1 /* 2 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved. 3 * Copyright (c) 2003, 2004 The DragonFly Project. All rights reserved. 4 * 5 * This code is derived from software contributed to The DragonFly Project 6 * by Jeffrey M. Hsu. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of The DragonFly Project nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific, prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 30 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved. 36 * 37 * License terms: all terms for the DragonFly license above plus the following: 38 * 39 * 4. All advertising materials mentioning features or use of this software 40 * must display the following acknowledgement: 41 * 42 * This product includes software developed by Jeffrey M. Hsu 43 * for the DragonFly Project. 44 * 45 * This requirement may be waived with permission from Jeffrey Hsu. 46 * This requirement will sunset and may be removed on July 8 2005, 47 * after which the standard DragonFly license (as shown above) will 48 * apply. 49 */ 50 51 /* 52 * Copyright (c) 1982, 1986, 1988, 1993 53 * The Regents of the University of California. All rights reserved. 54 * 55 * Redistribution and use in source and binary forms, with or without 56 * modification, are permitted provided that the following conditions 57 * are met: 58 * 1. Redistributions of source code must retain the above copyright 59 * notice, this list of conditions and the following disclaimer. 60 * 2. Redistributions in binary form must reproduce the above copyright 61 * notice, this list of conditions and the following disclaimer in the 62 * documentation and/or other materials provided with the distribution. 63 * 3. All advertising materials mentioning features or use of this software 64 * must display the following acknowledgement: 65 * This product includes software developed by the University of 66 * California, Berkeley and its contributors. 67 * 4. Neither the name of the University nor the names of its contributors 68 * may be used to endorse or promote products derived from this software 69 * without specific prior written permission. 70 * 71 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 72 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 73 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 74 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 75 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 76 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 77 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 78 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 79 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 80 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 81 * SUCH DAMAGE. 82 * 83 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 84 * $FreeBSD: src/sys/netinet/ip_input.c,v 1.130.2.52 2003/03/07 07:01:28 silby Exp $ 85 * $DragonFly: src/sys/netinet/ip_input.c,v 1.34 2004/07/18 16:26:43 dillon Exp $ 86 */ 87 88 #define _IP_VHL 89 90 #include "opt_bootp.h" 91 #include "opt_ipfw.h" 92 #include "opt_ipdn.h" 93 #include "opt_ipdivert.h" 94 #include "opt_ipfilter.h" 95 #include "opt_ipstealth.h" 96 #include "opt_ipsec.h" 97 #include "opt_random_ip_id.h" 98 99 #include <sys/param.h> 100 #include <sys/systm.h> 101 #include <sys/mbuf.h> 102 #include <sys/malloc.h> 103 #include <sys/mpipe.h> 104 #include <sys/domain.h> 105 #include <sys/protosw.h> 106 #include <sys/socket.h> 107 #include <sys/time.h> 108 #include <sys/globaldata.h> 109 #include <sys/thread.h> 110 #include <sys/kernel.h> 111 #include <sys/syslog.h> 112 #include <sys/sysctl.h> 113 #include <sys/in_cksum.h> 114 115 #include <sys/thread2.h> 116 #include <sys/msgport2.h> 117 118 #include <machine/stdarg.h> 119 120 #include <net/if.h> 121 #include <net/if_types.h> 122 #include <net/if_var.h> 123 #include <net/if_dl.h> 124 #include <net/pfil.h> 125 #include <net/route.h> 126 #include <net/netisr.h> 127 #include <net/intrq.h> 128 129 #include <netinet/in.h> 130 #include <netinet/in_systm.h> 131 #include <netinet/in_var.h> 132 #include <netinet/ip.h> 133 #include <netinet/in_pcb.h> 134 #include <netinet/ip_var.h> 135 #include <netinet/ip_icmp.h> 136 137 #include <netinet/ipprotosw.h> 138 139 #include <sys/socketvar.h> 140 141 #include <net/ipfw/ip_fw.h> 142 #include <net/dummynet/ip_dummynet.h> 143 144 #ifdef IPSEC 145 #include <netinet6/ipsec.h> 146 #include <netproto/key/key.h> 147 #endif 148 149 #ifdef FAST_IPSEC 150 #include <netipsec/ipsec.h> 151 #include <netipsec/key.h> 152 #endif 153 154 int rsvp_on = 0; 155 static int ip_rsvp_on; 156 struct socket *ip_rsvpd; 157 158 int ipforwarding = 0; 159 SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, 160 &ipforwarding, 0, "Enable IP forwarding between interfaces"); 161 162 static int ipsendredirects = 1; /* XXX */ 163 SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, 164 &ipsendredirects, 0, "Enable sending IP redirects"); 165 166 int ip_defttl = IPDEFTTL; 167 SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, 168 &ip_defttl, 0, "Maximum TTL on IP packets"); 169 170 static int ip_dosourceroute = 0; 171 SYSCTL_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW, 172 &ip_dosourceroute, 0, "Enable forwarding source routed IP packets"); 173 174 static int ip_acceptsourceroute = 0; 175 SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute, 176 CTLFLAG_RW, &ip_acceptsourceroute, 0, 177 "Enable accepting source routed IP packets"); 178 179 static int ip_keepfaith = 0; 180 SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, 181 &ip_keepfaith, 0, 182 "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); 183 184 static int nipq = 0; /* total # of reass queues */ 185 static int maxnipq; 186 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragpackets, CTLFLAG_RW, 187 &maxnipq, 0, 188 "Maximum number of IPv4 fragment reassembly queue entries"); 189 190 static int maxfragsperpacket; 191 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, 192 &maxfragsperpacket, 0, 193 "Maximum number of IPv4 fragments allowed per packet"); 194 195 static int ip_sendsourcequench = 0; 196 SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, 197 &ip_sendsourcequench, 0, 198 "Enable the transmission of source quench packets"); 199 200 /* 201 * XXX - Setting ip_checkinterface mostly implements the receive side of 202 * the Strong ES model described in RFC 1122, but since the routing table 203 * and transmit implementation do not implement the Strong ES model, 204 * setting this to 1 results in an odd hybrid. 205 * 206 * XXX - ip_checkinterface currently must be disabled if you use ipnat 207 * to translate the destination address to another local interface. 208 * 209 * XXX - ip_checkinterface must be disabled if you add IP aliases 210 * to the loopback interface instead of the interface where the 211 * packets for those addresses are received. 212 */ 213 static int ip_checkinterface = 0; 214 SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, 215 &ip_checkinterface, 0, "Verify packet arrives on correct interface"); 216 217 #ifdef DIAGNOSTIC 218 static int ipprintfs = 0; 219 #endif 220 221 static struct ifqueue ipintrq; 222 static int ipqmaxlen = IFQ_MAXLEN; 223 224 extern struct domain inetdomain; 225 extern struct ipprotosw inetsw[]; 226 u_char ip_protox[IPPROTO_MAX]; 227 struct in_ifaddrhead in_ifaddrhead; /* first inet address */ 228 struct in_ifaddrhashhead *in_ifaddrhashtbl; /* inet addr hash table */ 229 u_long in_ifaddrhmask; /* mask for hash table */ 230 231 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQMAXLEN, intr_queue_maxlen, CTLFLAG_RW, 232 &ipintrq.ifq_maxlen, 0, "Maximum size of the IP input queue"); 233 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQDROPS, intr_queue_drops, CTLFLAG_RD, 234 &ipintrq.ifq_drops, 0, "Number of packets dropped from the IP input queue"); 235 236 struct ip_stats ipstats_ary[MAXCPU]; 237 #ifdef SMP 238 static int 239 sysctl_ipstats(SYSCTL_HANDLER_ARGS) 240 { 241 int cpu, error = 0; 242 243 for (cpu = 0; cpu < ncpus; ++cpu) { 244 if ((error = SYSCTL_OUT(req, (void *)&ipstats_ary[cpu], 245 sizeof(struct ip_stats)))) 246 break; 247 if ((error = SYSCTL_IN(req, (void *)&ipstats_ary[cpu], 248 sizeof(struct ip_stats)))) 249 break; 250 } 251 252 return (error); 253 } 254 SYSCTL_PROC(_net_inet_ip, IPCTL_STATS, stats, (CTLTYPE_OPAQUE | CTLFLAG_RW), 255 0, 0, sysctl_ipstats, "S,ip_stats", "IP statistics"); 256 #else 257 SYSCTL_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, 258 &ipstat, ip_stats, "IP statistics"); 259 #endif 260 261 /* Packet reassembly stuff */ 262 #define IPREASS_NHASH_LOG2 6 263 #define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2) 264 #define IPREASS_HMASK (IPREASS_NHASH - 1) 265 #define IPREASS_HASH(x,y) \ 266 (((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK) 267 268 static struct ipq ipq[IPREASS_NHASH]; 269 const int ipintrq_present = 1; 270 271 #ifdef IPCTL_DEFMTU 272 SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW, 273 &ip_mtu, 0, "Default MTU"); 274 #endif 275 276 #ifdef IPSTEALTH 277 static int ipstealth = 0; 278 SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, &ipstealth, 0, ""); 279 #else 280 static const int ipstealth = 0; 281 #endif 282 283 284 /* Firewall hooks */ 285 ip_fw_chk_t *ip_fw_chk_ptr; 286 int fw_enable = 1; 287 int fw_one_pass = 1; 288 289 /* Dummynet hooks */ 290 ip_dn_io_t *ip_dn_io_ptr; 291 292 struct pfil_head inet_pfil_hook; 293 294 /* 295 * XXX this is ugly -- the following two global variables are 296 * used to store packet state while it travels through the stack. 297 * Note that the code even makes assumptions on the size and 298 * alignment of fields inside struct ip_srcrt so e.g. adding some 299 * fields will break the code. This needs to be fixed. 300 * 301 * We need to save the IP options in case a protocol wants to respond 302 * to an incoming packet over the same route if the packet got here 303 * using IP source routing. This allows connection establishment and 304 * maintenance when the remote end is on a network that is not known 305 * to us. 306 */ 307 static int ip_nhops = 0; 308 309 static struct ip_srcrt { 310 struct in_addr dst; /* final destination */ 311 char nop; /* one NOP to align */ 312 char srcopt[IPOPT_OFFSET + 1]; /* OPTVAL, OLEN and OFFSET */ 313 struct in_addr route[MAX_IPOPTLEN/sizeof(struct in_addr)]; 314 } ip_srcrt; 315 316 static MALLOC_DEFINE(M_IPQ, "ipq", "IP Fragment Management"); 317 static struct malloc_pipe ipq_mpipe; 318 319 static void save_rte (u_char *, struct in_addr); 320 static int ip_dooptions (struct mbuf *m, int, 321 struct sockaddr_in *next_hop); 322 static void ip_forward (struct mbuf *m, int srcrt, 323 struct sockaddr_in *next_hop); 324 static void ip_freef (struct ipq *); 325 static int ip_input_handler (struct netmsg *); 326 static struct mbuf *ip_reass (struct mbuf *, struct ipq *, 327 struct ipq *, u_int32_t *, u_int16_t *); 328 329 /* 330 * IP initialization: fill in IP protocol switch table. 331 * All protocols not implemented in kernel go to raw IP protocol handler. 332 */ 333 void 334 ip_init(void) 335 { 336 struct ipprotosw *pr; 337 int i; 338 #ifdef SMP 339 int cpu; 340 #endif 341 342 /* 343 * Make sure we can handle a reasonable number of fragments but 344 * cap it at 4000 (XXX). 345 */ 346 mpipe_init(&ipq_mpipe, M_IPQ, sizeof(struct ipq), 347 IFQ_MAXLEN, 4000, 0, NULL); 348 TAILQ_INIT(&in_ifaddrhead); 349 in_ifaddrhashtbl = hashinit(INADDR_NHASH, M_IFADDR, &in_ifaddrhmask); 350 pr = (struct ipprotosw *)pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); 351 if (pr == NULL) 352 panic("ip_init"); 353 for (i = 0; i < IPPROTO_MAX; i++) 354 ip_protox[i] = pr - inetsw; 355 for (pr = (struct ipprotosw *)inetdomain.dom_protosw; 356 pr < (struct ipprotosw *)inetdomain.dom_protoswNPROTOSW; pr++) 357 if (pr->pr_domain->dom_family == PF_INET && 358 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) 359 ip_protox[pr->pr_protocol] = pr - inetsw; 360 361 inet_pfil_hook.ph_type = PFIL_TYPE_AF; 362 inet_pfil_hook.ph_af = AF_INET; 363 if ((i = pfil_head_register(&inet_pfil_hook)) != 0) { 364 printf("%s: WARNING: unable to register pfil hook, " 365 "error %d\n", __func__, i); 366 } 367 368 for (i = 0; i < IPREASS_NHASH; i++) 369 ipq[i].next = ipq[i].prev = &ipq[i]; 370 371 maxnipq = nmbclusters / 32; 372 maxfragsperpacket = 16; 373 374 #ifndef RANDOM_IP_ID 375 ip_id = time_second & 0xffff; 376 #endif 377 ipintrq.ifq_maxlen = ipqmaxlen; 378 379 /* 380 * Initialize IP statistics. 381 * 382 * It is layed out as an array which is has one element for UP, 383 * and SMP_MAXCPU elements for SMP. This allows us to retain 384 * the access mechanism from userland for both UP and SMP. 385 */ 386 #ifdef SMP 387 for (cpu = 0; cpu < ncpus; ++cpu) { 388 bzero(&ipstats_ary[cpu], sizeof(struct ip_stats)); 389 } 390 #else 391 bzero(&ipstat, sizeof(struct ip_stats)); 392 #endif 393 394 netisr_register(NETISR_IP, ip_mport, ip_input_handler); 395 } 396 397 /* 398 * XXX watch out this one. It is perhaps used as a cache for 399 * the most recently used route ? it is cleared in in_addroute() 400 * when a new route is successfully created. 401 */ 402 struct route ipforward_rt; 403 static struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; 404 405 /* Do transport protocol processing. */ 406 static void 407 transport_processing_oncpu(struct mbuf *m, int hlen, struct ip *ip, 408 struct sockaddr_in *nexthop) 409 { 410 /* 411 * Switch out to protocol's input routine. 412 */ 413 if (nexthop && ip->ip_p == IPPROTO_TCP) { 414 /* TCP needs IPFORWARD info if available */ 415 struct m_hdr tag; 416 417 tag.mh_type = MT_TAG; 418 tag.mh_flags = PACKET_TAG_IPFORWARD; 419 tag.mh_data = (caddr_t)nexthop; 420 tag.mh_next = m; 421 422 (*inetsw[ip_protox[ip->ip_p]].pr_input) 423 ((struct mbuf *)&tag, hlen, ip->ip_p); 424 } else { 425 (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen, ip->ip_p); 426 } 427 } 428 429 struct netmsg_transport_packet { 430 struct lwkt_msg nm_lmsg; 431 struct mbuf *nm_mbuf; 432 int nm_hlen; 433 boolean_t nm_hasnexthop; 434 struct sockaddr_in nm_nexthop; 435 }; 436 437 static int 438 transport_processing_handler(lwkt_msg_t lmsg) 439 { 440 struct netmsg_transport_packet *msg = (void *)lmsg; 441 struct sockaddr_in *nexthop; 442 struct ip *ip; 443 444 ip = mtod(msg->nm_mbuf, struct ip *); 445 nexthop = msg->nm_hasnexthop ? &msg->nm_nexthop : NULL; 446 transport_processing_oncpu(msg->nm_mbuf, msg->nm_hlen, ip, nexthop); 447 lwkt_replymsg(lmsg, 0); 448 return(EASYNC); 449 } 450 451 static int 452 ip_input_handler(struct netmsg *msg0) 453 { 454 struct mbuf *m = ((struct netmsg_packet *)msg0)->nm_packet; 455 456 ip_input(m); 457 lwkt_replymsg(&msg0->nm_lmsg, 0); 458 return(EASYNC); 459 } 460 461 /* 462 * Ip input routine. Checksum and byte swap header. If fragmented 463 * try to reassemble. Process options. Pass to next level. 464 */ 465 void 466 ip_input(struct mbuf *m) 467 { 468 struct ip *ip; 469 struct ipq *fp; 470 struct in_ifaddr *ia = NULL; 471 struct ifaddr *ifa; 472 int i, hlen, checkif; 473 u_short sum; 474 struct in_addr pkt_dst; 475 u_int32_t divert_info = 0; /* packet divert/tee info */ 476 struct ip_fw_args args; 477 boolean_t using_srcrt = FALSE; /* forward (by PFIL_HOOKS) */ 478 boolean_t needredispatch = FALSE; 479 struct in_addr odst; /* original dst address(NAT) */ 480 #ifdef FAST_IPSEC 481 struct m_tag *mtag; 482 struct tdb_ident *tdbi; 483 struct secpolicy *sp; 484 int s, error; 485 #endif 486 487 args.eh = NULL; 488 args.oif = NULL; 489 args.rule = NULL; 490 args.divert_rule = 0; /* divert cookie */ 491 args.next_hop = NULL; 492 493 /* Grab info from MT_TAG mbufs prepended to the chain. */ 494 for (; m && m->m_type == MT_TAG; m = m->m_next) { 495 switch(m->_m_tag_id) { 496 default: 497 printf("ip_input: unrecognised MT_TAG tag %d\n", 498 m->_m_tag_id); 499 break; 500 501 case PACKET_TAG_DUMMYNET: 502 args.rule = ((struct dn_pkt *)m)->rule; 503 break; 504 505 case PACKET_TAG_DIVERT: 506 args.divert_rule = (int)m->m_hdr.mh_data & 0xffff; 507 break; 508 509 case PACKET_TAG_IPFORWARD: 510 args.next_hop = (struct sockaddr_in *)m->m_hdr.mh_data; 511 break; 512 } 513 } 514 515 KASSERT(m != NULL && (m->m_flags & M_PKTHDR) != 0, 516 ("ip_input: no HDR")); 517 518 if (args.rule) { /* dummynet already filtered us */ 519 ip = mtod(m, struct ip *); 520 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 521 goto iphack; 522 } 523 524 ipstat.ips_total++; 525 526 /* length checks already done in ip_demux() */ 527 KASSERT(m->m_len >= sizeof(ip), ("IP header not in one mbuf")); 528 529 ip = mtod(m, struct ip *); 530 531 if (IP_VHL_V(ip->ip_vhl) != IPVERSION) { 532 ipstat.ips_badvers++; 533 goto bad; 534 } 535 536 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 537 /* length checks already done in ip_demux() */ 538 KASSERT(hlen >= sizeof(struct ip), ("IP header len too small")); 539 KASSERT(m->m_len >= hlen, ("packet shorter than IP header length")); 540 541 /* 127/8 must not appear on wire - RFC1122 */ 542 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || 543 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { 544 if (!(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK)) { 545 ipstat.ips_badaddr++; 546 goto bad; 547 } 548 } 549 550 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 551 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 552 } else { 553 if (hlen == sizeof(struct ip)) { 554 sum = in_cksum_hdr(ip); 555 } else { 556 sum = in_cksum(m, hlen); 557 } 558 } 559 if (sum) { 560 ipstat.ips_badsum++; 561 goto bad; 562 } 563 564 /* 565 * Convert fields to host representation. 566 */ 567 ip->ip_len = ntohs(ip->ip_len); 568 if (ip->ip_len < hlen) { 569 ipstat.ips_badlen++; 570 goto bad; 571 } 572 ip->ip_off = ntohs(ip->ip_off); 573 574 /* 575 * Check that the amount of data in the buffers 576 * is as at least much as the IP header would have us expect. 577 * Trim mbufs if longer than we expect. 578 * Drop packet if shorter than we expect. 579 */ 580 if (m->m_pkthdr.len < ip->ip_len) { 581 ipstat.ips_tooshort++; 582 goto bad; 583 } 584 if (m->m_pkthdr.len > ip->ip_len) { 585 if (m->m_len == m->m_pkthdr.len) { 586 m->m_len = ip->ip_len; 587 m->m_pkthdr.len = ip->ip_len; 588 } else 589 m_adj(m, ip->ip_len - m->m_pkthdr.len); 590 } 591 #if defined(IPSEC) && !defined(IPSEC_FILTERGIF) 592 /* 593 * Bypass packet filtering for packets from a tunnel (gif). 594 */ 595 if (ipsec_gethist(m, NULL)) 596 goto pass; 597 #endif 598 599 /* 600 * IpHack's section. 601 * Right now when no processing on packet has done 602 * and it is still fresh out of network we do our black 603 * deals with it. 604 * - Firewall: deny/allow/divert 605 * - Xlate: translate packet's addr/port (NAT). 606 * - Pipe: pass pkt through dummynet. 607 * - Wrap: fake packet's addr/port <unimpl.> 608 * - Encapsulate: put it in another IP and send out. <unimp.> 609 */ 610 611 iphack: 612 613 /* 614 * Run through list of hooks for input packets. 615 * 616 * NB: Beware of the destination address changing (e.g. 617 * by NAT rewriting). When this happens, tell 618 * ip_forward to do the right thing. 619 */ 620 if (pfil_has_hooks(&inet_pfil_hook)) { 621 odst = ip->ip_dst; 622 if (pfil_run_hooks(&inet_pfil_hook, &m, 623 m->m_pkthdr.rcvif, PFIL_IN)) { 624 return; 625 } 626 if (m == NULL) /* consumed by filter */ 627 return; 628 ip = mtod(m, struct ip *); 629 using_srcrt = (odst.s_addr != ip->ip_dst.s_addr); 630 } 631 632 if (fw_enable && IPFW_LOADED) { 633 /* 634 * If we've been forwarded from the output side, then 635 * skip the firewall a second time 636 */ 637 if (args.next_hop) 638 goto ours; 639 640 args.m = m; 641 i = ip_fw_chk_ptr(&args); 642 m = args.m; 643 644 if ( (i & IP_FW_PORT_DENY_FLAG) || m == NULL) { /* drop */ 645 if (m) 646 m_freem(m); 647 return; 648 } 649 ip = mtod(m, struct ip *); /* just in case m changed */ 650 if (i == 0 && args.next_hop == NULL) /* common case */ 651 goto pass; 652 if (DUMMYNET_LOADED && (i & IP_FW_PORT_DYNT_FLAG)) { 653 /* Send packet to the appropriate pipe */ 654 ip_dn_io_ptr(m, i&0xffff, DN_TO_IP_IN, &args); 655 return; 656 } 657 #ifdef IPDIVERT 658 if (i != 0 && !(i & IP_FW_PORT_DYNT_FLAG)) { 659 /* Divert or tee packet */ 660 divert_info = i; 661 goto ours; 662 } 663 #endif 664 if (i == 0 && args.next_hop != NULL) 665 goto pass; 666 /* 667 * if we get here, the packet must be dropped 668 */ 669 m_freem(m); 670 return; 671 } 672 pass: 673 674 /* 675 * Process options and, if not destined for us, 676 * ship it on. ip_dooptions returns 1 when an 677 * error was detected (causing an icmp message 678 * to be sent and the original packet to be freed). 679 */ 680 ip_nhops = 0; /* for source routed packets */ 681 if (hlen > sizeof(struct ip) && ip_dooptions(m, 0, args.next_hop)) 682 return; 683 684 /* greedy RSVP, snatches any PATH packet of the RSVP protocol and no 685 * matter if it is destined to another node, or whether it is 686 * a multicast one, RSVP wants it! and prevents it from being forwarded 687 * anywhere else. Also checks if the rsvp daemon is running before 688 * grabbing the packet. 689 */ 690 if (rsvp_on && ip->ip_p == IPPROTO_RSVP) 691 goto ours; 692 693 /* 694 * Check our list of addresses, to see if the packet is for us. 695 * If we don't have any addresses, assume any unicast packet 696 * we receive might be for us (and let the upper layers deal 697 * with it). 698 */ 699 if (TAILQ_EMPTY(&in_ifaddrhead) && !(m->m_flags & (M_MCAST | M_BCAST))) 700 goto ours; 701 702 /* 703 * Cache the destination address of the packet; this may be 704 * changed by use of 'ipfw fwd'. 705 */ 706 pkt_dst = args.next_hop ? args.next_hop->sin_addr : ip->ip_dst; 707 708 /* 709 * Enable a consistency check between the destination address 710 * and the arrival interface for a unicast packet (the RFC 1122 711 * strong ES model) if IP forwarding is disabled and the packet 712 * is not locally generated and the packet is not subject to 713 * 'ipfw fwd'. 714 * 715 * XXX - Checking also should be disabled if the destination 716 * address is ipnat'ed to a different interface. 717 * 718 * XXX - Checking is incompatible with IP aliases added 719 * to the loopback interface instead of the interface where 720 * the packets are received. 721 */ 722 checkif = ip_checkinterface && 723 !ipforwarding && 724 m->m_pkthdr.rcvif != NULL && 725 !(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) && 726 (args.next_hop == NULL); 727 728 /* 729 * Check for exact addresses in the hash bucket. 730 */ 731 LIST_FOREACH(ia, INADDR_HASH(pkt_dst.s_addr), ia_hash) { 732 /* 733 * If the address matches, verify that the packet 734 * arrived via the correct interface if checking is 735 * enabled. 736 */ 737 if (IA_SIN(ia)->sin_addr.s_addr == pkt_dst.s_addr && 738 (!checkif || ia->ia_ifp == m->m_pkthdr.rcvif)) 739 goto ours; 740 } 741 /* 742 * Check for broadcast addresses. 743 * 744 * Only accept broadcast packets that arrive via the matching 745 * interface. Reception of forwarded directed broadcasts would 746 * be handled via ip_forward() and ether_output() with the loopback 747 * into the stack for SIMPLEX interfaces handled by ether_output(). 748 */ 749 if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { 750 TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) { 751 if (ifa->ifa_addr->sa_family != AF_INET) 752 continue; 753 ia = ifatoia(ifa); 754 if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr == 755 pkt_dst.s_addr) 756 goto ours; 757 if (ia->ia_netbroadcast.s_addr == pkt_dst.s_addr) 758 goto ours; 759 #ifdef BOOTP_COMPAT 760 if (IA_SIN(ia)->sin_addr.s_addr == INADDR_ANY) 761 goto ours; 762 #endif 763 } 764 } 765 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { 766 struct in_multi *inm; 767 if (ip_mrouter) { 768 /* 769 * If we are acting as a multicast router, all 770 * incoming multicast packets are passed to the 771 * kernel-level multicast forwarding function. 772 * The packet is returned (relatively) intact; if 773 * ip_mforward() returns a non-zero value, the packet 774 * must be discarded, else it may be accepted below. 775 */ 776 if (ip_mforward && 777 ip_mforward(ip, m->m_pkthdr.rcvif, m, NULL) != 0) { 778 ipstat.ips_cantforward++; 779 m_freem(m); 780 return; 781 } 782 783 /* 784 * The process-level routing daemon needs to receive 785 * all multicast IGMP packets, whether or not this 786 * host belongs to their destination groups. 787 */ 788 if (ip->ip_p == IPPROTO_IGMP) 789 goto ours; 790 ipstat.ips_forward++; 791 } 792 /* 793 * See if we belong to the destination multicast group on the 794 * arrival interface. 795 */ 796 IN_LOOKUP_MULTI(ip->ip_dst, m->m_pkthdr.rcvif, inm); 797 if (inm == NULL) { 798 ipstat.ips_notmember++; 799 m_freem(m); 800 return; 801 } 802 goto ours; 803 } 804 if (ip->ip_dst.s_addr == INADDR_BROADCAST) 805 goto ours; 806 if (ip->ip_dst.s_addr == INADDR_ANY) 807 goto ours; 808 809 /* 810 * FAITH(Firewall Aided Internet Translator) 811 */ 812 if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 813 if (ip_keepfaith) { 814 if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_ICMP) 815 goto ours; 816 } 817 m_freem(m); 818 return; 819 } 820 821 /* 822 * Not for us; forward if possible and desirable. 823 */ 824 if (!ipforwarding) { 825 ipstat.ips_cantforward++; 826 m_freem(m); 827 } else { 828 #ifdef IPSEC 829 /* 830 * Enforce inbound IPsec SPD. 831 */ 832 if (ipsec4_in_reject(m, NULL)) { 833 ipsecstat.in_polvio++; 834 goto bad; 835 } 836 #endif 837 #ifdef FAST_IPSEC 838 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 839 s = splnet(); 840 if (mtag != NULL) { 841 tdbi = (struct tdb_ident *)(mtag + 1); 842 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 843 } else { 844 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 845 IP_FORWARDING, &error); 846 } 847 if (sp == NULL) { /* NB: can happen if error */ 848 splx(s); 849 /*XXX error stat???*/ 850 DPRINTF(("ip_input: no SP for forwarding\n")); /*XXX*/ 851 goto bad; 852 } 853 854 /* 855 * Check security policy against packet attributes. 856 */ 857 error = ipsec_in_reject(sp, m); 858 KEY_FREESP(&sp); 859 splx(s); 860 if (error) { 861 ipstat.ips_cantforward++; 862 goto bad; 863 } 864 #endif 865 ip_forward(m, using_srcrt, args.next_hop); 866 } 867 return; 868 869 ours: 870 871 /* 872 * IPSTEALTH: Process non-routing options only 873 * if the packet is destined for us. 874 */ 875 if (ipstealth && 876 hlen > sizeof(struct ip) && 877 ip_dooptions(m, 1, args.next_hop)) 878 return; 879 880 /* Count the packet in the ip address stats */ 881 if (ia != NULL) { 882 ia->ia_ifa.if_ipackets++; 883 ia->ia_ifa.if_ibytes += m->m_pkthdr.len; 884 } 885 886 /* 887 * If offset or IP_MF are set, must reassemble. 888 * Otherwise, nothing need be done. 889 * (We could look in the reassembly queue to see 890 * if the packet was previously fragmented, 891 * but it's not worth the time; just let them time out.) 892 */ 893 if (ip->ip_off & (IP_MF | IP_OFFMASK)) { 894 895 /* If maxnipq is 0, never accept fragments. */ 896 if (maxnipq == 0) { 897 ipstat.ips_fragments++; 898 ipstat.ips_fragdropped++; 899 goto bad; 900 } 901 902 sum = IPREASS_HASH(ip->ip_src.s_addr, ip->ip_id); 903 /* 904 * Look for queue of fragments 905 * of this datagram. 906 */ 907 for (fp = ipq[sum].next; fp != &ipq[sum]; fp = fp->next) 908 if (ip->ip_id == fp->ipq_id && 909 ip->ip_src.s_addr == fp->ipq_src.s_addr && 910 ip->ip_dst.s_addr == fp->ipq_dst.s_addr && 911 ip->ip_p == fp->ipq_p) 912 goto found; 913 914 fp = NULL; 915 916 /* 917 * Enforce upper bound on number of fragmented packets 918 * for which we attempt reassembly; 919 * If maxnipq is -1, accept all fragments without limitation. 920 */ 921 if ((nipq > maxnipq) && (maxnipq > 0)) { 922 /* 923 * drop something from the tail of the current queue 924 * before proceeding further 925 */ 926 if (ipq[sum].prev == &ipq[sum]) { /* gak */ 927 for (i = 0; i < IPREASS_NHASH; i++) { 928 if (ipq[i].prev != &ipq[i]) { 929 ipstat.ips_fragtimeout += 930 ipq[i].prev->ipq_nfrags; 931 ip_freef(ipq[i].prev); 932 break; 933 } 934 } 935 } else { 936 ipstat.ips_fragtimeout += 937 ipq[sum].prev->ipq_nfrags; 938 ip_freef(ipq[sum].prev); 939 } 940 } 941 found: 942 /* 943 * Adjust ip_len to not reflect header, 944 * convert offset of this to bytes. 945 */ 946 ip->ip_len -= hlen; 947 if (ip->ip_off & IP_MF) { 948 /* 949 * Make sure that fragments have a data length 950 * that's a non-zero multiple of 8 bytes. 951 */ 952 if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) { 953 ipstat.ips_toosmall++; /* XXX */ 954 goto bad; 955 } 956 m->m_flags |= M_FRAG; 957 } else 958 m->m_flags &= ~M_FRAG; 959 ip->ip_off <<= 3; 960 961 /* 962 * Attempt reassembly; if it succeeds, proceed. 963 * ip_reass() will return a different mbuf, and update 964 * the divert info in divert_info and args.divert_rule. 965 */ 966 ipstat.ips_fragments++; 967 m->m_pkthdr.header = ip; 968 m = ip_reass(m, fp, &ipq[sum], &divert_info, &args.divert_rule); 969 if (m == NULL) 970 return; 971 ipstat.ips_reassembled++; 972 needredispatch = TRUE; 973 ip = mtod(m, struct ip *); 974 /* Get the header length of the reassembled packet */ 975 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 976 #ifdef IPDIVERT 977 /* Restore original checksum before diverting packet */ 978 if (divert_info != 0) { 979 ip->ip_len += hlen; 980 ip->ip_len = htons(ip->ip_len); 981 ip->ip_off = htons(ip->ip_off); 982 ip->ip_sum = 0; 983 if (hlen == sizeof(struct ip)) 984 ip->ip_sum = in_cksum_hdr(ip); 985 else 986 ip->ip_sum = in_cksum(m, hlen); 987 ip->ip_off = ntohs(ip->ip_off); 988 ip->ip_len = ntohs(ip->ip_len); 989 ip->ip_len -= hlen; 990 } 991 #endif 992 } else { 993 ip->ip_len -= hlen; 994 } 995 996 #ifdef IPDIVERT 997 /* 998 * Divert or tee packet to the divert protocol if required. 999 */ 1000 if (divert_info != 0) { 1001 struct mbuf *clone = NULL; 1002 1003 /* Clone packet if we're doing a 'tee' */ 1004 if ((divert_info & IP_FW_PORT_TEE_FLAG) != 0) 1005 clone = m_dup(m, MB_DONTWAIT); 1006 1007 /* Restore packet header fields to original values */ 1008 ip->ip_len += hlen; 1009 ip->ip_len = htons(ip->ip_len); 1010 ip->ip_off = htons(ip->ip_off); 1011 1012 /* Deliver packet to divert input routine */ 1013 divert_packet(m, 1, divert_info & 0xffff, args.divert_rule); 1014 ipstat.ips_delivered++; 1015 1016 /* If 'tee', continue with original packet */ 1017 if (clone == NULL) 1018 return; 1019 m = clone; 1020 ip = mtod(m, struct ip *); 1021 ip->ip_len += hlen; 1022 /* 1023 * Jump backwards to complete processing of the 1024 * packet. But first clear divert_info to avoid 1025 * entering this block again. 1026 * We do not need to clear args.divert_rule 1027 * or args.next_hop as they will not be used. 1028 */ 1029 divert_info = 0; 1030 goto pass; 1031 } 1032 #endif 1033 1034 #ifdef IPSEC 1035 /* 1036 * enforce IPsec policy checking if we are seeing last header. 1037 * note that we do not visit this with protocols with pcb layer 1038 * code - like udp/tcp/raw ip. 1039 */ 1040 if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) && 1041 ipsec4_in_reject(m, NULL)) { 1042 ipsecstat.in_polvio++; 1043 goto bad; 1044 } 1045 #endif 1046 #if FAST_IPSEC 1047 /* 1048 * enforce IPsec policy checking if we are seeing last header. 1049 * note that we do not visit this with protocols with pcb layer 1050 * code - like udp/tcp/raw ip. 1051 */ 1052 if (inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) { 1053 /* 1054 * Check if the packet has already had IPsec processing 1055 * done. If so, then just pass it along. This tag gets 1056 * set during AH, ESP, etc. input handling, before the 1057 * packet is returned to the ip input queue for delivery. 1058 */ 1059 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 1060 s = splnet(); 1061 if (mtag != NULL) { 1062 tdbi = (struct tdb_ident *)(mtag + 1); 1063 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 1064 } else { 1065 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 1066 IP_FORWARDING, &error); 1067 } 1068 if (sp != NULL) { 1069 /* 1070 * Check security policy against packet attributes. 1071 */ 1072 error = ipsec_in_reject(sp, m); 1073 KEY_FREESP(&sp); 1074 } else { 1075 /* XXX error stat??? */ 1076 error = EINVAL; 1077 DPRINTF(("ip_input: no SP, packet discarded\n"));/*XXX*/ 1078 goto bad; 1079 } 1080 splx(s); 1081 if (error) 1082 goto bad; 1083 } 1084 #endif /* FAST_IPSEC */ 1085 1086 ipstat.ips_delivered++; 1087 if (needredispatch) { 1088 struct netmsg_transport_packet *msg; 1089 lwkt_port_t port; 1090 1091 msg = malloc(sizeof(struct netmsg_transport_packet), 1092 M_LWKTMSG, M_INTWAIT | M_NULLOK); 1093 if (msg == NULL) 1094 goto bad; 1095 1096 lwkt_initmsg(&msg->nm_lmsg, &netisr_afree_rport, 0, 1097 lwkt_cmd_func(transport_processing_handler), 1098 lwkt_cmd_op_none); 1099 msg->nm_hlen = hlen; 1100 msg->nm_hasnexthop = (args.next_hop != NULL); 1101 if (msg->nm_hasnexthop) 1102 msg->nm_nexthop = *args.next_hop; /* structure copy */ 1103 1104 ip->ip_off = htons(ip->ip_off); 1105 ip->ip_len = htons(ip->ip_len); 1106 port = ip_mport(&m); 1107 if (port) { 1108 msg->nm_mbuf = m; 1109 ip = mtod(m, struct ip *); 1110 ip->ip_len = ntohs(ip->ip_len); 1111 ip->ip_off = ntohs(ip->ip_off); 1112 lwkt_sendmsg(port, &msg->nm_lmsg); 1113 } 1114 } else { 1115 transport_processing_oncpu(m, hlen, ip, args.next_hop); 1116 } 1117 return; 1118 1119 bad: 1120 m_freem(m); 1121 } 1122 1123 /* 1124 * Take incoming datagram fragment and try to reassemble it into 1125 * whole datagram. If a chain for reassembly of this datagram already 1126 * exists, then it is given as fp; otherwise have to make a chain. 1127 * 1128 * When IPDIVERT enabled, keep additional state with each packet that 1129 * tells us if we need to divert or tee the packet we're building. 1130 * In particular, *divinfo includes the port and TEE flag, 1131 * *divert_rule is the number of the matching rule. 1132 */ 1133 1134 static struct mbuf * 1135 ip_reass(struct mbuf *m, struct ipq *fp, struct ipq *where, 1136 u_int32_t *divinfo, u_int16_t *divert_rule) 1137 { 1138 struct ip *ip = mtod(m, struct ip *); 1139 struct mbuf *p = NULL, *q, *nq; 1140 struct mbuf *n; 1141 int hlen = IP_VHL_HL(ip->ip_vhl) << 2; 1142 int i, next; 1143 1144 /* 1145 * Presence of header sizes in mbufs 1146 * would confuse code below. 1147 */ 1148 m->m_data += hlen; 1149 m->m_len -= hlen; 1150 1151 /* 1152 * If first fragment to arrive, create a reassembly queue. 1153 */ 1154 if (fp == NULL) { 1155 if ((fp = mpipe_alloc_nowait(&ipq_mpipe)) == NULL) 1156 goto dropfrag; 1157 insque(fp, where); 1158 nipq++; 1159 fp->ipq_nfrags = 1; 1160 fp->ipq_ttl = IPFRAGTTL; 1161 fp->ipq_p = ip->ip_p; 1162 fp->ipq_id = ip->ip_id; 1163 fp->ipq_src = ip->ip_src; 1164 fp->ipq_dst = ip->ip_dst; 1165 fp->ipq_frags = m; 1166 m->m_nextpkt = NULL; 1167 #ifdef IPDIVERT 1168 fp->ipq_div_info = 0; 1169 fp->ipq_div_cookie = 0; 1170 #endif 1171 goto inserted; 1172 } else { 1173 fp->ipq_nfrags++; 1174 } 1175 1176 #define GETIP(m) ((struct ip*)((m)->m_pkthdr.header)) 1177 1178 /* 1179 * Find a segment which begins after this one does. 1180 */ 1181 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) 1182 if (GETIP(q)->ip_off > ip->ip_off) 1183 break; 1184 1185 /* 1186 * If there is a preceding segment, it may provide some of 1187 * our data already. If so, drop the data from the incoming 1188 * segment. If it provides all of our data, drop us, otherwise 1189 * stick new segment in the proper place. 1190 * 1191 * If some of the data is dropped from the the preceding 1192 * segment, then it's checksum is invalidated. 1193 */ 1194 if (p) { 1195 i = GETIP(p)->ip_off + GETIP(p)->ip_len - ip->ip_off; 1196 if (i > 0) { 1197 if (i >= ip->ip_len) 1198 goto dropfrag; 1199 m_adj(m, i); 1200 m->m_pkthdr.csum_flags = 0; 1201 ip->ip_off += i; 1202 ip->ip_len -= i; 1203 } 1204 m->m_nextpkt = p->m_nextpkt; 1205 p->m_nextpkt = m; 1206 } else { 1207 m->m_nextpkt = fp->ipq_frags; 1208 fp->ipq_frags = m; 1209 } 1210 1211 /* 1212 * While we overlap succeeding segments trim them or, 1213 * if they are completely covered, dequeue them. 1214 */ 1215 for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off; 1216 q = nq) { 1217 i = (ip->ip_off + ip->ip_len) - GETIP(q)->ip_off; 1218 if (i < GETIP(q)->ip_len) { 1219 GETIP(q)->ip_len -= i; 1220 GETIP(q)->ip_off += i; 1221 m_adj(q, i); 1222 q->m_pkthdr.csum_flags = 0; 1223 break; 1224 } 1225 nq = q->m_nextpkt; 1226 m->m_nextpkt = nq; 1227 ipstat.ips_fragdropped++; 1228 fp->ipq_nfrags--; 1229 m_freem(q); 1230 } 1231 1232 inserted: 1233 1234 #ifdef IPDIVERT 1235 /* 1236 * Transfer firewall instructions to the fragment structure. 1237 * Only trust info in the fragment at offset 0. 1238 */ 1239 if (ip->ip_off == 0) { 1240 fp->ipq_div_info = *divinfo; 1241 fp->ipq_div_cookie = *divert_rule; 1242 } 1243 *divinfo = 0; 1244 *divert_rule = 0; 1245 #endif 1246 1247 /* 1248 * Check for complete reassembly and perform frag per packet 1249 * limiting. 1250 * 1251 * Frag limiting is performed here so that the nth frag has 1252 * a chance to complete the packet before we drop the packet. 1253 * As a result, n+1 frags are actually allowed per packet, but 1254 * only n will ever be stored. (n = maxfragsperpacket.) 1255 * 1256 */ 1257 next = 0; 1258 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) { 1259 if (GETIP(q)->ip_off != next) { 1260 if (fp->ipq_nfrags > maxfragsperpacket) { 1261 ipstat.ips_fragdropped += fp->ipq_nfrags; 1262 ip_freef(fp); 1263 } 1264 return (NULL); 1265 } 1266 next += GETIP(q)->ip_len; 1267 } 1268 /* Make sure the last packet didn't have the IP_MF flag */ 1269 if (p->m_flags & M_FRAG) { 1270 if (fp->ipq_nfrags > maxfragsperpacket) { 1271 ipstat.ips_fragdropped += fp->ipq_nfrags; 1272 ip_freef(fp); 1273 } 1274 return (NULL); 1275 } 1276 1277 /* 1278 * Reassembly is complete. Make sure the packet is a sane size. 1279 */ 1280 q = fp->ipq_frags; 1281 ip = GETIP(q); 1282 if (next + (IP_VHL_HL(ip->ip_vhl) << 2) > IP_MAXPACKET) { 1283 ipstat.ips_toolong++; 1284 ipstat.ips_fragdropped += fp->ipq_nfrags; 1285 ip_freef(fp); 1286 return (NULL); 1287 } 1288 1289 /* 1290 * Concatenate fragments. 1291 */ 1292 m = q; 1293 n = m->m_next; 1294 m->m_next = NULL; 1295 m_cat(m, n); 1296 nq = q->m_nextpkt; 1297 q->m_nextpkt = NULL; 1298 for (q = nq; q != NULL; q = nq) { 1299 nq = q->m_nextpkt; 1300 q->m_nextpkt = NULL; 1301 m->m_pkthdr.csum_flags &= q->m_pkthdr.csum_flags; 1302 m->m_pkthdr.csum_data += q->m_pkthdr.csum_data; 1303 m_cat(m, q); 1304 } 1305 1306 #ifdef IPDIVERT 1307 /* 1308 * Extract firewall instructions from the fragment structure. 1309 */ 1310 *divinfo = fp->ipq_div_info; 1311 *divert_rule = fp->ipq_div_cookie; 1312 #endif 1313 1314 /* 1315 * Create header for new ip packet by 1316 * modifying header of first packet; 1317 * dequeue and discard fragment reassembly header. 1318 * Make header visible. 1319 */ 1320 ip->ip_len = next; 1321 ip->ip_src = fp->ipq_src; 1322 ip->ip_dst = fp->ipq_dst; 1323 remque(fp); 1324 nipq--; 1325 mpipe_free(&ipq_mpipe, fp); 1326 m->m_len += (IP_VHL_HL(ip->ip_vhl) << 2); 1327 m->m_data -= (IP_VHL_HL(ip->ip_vhl) << 2); 1328 /* some debugging cruft by sklower, below, will go away soon */ 1329 if (m->m_flags & M_PKTHDR) { /* XXX this should be done elsewhere */ 1330 int plen = 0; 1331 1332 for (n = m; n; n = n->m_next) 1333 plen += n->m_len; 1334 m->m_pkthdr.len = plen; 1335 } 1336 return (m); 1337 1338 dropfrag: 1339 #ifdef IPDIVERT 1340 *divinfo = 0; 1341 *divert_rule = 0; 1342 #endif 1343 ipstat.ips_fragdropped++; 1344 if (fp != NULL) 1345 fp->ipq_nfrags--; 1346 m_freem(m); 1347 return (NULL); 1348 1349 #undef GETIP 1350 } 1351 1352 /* 1353 * Free a fragment reassembly header and all 1354 * associated datagrams. 1355 */ 1356 static void 1357 ip_freef(struct ipq *fp) 1358 { 1359 struct mbuf *q; 1360 1361 while (fp->ipq_frags) { 1362 q = fp->ipq_frags; 1363 fp->ipq_frags = q->m_nextpkt; 1364 m_freem(q); 1365 } 1366 remque(fp); 1367 mpipe_free(&ipq_mpipe, fp); 1368 nipq--; 1369 } 1370 1371 /* 1372 * IP timer processing; 1373 * if a timer expires on a reassembly 1374 * queue, discard it. 1375 */ 1376 void 1377 ip_slowtimo(void) 1378 { 1379 struct ipq *fp; 1380 int s = splnet(); 1381 int i; 1382 1383 for (i = 0; i < IPREASS_NHASH; i++) { 1384 fp = ipq[i].next; 1385 if (fp == NULL) 1386 continue; 1387 while (fp != &ipq[i]) { 1388 --fp->ipq_ttl; 1389 fp = fp->next; 1390 if (fp->prev->ipq_ttl == 0) { 1391 ipstat.ips_fragtimeout += fp->prev->ipq_nfrags; 1392 ip_freef(fp->prev); 1393 } 1394 } 1395 } 1396 /* 1397 * If we are over the maximum number of fragments 1398 * (due to the limit being lowered), drain off 1399 * enough to get down to the new limit. 1400 */ 1401 if (maxnipq >= 0 && nipq > maxnipq) { 1402 for (i = 0; i < IPREASS_NHASH; i++) { 1403 while (nipq > maxnipq && 1404 (ipq[i].next != &ipq[i])) { 1405 ipstat.ips_fragdropped += 1406 ipq[i].next->ipq_nfrags; 1407 ip_freef(ipq[i].next); 1408 } 1409 } 1410 } 1411 ipflow_slowtimo(); 1412 splx(s); 1413 } 1414 1415 /* 1416 * Drain off all datagram fragments. 1417 */ 1418 void 1419 ip_drain(void) 1420 { 1421 int i; 1422 1423 for (i = 0; i < IPREASS_NHASH; i++) { 1424 while (ipq[i].next != &ipq[i]) { 1425 ipstat.ips_fragdropped += ipq[i].next->ipq_nfrags; 1426 ip_freef(ipq[i].next); 1427 } 1428 } 1429 in_rtqdrain(); 1430 } 1431 1432 /* 1433 * Do option processing on a datagram, 1434 * possibly discarding it if bad options are encountered, 1435 * or forwarding it if source-routed. 1436 * The pass argument is used when operating in the IPSTEALTH 1437 * mode to tell what options to process: 1438 * [LS]SRR (pass 0) or the others (pass 1). 1439 * The reason for as many as two passes is that when doing IPSTEALTH, 1440 * non-routing options should be processed only if the packet is for us. 1441 * Returns 1 if packet has been forwarded/freed, 1442 * 0 if the packet should be processed further. 1443 */ 1444 static int 1445 ip_dooptions(struct mbuf *m, int pass, struct sockaddr_in *next_hop) 1446 { 1447 struct ip *ip = mtod(m, struct ip *); 1448 u_char *cp; 1449 struct in_ifaddr *ia; 1450 int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB; 1451 boolean_t forward = FALSE; 1452 struct in_addr *sin, dst; 1453 n_time ntime; 1454 1455 dst = ip->ip_dst; 1456 cp = (u_char *)(ip + 1); 1457 cnt = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof(struct ip); 1458 for (; cnt > 0; cnt -= optlen, cp += optlen) { 1459 opt = cp[IPOPT_OPTVAL]; 1460 if (opt == IPOPT_EOL) 1461 break; 1462 if (opt == IPOPT_NOP) 1463 optlen = 1; 1464 else { 1465 if (cnt < IPOPT_OLEN + sizeof(*cp)) { 1466 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1467 goto bad; 1468 } 1469 optlen = cp[IPOPT_OLEN]; 1470 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { 1471 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1472 goto bad; 1473 } 1474 } 1475 switch (opt) { 1476 1477 default: 1478 break; 1479 1480 /* 1481 * Source routing with record. 1482 * Find interface with current destination address. 1483 * If none on this machine then drop if strictly routed, 1484 * or do nothing if loosely routed. 1485 * Record interface address and bring up next address 1486 * component. If strictly routed make sure next 1487 * address is on directly accessible net. 1488 */ 1489 case IPOPT_LSRR: 1490 case IPOPT_SSRR: 1491 if (ipstealth && pass > 0) 1492 break; 1493 if (optlen < IPOPT_OFFSET + sizeof(*cp)) { 1494 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1495 goto bad; 1496 } 1497 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { 1498 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1499 goto bad; 1500 } 1501 ipaddr.sin_addr = ip->ip_dst; 1502 ia = (struct in_ifaddr *) 1503 ifa_ifwithaddr((struct sockaddr *)&ipaddr); 1504 if (ia == NULL) { 1505 if (opt == IPOPT_SSRR) { 1506 type = ICMP_UNREACH; 1507 code = ICMP_UNREACH_SRCFAIL; 1508 goto bad; 1509 } 1510 if (!ip_dosourceroute) 1511 goto nosourcerouting; 1512 /* 1513 * Loose routing, and not at next destination 1514 * yet; nothing to do except forward. 1515 */ 1516 break; 1517 } 1518 off--; /* 0 origin */ 1519 if (off > optlen - (int)sizeof(struct in_addr)) { 1520 /* 1521 * End of source route. Should be for us. 1522 */ 1523 if (!ip_acceptsourceroute) 1524 goto nosourcerouting; 1525 save_rte(cp, ip->ip_src); 1526 break; 1527 } 1528 if (ipstealth) 1529 goto dropit; 1530 if (!ip_dosourceroute) { 1531 if (ipforwarding) { 1532 char buf[16]; /* aaa.bbb.ccc.ddd\0 */ 1533 /* 1534 * Acting as a router, so generate ICMP 1535 */ 1536 nosourcerouting: 1537 strcpy(buf, inet_ntoa(ip->ip_dst)); 1538 log(LOG_WARNING, 1539 "attempted source route from %s to %s\n", 1540 inet_ntoa(ip->ip_src), buf); 1541 type = ICMP_UNREACH; 1542 code = ICMP_UNREACH_SRCFAIL; 1543 goto bad; 1544 } else { 1545 /* 1546 * Not acting as a router, 1547 * so silently drop. 1548 */ 1549 dropit: 1550 ipstat.ips_cantforward++; 1551 m_freem(m); 1552 return (1); 1553 } 1554 } 1555 1556 /* 1557 * locate outgoing interface 1558 */ 1559 (void)memcpy(&ipaddr.sin_addr, cp + off, 1560 sizeof(ipaddr.sin_addr)); 1561 1562 if (opt == IPOPT_SSRR) { 1563 #define INA struct in_ifaddr * 1564 #define SA struct sockaddr * 1565 if ((ia = (INA)ifa_ifwithdstaddr((SA)&ipaddr)) 1566 == NULL) 1567 ia = (INA)ifa_ifwithnet((SA)&ipaddr); 1568 } else 1569 ia = ip_rtaddr(ipaddr.sin_addr, &ipforward_rt); 1570 if (ia == NULL) { 1571 type = ICMP_UNREACH; 1572 code = ICMP_UNREACH_SRCFAIL; 1573 goto bad; 1574 } 1575 ip->ip_dst = ipaddr.sin_addr; 1576 (void)memcpy(cp + off, &(IA_SIN(ia)->sin_addr), 1577 sizeof(struct in_addr)); 1578 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1579 /* 1580 * Let ip_intr's mcast routing check handle mcast pkts 1581 */ 1582 forward = !IN_MULTICAST(ntohl(ip->ip_dst.s_addr)); 1583 break; 1584 1585 case IPOPT_RR: 1586 if (ipstealth && pass == 0) 1587 break; 1588 if (optlen < IPOPT_OFFSET + sizeof(*cp)) { 1589 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1590 goto bad; 1591 } 1592 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { 1593 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1594 goto bad; 1595 } 1596 /* 1597 * If no space remains, ignore. 1598 */ 1599 off--; /* 0 origin */ 1600 if (off > optlen - (int)sizeof(struct in_addr)) 1601 break; 1602 (void)memcpy(&ipaddr.sin_addr, &ip->ip_dst, 1603 sizeof(ipaddr.sin_addr)); 1604 /* 1605 * locate outgoing interface; if we're the destination, 1606 * use the incoming interface (should be same). 1607 */ 1608 if ((ia = (INA)ifa_ifwithaddr((SA)&ipaddr)) == NULL && 1609 (ia = ip_rtaddr(ipaddr.sin_addr, &ipforward_rt)) 1610 == NULL) { 1611 type = ICMP_UNREACH; 1612 code = ICMP_UNREACH_HOST; 1613 goto bad; 1614 } 1615 (void)memcpy(cp + off, &(IA_SIN(ia)->sin_addr), 1616 sizeof(struct in_addr)); 1617 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1618 break; 1619 1620 case IPOPT_TS: 1621 if (ipstealth && pass == 0) 1622 break; 1623 code = cp - (u_char *)ip; 1624 if (optlen < 4 || optlen > 40) { 1625 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1626 goto bad; 1627 } 1628 if ((off = cp[IPOPT_OFFSET]) < 5) { 1629 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1630 goto bad; 1631 } 1632 if (off > optlen - (int)sizeof(int32_t)) { 1633 cp[IPOPT_OFFSET + 1] += (1 << 4); 1634 if ((cp[IPOPT_OFFSET + 1] & 0xf0) == 0) { 1635 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1636 goto bad; 1637 } 1638 break; 1639 } 1640 off--; /* 0 origin */ 1641 sin = (struct in_addr *)(cp + off); 1642 switch (cp[IPOPT_OFFSET + 1] & 0x0f) { 1643 1644 case IPOPT_TS_TSONLY: 1645 break; 1646 1647 case IPOPT_TS_TSANDADDR: 1648 if (off + sizeof(n_time) + 1649 sizeof(struct in_addr) > optlen) { 1650 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1651 goto bad; 1652 } 1653 ipaddr.sin_addr = dst; 1654 ia = (INA)ifaof_ifpforaddr((SA)&ipaddr, 1655 m->m_pkthdr.rcvif); 1656 if (ia == NULL) 1657 continue; 1658 (void)memcpy(sin, &IA_SIN(ia)->sin_addr, 1659 sizeof(struct in_addr)); 1660 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1661 off += sizeof(struct in_addr); 1662 break; 1663 1664 case IPOPT_TS_PRESPEC: 1665 if (off + sizeof(n_time) + 1666 sizeof(struct in_addr) > optlen) { 1667 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1668 goto bad; 1669 } 1670 (void)memcpy(&ipaddr.sin_addr, sin, 1671 sizeof(struct in_addr)); 1672 if (ifa_ifwithaddr((SA)&ipaddr) == NULL) 1673 continue; 1674 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1675 off += sizeof(struct in_addr); 1676 break; 1677 1678 default: 1679 code = &cp[IPOPT_OFFSET + 1] - (u_char *)ip; 1680 goto bad; 1681 } 1682 ntime = iptime(); 1683 (void)memcpy(cp + off, &ntime, sizeof(n_time)); 1684 cp[IPOPT_OFFSET] += sizeof(n_time); 1685 } 1686 } 1687 if (forward && ipforwarding) { 1688 ip_forward(m, 1, next_hop); 1689 return (1); 1690 } 1691 return (0); 1692 bad: 1693 icmp_error(m, type, code, 0, NULL); 1694 ipstat.ips_badoptions++; 1695 return (1); 1696 } 1697 1698 /* 1699 * Given address of next destination (final or next hop), 1700 * return internet address info of interface to be used to get there. 1701 */ 1702 struct in_ifaddr * 1703 ip_rtaddr(struct in_addr dst, struct route *rt) 1704 { 1705 struct sockaddr_in *sin; 1706 1707 sin = (struct sockaddr_in *)&rt->ro_dst; 1708 1709 if (rt->ro_rt == NULL || dst.s_addr != sin->sin_addr.s_addr) { 1710 if (rt->ro_rt != NULL) { 1711 RTFREE(rt->ro_rt); 1712 rt->ro_rt = NULL; 1713 } 1714 sin->sin_family = AF_INET; 1715 sin->sin_len = sizeof(*sin); 1716 sin->sin_addr = dst; 1717 rtalloc_ign(rt, RTF_PRCLONING); 1718 } 1719 1720 if (rt->ro_rt == NULL) 1721 return (NULL); 1722 1723 return (ifatoia(rt->ro_rt->rt_ifa)); 1724 } 1725 1726 /* 1727 * Save incoming source route for use in replies, 1728 * to be picked up later by ip_srcroute if the receiver is interested. 1729 */ 1730 void 1731 save_rte(u_char *option, struct in_addr dst) 1732 { 1733 unsigned olen; 1734 1735 olen = option[IPOPT_OLEN]; 1736 #ifdef DIAGNOSTIC 1737 if (ipprintfs) 1738 printf("save_rte: olen %d\n", olen); 1739 #endif 1740 if (olen > sizeof(ip_srcrt) - (1 + sizeof(dst))) 1741 return; 1742 bcopy(option, ip_srcrt.srcopt, olen); 1743 ip_nhops = (olen - IPOPT_OFFSET - 1) / sizeof(struct in_addr); 1744 ip_srcrt.dst = dst; 1745 } 1746 1747 /* 1748 * Retrieve incoming source route for use in replies, 1749 * in the same form used by setsockopt. 1750 * The first hop is placed before the options, will be removed later. 1751 */ 1752 struct mbuf * 1753 ip_srcroute(void) 1754 { 1755 struct in_addr *p, *q; 1756 struct mbuf *m; 1757 1758 if (ip_nhops == 0) 1759 return (NULL); 1760 m = m_get(MB_DONTWAIT, MT_HEADER); 1761 if (m == NULL) 1762 return (NULL); 1763 1764 #define OPTSIZ (sizeof(ip_srcrt.nop) + sizeof(ip_srcrt.srcopt)) 1765 1766 /* length is (nhops+1)*sizeof(addr) + sizeof(nop + srcrt header) */ 1767 m->m_len = ip_nhops * sizeof(struct in_addr) + sizeof(struct in_addr) + 1768 OPTSIZ; 1769 #ifdef DIAGNOSTIC 1770 if (ipprintfs) 1771 printf("ip_srcroute: nhops %d mlen %d", ip_nhops, m->m_len); 1772 #endif 1773 1774 /* 1775 * First save first hop for return route 1776 */ 1777 p = &ip_srcrt.route[ip_nhops - 1]; 1778 *(mtod(m, struct in_addr *)) = *p--; 1779 #ifdef DIAGNOSTIC 1780 if (ipprintfs) 1781 printf(" hops %lx", ntohl(mtod(m, struct in_addr *)->s_addr)); 1782 #endif 1783 1784 /* 1785 * Copy option fields and padding (nop) to mbuf. 1786 */ 1787 ip_srcrt.nop = IPOPT_NOP; 1788 ip_srcrt.srcopt[IPOPT_OFFSET] = IPOPT_MINOFF; 1789 (void)memcpy(mtod(m, caddr_t) + sizeof(struct in_addr), &ip_srcrt.nop, 1790 OPTSIZ); 1791 q = (struct in_addr *)(mtod(m, caddr_t) + 1792 sizeof(struct in_addr) + OPTSIZ); 1793 #undef OPTSIZ 1794 /* 1795 * Record return path as an IP source route, 1796 * reversing the path (pointers are now aligned). 1797 */ 1798 while (p >= ip_srcrt.route) { 1799 #ifdef DIAGNOSTIC 1800 if (ipprintfs) 1801 printf(" %lx", ntohl(q->s_addr)); 1802 #endif 1803 *q++ = *p--; 1804 } 1805 /* 1806 * Last hop goes to final destination. 1807 */ 1808 *q = ip_srcrt.dst; 1809 #ifdef DIAGNOSTIC 1810 if (ipprintfs) 1811 printf(" %lx\n", ntohl(q->s_addr)); 1812 #endif 1813 return (m); 1814 } 1815 1816 /* 1817 * Strip out IP options. 1818 */ 1819 void 1820 ip_stripoptions(struct mbuf *m) 1821 { 1822 int datalen; 1823 struct ip *ip = mtod(m, struct ip *); 1824 caddr_t opts; 1825 int optlen; 1826 1827 optlen = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof(struct ip); 1828 opts = (caddr_t)(ip + 1); 1829 datalen = m->m_len - (sizeof(struct ip) + optlen); 1830 bcopy(opts + optlen, opts, datalen); 1831 m->m_len -= optlen; 1832 if (m->m_flags & M_PKTHDR) 1833 m->m_pkthdr.len -= optlen; 1834 ip->ip_vhl = IP_MAKE_VHL(IPVERSION, sizeof(struct ip) >> 2); 1835 } 1836 1837 u_char inetctlerrmap[PRC_NCMDS] = { 1838 0, 0, 0, 0, 1839 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1840 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1841 EMSGSIZE, EHOSTUNREACH, 0, 0, 1842 0, 0, 0, 0, 1843 ENOPROTOOPT, ECONNREFUSED 1844 }; 1845 1846 /* 1847 * Forward a packet. If some error occurs return the sender 1848 * an icmp packet. Note we can't always generate a meaningful 1849 * icmp message because icmp doesn't have a large enough repertoire 1850 * of codes and types. 1851 * 1852 * If not forwarding, just drop the packet. This could be confusing 1853 * if ipforwarding was zero but some routing protocol was advancing 1854 * us as a gateway to somewhere. However, we must let the routing 1855 * protocol deal with that. 1856 * 1857 * The using_srcrt parameter indicates whether the packet is being forwarded 1858 * via a source route. 1859 */ 1860 static void 1861 ip_forward(struct mbuf *m, int using_srcrt, struct sockaddr_in *next_hop) 1862 { 1863 struct ip *ip = mtod(m, struct ip *); 1864 struct sockaddr_in *sin; 1865 struct rtentry *rt; 1866 int error, type = 0, code = 0; 1867 struct mbuf *mcopy; 1868 n_long dest; 1869 struct in_addr pkt_dst; 1870 struct ifnet *destifp; 1871 struct m_hdr tag; 1872 #if defined(IPSEC) || defined(FAST_IPSEC) 1873 struct ifnet dummyifp; 1874 #endif 1875 1876 dest = 0; 1877 /* 1878 * Cache the destination address of the packet; this may be 1879 * changed by use of 'ipfw fwd'. 1880 */ 1881 pkt_dst = next_hop ? next_hop->sin_addr : ip->ip_dst; 1882 1883 #ifdef DIAGNOSTIC 1884 if (ipprintfs) 1885 printf("forward: src %x dst %x ttl %x\n", 1886 ip->ip_src.s_addr, pkt_dst.s_addr, ip->ip_ttl); 1887 #endif 1888 1889 if (m->m_flags & (M_BCAST | M_MCAST) || !in_canforward(pkt_dst)) { 1890 ipstat.ips_cantforward++; 1891 m_freem(m); 1892 return; 1893 } 1894 if (!ipstealth && ip->ip_ttl <= IPTTLDEC) { 1895 icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, NULL); 1896 return; 1897 } 1898 1899 sin = (struct sockaddr_in *)&ipforward_rt.ro_dst; 1900 if ((rt = ipforward_rt.ro_rt) == NULL || 1901 pkt_dst.s_addr != sin->sin_addr.s_addr) { 1902 if (ipforward_rt.ro_rt != NULL) { 1903 RTFREE(ipforward_rt.ro_rt); 1904 ipforward_rt.ro_rt = NULL; 1905 } 1906 sin->sin_family = AF_INET; 1907 sin->sin_len = sizeof(*sin); 1908 sin->sin_addr = pkt_dst; 1909 1910 rtalloc_ign(&ipforward_rt, RTF_PRCLONING); 1911 if (ipforward_rt.ro_rt == NULL) { 1912 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, dest, 1913 NULL); 1914 return; 1915 } 1916 rt = ipforward_rt.ro_rt; 1917 } 1918 1919 /* 1920 * Save the IP header and at most 8 bytes of the payload, 1921 * in case we need to generate an ICMP message to the src. 1922 * 1923 * XXX this can be optimized a lot by saving the data in a local 1924 * buffer on the stack (72 bytes at most), and only allocating the 1925 * mbuf if really necessary. The vast majority of the packets 1926 * are forwarded without having to send an ICMP back (either 1927 * because unnecessary, or because rate limited), so we are 1928 * really we are wasting a lot of work here. 1929 * 1930 * We don't use m_copy() because it might return a reference 1931 * to a shared cluster. Both this function and ip_output() 1932 * assume exclusive access to the IP header in `m', so any 1933 * data in a cluster may change before we reach icmp_error(). 1934 */ 1935 MGET(mcopy, MB_DONTWAIT, m->m_type); 1936 if (mcopy != NULL && !m_dup_pkthdr(mcopy, m, MB_DONTWAIT)) { 1937 /* 1938 * It's probably ok if the pkthdr dup fails (because 1939 * the deep copy of the tag chain failed), but for now 1940 * be conservative and just discard the copy since 1941 * code below may some day want the tags. 1942 */ 1943 m_free(mcopy); 1944 mcopy = NULL; 1945 } 1946 if (mcopy != NULL) { 1947 mcopy->m_len = imin((IP_VHL_HL(ip->ip_vhl) << 2) + 8, 1948 (int)ip->ip_len); 1949 m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t)); 1950 } 1951 1952 if (!ipstealth) 1953 ip->ip_ttl -= IPTTLDEC; 1954 1955 /* 1956 * If forwarding packet using same interface that it came in on, 1957 * perhaps should send a redirect to sender to shortcut a hop. 1958 * Only send redirect if source is sending directly to us, 1959 * and if packet was not source routed (or has any options). 1960 * Also, don't send redirect if forwarding using a default route 1961 * or a route modified by a redirect. 1962 */ 1963 if (rt->rt_ifp == m->m_pkthdr.rcvif && 1964 !(rt->rt_flags & (RTF_DYNAMIC | RTF_MODIFIED)) && 1965 satosin(rt_key(rt))->sin_addr.s_addr != INADDR_ANY && 1966 ipsendredirects && !using_srcrt && next_hop != NULL) { 1967 u_long src = ntohl(ip->ip_src.s_addr); 1968 1969 #define RTA(rt) ((struct in_ifaddr *)(rt->rt_ifa)) 1970 if (RTA(rt) != NULL && 1971 (src & RTA(rt)->ia_subnetmask) == RTA(rt)->ia_subnet) { 1972 if (rt->rt_flags & RTF_GATEWAY) 1973 dest = satosin(rt->rt_gateway)->sin_addr.s_addr; 1974 else 1975 dest = pkt_dst.s_addr; 1976 /* 1977 * Router requirements says to only send 1978 * host redirects. 1979 */ 1980 type = ICMP_REDIRECT; 1981 code = ICMP_REDIRECT_HOST; 1982 #ifdef DIAGNOSTIC 1983 if (ipprintfs) 1984 printf("redirect (%d) to %x\n", code, dest); 1985 #endif 1986 } 1987 } 1988 1989 if (next_hop) { 1990 /* Pass IPFORWARD info if available */ 1991 tag.mh_type = MT_TAG; 1992 tag.mh_flags = PACKET_TAG_IPFORWARD; 1993 tag.mh_data = (caddr_t)next_hop; 1994 tag.mh_next = m; 1995 m = (struct mbuf *)&tag; 1996 } 1997 1998 error = ip_output(m, NULL, &ipforward_rt, IP_FORWARDING, NULL, NULL); 1999 2000 if (error) 2001 ipstat.ips_cantforward++; 2002 else { 2003 ipstat.ips_forward++; 2004 if (type) 2005 ipstat.ips_redirectsent++; 2006 else { 2007 if (mcopy) { 2008 ipflow_create(&ipforward_rt, mcopy); 2009 m_freem(mcopy); 2010 } 2011 return; 2012 } 2013 } 2014 if (mcopy == NULL) 2015 return; 2016 destifp = NULL; 2017 2018 switch (error) { 2019 2020 case 0: /* forwarded, but need redirect */ 2021 /* type, code set above */ 2022 break; 2023 2024 case ENETUNREACH: /* shouldn't happen, checked above */ 2025 case EHOSTUNREACH: 2026 case ENETDOWN: 2027 case EHOSTDOWN: 2028 default: 2029 type = ICMP_UNREACH; 2030 code = ICMP_UNREACH_HOST; 2031 break; 2032 2033 case EMSGSIZE: 2034 type = ICMP_UNREACH; 2035 code = ICMP_UNREACH_NEEDFRAG; 2036 #ifdef IPSEC 2037 /* 2038 * If the packet is routed over IPsec tunnel, tell the 2039 * originator the tunnel MTU. 2040 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz 2041 * XXX quickhack!!! 2042 */ 2043 if (ipforward_rt.ro_rt != NULL) { 2044 struct secpolicy *sp = NULL; 2045 int ipsecerror; 2046 int ipsechdr; 2047 struct route *ro; 2048 2049 sp = ipsec4_getpolicybyaddr(mcopy, 2050 IPSEC_DIR_OUTBOUND, 2051 IP_FORWARDING, 2052 &ipsecerror); 2053 2054 if (sp == NULL) 2055 destifp = ipforward_rt.ro_rt->rt_ifp; 2056 else { 2057 /* count IPsec header size */ 2058 ipsechdr = ipsec4_hdrsiz(mcopy, 2059 IPSEC_DIR_OUTBOUND, 2060 NULL); 2061 2062 /* 2063 * find the correct route for outer IPv4 2064 * header, compute tunnel MTU. 2065 * 2066 * XXX BUG ALERT 2067 * The "dummyifp" code relies upon the fact 2068 * that icmp_error() touches only ifp->if_mtu. 2069 */ 2070 /*XXX*/ 2071 destifp = NULL; 2072 if (sp->req != NULL && sp->req->sav != NULL && 2073 sp->req->sav->sah != NULL) { 2074 ro = &sp->req->sav->sah->sa_route; 2075 if (ro->ro_rt != NULL && 2076 ro->ro_rt->rt_ifp != NULL) { 2077 dummyifp.if_mtu = 2078 ro->ro_rt->rt_ifp->if_mtu; 2079 dummyifp.if_mtu -= ipsechdr; 2080 destifp = &dummyifp; 2081 } 2082 } 2083 2084 key_freesp(sp); 2085 } 2086 } 2087 #elif FAST_IPSEC 2088 /* 2089 * If the packet is routed over IPsec tunnel, tell the 2090 * originator the tunnel MTU. 2091 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz 2092 * XXX quickhack!!! 2093 */ 2094 if (ipforward_rt.ro_rt != NULL) { 2095 struct secpolicy *sp = NULL; 2096 int ipsecerror; 2097 int ipsechdr; 2098 struct route *ro; 2099 2100 sp = ipsec_getpolicybyaddr(mcopy, 2101 IPSEC_DIR_OUTBOUND, 2102 IP_FORWARDING, 2103 &ipsecerror); 2104 2105 if (sp == NULL) 2106 destifp = ipforward_rt.ro_rt->rt_ifp; 2107 else { 2108 /* count IPsec header size */ 2109 ipsechdr = ipsec4_hdrsiz(mcopy, 2110 IPSEC_DIR_OUTBOUND, 2111 NULL); 2112 2113 /* 2114 * find the correct route for outer IPv4 2115 * header, compute tunnel MTU. 2116 * 2117 * XXX BUG ALERT 2118 * The "dummyifp" code relies upon the fact 2119 * that icmp_error() touches only ifp->if_mtu. 2120 */ 2121 /*XXX*/ 2122 destifp = NULL; 2123 if (sp->req != NULL && 2124 sp->req->sav != NULL && 2125 sp->req->sav->sah != NULL) { 2126 ro = &sp->req->sav->sah->sa_route; 2127 if (ro->ro_rt != NULL && 2128 ro->ro_rt->rt_ifp != NULL) { 2129 dummyifp.if_mtu = 2130 ro->ro_rt->rt_ifp->if_mtu; 2131 dummyifp.if_mtu -= ipsechdr; 2132 destifp = &dummyifp; 2133 } 2134 } 2135 2136 KEY_FREESP(&sp); 2137 } 2138 } 2139 #else /* !IPSEC && !FAST_IPSEC */ 2140 if (ipforward_rt.ro_rt != NULL) 2141 destifp = ipforward_rt.ro_rt->rt_ifp; 2142 #endif /*IPSEC*/ 2143 ipstat.ips_cantfrag++; 2144 break; 2145 2146 case ENOBUFS: 2147 /* 2148 * A router should not generate ICMP_SOURCEQUENCH as 2149 * required in RFC1812 Requirements for IP Version 4 Routers. 2150 * Source quench could be a big problem under DoS attacks, 2151 * or if the underlying interface is rate-limited. 2152 * Those who need source quench packets may re-enable them 2153 * via the net.inet.ip.sendsourcequench sysctl. 2154 */ 2155 if (!ip_sendsourcequench) { 2156 m_freem(mcopy); 2157 return; 2158 } else { 2159 type = ICMP_SOURCEQUENCH; 2160 code = 0; 2161 } 2162 break; 2163 2164 case EACCES: /* ipfw denied packet */ 2165 m_freem(mcopy); 2166 return; 2167 } 2168 icmp_error(mcopy, type, code, dest, destifp); 2169 } 2170 2171 void 2172 ip_savecontrol(struct inpcb *inp, struct mbuf **mp, struct ip *ip, 2173 struct mbuf *m) 2174 { 2175 if (inp->inp_socket->so_options & SO_TIMESTAMP) { 2176 struct timeval tv; 2177 2178 microtime(&tv); 2179 *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), 2180 SCM_TIMESTAMP, SOL_SOCKET); 2181 if (*mp) 2182 mp = &(*mp)->m_next; 2183 } 2184 if (inp->inp_flags & INP_RECVDSTADDR) { 2185 *mp = sbcreatecontrol((caddr_t) &ip->ip_dst, 2186 sizeof(struct in_addr), IP_RECVDSTADDR, IPPROTO_IP); 2187 if (*mp) 2188 mp = &(*mp)->m_next; 2189 } 2190 #ifdef notyet 2191 /* XXX 2192 * Moving these out of udp_input() made them even more broken 2193 * than they already were. 2194 */ 2195 /* options were tossed already */ 2196 if (inp->inp_flags & INP_RECVOPTS) { 2197 *mp = sbcreatecontrol((caddr_t) opts_deleted_above, 2198 sizeof(struct in_addr), IP_RECVOPTS, IPPROTO_IP); 2199 if (*mp) 2200 mp = &(*mp)->m_next; 2201 } 2202 /* ip_srcroute doesn't do what we want here, need to fix */ 2203 if (inp->inp_flags & INP_RECVRETOPTS) { 2204 *mp = sbcreatecontrol((caddr_t) ip_srcroute(), 2205 sizeof(struct in_addr), IP_RECVRETOPTS, IPPROTO_IP); 2206 if (*mp) 2207 mp = &(*mp)->m_next; 2208 } 2209 #endif 2210 if (inp->inp_flags & INP_RECVIF) { 2211 struct ifnet *ifp; 2212 struct sdlbuf { 2213 struct sockaddr_dl sdl; 2214 u_char pad[32]; 2215 } sdlbuf; 2216 struct sockaddr_dl *sdp; 2217 struct sockaddr_dl *sdl2 = &sdlbuf.sdl; 2218 2219 if (((ifp = m->m_pkthdr.rcvif)) && 2220 ((ifp->if_index != 0) && (ifp->if_index <= if_index))) { 2221 sdp = (struct sockaddr_dl *) 2222 ifnet_addrs[ifp->if_index - 1]->ifa_addr; 2223 /* 2224 * Change our mind and don't try copy. 2225 */ 2226 if ((sdp->sdl_family != AF_LINK) || 2227 (sdp->sdl_len > sizeof(sdlbuf))) { 2228 goto makedummy; 2229 } 2230 bcopy(sdp, sdl2, sdp->sdl_len); 2231 } else { 2232 makedummy: 2233 sdl2->sdl_len = 2234 offsetof(struct sockaddr_dl, sdl_data[0]); 2235 sdl2->sdl_family = AF_LINK; 2236 sdl2->sdl_index = 0; 2237 sdl2->sdl_nlen = sdl2->sdl_alen = sdl2->sdl_slen = 0; 2238 } 2239 *mp = sbcreatecontrol((caddr_t) sdl2, sdl2->sdl_len, 2240 IP_RECVIF, IPPROTO_IP); 2241 if (*mp) 2242 mp = &(*mp)->m_next; 2243 } 2244 } 2245 2246 /* 2247 * XXX these routines are called from the upper part of the kernel. 2248 * 2249 * They could also be moved to ip_mroute.c, since all the RSVP 2250 * handling is done there already. 2251 */ 2252 int 2253 ip_rsvp_init(struct socket *so) 2254 { 2255 if (so->so_type != SOCK_RAW || 2256 so->so_proto->pr_protocol != IPPROTO_RSVP) 2257 return EOPNOTSUPP; 2258 2259 if (ip_rsvpd != NULL) 2260 return EADDRINUSE; 2261 2262 ip_rsvpd = so; 2263 /* 2264 * This may seem silly, but we need to be sure we don't over-increment 2265 * the RSVP counter, in case something slips up. 2266 */ 2267 if (!ip_rsvp_on) { 2268 ip_rsvp_on = 1; 2269 rsvp_on++; 2270 } 2271 2272 return 0; 2273 } 2274 2275 int 2276 ip_rsvp_done(void) 2277 { 2278 ip_rsvpd = NULL; 2279 /* 2280 * This may seem silly, but we need to be sure we don't over-decrement 2281 * the RSVP counter, in case something slips up. 2282 */ 2283 if (ip_rsvp_on) { 2284 ip_rsvp_on = 0; 2285 rsvp_on--; 2286 } 2287 return 0; 2288 } 2289 2290 void 2291 rsvp_input(struct mbuf *m, ...) /* XXX must fixup manually */ 2292 { 2293 int off, proto; 2294 __va_list ap; 2295 2296 __va_start(ap, m); 2297 off = __va_arg(ap, int); 2298 proto = __va_arg(ap, int); 2299 __va_end(ap); 2300 2301 if (rsvp_input_p) { /* call the real one if loaded */ 2302 rsvp_input_p(m, off, proto); 2303 return; 2304 } 2305 2306 /* Can still get packets with rsvp_on = 0 if there is a local member 2307 * of the group to which the RSVP packet is addressed. But in this 2308 * case we want to throw the packet away. 2309 */ 2310 2311 if (!rsvp_on) { 2312 m_freem(m); 2313 return; 2314 } 2315 2316 if (ip_rsvpd != NULL) { 2317 rip_input(m, off, proto); 2318 return; 2319 } 2320 /* Drop the packet */ 2321 m_freem(m); 2322 } 2323