| version 1.132.2.2, 2012/10/30 17:22:49 |
version 1.133, 2011/11/19 22:51:29 |
| Line 103 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| Line 103 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| #include <netinet/ip_icmp.h> |
#include <netinet/ip_icmp.h> |
| #endif /* INET */ |
#endif /* INET */ |
| #include <netinet/ip6.h> |
#include <netinet/ip6.h> |
| #include <netinet/portalgo.h> |
|
| #include <netinet6/in6_var.h> |
#include <netinet6/in6_var.h> |
| #include <netinet6/ip6_var.h> |
#include <netinet6/ip6_var.h> |
| #include <netinet6/ip6_private.h> |
#include <netinet6/ip6_private.h> |
| Line 113 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| Line 112 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| #include <netinet6/in6_ifattach.h> |
#include <netinet6/in6_ifattach.h> |
| #include <netinet6/nd6.h> |
#include <netinet6/nd6.h> |
| |
|
| |
#ifdef IPSEC |
| |
#include <netinet6/ipsec.h> |
| |
#include <netinet6/ipsec_private.h> |
| |
#endif |
| |
|
| #ifdef FAST_IPSEC |
#ifdef FAST_IPSEC |
| #include <netipsec/ipsec.h> |
#include <netipsec/ipsec.h> |
| #include <netipsec/ipsec6.h> |
#include <netipsec/ipsec6.h> |
| Line 157 percpu_t *ip6stat_percpu; |
|
| Line 161 percpu_t *ip6stat_percpu; |
|
| static void ip6_init2(void *); |
static void ip6_init2(void *); |
| static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
| |
|
| static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, |
static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *); |
| u_int32_t *); |
|
| static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
| static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
| |
|
|
|
| frag6_init(); |
frag6_init(); |
| ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; |
ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; |
| |
|
| ip6_init2(NULL); |
ip6_init2((void *)0); |
| #ifdef GATEWAY |
#ifdef GATEWAY |
| ip6flow_init(ip6_hashsize); |
ip6flow_init(ip6_hashsize); |
| #endif |
#endif |
| Line 276 ip6_input(struct mbuf *m) |
|
| Line 279 ip6_input(struct mbuf *m) |
|
| int s, error; |
int s, error; |
| #endif |
#endif |
| |
|
| |
#ifdef IPSEC |
| |
/* |
| |
* should the inner packet be considered authentic? |
| |
* see comment in ah4_input(). |
| |
*/ |
| |
m->m_flags &= ~M_AUTHIPHDR; |
| |
m->m_flags &= ~M_AUTHIPDGM; |
| |
#endif |
| |
|
| /* |
/* |
| * make sure we don't have onion peering information into m_tag. |
* make sure we don't have onion peering information into m_tag. |
| */ |
*/ |
| Line 339 ip6_input(struct mbuf *m) |
|
| Line 351 ip6_input(struct mbuf *m) |
|
| goto bad; |
goto bad; |
| } |
} |
| |
|
| |
#if defined(IPSEC) |
| |
/* IPv6 fast forwarding is not compatible with IPsec. */ |
| |
m->m_flags &= ~M_CANFASTFWD; |
| |
#else |
| /* |
/* |
| * Assume that we can create a fast-forward IP flow entry |
* Assume that we can create a fast-forward IP flow entry |
| * based on this packet. |
* based on this packet. |
| */ |
*/ |
| m->m_flags |= M_CANFASTFWD; |
m->m_flags |= M_CANFASTFWD; |
| |
#endif |
| |
|
| #ifdef PFIL_HOOKS |
#ifdef PFIL_HOOKS |
| /* |
/* |
| Line 357 ip6_input(struct mbuf *m) |
|
| Line 374 ip6_input(struct mbuf *m) |
|
| * let ipfilter look at packet on the wire, |
* let ipfilter look at packet on the wire, |
| * not the decapsulated packet. |
* not the decapsulated packet. |
| */ |
*/ |
| #if defined(FAST_IPSEC) |
#ifdef IPSEC |
| |
if (!ipsec_getnhist(m)) |
| |
#elif defined(FAST_IPSEC) |
| if (!ipsec_indone(m)) |
if (!ipsec_indone(m)) |
| #else |
#else |
| if (1) |
if (1) |
| Line 766 ip6_input(struct mbuf *m) |
|
| Line 785 ip6_input(struct mbuf *m) |
|
| } |
} |
| } |
} |
| |
|
| |
#ifdef IPSEC |
| |
/* |
| |
* enforce IPsec policy checking if we are seeing last header. |
| |
* note that we do not visit this with protocols with pcb layer |
| |
* code - like udp/tcp/raw ip. |
| |
*/ |
| |
if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && |
| |
ipsec6_in_reject(m, NULL)) { |
| |
IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); |
| |
goto bad; |
| |
} |
| |
#endif |
| #ifdef FAST_IPSEC |
#ifdef FAST_IPSEC |
| /* |
/* |
| * enforce IPsec policy checking if we are seeing last header. |
* enforce IPsec policy checking if we are seeing last header. |
| Line 851 ip6_getdstifaddr(struct mbuf *m) |
|
| Line 882 ip6_getdstifaddr(struct mbuf *m) |
|
| * |
* |
| * rtalertp - XXX: should be stored more smart way |
* rtalertp - XXX: should be stored more smart way |
| */ |
*/ |
| int |
static int |
| ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, |
ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, |
| struct mbuf **mp, int *offp) |
struct mbuf **mp, int *offp) |
| { |
{ |
| Line 896 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| Line 927 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| * (RFC2460 p7), opthead is pointer into data content in m, and opthead to |
* (RFC2460 p7), opthead is pointer into data content in m, and opthead to |
| * opthead + hbhlen is located in continuous memory region. |
* opthead + hbhlen is located in continuous memory region. |
| */ |
*/ |
| static int |
int |
| ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, |
ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, |
| u_int32_t *rtalertp, u_int32_t *plenp) |
u_int32_t *rtalertp, u_int32_t *plenp) |
| { |
{ |
| Line 1957 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1988 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| CTL_CREATE, CTL_EOL); |
CTL_CREATE, CTL_EOL); |
| #endif |
#endif |
| /* anonportalgo RFC6056 subtree */ |
|
| const struct sysctlnode *portalgo_node; |
|
| sysctl_createv(clog, 0, NULL, &portalgo_node, |
|
| CTLFLAG_PERMANENT, |
|
| CTLTYPE_NODE, "anonportalgo", |
|
| SYSCTL_DESCR("Anonymous port algorithm selection (RFC 6056)"), |
|
| NULL, 0, NULL, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_CREATE, CTL_EOL); |
|
| sysctl_createv(clog, 0, &portalgo_node, NULL, |
|
| CTLFLAG_PERMANENT, |
|
| CTLTYPE_STRING, "available", |
|
| SYSCTL_DESCR("available algorithms"), |
|
| sysctl_portalgo_available, 0, NULL, PORTALGO_MAXLEN, |
|
| CTL_CREATE, CTL_EOL); |
|
| sysctl_createv(clog, 0, &portalgo_node, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_STRING, "selected", |
|
| SYSCTL_DESCR("selected algorithm"), |
|
| sysctl_portalgo_selected6, 0, NULL, PORTALGO_MAXLEN, |
|
| CTL_CREATE, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "neighborgcthresh", |
|
| SYSCTL_DESCR("Maximum number of entries in neighbor" |
|
| " cache"), |
|
| NULL, 1, &ip6_neighborgcthresh, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| CTL_CREATE, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "maxifprefixes", |
|
| SYSCTL_DESCR("Maximum number of prefixes created by" |
|
| " route advertisement per interface"), |
|
| NULL, 1, &ip6_maxifprefixes, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| CTL_CREATE, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "maxifdefrouters", |
|
| SYSCTL_DESCR("Maximum number of default routers created" |
|
| " by route advertisement per interface"), |
|
| NULL, 1, &ip6_maxifdefrouters, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| CTL_CREATE, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "maxdynroutes", |
|
| SYSCTL_DESCR("Maximum number of routes created via" |
|
| " redirect"), |
|
| NULL, 1, &ip6_maxdynroutes, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| CTL_CREATE, CTL_EOL); |
|
| } |
} |
| |
|
| void |
void |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip6_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet6