| version 1.8.2.3, 2001/01/05 17:36:56 |
version 1.22.2.2, 2000/08/27 01:25:08 |
|
|
| /* $NetBSD$ */ |
/* $NetBSD$ */ |
| /* $KAME: ip6_input.c,v 1.121 2000/08/31 06:07:29 itojun Exp $ */ |
/* $KAME: ip6_input.c,v 1.119 2000/08/26 10:00:45 itojun Exp $ */ |
| |
|
| /* |
/* |
| * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
| Line 140 ip6_fw_chk_t *ip6_fw_chk_ptr; |
|
| Line 140 ip6_fw_chk_t *ip6_fw_chk_ptr; |
|
| ip6_fw_ctl_t *ip6_fw_ctl_ptr; |
ip6_fw_ctl_t *ip6_fw_ctl_ptr; |
| #endif |
#endif |
| |
|
| #ifdef PFIL_HOOKS |
|
| struct pfil_head inet6_pfil_hook; |
|
| #endif |
|
| |
|
| struct ip6stat ip6stat; |
struct ip6stat ip6stat; |
| |
|
| static void ip6_init2 __P((void *)); |
static void ip6_init2 __P((void *)); |
|
|
| ip6_flow_seq = random() ^ tv.tv_usec; |
ip6_flow_seq = random() ^ tv.tv_usec; |
| |
|
| ip6_init2((void *)0); |
ip6_init2((void *)0); |
| |
|
| #ifdef PFIL_HOOKS |
|
| /* Register our Packet Filter hook. */ |
|
| inet6_pfil_hook.ph_type = PFIL_TYPE_AF; |
|
| inet6_pfil_hook.ph_af = AF_INET6; |
|
| i = pfil_head_register(&inet6_pfil_hook); |
|
| if (i != 0) |
|
| printf("ip6_init: WARNING: unable to register pfil hook, " |
|
| "error %d\n", i); |
|
| #endif /* PFIL_HOOKS */ |
|
| } |
} |
| |
|
| static void |
static void |
|
|
| u_int32_t rtalert = ~0; |
u_int32_t rtalert = ~0; |
| int nxt, ours = 0; |
int nxt, ours = 0; |
| struct ifnet *deliverifp = NULL; |
struct ifnet *deliverifp = NULL; |
| |
#ifdef PFIL_HOOKS |
| |
struct packet_filter_hook *pfh; |
| |
struct mbuf *m0; |
| |
int rv; |
| |
#endif /* PFIL_HOOKS */ |
| |
|
| #ifdef IPSEC |
#ifdef IPSEC |
| /* |
/* |
|
|
| * Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
| * in the list may have previously cleared it. |
* in the list may have previously cleared it. |
| */ |
*/ |
| if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, |
m0 = m; |
| PFIL_IN) != 0) |
pfh = pfil_hook_get(PFIL_IN, &inetsw[ip_protox[IPPROTO_IPV6]].pr_pfh); |
| return; |
for (; pfh; pfh = pfh->pfil_link.tqe_next) |
| if (m == NULL) |
if (pfh->pfil_func) { |
| return; |
rv = pfh->pfil_func(ip6, sizeof(*ip6), |
| ip6 = mtod(m, struct ip6_hdr *); |
m->m_pkthdr.rcvif, 0, &m0); |
| |
if (rv) |
| |
return; |
| |
m = m0; |
| |
if (m == NULL) |
| |
return; |
| |
ip6 = mtod(m, struct ip6_hdr *); |
| |
} |
| #endif /* PFIL_HOOKS */ |
#endif /* PFIL_HOOKS */ |
| |
|
| |
|
|
|
| } |
} |
| #endif |
#endif |
| |
|
| #ifdef ALTQ |
|
| /* XXX Temporary until ALTQ is changed to use a pfil hook */ |
|
| if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) { |
|
| /* packet is dropped by traffic conditioner */ |
|
| return; |
|
| } |
|
| #endif |
|
| |
|
| /* |
/* |
| * Scope check |
* Scope check |
| */ |
*/ |
|
|
| (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 && |
(ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 && |
| IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, |
IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, |
| &ip6_forward_rt.ro_dst.sin6_addr)) |
&ip6_forward_rt.ro_dst.sin6_addr)) |
| ip6stat.ip6s_forward_cachehit++; |
; /* cache hit */ |
| else { |
else { |
| if (ip6_forward_rt.ro_rt) { |
if (ip6_forward_rt.ro_rt) { |
| /* route is down or destination is different */ |
/* route is down or destination is different */ |
| ip6stat.ip6s_forward_cachemiss++; |
|
| RTFREE(ip6_forward_rt.ro_rt); |
RTFREE(ip6_forward_rt.ro_rt); |
| ip6_forward_rt.ro_rt = 0; |
ip6_forward_rt.ro_rt = 0; |
| } |
} |
|
|
| } else { |
} else { |
| /* address is not ready, so discard the packet. */ |
/* address is not ready, so discard the packet. */ |
| log(LOG_INFO, |
log(LOG_INFO, |
| "ip6_input: packet to an unready address %s->%s\n", |
"ip6_input: packet to an unready address %s->%s", |
| ip6_sprintf(&ip6->ip6_src), |
ip6_sprintf(&ip6->ip6_src), |
| ip6_sprintf(&ip6->ip6_dst)); |
ip6_sprintf(&ip6->ip6_dst)); |
| |
|
|
|
| return; |
return; |
| } |
} |
| |
|
| ip6 = mtod(m, struct ip6_hdr *); |
|
| |
|
| /* |
|
| * Malicious party may be able to use IPv4 mapped addr to confuse |
|
| * tcp/udp stack and bypass security checks (act as if it was from |
|
| * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious. |
|
| * |
|
| * For SIIT end node behavior, you may want to disable the check. |
|
| * However, you will become vulnerable to attacks using IPv4 mapped |
|
| * source. |
|
| */ |
|
| if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
|
| IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
|
| ip6stat.ip6s_badscope++; |
|
| in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr); |
|
| goto bad; |
|
| } |
|
| |
|
| /* |
/* |
| * Tell launch routine the next header |
* Tell launch routine the next header |
| */ |
*/ |
| #ifdef IFA_STATS |
#ifdef IFA_STATS |
| if (deliverifp != NULL) { |
if (IFA_STATS && deliverifp != NULL) { |
| struct in6_ifaddr *ia6; |
struct in6_ifaddr *ia6; |
| ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); |
ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst); |
| if (ia6) |
if (ia6) |
| Line 838 ip6_process_hopopts(m, opthead, hbhlen, |
|
| Line 809 ip6_process_hopopts(m, opthead, hbhlen, |
|
| if (*(opt + 1) != IP6OPT_JUMBO_LEN - 2) |
if (*(opt + 1) != IP6OPT_JUMBO_LEN - 2) |
| /* XXX: should we discard the packet? */ |
/* XXX: should we discard the packet? */ |
| log(LOG_ERR, "length of jumbopayload opt " |
log(LOG_ERR, "length of jumbopayload opt " |
| "is inconsistent(%d)\n", |
"is inconsistent(%d)", |
| *(opt + 1)); |
*(opt + 1)); |
| optlen = IP6OPT_JUMBO_LEN; |
optlen = IP6OPT_JUMBO_LEN; |
| |
|
| Line 1363 u_char inet6ctlerrmap[PRC_NCMDS] = { |
|
| Line 1334 u_char inet6ctlerrmap[PRC_NCMDS] = { |
|
| ENOPROTOOPT |
ENOPROTOOPT |
| }; |
}; |
| |
|
| #include <uvm/uvm_extern.h> |
#include <vm/vm.h> |
| #include <sys/sysctl.h> |
#include <sys/sysctl.h> |
| |
|
| int |
int |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip6_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet6