| version 1.78.2.2, 2006/12/30 20:50:38 |
version 1.78.2.3, 2007/02/26 09:11:52 |
| Line 112 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| Line 112 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| #include <netinet6/ipsec.h> |
#include <netinet6/ipsec.h> |
| #endif |
#endif |
| |
|
| |
#ifdef FAST_IPSEC |
| |
#include <netipsec/ipsec.h> |
| |
#include <netipsec/ipsec6.h> |
| |
#include <netipsec/key.h> |
| |
#endif /* FAST_IPSEC */ |
| |
|
| #include <netinet6/ip6protosw.h> |
#include <netinet6/ip6protosw.h> |
| |
|
| #include "faith.h" |
#include "faith.h" |
|
|
| extern struct route_in6 ip6_forward_rt; |
extern struct route_in6 ip6_forward_rt; |
| |
|
| void |
void |
| ip6_input(m) |
ip6_input(struct mbuf *m) |
| struct mbuf *m; |
|
| { |
{ |
| struct ip6_hdr *ip6; |
struct ip6_hdr *ip6; |
| int off = sizeof(struct ip6_hdr), nest; |
int off = sizeof(struct ip6_hdr), nest; |
|
|
| int nxt, ours = 0; |
int nxt, ours = 0; |
| struct ifnet *deliverifp = NULL; |
struct ifnet *deliverifp = NULL; |
| int srcrt = 0; |
int srcrt = 0; |
| |
#ifdef FAST_IPSEC |
| |
struct m_tag *mtag; |
| |
struct tdb_ident *tdbi; |
| |
struct secpolicy *sp; |
| |
int s, error; |
| |
#endif |
| |
|
| #ifdef IPSEC |
#ifdef IPSEC |
| /* |
/* |
|
|
| else |
else |
| ip6stat.ip6s_mext1++; |
ip6stat.ip6s_mext1++; |
| } else { |
} else { |
| #define M2MMAX (sizeof(ip6stat.ip6s_m2m)/sizeof(ip6stat.ip6s_m2m[0])) |
#define M2MMAX __arraycount(ip6stat.ip6s_m2m) |
| if (m->m_next) { |
if (m->m_next) { |
| if (m->m_flags & M_LOOP) { |
if (m->m_flags & M_LOOP) { |
| ip6stat.ip6s_m2m[lo0ifp->if_index]++; /* XXX */ |
ip6stat.ip6s_m2m[lo0ifp->if_index]++; /* XXX */ |
|
|
| */ |
*/ |
| #ifdef IPSEC |
#ifdef IPSEC |
| if (!ipsec_getnhist(m)) |
if (!ipsec_getnhist(m)) |
| |
#elif defined(FAST_IPSEC) |
| |
if (!ipsec_indone(m)) |
| #else |
#else |
| if (1) |
if (1) |
| #endif |
#endif |
|
|
| * Unicast check |
* Unicast check |
| */ |
*/ |
| if (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, |
if (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, |
| &((struct sockaddr_in6 *)(&ip6_forward_rt.ro_dst))->sin6_addr)) |
&((const struct sockaddr_in6 *)rtcache_getdst((const struct route *)&ip6_forward_rt))->sin6_addr)) |
| rtcache_free((struct route *)&ip6_forward_rt); |
rtcache_free((struct route *)&ip6_forward_rt); |
| else |
else |
| rtcache_check((struct route *)&ip6_forward_rt); |
rtcache_check((struct route *)&ip6_forward_rt); |
|
|
| |
|
| ip6stat.ip6s_forward_cachemiss++; |
ip6stat.ip6s_forward_cachemiss++; |
| |
|
| bzero(&ip6_forward_rt.ro_dst, sizeof(struct sockaddr_in6)); |
dst6 = &ip6_forward_rt.ro_dst; |
| dst6 = (struct sockaddr_in6 *)&ip6_forward_rt.ro_dst; |
memset(dst6, 0, sizeof(*dst6)); |
| dst6->sin6_len = sizeof(struct sockaddr_in6); |
dst6->sin6_len = sizeof(struct sockaddr_in6); |
| dst6->sin6_family = AF_INET6; |
dst6->sin6_family = AF_INET6; |
| dst6->sin6_addr = ip6->ip6_dst; |
dst6->sin6_addr = ip6->ip6_dst; |
|
|
| goto bad; |
goto bad; |
| } |
} |
| #endif |
#endif |
| |
#ifdef FAST_IPSEC |
| |
/* |
| |
* enforce IPsec policy checking if we are seeing last header. |
| |
* note that we do not visit this with protocols with pcb layer |
| |
* code - like udp/tcp/raw ip. |
| |
*/ |
| |
if ((inet6sw[ip_protox[nxt]].pr_flags & PR_LASTHDR) != 0) { |
| |
/* |
| |
* Check if the packet has already had IPsec processing |
| |
* done. If so, then just pass it along. This tag gets |
| |
* set during AH, ESP, etc. input handling, before the |
| |
* packet is returned to the ip input queue for delivery. |
| |
*/ |
| |
mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); |
| |
s = splsoftnet(); |
| |
if (mtag != NULL) { |
| |
tdbi = (struct tdb_ident *)(mtag + 1); |
| |
sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); |
| |
} else { |
| |
sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, |
| |
IP_FORWARDING, &error); |
| |
} |
| |
if (sp != NULL) { |
| |
/* |
| |
* Check security policy against packet attributes. |
| |
*/ |
| |
error = ipsec_in_reject(sp, m); |
| |
KEY_FREESP(&sp); |
| |
} else { |
| |
/* XXX error stat??? */ |
| |
error = EINVAL; |
| |
DPRINTF(("ip6_input: no SP, packet discarded\n"));/*XXX*/ |
| |
goto bad; |
| |
} |
| |
splx(s); |
| |
if (error) |
| |
goto bad; |
| |
} |
| |
#endif /* FAST_IPSEC */ |
| |
|
| |
|
| nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
| } |
} |
| Line 1244 ip6_savecontrol(in6p, mp, ip6, m) |
|
| Line 1297 ip6_savecontrol(in6p, mp, ip6, m) |
|
| |
|
| |
|
| void |
void |
| ip6_notify_pmtu(struct in6pcb *in6p, struct sockaddr_in6 *dst, uint32_t *mtu) |
ip6_notify_pmtu(struct in6pcb *in6p, const struct sockaddr_in6 *dst, |
| |
uint32_t *mtu) |
| { |
{ |
| struct socket *so; |
struct socket *so; |
| struct mbuf *m_mtu; |
struct mbuf *m_mtu; |
| Line 1270 ip6_notify_pmtu(struct in6pcb *in6p, str |
|
| Line 1324 ip6_notify_pmtu(struct in6pcb *in6p, str |
|
| IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) |
IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) |
| return; |
return; |
| |
|
| if (sbappendaddr(&so->so_rcv, (struct sockaddr *)dst, NULL, m_mtu) |
if (sbappendaddr(&so->so_rcv, (const struct sockaddr *)dst, NULL, m_mtu) |
| == 0) { |
== 0) { |
| m_freem(m_mtu); |
m_freem(m_mtu); |
| /* XXX: should count statistics */ |
/* XXX: should count statistics */ |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip6_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet6