From cf618f1e874ba9ba5eda669395c2f252d446b890 Mon Sep 17 00:00:00 2001 From: florian Date: Sun, 25 Oct 2015 14:43:06 +0000 Subject: [PATCH] Remove IPV6_NEXTHOP implementation. Source routing is considered to be a bad idea these days. kill it mpi@ general agreement in the network hackers room at u2k15 --- share/man/man4/ip6.4 | 15 +------ sys/netinet6/in6_src.c | 86 +---------------------------------- sys/netinet6/ip6_output.c | 95 ++------------------------------------- sys/netinet6/ip6_var.h | 13 +----- 4 files changed, 8 insertions(+), 201 deletions(-) diff --git a/share/man/man4/ip6.4 b/share/man/man4/ip6.4 index 56bb22188aa..7e60d7e3b1c 100644 --- a/share/man/man4/ip6.4 +++ b/share/man/man4/ip6.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ip6.4,v 1.33 2014/06/11 16:59:47 chrisz Exp $ +.\" $OpenBSD: ip6.4,v 1.34 2015/10/25 14:43:07 florian Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -26,7 +26,7 @@ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. -.Dd $Mdocdate: June 11 2014 $ +.Dd $Mdocdate: October 25 2015 $ .Dt IP6 4 .Os .Sh NAME @@ -251,17 +251,6 @@ The value is stored as an in the ancillary data returned. Turning this option on will result in this socket getting cmsg data of type IPV6_HOPLIMIT. -.It Dv IPV6_NEXTHOP Fa "int *" -Get or set whether the address of the next hop for subsequent -packets will be provided as ancillary data along with the payload in -subsequent -.Xr recvmsg 2 -calls. -The option is stored as a -.Vt sockaddr -structure in the ancillary data returned. -.Pp -This option requires superuser privileges. .It Dv IPV6_RECVHOPOPTS Fa "int *" Get or set whether the hop-by-hop options from subsequent packets will be provided as ancillary data along with the payload in subsequent diff --git a/sys/netinet6/in6_src.c b/sys/netinet6/in6_src.c index 450c7a57693..86c5a9d5a68 100644 --- a/sys/netinet6/in6_src.c +++ b/sys/netinet6/in6_src.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_src.c,v 1.69 2015/10/25 13:55:51 mpi Exp $ */ +/* $OpenBSD: in6_src.c,v 1.70 2015/10/25 14:43:06 florian Exp $ */ /* $KAME: in6_src.c,v 1.36 2001/02/06 04:08:17 itojun Exp $ */ /* @@ -219,38 +219,6 @@ in6_selectsrc(struct in6_addr **in6src, struct sockaddr_in6 *dstsock, } } - /* - * If the next hop address for the packet is specified - * by caller, use an address associated with the route - * to the next hop. - */ - { - struct sockaddr_in6 *sin6_next; - struct rtentry *rt; - - if (opts && opts->ip6po_nexthop) { - sin6_next = satosin6(opts->ip6po_nexthop); - rt = nd6_lookup(&sin6_next->sin6_addr, 1, NULL, - rtableid); - if (rt != NULL) { - ifp = if_get(rt->rt_ifidx); - if (ifp != NULL) { - ia6 = in6_ifawithscope(ifp, dst, - rtableid); - if_put(ifp); - } - if (ia6 == NULL) - ia6 = ifatoia6(rt->rt_ifa); - rtfree(rt); - } - if (ia6 == NULL) - return (EADDRNOTAVAIL); - - *in6src = &ia6->ia_addr.sin6_addr; - return (0); - } - } - /* * If route is known or can be allocated now, * our src addr is taken from the i/f, else punt. @@ -311,62 +279,10 @@ struct rtentry * in6_selectroute(struct sockaddr_in6 *dstsock, struct ip6_pktopts *opts, struct route_in6 *ro, unsigned int rtableid) { - struct sockaddr_in6 *sin6_next; struct in6_addr *dst; dst = &dstsock->sin6_addr; - /* - * If the next hop address for the packet is specified by the caller, - * use it as the gateway. - */ - if (opts && opts->ip6po_nexthop) { - struct route_in6 *ron; - - sin6_next = satosin6(opts->ip6po_nexthop); - - /* We only support AF_INET6 next hops */ - if (sin6_next->sin6_family != AF_INET6) - return (NULL); - - /* - * If the next hop is an IPv6 address, then the node identified - * by that address must be a neighbor of the sending host. - */ - ron = &opts->ip6po_nextroute; - if (!rtisvalid(ron->ro_rt) || - ISSET(ron->ro_rt->rt_flags, RTF_GATEWAY) || - !IN6_ARE_ADDR_EQUAL(&ron->ro_dst.sin6_addr, - &sin6_next->sin6_addr)) { - if (ron->ro_rt) { - rtfree(ron->ro_rt); - ron->ro_rt = NULL; - } - ron->ro_dst = *sin6_next; - ron->ro_tableid = rtableid; - } - if (ron->ro_rt == NULL) { - /* multi path case? */ - ron->ro_rt = rtalloc(sin6tosa(&ron->ro_dst), - RT_REPORT|RT_RESOLVE, ron->ro_tableid); - if (ron->ro_rt == NULL || - (ron->ro_rt->rt_flags & RTF_GATEWAY)) { - if (ron->ro_rt) { - rtfree(ron->ro_rt); - ron->ro_rt = NULL; - } - return (NULL); - } - } - if (!nd6_is_addr_neighbor(sin6_next, ron->ro_rt->rt_ifp)) { - rtfree(ron->ro_rt); - ron->ro_rt = NULL; - return (NULL); - } - - return (ron->ro_rt); - } - /* * Use a cached route if it exists and is valid, else try to allocate * a new one. Note that we should check the address family of the diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index e130d7f6a0b..2fa1c68a4cd 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.191 2015/10/24 12:33:16 mpi Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.192 2015/10/25 14:43:06 florian Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -558,17 +558,9 @@ reroute: *dst = dstsock; } - if (rt && !IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { - if (opt && opt->ip6po_nextroute.ro_rt) { - /* - * The nexthop is explicitly specified by the - * application. We assume the next hop is an IPv6 - * address. - */ - dst = satosin6(opt->ip6po_nexthop); - } else if ((rt->rt_flags & RTF_GATEWAY)) - dst = satosin6(rt->rt_gateway); - } + if (rt && (rt->rt_flags & RTF_GATEWAY) && + !IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) + dst = satosin6(rt->rt_gateway); if (!IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) { /* Unicast */ @@ -1484,7 +1476,6 @@ do { \ case IPV6_RTHDR: case IPV6_DSTOPTS: case IPV6_RTHDRDSTOPTS: - case IPV6_NEXTHOP: { /* new advanced API (RFC3542) */ u_char *optbuf; @@ -1817,7 +1808,6 @@ do { \ case IPV6_RTHDR: case IPV6_DSTOPTS: case IPV6_RTHDRDSTOPTS: - case IPV6_NEXTHOP: case IPV6_TCLASS: case IPV6_DONTFRAG: case IPV6_USE_MIN_MTU: @@ -2095,12 +2085,6 @@ ip6_getpcbopt(struct ip6_pktopts *pktopt, int optname, struct mbuf **mp) optdatalen = (ip6e->ip6e_len + 1) << 3; } break; - case IPV6_NEXTHOP: - if (pktopt && pktopt->ip6po_nexthop) { - optdata = (void *)pktopt->ip6po_nexthop; - optdatalen = pktopt->ip6po_nexthop->sa_len; - } - break; case IPV6_USE_MIN_MTU: if (pktopt) optdata = (void *)&pktopt->ip6po_minmtu; @@ -2147,15 +2131,6 @@ ip6_clearpktopts(struct ip6_pktopts *pktopt, int optname) pktopt->ip6po_hlim = -1; if (optname == -1 || optname == IPV6_TCLASS) pktopt->ip6po_tclass = -1; - if (optname == -1 || optname == IPV6_NEXTHOP) { - if (pktopt->ip6po_nextroute.ro_rt) { - rtfree(pktopt->ip6po_nextroute.ro_rt); - pktopt->ip6po_nextroute.ro_rt = NULL; - } - if (pktopt->ip6po_nexthop) - free(pktopt->ip6po_nexthop, M_IP6OPT, 0); - pktopt->ip6po_nexthop = NULL; - } if (optname == -1 || optname == IPV6_HOPOPTS) { if (pktopt->ip6po_hbh) free(pktopt->ip6po_hbh, M_IP6OPT, 0); @@ -2206,14 +2181,6 @@ copypktopts(struct ip6_pktopts *dst, struct ip6_pktopts *src, int canwait) goto bad; *dst->ip6po_pktinfo = *src->ip6po_pktinfo; } - if (src->ip6po_nexthop) { - dst->ip6po_nexthop = malloc(src->ip6po_nexthop->sa_len, - M_IP6OPT, canwait); - if (dst->ip6po_nexthop == NULL) - goto bad; - bcopy(src->ip6po_nexthop, dst->ip6po_nexthop, - src->ip6po_nexthop->sa_len); - } PKTOPT_EXTHDRCPY(ip6po_hbh); PKTOPT_EXTHDRCPY(ip6po_dest1); PKTOPT_EXTHDRCPY(ip6po_dest2); @@ -2682,7 +2649,6 @@ ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt, switch (optname) { case IPV6_2292PKTINFO: case IPV6_2292HOPLIMIT: - case IPV6_2292NEXTHOP: case IPV6_2292HOPOPTS: case IPV6_2292DSTOPTS: case IPV6_2292RTHDR: @@ -2694,7 +2660,6 @@ ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt, switch (optname) { case IPV6_PKTINFO: case IPV6_HOPLIMIT: - case IPV6_NEXTHOP: case IPV6_HOPOPTS: case IPV6_DSTOPTS: case IPV6_RTHDRDSTOPTS: @@ -2798,58 +2763,6 @@ ip6_setpktopt(int optname, u_char *buf, int len, struct ip6_pktopts *opt, opt->ip6po_tclass = tclass; break; } - - case IPV6_2292NEXTHOP: - case IPV6_NEXTHOP: - if (!priv) - return (EPERM); - - if (len == 0) { /* just remove the option */ - ip6_clearpktopts(opt, IPV6_NEXTHOP); - break; - } - - /* check if cmsg_len is large enough for sa_len */ - if (len < sizeof(struct sockaddr) || len < *buf) - return (EINVAL); - - switch (((struct sockaddr *)buf)->sa_family) { - case AF_INET6: - { - struct sockaddr_in6 *sa6 = (struct sockaddr_in6 *)buf; - - if (sa6->sin6_len != sizeof(struct sockaddr_in6)) - return (EINVAL); - - if (IN6_IS_ADDR_UNSPECIFIED(&sa6->sin6_addr) || - IN6_IS_ADDR_MULTICAST(&sa6->sin6_addr)) { - return (EINVAL); - } - if (IN6_IS_SCOPE_EMBED(&sa6->sin6_addr)) { - struct ifnet *ifp; - ifp = if_get(sa6->sin6_scope_id); - if (ifp == NULL) - return (EINVAL); - if_put(ifp); - sa6->sin6_addr.s6_addr16[1] = - htonl(sa6->sin6_scope_id); - } else if (sa6->sin6_scope_id) - return (EINVAL); - break; - } - case AF_LINK: /* eventually be supported? */ - default: - return (EAFNOSUPPORT); - } - - /* turn off the previous option, then set the new option. */ - ip6_clearpktopts(opt, IPV6_NEXTHOP); - opt->ip6po_nexthop = malloc(*buf, M_IP6OPT, M_NOWAIT); - if (opt->ip6po_nexthop == NULL) - return (ENOBUFS); - bcopy(buf, opt->ip6po_nexthop, *buf); - break; - case IPV6_2292HOPOPTS: case IPV6_HOPOPTS: { diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h index 08a20b63f8c..2af3a05d810 100644 --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_var.h,v 1.55 2015/09/11 19:23:00 mpi Exp $ */ +/* $OpenBSD: ip6_var.h,v 1.56 2015/10/25 14:43:06 florian Exp $ */ /* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */ /* @@ -110,14 +110,6 @@ struct ip6po_rhinfo { #define ip6po_rthdr ip6po_rhinfo.ip6po_rhi_rthdr #define ip6po_route ip6po_rhinfo.ip6po_rhi_route -/* Nexthop related info */ -struct ip6po_nhinfo { - struct sockaddr *ip6po_nhi_nexthop; - struct route_in6 ip6po_nhi_route; -}; -#define ip6po_nexthop ip6po_nhinfo.ip6po_nhi_nexthop -#define ip6po_nextroute ip6po_nhinfo.ip6po_nhi_route - struct ip6_pktopts { /* Hoplimit for outgoing packets */ int ip6po_hlim; @@ -125,9 +117,6 @@ struct ip6_pktopts { /* Outgoing IF/address information */ struct in6_pktinfo *ip6po_pktinfo; - /* Next-hop address information */ - struct ip6po_nhinfo ip6po_nhinfo; - /* Hop-by-Hop options header */ struct ip6_hbh *ip6po_hbh; -- 2.20.1