1 /*-
2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $KAME: ip6_input.c,v 1.259 2002/01/21 04:58:09 jinmei Exp $
30 */
31
32 /*-
33 * Copyright (c) 1982, 1986, 1988, 1993
34 * The Regents of the University of California. All rights reserved.
35 *
36 * Redistribution and use in source and binary forms, with or without
37 * modification, are permitted provided that the following conditions
38 * are met:
39 * 1. Redistributions of source code must retain the above copyright
40 * notice, this list of conditions and the following disclaimer.
41 * 2. Redistributions in binary form must reproduce the above copyright
42 * notice, this list of conditions and the following disclaimer in the
43 * documentation and/or other materials provided with the distribution.
44 * 4. Neither the name of the University nor the names of its contributors
45 * may be used to endorse or promote products derived from this software
46 * without specific prior written permission.
47 *
48 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * SUCH DAMAGE.
59 *
60 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94
61 */
62
63 #include <sys/cdefs.h>
64 __FBSDID("$FreeBSD: src/sys/netinet6/ip6_input.c,v 1.106 2008/12/02 21:37:28 bz Exp $");
65
66 #include "opt_inet.h"
67 #include "opt_inet6.h"
68 #include "opt_ipsec.h"
69
70 #include <sys/param.h>
71 #include <sys/systm.h>
72 #include <sys/malloc.h>
73 #include <sys/mbuf.h>
74 #include <sys/proc.h>
75 #include <sys/domain.h>
76 #include <sys/protosw.h>
77 #include <sys/socket.h>
78 #include <sys/socketvar.h>
79 #include <sys/errno.h>
80 #include <sys/time.h>
81 #include <sys/kernel.h>
82 #include <sys/syslog.h>
83 #include <sys/vimage.h>
84
85 #include <net/if.h>
86 #include <net/if_types.h>
87 #include <net/if_dl.h>
88 #include <net/route.h>
89 #include <net/netisr.h>
90 #include <net/pfil.h>
91 #include <net/vnet.h>
92
93 #include <netinet/in.h>
94 #include <netinet/in_systm.h>
95 #ifdef INET
96 #include <netinet/ip.h>
97 #include <netinet/ip_icmp.h>
98 #include <netinet/vinet.h>
99 #endif /* INET */
100 #include <netinet/ip6.h>
101 #include <netinet6/in6_var.h>
102 #include <netinet6/ip6_var.h>
103 #include <netinet/in_pcb.h>
104 #include <netinet/icmp6.h>
105 #include <netinet6/scope6_var.h>
106 #include <netinet6/in6_ifattach.h>
107 #include <netinet6/nd6.h>
108 #include <netinet6/vinet6.h>
109
110 #ifdef IPSEC
111 #include <netipsec/ipsec.h>
112 #include <netinet6/ip6_ipsec.h>
113 #include <netipsec/ipsec6.h>
114 #endif /* IPSEC */
115
116 #include <netinet6/ip6protosw.h>
117
118 extern struct domain inet6domain;
119
120 u_char ip6_protox[IPPROTO_MAX];
121 static struct ifqueue ip6intrq;
122
123 #ifdef VIMAGE_GLOBALS
124 static int ip6qmaxlen;
125 struct in6_ifaddr *in6_ifaddr;
126 struct ip6stat ip6stat;
127 #endif
128
129 extern struct callout in6_tmpaddrtimer_ch;
130
131 extern int dad_init;
132 extern int pmtu_expire;
133 extern int pmtu_probe;
134 extern u_long rip6_sendspace;
135 extern u_long rip6_recvspace;
136 extern int icmp6errppslim;
137 extern int icmp6_nodeinfo;
138 extern int udp6_sendspace;
139 extern int udp6_recvspace;
140
141 #ifdef VIMAGE_GLOBALS
142 int ip6_forward_srcrt; /* XXX */
143 int ip6_sourcecheck; /* XXX */
144 int ip6_sourcecheck_interval; /* XXX */
145 int ip6_ours_check_algorithm;
146 #endif
147
148 struct pfil_head inet6_pfil_hook;
149
150 static void ip6_init2(void *);
151 static struct ip6aux *ip6_setdstifaddr(struct mbuf *, struct in6_ifaddr *);
152 static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *);
153 #ifdef PULLDOWN_TEST
154 static struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int);
155 #endif
156
157 /*
158 * IP6 initialization: fill in IP6 protocol switch table.
159 * All protocols not implemented in kernel go to raw IP6 protocol handler.
160 */
161 void
162 ip6_init(void)
163 {
164 INIT_VNET_INET6(curvnet);
165 struct ip6protosw *pr;
166 int i;
167
168 V_ip6qmaxlen = IFQ_MAXLEN;
169 V_in6_maxmtu = 0;
170 #ifdef IP6_AUTO_LINKLOCAL
171 V_ip6_auto_linklocal = IP6_AUTO_LINKLOCAL;
172 #else
173 V_ip6_auto_linklocal = 1; /* enable by default */
174 #endif
175
176 #ifndef IPV6FORWARDING
177 #ifdef GATEWAY6
178 #define IPV6FORWARDING 1 /* forward IP6 packets not for us */
179 #else
180 #define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */
181 #endif /* GATEWAY6 */
182 #endif /* !IPV6FORWARDING */
183
184 #ifndef IPV6_SENDREDIRECTS
185 #define IPV6_SENDREDIRECTS 1
186 #endif
187
188 V_ip6_forwarding = IPV6FORWARDING; /* act as router? */
189 V_ip6_sendredirects = IPV6_SENDREDIRECTS;
190 V_ip6_defhlim = IPV6_DEFHLIM;
191 V_ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS;
192 V_ip6_accept_rtadv = 0; /* "IPV6FORWARDING ? 0 : 1" is dangerous */
193 V_ip6_log_interval = 5;
194 V_ip6_hdrnestlimit = 15; /* How many header options will we process? */
195 V_ip6_dad_count = 1; /* DupAddrDetectionTransmits */
196 V_ip6_auto_flowlabel = 1;
197 V_ip6_use_deprecated = 1;/* allow deprecated addr (RFC2462 5.5.4) */
198 V_ip6_rr_prune = 5; /* router renumbering prefix
199 * walk list every 5 sec. */
200 V_ip6_mcast_pmtu = 0; /* enable pMTU discovery for multicast? */
201 V_ip6_v6only = 1;
202 V_ip6_keepfaith = 0;
203 V_ip6_log_time = (time_t)0L;
204 #ifdef IPSTEALTH
205 V_ip6stealth = 0;
206 #endif
207 V_nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (RFC 4861) */
208
209 V_pmtu_expire = 60*10;
210 V_pmtu_probe = 60*2;
211
212 /* raw IP6 parameters */
213 /*
214 * Nominal space allocated to a raw ip socket.
215 */
216 #define RIPV6SNDQ 8192
217 #define RIPV6RCVQ 8192
218 V_rip6_sendspace = RIPV6SNDQ;
219 V_rip6_recvspace = RIPV6RCVQ;
220
221 /* ICMPV6 parameters */
222 V_icmp6_rediraccept = 1; /* accept and process redirects */
223 V_icmp6_redirtimeout = 10 * 60; /* 10 minutes */
224 V_icmp6errppslim = 100; /* 100pps */
225 /* control how to respond to NI queries */
226 V_icmp6_nodeinfo = (ICMP6_NODEINFO_FQDNOK|ICMP6_NODEINFO_NODEADDROK);
227
228 /* UDP on IP6 parameters */
229 V_udp6_sendspace = 9216; /* really max datagram size */
230 V_udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6));
231 /* 40 1K datagrams */
232 V_dad_init = 0;
233
234 #ifdef DIAGNOSTIC
235 if (sizeof(struct protosw) != sizeof(struct ip6protosw))
236 panic("sizeof(protosw) != sizeof(ip6protosw)");
237 #endif
238 pr = (struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW);
239 if (pr == 0)
240 panic("ip6_init");
241
242 /* Initialize the entire ip_protox[] array to IPPROTO_RAW. */
243 for (i = 0; i < IPPROTO_MAX; i++)
244 ip6_protox[i] = pr - inet6sw;
245 /*
246 * Cycle through IP protocols and put them into the appropriate place
247 * in ip6_protox[].
248 */
249 for (pr = (struct ip6protosw *)inet6domain.dom_protosw;
250 pr < (struct ip6protosw *)inet6domain.dom_protoswNPROTOSW; pr++)
251 if (pr->pr_domain->dom_family == PF_INET6 &&
252 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) {
253 /* Be careful to only index valid IP protocols. */
254 if (pr->pr_protocol < IPPROTO_MAX)
255 ip6_protox[pr->pr_protocol] = pr - inet6sw;
256 }
257
258 /* Initialize packet filter hooks. */
259 inet6_pfil_hook.ph_type = PFIL_TYPE_AF;
260 inet6_pfil_hook.ph_af = AF_INET6;
261 if ((i = pfil_head_register(&inet6_pfil_hook)) != 0)
262 printf("%s: WARNING: unable to register pfil hook, "
263 "error %d\n", __func__, i);
264
265 ip6intrq.ifq_maxlen = V_ip6qmaxlen;
266 mtx_init(&ip6intrq.ifq_mtx, "ip6_inq", NULL, MTX_DEF);
267 netisr_register(NETISR_IPV6, ip6_input, &ip6intrq, 0);
268 scope6_init();
269 addrsel_policy_init();
270 nd6_init();
271 frag6_init();
272 V_ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR;
273 }
274
275 static void
276 ip6_init2(void *dummy)
277 {
278 INIT_VNET_INET6(curvnet);
279
280 /* nd6_timer_init */
281 callout_init(&V_nd6_timer_ch, 0);
282 callout_reset(&V_nd6_timer_ch, hz, nd6_timer, NULL);
283
284 /* timer for regeneranation of temporary addresses randomize ID */
285 callout_init(&V_in6_tmpaddrtimer_ch, 0);
286 callout_reset(&V_in6_tmpaddrtimer_ch,
287 (V_ip6_temp_preferred_lifetime - V_ip6_desync_factor -
288 V_ip6_temp_regen_advance) * hz,
289 in6_tmpaddrtimer, NULL);
290 }
291
292 /* cheat */
293 /* This must be after route_init(), which is now SI_ORDER_THIRD */
294 SYSINIT(netinet6init2, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ip6_init2, NULL);
295
296 extern struct route_in6 ip6_forward_rt;
297
298 void
299 ip6_input(struct mbuf *m)
300 {
301 INIT_VNET_NET(curvnet);
302 INIT_VNET_INET6(curvnet);
303 struct ip6_hdr *ip6;
304 int off = sizeof(struct ip6_hdr), nest;
305 u_int32_t plen;
306 u_int32_t rtalert = ~0;
307 int nxt, ours = 0;
308 struct ifnet *deliverifp = NULL;
309 struct in6_addr odst;
310 int srcrt = 0;
311
312 #ifdef IPSEC
313 /*
314 * should the inner packet be considered authentic?
315 * see comment in ah4_input().
316 * NB: m cannot be NULL when passed to the input routine
317 */
318
319 m->m_flags &= ~M_AUTHIPHDR;
320 m->m_flags &= ~M_AUTHIPDGM;
321
322 #endif /* IPSEC */
323
324 /*
325 * make sure we don't have onion peering information into m_tag.
326 */
327 ip6_delaux(m);
328
329 /*
330 * mbuf statistics
331 */
332 if (m->m_flags & M_EXT) {
333 if (m->m_next)
334 V_ip6stat.ip6s_mext2m++;
335 else
336 V_ip6stat.ip6s_mext1++;
337 } else {
338 #define M2MMAX (sizeof(V_ip6stat.ip6s_m2m)/sizeof(V_ip6stat.ip6s_m2m[0]))
339 if (m->m_next) {
340 if (m->m_flags & M_LOOP) {
341 V_ip6stat.ip6s_m2m[V_loif[0].if_index]++; /* XXX */
342 } else if (m->m_pkthdr.rcvif->if_index < M2MMAX)
343 V_ip6stat.ip6s_m2m[m->m_pkthdr.rcvif->if_index]++;
344 else
345 V_ip6stat.ip6s_m2m[0]++;
346 } else
347 V_ip6stat.ip6s_m1++;
348 #undef M2MMAX
349 }
350
351 /* drop the packet if IPv6 operation is disabled on the IF */
352 if ((ND_IFINFO(m->m_pkthdr.rcvif)->flags & ND6_IFF_IFDISABLED)) {
353 m_freem(m);
354 return;
355 }
356
357 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive);
358 V_ip6stat.ip6s_total++;
359
360 #ifndef PULLDOWN_TEST
361 /*
362 * L2 bridge code and some other code can return mbuf chain
363 * that does not conform to KAME requirement. too bad.
364 * XXX: fails to join if interface MTU > MCLBYTES. jumbogram?
365 */
366 if (m && m->m_next != NULL && m->m_pkthdr.len < MCLBYTES) {
367 struct mbuf *n;
368
369 MGETHDR(n, M_DONTWAIT, MT_HEADER);
370 if (n)
371 M_MOVE_PKTHDR(n, m);
372 if (n && n->m_pkthdr.len > MHLEN) {
373 MCLGET(n, M_DONTWAIT);
374 if ((n->m_flags & M_EXT) == 0) {
375 m_freem(n);
376 n = NULL;
377 }
378 }
379 if (n == NULL) {
380 m_freem(m);
381 return; /* ENOBUFS */
382 }
383
384 m_copydata(m, 0, n->m_pkthdr.len, mtod(n, caddr_t));
385 n->m_len = n->m_pkthdr.len;
386 m_freem(m);
387 m = n;
388 }
389 IP6_EXTHDR_CHECK(m, 0, sizeof(struct ip6_hdr), /* nothing */);
390 #endif
391
392 if (m->m_len < sizeof(struct ip6_hdr)) {
393 struct ifnet *inifp;
394 inifp = m->m_pkthdr.rcvif;
395 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
396 V_ip6stat.ip6s_toosmall++;
397 in6_ifstat_inc(inifp, ifs6_in_hdrerr);
398 return;
399 }
400 }
401
402 ip6 = mtod(m, struct ip6_hdr *);
403
404 if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
405 V_ip6stat.ip6s_badvers++;
406 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
407 goto bad;
408 }
409
410 V_ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;
411
412 /*
413 * Check against address spoofing/corruption.
414 */
415 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) ||
416 IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) {
417 /*
418 * XXX: "badscope" is not very suitable for a multicast source.
419 */
420 V_ip6stat.ip6s_badscope++;
421 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
422 goto bad;
423 }
424 if (IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst) &&
425 !(m->m_flags & M_LOOP)) {
426 /*
427 * In this case, the packet should come from the loopback
428 * interface. However, we cannot just check the if_flags,
429 * because ip6_mloopback() passes the "actual" interface
430 * as the outgoing/incoming interface.
431 */
432 V_ip6stat.ip6s_badscope++;
433 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
434 goto bad;
435 }
436
437 #ifdef ALTQ
438 if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) {
439 /* packet is dropped by traffic conditioner */
440 return;
441 }
442 #endif
443 /*
444 * The following check is not documented in specs. A malicious
445 * party may be able to use IPv4 mapped addr to confuse tcp/udp stack
446 * and bypass security checks (act as if it was from 127.0.0.1 by using
447 * IPv6 src ::ffff:127.0.0.1). Be cautious.
448 *
449 * This check chokes if we are in an SIIT cloud. As none of BSDs
450 * support IPv4-less kernel compilation, we cannot support SIIT
451 * environment at all. So, it makes more sense for us to reject any
452 * malicious packets for non-SIIT environment, than try to do a
453 * partial support for SIIT environment.
454 */
455 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
456 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
457 V_ip6stat.ip6s_badscope++;
458 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
459 goto bad;
460 }
461 #if 0
462 /*
463 * Reject packets with IPv4 compatible addresses (auto tunnel).
464 *
465 * The code forbids auto tunnel relay case in RFC1933 (the check is
466 * stronger than RFC1933). We may want to re-enable it if mech-xx
467 * is revised to forbid relaying case.
468 */
469 if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) ||
470 IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) {
471 V_ip6stat.ip6s_badscope++;
472 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
473 goto bad;
474 }
475 #endif
476
477 /*
478 * Run through list of hooks for input packets.
479 *
480 * NB: Beware of the destination address changing
481 * (e.g. by NAT rewriting). When this happens,
482 * tell ip6_forward to do the right thing.
483 */
484 odst = ip6->ip6_dst;
485
486 /* Jump over all PFIL processing if hooks are not active. */
487 if (!PFIL_HOOKED(&inet6_pfil_hook))
488 goto passin;
489
490 if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif, PFIL_IN, NULL))
491 return;
492 if (m == NULL) /* consumed by filter */
493 return;
494 ip6 = mtod(m, struct ip6_hdr *);
495 srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
496
497 passin:
498 /*
499 * Disambiguate address scope zones (if there is ambiguity).
500 * We first make sure that the original source or destination address
501 * is not in our internal form for scoped addresses. Such addresses
502 * are not necessarily invalid spec-wise, but we cannot accept them due
503 * to the usage conflict.
504 * in6_setscope() then also checks and rejects the cases where src or
505 * dst are the loopback address and the receiving interface
506 * is not loopback.
507 */
508 if (in6_clearscope(&ip6->ip6_src) || in6_clearscope(&ip6->ip6_dst)) {
509 V_ip6stat.ip6s_badscope++; /* XXX */
510 goto bad;
511 }
512 if (in6_setscope(&ip6->ip6_src, m->m_pkthdr.rcvif, NULL) ||
513 in6_setscope(&ip6->ip6_dst, m->m_pkthdr.rcvif, NULL)) {
514 V_ip6stat.ip6s_badscope++;
515 goto bad;
516 }
517
518 /*
519 * Multicast check
520 */
521 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
522 struct in6_multi *in6m = 0;
523
524 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mcast);
525 /*
526 * See if we belong to the destination multicast group on the
527 * arrival interface.
528 */
529 IN6_LOOKUP_MULTI(ip6->ip6_dst, m->m_pkthdr.rcvif, in6m);
530 if (in6m)
531 ours = 1;
532 else if (!ip6_mrouter) {
533 V_ip6stat.ip6s_notmember++;
534 V_ip6stat.ip6s_cantforward++;
535 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
536 goto bad;
537 }
538 deliverifp = m->m_pkthdr.rcvif;
539 goto hbhcheck;
540 }
541
542 /*
543 * Unicast check
544 */
545 if (V_ip6_forward_rt.ro_rt != NULL &&
546 (V_ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 &&
547 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
548 &((struct sockaddr_in6 *)(&V_ip6_forward_rt.ro_dst))->sin6_addr))
549 V_ip6stat.ip6s_forward_cachehit++;
550 else {
551 struct sockaddr_in6 *dst6;
552
553 if (V_ip6_forward_rt.ro_rt) {
554 /* route is down or destination is different */
555 V_ip6stat.ip6s_forward_cachemiss++;
556 RTFREE(V_ip6_forward_rt.ro_rt);
557 V_ip6_forward_rt.ro_rt = 0;
558 }
559
560 bzero(&V_ip6_forward_rt.ro_dst, sizeof(struct sockaddr_in6));
561 dst6 = (struct sockaddr_in6 *)&V_ip6_forward_rt.ro_dst;
562 dst6->sin6_len = sizeof(struct sockaddr_in6);
563 dst6->sin6_family = AF_INET6;
564 dst6->sin6_addr = ip6->ip6_dst;
565
566 rtalloc((struct route *)&V_ip6_forward_rt);
567 }
568
569 #define rt6_key(r) ((struct sockaddr_in6 *)((r)->rt_nodes->rn_key))
570
571 /*
572 * Accept the packet if the forwarding interface to the destination
573 * according to the routing table is the loopback interface,
574 * unless the associated route has a gateway.
575 * Note that this approach causes to accept a packet if there is a
576 * route to the loopback interface for the destination of the packet.
577 * But we think it's even useful in some situations, e.g. when using
578 * a special daemon which wants to intercept the packet.
579 *
580 * XXX: some OSes automatically make a cloned route for the destination
581 * of an outgoing packet. If the outgoing interface of the packet
582 * is a loopback one, the kernel would consider the packet to be
583 * accepted, even if we have no such address assinged on the interface.
584 * We check the cloned flag of the route entry to reject such cases,
585 * assuming that route entries for our own addresses are not made by
586 * cloning (it should be true because in6_addloop explicitly installs
587 * the host route). However, we might have to do an explicit check
588 * while it would be less efficient. Or, should we rather install a
589 * reject route for such a case?
590 */
591 if (V_ip6_forward_rt.ro_rt &&
592 (V_ip6_forward_rt.ro_rt->rt_flags &
593 (RTF_HOST|RTF_GATEWAY)) == RTF_HOST &&
594 #ifdef RTF_WASCLONED
595 !(V_ip6_forward_rt.ro_rt->rt_flags & RTF_WASCLONED) &&
596 #endif
597 #ifdef RTF_CLONED
598 !(V_ip6_forward_rt.ro_rt->rt_flags & RTF_CLONED) &&
599 #endif
600 #if 0
601 /*
602 * The check below is redundant since the comparison of
603 * the destination and the key of the rtentry has
604 * already done through looking up the routing table.
605 */
606 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
607 &rt6_key(V_ip6_forward_rt.ro_rt)->sin6_addr)
608 #endif
609 V_ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) {
610 struct in6_ifaddr *ia6 =
611 (struct in6_ifaddr *)V_ip6_forward_rt.ro_rt->rt_ifa;
612
613 /*
614 * record address information into m_tag.
615 */
616 (void)ip6_setdstifaddr(m, ia6);
617
618 /*
619 * packets to a tentative, duplicated, or somehow invalid
620 * address must not be accepted.
621 */
622 if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) {
623 /* this address is ready */
624 ours = 1;
625 deliverifp = ia6->ia_ifp; /* correct? */
626 /* Count the packet in the ip address stats */
627 ia6->ia_ifa.if_ipackets++;
628 ia6->ia_ifa.if_ibytes += m->m_pkthdr.len;
629 goto hbhcheck;
630 } else {
631 char ip6bufs[INET6_ADDRSTRLEN];
632 char ip6bufd[INET6_ADDRSTRLEN];
633 /* address is not ready, so discard the packet. */
634 nd6log((LOG_INFO,
635 "ip6_input: packet to an unready address %s->%s\n",
636 ip6_sprintf(ip6bufs, &ip6->ip6_src),
637 ip6_sprintf(ip6bufd, &ip6->ip6_dst)));
638
639 goto bad;
640 }
641 }
642
643 /*
644 * FAITH (Firewall Aided Internet Translator)
645 */
646 if (V_ip6_keepfaith) {
647 if (V_ip6_forward_rt.ro_rt && V_ip6_forward_rt.ro_rt->rt_ifp
648 && V_ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_FAITH) {
649 /* XXX do we need more sanity checks? */
650 ours = 1;
651 deliverifp = V_ip6_forward_rt.ro_rt->rt_ifp; /* faith */
652 goto hbhcheck;
653 }
654 }
655
656 /*
657 * Now there is no reason to process the packet if it's not our own
658 * and we're not a router.
659 */
660 if (!V_ip6_forwarding) {
661 V_ip6stat.ip6s_cantforward++;
662 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
663 goto bad;
664 }
665
666 hbhcheck:
667 /*
668 * record address information into m_tag, if we don't have one yet.
669 * note that we are unable to record it, if the address is not listed
670 * as our interface address (e.g. multicast addresses, addresses
671 * within FAITH prefixes and such).
672 */
673 if (deliverifp && !ip6_getdstifaddr(m)) {
674 struct in6_ifaddr *ia6;
675
676 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
677 if (ia6) {
678 if (!ip6_setdstifaddr(m, ia6)) {
679 /*
680 * XXX maybe we should drop the packet here,
681 * as we could not provide enough information
682 * to the upper layers.
683 */
684 }
685 }
686 }
687
688 /*
689 * Process Hop-by-Hop options header if it's contained.
690 * m may be modified in ip6_hopopts_input().
691 * If a JumboPayload option is included, plen will also be modified.
692 */
693 plen = (u_int32_t)ntohs(ip6->ip6_plen);
694 if (ip6->ip6_nxt == IPPROTO_HOPOPTS) {
695 struct ip6_hbh *hbh;
696
697 if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) {
698 #if 0 /*touches NULL pointer*/
699 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
700 #endif
701 return; /* m have already been freed */
702 }
703
704 /* adjust pointer */
705 ip6 = mtod(m, struct ip6_hdr *);
706
707 /*
708 * if the payload length field is 0 and the next header field
709 * indicates Hop-by-Hop Options header, then a Jumbo Payload
710 * option MUST be included.
711 */
712 if (ip6->ip6_plen == 0 && plen == 0) {
713 /*
714 * Note that if a valid jumbo payload option is
715 * contained, ip6_hopopts_input() must set a valid
716 * (non-zero) payload length to the variable plen.
717 */
718 V_ip6stat.ip6s_badoptions++;
719 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
720 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
721 icmp6_error(m, ICMP6_PARAM_PROB,
722 ICMP6_PARAMPROB_HEADER,
723 (caddr_t)&ip6->ip6_plen - (caddr_t)ip6);
724 return;
725 }
726 #ifndef PULLDOWN_TEST
727 /* ip6_hopopts_input() ensures that mbuf is contiguous */
728 hbh = (struct ip6_hbh *)(ip6 + 1);
729 #else
730 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr),
731 sizeof(struct ip6_hbh));
732 if (hbh == NULL) {
733 V_ip6stat.ip6s_tooshort++;
734 return;
735 }
736 #endif
737 nxt = hbh->ip6h_nxt;
738
739 /*
740 * If we are acting as a router and the packet contains a
741 * router alert option, see if we know the option value.
742 * Currently, we only support the option value for MLD, in which
743 * case we should pass the packet to the multicast routing
744 * daemon.
745 */
746 if (rtalert != ~0 && V_ip6_forwarding) {
747 switch (rtalert) {
748 case IP6OPT_RTALERT_MLD:
749 ours = 1;
750 break;
751 default:
752 /*
753 * RFC2711 requires unrecognized values must be
754 * silently ignored.
755 */
756 break;
757 }
758 }
759 } else
760 nxt = ip6->ip6_nxt;
761
762 /*
763 * Check that the amount of data in the buffers
764 * is as at least much as the IPv6 header would have us expect.
765 * Trim mbufs if longer than we expect.
766 * Drop packet if shorter than we expect.
767 */
768 if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) {
769 V_ip6stat.ip6s_tooshort++;
770 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated);
771 goto bad;
772 }
773 if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) {
774 if (m->m_len == m->m_pkthdr.len) {
775 m->m_len = sizeof(struct ip6_hdr) + plen;
776 m->m_pkthdr.len = sizeof(struct ip6_hdr) + plen;
777 } else
778 m_adj(m, sizeof(struct ip6_hdr) + plen - m->m_pkthdr.len);
779 }
780
781 /*
782 * Forward if desirable.
783 */
784 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
785 /*
786 * If we are acting as a multicast router, all
787 * incoming multicast packets are passed to the
788 * kernel-level multicast forwarding function.
789 * The packet is returned (relatively) intact; if
790 * ip6_mforward() returns a non-zero value, the packet
791 * must be discarded, else it may be accepted below.
792 */
793 if (ip6_mrouter && ip6_mforward &&
794 ip6_mforward(ip6, m->m_pkthdr.rcvif, m)) {
795 V_ip6stat.ip6s_cantforward++;
796 m_freem(m);
797 return;
798 }
799 if (!ours) {
800 m_freem(m);
801 return;
802 }
803 } else if (!ours) {
804 ip6_forward(m, srcrt);
805 return;
806 }
807
808 ip6 = mtod(m, struct ip6_hdr *);
809
810 /*
811 * Malicious party may be able to use IPv4 mapped addr to confuse
812 * tcp/udp stack and bypass security checks (act as if it was from
813 * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1). Be cautious.
814 *
815 * For SIIT end node behavior, you may want to disable the check.
816 * However, you will become vulnerable to attacks using IPv4 mapped
817 * source.
818 */
819 if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
820 IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
821 V_ip6stat.ip6s_badscope++;
822 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
823 goto bad;
824 }
825
826 /*
827 * Tell launch routine the next header
828 */
829 V_ip6stat.ip6s_delivered++;
830 in6_ifstat_inc(deliverifp, ifs6_in_deliver);
831 nest = 0;
832
833 while (nxt != IPPROTO_DONE) {
834 if (V_ip6_hdrnestlimit && (++nest > V_ip6_hdrnestlimit)) {
835 V_ip6stat.ip6s_toomanyhdr++;
836 goto bad;
837 }
838
839 /*
840 * protection against faulty packet - there should be
841 * more sanity checks in header chain processing.
842 */
843 if (m->m_pkthdr.len < off) {
844 V_ip6stat.ip6s_tooshort++;
845 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated);
846 goto bad;
847 }
848
849 #ifdef IPSEC
850 /*
851 * enforce IPsec policy checking if we are seeing last header.
852 * note that we do not visit this with protocols with pcb layer
853 * code - like udp/tcp/raw ip.
854 */
855 if (ip6_ipsec_input(m, nxt))
856 goto bad;
857 #endif /* IPSEC */
858 nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt);
859 }
860 return;
861 bad:
862 m_freem(m);
863 }
864
865 /*
866 * set/grab in6_ifaddr correspond to IPv6 destination address.
867 * XXX backward compatibility wrapper
868 */
869 static struct ip6aux *
870 ip6_setdstifaddr(struct mbuf *m, struct in6_ifaddr *ia6)
871 {
872 struct ip6aux *ip6a;
873
874 ip6a = ip6_addaux(m);
875 if (ip6a)
876 ip6a->ip6a_dstia6 = ia6;
877 return ip6a; /* NULL if failed to set */
878 }
879
880 struct in6_ifaddr *
881 ip6_getdstifaddr(struct mbuf *m)
882 {
883 struct ip6aux *ip6a;
884
885 ip6a = ip6_findaux(m);
886 if (ip6a)
887 return ip6a->ip6a_dstia6;
888 else
889 return NULL;
890 }
891
892 /*
893 * Hop-by-Hop options header processing. If a valid jumbo payload option is
894 * included, the real payload length will be stored in plenp.
895 *
896 * rtalertp - XXX: should be stored more smart way
897 */
898 static int
899 ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp,
900 struct mbuf **mp, int *offp)
|