src/sys/netinet6/ip6_input.c - diff

Return to ip6_input.c CVS log

Up to [cvs.NetBSD.org] / src / sys / netinet6

Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.

Diff for /src/sys/netinet6/ip6_input.c between version 1.37.2.7 and 1.39

version 1.37.2.7, 2001/11/14 19:18:09

version 1.39, 2001/03/21 19:12:56

Line 1

/* $NetBSD$ */

/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */

/* $KAME: ip6_input.c,v 1.183 2001/03/01 15:15:23 itojun Exp $ */

Line 65

* @(#)ip_input.c 8.2 (Berkeley) 1/4/94

#include <sys/cdefs.h>

__KERNEL_RCSID(0, "$NetBSD$");

#include "opt_inet.h"

#include "opt_ipsec.h"

#include "opt_pfil_hooks.h"

Line 84 __KERNEL_RCSID(0, "$NetBSD$");

Line 81 __KERNEL_RCSID(0, "$NetBSD$");

#include <sys/time.h>

#include <sys/kernel.h>

#include <sys/syslog.h>

#include <sys/lwp.h>

#include <sys/proc.h>

#include <sys/sysctl.h>

#include <net/if.h>

#include <net/if_types.h>

Line 102 __KERNEL_RCSID(0, "$NetBSD$");

Line 97 __KERNEL_RCSID(0, "$NetBSD$");

#ifdef INET

#include <netinet/ip.h>

#include <netinet/ip_icmp.h>

#endif /* INET */

#endif /*INET*/

#include <netinet/ip6.h>

#include <netinet6/in6_var.h>

#include <netinet6/ip6_var.h>

Line 121 __KERNEL_RCSID(0, "$NetBSD$");

Line 116 __KERNEL_RCSID(0, "$NetBSD$");

/* we need it for NLOOP. */

#include "loop.h"

#include "faith.h"

#include "gif.h"

#include "bpfilter.h"

Line 220 ip6intr()

Line 216 ip6intr()

struct mbuf *m;

for (;;) {

s = splnet();

s = splimp();

IF_DEQUEUE(&ip6intrq, m);

splx(s);

if (m == 0)

Line 254 ip6_input(m)

Line 250 ip6_input(m)

#endif

* mbuf statistics

* mbuf statistics by kazu

if (m->m_flags & M_EXT) {

if (m->m_next)

Line 262 ip6_input(m)

Line 258 ip6_input(m)

else

ip6stat.ip6s_mext1++;

} else {

#define M2MMAX (sizeof(ip6stat.ip6s_m2m)/sizeof(ip6stat.ip6s_m2m[0]))

if (m->m_next) {

if (m->m_flags & M_LOOP) {

ip6stat.ip6s_m2m[loif[0].if_index]++; /* XXX */

ip6stat.ip6s_m2m[loif[0].if_index]++; /*XXX*/

} else if (m->m_pkthdr.rcvif->if_index < M2MMAX)

} else if (m->m_pkthdr.rcvif->if_index <= 31)

ip6stat.ip6s_m2m[m->m_pkthdr.rcvif->if_index]++;

else

ip6stat.ip6s_m2m[0]++;

} else

ip6stat.ip6s_m1++;

#undef M2MMAX

}

in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive);

Line 314 ip6_input(m)

Line 308 ip6_input(m)

* not the decapsulated packet.

#ifdef IPSEC

if (!ipsec_getnhist(m))

if (!ipsec_gethist(m, NULL))

#else

if (1)

#endif

Line 328 ip6_input(m)

Line 322 ip6_input(m)

}

#endif /* PFIL_HOOKS */

ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;

#ifdef ALTQ

/* XXX Temporary until ALTQ is changed to use a pfil hook */

if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) {

/* packet is dropped by traffic conditioner */

return;

Line 338 ip6_input(m)

Line 334 ip6_input(m)

#endif

* Check against address spoofing/corruption.

* Scope check

if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) ||

IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) {

Line 347 ip6_input(m)

Line 343 ip6_input(m)

goto bad;

}

* The following check is not documented in specs. A malicious

* The following check is not documented in the spec. Malicious party

* party may be able to use IPv4 mapped addr to confuse tcp/udp stack

* may be able to use IPv4 mapped addr to confuse tcp/udp stack and

* and bypass security checks (act as if it was from 127.0.0.1 by using

* bypass security checks (act as if it was from 127.0.0.1 by using

* IPv6 src ::ffff:127.0.0.1). Be cautious.

* This check chokes if we are in an SIIT cloud. As none of BSDs

* This check chokes if we are in SIIT cloud. As none of BSDs support

* support IPv4-less kernel compilation, we cannot support SIIT

* IPv4-less kernel compilation, we cannot support SIIT environment

* environment at all. So, it makes more sense for us to reject any

* at all. So, it makes more sense for us to reject any malicious

* malicious packets for non-SIIT environment, than try to do a

* packets for non-SIIT environment, than try to do a partical support

* partical support for SIIT environment.

* for SIIT environment.

if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||

IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {

Line 406 ip6_input(m)

Line 402 ip6_input(m)

goto bad;

}

#ifndef FAKE_LOOPBACK_IF

if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0)

#else

if (1)

#endif

{

if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))

ip6->ip6_src.s6_addr16[1]

= htons(m->m_pkthdr.rcvif->if_index);

if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))

ip6->ip6_dst.s6_addr16[1]

= htons(m->m_pkthdr.rcvif->if_index);

}

if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))

ip6->ip6_src.s6_addr16[1]

* XXX we need this since we do not have "goto ours" hack route

= htons(m->m_pkthdr.rcvif->if_index);

* for some of our ifaddrs on loopback interface.

if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))

* we should correct it by changing in6_ifattach to install

ip6->ip6_dst.s6_addr16[1]

* "goto ours" hack route.

= htons(m->m_pkthdr.rcvif->if_index);

if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) != 0) {

if (IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_dst)) {

* We use rt->rt_ifp to determine if the address is ours or not.

ours = 1;

* If rt_ifp is lo0, the address is ours.

deliverifp = m->m_pkthdr.rcvif;

* The problem here is, rt->rt_ifp for fe80::%lo0/64 is set to lo0,

goto hbhcheck;

* so any address under fe80::%lo0/64 will be mistakenly considered

* local. The special case is supplied to handle the case properly

* by actually looking at interface addresses

* (using in6ifa_ifpwithaddr).

if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) != 0 &&

IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_dst)) {

if (!in6ifa_ifpwithaddr(m->m_pkthdr.rcvif, &ip6->ip6_dst)) {

icmp6_error(m, ICMP6_DST_UNREACH,

ICMP6_DST_UNREACH_ADDR, 0);

/* m is already freed */

return;

}

ours = 1;

deliverifp = m->m_pkthdr.rcvif;

goto hbhcheck;

}

Line 545 ip6_input(m)

Line 539 ip6_input(m)

&& ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_FAITH) {

/* XXX do we need more sanity checks? */

ours = 1;

deliverifp = ip6_forward_rt.ro_rt->rt_ifp; /* faith */

deliverifp = ip6_forward_rt.ro_rt->rt_ifp; /*faith*/

goto hbhcheck;

}

Line 723 ip6_input(m)

Line 717 ip6_input(m)

ip6stat.ip6s_delivered++;

in6_ifstat_inc(deliverifp, ifs6_in_deliver);

nest = 0;

while (nxt != IPPROTO_DONE) {

if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) {

ip6stat.ip6s_toomanyhdr++;

Line 1010 ip6_savecontrol(in6p, mp, ip6, m)

Line 1003 ip6_savecontrol(in6p, mp, ip6, m)

struct ip6_hdr *ip6;

struct mbuf *m;

{

struct proc *p = (curproc ? curproc->l_proc : 0); /* XXX */

struct proc *p = curproc; /* XXX */

int privileged;

privileged = 0;

Line 1325 ip6_nexthdr(m, off, proto, nxtp)

Line 1318 ip6_nexthdr(m, off, proto, nxtp)

if (nxtp)

*nxtp = ip6e.ip6e_nxt;

off += (ip6e.ip6e_len + 2) << 2;

if (m->m_pkthdr.len < off)

return -1;

return off;

case IPPROTO_HOPOPTS:

Line 1338 ip6_nexthdr(m, off, proto, nxtp)

Line 1329 ip6_nexthdr(m, off, proto, nxtp)

if (nxtp)

*nxtp = ip6e.ip6e_nxt;

off += (ip6e.ip6e_len + 1) << 3;

if (m->m_pkthdr.len < off)

return -1;

return off;

case IPPROTO_NONE:

Line 1399 u_char inet6ctlerrmap[PRC_NCMDS] = {

Line 1388 u_char inet6ctlerrmap[PRC_NCMDS] = {

ENOPROTOOPT

};

#include <uvm/uvm_extern.h>

#include <sys/sysctl.h>

int

ip6_sysctl(name, namelen, oldp, oldlenp, newp, newlen)

int *name;

Line 1456 ip6_sysctl(name, namelen, oldp, oldlenp,

Line 1448 ip6_sysctl(name, namelen, oldp, oldlenp,

&ip6_use_deprecated);

case IPV6CTL_RR_PRUNE:

return sysctl_int(oldp, oldlenp, newp, newlen, &ip6_rr_prune);

case IPV6CTL_V6ONLY:

#ifndef INET6_BINDV6ONLY

#ifdef INET6_BINDV6ONLY

case IPV6CTL_BINDV6ONLY:

return sysctl_rdint(oldp, oldlenp, newp, ip6_v6only);

return sysctl_int(oldp, oldlenp, newp, newlen,

#else

&ip6_bindv6only);

return sysctl_int(oldp, oldlenp, newp, newlen, &ip6_v6only);

#endif

case IPV6CTL_ANONPORTMIN:

old = ip6_anonportmin;

CVSweb <webmaster@jp.NetBSD.org>