| @@ -1,1153 +1,1148 @@ | | | @@ -1,1153 +1,1148 @@ |
1 | /* $NetBSD: ip6_output.c,v 1.139 2009/05/07 21:51:47 elad Exp $ */ | | 1 | /* $NetBSD: ip6_output.c,v 1.140 2011/04/25 22:20:59 yamt Exp $ */ |
2 | /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ | | 2 | /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ |
3 | | | 3 | |
4 | /* | | 4 | /* |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | | 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
6 | * All rights reserved. | | 6 | * All rights reserved. |
7 | * | | 7 | * |
8 | * Redistribution and use in source and binary forms, with or without | | 8 | * Redistribution and use in source and binary forms, with or without |
9 | * modification, are permitted provided that the following conditions | | 9 | * modification, are permitted provided that the following conditions |
10 | * are met: | | 10 | * are met: |
11 | * 1. Redistributions of source code must retain the above copyright | | 11 | * 1. Redistributions of source code must retain the above copyright |
12 | * notice, this list of conditions and the following disclaimer. | | 12 | * notice, this list of conditions and the following disclaimer. |
13 | * 2. Redistributions in binary form must reproduce the above copyright | | 13 | * 2. Redistributions in binary form must reproduce the above copyright |
14 | * notice, this list of conditions and the following disclaimer in the | | 14 | * notice, this list of conditions and the following disclaimer in the |
15 | * documentation and/or other materials provided with the distribution. | | 15 | * documentation and/or other materials provided with the distribution. |
16 | * 3. Neither the name of the project nor the names of its contributors | | 16 | * 3. Neither the name of the project nor the names of its contributors |
17 | * may be used to endorse or promote products derived from this software | | 17 | * may be used to endorse or promote products derived from this software |
18 | * without specific prior written permission. | | 18 | * without specific prior written permission. |
19 | * | | 19 | * |
20 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND | | 20 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | | 23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
30 | * SUCH DAMAGE. | | 30 | * SUCH DAMAGE. |
31 | */ | | 31 | */ |
32 | | | 32 | |
33 | /* | | 33 | /* |
34 | * Copyright (c) 1982, 1986, 1988, 1990, 1993 | | 34 | * Copyright (c) 1982, 1986, 1988, 1990, 1993 |
35 | * The Regents of the University of California. All rights reserved. | | 35 | * The Regents of the University of California. All rights reserved. |
36 | * | | 36 | * |
37 | * Redistribution and use in source and binary forms, with or without | | 37 | * Redistribution and use in source and binary forms, with or without |
38 | * modification, are permitted provided that the following conditions | | 38 | * modification, are permitted provided that the following conditions |
39 | * are met: | | 39 | * are met: |
40 | * 1. Redistributions of source code must retain the above copyright | | 40 | * 1. Redistributions of source code must retain the above copyright |
41 | * notice, this list of conditions and the following disclaimer. | | 41 | * notice, this list of conditions and the following disclaimer. |
42 | * 2. Redistributions in binary form must reproduce the above copyright | | 42 | * 2. Redistributions in binary form must reproduce the above copyright |
43 | * notice, this list of conditions and the following disclaimer in the | | 43 | * notice, this list of conditions and the following disclaimer in the |
44 | * documentation and/or other materials provided with the distribution. | | 44 | * documentation and/or other materials provided with the distribution. |
45 | * 3. Neither the name of the University nor the names of its contributors | | 45 | * 3. Neither the name of the University nor the names of its contributors |
46 | * may be used to endorse or promote products derived from this software | | 46 | * may be used to endorse or promote products derived from this software |
47 | * without specific prior written permission. | | 47 | * without specific prior written permission. |
48 | * | | 48 | * |
49 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | | 49 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
50 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 50 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
51 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 51 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | | 52 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 53 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 54 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 55 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 56 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 57 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 58 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
59 | * SUCH DAMAGE. | | 59 | * SUCH DAMAGE. |
60 | * | | 60 | * |
61 | * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 | | 61 | * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 |
62 | */ | | 62 | */ |
63 | | | 63 | |
64 | #include <sys/cdefs.h> | | 64 | #include <sys/cdefs.h> |
65 | __KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.139 2009/05/07 21:51:47 elad Exp $"); | | 65 | __KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.140 2011/04/25 22:20:59 yamt Exp $"); |
66 | | | 66 | |
67 | #include "opt_inet.h" | | 67 | #include "opt_inet.h" |
68 | #include "opt_inet6.h" | | 68 | #include "opt_inet6.h" |
69 | #include "opt_ipsec.h" | | 69 | #include "opt_ipsec.h" |
70 | #include "opt_pfil_hooks.h" | | 70 | #include "opt_pfil_hooks.h" |
71 | | | 71 | |
72 | #include <sys/param.h> | | 72 | #include <sys/param.h> |
73 | #include <sys/malloc.h> | | 73 | #include <sys/malloc.h> |
74 | #include <sys/mbuf.h> | | 74 | #include <sys/mbuf.h> |
75 | #include <sys/errno.h> | | 75 | #include <sys/errno.h> |
76 | #include <sys/protosw.h> | | 76 | #include <sys/protosw.h> |
77 | #include <sys/socket.h> | | 77 | #include <sys/socket.h> |
78 | #include <sys/socketvar.h> | | 78 | #include <sys/socketvar.h> |
79 | #include <sys/systm.h> | | 79 | #include <sys/systm.h> |
80 | #include <sys/proc.h> | | 80 | #include <sys/proc.h> |
81 | #include <sys/kauth.h> | | 81 | #include <sys/kauth.h> |
82 | | | 82 | |
83 | #include <net/if.h> | | 83 | #include <net/if.h> |
84 | #include <net/route.h> | | 84 | #include <net/route.h> |
85 | #ifdef PFIL_HOOKS | | 85 | #ifdef PFIL_HOOKS |
86 | #include <net/pfil.h> | | 86 | #include <net/pfil.h> |
87 | #endif | | 87 | #endif |
88 | | | 88 | |
89 | #include <netinet/in.h> | | 89 | #include <netinet/in.h> |
90 | #include <netinet/in_var.h> | | 90 | #include <netinet/in_var.h> |
91 | #include <netinet/ip6.h> | | 91 | #include <netinet/ip6.h> |
92 | #include <netinet/icmp6.h> | | 92 | #include <netinet/icmp6.h> |
93 | #include <netinet/in_offload.h> | | 93 | #include <netinet/in_offload.h> |
94 | #include <netinet6/in6_offload.h> | | 94 | #include <netinet6/in6_offload.h> |
95 | #include <netinet6/ip6_var.h> | | 95 | #include <netinet6/ip6_var.h> |
96 | #include <netinet6/ip6_private.h> | | 96 | #include <netinet6/ip6_private.h> |
97 | #include <netinet6/in6_pcb.h> | | 97 | #include <netinet6/in6_pcb.h> |
98 | #include <netinet6/nd6.h> | | 98 | #include <netinet6/nd6.h> |
99 | #include <netinet6/ip6protosw.h> | | 99 | #include <netinet6/ip6protosw.h> |
100 | #include <netinet6/scope6_var.h> | | 100 | #include <netinet6/scope6_var.h> |
101 | | | 101 | |
102 | #ifdef IPSEC | | 102 | #ifdef IPSEC |
103 | #include <netinet6/ipsec.h> | | 103 | #include <netinet6/ipsec.h> |
104 | #include <netinet6/ipsec_private.h> | | 104 | #include <netinet6/ipsec_private.h> |
105 | #include <netkey/key.h> | | 105 | #include <netkey/key.h> |
106 | #endif /* IPSEC */ | | 106 | #endif /* IPSEC */ |
107 | | | 107 | |
108 | #ifdef FAST_IPSEC | | 108 | #ifdef FAST_IPSEC |
109 | #include <netipsec/ipsec.h> | | 109 | #include <netipsec/ipsec.h> |
110 | #include <netipsec/ipsec6.h> | | 110 | #include <netipsec/ipsec6.h> |
111 | #include <netipsec/key.h> | | 111 | #include <netipsec/key.h> |
112 | #include <netipsec/xform.h> | | 112 | #include <netipsec/xform.h> |
113 | #endif | | 113 | #endif |
114 | | | 114 | |
115 | | | 115 | |
116 | #include <net/net_osdep.h> | | 116 | #include <net/net_osdep.h> |
117 | | | 117 | |
118 | #ifdef PFIL_HOOKS | | 118 | #ifdef PFIL_HOOKS |
119 | extern struct pfil_head inet6_pfil_hook; /* XXX */ | | 119 | extern struct pfil_head inet6_pfil_hook; /* XXX */ |
120 | #endif | | 120 | #endif |
121 | | | 121 | |
122 | struct ip6_exthdrs { | | 122 | struct ip6_exthdrs { |
123 | struct mbuf *ip6e_ip6; | | 123 | struct mbuf *ip6e_ip6; |
124 | struct mbuf *ip6e_hbh; | | 124 | struct mbuf *ip6e_hbh; |
125 | struct mbuf *ip6e_dest1; | | 125 | struct mbuf *ip6e_dest1; |
126 | struct mbuf *ip6e_rthdr; | | 126 | struct mbuf *ip6e_rthdr; |
127 | struct mbuf *ip6e_dest2; | | 127 | struct mbuf *ip6e_dest2; |
128 | }; | | 128 | }; |
129 | | | 129 | |
130 | static int ip6_pcbopt(int, u_char *, int, struct ip6_pktopts **, | | 130 | static int ip6_pcbopt(int, u_char *, int, struct ip6_pktopts **, |
131 | kauth_cred_t, int); | | 131 | kauth_cred_t, int); |
132 | static int ip6_getpcbopt(struct ip6_pktopts *, int, struct sockopt *); | | 132 | static int ip6_getpcbopt(struct ip6_pktopts *, int, struct sockopt *); |
133 | static int ip6_setpktopt(int, u_char *, int, struct ip6_pktopts *, kauth_cred_t, | | 133 | static int ip6_setpktopt(int, u_char *, int, struct ip6_pktopts *, kauth_cred_t, |
134 | int, int, int); | | 134 | int, int, int); |
135 | static int ip6_setmoptions(const struct sockopt *, struct ip6_moptions **); | | 135 | static int ip6_setmoptions(const struct sockopt *, struct ip6_moptions **); |
136 | static int ip6_getmoptions(struct sockopt *, struct ip6_moptions *); | | 136 | static int ip6_getmoptions(struct sockopt *, struct ip6_moptions *); |
137 | static int ip6_copyexthdr(struct mbuf **, void *, int); | | 137 | static int ip6_copyexthdr(struct mbuf **, void *, int); |
138 | static int ip6_insertfraghdr(struct mbuf *, struct mbuf *, int, | | 138 | static int ip6_insertfraghdr(struct mbuf *, struct mbuf *, int, |
139 | struct ip6_frag **); | | 139 | struct ip6_frag **); |
140 | static int ip6_insert_jumboopt(struct ip6_exthdrs *, u_int32_t); | | 140 | static int ip6_insert_jumboopt(struct ip6_exthdrs *, u_int32_t); |
141 | static int ip6_splithdr(struct mbuf *, struct ip6_exthdrs *); | | 141 | static int ip6_splithdr(struct mbuf *, struct ip6_exthdrs *); |
142 | static int ip6_getpmtu(struct route *, struct route *, struct ifnet *, | | 142 | static int ip6_getpmtu(struct route *, struct route *, struct ifnet *, |
143 | const struct in6_addr *, u_long *, int *); | | 143 | const struct in6_addr *, u_long *, int *); |
144 | static int copypktopts(struct ip6_pktopts *, struct ip6_pktopts *, int); | | 144 | static int copypktopts(struct ip6_pktopts *, struct ip6_pktopts *, int); |
145 | | | 145 | |
146 | #ifdef RFC2292 | | 146 | #ifdef RFC2292 |
147 | static int ip6_pcbopts(struct ip6_pktopts **, struct socket *, struct sockopt *); | | 147 | static int ip6_pcbopts(struct ip6_pktopts **, struct socket *, struct sockopt *); |
148 | #endif | | 148 | #endif |
149 | | | 149 | |
150 | #define IN6_NEED_CHECKSUM(ifp, csum_flags) \ | | | |
151 | (__predict_true(((ifp)->if_flags & IFF_LOOPBACK) == 0 || \ | | | |
152 | (((csum_flags) & M_CSUM_UDPv6) != 0 && udp_do_loopback_cksum) || \ | | | |
153 | (((csum_flags) & M_CSUM_TCPv6) != 0 && tcp_do_loopback_cksum))) | | | |
154 | | | | |
155 | /* | | 150 | /* |
156 | * IP6 output. The packet in mbuf chain m contains a skeletal IP6 | | 151 | * IP6 output. The packet in mbuf chain m contains a skeletal IP6 |
157 | * header (with pri, len, nxt, hlim, src, dst). | | 152 | * header (with pri, len, nxt, hlim, src, dst). |
158 | * This function may modify ver and hlim only. | | 153 | * This function may modify ver and hlim only. |
159 | * The mbuf chain containing the packet will be freed. | | 154 | * The mbuf chain containing the packet will be freed. |
160 | * The mbuf opt, if present, will not be freed. | | 155 | * The mbuf opt, if present, will not be freed. |
161 | * | | 156 | * |
162 | * type of "mtu": rt_rmx.rmx_mtu is u_long, ifnet.ifr_mtu is int, and | | 157 | * type of "mtu": rt_rmx.rmx_mtu is u_long, ifnet.ifr_mtu is int, and |
163 | * nd_ifinfo.linkmtu is u_int32_t. so we use u_long to hold largest one, | | 158 | * nd_ifinfo.linkmtu is u_int32_t. so we use u_long to hold largest one, |
164 | * which is rt_rmx.rmx_mtu. | | 159 | * which is rt_rmx.rmx_mtu. |
165 | */ | | 160 | */ |
166 | int | | 161 | int |
167 | ip6_output( | | 162 | ip6_output( |
168 | struct mbuf *m0, | | 163 | struct mbuf *m0, |
169 | struct ip6_pktopts *opt, | | 164 | struct ip6_pktopts *opt, |
170 | struct route *ro, | | 165 | struct route *ro, |
171 | int flags, | | 166 | int flags, |
172 | struct ip6_moptions *im6o, | | 167 | struct ip6_moptions *im6o, |
173 | struct socket *so, | | 168 | struct socket *so, |
174 | struct ifnet **ifpp /* XXX: just for statistics */ | | 169 | struct ifnet **ifpp /* XXX: just for statistics */ |
175 | ) | | 170 | ) |
176 | { | | 171 | { |
177 | struct ip6_hdr *ip6, *mhip6; | | 172 | struct ip6_hdr *ip6, *mhip6; |
178 | struct ifnet *ifp, *origifp; | | 173 | struct ifnet *ifp, *origifp; |
179 | struct mbuf *m = m0; | | 174 | struct mbuf *m = m0; |
180 | int hlen, tlen, len, off; | | 175 | int hlen, tlen, len, off; |
181 | bool tso; | | 176 | bool tso; |
182 | struct route ip6route; | | 177 | struct route ip6route; |
183 | struct rtentry *rt = NULL; | | 178 | struct rtentry *rt = NULL; |
184 | const struct sockaddr_in6 *dst = NULL; | | 179 | const struct sockaddr_in6 *dst = NULL; |
185 | struct sockaddr_in6 src_sa, dst_sa; | | 180 | struct sockaddr_in6 src_sa, dst_sa; |
186 | int error = 0; | | 181 | int error = 0; |
187 | struct in6_ifaddr *ia = NULL; | | 182 | struct in6_ifaddr *ia = NULL; |
188 | u_long mtu; | | 183 | u_long mtu; |
189 | int alwaysfrag, dontfrag; | | 184 | int alwaysfrag, dontfrag; |
190 | u_int32_t optlen = 0, plen = 0, unfragpartlen = 0; | | 185 | u_int32_t optlen = 0, plen = 0, unfragpartlen = 0; |
191 | struct ip6_exthdrs exthdrs; | | 186 | struct ip6_exthdrs exthdrs; |
192 | struct in6_addr finaldst, src0, dst0; | | 187 | struct in6_addr finaldst, src0, dst0; |
193 | u_int32_t zone; | | 188 | u_int32_t zone; |
194 | struct route *ro_pmtu = NULL; | | 189 | struct route *ro_pmtu = NULL; |
195 | int hdrsplit = 0; | | 190 | int hdrsplit = 0; |
196 | int needipsec = 0; | | 191 | int needipsec = 0; |
197 | #ifdef IPSEC | | 192 | #ifdef IPSEC |
198 | int needipsectun = 0; | | 193 | int needipsectun = 0; |
199 | struct secpolicy *sp = NULL; | | 194 | struct secpolicy *sp = NULL; |
200 | | | 195 | |
201 | ip6 = mtod(m, struct ip6_hdr *); | | 196 | ip6 = mtod(m, struct ip6_hdr *); |
202 | #endif /* IPSEC */ | | 197 | #endif /* IPSEC */ |
203 | #ifdef FAST_IPSEC | | 198 | #ifdef FAST_IPSEC |
204 | struct secpolicy *sp = NULL; | | 199 | struct secpolicy *sp = NULL; |
205 | int s; | | 200 | int s; |
206 | #endif | | 201 | #endif |
207 | | | 202 | |
208 | memset(&ip6route, 0, sizeof(ip6route)); | | 203 | memset(&ip6route, 0, sizeof(ip6route)); |
209 | | | 204 | |
210 | #ifdef DIAGNOSTIC | | 205 | #ifdef DIAGNOSTIC |
211 | if ((m->m_flags & M_PKTHDR) == 0) | | 206 | if ((m->m_flags & M_PKTHDR) == 0) |
212 | panic("ip6_output: no HDR"); | | 207 | panic("ip6_output: no HDR"); |
213 | | | 208 | |
214 | if ((m->m_pkthdr.csum_flags & | | 209 | if ((m->m_pkthdr.csum_flags & |
215 | (M_CSUM_TCPv4|M_CSUM_UDPv4|M_CSUM_TSOv4)) != 0) { | | 210 | (M_CSUM_TCPv4|M_CSUM_UDPv4|M_CSUM_TSOv4)) != 0) { |
216 | panic("ip6_output: IPv4 checksum offload flags: %d", | | 211 | panic("ip6_output: IPv4 checksum offload flags: %d", |
217 | m->m_pkthdr.csum_flags); | | 212 | m->m_pkthdr.csum_flags); |
218 | } | | 213 | } |
219 | | | 214 | |
220 | if ((m->m_pkthdr.csum_flags & (M_CSUM_TCPv6|M_CSUM_UDPv6)) == | | 215 | if ((m->m_pkthdr.csum_flags & (M_CSUM_TCPv6|M_CSUM_UDPv6)) == |
221 | (M_CSUM_TCPv6|M_CSUM_UDPv6)) { | | 216 | (M_CSUM_TCPv6|M_CSUM_UDPv6)) { |
222 | panic("ip6_output: conflicting checksum offload flags: %d", | | 217 | panic("ip6_output: conflicting checksum offload flags: %d", |
223 | m->m_pkthdr.csum_flags); | | 218 | m->m_pkthdr.csum_flags); |
224 | } | | 219 | } |
225 | #endif | | 220 | #endif |
226 | | | 221 | |
227 | M_CSUM_DATA_IPv6_HL_SET(m->m_pkthdr.csum_data, sizeof(struct ip6_hdr)); | | 222 | M_CSUM_DATA_IPv6_HL_SET(m->m_pkthdr.csum_data, sizeof(struct ip6_hdr)); |
228 | | | 223 | |
229 | #define MAKE_EXTHDR(hp, mp) \ | | 224 | #define MAKE_EXTHDR(hp, mp) \ |
230 | do { \ | | 225 | do { \ |
231 | if (hp) { \ | | 226 | if (hp) { \ |
232 | struct ip6_ext *eh = (struct ip6_ext *)(hp); \ | | 227 | struct ip6_ext *eh = (struct ip6_ext *)(hp); \ |
233 | error = ip6_copyexthdr((mp), (void *)(hp), \ | | 228 | error = ip6_copyexthdr((mp), (void *)(hp), \ |
234 | ((eh)->ip6e_len + 1) << 3); \ | | 229 | ((eh)->ip6e_len + 1) << 3); \ |
235 | if (error) \ | | 230 | if (error) \ |
236 | goto freehdrs; \ | | 231 | goto freehdrs; \ |
237 | } \ | | 232 | } \ |
238 | } while (/*CONSTCOND*/ 0) | | 233 | } while (/*CONSTCOND*/ 0) |
239 | | | 234 | |
240 | memset(&exthdrs, 0, sizeof(exthdrs)); | | 235 | memset(&exthdrs, 0, sizeof(exthdrs)); |
241 | if (opt) { | | 236 | if (opt) { |
242 | /* Hop-by-Hop options header */ | | 237 | /* Hop-by-Hop options header */ |
243 | MAKE_EXTHDR(opt->ip6po_hbh, &exthdrs.ip6e_hbh); | | 238 | MAKE_EXTHDR(opt->ip6po_hbh, &exthdrs.ip6e_hbh); |
244 | /* Destination options header(1st part) */ | | 239 | /* Destination options header(1st part) */ |
245 | MAKE_EXTHDR(opt->ip6po_dest1, &exthdrs.ip6e_dest1); | | 240 | MAKE_EXTHDR(opt->ip6po_dest1, &exthdrs.ip6e_dest1); |
246 | /* Routing header */ | | 241 | /* Routing header */ |
247 | MAKE_EXTHDR(opt->ip6po_rthdr, &exthdrs.ip6e_rthdr); | | 242 | MAKE_EXTHDR(opt->ip6po_rthdr, &exthdrs.ip6e_rthdr); |
248 | /* Destination options header(2nd part) */ | | 243 | /* Destination options header(2nd part) */ |
249 | MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2); | | 244 | MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2); |
250 | } | | 245 | } |
251 | | | 246 | |
252 | #ifdef IPSEC | | 247 | #ifdef IPSEC |
253 | if ((flags & IPV6_FORWARDING) != 0) { | | 248 | if ((flags & IPV6_FORWARDING) != 0) { |
254 | needipsec = 0; | | 249 | needipsec = 0; |
255 | goto skippolicycheck; | | 250 | goto skippolicycheck; |
256 | } | | 251 | } |
257 | | | 252 | |
258 | /* get a security policy for this packet */ | | 253 | /* get a security policy for this packet */ |
259 | if (so == NULL) | | 254 | if (so == NULL) |
260 | sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error); | | 255 | sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error); |
261 | else { | | 256 | else { |
262 | if (IPSEC_PCB_SKIP_IPSEC(sotoinpcb_hdr(so)->inph_sp, | | 257 | if (IPSEC_PCB_SKIP_IPSEC(sotoinpcb_hdr(so)->inph_sp, |
263 | IPSEC_DIR_OUTBOUND)) { | | 258 | IPSEC_DIR_OUTBOUND)) { |
264 | needipsec = 0; | | 259 | needipsec = 0; |
265 | goto skippolicycheck; | | 260 | goto skippolicycheck; |
266 | } | | 261 | } |
267 | sp = ipsec6_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error); | | 262 | sp = ipsec6_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error); |
268 | } | | 263 | } |
269 | | | 264 | |
270 | if (sp == NULL) { | | 265 | if (sp == NULL) { |
271 | IPSEC6_STATINC(IPSEC_STAT_OUT_INVAL); | | 266 | IPSEC6_STATINC(IPSEC_STAT_OUT_INVAL); |
272 | goto freehdrs; | | 267 | goto freehdrs; |
273 | } | | 268 | } |
274 | | | 269 | |
275 | error = 0; | | 270 | error = 0; |
276 | | | 271 | |
277 | /* check policy */ | | 272 | /* check policy */ |
278 | switch (sp->policy) { | | 273 | switch (sp->policy) { |
279 | case IPSEC_POLICY_DISCARD: | | 274 | case IPSEC_POLICY_DISCARD: |
280 | /* | | 275 | /* |
281 | * This packet is just discarded. | | 276 | * This packet is just discarded. |
282 | */ | | 277 | */ |
283 | IPSEC6_STATINC(IPSEC_STAT_OUT_POLVIO); | | 278 | IPSEC6_STATINC(IPSEC_STAT_OUT_POLVIO); |
284 | goto freehdrs; | | 279 | goto freehdrs; |
285 | | | 280 | |
286 | case IPSEC_POLICY_BYPASS: | | 281 | case IPSEC_POLICY_BYPASS: |
287 | case IPSEC_POLICY_NONE: | | 282 | case IPSEC_POLICY_NONE: |
288 | /* no need to do IPsec. */ | | 283 | /* no need to do IPsec. */ |
289 | needipsec = 0; | | 284 | needipsec = 0; |
290 | break; | | 285 | break; |
291 | | | 286 | |
292 | case IPSEC_POLICY_IPSEC: | | 287 | case IPSEC_POLICY_IPSEC: |
293 | if (sp->req == NULL) { | | 288 | if (sp->req == NULL) { |
294 | /* XXX should be panic ? */ | | 289 | /* XXX should be panic ? */ |
295 | printf("ip6_output: No IPsec request specified.\n"); | | 290 | printf("ip6_output: No IPsec request specified.\n"); |
296 | error = EINVAL; | | 291 | error = EINVAL; |
297 | goto freehdrs; | | 292 | goto freehdrs; |
298 | } | | 293 | } |
299 | needipsec = 1; | | 294 | needipsec = 1; |
300 | break; | | 295 | break; |
301 | | | 296 | |
302 | case IPSEC_POLICY_ENTRUST: | | 297 | case IPSEC_POLICY_ENTRUST: |
303 | default: | | 298 | default: |
304 | printf("ip6_output: Invalid policy found. %d\n", sp->policy); | | 299 | printf("ip6_output: Invalid policy found. %d\n", sp->policy); |
305 | } | | 300 | } |
306 | | | 301 | |
307 | skippolicycheck:; | | 302 | skippolicycheck:; |
308 | #endif /* IPSEC */ | | 303 | #endif /* IPSEC */ |
309 | | | 304 | |
310 | /* | | 305 | /* |
311 | * Calculate the total length of the extension header chain. | | 306 | * Calculate the total length of the extension header chain. |
312 | * Keep the length of the unfragmentable part for fragmentation. | | 307 | * Keep the length of the unfragmentable part for fragmentation. |
313 | */ | | 308 | */ |
314 | optlen = 0; | | 309 | optlen = 0; |
315 | if (exthdrs.ip6e_hbh) optlen += exthdrs.ip6e_hbh->m_len; | | 310 | if (exthdrs.ip6e_hbh) optlen += exthdrs.ip6e_hbh->m_len; |
316 | if (exthdrs.ip6e_dest1) optlen += exthdrs.ip6e_dest1->m_len; | | 311 | if (exthdrs.ip6e_dest1) optlen += exthdrs.ip6e_dest1->m_len; |
317 | if (exthdrs.ip6e_rthdr) optlen += exthdrs.ip6e_rthdr->m_len; | | 312 | if (exthdrs.ip6e_rthdr) optlen += exthdrs.ip6e_rthdr->m_len; |
318 | unfragpartlen = optlen + sizeof(struct ip6_hdr); | | 313 | unfragpartlen = optlen + sizeof(struct ip6_hdr); |
319 | /* NOTE: we don't add AH/ESP length here. do that later. */ | | 314 | /* NOTE: we don't add AH/ESP length here. do that later. */ |
320 | if (exthdrs.ip6e_dest2) optlen += exthdrs.ip6e_dest2->m_len; | | 315 | if (exthdrs.ip6e_dest2) optlen += exthdrs.ip6e_dest2->m_len; |
321 | | | 316 | |
322 | #ifdef FAST_IPSEC | | 317 | #ifdef FAST_IPSEC |
323 | /* Check the security policy (SP) for the packet */ | | 318 | /* Check the security policy (SP) for the packet */ |
324 | | | 319 | |
325 | /* XXX For moment, we doesn't support packet with extented action */ | | 320 | /* XXX For moment, we doesn't support packet with extented action */ |
326 | if (optlen !=0) | | 321 | if (optlen !=0) |
327 | goto freehdrs; | | 322 | goto freehdrs; |
328 | | | 323 | |
329 | sp = ipsec6_check_policy(m,so,flags,&needipsec,&error); | | 324 | sp = ipsec6_check_policy(m,so,flags,&needipsec,&error); |
330 | if (error != 0) { | | 325 | if (error != 0) { |
331 | /* | | 326 | /* |
332 | * Hack: -EINVAL is used to signal that a packet | | 327 | * Hack: -EINVAL is used to signal that a packet |
333 | * should be silently discarded. This is typically | | 328 | * should be silently discarded. This is typically |
334 | * because we asked key management for an SA and | | 329 | * because we asked key management for an SA and |
335 | * it was delayed (e.g. kicked up to IKE). | | 330 | * it was delayed (e.g. kicked up to IKE). |
336 | */ | | 331 | */ |
337 | if (error == -EINVAL) | | 332 | if (error == -EINVAL) |
338 | error = 0; | | 333 | error = 0; |
339 | goto freehdrs; | | 334 | goto freehdrs; |
340 | } | | 335 | } |
341 | #endif /* FAST_IPSEC */ | | 336 | #endif /* FAST_IPSEC */ |
342 | | | 337 | |
343 | | | 338 | |
344 | if (needipsec && | | 339 | if (needipsec && |
345 | (m->m_pkthdr.csum_flags & (M_CSUM_UDPv6|M_CSUM_TCPv6)) != 0) { | | 340 | (m->m_pkthdr.csum_flags & (M_CSUM_UDPv6|M_CSUM_TCPv6)) != 0) { |
346 | in6_delayed_cksum(m); | | 341 | in6_delayed_cksum(m); |
347 | m->m_pkthdr.csum_flags &= ~(M_CSUM_UDPv6|M_CSUM_TCPv6); | | 342 | m->m_pkthdr.csum_flags &= ~(M_CSUM_UDPv6|M_CSUM_TCPv6); |
348 | } | | 343 | } |
349 | | | 344 | |
350 | | | 345 | |
351 | /* | | 346 | /* |
352 | * If we need IPsec, or there is at least one extension header, | | 347 | * If we need IPsec, or there is at least one extension header, |
353 | * separate IP6 header from the payload. | | 348 | * separate IP6 header from the payload. |
354 | */ | | 349 | */ |
355 | if ((needipsec || optlen) && !hdrsplit) { | | 350 | if ((needipsec || optlen) && !hdrsplit) { |
356 | if ((error = ip6_splithdr(m, &exthdrs)) != 0) { | | 351 | if ((error = ip6_splithdr(m, &exthdrs)) != 0) { |
357 | m = NULL; | | 352 | m = NULL; |
358 | goto freehdrs; | | 353 | goto freehdrs; |
359 | } | | 354 | } |
360 | m = exthdrs.ip6e_ip6; | | 355 | m = exthdrs.ip6e_ip6; |
361 | hdrsplit++; | | 356 | hdrsplit++; |
362 | } | | 357 | } |
363 | | | 358 | |
364 | /* adjust pointer */ | | 359 | /* adjust pointer */ |
365 | ip6 = mtod(m, struct ip6_hdr *); | | 360 | ip6 = mtod(m, struct ip6_hdr *); |
366 | | | 361 | |
367 | /* adjust mbuf packet header length */ | | 362 | /* adjust mbuf packet header length */ |
368 | m->m_pkthdr.len += optlen; | | 363 | m->m_pkthdr.len += optlen; |
369 | plen = m->m_pkthdr.len - sizeof(*ip6); | | 364 | plen = m->m_pkthdr.len - sizeof(*ip6); |
370 | | | 365 | |
371 | /* If this is a jumbo payload, insert a jumbo payload option. */ | | 366 | /* If this is a jumbo payload, insert a jumbo payload option. */ |
372 | if (plen > IPV6_MAXPACKET) { | | 367 | if (plen > IPV6_MAXPACKET) { |
373 | if (!hdrsplit) { | | 368 | if (!hdrsplit) { |
374 | if ((error = ip6_splithdr(m, &exthdrs)) != 0) { | | 369 | if ((error = ip6_splithdr(m, &exthdrs)) != 0) { |
375 | m = NULL; | | 370 | m = NULL; |
376 | goto freehdrs; | | 371 | goto freehdrs; |
377 | } | | 372 | } |
378 | m = exthdrs.ip6e_ip6; | | 373 | m = exthdrs.ip6e_ip6; |
379 | hdrsplit++; | | 374 | hdrsplit++; |
380 | } | | 375 | } |
381 | /* adjust pointer */ | | 376 | /* adjust pointer */ |
382 | ip6 = mtod(m, struct ip6_hdr *); | | 377 | ip6 = mtod(m, struct ip6_hdr *); |
383 | if ((error = ip6_insert_jumboopt(&exthdrs, plen)) != 0) | | 378 | if ((error = ip6_insert_jumboopt(&exthdrs, plen)) != 0) |
384 | goto freehdrs; | | 379 | goto freehdrs; |
385 | optlen += 8; /* XXX JUMBOOPTLEN */ | | 380 | optlen += 8; /* XXX JUMBOOPTLEN */ |
386 | ip6->ip6_plen = 0; | | 381 | ip6->ip6_plen = 0; |
387 | } else | | 382 | } else |
388 | ip6->ip6_plen = htons(plen); | | 383 | ip6->ip6_plen = htons(plen); |
389 | | | 384 | |
390 | /* | | 385 | /* |
391 | * Concatenate headers and fill in next header fields. | | 386 | * Concatenate headers and fill in next header fields. |
392 | * Here we have, on "m" | | 387 | * Here we have, on "m" |
393 | * IPv6 payload | | 388 | * IPv6 payload |
394 | * and we insert headers accordingly. Finally, we should be getting: | | 389 | * and we insert headers accordingly. Finally, we should be getting: |
395 | * IPv6 hbh dest1 rthdr ah* [esp* dest2 payload] | | 390 | * IPv6 hbh dest1 rthdr ah* [esp* dest2 payload] |
396 | * | | 391 | * |
397 | * during the header composing process, "m" points to IPv6 header. | | 392 | * during the header composing process, "m" points to IPv6 header. |
398 | * "mprev" points to an extension header prior to esp. | | 393 | * "mprev" points to an extension header prior to esp. |
399 | */ | | 394 | */ |
400 | { | | 395 | { |
401 | u_char *nexthdrp = &ip6->ip6_nxt; | | 396 | u_char *nexthdrp = &ip6->ip6_nxt; |
402 | struct mbuf *mprev = m; | | 397 | struct mbuf *mprev = m; |
403 | | | 398 | |
404 | /* | | 399 | /* |
405 | * we treat dest2 specially. this makes IPsec processing | | 400 | * we treat dest2 specially. this makes IPsec processing |
406 | * much easier. the goal here is to make mprev point the | | 401 | * much easier. the goal here is to make mprev point the |
407 | * mbuf prior to dest2. | | 402 | * mbuf prior to dest2. |
408 | * | | 403 | * |
409 | * result: IPv6 dest2 payload | | 404 | * result: IPv6 dest2 payload |
410 | * m and mprev will point to IPv6 header. | | 405 | * m and mprev will point to IPv6 header. |
411 | */ | | 406 | */ |
412 | if (exthdrs.ip6e_dest2) { | | 407 | if (exthdrs.ip6e_dest2) { |
413 | if (!hdrsplit) | | 408 | if (!hdrsplit) |
414 | panic("assumption failed: hdr not split"); | | 409 | panic("assumption failed: hdr not split"); |
415 | exthdrs.ip6e_dest2->m_next = m->m_next; | | 410 | exthdrs.ip6e_dest2->m_next = m->m_next; |
416 | m->m_next = exthdrs.ip6e_dest2; | | 411 | m->m_next = exthdrs.ip6e_dest2; |
417 | *mtod(exthdrs.ip6e_dest2, u_char *) = ip6->ip6_nxt; | | 412 | *mtod(exthdrs.ip6e_dest2, u_char *) = ip6->ip6_nxt; |
418 | ip6->ip6_nxt = IPPROTO_DSTOPTS; | | 413 | ip6->ip6_nxt = IPPROTO_DSTOPTS; |
419 | } | | 414 | } |
420 | | | 415 | |
421 | #define MAKE_CHAIN(m, mp, p, i)\ | | 416 | #define MAKE_CHAIN(m, mp, p, i)\ |
422 | do {\ | | 417 | do {\ |
423 | if (m) {\ | | 418 | if (m) {\ |
424 | if (!hdrsplit) \ | | 419 | if (!hdrsplit) \ |
425 | panic("assumption failed: hdr not split"); \ | | 420 | panic("assumption failed: hdr not split"); \ |
426 | *mtod((m), u_char *) = *(p);\ | | 421 | *mtod((m), u_char *) = *(p);\ |
427 | *(p) = (i);\ | | 422 | *(p) = (i);\ |
428 | p = mtod((m), u_char *);\ | | 423 | p = mtod((m), u_char *);\ |
429 | (m)->m_next = (mp)->m_next;\ | | 424 | (m)->m_next = (mp)->m_next;\ |
430 | (mp)->m_next = (m);\ | | 425 | (mp)->m_next = (m);\ |
431 | (mp) = (m);\ | | 426 | (mp) = (m);\ |
432 | }\ | | 427 | }\ |
433 | } while (/*CONSTCOND*/ 0) | | 428 | } while (/*CONSTCOND*/ 0) |
434 | /* | | 429 | /* |
435 | * result: IPv6 hbh dest1 rthdr dest2 payload | | 430 | * result: IPv6 hbh dest1 rthdr dest2 payload |
436 | * m will point to IPv6 header. mprev will point to the | | 431 | * m will point to IPv6 header. mprev will point to the |
437 | * extension header prior to dest2 (rthdr in the above case). | | 432 | * extension header prior to dest2 (rthdr in the above case). |
438 | */ | | 433 | */ |
439 | MAKE_CHAIN(exthdrs.ip6e_hbh, mprev, nexthdrp, IPPROTO_HOPOPTS); | | 434 | MAKE_CHAIN(exthdrs.ip6e_hbh, mprev, nexthdrp, IPPROTO_HOPOPTS); |
440 | MAKE_CHAIN(exthdrs.ip6e_dest1, mprev, nexthdrp, | | 435 | MAKE_CHAIN(exthdrs.ip6e_dest1, mprev, nexthdrp, |
441 | IPPROTO_DSTOPTS); | | 436 | IPPROTO_DSTOPTS); |
442 | MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev, nexthdrp, | | 437 | MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev, nexthdrp, |
443 | IPPROTO_ROUTING); | | 438 | IPPROTO_ROUTING); |
444 | | | 439 | |
445 | M_CSUM_DATA_IPv6_HL_SET(m->m_pkthdr.csum_data, | | 440 | M_CSUM_DATA_IPv6_HL_SET(m->m_pkthdr.csum_data, |
446 | sizeof(struct ip6_hdr) + optlen); | | 441 | sizeof(struct ip6_hdr) + optlen); |
447 | | | 442 | |
448 | #ifdef IPSEC | | 443 | #ifdef IPSEC |
449 | if (!needipsec) | | 444 | if (!needipsec) |
450 | goto skip_ipsec2; | | 445 | goto skip_ipsec2; |
451 | | | 446 | |
452 | /* | | 447 | /* |
453 | * pointers after IPsec headers are not valid any more. | | 448 | * pointers after IPsec headers are not valid any more. |
454 | * other pointers need a great care too. | | 449 | * other pointers need a great care too. |
455 | * (IPsec routines should not mangle mbufs prior to AH/ESP) | | 450 | * (IPsec routines should not mangle mbufs prior to AH/ESP) |
456 | */ | | 451 | */ |
457 | exthdrs.ip6e_dest2 = NULL; | | 452 | exthdrs.ip6e_dest2 = NULL; |
458 | | | 453 | |
459 | { | | 454 | { |
460 | struct ip6_rthdr *rh = NULL; | | 455 | struct ip6_rthdr *rh = NULL; |
461 | int segleft_org = 0; | | 456 | int segleft_org = 0; |
462 | struct ipsec_output_state state; | | 457 | struct ipsec_output_state state; |
463 | | | 458 | |
464 | if (exthdrs.ip6e_rthdr) { | | 459 | if (exthdrs.ip6e_rthdr) { |
465 | rh = mtod(exthdrs.ip6e_rthdr, struct ip6_rthdr *); | | 460 | rh = mtod(exthdrs.ip6e_rthdr, struct ip6_rthdr *); |
466 | segleft_org = rh->ip6r_segleft; | | 461 | segleft_org = rh->ip6r_segleft; |
467 | rh->ip6r_segleft = 0; | | 462 | rh->ip6r_segleft = 0; |
468 | } | | 463 | } |
469 | | | 464 | |
470 | memset(&state, 0, sizeof(state)); | | 465 | memset(&state, 0, sizeof(state)); |
471 | state.m = m; | | 466 | state.m = m; |
472 | error = ipsec6_output_trans(&state, nexthdrp, mprev, sp, flags, | | 467 | error = ipsec6_output_trans(&state, nexthdrp, mprev, sp, flags, |
473 | &needipsectun); | | 468 | &needipsectun); |
474 | m = state.m; | | 469 | m = state.m; |
475 | if (error) { | | 470 | if (error) { |
476 | rh = mtod(exthdrs.ip6e_rthdr, struct ip6_rthdr *); | | 471 | rh = mtod(exthdrs.ip6e_rthdr, struct ip6_rthdr *); |
477 | /* mbuf is already reclaimed in ipsec6_output_trans. */ | | 472 | /* mbuf is already reclaimed in ipsec6_output_trans. */ |
478 | m = NULL; | | 473 | m = NULL; |
479 | switch (error) { | | 474 | switch (error) { |
480 | case EHOSTUNREACH: | | 475 | case EHOSTUNREACH: |
481 | case ENETUNREACH: | | 476 | case ENETUNREACH: |
482 | case EMSGSIZE: | | 477 | case EMSGSIZE: |
483 | case ENOBUFS: | | 478 | case ENOBUFS: |
484 | case ENOMEM: | | 479 | case ENOMEM: |
485 | break; | | 480 | break; |
486 | default: | | 481 | default: |
487 | printf("ip6_output (ipsec): error code %d\n", error); | | 482 | printf("ip6_output (ipsec): error code %d\n", error); |
488 | /* FALLTHROUGH */ | | 483 | /* FALLTHROUGH */ |
489 | case ENOENT: | | 484 | case ENOENT: |
490 | /* don't show these error codes to the user */ | | 485 | /* don't show these error codes to the user */ |
491 | error = 0; | | 486 | error = 0; |
492 | break; | | 487 | break; |
493 | } | | 488 | } |
494 | goto bad; | | 489 | goto bad; |
495 | } | | 490 | } |
496 | if (exthdrs.ip6e_rthdr) { | | 491 | if (exthdrs.ip6e_rthdr) { |
497 | /* ah6_output doesn't modify mbuf chain */ | | 492 | /* ah6_output doesn't modify mbuf chain */ |
498 | rh->ip6r_segleft = segleft_org; | | 493 | rh->ip6r_segleft = segleft_org; |
499 | } | | 494 | } |
500 | } | | 495 | } |
501 | skip_ipsec2:; | | 496 | skip_ipsec2:; |
502 | #endif | | 497 | #endif |
503 | } | | 498 | } |
504 | | | 499 | |
505 | /* | | 500 | /* |
506 | * If there is a routing header, replace destination address field | | 501 | * If there is a routing header, replace destination address field |
507 | * with the first hop of the routing header. | | 502 | * with the first hop of the routing header. |
508 | */ | | 503 | */ |
509 | if (exthdrs.ip6e_rthdr) { | | 504 | if (exthdrs.ip6e_rthdr) { |
510 | struct ip6_rthdr *rh; | | 505 | struct ip6_rthdr *rh; |
511 | struct ip6_rthdr0 *rh0; | | 506 | struct ip6_rthdr0 *rh0; |
512 | struct in6_addr *addr; | | 507 | struct in6_addr *addr; |
513 | struct sockaddr_in6 sa; | | 508 | struct sockaddr_in6 sa; |
514 | | | 509 | |
515 | rh = (struct ip6_rthdr *)(mtod(exthdrs.ip6e_rthdr, | | 510 | rh = (struct ip6_rthdr *)(mtod(exthdrs.ip6e_rthdr, |
516 | struct ip6_rthdr *)); | | 511 | struct ip6_rthdr *)); |
517 | finaldst = ip6->ip6_dst; | | 512 | finaldst = ip6->ip6_dst; |
518 | switch (rh->ip6r_type) { | | 513 | switch (rh->ip6r_type) { |
519 | case IPV6_RTHDR_TYPE_0: | | 514 | case IPV6_RTHDR_TYPE_0: |
520 | rh0 = (struct ip6_rthdr0 *)rh; | | 515 | rh0 = (struct ip6_rthdr0 *)rh; |
521 | addr = (struct in6_addr *)(rh0 + 1); | | 516 | addr = (struct in6_addr *)(rh0 + 1); |
522 | | | 517 | |
523 | /* | | 518 | /* |
524 | * construct a sockaddr_in6 form of | | 519 | * construct a sockaddr_in6 form of |
525 | * the first hop. | | 520 | * the first hop. |
526 | * | | 521 | * |
527 | * XXX: we may not have enough | | 522 | * XXX: we may not have enough |
528 | * information about its scope zone; | | 523 | * information about its scope zone; |
529 | * there is no standard API to pass | | 524 | * there is no standard API to pass |
530 | * the information from the | | 525 | * the information from the |
531 | * application. | | 526 | * application. |
532 | */ | | 527 | */ |
533 | sockaddr_in6_init(&sa, addr, 0, 0, 0); | | 528 | sockaddr_in6_init(&sa, addr, 0, 0, 0); |
534 | if ((error = sa6_embedscope(&sa, | | 529 | if ((error = sa6_embedscope(&sa, |
535 | ip6_use_defzone)) != 0) { | | 530 | ip6_use_defzone)) != 0) { |
536 | goto bad; | | 531 | goto bad; |
537 | } | | 532 | } |
538 | ip6->ip6_dst = sa.sin6_addr; | | 533 | ip6->ip6_dst = sa.sin6_addr; |
539 | (void)memmove(&addr[0], &addr[1], | | 534 | (void)memmove(&addr[0], &addr[1], |
540 | sizeof(struct in6_addr) * | | 535 | sizeof(struct in6_addr) * |
541 | (rh0->ip6r0_segleft - 1)); | | 536 | (rh0->ip6r0_segleft - 1)); |
542 | addr[rh0->ip6r0_segleft - 1] = finaldst; | | 537 | addr[rh0->ip6r0_segleft - 1] = finaldst; |
543 | /* XXX */ | | 538 | /* XXX */ |
544 | in6_clearscope(addr + rh0->ip6r0_segleft - 1); | | 539 | in6_clearscope(addr + rh0->ip6r0_segleft - 1); |
545 | break; | | 540 | break; |
546 | default: /* is it possible? */ | | 541 | default: /* is it possible? */ |
547 | error = EINVAL; | | 542 | error = EINVAL; |
548 | goto bad; | | 543 | goto bad; |
549 | } | | 544 | } |
550 | } | | 545 | } |
551 | | | 546 | |
552 | /* Source address validation */ | | 547 | /* Source address validation */ |
553 | if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && | | 548 | if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && |
554 | (flags & IPV6_UNSPECSRC) == 0) { | | 549 | (flags & IPV6_UNSPECSRC) == 0) { |
555 | error = EOPNOTSUPP; | | 550 | error = EOPNOTSUPP; |
556 | IP6_STATINC(IP6_STAT_BADSCOPE); | | 551 | IP6_STATINC(IP6_STAT_BADSCOPE); |
557 | goto bad; | | 552 | goto bad; |
558 | } | | 553 | } |
559 | if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) { | | 554 | if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) { |
560 | error = EOPNOTSUPP; | | 555 | error = EOPNOTSUPP; |
561 | IP6_STATINC(IP6_STAT_BADSCOPE); | | 556 | IP6_STATINC(IP6_STAT_BADSCOPE); |
562 | goto bad; | | 557 | goto bad; |
563 | } | | 558 | } |
564 | | | 559 | |
565 | IP6_STATINC(IP6_STAT_LOCALOUT); | | 560 | IP6_STATINC(IP6_STAT_LOCALOUT); |
566 | | | 561 | |
567 | /* | | 562 | /* |
568 | * Route packet. | | 563 | * Route packet. |
569 | */ | | 564 | */ |
570 | /* initialize cached route */ | | 565 | /* initialize cached route */ |
571 | if (ro == NULL) { | | 566 | if (ro == NULL) { |
572 | ro = &ip6route; | | 567 | ro = &ip6route; |
573 | } | | 568 | } |
574 | ro_pmtu = ro; | | 569 | ro_pmtu = ro; |
575 | if (opt && opt->ip6po_rthdr) | | 570 | if (opt && opt->ip6po_rthdr) |
576 | ro = &opt->ip6po_route; | | 571 | ro = &opt->ip6po_route; |
577 | | | 572 | |
578 | /* | | 573 | /* |
579 | * if specified, try to fill in the traffic class field. | | 574 | * if specified, try to fill in the traffic class field. |
580 | * do not override if a non-zero value is already set. | | 575 | * do not override if a non-zero value is already set. |
581 | * we check the diffserv field and the ecn field separately. | | 576 | * we check the diffserv field and the ecn field separately. |
582 | */ | | 577 | */ |
583 | if (opt && opt->ip6po_tclass >= 0) { | | 578 | if (opt && opt->ip6po_tclass >= 0) { |
584 | int mask = 0; | | 579 | int mask = 0; |
585 | | | 580 | |
586 | if ((ip6->ip6_flow & htonl(0xfc << 20)) == 0) | | 581 | if ((ip6->ip6_flow & htonl(0xfc << 20)) == 0) |
587 | mask |= 0xfc; | | 582 | mask |= 0xfc; |
588 | if ((ip6->ip6_flow & htonl(0x03 << 20)) == 0) | | 583 | if ((ip6->ip6_flow & htonl(0x03 << 20)) == 0) |
589 | mask |= 0x03; | | 584 | mask |= 0x03; |
590 | if (mask != 0) | | 585 | if (mask != 0) |
591 | ip6->ip6_flow |= htonl((opt->ip6po_tclass & mask) << 20); | | 586 | ip6->ip6_flow |= htonl((opt->ip6po_tclass & mask) << 20); |
592 | } | | 587 | } |
593 | | | 588 | |
594 | /* fill in or override the hop limit field, if necessary. */ | | 589 | /* fill in or override the hop limit field, if necessary. */ |
595 | if (opt && opt->ip6po_hlim != -1) | | 590 | if (opt && opt->ip6po_hlim != -1) |
596 | ip6->ip6_hlim = opt->ip6po_hlim & 0xff; | | 591 | ip6->ip6_hlim = opt->ip6po_hlim & 0xff; |
597 | else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { | | 592 | else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { |
598 | if (im6o != NULL) | | 593 | if (im6o != NULL) |
599 | ip6->ip6_hlim = im6o->im6o_multicast_hlim; | | 594 | ip6->ip6_hlim = im6o->im6o_multicast_hlim; |
600 | else | | 595 | else |
601 | ip6->ip6_hlim = ip6_defmcasthlim; | | 596 | ip6->ip6_hlim = ip6_defmcasthlim; |
602 | } | | 597 | } |
603 | | | 598 | |
604 | #ifdef IPSEC | | 599 | #ifdef IPSEC |
605 | if (needipsec && needipsectun) { | | 600 | if (needipsec && needipsectun) { |
606 | struct ipsec_output_state state; | | 601 | struct ipsec_output_state state; |
607 | | | 602 | |
608 | /* | | 603 | /* |
609 | * All the extension headers will become inaccessible | | 604 | * All the extension headers will become inaccessible |
610 | * (since they can be encrypted). | | 605 | * (since they can be encrypted). |
611 | * Don't panic, we need no more updates to extension headers | | 606 | * Don't panic, we need no more updates to extension headers |
612 | * on inner IPv6 packet (since they are now encapsulated). | | 607 | * on inner IPv6 packet (since they are now encapsulated). |
613 | * | | 608 | * |
614 | * IPv6 [ESP|AH] IPv6 [extension headers] payload | | 609 | * IPv6 [ESP|AH] IPv6 [extension headers] payload |
615 | */ | | 610 | */ |
616 | memset(&exthdrs, 0, sizeof(exthdrs)); | | 611 | memset(&exthdrs, 0, sizeof(exthdrs)); |
617 | exthdrs.ip6e_ip6 = m; | | 612 | exthdrs.ip6e_ip6 = m; |
618 | | | 613 | |
619 | memset(&state, 0, sizeof(state)); | | 614 | memset(&state, 0, sizeof(state)); |
620 | state.m = m; | | 615 | state.m = m; |
621 | state.ro = ro; | | 616 | state.ro = ro; |
622 | state.dst = rtcache_getdst(ro); | | 617 | state.dst = rtcache_getdst(ro); |
623 | | | 618 | |
624 | error = ipsec6_output_tunnel(&state, sp, flags); | | 619 | error = ipsec6_output_tunnel(&state, sp, flags); |
625 | | | 620 | |
626 | m = state.m; | | 621 | m = state.m; |
627 | ro_pmtu = ro = state.ro; | | 622 | ro_pmtu = ro = state.ro; |
628 | dst = satocsin6(state.dst); | | 623 | dst = satocsin6(state.dst); |
629 | if (error) { | | 624 | if (error) { |
630 | /* mbuf is already reclaimed in ipsec6_output_tunnel. */ | | 625 | /* mbuf is already reclaimed in ipsec6_output_tunnel. */ |
631 | m0 = m = NULL; | | 626 | m0 = m = NULL; |
632 | m = NULL; | | 627 | m = NULL; |
633 | switch (error) { | | 628 | switch (error) { |
634 | case EHOSTUNREACH: | | 629 | case EHOSTUNREACH: |
635 | case ENETUNREACH: | | 630 | case ENETUNREACH: |
636 | case EMSGSIZE: | | 631 | case EMSGSIZE: |
637 | case ENOBUFS: | | 632 | case ENOBUFS: |
638 | case ENOMEM: | | 633 | case ENOMEM: |
639 | break; | | 634 | break; |
640 | default: | | 635 | default: |
641 | printf("ip6_output (ipsec): error code %d\n", error); | | 636 | printf("ip6_output (ipsec): error code %d\n", error); |
642 | /* FALLTHROUGH */ | | 637 | /* FALLTHROUGH */ |
643 | case ENOENT: | | 638 | case ENOENT: |
644 | /* don't show these error codes to the user */ | | 639 | /* don't show these error codes to the user */ |
645 | error = 0; | | 640 | error = 0; |
646 | break; | | 641 | break; |
647 | } | | 642 | } |
648 | goto bad; | | 643 | goto bad; |
649 | } | | 644 | } |
650 | | | 645 | |
651 | exthdrs.ip6e_ip6 = m; | | 646 | exthdrs.ip6e_ip6 = m; |
652 | } | | 647 | } |
653 | #endif /* IPSEC */ | | 648 | #endif /* IPSEC */ |
654 | #ifdef FAST_IPSEC | | 649 | #ifdef FAST_IPSEC |
655 | if (needipsec) { | | 650 | if (needipsec) { |
656 | s = splsoftnet(); | | 651 | s = splsoftnet(); |
657 | error = ipsec6_process_packet(m,sp->req); | | 652 | error = ipsec6_process_packet(m,sp->req); |
658 | | | 653 | |
659 | /* | | 654 | /* |
660 | * Preserve KAME behaviour: ENOENT can be returned | | 655 | * Preserve KAME behaviour: ENOENT can be returned |
661 | * when an SA acquire is in progress. Don't propagate | | 656 | * when an SA acquire is in progress. Don't propagate |
662 | * this to user-level; it confuses applications. | | 657 | * this to user-level; it confuses applications. |
663 | * XXX this will go away when the SADB is redone. | | 658 | * XXX this will go away when the SADB is redone. |
664 | */ | | 659 | */ |
665 | if (error == ENOENT) | | 660 | if (error == ENOENT) |
666 | error = 0; | | 661 | error = 0; |
667 | splx(s); | | 662 | splx(s); |
668 | goto done; | | 663 | goto done; |
669 | } | | 664 | } |
670 | #endif /* FAST_IPSEC */ | | 665 | #endif /* FAST_IPSEC */ |
671 | | | 666 | |
672 | | | 667 | |
673 | | | 668 | |
674 | /* adjust pointer */ | | 669 | /* adjust pointer */ |
675 | ip6 = mtod(m, struct ip6_hdr *); | | 670 | ip6 = mtod(m, struct ip6_hdr *); |
676 | | | 671 | |
677 | sockaddr_in6_init(&dst_sa, &ip6->ip6_dst, 0, 0, 0); | | 672 | sockaddr_in6_init(&dst_sa, &ip6->ip6_dst, 0, 0, 0); |
678 | if ((error = in6_selectroute(&dst_sa, opt, im6o, ro, | | 673 | if ((error = in6_selectroute(&dst_sa, opt, im6o, ro, |
679 | &ifp, &rt, 0)) != 0) { | | 674 | &ifp, &rt, 0)) != 0) { |
680 | if (ifp != NULL) | | 675 | if (ifp != NULL) |
681 | in6_ifstat_inc(ifp, ifs6_out_discard); | | 676 | in6_ifstat_inc(ifp, ifs6_out_discard); |
682 | goto bad; | | 677 | goto bad; |
683 | } | | 678 | } |
684 | if (rt == NULL) { | | 679 | if (rt == NULL) { |
685 | /* | | 680 | /* |
686 | * If in6_selectroute() does not return a route entry, | | 681 | * If in6_selectroute() does not return a route entry, |
687 | * dst may not have been updated. | | 682 | * dst may not have been updated. |
688 | */ | | 683 | */ |
689 | rtcache_setdst(ro, sin6tosa(&dst_sa)); | | 684 | rtcache_setdst(ro, sin6tosa(&dst_sa)); |
690 | } | | 685 | } |
691 | | | 686 | |
692 | /* | | 687 | /* |
693 | * then rt (for unicast) and ifp must be non-NULL valid values. | | 688 | * then rt (for unicast) and ifp must be non-NULL valid values. |
694 | */ | | 689 | */ |
695 | if ((flags & IPV6_FORWARDING) == 0) { | | 690 | if ((flags & IPV6_FORWARDING) == 0) { |
696 | /* XXX: the FORWARDING flag can be set for mrouting. */ | | 691 | /* XXX: the FORWARDING flag can be set for mrouting. */ |
697 | in6_ifstat_inc(ifp, ifs6_out_request); | | 692 | in6_ifstat_inc(ifp, ifs6_out_request); |
698 | } | | 693 | } |
699 | if (rt != NULL) { | | 694 | if (rt != NULL) { |
700 | ia = (struct in6_ifaddr *)(rt->rt_ifa); | | 695 | ia = (struct in6_ifaddr *)(rt->rt_ifa); |
701 | rt->rt_use++; | | 696 | rt->rt_use++; |
702 | } | | 697 | } |
703 | | | 698 | |
704 | /* | | 699 | /* |
705 | * The outgoing interface must be in the zone of source and | | 700 | * The outgoing interface must be in the zone of source and |
706 | * destination addresses. We should use ia_ifp to support the | | 701 | * destination addresses. We should use ia_ifp to support the |
707 | * case of sending packets to an address of our own. | | 702 | * case of sending packets to an address of our own. |
708 | */ | | 703 | */ |
709 | if (ia != NULL && ia->ia_ifp) | | 704 | if (ia != NULL && ia->ia_ifp) |
710 | origifp = ia->ia_ifp; | | 705 | origifp = ia->ia_ifp; |
711 | else | | 706 | else |
712 | origifp = ifp; | | 707 | origifp = ifp; |
713 | | | 708 | |
714 | src0 = ip6->ip6_src; | | 709 | src0 = ip6->ip6_src; |
715 | if (in6_setscope(&src0, origifp, &zone)) | | 710 | if (in6_setscope(&src0, origifp, &zone)) |
716 | goto badscope; | | 711 | goto badscope; |
717 | sockaddr_in6_init(&src_sa, &ip6->ip6_src, 0, 0, 0); | | 712 | sockaddr_in6_init(&src_sa, &ip6->ip6_src, 0, 0, 0); |
718 | if (sa6_recoverscope(&src_sa) || zone != src_sa.sin6_scope_id) | | 713 | if (sa6_recoverscope(&src_sa) || zone != src_sa.sin6_scope_id) |
719 | goto badscope; | | 714 | goto badscope; |
720 | | | 715 | |
721 | dst0 = ip6->ip6_dst; | | 716 | dst0 = ip6->ip6_dst; |
722 | if (in6_setscope(&dst0, origifp, &zone)) | | 717 | if (in6_setscope(&dst0, origifp, &zone)) |
723 | goto badscope; | | 718 | goto badscope; |
724 | /* re-initialize to be sure */ | | 719 | /* re-initialize to be sure */ |
725 | sockaddr_in6_init(&dst_sa, &ip6->ip6_dst, 0, 0, 0); | | 720 | sockaddr_in6_init(&dst_sa, &ip6->ip6_dst, 0, 0, 0); |
726 | if (sa6_recoverscope(&dst_sa) || zone != dst_sa.sin6_scope_id) | | 721 | if (sa6_recoverscope(&dst_sa) || zone != dst_sa.sin6_scope_id) |
727 | goto badscope; | | 722 | goto badscope; |
728 | | | 723 | |
729 | /* scope check is done. */ | | 724 | /* scope check is done. */ |
730 | | | 725 | |
731 | if (rt == NULL || IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { | | 726 | if (rt == NULL || IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { |
732 | if (dst == NULL) | | 727 | if (dst == NULL) |
733 | dst = satocsin6(rtcache_getdst(ro)); | | 728 | dst = satocsin6(rtcache_getdst(ro)); |
734 | KASSERT(dst != NULL); | | 729 | KASSERT(dst != NULL); |
735 | } else if (opt && rtcache_validate(&opt->ip6po_nextroute) != NULL) { | | 730 | } else if (opt && rtcache_validate(&opt->ip6po_nextroute) != NULL) { |
736 | /* | | 731 | /* |
737 | * The nexthop is explicitly specified by the | | 732 | * The nexthop is explicitly specified by the |
738 | * application. We assume the next hop is an IPv6 | | 733 | * application. We assume the next hop is an IPv6 |
739 | * address. | | 734 | * address. |
740 | */ | | 735 | */ |
741 | dst = (struct sockaddr_in6 *)opt->ip6po_nexthop; | | 736 | dst = (struct sockaddr_in6 *)opt->ip6po_nexthop; |
742 | } else if ((rt->rt_flags & RTF_GATEWAY)) | | 737 | } else if ((rt->rt_flags & RTF_GATEWAY)) |
743 | dst = (struct sockaddr_in6 *)rt->rt_gateway; | | 738 | dst = (struct sockaddr_in6 *)rt->rt_gateway; |
744 | else if (dst == NULL) | | 739 | else if (dst == NULL) |
745 | dst = satocsin6(rtcache_getdst(ro)); | | 740 | dst = satocsin6(rtcache_getdst(ro)); |
746 | | | 741 | |
747 | /* | | 742 | /* |
748 | * XXXXXX: original code follows: | | 743 | * XXXXXX: original code follows: |
749 | */ | | 744 | */ |
750 | if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) | | 745 | if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) |
751 | m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */ | | 746 | m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */ |
752 | else { | | 747 | else { |
753 | struct in6_multi *in6m; | | 748 | struct in6_multi *in6m; |
754 | | | 749 | |
755 | m->m_flags = (m->m_flags & ~M_BCAST) | M_MCAST; | | 750 | m->m_flags = (m->m_flags & ~M_BCAST) | M_MCAST; |
756 | | | 751 | |
757 | in6_ifstat_inc(ifp, ifs6_out_mcast); | | 752 | in6_ifstat_inc(ifp, ifs6_out_mcast); |
758 | | | 753 | |
759 | /* | | 754 | /* |
760 | * Confirm that the outgoing interface supports multicast. | | 755 | * Confirm that the outgoing interface supports multicast. |
761 | */ | | 756 | */ |
762 | if (!(ifp->if_flags & IFF_MULTICAST)) { | | 757 | if (!(ifp->if_flags & IFF_MULTICAST)) { |
763 | IP6_STATINC(IP6_STAT_NOROUTE); | | 758 | IP6_STATINC(IP6_STAT_NOROUTE); |
764 | in6_ifstat_inc(ifp, ifs6_out_discard); | | 759 | in6_ifstat_inc(ifp, ifs6_out_discard); |
765 | error = ENETUNREACH; | | 760 | error = ENETUNREACH; |
766 | goto bad; | | 761 | goto bad; |
767 | } | | 762 | } |
768 | | | 763 | |
769 | IN6_LOOKUP_MULTI(ip6->ip6_dst, ifp, in6m); | | 764 | IN6_LOOKUP_MULTI(ip6->ip6_dst, ifp, in6m); |
770 | if (in6m != NULL && | | 765 | if (in6m != NULL && |
771 | (im6o == NULL || im6o->im6o_multicast_loop)) { | | 766 | (im6o == NULL || im6o->im6o_multicast_loop)) { |
772 | /* | | 767 | /* |
773 | * If we belong to the destination multicast group | | 768 | * If we belong to the destination multicast group |
774 | * on the outgoing interface, and the caller did not | | 769 | * on the outgoing interface, and the caller did not |
775 | * forbid loopback, loop back a copy. | | 770 | * forbid loopback, loop back a copy. |
776 | */ | | 771 | */ |
777 | KASSERT(dst != NULL); | | 772 | KASSERT(dst != NULL); |
778 | ip6_mloopback(ifp, m, dst); | | 773 | ip6_mloopback(ifp, m, dst); |
779 | } else { | | 774 | } else { |
780 | /* | | 775 | /* |
781 | * If we are acting as a multicast router, perform | | 776 | * If we are acting as a multicast router, perform |
782 | * multicast forwarding as if the packet had just | | 777 | * multicast forwarding as if the packet had just |
783 | * arrived on the interface to which we are about | | 778 | * arrived on the interface to which we are about |
784 | * to send. The multicast forwarding function | | 779 | * to send. The multicast forwarding function |
785 | * recursively calls this function, using the | | 780 | * recursively calls this function, using the |
786 | * IPV6_FORWARDING flag to prevent infinite recursion. | | 781 | * IPV6_FORWARDING flag to prevent infinite recursion. |
787 | * | | 782 | * |
788 | * Multicasts that are looped back by ip6_mloopback(), | | 783 | * Multicasts that are looped back by ip6_mloopback(), |
789 | * above, will be forwarded by the ip6_input() routine, | | 784 | * above, will be forwarded by the ip6_input() routine, |
790 | * if necessary. | | 785 | * if necessary. |
791 | */ | | 786 | */ |
792 | if (ip6_mrouter && (flags & IPV6_FORWARDING) == 0) { | | 787 | if (ip6_mrouter && (flags & IPV6_FORWARDING) == 0) { |
793 | if (ip6_mforward(ip6, ifp, m) != 0) { | | 788 | if (ip6_mforward(ip6, ifp, m) != 0) { |
794 | m_freem(m); | | 789 | m_freem(m); |
795 | goto done; | | 790 | goto done; |
796 | } | | 791 | } |
797 | } | | 792 | } |
798 | } | | 793 | } |
799 | /* | | 794 | /* |
800 | * Multicasts with a hoplimit of zero may be looped back, | | 795 | * Multicasts with a hoplimit of zero may be looped back, |
801 | * above, but must not be transmitted on a network. | | 796 | * above, but must not be transmitted on a network. |
802 | * Also, multicasts addressed to the loopback interface | | 797 | * Also, multicasts addressed to the loopback interface |
803 | * are not sent -- the above call to ip6_mloopback() will | | 798 | * are not sent -- the above call to ip6_mloopback() will |
804 | * loop back a copy if this host actually belongs to the | | 799 | * loop back a copy if this host actually belongs to the |
805 | * destination group on the loopback interface. | | 800 | * destination group on the loopback interface. |
806 | */ | | 801 | */ |
807 | if (ip6->ip6_hlim == 0 || (ifp->if_flags & IFF_LOOPBACK) || | | 802 | if (ip6->ip6_hlim == 0 || (ifp->if_flags & IFF_LOOPBACK) || |
808 | IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst)) { | | 803 | IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst)) { |
809 | m_freem(m); | | 804 | m_freem(m); |
810 | goto done; | | 805 | goto done; |
811 | } | | 806 | } |
812 | } | | 807 | } |
813 | | | 808 | |
814 | /* | | 809 | /* |
815 | * Fill the outgoing inteface to tell the upper layer | | 810 | * Fill the outgoing inteface to tell the upper layer |
816 | * to increment per-interface statistics. | | 811 | * to increment per-interface statistics. |
817 | */ | | 812 | */ |
818 | if (ifpp) | | 813 | if (ifpp) |
819 | *ifpp = ifp; | | 814 | *ifpp = ifp; |
820 | | | 815 | |
821 | /* Determine path MTU. */ | | 816 | /* Determine path MTU. */ |
822 | if ((error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, &mtu, | | 817 | if ((error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, &mtu, |
823 | &alwaysfrag)) != 0) | | 818 | &alwaysfrag)) != 0) |
824 | goto bad; | | 819 | goto bad; |
825 | #ifdef IPSEC | | 820 | #ifdef IPSEC |
826 | if (needipsectun) | | 821 | if (needipsectun) |
827 | mtu = IPV6_MMTU; | | 822 | mtu = IPV6_MMTU; |
828 | #endif | | 823 | #endif |
829 | | | 824 | |
830 | /* | | 825 | /* |
831 | * The caller of this function may specify to use the minimum MTU | | 826 | * The caller of this function may specify to use the minimum MTU |
832 | * in some cases. | | 827 | * in some cases. |
833 | * An advanced API option (IPV6_USE_MIN_MTU) can also override MTU | | 828 | * An advanced API option (IPV6_USE_MIN_MTU) can also override MTU |
834 | * setting. The logic is a bit complicated; by default, unicast | | 829 | * setting. The logic is a bit complicated; by default, unicast |
835 | * packets will follow path MTU while multicast packets will be sent at | | 830 | * packets will follow path MTU while multicast packets will be sent at |
836 | * the minimum MTU. If IP6PO_MINMTU_ALL is specified, all packets | | 831 | * the minimum MTU. If IP6PO_MINMTU_ALL is specified, all packets |
837 | * including unicast ones will be sent at the minimum MTU. Multicast | | 832 | * including unicast ones will be sent at the minimum MTU. Multicast |
838 | * packets will always be sent at the minimum MTU unless | | 833 | * packets will always be sent at the minimum MTU unless |
839 | * IP6PO_MINMTU_DISABLE is explicitly specified. | | 834 | * IP6PO_MINMTU_DISABLE is explicitly specified. |
840 | * See RFC 3542 for more details. | | 835 | * See RFC 3542 for more details. |
841 | */ | | 836 | */ |
842 | if (mtu > IPV6_MMTU) { | | 837 | if (mtu > IPV6_MMTU) { |
843 | if ((flags & IPV6_MINMTU)) | | 838 | if ((flags & IPV6_MINMTU)) |
844 | mtu = IPV6_MMTU; | | 839 | mtu = IPV6_MMTU; |
845 | else if (opt && opt->ip6po_minmtu == IP6PO_MINMTU_ALL) | | 840 | else if (opt && opt->ip6po_minmtu == IP6PO_MINMTU_ALL) |
846 | mtu = IPV6_MMTU; | | 841 | mtu = IPV6_MMTU; |
847 | else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) && | | 842 | else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) && |
848 | (opt == NULL || | | 843 | (opt == NULL || |
849 | opt->ip6po_minmtu != IP6PO_MINMTU_DISABLE)) { | | 844 | opt->ip6po_minmtu != IP6PO_MINMTU_DISABLE)) { |
850 | mtu = IPV6_MMTU; | | 845 | mtu = IPV6_MMTU; |
851 | } | | 846 | } |
852 | } | | 847 | } |
853 | | | 848 | |
854 | /* | | 849 | /* |
855 | * clear embedded scope identifiers if necessary. | | 850 | * clear embedded scope identifiers if necessary. |
856 | * in6_clearscope will touch the addresses only when necessary. | | 851 | * in6_clearscope will touch the addresses only when necessary. |
857 | */ | | 852 | */ |
858 | in6_clearscope(&ip6->ip6_src); | | 853 | in6_clearscope(&ip6->ip6_src); |
859 | in6_clearscope(&ip6->ip6_dst); | | 854 | in6_clearscope(&ip6->ip6_dst); |
860 | | | 855 | |
861 | /* | | 856 | /* |
862 | * If the outgoing packet contains a hop-by-hop options header, | | 857 | * If the outgoing packet contains a hop-by-hop options header, |
863 | * it must be examined and processed even by the source node. | | 858 | * it must be examined and processed even by the source node. |
864 | * (RFC 2460, section 4.) | | 859 | * (RFC 2460, section 4.) |
865 | */ | | 860 | */ |
866 | if (exthdrs.ip6e_hbh) { | | 861 | if (exthdrs.ip6e_hbh) { |
867 | struct ip6_hbh *hbh = mtod(exthdrs.ip6e_hbh, struct ip6_hbh *); | | 862 | struct ip6_hbh *hbh = mtod(exthdrs.ip6e_hbh, struct ip6_hbh *); |
868 | u_int32_t dummy1; /* XXX unused */ | | 863 | u_int32_t dummy1; /* XXX unused */ |
869 | u_int32_t dummy2; /* XXX unused */ | | 864 | u_int32_t dummy2; /* XXX unused */ |
870 | | | 865 | |
871 | /* | | 866 | /* |
872 | * XXX: if we have to send an ICMPv6 error to the sender, | | 867 | * XXX: if we have to send an ICMPv6 error to the sender, |
873 | * we need the M_LOOP flag since icmp6_error() expects | | 868 | * we need the M_LOOP flag since icmp6_error() expects |
874 | * the IPv6 and the hop-by-hop options header are | | 869 | * the IPv6 and the hop-by-hop options header are |
875 | * continuous unless the flag is set. | | 870 | * continuous unless the flag is set. |
876 | */ | | 871 | */ |
877 | m->m_flags |= M_LOOP; | | 872 | m->m_flags |= M_LOOP; |
878 | m->m_pkthdr.rcvif = ifp; | | 873 | m->m_pkthdr.rcvif = ifp; |
879 | if (ip6_process_hopopts(m, (u_int8_t *)(hbh + 1), | | 874 | if (ip6_process_hopopts(m, (u_int8_t *)(hbh + 1), |
880 | ((hbh->ip6h_len + 1) << 3) - sizeof(struct ip6_hbh), | | 875 | ((hbh->ip6h_len + 1) << 3) - sizeof(struct ip6_hbh), |
881 | &dummy1, &dummy2) < 0) { | | 876 | &dummy1, &dummy2) < 0) { |
882 | /* m was already freed at this point */ | | 877 | /* m was already freed at this point */ |
883 | error = EINVAL;/* better error? */ | | 878 | error = EINVAL;/* better error? */ |
884 | goto done; | | 879 | goto done; |
885 | } | | 880 | } |
886 | m->m_flags &= ~M_LOOP; /* XXX */ | | 881 | m->m_flags &= ~M_LOOP; /* XXX */ |
887 | m->m_pkthdr.rcvif = NULL; | | 882 | m->m_pkthdr.rcvif = NULL; |
888 | } | | 883 | } |
889 | | | 884 | |
890 | #ifdef PFIL_HOOKS | | 885 | #ifdef PFIL_HOOKS |
891 | /* | | 886 | /* |
892 | * Run through list of hooks for output packets. | | 887 | * Run through list of hooks for output packets. |
893 | */ | | 888 | */ |
894 | if ((error = pfil_run_hooks(&inet6_pfil_hook, &m, ifp, PFIL_OUT)) != 0) | | 889 | if ((error = pfil_run_hooks(&inet6_pfil_hook, &m, ifp, PFIL_OUT)) != 0) |
895 | goto done; | | 890 | goto done; |
896 | if (m == NULL) | | 891 | if (m == NULL) |
897 | goto done; | | 892 | goto done; |
898 | ip6 = mtod(m, struct ip6_hdr *); | | 893 | ip6 = mtod(m, struct ip6_hdr *); |
899 | #endif /* PFIL_HOOKS */ | | 894 | #endif /* PFIL_HOOKS */ |
900 | /* | | 895 | /* |
901 | * Send the packet to the outgoing interface. | | 896 | * Send the packet to the outgoing interface. |
902 | * If necessary, do IPv6 fragmentation before sending. | | 897 | * If necessary, do IPv6 fragmentation before sending. |
903 | * | | 898 | * |
904 | * the logic here is rather complex: | | 899 | * the logic here is rather complex: |
905 | * 1: normal case (dontfrag == 0, alwaysfrag == 0) | | 900 | * 1: normal case (dontfrag == 0, alwaysfrag == 0) |
906 | * 1-a: send as is if tlen <= path mtu | | 901 | * 1-a: send as is if tlen <= path mtu |
907 | * 1-b: fragment if tlen > path mtu | | 902 | * 1-b: fragment if tlen > path mtu |
908 | * | | 903 | * |
909 | * 2: if user asks us not to fragment (dontfrag == 1) | | 904 | * 2: if user asks us not to fragment (dontfrag == 1) |
910 | * 2-a: send as is if tlen <= interface mtu | | 905 | * 2-a: send as is if tlen <= interface mtu |
911 | * 2-b: error if tlen > interface mtu | | 906 | * 2-b: error if tlen > interface mtu |
912 | * | | 907 | * |
913 | * 3: if we always need to attach fragment header (alwaysfrag == 1) | | 908 | * 3: if we always need to attach fragment header (alwaysfrag == 1) |
914 | * always fragment | | 909 | * always fragment |
915 | * | | 910 | * |
916 | * 4: if dontfrag == 1 && alwaysfrag == 1 | | 911 | * 4: if dontfrag == 1 && alwaysfrag == 1 |
917 | * error, as we cannot handle this conflicting request | | 912 | * error, as we cannot handle this conflicting request |
918 | */ | | 913 | */ |
919 | tlen = m->m_pkthdr.len; | | 914 | tlen = m->m_pkthdr.len; |
920 | tso = (m->m_pkthdr.csum_flags & M_CSUM_TSOv6) != 0; | | 915 | tso = (m->m_pkthdr.csum_flags & M_CSUM_TSOv6) != 0; |
921 | if (opt && (opt->ip6po_flags & IP6PO_DONTFRAG)) | | 916 | if (opt && (opt->ip6po_flags & IP6PO_DONTFRAG)) |
922 | dontfrag = 1; | | 917 | dontfrag = 1; |
923 | else | | 918 | else |
924 | dontfrag = 0; | | 919 | dontfrag = 0; |
925 | | | 920 | |
926 | if (dontfrag && alwaysfrag) { /* case 4 */ | | 921 | if (dontfrag && alwaysfrag) { /* case 4 */ |
927 | /* conflicting request - can't transmit */ | | 922 | /* conflicting request - can't transmit */ |
928 | error = EMSGSIZE; | | 923 | error = EMSGSIZE; |
929 | goto bad; | | 924 | goto bad; |
930 | } | | 925 | } |
931 | if (dontfrag && (!tso && tlen > IN6_LINKMTU(ifp))) { /* case 2-b */ | | 926 | if (dontfrag && (!tso && tlen > IN6_LINKMTU(ifp))) { /* case 2-b */ |
932 | /* | | 927 | /* |
933 | * Even if the DONTFRAG option is specified, we cannot send the | | 928 | * Even if the DONTFRAG option is specified, we cannot send the |
934 | * packet when the data length is larger than the MTU of the | | 929 | * packet when the data length is larger than the MTU of the |
935 | * outgoing interface. | | 930 | * outgoing interface. |
936 | * Notify the error by sending IPV6_PATHMTU ancillary data as | | 931 | * Notify the error by sending IPV6_PATHMTU ancillary data as |
937 | * well as returning an error code (the latter is not described | | 932 | * well as returning an error code (the latter is not described |
938 | * in the API spec.) | | 933 | * in the API spec.) |
939 | */ | | 934 | */ |
940 | u_int32_t mtu32; | | 935 | u_int32_t mtu32; |
941 | struct ip6ctlparam ip6cp; | | 936 | struct ip6ctlparam ip6cp; |
942 | | | 937 | |
943 | mtu32 = (u_int32_t)mtu; | | 938 | mtu32 = (u_int32_t)mtu; |
944 | memset(&ip6cp, 0, sizeof(ip6cp)); | | 939 | memset(&ip6cp, 0, sizeof(ip6cp)); |
945 | ip6cp.ip6c_cmdarg = (void *)&mtu32; | | 940 | ip6cp.ip6c_cmdarg = (void *)&mtu32; |
946 | pfctlinput2(PRC_MSGSIZE, | | 941 | pfctlinput2(PRC_MSGSIZE, |
947 | rtcache_getdst(ro_pmtu), &ip6cp); | | 942 | rtcache_getdst(ro_pmtu), &ip6cp); |
948 | | | 943 | |
949 | error = EMSGSIZE; | | 944 | error = EMSGSIZE; |
950 | goto bad; | | 945 | goto bad; |
951 | } | | 946 | } |
952 | | | 947 | |
953 | /* | | 948 | /* |
954 | * transmit packet without fragmentation | | 949 | * transmit packet without fragmentation |
955 | */ | | 950 | */ |
956 | if (dontfrag || (!alwaysfrag && (tlen <= mtu || tso))) { | | 951 | if (dontfrag || (!alwaysfrag && (tlen <= mtu || tso))) { |
957 | /* case 1-a and 2-a */ | | 952 | /* case 1-a and 2-a */ |
958 | struct in6_ifaddr *ia6; | | 953 | struct in6_ifaddr *ia6; |
959 | int sw_csum; | | 954 | int sw_csum; |
960 | | | 955 | |
961 | ip6 = mtod(m, struct ip6_hdr *); | | 956 | ip6 = mtod(m, struct ip6_hdr *); |
962 | ia6 = in6_ifawithifp(ifp, &ip6->ip6_src); | | 957 | ia6 = in6_ifawithifp(ifp, &ip6->ip6_src); |
963 | if (ia6) { | | 958 | if (ia6) { |
964 | /* Record statistics for this interface address. */ | | 959 | /* Record statistics for this interface address. */ |
965 | ia6->ia_ifa.ifa_data.ifad_outbytes += m->m_pkthdr.len; | | 960 | ia6->ia_ifa.ifa_data.ifad_outbytes += m->m_pkthdr.len; |
966 | } | | 961 | } |
967 | #ifdef IPSEC | | 962 | #ifdef IPSEC |
968 | /* clean ipsec history once it goes out of the node */ | | 963 | /* clean ipsec history once it goes out of the node */ |
969 | ipsec_delaux(m); | | 964 | ipsec_delaux(m); |
970 | #endif | | 965 | #endif |
971 | | | 966 | |
972 | sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_csum_flags_tx; | | 967 | sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_csum_flags_tx; |
973 | if ((sw_csum & (M_CSUM_UDPv6|M_CSUM_TCPv6)) != 0) { | | 968 | if ((sw_csum & (M_CSUM_UDPv6|M_CSUM_TCPv6)) != 0) { |
974 | if (IN6_NEED_CHECKSUM(ifp, | | 969 | if (IN6_NEED_CHECKSUM(ifp, |
975 | sw_csum & (M_CSUM_UDPv6|M_CSUM_TCPv6))) { | | 970 | sw_csum & (M_CSUM_UDPv6|M_CSUM_TCPv6))) { |
976 | in6_delayed_cksum(m); | | 971 | in6_delayed_cksum(m); |
977 | } | | 972 | } |
978 | m->m_pkthdr.csum_flags &= ~(M_CSUM_UDPv6|M_CSUM_TCPv6); | | 973 | m->m_pkthdr.csum_flags &= ~(M_CSUM_UDPv6|M_CSUM_TCPv6); |
979 | } | | 974 | } |
980 | | | 975 | |
981 | KASSERT(dst != NULL); | | 976 | KASSERT(dst != NULL); |
982 | if (__predict_true(!tso || | | 977 | if (__predict_true(!tso || |
983 | (ifp->if_capenable & IFCAP_TSOv6) != 0)) { | | 978 | (ifp->if_capenable & IFCAP_TSOv6) != 0)) { |
984 | error = nd6_output(ifp, origifp, m, dst, rt); | | 979 | error = nd6_output(ifp, origifp, m, dst, rt); |
985 | } else { | | 980 | } else { |
986 | error = ip6_tso_output(ifp, origifp, m, dst, rt); | | 981 | error = ip6_tso_output(ifp, origifp, m, dst, rt); |
987 | } | | 982 | } |
988 | goto done; | | 983 | goto done; |
989 | } | | 984 | } |
990 | | | 985 | |
991 | if (tso) { | | 986 | if (tso) { |
992 | error = EINVAL; /* XXX */ | | 987 | error = EINVAL; /* XXX */ |
993 | goto bad; | | 988 | goto bad; |
994 | } | | 989 | } |
995 | | | 990 | |
996 | /* | | 991 | /* |
997 | * try to fragment the packet. case 1-b and 3 | | 992 | * try to fragment the packet. case 1-b and 3 |
998 | */ | | 993 | */ |
999 | if (mtu < IPV6_MMTU) { | | 994 | if (mtu < IPV6_MMTU) { |
1000 | /* path MTU cannot be less than IPV6_MMTU */ | | 995 | /* path MTU cannot be less than IPV6_MMTU */ |
1001 | error = EMSGSIZE; | | 996 | error = EMSGSIZE; |
1002 | in6_ifstat_inc(ifp, ifs6_out_fragfail); | | 997 | in6_ifstat_inc(ifp, ifs6_out_fragfail); |
1003 | goto bad; | | 998 | goto bad; |
1004 | } else if (ip6->ip6_plen == 0) { | | 999 | } else if (ip6->ip6_plen == 0) { |
1005 | /* jumbo payload cannot be fragmented */ | | 1000 | /* jumbo payload cannot be fragmented */ |
1006 | error = EMSGSIZE; | | 1001 | error = EMSGSIZE; |
1007 | in6_ifstat_inc(ifp, ifs6_out_fragfail); | | 1002 | in6_ifstat_inc(ifp, ifs6_out_fragfail); |
1008 | goto bad; | | 1003 | goto bad; |
1009 | } else { | | 1004 | } else { |
1010 | struct mbuf **mnext, *m_frgpart; | | 1005 | struct mbuf **mnext, *m_frgpart; |
1011 | struct ip6_frag *ip6f; | | 1006 | struct ip6_frag *ip6f; |
1012 | u_int32_t id = htonl(ip6_randomid()); | | 1007 | u_int32_t id = htonl(ip6_randomid()); |
1013 | u_char nextproto; | | 1008 | u_char nextproto; |
1014 | #if 0 /* see below */ | | 1009 | #if 0 /* see below */ |
1015 | struct ip6ctlparam ip6cp; | | 1010 | struct ip6ctlparam ip6cp; |
1016 | u_int32_t mtu32; | | 1011 | u_int32_t mtu32; |
1017 | #endif | | 1012 | #endif |
1018 | | | 1013 | |
1019 | /* | | 1014 | /* |
1020 | * Too large for the destination or interface; | | 1015 | * Too large for the destination or interface; |
1021 | * fragment if possible. | | 1016 | * fragment if possible. |
1022 | * Must be able to put at least 8 bytes per fragment. | | 1017 | * Must be able to put at least 8 bytes per fragment. |
1023 | */ | | 1018 | */ |
1024 | hlen = unfragpartlen; | | 1019 | hlen = unfragpartlen; |
1025 | if (mtu > IPV6_MAXPACKET) | | 1020 | if (mtu > IPV6_MAXPACKET) |
1026 | mtu = IPV6_MAXPACKET; | | 1021 | mtu = IPV6_MAXPACKET; |
1027 | | | 1022 | |
1028 | #if 0 | | 1023 | #if 0 |
1029 | /* | | 1024 | /* |
1030 | * It is believed this code is a leftover from the | | 1025 | * It is believed this code is a leftover from the |
1031 | * development of the IPV6_RECVPATHMTU sockopt and | | 1026 | * development of the IPV6_RECVPATHMTU sockopt and |
1032 | * associated work to implement RFC3542. | | 1027 | * associated work to implement RFC3542. |
1033 | * It's not entirely clear what the intent of the API | | 1028 | * It's not entirely clear what the intent of the API |
1034 | * is at this point, so disable this code for now. | | 1029 | * is at this point, so disable this code for now. |
1035 | * The IPV6_RECVPATHMTU sockopt and/or IPV6_DONTFRAG | | 1030 | * The IPV6_RECVPATHMTU sockopt and/or IPV6_DONTFRAG |
1036 | * will send notifications if the application requests. | | 1031 | * will send notifications if the application requests. |
1037 | */ | | 1032 | */ |
1038 | | | 1033 | |
1039 | /* Notify a proper path MTU to applications. */ | | 1034 | /* Notify a proper path MTU to applications. */ |
1040 | mtu32 = (u_int32_t)mtu; | | 1035 | mtu32 = (u_int32_t)mtu; |
1041 | memset(&ip6cp, 0, sizeof(ip6cp)); | | 1036 | memset(&ip6cp, 0, sizeof(ip6cp)); |
1042 | ip6cp.ip6c_cmdarg = (void *)&mtu32; | | 1037 | ip6cp.ip6c_cmdarg = (void *)&mtu32; |
1043 | pfctlinput2(PRC_MSGSIZE, | | 1038 | pfctlinput2(PRC_MSGSIZE, |
1044 | rtcache_getdst(ro_pmtu), &ip6cp); | | 1039 | rtcache_getdst(ro_pmtu), &ip6cp); |
1045 | #endif | | 1040 | #endif |
1046 | | | 1041 | |
1047 | len = (mtu - hlen - sizeof(struct ip6_frag)) & ~7; | | 1042 | len = (mtu - hlen - sizeof(struct ip6_frag)) & ~7; |
1048 | if (len < 8) { | | 1043 | if (len < 8) { |
1049 | error = EMSGSIZE; | | 1044 | error = EMSGSIZE; |
1050 | in6_ifstat_inc(ifp, ifs6_out_fragfail); | | 1045 | in6_ifstat_inc(ifp, ifs6_out_fragfail); |
1051 | goto bad; | | 1046 | goto bad; |
1052 | } | | 1047 | } |
1053 | | | 1048 | |
1054 | mnext = &m->m_nextpkt; | | 1049 | mnext = &m->m_nextpkt; |
1055 | | | 1050 | |
1056 | /* | | 1051 | /* |
1057 | * Change the next header field of the last header in the | | 1052 | * Change the next header field of the last header in the |
1058 | * unfragmentable part. | | 1053 | * unfragmentable part. |
1059 | */ | | 1054 | */ |
1060 | if (exthdrs.ip6e_rthdr) { | | 1055 | if (exthdrs.ip6e_rthdr) { |
1061 | nextproto = *mtod(exthdrs.ip6e_rthdr, u_char *); | | 1056 | nextproto = *mtod(exthdrs.ip6e_rthdr, u_char *); |
1062 | *mtod(exthdrs.ip6e_rthdr, u_char *) = IPPROTO_FRAGMENT; | | 1057 | *mtod(exthdrs.ip6e_rthdr, u_char *) = IPPROTO_FRAGMENT; |
1063 | } else if (exthdrs.ip6e_dest1) { | | 1058 | } else if (exthdrs.ip6e_dest1) { |
1064 | nextproto = *mtod(exthdrs.ip6e_dest1, u_char *); | | 1059 | nextproto = *mtod(exthdrs.ip6e_dest1, u_char *); |
1065 | *mtod(exthdrs.ip6e_dest1, u_char *) = IPPROTO_FRAGMENT; | | 1060 | *mtod(exthdrs.ip6e_dest1, u_char *) = IPPROTO_FRAGMENT; |
1066 | } else if (exthdrs.ip6e_hbh) { | | 1061 | } else if (exthdrs.ip6e_hbh) { |
1067 | nextproto = *mtod(exthdrs.ip6e_hbh, u_char *); | | 1062 | nextproto = *mtod(exthdrs.ip6e_hbh, u_char *); |
1068 | *mtod(exthdrs.ip6e_hbh, u_char *) = IPPROTO_FRAGMENT; | | 1063 | *mtod(exthdrs.ip6e_hbh, u_char *) = IPPROTO_FRAGMENT; |
1069 | } else { | | 1064 | } else { |
1070 | nextproto = ip6->ip6_nxt; | | 1065 | nextproto = ip6->ip6_nxt; |
1071 | ip6->ip6_nxt = IPPROTO_FRAGMENT; | | 1066 | ip6->ip6_nxt = IPPROTO_FRAGMENT; |
1072 | } | | 1067 | } |
1073 | | | 1068 | |
1074 | if ((m->m_pkthdr.csum_flags & (M_CSUM_UDPv6|M_CSUM_TCPv6)) | | 1069 | if ((m->m_pkthdr.csum_flags & (M_CSUM_UDPv6|M_CSUM_TCPv6)) |
1075 | != 0) { | | 1070 | != 0) { |
1076 | if (IN6_NEED_CHECKSUM(ifp, | | 1071 | if (IN6_NEED_CHECKSUM(ifp, |
1077 | m->m_pkthdr.csum_flags & | | 1072 | m->m_pkthdr.csum_flags & |
1078 | (M_CSUM_UDPv6|M_CSUM_TCPv6))) { | | 1073 | (M_CSUM_UDPv6|M_CSUM_TCPv6))) { |
1079 | in6_delayed_cksum(m); | | 1074 | in6_delayed_cksum(m); |
1080 | } | | 1075 | } |
1081 | m->m_pkthdr.csum_flags &= ~(M_CSUM_UDPv6|M_CSUM_TCPv6); | | 1076 | m->m_pkthdr.csum_flags &= ~(M_CSUM_UDPv6|M_CSUM_TCPv6); |
1082 | } | | 1077 | } |
1083 | | | 1078 | |
1084 | /* | | 1079 | /* |
1085 | * Loop through length of segment after first fragment, | | 1080 | * Loop through length of segment after first fragment, |
1086 | * make new header and copy data of each part and link onto | | 1081 | * make new header and copy data of each part and link onto |
1087 | * chain. | | 1082 | * chain. |
1088 | */ | | 1083 | */ |
1089 | m0 = m; | | 1084 | m0 = m; |
1090 | for (off = hlen; off < tlen; off += len) { | | 1085 | for (off = hlen; off < tlen; off += len) { |
1091 | struct mbuf *mlast; | | 1086 | struct mbuf *mlast; |
1092 | | | 1087 | |
1093 | MGETHDR(m, M_DONTWAIT, MT_HEADER); | | 1088 | MGETHDR(m, M_DONTWAIT, MT_HEADER); |
1094 | if (!m) { | | 1089 | if (!m) { |
1095 | error = ENOBUFS; | | 1090 | error = ENOBUFS; |
1096 | IP6_STATINC(IP6_STAT_ODROPPED); | | 1091 | IP6_STATINC(IP6_STAT_ODROPPED); |
1097 | goto sendorfree; | | 1092 | goto sendorfree; |
1098 | } | | 1093 | } |
1099 | m->m_pkthdr.rcvif = NULL; | | 1094 | m->m_pkthdr.rcvif = NULL; |
1100 | m->m_flags = m0->m_flags & M_COPYFLAGS; | | 1095 | m->m_flags = m0->m_flags & M_COPYFLAGS; |
1101 | *mnext = m; | | 1096 | *mnext = m; |
1102 | mnext = &m->m_nextpkt; | | 1097 | mnext = &m->m_nextpkt; |
1103 | m->m_data += max_linkhdr; | | 1098 | m->m_data += max_linkhdr; |
1104 | mhip6 = mtod(m, struct ip6_hdr *); | | 1099 | mhip6 = mtod(m, struct ip6_hdr *); |
1105 | *mhip6 = *ip6; | | 1100 | *mhip6 = *ip6; |
1106 | m->m_len = sizeof(*mhip6); | | 1101 | m->m_len = sizeof(*mhip6); |
1107 | error = ip6_insertfraghdr(m0, m, hlen, &ip6f); | | 1102 | error = ip6_insertfraghdr(m0, m, hlen, &ip6f); |
1108 | if (error) { | | 1103 | if (error) { |
1109 | IP6_STATINC(IP6_STAT_ODROPPED); | | 1104 | IP6_STATINC(IP6_STAT_ODROPPED); |
1110 | goto sendorfree; | | 1105 | goto sendorfree; |
1111 | } | | 1106 | } |
1112 | ip6f->ip6f_offlg = htons((u_int16_t)((off - hlen) & ~7)); | | 1107 | ip6f->ip6f_offlg = htons((u_int16_t)((off - hlen) & ~7)); |
1113 | if (off + len >= tlen) | | 1108 | if (off + len >= tlen) |
1114 | len = tlen - off; | | 1109 | len = tlen - off; |
1115 | else | | 1110 | else |
1116 | ip6f->ip6f_offlg |= IP6F_MORE_FRAG; | | 1111 | ip6f->ip6f_offlg |= IP6F_MORE_FRAG; |
1117 | mhip6->ip6_plen = htons((u_int16_t)(len + hlen + | | 1112 | mhip6->ip6_plen = htons((u_int16_t)(len + hlen + |
1118 | sizeof(*ip6f) - sizeof(struct ip6_hdr))); | | 1113 | sizeof(*ip6f) - sizeof(struct ip6_hdr))); |
1119 | if ((m_frgpart = m_copy(m0, off, len)) == 0) { | | 1114 | if ((m_frgpart = m_copy(m0, off, len)) == 0) { |
1120 | error = ENOBUFS; | | 1115 | error = ENOBUFS; |
1121 | IP6_STATINC(IP6_STAT_ODROPPED); | | 1116 | IP6_STATINC(IP6_STAT_ODROPPED); |
1122 | goto sendorfree; | | 1117 | goto sendorfree; |
1123 | } | | 1118 | } |
1124 | for (mlast = m; mlast->m_next; mlast = mlast->m_next) | | 1119 | for (mlast = m; mlast->m_next; mlast = mlast->m_next) |
1125 | ; | | 1120 | ; |
1126 | mlast->m_next = m_frgpart; | | 1121 | mlast->m_next = m_frgpart; |
1127 | m->m_pkthdr.len = len + hlen + sizeof(*ip6f); | | 1122 | m->m_pkthdr.len = len + hlen + sizeof(*ip6f); |
1128 | m->m_pkthdr.rcvif = (struct ifnet *)0; | | 1123 | m->m_pkthdr.rcvif = (struct ifnet *)0; |
1129 | ip6f->ip6f_reserved = 0; | | 1124 | ip6f->ip6f_reserved = 0; |
1130 | ip6f->ip6f_ident = id; | | 1125 | ip6f->ip6f_ident = id; |
1131 | ip6f->ip6f_nxt = nextproto; | | 1126 | ip6f->ip6f_nxt = nextproto; |
1132 | IP6_STATINC(IP6_STAT_OFRAGMENTS); | | 1127 | IP6_STATINC(IP6_STAT_OFRAGMENTS); |
1133 | in6_ifstat_inc(ifp, ifs6_out_fragcreat); | | 1128 | in6_ifstat_inc(ifp, ifs6_out_fragcreat); |
1134 | } | | 1129 | } |
1135 | | | 1130 | |
1136 | in6_ifstat_inc(ifp, ifs6_out_fragok); | | 1131 | in6_ifstat_inc(ifp, ifs6_out_fragok); |
1137 | } | | 1132 | } |
1138 | | | 1133 | |
1139 | /* | | 1134 | /* |
1140 | * Remove leading garbages. | | 1135 | * Remove leading garbages. |
1141 | */ | | 1136 | */ |
1142 | sendorfree: | | 1137 | sendorfree: |
1143 | m = m0->m_nextpkt; | | 1138 | m = m0->m_nextpkt; |
1144 | m0->m_nextpkt = 0; | | 1139 | m0->m_nextpkt = 0; |
1145 | m_freem(m0); | | 1140 | m_freem(m0); |
1146 | for (m0 = m; m; m = m0) { | | 1141 | for (m0 = m; m; m = m0) { |
1147 | m0 = m->m_nextpkt; | | 1142 | m0 = m->m_nextpkt; |
1148 | m->m_nextpkt = 0; | | 1143 | m->m_nextpkt = 0; |
1149 | if (error == 0) { | | 1144 | if (error == 0) { |
1150 | struct in6_ifaddr *ia6; | | 1145 | struct in6_ifaddr *ia6; |
1151 | ip6 = mtod(m, struct ip6_hdr *); | | 1146 | ip6 = mtod(m, struct ip6_hdr *); |
1152 | ia6 = in6_ifawithifp(ifp, &ip6->ip6_src); | | 1147 | ia6 = in6_ifawithifp(ifp, &ip6->ip6_src); |
1153 | if (ia6) { | | 1148 | if (ia6) { |