1 /* 2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the project nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $FreeBSD$ 30 */ 31 32 /* 33 * Copyright (c) 1982, 1986, 1988, 1993 34 * The Regents of the University of California. All rights reserved. 35 * 36 * Redistribution and use in source and binary forms, with or without 37 * modification, are permitted provided that the following conditions 38 * are met: 39 * 1. Redistributions of source code must retain the above copyright 40 * notice, this list of conditions and the following disclaimer. 41 * 2. Redistributions in binary form must reproduce the above copyright 42 * notice, this list of conditions and the following disclaimer in the 43 * documentation and/or other materials provided with the distribution. 44 * 3. All advertising materials mentioning features or use of this software 45 * must display the following acknowledgement: 46 * This product includes software developed by the University of 47 * California, Berkeley and its contributors. 48 * 4. Neither the name of the University nor the names of its contributors 49 * may be used to endorse or promote products derived from this software 50 * without specific prior written permission. 51 * 52 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 53 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 54 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 55 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 56 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 57 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 58 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 59 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 60 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 61 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 62 * SUCH DAMAGE. 63 * 64 * @(#)raw_ip.c 8.2 (Berkeley) 1/4/94 65 */ 66 67 #include "opt_ipsec.h" 68 69 #include <stddef.h> 70 71 #include <sys/param.h> 72 #include <sys/malloc.h> 73 #include <sys/proc.h> 74 #include <sys/mbuf.h> 75 #include <sys/socket.h> 76 #include <sys/protosw.h> 77 #include <sys/socketvar.h> 78 #include <sys/errno.h> 79 #include <sys/systm.h> 80 81 #include <net/if.h> 82 #include <net/route.h> 83 #include <net/if_types.h> 84 85 #include <netinet/in.h> 86 #include <netinet/in_var.h> 87 #include <netinet/in_systm.h> 88 #include <netinet6/ip6.h> 89 #include <netinet6/ip6_var.h> 90 #include <netinet6/ip6_mroute.h> 91 #include <netinet6/icmp6.h> 92 #include <netinet/in_pcb.h> 93 #include <netinet6/in6_pcb.h> 94 #include <netinet6/nd6.h> 95 96 #ifdef IPSEC 97 #include <netinet6/ipsec.h> 98 #include <netinet6/ipsec6.h> 99 #endif /*IPSEC*/ 100 101 #include <machine/stdarg.h> 102 103 #include "faith.h" 104 105 #define satosin6(sa) ((struct sockaddr_in6 *)(sa)) 106 #define ifatoia6(ifa) ((struct in6_ifaddr *)(ifa)) 107 108 /* 109 * Raw interface to IP6 protocol. 110 */ 111 112 extern struct inpcbhead ripcb; 113 extern struct inpcbinfo ripcbinfo; 114 extern u_long rip_sendspace; 115 extern u_long rip_recvspace; 116 117 /* 118 * Setup generic address and protocol structures 119 * for raw_input routine, then pass them along with 120 * mbuf chain. 121 */ 122 int 123 rip6_input(mp, offp, proto) 124 struct mbuf **mp; 125 int *offp, proto; 126 { 127 struct mbuf *m = *mp; 128 register struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *); 129 register struct inpcb *in6p; 130 struct inpcb *last = 0; 131 struct mbuf *opts = 0; 132 struct sockaddr_in6 rip6src; 133 134 #if defined(NFAITH) && 0 < NFAITH 135 if (m->m_pkthdr.rcvif) { 136 if (m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 137 /* XXX send icmp6 host/port unreach? */ 138 m_freem(m); 139 return IPPROTO_DONE; 140 } 141 } 142 #endif 143 init_sin6(&rip6src, m); /* general init */ 144 145 LIST_FOREACH(in6p, &ripcb, inp_list) { 146 if ((in6p->in6p_vflag & INP_IPV6) == 0) 147 continue; 148 if (in6p->in6p_ip6_nxt && 149 in6p->in6p_ip6_nxt != proto) 150 continue; 151 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr) && 152 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr, &ip6->ip6_dst)) 153 continue; 154 if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr) && 155 !IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr, &ip6->ip6_src)) 156 continue; 157 if (in6p->in6p_cksum != -1 158 && in6_cksum(m, ip6->ip6_nxt, *offp, 159 m->m_pkthdr.len - *offp)) { 160 /* XXX bark something */ 161 continue; 162 } 163 if (last) { 164 struct mbuf *n = m_copy(m, 0, (int)M_COPYALL); 165 if (n) { 166 if (last->in6p_flags & IN6P_CONTROLOPTS || 167 last->in6p_socket->so_options & SO_TIMESTAMP) 168 ip6_savecontrol(last, &opts, ip6, n); 169 /* strip intermediate headers */ 170 m_adj(n, *offp); 171 if (sbappendaddr(&last->in6p_socket->so_rcv, 172 (struct sockaddr *)&rip6src, 173 n, opts) == 0) { 174 /* should notify about lost packet */ 175 m_freem(n); 176 if (opts) 177 m_freem(opts); 178 } else 179 sorwakeup(last->in6p_socket); 180 opts = NULL; 181 } 182 } 183 last = in6p; 184 } 185 if (last) { 186 if (last->in6p_flags & IN6P_CONTROLOPTS || 187 last->in6p_socket->so_options & SO_TIMESTAMP) 188 ip6_savecontrol(last, &opts, ip6, m); 189 /* strip intermediate headers */ 190 m_adj(m, *offp); 191 if (sbappendaddr(&last->in6p_socket->so_rcv, 192 (struct sockaddr *)&rip6src, m, opts) == 0) { 193 m_freem(m); 194 if (opts) 195 m_freem(opts); 196 } else 197 sorwakeup(last->in6p_socket); 198 } else { 199 if (proto == IPPROTO_NONE) 200 m_freem(m); 201 else { 202 char *prvnxtp = ip6_get_prevhdr(m, *offp); /* XXX */ 203 icmp6_error(m, ICMP6_PARAM_PROB, 204 ICMP6_PARAMPROB_NEXTHEADER, 205 prvnxtp - mtod(m, char *)); 206 } 207 ip6stat.ip6s_delivered--; 208 } 209 return IPPROTO_DONE; 210 } 211 212 /* 213 * Generate IPv6 header and pass packet to ip6_output. 214 * Tack on options user may have setup with control call. 215 */ 216 int 217 #if __STDC__ 218 rip6_output(struct mbuf *m, ...) 219 #else 220 rip6_output(m, va_alist) 221 struct mbuf *m; 222 va_dcl 223 #endif 224 { 225 struct socket *so; 226 struct sockaddr_in6 *dstsock; 227 struct mbuf *control; 228 struct in6_addr *dst; 229 struct ip6_hdr *ip6; 230 struct inpcb *in6p; 231 u_int plen = m->m_pkthdr.len; 232 int error = 0; 233 struct ip6_pktopts opt, *optp = 0; 234 struct ifnet *oifp = NULL; 235 int type = 0, code = 0; /* for ICMPv6 output statistics only */ 236 int priv = 0; 237 va_list ap; 238 239 va_start(ap, m); 240 so = va_arg(ap, struct socket *); 241 dstsock = va_arg(ap, struct sockaddr_in6 *); 242 control = va_arg(ap, struct mbuf *); 243 va_end(ap); 244 245 in6p = sotoin6pcb(so); 246 247 priv = 0; 248 if (so->so_cred->cr_uid == 0) 249 priv = 1; 250 dst = &dstsock->sin6_addr; 251 if (control) { 252 if ((error = ip6_setpktoptions(control, &opt, priv)) != 0) 253 goto bad; 254 optp = &opt; 255 } else 256 optp = in6p->in6p_outputopts; 257 258 /* 259 * For an ICMPv6 packet, we should know its type and code 260 * to update statistics. 261 */ 262 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) { 263 struct icmp6_hdr *icmp6; 264 if (m->m_len < sizeof(struct icmp6_hdr) && 265 (m = m_pullup(m, sizeof(struct icmp6_hdr))) == NULL) { 266 error = ENOBUFS; 267 goto bad; 268 } 269 icmp6 = mtod(m, struct icmp6_hdr *); 270 type = icmp6->icmp6_type; 271 code = icmp6->icmp6_code; 272 } 273 274 M_PREPEND(m, sizeof(*ip6), M_WAIT); 275 ip6 = mtod(m, struct ip6_hdr *); 276 277 /* 278 * Next header might not be ICMP6 but use its pseudo header anyway. 279 */ 280 ip6->ip6_dst = *dst; 281 282 /* 283 * If the scope of the destination is link-local, embed the interface 284 * index in the address. 285 * 286 * XXX advanced-api value overrides sin6_scope_id 287 */ 288 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst)) { 289 struct in6_pktinfo *pi; 290 291 /* 292 * XXX Boundary check is assumed to be already done in 293 * ip6_setpktoptions(). 294 */ 295 if (optp && (pi = optp->ip6po_pktinfo) && pi->ipi6_ifindex) { 296 ip6->ip6_dst.s6_addr16[1] = htons(pi->ipi6_ifindex); 297 oifp = ifindex2ifnet[pi->ipi6_ifindex]; 298 } else if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) && 299 in6p->in6p_moptions && 300 in6p->in6p_moptions->im6o_multicast_ifp) { 301 oifp = in6p->in6p_moptions->im6o_multicast_ifp; 302 ip6->ip6_dst.s6_addr16[1] = htons(oifp->if_index); 303 } else if (dstsock->sin6_scope_id) { 304 /* boundary check */ 305 if (dstsock->sin6_scope_id < 0 306 || if_index < dstsock->sin6_scope_id) { 307 error = ENXIO; /* XXX EINVAL? */ 308 goto bad; 309 } 310 ip6->ip6_dst.s6_addr16[1] 311 = htons(dstsock->sin6_scope_id & 0xffff);/*XXX*/ 312 } 313 } 314 315 /* 316 * Source address selection. 317 */ 318 { 319 struct in6_addr *in6a; 320 321 if ((in6a = in6_selectsrc(dstsock, optp, 322 in6p->in6p_moptions, 323 &in6p->in6p_route, 324 &in6p->in6p_laddr, 325 &error)) == 0) { 326 if (error == 0) 327 error = EADDRNOTAVAIL; 328 goto bad; 329 } 330 ip6->ip6_src = *in6a; 331 if (in6p->in6p_route.ro_rt) 332 oifp = ifindex2ifnet[in6p->in6p_route.ro_rt->rt_ifp->if_index]; 333 } 334 ip6->ip6_flow = (ip6->ip6_flow & ~IPV6_FLOWINFO_MASK) | 335 (in6p->in6p_flowinfo & IPV6_FLOWINFO_MASK); 336 ip6->ip6_vfc = (ip6->ip6_vfc & ~IPV6_VERSION_MASK) | 337 (IPV6_VERSION & IPV6_VERSION_MASK); 338 /* ip6_plen will be filled in ip6_output, so not fill it here. */ 339 ip6->ip6_nxt = in6p->in6p_ip6_nxt; 340 ip6->ip6_hlim = in6_selecthlim(in6p, oifp); 341 342 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6 || 343 in6p->in6p_cksum != -1) { 344 struct mbuf *n; 345 int off; 346 u_int16_t *p; 347 348 #define offsetof(type, member) ((size_t)(&((type *)0)->member)) /* XXX */ 349 350 /* compute checksum */ 351 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) 352 off = offsetof(struct icmp6_hdr, icmp6_cksum); 353 else 354 off = in6p->in6p_cksum; 355 if (plen < off + 1) { 356 error = EINVAL; 357 goto bad; 358 } 359 off += sizeof(struct ip6_hdr); 360 361 n = m; 362 while (n && n->m_len <= off) { 363 off -= n->m_len; 364 n = n->m_next; 365 } 366 if (!n) 367 goto bad; 368 p = (u_int16_t *)(mtod(n, caddr_t) + off); 369 *p = 0; 370 *p = in6_cksum(m, ip6->ip6_nxt, sizeof(*ip6), plen); 371 } 372 373 #ifdef IPSEC 374 m->m_pkthdr.rcvif = (struct ifnet *)so; 375 #endif /*IPSEC*/ 376 377 error = ip6_output(m, optp, &in6p->in6p_route, IPV6_SOCKINMRCVIF, 378 in6p->in6p_moptions, &oifp); 379 if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) { 380 if (oifp) 381 icmp6_ifoutstat_inc(oifp, type, code); 382 icmp6stat.icp6s_outhist[type]++; 383 } 384 385 goto freectl; 386 387 bad: 388 if (m) 389 m_freem(m); 390 391 freectl: 392 if (optp == &opt && optp->ip6po_rthdr && optp->ip6po_route.ro_rt) 393 RTFREE(optp->ip6po_route.ro_rt); 394 if (control) 395 m_freem(control); 396 return(error); 397 } 398 399 /* 400 * Raw IPv6 socket option processing. 401 */ 402 int 403 rip6_ctloutput(so, sopt) 404 struct socket *so; 405 struct sockopt *sopt; 406 { 407 int error; 408 409 if (sopt->sopt_level == IPPROTO_ICMPV6) 410 /* 411 * XXX: is it better to call icmp6_ctloutput() directly 412 * from protosw? 413 */ 414 return(icmp6_ctloutput(so, sopt)); 415 else if (sopt->sopt_level != IPPROTO_IPV6) 416 return (EINVAL); 417 418 error = 0; 419 420 switch (sopt->sopt_dir) { 421 case SOPT_GET: 422 switch (sopt->sopt_name) { 423 case MRT6_INIT: 424 case MRT6_DONE: 425 case MRT6_ADD_MIF: 426 case MRT6_DEL_MIF: 427 case MRT6_ADD_MFC: 428 case MRT6_DEL_MFC: 429 case MRT6_PIM: 430 error = ip6_mrouter_get(so, sopt); 431 break; 432 default: 433 error = ip6_ctloutput(so, sopt); 434 break; 435 } 436 break; 437 438 case SOPT_SET: 439 switch (sopt->sopt_name) { 440 case MRT6_INIT: 441 case MRT6_DONE: 442 case MRT6_ADD_MIF: 443 case MRT6_DEL_MIF: 444 case MRT6_ADD_MFC: 445 case MRT6_DEL_MFC: 446 case MRT6_PIM: 447 error = ip6_mrouter_set(so, sopt); 448 break; 449 default: 450 error = ip6_ctloutput(so, sopt); 451 break; 452 } 453 break; 454 } 455 456 return (error); 457 } 458 459 static int 460 rip6_attach(struct socket *so, int proto, struct proc *p) 461 { 462 struct inpcb *inp; 463 int error, s; 464 465 inp = sotoinpcb(so); 466 if (inp) 467 panic("rip6_attach"); 468 if (p && (error = suser(p)) != 0) 469 return error; 470 471 error = soreserve(so, rip_sendspace, rip_recvspace); 472 if (error) 473 return error; 474 s = splnet(); 475 error = in_pcballoc(so, &ripcbinfo, p); 476 splx(s); 477 if (error) 478 return error; 479 inp = (struct inpcb *)so->so_pcb; 480 inp->inp_vflag |= INP_IPV6; 481 inp->in6p_ip6_nxt = (long)proto; 482 inp->in6p_hops = -1; /* use kernel default */ 483 inp->in6p_cksum = -1; 484 #ifdef IPSEC 485 error = ipsec_init_policy(so, &inp->in6p_sp); 486 if (error != 0) { 487 in6_pcbdetach(inp); 488 return (error); 489 } 490 #endif /*IPSEC*/ 491 MALLOC(inp->in6p_icmp6filt, struct icmp6_filter *, 492 sizeof(struct icmp6_filter), M_PCB, M_NOWAIT); 493 ICMP6_FILTER_SETPASSALL(inp->in6p_icmp6filt); 494 return 0; 495 } 496 497 static int 498 rip6_detach(struct socket *so) 499 { 500 struct inpcb *inp; 501 502 inp = sotoinpcb(so); 503 if (inp == 0) 504 panic("rip6_detach"); 505 /* xxx: RSVP */ 506 if (so == ip6_mrouter) 507 ip6_mrouter_done(); 508 if (inp->in6p_icmp6filt) { 509 FREE(inp->in6p_icmp6filt, M_PCB); 510 inp->in6p_icmp6filt = NULL; 511 } 512 in6_pcbdetach(inp); 513 return 0; 514 } 515 516 static int 517 rip6_abort(struct socket *so) 518 { 519 soisdisconnected(so); 520 return rip6_detach(so); 521 } 522 523 static int 524 rip6_disconnect(struct socket *so) 525 { 526 struct inpcb *inp = sotoinpcb(so); 527 528 if ((so->so_state & SS_ISCONNECTED) == 0) 529 return ENOTCONN; 530 inp->in6p_faddr = in6addr_any; 531 return rip6_abort(so); 532 } 533 534 static int 535 rip6_bind(struct socket *so, struct sockaddr *nam, struct proc *p) 536 { 537 struct inpcb *inp = sotoinpcb(so); 538 struct sockaddr_in6 *addr = (struct sockaddr_in6 *)nam; 539 struct ifaddr *ia = NULL; 540 541 if (nam->sa_len != sizeof(*addr)) 542 return EINVAL; 543 544 if (TAILQ_EMPTY(&ifnet) || addr->sin6_family != AF_INET6) 545 return EADDRNOTAVAIL; 546 if (!IN6_IS_ADDR_UNSPECIFIED(&addr->sin6_addr) && 547 (ia = ifa_ifwithaddr((struct sockaddr *)addr)) == 0) 548 return EADDRNOTAVAIL; 549 if (ia && 550 ((struct in6_ifaddr *)ia)->ia6_flags & 551 (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY| 552 IN6_IFF_DETACHED|IN6_IFF_DEPRECATED)) { 553 return(EADDRNOTAVAIL); 554 } 555 inp->in6p_laddr = addr->sin6_addr; 556 return 0; 557 } 558 559 static int 560 rip6_connect(struct socket *so, struct sockaddr *nam, struct proc *p) 561 { 562 struct inpcb *inp = sotoinpcb(so); 563 struct sockaddr_in6 *addr = (struct sockaddr_in6 *)nam; 564 struct in6_addr *in6a = NULL; 565 int error = 0; 566 567 if (nam->sa_len != sizeof(*addr)) 568 return EINVAL; 569 if (TAILQ_EMPTY(&ifnet)) 570 return EADDRNOTAVAIL; 571 if (addr->sin6_family != AF_INET6) 572 return EAFNOSUPPORT; 573 574 /* Source address selection. XXX: need pcblookup? */ 575 in6a = in6_selectsrc(addr, inp->in6p_outputopts, 576 inp->in6p_moptions, &inp->in6p_route, 577 &inp->in6p_laddr, &error); 578 if (in6a == NULL) 579 return (error ? error : EADDRNOTAVAIL); 580 inp->in6p_laddr = *in6a; 581 inp->in6p_faddr = addr->sin6_addr; 582 soisconnected(so); 583 return 0; 584 } 585 586 static int 587 rip6_shutdown(struct socket *so) 588 { 589 socantsendmore(so); 590 return 0; 591 } 592 593 static int 594 rip6_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *nam, 595 struct mbuf *control, struct proc *p) 596 { 597 struct inpcb *inp = sotoinpcb(so); 598 struct sockaddr_in6 tmp; 599 struct sockaddr_in6 *dst; 600 601 if (so->so_state & SS_ISCONNECTED) { 602 if (nam) { 603 m_freem(m); 604 return EISCONN; 605 } 606 /* XXX */ 607 bzero(&tmp, sizeof(tmp)); 608 tmp.sin6_family = AF_INET6; 609 tmp.sin6_len = sizeof(struct sockaddr_in6); 610 bcopy(&inp->in6p_faddr, &tmp.sin6_addr, 611 sizeof(struct in6_addr)); 612 dst = &tmp; 613 } else { 614 if (nam == NULL) { 615 m_freem(m); 616 return ENOTCONN; 617 } 618 dst = (struct sockaddr_in6 *)nam; 619 } 620 return rip6_output(m, so, dst, control); 621 } 622 623 struct pr_usrreqs rip6_usrreqs = { 624 rip6_abort, pru_accept_notsupp, rip6_attach, rip6_bind, rip6_connect, 625 pru_connect2_notsupp, in6_control, rip6_detach, rip6_disconnect, 626 pru_listen_notsupp, in6_setpeeraddr, pru_rcvd_notsupp, 627 pru_rcvoob_notsupp, rip6_send, pru_sense_null, rip6_shutdown, 628 in6_setsockaddr, sosend, soreceive, sopoll 629 }; 630