Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.170 retrieving revision 1.194 diff -u -p -r1.170 -r1.194 --- src/sys/netinet6/ip6_input.c 2016/11/01 10:32:57 1.170 +++ src/sys/netinet6/ip6_input.c 2018/03/06 17:39:36 1.194 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.170 2016/11/01 10:32:57 ozaki-r Exp $ */ +/* $NetBSD: ip6_input.c,v 1.194 2018/03/06 17:39:36 maxv Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,20 +62,18 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.170 2016/11/01 10:32:57 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.194 2018/03/06 17:39:36 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_gateway.h" #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" -#include "opt_compat_netbsd.h" #include "opt_net_mpsafe.h" #endif #include #include -#include #include #include #include @@ -121,11 +119,6 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c, #include #endif /* IPSEC */ -#ifdef COMPAT_50 -#include -#include -#endif - #include #include "faith.h" @@ -137,10 +130,6 @@ extern struct domain inet6domain; u_char ip6_protox[IPPROTO_MAX]; pktqueue_t *ip6_pktq __read_mostly; -int ip6_forward_srcrt; /* XXX */ -int ip6_sourcecheck; /* XXX */ -int ip6_sourcecheck_interval; /* XXX */ - pfil_head_t *inet6_pfil_hook; percpu_t *ip6stat_percpu; @@ -152,7 +141,7 @@ static void ip6intr(void *); static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, - u_int32_t *); + u_int32_t *); static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); static void sysctl_net_inet6_ip6_setup(struct sysctllog **); @@ -206,17 +195,14 @@ ip6_init(void) KASSERT(inet6_pfil_hook != NULL); ip6stat_percpu = percpu_alloc(sizeof(uint64_t) * IP6_NSTATS); - ip6_forward_rt_percpu = percpu_alloc(sizeof(struct route)); - if (ip6_forward_rt_percpu == NULL) - panic("failed to alllocate ip6_forward_rt_percpu"); } static void ip6_init2(void) { - /* timer for regeneranation of temporary addresses randomize ID */ + /* timer for regeneration of temporary addresses randomize ID */ callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); callout_reset(&in6_tmpaddrtimer_ch, (ip6_temp_preferred_lifetime - ip6_desync_factor - @@ -232,9 +218,7 @@ ip6intr(void *arg __unused) { struct mbuf *m; -#ifndef NET_MPSAFE - mutex_enter(softnet_lock); -#endif + SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE(); while ((m = pktq_dequeue(ip6_pktq)) != NULL) { struct psref psref; struct ifnet *rcvif = m_get_rcvif_psref(m, &psref); @@ -254,9 +238,7 @@ ip6intr(void *arg __unused) ip6_input(m, rcvif); m_put_rcvif_psref(rcvif, &psref); } -#ifndef NET_MPSAFE - mutex_exit(softnet_lock); -#endif + SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); } void @@ -266,16 +248,18 @@ ip6_input(struct mbuf *m, struct ifnet * int hit, off = sizeof(struct ip6_hdr), nest; u_int32_t plen; u_int32_t rtalert = ~0; - int nxt, ours = 0, rh_present = 0; + int nxt, ours = 0, rh_present = 0, frg_present; struct ifnet *deliverifp = NULL; int srcrt = 0; - const struct rtentry *rt; + struct rtentry *rt = NULL; union { struct sockaddr dst; struct sockaddr_in6 dst6; } u; struct route *ro; + KASSERT(rcvif != NULL); + /* * make sure we don't have onion peering information into m_tag. */ @@ -314,7 +298,7 @@ ip6_input(struct mbuf *m, struct ifnet * */ if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { if ((m = m_copyup(m, sizeof(struct ip6_hdr), - (max_linkhdr + 3) & ~3)) == NULL) { + (max_linkhdr + 3) & ~3)) == NULL) { /* XXXJRT new stat, please */ IP6_STATINC(IP6_STAT_TOOSMALL); in6_ifstat_inc(rcvif, ifs6_in_hdrerr); @@ -337,6 +321,54 @@ ip6_input(struct mbuf *m, struct ifnet * } /* + * Check against address spoofing/corruption. + */ + if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || + IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { + /* + * XXX: "badscope" is not very suitable for a multicast source. + */ + IP6_STATINC(IP6_STAT_BADSCOPE); + in6_ifstat_inc(rcvif, ifs6_in_addrerr); + goto bad; + } + + /* + * The following check is not documented in specs. A malicious + * party may be able to use IPv4 mapped addr to confuse tcp/udp stack + * and bypass security checks (act as if it was from 127.0.0.1 by using + * IPv6 src ::ffff:127.0.0.1). Be cautious. + * + * This check chokes if we are in an SIIT cloud. As none of BSDs + * support IPv4-less kernel compilation, we cannot support SIIT + * environment at all. So, it makes more sense for us to reject any + * malicious packets for non-SIIT environment, than try to do a + * partial support for SIIT environment. + */ + if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || + IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { + IP6_STATINC(IP6_STAT_BADSCOPE); + in6_ifstat_inc(rcvif, ifs6_in_addrerr); + goto bad; + } + +#if 0 + /* + * Reject packets with IPv4 compatible addresses (auto tunnel). + * + * The code forbids auto tunnel relay case in RFC1933 (the check is + * stronger than RFC1933). We may want to re-enable it if mech-xx + * is revised to forbid relaying case. + */ + if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || + IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { + IP6_STATINC(IP6_STAT_BADSCOPE); + in6_ifstat_inc(rcvif, ifs6_in_addrerr); + goto bad; + } +#endif + + /* * Assume that we can create a fast-forward IP flow entry * based on this packet. */ @@ -385,52 +417,6 @@ ip6_input(struct mbuf *m, struct ifnet * #endif /* - * Check against address spoofing/corruption. - */ - if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || - IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { - /* - * XXX: "badscope" is not very suitable for a multicast source. - */ - IP6_STATINC(IP6_STAT_BADSCOPE); - in6_ifstat_inc(rcvif, ifs6_in_addrerr); - goto bad; - } - /* - * The following check is not documented in specs. A malicious - * party may be able to use IPv4 mapped addr to confuse tcp/udp stack - * and bypass security checks (act as if it was from 127.0.0.1 by using - * IPv6 src ::ffff:127.0.0.1). Be cautious. - * - * This check chokes if we are in an SIIT cloud. As none of BSDs - * support IPv4-less kernel compilation, we cannot support SIIT - * environment at all. So, it makes more sense for us to reject any - * malicious packets for non-SIIT environment, than try to do a - * partial support for SIIT environment. - */ - if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || - IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { - IP6_STATINC(IP6_STAT_BADSCOPE); - in6_ifstat_inc(rcvif, ifs6_in_addrerr); - goto bad; - } -#if 0 - /* - * Reject packets with IPv4 compatible addresses (auto tunnel). - * - * The code forbids auto tunnel relay case in RFC1933 (the check is - * stronger than RFC1933). We may want to re-enable it if mech-xx - * is revised to forbid relaying case. - */ - if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || - IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { - IP6_STATINC(IP6_STAT_BADSCOPE); - in6_ifstat_inc(rcvif, ifs6_in_addrerr); - goto bad; - } -#endif - - /* * Disambiguate address scope zones (if there is ambiguity). * We first make sure that the original source or destination address * is not in our internal form for scoped addresses. Such addresses @@ -438,7 +424,7 @@ ip6_input(struct mbuf *m, struct ifnet * * to the usage conflict. * in6_setscope() then also checks and rejects the cases where src or * dst are the loopback address and the receiving interface - * is not loopback. + * is not loopback. */ if (__predict_false( m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) @@ -454,27 +440,29 @@ ip6_input(struct mbuf *m, struct ifnet * goto bad; } + ro = percpu_getref(ip6_forward_rt_percpu); + /* * Multicast check */ if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { - struct in6_multi *in6m = 0; + bool ingroup; in6_ifstat_inc(rcvif, ifs6_in_mcast); /* * See if we belong to the destination multicast group on the * arrival interface. */ - IN6_LOOKUP_MULTI(ip6->ip6_dst, rcvif, in6m); - if (in6m) + ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); + if (ingroup) { ours = 1; - else if (!ip6_mrouter) { + } else if (!ip6_mrouter) { uint64_t *ip6s = IP6_STAT_GETREF(); ip6s[IP6_STAT_NOTMEMBER]++; ip6s[IP6_STAT_CANTFORWARD]++; IP6_STAT_PUTREF(); in6_ifstat_inc(rcvif, ifs6_in_discard); - goto bad; + goto bad_unref; } deliverifp = rcvif; goto hbhcheck; @@ -483,22 +471,23 @@ ip6_input(struct mbuf *m, struct ifnet * sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); /* - * Unicast check + * Unicast check */ - ro = percpu_getref(ip6_forward_rt_percpu); rt = rtcache_lookup2(ro, &u.dst, 1, &hit); - percpu_putref(ip6_forward_rt_percpu); if (hit) IP6_STATINC(IP6_STAT_FORWARD_CACHEHIT); else IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); -#define rt6_getkey(__rt) satocsin6(rt_getkey(__rt)) - /* * Accept the packet if the forwarding interface to the destination - * according to the routing table is the loopback interface, + * (according to the routing table) is the loopback interface, * unless the associated route has a gateway. + * + * We don't explicitly match ip6_dst against an interface here. It + * is already done in rtcache_lookup2: rt->rt_ifp->if_type will be + * IFT_LOOP if the packet is for us. + * * Note that this approach causes to accept a packet if there is a * route to the loopback interface for the destination of the packet. * But we think it's even useful in some situations, e.g. when using @@ -506,34 +495,48 @@ ip6_input(struct mbuf *m, struct ifnet * */ if (rt != NULL && (rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && -#if 0 - /* - * The check below is redundant since the comparison of - * the destination and the key of the rtentry has - * already done through looking up the routing table. - */ - IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) && -#endif rt->rt_ifp->if_type == IFT_LOOP) { struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; + int addrok; + if (ia6->ia6_flags & IN6_IFF_ANYCAST) m->m_flags |= M_ANYCAST6; /* * packets to a tentative, duplicated, or somehow invalid * address must not be accepted. */ - if (!(ia6->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_DETACHED))) { + if (ia6->ia6_flags & IN6_IFF_NOTREADY) + addrok = 0; + else if (ia6->ia6_flags & IN6_IFF_DETACHED && + !IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) + { + /* Allow internal traffic to DETACHED addresses */ + struct sockaddr_in6 sin6; + int s; + + memset(&sin6, 0, sizeof(sin6)); + sin6.sin6_family = AF_INET6; + sin6.sin6_len = sizeof(sin6); + sin6.sin6_addr = ip6->ip6_src; + s = pserialize_read_enter(); + addrok = (ifa_ifwithaddr(sin6tosa(&sin6)) != NULL); + pserialize_read_exit(s); + } else + addrok = 1; + if (addrok) { /* this address is ready */ ours = 1; deliverifp = ia6->ia_ifp; /* correct? */ goto hbhcheck; } else { /* address is not ready, so discard the packet. */ + char ip6bufs[INET6_ADDRSTRLEN]; + char ip6bufd[INET6_ADDRSTRLEN]; nd6log(LOG_INFO, "packet to an unready address %s->%s\n", - ip6_sprintf(&ip6->ip6_src), - ip6_sprintf(&ip6->ip6_dst)); + IN6_PRINT(ip6bufs, &ip6->ip6_src), + IN6_PRINT(ip6bufd, &ip6->ip6_dst)); - goto bad; + goto bad_unref; } } @@ -552,26 +555,6 @@ ip6_input(struct mbuf *m, struct ifnet * } #endif -#if 0 - { - /* - * Last resort: check in6_ifaddr for incoming interface. - * The code is here until I update the "goto ours hack" code above - * working right. - */ - struct ifaddr *ifa; - IFADDR_READER_FOREACH(ifa, rcvif) { - if (ifa->ifa_addr->sa_family != AF_INET6) - continue; - if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { - ours = 1; - deliverifp = ifa->ifa_ifp; - goto hbhcheck; - } - } - } -#endif - /* * Now there is no reason to process the packet if it's not our own * and we're not a router. @@ -579,13 +562,13 @@ ip6_input(struct mbuf *m, struct ifnet * if (!ip6_forwarding) { IP6_STATINC(IP6_STAT_CANTFORWARD); in6_ifstat_inc(rcvif, ifs6_in_discard); - goto bad; + goto bad_unref; } - hbhcheck: +hbhcheck: /* - * record address information into m_tag, if we don't have one yet. - * note that we are unable to record it, if the address is not listed + * Record address information into m_tag, if we don't have one yet. + * Note that we are unable to record it, if the address is not listed * as our interface address (e.g. multicast addresses, addresses * within FAITH prefixes and such). */ @@ -615,10 +598,11 @@ ip6_input(struct mbuf *m, struct ifnet * struct ip6_hbh *hbh; if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { -#if 0 /*touches NULL pointer*/ + /* m already freed */ in6_ifstat_inc(rcvif, ifs6_in_discard); -#endif - return; /* m have already been freed */ + rtcache_unref(rt, ro); + percpu_putref(ip6_forward_rt_percpu); + return; } /* adjust pointer */ @@ -641,12 +625,16 @@ ip6_input(struct mbuf *m, struct ifnet * icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER, (char *)&ip6->ip6_plen - (char *)ip6); + rtcache_unref(rt, ro); + percpu_putref(ip6_forward_rt_percpu); return; } IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); if (hbh == NULL) { IP6_STATINC(IP6_STAT_TOOSHORT); + rtcache_unref(rt, ro); + percpu_putref(ip6_forward_rt_percpu); return; } KASSERT(IP6_HDR_ALIGNED_P(hbh)); @@ -662,15 +650,14 @@ ip6_input(struct mbuf *m, struct ifnet * nxt = ip6->ip6_nxt; /* - * Check that the amount of data in the buffers - * is as at least much as the IPv6 header would have us expect. - * Trim mbufs if longer than we expect. - * Drop packet if shorter than we expect. + * Check that the amount of data in the buffers is at least much as + * the IPv6 header would have us expect. Trim mbufs if longer than we + * expect. Drop packet if shorter than we expect. */ if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { IP6_STATINC(IP6_STAT_TOOSHORT); in6_ifstat_inc(rcvif, ifs6_in_truncated); - goto bad; + goto bad_unref; } if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) { if (m->m_len == m->m_pkthdr.len) { @@ -700,13 +687,17 @@ ip6_input(struct mbuf *m, struct ifnet * SOFTNET_UNLOCK(); if (error != 0) { + rtcache_unref(rt, ro); + percpu_putref(ip6_forward_rt_percpu); IP6_STATINC(IP6_STAT_CANTFORWARD); goto bad; } } if (!ours) - goto bad; + goto bad_unref; } else if (!ours) { + rtcache_unref(rt, ro); + percpu_putref(ip6_forward_rt_percpu); ip6_forward(m, srcrt); return; } @@ -726,12 +717,9 @@ ip6_input(struct mbuf *m, struct ifnet * IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { IP6_STATINC(IP6_STAT_BADSCOPE); in6_ifstat_inc(rcvif, ifs6_in_addrerr); - goto bad; + goto bad_unref; } - /* - * Tell launch routine the next header - */ #ifdef IFA_STATS if (deliverifp != NULL) { struct in6_ifaddr *ia6; @@ -746,7 +734,14 @@ ip6_input(struct mbuf *m, struct ifnet * in6_ifstat_inc(deliverifp, ifs6_in_deliver); nest = 0; + if (rt != NULL) { + rtcache_unref(rt, ro); + rt = NULL; + } + percpu_putref(ip6_forward_rt_percpu); + rh_present = 0; + frg_present = 0; while (nxt != IPPROTO_DONE) { if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { IP6_STATINC(IP6_STAT_TOOMANYHDR); @@ -770,35 +765,42 @@ ip6_input(struct mbuf *m, struct ifnet * IP6_STATINC(IP6_STAT_BADOPTIONS); goto bad; } + } else if (nxt == IPPROTO_FRAGMENT) { + if (frg_present++) { + in6_ifstat_inc(rcvif, ifs6_in_hdrerr); + IP6_STATINC(IP6_STAT_BADOPTIONS); + goto bad; + } } #ifdef IPSEC if (ipsec_used) { /* - * enforce IPsec policy checking if we are seeing last - * header. note that we do not visit this with + * Enforce IPsec policy checking if we are seeing last + * header. Note that we do not visit this with * protocols with pcb layer code - like udp/tcp/raw ip. */ if ((inet6sw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0) { int error; - SOFTNET_LOCK(); error = ipsec6_input(m); - SOFTNET_UNLOCK(); if (error) goto bad; } } -#endif /* IPSEC */ +#endif - SOFTNET_LOCK(); nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); - SOFTNET_UNLOCK(); } return; - bad: + +bad_unref: + rtcache_unref(rt, ro); + percpu_putref(ip6_forward_rt_percpu); +bad: m_freem(m); + return; } /* @@ -853,14 +855,14 @@ ip6_hopopts_input(u_int32_t *plenp, u_in /* validation of the length of the header */ IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, - sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); + sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); if (hbh == NULL) { IP6_STATINC(IP6_STAT_TOOSHORT); return -1; } hbhlen = (hbh->ip6h_len + 1) << 3; IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), - hbhlen); + hbhlen); if (hbh == NULL) { IP6_STATINC(IP6_STAT_TOOSHORT); return -1; @@ -870,12 +872,12 @@ ip6_hopopts_input(u_int32_t *plenp, u_in hbhlen -= sizeof(struct ip6_hbh); if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), - hbhlen, rtalertp, plenp) < 0) - return (-1); + hbhlen, rtalertp, plenp) < 0) + return -1; *offp = off; *mp = m; - return (0); + return 0; } /* @@ -958,7 +960,7 @@ ip6_process_hopopts(struct mbuf *m, u_in /* * We may see jumbolen in unaligned location, so - * we'd need to perform bcopy(). + * we'd need to perform memcpy(). */ memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); jumboplen = (u_int32_t)htonl(jumboplen); @@ -1067,33 +1069,15 @@ void ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, struct ip6_hdr *ip6, struct mbuf *m) { + struct socket *so = in6p->in6p_socket; #ifdef RFC2292 #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) #else #define IS2292(x, y) (y) #endif - if (in6p->in6p_socket->so_options & SO_TIMESTAMP -#ifdef SO_OTIMESTAMP - || in6p->in6p_socket->so_options & SO_OTIMESTAMP -#endif - ) { - struct timeval tv; - - microtime(&tv); -#ifdef SO_OTIMESTAMP - if (in6p->in6p_socket->so_options & SO_OTIMESTAMP) { - struct timeval50 tv50; - timeval_to_timeval50(&tv, &tv50); - *mp = sbcreatecontrol((void *) &tv50, sizeof(tv50), - SCM_OTIMESTAMP, SOL_SOCKET); - } else -#endif - *mp = sbcreatecontrol((void *) &tv, sizeof(tv), - SCM_TIMESTAMP, SOL_SOCKET); - if (*mp) - mp = &(*mp)->m_next; - } + if (SOOPT_TIMESTAMP(so->so_options)) + mp = sbsavetimestamp(so->so_options, m, mp); /* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) @@ -1106,8 +1090,7 @@ ip6_savecontrol(struct in6pcb *in6p, str memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr)); in6_clearscope(&pi6.ipi6_addr); /* XXX */ pi6.ipi6_ifindex = m->m_pkthdr.rcvif_index; - *mp = sbcreatecontrol((void *) &pi6, - sizeof(struct in6_pktinfo), + *mp = sbcreatecontrol(&pi6, sizeof(pi6), IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); if (*mp) mp = &(*mp)->m_next; @@ -1116,7 +1099,7 @@ ip6_savecontrol(struct in6pcb *in6p, str if (in6p->in6p_flags & IN6P_HOPLIMIT) { int hlim = ip6->ip6_hlim & 0xff; - *mp = sbcreatecontrol((void *) &hlim, sizeof(int), + *mp = sbcreatecontrol(&hlim, sizeof(hlim), IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); if (*mp) mp = &(*mp)->m_next; @@ -1130,7 +1113,7 @@ ip6_savecontrol(struct in6pcb *in6p, str flowinfo >>= 20; tclass = flowinfo & 0xff; - *mp = sbcreatecontrol((void *)&tclass, sizeof(tclass), + *mp = sbcreatecontrol(&tclass, sizeof(tclass), IPV6_TCLASS, IPPROTO_IPV6); if (*mp) @@ -1178,7 +1161,7 @@ ip6_savecontrol(struct in6pcb *in6p, str * be removed before returning in the RFC 2292. * Note: this constraint is removed in RFC3542. */ - *mp = sbcreatecontrol((void *)hbh, hbhlen, + *mp = sbcreatecontrol(hbh, hbhlen, IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), IPPROTO_IPV6); if (*mp) @@ -1240,7 +1223,7 @@ ip6_savecontrol(struct in6pcb *in6p, str if (!(in6p->in6p_flags & IN6P_DSTOPTS)) break; - *mp = sbcreatecontrol((void *)ip6e, elen, + *mp = sbcreatecontrol(ip6e, elen, IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), IPPROTO_IPV6); if (*mp) @@ -1251,7 +1234,7 @@ ip6_savecontrol(struct in6pcb *in6p, str if (!(in6p->in6p_flags & IN6P_RTHDR)) break; - *mp = sbcreatecontrol((void *)ip6e, elen, + *mp = sbcreatecontrol(ip6e, elen, IS2292(IPV6_2292RTHDR, IPV6_RTHDR), IPPROTO_IPV6); if (*mp) @@ -1301,10 +1284,7 @@ ip6_notify_pmtu(struct in6pcb *in6p, con if (mtu == NULL) return; -#ifdef DIAGNOSTIC - if (so == NULL) /* I believe this is impossible */ - panic("ip6_notify_pmtu: socket is NULL"); -#endif + KASSERT(so != NULL); memset(&mtuctl, 0, sizeof(mtuctl)); /* zero-clear for safety */ mtuctl.ip6m_mtu = *mtu; @@ -1312,7 +1292,7 @@ ip6_notify_pmtu(struct in6pcb *in6p, con if (sa6_recoverscope(&mtuctl.ip6m_addr)) return; - if ((m_mtu = sbcreatecontrol((void *)&mtuctl, sizeof(mtuctl), + if ((m_mtu = sbcreatecontrol(&mtuctl, sizeof(mtuctl), IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) return; @@ -1378,50 +1358,44 @@ ip6_pullexthdr(struct mbuf *m, size_t of } /* - * Get pointer to the previous header followed by the header + * Get offset to the previous header followed by the header * currently processed. - * XXX: This function supposes that - * M includes all headers, - * the next header field and the header length field of each header - * are valid, and - * the sum of each header length equals to OFF. - * Because of these assumptions, this function must be called very - * carefully. Moreover, it will not be used in the near future when - * we develop `neater' mechanism to process extension headers. */ -u_int8_t * +int ip6_get_prevhdr(struct mbuf *m, int off) { struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); - if (off == sizeof(struct ip6_hdr)) - return (&ip6->ip6_nxt); - else { - int len, nxt; - struct ip6_ext *ip6e = NULL; + if (off == sizeof(struct ip6_hdr)) { + return offsetof(struct ip6_hdr, ip6_nxt); + } else if (off < sizeof(struct ip6_hdr)) { + panic("%s: off < sizeof(struct ip6_hdr)", __func__); + } else { + int len, nlen, nxt; + struct ip6_ext ip6e; nxt = ip6->ip6_nxt; len = sizeof(struct ip6_hdr); + nlen = 0; while (len < off) { - ip6e = (struct ip6_ext *)(mtod(m, char *) + len); + m_copydata(m, len, sizeof(ip6e), &ip6e); switch (nxt) { case IPPROTO_FRAGMENT: - len += sizeof(struct ip6_frag); + nlen = sizeof(struct ip6_frag); break; case IPPROTO_AH: - len += (ip6e->ip6e_len + 2) << 2; + nlen = (ip6e.ip6e_len + 2) << 2; break; default: - len += (ip6e->ip6e_len + 1) << 3; + nlen = (ip6e.ip6e_len + 1) << 3; break; } - nxt = ip6e->ip6e_nxt; + len += nlen; + nxt = ip6e.ip6e_nxt; } - if (ip6e) - return (&ip6e->ip6e_nxt); - else - return NULL; + + return (len - nlen); } } @@ -1437,7 +1411,7 @@ ip6_nexthdr(struct mbuf *m, int off, int /* just in case */ if (m == NULL) - panic("ip6_nexthdr: m == NULL"); + panic("%s: m == NULL", __func__); if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) return -1; @@ -1592,11 +1566,6 @@ sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS static void sysctl_net_inet6_ip6_setup(struct sysctllog **clog) { -#ifdef RFC2292 -#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) -#else -#define IS2292(x, y) (y) -#endif sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT, @@ -1632,34 +1601,6 @@ sysctl_net_inet6_ip6_setup(struct sysctl NULL, 0, &ip6_defhlim, 0, CTL_NET, PF_INET6, IPPROTO_IPV6, IPV6CTL_DEFHLIM, CTL_EOL); -#ifdef notyet - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "mtu", NULL, - NULL, 0, &, 0, - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_DEFMTU, CTL_EOL); -#endif -#ifdef __no_idea__ - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "forwsrcrt", NULL, - NULL, 0, &?, 0, - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_FORWSRCRT, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_STRUCT, "mrtstats", NULL, - NULL, 0, &?, sizeof(?), - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_MRTSTATS, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_?, "mrtproto", NULL, - NULL, 0, &?, sizeof(?), - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_MRTPROTO, CTL_EOL); -#endif sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT, "maxfragpackets", @@ -1668,20 +1609,6 @@ sysctl_net_inet6_ip6_setup(struct sysctl NULL, 0, &ip6_maxfragpackets, 0, CTL_NET, PF_INET6, IPPROTO_IPV6, IPV6CTL_MAXFRAGPACKETS, CTL_EOL); -#ifdef __no_idea__ - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "sourcecheck", NULL, - NULL, 0, &?, 0, - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_SOURCECHECK, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "sourcecheck_logint", NULL, - NULL, 0, &?, 0, - CTL_NET, PF_INET6, IPPROTO_IPV6, - IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL); -#endif sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT, "accept_rtadv", @@ -1713,7 +1640,7 @@ sysctl_net_inet6_ip6_setup(struct sysctl sysctl_createv(clog, 0, NULL, NULL, CTLFLAG_PERMANENT|CTLFLAG_READWRITE, CTLTYPE_INT, "log_interval", - SYSCTL_DESCR("Minumum interval between logging " + SYSCTL_DESCR("Minimum interval between logging " "unroutable packets"), NULL, 0, &ip6_log_interval, 0, CTL_NET, PF_INET6, IPPROTO_IPV6,