| version 1.124, 2009/03/18 16:00:23 |
version 1.136.8.2, 2018/01/30 18:45:59 |
|
|
| #include <sys/cdefs.h> |
#include <sys/cdefs.h> |
| __KERNEL_RCSID(0, "$NetBSD$"); |
__KERNEL_RCSID(0, "$NetBSD$"); |
| |
|
| |
#include "opt_gateway.h" |
| #include "opt_inet.h" |
#include "opt_inet.h" |
| #include "opt_inet6.h" |
#include "opt_inet6.h" |
| #include "opt_ipsec.h" |
#include "opt_ipsec.h" |
| Line 84 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| Line 85 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| #include <sys/syslog.h> |
#include <sys/syslog.h> |
| #include <sys/proc.h> |
#include <sys/proc.h> |
| #include <sys/sysctl.h> |
#include <sys/sysctl.h> |
| |
#include <sys/cprng.h> |
| |
|
| #include <net/if.h> |
#include <net/if.h> |
| #include <net/if_types.h> |
#include <net/if_types.h> |
| Line 110 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| Line 112 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| #include <netinet6/in6_ifattach.h> |
#include <netinet6/in6_ifattach.h> |
| #include <netinet6/nd6.h> |
#include <netinet6/nd6.h> |
| |
|
| #ifdef IPSEC |
#ifdef KAME_IPSEC |
| #include <netinet6/ipsec.h> |
#include <netinet6/ipsec.h> |
| #include <netinet6/ipsec_private.h> |
#include <netinet6/ipsec_private.h> |
| #endif |
#endif |
| Line 159 percpu_t *ip6stat_percpu; |
|
| Line 161 percpu_t *ip6stat_percpu; |
|
| static void ip6_init2(void *); |
static void ip6_init2(void *); |
| static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
| |
|
| static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *); |
static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, |
| |
u_int32_t *); |
| static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
| |
static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
| |
|
| /* |
/* |
| * IP6 initialization: fill in IP6 protocol switch table. |
* IP6 initialization: fill in IP6 protocol switch table. |
|
|
| const struct ip6protosw *pr; |
const struct ip6protosw *pr; |
| int i; |
int i; |
| |
|
| |
sysctl_net_inet6_ip6_setup(NULL); |
| pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); |
pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); |
| if (pr == 0) |
if (pr == 0) |
| panic("ip6_init"); |
panic("ip6_init"); |
|
|
| addrsel_policy_init(); |
addrsel_policy_init(); |
| nd6_init(); |
nd6_init(); |
| frag6_init(); |
frag6_init(); |
| ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; |
ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; |
| |
|
| ip6_init2((void *)0); |
ip6_init2(NULL); |
| #ifdef GATEWAY |
#ifdef GATEWAY |
| ip6flow_init(ip6_hashsize); |
ip6flow_init(ip6_hashsize); |
| #endif |
#endif |
| Line 275 ip6_input(struct mbuf *m) |
|
| Line 280 ip6_input(struct mbuf *m) |
|
| int s, error; |
int s, error; |
| #endif |
#endif |
| |
|
| #ifdef IPSEC |
#ifdef KAME_IPSEC |
| /* |
/* |
| * should the inner packet be considered authentic? |
* should the inner packet be considered authentic? |
| * see comment in ah4_input(). |
* see comment in ah4_input(). |
| Line 347 ip6_input(struct mbuf *m) |
|
| Line 352 ip6_input(struct mbuf *m) |
|
| goto bad; |
goto bad; |
| } |
} |
| |
|
| #if defined(IPSEC) |
#if defined(KAME_IPSEC) |
| /* IPv6 fast forwarding is not compatible with IPsec. */ |
/* IPv6 fast forwarding is not compatible with IPsec. */ |
| m->m_flags &= ~M_CANFASTFWD; |
m->m_flags &= ~M_CANFASTFWD; |
| #else |
#else |
| Line 370 ip6_input(struct mbuf *m) |
|
| Line 375 ip6_input(struct mbuf *m) |
|
| * let ipfilter look at packet on the wire, |
* let ipfilter look at packet on the wire, |
| * not the decapsulated packet. |
* not the decapsulated packet. |
| */ |
*/ |
| #ifdef IPSEC |
#ifdef KAME_IPSEC |
| if (!ipsec_getnhist(m)) |
if (!ipsec_getnhist(m)) |
| #elif defined(FAST_IPSEC) |
#elif defined(FAST_IPSEC) |
| if (!ipsec_indone(m)) |
if (!ipsec_indone(m)) |
| Line 781 ip6_input(struct mbuf *m) |
|
| Line 786 ip6_input(struct mbuf *m) |
|
| } |
} |
| } |
} |
| |
|
| #ifdef IPSEC |
#ifdef KAME_IPSEC |
| /* |
/* |
| * enforce IPsec policy checking if we are seeing last header. |
* enforce IPsec policy checking if we are seeing last header. |
| * note that we do not visit this with protocols with pcb layer |
* note that we do not visit this with protocols with pcb layer |
| Line 878 ip6_getdstifaddr(struct mbuf *m) |
|
| Line 883 ip6_getdstifaddr(struct mbuf *m) |
|
| * |
* |
| * rtalertp - XXX: should be stored more smart way |
* rtalertp - XXX: should be stored more smart way |
| */ |
*/ |
| static int |
int |
| ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, |
ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, |
| struct mbuf **mp, int *offp) |
struct mbuf **mp, int *offp) |
| { |
{ |
| Line 923 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| Line 928 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| * (RFC2460 p7), opthead is pointer into data content in m, and opthead to |
* (RFC2460 p7), opthead is pointer into data content in m, and opthead to |
| * opthead + hbhlen is located in continuous memory region. |
* opthead + hbhlen is located in continuous memory region. |
| */ |
*/ |
| int |
static int |
| ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, |
ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, |
| u_int32_t *rtalertp, u_int32_t *plenp) |
u_int32_t *rtalertp, u_int32_t *plenp) |
| { |
{ |
| Line 960 ip6_process_hopopts(struct mbuf *m, u_in |
|
| Line 965 ip6_process_hopopts(struct mbuf *m, u_in |
|
| return (-1); |
return (-1); |
| } |
} |
| optlen = IP6OPT_RTALERT_LEN; |
optlen = IP6OPT_RTALERT_LEN; |
| bcopy((void *)(opt + 2), (void *)&rtalert_val, 2); |
memcpy((void *)&rtalert_val, (void *)(opt + 2), 2); |
| *rtalertp = ntohs(rtalert_val); |
*rtalertp = ntohs(rtalert_val); |
| break; |
break; |
| case IP6OPT_JUMBO: |
case IP6OPT_JUMBO: |
| Line 995 ip6_process_hopopts(struct mbuf *m, u_in |
|
| Line 1000 ip6_process_hopopts(struct mbuf *m, u_in |
|
| * We may see jumbolen in unaligned location, so |
* We may see jumbolen in unaligned location, so |
| * we'd need to perform bcopy(). |
* we'd need to perform bcopy(). |
| */ |
*/ |
| bcopy(opt + 2, &jumboplen, sizeof(jumboplen)); |
memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); |
| jumboplen = (u_int32_t)htonl(jumboplen); |
jumboplen = (u_int32_t)htonl(jumboplen); |
| |
|
| #if 1 |
#if 1 |
| Line 1138 ip6_savecontrol(struct in6pcb *in6p, str |
|
| Line 1143 ip6_savecontrol(struct in6pcb *in6p, str |
|
| if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) { |
if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) { |
| struct in6_pktinfo pi6; |
struct in6_pktinfo pi6; |
| |
|
| bcopy(&ip6->ip6_dst, &pi6.ipi6_addr, sizeof(struct in6_addr)); |
memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr)); |
| in6_clearscope(&pi6.ipi6_addr); /* XXX */ |
in6_clearscope(&pi6.ipi6_addr); /* XXX */ |
| pi6.ipi6_ifindex = m->m_pkthdr.rcvif ? |
pi6.ipi6_ifindex = m->m_pkthdr.rcvif ? |
| m->m_pkthdr.rcvif->if_index : 0; |
m->m_pkthdr.rcvif->if_index : 0; |
| Line 1273 ip6_savecontrol(struct in6pcb *in6p, str |
|
| Line 1278 ip6_savecontrol(struct in6pcb *in6p, str |
|
| |
|
| switch (nxt) { |
switch (nxt) { |
| case IPPROTO_DSTOPTS: |
case IPPROTO_DSTOPTS: |
| if (!in6p->in6p_flags & IN6P_DSTOPTS) |
if (!(in6p->in6p_flags & IN6P_DSTOPTS)) |
| break; |
break; |
| |
|
| *mp = sbcreatecontrol((void *)ip6e, elen, |
*mp = sbcreatecontrol((void *)ip6e, elen, |
| Line 1284 ip6_savecontrol(struct in6pcb *in6p, str |
|
| Line 1289 ip6_savecontrol(struct in6pcb *in6p, str |
|
| break; |
break; |
| |
|
| case IPPROTO_ROUTING: |
case IPPROTO_ROUTING: |
| if (!in6p->in6p_flags & IN6P_RTHDR) |
if (!(in6p->in6p_flags & IN6P_RTHDR)) |
| break; |
break; |
| |
|
| *mp = sbcreatecontrol((void *)ip6e, elen, |
*mp = sbcreatecontrol((void *)ip6e, elen, |
| Line 1414 ip6_pullexthdr(struct mbuf *m, size_t of |
|
| Line 1419 ip6_pullexthdr(struct mbuf *m, size_t of |
|
| } |
} |
| |
|
| /* |
/* |
| * Get pointer to the previous header followed by the header |
* Get offset to the previous header followed by the header |
| * currently processed. |
* currently processed. |
| * XXX: This function supposes that |
|
| * M includes all headers, |
|
| * the next header field and the header length field of each header |
|
| * are valid, and |
|
| * the sum of each header length equals to OFF. |
|
| * Because of these assumptions, this function must be called very |
|
| * carefully. Moreover, it will not be used in the near future when |
|
| * we develop `neater' mechanism to process extension headers. |
|
| */ |
*/ |
| u_int8_t * |
int |
| ip6_get_prevhdr(struct mbuf *m, int off) |
ip6_get_prevhdr(struct mbuf *m, int off) |
| { |
{ |
| struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); |
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); |
| |
|
| if (off == sizeof(struct ip6_hdr)) |
if (off == sizeof(struct ip6_hdr)) { |
| return (&ip6->ip6_nxt); |
return offsetof(struct ip6_hdr, ip6_nxt); |
| else { |
} else if (off < sizeof(struct ip6_hdr)) { |
| int len, nxt; |
panic("%s: off < sizeof(struct ip6_hdr)", __func__); |
| struct ip6_ext *ip6e = NULL; |
} else { |
| |
int len, nlen, nxt; |
| |
struct ip6_ext ip6e; |
| |
|
| nxt = ip6->ip6_nxt; |
nxt = ip6->ip6_nxt; |
| len = sizeof(struct ip6_hdr); |
len = sizeof(struct ip6_hdr); |
| |
nlen = 0; |
| while (len < off) { |
while (len < off) { |
| ip6e = (struct ip6_ext *)(mtod(m, char *) + len); |
m_copydata(m, len, sizeof(ip6e), &ip6e); |
| |
|
| switch (nxt) { |
switch (nxt) { |
| case IPPROTO_FRAGMENT: |
case IPPROTO_FRAGMENT: |
| len += sizeof(struct ip6_frag); |
nlen = sizeof(struct ip6_frag); |
| break; |
break; |
| case IPPROTO_AH: |
case IPPROTO_AH: |
| len += (ip6e->ip6e_len + 2) << 2; |
nlen = (ip6e.ip6e_len + 2) << 2; |
| break; |
break; |
| default: |
default: |
| len += (ip6e->ip6e_len + 1) << 3; |
nlen = (ip6e.ip6e_len + 1) << 3; |
| break; |
break; |
| } |
} |
| nxt = ip6e->ip6e_nxt; |
len += nlen; |
| |
nxt = ip6e.ip6e_nxt; |
| } |
} |
| if (ip6e) |
|
| return (&ip6e->ip6e_nxt); |
return (len - nlen); |
| else |
|
| return NULL; |
|
| } |
} |
| } |
} |
| |
|
| Line 1683 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
| Line 1682 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
| return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); |
return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); |
| } |
} |
| |
|
| SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, "sysctl net.inet6.ip6 subtree setup") |
static void |
| |
sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
| { |
{ |
| #ifdef RFC2292 |
#ifdef RFC2292 |
| #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
| Line 1789 SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, |
|
| Line 1789 SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, |
|
| IPV6CTL_ACCEPT_RTADV, CTL_EOL); |
IPV6CTL_ACCEPT_RTADV, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| |
CTLTYPE_INT, "rtadv_maxroutes", |
| |
SYSCTL_DESCR("Maximum number of routes accepted via router advertisements"), |
| |
NULL, 0, &ip6_rtadv_maxroutes, 0, |
| |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| |
IPV6CTL_RTADV_MAXROUTES, CTL_EOL); |
| |
sysctl_createv(clog, 0, NULL, NULL, |
| |
CTLFLAG_PERMANENT, |
| |
CTLTYPE_INT, "rtadv_numroutes", |
| |
SYSCTL_DESCR("Current number of routes accepted via router advertisements"), |
| |
NULL, 0, &nd6_numroutes, 0, |
| |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| |
IPV6CTL_RTADV_NUMROUTES, CTL_EOL); |
| |
sysctl_createv(clog, 0, NULL, NULL, |
| |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| CTLTYPE_INT, "keepfaith", |
CTLTYPE_INT, "keepfaith", |
| SYSCTL_DESCR("Activate faith interface"), |
SYSCTL_DESCR("Activate faith interface"), |
| NULL, 0, &ip6_keepfaith, 0, |
NULL, 0, &ip6_keepfaith, 0, |
| Line 1969 SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, |
|
| Line 1983 SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| CTL_CREATE, CTL_EOL); |
CTL_CREATE, CTL_EOL); |
| #endif |
#endif |
| |
sysctl_createv(clog, 0, NULL, NULL, |
| |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| |
CTLTYPE_INT, "neighborgcthresh", |
| |
SYSCTL_DESCR("Maximum number of entries in neighbor" |
| |
" cache"), |
| |
NULL, 1, &ip6_neighborgcthresh, 0, |
| |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| |
CTL_CREATE, CTL_EOL); |
| |
sysctl_createv(clog, 0, NULL, NULL, |
| |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| |
CTLTYPE_INT, "maxifprefixes", |
| |
SYSCTL_DESCR("Maximum number of prefixes created by" |
| |
" route advertisement per interface"), |
| |
NULL, 1, &ip6_maxifprefixes, 0, |
| |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| |
CTL_CREATE, CTL_EOL); |
| |
sysctl_createv(clog, 0, NULL, NULL, |
| |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| |
CTLTYPE_INT, "maxifdefrouters", |
| |
SYSCTL_DESCR("Maximum number of default routers created" |
| |
" by route advertisement per interface"), |
| |
NULL, 1, &ip6_maxifdefrouters, 0, |
| |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| |
CTL_CREATE, CTL_EOL); |
| |
sysctl_createv(clog, 0, NULL, NULL, |
| |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| |
CTLTYPE_INT, "maxdynroutes", |
| |
SYSCTL_DESCR("Maximum number of routes created via" |
| |
" redirect"), |
| |
NULL, 1, &ip6_maxdynroutes, 0, |
| |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| |
CTL_CREATE, CTL_EOL); |
| } |
} |
| |
|
| void |
void |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip6_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet6