|
|
// -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
//
// Copyright (c) 1985-2000 Microsoft Corporation
//
// This file is part of the Microsoft Research IPv6 Network Protocol Stack.
// You should have received a copy of the Microsoft End-User License Agreement
// for this software along with this release; see the file "license.txt".
// If not, please see http://www.research.microsoft.com/msripv6/license.htm,
// or write to Microsoft Research, One Microsoft Way, Redmond, WA 98052-6399.
//
// Abstract:
//
// Receive routines for Internet Protocol Version 6.
//
#include "oscfg.h"
#include "ndis.h"
#include "ip6imp.h"
#include "ip6def.h"
#include "icmp.h"
#include "route.h"
#include "fragment.h"
#include "mobile.h"
#include "security.h"
#include "info.h"
#include "ipsec.h"
struct ReassemblyList ReassemblyList;
typedef struct Options { uint JumboLength; // Length of packet excluding IPv6 header.
IPv6RouterAlertOption UNALIGNED *Alert; IPv6HomeAddressOption UNALIGNED *HomeAddress; IPv6BindingUpdateOption UNALIGNED *BindingUpdate;} Options;
int ParseOptions( IPv6Packet *Packet, // The packet handed to us by IPv6Receive.
uchar HdrType, // Hop-by-hop or destination.
IPv6OptionsHeader *Hdr, // Header with following data.
uint HdrLength, // Length of the entire options area.
Options *Opts); // Return option values to caller.
extern void TCPRcvComplete(void);
//* IPv6ReceiveComplete - Handle a receive complete.
//
// Called by the lower layer when receives are temporarily done.
//
voidIPv6ReceiveComplete(void){ // REVIEW: Original IP implementation had code here to call every
// REVIEW: UL protocol's receive complete routine (yes, all of them) here.
TCPRcvComplete();}
//
// By default, test pullup in checked builds.
//
#ifndef PULLUP_TEST
#define PULLUP_TEST DBG
#endif
#if PULLUP_TEST
#define PULLUP_TEST_MAX_BUFFERS 8
#define PULLUP_TEST_MAX_BUFFER_SIZE 32
//* PullupTestChooseDistribution
//
// Choose a random distribution.
// Divides Size bytes into NumBuffers pieces,
// and returns the result in the Counts array.
//
voidPullupTestChooseDistribution( uint Counts[], uint NumBuffers, uint Size){ uint i; uint ThisBuffer;
//
// We are somewhat biased towards cutting the packet
// up into small pieces with a large remainder.
// This puts the fragment boundaries at the beginning,
// where the headers are.
//
for (i = 0; i < NumBuffers - 1; i++) { ThisBuffer = RandomNumber(1, PULLUP_TEST_MAX_BUFFER_SIZE);
//
// Make sure that each segment has non-zero length.
//
if (ThisBuffer > Size - (NumBuffers - 1 - i)) ThisBuffer = Size - (NumBuffers - 1 - i);
Counts[i] = ThisBuffer; Size -= ThisBuffer; } Counts[i] = Size;}
//* PullupTestCreatePacket
//
// Given an IPv6 packet, creates a new IPv6 packet
// that can be handed up the receive path.
//
// We randomly fragment the IPv6 packet into multiple buffers.
// This tests pull-up processing in the receive path.
//
// Returns NULL if any memory allocation fails.
//
IPv6Packet *PullupTestCreatePacket(IPv6Packet *Packet){ IPv6Packet *TestPacket;
//
// We mostly want to test discontiguous packets.
// But occasionally test a contiguous packet.
//
if (RandomNumber(0, 10) == 0) { //
// We need to create a contiguous packet.
//
uint Padding; uint MemLen; void *Mem;
//
// We insert some padding to vary the alignment.
//
Padding = RandomNumber(0, 16); MemLen = sizeof *TestPacket + Padding + Packet->TotalSize; TestPacket = ExAllocatePoolWithTagPriority(NonPagedPool, MemLen, IP6_TAG, LowPoolPriority); if (TestPacket == NULL) return NULL; Mem = (void *)((uchar *)(TestPacket + 1) + Padding);
if (Packet->NdisPacket == NULL) { RtlCopyMemory(Mem, Packet->Data, Packet->TotalSize); } else { PNDIS_BUFFER NdisBuffer; uint Offset; int Ok;
NdisBuffer = NdisFirstBuffer(Packet->NdisPacket); Offset = Packet->Position; Ok = CopyNdisToFlat(Mem, NdisBuffer, Offset, Packet->TotalSize, &NdisBuffer, &Offset); ASSERT(Ok); }
RtlZeroMemory(TestPacket, sizeof *TestPacket); TestPacket->Data = TestPacket->FlatData = Mem; TestPacket->ContigSize = TestPacket->TotalSize = Packet->TotalSize; TestPacket->NTEorIF = Packet->NTEorIF; TestPacket->Flags = Packet->Flags; } else { //
// Create a packet with multiple NDIS buffers.
// Start with an over-estimate of the size of the MDLs we need.
//
uint NumPages = (Packet->TotalSize >> PAGE_SHIFT) + 2; uint MdlRawSize = sizeof(MDL) + (NumPages * sizeof(PFN_NUMBER)); uint MdlAlign = __builtin_alignof(MDL) - 1; uint MdlSize = (MdlRawSize + MdlAlign) &~ MdlAlign; uint Padding; uint MemLen; uint Counts[PULLUP_TEST_MAX_BUFFERS]; uint NumBuffers; void *Mem; PNDIS_PACKET NdisPacket; PNDIS_BUFFER NdisBuffer; uint Garbage = 0xdeadbeef; uint i;
//
// Choose the number of buffers/MDLs that we will use
// and the distribution of bytes into those buffers.
//
NumBuffers = RandomNumber(1, PULLUP_TEST_MAX_BUFFERS); PullupTestChooseDistribution(Counts, NumBuffers, Packet->TotalSize);
//
// Allocate all the memory that we will need.
// (Actually a bit of an over-estimate.)
// We insert some padding to vary the initial alignment.
//
Padding = RandomNumber(0, 16); MemLen = (sizeof *TestPacket + sizeof(NDIS_PACKET) + NumBuffers * (MdlSize + sizeof Garbage) + Padding + Packet->TotalSize); TestPacket = ExAllocatePoolWithTagPriority(NonPagedPool, MemLen, IP6_TAG, LowPoolPriority); if (TestPacket == NULL) return NULL; NdisPacket = (PNDIS_PACKET)(TestPacket + 1); NdisBuffer = (PNDIS_BUFFER)(NdisPacket + 1); Mem = (void *)((uchar *)NdisBuffer + NumBuffers * MdlSize + Padding);
//
// Initialize the NDIS packet and buffers.
//
RtlZeroMemory(NdisPacket, sizeof *NdisPacket); for (i = 0; i < NumBuffers; i++) { MmInitializeMdl(NdisBuffer, Mem, Counts[i]); MmBuildMdlForNonPagedPool(NdisBuffer); NdisChainBufferAtBack(NdisPacket, NdisBuffer); RtlCopyMemory((uchar *)Mem + Counts[i], &Garbage, sizeof Garbage);
(uchar *)Mem += Counts[i] + sizeof Garbage; (uchar *)NdisBuffer += MdlSize; }
//
// Copy data to the new packet.
//
CopyToBufferChain((PNDIS_BUFFER)(NdisPacket + 1), 0, Packet->NdisPacket, Packet->Position, Packet->FlatData, Packet->TotalSize);
//
// Initialize the new packet.
//
InitializePacketFromNdis(TestPacket, NdisPacket, 0); TestPacket->NTEorIF = Packet->NTEorIF; TestPacket->Flags = Packet->Flags; }
return TestPacket;}#endif // PULLUP_TEST
//* IPv6Receive - Receive an incoming IPv6 datagram.
//
// This is the routine called by the link layer module when an incoming IPv6
// datagram is to be processed. We validate the datagram and decide what to
// do with it.
//
// The Packet->NTEorIF field holds the NTE or interface that is receiving
// the packet. Typically this is an interface, but there are some tunnel
// situations where the link layer has already found an NTE.
//
// Either the caller should hold a reference to the NTE or interface
// across the call, or the caller can place a reference in the Packet
// with PACKET_HOLDS_REF. If the caller specifies PACKET_HOLDS_REF,
/// IPv6Receive will release the reference.
//
// There is one exception: the caller can supply an interface
// with zero references (not using PACKET_HOLDS_REF),
// if the interface is being destroyed but IF->Cleanup has not yet returned.
//
// NB: The datagram may either be held in a NDIS_PACKET allocated by the
// link-layer or the interface driver (in which case 'Packet->NdisPacket'
// is non-NULL and 'Data' points to the first data buffer in the buffer
// chain), or the datagram may still be held by NDIS (in which case
// 'Packet->NdisPacket' is NULL and 'Data' points to a buffer containing
// the entire datagram).
//
// NB: We do NOT check for link-level multi/broadcasts to
// IPv6 unicast destinations. In the IPv4 world, receivers dropped
// such packets, but in the IPv6 world they are accepted.
//
// Returns count of references for the packet.
// For now, this should always be zero.
// Someday in the future this might be used to indicate
// that the IPv6 layer has not finished its receive processing.
//
// Callable from DPC context, not from thread context.
//
intIPv6Receive(IPv6Packet *Packet){ uchar NextHeader; // Current header's NextHeader field.
uchar (*Handler)(); SALinkage *ThisSA, *NextSA; int PktRefs;
ASSERT((Packet->FlatData == NULL) != (Packet->NdisPacket == NULL)); ASSERT(Packet->NTEorIF != NULL); ASSERT(Packet->SAPerformed == NULL);
IPSIncrementInReceiveCount();
//
// Ensure that the packet is accessible in the kernel address space.
// If any mappings fail, just drop the packet.
// In practice, the packet buffers are usually already mapped.
// But they may not be, for example in loopback.
//
if (Packet->NdisPacket != NULL) { NDIS_BUFFER *Buffer;
Buffer = NdisFirstBuffer(Packet->NdisPacket); if (! MapNdisBuffers(Buffer)) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NTOS_ERROR, "IPv6Receive(%p): buffer mapping failed\n", Packet)); IPSInfo.ipsi_indiscards++; return 0; // Drop the packet.
} }
#if PULLUP_TEST
Packet = PullupTestCreatePacket(Packet); if (Packet == NULL) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NTOS_ERROR, "IPv6Receive(%p): PullupTestCreatePacket failed\n", Packet)); IPSInfo.ipsi_indiscards++; return 0; // Drop the packet.
}#endif
//
// Iteratively switch out to the handler for each successive next header
// until we reach a handler that reports no more headers follow it.
//
// NB: We do NOT check NTE->DADStatus here.
// That is the responsibility of higher-level protocols.
//
NextHeader = IP_PROTOCOL_V6; // Always first header in packet.
do { //
// Current header indicates that another header follows.
// See if we have a handler for it.
//
Handler = ProtocolSwitchTable[NextHeader].DataReceive; if (Handler == NULL) {
//
// We don't have a handler for this header type,
// so see if there is a raw receiver for it.
//
if (!RawReceive(Packet, NextHeader)) {
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "IPv6 Receive: Next Header type %u not handled.\n", NextHeader)); //
// There isn't a raw receiver either.
// Send an ICMP error message.
// ICMP Pointer value is the offset from the start of the
// incoming packet's IPv6 header to the offending field.
//
ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_UNRECOGNIZED_NEXT_HEADER, Packet->NextHeaderPosition - Packet->IPPosition, NextHeader, FALSE);
IPSInfo.ipsi_inunknownprotos++; } else { IPSIncrementInDeliverCount(); }
break; // We can't do anything more with this packet.
}
NextHeader = (*Handler)(Packet); } while (NextHeader != IP_PROTOCOL_NONE);
//
// If this packet holds a reference, free it now.
//
if (Packet->Flags & PACKET_HOLDS_REF) { if (IsNTE(Packet->NTEorIF)) ReleaseNTE(CastToNTE(Packet->NTEorIF)); else ReleaseIF(CastToIF(Packet->NTEorIF)); }
//
// Clean up any contiguous regions left by PacketPullup.
//
PacketPullupCleanup(Packet);
//
// Clean up list of SA's performed.
//
for (ThisSA = Packet->SAPerformed; ThisSA != NULL; ThisSA = NextSA) { ReleaseSA(ThisSA->This); NextSA = ThisSA->Next; ExFreePool(ThisSA); }
PktRefs = Packet->RefCnt;#if PULLUP_TEST
ExFreePool(Packet);#endif
return PktRefs;}
//* IPv6HeaderReceive - Handle a IPv6 header.
//
// This is the routine called to process an IPv6 header, a next header
// value of 41 (e.g. as would be encountered with v6 in v6 tunnels). To
// avoid code duplication, it is also used to process the initial IPv6
// header found in all IPv6 packets, in which mode it may be viewed as
// a continuation of IPv6Receive.
//
ucharIPv6HeaderReceive( IPv6Packet *Packet) // Packet handed to us by IPv6Receive.
{ uint PayloadLength; uchar NextHeader; int Forwarding; // TRUE means Forwarding, FALSE means Receiving.
//
// Sanity-check ContigSize & TotalSize.
// Higher-level code in the receive path relies on these conditions.
//
ASSERT(Packet->ContigSize <= Packet->TotalSize);
//
// If we are decapsulating a packet,
// remember that this packet was originally tunneled.
//
// Some argue that decapsulating and receiving
// the inner packet on the same interface as the outer packet
// is incorrect: the inner packet should be received
// on a tunnel interface distinct from the original interface.
// (This approach introduces some issues with handling
// IPsec encapsulation, especially tunnel-mode IPsec between peers
// where you want the inner & outer source address to be the same.)
//
// In any case, for now we receive the inner packet on the original
// interface. However, this introduces a potential security
// problem. An off-link node can send an encapsulated packet
// that when decapsulated, appears to have originated from
// an on-link neighbor. This is a security problem for ND.
// We can not conveniently decrement the HopLimit (to make ND's
// check against 255 effective in this case), because the packet
// is read-only. Instead, we remember that the packet is tunneled
// and check this flag bit in the ND code.
//
if (Packet->IP != NULL) { Packet->Flags |= PACKET_TUNNELED; Packet->Flags &= ~PACKET_SAW_HA_OPT; // Forget if we saw one.
Packet->SkippedHeaderLength = 0;
//
// If we've already done some IPSec processing on this packet,
// then this is a tunnel header and the preceeding IPSec header
// is operating in tunnel mode.
//
if (Packet->SAPerformed != NULL) Packet->SAPerformed->Mode = TUNNEL; } else { //
// In the reassembly path, we remember if the fragments were
// tunneled but we do not have a Packet->IP.
//
ASSERT((((Packet->Flags & PACKET_TUNNELED) == 0) || (Packet->Flags & PACKET_REASSEMBLED)) && ((Packet->Flags & PACKET_SAW_HA_OPT) == 0) && (Packet->SAPerformed == NULL)); }
//
// Make sure we have enough contiguous bytes for an IPv6 header, otherwise
// attempt to pullup that amount. Then stash away a pointer to the header
// and also remember the offset into the packet at which it begins (needed
// to calculate an offset for certain ICMP error messages).
//
if (! PacketPullup(Packet, sizeof(IPv6Header), __builtin_alignof(IPv6Addr), 0)) { // Pullup failed.
if (Packet->TotalSize < sizeof(IPv6Header)) KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "IPv6HeaderReceive: " "Packet too small to contain IPv6 header\n")); IPSInfo.ipsi_inhdrerrors++; return IP_PROTOCOL_NONE; } Packet->IP = (IPv6Header UNALIGNED *)Packet->Data; Packet->IPPosition = Packet->Position; Packet->NextHeaderPosition = Packet->Position + FIELD_OFFSET(IPv6Header, NextHeader);
//
// Skip over IPv6 header (note we keep our pointer to it).
//
AdjustPacketParams(Packet, sizeof(IPv6Header));
//
// Check the IP version is correct.
// We specifically do NOT check HopLimit.
// HopLimit is only checked when forwarding.
//
if ((Packet->IP->VersClassFlow & IP_VER_MASK) != IP_VERSION) { // Silently discard the packet.
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "IPv6HeaderReceive: bad version\n")); IPSInfo.ipsi_inhdrerrors++; return IP_PROTOCOL_NONE; }
//
// We use a separate pointer to refer to the source address so that
// later options can change it.
//
Packet->SrcAddr = AlignAddr(&Packet->IP->Source);
//
// Protect against attacks that use bogus source addresses.
//
if (IsInvalidSourceAddress(Packet->SrcAddr)) { // Silently discard the packet.
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "IPv6HeaderReceive: source address is invalid\n")); return IP_PROTOCOL_NONE; } if (IsLoopback(Packet->SrcAddr) && ((Packet->Flags & PACKET_LOOPED_BACK) == 0)) { // Silently discard the packet.
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "IPv6HeaderReceive: loopback source addr from wire?\n")); return IP_PROTOCOL_NONE; }
if (IsNTE(Packet->NTEorIF)) { NetTableEntry *NTE;
//
// We were called with an NTE.
// Our caller (or the packet itself) should be holding a reference.
// The NTE holds an interface reference.
//
NTE = CastToNTE(Packet->NTEorIF);
//
// Verify that the packet's destination address is
// consistent with this NTE.
//
if (!IP6_ADDR_EQUAL(AlignAddr(&Packet->IP->Dest), &NTE->Address)) { Interface *IF = NTE->IF;
//
// We can't accept this new header on this NTE.
// Convert to an Interface and punt to forwarding code below.
//
if (Packet->Flags & PACKET_HOLDS_REF) { AddRefIF(IF); ReleaseNTE(NTE); } else { //
// Our caller holds a reference for the NTE,
// which holds a reference for the interface.
// So the packet does not need to hold a reference.
//
} Packet->NTEorIF = CastFromIF(IF); goto Forward; }
//
// We are Receiving the packet.
//
Forwarding = FALSE;
} else { NetTableEntryOrInterface *NTEorIF; ushort Type;
//
// We were called with an Interface.
// In some situations, there is no reference for this interface
// and the interface is being destroyed. FindAddressOnInterface
// will return NULL in that case. After this point, we must ensure
// that the interface does have a reference, by having the packet
// hold a reference for the interface or a reference for an NTE
// on the interface.
//
NTEorIF = FindAddressOnInterface(CastToIF(Packet->NTEorIF), AlignAddr(&Packet->IP->Dest), &Type); if (NTEorIF == NULL) { //
// The interface is being destroyed.
//
IPSInfo.ipsi_indiscards++; return IP_PROTOCOL_NONE; }
//
// FindAddressOnInterface returned a reference to NTEorIF
// (which could be an interface or an NTE). We either need
// to put this reference into the packet, or release it
// if the packet already holds an appropriate reference.
//
if (Type == ADE_NONE) { //
// If the packet does not hold a reference for the interface,
// give it one now.
//
ASSERT(NTEorIF == Packet->NTEorIF); if (Packet->Flags & PACKET_HOLDS_REF) { //
// The packet already holds an interface reference,
// so our reference is not neeeded.
//
ReleaseIF(CastToIF(NTEorIF)); } else { //
// Give the packet our interface reference.
//
Packet->Flags |= PACKET_HOLDS_REF; }
//
// The address is not assigned to this interface. Check to see
// if it is appropriate for us to forward this packet.
// If not, drop it. At this point, we are fairly
// conservative about what we will forward.
//
Forward: if (!(CastToIF(Packet->NTEorIF)->Flags & IF_FLAG_FORWARDS) || (Packet->Flags & PACKET_NOT_LINK_UNICAST) || IsUnspecified(AlignAddr(&Packet->IP->Source)) || IsLoopback(AlignAddr(&Packet->IP->Source))) { //
// Drop the packet with no ICMP error.
//
IPSInfo.ipsi_inaddrerrors++; return IP_PROTOCOL_NONE; }
//
// No support yet for forwarding multicast packets.
//
if (IsUnspecified(AlignAddr(&Packet->IP->Dest)) || IsLoopback(AlignAddr(&Packet->IP->Dest)) || IsMulticast(AlignAddr(&Packet->IP->Dest))) { //
// Send an ICMP error.
//
ICMPv6SendError(Packet, ICMPv6_DESTINATION_UNREACHABLE, ICMPv6_COMMUNICATION_PROHIBITED, 0, Packet->IP->NextHeader, FALSE); IPSInfo.ipsi_inaddrerrors++; return IP_PROTOCOL_NONE; }
//
// We do the actual forwarding below...
//
Forwarding = TRUE;
} else { //
// If we found a unicast ADE, then remember the NTE.
// Conceptually, we think of the packet as holding
// the reference to the NTE. Normally for multicast/anycast
// addresses, we delay our choice of an appropriate NTE
// until it is time to reply to the packet.
//
if (IsNTE(NTEorIF)) { NetTableEntry *NTE = CastToNTE(NTEorIF); Interface *IF = NTE->IF;
ASSERT(CastFromIF(IF) == Packet->NTEorIF);
if (!IsValidNTE(NTE)) { //
// The unicast address is not valid, so it can't
// receive packets. The address may be assigned
// to some other node, so forwarding is appropriate.
//
// Ensure that the packet holds an interface reference.
//
if (!(Packet->Flags & PACKET_HOLDS_REF)) { //
// The packet does not already hold an interface ref,
// so give it one.
//
AddRefIF(IF); Packet->Flags |= PACKET_HOLDS_REF; } //
// Now our NTE reference is not needed.
//
ReleaseNTE(NTE); goto Forward; }
//
// Ensure that the packet holds a reference for the NTE,
// which holds an interface reference.
//
if (Packet->Flags & PACKET_HOLDS_REF) { //
// The packet already holds an interface reference.
// Release that reference and give the packet
// our NTE reference.
//
ReleaseIF(IF); } else { //
// The packet does not hold a reference.
// Give the packet our NTE reference.
//
Packet->Flags |= PACKET_HOLDS_REF; } Packet->NTEorIF = CastFromNTE(NTE); } else { //
// Ensure that the packet holds an interface reference.
//
ASSERT(NTEorIF == Packet->NTEorIF); if (Packet->Flags & PACKET_HOLDS_REF) { //
// The packet already holds an interface reference,
// so our reference is not needed.
//
ReleaseIF(CastToIF(NTEorIF)); } else { //
// Give our interface reference to the packet.
//
Packet->Flags |= PACKET_HOLDS_REF; } }
//
// We found an ADE on this IF to accept the packet,
// so we will be Receiving it.
//
Forwarding = FALSE; } }
//
// At this point, the Forwarding variable tells us
// if we are forwarding or receiving the packet.
//
//
// Before processing any headers, including Hop-by-Hop,
// check that the amount of payload the IPv6 header thinks is present
// can actually fit inside the packet data area that the link handed us.
// Note that a Payload Length of zero *might* mean a Jumbo Payload option.
//
PayloadLength = net_short(Packet->IP->PayloadLength); if (PayloadLength > Packet->TotalSize) { // Silently discard the packet.
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "IPv6HeaderReceive: Header's PayloadLength is greater than " "the amount of data received\n")); IPSInfo.ipsi_inhdrerrors++; return IP_PROTOCOL_NONE; }
//
// Check for Hop-by-Hop Options.
//
if (Packet->IP->NextHeader == IP_PROTOCOL_HOP_BY_HOP) { int RetVal;
//
// If there is a Jumbo Payload option, HopByHopOptionsReceive
// will adjust the packet size. Otherwise we take care of it
// now, before reading the Hop-by-Hop header.
//
if (PayloadLength != 0) { Packet->TotalSize = PayloadLength; if (Packet->ContigSize > PayloadLength) Packet->ContigSize = PayloadLength; }
//
// Parse the Hop-by-Hop options.
//
RetVal = HopByHopOptionsReceive(Packet); if (RetVal < 0) { //
// The packet had bad Hop-by-Hop Options.
// Drop it.
//
IPSInfo.ipsi_inhdrerrors++; return IP_PROTOCOL_NONE; } NextHeader = (uchar)RetVal; // Truncate to 8 bits.
} else { //
// No Jumbo Payload option. Adjust the packet size.
//
Packet->TotalSize = PayloadLength; if (Packet->ContigSize > PayloadLength) Packet->ContigSize = PayloadLength;
//
// No Hop-by-Hop options.
//
NextHeader = Packet->IP->NextHeader; }
//
// Check if we are forwarding this packet.
//
if (Forwarding) { IPv6Header UNALIGNED *FwdIP; NDIS_PACKET *FwdPacket; NDIS_STATUS NdisStatus; uint Offset; uint MemLen; uchar *Mem; uint TunnelStart = NO_TUNNEL, IPSecBytes = 0; IPSecProc *IPSecToDo; uint Action; RouteCacheEntry *RCE; IP_STATUS Status;
//
// Verify IPSec was performed.
//
if (InboundSecurityCheck(Packet, 0, 0, 0, CastToIF(Packet->NTEorIF)) != TRUE) { //
// No policy was found or the policy indicated to drop the packet.
//
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "IPv6Receive: " "IPSec lookup failed or policy was to drop\n")); IPSInfo.ipsi_inaddrerrors++; return IP_PROTOCOL_NONE; }
//
// At this time, we need to copy the incoming packet,
// for several reasons: We can't hold the Packet
// once IPv6HeaderReceive returns, yet we need to queue
// packet to forward it. We need to modify the packet
// (in IPv6Forward) by decrementing the hop count,
// yet our incoming packet is read-only. Finally,
// we need space in the outgoing packet for the outgoing
// interface's link-level header, which may differ in size
// from that of the incoming interface. Someday, we can
// implement support for returning a non-zero reference
// count from IPv6Receive and only copy the incoming
// packet's header to construct the outgoing packet.
//
//
// Find a route to the new destination.
//
Status = RouteToDestination(AlignAddr(&Packet->IP->Dest), 0, Packet->NTEorIF, RTD_FLAG_LOOSE, &RCE); if (Status != IP_SUCCESS) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR, "IPv6HeaderReceive: " "No route to destination for forwarding.\n")); ICMPv6SendError(Packet, ICMPv6_DESTINATION_UNREACHABLE, ICMPv6_NO_ROUTE_TO_DESTINATION, 0, NextHeader, FALSE); IPSInfo.ipsi_outnoroutes++; return IP_PROTOCOL_NONE; }
//
// Find the Security Policy for this outbound traffic.
//
IPSecToDo = OutboundSPLookup(AlignAddr(&Packet->IP->Source), AlignAddr(&Packet->IP->Dest), 0, 0, 0, RCE->NCE->IF, &Action);
if (IPSecToDo == NULL) { //
// Check Action.
//
if (Action == LOOKUP_DROP) { // Drop packet.
ReleaseRCE(RCE); IPSInfo.ipsi_inaddrerrors++; return IP_PROTOCOL_NONE; } else { if (Action == LOOKUP_IKE_NEG) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "IPv6HeaderReceive: IKE not supported yet.\n")); ReleaseRCE(RCE); IPSInfo.ipsi_inaddrerrors++; return IP_PROTOCOL_NONE; } }
//
// With no IPSec to perform, IPv6Forward won't be changing the
// outgoing interface from what we currently think it will be.
// So we can use the exact size of its link-level header.
//
Offset = RCE->NCE->IF->LinkHeaderSize;
} else { //
// Calculate the space needed for the IPSec headers.
//
IPSecBytes = IPSecBytesToInsert(IPSecToDo, &TunnelStart, NULL);
if (TunnelStart != 0) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "IPv6HeaderReceive: IPSec Tunnel mode only.\n")); FreeIPSecToDo(IPSecToDo, IPSecToDo->BundleSize); ReleaseRCE(RCE); IPSInfo.ipsi_inaddrerrors++; return IP_PROTOCOL_NONE; }
//
// The IPSec code in IPv6Forward might change the outgoing
// interface from what we currently think it will be.
// Leave the max amount of space for its link-level header.
//
Offset = MAX_LINK_HEADER_SIZE; }
PayloadLength = Packet->TotalSize; MemLen = Offset + sizeof(IPv6Header) + PayloadLength + IPSecBytes;
NdisStatus = IPv6AllocatePacket(MemLen, &FwdPacket, &Mem); if (NdisStatus != NDIS_STATUS_SUCCESS) { if (IPSecToDo) { FreeIPSecToDo(IPSecToDo, IPSecToDo->BundleSize); } ReleaseRCE(RCE); IPSInfo.ipsi_indiscards++; return IP_PROTOCOL_NONE; // We can't forward.
}
FwdIP = (IPv6Header UNALIGNED *)(Mem + Offset + IPSecBytes);
//
// Copy from the incoming packet to the outgoing packet.
//
CopyPacketToBuffer((uchar *)FwdIP, Packet, sizeof(IPv6Header) + PayloadLength, Packet->IPPosition);
//
// Send the outgoing packet.
//
IPv6Forward(Packet->NTEorIF, FwdPacket, Offset + IPSecBytes, FwdIP, PayloadLength, TRUE, // OK to Redirect.
IPSecToDo, RCE);
if (IPSecToDo) { FreeIPSecToDo(IPSecToDo, IPSecToDo->BundleSize); }
ReleaseRCE(RCE);
return IP_PROTOCOL_NONE; } // end of if (Forwarding)
//
// Packet is for this node.
// Note: We may only be an intermediate node and not the packet's final
// destination, if there is a routing header.
//
return NextHeader;}
//* ReassemblyInit
//
// Initialize data structures required for fragment reassembly.
//
voidReassemblyInit(void){ KeInitializeSpinLock(&ReassemblyList.Lock); ReassemblyList.First = ReassemblyList.Last = SentinelReassembly; KeInitializeSpinLock(&ReassemblyList.LockSize);}
//* ReassemblyUnload
//
// Cleanup the fragment reassembly data structures and
// prepare for stack unload.
//
voidReassemblyUnload(void){ //
// We are called after all interfaces have been destroyed,
// so the reassemblies should already be gone.
//
ASSERT(ReassemblyList.Last == SentinelReassembly); ASSERT(ReassemblyList.Size == 0);}
//* ReassemblyRemove
//
// Cleanup the fragment reassembly data structures
// when an interface becomes invalid.
//
// Callable from DPC or thread context.
//
voidReassemblyRemove(Interface *IF){ Reassembly *DeleteList = NULL; Reassembly *Reass, *NextReass; KIRQL OldIrql;
KeAcquireSpinLock(&ReassemblyList.Lock, &OldIrql); for (Reass = ReassemblyList.First; Reass != SentinelReassembly; Reass = NextReass) { NextReass = Reass->Next;
if (Reass->IF == IF) { //
// Remove this reassembly.
// If it is not already being deleted,
// put it on our temporary list.
//
RemoveReassembly(Reass); KeAcquireSpinLockAtDpcLevel(&Reass->Lock); if (Reass->State == REASSEMBLY_STATE_DELETING) { //
// Note that it has been removed from the list.
//
Reass->State = REASSEMBLY_STATE_REMOVED; } else { Reass->Next = DeleteList; DeleteList = Reass; } KeReleaseSpinLockFromDpcLevel(&Reass->Lock); } } KeReleaseSpinLock(&ReassemblyList.Lock, OldIrql);
//
// Actually free the reassemblies that we removed above.
//
while ((Reass = DeleteList) != NULL) { DeleteList = Reass->Next; DeleteReassembly(Reass); }}
//* FragmentReceive - Handle a IPv6 datagram fragment.
//
// This is the routine called by IPv6 when it receives a fragment of an
// IPv6 datagram, i.e. a next header value of 44. Here we attempt to
// reassemble incoming fragments into complete IPv6 datagrams.
//
// If a later fragment provides data that conflicts with an earlier
// fragment, then we use the first-arriving data.
//
// We silently drop the fragment and stop reassembly in several
// cases that are not specified in the spec, to prevent DoS attacks.
// These include partially overlapping fragments and fragments
// that carry no data. Legitimate senders should never generate them.
//
ucharFragmentReceive( IPv6Packet *Packet) // Packet handed to us by IPv6Receive.
{ Interface *IF = Packet->NTEorIF->IF; FragmentHeader UNALIGNED *Frag; Reassembly *Reass; ushort FragOffset; PacketShim *Shim, *ThisShim, **MoveShim; uint NextHeaderPosition;
IPSInfo.ipsi_reasmreqds++;
//
// We can not reassemble fragments that have had IPsec processing.
// It can't work because the IPsec headers in the unfragmentable part
// of the offset-zero fragment will authenticate/decrypt that fragment.
// Then the same headers would be copied to the reassembled packet.
// They couldn't possibly successfully authenticate/decrypt again.
// Also see RFC 2401 B.2.
//
if (Packet->SAPerformed != NULL) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "FragmentReceive: IPsec on fragment\n")); //
// The spec does not tell us what ICMP error to generate in this case,
// but flagging the fragment header seems reasonable.
//
goto BadFragment; }
//
// If a jumbo payload option was seen, send an ICMP error.
// Set ICMP pointer to the offset of the fragment header.
//
if (Packet->Flags & PACKET_JUMBO_OPTION) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "FragmentReceive: jumbo fragment\n"));
BadFragment: //
// The NextHeader value passed to ICMPv6SendError
// is IP_PROTOCOL_FRAGMENT because we haven't moved
// past the fragment header yet.
//
ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, Packet->Position - Packet->IPPosition, IP_PROTOCOL_FRAGMENT, FALSE); goto Failed; // Drop packet.
}
//
// Verify that we have enough contiguous data to overlay a FragmentHeader
// structure on the incoming packet. Then do so.
//
if (! PacketPullup(Packet, sizeof *Frag, 1, 0)) { // Pullup failed.
if (Packet->TotalSize < sizeof *Frag) ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, FIELD_OFFSET(IPv6Header, PayloadLength), IP_PROTOCOL_NONE, FALSE); goto Failed; // Drop packet.
} Frag = (FragmentHeader UNALIGNED *) Packet->Data;
//
// Remember offset to this header's NextHeader field.
// But don't overwrite offset to previous header's NextHeader just yet.
//
NextHeaderPosition = Packet->Position + FIELD_OFFSET(FragmentHeader, NextHeader);
//
// Skip over fragment header.
//
AdjustPacketParams(Packet, sizeof *Frag);
//
// Lookup this fragment triple (Source Address, Destination
// Address, and Identification field) per-interface to see if
// we've already received other fragments of this packet.
//
Reass = FragmentLookup(IF, Frag->Id, AlignAddr(&Packet->IP->Source), AlignAddr(&Packet->IP->Dest)); if (Reass == NULL) { //
// We hold the global reassembly list lock.
//
// Handle a special case first: if this is the first, last, and only
// fragment, then we can just continue parsing without reassembly.
// Test both paths in checked builds.
//
if ((Frag->OffsetFlag == 0)#if DBG
&& ((int)Random() < 0)#endif
) { //
// Return next header value.
//
KeReleaseSpinLockFromDpcLevel(&ReassemblyList.Lock); Packet->NextHeaderPosition = NextHeaderPosition; Packet->SkippedHeaderLength += sizeof(FragmentHeader); IPSInfo.ipsi_reasmoks++; return Frag->NextHeader; }
//
// We must avoid creating new reassembly records
// if the interface is going away, to prevent races
// with DestroyIF/ReassemblyRemove.
//
if (IsDisabledIF(IF)) { KeReleaseSpinLockFromDpcLevel(&ReassemblyList.Lock); goto Failed; }
//
// This is the first fragment of this datagram we've received.
// Allocate a reassembly structure to keep track of the pieces.
//
Reass = ExAllocatePoolWithTagPriority( NonPagedPool, sizeof(struct Reassembly), IP6_TAG, LowPoolPriority); if (Reass == NULL) { KeReleaseSpinLockFromDpcLevel(&ReassemblyList.Lock); KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NTOS_ERROR, "FragmentReceive: Couldn't allocate memory!?!\n")); goto Failed; }
KeInitializeSpinLock(&Reass->Lock); Reass->State = REASSEMBLY_STATE_NORMAL;
RtlCopyMemory(&Reass->IPHdr, Packet->IP, sizeof(IPv6Header)); Reass->IF = IF; Reass->Id = Frag->Id; Reass->ContigList = NULL;#if DBG
Reass->ContigEnd = NULL;#endif
Reass->GapList = NULL; Reass->Timer = DEFAULT_REASSEMBLY_TIMEOUT; Reass->Marker = 0; Reass->MaxGap = 0; //
// We must initialize DataLength to an invalid value.
// Initializing to zero doesn't work.
//
Reass->DataLength = (uint)-1; Reass->UnfragmentLength = 0; Reass->UnfragData = NULL; Reass->Flags = 0; Reass->Size = REASSEMBLY_SIZE_PACKET;
//
// Add new Reassembly struct to front of the ReassemblyList.
// Acquires the reassembly record lock and
// releases the global reassembly list lock.
//
AddToReassemblyList(Reass); } else { //
// We have found and locked an existing reassembly structure.
// Because we remove the reassembly structure in every
// error situation below, an existing reassembly structure
// must have a shim that has been successfully added to it.
//
ASSERT((Reass->ContigList != NULL) || (Reass->GapList != NULL)); }
//
// At this point, we have a locked reassembly record.
// We do not hold the global reassembly list lock
// while we perform the relatively expensive work
// of copying the fragment.
//
ASSERT(Reass->State == REASSEMBLY_STATE_NORMAL);
//
// Update the saved packet flags from this fragment packet.
// We are really only interested in PACKET_NOT_LINK_UNICAST.
//
Reass->Flags |= Packet->Flags;
FragOffset = net_short(Frag->OffsetFlag) & FRAGMENT_OFFSET_MASK;
//
// Send ICMP error if this fragment causes the total packet length
// to exceed 65,535 bytes. Set ICMP pointer equal to the offset to
// the Fragment Offset field.
//
if (FragOffset + Packet->TotalSize > MAX_IPv6_PAYLOAD) { DeleteFromReassemblyList(Reass); ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, (Packet->Position - sizeof(FragmentHeader) + (uint)FIELD_OFFSET(FragmentHeader, OffsetFlag) - Packet->IPPosition), ((FragOffset == 0) ? Frag->NextHeader : IP_PROTOCOL_NONE), FALSE); goto Failed; }
if ((Packet->TotalSize == 0) && (Frag->OffsetFlag != 0)) { //
// We allow a moot fragment header (Frag->OffsetFlag == 0),
// because some test programs might generate them.
// (The first/last/only check above catches this in free builds.)
// But otherwise, we disallow fragments that do not actually
// carry any data for DoS protection.
//
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "FragmentReceive: zero data fragment\n")); DeleteFromReassemblyList(Reass); return IP_PROTOCOL_NONE; }
//
// If this is the last fragment (more fragments bit not set), then
// remember the total data length, else, check that the length
// is a multiple of 8 bytes.
//
if ((net_short(Frag->OffsetFlag) & FRAGMENT_FLAG_MASK) == 0) { if (Reass->DataLength != (uint)-1) { //
// We already received a last fragment.
// This can happen if a packet is duplicated.
//
if (FragOffset + Packet->TotalSize != Reass->DataLength) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "FragmentReceive: second last fragment\n")); DeleteFromReassemblyList(Reass); return IP_PROTOCOL_NONE; } } else { //
// Set expected data length from this fragment.
//
Reass->DataLength = FragOffset + Packet->TotalSize;
//
// Do we have any fragments beyond this length?
//
if ((Reass->Marker > Reass->DataLength) || (Reass->MaxGap > Reass->DataLength)) goto BadFragmentBeyondData; } } else { if ((Packet->TotalSize % 8) != 0) { //
// Length is not multiple of 8, send ICMP error with a pointer
// value equal to offset of payload length field in IP header.
//
DeleteFromReassemblyList(Reass); ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, FIELD_OFFSET(IPv6Header, PayloadLength), ((FragOffset == 0) ? Frag->NextHeader : IP_PROTOCOL_NONE), FALSE); goto Failed; // Drop packet.
}
if ((Reass->DataLength != (uint)-1) && (FragOffset + Packet->TotalSize > Reass->DataLength)) { //
// This fragment falls beyond the data length.
// As part of our DoS prevention, drop the reassembly.
//
BadFragmentBeyondData: KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "FragmentReceive: fragment beyond data length\n")); DeleteFromReassemblyList(Reass); return IP_PROTOCOL_NONE; } }
//
// Allocate and initialize a shim structure to hold the fragment data.
//
Shim = ExAllocatePoolWithTagPriority( NonPagedPool, sizeof *Shim + Packet->TotalSize, IP6_TAG, LowPoolPriority); if (Shim == NULL) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NTOS_ERROR, "FragmentReceive: Couldn't allocate memory!?!\n")); DeleteFromReassemblyList(Reass); goto Failed; }
IncreaseReassemblySize(Reass, REASSEMBLY_SIZE_FRAG + Packet->TotalSize); Shim->Len = (ushort)Packet->TotalSize; Shim->Offset = FragOffset; Shim->Next = NULL;
//
// Determine where this fragment fits among the previous ones.
//
// There is no good reason for senders to ever generate overlapping
// fragments. However, packets may sometimes be duplicated in the network.
// If we receive a fragment that duplicates previously received fragments,
// then we just discard it. If we receive a fragment that only partially
// overlaps previously received fragments, then we assume a malicious
// sender and just drop the reassembly. This gives us better behavior
// under some kinds of DoS attacks, although the upper bound on reassembly
// buffers (see CheckReassemblyQuota) is the ultimate protection.
//
if (FragOffset == Reass->Marker) { //
// This fragment extends the contiguous list.
//
if (Reass->ContigList == NULL) { //
// We're first on the list.
// We use info from the (first) offset zero fragment to recreate
// the original datagram. Info in a second offset zero fragment
// is ignored.
//
ASSERT(FragOffset == 0); ASSERT(Reass->UnfragData == NULL); Reass->ContigList = Shim;
// Save the next header value.
Reass->NextHeader = Frag->NextHeader;
//
// Grab the unfragmentable data, i.e. the extension headers that
// preceded the fragment header.
//
Reass->UnfragmentLength = (ushort) ((Packet->Position - sizeof(FragmentHeader)) - (Packet->IPPosition + sizeof(IPv6Header)));
if (Reass->UnfragmentLength != 0) { Reass->UnfragData = ExAllocatePoolWithTagPriority( NonPagedPool, Reass->UnfragmentLength, IP6_TAG, LowPoolPriority); if (Reass->UnfragData == NULL) { // Out of memory!?! Clean up and drop packet.
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NTOS_ERROR, "FragmentReceive: " "Couldn't allocate memory?\n")); // Will also free Shim because of Reass->ContigList.
DeleteFromReassemblyList(Reass); goto Failed; } IncreaseReassemblySize(Reass, Reass->UnfragmentLength); CopyPacketToBuffer(Reass->UnfragData, Packet, Reass->UnfragmentLength, Packet->IPPosition + sizeof(IPv6Header));
Reass->NextHeaderOffset = Packet->NextHeaderPosition - Packet->IPPosition; } else Reass->NextHeaderOffset = FIELD_OFFSET(IPv6Header, NextHeader);
//
// We need to have the IP header of the offset-zero fragment.
// (Every fragment normally will have the same IP header,
// except for PayloadLength, and unfragmentable headers,
// but they might not.) ReassembleDatagram and
// CreateFragmentPacket both need it.
//
// Of the 40 bytes in the header, the 32 bytes in the source
// and destination addresses are already correct.
// So we just copy the other 8 bytes now.
//
RtlCopyMemory(&Reass->IPHdr, Packet->IP, 8);
} else { //
// Add us to the end of the list.
//
Reass->ContigEnd->Next = Shim; } Reass->ContigEnd = Shim;
//
// Increment our contiguous extent marker.
//
Reass->Marker += (ushort)Packet->TotalSize;
//
// Now peruse the non-contiguous list here to see if we already
// have the next fragment to extend the contiguous list, and if so,
// move it on over. Repeat until we can't.
//
MoveShim = &Reass->GapList; while ((ThisShim = *MoveShim) != NULL) { if (ThisShim->Offset == Reass->Marker) { //
// This fragment now extends the contiguous list.
// Add it to the end of the list.
//
Reass->ContigEnd->Next = ThisShim; Reass->ContigEnd = ThisShim; Reass->Marker += ThisShim->Len;
//
// Remove it from non-contiguous list.
//
*MoveShim = ThisShim->Next; ThisShim->Next = NULL; } else if (ThisShim->Offset > Reass->Marker) { //
// This fragment lies beyond the contiguous list.
// Because the gap list is sorted, we can stop now.
//
break; } else { //
// This fragment overlaps the contiguous list.
// For DoS prevention, drop the reassembly.
//
BadFragmentOverlap: KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "FragmentReceive: overlapping fragment\n")); DeleteFromReassemblyList(Reass); return IP_PROTOCOL_NONE; } } } else { //
// Check whether the fragment duplicates data already in
// the contiguous list.
//
if (Shim->Offset <= Reass->Marker) { if (Shim->Offset + Shim->Len > Reass->Marker) { //
// We have a partial overlap.
//
ExFreePool(Shim); goto BadFragmentOverlap; }
//
// We already have all the data. Don't bother distinguishing
// between an exact duplicate and a partial overlap, just
// ignore the new fragment.
//
goto Duplicate; } //
// Exile this fragment to the non-contiguous (gap) list.
// The gap list is sorted by Offset.
//
MoveShim = &Reass->GapList; for (;;) { ThisShim = *MoveShim; if (ThisShim == NULL) { //
// Insert Shim at the end of the gap list.
//
Reass->MaxGap = Shim->Offset + Shim->Len; break; }
if (Shim->Offset < ThisShim->Offset) { //
// Check for partial overlap.
//
if (Shim->Offset + Shim->Len > ThisShim->Offset) { ExFreePool(Shim); goto BadFragmentOverlap; }
//
// OK, insert Shim before ThisShim.
//
break; } else if (ThisShim->Offset < Shim->Offset) { //
// Check for partial overlap.
//
if (ThisShim->Offset + ThisShim->Len > Shim->Offset) { ExFreePool(Shim); goto BadFragmentOverlap; }
//
// OK, insert Shim somewhere after ThisShim.
// Keep looking for the right spot.
//
MoveShim = &ThisShim->Next; } else { //
// If the new fragment duplicates the old,
// then just ignore the new fragment.
//
if (Shim->Len == ThisShim->Len) { Duplicate: KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "FragmentReceive: duplicate fragment\n")); ExFreePool(Shim); KeReleaseSpinLockFromDpcLevel(&Reass->Lock); return IP_PROTOCOL_NONE; } else { ExFreePool(Shim); goto BadFragmentOverlap; } } }
Shim->Next = *MoveShim; *MoveShim = Shim; }
//
// Now that we have added the shim to the reassembly record
// and passed various checks (particularly DoS checks),
// copy the actual fragment data to the shim.
//
CopyPacketToBuffer(PacketShimData(Shim), Packet, Packet->TotalSize, Packet->Position);
if (Reass->Marker == Reass->DataLength) { //
// We have received all the fragments.
// Because of the overlapping/data-length/zero-size sanity checks
// above, when this happens there should be no fragments
// left on the gap list. However, ReassembleDatagram does not
// rely on having an empty gap list.
//
ASSERT(Reass->GapList == NULL); ReassembleDatagram(Packet, Reass); } else { //
// Finally, check if we're too close to our limit for
// reassembly buffers. If so, drop this packet. Otherwise,
// wait for more fragments to arrive.
//
CheckReassemblyQuota(Reass); } return IP_PROTOCOL_NONE;
Failed: IPSInfo.ipsi_reasmfails++; return IP_PROTOCOL_NONE;}
//* FragmentLookup - look for record of previous fragments from this datagram.
//
// A datagram on an interface is uniquely identified by its
// {source address, destination address, identification field} triple.
// This function checks our reassembly list for previously
// received fragments of a given datagram.
//
// If an existing reassembly record is found,
// it is returned locked.
//
// If there is no existing reassembly record, returns NULL
// and leaves the global reassembly list locked.
//
// Callable from DPC context, not from thread context.
//
Reassembly *FragmentLookup( Interface *IF, // Receiving interface.
ulong Id, // Fragment identification field to match.
const IPv6Addr *Src, // Source address to match.
const IPv6Addr *Dst) // Destination address to match.
{ Reassembly *Reass;
KeAcquireSpinLockAtDpcLevel(&ReassemblyList.Lock);
for (Reass = ReassemblyList.First;; Reass = Reass->Next) { if (Reass == SentinelReassembly) { //
// Return with the global reassembly list lock still held.
//
return NULL; }
if ((Reass->IF == IF) && (Reass->Id == Id) && IP6_ADDR_EQUAL(&Reass->IPHdr.Source, Src) && IP6_ADDR_EQUAL(&Reass->IPHdr.Dest, Dst)) { //
// Is this reassembly record being deleted?
// If so, ignore it.
//
KeAcquireSpinLockAtDpcLevel(&Reass->Lock); ASSERT((Reass->State == REASSEMBLY_STATE_NORMAL) || (Reass->State == REASSEMBLY_STATE_DELETING));
if (Reass->State == REASSEMBLY_STATE_DELETING) { KeReleaseSpinLockFromDpcLevel(&Reass->Lock); continue; }
//
// Return with the reassembly record lock still held.
//
KeReleaseSpinLockFromDpcLevel(&ReassemblyList.Lock); return Reass; } }}
//* AddToReassemblyList
//
// Add the reassembly record to the list.
// It must NOT already be on the list.
//
// Called with the global reassembly list lock held.
// Returns with the reassembly record lock held.
//
// Callable from DPC context, not from thread context.
//
voidAddToReassemblyList(Reassembly *Reass){ Reassembly *AfterReass = SentinelReassembly;
Reass->Prev = AfterReass; (Reass->Next = AfterReass->Next)->Prev = Reass; AfterReass->Next = Reass;
KeAcquireSpinLockAtDpcLevel(&ReassemblyList.LockSize); ReassemblyList.Size += Reass->Size; KeReleaseSpinLockFromDpcLevel(&ReassemblyList.LockSize);
//
// We must acquire the reassembly record lock
// *before* releasing the global reassembly list lock,
// to prevent the reassembly from diappearing underneath us.
//
KeAcquireSpinLockAtDpcLevel(&Reass->Lock); KeReleaseSpinLockFromDpcLevel(&ReassemblyList.Lock);}
//* RemoveReassembly
//
// Remove a reassembly record from the list.
//
// Called with the global reassembly lock held.
// The reassembly record lock may be held.
//
voidRemoveReassembly(Reassembly *Reass){ Reass->Prev->Next = Reass->Next; Reass->Next->Prev = Reass->Prev;
KeAcquireSpinLockAtDpcLevel(&ReassemblyList.LockSize); ReassemblyList.Size -= Reass->Size; KeReleaseSpinLockFromDpcLevel(&ReassemblyList.LockSize);}
//* IncreaseReassemblySize
//
// Increase the size of the reassembly record.
// Called with the reassembly record lock held.
//
// Callable from DPC context, not from thread context.
//
voidIncreaseReassemblySize(Reassembly *Reass, uint Size){ Reass->Size += Size; KeAcquireSpinLockAtDpcLevel(&ReassemblyList.LockSize); ReassemblyList.Size += Size; KeReleaseSpinLockFromDpcLevel(&ReassemblyList.LockSize);}
//* DeleteReassembly
//
// Delete a reassembly record.
//
voidDeleteReassembly(Reassembly *Reass){ PacketShim *ThisShim, *PrevShim;
//
// Free ContigList if populated.
//
PrevShim = ThisShim = Reass->ContigList; while (ThisShim != NULL) { PrevShim = ThisShim; ThisShim = ThisShim->Next; ExFreePool(PrevShim); }
//
// Free GapList if populated.
//
PrevShim = ThisShim = Reass->GapList; while (ThisShim != NULL) { PrevShim = ThisShim; ThisShim = ThisShim->Next; ExFreePool(PrevShim); }
//
// Free unfragmentable data.
//
if (Reass->UnfragData != NULL) ExFreePool(Reass->UnfragData);
ExFreePool(Reass);}
//* DeleteFromReassemblyList
//
// Remove and delete the reassembly record.
// The reassembly record MUST be on the list.
//
// Callable from DPC context, not from thread context.
// Called with the reassembly record lock held,
// but not the global reassembly list lock.
//
voidDeleteFromReassemblyList(Reassembly *Reass){ //
// Mark the reassembly as being deleted.
// This will prevent someone else from freeing it.
//
ASSERT(Reass->State == REASSEMBLY_STATE_NORMAL); Reass->State = REASSEMBLY_STATE_DELETING; KeReleaseSpinLockFromDpcLevel(&Reass->Lock);
KeAcquireSpinLockAtDpcLevel(&ReassemblyList.Lock); KeAcquireSpinLockAtDpcLevel(&Reass->Lock); ASSERT((Reass->State == REASSEMBLY_STATE_DELETING) || (Reass->State == REASSEMBLY_STATE_REMOVED));
//
// Remove the reassembly record from the list,
// if someone else hasn't already removed it.
//
if (Reass->State != REASSEMBLY_STATE_REMOVED) RemoveReassembly(Reass);
KeReleaseSpinLockFromDpcLevel(&Reass->Lock); KeReleaseSpinLockFromDpcLevel(&ReassemblyList.Lock);
//
// Delete the reassembly record.
//
DeleteReassembly(Reass);}
//* CheckReassemblyQuota
//
// Delete reassembly record if necessary,
// to keep the reassembly buffering under quota.
//
// Callable from DPC context, not from thread context.
// Called with the reassembly record lock held,
// but not the global reassembly list lock.
//
voidCheckReassemblyQuota(Reassembly *Reass){ int Prune = FALSE; uint Threshold = ReassemblyList.Limit / 2;
//
// Decide whether to drop the reassembly record based on a RED-like
// algorithm. If the total size is less than 50% of the max, never
// drop. If the total size is over the max, always drop. If between
// 50% and 100% full, drop based on a probability proportional to the
// amount over 50%. This is an O(1) algorithm which is proportionally
// biased against large packets, and against sources which send more
// packets. This should provide a decent level of protection against
// DoS attacks.
//
KeAcquireSpinLockAtDpcLevel(&ReassemblyList.LockSize); if ((ReassemblyList.Size > Threshold) && (RandomNumber(0, Threshold) < ReassemblyList.Size - Threshold)) Prune = TRUE; KeReleaseSpinLockFromDpcLevel(&ReassemblyList.LockSize);
if (Prune) { //
// Delete this reassembly record.
// We do not send ICMP errors in this situation.
// The reassembly timer has not expired.
// This is more analogous to a router dropping packets
// when a queue gets full, and no ICMP error is sent
// in that situation.
//
#if DBG
char Buffer1[INET6_ADDRSTRLEN], Buffer2[INET6_ADDRSTRLEN];
FormatV6AddressWorker(Buffer1, &Reass->IPHdr.Source); FormatV6AddressWorker(Buffer2, &Reass->IPHdr.Dest); KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "CheckReassemblyQuota: Src %s Dst %s Id %x\n", Buffer1, Buffer2, Reass->Id));#endif
DeleteFromReassemblyList(Reass); } else KeReleaseSpinLockFromDpcLevel(&Reass->Lock);}
typedef struct ReassembledReceiveContext { WORK_QUEUE_ITEM WQItem; IPv6Packet Packet; uchar Data[];} ReassembledReceiveContext;
//* ReassembledReceive
//
// Receive a reassembled packet.
// This function is called from a kernel worker thread context.
// It prevents "reassembly recursion".
//
voidReassembledReceive(PVOID Context){ ReassembledReceiveContext *rrc = (ReassembledReceiveContext *) Context; KIRQL Irql; int PktRefs;
//
// All receive processing normally happens at DPC level,
// so we must pretend to be a DPC, so we raise IRQL.
// (System worker threads typically run at PASSIVE_LEVEL).
//
KeRaiseIrql(DISPATCH_LEVEL, &Irql); PktRefs = IPv6Receive(&rrc->Packet); ASSERT(PktRefs == 0); KeLowerIrql(Irql); ExFreePool(rrc);}
//* ReassembleDatagram - put all the fragments together.
//
// Called when we have all the fragments to complete a datagram.
// Patch them together and pass the packet up.
//
// We allocate a single contiguous buffer and copy the fragments
// into this buffer.
// REVIEW: Instead use ndis buffers to chain the fragments?
//
// Callable from DPC context, not from thread context.
// Called with the reassembly record lock held,
// but not the global reassembly list lock.
//
// Deletes the reassembly record.
//
voidReassembleDatagram( IPv6Packet *Packet, // The packet being currently received.
Reassembly *Reass) // Reassembly record for fragmented datagram.
{ uint DataLen; uint TotalLength; uint memptr = sizeof(IPv6Header); PacketShim *ThisShim, *PrevShim; ReassembledReceiveContext *rrc; IPv6Packet *ReassPacket; uchar *ReassBuffer; uchar *pNextHeader;
DataLen = Reass->DataLength + Reass->UnfragmentLength; ASSERT(DataLen <= MAX_IPv6_PAYLOAD); TotalLength = sizeof(IPv6Header) + DataLen;
//
// Allocate memory for buffer and copy fragment data into it.
// At the same time we allocate space for context information
// and an IPv6 packet structure.
//
rrc = ExAllocatePoolWithTagPriority( NonPagedPool, sizeof *rrc + TotalLength, IP6_TAG, LowPoolPriority); if (rrc == NULL) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NTOS_ERROR, "ReassembleDatagram: Couldn't allocate memory!?!\n")); DeleteFromReassemblyList(Reass); IPSInfo.ipsi_reasmfails++; return; }
//
// We must take a reference on the interface before
// DeleteFromReassemblyList releases the record lock.
//
ReassPacket = &rrc->Packet; ReassBuffer = rrc->Data;
//
// Generate the original IP hdr and copy it and any unfragmentable
// data into the new packet. Note we have to update the next header
// field in the last unfragmentable header (or the IP hdr, if none).
//
Reass->IPHdr.PayloadLength = net_short((ushort)DataLen); RtlCopyMemory(ReassBuffer, (uchar *)&Reass->IPHdr, sizeof(IPv6Header));
RtlCopyMemory(ReassBuffer + memptr, Reass->UnfragData, Reass->UnfragmentLength); memptr += Reass->UnfragmentLength;
pNextHeader = ReassBuffer + Reass->NextHeaderOffset; ASSERT(*pNextHeader == IP_PROTOCOL_FRAGMENT); *pNextHeader = Reass->NextHeader;
//
// Run through the contiguous list, copying data over to our new packet.
//
PrevShim = ThisShim = Reass->ContigList; while(ThisShim != NULL) { RtlCopyMemory(ReassBuffer + memptr, PacketShimData(ThisShim), ThisShim->Len); memptr += ThisShim->Len; if (memptr > TotalLength) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR, "ReassembleDatagram: packets don't add up\n")); } PrevShim = ThisShim; ThisShim = ThisShim->Next;
ExFreePool(PrevShim); }
//
// Initialize the reassembled packet structure.
//
RtlZeroMemory(ReassPacket, sizeof *ReassPacket); AddRefIF(Reass->IF); ReassPacket->NTEorIF = CastFromIF(Reass->IF); ReassPacket->FlatData = ReassBuffer; ReassPacket->Data = ReassBuffer; ReassPacket->ContigSize = TotalLength; ReassPacket->TotalSize = TotalLength; ReassPacket->Flags = PACKET_HOLDS_REF | PACKET_REASSEMBLED | (Reass->Flags & PACKET_INHERITED_FLAGS);
//
// Explicitly null out the ContigList which was freed above and
// clean up the reassembly struct. This also drops our lock
// on the reassembly struct.
//
Reass->ContigList = NULL; DeleteFromReassemblyList(Reass);
IPSInfo.ipsi_reasmoks++;
//
// Receive the reassembled packet.
// If the current fragment was reassembled,
// then we should avoid another level of recursion.
// We must prevent "reassembly recursion".
// Test both paths in checked builds.
//
if ((Packet->Flags & PACKET_REASSEMBLED)#if DBG
|| ((int)Random() < 0)#endif
) { ExInitializeWorkItem(&rrc->WQItem, ReassembledReceive, rrc); ExQueueWorkItem(&rrc->WQItem, CriticalWorkQueue); } else { int PktRefs = IPv6Receive(ReassPacket); ASSERT(PktRefs == 0); UNREFERENCED_PARAMETER(PktRefs); ExFreePool(rrc); }}
//* CreateFragmentPacket
//
// Recreates the first fragment packet for purposes of notifying a source
// of a 'fragment reassembly time exceeded'.
//
IPv6Packet *CreateFragmentPacket( Reassembly *Reass){ PacketShim *FirstFrag; IPv6Packet *Packet; FragmentHeader *FragHdr; uint PayloadLength; uint PacketLength; uint MemLen; uchar *Mem;
//
// There must be a first (offset-zero) fragment.
//
FirstFrag = Reass->ContigList; ASSERT((FirstFrag != NULL) && (FirstFrag->Offset == 0));
//
// Allocate memory for creating the first fragment, i.e. the first
// buffer in our contig list. We include space for an IPv6Packet.
//
PayloadLength = (Reass->UnfragmentLength + sizeof(FragmentHeader) + FirstFrag->Len); PacketLength = sizeof(IPv6Header) + PayloadLength; MemLen = sizeof(IPv6Packet) + PacketLength; Mem = ExAllocatePoolWithTagPriority(NonPagedPool, MemLen, IP6_TAG, LowPoolPriority); if (Mem == NULL) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NTOS_ERROR, "CreateFragmentPacket: Couldn't allocate memory!?!\n")); return NULL; }
Packet = (IPv6Packet *) Mem; Mem += sizeof(IPv6Packet);
Packet->Next = NULL; Packet->IP = (IPv6Header UNALIGNED *) Mem; Packet->IPPosition = 0; Packet->Data = Packet->FlatData = Mem; Packet->Position = 0; Packet->ContigSize = Packet->TotalSize = PacketLength; Packet->NdisPacket = NULL; Packet->AuxList = NULL; Packet->Flags = 0; Packet->SrcAddr = AlignAddr(&Packet->IP->Source); Packet->SAPerformed = NULL; // Our caller must initialize Packet->NTEorIF.
AdjustPacketParams(Packet, sizeof(IPv6Header));
//
// Copy the original IPv6 header into the packet.
// Note that FragmentReceive ensures that
// Reass->IPHdr, Reass->UnfragData, and FirstFrag
// are all consistent.
//
RtlCopyMemory(Mem, (uchar *)&Reass->IPHdr, sizeof(IPv6Header)); Mem += sizeof(IPv6Header);
ASSERT(Reass->IPHdr.PayloadLength == net_short((ushort)PayloadLength));
//
// Copy the unfragmentable data into the packet.
//
RtlCopyMemory(Mem, Reass->UnfragData, Reass->UnfragmentLength); Mem += Reass->UnfragmentLength;
//
// Create a fragment header in the packet.
//
FragHdr = (FragmentHeader *) Mem; Mem += sizeof(FragmentHeader);
//
// Note that if the original offset-zero fragment had
// a non-zero value in the Reserved field, then we will
// not recreate it properly. It shouldn't do that.
//
FragHdr->NextHeader = Reass->NextHeader; FragHdr->Reserved = 0; FragHdr->OffsetFlag = net_short(FRAGMENT_FLAG_MASK); FragHdr->Id = Reass->Id;
//
// Copy the original fragment data into the packet.
//
RtlCopyMemory(Mem, PacketShimData(FirstFrag), FirstFrag->Len);
return Packet;}
//* ReassemblyTimeout - Handle a reassembly timer event.
//
// This routine is called periodically by IPv6Timeout to check for
// timed out fragments.
//
voidReassemblyTimeout(void){ Reassembly *ThisReass, *NextReass; Reassembly *Expired = NULL;
//
// Scan the ReassemblyList checking for expired reassembly contexts.
//
KeAcquireSpinLockAtDpcLevel(&ReassemblyList.Lock); for (ThisReass = ReassemblyList.First; ThisReass != SentinelReassembly; ThisReass = NextReass) { NextReass = ThisReass->Next;
//
// First decrement the timer then check if it has expired. If so,
// remove the reassembly record. This is basically the same code
// as in DeleteFromReassemblyList().
//
ThisReass->Timer--;
if (ThisReass->Timer == 0) { RemoveReassembly(ThisReass);
KeAcquireSpinLockAtDpcLevel(&ThisReass->Lock); ASSERT((ThisReass->State == REASSEMBLY_STATE_NORMAL) || (ThisReass->State == REASSEMBLY_STATE_DELETING));
if (ThisReass->State == REASSEMBLY_STATE_DELETING) { //
// Note that we've removed it from the list already.
//
ThisReass->State = REASSEMBLY_STATE_REMOVED; } else { //
// Move this reassembly context to the expired list.
// We must take a reference on the interface
// before releasing the reassembly record lock.
//
AddRefIF(ThisReass->IF); ThisReass->Next = Expired; Expired = ThisReass; } KeReleaseSpinLockFromDpcLevel(&ThisReass->Lock); } } KeReleaseSpinLockFromDpcLevel(&ReassemblyList.Lock);
//
// Now that we no longer need the reassembly list lock,
// we can send ICMP errors at our leisure.
//
while ((ThisReass = Expired) != NULL) { Interface *IF = ThisReass->IF;#if DBG
char Buffer1[INET6_ADDRSTRLEN], Buffer2[INET6_ADDRSTRLEN];
FormatV6AddressWorker(Buffer1, &ThisReass->IPHdr.Source); FormatV6AddressWorker(Buffer2, &ThisReass->IPHdr.Dest); KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "ReassemblyTimeout: Src %s Dst %s Id %x\n", Buffer1, Buffer2, ThisReass->Id));#endif
Expired = ThisReass->Next;
//
// Send ICMP error IF we have received the first fragment.
// NB: Checking Marker != 0 is wrong, because we might have
// received a zero-length first fragment.
//
if (ThisReass->ContigList != NULL) { IPv6Packet *Packet;
Packet = CreateFragmentPacket(ThisReass); if (Packet != NULL) { NetTableEntryOrInterface *NTEorIF; ushort Type;
NTEorIF = FindAddressOnInterface(IF, &ThisReass->IPHdr.Dest, &Type); if (NTEorIF != NULL) { Packet->NTEorIF = NTEorIF;
ICMPv6SendError(Packet, ICMPv6_TIME_EXCEEDED, ICMPv6_REASSEMBLY_TIME_EXCEEDED, 0, Packet->IP->NextHeader, FALSE);
if (IsNTE(NTEorIF)) ReleaseNTE(CastToNTE(NTEorIF)); else ReleaseIF(CastToIF(NTEorIF)); }
ExFreePool(Packet); } }
//
// Delete the reassembly record.
//
ReleaseIF(IF); DeleteReassembly(ThisReass); }}
//* DestinationOptionsReceive - Handle IPv6 Destination options.
//
// This is the routine called to process a Destination Options Header,
// a next header value of 60.
//
ucharDestinationOptionsReceive( IPv6Packet *Packet) // Packet handed to us by IPv6Receive.
{ IPv6OptionsHeader *DestOpt; uint ExtLen; Options Opts;
//
// Verify that we have enough contiguous data to overlay a Destination
// Options Header structure on the incoming packet. Then do so.
//
if (! PacketPullup(Packet, sizeof *DestOpt, __builtin_alignof(IPv6OptionsHeader), 0)) { if (Packet->TotalSize < sizeof *DestOpt) { BadPayloadLength: KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "DestinationOptionsReceive: Incoming packet too small" " to contain destination options header\n")); ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, FIELD_OFFSET(IPv6Header, PayloadLength), IP_PROTOCOL_NONE, FALSE); } return IP_PROTOCOL_NONE; // Drop packet.
} DestOpt = (IPv6OptionsHeader *) Packet->Data;
//
// Check that length of destination options also fit in remaining data.
// The options must also be aligned for any addresses in them.
//
ExtLen = (DestOpt->HeaderExtLength + 1) * EXT_LEN_UNIT; if (! PacketPullup(Packet, ExtLen, MAX(__builtin_alignof(IPv6OptionsHeader), __builtin_alignof(IPv6Addr)), 0)) { if (Packet->TotalSize < ExtLen) goto BadPayloadLength; return IP_PROTOCOL_NONE; // Drop packet.
} DestOpt = (IPv6OptionsHeader *) Packet->Data;
//
// Remember offset to this header's NextHeader field.
//
Packet->NextHeaderPosition = Packet->Position + FIELD_OFFSET(IPv6OptionsHeader, NextHeader);
//
// Skip over the extension header.
// We need to do this now so subsequent ICMP error generation works.
//
AdjustPacketParams(Packet, ExtLen);
//
// Parse options in this extension header. If an error occurs
// while parsing the options, discard packet.
//
if (!ParseOptions(Packet, IP_PROTOCOL_DEST_OPTS, DestOpt, ExtLen, &Opts)) { return IP_PROTOCOL_NONE; // Drop packet.
}
//
// The processing of any additional options should be added here,
// before the home address option.
//
//
// Process the home address option.
//
if (Opts.HomeAddress) { if (IPv6RecvHomeAddress(Packet, Opts.HomeAddress)) { //
// Couldn't process the home address option. Drop the packet.
//
return IP_PROTOCOL_NONE; } }
//
// Process binding update option.
//
// Note that the Mobile IP spec says that the effects of processing the
// Home Address option should not be visible until all other options in
// the same Destination Options header have been processed. Although
// we process the Binding Update option after the Home Address option,
// we achieve the same effect by requiring IPv6RecvBindingUpdate to
// know that the Packet->SrcAddr has already been updated.
//
if (Opts.BindingUpdate) { if (IPv6RecvBindingUpdate(Packet, Opts.BindingUpdate)) { //
// Couldn't process the binding update. Drop the packet.
//
return IP_PROTOCOL_NONE; } }
//
// Return next header value.
//
return DestOpt->NextHeader;}
//* HopByHopOptionsReceive - Handle a IPv6 Hop-by-Hop Options.
//
// This is the routine called to process a Hop-by-Hop Options Header,
// next header value of 0.
//
// Note that this routine is not a normal handler in the Protocol Switch
// Table. Instead, it receives special treatment in IPv6HeaderReceive.
// Because of this, it returns -1 instead of IP_PROTOCOL_NONE on error.
//
intHopByHopOptionsReceive( IPv6Packet *Packet) // Packet handed to us by IPv6Receive.
{ IPv6OptionsHeader *HopByHop; uint ExtLen; Options Opts;
//
// Verify that we have enough contiguous data to overlay a minimum
// length Hop-by-Hop Options Header. Then do so.
//
if (! PacketPullup(Packet, sizeof *HopByHop, __builtin_alignof(IPv6OptionsHeader), 0)) { if (Packet->TotalSize < sizeof *HopByHop) { BadPayloadLength: KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "HopByHopOptionsReceive: Incoming packet too small" " to contain Hop-by-Hop Options header\n")); ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, FIELD_OFFSET(IPv6Header, PayloadLength), IP_PROTOCOL_NONE, FALSE); } return -1; // Drop packet.
} HopByHop = (IPv6OptionsHeader *) Packet->Data;
//
// Check that length of the Hop-by-Hop options also fits in remaining data.
// The options must also be aligned for any addresses in them.
//
ExtLen = (HopByHop->HeaderExtLength + 1) * EXT_LEN_UNIT; if (! PacketPullup(Packet, ExtLen, MAX(__builtin_alignof(IPv6OptionsHeader), __builtin_alignof(IPv6Addr)), 0)) { if (Packet->TotalSize < ExtLen) goto BadPayloadLength; return -1; // Drop packet.
} HopByHop = (IPv6OptionsHeader *) Packet->Data;
//
// Remember offset to this header's NextHeader field.
//
Packet->NextHeaderPosition = Packet->Position + FIELD_OFFSET(IPv6OptionsHeader, NextHeader);
//
// Skip over the extension header.
// We need to do this now so subsequent ICMP error generation works.
//
AdjustPacketParams(Packet, ExtLen);
//
// Parse options in this extension header. If an error occurs
// while parsing the options, discard packet.
//
if (!ParseOptions(Packet, IP_PROTOCOL_HOP_BY_HOP, HopByHop, ExtLen, &Opts)) { return -1; // Drop packet.
}
//
// If we have a valid Jumbo Payload Option, use its value as
// the packet PayloadLength.
//
if (Opts.JumboLength) { uint PayloadLength = Opts.JumboLength;
ASSERT(Packet->IP->PayloadLength == 0);
//
// Check that the jumbo length is big enough to include
// the extension header length. This must be true because
// the extension-header length is at most 11 bits,
// while the jumbo length is at least 16 bits.
//
ASSERT(PayloadLength > ExtLen); PayloadLength -= ExtLen;
//
// Check that the amount of payload specified in the Jumbo
// Payload value fits in the buffer handed to us.
//
if (PayloadLength > Packet->TotalSize) { // Silently discard data.
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "HopByHopOptionsReceive: " "Jumbo payload length too big\n")); return -1; }
//
// As in IPv6HeaderReceive, adjust the TotalSize to be exactly the
// IP payload size (assume excess is media padding).
//
Packet->TotalSize = PayloadLength; if (Packet->ContigSize > PayloadLength) Packet->ContigSize = PayloadLength;
//
// Set the jumbo option packet flag.
//
Packet->Flags |= PACKET_JUMBO_OPTION; } else if (Packet->IP->PayloadLength == 0) { //
// We should have a Jumbo Payload option,
// but we didn't find it. Send an ICMP error.
//
ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, FIELD_OFFSET(IPv6Header, PayloadLength), HopByHop->NextHeader, FALSE); return -1; }
//
// Return next header value.
//
return HopByHop->NextHeader;}
//* ParseOptions - Routine for generic header options parsing.
//
// Returns TRUE if the options were successfully parsed.
// Returns FALSE if the packet should be discarded.
//
intParseOptions( IPv6Packet *Packet, // The packet handed to us by IPv6Receive.
uchar HdrType, // Hop-by-hop or destination.
IPv6OptionsHeader *Hdr, // Header with following data.
uint HdrLength, // Length of the entire options area.
Options *Opts) // Return option values to caller.
{ uchar *OptPtr; uint OptSizeLeft; OptionHeader *OptHdr; uint OptLen;
ASSERT((HdrType == IP_PROTOCOL_DEST_OPTS) || (HdrType == IP_PROTOCOL_HOP_BY_HOP));
//
// Zero out the Options struct that is returned.
//
RtlZeroMemory(Opts, sizeof *Opts);
//
// Skip over the extension header.
//
OptPtr = (uchar *)(Hdr + 1); OptSizeLeft = HdrLength - sizeof *Hdr;
//
// Note that if there are multiple options
// of the same type, we just use the last one encountered
// unless the spec says specifically it is an error.
//
while (OptSizeLeft > 0) {
//
// First we check the option length and ensure that it fits.
// We move OptPtr past this option while leaving OptHdr
// for use by the option processing code below.
//
OptHdr = (OptionHeader *) OptPtr; if (OptHdr->Type == OPT6_PAD_1) { //
// This is a special pad option which is just a one byte field,
// i.e. it has no length or data field.
//
OptLen = 1; } else { //
// This is a multi-byte option.
//
if ((sizeof *OptHdr > OptSizeLeft) || ((OptLen = sizeof *OptHdr + OptHdr->DataLength) > OptSizeLeft)) { //
// Bad length, generate error and discard packet.
//
ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, (GetPacketPositionFromPointer(Packet, &Hdr->HeaderExtLength) - Packet->IPPosition), Hdr->NextHeader, FALSE); return FALSE; } } OptPtr += OptLen; OptSizeLeft -= OptLen;
switch (OptHdr->Type) { case OPT6_PAD_1: case OPT6_PAD_N: break;
case OPT6_JUMBO_PAYLOAD: if (HdrType != IP_PROTOCOL_HOP_BY_HOP) goto BadOptionType;
if (OptHdr->DataLength != sizeof Opts->JumboLength) goto BadOptionLength;
if (Packet->IP->PayloadLength != 0) { //
// Jumbo option encountered when IP payload is not zero.
// Send ICMP error, set pointer to offset of this option type.
//
goto BadOptionType; }
Opts->JumboLength = net_long(*(ulong UNALIGNED *)(OptHdr + 1)); if (Opts->JumboLength <= MAX_IPv6_PAYLOAD) { //
// Jumbo payload length is not jumbo, send ICMP error.
// ICMP pointer is set to offset of jumbo payload len field.
//
goto BadOptionData; } break;
case OPT6_ROUTER_ALERT: if (HdrType != IP_PROTOCOL_HOP_BY_HOP) goto BadOptionType;
if (OptLen != sizeof *Opts->Alert) goto BadOptionLength;
if (Opts->Alert != NULL) { //
// Can only have one router alert option.
//
goto BadOptionType; }
//
// Return the pointer to the router alert struct.
//
Opts->Alert = (IPv6RouterAlertOption UNALIGNED *)(OptHdr + 1); break;
case OPT6_HOME_ADDRESS: if (!(MobileIPv6Mode & MOBILE_CORRESPONDENT)) goto BadOptionType;
if (HdrType != IP_PROTOCOL_DEST_OPTS) goto BadOptionType;
if (OptLen < sizeof *Opts->HomeAddress) goto BadOptionLength;
//
// Return the pointer to the home address option
// after checking to make sure the address is reasonable.
// The option must be aligned so that the home address
// is appropriately aligned.
//
Opts->HomeAddress = (IPv6HomeAddressOption UNALIGNED *)OptHdr; if (((UINT_PTR)&Opts->HomeAddress->HomeAddress % __builtin_alignof(IPv6Addr)) != 0) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "ParseOptions: misaligned home address\n")); goto BadOptionType; } if (IsInvalidSourceAddress(AlignAddr(&Opts->HomeAddress->HomeAddress)) || IsUnspecified(AlignAddr(&Opts->HomeAddress->HomeAddress)) || IsLoopback(AlignAddr(&Opts->HomeAddress->HomeAddress))) { //
// Address contained in option is invalid.
// Send ICMP error, set pointer to offset of home address.
//
goto BadOptionData; } break;
case OPT6_BINDING_UPDATE: if (!(MobileIPv6Mode & MOBILE_CORRESPONDENT)) goto BadOptionType;
if (HdrType != IP_PROTOCOL_DEST_OPTS) goto BadOptionType;
//
// At a minimum, the binding update must include all of the
// base header fields.
//
if (OptLen < sizeof(IPv6BindingUpdateOption)) { //
// draft-ietf-mobileip-ipv6-13 sec 8.2 says we must
// silently drop the packet. Normally we would
// goto BadOptionLength to send an ICMP error.
//
return FALSE; }
//
// Save pointer to the binding update option. Note we still
// need to do further length checking.
//
Opts->BindingUpdate = (IPv6BindingUpdateOption UNALIGNED *)OptHdr; break;
default: if (OPT6_ACTION(OptHdr->Type) == OPT6_A_SKIP) { //
// Ignore the unrecognized option.
//
break; } else if (OPT6_ACTION(OptHdr->Type) == OPT6_A_DISCARD) { //
// Discard the packet.
//
return FALSE; } else { //
// Send an ICMP error.
//
ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_UNRECOGNIZED_OPTION, (GetPacketPositionFromPointer(Packet, &OptHdr->Type) - Packet->IPPosition), Hdr->NextHeader, OPT6_ACTION(OptHdr->Type) == OPT6_A_SEND_ICMP_ALL); return FALSE; // discard the packet.
} } }
return TRUE;
BadOptionType: ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, (GetPacketPositionFromPointer(Packet, &OptHdr->Type) - Packet->IPPosition), Hdr->NextHeader, FALSE); return FALSE; // discard packet.
BadOptionLength: ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, (GetPacketPositionFromPointer(Packet, &OptHdr->DataLength) - Packet->IPPosition), Hdr->NextHeader, FALSE); return FALSE; // discard packet.
BadOptionData: ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, (GetPacketPositionFromPointer(Packet, (uchar *)(OptHdr + 1)) - Packet->IPPosition), Hdr->NextHeader, FALSE); return FALSE; // discard packet.
}
//* ExtHdrControlReceive - generic extension header skip-over routine.
//
// Routine for processing the extension headers in an ICMP error message
// before delivering the error message to the upper-layer protocol.
//
ucharExtHdrControlReceive( IPv6Packet *Packet, // Packet handed to us by ICMPv6ErrorReceive.
StatusArg *StatArg) // ICMP Error code and offset pointer.
{ uchar NextHdr = StatArg->IP->NextHeader; uint HdrLen;
for (;;) { switch (NextHdr) { case IP_PROTOCOL_HOP_BY_HOP: case IP_PROTOCOL_DEST_OPTS: case IP_PROTOCOL_ROUTING: { ExtensionHeader *ExtHdr; // Generic exension header.
//
// Here we take advantage of the fact that all of these extension
// headers share the same first two fields (except as noted below).
// Since those two fields (Next Header and Header Extension Length)
// provide us with all the information we need to skip over the
// header, they're all we need to look at here.
//
if (! PacketPullup(Packet, sizeof *ExtHdr, __builtin_alignof(ExtensionHeader), 0)) { if (Packet->TotalSize < sizeof *ExtHdr) { PacketTooSmall: //
// Pullup failed. There isn't enough of the invoking
// packet included in the error message to figure out
// what upper layer protocol it originated with.
//
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "ExtHdrControlReceive: " "Incoming ICMP error packet " "doesn't contain enough of invoking packet\n")); } return IP_PROTOCOL_NONE; // Drop packet.
}
ExtHdr = (ExtensionHeader *) Packet->Data; HdrLen = (ExtHdr->HeaderExtLength + 1) * EXT_LEN_UNIT;
//
// Now that we know the actual length of this extension header,
// skip over it.
//
// REVIEW: We could rework this to use PositionPacketAt
// REVIEW: here instead of PacketPullup as we don't need to
// REVIEW: look at the data we're skipping over. Better?
//
if (! PacketPullup(Packet, HdrLen, 1, 0)) { if (Packet->TotalSize < HdrLen) goto PacketTooSmall; return IP_PROTOCOL_NONE; // Drop packet.
}
NextHdr = ExtHdr->NextHeader; break; }
case IP_PROTOCOL_FRAGMENT: { FragmentHeader UNALIGNED *FragHdr;
if (! PacketPullup(Packet, sizeof *FragHdr, 1, 0)) { if (Packet->TotalSize < sizeof *FragHdr) goto PacketTooSmall; return IP_PROTOCOL_NONE; // Drop packet.
}
FragHdr = (FragmentHeader UNALIGNED *) Packet->Data;
if ((net_short(FragHdr->OffsetFlag) & FRAGMENT_OFFSET_MASK) != 0) { //
// We can only continue parsing if this
// fragment has offset zero.
//
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "ExtHdrControlReceive: " "non-zero-offset fragment\n")); return IP_PROTOCOL_NONE; }
HdrLen = sizeof *FragHdr; NextHdr = FragHdr->NextHeader; break; }
case IP_PROTOCOL_AH: { AHHeader UNALIGNED *AH;
//
// Skip over Authentication Header proper.
//
if (!PacketPullup(Packet, sizeof(AHHeader), 1, 0)) { if (Packet->TotalSize < sizeof(AHHeader)) goto PacketTooSmall; return IP_PROTOCOL_NONE; // Drop packet.
}
AH = (AHHeader UNALIGNED *)Packet->Data; AdjustPacketParams(Packet, sizeof(AHHeader));
//
// Skip over Authentication Data.
// Note: we don't attempt any verification of this packet.
//
// In the event of a bad packet, HdrLen could underflow here,
// but this is okay since (being unsigned) it will fail the
// subsequent PacketPullup and length check.
//
HdrLen = ((AH->PayloadLen + 2) * 4) - sizeof(AHHeader); if (!PacketPullup(Packet, HdrLen, 1, 0)) { if (Packet->TotalSize < HdrLen) goto PacketTooSmall; return IP_PROTOCOL_NONE; // Drop packet.
}
NextHdr = AH->NextHeader; break; }
case IP_PROTOCOL_ESP: //
// REVIEW - What is the correct thing here?
//
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "ExtHdrControlReceive: found ESP\n")); return IP_PROTOCOL_NONE;
default: //
// We came to a header that we do not recognize,
// so we can not continue parsing here.
// But our caller might recognize this header type.
//
return NextHdr; }
//
// Move past this extension header.
//
AdjustPacketParams(Packet, HdrLen); }}
//* RoutingReceive - Handle the IPv6 Routing Header.
//
// Called from IPv6Receive when we encounter a Routing Header,
// next header value of 43.
//
ucharRoutingReceive( IPv6Packet *Packet) // Packet handed to us by link layer.
{ IPv6RoutingHeader *RH; uint HeaderLength; uint SegmentsLeft; uint NumAddresses, i; IPv6Addr *Addresses; IP_STATUS Status; uchar *Mem; uint MemLen, Offset; NDIS_PACKET *FwdPacket; NDIS_STATUS NdisStatus; IPv6Header UNALIGNED *FwdIP; IPv6RoutingHeader UNALIGNED *FwdRH; IPv6Addr UNALIGNED *FwdAddresses; IPv6Addr FwdDest; int Delta; uint PayloadLength; uint TunnelStart = NO_TUNNEL, IPSecBytes = 0; IPSecProc *IPSecToDo; RouteCacheEntry *RCE; uint Action;
//
// Verify that we have enough contiguous data,
// then get a pointer to the routing header.
//
if (! PacketPullup(Packet, sizeof *RH, __builtin_alignof(IPv6RoutingHeader), 0)) { if (Packet->TotalSize < sizeof *RH) { BadPayloadLength: KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "RoutingReceive: Incoming packet too small" " to contain routing header\n")); ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, FIELD_OFFSET(IPv6Header, PayloadLength), IP_PROTOCOL_NONE, FALSE); } return IP_PROTOCOL_NONE; // Drop packet.
} RH = (IPv6RoutingHeader *) Packet->Data;
//
// Now get the entire routing header.
// Also align for the address array.
//
HeaderLength = (RH->HeaderExtLength + 1) * EXT_LEN_UNIT; if (! PacketPullup(Packet, HeaderLength, MAX(__builtin_alignof(IPv6RoutingHeader), __builtin_alignof(IPv6Addr)), 0)) { if (Packet->TotalSize < HeaderLength) goto BadPayloadLength; return IP_PROTOCOL_NONE; // Drop packet.
} RH = (IPv6RoutingHeader *) Packet->Data;
//
// Remember offset to this header's NextHeader field.
//
Packet->NextHeaderPosition = Packet->Position + FIELD_OFFSET(IPv6RoutingHeader, NextHeader);
//
// Move past the routing header.
// We need to do this now so subsequent ICMP error generation works.
//
AdjustPacketParams(Packet, HeaderLength);
//
// If SegmentsLeft is zero, we proceed directly to the next header.
// We must not check the Type value or HeaderLength.
//
SegmentsLeft = RH->SegmentsLeft; if (SegmentsLeft == 0) { //
// Return next header value.
//
return RH->NextHeader; }
//
// If we do not recognize the Type value, generate an ICMP error.
//
if (RH->RoutingType != 0) { ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, (GetPacketPositionFromPointer(Packet, &RH->RoutingType) - Packet->IPPosition), RH->NextHeader, FALSE); return IP_PROTOCOL_NONE; // No further processing of this packet.
}
//
// We must have an integral number of IPv6 addresses
// in the routing header.
//
if (RH->HeaderExtLength & 1) { ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, (GetPacketPositionFromPointer(Packet, &RH->HeaderExtLength) - Packet->IPPosition), RH->NextHeader, FALSE); return IP_PROTOCOL_NONE; // No further processing of this packet.
}
NumAddresses = RH->HeaderExtLength / 2;
//
// Sanity check SegmentsLeft.
//
if (SegmentsLeft > NumAddresses) { ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, (GetPacketPositionFromPointer(Packet, &RH->SegmentsLeft) - Packet->IPPosition), RH->NextHeader, FALSE); return IP_PROTOCOL_NONE; // No further processing of this packet.
}
//
// Sanity check the destination address.
// Packets carrying a Type 0 Routing Header must not
// be sent to a multicast destination.
//
if (IsMulticast(AlignAddr(&Packet->IP->Dest))) { //
// Just drop the packet, no ICMP error in this case.
//
return IP_PROTOCOL_NONE; // No further processing of this packet.
}
i = NumAddresses - SegmentsLeft; Addresses = AlignAddr((IPv6Addr UNALIGNED *) (RH + 1));
//
// Sanity check the new destination.
// RFC 2460 doesn't mention checking for an unspecified address,
// but I think it's a good idea. Similarly, for security reasons,
// we also check the scope of the destination. This allows
// applications to check the scope of the eventual destination address
// and know that the packet originated within that scope.
// RFC 2460 says to discard the packet without an ICMP error
// (at least when the new destination is multicast),
// but I think an ICMP error is helpful in this situation.
//
if (IsMulticast(&Addresses[i]) || IsUnspecified(&Addresses[i]) || (UnicastAddressScope(&Addresses[i]) < UnicastAddressScope(AlignAddr(&Packet->IP->Dest)))) {
ICMPv6SendError(Packet, ICMPv6_PARAMETER_PROBLEM, ICMPv6_ERRONEOUS_HEADER_FIELD, (GetPacketPositionFromPointer(Packet, (uchar *) &Addresses[i]) - Packet->IPPosition), RH->NextHeader, FALSE); return IP_PROTOCOL_NONE; // No further processing of this packet.
}
//
// Verify IPSec was performed.
//
if (InboundSecurityCheck(Packet, 0, 0, 0, Packet->NTEorIF->IF) != TRUE) { //
// No policy was found or the policy indicated to drop the packet.
//
KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "RoutingReceive: " "IPSec lookup failed or policy was to drop\n")); return IP_PROTOCOL_NONE; // Drop packet.
}
//
// Find a route to the new destination.
//
Status = RouteToDestination(&Addresses[i], 0, Packet->NTEorIF, RTD_FLAG_LOOSE, &RCE); if (Status != IP_SUCCESS) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR, "RoutingReceive: " "No route to destination for forwarding.\n")); ICMPv6SendError(Packet, ICMPv6_DESTINATION_UNREACHABLE, ICMPv6_NO_ROUTE_TO_DESTINATION, 0, RH->NextHeader, FALSE); return IP_PROTOCOL_NONE; }
//
// For security reasons, we prevent source routing
// in some situations. Check those now.
//
if (Packet->NTEorIF->IF->Flags & IF_FLAG_FORWARDS) { //
// The interface is forwarding, so source-routing is allowed.
//
} else if ((Packet->NTEorIF->IF == RCE->NCE->IF) && (SegmentsLeft == 1) && IP6_ADDR_EQUAL(&Addresses[i], AlignAddr(&Packet->IP->Source))) { //
// Same-interface rule says source-routing is allowed,
// because the host is not acting as a conduit
// between two networks. See RFC 1122 section 3.3.5.
// Furthermore, we only allow round-trip source-routing
// because that's the only useful scenario that we know of
// for hosts. This prevents unanticipated bad uses.
//
} else { //
// We can not allow this use of source-routing.
// Instead of reporting an error, we could
// redo RouteToDestination with RTD_FLAG_STRICT
// to constrain to the same interface.
// However, an ICMP error is more in keeping
// with the treatment of scoped source addresses,
// which can produce a destination-unreachable error.
//
ReleaseRCE(RCE); KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET, "RoutingReceive: Inappropriate route.\n")); ICMPv6SendError(Packet, ICMPv6_DESTINATION_UNREACHABLE, ICMPv6_COMMUNICATION_PROHIBITED, 0, RH->NextHeader, FALSE); return IP_PROTOCOL_NONE; }
//
// Find the Security Policy for this outbound traffic.
// The source address is the same but the destination address is the
// next hop from the routing header.
//
IPSecToDo = OutboundSPLookup(AlignAddr(&Packet->IP->Source), &Addresses[i], 0, 0, 0, RCE->NCE->IF, &Action);
if (IPSecToDo == NULL) { //
// Check Action.
//
if (Action == LOOKUP_DROP) { // Drop packet.
ReleaseRCE(RCE); return IP_PROTOCOL_NONE; } else { if (Action == LOOKUP_IKE_NEG) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "RoutingReceive: IKE not supported yet.\n")); ReleaseRCE(RCE); return IP_PROTOCOL_NONE; } }
//
// With no IPSec to perform, IPv6Forward won't be changing the
// outgoing interface from what we currently think it will be.
// So we can use the exact size of its link-level header.
//
Offset = RCE->NCE->IF->LinkHeaderSize;
} else { //
// Calculate the space needed for the IPSec headers.
//
IPSecBytes = IPSecBytesToInsert(IPSecToDo, &TunnelStart, NULL);
if (TunnelStart != 0) { KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR, "RoutingReceive: IPSec Tunnel mode only.\n")); FreeIPSecToDo(IPSecToDo, IPSecToDo->BundleSize); ReleaseRCE(RCE); return IP_PROTOCOL_NONE; }
//
// The IPSec code in IPv6Forward might change the outgoing
// interface from what we currently think it will be. Play it
// safe and leave the max amount of space for its link-level header.
//
Offset = MAX_LINK_HEADER_SIZE; }
//
// The packet has passed all our checks.
// We can construct a revised packet for transmission.
// First we allocate a packet, buffer, and memory.
//
// NB: The original packet is read-only for us. Furthermore
// we can not keep a pointer to it beyond the return of this
// function. So we must copy the packet and then modify it.
//
// Packet->IP->PayloadLength might be zero with jumbograms.
Delta = Packet->Position - Packet->IPPosition; PayloadLength = Packet->TotalSize + Delta - sizeof(IPv6Header); MemLen = Offset + sizeof(IPv6Header) + PayloadLength + IPSecBytes;
NdisStatus = IPv6AllocatePacket(MemLen, &FwdPacket, &Mem); if (NdisStatus != NDIS_STATUS_SUCCESS) { if (IPSecToDo) { FreeIPSecToDo(IPSecToDo, IPSecToDo->BundleSize); } ReleaseRCE(RCE); return IP_PROTOCOL_NONE; // No further processing of this packet.
}
FwdIP = (IPv6Header UNALIGNED *)(Mem + Offset + IPSecBytes); FwdRH = (IPv6RoutingHeader UNALIGNED *) ((uchar *)FwdIP + Delta - HeaderLength); FwdAddresses = (IPv6Addr UNALIGNED *) (FwdRH + 1);
//
// Now we copy from the original packet to the new packet.
//
CopyPacketToBuffer((uchar *)FwdIP, Packet, sizeof(IPv6Header) + PayloadLength, Packet->IPPosition);
//
// Fix up the new packet - put in the new destination address
// and decrement SegmentsLeft.
// NB: We pass the Reserved field through unmodified!
// This violates a strict reading of the spec,
// but Steve Deering has confirmed that this is his intent.
//
FwdDest = *AlignAddr(&FwdAddresses[i]); *AlignAddr(&FwdAddresses[i]) = *AlignAddr(&FwdIP->Dest); *AlignAddr(&FwdIP->Dest) = FwdDest; FwdRH->SegmentsLeft--;
//
// Forward the packet. This decrements the Hop Limit and generates
// any applicable ICMP errors (Time Limit Exceeded, Destination
// Unreachable, Packet Too Big). Note that previous ICMP errors
// that we generated were based on the unmodified incoming packet,
// while from here on the ICMP errors are based on the new FwdPacket.
//
IPv6Forward(Packet->NTEorIF, FwdPacket, Offset + IPSecBytes, FwdIP, PayloadLength, FALSE, // Don't Redirect.
IPSecToDo, RCE);
if (IPSecToDo) { FreeIPSecToDo(IPSecToDo, IPSecToDo->BundleSize); }
ReleaseRCE(RCE); return IP_PROTOCOL_NONE; // No further processing of this packet.
}
|
