Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src during ip6/icmp6 inbound packet processing, do not call log(...
details: https://anonhg.NetBSD.org/src/rev/571bfd6646dd
branches: trunk
changeset: 503472:571bfd6646dd
user: itojun <itojun%NetBSD.org@localhost>
date: Wed Feb 07 08:59:47 2001 +0000
description:
during ip6/icmp6 inbound packet processing, do not call log() nor printf() in
normal operation (/var can get filled up by flodding bogus packets).
sysctl net.inet6.icmp6.nd6_debug will turn on diagnostic messages.
(#define ND6_DEBUG will turn it on by default)
improve stats in ND6 code.
lots of synchronziation with kame (including comments and cometic ones).
diffstat:
lib/libc/gen/sysctl.3 | 8 +-
sbin/sysctl/sysctl.8 | 3 +-
sys/netinet/icmp6.h | 14 ++-
sys/netinet6/icmp6.c | 154 +++++++++++++++-------------------
sys/netinet6/in6.c | 5 +-
sys/netinet6/in6_ifattach.c | 55 +++++-------
sys/netinet6/ip6_input.c | 8 +-
sys/netinet6/nd6.c | 25 +++-
sys/netinet6/nd6.h | 8 +-
sys/netinet6/nd6_nbr.c | 190 ++++++++++++++++++++++++++++---------------
sys/netinet6/nd6_rtr.c | 74 ++++++++++------
usr.bin/netstat/inet6.c | 30 ++++--
12 files changed, 328 insertions(+), 246 deletions(-)
diffs (truncated from 1356 to 300 lines):
diff -r 078e495c49ae -r 571bfd6646dd lib/libc/gen/sysctl.3
--- a/lib/libc/gen/sysctl.3 Wed Feb 07 08:29:53 2001 +0000
+++ b/lib/libc/gen/sysctl.3 Wed Feb 07 08:59:47 2001 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: sysctl.3,v 1.72 2001/01/10 03:03:02 hubertf Exp $
+.\" $NetBSD: sysctl.3,v 1.73 2001/02/07 08:59:47 itojun Exp $
.\"
.\" Copyright (c) 1993
.\" The Regents of the University of California. All rights reserved.
@@ -902,6 +902,7 @@
.It icmp6 nd6_maxnudhint integer yes
.It icmp6 mtudisc_hiwat integer yes
.It icmp6 mtudisc_lowat integer yes
+.It icmp6 nd6_debug integer yes
.It udp6 sendspace integer yes
.It udp6 recvspace integer yes
.El
@@ -1071,6 +1072,11 @@
.Li icmp6.mtudisc_lowat
is used when we have unverified ICMPv6 too big messages.
Verification is performed by using address/port pairs kept in connected pcbs.
+.It Li icmp6.nd6_debug
+If set to non-zero, kernel IPv6 neighbor discovery code will generate
+debugging messages.
+The debug outputs are useful to diagnose IPv6 interoperability issues.
+The flag must be set to 0 for normal operation.
.El
.Pp
We reuse net.*.tcp for
diff -r 078e495c49ae -r 571bfd6646dd sbin/sysctl/sysctl.8
--- a/sbin/sysctl/sysctl.8 Wed Feb 07 08:29:53 2001 +0000
+++ b/sbin/sysctl/sysctl.8 Wed Feb 07 08:59:47 2001 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: sysctl.8,v 1.63 2001/01/26 21:13:23 hubertf Exp $
+.\" $NetBSD: sysctl.8,v 1.64 2001/02/07 08:59:49 itojun Exp $
.\"
.\" Copyright (c) 1993
.\" The Regents of the University of California. All rights reserved.
@@ -264,6 +264,7 @@
.It net.inet6.icmp6.errppslimit integer yes
.It net.inet6.icmp6.mtudisc_hiwat integer yes
.It net.inet6.icmp6.mtudisc_lowat integer yes
+.It net.inet6.icmp6.nd6_debug integer yes
.It net.inet6.icmp6.nd6_delay integer yes
.It net.inet6.icmp6.nd6_maxnudhint integer yes
.It net.inet6.icmp6.nd6_mmaxtries integer yes
diff -r 078e495c49ae -r 571bfd6646dd sys/netinet/icmp6.h
--- a/sys/netinet/icmp6.h Wed Feb 07 08:29:53 2001 +0000
+++ b/sys/netinet/icmp6.h Wed Feb 07 08:59:47 2001 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: icmp6.h,v 1.18 2001/01/22 02:28:02 itojun Exp $ */
-/* $KAME: icmp6.h,v 1.32 2001/01/22 02:26:00 itojun Exp $ */
+/* $NetBSD: icmp6.h,v 1.19 2001/02/07 08:59:47 itojun Exp $ */
+/* $KAME: icmp6.h,v 1.39 2001/02/06 03:48:06 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -537,6 +537,12 @@
#define icp6s_oredirect icp6s_outerrhist.icp6errs_redirect
#define icp6s_ounknown icp6s_outerrhist.icp6errs_unknown
u_quad_t icp6s_pmtuchg; /* path MTU changes */
+ u_quad_t icp6s_nd_badopt; /* bad ND options */
+ u_quad_t icp6s_badns; /* bad neighbor solicitation */
+ u_quad_t icp6s_badna; /* bad neighbor advertisement */
+ u_quad_t icp6s_badrs; /* bad router advertisement */
+ u_quad_t icp6s_badra; /* bad router advertisement */
+ u_quad_t icp6s_badredirect; /* bad redirect message */
};
/*
@@ -559,7 +565,8 @@
#define ICMPV6CTL_ND6_MAXNUDHINT 15
#define ICMPV6CTL_MTUDISC_HIWAT 16
#define ICMPV6CTL_MTUDISC_LOWAT 17
-#define ICMPV6CTL_MAXID 18
+#define ICMPV6CTL_ND6_DEBUG 18
+#define ICMPV6CTL_MAXID 19
#define ICMPV6CTL_NAMES { \
{ 0, 0 }, \
@@ -580,6 +587,7 @@
{ "nd6_maxnudhint", CTLTYPE_INT }, \
{ "mtudisc_hiwat", CTLTYPE_INT }, \
{ "mtudisc_lowat", CTLTYPE_INT }, \
+ { "nd6_debug", CTLTYPE_INT }, \
}
#define RTF_PROBEMTU RTF_PROTO1
diff -r 078e495c49ae -r 571bfd6646dd sys/netinet6/icmp6.c
--- a/sys/netinet6/icmp6.c Wed Feb 07 08:29:53 2001 +0000
+++ b/sys/netinet6/icmp6.c Wed Feb 07 08:59:47 2001 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: icmp6.c,v 1.52 2001/01/24 09:04:16 itojun Exp $ */
-/* $KAME: icmp6.c,v 1.172 2000/12/11 19:27:06 itojun Exp $ */
+/* $NetBSD: icmp6.c,v 1.53 2001/02/07 08:59:48 itojun Exp $ */
+/* $KAME: icmp6.c,v 1.191 2001/02/07 08:07:38 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -349,7 +349,7 @@
if (m && m->m_len < preplen)
m = m_pullup(m, preplen);
if (m == NULL) {
- printf("ENOBUFS in icmp6_error %d\n", __LINE__);
+ nd6log((LOG_DEBUG, "ENOBUFS in icmp6_error %d\n", __LINE__));
return;
}
@@ -426,11 +426,9 @@
code = icmp6->icmp6_code;
if ((sum = in6_cksum(m, IPPROTO_ICMPV6, off, icmp6len)) != 0) {
-#ifdef ND6_DEBUG
- log(LOG_ERR,
+ nd6log((LOG_ERR,
"ICMP6 checksum error(%d|%x) %s\n",
- icmp6->icmp6_type, sum, ip6_sprintf(&ip6->ip6_src));
-#endif
+ icmp6->icmp6_type, sum, ip6_sprintf(&ip6->ip6_src)));
icmp6stat.icp6s_checksum++;
goto freeit;
}
@@ -824,10 +822,11 @@
break;
default:
- printf("icmp6_input: unknown type %d(src=%s, dst=%s, ifid=%d)\n",
- icmp6->icmp6_type, ip6_sprintf(&ip6->ip6_src),
- ip6_sprintf(&ip6->ip6_dst),
- m->m_pkthdr.rcvif ? m->m_pkthdr.rcvif->if_index : 0);
+ nd6log((LOG_DEBUG,
+ "icmp6_input: unknown type %d(src=%s, dst=%s, ifid=%d)\n",
+ icmp6->icmp6_type, ip6_sprintf(&ip6->ip6_src),
+ ip6_sprintf(&ip6->ip6_dst),
+ m->m_pkthdr.rcvif ? m->m_pkthdr.rcvif->if_index : 0));
if (icmp6->icmp6_type < ICMP6_ECHO_REQUEST) {
/* ICMPv6 error: MUST deliver it by spec... */
code = PRC_NCMDS;
@@ -1208,8 +1207,8 @@
/*
* Validate Subject address.
*
- * Not sure what exactly does "address belongs to the
- * node" mean in the spec, is it just unicast, or what?
+ * Not sure what exactly "address belongs to the node"
+ * means in the spec, is it just unicast, or what?
*
* At this moment we consider Subject address as
* "belong to the node" if the Subject address equals
@@ -1328,10 +1327,10 @@
M_COPY_PKTHDR(n, m); /* just for recvif */
if (replylen > MHLEN) {
if (replylen > MCLBYTES) {
- /*
- * XXX: should we try to allocate more? But MCLBYTES
- * is probably much larger than IPV6_MMTU...
- */
+ /*
+ * XXX: should we try to allocate more? But MCLBYTES
+ * is probably much larger than IPV6_MMTU...
+ */
goto bad;
}
MCLGET(n, M_DONTWAIT);
@@ -1583,9 +1582,9 @@
struct ifnet **ifpp;
char *subj;
{
- register struct ifnet *ifp;
- register struct in6_ifaddr *ifa6;
- register struct ifaddr *ifa;
+ struct ifnet *ifp;
+ struct in6_ifaddr *ifa6;
+ struct ifaddr *ifa;
struct sockaddr_in6 *subj_ip6 = NULL; /* XXX pedant */
int addrs = 0, addrsofif, iffound = 0;
int niflags = ni6->ni_flags;
@@ -1634,18 +1633,15 @@
/* What do we have to do about ::1? */
switch(in6_addrscope(&ifa6->ia_addr.sin6_addr)) {
case IPV6_ADDR_SCOPE_LINKLOCAL:
- if ((niflags & NI_NODEADDR_FLAG_LINKLOCAL)
- == 0)
+ if ((niflags & NI_NODEADDR_FLAG_LINKLOCAL) == 0)
continue;
break;
case IPV6_ADDR_SCOPE_SITELOCAL:
- if ((niflags & NI_NODEADDR_FLAG_SITELOCAL)
- == 0)
+ if ((niflags & NI_NODEADDR_FLAG_SITELOCAL) == 0)
continue;
break;
case IPV6_ADDR_SCOPE_GLOBAL:
- if ((niflags & NI_NODEADDR_FLAG_GLOBAL)
- == 0)
+ if ((niflags & NI_NODEADDR_FLAG_GLOBAL) == 0)
continue;
break;
default:
@@ -1679,9 +1675,9 @@
struct ifnet *ifp0;
int resid;
{
- register struct ifnet *ifp = ifp0 ? ifp0 : TAILQ_FIRST(&ifnet);
- register struct in6_ifaddr *ifa6;
- register struct ifaddr *ifa;
+ struct ifnet *ifp = ifp0 ? ifp0 : TAILQ_FIRST(&ifnet);
+ struct in6_ifaddr *ifa6;
+ struct ifaddr *ifa;
struct ifnet *ifp_dep = NULL;
int copied = 0, allow_deprecated = 0;
u_char *cp = (u_char *)(nni6 + 1);
@@ -1723,18 +1719,15 @@
/* What do we have to do about ::1? */
switch(in6_addrscope(&ifa6->ia_addr.sin6_addr)) {
case IPV6_ADDR_SCOPE_LINKLOCAL:
- if ((niflags & NI_NODEADDR_FLAG_LINKLOCAL)
- == 0)
+ if ((niflags & NI_NODEADDR_FLAG_LINKLOCAL) == 0)
continue;
break;
case IPV6_ADDR_SCOPE_SITELOCAL:
- if ((niflags & NI_NODEADDR_FLAG_SITELOCAL)
- == 0)
+ if ((niflags & NI_NODEADDR_FLAG_SITELOCAL) == 0)
continue;
break;
case IPV6_ADDR_SCOPE_GLOBAL:
- if ((niflags & NI_NODEADDR_FLAG_GLOBAL)
- == 0)
+ if ((niflags & NI_NODEADDR_FLAG_GLOBAL) == 0)
continue;
break;
default:
@@ -1824,8 +1817,8 @@
int off;
{
struct mbuf *m = *mp;
- register struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
- register struct in6pcb *in6p;
+ struct ip6_hdr *ip6 = mtod(m, struct ip6_hdr *);
+ struct in6pcb *in6p;
struct in6pcb *last = NULL;
struct sockaddr_in6 rip6src;
struct icmp6_hdr *icmp6;
@@ -1926,9 +1919,10 @@
/* too short to reflect */
if (off < sizeof(struct ip6_hdr)) {
- printf("sanity fail: off=%lx, sizeof(ip6)=%lx in %s:%d\n",
- (u_long)off, (u_long)sizeof(struct ip6_hdr),
- __FILE__, __LINE__);
+ nd6log((LOG_DEBUG,
+ "sanity fail: off=%lx, sizeof(ip6)=%lx in %s:%d\n",
+ (u_long)off, (u_long)sizeof(struct ip6_hdr),
+ __FILE__, __LINE__));
goto bad;
}
@@ -2110,7 +2104,7 @@
void
icmp6_redirect_input(m, off)
- register struct mbuf *m;
+ struct mbuf *m;
int off;
{
struct ifnet *ifp = m->m_pkthdr.rcvif;
@@ -2158,17 +2152,17 @@
/* validation */
if (!IN6_IS_ADDR_LINKLOCAL(&src6)) {
- log(LOG_ERR,
+ nd6log((LOG_ERR,
"ICMP6 redirect sent from %s rejected; "
- "must be from linklocal\n", ip6_sprintf(&src6));
- goto freeit;
+ "must be from linklocal\n", ip6_sprintf(&src6)));
+ goto bad;
}
if (ip6->ip6_hlim != 255) {
- log(LOG_ERR,
+ nd6log((LOG_ERR,
"ICMP6 redirect sent from %s rejected; "
"hlim=%d (must be 255)\n",
- ip6_sprintf(&src6), ip6->ip6_hlim);
- goto freeit;
+ ip6_sprintf(&src6), ip6->ip6_hlim));
+ goto bad;
}
{
/* ip6->ip6_src must be equal to gw for icmp6->icmp6_reddst */
@@ -2183,41 +2177,41 @@
if (rt) {
if (rt->rt_gateway == NULL ||
rt->rt_gateway->sa_family != AF_INET6) {
- log(LOG_ERR,
+ nd6log((LOG_ERR,
"ICMP6 redirect rejected; no route "
"with inet6 gateway found for redirect dst: %s\n",
Home |
Main Index |
Thread Index |
Old Index