1 /* $FreeBSD$ */ 2 /* $KAME: in6_proto.c,v 1.91 2001/05/27 13:28:35 itojun Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. All advertising materials mentioning features or use of this software 46 * must display the following acknowledgement: 47 * This product includes software developed by the University of 48 * California, Berkeley and its contributors. 49 * 4. Neither the name of the University nor the names of its contributors 50 * may be used to endorse or promote products derived from this software 51 * without specific prior written permission. 52 * 53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 63 * SUCH DAMAGE. 64 * 65 * @(#)in_proto.c 8.1 (Berkeley) 6/10/93 66 */ 67 68 #include "opt_inet.h" 69 #include "opt_inet6.h" 70 #include "opt_ipsec.h" 71 72 #include <sys/param.h> 73 #include <sys/socket.h> 74 #include <sys/socketvar.h> 75 #include <sys/protosw.h> 76 #include <sys/kernel.h> 77 #include <sys/domain.h> 78 #include <sys/mbuf.h> 79 #include <sys/systm.h> 80 #include <sys/sysctl.h> 81 82 #include <net/if.h> 83 #include <net/radix.h> 84 #include <net/route.h> 85 86 #include <netinet/in.h> 87 #include <netinet/in_systm.h> 88 #include <netinet/in_var.h> 89 #include <netinet/ip_encap.h> 90 #include <netinet/ip.h> 91 #include <netinet/ip_var.h> 92 #include <netinet/ip6.h> 93 #include <netinet6/ip6_var.h> 94 #include <netinet/icmp6.h> 95 96 #include <netinet/tcp.h> 97 #include <netinet/tcp_timer.h> 98 #include <netinet/tcp_var.h> 99 #include <netinet/udp.h> 100 #include <netinet/udp_var.h> 101 #include <netinet6/tcp6_var.h> 102 #include <netinet6/raw_ip6.h> 103 #include <netinet6/udp6_var.h> 104 #include <netinet6/pim6_var.h> 105 #include <netinet6/nd6.h> 106 #include <netinet6/in6_prefix.h> 107 108 #ifdef IPSEC 109 #include <netinet6/ipsec.h> 110 #ifdef INET6 111 #include <netinet6/ipsec6.h> 112 #endif 113 #include <netinet6/ah.h> 114 #ifdef INET6 115 #include <netinet6/ah6.h> 116 #endif 117 #ifdef IPSEC_ESP 118 #include <netinet6/esp.h> 119 #ifdef INET6 120 #include <netinet6/esp6.h> 121 #endif 122 #endif 123 #include <netinet6/ipcomp.h> 124 #ifdef INET6 125 #include <netinet6/ipcomp6.h> 126 #endif 127 #endif /* IPSEC */ 128 129 #include <netinet6/ip6protosw.h> 130 131 #include <net/net_osdep.h> 132 133 /* 134 * TCP/IP protocol family: IP6, ICMP6, UDP, TCP. 135 */ 136 137 extern struct domain inet6domain; 138 static struct pr_usrreqs nousrreqs; 139 140 #define PR_LISTEN 0 141 #define PR_ABRTACPTDIS 0 142 143 struct ip6protosw inet6sw[] = { 144 { 0, &inet6domain, IPPROTO_IPV6, 0, 145 0, 0, 0, 0, 146 0, 147 ip6_init, 0, frag6_slowtimo, frag6_drain, 148 &nousrreqs, 149 }, 150 { SOCK_DGRAM, &inet6domain, IPPROTO_UDP, PR_ATOMIC|PR_ADDR, 151 udp6_input, 0, udp6_ctlinput, ip6_ctloutput, 152 0, 153 0, 0, 0, 0, 154 &udp6_usrreqs, 155 }, 156 { SOCK_STREAM, &inet6domain, IPPROTO_TCP, PR_CONNREQUIRED|PR_WANTRCVD|PR_LISTEN, 157 tcp6_input, 0, tcp6_ctlinput, tcp_ctloutput, 158 0, 159 #ifdef INET /* don't call initialization and timeout routines twice */ 160 0, 0, 0, tcp_drain, 161 #else 162 tcp_init, tcp_fasttimo, tcp_slowtimo, tcp_drain, 163 #endif 164 &tcp6_usrreqs, 165 }, 166 { SOCK_RAW, &inet6domain, IPPROTO_RAW, PR_ATOMIC|PR_ADDR, 167 rip6_input, rip6_output, rip6_ctlinput, rip6_ctloutput, 168 0, 169 0, 0, 0, 0, 170 &rip6_usrreqs 171 }, 172 { SOCK_RAW, &inet6domain, IPPROTO_ICMPV6, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 173 icmp6_input, rip6_output, rip6_ctlinput, rip6_ctloutput, 174 0, 175 icmp6_init, icmp6_fasttimo, 0, 0, 176 &rip6_usrreqs 177 }, 178 { SOCK_RAW, &inet6domain, IPPROTO_DSTOPTS,PR_ATOMIC|PR_ADDR, 179 dest6_input, 0, 0, 0, 180 0, 181 0, 0, 0, 0, 182 &nousrreqs 183 }, 184 { SOCK_RAW, &inet6domain, IPPROTO_ROUTING,PR_ATOMIC|PR_ADDR, 185 route6_input, 0, 0, 0, 186 0, 187 0, 0, 0, 0, 188 &nousrreqs 189 }, 190 { SOCK_RAW, &inet6domain, IPPROTO_FRAGMENT,PR_ATOMIC|PR_ADDR, 191 frag6_input, 0, 0, 0, 192 0, 193 0, 0, 0, 0, 194 &nousrreqs 195 }, 196 #ifdef IPSEC 197 { SOCK_RAW, &inet6domain, IPPROTO_AH, PR_ATOMIC|PR_ADDR, 198 ah6_input, 0, 0, 0, 199 0, 200 0, 0, 0, 0, 201 &nousrreqs, 202 }, 203 #ifdef IPSEC_ESP 204 { SOCK_RAW, &inet6domain, IPPROTO_ESP, PR_ATOMIC|PR_ADDR, 205 esp6_input, 0, 206 esp6_ctlinput, 207 0, 208 0, 209 0, 0, 0, 0, 210 &nousrreqs, 211 }, 212 #endif 213 { SOCK_RAW, &inet6domain, IPPROTO_IPCOMP, PR_ATOMIC|PR_ADDR, 214 ipcomp6_input, 0, 0, 0, 215 0, 216 0, 0, 0, 0, 217 &nousrreqs, 218 }, 219 #endif /* IPSEC */ 220 #ifdef INET 221 { SOCK_RAW, &inet6domain, IPPROTO_IPV4, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 222 encap6_input, rip6_output, 0, rip6_ctloutput, 223 0, 224 encap_init, 0, 0, 0, 225 &rip6_usrreqs 226 }, 227 #endif /* INET */ 228 { SOCK_RAW, &inet6domain, IPPROTO_IPV6, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 229 encap6_input, rip6_output, 0, rip6_ctloutput, 230 0, 231 encap_init, 0, 0, 0, 232 &rip6_usrreqs 233 }, 234 { SOCK_RAW, &inet6domain, IPPROTO_PIM, PR_ATOMIC|PR_ADDR|PR_LASTHDR, 235 pim6_input, rip6_output, 0, rip6_ctloutput, 236 0, 237 0, 0, 0, 0, 238 &rip6_usrreqs 239 }, 240 /* raw wildcard */ 241 { SOCK_RAW, &inet6domain, 0, PR_ATOMIC|PR_ADDR, 242 rip6_input, rip6_output, 0, rip6_ctloutput, 243 0, 244 0, 0, 0, 0, 245 &rip6_usrreqs 246 }, 247 }; 248 249 extern int in6_inithead __P((void **, int)); 250 251 struct domain inet6domain = 252 { AF_INET6, "internet6", 0, 0, 0, 253 (struct protosw *)inet6sw, 254 (struct protosw *)&inet6sw[sizeof(inet6sw)/sizeof(inet6sw[0])], 0, 255 in6_inithead, 256 offsetof(struct sockaddr_in6, sin6_addr) << 3, 257 sizeof(struct sockaddr_in6) }; 258 259 DOMAIN_SET(inet6); 260 261 /* 262 * Internet configuration info 263 */ 264 #ifndef IPV6FORWARDING 265 #ifdef GATEWAY6 266 #define IPV6FORWARDING 1 /* forward IP6 packets not for us */ 267 #else 268 #define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */ 269 #endif /* GATEWAY6 */ 270 #endif /* !IPV6FORWARDING */ 271 272 #ifndef IPV6_SENDREDIRECTS 273 #define IPV6_SENDREDIRECTS 1 274 #endif 275 276 int ip6_forwarding = IPV6FORWARDING; /* act as router? */ 277 int ip6_sendredirects = IPV6_SENDREDIRECTS; 278 int ip6_defhlim = IPV6_DEFHLIM; 279 int ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS; 280 int ip6_accept_rtadv = 0; /* "IPV6FORWARDING ? 0 : 1" is dangerous */ 281 int ip6_maxfragpackets; /* initialized in frag6.c:frag6_init() */ 282 int ip6_log_interval = 5; 283 int ip6_hdrnestlimit = 50; /* appropriate? */ 284 int ip6_dad_count = 1; /* DupAddrDetectionTransmits */ 285 u_int32_t ip6_flow_seq; 286 int ip6_auto_flowlabel = 1; 287 int ip6_gif_hlim = 0; 288 int ip6_use_deprecated = 1; /* allow deprecated addr (RFC2462 5.5.4) */ 289 int ip6_rr_prune = 5; /* router renumbering prefix 290 * walk list every 5 sec. */ 291 int ip6_v6only = 1; 292 293 u_int32_t ip6_id = 0UL; 294 int ip6_keepfaith = 0; 295 time_t ip6_log_time = (time_t)0L; 296 297 /* icmp6 */ 298 /* 299 * BSDI4 defines these variables in in_proto.c... 300 * XXX: what if we don't define INET? Should we define pmtu6_expire 301 * or so? (jinmei@kame.net 19990310) 302 */ 303 int pmtu_expire = 60*10; 304 int pmtu_probe = 60*2; 305 306 /* raw IP6 parameters */ 307 /* 308 * Nominal space allocated to a raw ip socket. 309 */ 310 #define RIPV6SNDQ 8192 311 #define RIPV6RCVQ 8192 312 313 u_long rip6_sendspace = RIPV6SNDQ; 314 u_long rip6_recvspace = RIPV6RCVQ; 315 316 /* ICMPV6 parameters */ 317 int icmp6_rediraccept = 1; /* accept and process redirects */ 318 int icmp6_redirtimeout = 10 * 60; /* 10 minutes */ 319 int icmp6errppslim = 100; /* 100pps */ 320 int icmp6_nodeinfo = 3; /* enable/disable NI response */ 321 322 /* UDP on IP6 parameters */ 323 int udp6_sendspace = 9216; /* really max datagram size */ 324 int udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6)); 325 /* 40 1K datagrams */ 326 327 /* 328 * sysctl related items. 329 */ 330 SYSCTL_NODE(_net, PF_INET6, inet6, CTLFLAG_RW, 0, 331 "Internet6 Family"); 332 333 /* net.inet6 */ 334 SYSCTL_NODE(_net_inet6, IPPROTO_IPV6, ip6, CTLFLAG_RW, 0, "IP6"); 335 SYSCTL_NODE(_net_inet6, IPPROTO_ICMPV6, icmp6, CTLFLAG_RW, 0, "ICMP6"); 336 SYSCTL_NODE(_net_inet6, IPPROTO_UDP, udp6, CTLFLAG_RW, 0, "UDP6"); 337 SYSCTL_NODE(_net_inet6, IPPROTO_TCP, tcp6, CTLFLAG_RW, 0, "TCP6"); 338 #ifdef IPSEC 339 SYSCTL_NODE(_net_inet6, IPPROTO_ESP, ipsec6, CTLFLAG_RW, 0, "IPSEC6"); 340 #endif /* IPSEC */ 341 342 /* net.inet6.ip6 */ 343 static int 344 sysctl_ip6_temppltime(SYSCTL_HANDLER_ARGS) 345 { 346 int error = 0; 347 int old; 348 349 error = SYSCTL_OUT(req, arg1, sizeof(int)); 350 if (error || !req->newptr) 351 return (error); 352 old = ip6_temp_preferred_lifetime; 353 error = SYSCTL_IN(req, arg1, sizeof(int)); 354 if (ip6_temp_preferred_lifetime < 355 ip6_desync_factor + ip6_temp_regen_advance) { 356 ip6_temp_preferred_lifetime = old; 357 return(EINVAL); 358 } 359 return(error); 360 } 361 362 static int 363 sysctl_ip6_tempvltime(SYSCTL_HANDLER_ARGS) 364 { 365 int error = 0; 366 int old; 367 368 error = SYSCTL_OUT(req, arg1, sizeof(int)); 369 if (error || !req->newptr) 370 return (error); 371 old = ip6_temp_valid_lifetime; 372 error = SYSCTL_IN(req, arg1, sizeof(int)); 373 if (ip6_temp_valid_lifetime < ip6_temp_preferred_lifetime) { 374 ip6_temp_preferred_lifetime = old; 375 return(EINVAL); 376 } 377 return(error); 378 } 379 380 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING, 381 forwarding, CTLFLAG_RW, &ip6_forwarding, 0, ""); 382 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS, 383 redirect, CTLFLAG_RW, &ip6_sendredirects, 0, ""); 384 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM, 385 hlim, CTLFLAG_RW, &ip6_defhlim, 0, ""); 386 SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_STATS, stats, CTLFLAG_RD, 387 &ip6stat, ip6stat, ""); 388 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, 389 maxfragpackets, CTLFLAG_RW, &ip6_maxfragpackets, 0, ""); 390 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, 391 accept_rtadv, CTLFLAG_RW, &ip6_accept_rtadv, 0, ""); 392 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH, 393 keepfaith, CTLFLAG_RW, &ip6_keepfaith, 0, ""); 394 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL, 395 log_interval, CTLFLAG_RW, &ip6_log_interval, 0, ""); 396 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT, 397 hdrnestlimit, CTLFLAG_RW, &ip6_hdrnestlimit, 0, ""); 398 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT, 399 dad_count, CTLFLAG_RW, &ip6_dad_count, 0, ""); 400 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL, 401 auto_flowlabel, CTLFLAG_RW, &ip6_auto_flowlabel, 0, ""); 402 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM, 403 defmcasthlim, CTLFLAG_RW, &ip6_defmcasthlim, 0, ""); 404 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, 405 gifhlim, CTLFLAG_RW, &ip6_gif_hlim, 0, ""); 406 SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION, 407 kame_version, CTLFLAG_RD, __KAME_VERSION, 0, ""); 408 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED, 409 use_deprecated, CTLFLAG_RW, &ip6_use_deprecated, 0, ""); 410 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE, 411 rr_prune, CTLFLAG_RW, &ip6_rr_prune, 0, ""); 412 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR, 413 use_tempaddr, CTLFLAG_RW, &ip6_use_tempaddr, 0, ""); 414 SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime, 415 CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_preferred_lifetime, 0, 416 sysctl_ip6_temppltime, "I", ""); 417 SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime, 418 CTLTYPE_INT|CTLFLAG_RW, &ip6_temp_valid_lifetime, 0, 419 sysctl_ip6_tempvltime, "I", ""); 420 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY, 421 v6only, CTLFLAG_RW, &ip6_v6only, 0, ""); 422 SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, 423 auto_linklocal, CTLFLAG_RW, &ip6_auto_linklocal, 0, ""); 424 SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD, 425 &rip6stat, rip6stat, ""); 426 427 /* net.inet6.icmp6 */ 428 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT, 429 rediraccept, CTLFLAG_RW, &icmp6_rediraccept, 0, ""); 430 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT, 431 redirtimeout, CTLFLAG_RW, &icmp6_redirtimeout, 0, ""); 432 SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD, 433 &icmp6stat, icmp6stat, ""); 434 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE, 435 nd6_prune, CTLFLAG_RW, &nd6_prune, 0, ""); 436 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY, 437 nd6_delay, CTLFLAG_RW, &nd6_delay, 0, ""); 438 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES, 439 nd6_umaxtries, CTLFLAG_RW, &nd6_umaxtries, 0, ""); 440 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES, 441 nd6_mmaxtries, CTLFLAG_RW, &nd6_mmaxtries, 0, ""); 442 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK, 443 nd6_useloopback, CTLFLAG_RW, &nd6_useloopback, 0, ""); 444 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO, 445 nodeinfo, CTLFLAG_RW, &icmp6_nodeinfo, 0, ""); 446 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT, 447 errppslimit, CTLFLAG_RW, &icmp6errppslim, 0, ""); 448 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MAXNUDHINT, 449 nd6_maxnudhint, CTLFLAG_RW, &nd6_maxnudhint, 0, ""); 450 SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG, 451 nd6_debug, CTLFLAG_RW, &nd6_debug, 0, ""); 452