| version 1.178.2.9, 2019/09/24 18:27:09 |
version 1.214, 2019/10/18 04:33:53 |
| Line 69 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| Line 69 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| #include "opt_inet.h" |
#include "opt_inet.h" |
| #include "opt_inet6.h" |
#include "opt_inet6.h" |
| #include "opt_ipsec.h" |
#include "opt_ipsec.h" |
| #include "opt_compat_netbsd.h" |
|
| #include "opt_net_mpsafe.h" |
#include "opt_net_mpsafe.h" |
| #endif |
#endif |
| |
|
| Line 120 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| Line 119 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| #include <netipsec/key.h> |
#include <netipsec/key.h> |
| #endif /* IPSEC */ |
#endif /* IPSEC */ |
| |
|
| #ifdef COMPAT_50 |
|
| #include <compat/sys/time.h> |
|
| #include <compat/sys/socket.h> |
|
| #endif |
|
| |
|
| #include <netinet6/ip6protosw.h> |
#include <netinet6/ip6protosw.h> |
| |
|
| #include "faith.h" |
#include "faith.h" |
| |
|
| #include <net/net_osdep.h> |
|
| |
|
| extern struct domain inet6domain; |
extern struct domain inet6domain; |
| |
|
| u_char ip6_protox[IPPROTO_MAX]; |
u_char ip6_protox[IPPROTO_MAX]; |
| pktqueue_t *ip6_pktq __read_mostly; |
pktqueue_t *ip6_pktq __read_mostly; |
| |
|
| int ip6_forward_srcrt; /* XXX */ |
|
| int ip6_sourcecheck; /* XXX */ |
|
| int ip6_sourcecheck_interval; /* XXX */ |
|
| |
|
| pfil_head_t *inet6_pfil_hook; |
pfil_head_t *inet6_pfil_hook; |
| |
|
| percpu_t *ip6stat_percpu; |
percpu_t *ip6stat_percpu; |
| |
|
| percpu_t *ip6_forward_rt_percpu __cacheline_aligned; |
percpu_t *ip6_forward_rt_percpu __cacheline_aligned; |
| |
|
| static void ip6_init2(void); |
|
| static void ip6intr(void *); |
static void ip6intr(void *); |
| |
static bool ip6_badaddr(struct ip6_hdr *); |
| static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
| |
|
| static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, |
static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, |
| u_int32_t *); |
u_int32_t *); |
| static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
| static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
| |
|
|
|
| frag6_init(); |
frag6_init(); |
| ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; |
ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; |
| |
|
| ip6_init2(); |
in6_tmpaddrtimer_init(); |
| #ifdef GATEWAY |
#ifdef GATEWAY |
| ip6flow_init(ip6_hashsize); |
ip6flow_init(ip6_hashsize); |
| #endif |
#endif |
|
|
| ip6_forward_rt_percpu = rtcache_percpu_alloc(); |
ip6_forward_rt_percpu = rtcache_percpu_alloc(); |
| } |
} |
| |
|
| static void |
|
| ip6_init2(void) |
|
| { |
|
| |
|
| /* timer for regeneranation of temporary addresses randomize ID */ |
|
| callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); |
|
| callout_reset(&in6_tmpaddrtimer_ch, |
|
| (ip6_temp_preferred_lifetime - ip6_desync_factor - |
|
| ip6_temp_regen_advance) * hz, |
|
| in6_tmpaddrtimer, NULL); |
|
| } |
|
| |
|
| /* |
/* |
| * IP6 input interrupt handling. Just pass the packet to ip6_input. |
* IP6 input interrupt handling. Just pass the packet to ip6_input. |
| */ |
*/ |
| Line 268 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 244 ip6_input(struct mbuf *m, struct ifnet * |
|
| } u; |
} u; |
| struct route *ro; |
struct route *ro; |
| |
|
| |
KASSERT(rcvif != NULL); |
| |
|
| /* |
/* |
| * make sure we don't have onion peering information into m_tag. |
* make sure we don't have onion peering information into m_tag. |
| */ |
*/ |
| Line 306 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 284 ip6_input(struct mbuf *m, struct ifnet * |
|
| */ |
*/ |
| if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { |
if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { |
| if ((m = m_copyup(m, sizeof(struct ip6_hdr), |
if ((m = m_copyup(m, sizeof(struct ip6_hdr), |
| (max_linkhdr + 3) & ~3)) == NULL) { |
(max_linkhdr + 3) & ~3)) == NULL) { |
| /* XXXJRT new stat, please */ |
/* XXXJRT new stat, please */ |
| IP6_STATINC(IP6_STAT_TOOSMALL); |
IP6_STATINC(IP6_STAT_TOOSMALL); |
| in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
| Line 328 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 306 ip6_input(struct mbuf *m, struct ifnet * |
|
| goto bad; |
goto bad; |
| } |
} |
| |
|
| |
if (ip6_badaddr(ip6)) { |
| |
IP6_STATINC(IP6_STAT_BADSCOPE); |
| |
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
| |
goto bad; |
| |
} |
| |
|
| /* |
/* |
| * Assume that we can create a fast-forward IP flow entry |
* Assume that we can create a fast-forward IP flow entry |
| * based on this packet. |
* based on this packet. |
| Line 340 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 324 ip6_input(struct mbuf *m, struct ifnet * |
|
| * not fast-forwarded, they must clear the M_CANFASTFWD flag. |
* not fast-forwarded, they must clear the M_CANFASTFWD flag. |
| * Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
| * in the list may have previously cleared it. |
* in the list may have previously cleared it. |
| */ |
* |
| /* |
* Don't call hooks if the packet has already been processed by |
| * let ipfilter look at packet on the wire, |
* IPsec (encapsulated, tunnel mode). |
| * not the decapsulated packet. |
|
| */ |
*/ |
| #if defined(IPSEC) |
#if defined(IPSEC) |
| if (!ipsec_used || !ipsec_indone(m)) |
if (!ipsec_used || !ipsec_skip_pfil(m)) |
| #else |
#else |
| if (1) |
if (1) |
| #endif |
#endif |
| { |
{ |
| struct in6_addr odst; |
struct in6_addr odst; |
| |
int error; |
| |
|
| odst = ip6->ip6_dst; |
odst = ip6->ip6_dst; |
| if (pfil_run_hooks(inet6_pfil_hook, &m, rcvif, PFIL_IN) != 0) |
error = pfil_run_hooks(inet6_pfil_hook, &m, rcvif, PFIL_IN); |
| return; |
if (error != 0 || m == NULL) { |
| if (m == NULL) |
IP6_STATINC(IP6_STAT_PFILDROP_IN); |
| return; |
return; |
| if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { |
} |
| |
if (m->m_len < sizeof(struct ip6_hdr)) { |
| if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { |
if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { |
| IP6_STATINC(IP6_STAT_TOOSMALL); |
IP6_STATINC(IP6_STAT_TOOSMALL); |
| in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
| Line 384 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 369 ip6_input(struct mbuf *m, struct ifnet * |
|
| #endif |
#endif |
| |
|
| /* |
/* |
| * Check against address spoofing/corruption. |
|
| */ |
|
| if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || |
|
| IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { |
|
| /* |
|
| * XXX: "badscope" is not very suitable for a multicast source. |
|
| */ |
|
| IP6_STATINC(IP6_STAT_BADSCOPE); |
|
| in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
| goto bad; |
|
| } |
|
| /* |
|
| * The following check is not documented in specs. A malicious |
|
| * party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
|
| * and bypass security checks (act as if it was from 127.0.0.1 by using |
|
| * IPv6 src ::ffff:127.0.0.1). Be cautious. |
|
| * |
|
| * This check chokes if we are in an SIIT cloud. As none of BSDs |
|
| * support IPv4-less kernel compilation, we cannot support SIIT |
|
| * environment at all. So, it makes more sense for us to reject any |
|
| * malicious packets for non-SIIT environment, than try to do a |
|
| * partial support for SIIT environment. |
|
| */ |
|
| if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
|
| IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
|
| IP6_STATINC(IP6_STAT_BADSCOPE); |
|
| in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
| goto bad; |
|
| } |
|
| #if 0 |
|
| /* |
|
| * Reject packets with IPv4 compatible addresses (auto tunnel). |
|
| * |
|
| * The code forbids auto tunnel relay case in RFC1933 (the check is |
|
| * stronger than RFC1933). We may want to re-enable it if mech-xx |
|
| * is revised to forbid relaying case. |
|
| */ |
|
| if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || |
|
| IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { |
|
| IP6_STATINC(IP6_STAT_BADSCOPE); |
|
| in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
| goto bad; |
|
| } |
|
| #endif |
|
| |
|
| /* |
|
| * Disambiguate address scope zones (if there is ambiguity). |
* Disambiguate address scope zones (if there is ambiguity). |
| * We first make sure that the original source or destination address |
* We first make sure that the original source or destination address |
| * is not in our internal form for scoped addresses. Such addresses |
* is not in our internal form for scoped addresses. Such addresses |
| Line 437 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 376 ip6_input(struct mbuf *m, struct ifnet * |
|
| * to the usage conflict. |
* to the usage conflict. |
| * in6_setscope() then also checks and rejects the cases where src or |
* in6_setscope() then also checks and rejects the cases where src or |
| * dst are the loopback address and the receiving interface |
* dst are the loopback address and the receiving interface |
| * is not loopback. |
* is not loopback. |
| */ |
*/ |
| if (__predict_false( |
if (__predict_false( |
| m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) |
m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) |
| Line 454 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 393 ip6_input(struct mbuf *m, struct ifnet * |
|
| } |
} |
| |
|
| ro = rtcache_percpu_getref(ip6_forward_rt_percpu); |
ro = rtcache_percpu_getref(ip6_forward_rt_percpu); |
| |
|
| /* |
/* |
| * Multicast check |
* Multicast check |
| */ |
*/ |
| Line 466 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 406 ip6_input(struct mbuf *m, struct ifnet * |
|
| * arrival interface. |
* arrival interface. |
| */ |
*/ |
| ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); |
ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); |
| if (ingroup) |
if (ingroup) { |
| ours = 1; |
ours = 1; |
| else if (!ip6_mrouter) { |
} else if (!ip6_mrouter) { |
| uint64_t *ip6s = IP6_STAT_GETREF(); |
uint64_t *ip6s = IP6_STAT_GETREF(); |
| ip6s[IP6_STAT_NOTMEMBER]++; |
ip6s[IP6_STAT_NOTMEMBER]++; |
| ip6s[IP6_STAT_CANTFORWARD]++; |
ip6s[IP6_STAT_CANTFORWARD]++; |
| Line 483 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 423 ip6_input(struct mbuf *m, struct ifnet * |
|
| sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); |
sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); |
| |
|
| /* |
/* |
| * Unicast check |
* Unicast check |
| */ |
*/ |
| rt = rtcache_lookup2(ro, &u.dst, 1, &hit); |
rt = rtcache_lookup2(ro, &u.dst, 1, &hit); |
| if (hit) |
if (hit) |
| Line 491 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 431 ip6_input(struct mbuf *m, struct ifnet * |
|
| else |
else |
| IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); |
IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); |
| |
|
| #define rt6_getkey(__rt) satocsin6(rt_getkey(__rt)) |
|
| |
|
| /* |
/* |
| * Accept the packet if the forwarding interface to the destination |
* Accept the packet if the forwarding interface to the destination |
| * according to the routing table is the loopback interface, |
* (according to the routing table) is the loopback interface, |
| * unless the associated route has a gateway. |
* unless the associated route has a gateway. |
| |
* |
| |
* We don't explicitly match ip6_dst against an interface here. It |
| |
* is already done in rtcache_lookup2: rt->rt_ifp->if_type will be |
| |
* IFT_LOOP if the packet is for us. |
| |
* |
| * Note that this approach causes to accept a packet if there is a |
* Note that this approach causes to accept a packet if there is a |
| * route to the loopback interface for the destination of the packet. |
* route to the loopback interface for the destination of the packet. |
| * But we think it's even useful in some situations, e.g. when using |
* But we think it's even useful in some situations, e.g. when using |
| Line 504 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 447 ip6_input(struct mbuf *m, struct ifnet * |
|
| */ |
*/ |
| if (rt != NULL && |
if (rt != NULL && |
| (rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && |
(rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && |
| #if 0 |
|
| /* |
|
| * The check below is redundant since the comparison of |
|
| * the destination and the key of the rtentry has |
|
| * already done through looking up the routing table. |
|
| */ |
|
| IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) && |
|
| #endif |
|
| rt->rt_ifp->if_type == IFT_LOOP) { |
rt->rt_ifp->if_type == IFT_LOOP) { |
| struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; |
struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; |
| int addrok; |
int addrok; |
| Line 572 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 507 ip6_input(struct mbuf *m, struct ifnet * |
|
| } |
} |
| #endif |
#endif |
| |
|
| #if 0 |
|
| { |
|
| /* |
|
| * Last resort: check in6_ifaddr for incoming interface. |
|
| * The code is here until I update the "goto ours hack" code above |
|
| * working right. |
|
| */ |
|
| struct ifaddr *ifa; |
|
| IFADDR_READER_FOREACH(ifa, rcvif) { |
|
| if (ifa->ifa_addr->sa_family != AF_INET6) |
|
| continue; |
|
| if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { |
|
| ours = 1; |
|
| deliverifp = ifa->ifa_ifp; |
|
| goto hbhcheck; |
|
| } |
|
| } |
|
| } |
|
| #endif |
|
| |
|
| /* |
/* |
| * Now there is no reason to process the packet if it's not our own |
* Now there is no reason to process the packet if it's not our own |
| * and we're not a router. |
* and we're not a router. |
| Line 602 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 517 ip6_input(struct mbuf *m, struct ifnet * |
|
| goto bad_unref; |
goto bad_unref; |
| } |
} |
| |
|
| hbhcheck: |
hbhcheck: |
| /* |
/* |
| * record address information into m_tag, if we don't have one yet. |
* Record address information into m_tag, if we don't have one yet. |
| * note that we are unable to record it, if the address is not listed |
* Note that we are unable to record it, if the address is not listed |
| * as our interface address (e.g. multicast addresses, addresses |
* as our interface address (e.g. multicast addresses, addresses |
| * within FAITH prefixes and such). |
* within FAITH prefixes and such). |
| */ |
*/ |
| Line 635 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 550 ip6_input(struct mbuf *m, struct ifnet * |
|
| struct ip6_hbh *hbh; |
struct ip6_hbh *hbh; |
| |
|
| if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { |
if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { |
| #if 0 /*touches NULL pointer*/ |
/* m already freed */ |
| in6_ifstat_inc(rcvif, ifs6_in_discard); |
in6_ifstat_inc(rcvif, ifs6_in_discard); |
| #endif |
|
| rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
| rtcache_percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
| return; /* m have already been freed */ |
return; |
| } |
} |
| |
|
| /* adjust pointer */ |
/* adjust pointer */ |
| Line 688 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 602 ip6_input(struct mbuf *m, struct ifnet * |
|
| nxt = ip6->ip6_nxt; |
nxt = ip6->ip6_nxt; |
| |
|
| /* |
/* |
| * Check that the amount of data in the buffers |
* Check that the amount of data in the buffers is at least much as |
| * is as at least much as the IPv6 header would have us expect. |
* the IPv6 header would have us expect. Trim mbufs if longer than we |
| * Trim mbufs if longer than we expect. |
* expect. Drop packet if shorter than we expect. |
| * Drop packet if shorter than we expect. |
|
| */ |
*/ |
| if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { |
if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { |
| IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
| Line 759 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 672 ip6_input(struct mbuf *m, struct ifnet * |
|
| goto bad_unref; |
goto bad_unref; |
| } |
} |
| |
|
| /* |
|
| * Tell launch routine the next header |
|
| */ |
|
| #ifdef IFA_STATS |
#ifdef IFA_STATS |
| if (deliverifp != NULL) { |
if (deliverifp != NULL) { |
| struct in6_ifaddr *ia6; |
struct in6_ifaddr *ia6; |
| Line 791 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 701 ip6_input(struct mbuf *m, struct ifnet * |
|
| goto bad; |
goto bad; |
| } |
} |
| |
|
| |
M_VERIFY_PACKET(m); |
| |
|
| /* |
/* |
| * protection against faulty packet - there should be |
* protection against faulty packet - there should be |
| * more sanity checks in header chain processing. |
* more sanity checks in header chain processing. |
| Line 818 ip6_input(struct mbuf *m, struct ifnet * |
|
| Line 730 ip6_input(struct mbuf *m, struct ifnet * |
|
| #ifdef IPSEC |
#ifdef IPSEC |
| if (ipsec_used) { |
if (ipsec_used) { |
| /* |
/* |
| * enforce IPsec policy checking if we are seeing last |
* Enforce IPsec policy checking if we are seeing last |
| * header. note that we do not visit this with |
* header. Note that we do not visit this with |
| * protocols with pcb layer code - like udp/tcp/raw ip. |
* protocols with pcb layer code - like udp/tcp/raw ip. |
| */ |
*/ |
| if ((inet6sw[ip_protox[nxt]].pr_flags |
if ((inet6sw[ip6_protox[nxt]].pr_flags |
| & PR_LASTHDR) != 0) { |
& PR_LASTHDR) != 0) { |
| int error; |
int error; |
| |
|
| error = ipsec6_input(m); |
error = ipsec_ip_input(m, false); |
| if (error) |
if (error) |
| goto bad; |
goto bad; |
| } |
} |
| } |
} |
| #endif /* IPSEC */ |
#endif |
| |
|
| nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
| } |
} |
| return; |
return; |
| |
|
| bad_unref: |
bad_unref: |
| rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
| rtcache_percpu_putref(ip6_forward_rt_percpu); |
rtcache_percpu_putref(ip6_forward_rt_percpu); |
| bad: |
bad: |
| m_freem(m); |
m_freem(m); |
| return; |
return; |
| } |
} |
| |
|
| |
static bool |
| |
ip6_badaddr(struct ip6_hdr *ip6) |
| |
{ |
| |
/* Check against address spoofing/corruption. */ |
| |
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || |
| |
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { |
| |
return true; |
| |
} |
| |
|
| |
/* |
| |
* The following check is not documented in specs. A malicious |
| |
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
| |
* and bypass security checks (act as if it was from 127.0.0.1 by using |
| |
* IPv6 src ::ffff:127.0.0.1). Be cautious. |
| |
* |
| |
* This check chokes if we are in an SIIT cloud. As none of BSDs |
| |
* support IPv4-less kernel compilation, we cannot support SIIT |
| |
* environment at all. So, it makes more sense for us to reject any |
| |
* malicious packets for non-SIIT environment, than try to do a |
| |
* partial support for SIIT environment. |
| |
*/ |
| |
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
| |
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
| |
return true; |
| |
} |
| |
|
| |
/* |
| |
* Reject packets with IPv4-compatible IPv6 addresses (RFC4291). |
| |
*/ |
| |
if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || |
| |
IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { |
| |
return true; |
| |
} |
| |
|
| |
return false; |
| |
} |
| |
|
| /* |
/* |
| * set/grab in6_ifaddr correspond to IPv6 destination address. |
* set/grab in6_ifaddr correspond to IPv6 destination address. |
| */ |
*/ |
| Line 897 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| Line 846 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| |
|
| /* validation of the length of the header */ |
/* validation of the length of the header */ |
| IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, |
| sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); |
sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); |
| if (hbh == NULL) { |
if (hbh == NULL) { |
| IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
| return -1; |
return -1; |
| } |
} |
| hbhlen = (hbh->ip6h_len + 1) << 3; |
hbhlen = (hbh->ip6h_len + 1) << 3; |
| IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
| hbhlen); |
hbhlen); |
| if (hbh == NULL) { |
if (hbh == NULL) { |
| IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
| return -1; |
return -1; |
| Line 914 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| Line 863 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
| hbhlen -= sizeof(struct ip6_hbh); |
hbhlen -= sizeof(struct ip6_hbh); |
| |
|
| if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), |
if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), |
| hbhlen, rtalertp, plenp) < 0) |
hbhlen, rtalertp, plenp) < 0) |
| return (-1); |
return -1; |
| |
|
| *offp = off; |
*offp = off; |
| *mp = m; |
*mp = m; |
| return (0); |
return 0; |
| } |
} |
| |
|
| /* |
/* |
| Line 1002 ip6_process_hopopts(struct mbuf *m, u_in |
|
| Line 951 ip6_process_hopopts(struct mbuf *m, u_in |
|
| |
|
| /* |
/* |
| * We may see jumbolen in unaligned location, so |
* We may see jumbolen in unaligned location, so |
| * we'd need to perform bcopy(). |
* we'd need to perform memcpy(). |
| */ |
*/ |
| memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); |
memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); |
| jumboplen = (u_int32_t)htonl(jumboplen); |
jumboplen = (u_int32_t)htonl(jumboplen); |
| Line 1096 ip6_unknown_opt(u_int8_t *optp, struct m |
|
| Line 1045 ip6_unknown_opt(u_int8_t *optp, struct m |
|
| return (-1); |
return (-1); |
| } |
} |
| |
|
| /* |
|
| * Create the "control" list for this pcb. |
|
| * |
|
| * The routine will be called from upper layer handlers like tcp6_input(). |
|
| * Thus the routine assumes that the caller (tcp6_input) have already |
|
| * called IP6_EXTHDR_CHECK() and all the extension headers are located in the |
|
| * very first mbuf on the mbuf chain. |
|
| * We may want to add some infinite loop prevention or sanity checks for safety. |
|
| * (This applies only when you are using KAME mbuf chain restriction, i.e. |
|
| * you are using IP6_EXTHDR_CHECK() not m_pulldown()) |
|
| */ |
|
| void |
void |
| ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, |
ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, |
| struct ip6_hdr *ip6, struct mbuf *m) |
struct ip6_hdr *ip6, struct mbuf *m) |
| { |
{ |
| |
struct socket *so = in6p->in6p_socket; |
| #ifdef RFC2292 |
#ifdef RFC2292 |
| #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
| #else |
#else |
| #define IS2292(x, y) (y) |
#define IS2292(x, y) (y) |
| #endif |
#endif |
| |
|
| if (in6p->in6p_socket->so_options & SO_TIMESTAMP |
if (SOOPT_TIMESTAMP(so->so_options)) |
| #ifdef SO_OTIMESTAMP |
mp = sbsavetimestamp(so->so_options, mp); |
| || in6p->in6p_socket->so_options & SO_OTIMESTAMP |
|
| #endif |
|
| ) { |
|
| struct timeval tv; |
|
| |
|
| microtime(&tv); |
|
| #ifdef SO_OTIMESTAMP |
|
| if (in6p->in6p_socket->so_options & SO_OTIMESTAMP) { |
|
| struct timeval50 tv50; |
|
| timeval_to_timeval50(&tv, &tv50); |
|
| *mp = sbcreatecontrol((void *) &tv50, sizeof(tv50), |
|
| SCM_OTIMESTAMP, SOL_SOCKET); |
|
| } else |
|
| #endif |
|
| *mp = sbcreatecontrol((void *) &tv, sizeof(tv), |
|
| SCM_TIMESTAMP, SOL_SOCKET); |
|
| if (*mp) |
|
| mp = &(*mp)->m_next; |
|
| } |
|
| |
|
| /* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ |
/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ |
| if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) |
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) |
| Line 1150 ip6_savecontrol(struct in6pcb *in6p, str |
|
| Line 1070 ip6_savecontrol(struct in6pcb *in6p, str |
|
| memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr)); |
memcpy(&pi6.ipi6_addr, &ip6->ip6_dst, sizeof(struct in6_addr)); |
| in6_clearscope(&pi6.ipi6_addr); /* XXX */ |
in6_clearscope(&pi6.ipi6_addr); /* XXX */ |
| pi6.ipi6_ifindex = m->m_pkthdr.rcvif_index; |
pi6.ipi6_ifindex = m->m_pkthdr.rcvif_index; |
| *mp = sbcreatecontrol((void *) &pi6, |
*mp = sbcreatecontrol(&pi6, sizeof(pi6), |
| sizeof(struct in6_pktinfo), |
|
| IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); |
IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); |
| if (*mp) |
if (*mp) |
| mp = &(*mp)->m_next; |
mp = &(*mp)->m_next; |
| Line 1160 ip6_savecontrol(struct in6pcb *in6p, str |
|
| Line 1079 ip6_savecontrol(struct in6pcb *in6p, str |
|
| if (in6p->in6p_flags & IN6P_HOPLIMIT) { |
if (in6p->in6p_flags & IN6P_HOPLIMIT) { |
| int hlim = ip6->ip6_hlim & 0xff; |
int hlim = ip6->ip6_hlim & 0xff; |
| |
|
| *mp = sbcreatecontrol((void *) &hlim, sizeof(int), |
*mp = sbcreatecontrol(&hlim, sizeof(hlim), |
| IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); |
IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); |
| if (*mp) |
if (*mp) |
| mp = &(*mp)->m_next; |
mp = &(*mp)->m_next; |
| Line 1174 ip6_savecontrol(struct in6pcb *in6p, str |
|
| Line 1093 ip6_savecontrol(struct in6pcb *in6p, str |
|
| flowinfo >>= 20; |
flowinfo >>= 20; |
| |
|
| tclass = flowinfo & 0xff; |
tclass = flowinfo & 0xff; |
| *mp = sbcreatecontrol((void *)&tclass, sizeof(tclass), |
*mp = sbcreatecontrol(&tclass, sizeof(tclass), |
| IPV6_TCLASS, IPPROTO_IPV6); |
IPV6_TCLASS, IPPROTO_IPV6); |
| |
|
| if (*mp) |
if (*mp) |
| Line 1222 ip6_savecontrol(struct in6pcb *in6p, str |
|
| Line 1141 ip6_savecontrol(struct in6pcb *in6p, str |
|
| * be removed before returning in the RFC 2292. |
* be removed before returning in the RFC 2292. |
| * Note: this constraint is removed in RFC3542. |
* Note: this constraint is removed in RFC3542. |
| */ |
*/ |
| *mp = sbcreatecontrol((void *)hbh, hbhlen, |
*mp = sbcreatecontrol(hbh, hbhlen, |
| IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), |
IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), |
| IPPROTO_IPV6); |
IPPROTO_IPV6); |
| if (*mp) |
if (*mp) |
| Line 1284 ip6_savecontrol(struct in6pcb *in6p, str |
|
| Line 1203 ip6_savecontrol(struct in6pcb *in6p, str |
|
| if (!(in6p->in6p_flags & IN6P_DSTOPTS)) |
if (!(in6p->in6p_flags & IN6P_DSTOPTS)) |
| break; |
break; |
| |
|
| *mp = sbcreatecontrol((void *)ip6e, elen, |
*mp = sbcreatecontrol(ip6e, elen, |
| IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), |
IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), |
| IPPROTO_IPV6); |
IPPROTO_IPV6); |
| if (*mp) |
if (*mp) |
| Line 1295 ip6_savecontrol(struct in6pcb *in6p, str |
|
| Line 1214 ip6_savecontrol(struct in6pcb *in6p, str |
|
| if (!(in6p->in6p_flags & IN6P_RTHDR)) |
if (!(in6p->in6p_flags & IN6P_RTHDR)) |
| break; |
break; |
| |
|
| *mp = sbcreatecontrol((void *)ip6e, elen, |
*mp = sbcreatecontrol(ip6e, elen, |
| IS2292(IPV6_2292RTHDR, IPV6_RTHDR), |
IS2292(IPV6_2292RTHDR, IPV6_RTHDR), |
| IPPROTO_IPV6); |
IPPROTO_IPV6); |
| if (*mp) |
if (*mp) |
| Line 1353 ip6_notify_pmtu(struct in6pcb *in6p, con |
|
| Line 1272 ip6_notify_pmtu(struct in6pcb *in6p, con |
|
| if (sa6_recoverscope(&mtuctl.ip6m_addr)) |
if (sa6_recoverscope(&mtuctl.ip6m_addr)) |
| return; |
return; |
| |
|
| if ((m_mtu = sbcreatecontrol((void *)&mtuctl, sizeof(mtuctl), |
if ((m_mtu = sbcreatecontrol(&mtuctl, sizeof(mtuctl), |
| IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) |
IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) |
| return; |
return; |
| |
|
| Line 1378 ip6_pullexthdr(struct mbuf *m, size_t of |
|
| Line 1297 ip6_pullexthdr(struct mbuf *m, size_t of |
|
| size_t elen; |
size_t elen; |
| struct mbuf *n; |
struct mbuf *n; |
| |
|
| #ifdef DIAGNOSTIC |
|
| switch (nxt) { |
|
| case IPPROTO_DSTOPTS: |
|
| case IPPROTO_ROUTING: |
|
| case IPPROTO_HOPOPTS: |
|
| case IPPROTO_AH: /* is it possible? */ |
|
| break; |
|
| default: |
|
| printf("ip6_pullexthdr: invalid nxt=%d\n", nxt); |
|
| } |
|
| #endif |
|
| |
|
| m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); |
m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); |
| if (nxt == IPPROTO_AH) |
if (nxt == IPPROTO_AH) |
| elen = (ip6e.ip6e_len + 2) << 2; |
elen = (ip6e.ip6e_len + 2) << 2; |
| Line 1472 ip6_nexthdr(struct mbuf *m, int off, int |
|
| Line 1379 ip6_nexthdr(struct mbuf *m, int off, int |
|
| |
|
| /* just in case */ |
/* just in case */ |
| if (m == NULL) |
if (m == NULL) |
| panic("ip6_nexthdr: m == NULL"); |
panic("%s: m == NULL", __func__); |
| if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) |
if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) |
| return -1; |
return -1; |
| |
|
| Line 1571 ip6_addaux(struct mbuf *m) |
|
| Line 1478 ip6_addaux(struct mbuf *m) |
|
| { |
{ |
| struct m_tag *mtag; |
struct m_tag *mtag; |
| |
|
| mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); |
mtag = m_tag_find(m, PACKET_TAG_INET6); |
| if (!mtag) { |
if (!mtag) { |
| mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), |
mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), |
| M_NOWAIT); |
M_NOWAIT); |
| Line 1588 ip6_findaux(struct mbuf *m) |
|
| Line 1495 ip6_findaux(struct mbuf *m) |
|
| { |
{ |
| struct m_tag *mtag; |
struct m_tag *mtag; |
| |
|
| mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); |
mtag = m_tag_find(m, PACKET_TAG_INET6); |
| return mtag; |
return mtag; |
| } |
} |
| |
|
| Line 1597 ip6_delaux(struct mbuf *m) |
|
| Line 1504 ip6_delaux(struct mbuf *m) |
|
| { |
{ |
| struct m_tag *mtag; |
struct m_tag *mtag; |
| |
|
| mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); |
mtag = m_tag_find(m, PACKET_TAG_INET6); |
| if (mtag) |
if (mtag) |
| m_tag_delete(m, mtag); |
m_tag_delete(m, mtag); |
| } |
} |
| Line 1624 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
| Line 1531 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
| return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); |
return (NETSTAT_SYSCTL(ip6stat_percpu, IP6_NSTATS)); |
| } |
} |
| |
|
| |
static int |
| |
sysctl_net_inet6_ip6_temppltime(SYSCTLFN_ARGS) |
| |
{ |
| |
int error; |
| |
uint32_t pltime; |
| |
struct sysctlnode node; |
| |
|
| |
node = *rnode; |
| |
node.sysctl_data = &pltime; |
| |
pltime = ip6_temp_preferred_lifetime; |
| |
error = sysctl_lookup(SYSCTLFN_CALL(&node)); |
| |
if (error || newp == NULL) |
| |
return error; |
| |
|
| |
if (pltime <= (MAX_TEMP_DESYNC_FACTOR + TEMPADDR_REGEN_ADVANCE)) |
| |
return EINVAL; |
| |
|
| |
ip6_temp_preferred_lifetime = pltime; |
| |
|
| |
in6_tmpaddrtimer_schedule(); |
| |
|
| |
return 0; |
| |
} |
| |
|
| static void |
static void |
| sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
| { |
{ |
| #ifdef RFC2292 |
|
| #define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
|
| #else |
|
| #define IS2292(x, y) (y) |
|
| #endif |
|
| |
|
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT, |
CTLFLAG_PERMANENT, |
| Line 1667 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1593 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| NULL, 0, &ip6_defhlim, 0, |
NULL, 0, &ip6_defhlim, 0, |
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| IPV6CTL_DEFHLIM, CTL_EOL); |
IPV6CTL_DEFHLIM, CTL_EOL); |
| #ifdef notyet |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "mtu", NULL, |
|
| NULL, 0, &, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_DEFMTU, CTL_EOL); |
|
| #endif |
|
| #ifdef __no_idea__ |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "forwsrcrt", NULL, |
|
| NULL, 0, &?, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_FORWSRCRT, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_STRUCT, "mrtstats", NULL, |
|
| NULL, 0, &?, sizeof(?), |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_MRTSTATS, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_?, "mrtproto", NULL, |
|
| NULL, 0, &?, sizeof(?), |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_MRTPROTO, CTL_EOL); |
|
| #endif |
|
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| CTLTYPE_INT, "maxfragpackets", |
CTLTYPE_INT, "maxfragpackets", |
| Line 1703 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1601 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| NULL, 0, &ip6_maxfragpackets, 0, |
NULL, 0, &ip6_maxfragpackets, 0, |
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| IPV6CTL_MAXFRAGPACKETS, CTL_EOL); |
IPV6CTL_MAXFRAGPACKETS, CTL_EOL); |
| #ifdef __no_idea__ |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "sourcecheck", NULL, |
|
| NULL, 0, &?, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_SOURCECHECK, CTL_EOL); |
|
| sysctl_createv(clog, 0, NULL, NULL, |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
| CTLTYPE_INT, "sourcecheck_logint", NULL, |
|
| NULL, 0, &?, 0, |
|
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
| IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL); |
|
| #endif |
|
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| CTLTYPE_INT, "accept_rtadv", |
CTLTYPE_INT, "accept_rtadv", |
| Line 1748 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1632 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| CTLTYPE_INT, "log_interval", |
CTLTYPE_INT, "log_interval", |
| SYSCTL_DESCR("Minumum interval between logging " |
SYSCTL_DESCR("Minimum interval between logging " |
| "unroutable packets"), |
"unroutable packets"), |
| NULL, 0, &ip6_log_interval, 0, |
NULL, 0, &ip6_log_interval, 0, |
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| Line 1882 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| Line 1766 sysctl_net_inet6_ip6_setup(struct sysctl |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| CTLTYPE_INT, "temppltime", |
CTLTYPE_INT, "temppltime", |
| SYSCTL_DESCR("preferred lifetime of a temporary address"), |
SYSCTL_DESCR("preferred lifetime of a temporary address"), |
| NULL, 0, &ip6_temp_preferred_lifetime, 0, |
sysctl_net_inet6_ip6_temppltime, 0, NULL, 0, |
| CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
| CTL_CREATE, CTL_EOL); |
CTL_CREATE, CTL_EOL); |
| sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip6_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet6