1 /* 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 34 * $FreeBSD: src/sys/netinet/ip_input.c,v 1.130.2.52 2003/03/07 07:01:28 silby Exp $ 35 * $DragonFly: src/sys/netinet/ip_input.c,v 1.5 2003/08/07 21:54:32 dillon Exp $ 36 */ 37 38 #define _IP_VHL 39 40 #include "opt_bootp.h" 41 #include "opt_ipfw.h" 42 #include "opt_ipdn.h" 43 #include "opt_ipdivert.h" 44 #include "opt_ipfilter.h" 45 #include "opt_ipstealth.h" 46 #include "opt_ipsec.h" 47 #include "opt_random_ip_id.h" 48 49 #include <sys/param.h> 50 #include <sys/systm.h> 51 #include <sys/mbuf.h> 52 #include <sys/malloc.h> 53 #include <sys/domain.h> 54 #include <sys/protosw.h> 55 #include <sys/socket.h> 56 #include <sys/time.h> 57 #include <sys/kernel.h> 58 #include <sys/syslog.h> 59 #include <sys/sysctl.h> 60 61 #include <net/if.h> 62 #include <net/if_types.h> 63 #include <net/if_var.h> 64 #include <net/if_dl.h> 65 #include <net/route.h> 66 #include <net/netisr.h> 67 #include <net/intrq.h> 68 69 #include <netinet/in.h> 70 #include <netinet/in_systm.h> 71 #include <netinet/in_var.h> 72 #include <netinet/ip.h> 73 #include <netinet/in_pcb.h> 74 #include <netinet/ip_var.h> 75 #include <netinet/ip_icmp.h> 76 #include <machine/in_cksum.h> 77 78 #include <netinet/ipprotosw.h> 79 80 #include <sys/socketvar.h> 81 82 #include <net/ipfw/ip_fw.h> 83 #include <net/dummynet/ip_dummynet.h> 84 85 #ifdef IPSEC 86 #include <netinet6/ipsec.h> 87 #include <netproto/key/key.h> 88 #endif 89 90 #ifdef FAST_IPSEC 91 #include <netipsec/ipsec.h> 92 #include <netipsec/key.h> 93 #endif 94 95 int rsvp_on = 0; 96 static int ip_rsvp_on; 97 struct socket *ip_rsvpd; 98 99 int ipforwarding = 0; 100 SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, 101 &ipforwarding, 0, "Enable IP forwarding between interfaces"); 102 103 static int ipsendredirects = 1; /* XXX */ 104 SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, 105 &ipsendredirects, 0, "Enable sending IP redirects"); 106 107 int ip_defttl = IPDEFTTL; 108 SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, 109 &ip_defttl, 0, "Maximum TTL on IP packets"); 110 111 static int ip_dosourceroute = 0; 112 SYSCTL_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW, 113 &ip_dosourceroute, 0, "Enable forwarding source routed IP packets"); 114 115 static int ip_acceptsourceroute = 0; 116 SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute, 117 CTLFLAG_RW, &ip_acceptsourceroute, 0, 118 "Enable accepting source routed IP packets"); 119 120 static int ip_keepfaith = 0; 121 SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, 122 &ip_keepfaith, 0, 123 "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); 124 125 static int nipq = 0; /* total # of reass queues */ 126 static int maxnipq; 127 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragpackets, CTLFLAG_RW, 128 &maxnipq, 0, 129 "Maximum number of IPv4 fragment reassembly queue entries"); 130 131 static int maxfragsperpacket; 132 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, 133 &maxfragsperpacket, 0, 134 "Maximum number of IPv4 fragments allowed per packet"); 135 136 static int ip_sendsourcequench = 0; 137 SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, 138 &ip_sendsourcequench, 0, 139 "Enable the transmission of source quench packets"); 140 141 /* 142 * XXX - Setting ip_checkinterface mostly implements the receive side of 143 * the Strong ES model described in RFC 1122, but since the routing table 144 * and transmit implementation do not implement the Strong ES model, 145 * setting this to 1 results in an odd hybrid. 146 * 147 * XXX - ip_checkinterface currently must be disabled if you use ipnat 148 * to translate the destination address to another local interface. 149 * 150 * XXX - ip_checkinterface must be disabled if you add IP aliases 151 * to the loopback interface instead of the interface where the 152 * packets for those addresses are received. 153 */ 154 static int ip_checkinterface = 0; 155 SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, 156 &ip_checkinterface, 0, "Verify packet arrives on correct interface"); 157 158 #ifdef DIAGNOSTIC 159 static int ipprintfs = 0; 160 #endif 161 162 static int ipqmaxlen = IFQ_MAXLEN; 163 164 extern struct domain inetdomain; 165 extern struct ipprotosw inetsw[]; 166 u_char ip_protox[IPPROTO_MAX]; 167 struct in_ifaddrhead in_ifaddrhead; /* first inet address */ 168 struct in_ifaddrhashhead *in_ifaddrhashtbl; /* inet addr hash table */ 169 u_long in_ifaddrhmask; /* mask for hash table */ 170 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQMAXLEN, intr_queue_maxlen, CTLFLAG_RW, 171 &ipintrq.ifq_maxlen, 0, "Maximum size of the IP input queue"); 172 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQDROPS, intr_queue_drops, CTLFLAG_RD, 173 &ipintrq.ifq_drops, 0, "Number of packets dropped from the IP input queue"); 174 175 struct ipstat ipstat; 176 SYSCTL_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, 177 &ipstat, ipstat, "IP statistics (struct ipstat, netinet/ip_var.h)"); 178 179 /* Packet reassembly stuff */ 180 #define IPREASS_NHASH_LOG2 6 181 #define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2) 182 #define IPREASS_HMASK (IPREASS_NHASH - 1) 183 #define IPREASS_HASH(x,y) \ 184 (((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK) 185 186 static struct ipq ipq[IPREASS_NHASH]; 187 const int ipintrq_present = 1; 188 189 #ifdef IPCTL_DEFMTU 190 SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW, 191 &ip_mtu, 0, "Default MTU"); 192 #endif 193 194 #ifdef IPSTEALTH 195 static int ipstealth = 0; 196 SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, 197 &ipstealth, 0, ""); 198 #endif 199 200 201 /* Firewall hooks */ 202 ip_fw_chk_t *ip_fw_chk_ptr; 203 int fw_enable = 1 ; 204 int fw_one_pass = 1; 205 206 /* Dummynet hooks */ 207 ip_dn_io_t *ip_dn_io_ptr; 208 209 int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)) = NULL; 210 211 /* 212 * XXX this is ugly -- the following two global variables are 213 * used to store packet state while it travels through the stack. 214 * Note that the code even makes assumptions on the size and 215 * alignment of fields inside struct ip_srcrt so e.g. adding some 216 * fields will break the code. This needs to be fixed. 217 * 218 * We need to save the IP options in case a protocol wants to respond 219 * to an incoming packet over the same route if the packet got here 220 * using IP source routing. This allows connection establishment and 221 * maintenance when the remote end is on a network that is not known 222 * to us. 223 */ 224 static int ip_nhops = 0; 225 static struct ip_srcrt { 226 struct in_addr dst; /* final destination */ 227 char nop; /* one NOP to align */ 228 char srcopt[IPOPT_OFFSET + 1]; /* OPTVAL, OLEN and OFFSET */ 229 struct in_addr route[MAX_IPOPTLEN/sizeof(struct in_addr)]; 230 } ip_srcrt; 231 232 static void save_rte(u_char *, struct in_addr); 233 static int ip_dooptions(struct mbuf *m, int, 234 struct sockaddr_in *next_hop); 235 static void ip_forward(struct mbuf *m, int srcrt, 236 struct sockaddr_in *next_hop); 237 static void ip_freef(struct ipq *); 238 static struct mbuf *ip_reass(struct mbuf *, struct ipq *, 239 struct ipq *, u_int32_t *, u_int16_t *); 240 static void ipintr(void); 241 242 /* 243 * IP initialization: fill in IP protocol switch table. 244 * All protocols not implemented in kernel go to raw IP protocol handler. 245 */ 246 void 247 ip_init() 248 { 249 struct ipprotosw *pr; 250 int i; 251 252 TAILQ_INIT(&in_ifaddrhead); 253 in_ifaddrhashtbl = hashinit(INADDR_NHASH, M_IFADDR, &in_ifaddrhmask); 254 pr = (struct ipprotosw *)pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); 255 if (pr == 0) 256 panic("ip_init"); 257 for (i = 0; i < IPPROTO_MAX; i++) 258 ip_protox[i] = pr - inetsw; 259 for (pr = (struct ipprotosw *)inetdomain.dom_protosw; 260 pr < (struct ipprotosw *)inetdomain.dom_protoswNPROTOSW; pr++) 261 if (pr->pr_domain->dom_family == PF_INET && 262 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) 263 ip_protox[pr->pr_protocol] = pr - inetsw; 264 265 for (i = 0; i < IPREASS_NHASH; i++) 266 ipq[i].next = ipq[i].prev = &ipq[i]; 267 268 maxnipq = nmbclusters / 32; 269 maxfragsperpacket = 16; 270 271 #ifndef RANDOM_IP_ID 272 ip_id = time_second & 0xffff; 273 #endif 274 ipintrq.ifq_maxlen = ipqmaxlen; 275 276 register_netisr(NETISR_IP, ipintr); 277 } 278 279 /* 280 * XXX watch out this one. It is perhaps used as a cache for 281 * the most recently used route ? it is cleared in in_addroute() 282 * when a new route is successfully created. 283 */ 284 struct route ipforward_rt; 285 static struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; 286 287 /* 288 * Ip input routine. Checksum and byte swap header. If fragmented 289 * try to reassemble. Process options. Pass to next level. 290 */ 291 void 292 ip_input(struct mbuf *m) 293 { 294 struct ip *ip; 295 struct ipq *fp; 296 struct in_ifaddr *ia = NULL; 297 struct ifaddr *ifa; 298 int i, hlen, checkif; 299 u_short sum; 300 struct in_addr pkt_dst; 301 u_int32_t divert_info = 0; /* packet divert/tee info */ 302 struct ip_fw_args args; 303 #ifdef FAST_IPSEC 304 struct m_tag *mtag; 305 struct tdb_ident *tdbi; 306 struct secpolicy *sp; 307 int s, error; 308 #endif /* FAST_IPSEC */ 309 310 args.eh = NULL; 311 args.oif = NULL; 312 args.rule = NULL; 313 args.divert_rule = 0; /* divert cookie */ 314 args.next_hop = NULL; 315 316 /* Grab info from MT_TAG mbufs prepended to the chain. */ 317 for (; m && m->m_type == MT_TAG; m = m->m_next) { 318 switch(m->_m_tag_id) { 319 default: 320 printf("ip_input: unrecognised MT_TAG tag %d\n", 321 m->_m_tag_id); 322 break; 323 324 case PACKET_TAG_DUMMYNET: 325 args.rule = ((struct dn_pkt *)m)->rule; 326 break; 327 328 case PACKET_TAG_DIVERT: 329 args.divert_rule = (int)m->m_hdr.mh_data & 0xffff; 330 break; 331 332 case PACKET_TAG_IPFORWARD: 333 args.next_hop = (struct sockaddr_in *)m->m_hdr.mh_data; 334 break; 335 } 336 } 337 338 KASSERT(m != NULL && (m->m_flags & M_PKTHDR) != 0, 339 ("ip_input: no HDR")); 340 341 if (args.rule) { /* dummynet already filtered us */ 342 ip = mtod(m, struct ip *); 343 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 344 goto iphack ; 345 } 346 347 ipstat.ips_total++; 348 349 if (m->m_pkthdr.len < sizeof(struct ip)) 350 goto tooshort; 351 352 if (m->m_len < sizeof (struct ip) && 353 (m = m_pullup(m, sizeof (struct ip))) == 0) { 354 ipstat.ips_toosmall++; 355 return; 356 } 357 ip = mtod(m, struct ip *); 358 359 if (IP_VHL_V(ip->ip_vhl) != IPVERSION) { 360 ipstat.ips_badvers++; 361 goto bad; 362 } 363 364 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 365 if (hlen < sizeof(struct ip)) { /* minimum header length */ 366 ipstat.ips_badhlen++; 367 goto bad; 368 } 369 if (hlen > m->m_len) { 370 if ((m = m_pullup(m, hlen)) == 0) { 371 ipstat.ips_badhlen++; 372 return; 373 } 374 ip = mtod(m, struct ip *); 375 } 376 377 /* 127/8 must not appear on wire - RFC1122 */ 378 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || 379 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { 380 if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) { 381 ipstat.ips_badaddr++; 382 goto bad; 383 } 384 } 385 386 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 387 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 388 } else { 389 if (hlen == sizeof(struct ip)) { 390 sum = in_cksum_hdr(ip); 391 } else { 392 sum = in_cksum(m, hlen); 393 } 394 } 395 if (sum) { 396 ipstat.ips_badsum++; 397 goto bad; 398 } 399 400 /* 401 * Convert fields to host representation. 402 */ 403 ip->ip_len = ntohs(ip->ip_len); 404 if (ip->ip_len < hlen) { 405 ipstat.ips_badlen++; 406 goto bad; 407 } 408 ip->ip_off = ntohs(ip->ip_off); 409 410 /* 411 * Check that the amount of data in the buffers 412 * is as at least much as the IP header would have us expect. 413 * Trim mbufs if longer than we expect. 414 * Drop packet if shorter than we expect. 415 */ 416 if (m->m_pkthdr.len < ip->ip_len) { 417 tooshort: 418 ipstat.ips_tooshort++; 419 goto bad; 420 } 421 if (m->m_pkthdr.len > ip->ip_len) { 422 if (m->m_len == m->m_pkthdr.len) { 423 m->m_len = ip->ip_len; 424 m->m_pkthdr.len = ip->ip_len; 425 } else 426 m_adj(m, ip->ip_len - m->m_pkthdr.len); 427 } 428 #if defined(IPSEC) && !defined(IPSEC_FILTERGIF) 429 /* 430 * Bypass packet filtering for packets from a tunnel (gif). 431 */ 432 if (ipsec_gethist(m, NULL)) 433 goto pass; 434 #endif 435 436 /* 437 * IpHack's section. 438 * Right now when no processing on packet has done 439 * and it is still fresh out of network we do our black 440 * deals with it. 441 * - Firewall: deny/allow/divert 442 * - Xlate: translate packet's addr/port (NAT). 443 * - Pipe: pass pkt through dummynet. 444 * - Wrap: fake packet's addr/port <unimpl.> 445 * - Encapsulate: put it in another IP and send out. <unimp.> 446 */ 447 448 iphack: 449 /* 450 * Check if we want to allow this packet to be processed. 451 * Consider it to be bad if not. 452 */ 453 if (fr_checkp) { 454 struct mbuf *m1 = m; 455 456 if ((*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m1) || !m1) 457 return; 458 ip = mtod(m = m1, struct ip *); 459 } 460 if (fw_enable && IPFW_LOADED) { 461 /* 462 * If we've been forwarded from the output side, then 463 * skip the firewall a second time 464 */ 465 if (args.next_hop) 466 goto ours; 467 468 args.m = m; 469 i = ip_fw_chk_ptr(&args); 470 m = args.m; 471 472 if ( (i & IP_FW_PORT_DENY_FLAG) || m == NULL) { /* drop */ 473 if (m) 474 m_freem(m); 475 return; 476 } 477 ip = mtod(m, struct ip *); /* just in case m changed */ 478 if (i == 0 && args.next_hop == NULL) /* common case */ 479 goto pass; 480 if (DUMMYNET_LOADED && (i & IP_FW_PORT_DYNT_FLAG) != 0) { 481 /* Send packet to the appropriate pipe */ 482 ip_dn_io_ptr(m, i&0xffff, DN_TO_IP_IN, &args); 483 return; 484 } 485 #ifdef IPDIVERT 486 if (i != 0 && (i & IP_FW_PORT_DYNT_FLAG) == 0) { 487 /* Divert or tee packet */ 488 divert_info = i; 489 goto ours; 490 } 491 #endif 492 if (i == 0 && args.next_hop != NULL) 493 goto pass; 494 /* 495 * if we get here, the packet must be dropped 496 */ 497 m_freem(m); 498 return; 499 } 500 pass: 501 502 /* 503 * Process options and, if not destined for us, 504 * ship it on. ip_dooptions returns 1 when an 505 * error was detected (causing an icmp message 506 * to be sent and the original packet to be freed). 507 */ 508 ip_nhops = 0; /* for source routed packets */ 509 if (hlen > sizeof (struct ip) && ip_dooptions(m, 0, args.next_hop)) 510 return; 511 512 /* greedy RSVP, snatches any PATH packet of the RSVP protocol and no 513 * matter if it is destined to another node, or whether it is 514 * a multicast one, RSVP wants it! and prevents it from being forwarded 515 * anywhere else. Also checks if the rsvp daemon is running before 516 * grabbing the packet. 517 */ 518 if (rsvp_on && ip->ip_p==IPPROTO_RSVP) 519 goto ours; 520 521 /* 522 * Check our list of addresses, to see if the packet is for us. 523 * If we don't have any addresses, assume any unicast packet 524 * we receive might be for us (and let the upper layers deal 525 * with it). 526 */ 527 if (TAILQ_EMPTY(&in_ifaddrhead) && 528 (m->m_flags & (M_MCAST|M_BCAST)) == 0) 529 goto ours; 530 531 /* 532 * Cache the destination address of the packet; this may be 533 * changed by use of 'ipfw fwd'. 534 */ 535 pkt_dst = args.next_hop ? args.next_hop->sin_addr : ip->ip_dst; 536 537 /* 538 * Enable a consistency check between the destination address 539 * and the arrival interface for a unicast packet (the RFC 1122 540 * strong ES model) if IP forwarding is disabled and the packet 541 * is not locally generated and the packet is not subject to 542 * 'ipfw fwd'. 543 * 544 * XXX - Checking also should be disabled if the destination 545 * address is ipnat'ed to a different interface. 546 * 547 * XXX - Checking is incompatible with IP aliases added 548 * to the loopback interface instead of the interface where 549 * the packets are received. 550 */ 551 checkif = ip_checkinterface && (ipforwarding == 0) && 552 m->m_pkthdr.rcvif != NULL && 553 ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) && 554 (args.next_hop == NULL); 555 556 /* 557 * Check for exact addresses in the hash bucket. 558 */ 559 LIST_FOREACH(ia, INADDR_HASH(pkt_dst.s_addr), ia_hash) { 560 /* 561 * If the address matches, verify that the packet 562 * arrived via the correct interface if checking is 563 * enabled. 564 */ 565 if (IA_SIN(ia)->sin_addr.s_addr == pkt_dst.s_addr && 566 (!checkif || ia->ia_ifp == m->m_pkthdr.rcvif)) 567 goto ours; 568 } 569 /* 570 * Check for broadcast addresses. 571 * 572 * Only accept broadcast packets that arrive via the matching 573 * interface. Reception of forwarded directed broadcasts would 574 * be handled via ip_forward() and ether_output() with the loopback 575 * into the stack for SIMPLEX interfaces handled by ether_output(). 576 */ 577 if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { 578 TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) { 579 if (ifa->ifa_addr->sa_family != AF_INET) 580 continue; 581 ia = ifatoia(ifa); 582 if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr == 583 pkt_dst.s_addr) 584 goto ours; 585 if (ia->ia_netbroadcast.s_addr == pkt_dst.s_addr) 586 goto ours; 587 #ifdef BOOTP_COMPAT 588 if (IA_SIN(ia)->sin_addr.s_addr == INADDR_ANY) 589 goto ours; 590 #endif 591 } 592 } 593 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { 594 struct in_multi *inm; 595 if (ip_mrouter) { 596 /* 597 * If we are acting as a multicast router, all 598 * incoming multicast packets are passed to the 599 * kernel-level multicast forwarding function. 600 * The packet is returned (relatively) intact; if 601 * ip_mforward() returns a non-zero value, the packet 602 * must be discarded, else it may be accepted below. 603 */ 604 if (ip_mforward && 605 ip_mforward(ip, m->m_pkthdr.rcvif, m, 0) != 0) { 606 ipstat.ips_cantforward++; 607 m_freem(m); 608 return; 609 } 610 611 /* 612 * The process-level routing daemon needs to receive 613 * all multicast IGMP packets, whether or not this 614 * host belongs to their destination groups. 615 */ 616 if (ip->ip_p == IPPROTO_IGMP) 617 goto ours; 618 ipstat.ips_forward++; 619 } 620 /* 621 * See if we belong to the destination multicast group on the 622 * arrival interface. 623 */ 624 IN_LOOKUP_MULTI(ip->ip_dst, m->m_pkthdr.rcvif, inm); 625 if (inm == NULL) { 626 ipstat.ips_notmember++; 627 m_freem(m); 628 return; 629 } 630 goto ours; 631 } 632 if (ip->ip_dst.s_addr == (u_long)INADDR_BROADCAST) 633 goto ours; 634 if (ip->ip_dst.s_addr == INADDR_ANY) 635 goto ours; 636 637 /* 638 * FAITH(Firewall Aided Internet Translator) 639 */ 640 if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 641 if (ip_keepfaith) { 642 if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_ICMP) 643 goto ours; 644 } 645 m_freem(m); 646 return; 647 } 648 649 /* 650 * Not for us; forward if possible and desirable. 651 */ 652 if (ipforwarding == 0) { 653 ipstat.ips_cantforward++; 654 m_freem(m); 655 } else { 656 #ifdef IPSEC 657 /* 658 * Enforce inbound IPsec SPD. 659 */ 660 if (ipsec4_in_reject(m, NULL)) { 661 ipsecstat.in_polvio++; 662 goto bad; 663 } 664 #endif /* IPSEC */ 665 #ifdef FAST_IPSEC 666 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 667 s = splnet(); 668 if (mtag != NULL) { 669 tdbi = (struct tdb_ident *)(mtag + 1); 670 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 671 } else { 672 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 673 IP_FORWARDING, &error); 674 } 675 if (sp == NULL) { /* NB: can happen if error */ 676 splx(s); 677 /*XXX error stat???*/ 678 DPRINTF(("ip_input: no SP for forwarding\n")); /*XXX*/ 679 goto bad; 680 } 681 682 /* 683 * Check security policy against packet attributes. 684 */ 685 error = ipsec_in_reject(sp, m); 686 KEY_FREESP(&sp); 687 splx(s); 688 if (error) { 689 ipstat.ips_cantforward++; 690 goto bad; 691 } 692 #endif /* FAST_IPSEC */ 693 ip_forward(m, 0, args.next_hop); 694 } 695 return; 696 697 ours: 698 #ifdef IPSTEALTH 699 /* 700 * IPSTEALTH: Process non-routing options only 701 * if the packet is destined for us. 702 */ 703 if (ipstealth && hlen > sizeof (struct ip) && 704 ip_dooptions(m, 1, args.next_hop)) 705 return; 706 #endif /* IPSTEALTH */ 707 708 /* Count the packet in the ip address stats */ 709 if (ia != NULL) { 710 ia->ia_ifa.if_ipackets++; 711 ia->ia_ifa.if_ibytes += m->m_pkthdr.len; 712 } 713 714 /* 715 * If offset or IP_MF are set, must reassemble. 716 * Otherwise, nothing need be done. 717 * (We could look in the reassembly queue to see 718 * if the packet was previously fragmented, 719 * but it's not worth the time; just let them time out.) 720 */ 721 if (ip->ip_off & (IP_MF | IP_OFFMASK)) { 722 723 /* If maxnipq is 0, never accept fragments. */ 724 if (maxnipq == 0) { 725 ipstat.ips_fragments++; 726 ipstat.ips_fragdropped++; 727 goto bad; 728 } 729 730 sum = IPREASS_HASH(ip->ip_src.s_addr, ip->ip_id); 731 /* 732 * Look for queue of fragments 733 * of this datagram. 734 */ 735 for (fp = ipq[sum].next; fp != &ipq[sum]; fp = fp->next) 736 if (ip->ip_id == fp->ipq_id && 737 ip->ip_src.s_addr == fp->ipq_src.s_addr && 738 ip->ip_dst.s_addr == fp->ipq_dst.s_addr && 739 ip->ip_p == fp->ipq_p) 740 goto found; 741 742 fp = 0; 743 744 /* 745 * Enforce upper bound on number of fragmented packets 746 * for which we attempt reassembly; 747 * If maxnipq is -1, accept all fragments without limitation. 748 */ 749 if ((nipq > maxnipq) && (maxnipq > 0)) { 750 /* 751 * drop something from the tail of the current queue 752 * before proceeding further 753 */ 754 if (ipq[sum].prev == &ipq[sum]) { /* gak */ 755 for (i = 0; i < IPREASS_NHASH; i++) { 756 if (ipq[i].prev != &ipq[i]) { 757 ipstat.ips_fragtimeout += 758 ipq[i].prev->ipq_nfrags; 759 ip_freef(ipq[i].prev); 760 break; 761 } 762 } 763 } else { 764 ipstat.ips_fragtimeout += ipq[sum].prev->ipq_nfrags; 765 ip_freef(ipq[sum].prev); 766 } 767 } 768 found: 769 /* 770 * Adjust ip_len to not reflect header, 771 * convert offset of this to bytes. 772 */ 773 ip->ip_len -= hlen; 774 if (ip->ip_off & IP_MF) { 775 /* 776 * Make sure that fragments have a data length 777 * that's a non-zero multiple of 8 bytes. 778 */ 779 if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) { 780 ipstat.ips_toosmall++; /* XXX */ 781 goto bad; 782 } 783 m->m_flags |= M_FRAG; 784 } else 785 m->m_flags &= ~M_FRAG; 786 ip->ip_off <<= 3; 787 788 /* 789 * Attempt reassembly; if it succeeds, proceed. 790 * ip_reass() will return a different mbuf, and update 791 * the divert info in divert_info and args.divert_rule. 792 */ 793 ipstat.ips_fragments++; 794 m->m_pkthdr.header = ip; 795 m = ip_reass(m, 796 fp, &ipq[sum], &divert_info, &args.divert_rule); 797 if (m == 0) 798 return; 799 ipstat.ips_reassembled++; 800 ip = mtod(m, struct ip *); 801 /* Get the header length of the reassembled packet */ 802 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 803 #ifdef IPDIVERT 804 /* Restore original checksum before diverting packet */ 805 if (divert_info != 0) { 806 ip->ip_len += hlen; 807 ip->ip_len = htons(ip->ip_len); 808 ip->ip_off = htons(ip->ip_off); 809 ip->ip_sum = 0; 810 if (hlen == sizeof(struct ip)) 811 ip->ip_sum = in_cksum_hdr(ip); 812 else 813 ip->ip_sum = in_cksum(m, hlen); 814 ip->ip_off = ntohs(ip->ip_off); 815 ip->ip_len = ntohs(ip->ip_len); 816 ip->ip_len -= hlen; 817 } 818 #endif 819 } else 820 ip->ip_len -= hlen; 821 822 #ifdef IPDIVERT 823 /* 824 * Divert or tee packet to the divert protocol if required. 825 */ 826 if (divert_info != 0) { 827 struct mbuf *clone = NULL; 828 829 /* Clone packet if we're doing a 'tee' */ 830 if ((divert_info & IP_FW_PORT_TEE_FLAG) != 0) 831 clone = m_dup(m, M_DONTWAIT); 832 833 /* Restore packet header fields to original values */ 834 ip->ip_len += hlen; 835 ip->ip_len = htons(ip->ip_len); 836 ip->ip_off = htons(ip->ip_off); 837 838 /* Deliver packet to divert input routine */ 839 divert_packet(m, 1, divert_info & 0xffff, args.divert_rule); 840 ipstat.ips_delivered++; 841 842 /* If 'tee', continue with original packet */ 843 if (clone == NULL) 844 return; 845 m = clone; 846 ip = mtod(m, struct ip *); 847 ip->ip_len += hlen; 848 /* 849 * Jump backwards to complete processing of the 850 * packet. But first clear divert_info to avoid 851 * entering this block again. 852 * We do not need to clear args.divert_rule 853 * or args.next_hop as they will not be used. 854 */ 855 divert_info = 0; 856 goto pass; 857 } 858 #endif 859 860 #ifdef IPSEC 861 /* 862 * enforce IPsec policy checking if we are seeing last header. 863 * note that we do not visit this with protocols with pcb layer 864 * code - like udp/tcp/raw ip. 865 */ 866 if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && 867 ipsec4_in_reject(m, NULL)) { 868 ipsecstat.in_polvio++; 869 goto bad; 870 } 871 #endif 872 #if FAST_IPSEC 873 /* 874 * enforce IPsec policy checking if we are seeing last header. 875 * note that we do not visit this with protocols with pcb layer 876 * code - like udp/tcp/raw ip. 877 */ 878 if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0) { 879 /* 880 * Check if the packet has already had IPsec processing 881 * done. If so, then just pass it along. This tag gets 882 * set during AH, ESP, etc. input handling, before the 883 * packet is returned to the ip input queue for delivery. 884 */ 885 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 886 s = splnet(); 887 if (mtag != NULL) { 888 tdbi = (struct tdb_ident *)(mtag + 1); 889 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 890 } else { 891 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 892 IP_FORWARDING, &error); 893 } 894 if (sp != NULL) { 895 /* 896 * Check security policy against packet attributes. 897 */ 898 error = ipsec_in_reject(sp, m); 899 KEY_FREESP(&sp); 900 } else { 901 /* XXX error stat??? */ 902 error = EINVAL; 903 DPRINTF(("ip_input: no SP, packet discarded\n"));/*XXX*/ 904 goto bad; 905 } 906 splx(s); 907 if (error) 908 goto bad; 909 } 910 #endif /* FAST_IPSEC */ 911 912 /* 913 * Switch out to protocol's input routine. 914 */ 915 ipstat.ips_delivered++; 916 if (args.next_hop && ip->ip_p == IPPROTO_TCP) { 917 /* TCP needs IPFORWARD info if available */ 918 struct m_hdr tag; 919 920 tag.mh_type = MT_TAG; 921 tag.mh_flags = PACKET_TAG_IPFORWARD; 922 tag.mh_data = (caddr_t)args.next_hop; 923 tag.mh_next = m; 924 925 (*inetsw[ip_protox[ip->ip_p]].pr_input)( 926 (struct mbuf *)&tag, hlen, ip->ip_p); 927 } else 928 (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen, ip->ip_p); 929 return; 930 bad: 931 m_freem(m); 932 } 933 934 /* 935 * IP software interrupt routine - to go away sometime soon 936 */ 937 static void 938 ipintr(void) 939 { 940 int s; 941 struct mbuf *m; 942 943 while(1) { 944 s = splimp(); 945 IF_DEQUEUE(&ipintrq, m); 946 splx(s); 947 if (m == 0) 948 return; 949 ip_input(m); 950 } 951 } 952 953 /* 954 * Take incoming datagram fragment and try to reassemble it into 955 * whole datagram. If a chain for reassembly of this datagram already 956 * exists, then it is given as fp; otherwise have to make a chain. 957 * 958 * When IPDIVERT enabled, keep additional state with each packet that 959 * tells us if we need to divert or tee the packet we're building. 960 * In particular, *divinfo includes the port and TEE flag, 961 * *divert_rule is the number of the matching rule. 962 */ 963 964 static struct mbuf * 965 ip_reass(struct mbuf *m, struct ipq *fp, struct ipq *where, 966 u_int32_t *divinfo, u_int16_t *divert_rule) 967 { 968 struct ip *ip = mtod(m, struct ip *); 969 struct mbuf *p = 0, *q, *nq; 970 struct mbuf *t; 971 int hlen = IP_VHL_HL(ip->ip_vhl) << 2; 972 int i, next; 973 974 /* 975 * Presence of header sizes in mbufs 976 * would confuse code below. 977 */ 978 m->m_data += hlen; 979 m->m_len -= hlen; 980 981 /* 982 * If first fragment to arrive, create a reassembly queue. 983 */ 984 if (fp == 0) { 985 if ((t = m_get(M_DONTWAIT, MT_FTABLE)) == NULL) 986 goto dropfrag; 987 fp = mtod(t, struct ipq *); 988 insque(fp, where); 989 nipq++; 990 fp->ipq_nfrags = 1; 991 fp->ipq_ttl = IPFRAGTTL; 992 fp->ipq_p = ip->ip_p; 993 fp->ipq_id = ip->ip_id; 994 fp->ipq_src = ip->ip_src; 995 fp->ipq_dst = ip->ip_dst; 996 fp->ipq_frags = m; 997 m->m_nextpkt = NULL; 998 #ifdef IPDIVERT 999 fp->ipq_div_info = 0; 1000 fp->ipq_div_cookie = 0; 1001 #endif 1002 goto inserted; 1003 } else { 1004 fp->ipq_nfrags++; 1005 } 1006 1007 #define GETIP(m) ((struct ip*)((m)->m_pkthdr.header)) 1008 1009 /* 1010 * Find a segment which begins after this one does. 1011 */ 1012 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) 1013 if (GETIP(q)->ip_off > ip->ip_off) 1014 break; 1015 1016 /* 1017 * If there is a preceding segment, it may provide some of 1018 * our data already. If so, drop the data from the incoming 1019 * segment. If it provides all of our data, drop us, otherwise 1020 * stick new segment in the proper place. 1021 * 1022 * If some of the data is dropped from the the preceding 1023 * segment, then it's checksum is invalidated. 1024 */ 1025 if (p) { 1026 i = GETIP(p)->ip_off + GETIP(p)->ip_len - ip->ip_off; 1027 if (i > 0) { 1028 if (i >= ip->ip_len) 1029 goto dropfrag; 1030 m_adj(m, i); 1031 m->m_pkthdr.csum_flags = 0; 1032 ip->ip_off += i; 1033 ip->ip_len -= i; 1034 } 1035 m->m_nextpkt = p->m_nextpkt; 1036 p->m_nextpkt = m; 1037 } else { 1038 m->m_nextpkt = fp->ipq_frags; 1039 fp->ipq_frags = m; 1040 } 1041 1042 /* 1043 * While we overlap succeeding segments trim them or, 1044 * if they are completely covered, dequeue them. 1045 */ 1046 for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off; 1047 q = nq) { 1048 i = (ip->ip_off + ip->ip_len) - 1049 GETIP(q)->ip_off; 1050 if (i < GETIP(q)->ip_len) { 1051 GETIP(q)->ip_len -= i; 1052 GETIP(q)->ip_off += i; 1053 m_adj(q, i); 1054 q->m_pkthdr.csum_flags = 0; 1055 break; 1056 } 1057 nq = q->m_nextpkt; 1058 m->m_nextpkt = nq; 1059 ipstat.ips_fragdropped++; 1060 fp->ipq_nfrags--; 1061 m_freem(q); 1062 } 1063 1064 inserted: 1065 1066 #ifdef IPDIVERT 1067 /* 1068 * Transfer firewall instructions to the fragment structure. 1069 * Only trust info in the fragment at offset 0. 1070 */ 1071 if (ip->ip_off == 0) { 1072 fp->ipq_div_info = *divinfo; 1073 fp->ipq_div_cookie = *divert_rule; 1074 } 1075 *divinfo = 0; 1076 *divert_rule = 0; 1077 #endif 1078 1079 /* 1080 * Check for complete reassembly and perform frag per packet 1081 * limiting. 1082 * 1083 * Frag limiting is performed here so that the nth frag has 1084 * a chance to complete the packet before we drop the packet. 1085 * As a result, n+1 frags are actually allowed per packet, but 1086 * only n will ever be stored. (n = maxfragsperpacket.) 1087 * 1088 */ 1089 next = 0; 1090 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) { 1091 if (GETIP(q)->ip_off != next) { 1092 if (fp->ipq_nfrags > maxfragsperpacket) { 1093 ipstat.ips_fragdropped += fp->ipq_nfrags; 1094 ip_freef(fp); 1095 } 1096 return (0); 1097 } 1098 next += GETIP(q)->ip_len; 1099 } 1100 /* Make sure the last packet didn't have the IP_MF flag */ 1101 if (p->m_flags & M_FRAG) { 1102 if (fp->ipq_nfrags > maxfragsperpacket) { 1103 ipstat.ips_fragdropped += fp->ipq_nfrags; 1104 ip_freef(fp); 1105 } 1106 return (0); 1107 } 1108 1109 /* 1110 * Reassembly is complete. Make sure the packet is a sane size. 1111 */ 1112 q = fp->ipq_frags; 1113 ip = GETIP(q); 1114 if (next + (IP_VHL_HL(ip->ip_vhl) << 2) > IP_MAXPACKET) { 1115 ipstat.ips_toolong++; 1116 ipstat.ips_fragdropped += fp->ipq_nfrags; 1117 ip_freef(fp); 1118 return (0); 1119 } 1120 1121 /* 1122 * Concatenate fragments. 1123 */ 1124 m = q; 1125 t = m->m_next; 1126 m->m_next = 0; 1127 m_cat(m, t); 1128 nq = q->m_nextpkt; 1129 q->m_nextpkt = 0; 1130 for (q = nq; q != NULL; q = nq) { 1131 nq = q->m_nextpkt; 1132 q->m_nextpkt = NULL; 1133 m->m_pkthdr.csum_flags &= q->m_pkthdr.csum_flags; 1134 m->m_pkthdr.csum_data += q->m_pkthdr.csum_data; 1135 m_cat(m, q); 1136 } 1137 1138 #ifdef IPDIVERT 1139 /* 1140 * Extract firewall instructions from the fragment structure. 1141 */ 1142 *divinfo = fp->ipq_div_info; 1143 *divert_rule = fp->ipq_div_cookie; 1144 #endif 1145 1146 /* 1147 * Create header for new ip packet by 1148 * modifying header of first packet; 1149 * dequeue and discard fragment reassembly header. 1150 * Make header visible. 1151 */ 1152 ip->ip_len = next; 1153 ip->ip_src = fp->ipq_src; 1154 ip->ip_dst = fp->ipq_dst; 1155 remque(fp); 1156 nipq--; 1157 (void) m_free(dtom(fp)); 1158 m->m_len += (IP_VHL_HL(ip->ip_vhl) << 2); 1159 m->m_data -= (IP_VHL_HL(ip->ip_vhl) << 2); 1160 /* some debugging cruft by sklower, below, will go away soon */ 1161 if (m->m_flags & M_PKTHDR) { /* XXX this should be done elsewhere */ 1162 int plen = 0; 1163 for (t = m; t; t = t->m_next) 1164 plen += t->m_len; 1165 m->m_pkthdr.len = plen; 1166 } 1167 return (m); 1168 1169 dropfrag: 1170 #ifdef IPDIVERT 1171 *divinfo = 0; 1172 *divert_rule = 0; 1173 #endif 1174 ipstat.ips_fragdropped++; 1175 if (fp != 0) 1176 fp->ipq_nfrags--; 1177 m_freem(m); 1178 return (0); 1179 1180 #undef GETIP 1181 } 1182 1183 /* 1184 * Free a fragment reassembly header and all 1185 * associated datagrams. 1186 */ 1187 static void 1188 ip_freef(fp) 1189 struct ipq *fp; 1190 { 1191 struct mbuf *q; 1192 1193 while (fp->ipq_frags) { 1194 q = fp->ipq_frags; 1195 fp->ipq_frags = q->m_nextpkt; 1196 m_freem(q); 1197 } 1198 remque(fp); 1199 (void) m_free(dtom(fp)); 1200 nipq--; 1201 } 1202 1203 /* 1204 * IP timer processing; 1205 * if a timer expires on a reassembly 1206 * queue, discard it. 1207 */ 1208 void 1209 ip_slowtimo() 1210 { 1211 struct ipq *fp; 1212 int s = splnet(); 1213 int i; 1214 1215 for (i = 0; i < IPREASS_NHASH; i++) { 1216 fp = ipq[i].next; 1217 if (fp == 0) 1218 continue; 1219 while (fp != &ipq[i]) { 1220 --fp->ipq_ttl; 1221 fp = fp->next; 1222 if (fp->prev->ipq_ttl == 0) { 1223 ipstat.ips_fragtimeout += fp->prev->ipq_nfrags; 1224 ip_freef(fp->prev); 1225 } 1226 } 1227 } 1228 /* 1229 * If we are over the maximum number of fragments 1230 * (due to the limit being lowered), drain off 1231 * enough to get down to the new limit. 1232 */ 1233 if (maxnipq >= 0 && nipq > maxnipq) { 1234 for (i = 0; i < IPREASS_NHASH; i++) { 1235 while (nipq > maxnipq && 1236 (ipq[i].next != &ipq[i])) { 1237 ipstat.ips_fragdropped += 1238 ipq[i].next->ipq_nfrags; 1239 ip_freef(ipq[i].next); 1240 } 1241 } 1242 } 1243 ipflow_slowtimo(); 1244 splx(s); 1245 } 1246 1247 /* 1248 * Drain off all datagram fragments. 1249 */ 1250 void 1251 ip_drain() 1252 { 1253 int i; 1254 1255 for (i = 0; i < IPREASS_NHASH; i++) { 1256 while (ipq[i].next != &ipq[i]) { 1257 ipstat.ips_fragdropped += ipq[i].next->ipq_nfrags; 1258 ip_freef(ipq[i].next); 1259 } 1260 } 1261 in_rtqdrain(); 1262 } 1263 1264 /* 1265 * Do option processing on a datagram, 1266 * possibly discarding it if bad options are encountered, 1267 * or forwarding it if source-routed. 1268 * The pass argument is used when operating in the IPSTEALTH 1269 * mode to tell what options to process: 1270 * [LS]SRR (pass 0) or the others (pass 1). 1271 * The reason for as many as two passes is that when doing IPSTEALTH, 1272 * non-routing options should be processed only if the packet is for us. 1273 * Returns 1 if packet has been forwarded/freed, 1274 * 0 if the packet should be processed further. 1275 */ 1276 static int 1277 ip_dooptions(struct mbuf *m, int pass, struct sockaddr_in *next_hop) 1278 { 1279 struct ip *ip = mtod(m, struct ip *); 1280 u_char *cp; 1281 struct in_ifaddr *ia; 1282 int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0; 1283 struct in_addr *sin, dst; 1284 n_time ntime; 1285 1286 dst = ip->ip_dst; 1287 cp = (u_char *)(ip + 1); 1288 cnt = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof (struct ip); 1289 for (; cnt > 0; cnt -= optlen, cp += optlen) { 1290 opt = cp[IPOPT_OPTVAL]; 1291 if (opt == IPOPT_EOL) 1292 break; 1293 if (opt == IPOPT_NOP) 1294 optlen = 1; 1295 else { 1296 if (cnt < IPOPT_OLEN + sizeof(*cp)) { 1297 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1298 goto bad; 1299 } 1300 optlen = cp[IPOPT_OLEN]; 1301 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { 1302 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1303 goto bad; 1304 } 1305 } 1306 switch (opt) { 1307 1308 default: 1309 break; 1310 1311 /* 1312 * Source routing with record. 1313 * Find interface with current destination address. 1314 * If none on this machine then drop if strictly routed, 1315 * or do nothing if loosely routed. 1316 * Record interface address and bring up next address 1317 * component. If strictly routed make sure next 1318 * address is on directly accessible net. 1319 */ 1320 case IPOPT_LSRR: 1321 case IPOPT_SSRR: 1322 #ifdef IPSTEALTH 1323 if (ipstealth && pass > 0) 1324 break; 1325 #endif 1326 if (optlen < IPOPT_OFFSET + sizeof(*cp)) { 1327 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1328 goto bad; 1329 } 1330 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { 1331 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1332 goto bad; 1333 } 1334 ipaddr.sin_addr = ip->ip_dst; 1335 ia = (struct in_ifaddr *) 1336 ifa_ifwithaddr((struct sockaddr *)&ipaddr); 1337 if (ia == 0) { 1338 if (opt == IPOPT_SSRR) { 1339 type = ICMP_UNREACH; 1340 code = ICMP_UNREACH_SRCFAIL; 1341 goto bad; 1342 } 1343 if (!ip_dosourceroute) 1344 goto nosourcerouting; 1345 /* 1346 * Loose routing, and not at next destination 1347 * yet; nothing to do except forward. 1348 */ 1349 break; 1350 } 1351 off--; /* 0 origin */ 1352 if (off > optlen - (int)sizeof(struct in_addr)) { 1353 /* 1354 * End of source route. Should be for us. 1355 */ 1356 if (!ip_acceptsourceroute) 1357 goto nosourcerouting; 1358 save_rte(cp, ip->ip_src); 1359 break; 1360 } 1361 #ifdef IPSTEALTH 1362 if (ipstealth) 1363 goto dropit; 1364 #endif 1365 if (!ip_dosourceroute) { 1366 if (ipforwarding) { 1367 char buf[16]; /* aaa.bbb.ccc.ddd\0 */ 1368 /* 1369 * Acting as a router, so generate ICMP 1370 */ 1371 nosourcerouting: 1372 strcpy(buf, inet_ntoa(ip->ip_dst)); 1373 log(LOG_WARNING, 1374 "attempted source route from %s to %s\n", 1375 inet_ntoa(ip->ip_src), buf); 1376 type = ICMP_UNREACH; 1377 code = ICMP_UNREACH_SRCFAIL; 1378 goto bad; 1379 } else { 1380 /* 1381 * Not acting as a router, so silently drop. 1382 */ 1383 #ifdef IPSTEALTH 1384 dropit: 1385 #endif 1386 ipstat.ips_cantforward++; 1387 m_freem(m); 1388 return (1); 1389 } 1390 } 1391 1392 /* 1393 * locate outgoing interface 1394 */ 1395 (void)memcpy(&ipaddr.sin_addr, cp + off, 1396 sizeof(ipaddr.sin_addr)); 1397 1398 if (opt == IPOPT_SSRR) { 1399 #define INA struct in_ifaddr * 1400 #define SA struct sockaddr * 1401 if ((ia = (INA)ifa_ifwithdstaddr((SA)&ipaddr)) == 0) 1402 ia = (INA)ifa_ifwithnet((SA)&ipaddr); 1403 } else 1404 ia = ip_rtaddr(ipaddr.sin_addr, &ipforward_rt); 1405 if (ia == 0) { 1406 type = ICMP_UNREACH; 1407 code = ICMP_UNREACH_SRCFAIL; 1408 goto bad; 1409 } 1410 ip->ip_dst = ipaddr.sin_addr; 1411 (void)memcpy(cp + off, &(IA_SIN(ia)->sin_addr), 1412 sizeof(struct in_addr)); 1413 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1414 /* 1415 * Let ip_intr's mcast routing check handle mcast pkts 1416 */ 1417 forward = !IN_MULTICAST(ntohl(ip->ip_dst.s_addr)); 1418 break; 1419 1420 case IPOPT_RR: 1421 #ifdef IPSTEALTH 1422 if (ipstealth && pass == 0) 1423 break; 1424 #endif 1425 if (optlen < IPOPT_OFFSET + sizeof(*cp)) { 1426 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1427 goto bad; 1428 } 1429 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { 1430 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1431 goto bad; 1432 } 1433 /* 1434 * If no space remains, ignore. 1435 */ 1436 off--; /* 0 origin */ 1437 if (off > optlen - (int)sizeof(struct in_addr)) 1438 break; 1439 (void)memcpy(&ipaddr.sin_addr, &ip->ip_dst, 1440 sizeof(ipaddr.sin_addr)); 1441 /* 1442 * locate outgoing interface; if we're the destination, 1443 * use the incoming interface (should be same). 1444 */ 1445 if ((ia = (INA)ifa_ifwithaddr((SA)&ipaddr)) == 0 && 1446 (ia = ip_rtaddr(ipaddr.sin_addr, 1447 &ipforward_rt)) == 0) { 1448 type = ICMP_UNREACH; 1449 code = ICMP_UNREACH_HOST; 1450 goto bad; 1451 } 1452 (void)memcpy(cp + off, &(IA_SIN(ia)->sin_addr), 1453 sizeof(struct in_addr)); 1454 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1455 break; 1456 1457 case IPOPT_TS: 1458 #ifdef IPSTEALTH 1459 if (ipstealth && pass == 0) 1460 break; 1461 #endif 1462 code = cp - (u_char *)ip; 1463 if (optlen < 4 || optlen > 40) { 1464 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1465 goto bad; 1466 } 1467 if ((off = cp[IPOPT_OFFSET]) < 5) { 1468 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1469 goto bad; 1470 } 1471 if (off > optlen - (int)sizeof(int32_t)) { 1472 cp[IPOPT_OFFSET + 1] += (1 << 4); 1473 if ((cp[IPOPT_OFFSET + 1] & 0xf0) == 0) { 1474 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1475 goto bad; 1476 } 1477 break; 1478 } 1479 off--; /* 0 origin */ 1480 sin = (struct in_addr *)(cp + off); 1481 switch (cp[IPOPT_OFFSET + 1] & 0x0f) { 1482 1483 case IPOPT_TS_TSONLY: 1484 break; 1485 1486 case IPOPT_TS_TSANDADDR: 1487 if (off + sizeof(n_time) + 1488 sizeof(struct in_addr) > optlen) { 1489 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1490 goto bad; 1491 } 1492 ipaddr.sin_addr = dst; 1493 ia = (INA)ifaof_ifpforaddr((SA)&ipaddr, 1494 m->m_pkthdr.rcvif); 1495 if (ia == 0) 1496 continue; 1497 (void)memcpy(sin, &IA_SIN(ia)->sin_addr, 1498 sizeof(struct in_addr)); 1499 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1500 off += sizeof(struct in_addr); 1501 break; 1502 1503 case IPOPT_TS_PRESPEC: 1504 if (off + sizeof(n_time) + 1505 sizeof(struct in_addr) > optlen) { 1506 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1507 goto bad; 1508 } 1509 (void)memcpy(&ipaddr.sin_addr, sin, 1510 sizeof(struct in_addr)); 1511 if (ifa_ifwithaddr((SA)&ipaddr) == 0) 1512 continue; 1513 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1514 off += sizeof(struct in_addr); 1515 break; 1516 1517 default: 1518 code = &cp[IPOPT_OFFSET + 1] - (u_char *)ip; 1519 goto bad; 1520 } 1521 ntime = iptime(); 1522 (void)memcpy(cp + off, &ntime, sizeof(n_time)); 1523 cp[IPOPT_OFFSET] += sizeof(n_time); 1524 } 1525 } 1526 if (forward && ipforwarding) { 1527 ip_forward(m, 1, next_hop); 1528 return (1); 1529 } 1530 return (0); 1531 bad: 1532 icmp_error(m, type, code, 0, 0); 1533 ipstat.ips_badoptions++; 1534 return (1); 1535 } 1536 1537 /* 1538 * Given address of next destination (final or next hop), 1539 * return internet address info of interface to be used to get there. 1540 */ 1541 struct in_ifaddr * 1542 ip_rtaddr(dst, rt) 1543 struct in_addr dst; 1544 struct route *rt; 1545 { 1546 struct sockaddr_in *sin; 1547 1548 sin = (struct sockaddr_in *)&rt->ro_dst; 1549 1550 if (rt->ro_rt == 0 || 1551 dst.s_addr != sin->sin_addr.s_addr) { 1552 if (rt->ro_rt) { 1553 RTFREE(rt->ro_rt); 1554 rt->ro_rt = 0; 1555 } 1556 sin->sin_family = AF_INET; 1557 sin->sin_len = sizeof(*sin); 1558 sin->sin_addr = dst; 1559 1560 rtalloc_ign(rt, RTF_PRCLONING); 1561 } 1562 if (rt->ro_rt == 0) 1563 return ((struct in_ifaddr *)0); 1564 return (ifatoia(rt->ro_rt->rt_ifa)); 1565 } 1566 1567 /* 1568 * Save incoming source route for use in replies, 1569 * to be picked up later by ip_srcroute if the receiver is interested. 1570 */ 1571 void 1572 save_rte(option, dst) 1573 u_char *option; 1574 struct in_addr dst; 1575 { 1576 unsigned olen; 1577 1578 olen = option[IPOPT_OLEN]; 1579 #ifdef DIAGNOSTIC 1580 if (ipprintfs) 1581 printf("save_rte: olen %d\n", olen); 1582 #endif 1583 if (olen > sizeof(ip_srcrt) - (1 + sizeof(dst))) 1584 return; 1585 bcopy(option, ip_srcrt.srcopt, olen); 1586 ip_nhops = (olen - IPOPT_OFFSET - 1) / sizeof(struct in_addr); 1587 ip_srcrt.dst = dst; 1588 } 1589 1590 /* 1591 * Retrieve incoming source route for use in replies, 1592 * in the same form used by setsockopt. 1593 * The first hop is placed before the options, will be removed later. 1594 */ 1595 struct mbuf * 1596 ip_srcroute() 1597 { 1598 struct in_addr *p, *q; 1599 struct mbuf *m; 1600 1601 if (ip_nhops == 0) 1602 return ((struct mbuf *)0); 1603 m = m_get(M_DONTWAIT, MT_HEADER); 1604 if (m == 0) 1605 return ((struct mbuf *)0); 1606 1607 #define OPTSIZ (sizeof(ip_srcrt.nop) + sizeof(ip_srcrt.srcopt)) 1608 1609 /* length is (nhops+1)*sizeof(addr) + sizeof(nop + srcrt header) */ 1610 m->m_len = ip_nhops * sizeof(struct in_addr) + sizeof(struct in_addr) + 1611 OPTSIZ; 1612 #ifdef DIAGNOSTIC 1613 if (ipprintfs) 1614 printf("ip_srcroute: nhops %d mlen %d", ip_nhops, m->m_len); 1615 #endif 1616 1617 /* 1618 * First save first hop for return route 1619 */ 1620 p = &ip_srcrt.route[ip_nhops - 1]; 1621 *(mtod(m, struct in_addr *)) = *p--; 1622 #ifdef DIAGNOSTIC 1623 if (ipprintfs) 1624 printf(" hops %lx", (u_long)ntohl(mtod(m, struct in_addr *)->s_addr)); 1625 #endif 1626 1627 /* 1628 * Copy option fields and padding (nop) to mbuf. 1629 */ 1630 ip_srcrt.nop = IPOPT_NOP; 1631 ip_srcrt.srcopt[IPOPT_OFFSET] = IPOPT_MINOFF; 1632 (void)memcpy(mtod(m, caddr_t) + sizeof(struct in_addr), 1633 &ip_srcrt.nop, OPTSIZ); 1634 q = (struct in_addr *)(mtod(m, caddr_t) + 1635 sizeof(struct in_addr) + OPTSIZ); 1636 #undef OPTSIZ 1637 /* 1638 * Record return path as an IP source route, 1639 * reversing the path (pointers are now aligned). 1640 */ 1641 while (p >= ip_srcrt.route) { 1642 #ifdef DIAGNOSTIC 1643 if (ipprintfs) 1644 printf(" %lx", (u_long)ntohl(q->s_addr)); 1645 #endif 1646 *q++ = *p--; 1647 } 1648 /* 1649 * Last hop goes to final destination. 1650 */ 1651 *q = ip_srcrt.dst; 1652 #ifdef DIAGNOSTIC 1653 if (ipprintfs) 1654 printf(" %lx\n", (u_long)ntohl(q->s_addr)); 1655 #endif 1656 return (m); 1657 } 1658 1659 /* 1660 * Strip out IP options, at higher 1661 * level protocol in the kernel. 1662 * Second argument is buffer to which options 1663 * will be moved, and return value is their length. 1664 * XXX should be deleted; last arg currently ignored. 1665 */ 1666 void 1667 ip_stripoptions(m, mopt) 1668 struct mbuf *m; 1669 struct mbuf *mopt; 1670 { 1671 int i; 1672 struct ip *ip = mtod(m, struct ip *); 1673 caddr_t opts; 1674 int olen; 1675 1676 olen = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof (struct ip); 1677 opts = (caddr_t)(ip + 1); 1678 i = m->m_len - (sizeof (struct ip) + olen); 1679 bcopy(opts + olen, opts, (unsigned)i); 1680 m->m_len -= olen; 1681 if (m->m_flags & M_PKTHDR) 1682 m->m_pkthdr.len -= olen; 1683 ip->ip_vhl = IP_MAKE_VHL(IPVERSION, sizeof(struct ip) >> 2); 1684 } 1685 1686 u_char inetctlerrmap[PRC_NCMDS] = { 1687 0, 0, 0, 0, 1688 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1689 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1690 EMSGSIZE, EHOSTUNREACH, 0, 0, 1691 0, 0, 0, 0, 1692 ENOPROTOOPT, ECONNREFUSED 1693 }; 1694 1695 /* 1696 * Forward a packet. If some error occurs return the sender 1697 * an icmp packet. Note we can't always generate a meaningful 1698 * icmp message because icmp doesn't have a large enough repertoire 1699 * of codes and types. 1700 * 1701 * If not forwarding, just drop the packet. This could be confusing 1702 * if ipforwarding was zero but some routing protocol was advancing 1703 * us as a gateway to somewhere. However, we must let the routing 1704 * protocol deal with that. 1705 * 1706 * The srcrt parameter indicates whether the packet is being forwarded 1707 * via a source route. 1708 */ 1709 static void 1710 ip_forward(struct mbuf *m, int srcrt, struct sockaddr_in *next_hop) 1711 { 1712 struct ip *ip = mtod(m, struct ip *); 1713 struct sockaddr_in *sin; 1714 struct rtentry *rt; 1715 int error, type = 0, code = 0; 1716 struct mbuf *mcopy; 1717 n_long dest; 1718 struct in_addr pkt_dst; 1719 struct ifnet *destifp; 1720 #if defined(IPSEC) || defined(FAST_IPSEC) 1721 struct ifnet dummyifp; 1722 #endif 1723 1724 dest = 0; 1725 /* 1726 * Cache the destination address of the packet; this may be 1727 * changed by use of 'ipfw fwd'. 1728 */ 1729 pkt_dst = next_hop ? next_hop->sin_addr : ip->ip_dst; 1730 1731 #ifdef DIAGNOSTIC 1732 if (ipprintfs) 1733 printf("forward: src %lx dst %lx ttl %x\n", 1734 (u_long)ip->ip_src.s_addr, (u_long)pkt_dst.s_addr, 1735 ip->ip_ttl); 1736 #endif 1737 1738 1739 if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(pkt_dst) == 0) { 1740 ipstat.ips_cantforward++; 1741 m_freem(m); 1742 return; 1743 } 1744 #ifdef IPSTEALTH 1745 if (!ipstealth) { 1746 #endif 1747 if (ip->ip_ttl <= IPTTLDEC) { 1748 icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, 1749 dest, 0); 1750 return; 1751 } 1752 #ifdef IPSTEALTH 1753 } 1754 #endif 1755 1756 sin = (struct sockaddr_in *)&ipforward_rt.ro_dst; 1757 if ((rt = ipforward_rt.ro_rt) == 0 || 1758 pkt_dst.s_addr != sin->sin_addr.s_addr) { 1759 if (ipforward_rt.ro_rt) { 1760 RTFREE(ipforward_rt.ro_rt); 1761 ipforward_rt.ro_rt = 0; 1762 } 1763 sin->sin_family = AF_INET; 1764 sin->sin_len = sizeof(*sin); 1765 sin->sin_addr = pkt_dst; 1766 1767 rtalloc_ign(&ipforward_rt, RTF_PRCLONING); 1768 if (ipforward_rt.ro_rt == 0) { 1769 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, dest, 0); 1770 return; 1771 } 1772 rt = ipforward_rt.ro_rt; 1773 } 1774 1775 /* 1776 * Save the IP header and at most 8 bytes of the payload, 1777 * in case we need to generate an ICMP message to the src. 1778 * 1779 * XXX this can be optimized a lot by saving the data in a local 1780 * buffer on the stack (72 bytes at most), and only allocating the 1781 * mbuf if really necessary. The vast majority of the packets 1782 * are forwarded without having to send an ICMP back (either 1783 * because unnecessary, or because rate limited), so we are 1784 * really we are wasting a lot of work here. 1785 * 1786 * We don't use m_copy() because it might return a reference 1787 * to a shared cluster. Both this function and ip_output() 1788 * assume exclusive access to the IP header in `m', so any 1789 * data in a cluster may change before we reach icmp_error(). 1790 */ 1791 MGET(mcopy, M_DONTWAIT, m->m_type); 1792 if (mcopy != NULL && !m_dup_pkthdr(mcopy, m, M_DONTWAIT)) { 1793 /* 1794 * It's probably ok if the pkthdr dup fails (because 1795 * the deep copy of the tag chain failed), but for now 1796 * be conservative and just discard the copy since 1797 * code below may some day want the tags. 1798 */ 1799 m_free(mcopy); 1800 mcopy = NULL; 1801 } 1802 if (mcopy != NULL) { 1803 mcopy->m_len = imin((IP_VHL_HL(ip->ip_vhl) << 2) + 8, 1804 (int)ip->ip_len); 1805 m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t)); 1806 } 1807 1808 #ifdef IPSTEALTH 1809 if (!ipstealth) { 1810 #endif 1811 ip->ip_ttl -= IPTTLDEC; 1812 #ifdef IPSTEALTH 1813 } 1814 #endif 1815 1816 /* 1817 * If forwarding packet using same interface that it came in on, 1818 * perhaps should send a redirect to sender to shortcut a hop. 1819 * Only send redirect if source is sending directly to us, 1820 * and if packet was not source routed (or has any options). 1821 * Also, don't send redirect if forwarding using a default route 1822 * or a route modified by a redirect. 1823 */ 1824 if (rt->rt_ifp == m->m_pkthdr.rcvif && 1825 (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0 && 1826 satosin(rt_key(rt))->sin_addr.s_addr != 0 && 1827 ipsendredirects && !srcrt && !next_hop) { 1828 #define RTA(rt) ((struct in_ifaddr *)(rt->rt_ifa)) 1829 u_long src = ntohl(ip->ip_src.s_addr); 1830 1831 if (RTA(rt) && 1832 (src & RTA(rt)->ia_subnetmask) == RTA(rt)->ia_subnet) { 1833 if (rt->rt_flags & RTF_GATEWAY) 1834 dest = satosin(rt->rt_gateway)->sin_addr.s_addr; 1835 else 1836 dest = pkt_dst.s_addr; 1837 /* Router requirements says to only send host redirects */ 1838 type = ICMP_REDIRECT; 1839 code = ICMP_REDIRECT_HOST; 1840 #ifdef DIAGNOSTIC 1841 if (ipprintfs) 1842 printf("redirect (%d) to %lx\n", code, (u_long)dest); 1843 #endif 1844 } 1845 } 1846 1847 { 1848 struct m_hdr tag; 1849 1850 if (next_hop) { 1851 /* Pass IPFORWARD info if available */ 1852 1853 tag.mh_type = MT_TAG; 1854 tag.mh_flags = PACKET_TAG_IPFORWARD; 1855 tag.mh_data = (caddr_t)next_hop; 1856 tag.mh_next = m; 1857 m = (struct mbuf *)&tag; 1858 } 1859 error = ip_output(m, (struct mbuf *)0, &ipforward_rt, 1860 IP_FORWARDING, 0, NULL); 1861 } 1862 if (error) 1863 ipstat.ips_cantforward++; 1864 else { 1865 ipstat.ips_forward++; 1866 if (type) 1867 ipstat.ips_redirectsent++; 1868 else { 1869 if (mcopy) { 1870 ipflow_create(&ipforward_rt, mcopy); 1871 m_freem(mcopy); 1872 } 1873 return; 1874 } 1875 } 1876 if (mcopy == NULL) 1877 return; 1878 destifp = NULL; 1879 1880 switch (error) { 1881 1882 case 0: /* forwarded, but need redirect */ 1883 /* type, code set above */ 1884 break; 1885 1886 case ENETUNREACH: /* shouldn't happen, checked above */ 1887 case EHOSTUNREACH: 1888 case ENETDOWN: 1889 case EHOSTDOWN: 1890 default: 1891 type = ICMP_UNREACH; 1892 code = ICMP_UNREACH_HOST; 1893 break; 1894 1895 case EMSGSIZE: 1896 type = ICMP_UNREACH; 1897 code = ICMP_UNREACH_NEEDFRAG; 1898 #ifdef IPSEC 1899 /* 1900 * If the packet is routed over IPsec tunnel, tell the 1901 * originator the tunnel MTU. 1902 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz 1903 * XXX quickhack!!! 1904 */ 1905 if (ipforward_rt.ro_rt) { 1906 struct secpolicy *sp = NULL; 1907 int ipsecerror; 1908 int ipsechdr; 1909 struct route *ro; 1910 1911 sp = ipsec4_getpolicybyaddr(mcopy, 1912 IPSEC_DIR_OUTBOUND, 1913 IP_FORWARDING, 1914 &ipsecerror); 1915 1916 if (sp == NULL) 1917 destifp = ipforward_rt.ro_rt->rt_ifp; 1918 else { 1919 /* count IPsec header size */ 1920 ipsechdr = ipsec4_hdrsiz(mcopy, 1921 IPSEC_DIR_OUTBOUND, 1922 NULL); 1923 1924 /* 1925 * find the correct route for outer IPv4 1926 * header, compute tunnel MTU. 1927 * 1928 * XXX BUG ALERT 1929 * The "dummyifp" code relies upon the fact 1930 * that icmp_error() touches only ifp->if_mtu. 1931 */ 1932 /*XXX*/ 1933 destifp = NULL; 1934 if (sp->req != NULL 1935 && sp->req->sav != NULL 1936 && sp->req->sav->sah != NULL) { 1937 ro = &sp->req->sav->sah->sa_route; 1938 if (ro->ro_rt && ro->ro_rt->rt_ifp) { 1939 dummyifp.if_mtu = 1940 ro->ro_rt->rt_ifp->if_mtu; 1941 dummyifp.if_mtu -= ipsechdr; 1942 destifp = &dummyifp; 1943 } 1944 } 1945 1946 key_freesp(sp); 1947 } 1948 } 1949 #elif FAST_IPSEC 1950 /* 1951 * If the packet is routed over IPsec tunnel, tell the 1952 * originator the tunnel MTU. 1953 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz 1954 * XXX quickhack!!! 1955 */ 1956 if (ipforward_rt.ro_rt) { 1957 struct secpolicy *sp = NULL; 1958 int ipsecerror; 1959 int ipsechdr; 1960 struct route *ro; 1961 1962 sp = ipsec_getpolicybyaddr(mcopy, 1963 IPSEC_DIR_OUTBOUND, 1964 IP_FORWARDING, 1965 &ipsecerror); 1966 1967 if (sp == NULL) 1968 destifp = ipforward_rt.ro_rt->rt_ifp; 1969 else { 1970 /* count IPsec header size */ 1971 ipsechdr = ipsec4_hdrsiz(mcopy, 1972 IPSEC_DIR_OUTBOUND, 1973 NULL); 1974 1975 /* 1976 * find the correct route for outer IPv4 1977 * header, compute tunnel MTU. 1978 * 1979 * XXX BUG ALERT 1980 * The "dummyifp" code relies upon the fact 1981 * that icmp_error() touches only ifp->if_mtu. 1982 */ 1983 /*XXX*/ 1984 destifp = NULL; 1985 if (sp->req != NULL 1986 && sp->req->sav != NULL 1987 && sp->req->sav->sah != NULL) { 1988 ro = &sp->req->sav->sah->sa_route; 1989 if (ro->ro_rt && ro->ro_rt->rt_ifp) { 1990 dummyifp.if_mtu = 1991 ro->ro_rt->rt_ifp->if_mtu; 1992 dummyifp.if_mtu -= ipsechdr; 1993 destifp = &dummyifp; 1994 } 1995 } 1996 1997 KEY_FREESP(&sp); 1998 } 1999 } 2000 #else /* !IPSEC && !FAST_IPSEC */ 2001 if (ipforward_rt.ro_rt) 2002 destifp = ipforward_rt.ro_rt->rt_ifp; 2003 #endif /*IPSEC*/ 2004 ipstat.ips_cantfrag++; 2005 break; 2006 2007 case ENOBUFS: 2008 /* 2009 * A router should not generate ICMP_SOURCEQUENCH as 2010 * required in RFC1812 Requirements for IP Version 4 Routers. 2011 * Source quench could be a big problem under DoS attacks, 2012 * or if the underlying interface is rate-limited. 2013 * Those who need source quench packets may re-enable them 2014 * via the net.inet.ip.sendsourcequench sysctl. 2015 */ 2016 if (ip_sendsourcequench == 0) { 2017 m_freem(mcopy); 2018 return; 2019 } else { 2020 type = ICMP_SOURCEQUENCH; 2021 code = 0; 2022 } 2023 break; 2024 2025 case EACCES: /* ipfw denied packet */ 2026 m_freem(mcopy); 2027 return; 2028 } 2029 icmp_error(mcopy, type, code, dest, destifp); 2030 } 2031 2032 void 2033 ip_savecontrol(inp, mp, ip, m) 2034 struct inpcb *inp; 2035 struct mbuf **mp; 2036 struct ip *ip; 2037 struct mbuf *m; 2038 { 2039 if (inp->inp_socket->so_options & SO_TIMESTAMP) { 2040 struct timeval tv; 2041 2042 microtime(&tv); 2043 *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), 2044 SCM_TIMESTAMP, SOL_SOCKET); 2045 if (*mp) 2046 mp = &(*mp)->m_next; 2047 } 2048 if (inp->inp_flags & INP_RECVDSTADDR) { 2049 *mp = sbcreatecontrol((caddr_t) &ip->ip_dst, 2050 sizeof(struct in_addr), IP_RECVDSTADDR, IPPROTO_IP); 2051 if (*mp) 2052 mp = &(*mp)->m_next; 2053 } 2054 #ifdef notyet 2055 /* XXX 2056 * Moving these out of udp_input() made them even more broken 2057 * than they already were. 2058 */ 2059 /* options were tossed already */ 2060 if (inp->inp_flags & INP_RECVOPTS) { 2061 *mp = sbcreatecontrol((caddr_t) opts_deleted_above, 2062 sizeof(struct in_addr), IP_RECVOPTS, IPPROTO_IP); 2063 if (*mp) 2064 mp = &(*mp)->m_next; 2065 } 2066 /* ip_srcroute doesn't do what we want here, need to fix */ 2067 if (inp->inp_flags & INP_RECVRETOPTS) { 2068 *mp = sbcreatecontrol((caddr_t) ip_srcroute(), 2069 sizeof(struct in_addr), IP_RECVRETOPTS, IPPROTO_IP); 2070 if (*mp) 2071 mp = &(*mp)->m_next; 2072 } 2073 #endif 2074 if (inp->inp_flags & INP_RECVIF) { 2075 struct ifnet *ifp; 2076 struct sdlbuf { 2077 struct sockaddr_dl sdl; 2078 u_char pad[32]; 2079 } sdlbuf; 2080 struct sockaddr_dl *sdp; 2081 struct sockaddr_dl *sdl2 = &sdlbuf.sdl; 2082 2083 if (((ifp = m->m_pkthdr.rcvif)) 2084 && ( ifp->if_index && (ifp->if_index <= if_index))) { 2085 sdp = (struct sockaddr_dl *)(ifnet_addrs 2086 [ifp->if_index - 1]->ifa_addr); 2087 /* 2088 * Change our mind and don't try copy. 2089 */ 2090 if ((sdp->sdl_family != AF_LINK) 2091 || (sdp->sdl_len > sizeof(sdlbuf))) { 2092 goto makedummy; 2093 } 2094 bcopy(sdp, sdl2, sdp->sdl_len); 2095 } else { 2096 makedummy: 2097 sdl2->sdl_len 2098 = offsetof(struct sockaddr_dl, sdl_data[0]); 2099 sdl2->sdl_family = AF_LINK; 2100 sdl2->sdl_index = 0; 2101 sdl2->sdl_nlen = sdl2->sdl_alen = sdl2->sdl_slen = 0; 2102 } 2103 *mp = sbcreatecontrol((caddr_t) sdl2, sdl2->sdl_len, 2104 IP_RECVIF, IPPROTO_IP); 2105 if (*mp) 2106 mp = &(*mp)->m_next; 2107 } 2108 } 2109 2110 /* 2111 * XXX these routines are called from the upper part of the kernel. 2112 * 2113 * They could also be moved to ip_mroute.c, since all the RSVP 2114 * handling is done there already. 2115 */ 2116 int 2117 ip_rsvp_init(struct socket *so) 2118 { 2119 if (so->so_type != SOCK_RAW || 2120 so->so_proto->pr_protocol != IPPROTO_RSVP) 2121 return EOPNOTSUPP; 2122 2123 if (ip_rsvpd != NULL) 2124 return EADDRINUSE; 2125 2126 ip_rsvpd = so; 2127 /* 2128 * This may seem silly, but we need to be sure we don't over-increment 2129 * the RSVP counter, in case something slips up. 2130 */ 2131 if (!ip_rsvp_on) { 2132 ip_rsvp_on = 1; 2133 rsvp_on++; 2134 } 2135 2136 return 0; 2137 } 2138 2139 int 2140 ip_rsvp_done(void) 2141 { 2142 ip_rsvpd = NULL; 2143 /* 2144 * This may seem silly, but we need to be sure we don't over-decrement 2145 * the RSVP counter, in case something slips up. 2146 */ 2147 if (ip_rsvp_on) { 2148 ip_rsvp_on = 0; 2149 rsvp_on--; 2150 } 2151 return 0; 2152 } 2153 2154 void 2155 rsvp_input(struct mbuf *m, int off, int proto) /* XXX must fixup manually */ 2156 { 2157 if (rsvp_input_p) { /* call the real one if loaded */ 2158 rsvp_input_p(m, off, proto); 2159 return; 2160 } 2161 2162 /* Can still get packets with rsvp_on = 0 if there is a local member 2163 * of the group to which the RSVP packet is addressed. But in this 2164 * case we want to throw the packet away. 2165 */ 2166 2167 if (!rsvp_on) { 2168 m_freem(m); 2169 return; 2170 } 2171 2172 if (ip_rsvpd != NULL) { 2173 rip_input(m, off, proto); 2174 return; 2175 } 2176 /* Drop the packet */ 2177 m_freem(m); 2178 } 2179 2180