version 1.150, 2015/01/20 21:27:36 |
version 1.155, 2016/02/04 02:48:37 |
|
|
#include <sys/cdefs.h> |
#include <sys/cdefs.h> |
__KERNEL_RCSID(0, "$NetBSD$"); |
__KERNEL_RCSID(0, "$NetBSD$"); |
|
|
|
#ifdef _KERNEL_OPT |
#include "opt_gateway.h" |
#include "opt_gateway.h" |
#include "opt_inet.h" |
#include "opt_inet.h" |
#include "opt_inet6.h" |
#include "opt_inet6.h" |
#include "opt_ipsec.h" |
#include "opt_ipsec.h" |
#include "opt_compat_netbsd.h" |
#include "opt_compat_netbsd.h" |
|
#endif |
|
|
#include <sys/param.h> |
#include <sys/param.h> |
#include <sys/systm.h> |
#include <sys/systm.h> |
Line 125 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 127 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <netinet6/ip6protosw.h> |
#include <netinet6/ip6protosw.h> |
|
|
#include "faith.h" |
#include "faith.h" |
#include "gif.h" |
|
|
|
#if NGIF > 0 |
|
#include <netinet6/in6_gif.h> |
|
#endif |
|
|
|
#include <net/net_osdep.h> |
#include <net/net_osdep.h> |
|
|
Line 139 u_char ip6_protox[IPPROTO_MAX]; |
|
Line 136 u_char ip6_protox[IPPROTO_MAX]; |
|
struct in6_ifaddr *in6_ifaddr; |
struct in6_ifaddr *in6_ifaddr; |
pktqueue_t *ip6_pktq __read_mostly; |
pktqueue_t *ip6_pktq __read_mostly; |
|
|
extern callout_t in6_tmpaddrtimer_ch; |
|
|
|
int ip6_forward_srcrt; /* XXX */ |
int ip6_forward_srcrt; /* XXX */ |
int ip6_sourcecheck; /* XXX */ |
int ip6_sourcecheck; /* XXX */ |
int ip6_sourcecheck_interval; /* XXX */ |
int ip6_sourcecheck_interval; /* XXX */ |
Line 748 ip6_input(struct mbuf *m) |
|
Line 743 ip6_input(struct mbuf *m) |
|
|
|
#ifdef IPSEC |
#ifdef IPSEC |
if (ipsec_used) { |
if (ipsec_used) { |
struct m_tag *mtag; |
|
struct tdb_ident *tdbi; |
|
struct secpolicy *sp; |
|
int s, error; |
|
|
|
/* |
/* |
* enforce IPsec policy checking if we are seeing last |
* enforce IPsec policy checking if we are seeing last |
* header. note that we do not visit this with |
* header. note that we do not visit this with |
Line 760 ip6_input(struct mbuf *m) |
|
Line 750 ip6_input(struct mbuf *m) |
|
*/ |
*/ |
if ((inet6sw[ip_protox[nxt]].pr_flags |
if ((inet6sw[ip_protox[nxt]].pr_flags |
& PR_LASTHDR) != 0) { |
& PR_LASTHDR) != 0) { |
/* |
int error = ipsec6_input(m); |
* Check if the packet has already had IPsec |
|
* processing done. If so, then just pass it |
|
* along. This tag gets set during AH, ESP, |
|
* etc. input handling, before the packet is |
|
* returned to the ip input queue for delivery. |
|
*/ |
|
mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, |
|
NULL); |
|
s = splsoftnet(); |
|
if (mtag != NULL) { |
|
tdbi = (struct tdb_ident *)(mtag + 1); |
|
sp = ipsec_getpolicy(tdbi, |
|
IPSEC_DIR_INBOUND); |
|
} else { |
|
sp = ipsec_getpolicybyaddr(m, |
|
IPSEC_DIR_INBOUND, IP_FORWARDING, |
|
&error); |
|
} |
|
if (sp != NULL) { |
|
/* |
|
* Check security policy against packet |
|
* attributes. |
|
*/ |
|
error = ipsec_in_reject(sp, m); |
|
KEY_FREESP(&sp); |
|
} else { |
|
/* XXX error stat??? */ |
|
error = EINVAL; |
|
DPRINTF(("ip6_input: no SP, packet" |
|
" discarded\n"));/*XXX*/ |
|
} |
|
splx(s); |
|
if (error) |
if (error) |
goto bad; |
goto bad; |
} |
} |
Line 1646 const u_char inet6ctlerrmap[PRC_NCMDS] = |
|
Line 1604 const u_char inet6ctlerrmap[PRC_NCMDS] = |
|
ENOPROTOOPT |
ENOPROTOOPT |
}; |
}; |
|
|
|
extern int sysctl_net_inet6_addrctlpolicy(SYSCTLFN_ARGS); |
|
|
static int |
static int |
sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS) |
sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS) |
{ |
{ |
Line 1811 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1771 sysctl_net_inet6_ip6_setup(struct sysctl |
|
NULL, 0, &ip6_defmcasthlim, 0, |
NULL, 0, &ip6_defmcasthlim, 0, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
IPV6CTL_DEFMCASTHLIM, CTL_EOL); |
IPV6CTL_DEFMCASTHLIM, CTL_EOL); |
#if NGIF > 0 |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "gifhlim", |
|
SYSCTL_DESCR("Default hop limit for a gif tunnel datagram"), |
|
NULL, 0, &ip6_gif_hlim, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_GIF_HLIM, CTL_EOL); |
|
#endif /* NGIF */ |
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT, |
CTLFLAG_PERMANENT, |
CTLTYPE_STRING, "kame_version", |
CTLTYPE_STRING, "kame_version", |
Line 1854 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1805 sysctl_net_inet6_ip6_setup(struct sysctl |
|
IPV6CTL_V6ONLY, CTL_EOL); |
IPV6CTL_V6ONLY, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "auto_linklocal", |
|
SYSCTL_DESCR("Default value of per-interface flag for " |
|
"adding an IPv6 link-local address to " |
|
"interfaces when attached"), |
|
NULL, 0, &ip6_auto_linklocal, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_AUTO_LINKLOCAL, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "anonportmin", |
CTLTYPE_INT, "anonportmin", |
SYSCTL_DESCR("Lowest ephemeral port number to assign"), |
SYSCTL_DESCR("Lowest ephemeral port number to assign"), |
sysctl_net_inet_ip_ports, 0, &ip6_anonportmin, 0, |
sysctl_net_inet_ip_ports, 0, &ip6_anonportmin, 0, |
Line 1895 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1837 sysctl_net_inet6_ip6_setup(struct sysctl |
|
#endif /* IPNOPRIVPORTS */ |
#endif /* IPNOPRIVPORTS */ |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "auto_linklocal", |
|
SYSCTL_DESCR("Default value of per-interface flag for " |
|
"adding an IPv6 link-local address to " |
|
"interfaces when attached"), |
|
NULL, 0, &ip6_auto_linklocal, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_AUTO_LINKLOCAL, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READONLY, |
|
CTLTYPE_STRUCT, "addctlpolicy", |
|
SYSCTL_DESCR("Return the current address control" |
|
" policy"), |
|
sysctl_net_inet6_addrctlpolicy, 0, NULL, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_ADDRCTLPOLICY, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "use_tempaddr", |
CTLTYPE_INT, "use_tempaddr", |
SYSCTL_DESCR("Use temporary address"), |
SYSCTL_DESCR("Use temporary address"), |
NULL, 0, &ip6_use_tempaddr, 0, |
NULL, 0, &ip6_use_tempaddr, 0, |