]> git.saurik.com Git - apple/xnu.git/blame - bsd/netinet6/in6_proto.c
projects / apple / xnu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xnu-7195.101.1.tar.gz
[apple/xnu.git] / bsd / netinet6 / in6_proto.c
CommitLineData
b0d623f7 1/*
f427ee49 2 * Copyright (c) 2008-2020 Apple Inc. All rights reserved.
b0d623f7
A		 3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
39236c6e 5 *
b0d623f7
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
39236c6e 14 *
b0d623f7
A		 15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
39236c6e 17 *
b0d623f7
A		 18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
39236c6e 25 *
b0d623f7
A		 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28
1c79356b
A		 29/*
30 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
31 * All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. Neither the name of the project nor the names of its contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 */
57
58/*
59 * Copyright (c) 1982, 1986, 1993
60 * The Regents of the University of California. All rights reserved.
61 *
62 * Redistribution and use in source and binary forms, with or without
63 * modification, are permitted provided that the following conditions
64 * are met:
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in the
69 * documentation and/or other materials provided with the distribution.
70 * 3. All advertising materials mentioning features or use of this software
71 * must display the following acknowledgement:
72 * This product includes software developed by the University of
73 * California, Berkeley and its contributors.
74 * 4. Neither the name of the University nor the names of its contributors
75 * may be used to endorse or promote products derived from this software
76 * without specific prior written permission.
77 *
78 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
79 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
80 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
81 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
82 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
83 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
84 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
85 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
86 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
87 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
88 * SUCH DAMAGE.
89 *
90 * @(#)in_proto.c 8.1 (Berkeley) 6/10/93
91 */
92
1c79356b
A		 93
94#include <sys/param.h>
95#include <sys/socket.h>
1c79356b 96#include <sys/socketvar.h>
1c79356b
A		 97#include <sys/protosw.h>
98#include <sys/kernel.h>
99#include <sys/domain.h>
100#include <sys/mbuf.h>
1c79356b
A		 101#include <sys/systm.h>
102#include <sys/sysctl.h>
1c79356b
A		 103
104#include <net/if.h>
105#include <net/radix.h>
106#include <net/route.h>
d9a64523 107#include <net/nat464_utils.h>
1c79356b
A		 108
109#include <netinet/in.h>
110#include <netinet/in_systm.h>
111#include <netinet/in_var.h>
112#include <netinet/ip_encap.h>
1c79356b
A		 113#include <netinet/ip.h>
114#include <netinet/ip_var.h>
1c79356b
A		 115#include <netinet/ip6.h>
116#include <netinet6/ip6_var.h>
39236c6e 117#include <netinet6/in6_var.h>
1c79356b
A		 118#include <netinet/icmp6.h>
119
1c79356b
A		 120#include <netinet/tcp.h>
121#include <netinet/tcp_timer.h>
122#include <netinet/tcp_var.h>
123#include <netinet/udp.h>
124#include <netinet/udp_var.h>
1c79356b 125#include <netinet6/tcp6_var.h>
9bccf70c 126#include <netinet6/raw_ip6.h>
1c79356b 127#include <netinet6/udp6_var.h>
1c79356b 128#include <netinet6/nd6.h>
6d2010ae 129#include <netinet6/mld6_var.h>
1c79356b
A		 130
131#if IPSEC
132#include <netinet6/ipsec.h>
9bccf70c 133#include <netinet6/ipsec6.h>
1c79356b 134#include <netinet6/ah.h>
9bccf70c 135#include <netinet6/ah6.h>
1c79356b
A		 136#if IPSEC_ESP
137#include <netinet6/esp.h>
9bccf70c
A		 138#include <netinet6/esp6.h>
139#endif
1c79356b
A		 140#endif /*IPSEC*/
141
142#include <netinet6/ip6protosw.h>
1c79356b
A		 143
144#include <net/net_osdep.h>
145
1c79356b
A		 146/*
147 * TCP/IP protocol family: IP6, ICMP6, UDP, TCP.
148 */
149
39236c6e
A		 150extern struct domain inet6domain_s;
151struct domain *inet6domain = NULL;
152
1c79356b 153static struct pr_usrreqs nousrreqs;
91447636 154lck_mtx_t *inet6_domain_mutex;
9bccf70c 155
39236c6e
A		 156static void in6_dinit(struct domain *);
157static int rip6_pr_output(struct mbuf *, struct socket *,
158 struct sockaddr_in6 *, struct mbuf *);
55e303ae 159
1c79356b 160struct ip6protosw inet6sw[] = {
0a7de745
A		 161 {
162 .pr_type = 0,
163 .pr_protocol = IPPROTO_IPV6,
164 .pr_init = ip6_init,
165 .pr_drain = ip6_drain,
166 .pr_usrreqs = &nousrreqs,
167 },
168 {
169 .pr_type = SOCK_DGRAM,
170 .pr_protocol = IPPROTO_UDP,
171 .pr_flags = PR_ATOMIC | PR_ADDR | PR_PROTOLOCK | PR_PCBLOCK |
172 PR_EVCONNINFO | PR_PRECONN_WRITE,
173 .pr_input = udp6_input,
174 .pr_ctlinput = udp6_ctlinput,
175 .pr_ctloutput = ip6_ctloutput,
176#if !INET /* don't call initialization twice */
177 .pr_init = udp_init,
39236c6e 178#endif /* !INET */
0a7de745
A		 179 .pr_usrreqs = &udp6_usrreqs,
180 .pr_lock = udp_lock,
181 .pr_unlock = udp_unlock,
182 .pr_getlock = udp_getlock,
cb323159
A		 183 .pr_update_last_owner = inp_update_last_owner,
184 .pr_copy_last_owner = inp_copy_last_owner,
0a7de745
A		 185 },
186 {
187 .pr_type = SOCK_STREAM,
188 .pr_protocol = IPPROTO_TCP,
189 .pr_flags = PR_CONNREQUIRED | PR_WANTRCVD | PR_PCBLOCK |
190 PR_PROTOLOCK | PR_DISPOSE | PR_EVCONNINFO |
191 PR_PRECONN_WRITE | PR_DATA_IDEMPOTENT,
192 .pr_input = tcp6_input,
193 .pr_ctlinput = tcp6_ctlinput,
194 .pr_ctloutput = tcp_ctloutput,
195#if !INET /* don't call initialization and timeout routines twice */
196 .pr_init = tcp_init,
39236c6e 197#endif /* !INET */
0a7de745
A		 198 .pr_drain = tcp_drain,
199 .pr_usrreqs = &tcp6_usrreqs,
200 .pr_lock = tcp_lock,
201 .pr_unlock = tcp_unlock,
202 .pr_getlock = tcp_getlock,
cb323159
A		 203 .pr_update_last_owner = inp_update_last_owner,
204 .pr_copy_last_owner = inp_copy_last_owner,
0a7de745
A		 205 },
206 {
207 .pr_type = SOCK_RAW,
208 .pr_protocol = IPPROTO_RAW,
209 .pr_flags = PR_ATOMIC | PR_ADDR,
210 .pr_input = rip6_input,
211 .pr_output = rip6_pr_output,
212 .pr_ctlinput = rip6_ctlinput,
213 .pr_ctloutput = rip6_ctloutput,
214#if !INET /* don't call initialization and timeout routines twice */
215 .pr_init = rip_init,
39236c6e 216#endif /* !INET */
0a7de745
A		 217 .pr_usrreqs = &rip6_usrreqs,
218 .pr_unlock = rip_unlock,
cb323159
A		 219 .pr_update_last_owner = inp_update_last_owner,
220 .pr_copy_last_owner = inp_copy_last_owner,
0a7de745
A		 221 },
222 {
223 .pr_type = SOCK_RAW,
224 .pr_protocol = IPPROTO_ICMPV6,
225 .pr_flags = PR_ATOMIC | PR_ADDR | PR_LASTHDR,
226 .pr_input = icmp6_input,
227 .pr_output = rip6_pr_output,
228 .pr_ctlinput = rip6_ctlinput,
229 .pr_ctloutput = rip6_ctloutput,
230 .pr_init = icmp6_init,
231 .pr_usrreqs = &rip6_usrreqs,
232 .pr_unlock = rip_unlock,
cb323159
A		 233 .pr_update_last_owner = inp_update_last_owner,
234 .pr_copy_last_owner = inp_copy_last_owner,
0a7de745
A		 235 },
236 {
237 .pr_type = SOCK_DGRAM,
238 .pr_protocol = IPPROTO_ICMPV6,
239 .pr_flags = PR_ATOMIC | PR_ADDR | PR_LASTHDR,
240 .pr_input = icmp6_input,
241 .pr_output = rip6_pr_output,
242 .pr_ctlinput = rip6_ctlinput,
243 .pr_ctloutput = icmp6_dgram_ctloutput,
244 .pr_init = icmp6_init,
245 .pr_usrreqs = &icmp6_dgram_usrreqs,
246 .pr_unlock = rip_unlock,
cb323159
A		 247 .pr_update_last_owner = inp_update_last_owner,
248 .pr_copy_last_owner = inp_copy_last_owner,
0a7de745
A		 249 },
250 {
251 .pr_type = SOCK_RAW,
252 .pr_protocol = IPPROTO_DSTOPTS,
253 .pr_flags = PR_ATOMIC | PR_ADDR,
254 .pr_input = dest6_input,
255 .pr_usrreqs = &nousrreqs,
256 },
257 {
258 .pr_type = SOCK_RAW,
259 .pr_protocol = IPPROTO_ROUTING,
260 .pr_flags = PR_ATOMIC | PR_ADDR,
261 .pr_input = route6_input,
262 .pr_usrreqs = &nousrreqs,
263 },
264 {
265 .pr_type = SOCK_RAW,
266 .pr_protocol = IPPROTO_FRAGMENT,
267 .pr_flags = PR_ATOMIC | PR_ADDR | PR_PROTOLOCK,
268 .pr_input = frag6_input,
269 .pr_usrreqs = &nousrreqs,
270 },
1c79356b 271#if IPSEC
0a7de745
A		 272 {
273 .pr_type = SOCK_RAW,
274 .pr_protocol = IPPROTO_AH,
275 .pr_flags = PR_ATOMIC | PR_ADDR | PR_PROTOLOCK,
276 .pr_input = ah6_input,
277 .pr_usrreqs = &nousrreqs,
278 },
1c79356b 279#if IPSEC_ESP
0a7de745
A		 280 {
281 .pr_type = SOCK_RAW,
282 .pr_protocol = IPPROTO_ESP,
283 .pr_flags = PR_ATOMIC | PR_ADDR | PR_PROTOLOCK,
284 .pr_input = esp6_input,
285 .pr_ctlinput = esp6_ctlinput,
286 .pr_usrreqs = &nousrreqs,
287 },
39236c6e 288#endif /* IPSEC_ESP */
1c79356b 289#endif /* IPSEC */
9bccf70c 290#if INET
0a7de745
A		 291 {
292 .pr_type = SOCK_RAW,
293 .pr_protocol = IPPROTO_IPV4,
294 .pr_flags = PR_ATOMIC | PR_ADDR | PR_LASTHDR,
295 .pr_input = encap6_input,
296 .pr_output = rip6_pr_output,
297 .pr_ctloutput = rip6_ctloutput,
298 .pr_init = encap6_init,
299 .pr_usrreqs = &rip6_usrreqs,
300 .pr_unlock = rip_unlock,
cb323159
A		 301 .pr_update_last_owner = inp_update_last_owner,
302 .pr_copy_last_owner = inp_copy_last_owner,
0a7de745 303 },
9bccf70c 304#endif /*INET*/
0a7de745
A		 305 {
306 .pr_type = SOCK_RAW,
307 .pr_protocol = IPPROTO_IPV6,
308 .pr_flags = PR_ATOMIC | PR_ADDR | PR_LASTHDR,
309 .pr_input = encap6_input,
310 .pr_output = rip6_pr_output,
311 .pr_ctloutput = rip6_ctloutput,
312 .pr_init = encap6_init,
313 .pr_usrreqs = &rip6_usrreqs,
314 .pr_unlock = rip_unlock,
cb323159
A		 315 .pr_update_last_owner = inp_update_last_owner,
316 .pr_copy_last_owner = inp_copy_last_owner,
0a7de745 317 },
1c79356b 318/* raw wildcard */
0a7de745
A		 319 {
320 .pr_type = SOCK_RAW,
321 .pr_protocol = 0,
322 .pr_flags = PR_ATOMIC | PR_ADDR | PR_LASTHDR,
323 .pr_input = rip6_input,
324 .pr_output = rip6_pr_output,
325 .pr_ctloutput = rip6_ctloutput,
326 .pr_usrreqs = &rip6_usrreqs,
327 .pr_unlock = rip_unlock,
cb323159
A		 328 .pr_update_last_owner = inp_update_last_owner,
329 .pr_copy_last_owner = inp_copy_last_owner,
0a7de745 330 },
1c79356b
A		 331};
332
0a7de745 333int in6_proto_count = (sizeof(inet6sw) / sizeof(struct ip6protosw));
1c79356b 334
39236c6e 335struct domain inet6domain_s = {
0a7de745
A		 336 .dom_family = PF_INET6,
337 .dom_flags = DOM_REENTRANT,
338 .dom_name = "internet6",
339 .dom_init = in6_dinit,
340 .dom_rtattach = in6_inithead,
341 .dom_rtoffset = offsetof(struct sockaddr_in6, sin6_addr) << 3,
342 .dom_maxrtkey = sizeof(struct sockaddr_in6),
343 .dom_protohdrlen = sizeof(struct sockaddr_in6),
39236c6e 344};
1c79356b 345
9bccf70c
A		 346/* Initialize the PF_INET6 domain, and add in the pre-defined protos */
347void
39236c6e 348in6_dinit(struct domain *dp)
9bccf70c 349{
39236c6e
A		 350 struct ip6protosw *pr;
351 int i;
352
353 VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
354 VERIFY(inet6domain == NULL);
355
356 inet6domain = dp;
357
0a7de745 358 _CASSERT(sizeof(struct protosw) == sizeof(struct ip6protosw));
39236c6e
A		 359 _CASSERT(offsetof(struct ip6protosw, pr_entry) ==
360 offsetof(struct protosw, pr_entry));
361 _CASSERT(offsetof(struct ip6protosw, pr_domain) ==
362 offsetof(struct protosw, pr_domain));
363 _CASSERT(offsetof(struct ip6protosw, pr_protosw) ==
364 offsetof(struct protosw, pr_protosw));
365 _CASSERT(offsetof(struct ip6protosw, pr_type) ==
366 offsetof(struct protosw, pr_type));
367 _CASSERT(offsetof(struct ip6protosw, pr_protocol) ==
368 offsetof(struct protosw, pr_protocol));
369 _CASSERT(offsetof(struct ip6protosw, pr_flags) ==
370 offsetof(struct protosw, pr_flags));
371 _CASSERT(offsetof(struct ip6protosw, pr_input) ==
372 offsetof(struct protosw, pr_input));
373 _CASSERT(offsetof(struct ip6protosw, pr_output) ==
374 offsetof(struct protosw, pr_output));
375 _CASSERT(offsetof(struct ip6protosw, pr_ctlinput) ==
376 offsetof(struct protosw, pr_ctlinput));
377 _CASSERT(offsetof(struct ip6protosw, pr_ctloutput) ==
378 offsetof(struct protosw, pr_ctloutput));
379 _CASSERT(offsetof(struct ip6protosw, pr_usrreqs) ==
380 offsetof(struct protosw, pr_usrreqs));
381 _CASSERT(offsetof(struct ip6protosw, pr_init) ==
382 offsetof(struct protosw, pr_init));
383 _CASSERT(offsetof(struct ip6protosw, pr_drain) ==
384 offsetof(struct protosw, pr_drain));
385 _CASSERT(offsetof(struct ip6protosw, pr_sysctl) ==
386 offsetof(struct protosw, pr_sysctl));
387 _CASSERT(offsetof(struct ip6protosw, pr_lock) ==
388 offsetof(struct protosw, pr_lock));
389 _CASSERT(offsetof(struct ip6protosw, pr_unlock) ==
390 offsetof(struct protosw, pr_unlock));
391 _CASSERT(offsetof(struct ip6protosw, pr_getlock) ==
392 offsetof(struct protosw, pr_getlock));
393 _CASSERT(offsetof(struct ip6protosw, pr_filter_head) ==
394 offsetof(struct protosw, pr_filter_head));
395 _CASSERT(offsetof(struct ip6protosw, pr_old) ==
396 offsetof(struct protosw, pr_old));
cb323159
A		 397 _CASSERT(offsetof(struct ip6protosw, pr_update_last_owner) ==
398 offsetof(struct protosw, pr_update_last_owner));
399 _CASSERT(offsetof(struct ip6protosw, pr_copy_last_owner) ==
400 offsetof(struct protosw, pr_copy_last_owner));
39236c6e
A		 401
402 /*
403 * Attach first, then initialize. ip6_init() needs raw IP6 handler.
404 */
0a7de745 405 for (i = 0, pr = &inet6sw[0]; i < in6_proto_count; i++, pr++) {
39236c6e 406 net_add_proto((struct protosw *)pr, dp, 0);
0a7de745
A		 407 }
408 for (i = 0, pr = &inet6sw[0]; i < in6_proto_count; i++, pr++) {
39236c6e 409 net_init_proto((struct protosw *)pr, dp);
0a7de745 410 }
39236c6e
A		 411
412 inet6_domain_mutex = dp->dom_mtx;
9bccf70c
A		 413}
414
39236c6e
A		 415static int
416rip6_pr_output(struct mbuf *m, struct socket *so, struct sockaddr_in6 *sin6,
417 struct mbuf *m1)
55e303ae 418{
39236c6e
A		 419#pragma unused(m, so, sin6, m1)
420 panic("%s\n", __func__);
421 /* NOTREACHED */
0a7de745 422 return 0;
55e303ae 423}
9bccf70c 424
1c79356b
A		 425/*
426 * Internet configuration info
427 */
0a7de745 428#ifndef IPV6FORWARDING
1c79356b 429#if GATEWAY6
0a7de745 430#define IPV6FORWARDING 1 /* forward IP6 packets not for us */
1c79356b 431#else
0a7de745 432#define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */
1c79356b
A		 433#endif /* GATEWAY6 */
434#endif /* !IPV6FORWARDING */
435
0a7de745
A		 436#ifndef IPV6_SENDREDIRECTS
437#define IPV6_SENDREDIRECTS 1
1c79356b
A		 438#endif
439
0a7de745
A		 440int ip6_forwarding = IPV6FORWARDING; /* act as router? */
441int ip6_sendredirects = IPV6_SENDREDIRECTS;
442int ip6_defhlim = IPV6_DEFHLIM;
443int ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS;
444int ip6_accept_rtadv = 1; /* deprecated */
445int ip6_log_interval = 5;
446int ip6_hdrnestlimit = 15; /* How many header options will we process? */
447int ip6_dad_count = 1; /* DupAddrDetectionTransmits */
448int ip6_auto_flowlabel = 1;
449int ip6_gif_hlim = 0;
450int ip6_use_deprecated = 1; /* allow deprecated addr [RFC 4862, 5.5.4] */
451int ip6_rr_prune = 5; /* router renumbering prefix
452 * walk list every 5 sec. */
453int ip6_mcast_pmtu = 0; /* enable pMTU discovery for multicast? */
454int ip6_v6only = 0; /* Mapped addresses off by default - Radar 3347718 -- REVISITING FOR 10.7 -- TESTING WITH MAPPED@ OFF */
455
456int ip6_neighborgcthresh = 1024; /* Threshold # of NDP entries for GC */
457int ip6_maxifprefixes = 16; /* Max acceptable prefixes via RA per IF */
f427ee49 458int ip6_maxifdefrouters = 64; /* Max acceptable default or RTI routers via RA */
0a7de745
A		 459int ip6_maxdynroutes = 1024; /* Max # of routes created via redirect */
460int ip6_only_allow_rfc4193_prefix = 0; /* Only allow RFC4193 style Unique Local IPv6 Unicast prefixes */
e2fac8b1 461
316670eb 462static int ip6_keepfaith = 0;
39236c6e 463uint64_t ip6_log_time = 0;
0a7de745 464int nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (as in RFC 4861) */
1c79356b
A		 465
466/* icmp6 */
1c79356b
A		 467/*
468 * BSDI4 defines these variables in in_proto.c...
469 * XXX: what if we don't define INET? Should we define pmtu6_expire
470 * or so? (jinmei@kame.net 19990310)
471 */
0a7de745
A		 472int pmtu_expire = 60 * 10;
473int pmtu_probe = 60 * 2;
1c79356b
A		 474
475/* raw IP6 parameters */
476/*
477 * Nominal space allocated to a raw ip socket.
478 */
0a7de745
A		 479#define RIPV6SNDQ 8192
480#define RIPV6RCVQ 8192
1c79356b 481
0a7de745
A		 482u_int32_t rip6_sendspace = RIPV6SNDQ;
483u_int32_t rip6_recvspace = RIPV6RCVQ;
1c79356b
A		 484
485/* ICMPV6 parameters */
0a7de745
A		 486int icmp6_rediraccept = 1; /* accept and process redirects */
487int icmp6_redirtimeout = 10 * 60; /* 10 minutes */
c3c9b80d
A		 488uint32_t icmp6errppslim = 500; /* 500 packets per second */
489uint32_t icmp6errppslim_random_incr = 500; /* We further randomize icmp6errppslim
490 * with this during icmpv6 initialization*/
0a7de745 491int icmp6rappslim = 10; /* 10 packets per second */
c3c9b80d 492int icmp6_nodeinfo = 0; /* enable/disable NI response */
1c79356b 493
1c79356b 494/* UDP on IP6 parameters */
0a7de745
A		 495int udp6_sendspace = 9216; /* really max datagram size */
496int udp6_recvspace = 40 * (1024 + sizeof(struct sockaddr_in6));
497/* 40 1K datagrams */
1c79356b 498
1c79356b
A		 499/*
500 * sysctl related items.
501 */
39236c6e 502SYSCTL_NODE(_net, PF_INET6, inet6,
0a7de745 503 CTLFLAG_RW | CTLFLAG_LOCKED, 0, "Internet6 Family");
1c79356b
A		 504
505/* net.inet6 */
0a7de745
A		 506SYSCTL_NODE(_net_inet6, IPPROTO_IPV6, ip6,
507 CTLFLAG_RW | CTLFLAG_LOCKED, 0, "IP6");
508SYSCTL_NODE(_net_inet6, IPPROTO_ICMPV6, icmp6,
509 CTLFLAG_RW | CTLFLAG_LOCKED, 0, "ICMP6");
510SYSCTL_NODE(_net_inet6, IPPROTO_UDP, udp6,
511 CTLFLAG_RW | CTLFLAG_LOCKED, 0, "UDP6");
512SYSCTL_NODE(_net_inet6, IPPROTO_TCP, tcp6,
513 CTLFLAG_RW | CTLFLAG_LOCKED, 0, "TCP6");
1c79356b 514#if IPSEC
0a7de745
A		 515SYSCTL_NODE(_net_inet6, IPPROTO_ESP, ipsec6,
516 CTLFLAG_RW | CTLFLAG_LOCKED, 0, "IPSEC6");
1c79356b
A		 517#endif /* IPSEC */
518
519/* net.inet6.ip6 */
520static int
9bccf70c 521sysctl_ip6_temppltime SYSCTL_HANDLER_ARGS
1c79356b 522{
b0d623f7 523#pragma unused(oidp, arg2)
1c79356b 524 int error = 0;
f427ee49 525 int value = 0;
1c79356b
A		 526
527 error = SYSCTL_OUT(req, arg1, sizeof(int));
0a7de745
A		 528 if (error || !req->newptr) {
529 return error;
530 }
f427ee49
A		 531
532 error = SYSCTL_IN(req, &value, sizeof(value));
533 if (error) {
534 return error;
535 }
536
537 if (value > ND6_MAX_LIFETIME ||
538 value < ip6_desync_factor + ip6_temp_regen_advance) {
0a7de745 539 return EINVAL;
1c79356b 540 }
f427ee49
A		 541
542 ip6_temp_preferred_lifetime = value;
0a7de745 543 return error;
9bccf70c 544}
1c79356b 545
9bccf70c
A		 546static int
547sysctl_ip6_tempvltime SYSCTL_HANDLER_ARGS
548{
b0d623f7 549#pragma unused(oidp, arg2)
9bccf70c 550 int error = 0;
f427ee49 551 int value = 0;
9bccf70c
A		 552
553 error = SYSCTL_OUT(req, arg1, sizeof(int));
0a7de745
A		 554 if (error || !req->newptr) {
555 return error;
556 }
f427ee49
A		 557
558 error = SYSCTL_IN(req, &value, sizeof(value));
559 if (error) {
560 return error;
561 }
562
563 if (value > ND6_MAX_LIFETIME ||
564 value < ip6_temp_preferred_lifetime) {
0a7de745 565 return EINVAL;
9bccf70c 566 }
f427ee49
A		 567
568 ip6_temp_valid_lifetime = value;
0a7de745 569 return error;
39236c6e
A		 570}
571
f427ee49
A		 572static int
573sysctl_ip6_cga_conflict_retries SYSCTL_HANDLER_ARGS
574{
575#pragma unused(oidp, arg2)
576 int error = 0;
577 int value = 0;
578
579 error = SYSCTL_OUT(req, arg1, sizeof(int));
580 if (error || !req->newptr) {
581 return error;
582 }
583
584 error = SYSCTL_IN(req, &value, sizeof(value));
585 if (error) {
586 return error;
587 }
588 if (value > IPV6_CGA_CONFLICT_RETRIES_MAX || value < 0) {
589 return EINVAL;
590 }
591
592 ip6_cga_conflict_retries = value;
593 return 0;
594}
595
39236c6e
A		 596static int
597ip6_getstat SYSCTL_HANDLER_ARGS
598{
599#pragma unused(oidp, arg1, arg2)
0a7de745
A		 600 if (req->oldptr == USER_ADDR_NULL) {
601 req->oldlen = (size_t)sizeof(struct ip6stat);
602 }
39236c6e 603
0a7de745 604 return SYSCTL_OUT(req, &ip6stat, MIN(sizeof(ip6stat), req->oldlen));
1c79356b
A		 605}
606
9bccf70c 607SYSCTL_INT(_net_inet6_ip6, IPV6CTL_FORWARDING,
0a7de745 608 forwarding, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_forwarding, 0, "");
1c79356b 609SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS,
0a7de745 610 redirect, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_sendredirects, 0, "");
1c79356b 611SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM,
0a7de745 612 hlim, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_defhlim, 0, "");
fe8ab488 613SYSCTL_PROC(_net_inet6_ip6, IPV6CTL_STATS, stats,
0a7de745
A		 614 CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_LOCKED,
615 0, 0, ip6_getstat, "S,ip6stat", "");
5ba3f43e
A		 616
617#if (DEVELOPMENT || DEBUG)
618SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV,
0a7de745
A		 619 accept_rtadv, CTLFLAG_RW | CTLFLAG_LOCKED,
620 &ip6_accept_rtadv, 0, "");
5ba3f43e 621#else
1c79356b 622SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV,
0a7de745
A		 623 accept_rtadv, CTLFLAG_RD | CTLFLAG_LOCKED,
624 &ip6_accept_rtadv, 0, "");
5ba3f43e 625#endif /* (DEVELOPMENT || DEBUG) */
1c79356b 626SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH,
0a7de745 627 keepfaith, CTLFLAG_RD | CTLFLAG_LOCKED, &ip6_keepfaith, 0, "");
1c79356b 628SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL,
0a7de745 629 log_interval, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_log_interval, 0, "");
1c79356b 630SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT,
0a7de745 631 hdrnestlimit, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_hdrnestlimit, 0, "");
1c79356b 632SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT,
0a7de745 633 dad_count, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_dad_count, 0, "");
1c79356b 634SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL,
0a7de745 635 auto_flowlabel, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_auto_flowlabel, 0, "");
1c79356b 636SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM,
0a7de745 637 defmcasthlim, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_defmcasthlim, 0, "");
1c79356b 638SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM,
0a7de745 639 gifhlim, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_gif_hlim, 0, "");
1c79356b 640SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION,
0a7de745 641 kame_version, CTLFLAG_RD | CTLFLAG_LOCKED, (void *)((uintptr_t)(__KAME_VERSION)), 0, "");
1c79356b 642SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED,
0a7de745 643 use_deprecated, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_use_deprecated, 0, "");
1c79356b 644SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE,
0a7de745 645 rr_prune, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_rr_prune, 0, "");
9bccf70c 646SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR,
0a7de745 647 use_tempaddr, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_use_tempaddr, 0, "");
9bccf70c 648SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime,
0a7de745
A		 649 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_temp_preferred_lifetime, 0,
650 sysctl_ip6_temppltime, "I", "");
9bccf70c 651SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime,
0a7de745
A		 652 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_temp_valid_lifetime, 0,
653 sysctl_ip6_tempvltime, "I", "");
9bccf70c 654SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY,
0a7de745 655 v6only, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_v6only, 0, "");
9bccf70c 656SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL,
0a7de745 657 auto_linklocal, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_auto_linklocal, 0, "");
6d2010ae 658SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD | CTLFLAG_LOCKED,
0a7de745 659 &rip6stat, rip6stat, "");
6d2010ae 660SYSCTL_INT(_net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR,
0a7de745 661 prefer_tempaddr, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_prefer_tempaddr, 0, "");
6d2010ae 662SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEFAULTZONE,
0a7de745 663 use_defaultzone, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_use_defzone, 0, "");
6d2010ae 664SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MCAST_PMTU,
0a7de745 665 mcast_pmtu, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_mcast_pmtu, 0, "");
e2fac8b1 666SYSCTL_INT(_net_inet6_ip6, IPV6CTL_NEIGHBORGCTHRESH,
0a7de745 667 neighborgcthresh, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_neighborgcthresh, 0, "");
e2fac8b1 668SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXIFPREFIXES,
0a7de745 669 maxifprefixes, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_maxifprefixes, 0, "");
e2fac8b1 670SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXIFDEFROUTERS,
0a7de745 671 maxifdefrouters, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_maxifdefrouters, 0, "");
e2fac8b1 672SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXDYNROUTES,
0a7de745 673 maxdynroutes, CTLFLAG_RW | CTLFLAG_LOCKED, &ip6_maxdynroutes, 0, "");
6d2010ae 674SYSCTL_INT(_net_inet6_ip6, OID_AUTO,
0a7de745
A		 675 only_allow_rfc4193_prefixes, CTLFLAG_RW | CTLFLAG_LOCKED,
676 &ip6_only_allow_rfc4193_prefix, 0, "");
d9a64523 677SYSCTL_INT(_net_inet6_ip6, OID_AUTO,
0a7de745 678 clat_debug, CTLFLAG_RW | CTLFLAG_LOCKED, &clat_debug, 0, "");
1c79356b 679
f427ee49
A		 680SYSCTL_PROC(_net_inet6_ip6, OID_AUTO,
681 cga_conflict_retries, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED,
682 &ip6_cga_conflict_retries, 0, sysctl_ip6_cga_conflict_retries, "IU", "");
683
684/*
685 * One single sysctl to set v6 stack profile for IPv6 compliance testing.
686 * A lot of compliance test suites are not aware of other enhancements in IPv6
687 * protocol and expect some arguably obsolete behavior.
688 */
689int v6_compliance_profile = 0;
690static int
691sysctl_set_v6_compliance_profile SYSCTL_HANDLER_ARGS
692{
693#pragma unused(oidp, arg2)
694 int changed, error;
695 int value = *(int *) arg1;
696
697 error = sysctl_io_number(req, value, sizeof(value), &value, &changed);
698 if (error || !changed) {
699 return error;
700 }
701
702 if (value != 0 && value != 1) {
703 return ERANGE;
704 }
705
706 if (value == 1) {
707 ip6_use_tempaddr = 0;
708 dad_enhanced = 0;
709 icmp6_rediraccept = 1;
710 nd6_optimistic_dad = 0;
711 nd6_process_rti = ND6_PROCESS_RTI_ENABLE;
712 } else {
713 ip6_use_tempaddr = IP6_USE_TMPADDR_DEFAULT;
714 dad_enhanced = ND6_DAD_ENHANCED_DEFAULT;
715 icmp6_rediraccept = ICMP6_REDIRACCEPT_DEFAULT;
716 nd6_optimistic_dad = ND6_OPTIMISTIC_DAD_DEFAULT;
717 nd6_process_rti = ND6_PROCESS_RTI_DEFAULT;
718 }
719
720 v6_compliance_profile = value;
721 return 0;
722}
723
724SYSCTL_PROC(_net_inet6_ip6, OID_AUTO, compliance_profile,
725 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_LOCKED,
726 &v6_compliance_profile, 0, sysctl_set_v6_compliance_profile,
727 "I", "set IPv6 compliance profile");
728
1c79356b
A		 729/* net.inet6.icmp6 */
730SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
0a7de745 731 rediraccept, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp6_rediraccept, 0, "");
1c79356b 732SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT,
0a7de745 733 redirtimeout, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp6_redirtimeout, 0, "");
6d2010ae 734SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD | CTLFLAG_LOCKED,
0a7de745 735 &icmp6stat, icmp6stat, "");
1c79356b 736SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE,
0a7de745 737 nd6_prune, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_prune, 0, "");
39236c6e 738SYSCTL_INT(_net_inet6_icmp6, OID_AUTO,
0a7de745 739 nd6_prune_lazy, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_prune_lazy, 0, "");
1c79356b 740SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY,
0a7de745 741 nd6_delay, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_delay, 0, "");
1c79356b 742SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES,
0a7de745 743 nd6_umaxtries, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_umaxtries, 0, "");
1c79356b 744SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES,
0a7de745 745 nd6_mmaxtries, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_mmaxtries, 0, "");
1c79356b 746SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK,
0a7de745 747 nd6_useloopback, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_useloopback, 0, "");
6d2010ae 748SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ACCEPT_6TO4,
0a7de745 749 nd6_accept_6to4, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_accept_6to4, 0, "");
1c79356b 750SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO,
0a7de745 751 nodeinfo, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp6_nodeinfo, 0, "");
9bccf70c 752SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT,
0a7de745 753 errppslimit, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp6errppslim, 0, "");
c3c9b80d
A		 754SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT_RANDOM_INCR,
755 errppslimit_random_incr, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp6errppslim_random_incr, 0, "");
fe8ab488 756SYSCTL_INT(_net_inet6_icmp6, OID_AUTO,
0a7de745 757 rappslimit, CTLFLAG_RW | CTLFLAG_LOCKED, &icmp6rappslim, 0, "");
9bccf70c 758SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG,
0a7de745 759 nd6_debug, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_debug, 0, "");
6d2010ae 760SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
0a7de745
A		 761 nd6_onlink_ns_rfc4861, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_onlink_ns_rfc4861, 0,
762 "Accept 'on-link' nd6 NS in compliance with RFC 4861.");
316670eb 763SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_OPTIMISTIC_DAD,
0a7de745 764 nd6_optimistic_dad, CTLFLAG_RW | CTLFLAG_LOCKED, &nd6_optimistic_dad, 0, "");
mirror of XNU