Module Name: src Committed By: maxv Date: Mon Jan 29 10:57:13 UTC 2018
Modified Files: src/sys/netinet6: ip6_input.c ip6_var.h Log Message: Start cleaning up ip6_input.c. Several pieces of code have evolved but their neighboring comments were not updated. So update them, and remove code that has been disabled for years (it has no use anyway). To generate a diff of this commit: cvs rdiff -u -r1.185 -r1.186 src/sys/netinet6/ip6_input.c cvs rdiff -u -r1.76 -r1.77 src/sys/netinet6/ip6_var.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netinet6/ip6_input.c diff -u src/sys/netinet6/ip6_input.c:1.185 src/sys/netinet6/ip6_input.c:1.186 --- src/sys/netinet6/ip6_input.c:1.185 Sat Nov 25 13:18:02 2017 +++ src/sys/netinet6/ip6_input.c Mon Jan 29 10:57:13 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.185 2017/11/25 13:18:02 kre Exp $ */ +/* $NetBSD: ip6_input.c,v 1.186 2018/01/29 10:57:13 maxv Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.185 2017/11/25 13:18:02 kre Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.186 2018/01/29 10:57:13 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_gateway.h" @@ -130,10 +130,6 @@ extern struct domain inet6domain; u_char ip6_protox[IPPROTO_MAX]; pktqueue_t *ip6_pktq __read_mostly; -int ip6_forward_srcrt; /* XXX */ -int ip6_sourcecheck; /* XXX */ -int ip6_sourcecheck_interval; /* XXX */ - pfil_head_t *inet6_pfil_hook; percpu_t *ip6stat_percpu; @@ -206,7 +202,7 @@ static void ip6_init2(void) { - /* timer for regeneranation of temporary addresses randomize ID */ + /* timer for regeneration of temporary addresses randomize ID */ callout_init(&in6_tmpaddrtimer_ch, CALLOUT_MPSAFE); callout_reset(&in6_tmpaddrtimer_ch, (ip6_temp_preferred_lifetime - ip6_desync_factor - @@ -262,6 +258,8 @@ ip6_input(struct mbuf *m, struct ifnet * } u; struct route *ro; + KASSERT(rcvif != NULL); + /* * make sure we don't have onion peering information into m_tag. */ @@ -300,7 +298,7 @@ ip6_input(struct mbuf *m, struct ifnet * */ if (IP6_HDR_ALIGNED_P(mtod(m, void *)) == 0) { if ((m = m_copyup(m, sizeof(struct ip6_hdr), - (max_linkhdr + 3) & ~3)) == NULL) { + (max_linkhdr + 3) & ~3)) == NULL) { /* XXXJRT new stat, please */ IP6_STATINC(IP6_STAT_TOOSMALL); in6_ifstat_inc(rcvif, ifs6_in_hdrerr); @@ -382,6 +380,7 @@ ip6_input(struct mbuf *m, struct ifnet * in6_ifstat_inc(rcvif, ifs6_in_addrerr); goto bad; } + /* * The following check is not documented in specs. A malicious * party may be able to use IPv4 mapped addr to confuse tcp/udp stack @@ -400,6 +399,7 @@ ip6_input(struct mbuf *m, struct ifnet * in6_ifstat_inc(rcvif, ifs6_in_addrerr); goto bad; } + #if 0 /* * Reject packets with IPv4 compatible addresses (auto tunnel). @@ -424,7 +424,7 @@ ip6_input(struct mbuf *m, struct ifnet * * to the usage conflict. * in6_setscope() then also checks and rejects the cases where src or * dst are the loopback address and the receiving interface - * is not loopback. + * is not loopback. */ if (__predict_false( m_makewritable(&m, 0, sizeof(struct ip6_hdr), M_DONTWAIT))) @@ -441,6 +441,7 @@ ip6_input(struct mbuf *m, struct ifnet * } ro = percpu_getref(ip6_forward_rt_percpu); + /* * Multicast check */ @@ -453,9 +454,9 @@ ip6_input(struct mbuf *m, struct ifnet * * arrival interface. */ ingroup = in6_multi_group(&ip6->ip6_dst, rcvif); - if (ingroup) + if (ingroup) { ours = 1; - else if (!ip6_mrouter) { + } else if (!ip6_mrouter) { uint64_t *ip6s = IP6_STAT_GETREF(); ip6s[IP6_STAT_NOTMEMBER]++; ip6s[IP6_STAT_CANTFORWARD]++; @@ -470,7 +471,7 @@ ip6_input(struct mbuf *m, struct ifnet * sockaddr_in6_init(&u.dst6, &ip6->ip6_dst, 0, 0, 0); /* - * Unicast check + * Unicast check */ rt = rtcache_lookup2(ro, &u.dst, 1, &hit); if (hit) @@ -478,12 +479,15 @@ ip6_input(struct mbuf *m, struct ifnet * else IP6_STATINC(IP6_STAT_FORWARD_CACHEMISS); -#define rt6_getkey(__rt) satocsin6(rt_getkey(__rt)) - /* * Accept the packet if the forwarding interface to the destination - * according to the routing table is the loopback interface, + * (according to the routing table) is the loopback interface, * unless the associated route has a gateway. + * + * We don't explicitly match ip6_dst against an interface here. It + * is already done in rtcache_lookup2: rt->rt_ifp->if_type will be + * IFT_LOOP if the packet is for us. + * * Note that this approach causes to accept a packet if there is a * route to the loopback interface for the destination of the packet. * But we think it's even useful in some situations, e.g. when using @@ -491,14 +495,6 @@ ip6_input(struct mbuf *m, struct ifnet * */ if (rt != NULL && (rt->rt_flags & (RTF_HOST|RTF_GATEWAY)) == RTF_HOST && -#if 0 - /* - * The check below is redundant since the comparison of - * the destination and the key of the rtentry has - * already done through looking up the routing table. - */ - IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &rt6_getkey(rt)->sin6_addr) && -#endif rt->rt_ifp->if_type == IFT_LOOP) { struct in6_ifaddr *ia6 = (struct in6_ifaddr *)rt->rt_ifa; int addrok; @@ -559,26 +555,6 @@ ip6_input(struct mbuf *m, struct ifnet * } #endif -#if 0 - { - /* - * Last resort: check in6_ifaddr for incoming interface. - * The code is here until I update the "goto ours hack" code above - * working right. - */ - struct ifaddr *ifa; - IFADDR_READER_FOREACH(ifa, rcvif) { - if (ifa->ifa_addr->sa_family != AF_INET6) - continue; - if (IN6_ARE_ADDR_EQUAL(IFA_IN6(ifa), &ip6->ip6_dst)) { - ours = 1; - deliverifp = ifa->ifa_ifp; - goto hbhcheck; - } - } - } -#endif - /* * Now there is no reason to process the packet if it's not our own * and we're not a router. @@ -589,10 +565,10 @@ ip6_input(struct mbuf *m, struct ifnet * goto bad_unref; } - hbhcheck: +hbhcheck: /* - * record address information into m_tag, if we don't have one yet. - * note that we are unable to record it, if the address is not listed + * Record address information into m_tag, if we don't have one yet. + * Note that we are unable to record it, if the address is not listed * as our interface address (e.g. multicast addresses, addresses * within FAITH prefixes and such). */ @@ -622,12 +598,11 @@ ip6_input(struct mbuf *m, struct ifnet * struct ip6_hbh *hbh; if (ip6_hopopts_input(&plen, &rtalert, &m, &off)) { -#if 0 /*touches NULL pointer*/ + /* m already freed */ in6_ifstat_inc(rcvif, ifs6_in_discard); -#endif rtcache_unref(rt, ro); percpu_putref(ip6_forward_rt_percpu); - return; /* m have already been freed */ + return; } /* adjust pointer */ @@ -675,10 +650,9 @@ ip6_input(struct mbuf *m, struct ifnet * nxt = ip6->ip6_nxt; /* - * Check that the amount of data in the buffers - * is as at least much as the IPv6 header would have us expect. - * Trim mbufs if longer than we expect. - * Drop packet if shorter than we expect. + * Check that the amount of data in the buffers is at least much as + * the IPv6 header would have us expect. Trim mbufs if longer than we + * expect. Drop packet if shorter than we expect. */ if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) { IP6_STATINC(IP6_STAT_TOOSHORT); @@ -746,9 +720,6 @@ ip6_input(struct mbuf *m, struct ifnet * goto bad_unref; } - /* - * Tell launch routine the next header - */ #ifdef IFA_STATS if (deliverifp != NULL) { struct in6_ifaddr *ia6; @@ -798,8 +769,8 @@ ip6_input(struct mbuf *m, struct ifnet * #ifdef IPSEC if (ipsec_used) { /* - * enforce IPsec policy checking if we are seeing last - * header. note that we do not visit this with + * Enforce IPsec policy checking if we are seeing last + * header. Note that we do not visit this with * protocols with pcb layer code - like udp/tcp/raw ip. */ if ((inet6sw[ip_protox[nxt]].pr_flags @@ -811,16 +782,16 @@ ip6_input(struct mbuf *m, struct ifnet * goto bad; } } -#endif /* IPSEC */ +#endif nxt = (*inet6sw[ip6_protox[nxt]].pr_input)(&m, &off, nxt); } return; - bad_unref: +bad_unref: rtcache_unref(rt, ro); percpu_putref(ip6_forward_rt_percpu); - bad: +bad: m_freem(m); return; } Index: src/sys/netinet6/ip6_var.h diff -u src/sys/netinet6/ip6_var.h:1.76 src/sys/netinet6/ip6_var.h:1.77 --- src/sys/netinet6/ip6_var.h:1.76 Thu Jan 25 15:33:06 2018 +++ src/sys/netinet6/ip6_var.h Mon Jan 29 10:57:13 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_var.h,v 1.76 2018/01/25 15:33:06 maxv Exp $ */ +/* $NetBSD: ip6_var.h,v 1.77 2018/01/29 10:57:13 maxv Exp $ */ /* $KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $ */ /* @@ -232,7 +232,6 @@ extern int ip6_defhlim; /* default hop extern int ip6_defmcasthlim; /* default multicast hop limit */ extern int ip6_forwarding; /* act as router? */ extern int ip6_sendredirect; /* send ICMPv6 redirect? */ -extern int ip6_forward_srcrt; /* forward src-routed? */ extern int ip6_use_deprecated; /* allow deprecated addr as source */ extern int ip6_rr_prune; /* router renumbering prefix * walk list every 5 sec. */ @@ -248,8 +247,6 @@ extern struct socket *ip6_mrouter; /* m extern int ip6_sendredirects; /* send IP redirects when forwarding? */ extern int ip6_maxfragpackets; /* Maximum packets in reassembly queue */ extern int ip6_maxfrags; /* Maximum fragments in reassembly queue */ -extern int ip6_sourcecheck; /* Verify source interface */ -extern int ip6_sourcecheck_interval; /* Interval between log messages */ extern int ip6_accept_rtadv; /* Acts as a host not a router */ extern int ip6_rtadv_maxroutes; /* maximum number of routes via rtadv */ extern int ip6_keepfaith; /* Firewall Aided Internet Translator */