version 1.149.4.10, 2017/02/05 13:40:59 |
version 1.204.2.2, 2020/04/13 08:05:17 |
Line 69 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 69 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include "opt_inet.h" |
#include "opt_inet.h" |
#include "opt_inet6.h" |
#include "opt_inet6.h" |
#include "opt_ipsec.h" |
#include "opt_ipsec.h" |
#include "opt_compat_netbsd.h" |
|
#include "opt_net_mpsafe.h" |
#include "opt_net_mpsafe.h" |
#endif |
#endif |
|
|
#include <sys/param.h> |
#include <sys/param.h> |
#include <sys/systm.h> |
#include <sys/systm.h> |
#include <sys/malloc.h> |
|
#include <sys/mbuf.h> |
#include <sys/mbuf.h> |
#include <sys/domain.h> |
#include <sys/domain.h> |
#include <sys/protosw.h> |
#include <sys/protosw.h> |
Line 121 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 119 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <netipsec/key.h> |
#include <netipsec/key.h> |
#endif /* IPSEC */ |
#endif /* IPSEC */ |
|
|
#ifdef COMPAT_50 |
|
#include <compat/sys/time.h> |
|
#include <compat/sys/socket.h> |
|
#endif |
|
|
|
#include <netinet6/ip6protosw.h> |
#include <netinet6/ip6protosw.h> |
|
|
#include "faith.h" |
#include "faith.h" |
|
|
#include <net/net_osdep.h> |
|
|
|
extern struct domain inet6domain; |
extern struct domain inet6domain; |
|
|
u_char ip6_protox[IPPROTO_MAX]; |
u_char ip6_protox[IPPROTO_MAX]; |
pktqueue_t *ip6_pktq __read_mostly; |
pktqueue_t *ip6_pktq __read_mostly; |
|
|
int ip6_forward_srcrt; /* XXX */ |
|
int ip6_sourcecheck; /* XXX */ |
|
int ip6_sourcecheck_interval; /* XXX */ |
|
|
|
pfil_head_t *inet6_pfil_hook; |
pfil_head_t *inet6_pfil_hook; |
|
|
percpu_t *ip6stat_percpu; |
percpu_t *ip6stat_percpu; |
|
|
percpu_t *ip6_forward_rt_percpu __cacheline_aligned; |
percpu_t *ip6_forward_rt_percpu __cacheline_aligned; |
|
|
static void ip6_init2(void); |
|
static void ip6intr(void *); |
static void ip6intr(void *); |
|
static bool ip6_badaddr(struct ip6_hdr *); |
static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
|
|
static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, |
static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, |
u_int32_t *); |
u_int32_t *); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
|
|
|
|
frag6_init(); |
frag6_init(); |
ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; |
ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; |
|
|
ip6_init2(); |
in6_tmpaddrtimer_init(); |
#ifdef GATEWAY |
#ifdef GATEWAY |
ip6flow_init(ip6_hashsize); |
ip6flow_init(ip6_hashsize); |
#endif |
#endif |
|
|
KASSERT(inet6_pfil_hook != NULL); |
KASSERT(inet6_pfil_hook != NULL); |
|
|
ip6stat_percpu = percpu_alloc(sizeof(uint64_t) * IP6_NSTATS); |
ip6stat_percpu = percpu_alloc(sizeof(uint64_t) * IP6_NSTATS); |
|
ip6_forward_rt_percpu = rtcache_percpu_alloc(); |
ip6_forward_rt_percpu = percpu_alloc(sizeof(struct route)); |
|
if (ip6_forward_rt_percpu == NULL) |
|
panic("failed to alllocate ip6_forward_rt_percpu"); |
|
} |
|
|
|
static void |
|
ip6_init2(void) |
|
{ |
|
|
|
/* timer for regeneranation of temporary addresses randomize ID */ |
|
callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); |
|
callout_reset(&in6_tmpaddrtimer_ch, |
|
(ip6_temp_preferred_lifetime - ip6_desync_factor - |
|
ip6_temp_regen_advance) * hz, |
|
in6_tmpaddrtimer, NULL); |
|
} |
} |
|
|
/* |
/* |
Line 232 ip6intr(void *arg __unused) |
|
Line 204 ip6intr(void *arg __unused) |
|
{ |
{ |
struct mbuf *m; |
struct mbuf *m; |
|
|
#ifndef NET_MPSAFE |
SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE(); |
mutex_enter(softnet_lock); |
|
#endif |
|
while ((m = pktq_dequeue(ip6_pktq)) != NULL) { |
while ((m = pktq_dequeue(ip6_pktq)) != NULL) { |
struct psref psref; |
struct psref psref; |
struct ifnet *rcvif = m_get_rcvif_psref(m, &psref); |
struct ifnet *rcvif = m_get_rcvif_psref(m, &psref); |
Line 254 ip6intr(void *arg __unused) |
|
Line 224 ip6intr(void *arg __unused) |
|
ip6_input(m, rcvif); |
ip6_input(m, rcvif); |
m_put_rcvif_psref(rcvif, &psref); |
m_put_rcvif_psref(rcvif, &psref); |
} |
} |
#ifndef NET_MPSAFE |
SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); |
mutex_exit(softnet_lock); |
|
#endif |
|
} |
} |
|
|
void |
void |
Line 266 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 234 ip6_input(struct mbuf *m, struct ifnet * |
|
int hit, off = sizeof(struct ip6_hdr), nest; |
int hit, off = sizeof(struct ip6_hdr), nest; |
u_int32_t plen; |
u_int32_t plen; |
u_int32_t rtalert = ~0; |
u_int32_t rtalert = ~0; |
int nxt, ours = 0, rh_present = 0; |
int nxt, ours = 0, rh_present = 0, frg_present; |
struct ifnet *deliverifp = NULL; |
struct ifnet *deliverifp = NULL; |
int srcrt = 0; |
int srcrt = 0; |
struct rtentry *rt = NULL; |
struct rtentry *rt = NULL; |
Line 276 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 244 ip6_input(struct mbuf *m, struct ifnet * |
|
} u; |
} u; |
struct route *ro; |
struct route *ro; |
|
|
|
KASSERT(rcvif != NULL); |
|
|
/* |
/* |
* make sure we don't have onion peering information into m_tag. |
* make sure we don't have onion peering information into m_tag. |
*/ |
*/ |
Line 314 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 284 ip6_input(struct mbuf *m, struct ifnet * |
|
*/ |
*/ |
if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { |
if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { |
if ((m = m_copyup(m, sizeof(struct ip6_hdr), |
if ((m = m_copyup(m, sizeof(struct ip6_hdr), |
(max_linkhdr + 3) & ~3)) == NULL) { |
(max_linkhdr + 3) & ~3)) == NULL) { |
/* XXXJRT new stat, please */ |
/* XXXJRT new stat, please */ |
IP6_STATINC(IP6_STAT_TOOSMALL); |
IP6_STATINC(IP6_STAT_TOOSMALL); |
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
Line 336 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 306 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad; |
goto bad; |
} |
} |
|
|
|
if (ip6_badaddr(ip6)) { |
|
IP6_STATINC(IP6_STAT_BADSCOPE); |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
|
/* |
/* |
* Assume that we can create a fast-forward IP flow entry |
* Assume that we can create a fast-forward IP flow entry |
* based on this packet. |
* based on this packet. |
Line 348 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 324 ip6_input(struct mbuf *m, struct ifnet * |
|
* not fast-forwarded, they must clear the M_CANFASTFWD flag. |
* not fast-forwarded, they must clear the M_CANFASTFWD flag. |
* Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
* in the list may have previously cleared it. |
* in the list may have previously cleared it. |
*/ |
* |
/* |
* Don't call hooks if the packet has already been processed by |
* let ipfilter look at packet on the wire, |
* IPsec (encapsulated, tunnel mode). |
* not the decapsulated packet. |
|
*/ |
*/ |
#if defined(IPSEC) |
#if defined(IPSEC) |
if (!ipsec_used || !ipsec_indone(m)) |
if (!ipsec_used || !ipsec_skip_pfil(m)) |
#else |
#else |
if (1) |
if (1) |
#endif |
#endif |
{ |
{ |
struct in6_addr odst; |
struct in6_addr odst; |
|
int error; |
|
|
odst = ip6->ip6_dst; |
odst = ip6->ip6_dst; |
if (pfil_run_hooks(inet6_pfil_hook, &m, rcvif, PFIL_IN) != 0) |
error = pfil_run_hooks(inet6_pfil_hook, &m, rcvif, PFIL_IN); |
return; |
if (error != 0 || m == NULL) { |
if (m == NULL) |
IP6_STATINC(IP6_STAT_PFILDROP_IN); |
return; |
return; |
|
} |
|
if (m->m_len < sizeof(struct ip6_hdr)) { |
|
if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { |
|
IP6_STATINC(IP6_STAT_TOOSMALL); |
|
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
|
return; |
|
} |
|
} |
ip6 = mtod(m, struct ip6_hdr *); |
ip6 = mtod(m, struct ip6_hdr *); |
srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); |
srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); |
} |
} |
Line 385 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 369 ip6_input(struct mbuf *m, struct ifnet * |
|
#endif |
#endif |
|
|
/* |
/* |
* Check against address spoofing/corruption. |
|
*/ |
|
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || |
|
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { |
|
/* |
|
* XXX: "badscope" is not very suitable for a multicast source. |
|
*/ |
|
IP6_STATINC(IP6_STAT_BADSCOPE); |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
/* |
|
* The following check is not documented in specs. A malicious |
|
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
|
* and bypass security checks (act as if it was from 127.0.0.1 by using |
|
* IPv6 src ::ffff:127.0.0.1). Be cautious. |
|
* |
|
* This check chokes if we are in an SIIT cloud. As none of BSDs |
|
* support IPv4-less kernel compilation, we cannot support SIIT |
|
* environment at all. So, it makes more sense for us to reject any |
|
* malicious packets for non-SIIT environment, than try to do a |
|
* partial support for SIIT environment. |
|
*/ |
|
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
|
IP6_STATINC(IP6_STAT_BADSCOPE); |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
#if 0 |
|
/* |
|
* Reject packets with IPv4 compatible addresses (auto tunnel). |
|
* |
|
* The code forbids auto tunnel relay case in RFC1933 (the check is |
|
* stronger than RFC1933). We may want to re-enable it if mech-xx |
|
* is revised to forbid relaying case. |
|
*/ |
|
if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { |
|
IP6_STATINC(IP6_STAT_BADSCOPE); |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
#endif |
|
|
|
/* |
|
* Disambiguate address scope zones (if there is ambiguity). |
* Disambiguate address scope zones (if there is ambiguity). |
* We first make sure that the original source or destination address |
* We first make sure that the original source or destination address |
* is not in our internal form for scoped addresses. Such addresses |
* is not in our internal form for scoped addresses. Such addresses |
Line 454 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 392 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad; |
goto bad; |
} |
} |
|
|
ro = percpu_getref(ip6_forward_rt_percpu); |
ro = rtcache_percpu_getref(ip6_forward_rt_percpu); |
|
|
/* |
/* |
* Multicast check |
* Multicast check |
*/ |
*/ |
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { |
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { |
struct in6_multi *in6m = 0; |
bool ingroup; |
|
|
in6_ifstat_inc(rcvif, ifs6_in_mcast); |
in6_ifstat_inc(rcvif, ifs6_in_mcast); |
/* |
/* |
* See if we belong to the destination multicast group on the |
* See if we belong to the destination multicast group on the |
* arrival interface. |
* arrival interface. |
*/ |
*/ |
IN6_LOOKUP_MULTI(ip6->ip6_dst, rcvif, in6m); |
ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); |
if (in6m) |
if (ingroup) { |
ours = 1; |
ours = 1; |
else if (!ip6_mrouter) { |
} else if (!ip6_mrouter) { |
uint64_t *ip6s = IP6_STAT_GETREF(); |
uint64_t *ip6s = IP6_STAT_GETREF(); |
ip6s[IP6_STAT_NOTMEMBER]++; |
ip6s[IP6_STAT_NOTMEMBER]++; |
ip6s[IP6_STAT_CANTFORWARD]++; |
ip6s[IP6_STAT_CANTFORWARD]++; |
Line 484 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 423 ip6_input(struct mbuf *m, struct ifnet * |
|
sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); |
sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); |
|
|
/* |
/* |
* Unicast check |
* Unicast check |
*/ |
*/ |
rt = rtcache_lookup2(ro, &u.dst, 1, &hit); |
rt = rtcache_lookup2(ro, &u.dst, 1, &hit); |
if (hit) |
if (hit) |
Line 492 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 431 ip6_input(struct mbuf *m, struct ifnet * |
|
else |
else |
IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); |
IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); |
|
|
#define rt6_getkey(__rt) satocsin6(rt_getkey(__rt)) |
|
|
|
/* |
/* |
* Accept the packet if the forwarding interface to the destination |
* Accept the packet if the forwarding interface to the destination |
* according to the routing table is the loopback interface, |
* (according to the routing table) is the loopback interface, |
* unless the associated route has a gateway. |
* unless the associated route has a gateway. |
|
* |
|
* We don't explicitly match ip6_dst against an interface here. It |
|
* is already done in rtcache_lookup2: rt->rt_ifp->if_type will be |
|
* IFT_LOOP if the packet is for us. |
|
* |
* Note that this approach causes to accept a packet if there is a |
* Note that this approach causes to accept a packet if there is a |
* route to the loopback interface for the destination of the packet. |
* route to the loopback interface for the destination of the packet. |
* But we think it's even useful in some situations, e.g. when using |
* But we think it's even useful in some situations, e.g. when using |
Line 505 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 447 ip6_input(struct mbuf *m, struct ifnet * |
|
*/ |
*/ |
if (rt != NULL && |
if (rt != NULL && |
(rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && |
(rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && |
#if 0 |
|
/* |
|
* The check below is redundant since the comparison of |
|
* the destination and the key of the rtentry has |
|
* already done through looking up the routing table. |
|
*/ |
|
IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) && |
|
#endif |
|
rt->rt_ifp->if_type == IFT_LOOP) { |
rt->rt_ifp->if_type == IFT_LOOP) { |
struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; |
struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; |
|
int addrok; |
|
|
if (ia6->ia6_flags & IN6_IFF_ANYCAST) |
if (ia6->ia6_flags & IN6_IFF_ANYCAST) |
m->m_flags |= M_ANYCAST6; |
m->m_flags |= M_ANYCAST6; |
/* |
/* |
* packets to a tentative, duplicated, or somehow invalid |
* packets to a tentative, duplicated, or somehow invalid |
* address must not be accepted. |
* address must not be accepted. |
*/ |
*/ |
if (!(ia6->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_DETACHED))) { |
if (ia6->ia6_flags & IN6_IFF_NOTREADY) |
|
addrok = 0; |
|
else if (ia6->ia6_flags & IN6_IFF_DETACHED && |
|
!IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) |
|
{ |
|
/* Allow internal traffic to DETACHED addresses */ |
|
struct sockaddr_in6 sin6; |
|
int s; |
|
|
|
memset(&sin6, 0, sizeof(sin6)); |
|
sin6.sin6_family = AF_INET6; |
|
sin6.sin6_len = sizeof(sin6); |
|
sin6.sin6_addr = ip6->ip6_src; |
|
s = pserialize_read_enter(); |
|
addrok = (ifa_ifwithaddr(sin6tosa(&sin6)) != NULL); |
|
pserialize_read_exit(s); |
|
} else |
|
addrok = 1; |
|
if (addrok) { |
/* this address is ready */ |
/* this address is ready */ |
ours = 1; |
ours = 1; |
deliverifp = ia6->ia_ifp; /* correct? */ |
deliverifp = ia6->ia_ifp; /* correct? */ |
Line 553 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 507 ip6_input(struct mbuf *m, struct ifnet * |
|
} |
} |
#endif |
#endif |
|
|
#if 0 |
|
{ |
|
/* |
|
* Last resort: check in6_ifaddr for incoming interface. |
|
* The code is here until I update the "goto ours hack" code above |
|
* working right. |
|
*/ |
|
struct ifaddr *ifa; |
|
IFADDR_READER_FOREACH(ifa, rcvif) { |
|
if (ifa->ifa_addr->sa_family != AF_INET6) |
|
continue; |
|
if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { |
|
ours = 1; |
|
deliverifp = ifa->ifa_ifp; |
|
goto hbhcheck; |
|
} |
|
} |
|
} |
|
#endif |
|
|
|
/* |
/* |
* Now there is no reason to process the packet if it's not our own |
* Now there is no reason to process the packet if it's not our own |
* and we're not a router. |
* and we're not a router. |
Line 583 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 517 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad_unref; |
goto bad_unref; |
} |
} |
|
|
hbhcheck: |
hbhcheck: |
/* |
/* |
* record address information into m_tag, if we don't have one yet. |
* Record address information into m_tag, if we don't have one yet. |
* note that we are unable to record it, if the address is not listed |
* Note that we are unable to record it, if the address is not listed |
* as our interface address (e.g. multicast addresses, addresses |
* as our interface address (e.g. multicast addresses, addresses |
* within FAITH prefixes and such). |
* within FAITH prefixes and such). |
*/ |
*/ |
Line 616 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 550 ip6_input(struct mbuf *m, struct ifnet * |
|
struct ip6_hbh *hbh; |
struct ip6_hbh *hbh; |
|
|
if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { |
if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { |
#if 0 /*touches NULL pointer*/ |
/* m already freed */ |
in6_ifstat_inc(rcvif, ifs6_in_discard); |
in6_ifstat_inc(rcvif, ifs6_in_discard); |
#endif |
|
rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
return; /* m have already been freed */ |
return; |
} |
} |
|
|
/* adjust pointer */ |
/* adjust pointer */ |
Line 645 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 578 ip6_input(struct mbuf *m, struct ifnet * |
|
ICMP6_PARAMPROB_HEADER, |
ICMP6_PARAMPROB_HEADER, |
(char *)&ip6->ip6_plen - (char *)ip6); |
(char *)&ip6->ip6_plen - (char *)ip6); |
rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
return; |
return; |
} |
} |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
Line 653 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 586 ip6_input(struct mbuf *m, struct ifnet * |
|
if (hbh == NULL) { |
if (hbh == NULL) { |
IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
return; |
return; |
} |
} |
KASSERT(IP6_HDR_ALIGNED_P(hbh)); |
KASSERT(IP6_HDR_ALIGNED_P(hbh)); |
Line 669 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 602 ip6_input(struct mbuf *m, struct ifnet * |
|
nxt = ip6->ip6_nxt; |
nxt = ip6->ip6_nxt; |
|
|
/* |
/* |
* Check that the amount of data in the buffers |
* Check that the amount of data in the buffers is at least much as |
* is as at least much as the IPv6 header would have us expect. |
* the IPv6 header would have us expect. Trim mbufs if longer than we |
* Trim mbufs if longer than we expect. |
* expect. Drop packet if shorter than we expect. |
* Drop packet if shorter than we expect. |
|
*/ |
*/ |
if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { |
if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { |
IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
Line 708 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 640 ip6_input(struct mbuf *m, struct ifnet * |
|
|
|
if (error != 0) { |
if (error != 0) { |
rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
IP6_STATINC(IP6_STAT_CANTFORWARD); |
IP6_STATINC(IP6_STAT_CANTFORWARD); |
goto bad; |
goto bad; |
} |
} |
Line 717 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 649 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad_unref; |
goto bad_unref; |
} else if (!ours) { |
} else if (!ours) { |
rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
ip6_forward(m, srcrt); |
ip6_forward(m, srcrt); |
return; |
return; |
} |
} |
Line 740 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 672 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad_unref; |
goto bad_unref; |
} |
} |
|
|
/* |
|
* Tell launch routine the next header |
|
*/ |
|
#ifdef IFA_STATS |
#ifdef IFA_STATS |
if (deliverifp != NULL) { |
if (deliverifp != NULL) { |
struct in6_ifaddr *ia6; |
struct in6_ifaddr *ia6; |
Line 761 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 690 ip6_input(struct mbuf *m, struct ifnet * |
|
rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
rt = NULL; |
rt = NULL; |
} |
} |
percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
|
|
rh_present = 0; |
rh_present = 0; |
|
frg_present = 0; |
while (nxt != IPPROTO_DONE) { |
while (nxt != IPPROTO_DONE) { |
if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { |
if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { |
IP6_STATINC(IP6_STAT_TOOMANYHDR); |
IP6_STATINC(IP6_STAT_TOOMANYHDR); |
Line 771 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 701 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad; |
goto bad; |
} |
} |
|
|
|
M_VERIFY_PACKET(m); |
|
|
/* |
/* |
* protection against faulty packet - there should be |
* protection against faulty packet - there should be |
* more sanity checks in header chain processing. |
* more sanity checks in header chain processing. |
Line 787 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 719 ip6_input(struct mbuf *m, struct ifnet * |
|
IP6_STATINC(IP6_STAT_BADOPTIONS); |
IP6_STATINC(IP6_STAT_BADOPTIONS); |
goto bad; |
goto bad; |
} |
} |
|
} else if (nxt == IPPROTO_FRAGMENT) { |
|
if (frg_present++) { |
|
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
|
IP6_STATINC(IP6_STAT_BADOPTIONS); |
|
goto bad; |
|
} |
} |
} |
|
|
#ifdef IPSEC |
#ifdef IPSEC |
if (ipsec_used) { |
if (ipsec_used) { |
/* |
/* |
* enforce IPsec policy checking if we are seeing last |
* Enforce IPsec policy checking if we are seeing last |
* header. note that we do not visit this with |
* header. Note that we do not visit this with |
* protocols with pcb layer code - like udp/tcp/raw ip. |
* protocols with pcb layer code - like udp/tcp/raw ip. |
*/ |
*/ |
if ((inet6sw[ip_protox[nxt]].pr_flags |
if ((inet6sw[ip6_protox[nxt]].pr_flags |
& PR_LASTHDR) != 0) { |
& PR_LASTHDR) != 0) { |
int error; |
int error; |
|
|
SOFTNET_LOCK(); |
error = ipsec_ip_input(m, false); |
error = ipsec6_input(m); |
|
SOFTNET_UNLOCK(); |
|
if (error) |
if (error) |
goto bad; |
goto bad; |
} |
} |
} |
} |
#endif /* IPSEC */ |
#endif |
|
|
SOFTNET_LOCK(); |
|
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
SOFTNET_UNLOCK(); |
|
} |
} |
return; |
return; |
|
|
bad_unref: |
bad_unref: |
rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
bad: |
bad: |
m_freem(m); |
m_freem(m); |
return; |
return; |
} |
} |
|
|
|
static bool |
|
ip6_badaddr(struct ip6_hdr *ip6) |
|
{ |
|
/* Check against address spoofing/corruption. */ |
|
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || |
|
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { |
|
return true; |
|
} |
|
|
|
/* |
|
* The following check is not documented in specs. A malicious |
|
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
|
* and bypass security checks (act as if it was from 127.0.0.1 by using |
|
* IPv6 src ::ffff:127.0.0.1). Be cautious. |
|
* |
|
* This check chokes if we are in an SIIT cloud. As none of BSDs |
|
* support IPv4-less kernel compilation, we cannot support SIIT |
|
* environment at all. So, it makes more sense for us to reject any |
|
* malicious packets for non-SIIT environment, than try to do a |
|
* partial support for SIIT environment. |
|
*/ |
|
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
|
return true; |
|
} |
|
|
|
/* |
|
* Reject packets with IPv4-compatible IPv6 addresses (RFC4291). |
|
*/ |
|
if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { |
|
return true; |
|
} |
|
|
|
return false; |
|
} |
|
|
/* |
/* |
* set/grab in6_ifaddr correspond to IPv6 destination address. |
* set/grab in6_ifaddr correspond to IPv6 destination address. |
*/ |
*/ |
Line 866 ip6_getdstifaddr(struct mbuf *m) |
|
Line 837 ip6_getdstifaddr(struct mbuf *m) |
|
* rtalertp - XXX: should be stored more smart way |
* rtalertp - XXX: should be stored more smart way |
*/ |
*/ |
int |
int |
ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, |
ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, |
struct mbuf **mp, int *offp) |
struct mbuf **mp, int *offp) |
{ |
{ |
struct mbuf *m = *mp; |
struct mbuf *m = *mp; |
Line 875 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
Line 846 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
|
|
/* validation of the length of the header */ |
/* validation of the length of the header */ |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, |
sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); |
sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); |
if (hbh == NULL) { |
if (hbh == NULL) { |
IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
return -1; |
return -1; |
} |
} |
hbhlen = (hbh->ip6h_len + 1) << 3; |
hbhlen = (hbh->ip6h_len + 1) << 3; |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
hbhlen); |
hbhlen); |
if (hbh == NULL) { |
if (hbh == NULL) { |
IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
return -1; |
return -1; |
Line 892 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
Line 863 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
hbhlen -= sizeof(struct ip6_hbh); |
hbhlen -= sizeof(struct ip6_hbh); |
|
|
if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), |
if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), |
hbhlen, rtalertp, plenp) < 0) |
hbhlen, rtalertp, plenp) < 0) |
return (-1); |
return -1; |
|
|
*offp = off; |
*offp = off; |
*mp = m; |
*mp = m; |
return (0); |
return 0; |
} |
} |
|
|
/* |
/* |
Line 911 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
Line 882 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
* opthead + hbhlen is located in continuous memory region. |
* opthead + hbhlen is located in continuous memory region. |
*/ |
*/ |
static int |
static int |
ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, |
ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, |
u_int32_t *rtalertp, u_int32_t *plenp) |
u_int32_t *rtalertp, u_int32_t *plenp) |
{ |
{ |
struct ip6_hdr *ip6; |
struct ip6_hdr *ip6; |
Line 980 ip6_process_hopopts(struct mbuf *m, u_in |
|
Line 951 ip6_process_hopopts(struct mbuf *m, u_in |
|
|
|
/* |
/* |
* We may see jumbolen in unaligned location, so |
* We may see jumbolen in unaligned location, so |
* we'd need to perform bcopy(). |
* we'd need to perform memcpy(). |
*/ |
*/ |
memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); |
memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); |
jumboplen = (u_int32_t)htonl(jumboplen); |
jumboplen = (u_int32_t)htonl(jumboplen); |
Line 1074 ip6_unknown_opt(u_int8_t *optp, struct m |
|
Line 1045 ip6_unknown_opt(u_int8_t *optp, struct m |
|
return (-1); |
return (-1); |
} |
} |
|
|
/* |
|
* Create the "control" list for this pcb. |
|
* |
|
* The routine will be called from upper layer handlers like tcp6_input(). |
|
* Thus the routine assumes that the caller (tcp6_input) have already |
|
* called IP6_EXTHDR_CHECK() and all the extension headers are located in the |
|
* very first mbuf on the mbuf chain. |
|
* We may want to add some infinite loop prevention or sanity checks for safety. |
|
* (This applies only when you are using KAME mbuf chain restriction, i.e. |
|
* you are using IP6_EXTHDR_CHECK() not m_pulldown()) |
|
*/ |
|
void |
void |
ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, |
ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, |
struct ip6_hdr *ip6, struct mbuf *m) |
struct ip6_hdr *ip6, struct mbuf *m) |
{ |
{ |
|
struct socket *so = in6p->in6p_socket; |
#ifdef RFC2292 |
#ifdef RFC2292 |
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
#else |
#else |
#define IS2292(x, y) (y) |
#define IS2292(x, y) (y) |
#endif |
#endif |
|
|
if (in6p->in6p_socket->so_options & SO_TIMESTAMP |
KASSERT(m->m_flags & M_PKTHDR); |
#ifdef SO_OTIMESTAMP |
|
|| in6p->in6p_socket->so_options & SO_OTIMESTAMP |
|
#endif |
|
) { |
|
struct timeval tv; |
|
|
|
microtime(&tv); |
if (SOOPT_TIMESTAMP(so->so_options)) |
#ifdef SO_OTIMESTAMP |
mp = sbsavetimestamp(so->so_options, mp); |
if (in6p->in6p_socket->so_options & SO_OTIMESTAMP) { |
|
struct timeval50 tv50; |
|
timeval_to_timeval50(&tv, &tv50); |
|
*mp = sbcreatecontrol((void *) &tv50, sizeof(tv50), |
|
SCM_OTIMESTAMP, SOL_SOCKET); |
|
} else |
|
#endif |
|
*mp = sbcreatecontrol((void *) &tv, sizeof(tv), |
|
SCM_TIMESTAMP, SOL_SOCKET); |
|
if (*mp) |
|
mp = &(*mp)->m_next; |
|
} |
|
|
|
/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ |
/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ |
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) |
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) |
Line 1128 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1072 ip6_savecontrol(struct in6pcb *in6p, str |
|
memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr)); |
memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr)); |
in6_clearscope(&pi6.ipi6_addr); /* XXX */ |
in6_clearscope(&pi6.ipi6_addr); /* XXX */ |
pi6.ipi6_ifindex = m->m_pkthdr.rcvif_index; |
pi6.ipi6_ifindex = m->m_pkthdr.rcvif_index; |
*mp = sbcreatecontrol((void *) &pi6, |
*mp = sbcreatecontrol(&pi6, sizeof(pi6), |
sizeof(struct in6_pktinfo), |
|
IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); |
IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); |
if (*mp) |
if (*mp) |
mp = &(*mp)->m_next; |
mp = &(*mp)->m_next; |
Line 1138 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1081 ip6_savecontrol(struct in6pcb *in6p, str |
|
if (in6p->in6p_flags & IN6P_HOPLIMIT) { |
if (in6p->in6p_flags & IN6P_HOPLIMIT) { |
int hlim = ip6->ip6_hlim & 0xff; |
int hlim = ip6->ip6_hlim & 0xff; |
|
|
*mp = sbcreatecontrol((void *) &hlim, sizeof(int), |
*mp = sbcreatecontrol(&hlim, sizeof(hlim), |
IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); |
IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); |
if (*mp) |
if (*mp) |
mp = &(*mp)->m_next; |
mp = &(*mp)->m_next; |
Line 1152 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1095 ip6_savecontrol(struct in6pcb *in6p, str |
|
flowinfo >>= 20; |
flowinfo >>= 20; |
|
|
tclass = flowinfo & 0xff; |
tclass = flowinfo & 0xff; |
*mp = sbcreatecontrol((void *)&tclass, sizeof(tclass), |
*mp = sbcreatecontrol(&tclass, sizeof(tclass), |
IPV6_TCLASS, IPPROTO_IPV6); |
IPV6_TCLASS, IPPROTO_IPV6); |
|
|
if (*mp) |
if (*mp) |
Line 1200 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1143 ip6_savecontrol(struct in6pcb *in6p, str |
|
* be removed before returning in the RFC 2292. |
* be removed before returning in the RFC 2292. |
* Note: this constraint is removed in RFC3542. |
* Note: this constraint is removed in RFC3542. |
*/ |
*/ |
*mp = sbcreatecontrol((void *)hbh, hbhlen, |
*mp = sbcreatecontrol(hbh, hbhlen, |
IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), |
IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), |
IPPROTO_IPV6); |
IPPROTO_IPV6); |
if (*mp) |
if (*mp) |
Line 1262 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1205 ip6_savecontrol(struct in6pcb *in6p, str |
|
if (!(in6p->in6p_flags & IN6P_DSTOPTS)) |
if (!(in6p->in6p_flags & IN6P_DSTOPTS)) |
break; |
break; |
|
|
*mp = sbcreatecontrol((void *)ip6e, elen, |
*mp = sbcreatecontrol(ip6e, elen, |
IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), |
IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), |
IPPROTO_IPV6); |
IPPROTO_IPV6); |
if (*mp) |
if (*mp) |
Line 1273 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1216 ip6_savecontrol(struct in6pcb *in6p, str |
|
if (!(in6p->in6p_flags & IN6P_RTHDR)) |
if (!(in6p->in6p_flags & IN6P_RTHDR)) |
break; |
break; |
|
|
*mp = sbcreatecontrol((void *)ip6e, elen, |
*mp = sbcreatecontrol(ip6e, elen, |
IS2292(IPV6_2292RTHDR, IPV6_RTHDR), |
IS2292(IPV6_2292RTHDR, IPV6_RTHDR), |
IPPROTO_IPV6); |
IPPROTO_IPV6); |
if (*mp) |
if (*mp) |
Line 1323 ip6_notify_pmtu(struct in6pcb *in6p, con |
|
Line 1266 ip6_notify_pmtu(struct in6pcb *in6p, con |
|
if (mtu == NULL) |
if (mtu == NULL) |
return; |
return; |
|
|
#ifdef DIAGNOSTIC |
KASSERT(so != NULL); |
if (so == NULL) /* I believe this is impossible */ |
|
panic("ip6_notify_pmtu: socket is NULL"); |
|
#endif |
|
|
|
memset(&mtuctl, 0, sizeof(mtuctl)); /* zero-clear for safety */ |
memset(&mtuctl, 0, sizeof(mtuctl)); /* zero-clear for safety */ |
mtuctl.ip6m_mtu = *mtu; |
mtuctl.ip6m_mtu = *mtu; |
Line 1334 ip6_notify_pmtu(struct in6pcb *in6p, con |
|
Line 1274 ip6_notify_pmtu(struct in6pcb *in6p, con |
|
if (sa6_recoverscope(&mtuctl.ip6m_addr)) |
if (sa6_recoverscope(&mtuctl.ip6m_addr)) |
return; |
return; |
|
|
if ((m_mtu = sbcreatecontrol((void *)&mtuctl, sizeof(mtuctl), |
if ((m_mtu = sbcreatecontrol(&mtuctl, sizeof(mtuctl), |
IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) |
IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) |
return; |
return; |
|
|
if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) |
if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) |
== 0) { |
== 0) { |
|
soroverflow(so); |
m_freem(m_mtu); |
m_freem(m_mtu); |
/* XXX: should count statistics */ |
|
} else |
} else |
sorwakeup(so); |
sorwakeup(so); |
|
|
Line 1359 ip6_pullexthdr(struct mbuf *m, size_t of |
|
Line 1299 ip6_pullexthdr(struct mbuf *m, size_t of |
|
size_t elen; |
size_t elen; |
struct mbuf *n; |
struct mbuf *n; |
|
|
#ifdef DIAGNOSTIC |
if (off + sizeof(ip6e) > m->m_pkthdr.len) |
switch (nxt) { |
return NULL; |
case IPPROTO_DSTOPTS: |
|
case IPPROTO_ROUTING: |
|
case IPPROTO_HOPOPTS: |
|
case IPPROTO_AH: /* is it possible? */ |
|
break; |
|
default: |
|
printf("ip6_pullexthdr: invalid nxt=%d\n", nxt); |
|
} |
|
#endif |
|
|
|
m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); |
m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); |
if (nxt == IPPROTO_AH) |
if (nxt == IPPROTO_AH) |
Line 1377 ip6_pullexthdr(struct mbuf *m, size_t of |
|
Line 1308 ip6_pullexthdr(struct mbuf *m, size_t of |
|
else |
else |
elen = (ip6e.ip6e_len + 1) << 3; |
elen = (ip6e.ip6e_len + 1) << 3; |
|
|
|
if (off + elen > m->m_pkthdr.len) |
|
return NULL; |
|
|
MGET(n, M_DONTWAIT, MT_DATA); |
MGET(n, M_DONTWAIT, MT_DATA); |
if (n && elen >= MLEN) { |
if (n && elen >= MLEN) { |
MCLGET(n, M_DONTWAIT); |
MCLGET(n, M_DONTWAIT); |
Line 1400 ip6_pullexthdr(struct mbuf *m, size_t of |
|
Line 1334 ip6_pullexthdr(struct mbuf *m, size_t of |
|
} |
} |
|
|
/* |
/* |
* Get pointer to the previous header followed by the header |
* Get offset to the previous header followed by the header |
* currently processed. |
* currently processed. |
* XXX: This function supposes that |
|
* M includes all headers, |
|
* the next header field and the header length field of each header |
|
* are valid, and |
|
* the sum of each header length equals to OFF. |
|
* Because of these assumptions, this function must be called very |
|
* carefully. Moreover, it will not be used in the near future when |
|
* we develop `neater' mechanism to process extension headers. |
|
*/ |
*/ |
u_int8_t * |
int |
ip6_get_prevhdr(struct mbuf *m, int off) |
ip6_get_prevhdr(struct mbuf *m, int off) |
{ |
{ |
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); |
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); |
|
|
if (off == sizeof(struct ip6_hdr)) |
if (off == sizeof(struct ip6_hdr)) { |
return (&ip6->ip6_nxt); |
return offsetof(struct ip6_hdr, ip6_nxt); |
else { |
} else if (off < sizeof(struct ip6_hdr)) { |
int len, nxt; |
panic("%s: off < sizeof(struct ip6_hdr)", __func__); |
struct ip6_ext *ip6e = NULL; |
} else { |
|
int len, nlen, nxt; |
|
struct ip6_ext ip6e; |
|
|
nxt = ip6->ip6_nxt; |
nxt = ip6->ip6_nxt; |
len = sizeof(struct ip6_hdr); |
len = sizeof(struct ip6_hdr); |
|
nlen = 0; |
while (len < off) { |
while (len < off) { |
ip6e = (struct ip6_ext *)(mtod(m, char *) + len); |
m_copydata(m, len, sizeof(ip6e), &ip6e); |
|
|
switch (nxt) { |
switch (nxt) { |
case IPPROTO_FRAGMENT: |
case IPPROTO_FRAGMENT: |
len += sizeof(struct ip6_frag); |
nlen = sizeof(struct ip6_frag); |
break; |
break; |
case IPPROTO_AH: |
case IPPROTO_AH: |
len += (ip6e->ip6e_len + 2) << 2; |
nlen = (ip6e.ip6e_len + 2) << 2; |
break; |
break; |
default: |
default: |
len += (ip6e->ip6e_len + 1) << 3; |
nlen = (ip6e.ip6e_len + 1) << 3; |
break; |
break; |
} |
} |
nxt = ip6e->ip6e_nxt; |
len += nlen; |
|
nxt = ip6e.ip6e_nxt; |
} |
} |
if (ip6e) |
|
return (&ip6e->ip6e_nxt); |
return (len - nlen); |
else |
|
return NULL; |
|
} |
} |
} |
} |
|
|
Line 1459 ip6_nexthdr(struct mbuf *m, int off, int |
|
Line 1387 ip6_nexthdr(struct mbuf *m, int off, int |
|
|
|
/* just in case */ |
/* just in case */ |
if (m == NULL) |
if (m == NULL) |
panic("ip6_nexthdr: m == NULL"); |
panic("%s: m == NULL", __func__); |
if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) |
if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) |
return -1; |
return -1; |
|
|
Line 1558 ip6_addaux(struct mbuf *m) |
|
Line 1486 ip6_addaux(struct mbuf *m) |
|
{ |
{ |
struct m_tag *mtag; |
struct m_tag *mtag; |
|
|
mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); |
mtag = m_tag_find(m, PACKET_TAG_INET6); |
if (!mtag) { |
if (!mtag) { |
mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), |
mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), |
M_NOWAIT); |
M_NOWAIT); |
Line 1575 ip6_findaux(struct mbuf *m) |
|
Line 1503 ip6_findaux(struct mbuf *m) |
|
{ |
{ |
struct m_tag *mtag; |
struct m_tag *mtag; |
|
|
mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); |
mtag = m_tag_find(m, PACKET_TAG_INET6); |
return mtag; |
return mtag; |
} |
} |
|
|
Line 1584 ip6_delaux(struct mbuf *m) |
|
Line 1512 ip6_delaux(struct mbuf *m) |
|
{ |
{ |
struct m_tag *mtag; |
struct m_tag *mtag; |
|
|
mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); |
mtag = m_tag_find(m, PACKET_TAG_INET6); |
if (mtag) |
if (mtag) |
m_tag_delete(m, mtag); |
m_tag_delete(m, mtag); |
} |
} |
Line 1611 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
Line 1539 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); |
return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); |
} |
} |
|
|
|
static int |
|
sysctl_net_inet6_ip6_temppltime(SYSCTLFN_ARGS) |
|
{ |
|
int error; |
|
uint32_t pltime; |
|
struct sysctlnode node; |
|
|
|
node = *rnode; |
|
node.sysctl_data = &pltime; |
|
pltime = ip6_temp_preferred_lifetime; |
|
error = sysctl_lookup(SYSCTLFN_CALL(&node)); |
|
if (error || newp == NULL) |
|
return error; |
|
|
|
if (pltime <= (MAX_TEMP_DESYNC_FACTOR + TEMPADDR_REGEN_ADVANCE)) |
|
return EINVAL; |
|
|
|
ip6_temp_preferred_lifetime = pltime; |
|
|
|
in6_tmpaddrtimer_schedule(); |
|
|
|
return 0; |
|
} |
|
|
static void |
static void |
sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
{ |
{ |
#ifdef RFC2292 |
|
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
|
#else |
|
#define IS2292(x, y) (y) |
|
#endif |
|
|
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT, |
CTLFLAG_PERMANENT, |
Line 1654 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1601 sysctl_net_inet6_ip6_setup(struct sysctl |
|
NULL, 0, &ip6_defhlim, 0, |
NULL, 0, &ip6_defhlim, 0, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
IPV6CTL_DEFHLIM, CTL_EOL); |
IPV6CTL_DEFHLIM, CTL_EOL); |
#ifdef notyet |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "mtu", NULL, |
|
NULL, 0, &, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_DEFMTU, CTL_EOL); |
|
#endif |
|
#ifdef __no_idea__ |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "forwsrcrt", NULL, |
|
NULL, 0, &?, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_FORWSRCRT, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_STRUCT, "mrtstats", NULL, |
|
NULL, 0, &?, sizeof(?), |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_MRTSTATS, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_?, "mrtproto", NULL, |
|
NULL, 0, &?, sizeof(?), |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_MRTPROTO, CTL_EOL); |
|
#endif |
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "maxfragpackets", |
CTLTYPE_INT, "maxfragpackets", |
Line 1690 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1609 sysctl_net_inet6_ip6_setup(struct sysctl |
|
NULL, 0, &ip6_maxfragpackets, 0, |
NULL, 0, &ip6_maxfragpackets, 0, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
IPV6CTL_MAXFRAGPACKETS, CTL_EOL); |
IPV6CTL_MAXFRAGPACKETS, CTL_EOL); |
#ifdef __no_idea__ |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "sourcecheck", NULL, |
|
NULL, 0, &?, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_SOURCECHECK, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "sourcecheck_logint", NULL, |
|
NULL, 0, &?, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL); |
|
#endif |
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "accept_rtadv", |
CTLTYPE_INT, "accept_rtadv", |
Line 1735 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1640 sysctl_net_inet6_ip6_setup(struct sysctl |
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "log_interval", |
CTLTYPE_INT, "log_interval", |
SYSCTL_DESCR("Minumum interval between logging " |
SYSCTL_DESCR("Minimum interval between logging " |
"unroutable packets"), |
"unroutable packets"), |
NULL, 0, &ip6_log_interval, 0, |
NULL, 0, &ip6_log_interval, 0, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
Line 1869 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1774 sysctl_net_inet6_ip6_setup(struct sysctl |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "temppltime", |
CTLTYPE_INT, "temppltime", |
SYSCTL_DESCR("preferred lifetime of a temporary address"), |
SYSCTL_DESCR("preferred lifetime of a temporary address"), |
NULL, 0, &ip6_temp_preferred_lifetime, 0, |
sysctl_net_inet6_ip6_temppltime, 0, NULL, 0, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_CREATE, CTL_EOL); |
CTL_CREATE, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |