| version 1.22.2.5, 2002/02/26 20:14:36 |
version 1.26, 2000/08/26 11:03:46 |
|
|
| #include <netinet6/ip6_fw.h> |
#include <netinet6/ip6_fw.h> |
| #endif |
#endif |
| |
|
| #ifdef IPSEC |
|
| #include <netinet6/ipsec.h> |
|
| #endif |
|
| |
|
| #include <netinet6/ip6protosw.h> |
#include <netinet6/ip6protosw.h> |
| |
|
| /* we need it for NLOOP. */ |
/* we need it for NLOOP. */ |
|
|
| * in the list may have previously cleared it. |
* in the list may have previously cleared it. |
| */ |
*/ |
| m0 = m; |
m0 = m; |
| #ifdef IPSEC |
pfh = pfil_hook_get(PFIL_IN, &inetsw[ip_protox[IPPROTO_IPV6]].pr_pfh); |
| if (ipsec_gethist(m, NULL)) |
|
| pfh = NULL; |
|
| else |
|
| pfh = pfil_hook_get(PFIL_IN, |
|
| &inet6sw[ip6_protox[IPPROTO_IPV6]].pr_pfh); |
|
| #else |
|
| pfh = pfil_hook_get(PFIL_IN, &inet6sw[ip6_protox[IPPROTO_IPV6]].pr_pfh); |
|
| #endif |
|
| for (; pfh; pfh = pfh->pfil_link.tqe_next) |
for (; pfh; pfh = pfh->pfil_link.tqe_next) |
| if (pfh->pfil_func) { |
if (pfh->pfil_func) { |
| rv = pfh->pfil_func(ip6, sizeof(*ip6), |
rv = pfh->pfil_func(ip6, sizeof(*ip6), |
|
|
| (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 && |
(ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 && |
| IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, |
IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, |
| &ip6_forward_rt.ro_dst.sin6_addr)) |
&ip6_forward_rt.ro_dst.sin6_addr)) |
| ; /* cache hit */ |
ip6stat.ip6s_forward_cachehit++; |
| else { |
else { |
| if (ip6_forward_rt.ro_rt) { |
if (ip6_forward_rt.ro_rt) { |
| /* route is down or destination is different */ |
/* route is down or destination is different */ |
| |
ip6stat.ip6s_forward_cachemiss++; |
| RTFREE(ip6_forward_rt.ro_rt); |
RTFREE(ip6_forward_rt.ro_rt); |
| ip6_forward_rt.ro_rt = 0; |
ip6_forward_rt.ro_rt = 0; |
| } |
} |
|
|
| return; |
return; |
| } |
} |
| |
|
| |
ip6 = mtod(m, struct ip6_hdr *); |
| |
|
| |
/* |
| |
* Malicious party may be able to use IPv4 mapped addr to confuse |
| |
* tcp/udp stack and bypass security checks (act as if it was from |
| |
* 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. |
| |
* |
| |
* For SIIT end node behavior, you may want to disable the check. |
| |
* However, you will become vulnerable to attacks using IPv4 mapped |
| |
* source. |
| |
*/ |
| |
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
| |
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
| |
ip6stat.ip6s_badscope++; |
| |
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); |
| |
goto bad; |
| |
} |
| |
|
| /* |
/* |
| * Tell launch routine the next header |
* Tell launch routine the next header |
| */ |
*/ |
|
|
| goto bad; |
goto bad; |
| } |
} |
| |
|
| #ifdef IPSEC |
|
| /* |
|
| * enforce IPsec policy checking if we are seeing last header. |
|
| * note that we do not visit this with protocols with pcb layer |
|
| * code - like udp/tcp/raw ip. |
|
| */ |
|
| if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && |
|
| ipsec6_in_reject(m, NULL)) { |
|
| ipsec6stat.in_polvio++; |
|
| goto bad; |
|
| } |
|
| #endif |
|
| |
|
| nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
| } |
} |
| return; |
return; |
| Line 1359 u_char inet6ctlerrmap[PRC_NCMDS] = { |
|
| Line 1353 u_char inet6ctlerrmap[PRC_NCMDS] = { |
|
| ENOPROTOOPT |
ENOPROTOOPT |
| }; |
}; |
| |
|
| #include <vm/vm.h> |
#include <uvm/uvm_extern.h> |
| #include <sys/sysctl.h> |
#include <sys/sysctl.h> |
| |
|
| int |
int |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip6_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet6