]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet6/ip6_output.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-792.22.5.tar.gz
[apple/xnu.git] / bsd / netinet6 / ip6_output.c
1 /* $FreeBSD: src/sys/netinet6/ip6_output.c,v 1.43 2002/10/31 19:45:48 ume Exp $ */
2 /* $KAME: ip6_output.c,v 1.279 2002/01/26 06:12:30 jinmei Exp $ */
3
4 /*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 /*
34 * Copyright (c) 1982, 1986, 1988, 1990, 1993
35 * The Regents of the University of California. All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94
66 */
67
68
69 #include <sys/param.h>
70 #include <sys/malloc.h>
71 #include <sys/mbuf.h>
72 #include <sys/errno.h>
73 #include <sys/protosw.h>
74 #include <sys/socket.h>
75 #include <sys/socketvar.h>
76 #include <sys/systm.h>
77 #include <sys/kernel.h>
78 #include <sys/proc.h>
79 #include <sys/kauth.h>
80
81 #include <net/if.h>
82 #include <net/route.h>
83
84 #include <netinet/in.h>
85 #include <netinet/in_var.h>
86 #include <netinet/ip_var.h>
87 #include <netinet6/in6_var.h>
88 #include <netinet/ip6.h>
89 #include <netinet/icmp6.h>
90 #include <netinet6/ip6_var.h>
91 #include <netinet/in_pcb.h>
92 #include <netinet6/nd6.h>
93
94 #if IPSEC
95 #include <netinet6/ipsec.h>
96 #if INET6
97 #include <netinet6/ipsec6.h>
98 #endif
99 #include <netkey/key.h>
100 extern int ipsec_bypass;
101 extern lck_mtx_t *sadb_mutex;
102 extern lck_mtx_t *nd6_mutex;
103 #endif /* IPSEC */
104
105 #include <netinet6/ip6_fw.h>
106
107 #include <net/net_osdep.h>
108
109 #include <netinet/kpi_ipfilter_var.h>
110
111 #ifndef __APPLE__
112 static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options");
113 #endif
114
115
116 extern u_long route_generation;
117
118 struct ip6_exthdrs {
119 struct mbuf *ip6e_ip6;
120 struct mbuf *ip6e_hbh;
121 struct mbuf *ip6e_dest1;
122 struct mbuf *ip6e_rthdr;
123 struct mbuf *ip6e_dest2;
124 };
125
126 static int ip6_pcbopts(struct ip6_pktopts **, struct mbuf *,
127 struct socket *, struct sockopt *sopt);
128 static int ip6_setmoptions(int, struct inpcb *, struct mbuf *);
129 static int ip6_getmoptions(int, struct ip6_moptions *, struct mbuf **);
130 static int ip6_copyexthdr(struct mbuf **, caddr_t, int);
131 static int ip6_insertfraghdr(struct mbuf *, struct mbuf *, int,
132 struct ip6_frag **);
133 static int ip6_insert_jumboopt(struct ip6_exthdrs *, u_int32_t);
134 static int ip6_splithdr(struct mbuf *, struct ip6_exthdrs *);
135
136 extern int ip_createmoptions(struct ip_moptions **imop);
137 extern int ip_addmembership(struct ip_moptions *imo, struct ip_mreq *mreq);
138 extern int ip_dropmembership(struct ip_moptions *imo, struct ip_mreq *mreq);
139 extern lck_mtx_t *ip6_mutex;
140
141 /*
142 * IP6 output. The packet in mbuf chain m contains a skeletal IP6
143 * header (with pri, len, nxt, hlim, src, dst).
144 * This function may modify ver and hlim only.
145 * The mbuf chain containing the packet will be freed.
146 * The mbuf opt, if present, will not be freed.
147 *
148 * type of "mtu": rt_rmx.rmx_mtu is u_long, ifnet.ifr_mtu is int, and
149 * nd_ifinfo.linkmtu is u_int32_t. so we use u_long to hold largest one,
150 * which is rt_rmx.rmx_mtu.
151 */
152 int
153 ip6_output(
154 struct mbuf *m0,
155 struct ip6_pktopts *opt,
156 struct route_in6 *ro,
157 int flags,
158 struct ip6_moptions *im6o,
159 struct ifnet **ifpp, /* XXX: just for statistics */
160 int locked)
161 {
162 struct ip6_hdr *ip6, *mhip6;
163 struct ifnet *ifp, *origifp;
164 struct mbuf *m = m0;
165 int hlen, tlen, len, off;
166 struct route_in6 ip6route;
167 struct sockaddr_in6 *dst;
168 int error = 0;
169 struct in6_ifaddr *ia = NULL;
170 u_long mtu;
171 u_int32_t optlen = 0, plen = 0, unfragpartlen = 0;
172 struct ip6_exthdrs exthdrs;
173 struct in6_addr finaldst;
174 struct route_in6 *ro_pmtu = NULL;
175 int hdrsplit = 0;
176 int needipsec = 0;
177 ipfilter_t inject_filter_ref;
178
179 #if IPSEC
180 int needipsectun = 0;
181 struct socket *so = NULL;
182 struct secpolicy *sp = NULL;
183
184 if (!locked)
185 lck_mtx_lock(ip6_mutex);
186 /* for AH processing. stupid to have "socket" variable in IP layer... */
187 if (ipsec_bypass == 0)
188 {
189 so = ipsec_getsocket(m);
190 (void)ipsec_setsocket(m, NULL);
191 }
192 #endif /* IPSEC */
193
194 ip6 = mtod(m, struct ip6_hdr *);
195 inject_filter_ref = ipf_get_inject_filter(m);
196
197 #define MAKE_EXTHDR(hp, mp) \
198 do { \
199 if (hp) { \
200 struct ip6_ext *eh = (struct ip6_ext *)(hp); \
201 error = ip6_copyexthdr((mp), (caddr_t)(hp), \
202 ((eh)->ip6e_len + 1) << 3); \
203 if (error) \
204 goto freehdrs; \
205 } \
206 } while (0)
207
208 bzero(&exthdrs, sizeof(exthdrs));
209
210 if (opt) {
211 /* Hop-by-Hop options header */
212 MAKE_EXTHDR(opt->ip6po_hbh, &exthdrs.ip6e_hbh);
213 /* Destination options header(1st part) */
214 MAKE_EXTHDR(opt->ip6po_dest1, &exthdrs.ip6e_dest1);
215 /* Routing header */
216 MAKE_EXTHDR(opt->ip6po_rthdr, &exthdrs.ip6e_rthdr);
217 /* Destination options header(2nd part) */
218 MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2);
219 }
220
221 #if IPSEC
222 if (ipsec_bypass != 0)
223 goto skip_ipsec;
224
225 lck_mtx_lock(sadb_mutex);
226 /* get a security policy for this packet */
227 if (so == NULL)
228 sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
229 else
230 sp = ipsec6_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error);
231
232 if (sp == NULL) {
233 ipsec6stat.out_inval++;
234 lck_mtx_unlock(sadb_mutex);
235 goto freehdrs;
236 }
237
238 error = 0;
239
240 /* check policy */
241 switch (sp->policy) {
242 case IPSEC_POLICY_DISCARD:
243 /*
244 * This packet is just discarded.
245 */
246 ipsec6stat.out_polvio++;
247 lck_mtx_unlock(sadb_mutex);
248 goto freehdrs;
249
250 case IPSEC_POLICY_BYPASS:
251 case IPSEC_POLICY_NONE:
252 /* no need to do IPsec. */
253 needipsec = 0;
254 break;
255
256 case IPSEC_POLICY_IPSEC:
257 if (sp->req == NULL) {
258 /* acquire a policy */
259 error = key_spdacquire(sp);
260 lck_mtx_unlock(sadb_mutex);
261 goto freehdrs;
262 }
263 needipsec = 1;
264 break;
265
266 case IPSEC_POLICY_ENTRUST:
267 default:
268 printf("ip6_output: Invalid policy found. %d\n", sp->policy);
269 }
270 lck_mtx_unlock(sadb_mutex);
271 skip_ipsec:
272 #endif /* IPSEC */
273
274 /*
275 * Calculate the total length of the extension header chain.
276 * Keep the length of the unfragmentable part for fragmentation.
277 */
278 optlen = 0;
279 if (exthdrs.ip6e_hbh) optlen += exthdrs.ip6e_hbh->m_len;
280 if (exthdrs.ip6e_dest1) optlen += exthdrs.ip6e_dest1->m_len;
281 if (exthdrs.ip6e_rthdr) optlen += exthdrs.ip6e_rthdr->m_len;
282 unfragpartlen = optlen + sizeof(struct ip6_hdr);
283 /* NOTE: we don't add AH/ESP length here. do that later. */
284 if (exthdrs.ip6e_dest2) optlen += exthdrs.ip6e_dest2->m_len;
285
286 /*
287 * If we need IPsec, or there is at least one extension header,
288 * separate IP6 header from the payload.
289 */
290 if ((needipsec || optlen) && !hdrsplit) {
291 if ((error = ip6_splithdr(m, &exthdrs)) != 0) {
292 m = NULL;
293 goto freehdrs;
294 }
295 m = exthdrs.ip6e_ip6;
296 hdrsplit++;
297 }
298
299 /* adjust pointer */
300 ip6 = mtod(m, struct ip6_hdr *);
301
302 /* adjust mbuf packet header length */
303 m->m_pkthdr.len += optlen;
304 plen = m->m_pkthdr.len - sizeof(*ip6);
305
306 /* If this is a jumbo payload, insert a jumbo payload option. */
307 if (plen > IPV6_MAXPACKET) {
308 if (!hdrsplit) {
309 if ((error = ip6_splithdr(m, &exthdrs)) != 0) {
310 m = NULL;
311 goto freehdrs;
312 }
313 m = exthdrs.ip6e_ip6;
314 hdrsplit++;
315 }
316 /* adjust pointer */
317 ip6 = mtod(m, struct ip6_hdr *);
318 if ((error = ip6_insert_jumboopt(&exthdrs, plen)) != 0)
319 goto freehdrs;
320 ip6->ip6_plen = 0;
321 } else
322 ip6->ip6_plen = htons(plen);
323
324 /*
325 * Concatenate headers and fill in next header fields.
326 * Here we have, on "m"
327 * IPv6 payload
328 * and we insert headers accordingly. Finally, we should be getting:
329 * IPv6 hbh dest1 rthdr ah* [esp* dest2 payload]
330 *
331 * during the header composing process, "m" points to IPv6 header.
332 * "mprev" points to an extension header prior to esp.
333 */
334 {
335 u_char *nexthdrp = &ip6->ip6_nxt;
336 struct mbuf *mprev = m;
337
338 /*
339 * we treat dest2 specially. this makes IPsec processing
340 * much easier. the goal here is to make mprev point the
341 * mbuf prior to dest2.
342 *
343 * result: IPv6 dest2 payload
344 * m and mprev will point to IPv6 header.
345 */
346 if (exthdrs.ip6e_dest2) {
347 if (!hdrsplit)
348 panic("assumption failed: hdr not split");
349 exthdrs.ip6e_dest2->m_next = m->m_next;
350 m->m_next = exthdrs.ip6e_dest2;
351 *mtod(exthdrs.ip6e_dest2, u_char *) = ip6->ip6_nxt;
352 ip6->ip6_nxt = IPPROTO_DSTOPTS;
353 }
354
355 #define MAKE_CHAIN(m, mp, p, i)\
356 do {\
357 if (m) {\
358 if (!hdrsplit) \
359 panic("assumption failed: hdr not split"); \
360 *mtod((m), u_char *) = *(p);\
361 *(p) = (i);\
362 p = mtod((m), u_char *);\
363 (m)->m_next = (mp)->m_next;\
364 (mp)->m_next = (m);\
365 (mp) = (m);\
366 }\
367 } while (0)
368 /*
369 * result: IPv6 hbh dest1 rthdr dest2 payload
370 * m will point to IPv6 header. mprev will point to the
371 * extension header prior to dest2 (rthdr in the above case).
372 */
373 MAKE_CHAIN(exthdrs.ip6e_hbh, mprev,
374 nexthdrp, IPPROTO_HOPOPTS);
375 MAKE_CHAIN(exthdrs.ip6e_dest1, mprev,
376 nexthdrp, IPPROTO_DSTOPTS);
377 MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev,
378 nexthdrp, IPPROTO_ROUTING);
379
380 if (!TAILQ_EMPTY(&ipv6_filters)) {
381 struct ipfilter *filter;
382 int seen = (inject_filter_ref == 0);
383 int fixscope = 0;
384 struct ipf_pktopts *ippo = 0, ipf_pktopts;
385
386 if (im6o != NULL && IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
387 ippo = &ipf_pktopts;
388 ippo->ippo_flags = IPPOF_MCAST_OPTS;
389 ippo->ippo_mcast_ifnet = im6o->im6o_multicast_ifp;
390 ippo->ippo_mcast_ttl = im6o->im6o_multicast_hlim;
391 ippo->ippo_mcast_loop = im6o->im6o_multicast_loop;
392 }
393
394 /* Hack: embed the scope_id in the destination */
395 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst) &&
396 (ip6->ip6_dst.s6_addr16[1] == 0) && (ro != NULL)) {
397 fixscope = 1;
398 ip6->ip6_dst.s6_addr16[1] = htons(ro->ro_dst.sin6_scope_id);
399 }
400 {
401 lck_mtx_unlock(ip6_mutex);
402 ipf_ref();
403 TAILQ_FOREACH(filter, &ipv6_filters, ipf_link) {
404 /*
405 * No need to proccess packet twice if we've
406 * already seen it
407 */
408 if (seen == 0) {
409 if ((struct ipfilter *)inject_filter_ref == filter)
410 seen = 1;
411 } else if (filter->ipf_filter.ipf_output) {
412 errno_t result;
413
414 result = filter->ipf_filter.ipf_output(filter->ipf_filter.cookie, (mbuf_t*)&m, ippo);
415 if (result == EJUSTRETURN) {
416 ipf_unref();
417 locked = 1; /* Don't want to take lock to unlock it right away */
418 goto done;
419 }
420 if (result != 0) {
421 ipf_unref();
422 locked = 1; /* Don't want to take lock to unlock it right away */
423 goto bad;
424 }
425 }
426 }
427 ipf_unref();
428 lck_mtx_lock(ip6_mutex);
429 }
430 /* Hack: cleanup embedded scope_id if we put it there */
431 if (fixscope)
432 ip6->ip6_dst.s6_addr16[1] = 0;
433 }
434
435 #if IPSEC
436 if (!needipsec)
437 goto skip_ipsec2;
438
439 /*
440 * pointers after IPsec headers are not valid any more.
441 * other pointers need a great care too.
442 * (IPsec routines should not mangle mbufs prior to AH/ESP)
443 */
444 exthdrs.ip6e_dest2 = NULL;
445
446 {
447 struct ip6_rthdr *rh = NULL;
448 int segleft_org = 0;
449 struct ipsec_output_state state;
450
451 if (exthdrs.ip6e_rthdr) {
452 rh = mtod(exthdrs.ip6e_rthdr, struct ip6_rthdr *);
453 segleft_org = rh->ip6r_segleft;
454 rh->ip6r_segleft = 0;
455 }
456
457 bzero(&state, sizeof(state));
458 state.m = m;
459 lck_mtx_unlock(ip6_mutex);
460 lck_mtx_lock(sadb_mutex);
461 error = ipsec6_output_trans(&state, nexthdrp, mprev, sp, flags,
462 &needipsectun);
463 lck_mtx_unlock(sadb_mutex);
464 lck_mtx_lock(ip6_mutex);
465 m = state.m;
466 if (error) {
467 /* mbuf is already reclaimed in ipsec6_output_trans. */
468 m = NULL;
469 switch (error) {
470 case EHOSTUNREACH:
471 case ENETUNREACH:
472 case EMSGSIZE:
473 case ENOBUFS:
474 case ENOMEM:
475 break;
476 default:
477 printf("ip6_output (ipsec): error code %d\n", error);
478 /* fall through */
479 case ENOENT:
480 /* don't show these error codes to the user */
481 error = 0;
482 break;
483 }
484 goto bad;
485 }
486 if (exthdrs.ip6e_rthdr) {
487 /* ah6_output doesn't modify mbuf chain */
488 rh->ip6r_segleft = segleft_org;
489 }
490 }
491 skip_ipsec2:;
492 #endif
493 }
494
495 /*
496 * If there is a routing header, replace destination address field
497 * with the first hop of the routing header.
498 */
499 if (exthdrs.ip6e_rthdr) {
500 struct ip6_rthdr *rh =
501 (struct ip6_rthdr *)(mtod(exthdrs.ip6e_rthdr,
502 struct ip6_rthdr *));
503 struct ip6_rthdr0 *rh0;
504
505 finaldst = ip6->ip6_dst;
506 switch (rh->ip6r_type) {
507 case IPV6_RTHDR_TYPE_0:
508 rh0 = (struct ip6_rthdr0 *)rh;
509 ip6->ip6_dst = rh0->ip6r0_addr[0];
510 bcopy((caddr_t)&rh0->ip6r0_addr[1],
511 (caddr_t)&rh0->ip6r0_addr[0],
512 sizeof(struct in6_addr)*(rh0->ip6r0_segleft - 1)
513 );
514 rh0->ip6r0_addr[rh0->ip6r0_segleft - 1] = finaldst;
515 break;
516 default: /* is it possible? */
517 error = EINVAL;
518 goto bad;
519 }
520 }
521
522 /* Source address validation */
523 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) &&
524 (flags & IPV6_DADOUTPUT) == 0) {
525 error = EOPNOTSUPP;
526 ip6stat.ip6s_badscope++;
527 goto bad;
528 }
529 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) {
530 error = EOPNOTSUPP;
531 ip6stat.ip6s_badscope++;
532 goto bad;
533 }
534
535 ip6stat.ip6s_localout++;
536
537 /*
538 * Route packet.
539 */
540 if (ro == 0) {
541 ro = &ip6route;
542 bzero((caddr_t)ro, sizeof(*ro));
543 }
544 ro_pmtu = ro;
545 if (opt && opt->ip6po_rthdr)
546 ro = &opt->ip6po_route;
547 dst = (struct sockaddr_in6 *)&ro->ro_dst;
548 /*
549 * If there is a cached route,
550 * check that it is to the same destination
551 * and is still up. If not, free it and try again.
552 */
553 if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
554 dst->sin6_family != AF_INET6 ||
555 !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &ip6->ip6_dst) ||
556 ro->ro_rt->generation_id != route_generation)) {
557 rtfree(ro->ro_rt);
558 ro->ro_rt = (struct rtentry *)0;
559 }
560 if (ro->ro_rt == 0) {
561 bzero(dst, sizeof(*dst));
562 dst->sin6_family = AF_INET6;
563 dst->sin6_len = sizeof(struct sockaddr_in6);
564 dst->sin6_addr = ip6->ip6_dst;
565 #if SCOPEDROUTING
566 /* XXX: sin6_scope_id should already be fixed at this point */
567 if (IN6_IS_SCOPE_LINKLOCAL(&dst->sin6_addr))
568 dst->sin6_scope_id = ntohs(dst->sin6_addr.s6_addr16[1]);
569 #endif
570 }
571 #if IPSEC
572 if (needipsec && needipsectun) {
573 struct ipsec_output_state state;
574
575 /*
576 * All the extension headers will become inaccessible
577 * (since they can be encrypted).
578 * Don't panic, we need no more updates to extension headers
579 * on inner IPv6 packet (since they are now encapsulated).
580 *
581 * IPv6 [ESP|AH] IPv6 [extension headers] payload
582 */
583 bzero(&exthdrs, sizeof(exthdrs));
584 exthdrs.ip6e_ip6 = m;
585
586 bzero(&state, sizeof(state));
587 state.m = m;
588 state.ro = (struct route *)ro;
589 state.dst = (struct sockaddr *)dst;
590 lck_mtx_unlock(ip6_mutex);
591 lck_mtx_lock(sadb_mutex);
592 error = ipsec6_output_tunnel(&state, sp, flags);
593 lck_mtx_unlock(sadb_mutex);
594 lck_mtx_lock(ip6_mutex);
595 m = state.m;
596 ro = (struct route_in6 *)state.ro;
597 dst = (struct sockaddr_in6 *)state.dst;
598 if (error) {
599 /* mbuf is already reclaimed in ipsec6_output_tunnel. */
600 m0 = m = NULL;
601 m = NULL;
602 switch (error) {
603 case EHOSTUNREACH:
604 case ENETUNREACH:
605 case EMSGSIZE:
606 case ENOBUFS:
607 case ENOMEM:
608 break;
609 default:
610 printf("ip6_output (ipsec): error code %d\n", error);
611 /* fall through */
612 case ENOENT:
613 /* don't show these error codes to the user */
614 error = 0;
615 break;
616 }
617 lck_mtx_unlock(sadb_mutex);
618 goto bad;
619 }
620
621 exthdrs.ip6e_ip6 = m;
622 }
623 #endif /* IPSEC */
624
625 if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
626 /* Unicast */
627
628 #define ifatoia6(ifa) ((struct in6_ifaddr *)(ifa))
629 #define sin6tosa(sin6) ((struct sockaddr *)(sin6))
630 /* xxx
631 * interface selection comes here
632 * if an interface is specified from an upper layer,
633 * ifp must point it.
634 */
635 lck_mtx_lock(rt_mtx);
636 if (ro->ro_rt == 0) {
637 /*
638 * non-bsdi always clone routes, if parent is
639 * PRF_CLONING.
640 */
641 rtalloc_ign_locked((struct route *)ro, 0UL);
642 }
643 if (ro->ro_rt == 0) {
644 ip6stat.ip6s_noroute++;
645 error = EHOSTUNREACH;
646 lck_mtx_unlock(rt_mtx);
647 /* XXX in6_ifstat_inc(ifp, ifs6_out_discard); */
648 goto bad;
649 }
650 ia = ifatoia6(ro->ro_rt->rt_ifa);
651 ifp = ro->ro_rt->rt_ifp;
652 ro->ro_rt->rt_use++;
653 if (ro->ro_rt->rt_flags & RTF_GATEWAY)
654 dst = (struct sockaddr_in6 *)ro->ro_rt->rt_gateway;
655 lck_mtx_unlock(rt_mtx);
656 m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */
657
658 in6_ifstat_inc(ifp, ifs6_out_request);
659
660 /*
661 * Check if the outgoing interface conflicts with
662 * the interface specified by ifi6_ifindex (if specified).
663 * Note that loopback interface is always okay.
664 * (this may happen when we are sending a packet to one of
665 * our own addresses.)
666 */
667 if (opt && opt->ip6po_pktinfo
668 && opt->ip6po_pktinfo->ipi6_ifindex) {
669 if (!(ifp->if_flags & IFF_LOOPBACK)
670 && ifp->if_index != opt->ip6po_pktinfo->ipi6_ifindex) {
671 ip6stat.ip6s_noroute++;
672 in6_ifstat_inc(ifp, ifs6_out_discard);
673 error = EHOSTUNREACH;
674 goto bad;
675 }
676 }
677
678 if (opt && opt->ip6po_hlim != -1)
679 ip6->ip6_hlim = opt->ip6po_hlim & 0xff;
680 } else {
681 /* Multicast */
682 struct in6_multi *in6m;
683
684 m->m_flags = (m->m_flags & ~M_BCAST) | M_MCAST;
685
686 /*
687 * See if the caller provided any multicast options
688 */
689 ifp = NULL;
690 if (im6o != NULL) {
691 ip6->ip6_hlim = im6o->im6o_multicast_hlim;
692 if (im6o->im6o_multicast_ifp != NULL)
693 ifp = im6o->im6o_multicast_ifp;
694 } else
695 ip6->ip6_hlim = ip6_defmcasthlim;
696
697 /*
698 * See if the caller provided the outgoing interface
699 * as an ancillary data.
700 * Boundary check for ifindex is assumed to be already done.
701 */
702 if (opt && opt->ip6po_pktinfo && opt->ip6po_pktinfo->ipi6_ifindex)
703 ifp = ifindex2ifnet[opt->ip6po_pktinfo->ipi6_ifindex];
704
705 /*
706 * If the destination is a node-local scope multicast,
707 * the packet should be loop-backed only.
708 */
709 if (IN6_IS_ADDR_MC_NODELOCAL(&ip6->ip6_dst)) {
710 /*
711 * If the outgoing interface is already specified,
712 * it should be a loopback interface.
713 */
714 if (ifp && (ifp->if_flags & IFF_LOOPBACK) == 0) {
715 ip6stat.ip6s_badscope++;
716 error = ENETUNREACH; /* XXX: better error? */
717 /* XXX correct ifp? */
718 in6_ifstat_inc(ifp, ifs6_out_discard);
719 goto bad;
720 } else {
721 ifp = &loif[0];
722 }
723 }
724
725 if (opt && opt->ip6po_hlim != -1)
726 ip6->ip6_hlim = opt->ip6po_hlim & 0xff;
727
728 /*
729 * If caller did not provide an interface lookup a
730 * default in the routing table. This is either a
731 * default for the speicfied group (i.e. a host
732 * route), or a multicast default (a route for the
733 * ``net'' ff00::/8).
734 */
735 if (ifp == NULL) {
736 lck_mtx_lock(rt_mtx);
737 if (ro->ro_rt == 0) {
738 ro->ro_rt = rtalloc1_locked((struct sockaddr *)
739 &ro->ro_dst, 0, 0UL);
740 }
741 if (ro->ro_rt == 0) {
742 ip6stat.ip6s_noroute++;
743 lck_mtx_unlock(rt_mtx);
744 error = EHOSTUNREACH;
745 /* XXX in6_ifstat_inc(ifp, ifs6_out_discard) */
746 goto bad;
747 }
748 ia = ifatoia6(ro->ro_rt->rt_ifa);
749 ifp = ro->ro_rt->rt_ifp;
750 ro->ro_rt->rt_use++;
751 lck_mtx_unlock(rt_mtx);
752 }
753
754 if ((flags & IPV6_FORWARDING) == 0)
755 in6_ifstat_inc(ifp, ifs6_out_request);
756 in6_ifstat_inc(ifp, ifs6_out_mcast);
757
758 /*
759 * Confirm that the outgoing interface supports multicast.
760 */
761 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
762 ip6stat.ip6s_noroute++;
763 in6_ifstat_inc(ifp, ifs6_out_discard);
764 error = ENETUNREACH;
765 goto bad;
766 }
767 ifnet_lock_shared(ifp);
768 IN6_LOOKUP_MULTI(ip6->ip6_dst, ifp, in6m);
769 ifnet_lock_done(ifp);
770 if (in6m != NULL &&
771 (im6o == NULL || im6o->im6o_multicast_loop)) {
772 /*
773 * If we belong to the destination multicast group
774 * on the outgoing interface, and the caller did not
775 * forbid loopback, loop back a copy.
776 */
777 ip6_mloopback(ifp, m, dst);
778 } else {
779 /*
780 * If we are acting as a multicast router, perform
781 * multicast forwarding as if the packet had just
782 * arrived on the interface to which we are about
783 * to send. The multicast forwarding function
784 * recursively calls this function, using the
785 * IPV6_FORWARDING flag to prevent infinite recursion.
786 *
787 * Multicasts that are looped back by ip6_mloopback(),
788 * above, will be forwarded by the ip6_input() routine,
789 * if necessary.
790 */
791 if (ip6_mrouter && (flags & IPV6_FORWARDING) == 0) {
792 if (ip6_mforward(ip6, ifp, m) != NULL) {
793 m_freem(m);
794 goto done;
795 }
796 }
797 }
798 /*
799 * Multicasts with a hoplimit of zero may be looped back,
800 * above, but must not be transmitted on a network.
801 * Also, multicasts addressed to the loopback interface
802 * are not sent -- the above call to ip6_mloopback() will
803 * loop back a copy if this host actually belongs to the
804 * destination group on the loopback interface.
805 */
806 if (ip6->ip6_hlim == 0 || (ifp->if_flags & IFF_LOOPBACK)) {
807 m_freem(m);
808 goto done;
809 }
810 }
811
812 /*
813 * Fill the outgoing inteface to tell the upper layer
814 * to increment per-interface statistics.
815 */
816 if (ifpp)
817 *ifpp = ifp;
818
819 /*
820 * Determine path MTU.
821 */
822 if (ro_pmtu != ro) {
823 /* The first hop and the final destination may differ. */
824 struct sockaddr_in6 *sin6_fin =
825 (struct sockaddr_in6 *)&ro_pmtu->ro_dst;
826 if (ro_pmtu->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
827 !IN6_ARE_ADDR_EQUAL(&sin6_fin->sin6_addr,
828 &finaldst))) {
829 rtfree(ro_pmtu->ro_rt);
830 ro_pmtu->ro_rt = (struct rtentry *)0;
831 }
832 if (ro_pmtu->ro_rt == 0) {
833 bzero(sin6_fin, sizeof(*sin6_fin));
834 sin6_fin->sin6_family = AF_INET6;
835 sin6_fin->sin6_len = sizeof(struct sockaddr_in6);
836 sin6_fin->sin6_addr = finaldst;
837
838 rtalloc((struct route *)ro_pmtu);
839 }
840 }
841 if (ro_pmtu->ro_rt != NULL) {
842 u_int32_t ifmtu = nd_ifinfo[ifp->if_index].linkmtu;
843
844 mtu = ro_pmtu->ro_rt->rt_rmx.rmx_mtu;
845 if (mtu > ifmtu || mtu == 0) {
846 /*
847 * The MTU on the route is larger than the MTU on
848 * the interface! This shouldn't happen, unless the
849 * MTU of the interface has been changed after the
850 * interface was brought up. Change the MTU in the
851 * route to match the interface MTU (as long as the
852 * field isn't locked).
853 *
854 * if MTU on the route is 0, we need to fix the MTU.
855 * this case happens with path MTU discovery timeouts.
856 */
857 mtu = ifmtu;
858 if ((ro_pmtu->ro_rt->rt_rmx.rmx_locks & RTV_MTU) == 0)
859 ro_pmtu->ro_rt->rt_rmx.rmx_mtu = mtu; /* XXX */
860 }
861 } else {
862 mtu = nd_ifinfo[ifp->if_index].linkmtu;
863 }
864
865 /*
866 * advanced API (IPV6_USE_MIN_MTU) overrides mtu setting
867 */
868 if ((flags & IPV6_MINMTU) != 0 && mtu > IPV6_MMTU)
869 mtu = IPV6_MMTU;
870
871 /* Fake scoped addresses */
872 if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
873 /*
874 * If source or destination address is a scoped address, and
875 * the packet is going to be sent to a loopback interface,
876 * we should keep the original interface.
877 */
878
879 /*
880 * XXX: this is a very experimental and temporary solution.
881 * We eventually have sockaddr_in6 and use the sin6_scope_id
882 * field of the structure here.
883 * We rely on the consistency between two scope zone ids
884 * of source and destination, which should already be assured.
885 * Larger scopes than link will be supported in the future.
886 */
887 origifp = NULL;
888 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))
889 origifp = ifindex2ifnet[ntohs(ip6->ip6_src.s6_addr16[1])];
890 else if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
891 origifp = ifindex2ifnet[ntohs(ip6->ip6_dst.s6_addr16[1])];
892 /*
893 * XXX: origifp can be NULL even in those two cases above.
894 * For example, if we remove the (only) link-local address
895 * from the loopback interface, and try to send a link-local
896 * address without link-id information. Then the source
897 * address is ::1, and the destination address is the
898 * link-local address with its s6_addr16[1] being zero.
899 * What is worse, if the packet goes to the loopback interface
900 * by a default rejected route, the null pointer would be
901 * passed to looutput, and the kernel would hang.
902 * The following last resort would prevent such disaster.
903 */
904 if (origifp == NULL)
905 origifp = ifp;
906 }
907 else
908 origifp = ifp;
909 #ifndef SCOPEDROUTING
910 /*
911 * clear embedded scope identifiers if necessary.
912 * in6_clearscope will touch the addresses only when necessary.
913 */
914 in6_clearscope(&ip6->ip6_src);
915 in6_clearscope(&ip6->ip6_dst);
916 #endif
917
918 /*
919 * Check with the firewall...
920 */
921 if (ip6_fw_enable && ip6_fw_chk_ptr) {
922 u_short port = 0;
923 m->m_pkthdr.rcvif = NULL; /* XXX */
924 /* If ipfw says divert, we have to just drop packet */
925 if (ip6_fw_chk_ptr(&ip6, ifp, &port, &m)) {
926 m_freem(m);
927 goto done;
928 }
929 if (!m) {
930 error = EACCES;
931 goto done;
932 }
933 }
934
935 /*
936 * If the outgoing packet contains a hop-by-hop options header,
937 * it must be examined and processed even by the source node.
938 * (RFC 2460, section 4.)
939 */
940 if (exthdrs.ip6e_hbh) {
941 struct ip6_hbh *hbh = mtod(exthdrs.ip6e_hbh, struct ip6_hbh *);
942 u_int32_t dummy1; /* XXX unused */
943 u_int32_t dummy2; /* XXX unused */
944
945 #if DIAGNOSTIC
946 if ((hbh->ip6h_len + 1) << 3 > exthdrs.ip6e_hbh->m_len)
947 panic("ip6e_hbh is not continuous");
948 #endif
949 /*
950 * XXX: if we have to send an ICMPv6 error to the sender,
951 * we need the M_LOOP flag since icmp6_error() expects
952 * the IPv6 and the hop-by-hop options header are
953 * continuous unless the flag is set.
954 */
955 m->m_flags |= M_LOOP;
956 m->m_pkthdr.rcvif = ifp;
957 if (ip6_process_hopopts(m,
958 (u_int8_t *)(hbh + 1),
959 ((hbh->ip6h_len + 1) << 3) -
960 sizeof(struct ip6_hbh),
961 &dummy1, &dummy2) < 0) {
962 /* m was already freed at this point */
963 error = EINVAL;/* better error? */
964 goto done;
965 }
966 m->m_flags &= ~M_LOOP; /* XXX */
967 m->m_pkthdr.rcvif = NULL;
968 }
969
970 /*
971 * Send the packet to the outgoing interface.
972 * If necessary, do IPv6 fragmentation before sending.
973 */
974 tlen = m->m_pkthdr.len;
975 if (tlen <= mtu
976 #if notyet
977 /*
978 * On any link that cannot convey a 1280-octet packet in one piece,
979 * link-specific fragmentation and reassembly must be provided at
980 * a layer below IPv6. [RFC 2460, sec.5]
981 * Thus if the interface has ability of link-level fragmentation,
982 * we can just send the packet even if the packet size is
983 * larger than the link's MTU.
984 * XXX: IFF_FRAGMENTABLE (or such) flag has not been defined yet...
985 */
986
987 || ifp->if_flags & IFF_FRAGMENTABLE
988 #endif
989 )
990 {
991 /* Record statistics for this interface address. */
992 if (ia && !(flags & IPV6_FORWARDING)) {
993 #ifndef __APPLE__
994 ia->ia_ifa.if_opackets++;
995 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
996 #endif
997 }
998 #ifdef IPSEC
999 /* clean ipsec history once it goes out of the node */
1000 ipsec_delaux(m);
1001 #endif
1002
1003 error = nd6_output(ifp, origifp, m, dst, ro->ro_rt, 1);
1004 goto done;
1005 } else if (mtu < IPV6_MMTU) {
1006 /*
1007 * note that path MTU is never less than IPV6_MMTU
1008 * (see icmp6_input).
1009 */
1010 error = EMSGSIZE;
1011 in6_ifstat_inc(ifp, ifs6_out_fragfail);
1012 goto bad;
1013 } else if (ip6->ip6_plen == 0) { /* jumbo payload cannot be fragmented */
1014 error = EMSGSIZE;
1015 in6_ifstat_inc(ifp, ifs6_out_fragfail);
1016 goto bad;
1017 } else {
1018 struct mbuf **mnext, *m_frgpart;
1019 struct ip6_frag *ip6f;
1020 u_int32_t id = htonl(ip6_id++);
1021 u_char nextproto;
1022
1023 /*
1024 * Too large for the destination or interface;
1025 * fragment if possible.
1026 * Must be able to put at least 8 bytes per fragment.
1027 */
1028 hlen = unfragpartlen;
1029 if (mtu > IPV6_MAXPACKET)
1030 mtu = IPV6_MAXPACKET;
1031
1032 len = (mtu - hlen - sizeof(struct ip6_frag)) & ~7;
1033 if (len < 8) {
1034 error = EMSGSIZE;
1035 in6_ifstat_inc(ifp, ifs6_out_fragfail);
1036 goto bad;
1037 }
1038
1039 mnext = &m->m_nextpkt;
1040
1041 /*
1042 * Change the next header field of the last header in the
1043 * unfragmentable part.
1044 */
1045 if (exthdrs.ip6e_rthdr) {
1046 nextproto = *mtod(exthdrs.ip6e_rthdr, u_char *);
1047 *mtod(exthdrs.ip6e_rthdr, u_char *) = IPPROTO_FRAGMENT;
1048 } else if (exthdrs.ip6e_dest1) {
1049 nextproto = *mtod(exthdrs.ip6e_dest1, u_char *);
1050 *mtod(exthdrs.ip6e_dest1, u_char *) = IPPROTO_FRAGMENT;
1051 } else if (exthdrs.ip6e_hbh) {
1052 nextproto = *mtod(exthdrs.ip6e_hbh, u_char *);
1053 *mtod(exthdrs.ip6e_hbh, u_char *) = IPPROTO_FRAGMENT;
1054 } else {
1055 nextproto = ip6->ip6_nxt;
1056 ip6->ip6_nxt = IPPROTO_FRAGMENT;
1057 }
1058
1059 /*
1060 * Loop through length of segment after first fragment,
1061 * make new header and copy data of each part and link onto
1062 * chain.
1063 */
1064 m0 = m;
1065 for (off = hlen; off < tlen; off += len) {
1066 MGETHDR(m, M_DONTWAIT, MT_HEADER);
1067 if (!m) {
1068 error = ENOBUFS;
1069 ip6stat.ip6s_odropped++;
1070 goto sendorfree;
1071 }
1072 m->m_pkthdr.rcvif = NULL;
1073 m->m_flags = m0->m_flags & M_COPYFLAGS;
1074 *mnext = m;
1075 mnext = &m->m_nextpkt;
1076 m->m_data += max_linkhdr;
1077 mhip6 = mtod(m, struct ip6_hdr *);
1078 *mhip6 = *ip6;
1079 m->m_len = sizeof(*mhip6);
1080 error = ip6_insertfraghdr(m0, m, hlen, &ip6f);
1081 if (error) {
1082 ip6stat.ip6s_odropped++;
1083 goto sendorfree;
1084 }
1085 ip6f->ip6f_offlg = htons((u_short)((off - hlen) & ~7));
1086 if (off + len >= tlen)
1087 len = tlen - off;
1088 else
1089 ip6f->ip6f_offlg |= IP6F_MORE_FRAG;
1090 mhip6->ip6_plen = htons((u_short)(len + hlen +
1091 sizeof(*ip6f) -
1092 sizeof(struct ip6_hdr)));
1093 if ((m_frgpart = m_copy(m0, off, len)) == 0) {
1094 error = ENOBUFS;
1095 ip6stat.ip6s_odropped++;
1096 goto sendorfree;
1097 }
1098 m_cat(m, m_frgpart);
1099 m->m_pkthdr.len = len + hlen + sizeof(*ip6f);
1100 m->m_pkthdr.rcvif = 0;
1101 m->m_pkthdr.socket_id = m0->m_pkthdr.socket_id;
1102 ip6f->ip6f_reserved = 0;
1103 ip6f->ip6f_ident = id;
1104 ip6f->ip6f_nxt = nextproto;
1105 ip6stat.ip6s_ofragments++;
1106 in6_ifstat_inc(ifp, ifs6_out_fragcreat);
1107 }
1108
1109 in6_ifstat_inc(ifp, ifs6_out_fragok);
1110 }
1111
1112 /*
1113 * Remove leading garbages.
1114 */
1115 sendorfree:
1116 m = m0->m_nextpkt;
1117 m0->m_nextpkt = 0;
1118 m_freem(m0);
1119 for (m0 = m; m; m = m0) {
1120 m0 = m->m_nextpkt;
1121 m->m_nextpkt = 0;
1122 if (error == 0) {
1123 /* Record statistics for this interface address. */
1124 if (ia) {
1125 #ifndef __APPLE__
1126 ia->ia_ifa.if_opackets++;
1127 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
1128 #endif
1129 }
1130 #if IPSEC
1131 /* clean ipsec history once it goes out of the node */
1132 ipsec_delaux(m);
1133 #endif
1134 error = nd6_output(ifp, origifp, m, dst, ro->ro_rt, 1);
1135
1136 } else
1137 m_freem(m);
1138 }
1139
1140 if (error == 0)
1141 ip6stat.ip6s_fragmented++;
1142
1143 done:
1144 if (!locked)
1145 lck_mtx_unlock(ip6_mutex);
1146 if (ro == &ip6route && ro->ro_rt) { /* brace necessary for rtfree */
1147 rtfree(ro->ro_rt);
1148 } else if (ro_pmtu == &ip6route && ro_pmtu->ro_rt) {
1149 rtfree(ro_pmtu->ro_rt);
1150 }
1151
1152 #if IPSEC
1153 if (sp != NULL) {
1154 lck_mtx_lock(sadb_mutex);
1155 key_freesp(sp);
1156 lck_mtx_unlock(sadb_mutex);
1157 }
1158 #endif /* IPSEC */
1159
1160 return(error);
1161
1162 freehdrs:
1163 m_freem(exthdrs.ip6e_hbh); /* m_freem will check if mbuf is 0 */
1164 m_freem(exthdrs.ip6e_dest1);
1165 m_freem(exthdrs.ip6e_rthdr);
1166 m_freem(exthdrs.ip6e_dest2);
1167 /* fall through */
1168 bad:
1169 m_freem(m);
1170 goto done;
1171 }
1172
1173 static int
1174 ip6_copyexthdr(mp, hdr, hlen)
1175 struct mbuf **mp;
1176 caddr_t hdr;
1177 int hlen;
1178 {
1179 struct mbuf *m;
1180
1181 if (hlen > MCLBYTES)
1182 return(ENOBUFS); /* XXX */
1183
1184 MGET(m, M_DONTWAIT, MT_DATA);
1185 if (!m)
1186 return(ENOBUFS);
1187
1188 if (hlen > MLEN) {
1189 MCLGET(m, M_DONTWAIT);
1190 if ((m->m_flags & M_EXT) == 0) {
1191 m_free(m);
1192 return(ENOBUFS);
1193 }
1194 }
1195 m->m_len = hlen;
1196 if (hdr)
1197 bcopy(hdr, mtod(m, caddr_t), hlen);
1198
1199 *mp = m;
1200 return(0);
1201 }
1202
1203 /*
1204 * Insert jumbo payload option.
1205 */
1206 static int
1207 ip6_insert_jumboopt(exthdrs, plen)
1208 struct ip6_exthdrs *exthdrs;
1209 u_int32_t plen;
1210 {
1211 struct mbuf *mopt;
1212 u_char *optbuf;
1213 u_int32_t v;
1214
1215 #define JUMBOOPTLEN 8 /* length of jumbo payload option and padding */
1216
1217 /*
1218 * If there is no hop-by-hop options header, allocate new one.
1219 * If there is one but it doesn't have enough space to store the
1220 * jumbo payload option, allocate a cluster to store the whole options.
1221 * Otherwise, use it to store the options.
1222 */
1223 if (exthdrs->ip6e_hbh == 0) {
1224 MGET(mopt, M_DONTWAIT, MT_DATA);
1225 if (mopt == 0)
1226 return(ENOBUFS);
1227 mopt->m_len = JUMBOOPTLEN;
1228 optbuf = mtod(mopt, u_char *);
1229 optbuf[1] = 0; /* = ((JUMBOOPTLEN) >> 3) - 1 */
1230 exthdrs->ip6e_hbh = mopt;
1231 } else {
1232 struct ip6_hbh *hbh;
1233
1234 mopt = exthdrs->ip6e_hbh;
1235 if (M_TRAILINGSPACE(mopt) < JUMBOOPTLEN) {
1236 /*
1237 * XXX assumption:
1238 * - exthdrs->ip6e_hbh is not referenced from places
1239 * other than exthdrs.
1240 * - exthdrs->ip6e_hbh is not an mbuf chain.
1241 */
1242 int oldoptlen = mopt->m_len;
1243 struct mbuf *n;
1244
1245 /*
1246 * XXX: give up if the whole (new) hbh header does
1247 * not fit even in an mbuf cluster.
1248 */
1249 if (oldoptlen + JUMBOOPTLEN > MCLBYTES)
1250 return(ENOBUFS);
1251
1252 /*
1253 * As a consequence, we must always prepare a cluster
1254 * at this point.
1255 */
1256 MGET(n, M_DONTWAIT, MT_DATA);
1257 if (n) {
1258 MCLGET(n, M_DONTWAIT);
1259 if ((n->m_flags & M_EXT) == 0) {
1260 m_freem(n);
1261 n = NULL;
1262 }
1263 }
1264 if (!n)
1265 return(ENOBUFS);
1266 n->m_len = oldoptlen + JUMBOOPTLEN;
1267 bcopy(mtod(mopt, caddr_t), mtod(n, caddr_t),
1268 oldoptlen);
1269 optbuf = mtod(n, caddr_t) + oldoptlen;
1270 m_freem(mopt);
1271 mopt = exthdrs->ip6e_hbh = n;
1272 } else {
1273 optbuf = mtod(mopt, u_char *) + mopt->m_len;
1274 mopt->m_len += JUMBOOPTLEN;
1275 }
1276 optbuf[0] = IP6OPT_PADN;
1277 optbuf[1] = 1;
1278
1279 /*
1280 * Adjust the header length according to the pad and
1281 * the jumbo payload option.
1282 */
1283 hbh = mtod(mopt, struct ip6_hbh *);
1284 hbh->ip6h_len += (JUMBOOPTLEN >> 3);
1285 }
1286
1287 /* fill in the option. */
1288 optbuf[2] = IP6OPT_JUMBO;
1289 optbuf[3] = 4;
1290 v = (u_int32_t)htonl(plen + JUMBOOPTLEN);
1291 bcopy(&v, &optbuf[4], sizeof(u_int32_t));
1292
1293 /* finally, adjust the packet header length */
1294 exthdrs->ip6e_ip6->m_pkthdr.len += JUMBOOPTLEN;
1295
1296 return(0);
1297 #undef JUMBOOPTLEN
1298 }
1299
1300 /*
1301 * Insert fragment header and copy unfragmentable header portions.
1302 */
1303 static int
1304 ip6_insertfraghdr(m0, m, hlen, frghdrp)
1305 struct mbuf *m0, *m;
1306 int hlen;
1307 struct ip6_frag **frghdrp;
1308 {
1309 struct mbuf *n, *mlast;
1310
1311 if (hlen > sizeof(struct ip6_hdr)) {
1312 n = m_copym(m0, sizeof(struct ip6_hdr),
1313 hlen - sizeof(struct ip6_hdr), M_DONTWAIT);
1314 if (n == 0)
1315 return(ENOBUFS);
1316 m->m_next = n;
1317 } else
1318 n = m;
1319
1320 /* Search for the last mbuf of unfragmentable part. */
1321 for (mlast = n; mlast->m_next; mlast = mlast->m_next)
1322 ;
1323
1324 if ((mlast->m_flags & M_EXT) == 0 &&
1325 M_TRAILINGSPACE(mlast) >= sizeof(struct ip6_frag)) {
1326 /* use the trailing space of the last mbuf for the fragment hdr */
1327 *frghdrp =
1328 (struct ip6_frag *)(mtod(mlast, caddr_t) + mlast->m_len);
1329 mlast->m_len += sizeof(struct ip6_frag);
1330 m->m_pkthdr.len += sizeof(struct ip6_frag);
1331 } else {
1332 /* allocate a new mbuf for the fragment header */
1333 struct mbuf *mfrg;
1334
1335 MGET(mfrg, M_DONTWAIT, MT_DATA);
1336 if (mfrg == 0)
1337 return(ENOBUFS);
1338 mfrg->m_len = sizeof(struct ip6_frag);
1339 *frghdrp = mtod(mfrg, struct ip6_frag *);
1340 mlast->m_next = mfrg;
1341 }
1342
1343 return(0);
1344 }
1345
1346 extern int load_ipfw();
1347
1348 /*
1349 * IP6 socket option processing.
1350 */
1351 int
1352 ip6_ctloutput(so, sopt)
1353 struct socket *so;
1354 struct sockopt *sopt;
1355 {
1356 int privileged;
1357 struct inpcb *in6p = sotoinpcb(so);
1358 int error, optval;
1359 int level, op, optname;
1360 int optlen;
1361 struct proc *p;
1362
1363 level = error = optval = 0;
1364 if (sopt == NULL)
1365 panic("ip6_ctloutput: arg soopt is NULL");
1366 else {
1367 level = sopt->sopt_level;
1368 op = sopt->sopt_dir;
1369 optname = sopt->sopt_name;
1370 optlen = sopt->sopt_valsize;
1371 p = sopt->sopt_p;
1372 }
1373
1374 privileged = (p == 0 || proc_suser(p)) ? 0 : 1;
1375
1376 if (level == IPPROTO_IPV6) {
1377 switch (op) {
1378
1379 case SOPT_SET:
1380 switch (optname) {
1381 case IPV6_PKTOPTIONS:
1382 {
1383 struct mbuf *m;
1384
1385 if (sopt->sopt_valsize > MCLBYTES) {
1386 error = EMSGSIZE;
1387 break;
1388 }
1389 error = soopt_getm(sopt, &m); /* XXX */
1390 if (error != NULL)
1391 break;
1392 error = soopt_mcopyin(sopt, m); /* XXX */
1393 if (error != NULL)
1394 break;
1395 error = ip6_pcbopts(&in6p->in6p_outputopts,
1396 m, so, sopt);
1397 m_freem(m); /* XXX */
1398 break;
1399 }
1400
1401 /*
1402 * Use of some Hop-by-Hop options or some
1403 * Destination options, might require special
1404 * privilege. That is, normal applications
1405 * (without special privilege) might be forbidden
1406 * from setting certain options in outgoing packets,
1407 * and might never see certain options in received
1408 * packets. [RFC 2292 Section 6]
1409 * KAME specific note:
1410 * KAME prevents non-privileged users from sending or
1411 * receiving ANY hbh/dst options in order to avoid
1412 * overhead of parsing options in the kernel.
1413 */
1414 case IPV6_UNICAST_HOPS:
1415 case IPV6_CHECKSUM:
1416 case IPV6_FAITH:
1417
1418 case IPV6_V6ONLY:
1419 if (optlen != sizeof(int)) {
1420 error = EINVAL;
1421 break;
1422 }
1423 error = sooptcopyin(sopt, &optval,
1424 sizeof optval, sizeof optval);
1425 if (error)
1426 break;
1427 switch (optname) {
1428
1429 case IPV6_UNICAST_HOPS:
1430 if (optval < -1 || optval >= 256)
1431 error = EINVAL;
1432 else {
1433 /* -1 = kernel default */
1434 in6p->in6p_hops = optval;
1435
1436 if ((in6p->in6p_vflag &
1437 INP_IPV4) != 0)
1438 in6p->inp_ip_ttl = optval;
1439 }
1440 break;
1441 #define OPTSET(bit) \
1442 do { \
1443 if (optval) \
1444 in6p->in6p_flags |= (bit); \
1445 else \
1446 in6p->in6p_flags &= ~(bit); \
1447 } while (0)
1448 #define OPTBIT(bit) (in6p->in6p_flags & (bit) ? 1 : 0)
1449
1450 case IPV6_CHECKSUM:
1451 in6p->in6p_cksum = optval;
1452 break;
1453
1454 case IPV6_FAITH:
1455 OPTSET(IN6P_FAITH);
1456 break;
1457
1458 case IPV6_V6ONLY:
1459 /*
1460 * make setsockopt(IPV6_V6ONLY)
1461 * available only prior to bind(2).
1462 * see ipng mailing list, Jun 22 2001.
1463 */
1464 if (in6p->in6p_lport ||
1465 !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr))
1466 {
1467 error = EINVAL;
1468 break;
1469 }
1470 OPTSET(IN6P_IPV6_V6ONLY);
1471 if (optval)
1472 in6p->in6p_vflag &= ~INP_IPV4;
1473 else
1474 in6p->in6p_vflag |= INP_IPV4;
1475 break;
1476 }
1477 break;
1478
1479 case IPV6_PKTINFO:
1480 case IPV6_HOPLIMIT:
1481 case IPV6_HOPOPTS:
1482 case IPV6_DSTOPTS:
1483 case IPV6_RTHDR:
1484 /* RFC 2292 */
1485 if (optlen != sizeof(int)) {
1486 error = EINVAL;
1487 break;
1488 }
1489 error = sooptcopyin(sopt, &optval,
1490 sizeof optval, sizeof optval);
1491 if (error)
1492 break;
1493 switch (optname) {
1494 case IPV6_PKTINFO:
1495 OPTSET(IN6P_PKTINFO);
1496 break;
1497 case IPV6_HOPLIMIT:
1498 OPTSET(IN6P_HOPLIMIT);
1499 break;
1500 case IPV6_HOPOPTS:
1501 /*
1502 * Check super-user privilege.
1503 * See comments for IPV6_RECVHOPOPTS.
1504 */
1505 if (!privileged)
1506 return(EPERM);
1507 OPTSET(IN6P_HOPOPTS);
1508 break;
1509 case IPV6_DSTOPTS:
1510 if (!privileged)
1511 return(EPERM);
1512 OPTSET(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS); /* XXX */
1513 break;
1514 case IPV6_RTHDR:
1515 OPTSET(IN6P_RTHDR);
1516 break;
1517 }
1518 break;
1519 #undef OPTSET
1520
1521 case IPV6_MULTICAST_IF:
1522 case IPV6_MULTICAST_HOPS:
1523 case IPV6_MULTICAST_LOOP:
1524 case IPV6_JOIN_GROUP:
1525 case IPV6_LEAVE_GROUP:
1526 {
1527 struct mbuf *m;
1528 if (sopt->sopt_valsize > MLEN) {
1529 error = EMSGSIZE;
1530 break;
1531 }
1532 /* XXX */
1533 MGET(m, sopt->sopt_p ? M_WAIT : M_DONTWAIT, MT_HEADER);
1534 if (m == 0) {
1535 error = ENOBUFS;
1536 break;
1537 }
1538 m->m_len = sopt->sopt_valsize;
1539 error = sooptcopyin(sopt, mtod(m, char *),
1540 m->m_len, m->m_len);
1541 error = ip6_setmoptions(sopt->sopt_name, in6p, m);
1542 (void)m_free(m);
1543 }
1544 break;
1545
1546 case IPV6_PORTRANGE:
1547 error = sooptcopyin(sopt, &optval,
1548 sizeof optval, sizeof optval);
1549 if (error)
1550 break;
1551
1552 switch (optval) {
1553 case IPV6_PORTRANGE_DEFAULT:
1554 in6p->in6p_flags &= ~(IN6P_LOWPORT);
1555 in6p->in6p_flags &= ~(IN6P_HIGHPORT);
1556 break;
1557
1558 case IPV6_PORTRANGE_HIGH:
1559 in6p->in6p_flags &= ~(IN6P_LOWPORT);
1560 in6p->in6p_flags |= IN6P_HIGHPORT;
1561 break;
1562
1563 case IPV6_PORTRANGE_LOW:
1564 in6p->in6p_flags &= ~(IN6P_HIGHPORT);
1565 in6p->in6p_flags |= IN6P_LOWPORT;
1566 break;
1567
1568 default:
1569 error = EINVAL;
1570 break;
1571 }
1572 break;
1573
1574 #if IPSEC
1575 case IPV6_IPSEC_POLICY:
1576 {
1577 caddr_t req = NULL;
1578 size_t len = 0;
1579 struct mbuf *m;
1580
1581 if (sopt->sopt_valsize > MCLBYTES) {
1582 error = EMSGSIZE;
1583 break;
1584 }
1585 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
1586 break;
1587 if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
1588 break;
1589 if (m) {
1590 req = mtod(m, caddr_t);
1591 len = m->m_len;
1592 }
1593 lck_mtx_lock(sadb_mutex);
1594 error = ipsec6_set_policy(in6p, optname, req,
1595 len, privileged);
1596 lck_mtx_unlock(sadb_mutex);
1597 m_freem(m);
1598 }
1599 break;
1600 #endif /* KAME IPSEC */
1601
1602 case IPV6_FW_ADD:
1603 case IPV6_FW_DEL:
1604 case IPV6_FW_FLUSH:
1605 case IPV6_FW_ZERO:
1606 {
1607 if (ip6_fw_ctl_ptr == NULL && load_ipfw() != 0)
1608 return EINVAL;
1609
1610 error = (*ip6_fw_ctl_ptr)(sopt);
1611 }
1612 break;
1613
1614 default:
1615 error = ENOPROTOOPT;
1616 break;
1617 }
1618 break;
1619
1620 case SOPT_GET:
1621 switch (optname) {
1622
1623 case IPV6_PKTOPTIONS:
1624 if (in6p->in6p_options) {
1625 struct mbuf *m;
1626 m = m_copym(in6p->in6p_options,
1627 0, M_COPYALL, M_WAIT);
1628 error = soopt_mcopyout(sopt, m);
1629 if (error == 0)
1630 m_freem(m);
1631 } else
1632 sopt->sopt_valsize = 0;
1633 break;
1634
1635 case IPV6_UNICAST_HOPS:
1636 case IPV6_CHECKSUM:
1637
1638 case IPV6_FAITH:
1639 case IPV6_V6ONLY:
1640 case IPV6_PORTRANGE:
1641 switch (optname) {
1642
1643 case IPV6_UNICAST_HOPS:
1644 optval = in6p->in6p_hops;
1645 break;
1646
1647 case IPV6_CHECKSUM:
1648 optval = in6p->in6p_cksum;
1649 break;
1650
1651 case IPV6_FAITH:
1652 optval = OPTBIT(IN6P_FAITH);
1653 break;
1654
1655 case IPV6_V6ONLY:
1656 optval = OPTBIT(IN6P_IPV6_V6ONLY);
1657 break;
1658
1659 case IPV6_PORTRANGE:
1660 {
1661 int flags;
1662 flags = in6p->in6p_flags;
1663 if (flags & IN6P_HIGHPORT)
1664 optval = IPV6_PORTRANGE_HIGH;
1665 else if (flags & IN6P_LOWPORT)
1666 optval = IPV6_PORTRANGE_LOW;
1667 else
1668 optval = 0;
1669 break;
1670 }
1671 }
1672 error = sooptcopyout(sopt, &optval,
1673 sizeof optval);
1674 break;
1675
1676 case IPV6_PKTINFO:
1677 case IPV6_HOPLIMIT:
1678 case IPV6_HOPOPTS:
1679 case IPV6_RTHDR:
1680 case IPV6_DSTOPTS:
1681 if ((optname == IPV6_HOPOPTS ||
1682 optname == IPV6_DSTOPTS) &&
1683 !privileged)
1684 return(EPERM);
1685 switch (optname) {
1686 case IPV6_PKTINFO:
1687 optval = OPTBIT(IN6P_PKTINFO);
1688 break;
1689 case IPV6_HOPLIMIT:
1690 optval = OPTBIT(IN6P_HOPLIMIT);
1691 break;
1692 case IPV6_HOPOPTS:
1693 if (!privileged)
1694 return(EPERM);
1695 optval = OPTBIT(IN6P_HOPOPTS);
1696 break;
1697 case IPV6_RTHDR:
1698 optval = OPTBIT(IN6P_RTHDR);
1699 break;
1700 case IPV6_DSTOPTS:
1701 if (!privileged)
1702 return(EPERM);
1703 optval = OPTBIT(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS);
1704 break;
1705 }
1706 error = sooptcopyout(sopt, &optval,
1707 sizeof optval);
1708 break;
1709
1710 case IPV6_MULTICAST_IF:
1711 case IPV6_MULTICAST_HOPS:
1712 case IPV6_MULTICAST_LOOP:
1713 case IPV6_JOIN_GROUP:
1714 case IPV6_LEAVE_GROUP:
1715 {
1716 struct mbuf *m;
1717 error = ip6_getmoptions(sopt->sopt_name,
1718 in6p->in6p_moptions, &m);
1719 if (error == 0)
1720 error = sooptcopyout(sopt,
1721 mtod(m, char *), m->m_len);
1722 m_freem(m);
1723 }
1724 break;
1725
1726 #if IPSEC
1727 case IPV6_IPSEC_POLICY:
1728 {
1729 caddr_t req = NULL;
1730 size_t len = 0;
1731 struct mbuf *m = NULL;
1732 struct mbuf **mp = &m;
1733
1734 if (sopt->sopt_valsize > MCLBYTES) {
1735 error = EMSGSIZE;
1736 break;
1737 }
1738 error = soopt_getm(sopt, &m); /* XXX */
1739 if (error != NULL)
1740 break;
1741 error = soopt_mcopyin(sopt, m); /* XXX */
1742 if (error != NULL)
1743 break;
1744 if (m) {
1745 req = mtod(m, caddr_t);
1746 len = m->m_len;
1747 }
1748 lck_mtx_lock(sadb_mutex);
1749 error = ipsec6_get_policy(in6p, req, len, mp);
1750 lck_mtx_unlock(sadb_mutex);
1751 if (error == 0)
1752 error = soopt_mcopyout(sopt, m); /*XXX*/
1753 if (error == 0 && m)
1754 m_freem(m);
1755 break;
1756 }
1757 #endif /* KAME IPSEC */
1758
1759 case IPV6_FW_GET:
1760 {
1761 if (ip6_fw_ctl_ptr == NULL && load_ipfw() != 0)
1762 return EINVAL;
1763
1764 error = (*ip6_fw_ctl_ptr)(sopt);
1765 }
1766 break;
1767
1768 default:
1769 error = ENOPROTOOPT;
1770 break;
1771 }
1772 break;
1773 }
1774 } else {
1775 error = EINVAL;
1776 }
1777 return(error);
1778 }
1779
1780 /*
1781 * Set up IP6 options in pcb for insertion in output packets or
1782 * specifying behavior of outgoing packets.
1783 */
1784 static int
1785 ip6_pcbopts(pktopt, m, so, sopt)
1786 struct ip6_pktopts **pktopt;
1787 struct mbuf *m;
1788 struct socket *so;
1789 struct sockopt *sopt;
1790 {
1791 struct ip6_pktopts *opt = *pktopt;
1792 int error = 0;
1793 struct proc *p = sopt->sopt_p;
1794 int priv = 0;
1795
1796 /* turn off any old options. */
1797 if (opt) {
1798 #if DIAGNOSTIC
1799 if (opt->ip6po_pktinfo || opt->ip6po_nexthop ||
1800 opt->ip6po_hbh || opt->ip6po_dest1 || opt->ip6po_dest2 ||
1801 opt->ip6po_rhinfo.ip6po_rhi_rthdr)
1802 printf("ip6_pcbopts: all specified options are cleared.\n");
1803 #endif
1804 ip6_clearpktopts(opt, 1, -1);
1805 } else
1806 opt = _MALLOC(sizeof(*opt), M_IP6OPT, M_WAITOK);
1807 *pktopt = NULL;
1808
1809 if (!m || m->m_len == 0) {
1810 /*
1811 * Only turning off any previous options, regardless of
1812 * whether the opt is just created or given.
1813 */
1814 if (opt)
1815 FREE(opt, M_IP6OPT);
1816 return(0);
1817 }
1818
1819 /* set options specified by user. */
1820 if (p && !proc_suser(p))
1821 priv = 1;
1822 if ((error = ip6_setpktoptions(m, opt, priv, 1)) != 0) {
1823 ip6_clearpktopts(opt, 1, -1); /* XXX: discard all options */
1824 FREE(opt, M_IP6OPT);
1825 return(error);
1826 }
1827 *pktopt = opt;
1828 return(0);
1829 }
1830
1831 /*
1832 * initialize ip6_pktopts. beware that there are non-zero default values in
1833 * the struct.
1834 */
1835 void
1836 init_ip6pktopts(opt)
1837 struct ip6_pktopts *opt;
1838 {
1839
1840 bzero(opt, sizeof(*opt));
1841 opt->ip6po_hlim = -1; /* -1 means default hop limit */
1842 }
1843
1844 void
1845 ip6_clearpktopts(pktopt, needfree, optname)
1846 struct ip6_pktopts *pktopt;
1847 int needfree, optname;
1848 {
1849 if (pktopt == NULL)
1850 return;
1851
1852 if (optname == -1) {
1853 if (needfree && pktopt->ip6po_pktinfo)
1854 FREE(pktopt->ip6po_pktinfo, M_IP6OPT);
1855 pktopt->ip6po_pktinfo = NULL;
1856 }
1857 if (optname == -1)
1858 pktopt->ip6po_hlim = -1;
1859 if (optname == -1) {
1860 if (needfree && pktopt->ip6po_nexthop)
1861 FREE(pktopt->ip6po_nexthop, M_IP6OPT);
1862 pktopt->ip6po_nexthop = NULL;
1863 }
1864 if (optname == -1) {
1865 if (needfree && pktopt->ip6po_hbh)
1866 FREE(pktopt->ip6po_hbh, M_IP6OPT);
1867 pktopt->ip6po_hbh = NULL;
1868 }
1869 if (optname == -1) {
1870 if (needfree && pktopt->ip6po_dest1)
1871 FREE(pktopt->ip6po_dest1, M_IP6OPT);
1872 pktopt->ip6po_dest1 = NULL;
1873 }
1874 if (optname == -1) {
1875 if (needfree && pktopt->ip6po_rhinfo.ip6po_rhi_rthdr)
1876 FREE(pktopt->ip6po_rhinfo.ip6po_rhi_rthdr, M_IP6OPT);
1877 pktopt->ip6po_rhinfo.ip6po_rhi_rthdr = NULL;
1878 if (pktopt->ip6po_route.ro_rt) {
1879 rtfree(pktopt->ip6po_route.ro_rt);
1880 pktopt->ip6po_route.ro_rt = NULL;
1881 }
1882 }
1883 if (optname == -1) {
1884 if (needfree && pktopt->ip6po_dest2)
1885 FREE(pktopt->ip6po_dest2, M_IP6OPT);
1886 pktopt->ip6po_dest2 = NULL;
1887 }
1888 }
1889
1890 #define PKTOPT_EXTHDRCPY(type) \
1891 do {\
1892 if (src->type) {\
1893 int hlen =\
1894 (((struct ip6_ext *)src->type)->ip6e_len + 1) << 3;\
1895 dst->type = _MALLOC(hlen, M_IP6OPT, canwait);\
1896 if (dst->type == NULL && canwait == M_NOWAIT)\
1897 goto bad;\
1898 bcopy(src->type, dst->type, hlen);\
1899 }\
1900 } while (0)
1901
1902 struct ip6_pktopts *
1903 ip6_copypktopts(src, canwait)
1904 struct ip6_pktopts *src;
1905 int canwait;
1906 {
1907 struct ip6_pktopts *dst;
1908
1909 if (src == NULL) {
1910 printf("ip6_clearpktopts: invalid argument\n");
1911 return(NULL);
1912 }
1913
1914 dst = _MALLOC(sizeof(*dst), M_IP6OPT, canwait);
1915 if (dst == NULL && canwait == M_NOWAIT)
1916 return (NULL);
1917 bzero(dst, sizeof(*dst));
1918
1919 dst->ip6po_hlim = src->ip6po_hlim;
1920 if (src->ip6po_pktinfo) {
1921 dst->ip6po_pktinfo = _MALLOC(sizeof(*dst->ip6po_pktinfo),
1922 M_IP6OPT, canwait);
1923 if (dst->ip6po_pktinfo == NULL && canwait == M_NOWAIT)
1924 goto bad;
1925 *dst->ip6po_pktinfo = *src->ip6po_pktinfo;
1926 }
1927 if (src->ip6po_nexthop) {
1928 dst->ip6po_nexthop = _MALLOC(src->ip6po_nexthop->sa_len,
1929 M_IP6OPT, canwait);
1930 if (dst->ip6po_nexthop == NULL && canwait == M_NOWAIT)
1931 goto bad;
1932 bcopy(src->ip6po_nexthop, dst->ip6po_nexthop,
1933 src->ip6po_nexthop->sa_len);
1934 }
1935 PKTOPT_EXTHDRCPY(ip6po_hbh);
1936 PKTOPT_EXTHDRCPY(ip6po_dest1);
1937 PKTOPT_EXTHDRCPY(ip6po_dest2);
1938 PKTOPT_EXTHDRCPY(ip6po_rthdr); /* not copy the cached route */
1939 return(dst);
1940
1941 bad:
1942 if (dst->ip6po_pktinfo) FREE(dst->ip6po_pktinfo, M_IP6OPT);
1943 if (dst->ip6po_nexthop) FREE(dst->ip6po_nexthop, M_IP6OPT);
1944 if (dst->ip6po_hbh) FREE(dst->ip6po_hbh, M_IP6OPT);
1945 if (dst->ip6po_dest1) FREE(dst->ip6po_dest1, M_IP6OPT);
1946 if (dst->ip6po_dest2) FREE(dst->ip6po_dest2, M_IP6OPT);
1947 if (dst->ip6po_rthdr) FREE(dst->ip6po_rthdr, M_IP6OPT);
1948 FREE(dst, M_IP6OPT);
1949 return(NULL);
1950 }
1951 #undef PKTOPT_EXTHDRCPY
1952
1953 void
1954 ip6_freepcbopts(pktopt)
1955 struct ip6_pktopts *pktopt;
1956 {
1957 if (pktopt == NULL)
1958 return;
1959
1960 ip6_clearpktopts(pktopt, 1, -1);
1961
1962 FREE(pktopt, M_IP6OPT);
1963 }
1964
1965 /*
1966 * Set the IP6 multicast options in response to user setsockopt().
1967 */
1968 static int
1969 ip6_setmoptions(
1970 int optname,
1971 struct inpcb* in6p,
1972 struct mbuf *m)
1973 {
1974 int error = 0;
1975 u_int loop, ifindex;
1976 struct ipv6_mreq *mreq;
1977 struct ifnet *ifp;
1978 struct ip6_moptions **im6op = &in6p->in6p_moptions;
1979 struct ip6_moptions *im6o = *im6op;
1980 struct ip_moptions *imo;
1981 struct route_in6 ro;
1982 struct sockaddr_in6 *dst;
1983 struct in6_multi_mship *imm;
1984 struct proc *p = current_proc(); /* XXX */
1985
1986 if (im6o == NULL) {
1987 /*
1988 * No multicast option buffer attached to the pcb;
1989 * allocate one and initialize to default values.
1990 */
1991 im6o = (struct ip6_moptions *)
1992 _MALLOC(sizeof(*im6o), M_IPMOPTS, M_WAITOK);
1993
1994 if (im6o == NULL)
1995 return(ENOBUFS);
1996 *im6op = im6o;
1997 im6o->im6o_multicast_ifp = NULL;
1998 im6o->im6o_multicast_hlim = ip6_defmcasthlim;
1999 im6o->im6o_multicast_loop = IPV6_DEFAULT_MULTICAST_LOOP;
2000 LIST_INIT(&im6o->im6o_memberships);
2001 }
2002
2003 if (in6p->inp_moptions == NULL) {
2004 /*
2005 * No IPv4 multicast option buffer attached to the pcb;
2006 * call ip_createmoptions to allocate one and initialize
2007 * to default values.
2008 */
2009 error = ip_createmoptions(&in6p->inp_moptions);
2010 if (error != 0)
2011 return error;
2012 }
2013 imo = in6p->inp_moptions;
2014
2015 switch (optname) {
2016
2017 case IPV6_MULTICAST_IF:
2018 /*
2019 * Select the interface for outgoing multicast packets.
2020 */
2021 if (m == NULL || m->m_len != sizeof(u_int)) {
2022 error = EINVAL;
2023 break;
2024 }
2025 bcopy(mtod(m, u_int *), &ifindex, sizeof(ifindex));
2026 if (ifindex < 0 || if_index < ifindex) {
2027 error = ENXIO; /* XXX EINVAL? */
2028 break;
2029 }
2030 ifp = ifindex2ifnet[ifindex];
2031 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
2032 error = EADDRNOTAVAIL;
2033 break;
2034 }
2035 im6o->im6o_multicast_ifp = ifp;
2036 imo->imo_multicast_ifp = ifp;
2037 break;
2038
2039 case IPV6_MULTICAST_HOPS:
2040 {
2041 /*
2042 * Set the IP6 hoplimit for outgoing multicast packets.
2043 */
2044 int optval;
2045 if (m == NULL || m->m_len != sizeof(int)) {
2046 error = EINVAL;
2047 break;
2048 }
2049 bcopy(mtod(m, u_int *), &optval, sizeof(optval));
2050 if (optval < -1 || optval >= 256)
2051 error = EINVAL;
2052 else if (optval == -1) {
2053 im6o->im6o_multicast_hlim = ip6_defmcasthlim;
2054 imo->imo_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
2055 } else {
2056 im6o->im6o_multicast_hlim = optval;
2057 imo->imo_multicast_ttl = optval;
2058 }
2059 break;
2060 }
2061
2062 case IPV6_MULTICAST_LOOP:
2063 /*
2064 * Set the loopback flag for outgoing multicast packets.
2065 * Must be zero or one.
2066 */
2067 if (m == NULL || m->m_len != sizeof(u_int)) {
2068 error = EINVAL;
2069 break;
2070 }
2071 bcopy(mtod(m, u_int *), &loop, sizeof(loop));
2072 if (loop > 1) {
2073 error = EINVAL;
2074 break;
2075 }
2076 im6o->im6o_multicast_loop = loop;
2077 imo->imo_multicast_loop = loop;
2078 break;
2079
2080 case IPV6_JOIN_GROUP:
2081 /*
2082 * Add a multicast group membership.
2083 * Group must be a valid IP6 multicast address.
2084 */
2085 if (m == NULL || m->m_len != sizeof(struct ipv6_mreq)) {
2086 error = EINVAL;
2087 break;
2088 }
2089 mreq = mtod(m, struct ipv6_mreq *);
2090 /*
2091 * If the interface is specified, validate it.
2092 */
2093 if (mreq->ipv6mr_interface < 0
2094 || if_index < mreq->ipv6mr_interface) {
2095 error = ENXIO; /* XXX EINVAL? */
2096 break;
2097 }
2098
2099 if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) {
2100 /*
2101 * We use the unspecified address to specify to accept
2102 * all multicast addresses. Only super user is allowed
2103 * to do this.
2104 */
2105 if (suser(kauth_cred_get(), 0))
2106 {
2107 error = EACCES;
2108 break;
2109 }
2110 } else if (IN6_IS_ADDR_V4MAPPED(&mreq->ipv6mr_multiaddr)) {
2111 struct ip_mreq v4req;
2112
2113 v4req.imr_multiaddr.s_addr = mreq->ipv6mr_multiaddr.s6_addr32[3];
2114 v4req.imr_interface.s_addr = INADDR_ANY;
2115
2116 /* Find an IPv4 address on the specified interface. */
2117 if (mreq->ipv6mr_interface != 0) {
2118 struct in_ifaddr *ifa;
2119
2120 ifp = ifindex2ifnet[mreq->ipv6mr_interface];
2121
2122 lck_mtx_lock(rt_mtx);
2123 TAILQ_FOREACH(ifa, &in_ifaddrhead, ia_link) {
2124 if (ifa->ia_ifp == ifp) {
2125 v4req.imr_interface = IA_SIN(ifa)->sin_addr;
2126 break;
2127 }
2128 }
2129 lck_mtx_unlock(rt_mtx);
2130
2131 if (v4req.imr_multiaddr.s_addr == 0) {
2132 /* Interface has no IPv4 address. */
2133 error = EINVAL;
2134 break;
2135 }
2136 }
2137
2138 error = ip_addmembership(imo, &v4req);
2139 break;
2140 } else if (!IN6_IS_ADDR_MULTICAST(&mreq->ipv6mr_multiaddr)) {
2141 error = EINVAL;
2142 break;
2143 }
2144 /*
2145 * If no interface was explicitly specified, choose an
2146 * appropriate one according to the given multicast address.
2147 */
2148 if (mreq->ipv6mr_interface == 0) {
2149 /*
2150 * If the multicast address is in node-local scope,
2151 * the interface should be a loopback interface.
2152 * Otherwise, look up the routing table for the
2153 * address, and choose the outgoing interface.
2154 * XXX: is it a good approach?
2155 */
2156 if (IN6_IS_ADDR_MC_NODELOCAL(&mreq->ipv6mr_multiaddr)) {
2157 ifp = &loif[0];
2158 } else {
2159 ro.ro_rt = NULL;
2160 dst = (struct sockaddr_in6 *)&ro.ro_dst;
2161 bzero(dst, sizeof(*dst));
2162 dst->sin6_len = sizeof(struct sockaddr_in6);
2163 dst->sin6_family = AF_INET6;
2164 dst->sin6_addr = mreq->ipv6mr_multiaddr;
2165 rtalloc((struct route *)&ro);
2166 if (ro.ro_rt == NULL) {
2167 error = EADDRNOTAVAIL;
2168 break;
2169 }
2170 ifp = ro.ro_rt->rt_ifp;
2171 rtfree(ro.ro_rt);
2172 }
2173 } else
2174 ifp = ifindex2ifnet[mreq->ipv6mr_interface];
2175
2176 /*
2177 * See if we found an interface, and confirm that it
2178 * supports multicast
2179 */
2180 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
2181 error = EADDRNOTAVAIL;
2182 break;
2183 }
2184 /*
2185 * Put interface index into the multicast address,
2186 * if the address has link-local scope.
2187 */
2188 if (IN6_IS_ADDR_MC_LINKLOCAL(&mreq->ipv6mr_multiaddr)) {
2189 mreq->ipv6mr_multiaddr.s6_addr16[1]
2190 = htons(mreq->ipv6mr_interface);
2191 }
2192 /*
2193 * See if the membership already exists.
2194 */
2195 lck_mtx_lock(nd6_mutex);
2196 for (imm = im6o->im6o_memberships.lh_first;
2197 imm != NULL; imm = imm->i6mm_chain.le_next)
2198 if (imm->i6mm_maddr->in6m_ifp == ifp &&
2199 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr,
2200 &mreq->ipv6mr_multiaddr))
2201 break;
2202 if (imm != NULL) {
2203 error = EADDRINUSE;
2204 lck_mtx_unlock(nd6_mutex);
2205 break;
2206 }
2207 /*
2208 * Everything looks good; add a new record to the multicast
2209 * address list for the given interface.
2210 */
2211 imm = _MALLOC(sizeof(*imm), M_IPMADDR, M_WAITOK);
2212 if (imm == NULL) {
2213 error = ENOBUFS;
2214 lck_mtx_unlock(nd6_mutex);
2215 break;
2216 }
2217 if ((imm->i6mm_maddr =
2218 in6_addmulti(&mreq->ipv6mr_multiaddr, ifp, &error, 1)) == NULL) {
2219 FREE(imm, M_IPMADDR);
2220 lck_mtx_unlock(nd6_mutex);
2221 break;
2222 }
2223 LIST_INSERT_HEAD(&im6o->im6o_memberships, imm, i6mm_chain);
2224 lck_mtx_unlock(nd6_mutex);
2225 break;
2226
2227 case IPV6_LEAVE_GROUP:
2228 /*
2229 * Drop a multicast group membership.
2230 * Group must be a valid IP6 multicast address.
2231 */
2232 if (m == NULL || m->m_len != sizeof(struct ipv6_mreq)) {
2233 error = EINVAL;
2234 break;
2235 }
2236 mreq = mtod(m, struct ipv6_mreq *);
2237 /*
2238 * If an interface address was specified, get a pointer
2239 * to its ifnet structure.
2240 */
2241 if (mreq->ipv6mr_interface < 0
2242 || if_index < mreq->ipv6mr_interface) {
2243 error = ENXIO; /* XXX EINVAL? */
2244 break;
2245 }
2246 ifp = ifindex2ifnet[mreq->ipv6mr_interface];
2247
2248 if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) {
2249 if (suser(kauth_cred_get(), 0)) {
2250 error = EACCES;
2251 break;
2252 }
2253 } else if (IN6_IS_ADDR_V4MAPPED(&mreq->ipv6mr_multiaddr)) {
2254 struct ip_mreq v4req;
2255
2256 v4req.imr_multiaddr.s_addr = mreq->ipv6mr_multiaddr.s6_addr32[3];
2257 v4req.imr_interface.s_addr = INADDR_ANY;
2258
2259 if (ifp != NULL) {
2260 struct in_ifaddr *ifa;
2261
2262 lck_mtx_lock(rt_mtx);
2263 TAILQ_FOREACH(ifa, &in_ifaddrhead, ia_link) {
2264 if (ifa->ia_ifp == ifp) {
2265 v4req.imr_interface = IA_SIN(ifa)->sin_addr;
2266 break;
2267 }
2268 }
2269 lck_mtx_unlock(rt_mtx);
2270 }
2271
2272 error = ip_dropmembership(imo, &v4req);
2273 break;
2274 } else if (!IN6_IS_ADDR_MULTICAST(&mreq->ipv6mr_multiaddr)) {
2275 error = EINVAL;
2276 break;
2277 }
2278 /*
2279 * Put interface index into the multicast address,
2280 * if the address has link-local scope.
2281 */
2282 if (IN6_IS_ADDR_MC_LINKLOCAL(&mreq->ipv6mr_multiaddr)) {
2283 mreq->ipv6mr_multiaddr.s6_addr16[1]
2284 = htons(mreq->ipv6mr_interface);
2285 }
2286 /*
2287 * Find the membership in the membership list.
2288 */
2289 lck_mtx_lock(nd6_mutex);
2290 for (imm = im6o->im6o_memberships.lh_first;
2291 imm != NULL; imm = imm->i6mm_chain.le_next) {
2292 if ((ifp == NULL ||
2293 imm->i6mm_maddr->in6m_ifp == ifp) &&
2294 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr,
2295 &mreq->ipv6mr_multiaddr))
2296 break;
2297 }
2298 if (imm == NULL) {
2299 /* Unable to resolve interface */
2300 error = EADDRNOTAVAIL;
2301 lck_mtx_unlock(nd6_mutex);
2302 break;
2303 }
2304 /*
2305 * Give up the multicast address record to which the
2306 * membership points.
2307 */
2308 LIST_REMOVE(imm, i6mm_chain);
2309 in6_delmulti(imm->i6mm_maddr, 1);
2310 lck_mtx_unlock(nd6_mutex);
2311 FREE(imm, M_IPMADDR);
2312 break;
2313
2314 default:
2315 error = EOPNOTSUPP;
2316 break;
2317 }
2318
2319 /*
2320 * If all options have default values, no need to keep the mbuf.
2321 */
2322 lck_mtx_lock(nd6_mutex);
2323 if (im6o->im6o_multicast_ifp == NULL &&
2324 im6o->im6o_multicast_hlim == ip6_defmcasthlim &&
2325 im6o->im6o_multicast_loop == IPV6_DEFAULT_MULTICAST_LOOP &&
2326 im6o->im6o_memberships.lh_first == NULL) {
2327 FREE(*im6op, M_IPMOPTS);
2328 *im6op = NULL;
2329 }
2330 if (imo->imo_multicast_ifp == NULL &&
2331 imo->imo_multicast_vif == -1 &&
2332 imo->imo_multicast_ttl == IP_DEFAULT_MULTICAST_TTL &&
2333 imo->imo_multicast_loop == IP_DEFAULT_MULTICAST_LOOP &&
2334 imo->imo_num_memberships == 0) {
2335 ip_freemoptions(imo);
2336 in6p->inp_moptions = 0;
2337 }
2338 lck_mtx_unlock(nd6_mutex);
2339
2340 return(error);
2341 }
2342
2343 /*
2344 * Return the IP6 multicast options in response to user getsockopt().
2345 */
2346 static int
2347 ip6_getmoptions(optname, im6o, mp)
2348 int optname;
2349 struct ip6_moptions *im6o;
2350 struct mbuf **mp;
2351 {
2352 u_int *hlim, *loop, *ifindex;
2353
2354 *mp = m_get(M_WAIT, MT_HEADER); /*XXX*/
2355
2356 switch (optname) {
2357
2358 case IPV6_MULTICAST_IF:
2359 ifindex = mtod(*mp, u_int *);
2360 (*mp)->m_len = sizeof(u_int);
2361 if (im6o == NULL || im6o->im6o_multicast_ifp == NULL)
2362 *ifindex = 0;
2363 else
2364 *ifindex = im6o->im6o_multicast_ifp->if_index;
2365 return(0);
2366
2367 case IPV6_MULTICAST_HOPS:
2368 hlim = mtod(*mp, u_int *);
2369 (*mp)->m_len = sizeof(u_int);
2370 if (im6o == NULL)
2371 *hlim = ip6_defmcasthlim;
2372 else
2373 *hlim = im6o->im6o_multicast_hlim;
2374 return(0);
2375
2376 case IPV6_MULTICAST_LOOP:
2377 loop = mtod(*mp, u_int *);
2378 (*mp)->m_len = sizeof(u_int);
2379 if (im6o == NULL)
2380 *loop = ip6_defmcasthlim;
2381 else
2382 *loop = im6o->im6o_multicast_loop;
2383 return(0);
2384
2385 default:
2386 return(EOPNOTSUPP);
2387 }
2388 }
2389
2390 /*
2391 * Discard the IP6 multicast options.
2392 */
2393 void
2394 ip6_freemoptions(im6o)
2395 struct ip6_moptions *im6o;
2396 {
2397 struct in6_multi_mship *imm;
2398
2399 if (im6o == NULL)
2400 return;
2401
2402 lck_mtx_lock(nd6_mutex);
2403 while ((imm = im6o->im6o_memberships.lh_first) != NULL) {
2404 LIST_REMOVE(imm, i6mm_chain);
2405 if (imm->i6mm_maddr)
2406 in6_delmulti(imm->i6mm_maddr, 1);
2407 FREE(imm, M_IPMADDR);
2408 }
2409 lck_mtx_unlock(nd6_mutex);
2410 FREE(im6o, M_IPMOPTS);
2411 }
2412
2413 /*
2414 * Set IPv6 outgoing packet options based on advanced API.
2415 */
2416 int
2417 ip6_setpktoptions(control, opt, priv, needcopy)
2418 struct mbuf *control;
2419 struct ip6_pktopts *opt;
2420 int priv, needcopy;
2421 {
2422 struct cmsghdr *cm = 0;
2423
2424 if (control == 0 || opt == 0)
2425 return(EINVAL);
2426
2427 init_ip6pktopts(opt);
2428
2429 /*
2430 * XXX: Currently, we assume all the optional information is stored
2431 * in a single mbuf.
2432 */
2433 if (control->m_next)
2434 return(EINVAL);
2435
2436 for (; control->m_len; control->m_data += CMSG_ALIGN(cm->cmsg_len),
2437 control->m_len -= CMSG_ALIGN(cm->cmsg_len)) {
2438 cm = mtod(control, struct cmsghdr *);
2439 if (cm->cmsg_len == 0 || cm->cmsg_len > control->m_len)
2440 return(EINVAL);
2441 if (cm->cmsg_level != IPPROTO_IPV6)
2442 continue;
2443
2444 /*
2445 * XXX should check if RFC2292 API is mixed with 2292bis API
2446 */
2447 switch (cm->cmsg_type) {
2448 case IPV6_PKTINFO:
2449 if (cm->cmsg_len != CMSG_LEN(sizeof(struct in6_pktinfo)))
2450 return(EINVAL);
2451 if (needcopy) {
2452 /* XXX: Is it really WAITOK? */
2453 opt->ip6po_pktinfo =
2454 _MALLOC(sizeof(struct in6_pktinfo),
2455 M_IP6OPT, M_WAITOK);
2456 bcopy(CMSG_DATA(cm), opt->ip6po_pktinfo,
2457 sizeof(struct in6_pktinfo));
2458 } else
2459 opt->ip6po_pktinfo =
2460 (struct in6_pktinfo *)CMSG_DATA(cm);
2461 if (opt->ip6po_pktinfo->ipi6_ifindex &&
2462 IN6_IS_ADDR_LINKLOCAL(&opt->ip6po_pktinfo->ipi6_addr))
2463 opt->ip6po_pktinfo->ipi6_addr.s6_addr16[1] =
2464 htons(opt->ip6po_pktinfo->ipi6_ifindex);
2465
2466 if (opt->ip6po_pktinfo->ipi6_ifindex > if_index
2467 || opt->ip6po_pktinfo->ipi6_ifindex < 0) {
2468 return(ENXIO);
2469 }
2470
2471 /*
2472 * Check if the requested source address is indeed a
2473 * unicast address assigned to the node, and can be
2474 * used as the packet's source address.
2475 */
2476 if (!IN6_IS_ADDR_UNSPECIFIED(&opt->ip6po_pktinfo->ipi6_addr)) {
2477 struct in6_ifaddr *ia6;
2478 struct sockaddr_in6 sin6;
2479
2480 bzero(&sin6, sizeof(sin6));
2481 sin6.sin6_len = sizeof(sin6);
2482 sin6.sin6_family = AF_INET6;
2483 sin6.sin6_addr =
2484 opt->ip6po_pktinfo->ipi6_addr;
2485 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(sin6tosa(&sin6));
2486 if (ia6 == NULL ||
2487 (ia6->ia6_flags & (IN6_IFF_ANYCAST |
2488 IN6_IFF_NOTREADY)) != 0) {
2489 if (ia6) ifafree(&ia6->ia_ifa);
2490 return(EADDRNOTAVAIL);
2491 }
2492 ifafree(&ia6->ia_ifa);
2493 ia6 = NULL;
2494 }
2495 break;
2496
2497 case IPV6_HOPLIMIT:
2498 if (cm->cmsg_len != CMSG_LEN(sizeof(int)))
2499 return(EINVAL);
2500
2501 opt->ip6po_hlim = *(int *)CMSG_DATA(cm);
2502 if (opt->ip6po_hlim < -1 || opt->ip6po_hlim > 255)
2503 return(EINVAL);
2504 break;
2505
2506 case IPV6_NEXTHOP:
2507 if (!priv)
2508 return(EPERM);
2509
2510 if (cm->cmsg_len < sizeof(u_char) ||
2511 /* check if cmsg_len is large enough for sa_len */
2512 cm->cmsg_len < CMSG_LEN(*CMSG_DATA(cm)))
2513 return(EINVAL);
2514
2515 if (needcopy) {
2516 opt->ip6po_nexthop =
2517 _MALLOC(*CMSG_DATA(cm),
2518 M_IP6OPT, M_WAITOK);
2519 bcopy(CMSG_DATA(cm),
2520 opt->ip6po_nexthop,
2521 *CMSG_DATA(cm));
2522 } else
2523 opt->ip6po_nexthop =
2524 (struct sockaddr *)CMSG_DATA(cm);
2525 break;
2526
2527 case IPV6_HOPOPTS:
2528 {
2529 struct ip6_hbh *hbh;
2530 int hbhlen;
2531
2532 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_hbh)))
2533 return(EINVAL);
2534 hbh = (struct ip6_hbh *)CMSG_DATA(cm);
2535 hbhlen = (hbh->ip6h_len + 1) << 3;
2536 if (cm->cmsg_len != CMSG_LEN(hbhlen))
2537 return(EINVAL);
2538
2539 if (needcopy) {
2540 opt->ip6po_hbh =
2541 _MALLOC(hbhlen, M_IP6OPT, M_WAITOK);
2542 bcopy(hbh, opt->ip6po_hbh, hbhlen);
2543 } else
2544 opt->ip6po_hbh = hbh;
2545 break;
2546 }
2547
2548 case IPV6_DSTOPTS:
2549 {
2550 struct ip6_dest *dest, **newdest;
2551 int destlen;
2552
2553 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_dest)))
2554 return(EINVAL);
2555 dest = (struct ip6_dest *)CMSG_DATA(cm);
2556 destlen = (dest->ip6d_len + 1) << 3;
2557 if (cm->cmsg_len != CMSG_LEN(destlen))
2558 return(EINVAL);
2559
2560 /*
2561 * The old advacned API is ambiguous on this
2562 * point. Our approach is to determine the
2563 * position based according to the existence
2564 * of a routing header. Note, however, that
2565 * this depends on the order of the extension
2566 * headers in the ancillary data; the 1st part
2567 * of the destination options header must
2568 * appear before the routing header in the
2569 * ancillary data, too.
2570 * RFC2292bis solved the ambiguity by
2571 * introducing separate cmsg types.
2572 */
2573 if (opt->ip6po_rthdr == NULL)
2574 newdest = &opt->ip6po_dest1;
2575 else
2576 newdest = &opt->ip6po_dest2;
2577
2578 if (needcopy) {
2579 *newdest = _MALLOC(destlen, M_IP6OPT, M_WAITOK);
2580 bcopy(dest, *newdest, destlen);
2581 } else
2582 *newdest = dest;
2583
2584 break;
2585 }
2586
2587 case IPV6_RTHDR:
2588 {
2589 struct ip6_rthdr *rth;
2590 int rthlen;
2591
2592 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_rthdr)))
2593 return(EINVAL);
2594 rth = (struct ip6_rthdr *)CMSG_DATA(cm);
2595 rthlen = (rth->ip6r_len + 1) << 3;
2596 if (cm->cmsg_len != CMSG_LEN(rthlen))
2597 return(EINVAL);
2598
2599 switch (rth->ip6r_type) {
2600 case IPV6_RTHDR_TYPE_0:
2601 /* must contain one addr */
2602 if (rth->ip6r_len == 0)
2603 return(EINVAL);
2604 /* length must be even */
2605 if (rth->ip6r_len % 2)
2606 return(EINVAL);
2607 if (rth->ip6r_len / 2 != rth->ip6r_segleft)
2608 return(EINVAL);
2609 break;
2610 default:
2611 return(EINVAL); /* not supported */
2612 }
2613
2614 if (needcopy) {
2615 opt->ip6po_rthdr = _MALLOC(rthlen, M_IP6OPT,
2616 M_WAITOK);
2617 bcopy(rth, opt->ip6po_rthdr, rthlen);
2618 } else
2619 opt->ip6po_rthdr = rth;
2620
2621 break;
2622 }
2623
2624 default:
2625 return(ENOPROTOOPT);
2626 }
2627 }
2628
2629 return(0);
2630 }
2631
2632 /*
2633 * Routine called from ip6_output() to loop back a copy of an IP6 multicast
2634 * packet to the input queue of a specified interface. Note that this
2635 * calls the output routine of the loopback "driver", but with an interface
2636 * pointer that might NOT be &loif -- easier than replicating that code here.
2637 */
2638 void
2639 ip6_mloopback(
2640 struct ifnet *ifp,
2641 struct mbuf *m,
2642 struct sockaddr_in6 *dst)
2643 {
2644 struct mbuf *copym;
2645 struct ip6_hdr *ip6;
2646
2647 copym = m_copy(m, 0, M_COPYALL);
2648 if (copym == NULL)
2649 return;
2650
2651 /*
2652 * Make sure to deep-copy IPv6 header portion in case the data
2653 * is in an mbuf cluster, so that we can safely override the IPv6
2654 * header portion later.
2655 */
2656 if ((copym->m_flags & M_EXT) != 0 ||
2657 copym->m_len < sizeof(struct ip6_hdr)) {
2658 copym = m_pullup(copym, sizeof(struct ip6_hdr));
2659 if (copym == NULL)
2660 return;
2661 }
2662
2663 #if DIAGNOSTIC
2664 if (copym->m_len < sizeof(*ip6)) {
2665 m_freem(copym);
2666 return;
2667 }
2668 #endif
2669
2670 ip6 = mtod(copym, struct ip6_hdr *);
2671 #ifndef SCOPEDROUTING
2672 /*
2673 * clear embedded scope identifiers if necessary.
2674 * in6_clearscope will touch the addresses only when necessary.
2675 */
2676 in6_clearscope(&ip6->ip6_src);
2677 in6_clearscope(&ip6->ip6_dst);
2678 #endif
2679
2680 #ifdef __APPLE__
2681
2682 /* Makes sure the HW checksum flags are cleaned before sending the packet */
2683
2684 copym->m_pkthdr.rcvif = 0;
2685 copym->m_pkthdr.csum_data = 0;
2686 copym->m_pkthdr.csum_flags = 0;
2687
2688 if (lo_ifp) {
2689 copym->m_pkthdr.rcvif = ifp;
2690 lck_mtx_unlock(ip6_mutex);
2691 dlil_output(lo_ifp, PF_INET6, copym, 0, (struct sockaddr *)dst, 0);
2692 lck_mtx_lock(ip6_mutex);
2693 } else
2694 m_free(copym);
2695 #else
2696 (void)if_simloop(ifp, copym, dst->sin6_family, NULL);
2697 #endif
2698 }
2699
2700 /*
2701 * Chop IPv6 header off from the payload.
2702 */
2703 static int
2704 ip6_splithdr(m, exthdrs)
2705 struct mbuf *m;
2706 struct ip6_exthdrs *exthdrs;
2707 {
2708 struct mbuf *mh;
2709 struct ip6_hdr *ip6;
2710
2711 ip6 = mtod(m, struct ip6_hdr *);
2712 if (m->m_len > sizeof(*ip6)) {
2713 MGETHDR(mh, M_DONTWAIT, MT_HEADER);
2714 if (mh == 0) {
2715 m_freem(m);
2716 return ENOBUFS;
2717 }
2718 M_COPY_PKTHDR(mh, m);
2719 MH_ALIGN(mh, sizeof(*ip6));
2720 m->m_flags &= ~M_PKTHDR;
2721 m->m_len -= sizeof(*ip6);
2722 m->m_data += sizeof(*ip6);
2723 mh->m_next = m;
2724 m = mh;
2725 m->m_len = sizeof(*ip6);
2726 bcopy((caddr_t)ip6, mtod(m, caddr_t), sizeof(*ip6));
2727 }
2728 exthdrs->ip6e_ip6 = m;
2729 return 0;
2730 }
2731
2732 /*
2733 * Compute IPv6 extension header length.
2734 */
2735 int
2736 ip6_optlen(in6p)
2737 struct in6pcb *in6p;
2738 {
2739 int len;
2740
2741 if (!in6p->in6p_outputopts)
2742 return 0;
2743
2744 len = 0;
2745 #define elen(x) \
2746 (((struct ip6_ext *)(x)) ? (((struct ip6_ext *)(x))->ip6e_len + 1) << 3 : 0)
2747
2748 len += elen(in6p->in6p_outputopts->ip6po_hbh);
2749 if (in6p->in6p_outputopts->ip6po_rthdr)
2750 /* dest1 is valid with rthdr only */
2751 len += elen(in6p->in6p_outputopts->ip6po_dest1);
2752 len += elen(in6p->in6p_outputopts->ip6po_rthdr);
2753 len += elen(in6p->in6p_outputopts->ip6po_dest2);
2754 return len;
2755 #undef elen
2756 }
mirror of XNU