1 /* $NetBSD: raw_ip6.c,v 1.136 2014/08/09 05:33:01 rtr Exp $ */ 2 /* $KAME: raw_ip6.c,v 1.82 2001/07/23 18:57:56 jinmei Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1988, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)raw_ip.c 8.2 (Berkeley) 1/4/94 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: raw_ip6.c,v 1.136 2014/08/09 05:33:01 rtr Exp $"); 66 67 #include "opt_ipsec.h" 68 69 #include <sys/param.h> 70 #include <sys/sysctl.h> 71 #include <sys/mbuf.h> 72 #include <sys/socket.h> 73 #include <sys/protosw.h> 74 #include <sys/socketvar.h> 75 #include <sys/systm.h> 76 #include <sys/proc.h> 77 #include <sys/kauth.h> 78 #include <sys/kmem.h> 79 80 #include <net/if.h> 81 #include <net/route.h> 82 #include <net/if_types.h> 83 #include <net/net_stats.h> 84 85 #include <netinet/in.h> 86 #include <netinet/in_var.h> 87 #include <netinet/ip6.h> 88 #include <netinet6/ip6_var.h> 89 #include <netinet6/ip6_private.h> 90 #include <netinet6/ip6_mroute.h> 91 #include <netinet/icmp6.h> 92 #include <netinet6/icmp6_private.h> 93 #include <netinet6/in6_pcb.h> 94 #include <netinet6/nd6.h> 95 #include <netinet6/ip6protosw.h> 96 #include <netinet6/scope6_var.h> 97 #include <netinet6/raw_ip6.h> 98 99 #ifdef IPSEC 100 #include <netipsec/ipsec.h> 101 #include <netipsec/ipsec_var.h> 102 #include <netipsec/ipsec_private.h> 103 #include <netipsec/ipsec6.h> 104 #endif 105 106 #include "faith.h" 107 #if defined(NFAITH) && 0 < NFAITH 108 #include <net/if_faith.h> 109 #endif 110 111 extern struct inpcbtable rawcbtable; 112 struct inpcbtable raw6cbtable; 113 #define ifatoia6(ifa) ((struct in6_ifaddr *)(ifa)) 114 115 /* 116 * Raw interface to IP6 protocol. 117 */ 118 119 static percpu_t *rip6stat_percpu; 120 121 #define RIP6_STATINC(x) _NET_STATINC(rip6stat_percpu, x) 122 123 static void sysctl_net_inet6_raw6_setup(struct sysctllog **); 124 125 /* 126 * Initialize raw connection block queue. 127 */ 128 void 129 rip6_init(void) 130 { 131 132 sysctl_net_inet6_raw6_setup(NULL); 133 in6_pcbinit(&raw6cbtable, 1, 1); 134 135 rip6stat_percpu = percpu_alloc(sizeof(uint64_t) * RIP6_NSTATS); 136 } 137 138 /* 139 * Setup generic address and protocol structures 140 * for raw_input routine, then pass them along with 141 * mbuf chain. 142 */ 143 int 144 rip6_input(struct mbuf **mp, int *offp, int proto) 145 { 146 struct mbuf *m = *mp; 147 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 148 struct inpcb_hdr *inph; 149 struct in6pcb *in6p; 150 struct in6pcb *last = NULL; 151 struct sockaddr_in6 rip6src; 152 struct mbuf *opts = NULL; 153 154 RIP6_STATINC(RIP6_STAT_IPACKETS); 155 156 #if defined(NFAITH) && 0 < NFAITH 157 if (faithprefix(&ip6->ip6_dst)) { 158 /* send icmp6 host unreach? */ 159 m_freem(m); 160 return IPPROTO_DONE; 161 } 162 #endif 163 164 /* Be proactive about malicious use of IPv4 mapped address */ 165 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || 166 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { 167 /* XXX stat */ 168 m_freem(m); 169 return IPPROTO_DONE; 170 } 171 172 sockaddr_in6_init(&rip6src, &ip6->ip6_src, 0, 0, 0); 173 if (sa6_recoverscope(&rip6src) != 0) { 174 /* XXX: should be impossible. */ 175 m_freem(m); 176 return IPPROTO_DONE; 177 } 178 179 TAILQ_FOREACH(inph, &raw6cbtable.inpt_queue, inph_queue) { 180 in6p = (struct in6pcb *)inph; 181 if (in6p->in6p_af != AF_INET6) 182 continue; 183 if (in6p->in6p_ip6.ip6_nxt && 184 in6p->in6p_ip6.ip6_nxt != proto) 185 continue; 186 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) && 187 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, &ip6->ip6_dst)) 188 continue; 189 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr) && 190 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, &ip6->ip6_src)) 191 continue; 192 if (in6p->in6p_cksum != -1) { 193 RIP6_STATINC(RIP6_STAT_ISUM); 194 if (in6_cksum(m, proto, *offp, 195 m->m_pkthdr.len - *offp)) { 196 RIP6_STATINC(RIP6_STAT_BADSUM); 197 continue; 198 } 199 } 200 if (last) { 201 struct mbuf *n; 202 203 #ifdef IPSEC 204 /* 205 * Check AH/ESP integrity 206 */ 207 if (ipsec_used && !ipsec6_in_reject(m, last)) 208 #endif /* IPSEC */ 209 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { 210 if (last->in6p_flags & IN6P_CONTROLOPTS) 211 ip6_savecontrol(last, &opts, ip6, n); 212 /* strip intermediate headers */ 213 m_adj(n, *offp); 214 if (sbappendaddr(&last->in6p_socket->so_rcv, 215 (struct sockaddr *)&rip6src, n, opts) == 0) { 216 /* should notify about lost packet */ 217 m_freem(n); 218 if (opts) 219 m_freem(opts); 220 RIP6_STATINC(RIP6_STAT_FULLSOCK); 221 } else 222 sorwakeup(last->in6p_socket); 223 opts = NULL; 224 } 225 } 226 last = in6p; 227 } 228 #ifdef IPSEC 229 if (ipsec_used && last && ipsec6_in_reject(m, last)) { 230 m_freem(m); 231 /* 232 * XXX ipsec6_in_reject update stat if there is an error 233 * so we just need to update stats by hand in the case of last is 234 * NULL 235 */ 236 if (!last) 237 IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); 238 IP6_STATDEC(IP6_STAT_DELIVERED); 239 /* do not inject data into pcb */ 240 } else 241 #endif /* IPSEC */ 242 if (last) { 243 if (last->in6p_flags & IN6P_CONTROLOPTS) 244 ip6_savecontrol(last, &opts, ip6, m); 245 /* strip intermediate headers */ 246 m_adj(m, *offp); 247 if (sbappendaddr(&last->in6p_socket->so_rcv, 248 (struct sockaddr *)&rip6src, m, opts) == 0) { 249 m_freem(m); 250 if (opts) 251 m_freem(opts); 252 RIP6_STATINC(RIP6_STAT_FULLSOCK); 253 } else 254 sorwakeup(last->in6p_socket); 255 } else { 256 RIP6_STATINC(RIP6_STAT_NOSOCK); 257 if (m->m_flags & M_MCAST) 258 RIP6_STATINC(RIP6_STAT_NOSOCKMCAST); 259 if (proto == IPPROTO_NONE) 260 m_freem(m); 261 else { 262 u_int8_t *prvnxtp = ip6_get_prevhdr(m, *offp); /* XXX */ 263 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_protounknown); 264 icmp6_error(m, ICMP6_PARAM_PROB, 265 ICMP6_PARAMPROB_NEXTHEADER, 266 prvnxtp - mtod(m, u_int8_t *)); 267 } 268 IP6_STATDEC(IP6_STAT_DELIVERED); 269 } 270 return IPPROTO_DONE; 271 } 272 273 void * 274 rip6_ctlinput(int cmd, const struct sockaddr *sa, void *d) 275 { 276 struct ip6_hdr *ip6; 277 struct ip6ctlparam *ip6cp = NULL; 278 const struct sockaddr_in6 *sa6_src = NULL; 279 void *cmdarg; 280 void (*notify)(struct in6pcb *, int) = in6_rtchange; 281 int nxt; 282 283 if (sa->sa_family != AF_INET6 || 284 sa->sa_len != sizeof(struct sockaddr_in6)) 285 return NULL; 286 287 if ((unsigned)cmd >= PRC_NCMDS) 288 return NULL; 289 if (PRC_IS_REDIRECT(cmd)) 290 notify = in6_rtchange, d = NULL; 291 else if (cmd == PRC_HOSTDEAD) 292 d = NULL; 293 else if (cmd == PRC_MSGSIZE) 294 ; /* special code is present, see below */ 295 else if (inet6ctlerrmap[cmd] == 0) 296 return NULL; 297 298 /* if the parameter is from icmp6, decode it. */ 299 if (d != NULL) { 300 ip6cp = (struct ip6ctlparam *)d; 301 ip6 = ip6cp->ip6c_ip6; 302 cmdarg = ip6cp->ip6c_cmdarg; 303 sa6_src = ip6cp->ip6c_src; 304 nxt = ip6cp->ip6c_nxt; 305 } else { 306 ip6 = NULL; 307 cmdarg = NULL; 308 sa6_src = &sa6_any; 309 nxt = -1; 310 } 311 312 if (ip6 && cmd == PRC_MSGSIZE) { 313 const struct sockaddr_in6 *sa6 = (const struct sockaddr_in6 *)sa; 314 int valid = 0; 315 struct in6pcb *in6p; 316 317 /* 318 * Check to see if we have a valid raw IPv6 socket 319 * corresponding to the address in the ICMPv6 message 320 * payload, and the protocol (ip6_nxt) meets the socket. 321 * XXX chase extension headers, or pass final nxt value 322 * from icmp6_notify_error() 323 */ 324 in6p = NULL; 325 in6p = in6_pcblookup_connect(&raw6cbtable, &sa6->sin6_addr, 0, 326 (const struct in6_addr *)&sa6_src->sin6_addr, 0, 0, 0); 327 #if 0 328 if (!in6p) { 329 /* 330 * As the use of sendto(2) is fairly popular, 331 * we may want to allow non-connected pcb too. 332 * But it could be too weak against attacks... 333 * We should at least check if the local 334 * address (= s) is really ours. 335 */ 336 in6p = in6_pcblookup_bind(&raw6cbtable, 337 &sa6->sin6_addr, 0, 0); 338 } 339 #endif 340 341 if (in6p && in6p->in6p_ip6.ip6_nxt && 342 in6p->in6p_ip6.ip6_nxt == nxt) 343 valid++; 344 345 /* 346 * Depending on the value of "valid" and routing table 347 * size (mtudisc_{hi,lo}wat), we will: 348 * - recalculate the new MTU and create the 349 * corresponding routing entry, or 350 * - ignore the MTU change notification. 351 */ 352 icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); 353 354 /* 355 * regardless of if we called icmp6_mtudisc_update(), 356 * we need to call in6_pcbnotify(), to notify path MTU 357 * change to the userland (RFC3542), because some 358 * unconnected sockets may share the same destination 359 * and want to know the path MTU. 360 */ 361 } 362 363 (void) in6_pcbnotify(&raw6cbtable, sa, 0, 364 (const struct sockaddr *)sa6_src, 0, cmd, cmdarg, notify); 365 return NULL; 366 } 367 368 /* 369 * Generate IPv6 header and pass packet to ip6_output. 370 * Tack on options user may have setup with control call. 371 */ 372 int 373 rip6_output(struct mbuf *m, struct socket * const so, 374 struct sockaddr_in6 * const dstsock, struct mbuf * const control) 375 { 376 struct in6_addr *dst; 377 struct ip6_hdr *ip6; 378 struct in6pcb *in6p; 379 u_int plen = m->m_pkthdr.len; 380 int error = 0; 381 struct ip6_pktopts opt, *optp = NULL; 382 struct ifnet *oifp = NULL; 383 int type, code; /* for ICMPv6 output statistics only */ 384 int scope_ambiguous = 0; 385 struct in6_addr *in6a; 386 387 in6p = sotoin6pcb(so); 388 389 dst = &dstsock->sin6_addr; 390 if (control) { 391 if ((error = ip6_setpktopts(control, &opt, 392 in6p->in6p_outputopts, 393 kauth_cred_get(), so->so_proto->pr_protocol)) != 0) { 394 goto bad; 395 } 396 optp = &opt; 397 } else 398 optp = in6p->in6p_outputopts; 399 400 /* 401 * Check and convert scope zone ID into internal form. 402 * XXX: we may still need to determine the zone later. 403 */ 404 if (!(so->so_state & SS_ISCONNECTED)) { 405 if (dstsock->sin6_scope_id == 0 && !ip6_use_defzone) 406 scope_ambiguous = 1; 407 if ((error = sa6_embedscope(dstsock, ip6_use_defzone)) != 0) 408 goto bad; 409 } 410 411 /* 412 * For an ICMPv6 packet, we should know its type and code 413 * to update statistics. 414 */ 415 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) { 416 struct icmp6_hdr *icmp6; 417 if (m->m_len < sizeof(struct icmp6_hdr) && 418 (m = m_pullup(m, sizeof(struct icmp6_hdr))) == NULL) { 419 error = ENOBUFS; 420 goto bad; 421 } 422 icmp6 = mtod(m, struct icmp6_hdr *); 423 type = icmp6->icmp6_type; 424 code = icmp6->icmp6_code; 425 } else { 426 type = 0; 427 code = 0; 428 } 429 430 M_PREPEND(m, sizeof(*ip6), M_DONTWAIT); 431 if (!m) { 432 error = ENOBUFS; 433 goto bad; 434 } 435 ip6 = mtod(m, struct ip6_hdr *); 436 437 /* 438 * Next header might not be ICMP6 but use its pseudo header anyway. 439 */ 440 ip6->ip6_dst = *dst; 441 442 /* 443 * Source address selection. 444 */ 445 if ((in6a = in6_selectsrc(dstsock, optp, in6p->in6p_moptions, 446 &in6p->in6p_route, &in6p->in6p_laddr, &oifp, 447 &error)) == 0) { 448 if (error == 0) 449 error = EADDRNOTAVAIL; 450 goto bad; 451 } 452 ip6->ip6_src = *in6a; 453 454 if (oifp && scope_ambiguous) { 455 /* 456 * Application should provide a proper zone ID or the use of 457 * default zone IDs should be enabled. Unfortunately, some 458 * applications do not behave as it should, so we need a 459 * workaround. Even if an appropriate ID is not determined 460 * (when it's required), if we can determine the outgoing 461 * interface. determine the zone ID based on the interface. 462 */ 463 error = in6_setscope(&dstsock->sin6_addr, oifp, NULL); 464 if (error != 0) 465 goto bad; 466 } 467 ip6->ip6_dst = dstsock->sin6_addr; 468 469 /* fill in the rest of the IPv6 header fields */ 470 ip6->ip6_flow = in6p->in6p_flowinfo & IPV6_FLOWINFO_MASK; 471 ip6->ip6_vfc &= ~IPV6_VERSION_MASK; 472 ip6->ip6_vfc |= IPV6_VERSION; 473 /* ip6_plen will be filled in ip6_output, so not fill it here. */ 474 ip6->ip6_nxt = in6p->in6p_ip6.ip6_nxt; 475 ip6->ip6_hlim = in6_selecthlim(in6p, oifp); 476 477 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6 || 478 in6p->in6p_cksum != -1) { 479 int off; 480 u_int16_t sum; 481 482 /* compute checksum */ 483 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) 484 off = offsetof(struct icmp6_hdr, icmp6_cksum); 485 else 486 off = in6p->in6p_cksum; 487 if (plen < off + 1) { 488 error = EINVAL; 489 goto bad; 490 } 491 off += sizeof(struct ip6_hdr); 492 493 sum = 0; 494 m = m_copyback_cow(m, off, sizeof(sum), (void *)&sum, 495 M_DONTWAIT); 496 if (m == NULL) { 497 error = ENOBUFS; 498 goto bad; 499 } 500 sum = in6_cksum(m, ip6->ip6_nxt, sizeof(*ip6), plen); 501 m = m_copyback_cow(m, off, sizeof(sum), (void *)&sum, 502 M_DONTWAIT); 503 if (m == NULL) { 504 error = ENOBUFS; 505 goto bad; 506 } 507 } 508 509 error = ip6_output(m, optp, &in6p->in6p_route, 0, 510 in6p->in6p_moptions, so, &oifp); 511 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) { 512 if (oifp) 513 icmp6_ifoutstat_inc(oifp, type, code); 514 ICMP6_STATINC(ICMP6_STAT_OUTHIST + type); 515 } else 516 RIP6_STATINC(RIP6_STAT_OPACKETS); 517 518 goto freectl; 519 520 bad: 521 if (m) 522 m_freem(m); 523 524 freectl: 525 if (control) { 526 ip6_clearpktopts(&opt, -1); 527 m_freem(control); 528 } 529 return error; 530 } 531 532 /* 533 * Raw IPv6 socket option processing. 534 */ 535 int 536 rip6_ctloutput(int op, struct socket *so, struct sockopt *sopt) 537 { 538 int error = 0; 539 540 if (sopt->sopt_level == SOL_SOCKET && sopt->sopt_name == SO_NOHEADER) { 541 int optval; 542 543 /* need to fiddle w/ opt(IPPROTO_IPV6, IPV6_CHECKSUM)? */ 544 if (op == PRCO_GETOPT) { 545 optval = 1; 546 error = sockopt_set(sopt, &optval, sizeof(optval)); 547 } else if (op == PRCO_SETOPT) { 548 error = sockopt_getint(sopt, &optval); 549 if (error) 550 goto out; 551 if (optval == 0) 552 error = EINVAL; 553 } 554 555 goto out; 556 } else if (sopt->sopt_level != IPPROTO_IPV6) 557 return ip6_ctloutput(op, so, sopt); 558 559 switch (sopt->sopt_name) { 560 case MRT6_INIT: 561 case MRT6_DONE: 562 case MRT6_ADD_MIF: 563 case MRT6_DEL_MIF: 564 case MRT6_ADD_MFC: 565 case MRT6_DEL_MFC: 566 case MRT6_PIM: 567 if (op == PRCO_SETOPT) 568 error = ip6_mrouter_set(so, sopt); 569 else if (op == PRCO_GETOPT) 570 error = ip6_mrouter_get(so, sopt); 571 else 572 error = EINVAL; 573 break; 574 case IPV6_CHECKSUM: 575 return ip6_raw_ctloutput(op, so, sopt); 576 default: 577 return ip6_ctloutput(op, so, sopt); 578 } 579 out: 580 return error; 581 } 582 583 extern u_long rip6_sendspace; 584 extern u_long rip6_recvspace; 585 586 int 587 rip6_attach(struct socket *so, int proto) 588 { 589 struct in6pcb *in6p; 590 int s, error; 591 592 KASSERT(sotoin6pcb(so) == NULL); 593 sosetlock(so); 594 595 error = kauth_authorize_network(curlwp->l_cred, 596 KAUTH_NETWORK_SOCKET, KAUTH_REQ_NETWORK_SOCKET_RAWSOCK, 597 KAUTH_ARG(AF_INET6), 598 KAUTH_ARG(SOCK_RAW), 599 KAUTH_ARG(so->so_proto->pr_protocol)); 600 if (error) { 601 return error; 602 } 603 s = splsoftnet(); 604 error = soreserve(so, rip6_sendspace, rip6_recvspace); 605 if (error) { 606 splx(s); 607 return error; 608 } 609 if ((error = in6_pcballoc(so, &raw6cbtable)) != 0) { 610 splx(s); 611 return error; 612 } 613 splx(s); 614 in6p = sotoin6pcb(so); 615 in6p->in6p_ip6.ip6_nxt = proto; 616 in6p->in6p_cksum = -1; 617 618 in6p->in6p_icmp6filt = kmem_alloc(sizeof(struct icmp6_filter), KM_SLEEP); 619 if (in6p->in6p_icmp6filt == NULL) { 620 in6_pcbdetach(in6p); 621 return ENOMEM; 622 } 623 ICMP6_FILTER_SETPASSALL(in6p->in6p_icmp6filt); 624 KASSERT(solocked(so)); 625 return error; 626 } 627 628 static void 629 rip6_detach(struct socket *so) 630 { 631 struct in6pcb *in6p = sotoin6pcb(so); 632 633 KASSERT(solocked(so)); 634 KASSERT(in6p != NULL); 635 636 if (so == ip6_mrouter) { 637 ip6_mrouter_done(); 638 } 639 /* xxx: RSVP */ 640 if (in6p->in6p_icmp6filt != NULL) { 641 kmem_free(in6p->in6p_icmp6filt, sizeof(struct icmp6_filter)); 642 in6p->in6p_icmp6filt = NULL; 643 } 644 in6_pcbdetach(in6p); 645 } 646 647 static int 648 rip6_accept(struct socket *so, struct mbuf *nam) 649 { 650 KASSERT(solocked(so)); 651 652 return EOPNOTSUPP; 653 } 654 655 static int 656 rip6_bind(struct socket *so, struct mbuf *nam, struct lwp *l) 657 { 658 struct in6pcb *in6p = sotoin6pcb(so); 659 struct sockaddr_in6 *addr; 660 struct ifaddr *ia = NULL; 661 int error = 0; 662 663 KASSERT(solocked(so)); 664 KASSERT(in6p != NULL); 665 KASSERT(nam != NULL); 666 667 addr = mtod(nam, struct sockaddr_in6 *); 668 if (nam->m_len != sizeof(*addr)) 669 return EINVAL; 670 if (IFNET_EMPTY() || addr->sin6_family != AF_INET6) 671 return EADDRNOTAVAIL; 672 673 if ((error = sa6_embedscope(addr, ip6_use_defzone)) != 0) 674 return error; 675 676 /* 677 * we don't support mapped address here, it would confuse 678 * users so reject it 679 */ 680 if (IN6_IS_ADDR_V4MAPPED(&addr->sin6_addr)) 681 return EADDRNOTAVAIL; 682 if (!IN6_IS_ADDR_UNSPECIFIED(&addr->sin6_addr) && 683 (ia = ifa_ifwithaddr((struct sockaddr *)addr)) == 0) 684 return EADDRNOTAVAIL; 685 if (ia && ((struct in6_ifaddr *)ia)->ia6_flags & 686 (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY| 687 IN6_IFF_DETACHED|IN6_IFF_DEPRECATED)) 688 return EADDRNOTAVAIL; 689 in6p->in6p_laddr = addr->sin6_addr; 690 return 0; 691 } 692 693 static int 694 rip6_listen(struct socket *so, struct lwp *l) 695 { 696 KASSERT(solocked(so)); 697 698 return EOPNOTSUPP; 699 } 700 701 static int 702 rip6_connect(struct socket *so, struct mbuf *nam, struct lwp *l) 703 { 704 struct in6pcb *in6p = sotoin6pcb(so); 705 struct sockaddr_in6 *addr; 706 struct in6_addr *in6a = NULL; 707 struct ifnet *ifp = NULL; 708 int scope_ambiguous = 0; 709 int error = 0; 710 711 KASSERT(solocked(so)); 712 KASSERT(in6p != NULL); 713 KASSERT(nam != NULL); 714 715 addr = mtod(nam, struct sockaddr_in6 *); 716 717 if (nam->m_len != sizeof(*addr)) 718 return EINVAL; 719 if (IFNET_EMPTY()) 720 return EADDRNOTAVAIL; 721 if (addr->sin6_family != AF_INET6) 722 return EAFNOSUPPORT; 723 724 /* 725 * Application should provide a proper zone ID or the use of 726 * default zone IDs should be enabled. Unfortunately, some 727 * applications do not behave as it should, so we need a 728 * workaround. Even if an appropriate ID is not determined, 729 * we'll see if we can determine the outgoing interface. If we 730 * can, determine the zone ID based on the interface below. 731 */ 732 if (addr->sin6_scope_id == 0 && !ip6_use_defzone) 733 scope_ambiguous = 1; 734 if ((error = sa6_embedscope(addr, ip6_use_defzone)) != 0) 735 return error; 736 737 /* Source address selection. XXX: need pcblookup? */ 738 in6a = in6_selectsrc(addr, in6p->in6p_outputopts, 739 in6p->in6p_moptions, &in6p->in6p_route, 740 &in6p->in6p_laddr, &ifp, &error); 741 if (in6a == NULL) { 742 if (error == 0) 743 return EADDRNOTAVAIL; 744 return error; 745 } 746 /* XXX: see above */ 747 if (ifp && scope_ambiguous && 748 (error = in6_setscope(&addr->sin6_addr, ifp, NULL)) != 0) { 749 return error; 750 } 751 in6p->in6p_laddr = *in6a; 752 in6p->in6p_faddr = addr->sin6_addr; 753 soisconnected(so); 754 return error; 755 } 756 757 static int 758 rip6_connect2(struct socket *so, struct socket *so2) 759 { 760 KASSERT(solocked(so)); 761 762 return EOPNOTSUPP; 763 } 764 765 static int 766 rip6_disconnect(struct socket *so) 767 { 768 struct in6pcb *in6p = sotoin6pcb(so); 769 770 KASSERT(solocked(so)); 771 KASSERT(in6p != NULL); 772 773 if ((so->so_state & SS_ISCONNECTED) == 0) 774 return ENOTCONN; 775 776 in6p->in6p_faddr = in6addr_any; 777 so->so_state &= ~SS_ISCONNECTED; /* XXX */ 778 return 0; 779 } 780 781 static int 782 rip6_shutdown(struct socket *so) 783 { 784 KASSERT(solocked(so)); 785 786 /* 787 * Mark the connection as being incapable of futther input. 788 */ 789 socantsendmore(so); 790 return 0; 791 } 792 793 static int 794 rip6_abort(struct socket *so) 795 { 796 KASSERT(solocked(so)); 797 798 soisdisconnected(so); 799 rip6_detach(so); 800 return 0; 801 } 802 803 static int 804 rip6_ioctl(struct socket *so, u_long cmd, void *nam, struct ifnet *ifp) 805 { 806 return in6_control(so, cmd, nam, ifp); 807 } 808 809 static int 810 rip6_stat(struct socket *so, struct stat *ub) 811 { 812 KASSERT(solocked(so)); 813 814 /* stat: don't bother with a blocksize */ 815 return 0; 816 } 817 818 static int 819 rip6_peeraddr(struct socket *so, struct mbuf *nam) 820 { 821 KASSERT(solocked(so)); 822 KASSERT(sotoin6pcb(so) != NULL); 823 KASSERT(nam != NULL); 824 825 in6_setpeeraddr(sotoin6pcb(so), nam); 826 return 0; 827 } 828 829 static int 830 rip6_sockaddr(struct socket *so, struct mbuf *nam) 831 { 832 KASSERT(solocked(so)); 833 KASSERT(sotoin6pcb(so) != NULL); 834 KASSERT(nam != NULL); 835 836 in6_setsockaddr(sotoin6pcb(so), nam); 837 return 0; 838 } 839 840 static int 841 rip6_rcvd(struct socket *so, int flags, struct lwp *l) 842 { 843 KASSERT(solocked(so)); 844 845 return EOPNOTSUPP; 846 } 847 848 static int 849 rip6_recvoob(struct socket *so, struct mbuf *m, int flags) 850 { 851 KASSERT(solocked(so)); 852 853 return EOPNOTSUPP; 854 } 855 856 static int 857 rip6_send(struct socket *so, struct mbuf *m, struct mbuf *nam, 858 struct mbuf *control, struct lwp *l) 859 { 860 struct in6pcb *in6p = sotoin6pcb(so); 861 struct sockaddr_in6 tmp; 862 struct sockaddr_in6 *dst; 863 int error = 0; 864 865 KASSERT(solocked(so)); 866 KASSERT(in6p != NULL); 867 KASSERT(m != NULL); 868 869 /* 870 * Ship a packet out. The appropriate raw output 871 * routine handles any messaging necessary. 872 */ 873 874 /* always copy sockaddr to avoid overwrites */ 875 if (so->so_state & SS_ISCONNECTED) { 876 if (nam) { 877 error = EISCONN; 878 goto release; 879 } 880 /* XXX */ 881 sockaddr_in6_init(&tmp, &in6p->in6p_faddr, 0, 0, 0); 882 dst = &tmp; 883 } else { 884 if (nam == NULL) { 885 error = ENOTCONN; 886 goto release; 887 } 888 if (nam->m_len != sizeof(tmp)) { 889 error = EINVAL; 890 goto release; 891 } 892 893 tmp = *mtod(nam, struct sockaddr_in6 *); 894 dst = &tmp; 895 896 if (dst->sin6_family != AF_INET6) { 897 error = EAFNOSUPPORT; 898 goto release; 899 } 900 } 901 error = rip6_output(m, so, dst, control); 902 m = NULL; 903 904 release: 905 if (m) 906 m_freem(m); 907 908 return error; 909 } 910 911 static int 912 rip6_sendoob(struct socket *so, struct mbuf *m, struct mbuf *control) 913 { 914 KASSERT(solocked(so)); 915 916 if (m) 917 m_freem(m); 918 919 return EOPNOTSUPP; 920 } 921 922 static int 923 rip6_purgeif(struct socket *so, struct ifnet *ifp) 924 { 925 926 mutex_enter(softnet_lock); 927 in6_pcbpurgeif0(&raw6cbtable, ifp); 928 in6_purgeif(ifp); 929 in6_pcbpurgeif(&raw6cbtable, ifp); 930 mutex_exit(softnet_lock); 931 932 return 0; 933 } 934 935 int 936 rip6_usrreq(struct socket *so, int req, struct mbuf *m, 937 struct mbuf *nam, struct mbuf *control, struct lwp *l) 938 { 939 940 KASSERT(req != PRU_ACCEPT); 941 KASSERT(req != PRU_BIND); 942 KASSERT(req != PRU_LISTEN); 943 KASSERT(req != PRU_CONNECT); 944 KASSERT(req != PRU_CONNECT2); 945 KASSERT(req != PRU_DISCONNECT); 946 KASSERT(req != PRU_SHUTDOWN); 947 KASSERT(req != PRU_ABORT); 948 KASSERT(req != PRU_CONTROL); 949 KASSERT(req != PRU_SENSE); 950 KASSERT(req != PRU_PEERADDR); 951 KASSERT(req != PRU_SOCKADDR); 952 KASSERT(req != PRU_RCVD); 953 KASSERT(req != PRU_RCVOOB); 954 KASSERT(req != PRU_SEND); 955 KASSERT(req != PRU_PURGEIF); 956 KASSERT(req != PRU_SENDOOB); 957 958 panic("rip6_usrreq"); 959 960 return 0; 961 } 962 963 static int 964 sysctl_net_inet6_raw6_stats(SYSCTLFN_ARGS) 965 { 966 967 return (NETSTAT_SYSCTL(rip6stat_percpu, RIP6_NSTATS)); 968 } 969 970 static void 971 sysctl_net_inet6_raw6_setup(struct sysctllog **clog) 972 { 973 974 sysctl_createv(clog, 0, NULL, NULL, 975 CTLFLAG_PERMANENT, 976 CTLTYPE_NODE, "inet6", NULL, 977 NULL, 0, NULL, 0, 978 CTL_NET, PF_INET6, CTL_EOL); 979 sysctl_createv(clog, 0, NULL, NULL, 980 CTLFLAG_PERMANENT, 981 CTLTYPE_NODE, "raw6", 982 SYSCTL_DESCR("Raw IPv6 settings"), 983 NULL, 0, NULL, 0, 984 CTL_NET, PF_INET6, IPPROTO_RAW, CTL_EOL); 985 986 sysctl_createv(clog, 0, NULL, NULL, 987 CTLFLAG_PERMANENT, 988 CTLTYPE_STRUCT, "pcblist", 989 SYSCTL_DESCR("Raw IPv6 control block list"), 990 sysctl_inpcblist, 0, &raw6cbtable, 0, 991 CTL_NET, PF_INET6, IPPROTO_RAW, 992 CTL_CREATE, CTL_EOL); 993 sysctl_createv(clog, 0, NULL, NULL, 994 CTLFLAG_PERMANENT, 995 CTLTYPE_STRUCT, "stats", 996 SYSCTL_DESCR("Raw IPv6 statistics"), 997 sysctl_net_inet6_raw6_stats, 0, NULL, 0, 998 CTL_NET, PF_INET6, IPPROTO_RAW, RAW6CTL_STATS, 999 CTL_EOL); 1000 } 1001 1002 PR_WRAP_USRREQS(rip6) 1003 #define rip6_attach rip6_attach_wrapper 1004 #define rip6_detach rip6_detach_wrapper 1005 #define rip6_accept rip6_accept_wrapper 1006 #define rip6_bind rip6_bind_wrapper 1007 #define rip6_listen rip6_listen_wrapper 1008 #define rip6_connect rip6_connect_wrapper 1009 #define rip6_connect2 rip6_connect2_wrapper 1010 #define rip6_disconnect rip6_disconnect_wrapper 1011 #define rip6_shutdown rip6_shutdown_wrapper 1012 #define rip6_abort rip6_abort_wrapper 1013 #define rip6_ioctl rip6_ioctl_wrapper 1014 #define rip6_stat rip6_stat_wrapper 1015 #define rip6_peeraddr rip6_peeraddr_wrapper 1016 #define rip6_sockaddr rip6_sockaddr_wrapper 1017 #define rip6_rcvd rip6_rcvd_wrapper 1018 #define rip6_recvoob rip6_recvoob_wrapper 1019 #define rip6_send rip6_send_wrapper 1020 #define rip6_sendoob rip6_sendoob_wrapper 1021 #define rip6_purgeif rip6_purgeif_wrapper 1022 #define rip6_usrreq rip6_usrreq_wrapper 1023 1024 const struct pr_usrreqs rip6_usrreqs = { 1025 .pr_attach = rip6_attach, 1026 .pr_detach = rip6_detach, 1027 .pr_accept = rip6_accept, 1028 .pr_bind = rip6_bind, 1029 .pr_listen = rip6_listen, 1030 .pr_connect = rip6_connect, 1031 .pr_connect2 = rip6_connect2, 1032 .pr_disconnect = rip6_disconnect, 1033 .pr_shutdown = rip6_shutdown, 1034 .pr_abort = rip6_abort, 1035 .pr_ioctl = rip6_ioctl, 1036 .pr_stat = rip6_stat, 1037 .pr_peeraddr = rip6_peeraddr, 1038 .pr_sockaddr = rip6_sockaddr, 1039 .pr_rcvd = rip6_rcvd, 1040 .pr_recvoob = rip6_recvoob, 1041 .pr_send = rip6_send, 1042 .pr_sendoob = rip6_sendoob, 1043 .pr_purgeif = rip6_purgeif, 1044 .pr_generic = rip6_usrreq, 1045 }; 1046