version 1.185, 2017/11/25 13:18:02 |
version 1.186, 2018/01/29 10:57:13 |
Line 130 extern struct domain inet6domain; |
|
Line 130 extern struct domain inet6domain; |
|
u_char ip6_protox[IPPROTO_MAX]; |
u_char ip6_protox[IPPROTO_MAX]; |
pktqueue_t *ip6_pktq __read_mostly; |
pktqueue_t *ip6_pktq __read_mostly; |
|
|
int ip6_forward_srcrt; /* XXX */ |
|
int ip6_sourcecheck; /* XXX */ |
|
int ip6_sourcecheck_interval; /* XXX */ |
|
|
|
pfil_head_t *inet6_pfil_hook; |
pfil_head_t *inet6_pfil_hook; |
|
|
percpu_t *ip6stat_percpu; |
percpu_t *ip6stat_percpu; |
|
|
ip6_init2(void) |
ip6_init2(void) |
{ |
{ |
|
|
/* timer for regeneranation of temporary addresses randomize ID */ |
/* timer for regeneration of temporary addresses randomize ID */ |
callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); |
callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); |
callout_reset(&in6_tmpaddrtimer_ch, |
callout_reset(&in6_tmpaddrtimer_ch, |
(ip6_temp_preferred_lifetime - ip6_desync_factor - |
(ip6_temp_preferred_lifetime - ip6_desync_factor - |
Line 262 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 258 ip6_input(struct mbuf *m, struct ifnet * |
|
} u; |
} u; |
struct route *ro; |
struct route *ro; |
|
|
|
KASSERT(rcvif != NULL); |
|
|
/* |
/* |
* make sure we don't have onion peering information into m_tag. |
* make sure we don't have onion peering information into m_tag. |
*/ |
*/ |
Line 300 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 298 ip6_input(struct mbuf *m, struct ifnet * |
|
*/ |
*/ |
if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { |
if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { |
if ((m = m_copyup(m, sizeof(struct ip6_hdr), |
if ((m = m_copyup(m, sizeof(struct ip6_hdr), |
(max_linkhdr + 3) & ~3)) == NULL) { |
(max_linkhdr + 3) & ~3)) == NULL) { |
/* XXXJRT new stat, please */ |
/* XXXJRT new stat, please */ |
IP6_STATINC(IP6_STAT_TOOSMALL); |
IP6_STATINC(IP6_STAT_TOOSMALL); |
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
Line 382 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 380 ip6_input(struct mbuf *m, struct ifnet * |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
goto bad; |
goto bad; |
} |
} |
|
|
/* |
/* |
* The following check is not documented in specs. A malicious |
* The following check is not documented in specs. A malicious |
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
Line 400 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 399 ip6_input(struct mbuf *m, struct ifnet * |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
goto bad; |
goto bad; |
} |
} |
|
|
#if 0 |
#if 0 |
/* |
/* |
* Reject packets with IPv4 compatible addresses (auto tunnel). |
* Reject packets with IPv4 compatible addresses (auto tunnel). |
Line 424 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 424 ip6_input(struct mbuf *m, struct ifnet * |
|
* to the usage conflict. |
* to the usage conflict. |
* in6_setscope() then also checks and rejects the cases where src or |
* in6_setscope() then also checks and rejects the cases where src or |
* dst are the loopback address and the receiving interface |
* dst are the loopback address and the receiving interface |
* is not loopback. |
* is not loopback. |
*/ |
*/ |
if (__predict_false( |
if (__predict_false( |
m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) |
m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) |
Line 441 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 441 ip6_input(struct mbuf *m, struct ifnet * |
|
} |
} |
|
|
ro = percpu_getref(ip6_forward_rt_percpu); |
ro = percpu_getref(ip6_forward_rt_percpu); |
|
|
/* |
/* |
* Multicast check |
* Multicast check |
*/ |
*/ |
Line 453 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 454 ip6_input(struct mbuf *m, struct ifnet * |
|
* arrival interface. |
* arrival interface. |
*/ |
*/ |
ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); |
ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); |
if (ingroup) |
if (ingroup) { |
ours = 1; |
ours = 1; |
else if (!ip6_mrouter) { |
} else if (!ip6_mrouter) { |
uint64_t *ip6s = IP6_STAT_GETREF(); |
uint64_t *ip6s = IP6_STAT_GETREF(); |
ip6s[IP6_STAT_NOTMEMBER]++; |
ip6s[IP6_STAT_NOTMEMBER]++; |
ip6s[IP6_STAT_CANTFORWARD]++; |
ip6s[IP6_STAT_CANTFORWARD]++; |
Line 470 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 471 ip6_input(struct mbuf *m, struct ifnet * |
|
sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); |
sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); |
|
|
/* |
/* |
* Unicast check |
* Unicast check |
*/ |
*/ |
rt = rtcache_lookup2(ro, &u.dst, 1, &hit); |
rt = rtcache_lookup2(ro, &u.dst, 1, &hit); |
if (hit) |
if (hit) |
Line 478 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 479 ip6_input(struct mbuf *m, struct ifnet * |
|
else |
else |
IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); |
IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); |
|
|
#define rt6_getkey(__rt) satocsin6(rt_getkey(__rt)) |
|
|
|
/* |
/* |
* Accept the packet if the forwarding interface to the destination |
* Accept the packet if the forwarding interface to the destination |
* according to the routing table is the loopback interface, |
* (according to the routing table) is the loopback interface, |
* unless the associated route has a gateway. |
* unless the associated route has a gateway. |
|
* |
|
* We don't explicitly match ip6_dst against an interface here. It |
|
* is already done in rtcache_lookup2: rt->rt_ifp->if_type will be |
|
* IFT_LOOP if the packet is for us. |
|
* |
* Note that this approach causes to accept a packet if there is a |
* Note that this approach causes to accept a packet if there is a |
* route to the loopback interface for the destination of the packet. |
* route to the loopback interface for the destination of the packet. |
* But we think it's even useful in some situations, e.g. when using |
* But we think it's even useful in some situations, e.g. when using |
Line 491 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 495 ip6_input(struct mbuf *m, struct ifnet * |
|
*/ |
*/ |
if (rt != NULL && |
if (rt != NULL && |
(rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && |
(rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && |
#if 0 |
|
/* |
|
* The check below is redundant since the comparison of |
|
* the destination and the key of the rtentry has |
|
* already done through looking up the routing table. |
|
*/ |
|
IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) && |
|
#endif |
|
rt->rt_ifp->if_type == IFT_LOOP) { |
rt->rt_ifp->if_type == IFT_LOOP) { |
struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; |
struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; |
int addrok; |
int addrok; |
Line 559 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 555 ip6_input(struct mbuf *m, struct ifnet * |
|
} |
} |
#endif |
#endif |
|
|
#if 0 |
|
{ |
|
/* |
|
* Last resort: check in6_ifaddr for incoming interface. |
|
* The code is here until I update the "goto ours hack" code above |
|
* working right. |
|
*/ |
|
struct ifaddr *ifa; |
|
IFADDR_READER_FOREACH(ifa, rcvif) { |
|
if (ifa->ifa_addr->sa_family != AF_INET6) |
|
continue; |
|
if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { |
|
ours = 1; |
|
deliverifp = ifa->ifa_ifp; |
|
goto hbhcheck; |
|
} |
|
} |
|
} |
|
#endif |
|
|
|
/* |
/* |
* Now there is no reason to process the packet if it's not our own |
* Now there is no reason to process the packet if it's not our own |
* and we're not a router. |
* and we're not a router. |
Line 589 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 565 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad_unref; |
goto bad_unref; |
} |
} |
|
|
hbhcheck: |
hbhcheck: |
/* |
/* |
* record address information into m_tag, if we don't have one yet. |
* Record address information into m_tag, if we don't have one yet. |
* note that we are unable to record it, if the address is not listed |
* Note that we are unable to record it, if the address is not listed |
* as our interface address (e.g. multicast addresses, addresses |
* as our interface address (e.g. multicast addresses, addresses |
* within FAITH prefixes and such). |
* within FAITH prefixes and such). |
*/ |
*/ |
Line 622 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 598 ip6_input(struct mbuf *m, struct ifnet * |
|
struct ip6_hbh *hbh; |
struct ip6_hbh *hbh; |
|
|
if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { |
if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { |
#if 0 /*touches NULL pointer*/ |
/* m already freed */ |
in6_ifstat_inc(rcvif, ifs6_in_discard); |
in6_ifstat_inc(rcvif, ifs6_in_discard); |
#endif |
|
rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
percpu_putref(ip6_forward_rt_percpu); |
percpu_putref(ip6_forward_rt_percpu); |
return; /* m have already been freed */ |
return; |
} |
} |
|
|
/* adjust pointer */ |
/* adjust pointer */ |
Line 675 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 650 ip6_input(struct mbuf *m, struct ifnet * |
|
nxt = ip6->ip6_nxt; |
nxt = ip6->ip6_nxt; |
|
|
/* |
/* |
* Check that the amount of data in the buffers |
* Check that the amount of data in the buffers is at least much as |
* is as at least much as the IPv6 header would have us expect. |
* the IPv6 header would have us expect. Trim mbufs if longer than we |
* Trim mbufs if longer than we expect. |
* expect. Drop packet if shorter than we expect. |
* Drop packet if shorter than we expect. |
|
*/ |
*/ |
if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { |
if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { |
IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
Line 746 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 720 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad_unref; |
goto bad_unref; |
} |
} |
|
|
/* |
|
* Tell launch routine the next header |
|
*/ |
|
#ifdef IFA_STATS |
#ifdef IFA_STATS |
if (deliverifp != NULL) { |
if (deliverifp != NULL) { |
struct in6_ifaddr *ia6; |
struct in6_ifaddr *ia6; |
Line 798 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 769 ip6_input(struct mbuf *m, struct ifnet * |
|
#ifdef IPSEC |
#ifdef IPSEC |
if (ipsec_used) { |
if (ipsec_used) { |
/* |
/* |
* enforce IPsec policy checking if we are seeing last |
* Enforce IPsec policy checking if we are seeing last |
* header. note that we do not visit this with |
* header. Note that we do not visit this with |
* protocols with pcb layer code - like udp/tcp/raw ip. |
* protocols with pcb layer code - like udp/tcp/raw ip. |
*/ |
*/ |
if ((inet6sw[ip_protox[nxt]].pr_flags |
if ((inet6sw[ip_protox[nxt]].pr_flags |
Line 811 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 782 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad; |
goto bad; |
} |
} |
} |
} |
#endif /* IPSEC */ |
#endif |
|
|
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
} |
} |
return; |
return; |
|
|
bad_unref: |
bad_unref: |
rtcache_unref(rt, ro); |
rtcache_unref(rt, ro); |
percpu_putref(ip6_forward_rt_percpu); |
percpu_putref(ip6_forward_rt_percpu); |
bad: |
bad: |
m_freem(m); |
m_freem(m); |
return; |
return; |
} |
} |