2005-01-07 02:30:35 +00:00
|
|
|
/*-
|
2017-11-20 19:43:44 +00:00
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
|
*
|
1999-11-22 02:45:11 +00:00
|
|
|
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
* 3. Neither the name of the project nor the names of its contributors
|
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
|
* without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
2007-12-10 16:03:40 +00:00
|
|
|
*
|
|
|
|
|
* $KAME: ip6_input.c,v 1.259 2002/01/21 04:58:09 jinmei Exp $
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
|
|
2005-01-07 02:30:35 +00:00
|
|
|
/*-
|
1999-11-22 02:45:11 +00:00
|
|
|
* Copyright (c) 1982, 1986, 1988, 1993
|
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2017-02-28 23:42:47 +00:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
1999-11-22 02:45:11 +00:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
|
* without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*
|
|
|
|
|
* @(#)ip_input.c 8.2 (Berkeley) 1/4/94
|
|
|
|
|
*/
|
|
|
|
|
|
2007-12-10 16:03:40 +00:00
|
|
|
#include <sys/cdefs.h>
|
|
|
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
#include "opt_inet.h"
|
|
|
|
|
#include "opt_inet6.h"
|
|
|
|
|
#include "opt_ipsec.h"
|
2010-05-09 20:32:00 +00:00
|
|
|
#include "opt_route.h"
|
2015-08-29 07:14:29 +00:00
|
|
|
#include "opt_rss.h"
|
2022-08-17 18:50:31 +00:00
|
|
|
#include "opt_sctp.h"
|
1999-12-22 19:13:38 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <sys/param.h>
|
|
|
|
|
#include <sys/systm.h>
|
2015-11-25 07:31:59 +00:00
|
|
|
#include <sys/hhook.h>
|
2001-06-11 12:39:29 +00:00
|
|
|
#include <sys/malloc.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <sys/mbuf.h>
|
2001-09-12 08:38:13 +00:00
|
|
|
#include <sys/proc.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <sys/domain.h>
|
|
|
|
|
#include <sys/protosw.h>
|
2013-08-25 21:54:41 +00:00
|
|
|
#include <sys/sdt.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#include <sys/socketvar.h>
|
|
|
|
|
#include <sys/errno.h>
|
|
|
|
|
#include <sys/time.h>
|
|
|
|
|
#include <sys/kernel.h>
|
2015-07-29 08:12:05 +00:00
|
|
|
#include <sys/lock.h>
|
|
|
|
|
#include <sys/rmlock.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <sys/syslog.h>
|
2016-07-15 17:09:30 +00:00
|
|
|
#include <sys/sysctl.h>
|
2022-08-17 21:54:46 +00:00
|
|
|
#include <sys/eventhandler.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
|
#include <net/if.h>
|
2013-10-26 17:58:36 +00:00
|
|
|
#include <net/if_var.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <net/if_types.h>
|
2023-03-06 21:29:24 +00:00
|
|
|
#include <net/if_private.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <net/if_dl.h>
|
|
|
|
|
#include <net/route.h>
|
|
|
|
|
#include <net/netisr.h>
|
2015-09-06 20:57:57 +00:00
|
|
|
#include <net/rss_config.h>
|
2000-07-31 13:11:42 +00:00
|
|
|
#include <net/pfil.h>
|
2008-12-02 21:37:28 +00:00
|
|
|
#include <net/vnet.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
|
#include <netinet/in.h>
|
2013-08-25 21:54:41 +00:00
|
|
|
#include <netinet/in_kdtrace.h>
|
2011-08-20 17:05:11 +00:00
|
|
|
#include <netinet/ip_var.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <netinet/in_systm.h>
|
This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
|
|
|
#include <net/if_llatbl.h>
|
2000-07-04 16:35:15 +00:00
|
|
|
#ifdef INET
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <netinet/ip.h>
|
|
|
|
|
#include <netinet/ip_icmp.h>
|
2002-04-19 04:46:24 +00:00
|
|
|
#endif /* INET */
|
2000-07-04 16:35:15 +00:00
|
|
|
#include <netinet/ip6.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <netinet6/in6_var.h>
|
|
|
|
|
#include <netinet6/ip6_var.h>
|
2022-08-17 18:50:31 +00:00
|
|
|
#include <netinet/ip_encap.h>
|
2000-07-04 16:35:15 +00:00
|
|
|
#include <netinet/in_pcb.h>
|
|
|
|
|
#include <netinet/icmp6.h>
|
2003-10-17 15:46:31 +00:00
|
|
|
#include <netinet6/scope6_var.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <netinet6/in6_ifattach.h>
|
Get closer to a VIMAGE network stack teardown from top to bottom rather
than removing the network interfaces first. This change is rather larger
and convoluted as the ordering requirements cannot be separated.
Move the pfil(9) framework to SI_SUB_PROTO_PFIL, move Firewalls and
related modules to their own SI_SUB_PROTO_FIREWALL.
Move initialization of "physical" interfaces to SI_SUB_DRIVERS,
move virtual (cloned) interfaces to SI_SUB_PSEUDO.
Move Multicast to SI_SUB_PROTO_MC.
Re-work parts of multicast initialisation and teardown, not taking the
huge amount of memory into account if used as a module yet.
For interface teardown we try to do as many of them as we can on
SI_SUB_INIT_IF, but for some this makes no sense, e.g., when tunnelling
over a higher layer protocol such as IP. In that case the interface
has to go along (or before) the higher layer protocol is shutdown.
Kernel hhooks need to go last on teardown as they may be used at various
higher layers and we cannot remove them before we cleaned up the higher
layers.
For interface teardown there are multiple paths:
(a) a cloned interface is destroyed (inside a VIMAGE or in the base system),
(b) any interface is moved from a virtual network stack to a different
network stack ("vmove"), or (c) a virtual network stack is being shut down.
All code paths go through if_detach_internal() where we, depending on the
vmove flag or the vnet state, make a decision on how much to shut down;
in case we are destroying a VNET the individual protocol layers will
cleanup their own parts thus we cannot do so again for each interface as
we end up with, e.g., double-frees, destroying locks twice or acquiring
already destroyed locks.
When calling into protocol cleanups we equally have to tell them
whether they need to detach upper layer protocols ("ulp") or not
(e.g., in6_ifdetach()).
Provide or enahnce helper functions to do proper cleanup at a protocol
rather than at an interface level.
Approved by: re (hrs)
Obtained from: projects/vnet
Reviewed by: gnn, jhb
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D6747
2016-06-21 13:48:49 +00:00
|
|
|
#include <netinet6/mld6_var.h>
|
1999-11-22 02:45:11 +00:00
|
|
|
#include <netinet6/nd6.h>
|
2015-08-29 07:14:29 +00:00
|
|
|
#include <netinet6/in6_rss.h>
|
2022-08-17 18:50:31 +00:00
|
|
|
#ifdef SCTP
|
|
|
|
|
#include <netinet/sctp_pcb.h>
|
|
|
|
|
#include <netinet6/sctp6_var.h>
|
|
|
|
|
#endif
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2017-02-06 08:49:57 +00:00
|
|
|
#include <netipsec/ipsec_support.h>
|
2002-10-16 02:25:05 +00:00
|
|
|
|
2022-10-04 03:53:04 +00:00
|
|
|
ip6proto_input_t *ip6_protox[IPPROTO_MAX] = {
|
2022-08-17 18:50:31 +00:00
|
|
|
[0 ... IPPROTO_MAX - 1] = rip6_input };
|
2022-10-04 03:53:04 +00:00
|
|
|
ip6proto_ctlinput_t *ip6_ctlprotox[IPPROTO_MAX] = {
|
2022-08-17 18:50:31 +00:00
|
|
|
[0 ... IPPROTO_MAX - 1] = rip6_ctlinput };
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2010-04-29 11:52:42 +00:00
|
|
|
VNET_DEFINE(struct in6_ifaddrhead, in6_ifaddrhead);
|
2012-12-15 20:04:24 +00:00
|
|
|
VNET_DEFINE(struct in6_ifaddrlisthead *, in6_ifaddrhashtbl);
|
|
|
|
|
VNET_DEFINE(u_long, in6_ifaddrhmask);
|
Reimplement the netisr framework in order to support parallel netisr
threads:
- Support up to one netisr thread per CPU, each processings its own
workstream, or set of per-protocol queues. Threads may be bound
to specific CPUs, or allowed to migrate, based on a global policy.
In the future it would be desirable to support topology-centric
policies, such as "one netisr per package".
- Allow each protocol to advertise an ordering policy, which can
currently be one of:
NETISR_POLICY_SOURCE: packets must maintain ordering with respect to
an implicit or explicit source (such as an interface or socket).
NETISR_POLICY_FLOW: make use of mbuf flow identifiers to place work,
as well as allowing protocols to provide a flow generation function
for mbufs without flow identifers (m2flow). Falls back on
NETISR_POLICY_SOURCE if now flow ID is available.
NETISR_POLICY_CPU: allow protocols to inspect and assign a CPU for
each packet handled by netisr (m2cpuid).
- Provide utility functions for querying the number of workstreams
being used, as well as a mapping function from workstream to CPU ID,
which protocols may use in work placement decisions.
- Add explicit interfaces to get and set per-protocol queue limits, and
get and clear drop counters, which query data or apply changes across
all workstreams.
- Add a more extensible netisr registration interface, in which
protocols declare 'struct netisr_handler' structures for each
registered NETISR_ type. These include name, handler function,
optional mbuf to flow ID function, optional mbuf to CPU ID function,
queue limit, and ordering policy. Padding is present to allow these
to be expanded in the future. If no queue limit is declared, then
a default is used.
- Queue limits are now per-workstream, and raised from the previous
IFQ_MAXLEN default of 50 to 256.
- All protocols are updated to use the new registration interface, and
with the exception of netnatm, default queue limits. Most protocols
register as NETISR_POLICY_SOURCE, except IPv4 and IPv6, which use
NETISR_POLICY_FLOW, and will therefore take advantage of driver-
generated flow IDs if present.
- Formalize a non-packet based interface between interface polling and
the netisr, rather than having polling pretend to be two protocols.
Provide two explicit hooks in the netisr worker for start and end
events for runs: netisr_poll() and netisr_pollmore(), as well as a
function, netisr_sched_poll(), to allow the polling code to schedule
netisr execution. DEVICE_POLLING still embeds single-netisr
assumptions in its implementation, so for now if it is compiled into
the kernel, a single and un-bound netisr thread is enforced
regardless of tunable configuration.
In the default configuration, the new netisr implementation maintains
the same basic assumptions as the previous implementation: a single,
un-bound worker thread processes all deferred work, and direct dispatch
is enabled by default wherever possible.
Performance measurement shows a marginal performance improvement over
the old implementation due to the use of batched dequeue.
An rmlock is used to synchronize use and registration/unregistration
using the framework; currently, synchronized use is disabled
(replicating current netisr policy) due to a measurable 3%-6% hit in
ping-pong micro-benchmarking. It will be enabled once further rmlock
optimization has taken place. However, in practice, netisrs are
rarely registered or unregistered at runtime.
A new man page for netisr will follow, but since one doesn't currently
exist, it hasn't been updated.
This change is not appropriate for MFC, although the polling shutdown
handler should be merged to 7-STABLE.
Bump __FreeBSD_version.
Reviewed by: bz
2009-06-01 10:41:38 +00:00
|
|
|
|
|
|
|
|
static struct netisr_handler ip6_nh = {
|
|
|
|
|
.nh_name = "ip6",
|
|
|
|
|
.nh_handler = ip6_input,
|
|
|
|
|
.nh_proto = NETISR_IPV6,
|
2015-08-29 07:14:29 +00:00
|
|
|
#ifdef RSS
|
|
|
|
|
.nh_m2cpuid = rss_soft_m2cpuid_v6,
|
|
|
|
|
.nh_policy = NETISR_POLICY_CPU,
|
|
|
|
|
.nh_dispatch = NETISR_DISPATCH_HYBRID,
|
|
|
|
|
#else
|
Reimplement the netisr framework in order to support parallel netisr
threads:
- Support up to one netisr thread per CPU, each processings its own
workstream, or set of per-protocol queues. Threads may be bound
to specific CPUs, or allowed to migrate, based on a global policy.
In the future it would be desirable to support topology-centric
policies, such as "one netisr per package".
- Allow each protocol to advertise an ordering policy, which can
currently be one of:
NETISR_POLICY_SOURCE: packets must maintain ordering with respect to
an implicit or explicit source (such as an interface or socket).
NETISR_POLICY_FLOW: make use of mbuf flow identifiers to place work,
as well as allowing protocols to provide a flow generation function
for mbufs without flow identifers (m2flow). Falls back on
NETISR_POLICY_SOURCE if now flow ID is available.
NETISR_POLICY_CPU: allow protocols to inspect and assign a CPU for
each packet handled by netisr (m2cpuid).
- Provide utility functions for querying the number of workstreams
being used, as well as a mapping function from workstream to CPU ID,
which protocols may use in work placement decisions.
- Add explicit interfaces to get and set per-protocol queue limits, and
get and clear drop counters, which query data or apply changes across
all workstreams.
- Add a more extensible netisr registration interface, in which
protocols declare 'struct netisr_handler' structures for each
registered NETISR_ type. These include name, handler function,
optional mbuf to flow ID function, optional mbuf to CPU ID function,
queue limit, and ordering policy. Padding is present to allow these
to be expanded in the future. If no queue limit is declared, then
a default is used.
- Queue limits are now per-workstream, and raised from the previous
IFQ_MAXLEN default of 50 to 256.
- All protocols are updated to use the new registration interface, and
with the exception of netnatm, default queue limits. Most protocols
register as NETISR_POLICY_SOURCE, except IPv4 and IPv6, which use
NETISR_POLICY_FLOW, and will therefore take advantage of driver-
generated flow IDs if present.
- Formalize a non-packet based interface between interface polling and
the netisr, rather than having polling pretend to be two protocols.
Provide two explicit hooks in the netisr worker for start and end
events for runs: netisr_poll() and netisr_pollmore(), as well as a
function, netisr_sched_poll(), to allow the polling code to schedule
netisr execution. DEVICE_POLLING still embeds single-netisr
assumptions in its implementation, so for now if it is compiled into
the kernel, a single and un-bound netisr thread is enforced
regardless of tunable configuration.
In the default configuration, the new netisr implementation maintains
the same basic assumptions as the previous implementation: a single,
un-bound worker thread processes all deferred work, and direct dispatch
is enabled by default wherever possible.
Performance measurement shows a marginal performance improvement over
the old implementation due to the use of batched dequeue.
An rmlock is used to synchronize use and registration/unregistration
using the framework; currently, synchronized use is disabled
(replicating current netisr policy) due to a measurable 3%-6% hit in
ping-pong micro-benchmarking. It will be enabled once further rmlock
optimization has taken place. However, in practice, netisrs are
rarely registered or unregistered at runtime.
A new man page for netisr will follow, but since one doesn't currently
exist, it hasn't been updated.
This change is not appropriate for MFC, although the polling shutdown
handler should be merged to 7-STABLE.
Bump __FreeBSD_version.
Reviewed by: bz
2009-06-01 10:41:38 +00:00
|
|
|
.nh_policy = NETISR_POLICY_FLOW,
|
2015-08-29 07:14:29 +00:00
|
|
|
#endif
|
Reimplement the netisr framework in order to support parallel netisr
threads:
- Support up to one netisr thread per CPU, each processings its own
workstream, or set of per-protocol queues. Threads may be bound
to specific CPUs, or allowed to migrate, based on a global policy.
In the future it would be desirable to support topology-centric
policies, such as "one netisr per package".
- Allow each protocol to advertise an ordering policy, which can
currently be one of:
NETISR_POLICY_SOURCE: packets must maintain ordering with respect to
an implicit or explicit source (such as an interface or socket).
NETISR_POLICY_FLOW: make use of mbuf flow identifiers to place work,
as well as allowing protocols to provide a flow generation function
for mbufs without flow identifers (m2flow). Falls back on
NETISR_POLICY_SOURCE if now flow ID is available.
NETISR_POLICY_CPU: allow protocols to inspect and assign a CPU for
each packet handled by netisr (m2cpuid).
- Provide utility functions for querying the number of workstreams
being used, as well as a mapping function from workstream to CPU ID,
which protocols may use in work placement decisions.
- Add explicit interfaces to get and set per-protocol queue limits, and
get and clear drop counters, which query data or apply changes across
all workstreams.
- Add a more extensible netisr registration interface, in which
protocols declare 'struct netisr_handler' structures for each
registered NETISR_ type. These include name, handler function,
optional mbuf to flow ID function, optional mbuf to CPU ID function,
queue limit, and ordering policy. Padding is present to allow these
to be expanded in the future. If no queue limit is declared, then
a default is used.
- Queue limits are now per-workstream, and raised from the previous
IFQ_MAXLEN default of 50 to 256.
- All protocols are updated to use the new registration interface, and
with the exception of netnatm, default queue limits. Most protocols
register as NETISR_POLICY_SOURCE, except IPv4 and IPv6, which use
NETISR_POLICY_FLOW, and will therefore take advantage of driver-
generated flow IDs if present.
- Formalize a non-packet based interface between interface polling and
the netisr, rather than having polling pretend to be two protocols.
Provide two explicit hooks in the netisr worker for start and end
events for runs: netisr_poll() and netisr_pollmore(), as well as a
function, netisr_sched_poll(), to allow the polling code to schedule
netisr execution. DEVICE_POLLING still embeds single-netisr
assumptions in its implementation, so for now if it is compiled into
the kernel, a single and un-bound netisr thread is enforced
regardless of tunable configuration.
In the default configuration, the new netisr implementation maintains
the same basic assumptions as the previous implementation: a single,
un-bound worker thread processes all deferred work, and direct dispatch
is enabled by default wherever possible.
Performance measurement shows a marginal performance improvement over
the old implementation due to the use of batched dequeue.
An rmlock is used to synchronize use and registration/unregistration
using the framework; currently, synchronized use is disabled
(replicating current netisr policy) due to a measurable 3%-6% hit in
ping-pong micro-benchmarking. It will be enabled once further rmlock
optimization has taken place. However, in practice, netisrs are
rarely registered or unregistered at runtime.
A new man page for netisr will follow, but since one doesn't currently
exist, it hasn't been updated.
This change is not appropriate for MFC, although the polling shutdown
handler should be merged to 7-STABLE.
Bump __FreeBSD_version.
Reviewed by: bz
2009-06-01 10:41:38 +00:00
|
|
|
};
|
2008-11-19 09:39:34 +00:00
|
|
|
|
2016-07-15 17:09:30 +00:00
|
|
|
static int
|
|
|
|
|
sysctl_netinet6_intr_queue_maxlen(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
|
|
|
|
int error, qlimit;
|
|
|
|
|
|
|
|
|
|
netisr_getqlimit(&ip6_nh, &qlimit);
|
|
|
|
|
error = sysctl_handle_int(oidp, &qlimit, 0, req);
|
|
|
|
|
if (error || !req->newptr)
|
|
|
|
|
return (error);
|
|
|
|
|
if (qlimit < 1)
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
return (netisr_setqlimit(&ip6_nh, qlimit));
|
|
|
|
|
}
|
|
|
|
|
SYSCTL_DECL(_net_inet6_ip6);
|
|
|
|
|
SYSCTL_PROC(_net_inet6_ip6, IPV6CTL_INTRQMAXLEN, intr_queue_maxlen,
|
2020-02-26 14:26:36 +00:00
|
|
|
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
|
|
|
|
0, 0, sysctl_netinet6_intr_queue_maxlen, "I",
|
2016-07-15 17:09:30 +00:00
|
|
|
"Maximum size of the IPv6 input queue");
|
|
|
|
|
|
2021-11-12 17:01:13 +00:00
|
|
|
VNET_DEFINE_STATIC(bool, ip6_sav) = true;
|
|
|
|
|
#define V_ip6_sav VNET(ip6_sav)
|
|
|
|
|
SYSCTL_BOOL(_net_inet6_ip6, OID_AUTO, source_address_validation,
|
|
|
|
|
CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(ip6_sav), true,
|
|
|
|
|
"Drop incoming packets with source address that is a local address");
|
|
|
|
|
|
2015-11-06 23:07:43 +00:00
|
|
|
#ifdef RSS
|
|
|
|
|
static struct netisr_handler ip6_direct_nh = {
|
|
|
|
|
.nh_name = "ip6_direct",
|
|
|
|
|
.nh_handler = ip6_direct_input,
|
|
|
|
|
.nh_proto = NETISR_IPV6_DIRECT,
|
|
|
|
|
.nh_m2cpuid = rss_soft_m2cpuid_v6,
|
|
|
|
|
.nh_policy = NETISR_POLICY_CPU,
|
|
|
|
|
.nh_dispatch = NETISR_DISPATCH_HYBRID,
|
|
|
|
|
};
|
2016-07-15 17:09:30 +00:00
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
sysctl_netinet6_intr_direct_queue_maxlen(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
|
|
|
|
int error, qlimit;
|
|
|
|
|
|
|
|
|
|
netisr_getqlimit(&ip6_direct_nh, &qlimit);
|
|
|
|
|
error = sysctl_handle_int(oidp, &qlimit, 0, req);
|
|
|
|
|
if (error || !req->newptr)
|
|
|
|
|
return (error);
|
|
|
|
|
if (qlimit < 1)
|
|
|
|
|
return (EINVAL);
|
|
|
|
|
return (netisr_setqlimit(&ip6_direct_nh, qlimit));
|
|
|
|
|
}
|
|
|
|
|
SYSCTL_PROC(_net_inet6_ip6, IPV6CTL_INTRDQMAXLEN, intr_direct_queue_maxlen,
|
2020-02-26 14:26:36 +00:00
|
|
|
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
|
|
|
|
0, 0, sysctl_netinet6_intr_direct_queue_maxlen, "I",
|
|
|
|
|
"Maximum size of the IPv6 direct input queue");
|
2016-07-15 17:09:30 +00:00
|
|
|
|
2015-11-06 23:07:43 +00:00
|
|
|
#endif
|
|
|
|
|
|
New pfil(9) KPI together with newborn pfil API and control utility.
The KPI have been reviewed and cleansed of features that were planned
back 20 years ago and never implemented. The pfil(9) internals have
been made opaque to protocols with only returned types and function
declarations exposed. The KPI is made more strict, but at the same time
more extensible, as kernel uses same command structures that userland
ioctl uses.
In nutshell [KA]PI is about declaring filtering points, declaring
filters and linking and unlinking them together.
New [KA]PI makes it possible to reconfigure pfil(9) configuration:
change order of hooks, rehook filter from one filtering point to a
different one, disconnect a hook on output leaving it on input only,
prepend/append a filter to existing list of filters.
Now it possible for a single packet filter to provide multiple rulesets
that may be linked to different points. Think of per-interface ACLs in
Cisco or Juniper. None of existing packet filters yet support that,
however limited usage is already possible, e.g. default ruleset can
be moved to single interface, as soon as interface would pride their
filtering points.
Another future feature is possiblity to create pfil heads, that provide
not an mbuf pointer but just a memory pointer with length. That would
allow filtering at very early stages of a packet lifecycle, e.g. when
packet has just been received by a NIC and no mbuf was yet allocated.
Differential Revision: https://reviews.freebsd.org/D18951
2019-01-31 23:01:03 +00:00
|
|
|
VNET_DEFINE(pfil_head_t, inet6_pfil_head);
|
2010-04-29 11:52:42 +00:00
|
|
|
|
2013-07-09 09:54:54 +00:00
|
|
|
VNET_PCPUSTAT_DEFINE(struct ip6stat, ip6stat);
|
|
|
|
|
VNET_PCPUSTAT_SYSINIT(ip6stat);
|
|
|
|
|
#ifdef VIMAGE
|
|
|
|
|
VNET_PCPUSTAT_SYSUNINIT(ip6stat);
|
|
|
|
|
#endif /* VIMAGE */
|
2001-06-11 12:39:29 +00:00
|
|
|
|
2015-07-29 08:12:05 +00:00
|
|
|
struct rmlock in6_ifaddr_lock;
|
|
|
|
|
RM_SYSINIT(in6_ifaddr_lock, &in6_ifaddr_lock, "in6_ifaddr_lock");
|
2009-06-25 16:35:28 +00:00
|
|
|
|
2008-01-08 19:08:58 +00:00
|
|
|
static int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* IP6 initialization: fill in IP6 protocol switch table.
|
|
|
|
|
* All protocols not implemented in kernel go to raw IP6 protocol handler.
|
|
|
|
|
*/
|
2022-01-03 18:15:21 +00:00
|
|
|
static void
|
|
|
|
|
ip6_vnet_init(void *arg __unused)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
New pfil(9) KPI together with newborn pfil API and control utility.
The KPI have been reviewed and cleansed of features that were planned
back 20 years ago and never implemented. The pfil(9) internals have
been made opaque to protocols with only returned types and function
declarations exposed. The KPI is made more strict, but at the same time
more extensible, as kernel uses same command structures that userland
ioctl uses.
In nutshell [KA]PI is about declaring filtering points, declaring
filters and linking and unlinking them together.
New [KA]PI makes it possible to reconfigure pfil(9) configuration:
change order of hooks, rehook filter from one filtering point to a
different one, disconnect a hook on output leaving it on input only,
prepend/append a filter to existing list of filters.
Now it possible for a single packet filter to provide multiple rulesets
that may be linked to different points. Think of per-interface ACLs in
Cisco or Juniper. None of existing packet filters yet support that,
however limited usage is already possible, e.g. default ruleset can
be moved to single interface, as soon as interface would pride their
filtering points.
Another future feature is possiblity to create pfil heads, that provide
not an mbuf pointer but just a memory pointer with length. That would
allow filtering at very early stages of a packet lifecycle, e.g. when
packet has just been received by a NIC and no mbuf was yet allocated.
Differential Revision: https://reviews.freebsd.org/D18951
2019-01-31 23:01:03 +00:00
|
|
|
struct pfil_head_args args;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
Conditionally compile out V_ globals while instantiating the appropriate
container structures, depending on VIMAGE_GLOBALS compile time option.
Make VIMAGE_GLOBALS a new compile-time option, which by default will not
be defined, resulting in instatiations of global variables selected for
V_irtualization (enclosed in #ifdef VIMAGE_GLOBALS blocks) to be
effectively compiled out. Instantiate new global container structures
to hold V_irtualized variables: vnet_net_0, vnet_inet_0, vnet_inet6_0,
vnet_ipsec_0, vnet_netgraph_0, and vnet_gif_0.
Update the VSYM() macro so that depending on VIMAGE_GLOBALS the V_
macros resolve either to the original globals, or to fields inside
container structures, i.e. effectively
#ifdef VIMAGE_GLOBALS
#define V_rt_tables rt_tables
#else
#define V_rt_tables vnet_net_0._rt_tables
#endif
Update SYSCTL_V_*() macros to operate either on globals or on fields
inside container structs.
Extend the internal kldsym() lookups with the ability to resolve
selected fields inside the virtualization container structs. This
applies only to the fields which are explicitly registered for kldsym()
visibility via VNET_MOD_DECLARE() and vnet_mod_register(), currently
this is done only in sys/net/if.c.
Fix a few broken instances of MODULE_GLOBAL() macro use in SCTP code,
and modify the MODULE_GLOBAL() macro to resolve to V_ macros, which in
turn result in proper code being generated depending on VIMAGE_GLOBALS.
De-virtualize local static variables in sys/contrib/pf/net/pf_subr.c
which were prematurely V_irtualized by automated V_ prepending scripts
during earlier merging steps. PF virtualization will be done
separately, most probably after next PF import.
Convert a few variable initializations at instantiation to
initialization in init functions, most notably in ipfw. Also convert
TUNABLE_INT() initializers for V_ variables to TUNABLE_FETCH_INT() in
initializer functions.
Discussed at: devsummit Strassburg
Reviewed by: bz, julian
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation
2008-12-10 23:12:39 +00:00
|
|
|
TUNABLE_INT_FETCH("net.inet6.ip6.auto_linklocal",
|
|
|
|
|
&V_ip6_auto_linklocal);
|
2012-03-02 07:23:28 +00:00
|
|
|
TUNABLE_INT_FETCH("net.inet6.ip6.accept_rtadv", &V_ip6_accept_rtadv);
|
|
|
|
|
TUNABLE_INT_FETCH("net.inet6.ip6.no_radr", &V_ip6_no_radr);
|
2008-11-19 09:39:34 +00:00
|
|
|
|
2018-05-18 20:13:34 +00:00
|
|
|
CK_STAILQ_INIT(&V_in6_ifaddrhead);
|
2012-12-15 20:04:24 +00:00
|
|
|
V_in6_ifaddrhashtbl = hashinit(IN6ADDR_NHASH, M_IFADDR,
|
|
|
|
|
&V_in6_ifaddrhmask);
|
2009-06-24 21:00:25 +00:00
|
|
|
|
2009-10-11 05:59:43 +00:00
|
|
|
/* Initialize packet filter hooks. */
|
New pfil(9) KPI together with newborn pfil API and control utility.
The KPI have been reviewed and cleansed of features that were planned
back 20 years ago and never implemented. The pfil(9) internals have
been made opaque to protocols with only returned types and function
declarations exposed. The KPI is made more strict, but at the same time
more extensible, as kernel uses same command structures that userland
ioctl uses.
In nutshell [KA]PI is about declaring filtering points, declaring
filters and linking and unlinking them together.
New [KA]PI makes it possible to reconfigure pfil(9) configuration:
change order of hooks, rehook filter from one filtering point to a
different one, disconnect a hook on output leaving it on input only,
prepend/append a filter to existing list of filters.
Now it possible for a single packet filter to provide multiple rulesets
that may be linked to different points. Think of per-interface ACLs in
Cisco or Juniper. None of existing packet filters yet support that,
however limited usage is already possible, e.g. default ruleset can
be moved to single interface, as soon as interface would pride their
filtering points.
Another future feature is possiblity to create pfil heads, that provide
not an mbuf pointer but just a memory pointer with length. That would
allow filtering at very early stages of a packet lifecycle, e.g. when
packet has just been received by a NIC and no mbuf was yet allocated.
Differential Revision: https://reviews.freebsd.org/D18951
2019-01-31 23:01:03 +00:00
|
|
|
args.pa_version = PFIL_VERSION;
|
|
|
|
|
args.pa_flags = PFIL_IN | PFIL_OUT;
|
|
|
|
|
args.pa_type = PFIL_TYPE_IP6;
|
|
|
|
|
args.pa_headname = PFIL_INET6_NAME;
|
|
|
|
|
V_inet6_pfil_head = pfil_head_register(&args);
|
2009-10-11 05:59:43 +00:00
|
|
|
|
2015-11-25 07:31:59 +00:00
|
|
|
if (hhook_head_register(HHOOK_TYPE_IPSEC_IN, AF_INET6,
|
|
|
|
|
&V_ipsec_hhh_in[HHOOK_IPSEC_INET6],
|
|
|
|
|
HHOOK_WAITOK | HHOOK_HEADISINVNET) != 0)
|
|
|
|
|
printf("%s: WARNING: unable to register input helper hook\n",
|
|
|
|
|
__func__);
|
|
|
|
|
if (hhook_head_register(HHOOK_TYPE_IPSEC_OUT, AF_INET6,
|
|
|
|
|
&V_ipsec_hhh_out[HHOOK_IPSEC_INET6],
|
|
|
|
|
HHOOK_WAITOK | HHOOK_HEADISINVNET) != 0)
|
|
|
|
|
printf("%s: WARNING: unable to register output helper hook\n",
|
|
|
|
|
__func__);
|
|
|
|
|
|
2010-04-29 11:52:42 +00:00
|
|
|
scope6_init();
|
|
|
|
|
addrsel_policy_init();
|
|
|
|
|
nd6_init();
|
|
|
|
|
frag6_init();
|
|
|
|
|
|
|
|
|
|
V_ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR;
|
|
|
|
|
|
First pass at separating per-vnet initializer functions
from existing functions for initializing global state.
At this stage, the new per-vnet initializer functions are
directly called from the existing global initialization code,
which should in most cases result in compiler inlining those
new functions, hence yielding a near-zero functional change.
Modify the existing initializer functions which are invoked via
protosw, like ip_init() et. al., to allow them to be invoked
multiple times, i.e. per each vnet. Global state, if any,
is initialized only if such functions are called within the
context of vnet0, which will be determined via the
IS_DEFAULT_VNET(curvnet) check (currently always true).
While here, V_irtualize a few remaining global UMA zones
used by net/netinet/netipsec networking code. While it is
not yet clear to me or anybody else whether this is the right
thing to do, at this stage this makes the code more readable,
and makes it easier to track uncollected UMA-zone-backed
objects on vnet removal. In the long run, it's quite possible
that some form of shared use of UMA zone pools among multiple
vnets should be considered.
Bump __FreeBSD_version due to changes in layout of structs
vnet_ipfw, vnet_inet and vnet_net.
Approved by: julian (mentor)
2009-04-06 22:29:41 +00:00
|
|
|
/* Skip global initialization stuff for non-default instances. */
|
2016-06-03 13:57:10 +00:00
|
|
|
#ifdef VIMAGE
|
2022-01-03 18:15:21 +00:00
|
|
|
netisr_register_vnet(&ip6_nh);
|
2016-06-03 13:57:10 +00:00
|
|
|
#ifdef RSS
|
2022-01-03 18:15:21 +00:00
|
|
|
netisr_register_vnet(&ip6_direct_nh);
|
2016-06-03 13:57:10 +00:00
|
|
|
#endif
|
|
|
|
|
#endif
|
2022-01-03 18:15:21 +00:00
|
|
|
}
|
|
|
|
|
VNET_SYSINIT(ip6_vnet_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FOURTH,
|
|
|
|
|
ip6_vnet_init, NULL);
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
ip6_init(void *arg __unused)
|
|
|
|
|
{
|
2004-10-19 14:26:44 +00:00
|
|
|
|
|
|
|
|
/*
|
2022-08-17 18:50:31 +00:00
|
|
|
* Register statically those protocols that are unlikely to ever go
|
|
|
|
|
* dynamic.
|
2004-10-19 14:26:44 +00:00
|
|
|
*/
|
2022-08-17 18:50:31 +00:00
|
|
|
IP6PROTO_REGISTER(IPPROTO_ICMPV6, icmp6_input, rip6_ctlinput);
|
|
|
|
|
IP6PROTO_REGISTER(IPPROTO_DSTOPTS, dest6_input, NULL);
|
|
|
|
|
IP6PROTO_REGISTER(IPPROTO_ROUTING, route6_input, NULL);
|
|
|
|
|
IP6PROTO_REGISTER(IPPROTO_FRAGMENT, frag6_input, NULL);
|
|
|
|
|
IP6PROTO_REGISTER(IPPROTO_IPV4, encap6_input, NULL);
|
|
|
|
|
IP6PROTO_REGISTER(IPPROTO_IPV6, encap6_input, NULL);
|
|
|
|
|
IP6PROTO_REGISTER(IPPROTO_ETHERIP, encap6_input, NULL);
|
|
|
|
|
IP6PROTO_REGISTER(IPPROTO_GRE, encap6_input, NULL);
|
|
|
|
|
IP6PROTO_REGISTER(IPPROTO_PIM, encap6_input, NULL);
|
|
|
|
|
#ifdef SCTP /* XXX: has a loadable & static version */
|
|
|
|
|
IP6PROTO_REGISTER(IPPROTO_SCTP, sctp6_input, sctp6_ctlinput);
|
|
|
|
|
#endif
|
2004-08-27 15:16:24 +00:00
|
|
|
|
2022-08-17 18:50:31 +00:00
|
|
|
EVENTHANDLER_REGISTER(vm_lowmem, frag6_drain, NULL, LOWMEM_PRI_DEFAULT);
|
|
|
|
|
EVENTHANDLER_REGISTER(mbuf_lowmem, frag6_drain, NULL,
|
|
|
|
|
LOWMEM_PRI_DEFAULT);
|
|
|
|
|
|
Reimplement the netisr framework in order to support parallel netisr
threads:
- Support up to one netisr thread per CPU, each processings its own
workstream, or set of per-protocol queues. Threads may be bound
to specific CPUs, or allowed to migrate, based on a global policy.
In the future it would be desirable to support topology-centric
policies, such as "one netisr per package".
- Allow each protocol to advertise an ordering policy, which can
currently be one of:
NETISR_POLICY_SOURCE: packets must maintain ordering with respect to
an implicit or explicit source (such as an interface or socket).
NETISR_POLICY_FLOW: make use of mbuf flow identifiers to place work,
as well as allowing protocols to provide a flow generation function
for mbufs without flow identifers (m2flow). Falls back on
NETISR_POLICY_SOURCE if now flow ID is available.
NETISR_POLICY_CPU: allow protocols to inspect and assign a CPU for
each packet handled by netisr (m2cpuid).
- Provide utility functions for querying the number of workstreams
being used, as well as a mapping function from workstream to CPU ID,
which protocols may use in work placement decisions.
- Add explicit interfaces to get and set per-protocol queue limits, and
get and clear drop counters, which query data or apply changes across
all workstreams.
- Add a more extensible netisr registration interface, in which
protocols declare 'struct netisr_handler' structures for each
registered NETISR_ type. These include name, handler function,
optional mbuf to flow ID function, optional mbuf to CPU ID function,
queue limit, and ordering policy. Padding is present to allow these
to be expanded in the future. If no queue limit is declared, then
a default is used.
- Queue limits are now per-workstream, and raised from the previous
IFQ_MAXLEN default of 50 to 256.
- All protocols are updated to use the new registration interface, and
with the exception of netnatm, default queue limits. Most protocols
register as NETISR_POLICY_SOURCE, except IPv4 and IPv6, which use
NETISR_POLICY_FLOW, and will therefore take advantage of driver-
generated flow IDs if present.
- Formalize a non-packet based interface between interface polling and
the netisr, rather than having polling pretend to be two protocols.
Provide two explicit hooks in the netisr worker for start and end
events for runs: netisr_poll() and netisr_pollmore(), as well as a
function, netisr_sched_poll(), to allow the polling code to schedule
netisr execution. DEVICE_POLLING still embeds single-netisr
assumptions in its implementation, so for now if it is compiled into
the kernel, a single and un-bound netisr thread is enforced
regardless of tunable configuration.
In the default configuration, the new netisr implementation maintains
the same basic assumptions as the previous implementation: a single,
un-bound worker thread processes all deferred work, and direct dispatch
is enabled by default wherever possible.
Performance measurement shows a marginal performance improvement over
the old implementation due to the use of batched dequeue.
An rmlock is used to synchronize use and registration/unregistration
using the framework; currently, synchronized use is disabled
(replicating current netisr policy) due to a measurable 3%-6% hit in
ping-pong micro-benchmarking. It will be enabled once further rmlock
optimization has taken place. However, in practice, netisrs are
rarely registered or unregistered at runtime.
A new man page for netisr will follow, but since one doesn't currently
exist, it hasn't been updated.
This change is not appropriate for MFC, although the polling shutdown
handler should be merged to 7-STABLE.
Bump __FreeBSD_version.
Reviewed by: bz
2009-06-01 10:41:38 +00:00
|
|
|
netisr_register(&ip6_nh);
|
2015-11-06 23:07:43 +00:00
|
|
|
#ifdef RSS
|
|
|
|
|
netisr_register(&ip6_direct_nh);
|
|
|
|
|
#endif
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2022-01-03 18:15:21 +00:00
|
|
|
SYSINIT(ip6_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, ip6_init, NULL);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2010-09-02 17:43:44 +00:00
|
|
|
int
|
2022-10-04 03:53:04 +00:00
|
|
|
ip6proto_register(uint8_t proto, ip6proto_input_t input,
|
|
|
|
|
ip6proto_ctlinput_t ctl)
|
2010-09-02 17:43:44 +00:00
|
|
|
{
|
|
|
|
|
|
2022-08-17 18:50:31 +00:00
|
|
|
MPASS(proto > 0);
|
2010-09-02 17:43:44 +00:00
|
|
|
|
2022-08-17 18:50:31 +00:00
|
|
|
if (ip6_protox[proto] == rip6_input) {
|
|
|
|
|
ip6_protox[proto] = input;
|
|
|
|
|
ip6_ctlprotox[proto] = ctl;
|
|
|
|
|
return (0);
|
|
|
|
|
} else
|
2010-09-02 17:43:44 +00:00
|
|
|
return (EEXIST);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
2022-08-17 18:50:31 +00:00
|
|
|
ip6proto_unregister(uint8_t proto)
|
2010-09-02 17:43:44 +00:00
|
|
|
{
|
|
|
|
|
|
2022-08-17 18:50:31 +00:00
|
|
|
MPASS(proto > 0);
|
2010-09-02 17:43:44 +00:00
|
|
|
|
2022-08-17 18:50:31 +00:00
|
|
|
if (ip6_protox[proto] != rip6_input) {
|
|
|
|
|
ip6_protox[proto] = rip6_input;
|
|
|
|
|
ip6_ctlprotox[proto] = rip6_ctlinput;
|
|
|
|
|
return (0);
|
|
|
|
|
} else
|
2010-09-02 17:43:44 +00:00
|
|
|
return (ENOENT);
|
|
|
|
|
}
|
|
|
|
|
|
Introduce an infrastructure for dismantling vnet instances.
Vnet modules and protocol domains may now register destructor
functions to clean up and release per-module state. The destructor
mechanisms can be triggered by invoking "vimage -d", or a future
equivalent command which will be provided via the new jail framework.
While this patch introduces numerous placeholder destructor functions,
many of those are currently incomplete, thus leaking memory or (even
worse) failing to stop all running timers. Many of such issues are
already known and will be incrementaly fixed over the next weeks in
smaller incremental commits.
Apart from introducing new fields in structs ifnet, domain, protosw
and vnet_net, which requires the kernel and modules to be rebuilt, this
change should have no impact on nooptions VIMAGE builds, since vnet
destructors can only be called in VIMAGE kernels. Moreover,
destructor functions should be in general compiled in only in
options VIMAGE builds, except for kernel modules which can be safely
kldunloaded at run time.
Bump __FreeBSD_version to 800097.
Reviewed by: bz, julian
Approved by: rwatson, kib (re), julian (mentor)
2009-06-08 17:15:40 +00:00
|
|
|
#ifdef VIMAGE
|
2016-06-01 10:14:04 +00:00
|
|
|
static void
|
|
|
|
|
ip6_destroy(void *unused __unused)
|
Introduce an infrastructure for dismantling vnet instances.
Vnet modules and protocol domains may now register destructor
functions to clean up and release per-module state. The destructor
mechanisms can be triggered by invoking "vimage -d", or a future
equivalent command which will be provided via the new jail framework.
While this patch introduces numerous placeholder destructor functions,
many of those are currently incomplete, thus leaking memory or (even
worse) failing to stop all running timers. Many of such issues are
already known and will be incrementaly fixed over the next weeks in
smaller incremental commits.
Apart from introducing new fields in structs ifnet, domain, protosw
and vnet_net, which requires the kernel and modules to be rebuilt, this
change should have no impact on nooptions VIMAGE builds, since vnet
destructors can only be called in VIMAGE kernels. Moreover,
destructor functions should be in general compiled in only in
options VIMAGE builds, except for kernel modules which can be safely
kldunloaded at run time.
Bump __FreeBSD_version to 800097.
Reviewed by: bz, julian
Approved by: rwatson, kib (re), julian (mentor)
2009-06-08 17:15:40 +00:00
|
|
|
{
|
Get closer to a VIMAGE network stack teardown from top to bottom rather
than removing the network interfaces first. This change is rather larger
and convoluted as the ordering requirements cannot be separated.
Move the pfil(9) framework to SI_SUB_PROTO_PFIL, move Firewalls and
related modules to their own SI_SUB_PROTO_FIREWALL.
Move initialization of "physical" interfaces to SI_SUB_DRIVERS,
move virtual (cloned) interfaces to SI_SUB_PSEUDO.
Move Multicast to SI_SUB_PROTO_MC.
Re-work parts of multicast initialisation and teardown, not taking the
huge amount of memory into account if used as a module yet.
For interface teardown we try to do as many of them as we can on
SI_SUB_INIT_IF, but for some this makes no sense, e.g., when tunnelling
over a higher layer protocol such as IP. In that case the interface
has to go along (or before) the higher layer protocol is shutdown.
Kernel hhooks need to go last on teardown as they may be used at various
higher layers and we cannot remove them before we cleaned up the higher
layers.
For interface teardown there are multiple paths:
(a) a cloned interface is destroyed (inside a VIMAGE or in the base system),
(b) any interface is moved from a virtual network stack to a different
network stack ("vmove"), or (c) a virtual network stack is being shut down.
All code paths go through if_detach_internal() where we, depending on the
vmove flag or the vnet state, make a decision on how much to shut down;
in case we are destroying a VNET the individual protocol layers will
cleanup their own parts thus we cannot do so again for each interface as
we end up with, e.g., double-frees, destroying locks twice or acquiring
already destroyed locks.
When calling into protocol cleanups we equally have to tell them
whether they need to detach upper layer protocols ("ulp") or not
(e.g., in6_ifdetach()).
Provide or enahnce helper functions to do proper cleanup at a protocol
rather than at an interface level.
Approved by: re (hrs)
Obtained from: projects/vnet
Reviewed by: gnn, jhb
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D6747
2016-06-21 13:48:49 +00:00
|
|
|
struct ifaddr *ifa, *nifa;
|
|
|
|
|
struct ifnet *ifp;
|
2015-11-25 07:31:59 +00:00
|
|
|
int error;
|
Introduce an infrastructure for dismantling vnet instances.
Vnet modules and protocol domains may now register destructor
functions to clean up and release per-module state. The destructor
mechanisms can be triggered by invoking "vimage -d", or a future
equivalent command which will be provided via the new jail framework.
While this patch introduces numerous placeholder destructor functions,
many of those are currently incomplete, thus leaking memory or (even
worse) failing to stop all running timers. Many of such issues are
already known and will be incrementaly fixed over the next weeks in
smaller incremental commits.
Apart from introducing new fields in structs ifnet, domain, protosw
and vnet_net, which requires the kernel and modules to be rebuilt, this
change should have no impact on nooptions VIMAGE builds, since vnet
destructors can only be called in VIMAGE kernels. Moreover,
destructor functions should be in general compiled in only in
options VIMAGE builds, except for kernel modules which can be safely
kldunloaded at run time.
Bump __FreeBSD_version to 800097.
Reviewed by: bz, julian
Approved by: rwatson, kib (re), julian (mentor)
2009-06-08 17:15:40 +00:00
|
|
|
|
2016-06-03 13:57:10 +00:00
|
|
|
#ifdef RSS
|
|
|
|
|
netisr_unregister_vnet(&ip6_direct_nh);
|
|
|
|
|
#endif
|
|
|
|
|
netisr_unregister_vnet(&ip6_nh);
|
|
|
|
|
|
New pfil(9) KPI together with newborn pfil API and control utility.
The KPI have been reviewed and cleansed of features that were planned
back 20 years ago and never implemented. The pfil(9) internals have
been made opaque to protocols with only returned types and function
declarations exposed. The KPI is made more strict, but at the same time
more extensible, as kernel uses same command structures that userland
ioctl uses.
In nutshell [KA]PI is about declaring filtering points, declaring
filters and linking and unlinking them together.
New [KA]PI makes it possible to reconfigure pfil(9) configuration:
change order of hooks, rehook filter from one filtering point to a
different one, disconnect a hook on output leaving it on input only,
prepend/append a filter to existing list of filters.
Now it possible for a single packet filter to provide multiple rulesets
that may be linked to different points. Think of per-interface ACLs in
Cisco or Juniper. None of existing packet filters yet support that,
however limited usage is already possible, e.g. default ruleset can
be moved to single interface, as soon as interface would pride their
filtering points.
Another future feature is possiblity to create pfil heads, that provide
not an mbuf pointer but just a memory pointer with length. That would
allow filtering at very early stages of a packet lifecycle, e.g. when
packet has just been received by a NIC and no mbuf was yet allocated.
Differential Revision: https://reviews.freebsd.org/D18951
2019-01-31 23:01:03 +00:00
|
|
|
pfil_head_unregister(V_inet6_pfil_head);
|
2015-11-25 07:31:59 +00:00
|
|
|
error = hhook_head_deregister(V_ipsec_hhh_in[HHOOK_IPSEC_INET6]);
|
|
|
|
|
if (error != 0) {
|
|
|
|
|
printf("%s: WARNING: unable to deregister input helper hook "
|
|
|
|
|
"type HHOOK_TYPE_IPSEC_IN, id HHOOK_IPSEC_INET6: "
|
|
|
|
|
"error %d returned\n", __func__, error);
|
|
|
|
|
}
|
|
|
|
|
error = hhook_head_deregister(V_ipsec_hhh_out[HHOOK_IPSEC_INET6]);
|
|
|
|
|
if (error != 0) {
|
|
|
|
|
printf("%s: WARNING: unable to deregister output helper hook "
|
|
|
|
|
"type HHOOK_TYPE_IPSEC_OUT, id HHOOK_IPSEC_INET6: "
|
|
|
|
|
"error %d returned\n", __func__, error);
|
|
|
|
|
}
|
Get closer to a VIMAGE network stack teardown from top to bottom rather
than removing the network interfaces first. This change is rather larger
and convoluted as the ordering requirements cannot be separated.
Move the pfil(9) framework to SI_SUB_PROTO_PFIL, move Firewalls and
related modules to their own SI_SUB_PROTO_FIREWALL.
Move initialization of "physical" interfaces to SI_SUB_DRIVERS,
move virtual (cloned) interfaces to SI_SUB_PSEUDO.
Move Multicast to SI_SUB_PROTO_MC.
Re-work parts of multicast initialisation and teardown, not taking the
huge amount of memory into account if used as a module yet.
For interface teardown we try to do as many of them as we can on
SI_SUB_INIT_IF, but for some this makes no sense, e.g., when tunnelling
over a higher layer protocol such as IP. In that case the interface
has to go along (or before) the higher layer protocol is shutdown.
Kernel hhooks need to go last on teardown as they may be used at various
higher layers and we cannot remove them before we cleaned up the higher
layers.
For interface teardown there are multiple paths:
(a) a cloned interface is destroyed (inside a VIMAGE or in the base system),
(b) any interface is moved from a virtual network stack to a different
network stack ("vmove"), or (c) a virtual network stack is being shut down.
All code paths go through if_detach_internal() where we, depending on the
vmove flag or the vnet state, make a decision on how much to shut down;
in case we are destroying a VNET the individual protocol layers will
cleanup their own parts thus we cannot do so again for each interface as
we end up with, e.g., double-frees, destroying locks twice or acquiring
already destroyed locks.
When calling into protocol cleanups we equally have to tell them
whether they need to detach upper layer protocols ("ulp") or not
(e.g., in6_ifdetach()).
Provide or enahnce helper functions to do proper cleanup at a protocol
rather than at an interface level.
Approved by: re (hrs)
Obtained from: projects/vnet
Reviewed by: gnn, jhb
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D6747
2016-06-21 13:48:49 +00:00
|
|
|
|
|
|
|
|
/* Cleanup addresses. */
|
|
|
|
|
IFNET_RLOCK();
|
2018-05-23 21:02:14 +00:00
|
|
|
CK_STAILQ_FOREACH(ifp, &V_ifnet, if_link) {
|
Get closer to a VIMAGE network stack teardown from top to bottom rather
than removing the network interfaces first. This change is rather larger
and convoluted as the ordering requirements cannot be separated.
Move the pfil(9) framework to SI_SUB_PROTO_PFIL, move Firewalls and
related modules to their own SI_SUB_PROTO_FIREWALL.
Move initialization of "physical" interfaces to SI_SUB_DRIVERS,
move virtual (cloned) interfaces to SI_SUB_PSEUDO.
Move Multicast to SI_SUB_PROTO_MC.
Re-work parts of multicast initialisation and teardown, not taking the
huge amount of memory into account if used as a module yet.
For interface teardown we try to do as many of them as we can on
SI_SUB_INIT_IF, but for some this makes no sense, e.g., when tunnelling
over a higher layer protocol such as IP. In that case the interface
has to go along (or before) the higher layer protocol is shutdown.
Kernel hhooks need to go last on teardown as they may be used at various
higher layers and we cannot remove them before we cleaned up the higher
layers.
For interface teardown there are multiple paths:
(a) a cloned interface is destroyed (inside a VIMAGE or in the base system),
(b) any interface is moved from a virtual network stack to a different
network stack ("vmove"), or (c) a virtual network stack is being shut down.
All code paths go through if_detach_internal() where we, depending on the
vmove flag or the vnet state, make a decision on how much to shut down;
in case we are destroying a VNET the individual protocol layers will
cleanup their own parts thus we cannot do so again for each interface as
we end up with, e.g., double-frees, destroying locks twice or acquiring
already destroyed locks.
When calling into protocol cleanups we equally have to tell them
whether they need to detach upper layer protocols ("ulp") or not
(e.g., in6_ifdetach()).
Provide or enahnce helper functions to do proper cleanup at a protocol
rather than at an interface level.
Approved by: re (hrs)
Obtained from: projects/vnet
Reviewed by: gnn, jhb
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D6747
2016-06-21 13:48:49 +00:00
|
|
|
/* Cannot lock here - lock recursion. */
|
|
|
|
|
/* IF_ADDR_LOCK(ifp); */
|
2018-05-18 20:13:34 +00:00
|
|
|
CK_STAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, nifa) {
|
Get closer to a VIMAGE network stack teardown from top to bottom rather
than removing the network interfaces first. This change is rather larger
and convoluted as the ordering requirements cannot be separated.
Move the pfil(9) framework to SI_SUB_PROTO_PFIL, move Firewalls and
related modules to their own SI_SUB_PROTO_FIREWALL.
Move initialization of "physical" interfaces to SI_SUB_DRIVERS,
move virtual (cloned) interfaces to SI_SUB_PSEUDO.
Move Multicast to SI_SUB_PROTO_MC.
Re-work parts of multicast initialisation and teardown, not taking the
huge amount of memory into account if used as a module yet.
For interface teardown we try to do as many of them as we can on
SI_SUB_INIT_IF, but for some this makes no sense, e.g., when tunnelling
over a higher layer protocol such as IP. In that case the interface
has to go along (or before) the higher layer protocol is shutdown.
Kernel hhooks need to go last on teardown as they may be used at various
higher layers and we cannot remove them before we cleaned up the higher
layers.
For interface teardown there are multiple paths:
(a) a cloned interface is destroyed (inside a VIMAGE or in the base system),
(b) any interface is moved from a virtual network stack to a different
network stack ("vmove"), or (c) a virtual network stack is being shut down.
All code paths go through if_detach_internal() where we, depending on the
vmove flag or the vnet state, make a decision on how much to shut down;
in case we are destroying a VNET the individual protocol layers will
cleanup their own parts thus we cannot do so again for each interface as
we end up with, e.g., double-frees, destroying locks twice or acquiring
already destroyed locks.
When calling into protocol cleanups we equally have to tell them
whether they need to detach upper layer protocols ("ulp") or not
(e.g., in6_ifdetach()).
Provide or enahnce helper functions to do proper cleanup at a protocol
rather than at an interface level.
Approved by: re (hrs)
Obtained from: projects/vnet
Reviewed by: gnn, jhb
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D6747
2016-06-21 13:48:49 +00:00
|
|
|
if (ifa->ifa_addr->sa_family != AF_INET6)
|
|
|
|
|
continue;
|
|
|
|
|
in6_purgeaddr(ifa);
|
|
|
|
|
}
|
|
|
|
|
/* IF_ADDR_UNLOCK(ifp); */
|
|
|
|
|
in6_ifdetach_destroy(ifp);
|
|
|
|
|
mld_domifdetach(ifp);
|
|
|
|
|
}
|
|
|
|
|
IFNET_RUNLOCK();
|
|
|
|
|
|
2021-03-08 21:35:41 +00:00
|
|
|
/* Make sure any routes are gone as well. */
|
|
|
|
|
rib_flush_routes_family(AF_INET6);
|
|
|
|
|
|
2019-10-21 08:48:47 +00:00
|
|
|
frag6_destroy();
|
Introduce an infrastructure for dismantling vnet instances.
Vnet modules and protocol domains may now register destructor
functions to clean up and release per-module state. The destructor
mechanisms can be triggered by invoking "vimage -d", or a future
equivalent command which will be provided via the new jail framework.
While this patch introduces numerous placeholder destructor functions,
many of those are currently incomplete, thus leaking memory or (even
worse) failing to stop all running timers. Many of such issues are
already known and will be incrementaly fixed over the next weeks in
smaller incremental commits.
Apart from introducing new fields in structs ifnet, domain, protosw
and vnet_net, which requires the kernel and modules to be rebuilt, this
change should have no impact on nooptions VIMAGE builds, since vnet
destructors can only be called in VIMAGE kernels. Moreover,
destructor functions should be in general compiled in only in
options VIMAGE builds, except for kernel modules which can be safely
kldunloaded at run time.
Bump __FreeBSD_version to 800097.
Reviewed by: bz, julian
Approved by: rwatson, kib (re), julian (mentor)
2009-06-08 17:15:40 +00:00
|
|
|
nd6_destroy();
|
2016-03-22 15:43:47 +00:00
|
|
|
in6_ifattach_destroy();
|
Get closer to a VIMAGE network stack teardown from top to bottom rather
than removing the network interfaces first. This change is rather larger
and convoluted as the ordering requirements cannot be separated.
Move the pfil(9) framework to SI_SUB_PROTO_PFIL, move Firewalls and
related modules to their own SI_SUB_PROTO_FIREWALL.
Move initialization of "physical" interfaces to SI_SUB_DRIVERS,
move virtual (cloned) interfaces to SI_SUB_PSEUDO.
Move Multicast to SI_SUB_PROTO_MC.
Re-work parts of multicast initialisation and teardown, not taking the
huge amount of memory into account if used as a module yet.
For interface teardown we try to do as many of them as we can on
SI_SUB_INIT_IF, but for some this makes no sense, e.g., when tunnelling
over a higher layer protocol such as IP. In that case the interface
has to go along (or before) the higher layer protocol is shutdown.
Kernel hhooks need to go last on teardown as they may be used at various
higher layers and we cannot remove them before we cleaned up the higher
layers.
For interface teardown there are multiple paths:
(a) a cloned interface is destroyed (inside a VIMAGE or in the base system),
(b) any interface is moved from a virtual network stack to a different
network stack ("vmove"), or (c) a virtual network stack is being shut down.
All code paths go through if_detach_internal() where we, depending on the
vmove flag or the vnet state, make a decision on how much to shut down;
in case we are destroying a VNET the individual protocol layers will
cleanup their own parts thus we cannot do so again for each interface as
we end up with, e.g., double-frees, destroying locks twice or acquiring
already destroyed locks.
When calling into protocol cleanups we equally have to tell them
whether they need to detach upper layer protocols ("ulp") or not
(e.g., in6_ifdetach()).
Provide or enahnce helper functions to do proper cleanup at a protocol
rather than at an interface level.
Approved by: re (hrs)
Obtained from: projects/vnet
Reviewed by: gnn, jhb
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D6747
2016-06-21 13:48:49 +00:00
|
|
|
|
|
|
|
|
hashdestroy(V_in6_ifaddrhashtbl, M_IFADDR, V_in6_ifaddrhmask);
|
Introduce an infrastructure for dismantling vnet instances.
Vnet modules and protocol domains may now register destructor
functions to clean up and release per-module state. The destructor
mechanisms can be triggered by invoking "vimage -d", or a future
equivalent command which will be provided via the new jail framework.
While this patch introduces numerous placeholder destructor functions,
many of those are currently incomplete, thus leaking memory or (even
worse) failing to stop all running timers. Many of such issues are
already known and will be incrementaly fixed over the next weeks in
smaller incremental commits.
Apart from introducing new fields in structs ifnet, domain, protosw
and vnet_net, which requires the kernel and modules to be rebuilt, this
change should have no impact on nooptions VIMAGE builds, since vnet
destructors can only be called in VIMAGE kernels. Moreover,
destructor functions should be in general compiled in only in
options VIMAGE builds, except for kernel modules which can be safely
kldunloaded at run time.
Bump __FreeBSD_version to 800097.
Reviewed by: bz, julian
Approved by: rwatson, kib (re), julian (mentor)
2009-06-08 17:15:40 +00:00
|
|
|
}
|
2016-06-01 10:14:04 +00:00
|
|
|
|
|
|
|
|
VNET_SYSUNINIT(inet6, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, ip6_destroy, NULL);
|
Introduce an infrastructure for dismantling vnet instances.
Vnet modules and protocol domains may now register destructor
functions to clean up and release per-module state. The destructor
mechanisms can be triggered by invoking "vimage -d", or a future
equivalent command which will be provided via the new jail framework.
While this patch introduces numerous placeholder destructor functions,
many of those are currently incomplete, thus leaking memory or (even
worse) failing to stop all running timers. Many of such issues are
already known and will be incrementaly fixed over the next weeks in
smaller incremental commits.
Apart from introducing new fields in structs ifnet, domain, protosw
and vnet_net, which requires the kernel and modules to be rebuilt, this
change should have no impact on nooptions VIMAGE builds, since vnet
destructors can only be called in VIMAGE kernels. Moreover,
destructor functions should be in general compiled in only in
options VIMAGE builds, except for kernel modules which can be safely
kldunloaded at run time.
Bump __FreeBSD_version to 800097.
Reviewed by: bz, julian
Approved by: rwatson, kib (re), julian (mentor)
2009-06-08 17:15:40 +00:00
|
|
|
#endif
|
|
|
|
|
|
2012-05-25 02:58:21 +00:00
|
|
|
static int
|
2019-09-19 10:22:29 +00:00
|
|
|
ip6_input_hbh(struct mbuf **mp, uint32_t *plen, uint32_t *rtalert, int *off,
|
2012-05-25 02:58:21 +00:00
|
|
|
int *nxt, int *ours)
|
|
|
|
|
{
|
2019-09-19 10:22:29 +00:00
|
|
|
struct mbuf *m;
|
2012-05-25 02:58:21 +00:00
|
|
|
struct ip6_hdr *ip6;
|
|
|
|
|
struct ip6_hbh *hbh;
|
|
|
|
|
|
2019-09-19 10:22:29 +00:00
|
|
|
if (ip6_hopopts_input(plen, rtalert, mp, off)) {
|
2012-05-25 02:58:21 +00:00
|
|
|
#if 0 /*touches NULL pointer*/
|
2019-09-19 10:22:29 +00:00
|
|
|
in6_ifstat_inc((*mp)->m_pkthdr.rcvif, ifs6_in_discard);
|
2012-05-25 02:58:21 +00:00
|
|
|
#endif
|
|
|
|
|
goto out; /* m have already been freed */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* adjust pointer */
|
2019-09-19 10:22:29 +00:00
|
|
|
m = *mp;
|
2012-05-25 02:58:21 +00:00
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* if the payload length field is 0 and the next header field
|
|
|
|
|
* indicates Hop-by-Hop Options header, then a Jumbo Payload
|
|
|
|
|
* option MUST be included.
|
|
|
|
|
*/
|
|
|
|
|
if (ip6->ip6_plen == 0 && *plen == 0) {
|
|
|
|
|
/*
|
|
|
|
|
* Note that if a valid jumbo payload option is
|
|
|
|
|
* contained, ip6_hopopts_input() must set a valid
|
|
|
|
|
* (non-zero) payload length to the variable plen.
|
|
|
|
|
*/
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badoptions);
|
2012-05-25 02:58:21 +00:00
|
|
|
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_discard);
|
|
|
|
|
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_hdrerr);
|
|
|
|
|
icmp6_error(m, ICMP6_PARAM_PROB,
|
|
|
|
|
ICMP6_PARAMPROB_HEADER,
|
|
|
|
|
(caddr_t)&ip6->ip6_plen - (caddr_t)ip6);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
/* ip6_hopopts_input() ensures that mbuf is contiguous */
|
|
|
|
|
hbh = (struct ip6_hbh *)(ip6 + 1);
|
|
|
|
|
*nxt = hbh->ip6h_nxt;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If we are acting as a router and the packet contains a
|
|
|
|
|
* router alert option, see if we know the option value.
|
|
|
|
|
* Currently, we only support the option value for MLD, in which
|
|
|
|
|
* case we should pass the packet to the multicast routing
|
|
|
|
|
* daemon.
|
|
|
|
|
*/
|
|
|
|
|
if (*rtalert != ~0) {
|
|
|
|
|
switch (*rtalert) {
|
|
|
|
|
case IP6OPT_RTALERT_MLD:
|
|
|
|
|
if (V_ip6_forwarding)
|
|
|
|
|
*ours = 1;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
/*
|
|
|
|
|
* RFC2711 requires unrecognized values must be
|
|
|
|
|
* silently ignored.
|
|
|
|
|
*/
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
return (1);
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-06 23:07:43 +00:00
|
|
|
#ifdef RSS
|
|
|
|
|
/*
|
|
|
|
|
* IPv6 direct input routine.
|
|
|
|
|
*
|
|
|
|
|
* This is called when reinjecting completed fragments where
|
|
|
|
|
* all of the previous checking and book-keeping has been done.
|
|
|
|
|
*/
|
|
|
|
|
void
|
|
|
|
|
ip6_direct_input(struct mbuf *m)
|
|
|
|
|
{
|
|
|
|
|
int off, nxt;
|
|
|
|
|
int nest;
|
|
|
|
|
struct m_tag *mtag;
|
|
|
|
|
struct ip6_direct_ctx *ip6dc;
|
|
|
|
|
|
|
|
|
|
mtag = m_tag_locate(m, MTAG_ABI_IPV6, IPV6_TAG_DIRECT, NULL);
|
|
|
|
|
KASSERT(mtag != NULL, ("Reinjected packet w/o direct ctx tag!"));
|
|
|
|
|
|
|
|
|
|
ip6dc = (struct ip6_direct_ctx *)(mtag + 1);
|
|
|
|
|
nxt = ip6dc->ip6dc_nxt;
|
|
|
|
|
off = ip6dc->ip6dc_off;
|
|
|
|
|
|
|
|
|
|
nest = 0;
|
|
|
|
|
|
|
|
|
|
m_tag_delete(m, mtag);
|
|
|
|
|
|
|
|
|
|
while (nxt != IPPROTO_DONE) {
|
|
|
|
|
if (V_ip6_hdrnestlimit && (++nest > V_ip6_hdrnestlimit)) {
|
|
|
|
|
IP6STAT_INC(ip6s_toomanyhdr);
|
|
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* protection against faulty packet - there should be
|
|
|
|
|
* more sanity checks in header chain processing.
|
|
|
|
|
*/
|
|
|
|
|
if (m->m_pkthdr.len < off) {
|
|
|
|
|
IP6STAT_INC(ip6s_tooshort);
|
|
|
|
|
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_truncated);
|
|
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-06 08:49:57 +00:00
|
|
|
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
|
|
|
|
|
if (IPSEC_ENABLED(ipv6)) {
|
|
|
|
|
if (IPSEC_INPUT(ipv6, m, off, nxt) != 0)
|
|
|
|
|
return;
|
|
|
|
|
}
|
2015-11-06 23:07:43 +00:00
|
|
|
#endif /* IPSEC */
|
|
|
|
|
|
2022-08-17 18:50:31 +00:00
|
|
|
nxt = ip6_protox[nxt](&m, &off, nxt);
|
2015-11-06 23:07:43 +00:00
|
|
|
}
|
|
|
|
|
return;
|
|
|
|
|
bad:
|
|
|
|
|
m_freem(m);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
void
|
2007-07-05 16:23:49 +00:00
|
|
|
ip6_input(struct mbuf *m)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
2014-11-08 19:38:34 +00:00
|
|
|
struct in6_addr odst;
|
1999-11-22 02:45:11 +00:00
|
|
|
struct ip6_hdr *ip6;
|
2014-11-08 19:38:34 +00:00
|
|
|
struct in6_ifaddr *ia;
|
2016-12-12 11:26:59 +00:00
|
|
|
struct ifnet *rcvif;
|
1999-11-22 02:45:11 +00:00
|
|
|
u_int32_t plen;
|
|
|
|
|
u_int32_t rtalert = ~0;
|
2014-11-08 19:38:34 +00:00
|
|
|
int off = sizeof(struct ip6_hdr), nest;
|
1999-11-22 02:45:11 +00:00
|
|
|
int nxt, ours = 0;
|
2003-10-16 18:57:45 +00:00
|
|
|
int srcrt = 0;
|
2003-10-16 19:55:28 +00:00
|
|
|
|
2016-12-12 10:57:32 +00:00
|
|
|
/*
|
|
|
|
|
* Drop the packet if IPv6 operation is disabled on the interface.
|
|
|
|
|
*/
|
2016-12-12 11:26:59 +00:00
|
|
|
rcvif = m->m_pkthdr.rcvif;
|
|
|
|
|
if ((ND_IFINFO(rcvif)->flags & ND6_IFF_IFDISABLED))
|
2016-12-12 10:57:32 +00:00
|
|
|
goto bad;
|
|
|
|
|
|
2017-02-06 08:49:57 +00:00
|
|
|
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
|
* should the inner packet be considered authentic?
|
|
|
|
|
* see comment in ah4_input().
|
2007-07-01 11:41:27 +00:00
|
|
|
* NB: m cannot be NULL when passed to the input routine
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2007-07-01 11:41:27 +00:00
|
|
|
|
|
|
|
|
m->m_flags &= ~M_AUTHIPHDR;
|
|
|
|
|
m->m_flags &= ~M_AUTHIPDGM;
|
|
|
|
|
|
2007-07-03 12:13:45 +00:00
|
|
|
#endif /* IPSEC */
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2011-08-20 17:05:11 +00:00
|
|
|
if (m->m_flags & M_FASTFWD_OURS) {
|
|
|
|
|
/*
|
|
|
|
|
* Firewall changed destination to local.
|
|
|
|
|
*/
|
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
2018-01-29 11:03:29 +00:00
|
|
|
goto passin;
|
2011-08-20 17:05:11 +00:00
|
|
|
}
|
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
2002-04-19 04:46:24 +00:00
|
|
|
* mbuf statistics
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
|
if (m->m_flags & M_EXT) {
|
|
|
|
|
if (m->m_next)
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_mext2m);
|
1999-11-22 02:45:11 +00:00
|
|
|
else
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_mext1);
|
1999-11-22 02:45:11 +00:00
|
|
|
} else {
|
|
|
|
|
if (m->m_next) {
|
2022-07-04 20:03:06 +00:00
|
|
|
struct ifnet *ifp = (m->m_flags & M_LOOP) ? V_loif : rcvif;
|
|
|
|
|
int ifindex = ifp->if_index;
|
|
|
|
|
if (ifindex >= IP6S_M2MMAX)
|
|
|
|
|
ifindex = 0;
|
|
|
|
|
IP6STAT_INC(ip6s_m2m[ifindex]);
|
1999-11-22 02:45:11 +00:00
|
|
|
} else
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_m1);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
2016-12-12 11:26:59 +00:00
|
|
|
in6_ifstat_inc(rcvif, ifs6_in_receive);
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_total);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2001-03-16 10:58:16 +00:00
|
|
|
/*
|
|
|
|
|
* L2 bridge code and some other code can return mbuf chain
|
|
|
|
|
* that does not conform to KAME requirement. too bad.
|
|
|
|
|
* XXX: fails to join if interface MTU > MCLBYTES. jumbogram?
|
|
|
|
|
*/
|
|
|
|
|
if (m && m->m_next != NULL && m->m_pkthdr.len < MCLBYTES) {
|
|
|
|
|
struct mbuf *n;
|
|
|
|
|
|
2013-03-15 12:33:23 +00:00
|
|
|
if (m->m_pkthdr.len > MHLEN)
|
|
|
|
|
n = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
|
|
|
|
|
else
|
|
|
|
|
n = m_gethdr(M_NOWAIT, MT_DATA);
|
2016-12-12 11:26:59 +00:00
|
|
|
if (n == NULL)
|
|
|
|
|
goto bad;
|
2001-03-16 10:58:16 +00:00
|
|
|
|
2013-03-15 13:48:53 +00:00
|
|
|
m_move_pkthdr(n, m);
|
2003-01-06 21:33:54 +00:00
|
|
|
m_copydata(m, 0, n->m_pkthdr.len, mtod(n, caddr_t));
|
|
|
|
|
n->m_len = n->m_pkthdr.len;
|
2001-03-16 10:58:16 +00:00
|
|
|
m_freem(m);
|
|
|
|
|
m = n;
|
|
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
if (m->m_len < sizeof(struct ip6_hdr)) {
|
2003-10-08 18:26:08 +00:00
|
|
|
if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_toosmall);
|
2016-12-12 11:26:59 +00:00
|
|
|
in6_ifstat_inc(rcvif, ifs6_in_hdrerr);
|
|
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
|
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badvers);
|
2016-12-12 11:26:59 +00:00
|
|
|
in6_ifstat_inc(rcvif, ifs6_in_hdrerr);
|
1999-11-22 02:45:11 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_nxthist[ip6->ip6_nxt]);
|
2016-12-12 11:26:59 +00:00
|
|
|
IP_PROBE(receive, NULL, NULL, ip6, rcvif, NULL, ip6);
|
2013-08-25 21:54:41 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
2001-06-11 12:39:29 +00:00
|
|
|
* Check against address spoofing/corruption.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
|
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) ||
|
|
|
|
|
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) {
|
2001-06-11 12:39:29 +00:00
|
|
|
/*
|
|
|
|
|
* XXX: "badscope" is not very suitable for a multicast source.
|
|
|
|
|
*/
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badscope);
|
2016-12-12 11:26:59 +00:00
|
|
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr);
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
2004-03-01 15:34:29 +00:00
|
|
|
if (IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst) &&
|
|
|
|
|
!(m->m_flags & M_LOOP)) {
|
|
|
|
|
/*
|
|
|
|
|
* In this case, the packet should come from the loopback
|
|
|
|
|
* interface. However, we cannot just check the if_flags,
|
|
|
|
|
* because ip6_mloopback() passes the "actual" interface
|
|
|
|
|
* as the outgoing/incoming interface.
|
|
|
|
|
*/
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badscope);
|
2016-12-12 11:26:59 +00:00
|
|
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr);
|
1999-11-22 02:45:11 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
2014-02-13 14:10:44 +00:00
|
|
|
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) &&
|
|
|
|
|
IPV6_ADDR_MC_SCOPE(&ip6->ip6_dst) == 0) {
|
|
|
|
|
/*
|
|
|
|
|
* RFC4291 2.7:
|
|
|
|
|
* Nodes must not originate a packet to a multicast address
|
|
|
|
|
* whose scop field contains the reserved value 0; if such
|
|
|
|
|
* a packet is received, it must be silently dropped.
|
|
|
|
|
*/
|
|
|
|
|
IP6STAT_INC(ip6s_badscope);
|
2016-12-12 11:26:59 +00:00
|
|
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr);
|
2014-02-13 14:10:44 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
2000-07-04 16:35:15 +00:00
|
|
|
/*
|
2001-06-11 12:39:29 +00:00
|
|
|
* The following check is not documented in specs. A malicious
|
|
|
|
|
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack
|
|
|
|
|
* and bypass security checks (act as if it was from 127.0.0.1 by using
|
2003-10-08 18:26:08 +00:00
|
|
|
* IPv6 src ::ffff:127.0.0.1). Be cautious.
|
2001-06-11 12:39:29 +00:00
|
|
|
*
|
2019-12-06 16:53:42 +00:00
|
|
|
* We have supported IPv6-only kernels for a few years and this issue
|
|
|
|
|
* has not come up. The world seems to move mostly towards not using
|
|
|
|
|
* v4mapped on the wire, so it makes sense for us to keep rejecting
|
|
|
|
|
* any such packets.
|
2000-07-04 16:35:15 +00:00
|
|
|
*/
|
2001-06-11 12:39:29 +00:00
|
|
|
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
|
|
|
|
|
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badscope);
|
2016-12-12 11:26:59 +00:00
|
|
|
in6_ifstat_inc(rcvif, ifs6_in_addrerr);
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
2000-07-04 16:35:15 +00:00
|
|
|
#if 0
|
|
|
|
|
/*
|
|
|
|
|
* Reject packets with IPv4 compatible addresses (auto tunnel).
|
|
|
|
|
*
|
|
|
|
|
* The code forbids auto tunnel relay case in RFC1933 (the check is
|
|
|
|
|
* stronger than RFC1933). We may want to re-enable it if mech-xx
|
|
|
|
|
* is revised to forbid relaying case.
|
|
|
|
|
*/
|
|
|
|
|
if (IN6_IS_ADDR_V4COMPAT(&ip6->ip6_src) ||
|
|
|
|
|
IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badscope);
|
2000-07-04 16:35:15 +00:00
|
|
|
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_addrerr);
|
|
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2016-12-19 11:02:49 +00:00
|
|
|
/*
|
|
|
|
|
* Try to forward the packet, but if we fail continue.
|
2018-08-14 07:54:14 +00:00
|
|
|
* ip6_tryforward() does not generate redirects, so fall
|
|
|
|
|
* through to normal processing if redirects are required.
|
2016-12-19 11:02:49 +00:00
|
|
|
* ip6_tryforward() does inbound and outbound packet firewall
|
|
|
|
|
* processing. If firewall has decided that destination becomes
|
|
|
|
|
* our local address, it sets M_FASTFWD_OURS flag. In this
|
|
|
|
|
* case skip another inbound firewall processing and update
|
|
|
|
|
* ip6 pointer.
|
|
|
|
|
*/
|
2018-08-14 07:54:14 +00:00
|
|
|
if (V_ip6_forwarding != 0 && V_ip6_sendredirects == 0
|
2017-02-06 08:49:57 +00:00
|
|
|
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
|
|
|
|
|
&& (!IPSEC_ENABLED(ipv6) ||
|
|
|
|
|
IPSEC_CAPS(ipv6, m, IPSEC_CAP_OPERABLE) == 0)
|
2016-12-19 11:02:49 +00:00
|
|
|
#endif
|
|
|
|
|
) {
|
|
|
|
|
if ((m = ip6_tryforward(m)) == NULL)
|
2016-12-12 10:57:32 +00:00
|
|
|
return;
|
2016-12-19 11:02:49 +00:00
|
|
|
if (m->m_flags & M_FASTFWD_OURS) {
|
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
2018-01-29 11:03:29 +00:00
|
|
|
goto passin;
|
2016-12-19 11:02:49 +00:00
|
|
|
}
|
|
|
|
|
}
|
2017-02-06 08:49:57 +00:00
|
|
|
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
|
2011-06-08 10:59:36 +00:00
|
|
|
/*
|
|
|
|
|
* Bypass packet filtering for packets previously handled by IPsec.
|
|
|
|
|
*/
|
2017-02-06 08:49:57 +00:00
|
|
|
if (IPSEC_ENABLED(ipv6) &&
|
|
|
|
|
IPSEC_CAPS(ipv6, m, IPSEC_CAP_BYPASS_FILTER) != 0)
|
|
|
|
|
goto passin;
|
2016-12-19 11:02:49 +00:00
|
|
|
#endif
|
2004-03-02 20:29:55 +00:00
|
|
|
/*
|
|
|
|
|
* Run through list of hooks for input packets.
|
|
|
|
|
*
|
|
|
|
|
* NB: Beware of the destination address changing
|
|
|
|
|
* (e.g. by NAT rewriting). When this happens,
|
|
|
|
|
* tell ip6_forward to do the right thing.
|
|
|
|
|
*/
|
2004-08-27 15:16:24 +00:00
|
|
|
|
|
|
|
|
/* Jump over all PFIL processing if hooks are not active. */
|
New pfil(9) KPI together with newborn pfil API and control utility.
The KPI have been reviewed and cleansed of features that were planned
back 20 years ago and never implemented. The pfil(9) internals have
been made opaque to protocols with only returned types and function
declarations exposed. The KPI is made more strict, but at the same time
more extensible, as kernel uses same command structures that userland
ioctl uses.
In nutshell [KA]PI is about declaring filtering points, declaring
filters and linking and unlinking them together.
New [KA]PI makes it possible to reconfigure pfil(9) configuration:
change order of hooks, rehook filter from one filtering point to a
different one, disconnect a hook on output leaving it on input only,
prepend/append a filter to existing list of filters.
Now it possible for a single packet filter to provide multiple rulesets
that may be linked to different points. Think of per-interface ACLs in
Cisco or Juniper. None of existing packet filters yet support that,
however limited usage is already possible, e.g. default ruleset can
be moved to single interface, as soon as interface would pride their
filtering points.
Another future feature is possiblity to create pfil heads, that provide
not an mbuf pointer but just a memory pointer with length. That would
allow filtering at very early stages of a packet lifecycle, e.g. when
packet has just been received by a NIC and no mbuf was yet allocated.
Differential Revision: https://reviews.freebsd.org/D18951
2019-01-31 23:01:03 +00:00
|
|
|
if (!PFIL_HOOKED_IN(V_inet6_pfil_head))
|
2004-08-27 15:16:24 +00:00
|
|
|
goto passin;
|
|
|
|
|
|
2016-12-19 11:02:49 +00:00
|
|
|
odst = ip6->ip6_dst;
|
2022-09-08 16:01:00 +00:00
|
|
|
if (pfil_mbuf_in(V_inet6_pfil_head, &m, m->m_pkthdr.rcvif,
|
New pfil(9) KPI together with newborn pfil API and control utility.
The KPI have been reviewed and cleansed of features that were planned
back 20 years ago and never implemented. The pfil(9) internals have
been made opaque to protocols with only returned types and function
declarations exposed. The KPI is made more strict, but at the same time
more extensible, as kernel uses same command structures that userland
ioctl uses.
In nutshell [KA]PI is about declaring filtering points, declaring
filters and linking and unlinking them together.
New [KA]PI makes it possible to reconfigure pfil(9) configuration:
change order of hooks, rehook filter from one filtering point to a
different one, disconnect a hook on output leaving it on input only,
prepend/append a filter to existing list of filters.
Now it possible for a single packet filter to provide multiple rulesets
that may be linked to different points. Think of per-interface ACLs in
Cisco or Juniper. None of existing packet filters yet support that,
however limited usage is already possible, e.g. default ruleset can
be moved to single interface, as soon as interface would pride their
filtering points.
Another future feature is possiblity to create pfil heads, that provide
not an mbuf pointer but just a memory pointer with length. That would
allow filtering at very early stages of a packet lifecycle, e.g. when
packet has just been received by a NIC and no mbuf was yet allocated.
Differential Revision: https://reviews.freebsd.org/D18951
2019-01-31 23:01:03 +00:00
|
|
|
NULL) != PFIL_PASS)
|
2004-03-02 20:29:55 +00:00
|
|
|
return;
|
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
|
srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
|
2018-01-29 11:03:29 +00:00
|
|
|
if ((m->m_flags & (M_IP6_NEXTHOP | M_FASTFWD_OURS)) == M_IP6_NEXTHOP &&
|
2012-11-02 01:20:55 +00:00
|
|
|
m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != NULL) {
|
2011-08-20 17:05:11 +00:00
|
|
|
/*
|
|
|
|
|
* Directly ship the packet on. This allows forwarding
|
|
|
|
|
* packets originally destined to us to some other directly
|
|
|
|
|
* connected host.
|
|
|
|
|
*/
|
|
|
|
|
ip6_forward(m, 1);
|
2014-11-08 19:38:34 +00:00
|
|
|
return;
|
2011-08-20 17:05:11 +00:00
|
|
|
}
|
|
|
|
|
|
2004-08-27 15:16:24 +00:00
|
|
|
passin:
|
2006-01-25 08:17:02 +00:00
|
|
|
/*
|
|
|
|
|
* Disambiguate address scope zones (if there is ambiguity).
|
|
|
|
|
* We first make sure that the original source or destination address
|
|
|
|
|
* is not in our internal form for scoped addresses. Such addresses
|
|
|
|
|
* are not necessarily invalid spec-wise, but we cannot accept them due
|
|
|
|
|
* to the usage conflict.
|
|
|
|
|
* in6_setscope() then also checks and rejects the cases where src or
|
|
|
|
|
* dst are the loopback address and the receiving interface
|
|
|
|
|
* is not loopback.
|
|
|
|
|
*/
|
|
|
|
|
if (in6_clearscope(&ip6->ip6_src) || in6_clearscope(&ip6->ip6_dst)) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badscope); /* XXX */
|
2006-01-25 08:17:02 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
2016-12-12 11:26:59 +00:00
|
|
|
if (in6_setscope(&ip6->ip6_src, rcvif, NULL) ||
|
|
|
|
|
in6_setscope(&ip6->ip6_dst, rcvif, NULL)) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badscope);
|
2006-01-25 08:17:02 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
2018-01-29 11:03:29 +00:00
|
|
|
if (m->m_flags & M_FASTFWD_OURS) {
|
|
|
|
|
m->m_flags &= ~M_FASTFWD_OURS;
|
|
|
|
|
ours = 1;
|
|
|
|
|
goto hbhcheck;
|
|
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit:
import from p4 bms_netdev. Summary of changes:
* Connect netinet6/in6_mcast.c to build.
The legacy KAME KPIs are mostly preserved.
* Eliminate now dead code from ip6_output.c.
Don't do mbuf bingo, we are not going to do RFC 2292 style
CMSG tricks for multicast options as they are not required
by any current IPv6 normative reference.
* Refactor transports (UDP, raw_ip6) to do own mcast filtering.
SCTP, TCP unaffected by this change.
* Add ip6_msource, in6_msource structs to in6_var.h.
* Hookup mld_ifinfo state to in6_ifextra, allocate from
domifattach path.
* Eliminate IN6_LOOKUP_MULTI(), it is no longer referenced.
Kernel consumers which need this should use in6m_lookup().
* Refactor IPv6 socket group memberships to use a vector (like IPv4).
* Update ifmcstat(8) for IPv6 SSM.
* Add witness lock order for IN6_MULTI_LOCK.
* Move IN6_MULTI_LOCK out of lower ip6_output()/ip6_input() paths.
* Introduce IP6STAT_ADD/SUB/INC/DEC as per rwatson's IPv4 cleanup.
* Update carp(4) for new IPv6 SSM KPIs.
* Virtualize ip6_mrouter socket.
Changes mostly localized to IPv6 MROUTING.
* Don't do a local group lookup in MROUTING.
* Kill unused KAME prototypes in6_purgemkludge(), in6_restoremkludge().
* Preserve KAME DAD timer jitter behaviour in MLDv1 compatibility mode.
* Bump __FreeBSD_version to 800084.
* Update UPDATING.
NOTE WELL:
* This code hasn't been tested against real MLDv2 queriers
(yet), although the on-wire protocol has been verified in Wireshark.
* There are a few unresolved issues in the socket layer APIs to
do with scope ID propagation.
* There is a LOR present in ip6_output()'s use of
in6_setscope() which needs to be resolved. See comments in mld6.c.
This is believed to be benign and can't be avoided for the moment
without re-introducing an indirect netisr.
This work was mostly derived from the IGMPv3 implementation, and
has been sponsored by a third party.
2009-04-29 19:19:13 +00:00
|
|
|
* Multicast check. Assume packet is for us to avoid
|
|
|
|
|
* prematurely taking locks.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
|
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
|
Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit:
import from p4 bms_netdev. Summary of changes:
* Connect netinet6/in6_mcast.c to build.
The legacy KAME KPIs are mostly preserved.
* Eliminate now dead code from ip6_output.c.
Don't do mbuf bingo, we are not going to do RFC 2292 style
CMSG tricks for multicast options as they are not required
by any current IPv6 normative reference.
* Refactor transports (UDP, raw_ip6) to do own mcast filtering.
SCTP, TCP unaffected by this change.
* Add ip6_msource, in6_msource structs to in6_var.h.
* Hookup mld_ifinfo state to in6_ifextra, allocate from
domifattach path.
* Eliminate IN6_LOOKUP_MULTI(), it is no longer referenced.
Kernel consumers which need this should use in6m_lookup().
* Refactor IPv6 socket group memberships to use a vector (like IPv4).
* Update ifmcstat(8) for IPv6 SSM.
* Add witness lock order for IN6_MULTI_LOCK.
* Move IN6_MULTI_LOCK out of lower ip6_output()/ip6_input() paths.
* Introduce IP6STAT_ADD/SUB/INC/DEC as per rwatson's IPv4 cleanup.
* Update carp(4) for new IPv6 SSM KPIs.
* Virtualize ip6_mrouter socket.
Changes mostly localized to IPv6 MROUTING.
* Don't do a local group lookup in MROUTING.
* Kill unused KAME prototypes in6_purgemkludge(), in6_restoremkludge().
* Preserve KAME DAD timer jitter behaviour in MLDv1 compatibility mode.
* Bump __FreeBSD_version to 800084.
* Update UPDATING.
NOTE WELL:
* This code hasn't been tested against real MLDv2 queriers
(yet), although the on-wire protocol has been verified in Wireshark.
* There are a few unresolved issues in the socket layer APIs to
do with scope ID propagation.
* There is a LOR present in ip6_output()'s use of
in6_setscope() which needs to be resolved. See comments in mld6.c.
This is believed to be benign and can't be avoided for the moment
without re-introducing an indirect netisr.
This work was mostly derived from the IGMPv3 implementation, and
has been sponsored by a third party.
2009-04-29 19:19:13 +00:00
|
|
|
ours = 1;
|
2016-12-12 11:26:59 +00:00
|
|
|
in6_ifstat_inc(rcvif, ifs6_in_mcast);
|
1999-11-22 02:45:11 +00:00
|
|
|
goto hbhcheck;
|
|
|
|
|
}
|
|
|
|
|
/*
|
2014-11-08 19:38:34 +00:00
|
|
|
* Unicast check
|
|
|
|
|
* XXX: For now we keep link-local IPv6 addresses with embedded
|
|
|
|
|
* scope zone id, therefore we use zero zoneid here.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2021-02-15 21:59:21 +00:00
|
|
|
ia = in6ifa_ifwithaddr(&ip6->ip6_dst, 0 /* XXX */, false);
|
2014-11-08 19:38:34 +00:00
|
|
|
if (ia != NULL) {
|
|
|
|
|
if (ia->ia6_flags & IN6_IFF_NOTREADY) {
|
2010-07-21 13:01:21 +00:00
|
|
|
char ip6bufs[INET6_ADDRSTRLEN];
|
|
|
|
|
char ip6bufd[INET6_ADDRSTRLEN];
|
|
|
|
|
/* address is not ready, so discard the packet. */
|
|
|
|
|
nd6log((LOG_INFO,
|
|
|
|
|
"ip6_input: packet to an unready address %s->%s\n",
|
|
|
|
|
ip6_sprintf(ip6bufs, &ip6->ip6_src),
|
|
|
|
|
ip6_sprintf(ip6bufd, &ip6->ip6_dst)));
|
|
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2022-07-10 12:27:23 +00:00
|
|
|
if (V_ip6_sav && !(m->m_flags & M_LOOP) &&
|
2021-11-12 17:01:13 +00:00
|
|
|
__predict_false(in6_localip_fib(&ip6->ip6_src,
|
|
|
|
|
rcvif->if_fib))) {
|
|
|
|
|
IP6STAT_INC(ip6s_badscope); /* XXX */
|
|
|
|
|
goto bad;
|
|
|
|
|
}
|
2014-11-08 19:38:34 +00:00
|
|
|
/* Count the packet in the ip address stats */
|
|
|
|
|
counter_u64_add(ia->ia_ifa.ifa_ipackets, 1);
|
|
|
|
|
counter_u64_add(ia->ia_ifa.ifa_ibytes, m->m_pkthdr.len);
|
|
|
|
|
ours = 1;
|
|
|
|
|
goto hbhcheck;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Now there is no reason to process the packet if it's not our own
|
|
|
|
|
* and we're not a router.
|
|
|
|
|
*/
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
if (!V_ip6_forwarding) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_cantforward);
|
1999-11-22 02:45:11 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
hbhcheck:
|
|
|
|
|
/*
|
|
|
|
|
* Process Hop-by-Hop options header if it's contained.
|
|
|
|
|
* m may be modified in ip6_hopopts_input().
|
|
|
|
|
* If a JumboPayload option is included, plen will also be modified.
|
|
|
|
|
*/
|
|
|
|
|
plen = (u_int32_t)ntohs(ip6->ip6_plen);
|
|
|
|
|
if (ip6->ip6_nxt == IPPROTO_HOPOPTS) {
|
2019-09-19 10:22:29 +00:00
|
|
|
if (ip6_input_hbh(&m, &plen, &rtalert, &off, &nxt, &ours) != 0)
|
2014-11-08 19:38:34 +00:00
|
|
|
return;
|
1999-11-22 02:45:11 +00:00
|
|
|
} else
|
|
|
|
|
nxt = ip6->ip6_nxt;
|
|
|
|
|
|
2015-11-06 23:07:43 +00:00
|
|
|
/*
|
|
|
|
|
* Use mbuf flags to propagate Router Alert option to
|
|
|
|
|
* ICMPv6 layer, as hop-by-hop options have been stripped.
|
|
|
|
|
*/
|
|
|
|
|
if (rtalert != ~0)
|
|
|
|
|
m->m_flags |= M_RTALERT_MLD;
|
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
|
* Check that the amount of data in the buffers
|
|
|
|
|
* is as at least much as the IPv6 header would have us expect.
|
|
|
|
|
* Trim mbufs if longer than we expect.
|
|
|
|
|
* Drop packet if shorter than we expect.
|
|
|
|
|
*/
|
|
|
|
|
if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_tooshort);
|
2016-12-12 11:26:59 +00:00
|
|
|
in6_ifstat_inc(rcvif, ifs6_in_truncated);
|
1999-11-22 02:45:11 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) {
|
|
|
|
|
if (m->m_len == m->m_pkthdr.len) {
|
|
|
|
|
m->m_len = sizeof(struct ip6_hdr) + plen;
|
|
|
|
|
m->m_pkthdr.len = sizeof(struct ip6_hdr) + plen;
|
|
|
|
|
} else
|
|
|
|
|
m_adj(m, sizeof(struct ip6_hdr) + plen - m->m_pkthdr.len);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Forward if desirable.
|
|
|
|
|
*/
|
Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit:
import from p4 bms_netdev. Summary of changes:
* Connect netinet6/in6_mcast.c to build.
The legacy KAME KPIs are mostly preserved.
* Eliminate now dead code from ip6_output.c.
Don't do mbuf bingo, we are not going to do RFC 2292 style
CMSG tricks for multicast options as they are not required
by any current IPv6 normative reference.
* Refactor transports (UDP, raw_ip6) to do own mcast filtering.
SCTP, TCP unaffected by this change.
* Add ip6_msource, in6_msource structs to in6_var.h.
* Hookup mld_ifinfo state to in6_ifextra, allocate from
domifattach path.
* Eliminate IN6_LOOKUP_MULTI(), it is no longer referenced.
Kernel consumers which need this should use in6m_lookup().
* Refactor IPv6 socket group memberships to use a vector (like IPv4).
* Update ifmcstat(8) for IPv6 SSM.
* Add witness lock order for IN6_MULTI_LOCK.
* Move IN6_MULTI_LOCK out of lower ip6_output()/ip6_input() paths.
* Introduce IP6STAT_ADD/SUB/INC/DEC as per rwatson's IPv4 cleanup.
* Update carp(4) for new IPv6 SSM KPIs.
* Virtualize ip6_mrouter socket.
Changes mostly localized to IPv6 MROUTING.
* Don't do a local group lookup in MROUTING.
* Kill unused KAME prototypes in6_purgemkludge(), in6_restoremkludge().
* Preserve KAME DAD timer jitter behaviour in MLDv1 compatibility mode.
* Bump __FreeBSD_version to 800084.
* Update UPDATING.
NOTE WELL:
* This code hasn't been tested against real MLDv2 queriers
(yet), although the on-wire protocol has been verified in Wireshark.
* There are a few unresolved issues in the socket layer APIs to
do with scope ID propagation.
* There is a LOR present in ip6_output()'s use of
in6_setscope() which needs to be resolved. See comments in mld6.c.
This is believed to be benign and can't be avoided for the moment
without re-introducing an indirect netisr.
This work was mostly derived from the IGMPv3 implementation, and
has been sponsored by a third party.
2009-04-29 19:19:13 +00:00
|
|
|
if (V_ip6_mrouter &&
|
|
|
|
|
IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
|
2000-01-28 05:27:14 +00:00
|
|
|
/*
|
|
|
|
|
* If we are acting as a multicast router, all
|
|
|
|
|
* incoming multicast packets are passed to the
|
|
|
|
|
* kernel-level multicast forwarding function.
|
|
|
|
|
* The packet is returned (relatively) intact; if
|
|
|
|
|
* ip6_mforward() returns a non-zero value, the packet
|
|
|
|
|
* must be discarded, else it may be accepted below.
|
Merge final round of MLD changes from p4:
ip6_input.c, in6.h:
* Add netinet6-specific mbuf flag M_RTALERT_MLD, shadowing M_PROTO6.
* Always set this flag if HBH Router Alert option is present for MLD,
even when not forwarding.
icmp6.c:
* In icmp6_input(), spell m->m_pkthdr.rcvif as ifp to be consistent.
* Use scope ID for verifying input. Do not apply SSM filters here, no inpcb.
* Check for M_RTALERT_MLD when validating MLD traffic, as we can't see
IPv6 hop options outside of ip6_input().
in6_mcast.c:
* Use KAME scope/zone ID in in6_multi.
* Update net.inet6.ip6.mcast.filters implementation to use scope IDs
for comparisons.
* Fix scope ID treatment in multicast socket option processing.
Scope IDs passed in from userland will be ignored as other less
ambiguous APIs exist for specifying the link.
* Tighten userland input checks in IPv6 SSM delta and full-state ops.
* Source filter embedded scope IDs need to be revisited, for now
just clear them and ignore them on input.
* Adapt KAME behaviour of looking up the scope ID in the default zone
for multicast leaves, when the interface is ambiguous.
mld6.c:
* Tighten origin checks on MLD traffic as per RFC3810 Section 6.2:
* ip6_src MAY be the unspecified address for MLDv1 reports.
* ip6_src MAY have link-local address scope for MLDv1 reports,
MLDv1 queries, and MLDv2 queries.
* Perform address field validation *before* accepting queries.
* Use KAME scope/zone ID in query/report processing.
* Break const correctness for mld_v1_input_report(), mld_v1_input_query()
as we temporarily modify the input mbuf chain.
* Clear the scope ID before handoff to userland MLD daemon.
* Fix MLDv1 old querier present timer processing.
With the protocol defaults, hosts should revert to MLDv2 after 260s.
* Add net.inet6.mld.v1enable sysctl, default to on.
ifmcstat.c:
* Use sysctl by default; -K requests kvm(3) if so compiled.
mld.4:
* Connect man page to build.
Tested using PCS.
2009-05-27 18:57:13 +00:00
|
|
|
*
|
|
|
|
|
* XXX TODO: Check hlim and multicast scope here to avoid
|
|
|
|
|
* unnecessarily calling into ip6_mforward().
|
2000-01-28 05:27:14 +00:00
|
|
|
*/
|
2016-12-12 11:26:59 +00:00
|
|
|
if (ip6_mforward && ip6_mforward(ip6, rcvif, m)) {
|
Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit:
import from p4 bms_netdev. Summary of changes:
* Connect netinet6/in6_mcast.c to build.
The legacy KAME KPIs are mostly preserved.
* Eliminate now dead code from ip6_output.c.
Don't do mbuf bingo, we are not going to do RFC 2292 style
CMSG tricks for multicast options as they are not required
by any current IPv6 normative reference.
* Refactor transports (UDP, raw_ip6) to do own mcast filtering.
SCTP, TCP unaffected by this change.
* Add ip6_msource, in6_msource structs to in6_var.h.
* Hookup mld_ifinfo state to in6_ifextra, allocate from
domifattach path.
* Eliminate IN6_LOOKUP_MULTI(), it is no longer referenced.
Kernel consumers which need this should use in6m_lookup().
* Refactor IPv6 socket group memberships to use a vector (like IPv4).
* Update ifmcstat(8) for IPv6 SSM.
* Add witness lock order for IN6_MULTI_LOCK.
* Move IN6_MULTI_LOCK out of lower ip6_output()/ip6_input() paths.
* Introduce IP6STAT_ADD/SUB/INC/DEC as per rwatson's IPv4 cleanup.
* Update carp(4) for new IPv6 SSM KPIs.
* Virtualize ip6_mrouter socket.
Changes mostly localized to IPv6 MROUTING.
* Don't do a local group lookup in MROUTING.
* Kill unused KAME prototypes in6_purgemkludge(), in6_restoremkludge().
* Preserve KAME DAD timer jitter behaviour in MLDv1 compatibility mode.
* Bump __FreeBSD_version to 800084.
* Update UPDATING.
NOTE WELL:
* This code hasn't been tested against real MLDv2 queriers
(yet), although the on-wire protocol has been verified in Wireshark.
* There are a few unresolved issues in the socket layer APIs to
do with scope ID propagation.
* There is a LOR present in ip6_output()'s use of
in6_setscope() which needs to be resolved. See comments in mld6.c.
This is believed to be benign and can't be avoided for the moment
without re-introducing an indirect netisr.
This work was mostly derived from the IGMPv3 implementation, and
has been sponsored by a third party.
2009-04-29 19:19:13 +00:00
|
|
|
IP6STAT_INC(ip6s_cantforward);
|
2009-02-01 21:11:08 +00:00
|
|
|
goto bad;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
} else if (!ours) {
|
2003-10-16 18:57:45 +00:00
|
|
|
ip6_forward(m, srcrt);
|
2014-11-08 19:38:34 +00:00
|
|
|
return;
|
2003-10-29 12:49:12 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
/*
|
|
|
|
|
* Tell launch routine the next header
|
|
|
|
|
*/
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_delivered);
|
2016-12-12 11:26:59 +00:00
|
|
|
in6_ifstat_inc(rcvif, ifs6_in_deliver);
|
1999-11-22 02:45:11 +00:00
|
|
|
nest = 0;
|
2001-06-11 12:39:29 +00:00
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
while (nxt != IPPROTO_DONE) {
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
if (V_ip6_hdrnestlimit && (++nest > V_ip6_hdrnestlimit)) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_toomanyhdr);
|
1999-11-22 02:45:11 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* protection against faulty packet - there should be
|
|
|
|
|
* more sanity checks in header chain processing.
|
|
|
|
|
*/
|
|
|
|
|
if (m->m_pkthdr.len < off) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_tooshort);
|
2016-12-12 11:26:59 +00:00
|
|
|
in6_ifstat_inc(rcvif, ifs6_in_truncated);
|
1999-11-22 02:45:11 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-06 08:49:57 +00:00
|
|
|
#if defined(IPSEC) || defined(IPSEC_SUPPORT)
|
|
|
|
|
if (IPSEC_ENABLED(ipv6)) {
|
|
|
|
|
if (IPSEC_INPUT(ipv6, m, off, nxt) != 0)
|
|
|
|
|
return;
|
|
|
|
|
}
|
2007-07-03 12:13:45 +00:00
|
|
|
#endif /* IPSEC */
|
Merge final round of MLD changes from p4:
ip6_input.c, in6.h:
* Add netinet6-specific mbuf flag M_RTALERT_MLD, shadowing M_PROTO6.
* Always set this flag if HBH Router Alert option is present for MLD,
even when not forwarding.
icmp6.c:
* In icmp6_input(), spell m->m_pkthdr.rcvif as ifp to be consistent.
* Use scope ID for verifying input. Do not apply SSM filters here, no inpcb.
* Check for M_RTALERT_MLD when validating MLD traffic, as we can't see
IPv6 hop options outside of ip6_input().
in6_mcast.c:
* Use KAME scope/zone ID in in6_multi.
* Update net.inet6.ip6.mcast.filters implementation to use scope IDs
for comparisons.
* Fix scope ID treatment in multicast socket option processing.
Scope IDs passed in from userland will be ignored as other less
ambiguous APIs exist for specifying the link.
* Tighten userland input checks in IPv6 SSM delta and full-state ops.
* Source filter embedded scope IDs need to be revisited, for now
just clear them and ignore them on input.
* Adapt KAME behaviour of looking up the scope ID in the default zone
for multicast leaves, when the interface is ambiguous.
mld6.c:
* Tighten origin checks on MLD traffic as per RFC3810 Section 6.2:
* ip6_src MAY be the unspecified address for MLDv1 reports.
* ip6_src MAY have link-local address scope for MLDv1 reports,
MLDv1 queries, and MLDv2 queries.
* Perform address field validation *before* accepting queries.
* Use KAME scope/zone ID in query/report processing.
* Break const correctness for mld_v1_input_report(), mld_v1_input_query()
as we temporarily modify the input mbuf chain.
* Clear the scope ID before handoff to userland MLD daemon.
* Fix MLDv1 old querier present timer processing.
With the protocol defaults, hosts should revert to MLDv2 after 260s.
* Add net.inet6.mld.v1enable sysctl, default to on.
ifmcstat.c:
* Use sysctl by default; -K requests kvm(3) if so compiled.
mld.4:
* Connect man page to build.
Tested using PCS.
2009-05-27 18:57:13 +00:00
|
|
|
|
2022-08-17 18:50:31 +00:00
|
|
|
nxt = ip6_protox[nxt](&m, &off, nxt);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2014-11-08 19:38:34 +00:00
|
|
|
return;
|
2009-02-01 21:11:08 +00:00
|
|
|
bad:
|
2016-12-12 11:26:59 +00:00
|
|
|
in6_ifstat_inc(rcvif, ifs6_in_discard);
|
|
|
|
|
if (m != NULL)
|
|
|
|
|
m_freem(m);
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
|
* Hop-by-Hop options header processing. If a valid jumbo payload option is
|
|
|
|
|
* included, the real payload length will be stored in plenp.
|
2007-07-05 16:23:49 +00:00
|
|
|
*
|
|
|
|
|
* rtalertp - XXX: should be stored more smart way
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
|
static int
|
2007-07-05 16:23:49 +00:00
|
|
|
ip6_hopopts_input(u_int32_t *plenp, u_int32_t *rtalertp,
|
|
|
|
|
struct mbuf **mp, int *offp)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
2001-06-11 12:39:29 +00:00
|
|
|
struct mbuf *m = *mp;
|
1999-11-22 02:45:11 +00:00
|
|
|
int off = *offp, hbhlen;
|
|
|
|
|
struct ip6_hbh *hbh;
|
|
|
|
|
|
|
|
|
|
/* validation of the length of the header */
|
2019-12-01 00:22:04 +00:00
|
|
|
if (m->m_len < off + sizeof(*hbh)) {
|
|
|
|
|
m = m_pullup(m, off + sizeof(*hbh));
|
|
|
|
|
if (m == NULL) {
|
|
|
|
|
IP6STAT_INC(ip6s_exthdrtoolong);
|
|
|
|
|
*mp = NULL;
|
|
|
|
|
return (-1);
|
|
|
|
|
}
|
2019-11-15 21:40:40 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
hbh = (struct ip6_hbh *)(mtod(m, caddr_t) + off);
|
|
|
|
|
hbhlen = (hbh->ip6h_len + 1) << 3;
|
|
|
|
|
|
2019-12-01 00:22:04 +00:00
|
|
|
if (m->m_len < off + hbhlen) {
|
|
|
|
|
m = m_pullup(m, off + hbhlen);
|
|
|
|
|
if (m == NULL) {
|
|
|
|
|
IP6STAT_INC(ip6s_exthdrtoolong);
|
|
|
|
|
*mp = NULL;
|
|
|
|
|
return (-1);
|
|
|
|
|
}
|
2000-07-04 16:35:15 +00:00
|
|
|
}
|
2019-11-15 21:40:40 +00:00
|
|
|
hbh = (struct ip6_hbh *)(mtod(m, caddr_t) + off);
|
1999-11-22 02:45:11 +00:00
|
|
|
off += hbhlen;
|
|
|
|
|
hbhlen -= sizeof(struct ip6_hbh);
|
|
|
|
|
if (ip6_process_hopopts(m, (u_int8_t *)hbh + sizeof(struct ip6_hbh),
|
2019-11-12 15:46:28 +00:00
|
|
|
hbhlen, rtalertp, plenp) < 0) {
|
|
|
|
|
*mp = NULL;
|
2003-10-06 14:02:09 +00:00
|
|
|
return (-1);
|
2019-11-12 15:46:28 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
|
*offp = off;
|
|
|
|
|
*mp = m;
|
2003-10-06 14:02:09 +00:00
|
|
|
return (0);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Search header for all Hop-by-hop options and process each option.
|
|
|
|
|
* This function is separate from ip6_hopopts_input() in order to
|
|
|
|
|
* handle a case where the sending node itself process its hop-by-hop
|
|
|
|
|
* options header. In such a case, the function is called from ip6_output().
|
2001-06-11 12:39:29 +00:00
|
|
|
*
|
|
|
|
|
* The function assumes that hbh header is located right after the IPv6 header
|
|
|
|
|
* (RFC2460 p7), opthead is pointer into data content in m, and opthead to
|
2010-11-27 21:51:39 +00:00
|
|
|
* opthead + hbhlen is located in contiguous memory region.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
|
int
|
2007-07-05 16:23:49 +00:00
|
|
|
ip6_process_hopopts(struct mbuf *m, u_int8_t *opthead, int hbhlen,
|
|
|
|
|
u_int32_t *rtalertp, u_int32_t *plenp)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
|
struct ip6_hdr *ip6;
|
|
|
|
|
int optlen = 0;
|
|
|
|
|
u_int8_t *opt = opthead;
|
|
|
|
|
u_int16_t rtalert_val;
|
2000-07-04 16:35:15 +00:00
|
|
|
u_int32_t jumboplen;
|
2001-06-11 12:39:29 +00:00
|
|
|
const int erroff = sizeof(struct ip6_hdr) + sizeof(struct ip6_hbh);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
|
for (; hbhlen > 0; hbhlen -= optlen, opt += optlen) {
|
2001-06-11 12:39:29 +00:00
|
|
|
switch (*opt) {
|
|
|
|
|
case IP6OPT_PAD1:
|
|
|
|
|
optlen = 1;
|
|
|
|
|
break;
|
|
|
|
|
case IP6OPT_PADN:
|
|
|
|
|
if (hbhlen < IP6OPT_MINLEN) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_toosmall);
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
optlen = *(opt + 1) + 2;
|
|
|
|
|
break;
|
2003-10-24 18:26:30 +00:00
|
|
|
case IP6OPT_ROUTER_ALERT:
|
2001-06-11 12:39:29 +00:00
|
|
|
/* XXX may need check for alignment */
|
|
|
|
|
if (hbhlen < IP6OPT_RTALERT_LEN) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_toosmall);
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
if (*(opt + 1) != IP6OPT_RTALERT_LEN - 2) {
|
|
|
|
|
/* XXX stat */
|
|
|
|
|
icmp6_error(m, ICMP6_PARAM_PROB,
|
2003-10-08 18:26:08 +00:00
|
|
|
ICMP6_PARAMPROB_HEADER,
|
|
|
|
|
erroff + opt + 1 - opthead);
|
2003-10-06 14:02:09 +00:00
|
|
|
return (-1);
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
|
|
|
|
optlen = IP6OPT_RTALERT_LEN;
|
|
|
|
|
bcopy((caddr_t)(opt + 2), (caddr_t)&rtalert_val, 2);
|
|
|
|
|
*rtalertp = ntohs(rtalert_val);
|
|
|
|
|
break;
|
|
|
|
|
case IP6OPT_JUMBO:
|
2000-07-04 16:35:15 +00:00
|
|
|
/* XXX may need check for alignment */
|
|
|
|
|
if (hbhlen < IP6OPT_JUMBO_LEN) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_toosmall);
|
2000-07-04 16:35:15 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
2001-06-11 12:39:29 +00:00
|
|
|
if (*(opt + 1) != IP6OPT_JUMBO_LEN - 2) {
|
|
|
|
|
/* XXX stat */
|
|
|
|
|
icmp6_error(m, ICMP6_PARAM_PROB,
|
2003-10-08 18:26:08 +00:00
|
|
|
ICMP6_PARAMPROB_HEADER,
|
|
|
|
|
erroff + opt + 1 - opthead);
|
2003-10-06 14:02:09 +00:00
|
|
|
return (-1);
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
2000-07-04 16:35:15 +00:00
|
|
|
optlen = IP6OPT_JUMBO_LEN;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
/*
|
|
|
|
|
* IPv6 packets that have non 0 payload length
|
2001-06-11 12:39:29 +00:00
|
|
|
* must not contain a jumbo payload option.
|
2000-07-04 16:35:15 +00:00
|
|
|
*/
|
|
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
|
if (ip6->ip6_plen) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badoptions);
|
2000-07-04 16:35:15 +00:00
|
|
|
icmp6_error(m, ICMP6_PARAM_PROB,
|
2003-10-08 18:26:08 +00:00
|
|
|
ICMP6_PARAMPROB_HEADER,
|
|
|
|
|
erroff + opt - opthead);
|
2003-10-06 14:02:09 +00:00
|
|
|
return (-1);
|
2000-07-04 16:35:15 +00:00
|
|
|
}
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
/*
|
|
|
|
|
* We may see jumbolen in unaligned location, so
|
|
|
|
|
* we'd need to perform bcopy().
|
|
|
|
|
*/
|
|
|
|
|
bcopy(opt + 2, &jumboplen, sizeof(jumboplen));
|
|
|
|
|
jumboplen = (u_int32_t)htonl(jumboplen);
|
|
|
|
|
|
|
|
|
|
#if 1
|
|
|
|
|
/*
|
|
|
|
|
* if there are multiple jumbo payload options,
|
|
|
|
|
* *plenp will be non-zero and the packet will be
|
|
|
|
|
* rejected.
|
|
|
|
|
* the behavior may need some debate in ipngwg -
|
|
|
|
|
* multiple options does not make sense, however,
|
|
|
|
|
* there's no explicit mention in specification.
|
|
|
|
|
*/
|
|
|
|
|
if (*plenp != 0) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badoptions);
|
2000-07-04 16:35:15 +00:00
|
|
|
icmp6_error(m, ICMP6_PARAM_PROB,
|
2003-10-08 18:26:08 +00:00
|
|
|
ICMP6_PARAMPROB_HEADER,
|
|
|
|
|
erroff + opt + 2 - opthead);
|
2003-10-06 14:02:09 +00:00
|
|
|
return (-1);
|
2000-07-04 16:35:15 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* jumbo payload length must be larger than 65535.
|
|
|
|
|
*/
|
|
|
|
|
if (jumboplen <= IPV6_MAXPACKET) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badoptions);
|
2000-07-04 16:35:15 +00:00
|
|
|
icmp6_error(m, ICMP6_PARAM_PROB,
|
2003-10-08 18:26:08 +00:00
|
|
|
ICMP6_PARAMPROB_HEADER,
|
|
|
|
|
erroff + opt + 2 - opthead);
|
2003-10-06 14:02:09 +00:00
|
|
|
return (-1);
|
2000-07-04 16:35:15 +00:00
|
|
|
}
|
|
|
|
|
*plenp = jumboplen;
|
|
|
|
|
|
|
|
|
|
break;
|
2001-06-11 12:39:29 +00:00
|
|
|
default: /* unknown option */
|
|
|
|
|
if (hbhlen < IP6OPT_MINLEN) {
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_toosmall);
|
2001-06-11 12:39:29 +00:00
|
|
|
goto bad;
|
|
|
|
|
}
|
|
|
|
|
optlen = ip6_unknown_opt(opt, m,
|
|
|
|
|
erroff + opt - opthead);
|
|
|
|
|
if (optlen == -1)
|
2003-10-06 14:02:09 +00:00
|
|
|
return (-1);
|
2001-06-11 12:39:29 +00:00
|
|
|
optlen += 2;
|
|
|
|
|
break;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2003-10-06 14:02:09 +00:00
|
|
|
return (0);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
|
bad:
|
|
|
|
|
m_freem(m);
|
2003-10-06 14:02:09 +00:00
|
|
|
return (-1);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Unknown option processing.
|
|
|
|
|
* The third argument `off' is the offset from the IPv6 header to the option,
|
|
|
|
|
* which is necessary if the IPv6 header the and option header and IPv6 header
|
2010-11-27 21:51:39 +00:00
|
|
|
* is not contiguous in order to return an ICMPv6 error.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
|
int
|
2007-07-05 16:23:49 +00:00
|
|
|
ip6_unknown_opt(u_int8_t *optp, struct mbuf *m, int off)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
|
|
|
|
struct ip6_hdr *ip6;
|
|
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
switch (IP6OPT_TYPE(*optp)) {
|
|
|
|
|
case IP6OPT_TYPE_SKIP: /* ignore the option */
|
2003-10-06 14:02:09 +00:00
|
|
|
return ((int)*(optp + 1));
|
2001-06-11 12:39:29 +00:00
|
|
|
case IP6OPT_TYPE_DISCARD: /* silently discard */
|
|
|
|
|
m_freem(m);
|
2003-10-06 14:02:09 +00:00
|
|
|
return (-1);
|
2001-06-11 12:39:29 +00:00
|
|
|
case IP6OPT_TYPE_FORCEICMP: /* send ICMP even if multicasted */
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badoptions);
|
2001-06-11 12:39:29 +00:00
|
|
|
icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_OPTION, off);
|
2003-10-06 14:02:09 +00:00
|
|
|
return (-1);
|
2001-06-11 12:39:29 +00:00
|
|
|
case IP6OPT_TYPE_ICMP: /* send ICMP if not multicasted */
|
2013-04-09 07:11:22 +00:00
|
|
|
IP6STAT_INC(ip6s_badoptions);
|
2001-06-11 12:39:29 +00:00
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
|
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
|
|
|
|
|
(m->m_flags & (M_BCAST|M_MCAST)))
|
|
|
|
|
m_freem(m);
|
|
|
|
|
else
|
|
|
|
|
icmp6_error(m, ICMP6_PARAM_PROB,
|
|
|
|
|
ICMP6_PARAMPROB_OPTION, off);
|
2003-10-06 14:02:09 +00:00
|
|
|
return (-1);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m_freem(m); /* XXX: NOTREACHED */
|
2003-10-06 14:02:09 +00:00
|
|
|
return (-1);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2000-07-04 16:35:15 +00:00
|
|
|
* Create the "control" list for this pcb.
|
2008-05-24 15:20:48 +00:00
|
|
|
* These functions will not modify mbuf chain at all.
|
2000-07-04 16:35:15 +00:00
|
|
|
*
|
|
|
|
|
* The routine will be called from upper layer handlers like tcp6_input().
|
|
|
|
|
* Thus the routine assumes that the caller (tcp6_input) have already
|
2019-11-15 21:40:40 +00:00
|
|
|
* called m_pullup() and all the extension headers are located in the
|
2000-07-04 16:35:15 +00:00
|
|
|
* very first mbuf on the mbuf chain.
|
2008-05-24 15:20:48 +00:00
|
|
|
*
|
|
|
|
|
* ip6_savecontrol_v4 will handle those options that are possible to be
|
|
|
|
|
* set on a v4-mapped socket.
|
|
|
|
|
* ip6_savecontrol will directly call ip6_savecontrol_v4 to handle those
|
|
|
|
|
* options and handle the v6-only ones itself.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2008-08-16 06:39:18 +00:00
|
|
|
struct mbuf **
|
|
|
|
|
ip6_savecontrol_v4(struct inpcb *inp, struct mbuf *m, struct mbuf **mp,
|
|
|
|
|
int *v4only)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
2003-10-29 12:52:28 +00:00
|
|
|
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
#ifdef SO_TIMESTAMP
|
2008-05-24 15:20:48 +00:00
|
|
|
if ((inp->inp_socket->so_options & SO_TIMESTAMP) != 0) {
|
2017-01-16 17:46:38 +00:00
|
|
|
union {
|
|
|
|
|
struct timeval tv;
|
|
|
|
|
struct bintime bt;
|
|
|
|
|
struct timespec ts;
|
|
|
|
|
} t;
|
2017-11-07 09:46:26 +00:00
|
|
|
struct bintime boottimebin, bt1;
|
|
|
|
|
struct timespec ts1;
|
|
|
|
|
bool stamped;
|
2017-01-16 17:46:38 +00:00
|
|
|
|
2017-11-07 09:46:26 +00:00
|
|
|
stamped = false;
|
2017-01-16 17:46:38 +00:00
|
|
|
switch (inp->inp_socket->so_ts_clock) {
|
|
|
|
|
case SO_TS_REALTIME_MICRO:
|
2017-11-07 09:46:26 +00:00
|
|
|
if ((m->m_flags & (M_PKTHDR | M_TSTMP)) == (M_PKTHDR |
|
|
|
|
|
M_TSTMP)) {
|
|
|
|
|
mbuf_tstmp2timespec(m, &ts1);
|
|
|
|
|
timespec2bintime(&ts1, &bt1);
|
|
|
|
|
getboottimebin(&boottimebin);
|
|
|
|
|
bintime_add(&bt1, &boottimebin);
|
|
|
|
|
bintime2timeval(&bt1, &t.tv);
|
|
|
|
|
} else {
|
|
|
|
|
microtime(&t.tv);
|
|
|
|
|
}
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(&t.tv, sizeof(t.tv),
|
|
|
|
|
SCM_TIMESTAMP, SOL_SOCKET, M_NOWAIT);
|
2017-11-07 09:46:26 +00:00
|
|
|
if (*mp != NULL) {
|
2017-01-16 17:46:38 +00:00
|
|
|
mp = &(*mp)->m_next;
|
2017-11-07 09:46:26 +00:00
|
|
|
stamped = true;
|
|
|
|
|
}
|
2017-01-16 17:46:38 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case SO_TS_BINTIME:
|
2017-11-07 09:46:26 +00:00
|
|
|
if ((m->m_flags & (M_PKTHDR | M_TSTMP)) == (M_PKTHDR |
|
|
|
|
|
M_TSTMP)) {
|
|
|
|
|
mbuf_tstmp2timespec(m, &ts1);
|
|
|
|
|
timespec2bintime(&ts1, &t.bt);
|
|
|
|
|
getboottimebin(&boottimebin);
|
|
|
|
|
bintime_add(&t.bt, &boottimebin);
|
|
|
|
|
} else {
|
|
|
|
|
bintime(&t.bt);
|
|
|
|
|
}
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(&t.bt, sizeof(t.bt), SCM_BINTIME,
|
|
|
|
|
SOL_SOCKET, M_NOWAIT);
|
2017-11-07 09:46:26 +00:00
|
|
|
if (*mp != NULL) {
|
2017-01-16 17:46:38 +00:00
|
|
|
mp = &(*mp)->m_next;
|
2017-11-07 09:46:26 +00:00
|
|
|
stamped = true;
|
|
|
|
|
}
|
2017-01-16 17:46:38 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case SO_TS_REALTIME:
|
2017-11-07 09:46:26 +00:00
|
|
|
if ((m->m_flags & (M_PKTHDR | M_TSTMP)) == (M_PKTHDR |
|
|
|
|
|
M_TSTMP)) {
|
|
|
|
|
mbuf_tstmp2timespec(m, &t.ts);
|
|
|
|
|
getboottimebin(&boottimebin);
|
|
|
|
|
bintime2timespec(&boottimebin, &ts1);
|
Make timespecadd(3) and friends public
The timespecadd(3) family of macros were imported from NetBSD back in
r35029. However, they were initially guarded by #ifdef _KERNEL. In the
meantime, we have grown at least 28 syscalls that use timespecs in some
way, leading many programs both inside and outside of the base system to
redefine those macros. It's better just to make the definitions public.
Our kernel currently defines two-argument versions of timespecadd and
timespecsub. NetBSD, OpenBSD, and FreeDesktop.org's libbsd, however, define
three-argument versions. Solaris also defines a three-argument version, but
only in its kernel. This revision changes our definition to match the
common three-argument version.
Bump _FreeBSD_version due to the breaking KPI change.
Discussed with: cem, jilles, ian, bde
Differential Revision: https://reviews.freebsd.org/D14725
2018-07-30 15:46:40 +00:00
|
|
|
timespecadd(&t.ts, &ts1, &t.ts);
|
2017-11-07 09:46:26 +00:00
|
|
|
} else {
|
|
|
|
|
nanotime(&t.ts);
|
|
|
|
|
}
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(&t.ts, sizeof(t.ts),
|
|
|
|
|
SCM_REALTIME, SOL_SOCKET, M_NOWAIT);
|
2017-11-07 09:46:26 +00:00
|
|
|
if (*mp != NULL) {
|
2017-01-16 17:46:38 +00:00
|
|
|
mp = &(*mp)->m_next;
|
2017-11-07 09:46:26 +00:00
|
|
|
stamped = true;
|
|
|
|
|
}
|
2017-01-16 17:46:38 +00:00
|
|
|
break;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2017-01-16 17:46:38 +00:00
|
|
|
case SO_TS_MONOTONIC:
|
2017-11-07 09:46:26 +00:00
|
|
|
if ((m->m_flags & (M_PKTHDR | M_TSTMP)) == (M_PKTHDR |
|
|
|
|
|
M_TSTMP))
|
|
|
|
|
mbuf_tstmp2timespec(m, &t.ts);
|
|
|
|
|
else
|
|
|
|
|
nanouptime(&t.ts);
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(&t.ts, sizeof(t.ts),
|
|
|
|
|
SCM_MONOTONIC, SOL_SOCKET, M_NOWAIT);
|
2017-11-07 09:46:26 +00:00
|
|
|
if (*mp != NULL) {
|
2017-01-16 17:46:38 +00:00
|
|
|
mp = &(*mp)->m_next;
|
2017-11-07 09:46:26 +00:00
|
|
|
stamped = true;
|
|
|
|
|
}
|
2017-01-16 17:46:38 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
panic("unknown (corrupted) so_ts_clock");
|
|
|
|
|
}
|
2017-11-07 09:46:26 +00:00
|
|
|
if (stamped && (m->m_flags & (M_PKTHDR | M_TSTMP)) ==
|
|
|
|
|
(M_PKTHDR | M_TSTMP)) {
|
|
|
|
|
struct sock_timestamp_info sti;
|
|
|
|
|
|
|
|
|
|
bzero(&sti, sizeof(sti));
|
|
|
|
|
sti.st_info_flags = ST_INFO_HW;
|
|
|
|
|
if ((m->m_flags & M_TSTMP_HPREC) != 0)
|
|
|
|
|
sti.st_info_flags |= ST_INFO_HW_HPREC;
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(&sti, sizeof(sti), SCM_TIME_INFO,
|
|
|
|
|
SOL_SOCKET, M_NOWAIT);
|
2017-11-07 09:46:26 +00:00
|
|
|
if (*mp != NULL)
|
|
|
|
|
mp = &(*mp)->m_next;
|
|
|
|
|
}
|
2002-05-31 11:52:35 +00:00
|
|
|
}
|
2000-07-04 16:35:15 +00:00
|
|
|
#endif
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2008-05-24 15:20:48 +00:00
|
|
|
#define IS2292(inp, x, y) (((inp)->inp_flags & IN6P_RFC2292) ? (x) : (y))
|
1999-11-22 02:45:11 +00:00
|
|
|
/* RFC 2292 sec. 5 */
|
2008-05-24 15:20:48 +00:00
|
|
|
if ((inp->inp_flags & IN6P_PKTINFO) != 0) {
|
1999-11-22 02:45:11 +00:00
|
|
|
struct in6_pktinfo pi6;
|
2003-10-08 18:26:08 +00:00
|
|
|
|
2012-06-12 13:57:56 +00:00
|
|
|
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
|
|
|
|
|
#ifdef INET
|
|
|
|
|
struct ip *ip;
|
|
|
|
|
|
|
|
|
|
ip = mtod(m, struct ip *);
|
|
|
|
|
pi6.ipi6_addr.s6_addr32[0] = 0;
|
|
|
|
|
pi6.ipi6_addr.s6_addr32[1] = 0;
|
|
|
|
|
pi6.ipi6_addr.s6_addr32[2] = IPV6_ADDR_INT32_SMP;
|
|
|
|
|
pi6.ipi6_addr.s6_addr32[3] = ip->ip_dst.s_addr;
|
|
|
|
|
#else
|
|
|
|
|
/* We won't hit this code */
|
|
|
|
|
bzero(&pi6.ipi6_addr, sizeof(struct in6_addr));
|
|
|
|
|
#endif
|
|
|
|
|
} else {
|
|
|
|
|
bcopy(&ip6->ip6_dst, &pi6.ipi6_addr, sizeof(struct in6_addr));
|
|
|
|
|
in6_clearscope(&pi6.ipi6_addr); /* XXX */
|
|
|
|
|
}
|
2003-10-08 18:26:08 +00:00
|
|
|
pi6.ipi6_ifindex =
|
|
|
|
|
(m && m->m_pkthdr.rcvif) ? m->m_pkthdr.rcvif->if_index : 0;
|
|
|
|
|
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(&pi6, sizeof(struct in6_pktinfo),
|
|
|
|
|
IS2292(inp, IPV6_2292PKTINFO, IPV6_PKTINFO), IPPROTO_IPV6,
|
|
|
|
|
M_NOWAIT);
|
2003-10-24 18:26:30 +00:00
|
|
|
if (*mp)
|
1999-11-22 02:45:11 +00:00
|
|
|
mp = &(*mp)->m_next;
|
|
|
|
|
}
|
2001-06-11 12:39:29 +00:00
|
|
|
|
2008-05-24 15:20:48 +00:00
|
|
|
if ((inp->inp_flags & IN6P_HOPLIMIT) != 0) {
|
2012-06-12 13:57:56 +00:00
|
|
|
int hlim;
|
|
|
|
|
|
|
|
|
|
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
|
|
|
|
|
#ifdef INET
|
|
|
|
|
struct ip *ip;
|
2003-10-08 18:26:08 +00:00
|
|
|
|
2012-06-12 13:57:56 +00:00
|
|
|
ip = mtod(m, struct ip *);
|
|
|
|
|
hlim = ip->ip_ttl;
|
|
|
|
|
#else
|
|
|
|
|
/* We won't hit this code */
|
|
|
|
|
hlim = 0;
|
|
|
|
|
#endif
|
|
|
|
|
} else {
|
|
|
|
|
hlim = ip6->ip6_hlim & 0xff;
|
|
|
|
|
}
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(&hlim, sizeof(int),
|
2008-05-24 15:20:48 +00:00
|
|
|
IS2292(inp, IPV6_2292HOPLIMIT, IPV6_HOPLIMIT),
|
2022-05-17 17:10:42 +00:00
|
|
|
IPPROTO_IPV6, M_NOWAIT);
|
2003-10-24 18:26:30 +00:00
|
|
|
if (*mp)
|
|
|
|
|
mp = &(*mp)->m_next;
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-12 13:57:56 +00:00
|
|
|
if ((inp->inp_flags & IN6P_TCLASS) != 0) {
|
|
|
|
|
int tclass;
|
|
|
|
|
|
|
|
|
|
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
|
|
|
|
|
#ifdef INET
|
|
|
|
|
struct ip *ip;
|
|
|
|
|
|
|
|
|
|
ip = mtod(m, struct ip *);
|
|
|
|
|
tclass = ip->ip_tos;
|
|
|
|
|
#else
|
|
|
|
|
/* We won't hit this code */
|
|
|
|
|
tclass = 0;
|
|
|
|
|
#endif
|
|
|
|
|
} else {
|
|
|
|
|
u_int32_t flowinfo;
|
|
|
|
|
|
|
|
|
|
flowinfo = (u_int32_t)ntohl(ip6->ip6_flow & IPV6_FLOWINFO_MASK);
|
|
|
|
|
flowinfo >>= 20;
|
|
|
|
|
tclass = flowinfo & 0xff;
|
|
|
|
|
}
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(&tclass, sizeof(int), IPV6_TCLASS,
|
|
|
|
|
IPPROTO_IPV6, M_NOWAIT);
|
2012-06-12 13:57:56 +00:00
|
|
|
if (*mp)
|
|
|
|
|
mp = &(*mp)->m_next;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (v4only != NULL) {
|
|
|
|
|
if ((ip6->ip6_vfc & IPV6_VERSION_MASK) != IPV6_VERSION) {
|
|
|
|
|
*v4only = 1;
|
|
|
|
|
} else {
|
|
|
|
|
*v4only = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2008-08-16 06:39:18 +00:00
|
|
|
return (mp);
|
2008-05-24 15:20:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2019-08-02 07:41:36 +00:00
|
|
|
ip6_savecontrol(struct inpcb *inp, struct mbuf *m, struct mbuf **mp)
|
2008-05-24 15:20:48 +00:00
|
|
|
{
|
2019-11-07 18:29:51 +00:00
|
|
|
struct ip6_hdr *ip6;
|
2008-08-16 06:39:18 +00:00
|
|
|
int v4only = 0;
|
2008-05-24 15:20:48 +00:00
|
|
|
|
2019-08-02 07:41:36 +00:00
|
|
|
mp = ip6_savecontrol_v4(inp, m, mp, &v4only);
|
2008-08-16 06:39:18 +00:00
|
|
|
if (v4only)
|
2008-05-24 15:20:48 +00:00
|
|
|
return;
|
|
|
|
|
|
2019-11-07 18:29:51 +00:00
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
2004-06-02 15:41:18 +00:00
|
|
|
* IPV6_HOPOPTS socket option. Recall that we required super-user
|
|
|
|
|
* privilege for the option (see ip6_ctloutput), but it might be too
|
|
|
|
|
* strict, since there might be some hop-by-hop options which can be
|
|
|
|
|
* returned to normal user.
|
|
|
|
|
* See also RFC 2292 section 6 (or RFC 3542 section 8).
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2019-08-02 07:41:36 +00:00
|
|
|
if ((inp->inp_flags & IN6P_HOPOPTS) != 0) {
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
|
* Check if a hop-by-hop options header is contatined in the
|
|
|
|
|
* received packet, and if so, store the options as ancillary
|
|
|
|
|
* data. Note that a hop-by-hop options header must be
|
2003-10-08 18:26:08 +00:00
|
|
|
* just after the IPv6 header, which is assured through the
|
|
|
|
|
* IPv6 input processing.
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
|
|
|
|
if (ip6->ip6_nxt == IPPROTO_HOPOPTS) {
|
2000-07-04 16:35:15 +00:00
|
|
|
struct ip6_hbh *hbh;
|
2022-05-17 17:10:42 +00:00
|
|
|
u_int hbhlen;
|
2000-07-04 16:35:15 +00:00
|
|
|
|
|
|
|
|
hbh = (struct ip6_hbh *)(ip6 + 1);
|
|
|
|
|
hbhlen = (hbh->ip6h_len + 1) << 3;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
|
/*
|
2003-10-08 18:26:08 +00:00
|
|
|
* XXX: We copy the whole header even if a
|
|
|
|
|
* jumbo payload option is included, the option which
|
|
|
|
|
* is to be removed before returning according to
|
|
|
|
|
* RFC2292.
|
2005-07-20 08:59:45 +00:00
|
|
|
* Note: this constraint is removed in RFC3542
|
1999-11-22 02:45:11 +00:00
|
|
|
*/
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(hbh, hbhlen,
|
2019-08-02 07:41:36 +00:00
|
|
|
IS2292(inp, IPV6_2292HOPOPTS, IPV6_HOPOPTS),
|
2022-05-17 17:10:42 +00:00
|
|
|
IPPROTO_IPV6, M_NOWAIT);
|
2003-10-24 18:26:30 +00:00
|
|
|
if (*mp)
|
1999-11-22 02:45:11 +00:00
|
|
|
mp = &(*mp)->m_next;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-02 07:41:36 +00:00
|
|
|
if ((inp->inp_flags & (IN6P_RTHDR | IN6P_DSTOPTS)) != 0) {
|
2001-06-11 12:39:29 +00:00
|
|
|
int nxt = ip6->ip6_nxt, off = sizeof(struct ip6_hdr);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Search for destination options headers or routing
|
|
|
|
|
* header(s) through the header chain, and stores each
|
|
|
|
|
* header as ancillary data.
|
|
|
|
|
* Note that the order of the headers remains in
|
|
|
|
|
* the chain of ancillary data.
|
|
|
|
|
*/
|
2001-06-11 12:39:29 +00:00
|
|
|
while (1) { /* is explicit loop prevention necessary? */
|
|
|
|
|
struct ip6_ext *ip6e = NULL;
|
2022-05-17 17:10:42 +00:00
|
|
|
u_int elen;
|
2001-06-11 12:39:29 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* if it is not an extension header, don't try to
|
|
|
|
|
* pull it from the chain.
|
|
|
|
|
*/
|
|
|
|
|
switch (nxt) {
|
|
|
|
|
case IPPROTO_DSTOPTS:
|
|
|
|
|
case IPPROTO_ROUTING:
|
|
|
|
|
case IPPROTO_HOPOPTS:
|
|
|
|
|
case IPPROTO_AH: /* is it possible? */
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
goto loopend;
|
|
|
|
|
}
|
2000-07-04 16:35:15 +00:00
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
if (off + sizeof(*ip6e) > m->m_len)
|
|
|
|
|
goto loopend;
|
2000-07-04 16:35:15 +00:00
|
|
|
ip6e = (struct ip6_ext *)(mtod(m, caddr_t) + off);
|
|
|
|
|
if (nxt == IPPROTO_AH)
|
|
|
|
|
elen = (ip6e->ip6e_len + 2) << 2;
|
|
|
|
|
else
|
|
|
|
|
elen = (ip6e->ip6e_len + 1) << 3;
|
2001-06-11 12:39:29 +00:00
|
|
|
if (off + elen > m->m_len)
|
|
|
|
|
goto loopend;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
switch (nxt) {
|
|
|
|
|
case IPPROTO_DSTOPTS:
|
2019-08-02 07:41:36 +00:00
|
|
|
if (!(inp->inp_flags & IN6P_DSTOPTS))
|
2001-06-11 12:39:29 +00:00
|
|
|
break;
|
|
|
|
|
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(ip6e, elen,
|
|
|
|
|
IS2292(inp, IPV6_2292DSTOPTS, IPV6_DSTOPTS),
|
|
|
|
|
IPPROTO_IPV6, M_NOWAIT);
|
2001-06-11 12:39:29 +00:00
|
|
|
if (*mp)
|
|
|
|
|
mp = &(*mp)->m_next;
|
|
|
|
|
break;
|
|
|
|
|
case IPPROTO_ROUTING:
|
2019-08-02 07:41:36 +00:00
|
|
|
if (!(inp->inp_flags & IN6P_RTHDR))
|
2001-06-11 12:39:29 +00:00
|
|
|
break;
|
|
|
|
|
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(ip6e, elen,
|
2019-08-02 07:41:36 +00:00
|
|
|
IS2292(inp, IPV6_2292RTHDR, IPV6_RTHDR),
|
2022-05-17 17:10:42 +00:00
|
|
|
IPPROTO_IPV6, M_NOWAIT);
|
2001-06-11 12:39:29 +00:00
|
|
|
if (*mp)
|
|
|
|
|
mp = &(*mp)->m_next;
|
|
|
|
|
break;
|
|
|
|
|
case IPPROTO_HOPOPTS:
|
|
|
|
|
case IPPROTO_AH: /* is it possible? */
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
/*
|
2007-07-05 16:29:40 +00:00
|
|
|
* other cases have been filtered in the above.
|
2001-06-11 12:39:29 +00:00
|
|
|
* none will visit this case. here we supply
|
|
|
|
|
* the code just in case (nxt overwritten or
|
|
|
|
|
* other cases).
|
|
|
|
|
*/
|
|
|
|
|
goto loopend;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* proceed with the next header. */
|
2000-07-04 16:35:15 +00:00
|
|
|
off += elen;
|
1999-11-22 02:45:11 +00:00
|
|
|
nxt = ip6e->ip6e_nxt;
|
2001-06-11 12:39:29 +00:00
|
|
|
ip6e = NULL;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
loopend:
|
2001-06-11 12:39:29 +00:00
|
|
|
;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2015-09-06 20:57:57 +00:00
|
|
|
|
2019-08-02 07:41:36 +00:00
|
|
|
if (inp->inp_flags2 & INP_RECVFLOWID) {
|
2015-09-06 20:57:57 +00:00
|
|
|
uint32_t flowid, flow_type;
|
|
|
|
|
|
|
|
|
|
flowid = m->m_pkthdr.flowid;
|
|
|
|
|
flow_type = M_HASHTYPE_GET(m);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* XXX should handle the failure of one or the
|
|
|
|
|
* other - don't populate both?
|
|
|
|
|
*/
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(&flowid, sizeof(uint32_t), IPV6_FLOWID,
|
|
|
|
|
IPPROTO_IPV6, M_NOWAIT);
|
2015-09-06 20:57:57 +00:00
|
|
|
if (*mp)
|
|
|
|
|
mp = &(*mp)->m_next;
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(&flow_type, sizeof(uint32_t),
|
|
|
|
|
IPV6_FLOWTYPE, IPPROTO_IPV6, M_NOWAIT);
|
2015-09-06 20:57:57 +00:00
|
|
|
if (*mp)
|
|
|
|
|
mp = &(*mp)->m_next;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef RSS
|
2019-08-02 07:41:36 +00:00
|
|
|
if (inp->inp_flags2 & INP_RECVRSSBUCKETID) {
|
2015-09-06 20:57:57 +00:00
|
|
|
uint32_t flowid, flow_type;
|
|
|
|
|
uint32_t rss_bucketid;
|
|
|
|
|
|
|
|
|
|
flowid = m->m_pkthdr.flowid;
|
|
|
|
|
flow_type = M_HASHTYPE_GET(m);
|
|
|
|
|
|
|
|
|
|
if (rss_hash2bucket(flowid, flow_type, &rss_bucketid) == 0) {
|
2022-05-17 17:10:42 +00:00
|
|
|
*mp = sbcreatecontrol(&rss_bucketid, sizeof(uint32_t),
|
|
|
|
|
IPV6_RSSBUCKETID, IPPROTO_IPV6, M_NOWAIT);
|
2015-09-06 20:57:57 +00:00
|
|
|
if (*mp)
|
|
|
|
|
mp = &(*mp)->m_next;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2001-06-11 12:39:29 +00:00
|
|
|
}
|
2008-05-24 15:20:48 +00:00
|
|
|
#undef IS2292
|
2001-06-11 12:39:29 +00:00
|
|
|
|
2004-02-13 14:50:01 +00:00
|
|
|
void
|
2015-03-04 11:20:01 +00:00
|
|
|
ip6_notify_pmtu(struct inpcb *inp, struct sockaddr_in6 *dst, u_int32_t mtu)
|
2004-02-13 14:50:01 +00:00
|
|
|
{
|
|
|
|
|
struct socket *so;
|
|
|
|
|
struct mbuf *m_mtu;
|
|
|
|
|
struct ip6_mtuinfo mtuctl;
|
|
|
|
|
|
2015-03-04 11:20:01 +00:00
|
|
|
KASSERT(inp != NULL, ("%s: inp == NULL", __func__));
|
|
|
|
|
/*
|
|
|
|
|
* Notify the error by sending IPV6_PATHMTU ancillary data if
|
|
|
|
|
* application wanted to know the MTU value.
|
|
|
|
|
* NOTE: we notify disconnected sockets, because some udp
|
|
|
|
|
* applications keep sending sockets disconnected.
|
|
|
|
|
* NOTE: our implementation doesn't notify connected sockets that has
|
|
|
|
|
* foreign address that is different than given destination addresses
|
|
|
|
|
* (this is permitted by RFC 3542).
|
|
|
|
|
*/
|
|
|
|
|
if ((inp->inp_flags & IN6P_MTU) == 0 || (
|
|
|
|
|
!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr) &&
|
|
|
|
|
!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr, &dst->sin6_addr)))
|
2004-02-13 14:50:01 +00:00
|
|
|
return;
|
|
|
|
|
|
2015-03-04 11:20:01 +00:00
|
|
|
mtuctl.ip6m_mtu = mtu;
|
2004-02-13 14:50:01 +00:00
|
|
|
mtuctl.ip6m_addr = *dst;
|
2005-07-25 12:31:43 +00:00
|
|
|
if (sa6_recoverscope(&mtuctl.ip6m_addr))
|
|
|
|
|
return;
|
2004-02-13 14:50:01 +00:00
|
|
|
|
2022-05-17 17:10:42 +00:00
|
|
|
if ((m_mtu = sbcreatecontrol(&mtuctl, sizeof(mtuctl), IPV6_PATHMTU,
|
|
|
|
|
IPPROTO_IPV6, M_NOWAIT)) == NULL)
|
2004-02-13 14:50:01 +00:00
|
|
|
return;
|
|
|
|
|
|
2015-03-04 11:20:01 +00:00
|
|
|
so = inp->inp_socket;
|
2004-02-13 14:50:01 +00:00
|
|
|
if (sbappendaddr(&so->so_rcv, (struct sockaddr *)dst, NULL, m_mtu)
|
|
|
|
|
== 0) {
|
2021-07-28 15:46:59 +00:00
|
|
|
soroverflow(so);
|
2004-02-13 14:50:01 +00:00
|
|
|
m_freem(m_mtu);
|
|
|
|
|
/* XXX: should count statistics */
|
|
|
|
|
} else
|
|
|
|
|
sorwakeup(so);
|
|
|
|
|
}
|
|
|
|
|
|
1999-11-22 02:45:11 +00:00
|
|
|
/*
|
|
|
|
|
* Get pointer to the previous header followed by the header
|
|
|
|
|
* currently processed.
|
|
|
|
|
*/
|
2018-02-05 09:22:07 +00:00
|
|
|
int
|
2015-08-29 07:14:29 +00:00
|
|
|
ip6_get_prevhdr(const struct mbuf *m, int off)
|
1999-11-22 02:45:11 +00:00
|
|
|
{
|
2018-02-05 09:22:07 +00:00
|
|
|
struct ip6_ext ip6e;
|
|
|
|
|
struct ip6_hdr *ip6;
|
|
|
|
|
int len, nlen, nxt;
|
1999-11-22 02:45:11 +00:00
|
|
|
|
|
|
|
|
if (off == sizeof(struct ip6_hdr))
|
2018-02-05 09:22:07 +00:00
|
|
|
return (offsetof(struct ip6_hdr, ip6_nxt));
|
|
|
|
|
if (off < sizeof(struct ip6_hdr))
|
|
|
|
|
panic("%s: off < sizeof(struct ip6_hdr)", __func__);
|
1999-11-22 02:45:11 +00:00
|
|
|
|
2018-02-05 09:22:07 +00:00
|
|
|
ip6 = mtod(m, struct ip6_hdr *);
|
|
|
|
|
nxt = ip6->ip6_nxt;
|
|
|
|
|
len = sizeof(struct ip6_hdr);
|
|
|
|
|
nlen = 0;
|
|
|
|
|
while (len < off) {
|
|
|
|
|
m_copydata(m, len, sizeof(ip6e), (caddr_t)&ip6e);
|
|
|
|
|
switch (nxt) {
|
|
|
|
|
case IPPROTO_FRAGMENT:
|
|
|
|
|
nlen = sizeof(struct ip6_frag);
|
|
|
|
|
break;
|
|
|
|
|
case IPPROTO_AH:
|
|
|
|
|
nlen = (ip6e.ip6e_len + 2) << 2;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
nlen = (ip6e.ip6e_len + 1) << 3;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2018-02-05 09:22:07 +00:00
|
|
|
len += nlen;
|
|
|
|
|
nxt = ip6e.ip6e_nxt;
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
2018-02-05 09:22:07 +00:00
|
|
|
return (len - nlen);
|
1999-11-22 02:45:11 +00:00
|
|
|
}
|
|
|
|
|
|
2000-07-04 16:35:15 +00:00
|
|
|
/*
|
|
|
|
|
* get next header offset. m will be retained.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2015-08-29 07:14:29 +00:00
|
|
|
ip6_nexthdr(const struct mbuf *m, int off, int proto, int *nxtp)
|
2000-07-04 16:35:15 +00:00
|
|
|
{
|
|
|
|
|
struct ip6_hdr ip6;
|
|
|
|
|
struct ip6_ext ip6e;
|
|
|
|
|
struct ip6_frag fh;
|
|
|
|
|
|
|
|
|
|
/* just in case */
|
|
|
|
|
if (m == NULL)
|
|
|
|
|
panic("ip6_nexthdr: m == NULL");
|
|
|
|
|
if ((m->m_flags & M_PKTHDR) == 0 || m->m_pkthdr.len < off)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
switch (proto) {
|
|
|
|
|
case IPPROTO_IPV6:
|
|
|
|
|
if (m->m_pkthdr.len < off + sizeof(ip6))
|
|
|
|
|
return -1;
|
|
|
|
|
m_copydata(m, off, sizeof(ip6), (caddr_t)&ip6);
|
|
|
|
|
if (nxtp)
|
|
|
|
|
*nxtp = ip6.ip6_nxt;
|
|
|
|
|
off += sizeof(ip6);
|
|
|
|
|
return off;
|
|
|
|
|
|
|
|
|
|
case IPPROTO_FRAGMENT:
|
|
|
|
|
/*
|
|
|
|
|
* terminate parsing if it is not the first fragment,
|
|
|
|
|
* it does not make sense to parse through it.
|
|
|
|
|
*/
|
|
|
|
|
if (m->m_pkthdr.len < off + sizeof(fh))
|
|
|
|
|
return -1;
|
|
|
|
|
m_copydata(m, off, sizeof(fh), (caddr_t)&fh);
|
2003-10-10 19:49:52 +00:00
|
|
|
/* IP6F_OFF_MASK = 0xfff8(BigEndian), 0xf8ff(LittleEndian) */
|
|
|
|
|
if (fh.ip6f_offlg & IP6F_OFF_MASK)
|
2000-07-04 16:35:15 +00:00
|
|
|
return -1;
|
|
|
|
|
if (nxtp)
|
|
|
|
|
*nxtp = fh.ip6f_nxt;
|
|
|
|
|
off += sizeof(struct ip6_frag);
|
|
|
|
|
return off;
|
|
|
|
|
|
|
|
|
|
case IPPROTO_AH:
|
|
|
|
|
if (m->m_pkthdr.len < off + sizeof(ip6e))
|
|
|
|
|
return -1;
|
|
|
|
|
m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e);
|
|
|
|
|
if (nxtp)
|
|
|
|
|
*nxtp = ip6e.ip6e_nxt;
|
|
|
|
|
off += (ip6e.ip6e_len + 2) << 2;
|
|
|
|
|
return off;
|
|
|
|
|
|
|
|
|
|
case IPPROTO_HOPOPTS:
|
|
|
|
|
case IPPROTO_ROUTING:
|
|
|
|
|
case IPPROTO_DSTOPTS:
|
|
|
|
|
if (m->m_pkthdr.len < off + sizeof(ip6e))
|
|
|
|
|
return -1;
|
|
|
|
|
m_copydata(m, off, sizeof(ip6e), (caddr_t)&ip6e);
|
|
|
|
|
if (nxtp)
|
|
|
|
|
*nxtp = ip6e.ip6e_nxt;
|
|
|
|
|
off += (ip6e.ip6e_len + 1) << 3;
|
|
|
|
|
return off;
|
|
|
|
|
|
|
|
|
|
case IPPROTO_NONE:
|
|
|
|
|
case IPPROTO_ESP:
|
|
|
|
|
case IPPROTO_IPCOMP:
|
|
|
|
|
/* give up */
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-29 07:14:29 +00:00
|
|
|
/* NOTREACHED */
|
2000-07-04 16:35:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* get offset for the last header in the chain. m will be kept untainted.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2015-08-29 07:14:29 +00:00
|
|
|
ip6_lasthdr(const struct mbuf *m, int off, int proto, int *nxtp)
|
2000-07-04 16:35:15 +00:00
|
|
|
{
|
|
|
|
|
int newoff;
|
|
|
|
|
int nxt;
|
|
|
|
|
|
|
|
|
|
if (!nxtp) {
|
|
|
|
|
nxt = -1;
|
|
|
|
|
nxtp = &nxt;
|
|
|
|
|
}
|
|
|
|
|
while (1) {
|
|
|
|
|
newoff = ip6_nexthdr(m, off, proto, nxtp);
|
|
|
|
|
if (newoff < 0)
|
|
|
|
|
return off;
|
|
|
|
|
else if (newoff < off)
|
|
|
|
|
return -1; /* invalid */
|
|
|
|
|
else if (newoff == off)
|
|
|
|
|
return newoff;
|
|
|
|
|
|
|
|
|
|
off = newoff;
|
|
|
|
|
proto = *nxtp;
|
|
|
|
|
}
|
|
|
|
|
}
|
