1 /* $FreeBSD: src/sys/netinet6/ip6_output.c,v 1.13.2.18 2003/01/24 05:11:35 sam Exp $ */
2 /* $DragonFly: src/sys/netinet6/ip6_output.c,v 1.14 2004/10/15 22:59:10 hsu Exp $ */
3 /* $KAME: ip6_output.c,v 1.279 2002/01/26 06:12:30 jinmei Exp $ */
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * Copyright (c) 1982, 1986, 1988, 1990, 1993
36 * The Regents of the University of California. All rights reserved.
38 * Redistribution and use in source and binary forms, with or without
39 * modification, are permitted provided that the following conditions
41 * 1. Redistributions of source code must retain the above copyright
42 * notice, this list of conditions and the following disclaimer.
43 * 2. Redistributions in binary form must reproduce the above copyright
44 * notice, this list of conditions and the following disclaimer in the
45 * documentation and/or other materials provided with the distribution.
46 * 3. All advertising materials mentioning features or use of this software
47 * must display the following acknowledgement:
48 * This product includes software developed by the University of
49 * California, Berkeley and its contributors.
50 * 4. Neither the name of the University nor the names of its contributors
51 * may be used to endorse or promote products derived from this software
52 * without specific prior written permission.
54 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
55 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
57 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
58 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
59 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
60 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
62 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
63 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
66 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94
69 #include "opt_ip6fw.h"
71 #include "opt_inet6.h"
72 #include "opt_ipsec.h"
74 #include <sys/param.h>
75 #include <sys/malloc.h>
77 #include <sys/errno.h>
78 #include <sys/protosw.h>
79 #include <sys/socket.h>
80 #include <sys/socketvar.h>
81 #include <sys/systm.h>
82 #include <sys/kernel.h>
86 #include <net/route.h>
89 #include <netinet/in.h>
90 #include <netinet/in_var.h>
91 #include <netinet6/in6_var.h>
92 #include <netinet/ip6.h>
93 #include <netinet/icmp6.h>
94 #include <netinet6/ip6_var.h>
95 #include <netinet/in_pcb.h>
96 #include <netinet6/nd6.h>
99 #include <netinet6/ipsec.h>
101 #include <netinet6/ipsec6.h>
103 #include <netproto/key/key.h>
107 #include <netproto/ipsec/ipsec.h>
108 #include <netproto/ipsec/ipsec6.h>
109 #include <netproto/ipsec/key.h>
110 #endif /* FAST_IPSEC */
112 #include <net/ip6fw/ip6_fw.h>
114 #include <net/net_osdep.h>
116 static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options");
119 struct mbuf *ip6e_ip6;
120 struct mbuf *ip6e_hbh;
121 struct mbuf *ip6e_dest1;
122 struct mbuf *ip6e_rthdr;
123 struct mbuf *ip6e_dest2;
126 static int ip6_pcbopts (struct ip6_pktopts **, struct mbuf *,
127 struct socket *, struct sockopt *sopt);
128 static int ip6_setmoptions (int, struct ip6_moptions **, struct mbuf *);
129 static int ip6_getmoptions (int, struct ip6_moptions *, struct mbuf **);
130 static int ip6_copyexthdr (struct mbuf **, caddr_t, int);
131 static int ip6_insertfraghdr (struct mbuf *, struct mbuf *, int,
133 static int ip6_insert_jumboopt (struct ip6_exthdrs *, u_int32_t);
134 static int ip6_splithdr (struct mbuf *, struct ip6_exthdrs *);
137 * IP6 output. The packet in mbuf chain m contains a skeletal IP6
138 * header (with pri, len, nxt, hlim, src, dst).
139 * This function may modify ver and hlim only.
140 * The mbuf chain containing the packet will be freed.
141 * The mbuf opt, if present, will not be freed.
143 * type of "mtu": rt_rmx.rmx_mtu is u_long, ifnet.ifr_mtu is int, and
144 * nd_ifinfo.linkmtu is u_int32_t. so we use u_long to hold largest one,
145 * which is rt_rmx.rmx_mtu.
148 ip6_output(struct mbuf *m0, struct ip6_pktopts *opt, struct route_in6 *ro,
149 int flags, struct ip6_moptions *im6o,
150 struct ifnet **ifpp, /* XXX: just for statistics */
153 struct ip6_hdr *ip6, *mhip6;
154 struct ifnet *ifp, *origifp;
156 int hlen, tlen, len, off;
157 struct route_in6 ip6route;
158 struct sockaddr_in6 *dst;
160 struct in6_ifaddr *ia = NULL;
162 u_int32_t optlen = 0, plen = 0, unfragpartlen = 0;
163 struct ip6_exthdrs exthdrs;
164 struct in6_addr finaldst;
165 struct route_in6 *ro_pmtu = NULL;
169 int needipsectun = 0;
170 struct secpolicy *sp = NULL;
171 struct socket *so = inp ? inp->inp_socket : NULL;
173 ip6 = mtod(m, struct ip6_hdr *);
176 int needipsectun = 0;
177 struct secpolicy *sp = NULL;
179 ip6 = mtod(m, struct ip6_hdr *);
180 #endif /* FAST_IPSEC */
182 #define MAKE_EXTHDR(hp, mp) \
185 struct ip6_ext *eh = (struct ip6_ext *)(hp); \
186 error = ip6_copyexthdr((mp), (caddr_t)(hp), \
187 ((eh)->ip6e_len + 1) << 3); \
193 bzero(&exthdrs, sizeof(exthdrs));
196 /* Hop-by-Hop options header */
197 MAKE_EXTHDR(opt->ip6po_hbh, &exthdrs.ip6e_hbh);
198 /* Destination options header(1st part) */
199 MAKE_EXTHDR(opt->ip6po_dest1, &exthdrs.ip6e_dest1);
201 MAKE_EXTHDR(opt->ip6po_rthdr, &exthdrs.ip6e_rthdr);
202 /* Destination options header(2nd part) */
203 MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2);
207 /* get a security policy for this packet */
209 sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
211 sp = ipsec6_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error);
214 ipsec6stat.out_inval++;
221 switch (sp->policy) {
222 case IPSEC_POLICY_DISCARD:
224 * This packet is just discarded.
226 ipsec6stat.out_polvio++;
229 case IPSEC_POLICY_BYPASS:
230 case IPSEC_POLICY_NONE:
231 /* no need to do IPsec. */
235 case IPSEC_POLICY_IPSEC:
236 if (sp->req == NULL) {
237 /* acquire a policy */
238 error = key_spdacquire(sp);
244 case IPSEC_POLICY_ENTRUST:
246 printf("ip6_output: Invalid policy found. %d\n", sp->policy);
250 /* get a security policy for this packet */
252 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
254 sp = ipsec_getpolicybysock(m, IPSEC_DIR_OUTBOUND, inp, &error);
257 newipsecstat.ips_out_inval++;
264 switch (sp->policy) {
265 case IPSEC_POLICY_DISCARD:
267 * This packet is just discarded.
269 newipsecstat.ips_out_polvio++;
272 case IPSEC_POLICY_BYPASS:
273 case IPSEC_POLICY_NONE:
274 /* no need to do IPsec. */
278 case IPSEC_POLICY_IPSEC:
279 if (sp->req == NULL) {
280 /* acquire a policy */
281 error = key_spdacquire(sp);
287 case IPSEC_POLICY_ENTRUST:
289 printf("ip6_output: Invalid policy found. %d\n", sp->policy);
291 #endif /* FAST_IPSEC */
294 * Calculate the total length of the extension header chain.
295 * Keep the length of the unfragmentable part for fragmentation.
298 if (exthdrs.ip6e_hbh) optlen += exthdrs.ip6e_hbh->m_len;
299 if (exthdrs.ip6e_dest1) optlen += exthdrs.ip6e_dest1->m_len;
300 if (exthdrs.ip6e_rthdr) optlen += exthdrs.ip6e_rthdr->m_len;
301 unfragpartlen = optlen + sizeof(struct ip6_hdr);
302 /* NOTE: we don't add AH/ESP length here. do that later. */
303 if (exthdrs.ip6e_dest2) optlen += exthdrs.ip6e_dest2->m_len;
306 * If we need IPsec, or there is at least one extension header,
307 * separate IP6 header from the payload.
309 if ((needipsec || optlen) && !hdrsplit) {
310 if ((error = ip6_splithdr(m, &exthdrs)) != 0) {
314 m = exthdrs.ip6e_ip6;
319 ip6 = mtod(m, struct ip6_hdr *);
321 /* adjust mbuf packet header length */
322 m->m_pkthdr.len += optlen;
323 plen = m->m_pkthdr.len - sizeof(*ip6);
325 /* If this is a jumbo payload, insert a jumbo payload option. */
326 if (plen > IPV6_MAXPACKET) {
328 if ((error = ip6_splithdr(m, &exthdrs)) != 0) {
332 m = exthdrs.ip6e_ip6;
336 ip6 = mtod(m, struct ip6_hdr *);
337 if ((error = ip6_insert_jumboopt(&exthdrs, plen)) != 0)
341 ip6->ip6_plen = htons(plen);
344 * Concatenate headers and fill in next header fields.
345 * Here we have, on "m"
347 * and we insert headers accordingly. Finally, we should be getting:
348 * IPv6 hbh dest1 rthdr ah* [esp* dest2 payload]
350 * during the header composing process, "m" points to IPv6 header.
351 * "mprev" points to an extension header prior to esp.
354 u_char *nexthdrp = &ip6->ip6_nxt;
355 struct mbuf *mprev = m;
358 * we treat dest2 specially. this makes IPsec processing
359 * much easier. the goal here is to make mprev point the
360 * mbuf prior to dest2.
362 * result: IPv6 dest2 payload
363 * m and mprev will point to IPv6 header.
365 if (exthdrs.ip6e_dest2) {
367 panic("assumption failed: hdr not split");
368 exthdrs.ip6e_dest2->m_next = m->m_next;
369 m->m_next = exthdrs.ip6e_dest2;
370 *mtod(exthdrs.ip6e_dest2, u_char *) = ip6->ip6_nxt;
371 ip6->ip6_nxt = IPPROTO_DSTOPTS;
374 #define MAKE_CHAIN(m, mp, p, i)\
378 panic("assumption failed: hdr not split"); \
379 *mtod((m), u_char *) = *(p);\
381 p = mtod((m), u_char *);\
382 (m)->m_next = (mp)->m_next;\
388 * result: IPv6 hbh dest1 rthdr dest2 payload
389 * m will point to IPv6 header. mprev will point to the
390 * extension header prior to dest2 (rthdr in the above case).
392 MAKE_CHAIN(exthdrs.ip6e_hbh, mprev,
393 nexthdrp, IPPROTO_HOPOPTS);
394 MAKE_CHAIN(exthdrs.ip6e_dest1, mprev,
395 nexthdrp, IPPROTO_DSTOPTS);
396 MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev,
397 nexthdrp, IPPROTO_ROUTING);
399 #if defined(IPSEC) || defined(FAST_IPSEC)
404 * pointers after IPsec headers are not valid any more.
405 * other pointers need a great care too.
406 * (IPsec routines should not mangle mbufs prior to AH/ESP)
408 exthdrs.ip6e_dest2 = NULL;
411 struct ip6_rthdr *rh = NULL;
413 struct ipsec_output_state state;
415 if (exthdrs.ip6e_rthdr) {
416 rh = mtod(exthdrs.ip6e_rthdr, struct ip6_rthdr *);
417 segleft_org = rh->ip6r_segleft;
418 rh->ip6r_segleft = 0;
421 bzero(&state, sizeof(state));
423 error = ipsec6_output_trans(&state, nexthdrp, mprev, sp, flags,
427 /* mbuf is already reclaimed in ipsec6_output_trans. */
437 printf("ip6_output (ipsec): error code %d\n", error);
440 /* don't show these error codes to the user */
446 if (exthdrs.ip6e_rthdr) {
447 /* ah6_output doesn't modify mbuf chain */
448 rh->ip6r_segleft = segleft_org;
456 * If there is a routing header, replace destination address field
457 * with the first hop of the routing header.
459 if (exthdrs.ip6e_rthdr) {
460 struct ip6_rthdr *rh =
461 (struct ip6_rthdr *)(mtod(exthdrs.ip6e_rthdr,
462 struct ip6_rthdr *));
463 struct ip6_rthdr0 *rh0;
465 finaldst = ip6->ip6_dst;
466 switch (rh->ip6r_type) {
467 case IPV6_RTHDR_TYPE_0:
468 rh0 = (struct ip6_rthdr0 *)rh;
469 ip6->ip6_dst = rh0->ip6r0_addr[0];
470 bcopy((caddr_t)&rh0->ip6r0_addr[1],
471 (caddr_t)&rh0->ip6r0_addr[0],
472 sizeof(struct in6_addr)*(rh0->ip6r0_segleft - 1)
474 rh0->ip6r0_addr[rh0->ip6r0_segleft - 1] = finaldst;
476 default: /* is it possible? */
482 /* Source address validation */
483 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) &&
484 (flags & IPV6_DADOUTPUT) == 0) {
486 ip6stat.ip6s_badscope++;
489 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) {
491 ip6stat.ip6s_badscope++;
495 ip6stat.ip6s_localout++;
502 bzero((caddr_t)ro, sizeof(*ro));
505 if (opt && opt->ip6po_rthdr)
506 ro = &opt->ip6po_route;
507 dst = (struct sockaddr_in6 *)&ro->ro_dst;
509 * If there is a cached route,
510 * check that it is to the same destination
511 * and is still up. If not, free it and try again.
513 if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
514 dst->sin6_family != AF_INET6 ||
515 !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &ip6->ip6_dst))) {
517 ro->ro_rt = (struct rtentry *)0;
519 if (ro->ro_rt == 0) {
520 bzero(dst, sizeof(*dst));
521 dst->sin6_family = AF_INET6;
522 dst->sin6_len = sizeof(struct sockaddr_in6);
523 dst->sin6_addr = ip6->ip6_dst;
525 /* XXX: sin6_scope_id should already be fixed at this point */
526 if (IN6_IS_SCOPE_LINKLOCAL(&dst->sin6_addr))
527 dst->sin6_scope_id = ntohs(dst->sin6_addr.s6_addr16[1]);
530 #if defined(IPSEC) || defined(FAST_IPSEC)
531 if (needipsec && needipsectun) {
532 struct ipsec_output_state state;
535 * All the extension headers will become inaccessible
536 * (since they can be encrypted).
537 * Don't panic, we need no more updates to extension headers
538 * on inner IPv6 packet (since they are now encapsulated).
540 * IPv6 [ESP|AH] IPv6 [extension headers] payload
542 bzero(&exthdrs, sizeof(exthdrs));
543 exthdrs.ip6e_ip6 = m;
545 bzero(&state, sizeof(state));
547 state.ro = (struct route *)ro;
548 state.dst = (struct sockaddr *)dst;
550 error = ipsec6_output_tunnel(&state, sp, flags);
553 ro = (struct route_in6 *)state.ro;
554 dst = (struct sockaddr_in6 *)state.dst;
556 /* mbuf is already reclaimed in ipsec6_output_tunnel. */
567 printf("ip6_output (ipsec): error code %d\n", error);
570 /* don't show these error codes to the user */
577 exthdrs.ip6e_ip6 = m;
581 if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
584 #define ifatoia6(ifa) ((struct in6_ifaddr *)(ifa))
585 #define sin6tosa(sin6) ((struct sockaddr *)(sin6))
587 * interface selection comes here
588 * if an interface is specified from an upper layer,
591 if (ro->ro_rt == 0) {
593 * non-bsdi always clone routes, if parent is
596 rtalloc((struct route *)ro);
598 if (ro->ro_rt == 0) {
599 ip6stat.ip6s_noroute++;
600 error = EHOSTUNREACH;
601 /* XXX in6_ifstat_inc(ifp, ifs6_out_discard); */
604 ia = ifatoia6(ro->ro_rt->rt_ifa);
605 ifp = ro->ro_rt->rt_ifp;
607 if (ro->ro_rt->rt_flags & RTF_GATEWAY)
608 dst = (struct sockaddr_in6 *)ro->ro_rt->rt_gateway;
609 m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */
611 in6_ifstat_inc(ifp, ifs6_out_request);
614 * Check if the outgoing interface conflicts with
615 * the interface specified by ifi6_ifindex (if specified).
616 * Note that loopback interface is always okay.
617 * (this may happen when we are sending a packet to one of
618 * our own addresses.)
620 if (opt && opt->ip6po_pktinfo
621 && opt->ip6po_pktinfo->ipi6_ifindex) {
622 if (!(ifp->if_flags & IFF_LOOPBACK)
623 && ifp->if_index != opt->ip6po_pktinfo->ipi6_ifindex) {
624 ip6stat.ip6s_noroute++;
625 in6_ifstat_inc(ifp, ifs6_out_discard);
626 error = EHOSTUNREACH;
631 if (opt && opt->ip6po_hlim != -1)
632 ip6->ip6_hlim = opt->ip6po_hlim & 0xff;
635 struct in6_multi *in6m;
637 m->m_flags = (m->m_flags & ~M_BCAST) | M_MCAST;
640 * See if the caller provided any multicast options
644 ip6->ip6_hlim = im6o->im6o_multicast_hlim;
645 if (im6o->im6o_multicast_ifp != NULL)
646 ifp = im6o->im6o_multicast_ifp;
648 ip6->ip6_hlim = ip6_defmcasthlim;
651 * See if the caller provided the outgoing interface
652 * as an ancillary data.
653 * Boundary check for ifindex is assumed to be already done.
655 if (opt && opt->ip6po_pktinfo && opt->ip6po_pktinfo->ipi6_ifindex)
656 ifp = ifindex2ifnet[opt->ip6po_pktinfo->ipi6_ifindex];
659 * If the destination is a node-local scope multicast,
660 * the packet should be loop-backed only.
662 if (IN6_IS_ADDR_MC_NODELOCAL(&ip6->ip6_dst)) {
664 * If the outgoing interface is already specified,
665 * it should be a loopback interface.
667 if (ifp && (ifp->if_flags & IFF_LOOPBACK) == 0) {
668 ip6stat.ip6s_badscope++;
669 error = ENETUNREACH; /* XXX: better error? */
670 /* XXX correct ifp? */
671 in6_ifstat_inc(ifp, ifs6_out_discard);
678 if (opt && opt->ip6po_hlim != -1)
679 ip6->ip6_hlim = opt->ip6po_hlim & 0xff;
682 * If caller did not provide an interface lookup a
683 * default in the routing table. This is either a
684 * default for the speicfied group (i.e. a host
685 * route), or a multicast default (a route for the
689 if (ro->ro_rt == 0) {
690 ro->ro_rt = rtalloc1((struct sockaddr *)
691 &ro->ro_dst, 0, 0UL);
693 if (ro->ro_rt == 0) {
694 ip6stat.ip6s_noroute++;
695 error = EHOSTUNREACH;
696 /* XXX in6_ifstat_inc(ifp, ifs6_out_discard) */
699 ia = ifatoia6(ro->ro_rt->rt_ifa);
700 ifp = ro->ro_rt->rt_ifp;
704 if ((flags & IPV6_FORWARDING) == 0)
705 in6_ifstat_inc(ifp, ifs6_out_request);
706 in6_ifstat_inc(ifp, ifs6_out_mcast);
709 * Confirm that the outgoing interface supports multicast.
711 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
712 ip6stat.ip6s_noroute++;
713 in6_ifstat_inc(ifp, ifs6_out_discard);
717 IN6_LOOKUP_MULTI(ip6->ip6_dst, ifp, in6m);
719 (im6o == NULL || im6o->im6o_multicast_loop)) {
721 * If we belong to the destination multicast group
722 * on the outgoing interface, and the caller did not
723 * forbid loopback, loop back a copy.
725 ip6_mloopback(ifp, m, dst);
728 * If we are acting as a multicast router, perform
729 * multicast forwarding as if the packet had just
730 * arrived on the interface to which we are about
731 * to send. The multicast forwarding function
732 * recursively calls this function, using the
733 * IPV6_FORWARDING flag to prevent infinite recursion.
735 * Multicasts that are looped back by ip6_mloopback(),
736 * above, will be forwarded by the ip6_input() routine,
739 if (ip6_mrouter && (flags & IPV6_FORWARDING) == 0) {
740 if (ip6_mforward(ip6, ifp, m) != 0) {
747 * Multicasts with a hoplimit of zero may be looped back,
748 * above, but must not be transmitted on a network.
749 * Also, multicasts addressed to the loopback interface
750 * are not sent -- the above call to ip6_mloopback() will
751 * loop back a copy if this host actually belongs to the
752 * destination group on the loopback interface.
754 if (ip6->ip6_hlim == 0 || (ifp->if_flags & IFF_LOOPBACK)) {
761 * Fill the outgoing inteface to tell the upper layer
762 * to increment per-interface statistics.
768 * Determine path MTU.
771 /* The first hop and the final destination may differ. */
772 struct sockaddr_in6 *sin6_fin =
773 (struct sockaddr_in6 *)&ro_pmtu->ro_dst;
774 if (ro_pmtu->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
775 !IN6_ARE_ADDR_EQUAL(&sin6_fin->sin6_addr,
777 RTFREE(ro_pmtu->ro_rt);
778 ro_pmtu->ro_rt = (struct rtentry *)0;
780 if (ro_pmtu->ro_rt == 0) {
781 bzero(sin6_fin, sizeof(*sin6_fin));
782 sin6_fin->sin6_family = AF_INET6;
783 sin6_fin->sin6_len = sizeof(struct sockaddr_in6);
784 sin6_fin->sin6_addr = finaldst;
786 rtalloc((struct route *)ro_pmtu);
789 if (ro_pmtu->ro_rt != NULL) {
790 u_int32_t ifmtu = nd_ifinfo[ifp->if_index].linkmtu;
792 mtu = ro_pmtu->ro_rt->rt_rmx.rmx_mtu;
793 if (mtu > ifmtu || mtu == 0) {
795 * The MTU on the route is larger than the MTU on
796 * the interface! This shouldn't happen, unless the
797 * MTU of the interface has been changed after the
798 * interface was brought up. Change the MTU in the
799 * route to match the interface MTU (as long as the
800 * field isn't locked).
802 * if MTU on the route is 0, we need to fix the MTU.
803 * this case happens with path MTU discovery timeouts.
806 if ((ro_pmtu->ro_rt->rt_rmx.rmx_locks & RTV_MTU) == 0)
807 ro_pmtu->ro_rt->rt_rmx.rmx_mtu = mtu; /* XXX */
810 mtu = nd_ifinfo[ifp->if_index].linkmtu;
814 * advanced API (IPV6_USE_MIN_MTU) overrides mtu setting
816 if ((flags & IPV6_MINMTU) != 0 && mtu > IPV6_MMTU)
819 /* Fake scoped addresses */
820 if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
822 * If source or destination address is a scoped address, and
823 * the packet is going to be sent to a loopback interface,
824 * we should keep the original interface.
828 * XXX: this is a very experimental and temporary solution.
829 * We eventually have sockaddr_in6 and use the sin6_scope_id
830 * field of the structure here.
831 * We rely on the consistency between two scope zone ids
832 * of source and destination, which should already be assured.
833 * Larger scopes than link will be supported in the future.
836 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))
837 origifp = ifindex2ifnet[ntohs(ip6->ip6_src.s6_addr16[1])];
838 else if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
839 origifp = ifindex2ifnet[ntohs(ip6->ip6_dst.s6_addr16[1])];
841 * XXX: origifp can be NULL even in those two cases above.
842 * For example, if we remove the (only) link-local address
843 * from the loopback interface, and try to send a link-local
844 * address without link-id information. Then the source
845 * address is ::1, and the destination address is the
846 * link-local address with its s6_addr16[1] being zero.
847 * What is worse, if the packet goes to the loopback interface
848 * by a default rejected route, the null pointer would be
849 * passed to looutput, and the kernel would hang.
850 * The following last resort would prevent such disaster.
857 #ifndef SCOPEDROUTING
859 * clear embedded scope identifiers if necessary.
860 * in6_clearscope will touch the addresses only when necessary.
862 in6_clearscope(&ip6->ip6_src);
863 in6_clearscope(&ip6->ip6_dst);
867 * Check with the firewall...
869 if (ip6_fw_enable && ip6_fw_chk_ptr) {
871 m->m_pkthdr.rcvif = NULL; /* XXX */
872 /* If ipfw says divert, we have to just drop packet */
873 if ((*ip6_fw_chk_ptr)(&ip6, ifp, &port, &m)) {
884 * If the outgoing packet contains a hop-by-hop options header,
885 * it must be examined and processed even by the source node.
886 * (RFC 2460, section 4.)
888 if (exthdrs.ip6e_hbh) {
889 struct ip6_hbh *hbh = mtod(exthdrs.ip6e_hbh, struct ip6_hbh *);
890 u_int32_t dummy1; /* XXX unused */
891 u_int32_t dummy2; /* XXX unused */
894 if ((hbh->ip6h_len + 1) << 3 > exthdrs.ip6e_hbh->m_len)
895 panic("ip6e_hbh is not continuous");
898 * XXX: if we have to send an ICMPv6 error to the sender,
899 * we need the M_LOOP flag since icmp6_error() expects
900 * the IPv6 and the hop-by-hop options header are
901 * continuous unless the flag is set.
903 m->m_flags |= M_LOOP;
904 m->m_pkthdr.rcvif = ifp;
905 if (ip6_process_hopopts(m,
906 (u_int8_t *)(hbh + 1),
907 ((hbh->ip6h_len + 1) << 3) -
908 sizeof(struct ip6_hbh),
909 &dummy1, &dummy2) < 0) {
910 /* m was already freed at this point */
911 error = EINVAL;/* better error? */
914 m->m_flags &= ~M_LOOP; /* XXX */
915 m->m_pkthdr.rcvif = NULL;
919 * Run through list of hooks for output packets.
921 if (pfil_has_hooks(&inet6_pfil_hook)) {
922 error = pfil_run_hooks(&inet6_pfil_hook, &m, ifp, PFIL_OUT);
923 if (error != 0 || m == NULL)
925 ip6 = mtod(m, struct ip6_hdr *);
929 * Send the packet to the outgoing interface.
930 * If necessary, do IPv6 fragmentation before sending.
932 tlen = m->m_pkthdr.len;
936 * On any link that cannot convey a 1280-octet packet in one piece,
937 * link-specific fragmentation and reassembly must be provided at
938 * a layer below IPv6. [RFC 2460, sec.5]
939 * Thus if the interface has ability of link-level fragmentation,
940 * we can just send the packet even if the packet size is
941 * larger than the link's MTU.
942 * XXX: IFF_FRAGMENTABLE (or such) flag has not been defined yet...
945 || ifp->if_flags & IFF_FRAGMENTABLE
949 /* Record statistics for this interface address. */
950 if (ia && !(flags & IPV6_FORWARDING)) {
951 ia->ia_ifa.if_opackets++;
952 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
955 /* clean ipsec history once it goes out of the node */
958 error = nd6_output(ifp, origifp, m, dst, ro->ro_rt);
960 } else if (mtu < IPV6_MMTU) {
962 * note that path MTU is never less than IPV6_MMTU
966 in6_ifstat_inc(ifp, ifs6_out_fragfail);
968 } else if (ip6->ip6_plen == 0) { /* jumbo payload cannot be fragmented */
970 in6_ifstat_inc(ifp, ifs6_out_fragfail);
973 struct mbuf **mnext, *m_frgpart;
974 struct ip6_frag *ip6f;
975 u_int32_t id = htonl(ip6_id++);
979 * Too large for the destination or interface;
980 * fragment if possible.
981 * Must be able to put at least 8 bytes per fragment.
983 hlen = unfragpartlen;
984 if (mtu > IPV6_MAXPACKET)
985 mtu = IPV6_MAXPACKET;
987 len = (mtu - hlen - sizeof(struct ip6_frag)) & ~7;
990 in6_ifstat_inc(ifp, ifs6_out_fragfail);
994 mnext = &m->m_nextpkt;
997 * Change the next header field of the last header in the
998 * unfragmentable part.
1000 if (exthdrs.ip6e_rthdr) {
1001 nextproto = *mtod(exthdrs.ip6e_rthdr, u_char *);
1002 *mtod(exthdrs.ip6e_rthdr, u_char *) = IPPROTO_FRAGMENT;
1003 } else if (exthdrs.ip6e_dest1) {
1004 nextproto = *mtod(exthdrs.ip6e_dest1, u_char *);
1005 *mtod(exthdrs.ip6e_dest1, u_char *) = IPPROTO_FRAGMENT;
1006 } else if (exthdrs.ip6e_hbh) {
1007 nextproto = *mtod(exthdrs.ip6e_hbh, u_char *);
1008 *mtod(exthdrs.ip6e_hbh, u_char *) = IPPROTO_FRAGMENT;
1010 nextproto = ip6->ip6_nxt;
1011 ip6->ip6_nxt = IPPROTO_FRAGMENT;
1015 * Loop through length of segment after first fragment,
1016 * make new header and copy data of each part and link onto
1020 for (off = hlen; off < tlen; off += len) {
1021 MGETHDR(m, MB_DONTWAIT, MT_HEADER);
1024 ip6stat.ip6s_odropped++;
1027 m->m_pkthdr.rcvif = NULL;
1028 m->m_flags = m0->m_flags & M_COPYFLAGS;
1030 mnext = &m->m_nextpkt;
1031 m->m_data += max_linkhdr;
1032 mhip6 = mtod(m, struct ip6_hdr *);
1034 m->m_len = sizeof(*mhip6);
1035 error = ip6_insertfraghdr(m0, m, hlen, &ip6f);
1037 ip6stat.ip6s_odropped++;
1040 ip6f->ip6f_offlg = htons((u_short)((off - hlen) & ~7));
1041 if (off + len >= tlen)
1044 ip6f->ip6f_offlg |= IP6F_MORE_FRAG;
1045 mhip6->ip6_plen = htons((u_short)(len + hlen +
1047 sizeof(struct ip6_hdr)));
1048 if ((m_frgpart = m_copy(m0, off, len)) == 0) {
1050 ip6stat.ip6s_odropped++;
1053 m_cat(m, m_frgpart);
1054 m->m_pkthdr.len = len + hlen + sizeof(*ip6f);
1055 m->m_pkthdr.rcvif = (struct ifnet *)0;
1056 ip6f->ip6f_reserved = 0;
1057 ip6f->ip6f_ident = id;
1058 ip6f->ip6f_nxt = nextproto;
1059 ip6stat.ip6s_ofragments++;
1060 in6_ifstat_inc(ifp, ifs6_out_fragcreat);
1063 in6_ifstat_inc(ifp, ifs6_out_fragok);
1067 * Remove leading garbages.
1073 for (m0 = m; m; m = m0) {
1077 /* Record statistics for this interface address. */
1079 ia->ia_ifa.if_opackets++;
1080 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
1083 /* clean ipsec history once it goes out of the node */
1086 error = nd6_output(ifp, origifp, m, dst, ro->ro_rt);
1092 ip6stat.ip6s_fragmented++;
1095 if (ro == &ip6route && ro->ro_rt) { /* brace necessary for RTFREE */
1097 } else if (ro_pmtu == &ip6route && ro_pmtu->ro_rt) {
1098 RTFREE(ro_pmtu->ro_rt);
1108 #endif /* FAST_IPSEC */
1113 m_freem(exthdrs.ip6e_hbh); /* m_freem will check if mbuf is 0 */
1114 m_freem(exthdrs.ip6e_dest1);
1115 m_freem(exthdrs.ip6e_rthdr);
1116 m_freem(exthdrs.ip6e_dest2);
1124 ip6_copyexthdr(struct mbuf **mp, caddr_t hdr, int hlen)
1128 if (hlen > MCLBYTES)
1129 return(ENOBUFS); /* XXX */
1131 MGET(m, MB_DONTWAIT, MT_DATA);
1136 MCLGET(m, MB_DONTWAIT);
1137 if ((m->m_flags & M_EXT) == 0) {
1144 bcopy(hdr, mtod(m, caddr_t), hlen);
1151 * Insert jumbo payload option.
1154 ip6_insert_jumboopt(struct ip6_exthdrs *exthdrs, u_int32_t plen)
1160 #define JUMBOOPTLEN 8 /* length of jumbo payload option and padding */
1163 * If there is no hop-by-hop options header, allocate new one.
1164 * If there is one but it doesn't have enough space to store the
1165 * jumbo payload option, allocate a cluster to store the whole options.
1166 * Otherwise, use it to store the options.
1168 if (exthdrs->ip6e_hbh == 0) {
1169 MGET(mopt, MB_DONTWAIT, MT_DATA);
1172 mopt->m_len = JUMBOOPTLEN;
1173 optbuf = mtod(mopt, u_char *);
1174 optbuf[1] = 0; /* = ((JUMBOOPTLEN) >> 3) - 1 */
1175 exthdrs->ip6e_hbh = mopt;
1177 struct ip6_hbh *hbh;
1179 mopt = exthdrs->ip6e_hbh;
1180 if (M_TRAILINGSPACE(mopt) < JUMBOOPTLEN) {
1183 * - exthdrs->ip6e_hbh is not referenced from places
1184 * other than exthdrs.
1185 * - exthdrs->ip6e_hbh is not an mbuf chain.
1187 int oldoptlen = mopt->m_len;
1191 * XXX: give up if the whole (new) hbh header does
1192 * not fit even in an mbuf cluster.
1194 if (oldoptlen + JUMBOOPTLEN > MCLBYTES)
1198 * As a consequence, we must always prepare a cluster
1201 MGET(n, MB_DONTWAIT, MT_DATA);
1203 MCLGET(n, MB_DONTWAIT);
1204 if ((n->m_flags & M_EXT) == 0) {
1211 n->m_len = oldoptlen + JUMBOOPTLEN;
1212 bcopy(mtod(mopt, caddr_t), mtod(n, caddr_t),
1214 optbuf = mtod(n, caddr_t) + oldoptlen;
1216 mopt = exthdrs->ip6e_hbh = n;
1218 optbuf = mtod(mopt, u_char *) + mopt->m_len;
1219 mopt->m_len += JUMBOOPTLEN;
1221 optbuf[0] = IP6OPT_PADN;
1225 * Adjust the header length according to the pad and
1226 * the jumbo payload option.
1228 hbh = mtod(mopt, struct ip6_hbh *);
1229 hbh->ip6h_len += (JUMBOOPTLEN >> 3);
1232 /* fill in the option. */
1233 optbuf[2] = IP6OPT_JUMBO;
1235 v = (u_int32_t)htonl(plen + JUMBOOPTLEN);
1236 bcopy(&v, &optbuf[4], sizeof(u_int32_t));
1238 /* finally, adjust the packet header length */
1239 exthdrs->ip6e_ip6->m_pkthdr.len += JUMBOOPTLEN;
1246 * Insert fragment header and copy unfragmentable header portions.
1249 ip6_insertfraghdr(struct mbuf *m0, struct mbuf *m, int hlen,
1250 struct ip6_frag **frghdrp)
1252 struct mbuf *n, *mlast;
1254 if (hlen > sizeof(struct ip6_hdr)) {
1255 n = m_copym(m0, sizeof(struct ip6_hdr),
1256 hlen - sizeof(struct ip6_hdr), MB_DONTWAIT);
1263 /* Search for the last mbuf of unfragmentable part. */
1264 for (mlast = n; mlast->m_next; mlast = mlast->m_next)
1267 if ((mlast->m_flags & M_EXT) == 0 &&
1268 M_TRAILINGSPACE(mlast) >= sizeof(struct ip6_frag)) {
1269 /* use the trailing space of the last mbuf for the fragment hdr */
1271 (struct ip6_frag *)(mtod(mlast, caddr_t) + mlast->m_len);
1272 mlast->m_len += sizeof(struct ip6_frag);
1273 m->m_pkthdr.len += sizeof(struct ip6_frag);
1275 /* allocate a new mbuf for the fragment header */
1278 MGET(mfrg, MB_DONTWAIT, MT_DATA);
1281 mfrg->m_len = sizeof(struct ip6_frag);
1282 *frghdrp = mtod(mfrg, struct ip6_frag *);
1283 mlast->m_next = mfrg;
1290 * IP6 socket option processing.
1293 ip6_ctloutput(struct socket *so, struct sockopt *sopt)
1296 struct inpcb *in6p = sotoinpcb(so);
1298 int level, op, optname;
1303 level = sopt->sopt_level;
1304 op = sopt->sopt_dir;
1305 optname = sopt->sopt_name;
1306 optlen = sopt->sopt_valsize;
1309 panic("ip6_ctloutput: arg soopt is NULL");
1315 privileged = (td == NULL || suser(td)) ? 0 : 1;
1317 if (level == IPPROTO_IPV6) {
1322 case IPV6_PKTOPTIONS:
1326 error = soopt_getm(sopt, &m); /* XXX */
1329 error = soopt_mcopyin(sopt, m); /* XXX */
1332 error = ip6_pcbopts(&in6p->in6p_outputopts,
1334 m_freem(m); /* XXX */
1339 * Use of some Hop-by-Hop options or some
1340 * Destination options, might require special
1341 * privilege. That is, normal applications
1342 * (without special privilege) might be forbidden
1343 * from setting certain options in outgoing packets,
1344 * and might never see certain options in received
1345 * packets. [RFC 2292 Section 6]
1346 * KAME specific note:
1347 * KAME prevents non-privileged users from sending or
1348 * receiving ANY hbh/dst options in order to avoid
1349 * overhead of parsing options in the kernel.
1351 case IPV6_UNICAST_HOPS:
1356 if (optlen != sizeof(int)) {
1360 error = sooptcopyin(sopt, &optval,
1361 sizeof optval, sizeof optval);
1366 case IPV6_UNICAST_HOPS:
1367 if (optval < -1 || optval >= 256)
1370 /* -1 = kernel default */
1371 in6p->in6p_hops = optval;
1373 if ((in6p->in6p_vflag &
1375 in6p->inp_ip_ttl = optval;
1378 #define OPTSET(bit) \
1381 in6p->in6p_flags |= (bit); \
1383 in6p->in6p_flags &= ~(bit); \
1385 #define OPTBIT(bit) (in6p->in6p_flags & (bit) ? 1 : 0)
1388 in6p->in6p_cksum = optval;
1397 * make setsockopt(IPV6_V6ONLY)
1398 * available only prior to bind(2).
1399 * see ipng mailing list, Jun 22 2001.
1401 if (in6p->in6p_lport ||
1402 !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr))
1407 OPTSET(IN6P_IPV6_V6ONLY);
1409 in6p->in6p_vflag &= ~INP_IPV4;
1411 in6p->in6p_vflag |= INP_IPV4;
1422 if (optlen != sizeof(int)) {
1426 error = sooptcopyin(sopt, &optval,
1427 sizeof optval, sizeof optval);
1432 OPTSET(IN6P_PKTINFO);
1435 OPTSET(IN6P_HOPLIMIT);
1439 * Check super-user privilege.
1440 * See comments for IPV6_RECVHOPOPTS.
1444 OPTSET(IN6P_HOPOPTS);
1449 OPTSET(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS); /* XXX */
1458 case IPV6_MULTICAST_IF:
1459 case IPV6_MULTICAST_HOPS:
1460 case IPV6_MULTICAST_LOOP:
1461 case IPV6_JOIN_GROUP:
1462 case IPV6_LEAVE_GROUP:
1465 if (sopt->sopt_valsize > MLEN) {
1470 MGET(m, sopt->sopt_td ? MB_WAIT : MB_DONTWAIT, MT_HEADER);
1475 m->m_len = sopt->sopt_valsize;
1476 error = sooptcopyin(sopt, mtod(m, char *),
1477 m->m_len, m->m_len);
1478 error = ip6_setmoptions(sopt->sopt_name,
1479 &in6p->in6p_moptions,
1485 case IPV6_PORTRANGE:
1486 error = sooptcopyin(sopt, &optval,
1487 sizeof optval, sizeof optval);
1492 case IPV6_PORTRANGE_DEFAULT:
1493 in6p->in6p_flags &= ~(IN6P_LOWPORT);
1494 in6p->in6p_flags &= ~(IN6P_HIGHPORT);
1497 case IPV6_PORTRANGE_HIGH:
1498 in6p->in6p_flags &= ~(IN6P_LOWPORT);
1499 in6p->in6p_flags |= IN6P_HIGHPORT;
1502 case IPV6_PORTRANGE_LOW:
1503 in6p->in6p_flags &= ~(IN6P_HIGHPORT);
1504 in6p->in6p_flags |= IN6P_LOWPORT;
1513 #if defined(IPSEC) || defined(FAST_IPSEC)
1514 case IPV6_IPSEC_POLICY:
1520 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
1522 if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
1525 req = mtod(m, caddr_t);
1528 error = ipsec6_set_policy(in6p, optname, req,
1533 #endif /* KAME IPSEC */
1541 struct mbuf **mp = &m;
1543 if (ip6_fw_ctl_ptr == NULL)
1546 if ((error = soopt_getm(sopt, &m)) != 0)
1549 if ((error = soopt_mcopyin(sopt, m)) != 0)
1551 error = (*ip6_fw_ctl_ptr)(optname, mp);
1557 error = ENOPROTOOPT;
1565 case IPV6_PKTOPTIONS:
1566 if (in6p->in6p_options) {
1568 m = m_copym(in6p->in6p_options,
1569 0, M_COPYALL, MB_WAIT);
1570 error = soopt_mcopyout(sopt, m);
1574 sopt->sopt_valsize = 0;
1577 case IPV6_UNICAST_HOPS:
1582 case IPV6_PORTRANGE:
1585 case IPV6_UNICAST_HOPS:
1586 optval = in6p->in6p_hops;
1590 optval = in6p->in6p_cksum;
1594 optval = OPTBIT(IN6P_FAITH);
1598 optval = OPTBIT(IN6P_IPV6_V6ONLY);
1601 case IPV6_PORTRANGE:
1604 flags = in6p->in6p_flags;
1605 if (flags & IN6P_HIGHPORT)
1606 optval = IPV6_PORTRANGE_HIGH;
1607 else if (flags & IN6P_LOWPORT)
1608 optval = IPV6_PORTRANGE_LOW;
1614 error = sooptcopyout(sopt, &optval,
1623 if (optname == IPV6_HOPOPTS ||
1624 optname == IPV6_DSTOPTS ||
1629 optval = OPTBIT(IN6P_PKTINFO);
1632 optval = OPTBIT(IN6P_HOPLIMIT);
1637 optval = OPTBIT(IN6P_HOPOPTS);
1640 optval = OPTBIT(IN6P_RTHDR);
1645 optval = OPTBIT(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS);
1648 error = sooptcopyout(sopt, &optval,
1652 case IPV6_MULTICAST_IF:
1653 case IPV6_MULTICAST_HOPS:
1654 case IPV6_MULTICAST_LOOP:
1655 case IPV6_JOIN_GROUP:
1656 case IPV6_LEAVE_GROUP:
1659 error = ip6_getmoptions(sopt->sopt_name,
1660 in6p->in6p_moptions, &m);
1662 error = sooptcopyout(sopt,
1663 mtod(m, char *), m->m_len);
1668 #if defined(IPSEC) || defined(FAST_IPSEC)
1669 case IPV6_IPSEC_POLICY:
1673 struct mbuf *m = NULL;
1674 struct mbuf **mp = &m;
1676 error = soopt_getm(sopt, &m); /* XXX */
1679 error = soopt_mcopyin(sopt, m); /* XXX */
1683 req = mtod(m, caddr_t);
1686 error = ipsec6_get_policy(in6p, req, len, mp);
1688 error = soopt_mcopyout(sopt, m); /*XXX*/
1689 if (error == 0 && m)
1693 #endif /* KAME IPSEC */
1698 struct mbuf **mp = &m;
1700 if (ip6_fw_ctl_ptr == NULL)
1704 error = (*ip6_fw_ctl_ptr)(optname, mp);
1706 error = soopt_mcopyout(sopt, m); /* XXX */
1707 if (error == 0 && m)
1713 error = ENOPROTOOPT;
1725 * Set up IP6 options in pcb for insertion in output packets or
1726 * specifying behavior of outgoing packets.
1729 ip6_pcbopts(struct ip6_pktopts **pktopt, struct mbuf *m, struct socket *so,
1730 struct sockopt *sopt)
1732 struct ip6_pktopts *opt = *pktopt;
1734 struct thread *td = sopt->sopt_td;
1737 /* turn off any old options. */
1740 if (opt->ip6po_pktinfo || opt->ip6po_nexthop ||
1741 opt->ip6po_hbh || opt->ip6po_dest1 || opt->ip6po_dest2 ||
1742 opt->ip6po_rhinfo.ip6po_rhi_rthdr)
1743 printf("ip6_pcbopts: all specified options are cleared.\n");
1745 ip6_clearpktopts(opt, 1, -1);
1747 opt = malloc(sizeof(*opt), M_IP6OPT, M_WAITOK);
1750 if (!m || m->m_len == 0) {
1752 * Only turning off any previous options, regardless of
1753 * whether the opt is just created or given.
1755 free(opt, M_IP6OPT);
1759 /* set options specified by user. */
1762 if ((error = ip6_setpktoptions(m, opt, priv, 1)) != 0) {
1763 ip6_clearpktopts(opt, 1, -1); /* XXX: discard all options */
1764 free(opt, M_IP6OPT);
1772 * initialize ip6_pktopts. beware that there are non-zero default values in
1776 init_ip6pktopts(struct ip6_pktopts *opt)
1779 bzero(opt, sizeof(*opt));
1780 opt->ip6po_hlim = -1; /* -1 means default hop limit */
1784 ip6_clearpktopts(struct ip6_pktopts *pktopt, int needfree, int optname)
1789 if (optname == -1) {
1790 if (needfree && pktopt->ip6po_pktinfo)
1791 free(pktopt->ip6po_pktinfo, M_IP6OPT);
1792 pktopt->ip6po_pktinfo = NULL;
1795 pktopt->ip6po_hlim = -1;
1796 if (optname == -1) {
1797 if (needfree && pktopt->ip6po_nexthop)
1798 free(pktopt->ip6po_nexthop, M_IP6OPT);
1799 pktopt->ip6po_nexthop = NULL;
1801 if (optname == -1) {
1802 if (needfree && pktopt->ip6po_hbh)
1803 free(pktopt->ip6po_hbh, M_IP6OPT);
1804 pktopt->ip6po_hbh = NULL;
1806 if (optname == -1) {
1807 if (needfree && pktopt->ip6po_dest1)
1808 free(pktopt->ip6po_dest1, M_IP6OPT);
1809 pktopt->ip6po_dest1 = NULL;
1811 if (optname == -1) {
1812 if (needfree && pktopt->ip6po_rhinfo.ip6po_rhi_rthdr)
1813 free(pktopt->ip6po_rhinfo.ip6po_rhi_rthdr, M_IP6OPT);
1814 pktopt->ip6po_rhinfo.ip6po_rhi_rthdr = NULL;
1815 if (pktopt->ip6po_route.ro_rt) {
1816 RTFREE(pktopt->ip6po_route.ro_rt);
1817 pktopt->ip6po_route.ro_rt = NULL;
1820 if (optname == -1) {
1821 if (needfree && pktopt->ip6po_dest2)
1822 free(pktopt->ip6po_dest2, M_IP6OPT);
1823 pktopt->ip6po_dest2 = NULL;
1827 #define PKTOPT_EXTHDRCPY(type) \
1831 (((struct ip6_ext *)src->type)->ip6e_len + 1) << 3;\
1832 dst->type = malloc(hlen, M_IP6OPT, canwait);\
1833 if (dst->type == NULL && canwait == M_NOWAIT)\
1835 bcopy(src->type, dst->type, hlen);\
1839 struct ip6_pktopts *
1840 ip6_copypktopts(struct ip6_pktopts *src, int canwait)
1842 struct ip6_pktopts *dst;
1845 printf("ip6_clearpktopts: invalid argument\n");
1849 dst = malloc(sizeof(*dst), M_IP6OPT, canwait);
1850 if (dst == NULL && canwait == M_NOWAIT)
1852 bzero(dst, sizeof(*dst));
1854 dst->ip6po_hlim = src->ip6po_hlim;
1855 if (src->ip6po_pktinfo) {
1856 dst->ip6po_pktinfo = malloc(sizeof(*dst->ip6po_pktinfo),
1858 if (dst->ip6po_pktinfo == NULL && canwait == M_NOWAIT)
1860 *dst->ip6po_pktinfo = *src->ip6po_pktinfo;
1862 if (src->ip6po_nexthop) {
1863 dst->ip6po_nexthop = malloc(src->ip6po_nexthop->sa_len,
1865 if (dst->ip6po_nexthop == NULL && canwait == M_NOWAIT)
1867 bcopy(src->ip6po_nexthop, dst->ip6po_nexthop,
1868 src->ip6po_nexthop->sa_len);
1870 PKTOPT_EXTHDRCPY(ip6po_hbh);
1871 PKTOPT_EXTHDRCPY(ip6po_dest1);
1872 PKTOPT_EXTHDRCPY(ip6po_dest2);
1873 PKTOPT_EXTHDRCPY(ip6po_rthdr); /* not copy the cached route */
1877 if (dst->ip6po_pktinfo) free(dst->ip6po_pktinfo, M_IP6OPT);
1878 if (dst->ip6po_nexthop) free(dst->ip6po_nexthop, M_IP6OPT);
1879 if (dst->ip6po_hbh) free(dst->ip6po_hbh, M_IP6OPT);
1880 if (dst->ip6po_dest1) free(dst->ip6po_dest1, M_IP6OPT);
1881 if (dst->ip6po_dest2) free(dst->ip6po_dest2, M_IP6OPT);
1882 if (dst->ip6po_rthdr) free(dst->ip6po_rthdr, M_IP6OPT);
1883 free(dst, M_IP6OPT);
1886 #undef PKTOPT_EXTHDRCPY
1889 ip6_freepcbopts(struct ip6_pktopts *pktopt)
1894 ip6_clearpktopts(pktopt, 1, -1);
1896 free(pktopt, M_IP6OPT);
1900 * Set the IP6 multicast options in response to user setsockopt().
1903 ip6_setmoptions(int optname, struct ip6_moptions **im6op, struct mbuf *m)
1906 u_int loop, ifindex;
1907 struct ipv6_mreq *mreq;
1909 struct ip6_moptions *im6o = *im6op;
1910 struct route_in6 ro;
1911 struct sockaddr_in6 *dst;
1912 struct in6_multi_mship *imm;
1913 struct thread *td = curthread; /* XXX */
1917 * No multicast option buffer attached to the pcb;
1918 * allocate one and initialize to default values.
1920 im6o = (struct ip6_moptions *)
1921 malloc(sizeof(*im6o), M_IPMOPTS, M_WAITOK);
1926 im6o->im6o_multicast_ifp = NULL;
1927 im6o->im6o_multicast_hlim = ip6_defmcasthlim;
1928 im6o->im6o_multicast_loop = IPV6_DEFAULT_MULTICAST_LOOP;
1929 LIST_INIT(&im6o->im6o_memberships);
1934 case IPV6_MULTICAST_IF:
1936 * Select the interface for outgoing multicast packets.
1938 if (m == NULL || m->m_len != sizeof(u_int)) {
1942 bcopy(mtod(m, u_int *), &ifindex, sizeof(ifindex));
1943 if (ifindex < 0 || if_index < ifindex) {
1944 error = ENXIO; /* XXX EINVAL? */
1947 ifp = ifindex2ifnet[ifindex];
1948 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
1949 error = EADDRNOTAVAIL;
1952 im6o->im6o_multicast_ifp = ifp;
1955 case IPV6_MULTICAST_HOPS:
1958 * Set the IP6 hoplimit for outgoing multicast packets.
1961 if (m == NULL || m->m_len != sizeof(int)) {
1965 bcopy(mtod(m, u_int *), &optval, sizeof(optval));
1966 if (optval < -1 || optval >= 256)
1968 else if (optval == -1)
1969 im6o->im6o_multicast_hlim = ip6_defmcasthlim;
1971 im6o->im6o_multicast_hlim = optval;
1975 case IPV6_MULTICAST_LOOP:
1977 * Set the loopback flag for outgoing multicast packets.
1978 * Must be zero or one.
1980 if (m == NULL || m->m_len != sizeof(u_int)) {
1984 bcopy(mtod(m, u_int *), &loop, sizeof(loop));
1989 im6o->im6o_multicast_loop = loop;
1992 case IPV6_JOIN_GROUP:
1994 * Add a multicast group membership.
1995 * Group must be a valid IP6 multicast address.
1997 if (m == NULL || m->m_len != sizeof(struct ipv6_mreq)) {
2001 mreq = mtod(m, struct ipv6_mreq *);
2002 if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) {
2004 * We use the unspecified address to specify to accept
2005 * all multicast addresses. Only super user is allowed
2013 } else if (!IN6_IS_ADDR_MULTICAST(&mreq->ipv6mr_multiaddr)) {
2019 * If the interface is specified, validate it.
2021 if (mreq->ipv6mr_interface < 0
2022 || if_index < mreq->ipv6mr_interface) {
2023 error = ENXIO; /* XXX EINVAL? */
2027 * If no interface was explicitly specified, choose an
2028 * appropriate one according to the given multicast address.
2030 if (mreq->ipv6mr_interface == 0) {
2032 * If the multicast address is in node-local scope,
2033 * the interface should be a loopback interface.
2034 * Otherwise, look up the routing table for the
2035 * address, and choose the outgoing interface.
2036 * XXX: is it a good approach?
2038 if (IN6_IS_ADDR_MC_NODELOCAL(&mreq->ipv6mr_multiaddr)) {
2042 dst = (struct sockaddr_in6 *)&ro.ro_dst;
2043 bzero(dst, sizeof(*dst));
2044 dst->sin6_len = sizeof(struct sockaddr_in6);
2045 dst->sin6_family = AF_INET6;
2046 dst->sin6_addr = mreq->ipv6mr_multiaddr;
2047 rtalloc((struct route *)&ro);
2048 if (ro.ro_rt == NULL) {
2049 error = EADDRNOTAVAIL;
2052 ifp = ro.ro_rt->rt_ifp;
2056 ifp = ifindex2ifnet[mreq->ipv6mr_interface];
2059 * See if we found an interface, and confirm that it
2060 * supports multicast
2062 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
2063 error = EADDRNOTAVAIL;
2067 * Put interface index into the multicast address,
2068 * if the address has link-local scope.
2070 if (IN6_IS_ADDR_MC_LINKLOCAL(&mreq->ipv6mr_multiaddr)) {
2071 mreq->ipv6mr_multiaddr.s6_addr16[1]
2072 = htons(mreq->ipv6mr_interface);
2075 * See if the membership already exists.
2077 for (imm = im6o->im6o_memberships.lh_first;
2078 imm != NULL; imm = imm->i6mm_chain.le_next)
2079 if (imm->i6mm_maddr->in6m_ifp == ifp &&
2080 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr,
2081 &mreq->ipv6mr_multiaddr))
2088 * Everything looks good; add a new record to the multicast
2089 * address list for the given interface.
2091 imm = malloc(sizeof(*imm), M_IPMADDR, M_WAITOK);
2096 if ((imm->i6mm_maddr =
2097 in6_addmulti(&mreq->ipv6mr_multiaddr, ifp, &error)) == NULL) {
2098 free(imm, M_IPMADDR);
2101 LIST_INSERT_HEAD(&im6o->im6o_memberships, imm, i6mm_chain);
2104 case IPV6_LEAVE_GROUP:
2106 * Drop a multicast group membership.
2107 * Group must be a valid IP6 multicast address.
2109 if (m == NULL || m->m_len != sizeof(struct ipv6_mreq)) {
2113 mreq = mtod(m, struct ipv6_mreq *);
2114 if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) {
2119 } else if (!IN6_IS_ADDR_MULTICAST(&mreq->ipv6mr_multiaddr)) {
2124 * If an interface address was specified, get a pointer
2125 * to its ifnet structure.
2127 if (mreq->ipv6mr_interface < 0
2128 || if_index < mreq->ipv6mr_interface) {
2129 error = ENXIO; /* XXX EINVAL? */
2132 ifp = ifindex2ifnet[mreq->ipv6mr_interface];
2134 * Put interface index into the multicast address,
2135 * if the address has link-local scope.
2137 if (IN6_IS_ADDR_MC_LINKLOCAL(&mreq->ipv6mr_multiaddr)) {
2138 mreq->ipv6mr_multiaddr.s6_addr16[1]
2139 = htons(mreq->ipv6mr_interface);
2142 * Find the membership in the membership list.
2144 for (imm = im6o->im6o_memberships.lh_first;
2145 imm != NULL; imm = imm->i6mm_chain.le_next) {
2147 imm->i6mm_maddr->in6m_ifp == ifp) &&
2148 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr,
2149 &mreq->ipv6mr_multiaddr))
2153 /* Unable to resolve interface */
2154 error = EADDRNOTAVAIL;
2158 * Give up the multicast address record to which the
2159 * membership points.
2161 LIST_REMOVE(imm, i6mm_chain);
2162 in6_delmulti(imm->i6mm_maddr);
2163 free(imm, M_IPMADDR);
2172 * If all options have default values, no need to keep the mbuf.
2174 if (im6o->im6o_multicast_ifp == NULL &&
2175 im6o->im6o_multicast_hlim == ip6_defmcasthlim &&
2176 im6o->im6o_multicast_loop == IPV6_DEFAULT_MULTICAST_LOOP &&
2177 im6o->im6o_memberships.lh_first == NULL) {
2178 free(*im6op, M_IPMOPTS);
2186 * Return the IP6 multicast options in response to user getsockopt().
2189 ip6_getmoptions(int optname, struct ip6_moptions *im6o, struct mbuf **mp)
2191 u_int *hlim, *loop, *ifindex;
2193 *mp = m_get(MB_WAIT, MT_HEADER); /* XXX */
2197 case IPV6_MULTICAST_IF:
2198 ifindex = mtod(*mp, u_int *);
2199 (*mp)->m_len = sizeof(u_int);
2200 if (im6o == NULL || im6o->im6o_multicast_ifp == NULL)
2203 *ifindex = im6o->im6o_multicast_ifp->if_index;
2206 case IPV6_MULTICAST_HOPS:
2207 hlim = mtod(*mp, u_int *);
2208 (*mp)->m_len = sizeof(u_int);
2210 *hlim = ip6_defmcasthlim;
2212 *hlim = im6o->im6o_multicast_hlim;
2215 case IPV6_MULTICAST_LOOP:
2216 loop = mtod(*mp, u_int *);
2217 (*mp)->m_len = sizeof(u_int);
2219 *loop = ip6_defmcasthlim;
2221 *loop = im6o->im6o_multicast_loop;
2230 * Discard the IP6 multicast options.
2233 ip6_freemoptions(struct ip6_moptions *im6o)
2235 struct in6_multi_mship *imm;
2240 while ((imm = im6o->im6o_memberships.lh_first) != NULL) {
2241 LIST_REMOVE(imm, i6mm_chain);
2242 if (imm->i6mm_maddr)
2243 in6_delmulti(imm->i6mm_maddr);
2244 free(imm, M_IPMADDR);
2246 free(im6o, M_IPMOPTS);
2250 * Set IPv6 outgoing packet options based on advanced API.
2253 ip6_setpktoptions(struct mbuf *control, struct ip6_pktopts *opt, int priv,
2256 struct cmsghdr *cm = 0;
2258 if (control == 0 || opt == 0)
2261 init_ip6pktopts(opt);
2264 * XXX: Currently, we assume all the optional information is stored
2267 if (control->m_next)
2270 for (; control->m_len; control->m_data += CMSG_ALIGN(cm->cmsg_len),
2271 control->m_len -= CMSG_ALIGN(cm->cmsg_len)) {
2272 cm = mtod(control, struct cmsghdr *);
2273 if (cm->cmsg_len == 0 || cm->cmsg_len > control->m_len)
2275 if (cm->cmsg_level != IPPROTO_IPV6)
2279 * XXX should check if RFC2292 API is mixed with 2292bis API
2281 switch (cm->cmsg_type) {
2283 if (cm->cmsg_len != CMSG_LEN(sizeof(struct in6_pktinfo)))
2286 /* XXX: Is it really WAITOK? */
2287 opt->ip6po_pktinfo =
2288 malloc(sizeof(struct in6_pktinfo),
2289 M_IP6OPT, M_WAITOK);
2290 bcopy(CMSG_DATA(cm), opt->ip6po_pktinfo,
2291 sizeof(struct in6_pktinfo));
2293 opt->ip6po_pktinfo =
2294 (struct in6_pktinfo *)CMSG_DATA(cm);
2295 if (opt->ip6po_pktinfo->ipi6_ifindex &&
2296 IN6_IS_ADDR_LINKLOCAL(&opt->ip6po_pktinfo->ipi6_addr))
2297 opt->ip6po_pktinfo->ipi6_addr.s6_addr16[1] =
2298 htons(opt->ip6po_pktinfo->ipi6_ifindex);
2300 if (opt->ip6po_pktinfo->ipi6_ifindex > if_index
2301 || opt->ip6po_pktinfo->ipi6_ifindex < 0) {
2306 * Check if the requested source address is indeed a
2307 * unicast address assigned to the node, and can be
2308 * used as the packet's source address.
2310 if (!IN6_IS_ADDR_UNSPECIFIED(&opt->ip6po_pktinfo->ipi6_addr)) {
2311 struct in6_ifaddr *ia6;
2312 struct sockaddr_in6 sin6;
2314 bzero(&sin6, sizeof(sin6));
2315 sin6.sin6_len = sizeof(sin6);
2316 sin6.sin6_family = AF_INET6;
2318 opt->ip6po_pktinfo->ipi6_addr;
2319 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(sin6tosa(&sin6));
2321 (ia6->ia6_flags & (IN6_IFF_ANYCAST |
2322 IN6_IFF_NOTREADY)) != 0)
2323 return(EADDRNOTAVAIL);
2328 if (cm->cmsg_len != CMSG_LEN(sizeof(int)))
2331 opt->ip6po_hlim = *(int *)CMSG_DATA(cm);
2332 if (opt->ip6po_hlim < -1 || opt->ip6po_hlim > 255)
2340 if (cm->cmsg_len < sizeof(u_char) ||
2341 /* check if cmsg_len is large enough for sa_len */
2342 cm->cmsg_len < CMSG_LEN(*CMSG_DATA(cm)))
2346 opt->ip6po_nexthop =
2347 malloc(*CMSG_DATA(cm),
2348 M_IP6OPT, M_WAITOK);
2349 bcopy(CMSG_DATA(cm),
2353 opt->ip6po_nexthop =
2354 (struct sockaddr *)CMSG_DATA(cm);
2359 struct ip6_hbh *hbh;
2362 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_hbh)))
2364 hbh = (struct ip6_hbh *)CMSG_DATA(cm);
2365 hbhlen = (hbh->ip6h_len + 1) << 3;
2366 if (cm->cmsg_len != CMSG_LEN(hbhlen))
2371 malloc(hbhlen, M_IP6OPT, M_WAITOK);
2372 bcopy(hbh, opt->ip6po_hbh, hbhlen);
2374 opt->ip6po_hbh = hbh;
2380 struct ip6_dest *dest, **newdest;
2383 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_dest)))
2385 dest = (struct ip6_dest *)CMSG_DATA(cm);
2386 destlen = (dest->ip6d_len + 1) << 3;
2387 if (cm->cmsg_len != CMSG_LEN(destlen))
2391 * The old advacned API is ambiguous on this
2392 * point. Our approach is to determine the
2393 * position based according to the existence
2394 * of a routing header. Note, however, that
2395 * this depends on the order of the extension
2396 * headers in the ancillary data; the 1st part
2397 * of the destination options header must
2398 * appear before the routing header in the
2399 * ancillary data, too.
2400 * RFC2292bis solved the ambiguity by
2401 * introducing separate cmsg types.
2403 if (opt->ip6po_rthdr == NULL)
2404 newdest = &opt->ip6po_dest1;
2406 newdest = &opt->ip6po_dest2;
2409 *newdest = malloc(destlen, M_IP6OPT, M_WAITOK);
2410 bcopy(dest, *newdest, destlen);
2419 struct ip6_rthdr *rth;
2422 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_rthdr)))
2424 rth = (struct ip6_rthdr *)CMSG_DATA(cm);
2425 rthlen = (rth->ip6r_len + 1) << 3;
2426 if (cm->cmsg_len != CMSG_LEN(rthlen))
2429 switch (rth->ip6r_type) {
2430 case IPV6_RTHDR_TYPE_0:
2431 /* must contain one addr */
2432 if (rth->ip6r_len == 0)
2434 /* length must be even */
2435 if (rth->ip6r_len % 2)
2437 if (rth->ip6r_len / 2 != rth->ip6r_segleft)
2441 return(EINVAL); /* not supported */
2445 opt->ip6po_rthdr = malloc(rthlen, M_IP6OPT,
2447 bcopy(rth, opt->ip6po_rthdr, rthlen);
2449 opt->ip6po_rthdr = rth;
2455 return(ENOPROTOOPT);
2463 * Routine called from ip6_output() to loop back a copy of an IP6 multicast
2464 * packet to the input queue of a specified interface. Note that this
2465 * calls the output routine of the loopback "driver", but with an interface
2466 * pointer that might NOT be &loif -- easier than replicating that code here.
2469 ip6_mloopback(struct ifnet *ifp, struct mbuf *m, struct sockaddr_in6 *dst)
2472 struct ip6_hdr *ip6;
2474 copym = m_copy(m, 0, M_COPYALL);
2479 * Make sure to deep-copy IPv6 header portion in case the data
2480 * is in an mbuf cluster, so that we can safely override the IPv6
2481 * header portion later.
2483 if ((copym->m_flags & M_EXT) != 0 ||
2484 copym->m_len < sizeof(struct ip6_hdr)) {
2485 copym = m_pullup(copym, sizeof(struct ip6_hdr));
2491 if (copym->m_len < sizeof(*ip6)) {
2497 ip6 = mtod(copym, struct ip6_hdr *);
2498 #ifndef SCOPEDROUTING
2500 * clear embedded scope identifiers if necessary.
2501 * in6_clearscope will touch the addresses only when necessary.
2503 in6_clearscope(&ip6->ip6_src);
2504 in6_clearscope(&ip6->ip6_dst);
2507 (void)if_simloop(ifp, copym, dst->sin6_family, NULL);
2511 * Chop IPv6 header off from the payload.
2514 ip6_splithdr(struct mbuf *m, struct ip6_exthdrs *exthdrs)
2517 struct ip6_hdr *ip6;
2519 ip6 = mtod(m, struct ip6_hdr *);
2520 if (m->m_len > sizeof(*ip6)) {
2521 MGETHDR(mh, MB_DONTWAIT, MT_HEADER);
2526 M_MOVE_PKTHDR(mh, m);
2527 MH_ALIGN(mh, sizeof(*ip6));
2528 m->m_len -= sizeof(*ip6);
2529 m->m_data += sizeof(*ip6);
2532 m->m_len = sizeof(*ip6);
2533 bcopy((caddr_t)ip6, mtod(m, caddr_t), sizeof(*ip6));
2535 exthdrs->ip6e_ip6 = m;
2540 * Compute IPv6 extension header length.
2543 ip6_optlen(struct in6pcb *in6p)
2547 if (!in6p->in6p_outputopts)
2552 (((struct ip6_ext *)(x)) ? (((struct ip6_ext *)(x))->ip6e_len + 1) << 3 : 0)
2554 len += elen(in6p->in6p_outputopts->ip6po_hbh);
2555 if (in6p->in6p_outputopts->ip6po_rthdr)
2556 /* dest1 is valid with rthdr only */
2557 len += elen(in6p->in6p_outputopts->ip6po_dest1);
2558 len += elen(in6p->in6p_outputopts->ip6po_rthdr);
2559 len += elen(in6p->in6p_outputopts->ip6po_dest2);
projects / dragonfly.git / blob