Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.119.2.1
retrieving revision 1.136.8.2
diff -u -p -r1.119.2.1 -r1.136.8.2
--- src/sys/netinet6/ip6_input.c	2008/09/18 04:37:01	1.119.2.1
+++ src/sys/netinet6/ip6_input.c	2018/01/30 18:45:59	1.136.8.2
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_input.c,v 1.119.2.1 2008/09/18 04:37:01 wrstuden Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.136.8.2 2018/01/30 18:45:59 martin Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -62,12 +62,14 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.119.2.1 2008/09/18 04:37:01 wrstuden Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.136.8.2 2018/01/30 18:45:59 martin Exp $");
 
+#include "opt_gateway.h"
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
 #include "opt_pfil_hooks.h"
+#include "opt_compat_netbsd.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -83,6 +85,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,
 #include <sys/syslog.h>
 #include <sys/proc.h>
 #include <sys/sysctl.h>
+#include <sys/cprng.h>
 
 #include <net/if.h>
 #include <net/if_types.h>
@@ -109,7 +112,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,
 #include <netinet6/in6_ifattach.h>
 #include <netinet6/nd6.h>
 
-#ifdef IPSEC
+#ifdef KAME_IPSEC
 #include <netinet6/ipsec.h>
 #include <netinet6/ipsec_private.h>
 #endif
@@ -120,6 +123,11 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,
 #include <netipsec/key.h>
 #endif /* FAST_IPSEC */
 
+#ifdef COMPAT_50
+#include <compat/sys/time.h>
+#include <compat/sys/socket.h>
+#endif
+
 #include <netinet6/ip6protosw.h>
 
 #include "faith.h"
@@ -153,8 +161,10 @@ percpu_t *ip6stat_percpu;
 static void ip6_init2(void *);
 static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *);
 
-static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *);
+static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *,
+	u_int32_t *);
 static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int);
+static void sysctl_net_inet6_ip6_setup(struct sysctllog **);
 
 /*
  * IP6 initialization: fill in IP6 protocol switch table.
@@ -166,6 +176,7 @@ ip6_init(void)
 	const struct ip6protosw *pr;
 	int i;
 
+	sysctl_net_inet6_ip6_setup(NULL);
 	pr = (const struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW);
 	if (pr == 0)
 		panic("ip6_init");
@@ -181,9 +192,9 @@ ip6_init(void)
 	addrsel_policy_init();
 	nd6_init();
 	frag6_init();
-	ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR;
+	ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR;
 
-	ip6_init2((void *)0);
+	ip6_init2(NULL);
 #ifdef GATEWAY
 	ip6flow_init(ip6_hashsize);
 #endif
@@ -269,7 +280,7 @@ ip6_input(struct mbuf *m)
 	int s, error;
 #endif
 
-#ifdef IPSEC
+#ifdef KAME_IPSEC
 	/*
 	 * should the inner packet be considered authentic?
 	 * see comment in ah4_input().
@@ -341,7 +352,7 @@ ip6_input(struct mbuf *m)
 		goto bad;
 	}
 
-#if defined(IPSEC)
+#if defined(KAME_IPSEC)
 	/* IPv6 fast forwarding is not compatible with IPsec. */
 	m->m_flags &= ~M_CANFASTFWD;
 #else
@@ -364,7 +375,7 @@ ip6_input(struct mbuf *m)
 	 * let ipfilter look at packet on the wire,
 	 * not the decapsulated packet.
 	 */
-#ifdef IPSEC
+#ifdef KAME_IPSEC
 	if (!ipsec_getnhist(m))
 #elif defined(FAST_IPSEC)
 	if (!ipsec_indone(m))
@@ -775,7 +786,7 @@ ip6_input(struct mbuf *m)
 			}
 		}
 
-#ifdef IPSEC
+#ifdef KAME_IPSEC
 		/*
 		 * enforce IPsec policy checking if we are seeing last header.
 		 * note that we do not visit this with protocols with pcb layer
@@ -872,7 +883,7 @@ ip6_getdstifaddr(struct mbuf *m)
  *
  * rtalertp - XXX: should be stored more smart way
  */
-static int
+int
 ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, 
 	struct mbuf **mp, int *offp)
 {
@@ -917,7 +928,7 @@ ip6_hopopts_input(u_int32_t *plenp, u_in
  * (RFC2460 p7), opthead is pointer into data content in m, and opthead to
  * opthead + hbhlen is located in continuous memory region.
  */
-int
+static int
 ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, 
 	u_int32_t *rtalertp, u_int32_t *plenp)
 {
@@ -954,7 +965,7 @@ ip6_process_hopopts(struct mbuf *m, u_in
 				return (-1);
 			}
 			optlen = IP6OPT_RTALERT_LEN;
-			bcopy((void *)(opt + 2), (void *)&rtalert_val, 2);
+			memcpy((void *)&rtalert_val, (void *)(opt + 2), 2);
 			*rtalertp = ntohs(rtalert_val);
 			break;
 		case IP6OPT_JUMBO:
@@ -989,7 +1000,7 @@ ip6_process_hopopts(struct mbuf *m, u_in
 			 * We may see jumbolen in unaligned location, so
 			 * we'd need to perform bcopy().
 			 */
-			bcopy(opt + 2, &jumboplen, sizeof(jumboplen));
+			memcpy(&jumboplen, opt + 2, sizeof(jumboplen));
 			jumboplen = (u_int32_t)htonl(jumboplen);
 
 #if 1
@@ -1102,17 +1113,27 @@ ip6_savecontrol(struct in6pcb *in6p, str
 #define IS2292(x, y)	(y)
 #endif
 
-#ifdef SO_TIMESTAMP
-	if (in6p->in6p_socket->so_options & SO_TIMESTAMP) {
+	if (in6p->in6p_socket->so_options & SO_TIMESTAMP
+#ifdef SO_OTIMESTAMP
+	    || in6p->in6p_socket->so_options & SO_OTIMESTAMP
+#endif
+	) {
 		struct timeval tv;
 
 		microtime(&tv);
+#ifdef SO_OTIMESTAMP
+		if (in6p->in6p_socket->so_options & SO_OTIMESTAMP) {
+			struct timeval50 tv50;
+			timeval_to_timeval50(&tv, &tv50);
+			*mp = sbcreatecontrol((void *) &tv50, sizeof(tv50),
+			    SCM_OTIMESTAMP, SOL_SOCKET);
+		} else
+#endif
 		*mp = sbcreatecontrol((void *) &tv, sizeof(tv),
 		    SCM_TIMESTAMP, SOL_SOCKET);
 		if (*mp)
 			mp = &(*mp)->m_next;
 	}
-#endif
 
 	/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */
 	if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION)
@@ -1122,7 +1143,7 @@ ip6_savecontrol(struct in6pcb *in6p, str
 	if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) {
 		struct in6_pktinfo pi6;
 
-		bcopy(&ip6->ip6_dst, &pi6.ipi6_addr, sizeof(struct in6_addr));
+		memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr));
 		in6_clearscope(&pi6.ipi6_addr);	/* XXX */
 		pi6.ipi6_ifindex = m->m_pkthdr.rcvif ?
 		    m->m_pkthdr.rcvif->if_index : 0;
@@ -1257,7 +1278,7 @@ ip6_savecontrol(struct in6pcb *in6p, str
 
 			switch (nxt) {
 			case IPPROTO_DSTOPTS:
-				if (!in6p->in6p_flags & IN6P_DSTOPTS)
+				if (!(in6p->in6p_flags & IN6P_DSTOPTS))
 					break;
 
 				*mp = sbcreatecontrol((void *)ip6e, elen,
@@ -1268,7 +1289,7 @@ ip6_savecontrol(struct in6pcb *in6p, str
 				break;
 
 			case IPPROTO_ROUTING:
-				if (!in6p->in6p_flags & IN6P_RTHDR)
+				if (!(in6p->in6p_flags & IN6P_RTHDR))
 					break;
 
 				*mp = sbcreatecontrol((void *)ip6e, elen,
@@ -1398,50 +1419,44 @@ ip6_pullexthdr(struct mbuf *m, size_t of
 }
 
 /*
- * Get pointer to the previous header followed by the header
+ * Get offset to the previous header followed by the header
  * currently processed.
- * XXX: This function supposes that
- *	M includes all headers,
- *	the next header field and the header length field of each header
- *	are valid, and
- *	the sum of each header length equals to OFF.
- * Because of these assumptions, this function must be called very
- * carefully. Moreover, it will not be used in the near future when
- * we develop `neater' mechanism to process extension headers.
  */
-u_int8_t *
+int
 ip6_get_prevhdr(struct mbuf *m, int off)
 {
 	struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
 
-	if (off == sizeof(struct ip6_hdr))
-		return (&ip6->ip6_nxt);
-	else {
-		int len, nxt;
-		struct ip6_ext *ip6e = NULL;
+	if (off == sizeof(struct ip6_hdr)) {
+		return offsetof(struct ip6_hdr, ip6_nxt);
+	} else if (off < sizeof(struct ip6_hdr)) {
+		panic("%s: off < sizeof(struct ip6_hdr)", __func__);
+	} else {
+		int len, nlen, nxt;
+		struct ip6_ext ip6e;
 
 		nxt = ip6->ip6_nxt;
 		len = sizeof(struct ip6_hdr);
+		nlen = 0;
 		while (len < off) {
-			ip6e = (struct ip6_ext *)(mtod(m, char *) + len);
+			m_copydata(m, len, sizeof(ip6e), &ip6e);
 
 			switch (nxt) {
 			case IPPROTO_FRAGMENT:
-				len += sizeof(struct ip6_frag);
+				nlen = sizeof(struct ip6_frag);
 				break;
 			case IPPROTO_AH:
-				len += (ip6e->ip6e_len + 2) << 2;
+				nlen = (ip6e.ip6e_len + 2) << 2;
 				break;
 			default:
-				len += (ip6e->ip6e_len + 1) << 3;
+				nlen = (ip6e.ip6e_len + 1) << 3;
 				break;
 			}
-			nxt = ip6e->ip6e_nxt;
+			len += nlen;
+			nxt = ip6e.ip6e_nxt;
 		}
-		if (ip6e)
-			return (&ip6e->ip6e_nxt);
-		else
-			return NULL;
+
+		return (len - nlen);
 	}
 }
 
@@ -1562,7 +1577,7 @@ ip6_addaux(struct mbuf *m)
 		    M_NOWAIT);
 		if (mtag) {
 			m_tag_prepend(m, mtag);
-			bzero(mtag + 1, sizeof(struct ip6aux));
+			memset(mtag + 1, 0, sizeof(struct ip6aux));
 		}
 	}
 	return mtag;
@@ -1667,7 +1682,8 @@ sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS
 	return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS));
 }
 
-SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, "sysctl net.inet6.ip6 subtree setup")
+static void
+sysctl_net_inet6_ip6_setup(struct sysctllog **clog)
 {
 #ifdef RFC2292
 #define IS2292(x, y)	((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y))
@@ -1773,6 +1789,20 @@ SYSCTL_SETUP(sysctl_net_inet6_ip6_setup,
 		       IPV6CTL_ACCEPT_RTADV, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
 		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "rtadv_maxroutes",
+		       SYSCTL_DESCR("Maximum number of routes accepted via router advertisements"),
+		       NULL, 0, &ip6_rtadv_maxroutes, 0,
+		       CTL_NET, PF_INET6, IPPROTO_IPV6,
+		       IPV6CTL_RTADV_MAXROUTES, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_INT, "rtadv_numroutes",
+		       SYSCTL_DESCR("Current number of routes accepted via router advertisements"),
+		       NULL, 0, &nd6_numroutes, 0,
+		       CTL_NET, PF_INET6, IPPROTO_IPV6,
+		       IPV6CTL_RTADV_NUMROUTES, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 		       CTLTYPE_INT, "keepfaith",
 		       SYSCTL_DESCR("Activate faith interface"),
 		       NULL, 0, &ip6_keepfaith, 0,
@@ -1953,6 +1983,38 @@ SYSCTL_SETUP(sysctl_net_inet6_ip6_setup,
 			CTL_NET, PF_INET6, IPPROTO_IPV6,
 			CTL_CREATE, CTL_EOL);
 #endif
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "neighborgcthresh",
+		       SYSCTL_DESCR("Maximum number of entries in neighbor"
+			 " cache"),
+		       NULL, 1, &ip6_neighborgcthresh, 0,
+		       CTL_NET, PF_INET6, IPPROTO_IPV6,
+		       CTL_CREATE, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "maxifprefixes",
+		       SYSCTL_DESCR("Maximum number of prefixes created by"
+			   " route advertisement per interface"),
+		       NULL, 1, &ip6_maxifprefixes, 0,
+		       CTL_NET, PF_INET6, IPPROTO_IPV6,
+		       CTL_CREATE, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "maxifdefrouters",
+		       SYSCTL_DESCR("Maximum number of default routers created"
+			   " by route advertisement per interface"),
+		       NULL, 1, &ip6_maxifdefrouters, 0,
+		       CTL_NET, PF_INET6, IPPROTO_IPV6,
+		       CTL_CREATE, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+		       CTLTYPE_INT, "maxdynroutes",
+		       SYSCTL_DESCR("Maximum number of routes created via"
+			   " redirect"),
+		       NULL, 1, &ip6_maxdynroutes, 0,
+		       CTL_NET, PF_INET6, IPPROTO_IPV6,
+		       CTL_CREATE, CTL_EOL);
 }
 
 void