1 /* $NetBSD: ip6_input.c,v 1.141 2012/11/29 02:07:20 christos Exp $ */ 2 /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1988, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.141 2012/11/29 02:07:20 christos Exp $"); 66 67 #include "opt_gateway.h" 68 #include "opt_inet.h" 69 #include "opt_inet6.h" 70 #include "opt_ipsec.h" 71 #include "opt_pfil_hooks.h" 72 #include "opt_compat_netbsd.h" 73 74 #include <sys/param.h> 75 #include <sys/systm.h> 76 #include <sys/malloc.h> 77 #include <sys/mbuf.h> 78 #include <sys/domain.h> 79 #include <sys/protosw.h> 80 #include <sys/socket.h> 81 #include <sys/socketvar.h> 82 #include <sys/errno.h> 83 #include <sys/time.h> 84 #include <sys/kernel.h> 85 #include <sys/syslog.h> 86 #include <sys/proc.h> 87 #include <sys/sysctl.h> 88 #include <sys/cprng.h> 89 90 #include <net/if.h> 91 #include <net/if_types.h> 92 #include <net/if_dl.h> 93 #include <net/route.h> 94 #include <net/netisr.h> 95 #ifdef PFIL_HOOKS 96 #include <net/pfil.h> 97 #endif 98 99 #include <netinet/in.h> 100 #include <netinet/in_systm.h> 101 #ifdef INET 102 #include <netinet/ip.h> 103 #include <netinet/ip_icmp.h> 104 #endif /* INET */ 105 #include <netinet/ip6.h> 106 #include <netinet/portalgo.h> 107 #include <netinet6/in6_var.h> 108 #include <netinet6/ip6_var.h> 109 #include <netinet6/ip6_private.h> 110 #include <netinet6/in6_pcb.h> 111 #include <netinet/icmp6.h> 112 #include <netinet6/scope6_var.h> 113 #include <netinet6/in6_ifattach.h> 114 #include <netinet6/nd6.h> 115 116 #ifdef FAST_IPSEC 117 #include <netipsec/ipsec.h> 118 #include <netipsec/ipsec6.h> 119 #include <netipsec/key.h> 120 #endif /* FAST_IPSEC */ 121 122 #ifdef COMPAT_50 123 #include <compat/sys/time.h> 124 #include <compat/sys/socket.h> 125 #endif 126 127 #include <netinet6/ip6protosw.h> 128 129 #include "faith.h" 130 #include "gif.h" 131 132 #if NGIF > 0 133 #include <netinet6/in6_gif.h> 134 #endif 135 136 #include <net/net_osdep.h> 137 138 extern struct domain inet6domain; 139 140 u_char ip6_protox[IPPROTO_MAX]; 141 static int ip6qmaxlen = IFQ_MAXLEN; 142 struct in6_ifaddr *in6_ifaddr; 143 struct ifqueue ip6intrq; 144 145 extern callout_t in6_tmpaddrtimer_ch; 146 147 int ip6_forward_srcrt; /* XXX */ 148 int ip6_sourcecheck; /* XXX */ 149 int ip6_sourcecheck_interval; /* XXX */ 150 151 #ifdef PFIL_HOOKS 152 struct pfil_head inet6_pfil_hook; 153 #endif 154 155 percpu_t *ip6stat_percpu; 156 157 static void ip6_init2(void *); 158 static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); 159 160 static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, 161 u_int32_t *); 162 static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); 163 static void sysctl_net_inet6_ip6_setup(struct sysctllog **); 164 165 /* 166 * IP6 initialization: fill in IP6 protocol switch table. 167 * All protocols not implemented in kernel go to raw IP6 protocol handler. 168 */ 169 void 170 ip6_init(void) 171 { 172 const struct ip6protosw *pr; 173 int i; 174 175 sysctl_net_inet6_ip6_setup(NULL); 176 pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); 177 if (pr == 0) 178 panic("ip6_init"); 179 for (i = 0; i < IPPROTO_MAX; i++) 180 ip6_protox[i] = pr - inet6sw; 181 for (pr = (const struct ip6protosw *)inet6domain.dom_protosw; 182 pr < (const struct ip6protosw *)inet6domain.dom_protoswNPROTOSW; pr++) 183 if (pr->pr_domain->dom_family == PF_INET6 && 184 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) 185 ip6_protox[pr->pr_protocol] = pr - inet6sw; 186 ip6intrq.ifq_maxlen = ip6qmaxlen; 187 scope6_init(); 188 addrsel_policy_init(); 189 nd6_init(); 190 frag6_init(); 191 ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; 192 193 ip6_init2(NULL); 194 #ifdef GATEWAY 195 ip6flow_init(ip6_hashsize); 196 #endif 197 198 #ifdef PFIL_HOOKS 199 /* Register our Packet Filter hook. */ 200 inet6_pfil_hook.ph_type = PFIL_TYPE_AF; 201 inet6_pfil_hook.ph_af = AF_INET6; 202 i = pfil_head_register(&inet6_pfil_hook); 203 if (i != 0) 204 printf("ip6_init: WARNING: unable to register pfil hook, " 205 "error %d\n", i); 206 #endif /* PFIL_HOOKS */ 207 208 ip6stat_percpu = percpu_alloc(sizeof(uint64_t) * IP6_NSTATS); 209 } 210 211 static void 212 ip6_init2(void *dummy) 213 { 214 215 /* nd6_timer_init */ 216 callout_init(&nd6_timer_ch, CALLOUT_MPSAFE); 217 callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL); 218 219 /* timer for regeneranation of temporary addresses randomize ID */ 220 callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); 221 callout_reset(&in6_tmpaddrtimer_ch, 222 (ip6_temp_preferred_lifetime - ip6_desync_factor - 223 ip6_temp_regen_advance) * hz, 224 in6_tmpaddrtimer, NULL); 225 } 226 227 /* 228 * IP6 input interrupt handling. Just pass the packet to ip6_input. 229 */ 230 void 231 ip6intr(void) 232 { 233 int s; 234 struct mbuf *m; 235 236 mutex_enter(softnet_lock); 237 KERNEL_LOCK(1, NULL); 238 for (;;) { 239 s = splnet(); 240 IF_DEQUEUE(&ip6intrq, m); 241 splx(s); 242 if (m == 0) 243 break; 244 /* drop the packet if IPv6 operation is disabled on the IF */ 245 if ((ND_IFINFO(m->m_pkthdr.rcvif)->flags & ND6_IFF_IFDISABLED)) { 246 m_freem(m); 247 break; 248 } 249 ip6_input(m); 250 } 251 KERNEL_UNLOCK_ONE(NULL); 252 mutex_exit(softnet_lock); 253 } 254 255 extern struct route ip6_forward_rt; 256 257 void 258 ip6_input(struct mbuf *m) 259 { 260 struct ip6_hdr *ip6; 261 int hit, off = sizeof(struct ip6_hdr), nest; 262 u_int32_t plen; 263 u_int32_t rtalert = ~0; 264 int nxt, ours = 0, rh_present = 0; 265 struct ifnet *deliverifp = NULL; 266 int srcrt = 0; 267 const struct rtentry *rt; 268 union { 269 struct sockaddr dst; 270 struct sockaddr_in6 dst6; 271 } u; 272 #ifdef FAST_IPSEC 273 struct m_tag *mtag; 274 struct tdb_ident *tdbi; 275 struct secpolicy *sp; 276 int s, error; 277 #endif 278 279 /* 280 * make sure we don't have onion peering information into m_tag. 281 */ 282 ip6_delaux(m); 283 284 /* 285 * mbuf statistics 286 */ 287 if (m->m_flags & M_EXT) { 288 if (m->m_next) 289 IP6_STATINC(IP6_STAT_MEXT2M); 290 else 291 IP6_STATINC(IP6_STAT_MEXT1); 292 } else { 293 #define M2MMAX 32 294 if (m->m_next) { 295 if (m->m_flags & M_LOOP) { 296 /*XXX*/ IP6_STATINC(IP6_STAT_M2M + lo0ifp->if_index); 297 } else if (m->m_pkthdr.rcvif->if_index < M2MMAX) { 298 IP6_STATINC(IP6_STAT_M2M + 299 m->m_pkthdr.rcvif->if_index); 300 } else 301 IP6_STATINC(IP6_STAT_M2M); 302 } else 303 IP6_STATINC(IP6_STAT_M1); 304 #undef M2MMAX 305 } 306 307 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive); 308 IP6_STATINC(IP6_STAT_TOTAL); 309 310 /* 311 * If the IPv6 header is not aligned, slurp it up into a new 312 * mbuf with space for link headers, in the event we forward 313 * it. Otherwise, if it is aligned, make sure the entire base 314 * IPv6 header is in the first mbuf of the chain. 315 */ 316 if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { 317 struct ifnet *inifp = m->m_pkthdr.rcvif; 318 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 319 (max_linkhdr + 3) & ~3)) == NULL) { 320 /* XXXJRT new stat, please */ 321 IP6_STATINC(IP6_STAT_TOOSMALL); 322 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 323 return; 324 } 325 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 326 struct ifnet *inifp = m->m_pkthdr.rcvif; 327 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 328 IP6_STATINC(IP6_STAT_TOOSMALL); 329 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 330 return; 331 } 332 } 333 334 ip6 = mtod(m, struct ip6_hdr *); 335 336 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 337 IP6_STATINC(IP6_STAT_BADVERS); 338 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 339 goto bad; 340 } 341 342 /* 343 * Assume that we can create a fast-forward IP flow entry 344 * based on this packet. 345 */ 346 m->m_flags |= M_CANFASTFWD; 347 348 #ifdef PFIL_HOOKS 349 /* 350 * Run through list of hooks for input packets. If there are any 351 * filters which require that additional packets in the flow are 352 * not fast-forwarded, they must clear the M_CANFASTFWD flag. 353 * Note that filters must _never_ set this flag, as another filter 354 * in the list may have previously cleared it. 355 */ 356 /* 357 * let ipfilter look at packet on the wire, 358 * not the decapsulated packet. 359 */ 360 #if defined(FAST_IPSEC) 361 if (!ipsec_indone(m)) 362 #else 363 if (1) 364 #endif 365 { 366 struct in6_addr odst; 367 368 odst = ip6->ip6_dst; 369 if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, 370 PFIL_IN) != 0) 371 return; 372 if (m == NULL) 373 return; 374 ip6 = mtod(m, struct ip6_hdr *); 375 srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); 376 } 377 #endif /* PFIL_HOOKS */ 378 379 IP6_STATINC(IP6_STAT_NXTHIST + ip6->ip6_nxt); 380 381 #ifdef ALTQ 382 if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) { 383 /* packet is dropped by traffic conditioner */ 384 return; 385 } 386 #endif 387 388 /* 389 * Check against address spoofing/corruption. 390 */ 391 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || 392 IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { 393 /* 394 * XXX: "badscope" is not very suitable for a multicast source. 395 */ 396 IP6_STATINC(IP6_STAT_BADSCOPE); 397 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 398 goto bad; 399 } 400 /* 401 * The following check is not documented in specs. A malicious 402 * party may be able to use IPv4 mapped addr to confuse tcp/udp stack 403 * and bypass security checks (act as if it was from 127.0.0.1 by using 404 * IPv6 src ::ffff:127.0.0.1). Be cautious. 405 * 406 * This check chokes if we are in an SIIT cloud. As none of BSDs 407 * support IPv4-less kernel compilation, we cannot support SIIT 408 * environment at all. So, it makes more sense for us to reject any 409 * malicious packets for non-SIIT environment, than try to do a 410 * partial support for SIIT environment. 411 */ 412 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 413 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 414 IP6_STATINC(IP6_STAT_BADSCOPE); 415 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 416 goto bad; 417 } 418 #if 0 419 /* 420 * Reject packets with IPv4 compatible addresses (auto tunnel). 421 * 422 * The code forbids auto tunnel relay case in RFC1933 (the check is 423 * stronger than RFC1933). We may want to re-enable it if mech-xx 424 * is revised to forbid relaying case. 425 */ 426 if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || 427 IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { 428 IP6_STATINC(IP6_STAT_BADSCOPE); 429 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 430 goto bad; 431 } 432 #endif 433 434 /* 435 * Disambiguate address scope zones (if there is ambiguity). 436 * We first make sure that the original source or destination address 437 * is not in our internal form for scoped addresses. Such addresses 438 * are not necessarily invalid spec-wise, but we cannot accept them due 439 * to the usage conflict. 440 * in6_setscope() then also checks and rejects the cases where src or 441 * dst are the loopback address and the receiving interface 442 * is not loopback. 443 */ 444 if (__predict_false( 445 m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) 446 goto bad; 447 ip6 = mtod(m, struct ip6_hdr *); 448 if (in6_clearscope(&ip6->ip6_src) || in6_clearscope(&ip6->ip6_dst)) { 449 IP6_STATINC(IP6_STAT_BADSCOPE); /* XXX */ 450 goto bad; 451 } 452 if (in6_setscope(&ip6->ip6_src, m->m_pkthdr.rcvif, NULL) || 453 in6_setscope(&ip6->ip6_dst, m->m_pkthdr.rcvif, NULL)) { 454 IP6_STATINC(IP6_STAT_BADSCOPE); 455 goto bad; 456 } 457 458 /* 459 * Multicast check 460 */ 461 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 462 struct in6_multi *in6m = 0; 463 464 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mcast); 465 /* 466 * See if we belong to the destination multicast group on the 467 * arrival interface. 468 */ 469 IN6_LOOKUP_MULTI(ip6->ip6_dst, m->m_pkthdr.rcvif, in6m); 470 if (in6m) 471 ours = 1; 472 else if (!ip6_mrouter) { 473 uint64_t *ip6s = IP6_STAT_GETREF(); 474 ip6s[IP6_STAT_NOTMEMBER]++; 475 ip6s[IP6_STAT_CANTFORWARD]++; 476 IP6_STAT_PUTREF(); 477 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 478 goto bad; 479 } 480 deliverifp = m->m_pkthdr.rcvif; 481 goto hbhcheck; 482 } 483 484 sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); 485 486 /* 487 * Unicast check 488 */ 489 rt = rtcache_lookup2(&ip6_forward_rt, &u.dst, 1, &hit); 490 if (hit) 491 IP6_STATINC(IP6_STAT_FORWARD_CACHEHIT); 492 else 493 IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); 494 495 #define rt6_getkey(__rt) satocsin6(rt_getkey(__rt)) 496 497 /* 498 * Accept the packet if the forwarding interface to the destination 499 * according to the routing table is the loopback interface, 500 * unless the associated route has a gateway. 501 * Note that this approach causes to accept a packet if there is a 502 * route to the loopback interface for the destination of the packet. 503 * But we think it's even useful in some situations, e.g. when using 504 * a special daemon which wants to intercept the packet. 505 */ 506 if (rt != NULL && 507 (rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && 508 !(rt->rt_flags & RTF_CLONED) && 509 #if 0 510 /* 511 * The check below is redundant since the comparison of 512 * the destination and the key of the rtentry has 513 * already done through looking up the routing table. 514 */ 515 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) && 516 #endif 517 rt->rt_ifp->if_type == IFT_LOOP) { 518 struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; 519 if (ia6->ia6_flags & IN6_IFF_ANYCAST) 520 m->m_flags |= M_ANYCAST6; 521 /* 522 * packets to a tentative, duplicated, or somehow invalid 523 * address must not be accepted. 524 */ 525 if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) { 526 /* this address is ready */ 527 ours = 1; 528 deliverifp = ia6->ia_ifp; /* correct? */ 529 goto hbhcheck; 530 } else { 531 /* address is not ready, so discard the packet. */ 532 nd6log((LOG_INFO, 533 "ip6_input: packet to an unready address %s->%s\n", 534 ip6_sprintf(&ip6->ip6_src), 535 ip6_sprintf(&ip6->ip6_dst))); 536 537 goto bad; 538 } 539 } 540 541 /* 542 * FAITH (Firewall Aided Internet Translator) 543 */ 544 #if defined(NFAITH) && 0 < NFAITH 545 if (ip6_keepfaith) { 546 if (rt != NULL && rt->rt_ifp != NULL && 547 rt->rt_ifp->if_type == IFT_FAITH) { 548 /* XXX do we need more sanity checks? */ 549 ours = 1; 550 deliverifp = rt->rt_ifp; /* faith */ 551 goto hbhcheck; 552 } 553 } 554 #endif 555 556 #if 0 557 { 558 /* 559 * Last resort: check in6_ifaddr for incoming interface. 560 * The code is here until I update the "goto ours hack" code above 561 * working right. 562 */ 563 struct ifaddr *ifa; 564 IFADDR_FOREACH(ifa, m->m_pkthdr.rcvif) { 565 if (ifa->ifa_addr == NULL) 566 continue; /* just for safety */ 567 if (ifa->ifa_addr->sa_family != AF_INET6) 568 continue; 569 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { 570 ours = 1; 571 deliverifp = ifa->ifa_ifp; 572 goto hbhcheck; 573 } 574 } 575 } 576 #endif 577 578 /* 579 * Now there is no reason to process the packet if it's not our own 580 * and we're not a router. 581 */ 582 if (!ip6_forwarding) { 583 IP6_STATINC(IP6_STAT_CANTFORWARD); 584 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 585 goto bad; 586 } 587 588 hbhcheck: 589 /* 590 * record address information into m_tag, if we don't have one yet. 591 * note that we are unable to record it, if the address is not listed 592 * as our interface address (e.g. multicast addresses, addresses 593 * within FAITH prefixes and such). 594 */ 595 if (deliverifp && ip6_getdstifaddr(m) == NULL) { 596 struct in6_ifaddr *ia6; 597 598 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 599 if (ia6 != NULL && ip6_setdstifaddr(m, ia6) == NULL) { 600 /* 601 * XXX maybe we should drop the packet here, 602 * as we could not provide enough information 603 * to the upper layers. 604 */ 605 } 606 } 607 608 /* 609 * Process Hop-by-Hop options header if it's contained. 610 * m may be modified in ip6_hopopts_input(). 611 * If a JumboPayload option is included, plen will also be modified. 612 */ 613 plen = (u_int32_t)ntohs(ip6->ip6_plen); 614 if (ip6->ip6_nxt == IPPROTO_HOPOPTS) { 615 struct ip6_hbh *hbh; 616 617 if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { 618 #if 0 /*touches NULL pointer*/ 619 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 620 #endif 621 return; /* m have already been freed */ 622 } 623 624 /* adjust pointer */ 625 ip6 = mtod(m, struct ip6_hdr *); 626 627 /* 628 * if the payload length field is 0 and the next header field 629 * indicates Hop-by-Hop Options header, then a Jumbo Payload 630 * option MUST be included. 631 */ 632 if (ip6->ip6_plen == 0 && plen == 0) { 633 /* 634 * Note that if a valid jumbo payload option is 635 * contained, ip6_hopopts_input() must set a valid 636 * (non-zero) payload length to the variable plen. 637 */ 638 IP6_STATINC(IP6_STAT_BADOPTIONS); 639 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 640 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 641 icmp6_error(m, ICMP6_PARAM_PROB, 642 ICMP6_PARAMPROB_HEADER, 643 (char *)&ip6->ip6_plen - (char *)ip6); 644 return; 645 } 646 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), 647 sizeof(struct ip6_hbh)); 648 if (hbh == NULL) { 649 IP6_STATINC(IP6_STAT_TOOSHORT); 650 return; 651 } 652 KASSERT(IP6_HDR_ALIGNED_P(hbh)); 653 nxt = hbh->ip6h_nxt; 654 655 /* 656 * accept the packet if a router alert option is included 657 * and we act as an IPv6 router. 658 */ 659 if (rtalert != ~0 && ip6_forwarding) 660 ours = 1; 661 } else 662 nxt = ip6->ip6_nxt; 663 664 /* 665 * Check that the amount of data in the buffers 666 * is as at least much as the IPv6 header would have us expect. 667 * Trim mbufs if longer than we expect. 668 * Drop packet if shorter than we expect. 669 */ 670 if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { 671 IP6_STATINC(IP6_STAT_TOOSHORT); 672 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); 673 goto bad; 674 } 675 if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) { 676 if (m->m_len == m->m_pkthdr.len) { 677 m->m_len = sizeof(struct ip6_hdr) + plen; 678 m->m_pkthdr.len = sizeof(struct ip6_hdr) + plen; 679 } else 680 m_adj(m, sizeof(struct ip6_hdr) + plen - m->m_pkthdr.len); 681 } 682 683 /* 684 * Forward if desirable. 685 */ 686 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 687 /* 688 * If we are acting as a multicast router, all 689 * incoming multicast packets are passed to the 690 * kernel-level multicast forwarding function. 691 * The packet is returned (relatively) intact; if 692 * ip6_mforward() returns a non-zero value, the packet 693 * must be discarded, else it may be accepted below. 694 */ 695 if (ip6_mrouter && ip6_mforward(ip6, m->m_pkthdr.rcvif, m)) { 696 IP6_STATINC(IP6_STAT_CANTFORWARD); 697 m_freem(m); 698 return; 699 } 700 if (!ours) { 701 m_freem(m); 702 return; 703 } 704 } else if (!ours) { 705 ip6_forward(m, srcrt); 706 return; 707 } 708 709 ip6 = mtod(m, struct ip6_hdr *); 710 711 /* 712 * Malicious party may be able to use IPv4 mapped addr to confuse 713 * tcp/udp stack and bypass security checks (act as if it was from 714 * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. 715 * 716 * For SIIT end node behavior, you may want to disable the check. 717 * However, you will become vulnerable to attacks using IPv4 mapped 718 * source. 719 */ 720 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 721 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 722 IP6_STATINC(IP6_STAT_BADSCOPE); 723 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 724 goto bad; 725 } 726 727 /* 728 * Tell launch routine the next header 729 */ 730 #ifdef IFA_STATS 731 if (deliverifp != NULL) { 732 struct in6_ifaddr *ia6; 733 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 734 if (ia6) 735 ia6->ia_ifa.ifa_data.ifad_inbytes += m->m_pkthdr.len; 736 } 737 #endif 738 IP6_STATINC(IP6_STAT_DELIVERED); 739 in6_ifstat_inc(deliverifp, ifs6_in_deliver); 740 nest = 0; 741 742 rh_present = 0; 743 while (nxt != IPPROTO_DONE) { 744 if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { 745 IP6_STATINC(IP6_STAT_TOOMANYHDR); 746 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 747 goto bad; 748 } 749 750 /* 751 * protection against faulty packet - there should be 752 * more sanity checks in header chain processing. 753 */ 754 if (m->m_pkthdr.len < off) { 755 IP6_STATINC(IP6_STAT_TOOSHORT); 756 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); 757 goto bad; 758 } 759 760 if (nxt == IPPROTO_ROUTING) { 761 if (rh_present++) { 762 in6_ifstat_inc(m->m_pkthdr.rcvif, 763 ifs6_in_hdrerr); 764 IP6_STATINC(IP6_STAT_BADOPTIONS); 765 goto bad; 766 } 767 } 768 769 #ifdef FAST_IPSEC 770 /* 771 * enforce IPsec policy checking if we are seeing last header. 772 * note that we do not visit this with protocols with pcb layer 773 * code - like udp/tcp/raw ip. 774 */ 775 if ((inet6sw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0) { 776 /* 777 * Check if the packet has already had IPsec processing 778 * done. If so, then just pass it along. This tag gets 779 * set during AH, ESP, etc. input handling, before the 780 * packet is returned to the ip input queue for delivery. 781 */ 782 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 783 s = splsoftnet(); 784 if (mtag != NULL) { 785 tdbi = (struct tdb_ident *)(mtag + 1); 786 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 787 } else { 788 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 789 IP_FORWARDING, &error); 790 } 791 if (sp != NULL) { 792 /* 793 * Check security policy against packet attributes. 794 */ 795 error = ipsec_in_reject(sp, m); 796 KEY_FREESP(&sp); 797 } else { 798 /* XXX error stat??? */ 799 error = EINVAL; 800 DPRINTF(("ip6_input: no SP, packet discarded\n"));/*XXX*/ 801 } 802 splx(s); 803 if (error) 804 goto bad; 805 } 806 #endif /* FAST_IPSEC */ 807 808 809 nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); 810 } 811 return; 812 bad: 813 m_freem(m); 814 } 815 816 /* 817 * set/grab in6_ifaddr correspond to IPv6 destination address. 818 */ 819 static struct m_tag * 820 ip6_setdstifaddr(struct mbuf *m, const struct in6_ifaddr *ia) 821 { 822 struct m_tag *mtag; 823 824 mtag = ip6_addaux(m); 825 if (mtag != NULL) { 826 struct ip6aux *ip6a; 827 828 ip6a = (struct ip6aux *)(mtag + 1); 829 in6_setscope(&ip6a->ip6a_src, ia->ia_ifp, &ip6a->ip6a_scope_id); 830 ip6a->ip6a_src = ia->ia_addr.sin6_addr; 831 ip6a->ip6a_flags = ia->ia6_flags; 832 } 833 return mtag; /* NULL if failed to set */ 834 } 835 836 const struct ip6aux * 837 ip6_getdstifaddr(struct mbuf *m) 838 { 839 struct m_tag *mtag; 840 841 mtag = ip6_findaux(m); 842 if (mtag != NULL) 843 return (struct ip6aux *)(mtag + 1); 844 else 845 return NULL; 846 } 847 848 /* 849 * Hop-by-Hop options header processing. If a valid jumbo payload option is 850 * included, the real payload length will be stored in plenp. 851 * 852 * rtalertp - XXX: should be stored more smart way 853 */ 854 int 855 ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, 856 struct mbuf **mp, int *offp) 857 { 858 struct mbuf *m = *mp; 859 int off = *offp, hbhlen; 860 struct ip6_hbh *hbh; 861 862 /* validation of the length of the header */ 863 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, 864 sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); 865 if (hbh == NULL) { 866 IP6_STATINC(IP6_STAT_TOOSHORT); 867 return -1; 868 } 869 hbhlen = (hbh->ip6h_len + 1) << 3; 870 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), 871 hbhlen); 872 if (hbh == NULL) { 873 IP6_STATINC(IP6_STAT_TOOSHORT); 874 return -1; 875 } 876 KASSERT(IP6_HDR_ALIGNED_P(hbh)); 877 off += hbhlen; 878 hbhlen -= sizeof(struct ip6_hbh); 879 880 if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), 881 hbhlen, rtalertp, plenp) < 0) 882 return (-1); 883 884 *offp = off; 885 *mp = m; 886 return (0); 887 } 888 889 /* 890 * Search header for all Hop-by-hop options and process each option. 891 * This function is separate from ip6_hopopts_input() in order to 892 * handle a case where the sending node itself process its hop-by-hop 893 * options header. In such a case, the function is called from ip6_output(). 894 * 895 * The function assumes that hbh header is located right after the IPv6 header 896 * (RFC2460 p7), opthead is pointer into data content in m, and opthead to 897 * opthead + hbhlen is located in continuous memory region. 898 */ 899 static int 900 ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, 901 u_int32_t *rtalertp, u_int32_t *plenp) 902 { 903 struct ip6_hdr *ip6; 904 int optlen = 0; 905 u_int8_t *opt = opthead; 906 u_int16_t rtalert_val; 907 u_int32_t jumboplen; 908 const int erroff = sizeof(struct ip6_hdr) + sizeof(struct ip6_hbh); 909 910 for (; hbhlen > 0; hbhlen -= optlen, opt += optlen) { 911 switch (*opt) { 912 case IP6OPT_PAD1: 913 optlen = 1; 914 break; 915 case IP6OPT_PADN: 916 if (hbhlen < IP6OPT_MINLEN) { 917 IP6_STATINC(IP6_STAT_TOOSMALL); 918 goto bad; 919 } 920 optlen = *(opt + 1) + 2; 921 break; 922 case IP6OPT_RTALERT: 923 /* XXX may need check for alignment */ 924 if (hbhlen < IP6OPT_RTALERT_LEN) { 925 IP6_STATINC(IP6_STAT_TOOSMALL); 926 goto bad; 927 } 928 if (*(opt + 1) != IP6OPT_RTALERT_LEN - 2) { 929 /* XXX stat */ 930 icmp6_error(m, ICMP6_PARAM_PROB, 931 ICMP6_PARAMPROB_HEADER, 932 erroff + opt + 1 - opthead); 933 return (-1); 934 } 935 optlen = IP6OPT_RTALERT_LEN; 936 memcpy((void *)&rtalert_val, (void *)(opt + 2), 2); 937 *rtalertp = ntohs(rtalert_val); 938 break; 939 case IP6OPT_JUMBO: 940 /* XXX may need check for alignment */ 941 if (hbhlen < IP6OPT_JUMBO_LEN) { 942 IP6_STATINC(IP6_STAT_TOOSMALL); 943 goto bad; 944 } 945 if (*(opt + 1) != IP6OPT_JUMBO_LEN - 2) { 946 /* XXX stat */ 947 icmp6_error(m, ICMP6_PARAM_PROB, 948 ICMP6_PARAMPROB_HEADER, 949 erroff + opt + 1 - opthead); 950 return (-1); 951 } 952 optlen = IP6OPT_JUMBO_LEN; 953 954 /* 955 * IPv6 packets that have non 0 payload length 956 * must not contain a jumbo payload option. 957 */ 958 ip6 = mtod(m, struct ip6_hdr *); 959 if (ip6->ip6_plen) { 960 IP6_STATINC(IP6_STAT_BADOPTIONS); 961 icmp6_error(m, ICMP6_PARAM_PROB, 962 ICMP6_PARAMPROB_HEADER, 963 erroff + opt - opthead); 964 return (-1); 965 } 966 967 /* 968 * We may see jumbolen in unaligned location, so 969 * we'd need to perform bcopy(). 970 */ 971 memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); 972 jumboplen = (u_int32_t)htonl(jumboplen); 973 974 #if 1 975 /* 976 * if there are multiple jumbo payload options, 977 * *plenp will be non-zero and the packet will be 978 * rejected. 979 * the behavior may need some debate in ipngwg - 980 * multiple options does not make sense, however, 981 * there's no explicit mention in specification. 982 */ 983 if (*plenp != 0) { 984 IP6_STATINC(IP6_STAT_BADOPTIONS); 985 icmp6_error(m, ICMP6_PARAM_PROB, 986 ICMP6_PARAMPROB_HEADER, 987 erroff + opt + 2 - opthead); 988 return (-1); 989 } 990 #endif 991 992 /* 993 * jumbo payload length must be larger than 65535. 994 */ 995 if (jumboplen <= IPV6_MAXPACKET) { 996 IP6_STATINC(IP6_STAT_BADOPTIONS); 997 icmp6_error(m, ICMP6_PARAM_PROB, 998 ICMP6_PARAMPROB_HEADER, 999 erroff + opt + 2 - opthead); 1000 return (-1); 1001 } 1002 *plenp = jumboplen; 1003 1004 break; 1005 default: /* unknown option */ 1006 if (hbhlen < IP6OPT_MINLEN) { 1007 IP6_STATINC(IP6_STAT_TOOSMALL); 1008 goto bad; 1009 } 1010 optlen = ip6_unknown_opt(opt, m, 1011 erroff + opt - opthead); 1012 if (optlen == -1) 1013 return (-1); 1014 optlen += 2; 1015 break; 1016 } 1017 } 1018 1019 return (0); 1020 1021 bad: 1022 m_freem(m); 1023 return (-1); 1024 } 1025 1026 /* 1027 * Unknown option processing. 1028 * The third argument `off' is the offset from the IPv6 header to the option, 1029 * which is necessary if the IPv6 header the and option header and IPv6 header 1030 * is not continuous in order to return an ICMPv6 error. 1031 */ 1032 int 1033 ip6_unknown_opt(u_int8_t *optp, struct mbuf *m, int off) 1034 { 1035 struct ip6_hdr *ip6; 1036 1037 switch (IP6OPT_TYPE(*optp)) { 1038 case IP6OPT_TYPE_SKIP: /* ignore the option */ 1039 return ((int)*(optp + 1)); 1040 case IP6OPT_TYPE_DISCARD: /* silently discard */ 1041 m_freem(m); 1042 return (-1); 1043 case IP6OPT_TYPE_FORCEICMP: /* send ICMP even if multicasted */ 1044 IP6_STATINC(IP6_STAT_BADOPTIONS); 1045 icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, off); 1046 return (-1); 1047 case IP6OPT_TYPE_ICMP: /* send ICMP if not multicasted */ 1048 IP6_STATINC(IP6_STAT_BADOPTIONS); 1049 ip6 = mtod(m, struct ip6_hdr *); 1050 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || 1051 (m->m_flags & (M_BCAST|M_MCAST))) 1052 m_freem(m); 1053 else 1054 icmp6_error(m, ICMP6_PARAM_PROB, 1055 ICMP6_PARAMPROB_OPTION, off); 1056 return (-1); 1057 } 1058 1059 m_freem(m); /* XXX: NOTREACHED */ 1060 return (-1); 1061 } 1062 1063 /* 1064 * Create the "control" list for this pcb. 1065 * 1066 * The routine will be called from upper layer handlers like tcp6_input(). 1067 * Thus the routine assumes that the caller (tcp6_input) have already 1068 * called IP6_EXTHDR_CHECK() and all the extension headers are located in the 1069 * very first mbuf on the mbuf chain. 1070 * We may want to add some infinite loop prevention or sanity checks for safety. 1071 * (This applies only when you are using KAME mbuf chain restriction, i.e. 1072 * you are using IP6_EXTHDR_CHECK() not m_pulldown()) 1073 */ 1074 void 1075 ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, 1076 struct ip6_hdr *ip6, struct mbuf *m) 1077 { 1078 #ifdef RFC2292 1079 #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) 1080 #else 1081 #define IS2292(x, y) (y) 1082 #endif 1083 1084 if (in6p->in6p_socket->so_options & SO_TIMESTAMP 1085 #ifdef SO_OTIMESTAMP 1086 || in6p->in6p_socket->so_options & SO_OTIMESTAMP 1087 #endif 1088 ) { 1089 struct timeval tv; 1090 1091 microtime(&tv); 1092 #ifdef SO_OTIMESTAMP 1093 if (in6p->in6p_socket->so_options & SO_OTIMESTAMP) { 1094 struct timeval50 tv50; 1095 timeval_to_timeval50(&tv, &tv50); 1096 *mp = sbcreatecontrol((void *) &tv50, sizeof(tv50), 1097 SCM_OTIMESTAMP, SOL_SOCKET); 1098 } else 1099 #endif 1100 *mp = sbcreatecontrol((void *) &tv, sizeof(tv), 1101 SCM_TIMESTAMP, SOL_SOCKET); 1102 if (*mp) 1103 mp = &(*mp)->m_next; 1104 } 1105 1106 /* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ 1107 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) 1108 return; 1109 1110 /* RFC 2292 sec. 5 */ 1111 if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) { 1112 struct in6_pktinfo pi6; 1113 1114 memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr)); 1115 in6_clearscope(&pi6.ipi6_addr); /* XXX */ 1116 pi6.ipi6_ifindex = m->m_pkthdr.rcvif ? 1117 m->m_pkthdr.rcvif->if_index : 0; 1118 *mp = sbcreatecontrol((void *) &pi6, 1119 sizeof(struct in6_pktinfo), 1120 IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); 1121 if (*mp) 1122 mp = &(*mp)->m_next; 1123 } 1124 1125 if (in6p->in6p_flags & IN6P_HOPLIMIT) { 1126 int hlim = ip6->ip6_hlim & 0xff; 1127 1128 *mp = sbcreatecontrol((void *) &hlim, sizeof(int), 1129 IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); 1130 if (*mp) 1131 mp = &(*mp)->m_next; 1132 } 1133 1134 if ((in6p->in6p_flags & IN6P_TCLASS) != 0) { 1135 u_int32_t flowinfo; 1136 int tclass; 1137 1138 flowinfo = (u_int32_t)ntohl(ip6->ip6_flow & IPV6_FLOWINFO_MASK); 1139 flowinfo >>= 20; 1140 1141 tclass = flowinfo & 0xff; 1142 *mp = sbcreatecontrol((void *)&tclass, sizeof(tclass), 1143 IPV6_TCLASS, IPPROTO_IPV6); 1144 1145 if (*mp) 1146 mp = &(*mp)->m_next; 1147 } 1148 1149 /* 1150 * IPV6_HOPOPTS socket option. Recall that we required super-user 1151 * privilege for the option (see ip6_ctloutput), but it might be too 1152 * strict, since there might be some hop-by-hop options which can be 1153 * returned to normal user. 1154 * See also RFC3542 section 8 (or RFC2292 section 6). 1155 */ 1156 if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) { 1157 /* 1158 * Check if a hop-by-hop options header is contatined in the 1159 * received packet, and if so, store the options as ancillary 1160 * data. Note that a hop-by-hop options header must be 1161 * just after the IPv6 header, which fact is assured through 1162 * the IPv6 input processing. 1163 */ 1164 struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *); 1165 if (xip6->ip6_nxt == IPPROTO_HOPOPTS) { 1166 struct ip6_hbh *hbh; 1167 int hbhlen; 1168 struct mbuf *ext; 1169 1170 ext = ip6_pullexthdr(m, sizeof(struct ip6_hdr), 1171 xip6->ip6_nxt); 1172 if (ext == NULL) { 1173 IP6_STATINC(IP6_STAT_TOOSHORT); 1174 return; 1175 } 1176 hbh = mtod(ext, struct ip6_hbh *); 1177 hbhlen = (hbh->ip6h_len + 1) << 3; 1178 if (hbhlen != ext->m_len) { 1179 m_freem(ext); 1180 IP6_STATINC(IP6_STAT_TOOSHORT); 1181 return; 1182 } 1183 1184 /* 1185 * XXX: We copy whole the header even if a jumbo 1186 * payload option is included, which option is to 1187 * be removed before returning in the RFC 2292. 1188 * Note: this constraint is removed in RFC3542. 1189 */ 1190 *mp = sbcreatecontrol((void *)hbh, hbhlen, 1191 IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), 1192 IPPROTO_IPV6); 1193 if (*mp) 1194 mp = &(*mp)->m_next; 1195 m_freem(ext); 1196 } 1197 } 1198 1199 /* IPV6_DSTOPTS and IPV6_RTHDR socket options */ 1200 if (in6p->in6p_flags & (IN6P_DSTOPTS | IN6P_RTHDR)) { 1201 struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *); 1202 int nxt = xip6->ip6_nxt, off = sizeof(struct ip6_hdr); 1203 1204 /* 1205 * Search for destination options headers or routing 1206 * header(s) through the header chain, and stores each 1207 * header as ancillary data. 1208 * Note that the order of the headers remains in 1209 * the chain of ancillary data. 1210 */ 1211 for (;;) { /* is explicit loop prevention necessary? */ 1212 struct ip6_ext *ip6e = NULL; 1213 int elen; 1214 struct mbuf *ext = NULL; 1215 1216 /* 1217 * if it is not an extension header, don't try to 1218 * pull it from the chain. 1219 */ 1220 switch (nxt) { 1221 case IPPROTO_DSTOPTS: 1222 case IPPROTO_ROUTING: 1223 case IPPROTO_HOPOPTS: 1224 case IPPROTO_AH: /* is it possible? */ 1225 break; 1226 default: 1227 goto loopend; 1228 } 1229 1230 ext = ip6_pullexthdr(m, off, nxt); 1231 if (ext == NULL) { 1232 IP6_STATINC(IP6_STAT_TOOSHORT); 1233 return; 1234 } 1235 ip6e = mtod(ext, struct ip6_ext *); 1236 if (nxt == IPPROTO_AH) 1237 elen = (ip6e->ip6e_len + 2) << 2; 1238 else 1239 elen = (ip6e->ip6e_len + 1) << 3; 1240 if (elen != ext->m_len) { 1241 m_freem(ext); 1242 IP6_STATINC(IP6_STAT_TOOSHORT); 1243 return; 1244 } 1245 KASSERT(IP6_HDR_ALIGNED_P(ip6e)); 1246 1247 switch (nxt) { 1248 case IPPROTO_DSTOPTS: 1249 if (!(in6p->in6p_flags & IN6P_DSTOPTS)) 1250 break; 1251 1252 *mp = sbcreatecontrol((void *)ip6e, elen, 1253 IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), 1254 IPPROTO_IPV6); 1255 if (*mp) 1256 mp = &(*mp)->m_next; 1257 break; 1258 1259 case IPPROTO_ROUTING: 1260 if (!(in6p->in6p_flags & IN6P_RTHDR)) 1261 break; 1262 1263 *mp = sbcreatecontrol((void *)ip6e, elen, 1264 IS2292(IPV6_2292RTHDR, IPV6_RTHDR), 1265 IPPROTO_IPV6); 1266 if (*mp) 1267 mp = &(*mp)->m_next; 1268 break; 1269 1270 case IPPROTO_HOPOPTS: 1271 case IPPROTO_AH: /* is it possible? */ 1272 break; 1273 1274 default: 1275 /* 1276 * other cases have been filtered in the above. 1277 * none will visit this case. here we supply 1278 * the code just in case (nxt overwritten or 1279 * other cases). 1280 */ 1281 m_freem(ext); 1282 goto loopend; 1283 1284 } 1285 1286 /* proceed with the next header. */ 1287 off += elen; 1288 nxt = ip6e->ip6e_nxt; 1289 ip6e = NULL; 1290 m_freem(ext); 1291 ext = NULL; 1292 } 1293 loopend: 1294 ; 1295 } 1296 } 1297 #undef IS2292 1298 1299 1300 void 1301 ip6_notify_pmtu(struct in6pcb *in6p, const struct sockaddr_in6 *dst, 1302 uint32_t *mtu) 1303 { 1304 struct socket *so; 1305 struct mbuf *m_mtu; 1306 struct ip6_mtuinfo mtuctl; 1307 1308 so = in6p->in6p_socket; 1309 1310 if (mtu == NULL) 1311 return; 1312 1313 #ifdef DIAGNOSTIC 1314 if (so == NULL) /* I believe this is impossible */ 1315 panic("ip6_notify_pmtu: socket is NULL"); 1316 #endif 1317 1318 memset(&mtuctl, 0, sizeof(mtuctl)); /* zero-clear for safety */ 1319 mtuctl.ip6m_mtu = *mtu; 1320 mtuctl.ip6m_addr = *dst; 1321 if (sa6_recoverscope(&mtuctl.ip6m_addr)) 1322 return; 1323 1324 if ((m_mtu = sbcreatecontrol((void *)&mtuctl, sizeof(mtuctl), 1325 IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) 1326 return; 1327 1328 if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) 1329 == 0) { 1330 m_freem(m_mtu); 1331 /* XXX: should count statistics */ 1332 } else 1333 sorwakeup(so); 1334 1335 return; 1336 } 1337 1338 /* 1339 * pull single extension header from mbuf chain. returns single mbuf that 1340 * contains the result, or NULL on error. 1341 */ 1342 static struct mbuf * 1343 ip6_pullexthdr(struct mbuf *m, size_t off, int nxt) 1344 { 1345 struct ip6_ext ip6e; 1346 size_t elen; 1347 struct mbuf *n; 1348 1349 #ifdef DIAGNOSTIC 1350 switch (nxt) { 1351 case IPPROTO_DSTOPTS: 1352 case IPPROTO_ROUTING: 1353 case IPPROTO_HOPOPTS: 1354 case IPPROTO_AH: /* is it possible? */ 1355 break; 1356 default: 1357 printf("ip6_pullexthdr: invalid nxt=%d\n", nxt); 1358 } 1359 #endif 1360 1361 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1362 if (nxt == IPPROTO_AH) 1363 elen = (ip6e.ip6e_len + 2) << 2; 1364 else 1365 elen = (ip6e.ip6e_len + 1) << 3; 1366 1367 MGET(n, M_DONTWAIT, MT_DATA); 1368 if (n && elen >= MLEN) { 1369 MCLGET(n, M_DONTWAIT); 1370 if ((n->m_flags & M_EXT) == 0) { 1371 m_free(n); 1372 n = NULL; 1373 } 1374 } 1375 if (!n) 1376 return NULL; 1377 1378 n->m_len = 0; 1379 if (elen >= M_TRAILINGSPACE(n)) { 1380 m_free(n); 1381 return NULL; 1382 } 1383 1384 m_copydata(m, off, elen, mtod(n, void *)); 1385 n->m_len = elen; 1386 return n; 1387 } 1388 1389 /* 1390 * Get pointer to the previous header followed by the header 1391 * currently processed. 1392 * XXX: This function supposes that 1393 * M includes all headers, 1394 * the next header field and the header length field of each header 1395 * are valid, and 1396 * the sum of each header length equals to OFF. 1397 * Because of these assumptions, this function must be called very 1398 * carefully. Moreover, it will not be used in the near future when 1399 * we develop `neater' mechanism to process extension headers. 1400 */ 1401 u_int8_t * 1402 ip6_get_prevhdr(struct mbuf *m, int off) 1403 { 1404 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 1405 1406 if (off == sizeof(struct ip6_hdr)) 1407 return (&ip6->ip6_nxt); 1408 else { 1409 int len, nxt; 1410 struct ip6_ext *ip6e = NULL; 1411 1412 nxt = ip6->ip6_nxt; 1413 len = sizeof(struct ip6_hdr); 1414 while (len < off) { 1415 ip6e = (struct ip6_ext *)(mtod(m, char *) + len); 1416 1417 switch (nxt) { 1418 case IPPROTO_FRAGMENT: 1419 len += sizeof(struct ip6_frag); 1420 break; 1421 case IPPROTO_AH: 1422 len += (ip6e->ip6e_len + 2) << 2; 1423 break; 1424 default: 1425 len += (ip6e->ip6e_len + 1) << 3; 1426 break; 1427 } 1428 nxt = ip6e->ip6e_nxt; 1429 } 1430 if (ip6e) 1431 return (&ip6e->ip6e_nxt); 1432 else 1433 return NULL; 1434 } 1435 } 1436 1437 /* 1438 * get next header offset. m will be retained. 1439 */ 1440 int 1441 ip6_nexthdr(struct mbuf *m, int off, int proto, int *nxtp) 1442 { 1443 struct ip6_hdr ip6; 1444 struct ip6_ext ip6e; 1445 struct ip6_frag fh; 1446 1447 /* just in case */ 1448 if (m == NULL) 1449 panic("ip6_nexthdr: m == NULL"); 1450 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) 1451 return -1; 1452 1453 switch (proto) { 1454 case IPPROTO_IPV6: 1455 /* do not chase beyond intermediate IPv6 headers */ 1456 if (off != 0) 1457 return -1; 1458 if (m->m_pkthdr.len < off + sizeof(ip6)) 1459 return -1; 1460 m_copydata(m, off, sizeof(ip6), (void *)&ip6); 1461 if (nxtp) 1462 *nxtp = ip6.ip6_nxt; 1463 off += sizeof(ip6); 1464 return off; 1465 1466 case IPPROTO_FRAGMENT: 1467 /* 1468 * terminate parsing if it is not the first fragment, 1469 * it does not make sense to parse through it. 1470 */ 1471 if (m->m_pkthdr.len < off + sizeof(fh)) 1472 return -1; 1473 m_copydata(m, off, sizeof(fh), (void *)&fh); 1474 if ((fh.ip6f_offlg & IP6F_OFF_MASK) != 0) 1475 return -1; 1476 if (nxtp) 1477 *nxtp = fh.ip6f_nxt; 1478 off += sizeof(struct ip6_frag); 1479 return off; 1480 1481 case IPPROTO_AH: 1482 if (m->m_pkthdr.len < off + sizeof(ip6e)) 1483 return -1; 1484 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1485 if (nxtp) 1486 *nxtp = ip6e.ip6e_nxt; 1487 off += (ip6e.ip6e_len + 2) << 2; 1488 if (m->m_pkthdr.len < off) 1489 return -1; 1490 return off; 1491 1492 case IPPROTO_HOPOPTS: 1493 case IPPROTO_ROUTING: 1494 case IPPROTO_DSTOPTS: 1495 if (m->m_pkthdr.len < off + sizeof(ip6e)) 1496 return -1; 1497 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1498 if (nxtp) 1499 *nxtp = ip6e.ip6e_nxt; 1500 off += (ip6e.ip6e_len + 1) << 3; 1501 if (m->m_pkthdr.len < off) 1502 return -1; 1503 return off; 1504 1505 case IPPROTO_NONE: 1506 case IPPROTO_ESP: 1507 case IPPROTO_IPCOMP: 1508 /* give up */ 1509 return -1; 1510 1511 default: 1512 return -1; 1513 } 1514 } 1515 1516 /* 1517 * get offset for the last header in the chain. m will be kept untainted. 1518 */ 1519 int 1520 ip6_lasthdr(struct mbuf *m, int off, int proto, int *nxtp) 1521 { 1522 int newoff; 1523 int nxt; 1524 1525 if (!nxtp) { 1526 nxt = -1; 1527 nxtp = &nxt; 1528 } 1529 for (;;) { 1530 newoff = ip6_nexthdr(m, off, proto, nxtp); 1531 if (newoff < 0) 1532 return off; 1533 else if (newoff < off) 1534 return -1; /* invalid */ 1535 else if (newoff == off) 1536 return newoff; 1537 1538 off = newoff; 1539 proto = *nxtp; 1540 } 1541 } 1542 1543 struct m_tag * 1544 ip6_addaux(struct mbuf *m) 1545 { 1546 struct m_tag *mtag; 1547 1548 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1549 if (!mtag) { 1550 mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), 1551 M_NOWAIT); 1552 if (mtag) { 1553 m_tag_prepend(m, mtag); 1554 memset(mtag + 1, 0, sizeof(struct ip6aux)); 1555 } 1556 } 1557 return mtag; 1558 } 1559 1560 struct m_tag * 1561 ip6_findaux(struct mbuf *m) 1562 { 1563 struct m_tag *mtag; 1564 1565 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1566 return mtag; 1567 } 1568 1569 void 1570 ip6_delaux(struct mbuf *m) 1571 { 1572 struct m_tag *mtag; 1573 1574 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1575 if (mtag) 1576 m_tag_delete(m, mtag); 1577 } 1578 1579 #ifdef GATEWAY 1580 /* 1581 * sysctl helper routine for net.inet.ip6.maxflows. Since 1582 * we could reduce this value, call ip6flow_reap(); 1583 */ 1584 static int 1585 sysctl_net_inet6_ip6_maxflows(SYSCTLFN_ARGS) 1586 { 1587 int error; 1588 1589 error = sysctl_lookup(SYSCTLFN_CALL(rnode)); 1590 if (error || newp == NULL) 1591 return (error); 1592 1593 mutex_enter(softnet_lock); 1594 KERNEL_LOCK(1, NULL); 1595 1596 ip6flow_reap(0); 1597 1598 KERNEL_UNLOCK_ONE(NULL); 1599 mutex_exit(softnet_lock); 1600 1601 return (0); 1602 } 1603 1604 static int 1605 sysctl_net_inet6_ip6_hashsize(SYSCTLFN_ARGS) 1606 { 1607 int error, tmp; 1608 struct sysctlnode node; 1609 1610 node = *rnode; 1611 tmp = ip6_hashsize; 1612 node.sysctl_data = &tmp; 1613 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1614 if (error || newp == NULL) 1615 return (error); 1616 1617 if ((tmp & (tmp - 1)) == 0 && tmp != 0) { 1618 /* 1619 * Can only fail due to malloc() 1620 */ 1621 mutex_enter(softnet_lock); 1622 KERNEL_LOCK(1, NULL); 1623 1624 error = ip6flow_invalidate_all(tmp); 1625 1626 KERNEL_UNLOCK_ONE(NULL); 1627 mutex_exit(softnet_lock); 1628 } else { 1629 /* 1630 * EINVAL if not a power of 2 1631 */ 1632 error = EINVAL; 1633 } 1634 1635 return error; 1636 } 1637 #endif /* GATEWAY */ 1638 1639 /* 1640 * System control for IP6 1641 */ 1642 1643 const u_char inet6ctlerrmap[PRC_NCMDS] = { 1644 0, 0, 0, 0, 1645 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1646 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1647 EMSGSIZE, EHOSTUNREACH, 0, 0, 1648 0, 0, 0, 0, 1649 ENOPROTOOPT 1650 }; 1651 1652 static int 1653 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS) 1654 { 1655 1656 return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); 1657 } 1658 1659 static void 1660 sysctl_net_inet6_ip6_setup(struct sysctllog **clog) 1661 { 1662 #ifdef RFC2292 1663 #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) 1664 #else 1665 #define IS2292(x, y) (y) 1666 #endif 1667 1668 sysctl_createv(clog, 0, NULL, NULL, 1669 CTLFLAG_PERMANENT, 1670 CTLTYPE_NODE, "net", NULL, 1671 NULL, 0, NULL, 0, 1672 CTL_NET, CTL_EOL); 1673 sysctl_createv(clog, 0, NULL, NULL, 1674 CTLFLAG_PERMANENT, 1675 CTLTYPE_NODE, "inet6", 1676 SYSCTL_DESCR("PF_INET6 related settings"), 1677 NULL, 0, NULL, 0, 1678 CTL_NET, PF_INET6, CTL_EOL); 1679 sysctl_createv(clog, 0, NULL, NULL, 1680 CTLFLAG_PERMANENT, 1681 CTLTYPE_NODE, "ip6", 1682 SYSCTL_DESCR("IPv6 related settings"), 1683 NULL, 0, NULL, 0, 1684 CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_EOL); 1685 1686 sysctl_createv(clog, 0, NULL, NULL, 1687 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1688 CTLTYPE_INT, "forwarding", 1689 SYSCTL_DESCR("Enable forwarding of INET6 datagrams"), 1690 NULL, 0, &ip6_forwarding, 0, 1691 CTL_NET, PF_INET6, IPPROTO_IPV6, 1692 IPV6CTL_FORWARDING, CTL_EOL); 1693 sysctl_createv(clog, 0, NULL, NULL, 1694 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1695 CTLTYPE_INT, "redirect", 1696 SYSCTL_DESCR("Enable sending of ICMPv6 redirect messages"), 1697 NULL, 0, &ip6_sendredirects, 0, 1698 CTL_NET, PF_INET6, IPPROTO_IPV6, 1699 IPV6CTL_SENDREDIRECTS, CTL_EOL); 1700 sysctl_createv(clog, 0, NULL, NULL, 1701 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1702 CTLTYPE_INT, "hlim", 1703 SYSCTL_DESCR("Hop limit for an INET6 datagram"), 1704 NULL, 0, &ip6_defhlim, 0, 1705 CTL_NET, PF_INET6, IPPROTO_IPV6, 1706 IPV6CTL_DEFHLIM, CTL_EOL); 1707 #ifdef notyet 1708 sysctl_createv(clog, 0, NULL, NULL, 1709 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1710 CTLTYPE_INT, "mtu", NULL, 1711 NULL, 0, &, 0, 1712 CTL_NET, PF_INET6, IPPROTO_IPV6, 1713 IPV6CTL_DEFMTU, CTL_EOL); 1714 #endif 1715 #ifdef __no_idea__ 1716 sysctl_createv(clog, 0, NULL, NULL, 1717 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1718 CTLTYPE_INT, "forwsrcrt", NULL, 1719 NULL, 0, &?, 0, 1720 CTL_NET, PF_INET6, IPPROTO_IPV6, 1721 IPV6CTL_FORWSRCRT, CTL_EOL); 1722 sysctl_createv(clog, 0, NULL, NULL, 1723 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1724 CTLTYPE_STRUCT, "mrtstats", NULL, 1725 NULL, 0, &?, sizeof(?), 1726 CTL_NET, PF_INET6, IPPROTO_IPV6, 1727 IPV6CTL_MRTSTATS, CTL_EOL); 1728 sysctl_createv(clog, 0, NULL, NULL, 1729 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1730 CTLTYPE_?, "mrtproto", NULL, 1731 NULL, 0, &?, sizeof(?), 1732 CTL_NET, PF_INET6, IPPROTO_IPV6, 1733 IPV6CTL_MRTPROTO, CTL_EOL); 1734 #endif 1735 sysctl_createv(clog, 0, NULL, NULL, 1736 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1737 CTLTYPE_INT, "maxfragpackets", 1738 SYSCTL_DESCR("Maximum number of fragments to buffer " 1739 "for reassembly"), 1740 NULL, 0, &ip6_maxfragpackets, 0, 1741 CTL_NET, PF_INET6, IPPROTO_IPV6, 1742 IPV6CTL_MAXFRAGPACKETS, CTL_EOL); 1743 #ifdef __no_idea__ 1744 sysctl_createv(clog, 0, NULL, NULL, 1745 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1746 CTLTYPE_INT, "sourcecheck", NULL, 1747 NULL, 0, &?, 0, 1748 CTL_NET, PF_INET6, IPPROTO_IPV6, 1749 IPV6CTL_SOURCECHECK, CTL_EOL); 1750 sysctl_createv(clog, 0, NULL, NULL, 1751 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1752 CTLTYPE_INT, "sourcecheck_logint", NULL, 1753 NULL, 0, &?, 0, 1754 CTL_NET, PF_INET6, IPPROTO_IPV6, 1755 IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL); 1756 #endif 1757 sysctl_createv(clog, 0, NULL, NULL, 1758 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1759 CTLTYPE_INT, "accept_rtadv", 1760 SYSCTL_DESCR("Accept router advertisements"), 1761 NULL, 0, &ip6_accept_rtadv, 0, 1762 CTL_NET, PF_INET6, IPPROTO_IPV6, 1763 IPV6CTL_ACCEPT_RTADV, CTL_EOL); 1764 sysctl_createv(clog, 0, NULL, NULL, 1765 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1766 CTLTYPE_INT, "rtadv_maxroutes", 1767 SYSCTL_DESCR("Maximum number of routes accepted via router advertisements"), 1768 NULL, 0, &ip6_rtadv_maxroutes, 0, 1769 CTL_NET, PF_INET6, IPPROTO_IPV6, 1770 IPV6CTL_RTADV_MAXROUTES, CTL_EOL); 1771 sysctl_createv(clog, 0, NULL, NULL, 1772 CTLFLAG_PERMANENT, 1773 CTLTYPE_INT, "rtadv_numroutes", 1774 SYSCTL_DESCR("Current number of routes accepted via router advertisements"), 1775 NULL, 0, &nd6_numroutes, 0, 1776 CTL_NET, PF_INET6, IPPROTO_IPV6, 1777 IPV6CTL_RTADV_NUMROUTES, CTL_EOL); 1778 sysctl_createv(clog, 0, NULL, NULL, 1779 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1780 CTLTYPE_INT, "keepfaith", 1781 SYSCTL_DESCR("Activate faith interface"), 1782 NULL, 0, &ip6_keepfaith, 0, 1783 CTL_NET, PF_INET6, IPPROTO_IPV6, 1784 IPV6CTL_KEEPFAITH, CTL_EOL); 1785 sysctl_createv(clog, 0, NULL, NULL, 1786 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1787 CTLTYPE_INT, "log_interval", 1788 SYSCTL_DESCR("Minumum interval between logging " 1789 "unroutable packets"), 1790 NULL, 0, &ip6_log_interval, 0, 1791 CTL_NET, PF_INET6, IPPROTO_IPV6, 1792 IPV6CTL_LOG_INTERVAL, CTL_EOL); 1793 sysctl_createv(clog, 0, NULL, NULL, 1794 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1795 CTLTYPE_INT, "hdrnestlimit", 1796 SYSCTL_DESCR("Maximum number of nested IPv6 headers"), 1797 NULL, 0, &ip6_hdrnestlimit, 0, 1798 CTL_NET, PF_INET6, IPPROTO_IPV6, 1799 IPV6CTL_HDRNESTLIMIT, CTL_EOL); 1800 sysctl_createv(clog, 0, NULL, NULL, 1801 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1802 CTLTYPE_INT, "dad_count", 1803 SYSCTL_DESCR("Number of Duplicate Address Detection " 1804 "probes to send"), 1805 NULL, 0, &ip6_dad_count, 0, 1806 CTL_NET, PF_INET6, IPPROTO_IPV6, 1807 IPV6CTL_DAD_COUNT, CTL_EOL); 1808 sysctl_createv(clog, 0, NULL, NULL, 1809 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1810 CTLTYPE_INT, "auto_flowlabel", 1811 SYSCTL_DESCR("Assign random IPv6 flow labels"), 1812 NULL, 0, &ip6_auto_flowlabel, 0, 1813 CTL_NET, PF_INET6, IPPROTO_IPV6, 1814 IPV6CTL_AUTO_FLOWLABEL, CTL_EOL); 1815 sysctl_createv(clog, 0, NULL, NULL, 1816 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1817 CTLTYPE_INT, "defmcasthlim", 1818 SYSCTL_DESCR("Default multicast hop limit"), 1819 NULL, 0, &ip6_defmcasthlim, 0, 1820 CTL_NET, PF_INET6, IPPROTO_IPV6, 1821 IPV6CTL_DEFMCASTHLIM, CTL_EOL); 1822 #if NGIF > 0 1823 sysctl_createv(clog, 0, NULL, NULL, 1824 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1825 CTLTYPE_INT, "gifhlim", 1826 SYSCTL_DESCR("Default hop limit for a gif tunnel datagram"), 1827 NULL, 0, &ip6_gif_hlim, 0, 1828 CTL_NET, PF_INET6, IPPROTO_IPV6, 1829 IPV6CTL_GIF_HLIM, CTL_EOL); 1830 #endif /* NGIF */ 1831 sysctl_createv(clog, 0, NULL, NULL, 1832 CTLFLAG_PERMANENT, 1833 CTLTYPE_STRING, "kame_version", 1834 SYSCTL_DESCR("KAME Version"), 1835 NULL, 0, __UNCONST(__KAME_VERSION), 0, 1836 CTL_NET, PF_INET6, IPPROTO_IPV6, 1837 IPV6CTL_KAME_VERSION, CTL_EOL); 1838 sysctl_createv(clog, 0, NULL, NULL, 1839 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1840 CTLTYPE_INT, "use_deprecated", 1841 SYSCTL_DESCR("Allow use of deprecated addresses as " 1842 "source addresses"), 1843 NULL, 0, &ip6_use_deprecated, 0, 1844 CTL_NET, PF_INET6, IPPROTO_IPV6, 1845 IPV6CTL_USE_DEPRECATED, CTL_EOL); 1846 sysctl_createv(clog, 0, NULL, NULL, 1847 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1848 CTLTYPE_INT, "rr_prune", NULL, 1849 NULL, 0, &ip6_rr_prune, 0, 1850 CTL_NET, PF_INET6, IPPROTO_IPV6, 1851 IPV6CTL_RR_PRUNE, CTL_EOL); 1852 sysctl_createv(clog, 0, NULL, NULL, 1853 CTLFLAG_PERMANENT 1854 #ifndef INET6_BINDV6ONLY 1855 |CTLFLAG_READWRITE, 1856 #endif 1857 CTLTYPE_INT, "v6only", 1858 SYSCTL_DESCR("Disallow PF_INET6 sockets from connecting " 1859 "to PF_INET sockets"), 1860 NULL, 0, &ip6_v6only, 0, 1861 CTL_NET, PF_INET6, IPPROTO_IPV6, 1862 IPV6CTL_V6ONLY, CTL_EOL); 1863 sysctl_createv(clog, 0, NULL, NULL, 1864 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1865 CTLTYPE_INT, "anonportmin", 1866 SYSCTL_DESCR("Lowest ephemeral port number to assign"), 1867 sysctl_net_inet_ip_ports, 0, &ip6_anonportmin, 0, 1868 CTL_NET, PF_INET6, IPPROTO_IPV6, 1869 IPV6CTL_ANONPORTMIN, CTL_EOL); 1870 sysctl_createv(clog, 0, NULL, NULL, 1871 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1872 CTLTYPE_INT, "anonportmax", 1873 SYSCTL_DESCR("Highest ephemeral port number to assign"), 1874 sysctl_net_inet_ip_ports, 0, &ip6_anonportmax, 0, 1875 CTL_NET, PF_INET6, IPPROTO_IPV6, 1876 IPV6CTL_ANONPORTMAX, CTL_EOL); 1877 #ifndef IPNOPRIVPORTS 1878 sysctl_createv(clog, 0, NULL, NULL, 1879 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1880 CTLTYPE_INT, "lowportmin", 1881 SYSCTL_DESCR("Lowest privileged ephemeral port number " 1882 "to assign"), 1883 sysctl_net_inet_ip_ports, 0, &ip6_lowportmin, 0, 1884 CTL_NET, PF_INET6, IPPROTO_IPV6, 1885 IPV6CTL_LOWPORTMIN, CTL_EOL); 1886 sysctl_createv(clog, 0, NULL, NULL, 1887 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1888 CTLTYPE_INT, "lowportmax", 1889 SYSCTL_DESCR("Highest privileged ephemeral port number " 1890 "to assign"), 1891 sysctl_net_inet_ip_ports, 0, &ip6_lowportmax, 0, 1892 CTL_NET, PF_INET6, IPPROTO_IPV6, 1893 IPV6CTL_LOWPORTMAX, CTL_EOL); 1894 #endif /* IPNOPRIVPORTS */ 1895 sysctl_createv(clog, 0, NULL, NULL, 1896 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1897 CTLTYPE_INT, "use_tempaddr", 1898 SYSCTL_DESCR("Use temporary address"), 1899 NULL, 0, &ip6_use_tempaddr, 0, 1900 CTL_NET, PF_INET6, IPPROTO_IPV6, 1901 CTL_CREATE, CTL_EOL); 1902 sysctl_createv(clog, 0, NULL, NULL, 1903 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1904 CTLTYPE_INT, "temppltime", 1905 SYSCTL_DESCR("preferred lifetime of a temporary address"), 1906 NULL, 0, &ip6_temp_preferred_lifetime, 0, 1907 CTL_NET, PF_INET6, IPPROTO_IPV6, 1908 CTL_CREATE, CTL_EOL); 1909 sysctl_createv(clog, 0, NULL, NULL, 1910 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1911 CTLTYPE_INT, "tempvltime", 1912 SYSCTL_DESCR("valid lifetime of a temporary address"), 1913 NULL, 0, &ip6_temp_valid_lifetime, 0, 1914 CTL_NET, PF_INET6, IPPROTO_IPV6, 1915 CTL_CREATE, CTL_EOL); 1916 sysctl_createv(clog, 0, NULL, NULL, 1917 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1918 CTLTYPE_INT, "maxfrags", 1919 SYSCTL_DESCR("Maximum fragments in reassembly queue"), 1920 NULL, 0, &ip6_maxfrags, 0, 1921 CTL_NET, PF_INET6, IPPROTO_IPV6, 1922 IPV6CTL_MAXFRAGS, CTL_EOL); 1923 sysctl_createv(clog, 0, NULL, NULL, 1924 CTLFLAG_PERMANENT, 1925 CTLTYPE_STRUCT, "stats", 1926 SYSCTL_DESCR("IPv6 statistics"), 1927 sysctl_net_inet6_ip6_stats, 0, NULL, 0, 1928 CTL_NET, PF_INET6, IPPROTO_IPV6, 1929 IPV6CTL_STATS, CTL_EOL); 1930 sysctl_createv(clog, 0, NULL, NULL, 1931 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1932 CTLTYPE_INT, "use_defaultzone", 1933 SYSCTL_DESCR("Whether to use the default scope zones"), 1934 NULL, 0, &ip6_use_defzone, 0, 1935 CTL_NET, PF_INET6, IPPROTO_IPV6, 1936 IPV6CTL_USE_DEFAULTZONE, CTL_EOL); 1937 sysctl_createv(clog, 0, NULL, NULL, 1938 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1939 CTLTYPE_INT, "mcast_pmtu", 1940 SYSCTL_DESCR("Enable pMTU discovery for multicast packet"), 1941 NULL, 0, &ip6_mcast_pmtu, 0, 1942 CTL_NET, PF_INET6, IPPROTO_IPV6, 1943 CTL_CREATE, CTL_EOL); 1944 #ifdef GATEWAY 1945 sysctl_createv(clog, 0, NULL, NULL, 1946 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1947 CTLTYPE_INT, "maxflows", 1948 SYSCTL_DESCR("Number of flows for fast forwarding (IPv6)"), 1949 sysctl_net_inet6_ip6_maxflows, 0, &ip6_maxflows, 0, 1950 CTL_NET, PF_INET6, IPPROTO_IPV6, 1951 CTL_CREATE, CTL_EOL); 1952 sysctl_createv(clog, 0, NULL, NULL, 1953 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1954 CTLTYPE_INT, "hashsize", 1955 SYSCTL_DESCR("Size of hash table for fast forwarding (IPv6)"), 1956 sysctl_net_inet6_ip6_hashsize, 0, &ip6_hashsize, 0, 1957 CTL_NET, PF_INET6, IPPROTO_IPV6, 1958 CTL_CREATE, CTL_EOL); 1959 #endif 1960 /* anonportalgo RFC6056 subtree */ 1961 const struct sysctlnode *portalgo_node; 1962 sysctl_createv(clog, 0, NULL, &portalgo_node, 1963 CTLFLAG_PERMANENT, 1964 CTLTYPE_NODE, "anonportalgo", 1965 SYSCTL_DESCR("Anonymous port algorithm selection (RFC 6056)"), 1966 NULL, 0, NULL, 0, 1967 CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_CREATE, CTL_EOL); 1968 sysctl_createv(clog, 0, &portalgo_node, NULL, 1969 CTLFLAG_PERMANENT, 1970 CTLTYPE_STRING, "available", 1971 SYSCTL_DESCR("available algorithms"), 1972 sysctl_portalgo_available, 0, NULL, PORTALGO_MAXLEN, 1973 CTL_CREATE, CTL_EOL); 1974 sysctl_createv(clog, 0, &portalgo_node, NULL, 1975 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1976 CTLTYPE_STRING, "selected", 1977 SYSCTL_DESCR("selected algorithm"), 1978 sysctl_portalgo_selected6, 0, NULL, PORTALGO_MAXLEN, 1979 CTL_CREATE, CTL_EOL); 1980 sysctl_createv(clog, 0, &portalgo_node, NULL, 1981 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1982 CTLTYPE_STRUCT, "reserve", 1983 SYSCTL_DESCR("bitmap of reserved ports"), 1984 sysctl_portalgo_reserve6, 0, NULL, 0, 1985 CTL_CREATE, CTL_EOL); 1986 sysctl_createv(clog, 0, NULL, NULL, 1987 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1988 CTLTYPE_INT, "neighborgcthresh", 1989 SYSCTL_DESCR("Maximum number of entries in neighbor" 1990 " cache"), 1991 NULL, 1, &ip6_neighborgcthresh, 0, 1992 CTL_NET, PF_INET6, IPPROTO_IPV6, 1993 CTL_CREATE, CTL_EOL); 1994 sysctl_createv(clog, 0, NULL, NULL, 1995 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1996 CTLTYPE_INT, "maxifprefixes", 1997 SYSCTL_DESCR("Maximum number of prefixes created by" 1998 " route advertisement per interface"), 1999 NULL, 1, &ip6_maxifprefixes, 0, 2000 CTL_NET, PF_INET6, IPPROTO_IPV6, 2001 CTL_CREATE, CTL_EOL); 2002 sysctl_createv(clog, 0, NULL, NULL, 2003 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 2004 CTLTYPE_INT, "maxifdefrouters", 2005 SYSCTL_DESCR("Maximum number of default routers created" 2006 " by route advertisement per interface"), 2007 NULL, 1, &ip6_maxifdefrouters, 0, 2008 CTL_NET, PF_INET6, IPPROTO_IPV6, 2009 CTL_CREATE, CTL_EOL); 2010 sysctl_createv(clog, 0, NULL, NULL, 2011 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 2012 CTLTYPE_INT, "maxdynroutes", 2013 SYSCTL_DESCR("Maximum number of routes created via" 2014 " redirect"), 2015 NULL, 1, &ip6_maxdynroutes, 0, 2016 CTL_NET, PF_INET6, IPPROTO_IPV6, 2017 CTL_CREATE, CTL_EOL); 2018 } 2019 2020 void 2021 ip6_statinc(u_int stat) 2022 { 2023 2024 KASSERT(stat < IP6_NSTATS); 2025 IP6_STATINC(stat); 2026 } 2027