version 1.187, 2018/01/30 14:49:25 |
version 1.193.2.5, 2018/05/21 04:36:16 |
Line 123 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 123 __KERNEL_RCSID(0, "$NetBSD$"); |
|
|
|
#include "faith.h" |
#include "faith.h" |
|
|
#include <net/net_osdep.h> |
|
|
|
extern struct domain inet6domain; |
extern struct domain inet6domain; |
|
|
u_char ip6_protox[IPPROTO_MAX]; |
u_char ip6_protox[IPPROTO_MAX]; |
Line 138 percpu_t *ip6_forward_rt_percpu __cachel |
|
Line 136 percpu_t *ip6_forward_rt_percpu __cachel |
|
|
|
static void ip6_init2(void); |
static void ip6_init2(void); |
static void ip6intr(void *); |
static void ip6intr(void *); |
|
static bool ip6_badaddr(struct ip6_hdr *); |
static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
static struct m_tag *ip6_setdstifaddr(struct mbuf *, const struct in6_ifaddr *); |
|
|
static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, |
static int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *, |
u_int32_t *); |
u_int32_t *); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int); |
static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
static void sysctl_net_inet6_ip6_setup(struct sysctllog **); |
|
|
Line 218 ip6intr(void *arg __unused) |
|
Line 217 ip6intr(void *arg __unused) |
|
{ |
{ |
struct mbuf *m; |
struct mbuf *m; |
|
|
SOFTNET_LOCK_UNLESS_NET_MPSAFE(); |
SOFTNET_KERNEL_LOCK_UNLESS_NET_MPSAFE(); |
while ((m = pktq_dequeue(ip6_pktq)) != NULL) { |
while ((m = pktq_dequeue(ip6_pktq)) != NULL) { |
struct psref psref; |
struct psref psref; |
struct ifnet *rcvif = m_get_rcvif_psref(m, &psref); |
struct ifnet *rcvif = m_get_rcvif_psref(m, &psref); |
Line 238 ip6intr(void *arg __unused) |
|
Line 237 ip6intr(void *arg __unused) |
|
ip6_input(m, rcvif); |
ip6_input(m, rcvif); |
m_put_rcvif_psref(rcvif, &psref); |
m_put_rcvif_psref(rcvif, &psref); |
} |
} |
SOFTNET_UNLOCK_UNLESS_NET_MPSAFE(); |
SOFTNET_KERNEL_UNLOCK_UNLESS_NET_MPSAFE(); |
} |
} |
|
|
void |
void |
Line 248 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 247 ip6_input(struct mbuf *m, struct ifnet * |
|
int hit, off = sizeof(struct ip6_hdr), nest; |
int hit, off = sizeof(struct ip6_hdr), nest; |
u_int32_t plen; |
u_int32_t plen; |
u_int32_t rtalert = ~0; |
u_int32_t rtalert = ~0; |
int nxt, ours = 0, rh_present = 0; |
int nxt, ours = 0, rh_present = 0, frg_present; |
struct ifnet *deliverifp = NULL; |
struct ifnet *deliverifp = NULL; |
int srcrt = 0; |
int srcrt = 0; |
struct rtentry *rt = NULL; |
struct rtentry *rt = NULL; |
Line 320 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 319 ip6_input(struct mbuf *m, struct ifnet * |
|
goto bad; |
goto bad; |
} |
} |
|
|
|
if (ip6_badaddr(ip6)) { |
|
IP6_STATINC(IP6_STAT_BADSCOPE); |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
|
/* |
/* |
* Assume that we can create a fast-forward IP flow entry |
* Assume that we can create a fast-forward IP flow entry |
* based on this packet. |
* based on this packet. |
Line 332 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 337 ip6_input(struct mbuf *m, struct ifnet * |
|
* not fast-forwarded, they must clear the M_CANFASTFWD flag. |
* not fast-forwarded, they must clear the M_CANFASTFWD flag. |
* Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
* in the list may have previously cleared it. |
* in the list may have previously cleared it. |
*/ |
* |
/* |
* Don't call hooks if the packet has already been processed by |
* let ipfilter look at packet on the wire, |
* IPsec (encapsulated, tunnel mode). |
* not the decapsulated packet. |
|
*/ |
*/ |
#if defined(IPSEC) |
#if defined(IPSEC) |
if (!ipsec_used || !ipsec_indone(m)) |
if (!ipsec_used || !ipsec_indone(m)) |
Line 350 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 354 ip6_input(struct mbuf *m, struct ifnet * |
|
return; |
return; |
if (m == NULL) |
if (m == NULL) |
return; |
return; |
|
KASSERT(m->m_len >= sizeof(struct ip6_hdr)); |
ip6 = mtod(m, struct ip6_hdr *); |
ip6 = mtod(m, struct ip6_hdr *); |
srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); |
srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); |
} |
} |
Line 369 ip6_input(struct mbuf *m, struct ifnet * |
|
Line 374 ip6_input(struct mbuf *m, struct ifnet * |
|
#endif |
#endif |
|
|
/* |
/* |
* Check against address spoofing/corruption. |
|
*/ |
|
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || |
|
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { |
|
/* |
|
* XXX: "badscope" is not very suitable for a multicast source. |
|
*/ |
|
IP6_STATINC(IP6_STAT_BADSCOPE); |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
|
|
/* |
|
* The following check is not documented in specs. A malicious |
|
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
|
* and bypass security checks (act as if it was from 127.0.0.1 by using |
|
* IPv6 src ::ffff:127.0.0.1). Be cautious. |
|
* |
|
* This check chokes if we are in an SIIT cloud. As none of BSDs |
|
* support IPv4-less kernel compilation, we cannot support SIIT |
|
* environment at all. So, it makes more sense for us to reject any |
|
* malicious packets for non-SIIT environment, than try to do a |
|
* partial support for SIIT environment. |
|
*/ |
|
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
|
IP6_STATINC(IP6_STAT_BADSCOPE); |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
|
|
#if 0 |
|
/* |
|
* Reject packets with IPv4 compatible addresses (auto tunnel). |
|
* |
|
* The code forbids auto tunnel relay case in RFC1933 (the check is |
|
* stronger than RFC1933). We may want to re-enable it if mech-xx |
|
* is revised to forbid relaying case. |
|
*/ |
|
if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { |
|
IP6_STATINC(IP6_STAT_BADSCOPE); |
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr); |
|
goto bad; |
|
} |
|
#endif |
|
|
|
/* |
|
* Disambiguate address scope zones (if there is ambiguity). |
* Disambiguate address scope zones (if there is ambiguity). |
* We first make sure that the original source or destination address |
* We first make sure that the original source or destination address |
* is not in our internal form for scoped addresses. Such addresses |
* is not in our internal form for scoped addresses. Such addresses |
|
|
percpu_putref(ip6_forward_rt_percpu); |
percpu_putref(ip6_forward_rt_percpu); |
|
|
rh_present = 0; |
rh_present = 0; |
|
frg_present = 0; |
while (nxt != IPPROTO_DONE) { |
while (nxt != IPPROTO_DONE) { |
if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { |
if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { |
IP6_STATINC(IP6_STAT_TOOMANYHDR); |
IP6_STATINC(IP6_STAT_TOOMANYHDR); |
|
|
goto bad; |
goto bad; |
} |
} |
|
|
|
M_VERIFY_PACKET(m); |
|
|
/* |
/* |
* protection against faulty packet - there should be |
* protection against faulty packet - there should be |
* more sanity checks in header chain processing. |
* more sanity checks in header chain processing. |
|
|
IP6_STATINC(IP6_STAT_BADOPTIONS); |
IP6_STATINC(IP6_STAT_BADOPTIONS); |
goto bad; |
goto bad; |
} |
} |
|
} else if (nxt == IPPROTO_FRAGMENT) { |
|
if (frg_present++) { |
|
in6_ifstat_inc(rcvif, ifs6_in_hdrerr); |
|
IP6_STATINC(IP6_STAT_BADOPTIONS); |
|
goto bad; |
|
} |
} |
} |
|
|
#ifdef IPSEC |
#ifdef IPSEC |
|
|
& PR_LASTHDR) != 0) { |
& PR_LASTHDR) != 0) { |
int error; |
int error; |
|
|
error = ipsec6_input(m); |
error = ipsec_ip_input(m, false); |
if (error) |
if (error) |
goto bad; |
goto bad; |
} |
} |
|
|
return; |
return; |
} |
} |
|
|
|
static bool |
|
ip6_badaddr(struct ip6_hdr *ip6) |
|
{ |
|
/* Check against address spoofing/corruption. */ |
|
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || |
|
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { |
|
return true; |
|
} |
|
|
|
/* |
|
* The following check is not documented in specs. A malicious |
|
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
|
* and bypass security checks (act as if it was from 127.0.0.1 by using |
|
* IPv6 src ::ffff:127.0.0.1). Be cautious. |
|
* |
|
* This check chokes if we are in an SIIT cloud. As none of BSDs |
|
* support IPv4-less kernel compilation, we cannot support SIIT |
|
* environment at all. So, it makes more sense for us to reject any |
|
* malicious packets for non-SIIT environment, than try to do a |
|
* partial support for SIIT environment. |
|
*/ |
|
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
|
return true; |
|
} |
|
|
|
/* |
|
* Reject packets with IPv4-compatible IPv6 addresses (RFC4291). |
|
*/ |
|
if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) || |
|
IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { |
|
return true; |
|
} |
|
|
|
return false; |
|
} |
|
|
/* |
/* |
* set/grab in6_ifaddr correspond to IPv6 destination address. |
* set/grab in6_ifaddr correspond to IPv6 destination address. |
*/ |
*/ |
Line 848 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
Line 851 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
|
|
/* validation of the length of the header */ |
/* validation of the length of the header */ |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, |
sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); |
sizeof(struct ip6_hdr), sizeof(struct ip6_hbh)); |
if (hbh == NULL) { |
if (hbh == NULL) { |
IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
return -1; |
return -1; |
} |
} |
hbhlen = (hbh->ip6h_len + 1) << 3; |
hbhlen = (hbh->ip6h_len + 1) << 3; |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), |
hbhlen); |
hbhlen); |
if (hbh == NULL) { |
if (hbh == NULL) { |
IP6_STATINC(IP6_STAT_TOOSHORT); |
IP6_STATINC(IP6_STAT_TOOSHORT); |
return -1; |
return -1; |
Line 865 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
Line 868 ip6_hopopts_input(u_int32_t *plenp, u_in |
|
hbhlen -= sizeof(struct ip6_hbh); |
hbhlen -= sizeof(struct ip6_hbh); |
|
|
if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), |
if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh), |
hbhlen, rtalertp, plenp) < 0) |
hbhlen, rtalertp, plenp) < 0) |
return (-1); |
return -1; |
|
|
*offp = off; |
*offp = off; |
*mp = m; |
*mp = m; |
return (0); |
return 0; |
} |
} |
|
|
/* |
/* |
Line 953 ip6_process_hopopts(struct mbuf *m, u_in |
|
Line 956 ip6_process_hopopts(struct mbuf *m, u_in |
|
|
|
/* |
/* |
* We may see jumbolen in unaligned location, so |
* We may see jumbolen in unaligned location, so |
* we'd need to perform bcopy(). |
* we'd need to perform memcpy(). |
*/ |
*/ |
memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); |
memcpy(&jumboplen, opt + 2, sizeof(jumboplen)); |
jumboplen = (u_int32_t)htonl(jumboplen); |
jumboplen = (u_int32_t)htonl(jumboplen); |
Line 1047 ip6_unknown_opt(u_int8_t *optp, struct m |
|
Line 1050 ip6_unknown_opt(u_int8_t *optp, struct m |
|
return (-1); |
return (-1); |
} |
} |
|
|
/* |
|
* Create the "control" list for this pcb. |
|
* |
|
* The routine will be called from upper layer handlers like tcp6_input(). |
|
* Thus the routine assumes that the caller (tcp6_input) have already |
|
* called IP6_EXTHDR_CHECK() and all the extension headers are located in the |
|
* very first mbuf on the mbuf chain. |
|
* We may want to add some infinite loop prevention or sanity checks for safety. |
|
* (This applies only when you are using KAME mbuf chain restriction, i.e. |
|
* you are using IP6_EXTHDR_CHECK() not m_pulldown()) |
|
*/ |
|
void |
void |
ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, |
ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, |
struct ip6_hdr *ip6, struct mbuf *m) |
struct ip6_hdr *ip6, struct mbuf *m) |
Line 1070 ip6_savecontrol(struct in6pcb *in6p, str |
|
Line 1062 ip6_savecontrol(struct in6pcb *in6p, str |
|
#endif |
#endif |
|
|
if (SOOPT_TIMESTAMP(so->so_options)) |
if (SOOPT_TIMESTAMP(so->so_options)) |
mp = sbsavetimestamp(so->so_options, m, mp); |
mp = sbsavetimestamp(so->so_options, mp); |
|
|
/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ |
/* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */ |
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) |
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) |
Line 1291 ip6_notify_pmtu(struct in6pcb *in6p, con |
|
Line 1283 ip6_notify_pmtu(struct in6pcb *in6p, con |
|
|
|
if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) |
if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) |
== 0) { |
== 0) { |
|
soroverflow(so); |
m_freem(m_mtu); |
m_freem(m_mtu); |
/* XXX: should count statistics */ |
|
} else |
} else |
sorwakeup(so); |
sorwakeup(so); |
|
|
Line 1310 ip6_pullexthdr(struct mbuf *m, size_t of |
|
Line 1302 ip6_pullexthdr(struct mbuf *m, size_t of |
|
size_t elen; |
size_t elen; |
struct mbuf *n; |
struct mbuf *n; |
|
|
#ifdef DIAGNOSTIC |
|
switch (nxt) { |
|
case IPPROTO_DSTOPTS: |
|
case IPPROTO_ROUTING: |
|
case IPPROTO_HOPOPTS: |
|
case IPPROTO_AH: /* is it possible? */ |
|
break; |
|
default: |
|
printf("ip6_pullexthdr: invalid nxt=%d\n", nxt); |
|
} |
|
#endif |
|
|
|
m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); |
m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); |
if (nxt == IPPROTO_AH) |
if (nxt == IPPROTO_AH) |
elen = (ip6e.ip6e_len + 2) << 2; |
elen = (ip6e.ip6e_len + 2) << 2; |
Line 1404 ip6_nexthdr(struct mbuf *m, int off, int |
|
Line 1384 ip6_nexthdr(struct mbuf *m, int off, int |
|
|
|
/* just in case */ |
/* just in case */ |
if (m == NULL) |
if (m == NULL) |
panic("ip6_nexthdr: m == NULL"); |
panic("%s: m == NULL", __func__); |
if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) |
if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off) |
return -1; |
return -1; |
|
|
Line 1559 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
Line 1539 sysctl_net_inet6_ip6_stats(SYSCTLFN_ARGS |
|
static void |
static void |
sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
sysctl_net_inet6_ip6_setup(struct sysctllog **clog) |
{ |
{ |
#ifdef RFC2292 |
|
#define IS2292(x, y) ((in6p->in6p_flags & IN6P_RFC2292) ? (x) : (y)) |
|
#else |
|
#define IS2292(x, y) (y) |
|
#endif |
|
|
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT, |
CTLFLAG_PERMANENT, |
Line 1599 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1574 sysctl_net_inet6_ip6_setup(struct sysctl |
|
NULL, 0, &ip6_defhlim, 0, |
NULL, 0, &ip6_defhlim, 0, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
IPV6CTL_DEFHLIM, CTL_EOL); |
IPV6CTL_DEFHLIM, CTL_EOL); |
#ifdef notyet |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "mtu", NULL, |
|
NULL, 0, &, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_DEFMTU, CTL_EOL); |
|
#endif |
|
#ifdef __no_idea__ |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "forwsrcrt", NULL, |
|
NULL, 0, &?, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_FORWSRCRT, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_STRUCT, "mrtstats", NULL, |
|
NULL, 0, &?, sizeof(?), |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_MRTSTATS, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_?, "mrtproto", NULL, |
|
NULL, 0, &?, sizeof(?), |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_MRTPROTO, CTL_EOL); |
|
#endif |
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "maxfragpackets", |
CTLTYPE_INT, "maxfragpackets", |
Line 1635 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1582 sysctl_net_inet6_ip6_setup(struct sysctl |
|
NULL, 0, &ip6_maxfragpackets, 0, |
NULL, 0, &ip6_maxfragpackets, 0, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
IPV6CTL_MAXFRAGPACKETS, CTL_EOL); |
IPV6CTL_MAXFRAGPACKETS, CTL_EOL); |
#ifdef __no_idea__ |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "sourcecheck", NULL, |
|
NULL, 0, &?, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_SOURCECHECK, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "sourcecheck_logint", NULL, |
|
NULL, 0, &?, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL); |
|
#endif |
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "accept_rtadv", |
CTLTYPE_INT, "accept_rtadv", |
Line 1680 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1613 sysctl_net_inet6_ip6_setup(struct sysctl |
|
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "log_interval", |
CTLTYPE_INT, "log_interval", |
SYSCTL_DESCR("Minumum interval between logging " |
SYSCTL_DESCR("Minimum interval between logging " |
"unroutable packets"), |
"unroutable packets"), |
NULL, 0, &ip6_log_interval, 0, |
NULL, 0, &ip6_log_interval, 0, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |
CTL_NET, PF_INET6, IPPROTO_IPV6, |