version 1.180, 2017/07/06 17:14:35 |
version 1.193.2.5, 2018/05/21 04:36:16 |
Line 123 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 123 __KERNEL_RCSID(0, "$NetBSD$"); |
|
|
|
#include "faith.h" |
#include "faith.h" |
|
|
#include <net/net_osdep.h> |
|
|
|
extern struct domain inet6domain; |
extern struct domain inet6domain; |
|
|
u_char ip6_protox[IPPROTO_MAX]; |
u_char ip6_protox[IPPROTO_MAX]; |
pktqueue_t *ip6_pktq __read_mostly; |
pktqueue_t *ip6_pktq __read_mostly; |
|
|
int ip6_forward_srcrt; /* XXX */ |
|
int ip6_sourcecheck; /* XXX */ |
|
int ip6_sourcecheck_interval; /* XXX */ |
|
|
|
pfil_head_t *inet6_pfil_hook; |
pfil_head_t *inet6_pfil_hook; |
|
|
percpu_t *ip6stat_percpu; |
percpu_t *ip6stat_percpu; |
Line 142 percpu_t *ip6_forward_rt_percpu __cachel |
|
Line 136 percpu_t *ip6_forward_rt_percpu __cachel |
|
|
|
static void ip6_init2(void); |
static void ip6_init2(void); |
static void ip6intr(void *); |
static void ip6intr(void *); |
|
static bool ip6_badaddr(struct ip6_hdr *); |
static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
|
|
static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, |
static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, |
u_int32_t *); |
u_int32_t *); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
|
|
|
|
ip6_init2(void) |
ip6_init2(void) |
{ |
{ |
|
|
/* timer for regeneranation of temporary addresses randomize ID */ |
/* timer for regeneration of temporary addresses randomize ID */ |
callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); |
callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); |
callout_reset(&in6_tmpaddrtimer_ch, |
callout_reset(&in6_tmpaddrtimer_ch, |
(ip6_temp_preferred_lifetime - ip6_desync_factor - |
(ip6_temp_preferred_lifetime - ip6_desync_factor - |
Line 222 ip6intr(void *arg __unused) |
|
Line 217 ip6intr(void *arg __unused) |
|
{ |
{ |
struct mbuf *m; |
struct mbuf *m; |
|
|
#ifndef NET_MPSAFE |
SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE(); |
mutex_enter(softnet_lock); |
|
#endif |
|
while ((m = pktq_dequeue(ip6_pktq)) != NULL) { |
while ((m = pktq_dequeue(ip6_pktq)) != NULL) { |
struct psref psref; |
struct psref psref; |
struct ifnet *rcvif = m_get_rcvif_psref(m, &psref); |
struct ifnet *rcvif = m_get_rcvif_psref(m, &psref); |
Line 244 ip6intr(void *arg __unused) |
|
Line 237 ip6intr(void *arg __unused) |
|
ip6_input(m, rcvif); |
ip6_input(m, rcvif); |
m_put_rcvif_psref(rcvif, &psref); |
m_put_rcvif_psref(rcvif, &psref); |
} |
} |
#ifndef NET_MPSAFE |
SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); |
mutex_exit(softnet_lock); |
|
#endif |
|
} |
} |
|
|
void |
void |
Line 256 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 247 ip6_input(struct mbuf *m, struct ifnet * |
|
int hit, off = sizeof(struct ip6_hdr), nest; |
int hit, off = sizeof(struct ip6_hdr), nest; |
u_int32_t plen; |
u_int32_t plen; |
u_int32_t rtalert = ~0; |
u_int32_t rtalert = ~0; |
int nxt, ours = 0, rh_present = 0; |
int nxt, ours = 0, rh_present = 0, frg_present; |
struct ifnet *deliverifp = NULL; |
struct ifnet *deliverifp = NULL; |
int srcrt = 0; |
int srcrt = 0; |
struct rtentry *rt = NULL; |
struct rtentry *rt = NULL; |
Line 266 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 257 ip6_input(struct mbuf *m, struct ifnet * |
|
} u; |
} u; |
struct route *ro; |
struct route *ro; |
|
|
|
KASSERT(rcvif != NULL); |
|
|
/* |
/* |
* make sure we don't have onion peering information into m_tag. |
* make sure we don't have onion peering information into m_tag. |
*/ |
*/ |
Line 304 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 297 ip6_input(struct mbuf *m, struct ifnet * |
|
*/ |
*/ |
if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { |
if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { |
if ((m = m_copyup(m, sizeof(struct ip6_hdr), |
if ((m = m_copyup(m, sizeof(struct ip6_hdr), |
(max_linkhdr + 3) & ~3)) == NULL) { |
(max_linkhdr + 3) & ~3)) == NULL) { |
/* XXXJRT new stat, please */ |
/* XXXJRT new stat, please */ |
IP6_STATINC(IP6_STAT_TOOSMALL); |
IP6_STATINC(IP6_STAT_TOOSMALL); |
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
Line 326 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 319 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad; |
goto bad; |
} |
} |
|
|
|
if (ip6_badaddr(ip6)) { |
|
IP6_STATINC(IP6_STAT_BADSCOPE); |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
|
/* |
/* |
* Assume that we can create a fast-forward IP flow entry |
* Assume that we can create a fast-forward IP flow entry |
* based on this packet. |
* based on this packet. |
Line 338 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 337 ip6_input(struct mbuf *m, struct ifnet * |
|
* not fast-forwarded, they must clear the M_CANFASTFWD flag. |
* not fast-forwarded, they must clear the M_CANFASTFWD flag. |
* Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
* in the list may have previously cleared it. |
* in the list may have previously cleared it. |
*/ |
* |
/* |
* Don't call hooks if the packet has already been processed by |
* let ipfilter look at packet on the wire, |
* IPsec (encapsulated, tunnel mode). |
* not the decapsulated packet. |
|
*/ |
*/ |
#if defined(IPSEC) |
#if defined(IPSEC) |
if (!ipsec_used || !ipsec_indone(m)) |
if (!ipsec_used || !ipsec_indone(m)) |
Line 356 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 354 ip6_input(struct mbuf *m, struct ifnet * |
|
return; |
return; |
if (m == NULL) |
if (m == NULL) |
return; |
return; |
|
KASSERT(m->m_len >= sizeof(struct ip6_hdr)); |
ip6 = mtod(m, struct ip6_hdr *); |
ip6 = mtod(m, struct ip6_hdr *); |
srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); |
srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); |
} |
} |
Line 375 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 374 ip6_input(struct mbuf *m, struct ifnet * |
|
#endif |
#endif |
|
|
/* |
/* |
* Check against address spoofing/corruption. |
|
*/ |
|
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || |
|
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { |
|
/* |
|
* XXX: "badscope" is not very suitable for a multicast source. |
|
*/ |
|
IP6_STATINC(IP6_STAT_BADSCOPE); |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
/* |
|
* The following check is not documented in specs. A malicious |
|
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
|
* and bypass security checks (act as if it was from 127.0.0.1 by using |
|
* IPv6 src ::ffff:127.0.0.1). Be cautious. |
|
* |
|
* This check chokes if we are in an SIIT cloud. As none of BSDs |
|
* support IPv4-less kernel compilation, we cannot support SIIT |
|
* environment at all. So, it makes more sense for us to reject any |
|
* malicious packets for non-SIIT environment, than try to do a |
|
* partial support for SIIT environment. |
|
*/ |
|
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
|
IP6_STATINC(IP6_STAT_BADSCOPE); |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
#if 0 |
|
/* |
|
* Reject packets with IPv4 compatible addresses (auto tunnel). |
|
* |
|
* The code forbids auto tunnel relay case in RFC1933 (the check is |
|
* stronger than RFC1933). We may want to re-enable it if mech-xx |
|
* is revised to forbid relaying case. |
|
*/ |
|
if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { |
|
IP6_STATINC(IP6_STAT_BADSCOPE); |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
#endif |
|
|
|
/* |
|
* Disambiguate address scope zones (if there is ambiguity). |
* Disambiguate address scope zones (if there is ambiguity). |
* We first make sure that the original source or destination address |
* We first make sure that the original source or destination address |
* is not in our internal form for scoped addresses. Such addresses |
* is not in our internal form for scoped addresses. Such addresses |
Line 428 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 381 ip6_input(struct mbuf *m, struct ifnet * |
|
* to the usage conflict. |
* to the usage conflict. |
* in6_setscope() then also checks and rejects the cases where src or |
* in6_setscope() then also checks and rejects the cases where src or |
* dst are the loopback address and the receiving interface |
* dst are the loopback address and the receiving interface |
* is not loopback. |
* is not loopback. |
*/ |
*/ |
if (__predict_false( |
if (__predict_false( |
m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) |
m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) |
Line 445 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 398 ip6_input(struct mbuf *m, struct ifnet * |
|
} |
} |
|
|
ro = percpu_getref(ip6_forward_rt_percpu); |
ro = percpu_getref(ip6_forward_rt_percpu); |
|
|
/* |
/* |
* Multicast check |
* Multicast check |
*/ |
*/ |
Line 457 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 411 ip6_input(struct mbuf *m, struct ifnet * |
|
* arrival interface. |
* arrival interface. |
*/ |
*/ |
ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); |
ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); |
if (ingroup) |
if (ingroup) { |
ours = 1; |
ours = 1; |
else if (!ip6_mrouter) { |
} else if (!ip6_mrouter) { |
uint64_t *ip6s = IP6_STAT_GETREF(); |
uint64_t *ip6s = IP6_STAT_GETREF(); |
ip6s[IP6_STAT_NOTMEMBER]++; |
ip6s[IP6_STAT_NOTMEMBER]++; |
ip6s[IP6_STAT_CANTFORWARD]++; |
ip6s[IP6_STAT_CANTFORWARD]++; |
Line 474 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 428 ip6_input(struct mbuf *m, struct ifnet * |
|
sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); |
sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); |
|
|
/* |
/* |
* Unicast check |
* Unicast check |
*/ |
*/ |
rt = rtcache_lookup2(ro, &u.dst, 1, &hit); |
rt = rtcache_lookup2(ro, &u.dst, 1, &hit); |
if (hit) |
if (hit) |
Line 482 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 436 ip6_input(struct mbuf *m, struct ifnet * |
|
else |
else |
IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); |
IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); |
|
|
#define rt6_getkey(__rt) satocsin6(rt_getkey(__rt)) |
|
|
|
/* |
/* |
* Accept the packet if the forwarding interface to the destination |
* Accept the packet if the forwarding interface to the destination |
* according to the routing table is the loopback interface, |
* (according to the routing table) is the loopback interface, |
* unless the associated route has a gateway. |
* unless the associated route has a gateway. |
|
* |
|
* We don't explicitly match ip6_dst against an interface here. It |
|
* is already done in rtcache_lookup2: rt->rt_ifp->if_type will be |
|
* IFT_LOOP if the packet is for us. |
|
* |
* Note that this approach causes to accept a packet if there is a |
* Note that this approach causes to accept a packet if there is a |
* route to the loopback interface for the destination of the packet. |
* route to the loopback interface for the destination of the packet. |
* But we think it's even useful in some situations, e.g. when using |
* But we think it's even useful in some situations, e.g. when using |
Line 495 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 452 ip6_input(struct mbuf *m, struct ifnet * |
|
*/ |
*/ |
if (rt != NULL && |
if (rt != NULL && |
(rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && |
(rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && |
#if 0 |
|
/* |
|
* The check below is redundant since the comparison of |
|
* the destination and the key of the rtentry has |
|
* already done through looking up the routing table. |
|
*/ |
|
IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) && |
|
#endif |
|
rt->rt_ifp->if_type == IFT_LOOP) { |
rt->rt_ifp->if_type == IFT_LOOP) { |
struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; |
struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; |
|
int addrok; |
|
|
if (ia6->ia6_flags & IN6_IFF_ANYCAST) |
if (ia6->ia6_flags & IN6_IFF_ANYCAST) |
m->m_flags |= M_ANYCAST6; |
m->m_flags |= M_ANYCAST6; |
/* |
/* |
* packets to a tentative, duplicated, or somehow invalid |
* packets to a tentative, duplicated, or somehow invalid |
* address must not be accepted. |
* address must not be accepted. |
*/ |
*/ |
if (!(ia6->ia6_flags & (IN6_IFF_NOTREADY | IN6_IFF_DETACHED))) { |
if (ia6->ia6_flags & IN6_IFF_NOTREADY) |
|
addrok = 0; |
|
else if (ia6->ia6_flags & IN6_IFF_DETACHED && |
|
!IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) |
|
{ |
|
/* Allow internal traffic to DETACHED addresses */ |
|
struct sockaddr_in6 sin6; |
|
int s; |
|
|
|
memset(&sin6, 0, sizeof(sin6)); |
|
sin6.sin6_family = AF_INET6; |
|
sin6.sin6_len = sizeof(sin6); |
|
sin6.sin6_addr = ip6->ip6_src; |
|
s = pserialize_read_enter(); |
|
addrok = (ifa_ifwithaddr(sin6tosa(&sin6)) != NULL); |
|
pserialize_read_exit(s); |
|
} else |
|
addrok = 1; |
|
if (addrok) { |
/* this address is ready */ |
/* this address is ready */ |
ours = 1; |
ours = 1; |
deliverifp = ia6->ia_ifp; /* correct? */ |
deliverifp = ia6->ia_ifp; /* correct? */ |
Line 543 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 512 ip6_input(struct mbuf *m, struct ifnet * |
|
} |
} |
#endif |
#endif |
|
|
#if 0 |
|
{ |
|
/* |
|
* Last resort: check in6_ifaddr for incoming interface. |
|
* The code is here until I update the "goto ours hack" code above |
|
* working right. |
|
*/ |
|
struct ifaddr *ifa; |
|
IFADDR_READER_FOREACH(ifa, rcvif) { |
|
if (ifa->ifa_addr->sa_family != AF_INET6) |
|
continue; |
|
if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { |
|
ours = 1; |
|
deliverifp = ifa->ifa_ifp; |
|
goto hbhcheck; |
|
} |
|
} |
|
} |
|
#endif |
|
|
|
/* |
/* |
* Now there is no reason to process the packet if it's not our own |
* Now there is no reason to process the packet if it's not our own |
* and we're not a router. |
* and we're not a router. |
Line 573 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 522 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad_unref; |
goto bad_unref; |
} |
} |
|
|
hbhcheck: |
hbhcheck: |
/* |
/* |
* record address information into m_tag, if we don't have one yet. |
* Record address information into m_tag, if we don't have one yet. |
* note that we are unable to record it, if the address is not listed |
* Note that we are unable to record it, if the address is not listed |
* as our interface address (e.g. multicast addresses, addresses |
* as our interface address (e.g. multicast addresses, addresses |
* within FAITH prefixes and such). |
* within FAITH prefixes and such). |
*/ |
*/ |
Line 606 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 555 ip6_input(struct mbuf *m, struct ifnet * |
|
struct ip6_hbh *hbh; |
struct ip6_hbh *hbh; |
|
|
if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { |
if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { |
#if 0 /*touches NULL pointer*/ |
/* m already freed */ |
in6_ifstat_inc(rcvif, ifs6_in_discard); |
in6_ifstat_inc(rcvif, ifs6_in_discard); |
#endif |
|
rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
percpu_putref(ip6_forward_rt_percpu); |
percpu_putref(ip6_forward_rt_percpu); |
return; /* m have already been freed */ |
return; |
} |
} |
|
|
/* adjust pointer */ |
/* adjust pointer */ |
Line 659 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 607 ip6_input(struct mbuf *m, struct ifnet * |
|
nxt = ip6->ip6_nxt; |
nxt = ip6->ip6_nxt; |
|
|
/* |
/* |
* Check that the amount of data in the buffers |
* Check that the amount of data in the buffers is at least much as |
* is as at least much as the IPv6 header would have us expect. |
* the IPv6 header would have us expect. Trim mbufs if longer than we |
* Trim mbufs if longer than we expect. |
* expect. Drop packet if shorter than we expect. |
* Drop packet if shorter than we expect. |
|
*/ |
*/ |
if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { |
if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { |
IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
Line 730 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 677 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad_unref; |
goto bad_unref; |
} |
} |
|
|
/* |
|
* Tell launch routine the next header |
|
*/ |
|
#ifdef IFA_STATS |
#ifdef IFA_STATS |
if (deliverifp != NULL) { |
if (deliverifp != NULL) { |
struct in6_ifaddr *ia6; |
struct in6_ifaddr *ia6; |
Line 754 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 698 ip6_input(struct mbuf *m, struct ifnet * |
|
percpu_putref(ip6_forward_rt_percpu); |
percpu_putref(ip6_forward_rt_percpu); |
|
|
rh_present = 0; |
rh_present = 0; |
|
frg_present = 0; |
while (nxt != IPPROTO_DONE) { |
while (nxt != IPPROTO_DONE) { |
if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { |
if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { |
IP6_STATINC(IP6_STAT_TOOMANYHDR); |
IP6_STATINC(IP6_STAT_TOOMANYHDR); |
Line 761 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 706 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad; |
goto bad; |
} |
} |
|
|
|
M_VERIFY_PACKET(m); |
|
|
/* |
/* |
* protection against faulty packet - there should be |
* protection against faulty packet - there should be |
* more sanity checks in header chain processing. |
* more sanity checks in header chain processing. |
Line 777 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 724 ip6_input(struct mbuf *m, struct ifnet * |
|
IP6_STATINC(IP6_STAT_BADOPTIONS); |
IP6_STATINC(IP6_STAT_BADOPTIONS); |
goto bad; |
goto bad; |
} |
} |
|
} else if (nxt == IPPROTO_FRAGMENT) { |
|
if (frg_present++) { |
|
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
|
IP6_STATINC(IP6_STAT_BADOPTIONS); |
|
goto bad; |
|
} |
} |
} |
|
|
#ifdef IPSEC |
#ifdef IPSEC |
if (ipsec_used) { |
if (ipsec_used) { |
/* |
/* |
* enforce IPsec policy checking if we are seeing last |
* Enforce IPsec policy checking if we are seeing last |
* header. note that we do not visit this with |
* header. Note that we do not visit this with |
* protocols with pcb layer code - like udp/tcp/raw ip. |
* protocols with pcb layer code - like udp/tcp/raw ip. |
*/ |
*/ |
if ((inet6sw[ip_protox[nxt]].pr_flags |
if ((inet6sw[ip_protox[nxt]].pr_flags |
& PR_LASTHDR) != 0) { |
& PR_LASTHDR) != 0) { |
int error; |
int error; |
|
|
SOFTNET_LOCK(); |
error = ipsec_ip_input(m, false); |
error = ipsec6_input(m); |
|
SOFTNET_UNLOCK(); |
|
if (error) |
if (error) |
goto bad; |
goto bad; |
} |
} |
} |
} |
#endif /* IPSEC */ |
#endif |
|
|
SOFTNET_LOCK(); |
|
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
SOFTNET_UNLOCK(); |
|
} |
} |
return; |
return; |
|
|
bad_unref: |
bad_unref: |
rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
percpu_putref(ip6_forward_rt_percpu); |
percpu_putref(ip6_forward_rt_percpu); |
bad: |
bad: |
m_freem(m); |
m_freem(m); |
return; |
return; |
} |
} |
|
|
|
static bool |
|
ip6_badaddr(struct ip6_hdr *ip6) |
|
{ |
|
/* Check against address spoofing/corruption. */ |
|
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || |
|
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { |
|
return true; |
|
} |
|
|
|
/* |
|
* The following check is not documented in specs. A malicious |
|
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
|
* and bypass security checks (act as if it was from 127.0.0.1 by using |
|
* IPv6 src ::ffff:127.0.0.1). Be cautious. |
|
* |
|
* This check chokes if we are in an SIIT cloud. As none of BSDs |
|
* support IPv4-less kernel compilation, we cannot support SIIT |
|
* environment at all. So, it makes more sense for us to reject any |
|
* malicious packets for non-SIIT environment, than try to do a |
|
* partial support for SIIT environment. |
|
*/ |
|
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
|
return true; |
|
} |
|
|
|
/* |
|
* Reject packets with IPv4-compatible IPv6 addresses (RFC4291). |
|
*/ |
|
if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { |
|
return true; |
|
} |
|
|
|
return false; |
|
} |
|
|
/* |
/* |
* set/grab in6_ifaddr correspond to IPv6 destination address. |
* set/grab in6_ifaddr correspond to IPv6 destination address. |
*/ |
*/ |
Line 865 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
Line 851 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
|
|
/* validation of the length of the header */ |
/* validation of the length of the header */ |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, |
sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); |
sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); |
if (hbh == NULL) { |
if (hbh == NULL) { |
IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
return -1; |
return -1; |
} |
} |
hbhlen = (hbh->ip6h_len + 1) << 3; |
hbhlen = (hbh->ip6h_len + 1) << 3; |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
hbhlen); |
hbhlen); |
if (hbh == NULL) { |
if (hbh == NULL) { |
IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
return -1; |
return -1; |
Line 882 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
Line 868 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
hbhlen -= sizeof(struct ip6_hbh); |
hbhlen -= sizeof(struct ip6_hbh); |
|
|
if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), |
if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), |
hbhlen, rtalertp, plenp) < 0) |
hbhlen, rtalertp, plenp) < 0) |
return (-1); |
return -1; |
|
|
*offp = off; |
*offp = off; |
*mp = m; |
*mp = m; |
return (0); |
return 0; |
} |
} |
|
|
/* |
/* |
Line 970 ip6_process_hopopts(struct mbuf *m, u_in |
|
Line 956 ip6_process_hopopts(struct mbuf *m, u_in |
|
|
|
/* |
/* |
* We may see jumbolen in unaligned location, so |
* We may see jumbolen in unaligned location, so |
* we'd need to perform bcopy(). |
* we'd need to perform memcpy(). |
*/ |
*/ |
memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); |
memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); |
jumboplen = (u_int32_t)htonl(jumboplen); |
jumboplen = (u_int32_t)htonl(jumboplen); |
Line 1064 ip6_unknown_opt(u_int8_t *optp, struct m |
|
Line 1050 ip6_unknown_opt(u_int8_t *optp, struct m |
|
return (-1); |
return (-1); |
} |
} |
|
|
/* |
|
* Create the "control" list for this pcb. |
|
* |
|
* The routine will be called from upper layer handlers like tcp6_input(). |
|
* Thus the routine assumes that the caller (tcp6_input) have already |
|
* called IP6_EXTHDR_CHECK() and all the extension headers are located in the |
|
* very first mbuf on the mbuf chain. |
|
* We may want to add some infinite loop prevention or sanity checks for safety. |
|
* (This applies only when you are using KAME mbuf chain restriction, i.e. |
|
* you are using IP6_EXTHDR_CHECK() not m_pulldown()) |
|
*/ |
|
void |
void |
ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, |
ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, |
struct ip6_hdr *ip6, struct mbuf *m) |
struct ip6_hdr *ip6, struct mbuf *m) |
Line 1087 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1062 ip6_savecontrol(struct in6pcb *in6p, str |
|
#endif |
#endif |
|
|
if (SOOPT_TIMESTAMP(so->so_options)) |
if (SOOPT_TIMESTAMP(so->so_options)) |
mp = sbsavetimestamp(so->so_options, m, mp); |
mp = sbsavetimestamp(so->so_options, mp); |
|
|
/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ |
/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ |
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) |
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) |
Line 1308 ip6_notify_pmtu(struct in6pcb *in6p, con |
|
Line 1283 ip6_notify_pmtu(struct in6pcb *in6p, con |
|
|
|
if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) |
if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) |
== 0) { |
== 0) { |
|
soroverflow(so); |
m_freem(m_mtu); |
m_freem(m_mtu); |
/* XXX: should count statistics */ |
|
} else |
} else |
sorwakeup(so); |
sorwakeup(so); |
|
|
Line 1327 ip6_pullexthdr(struct mbuf *m, size_t of |
|
Line 1302 ip6_pullexthdr(struct mbuf *m, size_t of |
|
size_t elen; |
size_t elen; |
struct mbuf *n; |
struct mbuf *n; |
|
|
#ifdef DIAGNOSTIC |
|
switch (nxt) { |
|
case IPPROTO_DSTOPTS: |
|
case IPPROTO_ROUTING: |
|
case IPPROTO_HOPOPTS: |
|
case IPPROTO_AH: /* is it possible? */ |
|
break; |
|
default: |
|
printf("ip6_pullexthdr: invalid nxt=%d\n", nxt); |
|
} |
|
#endif |
|
|
|
m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); |
m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); |
if (nxt == IPPROTO_AH) |
if (nxt == IPPROTO_AH) |
elen = (ip6e.ip6e_len + 2) << 2; |
elen = (ip6e.ip6e_len + 2) << 2; |
Line 1368 ip6_pullexthdr(struct mbuf *m, size_t of |
|
Line 1331 ip6_pullexthdr(struct mbuf *m, size_t of |
|
} |
} |
|
|
/* |
/* |
* Get pointer to the previous header followed by the header |
* Get offset to the previous header followed by the header |
* currently processed. |
* currently processed. |
* XXX: This function supposes that |
|
* M includes all headers, |
|
* the next header field and the header length field of each header |
|
* are valid, and |
|
* the sum of each header length equals to OFF. |
|
* Because of these assumptions, this function must be called very |
|
* carefully. Moreover, it will not be used in the near future when |
|
* we develop `neater' mechanism to process extension headers. |
|
*/ |
*/ |
u_int8_t * |
int |
ip6_get_prevhdr(struct mbuf *m, int off) |
ip6_get_prevhdr(struct mbuf *m, int off) |
{ |
{ |
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); |
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); |
|
|
if (off == sizeof(struct ip6_hdr)) |
if (off == sizeof(struct ip6_hdr)) { |
return (&ip6->ip6_nxt); |
return offsetof(struct ip6_hdr, ip6_nxt); |
else { |
} else if (off < sizeof(struct ip6_hdr)) { |
int len, nxt; |
panic("%s: off < sizeof(struct ip6_hdr)", __func__); |
struct ip6_ext *ip6e = NULL; |
} else { |
|
int len, nlen, nxt; |
|
struct ip6_ext ip6e; |
|
|
nxt = ip6->ip6_nxt; |
nxt = ip6->ip6_nxt; |
len = sizeof(struct ip6_hdr); |
len = sizeof(struct ip6_hdr); |
|
nlen = 0; |
while (len < off) { |
while (len < off) { |
ip6e = (struct ip6_ext *)(mtod(m, char *) + len); |
m_copydata(m, len, sizeof(ip6e), &ip6e); |
|
|
switch (nxt) { |
switch (nxt) { |
case IPPROTO_FRAGMENT: |
case IPPROTO_FRAGMENT: |
len += sizeof(struct ip6_frag); |
nlen = sizeof(struct ip6_frag); |
break; |
break; |
case IPPROTO_AH: |
case IPPROTO_AH: |
len += (ip6e->ip6e_len + 2) << 2; |
nlen = (ip6e.ip6e_len + 2) << 2; |
break; |
break; |
default: |
default: |
len += (ip6e->ip6e_len + 1) << 3; |
nlen = (ip6e.ip6e_len + 1) << 3; |
break; |
break; |
} |
} |
nxt = ip6e->ip6e_nxt; |
len += nlen; |
|
nxt = ip6e.ip6e_nxt; |
} |
} |
if (ip6e) |
|
return (&ip6e->ip6e_nxt); |
return (len - nlen); |
else |
|
return NULL; |
|
} |
} |
} |
} |
|
|
Line 1427 ip6_nexthdr(struct mbuf *m, int off, int |
|
Line 1384 ip6_nexthdr(struct mbuf *m, int off, int |
|
|
|
/* just in case */ |
/* just in case */ |
if (m == NULL) |
if (m == NULL) |
panic("ip6_nexthdr: m == NULL"); |
panic("%s: m == NULL", __func__); |
if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) |
if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) |
return -1; |
return -1; |
|
|
Line 1582 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
Line 1539 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
static void |
static void |
sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
{ |
{ |
#ifdef RFC2292 |
|
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
|
#else |
|
#define IS2292(x, y) (y) |
|
#endif |
|
|
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT, |
CTLFLAG_PERMANENT, |
Line 1622 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1574 sysctl_net_inet6_ip6_setup(struct sysctl |
|
NULL, 0, &ip6_defhlim, 0, |
NULL, 0, &ip6_defhlim, 0, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
IPV6CTL_DEFHLIM, CTL_EOL); |
IPV6CTL_DEFHLIM, CTL_EOL); |
#ifdef notyet |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "mtu", NULL, |
|
NULL, 0, &, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_DEFMTU, CTL_EOL); |
|
#endif |
|
#ifdef __no_idea__ |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "forwsrcrt", NULL, |
|
NULL, 0, &?, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_FORWSRCRT, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_STRUCT, "mrtstats", NULL, |
|
NULL, 0, &?, sizeof(?), |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_MRTSTATS, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_?, "mrtproto", NULL, |
|
NULL, 0, &?, sizeof(?), |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_MRTPROTO, CTL_EOL); |
|
#endif |
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "maxfragpackets", |
CTLTYPE_INT, "maxfragpackets", |
Line 1658 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1582 sysctl_net_inet6_ip6_setup(struct sysctl |
|
NULL, 0, &ip6_maxfragpackets, 0, |
NULL, 0, &ip6_maxfragpackets, 0, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
IPV6CTL_MAXFRAGPACKETS, CTL_EOL); |
IPV6CTL_MAXFRAGPACKETS, CTL_EOL); |
#ifdef __no_idea__ |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "sourcecheck", NULL, |
|
NULL, 0, &?, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_SOURCECHECK, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "sourcecheck_logint", NULL, |
|
NULL, 0, &?, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL); |
|
#endif |
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "accept_rtadv", |
CTLTYPE_INT, "accept_rtadv", |
Line 1703 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1613 sysctl_net_inet6_ip6_setup(struct sysctl |
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "log_interval", |
CTLTYPE_INT, "log_interval", |
SYSCTL_DESCR("Minumum interval between logging " |
SYSCTL_DESCR("Minimum interval between logging " |
"unroutable packets"), |
"unroutable packets"), |
NULL, 0, &ip6_log_interval, 0, |
NULL, 0, &ip6_log_interval, 0, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |