1From 7dd690e2c3f3350f5fd647ca52c3fdcc8ef17f4e Mon Sep 17 00:00:00 2001 2From: David van Moolenbroek <david@minix3.org> 3Date: Thu, 2 Feb 2017 18:21:57 +0000 4Subject: [PATCH 2/4] MINIX 3 only: control IP forwarding at run time 5 6The lwIP core supports IPv4 and IPv6 packet forwarding, but allows 7this functionality to be enabled or disabled at compile time only. 8For MINIX 3, this is not enough, as NetBSD userland (including the 9network RC script) expects to be able to control this setting at run 10time. 11 12This patch adds run-time control over IPv4 and IPv6 forwarding with 13the addition of two variables, lwip_ip4_forward and lwip_ip6_forward. 14These variables are defined in the LWIP service and declared for lwIP 15in arch/cc.h. The variables may be changed at any time. Any non-zero 16value indicates that packets of the corresponding IP version should be 17forwarded. 18 19In addition, change lwIP such that if IPv6 forwarding is enabled, 20meaning that the node acts as a (minimal, currently non RFC compliant) 21router, the following adjustments are made (see RFC 4861): 22 23- ICMPv6 Redirect messages are not accepted; 24- ICMPv6 Neighbor Advertisement messages carry the Router flag. 25--- 26 src/core/ipv4/ip4.c | 7 +++++++ 27 src/core/ipv6/ip6.c | 7 +++++++ 28 src/core/ipv6/nd6.c | 14 ++++++++++++++ 29 3 files changed, 28 insertions(+) 30 31diff --git a/src/core/ipv4/ip4.c b/src/core/ipv4/ip4.c 32index d2b1751..d2fde03 100644 33--- a/src/core/ipv4/ip4.c 34+++ b/src/core/ipv4/ip4.c 35@@ -272,6 +272,13 @@ ip4_forward(struct pbuf *p, struct ip_hdr *iphdr, struct netif *inp) 36 { 37 struct netif *netif; 38 39+#if defined(__minix) 40+ /* MINIX 3 only: forward packets only when enabled through configuration. */ 41+ if (!lwip_ip4_forward) { 42+ return; 43+ } 44+#endif /* defined(__minix) */ 45+ 46 PERF_START; 47 LWIP_UNUSED_ARG(inp); 48 49diff --git a/src/core/ipv6/ip6.c b/src/core/ipv6/ip6.c 50index 88d998b..24ecaaa 100644 51--- a/src/core/ipv6/ip6.c 52+++ b/src/core/ipv6/ip6.c 53@@ -367,6 +367,13 @@ ip6_forward(struct pbuf *p, struct ip6_hdr *iphdr, struct netif *inp) 54 { 55 struct netif *netif; 56 57+#if defined(__minix) 58+ /* MINIX 3 only: forward packets only when enabled through configuration. */ 59+ if (!lwip_ip6_forward) { 60+ return; 61+ } 62+#endif /* defined(__minix) */ 63+ 64 /* do not forward link-local or loopback addresses */ 65 if (ip6_addr_islinklocal(ip6_current_dest_addr()) || 66 ip6_addr_isloopback(ip6_current_dest_addr())) { 67diff --git a/src/core/ipv6/nd6.c b/src/core/ipv6/nd6.c 68index 0122d99..bd121f5 100644 69--- a/src/core/ipv6/nd6.c 70+++ b/src/core/ipv6/nd6.c 71@@ -790,6 +790,14 @@ nd6_input(struct pbuf *p, struct netif *inp) 72 struct lladdr_option *lladdr_opt; 73 ip6_addr_t destination_address, target_address; 74 75+#if defined(__minix) 76+ /* MINIX 3 only: if forwarding is enabled, do not accept redirects. */ 77+ if (!lwip_ip6_forward) { 78+ pbuf_free(p); 79+ return; 80+ } 81+#endif /* defined(__minix) */ 82+ 83 /* Check that Redir header fits in packet. */ 84 if (p->len < sizeof(struct redirect_header)) { 85 /* @todo debug message */ 86@@ -1259,6 +1267,12 @@ nd6_send_na(struct netif *netif, const ip6_addr_t *target_addr, u8_t flags) 87 na_hdr->code = 0; 88 na_hdr->chksum = 0; 89 na_hdr->flags = flags & 0xf0; 90+#if defined(__minix) 91+ /* MINIX 3 only: if forwarding is enabled, set the router bit. */ 92+ if (lwip_ip6_forward) { 93+ na_hdr->flags |= ND6_FLAG_ROUTER; 94+ } 95+#endif /* defined(__minix) */ 96 na_hdr->reserved[0] = 0; 97 na_hdr->reserved[1] = 0; 98 na_hdr->reserved[2] = 0; 99-- 1002.5.2 101 102