1 /* $FreeBSD: src/sys/netinet6/ip6_output.c,v 1.13.2.18 2003/01/24 05:11:35 sam Exp $ */
2 /* $DragonFly: src/sys/netinet6/ip6_output.c,v 1.2 2003/06/17 04:28:52 dillon Exp $ */
3 /* $KAME: ip6_output.c,v 1.279 2002/01/26 06:12:30 jinmei Exp $ */
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * Copyright (c) 1982, 1986, 1988, 1990, 1993
36 * The Regents of the University of California. All rights reserved.
38 * Redistribution and use in source and binary forms, with or without
39 * modification, are permitted provided that the following conditions
41 * 1. Redistributions of source code must retain the above copyright
42 * notice, this list of conditions and the following disclaimer.
43 * 2. Redistributions in binary form must reproduce the above copyright
44 * notice, this list of conditions and the following disclaimer in the
45 * documentation and/or other materials provided with the distribution.
46 * 3. All advertising materials mentioning features or use of this software
47 * must display the following acknowledgement:
48 * This product includes software developed by the University of
49 * California, Berkeley and its contributors.
50 * 4. Neither the name of the University nor the names of its contributors
51 * may be used to endorse or promote products derived from this software
52 * without specific prior written permission.
54 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
55 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
57 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
58 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
59 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
60 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
62 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
63 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
66 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94
69 #include "opt_ip6fw.h"
71 #include "opt_inet6.h"
72 #include "opt_ipsec.h"
74 #include <sys/param.h>
75 #include <sys/malloc.h>
77 #include <sys/errno.h>
78 #include <sys/protosw.h>
79 #include <sys/socket.h>
80 #include <sys/socketvar.h>
81 #include <sys/systm.h>
82 #include <sys/kernel.h>
86 #include <net/route.h>
88 #include <netinet/in.h>
89 #include <netinet/in_var.h>
90 #include <netinet6/in6_var.h>
91 #include <netinet/ip6.h>
92 #include <netinet/icmp6.h>
93 #include <netinet6/ip6_var.h>
94 #include <netinet/in_pcb.h>
95 #include <netinet6/nd6.h>
98 #include <netinet6/ipsec.h>
100 #include <netinet6/ipsec6.h>
102 #include <netkey/key.h>
106 #include <netipsec/ipsec.h>
107 #include <netipsec/ipsec6.h>
108 #include <netipsec/key.h>
109 #endif /* FAST_IPSEC */
111 #include <netinet6/ip6_fw.h>
113 #include <net/net_osdep.h>
115 extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **));
117 static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options");
120 struct mbuf *ip6e_ip6;
121 struct mbuf *ip6e_hbh;
122 struct mbuf *ip6e_dest1;
123 struct mbuf *ip6e_rthdr;
124 struct mbuf *ip6e_dest2;
127 static int ip6_pcbopts __P((struct ip6_pktopts **, struct mbuf *,
128 struct socket *, struct sockopt *sopt));
129 static int ip6_setmoptions __P((int, struct ip6_moptions **, struct mbuf *));
130 static int ip6_getmoptions __P((int, struct ip6_moptions *, struct mbuf **));
131 static int ip6_copyexthdr __P((struct mbuf **, caddr_t, int));
132 static int ip6_insertfraghdr __P((struct mbuf *, struct mbuf *, int,
133 struct ip6_frag **));
134 static int ip6_insert_jumboopt __P((struct ip6_exthdrs *, u_int32_t));
135 static int ip6_splithdr __P((struct mbuf *, struct ip6_exthdrs *));
138 * IP6 output. The packet in mbuf chain m contains a skeletal IP6
139 * header (with pri, len, nxt, hlim, src, dst).
140 * This function may modify ver and hlim only.
141 * The mbuf chain containing the packet will be freed.
142 * The mbuf opt, if present, will not be freed.
144 * type of "mtu": rt_rmx.rmx_mtu is u_long, ifnet.ifr_mtu is int, and
145 * nd_ifinfo.linkmtu is u_int32_t. so we use u_long to hold largest one,
146 * which is rt_rmx.rmx_mtu.
149 ip6_output(m0, opt, ro, flags, im6o, ifpp, inp)
151 struct ip6_pktopts *opt;
152 struct route_in6 *ro;
154 struct ip6_moptions *im6o;
155 struct ifnet **ifpp; /* XXX: just for statistics */
158 struct ip6_hdr *ip6, *mhip6;
159 struct ifnet *ifp, *origifp;
161 int hlen, tlen, len, off;
162 struct route_in6 ip6route;
163 struct sockaddr_in6 *dst;
165 struct in6_ifaddr *ia = NULL;
167 u_int32_t optlen = 0, plen = 0, unfragpartlen = 0;
168 struct ip6_exthdrs exthdrs;
169 struct in6_addr finaldst;
170 struct route_in6 *ro_pmtu = NULL;
174 int needipsectun = 0;
175 struct secpolicy *sp = NULL;
176 struct socket *so = inp ? inp->inp_socket : NULL;
178 ip6 = mtod(m, struct ip6_hdr *);
181 int needipsectun = 0;
182 struct secpolicy *sp = NULL;
184 ip6 = mtod(m, struct ip6_hdr *);
185 #endif /* FAST_IPSEC */
187 #define MAKE_EXTHDR(hp, mp) \
190 struct ip6_ext *eh = (struct ip6_ext *)(hp); \
191 error = ip6_copyexthdr((mp), (caddr_t)(hp), \
192 ((eh)->ip6e_len + 1) << 3); \
198 bzero(&exthdrs, sizeof(exthdrs));
201 /* Hop-by-Hop options header */
202 MAKE_EXTHDR(opt->ip6po_hbh, &exthdrs.ip6e_hbh);
203 /* Destination options header(1st part) */
204 MAKE_EXTHDR(opt->ip6po_dest1, &exthdrs.ip6e_dest1);
206 MAKE_EXTHDR(opt->ip6po_rthdr, &exthdrs.ip6e_rthdr);
207 /* Destination options header(2nd part) */
208 MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2);
212 /* get a security policy for this packet */
214 sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
216 sp = ipsec6_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error);
219 ipsec6stat.out_inval++;
226 switch (sp->policy) {
227 case IPSEC_POLICY_DISCARD:
229 * This packet is just discarded.
231 ipsec6stat.out_polvio++;
234 case IPSEC_POLICY_BYPASS:
235 case IPSEC_POLICY_NONE:
236 /* no need to do IPsec. */
240 case IPSEC_POLICY_IPSEC:
241 if (sp->req == NULL) {
242 /* acquire a policy */
243 error = key_spdacquire(sp);
249 case IPSEC_POLICY_ENTRUST:
251 printf("ip6_output: Invalid policy found. %d\n", sp->policy);
255 /* get a security policy for this packet */
257 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
259 sp = ipsec_getpolicybysock(m, IPSEC_DIR_OUTBOUND, inp, &error);
262 newipsecstat.ips_out_inval++;
269 switch (sp->policy) {
270 case IPSEC_POLICY_DISCARD:
272 * This packet is just discarded.
274 newipsecstat.ips_out_polvio++;
277 case IPSEC_POLICY_BYPASS:
278 case IPSEC_POLICY_NONE:
279 /* no need to do IPsec. */
283 case IPSEC_POLICY_IPSEC:
284 if (sp->req == NULL) {
285 /* acquire a policy */
286 error = key_spdacquire(sp);
292 case IPSEC_POLICY_ENTRUST:
294 printf("ip6_output: Invalid policy found. %d\n", sp->policy);
296 #endif /* FAST_IPSEC */
299 * Calculate the total length of the extension header chain.
300 * Keep the length of the unfragmentable part for fragmentation.
303 if (exthdrs.ip6e_hbh) optlen += exthdrs.ip6e_hbh->m_len;
304 if (exthdrs.ip6e_dest1) optlen += exthdrs.ip6e_dest1->m_len;
305 if (exthdrs.ip6e_rthdr) optlen += exthdrs.ip6e_rthdr->m_len;
306 unfragpartlen = optlen + sizeof(struct ip6_hdr);
307 /* NOTE: we don't add AH/ESP length here. do that later. */
308 if (exthdrs.ip6e_dest2) optlen += exthdrs.ip6e_dest2->m_len;
311 * If we need IPsec, or there is at least one extension header,
312 * separate IP6 header from the payload.
314 if ((needipsec || optlen) && !hdrsplit) {
315 if ((error = ip6_splithdr(m, &exthdrs)) != 0) {
319 m = exthdrs.ip6e_ip6;
324 ip6 = mtod(m, struct ip6_hdr *);
326 /* adjust mbuf packet header length */
327 m->m_pkthdr.len += optlen;
328 plen = m->m_pkthdr.len - sizeof(*ip6);
330 /* If this is a jumbo payload, insert a jumbo payload option. */
331 if (plen > IPV6_MAXPACKET) {
333 if ((error = ip6_splithdr(m, &exthdrs)) != 0) {
337 m = exthdrs.ip6e_ip6;
341 ip6 = mtod(m, struct ip6_hdr *);
342 if ((error = ip6_insert_jumboopt(&exthdrs, plen)) != 0)
346 ip6->ip6_plen = htons(plen);
349 * Concatenate headers and fill in next header fields.
350 * Here we have, on "m"
352 * and we insert headers accordingly. Finally, we should be getting:
353 * IPv6 hbh dest1 rthdr ah* [esp* dest2 payload]
355 * during the header composing process, "m" points to IPv6 header.
356 * "mprev" points to an extension header prior to esp.
359 u_char *nexthdrp = &ip6->ip6_nxt;
360 struct mbuf *mprev = m;
363 * we treat dest2 specially. this makes IPsec processing
364 * much easier. the goal here is to make mprev point the
365 * mbuf prior to dest2.
367 * result: IPv6 dest2 payload
368 * m and mprev will point to IPv6 header.
370 if (exthdrs.ip6e_dest2) {
372 panic("assumption failed: hdr not split");
373 exthdrs.ip6e_dest2->m_next = m->m_next;
374 m->m_next = exthdrs.ip6e_dest2;
375 *mtod(exthdrs.ip6e_dest2, u_char *) = ip6->ip6_nxt;
376 ip6->ip6_nxt = IPPROTO_DSTOPTS;
379 #define MAKE_CHAIN(m, mp, p, i)\
383 panic("assumption failed: hdr not split"); \
384 *mtod((m), u_char *) = *(p);\
386 p = mtod((m), u_char *);\
387 (m)->m_next = (mp)->m_next;\
393 * result: IPv6 hbh dest1 rthdr dest2 payload
394 * m will point to IPv6 header. mprev will point to the
395 * extension header prior to dest2 (rthdr in the above case).
397 MAKE_CHAIN(exthdrs.ip6e_hbh, mprev,
398 nexthdrp, IPPROTO_HOPOPTS);
399 MAKE_CHAIN(exthdrs.ip6e_dest1, mprev,
400 nexthdrp, IPPROTO_DSTOPTS);
401 MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev,
402 nexthdrp, IPPROTO_ROUTING);
404 #if defined(IPSEC) || defined(FAST_IPSEC)
409 * pointers after IPsec headers are not valid any more.
410 * other pointers need a great care too.
411 * (IPsec routines should not mangle mbufs prior to AH/ESP)
413 exthdrs.ip6e_dest2 = NULL;
416 struct ip6_rthdr *rh = NULL;
418 struct ipsec_output_state state;
420 if (exthdrs.ip6e_rthdr) {
421 rh = mtod(exthdrs.ip6e_rthdr, struct ip6_rthdr *);
422 segleft_org = rh->ip6r_segleft;
423 rh->ip6r_segleft = 0;
426 bzero(&state, sizeof(state));
428 error = ipsec6_output_trans(&state, nexthdrp, mprev, sp, flags,
432 /* mbuf is already reclaimed in ipsec6_output_trans. */
442 printf("ip6_output (ipsec): error code %d\n", error);
445 /* don't show these error codes to the user */
451 if (exthdrs.ip6e_rthdr) {
452 /* ah6_output doesn't modify mbuf chain */
453 rh->ip6r_segleft = segleft_org;
461 * If there is a routing header, replace destination address field
462 * with the first hop of the routing header.
464 if (exthdrs.ip6e_rthdr) {
465 struct ip6_rthdr *rh =
466 (struct ip6_rthdr *)(mtod(exthdrs.ip6e_rthdr,
467 struct ip6_rthdr *));
468 struct ip6_rthdr0 *rh0;
470 finaldst = ip6->ip6_dst;
471 switch (rh->ip6r_type) {
472 case IPV6_RTHDR_TYPE_0:
473 rh0 = (struct ip6_rthdr0 *)rh;
474 ip6->ip6_dst = rh0->ip6r0_addr[0];
475 bcopy((caddr_t)&rh0->ip6r0_addr[1],
476 (caddr_t)&rh0->ip6r0_addr[0],
477 sizeof(struct in6_addr)*(rh0->ip6r0_segleft - 1)
479 rh0->ip6r0_addr[rh0->ip6r0_segleft - 1] = finaldst;
481 default: /* is it possible? */
487 /* Source address validation */
488 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) &&
489 (flags & IPV6_DADOUTPUT) == 0) {
491 ip6stat.ip6s_badscope++;
494 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) {
496 ip6stat.ip6s_badscope++;
500 ip6stat.ip6s_localout++;
507 bzero((caddr_t)ro, sizeof(*ro));
510 if (opt && opt->ip6po_rthdr)
511 ro = &opt->ip6po_route;
512 dst = (struct sockaddr_in6 *)&ro->ro_dst;
514 * If there is a cached route,
515 * check that it is to the same destination
516 * and is still up. If not, free it and try again.
518 if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
519 dst->sin6_family != AF_INET6 ||
520 !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &ip6->ip6_dst))) {
522 ro->ro_rt = (struct rtentry *)0;
524 if (ro->ro_rt == 0) {
525 bzero(dst, sizeof(*dst));
526 dst->sin6_family = AF_INET6;
527 dst->sin6_len = sizeof(struct sockaddr_in6);
528 dst->sin6_addr = ip6->ip6_dst;
530 /* XXX: sin6_scope_id should already be fixed at this point */
531 if (IN6_IS_SCOPE_LINKLOCAL(&dst->sin6_addr))
532 dst->sin6_scope_id = ntohs(dst->sin6_addr.s6_addr16[1]);
535 #if defined(IPSEC) || defined(FAST_IPSEC)
536 if (needipsec && needipsectun) {
537 struct ipsec_output_state state;
540 * All the extension headers will become inaccessible
541 * (since they can be encrypted).
542 * Don't panic, we need no more updates to extension headers
543 * on inner IPv6 packet (since they are now encapsulated).
545 * IPv6 [ESP|AH] IPv6 [extension headers] payload
547 bzero(&exthdrs, sizeof(exthdrs));
548 exthdrs.ip6e_ip6 = m;
550 bzero(&state, sizeof(state));
552 state.ro = (struct route *)ro;
553 state.dst = (struct sockaddr *)dst;
555 error = ipsec6_output_tunnel(&state, sp, flags);
558 ro = (struct route_in6 *)state.ro;
559 dst = (struct sockaddr_in6 *)state.dst;
561 /* mbuf is already reclaimed in ipsec6_output_tunnel. */
572 printf("ip6_output (ipsec): error code %d\n", error);
575 /* don't show these error codes to the user */
582 exthdrs.ip6e_ip6 = m;
586 if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
589 #define ifatoia6(ifa) ((struct in6_ifaddr *)(ifa))
590 #define sin6tosa(sin6) ((struct sockaddr *)(sin6))
592 * interface selection comes here
593 * if an interface is specified from an upper layer,
596 if (ro->ro_rt == 0) {
598 * non-bsdi always clone routes, if parent is
601 rtalloc((struct route *)ro);
603 if (ro->ro_rt == 0) {
604 ip6stat.ip6s_noroute++;
605 error = EHOSTUNREACH;
606 /* XXX in6_ifstat_inc(ifp, ifs6_out_discard); */
609 ia = ifatoia6(ro->ro_rt->rt_ifa);
610 ifp = ro->ro_rt->rt_ifp;
612 if (ro->ro_rt->rt_flags & RTF_GATEWAY)
613 dst = (struct sockaddr_in6 *)ro->ro_rt->rt_gateway;
614 m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */
616 in6_ifstat_inc(ifp, ifs6_out_request);
619 * Check if the outgoing interface conflicts with
620 * the interface specified by ifi6_ifindex (if specified).
621 * Note that loopback interface is always okay.
622 * (this may happen when we are sending a packet to one of
623 * our own addresses.)
625 if (opt && opt->ip6po_pktinfo
626 && opt->ip6po_pktinfo->ipi6_ifindex) {
627 if (!(ifp->if_flags & IFF_LOOPBACK)
628 && ifp->if_index != opt->ip6po_pktinfo->ipi6_ifindex) {
629 ip6stat.ip6s_noroute++;
630 in6_ifstat_inc(ifp, ifs6_out_discard);
631 error = EHOSTUNREACH;
636 if (opt && opt->ip6po_hlim != -1)
637 ip6->ip6_hlim = opt->ip6po_hlim & 0xff;
640 struct in6_multi *in6m;
642 m->m_flags = (m->m_flags & ~M_BCAST) | M_MCAST;
645 * See if the caller provided any multicast options
649 ip6->ip6_hlim = im6o->im6o_multicast_hlim;
650 if (im6o->im6o_multicast_ifp != NULL)
651 ifp = im6o->im6o_multicast_ifp;
653 ip6->ip6_hlim = ip6_defmcasthlim;
656 * See if the caller provided the outgoing interface
657 * as an ancillary data.
658 * Boundary check for ifindex is assumed to be already done.
660 if (opt && opt->ip6po_pktinfo && opt->ip6po_pktinfo->ipi6_ifindex)
661 ifp = ifindex2ifnet[opt->ip6po_pktinfo->ipi6_ifindex];
664 * If the destination is a node-local scope multicast,
665 * the packet should be loop-backed only.
667 if (IN6_IS_ADDR_MC_NODELOCAL(&ip6->ip6_dst)) {
669 * If the outgoing interface is already specified,
670 * it should be a loopback interface.
672 if (ifp && (ifp->if_flags & IFF_LOOPBACK) == 0) {
673 ip6stat.ip6s_badscope++;
674 error = ENETUNREACH; /* XXX: better error? */
675 /* XXX correct ifp? */
676 in6_ifstat_inc(ifp, ifs6_out_discard);
683 if (opt && opt->ip6po_hlim != -1)
684 ip6->ip6_hlim = opt->ip6po_hlim & 0xff;
687 * If caller did not provide an interface lookup a
688 * default in the routing table. This is either a
689 * default for the speicfied group (i.e. a host
690 * route), or a multicast default (a route for the
694 if (ro->ro_rt == 0) {
695 ro->ro_rt = rtalloc1((struct sockaddr *)
696 &ro->ro_dst, 0, 0UL);
698 if (ro->ro_rt == 0) {
699 ip6stat.ip6s_noroute++;
700 error = EHOSTUNREACH;
701 /* XXX in6_ifstat_inc(ifp, ifs6_out_discard) */
704 ia = ifatoia6(ro->ro_rt->rt_ifa);
705 ifp = ro->ro_rt->rt_ifp;
709 if ((flags & IPV6_FORWARDING) == 0)
710 in6_ifstat_inc(ifp, ifs6_out_request);
711 in6_ifstat_inc(ifp, ifs6_out_mcast);
714 * Confirm that the outgoing interface supports multicast.
716 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
717 ip6stat.ip6s_noroute++;
718 in6_ifstat_inc(ifp, ifs6_out_discard);
722 IN6_LOOKUP_MULTI(ip6->ip6_dst, ifp, in6m);
724 (im6o == NULL || im6o->im6o_multicast_loop)) {
726 * If we belong to the destination multicast group
727 * on the outgoing interface, and the caller did not
728 * forbid loopback, loop back a copy.
730 ip6_mloopback(ifp, m, dst);
733 * If we are acting as a multicast router, perform
734 * multicast forwarding as if the packet had just
735 * arrived on the interface to which we are about
736 * to send. The multicast forwarding function
737 * recursively calls this function, using the
738 * IPV6_FORWARDING flag to prevent infinite recursion.
740 * Multicasts that are looped back by ip6_mloopback(),
741 * above, will be forwarded by the ip6_input() routine,
744 if (ip6_mrouter && (flags & IPV6_FORWARDING) == 0) {
745 if (ip6_mforward(ip6, ifp, m) != 0) {
752 * Multicasts with a hoplimit of zero may be looped back,
753 * above, but must not be transmitted on a network.
754 * Also, multicasts addressed to the loopback interface
755 * are not sent -- the above call to ip6_mloopback() will
756 * loop back a copy if this host actually belongs to the
757 * destination group on the loopback interface.
759 if (ip6->ip6_hlim == 0 || (ifp->if_flags & IFF_LOOPBACK)) {
766 * Fill the outgoing inteface to tell the upper layer
767 * to increment per-interface statistics.
773 * Determine path MTU.
776 /* The first hop and the final destination may differ. */
777 struct sockaddr_in6 *sin6_fin =
778 (struct sockaddr_in6 *)&ro_pmtu->ro_dst;
779 if (ro_pmtu->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
780 !IN6_ARE_ADDR_EQUAL(&sin6_fin->sin6_addr,
782 RTFREE(ro_pmtu->ro_rt);
783 ro_pmtu->ro_rt = (struct rtentry *)0;
785 if (ro_pmtu->ro_rt == 0) {
786 bzero(sin6_fin, sizeof(*sin6_fin));
787 sin6_fin->sin6_family = AF_INET6;
788 sin6_fin->sin6_len = sizeof(struct sockaddr_in6);
789 sin6_fin->sin6_addr = finaldst;
791 rtalloc((struct route *)ro_pmtu);
794 if (ro_pmtu->ro_rt != NULL) {
795 u_int32_t ifmtu = nd_ifinfo[ifp->if_index].linkmtu;
797 mtu = ro_pmtu->ro_rt->rt_rmx.rmx_mtu;
798 if (mtu > ifmtu || mtu == 0) {
800 * The MTU on the route is larger than the MTU on
801 * the interface! This shouldn't happen, unless the
802 * MTU of the interface has been changed after the
803 * interface was brought up. Change the MTU in the
804 * route to match the interface MTU (as long as the
805 * field isn't locked).
807 * if MTU on the route is 0, we need to fix the MTU.
808 * this case happens with path MTU discovery timeouts.
811 if ((ro_pmtu->ro_rt->rt_rmx.rmx_locks & RTV_MTU) == 0)
812 ro_pmtu->ro_rt->rt_rmx.rmx_mtu = mtu; /* XXX */
815 mtu = nd_ifinfo[ifp->if_index].linkmtu;
819 * advanced API (IPV6_USE_MIN_MTU) overrides mtu setting
821 if ((flags & IPV6_MINMTU) != 0 && mtu > IPV6_MMTU)
824 /* Fake scoped addresses */
825 if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
827 * If source or destination address is a scoped address, and
828 * the packet is going to be sent to a loopback interface,
829 * we should keep the original interface.
833 * XXX: this is a very experimental and temporary solution.
834 * We eventually have sockaddr_in6 and use the sin6_scope_id
835 * field of the structure here.
836 * We rely on the consistency between two scope zone ids
837 * of source and destination, which should already be assured.
838 * Larger scopes than link will be supported in the future.
841 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))
842 origifp = ifindex2ifnet[ntohs(ip6->ip6_src.s6_addr16[1])];
843 else if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
844 origifp = ifindex2ifnet[ntohs(ip6->ip6_dst.s6_addr16[1])];
846 * XXX: origifp can be NULL even in those two cases above.
847 * For example, if we remove the (only) link-local address
848 * from the loopback interface, and try to send a link-local
849 * address without link-id information. Then the source
850 * address is ::1, and the destination address is the
851 * link-local address with its s6_addr16[1] being zero.
852 * What is worse, if the packet goes to the loopback interface
853 * by a default rejected route, the null pointer would be
854 * passed to looutput, and the kernel would hang.
855 * The following last resort would prevent such disaster.
862 #ifndef SCOPEDROUTING
864 * clear embedded scope identifiers if necessary.
865 * in6_clearscope will touch the addresses only when necessary.
867 in6_clearscope(&ip6->ip6_src);
868 in6_clearscope(&ip6->ip6_dst);
872 * Check with the firewall...
874 if (ip6_fw_enable && ip6_fw_chk_ptr) {
876 m->m_pkthdr.rcvif = NULL; /* XXX */
877 /* If ipfw says divert, we have to just drop packet */
878 if ((*ip6_fw_chk_ptr)(&ip6, ifp, &port, &m)) {
889 * If the outgoing packet contains a hop-by-hop options header,
890 * it must be examined and processed even by the source node.
891 * (RFC 2460, section 4.)
893 if (exthdrs.ip6e_hbh) {
894 struct ip6_hbh *hbh = mtod(exthdrs.ip6e_hbh, struct ip6_hbh *);
895 u_int32_t dummy1; /* XXX unused */
896 u_int32_t dummy2; /* XXX unused */
899 if ((hbh->ip6h_len + 1) << 3 > exthdrs.ip6e_hbh->m_len)
900 panic("ip6e_hbh is not continuous");
903 * XXX: if we have to send an ICMPv6 error to the sender,
904 * we need the M_LOOP flag since icmp6_error() expects
905 * the IPv6 and the hop-by-hop options header are
906 * continuous unless the flag is set.
908 m->m_flags |= M_LOOP;
909 m->m_pkthdr.rcvif = ifp;
910 if (ip6_process_hopopts(m,
911 (u_int8_t *)(hbh + 1),
912 ((hbh->ip6h_len + 1) << 3) -
913 sizeof(struct ip6_hbh),
914 &dummy1, &dummy2) < 0) {
915 /* m was already freed at this point */
916 error = EINVAL;/* better error? */
919 m->m_flags &= ~M_LOOP; /* XXX */
920 m->m_pkthdr.rcvif = NULL;
924 * Check if we want to allow this packet to be processed.
925 * Consider it to be bad if not.
930 if ((*fr_checkp)((struct ip *)ip6, sizeof(*ip6), ifp, 1, &m1))
935 ip6 = mtod(m, struct ip6_hdr *);
939 * Send the packet to the outgoing interface.
940 * If necessary, do IPv6 fragmentation before sending.
942 tlen = m->m_pkthdr.len;
946 * On any link that cannot convey a 1280-octet packet in one piece,
947 * link-specific fragmentation and reassembly must be provided at
948 * a layer below IPv6. [RFC 2460, sec.5]
949 * Thus if the interface has ability of link-level fragmentation,
950 * we can just send the packet even if the packet size is
951 * larger than the link's MTU.
952 * XXX: IFF_FRAGMENTABLE (or such) flag has not been defined yet...
955 || ifp->if_flags & IFF_FRAGMENTABLE
959 /* Record statistics for this interface address. */
960 if (ia && !(flags & IPV6_FORWARDING)) {
961 ia->ia_ifa.if_opackets++;
962 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
965 /* clean ipsec history once it goes out of the node */
968 error = nd6_output(ifp, origifp, m, dst, ro->ro_rt);
970 } else if (mtu < IPV6_MMTU) {
972 * note that path MTU is never less than IPV6_MMTU
976 in6_ifstat_inc(ifp, ifs6_out_fragfail);
978 } else if (ip6->ip6_plen == 0) { /* jumbo payload cannot be fragmented */
980 in6_ifstat_inc(ifp, ifs6_out_fragfail);
983 struct mbuf **mnext, *m_frgpart;
984 struct ip6_frag *ip6f;
985 u_int32_t id = htonl(ip6_id++);
989 * Too large for the destination or interface;
990 * fragment if possible.
991 * Must be able to put at least 8 bytes per fragment.
993 hlen = unfragpartlen;
994 if (mtu > IPV6_MAXPACKET)
995 mtu = IPV6_MAXPACKET;
997 len = (mtu - hlen - sizeof(struct ip6_frag)) & ~7;
1000 in6_ifstat_inc(ifp, ifs6_out_fragfail);
1004 mnext = &m->m_nextpkt;
1007 * Change the next header field of the last header in the
1008 * unfragmentable part.
1010 if (exthdrs.ip6e_rthdr) {
1011 nextproto = *mtod(exthdrs.ip6e_rthdr, u_char *);
1012 *mtod(exthdrs.ip6e_rthdr, u_char *) = IPPROTO_FRAGMENT;
1013 } else if (exthdrs.ip6e_dest1) {
1014 nextproto = *mtod(exthdrs.ip6e_dest1, u_char *);
1015 *mtod(exthdrs.ip6e_dest1, u_char *) = IPPROTO_FRAGMENT;
1016 } else if (exthdrs.ip6e_hbh) {
1017 nextproto = *mtod(exthdrs.ip6e_hbh, u_char *);
1018 *mtod(exthdrs.ip6e_hbh, u_char *) = IPPROTO_FRAGMENT;
1020 nextproto = ip6->ip6_nxt;
1021 ip6->ip6_nxt = IPPROTO_FRAGMENT;
1025 * Loop through length of segment after first fragment,
1026 * make new header and copy data of each part and link onto
1030 for (off = hlen; off < tlen; off += len) {
1031 MGETHDR(m, M_DONTWAIT, MT_HEADER);
1034 ip6stat.ip6s_odropped++;
1037 m->m_pkthdr.rcvif = NULL;
1038 m->m_flags = m0->m_flags & M_COPYFLAGS;
1040 mnext = &m->m_nextpkt;
1041 m->m_data += max_linkhdr;
1042 mhip6 = mtod(m, struct ip6_hdr *);
1044 m->m_len = sizeof(*mhip6);
1045 error = ip6_insertfraghdr(m0, m, hlen, &ip6f);
1047 ip6stat.ip6s_odropped++;
1050 ip6f->ip6f_offlg = htons((u_short)((off - hlen) & ~7));
1051 if (off + len >= tlen)
1054 ip6f->ip6f_offlg |= IP6F_MORE_FRAG;
1055 mhip6->ip6_plen = htons((u_short)(len + hlen +
1057 sizeof(struct ip6_hdr)));
1058 if ((m_frgpart = m_copy(m0, off, len)) == 0) {
1060 ip6stat.ip6s_odropped++;
1063 m_cat(m, m_frgpart);
1064 m->m_pkthdr.len = len + hlen + sizeof(*ip6f);
1065 m->m_pkthdr.rcvif = (struct ifnet *)0;
1066 ip6f->ip6f_reserved = 0;
1067 ip6f->ip6f_ident = id;
1068 ip6f->ip6f_nxt = nextproto;
1069 ip6stat.ip6s_ofragments++;
1070 in6_ifstat_inc(ifp, ifs6_out_fragcreat);
1073 in6_ifstat_inc(ifp, ifs6_out_fragok);
1077 * Remove leading garbages.
1083 for (m0 = m; m; m = m0) {
1087 /* Record statistics for this interface address. */
1089 ia->ia_ifa.if_opackets++;
1090 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
1093 /* clean ipsec history once it goes out of the node */
1096 error = nd6_output(ifp, origifp, m, dst, ro->ro_rt);
1102 ip6stat.ip6s_fragmented++;
1105 if (ro == &ip6route && ro->ro_rt) { /* brace necessary for RTFREE */
1107 } else if (ro_pmtu == &ip6route && ro_pmtu->ro_rt) {
1108 RTFREE(ro_pmtu->ro_rt);
1118 #endif /* FAST_IPSEC */
1123 m_freem(exthdrs.ip6e_hbh); /* m_freem will check if mbuf is 0 */
1124 m_freem(exthdrs.ip6e_dest1);
1125 m_freem(exthdrs.ip6e_rthdr);
1126 m_freem(exthdrs.ip6e_dest2);
1134 ip6_copyexthdr(mp, hdr, hlen)
1141 if (hlen > MCLBYTES)
1142 return(ENOBUFS); /* XXX */
1144 MGET(m, M_DONTWAIT, MT_DATA);
1149 MCLGET(m, M_DONTWAIT);
1150 if ((m->m_flags & M_EXT) == 0) {
1157 bcopy(hdr, mtod(m, caddr_t), hlen);
1164 * Insert jumbo payload option.
1167 ip6_insert_jumboopt(exthdrs, plen)
1168 struct ip6_exthdrs *exthdrs;
1175 #define JUMBOOPTLEN 8 /* length of jumbo payload option and padding */
1178 * If there is no hop-by-hop options header, allocate new one.
1179 * If there is one but it doesn't have enough space to store the
1180 * jumbo payload option, allocate a cluster to store the whole options.
1181 * Otherwise, use it to store the options.
1183 if (exthdrs->ip6e_hbh == 0) {
1184 MGET(mopt, M_DONTWAIT, MT_DATA);
1187 mopt->m_len = JUMBOOPTLEN;
1188 optbuf = mtod(mopt, u_char *);
1189 optbuf[1] = 0; /* = ((JUMBOOPTLEN) >> 3) - 1 */
1190 exthdrs->ip6e_hbh = mopt;
1192 struct ip6_hbh *hbh;
1194 mopt = exthdrs->ip6e_hbh;
1195 if (M_TRAILINGSPACE(mopt) < JUMBOOPTLEN) {
1198 * - exthdrs->ip6e_hbh is not referenced from places
1199 * other than exthdrs.
1200 * - exthdrs->ip6e_hbh is not an mbuf chain.
1202 int oldoptlen = mopt->m_len;
1206 * XXX: give up if the whole (new) hbh header does
1207 * not fit even in an mbuf cluster.
1209 if (oldoptlen + JUMBOOPTLEN > MCLBYTES)
1213 * As a consequence, we must always prepare a cluster
1216 MGET(n, M_DONTWAIT, MT_DATA);
1218 MCLGET(n, M_DONTWAIT);
1219 if ((n->m_flags & M_EXT) == 0) {
1226 n->m_len = oldoptlen + JUMBOOPTLEN;
1227 bcopy(mtod(mopt, caddr_t), mtod(n, caddr_t),
1229 optbuf = mtod(n, caddr_t) + oldoptlen;
1231 mopt = exthdrs->ip6e_hbh = n;
1233 optbuf = mtod(mopt, u_char *) + mopt->m_len;
1234 mopt->m_len += JUMBOOPTLEN;
1236 optbuf[0] = IP6OPT_PADN;
1240 * Adjust the header length according to the pad and
1241 * the jumbo payload option.
1243 hbh = mtod(mopt, struct ip6_hbh *);
1244 hbh->ip6h_len += (JUMBOOPTLEN >> 3);
1247 /* fill in the option. */
1248 optbuf[2] = IP6OPT_JUMBO;
1250 v = (u_int32_t)htonl(plen + JUMBOOPTLEN);
1251 bcopy(&v, &optbuf[4], sizeof(u_int32_t));
1253 /* finally, adjust the packet header length */
1254 exthdrs->ip6e_ip6->m_pkthdr.len += JUMBOOPTLEN;
1261 * Insert fragment header and copy unfragmentable header portions.
1264 ip6_insertfraghdr(m0, m, hlen, frghdrp)
1265 struct mbuf *m0, *m;
1267 struct ip6_frag **frghdrp;
1269 struct mbuf *n, *mlast;
1271 if (hlen > sizeof(struct ip6_hdr)) {
1272 n = m_copym(m0, sizeof(struct ip6_hdr),
1273 hlen - sizeof(struct ip6_hdr), M_DONTWAIT);
1280 /* Search for the last mbuf of unfragmentable part. */
1281 for (mlast = n; mlast->m_next; mlast = mlast->m_next)
1284 if ((mlast->m_flags & M_EXT) == 0 &&
1285 M_TRAILINGSPACE(mlast) >= sizeof(struct ip6_frag)) {
1286 /* use the trailing space of the last mbuf for the fragment hdr */
1288 (struct ip6_frag *)(mtod(mlast, caddr_t) + mlast->m_len);
1289 mlast->m_len += sizeof(struct ip6_frag);
1290 m->m_pkthdr.len += sizeof(struct ip6_frag);
1292 /* allocate a new mbuf for the fragment header */
1295 MGET(mfrg, M_DONTWAIT, MT_DATA);
1298 mfrg->m_len = sizeof(struct ip6_frag);
1299 *frghdrp = mtod(mfrg, struct ip6_frag *);
1300 mlast->m_next = mfrg;
1307 * IP6 socket option processing.
1310 ip6_ctloutput(so, sopt)
1312 struct sockopt *sopt;
1315 struct inpcb *in6p = sotoinpcb(so);
1317 int level, op, optname;
1322 level = sopt->sopt_level;
1323 op = sopt->sopt_dir;
1324 optname = sopt->sopt_name;
1325 optlen = sopt->sopt_valsize;
1328 panic("ip6_ctloutput: arg soopt is NULL");
1332 privileged = (p == 0 || suser(p)) ? 0 : 1;
1334 if (level == IPPROTO_IPV6) {
1339 case IPV6_PKTOPTIONS:
1343 error = soopt_getm(sopt, &m); /* XXX */
1346 error = soopt_mcopyin(sopt, m); /* XXX */
1349 error = ip6_pcbopts(&in6p->in6p_outputopts,
1351 m_freem(m); /* XXX */
1356 * Use of some Hop-by-Hop options or some
1357 * Destination options, might require special
1358 * privilege. That is, normal applications
1359 * (without special privilege) might be forbidden
1360 * from setting certain options in outgoing packets,
1361 * and might never see certain options in received
1362 * packets. [RFC 2292 Section 6]
1363 * KAME specific note:
1364 * KAME prevents non-privileged users from sending or
1365 * receiving ANY hbh/dst options in order to avoid
1366 * overhead of parsing options in the kernel.
1368 case IPV6_UNICAST_HOPS:
1373 if (optlen != sizeof(int)) {
1377 error = sooptcopyin(sopt, &optval,
1378 sizeof optval, sizeof optval);
1383 case IPV6_UNICAST_HOPS:
1384 if (optval < -1 || optval >= 256)
1387 /* -1 = kernel default */
1388 in6p->in6p_hops = optval;
1390 if ((in6p->in6p_vflag &
1392 in6p->inp_ip_ttl = optval;
1395 #define OPTSET(bit) \
1398 in6p->in6p_flags |= (bit); \
1400 in6p->in6p_flags &= ~(bit); \
1402 #define OPTBIT(bit) (in6p->in6p_flags & (bit) ? 1 : 0)
1405 in6p->in6p_cksum = optval;
1414 * make setsockopt(IPV6_V6ONLY)
1415 * available only prior to bind(2).
1416 * see ipng mailing list, Jun 22 2001.
1418 if (in6p->in6p_lport ||
1419 !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr))
1424 OPTSET(IN6P_IPV6_V6ONLY);
1426 in6p->in6p_vflag &= ~INP_IPV4;
1428 in6p->in6p_vflag |= INP_IPV4;
1439 if (optlen != sizeof(int)) {
1443 error = sooptcopyin(sopt, &optval,
1444 sizeof optval, sizeof optval);
1449 OPTSET(IN6P_PKTINFO);
1452 OPTSET(IN6P_HOPLIMIT);
1456 * Check super-user privilege.
1457 * See comments for IPV6_RECVHOPOPTS.
1461 OPTSET(IN6P_HOPOPTS);
1466 OPTSET(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS); /* XXX */
1475 case IPV6_MULTICAST_IF:
1476 case IPV6_MULTICAST_HOPS:
1477 case IPV6_MULTICAST_LOOP:
1478 case IPV6_JOIN_GROUP:
1479 case IPV6_LEAVE_GROUP:
1482 if (sopt->sopt_valsize > MLEN) {
1487 MGET(m, sopt->sopt_p ? M_WAIT : M_DONTWAIT, MT_HEADER);
1492 m->m_len = sopt->sopt_valsize;
1493 error = sooptcopyin(sopt, mtod(m, char *),
1494 m->m_len, m->m_len);
1495 error = ip6_setmoptions(sopt->sopt_name,
1496 &in6p->in6p_moptions,
1502 case IPV6_PORTRANGE:
1503 error = sooptcopyin(sopt, &optval,
1504 sizeof optval, sizeof optval);
1509 case IPV6_PORTRANGE_DEFAULT:
1510 in6p->in6p_flags &= ~(IN6P_LOWPORT);
1511 in6p->in6p_flags &= ~(IN6P_HIGHPORT);
1514 case IPV6_PORTRANGE_HIGH:
1515 in6p->in6p_flags &= ~(IN6P_LOWPORT);
1516 in6p->in6p_flags |= IN6P_HIGHPORT;
1519 case IPV6_PORTRANGE_LOW:
1520 in6p->in6p_flags &= ~(IN6P_HIGHPORT);
1521 in6p->in6p_flags |= IN6P_LOWPORT;
1530 #if defined(IPSEC) || defined(FAST_IPSEC)
1531 case IPV6_IPSEC_POLICY:
1537 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
1539 if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
1542 req = mtod(m, caddr_t);
1545 error = ipsec6_set_policy(in6p, optname, req,
1550 #endif /* KAME IPSEC */
1558 struct mbuf **mp = &m;
1560 if (ip6_fw_ctl_ptr == NULL)
1563 if ((error = soopt_getm(sopt, &m)) != 0)
1566 if ((error = soopt_mcopyin(sopt, m)) != 0)
1568 error = (*ip6_fw_ctl_ptr)(optname, mp);
1574 error = ENOPROTOOPT;
1582 case IPV6_PKTOPTIONS:
1583 if (in6p->in6p_options) {
1585 m = m_copym(in6p->in6p_options,
1586 0, M_COPYALL, M_WAIT);
1587 error = soopt_mcopyout(sopt, m);
1591 sopt->sopt_valsize = 0;
1594 case IPV6_UNICAST_HOPS:
1599 case IPV6_PORTRANGE:
1602 case IPV6_UNICAST_HOPS:
1603 optval = in6p->in6p_hops;
1607 optval = in6p->in6p_cksum;
1611 optval = OPTBIT(IN6P_FAITH);
1615 optval = OPTBIT(IN6P_IPV6_V6ONLY);
1618 case IPV6_PORTRANGE:
1621 flags = in6p->in6p_flags;
1622 if (flags & IN6P_HIGHPORT)
1623 optval = IPV6_PORTRANGE_HIGH;
1624 else if (flags & IN6P_LOWPORT)
1625 optval = IPV6_PORTRANGE_LOW;
1631 error = sooptcopyout(sopt, &optval,
1640 if (optname == IPV6_HOPOPTS ||
1641 optname == IPV6_DSTOPTS ||
1646 optval = OPTBIT(IN6P_PKTINFO);
1649 optval = OPTBIT(IN6P_HOPLIMIT);
1654 optval = OPTBIT(IN6P_HOPOPTS);
1657 optval = OPTBIT(IN6P_RTHDR);
1662 optval = OPTBIT(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS);
1665 error = sooptcopyout(sopt, &optval,
1669 case IPV6_MULTICAST_IF:
1670 case IPV6_MULTICAST_HOPS:
1671 case IPV6_MULTICAST_LOOP:
1672 case IPV6_JOIN_GROUP:
1673 case IPV6_LEAVE_GROUP:
1676 error = ip6_getmoptions(sopt->sopt_name,
1677 in6p->in6p_moptions, &m);
1679 error = sooptcopyout(sopt,
1680 mtod(m, char *), m->m_len);
1685 #if defined(IPSEC) || defined(FAST_IPSEC)
1686 case IPV6_IPSEC_POLICY:
1690 struct mbuf *m = NULL;
1691 struct mbuf **mp = &m;
1693 error = soopt_getm(sopt, &m); /* XXX */
1696 error = soopt_mcopyin(sopt, m); /* XXX */
1700 req = mtod(m, caddr_t);
1703 error = ipsec6_get_policy(in6p, req, len, mp);
1705 error = soopt_mcopyout(sopt, m); /*XXX*/
1706 if (error == 0 && m)
1710 #endif /* KAME IPSEC */
1715 struct mbuf **mp = &m;
1717 if (ip6_fw_ctl_ptr == NULL)
1721 error = (*ip6_fw_ctl_ptr)(optname, mp);
1723 error = soopt_mcopyout(sopt, m); /* XXX */
1724 if (error == 0 && m)
1730 error = ENOPROTOOPT;
1742 * Set up IP6 options in pcb for insertion in output packets or
1743 * specifying behavior of outgoing packets.
1746 ip6_pcbopts(pktopt, m, so, sopt)
1747 struct ip6_pktopts **pktopt;
1750 struct sockopt *sopt;
1752 struct ip6_pktopts *opt = *pktopt;
1754 struct proc *p = sopt->sopt_p;
1757 /* turn off any old options. */
1760 if (opt->ip6po_pktinfo || opt->ip6po_nexthop ||
1761 opt->ip6po_hbh || opt->ip6po_dest1 || opt->ip6po_dest2 ||
1762 opt->ip6po_rhinfo.ip6po_rhi_rthdr)
1763 printf("ip6_pcbopts: all specified options are cleared.\n");
1765 ip6_clearpktopts(opt, 1, -1);
1767 opt = malloc(sizeof(*opt), M_IP6OPT, M_WAITOK);
1770 if (!m || m->m_len == 0) {
1772 * Only turning off any previous options, regardless of
1773 * whether the opt is just created or given.
1775 free(opt, M_IP6OPT);
1779 /* set options specified by user. */
1782 if ((error = ip6_setpktoptions(m, opt, priv, 1)) != 0) {
1783 ip6_clearpktopts(opt, 1, -1); /* XXX: discard all options */
1784 free(opt, M_IP6OPT);
1792 * initialize ip6_pktopts. beware that there are non-zero default values in
1796 init_ip6pktopts(opt)
1797 struct ip6_pktopts *opt;
1800 bzero(opt, sizeof(*opt));
1801 opt->ip6po_hlim = -1; /* -1 means default hop limit */
1805 ip6_clearpktopts(pktopt, needfree, optname)
1806 struct ip6_pktopts *pktopt;
1807 int needfree, optname;
1812 if (optname == -1) {
1813 if (needfree && pktopt->ip6po_pktinfo)
1814 free(pktopt->ip6po_pktinfo, M_IP6OPT);
1815 pktopt->ip6po_pktinfo = NULL;
1818 pktopt->ip6po_hlim = -1;
1819 if (optname == -1) {
1820 if (needfree && pktopt->ip6po_nexthop)
1821 free(pktopt->ip6po_nexthop, M_IP6OPT);
1822 pktopt->ip6po_nexthop = NULL;
1824 if (optname == -1) {
1825 if (needfree && pktopt->ip6po_hbh)
1826 free(pktopt->ip6po_hbh, M_IP6OPT);
1827 pktopt->ip6po_hbh = NULL;
1829 if (optname == -1) {
1830 if (needfree && pktopt->ip6po_dest1)
1831 free(pktopt->ip6po_dest1, M_IP6OPT);
1832 pktopt->ip6po_dest1 = NULL;
1834 if (optname == -1) {
1835 if (needfree && pktopt->ip6po_rhinfo.ip6po_rhi_rthdr)
1836 free(pktopt->ip6po_rhinfo.ip6po_rhi_rthdr, M_IP6OPT);
1837 pktopt->ip6po_rhinfo.ip6po_rhi_rthdr = NULL;
1838 if (pktopt->ip6po_route.ro_rt) {
1839 RTFREE(pktopt->ip6po_route.ro_rt);
1840 pktopt->ip6po_route.ro_rt = NULL;
1843 if (optname == -1) {
1844 if (needfree && pktopt->ip6po_dest2)
1845 free(pktopt->ip6po_dest2, M_IP6OPT);
1846 pktopt->ip6po_dest2 = NULL;
1850 #define PKTOPT_EXTHDRCPY(type) \
1854 (((struct ip6_ext *)src->type)->ip6e_len + 1) << 3;\
1855 dst->type = malloc(hlen, M_IP6OPT, canwait);\
1856 if (dst->type == NULL && canwait == M_NOWAIT)\
1858 bcopy(src->type, dst->type, hlen);\
1862 struct ip6_pktopts *
1863 ip6_copypktopts(src, canwait)
1864 struct ip6_pktopts *src;
1867 struct ip6_pktopts *dst;
1870 printf("ip6_clearpktopts: invalid argument\n");
1874 dst = malloc(sizeof(*dst), M_IP6OPT, canwait);
1875 if (dst == NULL && canwait == M_NOWAIT)
1877 bzero(dst, sizeof(*dst));
1879 dst->ip6po_hlim = src->ip6po_hlim;
1880 if (src->ip6po_pktinfo) {
1881 dst->ip6po_pktinfo = malloc(sizeof(*dst->ip6po_pktinfo),
1883 if (dst->ip6po_pktinfo == NULL && canwait == M_NOWAIT)
1885 *dst->ip6po_pktinfo = *src->ip6po_pktinfo;
1887 if (src->ip6po_nexthop) {
1888 dst->ip6po_nexthop = malloc(src->ip6po_nexthop->sa_len,
1890 if (dst->ip6po_nexthop == NULL && canwait == M_NOWAIT)
1892 bcopy(src->ip6po_nexthop, dst->ip6po_nexthop,
1893 src->ip6po_nexthop->sa_len);
1895 PKTOPT_EXTHDRCPY(ip6po_hbh);
1896 PKTOPT_EXTHDRCPY(ip6po_dest1);
1897 PKTOPT_EXTHDRCPY(ip6po_dest2);
1898 PKTOPT_EXTHDRCPY(ip6po_rthdr); /* not copy the cached route */
1902 if (dst->ip6po_pktinfo) free(dst->ip6po_pktinfo, M_IP6OPT);
1903 if (dst->ip6po_nexthop) free(dst->ip6po_nexthop, M_IP6OPT);
1904 if (dst->ip6po_hbh) free(dst->ip6po_hbh, M_IP6OPT);
1905 if (dst->ip6po_dest1) free(dst->ip6po_dest1, M_IP6OPT);
1906 if (dst->ip6po_dest2) free(dst->ip6po_dest2, M_IP6OPT);
1907 if (dst->ip6po_rthdr) free(dst->ip6po_rthdr, M_IP6OPT);
1908 free(dst, M_IP6OPT);
1911 #undef PKTOPT_EXTHDRCPY
1914 ip6_freepcbopts(pktopt)
1915 struct ip6_pktopts *pktopt;
1920 ip6_clearpktopts(pktopt, 1, -1);
1922 free(pktopt, M_IP6OPT);
1926 * Set the IP6 multicast options in response to user setsockopt().
1929 ip6_setmoptions(optname, im6op, m)
1931 struct ip6_moptions **im6op;
1935 u_int loop, ifindex;
1936 struct ipv6_mreq *mreq;
1938 struct ip6_moptions *im6o = *im6op;
1939 struct route_in6 ro;
1940 struct sockaddr_in6 *dst;
1941 struct in6_multi_mship *imm;
1942 struct proc *p = curproc; /* XXX */
1946 * No multicast option buffer attached to the pcb;
1947 * allocate one and initialize to default values.
1949 im6o = (struct ip6_moptions *)
1950 malloc(sizeof(*im6o), M_IPMOPTS, M_WAITOK);
1955 im6o->im6o_multicast_ifp = NULL;
1956 im6o->im6o_multicast_hlim = ip6_defmcasthlim;
1957 im6o->im6o_multicast_loop = IPV6_DEFAULT_MULTICAST_LOOP;
1958 LIST_INIT(&im6o->im6o_memberships);
1963 case IPV6_MULTICAST_IF:
1965 * Select the interface for outgoing multicast packets.
1967 if (m == NULL || m->m_len != sizeof(u_int)) {
1971 bcopy(mtod(m, u_int *), &ifindex, sizeof(ifindex));
1972 if (ifindex < 0 || if_index < ifindex) {
1973 error = ENXIO; /* XXX EINVAL? */
1976 ifp = ifindex2ifnet[ifindex];
1977 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
1978 error = EADDRNOTAVAIL;
1981 im6o->im6o_multicast_ifp = ifp;
1984 case IPV6_MULTICAST_HOPS:
1987 * Set the IP6 hoplimit for outgoing multicast packets.
1990 if (m == NULL || m->m_len != sizeof(int)) {
1994 bcopy(mtod(m, u_int *), &optval, sizeof(optval));
1995 if (optval < -1 || optval >= 256)
1997 else if (optval == -1)
1998 im6o->im6o_multicast_hlim = ip6_defmcasthlim;
2000 im6o->im6o_multicast_hlim = optval;
2004 case IPV6_MULTICAST_LOOP:
2006 * Set the loopback flag for outgoing multicast packets.
2007 * Must be zero or one.
2009 if (m == NULL || m->m_len != sizeof(u_int)) {
2013 bcopy(mtod(m, u_int *), &loop, sizeof(loop));
2018 im6o->im6o_multicast_loop = loop;
2021 case IPV6_JOIN_GROUP:
2023 * Add a multicast group membership.
2024 * Group must be a valid IP6 multicast address.
2026 if (m == NULL || m->m_len != sizeof(struct ipv6_mreq)) {
2030 mreq = mtod(m, struct ipv6_mreq *);
2031 if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) {
2033 * We use the unspecified address to specify to accept
2034 * all multicast addresses. Only super user is allowed
2042 } else if (!IN6_IS_ADDR_MULTICAST(&mreq->ipv6mr_multiaddr)) {
2048 * If the interface is specified, validate it.
2050 if (mreq->ipv6mr_interface < 0
2051 || if_index < mreq->ipv6mr_interface) {
2052 error = ENXIO; /* XXX EINVAL? */
2056 * If no interface was explicitly specified, choose an
2057 * appropriate one according to the given multicast address.
2059 if (mreq->ipv6mr_interface == 0) {
2061 * If the multicast address is in node-local scope,
2062 * the interface should be a loopback interface.
2063 * Otherwise, look up the routing table for the
2064 * address, and choose the outgoing interface.
2065 * XXX: is it a good approach?
2067 if (IN6_IS_ADDR_MC_NODELOCAL(&mreq->ipv6mr_multiaddr)) {
2071 dst = (struct sockaddr_in6 *)&ro.ro_dst;
2072 bzero(dst, sizeof(*dst));
2073 dst->sin6_len = sizeof(struct sockaddr_in6);
2074 dst->sin6_family = AF_INET6;
2075 dst->sin6_addr = mreq->ipv6mr_multiaddr;
2076 rtalloc((struct route *)&ro);
2077 if (ro.ro_rt == NULL) {
2078 error = EADDRNOTAVAIL;
2081 ifp = ro.ro_rt->rt_ifp;
2085 ifp = ifindex2ifnet[mreq->ipv6mr_interface];
2088 * See if we found an interface, and confirm that it
2089 * supports multicast
2091 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
2092 error = EADDRNOTAVAIL;
2096 * Put interface index into the multicast address,
2097 * if the address has link-local scope.
2099 if (IN6_IS_ADDR_MC_LINKLOCAL(&mreq->ipv6mr_multiaddr)) {
2100 mreq->ipv6mr_multiaddr.s6_addr16[1]
2101 = htons(mreq->ipv6mr_interface);
2104 * See if the membership already exists.
2106 for (imm = im6o->im6o_memberships.lh_first;
2107 imm != NULL; imm = imm->i6mm_chain.le_next)
2108 if (imm->i6mm_maddr->in6m_ifp == ifp &&
2109 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr,
2110 &mreq->ipv6mr_multiaddr))
2117 * Everything looks good; add a new record to the multicast
2118 * address list for the given interface.
2120 imm = malloc(sizeof(*imm), M_IPMADDR, M_WAITOK);
2125 if ((imm->i6mm_maddr =
2126 in6_addmulti(&mreq->ipv6mr_multiaddr, ifp, &error)) == NULL) {
2127 free(imm, M_IPMADDR);
2130 LIST_INSERT_HEAD(&im6o->im6o_memberships, imm, i6mm_chain);
2133 case IPV6_LEAVE_GROUP:
2135 * Drop a multicast group membership.
2136 * Group must be a valid IP6 multicast address.
2138 if (m == NULL || m->m_len != sizeof(struct ipv6_mreq)) {
2142 mreq = mtod(m, struct ipv6_mreq *);
2143 if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) {
2148 } else if (!IN6_IS_ADDR_MULTICAST(&mreq->ipv6mr_multiaddr)) {
2153 * If an interface address was specified, get a pointer
2154 * to its ifnet structure.
2156 if (mreq->ipv6mr_interface < 0
2157 || if_index < mreq->ipv6mr_interface) {
2158 error = ENXIO; /* XXX EINVAL? */
2161 ifp = ifindex2ifnet[mreq->ipv6mr_interface];
2163 * Put interface index into the multicast address,
2164 * if the address has link-local scope.
2166 if (IN6_IS_ADDR_MC_LINKLOCAL(&mreq->ipv6mr_multiaddr)) {
2167 mreq->ipv6mr_multiaddr.s6_addr16[1]
2168 = htons(mreq->ipv6mr_interface);
2171 * Find the membership in the membership list.
2173 for (imm = im6o->im6o_memberships.lh_first;
2174 imm != NULL; imm = imm->i6mm_chain.le_next) {
2176 imm->i6mm_maddr->in6m_ifp == ifp) &&
2177 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr,
2178 &mreq->ipv6mr_multiaddr))
2182 /* Unable to resolve interface */
2183 error = EADDRNOTAVAIL;
2187 * Give up the multicast address record to which the
2188 * membership points.
2190 LIST_REMOVE(imm, i6mm_chain);
2191 in6_delmulti(imm->i6mm_maddr);
2192 free(imm, M_IPMADDR);
2201 * If all options have default values, no need to keep the mbuf.
2203 if (im6o->im6o_multicast_ifp == NULL &&
2204 im6o->im6o_multicast_hlim == ip6_defmcasthlim &&
2205 im6o->im6o_multicast_loop == IPV6_DEFAULT_MULTICAST_LOOP &&
2206 im6o->im6o_memberships.lh_first == NULL) {
2207 free(*im6op, M_IPMOPTS);
2215 * Return the IP6 multicast options in response to user getsockopt().
2218 ip6_getmoptions(optname, im6o, mp)
2220 struct ip6_moptions *im6o;
2223 u_int *hlim, *loop, *ifindex;
2225 *mp = m_get(M_WAIT, MT_HEADER); /* XXX */
2229 case IPV6_MULTICAST_IF:
2230 ifindex = mtod(*mp, u_int *);
2231 (*mp)->m_len = sizeof(u_int);
2232 if (im6o == NULL || im6o->im6o_multicast_ifp == NULL)
2235 *ifindex = im6o->im6o_multicast_ifp->if_index;
2238 case IPV6_MULTICAST_HOPS:
2239 hlim = mtod(*mp, u_int *);
2240 (*mp)->m_len = sizeof(u_int);
2242 *hlim = ip6_defmcasthlim;
2244 *hlim = im6o->im6o_multicast_hlim;
2247 case IPV6_MULTICAST_LOOP:
2248 loop = mtod(*mp, u_int *);
2249 (*mp)->m_len = sizeof(u_int);
2251 *loop = ip6_defmcasthlim;
2253 *loop = im6o->im6o_multicast_loop;
2262 * Discard the IP6 multicast options.
2265 ip6_freemoptions(im6o)
2266 struct ip6_moptions *im6o;
2268 struct in6_multi_mship *imm;
2273 while ((imm = im6o->im6o_memberships.lh_first) != NULL) {
2274 LIST_REMOVE(imm, i6mm_chain);
2275 if (imm->i6mm_maddr)
2276 in6_delmulti(imm->i6mm_maddr);
2277 free(imm, M_IPMADDR);
2279 free(im6o, M_IPMOPTS);
2283 * Set IPv6 outgoing packet options based on advanced API.
2286 ip6_setpktoptions(control, opt, priv, needcopy)
2287 struct mbuf *control;
2288 struct ip6_pktopts *opt;
2291 struct cmsghdr *cm = 0;
2293 if (control == 0 || opt == 0)
2296 init_ip6pktopts(opt);
2299 * XXX: Currently, we assume all the optional information is stored
2302 if (control->m_next)
2305 for (; control->m_len; control->m_data += CMSG_ALIGN(cm->cmsg_len),
2306 control->m_len -= CMSG_ALIGN(cm->cmsg_len)) {
2307 cm = mtod(control, struct cmsghdr *);
2308 if (cm->cmsg_len == 0 || cm->cmsg_len > control->m_len)
2310 if (cm->cmsg_level != IPPROTO_IPV6)
2314 * XXX should check if RFC2292 API is mixed with 2292bis API
2316 switch (cm->cmsg_type) {
2318 if (cm->cmsg_len != CMSG_LEN(sizeof(struct in6_pktinfo)))
2321 /* XXX: Is it really WAITOK? */
2322 opt->ip6po_pktinfo =
2323 malloc(sizeof(struct in6_pktinfo),
2324 M_IP6OPT, M_WAITOK);
2325 bcopy(CMSG_DATA(cm), opt->ip6po_pktinfo,
2326 sizeof(struct in6_pktinfo));
2328 opt->ip6po_pktinfo =
2329 (struct in6_pktinfo *)CMSG_DATA(cm);
2330 if (opt->ip6po_pktinfo->ipi6_ifindex &&
2331 IN6_IS_ADDR_LINKLOCAL(&opt->ip6po_pktinfo->ipi6_addr))
2332 opt->ip6po_pktinfo->ipi6_addr.s6_addr16[1] =
2333 htons(opt->ip6po_pktinfo->ipi6_ifindex);
2335 if (opt->ip6po_pktinfo->ipi6_ifindex > if_index
2336 || opt->ip6po_pktinfo->ipi6_ifindex < 0) {
2341 * Check if the requested source address is indeed a
2342 * unicast address assigned to the node, and can be
2343 * used as the packet's source address.
2345 if (!IN6_IS_ADDR_UNSPECIFIED(&opt->ip6po_pktinfo->ipi6_addr)) {
2346 struct in6_ifaddr *ia6;
2347 struct sockaddr_in6 sin6;
2349 bzero(&sin6, sizeof(sin6));
2350 sin6.sin6_len = sizeof(sin6);
2351 sin6.sin6_family = AF_INET6;
2353 opt->ip6po_pktinfo->ipi6_addr;
2354 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(sin6tosa(&sin6));
2356 (ia6->ia6_flags & (IN6_IFF_ANYCAST |
2357 IN6_IFF_NOTREADY)) != 0)
2358 return(EADDRNOTAVAIL);
2363 if (cm->cmsg_len != CMSG_LEN(sizeof(int)))
2366 opt->ip6po_hlim = *(int *)CMSG_DATA(cm);
2367 if (opt->ip6po_hlim < -1 || opt->ip6po_hlim > 255)
2375 if (cm->cmsg_len < sizeof(u_char) ||
2376 /* check if cmsg_len is large enough for sa_len */
2377 cm->cmsg_len < CMSG_LEN(*CMSG_DATA(cm)))
2381 opt->ip6po_nexthop =
2382 malloc(*CMSG_DATA(cm),
2383 M_IP6OPT, M_WAITOK);
2384 bcopy(CMSG_DATA(cm),
2388 opt->ip6po_nexthop =
2389 (struct sockaddr *)CMSG_DATA(cm);
2394 struct ip6_hbh *hbh;
2397 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_hbh)))
2399 hbh = (struct ip6_hbh *)CMSG_DATA(cm);
2400 hbhlen = (hbh->ip6h_len + 1) << 3;
2401 if (cm->cmsg_len != CMSG_LEN(hbhlen))
2406 malloc(hbhlen, M_IP6OPT, M_WAITOK);
2407 bcopy(hbh, opt->ip6po_hbh, hbhlen);
2409 opt->ip6po_hbh = hbh;
2415 struct ip6_dest *dest, **newdest;
2418 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_dest)))
2420 dest = (struct ip6_dest *)CMSG_DATA(cm);
2421 destlen = (dest->ip6d_len + 1) << 3;
2422 if (cm->cmsg_len != CMSG_LEN(destlen))
2426 * The old advacned API is ambiguous on this
2427 * point. Our approach is to determine the
2428 * position based according to the existence
2429 * of a routing header. Note, however, that
2430 * this depends on the order of the extension
2431 * headers in the ancillary data; the 1st part
2432 * of the destination options header must
2433 * appear before the routing header in the
2434 * ancillary data, too.
2435 * RFC2292bis solved the ambiguity by
2436 * introducing separate cmsg types.
2438 if (opt->ip6po_rthdr == NULL)
2439 newdest = &opt->ip6po_dest1;
2441 newdest = &opt->ip6po_dest2;
2444 *newdest = malloc(destlen, M_IP6OPT, M_WAITOK);
2445 bcopy(dest, *newdest, destlen);
2454 struct ip6_rthdr *rth;
2457 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_rthdr)))
2459 rth = (struct ip6_rthdr *)CMSG_DATA(cm);
2460 rthlen = (rth->ip6r_len + 1) << 3;
2461 if (cm->cmsg_len != CMSG_LEN(rthlen))
2464 switch (rth->ip6r_type) {
2465 case IPV6_RTHDR_TYPE_0:
2466 /* must contain one addr */
2467 if (rth->ip6r_len == 0)
2469 /* length must be even */
2470 if (rth->ip6r_len % 2)
2472 if (rth->ip6r_len / 2 != rth->ip6r_segleft)
2476 return(EINVAL); /* not supported */
2480 opt->ip6po_rthdr = malloc(rthlen, M_IP6OPT,
2482 bcopy(rth, opt->ip6po_rthdr, rthlen);
2484 opt->ip6po_rthdr = rth;
2490 return(ENOPROTOOPT);
2498 * Routine called from ip6_output() to loop back a copy of an IP6 multicast
2499 * packet to the input queue of a specified interface. Note that this
2500 * calls the output routine of the loopback "driver", but with an interface
2501 * pointer that might NOT be &loif -- easier than replicating that code here.
2504 ip6_mloopback(ifp, m, dst)
2507 struct sockaddr_in6 *dst;
2510 struct ip6_hdr *ip6;
2512 copym = m_copy(m, 0, M_COPYALL);
2517 * Make sure to deep-copy IPv6 header portion in case the data
2518 * is in an mbuf cluster, so that we can safely override the IPv6
2519 * header portion later.
2521 if ((copym->m_flags & M_EXT) != 0 ||
2522 copym->m_len < sizeof(struct ip6_hdr)) {
2523 copym = m_pullup(copym, sizeof(struct ip6_hdr));
2529 if (copym->m_len < sizeof(*ip6)) {
2535 ip6 = mtod(copym, struct ip6_hdr *);
2536 #ifndef SCOPEDROUTING
2538 * clear embedded scope identifiers if necessary.
2539 * in6_clearscope will touch the addresses only when necessary.
2541 in6_clearscope(&ip6->ip6_src);
2542 in6_clearscope(&ip6->ip6_dst);
2545 (void)if_simloop(ifp, copym, dst->sin6_family, NULL);
2549 * Chop IPv6 header off from the payload.
2552 ip6_splithdr(m, exthdrs)
2554 struct ip6_exthdrs *exthdrs;
2557 struct ip6_hdr *ip6;
2559 ip6 = mtod(m, struct ip6_hdr *);
2560 if (m->m_len > sizeof(*ip6)) {
2561 MGETHDR(mh, M_DONTWAIT, MT_HEADER);
2566 M_MOVE_PKTHDR(mh, m);
2567 MH_ALIGN(mh, sizeof(*ip6));
2568 m->m_len -= sizeof(*ip6);
2569 m->m_data += sizeof(*ip6);
2572 m->m_len = sizeof(*ip6);
2573 bcopy((caddr_t)ip6, mtod(m, caddr_t), sizeof(*ip6));
2575 exthdrs->ip6e_ip6 = m;
2580 * Compute IPv6 extension header length.
2584 struct in6pcb *in6p;
2588 if (!in6p->in6p_outputopts)
2593 (((struct ip6_ext *)(x)) ? (((struct ip6_ext *)(x))->ip6e_len + 1) << 3 : 0)
2595 len += elen(in6p->in6p_outputopts->ip6po_hbh);
2596 if (in6p->in6p_outputopts->ip6po_rthdr)
2597 /* dest1 is valid with rthdr only */
2598 len += elen(in6p->in6p_outputopts->ip6po_dest1);
2599 len += elen(in6p->in6p_outputopts->ip6po_rthdr);
2600 len += elen(in6p->in6p_outputopts->ip6po_dest2);
tuxillo's projects / dragonfly.git / blob