ae 0fb6ad528e Merge projects/ipsec into head/.
Small summary
 -------------

o Almost all IPsec releated code was moved into sys/netipsec.
o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel
  option IPSEC_SUPPORT added. It enables support for loading
  and unloading of ipsec.ko and tcpmd5.ko kernel modules.
o IPSEC_NAT_T option was removed. Now NAT-T support is enabled by
  default. The UDP_ENCAP_ESPINUDP_NON_IKE encapsulation type
  support was removed. Added TCP/UDP checksum handling for
  inbound packets that were decapsulated by transport mode SAs.
  setkey(8) modified to show run-time NAT-T configuration of SA.
o New network pseudo interface if_ipsec(4) added. For now it is
  build as part of ipsec.ko module (or with IPSEC kernel).
  It implements IPsec virtual tunnels to create route-based VPNs.
o The network stack now invokes IPsec functions using special
  methods. The only one header file <netipsec/ipsec_support.h>
  should be included to declare all the needed things to work
  with IPsec.
o All IPsec protocols handlers (ESP/AH/IPCOMP protosw) were removed.
  Now these protocols are handled directly via IPsec methods.
o TCP_SIGNATURE support was reworked to be more close to RFC.
o PF_KEY SADB was reworked:
  - now all security associations stored in the single SPI namespace,
    and all SAs MUST have unique SPI.
  - several hash tables added to speed up lookups in SADB.
  - SADB now uses rmlock to protect access, and concurrent threads
    can do SA lookups in the same time.
  - many PF_KEY message handlers were reworked to reflect changes
    in SADB.
  - SADB_UPDATE message was extended to support new PF_KEY headers:
    SADB_X_EXT_NEW_ADDRESS_SRC and SADB_X_EXT_NEW_ADDRESS_DST. They
    can be used by IKE daemon to change SA addresses.
o ipsecrequest and secpolicy structures were cardinally changed to
  avoid locking protection for ipsecrequest. Now we support
  only limited number (4) of bundled SAs, but they are supported
  for both INET and INET6.
o INPCB security policy cache was introduced. Each PCB now caches
  used security policies to avoid SP lookup for each packet.
o For inbound security policies added the mode, when the kernel does
  check for full history of applied IPsec transforms.
o References counting rules for security policies and security
  associations were changed. The proper SA locking added into xform
  code.
o xform code was also changed. Now it is possible to unregister xforms.
  tdb_xxx structures were changed and renamed to reflect changes in
  SADB/SPDB, and changed rules for locking and refcounting.

Reviewed by:	gnn, wblock
Obtained from:	Yandex LLC
Relnotes:	yes
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D9352
2017-02-06 08:49:57 +00:00

746 lines
26 KiB
C

/*-
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $KAME: in6.h,v 1.89 2001/05/27 13:28:35 itojun Exp $
*/
/*-
* Copyright (c) 1982, 1986, 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)in.h 8.3 (Berkeley) 1/3/94
* $FreeBSD$
*/
#ifndef __KAME_NETINET_IN_H_INCLUDED_
#error "do not include netinet6/in6.h directly, include netinet/in.h. see RFC2553"
#endif
#ifndef _NETINET6_IN6_H_
#define _NETINET6_IN6_H_
/*
* Identification of the network protocol stack
* for *BSD-current/release: http://www.kame.net/dev/cvsweb.cgi/kame/COVERAGE
* has the table of implementation/integration differences.
*/
#define __KAME__
#define __KAME_VERSION "FreeBSD"
/*
* IPv6 port allocation rules should mirror the IPv4 rules and are controlled
* by the net.inet.ip.portrange sysctl tree. The following defines exist
* for compatibility with userland applications that need them.
*/
#if __BSD_VISIBLE
#define IPV6PORT_RESERVED 1024
#define IPV6PORT_ANONMIN 49152
#define IPV6PORT_ANONMAX 65535
#define IPV6PORT_RESERVEDMIN 600
#define IPV6PORT_RESERVEDMAX (IPV6PORT_RESERVED-1)
#endif
/*
* IPv6 address
*/
struct in6_addr {
union {
uint8_t __u6_addr8[16];
uint16_t __u6_addr16[8];
uint32_t __u6_addr32[4];
} __u6_addr; /* 128-bit IP6 address */
};
#define s6_addr __u6_addr.__u6_addr8
#ifdef _KERNEL /* XXX nonstandard */
#define s6_addr8 __u6_addr.__u6_addr8
#define s6_addr16 __u6_addr.__u6_addr16
#define s6_addr32 __u6_addr.__u6_addr32
#endif
#define INET6_ADDRSTRLEN 46
/*
* XXX missing POSIX.1-2001 macro IPPROTO_IPV6.
*/
/*
* Socket address for IPv6
*/
#if __BSD_VISIBLE
#define SIN6_LEN
#endif
struct sockaddr_in6 {
uint8_t sin6_len; /* length of this struct */
sa_family_t sin6_family; /* AF_INET6 */
in_port_t sin6_port; /* Transport layer port # */
uint32_t sin6_flowinfo; /* IP6 flow information */
struct in6_addr sin6_addr; /* IP6 address */
uint32_t sin6_scope_id; /* scope zone index */
};
/*
* Local definition for masks
*/
#ifdef _KERNEL /* XXX nonstandard */
#define IN6MASK0 {{{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }}}
#define IN6MASK32 {{{ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }}}
#define IN6MASK64 {{{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }}}
#define IN6MASK96 {{{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00 }}}
#define IN6MASK128 {{{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, \
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }}}
#endif
#ifdef _KERNEL
extern const struct sockaddr_in6 sa6_any;
extern const struct in6_addr in6mask0;
extern const struct in6_addr in6mask32;
extern const struct in6_addr in6mask64;
extern const struct in6_addr in6mask96;
extern const struct in6_addr in6mask128;
#endif /* _KERNEL */
/*
* Macros started with IPV6_ADDR is KAME local
*/
#ifdef _KERNEL /* XXX nonstandard */
#if _BYTE_ORDER == _BIG_ENDIAN
#define IPV6_ADDR_INT32_ONE 1
#define IPV6_ADDR_INT32_TWO 2
#define IPV6_ADDR_INT32_MNL 0xff010000
#define IPV6_ADDR_INT32_MLL 0xff020000
#define IPV6_ADDR_INT32_SMP 0x0000ffff
#define IPV6_ADDR_INT16_ULL 0xfe80
#define IPV6_ADDR_INT16_USL 0xfec0
#define IPV6_ADDR_INT16_MLL 0xff02
#elif _BYTE_ORDER == _LITTLE_ENDIAN
#define IPV6_ADDR_INT32_ONE 0x01000000
#define IPV6_ADDR_INT32_TWO 0x02000000
#define IPV6_ADDR_INT32_MNL 0x000001ff
#define IPV6_ADDR_INT32_MLL 0x000002ff
#define IPV6_ADDR_INT32_SMP 0xffff0000
#define IPV6_ADDR_INT16_ULL 0x80fe
#define IPV6_ADDR_INT16_USL 0xc0fe
#define IPV6_ADDR_INT16_MLL 0x02ff
#endif
#endif
/*
* Definition of some useful macros to handle IP6 addresses
*/
#if __BSD_VISIBLE
#define IN6ADDR_ANY_INIT \
{{{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }}}
#define IN6ADDR_LOOPBACK_INIT \
{{{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }}}
#define IN6ADDR_NODELOCAL_ALLNODES_INIT \
{{{ 0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }}}
#define IN6ADDR_INTFACELOCAL_ALLNODES_INIT \
{{{ 0xff, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }}}
#define IN6ADDR_LINKLOCAL_ALLNODES_INIT \
{{{ 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }}}
#define IN6ADDR_LINKLOCAL_ALLROUTERS_INIT \
{{{ 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 }}}
#define IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT \
{{{ 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x16 }}}
#endif
extern const struct in6_addr in6addr_any;
extern const struct in6_addr in6addr_loopback;
#if __BSD_VISIBLE
extern const struct in6_addr in6addr_nodelocal_allnodes;
extern const struct in6_addr in6addr_linklocal_allnodes;
extern const struct in6_addr in6addr_linklocal_allrouters;
extern const struct in6_addr in6addr_linklocal_allv2routers;
#endif
/*
* Equality
* NOTE: Some of kernel programming environment (for example, openbsd/sparc)
* does not supply memcmp(). For userland memcmp() is preferred as it is
* in ANSI standard.
*/
#ifdef _KERNEL
#define IN6_ARE_ADDR_EQUAL(a, b) \
(bcmp(&(a)->s6_addr[0], &(b)->s6_addr[0], sizeof(struct in6_addr)) == 0)
#else
#if __BSD_VISIBLE
#define IN6_ARE_ADDR_EQUAL(a, b) \
(memcmp(&(a)->s6_addr[0], &(b)->s6_addr[0], sizeof(struct in6_addr)) == 0)
#endif
#endif
/*
* Unspecified
*/
#define IN6_IS_ADDR_UNSPECIFIED(a) \
((a)->__u6_addr.__u6_addr32[0] == 0 && \
(a)->__u6_addr.__u6_addr32[1] == 0 && \
(a)->__u6_addr.__u6_addr32[2] == 0 && \
(a)->__u6_addr.__u6_addr32[3] == 0)
/*
* Loopback
*/
#define IN6_IS_ADDR_LOOPBACK(a) \
((a)->__u6_addr.__u6_addr32[0] == 0 && \
(a)->__u6_addr.__u6_addr32[1] == 0 && \
(a)->__u6_addr.__u6_addr32[2] == 0 && \
(a)->__u6_addr.__u6_addr32[3] == ntohl(1))
/*
* IPv4 compatible
*/
#define IN6_IS_ADDR_V4COMPAT(a) \
((a)->__u6_addr.__u6_addr32[0] == 0 && \
(a)->__u6_addr.__u6_addr32[1] == 0 && \
(a)->__u6_addr.__u6_addr32[2] == 0 && \
(a)->__u6_addr.__u6_addr32[3] != 0 && \
(a)->__u6_addr.__u6_addr32[3] != ntohl(1))
/*
* Mapped
*/
#define IN6_IS_ADDR_V4MAPPED(a) \
((a)->__u6_addr.__u6_addr32[0] == 0 && \
(a)->__u6_addr.__u6_addr32[1] == 0 && \
(a)->__u6_addr.__u6_addr32[2] == ntohl(0x0000ffff))
/*
* KAME Scope Values
*/
#ifdef _KERNEL /* XXX nonstandard */
#define IPV6_ADDR_SCOPE_NODELOCAL 0x01
#define IPV6_ADDR_SCOPE_INTFACELOCAL 0x01
#define IPV6_ADDR_SCOPE_LINKLOCAL 0x02
#define IPV6_ADDR_SCOPE_SITELOCAL 0x05
#define IPV6_ADDR_SCOPE_ORGLOCAL 0x08 /* just used in this file */
#define IPV6_ADDR_SCOPE_GLOBAL 0x0e
#else
#define __IPV6_ADDR_SCOPE_NODELOCAL 0x01
#define __IPV6_ADDR_SCOPE_INTFACELOCAL 0x01
#define __IPV6_ADDR_SCOPE_LINKLOCAL 0x02
#define __IPV6_ADDR_SCOPE_SITELOCAL 0x05
#define __IPV6_ADDR_SCOPE_ORGLOCAL 0x08 /* just used in this file */
#define __IPV6_ADDR_SCOPE_GLOBAL 0x0e
#endif
/*
* Unicast Scope
* Note that we must check topmost 10 bits only, not 16 bits (see RFC2373).
*/
#define IN6_IS_ADDR_LINKLOCAL(a) \
(((a)->s6_addr[0] == 0xfe) && (((a)->s6_addr[1] & 0xc0) == 0x80))
#define IN6_IS_ADDR_SITELOCAL(a) \
(((a)->s6_addr[0] == 0xfe) && (((a)->s6_addr[1] & 0xc0) == 0xc0))
/*
* Multicast
*/
#define IN6_IS_ADDR_MULTICAST(a) ((a)->s6_addr[0] == 0xff)
#ifdef _KERNEL /* XXX nonstandard */
#define IPV6_ADDR_MC_SCOPE(a) ((a)->s6_addr[1] & 0x0f)
#else
#define __IPV6_ADDR_MC_SCOPE(a) ((a)->s6_addr[1] & 0x0f)
#endif
/*
* Multicast Scope
*/
#ifdef _KERNEL /* refers nonstandard items */
#define IN6_IS_ADDR_MC_NODELOCAL(a) \
(IN6_IS_ADDR_MULTICAST(a) && \
(IPV6_ADDR_MC_SCOPE(a) == IPV6_ADDR_SCOPE_NODELOCAL))
#define IN6_IS_ADDR_MC_INTFACELOCAL(a) \
(IN6_IS_ADDR_MULTICAST(a) && \
(IPV6_ADDR_MC_SCOPE(a) == IPV6_ADDR_SCOPE_INTFACELOCAL))
#define IN6_IS_ADDR_MC_LINKLOCAL(a) \
(IN6_IS_ADDR_MULTICAST(a) && \
(IPV6_ADDR_MC_SCOPE(a) == IPV6_ADDR_SCOPE_LINKLOCAL))
#define IN6_IS_ADDR_MC_SITELOCAL(a) \
(IN6_IS_ADDR_MULTICAST(a) && \
(IPV6_ADDR_MC_SCOPE(a) == IPV6_ADDR_SCOPE_SITELOCAL))
#define IN6_IS_ADDR_MC_ORGLOCAL(a) \
(IN6_IS_ADDR_MULTICAST(a) && \
(IPV6_ADDR_MC_SCOPE(a) == IPV6_ADDR_SCOPE_ORGLOCAL))
#define IN6_IS_ADDR_MC_GLOBAL(a) \
(IN6_IS_ADDR_MULTICAST(a) && \
(IPV6_ADDR_MC_SCOPE(a) == IPV6_ADDR_SCOPE_GLOBAL))
#else
#define IN6_IS_ADDR_MC_NODELOCAL(a) \
(IN6_IS_ADDR_MULTICAST(a) && \
(__IPV6_ADDR_MC_SCOPE(a) == __IPV6_ADDR_SCOPE_NODELOCAL))
#define IN6_IS_ADDR_MC_LINKLOCAL(a) \
(IN6_IS_ADDR_MULTICAST(a) && \
(__IPV6_ADDR_MC_SCOPE(a) == __IPV6_ADDR_SCOPE_LINKLOCAL))
#define IN6_IS_ADDR_MC_SITELOCAL(a) \
(IN6_IS_ADDR_MULTICAST(a) && \
(__IPV6_ADDR_MC_SCOPE(a) == __IPV6_ADDR_SCOPE_SITELOCAL))
#define IN6_IS_ADDR_MC_ORGLOCAL(a) \
(IN6_IS_ADDR_MULTICAST(a) && \
(__IPV6_ADDR_MC_SCOPE(a) == __IPV6_ADDR_SCOPE_ORGLOCAL))
#define IN6_IS_ADDR_MC_GLOBAL(a) \
(IN6_IS_ADDR_MULTICAST(a) && \
(__IPV6_ADDR_MC_SCOPE(a) == __IPV6_ADDR_SCOPE_GLOBAL))
#endif
#ifdef _KERNEL /* nonstandard */
/*
* KAME Scope
*/
#define IN6_IS_SCOPE_LINKLOCAL(a) \
((IN6_IS_ADDR_LINKLOCAL(a)) || \
(IN6_IS_ADDR_MC_LINKLOCAL(a)))
#define IN6_IS_SCOPE_EMBED(a) \
((IN6_IS_ADDR_LINKLOCAL(a)) || \
(IN6_IS_ADDR_MC_LINKLOCAL(a)) || \
(IN6_IS_ADDR_MC_INTFACELOCAL(a)))
#define IFA6_IS_DEPRECATED(a) \
((a)->ia6_lifetime.ia6t_pltime != ND6_INFINITE_LIFETIME && \
(u_int32_t)((time_uptime - (a)->ia6_updatetime)) > \
(a)->ia6_lifetime.ia6t_pltime)
#define IFA6_IS_INVALID(a) \
((a)->ia6_lifetime.ia6t_vltime != ND6_INFINITE_LIFETIME && \
(u_int32_t)((time_uptime - (a)->ia6_updatetime)) > \
(a)->ia6_lifetime.ia6t_vltime)
#endif /* _KERNEL */
/*
* IP6 route structure
*/
#if __BSD_VISIBLE
struct route_in6 {
struct rtentry *ro_rt;
struct llentry *ro_lle;
/*
* ro_prepend and ro_plen are only used for bpf to pass in a
* preformed header. They are not cacheable.
*/
char *ro_prepend;
uint16_t ro_plen;
uint16_t ro_flags;
uint16_t ro_mtu; /* saved ro_rt mtu */
uint16_t spare;
struct sockaddr_in6 ro_dst;
};
#endif
#ifdef _KERNEL
#define MTAG_ABI_IPV6 1444287380 /* IPv6 ABI */
#define IPV6_TAG_DIRECT 0 /* direct-dispatch IPv6 */
#endif /* _KERNEL */
/*
* Options for use with [gs]etsockopt at the IPV6 level.
* First word of comment is data type; bool is stored in int.
*/
/* no hdrincl */
#if 0 /* the followings are relic in IPv4 and hence are disabled */
#define IPV6_OPTIONS 1 /* buf/ip6_opts; set/get IP6 options */
#define IPV6_RECVOPTS 5 /* bool; receive all IP6 opts w/dgram */
#define IPV6_RECVRETOPTS 6 /* bool; receive IP6 opts for response */
#define IPV6_RECVDSTADDR 7 /* bool; receive IP6 dst addr w/dgram */
#define IPV6_RETOPTS 8 /* ip6_opts; set/get IP6 options */
#endif
#define IPV6_SOCKOPT_RESERVED1 3 /* reserved for future use */
#define IPV6_UNICAST_HOPS 4 /* int; IP6 hops */
#define IPV6_MULTICAST_IF 9 /* u_int; set/get IP6 multicast i/f */
#define IPV6_MULTICAST_HOPS 10 /* int; set/get IP6 multicast hops */
#define IPV6_MULTICAST_LOOP 11 /* u_int; set/get IP6 multicast loopback */
#define IPV6_JOIN_GROUP 12 /* ipv6_mreq; join a group membership */
#define IPV6_LEAVE_GROUP 13 /* ipv6_mreq; leave a group membership */
#define IPV6_PORTRANGE 14 /* int; range to choose for unspec port */
#define ICMP6_FILTER 18 /* icmp6_filter; icmp6 filter */
/* RFC2292 options */
#ifdef _KERNEL
#define IPV6_2292PKTINFO 19 /* bool; send/recv if, src/dst addr */
#define IPV6_2292HOPLIMIT 20 /* bool; hop limit */
#define IPV6_2292NEXTHOP 21 /* bool; next hop addr */
#define IPV6_2292HOPOPTS 22 /* bool; hop-by-hop option */
#define IPV6_2292DSTOPTS 23 /* bool; destinaion option */
#define IPV6_2292RTHDR 24 /* bool; routing header */
#define IPV6_2292PKTOPTIONS 25 /* buf/cmsghdr; set/get IPv6 options */
#endif
#define IPV6_CHECKSUM 26 /* int; checksum offset for raw socket */
#define IPV6_V6ONLY 27 /* bool; make AF_INET6 sockets v6 only */
#ifndef _KERNEL
#define IPV6_BINDV6ONLY IPV6_V6ONLY
#endif
#define IPV6_IPSEC_POLICY 28 /* struct; get/set security policy */
/* 29; unused; was IPV6_FAITH */
#if 1 /* IPV6FIREWALL */
#define IPV6_FW_ADD 30 /* add a firewall rule to chain */
#define IPV6_FW_DEL 31 /* delete a firewall rule from chain */
#define IPV6_FW_FLUSH 32 /* flush firewall rule chain */
#define IPV6_FW_ZERO 33 /* clear single/all firewall counter(s) */
#define IPV6_FW_GET 34 /* get entire firewall rule chain */
#endif
/* new socket options introduced in RFC3542 */
#define IPV6_RTHDRDSTOPTS 35 /* ip6_dest; send dst option before rthdr */
#define IPV6_RECVPKTINFO 36 /* bool; recv if, dst addr */
#define IPV6_RECVHOPLIMIT 37 /* bool; recv hop limit */
#define IPV6_RECVRTHDR 38 /* bool; recv routing header */
#define IPV6_RECVHOPOPTS 39 /* bool; recv hop-by-hop option */
#define IPV6_RECVDSTOPTS 40 /* bool; recv dst option after rthdr */
#ifdef _KERNEL
#define IPV6_RECVRTHDRDSTOPTS 41 /* bool; recv dst option before rthdr */
#endif
#define IPV6_USE_MIN_MTU 42 /* bool; send packets at the minimum MTU */
#define IPV6_RECVPATHMTU 43 /* bool; notify an according MTU */
#define IPV6_PATHMTU 44 /* mtuinfo; get the current path MTU (sopt),
4 bytes int; MTU notification (cmsg) */
#if 0 /*obsoleted during 2292bis -> 3542*/
#define IPV6_REACHCONF 45 /* no data; ND reachability confirm
(cmsg only/not in of RFC3542) */
#endif
/* more new socket options introduced in RFC3542 */
#define IPV6_PKTINFO 46 /* in6_pktinfo; send if, src addr */
#define IPV6_HOPLIMIT 47 /* int; send hop limit */
#define IPV6_NEXTHOP 48 /* sockaddr; next hop addr */
#define IPV6_HOPOPTS 49 /* ip6_hbh; send hop-by-hop option */
#define IPV6_DSTOPTS 50 /* ip6_dest; send dst option befor rthdr */
#define IPV6_RTHDR 51 /* ip6_rthdr; send routing header */
#if 0
#define IPV6_PKTOPTIONS 52 /* buf/cmsghdr; set/get IPv6 options */
/* obsoleted by RFC3542 */
#endif
#define IPV6_RECVTCLASS 57 /* bool; recv traffic class values */
#define IPV6_AUTOFLOWLABEL 59 /* bool; attach flowlabel automagically */
#define IPV6_TCLASS 61 /* int; send traffic class value */
#define IPV6_DONTFRAG 62 /* bool; disable IPv6 fragmentation */
#define IPV6_PREFER_TEMPADDR 63 /* int; prefer temporary addresses as
* the source address.
*/
#define IPV6_BINDANY 64 /* bool: allow bind to any address */
#define IPV6_BINDMULTI 65 /* bool; allow multibind to same addr/port */
#define IPV6_RSS_LISTEN_BUCKET 66 /* int; set RSS listen bucket */
#define IPV6_FLOWID 67 /* int; flowid of given socket */
#define IPV6_FLOWTYPE 68 /* int; flowtype of given socket */
#define IPV6_RSSBUCKETID 69 /* int; RSS bucket ID of given socket */
#define IPV6_RECVFLOWID 70 /* bool; receive IP6 flowid/flowtype w/ datagram */
#define IPV6_RECVRSSBUCKETID 71 /* bool; receive IP6 RSS bucket id w/ datagram */
/*
* The following option is private; do not use it from user applications.
* It is deliberately defined to the same value as IP_MSFILTER.
*/
#define IPV6_MSFILTER 74 /* struct __msfilterreq;
* set/get multicast source filter list.
*/
/* to define items, should talk with KAME guys first, for *BSD compatibility */
#define IPV6_RTHDR_LOOSE 0 /* this hop need not be a neighbor. XXX old spec */
#define IPV6_RTHDR_STRICT 1 /* this hop must be a neighbor. XXX old spec */
#define IPV6_RTHDR_TYPE_0 0 /* IPv6 routing header type 0 */
/*
* Defaults and limits for options
*/
#define IPV6_DEFAULT_MULTICAST_HOPS 1 /* normally limit m'casts to 1 hop */
#define IPV6_DEFAULT_MULTICAST_LOOP 1 /* normally hear sends if a member */
/*
* The im6o_membership vector for each socket is now dynamically allocated at
* run-time, bounded by USHRT_MAX, and is reallocated when needed, sized
* according to a power-of-two increment.
*/
#define IPV6_MIN_MEMBERSHIPS 31
#define IPV6_MAX_MEMBERSHIPS 4095
/*
* Default resource limits for IPv6 multicast source filtering.
* These may be modified by sysctl.
*/
#define IPV6_MAX_GROUP_SRC_FILTER 512 /* sources per group */
#define IPV6_MAX_SOCK_SRC_FILTER 128 /* sources per socket/group */
/*
* Argument structure for IPV6_JOIN_GROUP and IPV6_LEAVE_GROUP.
*/
struct ipv6_mreq {
struct in6_addr ipv6mr_multiaddr;
unsigned int ipv6mr_interface;
};
/*
* IPV6_PKTINFO: Packet information(RFC2292 sec 5)
*/
struct in6_pktinfo {
struct in6_addr ipi6_addr; /* src/dst IPv6 address */
unsigned int ipi6_ifindex; /* send/recv interface index */
};
/*
* Control structure for IPV6_RECVPATHMTU socket option.
*/
struct ip6_mtuinfo {
struct sockaddr_in6 ip6m_addr; /* or sockaddr_storage? */
uint32_t ip6m_mtu;
};
/*
* Argument for IPV6_PORTRANGE:
* - which range to search when port is unspecified at bind() or connect()
*/
#define IPV6_PORTRANGE_DEFAULT 0 /* default range */
#define IPV6_PORTRANGE_HIGH 1 /* "high" - request firewall bypass */
#define IPV6_PORTRANGE_LOW 2 /* "low" - vouchsafe security */
#if __BSD_VISIBLE
/*
* Definitions for inet6 sysctl operations.
*
* Third level is protocol number.
* Fourth level is desired variable within that protocol.
*/
#define IPV6PROTO_MAXID (IPPROTO_PIM + 1) /* don't list to IPV6PROTO_MAX */
/*
* Names for IP sysctl objects
*/
#define IPV6CTL_FORWARDING 1 /* act as router */
#define IPV6CTL_SENDREDIRECTS 2 /* may send redirects when forwarding*/
#define IPV6CTL_DEFHLIM 3 /* default Hop-Limit */
#ifdef notyet
#define IPV6CTL_DEFMTU 4 /* default MTU */
#endif
#define IPV6CTL_FORWSRCRT 5 /* forward source-routed dgrams */
#define IPV6CTL_STATS 6 /* stats */
#define IPV6CTL_MRTSTATS 7 /* multicast forwarding stats */
#define IPV6CTL_MRTPROTO 8 /* multicast routing protocol */
#define IPV6CTL_MAXFRAGPACKETS 9 /* max packets reassembly queue */
#define IPV6CTL_SOURCECHECK 10 /* verify source route and intf */
#define IPV6CTL_SOURCECHECK_LOGINT 11 /* minimume logging interval */
#define IPV6CTL_ACCEPT_RTADV 12
/* 13; unused; was: IPV6CTL_KEEPFAITH */
#define IPV6CTL_LOG_INTERVAL 14
#define IPV6CTL_HDRNESTLIMIT 15
#define IPV6CTL_DAD_COUNT 16
#define IPV6CTL_AUTO_FLOWLABEL 17
#define IPV6CTL_DEFMCASTHLIM 18
#define IPV6CTL_GIF_HLIM 19 /* default HLIM for gif encap packet */
#define IPV6CTL_KAME_VERSION 20
#define IPV6CTL_USE_DEPRECATED 21 /* use deprecated addr (RFC2462 5.5.4) */
#define IPV6CTL_RR_PRUNE 22 /* walk timer for router renumbering */
#if 0 /* obsolete */
#define IPV6CTL_MAPPED_ADDR 23
#endif
#define IPV6CTL_V6ONLY 24
/* IPV6CTL_RTEXPIRE 25 deprecated */
/* IPV6CTL_RTMINEXPIRE 26 deprecated */
/* IPV6CTL_RTMAXCACHE 27 deprecated */
#define IPV6CTL_USETEMPADDR 32 /* use temporary addresses (RFC3041) */
#define IPV6CTL_TEMPPLTIME 33 /* preferred lifetime for tmpaddrs */
#define IPV6CTL_TEMPVLTIME 34 /* valid lifetime for tmpaddrs */
#define IPV6CTL_AUTO_LINKLOCAL 35 /* automatic link-local addr assign */
#define IPV6CTL_RIP6STATS 36 /* raw_ip6 stats */
#define IPV6CTL_PREFER_TEMPADDR 37 /* prefer temporary addr as src */
#define IPV6CTL_ADDRCTLPOLICY 38 /* get/set address selection policy */
#define IPV6CTL_USE_DEFAULTZONE 39 /* use default scope zone */
#define IPV6CTL_MAXFRAGS 41 /* max fragments */
#if 0
#define IPV6CTL_IFQ 42 /* ip6intrq node */
#define IPV6CTL_ISATAPRTR 43 /* isatap router */
#endif
#define IPV6CTL_MCAST_PMTU 44 /* enable pMTU discovery for multicast? */
/* New entries should be added here from current IPV6CTL_MAXID value. */
/* to define items, should talk with KAME guys first, for *BSD compatibility */
#define IPV6CTL_STEALTH 45
#define ICMPV6CTL_ND6_ONLINKNSRFC4861 47
#define IPV6CTL_NO_RADR 48 /* No defroute from RA */
#define IPV6CTL_NORBIT_RAIF 49 /* Disable R-bit in NA on RA
* receiving IF. */
#define IPV6CTL_RFC6204W3 50 /* Accept defroute even when forwarding
enabled */
#define IPV6CTL_INTRQMAXLEN 51 /* max length of IPv6 netisr queue */
#define IPV6CTL_INTRDQMAXLEN 52 /* max length of direct IPv6 netisr
* queue */
#define IPV6CTL_MAXID 53
#endif /* __BSD_VISIBLE */
/*
* Since both netinet/ and netinet6/ call into netipsec/ and netpfil/,
* the protocol specific mbuf flags are shared between them.
*/
#define M_FASTFWD_OURS M_PROTO1 /* changed dst to local */
#define M_IP6_NEXTHOP M_PROTO2 /* explicit ip nexthop */
#define M_IP_NEXTHOP M_PROTO2 /* explicit ip nexthop */
#define M_SKIP_FIREWALL M_PROTO3 /* skip firewall processing */
#define M_AUTHIPHDR M_PROTO4
#define M_DECRYPTED M_PROTO5
#define M_LOOP M_PROTO6
#define M_AUTHIPDGM M_PROTO7
#define M_RTALERT_MLD M_PROTO8
#ifdef _KERNEL
struct cmsghdr;
struct ip6_hdr;
int in6_cksum_pseudo(struct ip6_hdr *, uint32_t, uint8_t, uint16_t);
int in6_cksum(struct mbuf *, u_int8_t, u_int32_t, u_int32_t);
int in6_cksum_partial(struct mbuf *, u_int8_t, u_int32_t, u_int32_t,
u_int32_t);
int in6_localaddr(struct in6_addr *);
int in6_localip(struct in6_addr *);
int in6_ifhasaddr(struct ifnet *, struct in6_addr *);
int in6_addrscope(const struct in6_addr *);
char *ip6_sprintf(char *, const struct in6_addr *);
struct in6_ifaddr *in6_ifawithifp(struct ifnet *, struct in6_addr *);
extern void in6_if_up(struct ifnet *);
struct sockaddr;
extern u_char ip6_protox[];
void in6_sin6_2_sin(struct sockaddr_in *sin,
struct sockaddr_in6 *sin6);
void in6_sin_2_v4mapsin6(struct sockaddr_in *sin,
struct sockaddr_in6 *sin6);
void in6_sin6_2_sin_in_sock(struct sockaddr *nam);
void in6_sin_2_v4mapsin6_in_sock(struct sockaddr **nam);
extern void addrsel_policy_init(void);
#define satosin6(sa) ((struct sockaddr_in6 *)(sa))
#define sin6tosa(sin6) ((struct sockaddr *)(sin6))
#define ifatoia6(ifa) ((struct in6_ifaddr *)(ifa))
#endif /* _KERNEL */
#ifndef _SIZE_T_DECLARED
typedef __size_t size_t;
#define _SIZE_T_DECLARED
#endif
#ifndef _SOCKLEN_T_DECLARED
typedef __socklen_t socklen_t;
#define _SOCKLEN_T_DECLARED
#endif
#if __BSD_VISIBLE
__BEGIN_DECLS
struct cmsghdr;
extern int inet6_option_space(int);
extern int inet6_option_init(void *, struct cmsghdr **, int);
extern int inet6_option_append(struct cmsghdr *, const uint8_t *,
int, int);
extern uint8_t *inet6_option_alloc(struct cmsghdr *, int, int, int);
extern int inet6_option_next(const struct cmsghdr *, uint8_t **);
extern int inet6_option_find(const struct cmsghdr *, uint8_t **, int);
extern size_t inet6_rthdr_space(int, int);
extern struct cmsghdr *inet6_rthdr_init(void *, int);
extern int inet6_rthdr_add(struct cmsghdr *, const struct in6_addr *,
unsigned int);
extern int inet6_rthdr_lasthop(struct cmsghdr *, unsigned int);
#if 0 /* not implemented yet */
extern int inet6_rthdr_reverse(const struct cmsghdr *, struct cmsghdr *);
#endif
extern int inet6_rthdr_segments(const struct cmsghdr *);
extern struct in6_addr *inet6_rthdr_getaddr(struct cmsghdr *, int);
extern int inet6_rthdr_getflags(const struct cmsghdr *, int);
extern int inet6_opt_init(void *, socklen_t);
extern int inet6_opt_append(void *, socklen_t, int, uint8_t, socklen_t,
uint8_t, void **);
extern int inet6_opt_finish(void *, socklen_t, int);
extern int inet6_opt_set_val(void *, int, void *, socklen_t);
extern int inet6_opt_next(void *, socklen_t, int, uint8_t *, socklen_t *,
void **);
extern int inet6_opt_find(void *, socklen_t, int, uint8_t, socklen_t *,
void **);
extern int inet6_opt_get_val(void *, int, void *, socklen_t);
extern socklen_t inet6_rth_space(int, int);
extern void *inet6_rth_init(void *, socklen_t, int, int);
extern int inet6_rth_add(void *, const struct in6_addr *);
extern int inet6_rth_reverse(const void *, void *);
extern int inet6_rth_segments(const void *);
extern struct in6_addr *inet6_rth_getaddr(const void *, int);
__END_DECLS
#endif /* __BSD_VISIBLE */
#endif /* !_NETINET6_IN6_H_ */