1 /* 2 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved. 3 * Copyright (c) 2003, 2004 The DragonFly Project. All rights reserved. 4 * 5 * This code is derived from software contributed to The DragonFly Project 6 * by Jeffrey M. Hsu. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of The DragonFly Project nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific, prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 30 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved. 36 * 37 * License terms: all terms for the DragonFly license above plus the following: 38 * 39 * 4. All advertising materials mentioning features or use of this software 40 * must display the following acknowledgement: 41 * 42 * This product includes software developed by Jeffrey M. Hsu 43 * for the DragonFly Project. 44 * 45 * This requirement may be waived with permission from Jeffrey Hsu. 46 * This requirement will sunset and may be removed on July 8 2005, 47 * after which the standard DragonFly license (as shown above) will 48 * apply. 49 */ 50 51 /* 52 * Copyright (c) 1982, 1986, 1988, 1993 53 * The Regents of the University of California. All rights reserved. 54 * 55 * Redistribution and use in source and binary forms, with or without 56 * modification, are permitted provided that the following conditions 57 * are met: 58 * 1. Redistributions of source code must retain the above copyright 59 * notice, this list of conditions and the following disclaimer. 60 * 2. Redistributions in binary form must reproduce the above copyright 61 * notice, this list of conditions and the following disclaimer in the 62 * documentation and/or other materials provided with the distribution. 63 * 3. All advertising materials mentioning features or use of this software 64 * must display the following acknowledgement: 65 * This product includes software developed by the University of 66 * California, Berkeley and its contributors. 67 * 4. Neither the name of the University nor the names of its contributors 68 * may be used to endorse or promote products derived from this software 69 * without specific prior written permission. 70 * 71 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 72 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 73 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 74 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 75 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 76 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 77 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 78 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 79 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 80 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 81 * SUCH DAMAGE. 82 * 83 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 84 * $FreeBSD: src/sys/netinet/ip_input.c,v 1.130.2.52 2003/03/07 07:01:28 silby Exp $ 85 * $DragonFly: src/sys/netinet/ip_input.c,v 1.58 2005/08/31 22:21:23 hsu Exp $ 86 */ 87 88 #define _IP_VHL 89 90 #include "opt_bootp.h" 91 #include "opt_ipfw.h" 92 #include "opt_ipdn.h" 93 #include "opt_ipdivert.h" 94 #include "opt_ipfilter.h" 95 #include "opt_ipstealth.h" 96 #include "opt_ipsec.h" 97 98 #include <sys/param.h> 99 #include <sys/systm.h> 100 #include <sys/mbuf.h> 101 #include <sys/malloc.h> 102 #include <sys/mpipe.h> 103 #include <sys/domain.h> 104 #include <sys/protosw.h> 105 #include <sys/socket.h> 106 #include <sys/time.h> 107 #include <sys/globaldata.h> 108 #include <sys/thread.h> 109 #include <sys/kernel.h> 110 #include <sys/syslog.h> 111 #include <sys/sysctl.h> 112 #include <sys/in_cksum.h> 113 114 #include <sys/thread2.h> 115 #include <sys/msgport2.h> 116 117 #include <machine/stdarg.h> 118 119 #include <net/if.h> 120 #include <net/if_types.h> 121 #include <net/if_var.h> 122 #include <net/if_dl.h> 123 #include <net/pfil.h> 124 #include <net/route.h> 125 #include <net/netisr.h> 126 #include <net/intrq.h> 127 128 #include <netinet/in.h> 129 #include <netinet/in_systm.h> 130 #include <netinet/in_var.h> 131 #include <netinet/ip.h> 132 #include <netinet/in_pcb.h> 133 #include <netinet/ip_var.h> 134 #include <netinet/ip_icmp.h> 135 136 137 #include <sys/socketvar.h> 138 139 #include <net/ipfw/ip_fw.h> 140 #include <net/dummynet/ip_dummynet.h> 141 142 #ifdef IPSEC 143 #include <netinet6/ipsec.h> 144 #include <netproto/key/key.h> 145 #endif 146 147 #ifdef FAST_IPSEC 148 #include <netproto/ipsec/ipsec.h> 149 #include <netproto/ipsec/key.h> 150 #endif 151 152 int rsvp_on = 0; 153 static int ip_rsvp_on; 154 struct socket *ip_rsvpd; 155 156 int ipforwarding = 0; 157 SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, 158 &ipforwarding, 0, "Enable IP forwarding between interfaces"); 159 160 static int ipsendredirects = 1; /* XXX */ 161 SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, 162 &ipsendredirects, 0, "Enable sending IP redirects"); 163 164 int ip_defttl = IPDEFTTL; 165 SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, 166 &ip_defttl, 0, "Maximum TTL on IP packets"); 167 168 static int ip_dosourceroute = 0; 169 SYSCTL_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW, 170 &ip_dosourceroute, 0, "Enable forwarding source routed IP packets"); 171 172 static int ip_acceptsourceroute = 0; 173 SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute, 174 CTLFLAG_RW, &ip_acceptsourceroute, 0, 175 "Enable accepting source routed IP packets"); 176 177 static int ip_keepfaith = 0; 178 SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, 179 &ip_keepfaith, 0, 180 "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); 181 182 static int nipq = 0; /* total # of reass queues */ 183 static int maxnipq; 184 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragpackets, CTLFLAG_RW, 185 &maxnipq, 0, 186 "Maximum number of IPv4 fragment reassembly queue entries"); 187 188 static int maxfragsperpacket; 189 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, 190 &maxfragsperpacket, 0, 191 "Maximum number of IPv4 fragments allowed per packet"); 192 193 static int ip_sendsourcequench = 0; 194 SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, 195 &ip_sendsourcequench, 0, 196 "Enable the transmission of source quench packets"); 197 198 int ip_do_randomid = 0; 199 SYSCTL_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, 200 &ip_do_randomid, 0, 201 "Assign random ip_id values"); 202 /* 203 * XXX - Setting ip_checkinterface mostly implements the receive side of 204 * the Strong ES model described in RFC 1122, but since the routing table 205 * and transmit implementation do not implement the Strong ES model, 206 * setting this to 1 results in an odd hybrid. 207 * 208 * XXX - ip_checkinterface currently must be disabled if you use ipnat 209 * to translate the destination address to another local interface. 210 * 211 * XXX - ip_checkinterface must be disabled if you add IP aliases 212 * to the loopback interface instead of the interface where the 213 * packets for those addresses are received. 214 */ 215 static int ip_checkinterface = 0; 216 SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, 217 &ip_checkinterface, 0, "Verify packet arrives on correct interface"); 218 219 #ifdef DIAGNOSTIC 220 static int ipprintfs = 0; 221 #endif 222 223 static struct ifqueue ipintrq; 224 static int ipqmaxlen = IFQ_MAXLEN; 225 226 extern struct domain inetdomain; 227 extern struct protosw inetsw[]; 228 u_char ip_protox[IPPROTO_MAX]; 229 struct in_ifaddrhead in_ifaddrhead; /* first inet address */ 230 struct in_ifaddrhashhead *in_ifaddrhashtbl; /* inet addr hash table */ 231 u_long in_ifaddrhmask; /* mask for hash table */ 232 233 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQMAXLEN, intr_queue_maxlen, CTLFLAG_RW, 234 &ipintrq.ifq_maxlen, 0, "Maximum size of the IP input queue"); 235 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQDROPS, intr_queue_drops, CTLFLAG_RD, 236 &ipintrq.ifq_drops, 0, "Number of packets dropped from the IP input queue"); 237 238 struct ip_stats ipstats_percpu[MAXCPU]; 239 #ifdef SMP 240 static int 241 sysctl_ipstats(SYSCTL_HANDLER_ARGS) 242 { 243 int cpu, error = 0; 244 245 for (cpu = 0; cpu < ncpus; ++cpu) { 246 if ((error = SYSCTL_OUT(req, &ipstats_percpu[cpu], 247 sizeof(struct ip_stats)))) 248 break; 249 if ((error = SYSCTL_IN(req, &ipstats_percpu[cpu], 250 sizeof(struct ip_stats)))) 251 break; 252 } 253 254 return (error); 255 } 256 SYSCTL_PROC(_net_inet_ip, IPCTL_STATS, stats, (CTLTYPE_OPAQUE | CTLFLAG_RW), 257 0, 0, sysctl_ipstats, "S,ip_stats", "IP statistics"); 258 #else 259 SYSCTL_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, 260 &ipstat, ip_stats, "IP statistics"); 261 #endif 262 263 /* Packet reassembly stuff */ 264 #define IPREASS_NHASH_LOG2 6 265 #define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2) 266 #define IPREASS_HMASK (IPREASS_NHASH - 1) 267 #define IPREASS_HASH(x,y) \ 268 (((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK) 269 270 static struct ipq ipq[IPREASS_NHASH]; 271 const int ipintrq_present = 1; 272 273 #ifdef IPCTL_DEFMTU 274 SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW, 275 &ip_mtu, 0, "Default MTU"); 276 #endif 277 278 #ifdef IPSTEALTH 279 static int ipstealth = 0; 280 SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, &ipstealth, 0, ""); 281 #else 282 static const int ipstealth = 0; 283 #endif 284 285 286 /* Firewall hooks */ 287 ip_fw_chk_t *ip_fw_chk_ptr; 288 int fw_enable = 1; 289 int fw_one_pass = 1; 290 291 /* Dummynet hooks */ 292 ip_dn_io_t *ip_dn_io_ptr; 293 294 struct pfil_head inet_pfil_hook; 295 296 /* 297 * XXX this is ugly -- the following two global variables are 298 * used to store packet state while it travels through the stack. 299 * Note that the code even makes assumptions on the size and 300 * alignment of fields inside struct ip_srcrt so e.g. adding some 301 * fields will break the code. This needs to be fixed. 302 * 303 * We need to save the IP options in case a protocol wants to respond 304 * to an incoming packet over the same route if the packet got here 305 * using IP source routing. This allows connection establishment and 306 * maintenance when the remote end is on a network that is not known 307 * to us. 308 */ 309 static int ip_nhops = 0; 310 311 static struct ip_srcrt { 312 struct in_addr dst; /* final destination */ 313 char nop; /* one NOP to align */ 314 char srcopt[IPOPT_OFFSET + 1]; /* OPTVAL, OLEN and OFFSET */ 315 struct in_addr route[MAX_IPOPTLEN/sizeof(struct in_addr)]; 316 } ip_srcrt; 317 318 static MALLOC_DEFINE(M_IPQ, "ipq", "IP Fragment Management"); 319 static struct malloc_pipe ipq_mpipe; 320 321 static void save_rte (u_char *, struct in_addr); 322 static int ip_dooptions (struct mbuf *m, int, 323 struct sockaddr_in *next_hop); 324 static void ip_forward (struct mbuf *m, boolean_t using_srcrt, 325 struct sockaddr_in *next_hop); 326 static void ip_freef (struct ipq *); 327 static int ip_input_handler (struct netmsg *); 328 static struct mbuf *ip_reass (struct mbuf *, struct ipq *, 329 struct ipq *, u_int32_t *); 330 331 /* 332 * IP initialization: fill in IP protocol switch table. 333 * All protocols not implemented in kernel go to raw IP protocol handler. 334 */ 335 void 336 ip_init(void) 337 { 338 struct protosw *pr; 339 int i; 340 #ifdef SMP 341 int cpu; 342 #endif 343 344 /* 345 * Make sure we can handle a reasonable number of fragments but 346 * cap it at 4000 (XXX). 347 */ 348 mpipe_init(&ipq_mpipe, M_IPQ, sizeof(struct ipq), 349 IFQ_MAXLEN, 4000, 0, NULL); 350 TAILQ_INIT(&in_ifaddrhead); 351 in_ifaddrhashtbl = hashinit(INADDR_NHASH, M_IFADDR, &in_ifaddrhmask); 352 pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); 353 if (pr == NULL) 354 panic("ip_init"); 355 for (i = 0; i < IPPROTO_MAX; i++) 356 ip_protox[i] = pr - inetsw; 357 for (pr = inetdomain.dom_protosw; 358 pr < inetdomain.dom_protoswNPROTOSW; pr++) 359 if (pr->pr_domain->dom_family == PF_INET && 360 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) 361 ip_protox[pr->pr_protocol] = pr - inetsw; 362 363 inet_pfil_hook.ph_type = PFIL_TYPE_AF; 364 inet_pfil_hook.ph_af = AF_INET; 365 if ((i = pfil_head_register(&inet_pfil_hook)) != 0) { 366 printf("%s: WARNING: unable to register pfil hook, " 367 "error %d\n", __func__, i); 368 } 369 370 for (i = 0; i < IPREASS_NHASH; i++) 371 ipq[i].next = ipq[i].prev = &ipq[i]; 372 373 maxnipq = nmbclusters / 32; 374 maxfragsperpacket = 16; 375 376 ip_id = time_second & 0xffff; 377 ipintrq.ifq_maxlen = ipqmaxlen; 378 379 /* 380 * Initialize IP statistics counters for each CPU. 381 * 382 */ 383 #ifdef SMP 384 for (cpu = 0; cpu < ncpus; ++cpu) { 385 bzero(&ipstats_percpu[cpu], sizeof(struct ip_stats)); 386 } 387 #else 388 bzero(&ipstat, sizeof(struct ip_stats)); 389 #endif 390 391 netisr_register(NETISR_IP, ip_mport, ip_input_handler); 392 } 393 394 /* 395 * XXX watch out this one. It is perhaps used as a cache for 396 * the most recently used route ? it is cleared in in_addroute() 397 * when a new route is successfully created. 398 */ 399 struct route ipforward_rt; 400 401 /* Do transport protocol processing. */ 402 static void 403 transport_processing_oncpu(struct mbuf *m, int hlen, struct ip *ip, 404 struct sockaddr_in *nexthop) 405 { 406 /* 407 * Switch out to protocol's input routine. 408 */ 409 if (nexthop && ip->ip_p == IPPROTO_TCP) { 410 /* TCP needs IPFORWARD info if available */ 411 struct m_hdr tag; 412 413 tag.mh_type = MT_TAG; 414 tag.mh_flags = PACKET_TAG_IPFORWARD; 415 tag.mh_data = (caddr_t)nexthop; 416 tag.mh_next = m; 417 418 (*inetsw[ip_protox[ip->ip_p]].pr_input) 419 ((struct mbuf *)&tag, hlen, ip->ip_p); 420 } else { 421 (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen, ip->ip_p); 422 } 423 } 424 425 struct netmsg_transport_packet { 426 struct lwkt_msg nm_lmsg; 427 struct mbuf *nm_mbuf; 428 int nm_hlen; 429 boolean_t nm_hasnexthop; 430 struct sockaddr_in nm_nexthop; 431 }; 432 433 static int 434 transport_processing_handler(lwkt_msg_t lmsg) 435 { 436 struct netmsg_transport_packet *msg = (void *)lmsg; 437 struct sockaddr_in *nexthop; 438 struct ip *ip; 439 440 ip = mtod(msg->nm_mbuf, struct ip *); 441 nexthop = msg->nm_hasnexthop ? &msg->nm_nexthop : NULL; 442 transport_processing_oncpu(msg->nm_mbuf, msg->nm_hlen, ip, nexthop); 443 lwkt_replymsg(lmsg, 0); 444 return(EASYNC); 445 } 446 447 static int 448 ip_input_handler(struct netmsg *msg0) 449 { 450 struct mbuf *m = ((struct netmsg_packet *)msg0)->nm_packet; 451 452 ip_input(m); 453 lwkt_replymsg(&msg0->nm_lmsg, 0); 454 return(EASYNC); 455 } 456 457 /* 458 * IP input routine. Checksum and byte swap header. If fragmented 459 * try to reassemble. Process options. Pass to next level. 460 */ 461 void 462 ip_input(struct mbuf *m) 463 { 464 struct ip *ip; 465 struct ipq *fp; 466 struct in_ifaddr *ia = NULL; 467 struct ifaddr *ifa; 468 int i, hlen, checkif; 469 u_short sum; 470 struct in_addr pkt_dst; 471 u_int32_t divert_info = 0; /* packet divert/tee info */ 472 struct ip_fw_args args; 473 boolean_t using_srcrt = FALSE; /* forward (by PFIL_HOOKS) */ 474 boolean_t needredispatch = FALSE; 475 struct in_addr odst; /* original dst address(NAT) */ 476 #if defined(FAST_IPSEC) || defined(IPDIVERT) 477 struct m_tag *mtag; 478 #endif 479 #ifdef FAST_IPSEC 480 struct tdb_ident *tdbi; 481 struct secpolicy *sp; 482 int error; 483 #endif 484 485 args.eh = NULL; 486 args.oif = NULL; 487 args.rule = NULL; 488 args.next_hop = NULL; 489 490 /* Grab info from MT_TAG mbufs prepended to the chain. */ 491 while (m != NULL && m->m_type == MT_TAG) { 492 switch(m->_m_tag_id) { 493 case PACKET_TAG_DUMMYNET: 494 args.rule = ((struct dn_pkt *)m)->rule; 495 break; 496 case PACKET_TAG_IPFORWARD: 497 args.next_hop = (struct sockaddr_in *)m->m_hdr.mh_data; 498 break; 499 default: 500 printf("ip_input: unrecognised MT_TAG tag %d\n", 501 m->_m_tag_id); 502 break; 503 } 504 m = m->m_next; 505 } 506 KASSERT(m != NULL && (m->m_flags & M_PKTHDR), ("ip_input: no HDR")); 507 508 if (args.rule != NULL) { /* dummynet already filtered us */ 509 ip = mtod(m, struct ip *); 510 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 511 goto iphack; 512 } 513 514 ipstat.ips_total++; 515 516 /* length checks already done in ip_demux() */ 517 KASSERT(m->m_len >= sizeof(ip), ("IP header not in one mbuf")); 518 519 ip = mtod(m, struct ip *); 520 521 if (IP_VHL_V(ip->ip_vhl) != IPVERSION) { 522 ipstat.ips_badvers++; 523 goto bad; 524 } 525 526 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 527 /* length checks already done in ip_demux() */ 528 KASSERT(hlen >= sizeof(struct ip), ("IP header len too small")); 529 KASSERT(m->m_len >= hlen, ("packet shorter than IP header length")); 530 531 /* 127/8 must not appear on wire - RFC1122 */ 532 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || 533 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { 534 if (!(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK)) { 535 ipstat.ips_badaddr++; 536 goto bad; 537 } 538 } 539 540 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 541 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 542 } else { 543 if (hlen == sizeof(struct ip)) { 544 sum = in_cksum_hdr(ip); 545 } else { 546 sum = in_cksum(m, hlen); 547 } 548 } 549 if (sum != 0) { 550 ipstat.ips_badsum++; 551 goto bad; 552 } 553 554 #ifdef ALTQ 555 if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) { 556 /* packet is dropped by traffic conditioner */ 557 return; 558 } 559 #endif 560 /* 561 * Convert fields to host representation. 562 */ 563 ip->ip_len = ntohs(ip->ip_len); 564 if (ip->ip_len < hlen) { 565 ipstat.ips_badlen++; 566 goto bad; 567 } 568 ip->ip_off = ntohs(ip->ip_off); 569 570 /* 571 * Check that the amount of data in the buffers 572 * is as at least much as the IP header would have us expect. 573 * Trim mbufs if longer than we expect. 574 * Drop packet if shorter than we expect. 575 */ 576 if (m->m_pkthdr.len < ip->ip_len) { 577 ipstat.ips_tooshort++; 578 goto bad; 579 } 580 if (m->m_pkthdr.len > ip->ip_len) { 581 if (m->m_len == m->m_pkthdr.len) { 582 m->m_len = ip->ip_len; 583 m->m_pkthdr.len = ip->ip_len; 584 } else 585 m_adj(m, ip->ip_len - m->m_pkthdr.len); 586 } 587 #if defined(IPSEC) && !defined(IPSEC_FILTERGIF) 588 /* 589 * Bypass packet filtering for packets from a tunnel (gif). 590 */ 591 if (ipsec_gethist(m, NULL)) 592 goto pass; 593 #endif 594 595 /* 596 * IpHack's section. 597 * Right now when no processing on packet has done 598 * and it is still fresh out of network we do our black 599 * deals with it. 600 * - Firewall: deny/allow/divert 601 * - Xlate: translate packet's addr/port (NAT). 602 * - Pipe: pass pkt through dummynet. 603 * - Wrap: fake packet's addr/port <unimpl.> 604 * - Encapsulate: put it in another IP and send out. <unimp.> 605 */ 606 607 iphack: 608 609 /* 610 * Run through list of hooks for input packets. 611 * 612 * NB: Beware of the destination address changing (e.g. 613 * by NAT rewriting). When this happens, tell 614 * ip_forward to do the right thing. 615 */ 616 if (pfil_has_hooks(&inet_pfil_hook)) { 617 odst = ip->ip_dst; 618 if (pfil_run_hooks(&inet_pfil_hook, &m, 619 m->m_pkthdr.rcvif, PFIL_IN)) { 620 return; 621 } 622 if (m == NULL) /* consumed by filter */ 623 return; 624 ip = mtod(m, struct ip *); 625 using_srcrt = (odst.s_addr != ip->ip_dst.s_addr); 626 } 627 628 if (fw_enable && IPFW_LOADED) { 629 /* 630 * If we've been forwarded from the output side, then 631 * skip the firewall a second time 632 */ 633 if (args.next_hop != NULL) 634 goto ours; 635 636 args.m = m; 637 i = ip_fw_chk_ptr(&args); 638 m = args.m; 639 640 if ((i & IP_FW_PORT_DENY_FLAG) || m == NULL) { /* drop */ 641 if (m != NULL) 642 m_freem(m); 643 return; 644 } 645 ip = mtod(m, struct ip *); /* just in case m changed */ 646 if (i == 0 && args.next_hop == NULL) /* common case */ 647 goto pass; 648 if (DUMMYNET_LOADED && (i & IP_FW_PORT_DYNT_FLAG)) { 649 /* Send packet to the appropriate pipe */ 650 ip_dn_io_ptr(m, i&0xffff, DN_TO_IP_IN, &args); 651 return; 652 } 653 #ifdef IPDIVERT 654 if (i != 0 && !(i & IP_FW_PORT_DYNT_FLAG)) { 655 /* Divert or tee packet */ 656 divert_info = i; 657 goto ours; 658 } 659 #endif 660 if (i == 0 && args.next_hop != NULL) 661 goto pass; 662 /* 663 * if we get here, the packet must be dropped 664 */ 665 m_freem(m); 666 return; 667 } 668 pass: 669 670 /* 671 * Process options and, if not destined for us, 672 * ship it on. ip_dooptions returns 1 when an 673 * error was detected (causing an icmp message 674 * to be sent and the original packet to be freed). 675 */ 676 ip_nhops = 0; /* for source routed packets */ 677 if (hlen > sizeof(struct ip) && ip_dooptions(m, 0, args.next_hop)) 678 return; 679 680 /* greedy RSVP, snatches any PATH packet of the RSVP protocol and no 681 * matter if it is destined to another node, or whether it is 682 * a multicast one, RSVP wants it! and prevents it from being forwarded 683 * anywhere else. Also checks if the rsvp daemon is running before 684 * grabbing the packet. 685 */ 686 if (rsvp_on && ip->ip_p == IPPROTO_RSVP) 687 goto ours; 688 689 /* 690 * Check our list of addresses, to see if the packet is for us. 691 * If we don't have any addresses, assume any unicast packet 692 * we receive might be for us (and let the upper layers deal 693 * with it). 694 */ 695 if (TAILQ_EMPTY(&in_ifaddrhead) && !(m->m_flags & (M_MCAST | M_BCAST))) 696 goto ours; 697 698 /* 699 * Cache the destination address of the packet; this may be 700 * changed by use of 'ipfw fwd'. 701 */ 702 pkt_dst = args.next_hop ? args.next_hop->sin_addr : ip->ip_dst; 703 704 /* 705 * Enable a consistency check between the destination address 706 * and the arrival interface for a unicast packet (the RFC 1122 707 * strong ES model) if IP forwarding is disabled and the packet 708 * is not locally generated and the packet is not subject to 709 * 'ipfw fwd'. 710 * 711 * XXX - Checking also should be disabled if the destination 712 * address is ipnat'ed to a different interface. 713 * 714 * XXX - Checking is incompatible with IP aliases added 715 * to the loopback interface instead of the interface where 716 * the packets are received. 717 */ 718 checkif = ip_checkinterface && 719 !ipforwarding && 720 m->m_pkthdr.rcvif != NULL && 721 !(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) && 722 (args.next_hop == NULL); 723 724 /* 725 * Check for exact addresses in the hash bucket. 726 */ 727 LIST_FOREACH(ia, INADDR_HASH(pkt_dst.s_addr), ia_hash) { 728 /* 729 * If the address matches, verify that the packet 730 * arrived via the correct interface if checking is 731 * enabled. 732 */ 733 if (IA_SIN(ia)->sin_addr.s_addr == pkt_dst.s_addr && 734 (!checkif || ia->ia_ifp == m->m_pkthdr.rcvif)) 735 goto ours; 736 } 737 /* 738 * Check for broadcast addresses. 739 * 740 * Only accept broadcast packets that arrive via the matching 741 * interface. Reception of forwarded directed broadcasts would 742 * be handled via ip_forward() and ether_output() with the loopback 743 * into the stack for SIMPLEX interfaces handled by ether_output(). 744 */ 745 if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { 746 TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) { 747 if (ifa->ifa_addr == NULL) /* shutdown/startup race */ 748 continue; 749 if (ifa->ifa_addr->sa_family != AF_INET) 750 continue; 751 ia = ifatoia(ifa); 752 if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr == 753 pkt_dst.s_addr) 754 goto ours; 755 if (ia->ia_netbroadcast.s_addr == pkt_dst.s_addr) 756 goto ours; 757 #ifdef BOOTP_COMPAT 758 if (IA_SIN(ia)->sin_addr.s_addr == INADDR_ANY) 759 goto ours; 760 #endif 761 } 762 } 763 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { 764 struct in_multi *inm; 765 766 if (ip_mrouter != NULL) { 767 /* 768 * If we are acting as a multicast router, all 769 * incoming multicast packets are passed to the 770 * kernel-level multicast forwarding function. 771 * The packet is returned (relatively) intact; if 772 * ip_mforward() returns a non-zero value, the packet 773 * must be discarded, else it may be accepted below. 774 */ 775 if (ip_mforward != NULL && 776 ip_mforward(ip, m->m_pkthdr.rcvif, m, NULL) != 0) { 777 ipstat.ips_cantforward++; 778 m_freem(m); 779 return; 780 } 781 782 /* 783 * The process-level routing daemon needs to receive 784 * all multicast IGMP packets, whether or not this 785 * host belongs to their destination groups. 786 */ 787 if (ip->ip_p == IPPROTO_IGMP) 788 goto ours; 789 ipstat.ips_forward++; 790 } 791 /* 792 * See if we belong to the destination multicast group on the 793 * arrival interface. 794 */ 795 IN_LOOKUP_MULTI(ip->ip_dst, m->m_pkthdr.rcvif, inm); 796 if (inm == NULL) { 797 ipstat.ips_notmember++; 798 m_freem(m); 799 return; 800 } 801 goto ours; 802 } 803 if (ip->ip_dst.s_addr == INADDR_BROADCAST) 804 goto ours; 805 if (ip->ip_dst.s_addr == INADDR_ANY) 806 goto ours; 807 808 /* 809 * FAITH(Firewall Aided Internet Translator) 810 */ 811 if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 812 if (ip_keepfaith) { 813 if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_ICMP) 814 goto ours; 815 } 816 m_freem(m); 817 return; 818 } 819 820 /* 821 * Not for us; forward if possible and desirable. 822 */ 823 if (!ipforwarding) { 824 ipstat.ips_cantforward++; 825 m_freem(m); 826 } else { 827 #ifdef IPSEC 828 /* 829 * Enforce inbound IPsec SPD. 830 */ 831 if (ipsec4_in_reject(m, NULL)) { 832 ipsecstat.in_polvio++; 833 goto bad; 834 } 835 #endif 836 #ifdef FAST_IPSEC 837 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 838 crit_enter(); 839 if (mtag != NULL) { 840 tdbi = (struct tdb_ident *)m_tag_data(mtag); 841 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 842 } else { 843 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 844 IP_FORWARDING, &error); 845 } 846 if (sp == NULL) { /* NB: can happen if error */ 847 crit_exit(); 848 /*XXX error stat???*/ 849 DPRINTF(("ip_input: no SP for forwarding\n")); /*XXX*/ 850 goto bad; 851 } 852 853 /* 854 * Check security policy against packet attributes. 855 */ 856 error = ipsec_in_reject(sp, m); 857 KEY_FREESP(&sp); 858 crit_exit(); 859 if (error) { 860 ipstat.ips_cantforward++; 861 goto bad; 862 } 863 #endif 864 ip_forward(m, using_srcrt, args.next_hop); 865 } 866 return; 867 868 ours: 869 870 /* 871 * IPSTEALTH: Process non-routing options only 872 * if the packet is destined for us. 873 */ 874 if (ipstealth && 875 hlen > sizeof(struct ip) && 876 ip_dooptions(m, 1, args.next_hop)) 877 return; 878 879 /* Count the packet in the ip address stats */ 880 if (ia != NULL) { 881 ia->ia_ifa.if_ipackets++; 882 ia->ia_ifa.if_ibytes += m->m_pkthdr.len; 883 } 884 885 /* 886 * If offset or IP_MF are set, must reassemble. 887 * Otherwise, nothing need be done. 888 * (We could look in the reassembly queue to see 889 * if the packet was previously fragmented, 890 * but it's not worth the time; just let them time out.) 891 */ 892 if (ip->ip_off & (IP_MF | IP_OFFMASK)) { 893 894 /* If maxnipq is 0, never accept fragments. */ 895 if (maxnipq == 0) { 896 ipstat.ips_fragments++; 897 ipstat.ips_fragdropped++; 898 goto bad; 899 } 900 901 sum = IPREASS_HASH(ip->ip_src.s_addr, ip->ip_id); 902 /* 903 * Look for queue of fragments 904 * of this datagram. 905 */ 906 for (fp = ipq[sum].next; fp != &ipq[sum]; fp = fp->next) 907 if (ip->ip_id == fp->ipq_id && 908 ip->ip_src.s_addr == fp->ipq_src.s_addr && 909 ip->ip_dst.s_addr == fp->ipq_dst.s_addr && 910 ip->ip_p == fp->ipq_p) 911 goto found; 912 913 fp = NULL; 914 915 /* 916 * Enforce upper bound on number of fragmented packets 917 * for which we attempt reassembly; 918 * If maxnipq is -1, accept all fragments without limitation. 919 */ 920 if ((nipq > maxnipq) && (maxnipq > 0)) { 921 /* 922 * drop something from the tail of the current queue 923 * before proceeding further 924 */ 925 if (ipq[sum].prev == &ipq[sum]) { /* gak */ 926 for (i = 0; i < IPREASS_NHASH; i++) { 927 if (ipq[i].prev != &ipq[i]) { 928 ipstat.ips_fragtimeout += 929 ipq[i].prev->ipq_nfrags; 930 ip_freef(ipq[i].prev); 931 break; 932 } 933 } 934 } else { 935 ipstat.ips_fragtimeout += 936 ipq[sum].prev->ipq_nfrags; 937 ip_freef(ipq[sum].prev); 938 } 939 } 940 found: 941 /* 942 * Adjust ip_len to not reflect header, 943 * convert offset of this to bytes. 944 */ 945 ip->ip_len -= hlen; 946 if (ip->ip_off & IP_MF) { 947 /* 948 * Make sure that fragments have a data length 949 * that's a non-zero multiple of 8 bytes. 950 */ 951 if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) { 952 ipstat.ips_toosmall++; /* XXX */ 953 goto bad; 954 } 955 m->m_flags |= M_FRAG; 956 } else 957 m->m_flags &= ~M_FRAG; 958 ip->ip_off <<= 3; 959 960 /* 961 * Attempt reassembly; if it succeeds, proceed. 962 * ip_reass() will return a different mbuf, and update 963 * the divert info in divert_info. 964 */ 965 ipstat.ips_fragments++; 966 m->m_pkthdr.header = ip; 967 m = ip_reass(m, fp, &ipq[sum], &divert_info); 968 if (m == NULL) 969 return; 970 ipstat.ips_reassembled++; 971 needredispatch = TRUE; 972 ip = mtod(m, struct ip *); 973 /* Get the header length of the reassembled packet */ 974 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 975 #ifdef IPDIVERT 976 /* Restore original checksum before diverting packet */ 977 if (divert_info != 0) { 978 ip->ip_len += hlen; 979 ip->ip_len = htons(ip->ip_len); 980 ip->ip_off = htons(ip->ip_off); 981 ip->ip_sum = 0; 982 if (hlen == sizeof(struct ip)) 983 ip->ip_sum = in_cksum_hdr(ip); 984 else 985 ip->ip_sum = in_cksum(m, hlen); 986 ip->ip_off = ntohs(ip->ip_off); 987 ip->ip_len = ntohs(ip->ip_len); 988 ip->ip_len -= hlen; 989 } 990 #endif 991 } else { 992 ip->ip_len -= hlen; 993 } 994 995 #ifdef IPDIVERT 996 /* 997 * Divert or tee packet to the divert protocol if required. 998 */ 999 if (divert_info != 0) { 1000 struct mbuf *clone = NULL; 1001 1002 /* Clone packet if we're doing a 'tee' */ 1003 if ((divert_info & IP_FW_PORT_TEE_FLAG) != 0) 1004 clone = m_dup(m, MB_DONTWAIT); 1005 1006 /* Restore packet header fields to original values */ 1007 ip->ip_len += hlen; 1008 ip->ip_len = htons(ip->ip_len); 1009 ip->ip_off = htons(ip->ip_off); 1010 1011 /* Deliver packet to divert input routine */ 1012 divert_packet(m, 1, divert_info & 0xffff); 1013 ipstat.ips_delivered++; 1014 1015 /* If 'tee', continue with original packet */ 1016 if (clone == NULL) 1017 return; 1018 m = clone; 1019 ip = mtod(m, struct ip *); 1020 ip->ip_len += hlen; 1021 /* 1022 * Jump backwards to complete processing of the 1023 * packet. But first clear divert_info to avoid 1024 * entering this block again. 1025 * We do not need to clear args.divert_rule 1026 * or args.next_hop as they will not be used. 1027 * 1028 * XXX Better safe than sorry, remove the DIVERT tag. 1029 */ 1030 mtag = m_tag_find(m, PACKET_TAG_IPFW_DIVERT, NULL); 1031 if (mtag != NULL) 1032 m_tag_delete(m, mtag); 1033 1034 divert_info = 0; 1035 goto pass; 1036 } 1037 #endif 1038 1039 #ifdef IPSEC 1040 /* 1041 * enforce IPsec policy checking if we are seeing last header. 1042 * note that we do not visit this with protocols with pcb layer 1043 * code - like udp/tcp/raw ip. 1044 */ 1045 if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) && 1046 ipsec4_in_reject(m, NULL)) { 1047 ipsecstat.in_polvio++; 1048 goto bad; 1049 } 1050 #endif 1051 #if FAST_IPSEC 1052 /* 1053 * enforce IPsec policy checking if we are seeing last header. 1054 * note that we do not visit this with protocols with pcb layer 1055 * code - like udp/tcp/raw ip. 1056 */ 1057 if (inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) { 1058 /* 1059 * Check if the packet has already had IPsec processing 1060 * done. If so, then just pass it along. This tag gets 1061 * set during AH, ESP, etc. input handling, before the 1062 * packet is returned to the ip input queue for delivery. 1063 */ 1064 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 1065 crit_enter(); 1066 if (mtag != NULL) { 1067 tdbi = (struct tdb_ident *)m_tag_data(mtag); 1068 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 1069 } else { 1070 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 1071 IP_FORWARDING, &error); 1072 } 1073 if (sp != NULL) { 1074 /* 1075 * Check security policy against packet attributes. 1076 */ 1077 error = ipsec_in_reject(sp, m); 1078 KEY_FREESP(&sp); 1079 } else { 1080 /* XXX error stat??? */ 1081 error = EINVAL; 1082 DPRINTF(("ip_input: no SP, packet discarded\n"));/*XXX*/ 1083 goto bad; 1084 } 1085 crit_exit(); 1086 if (error) 1087 goto bad; 1088 } 1089 #endif /* FAST_IPSEC */ 1090 1091 ipstat.ips_delivered++; 1092 if (needredispatch) { 1093 struct netmsg_transport_packet *msg; 1094 lwkt_port_t port; 1095 1096 ip->ip_off = htons(ip->ip_off); 1097 ip->ip_len = htons(ip->ip_len); 1098 port = ip_mport(&m); 1099 if (port == NULL) 1100 return; 1101 1102 msg = malloc(sizeof(struct netmsg_transport_packet), M_LWKTMSG, 1103 M_INTWAIT | M_NULLOK); 1104 if (msg == NULL) 1105 goto bad; 1106 1107 lwkt_initmsg(&msg->nm_lmsg, &netisr_afree_rport, 0, 1108 lwkt_cmd_func(transport_processing_handler), 1109 lwkt_cmd_op_none); 1110 msg->nm_hlen = hlen; 1111 msg->nm_hasnexthop = (args.next_hop != NULL); 1112 if (msg->nm_hasnexthop) 1113 msg->nm_nexthop = *args.next_hop; /* structure copy */ 1114 1115 msg->nm_mbuf = m; 1116 ip = mtod(m, struct ip *); 1117 ip->ip_len = ntohs(ip->ip_len); 1118 ip->ip_off = ntohs(ip->ip_off); 1119 lwkt_sendmsg(port, &msg->nm_lmsg); 1120 } else { 1121 transport_processing_oncpu(m, hlen, ip, args.next_hop); 1122 } 1123 return; 1124 1125 bad: 1126 m_freem(m); 1127 } 1128 1129 /* 1130 * Take incoming datagram fragment and try to reassemble it into 1131 * whole datagram. If a chain for reassembly of this datagram already 1132 * exists, then it is given as fp; otherwise have to make a chain. 1133 * 1134 * When IPDIVERT enabled, keep additional state with each packet that 1135 * tells us if we need to divert or tee the packet we're building. 1136 * In particular, *divinfo includes the port and TEE flag. 1137 */ 1138 1139 static struct mbuf * 1140 ip_reass(struct mbuf *m, struct ipq *fp, struct ipq *where, 1141 u_int32_t *divinfo) 1142 { 1143 struct ip *ip = mtod(m, struct ip *); 1144 struct mbuf *p = NULL, *q, *nq; 1145 struct mbuf *n; 1146 int hlen = IP_VHL_HL(ip->ip_vhl) << 2; 1147 int i, next; 1148 #ifdef IPDIVERT 1149 struct m_tag *mtag; 1150 #endif 1151 1152 /* 1153 * Presence of header sizes in mbufs 1154 * would confuse code below. 1155 */ 1156 m->m_data += hlen; 1157 m->m_len -= hlen; 1158 1159 /* 1160 * If first fragment to arrive, create a reassembly queue. 1161 */ 1162 if (fp == NULL) { 1163 if ((fp = mpipe_alloc_nowait(&ipq_mpipe)) == NULL) 1164 goto dropfrag; 1165 insque(fp, where); 1166 nipq++; 1167 fp->ipq_nfrags = 1; 1168 fp->ipq_ttl = IPFRAGTTL; 1169 fp->ipq_p = ip->ip_p; 1170 fp->ipq_id = ip->ip_id; 1171 fp->ipq_src = ip->ip_src; 1172 fp->ipq_dst = ip->ip_dst; 1173 fp->ipq_frags = m; 1174 m->m_nextpkt = NULL; 1175 #ifdef IPDIVERT 1176 fp->ipq_div_info = 0; 1177 #endif 1178 goto inserted; 1179 } else { 1180 fp->ipq_nfrags++; 1181 } 1182 1183 #define GETIP(m) ((struct ip*)((m)->m_pkthdr.header)) 1184 1185 /* 1186 * Find a segment which begins after this one does. 1187 */ 1188 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) 1189 if (GETIP(q)->ip_off > ip->ip_off) 1190 break; 1191 1192 /* 1193 * If there is a preceding segment, it may provide some of 1194 * our data already. If so, drop the data from the incoming 1195 * segment. If it provides all of our data, drop us, otherwise 1196 * stick new segment in the proper place. 1197 * 1198 * If some of the data is dropped from the the preceding 1199 * segment, then it's checksum is invalidated. 1200 */ 1201 if (p) { 1202 i = GETIP(p)->ip_off + GETIP(p)->ip_len - ip->ip_off; 1203 if (i > 0) { 1204 if (i >= ip->ip_len) 1205 goto dropfrag; 1206 m_adj(m, i); 1207 m->m_pkthdr.csum_flags = 0; 1208 ip->ip_off += i; 1209 ip->ip_len -= i; 1210 } 1211 m->m_nextpkt = p->m_nextpkt; 1212 p->m_nextpkt = m; 1213 } else { 1214 m->m_nextpkt = fp->ipq_frags; 1215 fp->ipq_frags = m; 1216 } 1217 1218 /* 1219 * While we overlap succeeding segments trim them or, 1220 * if they are completely covered, dequeue them. 1221 */ 1222 for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off; 1223 q = nq) { 1224 i = (ip->ip_off + ip->ip_len) - GETIP(q)->ip_off; 1225 if (i < GETIP(q)->ip_len) { 1226 GETIP(q)->ip_len -= i; 1227 GETIP(q)->ip_off += i; 1228 m_adj(q, i); 1229 q->m_pkthdr.csum_flags = 0; 1230 break; 1231 } 1232 nq = q->m_nextpkt; 1233 m->m_nextpkt = nq; 1234 ipstat.ips_fragdropped++; 1235 fp->ipq_nfrags--; 1236 m_freem(q); 1237 } 1238 1239 inserted: 1240 1241 #ifdef IPDIVERT 1242 /* 1243 * Transfer firewall instructions to the fragment structure. 1244 * Only trust info in the fragment at offset 0. 1245 */ 1246 if (ip->ip_off == 0) { 1247 fp->ipq_div_info = *divinfo; 1248 } else { 1249 mtag = m_tag_find(m, PACKET_TAG_IPFW_DIVERT, NULL); 1250 if (mtag != NULL) 1251 m_tag_delete(m, mtag); 1252 } 1253 *divinfo = 0; 1254 #endif 1255 1256 /* 1257 * Check for complete reassembly and perform frag per packet 1258 * limiting. 1259 * 1260 * Frag limiting is performed here so that the nth frag has 1261 * a chance to complete the packet before we drop the packet. 1262 * As a result, n+1 frags are actually allowed per packet, but 1263 * only n will ever be stored. (n = maxfragsperpacket.) 1264 * 1265 */ 1266 next = 0; 1267 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) { 1268 if (GETIP(q)->ip_off != next) { 1269 if (fp->ipq_nfrags > maxfragsperpacket) { 1270 ipstat.ips_fragdropped += fp->ipq_nfrags; 1271 ip_freef(fp); 1272 } 1273 return (NULL); 1274 } 1275 next += GETIP(q)->ip_len; 1276 } 1277 /* Make sure the last packet didn't have the IP_MF flag */ 1278 if (p->m_flags & M_FRAG) { 1279 if (fp->ipq_nfrags > maxfragsperpacket) { 1280 ipstat.ips_fragdropped += fp->ipq_nfrags; 1281 ip_freef(fp); 1282 } 1283 return (NULL); 1284 } 1285 1286 /* 1287 * Reassembly is complete. Make sure the packet is a sane size. 1288 */ 1289 q = fp->ipq_frags; 1290 ip = GETIP(q); 1291 if (next + (IP_VHL_HL(ip->ip_vhl) << 2) > IP_MAXPACKET) { 1292 ipstat.ips_toolong++; 1293 ipstat.ips_fragdropped += fp->ipq_nfrags; 1294 ip_freef(fp); 1295 return (NULL); 1296 } 1297 1298 /* 1299 * Concatenate fragments. 1300 */ 1301 m = q; 1302 n = m->m_next; 1303 m->m_next = NULL; 1304 m_cat(m, n); 1305 nq = q->m_nextpkt; 1306 q->m_nextpkt = NULL; 1307 for (q = nq; q != NULL; q = nq) { 1308 nq = q->m_nextpkt; 1309 q->m_nextpkt = NULL; 1310 m->m_pkthdr.csum_flags &= q->m_pkthdr.csum_flags; 1311 m->m_pkthdr.csum_data += q->m_pkthdr.csum_data; 1312 m_cat(m, q); 1313 } 1314 1315 #ifdef IPDIVERT 1316 /* 1317 * Extract firewall instructions from the fragment structure. 1318 */ 1319 *divinfo = fp->ipq_div_info; 1320 #endif 1321 1322 /* 1323 * Create header for new ip packet by 1324 * modifying header of first packet; 1325 * dequeue and discard fragment reassembly header. 1326 * Make header visible. 1327 */ 1328 ip->ip_len = next; 1329 ip->ip_src = fp->ipq_src; 1330 ip->ip_dst = fp->ipq_dst; 1331 remque(fp); 1332 nipq--; 1333 mpipe_free(&ipq_mpipe, fp); 1334 m->m_len += (IP_VHL_HL(ip->ip_vhl) << 2); 1335 m->m_data -= (IP_VHL_HL(ip->ip_vhl) << 2); 1336 /* some debugging cruft by sklower, below, will go away soon */ 1337 if (m->m_flags & M_PKTHDR) { /* XXX this should be done elsewhere */ 1338 int plen = 0; 1339 1340 for (n = m; n; n = n->m_next) 1341 plen += n->m_len; 1342 m->m_pkthdr.len = plen; 1343 } 1344 return (m); 1345 1346 dropfrag: 1347 #ifdef IPDIVERT 1348 *divinfo = 0; 1349 #endif 1350 ipstat.ips_fragdropped++; 1351 if (fp != NULL) 1352 fp->ipq_nfrags--; 1353 m_freem(m); 1354 return (NULL); 1355 1356 #undef GETIP 1357 } 1358 1359 /* 1360 * Free a fragment reassembly header and all 1361 * associated datagrams. 1362 */ 1363 static void 1364 ip_freef(struct ipq *fp) 1365 { 1366 struct mbuf *q; 1367 1368 while (fp->ipq_frags) { 1369 q = fp->ipq_frags; 1370 fp->ipq_frags = q->m_nextpkt; 1371 m_freem(q); 1372 } 1373 remque(fp); 1374 mpipe_free(&ipq_mpipe, fp); 1375 nipq--; 1376 } 1377 1378 /* 1379 * IP timer processing; 1380 * if a timer expires on a reassembly 1381 * queue, discard it. 1382 */ 1383 void 1384 ip_slowtimo(void) 1385 { 1386 struct ipq *fp; 1387 int i; 1388 1389 crit_enter(); 1390 for (i = 0; i < IPREASS_NHASH; i++) { 1391 fp = ipq[i].next; 1392 if (fp == NULL) 1393 continue; 1394 while (fp != &ipq[i]) { 1395 --fp->ipq_ttl; 1396 fp = fp->next; 1397 if (fp->prev->ipq_ttl == 0) { 1398 ipstat.ips_fragtimeout += fp->prev->ipq_nfrags; 1399 ip_freef(fp->prev); 1400 } 1401 } 1402 } 1403 /* 1404 * If we are over the maximum number of fragments 1405 * (due to the limit being lowered), drain off 1406 * enough to get down to the new limit. 1407 */ 1408 if (maxnipq >= 0 && nipq > maxnipq) { 1409 for (i = 0; i < IPREASS_NHASH; i++) { 1410 while (nipq > maxnipq && 1411 (ipq[i].next != &ipq[i])) { 1412 ipstat.ips_fragdropped += 1413 ipq[i].next->ipq_nfrags; 1414 ip_freef(ipq[i].next); 1415 } 1416 } 1417 } 1418 ipflow_slowtimo(); 1419 crit_exit(); 1420 } 1421 1422 /* 1423 * Drain off all datagram fragments. 1424 */ 1425 void 1426 ip_drain(void) 1427 { 1428 int i; 1429 1430 for (i = 0; i < IPREASS_NHASH; i++) { 1431 while (ipq[i].next != &ipq[i]) { 1432 ipstat.ips_fragdropped += ipq[i].next->ipq_nfrags; 1433 ip_freef(ipq[i].next); 1434 } 1435 } 1436 in_rtqdrain(); 1437 } 1438 1439 /* 1440 * Do option processing on a datagram, 1441 * possibly discarding it if bad options are encountered, 1442 * or forwarding it if source-routed. 1443 * The pass argument is used when operating in the IPSTEALTH 1444 * mode to tell what options to process: 1445 * [LS]SRR (pass 0) or the others (pass 1). 1446 * The reason for as many as two passes is that when doing IPSTEALTH, 1447 * non-routing options should be processed only if the packet is for us. 1448 * Returns 1 if packet has been forwarded/freed, 1449 * 0 if the packet should be processed further. 1450 */ 1451 static int 1452 ip_dooptions(struct mbuf *m, int pass, struct sockaddr_in *next_hop) 1453 { 1454 struct sockaddr_in ipaddr = { sizeof ipaddr, AF_INET }; 1455 struct ip *ip = mtod(m, struct ip *); 1456 u_char *cp; 1457 struct in_ifaddr *ia; 1458 int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB; 1459 boolean_t forward = FALSE; 1460 struct in_addr *sin, dst; 1461 n_time ntime; 1462 1463 dst = ip->ip_dst; 1464 cp = (u_char *)(ip + 1); 1465 cnt = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof(struct ip); 1466 for (; cnt > 0; cnt -= optlen, cp += optlen) { 1467 opt = cp[IPOPT_OPTVAL]; 1468 if (opt == IPOPT_EOL) 1469 break; 1470 if (opt == IPOPT_NOP) 1471 optlen = 1; 1472 else { 1473 if (cnt < IPOPT_OLEN + sizeof(*cp)) { 1474 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1475 goto bad; 1476 } 1477 optlen = cp[IPOPT_OLEN]; 1478 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { 1479 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1480 goto bad; 1481 } 1482 } 1483 switch (opt) { 1484 1485 default: 1486 break; 1487 1488 /* 1489 * Source routing with record. 1490 * Find interface with current destination address. 1491 * If none on this machine then drop if strictly routed, 1492 * or do nothing if loosely routed. 1493 * Record interface address and bring up next address 1494 * component. If strictly routed make sure next 1495 * address is on directly accessible net. 1496 */ 1497 case IPOPT_LSRR: 1498 case IPOPT_SSRR: 1499 if (ipstealth && pass > 0) 1500 break; 1501 if (optlen < IPOPT_OFFSET + sizeof(*cp)) { 1502 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1503 goto bad; 1504 } 1505 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { 1506 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1507 goto bad; 1508 } 1509 ipaddr.sin_addr = ip->ip_dst; 1510 ia = (struct in_ifaddr *) 1511 ifa_ifwithaddr((struct sockaddr *)&ipaddr); 1512 if (ia == NULL) { 1513 if (opt == IPOPT_SSRR) { 1514 type = ICMP_UNREACH; 1515 code = ICMP_UNREACH_SRCFAIL; 1516 goto bad; 1517 } 1518 if (!ip_dosourceroute) 1519 goto nosourcerouting; 1520 /* 1521 * Loose routing, and not at next destination 1522 * yet; nothing to do except forward. 1523 */ 1524 break; 1525 } 1526 off--; /* 0 origin */ 1527 if (off > optlen - (int)sizeof(struct in_addr)) { 1528 /* 1529 * End of source route. Should be for us. 1530 */ 1531 if (!ip_acceptsourceroute) 1532 goto nosourcerouting; 1533 save_rte(cp, ip->ip_src); 1534 break; 1535 } 1536 if (ipstealth) 1537 goto dropit; 1538 if (!ip_dosourceroute) { 1539 if (ipforwarding) { 1540 char buf[sizeof "aaa.bbb.ccc.ddd"]; 1541 1542 /* 1543 * Acting as a router, so generate ICMP 1544 */ 1545 nosourcerouting: 1546 strcpy(buf, inet_ntoa(ip->ip_dst)); 1547 log(LOG_WARNING, 1548 "attempted source route from %s to %s\n", 1549 inet_ntoa(ip->ip_src), buf); 1550 type = ICMP_UNREACH; 1551 code = ICMP_UNREACH_SRCFAIL; 1552 goto bad; 1553 } else { 1554 /* 1555 * Not acting as a router, 1556 * so silently drop. 1557 */ 1558 dropit: 1559 ipstat.ips_cantforward++; 1560 m_freem(m); 1561 return (1); 1562 } 1563 } 1564 1565 /* 1566 * locate outgoing interface 1567 */ 1568 memcpy(&ipaddr.sin_addr, cp + off, 1569 sizeof ipaddr.sin_addr); 1570 1571 if (opt == IPOPT_SSRR) { 1572 #define INA struct in_ifaddr * 1573 #define SA struct sockaddr * 1574 if ((ia = (INA)ifa_ifwithdstaddr((SA)&ipaddr)) 1575 == NULL) 1576 ia = (INA)ifa_ifwithnet((SA)&ipaddr); 1577 } else 1578 ia = ip_rtaddr(ipaddr.sin_addr, &ipforward_rt); 1579 if (ia == NULL) { 1580 type = ICMP_UNREACH; 1581 code = ICMP_UNREACH_SRCFAIL; 1582 goto bad; 1583 } 1584 ip->ip_dst = ipaddr.sin_addr; 1585 memcpy(cp + off, &IA_SIN(ia)->sin_addr, 1586 sizeof(struct in_addr)); 1587 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1588 /* 1589 * Let ip_intr's mcast routing check handle mcast pkts 1590 */ 1591 forward = !IN_MULTICAST(ntohl(ip->ip_dst.s_addr)); 1592 break; 1593 1594 case IPOPT_RR: 1595 if (ipstealth && pass == 0) 1596 break; 1597 if (optlen < IPOPT_OFFSET + sizeof(*cp)) { 1598 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1599 goto bad; 1600 } 1601 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { 1602 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1603 goto bad; 1604 } 1605 /* 1606 * If no space remains, ignore. 1607 */ 1608 off--; /* 0 origin */ 1609 if (off > optlen - (int)sizeof(struct in_addr)) 1610 break; 1611 memcpy(&ipaddr.sin_addr, &ip->ip_dst, 1612 sizeof ipaddr.sin_addr); 1613 /* 1614 * locate outgoing interface; if we're the destination, 1615 * use the incoming interface (should be same). 1616 */ 1617 if ((ia = (INA)ifa_ifwithaddr((SA)&ipaddr)) == NULL && 1618 (ia = ip_rtaddr(ipaddr.sin_addr, &ipforward_rt)) 1619 == NULL) { 1620 type = ICMP_UNREACH; 1621 code = ICMP_UNREACH_HOST; 1622 goto bad; 1623 } 1624 memcpy(cp + off, &IA_SIN(ia)->sin_addr, 1625 sizeof(struct in_addr)); 1626 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1627 break; 1628 1629 case IPOPT_TS: 1630 if (ipstealth && pass == 0) 1631 break; 1632 code = cp - (u_char *)ip; 1633 if (optlen < 4 || optlen > 40) { 1634 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1635 goto bad; 1636 } 1637 if ((off = cp[IPOPT_OFFSET]) < 5) { 1638 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1639 goto bad; 1640 } 1641 if (off > optlen - (int)sizeof(int32_t)) { 1642 cp[IPOPT_OFFSET + 1] += (1 << 4); 1643 if ((cp[IPOPT_OFFSET + 1] & 0xf0) == 0) { 1644 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1645 goto bad; 1646 } 1647 break; 1648 } 1649 off--; /* 0 origin */ 1650 sin = (struct in_addr *)(cp + off); 1651 switch (cp[IPOPT_OFFSET + 1] & 0x0f) { 1652 1653 case IPOPT_TS_TSONLY: 1654 break; 1655 1656 case IPOPT_TS_TSANDADDR: 1657 if (off + sizeof(n_time) + 1658 sizeof(struct in_addr) > optlen) { 1659 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1660 goto bad; 1661 } 1662 ipaddr.sin_addr = dst; 1663 ia = (INA)ifaof_ifpforaddr((SA)&ipaddr, 1664 m->m_pkthdr.rcvif); 1665 if (ia == NULL) 1666 continue; 1667 memcpy(sin, &IA_SIN(ia)->sin_addr, 1668 sizeof(struct in_addr)); 1669 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1670 off += sizeof(struct in_addr); 1671 break; 1672 1673 case IPOPT_TS_PRESPEC: 1674 if (off + sizeof(n_time) + 1675 sizeof(struct in_addr) > optlen) { 1676 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1677 goto bad; 1678 } 1679 memcpy(&ipaddr.sin_addr, sin, 1680 sizeof(struct in_addr)); 1681 if (ifa_ifwithaddr((SA)&ipaddr) == NULL) 1682 continue; 1683 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1684 off += sizeof(struct in_addr); 1685 break; 1686 1687 default: 1688 code = &cp[IPOPT_OFFSET + 1] - (u_char *)ip; 1689 goto bad; 1690 } 1691 ntime = iptime(); 1692 memcpy(cp + off, &ntime, sizeof(n_time)); 1693 cp[IPOPT_OFFSET] += sizeof(n_time); 1694 } 1695 } 1696 if (forward && ipforwarding) { 1697 ip_forward(m, TRUE, next_hop); 1698 return (1); 1699 } 1700 return (0); 1701 bad: 1702 icmp_error(m, type, code, 0, NULL); 1703 ipstat.ips_badoptions++; 1704 return (1); 1705 } 1706 1707 /* 1708 * Given address of next destination (final or next hop), 1709 * return internet address info of interface to be used to get there. 1710 */ 1711 struct in_ifaddr * 1712 ip_rtaddr(struct in_addr dst, struct route *ro) 1713 { 1714 struct sockaddr_in *sin; 1715 1716 sin = (struct sockaddr_in *)&ro->ro_dst; 1717 1718 if (ro->ro_rt == NULL || dst.s_addr != sin->sin_addr.s_addr) { 1719 if (ro->ro_rt != NULL) { 1720 RTFREE(ro->ro_rt); 1721 ro->ro_rt = NULL; 1722 } 1723 sin->sin_family = AF_INET; 1724 sin->sin_len = sizeof *sin; 1725 sin->sin_addr = dst; 1726 rtalloc_ign(ro, RTF_PRCLONING); 1727 } 1728 1729 if (ro->ro_rt == NULL) 1730 return (NULL); 1731 1732 return (ifatoia(ro->ro_rt->rt_ifa)); 1733 } 1734 1735 /* 1736 * Save incoming source route for use in replies, 1737 * to be picked up later by ip_srcroute if the receiver is interested. 1738 */ 1739 void 1740 save_rte(u_char *option, struct in_addr dst) 1741 { 1742 unsigned olen; 1743 1744 olen = option[IPOPT_OLEN]; 1745 #ifdef DIAGNOSTIC 1746 if (ipprintfs) 1747 printf("save_rte: olen %d\n", olen); 1748 #endif 1749 if (olen > sizeof(ip_srcrt) - (1 + sizeof(dst))) 1750 return; 1751 bcopy(option, ip_srcrt.srcopt, olen); 1752 ip_nhops = (olen - IPOPT_OFFSET - 1) / sizeof(struct in_addr); 1753 ip_srcrt.dst = dst; 1754 } 1755 1756 /* 1757 * Retrieve incoming source route for use in replies, 1758 * in the same form used by setsockopt. 1759 * The first hop is placed before the options, will be removed later. 1760 */ 1761 struct mbuf * 1762 ip_srcroute(void) 1763 { 1764 struct in_addr *p, *q; 1765 struct mbuf *m; 1766 1767 if (ip_nhops == 0) 1768 return (NULL); 1769 m = m_get(MB_DONTWAIT, MT_HEADER); 1770 if (m == NULL) 1771 return (NULL); 1772 1773 #define OPTSIZ (sizeof(ip_srcrt.nop) + sizeof(ip_srcrt.srcopt)) 1774 1775 /* length is (nhops+1)*sizeof(addr) + sizeof(nop + srcrt header) */ 1776 m->m_len = ip_nhops * sizeof(struct in_addr) + sizeof(struct in_addr) + 1777 OPTSIZ; 1778 #ifdef DIAGNOSTIC 1779 if (ipprintfs) 1780 printf("ip_srcroute: nhops %d mlen %d", ip_nhops, m->m_len); 1781 #endif 1782 1783 /* 1784 * First save first hop for return route 1785 */ 1786 p = &ip_srcrt.route[ip_nhops - 1]; 1787 *(mtod(m, struct in_addr *)) = *p--; 1788 #ifdef DIAGNOSTIC 1789 if (ipprintfs) 1790 printf(" hops %x", ntohl(mtod(m, struct in_addr *)->s_addr)); 1791 #endif 1792 1793 /* 1794 * Copy option fields and padding (nop) to mbuf. 1795 */ 1796 ip_srcrt.nop = IPOPT_NOP; 1797 ip_srcrt.srcopt[IPOPT_OFFSET] = IPOPT_MINOFF; 1798 memcpy(mtod(m, caddr_t) + sizeof(struct in_addr), &ip_srcrt.nop, 1799 OPTSIZ); 1800 q = (struct in_addr *)(mtod(m, caddr_t) + 1801 sizeof(struct in_addr) + OPTSIZ); 1802 #undef OPTSIZ 1803 /* 1804 * Record return path as an IP source route, 1805 * reversing the path (pointers are now aligned). 1806 */ 1807 while (p >= ip_srcrt.route) { 1808 #ifdef DIAGNOSTIC 1809 if (ipprintfs) 1810 printf(" %x", ntohl(q->s_addr)); 1811 #endif 1812 *q++ = *p--; 1813 } 1814 /* 1815 * Last hop goes to final destination. 1816 */ 1817 *q = ip_srcrt.dst; 1818 #ifdef DIAGNOSTIC 1819 if (ipprintfs) 1820 printf(" %x\n", ntohl(q->s_addr)); 1821 #endif 1822 return (m); 1823 } 1824 1825 /* 1826 * Strip out IP options. 1827 */ 1828 void 1829 ip_stripoptions(struct mbuf *m) 1830 { 1831 int datalen; 1832 struct ip *ip = mtod(m, struct ip *); 1833 caddr_t opts; 1834 int optlen; 1835 1836 optlen = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof(struct ip); 1837 opts = (caddr_t)(ip + 1); 1838 datalen = m->m_len - (sizeof(struct ip) + optlen); 1839 bcopy(opts + optlen, opts, datalen); 1840 m->m_len -= optlen; 1841 if (m->m_flags & M_PKTHDR) 1842 m->m_pkthdr.len -= optlen; 1843 ip->ip_vhl = IP_MAKE_VHL(IPVERSION, sizeof(struct ip) >> 2); 1844 } 1845 1846 u_char inetctlerrmap[PRC_NCMDS] = { 1847 0, 0, 0, 0, 1848 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1849 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1850 EMSGSIZE, EHOSTUNREACH, 0, 0, 1851 0, 0, 0, 0, 1852 ENOPROTOOPT, ECONNREFUSED 1853 }; 1854 1855 /* 1856 * Forward a packet. If some error occurs return the sender 1857 * an icmp packet. Note we can't always generate a meaningful 1858 * icmp message because icmp doesn't have a large enough repertoire 1859 * of codes and types. 1860 * 1861 * If not forwarding, just drop the packet. This could be confusing 1862 * if ipforwarding was zero but some routing protocol was advancing 1863 * us as a gateway to somewhere. However, we must let the routing 1864 * protocol deal with that. 1865 * 1866 * The using_srcrt parameter indicates whether the packet is being forwarded 1867 * via a source route. 1868 */ 1869 static void 1870 ip_forward(struct mbuf *m, boolean_t using_srcrt, struct sockaddr_in *next_hop) 1871 { 1872 struct ip *ip = mtod(m, struct ip *); 1873 struct sockaddr_in *ipforward_rtaddr; 1874 struct rtentry *rt; 1875 int error, type = 0, code = 0; 1876 struct mbuf *mcopy; 1877 n_long dest; 1878 struct in_addr pkt_dst; 1879 struct ifnet *destifp; 1880 struct m_hdr tag; 1881 #if defined(IPSEC) || defined(FAST_IPSEC) 1882 struct ifnet dummyifp; 1883 #endif 1884 1885 dest = INADDR_ANY; 1886 /* 1887 * Cache the destination address of the packet; this may be 1888 * changed by use of 'ipfw fwd'. 1889 */ 1890 pkt_dst = (next_hop != NULL) ? next_hop->sin_addr : ip->ip_dst; 1891 1892 #ifdef DIAGNOSTIC 1893 if (ipprintfs) 1894 printf("forward: src %x dst %x ttl %x\n", 1895 ip->ip_src.s_addr, pkt_dst.s_addr, ip->ip_ttl); 1896 #endif 1897 1898 if (m->m_flags & (M_BCAST | M_MCAST) || !in_canforward(pkt_dst)) { 1899 ipstat.ips_cantforward++; 1900 m_freem(m); 1901 return; 1902 } 1903 if (!ipstealth && ip->ip_ttl <= IPTTLDEC) { 1904 icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, NULL); 1905 return; 1906 } 1907 1908 ipforward_rtaddr = (struct sockaddr_in *) &ipforward_rt.ro_dst; 1909 if (ipforward_rt.ro_rt == NULL || 1910 ipforward_rtaddr->sin_addr.s_addr != pkt_dst.s_addr) { 1911 if (ipforward_rt.ro_rt != NULL) { 1912 RTFREE(ipforward_rt.ro_rt); 1913 ipforward_rt.ro_rt = NULL; 1914 } 1915 ipforward_rtaddr->sin_family = AF_INET; 1916 ipforward_rtaddr->sin_len = sizeof(struct sockaddr_in); 1917 ipforward_rtaddr->sin_addr = pkt_dst; 1918 rtalloc_ign(&ipforward_rt, RTF_PRCLONING); 1919 if (ipforward_rt.ro_rt == NULL) { 1920 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, dest, 1921 NULL); 1922 return; 1923 } 1924 } 1925 rt = ipforward_rt.ro_rt; 1926 1927 /* 1928 * Save the IP header and at most 8 bytes of the payload, 1929 * in case we need to generate an ICMP message to the src. 1930 * 1931 * XXX this can be optimized a lot by saving the data in a local 1932 * buffer on the stack (72 bytes at most), and only allocating the 1933 * mbuf if really necessary. The vast majority of the packets 1934 * are forwarded without having to send an ICMP back (either 1935 * because unnecessary, or because rate limited), so we are 1936 * really we are wasting a lot of work here. 1937 * 1938 * We don't use m_copy() because it might return a reference 1939 * to a shared cluster. Both this function and ip_output() 1940 * assume exclusive access to the IP header in `m', so any 1941 * data in a cluster may change before we reach icmp_error(). 1942 */ 1943 MGETHDR(mcopy, MB_DONTWAIT, m->m_type); 1944 if (mcopy != NULL && !m_dup_pkthdr(mcopy, m, MB_DONTWAIT)) { 1945 /* 1946 * It's probably ok if the pkthdr dup fails (because 1947 * the deep copy of the tag chain failed), but for now 1948 * be conservative and just discard the copy since 1949 * code below may some day want the tags. 1950 */ 1951 m_free(mcopy); 1952 mcopy = NULL; 1953 } 1954 if (mcopy != NULL) { 1955 mcopy->m_len = imin((IP_VHL_HL(ip->ip_vhl) << 2) + 8, 1956 (int)ip->ip_len); 1957 mcopy->m_pkthdr.len = mcopy->m_len; 1958 m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t)); 1959 } 1960 1961 if (!ipstealth) 1962 ip->ip_ttl -= IPTTLDEC; 1963 1964 /* 1965 * If forwarding packet using same interface that it came in on, 1966 * perhaps should send a redirect to sender to shortcut a hop. 1967 * Only send redirect if source is sending directly to us, 1968 * and if packet was not source routed (or has any options). 1969 * Also, don't send redirect if forwarding using a default route 1970 * or a route modified by a redirect. 1971 */ 1972 if (rt->rt_ifp == m->m_pkthdr.rcvif && 1973 !(rt->rt_flags & (RTF_DYNAMIC | RTF_MODIFIED)) && 1974 satosin(rt_key(rt))->sin_addr.s_addr != INADDR_ANY && 1975 ipsendredirects && !using_srcrt && next_hop == NULL) { 1976 u_long src = ntohl(ip->ip_src.s_addr); 1977 struct in_ifaddr *rt_ifa = (struct in_ifaddr *)rt->rt_ifa; 1978 1979 if (rt_ifa != NULL && 1980 (src & rt_ifa->ia_subnetmask) == rt_ifa->ia_subnet) { 1981 if (rt->rt_flags & RTF_GATEWAY) 1982 dest = satosin(rt->rt_gateway)->sin_addr.s_addr; 1983 else 1984 dest = pkt_dst.s_addr; 1985 /* 1986 * Router requirements says to only send 1987 * host redirects. 1988 */ 1989 type = ICMP_REDIRECT; 1990 code = ICMP_REDIRECT_HOST; 1991 #ifdef DIAGNOSTIC 1992 if (ipprintfs) 1993 printf("redirect (%d) to %x\n", code, dest); 1994 #endif 1995 } 1996 } 1997 1998 if (next_hop != NULL) { 1999 /* Pass IPFORWARD info if available */ 2000 tag.mh_type = MT_TAG; 2001 tag.mh_flags = PACKET_TAG_IPFORWARD; 2002 tag.mh_data = (caddr_t)next_hop; 2003 tag.mh_next = m; 2004 m = (struct mbuf *)&tag; 2005 } 2006 2007 error = ip_output(m, NULL, &ipforward_rt, IP_FORWARDING, NULL, NULL); 2008 if (error == 0) { 2009 ipstat.ips_forward++; 2010 if (type == 0) { 2011 if (mcopy) { 2012 ipflow_create(&ipforward_rt, mcopy); 2013 m_freem(mcopy); 2014 } 2015 return; /* most common case */ 2016 } else { 2017 ipstat.ips_redirectsent++; 2018 } 2019 } else { 2020 ipstat.ips_cantforward++; 2021 } 2022 2023 if (mcopy == NULL) 2024 return; 2025 2026 /* 2027 * Send ICMP message. 2028 */ 2029 destifp = NULL; 2030 2031 switch (error) { 2032 2033 case 0: /* forwarded, but need redirect */ 2034 /* type, code set above */ 2035 break; 2036 2037 case ENETUNREACH: /* shouldn't happen, checked above */ 2038 case EHOSTUNREACH: 2039 case ENETDOWN: 2040 case EHOSTDOWN: 2041 default: 2042 type = ICMP_UNREACH; 2043 code = ICMP_UNREACH_HOST; 2044 break; 2045 2046 case EMSGSIZE: 2047 type = ICMP_UNREACH; 2048 code = ICMP_UNREACH_NEEDFRAG; 2049 #ifdef IPSEC 2050 /* 2051 * If the packet is routed over IPsec tunnel, tell the 2052 * originator the tunnel MTU. 2053 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz 2054 * XXX quickhack!!! 2055 */ 2056 if (ipforward_rt.ro_rt != NULL) { 2057 struct secpolicy *sp = NULL; 2058 int ipsecerror; 2059 int ipsechdr; 2060 struct route *ro; 2061 2062 sp = ipsec4_getpolicybyaddr(mcopy, 2063 IPSEC_DIR_OUTBOUND, 2064 IP_FORWARDING, 2065 &ipsecerror); 2066 2067 if (sp == NULL) 2068 destifp = ipforward_rt.ro_rt->rt_ifp; 2069 else { 2070 /* count IPsec header size */ 2071 ipsechdr = ipsec4_hdrsiz(mcopy, 2072 IPSEC_DIR_OUTBOUND, 2073 NULL); 2074 2075 /* 2076 * find the correct route for outer IPv4 2077 * header, compute tunnel MTU. 2078 * 2079 * XXX BUG ALERT 2080 * The "dummyifp" code relies upon the fact 2081 * that icmp_error() touches only ifp->if_mtu. 2082 */ 2083 /*XXX*/ 2084 destifp = NULL; 2085 if (sp->req != NULL && sp->req->sav != NULL && 2086 sp->req->sav->sah != NULL) { 2087 ro = &sp->req->sav->sah->sa_route; 2088 if (ro->ro_rt != NULL && 2089 ro->ro_rt->rt_ifp != NULL) { 2090 dummyifp.if_mtu = 2091 ro->ro_rt->rt_ifp->if_mtu; 2092 dummyifp.if_mtu -= ipsechdr; 2093 destifp = &dummyifp; 2094 } 2095 } 2096 2097 key_freesp(sp); 2098 } 2099 } 2100 #elif FAST_IPSEC 2101 /* 2102 * If the packet is routed over IPsec tunnel, tell the 2103 * originator the tunnel MTU. 2104 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz 2105 * XXX quickhack!!! 2106 */ 2107 if (ipforward_rt.ro_rt != NULL) { 2108 struct secpolicy *sp = NULL; 2109 int ipsecerror; 2110 int ipsechdr; 2111 struct route *ro; 2112 2113 sp = ipsec_getpolicybyaddr(mcopy, 2114 IPSEC_DIR_OUTBOUND, 2115 IP_FORWARDING, 2116 &ipsecerror); 2117 2118 if (sp == NULL) 2119 destifp = ipforward_rt.ro_rt->rt_ifp; 2120 else { 2121 /* count IPsec header size */ 2122 ipsechdr = ipsec4_hdrsiz(mcopy, 2123 IPSEC_DIR_OUTBOUND, 2124 NULL); 2125 2126 /* 2127 * find the correct route for outer IPv4 2128 * header, compute tunnel MTU. 2129 * 2130 * XXX BUG ALERT 2131 * The "dummyifp" code relies upon the fact 2132 * that icmp_error() touches only ifp->if_mtu. 2133 */ 2134 /*XXX*/ 2135 destifp = NULL; 2136 if (sp->req != NULL && 2137 sp->req->sav != NULL && 2138 sp->req->sav->sah != NULL) { 2139 ro = &sp->req->sav->sah->sa_route; 2140 if (ro->ro_rt != NULL && 2141 ro->ro_rt->rt_ifp != NULL) { 2142 dummyifp.if_mtu = 2143 ro->ro_rt->rt_ifp->if_mtu; 2144 dummyifp.if_mtu -= ipsechdr; 2145 destifp = &dummyifp; 2146 } 2147 } 2148 2149 KEY_FREESP(&sp); 2150 } 2151 } 2152 #else /* !IPSEC && !FAST_IPSEC */ 2153 if (ipforward_rt.ro_rt != NULL) 2154 destifp = ipforward_rt.ro_rt->rt_ifp; 2155 #endif /*IPSEC*/ 2156 ipstat.ips_cantfrag++; 2157 break; 2158 2159 case ENOBUFS: 2160 /* 2161 * A router should not generate ICMP_SOURCEQUENCH as 2162 * required in RFC1812 Requirements for IP Version 4 Routers. 2163 * Source quench could be a big problem under DoS attacks, 2164 * or if the underlying interface is rate-limited. 2165 * Those who need source quench packets may re-enable them 2166 * via the net.inet.ip.sendsourcequench sysctl. 2167 */ 2168 if (!ip_sendsourcequench) { 2169 m_freem(mcopy); 2170 return; 2171 } else { 2172 type = ICMP_SOURCEQUENCH; 2173 code = 0; 2174 } 2175 break; 2176 2177 case EACCES: /* ipfw denied packet */ 2178 m_freem(mcopy); 2179 return; 2180 } 2181 icmp_error(mcopy, type, code, dest, destifp); 2182 } 2183 2184 void 2185 ip_savecontrol(struct inpcb *inp, struct mbuf **mp, struct ip *ip, 2186 struct mbuf *m) 2187 { 2188 if (inp->inp_socket->so_options & SO_TIMESTAMP) { 2189 struct timeval tv; 2190 2191 microtime(&tv); 2192 *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), 2193 SCM_TIMESTAMP, SOL_SOCKET); 2194 if (*mp) 2195 mp = &(*mp)->m_next; 2196 } 2197 if (inp->inp_flags & INP_RECVDSTADDR) { 2198 *mp = sbcreatecontrol((caddr_t) &ip->ip_dst, 2199 sizeof(struct in_addr), IP_RECVDSTADDR, IPPROTO_IP); 2200 if (*mp) 2201 mp = &(*mp)->m_next; 2202 } 2203 #ifdef notyet 2204 /* XXX 2205 * Moving these out of udp_input() made them even more broken 2206 * than they already were. 2207 */ 2208 /* options were tossed already */ 2209 if (inp->inp_flags & INP_RECVOPTS) { 2210 *mp = sbcreatecontrol((caddr_t) opts_deleted_above, 2211 sizeof(struct in_addr), IP_RECVOPTS, IPPROTO_IP); 2212 if (*mp) 2213 mp = &(*mp)->m_next; 2214 } 2215 /* ip_srcroute doesn't do what we want here, need to fix */ 2216 if (inp->inp_flags & INP_RECVRETOPTS) { 2217 *mp = sbcreatecontrol((caddr_t) ip_srcroute(), 2218 sizeof(struct in_addr), IP_RECVRETOPTS, IPPROTO_IP); 2219 if (*mp) 2220 mp = &(*mp)->m_next; 2221 } 2222 #endif 2223 if (inp->inp_flags & INP_RECVIF) { 2224 struct ifnet *ifp; 2225 struct sdlbuf { 2226 struct sockaddr_dl sdl; 2227 u_char pad[32]; 2228 } sdlbuf; 2229 struct sockaddr_dl *sdp; 2230 struct sockaddr_dl *sdl2 = &sdlbuf.sdl; 2231 2232 if (((ifp = m->m_pkthdr.rcvif)) && 2233 ((ifp->if_index != 0) && (ifp->if_index <= if_index))) { 2234 sdp = IF_LLSOCKADDR(ifp); 2235 /* 2236 * Change our mind and don't try copy. 2237 */ 2238 if ((sdp->sdl_family != AF_LINK) || 2239 (sdp->sdl_len > sizeof(sdlbuf))) { 2240 goto makedummy; 2241 } 2242 bcopy(sdp, sdl2, sdp->sdl_len); 2243 } else { 2244 makedummy: 2245 sdl2->sdl_len = 2246 offsetof(struct sockaddr_dl, sdl_data[0]); 2247 sdl2->sdl_family = AF_LINK; 2248 sdl2->sdl_index = 0; 2249 sdl2->sdl_nlen = sdl2->sdl_alen = sdl2->sdl_slen = 0; 2250 } 2251 *mp = sbcreatecontrol((caddr_t) sdl2, sdl2->sdl_len, 2252 IP_RECVIF, IPPROTO_IP); 2253 if (*mp) 2254 mp = &(*mp)->m_next; 2255 } 2256 } 2257 2258 /* 2259 * XXX these routines are called from the upper part of the kernel. 2260 * 2261 * They could also be moved to ip_mroute.c, since all the RSVP 2262 * handling is done there already. 2263 */ 2264 int 2265 ip_rsvp_init(struct socket *so) 2266 { 2267 if (so->so_type != SOCK_RAW || 2268 so->so_proto->pr_protocol != IPPROTO_RSVP) 2269 return EOPNOTSUPP; 2270 2271 if (ip_rsvpd != NULL) 2272 return EADDRINUSE; 2273 2274 ip_rsvpd = so; 2275 /* 2276 * This may seem silly, but we need to be sure we don't over-increment 2277 * the RSVP counter, in case something slips up. 2278 */ 2279 if (!ip_rsvp_on) { 2280 ip_rsvp_on = 1; 2281 rsvp_on++; 2282 } 2283 2284 return 0; 2285 } 2286 2287 int 2288 ip_rsvp_done(void) 2289 { 2290 ip_rsvpd = NULL; 2291 /* 2292 * This may seem silly, but we need to be sure we don't over-decrement 2293 * the RSVP counter, in case something slips up. 2294 */ 2295 if (ip_rsvp_on) { 2296 ip_rsvp_on = 0; 2297 rsvp_on--; 2298 } 2299 return 0; 2300 } 2301 2302 void 2303 rsvp_input(struct mbuf *m, ...) /* XXX must fixup manually */ 2304 { 2305 int off, proto; 2306 __va_list ap; 2307 2308 __va_start(ap, m); 2309 off = __va_arg(ap, int); 2310 proto = __va_arg(ap, int); 2311 __va_end(ap); 2312 2313 if (rsvp_input_p) { /* call the real one if loaded */ 2314 rsvp_input_p(m, off, proto); 2315 return; 2316 } 2317 2318 /* Can still get packets with rsvp_on = 0 if there is a local member 2319 * of the group to which the RSVP packet is addressed. But in this 2320 * case we want to throw the packet away. 2321 */ 2322 2323 if (!rsvp_on) { 2324 m_freem(m); 2325 return; 2326 } 2327 2328 if (ip_rsvpd != NULL) { 2329 rip_input(m, off, proto); 2330 return; 2331 } 2332 /* Drop the packet */ 2333 m_freem(m); 2334 } 2335