[BACK]Return to ip6_forward.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / sys / netinet6

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/sys/netinet6/ip6_forward.c between version 1.12 and 1.12.2.3

version 1.12, 2000/06/03 14:36:36 version 1.12.2.3, 2000/07/28 02:31:25
Line 1 
Line 1 
 /*      $NetBSD$        */  /*      $NetBSD$        */
 /*      $KAME: ip6_forward.c,v 1.37 2000/05/28 12:17:19 itojun Exp $    */  /*      $KAME: ip6_forward.c,v 1.44 2000/07/27 13:43:21 itojun Exp $    */
   
 /*  /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.   * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
Line 30 
Line 30 
  * SUCH DAMAGE.   * SUCH DAMAGE.
  */   */
   
   #include "opt_ipsec.h"
   
 #include <sys/param.h>  #include <sys/param.h>
 #include <sys/systm.h>  #include <sys/systm.h>
 #include <sys/malloc.h>  #include <sys/malloc.h>
Line 53 
Line 55 
 #include <netinet/icmp6.h>  #include <netinet/icmp6.h>
 #include <netinet6/nd6.h>  #include <netinet6/nd6.h>
   
 #ifdef IPSEC_IPV6FWD  #ifdef IPSEC
 #include <netinet6/ipsec.h>  #include <netinet6/ipsec.h>
 #include <netkey/key.h>  #include <netkey/key.h>
 #include <netkey/key_debug.h>  #endif /* IPSEC */
 #endif /* IPSEC_IPV6FWD */  
   
 #ifdef IPV6FIREWALL  #ifdef IPV6FIREWALL
 #include <netinet6/ip6_fw.h>  #include <netinet6/ip6_fw.h>
Line 91  ip6_forward(m, srcrt)
Line 92  ip6_forward(m, srcrt)
         int error, type = 0, code = 0;          int error, type = 0, code = 0;
         struct mbuf *mcopy = NULL;          struct mbuf *mcopy = NULL;
         struct ifnet *origifp;  /* maybe unnecessary */          struct ifnet *origifp;  /* maybe unnecessary */
 #ifdef IPSEC_IPV6FWD  #ifdef IPSEC
         struct secpolicy *sp = NULL;          struct secpolicy *sp = NULL;
 #endif  #endif
         long time_second = time.tv_sec;          long time_second = time.tv_sec;
   
 #ifdef IPSEC_IPV6FWD  #ifdef IPSEC
         /*          /*
          * Check AH/ESP integrity.           * Check AH/ESP integrity.
          */           */
Line 109  ip6_forward(m, srcrt)
Line 110  ip6_forward(m, srcrt)
                 m_freem(m);                  m_freem(m);
                 return;                  return;
         }          }
 #endif /*IPSEC_IPV6FWD*/  #endif /*IPSEC*/
   
           /*
            * Do not forward packets to multicast destination (should be handled
            * by ip6_mforward().
            * Do not forward packets with unspecified source.  It was discussed
            * in July 2000, on ipngwg mailing list.
            */
         if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||          if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
             IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {              IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
               IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
                 ip6stat.ip6s_cantforward++;                  ip6stat.ip6s_cantforward++;
                 /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */                  /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
                 if (ip6_log_time + ip6_log_interval < time_second) {                  if (ip6_log_time + ip6_log_interval < time_second) {
Line 148  ip6_forward(m, srcrt)
Line 156  ip6_forward(m, srcrt)
          */           */
         mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));          mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));
   
 #ifdef IPSEC_IPV6FWD  #ifdef IPSEC
         /* get a security policy for this packet */          /* get a security policy for this packet */
         sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);          sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
         if (sp == NULL) {          if (sp == NULL) {
Line 191  ip6_forward(m, srcrt)
Line 199  ip6_forward(m, srcrt)
                 /* no need to do IPsec. */                  /* no need to do IPsec. */
                 key_freesp(sp);                  key_freesp(sp);
                 goto skip_ipsec;                  goto skip_ipsec;
   
         case IPSEC_POLICY_IPSEC:          case IPSEC_POLICY_IPSEC:
                 if (sp->req == NULL) {                  if (sp->req == NULL) {
                         /* XXX should be panic ? */                          /* XXX should be panic ? */
Line 273  ip6_forward(m, srcrt)
Line 281  ip6_forward(m, srcrt)
         }          }
     }      }
     skip_ipsec:      skip_ipsec:
 #endif /* IPSEC_IPV6FWD */  #endif /* IPSEC */
   
         dst = &ip6_forward_rt.ro_dst;          dst = &ip6_forward_rt.ro_dst;
         if (!srcrt) {          if (!srcrt) {
Line 289  ip6_forward(m, srcrt)
Line 297  ip6_forward(m, srcrt)
                         /* this probably fails but give it a try again */                          /* this probably fails but give it a try again */
                         rtalloc((struct route *)&ip6_forward_rt);                          rtalloc((struct route *)&ip6_forward_rt);
                 }                  }
   
                 if (ip6_forward_rt.ro_rt == 0) {                  if (ip6_forward_rt.ro_rt == 0) {
                         ip6stat.ip6s_noroute++;                          ip6stat.ip6s_noroute++;
                         /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_noroute) */                          /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_noroute) */
Line 359  ip6_forward(m, srcrt)
Line 367  ip6_forward(m, srcrt)
                 in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig);                  in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig);
                 if (mcopy) {                  if (mcopy) {
                         u_long mtu;                          u_long mtu;
 #ifdef IPSEC_IPV6FWD  #ifdef IPSEC
                         struct secpolicy *sp;                          struct secpolicy *sp;
                         int ipsecerror;                          int ipsecerror;
                         size_t ipsechdrsiz;                          size_t ipsechdrsiz;
 #endif  #endif
   
                         mtu = rt->rt_ifp->if_mtu;                          mtu = rt->rt_ifp->if_mtu;
 #ifdef IPSEC_IPV6FWD  #ifdef IPSEC
                         /*                          /*
                          * When we do IPsec tunnel ingress, we need to play                           * When we do IPsec tunnel ingress, we need to play
                          * with if_mtu value (decrement IPsec header size                           * with if_mtu value (decrement IPsec header size
Line 443  ip6_forward(m, srcrt)
Line 451  ip6_forward(m, srcrt)
                  *      to a loopback interface? I don't think so, and thus                   *      to a loopback interface? I don't think so, and thus
                  *      I bark here. (jinmei@kame.net)                   *      I bark here. (jinmei@kame.net)
                  * XXX: it is common to route invalid packets to loopback.                   * XXX: it is common to route invalid packets to loopback.
                  *      (itojun)                   *      also, the codepath will be visited on use of ::1 in
                    *      rthdr. (itojun)
                  */                   */
   #if 1
                 if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0) {                  if (0)
   #else
                   if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0)
   #endif
                   {
                         printf("ip6_forward: outgoing interface is loopback. "                          printf("ip6_forward: outgoing interface is loopback. "
                                "src %s, dst %s, nxt %d, rcvif %s, outif %s\n",                                 "src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
                                ip6_sprintf(&ip6->ip6_src),                                 ip6_sprintf(&ip6->ip6_src),
Line 454  ip6_forward(m, srcrt)
Line 467  ip6_forward(m, srcrt)
                                ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif),                                 ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif),
                                if_name(rt->rt_ifp));                                 if_name(rt->rt_ifp));
                 }                  }
   
                 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))                  if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))
                         origifp = ifindex2ifnet[ntohs(ip6->ip6_src.s6_addr16[1])];                          origifp = ifindex2ifnet[ntohs(ip6->ip6_src.s6_addr16[1])];
                 else if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))                  else if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))

Legend:
Removed from v.1.12  
changed lines
  Added in v.1.12.2.3

CVSweb <webmaster@jp.NetBSD.org>