2005-01-07 02:30:35 +00:00
|
|
|
/*-
|
2017-11-20 19:43:44 +00:00
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
*
|
1999-11-22 02:45:11 +00:00
|
|
|
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
2007-12-10 16:03:40 +00:00
|
|
|
*
|
|
|
|
* $KAME: ip6_var.h,v 1.62 2001/05/03 14:51:48 itojun Exp $
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
|
2005-01-07 02:30:35 +00:00
|
|
|
/*-
|
1999-11-22 02:45:11 +00:00
|
|
|
* Copyright (c) 1982, 1986, 1993
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2017-02-28 23:42:47 +00:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
1999-11-22 02:45:11 +00:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*
|
|
|
|
* @(#)ip_var.h 8.1 (Berkeley) 6/10/93
|
2007-12-10 16:03:40 +00:00
|
|
|
* $FreeBSD$
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _NETINET6_IP6_VAR_H_
|
|
|
|
#define _NETINET6_IP6_VAR_H_
|
|
|
|
|
2018-05-20 00:22:28 +00:00
|
|
|
#include <sys/epoch.h>
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
* IP6 reassembly queue structure. Each fragment
|
|
|
|
* being reassembled is attached to one of these structures.
|
|
|
|
*/
|
|
|
|
struct ip6q {
|
2000-07-04 16:35:15 +00:00
|
|
|
struct ip6asfrag *ip6q_down;
|
|
|
|
struct ip6asfrag *ip6q_up;
|
|
|
|
u_int32_t ip6q_ident;
|
2007-06-04 06:06:35 +00:00
|
|
|
u_int8_t ip6q_nxt;
|
|
|
|
u_int8_t ip6q_ecn;
|
2000-07-04 16:35:15 +00:00
|
|
|
u_int8_t ip6q_ttl;
|
2007-06-04 06:06:35 +00:00
|
|
|
struct in6_addr ip6q_src, ip6q_dst;
|
2000-07-04 16:35:15 +00:00
|
|
|
struct ip6q *ip6q_next;
|
|
|
|
struct ip6q *ip6q_prev;
|
|
|
|
int ip6q_unfrglen; /* len of unfragmentable part */
|
|
|
|
#ifdef notyet
|
|
|
|
u_char *ip6q_nxtp;
|
|
|
|
#endif
|
2003-10-22 15:29:42 +00:00
|
|
|
int ip6q_nfrag; /* # of fragments */
|
2008-10-26 22:45:18 +00:00
|
|
|
struct label *ip6q_label;
|
1999-11-22 02:45:11 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
struct ip6asfrag {
|
2000-07-04 16:35:15 +00:00
|
|
|
struct ip6asfrag *ip6af_down;
|
|
|
|
struct ip6asfrag *ip6af_up;
|
|
|
|
struct mbuf *ip6af_m;
|
|
|
|
int ip6af_offset; /* offset in ip6af_m to next header */
|
|
|
|
int ip6af_frglen; /* fragmentable part length */
|
|
|
|
int ip6af_off; /* fragment offset */
|
|
|
|
u_int16_t ip6af_mff; /* more fragment bit in frag off */
|
1999-11-22 02:45:11 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
#define IP6_REASS_MBUF(ip6af) (*(struct mbuf **)&((ip6af)->ip6af_m))
|
|
|
|
|
2015-11-06 23:07:43 +00:00
|
|
|
/*
|
|
|
|
* IP6 reinjecting structure.
|
|
|
|
*/
|
|
|
|
struct ip6_direct_ctx {
|
|
|
|
uint32_t ip6dc_nxt; /* next header to process */
|
|
|
|
uint32_t ip6dc_off; /* offset to next header */
|
|
|
|
};
|
|
|
|
|
Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit:
import from p4 bms_netdev. Summary of changes:
* Connect netinet6/in6_mcast.c to build.
The legacy KAME KPIs are mostly preserved.
* Eliminate now dead code from ip6_output.c.
Don't do mbuf bingo, we are not going to do RFC 2292 style
CMSG tricks for multicast options as they are not required
by any current IPv6 normative reference.
* Refactor transports (UDP, raw_ip6) to do own mcast filtering.
SCTP, TCP unaffected by this change.
* Add ip6_msource, in6_msource structs to in6_var.h.
* Hookup mld_ifinfo state to in6_ifextra, allocate from
domifattach path.
* Eliminate IN6_LOOKUP_MULTI(), it is no longer referenced.
Kernel consumers which need this should use in6m_lookup().
* Refactor IPv6 socket group memberships to use a vector (like IPv4).
* Update ifmcstat(8) for IPv6 SSM.
* Add witness lock order for IN6_MULTI_LOCK.
* Move IN6_MULTI_LOCK out of lower ip6_output()/ip6_input() paths.
* Introduce IP6STAT_ADD/SUB/INC/DEC as per rwatson's IPv4 cleanup.
* Update carp(4) for new IPv6 SSM KPIs.
* Virtualize ip6_mrouter socket.
Changes mostly localized to IPv6 MROUTING.
* Don't do a local group lookup in MROUTING.
* Kill unused KAME prototypes in6_purgemkludge(), in6_restoremkludge().
* Preserve KAME DAD timer jitter behaviour in MLDv1 compatibility mode.
* Bump __FreeBSD_version to 800084.
* Update UPDATING.
NOTE WELL:
* This code hasn't been tested against real MLDv2 queriers
(yet), although the on-wire protocol has been verified in Wireshark.
* There are a few unresolved issues in the socket layer APIs to
do with scope ID propagation.
* There is a LOR present in ip6_output()'s use of
in6_setscope() which needs to be resolved. See comments in mld6.c.
This is believed to be benign and can't be avoided for the moment
without re-introducing an indirect netisr.
This work was mostly derived from the IGMPv3 implementation, and
has been sponsored by a third party.
2009-04-29 19:19:13 +00:00
|
|
|
/*
|
|
|
|
* Structure attached to inpcb.in6p_moptions and
|
|
|
|
* passed to ip6_output when IPv6 multicast options are in use.
|
|
|
|
* This structure is lazy-allocated.
|
|
|
|
*/
|
|
|
|
struct ip6_moptions {
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ifnet *im6o_multicast_ifp; /* ifp for outgoing multicasts */
|
|
|
|
u_char im6o_multicast_hlim; /* hoplimit for outgoing multicasts */
|
|
|
|
u_char im6o_multicast_loop; /* 1 >= hear sends if a member */
|
Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit:
import from p4 bms_netdev. Summary of changes:
* Connect netinet6/in6_mcast.c to build.
The legacy KAME KPIs are mostly preserved.
* Eliminate now dead code from ip6_output.c.
Don't do mbuf bingo, we are not going to do RFC 2292 style
CMSG tricks for multicast options as they are not required
by any current IPv6 normative reference.
* Refactor transports (UDP, raw_ip6) to do own mcast filtering.
SCTP, TCP unaffected by this change.
* Add ip6_msource, in6_msource structs to in6_var.h.
* Hookup mld_ifinfo state to in6_ifextra, allocate from
domifattach path.
* Eliminate IN6_LOOKUP_MULTI(), it is no longer referenced.
Kernel consumers which need this should use in6m_lookup().
* Refactor IPv6 socket group memberships to use a vector (like IPv4).
* Update ifmcstat(8) for IPv6 SSM.
* Add witness lock order for IN6_MULTI_LOCK.
* Move IN6_MULTI_LOCK out of lower ip6_output()/ip6_input() paths.
* Introduce IP6STAT_ADD/SUB/INC/DEC as per rwatson's IPv4 cleanup.
* Update carp(4) for new IPv6 SSM KPIs.
* Virtualize ip6_mrouter socket.
Changes mostly localized to IPv6 MROUTING.
* Don't do a local group lookup in MROUTING.
* Kill unused KAME prototypes in6_purgemkludge(), in6_restoremkludge().
* Preserve KAME DAD timer jitter behaviour in MLDv1 compatibility mode.
* Bump __FreeBSD_version to 800084.
* Update UPDATING.
NOTE WELL:
* This code hasn't been tested against real MLDv2 queriers
(yet), although the on-wire protocol has been verified in Wireshark.
* There are a few unresolved issues in the socket layer APIs to
do with scope ID propagation.
* There is a LOR present in ip6_output()'s use of
in6_setscope() which needs to be resolved. See comments in mld6.c.
This is believed to be benign and can't be avoided for the moment
without re-introducing an indirect netisr.
This work was mostly derived from the IGMPv3 implementation, and
has been sponsored by a third party.
2009-04-29 19:19:13 +00:00
|
|
|
u_short im6o_num_memberships; /* no. memberships this socket */
|
|
|
|
u_short im6o_max_memberships; /* max memberships this socket */
|
|
|
|
struct in6_multi **im6o_membership; /* group memberships */
|
|
|
|
struct in6_mfilter *im6o_mfilters; /* source filters */
|
2018-05-20 00:22:28 +00:00
|
|
|
struct epoch_context imo6_epoch_ctx;
|
1999-11-22 02:45:11 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Control options for outgoing packets
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* Routing header related info */
|
|
|
|
struct ip6po_rhinfo {
|
|
|
|
struct ip6_rthdr *ip6po_rhi_rthdr; /* Routing header */
|
|
|
|
struct route_in6 ip6po_rhi_route; /* Route to the 1st hop */
|
|
|
|
};
|
2000-07-04 16:35:15 +00:00
|
|
|
#define ip6po_rthdr ip6po_rhinfo.ip6po_rhi_rthdr
|
|
|
|
#define ip6po_route ip6po_rhinfo.ip6po_rhi_route
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2003-10-24 18:26:30 +00:00
|
|
|
/* Nexthop related info */
|
|
|
|
struct ip6po_nhinfo {
|
|
|
|
struct sockaddr *ip6po_nhi_nexthop;
|
|
|
|
struct route_in6 ip6po_nhi_route; /* Route to the nexthop */
|
|
|
|
};
|
|
|
|
#define ip6po_nexthop ip6po_nhinfo.ip6po_nhi_nexthop
|
|
|
|
#define ip6po_nextroute ip6po_nhinfo.ip6po_nhi_route
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ip6_pktopts {
|
|
|
|
struct mbuf *ip6po_m; /* Pointer to mbuf storing the data */
|
2001-06-11 12:39:29 +00:00
|
|
|
int ip6po_hlim; /* Hoplimit for outgoing packets */
|
|
|
|
|
|
|
|
/* Outgoing IF/address information */
|
|
|
|
struct in6_pktinfo *ip6po_pktinfo;
|
|
|
|
|
2003-10-24 18:26:30 +00:00
|
|
|
/* Next-hop address information */
|
|
|
|
struct ip6po_nhinfo ip6po_nhinfo;
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ip6_hbh *ip6po_hbh; /* Hop-by-Hop options header */
|
2001-06-11 12:39:29 +00:00
|
|
|
|
|
|
|
/* Destination options header (before a routing header) */
|
|
|
|
struct ip6_dest *ip6po_dest1;
|
|
|
|
|
|
|
|
/* Routing header related info. */
|
|
|
|
struct ip6po_rhinfo ip6po_rhinfo;
|
|
|
|
|
|
|
|
/* Destination options header (after a routing header) */
|
|
|
|
struct ip6_dest *ip6po_dest2;
|
2003-10-24 18:26:30 +00:00
|
|
|
|
|
|
|
int ip6po_tclass; /* traffic class */
|
|
|
|
|
|
|
|
int ip6po_minmtu; /* fragment vs PMTU discovery policy */
|
|
|
|
#define IP6PO_MINMTU_MCASTONLY -1 /* default; send at min MTU for multicast*/
|
|
|
|
#define IP6PO_MINMTU_DISABLE 0 /* always perform pmtu disc */
|
|
|
|
#define IP6PO_MINMTU_ALL 1 /* always send at min MTU */
|
|
|
|
|
|
|
|
int ip6po_prefer_tempaddr; /* whether temporary addresses are
|
|
|
|
preferred as source address */
|
|
|
|
#define IP6PO_TEMPADDR_SYSTEM -1 /* follow the system default */
|
|
|
|
#define IP6PO_TEMPADDR_NOTPREFER 0 /* not prefer temporary address */
|
|
|
|
#define IP6PO_TEMPADDR_PREFER 1 /* prefer temporary address */
|
|
|
|
|
|
|
|
int ip6po_flags;
|
|
|
|
#if 0 /* parameters in this block is obsolete. do not reuse the values. */
|
|
|
|
#define IP6PO_REACHCONF 0x01 /* upper-layer reachability confirmation. */
|
|
|
|
#define IP6PO_MINMTU 0x02 /* use minimum MTU (IPV6_USE_MIN_MTU) */
|
|
|
|
#endif
|
|
|
|
#define IP6PO_DONTFRAG 0x04 /* disable fragmentation (IPV6_DONTFRAG) */
|
|
|
|
#define IP6PO_USECOA 0x08 /* use care of address */
|
1999-11-22 02:45:11 +00:00
|
|
|
};
|
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
/*
|
|
|
|
* Control options for incoming packets
|
|
|
|
*/
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ip6stat {
|
Prepare network statistics structures for migration to PCPU counters.
Use uint64_t as type for all fields of structures.
Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.
Discussed with: arch@
2013-07-09 09:32:06 +00:00
|
|
|
uint64_t ip6s_total; /* total packets received */
|
|
|
|
uint64_t ip6s_tooshort; /* packet too short */
|
|
|
|
uint64_t ip6s_toosmall; /* not enough data */
|
|
|
|
uint64_t ip6s_fragments; /* fragments received */
|
|
|
|
uint64_t ip6s_fragdropped; /* frags dropped(dups, out of space) */
|
|
|
|
uint64_t ip6s_fragtimeout; /* fragments timed out */
|
|
|
|
uint64_t ip6s_fragoverflow; /* fragments that exceeded limit */
|
|
|
|
uint64_t ip6s_forward; /* packets forwarded */
|
|
|
|
uint64_t ip6s_cantforward; /* packets rcvd for unreachable dest */
|
|
|
|
uint64_t ip6s_redirectsent; /* packets forwarded on same net */
|
|
|
|
uint64_t ip6s_delivered; /* datagrams delivered to upper level*/
|
|
|
|
uint64_t ip6s_localout; /* total ip packets generated here */
|
|
|
|
uint64_t ip6s_odropped; /* lost packets due to nobufs, etc. */
|
|
|
|
uint64_t ip6s_reassembled; /* total packets reassembled ok */
|
2019-04-19 17:06:43 +00:00
|
|
|
uint64_t ip6s_atomicfrags; /* atomic fragments */
|
Prepare network statistics structures for migration to PCPU counters.
Use uint64_t as type for all fields of structures.
Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.
Discussed with: arch@
2013-07-09 09:32:06 +00:00
|
|
|
uint64_t ip6s_fragmented; /* datagrams successfully fragmented */
|
|
|
|
uint64_t ip6s_ofragments; /* output fragments created */
|
|
|
|
uint64_t ip6s_cantfrag; /* don't fragment flag was set, etc. */
|
|
|
|
uint64_t ip6s_badoptions; /* error in option processing */
|
|
|
|
uint64_t ip6s_noroute; /* packets discarded due to no route */
|
|
|
|
uint64_t ip6s_badvers; /* ip6 version != 6 */
|
|
|
|
uint64_t ip6s_rawout; /* total raw ip packets generated */
|
|
|
|
uint64_t ip6s_badscope; /* scope error */
|
|
|
|
uint64_t ip6s_notmember; /* don't join this multicast group */
|
2013-04-16 11:12:58 +00:00
|
|
|
#define IP6S_HDRCNT 256 /* headers count */
|
Prepare network statistics structures for migration to PCPU counters.
Use uint64_t as type for all fields of structures.
Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.
Discussed with: arch@
2013-07-09 09:32:06 +00:00
|
|
|
uint64_t ip6s_nxthist[IP6S_HDRCNT]; /* next header history */
|
|
|
|
uint64_t ip6s_m1; /* one mbuf */
|
2013-04-16 11:12:58 +00:00
|
|
|
#define IP6S_M2MMAX 32
|
Prepare network statistics structures for migration to PCPU counters.
Use uint64_t as type for all fields of structures.
Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.
Discussed with: arch@
2013-07-09 09:32:06 +00:00
|
|
|
uint64_t ip6s_m2m[IP6S_M2MMAX]; /* two or more mbuf */
|
|
|
|
uint64_t ip6s_mext1; /* one ext mbuf */
|
|
|
|
uint64_t ip6s_mext2m; /* two or more ext mbuf */
|
|
|
|
uint64_t ip6s_exthdrtoolong; /* ext hdr are not contiguous */
|
|
|
|
uint64_t ip6s_nogif; /* no match gif found */
|
|
|
|
uint64_t ip6s_toomanyhdr; /* discarded due to too many headers */
|
2000-07-04 16:35:15 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* statistics for improvement of the source address selection
|
|
|
|
* algorithm:
|
|
|
|
* XXX: hardcoded 16 = # of ip6 multicast scope types + 1
|
|
|
|
*/
|
2013-04-16 11:12:58 +00:00
|
|
|
#define IP6S_RULESMAX 16
|
|
|
|
#define IP6S_SCOPECNT 16
|
2000-07-04 16:35:15 +00:00
|
|
|
/* number of times that address selection fails */
|
Prepare network statistics structures for migration to PCPU counters.
Use uint64_t as type for all fields of structures.
Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.
Discussed with: arch@
2013-07-09 09:32:06 +00:00
|
|
|
uint64_t ip6s_sources_none;
|
2000-07-04 16:35:15 +00:00
|
|
|
/* number of times that an address on the outgoing I/F is chosen */
|
Prepare network statistics structures for migration to PCPU counters.
Use uint64_t as type for all fields of structures.
Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.
Discussed with: arch@
2013-07-09 09:32:06 +00:00
|
|
|
uint64_t ip6s_sources_sameif[IP6S_SCOPECNT];
|
2000-07-04 16:35:15 +00:00
|
|
|
/* number of times that an address on a non-outgoing I/F is chosen */
|
Prepare network statistics structures for migration to PCPU counters.
Use uint64_t as type for all fields of structures.
Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.
Discussed with: arch@
2013-07-09 09:32:06 +00:00
|
|
|
uint64_t ip6s_sources_otherif[IP6S_SCOPECNT];
|
2000-07-04 16:35:15 +00:00
|
|
|
/*
|
|
|
|
* number of times that an address that has the same scope
|
|
|
|
* from the destination is chosen.
|
|
|
|
*/
|
Prepare network statistics structures for migration to PCPU counters.
Use uint64_t as type for all fields of structures.
Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.
Discussed with: arch@
2013-07-09 09:32:06 +00:00
|
|
|
uint64_t ip6s_sources_samescope[IP6S_SCOPECNT];
|
2000-07-04 16:35:15 +00:00
|
|
|
/*
|
|
|
|
* number of times that an address that has a different scope
|
|
|
|
* from the destination is chosen.
|
|
|
|
*/
|
Prepare network statistics structures for migration to PCPU counters.
Use uint64_t as type for all fields of structures.
Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.
Discussed with: arch@
2013-07-09 09:32:06 +00:00
|
|
|
uint64_t ip6s_sources_otherscope[IP6S_SCOPECNT];
|
2002-12-30 21:18:15 +00:00
|
|
|
/* number of times that a deprecated address is chosen */
|
Prepare network statistics structures for migration to PCPU counters.
Use uint64_t as type for all fields of structures.
Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.
Discussed with: arch@
2013-07-09 09:32:06 +00:00
|
|
|
uint64_t ip6s_sources_deprecated[IP6S_SCOPECNT];
|
2000-07-04 16:35:15 +00:00
|
|
|
|
2003-11-04 20:22:33 +00:00
|
|
|
/* number of times that each rule of source selection is applied. */
|
Prepare network statistics structures for migration to PCPU counters.
Use uint64_t as type for all fields of structures.
Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.
Discussed with: arch@
2013-07-09 09:32:06 +00:00
|
|
|
uint64_t ip6s_sources_rule[IP6S_RULESMAX];
|
1999-11-22 02:45:11 +00:00
|
|
|
};
|
|
|
|
|
Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit:
import from p4 bms_netdev. Summary of changes:
* Connect netinet6/in6_mcast.c to build.
The legacy KAME KPIs are mostly preserved.
* Eliminate now dead code from ip6_output.c.
Don't do mbuf bingo, we are not going to do RFC 2292 style
CMSG tricks for multicast options as they are not required
by any current IPv6 normative reference.
* Refactor transports (UDP, raw_ip6) to do own mcast filtering.
SCTP, TCP unaffected by this change.
* Add ip6_msource, in6_msource structs to in6_var.h.
* Hookup mld_ifinfo state to in6_ifextra, allocate from
domifattach path.
* Eliminate IN6_LOOKUP_MULTI(), it is no longer referenced.
Kernel consumers which need this should use in6m_lookup().
* Refactor IPv6 socket group memberships to use a vector (like IPv4).
* Update ifmcstat(8) for IPv6 SSM.
* Add witness lock order for IN6_MULTI_LOCK.
* Move IN6_MULTI_LOCK out of lower ip6_output()/ip6_input() paths.
* Introduce IP6STAT_ADD/SUB/INC/DEC as per rwatson's IPv4 cleanup.
* Update carp(4) for new IPv6 SSM KPIs.
* Virtualize ip6_mrouter socket.
Changes mostly localized to IPv6 MROUTING.
* Don't do a local group lookup in MROUTING.
* Kill unused KAME prototypes in6_purgemkludge(), in6_restoremkludge().
* Preserve KAME DAD timer jitter behaviour in MLDv1 compatibility mode.
* Bump __FreeBSD_version to 800084.
* Update UPDATING.
NOTE WELL:
* This code hasn't been tested against real MLDv2 queriers
(yet), although the on-wire protocol has been verified in Wireshark.
* There are a few unresolved issues in the socket layer APIs to
do with scope ID propagation.
* There is a LOR present in ip6_output()'s use of
in6_setscope() which needs to be resolved. See comments in mld6.c.
This is believed to be benign and can't be avoided for the moment
without re-introducing an indirect netisr.
This work was mostly derived from the IGMPv3 implementation, and
has been sponsored by a third party.
2009-04-29 19:19:13 +00:00
|
|
|
#ifdef _KERNEL
|
2013-07-09 09:54:54 +00:00
|
|
|
#include <sys/counter.h>
|
|
|
|
|
|
|
|
VNET_PCPUSTAT_DECLARE(struct ip6stat, ip6stat);
|
|
|
|
#define IP6STAT_ADD(name, val) \
|
|
|
|
VNET_PCPUSTAT_ADD(struct ip6stat, ip6stat, name, (val))
|
|
|
|
#define IP6STAT_SUB(name, val) IP6STAT_ADD(name, -(val))
|
Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit:
import from p4 bms_netdev. Summary of changes:
* Connect netinet6/in6_mcast.c to build.
The legacy KAME KPIs are mostly preserved.
* Eliminate now dead code from ip6_output.c.
Don't do mbuf bingo, we are not going to do RFC 2292 style
CMSG tricks for multicast options as they are not required
by any current IPv6 normative reference.
* Refactor transports (UDP, raw_ip6) to do own mcast filtering.
SCTP, TCP unaffected by this change.
* Add ip6_msource, in6_msource structs to in6_var.h.
* Hookup mld_ifinfo state to in6_ifextra, allocate from
domifattach path.
* Eliminate IN6_LOOKUP_MULTI(), it is no longer referenced.
Kernel consumers which need this should use in6m_lookup().
* Refactor IPv6 socket group memberships to use a vector (like IPv4).
* Update ifmcstat(8) for IPv6 SSM.
* Add witness lock order for IN6_MULTI_LOCK.
* Move IN6_MULTI_LOCK out of lower ip6_output()/ip6_input() paths.
* Introduce IP6STAT_ADD/SUB/INC/DEC as per rwatson's IPv4 cleanup.
* Update carp(4) for new IPv6 SSM KPIs.
* Virtualize ip6_mrouter socket.
Changes mostly localized to IPv6 MROUTING.
* Don't do a local group lookup in MROUTING.
* Kill unused KAME prototypes in6_purgemkludge(), in6_restoremkludge().
* Preserve KAME DAD timer jitter behaviour in MLDv1 compatibility mode.
* Bump __FreeBSD_version to 800084.
* Update UPDATING.
NOTE WELL:
* This code hasn't been tested against real MLDv2 queriers
(yet), although the on-wire protocol has been verified in Wireshark.
* There are a few unresolved issues in the socket layer APIs to
do with scope ID propagation.
* There is a LOR present in ip6_output()'s use of
in6_setscope() which needs to be resolved. See comments in mld6.c.
This is believed to be benign and can't be avoided for the moment
without re-introducing an indirect netisr.
This work was mostly derived from the IGMPv3 implementation, and
has been sponsored by a third party.
2009-04-29 19:19:13 +00:00
|
|
|
#define IP6STAT_INC(name) IP6STAT_ADD(name, 1)
|
|
|
|
#define IP6STAT_DEC(name) IP6STAT_SUB(name, 1)
|
|
|
|
#endif
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
#ifdef _KERNEL
|
|
|
|
/* flags passed to ip6_output as last parameter */
|
2005-10-21 15:45:13 +00:00
|
|
|
#define IPV6_UNSPECSRC 0x01 /* allow :: as the source address */
|
1999-11-22 02:45:11 +00:00
|
|
|
#define IPV6_FORWARDING 0x02 /* most of IPv6 header exists */
|
2000-07-04 16:35:15 +00:00
|
|
|
#define IPV6_MINMTU 0x04 /* use minimum MTU (IPV6_USE_MIN_MTU) */
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2005-07-02 23:13:31 +00:00
|
|
|
#ifdef __NO_STRICT_ALIGNMENT
|
|
|
|
#define IP6_HDR_ALIGNED_P(ip) 1
|
|
|
|
#else
|
|
|
|
#define IP6_HDR_ALIGNED_P(ip) ((((intptr_t) (ip)) & 3) == 0)
|
|
|
|
#endif
|
|
|
|
|
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator. Modify vnet to use the allocator
instead of monolithic global container structures (vinet, ...). This
change solves many binary compatibility problems associated with
VIMAGE, and restores ELF symbols for virtualized global variables.
Each virtualized global variable exists as a "reference copy", and also
once per virtual network stack. Virtualized global variables are
tagged at compile-time, placing the in a special linker set, which is
loaded into a contiguous region of kernel memory. Virtualized global
variables in the base kernel are linked as normal, but those in modules
are copied and relocated to a reserved portion of the kernel's vnet
region with the help of a the kernel linker.
Virtualized global variables exist in per-vnet memory set up when the
network stack instance is created, and are initialized statically from
the reference copy. Run-time access occurs via an accessor macro, which
converts from the current vnet and requested symbol to a per-vnet
address. When "options VIMAGE" is not compiled into the kernel, normal
global ELF symbols will be used instead and indirection is avoided.
This change restores static initialization for network stack global
variables, restores support for non-global symbols and types, eliminates
the need for many subsystem constructors, eliminates large per-subsystem
structures that caused many binary compatibility issues both for
monitoring applications (netstat) and kernel modules, removes the
per-function INIT_VNET_*() macros throughout the stack, eliminates the
need for vnet_symmap ksym(2) munging, and eliminates duplicate
definitions of virtualized globals under VIMAGE_GLOBALS.
Bump __FreeBSD_version and update UPDATING.
Portions submitted by: bz
Reviewed by: bz, zec
Discussed with: gnn, jamie, jeff, jhb, julian, sam
Suggested by: peter
Approved by: re (kensmith)
2009-07-14 22:48:30 +00:00
|
|
|
VNET_DECLARE(int, ip6_defhlim); /* default hop limit */
|
|
|
|
VNET_DECLARE(int, ip6_defmcasthlim); /* default multicast hop limit */
|
|
|
|
VNET_DECLARE(int, ip6_forwarding); /* act as router? */
|
|
|
|
VNET_DECLARE(int, ip6_use_deprecated); /* allow deprecated addr as source */
|
|
|
|
VNET_DECLARE(int, ip6_rr_prune); /* router renumbering prefix
|
1999-11-22 02:45:11 +00:00
|
|
|
* walk list every 5 sec. */
|
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator. Modify vnet to use the allocator
instead of monolithic global container structures (vinet, ...). This
change solves many binary compatibility problems associated with
VIMAGE, and restores ELF symbols for virtualized global variables.
Each virtualized global variable exists as a "reference copy", and also
once per virtual network stack. Virtualized global variables are
tagged at compile-time, placing the in a special linker set, which is
loaded into a contiguous region of kernel memory. Virtualized global
variables in the base kernel are linked as normal, but those in modules
are copied and relocated to a reserved portion of the kernel's vnet
region with the help of a the kernel linker.
Virtualized global variables exist in per-vnet memory set up when the
network stack instance is created, and are initialized statically from
the reference copy. Run-time access occurs via an accessor macro, which
converts from the current vnet and requested symbol to a per-vnet
address. When "options VIMAGE" is not compiled into the kernel, normal
global ELF symbols will be used instead and indirection is avoided.
This change restores static initialization for network stack global
variables, restores support for non-global symbols and types, eliminates
the need for many subsystem constructors, eliminates large per-subsystem
structures that caused many binary compatibility issues both for
monitoring applications (netstat) and kernel modules, removes the
per-function INIT_VNET_*() macros throughout the stack, eliminates the
need for vnet_symmap ksym(2) munging, and eliminates duplicate
definitions of virtualized globals under VIMAGE_GLOBALS.
Bump __FreeBSD_version and update UPDATING.
Portions submitted by: bz
Reviewed by: bz, zec
Discussed with: gnn, jamie, jeff, jhb, julian, sam
Suggested by: peter
Approved by: re (kensmith)
2009-07-14 22:48:30 +00:00
|
|
|
VNET_DECLARE(int, ip6_mcast_pmtu); /* enable pMTU discovery for multicast? */
|
|
|
|
VNET_DECLARE(int, ip6_v6only);
|
2010-04-29 11:52:42 +00:00
|
|
|
#define V_ip6_defhlim VNET(ip6_defhlim)
|
|
|
|
#define V_ip6_defmcasthlim VNET(ip6_defmcasthlim)
|
|
|
|
#define V_ip6_forwarding VNET(ip6_forwarding)
|
|
|
|
#define V_ip6_use_deprecated VNET(ip6_use_deprecated)
|
|
|
|
#define V_ip6_rr_prune VNET(ip6_rr_prune)
|
|
|
|
#define V_ip6_mcast_pmtu VNET(ip6_mcast_pmtu)
|
|
|
|
#define V_ip6_v6only VNET(ip6_v6only)
|
|
|
|
|
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator. Modify vnet to use the allocator
instead of monolithic global container structures (vinet, ...). This
change solves many binary compatibility problems associated with
VIMAGE, and restores ELF symbols for virtualized global variables.
Each virtualized global variable exists as a "reference copy", and also
once per virtual network stack. Virtualized global variables are
tagged at compile-time, placing the in a special linker set, which is
loaded into a contiguous region of kernel memory. Virtualized global
variables in the base kernel are linked as normal, but those in modules
are copied and relocated to a reserved portion of the kernel's vnet
region with the help of a the kernel linker.
Virtualized global variables exist in per-vnet memory set up when the
network stack instance is created, and are initialized statically from
the reference copy. Run-time access occurs via an accessor macro, which
converts from the current vnet and requested symbol to a per-vnet
address. When "options VIMAGE" is not compiled into the kernel, normal
global ELF symbols will be used instead and indirection is avoided.
This change restores static initialization for network stack global
variables, restores support for non-global symbols and types, eliminates
the need for many subsystem constructors, eliminates large per-subsystem
structures that caused many binary compatibility issues both for
monitoring applications (netstat) and kernel modules, removes the
per-function INIT_VNET_*() macros throughout the stack, eliminates the
need for vnet_symmap ksym(2) munging, and eliminates duplicate
definitions of virtualized globals under VIMAGE_GLOBALS.
Bump __FreeBSD_version and update UPDATING.
Portions submitted by: bz
Reviewed by: bz, zec
Discussed with: gnn, jamie, jeff, jhb, julian, sam
Suggested by: peter
Approved by: re (kensmith)
2009-07-14 22:48:30 +00:00
|
|
|
VNET_DECLARE(struct socket *, ip6_mrouter); /* multicast routing daemon */
|
|
|
|
VNET_DECLARE(int, ip6_sendredirects); /* send IP redirects when forwarding? */
|
|
|
|
VNET_DECLARE(int, ip6_maxfragpackets); /* Maximum packets in reassembly
|
|
|
|
* queue */
|
2018-08-14 17:24:26 +00:00
|
|
|
extern int ip6_maxfrags; /* Maximum fragments in reassembly
|
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator. Modify vnet to use the allocator
instead of monolithic global container structures (vinet, ...). This
change solves many binary compatibility problems associated with
VIMAGE, and restores ELF symbols for virtualized global variables.
Each virtualized global variable exists as a "reference copy", and also
once per virtual network stack. Virtualized global variables are
tagged at compile-time, placing the in a special linker set, which is
loaded into a contiguous region of kernel memory. Virtualized global
variables in the base kernel are linked as normal, but those in modules
are copied and relocated to a reserved portion of the kernel's vnet
region with the help of a the kernel linker.
Virtualized global variables exist in per-vnet memory set up when the
network stack instance is created, and are initialized statically from
the reference copy. Run-time access occurs via an accessor macro, which
converts from the current vnet and requested symbol to a per-vnet
address. When "options VIMAGE" is not compiled into the kernel, normal
global ELF symbols will be used instead and indirection is avoided.
This change restores static initialization for network stack global
variables, restores support for non-global symbols and types, eliminates
the need for many subsystem constructors, eliminates large per-subsystem
structures that caused many binary compatibility issues both for
monitoring applications (netstat) and kernel modules, removes the
per-function INIT_VNET_*() macros throughout the stack, eliminates the
need for vnet_symmap ksym(2) munging, and eliminates duplicate
definitions of virtualized globals under VIMAGE_GLOBALS.
Bump __FreeBSD_version and update UPDATING.
Portions submitted by: bz
Reviewed by: bz, zec
Discussed with: gnn, jamie, jeff, jhb, julian, sam
Suggested by: peter
Approved by: re (kensmith)
2009-07-14 22:48:30 +00:00
|
|
|
* queue */
|
2018-08-14 17:27:41 +00:00
|
|
|
VNET_DECLARE(int, ip6_maxfragbucketsize); /* Maximum reassembly queues per bucket */
|
2018-08-14 17:26:07 +00:00
|
|
|
VNET_DECLARE(int, ip6_maxfragsperpacket); /* Maximum fragments per packet */
|
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator. Modify vnet to use the allocator
instead of monolithic global container structures (vinet, ...). This
change solves many binary compatibility problems associated with
VIMAGE, and restores ELF symbols for virtualized global variables.
Each virtualized global variable exists as a "reference copy", and also
once per virtual network stack. Virtualized global variables are
tagged at compile-time, placing the in a special linker set, which is
loaded into a contiguous region of kernel memory. Virtualized global
variables in the base kernel are linked as normal, but those in modules
are copied and relocated to a reserved portion of the kernel's vnet
region with the help of a the kernel linker.
Virtualized global variables exist in per-vnet memory set up when the
network stack instance is created, and are initialized statically from
the reference copy. Run-time access occurs via an accessor macro, which
converts from the current vnet and requested symbol to a per-vnet
address. When "options VIMAGE" is not compiled into the kernel, normal
global ELF symbols will be used instead and indirection is avoided.
This change restores static initialization for network stack global
variables, restores support for non-global symbols and types, eliminates
the need for many subsystem constructors, eliminates large per-subsystem
structures that caused many binary compatibility issues both for
monitoring applications (netstat) and kernel modules, removes the
per-function INIT_VNET_*() macros throughout the stack, eliminates the
need for vnet_symmap ksym(2) munging, and eliminates duplicate
definitions of virtualized globals under VIMAGE_GLOBALS.
Bump __FreeBSD_version and update UPDATING.
Portions submitted by: bz
Reviewed by: bz, zec
Discussed with: gnn, jamie, jeff, jhb, julian, sam
Suggested by: peter
Approved by: re (kensmith)
2009-07-14 22:48:30 +00:00
|
|
|
VNET_DECLARE(int, ip6_accept_rtadv); /* Acts as a host not a router */
|
- Accept Router Advertisement messages even when net.inet6.ip6.forwarding=1.
- A new per-interface knob IFF_ND6_NO_RADR and sysctl IPV6CTL_NO_RADR.
This controls if accepting a route in an RA message as the default route.
The default value for each interface can be set by net.inet6.ip6.no_radr.
The system wide default value is 0.
- A new sysctl: net.inet6.ip6.norbit_raif. This controls if setting R-bit in
NA on RA accepting interfaces. The default is 0 (R-bit is set based on
net.inet6.ip6.forwarding).
Background:
IPv6 host/router model suggests a router sends an RA and a host accepts it for
router discovery. Because of that, KAME implementation does not allow
accepting RAs when net.inet6.ip6.forwarding=1. Accepting RAs on a router can
make the routing table confused since it can change the default router
unintentionally.
However, in practice there are cases where we cannot distinguish a host from
a router clearly. For example, a customer edge router often works as a host
against the ISP, and as a router against the LAN at the same time. Another
example is a complex network configurations like an L2TP tunnel for IPv6
connection to Internet over an Ethernet link with another native IPv6 subnet.
In this case, the physical interface for the native IPv6 subnet works as a
host, and the pseudo-interface for L2TP works as the default IP forwarding
route.
Problem:
Disabling processing RA messages when net.inet6.ip6.forwarding=1 and
accepting them when net.inet6.ip6.forward=0 cause the following practical
issues:
- A router cannot perform SLAAC. It becomes a problem if a box has
multiple interfaces and you want to use SLAAC on some of them, for
example. A customer edge router for IPv6 Internet access service
using an IPv6-over-IPv6 tunnel sometimes needs SLAAC on the
physical interface for administration purpose; updating firmware
and so on (link-local addresses can be used there, but GUAs by
SLAAC are often used for scalability).
- When a host has multiple IPv6 interfaces and it receives multiple RAs on
them, controlling the default route is difficult. Router preferences
defined in RFC 4191 works only when the routers on the links are
under your control.
Details of Implementation Changes:
Router Advertisement messages will be accepted even when
net.inet6.ip6.forwarding=1. More precisely, the conditions are as
follow:
(ACCEPT_RTADV && !NO_RADR && !ip6.forwarding)
=> Normal RA processing on that interface. (as IPv6 host)
(ACCEPT_RTADV && (NO_RADR || ip6.forwarding))
=> Accept RA but add the router to the defroute list with
rtlifetime=0 unconditionally. This effectively prevents
from setting the received router address as the box's
default route.
(!ACCEPT_RTADV)
=> No RA processing on that interface.
ACCEPT_RTADV and NO_RADR are per-interface knob. In short, all interface
are classified as "RA-accepting" or not. An RA-accepting interface always
processes RA messages regardless of ip6.forwarding. The difference caused by
NO_RADR or ip6.forwarding is whether the RA source address is considered as
the default router or not.
R-bit in NA on the RA accepting interfaces is set based on
net.inet6.ip6.forwarding. While RFC 6204 W-1 rule (for CPE case) suggests
a router should disable the R-bit completely even when the box has
net.inet6.ip6.forwarding=1, I believe there is no technical reason with
doing so. This behavior can be set by a new sysctl net.inet6.ip6.norbit_raif
(the default is 0).
Usage:
# ifconfig fxp0 inet6 accept_rtadv
=> accept RA on fxp0
# ifconfig fxp0 inet6 accept_rtadv no_radr
=> accept RA on fxp0 but ignore default route information in it.
# sysctl net.inet6.ip6.norbit_no_radr=1
=> R-bit in NAs on RA accepting interfaces will always be set to 0.
2011-06-06 02:14:23 +00:00
|
|
|
VNET_DECLARE(int, ip6_no_radr); /* No defroute from RA */
|
|
|
|
VNET_DECLARE(int, ip6_norbit_raif); /* Disable R-bit in NA on RA
|
|
|
|
* receiving IF. */
|
2011-09-13 00:06:11 +00:00
|
|
|
VNET_DECLARE(int, ip6_rfc6204w3); /* Accept defroute from RA even when
|
|
|
|
forwarding enabled */
|
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator. Modify vnet to use the allocator
instead of monolithic global container structures (vinet, ...). This
change solves many binary compatibility problems associated with
VIMAGE, and restores ELF symbols for virtualized global variables.
Each virtualized global variable exists as a "reference copy", and also
once per virtual network stack. Virtualized global variables are
tagged at compile-time, placing the in a special linker set, which is
loaded into a contiguous region of kernel memory. Virtualized global
variables in the base kernel are linked as normal, but those in modules
are copied and relocated to a reserved portion of the kernel's vnet
region with the help of a the kernel linker.
Virtualized global variables exist in per-vnet memory set up when the
network stack instance is created, and are initialized statically from
the reference copy. Run-time access occurs via an accessor macro, which
converts from the current vnet and requested symbol to a per-vnet
address. When "options VIMAGE" is not compiled into the kernel, normal
global ELF symbols will be used instead and indirection is avoided.
This change restores static initialization for network stack global
variables, restores support for non-global symbols and types, eliminates
the need for many subsystem constructors, eliminates large per-subsystem
structures that caused many binary compatibility issues both for
monitoring applications (netstat) and kernel modules, removes the
per-function INIT_VNET_*() macros throughout the stack, eliminates the
need for vnet_symmap ksym(2) munging, and eliminates duplicate
definitions of virtualized globals under VIMAGE_GLOBALS.
Bump __FreeBSD_version and update UPDATING.
Portions submitted by: bz
Reviewed by: bz, zec
Discussed with: gnn, jamie, jeff, jhb, julian, sam
Suggested by: peter
Approved by: re (kensmith)
2009-07-14 22:48:30 +00:00
|
|
|
VNET_DECLARE(int, ip6_log_interval);
|
|
|
|
VNET_DECLARE(time_t, ip6_log_time);
|
|
|
|
VNET_DECLARE(int, ip6_hdrnestlimit); /* upper limit of # of extension
|
|
|
|
* headers */
|
|
|
|
VNET_DECLARE(int, ip6_dad_count); /* DupAddrDetectionTransmits */
|
2009-07-16 21:13:04 +00:00
|
|
|
#define V_ip6_mrouter VNET(ip6_mrouter)
|
|
|
|
#define V_ip6_sendredirects VNET(ip6_sendredirects)
|
|
|
|
#define V_ip6_maxfragpackets VNET(ip6_maxfragpackets)
|
2018-08-14 17:27:41 +00:00
|
|
|
#define V_ip6_maxfragbucketsize VNET(ip6_maxfragbucketsize)
|
2018-08-14 17:26:07 +00:00
|
|
|
#define V_ip6_maxfragsperpacket VNET(ip6_maxfragsperpacket)
|
2009-07-16 21:13:04 +00:00
|
|
|
#define V_ip6_accept_rtadv VNET(ip6_accept_rtadv)
|
- Accept Router Advertisement messages even when net.inet6.ip6.forwarding=1.
- A new per-interface knob IFF_ND6_NO_RADR and sysctl IPV6CTL_NO_RADR.
This controls if accepting a route in an RA message as the default route.
The default value for each interface can be set by net.inet6.ip6.no_radr.
The system wide default value is 0.
- A new sysctl: net.inet6.ip6.norbit_raif. This controls if setting R-bit in
NA on RA accepting interfaces. The default is 0 (R-bit is set based on
net.inet6.ip6.forwarding).
Background:
IPv6 host/router model suggests a router sends an RA and a host accepts it for
router discovery. Because of that, KAME implementation does not allow
accepting RAs when net.inet6.ip6.forwarding=1. Accepting RAs on a router can
make the routing table confused since it can change the default router
unintentionally.
However, in practice there are cases where we cannot distinguish a host from
a router clearly. For example, a customer edge router often works as a host
against the ISP, and as a router against the LAN at the same time. Another
example is a complex network configurations like an L2TP tunnel for IPv6
connection to Internet over an Ethernet link with another native IPv6 subnet.
In this case, the physical interface for the native IPv6 subnet works as a
host, and the pseudo-interface for L2TP works as the default IP forwarding
route.
Problem:
Disabling processing RA messages when net.inet6.ip6.forwarding=1 and
accepting them when net.inet6.ip6.forward=0 cause the following practical
issues:
- A router cannot perform SLAAC. It becomes a problem if a box has
multiple interfaces and you want to use SLAAC on some of them, for
example. A customer edge router for IPv6 Internet access service
using an IPv6-over-IPv6 tunnel sometimes needs SLAAC on the
physical interface for administration purpose; updating firmware
and so on (link-local addresses can be used there, but GUAs by
SLAAC are often used for scalability).
- When a host has multiple IPv6 interfaces and it receives multiple RAs on
them, controlling the default route is difficult. Router preferences
defined in RFC 4191 works only when the routers on the links are
under your control.
Details of Implementation Changes:
Router Advertisement messages will be accepted even when
net.inet6.ip6.forwarding=1. More precisely, the conditions are as
follow:
(ACCEPT_RTADV && !NO_RADR && !ip6.forwarding)
=> Normal RA processing on that interface. (as IPv6 host)
(ACCEPT_RTADV && (NO_RADR || ip6.forwarding))
=> Accept RA but add the router to the defroute list with
rtlifetime=0 unconditionally. This effectively prevents
from setting the received router address as the box's
default route.
(!ACCEPT_RTADV)
=> No RA processing on that interface.
ACCEPT_RTADV and NO_RADR are per-interface knob. In short, all interface
are classified as "RA-accepting" or not. An RA-accepting interface always
processes RA messages regardless of ip6.forwarding. The difference caused by
NO_RADR or ip6.forwarding is whether the RA source address is considered as
the default router or not.
R-bit in NA on the RA accepting interfaces is set based on
net.inet6.ip6.forwarding. While RFC 6204 W-1 rule (for CPE case) suggests
a router should disable the R-bit completely even when the box has
net.inet6.ip6.forwarding=1, I believe there is no technical reason with
doing so. This behavior can be set by a new sysctl net.inet6.ip6.norbit_raif
(the default is 0).
Usage:
# ifconfig fxp0 inet6 accept_rtadv
=> accept RA on fxp0
# ifconfig fxp0 inet6 accept_rtadv no_radr
=> accept RA on fxp0 but ignore default route information in it.
# sysctl net.inet6.ip6.norbit_no_radr=1
=> R-bit in NAs on RA accepting interfaces will always be set to 0.
2011-06-06 02:14:23 +00:00
|
|
|
#define V_ip6_no_radr VNET(ip6_no_radr)
|
|
|
|
#define V_ip6_norbit_raif VNET(ip6_norbit_raif)
|
2011-09-13 00:06:11 +00:00
|
|
|
#define V_ip6_rfc6204w3 VNET(ip6_rfc6204w3)
|
2009-07-16 21:13:04 +00:00
|
|
|
#define V_ip6_log_interval VNET(ip6_log_interval)
|
|
|
|
#define V_ip6_log_time VNET(ip6_log_time)
|
|
|
|
#define V_ip6_hdrnestlimit VNET(ip6_hdrnestlimit)
|
|
|
|
#define V_ip6_dad_count VNET(ip6_dad_count)
|
2010-04-29 11:52:42 +00:00
|
|
|
|
|
|
|
VNET_DECLARE(int, ip6_auto_flowlabel);
|
|
|
|
VNET_DECLARE(int, ip6_auto_linklocal);
|
2009-07-16 21:13:04 +00:00
|
|
|
#define V_ip6_auto_flowlabel VNET(ip6_auto_flowlabel)
|
|
|
|
#define V_ip6_auto_linklocal VNET(ip6_auto_linklocal)
|
2010-04-29 11:52:42 +00:00
|
|
|
|
|
|
|
VNET_DECLARE(int, ip6_use_tempaddr); /* Whether to use temporary addresses */
|
|
|
|
VNET_DECLARE(int, ip6_prefer_tempaddr); /* Whether to prefer temporary
|
|
|
|
* addresses in the source address
|
|
|
|
* selection */
|
2009-07-16 21:13:04 +00:00
|
|
|
#define V_ip6_use_tempaddr VNET(ip6_use_tempaddr)
|
|
|
|
#define V_ip6_prefer_tempaddr VNET(ip6_prefer_tempaddr)
|
2010-04-29 11:52:42 +00:00
|
|
|
|
|
|
|
VNET_DECLARE(int, ip6_use_defzone); /* Whether to use the default scope
|
|
|
|
* zone when unspecified */
|
2009-07-16 21:13:04 +00:00
|
|
|
#define V_ip6_use_defzone VNET(ip6_use_defzone)
|
2005-07-25 12:31:43 +00:00
|
|
|
|
New pfil(9) KPI together with newborn pfil API and control utility.
The KPI have been reviewed and cleansed of features that were planned
back 20 years ago and never implemented. The pfil(9) internals have
been made opaque to protocols with only returned types and function
declarations exposed. The KPI is made more strict, but at the same time
more extensible, as kernel uses same command structures that userland
ioctl uses.
In nutshell [KA]PI is about declaring filtering points, declaring
filters and linking and unlinking them together.
New [KA]PI makes it possible to reconfigure pfil(9) configuration:
change order of hooks, rehook filter from one filtering point to a
different one, disconnect a hook on output leaving it on input only,
prepend/append a filter to existing list of filters.
Now it possible for a single packet filter to provide multiple rulesets
that may be linked to different points. Think of per-interface ACLs in
Cisco or Juniper. None of existing packet filters yet support that,
however limited usage is already possible, e.g. default ruleset can
be moved to single interface, as soon as interface would pride their
filtering points.
Another future feature is possiblity to create pfil heads, that provide
not an mbuf pointer but just a memory pointer with length. That would
allow filtering at very early stages of a packet lifecycle, e.g. when
packet has just been received by a NIC and no mbuf was yet allocated.
Differential Revision: https://reviews.freebsd.org/D18951
2019-01-31 23:01:03 +00:00
|
|
|
VNET_DECLARE(struct pfil_head *, inet6_pfil_head);
|
|
|
|
#define V_inet6_pfil_head VNET(inet6_pfil_head)
|
|
|
|
#define PFIL_INET6_NAME "inet6"
|
|
|
|
|
2010-04-29 11:52:42 +00:00
|
|
|
#ifdef IPSTEALTH
|
|
|
|
VNET_DECLARE(int, ip6stealth);
|
|
|
|
#define V_ip6stealth VNET(ip6stealth)
|
|
|
|
#endif
|
2003-09-23 17:54:04 +00:00
|
|
|
|
2019-03-06 23:31:42 +00:00
|
|
|
#ifdef EXPERIMENTAL
|
|
|
|
VNET_DECLARE(int, nd6_ignore_ipv6_only_ra);
|
|
|
|
#define V_nd6_ignore_ipv6_only_ra VNET(nd6_ignore_ipv6_only_ra)
|
|
|
|
#endif
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
extern struct pr_usrreqs rip6_usrreqs;
|
2000-07-04 16:35:15 +00:00
|
|
|
struct sockopt;
|
|
|
|
|
|
|
|
struct inpcb;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2012-10-22 21:49:56 +00:00
|
|
|
int icmp6_ctloutput(struct socket *, struct sockopt *sopt);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
struct in6_ifaddr;
|
2012-10-22 21:49:56 +00:00
|
|
|
void ip6_init(void);
|
2010-09-02 17:43:44 +00:00
|
|
|
int ip6proto_register(short);
|
|
|
|
int ip6proto_unregister(short);
|
|
|
|
|
2012-10-22 21:49:56 +00:00
|
|
|
void ip6_input(struct mbuf *);
|
2015-11-06 23:07:43 +00:00
|
|
|
void ip6_direct_input(struct mbuf *);
|
2012-10-22 21:49:56 +00:00
|
|
|
void ip6_freepcbopts(struct ip6_pktopts *);
|
Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit:
import from p4 bms_netdev. Summary of changes:
* Connect netinet6/in6_mcast.c to build.
The legacy KAME KPIs are mostly preserved.
* Eliminate now dead code from ip6_output.c.
Don't do mbuf bingo, we are not going to do RFC 2292 style
CMSG tricks for multicast options as they are not required
by any current IPv6 normative reference.
* Refactor transports (UDP, raw_ip6) to do own mcast filtering.
SCTP, TCP unaffected by this change.
* Add ip6_msource, in6_msource structs to in6_var.h.
* Hookup mld_ifinfo state to in6_ifextra, allocate from
domifattach path.
* Eliminate IN6_LOOKUP_MULTI(), it is no longer referenced.
Kernel consumers which need this should use in6m_lookup().
* Refactor IPv6 socket group memberships to use a vector (like IPv4).
* Update ifmcstat(8) for IPv6 SSM.
* Add witness lock order for IN6_MULTI_LOCK.
* Move IN6_MULTI_LOCK out of lower ip6_output()/ip6_input() paths.
* Introduce IP6STAT_ADD/SUB/INC/DEC as per rwatson's IPv4 cleanup.
* Update carp(4) for new IPv6 SSM KPIs.
* Virtualize ip6_mrouter socket.
Changes mostly localized to IPv6 MROUTING.
* Don't do a local group lookup in MROUTING.
* Kill unused KAME prototypes in6_purgemkludge(), in6_restoremkludge().
* Preserve KAME DAD timer jitter behaviour in MLDv1 compatibility mode.
* Bump __FreeBSD_version to 800084.
* Update UPDATING.
NOTE WELL:
* This code hasn't been tested against real MLDv2 queriers
(yet), although the on-wire protocol has been verified in Wireshark.
* There are a few unresolved issues in the socket layer APIs to
do with scope ID propagation.
* There is a LOR present in ip6_output()'s use of
in6_setscope() which needs to be resolved. See comments in mld6.c.
This is believed to be benign and can't be avoided for the moment
without re-introducing an indirect netisr.
This work was mostly derived from the IGMPv3 implementation, and
has been sponsored by a third party.
2009-04-29 19:19:13 +00:00
|
|
|
|
2012-10-22 21:49:56 +00:00
|
|
|
int ip6_unknown_opt(u_int8_t *, struct mbuf *, int);
|
2018-02-05 09:22:07 +00:00
|
|
|
int ip6_get_prevhdr(const struct mbuf *, int);
|
2015-08-29 07:14:29 +00:00
|
|
|
int ip6_nexthdr(const struct mbuf *, int, int, int *);
|
|
|
|
int ip6_lasthdr(const struct mbuf *, int, int, int *);
|
2001-06-11 12:39:29 +00:00
|
|
|
|
2007-02-24 11:38:47 +00:00
|
|
|
extern int (*ip6_mforward)(struct ip6_hdr *, struct ifnet *,
|
|
|
|
struct mbuf *);
|
|
|
|
|
2012-10-22 21:49:56 +00:00
|
|
|
int ip6_process_hopopts(struct mbuf *, u_int8_t *, int, u_int32_t *,
|
|
|
|
u_int32_t *);
|
2008-08-16 06:39:18 +00:00
|
|
|
struct mbuf **ip6_savecontrol_v4(struct inpcb *, struct mbuf *,
|
|
|
|
struct mbuf **, int *);
|
2012-10-22 21:49:56 +00:00
|
|
|
void ip6_savecontrol(struct inpcb *, struct mbuf *, struct mbuf **);
|
2015-03-04 11:20:01 +00:00
|
|
|
void ip6_notify_pmtu(struct inpcb *, struct sockaddr_in6 *, u_int32_t);
|
2012-10-22 21:49:56 +00:00
|
|
|
int ip6_sysctl(int *, u_int, void *, size_t *, void *, size_t);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2012-10-22 21:49:56 +00:00
|
|
|
void ip6_forward(struct mbuf *, int);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2016-03-01 00:17:14 +00:00
|
|
|
void ip6_mloopback(struct ifnet *, struct mbuf *);
|
2012-10-22 21:49:56 +00:00
|
|
|
int ip6_output(struct mbuf *, struct ip6_pktopts *,
|
2001-06-11 12:39:29 +00:00
|
|
|
struct route_in6 *,
|
|
|
|
int,
|
2002-10-16 01:54:46 +00:00
|
|
|
struct ip6_moptions *, struct ifnet **,
|
2012-10-22 21:49:56 +00:00
|
|
|
struct inpcb *);
|
|
|
|
int ip6_ctloutput(struct socket *, struct sockopt *);
|
|
|
|
int ip6_raw_ctloutput(struct socket *, struct sockopt *);
|
|
|
|
void ip6_initpktopts(struct ip6_pktopts *);
|
|
|
|
int ip6_setpktopts(struct mbuf *, struct ip6_pktopts *,
|
|
|
|
struct ip6_pktopts *, struct ucred *, int);
|
|
|
|
void ip6_clearpktopts(struct ip6_pktopts *, int);
|
|
|
|
struct ip6_pktopts *ip6_copypktopts(struct ip6_pktopts *, int);
|
|
|
|
int ip6_optlen(struct inpcb *);
|
2015-02-16 01:12:20 +00:00
|
|
|
int ip6_deletefraghdr(struct mbuf *, int, int);
|
2015-04-01 12:15:01 +00:00
|
|
|
int ip6_fragment(struct ifnet *, struct mbuf *, int, u_char, int,
|
|
|
|
uint32_t);
|
2012-10-22 21:49:56 +00:00
|
|
|
|
|
|
|
int route6_input(struct mbuf **, int *, int);
|
|
|
|
|
2018-08-14 17:27:41 +00:00
|
|
|
void frag6_set_bucketsize(void);
|
2012-10-22 21:49:56 +00:00
|
|
|
void frag6_init(void);
|
|
|
|
int frag6_input(struct mbuf **, int *, int);
|
|
|
|
void frag6_slowtimo(void);
|
|
|
|
void frag6_drain(void);
|
|
|
|
|
|
|
|
void rip6_init(void);
|
|
|
|
int rip6_input(struct mbuf **, int *, int);
|
|
|
|
void rip6_ctlinput(int, struct sockaddr *, void *);
|
|
|
|
int rip6_ctloutput(struct socket *, struct sockopt *);
|
2014-08-08 01:57:15 +00:00
|
|
|
int rip6_output(struct mbuf *, struct socket *, ...);
|
2012-10-22 21:49:56 +00:00
|
|
|
int rip6_usrreq(struct socket *,
|
|
|
|
int, struct mbuf *, struct mbuf *, struct mbuf *, struct thread *);
|
|
|
|
|
|
|
|
int dest6_input(struct mbuf **, int *, int);
|
|
|
|
int none_input(struct mbuf **, int *, int);
|
2003-10-01 15:13:29 +00:00
|
|
|
|
2016-01-10 13:40:29 +00:00
|
|
|
int in6_selectsrc_socket(struct sockaddr_in6 *, struct ip6_pktopts *,
|
|
|
|
struct inpcb *, struct ucred *, int, struct in6_addr *, int *);
|
|
|
|
int in6_selectsrc_addr(uint32_t, const struct in6_addr *,
|
|
|
|
uint32_t, struct ifnet *, struct in6_addr *, int *);
|
2012-10-22 21:49:56 +00:00
|
|
|
int in6_selectroute(struct sockaddr_in6 *, struct ip6_pktopts *,
|
2003-11-04 20:22:33 +00:00
|
|
|
struct ip6_moptions *, struct route_in6 *, struct ifnet **,
|
2012-10-22 21:49:56 +00:00
|
|
|
struct rtentry **);
|
2012-02-03 13:08:44 +00:00
|
|
|
int in6_selectroute_fib(struct sockaddr_in6 *, struct ip6_pktopts *,
|
|
|
|
struct ip6_moptions *, struct route_in6 *, struct ifnet **,
|
2012-02-24 20:06:04 +00:00
|
|
|
struct rtentry **, u_int);
|
2012-10-22 21:49:56 +00:00
|
|
|
u_int32_t ip6_randomid(void);
|
|
|
|
u_int32_t ip6_randomflowlabel(void);
|
2014-05-28 12:45:27 +00:00
|
|
|
void in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset);
|
1999-11-22 02:45:11 +00:00
|
|
|
#endif /* _KERNEL */
|
|
|
|
|
|
|
|
#endif /* !_NETINET6_IP6_VAR_H_ */
|