in6_proto.c source code [xnu/bsd/netinet6/in6_proto.c]

1	/*
2	* Copyright (c) 2008-2023 Apple Inc. All rights reserved.
3	*
4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5	*
6	* This file contains Original Code and/or Modifications of Original Code
7	* as defined in and that are subject to the Apple Public Source License
8	* Version 2.0 (the 'License'). You may not use this file except in
9	* compliance with the License. The rights granted to you under the License
10	* may not be used to create, or enable the creation or redistribution of,
11	* unlawful or unlicensed copies of an Apple operating system, or to
12	* circumvent, violate, or enable the circumvention or violation of, any
13	* terms of an Apple operating system software license agreement.
14	*
15	* Please obtain a copy of the License at
16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
17	*
18	* The Original Code and all software distributed under the License are
19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23	* Please see the License for the specific language governing rights and
24	* limitations under the License.
25	*
26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27	*/
28
29	/*
30	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
31	* All rights reserved.
32	*
33	* Redistribution and use in source and binary forms, with or without
34	* modification, are permitted provided that the following conditions
35	* are met:
36	* 1. Redistributions of source code must retain the above copyright
37	* notice, this list of conditions and the following disclaimer.
38	* 2. Redistributions in binary form must reproduce the above copyright
39	* notice, this list of conditions and the following disclaimer in the
40	* documentation and/or other materials provided with the distribution.
41	* 3. Neither the name of the project nor the names of its contributors
42	* may be used to endorse or promote products derived from this software
43	* without specific prior written permission.
44	*
45	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
46	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
49	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55	* SUCH DAMAGE.
56	*/
57
58	/*
59	* Copyright (c) 1982, 1986, 1993
60	* The Regents of the University of California. All rights reserved.
61	*
62	* Redistribution and use in source and binary forms, with or without
63	* modification, are permitted provided that the following conditions
64	* are met:
65	* 1. Redistributions of source code must retain the above copyright
66	* notice, this list of conditions and the following disclaimer.
67	* 2. Redistributions in binary form must reproduce the above copyright
68	* notice, this list of conditions and the following disclaimer in the
69	* documentation and/or other materials provided with the distribution.
70	* 3. All advertising materials mentioning features or use of this software
71	* must display the following acknowledgement:
72	* This product includes software developed by the University of
73	* California, Berkeley and its contributors.
74	* 4. Neither the name of the University nor the names of its contributors
75	* may be used to endorse or promote products derived from this software
76	* without specific prior written permission.
77	*
78	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
79	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
80	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
81	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
82	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
83	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
84	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
85	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
86	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
87	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
88	* SUCH DAMAGE.
89	*
90	* @(#)in_proto.c 8.1 (Berkeley) 6/10/93
91	*/
92
93
94	#include <sys/param.h>
95	#include <sys/socket.h>
96	#include <sys/socketvar.h>
97	#include <sys/protosw.h>
98	#include <sys/kernel.h>
99	#include <sys/domain.h>
100	#include <sys/mbuf.h>
101	#include <sys/systm.h>
102	#include <sys/sysctl.h>
103
104	#include <net/if.h>
105	#include <net/radix.h>
106	#include <net/route.h>
107	#include <net/nat464_utils.h>
108
109	#include <netinet/in.h>
110	#include <netinet/in_systm.h>
111	#include <netinet/in_var.h>
112	#include <netinet/ip_encap.h>
113	#include <netinet/ip.h>
114	#include <netinet/ip_var.h>
115	#include <netinet/ip6.h>
116	#include <netinet6/ip6_var.h>
117	#include <netinet6/in6_var.h>
118	#include <netinet/icmp6.h>
119
120	#include <netinet/tcp.h>
121	#include <netinet/tcp_timer.h>
122	#include <netinet/tcp_var.h>
123	#include <netinet/udp.h>
124	#include <netinet/udp_var.h>
125	#include <netinet6/tcp6_var.h>
126	#include <netinet6/raw_ip6.h>
127	#include <netinet6/udp6_var.h>
128	#include <netinet6/nd6.h>
129	#include <netinet6/mld6_var.h>
130
131	#if IPSEC
132	#include <netinet6/ipsec.h>
133	#include <netinet6/ipsec6.h>
134	#include <netinet6/ah.h>
135	#include <netinet6/ah6.h>
136	#if IPSEC_ESP
137	#include <netinet6/esp.h>
138	#include <netinet6/esp6.h>
139	#endif
140	#endif /IPSEC/
141
142	#include <netinet6/ip6protosw.h>
143
144	#include <net/net_osdep.h>
145	#include <os/log.h>
146
147	/*
148	* TCP/IP protocol family: IP6, ICMP6, UDP, TCP.
149	*/
150
151	extern struct domain inet6domain_s;
152	struct domain *inet6domain = NULL;
153
154	static struct pr_usrreqs nousrreqs;
155	lck_mtx_t *inet6_domain_mutex;
156
157	static void in6_dinit(struct domain *);
158	static int rip6_pr_output(struct mbuf , struct* socket *,
159	struct sockaddr_in6 , struct* mbuf *);
160
161	struct ip6protosw inet6sw[] = {
162	{
163	.pr_type = `0`,
164	.pr_protocol = IPPROTO_IPV6,
165	.pr_init = ip6_init,
166	.pr_drain = ip6_drain,
167	.pr_usrreqs = &nousrreqs,
168	},
169	{
170	.pr_type = SOCK_DGRAM,
171	.pr_protocol = IPPROTO_UDP,
172	.pr_flags = PR_ATOMIC \| PR_ADDR \| PR_PROTOLOCK \| PR_PCBLOCK \|
173	PR_EVCONNINFO \| PR_PRECONN_WRITE,
174	.pr_input = udp6_input,
175	.pr_ctlinput = udp6_ctlinput,
176	.pr_ctloutput = udp_ctloutput,
177	#if !INET /* don't call initialization twice */
178	.pr_init = udp_init,
179	#endif /* !INET */
180	.pr_usrreqs = &udp6_usrreqs,
181	.pr_lock = udp_lock,
182	.pr_unlock = udp_unlock,
183	.pr_getlock = udp_getlock,
184	.pr_update_last_owner = inp_update_last_owner,
185	.pr_copy_last_owner = inp_copy_last_owner,
186	},
187	{
188	.pr_type = SOCK_STREAM,
189	.pr_protocol = IPPROTO_TCP,
190	.pr_flags = PR_CONNREQUIRED \| PR_WANTRCVD \| PR_PCBLOCK \|
191	PR_PROTOLOCK \| PR_DISPOSE \| PR_EVCONNINFO \|
192	PR_PRECONN_WRITE \| PR_DATA_IDEMPOTENT,
193	.pr_input = tcp6_input,
194	.pr_ctlinput = tcp6_ctlinput,
195	.pr_ctloutput = tcp_ctloutput,
196	#if !INET /* don't call initialization and timeout routines twice */
197	.pr_init = tcp_init,
198	#endif /* !INET */
199	.pr_drain = tcp_drain,
200	.pr_usrreqs = &tcp6_usrreqs,
201	.pr_lock = tcp_lock,
202	.pr_unlock = tcp_unlock,
203	.pr_getlock = tcp_getlock,
204	.pr_update_last_owner = inp_update_last_owner,
205	.pr_copy_last_owner = inp_copy_last_owner,
206	},
207	{
208	.pr_type = SOCK_RAW,
209	.pr_protocol = IPPROTO_RAW,
210	.pr_flags = PR_ATOMIC \| PR_ADDR,
211	.pr_input = rip6_input,
212	.pr_output = rip6_pr_output,
213	.pr_ctlinput = rip6_ctlinput,
214	.pr_ctloutput = rip6_ctloutput,
215	#if !INET /* don't call initialization and timeout routines twice */
216	.pr_init = rip_init,
217	#endif /* !INET */
218	.pr_usrreqs = &rip6_usrreqs,
219	.pr_unlock = rip_unlock,
220	.pr_update_last_owner = inp_update_last_owner,
221	.pr_copy_last_owner = inp_copy_last_owner,
222	},
223	{
224	.pr_type = SOCK_RAW,
225	.pr_protocol = IPPROTO_ICMPV6,
226	.pr_flags = PR_ATOMIC \| PR_ADDR \| PR_LASTHDR,
227	.pr_input = icmp6_input,
228	.pr_output = rip6_pr_output,
229	.pr_ctlinput = rip6_ctlinput,
230	.pr_ctloutput = rip6_ctloutput,
231	.pr_init = icmp6_init,
232	.pr_usrreqs = &rip6_usrreqs,
233	.pr_unlock = rip_unlock,
234	.pr_update_last_owner = inp_update_last_owner,
235	.pr_copy_last_owner = inp_copy_last_owner,
236	},
237	{
238	.pr_type = SOCK_DGRAM,
239	.pr_protocol = IPPROTO_ICMPV6,
240	.pr_flags = PR_ATOMIC \| PR_ADDR \| PR_LASTHDR,
241	.pr_input = icmp6_input,
242	.pr_output = rip6_pr_output,
243	.pr_ctlinput = rip6_ctlinput,
244	.pr_ctloutput = icmp6_dgram_ctloutput,
245	.pr_init = icmp6_init,
246	.pr_usrreqs = &icmp6_dgram_usrreqs,
247	.pr_unlock = rip_unlock,
248	.pr_update_last_owner = inp_update_last_owner,
249	.pr_copy_last_owner = inp_copy_last_owner,
250	},
251	{
252	.pr_type = SOCK_RAW,
253	.pr_protocol = IPPROTO_DSTOPTS,
254	.pr_flags = PR_ATOMIC \| PR_ADDR,
255	.pr_input = dest6_input,
256	.pr_usrreqs = &nousrreqs,
257	},
258	{
259	.pr_type = SOCK_RAW,
260	.pr_protocol = IPPROTO_ROUTING,
261	.pr_flags = PR_ATOMIC \| PR_ADDR,
262	.pr_input = route6_input,
263	.pr_usrreqs = &nousrreqs,
264	},
265	{
266	.pr_type = SOCK_RAW,
267	.pr_protocol = IPPROTO_FRAGMENT,
268	.pr_flags = PR_ATOMIC \| PR_ADDR \| PR_PROTOLOCK,
269	.pr_input = frag6_input,
270	.pr_usrreqs = &nousrreqs,
271	},
272	#if IPSEC
273	{
274	.pr_type = SOCK_RAW,
275	.pr_protocol = IPPROTO_AH,
276	.pr_flags = PR_ATOMIC \| PR_ADDR \| PR_PROTOLOCK,
277	.pr_input = ah6_input,
278	.pr_usrreqs = &nousrreqs,
279	},
280	#if IPSEC_ESP
281	{
282	.pr_type = SOCK_RAW,
283	.pr_protocol = IPPROTO_ESP,
284	.pr_flags = PR_ATOMIC \| PR_ADDR \| PR_PROTOLOCK,
285	.pr_input = esp6_input,
286	.pr_ctlinput = esp6_ctlinput,
287	.pr_usrreqs = &nousrreqs,
288	},
289	#endif /* IPSEC_ESP */
290	#endif /* IPSEC */
291	#if INET
292	{
293	.pr_type = SOCK_RAW,
294	.pr_protocol = IPPROTO_IPV4,
295	.pr_flags = PR_ATOMIC \| PR_ADDR \| PR_LASTHDR,
296	.pr_input = encap6_input,
297	.pr_output = rip6_pr_output,
298	.pr_ctloutput = rip6_ctloutput,
299	.pr_usrreqs = &rip6_usrreqs,
300	.pr_unlock = rip_unlock,
301	.pr_update_last_owner = inp_update_last_owner,
302	.pr_copy_last_owner = inp_copy_last_owner,
303	},
304	#endif /INET/
305	{
306	.pr_type = SOCK_RAW,
307	.pr_protocol = IPPROTO_IPV6,
308	.pr_flags = PR_ATOMIC \| PR_ADDR \| PR_LASTHDR,
309	.pr_input = encap6_input,
310	.pr_output = rip6_pr_output,
311	.pr_ctloutput = rip6_ctloutput,
312	.pr_usrreqs = &rip6_usrreqs,
313	.pr_unlock = rip_unlock,
314	.pr_update_last_owner = inp_update_last_owner,
315	.pr_copy_last_owner = inp_copy_last_owner,
316	},
317	/ raw wildcard /
318	{
319	.pr_type = SOCK_RAW,
320	.pr_protocol = `0`,
321	.pr_flags = PR_ATOMIC \| PR_ADDR \| PR_LASTHDR,
322	.pr_input = rip6_input,
323	.pr_output = rip6_pr_output,
324	.pr_ctloutput = rip6_ctloutput,
325	.pr_usrreqs = &rip6_usrreqs,
326	.pr_unlock = rip_unlock,
327	.pr_update_last_owner = inp_update_last_owner,
328	.pr_copy_last_owner = inp_copy_last_owner,
329	},
330	};
331
332	int in6_proto_count = (sizeof(inet6sw) / sizeof(struct ip6protosw));
333
334	struct domain inet6domain_s = {
335	.dom_family = PF_INET6,
336	.dom_flags = DOM_REENTRANT,
337	.dom_name = "internet6",
338	.dom_init = in6_dinit,
339	.dom_rtattach = in6_inithead,
340	.dom_rtoffset = offsetof(struct sockaddr_in6, sin6_addr) << `3`,
341	.dom_maxrtkey = sizeof(struct sockaddr_in6),
342	.dom_protohdrlen = sizeof(struct sockaddr_in6),
343	};
344
345	/ Initialize the PF_INET6 domain, and add in the pre-defined protos /
346	void
347	in6_dinit(struct domain *dp)
348	{
349	struct ip6protosw *pr;
350	int i;
351
352	VERIFY(!(dp->dom_flags & DOM_INITIALIZED));
353	VERIFY(inet6domain == NULL);
354
355	inet6domain = dp;
356
357	_CASSERT(sizeof(struct protosw) == sizeof(struct ip6protosw));
358	_CASSERT(offsetof(struct ip6protosw, pr_entry) ==
359	offsetof(struct protosw, pr_entry));
360	_CASSERT(offsetof(struct ip6protosw, pr_domain) ==
361	offsetof(struct protosw, pr_domain));
362	_CASSERT(offsetof(struct ip6protosw, pr_protosw) ==
363	offsetof(struct protosw, pr_protosw));
364	_CASSERT(offsetof(struct ip6protosw, pr_type) ==
365	offsetof(struct protosw, pr_type));
366	_CASSERT(offsetof(struct ip6protosw, pr_protocol) ==
367	offsetof(struct protosw, pr_protocol));
368	_CASSERT(offsetof(struct ip6protosw, pr_flags) ==
369	offsetof(struct protosw, pr_flags));
370	_CASSERT(offsetof(struct ip6protosw, pr_input) ==
371	offsetof(struct protosw, pr_input));
372	_CASSERT(offsetof(struct ip6protosw, pr_output) ==
373	offsetof(struct protosw, pr_output));
374	_CASSERT(offsetof(struct ip6protosw, pr_ctlinput) ==
375	offsetof(struct protosw, pr_ctlinput));
376	_CASSERT(offsetof(struct ip6protosw, pr_ctloutput) ==
377	offsetof(struct protosw, pr_ctloutput));
378	_CASSERT(offsetof(struct ip6protosw, pr_usrreqs) ==
379	offsetof(struct protosw, pr_usrreqs));
380	_CASSERT(offsetof(struct ip6protosw, pr_init) ==
381	offsetof(struct protosw, pr_init));
382	_CASSERT(offsetof(struct ip6protosw, pr_drain) ==
383	offsetof(struct protosw, pr_drain));
384	_CASSERT(offsetof(struct ip6protosw, pr_sysctl) ==
385	offsetof(struct protosw, pr_sysctl));
386	_CASSERT(offsetof(struct ip6protosw, pr_lock) ==
387	offsetof(struct protosw, pr_lock));
388	_CASSERT(offsetof(struct ip6protosw, pr_unlock) ==
389	offsetof(struct protosw, pr_unlock));
390	_CASSERT(offsetof(struct ip6protosw, pr_getlock) ==
391	offsetof(struct protosw, pr_getlock));
392	_CASSERT(offsetof(struct ip6protosw, pr_filter_head) ==
393	offsetof(struct protosw, pr_filter_head));
394	_CASSERT(offsetof(struct ip6protosw, pr_old) ==
395	offsetof(struct protosw, pr_old));
396	_CASSERT(offsetof(struct ip6protosw, pr_update_last_owner) ==
397	offsetof(struct protosw, pr_update_last_owner));
398	_CASSERT(offsetof(struct ip6protosw, pr_copy_last_owner) ==
399	offsetof(struct protosw, pr_copy_last_owner));
400
401	/*
402	* Attach first, then initialize. ip6_init() needs raw IP6 handler.
403	*/
404	for (i = `0`, pr = &inet6sw[`0`]; i < in6_proto_count; i++, pr++) {
405	net_add_proto((struct protosw *)pr, dp, `0`);
406	}
407	for (i = `0`, pr = &inet6sw[`0`]; i < in6_proto_count; i++, pr++) {
408	net_init_proto((struct protosw *)pr, dp);
409	}
410
411	inet6_domain_mutex = dp->dom_mtx;
412	}
413
414	static int
415	rip6_pr_output(struct mbuf m, struct* socket so, struct* sockaddr_in6 *sin6,
416	struct mbuf *m1)
417	{
418	#pragma unused(m, so, sin6, m1)
419	panic("%s", __func__);
420	/ NOTREACHED /
421	return `0`;
422	}
423
424	/*
425	* Internet configuration info
426	*/
427	#ifndef IPV6FORWARDING
428	#if GATEWAY6
429	#define IPV6FORWARDING 1 /* forward IP6 packets not for us */
430	#else
431	#define IPV6FORWARDING 0 /* don't forward IP6 packets not for us */
432	#endif /* GATEWAY6 */
433	#endif /* !IPV6FORWARDING */
434
435	#ifndef IPV6_SENDREDIRECTS
436	#define IPV6_SENDREDIRECTS 1
437	#endif
438
439	int ip6_forwarding = IPV6FORWARDING; / act as router? /
440	int ip6_sendredirects = IPV6_SENDREDIRECTS;
441	int ip6_defhlim = IPV6_DEFHLIM;
442	int ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS;
443	int ip6_accept_rtadv = `1`; / deprecated /
444	int ip6_log_interval = `5`;
445	int ip6_hdrnestlimit = `15`; / How many header options will we process? /
446	int ip6_dad_count = `1`; / DupAddrDetectionTransmits /
447	int ip6_auto_flowlabel = `1`;
448	int ip6_gif_hlim = `0`;
449	int ip6_use_deprecated = `1`; / allow deprecated addr [RFC 4862, 5.5.4] /
450	int ip6_rr_prune = `5`; / router renumbering prefix*
451	* walk list every 5 sec. */
452	int ip6_mcast_pmtu = `0`; / enable pMTU discovery for multicast? /
453	int ip6_v6only = `0`; / Mapped addresses off by default - Radar 3347718 -- REVISITING FOR 10.7 -- TESTING WITH MAPPED@ OFF /
454
455	int ip6_neighborgcthresh = `1024`; / Threshold # of NDP entries for GC /
456	int ip6_maxifprefixes = `16`; / Max acceptable prefixes via RA per IF /
457	int ip6_maxifdefrouters = `64`; / Max acceptable default or RTI routers via RA /
458	int ip6_maxdynroutes = `1024`; / Max # of routes created via redirect /
459	int ip6_only_allow_rfc4193_prefix = `0`; / Only allow RFC4193 style Unique Local IPv6 Unicast prefixes /
460
461	static int ip6_keepfaith = `0`;
462	uint64_t ip6_log_time = `0`;
463	int nd6_onlink_ns_rfc4861 = `0`; / allow 'on-link' nd6 NS (as in RFC 4861) /
464
465	/ icmp6 /
466	/*
467	* BSDI4 defines these variables in in_proto.c...
468	* XXX: what if we don't define INET? Should we define pmtu6_expire
469	* or so? (jinmei@kame.net 19990310)
470	*/
471	int pmtu_expire = `60` * `10`;
472	int pmtu_probe = `60` * `2`;
473
474	/ raw IP6 parameters /
475	/*
476	* Nominal space allocated to a raw ip socket.
477	*/
478	#define RIPV6SNDQ 8192
479	#define RIPV6RCVQ 8192
480
481	u_int32_t rip6_sendspace = RIPV6SNDQ;
482	u_int32_t rip6_recvspace = RIPV6RCVQ;
483
484	/ ICMPV6 parameters /
485	int icmp6_rediraccept = `1`; / accept and process redirects /
486	int icmp6_redirtimeout = `10` * `60`; / 10 minutes /
487	uint32_t icmp6errppslim = `500`; / 500 packets per second /
488	uint32_t icmp6errppslim_random_incr = `500`; / We further randomize icmp6errppslim*
489	* with this during icmpv6 initialization*/
490	int icmp6rappslim = `10`; / 10 packets per second /
491	int icmp6_nodeinfo = `0`; / enable/disable NI response /
492
493	/ UDP on IP6 parameters /
494	int udp6_sendspace = `9216`; / really max datagram size /
495	int udp6_recvspace = `40` * (`1024` + sizeof(struct sockaddr_in6));
496	/ 40 1K datagrams /
497
498	/*
499	* sysctl related items.
500	*/
501	SYSCTL_NODE(_net, PF_INET6, inet6,
502	CTLFLAG_RW \| CTLFLAG_LOCKED, `0`, "Internet6 Family");
503
504	/ net.inet6 /
505	SYSCTL_NODE(_net_inet6, IPPROTO_IPV6, ip6,
506	CTLFLAG_RW \| CTLFLAG_LOCKED, `0`, "IP6");
507	SYSCTL_NODE(_net_inet6, IPPROTO_ICMPV6, icmp6,
508	CTLFLAG_RW \| CTLFLAG_LOCKED, `0`, "ICMP6");
509	SYSCTL_NODE(_net_inet6, IPPROTO_UDP, udp6,
510	CTLFLAG_RW \| CTLFLAG_LOCKED, `0`, "UDP6");
511	SYSCTL_NODE(_net_inet6, IPPROTO_TCP, tcp6,
512	CTLFLAG_RW \| CTLFLAG_LOCKED, `0`, "TCP6");
513	#if IPSEC
514	SYSCTL_NODE(_net_inet6, IPPROTO_ESP, ipsec6,
515	CTLFLAG_RW \| CTLFLAG_LOCKED, `0`, "IPSEC6");
516	#endif /* IPSEC */
517
518	/ net.inet6.ip6 /
519	static int
520	sysctl_ip6_temppltime SYSCTL_HANDLER_ARGS
521	{
522	#pragma unused(oidp, arg2)
523	int error = `0`;
524	int value = `0`;
525
526	error = SYSCTL_OUT(req, arg1, sizeof(int));
527	if (error \|\| !req->newptr) {
528	return error;
529	}
530
531	error = SYSCTL_IN(req, &value, sizeof(value));
532	if (error) {
533	return error;
534	}
535
536	if (value > ND6_MAX_LIFETIME \|\|
537	value < ip6_desync_factor + ip6_temp_regen_advance) {
538	return EINVAL;
539	}
540
541	ip6_temp_preferred_lifetime = value;
542	return error;
543	}
544
545	static int
546	sysctl_ip6_tempvltime SYSCTL_HANDLER_ARGS
547	{
548	#pragma unused(oidp, arg2)
549	int error = `0`;
550	uint32_t value = `0`;
551
552	error = SYSCTL_OUT(req, arg1, sizeof(uint32_t));
553	if (error \|\| !req->newptr) {
554	return error;
555	}
556
557	error = SYSCTL_IN(req, &value, sizeof(value));
558	if (error) {
559	return error;
560	}
561
562	if (value > ND6_MAX_LIFETIME \|\|
563	value < ip6_temp_preferred_lifetime) {
564	return EINVAL;
565	}
566
567	ip6_temp_valid_lifetime = value;
568	return error;
569	}
570
571	static int
572	sysctl_ip6_cga_conflict_retries SYSCTL_HANDLER_ARGS
573	{
574	#pragma unused(oidp, arg2)
575	int error = `0`;
576	int value = `0`;
577
578	error = SYSCTL_OUT(req, arg1, sizeof(int));
579	if (error \|\| !req->newptr) {
580	return error;
581	}
582
583	error = SYSCTL_IN(req, &value, sizeof(value));
584	if (error) {
585	return error;
586	}
587	if (value > IPV6_CGA_CONFLICT_RETRIES_MAX \|\| value < `0`) {
588	return EINVAL;
589	}
590
591	ip6_cga_conflict_retries = value;
592	return `0`;
593	}
594
595	static int
596	ip6_getstat SYSCTL_HANDLER_ARGS
597	{
598	#pragma unused(oidp, arg1, arg2)
599	if (req->oldptr == USER_ADDR_NULL) {
600	req->oldlen = (size_t)sizeof(struct ip6stat);
601	}
602
603	return SYSCTL_OUT(req, &ip6stat, MIN(sizeof(ip6stat), req->oldlen));
604	}
605
606	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_SENDREDIRECTS,
607	redirect, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_sendredirects, `0`, "");
608	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFHLIM,
609	hlim, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_defhlim, `0`, "");
610	SYSCTL_PROC(_net_inet6_ip6, IPV6CTL_STATS, stats,
611	CTLTYPE_STRUCT \| CTLFLAG_RD \| CTLFLAG_LOCKED,
612	`0`, `0`, ip6_getstat, "S,ip6stat", "");
613
614	#if (DEVELOPMENT \|\| DEBUG)
615	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV,
616	accept_rtadv, CTLFLAG_RW \| CTLFLAG_LOCKED,
617	&ip6_accept_rtadv, `0`, "");
618	#else
619	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV,
620	accept_rtadv, CTLFLAG_RD \| CTLFLAG_LOCKED,
621	&ip6_accept_rtadv, `0`, "");
622	#endif /* (DEVELOPMENT \|\| DEBUG) */
623	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH,
624	keepfaith, CTLFLAG_RD \| CTLFLAG_LOCKED, &ip6_keepfaith, `0`, "");
625	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL,
626	log_interval, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_log_interval, `0`, "");
627	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_HDRNESTLIMIT,
628	hdrnestlimit, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_hdrnestlimit, `0`, "");
629	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DAD_COUNT,
630	dad_count, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_dad_count, `0`, "");
631	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_FLOWLABEL,
632	auto_flowlabel, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_auto_flowlabel, `0`, "");
633	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_DEFMCASTHLIM,
634	defmcasthlim, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_defmcasthlim, `0`, "");
635	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM,
636	gifhlim, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_gif_hlim, `0`, "");
637	SYSCTL_STRING(_net_inet6_ip6, IPV6CTL_KAME_VERSION,
638	kame_version, CTLFLAG_RD \| CTLFLAG_LOCKED, (void *)((uintptr_t)(__KAME_VERSION)), `0`, "");
639	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEPRECATED,
640	use_deprecated, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_use_deprecated, `0`, "");
641	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RR_PRUNE,
642	rr_prune, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_rr_prune, `0`, "");
643	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USETEMPADDR,
644	use_tempaddr, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_use_tempaddr, `0`, "");
645	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_ULA_USETEMPADDR,
646	ula_use_tempaddr, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_ula_use_tempaddr, `0`, "");
647	SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPPLTIME, temppltime,
648	CTLTYPE_INT \| CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_temp_preferred_lifetime, `0`,
649	sysctl_ip6_temppltime, "I", "");
650	SYSCTL_OID(_net_inet6_ip6, IPV6CTL_TEMPVLTIME, tempvltime,
651	CTLTYPE_INT \| CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_temp_valid_lifetime, `0`,
652	sysctl_ip6_tempvltime, "I", "");
653	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_V6ONLY,
654	v6only, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_v6only, `0`, "");
655	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL,
656	auto_linklocal, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_auto_linklocal, `0`, "");
657	SYSCTL_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD \| CTLFLAG_LOCKED,
658	&rip6stat, rip6stat, "");
659	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR,
660	prefer_tempaddr, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_prefer_tempaddr, `0`, "");
661	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_USE_DEFAULTZONE,
662	use_defaultzone, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_use_defzone, `0`, "");
663	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MCAST_PMTU,
664	mcast_pmtu, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_mcast_pmtu, `0`, "");
665	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_NEIGHBORGCTHRESH,
666	neighborgcthresh, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_neighborgcthresh, `0`, "");
667	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXIFPREFIXES,
668	maxifprefixes, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_maxifprefixes, `0`, "");
669	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXIFDEFROUTERS,
670	maxifdefrouters, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_maxifdefrouters, `0`, "");
671	SYSCTL_INT(_net_inet6_ip6, IPV6CTL_MAXDYNROUTES,
672	maxdynroutes, CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_maxdynroutes, `0`, "");
673	SYSCTL_INT(_net_inet6_ip6, OID_AUTO,
674	only_allow_rfc4193_prefixes, CTLFLAG_RW \| CTLFLAG_LOCKED,
675	&ip6_only_allow_rfc4193_prefix, `0`, "");
676	SYSCTL_INT(_net_inet6_ip6, OID_AUTO,
677	clat_debug, CTLFLAG_RW \| CTLFLAG_LOCKED, &clat_debug, `0`, "");
678
679	SYSCTL_PROC(_net_inet6_ip6, OID_AUTO,
680	cga_conflict_retries, CTLTYPE_INT \| CTLFLAG_RW \| CTLFLAG_LOCKED,
681	&ip6_cga_conflict_retries, `0`, sysctl_ip6_cga_conflict_retries, "IU", "");
682
683
684	static int sysctl_ip6_forwarding SYSCTL_HANDLER_ARGS;
685
686	SYSCTL_PROC(_net_inet6_ip6, IPV6CTL_FORWARDING, forwarding,
687	CTLTYPE_INT \| CTLFLAG_RW \| CTLFLAG_LOCKED, &ip6_forwarding, `0`,
688	sysctl_ip6_forwarding, "I", "");
689
690	static int
691	sysctl_ip6_forwarding SYSCTL_HANDLER_ARGS
692	{
693	#pragma unused(arg1, arg2)
694	int error, i;
695	char proc_name_string[MAXCOMLEN + `1`];
696	proc_name(pid: proc_pid(current_proc()), buf: proc_name_string, size: sizeof(proc_name_string));
697
698	i = ip6_forwarding;
699	os_log(OS_LOG_DEFAULT, "%s:%s entry: ip6_forwarding is %d",
700	proc_name_string, __func__, ip6_forwarding);
701
702	error = sysctl_handle_int(oidp, arg1: &i, arg2: `0`, req);
703	if (error \|\| req->newptr == USER_ADDR_NULL) {
704	goto done;
705	}
706	/ impose bounds /
707	if (i < `0`) {
708	error = EINVAL;
709	goto done;
710	}
711
712	if (i > `0`) {
713	i = `1`;
714	}
715
716	ip6_forwarding = i;
717	done:
718	os_log(OS_LOG_DEFAULT, "%s:%s return: ip6_forwarding is %d "
719	"and error is %d", proc_name_string, __func__, ip6_forwarding, error);
720	return error;
721	}
722
723	/*
724	* One single sysctl to set v6 stack profile for IPv6 compliance testing.
725	* A lot of compliance test suites are not aware of other enhancements in IPv6
726	* protocol and expect some arguably obsolete behavior.
727	*/
728	static int v6_compliance_profile;
729	static int
730	sysctl_set_v6_compliance_profile SYSCTL_HANDLER_ARGS
731	{
732	#pragma unused(oidp, arg2)
733	int changed, error;
734	int value = (int* *) arg1;
735
736	error = sysctl_io_number(req, bigValue: value, valueSize: sizeof(value), pValue: &value, changed: &changed);
737	if (error \|\| !changed) {
738	return error;
739	}
740
741	if (value != `0` && value != `1`) {
742	return ERANGE;
743	}
744
745	if (value == `1`) {
746	ip6_use_tempaddr = `0`;
747	dad_enhanced = `0`;
748	icmp6_rediraccept = `1`;
749	nd6_optimistic_dad = `0`;
750	nd6_process_rti = ND6_PROCESS_RTI_ENABLE;
751	} else {
752	ip6_use_tempaddr = IP6_USE_TMPADDR_DEFAULT;
753	dad_enhanced = ND6_DAD_ENHANCED_DEFAULT;
754	icmp6_rediraccept = ICMP6_REDIRACCEPT_DEFAULT;
755	nd6_optimistic_dad = ND6_OPTIMISTIC_DAD_DEFAULT;
756	nd6_process_rti = ND6_PROCESS_RTI_DEFAULT;
757	}
758
759	v6_compliance_profile = value;
760	return `0`;
761	}
762
763	SYSCTL_PROC(_net_inet6_ip6, OID_AUTO, compliance_profile,
764	CTLTYPE_INT \| CTLFLAG_RW \| CTLFLAG_LOCKED,
765	&v6_compliance_profile, `0`, sysctl_set_v6_compliance_profile,
766	"I", "set IPv6 compliance profile");
767
768	/ net.inet6.icmp6 /
769	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
770	rediraccept, CTLFLAG_RW \| CTLFLAG_LOCKED, &icmp6_rediraccept, `0`, "");
771	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRTIMEOUT,
772	redirtimeout, CTLFLAG_RW \| CTLFLAG_LOCKED, &icmp6_redirtimeout, `0`, "");
773	SYSCTL_STRUCT(_net_inet6_icmp6, ICMPV6CTL_STATS, stats, CTLFLAG_RD \| CTLFLAG_LOCKED,
774	&icmp6stat, icmp6stat, "");
775	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_PRUNE,
776	nd6_prune, CTLFLAG_RW \| CTLFLAG_LOCKED, &nd6_prune, `0`, "");
777	SYSCTL_INT(_net_inet6_icmp6, OID_AUTO,
778	nd6_prune_lazy, CTLFLAG_RW \| CTLFLAG_LOCKED, &nd6_prune_lazy, `0`, "");
779	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DELAY,
780	nd6_delay, CTLFLAG_RW \| CTLFLAG_LOCKED, &nd6_delay, `0`, "");
781	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_UMAXTRIES,
782	nd6_umaxtries, CTLFLAG_RW \| CTLFLAG_LOCKED, &nd6_umaxtries, `0`, "");
783	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_MMAXTRIES,
784	nd6_mmaxtries, CTLFLAG_RW \| CTLFLAG_LOCKED, &nd6_mmaxtries, `0`, "");
785	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_USELOOPBACK,
786	nd6_useloopback, CTLFLAG_RW \| CTLFLAG_LOCKED, &nd6_useloopback, `0`, "");
787	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ACCEPT_6TO4,
788	nd6_accept_6to4, CTLFLAG_RW \| CTLFLAG_LOCKED, &nd6_accept_6to4, `0`, "");
789	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_NODEINFO,
790	nodeinfo, CTLFLAG_RW \| CTLFLAG_LOCKED, &icmp6_nodeinfo, `0`, "");
791	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT,
792	errppslimit, CTLFLAG_RW \| CTLFLAG_LOCKED, &icmp6errppslim, `0`, "");
793	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ERRPPSLIMIT_RANDOM_INCR,
794	errppslimit_random_incr, CTLFLAG_RW \| CTLFLAG_LOCKED, &icmp6errppslim_random_incr, `0`, "");
795	SYSCTL_INT(_net_inet6_icmp6, OID_AUTO,
796	rappslimit, CTLFLAG_RW \| CTLFLAG_LOCKED, &icmp6rappslim, `0`, "");
797	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG,
798	nd6_debug, CTLFLAG_RW \| CTLFLAG_LOCKED, &nd6_debug, `0`, "");
799	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
800	nd6_onlink_ns_rfc4861, CTLFLAG_RW \| CTLFLAG_LOCKED, &nd6_onlink_ns_rfc4861, `0`,
801	"Accept 'on-link' nd6 NS in compliance with RFC 4861.");
802	SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_OPTIMISTIC_DAD,
803	nd6_optimistic_dad, CTLFLAG_RW \| CTLFLAG_LOCKED, &nd6_optimistic_dad, `0`, "");
804

Browse the source code of xnu/bsd/netinet6/in6_proto.c