1 /* $FreeBSD$ */ 2 /* $KAME: ip6_output.c,v 1.279 2002/01/26 06:12:30 jinmei Exp $ */ 3 4 /*- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 /*- 34 * Copyright (c) 1982, 1986, 1988, 1990, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 4. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 62 */ 63 64 #include "opt_inet.h" 65 #include "opt_inet6.h" 66 #include "opt_ipsec.h" 67 68 #include <sys/param.h> 69 #include <sys/malloc.h> 70 #include <sys/mbuf.h> 71 #include <sys/proc.h> 72 #include <sys/errno.h> 73 #include <sys/priv.h> 74 #include <sys/protosw.h> 75 #include <sys/socket.h> 76 #include <sys/socketvar.h> 77 #include <sys/kernel.h> 78 79 #include <net/if.h> 80 #include <net/netisr.h> 81 #include <net/route.h> 82 #include <net/pfil.h> 83 84 #include <netinet/in.h> 85 #include <netinet/in_var.h> 86 #include <netinet6/in6_var.h> 87 #include <netinet/ip6.h> 88 #include <netinet/icmp6.h> 89 #include <netinet6/ip6_var.h> 90 #include <netinet/in_pcb.h> 91 #include <netinet/tcp_var.h> 92 #include <netinet6/nd6.h> 93 94 #ifdef IPSEC 95 #include <netipsec/ipsec.h> 96 #include <netipsec/ipsec6.h> 97 #include <netipsec/key.h> 98 #include <netinet6/ip6_ipsec.h> 99 #endif /* IPSEC */ 100 101 #include <netinet6/ip6protosw.h> 102 #include <netinet6/scope6_var.h> 103 104 static MALLOC_DEFINE(M_IP6MOPTS, "ip6_moptions", "internet multicast options"); 105 106 struct ip6_exthdrs { 107 struct mbuf *ip6e_ip6; 108 struct mbuf *ip6e_hbh; 109 struct mbuf *ip6e_dest1; 110 struct mbuf *ip6e_rthdr; 111 struct mbuf *ip6e_dest2; 112 }; 113 114 static int ip6_pcbopt __P((int, u_char *, int, struct ip6_pktopts **, 115 int, int)); 116 static int ip6_pcbopts __P((struct ip6_pktopts **, struct mbuf *, 117 struct socket *, struct sockopt *)); 118 static int ip6_getpcbopt __P((struct ip6_pktopts *, int, struct sockopt *)); 119 static int ip6_setpktopt __P((int, u_char *, int, struct ip6_pktopts *, int, 120 int, int, int)); 121 122 static int ip6_setmoptions __P((int, struct ip6_moptions **, struct mbuf *)); 123 static int ip6_getmoptions __P((int, struct ip6_moptions *, struct mbuf **)); 124 static int ip6_copyexthdr __P((struct mbuf **, caddr_t, int)); 125 static int ip6_insertfraghdr __P((struct mbuf *, struct mbuf *, int, 126 struct ip6_frag **)); 127 static int ip6_insert_jumboopt __P((struct ip6_exthdrs *, u_int32_t)); 128 static int ip6_splithdr __P((struct mbuf *, struct ip6_exthdrs *)); 129 static int ip6_getpmtu __P((struct route_in6 *, struct route_in6 *, 130 struct ifnet *, struct in6_addr *, u_long *, int *)); 131 static int copypktopts __P((struct ip6_pktopts *, struct ip6_pktopts *, int)); 132 133 134 /* 135 * Make an extension header from option data. hp is the source, and 136 * mp is the destination. 137 */ 138 #define MAKE_EXTHDR(hp, mp) \ 139 do { \ 140 if (hp) { \ 141 struct ip6_ext *eh = (struct ip6_ext *)(hp); \ 142 error = ip6_copyexthdr((mp), (caddr_t)(hp), \ 143 ((eh)->ip6e_len + 1) << 3); \ 144 if (error) \ 145 goto freehdrs; \ 146 } \ 147 } while (/*CONSTCOND*/ 0) 148 149 /* 150 * Form a chain of extension headers. 151 * m is the extension header mbuf 152 * mp is the previous mbuf in the chain 153 * p is the next header 154 * i is the type of option. 155 */ 156 #define MAKE_CHAIN(m, mp, p, i)\ 157 do {\ 158 if (m) {\ 159 if (!hdrsplit) \ 160 panic("assumption failed: hdr not split"); \ 161 *mtod((m), u_char *) = *(p);\ 162 *(p) = (i);\ 163 p = mtod((m), u_char *);\ 164 (m)->m_next = (mp)->m_next;\ 165 (mp)->m_next = (m);\ 166 (mp) = (m);\ 167 }\ 168 } while (/*CONSTCOND*/ 0) 169 170 /* 171 * IP6 output. The packet in mbuf chain m contains a skeletal IP6 172 * header (with pri, len, nxt, hlim, src, dst). 173 * This function may modify ver and hlim only. 174 * The mbuf chain containing the packet will be freed. 175 * The mbuf opt, if present, will not be freed. 176 * 177 * type of "mtu": rt_rmx.rmx_mtu is u_long, ifnet.ifr_mtu is int, and 178 * nd_ifinfo.linkmtu is u_int32_t. so we use u_long to hold largest one, 179 * which is rt_rmx.rmx_mtu. 180 * 181 * ifpp - XXX: just for statistics 182 */ 183 int 184 ip6_output(struct mbuf *m0, struct ip6_pktopts *opt, 185 struct route_in6 *ro, int flags, struct ip6_moptions *im6o, 186 struct ifnet **ifpp, struct inpcb *inp) 187 { 188 struct ip6_hdr *ip6, *mhip6; 189 struct ifnet *ifp, *origifp; 190 struct mbuf *m = m0; 191 struct mbuf *mprev = NULL; 192 int hlen, tlen, len, off; 193 struct route_in6 ip6route; 194 struct rtentry *rt = NULL; 195 struct sockaddr_in6 *dst, src_sa, dst_sa; 196 struct in6_addr odst; 197 int error = 0; 198 struct in6_ifaddr *ia = NULL; 199 u_long mtu; 200 int alwaysfrag, dontfrag; 201 u_int32_t optlen = 0, plen = 0, unfragpartlen = 0; 202 struct ip6_exthdrs exthdrs; 203 struct in6_addr finaldst, src0, dst0; 204 u_int32_t zone; 205 struct route_in6 *ro_pmtu = NULL; 206 int hdrsplit = 0; 207 int needipsec = 0; 208 #ifdef IPSEC 209 struct ipsec_output_state state; 210 struct ip6_rthdr *rh = NULL; 211 int needipsectun = 0; 212 int segleft_org = 0; 213 struct secpolicy *sp = NULL; 214 #endif /* IPSEC */ 215 216 ip6 = mtod(m, struct ip6_hdr *); 217 if (ip6 == NULL) { 218 printf ("ip6 is NULL"); 219 goto bad; 220 } 221 222 finaldst = ip6->ip6_dst; 223 224 bzero(&exthdrs, sizeof(exthdrs)); 225 226 if (opt) { 227 /* Hop-by-Hop options header */ 228 MAKE_EXTHDR(opt->ip6po_hbh, &exthdrs.ip6e_hbh); 229 /* Destination options header(1st part) */ 230 if (opt->ip6po_rthdr) { 231 /* 232 * Destination options header(1st part) 233 * This only makes sense with a routing header. 234 * See Section 9.2 of RFC 3542. 235 * Disabling this part just for MIP6 convenience is 236 * a bad idea. We need to think carefully about a 237 * way to make the advanced API coexist with MIP6 238 * options, which might automatically be inserted in 239 * the kernel. 240 */ 241 MAKE_EXTHDR(opt->ip6po_dest1, &exthdrs.ip6e_dest1); 242 } 243 /* Routing header */ 244 MAKE_EXTHDR(opt->ip6po_rthdr, &exthdrs.ip6e_rthdr); 245 /* Destination options header(2nd part) */ 246 MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2); 247 } 248 249 /* 250 * IPSec checking which handles several cases. 251 * FAST IPSEC: We re-injected the packet. 252 */ 253 #ifdef IPSEC 254 switch(ip6_ipsec_output(&m, inp, &flags, &error, &ifp, &sp)) 255 { 256 case 1: /* Bad packet */ 257 goto freehdrs; 258 case -1: /* Do IPSec */ 259 needipsec = 1; 260 case 0: /* No IPSec */ 261 default: 262 break; 263 } 264 #endif /* IPSEC */ 265 266 /* 267 * Calculate the total length of the extension header chain. 268 * Keep the length of the unfragmentable part for fragmentation. 269 */ 270 optlen = 0; 271 if (exthdrs.ip6e_hbh) 272 optlen += exthdrs.ip6e_hbh->m_len; 273 if (exthdrs.ip6e_dest1) 274 optlen += exthdrs.ip6e_dest1->m_len; 275 if (exthdrs.ip6e_rthdr) 276 optlen += exthdrs.ip6e_rthdr->m_len; 277 unfragpartlen = optlen + sizeof(struct ip6_hdr); 278 279 /* NOTE: we don't add AH/ESP length here. do that later. */ 280 if (exthdrs.ip6e_dest2) 281 optlen += exthdrs.ip6e_dest2->m_len; 282 283 /* 284 * If we need IPsec, or there is at least one extension header, 285 * separate IP6 header from the payload. 286 */ 287 if ((needipsec || optlen) && !hdrsplit) { 288 if ((error = ip6_splithdr(m, &exthdrs)) != 0) { 289 m = NULL; 290 goto freehdrs; 291 } 292 m = exthdrs.ip6e_ip6; 293 hdrsplit++; 294 } 295 296 /* adjust pointer */ 297 ip6 = mtod(m, struct ip6_hdr *); 298 299 /* adjust mbuf packet header length */ 300 m->m_pkthdr.len += optlen; 301 plen = m->m_pkthdr.len - sizeof(*ip6); 302 303 /* If this is a jumbo payload, insert a jumbo payload option. */ 304 if (plen > IPV6_MAXPACKET) { 305 if (!hdrsplit) { 306 if ((error = ip6_splithdr(m, &exthdrs)) != 0) { 307 m = NULL; 308 goto freehdrs; 309 } 310 m = exthdrs.ip6e_ip6; 311 hdrsplit++; 312 } 313 /* adjust pointer */ 314 ip6 = mtod(m, struct ip6_hdr *); 315 if ((error = ip6_insert_jumboopt(&exthdrs, plen)) != 0) 316 goto freehdrs; 317 ip6->ip6_plen = 0; 318 } else 319 ip6->ip6_plen = htons(plen); 320 321 /* 322 * Concatenate headers and fill in next header fields. 323 * Here we have, on "m" 324 * IPv6 payload 325 * and we insert headers accordingly. Finally, we should be getting: 326 * IPv6 hbh dest1 rthdr ah* [esp* dest2 payload] 327 * 328 * during the header composing process, "m" points to IPv6 header. 329 * "mprev" points to an extension header prior to esp. 330 */ 331 u_char *nexthdrp = &ip6->ip6_nxt; 332 mprev = m; 333 334 /* 335 * we treat dest2 specially. this makes IPsec processing 336 * much easier. the goal here is to make mprev point the 337 * mbuf prior to dest2. 338 * 339 * result: IPv6 dest2 payload 340 * m and mprev will point to IPv6 header. 341 */ 342 if (exthdrs.ip6e_dest2) { 343 if (!hdrsplit) 344 panic("assumption failed: hdr not split"); 345 exthdrs.ip6e_dest2->m_next = m->m_next; 346 m->m_next = exthdrs.ip6e_dest2; 347 *mtod(exthdrs.ip6e_dest2, u_char *) = ip6->ip6_nxt; 348 ip6->ip6_nxt = IPPROTO_DSTOPTS; 349 } 350 351 /* 352 * result: IPv6 hbh dest1 rthdr dest2 payload 353 * m will point to IPv6 header. mprev will point to the 354 * extension header prior to dest2 (rthdr in the above case). 355 */ 356 MAKE_CHAIN(exthdrs.ip6e_hbh, mprev, nexthdrp, IPPROTO_HOPOPTS); 357 MAKE_CHAIN(exthdrs.ip6e_dest1, mprev, nexthdrp, 358 IPPROTO_DSTOPTS); 359 MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev, nexthdrp, 360 IPPROTO_ROUTING); 361 362 #ifdef IPSEC 363 if (!needipsec) 364 goto skip_ipsec2; 365 366 /* 367 * pointers after IPsec headers are not valid any more. 368 * other pointers need a great care too. 369 * (IPsec routines should not mangle mbufs prior to AH/ESP) 370 */ 371 exthdrs.ip6e_dest2 = NULL; 372 373 if (exthdrs.ip6e_rthdr) { 374 rh = mtod(exthdrs.ip6e_rthdr, struct ip6_rthdr *); 375 segleft_org = rh->ip6r_segleft; 376 rh->ip6r_segleft = 0; 377 } 378 379 bzero(&state, sizeof(state)); 380 state.m = m; 381 error = ipsec6_output_trans(&state, nexthdrp, mprev, sp, flags, 382 &needipsectun); 383 m = state.m; 384 if (error) { 385 /* mbuf is already reclaimed in ipsec6_output_trans. */ 386 m = NULL; 387 switch (error) { 388 case EHOSTUNREACH: 389 case ENETUNREACH: 390 case EMSGSIZE: 391 case ENOBUFS: 392 case ENOMEM: 393 break; 394 default: 395 printf("ip6_output (ipsec): error code %d\n", error); 396 /* FALLTHROUGH */ 397 case ENOENT: 398 /* don't show these error codes to the user */ 399 error = 0; 400 break; 401 } 402 goto bad; 403 } else if (!needipsectun) { 404 /* 405 * In the FAST IPSec case we have already 406 * re-injected the packet and it has been freed 407 * by the ipsec_done() function. So, just clean 408 * up after ourselves. 409 */ 410 m = NULL; 411 goto done; 412 } 413 if (exthdrs.ip6e_rthdr) { 414 /* ah6_output doesn't modify mbuf chain */ 415 rh->ip6r_segleft = segleft_org; 416 } 417 skip_ipsec2:; 418 #endif /* IPSEC */ 419 420 /* 421 * If there is a routing header, replace the destination address field 422 * with the first hop of the routing header. 423 */ 424 if (exthdrs.ip6e_rthdr) { 425 struct ip6_rthdr *rh = 426 (struct ip6_rthdr *)(mtod(exthdrs.ip6e_rthdr, 427 struct ip6_rthdr *)); 428 struct ip6_rthdr0 *rh0; 429 struct in6_addr *addr; 430 struct sockaddr_in6 sa; 431 432 switch (rh->ip6r_type) { 433 case IPV6_RTHDR_TYPE_0: 434 rh0 = (struct ip6_rthdr0 *)rh; 435 addr = (struct in6_addr *)(rh0 + 1); 436 437 /* 438 * construct a sockaddr_in6 form of 439 * the first hop. 440 * 441 * XXX: we may not have enough 442 * information about its scope zone; 443 * there is no standard API to pass 444 * the information from the 445 * application. 446 */ 447 bzero(&sa, sizeof(sa)); 448 sa.sin6_family = AF_INET6; 449 sa.sin6_len = sizeof(sa); 450 sa.sin6_addr = addr[0]; 451 if ((error = sa6_embedscope(&sa, 452 ip6_use_defzone)) != 0) { 453 goto bad; 454 } 455 ip6->ip6_dst = sa.sin6_addr; 456 bcopy(&addr[1], &addr[0], sizeof(struct in6_addr) 457 * (rh0->ip6r0_segleft - 1)); 458 addr[rh0->ip6r0_segleft - 1] = finaldst; 459 /* XXX */ 460 in6_clearscope(addr + rh0->ip6r0_segleft - 1); 461 break; 462 default: /* is it possible? */ 463 error = EINVAL; 464 goto bad; 465 } 466 } 467 468 /* Source address validation */ 469 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) && 470 (flags & IPV6_UNSPECSRC) == 0) { 471 error = EOPNOTSUPP; 472 ip6stat.ip6s_badscope++; 473 goto bad; 474 } 475 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) { 476 error = EOPNOTSUPP; 477 ip6stat.ip6s_badscope++; 478 goto bad; 479 } 480 481 ip6stat.ip6s_localout++; 482 483 /* 484 * Route packet. 485 */ 486 if (ro == 0) { 487 ro = &ip6route; 488 bzero((caddr_t)ro, sizeof(*ro)); 489 } 490 ro_pmtu = ro; 491 if (opt && opt->ip6po_rthdr) 492 ro = &opt->ip6po_route; 493 dst = (struct sockaddr_in6 *)&ro->ro_dst; 494 495 again: 496 /* 497 * if specified, try to fill in the traffic class field. 498 * do not override if a non-zero value is already set. 499 * we check the diffserv field and the ecn field separately. 500 */ 501 if (opt && opt->ip6po_tclass >= 0) { 502 int mask = 0; 503 504 if ((ip6->ip6_flow & htonl(0xfc << 20)) == 0) 505 mask |= 0xfc; 506 if ((ip6->ip6_flow & htonl(0x03 << 20)) == 0) 507 mask |= 0x03; 508 if (mask != 0) 509 ip6->ip6_flow |= htonl((opt->ip6po_tclass & mask) << 20); 510 } 511 512 /* fill in or override the hop limit field, if necessary. */ 513 if (opt && opt->ip6po_hlim != -1) 514 ip6->ip6_hlim = opt->ip6po_hlim & 0xff; 515 else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 516 if (im6o != NULL) 517 ip6->ip6_hlim = im6o->im6o_multicast_hlim; 518 else 519 ip6->ip6_hlim = ip6_defmcasthlim; 520 } 521 522 #ifdef IPSEC 523 /* 524 * We may re-inject packets into the stack here. 525 */ 526 if (needipsec && needipsectun) { 527 struct ipsec_output_state state; 528 529 /* 530 * All the extension headers will become inaccessible 531 * (since they can be encrypted). 532 * Don't panic, we need no more updates to extension headers 533 * on inner IPv6 packet (since they are now encapsulated). 534 * 535 * IPv6 [ESP|AH] IPv6 [extension headers] payload 536 */ 537 bzero(&exthdrs, sizeof(exthdrs)); 538 exthdrs.ip6e_ip6 = m; 539 540 bzero(&state, sizeof(state)); 541 state.m = m; 542 state.ro = (struct route *)ro; 543 state.dst = (struct sockaddr *)dst; 544 545 error = ipsec6_output_tunnel(&state, sp, flags); 546 547 m = state.m; 548 ro = (struct route_in6 *)state.ro; 549 dst = (struct sockaddr_in6 *)state.dst; 550 if (error) { 551 /* mbuf is already reclaimed in ipsec6_output_tunnel. */ 552 m0 = m = NULL; 553 m = NULL; 554 switch (error) { 555 case EHOSTUNREACH: 556 case ENETUNREACH: 557 case EMSGSIZE: 558 case ENOBUFS: 559 case ENOMEM: 560 break; 561 default: 562 printf("ip6_output (ipsec): error code %d\n", error); 563 /* FALLTHROUGH */ 564 case ENOENT: 565 /* don't show these error codes to the user */ 566 error = 0; 567 break; 568 } 569 goto bad; 570 } else { 571 /* 572 * In the FAST IPSec case we have already 573 * re-injected the packet and it has been freed 574 * by the ipsec_done() function. So, just clean 575 * up after ourselves. 576 */ 577 m = NULL; 578 goto done; 579 } 580 581 exthdrs.ip6e_ip6 = m; 582 } 583 #endif /* IPSEC */ 584 585 /* adjust pointer */ 586 ip6 = mtod(m, struct ip6_hdr *); 587 588 bzero(&dst_sa, sizeof(dst_sa)); 589 dst_sa.sin6_family = AF_INET6; 590 dst_sa.sin6_len = sizeof(dst_sa); 591 dst_sa.sin6_addr = ip6->ip6_dst; 592 if ((error = in6_selectroute(&dst_sa, opt, im6o, ro, 593 &ifp, &rt, 0)) != 0) { 594 switch (error) { 595 case EHOSTUNREACH: 596 ip6stat.ip6s_noroute++; 597 break; 598 case EADDRNOTAVAIL: 599 default: 600 break; /* XXX statistics? */ 601 } 602 if (ifp != NULL) 603 in6_ifstat_inc(ifp, ifs6_out_discard); 604 goto bad; 605 } 606 if (rt == NULL) { 607 /* 608 * If in6_selectroute() does not return a route entry, 609 * dst may not have been updated. 610 */ 611 *dst = dst_sa; /* XXX */ 612 } 613 614 /* 615 * then rt (for unicast) and ifp must be non-NULL valid values. 616 */ 617 if ((flags & IPV6_FORWARDING) == 0) { 618 /* XXX: the FORWARDING flag can be set for mrouting. */ 619 in6_ifstat_inc(ifp, ifs6_out_request); 620 } 621 if (rt != NULL) { 622 ia = (struct in6_ifaddr *)(rt->rt_ifa); 623 rt->rt_use++; 624 } 625 626 /* 627 * The outgoing interface must be in the zone of source and 628 * destination addresses. We should use ia_ifp to support the 629 * case of sending packets to an address of our own. 630 */ 631 if (ia != NULL && ia->ia_ifp) 632 origifp = ia->ia_ifp; 633 else 634 origifp = ifp; 635 636 src0 = ip6->ip6_src; 637 if (in6_setscope(&src0, origifp, &zone)) 638 goto badscope; 639 bzero(&src_sa, sizeof(src_sa)); 640 src_sa.sin6_family = AF_INET6; 641 src_sa.sin6_len = sizeof(src_sa); 642 src_sa.sin6_addr = ip6->ip6_src; 643 if (sa6_recoverscope(&src_sa) || zone != src_sa.sin6_scope_id) 644 goto badscope; 645 646 dst0 = ip6->ip6_dst; 647 if (in6_setscope(&dst0, origifp, &zone)) 648 goto badscope; 649 /* re-initialize to be sure */ 650 bzero(&dst_sa, sizeof(dst_sa)); 651 dst_sa.sin6_family = AF_INET6; 652 dst_sa.sin6_len = sizeof(dst_sa); 653 dst_sa.sin6_addr = ip6->ip6_dst; 654 if (sa6_recoverscope(&dst_sa) || zone != dst_sa.sin6_scope_id) { 655 goto badscope; 656 } 657 658 /* scope check is done. */ 659 goto routefound; 660 661 badscope: 662 ip6stat.ip6s_badscope++; 663 in6_ifstat_inc(origifp, ifs6_out_discard); 664 if (error == 0) 665 error = EHOSTUNREACH; /* XXX */ 666 goto bad; 667 668 routefound: 669 if (rt && !IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 670 if (opt && opt->ip6po_nextroute.ro_rt) { 671 /* 672 * The nexthop is explicitly specified by the 673 * application. We assume the next hop is an IPv6 674 * address. 675 */ 676 dst = (struct sockaddr_in6 *)opt->ip6po_nexthop; 677 } 678 else if ((rt->rt_flags & RTF_GATEWAY)) 679 dst = (struct sockaddr_in6 *)rt->rt_gateway; 680 } 681 682 if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { 683 m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */ 684 } else { 685 struct in6_multi *in6m; 686 687 m->m_flags = (m->m_flags & ~M_BCAST) | M_MCAST; 688 689 in6_ifstat_inc(ifp, ifs6_out_mcast); 690 691 /* 692 * Confirm that the outgoing interface supports multicast. 693 */ 694 if (!(ifp->if_flags & IFF_MULTICAST)) { 695 ip6stat.ip6s_noroute++; 696 in6_ifstat_inc(ifp, ifs6_out_discard); 697 error = ENETUNREACH; 698 goto bad; 699 } 700 IN6_LOOKUP_MULTI(ip6->ip6_dst, ifp, in6m); 701 if (in6m != NULL && 702 (im6o == NULL || im6o->im6o_multicast_loop)) { 703 /* 704 * If we belong to the destination multicast group 705 * on the outgoing interface, and the caller did not 706 * forbid loopback, loop back a copy. 707 */ 708 ip6_mloopback(ifp, m, dst); 709 } else { 710 /* 711 * If we are acting as a multicast router, perform 712 * multicast forwarding as if the packet had just 713 * arrived on the interface to which we are about 714 * to send. The multicast forwarding function 715 * recursively calls this function, using the 716 * IPV6_FORWARDING flag to prevent infinite recursion. 717 * 718 * Multicasts that are looped back by ip6_mloopback(), 719 * above, will be forwarded by the ip6_input() routine, 720 * if necessary. 721 */ 722 if (ip6_mrouter && (flags & IPV6_FORWARDING) == 0) { 723 /* 724 * XXX: ip6_mforward expects that rcvif is NULL 725 * when it is called from the originating path. 726 * However, it is not always the case, since 727 * some versions of MGETHDR() does not 728 * initialize the field. 729 */ 730 m->m_pkthdr.rcvif = NULL; 731 if (ip6_mforward(ip6, ifp, m) != 0) { 732 m_freem(m); 733 goto done; 734 } 735 } 736 } 737 /* 738 * Multicasts with a hoplimit of zero may be looped back, 739 * above, but must not be transmitted on a network. 740 * Also, multicasts addressed to the loopback interface 741 * are not sent -- the above call to ip6_mloopback() will 742 * loop back a copy if this host actually belongs to the 743 * destination group on the loopback interface. 744 */ 745 if (ip6->ip6_hlim == 0 || (ifp->if_flags & IFF_LOOPBACK) || 746 IN6_IS_ADDR_MC_INTFACELOCAL(&ip6->ip6_dst)) { 747 m_freem(m); 748 goto done; 749 } 750 } 751 752 /* 753 * Fill the outgoing inteface to tell the upper layer 754 * to increment per-interface statistics. 755 */ 756 if (ifpp) 757 *ifpp = ifp; 758 759 /* Determine path MTU. */ 760 if ((error = ip6_getpmtu(ro_pmtu, ro, ifp, &finaldst, &mtu, 761 &alwaysfrag)) != 0) 762 goto bad; 763 764 /* 765 * The caller of this function may specify to use the minimum MTU 766 * in some cases. 767 * An advanced API option (IPV6_USE_MIN_MTU) can also override MTU 768 * setting. The logic is a bit complicated; by default, unicast 769 * packets will follow path MTU while multicast packets will be sent at 770 * the minimum MTU. If IP6PO_MINMTU_ALL is specified, all packets 771 * including unicast ones will be sent at the minimum MTU. Multicast 772 * packets will always be sent at the minimum MTU unless 773 * IP6PO_MINMTU_DISABLE is explicitly specified. 774 * See RFC 3542 for more details. 775 */ 776 if (mtu > IPV6_MMTU) { 777 if ((flags & IPV6_MINMTU)) 778 mtu = IPV6_MMTU; 779 else if (opt && opt->ip6po_minmtu == IP6PO_MINMTU_ALL) 780 mtu = IPV6_MMTU; 781 else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) && 782 (opt == NULL || 783 opt->ip6po_minmtu != IP6PO_MINMTU_DISABLE)) { 784 mtu = IPV6_MMTU; 785 } 786 } 787 788 /* 789 * clear embedded scope identifiers if necessary. 790 * in6_clearscope will touch the addresses only when necessary. 791 */ 792 in6_clearscope(&ip6->ip6_src); 793 in6_clearscope(&ip6->ip6_dst); 794 795 /* 796 * If the outgoing packet contains a hop-by-hop options header, 797 * it must be examined and processed even by the source node. 798 * (RFC 2460, section 4.) 799 */ 800 if (exthdrs.ip6e_hbh) { 801 struct ip6_hbh *hbh = mtod(exthdrs.ip6e_hbh, struct ip6_hbh *); 802 u_int32_t dummy; /* XXX unused */ 803 u_int32_t plen = 0; /* XXX: ip6_process will check the value */ 804 805 #ifdef DIAGNOSTIC 806 if ((hbh->ip6h_len + 1) << 3 > exthdrs.ip6e_hbh->m_len) 807 panic("ip6e_hbh is not continuous"); 808 #endif 809 /* 810 * XXX: if we have to send an ICMPv6 error to the sender, 811 * we need the M_LOOP flag since icmp6_error() expects 812 * the IPv6 and the hop-by-hop options header are 813 * continuous unless the flag is set. 814 */ 815 m->m_flags |= M_LOOP; 816 m->m_pkthdr.rcvif = ifp; 817 if (ip6_process_hopopts(m, (u_int8_t *)(hbh + 1), 818 ((hbh->ip6h_len + 1) << 3) - sizeof(struct ip6_hbh), 819 &dummy, &plen) < 0) { 820 /* m was already freed at this point */ 821 error = EINVAL;/* better error? */ 822 goto done; 823 } 824 m->m_flags &= ~M_LOOP; /* XXX */ 825 m->m_pkthdr.rcvif = NULL; 826 } 827 828 /* Jump over all PFIL processing if hooks are not active. */ 829 if (!PFIL_HOOKED(&inet6_pfil_hook)) 830 goto passout; 831 832 odst = ip6->ip6_dst; 833 /* Run through list of hooks for output packets. */ 834 error = pfil_run_hooks(&inet6_pfil_hook, &m, ifp, PFIL_OUT, inp); 835 if (error != 0 || m == NULL) 836 goto done; 837 ip6 = mtod(m, struct ip6_hdr *); 838 839 /* See if destination IP address was changed by packet filter. */ 840 if (!IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst)) { 841 m->m_flags |= M_SKIP_FIREWALL; 842 /* If destination is now ourself drop to ip6_input(). */ 843 if (in6_localaddr(&ip6->ip6_dst)) { 844 if (m->m_pkthdr.rcvif == NULL) 845 m->m_pkthdr.rcvif = loif; 846 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 847 m->m_pkthdr.csum_flags |= 848 CSUM_DATA_VALID | CSUM_PSEUDO_HDR; 849 m->m_pkthdr.csum_data = 0xffff; 850 } 851 m->m_pkthdr.csum_flags |= 852 CSUM_IP_CHECKED | CSUM_IP_VALID; 853 error = netisr_queue(NETISR_IPV6, m); 854 goto done; 855 } else 856 goto again; /* Redo the routing table lookup. */ 857 } 858 859 /* XXX: IPFIREWALL_FORWARD */ 860 861 passout: 862 /* 863 * Send the packet to the outgoing interface. 864 * If necessary, do IPv6 fragmentation before sending. 865 * 866 * the logic here is rather complex: 867 * 1: normal case (dontfrag == 0, alwaysfrag == 0) 868 * 1-a: send as is if tlen <= path mtu 869 * 1-b: fragment if tlen > path mtu 870 * 871 * 2: if user asks us not to fragment (dontfrag == 1) 872 * 2-a: send as is if tlen <= interface mtu 873 * 2-b: error if tlen > interface mtu 874 * 875 * 3: if we always need to attach fragment header (alwaysfrag == 1) 876 * always fragment 877 * 878 * 4: if dontfrag == 1 && alwaysfrag == 1 879 * error, as we cannot handle this conflicting request 880 */ 881 tlen = m->m_pkthdr.len; 882 883 if (opt && (opt->ip6po_flags & IP6PO_DONTFRAG)) 884 dontfrag = 1; 885 else 886 dontfrag = 0; 887 if (dontfrag && alwaysfrag) { /* case 4 */ 888 /* conflicting request - can't transmit */ 889 error = EMSGSIZE; 890 goto bad; 891 } 892 if (dontfrag && tlen > IN6_LINKMTU(ifp)) { /* case 2-b */ 893 /* 894 * Even if the DONTFRAG option is specified, we cannot send the 895 * packet when the data length is larger than the MTU of the 896 * outgoing interface. 897 * Notify the error by sending IPV6_PATHMTU ancillary data as 898 * well as returning an error code (the latter is not described 899 * in the API spec.) 900 */ 901 u_int32_t mtu32; 902 struct ip6ctlparam ip6cp; 903 904 mtu32 = (u_int32_t)mtu; 905 bzero(&ip6cp, sizeof(ip6cp)); 906 ip6cp.ip6c_cmdarg = (void *)&mtu32; 907 pfctlinput2(PRC_MSGSIZE, (struct sockaddr *)&ro_pmtu->ro_dst, 908 (void *)&ip6cp); 909 910 error = EMSGSIZE; 911 goto bad; 912 } 913 914 /* 915 * transmit packet without fragmentation 916 */ 917 if (dontfrag || (!alwaysfrag && tlen <= mtu)) { /* case 1-a and 2-a */ 918 struct in6_ifaddr *ia6; 919 920 ip6 = mtod(m, struct ip6_hdr *); 921 ia6 = in6_ifawithifp(ifp, &ip6->ip6_src); 922 if (ia6) { 923 /* Record statistics for this interface address. */ 924 ia6->ia_ifa.if_opackets++; 925 ia6->ia_ifa.if_obytes += m->m_pkthdr.len; 926 } 927 error = nd6_output(ifp, origifp, m, dst, ro->ro_rt); 928 goto done; 929 } 930 931 /* 932 * try to fragment the packet. case 1-b and 3 933 */ 934 if (mtu < IPV6_MMTU) { 935 /* path MTU cannot be less than IPV6_MMTU */ 936 error = EMSGSIZE; 937 in6_ifstat_inc(ifp, ifs6_out_fragfail); 938 goto bad; 939 } else if (ip6->ip6_plen == 0) { 940 /* jumbo payload cannot be fragmented */ 941 error = EMSGSIZE; 942 in6_ifstat_inc(ifp, ifs6_out_fragfail); 943 goto bad; 944 } else { 945 struct mbuf **mnext, *m_frgpart; 946 struct ip6_frag *ip6f; 947 u_int32_t id = htonl(ip6_randomid()); 948 u_char nextproto; 949 950 int qslots = ifp->if_snd.ifq_maxlen - ifp->if_snd.ifq_len; 951 952 /* 953 * Too large for the destination or interface; 954 * fragment if possible. 955 * Must be able to put at least 8 bytes per fragment. 956 */ 957 hlen = unfragpartlen; 958 if (mtu > IPV6_MAXPACKET) 959 mtu = IPV6_MAXPACKET; 960 961 len = (mtu - hlen - sizeof(struct ip6_frag)) & ~7; 962 if (len < 8) { 963 error = EMSGSIZE; 964 in6_ifstat_inc(ifp, ifs6_out_fragfail); 965 goto bad; 966 } 967 968 /* 969 * Verify that we have any chance at all of being able to queue 970 * the packet or packet fragments 971 */ 972 if (qslots <= 0 || ((u_int)qslots * (mtu - hlen) 973 < tlen /* - hlen */)) { 974 error = ENOBUFS; 975 ip6stat.ip6s_odropped++; 976 goto bad; 977 } 978 979 mnext = &m->m_nextpkt; 980 981 /* 982 * Change the next header field of the last header in the 983 * unfragmentable part. 984 */ 985 if (exthdrs.ip6e_rthdr) { 986 nextproto = *mtod(exthdrs.ip6e_rthdr, u_char *); 987 *mtod(exthdrs.ip6e_rthdr, u_char *) = IPPROTO_FRAGMENT; 988 } else if (exthdrs.ip6e_dest1) { 989 nextproto = *mtod(exthdrs.ip6e_dest1, u_char *); 990 *mtod(exthdrs.ip6e_dest1, u_char *) = IPPROTO_FRAGMENT; 991 } else if (exthdrs.ip6e_hbh) { 992 nextproto = *mtod(exthdrs.ip6e_hbh, u_char *); 993 *mtod(exthdrs.ip6e_hbh, u_char *) = IPPROTO_FRAGMENT; 994 } else { 995 nextproto = ip6->ip6_nxt; 996 ip6->ip6_nxt = IPPROTO_FRAGMENT; 997 } 998 999 /* 1000 * Loop through length of segment after first fragment, 1001 * make new header and copy data of each part and link onto 1002 * chain. 1003 */ 1004 m0 = m; 1005 for (off = hlen; off < tlen; off += len) { 1006 MGETHDR(m, M_DONTWAIT, MT_HEADER); 1007 if (!m) { 1008 error = ENOBUFS; 1009 ip6stat.ip6s_odropped++; 1010 goto sendorfree; 1011 } 1012 m->m_pkthdr.rcvif = NULL; 1013 m->m_flags = m0->m_flags & M_COPYFLAGS; 1014 *mnext = m; 1015 mnext = &m->m_nextpkt; 1016 m->m_data += max_linkhdr; 1017 mhip6 = mtod(m, struct ip6_hdr *); 1018 *mhip6 = *ip6; 1019 m->m_len = sizeof(*mhip6); 1020 error = ip6_insertfraghdr(m0, m, hlen, &ip6f); 1021 if (error) { 1022 ip6stat.ip6s_odropped++; 1023 goto sendorfree; 1024 } 1025 ip6f->ip6f_offlg = htons((u_short)((off - hlen) & ~7)); 1026 if (off + len >= tlen) 1027 len = tlen - off; 1028 else 1029 ip6f->ip6f_offlg |= IP6F_MORE_FRAG; 1030 mhip6->ip6_plen = htons((u_short)(len + hlen + 1031 sizeof(*ip6f) - sizeof(struct ip6_hdr))); 1032 if ((m_frgpart = m_copy(m0, off, len)) == 0) { 1033 error = ENOBUFS; 1034 ip6stat.ip6s_odropped++; 1035 goto sendorfree; 1036 } 1037 m_cat(m, m_frgpart); 1038 m->m_pkthdr.len = len + hlen + sizeof(*ip6f); 1039 m->m_pkthdr.rcvif = NULL; 1040 ip6f->ip6f_reserved = 0; 1041 ip6f->ip6f_ident = id; 1042 ip6f->ip6f_nxt = nextproto; 1043 ip6stat.ip6s_ofragments++; 1044 in6_ifstat_inc(ifp, ifs6_out_fragcreat); 1045 } 1046 1047 in6_ifstat_inc(ifp, ifs6_out_fragok); 1048 } 1049 1050 /* 1051 * Remove leading garbages. 1052 */ 1053 sendorfree: 1054 m = m0->m_nextpkt; 1055 m0->m_nextpkt = 0; 1056 m_freem(m0); 1057 for (m0 = m; m; m = m0) { 1058 m0 = m->m_nextpkt; 1059 m->m_nextpkt = 0; 1060 if (error == 0) { 1061 /* Record statistics for this interface address. */ 1062 if (ia) { 1063 ia->ia_ifa.if_opackets++; 1064 ia->ia_ifa.if_obytes += m->m_pkthdr.len; 1065 } 1066 error = nd6_output(ifp, origifp, m, dst, ro->ro_rt); 1067 } else 1068 m_freem(m); 1069 } 1070 1071 if (error == 0) 1072 ip6stat.ip6s_fragmented++; 1073 1074 done: 1075 if (ro == &ip6route && ro->ro_rt) { /* brace necessary for RTFREE */ 1076 RTFREE(ro->ro_rt); 1077 } else if (ro_pmtu == &ip6route && ro_pmtu->ro_rt) { 1078 RTFREE(ro_pmtu->ro_rt); 1079 } 1080 1081 return (error); 1082 1083 freehdrs: 1084 m_freem(exthdrs.ip6e_hbh); /* m_freem will check if mbuf is 0 */ 1085 m_freem(exthdrs.ip6e_dest1); 1086 m_freem(exthdrs.ip6e_rthdr); 1087 m_freem(exthdrs.ip6e_dest2); 1088 /* FALLTHROUGH */ 1089 bad: 1090 if (m) 1091 m_freem(m); 1092 goto done; 1093 } 1094 1095 static int 1096 ip6_copyexthdr(struct mbuf **mp, caddr_t hdr, int hlen) 1097 { 1098 struct mbuf *m; 1099 1100 if (hlen > MCLBYTES) 1101 return (ENOBUFS); /* XXX */ 1102 1103 MGET(m, M_DONTWAIT, MT_DATA); 1104 if (!m) 1105 return (ENOBUFS); 1106 1107 if (hlen > MLEN) { 1108 MCLGET(m, M_DONTWAIT); 1109 if ((m->m_flags & M_EXT) == 0) { 1110 m_free(m); 1111 return (ENOBUFS); 1112 } 1113 } 1114 m->m_len = hlen; 1115 if (hdr) 1116 bcopy(hdr, mtod(m, caddr_t), hlen); 1117 1118 *mp = m; 1119 return (0); 1120 } 1121 1122 /* 1123 * Insert jumbo payload option. 1124 */ 1125 static int 1126 ip6_insert_jumboopt(struct ip6_exthdrs *exthdrs, u_int32_t plen) 1127 { 1128 struct mbuf *mopt; 1129 u_char *optbuf; 1130 u_int32_t v; 1131 1132 #define JUMBOOPTLEN 8 /* length of jumbo payload option and padding */ 1133 1134 /* 1135 * If there is no hop-by-hop options header, allocate new one. 1136 * If there is one but it doesn't have enough space to store the 1137 * jumbo payload option, allocate a cluster to store the whole options. 1138 * Otherwise, use it to store the options. 1139 */ 1140 if (exthdrs->ip6e_hbh == 0) { 1141 MGET(mopt, M_DONTWAIT, MT_DATA); 1142 if (mopt == 0) 1143 return (ENOBUFS); 1144 mopt->m_len = JUMBOOPTLEN; 1145 optbuf = mtod(mopt, u_char *); 1146 optbuf[1] = 0; /* = ((JUMBOOPTLEN) >> 3) - 1 */ 1147 exthdrs->ip6e_hbh = mopt; 1148 } else { 1149 struct ip6_hbh *hbh; 1150 1151 mopt = exthdrs->ip6e_hbh; 1152 if (M_TRAILINGSPACE(mopt) < JUMBOOPTLEN) { 1153 /* 1154 * XXX assumption: 1155 * - exthdrs->ip6e_hbh is not referenced from places 1156 * other than exthdrs. 1157 * - exthdrs->ip6e_hbh is not an mbuf chain. 1158 */ 1159 int oldoptlen = mopt->m_len; 1160 struct mbuf *n; 1161 1162 /* 1163 * XXX: give up if the whole (new) hbh header does 1164 * not fit even in an mbuf cluster. 1165 */ 1166 if (oldoptlen + JUMBOOPTLEN > MCLBYTES) 1167 return (ENOBUFS); 1168 1169 /* 1170 * As a consequence, we must always prepare a cluster 1171 * at this point. 1172 */ 1173 MGET(n, M_DONTWAIT, MT_DATA); 1174 if (n) { 1175 MCLGET(n, M_DONTWAIT); 1176 if ((n->m_flags & M_EXT) == 0) { 1177 m_freem(n); 1178 n = NULL; 1179 } 1180 } 1181 if (!n) 1182 return (ENOBUFS); 1183 n->m_len = oldoptlen + JUMBOOPTLEN; 1184 bcopy(mtod(mopt, caddr_t), mtod(n, caddr_t), 1185 oldoptlen); 1186 optbuf = mtod(n, caddr_t) + oldoptlen; 1187 m_freem(mopt); 1188 mopt = exthdrs->ip6e_hbh = n; 1189 } else { 1190 optbuf = mtod(mopt, u_char *) + mopt->m_len; 1191 mopt->m_len += JUMBOOPTLEN; 1192 } 1193 optbuf[0] = IP6OPT_PADN; 1194 optbuf[1] = 1; 1195 1196 /* 1197 * Adjust the header length according to the pad and 1198 * the jumbo payload option. 1199 */ 1200 hbh = mtod(mopt, struct ip6_hbh *); 1201 hbh->ip6h_len += (JUMBOOPTLEN >> 3); 1202 } 1203 1204 /* fill in the option. */ 1205 optbuf[2] = IP6OPT_JUMBO; 1206 optbuf[3] = 4; 1207 v = (u_int32_t)htonl(plen + JUMBOOPTLEN); 1208 bcopy(&v, &optbuf[4], sizeof(u_int32_t)); 1209 1210 /* finally, adjust the packet header length */ 1211 exthdrs->ip6e_ip6->m_pkthdr.len += JUMBOOPTLEN; 1212 1213 return (0); 1214 #undef JUMBOOPTLEN 1215 } 1216 1217 /* 1218 * Insert fragment header and copy unfragmentable header portions. 1219 */ 1220 static int 1221 ip6_insertfraghdr(struct mbuf *m0, struct mbuf *m, int hlen, 1222 struct ip6_frag **frghdrp) 1223 { 1224 struct mbuf *n, *mlast; 1225 1226 if (hlen > sizeof(struct ip6_hdr)) { 1227 n = m_copym(m0, sizeof(struct ip6_hdr), 1228 hlen - sizeof(struct ip6_hdr), M_DONTWAIT); 1229 if (n == 0) 1230 return (ENOBUFS); 1231 m->m_next = n; 1232 } else 1233 n = m; 1234 1235 /* Search for the last mbuf of unfragmentable part. */ 1236 for (mlast = n; mlast->m_next; mlast = mlast->m_next) 1237 ; 1238 1239 if ((mlast->m_flags & M_EXT) == 0 && 1240 M_TRAILINGSPACE(mlast) >= sizeof(struct ip6_frag)) { 1241 /* use the trailing space of the last mbuf for the fragment hdr */ 1242 *frghdrp = (struct ip6_frag *)(mtod(mlast, caddr_t) + 1243 mlast->m_len); 1244 mlast->m_len += sizeof(struct ip6_frag); 1245 m->m_pkthdr.len += sizeof(struct ip6_frag); 1246 } else { 1247 /* allocate a new mbuf for the fragment header */ 1248 struct mbuf *mfrg; 1249 1250 MGET(mfrg, M_DONTWAIT, MT_DATA); 1251 if (mfrg == 0) 1252 return (ENOBUFS); 1253 mfrg->m_len = sizeof(struct ip6_frag); 1254 *frghdrp = mtod(mfrg, struct ip6_frag *); 1255 mlast->m_next = mfrg; 1256 } 1257 1258 return (0); 1259 } 1260 1261 static int 1262 ip6_getpmtu(struct route_in6 *ro_pmtu, struct route_in6 *ro, 1263 struct ifnet *ifp, struct in6_addr *dst, u_long *mtup, 1264 int *alwaysfragp) 1265 { 1266 u_int32_t mtu = 0; 1267 int alwaysfrag = 0; 1268 int error = 0; 1269 1270 if (ro_pmtu != ro) { 1271 /* The first hop and the final destination may differ. */ 1272 struct sockaddr_in6 *sa6_dst = 1273 (struct sockaddr_in6 *)&ro_pmtu->ro_dst; 1274 if (ro_pmtu->ro_rt && 1275 ((ro_pmtu->ro_rt->rt_flags & RTF_UP) == 0 || 1276 !IN6_ARE_ADDR_EQUAL(&sa6_dst->sin6_addr, dst))) { 1277 RTFREE(ro_pmtu->ro_rt); 1278 ro_pmtu->ro_rt = (struct rtentry *)NULL; 1279 } 1280 if (ro_pmtu->ro_rt == NULL) { 1281 bzero(sa6_dst, sizeof(*sa6_dst)); 1282 sa6_dst->sin6_family = AF_INET6; 1283 sa6_dst->sin6_len = sizeof(struct sockaddr_in6); 1284 sa6_dst->sin6_addr = *dst; 1285 1286 rtalloc((struct route *)ro_pmtu); 1287 } 1288 } 1289 if (ro_pmtu->ro_rt) { 1290 u_int32_t ifmtu; 1291 struct in_conninfo inc; 1292 1293 bzero(&inc, sizeof(inc)); 1294 inc.inc_flags = 1; /* IPv6 */ 1295 inc.inc6_faddr = *dst; 1296 1297 if (ifp == NULL) 1298 ifp = ro_pmtu->ro_rt->rt_ifp; 1299 ifmtu = IN6_LINKMTU(ifp); 1300 mtu = tcp_hc_getmtu(&inc); 1301 if (mtu) 1302 mtu = min(mtu, ro_pmtu->ro_rt->rt_rmx.rmx_mtu); 1303 else 1304 mtu = ro_pmtu->ro_rt->rt_rmx.rmx_mtu; 1305 if (mtu == 0) 1306 mtu = ifmtu; 1307 else if (mtu < IPV6_MMTU) { 1308 /* 1309 * RFC2460 section 5, last paragraph: 1310 * if we record ICMPv6 too big message with 1311 * mtu < IPV6_MMTU, transmit packets sized IPV6_MMTU 1312 * or smaller, with framgent header attached. 1313 * (fragment header is needed regardless from the 1314 * packet size, for translators to identify packets) 1315 */ 1316 alwaysfrag = 1; 1317 mtu = IPV6_MMTU; 1318 } else if (mtu > ifmtu) { 1319 /* 1320 * The MTU on the route is larger than the MTU on 1321 * the interface! This shouldn't happen, unless the 1322 * MTU of the interface has been changed after the 1323 * interface was brought up. Change the MTU in the 1324 * route to match the interface MTU (as long as the 1325 * field isn't locked). 1326 */ 1327 mtu = ifmtu; 1328 ro_pmtu->ro_rt->rt_rmx.rmx_mtu = mtu; 1329 } 1330 } else if (ifp) { 1331 mtu = IN6_LINKMTU(ifp); 1332 } else 1333 error = EHOSTUNREACH; /* XXX */ 1334 1335 *mtup = mtu; 1336 if (alwaysfragp) 1337 *alwaysfragp = alwaysfrag; 1338 return (error); 1339 } 1340 1341 /* 1342 * IP6 socket option processing. 1343 */ 1344 int 1345 ip6_ctloutput(struct socket *so, struct sockopt *sopt) 1346 { 1347 int privileged, optdatalen, uproto; 1348 void *optdata; 1349 struct inpcb *in6p = sotoinpcb(so); 1350 int error, optval; 1351 int level, op, optname; 1352 int optlen; 1353 struct thread *td; 1354 1355 if (sopt) { 1356 level = sopt->sopt_level; 1357 op = sopt->sopt_dir; 1358 optname = sopt->sopt_name; 1359 optlen = sopt->sopt_valsize; 1360 td = sopt->sopt_td; 1361 } else { 1362 panic("ip6_ctloutput: arg soopt is NULL"); 1363 } 1364 error = optval = 0; 1365 1366 privileged = (td == 0 || suser(td)) ? 0 : 1; 1367 uproto = (int)so->so_proto->pr_protocol; 1368 1369 if (level == IPPROTO_IPV6) { 1370 switch (op) { 1371 1372 case SOPT_SET: 1373 switch (optname) { 1374 case IPV6_2292PKTOPTIONS: 1375 #ifdef IPV6_PKTOPTIONS 1376 case IPV6_PKTOPTIONS: 1377 #endif 1378 { 1379 struct mbuf *m; 1380 1381 error = soopt_getm(sopt, &m); /* XXX */ 1382 if (error != 0) 1383 break; 1384 error = soopt_mcopyin(sopt, m); /* XXX */ 1385 if (error != 0) 1386 break; 1387 error = ip6_pcbopts(&in6p->in6p_outputopts, 1388 m, so, sopt); 1389 m_freem(m); /* XXX */ 1390 break; 1391 } 1392 1393 /* 1394 * Use of some Hop-by-Hop options or some 1395 * Destination options, might require special 1396 * privilege. That is, normal applications 1397 * (without special privilege) might be forbidden 1398 * from setting certain options in outgoing packets, 1399 * and might never see certain options in received 1400 * packets. [RFC 2292 Section 6] 1401 * KAME specific note: 1402 * KAME prevents non-privileged users from sending or 1403 * receiving ANY hbh/dst options in order to avoid 1404 * overhead of parsing options in the kernel. 1405 */ 1406 case IPV6_RECVHOPOPTS: 1407 case IPV6_RECVDSTOPTS: 1408 case IPV6_RECVRTHDRDSTOPTS: 1409 if (!privileged) { 1410 error = EPERM; 1411 break; 1412 } 1413 /* FALLTHROUGH */ 1414 case IPV6_UNICAST_HOPS: 1415 case IPV6_HOPLIMIT: 1416 case IPV6_FAITH: 1417 1418 case IPV6_RECVPKTINFO: 1419 case IPV6_RECVHOPLIMIT: 1420 case IPV6_RECVRTHDR: 1421 case IPV6_RECVPATHMTU: 1422 case IPV6_RECVTCLASS: 1423 case IPV6_V6ONLY: 1424 case IPV6_AUTOFLOWLABEL: 1425 if (optlen != sizeof(int)) { 1426 error = EINVAL; 1427 break; 1428 } 1429 error = sooptcopyin(sopt, &optval, 1430 sizeof optval, sizeof optval); 1431 if (error) 1432 break; 1433 switch (optname) { 1434 1435 case IPV6_UNICAST_HOPS: 1436 if (optval < -1 || optval >= 256) 1437 error = EINVAL; 1438 else { 1439 /* -1 = kernel default */ 1440 in6p->in6p_hops = optval; 1441 if ((in6p->in6p_vflag & 1442 INP_IPV4) != 0) 1443 in6p->inp_ip_ttl = optval; 1444 } 1445 break; 1446 #define OPTSET(bit) \ 1447 do { \ 1448 if (optval) \ 1449 in6p->in6p_flags |= (bit); \ 1450 else \ 1451 in6p->in6p_flags &= ~(bit); \ 1452 } while (/*CONSTCOND*/ 0) 1453 #define OPTSET2292(bit) \ 1454 do { \ 1455 in6p->in6p_flags |= IN6P_RFC2292; \ 1456 if (optval) \ 1457 in6p->in6p_flags |= (bit); \ 1458 else \ 1459 in6p->in6p_flags &= ~(bit); \ 1460 } while (/*CONSTCOND*/ 0) 1461 #define OPTBIT(bit) (in6p->in6p_flags & (bit) ? 1 : 0) 1462 1463 case IPV6_RECVPKTINFO: 1464 /* cannot mix with RFC2292 */ 1465 if (OPTBIT(IN6P_RFC2292)) { 1466 error = EINVAL; 1467 break; 1468 } 1469 OPTSET(IN6P_PKTINFO); 1470 break; 1471 1472 case IPV6_HOPLIMIT: 1473 { 1474 struct ip6_pktopts **optp; 1475 1476 /* cannot mix with RFC2292 */ 1477 if (OPTBIT(IN6P_RFC2292)) { 1478 error = EINVAL; 1479 break; 1480 } 1481 optp = &in6p->in6p_outputopts; 1482 error = ip6_pcbopt(IPV6_HOPLIMIT, 1483 (u_char *)&optval, 1484 sizeof(optval), 1485 optp, 1486 privileged, uproto); 1487 break; 1488 } 1489 1490 case IPV6_RECVHOPLIMIT: 1491 /* cannot mix with RFC2292 */ 1492 if (OPTBIT(IN6P_RFC2292)) { 1493 error = EINVAL; 1494 break; 1495 } 1496 OPTSET(IN6P_HOPLIMIT); 1497 break; 1498 1499 case IPV6_RECVHOPOPTS: 1500 /* cannot mix with RFC2292 */ 1501 if (OPTBIT(IN6P_RFC2292)) { 1502 error = EINVAL; 1503 break; 1504 } 1505 OPTSET(IN6P_HOPOPTS); 1506 break; 1507 1508 case IPV6_RECVDSTOPTS: 1509 /* cannot mix with RFC2292 */ 1510 if (OPTBIT(IN6P_RFC2292)) { 1511 error = EINVAL; 1512 break; 1513 } 1514 OPTSET(IN6P_DSTOPTS); 1515 break; 1516 1517 case IPV6_RECVRTHDRDSTOPTS: 1518 /* cannot mix with RFC2292 */ 1519 if (OPTBIT(IN6P_RFC2292)) { 1520 error = EINVAL; 1521 break; 1522 } 1523 OPTSET(IN6P_RTHDRDSTOPTS); 1524 break; 1525 1526 case IPV6_RECVRTHDR: 1527 /* cannot mix with RFC2292 */ 1528 if (OPTBIT(IN6P_RFC2292)) { 1529 error = EINVAL; 1530 break; 1531 } 1532 OPTSET(IN6P_RTHDR); 1533 break; 1534 1535 case IPV6_FAITH: 1536 OPTSET(IN6P_FAITH); 1537 break; 1538 1539 case IPV6_RECVPATHMTU: 1540 /* 1541 * We ignore this option for TCP 1542 * sockets. 1543 * (RFC3542 leaves this case 1544 * unspecified.) 1545 */ 1546 if (uproto != IPPROTO_TCP) 1547 OPTSET(IN6P_MTU); 1548 break; 1549 1550 case IPV6_V6ONLY: 1551 /* 1552 * make setsockopt(IPV6_V6ONLY) 1553 * available only prior to bind(2). 1554 * see ipng mailing list, Jun 22 2001. 1555 */ 1556 if (in6p->in6p_lport || 1557 !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) { 1558 error = EINVAL; 1559 break; 1560 } 1561 OPTSET(IN6P_IPV6_V6ONLY); 1562 if (optval) 1563 in6p->in6p_vflag &= ~INP_IPV4; 1564 else 1565 in6p->in6p_vflag |= INP_IPV4; 1566 break; 1567 case IPV6_RECVTCLASS: 1568 /* cannot mix with RFC2292 XXX */ 1569 if (OPTBIT(IN6P_RFC2292)) { 1570 error = EINVAL; 1571 break; 1572 } 1573 OPTSET(IN6P_TCLASS); 1574 break; 1575 case IPV6_AUTOFLOWLABEL: 1576 OPTSET(IN6P_AUTOFLOWLABEL); 1577 break; 1578 1579 } 1580 break; 1581 1582 case IPV6_TCLASS: 1583 case IPV6_DONTFRAG: 1584 case IPV6_USE_MIN_MTU: 1585 case IPV6_PREFER_TEMPADDR: 1586 if (optlen != sizeof(optval)) { 1587 error = EINVAL; 1588 break; 1589 } 1590 error = sooptcopyin(sopt, &optval, 1591 sizeof optval, sizeof optval); 1592 if (error) 1593 break; 1594 { 1595 struct ip6_pktopts **optp; 1596 optp = &in6p->in6p_outputopts; 1597 error = ip6_pcbopt(optname, 1598 (u_char *)&optval, 1599 sizeof(optval), 1600 optp, 1601 privileged, uproto); 1602 break; 1603 } 1604 1605 case IPV6_2292PKTINFO: 1606 case IPV6_2292HOPLIMIT: 1607 case IPV6_2292HOPOPTS: 1608 case IPV6_2292DSTOPTS: 1609 case IPV6_2292RTHDR: 1610 /* RFC 2292 */ 1611 if (optlen != sizeof(int)) { 1612 error = EINVAL; 1613 break; 1614 } 1615 error = sooptcopyin(sopt, &optval, 1616 sizeof optval, sizeof optval); 1617 if (error) 1618 break; 1619 switch (optname) { 1620 case IPV6_2292PKTINFO: 1621 OPTSET2292(IN6P_PKTINFO); 1622 break; 1623 case IPV6_2292HOPLIMIT: 1624 OPTSET2292(IN6P_HOPLIMIT); 1625 break; 1626 case IPV6_2292HOPOPTS: 1627 /* 1628 * Check super-user privilege. 1629 * See comments for IPV6_RECVHOPOPTS. 1630 */ 1631 if (!privileged) 1632 return (EPERM); 1633 OPTSET2292(IN6P_HOPOPTS); 1634 break; 1635 case IPV6_2292DSTOPTS: 1636 if (!privileged) 1637 return (EPERM); 1638 OPTSET2292(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS); /* XXX */ 1639 break; 1640 case IPV6_2292RTHDR: 1641 OPTSET2292(IN6P_RTHDR); 1642 break; 1643 } 1644 break; 1645 case IPV6_PKTINFO: 1646 case IPV6_HOPOPTS: 1647 case IPV6_RTHDR: 1648 case IPV6_DSTOPTS: 1649 case IPV6_RTHDRDSTOPTS: 1650 case IPV6_NEXTHOP: 1651 { 1652 /* new advanced API (RFC3542) */ 1653 u_char *optbuf; 1654 u_char optbuf_storage[MCLBYTES]; 1655 int optlen; 1656 struct ip6_pktopts **optp; 1657 1658 /* cannot mix with RFC2292 */ 1659 if (OPTBIT(IN6P_RFC2292)) { 1660 error = EINVAL; 1661 break; 1662 } 1663 1664 /* 1665 * We only ensure valsize is not too large 1666 * here. Further validation will be done 1667 * later. 1668 */ 1669 error = sooptcopyin(sopt, optbuf_storage, 1670 sizeof(optbuf_storage), 0); 1671 if (error) 1672 break; 1673 optlen = sopt->sopt_valsize; 1674 optbuf = optbuf_storage; 1675 optp = &in6p->in6p_outputopts; 1676 error = ip6_pcbopt(optname, 1677 optbuf, optlen, 1678 optp, privileged, uproto); 1679 break; 1680 } 1681 #undef OPTSET 1682 1683 case IPV6_MULTICAST_IF: 1684 case IPV6_MULTICAST_HOPS: 1685 case IPV6_MULTICAST_LOOP: 1686 case IPV6_JOIN_GROUP: 1687 case IPV6_LEAVE_GROUP: 1688 { 1689 if (sopt->sopt_valsize > MLEN) { 1690 error = EMSGSIZE; 1691 break; 1692 } 1693 /* XXX */ 1694 } 1695 /* FALLTHROUGH */ 1696 { 1697 struct mbuf *m; 1698 1699 if (sopt->sopt_valsize > MCLBYTES) { 1700 error = EMSGSIZE; 1701 break; 1702 } 1703 /* XXX */ 1704 MGET(m, sopt->sopt_td ? M_WAIT : M_DONTWAIT, MT_DATA); 1705 if (m == 0) { 1706 error = ENOBUFS; 1707 break; 1708 } 1709 if (sopt->sopt_valsize > MLEN) { 1710 MCLGET(m, sopt->sopt_td ? M_WAIT : M_DONTWAIT); 1711 if ((m->m_flags & M_EXT) == 0) { 1712 m_free(m); 1713 error = ENOBUFS; 1714 break; 1715 } 1716 } 1717 m->m_len = sopt->sopt_valsize; 1718 error = sooptcopyin(sopt, mtod(m, char *), 1719 m->m_len, m->m_len); 1720 if (error) { 1721 (void)m_free(m); 1722 break; 1723 } 1724 error = ip6_setmoptions(sopt->sopt_name, 1725 &in6p->in6p_moptions, 1726 m); 1727 (void)m_free(m); 1728 } 1729 break; 1730 1731 case IPV6_PORTRANGE: 1732 error = sooptcopyin(sopt, &optval, 1733 sizeof optval, sizeof optval); 1734 if (error) 1735 break; 1736 1737 switch (optval) { 1738 case IPV6_PORTRANGE_DEFAULT: 1739 in6p->in6p_flags &= ~(IN6P_LOWPORT); 1740 in6p->in6p_flags &= ~(IN6P_HIGHPORT); 1741 break; 1742 1743 case IPV6_PORTRANGE_HIGH: 1744 in6p->in6p_flags &= ~(IN6P_LOWPORT); 1745 in6p->in6p_flags |= IN6P_HIGHPORT; 1746 break; 1747 1748 case IPV6_PORTRANGE_LOW: 1749 in6p->in6p_flags &= ~(IN6P_HIGHPORT); 1750 in6p->in6p_flags |= IN6P_LOWPORT; 1751 break; 1752 1753 default: 1754 error = EINVAL; 1755 break; 1756 } 1757 break; 1758 1759 #ifdef IPSEC 1760 case IPV6_IPSEC_POLICY: 1761 { 1762 caddr_t req = NULL; 1763 size_t len = 0; 1764 struct mbuf *m; 1765 1766 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */ 1767 break; 1768 if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */ 1769 break; 1770 if (m) { 1771 req = mtod(m, caddr_t); 1772 len = m->m_len; 1773 } 1774 error = ipsec6_set_policy(in6p, optname, req, 1775 len, privileged); 1776 m_freem(m); 1777 } 1778 break; 1779 #endif /* IPSEC */ 1780 1781 default: 1782 error = ENOPROTOOPT; 1783 break; 1784 } 1785 break; 1786 1787 case SOPT_GET: 1788 switch (optname) { 1789 1790 case IPV6_2292PKTOPTIONS: 1791 #ifdef IPV6_PKTOPTIONS 1792 case IPV6_PKTOPTIONS: 1793 #endif 1794 /* 1795 * RFC3542 (effectively) deprecated the 1796 * semantics of the 2292-style pktoptions. 1797 * Since it was not reliable in nature (i.e., 1798 * applications had to expect the lack of some 1799 * information after all), it would make sense 1800 * to simplify this part by always returning 1801 * empty data. 1802 */ 1803 sopt->sopt_valsize = 0; 1804 break; 1805 1806 case IPV6_RECVHOPOPTS: 1807 case IPV6_RECVDSTOPTS: 1808 case IPV6_RECVRTHDRDSTOPTS: 1809 case IPV6_UNICAST_HOPS: 1810 case IPV6_RECVPKTINFO: 1811 case IPV6_RECVHOPLIMIT: 1812 case IPV6_RECVRTHDR: 1813 case IPV6_RECVPATHMTU: 1814 1815 case IPV6_FAITH: 1816 case IPV6_V6ONLY: 1817 case IPV6_PORTRANGE: 1818 case IPV6_RECVTCLASS: 1819 case IPV6_AUTOFLOWLABEL: 1820 switch (optname) { 1821 1822 case IPV6_RECVHOPOPTS: 1823 optval = OPTBIT(IN6P_HOPOPTS); 1824 break; 1825 1826 case IPV6_RECVDSTOPTS: 1827 optval = OPTBIT(IN6P_DSTOPTS); 1828 break; 1829 1830 case IPV6_RECVRTHDRDSTOPTS: 1831 optval = OPTBIT(IN6P_RTHDRDSTOPTS); 1832 break; 1833 1834 case IPV6_UNICAST_HOPS: 1835 optval = in6p->in6p_hops; 1836 break; 1837 1838 case IPV6_RECVPKTINFO: 1839 optval = OPTBIT(IN6P_PKTINFO); 1840 break; 1841 1842 case IPV6_RECVHOPLIMIT: 1843 optval = OPTBIT(IN6P_HOPLIMIT); 1844 break; 1845 1846 case IPV6_RECVRTHDR: 1847 optval = OPTBIT(IN6P_RTHDR); 1848 break; 1849 1850 case IPV6_RECVPATHMTU: 1851 optval = OPTBIT(IN6P_MTU); 1852 break; 1853 1854 case IPV6_FAITH: 1855 optval = OPTBIT(IN6P_FAITH); 1856 break; 1857 1858 case IPV6_V6ONLY: 1859 optval = OPTBIT(IN6P_IPV6_V6ONLY); 1860 break; 1861 1862 case IPV6_PORTRANGE: 1863 { 1864 int flags; 1865 flags = in6p->in6p_flags; 1866 if (flags & IN6P_HIGHPORT) 1867 optval = IPV6_PORTRANGE_HIGH; 1868 else if (flags & IN6P_LOWPORT) 1869 optval = IPV6_PORTRANGE_LOW; 1870 else 1871 optval = 0; 1872 break; 1873 } 1874 case IPV6_RECVTCLASS: 1875 optval = OPTBIT(IN6P_TCLASS); 1876 break; 1877 1878 case IPV6_AUTOFLOWLABEL: 1879 optval = OPTBIT(IN6P_AUTOFLOWLABEL); 1880 break; 1881 } 1882 if (error) 1883 break; 1884 error = sooptcopyout(sopt, &optval, 1885 sizeof optval); 1886 break; 1887 1888 case IPV6_PATHMTU: 1889 { 1890 u_long pmtu = 0; 1891 struct ip6_mtuinfo mtuinfo; 1892 struct route_in6 sro; 1893 1894 bzero(&sro, sizeof(sro)); 1895 1896 if (!(so->so_state & SS_ISCONNECTED)) 1897 return (ENOTCONN); 1898 /* 1899 * XXX: we dot not consider the case of source 1900 * routing, or optional information to specify 1901 * the outgoing interface. 1902 */ 1903 error = ip6_getpmtu(&sro, NULL, NULL, 1904 &in6p->in6p_faddr, &pmtu, NULL); 1905 if (sro.ro_rt) 1906 RTFREE(sro.ro_rt); 1907 if (error) 1908 break; 1909 if (pmtu > IPV6_MAXPACKET) 1910 pmtu = IPV6_MAXPACKET; 1911 1912 bzero(&mtuinfo, sizeof(mtuinfo)); 1913 mtuinfo.ip6m_mtu = (u_int32_t)pmtu; 1914 optdata = (void *)&mtuinfo; 1915 optdatalen = sizeof(mtuinfo); 1916 error = sooptcopyout(sopt, optdata, 1917 optdatalen); 1918 break; 1919 } 1920 1921 case IPV6_2292PKTINFO: 1922 case IPV6_2292HOPLIMIT: 1923 case IPV6_2292HOPOPTS: 1924 case IPV6_2292RTHDR: 1925 case IPV6_2292DSTOPTS: 1926 switch (optname) { 1927 case IPV6_2292PKTINFO: 1928 optval = OPTBIT(IN6P_PKTINFO); 1929 break; 1930 case IPV6_2292HOPLIMIT: 1931 optval = OPTBIT(IN6P_HOPLIMIT); 1932 break; 1933 case IPV6_2292HOPOPTS: 1934 optval = OPTBIT(IN6P_HOPOPTS); 1935 break; 1936 case IPV6_2292RTHDR: 1937 optval = OPTBIT(IN6P_RTHDR); 1938 break; 1939 case IPV6_2292DSTOPTS: 1940 optval = OPTBIT(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS); 1941 break; 1942 } 1943 error = sooptcopyout(sopt, &optval, 1944 sizeof optval); 1945 break; 1946 case IPV6_PKTINFO: 1947 case IPV6_HOPOPTS: 1948 case IPV6_RTHDR: 1949 case IPV6_DSTOPTS: 1950 case IPV6_RTHDRDSTOPTS: 1951 case IPV6_NEXTHOP: 1952 case IPV6_TCLASS: 1953 case IPV6_DONTFRAG: 1954 case IPV6_USE_MIN_MTU: 1955 case IPV6_PREFER_TEMPADDR: 1956 error = ip6_getpcbopt(in6p->in6p_outputopts, 1957 optname, sopt); 1958 break; 1959 1960 case IPV6_MULTICAST_IF: 1961 case IPV6_MULTICAST_HOPS: 1962 case IPV6_MULTICAST_LOOP: 1963 case IPV6_JOIN_GROUP: 1964 case IPV6_LEAVE_GROUP: 1965 { 1966 struct mbuf *m; 1967 error = ip6_getmoptions(sopt->sopt_name, 1968 in6p->in6p_moptions, &m); 1969 if (error == 0) 1970 error = sooptcopyout(sopt, 1971 mtod(m, char *), m->m_len); 1972 m_freem(m); 1973 } 1974 break; 1975 1976 #ifdef IPSEC 1977 case IPV6_IPSEC_POLICY: 1978 { 1979 caddr_t req = NULL; 1980 size_t len = 0; 1981 struct mbuf *m = NULL; 1982 struct mbuf **mp = &m; 1983 size_t ovalsize = sopt->sopt_valsize; 1984 caddr_t oval = (caddr_t)sopt->sopt_val; 1985 1986 error = soopt_getm(sopt, &m); /* XXX */ 1987 if (error != 0) 1988 break; 1989 error = soopt_mcopyin(sopt, m); /* XXX */ 1990 if (error != 0) 1991 break; 1992 sopt->sopt_valsize = ovalsize; 1993 sopt->sopt_val = oval; 1994 if (m) { 1995 req = mtod(m, caddr_t); 1996 len = m->m_len; 1997 } 1998 error = ipsec6_get_policy(in6p, req, len, mp); 1999 if (error == 0) 2000 error = soopt_mcopyout(sopt, m); /* XXX */ 2001 if (error == 0 && m) 2002 m_freem(m); 2003 break; 2004 } 2005 #endif /* IPSEC */ 2006 2007 default: 2008 error = ENOPROTOOPT; 2009 break; 2010 } 2011 break; 2012 } 2013 } else { /* level != IPPROTO_IPV6 */ 2014 error = EINVAL; 2015 } 2016 return (error); 2017 } 2018 2019 int 2020 ip6_raw_ctloutput(struct socket *so, struct sockopt *sopt) 2021 { 2022 int error = 0, optval, optlen; 2023 const int icmp6off = offsetof(struct icmp6_hdr, icmp6_cksum); 2024 struct in6pcb *in6p = sotoin6pcb(so); 2025 int level, op, optname; 2026 2027 if (sopt) { 2028 level = sopt->sopt_level; 2029 op = sopt->sopt_dir; 2030 optname = sopt->sopt_name; 2031 optlen = sopt->sopt_valsize; 2032 } else 2033 panic("ip6_raw_ctloutput: arg soopt is NULL"); 2034 2035 if (level != IPPROTO_IPV6) { 2036 return (EINVAL); 2037 } 2038 2039 switch (optname) { 2040 case IPV6_CHECKSUM: 2041 /* 2042 * For ICMPv6 sockets, no modification allowed for checksum 2043 * offset, permit "no change" values to help existing apps. 2044 * 2045 * RFC3542 says: "An attempt to set IPV6_CHECKSUM 2046 * for an ICMPv6 socket will fail." 2047 * The current behavior does not meet RFC3542. 2048 */ 2049 switch (op) { 2050 case SOPT_SET: 2051 if (optlen != sizeof(int)) { 2052 error = EINVAL; 2053 break; 2054 } 2055 error = sooptcopyin(sopt, &optval, sizeof(optval), 2056 sizeof(optval)); 2057 if (error) 2058 break; 2059 if ((optval % 2) != 0) { 2060 /* the API assumes even offset values */ 2061 error = EINVAL; 2062 } else if (so->so_proto->pr_protocol == 2063 IPPROTO_ICMPV6) { 2064 if (optval != icmp6off) 2065 error = EINVAL; 2066 } else 2067 in6p->in6p_cksum = optval; 2068 break; 2069 2070 case SOPT_GET: 2071 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) 2072 optval = icmp6off; 2073 else 2074 optval = in6p->in6p_cksum; 2075 2076 error = sooptcopyout(sopt, &optval, sizeof(optval)); 2077 break; 2078 2079 default: 2080 error = EINVAL; 2081 break; 2082 } 2083 break; 2084 2085 default: 2086 error = ENOPROTOOPT; 2087 break; 2088 } 2089 2090 return (error); 2091 } 2092 2093 /* 2094 * Set up IP6 options in pcb for insertion in output packets or 2095 * specifying behavior of outgoing packets. 2096 */ 2097 static int 2098 ip6_pcbopts(struct ip6_pktopts **pktopt, struct mbuf *m, 2099 struct socket *so, struct sockopt *sopt) 2100 { 2101 struct ip6_pktopts *opt = *pktopt; 2102 int error = 0; 2103 struct thread *td = sopt->sopt_td; 2104 int priv = 0; 2105 2106 /* turn off any old options. */ 2107 if (opt) { 2108 #ifdef DIAGNOSTIC 2109 if (opt->ip6po_pktinfo || opt->ip6po_nexthop || 2110 opt->ip6po_hbh || opt->ip6po_dest1 || opt->ip6po_dest2 || 2111 opt->ip6po_rhinfo.ip6po_rhi_rthdr) 2112 printf("ip6_pcbopts: all specified options are cleared.\n"); 2113 #endif 2114 ip6_clearpktopts(opt, -1); 2115 } else 2116 opt = malloc(sizeof(*opt), M_IP6OPT, M_WAITOK); 2117 *pktopt = NULL; 2118 2119 if (!m || m->m_len == 0) { 2120 /* 2121 * Only turning off any previous options, regardless of 2122 * whether the opt is just created or given. 2123 */ 2124 free(opt, M_IP6OPT); 2125 return (0); 2126 } 2127 2128 /* set options specified by user. */ 2129 if (td && !suser(td)) 2130 priv = 1; 2131 if ((error = ip6_setpktopts(m, opt, NULL, priv, 2132 so->so_proto->pr_protocol)) != 0) { 2133 ip6_clearpktopts(opt, -1); /* XXX: discard all options */ 2134 free(opt, M_IP6OPT); 2135 return (error); 2136 } 2137 *pktopt = opt; 2138 return (0); 2139 } 2140 2141 /* 2142 * initialize ip6_pktopts. beware that there are non-zero default values in 2143 * the struct. 2144 */ 2145 void 2146 ip6_initpktopts(struct ip6_pktopts *opt) 2147 { 2148 2149 bzero(opt, sizeof(*opt)); 2150 opt->ip6po_hlim = -1; /* -1 means default hop limit */ 2151 opt->ip6po_tclass = -1; /* -1 means default traffic class */ 2152 opt->ip6po_minmtu = IP6PO_MINMTU_MCASTONLY; 2153 opt->ip6po_prefer_tempaddr = IP6PO_TEMPADDR_SYSTEM; 2154 } 2155 2156 static int 2157 ip6_pcbopt(int optname, u_char *buf, int len, struct ip6_pktopts **pktopt, 2158 int priv, int uproto) 2159 { 2160 struct ip6_pktopts *opt; 2161 2162 if (*pktopt == NULL) { 2163 *pktopt = malloc(sizeof(struct ip6_pktopts), M_IP6OPT, 2164 M_WAITOK); 2165 ip6_initpktopts(*pktopt); 2166 } 2167 opt = *pktopt; 2168 2169 return (ip6_setpktopt(optname, buf, len, opt, priv, 1, 0, uproto)); 2170 } 2171 2172 static int 2173 ip6_getpcbopt(struct ip6_pktopts *pktopt, int optname, struct sockopt *sopt) 2174 { 2175 void *optdata = NULL; 2176 int optdatalen = 0; 2177 struct ip6_ext *ip6e; 2178 int error = 0; 2179 struct in6_pktinfo null_pktinfo; 2180 int deftclass = 0, on; 2181 int defminmtu = IP6PO_MINMTU_MCASTONLY; 2182 int defpreftemp = IP6PO_TEMPADDR_SYSTEM; 2183 2184 switch (optname) { 2185 case IPV6_PKTINFO: 2186 if (pktopt && pktopt->ip6po_pktinfo) 2187 optdata = (void *)pktopt->ip6po_pktinfo; 2188 else { 2189 /* XXX: we don't have to do this every time... */ 2190 bzero(&null_pktinfo, sizeof(null_pktinfo)); 2191 optdata = (void *)&null_pktinfo; 2192 } 2193 optdatalen = sizeof(struct in6_pktinfo); 2194 break; 2195 case IPV6_TCLASS: 2196 if (pktopt && pktopt->ip6po_tclass >= 0) 2197 optdata = (void *)&pktopt->ip6po_tclass; 2198 else 2199 optdata = (void *)&deftclass; 2200 optdatalen = sizeof(int); 2201 break; 2202 case IPV6_HOPOPTS: 2203 if (pktopt && pktopt->ip6po_hbh) { 2204 optdata = (void *)pktopt->ip6po_hbh; 2205 ip6e = (struct ip6_ext *)pktopt->ip6po_hbh; 2206 optdatalen = (ip6e->ip6e_len + 1) << 3; 2207 } 2208 break; 2209 case IPV6_RTHDR: 2210 if (pktopt && pktopt->ip6po_rthdr) { 2211 optdata = (void *)pktopt->ip6po_rthdr; 2212 ip6e = (struct ip6_ext *)pktopt->ip6po_rthdr; 2213 optdatalen = (ip6e->ip6e_len + 1) << 3; 2214 } 2215 break; 2216 case IPV6_RTHDRDSTOPTS: 2217 if (pktopt && pktopt->ip6po_dest1) { 2218 optdata = (void *)pktopt->ip6po_dest1; 2219 ip6e = (struct ip6_ext *)pktopt->ip6po_dest1; 2220 optdatalen = (ip6e->ip6e_len + 1) << 3; 2221 } 2222 break; 2223 case IPV6_DSTOPTS: 2224 if (pktopt && pktopt->ip6po_dest2) { 2225 optdata = (void *)pktopt->ip6po_dest2; 2226 ip6e = (struct ip6_ext *)pktopt->ip6po_dest2; 2227 optdatalen = (ip6e->ip6e_len + 1) << 3; 2228 } 2229 break; 2230 case IPV6_NEXTHOP: 2231 if (pktopt && pktopt->ip6po_nexthop) { 2232 optdata = (void *)pktopt->ip6po_nexthop; 2233 optdatalen = pktopt->ip6po_nexthop->sa_len; 2234 } 2235 break; 2236 case IPV6_USE_MIN_MTU: 2237 if (pktopt) 2238 optdata = (void *)&pktopt->ip6po_minmtu; 2239 else 2240 optdata = (void *)&defminmtu; 2241 optdatalen = sizeof(int); 2242 break; 2243 case IPV6_DONTFRAG: 2244 if (pktopt && ((pktopt->ip6po_flags) & IP6PO_DONTFRAG)) 2245 on = 1; 2246 else 2247 on = 0; 2248 optdata = (void *)&on; 2249 optdatalen = sizeof(on); 2250 break; 2251 case IPV6_PREFER_TEMPADDR: 2252 if (pktopt) 2253 optdata = (void *)&pktopt->ip6po_prefer_tempaddr; 2254 else 2255 optdata = (void *)&defpreftemp; 2256 optdatalen = sizeof(int); 2257 break; 2258 default: /* should not happen */ 2259 #ifdef DIAGNOSTIC 2260 panic("ip6_getpcbopt: unexpected option\n"); 2261 #endif 2262 return (ENOPROTOOPT); 2263 } 2264 2265 error = sooptcopyout(sopt, optdata, optdatalen); 2266 2267 return (error); 2268 } 2269 2270 void 2271 ip6_clearpktopts(struct ip6_pktopts *pktopt, int optname) 2272 { 2273 if (pktopt == NULL) 2274 return; 2275 2276 if (optname == -1 || optname == IPV6_PKTINFO) { 2277 if (pktopt->ip6po_pktinfo) 2278 free(pktopt->ip6po_pktinfo, M_IP6OPT); 2279 pktopt->ip6po_pktinfo = NULL; 2280 } 2281 if (optname == -1 || optname == IPV6_HOPLIMIT) 2282 pktopt->ip6po_hlim = -1; 2283 if (optname == -1 || optname == IPV6_TCLASS) 2284 pktopt->ip6po_tclass = -1; 2285 if (optname == -1 || optname == IPV6_NEXTHOP) { 2286 if (pktopt->ip6po_nextroute.ro_rt) { 2287 RTFREE(pktopt->ip6po_nextroute.ro_rt); 2288 pktopt->ip6po_nextroute.ro_rt = NULL; 2289 } 2290 if (pktopt->ip6po_nexthop) 2291 free(pktopt->ip6po_nexthop, M_IP6OPT); 2292 pktopt->ip6po_nexthop = NULL; 2293 } 2294 if (optname == -1 || optname == IPV6_HOPOPTS) { 2295 if (pktopt->ip6po_hbh) 2296 free(pktopt->ip6po_hbh, M_IP6OPT); 2297 pktopt->ip6po_hbh = NULL; 2298 } 2299 if (optname == -1 || optname == IPV6_RTHDRDSTOPTS) { 2300 if (pktopt->ip6po_dest1) 2301 free(pktopt->ip6po_dest1, M_IP6OPT); 2302 pktopt->ip6po_dest1 = NULL; 2303 } 2304 if (optname == -1 || optname == IPV6_RTHDR) { 2305 if (pktopt->ip6po_rhinfo.ip6po_rhi_rthdr) 2306 free(pktopt->ip6po_rhinfo.ip6po_rhi_rthdr, M_IP6OPT); 2307 pktopt->ip6po_rhinfo.ip6po_rhi_rthdr = NULL; 2308 if (pktopt->ip6po_route.ro_rt) { 2309 RTFREE(pktopt->ip6po_route.ro_rt); 2310 pktopt->ip6po_route.ro_rt = NULL; 2311 } 2312 } 2313 if (optname == -1 || optname == IPV6_DSTOPTS) { 2314 if (pktopt->ip6po_dest2) 2315 free(pktopt->ip6po_dest2, M_IP6OPT); 2316 pktopt->ip6po_dest2 = NULL; 2317 } 2318 } 2319 2320 #define PKTOPT_EXTHDRCPY(type) \ 2321 do {\ 2322 if (src->type) {\ 2323 int hlen = (((struct ip6_ext *)src->type)->ip6e_len + 1) << 3;\ 2324 dst->type = malloc(hlen, M_IP6OPT, canwait);\ 2325 if (dst->type == NULL && canwait == M_NOWAIT)\ 2326 goto bad;\ 2327 bcopy(src->type, dst->type, hlen);\ 2328 }\ 2329 } while (/*CONSTCOND*/ 0) 2330 2331 static int 2332 copypktopts(struct ip6_pktopts *dst, struct ip6_pktopts *src, int canwait) 2333 { 2334 if (dst == NULL || src == NULL) { 2335 printf("ip6_clearpktopts: invalid argument\n"); 2336 return (EINVAL); 2337 } 2338 2339 dst->ip6po_hlim = src->ip6po_hlim; 2340 dst->ip6po_tclass = src->ip6po_tclass; 2341 dst->ip6po_flags = src->ip6po_flags; 2342 if (src->ip6po_pktinfo) { 2343 dst->ip6po_pktinfo = malloc(sizeof(*dst->ip6po_pktinfo), 2344 M_IP6OPT, canwait); 2345 if (dst->ip6po_pktinfo == NULL) 2346 goto bad; 2347 *dst->ip6po_pktinfo = *src->ip6po_pktinfo; 2348 } 2349 if (src->ip6po_nexthop) { 2350 dst->ip6po_nexthop = malloc(src->ip6po_nexthop->sa_len, 2351 M_IP6OPT, canwait); 2352 if (dst->ip6po_nexthop == NULL) 2353 goto bad; 2354 bcopy(src->ip6po_nexthop, dst->ip6po_nexthop, 2355 src->ip6po_nexthop->sa_len); 2356 } 2357 PKTOPT_EXTHDRCPY(ip6po_hbh); 2358 PKTOPT_EXTHDRCPY(ip6po_dest1); 2359 PKTOPT_EXTHDRCPY(ip6po_dest2); 2360 PKTOPT_EXTHDRCPY(ip6po_rthdr); /* not copy the cached route */ 2361 return (0); 2362 2363 bad: 2364 ip6_clearpktopts(dst, -1); 2365 return (ENOBUFS); 2366 } 2367 #undef PKTOPT_EXTHDRCPY 2368 2369 struct ip6_pktopts * 2370 ip6_copypktopts(struct ip6_pktopts *src, int canwait) 2371 { 2372 int error; 2373 struct ip6_pktopts *dst; 2374 2375 dst = malloc(sizeof(*dst), M_IP6OPT, canwait); 2376 if (dst == NULL) 2377 return (NULL); 2378 ip6_initpktopts(dst); 2379 2380 if ((error = copypktopts(dst, src, canwait)) != 0) { 2381 free(dst, M_IP6OPT); 2382 return (NULL); 2383 } 2384 2385 return (dst); 2386 } 2387 2388 void 2389 ip6_freepcbopts(struct ip6_pktopts *pktopt) 2390 { 2391 if (pktopt == NULL) 2392 return; 2393 2394 ip6_clearpktopts(pktopt, -1); 2395 2396 free(pktopt, M_IP6OPT); 2397 } 2398 2399 /* 2400 * Set the IP6 multicast options in response to user setsockopt(). 2401 */ 2402 static int 2403 ip6_setmoptions(int optname, struct ip6_moptions **im6op, struct mbuf *m) 2404 { 2405 int error = 0; 2406 u_int loop, ifindex; 2407 struct ipv6_mreq *mreq; 2408 struct ifnet *ifp; 2409 struct ip6_moptions *im6o = *im6op; 2410 struct route_in6 ro; 2411 struct in6_multi_mship *imm; 2412 struct thread *td = curthread; 2413 2414 if (im6o == NULL) { 2415 /* 2416 * No multicast option buffer attached to the pcb; 2417 * allocate one and initialize to default values. 2418 */ 2419 im6o = (struct ip6_moptions *) 2420 malloc(sizeof(*im6o), M_IP6MOPTS, M_WAITOK); 2421 2422 if (im6o == NULL) 2423 return (ENOBUFS); 2424 *im6op = im6o; 2425 im6o->im6o_multicast_ifp = NULL; 2426 im6o->im6o_multicast_hlim = ip6_defmcasthlim; 2427 im6o->im6o_multicast_loop = IPV6_DEFAULT_MULTICAST_LOOP; 2428 LIST_INIT(&im6o->im6o_memberships); 2429 } 2430 2431 switch (optname) { 2432 2433 case IPV6_MULTICAST_IF: 2434 /* 2435 * Select the interface for outgoing multicast packets. 2436 */ 2437 if (m == NULL || m->m_len != sizeof(u_int)) { 2438 error = EINVAL; 2439 break; 2440 } 2441 bcopy(mtod(m, u_int *), &ifindex, sizeof(ifindex)); 2442 if (ifindex < 0 || if_index < ifindex) { 2443 error = ENXIO; /* XXX EINVAL? */ 2444 break; 2445 } 2446 ifp = ifnet_byindex(ifindex); 2447 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) { 2448 error = EADDRNOTAVAIL; 2449 break; 2450 } 2451 im6o->im6o_multicast_ifp = ifp; 2452 break; 2453 2454 case IPV6_MULTICAST_HOPS: 2455 { 2456 /* 2457 * Set the IP6 hoplimit for outgoing multicast packets. 2458 */ 2459 int optval; 2460 if (m == NULL || m->m_len != sizeof(int)) { 2461 error = EINVAL; 2462 break; 2463 } 2464 bcopy(mtod(m, u_int *), &optval, sizeof(optval)); 2465 if (optval < -1 || optval >= 256) 2466 error = EINVAL; 2467 else if (optval == -1) 2468 im6o->im6o_multicast_hlim = ip6_defmcasthlim; 2469 else 2470 im6o->im6o_multicast_hlim = optval; 2471 break; 2472 } 2473 2474 case IPV6_MULTICAST_LOOP: 2475 /* 2476 * Set the loopback flag for outgoing multicast packets. 2477 * Must be zero or one. 2478 */ 2479 if (m == NULL || m->m_len != sizeof(u_int)) { 2480 error = EINVAL; 2481 break; 2482 } 2483 bcopy(mtod(m, u_int *), &loop, sizeof(loop)); 2484 if (loop > 1) { 2485 error = EINVAL; 2486 break; 2487 } 2488 im6o->im6o_multicast_loop = loop; 2489 break; 2490 2491 case IPV6_JOIN_GROUP: 2492 /* 2493 * Add a multicast group membership. 2494 * Group must be a valid IP6 multicast address. 2495 */ 2496 if (m == NULL || m->m_len != sizeof(struct ipv6_mreq)) { 2497 error = EINVAL; 2498 break; 2499 } 2500 mreq = mtod(m, struct ipv6_mreq *); 2501 2502 if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) { 2503 /* 2504 * We use the unspecified address to specify to accept 2505 * all multicast addresses. Only super user is allowed 2506 * to do this. 2507 */ 2508 if (suser(td)) { 2509 error = EACCES; 2510 break; 2511 } 2512 } else if (!IN6_IS_ADDR_MULTICAST(&mreq->ipv6mr_multiaddr)) { 2513 error = EINVAL; 2514 break; 2515 } 2516 2517 /* 2518 * If no interface was explicitly specified, choose an 2519 * appropriate one according to the given multicast address. 2520 */ 2521 if (mreq->ipv6mr_interface == 0) { 2522 struct sockaddr_in6 *dst; 2523 2524 /* 2525 * Look up the routing table for the 2526 * address, and choose the outgoing interface. 2527 * XXX: is it a good approach? 2528 */ 2529 ro.ro_rt = NULL; 2530 dst = (struct sockaddr_in6 *)&ro.ro_dst; 2531 bzero(dst, sizeof(*dst)); 2532 dst->sin6_family = AF_INET6; 2533 dst->sin6_len = sizeof(*dst); 2534 dst->sin6_addr = mreq->ipv6mr_multiaddr; 2535 rtalloc((struct route *)&ro); 2536 if (ro.ro_rt == NULL) { 2537 error = EADDRNOTAVAIL; 2538 break; 2539 } 2540 ifp = ro.ro_rt->rt_ifp; 2541 RTFREE(ro.ro_rt); 2542 } else { 2543 /* 2544 * If the interface is specified, validate it. 2545 */ 2546 if (mreq->ipv6mr_interface < 0 || 2547 if_index < mreq->ipv6mr_interface) { 2548 error = ENXIO; /* XXX EINVAL? */ 2549 break; 2550 } 2551 ifp = ifnet_byindex(mreq->ipv6mr_interface); 2552 if (!ifp) { 2553 error = ENXIO; /* XXX EINVAL? */ 2554 break; 2555 } 2556 } 2557 2558 /* 2559 * See if we found an interface, and confirm that it 2560 * supports multicast 2561 */ 2562 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) { 2563 error = EADDRNOTAVAIL; 2564 break; 2565 } 2566 2567 if (in6_setscope(&mreq->ipv6mr_multiaddr, ifp, NULL)) { 2568 error = EADDRNOTAVAIL; /* XXX: should not happen */ 2569 break; 2570 } 2571 2572 /* 2573 * See if the membership already exists. 2574 */ 2575 for (imm = im6o->im6o_memberships.lh_first; 2576 imm != NULL; imm = imm->i6mm_chain.le_next) 2577 if (imm->i6mm_maddr->in6m_ifp == ifp && 2578 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr, 2579 &mreq->ipv6mr_multiaddr)) 2580 break; 2581 if (imm != NULL) { 2582 error = EADDRINUSE; 2583 break; 2584 } 2585 /* 2586 * Everything looks good; add a new record to the multicast 2587 * address list for the given interface. 2588 */ 2589 imm = in6_joingroup(ifp, &mreq->ipv6mr_multiaddr, &error, 0); 2590 if (imm == NULL) 2591 break; 2592 LIST_INSERT_HEAD(&im6o->im6o_memberships, imm, i6mm_chain); 2593 break; 2594 2595 case IPV6_LEAVE_GROUP: 2596 /* 2597 * Drop a multicast group membership. 2598 * Group must be a valid IP6 multicast address. 2599 */ 2600 if (m == NULL || m->m_len != sizeof(struct ipv6_mreq)) { 2601 error = EINVAL; 2602 break; 2603 } 2604 mreq = mtod(m, struct ipv6_mreq *); 2605 2606 /* 2607 * If an interface address was specified, get a pointer 2608 * to its ifnet structure. 2609 */ 2610 if (mreq->ipv6mr_interface < 0 || 2611 if_index < mreq->ipv6mr_interface) { 2612 error = ENXIO; /* XXX EINVAL? */ 2613 break; 2614 } 2615 if (mreq->ipv6mr_interface == 0) 2616 ifp = NULL; 2617 else 2618 ifp = ifnet_byindex(mreq->ipv6mr_interface); 2619 2620 /* Fill in the scope zone ID */ 2621 if (ifp) { 2622 if (in6_setscope(&mreq->ipv6mr_multiaddr, ifp, NULL)) { 2623 /* XXX: should not happen */ 2624 error = EADDRNOTAVAIL; 2625 break; 2626 } 2627 } else if (mreq->ipv6mr_interface != 0) { 2628 /* 2629 * This case happens when the (positive) index is in 2630 * the valid range, but the corresponding interface has 2631 * been detached dynamically (XXX). 2632 */ 2633 error = EADDRNOTAVAIL; 2634 break; 2635 } else { /* ipv6mr_interface == 0 */ 2636 struct sockaddr_in6 sa6_mc; 2637 2638 /* 2639 * The API spec says as follows: 2640 * If the interface index is specified as 0, the 2641 * system may choose a multicast group membership to 2642 * drop by matching the multicast address only. 2643 * On the other hand, we cannot disambiguate the scope 2644 * zone unless an interface is provided. Thus, we 2645 * check if there's ambiguity with the default scope 2646 * zone as the last resort. 2647 */ 2648 bzero(&sa6_mc, sizeof(sa6_mc)); 2649 sa6_mc.sin6_family = AF_INET6; 2650 sa6_mc.sin6_len = sizeof(sa6_mc); 2651 sa6_mc.sin6_addr = mreq->ipv6mr_multiaddr; 2652 error = sa6_embedscope(&sa6_mc, ip6_use_defzone); 2653 if (error != 0) 2654 break; 2655 mreq->ipv6mr_multiaddr = sa6_mc.sin6_addr; 2656 } 2657 2658 /* 2659 * Find the membership in the membership list. 2660 */ 2661 for (imm = im6o->im6o_memberships.lh_first; 2662 imm != NULL; imm = imm->i6mm_chain.le_next) { 2663 if ((ifp == NULL || imm->i6mm_maddr->in6m_ifp == ifp) && 2664 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr, 2665 &mreq->ipv6mr_multiaddr)) 2666 break; 2667 } 2668 if (imm == NULL) { 2669 /* Unable to resolve interface */ 2670 error = EADDRNOTAVAIL; 2671 break; 2672 } 2673 /* 2674 * Give up the multicast address record to which the 2675 * membership points. 2676 */ 2677 LIST_REMOVE(imm, i6mm_chain); 2678 in6_delmulti(imm->i6mm_maddr); 2679 free(imm, M_IP6MADDR); 2680 break; 2681 2682 default: 2683 error = EOPNOTSUPP; 2684 break; 2685 } 2686 2687 /* 2688 * If all options have default values, no need to keep the mbuf. 2689 */ 2690 if (im6o->im6o_multicast_ifp == NULL && 2691 im6o->im6o_multicast_hlim == ip6_defmcasthlim && 2692 im6o->im6o_multicast_loop == IPV6_DEFAULT_MULTICAST_LOOP && 2693 im6o->im6o_memberships.lh_first == NULL) { 2694 free(*im6op, M_IP6MOPTS); 2695 *im6op = NULL; 2696 } 2697 2698 return (error); 2699 } 2700 2701 /* 2702 * Return the IP6 multicast options in response to user getsockopt(). 2703 */ 2704 static int 2705 ip6_getmoptions(int optname, struct ip6_moptions *im6o, struct mbuf **mp) 2706 { 2707 u_int *hlim, *loop, *ifindex; 2708 2709 *mp = m_get(M_TRYWAIT, MT_HEADER); /* XXX */ 2710 2711 switch (optname) { 2712 2713 case IPV6_MULTICAST_IF: 2714 ifindex = mtod(*mp, u_int *); 2715 (*mp)->m_len = sizeof(u_int); 2716 if (im6o == NULL || im6o->im6o_multicast_ifp == NULL) 2717 *ifindex = 0; 2718 else 2719 *ifindex = im6o->im6o_multicast_ifp->if_index; 2720 return (0); 2721 2722 case IPV6_MULTICAST_HOPS: 2723 hlim = mtod(*mp, u_int *); 2724 (*mp)->m_len = sizeof(u_int); 2725 if (im6o == NULL) 2726 *hlim = ip6_defmcasthlim; 2727 else 2728 *hlim = im6o->im6o_multicast_hlim; 2729 return (0); 2730 2731 case IPV6_MULTICAST_LOOP: 2732 loop = mtod(*mp, u_int *); 2733 (*mp)->m_len = sizeof(u_int); 2734 if (im6o == NULL) 2735 *loop = ip6_defmcasthlim; 2736 else 2737 *loop = im6o->im6o_multicast_loop; 2738 return (0); 2739 2740 default: 2741 return (EOPNOTSUPP); 2742 } 2743 } 2744 2745 /* 2746 * Discard the IP6 multicast options. 2747 */ 2748 void 2749 ip6_freemoptions(struct ip6_moptions *im6o) 2750 { 2751 struct in6_multi_mship *imm; 2752 2753 if (im6o == NULL) 2754 return; 2755 2756 while ((imm = im6o->im6o_memberships.lh_first) != NULL) { 2757 LIST_REMOVE(imm, i6mm_chain); 2758 if (imm->i6mm_maddr) 2759 in6_delmulti(imm->i6mm_maddr); 2760 free(imm, M_IP6MADDR); 2761 } 2762 free(im6o, M_IP6MOPTS); 2763 } 2764 2765 /* 2766 * Set IPv6 outgoing packet options based on advanced API. 2767 */ 2768 int 2769 ip6_setpktopts(struct mbuf *control, struct ip6_pktopts *opt, 2770 struct ip6_pktopts *stickyopt, int priv, int uproto) 2771 { 2772 struct cmsghdr *cm = 0; 2773 2774 if (control == NULL || opt == NULL) 2775 return (EINVAL); 2776 2777 ip6_initpktopts(opt); 2778 if (stickyopt) { 2779 int error; 2780 2781 /* 2782 * If stickyopt is provided, make a local copy of the options 2783 * for this particular packet, then override them by ancillary 2784 * objects. 2785 * XXX: copypktopts() does not copy the cached route to a next 2786 * hop (if any). This is not very good in terms of efficiency, 2787 * but we can allow this since this option should be rarely 2788 * used. 2789 */ 2790 if ((error = copypktopts(opt, stickyopt, M_NOWAIT)) != 0) 2791 return (error); 2792 } 2793 2794 /* 2795 * XXX: Currently, we assume all the optional information is stored 2796 * in a single mbuf. 2797 */ 2798 if (control->m_next) 2799 return (EINVAL); 2800 2801 for (; control->m_len; control->m_data += CMSG_ALIGN(cm->cmsg_len), 2802 control->m_len -= CMSG_ALIGN(cm->cmsg_len)) { 2803 int error; 2804 2805 if (control->m_len < CMSG_LEN(0)) 2806 return (EINVAL); 2807 2808 cm = mtod(control, struct cmsghdr *); 2809 if (cm->cmsg_len == 0 || cm->cmsg_len > control->m_len) 2810 return (EINVAL); 2811 if (cm->cmsg_level != IPPROTO_IPV6) 2812 continue; 2813 2814 error = ip6_setpktopt(cm->cmsg_type, CMSG_DATA(cm), 2815 cm->cmsg_len - CMSG_LEN(0), opt, priv, 0, 1, uproto); 2816 if (error) 2817 return (error); 2818 } 2819 2820 return (0); 2821 } 2822 2823 /* 2824 * Set a particular packet option, as a sticky option or an ancillary data 2825 * item. "len" can be 0 only when it's a sticky option. 2826 * We have 4 cases of combination of "sticky" and "cmsg": 2827 * "sticky=0, cmsg=0": impossible 2828 * "sticky=0, cmsg=1": RFC2292 or RFC3542 ancillary data 2829 * "sticky=1, cmsg=0": RFC3542 socket option 2830 * "sticky=1, cmsg=1": RFC2292 socket option 2831 */ 2832 static int 2833 ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt, 2834 int priv, int sticky, int cmsg, int uproto) 2835 { 2836 int minmtupolicy, preftemp; 2837 2838 if (!sticky && !cmsg) { 2839 #ifdef DIAGNOSTIC 2840 printf("ip6_setpktopt: impossible case\n"); 2841 #endif 2842 return (EINVAL); 2843 } 2844 2845 /* 2846 * IPV6_2292xxx is for backward compatibility to RFC2292, and should 2847 * not be specified in the context of RFC3542. Conversely, 2848 * RFC3542 types should not be specified in the context of RFC2292. 2849 */ 2850 if (!cmsg) { 2851 switch (optname) { 2852 case IPV6_2292PKTINFO: 2853 case IPV6_2292HOPLIMIT: 2854 case IPV6_2292NEXTHOP: 2855 case IPV6_2292HOPOPTS: 2856 case IPV6_2292DSTOPTS: 2857 case IPV6_2292RTHDR: 2858 case IPV6_2292PKTOPTIONS: 2859 return (ENOPROTOOPT); 2860 } 2861 } 2862 if (sticky && cmsg) { 2863 switch (optname) { 2864 case IPV6_PKTINFO: 2865 case IPV6_HOPLIMIT: 2866 case IPV6_NEXTHOP: 2867 case IPV6_HOPOPTS: 2868 case IPV6_DSTOPTS: 2869 case IPV6_RTHDRDSTOPTS: 2870 case IPV6_RTHDR: 2871 case IPV6_USE_MIN_MTU: 2872 case IPV6_DONTFRAG: 2873 case IPV6_TCLASS: 2874 case IPV6_PREFER_TEMPADDR: /* XXX: not an RFC3542 option */ 2875 return (ENOPROTOOPT); 2876 } 2877 } 2878 2879 switch (optname) { 2880 case IPV6_2292PKTINFO: 2881 case IPV6_PKTINFO: 2882 { 2883 struct ifnet *ifp = NULL; 2884 struct in6_pktinfo *pktinfo; 2885 2886 if (len != sizeof(struct in6_pktinfo)) 2887 return (EINVAL); 2888 2889 pktinfo = (struct in6_pktinfo *)buf; 2890 2891 /* 2892 * An application can clear any sticky IPV6_PKTINFO option by 2893 * doing a "regular" setsockopt with ipi6_addr being 2894 * in6addr_any and ipi6_ifindex being zero. 2895 * [RFC 3542, Section 6] 2896 */ 2897 if (optname == IPV6_PKTINFO && opt->ip6po_pktinfo && 2898 pktinfo->ipi6_ifindex == 0 && 2899 IN6_IS_ADDR_UNSPECIFIED(&pktinfo->ipi6_addr)) { 2900 ip6_clearpktopts(opt, optname); 2901 break; 2902 } 2903 2904 if (uproto == IPPROTO_TCP && optname == IPV6_PKTINFO && 2905 sticky && !IN6_IS_ADDR_UNSPECIFIED(&pktinfo->ipi6_addr)) { 2906 return (EINVAL); 2907 } 2908 2909 /* validate the interface index if specified. */ 2910 if (pktinfo->ipi6_ifindex > if_index || 2911 pktinfo->ipi6_ifindex < 0) { 2912 return (ENXIO); 2913 } 2914 if (pktinfo->ipi6_ifindex) { 2915 ifp = ifnet_byindex(pktinfo->ipi6_ifindex); 2916 if (ifp == NULL) 2917 return (ENXIO); 2918 } 2919 2920 /* 2921 * We store the address anyway, and let in6_selectsrc() 2922 * validate the specified address. This is because ipi6_addr 2923 * may not have enough information about its scope zone, and 2924 * we may need additional information (such as outgoing 2925 * interface or the scope zone of a destination address) to 2926 * disambiguate the scope. 2927 * XXX: the delay of the validation may confuse the 2928 * application when it is used as a sticky option. 2929 */ 2930 if (opt->ip6po_pktinfo == NULL) { 2931 opt->ip6po_pktinfo = malloc(sizeof(*pktinfo), 2932 M_IP6OPT, M_NOWAIT); 2933 if (opt->ip6po_pktinfo == NULL) 2934 return (ENOBUFS); 2935 } 2936 bcopy(pktinfo, opt->ip6po_pktinfo, sizeof(*pktinfo)); 2937 break; 2938 } 2939 2940 case IPV6_2292HOPLIMIT: 2941 case IPV6_HOPLIMIT: 2942 { 2943 int *hlimp; 2944 2945 /* 2946 * RFC 3542 deprecated the usage of sticky IPV6_HOPLIMIT 2947 * to simplify the ordering among hoplimit options. 2948 */ 2949 if (optname == IPV6_HOPLIMIT && sticky) 2950 return (ENOPROTOOPT); 2951 2952 if (len != sizeof(int)) 2953 return (EINVAL); 2954 hlimp = (int *)buf; 2955 if (*hlimp < -1 || *hlimp > 255) 2956 return (EINVAL); 2957 2958 opt->ip6po_hlim = *hlimp; 2959 break; 2960 } 2961 2962 case IPV6_TCLASS: 2963 { 2964 int tclass; 2965 2966 if (len != sizeof(int)) 2967 return (EINVAL); 2968 tclass = *(int *)buf; 2969 if (tclass < -1 || tclass > 255) 2970 return (EINVAL); 2971 2972 opt->ip6po_tclass = tclass; 2973 break; 2974 } 2975 2976 case IPV6_2292NEXTHOP: 2977 case IPV6_NEXTHOP: 2978 if (!priv) 2979 return (EPERM); 2980 2981 if (len == 0) { /* just remove the option */ 2982 ip6_clearpktopts(opt, IPV6_NEXTHOP); 2983 break; 2984 } 2985 2986 /* check if cmsg_len is large enough for sa_len */ 2987 if (len < sizeof(struct sockaddr) || len < *buf) 2988 return (EINVAL); 2989 2990 switch (((struct sockaddr *)buf)->sa_family) { 2991 case AF_INET6: 2992 { 2993 struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)buf; 2994 int error; 2995 2996 if (sa6->sin6_len != sizeof(struct sockaddr_in6)) 2997 return (EINVAL); 2998 2999 if (IN6_IS_ADDR_UNSPECIFIED(&sa6->sin6_addr) || 3000 IN6_IS_ADDR_MULTICAST(&sa6->sin6_addr)) { 3001 return (EINVAL); 3002 } 3003 if ((error = sa6_embedscope(sa6, ip6_use_defzone)) 3004 != 0) { 3005 return (error); 3006 } 3007 break; 3008 } 3009 case AF_LINK: /* should eventually be supported */ 3010 default: 3011 return (EAFNOSUPPORT); 3012 } 3013 3014 /* turn off the previous option, then set the new option. */ 3015 ip6_clearpktopts(opt, IPV6_NEXTHOP); 3016 opt->ip6po_nexthop = malloc(*buf, M_IP6OPT, M_NOWAIT); 3017 if (opt->ip6po_nexthop == NULL) 3018 return (ENOBUFS); 3019 bcopy(buf, opt->ip6po_nexthop, *buf); 3020 break; 3021 3022 case IPV6_2292HOPOPTS: 3023 case IPV6_HOPOPTS: 3024 { 3025 struct ip6_hbh *hbh; 3026 int hbhlen; 3027 3028 /* 3029 * XXX: We don't allow a non-privileged user to set ANY HbH 3030 * options, since per-option restriction has too much 3031 * overhead. 3032 */ 3033 if (!priv) 3034 return (EPERM); 3035 3036 if (len == 0) { 3037 ip6_clearpktopts(opt, IPV6_HOPOPTS); 3038 break; /* just remove the option */ 3039 } 3040 3041 /* message length validation */ 3042 if (len < sizeof(struct ip6_hbh)) 3043 return (EINVAL); 3044 hbh = (struct ip6_hbh *)buf; 3045 hbhlen = (hbh->ip6h_len + 1) << 3; 3046 if (len != hbhlen) 3047 return (EINVAL); 3048 3049 /* turn off the previous option, then set the new option. */ 3050 ip6_clearpktopts(opt, IPV6_HOPOPTS); 3051 opt->ip6po_hbh = malloc(hbhlen, M_IP6OPT, M_NOWAIT); 3052 if (opt->ip6po_hbh == NULL) 3053 return (ENOBUFS); 3054 bcopy(hbh, opt->ip6po_hbh, hbhlen); 3055 3056 break; 3057 } 3058 3059 case IPV6_2292DSTOPTS: 3060 case IPV6_DSTOPTS: 3061 case IPV6_RTHDRDSTOPTS: 3062 { 3063 struct ip6_dest *dest, **newdest = NULL; 3064 int destlen; 3065 3066 if (!priv) /* XXX: see the comment for IPV6_HOPOPTS */ 3067 return (EPERM); 3068 3069 if (len == 0) { 3070 ip6_clearpktopts(opt, optname); 3071 break; /* just remove the option */ 3072 } 3073 3074 /* message length validation */ 3075 if (len < sizeof(struct ip6_dest)) 3076 return (EINVAL); 3077 dest = (struct ip6_dest *)buf; 3078 destlen = (dest->ip6d_len + 1) << 3; 3079 if (len != destlen) 3080 return (EINVAL); 3081 3082 /* 3083 * Determine the position that the destination options header 3084 * should be inserted; before or after the routing header. 3085 */ 3086 switch (optname) { 3087 case IPV6_2292DSTOPTS: 3088 /* 3089 * The old advacned API is ambiguous on this point. 3090 * Our approach is to determine the position based 3091 * according to the existence of a routing header. 3092 * Note, however, that this depends on the order of the 3093 * extension headers in the ancillary data; the 1st 3094 * part of the destination options header must appear 3095 * before the routing header in the ancillary data, 3096 * too. 3097 * RFC3542 solved the ambiguity by introducing 3098 * separate ancillary data or option types. 3099 */ 3100 if (opt->ip6po_rthdr == NULL) 3101 newdest = &opt->ip6po_dest1; 3102 else 3103 newdest = &opt->ip6po_dest2; 3104 break; 3105 case IPV6_RTHDRDSTOPTS: 3106 newdest = &opt->ip6po_dest1; 3107 break; 3108 case IPV6_DSTOPTS: 3109 newdest = &opt->ip6po_dest2; 3110 break; 3111 } 3112 3113 /* turn off the previous option, then set the new option. */ 3114 ip6_clearpktopts(opt, optname); 3115 *newdest = malloc(destlen, M_IP6OPT, M_NOWAIT); 3116 if (*newdest == NULL) 3117 return (ENOBUFS); 3118 bcopy(dest, *newdest, destlen); 3119 3120 break; 3121 } 3122 3123 case IPV6_2292RTHDR: 3124 case IPV6_RTHDR: 3125 { 3126 struct ip6_rthdr *rth; 3127 int rthlen; 3128 3129 if (len == 0) { 3130 ip6_clearpktopts(opt, IPV6_RTHDR); 3131 break; /* just remove the option */ 3132 } 3133 3134 /* message length validation */ 3135 if (len < sizeof(struct ip6_rthdr)) 3136 return (EINVAL); 3137 rth = (struct ip6_rthdr *)buf; 3138 rthlen = (rth->ip6r_len + 1) << 3; 3139 if (len != rthlen) 3140 return (EINVAL); 3141 3142 switch (rth->ip6r_type) { 3143 case IPV6_RTHDR_TYPE_0: 3144 if (rth->ip6r_len == 0) /* must contain one addr */ 3145 return (EINVAL); 3146 if (rth->ip6r_len % 2) /* length must be even */ 3147 return (EINVAL); 3148 if (rth->ip6r_len / 2 != rth->ip6r_segleft) 3149 return (EINVAL); 3150 break; 3151 default: 3152 return (EINVAL); /* not supported */ 3153 } 3154 3155 /* turn off the previous option */ 3156 ip6_clearpktopts(opt, IPV6_RTHDR); 3157 opt->ip6po_rthdr = malloc(rthlen, M_IP6OPT, M_NOWAIT); 3158 if (opt->ip6po_rthdr == NULL) 3159 return (ENOBUFS); 3160 bcopy(rth, opt->ip6po_rthdr, rthlen); 3161 3162 break; 3163 } 3164 3165 case IPV6_USE_MIN_MTU: 3166 if (len != sizeof(int)) 3167 return (EINVAL); 3168 minmtupolicy = *(int *)buf; 3169 if (minmtupolicy != IP6PO_MINMTU_MCASTONLY && 3170 minmtupolicy != IP6PO_MINMTU_DISABLE && 3171 minmtupolicy != IP6PO_MINMTU_ALL) { 3172 return (EINVAL); 3173 } 3174 opt->ip6po_minmtu = minmtupolicy; 3175 break; 3176 3177 case IPV6_DONTFRAG: 3178 if (len != sizeof(int)) 3179 return (EINVAL); 3180 3181 if (uproto == IPPROTO_TCP || *(int *)buf == 0) { 3182 /* 3183 * we ignore this option for TCP sockets. 3184 * (RFC3542 leaves this case unspecified.) 3185 */ 3186 opt->ip6po_flags &= ~IP6PO_DONTFRAG; 3187 } else 3188 opt->ip6po_flags |= IP6PO_DONTFRAG; 3189 break; 3190 3191 case IPV6_PREFER_TEMPADDR: 3192 if (len != sizeof(int)) 3193 return (EINVAL); 3194 preftemp = *(int *)buf; 3195 if (preftemp != IP6PO_TEMPADDR_SYSTEM && 3196 preftemp != IP6PO_TEMPADDR_NOTPREFER && 3197 preftemp != IP6PO_TEMPADDR_PREFER) { 3198 return (EINVAL); 3199 } 3200 opt->ip6po_prefer_tempaddr = preftemp; 3201 break; 3202 3203 default: 3204 return (ENOPROTOOPT); 3205 } /* end of switch */ 3206 3207 return (0); 3208 } 3209 3210 /* 3211 * Routine called from ip6_output() to loop back a copy of an IP6 multicast 3212 * packet to the input queue of a specified interface. Note that this 3213 * calls the output routine of the loopback "driver", but with an interface 3214 * pointer that might NOT be &loif -- easier than replicating that code here. 3215 */ 3216 void 3217 ip6_mloopback(struct ifnet *ifp, struct mbuf *m, struct sockaddr_in6 *dst) 3218 { 3219 struct mbuf *copym; 3220 struct ip6_hdr *ip6; 3221 3222 copym = m_copy(m, 0, M_COPYALL); 3223 if (copym == NULL) 3224 return; 3225 3226 /* 3227 * Make sure to deep-copy IPv6 header portion in case the data 3228 * is in an mbuf cluster, so that we can safely override the IPv6 3229 * header portion later. 3230 */ 3231 if ((copym->m_flags & M_EXT) != 0 || 3232 copym->m_len < sizeof(struct ip6_hdr)) { 3233 copym = m_pullup(copym, sizeof(struct ip6_hdr)); 3234 if (copym == NULL) 3235 return; 3236 } 3237 3238 #ifdef DIAGNOSTIC 3239 if (copym->m_len < sizeof(*ip6)) { 3240 m_freem(copym); 3241 return; 3242 } 3243 #endif 3244 3245 ip6 = mtod(copym, struct ip6_hdr *); 3246 /* 3247 * clear embedded scope identifiers if necessary. 3248 * in6_clearscope will touch the addresses only when necessary. 3249 */ 3250 in6_clearscope(&ip6->ip6_src); 3251 in6_clearscope(&ip6->ip6_dst); 3252 3253 (void)if_simloop(ifp, copym, dst->sin6_family, 0); 3254 } 3255 3256 /* 3257 * Chop IPv6 header off from the payload. 3258 */ 3259 static int 3260 ip6_splithdr(struct mbuf *m, struct ip6_exthdrs *exthdrs) 3261 { 3262 struct mbuf *mh; 3263 struct ip6_hdr *ip6; 3264 3265 ip6 = mtod(m, struct ip6_hdr *); 3266 if (m->m_len > sizeof(*ip6)) { 3267 MGETHDR(mh, M_DONTWAIT, MT_HEADER); 3268 if (mh == 0) { 3269 m_freem(m); 3270 return ENOBUFS; 3271 } 3272 M_MOVE_PKTHDR(mh, m); 3273 MH_ALIGN(mh, sizeof(*ip6)); 3274 m->m_len -= sizeof(*ip6); 3275 m->m_data += sizeof(*ip6); 3276 mh->m_next = m; 3277 m = mh; 3278 m->m_len = sizeof(*ip6); 3279 bcopy((caddr_t)ip6, mtod(m, caddr_t), sizeof(*ip6)); 3280 } 3281 exthdrs->ip6e_ip6 = m; 3282 return 0; 3283 } 3284 3285 /* 3286 * Compute IPv6 extension header length. 3287 */ 3288 int 3289 ip6_optlen(struct in6pcb *in6p) 3290 { 3291 int len; 3292 3293 if (!in6p->in6p_outputopts) 3294 return 0; 3295 3296 len = 0; 3297 #define elen(x) \ 3298 (((struct ip6_ext *)(x)) ? (((struct ip6_ext *)(x))->ip6e_len + 1) << 3 : 0) 3299 3300 len += elen(in6p->in6p_outputopts->ip6po_hbh); 3301 if (in6p->in6p_outputopts->ip6po_rthdr) 3302 /* dest1 is valid with rthdr only */ 3303 len += elen(in6p->in6p_outputopts->ip6po_dest1); 3304 len += elen(in6p->in6p_outputopts->ip6po_rthdr); 3305 len += elen(in6p->in6p_outputopts->ip6po_dest2); 3306 return len; 3307 #undef elen 3308 } 3309