version 1.149.4.3, 2015/12/27 12:10:07 |
version 1.150, 2015/01/20 21:27:36 |
|
|
#include <sys/cdefs.h> |
#include <sys/cdefs.h> |
__KERNEL_RCSID(0, "$NetBSD$"); |
__KERNEL_RCSID(0, "$NetBSD$"); |
|
|
#ifdef _KERNEL_OPT |
|
#include "opt_gateway.h" |
#include "opt_gateway.h" |
#include "opt_inet.h" |
#include "opt_inet.h" |
#include "opt_inet6.h" |
#include "opt_inet6.h" |
#include "opt_ipsec.h" |
#include "opt_ipsec.h" |
#include "opt_compat_netbsd.h" |
#include "opt_compat_netbsd.h" |
#endif |
|
|
|
#include <sys/param.h> |
#include <sys/param.h> |
#include <sys/systm.h> |
#include <sys/systm.h> |
Line 421 ip6_input(struct mbuf *m) |
|
Line 419 ip6_input(struct mbuf *m) |
|
* to the usage conflict. |
* to the usage conflict. |
* in6_setscope() then also checks and rejects the cases where src or |
* in6_setscope() then also checks and rejects the cases where src or |
* dst are the loopback address and the receiving interface |
* dst are the loopback address and the receiving interface |
* is not loopback. |
* is not loopback. |
*/ |
*/ |
if (__predict_false( |
if (__predict_false( |
m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) |
m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) |
Line 750 ip6_input(struct mbuf *m) |
|
Line 748 ip6_input(struct mbuf *m) |
|
|
|
#ifdef IPSEC |
#ifdef IPSEC |
if (ipsec_used) { |
if (ipsec_used) { |
|
struct m_tag *mtag; |
|
struct tdb_ident *tdbi; |
|
struct secpolicy *sp; |
|
int s, error; |
|
|
/* |
/* |
* enforce IPsec policy checking if we are seeing last |
* enforce IPsec policy checking if we are seeing last |
* header. note that we do not visit this with |
* header. note that we do not visit this with |
Line 757 ip6_input(struct mbuf *m) |
|
Line 760 ip6_input(struct mbuf *m) |
|
*/ |
*/ |
if ((inet6sw[ip_protox[nxt]].pr_flags |
if ((inet6sw[ip_protox[nxt]].pr_flags |
& PR_LASTHDR) != 0) { |
& PR_LASTHDR) != 0) { |
int error = ipsec6_input(m); |
/* |
|
* Check if the packet has already had IPsec |
|
* processing done. If so, then just pass it |
|
* along. This tag gets set during AH, ESP, |
|
* etc. input handling, before the packet is |
|
* returned to the ip input queue for delivery. |
|
*/ |
|
mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, |
|
NULL); |
|
s = splsoftnet(); |
|
if (mtag != NULL) { |
|
tdbi = (struct tdb_ident *)(mtag + 1); |
|
sp = ipsec_getpolicy(tdbi, |
|
IPSEC_DIR_INBOUND); |
|
} else { |
|
sp = ipsec_getpolicybyaddr(m, |
|
IPSEC_DIR_INBOUND, IP_FORWARDING, |
|
&error); |
|
} |
|
if (sp != NULL) { |
|
/* |
|
* Check security policy against packet |
|
* attributes. |
|
*/ |
|
error = ipsec_in_reject(sp, m); |
|
KEY_FREESP(&sp); |
|
} else { |
|
/* XXX error stat??? */ |
|
error = EINVAL; |
|
DPRINTF(("ip6_input: no SP, packet" |
|
" discarded\n"));/*XXX*/ |
|
} |
|
splx(s); |
if (error) |
if (error) |
goto bad; |
goto bad; |
} |
} |
Line 814 ip6_getdstifaddr(struct mbuf *m) |
|
Line 849 ip6_getdstifaddr(struct mbuf *m) |
|
* rtalertp - XXX: should be stored more smart way |
* rtalertp - XXX: should be stored more smart way |
*/ |
*/ |
int |
int |
ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, |
ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp, |
struct mbuf **mp, int *offp) |
struct mbuf **mp, int *offp) |
{ |
{ |
struct mbuf *m = *mp; |
struct mbuf *m = *mp; |
Line 859 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
Line 894 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
* opthead + hbhlen is located in continuous memory region. |
* opthead + hbhlen is located in continuous memory region. |
*/ |
*/ |
static int |
static int |
ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, |
ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen, |
u_int32_t *rtalertp, u_int32_t *plenp) |
u_int32_t *rtalertp, u_int32_t *plenp) |
{ |
{ |
struct ip6_hdr *ip6; |
struct ip6_hdr *ip6; |
Line 1034 ip6_unknown_opt(u_int8_t *optp, struct m |
|
Line 1069 ip6_unknown_opt(u_int8_t *optp, struct m |
|
* you are using IP6_EXTHDR_CHECK() not m_pulldown()) |
* you are using IP6_EXTHDR_CHECK() not m_pulldown()) |
*/ |
*/ |
void |
void |
ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, |
ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, |
struct ip6_hdr *ip6, struct mbuf *m) |
struct ip6_hdr *ip6, struct mbuf *m) |
{ |
{ |
#ifdef RFC2292 |
#ifdef RFC2292 |
Line 1539 ip6_delaux(struct mbuf *m) |
|
Line 1574 ip6_delaux(struct mbuf *m) |
|
} |
} |
|
|
#ifdef GATEWAY |
#ifdef GATEWAY |
/* |
/* |
* sysctl helper routine for net.inet.ip6.maxflows. Since |
* sysctl helper routine for net.inet.ip6.maxflows. Since |
* we could reduce this value, call ip6flow_reap(); |
* we could reduce this value, call ip6flow_reap(); |
*/ |
*/ |
static int |
static int |
sysctl_net_inet6_ip6_maxflows(SYSCTLFN_ARGS) |
sysctl_net_inet6_ip6_maxflows(SYSCTLFN_ARGS) |
{ |
{ |
int error; |
int error; |
|
|
error = sysctl_lookup(SYSCTLFN_CALL(rnode)); |
error = sysctl_lookup(SYSCTLFN_CALL(rnode)); |
if (error || newp == NULL) |
if (error || newp == NULL) |
return (error); |
return (error); |
|
|
mutex_enter(softnet_lock); |
mutex_enter(softnet_lock); |
KERNEL_LOCK(1, NULL); |
KERNEL_LOCK(1, NULL); |
|
|
Line 1559 sysctl_net_inet6_ip6_maxflows(SYSCTLFN_A |
|
Line 1594 sysctl_net_inet6_ip6_maxflows(SYSCTLFN_A |
|
|
|
KERNEL_UNLOCK_ONE(NULL); |
KERNEL_UNLOCK_ONE(NULL); |
mutex_exit(softnet_lock); |
mutex_exit(softnet_lock); |
|
|
return (0); |
return (0); |
} |
} |
|
|
static int |
static int |
sysctl_net_inet6_ip6_hashsize(SYSCTLFN_ARGS) |
sysctl_net_inet6_ip6_hashsize(SYSCTLFN_ARGS) |
{ |
{ |
int error, tmp; |
int error, tmp; |
struct sysctlnode node; |
struct sysctlnode node; |
|
|
Line 1592 sysctl_net_inet6_ip6_hashsize(SYSCTLFN_A |
|
Line 1627 sysctl_net_inet6_ip6_hashsize(SYSCTLFN_A |
|
* EINVAL if not a power of 2 |
* EINVAL if not a power of 2 |
*/ |
*/ |
error = EINVAL; |
error = EINVAL; |
} |
} |
|
|
return error; |
return error; |
} |
} |
Line 1611 const u_char inet6ctlerrmap[PRC_NCMDS] = |
|
Line 1646 const u_char inet6ctlerrmap[PRC_NCMDS] = |
|
ENOPROTOOPT |
ENOPROTOOPT |
}; |
}; |
|
|
extern int sysctl_net_inet6_addrctlpolicy(SYSCTLFN_ARGS); |
|
|
|
static int |
static int |
sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS) |
sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS) |
{ |
{ |
Line 1821 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1854 sysctl_net_inet6_ip6_setup(struct sysctl |
|
IPV6CTL_V6ONLY, CTL_EOL); |
IPV6CTL_V6ONLY, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "auto_linklocal", |
|
SYSCTL_DESCR("Default value of per-interface flag for " |
|
"adding an IPv6 link-local address to " |
|
"interfaces when attached"), |
|
NULL, 0, &ip6_auto_linklocal, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_AUTO_LINKLOCAL, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "anonportmin", |
CTLTYPE_INT, "anonportmin", |
SYSCTL_DESCR("Lowest ephemeral port number to assign"), |
SYSCTL_DESCR("Lowest ephemeral port number to assign"), |
sysctl_net_inet_ip_ports, 0, &ip6_anonportmin, 0, |
sysctl_net_inet_ip_ports, 0, &ip6_anonportmin, 0, |
Line 1853 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1895 sysctl_net_inet6_ip6_setup(struct sysctl |
|
#endif /* IPNOPRIVPORTS */ |
#endif /* IPNOPRIVPORTS */ |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "auto_linklocal", |
|
SYSCTL_DESCR("Default value of per-interface flag for " |
|
"adding an IPv6 link-local address to " |
|
"interfaces when attached"), |
|
NULL, 0, &ip6_auto_linklocal, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_AUTO_LINKLOCAL, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READONLY, |
|
CTLTYPE_STRUCT, "addctlpolicy", |
|
SYSCTL_DESCR("Return the current address control" |
|
" policy"), |
|
sysctl_net_inet6_addrctlpolicy, 0, NULL, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_ADDRCTLPOLICY, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "use_tempaddr", |
CTLTYPE_INT, "use_tempaddr", |
SYSCTL_DESCR("Use temporary address"), |
SYSCTL_DESCR("Use temporary address"), |
NULL, 0, &ip6_use_tempaddr, 0, |
NULL, 0, &ip6_use_tempaddr, 0, |
Line 1925 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1950 sysctl_net_inet6_ip6_setup(struct sysctl |
|
NULL, 0, &ip6_mcast_pmtu, 0, |
NULL, 0, &ip6_mcast_pmtu, 0, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_CREATE, CTL_EOL); |
CTL_CREATE, CTL_EOL); |
#ifdef GATEWAY |
#ifdef GATEWAY |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "maxflows", |
CTLTYPE_INT, "maxflows", |