| version 1.133.2.2, 2012/04/05 21:33:46 |
version 1.136.6.2, 2018/01/30 18:47:35 |
| Line 112 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| Line 112 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| #include <netinet6/in6_ifattach.h> |
#include <netinet6/in6_ifattach.h> |
| #include <netinet6/nd6.h> |
#include <netinet6/nd6.h> |
| |
|
| |
#ifdef KAME_IPSEC |
| |
#include <netinet6/ipsec.h> |
| |
#include <netinet6/ipsec_private.h> |
| |
#endif |
| |
|
| #ifdef FAST_IPSEC |
#ifdef FAST_IPSEC |
| #include <netipsec/ipsec.h> |
#include <netipsec/ipsec.h> |
| #include <netipsec/ipsec6.h> |
#include <netipsec/ipsec6.h> |
| Line 275 ip6_input(struct mbuf *m) |
|
| Line 280 ip6_input(struct mbuf *m) |
|
| int s, error; |
int s, error; |
| #endif |
#endif |
| |
|
| |
#ifdef KAME_IPSEC |
| |
/* |
| |
* should the inner packet be considered authentic? |
| |
* see comment in ah4_input(). |
| |
*/ |
| |
m->m_flags &= ~M_AUTHIPHDR; |
| |
m->m_flags &= ~M_AUTHIPDGM; |
| |
#endif |
| |
|
| /* |
/* |
| * make sure we don't have onion peering information into m_tag. |
* make sure we don't have onion peering information into m_tag. |
| */ |
*/ |
| Line 338 ip6_input(struct mbuf *m) |
|
| Line 352 ip6_input(struct mbuf *m) |
|
| goto bad; |
goto bad; |
| } |
} |
| |
|
| |
#if defined(KAME_IPSEC) |
| |
/* IPv6 fast forwarding is not compatible with IPsec. */ |
| |
m->m_flags &= ~M_CANFASTFWD; |
| |
#else |
| /* |
/* |
| * Assume that we can create a fast-forward IP flow entry |
* Assume that we can create a fast-forward IP flow entry |
| * based on this packet. |
* based on this packet. |
| */ |
*/ |
| m->m_flags |= M_CANFASTFWD; |
m->m_flags |= M_CANFASTFWD; |
| |
#endif |
| |
|
| #ifdef PFIL_HOOKS |
#ifdef PFIL_HOOKS |
| /* |
/* |
| Line 356 ip6_input(struct mbuf *m) |
|
| Line 375 ip6_input(struct mbuf *m) |
|
| * let ipfilter look at packet on the wire, |
* let ipfilter look at packet on the wire, |
| * not the decapsulated packet. |
* not the decapsulated packet. |
| */ |
*/ |
| #if defined(FAST_IPSEC) |
#ifdef KAME_IPSEC |
| |
if (!ipsec_getnhist(m)) |
| |
#elif defined(FAST_IPSEC) |
| if (!ipsec_indone(m)) |
if (!ipsec_indone(m)) |
| #else |
#else |
| if (1) |
if (1) |
| Line 765 ip6_input(struct mbuf *m) |
|
| Line 786 ip6_input(struct mbuf *m) |
|
| } |
} |
| } |
} |
| |
|
| |
#ifdef KAME_IPSEC |
| |
/* |
| |
* enforce IPsec policy checking if we are seeing last header. |
| |
* note that we do not visit this with protocols with pcb layer |
| |
* code - like udp/tcp/raw ip. |
| |
*/ |
| |
if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && |
| |
ipsec6_in_reject(m, NULL)) { |
| |
IPSEC6_STATINC(IPSEC_STAT_IN_POLVIO); |
| |
goto bad; |
| |
} |
| |
#endif |
| #ifdef FAST_IPSEC |
#ifdef FAST_IPSEC |
| /* |
/* |
| * enforce IPsec policy checking if we are seeing last header. |
* enforce IPsec policy checking if we are seeing last header. |
| Line 1386 ip6_pullexthdr(struct mbuf *m, size_t of |
|
| Line 1419 ip6_pullexthdr(struct mbuf *m, size_t of |
|
| } |
} |
| |
|
| /* |
/* |
| * Get pointer to the previous header followed by the header |
* Get offset to the previous header followed by the header |
| * currently processed. |
* currently processed. |
| * XXX: This function supposes that |
|
| * M includes all headers, |
|
| * the next header field and the header length field of each header |
|
| * are valid, and |
|
| * the sum of each header length equals to OFF. |
|
| * Because of these assumptions, this function must be called very |
|
| * carefully. Moreover, it will not be used in the near future when |
|
| * we develop `neater' mechanism to process extension headers. |
|
| */ |
*/ |
| u_int8_t * |
int |
| ip6_get_prevhdr(struct mbuf *m, int off) |
ip6_get_prevhdr(struct mbuf *m, int off) |
| { |
{ |
| struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); |
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); |
| |
|
| if (off == sizeof(struct ip6_hdr)) |
if (off == sizeof(struct ip6_hdr)) { |
| return (&ip6->ip6_nxt); |
return offsetof(struct ip6_hdr, ip6_nxt); |
| else { |
} else if (off < sizeof(struct ip6_hdr)) { |
| int len, nxt; |
panic("%s: off < sizeof(struct ip6_hdr)", __func__); |
| struct ip6_ext *ip6e = NULL; |
} else { |
| |
int len, nlen, nxt; |
| |
struct ip6_ext ip6e; |
| |
|
| nxt = ip6->ip6_nxt; |
nxt = ip6->ip6_nxt; |
| len = sizeof(struct ip6_hdr); |
len = sizeof(struct ip6_hdr); |
| |
nlen = 0; |
| while (len < off) { |
while (len < off) { |
| ip6e = (struct ip6_ext *)(mtod(m, char *) + len); |
m_copydata(m, len, sizeof(ip6e), &ip6e); |
| |
|
| switch (nxt) { |
switch (nxt) { |
| case IPPROTO_FRAGMENT: |
case IPPROTO_FRAGMENT: |
| len += sizeof(struct ip6_frag); |
nlen = sizeof(struct ip6_frag); |
| break; |
break; |
| case IPPROTO_AH: |
case IPPROTO_AH: |
| len += (ip6e->ip6e_len + 2) << 2; |
nlen = (ip6e.ip6e_len + 2) << 2; |
| break; |
break; |
| default: |
default: |
| len += (ip6e->ip6e_len + 1) << 3; |
nlen = (ip6e.ip6e_len + 1) << 3; |
| break; |
break; |
| } |
} |
| nxt = ip6e->ip6e_nxt; |
len += nlen; |
| |
nxt = ip6e.ip6e_nxt; |
| } |
} |
| if (ip6e) |
|
| return (&ip6e->ip6e_nxt); |
return (len - nlen); |
| else |
|
| return NULL; |
|
| } |
} |
| } |
} |
| |
|
| Line 1956 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1983 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| CTL_CREATE, CTL_EOL); |
CTL_CREATE, CTL_EOL); |
| #endif |
#endif |
| |
sysctl_createv(clog, 0, NULL, NULL, |
| |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| |
CTLTYPE_INT, "neighborgcthresh", |
| |
SYSCTL_DESCR("Maximum number of entries in neighbor" |
| |
" cache"), |
| |
NULL, 1, &ip6_neighborgcthresh, 0, |
| |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| |
CTL_CREATE, CTL_EOL); |
| |
sysctl_createv(clog, 0, NULL, NULL, |
| |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| |
CTLTYPE_INT, "maxifprefixes", |
| |
SYSCTL_DESCR("Maximum number of prefixes created by" |
| |
" route advertisement per interface"), |
| |
NULL, 1, &ip6_maxifprefixes, 0, |
| |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| |
CTL_CREATE, CTL_EOL); |
| |
sysctl_createv(clog, 0, NULL, NULL, |
| |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| |
CTLTYPE_INT, "maxifdefrouters", |
| |
SYSCTL_DESCR("Maximum number of default routers created" |
| |
" by route advertisement per interface"), |
| |
NULL, 1, &ip6_maxifdefrouters, 0, |
| |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| |
CTL_CREATE, CTL_EOL); |
| |
sysctl_createv(clog, 0, NULL, NULL, |
| |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| |
CTLTYPE_INT, "maxdynroutes", |
| |
SYSCTL_DESCR("Maximum number of routes created via" |
| |
" redirect"), |
| |
NULL, 1, &ip6_maxdynroutes, 0, |
| |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| |
CTL_CREATE, CTL_EOL); |
| } |
} |
| |
|
| void |
void |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip6_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet6