1 /* 2 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved. 3 * Copyright (c) 2003, 2004 The DragonFly Project. All rights reserved. 4 * 5 * This code is derived from software contributed to The DragonFly Project 6 * by Jeffrey M. Hsu. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of The DragonFly Project nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific, prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 30 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * Copyright (c) 1982, 1986, 1988, 1993 36 * The Regents of the University of California. All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 1. Redistributions of source code must retain the above copyright 42 * notice, this list of conditions and the following disclaimer. 43 * 2. Redistributions in binary form must reproduce the above copyright 44 * notice, this list of conditions and the following disclaimer in the 45 * documentation and/or other materials provided with the distribution. 46 * 3. All advertising materials mentioning features or use of this software 47 * must display the following acknowledgement: 48 * This product includes software developed by the University of 49 * California, Berkeley and its contributors. 50 * 4. Neither the name of the University nor the names of its contributors 51 * may be used to endorse or promote products derived from this software 52 * without specific prior written permission. 53 * 54 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 55 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 56 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 57 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 58 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 59 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 60 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 61 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 62 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 63 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 64 * SUCH DAMAGE. 65 * 66 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 67 * $FreeBSD: src/sys/netinet/ip_input.c,v 1.130.2.52 2003/03/07 07:01:28 silby Exp $ 68 * $DragonFly: src/sys/netinet/ip_input.c,v 1.70 2007/08/14 13:30:35 sephe Exp $ 69 */ 70 71 #define _IP_VHL 72 73 #include "opt_bootp.h" 74 #include "opt_ipfw.h" 75 #include "opt_ipdn.h" 76 #include "opt_ipdivert.h" 77 #include "opt_ipfilter.h" 78 #include "opt_ipstealth.h" 79 #include "opt_ipsec.h" 80 81 #include <sys/param.h> 82 #include <sys/systm.h> 83 #include <sys/mbuf.h> 84 #include <sys/malloc.h> 85 #include <sys/mpipe.h> 86 #include <sys/domain.h> 87 #include <sys/protosw.h> 88 #include <sys/socket.h> 89 #include <sys/time.h> 90 #include <sys/globaldata.h> 91 #include <sys/thread.h> 92 #include <sys/kernel.h> 93 #include <sys/syslog.h> 94 #include <sys/sysctl.h> 95 #include <sys/in_cksum.h> 96 97 #include <machine/stdarg.h> 98 99 #include <net/if.h> 100 #include <net/if_types.h> 101 #include <net/if_var.h> 102 #include <net/if_dl.h> 103 #include <net/pfil.h> 104 #include <net/route.h> 105 #include <net/netisr.h> 106 #include <net/intrq.h> 107 108 #include <netinet/in.h> 109 #include <netinet/in_systm.h> 110 #include <netinet/in_var.h> 111 #include <netinet/ip.h> 112 #include <netinet/in_pcb.h> 113 #include <netinet/ip_var.h> 114 #include <netinet/ip_icmp.h> 115 116 #include <sys/thread2.h> 117 #include <sys/msgport2.h> 118 #include <net/netmsg2.h> 119 120 #include <sys/socketvar.h> 121 122 #include <net/ipfw/ip_fw.h> 123 #include <net/dummynet/ip_dummynet.h> 124 125 #ifdef IPSEC 126 #include <netinet6/ipsec.h> 127 #include <netproto/key/key.h> 128 #endif 129 130 #ifdef FAST_IPSEC 131 #include <netproto/ipsec/ipsec.h> 132 #include <netproto/ipsec/key.h> 133 #endif 134 135 int rsvp_on = 0; 136 static int ip_rsvp_on; 137 struct socket *ip_rsvpd; 138 139 int ipforwarding = 0; 140 SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, 141 &ipforwarding, 0, "Enable IP forwarding between interfaces"); 142 143 static int ipsendredirects = 1; /* XXX */ 144 SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, 145 &ipsendredirects, 0, "Enable sending IP redirects"); 146 147 int ip_defttl = IPDEFTTL; 148 SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, 149 &ip_defttl, 0, "Maximum TTL on IP packets"); 150 151 static int ip_dosourceroute = 0; 152 SYSCTL_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW, 153 &ip_dosourceroute, 0, "Enable forwarding source routed IP packets"); 154 155 static int ip_acceptsourceroute = 0; 156 SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute, 157 CTLFLAG_RW, &ip_acceptsourceroute, 0, 158 "Enable accepting source routed IP packets"); 159 160 static int ip_keepfaith = 0; 161 SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, 162 &ip_keepfaith, 0, 163 "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); 164 165 static int nipq = 0; /* total # of reass queues */ 166 static int maxnipq; 167 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragpackets, CTLFLAG_RW, 168 &maxnipq, 0, 169 "Maximum number of IPv4 fragment reassembly queue entries"); 170 171 static int maxfragsperpacket; 172 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, 173 &maxfragsperpacket, 0, 174 "Maximum number of IPv4 fragments allowed per packet"); 175 176 static int ip_sendsourcequench = 0; 177 SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, 178 &ip_sendsourcequench, 0, 179 "Enable the transmission of source quench packets"); 180 181 int ip_do_randomid = 0; 182 SYSCTL_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, 183 &ip_do_randomid, 0, 184 "Assign random ip_id values"); 185 /* 186 * XXX - Setting ip_checkinterface mostly implements the receive side of 187 * the Strong ES model described in RFC 1122, but since the routing table 188 * and transmit implementation do not implement the Strong ES model, 189 * setting this to 1 results in an odd hybrid. 190 * 191 * XXX - ip_checkinterface currently must be disabled if you use ipnat 192 * to translate the destination address to another local interface. 193 * 194 * XXX - ip_checkinterface must be disabled if you add IP aliases 195 * to the loopback interface instead of the interface where the 196 * packets for those addresses are received. 197 */ 198 static int ip_checkinterface = 0; 199 SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, 200 &ip_checkinterface, 0, "Verify packet arrives on correct interface"); 201 202 #ifdef DIAGNOSTIC 203 static int ipprintfs = 0; 204 #endif 205 206 static struct ifqueue ipintrq; 207 static int ipqmaxlen = IFQ_MAXLEN; 208 209 extern struct domain inetdomain; 210 extern struct protosw inetsw[]; 211 u_char ip_protox[IPPROTO_MAX]; 212 struct in_ifaddrhead in_ifaddrhead; /* first inet address */ 213 struct in_ifaddrhashhead *in_ifaddrhashtbl; /* inet addr hash table */ 214 u_long in_ifaddrhmask; /* mask for hash table */ 215 216 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQMAXLEN, intr_queue_maxlen, CTLFLAG_RW, 217 &ipintrq.ifq_maxlen, 0, "Maximum size of the IP input queue"); 218 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQDROPS, intr_queue_drops, CTLFLAG_RD, 219 &ipintrq.ifq_drops, 0, "Number of packets dropped from the IP input queue"); 220 221 struct ip_stats ipstats_percpu[MAXCPU]; 222 #ifdef SMP 223 static int 224 sysctl_ipstats(SYSCTL_HANDLER_ARGS) 225 { 226 int cpu, error = 0; 227 228 for (cpu = 0; cpu < ncpus; ++cpu) { 229 if ((error = SYSCTL_OUT(req, &ipstats_percpu[cpu], 230 sizeof(struct ip_stats)))) 231 break; 232 if ((error = SYSCTL_IN(req, &ipstats_percpu[cpu], 233 sizeof(struct ip_stats)))) 234 break; 235 } 236 237 return (error); 238 } 239 SYSCTL_PROC(_net_inet_ip, IPCTL_STATS, stats, (CTLTYPE_OPAQUE | CTLFLAG_RW), 240 0, 0, sysctl_ipstats, "S,ip_stats", "IP statistics"); 241 #else 242 SYSCTL_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, 243 &ipstat, ip_stats, "IP statistics"); 244 #endif 245 246 /* Packet reassembly stuff */ 247 #define IPREASS_NHASH_LOG2 6 248 #define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2) 249 #define IPREASS_HMASK (IPREASS_NHASH - 1) 250 #define IPREASS_HASH(x,y) \ 251 (((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK) 252 253 static struct ipq ipq[IPREASS_NHASH]; 254 const int ipintrq_present = 1; 255 256 #ifdef IPCTL_DEFMTU 257 SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW, 258 &ip_mtu, 0, "Default MTU"); 259 #endif 260 261 #ifdef IPSTEALTH 262 static int ipstealth = 0; 263 SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, &ipstealth, 0, ""); 264 #else 265 static const int ipstealth = 0; 266 #endif 267 268 269 /* Firewall hooks */ 270 ip_fw_chk_t *ip_fw_chk_ptr; 271 int fw_enable = 1; 272 int fw_one_pass = 1; 273 274 /* Dummynet hooks */ 275 ip_dn_io_t *ip_dn_io_ptr; 276 277 struct pfil_head inet_pfil_hook; 278 279 /* 280 * XXX this is ugly -- the following two global variables are 281 * used to store packet state while it travels through the stack. 282 * Note that the code even makes assumptions on the size and 283 * alignment of fields inside struct ip_srcrt so e.g. adding some 284 * fields will break the code. This needs to be fixed. 285 * 286 * We need to save the IP options in case a protocol wants to respond 287 * to an incoming packet over the same route if the packet got here 288 * using IP source routing. This allows connection establishment and 289 * maintenance when the remote end is on a network that is not known 290 * to us. 291 */ 292 static int ip_nhops = 0; 293 294 static struct ip_srcrt { 295 struct in_addr dst; /* final destination */ 296 char nop; /* one NOP to align */ 297 char srcopt[IPOPT_OFFSET + 1]; /* OPTVAL, OLEN and OFFSET */ 298 struct in_addr route[MAX_IPOPTLEN/sizeof(struct in_addr)]; 299 } ip_srcrt; 300 301 static MALLOC_DEFINE(M_IPQ, "ipq", "IP Fragment Management"); 302 static struct malloc_pipe ipq_mpipe; 303 304 static void save_rte (u_char *, struct in_addr); 305 static int ip_dooptions (struct mbuf *m, int, 306 struct sockaddr_in *next_hop); 307 static void ip_forward (struct mbuf *m, boolean_t using_srcrt, 308 struct sockaddr_in *next_hop); 309 static void ip_freef (struct ipq *); 310 static void ip_input_handler (struct netmsg *); 311 static struct mbuf *ip_reass (struct mbuf *, struct ipq *, 312 struct ipq *, u_int32_t *); 313 314 /* 315 * IP initialization: fill in IP protocol switch table. 316 * All protocols not implemented in kernel go to raw IP protocol handler. 317 */ 318 void 319 ip_init(void) 320 { 321 struct protosw *pr; 322 int i; 323 #ifdef SMP 324 int cpu; 325 #endif 326 327 /* 328 * Make sure we can handle a reasonable number of fragments but 329 * cap it at 4000 (XXX). 330 */ 331 mpipe_init(&ipq_mpipe, M_IPQ, sizeof(struct ipq), 332 IFQ_MAXLEN, 4000, 0, NULL); 333 TAILQ_INIT(&in_ifaddrhead); 334 in_ifaddrhashtbl = hashinit(INADDR_NHASH, M_IFADDR, &in_ifaddrhmask); 335 pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); 336 if (pr == NULL) 337 panic("ip_init"); 338 for (i = 0; i < IPPROTO_MAX; i++) 339 ip_protox[i] = pr - inetsw; 340 for (pr = inetdomain.dom_protosw; 341 pr < inetdomain.dom_protoswNPROTOSW; pr++) 342 if (pr->pr_domain->dom_family == PF_INET && 343 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) 344 ip_protox[pr->pr_protocol] = pr - inetsw; 345 346 inet_pfil_hook.ph_type = PFIL_TYPE_AF; 347 inet_pfil_hook.ph_af = AF_INET; 348 if ((i = pfil_head_register(&inet_pfil_hook)) != 0) { 349 kprintf("%s: WARNING: unable to register pfil hook, " 350 "error %d\n", __func__, i); 351 } 352 353 for (i = 0; i < IPREASS_NHASH; i++) 354 ipq[i].next = ipq[i].prev = &ipq[i]; 355 356 maxnipq = nmbclusters / 32; 357 maxfragsperpacket = 16; 358 359 ip_id = time_second & 0xffff; 360 ipintrq.ifq_maxlen = ipqmaxlen; 361 362 /* 363 * Initialize IP statistics counters for each CPU. 364 * 365 */ 366 #ifdef SMP 367 for (cpu = 0; cpu < ncpus; ++cpu) { 368 bzero(&ipstats_percpu[cpu], sizeof(struct ip_stats)); 369 } 370 #else 371 bzero(&ipstat, sizeof(struct ip_stats)); 372 #endif 373 374 netisr_register(NETISR_IP, ip_mport, ip_input_handler); 375 } 376 377 /* 378 * XXX watch out this one. It is perhaps used as a cache for 379 * the most recently used route ? it is cleared in in_addroute() 380 * when a new route is successfully created. 381 */ 382 struct route ipforward_rt[MAXCPU]; 383 384 /* Do transport protocol processing. */ 385 static void 386 transport_processing_oncpu(struct mbuf *m, int hlen, struct ip *ip, 387 struct sockaddr_in *nexthop) 388 { 389 /* 390 * Switch out to protocol's input routine. 391 */ 392 if (nexthop && ip->ip_p == IPPROTO_TCP) { 393 /* TCP needs IPFORWARD info if available */ 394 struct m_hdr tag; 395 396 tag.mh_type = MT_TAG; 397 tag.mh_flags = PACKET_TAG_IPFORWARD; 398 tag.mh_data = (caddr_t)nexthop; 399 tag.mh_next = m; 400 401 (*inetsw[ip_protox[ip->ip_p]].pr_input) 402 ((struct mbuf *)&tag, hlen, ip->ip_p); 403 } else { 404 (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen, ip->ip_p); 405 } 406 } 407 408 struct netmsg_transport_packet { 409 struct netmsg nm_netmsg; 410 struct mbuf *nm_mbuf; 411 int nm_hlen; 412 boolean_t nm_hasnexthop; 413 struct sockaddr_in nm_nexthop; 414 }; 415 416 static void 417 transport_processing_handler(netmsg_t netmsg) 418 { 419 struct netmsg_transport_packet *msg = (void *)netmsg; 420 struct sockaddr_in *nexthop; 421 struct ip *ip; 422 423 ip = mtod(msg->nm_mbuf, struct ip *); 424 nexthop = msg->nm_hasnexthop ? &msg->nm_nexthop : NULL; 425 transport_processing_oncpu(msg->nm_mbuf, msg->nm_hlen, ip, nexthop); 426 lwkt_replymsg(&msg->nm_netmsg.nm_lmsg, 0); 427 } 428 429 static void 430 ip_input_handler(struct netmsg *msg0) 431 { 432 struct mbuf *m = ((struct netmsg_packet *)msg0)->nm_packet; 433 434 ip_input(m); 435 /* msg0 was embedded in the mbuf, do not reply! */ 436 } 437 438 /* 439 * IP input routine. Checksum and byte swap header. If fragmented 440 * try to reassemble. Process options. Pass to next level. 441 */ 442 void 443 ip_input(struct mbuf *m) 444 { 445 struct ip *ip; 446 struct ipq *fp; 447 struct in_ifaddr *ia = NULL; 448 struct ifaddr *ifa; 449 int i, hlen, checkif; 450 u_short sum; 451 struct in_addr pkt_dst; 452 u_int32_t divert_info = 0; /* packet divert/tee info */ 453 struct ip_fw_args args; 454 boolean_t using_srcrt = FALSE; /* forward (by PFIL_HOOKS) */ 455 boolean_t needredispatch = FALSE; 456 struct in_addr odst; /* original dst address(NAT) */ 457 #if defined(FAST_IPSEC) || defined(IPDIVERT) 458 struct m_tag *mtag; 459 #endif 460 #ifdef FAST_IPSEC 461 struct tdb_ident *tdbi; 462 struct secpolicy *sp; 463 int error; 464 #endif 465 466 args.eh = NULL; 467 args.oif = NULL; 468 args.rule = NULL; 469 args.next_hop = NULL; 470 471 /* Grab info from MT_TAG mbufs prepended to the chain. */ 472 while (m != NULL && m->m_type == MT_TAG) { 473 switch(m->_m_tag_id) { 474 case PACKET_TAG_DUMMYNET: 475 args.rule = ((struct dn_pkt *)m)->rule; 476 break; 477 case PACKET_TAG_IPFORWARD: 478 args.next_hop = (struct sockaddr_in *)m->m_hdr.mh_data; 479 break; 480 default: 481 kprintf("ip_input: unrecognised MT_TAG tag %d\n", 482 m->_m_tag_id); 483 break; 484 } 485 m = m->m_next; 486 } 487 KASSERT(m != NULL && (m->m_flags & M_PKTHDR), ("ip_input: no HDR")); 488 489 if (args.rule != NULL) { /* dummynet already filtered us */ 490 ip = mtod(m, struct ip *); 491 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 492 goto iphack; 493 } 494 495 ipstat.ips_total++; 496 497 /* length checks already done in ip_demux() */ 498 KASSERT(m->m_len >= sizeof(ip), ("IP header not in one mbuf")); 499 500 ip = mtod(m, struct ip *); 501 502 if (IP_VHL_V(ip->ip_vhl) != IPVERSION) { 503 ipstat.ips_badvers++; 504 goto bad; 505 } 506 507 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 508 /* length checks already done in ip_demux() */ 509 KASSERT(hlen >= sizeof(struct ip), ("IP header len too small")); 510 KASSERT(m->m_len >= hlen, ("packet shorter than IP header length")); 511 512 /* 127/8 must not appear on wire - RFC1122 */ 513 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || 514 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { 515 if (!(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK)) { 516 ipstat.ips_badaddr++; 517 goto bad; 518 } 519 } 520 521 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 522 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 523 } else { 524 if (hlen == sizeof(struct ip)) { 525 sum = in_cksum_hdr(ip); 526 } else { 527 sum = in_cksum(m, hlen); 528 } 529 } 530 if (sum != 0) { 531 ipstat.ips_badsum++; 532 goto bad; 533 } 534 535 #ifdef ALTQ 536 if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) { 537 /* packet is dropped by traffic conditioner */ 538 return; 539 } 540 #endif 541 /* 542 * Convert fields to host representation. 543 */ 544 ip->ip_len = ntohs(ip->ip_len); 545 if (ip->ip_len < hlen) { 546 ipstat.ips_badlen++; 547 goto bad; 548 } 549 ip->ip_off = ntohs(ip->ip_off); 550 551 /* 552 * Check that the amount of data in the buffers 553 * is as at least much as the IP header would have us expect. 554 * Trim mbufs if longer than we expect. 555 * Drop packet if shorter than we expect. 556 */ 557 if (m->m_pkthdr.len < ip->ip_len) { 558 ipstat.ips_tooshort++; 559 goto bad; 560 } 561 if (m->m_pkthdr.len > ip->ip_len) { 562 if (m->m_len == m->m_pkthdr.len) { 563 m->m_len = ip->ip_len; 564 m->m_pkthdr.len = ip->ip_len; 565 } else 566 m_adj(m, ip->ip_len - m->m_pkthdr.len); 567 } 568 #if defined(IPSEC) && !defined(IPSEC_FILTERGIF) 569 /* 570 * Bypass packet filtering for packets from a tunnel (gif). 571 */ 572 if (ipsec_gethist(m, NULL)) 573 goto pass; 574 #endif 575 576 /* 577 * IpHack's section. 578 * Right now when no processing on packet has done 579 * and it is still fresh out of network we do our black 580 * deals with it. 581 * - Firewall: deny/allow/divert 582 * - Xlate: translate packet's addr/port (NAT). 583 * - Pipe: pass pkt through dummynet. 584 * - Wrap: fake packet's addr/port <unimpl.> 585 * - Encapsulate: put it in another IP and send out. <unimp.> 586 */ 587 588 iphack: 589 590 /* 591 * Run through list of hooks for input packets. 592 * 593 * NB: Beware of the destination address changing (e.g. 594 * by NAT rewriting). When this happens, tell 595 * ip_forward to do the right thing. 596 */ 597 if (pfil_has_hooks(&inet_pfil_hook)) { 598 odst = ip->ip_dst; 599 if (pfil_run_hooks(&inet_pfil_hook, &m, 600 m->m_pkthdr.rcvif, PFIL_IN)) { 601 return; 602 } 603 if (m == NULL) /* consumed by filter */ 604 return; 605 ip = mtod(m, struct ip *); 606 using_srcrt = (odst.s_addr != ip->ip_dst.s_addr); 607 } 608 609 if (fw_enable && IPFW_LOADED) { 610 /* 611 * If we've been forwarded from the output side, then 612 * skip the firewall a second time 613 */ 614 if (args.next_hop != NULL) 615 goto ours; 616 617 args.m = m; 618 i = ip_fw_chk_ptr(&args); 619 m = args.m; 620 621 if ((i & IP_FW_PORT_DENY_FLAG) || m == NULL) { /* drop */ 622 if (m != NULL) 623 m_freem(m); 624 return; 625 } 626 ip = mtod(m, struct ip *); /* just in case m changed */ 627 if (i == 0 && args.next_hop == NULL) /* common case */ 628 goto pass; 629 if (DUMMYNET_LOADED && (i & IP_FW_PORT_DYNT_FLAG)) { 630 /* Send packet to the appropriate pipe */ 631 ip_dn_io_ptr(m, i&0xffff, DN_TO_IP_IN, &args); 632 return; 633 } 634 #ifdef IPDIVERT 635 if (i != 0 && !(i & IP_FW_PORT_DYNT_FLAG)) { 636 /* Divert or tee packet */ 637 divert_info = i; 638 goto ours; 639 } 640 #endif 641 if (i == 0 && args.next_hop != NULL) 642 goto pass; 643 /* 644 * if we get here, the packet must be dropped 645 */ 646 m_freem(m); 647 return; 648 } 649 pass: 650 651 /* 652 * Process options and, if not destined for us, 653 * ship it on. ip_dooptions returns 1 when an 654 * error was detected (causing an icmp message 655 * to be sent and the original packet to be freed). 656 */ 657 ip_nhops = 0; /* for source routed packets */ 658 if (hlen > sizeof(struct ip) && ip_dooptions(m, 0, args.next_hop)) 659 return; 660 661 /* greedy RSVP, snatches any PATH packet of the RSVP protocol and no 662 * matter if it is destined to another node, or whether it is 663 * a multicast one, RSVP wants it! and prevents it from being forwarded 664 * anywhere else. Also checks if the rsvp daemon is running before 665 * grabbing the packet. 666 */ 667 if (rsvp_on && ip->ip_p == IPPROTO_RSVP) 668 goto ours; 669 670 /* 671 * Check our list of addresses, to see if the packet is for us. 672 * If we don't have any addresses, assume any unicast packet 673 * we receive might be for us (and let the upper layers deal 674 * with it). 675 */ 676 if (TAILQ_EMPTY(&in_ifaddrhead) && !(m->m_flags & (M_MCAST | M_BCAST))) 677 goto ours; 678 679 /* 680 * Cache the destination address of the packet; this may be 681 * changed by use of 'ipfw fwd'. 682 */ 683 pkt_dst = args.next_hop ? args.next_hop->sin_addr : ip->ip_dst; 684 685 /* 686 * Enable a consistency check between the destination address 687 * and the arrival interface for a unicast packet (the RFC 1122 688 * strong ES model) if IP forwarding is disabled and the packet 689 * is not locally generated and the packet is not subject to 690 * 'ipfw fwd'. 691 * 692 * XXX - Checking also should be disabled if the destination 693 * address is ipnat'ed to a different interface. 694 * 695 * XXX - Checking is incompatible with IP aliases added 696 * to the loopback interface instead of the interface where 697 * the packets are received. 698 */ 699 checkif = ip_checkinterface && 700 !ipforwarding && 701 m->m_pkthdr.rcvif != NULL && 702 !(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) && 703 (args.next_hop == NULL); 704 705 /* 706 * Check for exact addresses in the hash bucket. 707 */ 708 LIST_FOREACH(ia, INADDR_HASH(pkt_dst.s_addr), ia_hash) { 709 /* 710 * If the address matches, verify that the packet 711 * arrived via the correct interface if checking is 712 * enabled. 713 */ 714 if (IA_SIN(ia)->sin_addr.s_addr == pkt_dst.s_addr && 715 (!checkif || ia->ia_ifp == m->m_pkthdr.rcvif)) 716 goto ours; 717 } 718 /* 719 * Check for broadcast addresses. 720 * 721 * Only accept broadcast packets that arrive via the matching 722 * interface. Reception of forwarded directed broadcasts would 723 * be handled via ip_forward() and ether_output() with the loopback 724 * into the stack for SIMPLEX interfaces handled by ether_output(). 725 */ 726 if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { 727 TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) { 728 if (ifa->ifa_addr == NULL) /* shutdown/startup race */ 729 continue; 730 if (ifa->ifa_addr->sa_family != AF_INET) 731 continue; 732 ia = ifatoia(ifa); 733 if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr == 734 pkt_dst.s_addr) 735 goto ours; 736 if (ia->ia_netbroadcast.s_addr == pkt_dst.s_addr) 737 goto ours; 738 #ifdef BOOTP_COMPAT 739 if (IA_SIN(ia)->sin_addr.s_addr == INADDR_ANY) 740 goto ours; 741 #endif 742 } 743 } 744 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { 745 struct in_multi *inm; 746 747 if (ip_mrouter != NULL) { 748 /* 749 * If we are acting as a multicast router, all 750 * incoming multicast packets are passed to the 751 * kernel-level multicast forwarding function. 752 * The packet is returned (relatively) intact; if 753 * ip_mforward() returns a non-zero value, the packet 754 * must be discarded, else it may be accepted below. 755 */ 756 if (ip_mforward != NULL && 757 ip_mforward(ip, m->m_pkthdr.rcvif, m, NULL) != 0) { 758 ipstat.ips_cantforward++; 759 m_freem(m); 760 return; 761 } 762 763 /* 764 * The process-level routing daemon needs to receive 765 * all multicast IGMP packets, whether or not this 766 * host belongs to their destination groups. 767 */ 768 if (ip->ip_p == IPPROTO_IGMP) 769 goto ours; 770 ipstat.ips_forward++; 771 } 772 /* 773 * See if we belong to the destination multicast group on the 774 * arrival interface. 775 */ 776 IN_LOOKUP_MULTI(ip->ip_dst, m->m_pkthdr.rcvif, inm); 777 if (inm == NULL) { 778 ipstat.ips_notmember++; 779 m_freem(m); 780 return; 781 } 782 goto ours; 783 } 784 if (ip->ip_dst.s_addr == INADDR_BROADCAST) 785 goto ours; 786 if (ip->ip_dst.s_addr == INADDR_ANY) 787 goto ours; 788 789 /* 790 * FAITH(Firewall Aided Internet Translator) 791 */ 792 if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 793 if (ip_keepfaith) { 794 if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_ICMP) 795 goto ours; 796 } 797 m_freem(m); 798 return; 799 } 800 801 /* 802 * Not for us; forward if possible and desirable. 803 */ 804 if (!ipforwarding) { 805 ipstat.ips_cantforward++; 806 m_freem(m); 807 } else { 808 #ifdef IPSEC 809 /* 810 * Enforce inbound IPsec SPD. 811 */ 812 if (ipsec4_in_reject(m, NULL)) { 813 ipsecstat.in_polvio++; 814 goto bad; 815 } 816 #endif 817 #ifdef FAST_IPSEC 818 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 819 crit_enter(); 820 if (mtag != NULL) { 821 tdbi = (struct tdb_ident *)m_tag_data(mtag); 822 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 823 } else { 824 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 825 IP_FORWARDING, &error); 826 } 827 if (sp == NULL) { /* NB: can happen if error */ 828 crit_exit(); 829 /*XXX error stat???*/ 830 DPRINTF(("ip_input: no SP for forwarding\n")); /*XXX*/ 831 goto bad; 832 } 833 834 /* 835 * Check security policy against packet attributes. 836 */ 837 error = ipsec_in_reject(sp, m); 838 KEY_FREESP(&sp); 839 crit_exit(); 840 if (error) { 841 ipstat.ips_cantforward++; 842 goto bad; 843 } 844 #endif 845 ip_forward(m, using_srcrt, args.next_hop); 846 } 847 return; 848 849 ours: 850 851 /* 852 * IPSTEALTH: Process non-routing options only 853 * if the packet is destined for us. 854 */ 855 if (ipstealth && 856 hlen > sizeof(struct ip) && 857 ip_dooptions(m, 1, args.next_hop)) 858 return; 859 860 /* Count the packet in the ip address stats */ 861 if (ia != NULL) { 862 ia->ia_ifa.if_ipackets++; 863 ia->ia_ifa.if_ibytes += m->m_pkthdr.len; 864 } 865 866 /* 867 * If offset or IP_MF are set, must reassemble. 868 * Otherwise, nothing need be done. 869 * (We could look in the reassembly queue to see 870 * if the packet was previously fragmented, 871 * but it's not worth the time; just let them time out.) 872 */ 873 if (ip->ip_off & (IP_MF | IP_OFFMASK)) { 874 875 /* If maxnipq is 0, never accept fragments. */ 876 if (maxnipq == 0) { 877 ipstat.ips_fragments++; 878 ipstat.ips_fragdropped++; 879 goto bad; 880 } 881 882 sum = IPREASS_HASH(ip->ip_src.s_addr, ip->ip_id); 883 /* 884 * Look for queue of fragments 885 * of this datagram. 886 */ 887 for (fp = ipq[sum].next; fp != &ipq[sum]; fp = fp->next) 888 if (ip->ip_id == fp->ipq_id && 889 ip->ip_src.s_addr == fp->ipq_src.s_addr && 890 ip->ip_dst.s_addr == fp->ipq_dst.s_addr && 891 ip->ip_p == fp->ipq_p) 892 goto found; 893 894 fp = NULL; 895 896 /* 897 * Enforce upper bound on number of fragmented packets 898 * for which we attempt reassembly; 899 * If maxnipq is -1, accept all fragments without limitation. 900 */ 901 if ((nipq > maxnipq) && (maxnipq > 0)) { 902 /* 903 * drop something from the tail of the current queue 904 * before proceeding further 905 */ 906 if (ipq[sum].prev == &ipq[sum]) { /* gak */ 907 for (i = 0; i < IPREASS_NHASH; i++) { 908 if (ipq[i].prev != &ipq[i]) { 909 ipstat.ips_fragtimeout += 910 ipq[i].prev->ipq_nfrags; 911 ip_freef(ipq[i].prev); 912 break; 913 } 914 } 915 } else { 916 ipstat.ips_fragtimeout += 917 ipq[sum].prev->ipq_nfrags; 918 ip_freef(ipq[sum].prev); 919 } 920 } 921 found: 922 /* 923 * Adjust ip_len to not reflect header, 924 * convert offset of this to bytes. 925 */ 926 ip->ip_len -= hlen; 927 if (ip->ip_off & IP_MF) { 928 /* 929 * Make sure that fragments have a data length 930 * that's a non-zero multiple of 8 bytes. 931 */ 932 if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) { 933 ipstat.ips_toosmall++; /* XXX */ 934 goto bad; 935 } 936 m->m_flags |= M_FRAG; 937 } else 938 m->m_flags &= ~M_FRAG; 939 ip->ip_off <<= 3; 940 941 /* 942 * Attempt reassembly; if it succeeds, proceed. 943 * ip_reass() will return a different mbuf, and update 944 * the divert info in divert_info. 945 */ 946 ipstat.ips_fragments++; 947 m->m_pkthdr.header = ip; 948 m = ip_reass(m, fp, &ipq[sum], &divert_info); 949 if (m == NULL) 950 return; 951 ipstat.ips_reassembled++; 952 needredispatch = TRUE; 953 ip = mtod(m, struct ip *); 954 /* Get the header length of the reassembled packet */ 955 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 956 #ifdef IPDIVERT 957 /* Restore original checksum before diverting packet */ 958 if (divert_info != 0) { 959 ip->ip_len += hlen; 960 ip->ip_len = htons(ip->ip_len); 961 ip->ip_off = htons(ip->ip_off); 962 ip->ip_sum = 0; 963 if (hlen == sizeof(struct ip)) 964 ip->ip_sum = in_cksum_hdr(ip); 965 else 966 ip->ip_sum = in_cksum(m, hlen); 967 ip->ip_off = ntohs(ip->ip_off); 968 ip->ip_len = ntohs(ip->ip_len); 969 ip->ip_len -= hlen; 970 } 971 #endif 972 } else { 973 ip->ip_len -= hlen; 974 } 975 976 #ifdef IPDIVERT 977 /* 978 * Divert or tee packet to the divert protocol if required. 979 */ 980 if (divert_info != 0) { 981 struct mbuf *clone = NULL; 982 983 /* Clone packet if we're doing a 'tee' */ 984 if ((divert_info & IP_FW_PORT_TEE_FLAG) != 0) 985 clone = m_dup(m, MB_DONTWAIT); 986 987 /* Restore packet header fields to original values */ 988 ip->ip_len += hlen; 989 ip->ip_len = htons(ip->ip_len); 990 ip->ip_off = htons(ip->ip_off); 991 992 /* Deliver packet to divert input routine */ 993 divert_packet(m, 1, divert_info & 0xffff); 994 ipstat.ips_delivered++; 995 996 /* If 'tee', continue with original packet */ 997 if (clone == NULL) 998 return; 999 m = clone; 1000 ip = mtod(m, struct ip *); 1001 ip->ip_len += hlen; 1002 /* 1003 * Jump backwards to complete processing of the 1004 * packet. But first clear divert_info to avoid 1005 * entering this block again. 1006 * We do not need to clear args.divert_rule 1007 * or args.next_hop as they will not be used. 1008 * 1009 * XXX Better safe than sorry, remove the DIVERT tag. 1010 */ 1011 mtag = m_tag_find(m, PACKET_TAG_IPFW_DIVERT, NULL); 1012 if (mtag != NULL) 1013 m_tag_delete(m, mtag); 1014 1015 divert_info = 0; 1016 goto pass; 1017 } 1018 #endif 1019 1020 #ifdef IPSEC 1021 /* 1022 * enforce IPsec policy checking if we are seeing last header. 1023 * note that we do not visit this with protocols with pcb layer 1024 * code - like udp/tcp/raw ip. 1025 */ 1026 if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) && 1027 ipsec4_in_reject(m, NULL)) { 1028 ipsecstat.in_polvio++; 1029 goto bad; 1030 } 1031 #endif 1032 #if FAST_IPSEC 1033 /* 1034 * enforce IPsec policy checking if we are seeing last header. 1035 * note that we do not visit this with protocols with pcb layer 1036 * code - like udp/tcp/raw ip. 1037 */ 1038 if (inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) { 1039 /* 1040 * Check if the packet has already had IPsec processing 1041 * done. If so, then just pass it along. This tag gets 1042 * set during AH, ESP, etc. input handling, before the 1043 * packet is returned to the ip input queue for delivery. 1044 */ 1045 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 1046 crit_enter(); 1047 if (mtag != NULL) { 1048 tdbi = (struct tdb_ident *)m_tag_data(mtag); 1049 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 1050 } else { 1051 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 1052 IP_FORWARDING, &error); 1053 } 1054 if (sp != NULL) { 1055 /* 1056 * Check security policy against packet attributes. 1057 */ 1058 error = ipsec_in_reject(sp, m); 1059 KEY_FREESP(&sp); 1060 } else { 1061 /* XXX error stat??? */ 1062 error = EINVAL; 1063 DPRINTF(("ip_input: no SP, packet discarded\n"));/*XXX*/ 1064 goto bad; 1065 } 1066 crit_exit(); 1067 if (error) 1068 goto bad; 1069 } 1070 #endif /* FAST_IPSEC */ 1071 1072 ipstat.ips_delivered++; 1073 if (needredispatch) { 1074 struct netmsg_transport_packet *msg; 1075 lwkt_port_t port; 1076 1077 ip->ip_off = htons(ip->ip_off); 1078 ip->ip_len = htons(ip->ip_len); 1079 port = ip_mport(&m); 1080 if (port == NULL) 1081 return; 1082 1083 msg = kmalloc(sizeof(struct netmsg_transport_packet), M_LWKTMSG, 1084 M_INTWAIT | M_NULLOK); 1085 if (msg == NULL) 1086 goto bad; 1087 1088 netmsg_init(&msg->nm_netmsg, &netisr_afree_rport, 0, 1089 transport_processing_handler); 1090 msg->nm_hlen = hlen; 1091 msg->nm_hasnexthop = (args.next_hop != NULL); 1092 if (msg->nm_hasnexthop) 1093 msg->nm_nexthop = *args.next_hop; /* structure copy */ 1094 1095 msg->nm_mbuf = m; 1096 ip = mtod(m, struct ip *); 1097 ip->ip_len = ntohs(ip->ip_len); 1098 ip->ip_off = ntohs(ip->ip_off); 1099 lwkt_sendmsg(port, &msg->nm_netmsg.nm_lmsg); 1100 } else { 1101 transport_processing_oncpu(m, hlen, ip, args.next_hop); 1102 } 1103 return; 1104 1105 bad: 1106 m_freem(m); 1107 } 1108 1109 /* 1110 * Take incoming datagram fragment and try to reassemble it into 1111 * whole datagram. If a chain for reassembly of this datagram already 1112 * exists, then it is given as fp; otherwise have to make a chain. 1113 * 1114 * When IPDIVERT enabled, keep additional state with each packet that 1115 * tells us if we need to divert or tee the packet we're building. 1116 * In particular, *divinfo includes the port and TEE flag. 1117 */ 1118 1119 static struct mbuf * 1120 ip_reass(struct mbuf *m, struct ipq *fp, struct ipq *where, 1121 u_int32_t *divinfo) 1122 { 1123 struct ip *ip = mtod(m, struct ip *); 1124 struct mbuf *p = NULL, *q, *nq; 1125 struct mbuf *n; 1126 int hlen = IP_VHL_HL(ip->ip_vhl) << 2; 1127 int i, next; 1128 #ifdef IPDIVERT 1129 struct m_tag *mtag; 1130 #endif 1131 1132 /* 1133 * If the hardware has not done csum over this fragment 1134 * then csum_data is not valid at all. 1135 */ 1136 if ((m->m_pkthdr.csum_flags & (CSUM_FRAG_NOT_CHECKED | CSUM_DATA_VALID)) 1137 == (CSUM_FRAG_NOT_CHECKED | CSUM_DATA_VALID)) { 1138 m->m_pkthdr.csum_data = 0; 1139 m->m_pkthdr.csum_flags &= ~(CSUM_DATA_VALID | CSUM_PSEUDO_HDR); 1140 } 1141 1142 /* 1143 * Presence of header sizes in mbufs 1144 * would confuse code below. 1145 */ 1146 m->m_data += hlen; 1147 m->m_len -= hlen; 1148 1149 /* 1150 * If first fragment to arrive, create a reassembly queue. 1151 */ 1152 if (fp == NULL) { 1153 if ((fp = mpipe_alloc_nowait(&ipq_mpipe)) == NULL) 1154 goto dropfrag; 1155 insque(fp, where); 1156 nipq++; 1157 fp->ipq_nfrags = 1; 1158 fp->ipq_ttl = IPFRAGTTL; 1159 fp->ipq_p = ip->ip_p; 1160 fp->ipq_id = ip->ip_id; 1161 fp->ipq_src = ip->ip_src; 1162 fp->ipq_dst = ip->ip_dst; 1163 fp->ipq_frags = m; 1164 m->m_nextpkt = NULL; 1165 #ifdef IPDIVERT 1166 fp->ipq_div_info = 0; 1167 #endif 1168 goto inserted; 1169 } else { 1170 fp->ipq_nfrags++; 1171 } 1172 1173 #define GETIP(m) ((struct ip*)((m)->m_pkthdr.header)) 1174 1175 /* 1176 * Find a segment which begins after this one does. 1177 */ 1178 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) 1179 if (GETIP(q)->ip_off > ip->ip_off) 1180 break; 1181 1182 /* 1183 * If there is a preceding segment, it may provide some of 1184 * our data already. If so, drop the data from the incoming 1185 * segment. If it provides all of our data, drop us, otherwise 1186 * stick new segment in the proper place. 1187 * 1188 * If some of the data is dropped from the the preceding 1189 * segment, then it's checksum is invalidated. 1190 */ 1191 if (p) { 1192 i = GETIP(p)->ip_off + GETIP(p)->ip_len - ip->ip_off; 1193 if (i > 0) { 1194 if (i >= ip->ip_len) 1195 goto dropfrag; 1196 m_adj(m, i); 1197 m->m_pkthdr.csum_flags = 0; 1198 ip->ip_off += i; 1199 ip->ip_len -= i; 1200 } 1201 m->m_nextpkt = p->m_nextpkt; 1202 p->m_nextpkt = m; 1203 } else { 1204 m->m_nextpkt = fp->ipq_frags; 1205 fp->ipq_frags = m; 1206 } 1207 1208 /* 1209 * While we overlap succeeding segments trim them or, 1210 * if they are completely covered, dequeue them. 1211 */ 1212 for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off; 1213 q = nq) { 1214 i = (ip->ip_off + ip->ip_len) - GETIP(q)->ip_off; 1215 if (i < GETIP(q)->ip_len) { 1216 GETIP(q)->ip_len -= i; 1217 GETIP(q)->ip_off += i; 1218 m_adj(q, i); 1219 q->m_pkthdr.csum_flags = 0; 1220 break; 1221 } 1222 nq = q->m_nextpkt; 1223 m->m_nextpkt = nq; 1224 ipstat.ips_fragdropped++; 1225 fp->ipq_nfrags--; 1226 q->m_nextpkt = NULL; 1227 m_freem(q); 1228 } 1229 1230 inserted: 1231 1232 #ifdef IPDIVERT 1233 /* 1234 * Transfer firewall instructions to the fragment structure. 1235 * Only trust info in the fragment at offset 0. 1236 */ 1237 if (ip->ip_off == 0) { 1238 fp->ipq_div_info = *divinfo; 1239 } else { 1240 mtag = m_tag_find(m, PACKET_TAG_IPFW_DIVERT, NULL); 1241 if (mtag != NULL) 1242 m_tag_delete(m, mtag); 1243 } 1244 *divinfo = 0; 1245 #endif 1246 1247 /* 1248 * Check for complete reassembly and perform frag per packet 1249 * limiting. 1250 * 1251 * Frag limiting is performed here so that the nth frag has 1252 * a chance to complete the packet before we drop the packet. 1253 * As a result, n+1 frags are actually allowed per packet, but 1254 * only n will ever be stored. (n = maxfragsperpacket.) 1255 * 1256 */ 1257 next = 0; 1258 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) { 1259 if (GETIP(q)->ip_off != next) { 1260 if (fp->ipq_nfrags > maxfragsperpacket) { 1261 ipstat.ips_fragdropped += fp->ipq_nfrags; 1262 ip_freef(fp); 1263 } 1264 return (NULL); 1265 } 1266 next += GETIP(q)->ip_len; 1267 } 1268 /* Make sure the last packet didn't have the IP_MF flag */ 1269 if (p->m_flags & M_FRAG) { 1270 if (fp->ipq_nfrags > maxfragsperpacket) { 1271 ipstat.ips_fragdropped += fp->ipq_nfrags; 1272 ip_freef(fp); 1273 } 1274 return (NULL); 1275 } 1276 1277 /* 1278 * Reassembly is complete. Make sure the packet is a sane size. 1279 */ 1280 q = fp->ipq_frags; 1281 ip = GETIP(q); 1282 if (next + (IP_VHL_HL(ip->ip_vhl) << 2) > IP_MAXPACKET) { 1283 ipstat.ips_toolong++; 1284 ipstat.ips_fragdropped += fp->ipq_nfrags; 1285 ip_freef(fp); 1286 return (NULL); 1287 } 1288 1289 /* 1290 * Concatenate fragments. 1291 */ 1292 m = q; 1293 n = m->m_next; 1294 m->m_next = NULL; 1295 m_cat(m, n); 1296 nq = q->m_nextpkt; 1297 q->m_nextpkt = NULL; 1298 for (q = nq; q != NULL; q = nq) { 1299 nq = q->m_nextpkt; 1300 q->m_nextpkt = NULL; 1301 m->m_pkthdr.csum_flags &= q->m_pkthdr.csum_flags; 1302 m->m_pkthdr.csum_data += q->m_pkthdr.csum_data; 1303 m_cat(m, q); 1304 } 1305 1306 /* 1307 * Clean up the 1's complement checksum. Carry over 16 bits must 1308 * be added back. This assumes no more then 65535 packet fragments 1309 * were reassembled. A second carry can also occur (but not a third). 1310 */ 1311 m->m_pkthdr.csum_data = (m->m_pkthdr.csum_data & 0xffff) + 1312 (m->m_pkthdr.csum_data >> 16); 1313 if (m->m_pkthdr.csum_data > 0xFFFF) 1314 m->m_pkthdr.csum_data -= 0xFFFF; 1315 1316 1317 #ifdef IPDIVERT 1318 /* 1319 * Extract firewall instructions from the fragment structure. 1320 */ 1321 *divinfo = fp->ipq_div_info; 1322 #endif 1323 1324 /* 1325 * Create header for new ip packet by 1326 * modifying header of first packet; 1327 * dequeue and discard fragment reassembly header. 1328 * Make header visible. 1329 */ 1330 ip->ip_len = next; 1331 ip->ip_src = fp->ipq_src; 1332 ip->ip_dst = fp->ipq_dst; 1333 remque(fp); 1334 nipq--; 1335 mpipe_free(&ipq_mpipe, fp); 1336 m->m_len += (IP_VHL_HL(ip->ip_vhl) << 2); 1337 m->m_data -= (IP_VHL_HL(ip->ip_vhl) << 2); 1338 /* some debugging cruft by sklower, below, will go away soon */ 1339 if (m->m_flags & M_PKTHDR) { /* XXX this should be done elsewhere */ 1340 int plen = 0; 1341 1342 for (n = m; n; n = n->m_next) 1343 plen += n->m_len; 1344 m->m_pkthdr.len = plen; 1345 } 1346 return (m); 1347 1348 dropfrag: 1349 #ifdef IPDIVERT 1350 *divinfo = 0; 1351 #endif 1352 ipstat.ips_fragdropped++; 1353 if (fp != NULL) 1354 fp->ipq_nfrags--; 1355 m_freem(m); 1356 return (NULL); 1357 1358 #undef GETIP 1359 } 1360 1361 /* 1362 * Free a fragment reassembly header and all 1363 * associated datagrams. 1364 */ 1365 static void 1366 ip_freef(struct ipq *fp) 1367 { 1368 struct mbuf *q; 1369 1370 while (fp->ipq_frags) { 1371 q = fp->ipq_frags; 1372 fp->ipq_frags = q->m_nextpkt; 1373 q->m_nextpkt = NULL; 1374 m_freem(q); 1375 } 1376 remque(fp); 1377 mpipe_free(&ipq_mpipe, fp); 1378 nipq--; 1379 } 1380 1381 /* 1382 * IP timer processing; 1383 * if a timer expires on a reassembly 1384 * queue, discard it. 1385 */ 1386 void 1387 ip_slowtimo(void) 1388 { 1389 struct ipq *fp; 1390 int i; 1391 1392 crit_enter(); 1393 for (i = 0; i < IPREASS_NHASH; i++) { 1394 fp = ipq[i].next; 1395 if (fp == NULL) 1396 continue; 1397 while (fp != &ipq[i]) { 1398 --fp->ipq_ttl; 1399 fp = fp->next; 1400 if (fp->prev->ipq_ttl == 0) { 1401 ipstat.ips_fragtimeout += fp->prev->ipq_nfrags; 1402 ip_freef(fp->prev); 1403 } 1404 } 1405 } 1406 /* 1407 * If we are over the maximum number of fragments 1408 * (due to the limit being lowered), drain off 1409 * enough to get down to the new limit. 1410 */ 1411 if (maxnipq >= 0 && nipq > maxnipq) { 1412 for (i = 0; i < IPREASS_NHASH; i++) { 1413 while (nipq > maxnipq && 1414 (ipq[i].next != &ipq[i])) { 1415 ipstat.ips_fragdropped += 1416 ipq[i].next->ipq_nfrags; 1417 ip_freef(ipq[i].next); 1418 } 1419 } 1420 } 1421 ipflow_slowtimo(); 1422 crit_exit(); 1423 } 1424 1425 /* 1426 * Drain off all datagram fragments. 1427 */ 1428 void 1429 ip_drain(void) 1430 { 1431 int i; 1432 1433 for (i = 0; i < IPREASS_NHASH; i++) { 1434 while (ipq[i].next != &ipq[i]) { 1435 ipstat.ips_fragdropped += ipq[i].next->ipq_nfrags; 1436 ip_freef(ipq[i].next); 1437 } 1438 } 1439 in_rtqdrain(); 1440 } 1441 1442 /* 1443 * Do option processing on a datagram, 1444 * possibly discarding it if bad options are encountered, 1445 * or forwarding it if source-routed. 1446 * The pass argument is used when operating in the IPSTEALTH 1447 * mode to tell what options to process: 1448 * [LS]SRR (pass 0) or the others (pass 1). 1449 * The reason for as many as two passes is that when doing IPSTEALTH, 1450 * non-routing options should be processed only if the packet is for us. 1451 * Returns 1 if packet has been forwarded/freed, 1452 * 0 if the packet should be processed further. 1453 */ 1454 static int 1455 ip_dooptions(struct mbuf *m, int pass, struct sockaddr_in *next_hop) 1456 { 1457 struct sockaddr_in ipaddr = { sizeof ipaddr, AF_INET }; 1458 struct ip *ip = mtod(m, struct ip *); 1459 u_char *cp; 1460 struct in_ifaddr *ia; 1461 int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB; 1462 boolean_t forward = FALSE; 1463 struct in_addr *sin, dst; 1464 n_time ntime; 1465 1466 dst = ip->ip_dst; 1467 cp = (u_char *)(ip + 1); 1468 cnt = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof(struct ip); 1469 for (; cnt > 0; cnt -= optlen, cp += optlen) { 1470 opt = cp[IPOPT_OPTVAL]; 1471 if (opt == IPOPT_EOL) 1472 break; 1473 if (opt == IPOPT_NOP) 1474 optlen = 1; 1475 else { 1476 if (cnt < IPOPT_OLEN + sizeof(*cp)) { 1477 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1478 goto bad; 1479 } 1480 optlen = cp[IPOPT_OLEN]; 1481 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { 1482 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1483 goto bad; 1484 } 1485 } 1486 switch (opt) { 1487 1488 default: 1489 break; 1490 1491 /* 1492 * Source routing with record. 1493 * Find interface with current destination address. 1494 * If none on this machine then drop if strictly routed, 1495 * or do nothing if loosely routed. 1496 * Record interface address and bring up next address 1497 * component. If strictly routed make sure next 1498 * address is on directly accessible net. 1499 */ 1500 case IPOPT_LSRR: 1501 case IPOPT_SSRR: 1502 if (ipstealth && pass > 0) 1503 break; 1504 if (optlen < IPOPT_OFFSET + sizeof(*cp)) { 1505 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1506 goto bad; 1507 } 1508 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { 1509 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1510 goto bad; 1511 } 1512 ipaddr.sin_addr = ip->ip_dst; 1513 ia = (struct in_ifaddr *) 1514 ifa_ifwithaddr((struct sockaddr *)&ipaddr); 1515 if (ia == NULL) { 1516 if (opt == IPOPT_SSRR) { 1517 type = ICMP_UNREACH; 1518 code = ICMP_UNREACH_SRCFAIL; 1519 goto bad; 1520 } 1521 if (!ip_dosourceroute) 1522 goto nosourcerouting; 1523 /* 1524 * Loose routing, and not at next destination 1525 * yet; nothing to do except forward. 1526 */ 1527 break; 1528 } 1529 off--; /* 0 origin */ 1530 if (off > optlen - (int)sizeof(struct in_addr)) { 1531 /* 1532 * End of source route. Should be for us. 1533 */ 1534 if (!ip_acceptsourceroute) 1535 goto nosourcerouting; 1536 save_rte(cp, ip->ip_src); 1537 break; 1538 } 1539 if (ipstealth) 1540 goto dropit; 1541 if (!ip_dosourceroute) { 1542 if (ipforwarding) { 1543 char buf[sizeof "aaa.bbb.ccc.ddd"]; 1544 1545 /* 1546 * Acting as a router, so generate ICMP 1547 */ 1548 nosourcerouting: 1549 strcpy(buf, inet_ntoa(ip->ip_dst)); 1550 log(LOG_WARNING, 1551 "attempted source route from %s to %s\n", 1552 inet_ntoa(ip->ip_src), buf); 1553 type = ICMP_UNREACH; 1554 code = ICMP_UNREACH_SRCFAIL; 1555 goto bad; 1556 } else { 1557 /* 1558 * Not acting as a router, 1559 * so silently drop. 1560 */ 1561 dropit: 1562 ipstat.ips_cantforward++; 1563 m_freem(m); 1564 return (1); 1565 } 1566 } 1567 1568 /* 1569 * locate outgoing interface 1570 */ 1571 memcpy(&ipaddr.sin_addr, cp + off, 1572 sizeof ipaddr.sin_addr); 1573 1574 if (opt == IPOPT_SSRR) { 1575 #define INA struct in_ifaddr * 1576 #define SA struct sockaddr * 1577 if ((ia = (INA)ifa_ifwithdstaddr((SA)&ipaddr)) 1578 == NULL) 1579 ia = (INA)ifa_ifwithnet((SA)&ipaddr); 1580 } else 1581 ia = ip_rtaddr(ipaddr.sin_addr, 1582 &ipforward_rt[mycpuid]); 1583 if (ia == NULL) { 1584 type = ICMP_UNREACH; 1585 code = ICMP_UNREACH_SRCFAIL; 1586 goto bad; 1587 } 1588 ip->ip_dst = ipaddr.sin_addr; 1589 memcpy(cp + off, &IA_SIN(ia)->sin_addr, 1590 sizeof(struct in_addr)); 1591 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1592 /* 1593 * Let ip_intr's mcast routing check handle mcast pkts 1594 */ 1595 forward = !IN_MULTICAST(ntohl(ip->ip_dst.s_addr)); 1596 break; 1597 1598 case IPOPT_RR: 1599 if (ipstealth && pass == 0) 1600 break; 1601 if (optlen < IPOPT_OFFSET + sizeof(*cp)) { 1602 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1603 goto bad; 1604 } 1605 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { 1606 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1607 goto bad; 1608 } 1609 /* 1610 * If no space remains, ignore. 1611 */ 1612 off--; /* 0 origin */ 1613 if (off > optlen - (int)sizeof(struct in_addr)) 1614 break; 1615 memcpy(&ipaddr.sin_addr, &ip->ip_dst, 1616 sizeof ipaddr.sin_addr); 1617 /* 1618 * locate outgoing interface; if we're the destination, 1619 * use the incoming interface (should be same). 1620 */ 1621 if ((ia = (INA)ifa_ifwithaddr((SA)&ipaddr)) == NULL && 1622 (ia = ip_rtaddr(ipaddr.sin_addr, 1623 &ipforward_rt[mycpuid])) 1624 == NULL) { 1625 type = ICMP_UNREACH; 1626 code = ICMP_UNREACH_HOST; 1627 goto bad; 1628 } 1629 memcpy(cp + off, &IA_SIN(ia)->sin_addr, 1630 sizeof(struct in_addr)); 1631 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1632 break; 1633 1634 case IPOPT_TS: 1635 if (ipstealth && pass == 0) 1636 break; 1637 code = cp - (u_char *)ip; 1638 if (optlen < 4 || optlen > 40) { 1639 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1640 goto bad; 1641 } 1642 if ((off = cp[IPOPT_OFFSET]) < 5) { 1643 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1644 goto bad; 1645 } 1646 if (off > optlen - (int)sizeof(int32_t)) { 1647 cp[IPOPT_OFFSET + 1] += (1 << 4); 1648 if ((cp[IPOPT_OFFSET + 1] & 0xf0) == 0) { 1649 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1650 goto bad; 1651 } 1652 break; 1653 } 1654 off--; /* 0 origin */ 1655 sin = (struct in_addr *)(cp + off); 1656 switch (cp[IPOPT_OFFSET + 1] & 0x0f) { 1657 1658 case IPOPT_TS_TSONLY: 1659 break; 1660 1661 case IPOPT_TS_TSANDADDR: 1662 if (off + sizeof(n_time) + 1663 sizeof(struct in_addr) > optlen) { 1664 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1665 goto bad; 1666 } 1667 ipaddr.sin_addr = dst; 1668 ia = (INA)ifaof_ifpforaddr((SA)&ipaddr, 1669 m->m_pkthdr.rcvif); 1670 if (ia == NULL) 1671 continue; 1672 memcpy(sin, &IA_SIN(ia)->sin_addr, 1673 sizeof(struct in_addr)); 1674 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1675 off += sizeof(struct in_addr); 1676 break; 1677 1678 case IPOPT_TS_PRESPEC: 1679 if (off + sizeof(n_time) + 1680 sizeof(struct in_addr) > optlen) { 1681 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1682 goto bad; 1683 } 1684 memcpy(&ipaddr.sin_addr, sin, 1685 sizeof(struct in_addr)); 1686 if (ifa_ifwithaddr((SA)&ipaddr) == NULL) 1687 continue; 1688 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1689 off += sizeof(struct in_addr); 1690 break; 1691 1692 default: 1693 code = &cp[IPOPT_OFFSET + 1] - (u_char *)ip; 1694 goto bad; 1695 } 1696 ntime = iptime(); 1697 memcpy(cp + off, &ntime, sizeof(n_time)); 1698 cp[IPOPT_OFFSET] += sizeof(n_time); 1699 } 1700 } 1701 if (forward && ipforwarding) { 1702 ip_forward(m, TRUE, next_hop); 1703 return (1); 1704 } 1705 return (0); 1706 bad: 1707 icmp_error(m, type, code, 0, 0); 1708 ipstat.ips_badoptions++; 1709 return (1); 1710 } 1711 1712 /* 1713 * Given address of next destination (final or next hop), 1714 * return internet address info of interface to be used to get there. 1715 */ 1716 struct in_ifaddr * 1717 ip_rtaddr(struct in_addr dst, struct route *ro) 1718 { 1719 struct sockaddr_in *sin; 1720 1721 sin = (struct sockaddr_in *)&ro->ro_dst; 1722 1723 if (ro->ro_rt == NULL || dst.s_addr != sin->sin_addr.s_addr) { 1724 if (ro->ro_rt != NULL) { 1725 RTFREE(ro->ro_rt); 1726 ro->ro_rt = NULL; 1727 } 1728 sin->sin_family = AF_INET; 1729 sin->sin_len = sizeof *sin; 1730 sin->sin_addr = dst; 1731 rtalloc_ign(ro, RTF_PRCLONING); 1732 } 1733 1734 if (ro->ro_rt == NULL) 1735 return (NULL); 1736 1737 return (ifatoia(ro->ro_rt->rt_ifa)); 1738 } 1739 1740 /* 1741 * Save incoming source route for use in replies, 1742 * to be picked up later by ip_srcroute if the receiver is interested. 1743 */ 1744 void 1745 save_rte(u_char *option, struct in_addr dst) 1746 { 1747 unsigned olen; 1748 1749 olen = option[IPOPT_OLEN]; 1750 #ifdef DIAGNOSTIC 1751 if (ipprintfs) 1752 kprintf("save_rte: olen %d\n", olen); 1753 #endif 1754 if (olen > sizeof(ip_srcrt) - (1 + sizeof(dst))) 1755 return; 1756 bcopy(option, ip_srcrt.srcopt, olen); 1757 ip_nhops = (olen - IPOPT_OFFSET - 1) / sizeof(struct in_addr); 1758 ip_srcrt.dst = dst; 1759 } 1760 1761 /* 1762 * Retrieve incoming source route for use in replies, 1763 * in the same form used by setsockopt. 1764 * The first hop is placed before the options, will be removed later. 1765 */ 1766 struct mbuf * 1767 ip_srcroute(void) 1768 { 1769 struct in_addr *p, *q; 1770 struct mbuf *m; 1771 1772 if (ip_nhops == 0) 1773 return (NULL); 1774 m = m_get(MB_DONTWAIT, MT_HEADER); 1775 if (m == NULL) 1776 return (NULL); 1777 1778 #define OPTSIZ (sizeof(ip_srcrt.nop) + sizeof(ip_srcrt.srcopt)) 1779 1780 /* length is (nhops+1)*sizeof(addr) + sizeof(nop + srcrt header) */ 1781 m->m_len = ip_nhops * sizeof(struct in_addr) + sizeof(struct in_addr) + 1782 OPTSIZ; 1783 #ifdef DIAGNOSTIC 1784 if (ipprintfs) 1785 kprintf("ip_srcroute: nhops %d mlen %d", ip_nhops, m->m_len); 1786 #endif 1787 1788 /* 1789 * First save first hop for return route 1790 */ 1791 p = &ip_srcrt.route[ip_nhops - 1]; 1792 *(mtod(m, struct in_addr *)) = *p--; 1793 #ifdef DIAGNOSTIC 1794 if (ipprintfs) 1795 kprintf(" hops %x", ntohl(mtod(m, struct in_addr *)->s_addr)); 1796 #endif 1797 1798 /* 1799 * Copy option fields and padding (nop) to mbuf. 1800 */ 1801 ip_srcrt.nop = IPOPT_NOP; 1802 ip_srcrt.srcopt[IPOPT_OFFSET] = IPOPT_MINOFF; 1803 memcpy(mtod(m, caddr_t) + sizeof(struct in_addr), &ip_srcrt.nop, 1804 OPTSIZ); 1805 q = (struct in_addr *)(mtod(m, caddr_t) + 1806 sizeof(struct in_addr) + OPTSIZ); 1807 #undef OPTSIZ 1808 /* 1809 * Record return path as an IP source route, 1810 * reversing the path (pointers are now aligned). 1811 */ 1812 while (p >= ip_srcrt.route) { 1813 #ifdef DIAGNOSTIC 1814 if (ipprintfs) 1815 kprintf(" %x", ntohl(q->s_addr)); 1816 #endif 1817 *q++ = *p--; 1818 } 1819 /* 1820 * Last hop goes to final destination. 1821 */ 1822 *q = ip_srcrt.dst; 1823 #ifdef DIAGNOSTIC 1824 if (ipprintfs) 1825 kprintf(" %x\n", ntohl(q->s_addr)); 1826 #endif 1827 return (m); 1828 } 1829 1830 /* 1831 * Strip out IP options. 1832 */ 1833 void 1834 ip_stripoptions(struct mbuf *m) 1835 { 1836 int datalen; 1837 struct ip *ip = mtod(m, struct ip *); 1838 caddr_t opts; 1839 int optlen; 1840 1841 optlen = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof(struct ip); 1842 opts = (caddr_t)(ip + 1); 1843 datalen = m->m_len - (sizeof(struct ip) + optlen); 1844 bcopy(opts + optlen, opts, datalen); 1845 m->m_len -= optlen; 1846 if (m->m_flags & M_PKTHDR) 1847 m->m_pkthdr.len -= optlen; 1848 ip->ip_vhl = IP_MAKE_VHL(IPVERSION, sizeof(struct ip) >> 2); 1849 } 1850 1851 u_char inetctlerrmap[PRC_NCMDS] = { 1852 0, 0, 0, 0, 1853 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1854 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1855 EMSGSIZE, EHOSTUNREACH, 0, 0, 1856 0, 0, 0, 0, 1857 ENOPROTOOPT, ECONNREFUSED 1858 }; 1859 1860 /* 1861 * Forward a packet. If some error occurs return the sender 1862 * an icmp packet. Note we can't always generate a meaningful 1863 * icmp message because icmp doesn't have a large enough repertoire 1864 * of codes and types. 1865 * 1866 * If not forwarding, just drop the packet. This could be confusing 1867 * if ipforwarding was zero but some routing protocol was advancing 1868 * us as a gateway to somewhere. However, we must let the routing 1869 * protocol deal with that. 1870 * 1871 * The using_srcrt parameter indicates whether the packet is being forwarded 1872 * via a source route. 1873 */ 1874 static void 1875 ip_forward(struct mbuf *m, boolean_t using_srcrt, struct sockaddr_in *next_hop) 1876 { 1877 struct ip *ip = mtod(m, struct ip *); 1878 struct sockaddr_in *ipforward_rtaddr; 1879 struct rtentry *rt; 1880 int error, type = 0, code = 0, destmtu = 0; 1881 struct mbuf *mcopy; 1882 n_long dest; 1883 struct in_addr pkt_dst; 1884 struct m_hdr tag; 1885 struct route *cache_rt = &ipforward_rt[mycpuid]; 1886 1887 dest = INADDR_ANY; 1888 /* 1889 * Cache the destination address of the packet; this may be 1890 * changed by use of 'ipfw fwd'. 1891 */ 1892 pkt_dst = (next_hop != NULL) ? next_hop->sin_addr : ip->ip_dst; 1893 1894 #ifdef DIAGNOSTIC 1895 if (ipprintfs) 1896 kprintf("forward: src %x dst %x ttl %x\n", 1897 ip->ip_src.s_addr, pkt_dst.s_addr, ip->ip_ttl); 1898 #endif 1899 1900 if (m->m_flags & (M_BCAST | M_MCAST) || !in_canforward(pkt_dst)) { 1901 ipstat.ips_cantforward++; 1902 m_freem(m); 1903 return; 1904 } 1905 if (!ipstealth && ip->ip_ttl <= IPTTLDEC) { 1906 icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, 0); 1907 return; 1908 } 1909 1910 ipforward_rtaddr = (struct sockaddr_in *) &cache_rt->ro_dst; 1911 if (cache_rt->ro_rt == NULL || 1912 ipforward_rtaddr->sin_addr.s_addr != pkt_dst.s_addr) { 1913 if (cache_rt->ro_rt != NULL) { 1914 RTFREE(cache_rt->ro_rt); 1915 cache_rt->ro_rt = NULL; 1916 } 1917 ipforward_rtaddr->sin_family = AF_INET; 1918 ipforward_rtaddr->sin_len = sizeof(struct sockaddr_in); 1919 ipforward_rtaddr->sin_addr = pkt_dst; 1920 rtalloc_ign(cache_rt, RTF_PRCLONING); 1921 if (cache_rt->ro_rt == NULL) { 1922 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, dest, 0); 1923 return; 1924 } 1925 } 1926 rt = cache_rt->ro_rt; 1927 1928 /* 1929 * Save the IP header and at most 8 bytes of the payload, 1930 * in case we need to generate an ICMP message to the src. 1931 * 1932 * XXX this can be optimized a lot by saving the data in a local 1933 * buffer on the stack (72 bytes at most), and only allocating the 1934 * mbuf if really necessary. The vast majority of the packets 1935 * are forwarded without having to send an ICMP back (either 1936 * because unnecessary, or because rate limited), so we are 1937 * really we are wasting a lot of work here. 1938 * 1939 * We don't use m_copy() because it might return a reference 1940 * to a shared cluster. Both this function and ip_output() 1941 * assume exclusive access to the IP header in `m', so any 1942 * data in a cluster may change before we reach icmp_error(). 1943 */ 1944 MGETHDR(mcopy, MB_DONTWAIT, m->m_type); 1945 if (mcopy != NULL && !m_dup_pkthdr(mcopy, m, MB_DONTWAIT)) { 1946 /* 1947 * It's probably ok if the pkthdr dup fails (because 1948 * the deep copy of the tag chain failed), but for now 1949 * be conservative and just discard the copy since 1950 * code below may some day want the tags. 1951 */ 1952 m_free(mcopy); 1953 mcopy = NULL; 1954 } 1955 if (mcopy != NULL) { 1956 mcopy->m_len = imin((IP_VHL_HL(ip->ip_vhl) << 2) + 8, 1957 (int)ip->ip_len); 1958 mcopy->m_pkthdr.len = mcopy->m_len; 1959 m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t)); 1960 } 1961 1962 if (!ipstealth) 1963 ip->ip_ttl -= IPTTLDEC; 1964 1965 /* 1966 * If forwarding packet using same interface that it came in on, 1967 * perhaps should send a redirect to sender to shortcut a hop. 1968 * Only send redirect if source is sending directly to us, 1969 * and if packet was not source routed (or has any options). 1970 * Also, don't send redirect if forwarding using a default route 1971 * or a route modified by a redirect. 1972 */ 1973 if (rt->rt_ifp == m->m_pkthdr.rcvif && 1974 !(rt->rt_flags & (RTF_DYNAMIC | RTF_MODIFIED)) && 1975 satosin(rt_key(rt))->sin_addr.s_addr != INADDR_ANY && 1976 ipsendredirects && !using_srcrt && next_hop == NULL) { 1977 u_long src = ntohl(ip->ip_src.s_addr); 1978 struct in_ifaddr *rt_ifa = (struct in_ifaddr *)rt->rt_ifa; 1979 1980 if (rt_ifa != NULL && 1981 (src & rt_ifa->ia_subnetmask) == rt_ifa->ia_subnet) { 1982 if (rt->rt_flags & RTF_GATEWAY) 1983 dest = satosin(rt->rt_gateway)->sin_addr.s_addr; 1984 else 1985 dest = pkt_dst.s_addr; 1986 /* 1987 * Router requirements says to only send 1988 * host redirects. 1989 */ 1990 type = ICMP_REDIRECT; 1991 code = ICMP_REDIRECT_HOST; 1992 #ifdef DIAGNOSTIC 1993 if (ipprintfs) 1994 kprintf("redirect (%d) to %x\n", code, dest); 1995 #endif 1996 } 1997 } 1998 1999 if (next_hop != NULL) { 2000 /* Pass IPFORWARD info if available */ 2001 tag.mh_type = MT_TAG; 2002 tag.mh_flags = PACKET_TAG_IPFORWARD; 2003 tag.mh_data = (caddr_t)next_hop; 2004 tag.mh_next = m; 2005 m = (struct mbuf *)&tag; 2006 } 2007 2008 error = ip_output(m, NULL, cache_rt, IP_FORWARDING, NULL, 2009 NULL); 2010 if (error == 0) { 2011 ipstat.ips_forward++; 2012 if (type == 0) { 2013 if (mcopy) { 2014 ipflow_create(cache_rt, mcopy); 2015 m_freem(mcopy); 2016 } 2017 return; /* most common case */ 2018 } else { 2019 ipstat.ips_redirectsent++; 2020 } 2021 } else { 2022 ipstat.ips_cantforward++; 2023 } 2024 2025 if (mcopy == NULL) 2026 return; 2027 2028 /* 2029 * Send ICMP message. 2030 */ 2031 2032 switch (error) { 2033 2034 case 0: /* forwarded, but need redirect */ 2035 /* type, code set above */ 2036 break; 2037 2038 case ENETUNREACH: /* shouldn't happen, checked above */ 2039 case EHOSTUNREACH: 2040 case ENETDOWN: 2041 case EHOSTDOWN: 2042 default: 2043 type = ICMP_UNREACH; 2044 code = ICMP_UNREACH_HOST; 2045 break; 2046 2047 case EMSGSIZE: 2048 type = ICMP_UNREACH; 2049 code = ICMP_UNREACH_NEEDFRAG; 2050 #ifdef IPSEC 2051 /* 2052 * If the packet is routed over IPsec tunnel, tell the 2053 * originator the tunnel MTU. 2054 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz 2055 * XXX quickhack!!! 2056 */ 2057 if (cache_rt->ro_rt != NULL) { 2058 struct secpolicy *sp = NULL; 2059 int ipsecerror; 2060 int ipsechdr; 2061 struct route *ro; 2062 2063 sp = ipsec4_getpolicybyaddr(mcopy, 2064 IPSEC_DIR_OUTBOUND, 2065 IP_FORWARDING, 2066 &ipsecerror); 2067 2068 if (sp == NULL) 2069 destmtu = cache_rt->ro_rt->rt_ifp->if_mtu; 2070 else { 2071 /* count IPsec header size */ 2072 ipsechdr = ipsec4_hdrsiz(mcopy, 2073 IPSEC_DIR_OUTBOUND, 2074 NULL); 2075 2076 /* 2077 * find the correct route for outer IPv4 2078 * header, compute tunnel MTU. 2079 * 2080 */ 2081 if (sp->req != NULL && sp->req->sav != NULL && 2082 sp->req->sav->sah != NULL) { 2083 ro = &sp->req->sav->sah->sa_route; 2084 if (ro->ro_rt != NULL && 2085 ro->ro_rt->rt_ifp != NULL) { 2086 destmtu = 2087 ro->ro_rt->rt_ifp->if_mtu; 2088 destmtu -= ipsechdr; 2089 } 2090 } 2091 2092 key_freesp(sp); 2093 } 2094 } 2095 #elif FAST_IPSEC 2096 /* 2097 * If the packet is routed over IPsec tunnel, tell the 2098 * originator the tunnel MTU. 2099 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz 2100 * XXX quickhack!!! 2101 */ 2102 if (cache_rt->ro_rt != NULL) { 2103 struct secpolicy *sp = NULL; 2104 int ipsecerror; 2105 int ipsechdr; 2106 struct route *ro; 2107 2108 sp = ipsec_getpolicybyaddr(mcopy, 2109 IPSEC_DIR_OUTBOUND, 2110 IP_FORWARDING, 2111 &ipsecerror); 2112 2113 if (sp == NULL) 2114 destmtu = cache_rt->ro_rt->rt_ifp->if_mtu; 2115 else { 2116 /* count IPsec header size */ 2117 ipsechdr = ipsec4_hdrsiz(mcopy, 2118 IPSEC_DIR_OUTBOUND, 2119 NULL); 2120 2121 /* 2122 * find the correct route for outer IPv4 2123 * header, compute tunnel MTU. 2124 */ 2125 2126 if (sp->req != NULL && 2127 sp->req->sav != NULL && 2128 sp->req->sav->sah != NULL) { 2129 ro = &sp->req->sav->sah->sa_route; 2130 if (ro->ro_rt != NULL && 2131 ro->ro_rt->rt_ifp != NULL) { 2132 destmtu = 2133 ro->ro_rt->rt_ifp->if_mtu; 2134 destmtu -= ipsechdr; 2135 } 2136 } 2137 2138 KEY_FREESP(&sp); 2139 } 2140 } 2141 #else /* !IPSEC && !FAST_IPSEC */ 2142 if (cache_rt->ro_rt != NULL) 2143 destmtu = cache_rt->ro_rt->rt_ifp->if_mtu; 2144 #endif /*IPSEC*/ 2145 ipstat.ips_cantfrag++; 2146 break; 2147 2148 case ENOBUFS: 2149 /* 2150 * A router should not generate ICMP_SOURCEQUENCH as 2151 * required in RFC1812 Requirements for IP Version 4 Routers. 2152 * Source quench could be a big problem under DoS attacks, 2153 * or if the underlying interface is rate-limited. 2154 * Those who need source quench packets may re-enable them 2155 * via the net.inet.ip.sendsourcequench sysctl. 2156 */ 2157 if (!ip_sendsourcequench) { 2158 m_freem(mcopy); 2159 return; 2160 } else { 2161 type = ICMP_SOURCEQUENCH; 2162 code = 0; 2163 } 2164 break; 2165 2166 case EACCES: /* ipfw denied packet */ 2167 m_freem(mcopy); 2168 return; 2169 } 2170 icmp_error(mcopy, type, code, dest, destmtu); 2171 } 2172 2173 void 2174 ip_savecontrol(struct inpcb *inp, struct mbuf **mp, struct ip *ip, 2175 struct mbuf *m) 2176 { 2177 if (inp->inp_socket->so_options & SO_TIMESTAMP) { 2178 struct timeval tv; 2179 2180 microtime(&tv); 2181 *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), 2182 SCM_TIMESTAMP, SOL_SOCKET); 2183 if (*mp) 2184 mp = &(*mp)->m_next; 2185 } 2186 if (inp->inp_flags & INP_RECVDSTADDR) { 2187 *mp = sbcreatecontrol((caddr_t) &ip->ip_dst, 2188 sizeof(struct in_addr), IP_RECVDSTADDR, IPPROTO_IP); 2189 if (*mp) 2190 mp = &(*mp)->m_next; 2191 } 2192 if (inp->inp_flags & INP_RECVTTL) { 2193 *mp = sbcreatecontrol((caddr_t) &ip->ip_ttl, 2194 sizeof(u_char), IP_RECVTTL, IPPROTO_IP); 2195 if (*mp) 2196 mp = &(*mp)->m_next; 2197 } 2198 #ifdef notyet 2199 /* XXX 2200 * Moving these out of udp_input() made them even more broken 2201 * than they already were. 2202 */ 2203 /* options were tossed already */ 2204 if (inp->inp_flags & INP_RECVOPTS) { 2205 *mp = sbcreatecontrol((caddr_t) opts_deleted_above, 2206 sizeof(struct in_addr), IP_RECVOPTS, IPPROTO_IP); 2207 if (*mp) 2208 mp = &(*mp)->m_next; 2209 } 2210 /* ip_srcroute doesn't do what we want here, need to fix */ 2211 if (inp->inp_flags & INP_RECVRETOPTS) { 2212 *mp = sbcreatecontrol((caddr_t) ip_srcroute(), 2213 sizeof(struct in_addr), IP_RECVRETOPTS, IPPROTO_IP); 2214 if (*mp) 2215 mp = &(*mp)->m_next; 2216 } 2217 #endif 2218 if (inp->inp_flags & INP_RECVIF) { 2219 struct ifnet *ifp; 2220 struct sdlbuf { 2221 struct sockaddr_dl sdl; 2222 u_char pad[32]; 2223 } sdlbuf; 2224 struct sockaddr_dl *sdp; 2225 struct sockaddr_dl *sdl2 = &sdlbuf.sdl; 2226 2227 if (((ifp = m->m_pkthdr.rcvif)) && 2228 ((ifp->if_index != 0) && (ifp->if_index <= if_index))) { 2229 sdp = IF_LLSOCKADDR(ifp); 2230 /* 2231 * Change our mind and don't try copy. 2232 */ 2233 if ((sdp->sdl_family != AF_LINK) || 2234 (sdp->sdl_len > sizeof(sdlbuf))) { 2235 goto makedummy; 2236 } 2237 bcopy(sdp, sdl2, sdp->sdl_len); 2238 } else { 2239 makedummy: 2240 sdl2->sdl_len = 2241 offsetof(struct sockaddr_dl, sdl_data[0]); 2242 sdl2->sdl_family = AF_LINK; 2243 sdl2->sdl_index = 0; 2244 sdl2->sdl_nlen = sdl2->sdl_alen = sdl2->sdl_slen = 0; 2245 } 2246 *mp = sbcreatecontrol((caddr_t) sdl2, sdl2->sdl_len, 2247 IP_RECVIF, IPPROTO_IP); 2248 if (*mp) 2249 mp = &(*mp)->m_next; 2250 } 2251 } 2252 2253 /* 2254 * XXX these routines are called from the upper part of the kernel. 2255 * 2256 * They could also be moved to ip_mroute.c, since all the RSVP 2257 * handling is done there already. 2258 */ 2259 int 2260 ip_rsvp_init(struct socket *so) 2261 { 2262 if (so->so_type != SOCK_RAW || 2263 so->so_proto->pr_protocol != IPPROTO_RSVP) 2264 return EOPNOTSUPP; 2265 2266 if (ip_rsvpd != NULL) 2267 return EADDRINUSE; 2268 2269 ip_rsvpd = so; 2270 /* 2271 * This may seem silly, but we need to be sure we don't over-increment 2272 * the RSVP counter, in case something slips up. 2273 */ 2274 if (!ip_rsvp_on) { 2275 ip_rsvp_on = 1; 2276 rsvp_on++; 2277 } 2278 2279 return 0; 2280 } 2281 2282 int 2283 ip_rsvp_done(void) 2284 { 2285 ip_rsvpd = NULL; 2286 /* 2287 * This may seem silly, but we need to be sure we don't over-decrement 2288 * the RSVP counter, in case something slips up. 2289 */ 2290 if (ip_rsvp_on) { 2291 ip_rsvp_on = 0; 2292 rsvp_on--; 2293 } 2294 return 0; 2295 } 2296 2297 void 2298 rsvp_input(struct mbuf *m, ...) /* XXX must fixup manually */ 2299 { 2300 int off, proto; 2301 __va_list ap; 2302 2303 __va_start(ap, m); 2304 off = __va_arg(ap, int); 2305 proto = __va_arg(ap, int); 2306 __va_end(ap); 2307 2308 if (rsvp_input_p) { /* call the real one if loaded */ 2309 rsvp_input_p(m, off, proto); 2310 return; 2311 } 2312 2313 /* Can still get packets with rsvp_on = 0 if there is a local member 2314 * of the group to which the RSVP packet is addressed. But in this 2315 * case we want to throw the packet away. 2316 */ 2317 2318 if (!rsvp_on) { 2319 m_freem(m); 2320 return; 2321 } 2322 2323 if (ip_rsvpd != NULL) { 2324 rip_input(m, off, proto); 2325 return; 2326 } 2327 /* Drop the packet */ 2328 m_freem(m); 2329 } 2330