-/* $OpenBSD: if.c,v 1.718 2024/02/06 00:18:53 bluhm Exp $ */
+/* $OpenBSD: if.c,v 1.719 2024/06/20 19:25:42 bluhm Exp $ */
/* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */
/*
* Update the link-local address. Don't do it if we're
* a router to avoid confusing hosts on the network.
*/
- if (!ip6_forwarding) {
+ if (ip6_forwarding == 0) {
ifa = &in6ifa_ifpforlinklocal(ifp, 0)->ia_ifa;
if (ifa) {
in6_purgeaddr(ifa);
-/* $OpenBSD: pf.c,v 1.1197 2024/06/07 18:24:16 bluhm Exp $ */
+/* $OpenBSD: pf.c,v 1.1198 2024/06/20 19:25:42 bluhm Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
break;
case AF_INET6:
if (pd.dir == PF_IN) {
+ int flags;
+
if (ip6_forwarding == 0) {
ip6stat_inc(ip6s_cantforward);
action = PF_DROP;
break;
}
- ip6_forward(pd.m, NULL, 1);
+ flags = IPV6_FORWARDING | IPV6_REDIRECT;
+ ip6_forward(pd.m, NULL, flags);
} else
ip6_output(pd.m, NULL, NULL, 0, NULL, NULL);
break;
-/* $OpenBSD: pf_norm.c,v 1.230 2024/04/22 13:30:22 bluhm Exp $ */
+/* $OpenBSD: pf_norm.c,v 1.231 2024/06/20 19:25:42 bluhm Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
while ((m = ml_dequeue(&ml)) != NULL) {
m->m_pkthdr.pf.flags |= PF_TAG_REFRAGMENTED;
if (ifp == NULL) {
- ip6_forward(m, NULL, 0);
+ ip6_forward(m, NULL, IPV6_FORWARDING);
} else if ((u_long)m->m_pkthdr.len <= ifp->if_mtu) {
ifp->if_output(ifp, m, sin6tosa(dst), rt);
} else {
-/* $OpenBSD: ip_carp.c,v 1.361 2024/02/13 12:22:09 bluhm Exp $ */
+/* $OpenBSD: ip_carp.c,v 1.362 2024/06/20 19:25:42 bluhm Exp $ */
/*
* Copyright (c) 2002 Michael Shalayeff. All rights reserved.
struct ifaddr *ifa;
struct in6_addr *in6;
static struct in6_addr mcast = IN6ADDR_LINKLOCAL_ALLNODES_INIT;
+ int flags = ND_NA_FLAG_OVERRIDE;
+
+ if (ip6_forwarding != 0)
+ flags |= ND_NA_FLAG_ROUTER;
TAILQ_FOREACH(ifa, &sc->sc_if.if_addrlist, ifa_list) {
continue;
in6 = &ifatoia6(ifa)->ia_addr.sin6_addr;
- nd6_na_output(&sc->sc_if, &mcast, in6,
- ND_NA_FLAG_OVERRIDE |
- (ip6_forwarding ? ND_NA_FLAG_ROUTER : 0), 1, NULL);
+ nd6_na_output(&sc->sc_if, &mcast, in6, flags, 1, NULL);
}
}
#endif /* INET6 */
-/* $OpenBSD: icmp6.c,v 1.252 2024/04/21 17:32:10 florian Exp $ */
+/* $OpenBSD: icmp6.c,v 1.253 2024/06/20 19:25:42 bluhm Exp $ */
/* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */
/*
if (ifp == NULL)
return;
- /* XXX if we are router, we don't update route by icmp6 redirect */
- if (ip6_forwarding)
+ /* if we are router, we don't update route by icmp6 redirect */
+ if (ip6_forwarding != 0)
goto freeit;
if (!(ifp->if_xflags & IFXF_AUTOCONF6))
goto freeit;
icmp6_errcount(ND_REDIRECT, 0);
/* if we are not router, we don't send icmp6 redirect */
- if (!ip6_forwarding)
+ if (ip6_forwarding == 0)
goto fail;
/* sanity check */
-/* $OpenBSD: ip6_forward.c,v 1.118 2024/06/07 18:24:16 bluhm Exp $ */
+/* $OpenBSD: ip6_forward.c,v 1.119 2024/06/20 19:25:42 bluhm Exp $ */
/* $KAME: ip6_forward.c,v 1.75 2001/06/29 12:42:13 jinmei Exp $ */
/*
*/
void
-ip6_forward(struct mbuf *m, struct route *ro, int srcrt)
+ip6_forward(struct mbuf *m, struct route *ro, int flags)
{
struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
struct route iproute;
m_freem(m);
goto freecopy;
}
- if (rt->rt_ifidx == m->m_pkthdr.ph_ifidx && !srcrt &&
- ip6_sendredirects &&
+ if (rt->rt_ifidx == m->m_pkthdr.ph_ifidx &&
+ ip6_sendredirects && !ISSET(flags, IPV6_REDIRECT) &&
(rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0) {
if ((ifp->if_flags & IFF_POINTOPOINT) &&
nd6_is_addr_neighbor(&ro->ro_dstsin6, ifp)) {
} else if (m->m_pkthdr.pf.flags & PF_TAG_REROUTE) {
/* tag as generated to skip over pf_test on rerun */
m->m_pkthdr.pf.flags |= PF_TAG_GENERATED;
- srcrt = 1;
+ SET(flags, IPV6_REDIRECT);
if (ro == &iproute)
rtfree(ro->ro_rt);
ro = NULL;
-/* $OpenBSD: ip6_input.c,v 1.262 2024/05/08 13:01:30 bluhm Exp $ */
+/* $OpenBSD: ip6_input.c,v 1.263 2024/06/20 19:25:42 bluhm Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
uint8_t ip6_soiikey[IP6_SOIIKEY_LEN];
-int ip6_ours(struct mbuf **, int *, int, int);
+int ip6_ours(struct mbuf **, int *, int, int, int);
int ip6_check_rh0hdr(struct mbuf *, int *);
-int ip6_hbhchcheck(struct mbuf **, int *, int *);
+int ip6_hbhchcheck(struct mbuf **, int *, int *, int);
int ip6_hopopts_input(struct mbuf **, int *, u_int32_t *, u_int32_t *);
struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int);
int ip6_sysctl_soiikey(void *, size_t *, void *, size_t);
* NET_LOCK_SHARED() and the transport layer needing it exclusively.
*/
int
-ip6_ours(struct mbuf **mp, int *offp, int nxt, int af)
+ip6_ours(struct mbuf **mp, int *offp, int nxt, int af, int flags)
{
/* ip6_hbhchcheck() may be run before, then off and nxt are set */
if (*offp == 0) {
- nxt = ip6_hbhchcheck(mp, offp, NULL);
+ nxt = ip6_hbhchcheck(mp, offp, NULL, flags);
if (nxt == IPPROTO_DONE)
return IPPROTO_DONE;
}
#if NPF > 0
struct in6_addr odst;
#endif
- int pfrdr = 0;
+ int flags = 0;
KASSERT(*offp == 0);
goto bad;
ip6 = mtod(m, struct ip6_hdr *);
- pfrdr = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
+ if (!IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst))
+ SET(flags, IPV6_REDIRECT);
#endif
+ if (ip6_forwarding != 0)
+ SET(flags, IPV6_FORWARDING);
+
/*
* Without embedded scope ID we cannot find link-local
* addresses in the routing table.
#if NPF > 0
if (pf_ouraddr(m) == 1) {
- nxt = ip6_ours(mp, offp, nxt, af);
+ nxt = ip6_ours(mp, offp, nxt, af, flags);
goto out;
}
#endif
if (ip6_mforwarding && ip6_mrouter[ifp->if_rdomain]) {
int error;
- nxt = ip6_hbhchcheck(&m, offp, &ours);
+ nxt = ip6_hbhchcheck(&m, offp, &ours, flags);
if (nxt == IPPROTO_DONE)
goto out;
if (ours) {
if (af == AF_UNSPEC)
- nxt = ip6_ours(mp, offp, nxt, af);
+ nxt = ip6_ours(mp, offp, nxt, af,
+ flags);
goto out;
}
goto bad;
ip6stat_inc(ip6s_cantforward);
goto bad;
}
- nxt = ip6_ours(mp, offp, nxt, af);
+ nxt = ip6_ours(mp, offp, nxt, af, flags);
goto out;
}
if (rt != NULL && ISSET(rt->rt_flags, RTF_LOCAL)) {
struct in6_ifaddr *ia6 = ifatoia6(rt->rt_ifa);
- if (ip6_forwarding == 0 && rt->rt_ifidx != ifp->if_index &&
+ if (!ISSET(flags, IPV6_FORWARDING) &&
+ rt->rt_ifidx != ifp->if_index &&
!((ifp->if_flags & IFF_LOOPBACK) ||
(ifp->if_type == IFT_ENC) ||
(m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST))) {
goto bad;
} else {
- nxt = ip6_ours(mp, offp, nxt, af);
+ nxt = ip6_ours(mp, offp, nxt, af, flags);
goto out;
}
}
* Now there is no reason to process the packet if it's not our own
* and we're not a router.
*/
- if (!ip6_forwarding) {
+ if (!ISSET(flags, IPV6_FORWARDING)) {
ip6stat_inc(ip6s_cantforward);
goto bad;
}
- nxt = ip6_hbhchcheck(&m, offp, &ours);
+ nxt = ip6_hbhchcheck(&m, offp, &ours, flags);
if (nxt == IPPROTO_DONE)
goto out;
if (ours) {
if (af == AF_UNSPEC)
- nxt = ip6_ours(mp, offp, nxt, af);
+ nxt = ip6_ours(mp, offp, nxt, af, flags);
goto out;
}
}
#endif /* IPSEC */
- ip6_forward(m, &ro, pfrdr);
+ ip6_forward(m, &ro, flags);
*mp = NULL;
rtfree(ro.ro_rt);
return IPPROTO_DONE;
/* On error free mbuf and return IPPROTO_DONE. */
int
-ip6_hbhchcheck(struct mbuf **mp, int *offp, int *oursp)
+ip6_hbhchcheck(struct mbuf **mp, int *offp, int *oursp, int flags)
{
struct ip6_hdr *ip6;
u_int32_t plen, rtalert = ~0;
* accept the packet if a router alert option is included
* and we act as an IPv6 router.
*/
- if (rtalert != ~0 && ip6_forwarding && oursp != NULL)
+ if (rtalert != ~0 && ISSET(flags, IPV6_FORWARDING) &&
+ oursp != NULL)
*oursp = 1;
} else
nxt = ip6->ip6_nxt;
-/* $OpenBSD: ip6_var.h,v 1.117 2024/05/13 01:15:53 jsg Exp $ */
+/* $OpenBSD: ip6_var.h,v 1.118 2024/06/20 19:25:42 bluhm Exp $ */
/* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */
/*
counters_add(ip6counters, c, v);
}
-/* flags passed to ip6_output as last parameter */
-#define IPV6_UNSPECSRC 0x01 /* allow :: as the source address */
-#define IPV6_FORWARDING 0x02 /* most of IPv6 header exists */
-#define IPV6_MINMTU 0x04 /* use minimum MTU (IPV6_USE_MIN_MTU) */
+/* flags passed to ip6_output or ip6_forward as last parameter */
+#define IPV6_UNSPECSRC 0x01 /* allow :: as the source address */
+#define IPV6_FORWARDING 0x02 /* most of IPv6 header exists */
+#define IPV6_MINMTU 0x04 /* use minimum MTU (IPV6_USE_MIN_MTU) */
+#define IPV6_REDIRECT 0x08 /* redirected by pf */
extern int ip6_mtudisc_timeout; /* mtu discovery */
extern struct rttimer_queue icmp6_mtudisc_timeout_q;
-/* $OpenBSD: nd6.c,v 1.280 2023/05/13 16:27:59 bluhm Exp $ */
+/* $OpenBSD: nd6.c,v 1.281 2024/06/20 19:25:42 bluhm Exp $ */
/* $KAME: nd6.c,v 1.280 2002/06/08 19:52:07 itojun Exp $ */
/*
ifp = if_get(rt->rt_ifidx);
- if (!ip6_forwarding) {
+ if (ip6_forwarding == 0) {
if (ln->ln_router) {
/*
* rt6_flush must be called whether or not the neighbor
-/* $OpenBSD: nd6_nbr.c,v 1.151 2023/07/30 12:52:03 krw Exp $ */
+/* $OpenBSD: nd6_nbr.c,v 1.152 2024/06/20 19:25:42 bluhm Exp $ */
/* $KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $ */
/*
struct ifaddr *ifa = NULL;
int lladdrlen = 0;
int anycast = 0, proxy = 0, tentative = 0;
- int router = ip6_forwarding;
+ int i_am_router = (ip6_forwarding != 0);
int tlladdr;
struct nd_opts ndopts;
struct sockaddr_dl *proxydl = NULL;
if (ifa) {
proxy = 1;
proxydl = satosdl(rt->rt_gateway);
- router = 0; /* XXX */
+ i_am_router = 0; /* XXX */
}
}
if (rt)
saddr6.s6_addr16[1] = htons(ifp->if_index);
nd6_na_output(ifp, &saddr6, &taddr6,
((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) |
- (router ? ND_NA_FLAG_ROUTER : 0),
+ (i_am_router ? ND_NA_FLAG_ROUTER : 0),
tlladdr, sdltosa(proxydl));
goto freeit;
}
nd6_na_output(ifp, &saddr6, &taddr6,
((anycast || proxy || !tlladdr) ? 0 : ND_NA_FLAG_OVERRIDE) |
- (router ? ND_NA_FLAG_ROUTER : 0) | ND_NA_FLAG_SOLICITED,
+ (i_am_router ? ND_NA_FLAG_ROUTER : 0) | ND_NA_FLAG_SOLICITED,
tlladdr, sdltosa(proxydl));
freeit:
m_freem(m);
int is_override;
char *lladdr = NULL;
int lladdrlen = 0;
+ int i_am_router = (ip6_forwarding != 0);
struct ifaddr *ifa;
struct in6_ifaddr *ifa6;
struct llinfo_nd6 *ln;
* If we are a router, we may create new stale cache entries upon
* receiving Unsolicited Neighbor Advertisements.
*/
- if (rt == NULL && ip6_forwarding == 1) {
+ if (rt == NULL && i_am_router) {
rt = nd6_lookup(&taddr6, 1, ifp, ifp->if_rdomain);
if (rt == NULL || lladdr == NULL ||
((sdl = satosdl(rt->rt_gateway)) == NULL))
}
if (ln->ln_router && !is_router) {
- if (!ip6_forwarding) {
+ if (!i_am_router) {
/*
* The neighbor may be used
* as a next hop for some destinations
projects / openbsd / commitdiff