]> git.saurik.com Git - apple/xnu.git/blame_incremental - bsd/netinet6/ip6_forward.c
xnu-123.5.tar.gz
[apple/xnu.git] / bsd / netinet6 / ip6_forward.c
... / ...
CommitLineData
1/* $KAME: ip6_forward.c,v 1.29 2000/02/26 18:08:38 itojun Exp $ */
2
3/*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32#if (defined(__FreeBSD__) && __FreeBSD__ >= 3)
33#include "opt_ip6fw.h"
34#include "opt_inet.h"
35#endif
36
37#include <sys/param.h>
38#include <sys/systm.h>
39#include <sys/malloc.h>
40#include <sys/mbuf.h>
41#include <sys/domain.h>
42#include <sys/protosw.h>
43#include <sys/socket.h>
44#include <sys/errno.h>
45#include <sys/time.h>
46#include <sys/kernel.h>
47#include <sys/syslog.h>
48
49#include <net/if.h>
50#include <net/route.h>
51
52#include <netinet/in.h>
53#include <netinet/in_var.h>
54#include <netinet/ip_var.h>
55#include <netinet/ip6.h>
56#include <netinet6/ip6_var.h>
57#include <netinet/icmp6.h>
58#include <netinet6/nd6.h>
59
60#if IPSEC_IPV6FWD
61#include <netinet6/ipsec.h>
62#include <netkey/key.h>
63#include <netkey/key_debug.h>
64#endif /* IPSEC_IPV6FWD */
65
66#if IPV6FIREWALL
67#include <netinet6/ip6_fw.h>
68#endif
69
70#if MIP6
71#include <netinet6/mip6.h>
72#endif
73
74#include <net/net_osdep.h>
75
76struct route_in6 ip6_forward_rt;
77
78/*
79 * Forward a packet. If some error occurs return the sender
80 * an icmp packet. Note we can't always generate a meaningful
81 * icmp message because icmp doesn't have a large enough repertoire
82 * of codes and types.
83 *
84 * If not forwarding, just drop the packet. This could be confusing
85 * if ipforwarding was zero but some routing protocol was advancing
86 * us as a gateway to somewhere. However, we must let the routing
87 * protocol deal with that.
88 *
89 */
90
91void
92ip6_forward(m, srcrt)
93 struct mbuf *m;
94 int srcrt;
95{
96 struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
97 register struct sockaddr_in6 *dst;
98 register struct rtentry *rt;
99 int error, type = 0, code = 0;
100 struct mbuf *mcopy = NULL;
101#if IPSEC_IPV6FWD
102 struct secpolicy *sp = NULL;
103#endif
104#if !(defined(__FreeBSD__) && __FreeBSD__ >= 3) && !defined(__APPLE__)
105 long time_second = time.tv_sec;
106#endif
107
108#if IPSEC_IPV6FWD
109 /*
110 * Check AH/ESP integrity.
111 */
112 /*
113 * Don't increment ip6s_cantforward because this is the check
114 * before forwarding packet actually.
115 */
116 if (ipsec6_in_reject(m, NULL)) {
117 ipsec6stat.in_polvio++;
118 m_freem(m);
119 return;
120 }
121#endif /*IPSEC_IPV6FWD*/
122
123 if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
124 IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
125 ip6stat.ip6s_cantforward++;
126 /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
127 if (ip6_log_time + ip6_log_interval < time_second) {
128 ip6_log_time = time_second;
129 log(LOG_DEBUG,
130 "cannot forward "
131 "from %s to %s nxt %d received on %s\n",
132 ip6_sprintf(&ip6->ip6_src),
133 ip6_sprintf(&ip6->ip6_dst),
134 ip6->ip6_nxt,
135 if_name(m->m_pkthdr.rcvif));
136 }
137 m_freem(m);
138 return;
139 }
140
141 if (ip6->ip6_hlim <= IPV6_HLIMDEC) {
142 /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
143 icmp6_error(m, ICMP6_TIME_EXCEEDED,
144 ICMP6_TIME_EXCEED_TRANSIT, 0);
145 return;
146 }
147 ip6->ip6_hlim -= IPV6_HLIMDEC;
148
149 /*
150 * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU -
151 * size of IPv6 + ICMPv6 headers) bytes of the packet in case
152 * we need to generate an ICMP6 message to the src.
153 * Thanks to M_EXT, in most cases copy will not occur.
154 *
155 * It is important to save it before IPsec processing as IPsec
156 * processing may modify the mbuf.
157 */
158 mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));
159
160
161#if IPSEC_IPV6FWD
162 /* get a security policy for this packet */
163 sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
164 if (sp == NULL) {
165 ipsec6stat.out_inval++;
166 ip6stat.ip6s_cantforward++;
167 if (mcopy) {
168#if 0
169 /* XXX: what icmp ? */
170#else
171 m_freem(mcopy);
172#endif
173 }
174 m_freem(m);
175 return;
176 }
177
178 error = 0;
179
180 /* check policy */
181 switch (sp->policy) {
182 case IPSEC_POLICY_DISCARD:
183 /*
184 * This packet is just discarded.
185 */
186 ipsec6stat.out_polvio++;
187 ip6stat.ip6s_cantforward++;
188 key_freesp(sp);
189 if (mcopy) {
190#if 0
191 /* XXX: what icmp ? */
192#else
193 m_freem(mcopy);
194#endif
195 }
196 m_freem(m);
197 return;
198
199 case IPSEC_POLICY_BYPASS:
200 case IPSEC_POLICY_NONE:
201 /* no need to do IPsec. */
202 key_freesp(sp);
203 goto skip_ipsec;
204
205 case IPSEC_POLICY_IPSEC:
206 if (sp->req == NULL) {
207 /* XXX should be panic ? */
208 printf("ip6_forward: No IPsec request specified.\n");
209 ip6stat.ip6s_cantforward++;
210 key_freesp(sp);
211 if (mcopy) {
212#if 0
213 /* XXX: what icmp ? */
214#else
215 m_freem(mcopy);
216#endif
217 }
218 m_freem(m);
219 return;
220 }
221 /* do IPsec */
222 break;
223
224 case IPSEC_POLICY_ENTRUST:
225 default:
226 /* should be panic ?? */
227 printf("ip6_forward: Invalid policy found. %d\n", sp->policy);
228 key_freesp(sp);
229 goto skip_ipsec;
230 }
231
232 {
233 struct ipsec_output_state state;
234
235 /*
236 * All the extension headers will become inaccessible
237 * (since they can be encrypted).
238 * Don't panic, we need no more updates to extension headers
239 * on inner IPv6 packet (since they are now encapsulated).
240 *
241 * IPv6 [ESP|AH] IPv6 [extension headers] payload
242 */
243 bzero(&state, sizeof(state));
244 state.m = m;
245 state.ro = NULL; /* update at ipsec6_output_tunnel() */
246 state.dst = NULL; /* update at ipsec6_output_tunnel() */
247
248 error = ipsec6_output_tunnel(&state, sp, 0);
249
250 m = state.m;
251#if 0 /* XXX allocate a route (ro, dst) again later */
252 ro = (struct route_in6 *)state.ro;
253 dst = (struct sockaddr_in6 *)state.dst;
254#endif
255 key_freesp(sp);
256
257 if (error) {
258 /* mbuf is already reclaimed in ipsec6_output_tunnel. */
259 switch (error) {
260 case EHOSTUNREACH:
261 case ENETUNREACH:
262 case EMSGSIZE:
263 case ENOBUFS:
264 case ENOMEM:
265 break;
266 default:
267 printf("ip6_output (ipsec): error code %d\n", error);
268 /*fall through*/
269 case ENOENT:
270 /* don't show these error codes to the user */
271 break;
272 }
273 ip6stat.ip6s_cantforward++;
274 if (mcopy) {
275#if 0
276 /* XXX: what icmp ? */
277#else
278 m_freem(mcopy);
279#endif
280 }
281 m_freem(m);
282 return;
283 }
284 }
285 skip_ipsec:
286#endif /* IPSEC_IPV6FWD */
287
288#if MIP6
289 {
290 struct mip6_bc *bc;
291
292 bc = mip6_bc_find(&ip6->ip6_dst);
293 if ((bc != NULL) && (bc->hr_flag)) {
294 if (mip6_tunnel_output(&m, bc) != 0) {
295 ip6stat.ip6s_cantforward++;
296 if (mcopy)
297 m_freem(mcopy);
298 m_freem(m);
299 return;
300 }
301 }
302 ip6 = mtod(m, struct ip6_hdr *); /* m has changed */
303 }
304#endif
305
306 dst = &ip6_forward_rt.ro_dst;
307 if (!srcrt) {
308 /*
309 * ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst
310 */
311 if (ip6_forward_rt.ro_rt == 0 ||
312 (ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0) {
313 if (ip6_forward_rt.ro_rt) {
314 RTFREE(ip6_forward_rt.ro_rt);
315 ip6_forward_rt.ro_rt = 0;
316 }
317 /* this probably fails but give it a try again */
318#if __FreeBSD__ || defined(__APPLE__)
319 rtalloc_ign((struct route *)&ip6_forward_rt,
320 RTF_PRCLONING);
321#else
322 rtalloc((struct route *)&ip6_forward_rt);
323#endif
324 }
325
326 if (ip6_forward_rt.ro_rt == 0) {
327 ip6stat.ip6s_noroute++;
328 /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_noroute) */
329 if (mcopy) {
330 icmp6_error(mcopy, ICMP6_DST_UNREACH,
331 ICMP6_DST_UNREACH_NOROUTE, 0);
332 }
333 m_freem(m);
334 return;
335 }
336 } else if ((rt = ip6_forward_rt.ro_rt) == 0 ||
337 !IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr)) {
338 if (ip6_forward_rt.ro_rt) {
339 RTFREE(ip6_forward_rt.ro_rt);
340 ip6_forward_rt.ro_rt = 0;
341 }
342 bzero(dst, sizeof(*dst));
343 dst->sin6_len = sizeof(struct sockaddr_in6);
344 dst->sin6_family = AF_INET6;
345 dst->sin6_addr = ip6->ip6_dst;
346
347#if __FreeBSD__ || defined(__APPLE__)
348 rtalloc_ign((struct route *)&ip6_forward_rt, RTF_PRCLONING);
349#else
350 rtalloc((struct route *)&ip6_forward_rt);
351#endif
352 if (ip6_forward_rt.ro_rt == 0) {
353 ip6stat.ip6s_noroute++;
354 /* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_noroute) */
355 if (mcopy) {
356 icmp6_error(mcopy, ICMP6_DST_UNREACH,
357 ICMP6_DST_UNREACH_NOROUTE, 0);
358 }
359 m_freem(m);
360 return;
361 }
362 }
363 rt = ip6_forward_rt.ro_rt;
364
365 /*
366 * Scope check: if a packet can't be delivered to its destination
367 * for the reason that the destination is beyond the scope of the
368 * source address, discard the packet and return an icmp6 destination
369 * unreachable error with Code 2 (beyond scope of source address).
370 * [draft-ietf-ipngwg-icmp-v3-00.txt, Section 3.1]
371 */
372 if (in6_addr2scopeid(m->m_pkthdr.rcvif, &ip6->ip6_src) !=
373 in6_addr2scopeid(rt->rt_ifp, &ip6->ip6_src)) {
374 ip6stat.ip6s_cantforward++;
375 ip6stat.ip6s_badscope++;
376 in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard);
377
378 if (ip6_log_time + ip6_log_interval < time_second) {
379 ip6_log_time = time_second;
380 log(LOG_DEBUG,
381 "cannot forward "
382 "src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
383 ip6_sprintf(&ip6->ip6_src),
384 ip6_sprintf(&ip6->ip6_dst),
385 ip6->ip6_nxt,
386 if_name(m->m_pkthdr.rcvif), if_name(rt->rt_ifp));
387 }
388 if (mcopy)
389 icmp6_error(mcopy, ICMP6_DST_UNREACH,
390 ICMP6_DST_UNREACH_BEYONDSCOPE, 0);
391 m_freem(m);
392 return;
393 }
394
395 if (m->m_pkthdr.len > rt->rt_ifp->if_mtu) {
396 in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig);
397 if (mcopy) {
398 u_long mtu;
399#if IPSEC_IPV6FWD
400 struct secpolicy *sp;
401 int ipsecerror;
402 size_t ipsechdrsiz;
403#endif
404
405 mtu = rt->rt_ifp->if_mtu;
406#if IPSEC_IPV6FWD
407 /*
408 * When we do IPsec tunnel ingress, we need to play
409 * with if_mtu value (decrement IPsec header size
410 * from mtu value). The code is much simpler than v4
411 * case, as we have the outgoing interface for
412 * encapsulated packet as "rt->rt_ifp".
413 */
414 sp = ipsec6_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND,
415 IP_FORWARDING, &ipsecerror);
416 if (sp) {
417 ipsechdrsiz = ipsec6_hdrsiz(mcopy,
418 IPSEC_DIR_OUTBOUND, NULL);
419 if (ipsechdrsiz < mtu)
420 mtu -= ipsechdrsiz;
421 }
422
423 /*
424 * if mtu becomes less than minimum MTU,
425 * tell minimum MTU (and I'll need to fragment it).
426 */
427 if (mtu < IPV6_MMTU)
428 mtu = IPV6_MMTU;
429#endif
430 icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu);
431 }
432 m_freem(m);
433 return;
434 }
435
436 if (rt->rt_flags & RTF_GATEWAY)
437 dst = (struct sockaddr_in6 *)rt->rt_gateway;
438
439 /*
440 * If we are to forward the packet using the same interface
441 * as one we got the packet from, perhaps we should send a redirect
442 * to sender to shortcut a hop.
443 * Only send redirect if source is sending directly to us,
444 * and if packet was not source routed (or has any options).
445 * Also, don't send redirect if forwarding using a route
446 * modified by a redirect.
447 */
448 if (rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt &&
449 (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0)
450 type = ND_REDIRECT;
451
452#if IPV6FIREWALL
453 /*
454 * Check with the firewall...
455 */
456 if (ip6_fw_chk_ptr) {
457 u_short port = 0;
458 /* If ipfw says divert, we have to just drop packet */
459 if ((*ip6_fw_chk_ptr)(&ip6, rt->rt_ifp, &port, &m)) {
460 m_freem(m);
461 goto freecopy;
462 }
463 if (!m)
464 goto freecopy;
465 }
466#endif
467
468#if OLDIP6OUTPUT
469 error = (*rt->rt_ifp->if_output)(rt->rt_ifp, m,
470 (struct sockaddr *)dst,
471 ip6_forward_rt.ro_rt);
472#else
473 error = nd6_output(rt->rt_ifp, m, dst, rt);
474#endif
475 if (error) {
476 in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard);
477 ip6stat.ip6s_cantforward++;
478 } else {
479 ip6stat.ip6s_forward++;
480 in6_ifstat_inc(rt->rt_ifp, ifs6_out_forward);
481 if (type)
482 ip6stat.ip6s_redirectsent++;
483 else {
484 if (mcopy)
485 goto freecopy;
486 }
487 }
488 if (mcopy == NULL)
489 return;
490
491 switch (error) {
492 case 0:
493#if 1
494 if (type == ND_REDIRECT) {
495 icmp6_redirect_output(mcopy, rt);
496 return;
497 }
498#endif
499 goto freecopy;
500
501 case EMSGSIZE:
502 /* xxx MTU is constant in PPP? */
503 goto freecopy;
504
505 case ENOBUFS:
506 /* Tell source to slow down like source quench in IP? */
507 goto freecopy;
508
509 case ENETUNREACH: /* shouldn't happen, checked above */
510 case EHOSTUNREACH:
511 case ENETDOWN:
512 case EHOSTDOWN:
513 default:
514 type = ICMP6_DST_UNREACH;
515 code = ICMP6_DST_UNREACH_ADDR;
516 break;
517 }
518 icmp6_error(mcopy, type, code, 0);
519 return;
520
521 freecopy:
522 m_freem(mcopy);
523 return;
524}