The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet6/ip6_input.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: ip6_input.c,v 1.73.2.3 2007/06/04 19:24:35 bouyer Exp $        */
    2 /*      $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $     */
    3 
    4 /*
    5  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    6  * All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. Neither the name of the project nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  */
   32 
   33 /*
   34  * Copyright (c) 1982, 1986, 1988, 1993
   35  *      The Regents of the University of California.  All rights reserved.
   36  *
   37  * Redistribution and use in source and binary forms, with or without
   38  * modification, are permitted provided that the following conditions
   39  * are met:
   40  * 1. Redistributions of source code must retain the above copyright
   41  *    notice, this list of conditions and the following disclaimer.
   42  * 2. Redistributions in binary form must reproduce the above copyright
   43  *    notice, this list of conditions and the following disclaimer in the
   44  *    documentation and/or other materials provided with the distribution.
   45  * 3. Neither the name of the University nor the names of its contributors
   46  *    may be used to endorse or promote products derived from this software
   47  *    without specific prior written permission.
   48  *
   49  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
   50  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   51  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   52  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
   53  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   54  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   55  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   56  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   57  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   58  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   59  * SUCH DAMAGE.
   60  *
   61  *      @(#)ip_input.c  8.2 (Berkeley) 1/4/94
   62  */
   63 
   64 #include <sys/cdefs.h>
   65 __KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.73.2.3 2007/06/04 19:24:35 bouyer Exp $");
   66 
   67 #include "opt_inet.h"
   68 #include "opt_ipsec.h"
   69 #include "opt_pfil_hooks.h"
   70 
   71 #include <sys/param.h>
   72 #include <sys/systm.h>
   73 #include <sys/malloc.h>
   74 #include <sys/mbuf.h>
   75 #include <sys/domain.h>
   76 #include <sys/protosw.h>
   77 #include <sys/socket.h>
   78 #include <sys/socketvar.h>
   79 #include <sys/errno.h>
   80 #include <sys/time.h>
   81 #include <sys/kernel.h>
   82 #include <sys/syslog.h>
   83 #include <sys/proc.h>
   84 #include <sys/sysctl.h>
   85 
   86 #include <net/if.h>
   87 #include <net/if_types.h>
   88 #include <net/if_dl.h>
   89 #include <net/route.h>
   90 #include <net/netisr.h>
   91 #ifdef PFIL_HOOKS
   92 #include <net/pfil.h>
   93 #endif
   94 
   95 #include <netinet/in.h>
   96 #include <netinet/in_systm.h>
   97 #ifdef INET
   98 #include <netinet/ip.h>
   99 #include <netinet/ip_icmp.h>
  100 #endif /* INET */
  101 #include <netinet/ip6.h>
  102 #include <netinet6/in6_var.h>
  103 #include <netinet6/ip6_var.h>
  104 #include <netinet6/in6_pcb.h>
  105 #include <netinet/icmp6.h>
  106 #include <netinet6/in6_ifattach.h>
  107 #include <netinet6/nd6.h>
  108 
  109 #ifdef IPSEC
  110 #include <netinet6/ipsec.h>
  111 #endif
  112 
  113 #include <netinet6/ip6protosw.h>
  114 
  115 /* we need it for NLOOP. */
  116 #include "loop.h"
  117 #include "faith.h"
  118 #include "gif.h"
  119 #include "bpfilter.h"
  120 
  121 #if NGIF > 0
  122 #include <netinet6/in6_gif.h>
  123 #endif
  124 
  125 #include <net/net_osdep.h>
  126 
  127 extern struct domain inet6domain;
  128 
  129 u_char ip6_protox[IPPROTO_MAX];
  130 static int ip6qmaxlen = IFQ_MAXLEN;
  131 struct in6_ifaddr *in6_ifaddr;
  132 struct ifqueue ip6intrq;
  133 
  134 extern struct ifnet loif[NLOOP];
  135 int ip6_forward_srcrt;                  /* XXX */
  136 int ip6_sourcecheck;                    /* XXX */
  137 int ip6_sourcecheck_interval;           /* XXX */
  138 
  139 #ifdef PFIL_HOOKS
  140 struct pfil_head inet6_pfil_hook;
  141 #endif
  142 
  143 struct ip6stat ip6stat;
  144 
  145 static void ip6_init2 __P((void *));
  146 
  147 static int ip6_hopopts_input __P((u_int32_t *, u_int32_t *, struct mbuf **, int *));
  148 static struct mbuf *ip6_pullexthdr __P((struct mbuf *, size_t, int));
  149 
  150 /*
  151  * IP6 initialization: fill in IP6 protocol switch table.
  152  * All protocols not implemented in kernel go to raw IP6 protocol handler.
  153  */
  154 void
  155 ip6_init()
  156 {
  157         struct ip6protosw *pr;
  158         int i;
  159 
  160         pr = (struct ip6protosw *)pffindproto(PF_INET6, IPPROTO_RAW, SOCK_RAW);
  161         if (pr == 0)
  162                 panic("ip6_init");
  163         for (i = 0; i < IPPROTO_MAX; i++)
  164                 ip6_protox[i] = pr - inet6sw;
  165         for (pr = (struct ip6protosw *)inet6domain.dom_protosw;
  166             pr < (struct ip6protosw *)inet6domain.dom_protoswNPROTOSW; pr++)
  167                 if (pr->pr_domain->dom_family == PF_INET6 &&
  168                     pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW)
  169                         ip6_protox[pr->pr_protocol] = pr - inet6sw;
  170         ip6intrq.ifq_maxlen = ip6qmaxlen;
  171         nd6_init();
  172         frag6_init();
  173 
  174         ip6_init2((void *)0);
  175 
  176 #ifdef PFIL_HOOKS
  177         /* Register our Packet Filter hook. */
  178         inet6_pfil_hook.ph_type = PFIL_TYPE_AF;
  179         inet6_pfil_hook.ph_af   = AF_INET6;
  180         i = pfil_head_register(&inet6_pfil_hook);
  181         if (i != 0)
  182                 printf("ip6_init: WARNING: unable to register pfil hook, "
  183                     "error %d\n", i);
  184 #endif /* PFIL_HOOKS */
  185 }
  186 
  187 static void
  188 ip6_init2(dummy)
  189         void *dummy;
  190 {
  191 
  192         /* nd6_timer_init */
  193         callout_init(&nd6_timer_ch);
  194         callout_reset(&nd6_timer_ch, hz, nd6_timer, NULL);
  195 }
  196 
  197 /*
  198  * IP6 input interrupt handling. Just pass the packet to ip6_input.
  199  */
  200 void
  201 ip6intr()
  202 {
  203         int s;
  204         struct mbuf *m;
  205 
  206         for (;;) {
  207                 s = splnet();
  208                 IF_DEQUEUE(&ip6intrq, m);
  209                 splx(s);
  210                 if (m == 0)
  211                         return;
  212                 ip6_input(m);
  213         }
  214 }
  215 
  216 extern struct   route_in6 ip6_forward_rt;
  217 
  218 void
  219 ip6_input(m)
  220         struct mbuf *m;
  221 {
  222         struct ip6_hdr *ip6;
  223         int off = sizeof(struct ip6_hdr), nest;
  224         u_int32_t plen;
  225         u_int32_t rtalert = ~0;
  226         int nxt, ours = 0;
  227         struct ifnet *deliverifp = NULL;
  228         int srcrt = 0;
  229 
  230 #ifdef IPSEC
  231         /*
  232          * should the inner packet be considered authentic?
  233          * see comment in ah4_input().
  234          */
  235         m->m_flags &= ~M_AUTHIPHDR;
  236         m->m_flags &= ~M_AUTHIPDGM;
  237 #endif
  238 
  239         /*
  240          * mbuf statistics
  241          */
  242         if (m->m_flags & M_EXT) {
  243                 if (m->m_next)
  244                         ip6stat.ip6s_mext2m++;
  245                 else
  246                         ip6stat.ip6s_mext1++;
  247         } else {
  248 #define M2MMAX  (sizeof(ip6stat.ip6s_m2m)/sizeof(ip6stat.ip6s_m2m[0]))
  249                 if (m->m_next) {
  250                         if (m->m_flags & M_LOOP) {
  251                                 ip6stat.ip6s_m2m[loif[0].if_index]++; /* XXX */
  252                         } else if (m->m_pkthdr.rcvif->if_index < M2MMAX)
  253                                 ip6stat.ip6s_m2m[m->m_pkthdr.rcvif->if_index]++;
  254                         else
  255                                 ip6stat.ip6s_m2m[0]++;
  256                 } else
  257                         ip6stat.ip6s_m1++;
  258 #undef M2MMAX
  259         }
  260 
  261         in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_receive);
  262         ip6stat.ip6s_total++;
  263 
  264         /*
  265          * If the IPv6 header is not aligned, slurp it up into a new
  266          * mbuf with space for link headers, in the event we forward
  267          * it.  OTherwise, if it is aligned, make sure the entire base
  268          * IPv6 header is in the first mbuf of the chain.
  269          */
  270         if (IP6_HDR_ALIGNED_P(mtod(m, caddr_t)) == 0) {
  271                 struct ifnet *inifp = m->m_pkthdr.rcvif;
  272                 if ((m = m_copyup(m, sizeof(struct ip6_hdr),
  273                                   (max_linkhdr + 3) & ~3)) == NULL) {
  274                         /* XXXJRT new stat, please */
  275                         ip6stat.ip6s_toosmall++;
  276                         in6_ifstat_inc(inifp, ifs6_in_hdrerr);
  277                         return;
  278                 }
  279         } else if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
  280                 struct ifnet *inifp = m->m_pkthdr.rcvif;
  281                 if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
  282                         ip6stat.ip6s_toosmall++;
  283                         in6_ifstat_inc(inifp, ifs6_in_hdrerr);
  284                         return;
  285                 }
  286         }
  287 
  288         ip6 = mtod(m, struct ip6_hdr *);
  289 
  290         if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
  291                 ip6stat.ip6s_badvers++;
  292                 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
  293                 goto bad;
  294         }
  295 
  296 #ifdef PFIL_HOOKS
  297         /*
  298          * Run through list of hooks for input packets.  If there are any
  299          * filters which require that additional packets in the flow are
  300          * not fast-forwarded, they must clear the M_CANFASTFWD flag.
  301          * Note that filters must _never_ set this flag, as another filter
  302          * in the list may have previously cleared it.
  303          */
  304         /*
  305          * let ipfilter look at packet on the wire,
  306          * not the decapsulated packet.
  307          */
  308 #ifdef IPSEC
  309         if (!ipsec_getnhist(m))
  310 #else
  311         if (1)
  312 #endif
  313         {
  314                 struct in6_addr odst;
  315 
  316                 odst = ip6->ip6_dst;
  317                 if (pfil_run_hooks(&inet6_pfil_hook, &m, m->m_pkthdr.rcvif,
  318                                    PFIL_IN) != 0)
  319                         return;
  320                 if (m == NULL)
  321                         return;
  322                 ip6 = mtod(m, struct ip6_hdr *);
  323                 srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
  324         }
  325 #endif /* PFIL_HOOKS */
  326 
  327         ip6stat.ip6s_nxthist[ip6->ip6_nxt]++;
  328 
  329 #ifdef ALTQ
  330         if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) {
  331                 /* packet is dropped by traffic conditioner */
  332                 return;
  333         }
  334 #endif
  335 
  336         /*
  337          * Check against address spoofing/corruption.
  338          */
  339         if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) ||
  340             IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) {
  341                 /*
  342                  * XXX: "badscope" is not very suitable for a multicast source.
  343                  */
  344                 ip6stat.ip6s_badscope++;
  345                 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
  346                 goto bad;
  347         }
  348         /*
  349          * The following check is not documented in specs.  A malicious
  350          * party may be able to use IPv4 mapped addr to confuse tcp/udp stack
  351          * and bypass security checks (act as if it was from 127.0.0.1 by using
  352          * IPv6 src ::ffff:127.0.0.1).  Be cautious.
  353          *
  354          * This check chokes if we are in an SIIT cloud.  As none of BSDs
  355          * support IPv4-less kernel compilation, we cannot support SIIT
  356          * environment at all.  So, it makes more sense for us to reject any
  357          * malicious packets for non-SIIT environment, than try to do a
  358          * partial support for SIIT environment.
  359          */
  360         if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
  361             IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
  362                 ip6stat.ip6s_badscope++;
  363                 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
  364                 goto bad;
  365         }
  366 #if 0
  367         /*
  368          * Reject packets with IPv4 compatible addresses (auto tunnel).
  369          *
  370          * The code forbids auto tunnel relay case in RFC1933 (the check is
  371          * stronger than RFC1933).  We may want to re-enable it if mech-xx
  372          * is revised to forbid relaying case.
  373          */
  374         if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) ||
  375             IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) {
  376                 ip6stat.ip6s_badscope++;
  377                 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
  378                 goto bad;
  379         }
  380 #endif
  381 
  382         if (IN6_IS_ADDR_LOOPBACK(&ip6->ip6_src) ||
  383             IN6_IS_ADDR_LOOPBACK(&ip6->ip6_dst)) {
  384                 if (m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) {
  385                         ours = 1;
  386                         deliverifp = m->m_pkthdr.rcvif;
  387                         goto hbhcheck;
  388                 } else {
  389                         ip6stat.ip6s_badscope++;
  390                         in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
  391                         goto bad;
  392                 }
  393         }
  394 
  395         /* drop packets if interface ID portion is already filled */
  396         if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) {
  397                 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src) &&
  398                     ip6->ip6_src.s6_addr16[1]) {
  399                         ip6stat.ip6s_badscope++;
  400                         goto bad;
  401                 }
  402                 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst) &&
  403                     ip6->ip6_dst.s6_addr16[1]) {
  404                         ip6stat.ip6s_badscope++;
  405                         goto bad;
  406                 }
  407         }
  408 
  409         if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))
  410                 ip6->ip6_src.s6_addr16[1]
  411                         = htons(m->m_pkthdr.rcvif->if_index);
  412         if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
  413                 ip6->ip6_dst.s6_addr16[1]
  414                         = htons(m->m_pkthdr.rcvif->if_index);
  415 
  416         /*
  417          * We use rt->rt_ifp to determine if the address is ours or not.
  418          * If rt_ifp is lo0, the address is ours.
  419          * The problem here is, rt->rt_ifp for fe80::%lo0/64 is set to lo0,
  420          * so any address under fe80::%lo0/64 will be mistakenly considered
  421          * local.  The special case is supplied to handle the case properly
  422          * by actually looking at interface addresses
  423          * (using in6ifa_ifpwithaddr).
  424          */
  425         if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) != 0 &&
  426             IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_dst)) {
  427                 if (!in6ifa_ifpwithaddr(m->m_pkthdr.rcvif, &ip6->ip6_dst)) {
  428                         icmp6_error(m, ICMP6_DST_UNREACH,
  429                             ICMP6_DST_UNREACH_ADDR, 0);
  430                         /* m is already freed */
  431                         return;
  432                 }
  433 
  434                 ours = 1;
  435                 deliverifp = m->m_pkthdr.rcvif;
  436                 goto hbhcheck;
  437         }
  438 
  439         /*
  440          * Multicast check
  441          */
  442         if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
  443                 struct  in6_multi *in6m = 0;
  444 
  445                 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mcast);
  446                 /*
  447                  * See if we belong to the destination multicast group on the
  448                  * arrival interface.
  449                  */
  450                 IN6_LOOKUP_MULTI(ip6->ip6_dst, m->m_pkthdr.rcvif, in6m);
  451                 if (in6m)
  452                         ours = 1;
  453                 else if (!ip6_mrouter) {
  454                         ip6stat.ip6s_notmember++;
  455                         ip6stat.ip6s_cantforward++;
  456                         in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
  457                         goto bad;
  458                 }
  459                 deliverifp = m->m_pkthdr.rcvif;
  460                 goto hbhcheck;
  461         }
  462 
  463         /*
  464          *  Unicast check
  465          */
  466         if (ip6_forward_rt.ro_rt != NULL &&
  467             (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) != 0 &&
  468             IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
  469             &((struct sockaddr_in6 *)(&ip6_forward_rt.ro_dst))->sin6_addr))
  470                 ip6stat.ip6s_forward_cachehit++;
  471         else {
  472                 struct sockaddr_in6 *dst6;
  473 
  474                 if (ip6_forward_rt.ro_rt) {
  475                         /* route is down or destination is different */
  476                         ip6stat.ip6s_forward_cachemiss++;
  477                         RTFREE(ip6_forward_rt.ro_rt);
  478                         ip6_forward_rt.ro_rt = 0;
  479                 }
  480 
  481                 bzero(&ip6_forward_rt.ro_dst, sizeof(struct sockaddr_in6));
  482                 dst6 = (struct sockaddr_in6 *)&ip6_forward_rt.ro_dst;
  483                 dst6->sin6_len = sizeof(struct sockaddr_in6);
  484                 dst6->sin6_family = AF_INET6;
  485                 dst6->sin6_addr = ip6->ip6_dst;
  486 
  487                 rtalloc((struct route *)&ip6_forward_rt);
  488         }
  489 
  490 #define rt6_key(r) ((struct sockaddr_in6 *)((r)->rt_nodes->rn_key))
  491 
  492         /*
  493          * Accept the packet if the forwarding interface to the destination
  494          * according to the routing table is the loopback interface,
  495          * unless the associated route has a gateway.
  496          * Note that this approach causes to accept a packet if there is a
  497          * route to the loopback interface for the destination of the packet.
  498          * But we think it's even useful in some situations, e.g. when using
  499          * a special daemon which wants to intercept the packet.
  500          */
  501         if (ip6_forward_rt.ro_rt &&
  502             (ip6_forward_rt.ro_rt->rt_flags &
  503              (RTF_HOST|RTF_GATEWAY)) == RTF_HOST &&
  504             !(ip6_forward_rt.ro_rt->rt_flags & RTF_CLONED) &&
  505 #if 0
  506             /*
  507              * The check below is redundant since the comparison of
  508              * the destination and the key of the rtentry has
  509              * already done through looking up the routing table.
  510              */
  511             IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst,
  512             &rt6_key(ip6_forward_rt.ro_rt)->sin6_addr) &&
  513 #endif
  514             ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_LOOP) {
  515                 struct in6_ifaddr *ia6 =
  516                         (struct in6_ifaddr *)ip6_forward_rt.ro_rt->rt_ifa;
  517                 if (ia6->ia6_flags & IN6_IFF_ANYCAST)
  518                         m->m_flags |= M_ANYCAST6;
  519                 /*
  520                  * packets to a tentative, duplicated, or somehow invalid
  521                  * address must not be accepted.
  522                  */
  523                 if (!(ia6->ia6_flags & IN6_IFF_NOTREADY)) {
  524                         /* this address is ready */
  525                         ours = 1;
  526                         deliverifp = ia6->ia_ifp;       /* correct? */
  527                         goto hbhcheck;
  528                 } else {
  529                         /* address is not ready, so discard the packet. */
  530                         nd6log((LOG_INFO,
  531                             "ip6_input: packet to an unready address %s->%s\n",
  532                             ip6_sprintf(&ip6->ip6_src),
  533                             ip6_sprintf(&ip6->ip6_dst)));
  534 
  535                         goto bad;
  536                 }
  537         }
  538 
  539         /*
  540          * FAITH (Firewall Aided Internet Translator)
  541          */
  542 #if defined(NFAITH) && 0 < NFAITH
  543         if (ip6_keepfaith) {
  544                 if (ip6_forward_rt.ro_rt && ip6_forward_rt.ro_rt->rt_ifp &&
  545                     ip6_forward_rt.ro_rt->rt_ifp->if_type == IFT_FAITH) {
  546                         /* XXX do we need more sanity checks? */
  547                         ours = 1;
  548                         deliverifp = ip6_forward_rt.ro_rt->rt_ifp; /* faith */
  549                         goto hbhcheck;
  550                 }
  551         }
  552 #endif
  553 
  554 #if 0
  555     {
  556         /*
  557          * Last resort: check in6_ifaddr for incoming interface.
  558          * The code is here until I update the "goto ours hack" code above
  559          * working right.
  560          */
  561         struct ifaddr *ifa;
  562         for (ifa = m->m_pkthdr.rcvif->if_addrlist.tqh_first;
  563              ifa;
  564              ifa = ifa->ifa_list.tqe_next) {
  565                 if (ifa->ifa_addr == NULL)
  566                         continue;       /* just for safety */
  567                 if (ifa->ifa_addr->sa_family != AF_INET6)
  568                         continue;
  569                 if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) {
  570                         ours = 1;
  571                         deliverifp = ifa->ifa_ifp;
  572                         goto hbhcheck;
  573                 }
  574         }
  575     }
  576 #endif
  577 
  578         /*
  579          * Now there is no reason to process the packet if it's not our own
  580          * and we're not a router.
  581          */
  582         if (!ip6_forwarding) {
  583                 ip6stat.ip6s_cantforward++;
  584                 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
  585                 goto bad;
  586         }
  587 
  588   hbhcheck:
  589         /*
  590          * Process Hop-by-Hop options header if it's contained.
  591          * m may be modified in ip6_hopopts_input().
  592          * If a JumboPayload option is included, plen will also be modified.
  593          */
  594         plen = (u_int32_t)ntohs(ip6->ip6_plen);
  595         if (ip6->ip6_nxt == IPPROTO_HOPOPTS) {
  596                 struct ip6_hbh *hbh;
  597 
  598                 if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) {
  599 #if 0   /*touches NULL pointer*/
  600                         in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
  601 #endif
  602                         return; /* m have already been freed */
  603                 }
  604 
  605                 /* adjust pointer */
  606                 ip6 = mtod(m, struct ip6_hdr *);
  607 
  608                 /*
  609                  * if the payload length field is 0 and the next header field
  610                  * indicates Hop-by-Hop Options header, then a Jumbo Payload
  611                  * option MUST be included.
  612                  */
  613                 if (ip6->ip6_plen == 0 && plen == 0) {
  614                         /*
  615                          * Note that if a valid jumbo payload option is
  616                          * contained, ip6_hoptops_input() must set a valid
  617                          * (non-zero) payload length to the variable plen.
  618                          */
  619                         ip6stat.ip6s_badoptions++;
  620                         in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
  621                         in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
  622                         icmp6_error(m, ICMP6_PARAM_PROB,
  623                                     ICMP6_PARAMPROB_HEADER,
  624                                     (caddr_t)&ip6->ip6_plen - (caddr_t)ip6);
  625                         return;
  626                 }
  627                 IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr),
  628                         sizeof(struct ip6_hbh));
  629                 if (hbh == NULL) {
  630                         ip6stat.ip6s_tooshort++;
  631                         return;
  632                 }
  633                 KASSERT(IP6_HDR_ALIGNED_P(hbh));
  634                 nxt = hbh->ip6h_nxt;
  635 
  636                 /*
  637                  * accept the packet if a router alert option is included
  638                  * and we act as an IPv6 router.
  639                  */
  640                 if (rtalert != ~0 && ip6_forwarding)
  641                         ours = 1;
  642         } else
  643                 nxt = ip6->ip6_nxt;
  644 
  645         /*
  646          * Check that the amount of data in the buffers
  647          * is as at least much as the IPv6 header would have us expect.
  648          * Trim mbufs if longer than we expect.
  649          * Drop packet if shorter than we expect.
  650          */
  651         if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) {
  652                 ip6stat.ip6s_tooshort++;
  653                 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated);
  654                 goto bad;
  655         }
  656         if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) {
  657                 if (m->m_len == m->m_pkthdr.len) {
  658                         m->m_len = sizeof(struct ip6_hdr) + plen;
  659                         m->m_pkthdr.len = sizeof(struct ip6_hdr) + plen;
  660                 } else
  661                         m_adj(m, sizeof(struct ip6_hdr) + plen - m->m_pkthdr.len);
  662         }
  663 
  664         /*
  665          * Forward if desirable.
  666          */
  667         if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
  668                 /*
  669                  * If we are acting as a multicast router, all
  670                  * incoming multicast packets are passed to the
  671                  * kernel-level multicast forwarding function.
  672                  * The packet is returned (relatively) intact; if
  673                  * ip6_mforward() returns a non-zero value, the packet
  674                  * must be discarded, else it may be accepted below.
  675                  */
  676                 if (ip6_mrouter && ip6_mforward(ip6, m->m_pkthdr.rcvif, m)) {
  677                         ip6stat.ip6s_cantforward++;
  678                         m_freem(m);
  679                         return;
  680                 }
  681                 if (!ours) {
  682                         m_freem(m);
  683                         return;
  684                 }
  685         } else if (!ours) {
  686                 ip6_forward(m, srcrt);
  687                 return;
  688         }
  689 
  690         ip6 = mtod(m, struct ip6_hdr *);
  691 
  692         /*
  693          * Malicious party may be able to use IPv4 mapped addr to confuse
  694          * tcp/udp stack and bypass security checks (act as if it was from
  695          * 127.0.0.1 by using IPv6 src ::ffff:127.0.0.1).  Be cautious.
  696          *
  697          * For SIIT end node behavior, you may want to disable the check.
  698          * However, you will  become vulnerable to attacks using IPv4 mapped
  699          * source.
  700          */
  701         if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
  702             IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
  703                 ip6stat.ip6s_badscope++;
  704                 in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
  705                 goto bad;
  706         }
  707 
  708         /*
  709          * Tell launch routine the next header
  710          */
  711 #ifdef IFA_STATS
  712         if (deliverifp != NULL) {
  713                 struct in6_ifaddr *ia6;
  714                 ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
  715                 if (ia6)
  716                         ia6->ia_ifa.ifa_data.ifad_inbytes += m->m_pkthdr.len;
  717         }
  718 #endif
  719         ip6stat.ip6s_delivered++;
  720         in6_ifstat_inc(deliverifp, ifs6_in_deliver);
  721         nest = 0;
  722 
  723         while (nxt != IPPROTO_DONE) {
  724                 if (ip6_hdrnestlimit && (++nest > ip6_hdrnestlimit)) {
  725                         ip6stat.ip6s_toomanyhdr++;
  726                         goto bad;
  727                 }
  728 
  729                 /*
  730                  * protection against faulty packet - there should be
  731                  * more sanity checks in header chain processing.
  732                  */
  733                 if (m->m_pkthdr.len < off) {
  734                         ip6stat.ip6s_tooshort++;
  735                         in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated);
  736                         goto bad;
  737                 }
  738 
  739 #ifdef IPSEC
  740                 /*
  741                  * enforce IPsec policy checking if we are seeing last header.
  742                  * note that we do not visit this with protocols with pcb layer
  743                  * code - like udp/tcp/raw ip.
  744                  */
  745                 if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0 &&
  746                     ipsec6_in_reject(m, NULL)) {
  747                         ipsec6stat.in_polvio++;
  748                         goto bad;
  749                 }
  750 #endif
  751 
  752                 nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt);
  753         }
  754         return;
  755  bad:
  756         m_freem(m);
  757 }
  758 
  759 /*
  760  * Hop-by-Hop options header processing. If a valid jumbo payload option is
  761  * included, the real payload length will be stored in plenp.
  762  */
  763 static int
  764 ip6_hopopts_input(plenp, rtalertp, mp, offp)
  765         u_int32_t *plenp;
  766         u_int32_t *rtalertp;    /* XXX: should be stored more smart way */
  767         struct mbuf **mp;
  768         int *offp;
  769 {
  770         struct mbuf *m = *mp;
  771         int off = *offp, hbhlen;
  772         struct ip6_hbh *hbh;
  773 
  774         /* validation of the length of the header */
  775         IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m,
  776                 sizeof(struct ip6_hdr), sizeof(struct ip6_hbh));
  777         if (hbh == NULL) {
  778                 ip6stat.ip6s_tooshort++;
  779                 return -1;
  780         }
  781         hbhlen = (hbh->ip6h_len + 1) << 3;
  782         IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr),
  783                 hbhlen);
  784         if (hbh == NULL) {
  785                 ip6stat.ip6s_tooshort++;
  786                 return -1;
  787         }
  788         KASSERT(IP6_HDR_ALIGNED_P(hbh));
  789         off += hbhlen;
  790         hbhlen -= sizeof(struct ip6_hbh);
  791 
  792         if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh),
  793                                 hbhlen, rtalertp, plenp) < 0)
  794                 return (-1);
  795 
  796         *offp = off;
  797         *mp = m;
  798         return (0);
  799 }
  800 
  801 /*
  802  * Search header for all Hop-by-hop options and process each option.
  803  * This function is separate from ip6_hopopts_input() in order to
  804  * handle a case where the sending node itself process its hop-by-hop
  805  * options header. In such a case, the function is called from ip6_output().
  806  *
  807  * The function assumes that hbh header is located right after the IPv6 header
  808  * (RFC2460 p7), opthead is pointer into data content in m, and opthead to
  809  * opthead + hbhlen is located in continuous memory region.
  810  */
  811 int
  812 ip6_process_hopopts(m, opthead, hbhlen, rtalertp, plenp)
  813         struct mbuf *m;
  814         u_int8_t *opthead;
  815         int hbhlen;
  816         u_int32_t *rtalertp;
  817         u_int32_t *plenp;
  818 {
  819         struct ip6_hdr *ip6;
  820         int optlen = 0;
  821         u_int8_t *opt = opthead;
  822         u_int16_t rtalert_val;
  823         u_int32_t jumboplen;
  824         const int erroff = sizeof(struct ip6_hdr) + sizeof(struct ip6_hbh);
  825 
  826         for (; hbhlen > 0; hbhlen -= optlen, opt += optlen) {
  827                 switch (*opt) {
  828                 case IP6OPT_PAD1:
  829                         optlen = 1;
  830                         break;
  831                 case IP6OPT_PADN:
  832                         if (hbhlen < IP6OPT_MINLEN) {
  833                                 ip6stat.ip6s_toosmall++;
  834                                 goto bad;
  835                         }
  836                         optlen = *(opt + 1) + 2;
  837                         break;
  838                 case IP6OPT_RTALERT:
  839                         /* XXX may need check for alignment */
  840                         if (hbhlen < IP6OPT_RTALERT_LEN) {
  841                                 ip6stat.ip6s_toosmall++;
  842                                 goto bad;
  843                         }
  844                         if (*(opt + 1) != IP6OPT_RTALERT_LEN - 2) {
  845                                 /* XXX stat */
  846                                 icmp6_error(m, ICMP6_PARAM_PROB,
  847                                     ICMP6_PARAMPROB_HEADER,
  848                                     erroff + opt + 1 - opthead);
  849                                 return (-1);
  850                         }
  851                         optlen = IP6OPT_RTALERT_LEN;
  852                         bcopy((caddr_t)(opt + 2), (caddr_t)&rtalert_val, 2);
  853                         *rtalertp = ntohs(rtalert_val);
  854                         break;
  855                 case IP6OPT_JUMBO:
  856                         /* XXX may need check for alignment */
  857                         if (hbhlen < IP6OPT_JUMBO_LEN) {
  858                                 ip6stat.ip6s_toosmall++;
  859                                 goto bad;
  860                         }
  861                         if (*(opt + 1) != IP6OPT_JUMBO_LEN - 2) {
  862                                 /* XXX stat */
  863                                 icmp6_error(m, ICMP6_PARAM_PROB,
  864                                     ICMP6_PARAMPROB_HEADER,
  865                                     erroff + opt + 1 - opthead);
  866                                 return (-1);
  867                         }
  868                         optlen = IP6OPT_JUMBO_LEN;
  869 
  870                         /*
  871                          * IPv6 packets that have non 0 payload length
  872                          * must not contain a jumbo payload option.
  873                          */
  874                         ip6 = mtod(m, struct ip6_hdr *);
  875                         if (ip6->ip6_plen) {
  876                                 ip6stat.ip6s_badoptions++;
  877                                 icmp6_error(m, ICMP6_PARAM_PROB,
  878                                     ICMP6_PARAMPROB_HEADER,
  879                                     erroff + opt - opthead);
  880                                 return (-1);
  881                         }
  882 
  883                         /*
  884                          * We may see jumbolen in unaligned location, so
  885                          * we'd need to perform bcopy().
  886                          */
  887                         bcopy(opt + 2, &jumboplen, sizeof(jumboplen));
  888                         jumboplen = (u_int32_t)htonl(jumboplen);
  889 
  890 #if 1
  891                         /*
  892                          * if there are multiple jumbo payload options,
  893                          * *plenp will be non-zero and the packet will be
  894                          * rejected.
  895                          * the behavior may need some debate in ipngwg -
  896                          * multiple options does not make sense, however,
  897                          * there's no explicit mention in specification.
  898                          */
  899                         if (*plenp != 0) {
  900                                 ip6stat.ip6s_badoptions++;
  901                                 icmp6_error(m, ICMP6_PARAM_PROB,
  902                                     ICMP6_PARAMPROB_HEADER,
  903                                     erroff + opt + 2 - opthead);
  904                                 return (-1);
  905                         }
  906 #endif
  907 
  908                         /*
  909                          * jumbo payload length must be larger than 65535.
  910                          */
  911                         if (jumboplen <= IPV6_MAXPACKET) {
  912                                 ip6stat.ip6s_badoptions++;
  913                                 icmp6_error(m, ICMP6_PARAM_PROB,
  914                                     ICMP6_PARAMPROB_HEADER,
  915                                     erroff + opt + 2 - opthead);
  916                                 return (-1);
  917                         }
  918                         *plenp = jumboplen;
  919 
  920                         break;
  921                 default:                /* unknown option */
  922                         if (hbhlen < IP6OPT_MINLEN) {
  923                                 ip6stat.ip6s_toosmall++;
  924                                 goto bad;
  925                         }
  926                         optlen = ip6_unknown_opt(opt, m,
  927                             erroff + opt - opthead);
  928                         if (optlen == -1)
  929                                 return (-1);
  930                         optlen += 2;
  931                         break;
  932                 }
  933         }
  934 
  935         return (0);
  936 
  937   bad:
  938         m_freem(m);
  939         return (-1);
  940 }
  941 
  942 /*
  943  * Unknown option processing.
  944  * The third argument `off' is the offset from the IPv6 header to the option,
  945  * which is necessary if the IPv6 header the and option header and IPv6 header
  946  * is not continuous in order to return an ICMPv6 error.
  947  */
  948 int
  949 ip6_unknown_opt(optp, m, off)
  950         u_int8_t *optp;
  951         struct mbuf *m;
  952         int off;
  953 {
  954         struct ip6_hdr *ip6;
  955 
  956         switch (IP6OPT_TYPE(*optp)) {
  957         case IP6OPT_TYPE_SKIP: /* ignore the option */
  958                 return ((int)*(optp + 1));
  959         case IP6OPT_TYPE_DISCARD:       /* silently discard */
  960                 m_freem(m);
  961                 return (-1);
  962         case IP6OPT_TYPE_FORCEICMP: /* send ICMP even if multicasted */
  963                 ip6stat.ip6s_badoptions++;
  964                 icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, off);
  965                 return (-1);
  966         case IP6OPT_TYPE_ICMP: /* send ICMP if not multicasted */
  967                 ip6stat.ip6s_badoptions++;
  968                 ip6 = mtod(m, struct ip6_hdr *);
  969                 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
  970                     (m->m_flags & (M_BCAST|M_MCAST)))
  971                         m_freem(m);
  972                 else
  973                         icmp6_error(m, ICMP6_PARAM_PROB,
  974                                     ICMP6_PARAMPROB_OPTION, off);
  975                 return (-1);
  976         }
  977 
  978         m_freem(m);             /* XXX: NOTREACHED */
  979         return (-1);
  980 }
  981 
  982 /*
  983  * Create the "control" list for this pcb.
  984  *
  985  * The routine will be called from upper layer handlers like tcp6_input().
  986  * Thus the routine assumes that the caller (tcp6_input) have already
  987  * called IP6_EXTHDR_CHECK() and all the extension headers are located in the
  988  * very first mbuf on the mbuf chain.
  989  * We may want to add some infinite loop prevention or sanity checks for safety.
  990  * (This applies only when you are using KAME mbuf chain restriction, i.e.
  991  * you are using IP6_EXTHDR_CHECK() not m_pulldown())
  992  */
  993 void
  994 ip6_savecontrol(in6p, mp, ip6, m)
  995         struct in6pcb *in6p;
  996         struct mbuf **mp;
  997         struct ip6_hdr *ip6;
  998         struct mbuf *m;
  999 {
 1000         struct proc *p = curproc;       /* XXX */
 1001         int privileged;
 1002 
 1003         privileged = 0;
 1004         if (p && !suser(p->p_ucred, &p->p_acflag))
 1005                 privileged++;
 1006 
 1007 #ifdef SO_TIMESTAMP
 1008         if (in6p->in6p_socket->so_options & SO_TIMESTAMP) {
 1009                 struct timeval tv;
 1010 
 1011                 microtime(&tv);
 1012                 *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv),
 1013                     SCM_TIMESTAMP, SOL_SOCKET);
 1014                 if (*mp)
 1015                         mp = &(*mp)->m_next;
 1016         }
 1017 #endif
 1018 
 1019        /* some OSes call this logic with IPv4 packet, for SO_TIMESTAMP */
 1020        if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION)
 1021                return;
 1022 
 1023         if (in6p->in6p_flags & IN6P_RECVDSTADDR) {
 1024                 *mp = sbcreatecontrol((caddr_t) &ip6->ip6_dst,
 1025                     sizeof(struct in6_addr), IPV6_RECVDSTADDR, IPPROTO_IPV6);
 1026                 if (*mp)
 1027                         mp = &(*mp)->m_next;
 1028         }
 1029 
 1030 #ifdef noyet
 1031         /* options were tossed above */
 1032         if (in6p->in6p_flags & IN6P_RECVOPTS)
 1033                 /* broken */
 1034         /* ip6_srcroute doesn't do what we want here, need to fix */
 1035         if (in6p->in6p_flags & IPV6P_RECVRETOPTS)
 1036                 /* broken */
 1037 #endif
 1038 
 1039         /* RFC 2292 sec. 5 */
 1040         if ((in6p->in6p_flags & IN6P_PKTINFO) != 0) {
 1041                 struct in6_pktinfo pi6;
 1042                 bcopy(&ip6->ip6_dst, &pi6.ipi6_addr, sizeof(struct in6_addr));
 1043                 if (IN6_IS_SCOPE_LINKLOCAL(&pi6.ipi6_addr))
 1044                         pi6.ipi6_addr.s6_addr16[1] = 0;
 1045                 pi6.ipi6_ifindex = (m && m->m_pkthdr.rcvif)
 1046                                         ? m->m_pkthdr.rcvif->if_index
 1047                                         : 0;
 1048                 *mp = sbcreatecontrol((caddr_t) &pi6,
 1049                     sizeof(struct in6_pktinfo), IPV6_PKTINFO, IPPROTO_IPV6);
 1050                 if (*mp)
 1051                         mp = &(*mp)->m_next;
 1052         }
 1053         if (in6p->in6p_flags & IN6P_HOPLIMIT) {
 1054                 int hlim = ip6->ip6_hlim & 0xff;
 1055                 *mp = sbcreatecontrol((caddr_t) &hlim, sizeof(int),
 1056                     IPV6_HOPLIMIT, IPPROTO_IPV6);
 1057                 if (*mp)
 1058                         mp = &(*mp)->m_next;
 1059         }
 1060         /* IN6P_NEXTHOP - for outgoing packet only */
 1061 
 1062         /*
 1063          * IPV6_HOPOPTS socket option. We require super-user privilege
 1064          * for the option, but it might be too strict, since there might
 1065          * be some hop-by-hop options which can be returned to normal user.
 1066          * See RFC 2292 section 6.
 1067          */
 1068         if ((in6p->in6p_flags & IN6P_HOPOPTS) != 0 && privileged) {
 1069                 /*
 1070                  * Check if a hop-by-hop options header is contatined in the
 1071                  * received packet, and if so, store the options as ancillary
 1072                  * data. Note that a hop-by-hop options header must be
 1073                  * just after the IPv6 header, which fact is assured through
 1074                  * the IPv6 input processing.
 1075                  */
 1076                 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
 1077                 if (ip6->ip6_nxt == IPPROTO_HOPOPTS) {
 1078                         struct ip6_hbh *hbh;
 1079                         int hbhlen;
 1080                         struct mbuf *ext;
 1081 
 1082                         ext = ip6_pullexthdr(m, sizeof(struct ip6_hdr),
 1083                             ip6->ip6_nxt);
 1084                         if (ext == NULL) {
 1085                                 ip6stat.ip6s_tooshort++;
 1086                                 return;
 1087                         }
 1088                         hbh = mtod(ext, struct ip6_hbh *);
 1089                         hbhlen = (hbh->ip6h_len + 1) << 3;
 1090                         if (hbhlen != ext->m_len) {
 1091                                 m_freem(ext);
 1092                                 ip6stat.ip6s_tooshort++;
 1093                                 return;
 1094                         }
 1095 
 1096                         /*
 1097                          * XXX: We copy whole the header even if a jumbo
 1098                          * payload option is included, which option is to
 1099                          * be removed before returning in the RFC 2292.
 1100                          * But it's too painful operation...
 1101                          */
 1102                         *mp = sbcreatecontrol((caddr_t)hbh, hbhlen,
 1103                             IPV6_HOPOPTS, IPPROTO_IPV6);
 1104                         if (*mp)
 1105                                 mp = &(*mp)->m_next;
 1106                         m_freem(ext);
 1107                 }
 1108         }
 1109 
 1110         /* IPV6_DSTOPTS and IPV6_RTHDR socket options */
 1111         if (in6p->in6p_flags & (IN6P_DSTOPTS | IN6P_RTHDR)) {
 1112                 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
 1113                 int nxt = ip6->ip6_nxt, off = sizeof(struct ip6_hdr);
 1114 
 1115                 /*
 1116                  * Search for destination options headers or routing
 1117                  * header(s) through the header chain, and stores each
 1118                  * header as ancillary data.
 1119                  * Note that the order of the headers remains in
 1120                  * the chain of ancillary data.
 1121                  */
 1122                 while (1) {     /* is explicit loop prevention necessary? */
 1123                         struct ip6_ext *ip6e = NULL;
 1124                         int elen;
 1125                         struct mbuf *ext = NULL;
 1126 
 1127                         /*
 1128                          * if it is not an extension header, don't try to
 1129                          * pull it from the chain.
 1130                          */
 1131                         switch (nxt) {
 1132                         case IPPROTO_DSTOPTS:
 1133                         case IPPROTO_ROUTING:
 1134                         case IPPROTO_HOPOPTS:
 1135                         case IPPROTO_AH: /* is it possible? */
 1136                                 break;
 1137                         default:
 1138                                 goto loopend;
 1139                         }
 1140 
 1141                         ext = ip6_pullexthdr(m, off, nxt);
 1142                         if (ext == NULL) {
 1143                                 ip6stat.ip6s_tooshort++;
 1144                                 return;
 1145                         }
 1146                         ip6e = mtod(ext, struct ip6_ext *);
 1147                         if (nxt == IPPROTO_AH)
 1148                                 elen = (ip6e->ip6e_len + 2) << 2;
 1149                         else
 1150                                 elen = (ip6e->ip6e_len + 1) << 3;
 1151                         if (elen != ext->m_len) {
 1152                                 m_freem(ext);
 1153                                 ip6stat.ip6s_tooshort++;
 1154                                 return;
 1155                         }
 1156                         KASSERT(IP6_HDR_ALIGNED_P(ip6e));
 1157 
 1158                         switch (nxt) {
 1159                         case IPPROTO_DSTOPTS:
 1160                                 if (!in6p->in6p_flags & IN6P_DSTOPTS)
 1161                                         break;
 1162 
 1163                                 /*
 1164                                  * We also require super-user privilege for
 1165                                  * the option.
 1166                                  * See the comments on IN6_HOPOPTS.
 1167                                  */
 1168                                 if (!privileged)
 1169                                         break;
 1170 
 1171                                 *mp = sbcreatecontrol((caddr_t)ip6e, elen,
 1172                                     IPV6_DSTOPTS, IPPROTO_IPV6);
 1173                                 if (*mp)
 1174                                         mp = &(*mp)->m_next;
 1175                                 break;
 1176 
 1177                         case IPPROTO_ROUTING:
 1178                                 if (!in6p->in6p_flags & IN6P_RTHDR)
 1179                                         break;
 1180 
 1181                                 *mp = sbcreatecontrol((caddr_t)ip6e, elen,
 1182                                     IPV6_RTHDR, IPPROTO_IPV6);
 1183                                 if (*mp)
 1184                                         mp = &(*mp)->m_next;
 1185                                 break;
 1186 
 1187                         case IPPROTO_HOPOPTS:
 1188                         case IPPROTO_AH: /* is it possible? */
 1189                                 break;
 1190 
 1191                         default:
 1192                                 /*
 1193                                  * other cases have been filtered in the above.
 1194                                  * none will visit this case.  here we supply
 1195                                  * the code just in case (nxt overwritten or
 1196                                  * other cases).
 1197                                  */
 1198                                 m_freem(ext);
 1199                                 goto loopend;
 1200 
 1201                         }
 1202 
 1203                         /* proceed with the next header. */
 1204                         off += elen;
 1205                         nxt = ip6e->ip6e_nxt;
 1206                         ip6e = NULL;
 1207                         m_freem(ext);
 1208                         ext = NULL;
 1209                 }
 1210           loopend:
 1211                 ;
 1212         }
 1213 }
 1214 
 1215 /*
 1216  * pull single extension header from mbuf chain.  returns single mbuf that
 1217  * contains the result, or NULL on error.
 1218  */
 1219 static struct mbuf *
 1220 ip6_pullexthdr(m, off, nxt)
 1221         struct mbuf *m;
 1222         size_t off;
 1223         int nxt;
 1224 {
 1225         struct ip6_ext ip6e;
 1226         size_t elen;
 1227         struct mbuf *n;
 1228 
 1229 #ifdef DIAGNOSTIC
 1230         switch (nxt) {
 1231         case IPPROTO_DSTOPTS:
 1232         case IPPROTO_ROUTING:
 1233         case IPPROTO_HOPOPTS:
 1234         case IPPROTO_AH: /* is it possible? */
 1235                 break;
 1236         default:
 1237                 printf("ip6_pullexthdr: invalid nxt=%d\n", nxt);
 1238         }
 1239 #endif
 1240 
 1241         m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e);
 1242         if (nxt == IPPROTO_AH)
 1243                 elen = (ip6e.ip6e_len + 2) << 2;
 1244         else
 1245                 elen = (ip6e.ip6e_len + 1) << 3;
 1246 
 1247         MGET(n, M_DONTWAIT, MT_DATA);
 1248         if (n && elen >= MLEN) {
 1249                 MCLGET(n, M_DONTWAIT);
 1250                 if ((n->m_flags & M_EXT) == 0) {
 1251                         m_free(n);
 1252                         n = NULL;
 1253                 }
 1254         }
 1255         if (!n)
 1256                 return NULL;
 1257 
 1258         n->m_len = 0;
 1259         if (elen >= M_TRAILINGSPACE(n)) {
 1260                 m_free(n);
 1261                 return NULL;
 1262         }
 1263 
 1264         m_copydata(m, off, elen, mtod(n, caddr_t));
 1265         n->m_len = elen;
 1266         return n;
 1267 }
 1268 
 1269 /*
 1270  * Get pointer to the previous header followed by the header
 1271  * currently processed.
 1272  * XXX: This function supposes that
 1273  *      M includes all headers,
 1274  *      the next header field and the header length field of each header
 1275  *      are valid, and
 1276  *      the sum of each header length equals to OFF.
 1277  * Because of these assumptions, this function must be called very
 1278  * carefully. Moreover, it will not be used in the near future when
 1279  * we develop `neater' mechanism to process extension headers.
 1280  */
 1281 u_int8_t *
 1282 ip6_get_prevhdr(m, off)
 1283         struct mbuf *m;
 1284         int off;
 1285 {
 1286         struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
 1287 
 1288         if (off == sizeof(struct ip6_hdr))
 1289                 return (&ip6->ip6_nxt);
 1290         else {
 1291                 int len, nxt;
 1292                 struct ip6_ext *ip6e = NULL;
 1293 
 1294                 nxt = ip6->ip6_nxt;
 1295                 len = sizeof(struct ip6_hdr);
 1296                 while (len < off) {
 1297                         ip6e = (struct ip6_ext *)(mtod(m, caddr_t) + len);
 1298 
 1299                         switch (nxt) {
 1300                         case IPPROTO_FRAGMENT:
 1301                                 len += sizeof(struct ip6_frag);
 1302                                 break;
 1303                         case IPPROTO_AH:
 1304                                 len += (ip6e->ip6e_len + 2) << 2;
 1305                                 break;
 1306                         default:
 1307                                 len += (ip6e->ip6e_len + 1) << 3;
 1308                                 break;
 1309                         }
 1310                         nxt = ip6e->ip6e_nxt;
 1311                 }
 1312                 if (ip6e)
 1313                         return (&ip6e->ip6e_nxt);
 1314                 else
 1315                         return NULL;
 1316         }
 1317 }
 1318 
 1319 /*
 1320  * get next header offset.  m will be retained.
 1321  */
 1322 int
 1323 ip6_nexthdr(m, off, proto, nxtp)
 1324         struct mbuf *m;
 1325         int off;
 1326         int proto;
 1327         int *nxtp;
 1328 {
 1329         struct ip6_hdr ip6;
 1330         struct ip6_ext ip6e;
 1331         struct ip6_frag fh;
 1332 
 1333         /* just in case */
 1334         if (m == NULL)
 1335                 panic("ip6_nexthdr: m == NULL");
 1336         if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off)
 1337                 return -1;
 1338 
 1339         switch (proto) {
 1340         case IPPROTO_IPV6:
 1341                 if (m->m_pkthdr.len < off + sizeof(ip6))
 1342                         return -1;
 1343                 m_copydata(m, off, sizeof(ip6), (caddr_t)&ip6);
 1344                 if (nxtp)
 1345                         *nxtp = ip6.ip6_nxt;
 1346                 off += sizeof(ip6);
 1347                 return off;
 1348 
 1349         case IPPROTO_FRAGMENT:
 1350                 /*
 1351                  * terminate parsing if it is not the first fragment,
 1352                  * it does not make sense to parse through it.
 1353                  */
 1354                 if (m->m_pkthdr.len < off + sizeof(fh))
 1355                         return -1;
 1356                 m_copydata(m, off, sizeof(fh), (caddr_t)&fh);
 1357                 if ((fh.ip6f_offlg & IP6F_OFF_MASK) != 0)
 1358                         return -1;
 1359                 if (nxtp)
 1360                         *nxtp = fh.ip6f_nxt;
 1361                 off += sizeof(struct ip6_frag);
 1362                 return off;
 1363 
 1364         case IPPROTO_AH:
 1365                 if (m->m_pkthdr.len < off + sizeof(ip6e))
 1366                         return -1;
 1367                 m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e);
 1368                 if (nxtp)
 1369                         *nxtp = ip6e.ip6e_nxt;
 1370                 off += (ip6e.ip6e_len + 2) << 2;
 1371                 if (m->m_pkthdr.len < off)
 1372                         return -1;
 1373                 return off;
 1374 
 1375         case IPPROTO_HOPOPTS:
 1376         case IPPROTO_ROUTING:
 1377         case IPPROTO_DSTOPTS:
 1378                 if (m->m_pkthdr.len < off + sizeof(ip6e))
 1379                         return -1;
 1380                 m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e);
 1381                 if (nxtp)
 1382                         *nxtp = ip6e.ip6e_nxt;
 1383                 off += (ip6e.ip6e_len + 1) << 3;
 1384                 if (m->m_pkthdr.len < off)
 1385                         return -1;
 1386                 return off;
 1387 
 1388         case IPPROTO_NONE:
 1389         case IPPROTO_ESP:
 1390         case IPPROTO_IPCOMP:
 1391                 /* give up */
 1392                 return -1;
 1393 
 1394         default:
 1395                 return -1;
 1396         }
 1397 }
 1398 
 1399 /*
 1400  * get offset for the last header in the chain.  m will be kept untainted.
 1401  */
 1402 int
 1403 ip6_lasthdr(m, off, proto, nxtp)
 1404         struct mbuf *m;
 1405         int off;
 1406         int proto;
 1407         int *nxtp;
 1408 {
 1409         int newoff;
 1410         int nxt;
 1411 
 1412         if (!nxtp) {
 1413                 nxt = -1;
 1414                 nxtp = &nxt;
 1415         }
 1416         while (1) {
 1417                 newoff = ip6_nexthdr(m, off, proto, nxtp);
 1418                 if (newoff < 0)
 1419                         return off;
 1420                 else if (newoff < off)
 1421                         return -1;      /* invalid */
 1422                 else if (newoff == off)
 1423                         return newoff;
 1424 
 1425                 off = newoff;
 1426                 proto = *nxtp;
 1427         }
 1428 }
 1429 
 1430 /*
 1431  * System control for IP6
 1432  */
 1433 
 1434 u_char  inet6ctlerrmap[PRC_NCMDS] = {
 1435         0,              0,              0,              0,
 1436         0,              EMSGSIZE,       EHOSTDOWN,      EHOSTUNREACH,
 1437         EHOSTUNREACH,   EHOSTUNREACH,   ECONNREFUSED,   ECONNREFUSED,
 1438         EMSGSIZE,       EHOSTUNREACH,   0,              0,
 1439         0,              0,              0,              0,
 1440         ENOPROTOOPT
 1441 };
 1442 
 1443 static int
 1444 sysctl_net_inet6_ip6_rht0(SYSCTLFN_ARGS)
 1445 {  
 1446         int error, tmp;
 1447         struct sysctlnode node;
 1448 
 1449         node = *rnode;
 1450         tmp = ip6_rht0;
 1451         node.sysctl_data = &tmp;
 1452         error = sysctl_lookup(SYSCTLFN_CALL(&node));
 1453         if (error || newp == NULL)
 1454                 return error;
 1455 
 1456         switch (tmp) {
 1457         case -1:        /* disable processing */
 1458         case 0:         /* disable for host, enable for router */
 1459         case 1:         /* enable for all */
 1460                 break;
 1461         default:
 1462                 return EINVAL;
 1463         }
 1464         ip6_rht0 = tmp;
 1465         return 0;
 1466 }
 1467 
 1468 SYSCTL_SETUP(sysctl_net_inet6_ip6_setup, "sysctl net.inet6.ip6 subtree setup")
 1469 {
 1470 
 1471         sysctl_createv(clog, 0, NULL, NULL,
 1472                        CTLFLAG_PERMANENT,
 1473                        CTLTYPE_NODE, "net", NULL,
 1474                        NULL, 0, NULL, 0,
 1475                        CTL_NET, CTL_EOL);
 1476         sysctl_createv(clog, 0, NULL, NULL,
 1477                        CTLFLAG_PERMANENT,
 1478                        CTLTYPE_NODE, "inet6",
 1479                        SYSCTL_DESCR("PF_INET6 related settings"),
 1480                        NULL, 0, NULL, 0,
 1481                        CTL_NET, PF_INET6, CTL_EOL);
 1482         sysctl_createv(clog, 0, NULL, NULL,
 1483                        CTLFLAG_PERMANENT,
 1484                        CTLTYPE_NODE, "ip6",
 1485                        SYSCTL_DESCR("IPv6 related settings"),
 1486                        NULL, 0, NULL, 0,
 1487                        CTL_NET, PF_INET6, IPPROTO_IPV6, CTL_EOL);
 1488 
 1489         sysctl_createv(clog, 0, NULL, NULL,
 1490                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1491                        CTLTYPE_INT, "forwarding",
 1492                        SYSCTL_DESCR("Enable forwarding of INET6 datagrams"),
 1493                        NULL, 0, &ip6_forwarding, 0,
 1494                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1495                        IPV6CTL_FORWARDING, CTL_EOL);
 1496         sysctl_createv(clog, 0, NULL, NULL,
 1497                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1498                        CTLTYPE_INT, "redirect",
 1499                        SYSCTL_DESCR("Enable sending of ICMPv6 redirect messages"),
 1500                        NULL, 0, &ip6_sendredirects, 0,
 1501                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1502                        IPV6CTL_SENDREDIRECTS, CTL_EOL);
 1503         sysctl_createv(clog, 0, NULL, NULL,
 1504                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1505                        CTLTYPE_INT, "hlim",
 1506                        SYSCTL_DESCR("Hop limit for an INET6 datagram"),
 1507                        NULL, 0, &ip6_defhlim, 0,
 1508                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1509                        IPV6CTL_DEFHLIM, CTL_EOL);
 1510 #ifdef notyet
 1511         sysctl_createv(clog, 0, NULL, NULL,
 1512                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1513                        CTLTYPE_INT, "mtu", NULL,
 1514                        NULL, 0, &, 0,
 1515                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1516                        IPV6CTL_DEFMTU, CTL_EOL);
 1517 #endif
 1518 #ifdef __no_idea__
 1519         sysctl_createv(clog, 0, NULL, NULL,
 1520                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1521                        CTLTYPE_INT, "forwsrcrt", NULL,
 1522                        NULL, 0, &?, 0,
 1523                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1524                        IPV6CTL_FORWSRCRT, CTL_EOL);
 1525         sysctl_createv(clog, 0, NULL, NULL,
 1526                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1527                        CTLTYPE_STRUCT, "stats", NULL,
 1528                        NULL, 0, &?, sizeof(?),
 1529                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1530                        IPV6CTL_STATS, CTL_EOL);
 1531         sysctl_createv(clog, 0, NULL, NULL,
 1532                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1533                        CTLTYPE_STRUCT, "mrtstats", NULL,
 1534                        NULL, 0, &?, sizeof(?),
 1535                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1536                        IPV6CTL_MRTSTATS, CTL_EOL);
 1537         sysctl_createv(clog, 0, NULL, NULL,
 1538                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1539                        CTLTYPE_?, "mrtproto", NULL,
 1540                        NULL, 0, &?, sizeof(?),
 1541                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1542                        IPV6CTL_MRTPROTO, CTL_EOL);
 1543 #endif
 1544         sysctl_createv(clog, 0, NULL, NULL,
 1545                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1546                        CTLTYPE_INT, "maxfragpackets",
 1547                        SYSCTL_DESCR("Maximum number of fragments to buffer "
 1548                                     "for reassembly"),
 1549                        NULL, 0, &ip6_maxfragpackets, 0,
 1550                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1551                        IPV6CTL_MAXFRAGPACKETS, CTL_EOL);
 1552 #ifdef __no_idea__
 1553         sysctl_createv(clog, 0, NULL, NULL,
 1554                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1555                        CTLTYPE_INT, "sourcecheck", NULL,
 1556                        NULL, 0, &?, 0,
 1557                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1558                        IPV6CTL_SOURCECHECK, CTL_EOL);
 1559         sysctl_createv(clog, 0, NULL, NULL,
 1560                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1561                        CTLTYPE_INT, "sourcecheck_logint", NULL,
 1562                        NULL, 0, &?, 0,
 1563                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1564                        IPV6CTL_SOURCECHECK_LOGINT, CTL_EOL);
 1565 #endif
 1566         sysctl_createv(clog, 0, NULL, NULL,
 1567                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1568                        CTLTYPE_INT, "accept_rtadv",
 1569                        SYSCTL_DESCR("Accept router advertisements"),
 1570                        NULL, 0, &ip6_accept_rtadv, 0,
 1571                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1572                        IPV6CTL_ACCEPT_RTADV, CTL_EOL);
 1573         sysctl_createv(clog, 0, NULL, NULL,
 1574                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1575                        CTLTYPE_INT, "keepfaith",
 1576                        SYSCTL_DESCR("Activate faith interface"),
 1577                        NULL, 0, &ip6_keepfaith, 0,
 1578                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1579                        IPV6CTL_KEEPFAITH, CTL_EOL);
 1580         sysctl_createv(clog, 0, NULL, NULL,
 1581                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1582                        CTLTYPE_INT, "log_interval",
 1583                        SYSCTL_DESCR("Minumum interval between logging "
 1584                                     "unroutable packets"),
 1585                        NULL, 0, &ip6_log_interval, 0,
 1586                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1587                        IPV6CTL_LOG_INTERVAL, CTL_EOL);
 1588         sysctl_createv(clog, 0, NULL, NULL,
 1589                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1590                        CTLTYPE_INT, "hdrnestlimit",
 1591                        SYSCTL_DESCR("Maximum number of nested IPv6 headers"),
 1592                        NULL, 0, &ip6_hdrnestlimit, 0,
 1593                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1594                        IPV6CTL_HDRNESTLIMIT, CTL_EOL);
 1595         sysctl_createv(clog, 0, NULL, NULL,
 1596                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1597                        CTLTYPE_INT, "dad_count",
 1598                        SYSCTL_DESCR("Number of Duplicate Address Detection "
 1599                                     "probes to send"),
 1600                        NULL, 0, &ip6_dad_count, 0,
 1601                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1602                        IPV6CTL_DAD_COUNT, CTL_EOL);
 1603         sysctl_createv(clog, 0, NULL, NULL,
 1604                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1605                        CTLTYPE_INT, "auto_flowlabel",
 1606                        SYSCTL_DESCR("Assign random IPv6 flow labels"),
 1607                        NULL, 0, &ip6_auto_flowlabel, 0,
 1608                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1609                        IPV6CTL_AUTO_FLOWLABEL, CTL_EOL);
 1610         sysctl_createv(clog, 0, NULL, NULL,
 1611                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1612                        CTLTYPE_INT, "defmcasthlim",
 1613                        SYSCTL_DESCR("Default multicast hop limit"),
 1614                        NULL, 0, &ip6_defmcasthlim, 0,
 1615                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1616                        IPV6CTL_DEFMCASTHLIM, CTL_EOL);
 1617 #if NGIF > 0
 1618         sysctl_createv(clog, 0, NULL, NULL,
 1619                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1620                        CTLTYPE_INT, "gifhlim",
 1621                        SYSCTL_DESCR("Default hop limit for a gif tunnel datagram"),
 1622                        NULL, 0, &ip6_gif_hlim, 0,
 1623                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1624                        IPV6CTL_GIF_HLIM, CTL_EOL);
 1625 #endif /* NGIF */
 1626         sysctl_createv(clog, 0, NULL, NULL,
 1627                        CTLFLAG_PERMANENT,
 1628                        CTLTYPE_STRING, "kame_version",
 1629                        SYSCTL_DESCR("KAME Version"),
 1630                        NULL, 0, __KAME_VERSION, 0,
 1631                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1632                        IPV6CTL_KAME_VERSION, CTL_EOL);
 1633         sysctl_createv(clog, 0, NULL, NULL,
 1634                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1635                        CTLTYPE_INT, "use_deprecated",
 1636                        SYSCTL_DESCR("Allow use of deprecated addresses as "
 1637                                     "source addresses"),
 1638                        NULL, 0, &ip6_use_deprecated, 0,
 1639                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1640                        IPV6CTL_USE_DEPRECATED, CTL_EOL);
 1641         sysctl_createv(clog, 0, NULL, NULL,
 1642                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1643                        CTLTYPE_INT, "rr_prune", NULL,
 1644                        NULL, 0, &ip6_rr_prune, 0,
 1645                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1646                        IPV6CTL_RR_PRUNE, CTL_EOL);
 1647         sysctl_createv(clog, 0, NULL, NULL,
 1648                        CTLFLAG_PERMANENT
 1649 #ifndef INET6_BINDV6ONLY
 1650                        |CTLFLAG_READWRITE,
 1651 #endif
 1652                        CTLTYPE_INT, "v6only",
 1653                        SYSCTL_DESCR("Disallow PF_INET6 sockets from connecting "
 1654                                     "to PF_INET sockets"),
 1655                        NULL, 0, &ip6_v6only, 0,
 1656                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1657                        IPV6CTL_V6ONLY, CTL_EOL);
 1658         sysctl_createv(clog, 0, NULL, NULL,
 1659                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1660                        CTLTYPE_INT, "anonportmin",
 1661                        SYSCTL_DESCR("Lowest ephemeral port number to assign"),
 1662                        sysctl_net_inet_ip_ports, 0, &ip6_anonportmin, 0,
 1663                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1664                        IPV6CTL_ANONPORTMIN, CTL_EOL);
 1665         sysctl_createv(clog, 0, NULL, NULL,
 1666                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1667                        CTLTYPE_INT, "anonportmax",
 1668                        SYSCTL_DESCR("Highest ephemeral port number to assign"),
 1669                        sysctl_net_inet_ip_ports, 0, &ip6_anonportmax, 0,
 1670                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1671                        IPV6CTL_ANONPORTMAX, CTL_EOL);
 1672 #ifndef IPNOPRIVPORTS
 1673         sysctl_createv(clog, 0, NULL, NULL,
 1674                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1675                        CTLTYPE_INT, "lowportmin",
 1676                        SYSCTL_DESCR("Lowest privileged ephemeral port number "
 1677                                     "to assign"),
 1678                        sysctl_net_inet_ip_ports, 0, &ip6_lowportmin, 0,
 1679                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1680                        IPV6CTL_LOWPORTMIN, CTL_EOL);
 1681         sysctl_createv(clog, 0, NULL, NULL,
 1682                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1683                        CTLTYPE_INT, "lowportmax",
 1684                        SYSCTL_DESCR("Highest privileged ephemeral port number "
 1685                                     "to assign"),
 1686                        sysctl_net_inet_ip_ports, 0, &ip6_lowportmax, 0,
 1687                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1688                        IPV6CTL_LOWPORTMAX, CTL_EOL);
 1689 #endif /* IPNOPRIVPORTS */
 1690         sysctl_createv(clog, 0, NULL, NULL,
 1691                        CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1692                        CTLTYPE_INT, "maxfrags",
 1693                        SYSCTL_DESCR("Maximum fragments in reassembly queue"),
 1694                        NULL, 0, &ip6_maxfrags, 0,
 1695                        CTL_NET, PF_INET6, IPPROTO_IPV6,
 1696                        IPV6CTL_MAXFRAGS, CTL_EOL);
 1697         sysctl_createv(clog, 0, NULL, NULL,
 1698                         CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
 1699                         CTLTYPE_INT, "rht0",
 1700                         SYSCTL_DESCR("Processing of routing header type 0 (IPv6)"),
 1701                         sysctl_net_inet6_ip6_rht0, 0, &ip6_rht0, 0,
 1702                         CTL_NET, PF_INET6, IPPROTO_IPV6,
 1703                         CTL_CREATE, CTL_EOL);
 1704 }

Cache object: 988cdec893f65ba8a5b774df3d7862e7


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.