1 | /* $NetBSD: route6.c,v 1.23 2008/04/15 03:57:04 thorpej Exp $ */ |
2 | /* $KAME: route6.c,v 1.22 2000/12/03 00:54:00 itojun Exp $ */ |
3 | |
4 | /* |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
6 | * All rights reserved. |
7 | * |
8 | * Redistribution and use in source and binary forms, with or without |
9 | * modification, are permitted provided that the following conditions |
10 | * are met: |
11 | * 1. Redistributions of source code must retain the above copyright |
12 | * notice, this list of conditions and the following disclaimer. |
13 | * 2. Redistributions in binary form must reproduce the above copyright |
14 | * notice, this list of conditions and the following disclaimer in the |
15 | * documentation and/or other materials provided with the distribution. |
16 | * 3. Neither the name of the project nor the names of its contributors |
17 | * may be used to endorse or promote products derived from this software |
18 | * without specific prior written permission. |
19 | * |
20 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
30 | * SUCH DAMAGE. |
31 | */ |
32 | |
33 | #include <sys/cdefs.h> |
34 | __KERNEL_RCSID(0, "$NetBSD: route6.c,v 1.23 2008/04/15 03:57:04 thorpej Exp $" ); |
35 | |
36 | #include <sys/param.h> |
37 | #include <sys/mbuf.h> |
38 | #include <sys/socket.h> |
39 | #include <sys/systm.h> |
40 | #include <sys/queue.h> |
41 | |
42 | #include <net/if.h> |
43 | |
44 | #include <netinet/in.h> |
45 | #include <netinet6/in6_var.h> |
46 | #include <netinet/ip6.h> |
47 | #include <netinet6/ip6_var.h> |
48 | #include <netinet6/ip6_private.h> |
49 | #include <netinet6/scope6_var.h> |
50 | |
51 | #include <netinet/icmp6.h> |
52 | |
53 | #if 0 |
54 | static int ip6_rthdr0(struct mbuf *, struct ip6_hdr *, struct ip6_rthdr0 *); |
55 | #endif |
56 | |
57 | int |
58 | route6_input(struct mbuf **mp, int *offp, int proto) |
59 | { |
60 | struct ip6_hdr *ip6; |
61 | struct mbuf *m = *mp; |
62 | struct ip6_rthdr *rh; |
63 | int off = *offp, rhlen; |
64 | |
65 | ip6 = mtod(m, struct ip6_hdr *); |
66 | IP6_EXTHDR_GET(rh, struct ip6_rthdr *, m, off, sizeof(*rh)); |
67 | if (rh == NULL) { |
68 | IP6_STATINC(IP6_STAT_TOOSHORT); |
69 | return IPPROTO_DONE; |
70 | } |
71 | |
72 | switch (rh->ip6r_type) { |
73 | #if 0 |
74 | /* |
75 | * See http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf |
76 | * for why IPV6_RTHDR_TYPE_0 is banned here. |
77 | * |
78 | * We return ICMPv6 parameter problem so that innocent people |
79 | * (not an attacker) would notice about the use of IPV6_RTHDR_TYPE_0. |
80 | * Since there's no amplification, and ICMPv6 error will be rate- |
81 | * controlled, it shouldn't cause any problem. |
82 | * If you are concerned about this, you may want to use the following |
83 | * code fragment: |
84 | * |
85 | * case IPV6_RTHDR_TYPE_0: |
86 | * m_freem(m); |
87 | * return (IPPROTO_DONE); |
88 | */ |
89 | case IPV6_RTHDR_TYPE_0: |
90 | rhlen = (rh->ip6r_len + 1) << 3; |
91 | /* |
92 | * note on option length: |
93 | * maximum rhlen: 2048 |
94 | * max mbuf m_pulldown can handle: MCLBYTES == usually 2048 |
95 | * so, here we are assuming that m_pulldown can handle |
96 | * rhlen == 2048 case. this may not be a good thing to |
97 | * assume - we may want to avoid pulling it up altogether. |
98 | */ |
99 | IP6_EXTHDR_GET(rh, struct ip6_rthdr *, m, off, rhlen); |
100 | if (rh == NULL) { |
101 | IP6_STATINC(IP6_STAT_TOOSHORT); |
102 | return IPPROTO_DONE; |
103 | } |
104 | if (ip6_rthdr0(m, ip6, (struct ip6_rthdr0 *)rh)) |
105 | return (IPPROTO_DONE); |
106 | break; |
107 | #endif |
108 | default: |
109 | /* unknown routing type */ |
110 | if (rh->ip6r_segleft == 0) { |
111 | rhlen = (rh->ip6r_len + 1) << 3; |
112 | break; /* Final dst. Just ignore the header. */ |
113 | } |
114 | IP6_STATINC(IP6_STAT_BADOPTIONS); |
115 | icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER, |
116 | (char *)&rh->ip6r_type - (char *)ip6); |
117 | return (IPPROTO_DONE); |
118 | } |
119 | |
120 | *offp += rhlen; |
121 | return (rh->ip6r_nxt); |
122 | } |
123 | |
124 | #if 0 |
125 | /* |
126 | * Type0 routing header processing |
127 | * |
128 | * RFC2292 backward compatibility warning: no support for strict/loose bitmap, |
129 | * as it was dropped between RFC1883 and RFC2460. |
130 | */ |
131 | static int |
132 | ip6_rthdr0(struct mbuf *m, struct ip6_hdr *ip6, |
133 | struct ip6_rthdr0 *rh0) |
134 | { |
135 | int addrs, index; |
136 | struct in6_addr *nextaddr, tmpaddr; |
137 | const struct ip6aux *ip6a; |
138 | |
139 | if (rh0->ip6r0_segleft == 0) |
140 | return (0); |
141 | |
142 | if (rh0->ip6r0_len % 2 |
143 | #ifdef COMPAT_RFC1883 |
144 | || rh0->ip6r0_len > 46 |
145 | #endif |
146 | ) { |
147 | /* |
148 | * Type 0 routing header can't contain more than 23 addresses. |
149 | * RFC 2462: this limitation was removed since strict/loose |
150 | * bitmap field was deleted. |
151 | */ |
152 | IP6_STATINC(IP6_STAT_BADOPTIONS); |
153 | icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER, |
154 | (char *)&rh0->ip6r0_len - (char *)ip6); |
155 | return (-1); |
156 | } |
157 | |
158 | if ((addrs = rh0->ip6r0_len / 2) < rh0->ip6r0_segleft) { |
159 | IP6_STATINC(IP6_STAT_BADOPTIONS); |
160 | icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER, |
161 | (char *)&rh0->ip6r0_segleft - (char *)ip6); |
162 | return (-1); |
163 | } |
164 | |
165 | index = addrs - rh0->ip6r0_segleft; |
166 | rh0->ip6r0_segleft--; |
167 | nextaddr = ((struct in6_addr *)(rh0 + 1)) + index; |
168 | |
169 | /* |
170 | * reject invalid addresses. be proactive about malicious use of |
171 | * IPv4 mapped/compat address. |
172 | * XXX need more checks? |
173 | */ |
174 | if (IN6_IS_ADDR_MULTICAST(nextaddr) || |
175 | IN6_IS_ADDR_UNSPECIFIED(nextaddr) || |
176 | IN6_IS_ADDR_V4MAPPED(nextaddr) || |
177 | IN6_IS_ADDR_V4COMPAT(nextaddr)) { |
178 | p6stat[IP6_STAT_BADOPTIONS]++; |
179 | goto bad; |
180 | } |
181 | if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || |
182 | IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst) || |
183 | IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst) || |
184 | IN6_IS_ADDR_V4COMPAT(&ip6->ip6_dst)) { |
185 | IP6_STATINC(IP6_STAT_BADOPTIONS); |
186 | goto bad; |
187 | } |
188 | |
189 | /* |
190 | * Determine the scope zone of the next hop, based on the interface |
191 | * of the current hop. [RFC4007, Section 9] |
192 | * Then disambiguate the scope zone for the next hop (if necessary). |
193 | */ |
194 | if ((ip6a = ip6_getdstifaddr(m)) == NULL) |
195 | goto bad; |
196 | if (in6_setzoneid(nextaddr, ip6a->ip6a_scope_id) != 0) { |
197 | IP6_STATINC(IP6_STAT_BADSCOPE); |
198 | goto bad; |
199 | } |
200 | |
201 | /* |
202 | * Swap the IPv6 destination address and nextaddr. Forward the packet. |
203 | */ |
204 | tmpaddr = *nextaddr; |
205 | *nextaddr = ip6->ip6_dst; |
206 | in6_clearscope(nextaddr); /* XXX */ |
207 | ip6->ip6_dst = tmpaddr; |
208 | |
209 | #ifdef COMPAT_RFC1883 |
210 | if (rh0->ip6r0_slmap[index / 8] & (1 << (7 - (index % 8)))) |
211 | ip6_forward(m, IPV6_SRCRT_NEIGHBOR); |
212 | else |
213 | ip6_forward(m, IPV6_SRCRT_NOTNEIGHBOR); |
214 | #else |
215 | ip6_forward(m, 1); |
216 | #endif |
217 | |
218 | return (-1); /* m would be freed in ip6_forward() */ |
219 | |
220 | bad: |
221 | m_freem(m); |
222 | return (-1); |
223 | } |
224 | #endif |
225 | |