diff --git a/sys/amd64/conf/FIRECRACKER b/sys/amd64/conf/FIRECRACKER --- a/sys/amd64/conf/FIRECRACKER +++ b/sys/amd64/conf/FIRECRACKER @@ -29,6 +29,8 @@ options INET # InterNETworking options INET6 # IPv6 communications protocols options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options ROUTE_MPATH # Multipath routing support options FIB_ALGO # Modular fib lookups options TCP_OFFLOAD # TCP offload @@ -36,6 +38,8 @@ options TCP_HHOOK # hhook(9) framework for TCP options TCP_RFC7413 # TCP Fast Open options SCTP_SUPPORT # Allow kldload of SCTP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options KERN_TLS # TLS transmit & receive offload options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support diff --git a/sys/amd64/conf/GENERIC b/sys/amd64/conf/GENERIC --- a/sys/amd64/conf/GENERIC +++ b/sys/amd64/conf/GENERIC @@ -31,6 +31,8 @@ options INET # InterNETworking options INET6 # IPv6 communications protocols options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options ROUTE_MPATH # Multipath routing support options FIB_ALGO # Modular fib lookups options TCP_OFFLOAD # TCP offload @@ -38,6 +40,8 @@ options TCP_HHOOK # hhook(9) framework for TCP options TCP_RFC7413 # TCP Fast Open options SCTP_SUPPORT # Allow kldload of SCTP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options KERN_TLS # TLS transmit & receive offload options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support diff --git a/sys/amd64/conf/MINIMAL b/sys/amd64/conf/MINIMAL --- a/sys/amd64/conf/MINIMAL +++ b/sys/amd64/conf/MINIMAL @@ -39,8 +39,12 @@ options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking options INET6 # IPv6 communications protocols +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options TCP_OFFLOAD # TCP offload options SCTP_SUPPORT # Allow kldload of SCTP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists options UFS_DIRHASH # Improve performance on big directories diff --git a/sys/arm/conf/std.armv6 b/sys/arm/conf/std.armv6 --- a/sys/arm/conf/std.armv6 +++ b/sys/arm/conf/std.armv6 @@ -11,8 +11,12 @@ options TCP_HHOOK # hhook(9) framework for TCP device crypto # core crypto support options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options NETLINK # netlink(4) support options SCTP_SUPPORT # Allow kldload of SCTP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists diff --git a/sys/arm/conf/std.armv7 b/sys/arm/conf/std.armv7 --- a/sys/arm/conf/std.armv7 +++ b/sys/arm/conf/std.armv7 @@ -11,8 +11,12 @@ options TCP_HHOOK # hhook(9) framework for TCP device crypto # core crypto support options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options NETLINK # netlink(4) support options SCTP_SUPPORT # Allow kldload of SCTP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists diff --git a/sys/arm64/conf/std.arm64 b/sys/arm64/conf/std.arm64 --- a/sys/arm64/conf/std.arm64 +++ b/sys/arm64/conf/std.arm64 @@ -13,6 +13,8 @@ options INET6 # IPv6 communications protocols options CC_CUBIC # include CUBIC congestion control options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options ROUTE_MPATH # Multipath routing support options FIB_ALGO # Modular fib lookups options TCP_OFFLOAD # TCP offload @@ -20,6 +22,8 @@ options TCP_HHOOK # hhook(9) framework for TCP options TCP_RFC7413 # TCP Fast Open options SCTP_SUPPORT # Allow kldload of SCTP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options KERN_TLS # TLS transmit & receive offload options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support diff --git a/sys/conf/NOTES b/sys/conf/NOTES --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -689,6 +689,11 @@ options IPSEC_SUPPORT #options IPSEC_DEBUG #debug for IP security +# To compile certain IPv6 extension headers into the kernel, you must define +# the appropriate options. If the extension headers are not loaded into the +# kernel, you can compile them as modules. +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr # TLS framing and encryption/decryption of data over TCP sockets. options KERN_TLS # TLS transmit and receive offload @@ -1012,6 +1017,11 @@ # # ROUTE_MPATH provides support for multipath routing. # +# ENCAP enables the generic encapsulation code, which might be needed by some +# modules. +# +# RSVP_SUPPORT enables support for processing RSVP in the IPv4 stack. +# options MROUTING # Multicast routing options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) @@ -1031,6 +1041,8 @@ options TCP_BLACKBOX options TCP_HHOOK options ROUTE_MPATH +options ENCAP +options RSVP_SUPPORT # The MBUF_STRESS_TEST option enables options which create # various random failures / extreme cases related to mbuf diff --git a/sys/conf/files b/sys/conf/files --- a/sys/conf/files +++ b/sys/conf/files @@ -4309,7 +4309,11 @@ netinet/in_rss.c optional inet rss netinet/ip_divert.c optional ipdivert inet | ipdivert inet6 netinet/ip_ecn.c optional inet | inet6 -netinet/ip_encap.c optional inet | inet6 +netinet/ip_encap.c optional encap inet | encap inet6 | \ + gre inet | gre inet6 | mrouting inet | mrouting inet6 | \ + gif inet | gif inet6 | netgraph_gif inet | netgraph_gif inet6 | \ + ipsec inet | ipsec inet6 | ipsec_support inet | ipsec_support inet6 | \ + me inet | stf inet inet6 netinet/ip_fastfwd.c optional inet netinet/ip_icmp.c optional inet | inet6 netinet/ip_input.c optional inet @@ -4378,7 +4382,7 @@ netinet/libalias/alias_util.c optional libalias inet | netgraph_nat inet netinet/libalias/alias_sctp.c optional libalias inet | netgraph_nat inet netinet/netdump/netdump_client.c optional inet debugnet netdump -netinet6/dest6.c optional inet6 +netinet6/dest6.c optional dest6 inet6 netinet6/frag6.c optional inet6 netinet6/icmp6.c optional inet6 netinet6/in6.c optional inet6 @@ -4406,7 +4410,7 @@ netinet6/nd6_nbr.c optional inet6 netinet6/nd6_rtr.c optional inet6 netinet6/raw_ip6.c optional inet6 -netinet6/route6.c optional inet6 +netinet6/route6.c optional route6 inet6 netinet6/scope6.c optional inet6 netinet6/sctp6_usrreq.c optional inet6 sctp netinet6/udp6_usrreq.c optional inet6 diff --git a/sys/conf/options b/sys/conf/options --- a/sys/conf/options +++ b/sys/conf/options @@ -438,8 +438,10 @@ BOOTP_NFSROOT opt_bootp.h BOOTP_NFSV3 opt_bootp.h BOOTP_WIRED_TO opt_bootp.h +DEST6 opt_inet6.h DEVICE_POLLING DUMMYNET opt_ipdn.h +ENCAP RATELIMIT opt_ratelimit.h RATELIMIT_DEBUG opt_ratelimit.h INET opt_inet.h @@ -472,8 +474,10 @@ NFSLOCKD NETLINK opt_netlink.h PF_DEFAULT_TO_DROP opt_pf.h +ROUTE6 opt_inet6.h ROUTE_MPATH opt_route.h ROUTETABLES opt_route.h +RSVP_SUPPORT opt_inet.h FIB_ALGO opt_route.h RSS opt_rss.h SLIP_IFF_OPTS opt_slip.h diff --git a/sys/i386/conf/GENERIC b/sys/i386/conf/GENERIC --- a/sys/i386/conf/GENERIC +++ b/sys/i386/conf/GENERIC @@ -32,10 +32,14 @@ options INET # InterNETworking options INET6 # IPv6 communications protocols options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options ROUTE_MPATH # Multipath routing support options TCP_HHOOK # hhook(9) framework for TCP options TCP_OFFLOAD # TCP offload options SCTP_SUPPORT # Allow kldload of SCTP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists diff --git a/sys/i386/conf/MINIMAL b/sys/i386/conf/MINIMAL --- a/sys/i386/conf/MINIMAL +++ b/sys/i386/conf/MINIMAL @@ -45,7 +45,11 @@ options INET # InterNETworking options INET6 # IPv6 communications protocols options TCP_OFFLOAD # TCP offload +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options SCTP_SUPPORT # Allow kldload of SCTP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists diff --git a/sys/modules/Makefile b/sys/modules/Makefile --- a/sys/modules/Makefile +++ b/sys/modules/Makefile @@ -97,6 +97,7 @@ dc \ dcons \ dcons_crom \ + ${_dest6} \ ${_dpaa2} \ ${_dpdk_lpm4} \ ${_dpdk_lpm6} \ @@ -180,8 +181,8 @@ ${_ipfw_nptv6} \ ${_ipfw_pmod} \ ${_ipmi} \ - ip6_mroute_mod \ - ip_mroute_mod \ + ${_ip6_mroute_mod} \ + ${_ip_mroute_mod} \ ${_ips} \ ${_ipsec} \ ${_ipw} \ @@ -334,6 +335,7 @@ re \ rl \ ${_rockchip} \ + ${_route6} \ rtsx \ ${_rtw88} \ ${_rtw88fw} \ @@ -482,6 +484,9 @@ .if ${MK_INET_SUPPORT} != "no" || defined(ALL_MODULES) _if_me= if_me _ipfw= ipfw +.if ${KERN_OPTS:MRSVP_SUPPORT} && !${KERN_OPTS:MROUTING} +_ip_mroute_mod= ip_mroute_mod +.endif .if ${MK_INET6_SUPPORT} != "no" || defined(ALL_MODULES) _ipfw_nat64= ipfw_nat64 .endif @@ -489,6 +494,15 @@ .if ${MK_INET6_SUPPORT} != "no" || defined(ALL_MODULES) _ipfw_nptv6= ipfw_nptv6 +.if ${KERN_OPTS:MRSVP_SUPPORT} && !${KERN_OPTS:MROUTING} +_ip6_mroute_mod=ip6_mroute_mod +.endif +.if !${KERN_OPTS:MDEST6} +_dest6=dest6 +.endif +.if !${KERN_OPTS:MROUTE6} +_route6=route6 +.endif .endif .if ${MK_IPFILTER} != "no" || defined(ALL_MODULES) diff --git a/sys/net/if_me.c b/sys/net/if_me.c --- a/sys/net/if_me.c +++ b/sys/net/if_me.c @@ -666,6 +666,10 @@ switch (type) { case MOD_LOAD: + if (ip_encap_proto_register(IPPROTO_MOBILE)) { + printf("if_me: unable to register protocol\n"); + return (EINVAL); + } me_srcaddrtab = ip_encap_register_srcaddr(me_srcaddr, NULL, M_WAITOK); ecookie = ip_encap_attach(&me_encap_cfg, NULL, M_WAITOK); @@ -673,6 +677,7 @@ case MOD_UNLOAD: ip_encap_detach(ecookie); ip_encap_unregister_srcaddr(me_srcaddrtab); + ip_encap_proto_unregister(IPPROTO_MOBILE); break; default: return (EOPNOTSUPP); diff --git a/sys/net/if_stf.c b/sys/net/if_stf.c --- a/sys/net/if_stf.c +++ b/sys/net/if_stf.c @@ -1055,3 +1055,12 @@ return (error); } + +static void +if_stf_encap_proto_register(void *arg __unused) +{ + + IP_ENCAP_PROTO_REGISTER(IPPROTO_IPV6); +} +SYSINIT(if_stf_encap_proto_register, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, + if_stf_encap_proto_register, NULL); diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c --- a/sys/netinet/in_gif.c +++ b/sys/netinet/in_gif.c @@ -462,3 +462,14 @@ gif_hashdestroy(V_ipv4_srchashtbl); } } + +static void +in_gif_encap_proto_register(void *arg __unused) +{ + int i; + + for (i = 0; i < nitems(ipv4_encap_cfg); i++) + IP_ENCAP_PROTO_REGISTER(ipv4_encap_cfg[i].encap.proto); +} +SYSINIT(in_gif_encap_proto_register, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, + in_gif_encap_proto_register, NULL); diff --git a/sys/netinet/ip_encap.h b/sys/netinet/ip_encap.h --- a/sys/netinet/ip_encap.h +++ b/sys/netinet/ip_encap.h @@ -77,6 +77,23 @@ int ip6_encap_unregister_srcaddr(const struct srcaddrtab *); int ip_encap_detach(const struct encaptab *); int ip6_encap_detach(const struct encaptab *); + +int ip_encap_proto_register(uint8_t); +int ip6_encap_proto_register(uint8_t); +void ip_encap_proto_unregister(uint8_t); +void ip6_encap_proto_unregister(uint8_t); + +#define IP_ENCAP_PROTO_REGISTER(prot) do { \ + int error __diagused; \ + error = ip_encap_proto_register(prot); \ + MPASS(error == 0); \ +} while (0) + +#define IP6_ENCAP_PROTO_REGISTER(prot) do { \ + int error __diagused; \ + error = ip6_encap_proto_register(prot); \ + MPASS(error == 0); \ +} while (0) #endif #endif /*_NETINET_IP_ENCAP_H_*/ diff --git a/sys/netinet/ip_encap.c b/sys/netinet/ip_encap.c --- a/sys/netinet/ip_encap.c +++ b/sys/netinet/ip_encap.c @@ -337,6 +337,11 @@ } #ifdef INET +static struct mtx encap4_proto_mtx; +MTX_SYSINIT(encap4_proto_mtx, &encap4_proto_mtx, "encap4_proto_mtx", MTX_DEF); + +static int encap4_proto_use[IPPROTO_MAX]; + const struct srcaddrtab * ip_encap_register_srcaddr(encap_srcaddr_t func, void *arg, int mflags) { @@ -373,9 +378,50 @@ return (rip_input(mp, offp, proto)); return (IPPROTO_DONE); } + +int +ip_encap_proto_register(uint8_t proto) +{ + int rv; + + rv = 0; + mtx_lock(&encap4_proto_mtx); + if (encap4_proto_use[proto] == 0) + rv = ipproto_register(proto, encap4_input, NULL); + if (rv == 0) + encap4_proto_use[proto]++; + KASSERT(encap4_proto_use[proto] >= 0, + ("%s: protocol %hhu use count is negative", __func__, proto)); + mtx_unlock(&encap4_proto_mtx); + return (rv); +} + +void +ip_encap_proto_unregister(uint8_t proto) +{ + int rv; + + rv = 0; + mtx_lock(&encap4_proto_mtx); + KASSERT(encap4_proto_use[proto] > 0, + ("%s: protocol %hhu use count (%d) is <= 0", __func__, proto, + encap4_proto_use[proto])); + if (encap4_proto_use[proto] == 1) + rv = ipproto_unregister(proto); + if (rv == 0) + encap4_proto_use[proto]--; + mtx_unlock(&encap4_proto_mtx); + KASSERT(rv == 0, + ("%s: failed to unregister protocol %hhu", __func__, proto)); +} #endif /* INET */ #ifdef INET6 +static struct mtx encap6_proto_mtx; +MTX_SYSINIT(encap6_proto_mtx, &encap6_proto_mtx, "encap6_proto_mtx", MTX_DEF); + +static int encap6_proto_use[IPPROTO_MAX]; + const struct srcaddrtab * ip6_encap_register_srcaddr(encap_srcaddr_t func, void *arg, int mflags) { @@ -412,4 +458,40 @@ return (rip6_input(mp, offp, proto)); return (IPPROTO_DONE); } + +int +ip6_encap_proto_register(uint8_t proto) +{ + int rv; + + rv = 0; + mtx_lock(&encap6_proto_mtx); + if (encap6_proto_use[proto] == 0) + rv = ip6proto_register(proto, encap6_input, NULL); + if (rv == 0) + encap6_proto_use[proto]++; + KASSERT(encap6_proto_use[proto] >= 0, + ("%s: protocol %hhu use count is negative", __func__, proto)); + mtx_unlock(&encap6_proto_mtx); + return (rv); +} + +void +ip6_encap_proto_unregister(uint8_t proto) +{ + int rv; + + rv = 0; + mtx_lock(&encap6_proto_mtx); + KASSERT(encap6_proto_use[proto] > 0, + ("%s: protocol %hhu use count (%d) is <= 0", __func__, proto, + encap6_proto_use[proto])); + if (encap6_proto_use[proto] == 1) + rv = ip6proto_unregister(proto); + if (rv == 0) + encap6_proto_use[proto]--; + mtx_unlock(&encap6_proto_mtx); + KASSERT(rv == 0, + ("%s: failed to unregister protocol %hhu", __func__, proto)); +} #endif /* INET6 */ diff --git a/sys/netinet/ip_gre.c b/sys/netinet/ip_gre.c --- a/sys/netinet/ip_gre.c +++ b/sys/netinet/ip_gre.c @@ -582,3 +582,12 @@ gre_hashdestroy((struct gre_list *)V_ipv4_sockets); } } + +static void +gre4_proto_register(void *arg __unused) +{ + + IP_ENCAP_PROTO_REGISTER(IPPROTO_GRE); +} +SYSINIT(gre4_proto_register, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, + gre4_proto_register, NULL); diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -38,6 +38,7 @@ #include "opt_inet.h" #include "opt_ipstealth.h" #include "opt_ipsec.h" +#include "opt_mrouting.h" #include "opt_route.h" #include "opt_rss.h" #include "opt_sctp.h" @@ -108,7 +109,9 @@ extern void ipreass_destroy(void); #endif +#if defined(MROUTING) || defined(RSVP_SUPPORT) VNET_DEFINE(int, rsvp_on); +#endif VNET_DEFINE(int, ipforwarding); SYSCTL_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_VNET | CTLFLAG_RW, @@ -366,13 +369,9 @@ */ IPPROTO_REGISTER(IPPROTO_ICMP, icmp_input, NULL); IPPROTO_REGISTER(IPPROTO_IGMP, igmp_input, NULL); +#if defined(MROUTING) || defined(RSVP_SUPPORT) IPPROTO_REGISTER(IPPROTO_RSVP, rsvp_input, NULL); - IPPROTO_REGISTER(IPPROTO_IPV4, encap4_input, NULL); - IPPROTO_REGISTER(IPPROTO_MOBILE, encap4_input, NULL); - IPPROTO_REGISTER(IPPROTO_ETHERIP, encap4_input, NULL); - IPPROTO_REGISTER(IPPROTO_GRE, encap4_input, NULL); - IPPROTO_REGISTER(IPPROTO_IPV6, encap4_input, NULL); - IPPROTO_REGISTER(IPPROTO_PIM, encap4_input, NULL); +#endif #ifdef SCTP /* XXX: has a loadable & static version */ IPPROTO_REGISTER(IPPROTO_SCTP, sctp_input, sctp_ctlinput); #endif @@ -657,6 +656,7 @@ if (hlen > sizeof (struct ip) && ip_dooptions(m, 0)) return; +#if defined(MROUTING) || defined(RSVP_SUPPORT) /* greedy RSVP, snatches any PATH packet of the RSVP protocol and no * matter if it is destined to another node, or whether it is * a multicast one, RSVP wants it! and prevents it from being forwarded @@ -665,6 +665,7 @@ */ if (ip->ip_p == IPPROTO_RSVP && V_rsvp_on) goto ours; +#endif /* * Check our list of addresses, to see if the packet is for us. @@ -1310,6 +1311,7 @@ #endif } +#if defined(MROUTING) || defined(RSVP_SUPPORT) /* * XXXRW: Multicast routing code in ip_mroute.c is generally MPSAFE, but the * ip_rsvp and ip_rsvp_on variables need to be interlocked with rsvp_on @@ -1390,3 +1392,4 @@ m_freem(m); return (IPPROTO_DONE); } +#endif diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c --- a/sys/netinet/ip_mroute.c +++ b/sys/netinet/ip_mroute.c @@ -2820,6 +2820,13 @@ TUNABLE_ULONG_FETCH("net.inet.pim.squelch_wholepkt", &pim_squelch_wholepkt); + if (ip_encap_proto_register(IPPROTO_PIM)) { + printf("ip_mroute: unable to register PIM protocol\n"); + EVENTHANDLER_DEREGISTER(ifnet_departure_event, + if_detach_event_tag); + MRW_LOCK_DESTROY(); + return (EINVAL); + } pim_encap_cookie = ip_encap_attach(&ipv4_encap_cfg, NULL, M_WAITOK); ip_mcast_src = X_ip_mcast_src; @@ -2859,6 +2866,7 @@ ip_encap_detach(pim_encap_cookie); pim_encap_cookie = NULL; } + ip_encap_proto_unregister(IPPROTO_PIM); ip_mcast_src = NULL; ip_mforward = NULL; diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -38,6 +38,7 @@ #include "opt_ipsec.h" #include "opt_kern_tls.h" #include "opt_mbuf_stress_test.h" +#include "opt_mrouting.h" #include "opt_ratelimit.h" #include "opt_route.h" #include "opt_rss.h" @@ -604,6 +605,7 @@ * if necessary. */ if (V_ip_mrouter && (flags & IP_FORWARDING) == 0) { +#if defined(MROUTING) || defined(RSVP_SUPPORT) /* * If rsvp daemon is not running, do not * set ip_moptions. This ensures that the packet @@ -611,6 +613,7 @@ * as prescribed by rsvpd. */ if (!V_rsvp_on) +#endif imo = NULL; if (ip_mforward && ip_mforward(ip, ifp, m, imo) != 0) { diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -189,11 +189,13 @@ #ifdef IPSTEALTH VNET_DECLARE(int, ipstealth); /* stealth forwarding */ #endif +#if defined(MROUTING) || defined(RSVP_SUPPORT) VNET_DECLARE(struct socket *, ip_rsvpd); /* reservation protocol daemon*/ +VNET_DECLARE(int, rsvp_on); +#endif VNET_DECLARE(struct socket *, ip_mrouter); /* multicast routing daemon */ extern int (*legal_vif_num)(int); extern u_long (*ip_mcast_src)(int); -VNET_DECLARE(int, rsvp_on); VNET_DECLARE(int, drop_redirect); #define V_ip_id VNET(ip_id) @@ -203,9 +205,11 @@ #ifdef IPSTEALTH #define V_ipstealth VNET(ipstealth) #endif +#if defined(MROUTING) || defined(RSVP_SUPPORT) #define V_ip_rsvpd VNET(ip_rsvpd) -#define V_ip_mrouter VNET(ip_mrouter) #define V_rsvp_on VNET(rsvp_on) +#endif +#define V_ip_mrouter VNET(ip_mrouter) #define V_drop_redirect VNET(drop_redirect) void inp_freemoptions(struct ip_moptions *); @@ -229,13 +233,14 @@ void ip_fillid(struct ip *); int rip_ctloutput(struct socket *, struct sockopt *); int ipip_input(struct mbuf **, int *, int); +#if defined(MROUTING) || defined(RSVP_SUPPORT) int rsvp_input(struct mbuf **, int *, int); - int ip_rsvp_init(struct socket *); int ip_rsvp_done(void); extern int (*ip_rsvp_vif)(struct socket *, struct sockopt *); extern void (*ip_rsvp_force_done)(struct socket *); extern int (*rsvp_input_p)(struct mbuf **, int *, int); +#endif typedef int ipproto_input_t(struct mbuf **, int *, int); struct icmp; diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -38,6 +38,7 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" +#include "opt_mrouting.h" #include "opt_route.h" #include @@ -127,9 +128,11 @@ int (*legal_vif_num)(int); u_long (*ip_mcast_src)(int); +#if defined(MROUTING) || defined(RSVP_SUPPORT) int (*rsvp_input_p)(struct mbuf **, int *, int); int (*ip_rsvp_vif)(struct socket *, struct sockopt *); void (*ip_rsvp_force_done)(struct socket *); +#endif #endif /* INET */ u_long rip_sendspace = 9216; @@ -744,6 +747,7 @@ error = ENOPROTOOPT ; break ; +#if defined(MROUTING) || defined(RSVP_SUPPORT) case IP_RSVP_ON: error = priv_check(curthread, PRIV_NETINET_MROUTE); if (error != 0) @@ -770,6 +774,14 @@ error = ip_rsvp_vif ? ip_rsvp_vif(so, sopt) : EINVAL; break; +#else + case IP_RSVP_ON: + case IP_RSVP_OFF: + case IP_RSVP_VIF_ON: + case IP_RSVP_VIF_OFF: + error = ENOPROTOOPT; + break; +#endif case MRT_INIT: case MRT_DONE: @@ -860,10 +872,12 @@ rip_delhash(inp); INP_HASH_WUNLOCK(&V_ripcbinfo); +#if defined(MROUTING) || defined(RSVP_SUPPORT) if (ip_rsvp_force_done) ip_rsvp_force_done(so); if (so == V_ip_rsvpd) ip_rsvp_done(); +#endif in_pcbdetach(inp); in_pcbfree(inp); } diff --git a/sys/netinet6/dest6.c b/sys/netinet6/dest6.c --- a/sys/netinet6/dest6.c +++ b/sys/netinet6/dest6.c @@ -47,6 +47,7 @@ #include #include #include +#include #include #include @@ -61,7 +62,7 @@ /* * Destination options header processing. */ -int +static int dest6_input(struct mbuf **mp, int *offp, int proto) { struct mbuf *m; @@ -133,3 +134,35 @@ *mp = NULL; return (IPPROTO_DONE); } + +static int +dest6_modevent(module_t mod __unused, int type, void *unused __unused) +{ + + switch (type) { + case MOD_LOAD: + if (ip6proto_register(IPPROTO_DSTOPTS, dest6_input, NULL)) { + printf("dest6: unable to register protocol\n"); + return (EINVAL); + } + return (0); + + case MOD_UNLOAD: + if (ip6proto_unregister(IPPROTO_DSTOPTS)) { + printf("dest6: error unregistering protocol\n"); + return (EINVAL); + } + return (0); + + default: + return (EOPNOTSUPP); + } +} + +static moduledata_t dest6_mod = { + "dest6", + dest6_modevent, + 0 +}; + +DECLARE_MODULE(dest6, dest6_mod, SI_SUB_PROTO_MC, SI_ORDER_MIDDLE); diff --git a/sys/netinet6/in6_gif.c b/sys/netinet6/in6_gif.c --- a/sys/netinet6/in6_gif.c +++ b/sys/netinet6/in6_gif.c @@ -483,3 +483,14 @@ gif_hashdestroy(V_ipv6_srchashtbl); } } + +static void +in6_gif_encap_proto_register(void *arg __unused) +{ + int i; + + for (i = 0; i < nitems(ipv6_encap_cfg); i++) + IP6_ENCAP_PROTO_REGISTER(ipv6_encap_cfg[i].encap.proto); +} +SYSINIT(in6_gif_encap_proto_register, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, + in6_gif_encap_proto_register, NULL); diff --git a/sys/netinet6/ip6_gre.c b/sys/netinet6/ip6_gre.c --- a/sys/netinet6/ip6_gre.c +++ b/sys/netinet6/ip6_gre.c @@ -578,3 +578,12 @@ gre_hashdestroy((struct gre_list *)V_ipv6_sockets); } } + +static void +gre6_proto_register(void *arg __unused) +{ + + IP6_ENCAP_PROTO_REGISTER(IPPROTO_GRE); +} +SYSINIT(gre6_proto_register, SI_SUB_PROTO_DOMAIN, SI_ORDER_THIRD, + gre6_proto_register, NULL); diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -288,14 +288,7 @@ * dynamic. */ IP6PROTO_REGISTER(IPPROTO_ICMPV6, icmp6_input, rip6_ctlinput); - IP6PROTO_REGISTER(IPPROTO_DSTOPTS, dest6_input, NULL); - IP6PROTO_REGISTER(IPPROTO_ROUTING, route6_input, NULL); IP6PROTO_REGISTER(IPPROTO_FRAGMENT, frag6_input, NULL); - IP6PROTO_REGISTER(IPPROTO_IPV4, encap6_input, NULL); - IP6PROTO_REGISTER(IPPROTO_IPV6, encap6_input, NULL); - IP6PROTO_REGISTER(IPPROTO_ETHERIP, encap6_input, NULL); - IP6PROTO_REGISTER(IPPROTO_GRE, encap6_input, NULL); - IP6PROTO_REGISTER(IPPROTO_PIM, encap6_input, NULL); #ifdef SCTP /* XXX: has a loadable & static version */ IP6PROTO_REGISTER(IPPROTO_SCTP, sctp6_input, sctp6_ctlinput); #endif diff --git a/sys/netinet6/ip6_mroute.c b/sys/netinet6/ip6_mroute.c --- a/sys/netinet6/ip6_mroute.c +++ b/sys/netinet6/ip6_mroute.c @@ -1892,9 +1892,9 @@ MFC6_LOCK_INIT(); MIF6_LOCK_INIT(); - pim6_encap_cookie = ip6_encap_attach(&ipv6_encap_cfg, - NULL, M_WAITOK); - if (pim6_encap_cookie == NULL) { + if (ip6_encap_proto_register(IPPROTO_PIM) || + (pim6_encap_cookie = ip6_encap_attach(&ipv6_encap_cfg, + NULL, M_WAITOK)) == NULL) { printf("ip6_mroute: unable to attach pim6 encap\n"); MIF6_LOCK_DESTROY(); MFC6_LOCK_DESTROY(); @@ -1917,6 +1917,7 @@ ip6_encap_detach(pim6_encap_cookie); pim6_encap_cookie = NULL; } + ip6_encap_proto_unregister(IPPROTO_PIM); X_ip6_mrouter_done(); ip6_mforward = NULL; ip6_mrouter_done = NULL; diff --git a/sys/netinet6/ip6_var.h b/sys/netinet6/ip6_var.h --- a/sys/netinet6/ip6_var.h +++ b/sys/netinet6/ip6_var.h @@ -389,8 +389,6 @@ int ip6_fragment(struct ifnet *, struct mbuf *, int, u_char, int, uint32_t); -int route6_input(struct mbuf **, int *, int); - void frag6_init(void); void frag6_destroy(void); int frag6_input(struct mbuf **, int *, int); @@ -401,7 +399,6 @@ int rip6_usrreq(struct socket *, int, struct mbuf *, struct mbuf *, struct mbuf *, struct thread *); -int dest6_input(struct mbuf **, int *, int); int none_input(struct mbuf **, int *, int); int in6_selectsrc_socket(struct sockaddr_in6 *, struct ip6_pktopts *, diff --git a/sys/netinet6/route6.c b/sys/netinet6/route6.c --- a/sys/netinet6/route6.c +++ b/sys/netinet6/route6.c @@ -38,7 +38,9 @@ #include "opt_inet6.h" #include +#include #include +#include #include #include #include @@ -58,7 +60,7 @@ * proto - is unused */ -int +static int route6_input(struct mbuf **mp, int *offp, int proto) { struct ip6_hdr *ip6; @@ -116,3 +118,34 @@ *mp = m; return (rh->ip6r_nxt); } + +static int +route6_modevent(module_t mod __unused, int type, void *unused __unused) +{ + + switch (type) { + case MOD_LOAD: + if (ip6proto_register(IPPROTO_ROUTING, route6_input, NULL)) { + printf("route6: unable to register protocol\n"); + return (EINVAL); + } + return (0); + + case MOD_UNLOAD: + if (ip6proto_unregister(IPPROTO_ROUTING)) { + printf("route6: error unregistering protocol\n"); + return (EINVAL); + } + return (0); + default: + return (EOPNOTSUPP); + } +} + +static moduledata_t route6_mod = { + "route6", + route6_modevent, + 0 +}; + +DECLARE_MODULE(route6, route6_mod, SI_SUB_PROTO_MC, SI_ORDER_MIDDLE); diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -755,9 +755,13 @@ { #ifdef INET + IP_ENCAP_PROTO_REGISTER(IPPROTO_IPV4); + IP_ENCAP_PROTO_REGISTER(IPPROTO_IPV6); ipe4_cookie = ip_encap_attach(&ipv4_encap_cfg, NULL, M_WAITOK); #endif #ifdef INET6 + IP6_ENCAP_PROTO_REGISTER(IPPROTO_IPV4); + IP6_ENCAP_PROTO_REGISTER(IPPROTO_IPV6); ipe6_cookie = ip6_encap_attach(&ipv6_encap_cfg, NULL, M_WAITOK); #endif xform_attach(&ipcomp_xformsw); @@ -769,9 +773,13 @@ #ifdef INET ip_encap_detach(ipe4_cookie); + ip_encap_proto_unregister(IPPROTO_IPV4); + ip_encap_proto_unregister(IPPROTO_IPV6); #endif #ifdef INET6 ip6_encap_detach(ipe6_cookie); + ip6_encap_proto_unregister(IPPROTO_IPV4); + ip6_encap_proto_unregister(IPPROTO_IPV6); #endif xform_detach(&ipcomp_xformsw); } diff --git a/sys/powerpc/conf/GENERIC b/sys/powerpc/conf/GENERIC --- a/sys/powerpc/conf/GENERIC +++ b/sys/powerpc/conf/GENERIC @@ -39,9 +39,13 @@ options INET # InterNETworking options INET6 # IPv6 communications protocols options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options TCP_HHOOK # hhook(9) framework for TCP options TCP_RFC7413 # TCP Fast Open options SCTP_SUPPORT # Allow kldload of SCTP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists diff --git a/sys/powerpc/conf/GENERIC64 b/sys/powerpc/conf/GENERIC64 --- a/sys/powerpc/conf/GENERIC64 +++ b/sys/powerpc/conf/GENERIC64 @@ -42,12 +42,16 @@ options INET # InterNETworking options INET6 # IPv6 communications protocols options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options ROUTE_MPATH # Multipath routing support options TCP_OFFLOAD # TCP offload options TCP_BLACKBOX # Enhanced TCP event logging options TCP_HHOOK # hhook(9) framework for TCP options TCP_RFC7413 # TCP Fast Open options SCTP_SUPPORT # Allow kldload of SCTP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options KERN_TLS # TLS transmit & receive offload options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support diff --git a/sys/powerpc/conf/GENERIC64LE b/sys/powerpc/conf/GENERIC64LE --- a/sys/powerpc/conf/GENERIC64LE +++ b/sys/powerpc/conf/GENERIC64LE @@ -41,11 +41,15 @@ options INET # InterNETworking options INET6 # IPv6 communications protocols options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options TCP_OFFLOAD # TCP offload options TCP_BLACKBOX # Enhanced TCP event logging options TCP_HHOOK # hhook(9) framework for TCP options TCP_RFC7413 # TCP Fast Open options SCTP_SUPPORT # Allow kldload of SCTP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options KERN_TLS # TLS transmit & receive offload options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support diff --git a/sys/powerpc/conf/MPC85XX b/sys/powerpc/conf/MPC85XX --- a/sys/powerpc/conf/MPC85XX +++ b/sys/powerpc/conf/MPC85XX @@ -37,7 +37,11 @@ options GEOM_LABEL # Provides labelization options INET options INET6 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options TCP_HHOOK # hhook(9) framework for TCP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options INVARIANTS options INVARIANT_SUPPORT options KDB diff --git a/sys/powerpc/conf/MPC85XXSPE b/sys/powerpc/conf/MPC85XXSPE --- a/sys/powerpc/conf/MPC85XXSPE +++ b/sys/powerpc/conf/MPC85XXSPE @@ -37,7 +37,11 @@ options GEOM_LABEL # Provides labelization options INET options INET6 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options TCP_HHOOK # hhook(9) framework for TCP +options RSVP_SUPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options INVARIANTS options INVARIANT_SUPPORT options KDB diff --git a/sys/powerpc/conf/QORIQ64 b/sys/powerpc/conf/QORIQ64 --- a/sys/powerpc/conf/QORIQ64 +++ b/sys/powerpc/conf/QORIQ64 @@ -45,7 +45,11 @@ options GEOM_LABEL #Provides labelization options INET options INET6 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options TCP_HHOOK # hhook(9) framework for TCP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options INVARIANTS options INVARIANT_SUPPORT options KDB diff --git a/sys/powerpc/conf/dpaa/DPAA b/sys/powerpc/conf/dpaa/DPAA --- a/sys/powerpc/conf/dpaa/DPAA +++ b/sys/powerpc/conf/dpaa/DPAA @@ -23,6 +23,10 @@ #options SCHED_4BSD #4BSD scheduler options INET #InterNETworking options INET6 #IPv6 communications protocols +options ROUTE6 #Support the IPv6 route6 extension hdr +options DEST6 #Support the IPv6 dest6 extension hdr +options RSVP_SUPPORT #Support modules that use RSVP +options ENCAP #Support modules that use encapsulation options FFS #Berkeley Fast Filesystem options NFSCL #New Network Filesystem Client options SOFTUPDATES #Enable FFS soft updates support diff --git a/sys/riscv/conf/GENERIC b/sys/riscv/conf/GENERIC --- a/sys/riscv/conf/GENERIC +++ b/sys/riscv/conf/GENERIC @@ -31,11 +31,15 @@ options INET6 # IPv6 communications protocols options TCP_HHOOK # hhook(9) framework for TCP options IPSEC_SUPPORT # Allow kldload of ipsec and tcpmd5 +options ROUTE6 # Support the IPv6 route6 extension hdr +options DEST6 # Support the IPv6 dest6 extension hdr options ROUTE_MPATH # Multipath routing support options TCP_OFFLOAD # TCP offload options TCP_BLACKBOX # Enhanced TCP event logging options TCP_RFC7413 # TCP Fast Open options SCTP_SUPPORT # Allow kldload of SCTP +options RSVP_SUPPORT # Support modules that use RSVP +options ENCAP # Support modules that use encapsulation options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_ACL # Support for access control lists