off); 1013 return (-1); 1014 } 1015 1016 m_freem(m); /* XXX: NOTREACHED */ 1017 return (-1); 1018 } 1019 1020 /* 1021 * Create the "control" list for this pcb. 1022 * 1023 * The routine will be called from upper layer handlers like tcp6_input(). 1024 * Thus the routine assumes that the caller (tcp6_input) have already 1025 * called IP6_EXTHDR_CHECK() and all the extension headers are located in the 1026 * very first mbuf on the mbuf chain. 1027 * We may want to add some infinite loop prevention or sanity checks for safety. 1028 * (This applies only when you are using KAME mbuf chain restriction, i.e. 1029 * you are using IP6_EXTHDR_CHECK() not m_pulldown()) 1030 */ 1031 void 1032 ip6_savecontrol(in6p, mp, ip6, m) 1033 struct in6pcb *in6p; 1034 struct mbuf **mp; 1035 struct ip6_hdr *ip6; 1036 struct mbuf *m; 1037 { 1038 #ifdef RFC2292 1039 #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) 1040 #else 1041 #define IS2292(x, y) (y) 1042 #endif 1043 1044 #ifdef SO_TIMESTAMP 1045 if (in6p->in6p_socket->so_options & SO_TIMESTAMP) { 1046 struct timeval tv; 1047 1048 microtime(&tv); 1049 *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), 1050 SCM_TIMESTAMP, SOL_SOCKET); 1051 if (*mp) 1052 mp = &(*mp)->m_next; 1053 } 1054 #endif 1055 1056 /* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ 1057 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) 1058 return; 1059 1060 /* RFC 2292 sec. 5 */ 1061 if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) { 1062 struct in6_pktinfo pi6; 1063 1064 bcopy(&ip6->ip6_dst, &pi6.ipi6_addr, sizeof(struct in6_addr)); 1065 in6_clearscope(&pi6.ipi6_addr); /* XXX */ 1066 pi6.ipi6_ifindex = m->m_pkthdr.rcvif ? 1067 m->m_pkthdr.rcvif->if_index : 0; 1068 *mp = sbcreatecontrol((caddr_t) &pi6, 1069 sizeof(struct in6_pktinfo), 1070 IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); 1071 if (*mp) 1072 mp = &(*mp)->m_next; 1073 } 1074 1075 if (in6p->in6p_flags & IN6P_HOPLIMIT) { 1076 int hlim = ip6->ip6_hlim & 0xff; 1077 1078 *mp = sbcreatecontrol((caddr_t) &hlim, sizeof(int), 1079 IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); 1080 if (*mp) 1081 mp = &(*mp)->m_next; 1082 } 1083 1084 if ((in6p->in6p_flags & IN6P_TCLASS) != 0) { 1085 u_int32_t flowinfo; 1086 int tclass; 1087 1088 flowinfo = (u_int32_t)ntohl(ip6->ip6_flow & IPV6_FLOWINFO_MASK); 1089 flowinfo >>= 20; 1090 1091 tclass = flowinfo & 0xff; 1092 *mp = sbcreatecontrol((caddr_t)&tclass, sizeof(tclass), 1093 IPV6_TCLASS, IPPROTO_IPV6); 1094 1095 if (*mp) 1096 mp = &(*mp)->m_next; 1097 } 1098 1099 /* 1100 * IPV6_HOPOPTS socket option. Recall that we required super-user 1101 * privilege for the option (see ip6_ctloutput), but it might be too 1102 * strict, since there might be some hop-by-hop options which can be 1103 * returned to normal user. 1104 * See also RFC3542 section 8 (or RFC2292 section 6). 1105 */ 1106 if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) { 1107 /* 1108 * Check if a hop-by-hop options header is contatined in the 1109 * received packet, and if so, store the options as ancillary 1110 * data. Note that a hop-by-hop options header must be 1111 * just after the IPv6 header, which fact is assured through 1112 * the IPv6 input processing. 1113 */ 1114 struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *); 1115 if (xip6->ip6_nxt == IPPROTO_HOPOPTS) { 1116 struct ip6_hbh *hbh; 1117 int hbhlen; 1118 struct mbuf *ext; 1119 1120 ext = ip6_pullexthdr(m, sizeof(struct ip6_hdr), 1121 xip6->ip6_nxt); 1122 if (ext == NULL) { 1123 ip6stat.ip6s_tooshort++; 1124 return; 1125 } 1126 hbh = mtod(ext, struct ip6_hbh *); 1127 hbhlen = (hbh->ip6h_len + 1) << 3; 1128 if (hbhlen != ext->m_len) { 1129 m_freem(ext); 1130 ip6stat.ip6s_tooshort++; 1131 return; 1132 } 1133 1134 /* 1135 * XXX: We copy whole the header even if a jumbo 1136 * payload option is included, which option is to 1137 * be removed before returning in the RFC 2292. 1138 * Note: this constraint is removed in RFC3542. 1139 */ 1140 *mp = sbcreatecontrol((caddr_t)hbh, hbhlen, 1141 IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), 1142 IPPROTO_IPV6); 1143 if (*mp) 1144 mp = &(*mp)->m_next; 1145 m_freem(ext); 1146 } 1147 } 1148 1149 /* IPV6_DSTOPTS and IPV6_RTHDR socket options */ 1150 if (in6p->in6p_flags & (IN6P_DSTOPTS | IN6P_RTHDR)) { 1151 struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *); 1152 int nxt = xip6->ip6_nxt, off = sizeof(struct ip6_hdr); 1153 1154 /* 1155 * Search for destination options headers or routing 1156 * header(s) through the header chain, and stores each 1157 * header as ancillary data. 1158 * Note that the order of the headers remains in 1159 * the chain of ancillary data. 1160 */ 1161 for (;;) { /* is explicit loop prevention necessary? */ 1162 struct ip6_ext *ip6e = NULL; 1163 int elen; 1164 struct mbuf *ext = NULL; 1165 1166 /* 1167 * if it is not an extension header, don't try to 1168 * pull it from the chain. 1169 */ 1170 switch (nxt) { 1171 case IPPROTO_DSTOPTS: 1172 case IPPROTO_ROUTING: 1173 case IPPROTO_HOPOPTS: 1174 case IPPROTO_AH: /* is it possible? */ 1175 break; 1176 default: 1177 goto loopend; 1178 } 1179 1180 ext = ip6_pullexthdr(m, off, nxt); 1181 if (ext == NULL) { 1182 ip6stat.ip6s_tooshort++; 1183 return; 1184 } 1185 ip6e = mtod(ext, struct ip6_ext *); 1186 if (nxt == IPPROTO_AH) 1187 elen = (ip6e->ip6e_len + 2) << 2; 1188 else 1189 elen = (ip6e->ip6e_len + 1) << 3; 1190 if (elen != ext->m_len) { 1191 m_freem(ext); 1192 ip6stat.ip6s_tooshort++; 1193 return; 1194 } 1195 KASSERT(IP6_HDR_ALIGNED_P(ip6e)); 1196 1197 switch (nxt) { 1198 case IPPROTO_DSTOPTS: 1199 if (!in6p->in6p_flags & IN6P_DSTOPTS) 1200 break; 1201 1202 *mp = sbcreatecontrol((caddr_t)ip6e, elen, 1203 IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), 1204 IPPROTO_IPV6); 1205 if (*mp) 1206 mp = &(*mp)->m_next; 1207 break; 1208 1209 case IPPROTO_ROUTING: 1210 if (!in6p->in6p_flags & IN6P_RTHDR) 1211 break; 1212 1213 *mp = sbcreatecontrol((caddr_t)ip6e, elen, 1214 IS2292(IPV6_2292RTHDR, IPV6_RTHDR), 1215 IPPROTO_IPV6); 1216 if (*mp) 1217 mp = &(*mp)->m_next; 1218 break; 1219 1220 case IPPROTO_HOPOPTS: 1221 case IPPROTO_AH: /* is it possible? */ 1222 break; 1223 1224 default: 1225 /* 1226 * other cases have been filtered in the above. 1227 * none will visit this case. here we supply 1228 * the code just in case (nxt overwritten or 1229 * other cases). 1230 */ 1231 m_freem(ext); 1232 goto loopend; 1233 1234 } 1235 1236 /* proceed with the next header. */ 1237 off += elen; 1238 nxt = ip6e->ip6e_nxt; 1239 ip6e = NULL; 1240 m_freem(ext); 1241 ext = NULL; 1242 } 1243 loopend: 1244 ; 1245 } 1246 } 1247 #undef IS2292 1248 1249 1250 void 1251 ip6_notify_pmtu(struct in6pcb *in6p, struct sockaddr_in6 *dst, uint32_t *mtu) 1252 { 1253 struct socket *so; 1254 struct mbuf *m_mtu; 1255 struct ip6_mtuinfo mtuctl; 1256 1257 so = in6p->in6p_socket; 1258 1259 if (mtu == NULL) 1260 return; 1261 1262 #ifdef DIAGNOSTIC 1263 if (so == NULL) /* I believe this is impossible */ 1264 panic("ip6_notify_pmtu: socket is NULL"); 1265 #endif 1266 1267 memset(&mtuctl, 0, sizeof(mtuctl)); /* zero-clear for safety */ 1268 mtuctl.ip6m_mtu = *mtu; 1269 mtuctl.ip6m_addr = *dst; 1270 if (sa6_recoverscope(&mtuctl.ip6m_addr)) 1271 return; 1272 1273 if ((m_mtu = sbcreatecontrol((caddr_t)&mtuctl, sizeof(mtuctl), 1274 IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) 1275 return; 1276 1277 if (sbappendaddr(&so->so_rcv, (struct sockaddr *)dst, NULL, m_mtu) 1278 == 0) { 1279 m_freem(m_mtu); 1280 /* XXX: should count statistics */ 1281 } else 1282 sorwakeup(so); 1283 1284 return; 1285 } 1286 1287 /* 1288 * pull single extension header from mbuf chain. returns single mbuf that 1289 * contains the result, or NULL on error. 1290 */ 1291 static struct mbuf * 1292 ip6_pullexthdr(m, off, nxt) 1293 struct mbuf *m; 1294 size_t off; 1295 int nxt; 1296 { 1297 struct ip6_ext ip6e; 1298 size_t elen; 1299 struct mbuf *n; 1300 1301 #ifdef DIAGNOSTIC 1302 switch (nxt) { 1303 case IPPROTO_DSTOPTS: 1304 case IPPROTO_ROUTING: 1305 case IPPROTO_HOPOPTS: 1306 case IPPROTO_AH: /* is it possible? */ 1307 break; 1308 default: 1309 printf("ip6_pullexthdr: invalid nxt=%d\n", nxt); 1310 } 1311 #endif 1312 1313 m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e); 1314 if (nxt == IPPROTO_AH) 1315 elen = (ip6e.ip6e_len + 2) << 2; 1316 else 1317 elen = (ip6e.ip6e_len + 1) << 3; 1318 1319 MGET(n, M_DONTWAIT, MT_DATA); 1320 if (n && elen >= MLEN) { 1321 MCLGET(n, M_DONTWAIT); 1322 if ((n->m_flags & M_EXT) == 0) { 1323 m_free(n); 1324 n = NULL; 1325 } 1326 } 1327 if (!n) 1328 return NULL; 1329 1330 n->m_len = 0; 1331 if (elen >= M_TRAILINGSPACE(n)) { 1332 m_free(n); 1333 return NULL; 1334 } 1335 1336 m_copydata(m, off, elen, mtod(n, caddr_t)); 1337 n->m_len = elen; 1338 return n; 1339 } 1340 1341 /* 1342 * Get pointer to the previous header followed by the header 1343 * currently processed. 1344 * XXX: This function supposes that 1345 * M includes all headers, 1346 * the next header field and the header length field of each header 1347 * are valid, and 1348 * the sum of each header length equals to OFF. 1349 * Because of these assumptions, this function must be called very 1350 * carefully. Moreover, it will not be used in the near future when 1351 * we develop `neater' mechanism to process extension headers. 1352 */ 1353 u_int8_t * 1354 ip6_get_prevhdr(m, off) 1355 struct mbuf *m; 1356 int off; 1357 { 1358 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 1359 1360 if (off == sizeof(struct ip6_hdr)) 1361 return (&ip6->ip6_nxt); 1362 else { 1363 int len, nxt; 1364 struct ip6_ext *ip6e = NULL; 1365 1366 nxt = ip6->ip6_nxt; 1367 len = sizeof(struct ip6_hdr); 1368 while (len < off) { 1369 ip6e = (struct ip6_ext *)(mtod(m, caddr_t) + len); 1370 1371 switch (nxt) { 1372 case IPPROTO_FRAGMENT: 1373 len += sizeof(struct ip6_frag); 1374 break; 1375 case IPPROTO_AH: 1376 len += (ip6e->ip6e_len + 2) << 2; 1377 break; 1378 default: 1379 len += (ip6e->ip6e_len + 1) << 3; 1380 break; 1381 } 1382 nxt = ip6e->ip6e_nxt; 1383 } 1384 if (ip6e) 1385 return (&ip6e->ip6e_nxt); 1386 else 1387 return NULL; 1388 } 1389 } 1390 1391 /* 1392 * get next header offset. m will be retained. 1393 */ 1394 int 1395 ip6_nexthdr(m, off, proto, nxtp) 1396 struct mbuf *m; 1397 int off; 1398 int proto; 1399 int *nxtp; 1400 { 1401 struct ip6_hdr ip6; 1402 struct ip6_ext ip6e; 1403 struct ip6_frag fh; 1404 1405 /* just in case */ 1406 if (m == NULL) 1407 panic("ip6_nexthdr: m == NULL"); 1408 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) 1409 return -1; 1410 1411 switch (proto) { 1412 case IPPROTO_IPV6: 1413 /* do not chase beyond intermediate IPv6 headers */ 1414 if (off != 0) 1415 return -1; 1416 if (m->m_pkthdr.len < off + sizeof(ip6)) 1417 return -1; 1418 m_copydata(m, off, sizeof(ip6), (caddr_t)&ip6); 1419 if (nxtp) 1420 *nxtp = ip6.ip6_nxt; 1421 off += sizeof(ip6); 1422 return off; 1423 1424 case IPPROTO_FRAGMENT: 1425 /* 1426 * terminate parsing if it is not the first fragment, 1427 * it does not make sense to parse through it. 1428 */ 1429 if (m->m_pkthdr.len < off + sizeof(fh)) 1430 return -1; 1431 m_copydata(m, off, sizeof(fh), (caddr_t)&fh); 1432 if ((fh.ip6f_offlg & IP6F_OFF_MASK) != 0) 1433 return -1; 1434 if (nxtp) 1435 *nxtp = fh.ip6f_nxt; 1436 off += sizeof(struct ip6_frag); 1437 return off; 1438 1439 case IPPROTO_AH: 1440 if (m->m_pkthdr.len < off + sizeof(ip6e)) 1441 return -1; 1442 m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e); 1443 if (nxtp) 1444 *nxtp = ip6e.ip6e_nxt; 1445 off += (ip6e.ip6e_len + 2) << 2; 1446 if (m->m_pkthdr.len < off) 1447 return -1; 1448 return off; 1449 1450 case IPPROTO_HOPOPTS: 1451 case IPPROTO_ROUTING: 1452 case IPPROTO_DSTOPTS: 1453 if (m->m_pkthdr.len < off + sizeof(ip6e)) 1454 return -1; 1455 m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e); 1456 if (nxtp) 1457 *nxtp = ip6e.ip6e_nxt; 1458 off += (ip6e.ip6e_len + 1) << 3; 1459 if (m->m_pkthdr.len < off) 1460 return -1; 1461 return off; 1462 1463 case IPPROTO_NONE: 1464 case IPPROTO_ESP: 1465 case IPPROTO_IPCOMP: 1466 /* give up */ 1467 return -1; 1468 1469 default: 1470 return -1; 1471 } 1472 } 1473 1474 /* 1475 * get offset for the last header in the chain. m will be kept untainted. 1476 */ 1477 int 1478 ip6_lasthdr(m, off, proto, nxtp) 1479 struct mbuf *m; 1480 int off; 1481 int proto; 1482 int *nxtp; 1483 { 1484 int newoff; 1485 int nxt; 1486 1487 if (!nxtp) { 1488 nxt = -1; 1489 nxtp = &nxt; 1490 } 1491 for (;;) { 1492 newoff = ip6_nexthdr(m, off, proto, nxtp); 1493 if (newoff < 0) 1494 return off; 1495 else if (newoff < off) 1496 return -1; /* invalid */ 1497 else if (newoff == off) 1498 return newoff; 1499 1500 off = newoff; 1501 proto = *nxtp; 1502 } 1503 } 1504 1505 struct m_tag * 1506 ip6_addaux(m) 1507 struct mbuf *m; 1508 { 1509 struct m_tag *mtag; 1510 1511 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1512 if (!mtag) { 1513 mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), 1514 M_NOWAIT); 1515 if (mtag) { 1516 m_tag_prepend(m, mtag); 1517 bzero(mtag + 1, sizeof(struct ip6aux)); 1518 } 1519 } 1520 return mtag; 1521 } 1522 1523 struct m_tag * 1524 ip6_findaux(m) 1525 struct mbuf *m; 1526 { 1527 struct m_tag *mtag; 1528 1529 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1530 return mtag; 1531 } 1532 1533 void 1534 ip6_delaux(m) 1535 struct mbuf *m; 1536 { 1537 struct m_tag *mtag; 1538 1539 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1540 if (mtag) 1541 m_tag_delete(m, mtag); 1542 } 1543 1544 /* 1545 * System control for IP6 1546 */ 1547 1548 u_char inet6ctlerrmap[PRC_NCMDS] = { 1549 0, 0, 0, 0, 1550 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1551 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1552 EMSGSIZE, EHOSTUNREACH, 0, 0, 1553 0, 0, 0, 0, 1554 ENOPROTOOPT 1555 }; 1556 1557 SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, "sysctl net.inet6.ip6 subtree setup") 1558 { 1559 #ifdef RFC2292 1560 #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) 1561 #else 1562 #define IS2292(x, y) (y) 1563 #endif 1564 1565 sysctl_createv(clog, 0, NULL, NULL, 1566 CTLFLAG_PERMANENT, 1567 CTLTYPE_NODE, "net", NULL, 1568 NULL, 0, NULL, 0, 1569 CTL_NET, CTL_EOL); 1570 sysctl_createv(clog, 0, NULL, NULL, 1571 CTLFLAG_PERMANENT, 1572 CTLTYPE_NODE, "inet6", 1573 SYSCTL_DESCR("PF_INET6 related settings"), 1574 NULL, 0, NULL, 0, 1575 CTL_NET, PF_INET6, CTL_EOL); 1576 sysctl_createv(clog, 0, NULL, NULL, 1577 CTLFLAG_PERMANENT, 1578 CTLTYPE_NODE, "ip6", 1579 SYSCTL_DESCR("IPv6 related settings"), 1580 NULL, 0, NULL, 0, 1581 CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_EOL); 1582 1583 sysctl_createv(clog, 0, NULL, NULL, 1584 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1585 CTLTYPE_INT, "forwarding", 1586 SYSCTL_DESCR("Enable forwarding of INET6 datagrams"), 1587 NULL, 0, &ip6_forwarding, 0, 1588 CTL_NET, PF_INET6, IPPROTO_IPV6, 1589 IPV6CTL_FORWARDING, CTL_EOL); 1590 sysctl_createv(clog, 0, NULL, NULL, 1591 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1592 CTLTYPE_INT, "redirect", 1593 SYSCTL_DESCR("Enable sending of ICMPv6 redirect messages"), 1594 NULL, 0, &ip6_sendredirects, 0, 1595 CTL_NET, PF_INET6, IPPROTO_IPV6, 1596 IPV6CTL_SENDREDIRECTS, CTL_EOL); 1597 sysctl_createv(clog, 0, NULL, NULL, 1598 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1599 CTLTYPE_INT, "hlim", 1600 SYSCTL_DESCR("Hop limit for an INET6 datagram"), 1601 NULL, 0, &ip6_defhlim, 0, 1602 CTL_NET, PF_INET6, IPPROTO_IPV6, 1603 IPV6CTL_DEFHLIM, CTL_EOL); 1604 #ifdef notyet 1605 sysctl_createv(clog, 0, NULL, NULL, 1606 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1607 CTLTYPE_INT, "mtu", NULL, 1608 NULL, 0, &, 0, 1609 CTL_NET, PF_INET6, IPPROTO_IPV6, 1610 IPV6CTL_DEFMTU, CTL_EOL); 1611 #endif 1612 #ifdef __no_idea__ 1613 sysctl_createv(clog, 0, NULL, NULL, 1614 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1615 CTLTYPE_INT, "forwsrcrt", NULL, 1616 NULL, 0, &?, 0, 1617 CTL_NET, PF_INET6, IPPROTO_IPV6, 1618 IPV6CTL_FORWSRCRT, CTL_EOL); 1619 sysctl_createv(clog, 0, NULL, NULL, 1620 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1621 CTLTYPE_STRUCT, "mrtstats", NULL, 1622 NULL, 0, &?, sizeof(?), 1623 CTL_NET, PF_INET6, IPPROTO_IPV6, 1624 IPV6CTL_MRTSTATS, CTL_EOL); 1625 sysctl_createv(clog, 0, NULL, NULL, 1626 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1627 CTLTYPE_?, "mrtproto", NULL, 1628 NULL, 0, &?, sizeof(?), 1629 CTL_NET, PF_INET6, IPPROTO_IPV6, 1630 IPV6CTL_MRTPROTO, CTL_EOL); 1631 #endif 1632 sysctl_createv(clog, 0, NULL, NULL, 1633 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1634 CTLTYPE_INT, "maxfragpackets", 1635 SYSCTL_DESCR("Maximum number of fragments to buffer " 1636 "for reassembly"), 1637 NULL, 0, &ip6_maxfragpackets, 0, 1638 CTL_NET, PF_INET6, IPPROTO_IPV6, 1639 IPV6CTL_MAXFRAGPACKETS, CTL_EOL); 1640 #ifdef __no_idea__ 1641 sysctl_createv(clog, 0, NULL, NULL, 1642 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1643 CTLTYPE_INT, "sourcecheck", NULL, 1644 NULL, 0, &?, 0, 1645 CTL_NET, PF_INET6, IPPROTO_IPV6, 1646 IPV6CTL_SOURCECHECK, CTL_EOL); 1647 sysctl_createv(clog, 0, NULL, NULL, 1648 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1649 CTLTYPE_INT, "sourcecheck_logint", NULL, 1650 NULL, 0, &?, 0, 1651 CTL_NET, PF_INET6, IPPROTO_IPV6, 1652 IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL); 1653 #endif 1654 sysctl_createv(clog, 0, NULL, NULL, 1655 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1656 CTLTYPE_INT, "accept_rtadv", 1657 SYSCTL_DESCR("Accept router advertisements"), 1658 NULL, 0, &ip6_accept_rtadv, 0, 1659 CTL_NET, PF_INET6, IPPROTO_IPV6, 1660 IPV6CTL_ACCEPT_RTADV, CTL_EOL); 1661 sysctl_createv(clog, 0, NULL, NULL, 1662 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1663 CTLTYPE_INT, "keepfaith", 1664 SYSCTL_DESCR("Activate faith interface"), 1665 NULL, 0, &ip6_keepfaith, 0, 1666 CTL_NET, PF_INET6, IPPROTO_IPV6, 1667 IPV6CTL_KEEPFAITH, CTL_EOL); 1668 sysctl_createv(clog, 0, NULL, NULL, 1669 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1670 CTLTYPE_INT, "log_interval", 1671 SYSCTL_DESCR("Minumum interval between logging " 1672 "unroutable packets"), 1673 NULL, 0, &ip6_log_interval, 0, 1674 CTL_NET, PF_INET6, IPPROTO_IPV6, 1675 IPV6CTL_LOG_INTERVAL, CTL_EOL); 1676 sysctl_createv(clog, 0, NULL, NULL, 1677 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1678 CTLTYPE_INT, "hdrnestlimit", 1679 SYSCTL_DESCR("Maximum number of nested IPv6 headers"), 1680 NULL, 0, &ip6_hdrnestlimit, 0, 1681 CTL_NET, PF_INET6, IPPROTO_IPV6, 1682 IPV6CTL_HDRNESTLIMIT, CTL_EOL); 1683 sysctl_createv(clog, 0, NULL, NULL, 1684 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1685 CTLTYPE_INT, "dad_count", 1686 SYSCTL_DESCR("Number of Duplicate Address Detection " 1687 "probes to send"), 1688 NULL, 0, &ip6_dad_count, 0, 1689 CTL_NET, PF_INET6, IPPROTO_IPV6, 1690 IPV6CTL_DAD_COUNT, CTL_EOL); 1691 sysctl_createv(clog, 0, NULL, NULL, 1692 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1693 CTLTYPE_INT, "auto_flowlabel", 1694 SYSCTL_DESCR("Assign random IPv6 flow labels"), 1695 NULL, 0, &ip6_auto_flowlabel, 0, 1696 CTL_NET, PF_INET6, IPPROTO_IPV6, 1697 IPV6CTL_AUTO_FLOWLABEL, CTL_EOL); 1698 sysctl_createv(clog, 0, NULL, NULL, 1699 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1700 CTLTYPE_INT, "defmcasthlim", 1701 SYSCTL_DESCR("Default multicast hop limit"), 1702 NULL, 0, &ip6_defmcasthlim, 0, 1703 CTL_NET, PF_INET6, IPPROTO_IPV6, 1704 IPV6CTL_DEFMCASTHLIM, CTL_EOL); 1705 #if NGIF > 0 1706 sysctl_createv(clog, 0, NULL, NULL, 1707 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1708 CTLTYPE_INT, "gifhlim", 1709 SYSCTL_DESCR("Default hop limit for a gif tunnel datagram"), 1710 NULL, 0, &ip6_gif_hlim, 0, 1711 CTL_NET, PF_INET6, IPPROTO_IPV6, 1712 IPV6CTL_GIF_HLIM, CTL_EOL); 1713 #endif /* NGIF */ 1714 sysctl_createv(clog, 0, NULL, NULL, 1715 CTLFLAG_PERMANENT, 1716 CTLTYPE_STRING, "kame_version", 1717 SYSCTL_DESCR("KAME Version"), 1718 NULL, 0, __UNCONST(__KAME_VERSION), 0, 1719 CTL_NET, PF_INET6, IPPROTO_IPV6, 1720 IPV6CTL_KAME_VERSION, CTL_EOL); 1721 sysctl_createv(clog, 0, NULL, NULL, 1722 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1723 CTLTYPE_INT, "use_deprecated", 1724 SYSCTL_DESCR("Allow use of deprecated addresses as " 1725 "source addresses"), 1726 NULL, 0, &ip6_use_deprecated, 0, 1727 CTL_NET, PF_INET6, IPPROTO_IPV6, 1728 IPV6CTL_USE_DEPRECATED, CTL_EOL); 1729 sysctl_createv(clog, 0, NULL, NULL, 1730 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1731 CTLTYPE_INT, "rr_prune", NULL, 1732 NULL, 0, &ip6_rr_prune, 0, 1733 CTL_NET, PF_INET6, IPPROTO_IPV6, 1734 IPV6CTL_RR_PRUNE, CTL_EOL); 1735 sysctl_createv(clog, 0, NULL, NULL, 1736 CTLFLAG_PERMANENT 1737 #ifndef INET6_BINDV6ONLY 1738 |CTLFLAG_READWRITE, 1739 #endif 1740 CTLTYPE_INT, "v6only", 1741 SYSCTL_DESCR("Disallow PF_INET6 sockets from connecting " 1742 "to PF_INET sockets"), 1743 NULL, 0, &ip6_v6only, 0, 1744 CTL_NET, PF_INET6, IPPROTO_IPV6, 1745 IPV6CTL_V6ONLY, CTL_EOL); 1746 sysctl_createv(clog, 0, NULL, NULL, 1747 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1748 CTLTYPE_INT, "anonportmin", 1749 SYSCTL_DESCR("Lowest ephemeral port number to assign"), 1750 sysctl_net_inet_ip_ports, 0, &ip6_anonportmin, 0, 1751 CTL_NET, PF_INET6, IPPROTO_IPV6, 1752 IPV6CTL_ANONPORTMIN, CTL_EOL); 1753 sysctl_createv(clog, 0, NULL, NULL, 1754 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1755 CTLTYPE_INT, "anonportmax", 1756 SYSCTL_DESCR("Highest ephemeral port number to assign"), 1757 sysctl_net_inet_ip_ports, 0, &ip6_anonportmax, 0, 1758 CTL_NET, PF_INET6, IPPROTO_IPV6, 1759 IPV6CTL_ANONPORTMAX, CTL_EOL); 1760 #ifndef IPNOPRIVPORTS 1761 sysctl_createv(clog, 0, NULL, NULL, 1762 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1763 CTLTYPE_INT, "lowportmin", 1764 SYSCTL_DESCR("Lowest privileged ephemeral port number " 1765 "to assign"), 1766 sysctl_net_inet_ip_ports, 0, &ip6_lowportmin, 0, 1767 CTL_NET, PF_INET6, IPPROTO_IPV6, 1768 IPV6CTL_LOWPORTMIN, CTL_EOL); 1769 sysctl_createv(clog, 0, NULL, NULL, 1770 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1771 CTLTYPE_INT, "lowportmax", 1772 SYSCTL_DESCR("Highest privileged ephemeral port number " 1773 "to assign"), 1774 sysctl_net_inet_ip_ports, 0, &ip6_lowportmax, 0, 1775 CTL_NET, PF_INET6, IPPROTO_IPV6, 1776 IPV6CTL_LOWPORTMAX, CTL_EOL); 1777 #endif /* IPNOPRIVPORTS */ 1778 sysctl_createv(clog, 0, NULL, NULL, 1779 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1780 CTLTYPE_INT, "use_tempaddr", 1781 SYSCTL_DESCR("Use temporary address"), 1782 NULL, 0, &ip6_use_tempaddr, 0, 1783 CTL_NET, PF_INET6, IPPROTO_IPV6, 1784 CTL_CREATE, CTL_EOL); 1785 sysctl_createv(clog, 0, NULL, NULL, 1786 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1787 CTLTYPE_INT, "temppltime", 1788 SYSCTL_DESCR("preferred lifetime of a temporary address"), 1789 NULL, 0, &ip6_temp_preferred_lifetime, 0, 1790 CTL_NET, PF_INET6, IPPROTO_IPV6, 1791 CTL_CREATE, CTL_EOL); 1792 sysctl_createv(clog, 0, NULL, NULL, 1793 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1794 CTLTYPE_INT, "tempvltime", 1795 SYSCTL_DESCR("valid lifetime of a temporary address"), 1796 NULL, 0, &ip6_temp_valid_lifetime, 0, 1797 CTL_NET, PF_INET6, IPPROTO_IPV6, 1798 CTL_CREATE, CTL_EOL); 1799 sysctl_createv(clog, 0, NULL, NULL, 1800 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1801 CTLTYPE_INT, "maxfrags", 1802 SYSCTL_DESCR("Maximum fragments in reassembly queue"), 1803 NULL, 0, &ip6_maxfrags, 0, 1804 CTL_NET, PF_INET6, IPPROTO_IPV6, 1805 IPV6CTL_MAXFRAGS, CTL_EOL); 1806 sysctl_createv(clog, 0, NULL, NULL, 1807 CTLFLAG_PERMANENT, 1808 CTLTYPE_STRUCT, "stats", 1809 SYSCTL_DESCR("IPv6 statistics"), 1810 NULL, 0, &ip6stat, sizeof(ip6stat), 1811 CTL_NET, PF_INET6, IPPROTO_IPV6, 1812 IPV6CTL_STATS, CTL_EOL); 1813 sysctl_createv(clog, 0, NULL, NULL, 1814 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1815 CTLTYPE_INT, "use_defaultzone", 1816 SYSCTL_DESCR("Whether to use the default scope zones"), 1817 NULL, 0, &ip6_use_defzone, 0, 1818 CTL_NET, PF_INET6, IPPROTO_IPV6, 1819 IPV6CTL_USE_DEFAULTZONE, CTL_EOL); 1820 sysctl_createv(clog, 0, NULL, NULL, 1821 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1822 CTLTYPE_INT, "mcast_pmtu", 1823 SYSCTL_DESCR("Enable pMTU discovery for multicast packet"), 1824 NULL, 0, &ip6_mcast_pmtu, 0, 1825 CTL_NET, PF_INET6, IPPROTO_IPV6, 1826 CTL_CREATE, CTL_EOL); 1827 } 1828