int
udp6_input(struct mbuf **mp, int *offp, int proto)
{
struct mbuf *m = *mp;
struct ip6_hdr *ip6;
struct udphdr *uh;
struct inpcb *in6p;
struct mbuf *opts = NULL;
int off = *offp;
int plen, ulen;
struct sockaddr_in6 udp_in6;
struct socket *so;
struct inpcbinfo *pcbinfo = &udbinfo[0];
IP6_EXTHDR_CHECK(m, off, sizeof(struct udphdr), IPPROTO_DONE);
ip6 = mtod(m, struct ip6_hdr *);
udp_stat.udps_ipackets++;
plen = ntohs(ip6->ip6_plen) - off + sizeof(*ip6);
uh = (struct udphdr *)((caddr_t)ip6 + off);
ulen = ntohs((u_short)uh->uh_ulen);
if (plen != ulen) {
udp_stat.udps_badlen++;
goto bad;
}
/*
* Checksum extended UDP header and data.
*/
if (uh->uh_sum == 0)
udp_stat.udps_nosum++;
else if (in6_cksum(m, IPPROTO_UDP, off, ulen) != 0) {
udp_stat.udps_badsum++;
goto bad;
}
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
struct inpcb *last, *marker;
/*
* Deliver a multicast datagram to all sockets
* for which the local and remote addresses and ports match
* those of the incoming datagram. This allows more than
* one process to receive multicasts on the same port.
* (This really ought to be done for unicast datagrams as
* well, but that would cause problems with existing
* applications that open both address-specific sockets and
* a wildcard socket listening to the same port -- they would
* end up receiving duplicates of every unicast datagram.
* Those applications open the multiple sockets to overcome an
* inadequacy of the UDP socket interface, but for backwards
* compatibility we avoid the problem here rather than
* fixing the interface. Maybe 4.5BSD will remedy this?)
*/
/*
* In a case that laddr should be set to the link-local
* address (this happens in RIPng), the multicast address
* specified in the received packet does not match with
* laddr. To cure this situation, the matching is relaxed
* if the receiving interface is the same as one specified
* in the socket and if the destination multicast address
* matches one of the multicast groups specified in the socket.
*/
/*
* Construct sockaddr format source address.
*/
init_sin6(&udp_in6, m); /* general init */
udp_in6.sin6_port = uh->uh_sport;
/*
* KAME note: traditionally we dropped udpiphdr from mbuf here.
*/
/*
* Locate pcb(s) for datagram.
* (Algorithm copied from raw_intr().)
*/
last = NULL;
marker = in_pcbmarker();
GET_PCBINFO_TOKEN(pcbinfo);
LIST_INSERT_HEAD(&pcbinfo->pcblisthead, marker, inp_list);
while ((in6p = LIST_NEXT(marker, inp_list)) != NULL) {
LIST_REMOVE(marker, inp_list);
LIST_INSERT_AFTER(in6p, marker, inp_list);
if (in6p->inp_flags & INP_PLACEMARKER)
continue;
if (!INP_ISIPV6(in6p))
continue;
if (in6p->in6p_lport != uh->uh_dport)
continue;
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) {
if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_laddr,
&ip6->ip6_dst) &&
!in6_mcmatch(in6p, &ip6->ip6_dst,
m->m_pkthdr.rcvif))
continue;
}
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_faddr)) {
if (!IN6_ARE_ADDR_EQUAL(&in6p->in6p_faddr,
&ip6->ip6_src) ||
in6p->in6p_fport != uh->uh_sport)
continue;
}
if (last != NULL) {
struct mbuf *n;
if ((n = m_copy(m, 0, M_COPYALL)) != NULL) {
/*
* KAME NOTE: do not
* m_copy(m, offset, ...) above.
* ssb_appendaddr() expects M_PKTHDR,
* and m_copy() will copy M_PKTHDR
* only if offset is 0.
*/
so = last->in6p_socket;
if ((last->in6p_flags & IN6P_CONTROLOPTS) ||
(so->so_options & SO_TIMESTAMP)) {
ip6_savecontrol(last, &opts,
ip6, n);
}
m_adj(n, off + sizeof(struct udphdr));
lwkt_gettoken(&so->so_rcv.ssb_token);
if (ssb_appendaddr(&so->so_rcv,
(struct sockaddr *)&udp_in6,
n, opts) == 0) {
m_freem(n);
if (opts)
m_freem(opts);
udp_stat.udps_fullsock++;
} else {
sorwakeup(so);
}
lwkt_reltoken(&so->so_rcv.ssb_token);
opts = NULL;
}
}
last = in6p;
/*
* Don't look for additional matches if this one does
* not have either the SO_REUSEPORT or SO_REUSEADDR
* socket options set. This heuristic avoids searching
* through all pcbs in the common case of a non-shared
* port. It assumes that an application will never
* clear these options after setting them.
*/
if ((last->in6p_socket->so_options &
(SO_REUSEPORT | SO_REUSEADDR)) == 0)
break;
}
LIST_REMOVE(marker, inp_list);
REL_PCBINFO_TOKEN(pcbinfo);
if (last == NULL) {
/*
* No matching pcb found; discard datagram.
* (No need to send an ICMP Port Unreachable
* for a broadcast or multicast datgram.)
*/
udp_stat.udps_noport++;
udp_stat.udps_noportmcast++;
goto bad;
}
if (last->in6p_flags & IN6P_CONTROLOPTS
|| last->in6p_socket->so_options & SO_TIMESTAMP)
ip6_savecontrol(last, &opts, ip6, m);
m_adj(m, off + sizeof(struct udphdr));
so = last->in6p_socket;
lwkt_gettoken(&so->so_rcv.ssb_token);
if (ssb_appendaddr(&so->so_rcv, (struct sockaddr *)&udp_in6,
m, opts) == 0) {
udp_stat.udps_fullsock++;
lwkt_reltoken(&so->so_rcv.ssb_token);
goto bad;
}
sorwakeup(so);
lwkt_reltoken(&so->so_rcv.ssb_token);
return IPPROTO_DONE;
}
/*
* Locate pcb for datagram.
*/
in6p = in6_pcblookup_hash(pcbinfo, &ip6->ip6_src, uh->uh_sport,
&ip6->ip6_dst, uh->uh_dport, 1,
m->m_pkthdr.rcvif);
if (in6p == NULL) {
if (log_in_vain) {
char buf[INET6_ADDRSTRLEN];
strcpy(buf, ip6_sprintf(&ip6->ip6_dst));
log(LOG_INFO,
"Connection attempt to UDP [%s]:%d from [%s]:%d\n",
buf, ntohs(uh->uh_dport),
ip6_sprintf(&ip6->ip6_src), ntohs(uh->uh_sport));
}
udp_stat.udps_noport++;
if (m->m_flags & M_MCAST) {
kprintf("UDP6: M_MCAST is set in a unicast packet.\n");
udp_stat.udps_noportmcast++;
goto bad;
}
icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
return IPPROTO_DONE;
}
/*
* Construct sockaddr format source address.
* Stuff source address and datagram in user buffer.
*/
init_sin6(&udp_in6, m); /* general init */
udp_in6.sin6_port = uh->uh_sport;
if (in6p->in6p_flags & IN6P_CONTROLOPTS
|| in6p->in6p_socket->so_options & SO_TIMESTAMP)
ip6_savecontrol(in6p, &opts, ip6, m);
m_adj(m, off + sizeof(struct udphdr));
so = in6p->in6p_socket;
lwkt_gettoken(&so->so_rcv.ssb_token);
if (ssb_appendaddr(&so->so_rcv, (struct sockaddr *)&udp_in6,
m, opts) == 0) {
udp_stat.udps_fullsock++;
lwkt_reltoken(&so->so_rcv.ssb_token);
goto bad;
}
sorwakeup(so);
lwkt_reltoken(&so->so_rcv.ssb_token);
return IPPROTO_DONE;
bad:
if (m)
m_freem(m);
if (opts)
m_freem(opts);
return IPPROTO_DONE;
}
int
udp6_input(struct mbuf **mp, int *offp, int proto)
{
struct mbuf *m = *mp;
struct ifnet *ifp;
struct ip6_hdr *ip6;
struct udphdr *uh;
struct inpcb *inp;
struct inpcbinfo *pcbinfo;
struct udpcb *up;
int off = *offp;
int cscov_partial;
int plen, ulen;
struct sockaddr_in6 fromsa;
struct m_tag *fwd_tag;
uint16_t uh_sum;
uint8_t nxt;
ifp = m->m_pkthdr.rcvif;
ip6 = mtod(m, struct ip6_hdr *);
#ifndef PULLDOWN_TEST
IP6_EXTHDR_CHECK(m, off, sizeof(struct udphdr), IPPROTO_DONE);
ip6 = mtod(m, struct ip6_hdr *);
uh = (struct udphdr *)((caddr_t)ip6 + off);
#else
IP6_EXTHDR_GET(uh, struct udphdr *, m, off, sizeof(*uh));
if (!uh)
return (IPPROTO_DONE);
#endif
UDPSTAT_INC(udps_ipackets);
/*
* Destination port of 0 is illegal, based on RFC768.
*/
if (uh->uh_dport == 0)
goto badunlocked;
plen = ntohs(ip6->ip6_plen) - off + sizeof(*ip6);
ulen = ntohs((u_short)uh->uh_ulen);
nxt = ip6->ip6_nxt;
cscov_partial = (nxt == IPPROTO_UDPLITE) ? 1 : 0;
if (nxt == IPPROTO_UDPLITE) {
/* Zero means checksum over the complete packet. */
if (ulen == 0)
ulen = plen;
if (ulen == plen)
cscov_partial = 0;
if ((ulen < sizeof(struct udphdr)) || (ulen > plen)) {
/* XXX: What is the right UDPLite MIB counter? */
goto badunlocked;
}
if (uh->uh_sum == 0) {
/* XXX: What is the right UDPLite MIB counter? */
goto badunlocked;
}
} else {
if ((ulen < sizeof(struct udphdr)) || (plen != ulen)) {
UDPSTAT_INC(udps_badlen);
goto badunlocked;
}
if (uh->uh_sum == 0) {
UDPSTAT_INC(udps_nosum);
goto badunlocked;
}
}
if ((m->m_pkthdr.csum_flags & CSUM_DATA_VALID_IPV6) &&
!cscov_partial) {
if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR)
uh_sum = m->m_pkthdr.csum_data;
else
uh_sum = in6_cksum_pseudo(ip6, ulen, nxt,
m->m_pkthdr.csum_data);
uh_sum ^= 0xffff;
} else
uh_sum = in6_cksum_partial(m, nxt, off, plen, ulen);
if (uh_sum != 0) {
UDPSTAT_INC(udps_badsum);
goto badunlocked;
}
/*
* Construct sockaddr format source address.
*/
init_sin6(&fromsa, m);
fromsa.sin6_port = uh->uh_sport;
pcbinfo = udp_get_inpcbinfo(nxt);
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
struct inpcb *last;
struct inpcbhead *pcblist;
struct ip6_moptions *imo;
INP_INFO_RLOCK(pcbinfo);
/*
* In the event that laddr should be set to the link-local
* address (this happens in RIPng), the multicast address
* specified in the received packet will not match laddr. To
* handle this situation, matching is relaxed if the
* receiving interface is the same as one specified in the
* socket and if the destination multicast address matches
* one of the multicast groups specified in the socket.
*/
/*
* KAME note: traditionally we dropped udpiphdr from mbuf
* here. We need udphdr for IPsec processing so we do that
* later.
*/
pcblist = udp_get_pcblist(nxt);
last = NULL;
LIST_FOREACH(inp, pcblist, inp_list) {
if ((inp->inp_vflag & INP_IPV6) == 0)
continue;
if (inp->inp_lport != uh->uh_dport)
continue;
if (inp->inp_fport != 0 &&
inp->inp_fport != uh->uh_sport)
continue;
if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_laddr)) {
if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr,
&ip6->ip6_dst))
continue;
}
if (!IN6_IS_ADDR_UNSPECIFIED(&inp->in6p_faddr)) {
if (!IN6_ARE_ADDR_EQUAL(&inp->in6p_faddr,
&ip6->ip6_src) ||
inp->inp_fport != uh->uh_sport)
continue;
}
/*
* XXXRW: Because we weren't holding either the inpcb
* or the hash lock when we checked for a match
* before, we should probably recheck now that the
* inpcb lock is (supposed to be) held.
*/
/*
* Handle socket delivery policy for any-source
* and source-specific multicast. [RFC3678]
*/
imo = inp->in6p_moptions;
if (imo && IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
struct sockaddr_in6 mcaddr;
int blocked;
INP_RLOCK(inp);
bzero(&mcaddr, sizeof(struct sockaddr_in6));
mcaddr.sin6_len = sizeof(struct sockaddr_in6);
mcaddr.sin6_family = AF_INET6;
mcaddr.sin6_addr = ip6->ip6_dst;
blocked = im6o_mc_filter(imo, ifp,
(struct sockaddr *)&mcaddr,
(struct sockaddr *)&fromsa);
if (blocked != MCAST_PASS) {
if (blocked == MCAST_NOTGMEMBER)
IP6STAT_INC(ip6s_notmember);
if (blocked == MCAST_NOTSMEMBER ||
blocked == MCAST_MUTED)
UDPSTAT_INC(udps_filtermcast);
INP_RUNLOCK(inp); /* XXX */
continue;
}
INP_RUNLOCK(inp);
}
if (last != NULL) {
struct mbuf *n;
if ((n = m_copy(m, 0, M_COPYALL)) != NULL) {
INP_RLOCK(last);
UDP_PROBE(receive, NULL, last, ip6,
last, uh);
if (udp6_append(last, n, off, &fromsa))
goto inp_lost;
INP_RUNLOCK(last);
}
}
last = inp;
/*
* Don't look for additional matches if this one does
* not have either the SO_REUSEPORT or SO_REUSEADDR
* socket options set. This heuristic avoids
* searching through all pcbs in the common case of a
* non-shared port. It assumes that an application
* will never clear these options after setting them.
*/
if ((last->inp_socket->so_options &
(SO_REUSEPORT|SO_REUSEADDR)) == 0)
break;
}
if (last == NULL) {
/*
* No matching pcb found; discard datagram. (No need
* to send an ICMP Port Unreachable for a broadcast
* or multicast datgram.)
*/
UDPSTAT_INC(udps_noport);
UDPSTAT_INC(udps_noportmcast);
goto badheadlocked;
}
INP_RLOCK(last);
INP_INFO_RUNLOCK(pcbinfo);
UDP_PROBE(receive, NULL, last, ip6, last, uh);
if (udp6_append(last, m, off, &fromsa) == 0)
INP_RUNLOCK(last);
inp_lost:
return (IPPROTO_DONE);
}
/*
* Locate pcb for datagram.
*/
/*
* Grab info from PACKET_TAG_IPFORWARD tag prepended to the chain.
*/
if ((m->m_flags & M_IP6_NEXTHOP) &&
(fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL) {
struct sockaddr_in6 *next_hop6;
next_hop6 = (struct sockaddr_in6 *)(fwd_tag + 1);
/*
* Transparently forwarded. Pretend to be the destination.
* Already got one like this?
*/
inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_src,
uh->uh_sport, &ip6->ip6_dst, uh->uh_dport,
INPLOOKUP_RLOCKPCB, m->m_pkthdr.rcvif, m);
if (!inp) {
/*
* It's new. Try to find the ambushing socket.
* Because we've rewritten the destination address,
* any hardware-generated hash is ignored.
*/
inp = in6_pcblookup(pcbinfo, &ip6->ip6_src,
uh->uh_sport, &next_hop6->sin6_addr,
next_hop6->sin6_port ? htons(next_hop6->sin6_port) :
uh->uh_dport, INPLOOKUP_WILDCARD |
INPLOOKUP_RLOCKPCB, m->m_pkthdr.rcvif);
}
/* Remove the tag from the packet. We don't need it anymore. */
m_tag_delete(m, fwd_tag);
m->m_flags &= ~M_IP6_NEXTHOP;
} else
inp = in6_pcblookup_mbuf(pcbinfo, &ip6->ip6_src,
uh->uh_sport, &ip6->ip6_dst, uh->uh_dport,
INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB,
m->m_pkthdr.rcvif, m);
if (inp == NULL) {
if (udp_log_in_vain) {
char ip6bufs[INET6_ADDRSTRLEN];
char ip6bufd[INET6_ADDRSTRLEN];
log(LOG_INFO,
"Connection attempt to UDP [%s]:%d from [%s]:%d\n",
ip6_sprintf(ip6bufd, &ip6->ip6_dst),
ntohs(uh->uh_dport),
ip6_sprintf(ip6bufs, &ip6->ip6_src),
ntohs(uh->uh_sport));
}
UDPSTAT_INC(udps_noport);
if (m->m_flags & M_MCAST) {
printf("UDP6: M_MCAST is set in a unicast packet.\n");
UDPSTAT_INC(udps_noportmcast);
goto badunlocked;
}
if (V_udp_blackhole)
goto badunlocked;
if (badport_bandlim(BANDLIM_ICMP6_UNREACH) < 0)
goto badunlocked;
icmp6_error(m, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOPORT, 0);
return (IPPROTO_DONE);
}
INP_RLOCK_ASSERT(inp);
up = intoudpcb(inp);
if (cscov_partial) {
if (up->u_rxcslen == 0 || up->u_rxcslen > ulen) {
INP_RUNLOCK(inp);
m_freem(m);
return (IPPROTO_DONE);
}
}
UDP_PROBE(receive, NULL, inp, ip6, inp, uh);
if (udp6_append(inp, m, off, &fromsa) == 0)
INP_RUNLOCK(inp);
return (IPPROTO_DONE);
badheadlocked:
INP_INFO_RUNLOCK(pcbinfo);
badunlocked:
if (m)
m_freem(m);
return (IPPROTO_DONE);
}
void
ip6_forward(struct mbuf *m, int srcrt)
{
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
struct sockaddr_in6 *dst;
struct rtentry *rt;
int error = 0, type = 0, code = 0;
struct mbuf *mcopy = NULL;
struct ifnet *origifp; /* maybe unnecessary */
#ifdef IPSEC
u_int8_t sproto = 0;
struct m_tag *mtag;
union sockaddr_union sdst;
struct tdb_ident *tdbi;
u_int32_t sspi;
struct tdb *tdb;
int s;
#endif /* IPSEC */
u_int rtableid = 0;
/*
* Do not forward packets to multicast destination (should be handled
* by ip6_mforward().
* Do not forward packets with unspecified source. It was discussed
* in July 2000, on ipngwg mailing list.
*/
if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
ip6stat.ip6s_cantforward++;
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
if (ip6_log_time + ip6_log_interval < time_second) {
ip6_log_time = time_second;
log(LOG_DEBUG,
"cannot forward "
"from %s to %s nxt %d received on %s\n",
ip6_sprintf(&ip6->ip6_src),
ip6_sprintf(&ip6->ip6_dst),
ip6->ip6_nxt,
m->m_pkthdr.rcvif->if_xname);
}
m_freem(m);
return;
}
if (ip6->ip6_hlim <= IPV6_HLIMDEC) {
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
icmp6_error(m, ICMP6_TIME_EXCEEDED,
ICMP6_TIME_EXCEED_TRANSIT, 0);
return;
}
ip6->ip6_hlim -= IPV6_HLIMDEC;
#if NPF > 0
reroute:
#endif
#ifdef IPSEC
if (!ipsec_in_use)
goto done_spd;
s = splnet();
/*
* Check if there was an outgoing SA bound to the flow
* from a transport protocol.
*/
/* Do we have any pending SAs to apply ? */
mtag = m_tag_find(m, PACKET_TAG_IPSEC_PENDING_TDB, NULL);
if (mtag != NULL) {
#ifdef DIAGNOSTIC
if (mtag->m_tag_len != sizeof (struct tdb_ident))
panic("ip6_forward: tag of length %d (should be %d",
mtag->m_tag_len, sizeof (struct tdb_ident));
#endif
tdbi = (struct tdb_ident *)(mtag + 1);
tdb = gettdb(tdbi->spi, &tdbi->dst, tdbi->proto);
if (tdb == NULL)
error = -EINVAL;
m_tag_delete(m, mtag);
} else
tdb = ipsp_spd_lookup(m, AF_INET6, sizeof(struct ip6_hdr),
&error, IPSP_DIRECTION_OUT, NULL, NULL);
if (tdb == NULL) {
splx(s);
if (error == 0) {
/*
* No IPsec processing required, we'll just send the
* packet out.
*/
sproto = 0;
/* Fall through to routing/multicast handling */
} else {
/*
* -EINVAL is used to indicate that the packet should
* be silently dropped, typically because we've asked
* key management for an SA.
*/
if (error == -EINVAL) /* Should silently drop packet */
error = 0;
goto freecopy;
}
} else {
/* Loop detection */
for (mtag = m_tag_first(m); mtag != NULL;
mtag = m_tag_next(m, mtag)) {
if (mtag->m_tag_id != PACKET_TAG_IPSEC_OUT_DONE &&
mtag->m_tag_id !=
PACKET_TAG_IPSEC_OUT_CRYPTO_NEEDED)
continue;
tdbi = (struct tdb_ident *)(mtag + 1);
if (tdbi->spi == tdb->tdb_spi &&
tdbi->proto == tdb->tdb_sproto &&
!bcmp(&tdbi->dst, &tdb->tdb_dst,
sizeof(union sockaddr_union))) {
splx(s);
sproto = 0; /* mark as no-IPsec-needed */
goto done_spd;
}
}
/* We need to do IPsec */
bcopy(&tdb->tdb_dst, &sdst, sizeof(sdst));
sspi = tdb->tdb_spi;
sproto = tdb->tdb_sproto;
splx(s);
}
/* Fall through to the routing/multicast handling code */
done_spd:
#endif /* IPSEC */
#if NPF > 0
rtableid = m->m_pkthdr.rdomain;
#endif
/*
* Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU -
* size of IPv6 + ICMPv6 headers) bytes of the packet in case
* we need to generate an ICMP6 message to the src.
* Thanks to M_EXT, in most cases copy will not occur.
*
* It is important to save it before IPsec processing as IPsec
* processing may modify the mbuf.
*/
mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));
dst = &ip6_forward_rt.ro_dst;
if (!srcrt) {
/*
* ip6_forward_rt.ro_dst.sin6_addr is equal to ip6->ip6_dst
*/
if (ip6_forward_rt.ro_rt == 0 ||
(ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0 ||
ip6_forward_rtableid != rtableid) {
if (ip6_forward_rt.ro_rt) {
RTFREE(ip6_forward_rt.ro_rt);
ip6_forward_rt.ro_rt = 0;
}
/* this probably fails but give it a try again */
rtalloc_mpath((struct route *)&ip6_forward_rt,
&ip6->ip6_src.s6_addr32[0], rtableid);
ip6_forward_rtableid = rtableid;
}
if (ip6_forward_rt.ro_rt == 0) {
ip6stat.ip6s_noroute++;
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_noroute) */
if (mcopy) {
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_NOROUTE, 0);
}
m_freem(m);
return;
}
} else if (ip6_forward_rt.ro_rt == 0 ||
(ip6_forward_rt.ro_rt->rt_flags & RTF_UP) == 0 ||
!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr) ||
ip6_forward_rtableid != rtableid) {
if (ip6_forward_rt.ro_rt) {
RTFREE(ip6_forward_rt.ro_rt);
ip6_forward_rt.ro_rt = 0;
}
bzero(dst, sizeof(*dst));
dst->sin6_len = sizeof(struct sockaddr_in6);
dst->sin6_family = AF_INET6;
dst->sin6_addr = ip6->ip6_dst;
rtalloc_mpath((struct route *)&ip6_forward_rt,
&ip6->ip6_src.s6_addr32[0], rtableid);
ip6_forward_rtableid = rtableid;
if (ip6_forward_rt.ro_rt == 0) {
ip6stat.ip6s_noroute++;
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_noroute) */
if (mcopy) {
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_NOROUTE, 0);
}
m_freem(m);
return;
}
}
rt = ip6_forward_rt.ro_rt;
/*
* Scope check: if a packet can't be delivered to its destination
* for the reason that the destination is beyond the scope of the
* source address, discard the packet and return an icmp6 destination
* unreachable error with Code 2 (beyond scope of source address).
* [draft-ietf-ipngwg-icmp-v3-00.txt, Section 3.1]
*/
if (in6_addr2scopeid(m->m_pkthdr.rcvif, &ip6->ip6_src) !=
in6_addr2scopeid(rt->rt_ifp, &ip6->ip6_src)) {
ip6stat.ip6s_cantforward++;
ip6stat.ip6s_badscope++;
in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard);
if (ip6_log_time + ip6_log_interval < time_second) {
ip6_log_time = time_second;
log(LOG_DEBUG,
"cannot forward "
"src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
ip6_sprintf(&ip6->ip6_src),
ip6_sprintf(&ip6->ip6_dst),
ip6->ip6_nxt,
m->m_pkthdr.rcvif->if_xname, rt->rt_ifp->if_xname);
}
if (mcopy)
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_BEYONDSCOPE, 0);
m_freem(m);
goto freert;
}
#ifdef IPSEC
/*
* Check if the packet needs encapsulation.
* ipsp_process_packet will never come back to here.
* XXX ipsp_process_packet() calls ip6_output(), and there'll be no
* PMTU notification. is it okay?
*/
if (sproto != 0) {
s = splnet();
#if NPF > 0
if (pf_test6(PF_OUT, &encif[0].sc_if, &m, NULL) != PF_PASS) {
splx(s);
error = EHOSTUNREACH;
m_freem(m);
goto senderr;
}
if (m == NULL) {
splx(s);
goto senderr;
}
ip6 = mtod(m, struct ip6_hdr *);
/*
* PF_TAG_REROUTE handling or not...
* Packet is entering IPsec so the routing is
* already overruled by the IPsec policy.
* Until now the change was not reconsidered.
* What's the behaviour?
*/
#endif
tdb = gettdb(sspi, &sdst, sproto);
if (tdb == NULL) {
splx(s);
error = EHOSTUNREACH;
m_freem(m);
goto senderr; /*XXX*/
}
m->m_flags &= ~(M_BCAST | M_MCAST); /* just in case */
/* Callee frees mbuf */
error = ipsp_process_packet(m, tdb, AF_INET6, 0);
splx(s);
m_freem(mcopy);
goto freert;
}
/*
* Kalman filter process
*/
static PyObject *
kf_process(PyObject *self, PyObject *args, PyObject *kws)
{
MatrixObject *A, *B, *C, *D, *x0, *P0, *Q, *R, *x, *P;
Float *x_est, *y_est, *P_est;
PyObject *out, *tmp, *tmp1, *x_est_out, *y_est_out, *P_est_out, *result;
PyObject *mupdate_callback = NULL, *arglist;
int i, j, k, n, p, q, datalength;
MatrixObject *y, *u;
static char *kwlist[] = {"A", "B", "C", "D", "y", "u", "x0", "P0", "Q", "R", "mupdate_callback", NULL};
if (!PyArg_ParseTupleAndKeywords(args, kws, "O!O!O!O!O!O!O!O!O!O!|O:set_callback", kwlist,
&MatrixType, &A,
&MatrixType, &B,
&MatrixType, &C,
&MatrixType, &D,
&MatrixType, &y,
&MatrixType, &u,
&MatrixType, &x0,
&MatrixType, &P0,
&MatrixType, &Q,
&MatrixType, &R,
&mupdate_callback))
return NULL;
if (A->rows != A->cols) {
PyErr_SetString(PyExc_ValueError, "A must be a square matrix");
return NULL;
}
n = A->rows;
p = B->cols;
q = C->rows;
if (B->rows != n) {
PyErr_SetString(PyExc_ValueError, "B must be Nxp matrix");
return NULL;
}
if (C->cols != n) {
PyErr_SetString(PyExc_ValueError, "C must be qxN matrix");
return NULL;
}
if (D->rows != p || D->cols != q) {
PyErr_SetString(PyExc_ValueError, "D must be pxq matrix");
return NULL;
}
datalength = y->cols;
if (y->cols != u->cols) {
PyErr_SetString(PyExc_ValueError, "y and u data lengths does not match");
return NULL;
}
if (y->rows != q) {
PyErr_SetString(PyExc_ValueError, "y must be qxlength matrix");
return NULL;
}
if (u->rows != p) {
PyErr_SetString(PyExc_ValueError, "u must be pxlength matrix");
return NULL;
}
if (x0->rows != n || x0->cols != 1) {
PyErr_SetString(PyExc_ValueError, "x0 must be Nx1 matrix");
return NULL;
}
if (P0->rows != n || P0->cols != n) {
PyErr_SetString(PyExc_ValueError, "P0 must be NxN matrix");
return NULL;
}
if (Q->rows != n || Q->cols != n) {
PyErr_SetString(PyExc_ValueError, "Q must be NxN matrix");
return NULL;
}
if (R->rows != q || R->cols != q) {
PyErr_SetString(PyExc_ValueError, "R must be qxq matrix");
return NULL;
}
if (!PyCallable_Check(mupdate_callback)) {
if (mupdate_callback != NULL) {
PyErr_SetString(PyExc_TypeError, "parameter must be callable");
return NULL;
}
}
x_est = m_new(n, datalength);
y_est = m_new(n, datalength);
P_est = m_new(n, n*datalength);
if (mupdate_callback != NULL) {
Py_XINCREF(mupdate_callback); // Add a reference to new callback
x = matrix_new(n, 1);
P = matrix_new(n, n);
// initialize x and P
m_copy(x->data, x0->data, n, 1);
m_copy(P->data, P0->data, n, n);
for (i=0; i<datalength; i++) {
tick(A->data, B->data, C->data, D->data,
n, p, q,
y->data+i*q, u->data+i*p,
x->data, P->data,
Q->data, R->data,
x_est+i*n, y_est+i*q, P_est+i*n*n);
// copy x and P values into output array
m_copy(x->data, x_est+i*n, n, 1);
m_copy(P->data, P_est+i*n*n, n, n);
// update the matrixes
arglist = Py_BuildValue("(i, O, O, O, O, O)", i, A, B, C, D, x);
result = PyEval_CallObject(mupdate_callback, arglist);
Py_DECREF(arglist);
}
Py_DECREF(x);
Py_DECREF(P);
} else { // model update not needed
process(A->data, B->data, C->data, D->data,
n, p, q, y->data, u->data, x0->data, P0->data, Q->data, R->data, datalength,
x_est, y_est, P_est);
}
// create lists from matrixes
x_est_out = PyList_New(datalength);
for (i=0; i<datalength; i++) {
tmp = PyList_New(n);
for (j=0; j<n; j++) {
PyList_SetItem(tmp, j, PyFloat_FromDouble( *(x_est+i*n+j) ));
}
PyList_SetItem(x_est_out, i, tmp);
}
y_est_out = PyList_New(datalength);
for (i=0; i<datalength; i++) {
tmp = PyFloat_FromDouble( *(y_est+i) );
PyList_SetItem(y_est_out, i, tmp);
}
P_est_out = PyList_New(datalength);
for (i=0; i<datalength; i++) {
tmp = PyList_New(n);
for (j=0; j<n; j++) {
tmp1 = PyList_New(n);
for (k=0; k<n; k++) {
PyList_SetItem(tmp1, k, PyFloat_FromDouble( *(x_est+i*n+j*n+k) ));
}
PyList_SetItem(tmp, j, tmp1);
}
tmp = PyFloat_FromDouble( *(P_est+i) );
PyList_SetItem(P_est_out, i, tmp);
}
m_free(x_est);
m_free(y_est);
m_free(P_est);
out = PyTuple_New(3);
PyTuple_SetItem(out, 0, x_est_out);
PyTuple_SetItem(out, 1, y_est_out);
PyTuple_SetItem(out, 2, P_est_out);
Py_INCREF(out); // TODO add Py_INCREF every time when returning object from fnc
return out;
}
struct mbuf *
ip6_forward(struct mbuf *m, struct route_in6 *ip6forward_rt,
int srcrt)
{
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
struct sockaddr_in6 *dst;
struct rtentry *rt;
int error, type = 0, code = 0;
boolean_t proxy = FALSE;
struct mbuf *mcopy = NULL;
struct ifnet *ifp, *rcvifp, *origifp; /* maybe unnecessary */
u_int32_t inzone, outzone, len;
struct in6_addr src_in6, dst_in6;
uint64_t curtime = net_uptime();
#if IPSEC
struct secpolicy *sp = NULL;
#endif
unsigned int ifscope = IFSCOPE_NONE;
#if PF
struct pf_mtag *pf_mtag;
#endif /* PF */
/*
* In the prefix proxying case, the route to the proxied node normally
* gets created by nd6_prproxy_ns_output(), as part of forwarding a
* NS (NUD/AR) packet to the proxied node. In the event that such
* packet did not arrive in time before the correct route gets created,
* ip6_input() would have performed a rtalloc() which most likely will
* create the wrong cloned route; this route points back to the same
* interface as the inbound interface, since the parent non-scoped
* prefix route points there. Therefore we check if that is the case
* and perform the necessary fixup to get the correct route installed.
*/
if (!srcrt && nd6_prproxy &&
(rt = ip6forward_rt->ro_rt) != NULL && (rt->rt_flags & RTF_PROXY)) {
nd6_proxy_find_fwdroute(m->m_pkthdr.rcvif, ip6forward_rt);
if ((rt = ip6forward_rt->ro_rt) != NULL)
ifscope = rt->rt_ifp->if_index;
}
#if PF
pf_mtag = pf_find_mtag(m);
if (pf_mtag != NULL && pf_mtag->pftag_rtableid != IFSCOPE_NONE)
ifscope = pf_mtag->pftag_rtableid;
/*
* If the caller provides a route which is on a different interface
* than the one specified for scoped forwarding, discard the route
* and do a lookup below.
*/
if (ifscope != IFSCOPE_NONE && (rt = ip6forward_rt->ro_rt) != NULL) {
RT_LOCK(rt);
if (rt->rt_ifp->if_index != ifscope) {
RT_UNLOCK(rt);
ROUTE_RELEASE(ip6forward_rt);
rt = NULL;
} else {
RT_UNLOCK(rt);
}
}
#endif /* PF */
#if IPSEC
/*
* Check AH/ESP integrity.
*/
/*
* Don't increment ip6s_cantforward because this is the check
* before forwarding packet actually.
*/
if (ipsec_bypass == 0) {
if (ipsec6_in_reject(m, NULL)) {
IPSEC_STAT_INCREMENT(ipsec6stat.in_polvio);
m_freem(m);
return (NULL);
}
}
#endif /*IPSEC*/
/*
* Do not forward packets to multicast destination.
* Do not forward packets with unspecified source. It was discussed
* in July 2000, on ipngwg mailing list.
*/
if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
ip6stat.ip6s_cantforward++;
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
if (ip6_log_time + ip6_log_interval < curtime) {
ip6_log_time = curtime;
log(LOG_DEBUG,
"cannot forward "
"from %s to %s nxt %d received on %s\n",
ip6_sprintf(&ip6->ip6_src),
ip6_sprintf(&ip6->ip6_dst),
ip6->ip6_nxt,
if_name(m->m_pkthdr.rcvif));
}
m_freem(m);
return (NULL);
}
if (ip6->ip6_hlim <= IPV6_HLIMDEC) {
/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
icmp6_error(m, ICMP6_TIME_EXCEEDED,
ICMP6_TIME_EXCEED_TRANSIT, 0);
return (NULL);
}
/*
* See if the destination is a proxied address, and if so pretend
* that it's for us. This is mostly to handle NUD probes against
* the proxied addresses. We filter for ICMPv6 here and will let
* icmp6_input handle the rest.
*/
if (!srcrt && nd6_prproxy) {
VERIFY(!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst));
proxy = nd6_prproxy_isours(m, ip6, ip6forward_rt, ifscope);
/*
* Don't update hop limit while proxying; RFC 4389 4.1.
* Also skip IPsec forwarding path processing as this
* packet is not to be forwarded.
*/
if (proxy)
goto skip_ipsec;
}
ip6->ip6_hlim -= IPV6_HLIMDEC;
/*
* Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU -
* size of IPv6 + ICMPv6 headers) bytes of the packet in case
* we need to generate an ICMP6 message to the src.
* Thanks to M_EXT, in most cases copy will not occur.
*
* It is important to save it before IPsec processing as IPsec
* processing may modify the mbuf.
*/
mcopy = m_copy(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN));
#if IPSEC
if (ipsec_bypass != 0)
goto skip_ipsec;
/* get a security policy for this packet */
sp = ipsec6_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, IP_FORWARDING,
&error);
if (sp == NULL) {
IPSEC_STAT_INCREMENT(ipsec6stat.out_inval);
ip6stat.ip6s_cantforward++;
if (mcopy) {
#if 0
/* XXX: what icmp ? */
#else
m_freem(mcopy);
#endif
}
m_freem(m);
return (NULL);
}
error = 0;
/* check policy */
switch (sp->policy) {
case IPSEC_POLICY_DISCARD:
case IPSEC_POLICY_GENERATE:
/*
* This packet is just discarded.
*/
IPSEC_STAT_INCREMENT(ipsec6stat.out_polvio);
ip6stat.ip6s_cantforward++;
key_freesp(sp, KEY_SADB_UNLOCKED);
if (mcopy) {
#if 0
/* XXX: what icmp ? */
#else
m_freem(mcopy);
#endif
}
m_freem(m);
return (NULL);
case IPSEC_POLICY_BYPASS:
case IPSEC_POLICY_NONE:
/* no need to do IPsec. */
key_freesp(sp, KEY_SADB_UNLOCKED);
goto skip_ipsec;
case IPSEC_POLICY_IPSEC:
if (sp->req == NULL) {
/* XXX should be panic ? */
printf("ip6_forward: No IPsec request specified.\n");
ip6stat.ip6s_cantforward++;
key_freesp(sp, KEY_SADB_UNLOCKED);
if (mcopy) {
#if 0
/* XXX: what icmp ? */
#else
m_freem(mcopy);
#endif
}
m_freem(m);
return (NULL);
}
/* do IPsec */
break;
case IPSEC_POLICY_ENTRUST:
default:
/* should be panic ?? */
printf("ip6_forward: Invalid policy found. %d\n", sp->policy);
key_freesp(sp, KEY_SADB_UNLOCKED);
goto skip_ipsec;
}
{
struct ipsec_output_state state;
/*
* All the extension headers will become inaccessible
* (since they can be encrypted).
* Don't panic, we need no more updates to extension headers
* on inner IPv6 packet (since they are now encapsulated).
*
* IPv6 [ESP|AH] IPv6 [extension headers] payload
*/
bzero(&state, sizeof(state));
state.m = m;
state.dst = NULL; /* update at ipsec6_output_tunnel() */
error = ipsec6_output_tunnel(&state, sp, 0);
key_freesp(sp, KEY_SADB_UNLOCKED);
if (state.tunneled == 4) {
ROUTE_RELEASE(&state.ro);
return (NULL); /* packet is gone - sent over IPv4 */
}
m = state.m;
ROUTE_RELEASE(&state.ro);
if (error) {
/* mbuf is already reclaimed in ipsec6_output_tunnel. */
switch (error) {
case EHOSTUNREACH:
case ENETUNREACH:
case EMSGSIZE:
case ENOBUFS:
case ENOMEM:
break;
default:
printf("ip6_output (ipsec): error code %d\n", error);
/* fall through */
case ENOENT:
/* don't show these error codes to the user */
break;
}
ip6stat.ip6s_cantforward++;
if (mcopy) {
#if 0
/* XXX: what icmp ? */
#else
m_freem(mcopy);
#endif
}
m_freem(m);
return (NULL);
}
}
#endif /* IPSEC */
skip_ipsec:
dst = (struct sockaddr_in6 *)&ip6forward_rt->ro_dst;
if ((rt = ip6forward_rt->ro_rt) != NULL) {
RT_LOCK(rt);
/* Take an extra ref for ourselves */
RT_ADDREF_LOCKED(rt);
}
VERIFY(rt == NULL || rt == ip6forward_rt->ro_rt);
if (!srcrt) {
/*
* ip6forward_rt->ro_dst.sin6_addr is equal to ip6->ip6_dst
*/
if (ROUTE_UNUSABLE(ip6forward_rt)) {
if (rt != NULL) {
/* Release extra ref */
RT_REMREF_LOCKED(rt);
RT_UNLOCK(rt);
}
ROUTE_RELEASE(ip6forward_rt);
/* this probably fails but give it a try again */
rtalloc_scoped_ign((struct route *)ip6forward_rt,
RTF_PRCLONING, ifscope);
if ((rt = ip6forward_rt->ro_rt) != NULL) {
RT_LOCK(rt);
/* Take an extra ref for ourselves */
RT_ADDREF_LOCKED(rt);
}
}
if (rt == NULL) {
ip6stat.ip6s_noroute++;
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute);
if (mcopy)
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_NOROUTE, 0);
m_freem(m);
return (NULL);
}
RT_LOCK_ASSERT_HELD(rt);
} else if (ROUTE_UNUSABLE(ip6forward_rt) ||
!IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst->sin6_addr)) {
if (rt != NULL) {
/* Release extra ref */
RT_REMREF_LOCKED(rt);
RT_UNLOCK(rt);
}
ROUTE_RELEASE(ip6forward_rt);
bzero(dst, sizeof(*dst));
dst->sin6_len = sizeof(struct sockaddr_in6);
dst->sin6_family = AF_INET6;
dst->sin6_addr = ip6->ip6_dst;
rtalloc_scoped_ign((struct route *)ip6forward_rt,
RTF_PRCLONING, ifscope);
if ((rt = ip6forward_rt->ro_rt) == NULL) {
ip6stat.ip6s_noroute++;
in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute);
if (mcopy)
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_NOROUTE, 0);
m_freem(m);
return (NULL);
}
RT_LOCK(rt);
/* Take an extra ref for ourselves */
RT_ADDREF_LOCKED(rt);
}
/*
* Source scope check: if a packet can't be delivered to its
* destination for the reason that the destination is beyond the scope
* of the source address, discard the packet and return an icmp6
* destination unreachable error with Code 2 (beyond scope of source
* address) unless we are proxying (source address is link local
* for NUDs.) We use a local copy of ip6_src, since in6_setscope()
* will possibly modify its first argument.
* [draft-ietf-ipngwg-icmp-v3-04.txt, Section 3.1]
*/
src_in6 = ip6->ip6_src;
if (in6_setscope(&src_in6, rt->rt_ifp, &outzone)) {
/* XXX: this should not happen */
ip6stat.ip6s_cantforward++;
ip6stat.ip6s_badscope++;
m_freem(m);
return (NULL);
}
if (in6_setscope(&src_in6, m->m_pkthdr.rcvif, &inzone)) {
ip6stat.ip6s_cantforward++;
ip6stat.ip6s_badscope++;
m_freem(m);
return (NULL);
}
if (inzone != outzone && !proxy) {
ip6stat.ip6s_cantforward++;
ip6stat.ip6s_badscope++;
in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard);
if (ip6_log_time + ip6_log_interval < curtime) {
ip6_log_time = curtime;
log(LOG_DEBUG,
"cannot forward "
"src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
ip6_sprintf(&ip6->ip6_src),
ip6_sprintf(&ip6->ip6_dst),
ip6->ip6_nxt,
if_name(m->m_pkthdr.rcvif), if_name(rt->rt_ifp));
}
/* Release extra ref */
RT_REMREF_LOCKED(rt);
RT_UNLOCK(rt);
if (mcopy) {
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_BEYONDSCOPE, 0);
}
m_freem(m);
return (NULL);
}
/*
* Destination scope check: if a packet is going to break the scope
* zone of packet's destination address, discard it. This case should
* usually be prevented by appropriately-configured routing table, but
* we need an explicit check because we may mistakenly forward the
* packet to a different zone by (e.g.) a default route.
*/
dst_in6 = ip6->ip6_dst;
if (in6_setscope(&dst_in6, m->m_pkthdr.rcvif, &inzone) != 0 ||
in6_setscope(&dst_in6, rt->rt_ifp, &outzone) != 0 ||
inzone != outzone) {
ip6stat.ip6s_cantforward++;
ip6stat.ip6s_badscope++;
m_freem(m);
return (NULL);
}
if (m->m_pkthdr.len > rt->rt_ifp->if_mtu) {
in6_ifstat_inc(rt->rt_ifp, ifs6_in_toobig);
if (mcopy) {
uint32_t mtu;
#if IPSEC
struct secpolicy *sp2;
int ipsecerror;
size_t ipsechdrsiz;
#endif
mtu = rt->rt_ifp->if_mtu;
#if IPSEC
/*
* When we do IPsec tunnel ingress, we need to play
* with the link value (decrement IPsec header size
* from mtu value). The code is much simpler than v4
* case, as we have the outgoing interface for
* encapsulated packet as "rt->rt_ifp".
*/
sp2 = ipsec6_getpolicybyaddr(mcopy, IPSEC_DIR_OUTBOUND,
IP_FORWARDING, &ipsecerror);
if (sp2) {
ipsechdrsiz = ipsec6_hdrsiz(mcopy,
IPSEC_DIR_OUTBOUND, NULL);
if (ipsechdrsiz < mtu)
mtu -= ipsechdrsiz;
key_freesp(sp2, KEY_SADB_UNLOCKED);
}
/*
* if mtu becomes less than minimum MTU,
* tell minimum MTU (and I'll need to fragment it).
*/
if (mtu < IPV6_MMTU)
mtu = IPV6_MMTU;
#endif
/* Release extra ref */
RT_REMREF_LOCKED(rt);
RT_UNLOCK(rt);
icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, mtu);
} else {
/* Release extra ref */
RT_REMREF_LOCKED(rt);
RT_UNLOCK(rt);
}
m_freem(m);
return (NULL);
}
if (rt->rt_flags & RTF_GATEWAY)
dst = (struct sockaddr_in6 *)(void *)rt->rt_gateway;
/*
* If we are to forward the packet using the same interface
* as one we got the packet from, perhaps we should send a redirect
* to sender to shortcut a hop.
* Only send redirect if source is sending directly to us,
* and if packet was not source routed (or has any options).
* Also, don't send redirect if forwarding using a route
* modified by a redirect.
*/
if (!proxy &&
ip6_sendredirects && rt->rt_ifp == m->m_pkthdr.rcvif && !srcrt &&
(rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) {
if ((rt->rt_ifp->if_flags & IFF_POINTOPOINT) != 0) {
/*
* If the incoming interface is equal to the outgoing
* one, and the link attached to the interface is
* point-to-point, then it will be highly probable
* that a routing loop occurs. Thus, we immediately
* drop the packet and send an ICMPv6 error message.
*
* type/code is based on suggestion by Rich Draves.
* not sure if it is the best pick.
*/
RT_REMREF_LOCKED(rt); /* Release extra ref */
RT_UNLOCK(rt);
icmp6_error(mcopy, ICMP6_DST_UNREACH,
ICMP6_DST_UNREACH_ADDR, 0);
m_freem(m);
return (NULL);
}
type = ND_REDIRECT;
}
#if IPFW2
/*
* Check with the firewall...
*/
if (ip6_fw_enable && ip6_fw_chk_ptr) {
u_short port = 0;
ifp = rt->rt_ifp;
/* Drop the lock but retain the extra ref */
RT_UNLOCK(rt);
/* If ipfw says divert, we have to just drop packet */
if (ip6_fw_chk_ptr(&ip6, ifp, &port, &m)) {
m_freem(m);
goto freecopy;
}
if (!m) {
goto freecopy;
}
/* We still have the extra ref on rt */
RT_LOCK(rt);
}
#endif
/*
* Fake scoped addresses. Note that even link-local source or
* destinaion can appear, if the originating node just sends the
* packet to us (without address resolution for the destination).
* Since both icmp6_error and icmp6_redirect_output fill the embedded
* link identifiers, we can do this stuff after making a copy for
* returning an error.
*/
if ((rt->rt_ifp->if_flags & IFF_LOOPBACK) != 0) {
/*
* See corresponding comments in ip6_output.
* XXX: but is it possible that ip6_forward() sends a packet
* to a loopback interface? I don't think so, and thus
* I bark here. ([email protected])
* XXX: it is common to route invalid packets to loopback.
* also, the codepath will be visited on use of ::1 in
* rthdr. (itojun)
*/
#if 1
if ((0))
#else
if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0)
#endif
{
printf("ip6_forward: outgoing interface is loopback. "
"src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
ip6_sprintf(&ip6->ip6_src),
ip6_sprintf(&ip6->ip6_dst),
ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif),
if_name(rt->rt_ifp));
}
/* we can just use rcvif in forwarding. */
origifp = rcvifp = m->m_pkthdr.rcvif;
} else if (nd6_prproxy) {
/*
* In the prefix proxying case, we need to inform nd6_output()
* about the inbound interface, so that any subsequent NS
* packets generated by nd6_prproxy_ns_output() will not be
* sent back to that same interface.
*/
origifp = rcvifp = m->m_pkthdr.rcvif;
} else {
rcvifp = m->m_pkthdr.rcvif;
origifp = rt->rt_ifp;
}
/*
* clear embedded scope identifiers if necessary.
* in6_clearscope will touch the addresses only when necessary.
*/
in6_clearscope(&ip6->ip6_src);
in6_clearscope(&ip6->ip6_dst);
ifp = rt->rt_ifp;
/* Drop the lock but retain the extra ref */
RT_UNLOCK(rt);
/*
* If this is to be processed locally, let ip6_input have it.
*/
if (proxy) {
VERIFY(m->m_pkthdr.pkt_flags & PKTF_PROXY_DST);
/* Release extra ref */
RT_REMREF(rt);
if (mcopy != NULL)
m_freem(mcopy);
return (m);
}
#if PF
/* Invoke outbound packet filter */
error = pf_af_hook(ifp, NULL, &m, AF_INET6, FALSE, NULL);
if (error != 0 || m == NULL) {
if (m != NULL) {
panic("%s: unexpected packet %p\n", __func__, m);
/* NOTREACHED */
}
/* Already freed by callee */
goto senderr;
}
ip6 = mtod(m, struct ip6_hdr *);
#endif /* PF */
/* Mark this packet as being forwarded from another interface */
m->m_pkthdr.pkt_flags |= PKTF_FORWARDED;
len = m_pktlen(m);
error = nd6_output(ifp, origifp, m, dst, rt, NULL);
if (error) {
in6_ifstat_inc(ifp, ifs6_out_discard);
ip6stat.ip6s_cantforward++;
} else {
/*
* Increment stats on the source interface; the ones
* for destination interface has been taken care of
* during output above by virtue of PKTF_FORWARDED.
*/
rcvifp->if_fpackets++;
rcvifp->if_fbytes += len;
ip6stat.ip6s_forward++;
in6_ifstat_inc(ifp, ifs6_out_forward);
if (type)
ip6stat.ip6s_redirectsent++;
else {
if (mcopy) {
goto freecopy;
}
}
}
#if PF
senderr:
#endif /* PF */
if (mcopy == NULL) {
/* Release extra ref */
RT_REMREF(rt);
return (NULL);
}
switch (error) {
case 0:
#if 1
if (type == ND_REDIRECT) {
icmp6_redirect_output(mcopy, rt);
/* Release extra ref */
RT_REMREF(rt);
return (NULL);
}
#endif
goto freecopy;
case EMSGSIZE:
/* xxx MTU is constant in PPP? */
goto freecopy;
case ENOBUFS:
/* Tell source to slow down like source quench in IP? */
goto freecopy;
case ENETUNREACH: /* shouldn't happen, checked above */
case EHOSTUNREACH:
case ENETDOWN:
case EHOSTDOWN:
default:
type = ICMP6_DST_UNREACH;
code = ICMP6_DST_UNREACH_ADDR;
break;
}
icmp6_error(mcopy, type, code, 0);
/* Release extra ref */
RT_REMREF(rt);
return (NULL);
freecopy:
m_freem(mcopy);
/* Release extra ref */
RT_REMREF(rt);
return (NULL);
}
/*
* IP output. The packet in mbuf chain m contains a skeletal IP
* header (with len, off, ttl, proto, tos, src, dst).
* The mbuf chain containing the packet will be freed.
* The mbuf opt, if present, will not be freed.
*/
int ip_output(struct socket *so, struct mbuf *m0)
{
Slirp *slirp = m0->slirp;
register struct ip *ip;
register struct mbuf *m = m0;
register int hlen = sizeof(struct ip );
int len, off, error = 0;
DEBUG_SLIRP("ip_output(%s, %s)\n", slirp_ptr_so(so), slirp_ptr_mbuf(m0));
ip = mtod(m, struct ip *);
/*
* Fill in IP header.
*/
ip->ip_v = IPVERSION;
ip->ip_off &= IP_DF;
ip->ip_id = htons(slirp->ip_id++);
ip->ip_hl = hlen >> 2;
/*
* If small enough for interface, can just send directly.
*/
if ((uint16_t)ip->ip_len <= IF_MTU) {
ip->ip_len = htons((uint16_t)ip->ip_len);
ip->ip_off = htons((uint16_t)ip->ip_off);
ip->ip_sum = 0;
ip->ip_sum = cksum(m, hlen);
if_output(so, m);
goto done;
}
DEBUG_SLIRP("ip_output - too large for one packet\n");
/*
* Too large for interface; fragment if possible.
* Must be able to put at least 8 bytes per fragment.
*/
if (ip->ip_off & IP_DF) {
error = -1;
goto bad;
}
len = (IF_MTU - hlen) &~ 7; /* ip databytes per packet */
if (len < 8) {
error = -1;
goto bad;
}
{
int mhlen, firstlen = len;
struct mbuf **mnext = &m->m_nextpkt;
/*
* Loop through length of segment after first fragment,
* make new header and copy data of each part and link onto chain.
*/
m0 = m;
mhlen = sizeof (struct ip);
int count = 1;
for (off = hlen + len; off < (uint16_t)ip->ip_len; off += len) {
DEBUG_SLIRP("ip_output fragment %d\n", count);
register struct ip *mhip;
m = m_get(slirp);
m->m_nextpkt = NULL;
if (m == NULL) {
error = -1;
goto sendorfree;
}
m->m_data += IF_MAXLINKHDR;
mhip = mtod(m, struct ip *);
*mhip = *ip;
m->m_len = mhlen;
mhip->ip_off = ((off - hlen) >> 3) + (ip->ip_off & ~IP_MF);
if (ip->ip_off & IP_MF)
mhip->ip_off |= IP_MF;
if (off + len >= (uint16_t)ip->ip_len)
len = (uint16_t)ip->ip_len - off;
else
mhip->ip_off |= IP_MF;
mhip->ip_len = htons((uint16_t)(len + mhlen));
if (m_copy(m, m0, off, len) < 0) {
error = -1;
goto sendorfree;
}
mhip->ip_off = htons((uint16_t)mhip->ip_off);
mhip->ip_sum = 0;
mhip->ip_sum = cksum(m, mhlen);
*mnext = m;
mnext = &m->m_nextpkt;
count++;
}
/*
* Update first fragment by trimming what's been copied out
* and updating header, then send each fragment (in order).
*/
m = m0;
m_adj(m, hlen + firstlen - (uint16_t)ip->ip_len);
ip->ip_len = htons((uint16_t)m->m_len);
ip->ip_off = htons((uint16_t)(ip->ip_off | IP_MF));
ip->ip_sum = 0;
ip->ip_sum = cksum(m, hlen);
sendorfree:
for (m = m0; m; m = m0) {
DEBUG_SLIRP("ip_output loop(%s)\n", slirp_ptr_mbuf(m));
m0 = m->m_nextpkt;
m->m_nextpkt = NULL;
if (error == 0)
if_output(so, m);
else
m_free(m);
}
}
done:
return error;
bad:
m_free(m0);
goto done;
return error;
}
/*
* ARCnet output routine.
* Encapsulate a packet of type family for the local net.
* Assumes that ifp is actually pointer to arccom structure.
*/
int
arc_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
struct route *ro)
{
struct arc_header *ah;
int error;
u_int8_t atype, adst;
int loop_copy = 0;
int isphds;
#if defined(INET) || defined(INET6)
struct llentry *lle;
#endif
if (!((ifp->if_flags & IFF_UP) &&
(ifp->if_drv_flags & IFF_DRV_RUNNING)))
return(ENETDOWN); /* m, m1 aren't initialized yet */
error = 0;
switch (dst->sa_family) {
#ifdef INET
case AF_INET:
/*
* For now, use the simple IP addr -> ARCnet addr mapping
*/
if (m->m_flags & (M_BCAST|M_MCAST))
adst = arcbroadcastaddr; /* ARCnet broadcast address */
else if (ifp->if_flags & IFF_NOARP)
adst = ntohl(SIN(dst)->sin_addr.s_addr) & 0xFF;
else {
error = arpresolve(ifp, ro ? ro->ro_rt : NULL,
m, dst, &adst, &lle);
if (error)
return (error == EWOULDBLOCK ? 0 : error);
}
atype = (ifp->if_flags & IFF_LINK0) ?
ARCTYPE_IP_OLD : ARCTYPE_IP;
break;
case AF_ARP:
{
struct arphdr *ah;
ah = mtod(m, struct arphdr *);
ah->ar_hrd = htons(ARPHRD_ARCNET);
loop_copy = -1; /* if this is for us, don't do it */
switch(ntohs(ah->ar_op)) {
case ARPOP_REVREQUEST:
case ARPOP_REVREPLY:
atype = ARCTYPE_REVARP;
break;
case ARPOP_REQUEST:
case ARPOP_REPLY:
default:
atype = ARCTYPE_ARP;
break;
}
if (m->m_flags & M_BCAST)
bcopy(ifp->if_broadcastaddr, &adst, ARC_ADDR_LEN);
else
bcopy(ar_tha(ah), &adst, ARC_ADDR_LEN);
}
break;
#endif
#ifdef INET6
case AF_INET6:
error = nd6_storelladdr(ifp, m, dst, (u_char *)&adst, &lle);
if (error)
return (error);
atype = ARCTYPE_INET6;
break;
#endif
#ifdef IPX
case AF_IPX:
adst = SIPX(dst)->sipx_addr.x_host.c_host[5];
atype = ARCTYPE_IPX;
if (adst == 0xff)
adst = arcbroadcastaddr;
break;
#endif
case AF_UNSPEC:
{
const struct arc_header *ah;
loop_copy = -1;
ah = (const struct arc_header *)dst->sa_data;
adst = ah->arc_dhost;
atype = ah->arc_type;
if (atype == ARCTYPE_ARP) {
atype = (ifp->if_flags & IFF_LINK0) ?
ARCTYPE_ARP_OLD: ARCTYPE_ARP;
#ifdef ARCNET_ALLOW_BROKEN_ARP
/*
* XXX It's not clear per RFC826 if this is needed, but
* "assigned numbers" say this is wrong.
* However, e.g., AmiTCP 3.0Beta used it... we make this
* switchable for emergency cases. Not perfect, but...
*/
if (ifp->if_flags & IFF_LINK2)
mtod(m, struct arphdr *)->ar_pro = atype - 1;
#endif
}
break;
}
default:
if_printf(ifp, "can't handle af%d\n", dst->sa_family);
senderr(EAFNOSUPPORT);
}
isphds = arc_isphds(atype);
M_PREPEND(m, isphds ? ARC_HDRNEWLEN : ARC_HDRLEN, M_NOWAIT);
if (m == 0)
senderr(ENOBUFS);
ah = mtod(m, struct arc_header *);
ah->arc_type = atype;
ah->arc_dhost = adst;
ah->arc_shost = ARC_LLADDR(ifp);
if (isphds) {
ah->arc_flag = 0;
ah->arc_seqid = 0;
}
if ((ifp->if_flags & IFF_SIMPLEX) && (loop_copy != -1)) {
if ((m->m_flags & M_BCAST) || (loop_copy > 0)) {
struct mbuf *n = m_copy(m, 0, (int)M_COPYALL);
(void) if_simloop(ifp, n, dst->sa_family, ARC_HDRLEN);
} else if (ah->arc_dhost == ah->arc_shost) {
(void) if_simloop(ifp, m, dst->sa_family, ARC_HDRLEN);
return (0); /* XXX */
}
}
BPF_MTAP(ifp, m);
error = ifp->if_transmit(ifp, m);
return (error);
bad:
if (m)
m_freem(m);
return (error);
}
/*
* IPX input routine. Pass to next level.
*/
void
ipxintr()
{
struct ipx *ipx;
struct mbuf *m;
struct ipxpcb *ipxp;
struct ipx_ifaddr *ia;
int len, s;
next:
/*
* Get next datagram off input queue and get IPX header
* in first mbuf.
*/
s = splimp();
IF_DEQUEUE(&ipxintrq, m);
splx(s);
if (m == NULL) {
return;
}
ipxstat.ipxs_total++;
if ((m->m_flags & M_EXT || m->m_len < sizeof(struct ipx)) &&
(m = m_pullup(m, sizeof(struct ipx))) == 0) {
ipxstat.ipxs_toosmall++;
goto next;
}
/*
* Give any raw listeners a crack at the packet
*/
for (ipxp = ipxrawcbtable.ipxpt_queue.cqh_first;
ipxp != (struct ipxpcb *)&ipxrawcbtable.ipxpt_queue;
ipxp = ipxp->ipxp_queue.cqe_next) {
struct mbuf *m1 = m_copy(m, 0, (int)M_COPYALL);
if (m1)
ipx_input(m1, ipxp);
}
ipx = mtod(m, struct ipx *);
len = ntohs(ipx->ipx_len);
/*
* Check that the amount of data in the buffers
* is as at least much as the IPX header would have us expect.
* Trim mbufs if longer than we expect.
* Drop packet if shorter than we expect.
*/
if (m->m_pkthdr.len < len) {
ipxstat.ipxs_tooshort++;
goto bad;
}
if (m->m_pkthdr.len > len) {
if (m->m_len == m->m_pkthdr.len) {
m->m_len = len;
m->m_pkthdr.len = len;
} else
m_adj(m, len - m->m_pkthdr.len);
}
if (ipxcksum && ipx->ipx_sum != 0xffff) {
if (ipx->ipx_sum != ipx_cksum(m, len)) {
ipxstat.ipxs_badsum++;
goto bad;
}
}
/*
* Propagated (Netbios) packets (type 20) has to be handled
* different. :-(
*/
if (ipx->ipx_pt == IPXPROTO_NETBIOS) {
if (ipxnetbios) {
ipx_output_type20(m);
goto next;
} else
goto bad;
}
/*
* Is this a directed broadcast?
*/
if (ipx_hosteqnh(ipx_broadhost,ipx->ipx_dna.ipx_host)) {
if ((!ipx_neteq(ipx->ipx_dna, ipx->ipx_sna)) &&
(!ipx_neteqnn(ipx->ipx_dna.ipx_net, ipx_broadnet)) &&
(!ipx_neteqnn(ipx->ipx_sna.ipx_net, ipx_zeronet)) &&
(!ipx_neteqnn(ipx->ipx_dna.ipx_net, ipx_zeronet)) ) {
/*
* If it is a broadcast to the net where it was
* received from, treat it as ours.
*/
for (ia = ipx_ifaddr.tqh_first; ia;
ia = ia->ia_list.tqe_next)
if((ia->ia_ifa.ifa_ifp == m->m_pkthdr.rcvif) &&
ipx_neteq(ia->ia_addr.sipx_addr,
ipx->ipx_dna))
goto ours;
/*
* Look to see if I need to eat this packet.
* Algorithm is to forward all young packets
* and prematurely age any packets which will
* by physically broadcasted.
* Any very old packets eaten without forwarding
* would die anyway.
*
* Suggestion of Bill Nesheim, Cornell U.
*/
if (ipx->ipx_tc < IPX_MAXHOPS) {
ipx_forward(m);
goto next;
}
}
/*
* Is this our packet? If not, forward.
*/
} else {
for (ia = ipx_ifaddr.tqh_first; ia; ia = ia->ia_list.tqe_next)
if (ipx_hosteq(ipx->ipx_dna, ia->ia_addr.sipx_addr) &&
(ipx_neteq(ipx->ipx_dna, ia->ia_addr.sipx_addr) ||
ipx_neteqnn(ipx->ipx_dna.ipx_net, ipx_zeronet)))
break;
if (ia == NULL) {
ipx_forward(m);
goto next;
}
}
ours:
/*
* Locate pcb for datagram.
*/
ipxp = ipx_pcblookup(&ipx->ipx_sna, ipx->ipx_dna.ipx_port,
IPX_WILDCARD);
/*
* Switch out to protocol's input routine.
*/
if (ipxp) {
ipxstat.ipxs_delivered++;
if ((ipxp->ipxp_flags & IPXP_ALL_PACKETS) == 0)
switch (ipx->ipx_pt) {
case IPXPROTO_SPX:
spx_input(m, ipxp);
goto next;
}
ipx_input(m, ipxp);
} else
goto bad;
goto next;
bad:
m_freem(m);
goto next;
}
