1 /*
2 * Copyright (c) 1982, 1986, 1988, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by the University of
16 * California, Berkeley and its contributors.
17 * 4. Neither the name of the University nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94
34 * $FreeBSD: releng/5.1/sys/netinet/ip_input.c 114788 2003-05-06 20:34:04Z rwatson $
35 */
36
37 #include "opt_bootp.h"
38 #include "opt_ipfw.h"
39 #include "opt_ipdn.h"
40 #include "opt_ipdivert.h"
41 #include "opt_ipfilter.h"
42 #include "opt_ipstealth.h"
43 #include "opt_ipsec.h"
44 #include "opt_mac.h"
45 #include "opt_pfil_hooks.h"
46 #include "opt_random_ip_id.h"
47
48 #include <sys/param.h>
49 #include <sys/systm.h>
50 #include <sys/mac.h>
51 #include <sys/mbuf.h>
52 #include <sys/malloc.h>
53 #include <sys/domain.h>
54 #include <sys/protosw.h>
55 #include <sys/socket.h>
56 #include <sys/time.h>
57 #include <sys/kernel.h>
58 #include <sys/syslog.h>
59 #include <sys/sysctl.h>
60
61 #include <net/pfil.h>
62 #include <net/if.h>
63 #include <net/if_types.h>
64 #include <net/if_var.h>
65 #include <net/if_dl.h>
66 #include <net/route.h>
67 #include <net/netisr.h>
68
69 #include <netinet/in.h>
70 #include <netinet/in_systm.h>
71 #include <netinet/in_var.h>
72 #include <netinet/ip.h>
73 #include <netinet/in_pcb.h>
74 #include <netinet/ip_var.h>
75 #include <netinet/ip_icmp.h>
76 #include <machine/in_cksum.h>
77
78 #include <sys/socketvar.h>
79
80 #include <netinet/ip_fw.h>
81 #include <netinet/ip_dummynet.h>
82
83 #ifdef IPSEC
84 #include <netinet6/ipsec.h>
85 #include <netkey/key.h>
86 #endif
87
88 #ifdef FAST_IPSEC
89 #include <netipsec/ipsec.h>
90 #include <netipsec/key.h>
91 #endif
92
93 int rsvp_on = 0;
94
95 int ipforwarding = 0;
96 SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW,
97 &ipforwarding, 0, "Enable IP forwarding between interfaces");
98
99 static int ipsendredirects = 1; /* XXX */
100 SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW,
101 &ipsendredirects, 0, "Enable sending IP redirects");
102
103 int ip_defttl = IPDEFTTL;
104 SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW,
105 &ip_defttl, 0, "Maximum TTL on IP packets");
106
107 static int ip_dosourceroute = 0;
108 SYSCTL_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW,
109 &ip_dosourceroute, 0, "Enable forwarding source routed IP packets");
110
111 static int ip_acceptsourceroute = 0;
112 SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute,
113 CTLFLAG_RW, &ip_acceptsourceroute, 0,
114 "Enable accepting source routed IP packets");
115
116 static int ip_keepfaith = 0;
117 SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW,
118 &ip_keepfaith, 0,
119 "Enable packet capture for FAITH IPv4->IPv6 translater daemon");
120
121 static int nipq = 0; /* total # of reass queues */
122 static int maxnipq;
123 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragpackets, CTLFLAG_RW,
124 &maxnipq, 0,
125 "Maximum number of IPv4 fragment reassembly queue entries");
126
127 static int maxfragsperpacket;
128 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW,
129 &maxfragsperpacket, 0,
130 "Maximum number of IPv4 fragments allowed per packet");
131
132 static int ip_sendsourcequench = 0;
133 SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW,
134 &ip_sendsourcequench, 0,
135 "Enable the transmission of source quench packets");
136
137 /*
138 * XXX - Setting ip_checkinterface mostly implements the receive side of
139 * the Strong ES model described in RFC 1122, but since the routing table
140 * and transmit implementation do not implement the Strong ES model,
141 * setting this to 1 results in an odd hybrid.
142 *
143 * XXX - ip_checkinterface currently must be disabled if you use ipnat
144 * to translate the destination address to another local interface.
145 *
146 * XXX - ip_checkinterface must be disabled if you add IP aliases
147 * to the loopback interface instead of the interface where the
148 * packets for those addresses are received.
149 */
150 static int ip_checkinterface = 1;
151 SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW,
152 &ip_checkinterface, 0, "Verify packet arrives on correct interface");
153
154 #ifdef DIAGNOSTIC
155 static int ipprintfs = 0;
156 #endif
157
158 static struct ifqueue ipintrq;
159 static int ipqmaxlen = IFQ_MAXLEN;
160
161 extern struct domain inetdomain;
162 extern struct protosw inetsw[];
163 u_char ip_protox[IPPROTO_MAX];
164 struct in_ifaddrhead in_ifaddrhead; /* first inet address */
165 struct in_ifaddrhashhead *in_ifaddrhashtbl; /* inet addr hash table */
166 u_long in_ifaddrhmask; /* mask for hash table */
167
168 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQMAXLEN, intr_queue_maxlen, CTLFLAG_RW,
169 &ipintrq.ifq_maxlen, 0, "Maximum size of the IP input queue");
170 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQDROPS, intr_queue_drops, CTLFLAG_RD,
171 &ipintrq.ifq_drops, 0, "Number of packets dropped from the IP input queue");
172
173 struct ipstat ipstat;
174 SYSCTL_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW,
175 &ipstat, ipstat, "IP statistics (struct ipstat, netinet/ip_var.h)");
176
177 /* Packet reassembly stuff */
178 #define IPREASS_NHASH_LOG2 6
179 #define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2)
180 #define IPREASS_HMASK (IPREASS_NHASH - 1)
181 #define IPREASS_HASH(x,y) \
182 (((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK)
183
184 static TAILQ_HEAD(ipqhead, ipq) ipq[IPREASS_NHASH];
185
186 #ifdef IPCTL_DEFMTU
187 SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW,
188 &ip_mtu, 0, "Default MTU");
189 #endif
190
191 #ifdef IPSTEALTH
192 static int ipstealth = 0;
193 SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW,
194 &ipstealth, 0, "");
195 #endif
196
197
198 /* Firewall hooks */
199 ip_fw_chk_t *ip_fw_chk_ptr;
200 int fw_enable = 1 ;
201 int fw_one_pass = 1;
202
203 /* Dummynet hooks */
204 ip_dn_io_t *ip_dn_io_ptr;
205
206
207 /*
208 * XXX this is ugly -- the following two global variables are
209 * used to store packet state while it travels through the stack.
210 * Note that the code even makes assumptions on the size and
211 * alignment of fields inside struct ip_srcrt so e.g. adding some
212 * fields will break the code. This needs to be fixed.
213 *
214 * We need to save the IP options in case a protocol wants to respond
215 * to an incoming packet over the same route if the packet got here
216 * using IP source routing. This allows connection establishment and
217 * maintenance when the remote end is on a network that is not known
218 * to us.
219 */
220 static int ip_nhops = 0;
221 static struct ip_srcrt {
222 struct in_addr dst; /* final destination */
223 char nop; /* one NOP to align */
224 char srcopt[IPOPT_OFFSET + 1]; /* OPTVAL, OLEN and OFFSET */
225 struct in_addr route[MAX_IPOPTLEN/sizeof(struct in_addr)];
226 } ip_srcrt;
227
228 static void save_rte(u_char *, struct in_addr);
229 static int ip_dooptions(struct mbuf *m, int,
230 struct sockaddr_in *next_hop);
231 static void ip_forward(struct mbuf *m, int srcrt,
232 struct sockaddr_in *next_hop);
233 static void ip_freef(struct ipqhead *, struct ipq *);
234 static struct mbuf *ip_reass(struct mbuf *, struct ipqhead *,
235 struct ipq *, u_int32_t *, u_int16_t *);
236
237 /*
238 * IP initialization: fill in IP protocol switch table.
239 * All protocols not implemented in kernel go to raw IP protocol handler.
240 */
241 void
242 ip_init()
243 {
244 register struct protosw *pr;
245 register int i;
246
247 TAILQ_INIT(&in_ifaddrhead);
248 in_ifaddrhashtbl = hashinit(INADDR_NHASH, M_IFADDR, &in_ifaddrhmask);
249 pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW);
250 if (pr == 0)
251 panic("ip_init");
252 for (i = 0; i < IPPROTO_MAX; i++)
253 ip_protox[i] = pr - inetsw;
254 for (pr = inetdomain.dom_protosw;
255 pr < inetdomain.dom_protoswNPROTOSW; pr++)
256 if (pr->pr_domain->dom_family == PF_INET &&
257 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW)
258 ip_protox[pr->pr_protocol] = pr - inetsw;
259
260 for (i = 0; i < IPREASS_NHASH; i++)
261 TAILQ_INIT(&ipq[i]);
262
263 maxnipq = nmbclusters / 32;
264 maxfragsperpacket = 16;
265
266 #ifndef RANDOM_IP_ID
267 ip_id = time_second & 0xffff;
268 #endif
269 ipintrq.ifq_maxlen = ipqmaxlen;
270 mtx_init(&ipintrq.ifq_mtx, "ip_inq", NULL, MTX_DEF);
271 netisr_register(NETISR_IP, ip_input, &ipintrq);
272 }
273
274 /*
275 * XXX watch out this one. It is perhaps used as a cache for
276 * the most recently used route ? it is cleared in in_addroute()
277 * when a new route is successfully created.
278 */
279 struct route ipforward_rt;
280
281 /*
282 * Ip input routine. Checksum and byte swap header. If fragmented
283 * try to reassemble. Process options. Pass to next level.
284 */
285 void
286 ip_input(struct mbuf *m)
287 {
288 struct ip *ip;
289 struct ipq *fp;
290 struct in_ifaddr *ia = NULL;
291 struct ifaddr *ifa;
292 int i, hlen, checkif;
293 u_short sum;
294 struct in_addr pkt_dst;
295 u_int32_t divert_info = 0; /* packet divert/tee info */
296 struct ip_fw_args args;
297 #ifdef PFIL_HOOKS
298 struct packet_filter_hook *pfh;
299 struct mbuf *m0;
300 int rv;
301 #endif /* PFIL_HOOKS */
302 #ifdef FAST_IPSEC
303 struct m_tag *mtag;
304 struct tdb_ident *tdbi;
305 struct secpolicy *sp;
306 int s, error;
307 #endif /* FAST_IPSEC */
308
309 args.eh = NULL;
310 args.oif = NULL;
311 args.rule = NULL;
312 args.divert_rule = 0; /* divert cookie */
313 args.next_hop = NULL;
314
315 /* Grab info from MT_TAG mbufs prepended to the chain. */
316 for (; m && m->m_type == MT_TAG; m = m->m_next) {
317 switch(m->_m_tag_id) {
318 default:
319 printf("ip_input: unrecognised MT_TAG tag %d\n",
320 m->_m_tag_id);
321 break;
322
323 case PACKET_TAG_DUMMYNET:
324 args.rule = ((struct dn_pkt *)m)->rule;
325 break;
326
327 case PACKET_TAG_DIVERT:
328 args.divert_rule = (intptr_t)m->m_hdr.mh_data & 0xffff;
329 break;
330
331 case PACKET_TAG_IPFORWARD:
332 args.next_hop = (struct sockaddr_in *)m->m_hdr.mh_data;
333 break;
334 }
335 }
336
337 M_ASSERTPKTHDR(m);
338
339 if (args.rule) { /* dummynet already filtered us */
340 ip = mtod(m, struct ip *);
341 hlen = ip->ip_hl << 2;
342 goto iphack ;
343 }
344
345 ipstat.ips_total++;
346
347 if (m->m_pkthdr.len < sizeof(struct ip))
348 goto tooshort;
349
350 if (m->m_len < sizeof (struct ip) &&
351 (m = m_pullup(m, sizeof (struct ip))) == 0) {
352 ipstat.ips_toosmall++;
353 return;
354 }
355 ip = mtod(m, struct ip *);
356
357 if (ip->ip_v != IPVERSION) {
358 ipstat.ips_badvers++;
359 goto bad;
360 }
361
362 hlen = ip->ip_hl << 2;
363 if (hlen < sizeof(struct ip)) { /* minimum header length */
364 ipstat.ips_badhlen++;
365 goto bad;
366 }
367 if (hlen > m->m_len) {
368 if ((m = m_pullup(m, hlen)) == 0) {
369 ipstat.ips_badhlen++;
370 return;
371 }
372 ip = mtod(m, struct ip *);
373 }
374
375 /* 127/8 must not appear on wire - RFC1122 */
376 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
377 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
378 if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) {
379 ipstat.ips_badaddr++;
380 goto bad;
381 }
382 }
383
384 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) {
385 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID);
386 } else {
387 if (hlen == sizeof(struct ip)) {
388 sum = in_cksum_hdr(ip);
389 } else {
390 sum = in_cksum(m, hlen);
391 }
392 }
393 if (sum) {
394 ipstat.ips_badsum++;
395 goto bad;
396 }
397
398 /*
399 * Convert fields to host representation.
400 */
401 ip->ip_len = ntohs(ip->ip_len);
402 if (ip->ip_len < hlen) {
403 ipstat.ips_badlen++;
404 goto bad;
405 }
406 ip->ip_off = ntohs(ip->ip_off);
407
408 /*
409 * Check that the amount of data in the buffers
410 * is as at least much as the IP header would have us expect.
411 * Trim mbufs if longer than we expect.
412 * Drop packet if shorter than we expect.
413 */
414 if (m->m_pkthdr.len < ip->ip_len) {
415 tooshort:
416 ipstat.ips_tooshort++;
417 goto bad;
418 }
419 if (m->m_pkthdr.len > ip->ip_len) {
420 if (m->m_len == m->m_pkthdr.len) {
421 m->m_len = ip->ip_len;
422 m->m_pkthdr.len = ip->ip_len;
423 } else
424 m_adj(m, ip->ip_len - m->m_pkthdr.len);
425 }
426 #if defined(IPSEC) && !defined(IPSEC_FILTERGIF)
427 /*
428 * Bypass packet filtering for packets from a tunnel (gif).
429 */
430 if (ipsec_gethist(m, NULL))
431 goto pass;
432 #endif
433
434 /*
435 * IpHack's section.
436 * Right now when no processing on packet has done
437 * and it is still fresh out of network we do our black
438 * deals with it.
439 * - Firewall: deny/allow/divert
440 * - Xlate: translate packet's addr/port (NAT).
441 * - Pipe: pass pkt through dummynet.
442 * - Wrap: fake packet's addr/port <unimpl.>
443 * - Encapsulate: put it in another IP and send out. <unimp.>
444 */
445
446 iphack:
447
448 #ifdef PFIL_HOOKS
449 /*
450 * Run through list of hooks for input packets. If there are any
451 * filters which require that additional packets in the flow are
452 * not fast-forwarded, they must clear the M_CANFASTFWD flag.
453 * Note that filters must _never_ set this flag, as another filter
454 * in the list may have previously cleared it.
455 */
456 m0 = m;
457 pfh = pfil_hook_get(PFIL_IN, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh);
458 for (; pfh; pfh = TAILQ_NEXT(pfh, pfil_link))
459 if (pfh->pfil_func) {
460 rv = pfh->pfil_func(ip, hlen,
461 m->m_pkthdr.rcvif, 0, &m0);
462 if (rv)
463 return;
464 m = m0;
465 if (m == NULL)
466 return;
467 ip = mtod(m, struct ip *);
468 }
469 #endif /* PFIL_HOOKS */
470
471 if (fw_enable && IPFW_LOADED) {
472 /*
473 * If we've been forwarded from the output side, then
474 * skip the firewall a second time
475 */
476 if (args.next_hop)
477 goto ours;
478
479 args.m = m;
480 i = ip_fw_chk_ptr(&args);
481 m = args.m;
482
483 if ( (i & IP_FW_PORT_DENY_FLAG) || m == NULL) { /* drop */
484 if (m)
485 m_freem(m);
486 return;
487 }
488 ip = mtod(m, struct ip *); /* just in case m changed */
489 if (i == 0 && args.next_hop == NULL) /* common case */
490 goto pass;
491 if (DUMMYNET_LOADED && (i & IP_FW_PORT_DYNT_FLAG) != 0) {
492 /* Send packet to the appropriate pipe */
493 ip_dn_io_ptr(m, i&0xffff, DN_TO_IP_IN, &args);
494 return;
495 }
496 #ifdef IPDIVERT
497 if (i != 0 && (i & IP_FW_PORT_DYNT_FLAG) == 0) {
498 /* Divert or tee packet */
499 divert_info = i;
500 goto ours;
501 }
502 #endif
503 if (i == 0 && args.next_hop != NULL)
504 goto pass;
505 /*
506 * if we get here, the packet must be dropped
507 */
508 m_freem(m);
509 return;
510 }
511 pass:
512
513 /*
514 * Process options and, if not destined for us,
515 * ship it on. ip_dooptions returns 1 when an
516 * error was detected (causing an icmp message
517 * to be sent and the original packet to be freed).
518 */
519 ip_nhops = 0; /* for source routed packets */
520 if (hlen > sizeof (struct ip) && ip_dooptions(m, 0, args.next_hop))
521 return;
522
523 /* greedy RSVP, snatches any PATH packet of the RSVP protocol and no
524 * matter if it is destined to another node, or whether it is
525 * a multicast one, RSVP wants it! and prevents it from being forwarded
526 * anywhere else. Also checks if the rsvp daemon is running before
527 * grabbing the packet.
528 */
529 if (rsvp_on && ip->ip_p==IPPROTO_RSVP)
530 goto ours;
531
532 /*
533 * Check our list of addresses, to see if the packet is for us.
534 * If we don't have any addresses, assume any unicast packet
535 * we receive might be for us (and let the upper layers deal
536 * with it).
537 */
538 if (TAILQ_EMPTY(&in_ifaddrhead) &&
539 (m->m_flags & (M_MCAST|M_BCAST)) == 0)
540 goto ours;
541
542 /*
543 * Cache the destination address of the packet; this may be
544 * changed by use of 'ipfw fwd'.
545 */
546 pkt_dst = args.next_hop ? args.next_hop->sin_addr : ip->ip_dst;
547
548 /*
549 * Enable a consistency check between the destination address
550 * and the arrival interface for a unicast packet (the RFC 1122
551 * strong ES model) if IP forwarding is disabled and the packet
552 * is not locally generated and the packet is not subject to
553 * 'ipfw fwd'.
554 *
555 * XXX - Checking also should be disabled if the destination
556 * address is ipnat'ed to a different interface.
557 *
558 * XXX - Checking is incompatible with IP aliases added
559 * to the loopback interface instead of the interface where
560 * the packets are received.
561 */
562 checkif = ip_checkinterface && (ipforwarding == 0) &&
563 m->m_pkthdr.rcvif != NULL &&
564 ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) &&
565 (args.next_hop == NULL);
566
567 /*
568 * Check for exact addresses in the hash bucket.
569 */
570 LIST_FOREACH(ia, INADDR_HASH(pkt_dst.s_addr), ia_hash) {
571 /*
572 * If the address matches, verify that the packet
573 * arrived via the correct interface if checking is
574 * enabled.
575 */
576 if (IA_SIN(ia)->sin_addr.s_addr == pkt_dst.s_addr &&
577 (!checkif || ia->ia_ifp == m->m_pkthdr.rcvif))
578 goto ours;
579 }
580 /*
581 * Check for broadcast addresses.
582 *
583 * Only accept broadcast packets that arrive via the matching
584 * interface. Reception of forwarded directed broadcasts would
585 * be handled via ip_forward() and ether_output() with the loopback
586 * into the stack for SIMPLEX interfaces handled by ether_output().
587 */
588 if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) {
589 TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) {
590 if (ifa->ifa_addr->sa_family != AF_INET)
591 continue;
592 ia = ifatoia(ifa);
593 if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr ==
594 pkt_dst.s_addr)
595 goto ours;
596 if (ia->ia_netbroadcast.s_addr == pkt_dst.s_addr)
597 goto ours;
598 #ifdef BOOTP_COMPAT
599 if (IA_SIN(ia)->sin_addr.s_addr == INADDR_ANY)
600 goto ours;
601 #endif
602 }
603 }
604 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
605 struct in_multi *inm;
606 if (ip_mrouter) {
607 /*
608 * If we are acting as a multicast router, all
609 * incoming multicast packets are passed to the
610 * kernel-level multicast forwarding function.
611 * The packet is returned (relatively) intact; if
612 * ip_mforward() returns a non-zero value, the packet
613 * must be discarded, else it may be accepted below.
614 */
615 if (ip_mforward &&
616 ip_mforward(ip, m->m_pkthdr.rcvif, m, 0) != 0) {
617 ipstat.ips_cantforward++;
618 m_freem(m);
619 return;
620 }
621
622 /*
623 * The process-level routing daemon needs to receive
624 * all multicast IGMP packets, whether or not this
625 * host belongs to their destination groups.
626 */
627 if (ip->ip_p == IPPROTO_IGMP)
628 goto ours;
629 ipstat.ips_forward++;
630 }
631 /*
632 * See if we belong to the destination multicast group on the
633 * arrival interface.
634 */
635 IN_LOOKUP_MULTI(ip->ip_dst, m->m_pkthdr.rcvif, inm);
636 if (inm == NULL) {
637 ipstat.ips_notmember++;
638 m_freem(m);
639 return;
640 }
641 goto ours;
642 }
643 if (ip->ip_dst.s_addr == (u_long)INADDR_BROADCAST)
644 goto ours;
645 if (ip->ip_dst.s_addr == INADDR_ANY)
646 goto ours;
647
648 /*
649 * FAITH(Firewall Aided Internet Translator)
650 */
651 if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type == IFT_FAITH) {
652 if (ip_keepfaith) {
653 if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_ICMP)
654 goto ours;
655 }
656 m_freem(m);
657 return;
658 }
659
660 /*
661 * Not for us; forward if possible and desirable.
662 */
663 if (ipforwarding == 0) {
664 ipstat.ips_cantforward++;
665 m_freem(m);
666 } else {
667 #ifdef IPSEC
668 /*
669 * Enforce inbound IPsec SPD.
670 */
671 if (ipsec4_in_reject(m, NULL)) {
672 ipsecstat.in_polvio++;
673 goto bad;
674 }
675 #endif /* IPSEC */
676 #ifdef FAST_IPSEC
677 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL);
678 s = splnet();
679 if (mtag != NULL) {
680 tdbi = (struct tdb_ident *)(mtag + 1);
681 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND);
682 } else {
683 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
684 IP_FORWARDING, &error);
685 }
686 if (sp == NULL) { /* NB: can happen if error */
687 splx(s);
688 /*XXX error stat???*/
689 DPRINTF(("ip_input: no SP for forwarding\n")); /*XXX*/
690 goto bad;
691 }
692
693 /*
694 * Check security policy against packet attributes.
695 */
696 error = ipsec_in_reject(sp, m);
697 KEY_FREESP(&sp);
698 splx(s);
699 if (error) {
700 ipstat.ips_cantforward++;
701 goto bad;
702 }
703 #endif /* FAST_IPSEC */
704 ip_forward(m, 0, args.next_hop);
705 }
706 return;
707
708 ours:
709 #ifdef IPSTEALTH
710 /*
711 * IPSTEALTH: Process non-routing options only
712 * if the packet is destined for us.
713 */
714 if (ipstealth && hlen > sizeof (struct ip) &&
715 ip_dooptions(m, 1, args.next_hop))
716 return;
717 #endif /* IPSTEALTH */
718
719 /* Count the packet in the ip address stats */
720 if (ia != NULL) {
721 ia->ia_ifa.if_ipackets++;
722 ia->ia_ifa.if_ibytes += m->m_pkthdr.len;
723 }
724
725 /*
726 * If offset or IP_MF are set, must reassemble.
727 * Otherwise, nothing need be done.
728 * (We could look in the reassembly queue to see
729 * if the packet was previously fragmented,
730 * but it's not worth the time; just let them time out.)
731 */
732 if (ip->ip_off & (IP_MF | IP_OFFMASK)) {
733
734 /* If maxnipq is 0, never accept fragments. */
735 if (maxnipq == 0) {
736 ipstat.ips_fragments++;
737 ipstat.ips_fragdropped++;
738 goto bad;
739 }
740
741 sum = IPREASS_HASH(ip->ip_src.s_addr, ip->ip_id);
742 /*
743 * Look for queue of fragments
744 * of this datagram.
745 */
746 TAILQ_FOREACH(fp, &ipq[sum], ipq_list)
747 if (ip->ip_id == fp->ipq_id &&
748 ip->ip_src.s_addr == fp->ipq_src.s_addr &&
749 ip->ip_dst.s_addr == fp->ipq_dst.s_addr &&
750 #ifdef MAC
751 mac_fragment_match(m, fp) &&
752 #endif
753 ip->ip_p == fp->ipq_p)
754 goto found;
755
756 fp = 0;
757
758 /*
759 * Enforce upper bound on number of fragmented packets
760 * for which we attempt reassembly;
761 * If maxnipq is -1, accept all fragments without limitation.
762 */
763 if ((nipq > maxnipq) && (maxnipq > 0)) {
764 /*
765 * drop something from the tail of the current queue
766 * before proceeding further
767 */
768 struct ipq *q = TAILQ_LAST(&ipq[sum], ipqhead);
769 if (q == NULL) { /* gak */
770 for (i = 0; i < IPREASS_NHASH; i++) {
771 struct ipq *r = TAILQ_LAST(&ipq[i], ipqhead);
772 if (r) {
773 ipstat.ips_fragtimeout += r->ipq_nfrags;
774 ip_freef(&ipq[i], r);
775 break;
776 }
777 }
778 } else {
779 ipstat.ips_fragtimeout += q->ipq_nfrags;
780 ip_freef(&ipq[sum], q);
781 }
782 }
783 found:
784 /*
785 * Adjust ip_len to not reflect header,
786 * convert offset of this to bytes.
787 */
788 ip->ip_len -= hlen;
789 if (ip->ip_off & IP_MF) {
790 /*
791 * Make sure that fragments have a data length
792 * that's a non-zero multiple of 8 bytes.
793 */
794 if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) {
795 ipstat.ips_toosmall++; /* XXX */
796 goto bad;
797 }
798 m->m_flags |= M_FRAG;
799 } else
800 m->m_flags &= ~M_FRAG;
801 ip->ip_off <<= 3;
802
803 /*
804 * Attempt reassembly; if it succeeds, proceed.
805 * ip_reass() will return a different mbuf, and update
806 * the divert info in divert_info and args.divert_rule.
807 */
808 ipstat.ips_fragments++;
809 m->m_pkthdr.header = ip;
810 m = ip_reass(m,
811 &ipq[sum], fp, &divert_info, &args.divert_rule);
812 if (m == 0)
813 return;
814 ipstat.ips_reassembled++;
815 ip = mtod(m, struct ip *);
816 /* Get the header length of the reassembled packet */
817 hlen = ip->ip_hl << 2;
818 #ifdef IPDIVERT
819 /* Restore original checksum before diverting packet */
820 if (divert_info != 0) {
821 ip->ip_len += hlen;
822 ip->ip_len = htons(ip->ip_len);
823 ip->ip_off = htons(ip->ip_off);
824 ip->ip_sum = 0;
825 if (hlen == sizeof(struct ip))
826 ip->ip_sum = in_cksum_hdr(ip);
827 else
828 ip->ip_sum = in_cksum(m, hlen);
829 ip->ip_off = ntohs(ip->ip_off);
830 ip->ip_len = ntohs(ip->ip_len);
831 ip->ip_len -= hlen;
832 }
833 #endif
834 } else
835 ip->ip_len -= hlen;
836
837 #ifdef IPDIVERT
838 /*
839 * Divert or tee packet to the divert protocol if required.
840 */
841 if (divert_info != 0) {
842 struct mbuf *clone = NULL;
843
844 /* Clone packet if we're doing a 'tee' */
845 if ((divert_info & IP_FW_PORT_TEE_FLAG) != 0)
846 clone = m_dup(m, M_DONTWAIT);
847
848 /* Restore packet header fields to original values */
849 ip->ip_len += hlen;
850 ip->ip_len = htons(ip->ip_len);
851 ip->ip_off = htons(ip->ip_off);
852
853 /* Deliver packet to divert input routine */
854 divert_packet(m, 1, divert_info & 0xffff, args.divert_rule);
855 ipstat.ips_delivered++;
856
857 /* If 'tee', continue with original packet */
858 if (clone == NULL)
859 return;
860 m = clone;
861 ip = mtod(m, struct ip *);
862 ip->ip_len += hlen;
863 /*
864 * Jump backwards to complete processing of the
865 * packet. But first clear divert_info to avoid
866 * entering this block again.
867 * We do not need to clear args.divert_rule
868 * or args.next_hop as they will not be used.
869 */
870 divert_info = 0;
871 goto pass;
872 }
873 #endif
874
875 #ifdef IPSEC
876 /*
877 * enforce IPsec policy checking if we are seeing last header.
878 * note that we do not visit this with protocols with pcb layer
879 * code - like udp/tcp/raw ip.
880 */
881 if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 &&
882 ipsec4_in_reject(m, NULL)) {
883 ipsecstat.in_polvio++;
884 goto bad;
885 }
886 #endif
887 #if FAST_IPSEC
888 /*
889 * enforce IPsec policy checking if we are seeing last header.
890 * note that we do not visit this with protocols with pcb layer
891 * code - like udp/tcp/raw ip.
892 */
893 if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0) {
894 /*
895 * Check if the packet has already had IPsec processing
896 * done. If so, then just pass it along. This tag gets
897 * set during AH, ESP, etc. input handling, before the
898 * packet is returned to the ip input queue for delivery.
899 */
900 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL);
901 s = splnet();
902 if (mtag != NULL) {
903 tdbi = (struct tdb_ident *)(mtag + 1);
904 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND);
905 } else {
906 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND,
907 IP_FORWARDING, &error);
908 }
909 if (sp != NULL) {
910 /*
911 * Check security policy against packet attributes.
912 */
913 error = ipsec_in_reject(sp, m);
914 KEY_FREESP(&sp);
915 } else {
916 /* XXX error stat??? */
917 error = EINVAL;
918 DPRINTF(("ip_input: no SP, packet discarded\n"));/*XXX*/
919 goto bad;
920 }
921 splx(s);
922 if (error)
923 goto bad;
924 }
925 #endif /* FAST_IPSEC */
926
927 /*
928 * Switch out to protocol's input routine.
929 */
930 ipstat.ips_delivered++;
931 if (args.next_hop && ip->ip_p == IPPROTO_TCP) {
932 /* TCP needs IPFORWARD info if available */
933 struct m_hdr tag;
934
935 tag.mh_type = MT_TAG;
936 tag.mh_flags = PACKET_TAG_IPFORWARD;
937 tag.mh_data = (caddr_t)args.next_hop;
938 tag.mh_next = m;
939
940 (*inetsw[ip_protox[ip->ip_p]].pr_input)(
941 (struct mbuf *)&tag, hlen);
942 } else
943 (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen);
944 return;
945 bad:
946 m_freem(m);
947 }
948
949 /*
950 * Take incoming datagram fragment and try to reassemble it into
951 * whole datagram. If a chain for reassembly of this datagram already
952 * exists, then it is given as fp; otherwise have to make a chain.
953 *
954 * When IPDIVERT enabled, keep additional state with each packet that
955 * tells us if we need to divert or tee the packet we're building.
956 * In particular, *divinfo includes the port and TEE flag,
957 * *divert_rule is the number of the matching rule.
958 */
959
960 static struct mbuf *
961 ip_reass(struct mbuf *m, struct ipqhead *head, struct ipq *fp,
962 u_int32_t *divinfo, u_int16_t *divert_rule)
963 {
964 struct ip *ip = mtod(m, struct ip *);
965 register struct mbuf *p, *q, *nq;
966 struct mbuf *t;
967 int hlen = ip->ip_hl << 2;
968 int i, next;
969
970 /*
971 * Presence of header sizes in mbufs
972 * would confuse code below.
973 */
974 m->m_data += hlen;
975 m->m_len -= hlen;
976
977 /*
978 * If first fragment to arrive, create a reassembly queue.
979 */
980 if (fp == 0) {
981 if ((t = m_get(M_DONTWAIT, MT_FTABLE)) == NULL)
982 goto dropfrag;
983 fp = mtod(t, struct ipq *);
984 #ifdef MAC
985 if (mac_init_ipq(fp, M_NOWAIT) != 0) {
986 m_free(t);
987 goto dropfrag;
988 }
989 mac_create_ipq(m, fp);
990 #endif
991 TAILQ_INSERT_HEAD(head, fp, ipq_list);
992 nipq++;
993 fp->ipq_nfrags = 1;
994 fp->ipq_ttl = IPFRAGTTL;
995 fp->ipq_p = ip->ip_p;
996 fp->ipq_id = ip->ip_id;
997 fp->ipq_src = ip->ip_src;
998 fp->ipq_dst = ip->ip_dst;
999 fp->ipq_frags = m;
1000 m->m_nextpkt = NULL;
1001 #ifdef IPDIVERT
1002 fp->ipq_div_info = 0;
1003 fp->ipq_div_cookie = 0;
1004 #endif
1005 goto inserted;
1006 } else {
1007 fp->ipq_nfrags++;
1008 #ifdef MAC
1009 mac_update_ipq(m, fp);
1010 #endif
1011 }
1012
1013 #define GETIP(m) ((struct ip*)((m)->m_pkthdr.header))
1014
1015 /*
1016 * Find a segment which begins after this one does.
1017 */
1018 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt)
1019 if (GETIP(q)->ip_off > ip->ip_off)
1020 break;
1021
1022 /*
1023 * If there is a preceding segment, it may provide some of
1024 * our data already. If so, drop the data from the incoming
1025 * segment. If it provides all of our data, drop us, otherwise
1026 * stick new segment in the proper place.
1027 *
1028 * If some of the data is dropped from the the preceding
1029 * segment, then it's checksum is invalidated.
1030 */
1031 if (p) {
1032 i = GETIP(p)->ip_off + GETIP(p)->ip_len - ip->ip_off;
1033 if (i > 0) {
1034 if (i >= ip->ip_len)
1035 goto dropfrag;
1036 m_adj(m, i);
1037 m->m_pkthdr.csum_flags = 0;
1038 ip->ip_off += i;
1039 ip->ip_len -= i;
1040 }
1041 m->m_nextpkt = p->m_nextpkt;
1042 p->m_nextpkt = m;
1043 } else {
1044 m->m_nextpkt = fp->ipq_frags;
1045 fp->ipq_frags = m;
1046 }
1047
1048 /*
1049 * While we overlap succeeding segments trim them or,
1050 * if they are completely covered, dequeue them.
1051 */
1052 for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off;
1053 q = nq) {
1054 i = (ip->ip_off + ip->ip_len) - GETIP(q)->ip_off;
1055 if (i < GETIP(q)->ip_len) {
1056 GETIP(q)->ip_len -= i;
1057 GETIP(q)->ip_off += i;
1058 m_adj(q, i);
1059 q->m_pkthdr.csum_flags = 0;
1060 break;
1061 }
1062 nq = q->m_nextpkt;
1063 m->m_nextpkt = nq;
1064 ipstat.ips_fragdropped++;
1065 fp->ipq_nfrags--;
1066 m_freem(q);
1067 }
1068
1069 inserted:
1070
1071 #ifdef IPDIVERT
1072 /*
1073 * Transfer firewall instructions to the fragment structure.
1074 * Only trust info in the fragment at offset 0.
1075 */
1076 if (ip->ip_off == 0) {
1077 fp->ipq_div_info = *divinfo;
1078 fp->ipq_div_cookie = *divert_rule;
1079 }
1080 *divinfo = 0;
1081 *divert_rule = 0;
1082 #endif
1083
1084 /*
1085 * Check for complete reassembly and perform frag per packet
1086 * limiting.
1087 *
1088 * Frag limiting is performed here so that the nth frag has
1089 * a chance to complete the packet before we drop the packet.
1090 * As a result, n+1 frags are actually allowed per packet, but
1091 * only n will ever be stored. (n = maxfragsperpacket.)
1092 *
1093 */
1094 next = 0;
1095 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) {
1096 if (GETIP(q)->ip_off != next) {
1097 if (fp->ipq_nfrags > maxfragsperpacket) {
1098 ipstat.ips_fragdropped += fp->ipq_nfrags;
1099 ip_freef(head, fp);
1100 }
1101 return (0);
1102 }
1103 next += GETIP(q)->ip_len;
1104 }
1105 /* Make sure the last packet didn't have the IP_MF flag */
1106 if (p->m_flags & M_FRAG) {
1107 if (fp->ipq_nfrags > maxfragsperpacket) {
1108 ipstat.ips_fragdropped += fp->ipq_nfrags;
1109 ip_freef(head, fp);
1110 }
1111 return (0);
1112 }
1113
1114 /*
1115 * Reassembly is complete. Make sure the packet is a sane size.
1116 */
1117 q = fp->ipq_frags;
1118 ip = GETIP(q);
1119 if (next + (ip->ip_hl << 2) > IP_MAXPACKET) {
1120 ipstat.ips_toolong++;
1121 ipstat.ips_fragdropped += fp->ipq_nfrags;
1122 ip_freef(head, fp);
1123 return (0);
1124 }
1125
1126 /*
1127 * Concatenate fragments.
1128 */
1129 m = q;
1130 t = m->m_next;
1131 m->m_next = 0;
1132 m_cat(m, t);
1133 nq = q->m_nextpkt;
1134 q->m_nextpkt = 0;
1135 for (q = nq; q != NULL; q = nq) {
1136 nq = q->m_nextpkt;
1137 q->m_nextpkt = NULL;
1138 m->m_pkthdr.csum_flags &= q->m_pkthdr.csum_flags;
1139 m->m_pkthdr.csum_data += q->m_pkthdr.csum_data;
1140 m_cat(m, q);
1141 }
1142 #ifdef MAC
1143 mac_create_datagram_from_ipq(fp, m);
1144 mac_destroy_ipq(fp);
1145 #endif
1146
1147 #ifdef IPDIVERT
1148 /*
1149 * Extract firewall instructions from the fragment structure.
1150 */
1151 *divinfo = fp->ipq_div_info;
1152 *divert_rule = fp->ipq_div_cookie;
1153 #endif
1154
1155 /*
1156 * Create header for new ip packet by
1157 * modifying header of first packet;
1158 * dequeue and discard fragment reassembly header.
1159 * Make header visible.
1160 */
1161 ip->ip_len = next;
1162 ip->ip_src = fp->ipq_src;
1163 ip->ip_dst = fp->ipq_dst;
1164 TAILQ_REMOVE(head, fp, ipq_list);
1165 nipq--;
1166 (void) m_free(dtom(fp));
1167 m->m_len += (ip->ip_hl << 2);
1168 m->m_data -= (ip->ip_hl << 2);
1169 /* some debugging cruft by sklower, below, will go away soon */
1170 if (m->m_flags & M_PKTHDR) /* XXX this should be done elsewhere */
1171 m_fixhdr(m);
1172 return (m);
1173
1174 dropfrag:
1175 #ifdef IPDIVERT
1176 *divinfo = 0;
1177 *divert_rule = 0;
1178 #endif
1179 ipstat.ips_fragdropped++;
1180 if (fp != 0)
1181 fp->ipq_nfrags--;
1182 m_freem(m);
1183 return (0);
1184
1185 #undef GETIP
1186 }
1187
1188 /*
1189 * Free a fragment reassembly header and all
1190 * associated datagrams.
1191 */
1192 static void
1193 ip_freef(fhp, fp)
1194 struct ipqhead *fhp;
1195 struct ipq *fp;
1196 {
1197 register struct mbuf *q;
1198
1199 while (fp->ipq_frags) {
1200 q = fp->ipq_frags;
1201 fp->ipq_frags = q->m_nextpkt;
1202 m_freem(q);
1203 }
1204 TAILQ_REMOVE(fhp, fp, ipq_list);
1205 (void) m_free(dtom(fp));
1206 nipq--;
1207 }
1208
1209 /*
1210 * IP timer processing;
1211 * if a timer expires on a reassembly
1212 * queue, discard it.
1213 */
1214 void
1215 ip_slowtimo()
1216 {
1217 register struct ipq *fp;
1218 int s = splnet();
1219 int i;
1220
1221 for (i = 0; i < IPREASS_NHASH; i++) {
1222 for(fp = TAILQ_FIRST(&ipq[i]); fp;) {
1223 struct ipq *fpp;
1224
1225 fpp = fp;
1226 fp = TAILQ_NEXT(fp, ipq_list);
1227 if(--fpp->ipq_ttl == 0) {
1228 ipstat.ips_fragtimeout += fpp->ipq_nfrags;
1229 ip_freef(&ipq[i], fpp);
1230 }
1231 }
1232 }
1233 /*
1234 * If we are over the maximum number of fragments
1235 * (due to the limit being lowered), drain off
1236 * enough to get down to the new limit.
1237 */
1238 if (maxnipq >= 0 && nipq > maxnipq) {
1239 for (i = 0; i < IPREASS_NHASH; i++) {
1240 while (nipq > maxnipq && !TAILQ_EMPTY(&ipq[i])) {
1241 ipstat.ips_fragdropped +=
1242 TAILQ_FIRST(&ipq[i])->ipq_nfrags;
1243 ip_freef(&ipq[i], TAILQ_FIRST(&ipq[i]));
1244 }
1245 }
1246 }
1247 ipflow_slowtimo();
1248 splx(s);
1249 }
1250
1251 /*
1252 * Drain off all datagram fragments.
1253 */
1254 void
1255 ip_drain()
1256 {
1257 int i;
1258
1259 for (i = 0; i < IPREASS_NHASH; i++) {
1260 while(!TAILQ_EMPTY(&ipq[i])) {
1261 ipstat.ips_fragdropped +=
1262 TAILQ_FIRST(&ipq[i])->ipq_nfrags;
1263 ip_freef(&ipq[i], TAILQ_FIRST(&ipq[i]));
1264 }
1265 }
1266 in_rtqdrain();
1267 }
1268
1269 /*
1270 * Do option processing on a datagram,
1271 * possibly discarding it if bad options are encountered,
1272 * or forwarding it if source-routed.
1273 * The pass argument is used when operating in the IPSTEALTH
1274 * mode to tell what options to process:
1275 * [LS]SRR (pass 0) or the others (pass 1).
1276 * The reason for as many as two passes is that when doing IPSTEALTH,
1277 * non-routing options should be processed only if the packet is for us.
1278 * Returns 1 if packet has been forwarded/freed,
1279 * 0 if the packet should be processed further.
1280 */
1281 static int
1282 ip_dooptions(struct mbuf *m, int pass, struct sockaddr_in *next_hop)
1283 {
1284 struct ip *ip = mtod(m, struct ip *);
1285 u_char *cp;
1286 struct in_ifaddr *ia;
1287 int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0;
1288 struct in_addr *sin, dst;
1289 n_time ntime;
1290 struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET };
1291
1292 dst = ip->ip_dst;
1293 cp = (u_char *)(ip + 1);
1294 cnt = (ip->ip_hl << 2) - sizeof (struct ip);
1295 for (; cnt > 0; cnt -= optlen, cp += optlen) {
1296 opt = cp[IPOPT_OPTVAL];
1297 if (opt == IPOPT_EOL)
1298 break;
1299 if (opt == IPOPT_NOP)
1300 optlen = 1;
1301 else {
1302 if (cnt < IPOPT_OLEN + sizeof(*cp)) {
1303 code = &cp[IPOPT_OLEN] - (u_char *)ip;
1304 goto bad;
1305 }
1306 optlen = cp[IPOPT_OLEN];
1307 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) {
1308 code = &cp[IPOPT_OLEN] - (u_char *)ip;
1309 goto bad;
1310 }
1311 }
1312 switch (opt) {
1313
1314 default:
1315 break;
1316
1317 /*
1318 * Source routing with record.
1319 * Find interface with current destination address.
1320 * If none on this machine then drop if strictly routed,
1321 * or do nothing if loosely routed.
1322 * Record interface address and bring up next address
1323 * component. If strictly routed make sure next
1324 * address is on directly accessible net.
1325 */
1326 case IPOPT_LSRR:
1327 case IPOPT_SSRR:
1328 #ifdef IPSTEALTH
1329 if (ipstealth && pass > 0)
1330 break;
1331 #endif
1332 if (optlen < IPOPT_OFFSET + sizeof(*cp)) {
1333 code = &cp[IPOPT_OLEN] - (u_char *)ip;
1334 goto bad;
1335 }
1336 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) {
1337 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
1338 goto bad;
1339 }
1340 ipaddr.sin_addr = ip->ip_dst;
1341 ia = (struct in_ifaddr *)
1342 ifa_ifwithaddr((struct sockaddr *)&ipaddr);
1343 if (ia == 0) {
1344 if (opt == IPOPT_SSRR) {
1345 type = ICMP_UNREACH;
1346 code = ICMP_UNREACH_SRCFAIL;
1347 goto bad;
1348 }
1349 if (!ip_dosourceroute)
1350 goto nosourcerouting;
1351 /*
1352 * Loose routing, and not at next destination
1353 * yet; nothing to do except forward.
1354 */
1355 break;
1356 }
1357 off--; /* 0 origin */
1358 if (off > optlen - (int)sizeof(struct in_addr)) {
1359 /*
1360 * End of source route. Should be for us.
1361 */
1362 if (!ip_acceptsourceroute)
1363 goto nosourcerouting;
1364 save_rte(cp, ip->ip_src);
1365 break;
1366 }
1367 #ifdef IPSTEALTH
1368 if (ipstealth)
1369 goto dropit;
1370 #endif
1371 if (!ip_dosourceroute) {
1372 if (ipforwarding) {
1373 char buf[16]; /* aaa.bbb.ccc.ddd\0 */
1374 /*
1375 * Acting as a router, so generate ICMP
1376 */
1377 nosourcerouting:
1378 strcpy(buf, inet_ntoa(ip->ip_dst));
1379 log(LOG_WARNING,
1380 "attempted source route from %s to %s\n",
1381 inet_ntoa(ip->ip_src), buf);
1382 type = ICMP_UNREACH;
1383 code = ICMP_UNREACH_SRCFAIL;
1384 goto bad;
1385 } else {
1386 /*
1387 * Not acting as a router, so silently drop.
1388 */
1389 #ifdef IPSTEALTH
1390 dropit:
1391 #endif
1392 ipstat.ips_cantforward++;
1393 m_freem(m);
1394 return (1);
1395 }
1396 }
1397
1398 /*
1399 * locate outgoing interface
1400 */
1401 (void)memcpy(&ipaddr.sin_addr, cp + off,
1402 sizeof(ipaddr.sin_addr));
1403
1404 if (opt == IPOPT_SSRR) {
1405 #define INA struct in_ifaddr *
1406 #define SA struct sockaddr *
1407 if ((ia = (INA)ifa_ifwithdstaddr((SA)&ipaddr)) == 0)
1408 ia = (INA)ifa_ifwithnet((SA)&ipaddr);
1409 } else
1410 ia = ip_rtaddr(ipaddr.sin_addr, &ipforward_rt);
1411 if (ia == 0) {
1412 type = ICMP_UNREACH;
1413 code = ICMP_UNREACH_SRCFAIL;
1414 goto bad;
1415 }
1416 ip->ip_dst = ipaddr.sin_addr;
1417 (void)memcpy(cp + off, &(IA_SIN(ia)->sin_addr),
1418 sizeof(struct in_addr));
1419 cp[IPOPT_OFFSET] += sizeof(struct in_addr);
1420 /*
1421 * Let ip_intr's mcast routing check handle mcast pkts
1422 */
1423 forward = !IN_MULTICAST(ntohl(ip->ip_dst.s_addr));
1424 break;
1425
1426 case IPOPT_RR:
1427 #ifdef IPSTEALTH
1428 if (ipstealth && pass == 0)
1429 break;
1430 #endif
1431 if (optlen < IPOPT_OFFSET + sizeof(*cp)) {
1432 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
1433 goto bad;
1434 }
1435 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) {
1436 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
1437 goto bad;
1438 }
1439 /*
1440 * If no space remains, ignore.
1441 */
1442 off--; /* 0 origin */
1443 if (off > optlen - (int)sizeof(struct in_addr))
1444 break;
1445 (void)memcpy(&ipaddr.sin_addr, &ip->ip_dst,
1446 sizeof(ipaddr.sin_addr));
1447 /*
1448 * locate outgoing interface; if we're the destination,
1449 * use the incoming interface (should be same).
1450 */
1451 if ((ia = (INA)ifa_ifwithaddr((SA)&ipaddr)) == 0 &&
1452 (ia = ip_rtaddr(ipaddr.sin_addr,
1453 &ipforward_rt)) == 0) {
1454 type = ICMP_UNREACH;
1455 code = ICMP_UNREACH_HOST;
1456 goto bad;
1457 }
1458 (void)memcpy(cp + off, &(IA_SIN(ia)->sin_addr),
1459 sizeof(struct in_addr));
1460 cp[IPOPT_OFFSET] += sizeof(struct in_addr);
1461 break;
1462
1463 case IPOPT_TS:
1464 #ifdef IPSTEALTH
1465 if (ipstealth && pass == 0)
1466 break;
1467 #endif
1468 code = cp - (u_char *)ip;
1469 if (optlen < 4 || optlen > 40) {
1470 code = &cp[IPOPT_OLEN] - (u_char *)ip;
1471 goto bad;
1472 }
1473 if ((off = cp[IPOPT_OFFSET]) < 5) {
1474 code = &cp[IPOPT_OLEN] - (u_char *)ip;
1475 goto bad;
1476 }
1477 if (off > optlen - (int)sizeof(int32_t)) {
1478 cp[IPOPT_OFFSET + 1] += (1 << 4);
1479 if ((cp[IPOPT_OFFSET + 1] & 0xf0) == 0) {
1480 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
1481 goto bad;
1482 }
1483 break;
1484 }
1485 off--; /* 0 origin */
1486 sin = (struct in_addr *)(cp + off);
1487 switch (cp[IPOPT_OFFSET + 1] & 0x0f) {
1488
1489 case IPOPT_TS_TSONLY:
1490 break;
1491
1492 case IPOPT_TS_TSANDADDR:
1493 if (off + sizeof(n_time) +
1494 sizeof(struct in_addr) > optlen) {
1495 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
1496 goto bad;
1497 }
1498 ipaddr.sin_addr = dst;
1499 ia = (INA)ifaof_ifpforaddr((SA)&ipaddr,
1500 m->m_pkthdr.rcvif);
1501 if (ia == 0)
1502 continue;
1503 (void)memcpy(sin, &IA_SIN(ia)->sin_addr,
1504 sizeof(struct in_addr));
1505 cp[IPOPT_OFFSET] += sizeof(struct in_addr);
1506 off += sizeof(struct in_addr);
1507 break;
1508
1509 case IPOPT_TS_PRESPEC:
1510 if (off + sizeof(n_time) +
1511 sizeof(struct in_addr) > optlen) {
1512 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
1513 goto bad;
1514 }
1515 (void)memcpy(&ipaddr.sin_addr, sin,
1516 sizeof(struct in_addr));
1517 if (ifa_ifwithaddr((SA)&ipaddr) == 0)
1518 continue;
1519 cp[IPOPT_OFFSET] += sizeof(struct in_addr);
1520 off += sizeof(struct in_addr);
1521 break;
1522
1523 default:
1524 code = &cp[IPOPT_OFFSET + 1] - (u_char *)ip;
1525 goto bad;
1526 }
1527 ntime = iptime();
1528 (void)memcpy(cp + off, &ntime, sizeof(n_time));
1529 cp[IPOPT_OFFSET] += sizeof(n_time);
1530 }
1531 }
1532 if (forward && ipforwarding) {
1533 ip_forward(m, 1, next_hop);
1534 return (1);
1535 }
1536 return (0);
1537 bad:
1538 icmp_error(m, type, code, 0, 0);
1539 ipstat.ips_badoptions++;
1540 return (1);
1541 }
1542
1543 /*
1544 * Given address of next destination (final or next hop),
1545 * return internet address info of interface to be used to get there.
1546 */
1547 struct in_ifaddr *
1548 ip_rtaddr(dst, rt)
1549 struct in_addr dst;
1550 struct route *rt;
1551 {
1552 register struct sockaddr_in *sin;
1553
1554 sin = (struct sockaddr_in *)&rt->ro_dst;
1555
1556 if (rt->ro_rt == 0 ||
1557 !(rt->ro_rt->rt_flags & RTF_UP) ||
1558 dst.s_addr != sin->sin_addr.s_addr) {
1559 if (rt->ro_rt) {
1560 RTFREE(rt->ro_rt);
1561 rt->ro_rt = 0;
1562 }
1563 sin->sin_family = AF_INET;
1564 sin->sin_len = sizeof(*sin);
1565 sin->sin_addr = dst;
1566
1567 rtalloc_ign(rt, RTF_PRCLONING);
1568 }
1569 if (rt->ro_rt == 0)
1570 return ((struct in_ifaddr *)0);
1571 return (ifatoia(rt->ro_rt->rt_ifa));
1572 }
1573
1574 /*
1575 * Save incoming source route for use in replies,
1576 * to be picked up later by ip_srcroute if the receiver is interested.
1577 */
1578 static void
1579 save_rte(option, dst)
1580 u_char *option;
1581 struct in_addr dst;
1582 {
1583 unsigned olen;
1584
1585 olen = option[IPOPT_OLEN];
1586 #ifdef DIAGNOSTIC
1587 if (ipprintfs)
1588 printf("save_rte: olen %d\n", olen);
1589 #endif
1590 if (olen > sizeof(ip_srcrt) - (1 + sizeof(dst)))
1591 return;
1592 bcopy(option, ip_srcrt.srcopt, olen);
1593 ip_nhops = (olen - IPOPT_OFFSET - 1) / sizeof(struct in_addr);
1594 ip_srcrt.dst = dst;
1595 }
1596
1597 /*
1598 * Retrieve incoming source route for use in replies,
1599 * in the same form used by setsockopt.
1600 * The first hop is placed before the options, will be removed later.
1601 */
1602 struct mbuf *
1603 ip_srcroute()
1604 {
1605 register struct in_addr *p, *q;
1606 register struct mbuf *m;
1607
1608 if (ip_nhops == 0)
1609 return ((struct mbuf *)0);
1610 m = m_get(M_DONTWAIT, MT_HEADER);
1611 if (m == 0)
1612 return ((struct mbuf *)0);
1613
1614 #define OPTSIZ (sizeof(ip_srcrt.nop) + sizeof(ip_srcrt.srcopt))
1615
1616 /* length is (nhops+1)*sizeof(addr) + sizeof(nop + srcrt header) */
1617 m->m_len = ip_nhops * sizeof(struct in_addr) + sizeof(struct in_addr) +
1618 OPTSIZ;
1619 #ifdef DIAGNOSTIC
1620 if (ipprintfs)
1621 printf("ip_srcroute: nhops %d mlen %d", ip_nhops, m->m_len);
1622 #endif
1623
1624 /*
1625 * First save first hop for return route
1626 */
1627 p = &ip_srcrt.route[ip_nhops - 1];
1628 *(mtod(m, struct in_addr *)) = *p--;
1629 #ifdef DIAGNOSTIC
1630 if (ipprintfs)
1631 printf(" hops %lx", (u_long)ntohl(mtod(m, struct in_addr *)->s_addr));
1632 #endif
1633
1634 /*
1635 * Copy option fields and padding (nop) to mbuf.
1636 */
1637 ip_srcrt.nop = IPOPT_NOP;
1638 ip_srcrt.srcopt[IPOPT_OFFSET] = IPOPT_MINOFF;
1639 (void)memcpy(mtod(m, caddr_t) + sizeof(struct in_addr),
1640 &ip_srcrt.nop, OPTSIZ);
1641 q = (struct in_addr *)(mtod(m, caddr_t) +
1642 sizeof(struct in_addr) + OPTSIZ);
1643 #undef OPTSIZ
1644 /*
1645 * Record return path as an IP source route,
1646 * reversing the path (pointers are now aligned).
1647 */
1648 while (p >= ip_srcrt.route) {
1649 #ifdef DIAGNOSTIC
1650 if (ipprintfs)
1651 printf(" %lx", (u_long)ntohl(q->s_addr));
1652 #endif
1653 *q++ = *p--;
1654 }
1655 /*
1656 * Last hop goes to final destination.
1657 */
1658 *q = ip_srcrt.dst;
1659 #ifdef DIAGNOSTIC
1660 if (ipprintfs)
1661 printf(" %lx\n", (u_long)ntohl(q->s_addr));
1662 #endif
1663 return (m);
1664 }
1665
1666 /*
1667 * Strip out IP options, at higher
1668 * level protocol in the kernel.
1669 * Second argument is buffer to which options
1670 * will be moved, and return value is their length.
1671 * XXX should be deleted; last arg currently ignored.
1672 */
1673 void
1674 ip_stripoptions(m, mopt)
1675 register struct mbuf *m;
1676 struct mbuf *mopt;
1677 {
1678 register int i;
1679 struct ip *ip = mtod(m, struct ip *);
1680 register caddr_t opts;
1681 int olen;
1682
1683 olen = (ip->ip_hl << 2) - sizeof (struct ip);
1684 opts = (caddr_t)(ip + 1);
1685 i = m->m_len - (sizeof (struct ip) + olen);
1686 bcopy(opts + olen, opts, (unsigned)i);
1687 m->m_len -= olen;
1688 if (m->m_flags & M_PKTHDR)
1689 m->m_pkthdr.len -= olen;
1690 ip->ip_v = IPVERSION;
1691 ip->ip_hl = sizeof(struct ip) >> 2;
1692 }
1693
1694 u_char inetctlerrmap[PRC_NCMDS] = {
1695 0, 0, 0, 0,
1696 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH,
1697 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED,
1698 EMSGSIZE, EHOSTUNREACH, 0, 0,
1699 0, 0, 0, 0,
1700 ENOPROTOOPT, ECONNREFUSED
1701 };
1702
1703 /*
1704 * Forward a packet. If some error occurs return the sender
1705 * an icmp packet. Note we can't always generate a meaningful
1706 * icmp message because icmp doesn't have a large enough repertoire
1707 * of codes and types.
1708 *
1709 * If not forwarding, just drop the packet. This could be confusing
1710 * if ipforwarding was zero but some routing protocol was advancing
1711 * us as a gateway to somewhere. However, we must let the routing
1712 * protocol deal with that.
1713 *
1714 * The srcrt parameter indicates whether the packet is being forwarded
1715 * via a source route.
1716 */
1717 static void
1718 ip_forward(struct mbuf *m, int srcrt, struct sockaddr_in *next_hop)
1719 {
1720 struct ip *ip = mtod(m, struct ip *);
1721 struct rtentry *rt;
1722 int error, type = 0, code = 0;
1723 struct mbuf *mcopy;
1724 n_long dest;
1725 struct in_addr pkt_dst;
1726 struct ifnet *destifp;
1727 #if defined(IPSEC) || defined(FAST_IPSEC)
1728 struct ifnet dummyifp;
1729 #endif
1730
1731 dest = 0;
1732 /*
1733 * Cache the destination address of the packet; this may be
1734 * changed by use of 'ipfw fwd'.
1735 */
1736 pkt_dst = next_hop ? next_hop->sin_addr : ip->ip_dst;
1737
1738 #ifdef DIAGNOSTIC
1739 if (ipprintfs)
1740 printf("forward: src %lx dst %lx ttl %x\n",
1741 (u_long)ip->ip_src.s_addr, (u_long)pkt_dst.s_addr,
1742 ip->ip_ttl);
1743 #endif
1744
1745
1746 if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(pkt_dst) == 0) {
1747 ipstat.ips_cantforward++;
1748 m_freem(m);
1749 return;
1750 }
1751 #ifdef IPSTEALTH
1752 if (!ipstealth) {
1753 #endif
1754 if (ip->ip_ttl <= IPTTLDEC) {
1755 icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS,
1756 dest, 0);
1757 return;
1758 }
1759 #ifdef IPSTEALTH
1760 }
1761 #endif
1762
1763 if (ip_rtaddr(pkt_dst, &ipforward_rt) == 0) {
1764 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, dest, 0);
1765 return;
1766 } else
1767 rt = ipforward_rt.ro_rt;
1768
1769 /*
1770 * Save the IP header and at most 8 bytes of the payload,
1771 * in case we need to generate an ICMP message to the src.
1772 *
1773 * XXX this can be optimized a lot by saving the data in a local
1774 * buffer on the stack (72 bytes at most), and only allocating the
1775 * mbuf if really necessary. The vast majority of the packets
1776 * are forwarded without having to send an ICMP back (either
1777 * because unnecessary, or because rate limited), so we are
1778 * really we are wasting a lot of work here.
1779 *
1780 * We don't use m_copy() because it might return a reference
1781 * to a shared cluster. Both this function and ip_output()
1782 * assume exclusive access to the IP header in `m', so any
1783 * data in a cluster may change before we reach icmp_error().
1784 */
1785 MGET(mcopy, M_DONTWAIT, m->m_type);
1786 if (mcopy != NULL && !m_dup_pkthdr(mcopy, m, M_DONTWAIT)) {
1787 /*
1788 * It's probably ok if the pkthdr dup fails (because
1789 * the deep copy of the tag chain failed), but for now
1790 * be conservative and just discard the copy since
1791 * code below may some day want the tags.
1792 */
1793 m_free(mcopy);
1794 mcopy = NULL;
1795 }
1796 if (mcopy != NULL) {
1797 mcopy->m_len = imin((ip->ip_hl << 2) + 8,
1798 (int)ip->ip_len);
1799 m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t));
1800 /*
1801 * XXXMAC: Eventually, we may have an explict labeling
1802 * point here.
1803 */
1804 }
1805
1806 #ifdef IPSTEALTH
1807 if (!ipstealth) {
1808 #endif
1809 ip->ip_ttl -= IPTTLDEC;
1810 #ifdef IPSTEALTH
1811 }
1812 #endif
1813
1814 /*
1815 * If forwarding packet using same interface that it came in on,
1816 * perhaps should send a redirect to sender to shortcut a hop.
1817 * Only send redirect if source is sending directly to us,
1818 * and if packet was not source routed (or has any options).
1819 * Also, don't send redirect if forwarding using a default route
1820 * or a route modified by a redirect.
1821 */
1822 if (rt->rt_ifp == m->m_pkthdr.rcvif &&
1823 (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0 &&
1824 satosin(rt_key(rt))->sin_addr.s_addr != 0 &&
1825 ipsendredirects && !srcrt && !next_hop) {
1826 #define RTA(rt) ((struct in_ifaddr *)(rt->rt_ifa))
1827 u_long src = ntohl(ip->ip_src.s_addr);
1828
1829 if (RTA(rt) &&
1830 (src & RTA(rt)->ia_subnetmask) == RTA(rt)->ia_subnet) {
1831 if (rt->rt_flags & RTF_GATEWAY)
1832 dest = satosin(rt->rt_gateway)->sin_addr.s_addr;
1833 else
1834 dest = pkt_dst.s_addr;
1835 /* Router requirements says to only send host redirects */
1836 type = ICMP_REDIRECT;
1837 code = ICMP_REDIRECT_HOST;
1838 #ifdef DIAGNOSTIC
1839 if (ipprintfs)
1840 printf("redirect (%d) to %lx\n", code, (u_long)dest);
1841 #endif
1842 }
1843 }
1844
1845 {
1846 struct m_hdr tag;
1847
1848 if (next_hop) {
1849 /* Pass IPFORWARD info if available */
1850
1851 tag.mh_type = MT_TAG;
1852 tag.mh_flags = PACKET_TAG_IPFORWARD;
1853 tag.mh_data = (caddr_t)next_hop;
1854 tag.mh_next = m;
1855 m = (struct mbuf *)&tag;
1856 }
1857 error = ip_output(m, (struct mbuf *)0, &ipforward_rt,
1858 IP_FORWARDING, 0, NULL);
1859 }
1860 if (error)
1861 ipstat.ips_cantforward++;
1862 else {
1863 ipstat.ips_forward++;
1864 if (type)
1865 ipstat.ips_redirectsent++;
1866 else {
1867 if (mcopy) {
1868 ipflow_create(&ipforward_rt, mcopy);
1869 m_freem(mcopy);
1870 }
1871 return;
1872 }
1873 }
1874 if (mcopy == NULL)
1875 return;
1876 destifp = NULL;
1877
1878 switch (error) {
1879
1880 case 0: /* forwarded, but need redirect */
1881 /* type, code set above */
1882 break;
1883
1884 case ENETUNREACH: /* shouldn't happen, checked above */
1885 case EHOSTUNREACH:
1886 case ENETDOWN:
1887 case EHOSTDOWN:
1888 default:
1889 type = ICMP_UNREACH;
1890 code = ICMP_UNREACH_HOST;
1891 break;
1892
1893 case EMSGSIZE:
1894 type = ICMP_UNREACH;
1895 code = ICMP_UNREACH_NEEDFRAG;
1896 #ifdef IPSEC
1897 /*
1898 * If the packet is routed over IPsec tunnel, tell the
1899 * originator the tunnel MTU.
1900 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz
1901 * XXX quickhack!!!
1902 */
1903 if (ipforward_rt.ro_rt) {
1904 struct secpolicy *sp = NULL;
1905 int ipsecerror;
1906 int ipsechdr;
1907 struct route *ro;
1908
1909 sp = ipsec4_getpolicybyaddr(mcopy,
1910 IPSEC_DIR_OUTBOUND,
1911 IP_FORWARDING,
1912 &ipsecerror);
1913
1914 if (sp == NULL)
1915 destifp = ipforward_rt.ro_rt->rt_ifp;
1916 else {
1917 /* count IPsec header size */
1918 ipsechdr = ipsec4_hdrsiz(mcopy,
1919 IPSEC_DIR_OUTBOUND,
1920 NULL);
1921
1922 /*
1923 * find the correct route for outer IPv4
1924 * header, compute tunnel MTU.
1925 *
1926 * XXX BUG ALERT
1927 * The "dummyifp" code relies upon the fact
1928 * that icmp_error() touches only ifp->if_mtu.
1929 */
1930 /*XXX*/
1931 destifp = NULL;
1932 if (sp->req != NULL
1933 && sp->req->sav != NULL
1934 && sp->req->sav->sah != NULL) {
1935 ro = &sp->req->sav->sah->sa_route;
1936 if (ro->ro_rt && ro->ro_rt->rt_ifp) {
1937 dummyifp.if_mtu =
1938 ro->ro_rt->rt_ifp->if_mtu;
1939 dummyifp.if_mtu -= ipsechdr;
1940 destifp = &dummyifp;
1941 }
1942 }
1943
1944 key_freesp(sp);
1945 }
1946 }
1947 #elif FAST_IPSEC
1948 /*
1949 * If the packet is routed over IPsec tunnel, tell the
1950 * originator the tunnel MTU.
1951 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz
1952 * XXX quickhack!!!
1953 */
1954 if (ipforward_rt.ro_rt) {
1955 struct secpolicy *sp = NULL;
1956 int ipsecerror;
1957 int ipsechdr;
1958 struct route *ro;
1959
1960 sp = ipsec_getpolicybyaddr(mcopy,
1961 IPSEC_DIR_OUTBOUND,
1962 IP_FORWARDING,
1963 &ipsecerror);
1964
1965 if (sp == NULL)
1966 destifp = ipforward_rt.ro_rt->rt_ifp;
1967 else {
1968 /* count IPsec header size */
1969 ipsechdr = ipsec4_hdrsiz(mcopy,
1970 IPSEC_DIR_OUTBOUND,
1971 NULL);
1972
1973 /*
1974 * find the correct route for outer IPv4
1975 * header, compute tunnel MTU.
1976 *
1977 * XXX BUG ALERT
1978 * The "dummyifp" code relies upon the fact
1979 * that icmp_error() touches only ifp->if_mtu.
1980 */
1981 /*XXX*/
1982 destifp = NULL;
1983 if (sp->req != NULL
1984 && sp->req->sav != NULL
1985 && sp->req->sav->sah != NULL) {
1986 ro = &sp->req->sav->sah->sa_route;
1987 if (ro->ro_rt && ro->ro_rt->rt_ifp) {
1988 dummyifp.if_mtu =
1989 ro->ro_rt->rt_ifp->if_mtu;
1990 dummyifp.if_mtu -= ipsechdr;
1991 destifp = &dummyifp;
1992 }
1993 }
1994
1995 KEY_FREESP(&sp);
1996 }
1997 }
1998 #else /* !IPSEC && !FAST_IPSEC */
1999 if (ipforward_rt.ro_rt)
2000 destifp = ipforward_rt.ro_rt->rt_ifp;
2001 #endif /*IPSEC*/
2002 ipstat.ips_cantfrag++;
2003 break;
2004
2005 case ENOBUFS:
2006 /*
2007 * A router should not generate ICMP_SOURCEQUENCH as
2008 * required in RFC1812 Requirements for IP Version 4 Routers.
2009 * Source quench could be a big problem under DoS attacks,
2010 * or if the underlying interface is rate-limited.
2011 * Those who need source quench packets may re-enable them
2012 * via the net.inet.ip.sendsourcequench sysctl.
2013 */
2014 if (ip_sendsourcequench == 0) {
2015 m_freem(mcopy);
2016 return;
2017 } else {
2018 type = ICMP_SOURCEQUENCH;
2019 code = 0;
2020 }
2021 break;
2022
2023 case EACCES: /* ipfw denied packet */
2024 m_freem(mcopy);
2025 return;
2026 }
2027 icmp_error(mcopy, type, code, dest, destifp);
2028 }
2029
2030 void
2031 ip_savecontrol(inp, mp, ip, m)
2032 register struct inpcb *inp;
2033 register struct mbuf **mp;
2034 register struct ip *ip;
2035 register struct mbuf *m;
2036 {
2037 if (inp->inp_socket->so_options & SO_TIMESTAMP) {
2038 struct timeval tv;
2039
2040 microtime(&tv);
2041 *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv),
2042 SCM_TIMESTAMP, SOL_SOCKET);
2043 if (*mp)
2044 mp = &(*mp)->m_next;
2045 }
2046 if (inp->inp_flags & INP_RECVDSTADDR) {
2047 *mp = sbcreatecontrol((caddr_t) &ip->ip_dst,
2048 sizeof(struct in_addr), IP_RECVDSTADDR, IPPROTO_IP);
2049 if (*mp)
2050 mp = &(*mp)->m_next;
2051 }
2052 if (inp->inp_flags & INP_RECVTTL) {
2053 *mp = sbcreatecontrol((caddr_t) &ip->ip_ttl,
2054 sizeof(u_char), IP_RECVTTL, IPPROTO_IP);
2055 if (*mp)
2056 mp = &(*mp)->m_next;
2057 }
2058 #ifdef notyet
2059 /* XXX
2060 * Moving these out of udp_input() made them even more broken
2061 * than they already were.
2062 */
2063 /* options were tossed already */
2064 if (inp->inp_flags & INP_RECVOPTS) {
2065 *mp = sbcreatecontrol((caddr_t) opts_deleted_above,
2066 sizeof(struct in_addr), IP_RECVOPTS, IPPROTO_IP);
2067 if (*mp)
2068 mp = &(*mp)->m_next;
2069 }
2070 /* ip_srcroute doesn't do what we want here, need to fix */
2071 if (inp->inp_flags & INP_RECVRETOPTS) {
2072 *mp = sbcreatecontrol((caddr_t) ip_srcroute(),
2073 sizeof(struct in_addr), IP_RECVRETOPTS, IPPROTO_IP);
2074 if (*mp)
2075 mp = &(*mp)->m_next;
2076 }
2077 #endif
2078 if (inp->inp_flags & INP_RECVIF) {
2079 struct ifnet *ifp;
2080 struct sdlbuf {
2081 struct sockaddr_dl sdl;
2082 u_char pad[32];
2083 } sdlbuf;
2084 struct sockaddr_dl *sdp;
2085 struct sockaddr_dl *sdl2 = &sdlbuf.sdl;
2086
2087 if (((ifp = m->m_pkthdr.rcvif))
2088 && ( ifp->if_index && (ifp->if_index <= if_index))) {
2089 sdp = (struct sockaddr_dl *)
2090 (ifaddr_byindex(ifp->if_index)->ifa_addr);
2091 /*
2092 * Change our mind and don't try copy.
2093 */
2094 if ((sdp->sdl_family != AF_LINK)
2095 || (sdp->sdl_len > sizeof(sdlbuf))) {
2096 goto makedummy;
2097 }
2098 bcopy(sdp, sdl2, sdp->sdl_len);
2099 } else {
2100 makedummy:
2101 sdl2->sdl_len
2102 = offsetof(struct sockaddr_dl, sdl_data[0]);
2103 sdl2->sdl_family = AF_LINK;
2104 sdl2->sdl_index = 0;
2105 sdl2->sdl_nlen = sdl2->sdl_alen = sdl2->sdl_slen = 0;
2106 }
2107 *mp = sbcreatecontrol((caddr_t) sdl2, sdl2->sdl_len,
2108 IP_RECVIF, IPPROTO_IP);
2109 if (*mp)
2110 mp = &(*mp)->m_next;
2111 }
2112 }
2113
2114 /*
2115 * XXX these routines are called from the upper part of the kernel.
2116 * They need to be locked when we remove Giant.
2117 *
2118 * They could also be moved to ip_mroute.c, since all the RSVP
2119 * handling is done there already.
2120 */
2121 static int ip_rsvp_on;
2122 struct socket *ip_rsvpd;
2123 int
2124 ip_rsvp_init(struct socket *so)
2125 {
2126 if (so->so_type != SOCK_RAW ||
2127 so->so_proto->pr_protocol != IPPROTO_RSVP)
2128 return EOPNOTSUPP;
2129
2130 if (ip_rsvpd != NULL)
2131 return EADDRINUSE;
2132
2133 ip_rsvpd = so;
2134 /*
2135 * This may seem silly, but we need to be sure we don't over-increment
2136 * the RSVP counter, in case something slips up.
2137 */
2138 if (!ip_rsvp_on) {
2139 ip_rsvp_on = 1;
2140 rsvp_on++;
2141 }
2142
2143 return 0;
2144 }
2145
2146 int
2147 ip_rsvp_done(void)
2148 {
2149 ip_rsvpd = NULL;
2150 /*
2151 * This may seem silly, but we need to be sure we don't over-decrement
2152 * the RSVP counter, in case something slips up.
2153 */
2154 if (ip_rsvp_on) {
2155 ip_rsvp_on = 0;
2156 rsvp_on--;
2157 }
2158 return 0;
2159 }
2160
2161 void
2162 rsvp_input(struct mbuf *m, int off) /* XXX must fixup manually */
2163 {
2164 if (rsvp_input_p) { /* call the real one if loaded */
2165 rsvp_input_p(m, off);
2166 return;
2167 }
2168
2169 /* Can still get packets with rsvp_on = 0 if there is a local member
2170 * of the group to which the RSVP packet is addressed. But in this
2171 * case we want to throw the packet away.
2172 */
2173
2174 if (!rsvp_on) {
2175 m_freem(m);
2176 return;
2177 }
2178
2179 if (ip_rsvpd != NULL) {
2180 rip_input(m, off);
2181 return;
2182 }
2183 /* Drop the packet */
2184 m_freem(m);
2185 }
Cache object: dba71e0b6de95e1d50b8278bda70a4fb
|