version 1.117, 2008/04/23 06:09:05 |
version 1.135, 2011/12/31 20:41:59 |
|
|
#include <sys/cdefs.h> |
#include <sys/cdefs.h> |
__KERNEL_RCSID(0, "$NetBSD$"); |
__KERNEL_RCSID(0, "$NetBSD$"); |
|
|
|
#include "opt_gateway.h" |
#include "opt_inet.h" |
#include "opt_inet.h" |
#include "opt_inet6.h" |
#include "opt_inet6.h" |
#include "opt_ipsec.h" |
#include "opt_ipsec.h" |
#include "opt_pfil_hooks.h" |
#include "opt_pfil_hooks.h" |
|
#include "opt_compat_netbsd.h" |
|
|
#include <sys/param.h> |
#include <sys/param.h> |
#include <sys/systm.h> |
#include <sys/systm.h> |
Line 83 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 85 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <sys/syslog.h> |
#include <sys/syslog.h> |
#include <sys/proc.h> |
#include <sys/proc.h> |
#include <sys/sysctl.h> |
#include <sys/sysctl.h> |
|
#include <sys/cprng.h> |
|
|
#include <net/if.h> |
#include <net/if.h> |
#include <net/if_types.h> |
#include <net/if_types.h> |
Line 109 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 112 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <netinet6/in6_ifattach.h> |
#include <netinet6/in6_ifattach.h> |
#include <netinet6/nd6.h> |
#include <netinet6/nd6.h> |
|
|
#ifdef IPSEC |
#ifdef KAME_IPSEC |
#include <netinet6/ipsec.h> |
#include <netinet6/ipsec.h> |
#include <netinet6/ipsec_private.h> |
#include <netinet6/ipsec_private.h> |
#endif |
#endif |
Line 120 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 123 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <netipsec/key.h> |
#include <netipsec/key.h> |
#endif /* FAST_IPSEC */ |
#endif /* FAST_IPSEC */ |
|
|
|
#ifdef COMPAT_50 |
|
#include <compat/sys/time.h> |
|
#include <compat/sys/socket.h> |
|
#endif |
|
|
#include <netinet6/ip6protosw.h> |
#include <netinet6/ip6protosw.h> |
|
|
#include "faith.h" |
#include "faith.h" |
Line 155 static struct m_tag *ip6_setdstifaddr(st |
|
Line 163 static struct m_tag *ip6_setdstifaddr(st |
|
|
|
static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *); |
static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
|
static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
|
|
/* |
/* |
* IP6 initialization: fill in IP6 protocol switch table. |
* IP6 initialization: fill in IP6 protocol switch table. |
|
|
const struct ip6protosw *pr; |
const struct ip6protosw *pr; |
int i; |
int i; |
|
|
|
sysctl_net_inet6_ip6_setup(NULL); |
pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); |
pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); |
if (pr == 0) |
if (pr == 0) |
panic("ip6_init"); |
panic("ip6_init"); |
|
|
addrsel_policy_init(); |
addrsel_policy_init(); |
nd6_init(); |
nd6_init(); |
frag6_init(); |
frag6_init(); |
ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; |
ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; |
|
|
ip6_init2((void *)0); |
ip6_init2(NULL); |
#ifdef GATEWAY |
#ifdef GATEWAY |
ip6flow_init(ip6_hashsize); |
ip6flow_init(ip6_hashsize); |
#endif |
#endif |
Line 206 ip6_init2(void *dummy) |
|
Line 216 ip6_init2(void *dummy) |
|
{ |
{ |
|
|
/* nd6_timer_init */ |
/* nd6_timer_init */ |
callout_init(&nd6_timer_ch, 0); |
callout_init(&nd6_timer_ch, CALLOUT_MPSAFE); |
callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL); |
callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL); |
|
|
/* timer for regeneranation of temporary addresses randomize ID */ |
/* timer for regeneranation of temporary addresses randomize ID */ |
callout_init(&in6_tmpaddrtimer_ch, 0); |
callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); |
callout_reset(&in6_tmpaddrtimer_ch, |
callout_reset(&in6_tmpaddrtimer_ch, |
(ip6_temp_preferred_lifetime - ip6_desync_factor - |
(ip6_temp_preferred_lifetime - ip6_desync_factor - |
ip6_temp_regen_advance) * hz, |
ip6_temp_regen_advance) * hz, |
|
|
int s; |
int s; |
struct mbuf *m; |
struct mbuf *m; |
|
|
|
mutex_enter(softnet_lock); |
|
KERNEL_LOCK(1, NULL); |
for (;;) { |
for (;;) { |
s = splnet(); |
s = splnet(); |
IF_DEQUEUE(&ip6intrq, m); |
IF_DEQUEUE(&ip6intrq, m); |
splx(s); |
splx(s); |
if (m == 0) |
if (m == 0) |
return; |
break; |
/* drop the packet if IPv6 operation is disabled on the IF */ |
/* drop the packet if IPv6 operation is disabled on the IF */ |
if ((ND_IFINFO(m->m_pkthdr.rcvif)->flags & ND6_IFF_IFDISABLED)) { |
if ((ND_IFINFO(m->m_pkthdr.rcvif)->flags & ND6_IFF_IFDISABLED)) { |
m_freem(m); |
m_freem(m); |
return; |
break; |
} |
} |
ip6_input(m); |
ip6_input(m); |
} |
} |
|
KERNEL_UNLOCK_ONE(NULL); |
|
mutex_exit(softnet_lock); |
} |
} |
|
|
extern struct route ip6_forward_rt; |
extern struct route ip6_forward_rt; |
Line 265 ip6_input(struct mbuf *m) |
|
Line 279 ip6_input(struct mbuf *m) |
|
int s, error; |
int s, error; |
#endif |
#endif |
|
|
#ifdef IPSEC |
#ifdef KAME_IPSEC |
/* |
/* |
* should the inner packet be considered authentic? |
* should the inner packet be considered authentic? |
* see comment in ah4_input(). |
* see comment in ah4_input(). |
Line 337 ip6_input(struct mbuf *m) |
|
Line 351 ip6_input(struct mbuf *m) |
|
goto bad; |
goto bad; |
} |
} |
|
|
#if defined(IPSEC) |
#if defined(KAME_IPSEC) |
/* IPv6 fast forwarding is not compatible with IPsec. */ |
/* IPv6 fast forwarding is not compatible with IPsec. */ |
m->m_flags &= ~M_CANFASTFWD; |
m->m_flags &= ~M_CANFASTFWD; |
#else |
#else |
Line 360 ip6_input(struct mbuf *m) |
|
Line 374 ip6_input(struct mbuf *m) |
|
* let ipfilter look at packet on the wire, |
* let ipfilter look at packet on the wire, |
* not the decapsulated packet. |
* not the decapsulated packet. |
*/ |
*/ |
#ifdef IPSEC |
#ifdef KAME_IPSEC |
if (!ipsec_getnhist(m)) |
if (!ipsec_getnhist(m)) |
#elif defined(FAST_IPSEC) |
#elif defined(FAST_IPSEC) |
if (!ipsec_indone(m)) |
if (!ipsec_indone(m)) |
Line 771 ip6_input(struct mbuf *m) |
|
Line 785 ip6_input(struct mbuf *m) |
|
} |
} |
} |
} |
|
|
#ifdef IPSEC |
#ifdef KAME_IPSEC |
/* |
/* |
* enforce IPsec policy checking if we are seeing last header. |
* enforce IPsec policy checking if we are seeing last header. |
* note that we do not visit this with protocols with pcb layer |
* note that we do not visit this with protocols with pcb layer |
Line 950 ip6_process_hopopts(struct mbuf *m, u_in |
|
Line 964 ip6_process_hopopts(struct mbuf *m, u_in |
|
return (-1); |
return (-1); |
} |
} |
optlen = IP6OPT_RTALERT_LEN; |
optlen = IP6OPT_RTALERT_LEN; |
bcopy((void *)(opt + 2), (void *)&rtalert_val, 2); |
memcpy((void *)&rtalert_val, (void *)(opt + 2), 2); |
*rtalertp = ntohs(rtalert_val); |
*rtalertp = ntohs(rtalert_val); |
break; |
break; |
case IP6OPT_JUMBO: |
case IP6OPT_JUMBO: |
Line 985 ip6_process_hopopts(struct mbuf *m, u_in |
|
Line 999 ip6_process_hopopts(struct mbuf *m, u_in |
|
* We may see jumbolen in unaligned location, so |
* We may see jumbolen in unaligned location, so |
* we'd need to perform bcopy(). |
* we'd need to perform bcopy(). |
*/ |
*/ |
bcopy(opt + 2, &jumboplen, sizeof(jumboplen)); |
memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); |
jumboplen = (u_int32_t)htonl(jumboplen); |
jumboplen = (u_int32_t)htonl(jumboplen); |
|
|
#if 1 |
#if 1 |
Line 1098 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1112 ip6_savecontrol(struct in6pcb *in6p, str |
|
#define IS2292(x, y) (y) |
#define IS2292(x, y) (y) |
#endif |
#endif |
|
|
#ifdef SO_TIMESTAMP |
if (in6p->in6p_socket->so_options & SO_TIMESTAMP |
if (in6p->in6p_socket->so_options & SO_TIMESTAMP) { |
#ifdef SO_OTIMESTAMP |
|
|| in6p->in6p_socket->so_options & SO_OTIMESTAMP |
|
#endif |
|
) { |
struct timeval tv; |
struct timeval tv; |
|
|
microtime(&tv); |
microtime(&tv); |
|
#ifdef SO_OTIMESTAMP |
|
if (in6p->in6p_socket->so_options & SO_OTIMESTAMP) { |
|
struct timeval50 tv50; |
|
timeval_to_timeval50(&tv, &tv50); |
|
*mp = sbcreatecontrol((void *) &tv50, sizeof(tv50), |
|
SCM_OTIMESTAMP, SOL_SOCKET); |
|
} else |
|
#endif |
*mp = sbcreatecontrol((void *) &tv, sizeof(tv), |
*mp = sbcreatecontrol((void *) &tv, sizeof(tv), |
SCM_TIMESTAMP, SOL_SOCKET); |
SCM_TIMESTAMP, SOL_SOCKET); |
if (*mp) |
if (*mp) |
mp = &(*mp)->m_next; |
mp = &(*mp)->m_next; |
} |
} |
#endif |
|
|
|
/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ |
/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ |
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) |
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) |
Line 1118 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1142 ip6_savecontrol(struct in6pcb *in6p, str |
|
if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) { |
if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) { |
struct in6_pktinfo pi6; |
struct in6_pktinfo pi6; |
|
|
bcopy(&ip6->ip6_dst, &pi6.ipi6_addr, sizeof(struct in6_addr)); |
memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr)); |
in6_clearscope(&pi6.ipi6_addr); /* XXX */ |
in6_clearscope(&pi6.ipi6_addr); /* XXX */ |
pi6.ipi6_ifindex = m->m_pkthdr.rcvif ? |
pi6.ipi6_ifindex = m->m_pkthdr.rcvif ? |
m->m_pkthdr.rcvif->if_index : 0; |
m->m_pkthdr.rcvif->if_index : 0; |
Line 1253 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1277 ip6_savecontrol(struct in6pcb *in6p, str |
|
|
|
switch (nxt) { |
switch (nxt) { |
case IPPROTO_DSTOPTS: |
case IPPROTO_DSTOPTS: |
if (!in6p->in6p_flags & IN6P_DSTOPTS) |
if (!(in6p->in6p_flags & IN6P_DSTOPTS)) |
break; |
break; |
|
|
*mp = sbcreatecontrol((void *)ip6e, elen, |
*mp = sbcreatecontrol((void *)ip6e, elen, |
Line 1264 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1288 ip6_savecontrol(struct in6pcb *in6p, str |
|
break; |
break; |
|
|
case IPPROTO_ROUTING: |
case IPPROTO_ROUTING: |
if (!in6p->in6p_flags & IN6P_RTHDR) |
if (!(in6p->in6p_flags & IN6P_RTHDR)) |
break; |
break; |
|
|
*mp = sbcreatecontrol((void *)ip6e, elen, |
*mp = sbcreatecontrol((void *)ip6e, elen, |
Line 1558 ip6_addaux(struct mbuf *m) |
|
Line 1582 ip6_addaux(struct mbuf *m) |
|
M_NOWAIT); |
M_NOWAIT); |
if (mtag) { |
if (mtag) { |
m_tag_prepend(m, mtag); |
m_tag_prepend(m, mtag); |
bzero(mtag + 1, sizeof(struct ip6aux)); |
memset(mtag + 1, 0, sizeof(struct ip6aux)); |
} |
} |
} |
} |
return mtag; |
return mtag; |
Line 1591 ip6_delaux(struct mbuf *m) |
|
Line 1615 ip6_delaux(struct mbuf *m) |
|
static int |
static int |
sysctl_net_inet6_ip6_maxflows(SYSCTLFN_ARGS) |
sysctl_net_inet6_ip6_maxflows(SYSCTLFN_ARGS) |
{ |
{ |
int s; |
int error; |
|
|
s = sysctl_lookup(SYSCTLFN_CALL(rnode)); |
error = sysctl_lookup(SYSCTLFN_CALL(rnode)); |
if (s || newp == NULL) |
if (error || newp == NULL) |
return (s); |
return (error); |
|
|
s = splsoftnet(); |
mutex_enter(softnet_lock); |
ip6flow_reap(0); |
KERNEL_LOCK(1, NULL); |
splx(s); |
|
|
ip6flow_reap(0); |
|
|
|
KERNEL_UNLOCK_ONE(NULL); |
|
mutex_exit(softnet_lock); |
|
|
return (0); |
return (0); |
} |
} |
|
|
static int |
static int |
Line 1621 sysctl_net_inet6_ip6_hashsize(SYSCTLFN_A |
|
Line 1649 sysctl_net_inet6_ip6_hashsize(SYSCTLFN_A |
|
/* |
/* |
* Can only fail due to malloc() |
* Can only fail due to malloc() |
*/ |
*/ |
if (ip6flow_invalidate_all(tmp)) |
mutex_enter(softnet_lock); |
return ENOMEM; |
KERNEL_LOCK(1, NULL); |
|
|
|
error = ip6flow_invalidate_all(tmp); |
|
|
|
KERNEL_UNLOCK_ONE(NULL); |
|
mutex_exit(softnet_lock); |
} else { |
} else { |
/* |
/* |
* EINVAL if not a power of 2 |
* EINVAL if not a power of 2 |
*/ |
*/ |
return EINVAL; |
error = EINVAL; |
} |
} |
|
|
return (0); |
return error; |
} |
} |
#endif /* GATEWAY */ |
#endif /* GATEWAY */ |
|
|
Line 1638 sysctl_net_inet6_ip6_hashsize(SYSCTLFN_A |
|
Line 1671 sysctl_net_inet6_ip6_hashsize(SYSCTLFN_A |
|
* System control for IP6 |
* System control for IP6 |
*/ |
*/ |
|
|
u_char inet6ctlerrmap[PRC_NCMDS] = { |
const u_char inet6ctlerrmap[PRC_NCMDS] = { |
0, 0, 0, 0, |
0, 0, 0, 0, |
0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, |
0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, |
EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, |
EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, |
Line 1650 u_char inet6ctlerrmap[PRC_NCMDS] = { |
|
Line 1683 u_char inet6ctlerrmap[PRC_NCMDS] = { |
|
static int |
static int |
sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS) |
sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS) |
{ |
{ |
netstat_sysctl_context ctx; |
|
uint64_t ip6s[IP6_NSTATS]; |
|
|
|
ctx.ctx_stat = ip6stat_percpu; |
return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); |
ctx.ctx_counters = ip6s; |
|
ctx.ctx_ncounters = IP6_NSTATS; |
|
return (NETSTAT_SYSCTL(&ctx)); |
|
} |
} |
|
|
SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, "sysctl net.inet6.ip6 subtree setup") |
static void |
|
sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
{ |
{ |
#ifdef RFC2292 |
#ifdef RFC2292 |
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
Line 1765 SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, |
|
Line 1794 SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, |
|
IPV6CTL_ACCEPT_RTADV, CTL_EOL); |
IPV6CTL_ACCEPT_RTADV, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "rtadv_maxroutes", |
|
SYSCTL_DESCR("Maximum number of routes accepted via router advertisements"), |
|
NULL, 0, &ip6_rtadv_maxroutes, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_RTADV_MAXROUTES, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT, |
|
CTLTYPE_INT, "rtadv_numroutes", |
|
SYSCTL_DESCR("Current number of routes accepted via router advertisements"), |
|
NULL, 0, &nd6_numroutes, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_RTADV_NUMROUTES, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "keepfaith", |
CTLTYPE_INT, "keepfaith", |
SYSCTL_DESCR("Activate faith interface"), |
SYSCTL_DESCR("Activate faith interface"), |
NULL, 0, &ip6_keepfaith, 0, |
NULL, 0, &ip6_keepfaith, 0, |