int
route6_input(struct mbuf **mp, int *offp, int proto)
{
#pragma unused(proto)
struct ip6_hdr *ip6;
struct mbuf *m = *mp;
struct ip6_rthdr *rh;
int off = *offp, rhlen;
#ifdef notyet
struct ip6aux *ip6a;
ip6a = ip6_findaux(m);
if (ip6a) {
/* XXX reject home-address option before rthdr */
if (ip6a->ip6a_flags & IP6A_SWAP) {
ip6stat.ip6s_badoptions++;
m_freem(m);
return IPPROTO_DONE;
}
}
#endif /* notyet */
#ifndef PULLDOWN_TEST
IP6_EXTHDR_CHECK(m, off, sizeof(*rh), return IPPROTO_DONE);
/* Expect 32-bit aligned data pointer on strict-align platforms */
MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
ip6 = mtod(m, struct ip6_hdr *);
rh = (struct ip6_rthdr *)((caddr_t)ip6 + off);
#else
/* Expect 32-bit aligned data pointer on strict-align platforms */
MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
ip6 = mtod(m, struct ip6_hdr *);
IP6_EXTHDR_GET(rh, struct ip6_rthdr *, m, off, sizeof(*rh));
if (rh == NULL) {
ip6stat.ip6s_tooshort++;
return (IPPROTO_DONE);
}
#endif
switch (rh->ip6r_type) {
default:
/* unknown routing type */
if (rh->ip6r_segleft == 0) {
rhlen = (rh->ip6r_len + 1) << 3;
break; /* Final dst. Just ignore the header. */
}
ip6stat.ip6s_badoptions++;
icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER,
(caddr_t)&rh->ip6r_type - (caddr_t)ip6);
return (IPPROTO_DONE);
}
*offp += rhlen;
return (rh->ip6r_nxt);
}
/*
* Fragment input
* NOTE: this function is called with the inet6_domain_mutex held from ip6_input.
* inet6_domain_mutex is protecting he frag6 queue manipulation.
*/
int
frag6_input(struct mbuf **mp, int *offp, int proto)
{
#pragma unused(proto)
struct mbuf *m = *mp, *t;
struct ip6_hdr *ip6;
struct ip6_frag *ip6f;
struct ip6q *q6;
struct ip6asfrag *af6, *ip6af, *af6dwn;
int offset = *offp, nxt, i, next;
int first_frag = 0;
int fragoff, frgpartlen; /* must be larger than u_int16_t */
struct ifnet *dstifp;
struct ifaddr *ifa = NULL;
u_int8_t ecn, ecn0;
#ifdef IN6_IFSTAT_STRICT
struct route_in6 ro;
struct sockaddr_in6 *dst;
#endif
/* Expect 32-bit aligned data pointer on strict-align platforms */
MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
ip6 = mtod(m, struct ip6_hdr *);
#ifndef PULLDOWN_TEST
IP6_EXTHDR_CHECK(m, offset, sizeof(struct ip6_frag), return IPPROTO_DONE);
ip6f = (struct ip6_frag *)((caddr_t)ip6 + offset);
#else
IP6_EXTHDR_GET(ip6f, struct ip6_frag *, m, offset, sizeof(*ip6f));
if (ip6f == NULL)
return IPPROTO_DONE;
#endif
dstifp = NULL;
#ifdef IN6_IFSTAT_STRICT
/* find the destination interface of the packet. */
bzero(&ro, sizeof (ro));
dst = (struct sockaddr_in6 *)&ro.ro_dst;
dst->sin6_family = AF_INET6;
dst->sin6_len = sizeof (struct sockaddr_in6);
dst->sin6_addr = ip6->ip6_dst;
rtalloc((struct route *)&ro);
if (ro.ro_rt != NULL) {
RT_LOCK(ro.ro_rt);
if ((ifa = ro.ro_rt->rt_ifa) != NULL) {
IFA_ADDREF(ifa);
dstifp = ((struct in6_ifaddr *)ro.ro_rt->rt_ifa)->ia_ifp;
}
RT_UNLOCK(ro.ro_rt);
rtfree(ro.ro_rt);
ro.ro_rt = NULL;
}
#else
/* we are violating the spec, this is not the destination interface */
if ((m->m_flags & M_PKTHDR) != 0)
dstifp = m->m_pkthdr.rcvif;
#endif
/* jumbo payload can't contain a fragment header */
if (ip6->ip6_plen == 0) {
icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER, offset);
in6_ifstat_inc(dstifp, ifs6_reass_fail);
if (ifa != NULL)
IFA_REMREF(ifa);
return IPPROTO_DONE;
}
/*
* check whether fragment packet's fragment length is
* multiple of 8 octets.
* sizeof(struct ip6_frag) == 8
* sizeof(struct ip6_hdr) = 40
*/
if ((ip6f->ip6f_offlg & IP6F_MORE_FRAG) &&
(((ntohs(ip6->ip6_plen) - offset) & 0x7) != 0)) {
icmp6_error(m, ICMP6_PARAM_PROB,
ICMP6_PARAMPROB_HEADER,
offsetof(struct ip6_hdr, ip6_plen));
in6_ifstat_inc(dstifp, ifs6_reass_fail);
if (ifa != NULL)
IFA_REMREF(ifa);
return IPPROTO_DONE;
}
ip6stat.ip6s_fragments++;
in6_ifstat_inc(dstifp, ifs6_reass_reqd);
/* offset now points to data portion */
offset += sizeof(struct ip6_frag);
frag6_doing_reass = 1;
/*
* Enforce upper bound on number of fragments.
* If maxfrag is 0, never accept fragments.
* If maxfrag is -1, accept all fragments without limitation.
*/
if (ip6_maxfrags < 0)
;
else if (frag6_nfrags >= (u_int)ip6_maxfrags)
goto dropfrag;
for (q6 = ip6q.ip6q_next; q6 != &ip6q; q6 = q6->ip6q_next)
if (ip6f->ip6f_ident == q6->ip6q_ident &&
IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &q6->ip6q_src) &&
IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &q6->ip6q_dst))
break;
if (q6 == &ip6q) {
/*
* the first fragment to arrive, create a reassembly queue.
*/
first_frag = 1;
/*
* Enforce upper bound on number of fragmented packets
* for which we attempt reassembly;
* If maxfrag is 0, never accept fragments.
* If maxfrag is -1, accept all fragments without limitation.
*/
if (ip6_maxfragpackets < 0)
;
else if (frag6_nfragpackets >= (u_int)ip6_maxfragpackets)
goto dropfrag;
frag6_nfragpackets++;
q6 = (struct ip6q *)_MALLOC(sizeof(struct ip6q), M_FTABLE,
M_DONTWAIT);
if (q6 == NULL)
goto dropfrag;
bzero(q6, sizeof(*q6));
frag6_insque(q6, &ip6q);
/* ip6q_nxt will be filled afterwards, from 1st fragment */
q6->ip6q_down = q6->ip6q_up = (struct ip6asfrag *)q6;
#ifdef notyet
q6->ip6q_nxtp = (u_char *)nxtp;
#endif
q6->ip6q_ident = ip6f->ip6f_ident;
q6->ip6q_ttl = IPV6_FRAGTTL;
q6->ip6q_src = ip6->ip6_src;
q6->ip6q_dst = ip6->ip6_dst;
q6->ip6q_ecn =
(ntohl(ip6->ip6_flow) >> 20) & IPTOS_ECN_MASK;
q6->ip6q_unfrglen = -1; /* The 1st fragment has not arrived. */
q6->ip6q_nfrag = 0;
}
int
encap6_input(struct mbuf **mp, int *offp, int proto)
{
struct mbuf *m = *mp;
struct ip6_hdr *ip6;
struct sockaddr_in6 s, d;
const struct ip6protosw *psw;
struct encaptab *ep, *match;
int prio, matchprio;
/* Expect 32-bit aligned data pointer on strict-align platforms */
MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
ip6 = mtod(m, struct ip6_hdr *);
bzero(&s, sizeof(s));
s.sin6_family = AF_INET6;
s.sin6_len = sizeof(struct sockaddr_in6);
s.sin6_addr = ip6->ip6_src;
bzero(&d, sizeof(d));
d.sin6_family = AF_INET6;
d.sin6_len = sizeof(struct sockaddr_in6);
d.sin6_addr = ip6->ip6_dst;
match = NULL;
matchprio = 0;
for (ep = LIST_FIRST(&encaptab); ep; ep = LIST_NEXT(ep, chain)) {
if (ep->af != AF_INET6)
continue;
if (ep->proto >= 0 && ep->proto != proto)
continue;
if (ep->func)
prio = (*ep->func)(m, *offp, proto, ep->arg);
else {
/*
* it's inbound traffic, we need to match in reverse
* order
*/
prio = mask_match(ep, (struct sockaddr *)&d,
(struct sockaddr *)&s);
}
/* see encap4_input() for issues here */
if (prio <= 0)
continue;
if (prio > matchprio) {
matchprio = prio;
match = ep;
}
}
if (match) {
/* found a match */
psw = (const struct ip6protosw *)match->psw;
if (psw && psw->pr_input) {
encap_fillarg(m, match);
return (*psw->pr_input)(mp, offp, proto);
} else {
m_freem(m);
return IPPROTO_DONE;
}
}
/* last resort: inject to raw socket */
return rip6_input(mp, offp, proto);
}
void
ah4_input(struct mbuf *m, int off)
{
struct ip *ip;
struct ah *ah;
u_int32_t spi;
const struct ah_algorithm *algo;
size_t siz;
size_t siz1;
u_char *cksum;
struct secasvar *sav = NULL;
u_int16_t nxt;
size_t hlen;
size_t stripsiz = 0;
sa_family_t ifamily;
if (m->m_len < off + sizeof(struct newah)) {
m = m_pullup(m, off + sizeof(struct newah));
if (!m) {
ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup;"
"dropping the packet for simplicity\n"));
IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
goto fail;
}
}
/* Expect 32-bit aligned data pointer on strict-align platforms */
MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
ip = mtod(m, struct ip *);
ah = (struct ah *)(void *)(((caddr_t)ip) + off);
nxt = ah->ah_nxt;
#ifdef _IP_VHL
hlen = IP_VHL_HL(ip->ip_vhl) << 2;
#else
hlen = ip->ip_hl << 2;
#endif
/* find the sassoc. */
spi = ah->ah_spi;
if ((sav = key_allocsa(AF_INET,
(caddr_t)&ip->ip_src, (caddr_t)&ip->ip_dst,
IPPROTO_AH, spi)) == 0) {
ipseclog((LOG_WARNING,
"IPv4 AH input: no key association found for spi %u\n",
(u_int32_t)ntohl(spi)));
IPSEC_STAT_INCREMENT(ipsecstat.in_nosa);
goto fail;
}
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP ah4_input called to allocate SA:0x%llx\n",
(uint64_t)VM_KERNEL_ADDRPERM(sav)));
if (sav->state != SADB_SASTATE_MATURE
&& sav->state != SADB_SASTATE_DYING) {
ipseclog((LOG_DEBUG,
"IPv4 AH input: non-mature/dying SA found for spi %u\n",
(u_int32_t)ntohl(spi)));
IPSEC_STAT_INCREMENT(ipsecstat.in_badspi);
goto fail;
}
algo = ah_algorithm_lookup(sav->alg_auth);
if (!algo) {
ipseclog((LOG_DEBUG, "IPv4 AH input: "
"unsupported authentication algorithm for spi %u\n",
(u_int32_t)ntohl(spi)));
IPSEC_STAT_INCREMENT(ipsecstat.in_badspi);
goto fail;
}
siz = (*algo->sumsiz)(sav);
siz1 = ((siz + 3) & ~(4 - 1));
/*
* sanity checks for header, 1.
*/
{
int sizoff;
sizoff = (sav->flags & SADB_X_EXT_OLD) ? 0 : 4;
/*
* Here, we do not do "siz1 == siz". This is because the way
* RFC240[34] section 2 is written. They do not require truncation
* to 96 bits.
* For example, Microsoft IPsec stack attaches 160 bits of
* authentication data for both hmac-md5 and hmac-sha1. For hmac-sha1,
* 32 bits of padding is attached.
*
* There are two downsides to this specification.
* They have no real harm, however, they leave us fuzzy feeling.
* - if we attach more than 96 bits of authentication data onto AH,
* we will never notice about possible modification by rogue
* intermediate nodes.
* Since extra bits in AH checksum is never used, this constitutes
* no real issue, however, it is wacky.
* - even if the peer attaches big authentication data, we will never
* notice the difference, since longer authentication data will just
* work.
*
* We may need some clarification in the spec.
*/
if (siz1 < siz) {
ipseclog((LOG_NOTICE, "sum length too short in IPv4 AH input "
"(%lu, should be at least %lu): %s\n",
(u_int32_t)siz1, (u_int32_t)siz,
ipsec4_logpacketstr(ip, spi)));
IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
goto fail;
}
if ((ah->ah_len << 2) - sizoff != siz1) {
ipseclog((LOG_NOTICE, "sum length mismatch in IPv4 AH input "
"(%d should be %lu): %s\n",
(ah->ah_len << 2) - sizoff, (u_int32_t)siz1,
ipsec4_logpacketstr(ip, spi)));
IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
goto fail;
}
if (m->m_len < off + sizeof(struct ah) + sizoff + siz1) {
m = m_pullup(m, off + sizeof(struct ah) + sizoff + siz1);
if (!m) {
ipseclog((LOG_DEBUG, "IPv4 AH input: can't pullup\n"));
IPSEC_STAT_INCREMENT(ipsecstat.in_inval);
goto fail;
}
/* Expect 32-bit aligned data ptr on strict-align platforms */
MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
ip = mtod(m, struct ip *);
ah = (struct ah *)(void *)(((caddr_t)ip) + off);
}
}
void
encap4_input(struct mbuf *m, int off)
{
int proto;
struct ip *ip;
struct sockaddr_in s, d;
const struct protosw *psw;
struct encaptab *ep, *match;
int prio, matchprio;
#ifndef __APPLE__
va_start(ap, m);
off = va_arg(ap, int);
proto = va_arg(ap, int);
va_end(ap);
#endif
/* Expect 32-bit aligned data pointer on strict-align platforms */
MBUF_STRICT_DATA_ALIGNMENT_CHECK_32(m);
ip = mtod(m, struct ip *);
#ifdef __APPLE__
proto = ip->ip_p;
#endif
bzero(&s, sizeof(s));
s.sin_family = AF_INET;
s.sin_len = sizeof(struct sockaddr_in);
s.sin_addr = ip->ip_src;
bzero(&d, sizeof(d));
d.sin_family = AF_INET;
d.sin_len = sizeof(struct sockaddr_in);
d.sin_addr = ip->ip_dst;
match = NULL;
matchprio = 0;
for (ep = LIST_FIRST(&encaptab); ep; ep = LIST_NEXT(ep, chain)) {
if (ep->af != AF_INET)
continue;
if (ep->proto >= 0 && ep->proto != proto)
continue;
if (ep->func)
prio = (*ep->func)(m, off, proto, ep->arg);
else {
/*
* it's inbound traffic, we need to match in reverse
* order
*/
prio = mask_match(ep, (struct sockaddr *)&d,
(struct sockaddr *)&s);
}
/*
* We prioritize the matches by using bit length of the
* matches. mask_match() and user-supplied matching function
* should return the bit length of the matches (for example,
* if both src/dst are matched for IPv4, 64 should be returned).
* 0 or negative return value means "it did not match".
*
* The question is, since we have two "mask" portion, we
* cannot really define total order between entries.
* For example, which of these should be preferred?
* mask_match() returns 48 (32 + 16) for both of them.
* src=3ffe::/16, dst=3ffe:501::/32
* src=3ffe:501::/32, dst=3ffe::/16
*
* We need to loop through all the possible candidates
* to get the best match - the search takes O(n) for
* n attachments (i.e. interfaces).
*/
if (prio <= 0)
continue;
if (prio > matchprio) {
matchprio = prio;
match = ep;
}
}
if (match) {
/* found a match, "match" has the best one */
psw = (const struct protosw *)match->psw;
if (psw && psw->pr_input) {
encap_fillarg(m, match);
(*psw->pr_input)(m, off);
} else
m_freem(m);
return;
}
/* last resort: inject to raw socket */
rip_input(m, off);
}
