]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet6/ip6_output.c
projects / apple / xnu.git / blob
? search:


a079aa4b0b5a816fb7429d3271e0cfcc84cdf047
[apple/xnu.git] / bsd / netinet6 / ip6_output.c
1 /* $FreeBSD: src/sys/netinet6/ip6_output.c,v 1.13.2.10 2001/07/15 18:18:34 ume Exp $ */
2 /* $KAME: ip6_output.c,v 1.180 2001/05/21 05:37:50 jinmei Exp $ */
3
4 /*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 /*
34 * Copyright (c) 1982, 1986, 1988, 1990, 1993
35 * The Regents of the University of California. All rights reserved.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94
66 */
67
68
69 #include <sys/param.h>
70 #include <sys/malloc.h>
71 #include <sys/mbuf.h>
72 #include <sys/errno.h>
73 #include <sys/protosw.h>
74 #include <sys/socket.h>
75 #include <sys/socketvar.h>
76 #include <sys/systm.h>
77 #include <sys/kernel.h>
78 #include <sys/proc.h>
79
80 #include <net/if.h>
81 #include <net/route.h>
82
83 #include <netinet/in.h>
84 #include <netinet/in_var.h>
85 #include <netinet6/in6_var.h>
86 #include <netinet/ip6.h>
87 #include <netinet/icmp6.h>
88 #include <netinet6/ip6_var.h>
89 #include <netinet/in_pcb.h>
90 #include <netinet6/nd6.h>
91
92 #if IPSEC
93 #include <netinet6/ipsec.h>
94 #if INET6
95 #include <netinet6/ipsec6.h>
96 #endif
97 #include <netkey/key.h>
98 extern int ipsec_bypass;
99 #endif /* IPSEC */
100
101 #include <netinet6/ip6_fw.h>
102
103 #include <net/net_osdep.h>
104
105 #ifndef __APPLE__
106 static MALLOC_DEFINE(M_IPMOPTS, "ip6_moptions", "internet multicast options");
107 #endif
108
109
110 static u_long lo_dl_tag = 0;
111
112 struct ip6_exthdrs {
113 struct mbuf *ip6e_ip6;
114 struct mbuf *ip6e_hbh;
115 struct mbuf *ip6e_dest1;
116 struct mbuf *ip6e_rthdr;
117 struct mbuf *ip6e_dest2;
118 };
119
120 static int ip6_pcbopts __P((struct ip6_pktopts **, struct mbuf *,
121 struct socket *, struct sockopt *sopt));
122 static int ip6_setmoptions __P((int, struct ip6_moptions **, struct mbuf *));
123 static int ip6_getmoptions __P((int, struct ip6_moptions *, struct mbuf **));
124 static int ip6_copyexthdr __P((struct mbuf **, caddr_t, int));
125 static int ip6_insertfraghdr __P((struct mbuf *, struct mbuf *, int,
126 struct ip6_frag **));
127 static int ip6_insert_jumboopt __P((struct ip6_exthdrs *, u_int32_t));
128 static int ip6_splithdr __P((struct mbuf *, struct ip6_exthdrs *));
129
130 /*
131 * IP6 output. The packet in mbuf chain m contains a skeletal IP6
132 * header (with pri, len, nxt, hlim, src, dst).
133 * This function may modify ver and hlim only.
134 * The mbuf chain containing the packet will be freed.
135 * The mbuf opt, if present, will not be freed.
136 *
137 * type of "mtu": rt_rmx.rmx_mtu is u_long, ifnet.ifr_mtu is int, and
138 * nd_ifinfo.linkmtu is u_int32_t. so we use u_long to hold largest one,
139 * which is rt_rmx.rmx_mtu.
140 */
141 int
142 ip6_output(m0, opt, ro, flags, im6o, ifpp)
143 struct mbuf *m0;
144 struct ip6_pktopts *opt;
145 struct route_in6 *ro;
146 int flags;
147 struct ip6_moptions *im6o;
148 struct ifnet **ifpp; /* XXX: just for statistics */
149 {
150 struct ip6_hdr *ip6, *mhip6;
151 struct ifnet *ifp, *origifp;
152 struct mbuf *m = m0;
153 int hlen, tlen, len, off;
154 struct route_in6 ip6route;
155 struct sockaddr_in6 *dst;
156 int error = 0;
157 struct in6_ifaddr *ia = NULL;
158 u_long mtu;
159 u_int32_t optlen = 0, plen = 0, unfragpartlen = 0;
160 struct ip6_exthdrs exthdrs;
161 struct in6_addr finaldst;
162 struct route_in6 *ro_pmtu = NULL;
163 int hdrsplit = 0;
164 int needipsec = 0;
165 #if IPSEC
166 int needipsectun = 0;
167 struct socket *so = NULL;
168 struct secpolicy *sp = NULL;
169
170 /* for AH processing. stupid to have "socket" variable in IP layer... */
171 if (ipsec_bypass == 0)
172 {
173 so = ipsec_getsocket(m);
174 (void)ipsec_setsocket(m, NULL);
175 }
176 ip6 = mtod(m, struct ip6_hdr *);
177 #endif /* IPSEC */
178
179 #define MAKE_EXTHDR(hp, mp) \
180 do { \
181 if (hp) { \
182 struct ip6_ext *eh = (struct ip6_ext *)(hp); \
183 error = ip6_copyexthdr((mp), (caddr_t)(hp), \
184 ((eh)->ip6e_len + 1) << 3); \
185 if (error) \
186 goto freehdrs; \
187 } \
188 } while (0)
189
190 bzero(&exthdrs, sizeof(exthdrs));
191
192 if (opt) {
193 /* Hop-by-Hop options header */
194 MAKE_EXTHDR(opt->ip6po_hbh, &exthdrs.ip6e_hbh);
195 /* Destination options header(1st part) */
196 MAKE_EXTHDR(opt->ip6po_dest1, &exthdrs.ip6e_dest1);
197 /* Routing header */
198 MAKE_EXTHDR(opt->ip6po_rthdr, &exthdrs.ip6e_rthdr);
199 /* Destination options header(2nd part) */
200 MAKE_EXTHDR(opt->ip6po_dest2, &exthdrs.ip6e_dest2);
201 }
202
203 #if IPSEC
204 if (ipsec_bypass != 0)
205 goto skip_ipsec;
206
207 /* get a security policy for this packet */
208 if (so == NULL)
209 sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, 0, &error);
210 else
211 sp = ipsec6_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error);
212
213 if (sp == NULL) {
214 ipsec6stat.out_inval++;
215 goto freehdrs;
216 }
217
218 error = 0;
219
220 /* check policy */
221 switch (sp->policy) {
222 case IPSEC_POLICY_DISCARD:
223 /*
224 * This packet is just discarded.
225 */
226 ipsec6stat.out_polvio++;
227 goto freehdrs;
228
229 case IPSEC_POLICY_BYPASS:
230 case IPSEC_POLICY_NONE:
231 /* no need to do IPsec. */
232 needipsec = 0;
233 break;
234
235 case IPSEC_POLICY_IPSEC:
236 if (sp->req == NULL) {
237 /* acquire a policy */
238 error = key_spdacquire(sp);
239 goto freehdrs;
240 }
241 needipsec = 1;
242 break;
243
244 case IPSEC_POLICY_ENTRUST:
245 default:
246 printf("ip6_output: Invalid policy found. %d\n", sp->policy);
247 }
248 skip_ipsec:
249 #endif /* IPSEC */
250
251 /*
252 * Calculate the total length of the extension header chain.
253 * Keep the length of the unfragmentable part for fragmentation.
254 */
255 optlen = 0;
256 if (exthdrs.ip6e_hbh) optlen += exthdrs.ip6e_hbh->m_len;
257 if (exthdrs.ip6e_dest1) optlen += exthdrs.ip6e_dest1->m_len;
258 if (exthdrs.ip6e_rthdr) optlen += exthdrs.ip6e_rthdr->m_len;
259 unfragpartlen = optlen + sizeof(struct ip6_hdr);
260 /* NOTE: we don't add AH/ESP length here. do that later. */
261 if (exthdrs.ip6e_dest2) optlen += exthdrs.ip6e_dest2->m_len;
262
263 /*
264 * If we need IPsec, or there is at least one extension header,
265 * separate IP6 header from the payload.
266 */
267 if ((needipsec || optlen) && !hdrsplit) {
268 if ((error = ip6_splithdr(m, &exthdrs)) != 0) {
269 m = NULL;
270 goto freehdrs;
271 }
272 m = exthdrs.ip6e_ip6;
273 hdrsplit++;
274 }
275
276 /* adjust pointer */
277 ip6 = mtod(m, struct ip6_hdr *);
278
279 /* adjust mbuf packet header length */
280 m->m_pkthdr.len += optlen;
281 plen = m->m_pkthdr.len - sizeof(*ip6);
282
283 /* If this is a jumbo payload, insert a jumbo payload option. */
284 if (plen > IPV6_MAXPACKET) {
285 if (!hdrsplit) {
286 if ((error = ip6_splithdr(m, &exthdrs)) != 0) {
287 m = NULL;
288 goto freehdrs;
289 }
290 m = exthdrs.ip6e_ip6;
291 hdrsplit++;
292 }
293 /* adjust pointer */
294 ip6 = mtod(m, struct ip6_hdr *);
295 if ((error = ip6_insert_jumboopt(&exthdrs, plen)) != 0)
296 goto freehdrs;
297 ip6->ip6_plen = 0;
298 } else
299 ip6->ip6_plen = htons(plen);
300
301 /*
302 * Concatenate headers and fill in next header fields.
303 * Here we have, on "m"
304 * IPv6 payload
305 * and we insert headers accordingly. Finally, we should be getting:
306 * IPv6 hbh dest1 rthdr ah* [esp* dest2 payload]
307 *
308 * during the header composing process, "m" points to IPv6 header.
309 * "mprev" points to an extension header prior to esp.
310 */
311 {
312 u_char *nexthdrp = &ip6->ip6_nxt;
313 struct mbuf *mprev = m;
314
315 /*
316 * we treat dest2 specially. this makes IPsec processing
317 * much easier.
318 *
319 * result: IPv6 dest2 payload
320 * m and mprev will point to IPv6 header.
321 */
322 if (exthdrs.ip6e_dest2) {
323 if (!hdrsplit)
324 panic("assumption failed: hdr not split");
325 exthdrs.ip6e_dest2->m_next = m->m_next;
326 m->m_next = exthdrs.ip6e_dest2;
327 *mtod(exthdrs.ip6e_dest2, u_char *) = ip6->ip6_nxt;
328 ip6->ip6_nxt = IPPROTO_DSTOPTS;
329 }
330
331 #define MAKE_CHAIN(m, mp, p, i)\
332 do {\
333 if (m) {\
334 if (!hdrsplit) \
335 panic("assumption failed: hdr not split"); \
336 *mtod((m), u_char *) = *(p);\
337 *(p) = (i);\
338 p = mtod((m), u_char *);\
339 (m)->m_next = (mp)->m_next;\
340 (mp)->m_next = (m);\
341 (mp) = (m);\
342 }\
343 } while (0)
344 /*
345 * result: IPv6 hbh dest1 rthdr dest2 payload
346 * m will point to IPv6 header. mprev will point to the
347 * extension header prior to dest2 (rthdr in the above case).
348 */
349 MAKE_CHAIN(exthdrs.ip6e_hbh, mprev,
350 nexthdrp, IPPROTO_HOPOPTS);
351 MAKE_CHAIN(exthdrs.ip6e_dest1, mprev,
352 nexthdrp, IPPROTO_DSTOPTS);
353 MAKE_CHAIN(exthdrs.ip6e_rthdr, mprev,
354 nexthdrp, IPPROTO_ROUTING);
355
356 #if IPSEC
357 if (!needipsec)
358 goto skip_ipsec2;
359
360 /*
361 * pointers after IPsec headers are not valid any more.
362 * other pointers need a great care too.
363 * (IPsec routines should not mangle mbufs prior to AH/ESP)
364 */
365 exthdrs.ip6e_dest2 = NULL;
366
367 {
368 struct ip6_rthdr *rh = NULL;
369 int segleft_org = 0;
370 struct ipsec_output_state state;
371
372 if (exthdrs.ip6e_rthdr) {
373 rh = mtod(exthdrs.ip6e_rthdr, struct ip6_rthdr *);
374 segleft_org = rh->ip6r_segleft;
375 rh->ip6r_segleft = 0;
376 }
377
378 bzero(&state, sizeof(state));
379 state.m = m;
380 error = ipsec6_output_trans(&state, nexthdrp, mprev, sp, flags,
381 &needipsectun);
382 m = state.m;
383 if (error) {
384 /* mbuf is already reclaimed in ipsec6_output_trans. */
385 m = NULL;
386 switch (error) {
387 case EHOSTUNREACH:
388 case ENETUNREACH:
389 case EMSGSIZE:
390 case ENOBUFS:
391 case ENOMEM:
392 break;
393 default:
394 printf("ip6_output (ipsec): error code %d\n", error);
395 /*fall through*/
396 case ENOENT:
397 /* don't show these error codes to the user */
398 error = 0;
399 break;
400 }
401 goto bad;
402 }
403 if (exthdrs.ip6e_rthdr) {
404 /* ah6_output doesn't modify mbuf chain */
405 rh->ip6r_segleft = segleft_org;
406 }
407 }
408 skip_ipsec2:;
409 #endif
410 }
411
412 /*
413 * If there is a routing header, replace destination address field
414 * with the first hop of the routing header.
415 */
416 if (exthdrs.ip6e_rthdr) {
417 struct ip6_rthdr *rh =
418 (struct ip6_rthdr *)(mtod(exthdrs.ip6e_rthdr,
419 struct ip6_rthdr *));
420 struct ip6_rthdr0 *rh0;
421
422 finaldst = ip6->ip6_dst;
423 switch (rh->ip6r_type) {
424 case IPV6_RTHDR_TYPE_0:
425 rh0 = (struct ip6_rthdr0 *)rh;
426 ip6->ip6_dst = rh0->ip6r0_addr[0];
427 bcopy((caddr_t)&rh0->ip6r0_addr[1],
428 (caddr_t)&rh0->ip6r0_addr[0],
429 sizeof(struct in6_addr)*(rh0->ip6r0_segleft - 1)
430 );
431 rh0->ip6r0_addr[rh0->ip6r0_segleft - 1] = finaldst;
432 break;
433 default: /* is it possible? */
434 error = EINVAL;
435 goto bad;
436 }
437 }
438
439 /* Source address validation */
440 if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src) &&
441 (flags & IPV6_DADOUTPUT) == 0) {
442 error = EOPNOTSUPP;
443 ip6stat.ip6s_badscope++;
444 goto bad;
445 }
446 if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src)) {
447 error = EOPNOTSUPP;
448 ip6stat.ip6s_badscope++;
449 goto bad;
450 }
451
452 ip6stat.ip6s_localout++;
453
454 /*
455 * Route packet.
456 */
457 if (ro == 0) {
458 ro = &ip6route;
459 bzero((caddr_t)ro, sizeof(*ro));
460 }
461 ro_pmtu = ro;
462 if (opt && opt->ip6po_rthdr)
463 ro = &opt->ip6po_route;
464 dst = (struct sockaddr_in6 *)&ro->ro_dst;
465 /*
466 * If there is a cached route,
467 * check that it is to the same destination
468 * and is still up. If not, free it and try again.
469 */
470 if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
471 !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &ip6->ip6_dst))) {
472 rtfree(ro->ro_rt);
473 ro->ro_rt = (struct rtentry *)0;
474 }
475 if (ro->ro_rt == 0) {
476 bzero(dst, sizeof(*dst));
477 dst->sin6_family = AF_INET6;
478 dst->sin6_len = sizeof(struct sockaddr_in6);
479 dst->sin6_addr = ip6->ip6_dst;
480 #if SCOPEDROUTING
481 /* XXX: sin6_scope_id should already be fixed at this point */
482 if (IN6_IS_SCOPE_LINKLOCAL(&dst->sin6_addr))
483 dst->sin6_scope_id = ntohs(dst->sin6_addr.s6_addr16[1]);
484 #endif
485 }
486 #if IPSEC
487 if (needipsec && needipsectun) {
488 struct ipsec_output_state state;
489
490 /*
491 * All the extension headers will become inaccessible
492 * (since they can be encrypted).
493 * Don't panic, we need no more updates to extension headers
494 * on inner IPv6 packet (since they are now encapsulated).
495 *
496 * IPv6 [ESP|AH] IPv6 [extension headers] payload
497 */
498 bzero(&exthdrs, sizeof(exthdrs));
499 exthdrs.ip6e_ip6 = m;
500
501 bzero(&state, sizeof(state));
502 state.m = m;
503 state.ro = (struct route *)ro;
504 state.dst = (struct sockaddr *)dst;
505
506 error = ipsec6_output_tunnel(&state, sp, flags);
507
508 m = state.m;
509 ro = (struct route_in6 *)state.ro;
510 dst = (struct sockaddr_in6 *)state.dst;
511 if (error) {
512 /* mbuf is already reclaimed in ipsec6_output_tunnel. */
513 m0 = m = NULL;
514 m = NULL;
515 switch (error) {
516 case EHOSTUNREACH:
517 case ENETUNREACH:
518 case EMSGSIZE:
519 case ENOBUFS:
520 case ENOMEM:
521 break;
522 default:
523 printf("ip6_output (ipsec): error code %d\n", error);
524 /*fall through*/
525 case ENOENT:
526 /* don't show these error codes to the user */
527 error = 0;
528 break;
529 }
530 goto bad;
531 }
532
533 exthdrs.ip6e_ip6 = m;
534 }
535 #endif /*IPSEC*/
536
537 if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
538 /* Unicast */
539
540 #define ifatoia6(ifa) ((struct in6_ifaddr *)(ifa))
541 #define sin6tosa(sin6) ((struct sockaddr *)(sin6))
542 /* xxx
543 * interface selection comes here
544 * if an interface is specified from an upper layer,
545 * ifp must point it.
546 */
547 if (ro->ro_rt == 0) {
548 /*
549 * non-bsdi always clone routes, if parent is
550 * PRF_CLONING.
551 */
552 rtalloc((struct route *)ro);
553 }
554 if (ro->ro_rt == 0) {
555 ip6stat.ip6s_noroute++;
556 error = EHOSTUNREACH;
557 /* XXX in6_ifstat_inc(ifp, ifs6_out_discard); */
558 goto bad;
559 }
560 ia = ifatoia6(ro->ro_rt->rt_ifa);
561 ifp = ro->ro_rt->rt_ifp;
562 ro->ro_rt->rt_use++;
563 if (ro->ro_rt->rt_flags & RTF_GATEWAY)
564 dst = (struct sockaddr_in6 *)ro->ro_rt->rt_gateway;
565 m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */
566
567 in6_ifstat_inc(ifp, ifs6_out_request);
568
569 /*
570 * Check if the outgoing interface conflicts with
571 * the interface specified by ifi6_ifindex (if specified).
572 * Note that loopback interface is always okay.
573 * (this may happen when we are sending a packet to one of
574 * our own addresses.)
575 */
576 if (opt && opt->ip6po_pktinfo
577 && opt->ip6po_pktinfo->ipi6_ifindex) {
578 if (!(ifp->if_flags & IFF_LOOPBACK)
579 && ifp->if_index != opt->ip6po_pktinfo->ipi6_ifindex) {
580 ip6stat.ip6s_noroute++;
581 in6_ifstat_inc(ifp, ifs6_out_discard);
582 error = EHOSTUNREACH;
583 goto bad;
584 }
585 }
586
587 if (opt && opt->ip6po_hlim != -1)
588 ip6->ip6_hlim = opt->ip6po_hlim & 0xff;
589 } else {
590 /* Multicast */
591 struct in6_multi *in6m;
592
593 m->m_flags = (m->m_flags & ~M_BCAST) | M_MCAST;
594
595 /*
596 * See if the caller provided any multicast options
597 */
598 ifp = NULL;
599 if (im6o != NULL) {
600 ip6->ip6_hlim = im6o->im6o_multicast_hlim;
601 if (im6o->im6o_multicast_ifp != NULL)
602 ifp = im6o->im6o_multicast_ifp;
603 } else
604 ip6->ip6_hlim = ip6_defmcasthlim;
605
606 /*
607 * See if the caller provided the outgoing interface
608 * as an ancillary data.
609 * Boundary check for ifindex is assumed to be already done.
610 */
611 if (opt && opt->ip6po_pktinfo && opt->ip6po_pktinfo->ipi6_ifindex)
612 ifp = ifindex2ifnet[opt->ip6po_pktinfo->ipi6_ifindex];
613
614 /*
615 * If the destination is a node-local scope multicast,
616 * the packet should be loop-backed only.
617 */
618 if (IN6_IS_ADDR_MC_NODELOCAL(&ip6->ip6_dst)) {
619 /*
620 * If the outgoing interface is already specified,
621 * it should be a loopback interface.
622 */
623 if (ifp && (ifp->if_flags & IFF_LOOPBACK) == 0) {
624 ip6stat.ip6s_badscope++;
625 error = ENETUNREACH; /* XXX: better error? */
626 /* XXX correct ifp? */
627 in6_ifstat_inc(ifp, ifs6_out_discard);
628 goto bad;
629 } else {
630 ifp = &loif[0];
631 }
632 }
633
634 if (opt && opt->ip6po_hlim != -1)
635 ip6->ip6_hlim = opt->ip6po_hlim & 0xff;
636
637 /*
638 * If caller did not provide an interface lookup a
639 * default in the routing table. This is either a
640 * default for the speicfied group (i.e. a host
641 * route), or a multicast default (a route for the
642 * ``net'' ff00::/8).
643 */
644 if (ifp == NULL) {
645 if (ro->ro_rt == 0) {
646 ro->ro_rt = rtalloc1((struct sockaddr *)
647 &ro->ro_dst, 0, 0UL);
648 }
649 if (ro->ro_rt == 0) {
650 ip6stat.ip6s_noroute++;
651 error = EHOSTUNREACH;
652 /* XXX in6_ifstat_inc(ifp, ifs6_out_discard) */
653 goto bad;
654 }
655 ia = ifatoia6(ro->ro_rt->rt_ifa);
656 ifp = ro->ro_rt->rt_ifp;
657 ro->ro_rt->rt_use++;
658 }
659
660 if ((flags & IPV6_FORWARDING) == 0)
661 in6_ifstat_inc(ifp, ifs6_out_request);
662 in6_ifstat_inc(ifp, ifs6_out_mcast);
663
664 /*
665 * Confirm that the outgoing interface supports multicast.
666 */
667 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
668 ip6stat.ip6s_noroute++;
669 in6_ifstat_inc(ifp, ifs6_out_discard);
670 error = ENETUNREACH;
671 goto bad;
672 }
673 IN6_LOOKUP_MULTI(ip6->ip6_dst, ifp, in6m);
674 if (in6m != NULL &&
675 (im6o == NULL || im6o->im6o_multicast_loop)) {
676 /*
677 * If we belong to the destination multicast group
678 * on the outgoing interface, and the caller did not
679 * forbid loopback, loop back a copy.
680 */
681 ip6_mloopback(ifp, m, dst);
682 } else {
683 /*
684 * If we are acting as a multicast router, perform
685 * multicast forwarding as if the packet had just
686 * arrived on the interface to which we are about
687 * to send. The multicast forwarding function
688 * recursively calls this function, using the
689 * IPV6_FORWARDING flag to prevent infinite recursion.
690 *
691 * Multicasts that are looped back by ip6_mloopback(),
692 * above, will be forwarded by the ip6_input() routine,
693 * if necessary.
694 */
695 if (ip6_mrouter && (flags & IPV6_FORWARDING) == 0) {
696 if (ip6_mforward(ip6, ifp, m) != NULL) {
697 m_freem(m);
698 goto done;
699 }
700 }
701 }
702 /*
703 * Multicasts with a hoplimit of zero may be looped back,
704 * above, but must not be transmitted on a network.
705 * Also, multicasts addressed to the loopback interface
706 * are not sent -- the above call to ip6_mloopback() will
707 * loop back a copy if this host actually belongs to the
708 * destination group on the loopback interface.
709 */
710 if (ip6->ip6_hlim == 0 || (ifp->if_flags & IFF_LOOPBACK)) {
711 m_freem(m);
712 goto done;
713 }
714 }
715
716 /*
717 * Fill the outgoing inteface to tell the upper layer
718 * to increment per-interface statistics.
719 */
720 if (ifpp)
721 *ifpp = ifp;
722
723 /*
724 * Determine path MTU.
725 */
726 if (ro_pmtu != ro) {
727 /* The first hop and the final destination may differ. */
728 struct sockaddr_in6 *sin6_fin =
729 (struct sockaddr_in6 *)&ro_pmtu->ro_dst;
730 if (ro_pmtu->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
731 !IN6_ARE_ADDR_EQUAL(&sin6_fin->sin6_addr,
732 &finaldst))) {
733 rtfree(ro_pmtu->ro_rt);
734 ro_pmtu->ro_rt = (struct rtentry *)0;
735 }
736 if (ro_pmtu->ro_rt == 0) {
737 bzero(sin6_fin, sizeof(*sin6_fin));
738 sin6_fin->sin6_family = AF_INET6;
739 sin6_fin->sin6_len = sizeof(struct sockaddr_in6);
740 sin6_fin->sin6_addr = finaldst;
741
742 rtalloc((struct route *)ro_pmtu);
743 }
744 }
745 if (ro_pmtu->ro_rt != NULL) {
746 u_int32_t ifmtu = nd_ifinfo[ifp->if_index].linkmtu;
747
748 mtu = ro_pmtu->ro_rt->rt_rmx.rmx_mtu;
749 if (mtu > ifmtu || mtu == 0) {
750 /*
751 * The MTU on the route is larger than the MTU on
752 * the interface! This shouldn't happen, unless the
753 * MTU of the interface has been changed after the
754 * interface was brought up. Change the MTU in the
755 * route to match the interface MTU (as long as the
756 * field isn't locked).
757 *
758 * if MTU on the route is 0, we need to fix the MTU.
759 * this case happens with path MTU discovery timeouts.
760 */
761 mtu = ifmtu;
762 if ((ro_pmtu->ro_rt->rt_rmx.rmx_locks & RTV_MTU) == 0)
763 ro_pmtu->ro_rt->rt_rmx.rmx_mtu = mtu; /* XXX */
764 }
765 } else {
766 mtu = nd_ifinfo[ifp->if_index].linkmtu;
767 }
768
769 /*
770 * advanced API (IPV6_USE_MIN_MTU) overrides mtu setting
771 */
772 if ((flags & IPV6_MINMTU) != 0 && mtu > IPV6_MMTU)
773 mtu = IPV6_MMTU;
774
775 /* Fake scoped addresses */
776 if ((ifp->if_flags & IFF_LOOPBACK) != 0) {
777 /*
778 * If source or destination address is a scoped address, and
779 * the packet is going to be sent to a loopback interface,
780 * we should keep the original interface.
781 */
782
783 /*
784 * XXX: this is a very experimental and temporary solution.
785 * We eventually have sockaddr_in6 and use the sin6_scope_id
786 * field of the structure here.
787 * We rely on the consistency between two scope zone ids
788 * of source add destination, which should already be assured
789 * larger scopes than link will be supported in the near
790 * future.
791 */
792 origifp = NULL;
793 if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_src))
794 origifp = ifindex2ifnet[ntohs(ip6->ip6_src.s6_addr16[1])];
795 else if (IN6_IS_SCOPE_LINKLOCAL(&ip6->ip6_dst))
796 origifp = ifindex2ifnet[ntohs(ip6->ip6_dst.s6_addr16[1])];
797 /*
798 * XXX: origifp can be NULL even in those two cases above.
799 * For example, if we remove the (only) link-local address
800 * from the loopback interface, and try to send a link-local
801 * address without link-id information. Then the source
802 * address is ::1, and the destination address is the
803 * link-local address with its s6_addr16[1] being zero.
804 * What is worse, if the packet goes to the loopback interface
805 * by a default rejected route, the null pointer would be
806 * passed to looutput, and the kernel would hang.
807 * The following last resort would prevent such disaster.
808 */
809 if (origifp == NULL)
810 origifp = ifp;
811 }
812 else
813 origifp = ifp;
814 #ifndef SCOPEDROUTING
815 /*
816 * clear embedded scope identifiers if necessary.
817 * in6_clearscope will touch the addresses only when necessary.
818 */
819 in6_clearscope(&ip6->ip6_src);
820 in6_clearscope(&ip6->ip6_dst);
821 #endif
822
823 /*
824 * Check with the firewall...
825 */
826 if (ip6_fw_enable && ip6_fw_chk_ptr) {
827 u_short port = 0;
828 m->m_pkthdr.rcvif = NULL; /*XXX*/
829 /* If ipfw says divert, we have to just drop packet */
830 if ((*ip6_fw_chk_ptr)(&ip6, ifp, &port, &m)) {
831 m_freem(m);
832 goto done;
833 }
834 if (!m) {
835 error = EACCES;
836 goto done;
837 }
838 }
839
840 /*
841 * If the outgoing packet contains a hop-by-hop options header,
842 * it must be examined and processed even by the source node.
843 * (RFC 2460, section 4.)
844 */
845 if (exthdrs.ip6e_hbh) {
846 struct ip6_hbh *hbh = mtod(exthdrs.ip6e_hbh, struct ip6_hbh *);
847 u_int32_t dummy1; /* XXX unused */
848 u_int32_t dummy2; /* XXX unused */
849
850 #if DIAGNOSTIC
851 if ((hbh->ip6h_len + 1) << 3 > exthdrs.ip6e_hbh->m_len)
852 panic("ip6e_hbh is not continuous");
853 #endif
854 /*
855 * XXX: if we have to send an ICMPv6 error to the sender,
856 * we need the M_LOOP flag since icmp6_error() expects
857 * the IPv6 and the hop-by-hop options header are
858 * continuous unless the flag is set.
859 */
860 m->m_flags |= M_LOOP;
861 m->m_pkthdr.rcvif = ifp;
862 if (ip6_process_hopopts(m,
863 (u_int8_t *)(hbh + 1),
864 ((hbh->ip6h_len + 1) << 3) -
865 sizeof(struct ip6_hbh),
866 &dummy1, &dummy2) < 0) {
867 /* m was already freed at this point */
868 error = EINVAL;/* better error? */
869 goto done;
870 }
871 m->m_flags &= ~M_LOOP; /* XXX */
872 m->m_pkthdr.rcvif = NULL;
873 }
874
875 /*
876 * Send the packet to the outgoing interface.
877 * If necessary, do IPv6 fragmentation before sending.
878 */
879 tlen = m->m_pkthdr.len;
880 if (tlen <= mtu
881 #if notyet
882 /*
883 * On any link that cannot convey a 1280-octet packet in one piece,
884 * link-specific fragmentation and reassembly must be provided at
885 * a layer below IPv6. [RFC 2460, sec.5]
886 * Thus if the interface has ability of link-level fragmentation,
887 * we can just send the packet even if the packet size is
888 * larger than the link's MTU.
889 * XXX: IFF_FRAGMENTABLE (or such) flag has not been defined yet...
890 */
891
892 || ifp->if_flags & IFF_FRAGMENTABLE
893 #endif
894 )
895 {
896 /* Record statistics for this interface address. */
897 if (ia && !(flags & IPV6_FORWARDING)) {
898 #ifndef __APPLE__
899 ia->ia_ifa.if_opackets++;
900 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
901 #endif
902 }
903 #ifdef IPSEC
904 /* clean ipsec history once it goes out of the node */
905 ipsec_delaux(m);
906 #endif
907
908 error = nd6_output(ifp, origifp, m, dst, ro->ro_rt);
909 goto done;
910 } else if (mtu < IPV6_MMTU) {
911 /*
912 * note that path MTU is never less than IPV6_MMTU
913 * (see icmp6_input).
914 */
915 error = EMSGSIZE;
916 in6_ifstat_inc(ifp, ifs6_out_fragfail);
917 goto bad;
918 } else if (ip6->ip6_plen == 0) { /* jumbo payload cannot be fragmented */
919 error = EMSGSIZE;
920 in6_ifstat_inc(ifp, ifs6_out_fragfail);
921 goto bad;
922 } else {
923 struct mbuf **mnext, *m_frgpart;
924 struct ip6_frag *ip6f;
925 u_int32_t id = htonl(ip6_id++);
926 u_char nextproto;
927
928 /*
929 * Too large for the destination or interface;
930 * fragment if possible.
931 * Must be able to put at least 8 bytes per fragment.
932 */
933 hlen = unfragpartlen;
934 if (mtu > IPV6_MAXPACKET)
935 mtu = IPV6_MAXPACKET;
936
937 len = (mtu - hlen - sizeof(struct ip6_frag)) & ~7;
938 if (len < 8) {
939 error = EMSGSIZE;
940 in6_ifstat_inc(ifp, ifs6_out_fragfail);
941 goto bad;
942 }
943
944 mnext = &m->m_nextpkt;
945
946 /*
947 * Change the next header field of the last header in the
948 * unfragmentable part.
949 */
950 if (exthdrs.ip6e_rthdr) {
951 nextproto = *mtod(exthdrs.ip6e_rthdr, u_char *);
952 *mtod(exthdrs.ip6e_rthdr, u_char *) = IPPROTO_FRAGMENT;
953 } else if (exthdrs.ip6e_dest1) {
954 nextproto = *mtod(exthdrs.ip6e_dest1, u_char *);
955 *mtod(exthdrs.ip6e_dest1, u_char *) = IPPROTO_FRAGMENT;
956 } else if (exthdrs.ip6e_hbh) {
957 nextproto = *mtod(exthdrs.ip6e_hbh, u_char *);
958 *mtod(exthdrs.ip6e_hbh, u_char *) = IPPROTO_FRAGMENT;
959 } else {
960 nextproto = ip6->ip6_nxt;
961 ip6->ip6_nxt = IPPROTO_FRAGMENT;
962 }
963
964 /*
965 * Loop through length of segment after first fragment,
966 * make new header and copy data of each part and link onto chain.
967 */
968 m0 = m;
969 for (off = hlen; off < tlen; off += len) {
970 MGETHDR(m, M_DONTWAIT, MT_HEADER);
971 if (!m) {
972 error = ENOBUFS;
973 ip6stat.ip6s_odropped++;
974 goto sendorfree;
975 }
976 m->m_pkthdr.rcvif = NULL;
977 m->m_flags = m0->m_flags & M_COPYFLAGS;
978 *mnext = m;
979 mnext = &m->m_nextpkt;
980 m->m_data += max_linkhdr;
981 mhip6 = mtod(m, struct ip6_hdr *);
982 *mhip6 = *ip6;
983 m->m_len = sizeof(*mhip6);
984 error = ip6_insertfraghdr(m0, m, hlen, &ip6f);
985 if (error) {
986 ip6stat.ip6s_odropped++;
987 goto sendorfree;
988 }
989 ip6f->ip6f_offlg = htons((u_short)((off - hlen) & ~7));
990 if (off + len >= tlen)
991 len = tlen - off;
992 else
993 ip6f->ip6f_offlg |= IP6F_MORE_FRAG;
994 mhip6->ip6_plen = htons((u_short)(len + hlen +
995 sizeof(*ip6f) -
996 sizeof(struct ip6_hdr)));
997 if ((m_frgpart = m_copy(m0, off, len)) == 0) {
998 error = ENOBUFS;
999 ip6stat.ip6s_odropped++;
1000 goto sendorfree;
1001 }
1002 m_cat(m, m_frgpart);
1003 m->m_pkthdr.len = len + hlen + sizeof(*ip6f);
1004 m->m_pkthdr.rcvif = (struct ifnet *)0;
1005 ip6f->ip6f_reserved = 0;
1006 ip6f->ip6f_ident = id;
1007 ip6f->ip6f_nxt = nextproto;
1008 ip6stat.ip6s_ofragments++;
1009 in6_ifstat_inc(ifp, ifs6_out_fragcreat);
1010 }
1011
1012 in6_ifstat_inc(ifp, ifs6_out_fragok);
1013 }
1014
1015 /*
1016 * Remove leading garbages.
1017 */
1018 sendorfree:
1019 m = m0->m_nextpkt;
1020 m0->m_nextpkt = 0;
1021 m_freem(m0);
1022 for (m0 = m; m; m = m0) {
1023 m0 = m->m_nextpkt;
1024 m->m_nextpkt = 0;
1025 if (error == 0) {
1026 /* Record statistics for this interface address. */
1027 if (ia) {
1028 #ifndef __APPLE__
1029 ia->ia_ifa.if_opackets++;
1030 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
1031 #endif
1032 }
1033 #if IPSEC
1034 /* clean ipsec history once it goes out of the node */
1035 ipsec_delaux(m);
1036 #endif
1037 error = nd6_output(ifp, origifp, m, dst, ro->ro_rt);
1038 } else
1039 m_freem(m);
1040 }
1041
1042 if (error == 0)
1043 ip6stat.ip6s_fragmented++;
1044
1045 done:
1046 if (ro == &ip6route && ro->ro_rt) { /* brace necessary for rtfree */
1047 rtfree(ro->ro_rt);
1048 } else if (ro_pmtu == &ip6route && ro_pmtu->ro_rt) {
1049 rtfree(ro_pmtu->ro_rt);
1050 }
1051
1052 #if IPSEC
1053 if (sp != NULL)
1054 key_freesp(sp);
1055 #endif /* IPSEC */
1056
1057 return(error);
1058
1059 freehdrs:
1060 m_freem(exthdrs.ip6e_hbh); /* m_freem will check if mbuf is 0 */
1061 m_freem(exthdrs.ip6e_dest1);
1062 m_freem(exthdrs.ip6e_rthdr);
1063 m_freem(exthdrs.ip6e_dest2);
1064 /* fall through */
1065 bad:
1066 m_freem(m);
1067 goto done;
1068 }
1069
1070 static int
1071 ip6_copyexthdr(mp, hdr, hlen)
1072 struct mbuf **mp;
1073 caddr_t hdr;
1074 int hlen;
1075 {
1076 struct mbuf *m;
1077
1078 if (hlen > MCLBYTES)
1079 return(ENOBUFS); /* XXX */
1080
1081 MGET(m, M_DONTWAIT, MT_DATA);
1082 if (!m)
1083 return(ENOBUFS);
1084
1085 if (hlen > MLEN) {
1086 MCLGET(m, M_DONTWAIT);
1087 if ((m->m_flags & M_EXT) == 0) {
1088 m_free(m);
1089 return(ENOBUFS);
1090 }
1091 }
1092 m->m_len = hlen;
1093 if (hdr)
1094 bcopy(hdr, mtod(m, caddr_t), hlen);
1095
1096 *mp = m;
1097 return(0);
1098 }
1099
1100 /*
1101 * Insert jumbo payload option.
1102 */
1103 static int
1104 ip6_insert_jumboopt(exthdrs, plen)
1105 struct ip6_exthdrs *exthdrs;
1106 u_int32_t plen;
1107 {
1108 struct mbuf *mopt;
1109 u_char *optbuf;
1110 u_int32_t v;
1111
1112 #define JUMBOOPTLEN 8 /* length of jumbo payload option and padding */
1113
1114 /*
1115 * If there is no hop-by-hop options header, allocate new one.
1116 * If there is one but it doesn't have enough space to store the
1117 * jumbo payload option, allocate a cluster to store the whole options.
1118 * Otherwise, use it to store the options.
1119 */
1120 if (exthdrs->ip6e_hbh == 0) {
1121 MGET(mopt, M_DONTWAIT, MT_DATA);
1122 if (mopt == 0)
1123 return(ENOBUFS);
1124 mopt->m_len = JUMBOOPTLEN;
1125 optbuf = mtod(mopt, u_char *);
1126 optbuf[1] = 0; /* = ((JUMBOOPTLEN) >> 3) - 1 */
1127 exthdrs->ip6e_hbh = mopt;
1128 } else {
1129 struct ip6_hbh *hbh;
1130
1131 mopt = exthdrs->ip6e_hbh;
1132 if (M_TRAILINGSPACE(mopt) < JUMBOOPTLEN) {
1133 /*
1134 * XXX assumption:
1135 * - exthdrs->ip6e_hbh is not referenced from places
1136 * other than exthdrs.
1137 * - exthdrs->ip6e_hbh is not an mbuf chain.
1138 */
1139 int oldoptlen = mopt->m_len;
1140 struct mbuf *n;
1141
1142 /*
1143 * XXX: give up if the whole (new) hbh header does
1144 * not fit even in an mbuf cluster.
1145 */
1146 if (oldoptlen + JUMBOOPTLEN > MCLBYTES)
1147 return(ENOBUFS);
1148
1149 /*
1150 * As a consequence, we must always prepare a cluster
1151 * at this point.
1152 */
1153 MGET(n, M_DONTWAIT, MT_DATA);
1154 if (n) {
1155 MCLGET(n, M_DONTWAIT);
1156 if ((n->m_flags & M_EXT) == 0) {
1157 m_freem(n);
1158 n = NULL;
1159 }
1160 }
1161 if (!n)
1162 return(ENOBUFS);
1163 n->m_len = oldoptlen + JUMBOOPTLEN;
1164 bcopy(mtod(mopt, caddr_t), mtod(n, caddr_t),
1165 oldoptlen);
1166 optbuf = mtod(n, caddr_t) + oldoptlen;
1167 m_freem(mopt);
1168 mopt = exthdrs->ip6e_hbh = n;
1169 } else {
1170 optbuf = mtod(mopt, u_char *) + mopt->m_len;
1171 mopt->m_len += JUMBOOPTLEN;
1172 }
1173 optbuf[0] = IP6OPT_PADN;
1174 optbuf[1] = 1;
1175
1176 /*
1177 * Adjust the header length according to the pad and
1178 * the jumbo payload option.
1179 */
1180 hbh = mtod(mopt, struct ip6_hbh *);
1181 hbh->ip6h_len += (JUMBOOPTLEN >> 3);
1182 }
1183
1184 /* fill in the option. */
1185 optbuf[2] = IP6OPT_JUMBO;
1186 optbuf[3] = 4;
1187 v = (u_int32_t)htonl(plen + JUMBOOPTLEN);
1188 bcopy(&v, &optbuf[4], sizeof(u_int32_t));
1189
1190 /* finally, adjust the packet header length */
1191 exthdrs->ip6e_ip6->m_pkthdr.len += JUMBOOPTLEN;
1192
1193 return(0);
1194 #undef JUMBOOPTLEN
1195 }
1196
1197 /*
1198 * Insert fragment header and copy unfragmentable header portions.
1199 */
1200 static int
1201 ip6_insertfraghdr(m0, m, hlen, frghdrp)
1202 struct mbuf *m0, *m;
1203 int hlen;
1204 struct ip6_frag **frghdrp;
1205 {
1206 struct mbuf *n, *mlast;
1207
1208 if (hlen > sizeof(struct ip6_hdr)) {
1209 n = m_copym(m0, sizeof(struct ip6_hdr),
1210 hlen - sizeof(struct ip6_hdr), M_DONTWAIT);
1211 if (n == 0)
1212 return(ENOBUFS);
1213 m->m_next = n;
1214 } else
1215 n = m;
1216
1217 /* Search for the last mbuf of unfragmentable part. */
1218 for (mlast = n; mlast->m_next; mlast = mlast->m_next)
1219 ;
1220
1221 if ((mlast->m_flags & M_EXT) == 0 &&
1222 M_TRAILINGSPACE(mlast) >= sizeof(struct ip6_frag)) {
1223 /* use the trailing space of the last mbuf for the fragment hdr */
1224 *frghdrp =
1225 (struct ip6_frag *)(mtod(mlast, caddr_t) + mlast->m_len);
1226 mlast->m_len += sizeof(struct ip6_frag);
1227 m->m_pkthdr.len += sizeof(struct ip6_frag);
1228 } else {
1229 /* allocate a new mbuf for the fragment header */
1230 struct mbuf *mfrg;
1231
1232 MGET(mfrg, M_DONTWAIT, MT_DATA);
1233 if (mfrg == 0)
1234 return(ENOBUFS);
1235 mfrg->m_len = sizeof(struct ip6_frag);
1236 *frghdrp = mtod(mfrg, struct ip6_frag *);
1237 mlast->m_next = mfrg;
1238 }
1239
1240 return(0);
1241 }
1242
1243 /*
1244 * IP6 socket option processing.
1245 */
1246 int
1247 ip6_ctloutput(so, sopt)
1248 struct socket *so;
1249 struct sockopt *sopt;
1250 {
1251 int privileged;
1252 struct inpcb *in6p = sotoinpcb(so);
1253 int error, optval;
1254 int level, op, optname;
1255 int optlen;
1256 struct proc *p;
1257
1258 if (sopt) {
1259 level = sopt->sopt_level;
1260 op = sopt->sopt_dir;
1261 optname = sopt->sopt_name;
1262 optlen = sopt->sopt_valsize;
1263 p = sopt->sopt_p;
1264 } else {
1265 panic("ip6_ctloutput: arg soopt is NULL");
1266 }
1267 error = optval = 0;
1268
1269 privileged = (p == 0 || suser(p->p_ucred, &p->p_acflag)) ? 0 : 1;
1270
1271 if (level == IPPROTO_IPV6) {
1272 switch (op) {
1273
1274 case SOPT_SET:
1275 switch (optname) {
1276 case IPV6_PKTOPTIONS:
1277 {
1278 struct mbuf *m;
1279
1280 error = soopt_getm(sopt, &m); /* XXX */
1281 if (error != NULL)
1282 break;
1283 error = soopt_mcopyin(sopt, m); /* XXX */
1284 if (error != NULL)
1285 break;
1286 error = ip6_pcbopts(&in6p->in6p_outputopts,
1287 m, so, sopt);
1288 m_freem(m); /* XXX */
1289 break;
1290 }
1291
1292 /*
1293 * Use of some Hop-by-Hop options or some
1294 * Destination options, might require special
1295 * privilege. That is, normal applications
1296 * (without special privilege) might be forbidden
1297 * from setting certain options in outgoing packets,
1298 * and might never see certain options in received
1299 * packets. [RFC 2292 Section 6]
1300 * KAME specific note:
1301 * KAME prevents non-privileged users from sending or
1302 * receiving ANY hbh/dst options in order to avoid
1303 * overhead of parsing options in the kernel.
1304 */
1305 case IPV6_UNICAST_HOPS:
1306 case IPV6_CHECKSUM:
1307 case IPV6_FAITH:
1308
1309 case IPV6_V6ONLY:
1310 if (optlen != sizeof(int)) {
1311 error = EINVAL;
1312 break;
1313 }
1314 error = sooptcopyin(sopt, &optval,
1315 sizeof optval, sizeof optval);
1316 if (error)
1317 break;
1318 switch (optname) {
1319
1320 case IPV6_UNICAST_HOPS:
1321 if (optval < -1 || optval >= 256)
1322 error = EINVAL;
1323 else {
1324 /* -1 = kernel default */
1325 in6p->in6p_hops = optval;
1326
1327 if ((in6p->in6p_vflag &
1328 INP_IPV4) != 0)
1329 in6p->inp_ip_ttl = optval;
1330 }
1331 break;
1332 #define OPTSET(bit) \
1333 do { \
1334 if (optval) \
1335 in6p->in6p_flags |= (bit); \
1336 else \
1337 in6p->in6p_flags &= ~(bit); \
1338 } while (0)
1339 #define OPTBIT(bit) (in6p->in6p_flags & (bit) ? 1 : 0)
1340
1341 case IPV6_CHECKSUM:
1342 in6p->in6p_cksum = optval;
1343 break;
1344
1345 case IPV6_FAITH:
1346 OPTSET(IN6P_FAITH);
1347 break;
1348
1349 case IPV6_V6ONLY:
1350 /*
1351 * make setsockopt(IPV6_V6ONLY)
1352 * available only prior to bind(2).
1353 * see ipng mailing list, Jun 22 2001.
1354 */
1355 if (in6p->in6p_lport ||
1356 !IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr))
1357 {
1358 error = EINVAL;
1359 break;
1360 }
1361 /*
1362 * XXX: BINDV6ONLY should be integrated
1363 * into V6ONLY.
1364 */
1365 OPTSET(IN6P_BINDV6ONLY);
1366 OPTSET(IN6P_IPV6_V6ONLY);
1367 break;
1368 }
1369 break;
1370
1371 case IPV6_PKTINFO:
1372 case IPV6_HOPLIMIT:
1373 case IPV6_HOPOPTS:
1374 case IPV6_DSTOPTS:
1375 case IPV6_RTHDR:
1376 /* RFC 2292 */
1377 if (optlen != sizeof(int)) {
1378 error = EINVAL;
1379 break;
1380 }
1381 error = sooptcopyin(sopt, &optval,
1382 sizeof optval, sizeof optval);
1383 if (error)
1384 break;
1385 switch (optname) {
1386 case IPV6_PKTINFO:
1387 OPTSET(IN6P_PKTINFO);
1388 break;
1389 case IPV6_HOPLIMIT:
1390 OPTSET(IN6P_HOPLIMIT);
1391 break;
1392 case IPV6_HOPOPTS:
1393 /*
1394 * Check super-user privilege.
1395 * See comments for IPV6_RECVHOPOPTS.
1396 */
1397 if (!privileged)
1398 return(EPERM);
1399 OPTSET(IN6P_HOPOPTS);
1400 break;
1401 case IPV6_DSTOPTS:
1402 if (!privileged)
1403 return(EPERM);
1404 OPTSET(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS); /* XXX */
1405 break;
1406 case IPV6_RTHDR:
1407 OPTSET(IN6P_RTHDR);
1408 break;
1409 }
1410 break;
1411 #undef OPTSET
1412
1413 case IPV6_MULTICAST_IF:
1414 case IPV6_MULTICAST_HOPS:
1415 case IPV6_MULTICAST_LOOP:
1416 case IPV6_JOIN_GROUP:
1417 case IPV6_LEAVE_GROUP:
1418 {
1419 struct mbuf *m;
1420 if (sopt->sopt_valsize > MLEN) {
1421 error = EMSGSIZE;
1422 break;
1423 }
1424 /* XXX */
1425 MGET(m, sopt->sopt_p ? M_WAIT : M_DONTWAIT, MT_HEADER);
1426 if (m == 0) {
1427 error = ENOBUFS;
1428 break;
1429 }
1430 m->m_len = sopt->sopt_valsize;
1431 error = sooptcopyin(sopt, mtod(m, char *),
1432 m->m_len, m->m_len);
1433 error = ip6_setmoptions(sopt->sopt_name,
1434 &in6p->in6p_moptions,
1435 m);
1436 (void)m_free(m);
1437 }
1438 break;
1439
1440 case IPV6_PORTRANGE:
1441 error = sooptcopyin(sopt, &optval,
1442 sizeof optval, sizeof optval);
1443 if (error)
1444 break;
1445
1446 switch (optval) {
1447 case IPV6_PORTRANGE_DEFAULT:
1448 in6p->in6p_flags &= ~(IN6P_LOWPORT);
1449 in6p->in6p_flags &= ~(IN6P_HIGHPORT);
1450 break;
1451
1452 case IPV6_PORTRANGE_HIGH:
1453 in6p->in6p_flags &= ~(IN6P_LOWPORT);
1454 in6p->in6p_flags |= IN6P_HIGHPORT;
1455 break;
1456
1457 case IPV6_PORTRANGE_LOW:
1458 in6p->in6p_flags &= ~(IN6P_HIGHPORT);
1459 in6p->in6p_flags |= IN6P_LOWPORT;
1460 break;
1461
1462 default:
1463 error = EINVAL;
1464 break;
1465 }
1466 break;
1467
1468 #if IPSEC
1469 case IPV6_IPSEC_POLICY:
1470 {
1471 caddr_t req = NULL;
1472 size_t len = 0;
1473 struct mbuf *m;
1474
1475 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
1476 break;
1477 if (error = soopt_mcopyin(sopt, m)) /* XXX */
1478 break;
1479 if (m) {
1480 req = mtod(m, caddr_t);
1481 len = m->m_len;
1482 }
1483 error = ipsec6_set_policy(in6p, optname, req,
1484 len, privileged);
1485 m_freem(m);
1486 }
1487 break;
1488 #endif /* KAME IPSEC */
1489
1490 case IPV6_FW_ADD:
1491 case IPV6_FW_DEL:
1492 case IPV6_FW_FLUSH:
1493 case IPV6_FW_ZERO:
1494 {
1495 struct mbuf *m;
1496 struct mbuf **mp = &m;
1497
1498 if (ip6_fw_ctl_ptr == NULL)
1499 return EINVAL;
1500 /* XXX */
1501 if ((error = soopt_getm(sopt, &m)) != 0)
1502 break;
1503 /* XXX */
1504 if ((error = soopt_mcopyin(sopt, m)) != 0)
1505 break;
1506 error = (*ip6_fw_ctl_ptr)(optname, mp);
1507 m = *mp;
1508 }
1509 break;
1510
1511 default:
1512 error = ENOPROTOOPT;
1513 break;
1514 }
1515 break;
1516
1517 case SOPT_GET:
1518 switch (optname) {
1519
1520 case IPV6_PKTOPTIONS:
1521 if (in6p->in6p_options) {
1522 struct mbuf *m;
1523 m = m_copym(in6p->in6p_options,
1524 0, M_COPYALL, M_WAIT);
1525 error = soopt_mcopyout(sopt, m);
1526 if (error == 0)
1527 m_freem(m);
1528 } else
1529 sopt->sopt_valsize = 0;
1530 break;
1531
1532 case IPV6_UNICAST_HOPS:
1533 case IPV6_CHECKSUM:
1534
1535 case IPV6_FAITH:
1536 case IPV6_V6ONLY:
1537 case IPV6_PORTRANGE:
1538 switch (optname) {
1539
1540 case IPV6_UNICAST_HOPS:
1541 optval = in6p->in6p_hops;
1542 break;
1543
1544 case IPV6_CHECKSUM:
1545 optval = in6p->in6p_cksum;
1546 break;
1547
1548 case IPV6_FAITH:
1549 optval = OPTBIT(IN6P_FAITH);
1550 break;
1551
1552 case IPV6_V6ONLY:
1553 /* XXX: see the setopt case. */
1554 optval = OPTBIT(IN6P_BINDV6ONLY);
1555 break;
1556
1557 case IPV6_PORTRANGE:
1558 {
1559 int flags;
1560 flags = in6p->in6p_flags;
1561 if (flags & IN6P_HIGHPORT)
1562 optval = IPV6_PORTRANGE_HIGH;
1563 else if (flags & IN6P_LOWPORT)
1564 optval = IPV6_PORTRANGE_LOW;
1565 else
1566 optval = 0;
1567 break;
1568 }
1569 }
1570 error = sooptcopyout(sopt, &optval,
1571 sizeof optval);
1572 break;
1573
1574 case IPV6_PKTINFO:
1575 case IPV6_HOPLIMIT:
1576 case IPV6_HOPOPTS:
1577 case IPV6_RTHDR:
1578 case IPV6_DSTOPTS:
1579 if (optname == IPV6_HOPOPTS ||
1580 optname == IPV6_DSTOPTS ||
1581 !privileged)
1582 return(EPERM);
1583 switch (optname) {
1584 case IPV6_PKTINFO:
1585 optval = OPTBIT(IN6P_PKTINFO);
1586 break;
1587 case IPV6_HOPLIMIT:
1588 optval = OPTBIT(IN6P_HOPLIMIT);
1589 break;
1590 case IPV6_HOPOPTS:
1591 if (!privileged)
1592 return(EPERM);
1593 optval = OPTBIT(IN6P_HOPOPTS);
1594 break;
1595 case IPV6_RTHDR:
1596 optval = OPTBIT(IN6P_RTHDR);
1597 break;
1598 case IPV6_DSTOPTS:
1599 if (!privileged)
1600 return(EPERM);
1601 optval = OPTBIT(IN6P_DSTOPTS|IN6P_RTHDRDSTOPTS);
1602 break;
1603 }
1604 error = sooptcopyout(sopt, &optval,
1605 sizeof optval);
1606 break;
1607
1608 case IPV6_MULTICAST_IF:
1609 case IPV6_MULTICAST_HOPS:
1610 case IPV6_MULTICAST_LOOP:
1611 case IPV6_JOIN_GROUP:
1612 case IPV6_LEAVE_GROUP:
1613 {
1614 struct mbuf *m;
1615 error = ip6_getmoptions(sopt->sopt_name,
1616 in6p->in6p_moptions, &m);
1617 if (error == 0)
1618 error = sooptcopyout(sopt,
1619 mtod(m, char *), m->m_len);
1620 m_freem(m);
1621 }
1622 break;
1623
1624 #if IPSEC
1625 case IPV6_IPSEC_POLICY:
1626 {
1627 caddr_t req = NULL;
1628 size_t len = 0;
1629 struct mbuf *m = NULL;
1630 struct mbuf **mp = &m;
1631
1632 error = soopt_getm(sopt, &m); /* XXX */
1633 if (error != NULL)
1634 break;
1635 error = soopt_mcopyin(sopt, m); /* XXX */
1636 if (error != NULL)
1637 break;
1638 if (m) {
1639 req = mtod(m, caddr_t);
1640 len = m->m_len;
1641 }
1642 error = ipsec6_get_policy(in6p, req, len, mp);
1643 if (error == 0)
1644 error = soopt_mcopyout(sopt, m); /*XXX*/
1645 if (error == 0 && m)
1646 m_freem(m);
1647 break;
1648 }
1649 #endif /* KAME IPSEC */
1650
1651 case IPV6_FW_GET:
1652 {
1653 struct mbuf *m;
1654 struct mbuf **mp = &m;
1655
1656 if (ip6_fw_ctl_ptr == NULL)
1657 {
1658 return EINVAL;
1659 }
1660 error = (*ip6_fw_ctl_ptr)(optname, mp);
1661 if (error == 0)
1662 error = soopt_mcopyout(sopt, m); /* XXX */
1663 if (error == 0 && m)
1664 m_freem(m);
1665 }
1666 break;
1667
1668 default:
1669 error = ENOPROTOOPT;
1670 break;
1671 }
1672 break;
1673 }
1674 } else {
1675 error = EINVAL;
1676 }
1677 return(error);
1678 }
1679
1680 /*
1681 * Set up IP6 options in pcb for insertion in output packets or
1682 * specifying behavior of outgoing packets.
1683 */
1684 static int
1685 ip6_pcbopts(pktopt, m, so, sopt)
1686 struct ip6_pktopts **pktopt;
1687 struct mbuf *m;
1688 struct socket *so;
1689 struct sockopt *sopt;
1690 {
1691 struct ip6_pktopts *opt = *pktopt;
1692 int error = 0;
1693 struct proc *p = sopt->sopt_p;
1694 int priv = 0;
1695
1696 /* turn off any old options. */
1697 if (opt) {
1698 #if DIAGNOSTIC
1699 if (opt->ip6po_pktinfo || opt->ip6po_nexthop ||
1700 opt->ip6po_hbh || opt->ip6po_dest1 || opt->ip6po_dest2 ||
1701 opt->ip6po_rhinfo.ip6po_rhi_rthdr)
1702 printf("ip6_pcbopts: all specified options are cleared.\n");
1703 #endif
1704 ip6_clearpktopts(opt, 1, -1);
1705 } else
1706 opt = _MALLOC(sizeof(*opt), M_IP6OPT, M_WAITOK);
1707 *pktopt = NULL;
1708
1709 if (!m || m->m_len == 0) {
1710 /*
1711 * Only turning off any previous options.
1712 */
1713 if (opt)
1714 FREE(opt, M_IP6OPT);
1715 return(0);
1716 }
1717
1718 /* set options specified by user. */
1719 if (p && !suser(p->p_ucred, &p->p_acflag))
1720 priv = 1;
1721 if ((error = ip6_setpktoptions(m, opt, priv, 1)) != 0) {
1722 ip6_clearpktopts(opt, 1, -1); /* XXX: discard all options */
1723 return(error);
1724 }
1725 *pktopt = opt;
1726 return(0);
1727 }
1728
1729 /*
1730 * initialize ip6_pktopts. beware that there are non-zero default values in
1731 * the struct.
1732 */
1733 void
1734 init_ip6pktopts(opt)
1735 struct ip6_pktopts *opt;
1736 {
1737
1738 bzero(opt, sizeof(*opt));
1739 opt->ip6po_hlim = -1; /* -1 means default hop limit */
1740 }
1741
1742 void
1743 ip6_clearpktopts(pktopt, needfree, optname)
1744 struct ip6_pktopts *pktopt;
1745 int needfree, optname;
1746 {
1747 if (pktopt == NULL)
1748 return;
1749
1750 if (optname == -1) {
1751 if (needfree && pktopt->ip6po_pktinfo)
1752 FREE(pktopt->ip6po_pktinfo, M_IP6OPT);
1753 pktopt->ip6po_pktinfo = NULL;
1754 }
1755 if (optname == -1)
1756 pktopt->ip6po_hlim = -1;
1757 if (optname == -1) {
1758 if (needfree && pktopt->ip6po_nexthop)
1759 FREE(pktopt->ip6po_nexthop, M_IP6OPT);
1760 pktopt->ip6po_nexthop = NULL;
1761 }
1762 if (optname == -1) {
1763 if (needfree && pktopt->ip6po_hbh)
1764 FREE(pktopt->ip6po_hbh, M_IP6OPT);
1765 pktopt->ip6po_hbh = NULL;
1766 }
1767 if (optname == -1) {
1768 if (needfree && pktopt->ip6po_dest1)
1769 FREE(pktopt->ip6po_dest1, M_IP6OPT);
1770 pktopt->ip6po_dest1 = NULL;
1771 }
1772 if (optname == -1) {
1773 if (needfree && pktopt->ip6po_rhinfo.ip6po_rhi_rthdr)
1774 FREE(pktopt->ip6po_rhinfo.ip6po_rhi_rthdr, M_IP6OPT);
1775 pktopt->ip6po_rhinfo.ip6po_rhi_rthdr = NULL;
1776 if (pktopt->ip6po_route.ro_rt) {
1777 rtfree(pktopt->ip6po_route.ro_rt);
1778 pktopt->ip6po_route.ro_rt = NULL;
1779 }
1780 }
1781 if (optname == -1) {
1782 if (needfree && pktopt->ip6po_dest2)
1783 FREE(pktopt->ip6po_dest2, M_IP6OPT);
1784 pktopt->ip6po_dest2 = NULL;
1785 }
1786 }
1787
1788 #define PKTOPT_EXTHDRCPY(type) \
1789 do {\
1790 if (src->type) {\
1791 int hlen =\
1792 (((struct ip6_ext *)src->type)->ip6e_len + 1) << 3;\
1793 dst->type = _MALLOC(hlen, M_IP6OPT, canwait);\
1794 if (dst->type == NULL && canwait == M_NOWAIT)\
1795 goto bad;\
1796 bcopy(src->type, dst->type, hlen);\
1797 }\
1798 } while (0)
1799
1800 struct ip6_pktopts *
1801 ip6_copypktopts(src, canwait)
1802 struct ip6_pktopts *src;
1803 int canwait;
1804 {
1805 struct ip6_pktopts *dst;
1806
1807 if (src == NULL) {
1808 printf("ip6_clearpktopts: invalid argument\n");
1809 return(NULL);
1810 }
1811
1812 dst = _MALLOC(sizeof(*dst), M_IP6OPT, canwait);
1813 if (dst == NULL && canwait == M_NOWAIT)
1814 goto bad;
1815 bzero(dst, sizeof(*dst));
1816
1817 dst->ip6po_hlim = src->ip6po_hlim;
1818 if (src->ip6po_pktinfo) {
1819 dst->ip6po_pktinfo = _MALLOC(sizeof(*dst->ip6po_pktinfo),
1820 M_IP6OPT, canwait);
1821 if (dst->ip6po_pktinfo == NULL && canwait == M_NOWAIT)
1822 goto bad;
1823 *dst->ip6po_pktinfo = *src->ip6po_pktinfo;
1824 }
1825 if (src->ip6po_nexthop) {
1826 dst->ip6po_nexthop = _MALLOC(src->ip6po_nexthop->sa_len,
1827 M_IP6OPT, canwait);
1828 if (dst->ip6po_nexthop == NULL && canwait == M_NOWAIT)
1829 goto bad;
1830 bcopy(src->ip6po_nexthop, dst->ip6po_nexthop,
1831 src->ip6po_nexthop->sa_len);
1832 }
1833 PKTOPT_EXTHDRCPY(ip6po_hbh);
1834 PKTOPT_EXTHDRCPY(ip6po_dest1);
1835 PKTOPT_EXTHDRCPY(ip6po_dest2);
1836 PKTOPT_EXTHDRCPY(ip6po_rthdr); /* not copy the cached route */
1837 return(dst);
1838
1839 bad:
1840 printf("ip6_copypktopts: copy failed");
1841 if (dst->ip6po_pktinfo) FREE(dst->ip6po_pktinfo, M_IP6OPT);
1842 if (dst->ip6po_nexthop) FREE(dst->ip6po_nexthop, M_IP6OPT);
1843 if (dst->ip6po_hbh) FREE(dst->ip6po_hbh, M_IP6OPT);
1844 if (dst->ip6po_dest1) FREE(dst->ip6po_dest1, M_IP6OPT);
1845 if (dst->ip6po_dest2) FREE(dst->ip6po_dest2, M_IP6OPT);
1846 if (dst->ip6po_rthdr) FREE(dst->ip6po_rthdr, M_IP6OPT);
1847 return(NULL);
1848 }
1849 #undef PKTOPT_EXTHDRCPY
1850
1851 void
1852 ip6_freepcbopts(pktopt)
1853 struct ip6_pktopts *pktopt;
1854 {
1855 if (pktopt == NULL)
1856 return;
1857
1858 ip6_clearpktopts(pktopt, 1, -1);
1859
1860 FREE(pktopt, M_IP6OPT);
1861 }
1862
1863 /*
1864 * Set the IP6 multicast options in response to user setsockopt().
1865 */
1866 static int
1867 ip6_setmoptions(optname, im6op, m)
1868 int optname;
1869 struct ip6_moptions **im6op;
1870 struct mbuf *m;
1871 {
1872 int error = 0;
1873 u_int loop, ifindex;
1874 struct ipv6_mreq *mreq;
1875 struct ifnet *ifp;
1876 struct ip6_moptions *im6o = *im6op;
1877 struct route_in6 ro;
1878 struct sockaddr_in6 *dst;
1879 struct in6_multi_mship *imm;
1880 struct proc *p = current_proc(); /* XXX */
1881
1882 if (im6o == NULL) {
1883 /*
1884 * No multicast option buffer attached to the pcb;
1885 * allocate one and initialize to default values.
1886 */
1887 im6o = (struct ip6_moptions *)
1888 _MALLOC(sizeof(*im6o), M_IPMOPTS, M_WAITOK);
1889
1890 if (im6o == NULL)
1891 return(ENOBUFS);
1892 *im6op = im6o;
1893 im6o->im6o_multicast_ifp = NULL;
1894 im6o->im6o_multicast_hlim = ip6_defmcasthlim;
1895 im6o->im6o_multicast_loop = IPV6_DEFAULT_MULTICAST_LOOP;
1896 LIST_INIT(&im6o->im6o_memberships);
1897 }
1898
1899 switch (optname) {
1900
1901 case IPV6_MULTICAST_IF:
1902 /*
1903 * Select the interface for outgoing multicast packets.
1904 */
1905 if (m == NULL || m->m_len != sizeof(u_int)) {
1906 error = EINVAL;
1907 break;
1908 }
1909 bcopy(mtod(m, u_int *), &ifindex, sizeof(ifindex));
1910 if (ifindex < 0 || if_index < ifindex) {
1911 error = ENXIO; /* XXX EINVAL? */
1912 break;
1913 }
1914 ifp = ifindex2ifnet[ifindex];
1915 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
1916 error = EADDRNOTAVAIL;
1917 break;
1918 }
1919 im6o->im6o_multicast_ifp = ifp;
1920 break;
1921
1922 case IPV6_MULTICAST_HOPS:
1923 {
1924 /*
1925 * Set the IP6 hoplimit for outgoing multicast packets.
1926 */
1927 int optval;
1928 if (m == NULL || m->m_len != sizeof(int)) {
1929 error = EINVAL;
1930 break;
1931 }
1932 bcopy(mtod(m, u_int *), &optval, sizeof(optval));
1933 if (optval < -1 || optval >= 256)
1934 error = EINVAL;
1935 else if (optval == -1)
1936 im6o->im6o_multicast_hlim = ip6_defmcasthlim;
1937 else
1938 im6o->im6o_multicast_hlim = optval;
1939 break;
1940 }
1941
1942 case IPV6_MULTICAST_LOOP:
1943 /*
1944 * Set the loopback flag for outgoing multicast packets.
1945 * Must be zero or one.
1946 */
1947 if (m == NULL || m->m_len != sizeof(u_int)) {
1948 error = EINVAL;
1949 break;
1950 }
1951 bcopy(mtod(m, u_int *), &loop, sizeof(loop));
1952 if (loop > 1) {
1953 error = EINVAL;
1954 break;
1955 }
1956 im6o->im6o_multicast_loop = loop;
1957 break;
1958
1959 case IPV6_JOIN_GROUP:
1960 /*
1961 * Add a multicast group membership.
1962 * Group must be a valid IP6 multicast address.
1963 */
1964 if (m == NULL || m->m_len != sizeof(struct ipv6_mreq)) {
1965 error = EINVAL;
1966 break;
1967 }
1968 mreq = mtod(m, struct ipv6_mreq *);
1969 if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) {
1970 /*
1971 * We use the unspecified address to specify to accept
1972 * all multicast addresses. Only super user is allowed
1973 * to do this.
1974 */
1975 if (suser(p->p_ucred, &p->p_acflag))
1976 {
1977 error = EACCES;
1978 break;
1979 }
1980 } else if (!IN6_IS_ADDR_MULTICAST(&mreq->ipv6mr_multiaddr)) {
1981 error = EINVAL;
1982 break;
1983 }
1984
1985 /*
1986 * If the interface is specified, validate it.
1987 */
1988 if (mreq->ipv6mr_interface < 0
1989 || if_index < mreq->ipv6mr_interface) {
1990 error = ENXIO; /* XXX EINVAL? */
1991 break;
1992 }
1993 /*
1994 * If no interface was explicitly specified, choose an
1995 * appropriate one according to the given multicast address.
1996 */
1997 if (mreq->ipv6mr_interface == 0) {
1998 /*
1999 * If the multicast address is in node-local scope,
2000 * the interface should be a loopback interface.
2001 * Otherwise, look up the routing table for the
2002 * address, and choose the outgoing interface.
2003 * XXX: is it a good approach?
2004 */
2005 if (IN6_IS_ADDR_MC_NODELOCAL(&mreq->ipv6mr_multiaddr)) {
2006 ifp = &loif[0];
2007 } else {
2008 ro.ro_rt = NULL;
2009 dst = (struct sockaddr_in6 *)&ro.ro_dst;
2010 bzero(dst, sizeof(*dst));
2011 dst->sin6_len = sizeof(struct sockaddr_in6);
2012 dst->sin6_family = AF_INET6;
2013 dst->sin6_addr = mreq->ipv6mr_multiaddr;
2014 rtalloc((struct route *)&ro);
2015 if (ro.ro_rt == NULL) {
2016 error = EADDRNOTAVAIL;
2017 break;
2018 }
2019 ifp = ro.ro_rt->rt_ifp;
2020 rtfree(ro.ro_rt);
2021 }
2022 } else
2023 ifp = ifindex2ifnet[mreq->ipv6mr_interface];
2024
2025 /*
2026 * See if we found an interface, and confirm that it
2027 * supports multicast
2028 */
2029 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
2030 error = EADDRNOTAVAIL;
2031 break;
2032 }
2033 /*
2034 * Put interface index into the multicast address,
2035 * if the address has link-local scope.
2036 */
2037 if (IN6_IS_ADDR_MC_LINKLOCAL(&mreq->ipv6mr_multiaddr)) {
2038 mreq->ipv6mr_multiaddr.s6_addr16[1]
2039 = htons(mreq->ipv6mr_interface);
2040 }
2041 /*
2042 * See if the membership already exists.
2043 */
2044 for (imm = im6o->im6o_memberships.lh_first;
2045 imm != NULL; imm = imm->i6mm_chain.le_next)
2046 if (imm->i6mm_maddr->in6m_ifp == ifp &&
2047 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr,
2048 &mreq->ipv6mr_multiaddr))
2049 break;
2050 if (imm != NULL) {
2051 error = EADDRINUSE;
2052 break;
2053 }
2054 /*
2055 * Everything looks good; add a new record to the multicast
2056 * address list for the given interface.
2057 */
2058 imm = _MALLOC(sizeof(*imm), M_IPMADDR, M_WAITOK);
2059 if (imm == NULL) {
2060 error = ENOBUFS;
2061 break;
2062 }
2063 if ((imm->i6mm_maddr =
2064 in6_addmulti(&mreq->ipv6mr_multiaddr, ifp, &error)) == NULL) {
2065 FREE(imm, M_IPMADDR);
2066 break;
2067 }
2068 LIST_INSERT_HEAD(&im6o->im6o_memberships, imm, i6mm_chain);
2069 break;
2070
2071 case IPV6_LEAVE_GROUP:
2072 /*
2073 * Drop a multicast group membership.
2074 * Group must be a valid IP6 multicast address.
2075 */
2076 if (m == NULL || m->m_len != sizeof(struct ipv6_mreq)) {
2077 error = EINVAL;
2078 break;
2079 }
2080 mreq = mtod(m, struct ipv6_mreq *);
2081 if (IN6_IS_ADDR_UNSPECIFIED(&mreq->ipv6mr_multiaddr)) {
2082 if (suser(p->p_ucred, &p->p_acflag)) {
2083 error = EACCES;
2084 break;
2085 }
2086 } else if (!IN6_IS_ADDR_MULTICAST(&mreq->ipv6mr_multiaddr)) {
2087 error = EINVAL;
2088 break;
2089 }
2090 /*
2091 * If an interface address was specified, get a pointer
2092 * to its ifnet structure.
2093 */
2094 if (mreq->ipv6mr_interface < 0
2095 || if_index < mreq->ipv6mr_interface) {
2096 error = ENXIO; /* XXX EINVAL? */
2097 break;
2098 }
2099 ifp = ifindex2ifnet[mreq->ipv6mr_interface];
2100 /*
2101 * Put interface index into the multicast address,
2102 * if the address has link-local scope.
2103 */
2104 if (IN6_IS_ADDR_MC_LINKLOCAL(&mreq->ipv6mr_multiaddr)) {
2105 mreq->ipv6mr_multiaddr.s6_addr16[1]
2106 = htons(mreq->ipv6mr_interface);
2107 }
2108 /*
2109 * Find the membership in the membership list.
2110 */
2111 for (imm = im6o->im6o_memberships.lh_first;
2112 imm != NULL; imm = imm->i6mm_chain.le_next) {
2113 if ((ifp == NULL ||
2114 imm->i6mm_maddr->in6m_ifp == ifp) &&
2115 IN6_ARE_ADDR_EQUAL(&imm->i6mm_maddr->in6m_addr,
2116 &mreq->ipv6mr_multiaddr))
2117 break;
2118 }
2119 if (imm == NULL) {
2120 /* Unable to resolve interface */
2121 error = EADDRNOTAVAIL;
2122 break;
2123 }
2124 /*
2125 * Give up the multicast address record to which the
2126 * membership points.
2127 */
2128 LIST_REMOVE(imm, i6mm_chain);
2129 in6_delmulti(imm->i6mm_maddr);
2130 FREE(imm, M_IPMADDR);
2131 break;
2132
2133 default:
2134 error = EOPNOTSUPP;
2135 break;
2136 }
2137
2138 /*
2139 * If all options have default values, no need to keep the mbuf.
2140 */
2141 if (im6o->im6o_multicast_ifp == NULL &&
2142 im6o->im6o_multicast_hlim == ip6_defmcasthlim &&
2143 im6o->im6o_multicast_loop == IPV6_DEFAULT_MULTICAST_LOOP &&
2144 im6o->im6o_memberships.lh_first == NULL) {
2145 FREE(*im6op, M_IPMOPTS);
2146 *im6op = NULL;
2147 }
2148
2149 return(error);
2150 }
2151
2152 /*
2153 * Return the IP6 multicast options in response to user getsockopt().
2154 */
2155 static int
2156 ip6_getmoptions(optname, im6o, mp)
2157 int optname;
2158 struct ip6_moptions *im6o;
2159 struct mbuf **mp;
2160 {
2161 u_int *hlim, *loop, *ifindex;
2162
2163 *mp = m_get(M_WAIT, MT_HEADER); /*XXX*/
2164
2165 switch (optname) {
2166
2167 case IPV6_MULTICAST_IF:
2168 ifindex = mtod(*mp, u_int *);
2169 (*mp)->m_len = sizeof(u_int);
2170 if (im6o == NULL || im6o->im6o_multicast_ifp == NULL)
2171 *ifindex = 0;
2172 else
2173 *ifindex = im6o->im6o_multicast_ifp->if_index;
2174 return(0);
2175
2176 case IPV6_MULTICAST_HOPS:
2177 hlim = mtod(*mp, u_int *);
2178 (*mp)->m_len = sizeof(u_int);
2179 if (im6o == NULL)
2180 *hlim = ip6_defmcasthlim;
2181 else
2182 *hlim = im6o->im6o_multicast_hlim;
2183 return(0);
2184
2185 case IPV6_MULTICAST_LOOP:
2186 loop = mtod(*mp, u_int *);
2187 (*mp)->m_len = sizeof(u_int);
2188 if (im6o == NULL)
2189 *loop = ip6_defmcasthlim;
2190 else
2191 *loop = im6o->im6o_multicast_loop;
2192 return(0);
2193
2194 default:
2195 return(EOPNOTSUPP);
2196 }
2197 }
2198
2199 /*
2200 * Discard the IP6 multicast options.
2201 */
2202 void
2203 ip6_freemoptions(im6o)
2204 struct ip6_moptions *im6o;
2205 {
2206 struct in6_multi_mship *imm;
2207
2208 if (im6o == NULL)
2209 return;
2210
2211 while ((imm = im6o->im6o_memberships.lh_first) != NULL) {
2212 LIST_REMOVE(imm, i6mm_chain);
2213 if (imm->i6mm_maddr)
2214 in6_delmulti(imm->i6mm_maddr);
2215 FREE(imm, M_IPMADDR);
2216 }
2217 FREE(im6o, M_IPMOPTS);
2218 }
2219
2220 /*
2221 * Set IPv6 outgoing packet options based on advanced API.
2222 */
2223 int
2224 ip6_setpktoptions(control, opt, priv, needcopy)
2225 struct mbuf *control;
2226 struct ip6_pktopts *opt;
2227 int priv, needcopy;
2228 {
2229 struct cmsghdr *cm = 0;
2230
2231 if (control == 0 || opt == 0)
2232 return(EINVAL);
2233
2234 init_ip6pktopts(opt);
2235
2236 /*
2237 * XXX: Currently, we assume all the optional information is stored
2238 * in a single mbuf.
2239 */
2240 if (control->m_next)
2241 return(EINVAL);
2242
2243 for (; control->m_len; control->m_data += CMSG_ALIGN(cm->cmsg_len),
2244 control->m_len -= CMSG_ALIGN(cm->cmsg_len)) {
2245 cm = mtod(control, struct cmsghdr *);
2246 if (cm->cmsg_len == 0 || cm->cmsg_len > control->m_len)
2247 return(EINVAL);
2248 if (cm->cmsg_level != IPPROTO_IPV6)
2249 continue;
2250
2251 /*
2252 * XXX should check if RFC2292 API is mixed with 2292bis API
2253 */
2254 switch (cm->cmsg_type) {
2255 case IPV6_PKTINFO:
2256 if (cm->cmsg_len != CMSG_LEN(sizeof(struct in6_pktinfo)))
2257 return(EINVAL);
2258 if (needcopy) {
2259 /* XXX: Is it really WAITOK? */
2260 opt->ip6po_pktinfo =
2261 _MALLOC(sizeof(struct in6_pktinfo),
2262 M_IP6OPT, M_WAITOK);
2263 bcopy(CMSG_DATA(cm), opt->ip6po_pktinfo,
2264 sizeof(struct in6_pktinfo));
2265 } else
2266 opt->ip6po_pktinfo =
2267 (struct in6_pktinfo *)CMSG_DATA(cm);
2268 if (opt->ip6po_pktinfo->ipi6_ifindex &&
2269 IN6_IS_ADDR_LINKLOCAL(&opt->ip6po_pktinfo->ipi6_addr))
2270 opt->ip6po_pktinfo->ipi6_addr.s6_addr16[1] =
2271 htons(opt->ip6po_pktinfo->ipi6_ifindex);
2272
2273 if (opt->ip6po_pktinfo->ipi6_ifindex > if_index
2274 || opt->ip6po_pktinfo->ipi6_ifindex < 0) {
2275 return(ENXIO);
2276 }
2277
2278 /*
2279 * Check if the requested source address is indeed a
2280 * unicast address assigned to the node, and can be
2281 * used as the packet's source address.
2282 */
2283 if (!IN6_IS_ADDR_UNSPECIFIED(&opt->ip6po_pktinfo->ipi6_addr)) {
2284 struct in6_ifaddr *ia6;
2285 struct sockaddr_in6 sin6;
2286
2287 bzero(&sin6, sizeof(sin6));
2288 sin6.sin6_len = sizeof(sin6);
2289 sin6.sin6_family = AF_INET6;
2290 sin6.sin6_addr =
2291 opt->ip6po_pktinfo->ipi6_addr;
2292 ia6 = (struct in6_ifaddr *)ifa_ifwithaddr(sin6tosa(&sin6));
2293 if (ia6 == NULL ||
2294 (ia6->ia6_flags & (IN6_IFF_ANYCAST |
2295 IN6_IFF_NOTREADY)) != 0)
2296 return(EADDRNOTAVAIL);
2297 }
2298 break;
2299
2300 case IPV6_HOPLIMIT:
2301 if (cm->cmsg_len != CMSG_LEN(sizeof(int)))
2302 return(EINVAL);
2303
2304 opt->ip6po_hlim = *(int *)CMSG_DATA(cm);
2305 if (opt->ip6po_hlim < -1 || opt->ip6po_hlim > 255)
2306 return(EINVAL);
2307 break;
2308
2309 case IPV6_NEXTHOP:
2310 if (!priv)
2311 return(EPERM);
2312
2313 if (cm->cmsg_len < sizeof(u_char) ||
2314 /* check if cmsg_len is large enough for sa_len */
2315 cm->cmsg_len < CMSG_LEN(*CMSG_DATA(cm)))
2316 return(EINVAL);
2317
2318 if (needcopy) {
2319 opt->ip6po_nexthop =
2320 _MALLOC(*CMSG_DATA(cm),
2321 M_IP6OPT, M_WAITOK);
2322 bcopy(CMSG_DATA(cm),
2323 opt->ip6po_nexthop,
2324 *CMSG_DATA(cm));
2325 } else
2326 opt->ip6po_nexthop =
2327 (struct sockaddr *)CMSG_DATA(cm);
2328 break;
2329
2330 case IPV6_HOPOPTS:
2331 {
2332 struct ip6_hbh *hbh;
2333 int hbhlen;
2334
2335 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_hbh)))
2336 return(EINVAL);
2337 hbh = (struct ip6_hbh *)CMSG_DATA(cm);
2338 hbhlen = (hbh->ip6h_len + 1) << 3;
2339 if (cm->cmsg_len != CMSG_LEN(hbhlen))
2340 return(EINVAL);
2341
2342 if (needcopy) {
2343 opt->ip6po_hbh =
2344 _MALLOC(hbhlen, M_IP6OPT, M_WAITOK);
2345 bcopy(hbh, opt->ip6po_hbh, hbhlen);
2346 } else
2347 opt->ip6po_hbh = hbh;
2348 break;
2349 }
2350
2351 case IPV6_DSTOPTS:
2352 {
2353 struct ip6_dest *dest, **newdest;
2354 int destlen;
2355
2356 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_dest)))
2357 return(EINVAL);
2358 dest = (struct ip6_dest *)CMSG_DATA(cm);
2359 destlen = (dest->ip6d_len + 1) << 3;
2360 if (cm->cmsg_len != CMSG_LEN(destlen))
2361 return(EINVAL);
2362
2363 /*
2364 * The old advacned API is ambiguous on this
2365 * point. Our approach is to determine the
2366 * position based according to the existence
2367 * of a routing header. Note, however, that
2368 * this depends on the order of the extension
2369 * headers in the ancillary data; the 1st part
2370 * of the destination options header must
2371 * appear before the routing header in the
2372 * ancillary data, too.
2373 * RFC2292bis solved the ambiguity by
2374 * introducing separate cmsg types.
2375 */
2376 if (opt->ip6po_rthdr == NULL)
2377 newdest = &opt->ip6po_dest1;
2378 else
2379 newdest = &opt->ip6po_dest2;
2380
2381 if (needcopy) {
2382 *newdest = _MALLOC(destlen, M_IP6OPT, M_WAITOK);
2383 bcopy(dest, *newdest, destlen);
2384 } else
2385 *newdest = dest;
2386
2387 break;
2388 }
2389
2390 case IPV6_RTHDR:
2391 {
2392 struct ip6_rthdr *rth;
2393 int rthlen;
2394
2395 if (cm->cmsg_len < CMSG_LEN(sizeof(struct ip6_rthdr)))
2396 return(EINVAL);
2397 rth = (struct ip6_rthdr *)CMSG_DATA(cm);
2398 rthlen = (rth->ip6r_len + 1) << 3;
2399 if (cm->cmsg_len != CMSG_LEN(rthlen))
2400 return(EINVAL);
2401
2402 switch (rth->ip6r_type) {
2403 case IPV6_RTHDR_TYPE_0:
2404 /* must contain one addr */
2405 if (rth->ip6r_len == 0)
2406 return(EINVAL);
2407 /* length must be even */
2408 if (rth->ip6r_len % 2)
2409 return(EINVAL);
2410 if (rth->ip6r_len / 2 != rth->ip6r_segleft)
2411 return(EINVAL);
2412 break;
2413 default:
2414 return(EINVAL); /* not supported */
2415 }
2416
2417 if (needcopy) {
2418 opt->ip6po_rthdr = _MALLOC(rthlen, M_IP6OPT,
2419 M_WAITOK);
2420 bcopy(rth, opt->ip6po_rthdr, rthlen);
2421 } else
2422 opt->ip6po_rthdr = rth;
2423
2424 break;
2425 }
2426
2427 default:
2428 return(ENOPROTOOPT);
2429 }
2430 }
2431
2432 return(0);
2433 }
2434
2435 /*
2436 * Routine called from ip6_output() to loop back a copy of an IP6 multicast
2437 * packet to the input queue of a specified interface. Note that this
2438 * calls the output routine of the loopback "driver", but with an interface
2439 * pointer that might NOT be &loif -- easier than replicating that code here.
2440 */
2441 void
2442 ip6_mloopback(ifp, m, dst)
2443 struct ifnet *ifp;
2444 struct mbuf *m;
2445 struct sockaddr_in6 *dst;
2446 {
2447 struct mbuf *copym;
2448 struct ip6_hdr *ip6;
2449
2450 copym = m_copy(m, 0, M_COPYALL);
2451 if (copym == NULL)
2452 return;
2453
2454 /*
2455 * Make sure to deep-copy IPv6 header portion in case the data
2456 * is in an mbuf cluster, so that we can safely override the IPv6
2457 * header portion later.
2458 */
2459 if ((copym->m_flags & M_EXT) != 0 ||
2460 copym->m_len < sizeof(struct ip6_hdr)) {
2461 copym = m_pullup(copym, sizeof(struct ip6_hdr));
2462 if (copym == NULL)
2463 return;
2464 }
2465
2466 #if DIAGNOSTIC
2467 if (copym->m_len < sizeof(*ip6)) {
2468 m_freem(copym);
2469 return;
2470 }
2471 #endif
2472
2473 ip6 = mtod(copym, struct ip6_hdr *);
2474 #ifndef SCOPEDROUTING
2475 /*
2476 * clear embedded scope identifiers if necessary.
2477 * in6_clearscope will touch the addresses only when necessary.
2478 */
2479 in6_clearscope(&ip6->ip6_src);
2480 in6_clearscope(&ip6->ip6_dst);
2481 #endif
2482
2483 #ifdef __APPLE__
2484
2485 /* Makes sure the HW checksum flags are cleaned before sending the packet */
2486
2487 copym->m_pkthdr.rcvif = (struct ifnet *)0;
2488 copym->m_pkthdr.csum_data = 0;
2489 copym->m_pkthdr.csum_flags = 0;
2490
2491 if (lo_dl_tag == 0)
2492 dlil_find_dltag(APPLE_IF_FAM_LOOPBACK, 0, PF_INET, &lo_dl_tag);
2493
2494 if (lo_dl_tag)
2495 dlil_output(lo_dl_tag, copym, 0, (struct sockaddr *)&dst, 0);
2496 else
2497 m_free(copym);
2498 #else
2499 (void)if_simloop(ifp, copym, dst->sin6_family, NULL);
2500 #endif
2501 }
2502
2503 /*
2504 * Chop IPv6 header off from the payload.
2505 */
2506 static int
2507 ip6_splithdr(m, exthdrs)
2508 struct mbuf *m;
2509 struct ip6_exthdrs *exthdrs;
2510 {
2511 struct mbuf *mh;
2512 struct ip6_hdr *ip6;
2513
2514 ip6 = mtod(m, struct ip6_hdr *);
2515 if (m->m_len > sizeof(*ip6)) {
2516 MGETHDR(mh, M_DONTWAIT, MT_HEADER);
2517 if (mh == 0) {
2518 m_freem(m);
2519 return ENOBUFS;
2520 }
2521 M_COPY_PKTHDR(mh, m);
2522 MH_ALIGN(mh, sizeof(*ip6));
2523 m->m_flags &= ~M_PKTHDR;
2524 m->m_len -= sizeof(*ip6);
2525 m->m_data += sizeof(*ip6);
2526 mh->m_next = m;
2527 m = mh;
2528 m->m_len = sizeof(*ip6);
2529 bcopy((caddr_t)ip6, mtod(m, caddr_t), sizeof(*ip6));
2530 }
2531 exthdrs->ip6e_ip6 = m;
2532 return 0;
2533 }
2534
2535 /*
2536 * Compute IPv6 extension header length.
2537 */
2538 int
2539 ip6_optlen(in6p)
2540 struct in6pcb *in6p;
2541 {
2542 int len;
2543
2544 if (!in6p->in6p_outputopts)
2545 return 0;
2546
2547 len = 0;
2548 #define elen(x) \
2549 (((struct ip6_ext *)(x)) ? (((struct ip6_ext *)(x))->ip6e_len + 1) << 3 : 0)
2550
2551 len += elen(in6p->in6p_outputopts->ip6po_hbh);
2552 if (in6p->in6p_outputopts->ip6po_rthdr)
2553 /* dest1 is valid with rthdr only */
2554 len += elen(in6p->in6p_outputopts->ip6po_dest1);
2555 len += elen(in6p->in6p_outputopts->ip6po_rthdr);
2556 len += elen(in6p->in6p_outputopts->ip6po_dest2);
2557 return len;
2558 #undef elen
2559 }
mirror of XNU