xref: /freebsd/sys/netinet6/ip6_forward.c (revision 328110da2661a8841f12000b99fea27ceacdd5b2) 
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the project nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  *	$KAME: ip6_forward.c,v 1.69 2001/05/17 03:48:30 itojun Exp $
32  */
33 
34 #include <sys/cdefs.h>
35 #include "opt_inet.h"
36 #include "opt_inet6.h"
37 #include "opt_ipsec.h"
38 #include "opt_ipstealth.h"
39 #include "opt_sctp.h"
40 
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/malloc.h>
44 #include <sys/mbuf.h>
45 #include <sys/domain.h>
46 #include <sys/protosw.h>
47 #include <sys/socket.h>
48 #include <sys/errno.h>
49 #include <sys/time.h>
50 #include <sys/kernel.h>
51 #include <sys/syslog.h>
52 
53 #include <net/if.h>
54 #include <net/if_var.h>
55 #include <net/if_private.h>
56 #include <net/netisr.h>
57 #include <net/route.h>
58 #include <net/route/nhop.h>
59 #include <net/pfil.h>
60 
61 #include <netinet/in.h>
62 #include <netinet/in_var.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
65 #include <netinet/ip_var.h>
66 #include <netinet6/in6_var.h>
67 #include <netinet/ip6.h>
68 #include <netinet6/in6_fib.h>
69 #include <netinet6/ip6_var.h>
70 #include <netinet6/scope6_var.h>
71 #include <netinet/icmp6.h>
72 #include <netinet6/nd6.h>
73 
74 #include <netinet/in_pcb.h>
75 
76 #include <netipsec/ipsec_support.h>
77 
78 /*
79  * Forward a packet.  If some error occurs return the sender
80  * an icmp packet.  Note we can't always generate a meaningful
81  * icmp message because icmp doesn't have a large enough repertoire
82  * of codes and types.
83  *
84  * If not forwarding, just drop the packet.  This could be confusing
85  * if ipforwarding was zero but some routing protocol was advancing
86  * us as a gateway to somewhere.  However, we must let the routing
87  * protocol deal with that.
88  *
89  */
90 void
91 ip6_forward(struct mbuf *m, int srcrt)
92 {
93 	struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
94 	struct sockaddr_in6 dst;
95 	struct nhop_object *nh = NULL;
96 	int error, type = 0, code = 0;
97 	struct mbuf *mcopy = NULL;
98 	struct ifnet *origifp;	/* maybe unnecessary */
99 	u_int32_t inzone, outzone;
100 	struct in6_addr odst;
101 	struct m_tag *fwd_tag;
102 	char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
103 
104 	/*
105 	 * Do not forward packets to multicast destination (should be handled
106 	 * by ip6_mforward().
107 	 * Do not forward packets with unspecified source.  It was discussed
108 	 * in July 2000, on the ipngwg mailing list.
109 	 */
110 	if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
111 	    IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
112 	    IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) ||
113 	    IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) {
114 		IP6STAT_INC(ip6s_cantforward);
115 		/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
116 		if (V_ip6_log_cannot_forward && ip6_log_ratelimit()) {
117 			log(LOG_DEBUG,
118 			    "cannot forward "
119 			    "from %s to %s nxt %d received on %s\n",
120 			    ip6_sprintf(ip6bufs, &ip6->ip6_src),
121 			    ip6_sprintf(ip6bufd, &ip6->ip6_dst),
122 			    ip6->ip6_nxt,
123 			    if_name(m->m_pkthdr.rcvif));
124 		}
125 		m_freem(m);
126 		return;
127 	}
128 
129 	if (
130 #ifdef IPSTEALTH
131 	    V_ip6stealth == 0 &&
132 #endif
133 	    ip6->ip6_hlim <= IPV6_HLIMDEC) {
134 		/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
135 		icmp6_error(m, ICMP6_TIME_EXCEEDED,
136 		    ICMP6_TIME_EXCEED_TRANSIT, 0);
137 		return;
138 	}
139 
140 	/*
141 	 * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU -
142 	 * size of IPv6 + ICMPv6 headers) bytes of the packet in case
143 	 * we need to generate an ICMP6 message to the src.
144 	 * Thanks to M_EXT, in most cases copy will not occur.
145 	 *
146 	 * It is important to save it before IPsec processing as IPsec
147 	 * processing may modify the mbuf.
148 	 */
149 	mcopy = m_copym(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN),
150 	    M_NOWAIT);
151 #ifdef IPSTEALTH
152 	if (V_ip6stealth == 0)
153 #endif
154 		ip6->ip6_hlim -= IPV6_HLIMDEC;
155 
156 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
157 	if (IPSEC_ENABLED(ipv6)) {
158 		if ((error = IPSEC_FORWARD(ipv6, m)) != 0) {
159 			/* mbuf consumed by IPsec */
160 			m_freem(mcopy);
161 			if (error != EINPROGRESS)
162 				IP6STAT_INC(ip6s_cantforward);
163 			return;
164 		}
165 		/* No IPsec processing required */
166 	}
167 #endif
168 	/*
169 	 * ip6_forward() operates with IPv6 addresses with deembedded scope.
170 	 *
171 	 * There are 3 sources of IPv6 destination address:
172 	 *
173 	 * 1) ip6_input(), where ip6_dst contains deembedded address.
174 	 *   In order to deal with forwarding of link-local packets,
175 	 *   calculate the scope based on input interface (RFC 4007, clause 9).
176 	 * 2) packet filters changing ip6_dst directly. It would embed scope
177 	 *   for LL addresses, so in6_localip() performs properly.
178 	 * 3) packet filters attaching PACKET_TAG_IPFORWARD would embed
179 	 *   scope for the nexthop.
180 	 */
181 	bzero(&dst, sizeof(struct sockaddr_in6));
182 	dst.sin6_family = AF_INET6;
183 	dst.sin6_addr = ip6->ip6_dst;
184 	dst.sin6_scope_id = in6_get_unicast_scopeid(&ip6->ip6_dst, m->m_pkthdr.rcvif);
185 again:
186 	nh = fib6_lookup(M_GETFIB(m), &dst.sin6_addr, dst.sin6_scope_id,
187 	    NHR_REF, m->m_pkthdr.flowid);
188 	if (nh == NULL) {
189 		IP6STAT_INC(ip6s_noroute);
190 		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute);
191 		if (mcopy) {
192 			icmp6_error(mcopy, ICMP6_DST_UNREACH,
193 			ICMP6_DST_UNREACH_NOROUTE, 0);
194 		}
195 		goto bad;
196 	}
197 
198 	if (nh->nh_flags & (NHF_BLACKHOLE | NHF_REJECT)) {
199 		IP6STAT_INC(ip6s_cantforward);
200 		if (mcopy != NULL) {
201 			if (nh->nh_flags & NHF_REJECT) {
202 				icmp6_error(mcopy, ICMP6_DST_UNREACH,
203 				    ICMP6_DST_UNREACH_REJECT, 0);
204 			} else
205 				m_freem(mcopy);
206 		}
207 		goto bad;
208 	}
209 
210 	/*
211 	 * Source scope check: if a packet can't be delivered to its
212 	 * destination for the reason that the destination is beyond the scope
213 	 * of the source address, discard the packet and return an icmp6
214 	 * destination unreachable error with Code 2 (beyond scope of source
215 	 * address).
216 	 * [draft-ietf-ipngwg-icmp-v3-04.txt, Section 3.1]
217 	 */
218 	outzone = in6_get_unicast_scopeid(&ip6->ip6_src, nh->nh_ifp);
219 	inzone = in6_get_unicast_scopeid(&ip6->ip6_src, m->m_pkthdr.rcvif);
220 	if (inzone != outzone) {
221 		IP6STAT_INC(ip6s_cantforward);
222 		IP6STAT_INC(ip6s_badscope);
223 		in6_ifstat_inc(nh->nh_ifp, ifs6_in_discard);
224 
225 		if (V_ip6_log_cannot_forward && ip6_log_ratelimit()) {
226 			log(LOG_DEBUG,
227 			    "cannot forward "
228 			    "src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
229 			    ip6_sprintf(ip6bufs, &ip6->ip6_src),
230 			    ip6_sprintf(ip6bufd, &ip6->ip6_dst),
231 			    ip6->ip6_nxt,
232 			    if_name(m->m_pkthdr.rcvif), if_name(nh->nh_ifp));
233 		}
234 		if (mcopy)
235 			icmp6_error(mcopy, ICMP6_DST_UNREACH,
236 				    ICMP6_DST_UNREACH_BEYONDSCOPE, 0);
237 		goto bad;
238 	}
239 
240 	/*
241 	 * Destination scope check: if a packet is going to break the scope
242 	 * zone of packet's destination address, discard it.  This case should
243 	 * usually be prevented by appropriately-configured routing table, but
244 	 * we need an explicit check because we may mistakenly forward the
245 	 * packet to a different zone by (e.g.) a default route.
246 	 */
247 	inzone = in6_get_unicast_scopeid(&ip6->ip6_dst, m->m_pkthdr.rcvif);
248 	outzone = in6_get_unicast_scopeid(&ip6->ip6_dst, nh->nh_ifp);
249 
250 	if (inzone != outzone) {
251 		IP6STAT_INC(ip6s_cantforward);
252 		IP6STAT_INC(ip6s_badscope);
253 		goto bad;
254 	}
255 
256 	if (nh->nh_flags & NHF_GATEWAY) {
257 		/* Store gateway address in deembedded form */
258 		dst.sin6_addr = nh->gw6_sa.sin6_addr;
259 		dst.sin6_scope_id = ntohs(in6_getscope(&dst.sin6_addr));
260 		in6_clearscope(&dst.sin6_addr);
261 	}
262 
263 	/*
264 	 * If we are to forward the packet using the same interface
265 	 * as one we got the packet from, perhaps we should send a redirect
266 	 * to sender to shortcut a hop.
267 	 * Only send redirect if source is sending directly to us,
268 	 * and if packet was not source routed (or has any options).
269 	 * Also, don't send redirect if forwarding using a route
270 	 * modified by a redirect.
271 	 */
272 	if (V_ip6_sendredirects && nh->nh_ifp == m->m_pkthdr.rcvif && !srcrt &&
273 	    (nh->nh_flags & NHF_REDIRECT) == 0)
274 		type = ND_REDIRECT;
275 
276 	/*
277 	 * Fake scoped addresses. Note that even link-local source or
278 	 * destinaion can appear, if the originating node just sends the
279 	 * packet to us (without address resolution for the destination).
280 	 * Since both icmp6_error and icmp6_redirect_output fill the embedded
281 	 * link identifiers, we can do this stuff after making a copy for
282 	 * returning an error.
283 	 */
284 	if ((nh->nh_ifp->if_flags & IFF_LOOPBACK) != 0) {
285 		/*
286 		 * See corresponding comments in ip6_output.
287 		 * XXX: but is it possible that ip6_forward() sends a packet
288 		 *      to a loopback interface? I don't think so, and thus
289 		 *      I bark here. (jinmei@kame.net)
290 		 * XXX: it is common to route invalid packets to loopback.
291 		 *	also, the codepath will be visited on use of ::1 in
292 		 *	rthdr. (itojun)
293 		 */
294 #if 1
295 		if (0)
296 #else
297 		if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0)
298 #endif
299 		{
300 			printf("ip6_forward: outgoing interface is loopback. "
301 			       "src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
302 			       ip6_sprintf(ip6bufs, &ip6->ip6_src),
303 			       ip6_sprintf(ip6bufd, &ip6->ip6_dst),
304 			       ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif),
305 			       if_name(nh->nh_ifp));
306 		}
307 
308 		/* we can just use rcvif in forwarding. */
309 		origifp = m->m_pkthdr.rcvif;
310 	}
311 	else
312 		origifp = nh->nh_ifp;
313 	/*
314 	 * clear embedded scope identifiers if necessary.
315 	 * in6_clearscope will touch the addresses only when necessary.
316 	 */
317 	in6_clearscope(&ip6->ip6_src);
318 	in6_clearscope(&ip6->ip6_dst);
319 
320 	/* Jump over all PFIL processing if hooks are not active. */
321 	if (!PFIL_HOOKED_OUT(V_inet6_pfil_head))
322 		goto pass;
323 
324 	odst = ip6->ip6_dst;
325 	/* Run through list of hooks for forwarded packets. */
326 	if (pfil_mbuf_fwd(V_inet6_pfil_head, &m, nh->nh_ifp,
327 	    NULL) != PFIL_PASS)
328 		goto freecopy;
329 	ip6 = mtod(m, struct ip6_hdr *);
330 
331 	/* See if destination IP address was changed by packet filter. */
332 	if (!IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst)) {
333 		m->m_flags |= M_SKIP_FIREWALL;
334 		/* If destination is now ourself drop to ip6_input(). */
335 		if (in6_localip(&ip6->ip6_dst))
336 			m->m_flags |= M_FASTFWD_OURS;
337 		else {
338 			NH_FREE(nh);
339 
340 			/* Update address and scopeid. Assume scope is embedded */
341 			dst.sin6_scope_id = ntohs(in6_getscope(&ip6->ip6_dst));
342 			dst.sin6_addr = ip6->ip6_dst;
343 			in6_clearscope(&dst.sin6_addr);
344 			goto again;	/* Redo the routing table lookup. */
345 		}
346 	}
347 
348 	/* See if local, if yes, send it to netisr. */
349 	if (m->m_flags & M_FASTFWD_OURS) {
350 		if (m->m_pkthdr.rcvif == NULL)
351 			m->m_pkthdr.rcvif = V_loif;
352 		if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) {
353 			m->m_pkthdr.csum_flags |=
354 			    CSUM_DATA_VALID_IPV6 | CSUM_PSEUDO_HDR;
355 			m->m_pkthdr.csum_data = 0xffff;
356 		}
357 #if defined(SCTP) || defined(SCTP_SUPPORT)
358 		if (m->m_pkthdr.csum_flags & CSUM_SCTP_IPV6)
359 			m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID;
360 #endif
361 		error = netisr_queue(NETISR_IPV6, m);
362 		goto out;
363 	}
364 	/* Or forward to some other address? */
365 	if ((m->m_flags & M_IP6_NEXTHOP) &&
366 	    (fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL) {
367 		struct sockaddr_in6 *gw6 = (struct sockaddr_in6 *)(fwd_tag + 1);
368 
369 		/* Update address and scopeid. Assume scope is embedded */
370 		dst.sin6_scope_id = ntohs(in6_getscope(&gw6->sin6_addr));
371 		dst.sin6_addr = gw6->sin6_addr;
372 		in6_clearscope(&dst.sin6_addr);
373 
374 		m->m_flags |= M_SKIP_FIREWALL;
375 		m->m_flags &= ~M_IP6_NEXTHOP;
376 		m_tag_delete(m, fwd_tag);
377 		NH_FREE(nh);
378 		goto again;
379 	}
380 
381 pass:
382 	/* See if the size was changed by the packet filter. */
383 	/* TODO: change to nh->nh_mtu */
384 	if (m->m_pkthdr.len > IN6_LINKMTU(nh->nh_ifp)) {
385 		in6_ifstat_inc(nh->nh_ifp, ifs6_in_toobig);
386 		if (mcopy)
387 			icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0,
388 			    IN6_LINKMTU(nh->nh_ifp));
389 		goto bad;
390 	}
391 
392 	/* Currently LLE layer stores embedded IPv6 addresses */
393 	if (IN6_IS_SCOPE_LINKLOCAL(&dst.sin6_addr)) {
394 		in6_set_unicast_scopeid(&dst.sin6_addr, dst.sin6_scope_id);
395 		dst.sin6_scope_id = 0;
396 	}
397 	error = nd6_output_ifp(nh->nh_ifp, origifp, m, &dst, NULL);
398 	if (error) {
399 		in6_ifstat_inc(nh->nh_ifp, ifs6_out_discard);
400 		IP6STAT_INC(ip6s_cantforward);
401 	} else {
402 		IP6STAT_INC(ip6s_forward);
403 		in6_ifstat_inc(nh->nh_ifp, ifs6_out_forward);
404 		if (type)
405 			IP6STAT_INC(ip6s_redirectsent);
406 		else {
407 			if (mcopy)
408 				goto freecopy;
409 		}
410 	}
411 
412 	if (mcopy == NULL)
413 		goto out;
414 	switch (error) {
415 	case 0:
416 		if (type == ND_REDIRECT) {
417 			icmp6_redirect_output(mcopy, nh);
418 			goto out;
419 		}
420 		goto freecopy;
421 
422 	case EMSGSIZE:
423 		/* xxx MTU is constant in PPP? */
424 		goto freecopy;
425 
426 	case ENOBUFS:
427 		/* Tell source to slow down like source quench in IP? */
428 		goto freecopy;
429 
430 	case ENETUNREACH:	/* shouldn't happen, checked above */
431 	case EHOSTUNREACH:
432 	case ENETDOWN:
433 	case EHOSTDOWN:
434 	default:
435 		type = ICMP6_DST_UNREACH;
436 		code = ICMP6_DST_UNREACH_ADDR;
437 		break;
438 	}
439 	icmp6_error(mcopy, type, code, 0);
440 	goto out;
441 
442  freecopy:
443 	m_freem(mcopy);
444 	goto out;
445 bad:
446 	m_freem(m);
447 out:
448 	if (nh != NULL)
449 		NH_FREE(nh);
450 }
451