1 /* 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $FreeBSD$ 30 */ 31 32 /* 33 * Copyright (c) 1982, 1986, 1988, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. All advertising materials mentioning features or use of this software 45 * must display the following acknowledgement: 46 * This product includes software developed by the University of 47 * California, Berkeley and its contributors. 48 * 4. Neither the name of the University nor the names of its contributors 49 * may be used to endorse or promote products derived from this software 50 * without specific prior written permission. 51 * 52 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 53 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 54 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 55 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 56 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 57 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 58 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 59 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 60 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 61 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 62 * SUCH DAMAGE. 63 * 64 * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94 65 */ 66 67 #include "opt_ipsec.h" 68 69 #include <sys/param.h> 70 #include <sys/systm.h> 71 #include <sys/malloc.h> 72 #include <sys/mbuf.h> 73 #include <sys/protosw.h> 74 #include <sys/socket.h> 75 #include <sys/socketvar.h> 76 #include <sys/time.h> 77 #include <sys/kernel.h> 78 #include <sys/syslog.h> 79 #include <sys/domain.h> 80 81 #include <net/if.h> 82 #include <net/route.h> 83 #include <net/if_dl.h> 84 #include <net/if_types.h> 85 86 #include <netinet/in.h> 87 #include <netinet/in_var.h> 88 #include <netinet6/ip6.h> 89 #include <netinet6/ip6_var.h> 90 #include <netinet6/icmp6.h> 91 #include <netinet6/mld6_var.h> 92 #include <netinet/in_pcb.h> 93 #include <netinet6/nd6.h> 94 #include <netinet6/in6_ifattach.h> 95 #include <netinet6/ip6protosw.h> 96 97 #ifdef IPSEC 98 #include <netinet6/ipsec.h> 99 #include <netinet6/ah.h> 100 #include <netinet6/ipsec6.h> 101 #include <netinet6/ah6.h> 102 #include <netkey/key.h> 103 #ifdef IPSEC_DEBUG 104 #include <netkey/key_debug.h> 105 #else 106 #define KEYDEBUG(lev,arg) 107 #endif 108 #endif /* IPSEC */ 109 110 #include "faith.h" 111 112 #include <net/net_osdep.h> 113 114 extern struct domain inet6domain; 115 extern struct ip6protosw inet6sw[]; 116 extern u_char ip6_protox[]; 117 118 struct icmp6stat icmp6stat; 119 120 extern struct inpcbhead ripcb; 121 extern u_int icmp6errratelim; 122 123 static int icmp6_rip6_input __P((struct mbuf **, int)); 124 static int icmp6_ratelimit __P((const struct in6_addr *, const int, const int)); 125 static const char *icmp6_redirect_diag __P((struct in6_addr *, 126 struct in6_addr *, 127 struct in6_addr *)); 128 static struct mbuf *ni6_input __P((struct mbuf *, int)); 129 static int ni6_addrs __P((struct icmp6_nodeinfo *, struct mbuf *, 130 struct ifnet **)); 131 static int ni6_store_addrs __P((struct icmp6_nodeinfo *, 132 struct icmp6_nodeinfo *, 133 struct ifnet *, int)); 134 135 #ifdef COMPAT_RFC1885 136 static struct route_in6 icmp6_reflect_rt; 137 #endif 138 static struct timeval icmp6_nextsend = {0, 0}; 139 140 void 141 icmp6_init() 142 { 143 mld6_init(); 144 } 145 146 /* 147 * Generate an error packet of type error in response to bad IP6 packet. 148 */ 149 void 150 icmp6_error(m, type, code, param) 151 struct mbuf *m; 152 int type, code, param; 153 { 154 struct ip6_hdr *oip6, *nip6; 155 struct icmp6_hdr *icmp6; 156 u_int prep; 157 int off; 158 u_char nxt; 159 160 icmp6stat.icp6s_error++; 161 162 if (m->m_flags & M_DECRYPTED) 163 goto freeit; 164 165 oip6 = mtod(m, struct ip6_hdr *); 166 167 /* 168 * Multicast destination check. For unrecognized option errors, 169 * this check has already done in ip6_unknown_opt(), so we can 170 * check only for other errors. 171 */ 172 if ((m->m_flags & (M_BCAST|M_MCAST) || 173 IN6_IS_ADDR_MULTICAST(&oip6->ip6_dst)) && 174 (type != ICMP6_PACKET_TOO_BIG && 175 (type != ICMP6_PARAM_PROB || 176 code != ICMP6_PARAMPROB_OPTION))) 177 goto freeit; 178 179 /* Source address check. XXX: the case of anycast source? */ 180 if (IN6_IS_ADDR_UNSPECIFIED(&oip6->ip6_src) || 181 IN6_IS_ADDR_MULTICAST(&oip6->ip6_src)) 182 goto freeit; 183 184 /* 185 * If the erroneous packet is also an ICMP error, discard it. 186 */ 187 IP6_EXTHDR_CHECK(m, 0, sizeof(struct ip6_hdr), ); 188 off = sizeof(struct ip6_hdr); 189 nxt = oip6->ip6_nxt; 190 while(1) { /* XXX: should avoid inf. loop explicitly? */ 191 struct ip6_ext *ip6e; 192 struct icmp6_hdr *icp; 193 194 switch(nxt) { 195 case IPPROTO_IPV6: 196 case IPPROTO_IPV4: 197 case IPPROTO_UDP: 198 case IPPROTO_TCP: 199 case IPPROTO_ESP: 200 case IPPROTO_FRAGMENT: 201 /* 202 * ICMPv6 error must not be fragmented. 203 * XXX: but can we trust the sender? 204 */ 205 default: 206 /* What if unknown header followed by ICMP error? */ 207 goto generate; 208 case IPPROTO_ICMPV6: 209 IP6_EXTHDR_CHECK(m, 0, off + sizeof(struct icmp6_hdr), ); 210 icp = (struct icmp6_hdr *)(mtod(m, caddr_t) + off); 211 if (icp->icmp6_type < ICMP6_ECHO_REQUEST 212 || icp->icmp6_type == ND_REDIRECT) { 213 /* 214 * ICMPv6 error 215 * Special case: for redirect (which is 216 * informational) we must not send icmp6 error. 217 */ 218 icmp6stat.icp6s_canterror++; 219 goto freeit; 220 } else { 221 /* ICMPv6 informational */ 222 goto generate; 223 } 224 case IPPROTO_HOPOPTS: 225 case IPPROTO_DSTOPTS: 226 case IPPROTO_ROUTING: 227 case IPPROTO_AH: 228 IP6_EXTHDR_CHECK(m, 0, off + sizeof(struct ip6_ext), ); 229 ip6e = (struct ip6_ext *)(mtod(m, caddr_t) + off); 230 if (nxt == IPPROTO_AH) 231 off += (ip6e->ip6e_len + 2) << 2; 232 else 233 off += (ip6e->ip6e_len + 1) << 3; 234 nxt = ip6e->ip6e_nxt; 235 break; 236 } 237 } 238 239 freeit: 240 /* 241 * If we can't tell wheter or not we can generate ICMP6, free it. 242 */ 243 m_freem(m); 244 return; 245 246 generate: 247 oip6 = mtod(m, struct ip6_hdr *); /* adjust pointer */ 248 249 /* Finally, do rate limitation check. */ 250 if (icmp6_ratelimit(&oip6->ip6_src, type, code)) { 251 icmp6stat.icp6s_toofreq++; 252 goto freeit; 253 } 254 255 /* 256 * OK, ICMP6 can be generated. 257 */ 258 259 if (m->m_pkthdr.len >= ICMPV6_PLD_MAXLEN) 260 m_adj(m, ICMPV6_PLD_MAXLEN - m->m_pkthdr.len); 261 262 prep = sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr); 263 M_PREPEND(m, prep, M_DONTWAIT); 264 if (m && m->m_len < prep) 265 m = m_pullup(m, prep); 266 if (m == NULL) { 267 printf("ENOBUFS in icmp6_error %d\n", __LINE__); 268 return; 269 } 270 271 nip6 = mtod(m, struct ip6_hdr *); 272 nip6->ip6_src = oip6->ip6_src; 273 nip6->ip6_dst = oip6->ip6_dst; 274 275 if (IN6_IS_SCOPE_LINKLOCAL(&oip6->ip6_src)) 276 oip6->ip6_src.s6_addr16[1] = 0; 277 if (IN6_IS_SCOPE_LINKLOCAL(&oip6->ip6_dst)) 278 oip6->ip6_dst.s6_addr16[1] = 0; 279 280 icmp6 = (struct icmp6_hdr *)(nip6 + 1); 281 icmp6->icmp6_type = type; 282 icmp6->icmp6_code = code; 283 icmp6->icmp6_pptr = htonl((u_int32_t)param); 284 285 icmp6stat.icp6s_outhist[type]++; 286 icmp6_reflect(m, sizeof(struct ip6_hdr)); /*header order: IPv6 - ICMPv6*/ 287 } 288 289 /* 290 * Process a received ICMP6 message. 291 */ 292 int 293 icmp6_input(mp, offp, proto) 294 struct mbuf **mp; 295 int *offp, proto; 296 { 297 struct mbuf *m = *mp, *n; 298 struct ip6_hdr *ip6, *nip6; 299 struct icmp6_hdr *icmp6, *nicmp6; 300 int off = *offp; 301 int icmp6len = m->m_pkthdr.len - *offp; 302 int code, sum, noff; 303 struct sockaddr_in6 icmp6src; 304 305 IP6_EXTHDR_CHECK(m, off, sizeof(struct icmp6_hdr), IPPROTO_DONE); 306 /* m might change if M_LOOP. So, call mtod after this */ 307 308 /* 309 * Locate icmp6 structure in mbuf, and check 310 * that not corrupted and of at least minimum length 311 */ 312 313 ip6 = mtod(m, struct ip6_hdr *); 314 if (icmp6len < sizeof(struct icmp6_hdr)) { 315 icmp6stat.icp6s_tooshort++; 316 goto freeit; 317 } 318 319 /* 320 * calculate the checksum 321 */ 322 323 icmp6 = (struct icmp6_hdr *)((caddr_t)ip6 + off); 324 code = icmp6->icmp6_code; 325 326 if ((sum = in6_cksum(m, IPPROTO_ICMPV6, off, icmp6len)) != 0) { 327 log(LOG_ERR, 328 "ICMP6 checksum error(%d|%x) %s\n", 329 icmp6->icmp6_type, 330 sum, 331 ip6_sprintf(&ip6->ip6_src)); 332 icmp6stat.icp6s_checksum++; 333 goto freeit; 334 } 335 336 #if defined(NFAITH) && 0 < NFAITH 337 if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 338 /* 339 * Deliver very specific ICMP6 type only. 340 * This is important to deilver TOOBIG. Otherwise PMTUD 341 * will not work. 342 */ 343 switch (icmp6->icmp6_type) { 344 case ICMP6_DST_UNREACH: 345 case ICMP6_PACKET_TOO_BIG: 346 case ICMP6_TIME_EXCEEDED: 347 break; 348 default: 349 goto freeit; 350 } 351 } 352 #endif 353 354 #ifdef IPSEC 355 /* drop it if it does not match the default policy */ 356 if (ipsec6_in_reject(m, NULL)) { 357 ipsecstat.in_polvio++; 358 goto freeit; 359 } 360 #endif 361 362 icmp6stat.icp6s_inhist[icmp6->icmp6_type]++; 363 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_msg); 364 if (icmp6->icmp6_type < ICMP6_INFOMSG_MASK) 365 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_error); 366 367 switch (icmp6->icmp6_type) { 368 369 case ICMP6_DST_UNREACH: 370 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_dstunreach); 371 switch (code) { 372 case ICMP6_DST_UNREACH_NOROUTE: 373 code = PRC_UNREACH_NET; 374 break; 375 case ICMP6_DST_UNREACH_ADMIN: 376 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_adminprohib); 377 case ICMP6_DST_UNREACH_ADDR: 378 code = PRC_UNREACH_HOST; 379 break; 380 case ICMP6_DST_UNREACH_NOTNEIGHBOR: 381 code = PRC_UNREACH_SRCFAIL; 382 break; 383 case ICMP6_DST_UNREACH_NOPORT: 384 code = PRC_UNREACH_PORT; 385 break; 386 default: 387 goto badcode; 388 } 389 goto deliver; 390 break; 391 392 case ICMP6_PACKET_TOO_BIG: 393 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_pkttoobig); 394 if (code != 0) 395 goto badcode; 396 { 397 u_int mtu = ntohl(icmp6->icmp6_mtu); 398 struct rtentry *rt = NULL; 399 struct sockaddr_in6 sin6; 400 401 code = PRC_MSGSIZE; 402 bzero(&sin6, sizeof(sin6)); 403 sin6.sin6_family = PF_INET6; 404 sin6.sin6_len = sizeof(struct sockaddr_in6); 405 sin6.sin6_addr = ((struct ip6_hdr *)(icmp6 + 1))->ip6_dst; 406 rt = rtalloc1((struct sockaddr *)&sin6, 0, 407 RTF_CLONING | RTF_PRCLONING); 408 if (rt && (rt->rt_flags & RTF_HOST) 409 && !(rt->rt_rmx.rmx_locks & RTV_MTU)) { 410 if (mtu < IPV6_MMTU) { 411 /* xxx */ 412 rt->rt_rmx.rmx_locks |= RTV_MTU; 413 } else if (mtu < rt->rt_ifp->if_mtu && 414 rt->rt_rmx.rmx_mtu > mtu) { 415 rt->rt_rmx.rmx_mtu = mtu; 416 } 417 } 418 if (rt) 419 RTFREE(rt); 420 421 goto deliver; 422 } 423 break; 424 425 case ICMP6_TIME_EXCEEDED: 426 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_timeexceed); 427 switch (code) { 428 case ICMP6_TIME_EXCEED_TRANSIT: 429 case ICMP6_TIME_EXCEED_REASSEMBLY: 430 code += PRC_TIMXCEED_INTRANS; 431 break; 432 default: 433 goto badcode; 434 } 435 goto deliver; 436 break; 437 438 case ICMP6_PARAM_PROB: 439 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_paramprob); 440 switch (code) { 441 case ICMP6_PARAMPROB_NEXTHEADER: 442 code = PRC_UNREACH_PROTOCOL; 443 break; 444 case ICMP6_PARAMPROB_HEADER: 445 case ICMP6_PARAMPROB_OPTION: 446 code = PRC_PARAMPROB; 447 break; 448 default: 449 goto badcode; 450 } 451 goto deliver; 452 break; 453 454 case ICMP6_ECHO_REQUEST: 455 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_echo); 456 if (code != 0) 457 goto badcode; 458 if ((n = m_copy(m, 0, M_COPYALL)) == NULL) { 459 /* Give up remote */ 460 break; 461 } 462 if (n->m_flags & M_EXT) { 463 int gap, move; 464 struct mbuf *n0 = n; 465 466 /* 467 * Prepare an internal mbuf. m_pullup() doesn't 468 * always copy the length we specified. 469 */ 470 MGETHDR(n, M_DONTWAIT, n0->m_type); 471 if (n == NULL) { 472 /* Give up remote */ 473 m_freem(n0); 474 break; 475 } 476 M_COPY_PKTHDR(n, n0); 477 n0->m_flags &= ~M_PKTHDR; 478 n->m_next = n0; 479 /* 480 * Copy IPv6 and ICMPv6 only. 481 */ 482 nip6 = mtod(n, struct ip6_hdr *); 483 bcopy(ip6, nip6, sizeof(struct ip6_hdr)); 484 nicmp6 = (struct icmp6_hdr *)(nip6 + 1); 485 bcopy(icmp6, nicmp6, sizeof(struct icmp6_hdr)); 486 /* 487 * Adjust mbuf. ip6_plen will be adjusted. 488 */ 489 noff = sizeof(struct ip6_hdr); 490 n->m_len = noff + sizeof(struct icmp6_hdr); 491 move = off + sizeof(struct icmp6_hdr); 492 n0->m_len -= move; 493 n0->m_data += move; 494 gap = off - noff; 495 n->m_pkthdr.len -= gap; 496 } else { 497 nip6 = mtod(n, struct ip6_hdr *); 498 nicmp6 = (struct icmp6_hdr *)((caddr_t)nip6 + off); 499 noff = off; 500 } 501 nicmp6->icmp6_type = ICMP6_ECHO_REPLY; 502 nicmp6->icmp6_code = 0; 503 if (n) { 504 icmp6stat.icp6s_reflect++; 505 icmp6stat.icp6s_outhist[ICMP6_ECHO_REPLY]++; 506 icmp6_reflect(n, noff); 507 } 508 break; 509 510 case ICMP6_ECHO_REPLY: 511 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_echoreply); 512 if (code != 0) 513 goto badcode; 514 break; 515 516 case MLD6_LISTENER_QUERY: 517 case MLD6_LISTENER_REPORT: 518 if (icmp6len < sizeof(struct mld6_hdr)) 519 goto badlen; 520 if (icmp6->icmp6_type == MLD6_LISTENER_QUERY) /* XXX: ugly... */ 521 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mldquery); 522 else 523 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mldreport); 524 IP6_EXTHDR_CHECK(m, off, icmp6len, IPPROTO_DONE); 525 mld6_input(m, off); 526 /* m stays. */ 527 break; 528 529 case MLD6_LISTENER_DONE: 530 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_mlddone); 531 if (icmp6len < sizeof(struct mld6_hdr)) /* necessary? */ 532 goto badlen; 533 break; /* nothing to be done in kernel */ 534 535 case MLD6_MTRACE_RESP: 536 case MLD6_MTRACE: 537 /* XXX: these two are experimental. not officially defind. */ 538 /* XXX: per-interface statistics? */ 539 break; /* just pass it to the userland daemon */ 540 541 case ICMP6_WRUREQUEST: /* ICMP6_FQDN_QUERY */ 542 { 543 enum { WRU, FQDN } mode; 544 545 if (code != 0) 546 goto badcode; 547 if (icmp6len == sizeof(struct icmp6_hdr) + 4) 548 mode = WRU; 549 else if (icmp6len >= sizeof(struct icmp6_hdr) + 8) /* XXX */ 550 mode = FQDN; 551 else 552 goto badlen; 553 554 #define hostnamelen strlen(hostname) 555 if (mode == FQDN) { 556 IP6_EXTHDR_CHECK(m, off, sizeof(struct icmp6_nodeinfo), 557 IPPROTO_DONE); 558 n = ni6_input(m, off); 559 noff = sizeof(struct ip6_hdr); 560 } else { 561 u_char *p; 562 563 MGETHDR(n, M_DONTWAIT, m->m_type); 564 if (n == NULL) { 565 /* Give up remote */ 566 break; 567 } 568 /* 569 * Copy IPv6 and ICMPv6 only. 570 */ 571 nip6 = mtod(n, struct ip6_hdr *); 572 bcopy(ip6, nip6, sizeof(struct ip6_hdr)); 573 nicmp6 = (struct icmp6_hdr *)(nip6 + 1); 574 bcopy(icmp6, nicmp6, sizeof(struct icmp6_hdr)); 575 p = (u_char *)(nicmp6 + 1); 576 bzero(p, 4); 577 bcopy(hostname, p + 4, hostnamelen); 578 noff = sizeof(struct ip6_hdr); 579 M_COPY_PKTHDR(n, m); /* just for recvif */ 580 n->m_pkthdr.len = n->m_len = sizeof(struct ip6_hdr) + 581 sizeof(struct icmp6_hdr) + 4 + hostnamelen; 582 nicmp6->icmp6_type = ICMP6_WRUREPLY; 583 nicmp6->icmp6_code = 0; 584 } 585 #undef hostnamelen 586 if (n) { 587 icmp6stat.icp6s_reflect++; 588 icmp6stat.icp6s_outhist[ICMP6_WRUREPLY]++; 589 icmp6_reflect(n, noff); 590 } 591 break; 592 } 593 594 case ICMP6_WRUREPLY: 595 if (code != 0) 596 goto badcode; 597 break; 598 599 case ND_ROUTER_SOLICIT: 600 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_routersolicit); 601 if (code != 0) 602 goto badcode; 603 if (icmp6len < sizeof(struct nd_router_solicit)) 604 goto badlen; 605 IP6_EXTHDR_CHECK(m, off, icmp6len, IPPROTO_DONE); 606 nd6_rs_input(m, off, icmp6len); 607 /* m stays. */ 608 break; 609 610 case ND_ROUTER_ADVERT: 611 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_routeradvert); 612 if (code != 0) 613 goto badcode; 614 if (icmp6len < sizeof(struct nd_router_advert)) 615 goto badlen; 616 IP6_EXTHDR_CHECK(m, off, icmp6len, IPPROTO_DONE); 617 nd6_ra_input(m, off, icmp6len); 618 /* m stays. */ 619 break; 620 621 case ND_NEIGHBOR_SOLICIT: 622 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_neighborsolicit); 623 if (code != 0) 624 goto badcode; 625 if (icmp6len < sizeof(struct nd_neighbor_solicit)) 626 goto badlen; 627 IP6_EXTHDR_CHECK(m, off, icmp6len, IPPROTO_DONE); 628 nd6_ns_input(m, off, icmp6len); 629 /* m stays. */ 630 break; 631 632 case ND_NEIGHBOR_ADVERT: 633 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_neighboradvert); 634 if (code != 0) 635 goto badcode; 636 if (icmp6len < sizeof(struct nd_neighbor_advert)) 637 goto badlen; 638 IP6_EXTHDR_CHECK(m, off, icmp6len, IPPROTO_DONE); 639 nd6_na_input(m, off, icmp6len); 640 /* m stays. */ 641 break; 642 643 case ND_REDIRECT: 644 icmp6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_redirect); 645 if (code != 0) 646 goto badcode; 647 if (icmp6len < sizeof(struct nd_redirect)) 648 goto badlen; 649 icmp6_redirect_input(m, off); 650 /* m stays. */ 651 break; 652 653 case ICMP6_ROUTER_RENUMBERING: 654 if (code != ICMP6_ROUTER_RENUMBERING_COMMAND && 655 code != ICMP6_ROUTER_RENUMBERING_RESULT) 656 goto badcode; 657 if (icmp6len < sizeof(struct icmp6_router_renum)) 658 goto badlen; 659 break; 660 661 default: 662 printf("icmp6_input: unknown type %d(src=%s, dst=%s, ifid=%d)\n", 663 icmp6->icmp6_type, ip6_sprintf(&ip6->ip6_src), 664 ip6_sprintf(&ip6->ip6_dst), 665 m->m_pkthdr.rcvif ? m->m_pkthdr.rcvif->if_index : 0); 666 if (icmp6->icmp6_type < ICMP6_ECHO_REQUEST) { 667 /* ICMPv6 error: MUST deliver it by spec... */ 668 code = PRC_NCMDS; 669 /* deliver */ 670 } else { 671 /* ICMPv6 informational: MUST not deliver */ 672 break; 673 } 674 deliver: 675 if (icmp6len < sizeof(struct icmp6_hdr) + sizeof(struct ip6_hdr)) { 676 icmp6stat.icp6s_tooshort++; 677 goto freeit; 678 } 679 IP6_EXTHDR_CHECK(m, off, 680 sizeof(struct icmp6_hdr) + sizeof(struct ip6_hdr), 681 IPPROTO_DONE); 682 icmp6 = (struct icmp6_hdr *)(mtod(m, caddr_t) + off); 683 bzero(&icmp6src, sizeof(icmp6src)); 684 icmp6src.sin6_len = sizeof(struct sockaddr_in6); 685 icmp6src.sin6_family = AF_INET6; 686 icmp6src.sin6_addr = ((struct ip6_hdr *)(icmp6 + 1))->ip6_dst; 687 688 /* Detect the upper level protocol */ 689 { 690 void (*ctlfunc) __P((int, struct sockaddr *, void *)); 691 struct ip6_hdr *eip6 = (struct ip6_hdr *)(icmp6 + 1); 692 u_int8_t nxt = eip6->ip6_nxt; 693 int eoff = off + sizeof(struct icmp6_hdr) + 694 sizeof(struct ip6_hdr); 695 struct ip6ctlparam ip6cp; 696 697 while (1) { /* XXX: should avoid inf. loop explicitly? */ 698 struct ip6_ext *eh; 699 700 switch(nxt) { 701 case IPPROTO_ESP: 702 case IPPROTO_NONE: 703 goto passit; 704 case IPPROTO_HOPOPTS: 705 case IPPROTO_DSTOPTS: 706 case IPPROTO_ROUTING: 707 case IPPROTO_AH: 708 case IPPROTO_FRAGMENT: 709 IP6_EXTHDR_CHECK(m, 0, eoff + 710 sizeof(struct ip6_ext), 711 IPPROTO_DONE); 712 eh = (struct ip6_ext *)(mtod(m, caddr_t) 713 + eoff); 714 if (nxt == IPPROTO_AH) 715 eoff += (eh->ip6e_len + 2) << 2; 716 else if (nxt == IPPROTO_FRAGMENT) 717 eoff += sizeof(struct ip6_frag); 718 else 719 eoff += (eh->ip6e_len + 1) << 3; 720 nxt = eh->ip6e_nxt; 721 break; 722 default: 723 goto notify; 724 } 725 } 726 notify: 727 icmp6 = (struct icmp6_hdr *)(mtod(m, caddr_t) + off); 728 ctlfunc = (void (*) __P((int, struct sockaddr *, void *))) 729 (inet6sw[ip6_protox[nxt]].pr_ctlinput); 730 if (ctlfunc) { 731 ip6cp.ip6c_m = m; 732 ip6cp.ip6c_ip6 = (struct ip6_hdr *)(icmp6 + 1); 733 ip6cp.ip6c_off = eoff; 734 (*ctlfunc)(code, (struct sockaddr *)&icmp6src, &ip6cp); 735 } 736 } 737 break; 738 739 badcode: 740 icmp6stat.icp6s_badcode++; 741 break; 742 743 badlen: 744 icmp6stat.icp6s_badlen++; 745 break; 746 } 747 748 passit: 749 icmp6_rip6_input(&m, *offp); 750 return IPPROTO_DONE; 751 752 freeit: 753 m_freem(m); 754 return IPPROTO_DONE; 755 } 756 757 /* 758 * Process a Node Information Query 759 */ 760 #define hostnamelen strlen(hostname) 761 #ifndef offsetof /* XXX */ 762 #define offsetof(type, member) ((size_t)(&((type *)0)->member)) 763 #endif 764 765 static struct mbuf * 766 ni6_input(m, off) 767 struct mbuf *m; 768 int off; 769 { 770 struct icmp6_nodeinfo *ni6 = 771 (struct icmp6_nodeinfo *)(mtod(m, caddr_t) + off), *nni6; 772 struct mbuf *n = NULL; 773 u_int16_t qtype = ntohs(ni6->ni_qtype); 774 int replylen = sizeof(struct ip6_hdr) + sizeof(struct icmp6_nodeinfo); 775 struct ni_reply_fqdn *fqdn; 776 int addrs; /* for NI_QTYPE_NODEADDR */ 777 struct ifnet *ifp = NULL; /* for NI_QTYPE_NODEADDR */ 778 779 switch(qtype) { 780 case NI_QTYPE_NOOP: 781 break; /* no reply data */ 782 case NI_QTYPE_SUPTYPES: 783 goto bad; /* xxx: to be implemented */ 784 break; 785 case NI_QTYPE_FQDN: 786 replylen += offsetof(struct ni_reply_fqdn, ni_fqdn_name) + 787 hostnamelen; 788 break; 789 case NI_QTYPE_NODEADDR: 790 addrs = ni6_addrs(ni6, m, &ifp); 791 if ((replylen += addrs * sizeof(struct in6_addr)) > MCLBYTES) 792 replylen = MCLBYTES; /* XXX: we'll truncate later */ 793 794 break; 795 default: 796 /* 797 * XXX: We must return a reply with the ICMP6 code 798 * `unknown Qtype' in this case. However we regard the case 799 * as an FQDN query for backward compatibility. 800 * Older versions set a random value to this field, 801 * so it rarely varies in the defined qtypes. 802 * But the mechanism is not reliable... 803 * maybe we should obsolete older versions. 804 */ 805 qtype = NI_QTYPE_FQDN; 806 replylen += offsetof(struct ni_reply_fqdn, ni_fqdn_name) + 807 hostnamelen; 808 break; 809 } 810 811 /* allocate a mbuf to reply. */ 812 MGETHDR(n, M_DONTWAIT, m->m_type); 813 if (n == NULL) 814 return(NULL); 815 M_COPY_PKTHDR(n, m); /* just for recvif */ 816 if (replylen > MHLEN) { 817 if (replylen > MCLBYTES) 818 /* 819 * XXX: should we try to allocate more? But MCLBYTES is 820 * probably much larger than IPV6_MMTU... 821 */ 822 goto bad; 823 MCLGET(n, M_DONTWAIT); 824 if ((n->m_flags & M_EXT) == 0) { 825 goto bad; 826 } 827 } 828 n->m_pkthdr.len = n->m_len = replylen; 829 830 /* copy mbuf header and IPv6 + Node Information base headers */ 831 bcopy(mtod(m, caddr_t), mtod(n, caddr_t), sizeof(struct ip6_hdr)); 832 nni6 = (struct icmp6_nodeinfo *)(mtod(n, struct ip6_hdr *) + 1); 833 bcopy(mtod(m, caddr_t) + off, (caddr_t)nni6, sizeof(struct icmp6_nodeinfo)); 834 835 /* qtype dependent procedure */ 836 switch (qtype) { 837 case NI_QTYPE_NOOP: 838 nni6->ni_flags = 0; 839 break; 840 case NI_QTYPE_SUPTYPES: 841 goto bad; /* xxx: to be implemented */ 842 break; 843 case NI_QTYPE_FQDN: 844 if (hostnamelen > 255) { /* XXX: rare case, but may happen */ 845 printf("ni6_input: " 846 "hostname length(%d) is too large for reply\n", 847 hostnamelen); 848 goto bad; 849 } 850 fqdn = (struct ni_reply_fqdn *)(mtod(n, caddr_t) + 851 sizeof(struct ip6_hdr) + 852 sizeof(struct icmp6_nodeinfo)); 853 nni6->ni_flags = 0; /* XXX: meaningless TTL */ 854 fqdn->ni_fqdn_ttl = 0; /* ditto. */ 855 fqdn->ni_fqdn_namelen = hostnamelen; 856 bcopy(hostname, &fqdn->ni_fqdn_name[0], hostnamelen); 857 break; 858 case NI_QTYPE_NODEADDR: 859 { 860 int lenlim, copied; 861 862 if (n->m_flags & M_EXT) 863 lenlim = MCLBYTES - sizeof(struct ip6_hdr) - 864 sizeof(struct icmp6_nodeinfo); 865 else 866 lenlim = MHLEN - sizeof(struct ip6_hdr) - 867 sizeof(struct icmp6_nodeinfo); 868 copied = ni6_store_addrs(ni6, nni6, ifp, lenlim); 869 /* XXX: reset mbuf length */ 870 n->m_pkthdr.len = n->m_len = sizeof(struct ip6_hdr) + 871 sizeof(struct icmp6_nodeinfo) + copied; 872 break; 873 } 874 default: 875 break; /* XXX impossible! */ 876 } 877 878 nni6->ni_type = ICMP6_NI_REPLY; 879 nni6->ni_code = ICMP6_NI_SUCESS; 880 return(n); 881 882 bad: 883 if (n) 884 m_freem(n); 885 return(NULL); 886 } 887 #undef hostnamelen 888 889 /* 890 * calculate the number of addresses to be returned in the node info reply. 891 */ 892 static int 893 ni6_addrs(ni6, m, ifpp) 894 struct icmp6_nodeinfo *ni6; 895 struct mbuf *m; 896 struct ifnet **ifpp; 897 { 898 register struct ifnet *ifp; 899 register struct in6_ifaddr *ifa6; 900 register struct ifaddr *ifa; 901 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 902 int addrs = 0, addrsofif, iffound = 0; 903 904 for (ifp = TAILQ_FIRST(&ifnet); ifp; ifp = TAILQ_NEXT(ifp, if_list)) 905 { 906 addrsofif = 0; 907 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 908 { 909 if (ifa->ifa_addr->sa_family != AF_INET6) 910 continue; 911 ifa6 = (struct in6_ifaddr *)ifa; 912 913 if (!(ni6->ni_flags & NI_NODEADDR_FLAG_ALL) && 914 IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, 915 &ifa6->ia_addr.sin6_addr)) 916 iffound = 1; 917 918 if (ifa6->ia6_flags & IN6_IFF_ANYCAST) 919 continue; /* we need only unicast addresses */ 920 921 if ((ni6->ni_flags & (NI_NODEADDR_FLAG_LINKLOCAL | 922 NI_NODEADDR_FLAG_SITELOCAL | 923 NI_NODEADDR_FLAG_GLOBAL)) == 0) 924 continue; 925 926 /* What do we have to do about ::1? */ 927 switch(in6_addrscope(&ifa6->ia_addr.sin6_addr)) { 928 case IPV6_ADDR_SCOPE_LINKLOCAL: 929 if (ni6->ni_flags & NI_NODEADDR_FLAG_LINKLOCAL) 930 addrsofif++; 931 break; 932 case IPV6_ADDR_SCOPE_SITELOCAL: 933 if (ni6->ni_flags & NI_NODEADDR_FLAG_SITELOCAL) 934 addrsofif++; 935 break; 936 case IPV6_ADDR_SCOPE_GLOBAL: 937 if (ni6->ni_flags & NI_NODEADDR_FLAG_GLOBAL) 938 addrsofif++; 939 break; 940 default: 941 continue; 942 } 943 } 944 if (iffound) { 945 *ifpp = ifp; 946 return(addrsofif); 947 } 948 949 addrs += addrsofif; 950 } 951 952 return(addrs); 953 } 954 955 static int 956 ni6_store_addrs(ni6, nni6, ifp0, resid) 957 struct icmp6_nodeinfo *ni6, *nni6; 958 struct ifnet *ifp0; 959 int resid; 960 { 961 register struct ifnet *ifp = ifp0 ? ifp0 : TAILQ_FIRST(&ifnet); 962 register struct in6_ifaddr *ifa6; 963 register struct ifaddr *ifa; 964 int docopy, copied = 0; 965 u_char *cp = (u_char *)(nni6 + 1); 966 967 if (ifp0 == NULL && !(ni6->ni_flags & NI_NODEADDR_FLAG_ALL)) 968 return(0); /* needless to copy */ 969 970 for (; ifp; ifp = TAILQ_NEXT(ifp, if_list)) 971 { 972 TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) 973 { 974 docopy = 0; 975 976 if (ifa->ifa_addr->sa_family != AF_INET6) 977 continue; 978 ifa6 = (struct in6_ifaddr *)ifa; 979 980 if (ifa6->ia6_flags & IN6_IFF_ANYCAST) { 981 /* just experimental. not in the spec. */ 982 if (ni6->ni_flags & NI_NODEADDR_FLAG_ANYCAST) 983 docopy = 1; 984 else 985 continue; 986 } else { /* unicast address */ 987 if (ni6->ni_flags & NI_NODEADDR_FLAG_ANYCAST) 988 continue; 989 else 990 docopy = 1; 991 } 992 993 /* What do we have to do about ::1? */ 994 switch(in6_addrscope(&ifa6->ia_addr.sin6_addr)) { 995 case IPV6_ADDR_SCOPE_LINKLOCAL: 996 if (ni6->ni_flags & NI_NODEADDR_FLAG_LINKLOCAL) 997 docopy = 1; 998 break; 999 case IPV6_ADDR_SCOPE_SITELOCAL: 1000 if (ni6->ni_flags & NI_NODEADDR_FLAG_SITELOCAL) 1001 docopy = 1; 1002 break; 1003 case IPV6_ADDR_SCOPE_GLOBAL: 1004 if (ni6->ni_flags & NI_NODEADDR_FLAG_GLOBAL) 1005 docopy = 1; 1006 break; 1007 default: 1008 continue; 1009 } 1010 1011 if (docopy) { 1012 if (resid < sizeof(struct in6_addr)) { 1013 /* 1014 * We give up much more copy. 1015 * Set the truncate flag and return. 1016 */ 1017 nni6->ni_flags |= 1018 NI_NODEADDR_FLAG_TRUNCATE; 1019 return(copied); 1020 } 1021 bcopy(&ifa6->ia_addr.sin6_addr, cp, 1022 sizeof(struct in6_addr)); 1023 /* XXX: KAME link-local hack; remove ifindex */ 1024 if (IN6_IS_ADDR_LINKLOCAL(&ifa6->ia_addr.sin6_addr)) 1025 ((struct in6_addr *)cp)->s6_addr16[1] = 0; 1026 cp += sizeof(struct in6_addr); 1027 resid -= sizeof(struct in6_addr); 1028 copied += sizeof(struct in6_addr); 1029 } 1030 } 1031 if (ifp0) /* we need search only on the specified IF */ 1032 break; 1033 } 1034 1035 return(copied); 1036 } 1037 1038 /* 1039 * XXX almost dup'ed code with rip6_input. 1040 */ 1041 static int 1042 icmp6_rip6_input(mp, off) 1043 struct mbuf **mp; 1044 int off; 1045 { 1046 struct mbuf *m = *mp; 1047 register struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 1048 register struct in6pcb *in6p; 1049 struct in6pcb *last = NULL; 1050 struct sockaddr_in6 rip6src; 1051 struct icmp6_hdr *icmp6; 1052 struct mbuf *opts = NULL; 1053 1054 /* this is assumed to be safe. */ 1055 icmp6 = (struct icmp6_hdr *)((caddr_t)ip6 + off); 1056 1057 bzero(&rip6src, sizeof(rip6src)); 1058 rip6src.sin6_len = sizeof(struct sockaddr_in6); 1059 rip6src.sin6_family = AF_INET6; 1060 rip6src.sin6_addr = ip6->ip6_src; 1061 if (IN6_IS_SCOPE_LINKLOCAL(&rip6src.sin6_addr)) 1062 rip6src.sin6_addr.s6_addr16[1] = 0; 1063 if (m->m_pkthdr.rcvif) { 1064 if (IN6_IS_SCOPE_LINKLOCAL(&rip6src.sin6_addr)) 1065 rip6src.sin6_scope_id = m->m_pkthdr.rcvif->if_index; 1066 else 1067 rip6src.sin6_scope_id = 0; 1068 } else 1069 rip6src.sin6_scope_id = 0; 1070 1071 LIST_FOREACH(in6p, &ripcb, inp_list) 1072 { 1073 if ((in6p->inp_vflag & INP_IPV6) == 0) 1074 continue; 1075 if (in6p->in6p_ip6_nxt != IPPROTO_ICMPV6) 1076 continue; 1077 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) && 1078 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, &ip6->ip6_dst)) 1079 continue; 1080 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr) && 1081 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, &ip6->ip6_src)) 1082 continue; 1083 if (in6p->in6p_icmp6filt 1084 && ICMP6_FILTER_WILLBLOCK(icmp6->icmp6_type, 1085 in6p->in6p_icmp6filt)) 1086 continue; 1087 if (last) { 1088 struct mbuf *n; 1089 if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { 1090 if (last->in6p_flags & IN6P_CONTROLOPTS) 1091 ip6_savecontrol(last, &opts, ip6, n); 1092 /* strip intermediate headers */ 1093 m_adj(n, off); 1094 if (sbappendaddr(&last->in6p_socket->so_rcv, 1095 (struct sockaddr *)&rip6src, 1096 n, opts) == 0) { 1097 /* should notify about lost packet */ 1098 m_freem(n); 1099 if (opts) 1100 m_freem(opts); 1101 } else 1102 sorwakeup(last->in6p_socket); 1103 opts = NULL; 1104 } 1105 } 1106 last = in6p; 1107 } 1108 if (last) { 1109 if (last->in6p_flags & IN6P_CONTROLOPTS) 1110 ip6_savecontrol(last, &opts, ip6, m); 1111 /* strip intermediate headers */ 1112 m_adj(m, off); 1113 if (sbappendaddr(&last->in6p_socket->so_rcv, 1114 (struct sockaddr *)&rip6src, m, opts) == 0) { 1115 m_freem(m); 1116 if (opts) 1117 m_freem(opts); 1118 } else 1119 sorwakeup(last->in6p_socket); 1120 } else { 1121 m_freem(m); 1122 ip6stat.ip6s_delivered--; 1123 } 1124 return IPPROTO_DONE; 1125 } 1126 1127 /* 1128 * Reflect the ip6 packet back to the source. 1129 * The caller MUST check if the destination is multicast or not. 1130 * This function is usually called with a unicast destination which 1131 * can be safely the source of the reply packet. But some exceptions 1132 * exist(e.g. ECHOREPLY, PATCKET_TOOBIG, "10" in OPTION type). 1133 * ``off'' points to the icmp6 header, counted from the top of the mbuf. 1134 */ 1135 void 1136 icmp6_reflect(m, off) 1137 struct mbuf *m; 1138 size_t off; 1139 { 1140 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 1141 struct icmp6_hdr *icmp6; 1142 struct in6_ifaddr *ia; 1143 struct in6_addr t, *src = 0; 1144 int plen = m->m_pkthdr.len - sizeof(struct ip6_hdr); 1145 int type, code; 1146 struct ifnet *outif = NULL; 1147 #ifdef COMPAT_RFC1885 1148 int mtu = IPV6_MMTU; 1149 struct sockaddr_in6 *sin6 = &icmp6_reflect_rt.ro_dst; 1150 #endif 1151 1152 /* 1153 * If there are extra headers between IPv6 and ICMPv6, strip 1154 * off that header first. 1155 */ 1156 if (off != sizeof(struct ip6_hdr)) { 1157 size_t siz; 1158 1159 /* sanity checks */ 1160 if (off < sizeof(struct ip6_hdr)) { 1161 printf("sanity fail: off=%x, sizeof(ip6)=%x in %s:%d\n", 1162 (unsigned int)off, 1163 (unsigned int)sizeof(struct ip6_hdr), 1164 __FILE__, __LINE__); 1165 goto bad; 1166 } 1167 siz = off - sizeof(struct ip6_hdr); 1168 if (plen < siz) { 1169 printf("sanity fail: siz=%x, payloadlen=%x in %s:%d\n", 1170 (unsigned int)siz, plen, __FILE__, __LINE__); 1171 goto bad; 1172 } 1173 IP6_EXTHDR_CHECK(m, 0, off, /*nothing*/); 1174 IP6_EXTHDR_CHECK(m, off, sizeof(struct icmp6_hdr), /*nothing*/); 1175 1176 ovbcopy((caddr_t)ip6, 1177 (caddr_t)(mtod(m, u_char *) + siz), 1178 sizeof(struct ip6_hdr)); 1179 m->m_data += siz; 1180 m->m_len -= siz; 1181 m->m_pkthdr.len -= siz; 1182 ip6 = mtod(m, struct ip6_hdr *); 1183 ip6->ip6_nxt = IPPROTO_ICMPV6; 1184 plen -= siz; 1185 } 1186 1187 icmp6 = (struct icmp6_hdr *)(ip6 + 1); 1188 type = icmp6->icmp6_type; /* keep type for statistics */ 1189 code = icmp6->icmp6_code; /* ditto. */ 1190 1191 t = ip6->ip6_dst; 1192 /* 1193 * ip6_input() drops a packet if its src is multicast. 1194 * So, the src is never multicast. 1195 */ 1196 ip6->ip6_dst = ip6->ip6_src; 1197 1198 /* XXX hack for link-local addresses */ 1199 if (IN6_IS_ADDR_LINKLOCAL(&ip6->ip6_dst)) 1200 ip6->ip6_dst.s6_addr16[1] = 1201 htons(m->m_pkthdr.rcvif->if_index); 1202 if (IN6_IS_ADDR_LINKLOCAL(&t)) 1203 t.s6_addr16[1] = htons(m->m_pkthdr.rcvif->if_index); 1204 1205 #ifdef COMPAT_RFC1885 1206 /* 1207 * xxx guess MTU 1208 * RFC 1885 requires that echo reply should be truncated if it 1209 * does not fit in with (return) path MTU, but the description was 1210 * removed in the new spec. 1211 */ 1212 if (icmp6_reflect_rt.ro_rt == 0 || 1213 ! (IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &ip6->ip6_dst))) { 1214 if (icmp6_reflect_rt.ro_rt) { 1215 RTFREE(icmp6_reflect_rt.ro_rt); 1216 icmp6_reflect_rt.ro_rt = 0; 1217 } 1218 bzero(sin6, sizeof(*sin6)); 1219 sin6->sin6_family = PF_INET6; 1220 sin6->sin6_len = sizeof(struct sockaddr_in6); 1221 sin6->sin6_addr = ip6->ip6_dst; 1222 1223 rtalloc_ign((struct route *)&icmp6_reflect_rt.ro_rt, 1224 RTF_PRCLONING); 1225 } 1226 1227 if (icmp6_reflect_rt.ro_rt == 0) 1228 goto bad; 1229 1230 if ((icmp6_reflect_rt.ro_rt->rt_flags & RTF_HOST) 1231 && mtu < icmp6_reflect_rt.ro_rt->rt_ifp->if_mtu) 1232 mtu = icmp6_reflect_rt.ro_rt->rt_rmx.rmx_mtu; 1233 1234 if (mtu < m->m_pkthdr.len) { 1235 plen -= (m->m_pkthdr.len - mtu); 1236 m_adj(m, mtu - m->m_pkthdr.len); 1237 } 1238 #endif 1239 /* 1240 * If the incoming packet was addressed directly to us(i.e. unicast), 1241 * use dst as the src for the reply. 1242 */ 1243 for (ia = in6_ifaddr; ia; ia = ia->ia_next) 1244 if (IN6_ARE_ADDR_EQUAL(&t, &ia->ia_addr.sin6_addr) && 1245 (ia->ia6_flags & IN6_IFF_ANYCAST) == 0) { 1246 src = &t; 1247 break; 1248 } 1249 if (ia == NULL && IN6_IS_ADDR_LINKLOCAL(&t) && (m->m_flags & M_LOOP)) { 1250 /* 1251 * This is the case if the dst is our link-local address 1252 * and the sender is also ourseleves. 1253 */ 1254 src = &t; 1255 } 1256 1257 if (src == 0) 1258 /* 1259 * We have not multicast routing yet. So this case matches 1260 * to our multicast, our anycast or not to our unicast. 1261 * Select a source address which has the same scope. 1262 */ 1263 if ((ia = in6_ifawithscope(m->m_pkthdr.rcvif, &t)) != 0) 1264 src = &IA6_SIN6(ia)->sin6_addr; 1265 1266 if (src == 0) 1267 goto bad; 1268 1269 ip6->ip6_src = *src; 1270 1271 ip6->ip6_flow = 0; 1272 ip6->ip6_vfc = IPV6_VERSION; 1273 ip6->ip6_nxt = IPPROTO_ICMPV6; 1274 if (m->m_pkthdr.rcvif) { 1275 /* XXX: This may not be the outgoing interface */ 1276 ip6->ip6_hlim = nd_ifinfo[m->m_pkthdr.rcvif->if_index].chlim; 1277 } 1278 1279 icmp6->icmp6_cksum = 0; 1280 icmp6->icmp6_cksum = in6_cksum(m, IPPROTO_ICMPV6, 1281 sizeof(struct ip6_hdr), plen); 1282 1283 /* 1284 * xxx option handling 1285 */ 1286 1287 m->m_flags &= ~(M_BCAST|M_MCAST); 1288 1289 #ifdef COMPAT_RFC1885 1290 ip6_output(m, NULL, &icmp6_reflect_rt, 0, NULL, &outif); 1291 #else 1292 ip6_output(m, NULL, NULL, 0, NULL, &outif); 1293 #endif 1294 if (outif) 1295 icmp6_ifoutstat_inc(outif, type, code); 1296 1297 return; 1298 1299 bad: 1300 m_freem(m); 1301 return; 1302 } 1303 1304 void 1305 icmp6_fasttimo() 1306 { 1307 mld6_fasttimeo(); 1308 } 1309 1310 static const char * 1311 icmp6_redirect_diag(src6, dst6, tgt6) 1312 struct in6_addr *src6; 1313 struct in6_addr *dst6; 1314 struct in6_addr *tgt6; 1315 { 1316 static char buf[1024]; 1317 snprintf(buf, sizeof(buf), "(src=%s dst=%s tgt=%s)", 1318 ip6_sprintf(src6), ip6_sprintf(dst6), ip6_sprintf(tgt6)); 1319 return buf; 1320 } 1321 1322 void 1323 icmp6_redirect_input(m, off) 1324 register struct mbuf *m; 1325 int off; 1326 { 1327 struct ifnet *ifp = m->m_pkthdr.rcvif; 1328 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 1329 struct nd_redirect *nd_rd = (struct nd_redirect *)((caddr_t)ip6 + off); 1330 int icmp6len = ntohs(ip6->ip6_plen); 1331 char *lladdr = NULL; 1332 int lladdrlen = 0; 1333 u_char *redirhdr = NULL; 1334 int redirhdrlen = 0; 1335 struct rtentry *rt = NULL; 1336 int is_router; 1337 int is_onlink; 1338 struct in6_addr src6 = ip6->ip6_src; 1339 struct in6_addr redtgt6 = nd_rd->nd_rd_target; 1340 struct in6_addr reddst6 = nd_rd->nd_rd_dst; 1341 union nd_opts ndopts; 1342 1343 if (!m || !ifp) 1344 return; 1345 1346 /* XXX if we are router, we don't update route by icmp6 redirect */ 1347 if (ip6_forwarding) 1348 return; 1349 if (!icmp6_rediraccept) 1350 return; 1351 1352 if (IN6_IS_ADDR_LINKLOCAL(&redtgt6)) 1353 redtgt6.s6_addr16[1] = htons(ifp->if_index); 1354 if (IN6_IS_ADDR_LINKLOCAL(&reddst6)) 1355 reddst6.s6_addr16[1] = htons(ifp->if_index); 1356 1357 /* validation */ 1358 if (!IN6_IS_ADDR_LINKLOCAL(&src6)) { 1359 log(LOG_ERR, 1360 "ICMP6 redirect sent from %s rejected; " 1361 "must be from linklocal\n", ip6_sprintf(&src6)); 1362 return; 1363 } 1364 if (ip6->ip6_hlim != 255) { 1365 log(LOG_ERR, 1366 "ICMP6 redirect sent from %s rejected; " 1367 "hlim=%d (must be 255)\n", 1368 ip6_sprintf(&src6), ip6->ip6_hlim); 1369 return; 1370 } 1371 { 1372 /* ip6->ip6_src must be equal to gw for icmp6->icmp6_reddst */ 1373 struct sockaddr_in6 sin6; 1374 struct in6_addr *gw6; 1375 1376 bzero(&sin6, sizeof(sin6)); 1377 sin6.sin6_family = AF_INET6; 1378 sin6.sin6_len = sizeof(struct sockaddr_in6); 1379 bcopy(&reddst6, &sin6.sin6_addr, sizeof(reddst6)); 1380 rt = rtalloc1((struct sockaddr *)&sin6, 0, 0UL); 1381 if (rt) { 1382 gw6 = &(((struct sockaddr_in6 *)rt->rt_gateway)->sin6_addr); 1383 if (bcmp(&src6, gw6, sizeof(struct in6_addr)) != 0) { 1384 log(LOG_ERR, 1385 "ICMP6 redirect rejected; " 1386 "not equal to gw-for-src=%s (must be same): " 1387 "%s\n", 1388 ip6_sprintf(gw6), 1389 icmp6_redirect_diag(&src6, &reddst6, &redtgt6)); 1390 RTFREE(rt); 1391 return; 1392 } 1393 } else { 1394 log(LOG_ERR, 1395 "ICMP6 redirect rejected; " 1396 "no route found for redirect dst: %s\n", 1397 icmp6_redirect_diag(&src6, &reddst6, &redtgt6)); 1398 return; 1399 } 1400 RTFREE(rt); 1401 rt = NULL; 1402 } 1403 if (IN6_IS_ADDR_MULTICAST(&reddst6)) { 1404 log(LOG_ERR, 1405 "ICMP6 redirect rejected; " 1406 "redirect dst must be unicast: %s\n", 1407 icmp6_redirect_diag(&src6, &reddst6, &redtgt6)); 1408 return; 1409 } 1410 1411 is_router = is_onlink = 0; 1412 if (IN6_IS_ADDR_LINKLOCAL(&redtgt6)) 1413 is_router = 1; /* router case */ 1414 if (bcmp(&redtgt6, &reddst6, sizeof(redtgt6)) == 0) 1415 is_onlink = 1; /* on-link destination case */ 1416 if (!is_router && !is_onlink) { 1417 log(LOG_ERR, 1418 "ICMP6 redirect rejected; " 1419 "neither router case nor onlink case: %s\n", 1420 icmp6_redirect_diag(&src6, &reddst6, &redtgt6)); 1421 return; 1422 } 1423 /* validation passed */ 1424 1425 icmp6len -= sizeof(*nd_rd); 1426 nd6_option_init(nd_rd + 1, icmp6len, &ndopts); 1427 if (nd6_options(&ndopts) < 0) { 1428 log(LOG_INFO, "icmp6_redirect_input: " 1429 "invalid ND option, rejected: %s\n", 1430 icmp6_redirect_diag(&src6, &reddst6, &redtgt6)); 1431 return; 1432 } 1433 1434 if (ndopts.nd_opts_tgt_lladdr) { 1435 lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1); 1436 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3; 1437 } 1438 1439 if (ndopts.nd_opts_rh) { 1440 redirhdrlen = ndopts.nd_opts_rh->nd_opt_rh_len; 1441 redirhdr = (u_char *)(ndopts.nd_opts_rh + 1); /* xxx */ 1442 } 1443 1444 if (lladdr && ((ifp->if_addrlen + 2 + 7) & ~7) != lladdrlen) { 1445 log(LOG_INFO, 1446 "icmp6_redirect_input: lladdrlen mismatch for %s " 1447 "(if %d, icmp6 packet %d): %s\n", 1448 ip6_sprintf(&redtgt6), ifp->if_addrlen, lladdrlen - 2, 1449 icmp6_redirect_diag(&src6, &reddst6, &redtgt6)); 1450 } 1451 1452 /* RFC 2461 8.3 */ 1453 nd6_cache_lladdr(ifp, &redtgt6, lladdr, lladdrlen, ND_REDIRECT, 1454 is_onlink ? ND_REDIRECT_ONLINK : ND_REDIRECT_ROUTER); 1455 1456 if (!is_onlink) { /* better router case. perform rtredirect. */ 1457 /* perform rtredirect */ 1458 struct sockaddr_in6 sdst; 1459 struct sockaddr_in6 sgw; 1460 struct sockaddr_in6 ssrc; 1461 1462 bzero(&sdst, sizeof(sdst)); 1463 bzero(&sgw, sizeof(sgw)); 1464 bzero(&ssrc, sizeof(ssrc)); 1465 sdst.sin6_family = sgw.sin6_family = ssrc.sin6_family = AF_INET6; 1466 sdst.sin6_len = sgw.sin6_len = ssrc.sin6_len = 1467 sizeof(struct sockaddr_in6); 1468 bcopy(&redtgt6, &sgw.sin6_addr, sizeof(struct in6_addr)); 1469 bcopy(&reddst6, &sdst.sin6_addr, sizeof(struct in6_addr)); 1470 bcopy(&src6, &ssrc.sin6_addr, sizeof(struct in6_addr)); 1471 rtredirect((struct sockaddr *)&sdst, (struct sockaddr *)&sgw, 1472 (struct sockaddr *)NULL, RTF_GATEWAY | RTF_HOST, 1473 (struct sockaddr *)&ssrc, 1474 (struct rtentry **)NULL); 1475 } 1476 /* finally update cached route in each socket via pfctlinput */ 1477 { 1478 struct sockaddr_in6 sdst; 1479 1480 bzero(&sdst, sizeof(sdst)); 1481 sdst.sin6_family = AF_INET6; 1482 sdst.sin6_len = sizeof(struct sockaddr_in6); 1483 bcopy(&reddst6, &sdst.sin6_addr, sizeof(struct in6_addr)); 1484 pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&sdst); 1485 #ifdef IPSEC 1486 key_sa_routechange((struct sockaddr *)&sdst); 1487 #endif 1488 } 1489 } 1490 1491 void 1492 icmp6_redirect_output(m0, rt) 1493 struct mbuf *m0; 1494 struct rtentry *rt; 1495 { 1496 struct ifnet *ifp; /* my outgoing interface */ 1497 struct in6_addr *ifp_ll6; 1498 struct in6_addr *router_ll6; 1499 struct ip6_hdr *sip6; /* m0 as struct ip6_hdr */ 1500 struct mbuf *m = NULL; /* newly allocated one */ 1501 struct ip6_hdr *ip6; /* m as struct ip6_hdr */ 1502 struct nd_redirect *nd_rd; 1503 size_t maxlen; 1504 u_char *p; 1505 struct ifnet *outif = NULL; 1506 1507 /* if we are not router, we don't send icmp6 redirect */ 1508 if (!ip6_forwarding || ip6_accept_rtadv) 1509 goto fail; 1510 1511 /* sanity check */ 1512 if (!m0 || !rt || !(rt->rt_flags & RTF_UP) || !(ifp = rt->rt_ifp)) 1513 goto fail; 1514 1515 /* 1516 * Address check: 1517 * the source address must identify a neighbor, and 1518 * the destination address must not be a multicast address 1519 * [RFC 2461, sec 8.2] 1520 */ 1521 sip6 = mtod(m0, struct ip6_hdr *); 1522 if (nd6_is_addr_neighbor(&sip6->ip6_src, ifp) == 0) 1523 goto fail; 1524 if (IN6_IS_ADDR_MULTICAST(&sip6->ip6_dst)) 1525 goto fail; /* what should we do here? */ 1526 1527 /* rate limit */ 1528 if (icmp6_ratelimit(&sip6->ip6_src, ND_REDIRECT, 0)) 1529 goto fail; 1530 1531 /* 1532 * Since we are going to append up to 1280 bytes (= IPV6_MMTU), 1533 * we almost always ask for an mbuf cluster for simplicity. 1534 * (MHLEN < IPV6_MMTU is almost always true) 1535 */ 1536 MGETHDR(m, M_DONTWAIT, MT_HEADER); 1537 if (!m) 1538 goto fail; 1539 if (MHLEN < IPV6_MMTU) 1540 MCLGET(m, M_DONTWAIT); 1541 maxlen = (m->m_flags & M_EXT) ? MCLBYTES : MHLEN; 1542 maxlen = min(IPV6_MMTU, maxlen); 1543 /* just for safety */ 1544 if (maxlen < sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr)) 1545 goto fail; 1546 1547 { 1548 /* get ip6 linklocal address for ifp(my outgoing interface). */ 1549 struct in6_ifaddr *ia = in6ifa_ifpforlinklocal(ifp); 1550 if (ia == NULL) 1551 goto fail; 1552 ifp_ll6 = &ia->ia_addr.sin6_addr; 1553 } 1554 1555 /* get ip6 linklocal address for the router. */ 1556 if (rt->rt_gateway && (rt->rt_flags & RTF_GATEWAY)) { 1557 struct sockaddr_in6 *sin6; 1558 sin6 = (struct sockaddr_in6 *)rt->rt_gateway; 1559 router_ll6 = &sin6->sin6_addr; 1560 if (!IN6_IS_ADDR_LINKLOCAL(router_ll6)) 1561 router_ll6 = (struct in6_addr *)NULL; 1562 } else 1563 router_ll6 = (struct in6_addr *)NULL; 1564 1565 /* ip6 */ 1566 ip6 = mtod(m, struct ip6_hdr *); 1567 ip6->ip6_flow = 0; 1568 ip6->ip6_vfc = IPV6_VERSION; 1569 /* ip6->ip6_plen will be set later */ 1570 ip6->ip6_nxt = IPPROTO_ICMPV6; 1571 ip6->ip6_hlim = 255; 1572 /* ip6->ip6_src must be linklocal addr for my outgoing if. */ 1573 bcopy(ifp_ll6, &ip6->ip6_src, sizeof(struct in6_addr)); 1574 bcopy(&sip6->ip6_src, &ip6->ip6_dst, sizeof(struct in6_addr)); 1575 1576 /* ND Redirect */ 1577 nd_rd = (struct nd_redirect *)(ip6 + 1); 1578 nd_rd->nd_rd_type = ND_REDIRECT; 1579 nd_rd->nd_rd_code = 0; 1580 nd_rd->nd_rd_reserved = 0; 1581 if (rt->rt_flags & RTF_GATEWAY) { 1582 /* 1583 * nd_rd->nd_rd_target must be a link-local address in 1584 * better router cases. 1585 */ 1586 if (!router_ll6) 1587 goto fail; 1588 bcopy(router_ll6, &nd_rd->nd_rd_target, 1589 sizeof(nd_rd->nd_rd_target)); 1590 bcopy(&sip6->ip6_dst, &nd_rd->nd_rd_dst, 1591 sizeof(nd_rd->nd_rd_dst)); 1592 } else { 1593 /* make sure redtgt == reddst */ 1594 bcopy(&sip6->ip6_dst, &nd_rd->nd_rd_target, 1595 sizeof(nd_rd->nd_rd_target)); 1596 bcopy(&sip6->ip6_dst, &nd_rd->nd_rd_dst, 1597 sizeof(nd_rd->nd_rd_dst)); 1598 } 1599 1600 p = (u_char *)(nd_rd + 1); 1601 1602 if (!router_ll6) 1603 goto nolladdropt; 1604 1605 { 1606 /* target lladdr option */ 1607 struct rtentry *rt_router = NULL; 1608 int len; 1609 struct sockaddr_dl *sdl; 1610 struct nd_opt_hdr *nd_opt; 1611 char *lladdr; 1612 1613 rt_router = nd6_lookup(router_ll6, 0, ifp); 1614 if (!rt_router) 1615 goto nolladdropt; 1616 if (!(rt_router->rt_flags & RTF_GATEWAY) 1617 && (rt_router->rt_flags & RTF_LLINFO) 1618 && (rt_router->rt_gateway->sa_family == AF_LINK) 1619 && (sdl = (struct sockaddr_dl *)rt_router->rt_gateway)) { 1620 nd_opt = (struct nd_opt_hdr *)p; 1621 nd_opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; 1622 len = 2 + ifp->if_addrlen; 1623 len = (len + 7) & ~7; /*round by 8*/ 1624 nd_opt->nd_opt_len = len >> 3; 1625 p += len; 1626 lladdr = (char *)(nd_opt + 1); 1627 bcopy(LLADDR(sdl), lladdr, ifp->if_addrlen); 1628 } 1629 } 1630 nolladdropt:; 1631 1632 m->m_pkthdr.len = m->m_len = p - (u_char *)ip6; 1633 1634 /* just to be safe */ 1635 if (m0->m_flags & M_DECRYPTED) 1636 goto noredhdropt; 1637 1638 { 1639 /* redirected header option */ 1640 int len; 1641 struct nd_opt_rd_hdr *nd_opt_rh; 1642 1643 /* 1644 * compute the maximum size for icmp6 redirect header option. 1645 * XXX room for auth header? 1646 */ 1647 len = maxlen - (p - (u_char *)ip6); 1648 len &= ~7; 1649 1650 /* This is just for simplicity. */ 1651 if (m0->m_pkthdr.len != m0->m_len) { 1652 if (m0->m_next) { 1653 m_freem(m0->m_next); 1654 m0->m_next = NULL; 1655 } 1656 m0->m_pkthdr.len = m0->m_len; 1657 } 1658 1659 /* 1660 * Redirected header option spec (RFC2461 4.6.3) talks nothing 1661 * about padding/truncate rule for the original IP packet. 1662 * From the discussion on IPv6imp in Feb 1999, the consensus was: 1663 * - "attach as much as possible" is the goal 1664 * - pad if not aligned (original size can be guessed by original 1665 * ip6 header) 1666 * Following code adds the padding if it is simple enough, 1667 * and truncates if not. 1668 */ 1669 if (m0->m_next || m0->m_pkthdr.len != m0->m_len) 1670 panic("assumption failed in %s:%d\n", __FILE__, __LINE__); 1671 1672 if (len - sizeof(*nd_opt_rh) < m0->m_pkthdr.len) { 1673 /* not enough room, truncate */ 1674 m0->m_pkthdr.len = m0->m_len = len - sizeof(*nd_opt_rh); 1675 } else { 1676 /* enough room, pad or truncate */ 1677 size_t extra; 1678 1679 extra = m0->m_pkthdr.len % 8; 1680 if (extra) { 1681 /* pad if easy enough, truncate if not */ 1682 if (8 - extra <= M_TRAILINGSPACE(m0)) { 1683 /* pad */ 1684 m0->m_len += (8 - extra); 1685 m0->m_pkthdr.len += (8 - extra); 1686 } else { 1687 /* truncate */ 1688 m0->m_pkthdr.len -= extra; 1689 m0->m_len -= extra; 1690 } 1691 } 1692 len = m0->m_pkthdr.len + sizeof(*nd_opt_rh); 1693 m0->m_pkthdr.len = m0->m_len = len - sizeof(*nd_opt_rh); 1694 } 1695 1696 nd_opt_rh = (struct nd_opt_rd_hdr *)p; 1697 bzero(nd_opt_rh, sizeof(*nd_opt_rh)); 1698 nd_opt_rh->nd_opt_rh_type = ND_OPT_REDIRECTED_HEADER; 1699 nd_opt_rh->nd_opt_rh_len = len >> 3; 1700 p += sizeof(*nd_opt_rh); 1701 m->m_pkthdr.len = m->m_len = p - (u_char *)ip6; 1702 1703 /* connect m0 to m */ 1704 m->m_next = m0; 1705 m->m_pkthdr.len = m->m_len + m0->m_len; 1706 } 1707 noredhdropt:; 1708 1709 if (IN6_IS_ADDR_LINKLOCAL(&sip6->ip6_src)) 1710 sip6->ip6_src.s6_addr16[1] = 0; 1711 if (IN6_IS_ADDR_LINKLOCAL(&sip6->ip6_dst)) 1712 sip6->ip6_dst.s6_addr16[1] = 0; 1713 if (IN6_IS_ADDR_LINKLOCAL(&nd_rd->nd_rd_target)) 1714 nd_rd->nd_rd_target.s6_addr16[1] = 0; 1715 if (IN6_IS_ADDR_LINKLOCAL(&nd_rd->nd_rd_dst)) 1716 nd_rd->nd_rd_dst.s6_addr16[1] = 0; 1717 1718 ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(struct ip6_hdr)); 1719 1720 nd_rd->nd_rd_cksum = 0; 1721 nd_rd->nd_rd_cksum 1722 = in6_cksum(m, IPPROTO_ICMPV6, sizeof(*ip6), ntohs(ip6->ip6_plen)); 1723 1724 /* send the packet to outside... */ 1725 ip6_output(m, NULL, NULL, 0, NULL, &outif); 1726 if (outif) { 1727 icmp6_ifstat_inc(outif, ifs6_out_msg); 1728 icmp6_ifstat_inc(outif, ifs6_out_redirect); 1729 } 1730 icmp6stat.icp6s_outhist[ND_REDIRECT]++; 1731 1732 return; 1733 1734 fail: 1735 if (m) 1736 m_freem(m); 1737 if (m0) 1738 m_freem(m0); 1739 } 1740 1741 /* 1742 * ICMPv6 socket option processing. 1743 */ 1744 int 1745 icmp6_ctloutput(so, sopt) 1746 struct socket *so; 1747 struct sockopt *sopt; 1748 { 1749 int error = 0; 1750 int optlen; 1751 register struct inpcb *inp = sotoinpcb(so); 1752 int level, op, optname; 1753 1754 if (sopt) { 1755 level = sopt->sopt_level; 1756 op = sopt->sopt_dir; 1757 optname = sopt->sopt_name; 1758 optlen = sopt->sopt_valsize; 1759 } else 1760 level = op = optname = optlen = 0; 1761 if (level != IPPROTO_ICMPV6) { 1762 return EINVAL; 1763 } 1764 1765 switch(op) { 1766 case PRCO_SETOPT: 1767 switch (optname) { 1768 case ICMP6_FILTER: 1769 { 1770 struct icmp6_filter *p; 1771 1772 if (optlen != sizeof(*p)) { 1773 error = EMSGSIZE; 1774 break; 1775 } 1776 if (inp->in6p_icmp6filt == NULL) { 1777 error = EINVAL; 1778 break; 1779 } 1780 error = sooptcopyin(sopt, inp->in6p_icmp6filt, optlen, 1781 optlen); 1782 break; 1783 } 1784 1785 default: 1786 error = ENOPROTOOPT; 1787 break; 1788 } 1789 break; 1790 1791 case PRCO_GETOPT: 1792 switch (optname) { 1793 case ICMP6_FILTER: 1794 { 1795 if (inp->in6p_icmp6filt == NULL) { 1796 error = EINVAL; 1797 break; 1798 } 1799 error = sooptcopyout(sopt, inp->in6p_icmp6filt, 1800 sizeof(struct icmp6_filter)); 1801 break; 1802 } 1803 1804 default: 1805 error = ENOPROTOOPT; 1806 break; 1807 } 1808 break; 1809 } 1810 1811 return(error); 1812 } 1813 1814 /* 1815 * Perform rate limit check. 1816 * Returns 0 if it is okay to send the icmp6 packet. 1817 * Returns 1 if the router SHOULD NOT send this icmp6 packet due to rate 1818 * limitation. 1819 * 1820 * XXX per-destination/type check necessary? 1821 */ 1822 static int 1823 icmp6_ratelimit(dst, type, code) 1824 const struct in6_addr *dst; /* not used at this moment */ 1825 const int type; /* not used at this moment */ 1826 const int code; /* not used at this moment */ 1827 { 1828 struct timeval tp; 1829 long sec_diff, usec_diff; 1830 1831 /* If we are not doing rate limitation, it is always okay to send */ 1832 if (!icmp6errratelim) 1833 return 0; 1834 1835 microtime(&tp); 1836 tp.tv_sec = time_second; 1837 if (tp.tv_sec < icmp6_nextsend.tv_sec 1838 || (tp.tv_sec == icmp6_nextsend.tv_sec 1839 && tp.tv_usec < icmp6_nextsend.tv_usec)) { 1840 /* The packet is subject to rate limit */ 1841 return 1; 1842 } 1843 sec_diff = icmp6errratelim / 1000000; 1844 usec_diff = icmp6errratelim % 1000000; 1845 icmp6_nextsend.tv_sec = tp.tv_sec + sec_diff; 1846 if ((tp.tv_usec = tp.tv_usec + usec_diff) >= 1000000) { 1847 icmp6_nextsend.tv_sec++; 1848 icmp6_nextsend.tv_usec -= 1000000; 1849 } 1850 1851 /* it is okay to send this */ 1852 return 0; 1853 } 1854