1 /* 2 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved. 3 * Copyright (c) 2003, 2004 The DragonFly Project. All rights reserved. 4 * 5 * This code is derived from software contributed to The DragonFly Project 6 * by Jeffrey M. Hsu. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of The DragonFly Project nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific, prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 27 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 30 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 /* 35 * Copyright (c) 2003, 2004 Jeffrey M. Hsu. All rights reserved. 36 * 37 * License terms: all terms for the DragonFly license above plus the following: 38 * 39 * 4. All advertising materials mentioning features or use of this software 40 * must display the following acknowledgement: 41 * 42 * This product includes software developed by Jeffrey M. Hsu 43 * for the DragonFly Project. 44 * 45 * This requirement may be waived with permission from Jeffrey Hsu. 46 * This requirement will sunset and may be removed on July 8 2005, 47 * after which the standard DragonFly license (as shown above) will 48 * apply. 49 */ 50 51 /* 52 * Copyright (c) 1982, 1986, 1988, 1993 53 * The Regents of the University of California. All rights reserved. 54 * 55 * Redistribution and use in source and binary forms, with or without 56 * modification, are permitted provided that the following conditions 57 * are met: 58 * 1. Redistributions of source code must retain the above copyright 59 * notice, this list of conditions and the following disclaimer. 60 * 2. Redistributions in binary form must reproduce the above copyright 61 * notice, this list of conditions and the following disclaimer in the 62 * documentation and/or other materials provided with the distribution. 63 * 3. All advertising materials mentioning features or use of this software 64 * must display the following acknowledgement: 65 * This product includes software developed by the University of 66 * California, Berkeley and its contributors. 67 * 4. Neither the name of the University nor the names of its contributors 68 * may be used to endorse or promote products derived from this software 69 * without specific prior written permission. 70 * 71 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 72 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 73 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 74 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 75 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 76 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 77 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 78 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 79 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 80 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 81 * SUCH DAMAGE. 82 * 83 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 84 * $FreeBSD: src/sys/netinet/ip_input.c,v 1.130.2.52 2003/03/07 07:01:28 silby Exp $ 85 * $DragonFly: src/sys/netinet/ip_input.c,v 1.51 2005/04/18 23:43:04 hsu Exp $ 86 */ 87 88 #define _IP_VHL 89 90 #include "opt_bootp.h" 91 #include "opt_ipfw.h" 92 #include "opt_ipdn.h" 93 #include "opt_ipdivert.h" 94 #include "opt_ipfilter.h" 95 #include "opt_ipstealth.h" 96 #include "opt_ipsec.h" 97 #include "opt_random_ip_id.h" 98 99 #include <sys/param.h> 100 #include <sys/systm.h> 101 #include <sys/mbuf.h> 102 #include <sys/malloc.h> 103 #include <sys/mpipe.h> 104 #include <sys/domain.h> 105 #include <sys/protosw.h> 106 #include <sys/socket.h> 107 #include <sys/time.h> 108 #include <sys/globaldata.h> 109 #include <sys/thread.h> 110 #include <sys/kernel.h> 111 #include <sys/syslog.h> 112 #include <sys/sysctl.h> 113 #include <sys/in_cksum.h> 114 115 #include <sys/thread2.h> 116 #include <sys/msgport2.h> 117 118 #include <machine/stdarg.h> 119 120 #include <net/if.h> 121 #include <net/if_types.h> 122 #include <net/if_var.h> 123 #include <net/if_dl.h> 124 #include <net/pfil.h> 125 #include <net/route.h> 126 #include <net/netisr.h> 127 #include <net/intrq.h> 128 129 #include <netinet/in.h> 130 #include <netinet/in_systm.h> 131 #include <netinet/in_var.h> 132 #include <netinet/ip.h> 133 #include <netinet/in_pcb.h> 134 #include <netinet/ip_var.h> 135 #include <netinet/ip_icmp.h> 136 137 138 #include <sys/socketvar.h> 139 140 #include <net/ipfw/ip_fw.h> 141 #include <net/dummynet/ip_dummynet.h> 142 143 #ifdef IPSEC 144 #include <netinet6/ipsec.h> 145 #include <netproto/key/key.h> 146 #endif 147 148 #ifdef FAST_IPSEC 149 #include <netproto/ipsec/ipsec.h> 150 #include <netproto/ipsec/key.h> 151 #endif 152 153 int rsvp_on = 0; 154 static int ip_rsvp_on; 155 struct socket *ip_rsvpd; 156 157 int ipforwarding = 0; 158 SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, 159 &ipforwarding, 0, "Enable IP forwarding between interfaces"); 160 161 static int ipsendredirects = 1; /* XXX */ 162 SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, 163 &ipsendredirects, 0, "Enable sending IP redirects"); 164 165 int ip_defttl = IPDEFTTL; 166 SYSCTL_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, 167 &ip_defttl, 0, "Maximum TTL on IP packets"); 168 169 static int ip_dosourceroute = 0; 170 SYSCTL_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW, 171 &ip_dosourceroute, 0, "Enable forwarding source routed IP packets"); 172 173 static int ip_acceptsourceroute = 0; 174 SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute, 175 CTLFLAG_RW, &ip_acceptsourceroute, 0, 176 "Enable accepting source routed IP packets"); 177 178 static int ip_keepfaith = 0; 179 SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, 180 &ip_keepfaith, 0, 181 "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); 182 183 static int nipq = 0; /* total # of reass queues */ 184 static int maxnipq; 185 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragpackets, CTLFLAG_RW, 186 &maxnipq, 0, 187 "Maximum number of IPv4 fragment reassembly queue entries"); 188 189 static int maxfragsperpacket; 190 SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, 191 &maxfragsperpacket, 0, 192 "Maximum number of IPv4 fragments allowed per packet"); 193 194 static int ip_sendsourcequench = 0; 195 SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, 196 &ip_sendsourcequench, 0, 197 "Enable the transmission of source quench packets"); 198 199 /* 200 * XXX - Setting ip_checkinterface mostly implements the receive side of 201 * the Strong ES model described in RFC 1122, but since the routing table 202 * and transmit implementation do not implement the Strong ES model, 203 * setting this to 1 results in an odd hybrid. 204 * 205 * XXX - ip_checkinterface currently must be disabled if you use ipnat 206 * to translate the destination address to another local interface. 207 * 208 * XXX - ip_checkinterface must be disabled if you add IP aliases 209 * to the loopback interface instead of the interface where the 210 * packets for those addresses are received. 211 */ 212 static int ip_checkinterface = 0; 213 SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, 214 &ip_checkinterface, 0, "Verify packet arrives on correct interface"); 215 216 #ifdef DIAGNOSTIC 217 static int ipprintfs = 0; 218 #endif 219 220 static struct ifqueue ipintrq; 221 static int ipqmaxlen = IFQ_MAXLEN; 222 223 extern struct domain inetdomain; 224 extern struct protosw inetsw[]; 225 u_char ip_protox[IPPROTO_MAX]; 226 struct in_ifaddrhead in_ifaddrhead; /* first inet address */ 227 struct in_ifaddrhashhead *in_ifaddrhashtbl; /* inet addr hash table */ 228 u_long in_ifaddrhmask; /* mask for hash table */ 229 230 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQMAXLEN, intr_queue_maxlen, CTLFLAG_RW, 231 &ipintrq.ifq_maxlen, 0, "Maximum size of the IP input queue"); 232 SYSCTL_INT(_net_inet_ip, IPCTL_INTRQDROPS, intr_queue_drops, CTLFLAG_RD, 233 &ipintrq.ifq_drops, 0, "Number of packets dropped from the IP input queue"); 234 235 struct ip_stats ipstats_percpu[MAXCPU]; 236 #ifdef SMP 237 static int 238 sysctl_ipstats(SYSCTL_HANDLER_ARGS) 239 { 240 int cpu, error = 0; 241 242 for (cpu = 0; cpu < ncpus; ++cpu) { 243 if ((error = SYSCTL_OUT(req, &ipstats_percpu[cpu], 244 sizeof(struct ip_stats)))) 245 break; 246 if ((error = SYSCTL_IN(req, &ipstats_percpu[cpu], 247 sizeof(struct ip_stats)))) 248 break; 249 } 250 251 return (error); 252 } 253 SYSCTL_PROC(_net_inet_ip, IPCTL_STATS, stats, (CTLTYPE_OPAQUE | CTLFLAG_RW), 254 0, 0, sysctl_ipstats, "S,ip_stats", "IP statistics"); 255 #else 256 SYSCTL_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, 257 &ipstat, ip_stats, "IP statistics"); 258 #endif 259 260 /* Packet reassembly stuff */ 261 #define IPREASS_NHASH_LOG2 6 262 #define IPREASS_NHASH (1 << IPREASS_NHASH_LOG2) 263 #define IPREASS_HMASK (IPREASS_NHASH - 1) 264 #define IPREASS_HASH(x,y) \ 265 (((((x) & 0xF) | ((((x) >> 8) & 0xF) << 4)) ^ (y)) & IPREASS_HMASK) 266 267 static struct ipq ipq[IPREASS_NHASH]; 268 const int ipintrq_present = 1; 269 270 #ifdef IPCTL_DEFMTU 271 SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW, 272 &ip_mtu, 0, "Default MTU"); 273 #endif 274 275 #ifdef IPSTEALTH 276 static int ipstealth = 0; 277 SYSCTL_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, &ipstealth, 0, ""); 278 #else 279 static const int ipstealth = 0; 280 #endif 281 282 283 /* Firewall hooks */ 284 ip_fw_chk_t *ip_fw_chk_ptr; 285 int fw_enable = 1; 286 int fw_one_pass = 1; 287 288 /* Dummynet hooks */ 289 ip_dn_io_t *ip_dn_io_ptr; 290 291 struct pfil_head inet_pfil_hook; 292 293 /* 294 * XXX this is ugly -- the following two global variables are 295 * used to store packet state while it travels through the stack. 296 * Note that the code even makes assumptions on the size and 297 * alignment of fields inside struct ip_srcrt so e.g. adding some 298 * fields will break the code. This needs to be fixed. 299 * 300 * We need to save the IP options in case a protocol wants to respond 301 * to an incoming packet over the same route if the packet got here 302 * using IP source routing. This allows connection establishment and 303 * maintenance when the remote end is on a network that is not known 304 * to us. 305 */ 306 static int ip_nhops = 0; 307 308 static struct ip_srcrt { 309 struct in_addr dst; /* final destination */ 310 char nop; /* one NOP to align */ 311 char srcopt[IPOPT_OFFSET + 1]; /* OPTVAL, OLEN and OFFSET */ 312 struct in_addr route[MAX_IPOPTLEN/sizeof(struct in_addr)]; 313 } ip_srcrt; 314 315 static MALLOC_DEFINE(M_IPQ, "ipq", "IP Fragment Management"); 316 static struct malloc_pipe ipq_mpipe; 317 318 static void save_rte (u_char *, struct in_addr); 319 static int ip_dooptions (struct mbuf *m, int, 320 struct sockaddr_in *next_hop); 321 static void ip_forward (struct mbuf *m, boolean_t using_srcrt, 322 struct sockaddr_in *next_hop); 323 static void ip_freef (struct ipq *); 324 static int ip_input_handler (struct netmsg *); 325 static struct mbuf *ip_reass (struct mbuf *, struct ipq *, 326 struct ipq *, u_int32_t *); 327 328 /* 329 * IP initialization: fill in IP protocol switch table. 330 * All protocols not implemented in kernel go to raw IP protocol handler. 331 */ 332 void 333 ip_init(void) 334 { 335 struct protosw *pr; 336 int i; 337 #ifdef SMP 338 int cpu; 339 #endif 340 341 /* 342 * Make sure we can handle a reasonable number of fragments but 343 * cap it at 4000 (XXX). 344 */ 345 mpipe_init(&ipq_mpipe, M_IPQ, sizeof(struct ipq), 346 IFQ_MAXLEN, 4000, 0, NULL); 347 TAILQ_INIT(&in_ifaddrhead); 348 in_ifaddrhashtbl = hashinit(INADDR_NHASH, M_IFADDR, &in_ifaddrhmask); 349 pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); 350 if (pr == NULL) 351 panic("ip_init"); 352 for (i = 0; i < IPPROTO_MAX; i++) 353 ip_protox[i] = pr - inetsw; 354 for (pr = inetdomain.dom_protosw; 355 pr < inetdomain.dom_protoswNPROTOSW; pr++) 356 if (pr->pr_domain->dom_family == PF_INET && 357 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) 358 ip_protox[pr->pr_protocol] = pr - inetsw; 359 360 inet_pfil_hook.ph_type = PFIL_TYPE_AF; 361 inet_pfil_hook.ph_af = AF_INET; 362 if ((i = pfil_head_register(&inet_pfil_hook)) != 0) { 363 printf("%s: WARNING: unable to register pfil hook, " 364 "error %d\n", __func__, i); 365 } 366 367 for (i = 0; i < IPREASS_NHASH; i++) 368 ipq[i].next = ipq[i].prev = &ipq[i]; 369 370 maxnipq = nmbclusters / 32; 371 maxfragsperpacket = 16; 372 373 #ifndef RANDOM_IP_ID 374 ip_id = time_second & 0xffff; 375 #endif 376 ipintrq.ifq_maxlen = ipqmaxlen; 377 378 /* 379 * Initialize IP statistics counters for each CPU. 380 * 381 */ 382 #ifdef SMP 383 for (cpu = 0; cpu < ncpus; ++cpu) { 384 bzero(&ipstats_percpu[cpu], sizeof(struct ip_stats)); 385 } 386 #else 387 bzero(&ipstat, sizeof(struct ip_stats)); 388 #endif 389 390 netisr_register(NETISR_IP, ip_mport, ip_input_handler); 391 } 392 393 /* 394 * XXX watch out this one. It is perhaps used as a cache for 395 * the most recently used route ? it is cleared in in_addroute() 396 * when a new route is successfully created. 397 */ 398 struct route ipforward_rt; 399 400 /* Do transport protocol processing. */ 401 static void 402 transport_processing_oncpu(struct mbuf *m, int hlen, struct ip *ip, 403 struct sockaddr_in *nexthop) 404 { 405 /* 406 * Switch out to protocol's input routine. 407 */ 408 if (nexthop && ip->ip_p == IPPROTO_TCP) { 409 /* TCP needs IPFORWARD info if available */ 410 struct m_hdr tag; 411 412 tag.mh_type = MT_TAG; 413 tag.mh_flags = PACKET_TAG_IPFORWARD; 414 tag.mh_data = (caddr_t)nexthop; 415 tag.mh_next = m; 416 417 (*inetsw[ip_protox[ip->ip_p]].pr_input) 418 ((struct mbuf *)&tag, hlen, ip->ip_p); 419 } else { 420 (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen, ip->ip_p); 421 } 422 } 423 424 struct netmsg_transport_packet { 425 struct lwkt_msg nm_lmsg; 426 struct mbuf *nm_mbuf; 427 int nm_hlen; 428 boolean_t nm_hasnexthop; 429 struct sockaddr_in nm_nexthop; 430 }; 431 432 static int 433 transport_processing_handler(lwkt_msg_t lmsg) 434 { 435 struct netmsg_transport_packet *msg = (void *)lmsg; 436 struct sockaddr_in *nexthop; 437 struct ip *ip; 438 439 ip = mtod(msg->nm_mbuf, struct ip *); 440 nexthop = msg->nm_hasnexthop ? &msg->nm_nexthop : NULL; 441 transport_processing_oncpu(msg->nm_mbuf, msg->nm_hlen, ip, nexthop); 442 lwkt_replymsg(lmsg, 0); 443 return(EASYNC); 444 } 445 446 static int 447 ip_input_handler(struct netmsg *msg0) 448 { 449 struct mbuf *m = ((struct netmsg_packet *)msg0)->nm_packet; 450 451 ip_input(m); 452 lwkt_replymsg(&msg0->nm_lmsg, 0); 453 return(EASYNC); 454 } 455 456 /* 457 * IP input routine. Checksum and byte swap header. If fragmented 458 * try to reassemble. Process options. Pass to next level. 459 */ 460 void 461 ip_input(struct mbuf *m) 462 { 463 struct ip *ip; 464 struct ipq *fp; 465 struct in_ifaddr *ia = NULL; 466 struct ifaddr *ifa; 467 int i, hlen, checkif; 468 u_short sum; 469 struct in_addr pkt_dst; 470 u_int32_t divert_info = 0; /* packet divert/tee info */ 471 struct ip_fw_args args; 472 boolean_t using_srcrt = FALSE; /* forward (by PFIL_HOOKS) */ 473 boolean_t needredispatch = FALSE; 474 struct in_addr odst; /* original dst address(NAT) */ 475 #if defined(FAST_IPSEC) || defined(IPDIVERT) 476 struct m_tag *mtag; 477 #endif 478 #ifdef FAST_IPSEC 479 struct tdb_ident *tdbi; 480 struct secpolicy *sp; 481 int s, error; 482 #endif 483 484 args.eh = NULL; 485 args.oif = NULL; 486 args.rule = NULL; 487 args.next_hop = NULL; 488 489 /* Grab info from MT_TAG mbufs prepended to the chain. */ 490 while (m != NULL && m->m_type == MT_TAG) { 491 switch(m->_m_tag_id) { 492 case PACKET_TAG_DUMMYNET: 493 args.rule = ((struct dn_pkt *)m)->rule; 494 break; 495 case PACKET_TAG_IPFORWARD: 496 args.next_hop = (struct sockaddr_in *)m->m_hdr.mh_data; 497 break; 498 default: 499 printf("ip_input: unrecognised MT_TAG tag %d\n", 500 m->_m_tag_id); 501 break; 502 } 503 m = m->m_next; 504 } 505 KASSERT(m != NULL && (m->m_flags & M_PKTHDR), ("ip_input: no HDR")); 506 507 if (args.rule != NULL) { /* dummynet already filtered us */ 508 ip = mtod(m, struct ip *); 509 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 510 goto iphack; 511 } 512 513 ipstat.ips_total++; 514 515 /* length checks already done in ip_demux() */ 516 KASSERT(m->m_len >= sizeof(ip), ("IP header not in one mbuf")); 517 518 ip = mtod(m, struct ip *); 519 520 if (IP_VHL_V(ip->ip_vhl) != IPVERSION) { 521 ipstat.ips_badvers++; 522 goto bad; 523 } 524 525 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 526 /* length checks already done in ip_demux() */ 527 KASSERT(hlen >= sizeof(struct ip), ("IP header len too small")); 528 KASSERT(m->m_len >= hlen, ("packet shorter than IP header length")); 529 530 /* 127/8 must not appear on wire - RFC1122 */ 531 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || 532 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { 533 if (!(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK)) { 534 ipstat.ips_badaddr++; 535 goto bad; 536 } 537 } 538 539 if (m->m_pkthdr.csum_flags & CSUM_IP_CHECKED) { 540 sum = !(m->m_pkthdr.csum_flags & CSUM_IP_VALID); 541 } else { 542 if (hlen == sizeof(struct ip)) { 543 sum = in_cksum_hdr(ip); 544 } else { 545 sum = in_cksum(m, hlen); 546 } 547 } 548 if (sum != 0) { 549 ipstat.ips_badsum++; 550 goto bad; 551 } 552 553 #ifdef ALTQ 554 if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) { 555 /* packet is dropped by traffic conditioner */ 556 return; 557 } 558 #endif 559 /* 560 * Convert fields to host representation. 561 */ 562 ip->ip_len = ntohs(ip->ip_len); 563 if (ip->ip_len < hlen) { 564 ipstat.ips_badlen++; 565 goto bad; 566 } 567 ip->ip_off = ntohs(ip->ip_off); 568 569 /* 570 * Check that the amount of data in the buffers 571 * is as at least much as the IP header would have us expect. 572 * Trim mbufs if longer than we expect. 573 * Drop packet if shorter than we expect. 574 */ 575 if (m->m_pkthdr.len < ip->ip_len) { 576 ipstat.ips_tooshort++; 577 goto bad; 578 } 579 if (m->m_pkthdr.len > ip->ip_len) { 580 if (m->m_len == m->m_pkthdr.len) { 581 m->m_len = ip->ip_len; 582 m->m_pkthdr.len = ip->ip_len; 583 } else 584 m_adj(m, ip->ip_len - m->m_pkthdr.len); 585 } 586 #if defined(IPSEC) && !defined(IPSEC_FILTERGIF) 587 /* 588 * Bypass packet filtering for packets from a tunnel (gif). 589 */ 590 if (ipsec_gethist(m, NULL)) 591 goto pass; 592 #endif 593 594 /* 595 * IpHack's section. 596 * Right now when no processing on packet has done 597 * and it is still fresh out of network we do our black 598 * deals with it. 599 * - Firewall: deny/allow/divert 600 * - Xlate: translate packet's addr/port (NAT). 601 * - Pipe: pass pkt through dummynet. 602 * - Wrap: fake packet's addr/port <unimpl.> 603 * - Encapsulate: put it in another IP and send out. <unimp.> 604 */ 605 606 iphack: 607 608 /* 609 * Run through list of hooks for input packets. 610 * 611 * NB: Beware of the destination address changing (e.g. 612 * by NAT rewriting). When this happens, tell 613 * ip_forward to do the right thing. 614 */ 615 if (pfil_has_hooks(&inet_pfil_hook)) { 616 odst = ip->ip_dst; 617 if (pfil_run_hooks(&inet_pfil_hook, &m, 618 m->m_pkthdr.rcvif, PFIL_IN)) { 619 return; 620 } 621 if (m == NULL) /* consumed by filter */ 622 return; 623 ip = mtod(m, struct ip *); 624 using_srcrt = (odst.s_addr != ip->ip_dst.s_addr); 625 } 626 627 if (fw_enable && IPFW_LOADED) { 628 /* 629 * If we've been forwarded from the output side, then 630 * skip the firewall a second time 631 */ 632 if (args.next_hop != NULL) 633 goto ours; 634 635 args.m = m; 636 i = ip_fw_chk_ptr(&args); 637 m = args.m; 638 639 if ((i & IP_FW_PORT_DENY_FLAG) || m == NULL) { /* drop */ 640 if (m != NULL) 641 m_freem(m); 642 return; 643 } 644 ip = mtod(m, struct ip *); /* just in case m changed */ 645 if (i == 0 && args.next_hop == NULL) /* common case */ 646 goto pass; 647 if (DUMMYNET_LOADED && (i & IP_FW_PORT_DYNT_FLAG)) { 648 /* Send packet to the appropriate pipe */ 649 ip_dn_io_ptr(m, i&0xffff, DN_TO_IP_IN, &args); 650 return; 651 } 652 #ifdef IPDIVERT 653 if (i != 0 && !(i & IP_FW_PORT_DYNT_FLAG)) { 654 /* Divert or tee packet */ 655 divert_info = i; 656 goto ours; 657 } 658 #endif 659 if (i == 0 && args.next_hop != NULL) 660 goto pass; 661 /* 662 * if we get here, the packet must be dropped 663 */ 664 m_freem(m); 665 return; 666 } 667 pass: 668 669 /* 670 * Process options and, if not destined for us, 671 * ship it on. ip_dooptions returns 1 when an 672 * error was detected (causing an icmp message 673 * to be sent and the original packet to be freed). 674 */ 675 ip_nhops = 0; /* for source routed packets */ 676 if (hlen > sizeof(struct ip) && ip_dooptions(m, 0, args.next_hop)) 677 return; 678 679 /* greedy RSVP, snatches any PATH packet of the RSVP protocol and no 680 * matter if it is destined to another node, or whether it is 681 * a multicast one, RSVP wants it! and prevents it from being forwarded 682 * anywhere else. Also checks if the rsvp daemon is running before 683 * grabbing the packet. 684 */ 685 if (rsvp_on && ip->ip_p == IPPROTO_RSVP) 686 goto ours; 687 688 /* 689 * Check our list of addresses, to see if the packet is for us. 690 * If we don't have any addresses, assume any unicast packet 691 * we receive might be for us (and let the upper layers deal 692 * with it). 693 */ 694 if (TAILQ_EMPTY(&in_ifaddrhead) && !(m->m_flags & (M_MCAST | M_BCAST))) 695 goto ours; 696 697 /* 698 * Cache the destination address of the packet; this may be 699 * changed by use of 'ipfw fwd'. 700 */ 701 pkt_dst = args.next_hop ? args.next_hop->sin_addr : ip->ip_dst; 702 703 /* 704 * Enable a consistency check between the destination address 705 * and the arrival interface for a unicast packet (the RFC 1122 706 * strong ES model) if IP forwarding is disabled and the packet 707 * is not locally generated and the packet is not subject to 708 * 'ipfw fwd'. 709 * 710 * XXX - Checking also should be disabled if the destination 711 * address is ipnat'ed to a different interface. 712 * 713 * XXX - Checking is incompatible with IP aliases added 714 * to the loopback interface instead of the interface where 715 * the packets are received. 716 */ 717 checkif = ip_checkinterface && 718 !ipforwarding && 719 m->m_pkthdr.rcvif != NULL && 720 !(m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) && 721 (args.next_hop == NULL); 722 723 /* 724 * Check for exact addresses in the hash bucket. 725 */ 726 LIST_FOREACH(ia, INADDR_HASH(pkt_dst.s_addr), ia_hash) { 727 /* 728 * If the address matches, verify that the packet 729 * arrived via the correct interface if checking is 730 * enabled. 731 */ 732 if (IA_SIN(ia)->sin_addr.s_addr == pkt_dst.s_addr && 733 (!checkif || ia->ia_ifp == m->m_pkthdr.rcvif)) 734 goto ours; 735 } 736 /* 737 * Check for broadcast addresses. 738 * 739 * Only accept broadcast packets that arrive via the matching 740 * interface. Reception of forwarded directed broadcasts would 741 * be handled via ip_forward() and ether_output() with the loopback 742 * into the stack for SIMPLEX interfaces handled by ether_output(). 743 */ 744 if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { 745 TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) { 746 if (ifa->ifa_addr == NULL) /* shutdown/startup race */ 747 continue; 748 if (ifa->ifa_addr->sa_family != AF_INET) 749 continue; 750 ia = ifatoia(ifa); 751 if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr == 752 pkt_dst.s_addr) 753 goto ours; 754 if (ia->ia_netbroadcast.s_addr == pkt_dst.s_addr) 755 goto ours; 756 #ifdef BOOTP_COMPAT 757 if (IA_SIN(ia)->sin_addr.s_addr == INADDR_ANY) 758 goto ours; 759 #endif 760 } 761 } 762 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { 763 struct in_multi *inm; 764 765 if (ip_mrouter != NULL) { 766 /* 767 * If we are acting as a multicast router, all 768 * incoming multicast packets are passed to the 769 * kernel-level multicast forwarding function. 770 * The packet is returned (relatively) intact; if 771 * ip_mforward() returns a non-zero value, the packet 772 * must be discarded, else it may be accepted below. 773 */ 774 if (ip_mforward != NULL && 775 ip_mforward(ip, m->m_pkthdr.rcvif, m, NULL) != 0) { 776 ipstat.ips_cantforward++; 777 m_freem(m); 778 return; 779 } 780 781 /* 782 * The process-level routing daemon needs to receive 783 * all multicast IGMP packets, whether or not this 784 * host belongs to their destination groups. 785 */ 786 if (ip->ip_p == IPPROTO_IGMP) 787 goto ours; 788 ipstat.ips_forward++; 789 } 790 /* 791 * See if we belong to the destination multicast group on the 792 * arrival interface. 793 */ 794 IN_LOOKUP_MULTI(ip->ip_dst, m->m_pkthdr.rcvif, inm); 795 if (inm == NULL) { 796 ipstat.ips_notmember++; 797 m_freem(m); 798 return; 799 } 800 goto ours; 801 } 802 if (ip->ip_dst.s_addr == INADDR_BROADCAST) 803 goto ours; 804 if (ip->ip_dst.s_addr == INADDR_ANY) 805 goto ours; 806 807 /* 808 * FAITH(Firewall Aided Internet Translator) 809 */ 810 if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 811 if (ip_keepfaith) { 812 if (ip->ip_p == IPPROTO_TCP || ip->ip_p == IPPROTO_ICMP) 813 goto ours; 814 } 815 m_freem(m); 816 return; 817 } 818 819 /* 820 * Not for us; forward if possible and desirable. 821 */ 822 if (!ipforwarding) { 823 ipstat.ips_cantforward++; 824 m_freem(m); 825 } else { 826 #ifdef IPSEC 827 /* 828 * Enforce inbound IPsec SPD. 829 */ 830 if (ipsec4_in_reject(m, NULL)) { 831 ipsecstat.in_polvio++; 832 goto bad; 833 } 834 #endif 835 #ifdef FAST_IPSEC 836 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 837 s = splnet(); 838 if (mtag != NULL) { 839 tdbi = (struct tdb_ident *)(mtag + 1); 840 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 841 } else { 842 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 843 IP_FORWARDING, &error); 844 } 845 if (sp == NULL) { /* NB: can happen if error */ 846 splx(s); 847 /*XXX error stat???*/ 848 DPRINTF(("ip_input: no SP for forwarding\n")); /*XXX*/ 849 goto bad; 850 } 851 852 /* 853 * Check security policy against packet attributes. 854 */ 855 error = ipsec_in_reject(sp, m); 856 KEY_FREESP(&sp); 857 splx(s); 858 if (error) { 859 ipstat.ips_cantforward++; 860 goto bad; 861 } 862 #endif 863 ip_forward(m, using_srcrt, args.next_hop); 864 } 865 return; 866 867 ours: 868 869 /* 870 * IPSTEALTH: Process non-routing options only 871 * if the packet is destined for us. 872 */ 873 if (ipstealth && 874 hlen > sizeof(struct ip) && 875 ip_dooptions(m, 1, args.next_hop)) 876 return; 877 878 /* Count the packet in the ip address stats */ 879 if (ia != NULL) { 880 ia->ia_ifa.if_ipackets++; 881 ia->ia_ifa.if_ibytes += m->m_pkthdr.len; 882 } 883 884 /* 885 * If offset or IP_MF are set, must reassemble. 886 * Otherwise, nothing need be done. 887 * (We could look in the reassembly queue to see 888 * if the packet was previously fragmented, 889 * but it's not worth the time; just let them time out.) 890 */ 891 if (ip->ip_off & (IP_MF | IP_OFFMASK)) { 892 893 /* If maxnipq is 0, never accept fragments. */ 894 if (maxnipq == 0) { 895 ipstat.ips_fragments++; 896 ipstat.ips_fragdropped++; 897 goto bad; 898 } 899 900 sum = IPREASS_HASH(ip->ip_src.s_addr, ip->ip_id); 901 /* 902 * Look for queue of fragments 903 * of this datagram. 904 */ 905 for (fp = ipq[sum].next; fp != &ipq[sum]; fp = fp->next) 906 if (ip->ip_id == fp->ipq_id && 907 ip->ip_src.s_addr == fp->ipq_src.s_addr && 908 ip->ip_dst.s_addr == fp->ipq_dst.s_addr && 909 ip->ip_p == fp->ipq_p) 910 goto found; 911 912 fp = NULL; 913 914 /* 915 * Enforce upper bound on number of fragmented packets 916 * for which we attempt reassembly; 917 * If maxnipq is -1, accept all fragments without limitation. 918 */ 919 if ((nipq > maxnipq) && (maxnipq > 0)) { 920 /* 921 * drop something from the tail of the current queue 922 * before proceeding further 923 */ 924 if (ipq[sum].prev == &ipq[sum]) { /* gak */ 925 for (i = 0; i < IPREASS_NHASH; i++) { 926 if (ipq[i].prev != &ipq[i]) { 927 ipstat.ips_fragtimeout += 928 ipq[i].prev->ipq_nfrags; 929 ip_freef(ipq[i].prev); 930 break; 931 } 932 } 933 } else { 934 ipstat.ips_fragtimeout += 935 ipq[sum].prev->ipq_nfrags; 936 ip_freef(ipq[sum].prev); 937 } 938 } 939 found: 940 /* 941 * Adjust ip_len to not reflect header, 942 * convert offset of this to bytes. 943 */ 944 ip->ip_len -= hlen; 945 if (ip->ip_off & IP_MF) { 946 /* 947 * Make sure that fragments have a data length 948 * that's a non-zero multiple of 8 bytes. 949 */ 950 if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) { 951 ipstat.ips_toosmall++; /* XXX */ 952 goto bad; 953 } 954 m->m_flags |= M_FRAG; 955 } else 956 m->m_flags &= ~M_FRAG; 957 ip->ip_off <<= 3; 958 959 /* 960 * Attempt reassembly; if it succeeds, proceed. 961 * ip_reass() will return a different mbuf, and update 962 * the divert info in divert_info. 963 */ 964 ipstat.ips_fragments++; 965 m->m_pkthdr.header = ip; 966 m = ip_reass(m, fp, &ipq[sum], &divert_info); 967 if (m == NULL) 968 return; 969 ipstat.ips_reassembled++; 970 needredispatch = TRUE; 971 ip = mtod(m, struct ip *); 972 /* Get the header length of the reassembled packet */ 973 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 974 #ifdef IPDIVERT 975 /* Restore original checksum before diverting packet */ 976 if (divert_info != 0) { 977 ip->ip_len += hlen; 978 ip->ip_len = htons(ip->ip_len); 979 ip->ip_off = htons(ip->ip_off); 980 ip->ip_sum = 0; 981 if (hlen == sizeof(struct ip)) 982 ip->ip_sum = in_cksum_hdr(ip); 983 else 984 ip->ip_sum = in_cksum(m, hlen); 985 ip->ip_off = ntohs(ip->ip_off); 986 ip->ip_len = ntohs(ip->ip_len); 987 ip->ip_len -= hlen; 988 } 989 #endif 990 } else { 991 ip->ip_len -= hlen; 992 } 993 994 #ifdef IPDIVERT 995 /* 996 * Divert or tee packet to the divert protocol if required. 997 */ 998 if (divert_info != 0) { 999 struct mbuf *clone = NULL; 1000 1001 /* Clone packet if we're doing a 'tee' */ 1002 if ((divert_info & IP_FW_PORT_TEE_FLAG) != 0) 1003 clone = m_dup(m, MB_DONTWAIT); 1004 1005 /* Restore packet header fields to original values */ 1006 ip->ip_len += hlen; 1007 ip->ip_len = htons(ip->ip_len); 1008 ip->ip_off = htons(ip->ip_off); 1009 1010 /* Deliver packet to divert input routine */ 1011 divert_packet(m, 1, divert_info & 0xffff); 1012 ipstat.ips_delivered++; 1013 1014 /* If 'tee', continue with original packet */ 1015 if (clone == NULL) 1016 return; 1017 m = clone; 1018 ip = mtod(m, struct ip *); 1019 ip->ip_len += hlen; 1020 /* 1021 * Jump backwards to complete processing of the 1022 * packet. But first clear divert_info to avoid 1023 * entering this block again. 1024 * We do not need to clear args.divert_rule 1025 * or args.next_hop as they will not be used. 1026 * 1027 * XXX Better safe than sorry, remove the DIVERT tag. 1028 */ 1029 mtag = m_tag_find(m, PACKET_TAG_IPFW_DIVERT, NULL); 1030 if (mtag != NULL) 1031 m_tag_delete(m, mtag); 1032 1033 divert_info = 0; 1034 goto pass; 1035 } 1036 #endif 1037 1038 #ifdef IPSEC 1039 /* 1040 * enforce IPsec policy checking if we are seeing last header. 1041 * note that we do not visit this with protocols with pcb layer 1042 * code - like udp/tcp/raw ip. 1043 */ 1044 if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) && 1045 ipsec4_in_reject(m, NULL)) { 1046 ipsecstat.in_polvio++; 1047 goto bad; 1048 } 1049 #endif 1050 #if FAST_IPSEC 1051 /* 1052 * enforce IPsec policy checking if we are seeing last header. 1053 * note that we do not visit this with protocols with pcb layer 1054 * code - like udp/tcp/raw ip. 1055 */ 1056 if (inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) { 1057 /* 1058 * Check if the packet has already had IPsec processing 1059 * done. If so, then just pass it along. This tag gets 1060 * set during AH, ESP, etc. input handling, before the 1061 * packet is returned to the ip input queue for delivery. 1062 */ 1063 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); 1064 s = splnet(); 1065 if (mtag != NULL) { 1066 tdbi = (struct tdb_ident *)(mtag + 1); 1067 sp = ipsec_getpolicy(tdbi, IPSEC_DIR_INBOUND); 1068 } else { 1069 sp = ipsec_getpolicybyaddr(m, IPSEC_DIR_INBOUND, 1070 IP_FORWARDING, &error); 1071 } 1072 if (sp != NULL) { 1073 /* 1074 * Check security policy against packet attributes. 1075 */ 1076 error = ipsec_in_reject(sp, m); 1077 KEY_FREESP(&sp); 1078 } else { 1079 /* XXX error stat??? */ 1080 error = EINVAL; 1081 DPRINTF(("ip_input: no SP, packet discarded\n"));/*XXX*/ 1082 goto bad; 1083 } 1084 splx(s); 1085 if (error) 1086 goto bad; 1087 } 1088 #endif /* FAST_IPSEC */ 1089 1090 ipstat.ips_delivered++; 1091 if (needredispatch) { 1092 struct netmsg_transport_packet *msg; 1093 lwkt_port_t port; 1094 1095 msg = malloc(sizeof(struct netmsg_transport_packet), 1096 M_LWKTMSG, M_INTWAIT | M_NULLOK); 1097 if (msg == NULL) 1098 goto bad; 1099 1100 lwkt_initmsg(&msg->nm_lmsg, &netisr_afree_rport, 0, 1101 lwkt_cmd_func(transport_processing_handler), 1102 lwkt_cmd_op_none); 1103 msg->nm_hlen = hlen; 1104 msg->nm_hasnexthop = (args.next_hop != NULL); 1105 if (msg->nm_hasnexthop) 1106 msg->nm_nexthop = *args.next_hop; /* structure copy */ 1107 1108 ip->ip_off = htons(ip->ip_off); 1109 ip->ip_len = htons(ip->ip_len); 1110 port = ip_mport(&m); 1111 if (port) { 1112 msg->nm_mbuf = m; 1113 ip = mtod(m, struct ip *); 1114 ip->ip_len = ntohs(ip->ip_len); 1115 ip->ip_off = ntohs(ip->ip_off); 1116 lwkt_sendmsg(port, &msg->nm_lmsg); 1117 } 1118 } else { 1119 transport_processing_oncpu(m, hlen, ip, args.next_hop); 1120 } 1121 return; 1122 1123 bad: 1124 m_freem(m); 1125 } 1126 1127 /* 1128 * Take incoming datagram fragment and try to reassemble it into 1129 * whole datagram. If a chain for reassembly of this datagram already 1130 * exists, then it is given as fp; otherwise have to make a chain. 1131 * 1132 * When IPDIVERT enabled, keep additional state with each packet that 1133 * tells us if we need to divert or tee the packet we're building. 1134 * In particular, *divinfo includes the port and TEE flag. 1135 */ 1136 1137 static struct mbuf * 1138 ip_reass(struct mbuf *m, struct ipq *fp, struct ipq *where, 1139 u_int32_t *divinfo) 1140 { 1141 struct ip *ip = mtod(m, struct ip *); 1142 struct mbuf *p = NULL, *q, *nq; 1143 struct mbuf *n; 1144 int hlen = IP_VHL_HL(ip->ip_vhl) << 2; 1145 int i, next; 1146 #ifdef IPDIVERT 1147 struct m_tag *mtag; 1148 #endif 1149 1150 /* 1151 * Presence of header sizes in mbufs 1152 * would confuse code below. 1153 */ 1154 m->m_data += hlen; 1155 m->m_len -= hlen; 1156 1157 /* 1158 * If first fragment to arrive, create a reassembly queue. 1159 */ 1160 if (fp == NULL) { 1161 if ((fp = mpipe_alloc_nowait(&ipq_mpipe)) == NULL) 1162 goto dropfrag; 1163 insque(fp, where); 1164 nipq++; 1165 fp->ipq_nfrags = 1; 1166 fp->ipq_ttl = IPFRAGTTL; 1167 fp->ipq_p = ip->ip_p; 1168 fp->ipq_id = ip->ip_id; 1169 fp->ipq_src = ip->ip_src; 1170 fp->ipq_dst = ip->ip_dst; 1171 fp->ipq_frags = m; 1172 m->m_nextpkt = NULL; 1173 #ifdef IPDIVERT 1174 fp->ipq_div_info = 0; 1175 #endif 1176 goto inserted; 1177 } else { 1178 fp->ipq_nfrags++; 1179 } 1180 1181 #define GETIP(m) ((struct ip*)((m)->m_pkthdr.header)) 1182 1183 /* 1184 * Find a segment which begins after this one does. 1185 */ 1186 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) 1187 if (GETIP(q)->ip_off > ip->ip_off) 1188 break; 1189 1190 /* 1191 * If there is a preceding segment, it may provide some of 1192 * our data already. If so, drop the data from the incoming 1193 * segment. If it provides all of our data, drop us, otherwise 1194 * stick new segment in the proper place. 1195 * 1196 * If some of the data is dropped from the the preceding 1197 * segment, then it's checksum is invalidated. 1198 */ 1199 if (p) { 1200 i = GETIP(p)->ip_off + GETIP(p)->ip_len - ip->ip_off; 1201 if (i > 0) { 1202 if (i >= ip->ip_len) 1203 goto dropfrag; 1204 m_adj(m, i); 1205 m->m_pkthdr.csum_flags = 0; 1206 ip->ip_off += i; 1207 ip->ip_len -= i; 1208 } 1209 m->m_nextpkt = p->m_nextpkt; 1210 p->m_nextpkt = m; 1211 } else { 1212 m->m_nextpkt = fp->ipq_frags; 1213 fp->ipq_frags = m; 1214 } 1215 1216 /* 1217 * While we overlap succeeding segments trim them or, 1218 * if they are completely covered, dequeue them. 1219 */ 1220 for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off; 1221 q = nq) { 1222 i = (ip->ip_off + ip->ip_len) - GETIP(q)->ip_off; 1223 if (i < GETIP(q)->ip_len) { 1224 GETIP(q)->ip_len -= i; 1225 GETIP(q)->ip_off += i; 1226 m_adj(q, i); 1227 q->m_pkthdr.csum_flags = 0; 1228 break; 1229 } 1230 nq = q->m_nextpkt; 1231 m->m_nextpkt = nq; 1232 ipstat.ips_fragdropped++; 1233 fp->ipq_nfrags--; 1234 m_freem(q); 1235 } 1236 1237 inserted: 1238 1239 #ifdef IPDIVERT 1240 /* 1241 * Transfer firewall instructions to the fragment structure. 1242 * Only trust info in the fragment at offset 0. 1243 */ 1244 if (ip->ip_off == 0) { 1245 fp->ipq_div_info = *divinfo; 1246 } else { 1247 mtag = m_tag_find(m, PACKET_TAG_IPFW_DIVERT, NULL); 1248 if (mtag != NULL) 1249 m_tag_delete(m, mtag); 1250 } 1251 *divinfo = 0; 1252 #endif 1253 1254 /* 1255 * Check for complete reassembly and perform frag per packet 1256 * limiting. 1257 * 1258 * Frag limiting is performed here so that the nth frag has 1259 * a chance to complete the packet before we drop the packet. 1260 * As a result, n+1 frags are actually allowed per packet, but 1261 * only n will ever be stored. (n = maxfragsperpacket.) 1262 * 1263 */ 1264 next = 0; 1265 for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) { 1266 if (GETIP(q)->ip_off != next) { 1267 if (fp->ipq_nfrags > maxfragsperpacket) { 1268 ipstat.ips_fragdropped += fp->ipq_nfrags; 1269 ip_freef(fp); 1270 } 1271 return (NULL); 1272 } 1273 next += GETIP(q)->ip_len; 1274 } 1275 /* Make sure the last packet didn't have the IP_MF flag */ 1276 if (p->m_flags & M_FRAG) { 1277 if (fp->ipq_nfrags > maxfragsperpacket) { 1278 ipstat.ips_fragdropped += fp->ipq_nfrags; 1279 ip_freef(fp); 1280 } 1281 return (NULL); 1282 } 1283 1284 /* 1285 * Reassembly is complete. Make sure the packet is a sane size. 1286 */ 1287 q = fp->ipq_frags; 1288 ip = GETIP(q); 1289 if (next + (IP_VHL_HL(ip->ip_vhl) << 2) > IP_MAXPACKET) { 1290 ipstat.ips_toolong++; 1291 ipstat.ips_fragdropped += fp->ipq_nfrags; 1292 ip_freef(fp); 1293 return (NULL); 1294 } 1295 1296 /* 1297 * Concatenate fragments. 1298 */ 1299 m = q; 1300 n = m->m_next; 1301 m->m_next = NULL; 1302 m_cat(m, n); 1303 nq = q->m_nextpkt; 1304 q->m_nextpkt = NULL; 1305 for (q = nq; q != NULL; q = nq) { 1306 nq = q->m_nextpkt; 1307 q->m_nextpkt = NULL; 1308 m->m_pkthdr.csum_flags &= q->m_pkthdr.csum_flags; 1309 m->m_pkthdr.csum_data += q->m_pkthdr.csum_data; 1310 m_cat(m, q); 1311 } 1312 1313 #ifdef IPDIVERT 1314 /* 1315 * Extract firewall instructions from the fragment structure. 1316 */ 1317 *divinfo = fp->ipq_div_info; 1318 #endif 1319 1320 /* 1321 * Create header for new ip packet by 1322 * modifying header of first packet; 1323 * dequeue and discard fragment reassembly header. 1324 * Make header visible. 1325 */ 1326 ip->ip_len = next; 1327 ip->ip_src = fp->ipq_src; 1328 ip->ip_dst = fp->ipq_dst; 1329 remque(fp); 1330 nipq--; 1331 mpipe_free(&ipq_mpipe, fp); 1332 m->m_len += (IP_VHL_HL(ip->ip_vhl) << 2); 1333 m->m_data -= (IP_VHL_HL(ip->ip_vhl) << 2); 1334 /* some debugging cruft by sklower, below, will go away soon */ 1335 if (m->m_flags & M_PKTHDR) { /* XXX this should be done elsewhere */ 1336 int plen = 0; 1337 1338 for (n = m; n; n = n->m_next) 1339 plen += n->m_len; 1340 m->m_pkthdr.len = plen; 1341 } 1342 return (m); 1343 1344 dropfrag: 1345 #ifdef IPDIVERT 1346 *divinfo = 0; 1347 #endif 1348 ipstat.ips_fragdropped++; 1349 if (fp != NULL) 1350 fp->ipq_nfrags--; 1351 m_freem(m); 1352 return (NULL); 1353 1354 #undef GETIP 1355 } 1356 1357 /* 1358 * Free a fragment reassembly header and all 1359 * associated datagrams. 1360 */ 1361 static void 1362 ip_freef(struct ipq *fp) 1363 { 1364 struct mbuf *q; 1365 1366 while (fp->ipq_frags) { 1367 q = fp->ipq_frags; 1368 fp->ipq_frags = q->m_nextpkt; 1369 m_freem(q); 1370 } 1371 remque(fp); 1372 mpipe_free(&ipq_mpipe, fp); 1373 nipq--; 1374 } 1375 1376 /* 1377 * IP timer processing; 1378 * if a timer expires on a reassembly 1379 * queue, discard it. 1380 */ 1381 void 1382 ip_slowtimo(void) 1383 { 1384 struct ipq *fp; 1385 int s = splnet(); 1386 int i; 1387 1388 for (i = 0; i < IPREASS_NHASH; i++) { 1389 fp = ipq[i].next; 1390 if (fp == NULL) 1391 continue; 1392 while (fp != &ipq[i]) { 1393 --fp->ipq_ttl; 1394 fp = fp->next; 1395 if (fp->prev->ipq_ttl == 0) { 1396 ipstat.ips_fragtimeout += fp->prev->ipq_nfrags; 1397 ip_freef(fp->prev); 1398 } 1399 } 1400 } 1401 /* 1402 * If we are over the maximum number of fragments 1403 * (due to the limit being lowered), drain off 1404 * enough to get down to the new limit. 1405 */ 1406 if (maxnipq >= 0 && nipq > maxnipq) { 1407 for (i = 0; i < IPREASS_NHASH; i++) { 1408 while (nipq > maxnipq && 1409 (ipq[i].next != &ipq[i])) { 1410 ipstat.ips_fragdropped += 1411 ipq[i].next->ipq_nfrags; 1412 ip_freef(ipq[i].next); 1413 } 1414 } 1415 } 1416 ipflow_slowtimo(); 1417 splx(s); 1418 } 1419 1420 /* 1421 * Drain off all datagram fragments. 1422 */ 1423 void 1424 ip_drain(void) 1425 { 1426 int i; 1427 1428 for (i = 0; i < IPREASS_NHASH; i++) { 1429 while (ipq[i].next != &ipq[i]) { 1430 ipstat.ips_fragdropped += ipq[i].next->ipq_nfrags; 1431 ip_freef(ipq[i].next); 1432 } 1433 } 1434 in_rtqdrain(); 1435 } 1436 1437 /* 1438 * Do option processing on a datagram, 1439 * possibly discarding it if bad options are encountered, 1440 * or forwarding it if source-routed. 1441 * The pass argument is used when operating in the IPSTEALTH 1442 * mode to tell what options to process: 1443 * [LS]SRR (pass 0) or the others (pass 1). 1444 * The reason for as many as two passes is that when doing IPSTEALTH, 1445 * non-routing options should be processed only if the packet is for us. 1446 * Returns 1 if packet has been forwarded/freed, 1447 * 0 if the packet should be processed further. 1448 */ 1449 static int 1450 ip_dooptions(struct mbuf *m, int pass, struct sockaddr_in *next_hop) 1451 { 1452 struct sockaddr_in ipaddr = { sizeof ipaddr, AF_INET }; 1453 struct ip *ip = mtod(m, struct ip *); 1454 u_char *cp; 1455 struct in_ifaddr *ia; 1456 int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB; 1457 boolean_t forward = FALSE; 1458 struct in_addr *sin, dst; 1459 n_time ntime; 1460 1461 dst = ip->ip_dst; 1462 cp = (u_char *)(ip + 1); 1463 cnt = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof(struct ip); 1464 for (; cnt > 0; cnt -= optlen, cp += optlen) { 1465 opt = cp[IPOPT_OPTVAL]; 1466 if (opt == IPOPT_EOL) 1467 break; 1468 if (opt == IPOPT_NOP) 1469 optlen = 1; 1470 else { 1471 if (cnt < IPOPT_OLEN + sizeof(*cp)) { 1472 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1473 goto bad; 1474 } 1475 optlen = cp[IPOPT_OLEN]; 1476 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { 1477 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1478 goto bad; 1479 } 1480 } 1481 switch (opt) { 1482 1483 default: 1484 break; 1485 1486 /* 1487 * Source routing with record. 1488 * Find interface with current destination address. 1489 * If none on this machine then drop if strictly routed, 1490 * or do nothing if loosely routed. 1491 * Record interface address and bring up next address 1492 * component. If strictly routed make sure next 1493 * address is on directly accessible net. 1494 */ 1495 case IPOPT_LSRR: 1496 case IPOPT_SSRR: 1497 if (ipstealth && pass > 0) 1498 break; 1499 if (optlen < IPOPT_OFFSET + sizeof(*cp)) { 1500 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1501 goto bad; 1502 } 1503 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { 1504 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1505 goto bad; 1506 } 1507 ipaddr.sin_addr = ip->ip_dst; 1508 ia = (struct in_ifaddr *) 1509 ifa_ifwithaddr((struct sockaddr *)&ipaddr); 1510 if (ia == NULL) { 1511 if (opt == IPOPT_SSRR) { 1512 type = ICMP_UNREACH; 1513 code = ICMP_UNREACH_SRCFAIL; 1514 goto bad; 1515 } 1516 if (!ip_dosourceroute) 1517 goto nosourcerouting; 1518 /* 1519 * Loose routing, and not at next destination 1520 * yet; nothing to do except forward. 1521 */ 1522 break; 1523 } 1524 off--; /* 0 origin */ 1525 if (off > optlen - (int)sizeof(struct in_addr)) { 1526 /* 1527 * End of source route. Should be for us. 1528 */ 1529 if (!ip_acceptsourceroute) 1530 goto nosourcerouting; 1531 save_rte(cp, ip->ip_src); 1532 break; 1533 } 1534 if (ipstealth) 1535 goto dropit; 1536 if (!ip_dosourceroute) { 1537 if (ipforwarding) { 1538 char buf[sizeof "aaa.bbb.ccc.ddd"]; 1539 1540 /* 1541 * Acting as a router, so generate ICMP 1542 */ 1543 nosourcerouting: 1544 strcpy(buf, inet_ntoa(ip->ip_dst)); 1545 log(LOG_WARNING, 1546 "attempted source route from %s to %s\n", 1547 inet_ntoa(ip->ip_src), buf); 1548 type = ICMP_UNREACH; 1549 code = ICMP_UNREACH_SRCFAIL; 1550 goto bad; 1551 } else { 1552 /* 1553 * Not acting as a router, 1554 * so silently drop. 1555 */ 1556 dropit: 1557 ipstat.ips_cantforward++; 1558 m_freem(m); 1559 return (1); 1560 } 1561 } 1562 1563 /* 1564 * locate outgoing interface 1565 */ 1566 memcpy(&ipaddr.sin_addr, cp + off, 1567 sizeof ipaddr.sin_addr); 1568 1569 if (opt == IPOPT_SSRR) { 1570 #define INA struct in_ifaddr * 1571 #define SA struct sockaddr * 1572 if ((ia = (INA)ifa_ifwithdstaddr((SA)&ipaddr)) 1573 == NULL) 1574 ia = (INA)ifa_ifwithnet((SA)&ipaddr); 1575 } else 1576 ia = ip_rtaddr(ipaddr.sin_addr, &ipforward_rt); 1577 if (ia == NULL) { 1578 type = ICMP_UNREACH; 1579 code = ICMP_UNREACH_SRCFAIL; 1580 goto bad; 1581 } 1582 ip->ip_dst = ipaddr.sin_addr; 1583 memcpy(cp + off, &IA_SIN(ia)->sin_addr, 1584 sizeof(struct in_addr)); 1585 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1586 /* 1587 * Let ip_intr's mcast routing check handle mcast pkts 1588 */ 1589 forward = !IN_MULTICAST(ntohl(ip->ip_dst.s_addr)); 1590 break; 1591 1592 case IPOPT_RR: 1593 if (ipstealth && pass == 0) 1594 break; 1595 if (optlen < IPOPT_OFFSET + sizeof(*cp)) { 1596 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1597 goto bad; 1598 } 1599 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { 1600 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1601 goto bad; 1602 } 1603 /* 1604 * If no space remains, ignore. 1605 */ 1606 off--; /* 0 origin */ 1607 if (off > optlen - (int)sizeof(struct in_addr)) 1608 break; 1609 memcpy(&ipaddr.sin_addr, &ip->ip_dst, 1610 sizeof ipaddr.sin_addr); 1611 /* 1612 * locate outgoing interface; if we're the destination, 1613 * use the incoming interface (should be same). 1614 */ 1615 if ((ia = (INA)ifa_ifwithaddr((SA)&ipaddr)) == NULL && 1616 (ia = ip_rtaddr(ipaddr.sin_addr, &ipforward_rt)) 1617 == NULL) { 1618 type = ICMP_UNREACH; 1619 code = ICMP_UNREACH_HOST; 1620 goto bad; 1621 } 1622 memcpy(cp + off, &IA_SIN(ia)->sin_addr, 1623 sizeof(struct in_addr)); 1624 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1625 break; 1626 1627 case IPOPT_TS: 1628 if (ipstealth && pass == 0) 1629 break; 1630 code = cp - (u_char *)ip; 1631 if (optlen < 4 || optlen > 40) { 1632 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1633 goto bad; 1634 } 1635 if ((off = cp[IPOPT_OFFSET]) < 5) { 1636 code = &cp[IPOPT_OLEN] - (u_char *)ip; 1637 goto bad; 1638 } 1639 if (off > optlen - (int)sizeof(int32_t)) { 1640 cp[IPOPT_OFFSET + 1] += (1 << 4); 1641 if ((cp[IPOPT_OFFSET + 1] & 0xf0) == 0) { 1642 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1643 goto bad; 1644 } 1645 break; 1646 } 1647 off--; /* 0 origin */ 1648 sin = (struct in_addr *)(cp + off); 1649 switch (cp[IPOPT_OFFSET + 1] & 0x0f) { 1650 1651 case IPOPT_TS_TSONLY: 1652 break; 1653 1654 case IPOPT_TS_TSANDADDR: 1655 if (off + sizeof(n_time) + 1656 sizeof(struct in_addr) > optlen) { 1657 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1658 goto bad; 1659 } 1660 ipaddr.sin_addr = dst; 1661 ia = (INA)ifaof_ifpforaddr((SA)&ipaddr, 1662 m->m_pkthdr.rcvif); 1663 if (ia == NULL) 1664 continue; 1665 memcpy(sin, &IA_SIN(ia)->sin_addr, 1666 sizeof(struct in_addr)); 1667 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1668 off += sizeof(struct in_addr); 1669 break; 1670 1671 case IPOPT_TS_PRESPEC: 1672 if (off + sizeof(n_time) + 1673 sizeof(struct in_addr) > optlen) { 1674 code = &cp[IPOPT_OFFSET] - (u_char *)ip; 1675 goto bad; 1676 } 1677 memcpy(&ipaddr.sin_addr, sin, 1678 sizeof(struct in_addr)); 1679 if (ifa_ifwithaddr((SA)&ipaddr) == NULL) 1680 continue; 1681 cp[IPOPT_OFFSET] += sizeof(struct in_addr); 1682 off += sizeof(struct in_addr); 1683 break; 1684 1685 default: 1686 code = &cp[IPOPT_OFFSET + 1] - (u_char *)ip; 1687 goto bad; 1688 } 1689 ntime = iptime(); 1690 memcpy(cp + off, &ntime, sizeof(n_time)); 1691 cp[IPOPT_OFFSET] += sizeof(n_time); 1692 } 1693 } 1694 if (forward && ipforwarding) { 1695 ip_forward(m, TRUE, next_hop); 1696 return (1); 1697 } 1698 return (0); 1699 bad: 1700 icmp_error(m, type, code, 0, NULL); 1701 ipstat.ips_badoptions++; 1702 return (1); 1703 } 1704 1705 /* 1706 * Given address of next destination (final or next hop), 1707 * return internet address info of interface to be used to get there. 1708 */ 1709 struct in_ifaddr * 1710 ip_rtaddr(struct in_addr dst, struct route *ro) 1711 { 1712 struct sockaddr_in *sin; 1713 1714 sin = (struct sockaddr_in *)&ro->ro_dst; 1715 1716 if (ro->ro_rt == NULL || dst.s_addr != sin->sin_addr.s_addr) { 1717 if (ro->ro_rt != NULL) { 1718 RTFREE(ro->ro_rt); 1719 ro->ro_rt = NULL; 1720 } 1721 sin->sin_family = AF_INET; 1722 sin->sin_len = sizeof *sin; 1723 sin->sin_addr = dst; 1724 rtalloc_ign(ro, RTF_PRCLONING); 1725 } 1726 1727 if (ro->ro_rt == NULL) 1728 return (NULL); 1729 1730 return (ifatoia(ro->ro_rt->rt_ifa)); 1731 } 1732 1733 /* 1734 * Save incoming source route for use in replies, 1735 * to be picked up later by ip_srcroute if the receiver is interested. 1736 */ 1737 void 1738 save_rte(u_char *option, struct in_addr dst) 1739 { 1740 unsigned olen; 1741 1742 olen = option[IPOPT_OLEN]; 1743 #ifdef DIAGNOSTIC 1744 if (ipprintfs) 1745 printf("save_rte: olen %d\n", olen); 1746 #endif 1747 if (olen > sizeof(ip_srcrt) - (1 + sizeof(dst))) 1748 return; 1749 bcopy(option, ip_srcrt.srcopt, olen); 1750 ip_nhops = (olen - IPOPT_OFFSET - 1) / sizeof(struct in_addr); 1751 ip_srcrt.dst = dst; 1752 } 1753 1754 /* 1755 * Retrieve incoming source route for use in replies, 1756 * in the same form used by setsockopt. 1757 * The first hop is placed before the options, will be removed later. 1758 */ 1759 struct mbuf * 1760 ip_srcroute(void) 1761 { 1762 struct in_addr *p, *q; 1763 struct mbuf *m; 1764 1765 if (ip_nhops == 0) 1766 return (NULL); 1767 m = m_get(MB_DONTWAIT, MT_HEADER); 1768 if (m == NULL) 1769 return (NULL); 1770 1771 #define OPTSIZ (sizeof(ip_srcrt.nop) + sizeof(ip_srcrt.srcopt)) 1772 1773 /* length is (nhops+1)*sizeof(addr) + sizeof(nop + srcrt header) */ 1774 m->m_len = ip_nhops * sizeof(struct in_addr) + sizeof(struct in_addr) + 1775 OPTSIZ; 1776 #ifdef DIAGNOSTIC 1777 if (ipprintfs) 1778 printf("ip_srcroute: nhops %d mlen %d", ip_nhops, m->m_len); 1779 #endif 1780 1781 /* 1782 * First save first hop for return route 1783 */ 1784 p = &ip_srcrt.route[ip_nhops - 1]; 1785 *(mtod(m, struct in_addr *)) = *p--; 1786 #ifdef DIAGNOSTIC 1787 if (ipprintfs) 1788 printf(" hops %x", ntohl(mtod(m, struct in_addr *)->s_addr)); 1789 #endif 1790 1791 /* 1792 * Copy option fields and padding (nop) to mbuf. 1793 */ 1794 ip_srcrt.nop = IPOPT_NOP; 1795 ip_srcrt.srcopt[IPOPT_OFFSET] = IPOPT_MINOFF; 1796 memcpy(mtod(m, caddr_t) + sizeof(struct in_addr), &ip_srcrt.nop, 1797 OPTSIZ); 1798 q = (struct in_addr *)(mtod(m, caddr_t) + 1799 sizeof(struct in_addr) + OPTSIZ); 1800 #undef OPTSIZ 1801 /* 1802 * Record return path as an IP source route, 1803 * reversing the path (pointers are now aligned). 1804 */ 1805 while (p >= ip_srcrt.route) { 1806 #ifdef DIAGNOSTIC 1807 if (ipprintfs) 1808 printf(" %x", ntohl(q->s_addr)); 1809 #endif 1810 *q++ = *p--; 1811 } 1812 /* 1813 * Last hop goes to final destination. 1814 */ 1815 *q = ip_srcrt.dst; 1816 #ifdef DIAGNOSTIC 1817 if (ipprintfs) 1818 printf(" %x\n", ntohl(q->s_addr)); 1819 #endif 1820 return (m); 1821 } 1822 1823 /* 1824 * Strip out IP options. 1825 */ 1826 void 1827 ip_stripoptions(struct mbuf *m) 1828 { 1829 int datalen; 1830 struct ip *ip = mtod(m, struct ip *); 1831 caddr_t opts; 1832 int optlen; 1833 1834 optlen = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof(struct ip); 1835 opts = (caddr_t)(ip + 1); 1836 datalen = m->m_len - (sizeof(struct ip) + optlen); 1837 bcopy(opts + optlen, opts, datalen); 1838 m->m_len -= optlen; 1839 if (m->m_flags & M_PKTHDR) 1840 m->m_pkthdr.len -= optlen; 1841 ip->ip_vhl = IP_MAKE_VHL(IPVERSION, sizeof(struct ip) >> 2); 1842 } 1843 1844 u_char inetctlerrmap[PRC_NCMDS] = { 1845 0, 0, 0, 0, 1846 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, 1847 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, 1848 EMSGSIZE, EHOSTUNREACH, 0, 0, 1849 0, 0, 0, 0, 1850 ENOPROTOOPT, ECONNREFUSED 1851 }; 1852 1853 /* 1854 * Forward a packet. If some error occurs return the sender 1855 * an icmp packet. Note we can't always generate a meaningful 1856 * icmp message because icmp doesn't have a large enough repertoire 1857 * of codes and types. 1858 * 1859 * If not forwarding, just drop the packet. This could be confusing 1860 * if ipforwarding was zero but some routing protocol was advancing 1861 * us as a gateway to somewhere. However, we must let the routing 1862 * protocol deal with that. 1863 * 1864 * The using_srcrt parameter indicates whether the packet is being forwarded 1865 * via a source route. 1866 */ 1867 static void 1868 ip_forward(struct mbuf *m, boolean_t using_srcrt, struct sockaddr_in *next_hop) 1869 { 1870 struct ip *ip = mtod(m, struct ip *); 1871 struct sockaddr_in *ipforward_rtaddr; 1872 struct rtentry *rt; 1873 int error, type = 0, code = 0; 1874 struct mbuf *mcopy; 1875 n_long dest; 1876 struct in_addr pkt_dst; 1877 struct ifnet *destifp; 1878 struct m_hdr tag; 1879 #if defined(IPSEC) || defined(FAST_IPSEC) 1880 struct ifnet dummyifp; 1881 #endif 1882 1883 dest = INADDR_ANY; 1884 /* 1885 * Cache the destination address of the packet; this may be 1886 * changed by use of 'ipfw fwd'. 1887 */ 1888 pkt_dst = (next_hop != NULL) ? next_hop->sin_addr : ip->ip_dst; 1889 1890 #ifdef DIAGNOSTIC 1891 if (ipprintfs) 1892 printf("forward: src %x dst %x ttl %x\n", 1893 ip->ip_src.s_addr, pkt_dst.s_addr, ip->ip_ttl); 1894 #endif 1895 1896 if (m->m_flags & (M_BCAST | M_MCAST) || !in_canforward(pkt_dst)) { 1897 ipstat.ips_cantforward++; 1898 m_freem(m); 1899 return; 1900 } 1901 if (!ipstealth && ip->ip_ttl <= IPTTLDEC) { 1902 icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, NULL); 1903 return; 1904 } 1905 1906 ipforward_rtaddr = (struct sockaddr_in *) &ipforward_rt.ro_dst; 1907 if (ipforward_rt.ro_rt == NULL || 1908 ipforward_rtaddr->sin_addr.s_addr != pkt_dst.s_addr) { 1909 if (ipforward_rt.ro_rt != NULL) { 1910 RTFREE(ipforward_rt.ro_rt); 1911 ipforward_rt.ro_rt = NULL; 1912 } 1913 ipforward_rtaddr->sin_family = AF_INET; 1914 ipforward_rtaddr->sin_len = sizeof(struct sockaddr_in); 1915 ipforward_rtaddr->sin_addr = pkt_dst; 1916 rtalloc_ign(&ipforward_rt, RTF_PRCLONING); 1917 if (ipforward_rt.ro_rt == NULL) { 1918 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, dest, 1919 NULL); 1920 return; 1921 } 1922 } 1923 rt = ipforward_rt.ro_rt; 1924 1925 /* 1926 * Save the IP header and at most 8 bytes of the payload, 1927 * in case we need to generate an ICMP message to the src. 1928 * 1929 * XXX this can be optimized a lot by saving the data in a local 1930 * buffer on the stack (72 bytes at most), and only allocating the 1931 * mbuf if really necessary. The vast majority of the packets 1932 * are forwarded without having to send an ICMP back (either 1933 * because unnecessary, or because rate limited), so we are 1934 * really we are wasting a lot of work here. 1935 * 1936 * We don't use m_copy() because it might return a reference 1937 * to a shared cluster. Both this function and ip_output() 1938 * assume exclusive access to the IP header in `m', so any 1939 * data in a cluster may change before we reach icmp_error(). 1940 */ 1941 MGET(mcopy, MB_DONTWAIT, m->m_type); 1942 if (mcopy != NULL && !m_dup_pkthdr(mcopy, m, MB_DONTWAIT)) { 1943 /* 1944 * It's probably ok if the pkthdr dup fails (because 1945 * the deep copy of the tag chain failed), but for now 1946 * be conservative and just discard the copy since 1947 * code below may some day want the tags. 1948 */ 1949 m_free(mcopy); 1950 mcopy = NULL; 1951 } 1952 if (mcopy != NULL) { 1953 mcopy->m_len = imin((IP_VHL_HL(ip->ip_vhl) << 2) + 8, 1954 (int)ip->ip_len); 1955 mcopy->m_pkthdr.len = mcopy->m_len; 1956 m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t)); 1957 } 1958 1959 if (!ipstealth) 1960 ip->ip_ttl -= IPTTLDEC; 1961 1962 /* 1963 * If forwarding packet using same interface that it came in on, 1964 * perhaps should send a redirect to sender to shortcut a hop. 1965 * Only send redirect if source is sending directly to us, 1966 * and if packet was not source routed (or has any options). 1967 * Also, don't send redirect if forwarding using a default route 1968 * or a route modified by a redirect. 1969 */ 1970 if (rt->rt_ifp == m->m_pkthdr.rcvif && 1971 !(rt->rt_flags & (RTF_DYNAMIC | RTF_MODIFIED)) && 1972 satosin(rt_key(rt))->sin_addr.s_addr != INADDR_ANY && 1973 ipsendredirects && !using_srcrt && next_hop == NULL) { 1974 u_long src = ntohl(ip->ip_src.s_addr); 1975 struct in_ifaddr *rt_ifa = (struct in_ifaddr *)rt->rt_ifa; 1976 1977 if (rt_ifa != NULL && 1978 (src & rt_ifa->ia_subnetmask) == rt_ifa->ia_subnet) { 1979 if (rt->rt_flags & RTF_GATEWAY) 1980 dest = satosin(rt->rt_gateway)->sin_addr.s_addr; 1981 else 1982 dest = pkt_dst.s_addr; 1983 /* 1984 * Router requirements says to only send 1985 * host redirects. 1986 */ 1987 type = ICMP_REDIRECT; 1988 code = ICMP_REDIRECT_HOST; 1989 #ifdef DIAGNOSTIC 1990 if (ipprintfs) 1991 printf("redirect (%d) to %x\n", code, dest); 1992 #endif 1993 } 1994 } 1995 1996 if (next_hop != NULL) { 1997 /* Pass IPFORWARD info if available */ 1998 tag.mh_type = MT_TAG; 1999 tag.mh_flags = PACKET_TAG_IPFORWARD; 2000 tag.mh_data = (caddr_t)next_hop; 2001 tag.mh_next = m; 2002 m = (struct mbuf *)&tag; 2003 } 2004 2005 error = ip_output(m, NULL, &ipforward_rt, IP_FORWARDING, NULL, NULL); 2006 if (error == 0) { 2007 ipstat.ips_forward++; 2008 if (type == 0) { 2009 if (mcopy) { 2010 ipflow_create(&ipforward_rt, mcopy); 2011 m_freem(mcopy); 2012 } 2013 return; /* most common case */ 2014 } else { 2015 ipstat.ips_redirectsent++; 2016 } 2017 } else { 2018 ipstat.ips_cantforward++; 2019 } 2020 2021 if (mcopy == NULL) 2022 return; 2023 2024 /* 2025 * Send ICMP message. 2026 */ 2027 destifp = NULL; 2028 2029 switch (error) { 2030 2031 case 0: /* forwarded, but need redirect */ 2032 /* type, code set above */ 2033 break; 2034 2035 case ENETUNREACH: /* shouldn't happen, checked above */ 2036 case EHOSTUNREACH: 2037 case ENETDOWN: 2038 case EHOSTDOWN: 2039 default: 2040 type = ICMP_UNREACH; 2041 code = ICMP_UNREACH_HOST; 2042 break; 2043 2044 case EMSGSIZE: 2045 type = ICMP_UNREACH; 2046 code = ICMP_UNREACH_NEEDFRAG; 2047 #ifdef IPSEC 2048 /* 2049 * If the packet is routed over IPsec tunnel, tell the 2050 * originator the tunnel MTU. 2051 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz 2052 * XXX quickhack!!! 2053 */ 2054 if (ipforward_rt.ro_rt != NULL) { 2055 struct secpolicy *sp = NULL; 2056 int ipsecerror; 2057 int ipsechdr; 2058 struct route *ro; 2059 2060 sp = ipsec4_getpolicybyaddr(mcopy, 2061 IPSEC_DIR_OUTBOUND, 2062 IP_FORWARDING, 2063 &ipsecerror); 2064 2065 if (sp == NULL) 2066 destifp = ipforward_rt.ro_rt->rt_ifp; 2067 else { 2068 /* count IPsec header size */ 2069 ipsechdr = ipsec4_hdrsiz(mcopy, 2070 IPSEC_DIR_OUTBOUND, 2071 NULL); 2072 2073 /* 2074 * find the correct route for outer IPv4 2075 * header, compute tunnel MTU. 2076 * 2077 * XXX BUG ALERT 2078 * The "dummyifp" code relies upon the fact 2079 * that icmp_error() touches only ifp->if_mtu. 2080 */ 2081 /*XXX*/ 2082 destifp = NULL; 2083 if (sp->req != NULL && sp->req->sav != NULL && 2084 sp->req->sav->sah != NULL) { 2085 ro = &sp->req->sav->sah->sa_route; 2086 if (ro->ro_rt != NULL && 2087 ro->ro_rt->rt_ifp != NULL) { 2088 dummyifp.if_mtu = 2089 ro->ro_rt->rt_ifp->if_mtu; 2090 dummyifp.if_mtu -= ipsechdr; 2091 destifp = &dummyifp; 2092 } 2093 } 2094 2095 key_freesp(sp); 2096 } 2097 } 2098 #elif FAST_IPSEC 2099 /* 2100 * If the packet is routed over IPsec tunnel, tell the 2101 * originator the tunnel MTU. 2102 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz 2103 * XXX quickhack!!! 2104 */ 2105 if (ipforward_rt.ro_rt != NULL) { 2106 struct secpolicy *sp = NULL; 2107 int ipsecerror; 2108 int ipsechdr; 2109 struct route *ro; 2110 2111 sp = ipsec_getpolicybyaddr(mcopy, 2112 IPSEC_DIR_OUTBOUND, 2113 IP_FORWARDING, 2114 &ipsecerror); 2115 2116 if (sp == NULL) 2117 destifp = ipforward_rt.ro_rt->rt_ifp; 2118 else { 2119 /* count IPsec header size */ 2120 ipsechdr = ipsec4_hdrsiz(mcopy, 2121 IPSEC_DIR_OUTBOUND, 2122 NULL); 2123 2124 /* 2125 * find the correct route for outer IPv4 2126 * header, compute tunnel MTU. 2127 * 2128 * XXX BUG ALERT 2129 * The "dummyifp" code relies upon the fact 2130 * that icmp_error() touches only ifp->if_mtu. 2131 */ 2132 /*XXX*/ 2133 destifp = NULL; 2134 if (sp->req != NULL && 2135 sp->req->sav != NULL && 2136 sp->req->sav->sah != NULL) { 2137 ro = &sp->req->sav->sah->sa_route; 2138 if (ro->ro_rt != NULL && 2139 ro->ro_rt->rt_ifp != NULL) { 2140 dummyifp.if_mtu = 2141 ro->ro_rt->rt_ifp->if_mtu; 2142 dummyifp.if_mtu -= ipsechdr; 2143 destifp = &dummyifp; 2144 } 2145 } 2146 2147 KEY_FREESP(&sp); 2148 } 2149 } 2150 #else /* !IPSEC && !FAST_IPSEC */ 2151 if (ipforward_rt.ro_rt != NULL) 2152 destifp = ipforward_rt.ro_rt->rt_ifp; 2153 #endif /*IPSEC*/ 2154 ipstat.ips_cantfrag++; 2155 break; 2156 2157 case ENOBUFS: 2158 /* 2159 * A router should not generate ICMP_SOURCEQUENCH as 2160 * required in RFC1812 Requirements for IP Version 4 Routers. 2161 * Source quench could be a big problem under DoS attacks, 2162 * or if the underlying interface is rate-limited. 2163 * Those who need source quench packets may re-enable them 2164 * via the net.inet.ip.sendsourcequench sysctl. 2165 */ 2166 if (!ip_sendsourcequench) { 2167 m_freem(mcopy); 2168 return; 2169 } else { 2170 type = ICMP_SOURCEQUENCH; 2171 code = 0; 2172 } 2173 break; 2174 2175 case EACCES: /* ipfw denied packet */ 2176 m_freem(mcopy); 2177 return; 2178 } 2179 icmp_error(mcopy, type, code, dest, destifp); 2180 } 2181 2182 void 2183 ip_savecontrol(struct inpcb *inp, struct mbuf **mp, struct ip *ip, 2184 struct mbuf *m) 2185 { 2186 if (inp->inp_socket->so_options & SO_TIMESTAMP) { 2187 struct timeval tv; 2188 2189 microtime(&tv); 2190 *mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), 2191 SCM_TIMESTAMP, SOL_SOCKET); 2192 if (*mp) 2193 mp = &(*mp)->m_next; 2194 } 2195 if (inp->inp_flags & INP_RECVDSTADDR) { 2196 *mp = sbcreatecontrol((caddr_t) &ip->ip_dst, 2197 sizeof(struct in_addr), IP_RECVDSTADDR, IPPROTO_IP); 2198 if (*mp) 2199 mp = &(*mp)->m_next; 2200 } 2201 #ifdef notyet 2202 /* XXX 2203 * Moving these out of udp_input() made them even more broken 2204 * than they already were. 2205 */ 2206 /* options were tossed already */ 2207 if (inp->inp_flags & INP_RECVOPTS) { 2208 *mp = sbcreatecontrol((caddr_t) opts_deleted_above, 2209 sizeof(struct in_addr), IP_RECVOPTS, IPPROTO_IP); 2210 if (*mp) 2211 mp = &(*mp)->m_next; 2212 } 2213 /* ip_srcroute doesn't do what we want here, need to fix */ 2214 if (inp->inp_flags & INP_RECVRETOPTS) { 2215 *mp = sbcreatecontrol((caddr_t) ip_srcroute(), 2216 sizeof(struct in_addr), IP_RECVRETOPTS, IPPROTO_IP); 2217 if (*mp) 2218 mp = &(*mp)->m_next; 2219 } 2220 #endif 2221 if (inp->inp_flags & INP_RECVIF) { 2222 struct ifnet *ifp; 2223 struct sdlbuf { 2224 struct sockaddr_dl sdl; 2225 u_char pad[32]; 2226 } sdlbuf; 2227 struct sockaddr_dl *sdp; 2228 struct sockaddr_dl *sdl2 = &sdlbuf.sdl; 2229 2230 if (((ifp = m->m_pkthdr.rcvif)) && 2231 ((ifp->if_index != 0) && (ifp->if_index <= if_index))) { 2232 sdp = (struct sockaddr_dl *) 2233 ifnet_addrs[ifp->if_index - 1]->ifa_addr; 2234 /* 2235 * Change our mind and don't try copy. 2236 */ 2237 if ((sdp->sdl_family != AF_LINK) || 2238 (sdp->sdl_len > sizeof(sdlbuf))) { 2239 goto makedummy; 2240 } 2241 bcopy(sdp, sdl2, sdp->sdl_len); 2242 } else { 2243 makedummy: 2244 sdl2->sdl_len = 2245 offsetof(struct sockaddr_dl, sdl_data[0]); 2246 sdl2->sdl_family = AF_LINK; 2247 sdl2->sdl_index = 0; 2248 sdl2->sdl_nlen = sdl2->sdl_alen = sdl2->sdl_slen = 0; 2249 } 2250 *mp = sbcreatecontrol((caddr_t) sdl2, sdl2->sdl_len, 2251 IP_RECVIF, IPPROTO_IP); 2252 if (*mp) 2253 mp = &(*mp)->m_next; 2254 } 2255 } 2256 2257 /* 2258 * XXX these routines are called from the upper part of the kernel. 2259 * 2260 * They could also be moved to ip_mroute.c, since all the RSVP 2261 * handling is done there already. 2262 */ 2263 int 2264 ip_rsvp_init(struct socket *so) 2265 { 2266 if (so->so_type != SOCK_RAW || 2267 so->so_proto->pr_protocol != IPPROTO_RSVP) 2268 return EOPNOTSUPP; 2269 2270 if (ip_rsvpd != NULL) 2271 return EADDRINUSE; 2272 2273 ip_rsvpd = so; 2274 /* 2275 * This may seem silly, but we need to be sure we don't over-increment 2276 * the RSVP counter, in case something slips up. 2277 */ 2278 if (!ip_rsvp_on) { 2279 ip_rsvp_on = 1; 2280 rsvp_on++; 2281 } 2282 2283 return 0; 2284 } 2285 2286 int 2287 ip_rsvp_done(void) 2288 { 2289 ip_rsvpd = NULL; 2290 /* 2291 * This may seem silly, but we need to be sure we don't over-decrement 2292 * the RSVP counter, in case something slips up. 2293 */ 2294 if (ip_rsvp_on) { 2295 ip_rsvp_on = 0; 2296 rsvp_on--; 2297 } 2298 return 0; 2299 } 2300 2301 void 2302 rsvp_input(struct mbuf *m, ...) /* XXX must fixup manually */ 2303 { 2304 int off, proto; 2305 __va_list ap; 2306 2307 __va_start(ap, m); 2308 off = __va_arg(ap, int); 2309 proto = __va_arg(ap, int); 2310 __va_end(ap); 2311 2312 if (rsvp_input_p) { /* call the real one if loaded */ 2313 rsvp_input_p(m, off, proto); 2314 return; 2315 } 2316 2317 /* Can still get packets with rsvp_on = 0 if there is a local member 2318 * of the group to which the RSVP packet is addressed. But in this 2319 * case we want to throw the packet away. 2320 */ 2321 2322 if (!rsvp_on) { 2323 m_freem(m); 2324 return; 2325 } 2326 2327 if (ip_rsvpd != NULL) { 2328 rip_input(m, off, proto); 2329 return; 2330 } 2331 /* Drop the packet */ 2332 m_freem(m); 2333 } 2334