| version 1.149.4.11, 2017/08/28 17:53:12 |
version 1.218, 2020/07/27 14:06:58 |
| Line 123 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| Line 123 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| |
|
| #include "faith.h" |
#include "faith.h" |
| |
|
| #include <net/net_osdep.h> |
|
| |
|
| extern struct domain inet6domain; |
extern struct domain inet6domain; |
| |
|
| u_char ip6_protox[IPPROTO_MAX]; |
u_char ip6_protox[IPPROTO_MAX]; |
| pktqueue_t *ip6_pktq __read_mostly; |
pktqueue_t *ip6_pktq __read_mostly; |
| |
|
| int ip6_forward_srcrt; /* XXX */ |
|
| int ip6_sourcecheck; /* XXX */ |
|
| int ip6_sourcecheck_interval; /* XXX */ |
|
| |
|
| pfil_head_t *inet6_pfil_hook; |
pfil_head_t *inet6_pfil_hook; |
| |
|
| percpu_t *ip6stat_percpu; |
percpu_t *ip6stat_percpu; |
| |
|
| percpu_t *ip6_forward_rt_percpu __cacheline_aligned; |
percpu_t *ip6_forward_rt_percpu __cacheline_aligned; |
| |
|
| static void ip6_init2(void); |
|
| static void ip6intr(void *); |
static void ip6intr(void *); |
| |
static void ip6_input(struct mbuf *, struct ifnet *); |
| |
static bool ip6_badaddr(struct ip6_hdr *); |
| static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
| |
|
| |
static struct m_tag *ip6_addaux(struct mbuf *); |
| |
static struct m_tag *ip6_findaux(struct mbuf *); |
| |
static void ip6_delaux(struct mbuf *); |
| |
|
| static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, |
static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, |
| u_int32_t *); |
u_int32_t *); |
| static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
| static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
| |
|
| Line 157 static void sysctl_net_inet6_ip6_setup(s |
|
| Line 156 static void sysctl_net_inet6_ip6_setup(s |
|
| #define SOFTNET_UNLOCK() KASSERT(mutex_owned(softnet_lock)) |
#define SOFTNET_UNLOCK() KASSERT(mutex_owned(softnet_lock)) |
| #endif |
#endif |
| |
|
| |
/* Ensure that non packed structures are the desired size. */ |
| |
__CTASSERT(sizeof(struct ip6_hdr) == 40); |
| |
__CTASSERT(sizeof(struct ip6_ext) == 2); |
| |
__CTASSERT(sizeof(struct ip6_hbh) == 2); |
| |
__CTASSERT(sizeof(struct ip6_dest) == 2); |
| |
__CTASSERT(sizeof(struct ip6_opt) == 2); |
| |
__CTASSERT(sizeof(struct ip6_opt_jumbo) == 6); |
| |
__CTASSERT(sizeof(struct ip6_opt_nsap) == 4); |
| |
__CTASSERT(sizeof(struct ip6_opt_tunnel) == 3); |
| |
__CTASSERT(sizeof(struct ip6_opt_router) == 4); |
| |
__CTASSERT(sizeof(struct ip6_rthdr) == 4); |
| |
__CTASSERT(sizeof(struct ip6_rthdr0) == 8); |
| |
__CTASSERT(sizeof(struct ip6_frag) == 8); |
| |
|
| /* |
/* |
| * IP6 initialization: fill in IP6 protocol switch table. |
* IP6 initialization: fill in IP6 protocol switch table. |
| * All protocols not implemented in kernel go to raw IP6 protocol handler. |
* All protocols not implemented in kernel go to raw IP6 protocol handler. |
|
|
| addrsel_policy_init(); |
addrsel_policy_init(); |
| nd6_init(); |
nd6_init(); |
| frag6_init(); |
frag6_init(); |
| ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; |
|
| |
|
| ip6_init2(); |
|
| #ifdef GATEWAY |
#ifdef GATEWAY |
| ip6flow_init(ip6_hashsize); |
ip6flow_init(ip6_hashsize); |
| #endif |
#endif |
|
|
| KASSERT(inet6_pfil_hook != NULL); |
KASSERT(inet6_pfil_hook != NULL); |
| |
|
| ip6stat_percpu = percpu_alloc(sizeof(uint64_t) * IP6_NSTATS); |
ip6stat_percpu = percpu_alloc(sizeof(uint64_t) * IP6_NSTATS); |
| ip6_forward_rt_percpu = percpu_alloc(sizeof(struct route)); |
ip6_forward_rt_percpu = rtcache_percpu_alloc(); |
| } |
|
| |
|
| static void |
|
| ip6_init2(void) |
|
| { |
|
| |
|
| /* timer for regeneranation of temporary addresses randomize ID */ |
|
| callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); |
|
| callout_reset(&in6_tmpaddrtimer_ch, |
|
| (ip6_temp_preferred_lifetime - ip6_desync_factor - |
|
| ip6_temp_regen_advance) * hz, |
|
| in6_tmpaddrtimer, NULL); |
|
| } |
} |
| |
|
| /* |
/* |
| Line 222 ip6intr(void *arg __unused) |
|
| Line 221 ip6intr(void *arg __unused) |
|
| { |
{ |
| struct mbuf *m; |
struct mbuf *m; |
| |
|
| #ifndef NET_MPSAFE |
SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE(); |
| mutex_enter(softnet_lock); |
|
| #endif |
|
| while ((m = pktq_dequeue(ip6_pktq)) != NULL) { |
while ((m = pktq_dequeue(ip6_pktq)) != NULL) { |
| struct psref psref; |
struct psref psref; |
| struct ifnet *rcvif = m_get_rcvif_psref(m, &psref); |
struct ifnet *rcvif = m_get_rcvif_psref(m, &psref); |
| Line 244 ip6intr(void *arg __unused) |
|
| Line 241 ip6intr(void *arg __unused) |
|
| ip6_input(m, rcvif); |
ip6_input(m, rcvif); |
| m_put_rcvif_psref(rcvif, &psref); |
m_put_rcvif_psref(rcvif, &psref); |
| } |
} |
| #ifndef NET_MPSAFE |
SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); |
| mutex_exit(softnet_lock); |
|
| #endif |
|
| } |
} |
| |
|
| void |
static void |
| ip6_input(struct mbuf *m, struct ifnet *rcvif) |
ip6_input(struct mbuf *m, struct ifnet *rcvif) |
| { |
{ |
| struct ip6_hdr *ip6; |
struct ip6_hdr *ip6; |
| int hit, off = sizeof(struct ip6_hdr), nest; |
int hit, off = sizeof(struct ip6_hdr), nest; |
| u_int32_t plen; |
u_int32_t plen; |
| u_int32_t rtalert = ~0; |
u_int32_t rtalert = ~0; |
| int nxt, ours = 0, rh_present = 0; |
int nxt, ours = 0, rh_present = 0, frg_present; |
| struct ifnet *deliverifp = NULL; |
struct ifnet *deliverifp = NULL; |
| int srcrt = 0; |
int srcrt = 0; |
| struct rtentry *rt = NULL; |
struct rtentry *rt = NULL; |
| Line 266 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 261 ip6_input(struct mbuf *m, struct ifnet * |
|
| } u; |
} u; |
| struct route *ro; |
struct route *ro; |
| |
|
| |
KASSERT(rcvif != NULL); |
| |
|
| /* |
/* |
| * make sure we don't have onion peering information into m_tag. |
* make sure we don't have onion peering information into m_tag. |
| */ |
*/ |
| Line 304 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 301 ip6_input(struct mbuf *m, struct ifnet * |
|
| */ |
*/ |
| if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { |
if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { |
| if ((m = m_copyup(m, sizeof(struct ip6_hdr), |
if ((m = m_copyup(m, sizeof(struct ip6_hdr), |
| (max_linkhdr + 3) & ~3)) == NULL) { |
(max_linkhdr + 3) & ~3)) == NULL) { |
| /* XXXJRT new stat, please */ |
/* XXXJRT new stat, please */ |
| IP6_STATINC(IP6_STAT_TOOSMALL); |
IP6_STATINC(IP6_STAT_TOOSMALL); |
| in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
| Line 326 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 323 ip6_input(struct mbuf *m, struct ifnet * |
|
| goto bad; |
goto bad; |
| } |
} |
| |
|
| |
if (ip6_badaddr(ip6)) { |
| |
IP6_STATINC(IP6_STAT_BADSCOPE); |
| |
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
| |
goto bad; |
| |
} |
| |
|
| /* |
/* |
| * Assume that we can create a fast-forward IP flow entry |
* Assume that we can create a fast-forward IP flow entry |
| * based on this packet. |
* based on this packet. |
| Line 338 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 341 ip6_input(struct mbuf *m, struct ifnet * |
|
| * not fast-forwarded, they must clear the M_CANFASTFWD flag. |
* not fast-forwarded, they must clear the M_CANFASTFWD flag. |
| * Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
| * in the list may have previously cleared it. |
* in the list may have previously cleared it. |
| */ |
* |
| /* |
* Don't call hooks if the packet has already been processed by |
| * let ipfilter look at packet on the wire, |
* IPsec (encapsulated, tunnel mode). |
| * not the decapsulated packet. |
|
| */ |
*/ |
| #if defined(IPSEC) |
#if defined(IPSEC) |
| if (!ipsec_used || !ipsec_indone(m)) |
if (!ipsec_used || !ipsec_skip_pfil(m)) |
| #else |
#else |
| if (1) |
if (1) |
| #endif |
#endif |
| { |
{ |
| struct in6_addr odst; |
struct in6_addr odst; |
| |
int error; |
| |
|
| odst = ip6->ip6_dst; |
odst = ip6->ip6_dst; |
| if (pfil_run_hooks(inet6_pfil_hook, &m, rcvif, PFIL_IN) != 0) |
error = pfil_run_hooks(inet6_pfil_hook, &m, rcvif, PFIL_IN); |
| return; |
if (error != 0 || m == NULL) { |
| if (m == NULL) |
IP6_STATINC(IP6_STAT_PFILDROP_IN); |
| return; |
return; |
| |
} |
| |
if (m->m_len < sizeof(struct ip6_hdr)) { |
| |
if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { |
| |
IP6_STATINC(IP6_STAT_TOOSMALL); |
| |
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
| |
return; |
| |
} |
| |
} |
| ip6 = mtod(m, struct ip6_hdr *); |
ip6 = mtod(m, struct ip6_hdr *); |
| srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); |
srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); |
| } |
} |
| Line 375 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 386 ip6_input(struct mbuf *m, struct ifnet * |
|
| #endif |
#endif |
| |
|
| /* |
/* |
| * Check against address spoofing/corruption. |
|
| */ |
|
| if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || |
|
| IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { |
|
| /* |
|
| * XXX: "badscope" is not very suitable for a multicast source. |
|
| */ |
|
| IP6_STATINC(IP6_STAT_BADSCOPE); |
|
| in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
| goto bad; |
|
| } |
|
| /* |
|
| * The following check is not documented in specs. A malicious |
|
| * party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
|
| * and bypass security checks (act as if it was from 127.0.0.1 by using |
|
| * IPv6 src ::ffff:127.0.0.1). Be cautious. |
|
| * |
|
| * This check chokes if we are in an SIIT cloud. As none of BSDs |
|
| * support IPv4-less kernel compilation, we cannot support SIIT |
|
| * environment at all. So, it makes more sense for us to reject any |
|
| * malicious packets for non-SIIT environment, than try to do a |
|
| * partial support for SIIT environment. |
|
| */ |
|
| if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
|
| IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
|
| IP6_STATINC(IP6_STAT_BADSCOPE); |
|
| in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
| goto bad; |
|
| } |
|
| #if 0 |
|
| /* |
|
| * Reject packets with IPv4 compatible addresses (auto tunnel). |
|
| * |
|
| * The code forbids auto tunnel relay case in RFC1933 (the check is |
|
| * stronger than RFC1933). We may want to re-enable it if mech-xx |
|
| * is revised to forbid relaying case. |
|
| */ |
|
| if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || |
|
| IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { |
|
| IP6_STATINC(IP6_STAT_BADSCOPE); |
|
| in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
| goto bad; |
|
| } |
|
| #endif |
|
| |
|
| /* |
|
| * Disambiguate address scope zones (if there is ambiguity). |
* Disambiguate address scope zones (if there is ambiguity). |
| * We first make sure that the original source or destination address |
* We first make sure that the original source or destination address |
| * is not in our internal form for scoped addresses. Such addresses |
* is not in our internal form for scoped addresses. Such addresses |
| Line 444 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 409 ip6_input(struct mbuf *m, struct ifnet * |
|
| goto bad; |
goto bad; |
| } |
} |
| |
|
| ro = percpu_getref(ip6_forward_rt_percpu); |
ro = rtcache_percpu_getref(ip6_forward_rt_percpu); |
| |
|
| /* |
/* |
| * Multicast check |
* Multicast check |
| */ |
*/ |
| Line 457 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 423 ip6_input(struct mbuf *m, struct ifnet * |
|
| * arrival interface. |
* arrival interface. |
| */ |
*/ |
| ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); |
ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); |
| if (ingroup) |
if (ingroup) { |
| ours = 1; |
ours = 1; |
| else if (!ip6_mrouter) { |
} else if (!ip6_mrouter) { |
| uint64_t *ip6s = IP6_STAT_GETREF(); |
uint64_t *ip6s = IP6_STAT_GETREF(); |
| ip6s[IP6_STAT_NOTMEMBER]++; |
ip6s[IP6_STAT_NOTMEMBER]++; |
| ip6s[IP6_STAT_CANTFORWARD]++; |
ip6s[IP6_STAT_CANTFORWARD]++; |
| Line 474 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 440 ip6_input(struct mbuf *m, struct ifnet * |
|
| sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); |
sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); |
| |
|
| /* |
/* |
| * Unicast check |
* Unicast check |
| */ |
*/ |
| rt = rtcache_lookup2(ro, &u.dst, 1, &hit); |
rt = rtcache_lookup2(ro, &u.dst, 1, &hit); |
| if (hit) |
if (hit) |
| Line 482 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 448 ip6_input(struct mbuf *m, struct ifnet * |
|
| else |
else |
| IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); |
IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); |
| |
|
| #define rt6_getkey(__rt) satocsin6(rt_getkey(__rt)) |
|
| |
|
| /* |
/* |
| * Accept the packet if the forwarding interface to the destination |
* Accept the packet if the forwarding interface to the destination |
| * according to the routing table is the loopback interface, |
* (according to the routing table) is the loopback interface, |
| * unless the associated route has a gateway. |
* unless the associated route has a gateway. |
| |
* |
| |
* We don't explicitly match ip6_dst against an interface here. It |
| |
* is already done in rtcache_lookup2: rt->rt_ifp->if_type will be |
| |
* IFT_LOOP if the packet is for us. |
| |
* |
| * Note that this approach causes to accept a packet if there is a |
* Note that this approach causes to accept a packet if there is a |
| * route to the loopback interface for the destination of the packet. |
* route to the loopback interface for the destination of the packet. |
| * But we think it's even useful in some situations, e.g. when using |
* But we think it's even useful in some situations, e.g. when using |
| Line 495 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 464 ip6_input(struct mbuf *m, struct ifnet * |
|
| */ |
*/ |
| if (rt != NULL && |
if (rt != NULL && |
| (rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && |
(rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && |
| #if 0 |
|
| /* |
|
| * The check below is redundant since the comparison of |
|
| * the destination and the key of the rtentry has |
|
| * already done through looking up the routing table. |
|
| */ |
|
| IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) && |
|
| #endif |
|
| rt->rt_ifp->if_type == IFT_LOOP) { |
rt->rt_ifp->if_type == IFT_LOOP) { |
| struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; |
struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; |
| |
int addrok; |
| |
|
| if (ia6->ia6_flags & IN6_IFF_ANYCAST) |
if (ia6->ia6_flags & IN6_IFF_ANYCAST) |
| m->m_flags |= M_ANYCAST6; |
m->m_flags |= M_ANYCAST6; |
| /* |
/* |
| * packets to a tentative, duplicated, or somehow invalid |
* packets to a tentative, duplicated, or somehow invalid |
| * address must not be accepted. |
* address must not be accepted. |
| */ |
*/ |
| if (!(ia6->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_DETACHED))) { |
if (ia6->ia6_flags & IN6_IFF_NOTREADY) |
| |
addrok = 0; |
| |
else if (ia6->ia6_flags & IN6_IFF_DETACHED && |
| |
!IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) |
| |
{ |
| |
/* Allow internal traffic to DETACHED addresses */ |
| |
struct sockaddr_in6 sin6; |
| |
int s; |
| |
|
| |
memset(&sin6, 0, sizeof(sin6)); |
| |
sin6.sin6_family = AF_INET6; |
| |
sin6.sin6_len = sizeof(sin6); |
| |
sin6.sin6_addr = ip6->ip6_src; |
| |
s = pserialize_read_enter(); |
| |
addrok = (ifa_ifwithaddr(sin6tosa(&sin6)) != NULL); |
| |
pserialize_read_exit(s); |
| |
} else |
| |
addrok = 1; |
| |
if (addrok) { |
| /* this address is ready */ |
/* this address is ready */ |
| ours = 1; |
ours = 1; |
| deliverifp = ia6->ia_ifp; /* correct? */ |
deliverifp = ia6->ia_ifp; /* correct? */ |
| Line 543 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 524 ip6_input(struct mbuf *m, struct ifnet * |
|
| } |
} |
| #endif |
#endif |
| |
|
| #if 0 |
|
| { |
|
| /* |
|
| * Last resort: check in6_ifaddr for incoming interface. |
|
| * The code is here until I update the "goto ours hack" code above |
|
| * working right. |
|
| */ |
|
| struct ifaddr *ifa; |
|
| IFADDR_READER_FOREACH(ifa, rcvif) { |
|
| if (ifa->ifa_addr->sa_family != AF_INET6) |
|
| continue; |
|
| if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { |
|
| ours = 1; |
|
| deliverifp = ifa->ifa_ifp; |
|
| goto hbhcheck; |
|
| } |
|
| } |
|
| } |
|
| #endif |
|
| |
|
| /* |
/* |
| * Now there is no reason to process the packet if it's not our own |
* Now there is no reason to process the packet if it's not our own |
| * and we're not a router. |
* and we're not a router. |
| Line 573 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 534 ip6_input(struct mbuf *m, struct ifnet * |
|
| goto bad_unref; |
goto bad_unref; |
| } |
} |
| |
|
| hbhcheck: |
hbhcheck: |
| /* |
/* |
| * record address information into m_tag, if we don't have one yet. |
* Record address information into m_tag, if we don't have one yet. |
| * note that we are unable to record it, if the address is not listed |
* Note that we are unable to record it, if the address is not listed |
| * as our interface address (e.g. multicast addresses, addresses |
* as our interface address (e.g. multicast addresses, addresses |
| * within FAITH prefixes and such). |
* within FAITH prefixes and such). |
| */ |
*/ |
| Line 606 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 567 ip6_input(struct mbuf *m, struct ifnet * |
|
| struct ip6_hbh *hbh; |
struct ip6_hbh *hbh; |
| |
|
| if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { |
if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { |
| #if 0 /*touches NULL pointer*/ |
/* m already freed */ |
| in6_ifstat_inc(rcvif, ifs6_in_discard); |
in6_ifstat_inc(rcvif, ifs6_in_discard); |
| #endif |
|
| rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
| percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
| return; /* m have already been freed */ |
return; |
| } |
} |
| |
|
| /* adjust pointer */ |
/* adjust pointer */ |
| Line 635 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 595 ip6_input(struct mbuf *m, struct ifnet * |
|
| ICMP6_PARAMPROB_HEADER, |
ICMP6_PARAMPROB_HEADER, |
| (char *)&ip6->ip6_plen - (char *)ip6); |
(char *)&ip6->ip6_plen - (char *)ip6); |
| rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
| percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
| return; |
return; |
| } |
} |
| IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
| Line 643 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 603 ip6_input(struct mbuf *m, struct ifnet * |
|
| if (hbh == NULL) { |
if (hbh == NULL) { |
| IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
| rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
| percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
| return; |
return; |
| } |
} |
| KASSERT(IP6_HDR_ALIGNED_P(hbh)); |
KASSERT(IP6_HDR_ALIGNED_P(hbh)); |
| Line 659 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 619 ip6_input(struct mbuf *m, struct ifnet * |
|
| nxt = ip6->ip6_nxt; |
nxt = ip6->ip6_nxt; |
| |
|
| /* |
/* |
| * Check that the amount of data in the buffers |
* Check that the amount of data in the buffers is at least much as |
| * is as at least much as the IPv6 header would have us expect. |
* the IPv6 header would have us expect. Trim mbufs if longer than we |
| * Trim mbufs if longer than we expect. |
* expect. Drop packet if shorter than we expect. |
| * Drop packet if shorter than we expect. |
|
| */ |
*/ |
| if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { |
if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { |
| IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
| Line 698 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 657 ip6_input(struct mbuf *m, struct ifnet * |
|
| |
|
| if (error != 0) { |
if (error != 0) { |
| rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
| percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
| IP6_STATINC(IP6_STAT_CANTFORWARD); |
IP6_STATINC(IP6_STAT_CANTFORWARD); |
| goto bad; |
goto bad; |
| } |
} |
| Line 707 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 666 ip6_input(struct mbuf *m, struct ifnet * |
|
| goto bad_unref; |
goto bad_unref; |
| } else if (!ours) { |
} else if (!ours) { |
| rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
| percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
| ip6_forward(m, srcrt); |
ip6_forward(m, srcrt); |
| return; |
return; |
| } |
} |
| Line 730 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 689 ip6_input(struct mbuf *m, struct ifnet * |
|
| goto bad_unref; |
goto bad_unref; |
| } |
} |
| |
|
| /* |
|
| * Tell launch routine the next header |
|
| */ |
|
| #ifdef IFA_STATS |
#ifdef IFA_STATS |
| if (deliverifp != NULL) { |
if (deliverifp != NULL) { |
| struct in6_ifaddr *ia6; |
struct in6_ifaddr *ia6; |
| Line 751 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 707 ip6_input(struct mbuf *m, struct ifnet * |
|
| rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
| rt = NULL; |
rt = NULL; |
| } |
} |
| percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
| |
|
| rh_present = 0; |
rh_present = 0; |
| |
frg_present = 0; |
| while (nxt != IPPROTO_DONE) { |
while (nxt != IPPROTO_DONE) { |
| if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { |
if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { |
| IP6_STATINC(IP6_STAT_TOOMANYHDR); |
IP6_STATINC(IP6_STAT_TOOMANYHDR); |
| Line 761 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 718 ip6_input(struct mbuf *m, struct ifnet * |
|
| goto bad; |
goto bad; |
| } |
} |
| |
|
| |
M_VERIFY_PACKET(m); |
| |
|
| /* |
/* |
| * protection against faulty packet - there should be |
* protection against faulty packet - there should be |
| * more sanity checks in header chain processing. |
* more sanity checks in header chain processing. |
| Line 777 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 736 ip6_input(struct mbuf *m, struct ifnet * |
|
| IP6_STATINC(IP6_STAT_BADOPTIONS); |
IP6_STATINC(IP6_STAT_BADOPTIONS); |
| goto bad; |
goto bad; |
| } |
} |
| |
} else if (nxt == IPPROTO_FRAGMENT) { |
| |
if (frg_present++) { |
| |
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
| |
IP6_STATINC(IP6_STAT_BADOPTIONS); |
| |
goto bad; |
| |
} |
| } |
} |
| |
|
| #ifdef IPSEC |
#ifdef IPSEC |
| if (ipsec_used) { |
if (ipsec_used) { |
| /* |
/* |
| * enforce IPsec policy checking if we are seeing last |
* Enforce IPsec policy checking if we are seeing last |
| * header. note that we do not visit this with |
* header. Note that we do not visit this with |
| * protocols with pcb layer code - like udp/tcp/raw ip. |
* protocols with pcb layer code - like udp/tcp/raw ip. |
| */ |
*/ |
| if ((inet6sw[ip_protox[nxt]].pr_flags |
if ((inet6sw[ip6_protox[nxt]].pr_flags |
| & PR_LASTHDR) != 0) { |
& PR_LASTHDR) != 0) { |
| int error; |
int error; |
| |
|
| error = ipsec6_input(m); |
error = ipsec_ip_input(m, false); |
| if (error) |
if (error) |
| goto bad; |
goto bad; |
| } |
} |
| } |
} |
| #endif /* IPSEC */ |
#endif |
| |
|
| SOFTNET_LOCK(); |
|
| nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
| SOFTNET_UNLOCK(); |
|
| } |
} |
| return; |
return; |
| |
|
| bad_unref: |
bad_unref: |
| rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
| percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
| bad: |
bad: |
| m_freem(m); |
m_freem(m); |
| return; |
return; |
| } |
} |
| |
|
| |
static bool |
| |
ip6_badaddr(struct ip6_hdr *ip6) |
| |
{ |
| |
/* Check against address spoofing/corruption. */ |
| |
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || |
| |
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { |
| |
return true; |
| |
} |
| |
|
| |
/* |
| |
* The following check is not documented in specs. A malicious |
| |
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
| |
* and bypass security checks (act as if it was from 127.0.0.1 by using |
| |
* IPv6 src ::ffff:127.0.0.1). Be cautious. |
| |
* |
| |
* This check chokes if we are in an SIIT cloud. As none of BSDs |
| |
* support IPv4-less kernel compilation, we cannot support SIIT |
| |
* environment at all. So, it makes more sense for us to reject any |
| |
* malicious packets for non-SIIT environment, than try to do a |
| |
* partial support for SIIT environment. |
| |
*/ |
| |
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
| |
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
| |
return true; |
| |
} |
| |
|
| |
/* |
| |
* Reject packets with IPv4-compatible IPv6 addresses (RFC4291). |
| |
*/ |
| |
if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || |
| |
IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { |
| |
return true; |
| |
} |
| |
|
| |
return false; |
| |
} |
| |
|
| /* |
/* |
| * set/grab in6_ifaddr correspond to IPv6 destination address. |
* set/grab in6_ifaddr correspond to IPv6 destination address. |
| */ |
*/ |
| Line 854 ip6_getdstifaddr(struct mbuf *m) |
|
| Line 854 ip6_getdstifaddr(struct mbuf *m) |
|
| * rtalertp - XXX: should be stored more smart way |
* rtalertp - XXX: should be stored more smart way |
| */ |
*/ |
| int |
int |
| ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, |
ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, |
| struct mbuf **mp, int *offp) |
struct mbuf **mp, int *offp) |
| { |
{ |
| struct mbuf *m = *mp; |
struct mbuf *m = *mp; |
| Line 863 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| Line 863 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| |
|
| /* validation of the length of the header */ |
/* validation of the length of the header */ |
| IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, |
| sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); |
sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); |
| if (hbh == NULL) { |
if (hbh == NULL) { |
| IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
| return -1; |
return -1; |
| } |
} |
| hbhlen = (hbh->ip6h_len + 1) << 3; |
hbhlen = (hbh->ip6h_len + 1) << 3; |
| IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
| hbhlen); |
hbhlen); |
| if (hbh == NULL) { |
if (hbh == NULL) { |
| IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
| return -1; |
return -1; |
| Line 880 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| Line 880 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| hbhlen -= sizeof(struct ip6_hbh); |
hbhlen -= sizeof(struct ip6_hbh); |
| |
|
| if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), |
if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), |
| hbhlen, rtalertp, plenp) < 0) |
hbhlen, rtalertp, plenp) < 0) |
| return (-1); |
return -1; |
| |
|
| *offp = off; |
*offp = off; |
| *mp = m; |
*mp = m; |
| return (0); |
return 0; |
| } |
} |
| |
|
| /* |
/* |
| Line 899 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| Line 899 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| * opthead + hbhlen is located in continuous memory region. |
* opthead + hbhlen is located in continuous memory region. |
| */ |
*/ |
| static int |
static int |
| ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, |
ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, |
| u_int32_t *rtalertp, u_int32_t *plenp) |
u_int32_t *rtalertp, u_int32_t *plenp) |
| { |
{ |
| struct ip6_hdr *ip6; |
struct ip6_hdr *ip6; |
| Line 968 ip6_process_hopopts(struct mbuf *m, u_in |
|
| Line 968 ip6_process_hopopts(struct mbuf *m, u_in |
|
| |
|
| /* |
/* |
| * We may see jumbolen in unaligned location, so |
* We may see jumbolen in unaligned location, so |
| * we'd need to perform bcopy(). |
* we'd need to perform memcpy(). |
| */ |
*/ |
| memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); |
memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); |
| jumboplen = (u_int32_t)htonl(jumboplen); |
jumboplen = (u_int32_t)htonl(jumboplen); |
| Line 1062 ip6_unknown_opt(u_int8_t *optp, struct m |
|
| Line 1062 ip6_unknown_opt(u_int8_t *optp, struct m |
|
| return (-1); |
return (-1); |
| } |
} |
| |
|
| /* |
|
| * Create the "control" list for this pcb. |
|
| * |
|
| * The routine will be called from upper layer handlers like tcp6_input(). |
|
| * Thus the routine assumes that the caller (tcp6_input) have already |
|
| * called IP6_EXTHDR_CHECK() and all the extension headers are located in the |
|
| * very first mbuf on the mbuf chain. |
|
| * We may want to add some infinite loop prevention or sanity checks for safety. |
|
| * (This applies only when you are using KAME mbuf chain restriction, i.e. |
|
| * you are using IP6_EXTHDR_CHECK() not m_pulldown()) |
|
| */ |
|
| void |
void |
| ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, |
ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, |
| struct ip6_hdr *ip6, struct mbuf *m) |
struct ip6_hdr *ip6, struct mbuf *m) |
| { |
{ |
| struct socket *so = in6p->in6p_socket; |
struct socket *so = in6p->in6p_socket; |
| Line 1084 ip6_savecontrol(struct in6pcb *in6p, str |
|
| Line 1073 ip6_savecontrol(struct in6pcb *in6p, str |
|
| #define IS2292(x, y) (y) |
#define IS2292(x, y) (y) |
| #endif |
#endif |
| |
|
| |
KASSERT(m->m_flags & M_PKTHDR); |
| |
|
| if (SOOPT_TIMESTAMP(so->so_options)) |
if (SOOPT_TIMESTAMP(so->so_options)) |
| mp = sbsavetimestamp(so->so_options, m, mp); |
mp = sbsavetimestamp(so->so_options, mp); |
| |
|
| /* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ |
/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ |
| if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) |
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) |
| Line 1306 ip6_notify_pmtu(struct in6pcb *in6p, con |
|
| Line 1297 ip6_notify_pmtu(struct in6pcb *in6p, con |
|
| |
|
| if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) |
if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) |
| == 0) { |
== 0) { |
| |
soroverflow(so); |
| m_freem(m_mtu); |
m_freem(m_mtu); |
| /* XXX: should count statistics */ |
|
| } else |
} else |
| sorwakeup(so); |
sorwakeup(so); |
| |
|
| Line 1325 ip6_pullexthdr(struct mbuf *m, size_t of |
|
| Line 1316 ip6_pullexthdr(struct mbuf *m, size_t of |
|
| size_t elen; |
size_t elen; |
| struct mbuf *n; |
struct mbuf *n; |
| |
|
| #ifdef DIAGNOSTIC |
if (off + sizeof(ip6e) > m->m_pkthdr.len) |
| switch (nxt) { |
return NULL; |
| case IPPROTO_DSTOPTS: |
|
| case IPPROTO_ROUTING: |
|
| case IPPROTO_HOPOPTS: |
|
| case IPPROTO_AH: /* is it possible? */ |
|
| break; |
|
| default: |
|
| printf("ip6_pullexthdr: invalid nxt=%d\n", nxt); |
|
| } |
|
| #endif |
|
| |
|
| m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); |
m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); |
| if (nxt == IPPROTO_AH) |
if (nxt == IPPROTO_AH) |
| Line 1343 ip6_pullexthdr(struct mbuf *m, size_t of |
|
| Line 1325 ip6_pullexthdr(struct mbuf *m, size_t of |
|
| else |
else |
| elen = (ip6e.ip6e_len + 1) << 3; |
elen = (ip6e.ip6e_len + 1) << 3; |
| |
|
| |
if (off + elen > m->m_pkthdr.len) |
| |
return NULL; |
| |
|
| MGET(n, M_DONTWAIT, MT_DATA); |
MGET(n, M_DONTWAIT, MT_DATA); |
| if (n && elen >= MLEN) { |
if (n && elen >= MLEN) { |
| MCLGET(n, M_DONTWAIT); |
MCLGET(n, M_DONTWAIT); |
| Line 1366 ip6_pullexthdr(struct mbuf *m, size_t of |
|
| Line 1351 ip6_pullexthdr(struct mbuf *m, size_t of |
|
| } |
} |
| |
|
| /* |
/* |
| * Get pointer to the previous header followed by the header |
* Get offset to the previous header followed by the header |
| * currently processed. |
* currently processed. |
| * XXX: This function supposes that |
|
| * M includes all headers, |
|
| * the next header field and the header length field of each header |
|
| * are valid, and |
|
| * the sum of each header length equals to OFF. |
|
| * Because of these assumptions, this function must be called very |
|
| * carefully. Moreover, it will not be used in the near future when |
|
| * we develop `neater' mechanism to process extension headers. |
|
| */ |
*/ |
| u_int8_t * |
int |
| ip6_get_prevhdr(struct mbuf *m, int off) |
ip6_get_prevhdr(struct mbuf *m, int off) |
| { |
{ |
| struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); |
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); |
| |
|
| if (off == sizeof(struct ip6_hdr)) |
if (off == sizeof(struct ip6_hdr)) { |
| return (&ip6->ip6_nxt); |
return offsetof(struct ip6_hdr, ip6_nxt); |
| else { |
} else if (off < sizeof(struct ip6_hdr)) { |
| int len, nxt; |
panic("%s: off < sizeof(struct ip6_hdr)", __func__); |
| struct ip6_ext *ip6e = NULL; |
} else { |
| |
int len, nlen, nxt; |
| |
struct ip6_ext ip6e; |
| |
|
| nxt = ip6->ip6_nxt; |
nxt = ip6->ip6_nxt; |
| len = sizeof(struct ip6_hdr); |
len = sizeof(struct ip6_hdr); |
| |
nlen = 0; |
| while (len < off) { |
while (len < off) { |
| ip6e = (struct ip6_ext *)(mtod(m, char *) + len); |
m_copydata(m, len, sizeof(ip6e), &ip6e); |
| |
|
| switch (nxt) { |
switch (nxt) { |
| case IPPROTO_FRAGMENT: |
case IPPROTO_FRAGMENT: |
| len += sizeof(struct ip6_frag); |
nlen = sizeof(struct ip6_frag); |
| break; |
break; |
| case IPPROTO_AH: |
case IPPROTO_AH: |
| len += (ip6e->ip6e_len + 2) << 2; |
nlen = (ip6e.ip6e_len + 2) << 2; |
| break; |
break; |
| default: |
default: |
| len += (ip6e->ip6e_len + 1) << 3; |
nlen = (ip6e.ip6e_len + 1) << 3; |
| break; |
break; |
| } |
} |
| nxt = ip6e->ip6e_nxt; |
len += nlen; |
| |
nxt = ip6e.ip6e_nxt; |
| } |
} |
| if (ip6e) |
|
| return (&ip6e->ip6e_nxt); |
return (len - nlen); |
| else |
|
| return NULL; |
|
| } |
} |
| } |
} |
| |
|
| Line 1425 ip6_nexthdr(struct mbuf *m, int off, int |
|
| Line 1404 ip6_nexthdr(struct mbuf *m, int off, int |
|
| |
|
| /* just in case */ |
/* just in case */ |
| if (m == NULL) |
if (m == NULL) |
| panic("ip6_nexthdr: m == NULL"); |
panic("%s: m == NULL", __func__); |
| if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) |
if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) |
| return -1; |
return -1; |
| |
|
| Line 1519 ip6_lasthdr(struct mbuf *m, int off, int |
|
| Line 1498 ip6_lasthdr(struct mbuf *m, int off, int |
|
| } |
} |
| } |
} |
| |
|
| struct m_tag * |
static struct m_tag * |
| ip6_addaux(struct mbuf *m) |
ip6_addaux(struct mbuf *m) |
| { |
{ |
| struct m_tag *mtag; |
struct m_tag *mtag; |
| |
|
| mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); |
mtag = m_tag_find(m, PACKET_TAG_INET6); |
| if (!mtag) { |
if (!mtag) { |
| mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), |
mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), |
| M_NOWAIT); |
M_NOWAIT); |
| Line 1536 ip6_addaux(struct mbuf *m) |
|
| Line 1515 ip6_addaux(struct mbuf *m) |
|
| return mtag; |
return mtag; |
| } |
} |
| |
|
| struct m_tag * |
static struct m_tag * |
| ip6_findaux(struct mbuf *m) |
ip6_findaux(struct mbuf *m) |
| { |
{ |
| struct m_tag *mtag; |
struct m_tag *mtag; |
| |
|
| mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); |
mtag = m_tag_find(m, PACKET_TAG_INET6); |
| return mtag; |
return mtag; |
| } |
} |
| |
|
| void |
static void |
| ip6_delaux(struct mbuf *m) |
ip6_delaux(struct mbuf *m) |
| { |
{ |
| struct m_tag *mtag; |
struct m_tag *mtag; |
| |
|
| mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); |
mtag = m_tag_find(m, PACKET_TAG_INET6); |
| if (mtag) |
if (mtag) |
| m_tag_delete(m, mtag); |
m_tag_delete(m, mtag); |
| } |
} |
| Line 1580 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
| Line 1559 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
| static void |
static void |
| sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
| { |
{ |
| #ifdef RFC2292 |
|
| #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
|
| #else |
|
| #define IS2292(x, y) (y) |
|
| #endif |
|
| |
|
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT, |
CTLFLAG_PERMANENT, |
| Line 1620 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1594 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| NULL, 0, &ip6_defhlim, 0, |
NULL, 0, &ip6_defhlim, 0, |
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| IPV6CTL_DEFHLIM, CTL_EOL); |
IPV6CTL_DEFHLIM, CTL_EOL); |
| #ifdef notyet |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "mtu", NULL, |
|
| NULL, 0, &, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_DEFMTU, CTL_EOL); |
|
| #endif |
|
| #ifdef __no_idea__ |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "forwsrcrt", NULL, |
|
| NULL, 0, &?, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_FORWSRCRT, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_STRUCT, "mrtstats", NULL, |
|
| NULL, 0, &?, sizeof(?), |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_MRTSTATS, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_?, "mrtproto", NULL, |
|
| NULL, 0, &?, sizeof(?), |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_MRTPROTO, CTL_EOL); |
|
| #endif |
|
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| CTLTYPE_INT, "maxfragpackets", |
CTLTYPE_INT, "maxfragpackets", |
| Line 1656 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1602 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| NULL, 0, &ip6_maxfragpackets, 0, |
NULL, 0, &ip6_maxfragpackets, 0, |
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| IPV6CTL_MAXFRAGPACKETS, CTL_EOL); |
IPV6CTL_MAXFRAGPACKETS, CTL_EOL); |
| #ifdef __no_idea__ |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "sourcecheck", NULL, |
|
| NULL, 0, &?, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_SOURCECHECK, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "sourcecheck_logint", NULL, |
|
| NULL, 0, &?, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL); |
|
| #endif |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "accept_rtadv", |
|
| SYSCTL_DESCR("Accept router advertisements"), |
|
| NULL, 0, &ip6_accept_rtadv, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_ACCEPT_RTADV, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "rtadv_maxroutes", |
|
| SYSCTL_DESCR("Maximum number of routes accepted via router advertisements"), |
|
| NULL, 0, &ip6_rtadv_maxroutes, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_RTADV_MAXROUTES, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT, |
|
| CTLTYPE_INT, "rtadv_numroutes", |
|
| SYSCTL_DESCR("Current number of routes accepted via router advertisements"), |
|
| NULL, 0, &nd6_numroutes, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_RTADV_NUMROUTES, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| CTLTYPE_INT, "keepfaith", |
CTLTYPE_INT, "keepfaith", |
| Line 1701 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1612 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| CTLTYPE_INT, "log_interval", |
CTLTYPE_INT, "log_interval", |
| SYSCTL_DESCR("Minumum interval between logging " |
SYSCTL_DESCR("Minimum interval between logging " |
| "unroutable packets"), |
"unroutable packets"), |
| NULL, 0, &ip6_log_interval, 0, |
NULL, 0, &ip6_log_interval, 0, |
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| Line 1751 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1662 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| IPV6CTL_USE_DEPRECATED, CTL_EOL); |
IPV6CTL_USE_DEPRECATED, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "rr_prune", NULL, |
|
| NULL, 0, &ip6_rr_prune, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_RR_PRUNE, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT |
CTLFLAG_PERMANENT |
| #ifndef INET6_BINDV6ONLY |
#ifndef INET6_BINDV6ONLY |
| |CTLFLAG_READWRITE, |
|CTLFLAG_READWRITE, |
| Line 1818 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1723 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| IPV6CTL_ADDRCTLPOLICY, CTL_EOL); |
IPV6CTL_ADDRCTLPOLICY, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| CTLTYPE_INT, "use_tempaddr", |
|
| SYSCTL_DESCR("Use temporary address"), |
|
| NULL, 0, &ip6_use_tempaddr, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| CTL_CREATE, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "prefer_tempaddr", |
CTLTYPE_INT, "prefer_tempaddr", |
| SYSCTL_DESCR("Prefer temporary address as source " |
SYSCTL_DESCR("Prefer temporary address as source " |
| "address"), |
"address"), |
| Line 1833 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1731 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| CTL_CREATE, CTL_EOL); |
CTL_CREATE, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| CTLTYPE_INT, "temppltime", |
|
| SYSCTL_DESCR("preferred lifetime of a temporary address"), |
|
| NULL, 0, &ip6_temp_preferred_lifetime, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| CTL_CREATE, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "tempvltime", |
|
| SYSCTL_DESCR("valid lifetime of a temporary address"), |
|
| NULL, 0, &ip6_temp_valid_lifetime, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| CTL_CREATE, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "maxfrags", |
CTLTYPE_INT, "maxfrags", |
| SYSCTL_DESCR("Maximum fragments in reassembly queue"), |
SYSCTL_DESCR("Maximum fragments in reassembly queue"), |
| NULL, 0, &ip6_maxfrags, 0, |
NULL, 0, &ip6_maxfrags, 0, |
| Line 1909 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1793 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| CTL_CREATE, CTL_EOL); |
CTL_CREATE, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| CTLTYPE_INT, "maxifprefixes", |
|
| SYSCTL_DESCR("Maximum number of prefixes created by" |
|
| " route advertisement per interface"), |
|
| NULL, 1, &ip6_maxifprefixes, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| CTL_CREATE, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "maxifdefrouters", |
|
| SYSCTL_DESCR("Maximum number of default routers created" |
|
| " by route advertisement per interface"), |
|
| NULL, 1, &ip6_maxifdefrouters, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| CTL_CREATE, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "maxdynroutes", |
CTLTYPE_INT, "maxdynroutes", |
| SYSCTL_DESCR("Maximum number of routes created via" |
SYSCTL_DESCR("Maximum number of routes created via" |
| " redirect"), |
" redirect"), |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip6_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet6