xref: /freebsd/sys/netinet6/ip6_forward.c (revision 2a58b312) 
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the project nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  *	$KAME: ip6_forward.c,v 1.69 2001/05/17 03:48:30 itojun Exp $
32  */
33 
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
36 
37 #include "opt_inet.h"
38 #include "opt_inet6.h"
39 #include "opt_ipsec.h"
40 #include "opt_ipstealth.h"
41 #include "opt_sctp.h"
42 
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/malloc.h>
46 #include <sys/mbuf.h>
47 #include <sys/domain.h>
48 #include <sys/protosw.h>
49 #include <sys/socket.h>
50 #include <sys/errno.h>
51 #include <sys/time.h>
52 #include <sys/kernel.h>
53 #include <sys/syslog.h>
54 
55 #include <net/if.h>
56 #include <net/if_var.h>
57 #include <net/if_private.h>
58 #include <net/netisr.h>
59 #include <net/route.h>
60 #include <net/route/nhop.h>
61 #include <net/pfil.h>
62 
63 #include <netinet/in.h>
64 #include <netinet/in_var.h>
65 #include <netinet/in_systm.h>
66 #include <netinet/ip.h>
67 #include <netinet/ip_var.h>
68 #include <netinet6/in6_var.h>
69 #include <netinet/ip6.h>
70 #include <netinet6/in6_fib.h>
71 #include <netinet6/ip6_var.h>
72 #include <netinet6/scope6_var.h>
73 #include <netinet/icmp6.h>
74 #include <netinet6/nd6.h>
75 
76 #include <netinet/in_pcb.h>
77 
78 #include <netipsec/ipsec_support.h>
79 
80 /*
81  * Forward a packet.  If some error occurs return the sender
82  * an icmp packet.  Note we can't always generate a meaningful
83  * icmp message because icmp doesn't have a large enough repertoire
84  * of codes and types.
85  *
86  * If not forwarding, just drop the packet.  This could be confusing
87  * if ipforwarding was zero but some routing protocol was advancing
88  * us as a gateway to somewhere.  However, we must let the routing
89  * protocol deal with that.
90  *
91  */
92 void
93 ip6_forward(struct mbuf *m, int srcrt)
94 {
95 	struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
96 	struct sockaddr_in6 dst;
97 	struct nhop_object *nh = NULL;
98 	int error, type = 0, code = 0;
99 	struct mbuf *mcopy = NULL;
100 	struct ifnet *origifp;	/* maybe unnecessary */
101 	u_int32_t inzone, outzone;
102 	struct in6_addr odst;
103 	struct m_tag *fwd_tag;
104 	char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN];
105 
106 	/*
107 	 * Do not forward packets to multicast destination (should be handled
108 	 * by ip6_mforward().
109 	 * Do not forward packets with unspecified source.  It was discussed
110 	 * in July 2000, on the ipngwg mailing list.
111 	 */
112 	if ((m->m_flags & (M_BCAST|M_MCAST)) != 0 ||
113 	    IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) ||
114 	    IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
115 		IP6STAT_INC(ip6s_cantforward);
116 		/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
117 		if (V_ip6_log_cannot_forward && ip6_log_ratelimit()) {
118 			log(LOG_DEBUG,
119 			    "cannot forward "
120 			    "from %s to %s nxt %d received on %s\n",
121 			    ip6_sprintf(ip6bufs, &ip6->ip6_src),
122 			    ip6_sprintf(ip6bufd, &ip6->ip6_dst),
123 			    ip6->ip6_nxt,
124 			    if_name(m->m_pkthdr.rcvif));
125 		}
126 		m_freem(m);
127 		return;
128 	}
129 
130 	if (
131 #ifdef IPSTEALTH
132 	    V_ip6stealth == 0 &&
133 #endif
134 	    ip6->ip6_hlim <= IPV6_HLIMDEC) {
135 		/* XXX in6_ifstat_inc(rt->rt_ifp, ifs6_in_discard) */
136 		icmp6_error(m, ICMP6_TIME_EXCEEDED,
137 		    ICMP6_TIME_EXCEED_TRANSIT, 0);
138 		return;
139 	}
140 
141 	/*
142 	 * Save at most ICMPV6_PLD_MAXLEN (= the min IPv6 MTU -
143 	 * size of IPv6 + ICMPv6 headers) bytes of the packet in case
144 	 * we need to generate an ICMP6 message to the src.
145 	 * Thanks to M_EXT, in most cases copy will not occur.
146 	 *
147 	 * It is important to save it before IPsec processing as IPsec
148 	 * processing may modify the mbuf.
149 	 */
150 	mcopy = m_copym(m, 0, imin(m->m_pkthdr.len, ICMPV6_PLD_MAXLEN),
151 	    M_NOWAIT);
152 #ifdef IPSTEALTH
153 	if (V_ip6stealth == 0)
154 #endif
155 		ip6->ip6_hlim -= IPV6_HLIMDEC;
156 
157 #if defined(IPSEC) || defined(IPSEC_SUPPORT)
158 	if (IPSEC_ENABLED(ipv6)) {
159 		if ((error = IPSEC_FORWARD(ipv6, m)) != 0) {
160 			/* mbuf consumed by IPsec */
161 			m_freem(mcopy);
162 			if (error != EINPROGRESS)
163 				IP6STAT_INC(ip6s_cantforward);
164 			return;
165 		}
166 		/* No IPsec processing required */
167 	}
168 #endif
169 	/*
170 	 * ip6_forward() operates with IPv6 addresses with deembedded scope.
171 	 *
172 	 * There are 3 sources of IPv6 destination address:
173 	 *
174 	 * 1) ip6_input(), where ip6_dst contains deembedded address.
175 	 *   In order to deal with forwarding of link-local packets,
176 	 *   calculate the scope based on input interface (RFC 4007, clause 9).
177 	 * 2) packet filters changing ip6_dst directly. It would embed scope
178 	 *   for LL addresses, so in6_localip() performs properly.
179 	 * 3) packet filters attaching PACKET_TAG_IPFORWARD would embed
180 	 *   scope for the nexthop.
181 	 */
182 	bzero(&dst, sizeof(struct sockaddr_in6));
183 	dst.sin6_family = AF_INET6;
184 	dst.sin6_addr = ip6->ip6_dst;
185 	dst.sin6_scope_id = in6_get_unicast_scopeid(&ip6->ip6_dst, m->m_pkthdr.rcvif);
186 again:
187 	nh = fib6_lookup(M_GETFIB(m), &dst.sin6_addr, dst.sin6_scope_id,
188 	    NHR_REF, m->m_pkthdr.flowid);
189 	if (nh == NULL) {
190 		IP6STAT_INC(ip6s_noroute);
191 		in6_ifstat_inc(m->m_pkthdr.rcvif, ifs6_in_noroute);
192 		if (mcopy) {
193 			icmp6_error(mcopy, ICMP6_DST_UNREACH,
194 			ICMP6_DST_UNREACH_NOROUTE, 0);
195 		}
196 		goto bad;
197 	}
198 
199 	if (nh->nh_flags & (NHF_BLACKHOLE | NHF_REJECT)) {
200 		IP6STAT_INC(ip6s_cantforward);
201 		if ((nh->nh_flags & NHF_REJECT) && (mcopy != NULL)) {
202 			icmp6_error(mcopy, ICMP6_DST_UNREACH,
203 			    ICMP6_DST_UNREACH_REJECT, 0);
204 		}
205 		goto bad;
206 	}
207 
208 	/*
209 	 * Source scope check: if a packet can't be delivered to its
210 	 * destination for the reason that the destination is beyond the scope
211 	 * of the source address, discard the packet and return an icmp6
212 	 * destination unreachable error with Code 2 (beyond scope of source
213 	 * address).
214 	 * [draft-ietf-ipngwg-icmp-v3-04.txt, Section 3.1]
215 	 */
216 	outzone = in6_get_unicast_scopeid(&ip6->ip6_src, nh->nh_ifp);
217 	inzone = in6_get_unicast_scopeid(&ip6->ip6_src, m->m_pkthdr.rcvif);
218 	if (inzone != outzone) {
219 		IP6STAT_INC(ip6s_cantforward);
220 		IP6STAT_INC(ip6s_badscope);
221 		in6_ifstat_inc(nh->nh_ifp, ifs6_in_discard);
222 
223 		if (V_ip6_log_cannot_forward && ip6_log_ratelimit()) {
224 			log(LOG_DEBUG,
225 			    "cannot forward "
226 			    "src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
227 			    ip6_sprintf(ip6bufs, &ip6->ip6_src),
228 			    ip6_sprintf(ip6bufd, &ip6->ip6_dst),
229 			    ip6->ip6_nxt,
230 			    if_name(m->m_pkthdr.rcvif), if_name(nh->nh_ifp));
231 		}
232 		if (mcopy)
233 			icmp6_error(mcopy, ICMP6_DST_UNREACH,
234 				    ICMP6_DST_UNREACH_BEYONDSCOPE, 0);
235 		goto bad;
236 	}
237 
238 	/*
239 	 * Destination scope check: if a packet is going to break the scope
240 	 * zone of packet's destination address, discard it.  This case should
241 	 * usually be prevented by appropriately-configured routing table, but
242 	 * we need an explicit check because we may mistakenly forward the
243 	 * packet to a different zone by (e.g.) a default route.
244 	 */
245 	inzone = in6_get_unicast_scopeid(&ip6->ip6_dst, m->m_pkthdr.rcvif);
246 	outzone = in6_get_unicast_scopeid(&ip6->ip6_dst, nh->nh_ifp);
247 
248 	if (inzone != outzone) {
249 		IP6STAT_INC(ip6s_cantforward);
250 		IP6STAT_INC(ip6s_badscope);
251 		goto bad;
252 	}
253 
254 	if (nh->nh_flags & NHF_GATEWAY) {
255 		/* Store gateway address in deembedded form */
256 		dst.sin6_addr = nh->gw6_sa.sin6_addr;
257 		dst.sin6_scope_id = ntohs(in6_getscope(&dst.sin6_addr));
258 		in6_clearscope(&dst.sin6_addr);
259 	}
260 
261 	/*
262 	 * If we are to forward the packet using the same interface
263 	 * as one we got the packet from, perhaps we should send a redirect
264 	 * to sender to shortcut a hop.
265 	 * Only send redirect if source is sending directly to us,
266 	 * and if packet was not source routed (or has any options).
267 	 * Also, don't send redirect if forwarding using a route
268 	 * modified by a redirect.
269 	 */
270 	if (V_ip6_sendredirects && nh->nh_ifp == m->m_pkthdr.rcvif && !srcrt &&
271 	    (nh->nh_flags & NHF_REDIRECT) == 0)
272 		type = ND_REDIRECT;
273 
274 	/*
275 	 * Fake scoped addresses. Note that even link-local source or
276 	 * destinaion can appear, if the originating node just sends the
277 	 * packet to us (without address resolution for the destination).
278 	 * Since both icmp6_error and icmp6_redirect_output fill the embedded
279 	 * link identifiers, we can do this stuff after making a copy for
280 	 * returning an error.
281 	 */
282 	if ((nh->nh_ifp->if_flags & IFF_LOOPBACK) != 0) {
283 		/*
284 		 * See corresponding comments in ip6_output.
285 		 * XXX: but is it possible that ip6_forward() sends a packet
286 		 *      to a loopback interface? I don't think so, and thus
287 		 *      I bark here. (jinmei@kame.net)
288 		 * XXX: it is common to route invalid packets to loopback.
289 		 *	also, the codepath will be visited on use of ::1 in
290 		 *	rthdr. (itojun)
291 		 */
292 #if 1
293 		if (0)
294 #else
295 		if ((rt->rt_flags & (RTF_BLACKHOLE|RTF_REJECT)) == 0)
296 #endif
297 		{
298 			printf("ip6_forward: outgoing interface is loopback. "
299 			       "src %s, dst %s, nxt %d, rcvif %s, outif %s\n",
300 			       ip6_sprintf(ip6bufs, &ip6->ip6_src),
301 			       ip6_sprintf(ip6bufd, &ip6->ip6_dst),
302 			       ip6->ip6_nxt, if_name(m->m_pkthdr.rcvif),
303 			       if_name(nh->nh_ifp));
304 		}
305 
306 		/* we can just use rcvif in forwarding. */
307 		origifp = m->m_pkthdr.rcvif;
308 	}
309 	else
310 		origifp = nh->nh_ifp;
311 	/*
312 	 * clear embedded scope identifiers if necessary.
313 	 * in6_clearscope will touch the addresses only when necessary.
314 	 */
315 	in6_clearscope(&ip6->ip6_src);
316 	in6_clearscope(&ip6->ip6_dst);
317 
318 	/* Jump over all PFIL processing if hooks are not active. */
319 	if (!PFIL_HOOKED_OUT(V_inet6_pfil_head))
320 		goto pass;
321 
322 	odst = ip6->ip6_dst;
323 	/* Run through list of hooks for forwarded packets. */
324 	if (pfil_mbuf_fwd(V_inet6_pfil_head, &m, nh->nh_ifp,
325 	    NULL) != PFIL_PASS)
326 		goto freecopy;
327 	ip6 = mtod(m, struct ip6_hdr *);
328 
329 	/* See if destination IP address was changed by packet filter. */
330 	if (!IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst)) {
331 		m->m_flags |= M_SKIP_FIREWALL;
332 		/* If destination is now ourself drop to ip6_input(). */
333 		if (in6_localip(&ip6->ip6_dst))
334 			m->m_flags |= M_FASTFWD_OURS;
335 		else {
336 			NH_FREE(nh);
337 
338 			/* Update address and scopeid. Assume scope is embedded */
339 			dst.sin6_scope_id = ntohs(in6_getscope(&ip6->ip6_dst));
340 			dst.sin6_addr = ip6->ip6_dst;
341 			in6_clearscope(&dst.sin6_addr);
342 			goto again;	/* Redo the routing table lookup. */
343 		}
344 	}
345 
346 	/* See if local, if yes, send it to netisr. */
347 	if (m->m_flags & M_FASTFWD_OURS) {
348 		if (m->m_pkthdr.rcvif == NULL)
349 			m->m_pkthdr.rcvif = V_loif;
350 		if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) {
351 			m->m_pkthdr.csum_flags |=
352 			    CSUM_DATA_VALID_IPV6 | CSUM_PSEUDO_HDR;
353 			m->m_pkthdr.csum_data = 0xffff;
354 		}
355 #if defined(SCTP) || defined(SCTP_SUPPORT)
356 		if (m->m_pkthdr.csum_flags & CSUM_SCTP_IPV6)
357 			m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID;
358 #endif
359 		error = netisr_queue(NETISR_IPV6, m);
360 		goto out;
361 	}
362 	/* Or forward to some other address? */
363 	if ((m->m_flags & M_IP6_NEXTHOP) &&
364 	    (fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL) {
365 		struct sockaddr_in6 *gw6 = (struct sockaddr_in6 *)(fwd_tag + 1);
366 
367 		/* Update address and scopeid. Assume scope is embedded */
368 		dst.sin6_scope_id = ntohs(in6_getscope(&gw6->sin6_addr));
369 		dst.sin6_addr = gw6->sin6_addr;
370 		in6_clearscope(&dst.sin6_addr);
371 
372 		m->m_flags |= M_SKIP_FIREWALL;
373 		m->m_flags &= ~M_IP6_NEXTHOP;
374 		m_tag_delete(m, fwd_tag);
375 		NH_FREE(nh);
376 		goto again;
377 	}
378 
379 pass:
380 	/* See if the size was changed by the packet filter. */
381 	/* TODO: change to nh->nh_mtu */
382 	if (m->m_pkthdr.len > IN6_LINKMTU(nh->nh_ifp)) {
383 		in6_ifstat_inc(nh->nh_ifp, ifs6_in_toobig);
384 		if (mcopy)
385 			icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0,
386 			    IN6_LINKMTU(nh->nh_ifp));
387 		goto bad;
388 	}
389 
390 	/* Currently LLE layer stores embedded IPv6 addresses */
391 	if (IN6_IS_SCOPE_LINKLOCAL(&dst.sin6_addr)) {
392 		in6_set_unicast_scopeid(&dst.sin6_addr, dst.sin6_scope_id);
393 		dst.sin6_scope_id = 0;
394 	}
395 	error = nd6_output_ifp(nh->nh_ifp, origifp, m, &dst, NULL);
396 	if (error) {
397 		in6_ifstat_inc(nh->nh_ifp, ifs6_out_discard);
398 		IP6STAT_INC(ip6s_cantforward);
399 	} else {
400 		IP6STAT_INC(ip6s_forward);
401 		in6_ifstat_inc(nh->nh_ifp, ifs6_out_forward);
402 		if (type)
403 			IP6STAT_INC(ip6s_redirectsent);
404 		else {
405 			if (mcopy)
406 				goto freecopy;
407 		}
408 	}
409 
410 	if (mcopy == NULL)
411 		goto out;
412 	switch (error) {
413 	case 0:
414 		if (type == ND_REDIRECT) {
415 			icmp6_redirect_output(mcopy, nh);
416 			goto out;
417 		}
418 		goto freecopy;
419 
420 	case EMSGSIZE:
421 		/* xxx MTU is constant in PPP? */
422 		goto freecopy;
423 
424 	case ENOBUFS:
425 		/* Tell source to slow down like source quench in IP? */
426 		goto freecopy;
427 
428 	case ENETUNREACH:	/* shouldn't happen, checked above */
429 	case EHOSTUNREACH:
430 	case ENETDOWN:
431 	case EHOSTDOWN:
432 	default:
433 		type = ICMP6_DST_UNREACH;
434 		code = ICMP6_DST_UNREACH_ADDR;
435 		break;
436 	}
437 	icmp6_error(mcopy, type, code, 0);
438 	goto out;
439 
440  freecopy:
441 	m_freem(mcopy);
442 	goto out;
443 bad:
444 	m_freem(m);
445 out:
446 	if (nh != NULL)
447 		NH_FREE(nh);
448 }
449