version 1.8.2.4, 2001/02/11 19:17:25 |
version 1.41, 2001/04/13 23:30:26 |
|
|
/* $NetBSD$ */ |
/* $NetBSD$ */ |
/* $KAME: ip6_input.c,v 1.174 2001/02/09 06:17:41 jinmei Exp $ */ |
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ |
|
|
/* |
/* |
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
|
|
#include <netinet6/nd6.h> |
#include <netinet6/nd6.h> |
#include <netinet6/in6_prefix.h> |
#include <netinet6/in6_prefix.h> |
|
|
|
#ifdef IPSEC |
|
#include <netinet6/ipsec.h> |
|
#endif |
|
|
#include <netinet6/ip6protosw.h> |
#include <netinet6/ip6protosw.h> |
|
|
/* we need it for NLOOP. */ |
/* we need it for NLOOP. */ |
|
|
struct mbuf *m; |
struct mbuf *m; |
|
|
for (;;) { |
for (;;) { |
s = splimp(); |
s = splnet(); |
IF_DEQUEUE(&ip6intrq, m); |
IF_DEQUEUE(&ip6intrq, m); |
splx(s); |
splx(s); |
if (m == 0) |
if (m == 0) |
|
|
else |
else |
ip6stat.ip6s_mext1++; |
ip6stat.ip6s_mext1++; |
} else { |
} else { |
|
#define M2MMAX (sizeof(ip6stat.ip6s_m2m)/sizeof(ip6stat.ip6s_m2m[0])) |
if (m->m_next) { |
if (m->m_next) { |
if (m->m_flags & M_LOOP) { |
if (m->m_flags & M_LOOP) { |
ip6stat.ip6s_m2m[loif[0].if_index]++; /*XXX*/ |
ip6stat.ip6s_m2m[loif[0].if_index]++; /*XXX*/ |
} else if (m->m_pkthdr.rcvif->if_index <= 31) |
} else if (m->m_pkthdr.rcvif->if_index < M2MMAX) |
ip6stat.ip6s_m2m[m->m_pkthdr.rcvif->if_index]++; |
ip6stat.ip6s_m2m[m->m_pkthdr.rcvif->if_index]++; |
else |
else |
ip6stat.ip6s_m2m[0]++; |
ip6stat.ip6s_m2m[0]++; |
} else |
} else |
ip6stat.ip6s_m1++; |
ip6stat.ip6s_m1++; |
|
#undef M2MMAX |
} |
} |
|
|
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive); |
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive); |
|
|
* Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
* in the list may have previously cleared it. |
* in the list may have previously cleared it. |
*/ |
*/ |
if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, |
/* |
PFIL_IN) != 0) |
* let ipfilter look at packet on the wire, |
return; |
* not the decapsulated packet. |
if (m == NULL) |
*/ |
return; |
#ifdef IPSEC |
ip6 = mtod(m, struct ip6_hdr *); |
if (!ipsec_gethist(m, NULL)) |
|
#else |
|
if (1) |
|
#endif |
|
{ |
|
if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, |
|
PFIL_IN) != 0) |
|
return; |
|
if (m == NULL) |
|
return; |
|
ip6 = mtod(m, struct ip6_hdr *); |
|
} |
#endif /* PFIL_HOOKS */ |
#endif /* PFIL_HOOKS */ |
|
|
|
|
|
|
} |
} |
} |
} |
|
|
#ifndef FAKE_LOOPBACK_IF |
/* drop packets if interface ID portion is already filled */ |
if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) |
if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) { |
#else |
if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src) && |
if (1) |
ip6->ip6_src.s6_addr16[1]) { |
#endif |
ip6stat.ip6s_badscope++; |
{ |
goto bad; |
if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) |
} |
ip6->ip6_src.s6_addr16[1] |
if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst) && |
= htons(m->m_pkthdr.rcvif->if_index); |
ip6->ip6_dst.s6_addr16[1]) { |
if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) |
ip6stat.ip6s_badscope++; |
ip6->ip6_dst.s6_addr16[1] |
goto bad; |
= htons(m->m_pkthdr.rcvif->if_index); |
} |
} |
} |
|
|
/* |
if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src)) |
* XXX we need this since we do not have "goto ours" hack route |
ip6->ip6_src.s6_addr16[1] |
* for some of our ifaddrs on loopback interface. |
= htons(m->m_pkthdr.rcvif->if_index); |
* we should correct it by changing in6_ifattach to install |
if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) |
* "goto ours" hack route. |
ip6->ip6_dst.s6_addr16[1] |
*/ |
= htons(m->m_pkthdr.rcvif->if_index); |
if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) != 0) { |
|
if (IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_dst)) { |
/* |
ours = 1; |
* We use rt->rt_ifp to determine if the address is ours or not. |
deliverifp = m->m_pkthdr.rcvif; |
* If rt_ifp is lo0, the address is ours. |
goto hbhcheck; |
* The problem here is, rt->rt_ifp for fe80::%lo0/64 is set to lo0, |
|
* so any address under fe80::%lo0/64 will be mistakenly considered |
|
* local. The special case is supplied to handle the case properly |
|
* by actually looking at interface addresses |
|
* (using in6ifa_ifpwithaddr). |
|
*/ |
|
if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) != 0 && |
|
IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_dst)) { |
|
if (!in6ifa_ifpwithaddr(m->m_pkthdr.rcvif, &ip6->ip6_dst)) { |
|
icmp6_error(m, ICMP6_DST_UNREACH, |
|
ICMP6_DST_UNREACH_ADDR, 0); |
|
/* m is already freed */ |
|
return; |
} |
} |
|
|
|
ours = 1; |
|
deliverifp = m->m_pkthdr.rcvif; |
|
goto hbhcheck; |
} |
} |
|
|
/* |
/* |
|
|
ip6stat.ip6s_delivered++; |
ip6stat.ip6s_delivered++; |
in6_ifstat_inc(deliverifp, ifs6_in_deliver); |
in6_ifstat_inc(deliverifp, ifs6_in_deliver); |
nest = 0; |
nest = 0; |
|
|
while (nxt != IPPROTO_DONE) { |
while (nxt != IPPROTO_DONE) { |
if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { |
if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { |
ip6stat.ip6s_toomanyhdr++; |
ip6stat.ip6s_toomanyhdr++; |
|
|
goto bad; |
goto bad; |
} |
} |
|
|
|
#ifdef IPSEC |
|
/* |
|
* enforce IPsec policy checking if we are seeing last header. |
|
* note that we do not visit this with protocols with pcb layer |
|
* code - like udp/tcp/raw ip. |
|
*/ |
|
if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 && |
|
ipsec6_in_reject(m, NULL)) { |
|
ipsec6stat.in_polvio++; |
|
goto bad; |
|
} |
|
#endif |
|
|
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); |
} |
} |
return; |
return; |
Line 1162 ip6_savecontrol(in6p, mp, ip6, m) |
|
Line 1209 ip6_savecontrol(in6p, mp, ip6, m) |
|
nxt = ip6e->ip6e_nxt; |
nxt = ip6e->ip6e_nxt; |
} |
} |
loopend: |
loopend: |
|
; |
} |
} |
if ((in6p->in6p_flags & IN6P_HOPOPTS) && privileged) { |
if ((in6p->in6p_flags & IN6P_HOPOPTS) && privileged) { |
/* to be done */ |
/* to be done */ |