1 /* $NetBSD: ip6_input.c,v 1.117 2008/04/23 06:09:05 thorpej Exp $ */ 2 /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1988, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.117 2008/04/23 06:09:05 thorpej Exp $"); 66 67 #include "opt_inet.h" 68 #include "opt_inet6.h" 69 #include "opt_ipsec.h" 70 #include "opt_pfil_hooks.h" 71 72 #include <sys/param.h> 73 #include <sys/systm.h> 74 #include <sys/malloc.h> 75 #include <sys/mbuf.h> 76 #include <sys/domain.h> 77 #include <sys/protosw.h> 78 #include <sys/socket.h> 79 #include <sys/socketvar.h> 80 #include <sys/errno.h> 81 #include <sys/time.h> 82 #include <sys/kernel.h> 83 #include <sys/syslog.h> 84 #include <sys/proc.h> 85 #include <sys/sysctl.h> 86 87 #include <net/if.h> 88 #include <net/if_types.h> 89 #include <net/if_dl.h> 90 #include <net/route.h> 91 #include <net/netisr.h> 92 #ifdef PFIL_HOOKS 93 #include <net/pfil.h> 94 #endif 95 96 #include <netinet/in.h> 97 #include <netinet/in_systm.h> 98 #ifdef INET 99 #include <netinet/ip.h> 100 #include <netinet/ip_icmp.h> 101 #endif /* INET */ 102 #include <netinet/ip6.h> 103 #include <netinet6/in6_var.h> 104 #include <netinet6/ip6_var.h> 105 #include <netinet6/ip6_private.h> 106 #include <netinet6/in6_pcb.h> 107 #include <netinet/icmp6.h> 108 #include <netinet6/scope6_var.h> 109 #include <netinet6/in6_ifattach.h> 110 #include <netinet6/nd6.h> 111 112 #ifdef IPSEC 113 #include <netinet6/ipsec.h> 114 #include <netinet6/ipsec_private.h> 115 #endif 116 117 #ifdef FAST_IPSEC 118 #include <netipsec/ipsec.h> 119 #include <netipsec/ipsec6.h> 120 #include <netipsec/key.h> 121 #endif /* FAST_IPSEC */ 122 123 #include <netinet6/ip6protosw.h> 124 125 #include "faith.h" 126 #include "gif.h" 127 128 #if NGIF > 0 129 #include <netinet6/in6_gif.h> 130 #endif 131 132 #include <net/net_osdep.h> 133 134 extern struct domain inet6domain; 135 136 u_char ip6_protox[IPPROTO_MAX]; 137 static int ip6qmaxlen = IFQ_MAXLEN; 138 struct in6_ifaddr *in6_ifaddr; 139 struct ifqueue ip6intrq; 140 141 extern callout_t in6_tmpaddrtimer_ch; 142 143 int ip6_forward_srcrt; /* XXX */ 144 int ip6_sourcecheck; /* XXX */ 145 int ip6_sourcecheck_interval; /* XXX */ 146 147 #ifdef PFIL_HOOKS 148 struct pfil_head inet6_pfil_hook; 149 #endif 150 151 percpu_t *ip6stat_percpu; 152 153 static void ip6_init2(void *); 154 static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); 155 156 static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *); 157 static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); 158 159 /* 160 * IP6 initialization: fill in IP6 protocol switch table. 161 * All protocols not implemented in kernel go to raw IP6 protocol handler. 162 */ 163 void 164 ip6_init(void) 165 { 166 const struct ip6protosw *pr; 167 int i; 168 169 pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); 170 if (pr == 0) 171 panic("ip6_init"); 172 for (i = 0; i < IPPROTO_MAX; i++) 173 ip6_protox[i] = pr - inet6sw; 174 for (pr = (const struct ip6protosw *)inet6domain.dom_protosw; 175 pr < (const struct ip6protosw *)inet6domain.dom_protoswNPROTOSW; pr++) 176 if (pr->pr_domain->dom_family == PF_INET6 && 177 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) 178 ip6_protox[pr->pr_protocol] = pr - inet6sw; 179 ip6intrq.ifq_maxlen = ip6qmaxlen; 180 scope6_init(); 181 addrsel_policy_init(); 182 nd6_init(); 183 frag6_init(); 184 ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; 185 186 ip6_init2((void *)0); 187 #ifdef GATEWAY 188 ip6flow_init(ip6_hashsize); 189 #endif 190 191 #ifdef PFIL_HOOKS 192 /* Register our Packet Filter hook. */ 193 inet6_pfil_hook.ph_type = PFIL_TYPE_AF; 194 inet6_pfil_hook.ph_af = AF_INET6; 195 i = pfil_head_register(&inet6_pfil_hook); 196 if (i != 0) 197 printf("ip6_init: WARNING: unable to register pfil hook, " 198 "error %d\n", i); 199 #endif /* PFIL_HOOKS */ 200 201 ip6stat_percpu = percpu_alloc(sizeof(uint64_t) * IP6_NSTATS); 202 } 203 204 static void 205 ip6_init2(void *dummy) 206 { 207 208 /* nd6_timer_init */ 209 callout_init(&nd6_timer_ch, 0); 210 callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL); 211 212 /* timer for regeneranation of temporary addresses randomize ID */ 213 callout_init(&in6_tmpaddrtimer_ch, 0); 214 callout_reset(&in6_tmpaddrtimer_ch, 215 (ip6_temp_preferred_lifetime - ip6_desync_factor - 216 ip6_temp_regen_advance) * hz, 217 in6_tmpaddrtimer, NULL); 218 } 219 220 /* 221 * IP6 input interrupt handling. Just pass the packet to ip6_input. 222 */ 223 void 224 ip6intr(void) 225 { 226 int s; 227 struct mbuf *m; 228 229 for (;;) { 230 s = splnet(); 231 IF_DEQUEUE(&ip6intrq, m); 232 splx(s); 233 if (m == 0) 234 return; 235 /* drop the packet if IPv6 operation is disabled on the IF */ 236 if ((ND_IFINFO(m->m_pkthdr.rcvif)->flags & ND6_IFF_IFDISABLED)) { 237 m_freem(m); 238 return; 239 } 240 ip6_input(m); 241 } 242 } 243 244 extern struct route ip6_forward_rt; 245 246 void 247 ip6_input(struct mbuf *m) 248 { 249 struct ip6_hdr *ip6; 250 int hit, off = sizeof(struct ip6_hdr), nest; 251 u_int32_t plen; 252 u_int32_t rtalert = ~0; 253 int nxt, ours = 0, rh_present = 0; 254 struct ifnet *deliverifp = NULL; 255 int srcrt = 0; 256 const struct rtentry *rt; 257 union { 258 struct sockaddr dst; 259 struct sockaddr_in6 dst6; 260 } u; 261 #ifdef FAST_IPSEC 262 struct m_tag *mtag; 263 struct tdb_ident *tdbi; 264 struct secpolicy *sp; 265 int s, error; 266 #endif 267 268 #ifdef IPSEC 269 /* 270 * should the inner packet be considered authentic? 271 * see comment in ah4_input(). 272 */ 273 m->m_flags &= ~M_AUTHIPHDR; 274 m->m_flags &= ~M_AUTHIPDGM; 275 #endif 276 277 /* 278 * make sure we don't have onion peering information into m_tag. 279 */ 280 ip6_delaux(m); 281 282 /* 283 * mbuf statistics 284 */ 285 if (m->m_flags & M_EXT) { 286 if (m->m_next) 287 IP6_STATINC(IP6_STAT_MEXT2M); 288 else 289 IP6_STATINC(IP6_STAT_MEXT1); 290 } else { 291 #define M2MMAX 32 292 if (m->m_next) { 293 if (m->m_flags & M_LOOP) { 294 /*XXX*/ IP6_STATINC(IP6_STAT_M2M + lo0ifp->if_index); 295 } else if (m->m_pkthdr.rcvif->if_index < M2MMAX) { 296 IP6_STATINC(IP6_STAT_M2M + 297 m->m_pkthdr.rcvif->if_index); 298 } else 299 IP6_STATINC(IP6_STAT_M2M); 300 } else 301 IP6_STATINC(IP6_STAT_M1); 302 #undef M2MMAX 303 } 304 305 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive); 306 IP6_STATINC(IP6_STAT_TOTAL); 307 308 /* 309 * If the IPv6 header is not aligned, slurp it up into a new 310 * mbuf with space for link headers, in the event we forward 311 * it. Otherwise, if it is aligned, make sure the entire base 312 * IPv6 header is in the first mbuf of the chain. 313 */ 314 if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { 315 struct ifnet *inifp = m->m_pkthdr.rcvif; 316 if ((m = m_copyup(m, sizeof(struct ip6_hdr), 317 (max_linkhdr + 3) & ~3)) == NULL) { 318 /* XXXJRT new stat, please */ 319 IP6_STATINC(IP6_STAT_TOOSMALL); 320 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 321 return; 322 } 323 } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { 324 struct ifnet *inifp = m->m_pkthdr.rcvif; 325 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { 326 IP6_STATINC(IP6_STAT_TOOSMALL); 327 in6_ifstat_inc(inifp, ifs6_in_hdrerr); 328 return; 329 } 330 } 331 332 ip6 = mtod(m, struct ip6_hdr *); 333 334 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) { 335 IP6_STATINC(IP6_STAT_BADVERS); 336 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 337 goto bad; 338 } 339 340 #if defined(IPSEC) 341 /* IPv6 fast forwarding is not compatible with IPsec. */ 342 m->m_flags &= ~M_CANFASTFWD; 343 #else 344 /* 345 * Assume that we can create a fast-forward IP flow entry 346 * based on this packet. 347 */ 348 m->m_flags |= M_CANFASTFWD; 349 #endif 350 351 #ifdef PFIL_HOOKS 352 /* 353 * Run through list of hooks for input packets. If there are any 354 * filters which require that additional packets in the flow are 355 * not fast-forwarded, they must clear the M_CANFASTFWD flag. 356 * Note that filters must _never_ set this flag, as another filter 357 * in the list may have previously cleared it. 358 */ 359 /* 360 * let ipfilter look at packet on the wire, 361 * not the decapsulated packet. 362 */ 363 #ifdef IPSEC 364 if (!ipsec_getnhist(m)) 365 #elif defined(FAST_IPSEC) 366 if (!ipsec_indone(m)) 367 #else 368 if (1) 369 #endif 370 { 371 struct in6_addr odst; 372 373 odst = ip6->ip6_dst; 374 if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, 375 PFIL_IN) != 0) 376 return; 377 if (m == NULL) 378 return; 379 ip6 = mtod(m, struct ip6_hdr *); 380 srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); 381 } 382 #endif /* PFIL_HOOKS */ 383 384 IP6_STATINC(IP6_STAT_NXTHIST + ip6->ip6_nxt); 385 386 #ifdef ALTQ 387 if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) { 388 /* packet is dropped by traffic conditioner */ 389 return; 390 } 391 #endif 392 393 /* 394 * Check against address spoofing/corruption. 395 */ 396 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || 397 IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { 398 /* 399 * XXX: "badscope" is not very suitable for a multicast source. 400 */ 401 IP6_STATINC(IP6_STAT_BADSCOPE); 402 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 403 goto bad; 404 } 405 /* 406 * The following check is not documented in specs. A malicious 407 * party may be able to use IPv4 mapped addr to confuse tcp/udp stack 408 * and bypass security checks (act as if it was from 127.0.0.1 by using 409 * IPv6 src ::ffff:127.0.0.1). Be cautious. 410 * 411 * This check chokes if we are in an SIIT cloud. As none of BSDs 412 * support IPv4-less kernel compilation, we cannot support SIIT 413 * environment at all. So, it makes more sense for us to reject any 414 * malicious packets for non-SIIT environment, than try to do a 415 * partial support for SIIT environment. 416 */ 417 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 418 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 419 IP6_STATINC(IP6_STAT_BADSCOPE); 420 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 421 goto bad; 422 } 423 #if 0 424 /* 425 * Reject packets with IPv4 compatible addresses (auto tunnel). 426 * 427 * The code forbids auto tunnel relay case in RFC1933 (the check is 428 * stronger than RFC1933). We may want to re-enable it if mech-xx 429 * is revised to forbid relaying case. 430 */ 431 if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || 432 IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { 433 IP6_STATINC(IP6_STAT_BADSCOPE); 434 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 435 goto bad; 436 } 437 #endif 438 439 /* 440 * Disambiguate address scope zones (if there is ambiguity). 441 * We first make sure that the original source or destination address 442 * is not in our internal form for scoped addresses. Such addresses 443 * are not necessarily invalid spec-wise, but we cannot accept them due 444 * to the usage conflict. 445 * in6_setscope() then also checks and rejects the cases where src or 446 * dst are the loopback address and the receiving interface 447 * is not loopback. 448 */ 449 if (__predict_false( 450 m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) 451 goto bad; 452 ip6 = mtod(m, struct ip6_hdr *); 453 if (in6_clearscope(&ip6->ip6_src) || in6_clearscope(&ip6->ip6_dst)) { 454 IP6_STATINC(IP6_STAT_BADSCOPE); /* XXX */ 455 goto bad; 456 } 457 if (in6_setscope(&ip6->ip6_src, m->m_pkthdr.rcvif, NULL) || 458 in6_setscope(&ip6->ip6_dst, m->m_pkthdr.rcvif, NULL)) { 459 IP6_STATINC(IP6_STAT_BADSCOPE); 460 goto bad; 461 } 462 463 /* 464 * Multicast check 465 */ 466 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 467 struct in6_multi *in6m = 0; 468 469 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mcast); 470 /* 471 * See if we belong to the destination multicast group on the 472 * arrival interface. 473 */ 474 IN6_LOOKUP_MULTI(ip6->ip6_dst, m->m_pkthdr.rcvif, in6m); 475 if (in6m) 476 ours = 1; 477 else if (!ip6_mrouter) { 478 uint64_t *ip6s = IP6_STAT_GETREF(); 479 ip6s[IP6_STAT_NOTMEMBER]++; 480 ip6s[IP6_STAT_CANTFORWARD]++; 481 IP6_STAT_PUTREF(); 482 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 483 goto bad; 484 } 485 deliverifp = m->m_pkthdr.rcvif; 486 goto hbhcheck; 487 } 488 489 sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); 490 491 /* 492 * Unicast check 493 */ 494 rt = rtcache_lookup2(&ip6_forward_rt, &u.dst, 1, &hit); 495 if (hit) 496 IP6_STATINC(IP6_STAT_FORWARD_CACHEHIT); 497 else 498 IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); 499 500 #define rt6_getkey(__rt) satocsin6(rt_getkey(__rt)) 501 502 /* 503 * Accept the packet if the forwarding interface to the destination 504 * according to the routing table is the loopback interface, 505 * unless the associated route has a gateway. 506 * Note that this approach causes to accept a packet if there is a 507 * route to the loopback interface for the destination of the packet. 508 * But we think it's even useful in some situations, e.g. when using 509 * a special daemon which wants to intercept the packet. 510 */ 511 if (rt != NULL && 512 (rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && 513 !(rt->rt_flags & RTF_CLONED) && 514 #if 0 515 /* 516 * The check below is redundant since the comparison of 517 * the destination and the key of the rtentry has 518 * already done through looking up the routing table. 519 */ 520 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) && 521 #endif 522 rt->rt_ifp->if_type == IFT_LOOP) { 523 struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; 524 if (ia6->ia6_flags & IN6_IFF_ANYCAST) 525 m->m_flags |= M_ANYCAST6; 526 /* 527 * packets to a tentative, duplicated, or somehow invalid 528 * address must not be accepted. 529 */ 530 if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) { 531 /* this address is ready */ 532 ours = 1; 533 deliverifp = ia6->ia_ifp; /* correct? */ 534 goto hbhcheck; 535 } else { 536 /* address is not ready, so discard the packet. */ 537 nd6log((LOG_INFO, 538 "ip6_input: packet to an unready address %s->%s\n", 539 ip6_sprintf(&ip6->ip6_src), 540 ip6_sprintf(&ip6->ip6_dst))); 541 542 goto bad; 543 } 544 } 545 546 /* 547 * FAITH (Firewall Aided Internet Translator) 548 */ 549 #if defined(NFAITH) && 0 < NFAITH 550 if (ip6_keepfaith) { 551 if (rt != NULL && rt->rt_ifp != NULL && 552 rt->rt_ifp->if_type == IFT_FAITH) { 553 /* XXX do we need more sanity checks? */ 554 ours = 1; 555 deliverifp = rt->rt_ifp; /* faith */ 556 goto hbhcheck; 557 } 558 } 559 #endif 560 561 #if 0 562 { 563 /* 564 * Last resort: check in6_ifaddr for incoming interface. 565 * The code is here until I update the "goto ours hack" code above 566 * working right. 567 */ 568 struct ifaddr *ifa; 569 IFADDR_FOREACH(ifa, m->m_pkthdr.rcvif) { 570 if (ifa->ifa_addr == NULL) 571 continue; /* just for safety */ 572 if (ifa->ifa_addr->sa_family != AF_INET6) 573 continue; 574 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { 575 ours = 1; 576 deliverifp = ifa->ifa_ifp; 577 goto hbhcheck; 578 } 579 } 580 } 581 #endif 582 583 /* 584 * Now there is no reason to process the packet if it's not our own 585 * and we're not a router. 586 */ 587 if (!ip6_forwarding) { 588 IP6_STATINC(IP6_STAT_CANTFORWARD); 589 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 590 goto bad; 591 } 592 593 hbhcheck: 594 /* 595 * record address information into m_tag, if we don't have one yet. 596 * note that we are unable to record it, if the address is not listed 597 * as our interface address (e.g. multicast addresses, addresses 598 * within FAITH prefixes and such). 599 */ 600 if (deliverifp && ip6_getdstifaddr(m) == NULL) { 601 struct in6_ifaddr *ia6; 602 603 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 604 if (ia6 != NULL && ip6_setdstifaddr(m, ia6) == NULL) { 605 /* 606 * XXX maybe we should drop the packet here, 607 * as we could not provide enough information 608 * to the upper layers. 609 */ 610 } 611 } 612 613 /* 614 * Process Hop-by-Hop options header if it's contained. 615 * m may be modified in ip6_hopopts_input(). 616 * If a JumboPayload option is included, plen will also be modified. 617 */ 618 plen = (u_int32_t)ntohs(ip6->ip6_plen); 619 if (ip6->ip6_nxt == IPPROTO_HOPOPTS) { 620 struct ip6_hbh *hbh; 621 622 if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { 623 #if 0 /*touches NULL pointer*/ 624 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 625 #endif 626 return; /* m have already been freed */ 627 } 628 629 /* adjust pointer */ 630 ip6 = mtod(m, struct ip6_hdr *); 631 632 /* 633 * if the payload length field is 0 and the next header field 634 * indicates Hop-by-Hop Options header, then a Jumbo Payload 635 * option MUST be included. 636 */ 637 if (ip6->ip6_plen == 0 && plen == 0) { 638 /* 639 * Note that if a valid jumbo payload option is 640 * contained, ip6_hopopts_input() must set a valid 641 * (non-zero) payload length to the variable plen. 642 */ 643 IP6_STATINC(IP6_STAT_BADOPTIONS); 644 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard); 645 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 646 icmp6_error(m, ICMP6_PARAM_PROB, 647 ICMP6_PARAMPROB_HEADER, 648 (char *)&ip6->ip6_plen - (char *)ip6); 649 return; 650 } 651 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), 652 sizeof(struct ip6_hbh)); 653 if (hbh == NULL) { 654 IP6_STATINC(IP6_STAT_TOOSHORT); 655 return; 656 } 657 KASSERT(IP6_HDR_ALIGNED_P(hbh)); 658 nxt = hbh->ip6h_nxt; 659 660 /* 661 * accept the packet if a router alert option is included 662 * and we act as an IPv6 router. 663 */ 664 if (rtalert != ~0 && ip6_forwarding) 665 ours = 1; 666 } else 667 nxt = ip6->ip6_nxt; 668 669 /* 670 * Check that the amount of data in the buffers 671 * is as at least much as the IPv6 header would have us expect. 672 * Trim mbufs if longer than we expect. 673 * Drop packet if shorter than we expect. 674 */ 675 if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { 676 IP6_STATINC(IP6_STAT_TOOSHORT); 677 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); 678 goto bad; 679 } 680 if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) { 681 if (m->m_len == m->m_pkthdr.len) { 682 m->m_len = sizeof(struct ip6_hdr) + plen; 683 m->m_pkthdr.len = sizeof(struct ip6_hdr) + plen; 684 } else 685 m_adj(m, sizeof(struct ip6_hdr) + plen - m->m_pkthdr.len); 686 } 687 688 /* 689 * Forward if desirable. 690 */ 691 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 692 /* 693 * If we are acting as a multicast router, all 694 * incoming multicast packets are passed to the 695 * kernel-level multicast forwarding function. 696 * The packet is returned (relatively) intact; if 697 * ip6_mforward() returns a non-zero value, the packet 698 * must be discarded, else it may be accepted below. 699 */ 700 if (ip6_mrouter && ip6_mforward(ip6, m->m_pkthdr.rcvif, m)) { 701 IP6_STATINC(IP6_STAT_CANTFORWARD); 702 m_freem(m); 703 return; 704 } 705 if (!ours) { 706 m_freem(m); 707 return; 708 } 709 } else if (!ours) { 710 ip6_forward(m, srcrt); 711 return; 712 } 713 714 ip6 = mtod(m, struct ip6_hdr *); 715 716 /* 717 * Malicious party may be able to use IPv4 mapped addr to confuse 718 * tcp/udp stack and bypass security checks (act as if it was from 719 * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. 720 * 721 * For SIIT end node behavior, you may want to disable the check. 722 * However, you will become vulnerable to attacks using IPv4 mapped 723 * source. 724 */ 725 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 726 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 727 IP6_STATINC(IP6_STAT_BADSCOPE); 728 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); 729 goto bad; 730 } 731 732 /* 733 * Tell launch routine the next header 734 */ 735 #ifdef IFA_STATS 736 if (deliverifp != NULL) { 737 struct in6_ifaddr *ia6; 738 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); 739 if (ia6) 740 ia6->ia_ifa.ifa_data.ifad_inbytes += m->m_pkthdr.len; 741 } 742 #endif 743 IP6_STATINC(IP6_STAT_DELIVERED); 744 in6_ifstat_inc(deliverifp, ifs6_in_deliver); 745 nest = 0; 746 747 rh_present = 0; 748 while (nxt != IPPROTO_DONE) { 749 if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { 750 IP6_STATINC(IP6_STAT_TOOMANYHDR); 751 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); 752 goto bad; 753 } 754 755 /* 756 * protection against faulty packet - there should be 757 * more sanity checks in header chain processing. 758 */ 759 if (m->m_pkthdr.len < off) { 760 IP6_STATINC(IP6_STAT_TOOSHORT); 761 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated); 762 goto bad; 763 } 764 765 if (nxt == IPPROTO_ROUTING) { 766 if (rh_present++) { 767 in6_ifstat_inc(m->m_pkthdr.rcvif, 768 ifs6_in_hdrerr); 769 IP6_STATINC(IP6_STAT_BADOPTIONS); 770 goto bad; 771 } 772 } 773 774 #ifdef IPSEC 775 /* 776 * enforce IPsec policy checking if we are seeing last header. 777 * note that we do not visit this with protocols with pcb layer 778 * code - like udp/tcp/raw ip. 779 */ 780 if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && 781 ipsec6_in_reject(m, NULL)) { 782 IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); 783 goto bad; 784 } 785 #endif 786 #ifdef FAST_IPSEC 787 /* 788 * enforce IPsec policy checking if we are seeing last header. 789 * note that we do not visit this with protocols with pcb layer 790 * code - like udp/tcp/raw ip. 791 */ 792 if ((inet6sw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0) { 793 /* 794 * Check if the packet has already had IPsec processing 795 * done. If so, then just pass it along. This tag gets 796 * set during AH, ESP, etc. input handling, before the 797 * packet is returned to the ip input queue for delivery. 798 */ 799 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 800 s = splsoftnet(); 801 if (mtag != NULL) { 802 tdbi = (struct tdb_ident *)(mtag + 1); 803 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 804 } else { 805 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 806 IP_FORWARDING, &error); 807 } 808 if (sp != NULL) { 809 /* 810 * Check security policy against packet attributes. 811 */ 812 error = ipsec_in_reject(sp, m); 813 KEY_FREESP(&sp); 814 } else { 815 /* XXX error stat??? */ 816 error = EINVAL; 817 DPRINTF(("ip6_input: no SP, packet discarded\n"));/*XXX*/ 818 } 819 splx(s); 820 if (error) 821 goto bad; 822 } 823 #endif /* FAST_IPSEC */ 824 825 826 nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); 827 } 828 return; 829 bad: 830 m_freem(m); 831 } 832 833 /* 834 * set/grab in6_ifaddr correspond to IPv6 destination address. 835 */ 836 static struct m_tag * 837 ip6_setdstifaddr(struct mbuf *m, const struct in6_ifaddr *ia) 838 { 839 struct m_tag *mtag; 840 841 mtag = ip6_addaux(m); 842 if (mtag != NULL) { 843 struct ip6aux *ip6a; 844 845 ip6a = (struct ip6aux *)(mtag + 1); 846 in6_setscope(&ip6a->ip6a_src, ia->ia_ifp, &ip6a->ip6a_scope_id); 847 ip6a->ip6a_src = ia->ia_addr.sin6_addr; 848 ip6a->ip6a_flags = ia->ia6_flags; 849 } 850 return mtag; /* NULL if failed to set */ 851 } 852 853 const struct ip6aux * 854 ip6_getdstifaddr(struct mbuf *m) 855 { 856 struct m_tag *mtag; 857 858 mtag = ip6_findaux(m); 859 if (mtag != NULL) 860 return (struct ip6aux *)(mtag + 1); 861 else 862 return NULL; 863 } 864 865 /* 866 * Hop-by-Hop options header processing. If a valid jumbo payload option is 867 * included, the real payload length will be stored in plenp. 868 * 869 * rtalertp - XXX: should be stored more smart way 870 */ 871 static int 872 ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, 873 struct mbuf **mp, int *offp) 874 { 875 struct mbuf *m = *mp; 876 int off = *offp, hbhlen; 877 struct ip6_hbh *hbh; 878 879 /* validation of the length of the header */ 880 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, 881 sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); 882 if (hbh == NULL) { 883 IP6_STATINC(IP6_STAT_TOOSHORT); 884 return -1; 885 } 886 hbhlen = (hbh->ip6h_len + 1) << 3; 887 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), 888 hbhlen); 889 if (hbh == NULL) { 890 IP6_STATINC(IP6_STAT_TOOSHORT); 891 return -1; 892 } 893 KASSERT(IP6_HDR_ALIGNED_P(hbh)); 894 off += hbhlen; 895 hbhlen -= sizeof(struct ip6_hbh); 896 897 if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), 898 hbhlen, rtalertp, plenp) < 0) 899 return (-1); 900 901 *offp = off; 902 *mp = m; 903 return (0); 904 } 905 906 /* 907 * Search header for all Hop-by-hop options and process each option. 908 * This function is separate from ip6_hopopts_input() in order to 909 * handle a case where the sending node itself process its hop-by-hop 910 * options header. In such a case, the function is called from ip6_output(). 911 * 912 * The function assumes that hbh header is located right after the IPv6 header 913 * (RFC2460 p7), opthead is pointer into data content in m, and opthead to 914 * opthead + hbhlen is located in continuous memory region. 915 */ 916 int 917 ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, 918 u_int32_t *rtalertp, u_int32_t *plenp) 919 { 920 struct ip6_hdr *ip6; 921 int optlen = 0; 922 u_int8_t *opt = opthead; 923 u_int16_t rtalert_val; 924 u_int32_t jumboplen; 925 const int erroff = sizeof(struct ip6_hdr) + sizeof(struct ip6_hbh); 926 927 for (; hbhlen > 0; hbhlen -= optlen, opt += optlen) { 928 switch (*opt) { 929 case IP6OPT_PAD1: 930 optlen = 1; 931 break; 932 case IP6OPT_PADN: 933 if (hbhlen < IP6OPT_MINLEN) { 934 IP6_STATINC(IP6_STAT_TOOSMALL); 935 goto bad; 936 } 937 optlen = *(opt + 1) + 2; 938 break; 939 case IP6OPT_RTALERT: 940 /* XXX may need check for alignment */ 941 if (hbhlen < IP6OPT_RTALERT_LEN) { 942 IP6_STATINC(IP6_STAT_TOOSMALL); 943 goto bad; 944 } 945 if (*(opt + 1) != IP6OPT_RTALERT_LEN - 2) { 946 /* XXX stat */ 947 icmp6_error(m, ICMP6_PARAM_PROB, 948 ICMP6_PARAMPROB_HEADER, 949 erroff + opt + 1 - opthead); 950 return (-1); 951 } 952 optlen = IP6OPT_RTALERT_LEN; 953 bcopy((void *)(opt + 2), (void *)&rtalert_val, 2); 954 *rtalertp = ntohs(rtalert_val); 955 break; 956 case IP6OPT_JUMBO: 957 /* XXX may need check for alignment */ 958 if (hbhlen < IP6OPT_JUMBO_LEN) { 959 IP6_STATINC(IP6_STAT_TOOSMALL); 960 goto bad; 961 } 962 if (*(opt + 1) != IP6OPT_JUMBO_LEN - 2) { 963 /* XXX stat */ 964 icmp6_error(m, ICMP6_PARAM_PROB, 965 ICMP6_PARAMPROB_HEADER, 966 erroff + opt + 1 - opthead); 967 return (-1); 968 } 969 optlen = IP6OPT_JUMBO_LEN; 970 971 /* 972 * IPv6 packets that have non 0 payload length 973 * must not contain a jumbo payload option. 974 */ 975 ip6 = mtod(m, struct ip6_hdr *); 976 if (ip6->ip6_plen) { 977 IP6_STATINC(IP6_STAT_BADOPTIONS); 978 icmp6_error(m, ICMP6_PARAM_PROB, 979 ICMP6_PARAMPROB_HEADER, 980 erroff + opt - opthead); 981 return (-1); 982 } 983 984 /* 985 * We may see jumbolen in unaligned location, so 986 * we'd need to perform bcopy(). 987 */ 988 bcopy(opt + 2, &jumboplen, sizeof(jumboplen)); 989 jumboplen = (u_int32_t)htonl(jumboplen); 990 991 #if 1 992 /* 993 * if there are multiple jumbo payload options, 994 * *plenp will be non-zero and the packet will be 995 * rejected. 996 * the behavior may need some debate in ipngwg - 997 * multiple options does not make sense, however, 998 * there's no explicit mention in specification. 999 */ 1000 if (*plenp != 0) { 1001 IP6_STATINC(IP6_STAT_BADOPTIONS); 1002 icmp6_error(m, ICMP6_PARAM_PROB, 1003 ICMP6_PARAMPROB_HEADER, 1004 erroff + opt + 2 - opthead); 1005 return (-1); 1006 } 1007 #endif 1008 1009 /* 1010 * jumbo payload length must be larger than 65535. 1011 */ 1012 if (jumboplen <= IPV6_MAXPACKET) { 1013 IP6_STATINC(IP6_STAT_BADOPTIONS); 1014 icmp6_error(m, ICMP6_PARAM_PROB, 1015 ICMP6_PARAMPROB_HEADER, 1016 erroff + opt + 2 - opthead); 1017 return (-1); 1018 } 1019 *plenp = jumboplen; 1020 1021 break; 1022 default: /* unknown option */ 1023 if (hbhlen < IP6OPT_MINLEN) { 1024 IP6_STATINC(IP6_STAT_TOOSMALL); 1025 goto bad; 1026 } 1027 optlen = ip6_unknown_opt(opt, m, 1028 erroff + opt - opthead); 1029 if (optlen == -1) 1030 return (-1); 1031 optlen += 2; 1032 break; 1033 } 1034 } 1035 1036 return (0); 1037 1038 bad: 1039 m_freem(m); 1040 return (-1); 1041 } 1042 1043 /* 1044 * Unknown option processing. 1045 * The third argument `off' is the offset from the IPv6 header to the option, 1046 * which is necessary if the IPv6 header the and option header and IPv6 header 1047 * is not continuous in order to return an ICMPv6 error. 1048 */ 1049 int 1050 ip6_unknown_opt(u_int8_t *optp, struct mbuf *m, int off) 1051 { 1052 struct ip6_hdr *ip6; 1053 1054 switch (IP6OPT_TYPE(*optp)) { 1055 case IP6OPT_TYPE_SKIP: /* ignore the option */ 1056 return ((int)*(optp + 1)); 1057 case IP6OPT_TYPE_DISCARD: /* silently discard */ 1058 m_freem(m); 1059 return (-1); 1060 case IP6OPT_TYPE_FORCEICMP: /* send ICMP even if multicasted */ 1061 IP6_STATINC(IP6_STAT_BADOPTIONS); 1062 icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, off); 1063 return (-1); 1064 case IP6OPT_TYPE_ICMP: /* send ICMP if not multicasted */ 1065 IP6_STATINC(IP6_STAT_BADOPTIONS); 1066 ip6 = mtod(m, struct ip6_hdr *); 1067 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || 1068 (m->m_flags & (M_BCAST|M_MCAST))) 1069 m_freem(m); 1070 else 1071 icmp6_error(m, ICMP6_PARAM_PROB, 1072 ICMP6_PARAMPROB_OPTION, off); 1073 return (-1); 1074 } 1075 1076 m_freem(m); /* XXX: NOTREACHED */ 1077 return (-1); 1078 } 1079 1080 /* 1081 * Create the "control" list for this pcb. 1082 * 1083 * The routine will be called from upper layer handlers like tcp6_input(). 1084 * Thus the routine assumes that the caller (tcp6_input) have already 1085 * called IP6_EXTHDR_CHECK() and all the extension headers are located in the 1086 * very first mbuf on the mbuf chain. 1087 * We may want to add some infinite loop prevention or sanity checks for safety. 1088 * (This applies only when you are using KAME mbuf chain restriction, i.e. 1089 * you are using IP6_EXTHDR_CHECK() not m_pulldown()) 1090 */ 1091 void 1092 ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, 1093 struct ip6_hdr *ip6, struct mbuf *m) 1094 { 1095 #ifdef RFC2292 1096 #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) 1097 #else 1098 #define IS2292(x, y) (y) 1099 #endif 1100 1101 #ifdef SO_TIMESTAMP 1102 if (in6p->in6p_socket->so_options & SO_TIMESTAMP) { 1103 struct timeval tv; 1104 1105 microtime(&tv); 1106 *mp = sbcreatecontrol((void *) &tv, sizeof(tv), 1107 SCM_TIMESTAMP, SOL_SOCKET); 1108 if (*mp) 1109 mp = &(*mp)->m_next; 1110 } 1111 #endif 1112 1113 /* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ 1114 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) 1115 return; 1116 1117 /* RFC 2292 sec. 5 */ 1118 if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) { 1119 struct in6_pktinfo pi6; 1120 1121 bcopy(&ip6->ip6_dst, &pi6.ipi6_addr, sizeof(struct in6_addr)); 1122 in6_clearscope(&pi6.ipi6_addr); /* XXX */ 1123 pi6.ipi6_ifindex = m->m_pkthdr.rcvif ? 1124 m->m_pkthdr.rcvif->if_index : 0; 1125 *mp = sbcreatecontrol((void *) &pi6, 1126 sizeof(struct in6_pktinfo), 1127 IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); 1128 if (*mp) 1129 mp = &(*mp)->m_next; 1130 } 1131 1132 if (in6p->in6p_flags & IN6P_HOPLIMIT) { 1133 int hlim = ip6->ip6_hlim & 0xff; 1134 1135 *mp = sbcreatecontrol((void *) &hlim, sizeof(int), 1136 IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); 1137 if (*mp) 1138 mp = &(*mp)->m_next; 1139 } 1140 1141 if ((in6p->in6p_flags & IN6P_TCLASS) != 0) { 1142 u_int32_t flowinfo; 1143 int tclass; 1144 1145 flowinfo = (u_int32_t)ntohl(ip6->ip6_flow & IPV6_FLOWINFO_MASK); 1146 flowinfo >>= 20; 1147 1148 tclass = flowinfo & 0xff; 1149 *mp = sbcreatecontrol((void *)&tclass, sizeof(tclass), 1150 IPV6_TCLASS, IPPROTO_IPV6); 1151 1152 if (*mp) 1153 mp = &(*mp)->m_next; 1154 } 1155 1156 /* 1157 * IPV6_HOPOPTS socket option. Recall that we required super-user 1158 * privilege for the option (see ip6_ctloutput), but it might be too 1159 * strict, since there might be some hop-by-hop options which can be 1160 * returned to normal user. 1161 * See also RFC3542 section 8 (or RFC2292 section 6). 1162 */ 1163 if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0) { 1164 /* 1165 * Check if a hop-by-hop options header is contatined in the 1166 * received packet, and if so, store the options as ancillary 1167 * data. Note that a hop-by-hop options header must be 1168 * just after the IPv6 header, which fact is assured through 1169 * the IPv6 input processing. 1170 */ 1171 struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *); 1172 if (xip6->ip6_nxt == IPPROTO_HOPOPTS) { 1173 struct ip6_hbh *hbh; 1174 int hbhlen; 1175 struct mbuf *ext; 1176 1177 ext = ip6_pullexthdr(m, sizeof(struct ip6_hdr), 1178 xip6->ip6_nxt); 1179 if (ext == NULL) { 1180 IP6_STATINC(IP6_STAT_TOOSHORT); 1181 return; 1182 } 1183 hbh = mtod(ext, struct ip6_hbh *); 1184 hbhlen = (hbh->ip6h_len + 1) << 3; 1185 if (hbhlen != ext->m_len) { 1186 m_freem(ext); 1187 IP6_STATINC(IP6_STAT_TOOSHORT); 1188 return; 1189 } 1190 1191 /* 1192 * XXX: We copy whole the header even if a jumbo 1193 * payload option is included, which option is to 1194 * be removed before returning in the RFC 2292. 1195 * Note: this constraint is removed in RFC3542. 1196 */ 1197 *mp = sbcreatecontrol((void *)hbh, hbhlen, 1198 IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), 1199 IPPROTO_IPV6); 1200 if (*mp) 1201 mp = &(*mp)->m_next; 1202 m_freem(ext); 1203 } 1204 } 1205 1206 /* IPV6_DSTOPTS and IPV6_RTHDR socket options */ 1207 if (in6p->in6p_flags & (IN6P_DSTOPTS | IN6P_RTHDR)) { 1208 struct ip6_hdr *xip6 = mtod(m, struct ip6_hdr *); 1209 int nxt = xip6->ip6_nxt, off = sizeof(struct ip6_hdr); 1210 1211 /* 1212 * Search for destination options headers or routing 1213 * header(s) through the header chain, and stores each 1214 * header as ancillary data. 1215 * Note that the order of the headers remains in 1216 * the chain of ancillary data. 1217 */ 1218 for (;;) { /* is explicit loop prevention necessary? */ 1219 struct ip6_ext *ip6e = NULL; 1220 int elen; 1221 struct mbuf *ext = NULL; 1222 1223 /* 1224 * if it is not an extension header, don't try to 1225 * pull it from the chain. 1226 */ 1227 switch (nxt) { 1228 case IPPROTO_DSTOPTS: 1229 case IPPROTO_ROUTING: 1230 case IPPROTO_HOPOPTS: 1231 case IPPROTO_AH: /* is it possible? */ 1232 break; 1233 default: 1234 goto loopend; 1235 } 1236 1237 ext = ip6_pullexthdr(m, off, nxt); 1238 if (ext == NULL) { 1239 IP6_STATINC(IP6_STAT_TOOSHORT); 1240 return; 1241 } 1242 ip6e = mtod(ext, struct ip6_ext *); 1243 if (nxt == IPPROTO_AH) 1244 elen = (ip6e->ip6e_len + 2) << 2; 1245 else 1246 elen = (ip6e->ip6e_len + 1) << 3; 1247 if (elen != ext->m_len) { 1248 m_freem(ext); 1249 IP6_STATINC(IP6_STAT_TOOSHORT); 1250 return; 1251 } 1252 KASSERT(IP6_HDR_ALIGNED_P(ip6e)); 1253 1254 switch (nxt) { 1255 case IPPROTO_DSTOPTS: 1256 if (!in6p->in6p_flags & IN6P_DSTOPTS) 1257 break; 1258 1259 *mp = sbcreatecontrol((void *)ip6e, elen, 1260 IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), 1261 IPPROTO_IPV6); 1262 if (*mp) 1263 mp = &(*mp)->m_next; 1264 break; 1265 1266 case IPPROTO_ROUTING: 1267 if (!in6p->in6p_flags & IN6P_RTHDR) 1268 break; 1269 1270 *mp = sbcreatecontrol((void *)ip6e, elen, 1271 IS2292(IPV6_2292RTHDR, IPV6_RTHDR), 1272 IPPROTO_IPV6); 1273 if (*mp) 1274 mp = &(*mp)->m_next; 1275 break; 1276 1277 case IPPROTO_HOPOPTS: 1278 case IPPROTO_AH: /* is it possible? */ 1279 break; 1280 1281 default: 1282 /* 1283 * other cases have been filtered in the above. 1284 * none will visit this case. here we supply 1285 * the code just in case (nxt overwritten or 1286 * other cases). 1287 */ 1288 m_freem(ext); 1289 goto loopend; 1290 1291 } 1292 1293 /* proceed with the next header. */ 1294 off += elen; 1295 nxt = ip6e->ip6e_nxt; 1296 ip6e = NULL; 1297 m_freem(ext); 1298 ext = NULL; 1299 } 1300 loopend: 1301 ; 1302 } 1303 } 1304 #undef IS2292 1305 1306 1307 void 1308 ip6_notify_pmtu(struct in6pcb *in6p, const struct sockaddr_in6 *dst, 1309 uint32_t *mtu) 1310 { 1311 struct socket *so; 1312 struct mbuf *m_mtu; 1313 struct ip6_mtuinfo mtuctl; 1314 1315 so = in6p->in6p_socket; 1316 1317 if (mtu == NULL) 1318 return; 1319 1320 #ifdef DIAGNOSTIC 1321 if (so == NULL) /* I believe this is impossible */ 1322 panic("ip6_notify_pmtu: socket is NULL"); 1323 #endif 1324 1325 memset(&mtuctl, 0, sizeof(mtuctl)); /* zero-clear for safety */ 1326 mtuctl.ip6m_mtu = *mtu; 1327 mtuctl.ip6m_addr = *dst; 1328 if (sa6_recoverscope(&mtuctl.ip6m_addr)) 1329 return; 1330 1331 if ((m_mtu = sbcreatecontrol((void *)&mtuctl, sizeof(mtuctl), 1332 IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) 1333 return; 1334 1335 if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) 1336 == 0) { 1337 m_freem(m_mtu); 1338 /* XXX: should count statistics */ 1339 } else 1340 sorwakeup(so); 1341 1342 return; 1343 } 1344 1345 /* 1346 * pull single extension header from mbuf chain. returns single mbuf that 1347 * contains the result, or NULL on error. 1348 */ 1349 static struct mbuf * 1350 ip6_pullexthdr(struct mbuf *m, size_t off, int nxt) 1351 { 1352 struct ip6_ext ip6e; 1353 size_t elen; 1354 struct mbuf *n; 1355 1356 #ifdef DIAGNOSTIC 1357 switch (nxt) { 1358 case IPPROTO_DSTOPTS: 1359 case IPPROTO_ROUTING: 1360 case IPPROTO_HOPOPTS: 1361 case IPPROTO_AH: /* is it possible? */ 1362 break; 1363 default: 1364 printf("ip6_pullexthdr: invalid nxt=%d\n", nxt); 1365 } 1366 #endif 1367 1368 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1369 if (nxt == IPPROTO_AH) 1370 elen = (ip6e.ip6e_len + 2) << 2; 1371 else 1372 elen = (ip6e.ip6e_len + 1) << 3; 1373 1374 MGET(n, M_DONTWAIT, MT_DATA); 1375 if (n && elen >= MLEN) { 1376 MCLGET(n, M_DONTWAIT); 1377 if ((n->m_flags & M_EXT) == 0) { 1378 m_free(n); 1379 n = NULL; 1380 } 1381 } 1382 if (!n) 1383 return NULL; 1384 1385 n->m_len = 0; 1386 if (elen >= M_TRAILINGSPACE(n)) { 1387 m_free(n); 1388 return NULL; 1389 } 1390 1391 m_copydata(m, off, elen, mtod(n, void *)); 1392 n->m_len = elen; 1393 return n; 1394 } 1395 1396 /* 1397 * Get pointer to the previous header followed by the header 1398 * currently processed. 1399 * XXX: This function supposes that 1400 * M includes all headers, 1401 * the next header field and the header length field of each header 1402 * are valid, and 1403 * the sum of each header length equals to OFF. 1404 * Because of these assumptions, this function must be called very 1405 * carefully. Moreover, it will not be used in the near future when 1406 * we develop `neater' mechanism to process extension headers. 1407 */ 1408 u_int8_t * 1409 ip6_get_prevhdr(struct mbuf *m, int off) 1410 { 1411 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 1412 1413 if (off == sizeof(struct ip6_hdr)) 1414 return (&ip6->ip6_nxt); 1415 else { 1416 int len, nxt; 1417 struct ip6_ext *ip6e = NULL; 1418 1419 nxt = ip6->ip6_nxt; 1420 len = sizeof(struct ip6_hdr); 1421 while (len < off) { 1422 ip6e = (struct ip6_ext *)(mtod(m, char *) + len); 1423 1424 switch (nxt) { 1425 case IPPROTO_FRAGMENT: 1426 len += sizeof(struct ip6_frag); 1427 break; 1428 case IPPROTO_AH: 1429 len += (ip6e->ip6e_len + 2) << 2; 1430 break; 1431 default: 1432 len += (ip6e->ip6e_len + 1) << 3; 1433 break; 1434 } 1435 nxt = ip6e->ip6e_nxt; 1436 } 1437 if (ip6e) 1438 return (&ip6e->ip6e_nxt); 1439 else 1440 return NULL; 1441 } 1442 } 1443 1444 /* 1445 * get next header offset. m will be retained. 1446 */ 1447 int 1448 ip6_nexthdr(struct mbuf *m, int off, int proto, int *nxtp) 1449 { 1450 struct ip6_hdr ip6; 1451 struct ip6_ext ip6e; 1452 struct ip6_frag fh; 1453 1454 /* just in case */ 1455 if (m == NULL) 1456 panic("ip6_nexthdr: m == NULL"); 1457 if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) 1458 return -1; 1459 1460 switch (proto) { 1461 case IPPROTO_IPV6: 1462 /* do not chase beyond intermediate IPv6 headers */ 1463 if (off != 0) 1464 return -1; 1465 if (m->m_pkthdr.len < off + sizeof(ip6)) 1466 return -1; 1467 m_copydata(m, off, sizeof(ip6), (void *)&ip6); 1468 if (nxtp) 1469 *nxtp = ip6.ip6_nxt; 1470 off += sizeof(ip6); 1471 return off; 1472 1473 case IPPROTO_FRAGMENT: 1474 /* 1475 * terminate parsing if it is not the first fragment, 1476 * it does not make sense to parse through it. 1477 */ 1478 if (m->m_pkthdr.len < off + sizeof(fh)) 1479 return -1; 1480 m_copydata(m, off, sizeof(fh), (void *)&fh); 1481 if ((fh.ip6f_offlg & IP6F_OFF_MASK) != 0) 1482 return -1; 1483 if (nxtp) 1484 *nxtp = fh.ip6f_nxt; 1485 off += sizeof(struct ip6_frag); 1486 return off; 1487 1488 case IPPROTO_AH: 1489 if (m->m_pkthdr.len < off + sizeof(ip6e)) 1490 return -1; 1491 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1492 if (nxtp) 1493 *nxtp = ip6e.ip6e_nxt; 1494 off += (ip6e.ip6e_len + 2) << 2; 1495 if (m->m_pkthdr.len < off) 1496 return -1; 1497 return off; 1498 1499 case IPPROTO_HOPOPTS: 1500 case IPPROTO_ROUTING: 1501 case IPPROTO_DSTOPTS: 1502 if (m->m_pkthdr.len < off + sizeof(ip6e)) 1503 return -1; 1504 m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); 1505 if (nxtp) 1506 *nxtp = ip6e.ip6e_nxt; 1507 off += (ip6e.ip6e_len + 1) << 3; 1508 if (m->m_pkthdr.len < off) 1509 return -1; 1510 return off; 1511 1512 case IPPROTO_NONE: 1513 case IPPROTO_ESP: 1514 case IPPROTO_IPCOMP: 1515 /* give up */ 1516 return -1; 1517 1518 default: 1519 return -1; 1520 } 1521 } 1522 1523 /* 1524 * get offset for the last header in the chain. m will be kept untainted. 1525 */ 1526 int 1527 ip6_lasthdr(struct mbuf *m, int off, int proto, int *nxtp) 1528 { 1529 int newoff; 1530 int nxt; 1531 1532 if (!nxtp) { 1533 nxt = -1; 1534 nxtp = &nxt; 1535 } 1536 for (;;) { 1537 newoff = ip6_nexthdr(m, off, proto, nxtp); 1538 if (newoff < 0) 1539 return off; 1540 else if (newoff < off) 1541 return -1; /* invalid */ 1542 else if (newoff == off) 1543 return newoff; 1544 1545 off = newoff; 1546 proto = *nxtp; 1547 } 1548 } 1549 1550 struct m_tag * 1551 ip6_addaux(struct mbuf *m) 1552 { 1553 struct m_tag *mtag; 1554 1555 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1556 if (!mtag) { 1557 mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), 1558 M_NOWAIT); 1559 if (mtag) { 1560 m_tag_prepend(m, mtag); 1561 bzero(mtag + 1, sizeof(struct ip6aux)); 1562 } 1563 } 1564 return mtag; 1565 } 1566 1567 struct m_tag * 1568 ip6_findaux(struct mbuf *m) 1569 { 1570 struct m_tag *mtag; 1571 1572 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1573 return mtag; 1574 } 1575 1576 void 1577 ip6_delaux(struct mbuf *m) 1578 { 1579 struct m_tag *mtag; 1580 1581 mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); 1582 if (mtag) 1583 m_tag_delete(m, mtag); 1584 } 1585 1586 #ifdef GATEWAY 1587 /* 1588 * sysctl helper routine for net.inet.ip6.maxflows. Since 1589 * we could reduce this value, call ip6flow_reap(); 1590 */ 1591 static int 1592 sysctl_net_inet6_ip6_maxflows(SYSCTLFN_ARGS) 1593 { 1594 int s; 1595 1596 s = sysctl_lookup(SYSCTLFN_CALL(rnode)); 1597 if (s || newp == NULL) 1598 return (s); 1599 1600 s = splsoftnet(); 1601 ip6flow_reap(0); 1602 splx(s); 1603 1604 return (0); 1605 } 1606 1607 static int 1608 sysctl_net_inet6_ip6_hashsize(SYSCTLFN_ARGS) 1609 { 1610 int error, tmp; 1611 struct sysctlnode node; 1612 1613 node = *rnode; 1614 tmp = ip6_hashsize; 1615 node.sysctl_data = &tmp; 1616 error = sysctl_lookup(SYSCTLFN_CALL(&node)); 1617 if (error || newp == NULL) 1618 return (error); 1619 1620 if ((tmp & (tmp - 1)) == 0 && tmp != 0) { 1621 /* 1622 * Can only fail due to malloc() 1623 */ 1624 if (ip6flow_invalidate_all(tmp)) 1625 return ENOMEM; 1626 } else { 1627 /* 1628 * EINVAL if not a power of 2 1629 */ 1630 return EINVAL; 1631 } 1632 1633 return (0); 1634 } 1635 #endif /* GATEWAY */ 1636 1637 /* 1638 * System control for IP6 1639 */ 1640 1641 u_char inet6ctlerrmap[PRC_NCMDS] = { 1642 0, 0, 0, 0, 1643 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1644 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1645 EMSGSIZE, EHOSTUNREACH, 0, 0, 1646 0, 0, 0, 0, 1647 ENOPROTOOPT 1648 }; 1649 1650 static int 1651 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS) 1652 { 1653 netstat_sysctl_context ctx; 1654 uint64_t ip6s[IP6_NSTATS]; 1655 1656 ctx.ctx_stat = ip6stat_percpu; 1657 ctx.ctx_counters = ip6s; 1658 ctx.ctx_ncounters = IP6_NSTATS; 1659 return (NETSTAT_SYSCTL(&ctx)); 1660 } 1661 1662 SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, "sysctl net.inet6.ip6 subtree setup") 1663 { 1664 #ifdef RFC2292 1665 #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) 1666 #else 1667 #define IS2292(x, y) (y) 1668 #endif 1669 1670 sysctl_createv(clog, 0, NULL, NULL, 1671 CTLFLAG_PERMANENT, 1672 CTLTYPE_NODE, "net", NULL, 1673 NULL, 0, NULL, 0, 1674 CTL_NET, CTL_EOL); 1675 sysctl_createv(clog, 0, NULL, NULL, 1676 CTLFLAG_PERMANENT, 1677 CTLTYPE_NODE, "inet6", 1678 SYSCTL_DESCR("PF_INET6 related settings"), 1679 NULL, 0, NULL, 0, 1680 CTL_NET, PF_INET6, CTL_EOL); 1681 sysctl_createv(clog, 0, NULL, NULL, 1682 CTLFLAG_PERMANENT, 1683 CTLTYPE_NODE, "ip6", 1684 SYSCTL_DESCR("IPv6 related settings"), 1685 NULL, 0, NULL, 0, 1686 CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_EOL); 1687 1688 sysctl_createv(clog, 0, NULL, NULL, 1689 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1690 CTLTYPE_INT, "forwarding", 1691 SYSCTL_DESCR("Enable forwarding of INET6 datagrams"), 1692 NULL, 0, &ip6_forwarding, 0, 1693 CTL_NET, PF_INET6, IPPROTO_IPV6, 1694 IPV6CTL_FORWARDING, CTL_EOL); 1695 sysctl_createv(clog, 0, NULL, NULL, 1696 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1697 CTLTYPE_INT, "redirect", 1698 SYSCTL_DESCR("Enable sending of ICMPv6 redirect messages"), 1699 NULL, 0, &ip6_sendredirects, 0, 1700 CTL_NET, PF_INET6, IPPROTO_IPV6, 1701 IPV6CTL_SENDREDIRECTS, CTL_EOL); 1702 sysctl_createv(clog, 0, NULL, NULL, 1703 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1704 CTLTYPE_INT, "hlim", 1705 SYSCTL_DESCR("Hop limit for an INET6 datagram"), 1706 NULL, 0, &ip6_defhlim, 0, 1707 CTL_NET, PF_INET6, IPPROTO_IPV6, 1708 IPV6CTL_DEFHLIM, CTL_EOL); 1709 #ifdef notyet 1710 sysctl_createv(clog, 0, NULL, NULL, 1711 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1712 CTLTYPE_INT, "mtu", NULL, 1713 NULL, 0, &, 0, 1714 CTL_NET, PF_INET6, IPPROTO_IPV6, 1715 IPV6CTL_DEFMTU, CTL_EOL); 1716 #endif 1717 #ifdef __no_idea__ 1718 sysctl_createv(clog, 0, NULL, NULL, 1719 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1720 CTLTYPE_INT, "forwsrcrt", NULL, 1721 NULL, 0, &?, 0, 1722 CTL_NET, PF_INET6, IPPROTO_IPV6, 1723 IPV6CTL_FORWSRCRT, CTL_EOL); 1724 sysctl_createv(clog, 0, NULL, NULL, 1725 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1726 CTLTYPE_STRUCT, "mrtstats", NULL, 1727 NULL, 0, &?, sizeof(?), 1728 CTL_NET, PF_INET6, IPPROTO_IPV6, 1729 IPV6CTL_MRTSTATS, CTL_EOL); 1730 sysctl_createv(clog, 0, NULL, NULL, 1731 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1732 CTLTYPE_?, "mrtproto", NULL, 1733 NULL, 0, &?, sizeof(?), 1734 CTL_NET, PF_INET6, IPPROTO_IPV6, 1735 IPV6CTL_MRTPROTO, CTL_EOL); 1736 #endif 1737 sysctl_createv(clog, 0, NULL, NULL, 1738 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1739 CTLTYPE_INT, "maxfragpackets", 1740 SYSCTL_DESCR("Maximum number of fragments to buffer " 1741 "for reassembly"), 1742 NULL, 0, &ip6_maxfragpackets, 0, 1743 CTL_NET, PF_INET6, IPPROTO_IPV6, 1744 IPV6CTL_MAXFRAGPACKETS, CTL_EOL); 1745 #ifdef __no_idea__ 1746 sysctl_createv(clog, 0, NULL, NULL, 1747 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1748 CTLTYPE_INT, "sourcecheck", NULL, 1749 NULL, 0, &?, 0, 1750 CTL_NET, PF_INET6, IPPROTO_IPV6, 1751 IPV6CTL_SOURCECHECK, CTL_EOL); 1752 sysctl_createv(clog, 0, NULL, NULL, 1753 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1754 CTLTYPE_INT, "sourcecheck_logint", NULL, 1755 NULL, 0, &?, 0, 1756 CTL_NET, PF_INET6, IPPROTO_IPV6, 1757 IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL); 1758 #endif 1759 sysctl_createv(clog, 0, NULL, NULL, 1760 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1761 CTLTYPE_INT, "accept_rtadv", 1762 SYSCTL_DESCR("Accept router advertisements"), 1763 NULL, 0, &ip6_accept_rtadv, 0, 1764 CTL_NET, PF_INET6, IPPROTO_IPV6, 1765 IPV6CTL_ACCEPT_RTADV, CTL_EOL); 1766 sysctl_createv(clog, 0, NULL, NULL, 1767 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1768 CTLTYPE_INT, "keepfaith", 1769 SYSCTL_DESCR("Activate faith interface"), 1770 NULL, 0, &ip6_keepfaith, 0, 1771 CTL_NET, PF_INET6, IPPROTO_IPV6, 1772 IPV6CTL_KEEPFAITH, CTL_EOL); 1773 sysctl_createv(clog, 0, NULL, NULL, 1774 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1775 CTLTYPE_INT, "log_interval", 1776 SYSCTL_DESCR("Minumum interval between logging " 1777 "unroutable packets"), 1778 NULL, 0, &ip6_log_interval, 0, 1779 CTL_NET, PF_INET6, IPPROTO_IPV6, 1780 IPV6CTL_LOG_INTERVAL, CTL_EOL); 1781 sysctl_createv(clog, 0, NULL, NULL, 1782 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1783 CTLTYPE_INT, "hdrnestlimit", 1784 SYSCTL_DESCR("Maximum number of nested IPv6 headers"), 1785 NULL, 0, &ip6_hdrnestlimit, 0, 1786 CTL_NET, PF_INET6, IPPROTO_IPV6, 1787 IPV6CTL_HDRNESTLIMIT, CTL_EOL); 1788 sysctl_createv(clog, 0, NULL, NULL, 1789 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1790 CTLTYPE_INT, "dad_count", 1791 SYSCTL_DESCR("Number of Duplicate Address Detection " 1792 "probes to send"), 1793 NULL, 0, &ip6_dad_count, 0, 1794 CTL_NET, PF_INET6, IPPROTO_IPV6, 1795 IPV6CTL_DAD_COUNT, CTL_EOL); 1796 sysctl_createv(clog, 0, NULL, NULL, 1797 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1798 CTLTYPE_INT, "auto_flowlabel", 1799 SYSCTL_DESCR("Assign random IPv6 flow labels"), 1800 NULL, 0, &ip6_auto_flowlabel, 0, 1801 CTL_NET, PF_INET6, IPPROTO_IPV6, 1802 IPV6CTL_AUTO_FLOWLABEL, CTL_EOL); 1803 sysctl_createv(clog, 0, NULL, NULL, 1804 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1805 CTLTYPE_INT, "defmcasthlim", 1806 SYSCTL_DESCR("Default multicast hop limit"), 1807 NULL, 0, &ip6_defmcasthlim, 0, 1808 CTL_NET, PF_INET6, IPPROTO_IPV6, 1809 IPV6CTL_DEFMCASTHLIM, CTL_EOL); 1810 #if NGIF > 0 1811 sysctl_createv(clog, 0, NULL, NULL, 1812 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1813 CTLTYPE_INT, "gifhlim", 1814 SYSCTL_DESCR("Default hop limit for a gif tunnel datagram"), 1815 NULL, 0, &ip6_gif_hlim, 0, 1816 CTL_NET, PF_INET6, IPPROTO_IPV6, 1817 IPV6CTL_GIF_HLIM, CTL_EOL); 1818 #endif /* NGIF */ 1819 sysctl_createv(clog, 0, NULL, NULL, 1820 CTLFLAG_PERMANENT, 1821 CTLTYPE_STRING, "kame_version", 1822 SYSCTL_DESCR("KAME Version"), 1823 NULL, 0, __UNCONST(__KAME_VERSION), 0, 1824 CTL_NET, PF_INET6, IPPROTO_IPV6, 1825 IPV6CTL_KAME_VERSION, CTL_EOL); 1826 sysctl_createv(clog, 0, NULL, NULL, 1827 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1828 CTLTYPE_INT, "use_deprecated", 1829 SYSCTL_DESCR("Allow use of deprecated addresses as " 1830 "source addresses"), 1831 NULL, 0, &ip6_use_deprecated, 0, 1832 CTL_NET, PF_INET6, IPPROTO_IPV6, 1833 IPV6CTL_USE_DEPRECATED, CTL_EOL); 1834 sysctl_createv(clog, 0, NULL, NULL, 1835 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1836 CTLTYPE_INT, "rr_prune", NULL, 1837 NULL, 0, &ip6_rr_prune, 0, 1838 CTL_NET, PF_INET6, IPPROTO_IPV6, 1839 IPV6CTL_RR_PRUNE, CTL_EOL); 1840 sysctl_createv(clog, 0, NULL, NULL, 1841 CTLFLAG_PERMANENT 1842 #ifndef INET6_BINDV6ONLY 1843 |CTLFLAG_READWRITE, 1844 #endif 1845 CTLTYPE_INT, "v6only", 1846 SYSCTL_DESCR("Disallow PF_INET6 sockets from connecting " 1847 "to PF_INET sockets"), 1848 NULL, 0, &ip6_v6only, 0, 1849 CTL_NET, PF_INET6, IPPROTO_IPV6, 1850 IPV6CTL_V6ONLY, CTL_EOL); 1851 sysctl_createv(clog, 0, NULL, NULL, 1852 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1853 CTLTYPE_INT, "anonportmin", 1854 SYSCTL_DESCR("Lowest ephemeral port number to assign"), 1855 sysctl_net_inet_ip_ports, 0, &ip6_anonportmin, 0, 1856 CTL_NET, PF_INET6, IPPROTO_IPV6, 1857 IPV6CTL_ANONPORTMIN, CTL_EOL); 1858 sysctl_createv(clog, 0, NULL, NULL, 1859 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1860 CTLTYPE_INT, "anonportmax", 1861 SYSCTL_DESCR("Highest ephemeral port number to assign"), 1862 sysctl_net_inet_ip_ports, 0, &ip6_anonportmax, 0, 1863 CTL_NET, PF_INET6, IPPROTO_IPV6, 1864 IPV6CTL_ANONPORTMAX, CTL_EOL); 1865 #ifndef IPNOPRIVPORTS 1866 sysctl_createv(clog, 0, NULL, NULL, 1867 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1868 CTLTYPE_INT, "lowportmin", 1869 SYSCTL_DESCR("Lowest privileged ephemeral port number " 1870 "to assign"), 1871 sysctl_net_inet_ip_ports, 0, &ip6_lowportmin, 0, 1872 CTL_NET, PF_INET6, IPPROTO_IPV6, 1873 IPV6CTL_LOWPORTMIN, CTL_EOL); 1874 sysctl_createv(clog, 0, NULL, NULL, 1875 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1876 CTLTYPE_INT, "lowportmax", 1877 SYSCTL_DESCR("Highest privileged ephemeral port number " 1878 "to assign"), 1879 sysctl_net_inet_ip_ports, 0, &ip6_lowportmax, 0, 1880 CTL_NET, PF_INET6, IPPROTO_IPV6, 1881 IPV6CTL_LOWPORTMAX, CTL_EOL); 1882 #endif /* IPNOPRIVPORTS */ 1883 sysctl_createv(clog, 0, NULL, NULL, 1884 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1885 CTLTYPE_INT, "use_tempaddr", 1886 SYSCTL_DESCR("Use temporary address"), 1887 NULL, 0, &ip6_use_tempaddr, 0, 1888 CTL_NET, PF_INET6, IPPROTO_IPV6, 1889 CTL_CREATE, CTL_EOL); 1890 sysctl_createv(clog, 0, NULL, NULL, 1891 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1892 CTLTYPE_INT, "temppltime", 1893 SYSCTL_DESCR("preferred lifetime of a temporary address"), 1894 NULL, 0, &ip6_temp_preferred_lifetime, 0, 1895 CTL_NET, PF_INET6, IPPROTO_IPV6, 1896 CTL_CREATE, CTL_EOL); 1897 sysctl_createv(clog, 0, NULL, NULL, 1898 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1899 CTLTYPE_INT, "tempvltime", 1900 SYSCTL_DESCR("valid lifetime of a temporary address"), 1901 NULL, 0, &ip6_temp_valid_lifetime, 0, 1902 CTL_NET, PF_INET6, IPPROTO_IPV6, 1903 CTL_CREATE, CTL_EOL); 1904 sysctl_createv(clog, 0, NULL, NULL, 1905 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1906 CTLTYPE_INT, "maxfrags", 1907 SYSCTL_DESCR("Maximum fragments in reassembly queue"), 1908 NULL, 0, &ip6_maxfrags, 0, 1909 CTL_NET, PF_INET6, IPPROTO_IPV6, 1910 IPV6CTL_MAXFRAGS, CTL_EOL); 1911 sysctl_createv(clog, 0, NULL, NULL, 1912 CTLFLAG_PERMANENT, 1913 CTLTYPE_STRUCT, "stats", 1914 SYSCTL_DESCR("IPv6 statistics"), 1915 sysctl_net_inet6_ip6_stats, 0, NULL, 0, 1916 CTL_NET, PF_INET6, IPPROTO_IPV6, 1917 IPV6CTL_STATS, CTL_EOL); 1918 sysctl_createv(clog, 0, NULL, NULL, 1919 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1920 CTLTYPE_INT, "use_defaultzone", 1921 SYSCTL_DESCR("Whether to use the default scope zones"), 1922 NULL, 0, &ip6_use_defzone, 0, 1923 CTL_NET, PF_INET6, IPPROTO_IPV6, 1924 IPV6CTL_USE_DEFAULTZONE, CTL_EOL); 1925 sysctl_createv(clog, 0, NULL, NULL, 1926 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1927 CTLTYPE_INT, "mcast_pmtu", 1928 SYSCTL_DESCR("Enable pMTU discovery for multicast packet"), 1929 NULL, 0, &ip6_mcast_pmtu, 0, 1930 CTL_NET, PF_INET6, IPPROTO_IPV6, 1931 CTL_CREATE, CTL_EOL); 1932 #ifdef GATEWAY 1933 sysctl_createv(clog, 0, NULL, NULL, 1934 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1935 CTLTYPE_INT, "maxflows", 1936 SYSCTL_DESCR("Number of flows for fast forwarding (IPv6)"), 1937 sysctl_net_inet6_ip6_maxflows, 0, &ip6_maxflows, 0, 1938 CTL_NET, PF_INET6, IPPROTO_IPV6, 1939 CTL_CREATE, CTL_EOL); 1940 sysctl_createv(clog, 0, NULL, NULL, 1941 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 1942 CTLTYPE_INT, "hashsize", 1943 SYSCTL_DESCR("Size of hash table for fast forwarding (IPv6)"), 1944 sysctl_net_inet6_ip6_hashsize, 0, &ip6_hashsize, 0, 1945 CTL_NET, PF_INET6, IPPROTO_IPV6, 1946 CTL_CREATE, CTL_EOL); 1947 #endif 1948 } 1949 1950 void 1951 ip6_statinc(u_int stat) 1952 { 1953 1954 KASSERT(stat < IP6_NSTATS); 1955 IP6_STATINC(stat); 1956 } 1957