Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v retrieving revision 1.94.2.5 retrieving revision 1.95 diff -u -p -r1.94.2.5 -r1.95 --- src/sys/netinet6/ip6_input.c 2007/05/17 13:41:51 1.94.2.5 +++ src/sys/netinet6/ip6_input.c 2007/02/17 22:34:13 1.95 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.94.2.5 2007/05/17 13:41:51 yamt Exp $ */ +/* $NetBSD: ip6_input.c,v 1.95 2007/02/17 22:34:13 dyoung Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.94.2.5 2007/05/17 13:41:51 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.95 2007/02/17 22:34:13 dyoung Exp $"); #include "opt_inet.h" #include "opt_inet6.h" @@ -182,9 +182,6 @@ ip6_init() ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; ip6_init2((void *)0); -#ifdef GATEWAY - ip6flow_init(ip6_hashsize); -#endif #ifdef PFIL_HOOKS /* Register our Packet Filter hook. */ @@ -237,23 +234,19 @@ ip6intr() } } -extern struct route ip6_forward_rt; +extern struct route_in6 ip6_forward_rt; void -ip6_input(struct mbuf *m) +ip6_input(m) + struct mbuf *m; { struct ip6_hdr *ip6; - int hit, off = sizeof(struct ip6_hdr), nest; + int off = sizeof(struct ip6_hdr), nest; u_int32_t plen; u_int32_t rtalert = ~0; - int nxt, ours = 0, rh_present = 0; + int nxt, ours = 0; struct ifnet *deliverifp = NULL; int srcrt = 0; - const struct rtentry *rt; - union { - struct sockaddr dst; - struct sockaddr_in6 dst6; - } u; #ifdef FAST_IPSEC struct m_tag *mtag; struct tdb_ident *tdbi; @@ -284,7 +277,7 @@ ip6_input(struct mbuf *m) else ip6stat.ip6s_mext1++; } else { -#define M2MMAX __arraycount(ip6stat.ip6s_m2m) +#define M2MMAX (sizeof(ip6stat.ip6s_m2m)/sizeof(ip6stat.ip6s_m2m[0])) if (m->m_next) { if (m->m_flags & M_LOOP) { ip6stat.ip6s_m2m[lo0ifp->if_index]++; /* XXX */ @@ -306,7 +299,7 @@ ip6_input(struct mbuf *m) * it. Otherwise, if it is aligned, make sure the entire base * IPv6 header is in the first mbuf of the chain. */ - if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { + if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) { struct ifnet *inifp = m->m_pkthdr.rcvif; if ((m = m_copyup(m, sizeof(struct ip6_hdr), (max_linkhdr + 3) & ~3)) == NULL) { @@ -332,17 +325,6 @@ ip6_input(struct mbuf *m) goto bad; } -#if defined(IPSEC) - /* IPv6 fast forwarding is not compatible with IPsec. */ - m->m_flags &= ~M_CANFASTFWD; -#else - /* - * Assume that we can create a fast-forward IP flow entry - * based on this packet. - */ - m->m_flags |= M_CANFASTFWD; -#endif - #ifdef PFIL_HOOKS /* * Run through list of hooks for input packets. If there are any @@ -479,17 +461,31 @@ ip6_input(struct mbuf *m) goto hbhcheck; } - sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); - /* * Unicast check */ - rt = rtcache_lookup2(&ip6_forward_rt, &u.dst, 1, &hit); - if (hit) - ip6stat.ip6s_forward_cachehit++; + if (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, + &((const struct sockaddr_in6 *)rtcache_getdst((const struct route *)&ip6_forward_rt))->sin6_addr)) + rtcache_free((struct route *)&ip6_forward_rt); else + rtcache_check((struct route *)&ip6_forward_rt); + if (ip6_forward_rt.ro_rt != NULL) { + /* XXX Revalidated route is accounted wrongly. */ + ip6stat.ip6s_forward_cachehit++; + } else { + struct sockaddr_in6 *dst6; + ip6stat.ip6s_forward_cachemiss++; + dst6 = &ip6_forward_rt.ro_dst; + memset(dst6, 0, sizeof(*dst6)); + dst6->sin6_len = sizeof(struct sockaddr_in6); + dst6->sin6_family = AF_INET6; + dst6->sin6_addr = ip6->ip6_dst; + + rtcache_init((struct route *)&ip6_forward_rt); + } + #define rt6_key(r) ((struct sockaddr_in6 *)((r)->rt_nodes->rn_key)) /* @@ -501,19 +497,22 @@ ip6_input(struct mbuf *m) * But we think it's even useful in some situations, e.g. when using * a special daemon which wants to intercept the packet. */ - if (rt != NULL && - (rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && - !(rt->rt_flags & RTF_CLONED) && + if (ip6_forward_rt.ro_rt != NULL && + (ip6_forward_rt.ro_rt->rt_flags & + (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && + !(ip6_forward_rt.ro_rt->rt_flags & RTF_CLONED) && #if 0 /* * The check below is redundant since the comparison of * the destination and the key of the rtentry has * already done through looking up the routing table. */ - IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_key(rt)->sin6_addr) && + IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, + &rt6_key(ip6_forward_rt.ro_rt)->sin6_addr) && #endif - rt->rt_ifp->if_type == IFT_LOOP) { - struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; + ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) { + struct in6_ifaddr *ia6 = + (struct in6_ifaddr *)ip6_forward_rt.ro_rt->rt_ifa; if (ia6->ia6_flags & IN6_IFF_ANYCAST) m->m_flags |= M_ANYCAST6; /* @@ -541,11 +540,12 @@ ip6_input(struct mbuf *m) */ #if defined(NFAITH) && 0 < NFAITH if (ip6_keepfaith) { - if (rt != NULL && rt->rt_ifp != NULL && - rt->rt_ifp->if_type == IFT_FAITH) { + if (ip6_forward_rt.ro_rt != NULL && + ip6_forward_rt.ro_rt->rt_ifp != NULL && + ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_FAITH) { /* XXX do we need more sanity checks? */ ours = 1; - deliverifp = rt->rt_ifp; /* faith */ + deliverifp = ip6_forward_rt.ro_rt->rt_ifp; /* faith */ goto hbhcheck; } } @@ -640,7 +640,7 @@ ip6_input(struct mbuf *m) in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER, - (char *)&ip6->ip6_plen - (char *)ip6); + (caddr_t)&ip6->ip6_plen - (caddr_t)ip6); return; } IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), @@ -739,11 +739,9 @@ ip6_input(struct mbuf *m) in6_ifstat_inc(deliverifp, ifs6_in_deliver); nest = 0; - rh_present = 0; while (nxt != IPPROTO_DONE) { if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) { ip6stat.ip6s_toomanyhdr++; - in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr); goto bad; } @@ -757,15 +755,6 @@ ip6_input(struct mbuf *m) goto bad; } - if (nxt == IPPROTO_ROUTING) { - if (rh_present++) { - in6_ifstat_inc(m->m_pkthdr.rcvif, - ifs6_in_hdrerr); - ip6stat.ip6s_badoptions++; - goto bad; - } - } - #ifdef IPSEC /* * enforce IPsec policy checking if we are seeing last header. @@ -948,7 +937,7 @@ ip6_process_hopopts(m, opthead, hbhlen, return (-1); } optlen = IP6OPT_RTALERT_LEN; - bcopy((void *)(opt + 2), (void *)&rtalert_val, 2); + bcopy((caddr_t)(opt + 2), (caddr_t)&rtalert_val, 2); *rtalertp = ntohs(rtalert_val); break; case IP6OPT_JUMBO: @@ -1107,7 +1096,7 @@ ip6_savecontrol(in6p, mp, ip6, m) struct timeval tv; microtime(&tv); - *mp = sbcreatecontrol((void *) &tv, sizeof(tv), + *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), SCM_TIMESTAMP, SOL_SOCKET); if (*mp) mp = &(*mp)->m_next; @@ -1126,7 +1115,7 @@ ip6_savecontrol(in6p, mp, ip6, m) in6_clearscope(&pi6.ipi6_addr); /* XXX */ pi6.ipi6_ifindex = m->m_pkthdr.rcvif ? m->m_pkthdr.rcvif->if_index : 0; - *mp = sbcreatecontrol((void *) &pi6, + *mp = sbcreatecontrol((caddr_t) &pi6, sizeof(struct in6_pktinfo), IS2292(IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6); if (*mp) @@ -1136,7 +1125,7 @@ ip6_savecontrol(in6p, mp, ip6, m) if (in6p->in6p_flags & IN6P_HOPLIMIT) { int hlim = ip6->ip6_hlim & 0xff; - *mp = sbcreatecontrol((void *) &hlim, sizeof(int), + *mp = sbcreatecontrol((caddr_t) &hlim, sizeof(int), IS2292(IPV6_2292HOPLIMIT, IPV6_HOPLIMIT), IPPROTO_IPV6); if (*mp) mp = &(*mp)->m_next; @@ -1150,7 +1139,7 @@ ip6_savecontrol(in6p, mp, ip6, m) flowinfo >>= 20; tclass = flowinfo & 0xff; - *mp = sbcreatecontrol((void *)&tclass, sizeof(tclass), + *mp = sbcreatecontrol((caddr_t)&tclass, sizeof(tclass), IPV6_TCLASS, IPPROTO_IPV6); if (*mp) @@ -1198,7 +1187,7 @@ ip6_savecontrol(in6p, mp, ip6, m) * be removed before returning in the RFC 2292. * Note: this constraint is removed in RFC3542. */ - *mp = sbcreatecontrol((void *)hbh, hbhlen, + *mp = sbcreatecontrol((caddr_t)hbh, hbhlen, IS2292(IPV6_2292HOPOPTS, IPV6_HOPOPTS), IPPROTO_IPV6); if (*mp) @@ -1260,7 +1249,7 @@ ip6_savecontrol(in6p, mp, ip6, m) if (!in6p->in6p_flags & IN6P_DSTOPTS) break; - *mp = sbcreatecontrol((void *)ip6e, elen, + *mp = sbcreatecontrol((caddr_t)ip6e, elen, IS2292(IPV6_2292DSTOPTS, IPV6_DSTOPTS), IPPROTO_IPV6); if (*mp) @@ -1271,7 +1260,7 @@ ip6_savecontrol(in6p, mp, ip6, m) if (!in6p->in6p_flags & IN6P_RTHDR) break; - *mp = sbcreatecontrol((void *)ip6e, elen, + *mp = sbcreatecontrol((caddr_t)ip6e, elen, IS2292(IPV6_2292RTHDR, IPV6_RTHDR), IPPROTO_IPV6); if (*mp) @@ -1332,7 +1321,7 @@ ip6_notify_pmtu(struct in6pcb *in6p, con if (sa6_recoverscope(&mtuctl.ip6m_addr)) return; - if ((m_mtu = sbcreatecontrol((void *)&mtuctl, sizeof(mtuctl), + if ((m_mtu = sbcreatecontrol((caddr_t)&mtuctl, sizeof(mtuctl), IPV6_PATHMTU, IPPROTO_IPV6)) == NULL) return; @@ -1372,7 +1361,7 @@ ip6_pullexthdr(m, off, nxt) } #endif - m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); + m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e); if (nxt == IPPROTO_AH) elen = (ip6e.ip6e_len + 2) << 2; else @@ -1395,7 +1384,7 @@ ip6_pullexthdr(m, off, nxt) return NULL; } - m_copydata(m, off, elen, mtod(n, void *)); + m_copydata(m, off, elen, mtod(n, caddr_t)); n->m_len = elen; return n; } @@ -1428,7 +1417,7 @@ ip6_get_prevhdr(m, off) nxt = ip6->ip6_nxt; len = sizeof(struct ip6_hdr); while (len < off) { - ip6e = (struct ip6_ext *)(mtod(m, char *) + len); + ip6e = (struct ip6_ext *)(mtod(m, caddr_t) + len); switch (nxt) { case IPPROTO_FRAGMENT: @@ -1477,7 +1466,7 @@ ip6_nexthdr(m, off, proto, nxtp) return -1; if (m->m_pkthdr.len < off + sizeof(ip6)) return -1; - m_copydata(m, off, sizeof(ip6), (void *)&ip6); + m_copydata(m, off, sizeof(ip6), (caddr_t)&ip6); if (nxtp) *nxtp = ip6.ip6_nxt; off += sizeof(ip6); @@ -1490,7 +1479,7 @@ ip6_nexthdr(m, off, proto, nxtp) */ if (m->m_pkthdr.len < off + sizeof(fh)) return -1; - m_copydata(m, off, sizeof(fh), (void *)&fh); + m_copydata(m, off, sizeof(fh), (caddr_t)&fh); if ((fh.ip6f_offlg & IP6F_OFF_MASK) != 0) return -1; if (nxtp) @@ -1501,7 +1490,7 @@ ip6_nexthdr(m, off, proto, nxtp) case IPPROTO_AH: if (m->m_pkthdr.len < off + sizeof(ip6e)) return -1; - m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); + m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e); if (nxtp) *nxtp = ip6e.ip6e_nxt; off += (ip6e.ip6e_len + 2) << 2; @@ -1514,7 +1503,7 @@ ip6_nexthdr(m, off, proto, nxtp) case IPPROTO_DSTOPTS: if (m->m_pkthdr.len < off + sizeof(ip6e)) return -1; - m_copydata(m, off, sizeof(ip6e), (void *)&ip6e); + m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e); if (nxtp) *nxtp = ip6e.ip6e_nxt; off += (ip6e.ip6e_len + 1) << 3; @@ -1603,57 +1592,6 @@ ip6_delaux(m) m_tag_delete(m, mtag); } -#ifdef GATEWAY -/* - * sysctl helper routine for net.inet.ip6.maxflows. Since - * we could reduce this value, call ip6flow_reap(); - */ -static int -sysctl_net_inet6_ip6_maxflows(SYSCTLFN_ARGS) -{ - int s; - - s = sysctl_lookup(SYSCTLFN_CALL(rnode)); - if (s || newp == NULL) - return (s); - - s = splsoftnet(); - ip6flow_reap(0); - splx(s); - - return (0); -} - -static int -sysctl_net_inet6_ip6_hashsize(SYSCTLFN_ARGS) -{ - int error, tmp; - struct sysctlnode node; - - node = *rnode; - tmp = ip6_hashsize; - node.sysctl_data = &tmp; - error = sysctl_lookup(SYSCTLFN_CALL(&node)); - if (error || newp == NULL) - return (error); - - if ((tmp & (tmp - 1)) == 0 && tmp != 0) { - /* - * Can only fail due to malloc() - */ - if (ip6flow_invalidate_all(tmp)) - return ENOMEM; - } else { - /* - * EINVAL if not a power of 2 - */ - return EINVAL; - } - - return (0); -} -#endif /* GATEWAY */ - /* * System control for IP6 */ @@ -1937,20 +1875,4 @@ SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, NULL, 0, &ip6_mcast_pmtu, 0, CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_CREATE, CTL_EOL); -#ifdef GATEWAY - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "maxflows", - SYSCTL_DESCR("Number of flows for fast forwarding (IPv6)"), - sysctl_net_inet6_ip6_maxflows, 0, &ip6_maxflows, 0, - CTL_NET, PF_INET6, IPPROTO_IPV6, - CTL_CREATE, CTL_EOL); - sysctl_createv(clog, 0, NULL, NULL, - CTLFLAG_PERMANENT|CTLFLAG_READWRITE, - CTLTYPE_INT, "hashsize", - SYSCTL_DESCR("Size of hash table for fast forwarding (IPv6)"), - sysctl_net_inet6_ip6_hashsize, 0, &ip6_hashsize, 0, - CTL_NET, PF_INET6, IPPROTO_IPV6, - CTL_CREATE, CTL_EOL); -#endif }