version 1.126, 2009/04/18 14:58:05 |
version 1.135, 2011/12/31 20:41:59 |
|
|
#include <sys/cdefs.h> |
#include <sys/cdefs.h> |
__KERNEL_RCSID(0, "$NetBSD$"); |
__KERNEL_RCSID(0, "$NetBSD$"); |
|
|
|
#include "opt_gateway.h" |
#include "opt_inet.h" |
#include "opt_inet.h" |
#include "opt_inet6.h" |
#include "opt_inet6.h" |
#include "opt_ipsec.h" |
#include "opt_ipsec.h" |
Line 84 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 85 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <sys/syslog.h> |
#include <sys/syslog.h> |
#include <sys/proc.h> |
#include <sys/proc.h> |
#include <sys/sysctl.h> |
#include <sys/sysctl.h> |
|
#include <sys/cprng.h> |
|
|
#include <net/if.h> |
#include <net/if.h> |
#include <net/if_types.h> |
#include <net/if_types.h> |
Line 110 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 112 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <netinet6/in6_ifattach.h> |
#include <netinet6/in6_ifattach.h> |
#include <netinet6/nd6.h> |
#include <netinet6/nd6.h> |
|
|
#ifdef IPSEC |
#ifdef KAME_IPSEC |
#include <netinet6/ipsec.h> |
#include <netinet6/ipsec.h> |
#include <netinet6/ipsec_private.h> |
#include <netinet6/ipsec_private.h> |
#endif |
#endif |
Line 161 static struct m_tag *ip6_setdstifaddr(st |
|
Line 163 static struct m_tag *ip6_setdstifaddr(st |
|
|
|
static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *); |
static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
|
static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
|
|
/* |
/* |
* IP6 initialization: fill in IP6 protocol switch table. |
* IP6 initialization: fill in IP6 protocol switch table. |
|
|
const struct ip6protosw *pr; |
const struct ip6protosw *pr; |
int i; |
int i; |
|
|
|
sysctl_net_inet6_ip6_setup(NULL); |
pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); |
pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW); |
if (pr == 0) |
if (pr == 0) |
panic("ip6_init"); |
panic("ip6_init"); |
|
|
addrsel_policy_init(); |
addrsel_policy_init(); |
nd6_init(); |
nd6_init(); |
frag6_init(); |
frag6_init(); |
ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; |
ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; |
|
|
ip6_init2((void *)0); |
ip6_init2(NULL); |
#ifdef GATEWAY |
#ifdef GATEWAY |
ip6flow_init(ip6_hashsize); |
ip6flow_init(ip6_hashsize); |
#endif |
#endif |
Line 275 ip6_input(struct mbuf *m) |
|
Line 279 ip6_input(struct mbuf *m) |
|
int s, error; |
int s, error; |
#endif |
#endif |
|
|
#ifdef IPSEC |
#ifdef KAME_IPSEC |
/* |
/* |
* should the inner packet be considered authentic? |
* should the inner packet be considered authentic? |
* see comment in ah4_input(). |
* see comment in ah4_input(). |
Line 347 ip6_input(struct mbuf *m) |
|
Line 351 ip6_input(struct mbuf *m) |
|
goto bad; |
goto bad; |
} |
} |
|
|
#if defined(IPSEC) |
#if defined(KAME_IPSEC) |
/* IPv6 fast forwarding is not compatible with IPsec. */ |
/* IPv6 fast forwarding is not compatible with IPsec. */ |
m->m_flags &= ~M_CANFASTFWD; |
m->m_flags &= ~M_CANFASTFWD; |
#else |
#else |
Line 370 ip6_input(struct mbuf *m) |
|
Line 374 ip6_input(struct mbuf *m) |
|
* let ipfilter look at packet on the wire, |
* let ipfilter look at packet on the wire, |
* not the decapsulated packet. |
* not the decapsulated packet. |
*/ |
*/ |
#ifdef IPSEC |
#ifdef KAME_IPSEC |
if (!ipsec_getnhist(m)) |
if (!ipsec_getnhist(m)) |
#elif defined(FAST_IPSEC) |
#elif defined(FAST_IPSEC) |
if (!ipsec_indone(m)) |
if (!ipsec_indone(m)) |
Line 781 ip6_input(struct mbuf *m) |
|
Line 785 ip6_input(struct mbuf *m) |
|
} |
} |
} |
} |
|
|
#ifdef IPSEC |
#ifdef KAME_IPSEC |
/* |
/* |
* enforce IPsec policy checking if we are seeing last header. |
* enforce IPsec policy checking if we are seeing last header. |
* note that we do not visit this with protocols with pcb layer |
* note that we do not visit this with protocols with pcb layer |
Line 1273 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1277 ip6_savecontrol(struct in6pcb *in6p, str |
|
|
|
switch (nxt) { |
switch (nxt) { |
case IPPROTO_DSTOPTS: |
case IPPROTO_DSTOPTS: |
if (!in6p->in6p_flags & IN6P_DSTOPTS) |
if (!(in6p->in6p_flags & IN6P_DSTOPTS)) |
break; |
break; |
|
|
*mp = sbcreatecontrol((void *)ip6e, elen, |
*mp = sbcreatecontrol((void *)ip6e, elen, |
Line 1284 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1288 ip6_savecontrol(struct in6pcb *in6p, str |
|
break; |
break; |
|
|
case IPPROTO_ROUTING: |
case IPPROTO_ROUTING: |
if (!in6p->in6p_flags & IN6P_RTHDR) |
if (!(in6p->in6p_flags & IN6P_RTHDR)) |
break; |
break; |
|
|
*mp = sbcreatecontrol((void *)ip6e, elen, |
*mp = sbcreatecontrol((void *)ip6e, elen, |
Line 1683 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
Line 1687 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); |
return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); |
} |
} |
|
|
SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, "sysctl net.inet6.ip6 subtree setup") |
static void |
|
sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
{ |
{ |
#ifdef RFC2292 |
#ifdef RFC2292 |
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
Line 1789 SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, |
|
Line 1794 SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, |
|
IPV6CTL_ACCEPT_RTADV, CTL_EOL); |
IPV6CTL_ACCEPT_RTADV, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "rtadv_maxroutes", |
|
SYSCTL_DESCR("Maximum number of routes accepted via router advertisements"), |
|
NULL, 0, &ip6_rtadv_maxroutes, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_RTADV_MAXROUTES, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT, |
|
CTLTYPE_INT, "rtadv_numroutes", |
|
SYSCTL_DESCR("Current number of routes accepted via router advertisements"), |
|
NULL, 0, &nd6_numroutes, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_RTADV_NUMROUTES, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "keepfaith", |
CTLTYPE_INT, "keepfaith", |
SYSCTL_DESCR("Activate faith interface"), |
SYSCTL_DESCR("Activate faith interface"), |
NULL, 0, &ip6_keepfaith, 0, |
NULL, 0, &ip6_keepfaith, 0, |