1 /* $FreeBSD$ */ 2 /* $KAME: in6_proto.c,v 1.91 2001/05/27 13:28:35 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. All advertising materials mentioning features or use of this software 46 * must display the following acknowledgement: 47 * This product includes software developed by the University of 48 * California, Berkeley and its contributors. 49 * 4. Neither the name of the University nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 63 * SUCH DAMAGE. 64 * 65 * @(#)in_proto.c 8.1 (Berkeley) 6/10/93 66 */ 67 68 #include "opt_inet.h" 69 #include "opt_inet6.h" 70 #include "opt_ipsec.h" 71 72 #include <sys/param.h> 73 #include <sys/socket.h> 74 #include <sys/socketvar.h> 75 #include <sys/protosw.h> 76 #include <sys/kernel.h> 77 #include <sys/domain.h> 78 #include <sys/mbuf.h> 79 #include <sys/systm.h> 80 #include <sys/sysctl.h> 81 82 #include <net/if.h> 83 #include <net/radix.h> 84 #include <net/route.h> 85 86 #include <netinet/in.h> 87 #include <netinet/in_systm.h> 88 #include <netinet/in_var.h> 89 #include <netinet/ip_encap.h> 90 #include <netinet/ip.h> 91 #include <netinet/ip_var.h> 92 #include <netinet/ip6.h> 93 #include <netinet6/ip6_var.h> 94 #include <netinet/icmp6.h> 95 96 #include <netinet/tcp.h> 97 #include <netinet/tcp_timer.h> 98 #include <netinet/tcp_var.h> 99 #include <netinet/udp.h> 100 #include <netinet/udp_var.h> 101 #include <netinet6/tcp6_var.h> 102 #include <netinet6/raw_ip6.h> 103 #include <netinet6/udp6_var.h> 104 #include <netinet6/pim6_var.h> 105 #include <netinet6/nd6.h> 106 #include <netinet6/in6_prefix.h> 107 108 #ifdef IPSEC 109 #include <netinet6/ipsec.h> 110 #ifdef INET6 111 #include <netinet6/ipsec6.h> 112 #endif 113 #include <netinet6/ah.h> 114 #ifdef INET6 115 #include <netinet6/ah6.h> 116 #endif 117 #ifdef IPSEC_ESP 118 #include <netinet6/esp.h> 119 #ifdef INET6 120 #include <netinet6/esp6.h> 121 #endif 122 #endif 123 #include <netinet6/ipcomp.h> 124 #ifdef INET6 125 #include <netinet6/ipcomp6.h> 126 #endif 127 #endif /* IPSEC */ 128 129 #ifdef FAST_IPSEC 130 #include <netipsec/ipsec6.h> 131 #define IPSEC 132 #define IPSEC_ESP 133 #define ah6_input ipsec6_common_input 134 #define esp6_input ipsec6_common_input 135 #define ipcomp6_input ipsec6_common_input 136 #endif /* FAST_IPSEC */ 137 138 #include <netinet6/ip6protosw.h> 139 140 #include <net/net_osdep.h> 141 142 /* 143 * TCP/IP protocol family: IP6, ICMP6, UDP, TCP. 144 */ 145 146 extern struct domain inet6domain; 147 static struct pr_usrreqs nousrreqs; 148 149 #define PR_LISTEN 0 150 #define PR_ABRTACPTDIS 0 151 152 struct ip6protosw inet6sw[] = { 153 { 0, &inet6domain, IPPROTO_IPV6, 0, 154 0, 0, 0, 0, 155 0, 156 ip6_init, 0, frag6_slowtimo, frag6_drain, 157 &nousrreqs, 158 }, 159 { SOCK_DGRAM, &inet6domain, IPPROTO_UDP, PR_ATOMIC|PR_ADDR, 160 udp6_input, 0, udp6_ctlinput, ip6_ctloutput, 161 0, 162 0, 0, 0, 0, 163 &udp6_usrreqs, 164 }, 165 { SOCK_STREAM, &inet6domain, IPPROTO_TCP, PR_CONNREQUIRED|PR_WANTRCVD|PR_LISTEN, 166 tcp6_input, 0, tcp6_ctlinput, tcp_ctloutput, 167 0, 168 #ifdef INET /* don't call initialization and timeout routines twice */ 169 0, 0, 0, tcp_drain, 170 #else 171 tcp_init, tcp_fasttimo, tcp_slowtimo, tcp_drain, 172 #endif 173 &tcp6_usrreqs, 174 }, 175 { SOCK_RAW, &inet6domain, IPPROTO_RAW, PR_ATOMIC|PR_ADDR, 176 rip6_input, rip6_output, rip6_ctlinput, rip6_ctloutput, 177 0, 178 0, 0, 0, 0, 179 &rip6_usrreqs 180 }, 181 { SOCK_RAW, &inet6domain, IPPROTO_ICMPV6, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 182 icmp6_input, rip6_output, rip6_ctlinput, rip6_ctloutput, 183 0, 184 icmp6_init, icmp6_fasttimo, 0, 0, 185 &rip6_usrreqs 186 }, 187 { SOCK_RAW, &inet6domain, IPPROTO_DSTOPTS,PR_ATOMIC|PR_ADDR, 188 dest6_input, 0, 0, 0, 189 0, 190 0, 0, 0, 0, 191 &nousrreqs 192 }, 193 { SOCK_RAW, &inet6domain, IPPROTO_ROUTING,PR_ATOMIC|PR_ADDR, 194 route6_input, 0, 0, 0, 195 0, 196 0, 0, 0, 0, 197 &nousrreqs 198 }, 199 { SOCK_RAW, &inet6domain, IPPROTO_FRAGMENT,PR_ATOMIC|PR_ADDR, 200 frag6_input, 0, 0, 0, 201 0, 202 0, 0, 0, 0, 203 &nousrreqs 204 }, 205 #ifdef IPSEC 206 { SOCK_RAW, &inet6domain, IPPROTO_AH, PR_ATOMIC|PR_ADDR, 207 ah6_input, 0, 0, 0, 208 0, 209 0, 0, 0, 0, 210 &nousrreqs, 211 }, 212 #ifdef IPSEC_ESP 213 { SOCK_RAW, &inet6domain, IPPROTO_ESP, PR_ATOMIC|PR_ADDR, 214 esp6_input, 0, 215 esp6_ctlinput, 216 0, 217 0, 218 0, 0, 0, 0, 219 &nousrreqs, 220 }, 221 #endif 222 { SOCK_RAW, &inet6domain, IPPROTO_IPCOMP, PR_ATOMIC|PR_ADDR, 223 ipcomp6_input, 0, 0, 0, 224 0, 225 0, 0, 0, 0, 226 &nousrreqs, 227 }, 228 #endif /* IPSEC */ 229 #ifdef INET 230 { SOCK_RAW, &inet6domain, IPPROTO_IPV4, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 231 encap6_input, rip6_output, 0, rip6_ctloutput, 232 0, 233 encap_init, 0, 0, 0, 234 &rip6_usrreqs 235 }, 236 #endif /* INET */ 237 { SOCK_RAW, &inet6domain, IPPROTO_IPV6, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 238 encap6_input, rip6_output, 0, rip6_ctloutput, 239 0, 240 encap_init, 0, 0, 0, 241 &rip6_usrreqs 242 }, 243 { SOCK_RAW, &inet6domain, IPPROTO_PIM, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 244 pim6_input, rip6_output, 0, rip6_ctloutput, 245 0, 246 0, 0, 0, 0, 247 &rip6_usrreqs 248 }, 249 /* raw wildcard */ 250 { SOCK_RAW, &inet6domain, 0, PR_ATOMIC|PR_ADDR, 251 rip6_input, rip6_output, 0, rip6_ctloutput, 252 0, 253 0, 0, 0, 0, 254 &rip6_usrreqs 255 }, 256 }; 257 258 extern int in6_inithead __P((void **, int)); 259 260 struct domain inet6domain = 261 { AF_INET6, "internet6", 0, 0, 0, 262 (struct protosw *)inet6sw, 263 (struct protosw *)&inet6sw[sizeof(inet6sw)/sizeof(inet6sw[0])], 0, 264 in6_inithead, 265 offsetof(struct sockaddr_in6, sin6_addr) << 3, 266 sizeof(struct sockaddr_in6) }; 267 268 DOMAIN_SET(inet6); 269 270 /* 271 * Internet configuration info 272 */ 273 #ifndef IPV6FORWARDING 274 #ifdef GATEWAY6 275 #define IPV6FORWARDING 1 /* forward IP6 packets not for us */ 276 #else 277 #define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */ 278 #endif /* GATEWAY6 */ 279 #endif /* !IPV6FORWARDING */ 280 281 #ifndef IPV6_SENDREDIRECTS 282 #define IPV6_SENDREDIRECTS 1 283 #endif 284 285 int ip6_forwarding = IPV6FORWARDING; /* act as router? */ 286 int ip6_sendredirects = IPV6_SENDREDIRECTS; 287 int ip6_defhlim = IPV6_DEFHLIM; 288 int ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS; 289 int ip6_accept_rtadv = 0; /* "IPV6FORWARDING ? 0 : 1" is dangerous */ 290 int ip6_maxfragpackets; /* initialized in frag6.c:frag6_init() */ 291 int ip6_log_interval = 5; 292 int ip6_hdrnestlimit = 50; /* appropriate? */ 293 int ip6_dad_count = 1; /* DupAddrDetectionTransmits */ 294 u_int32_t ip6_flow_seq; 295 int ip6_auto_flowlabel = 1; 296 int ip6_gif_hlim = 0; 297 int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ 298 int ip6_rr_prune = 5; /* router renumbering prefix 299 * walk list every 5 sec. */ 300 int ip6_v6only = 1; 301 302 u_int32_t ip6_id = 0UL; 303 int ip6_keepfaith = 0; 304 time_t ip6_log_time = (time_t)0L; 305 306 /* icmp6 */ 307 /* 308 * BSDI4 defines these variables in in_proto.c... 309 * XXX: what if we don't define INET? Should we define pmtu6_expire 310 * or so? (jinmei@kame.net 19990310) 311 */ 312 int pmtu_expire = 60*10; 313 int pmtu_probe = 60*2; 314 315 /* raw IP6 parameters */ 316 /* 317 * Nominal space allocated to a raw ip socket. 318 */ 319 #define RIPV6SNDQ 8192 320 #define RIPV6RCVQ 8192 321 322 u_long rip6_sendspace = RIPV6SNDQ; 323 u_long rip6_recvspace = RIPV6RCVQ; 324 325 /* ICMPV6 parameters */ 326 int icmp6_rediraccept = 1; /* accept and process redirects */ 327 int icmp6_redirtimeout = 10 * 60; /* 10 minutes */ 328 int icmp6errppslim = 100; /* 100pps */ 329 int icmp6_nodeinfo = 3; /* enable/disable NI response */ 330 331 /* UDP on IP6 parameters */ 332 int udp6_sendspace = 9216; /* really max datagram size */ 333 int udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6)); 334 /* 40 1K datagrams */ 335 336 /* 337 * sysctl related items. 338 */ 339 SYSCTL_NODE(_net, PF_INET6, inet6, CTLFLAG_RW, 0, 340 "Internet6 Family"); 341 342 /* net.inet6 */ 343 SYSCTL_NODE(_net_inet6, IPPROTO_IPV6, ip6, CTLFLAG_RW, 0, "IP6"); 344 SYSCTL_NODE(_net_inet6, IPPROTO_ICMPV6, icmp6, CTLFLAG_RW, 0, "ICMP6"); 345 SYSCTL_NODE(_net_inet6, IPPROTO_UDP, udp6, CTLFLAG_RW, 0, "UDP6"); 346 SYSCTL_NODE(_net_inet6, IPPROTO_TCP, tcp6, CTLFLAG_RW, 0, "TCP6"); 347 #ifdef IPSEC 348 SYSCTL_NODE(_net_inet6, IPPROTO_ESP, ipsec6, CTLFLAG_RW, 0, "IPSEC6"); 349 #endif /* IPSEC */ 350 351 /* net.inet6.ip6 */ 352 static int 353 sysctl_ip6_temppltime(SYSCTL_HANDLER_ARGS) 354 { 355 int error = 0; 356 int old; 357 358 error = SYSCTL_OUT(req, arg1, sizeof(int)); 359 if (error || !req->newptr) 360 return (error); 361 old = ip6_temp_preferred_lifetime; 362 error = SYSCTL_IN(req, arg1, sizeof(int)); 363 if (ip6_temp_preferred_lifetime < 364 ip6_desync_factor + ip6_temp_regen_advance) { 365 ip6_temp_preferred_lifetime = old; 366 return(EINVAL); 367 } 368 return(error); 369 } 370 371 static int 372 sysctl_ip6_tempvltime(SYSCTL_HANDLER_ARGS) 373 { 374 int error = 0; 375 int old; 376 377 error = SYSCTL_OUT(req, arg1, sizeof(int)); 378 if (error || !req->newptr) 379 return (error); 380 old = ip6_temp_valid_lifetime; 381 error = SYSCTL_IN(req, arg1, sizeof(int)); 382 if (ip6_temp_valid_lifetime < ip6_temp_preferred_lifetime) { 383 ip6_temp_preferred_lifetime = old; 384 return(EINVAL); 385 } 386 return(error); 387 } 388 389 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING, 390 forwarding, CTLFLAG_RW, &ip6_forwarding, 0, ""); 391 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS, 392 redirect, CTLFLAG_RW, &ip6_sendredirects, 0, ""); 393 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM, 394 hlim, CTLFLAG_RW, &ip6_defhlim, 0, ""); 395 SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_STATS, stats, CTLFLAG_RD, 396 &ip6stat, ip6stat, ""); 397 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, 398 maxfragpackets, CTLFLAG_RW, &ip6_maxfragpackets, 0, ""); 399 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, 400 accept_rtadv, CTLFLAG_RW, &ip6_accept_rtadv, 0, ""); 401 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH, 402 keepfaith, CTLFLAG_RW, &ip6_keepfaith, 0, ""); 403 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL, 404 log_interval, CTLFLAG_RW, &ip6_log_interval, 0, ""); 405 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT, 406 hdrnestlimit, CTLFLAG_RW, &ip6_hdrnestlimit, 0, ""); 407 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT, 408 dad_count, CTLFLAG_RW, &ip6_dad_count, 0, ""); 409 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL, 410 auto_flowlabel, CTLFLAG_RW, &ip6_auto_flowlabel, 0, ""); 411 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM, 412 defmcasthlim, CTLFLAG_RW, &ip6_defmcasthlim, 0, ""); 413 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, 414 gifhlim, CTLFLAG_RW, &ip6_gif_hlim, 0, ""); 415 SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION, 416 kame_version, CTLFLAG_RD, __KAME_VERSION, 0, ""); 417 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED, 418 use_deprecated, CTLFLAG_RW, &ip6_use_deprecated, 0, ""); 419 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE, 420 rr_prune, CTLFLAG_RW, &ip6_rr_prune, 0, ""); 421 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR, 422 use_tempaddr, CTLFLAG_RW, &ip6_use_tempaddr, 0, ""); 423 SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime, 424 CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_preferred_lifetime, 0, 425 sysctl_ip6_temppltime, "I", ""); 426 SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime, 427 CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_valid_lifetime, 0, 428 sysctl_ip6_tempvltime, "I", ""); 429 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY, 430 v6only, CTLFLAG_RW, &ip6_v6only, 0, ""); 431 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, 432 auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal, 0, ""); 433 SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD, 434 &rip6stat, rip6stat, ""); 435 436 /* net.inet6.icmp6 */ 437 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, 438 rediraccept, CTLFLAG_RW, &icmp6_rediraccept, 0, ""); 439 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, 440 redirtimeout, CTLFLAG_RW, &icmp6_redirtimeout, 0, ""); 441 SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD, 442 &icmp6stat, icmp6stat, ""); 443 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, 444 nd6_prune, CTLFLAG_RW, &nd6_prune, 0, ""); 445 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, 446 nd6_delay, CTLFLAG_RW, &nd6_delay, 0, ""); 447 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, 448 nd6_umaxtries, CTLFLAG_RW, &nd6_umaxtries, 0, ""); 449 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, 450 nd6_mmaxtries, CTLFLAG_RW, &nd6_mmaxtries, 0, ""); 451 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, 452 nd6_useloopback, CTLFLAG_RW, &nd6_useloopback, 0, ""); 453 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, 454 nodeinfo, CTLFLAG_RW, &icmp6_nodeinfo, 0, ""); 455 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, 456 errppslimit, CTLFLAG_RW, &icmp6errppslim, 0, ""); 457 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, 458 nd6_maxnudhint, CTLFLAG_RW, &nd6_maxnudhint, 0, ""); 459 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, 460 nd6_debug, CTLFLAG_RW, &nd6_debug, 0, ""); 461