| version 1.112, 2000/05/06 16:35:14 |
version 1.127, 2001/01/24 09:04:15 |
|
|
| #include <sys/proc.h> |
#include <sys/proc.h> |
| #include <sys/pool.h> |
#include <sys/pool.h> |
| |
|
| #include <vm/vm.h> |
#include <uvm/uvm_extern.h> |
| |
|
| #include <sys/sysctl.h> |
#include <sys/sysctl.h> |
| |
|
| #include <net/if.h> |
#include <net/if.h> |
|
|
| #ifdef IPSEC |
#ifdef IPSEC |
| #include <netinet6/ipsec.h> |
#include <netinet6/ipsec.h> |
| #include <netkey/key.h> |
#include <netkey/key.h> |
| #include <netkey/key_debug.h> |
|
| #endif |
#endif |
| |
|
| #ifndef IPFORWARDING |
#ifndef IPFORWARDING |
| Line 205 struct ifqueue ipintrq; |
|
| Line 205 struct ifqueue ipintrq; |
|
| struct ipstat ipstat; |
struct ipstat ipstat; |
| u_int16_t ip_id; |
u_int16_t ip_id; |
| |
|
| |
#ifdef PFIL_HOOKS |
| |
struct pfil_head inet_pfil_hook; |
| |
#endif |
| |
|
| struct ipqhead ipq; |
struct ipqhead ipq; |
| int ipq_locked; |
int ipq_locked; |
| |
|
|
|
| ip_id = time.tv_sec & 0xffff; |
ip_id = time.tv_sec & 0xffff; |
| ipintrq.ifq_maxlen = ipqmaxlen; |
ipintrq.ifq_maxlen = ipqmaxlen; |
| TAILQ_INIT(&in_ifaddr); |
TAILQ_INIT(&in_ifaddr); |
| in_ifaddrhashtbl = |
in_ifaddrhashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, M_IFADDR, |
| hashinit(IN_IFADDR_HASH_SIZE, M_IFADDR, M_WAITOK, &in_ifaddrhash); |
M_WAITOK, &in_ifaddrhash); |
| if (ip_mtudisc != 0) |
if (ip_mtudisc != 0) |
| ip_mtudisc_timeout_q = |
ip_mtudisc_timeout_q = |
| rt_timer_queue_create(ip_mtudisc_timeout); |
rt_timer_queue_create(ip_mtudisc_timeout); |
| #ifdef GATEWAY |
#ifdef GATEWAY |
| ipflow_init(); |
ipflow_init(); |
| #endif |
#endif |
| |
|
| |
#ifdef PFIL_HOOKS |
| |
/* Register our Packet Filter hook. */ |
| |
inet_pfil_hook.ph_type = PFIL_TYPE_AF; |
| |
inet_pfil_hook.ph_af = AF_INET; |
| |
i = pfil_head_register(&inet_pfil_hook); |
| |
if (i != 0) |
| |
printf("ip_init: WARNING: unable to register pfil hook, " |
| |
"error %d\n", i); |
| |
#endif /* PFIL_HOOKS */ |
| } |
} |
| |
|
| struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; |
struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; |
| Line 350 ip_input(struct mbuf *m) |
|
| Line 364 ip_input(struct mbuf *m) |
|
| struct ipqent *ipqe; |
struct ipqent *ipqe; |
| int hlen = 0, mff, len; |
int hlen = 0, mff, len; |
| int downmatch; |
int downmatch; |
| #ifdef PFIL_HOOKS |
|
| struct packet_filter_hook *pfh; |
|
| struct mbuf *m0; |
|
| int rv; |
|
| #endif /* PFIL_HOOKS */ |
|
| |
|
| #ifdef DIAGNOSTIC |
#ifdef DIAGNOSTIC |
| if ((m->m_flags & M_PKTHDR) == 0) |
if ((m->m_flags & M_PKTHDR) == 0) |
| Line 414 ip_input(struct mbuf *m) |
|
| Line 423 ip_input(struct mbuf *m) |
|
| goto bad; |
goto bad; |
| } |
} |
| |
|
| /* |
/* Retrieve the packet length. */ |
| * Convert fields to host representation. |
len = ntohs(ip->ip_len); |
| */ |
|
| NTOHS(ip->ip_len); |
|
| NTOHS(ip->ip_off); |
|
| len = ip->ip_len; |
|
| |
|
| /* |
/* |
| * Check for additional length bogosity |
* Check for additional length bogosity |
| Line 466 ip_input(struct mbuf *m) |
|
| Line 471 ip_input(struct mbuf *m) |
|
| * Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
| * in the list may have previously cleared it. |
* in the list may have previously cleared it. |
| */ |
*/ |
| m0 = m; |
/* |
| pfh = pfil_hook_get(PFIL_IN, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); |
* let ipfilter look at packet on the wire, |
| for (; pfh; pfh = pfh->pfil_link.tqe_next) |
* not the decapsulated packet. |
| if (pfh->pfil_func) { |
*/ |
| rv = pfh->pfil_func(ip, hlen, |
#ifdef IPSEC |
| m->m_pkthdr.rcvif, 0, &m0); |
if (!ipsec_gethist(m, NULL)) |
| if (rv) |
#else |
| return; |
if (1) |
| m = m0; |
#endif |
| if (m == NULL) |
{ |
| return; |
if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, |
| ip = mtod(m, struct ip *); |
PFIL_IN) != 0) |
| } |
return; |
| |
if (m == NULL) |
| |
return; |
| |
ip = mtod(m, struct ip *); |
| |
} |
| #endif /* PFIL_HOOKS */ |
#endif /* PFIL_HOOKS */ |
| |
|
| |
#ifdef ALTQ |
| |
/* XXX Temporary until ALTQ is changed to use a pfil hook */ |
| |
if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) { |
| |
/* packet dropped by traffic conditioner */ |
| |
return; |
| |
} |
| |
#endif |
| |
|
| |
/* |
| |
* Convert fields to host representation. |
| |
*/ |
| |
NTOHS(ip->ip_len); |
| |
NTOHS(ip->ip_off); |
| |
|
| /* |
/* |
| * Process options and, if not destined for us, |
* Process options and, if not destined for us, |
| * ship it on. ip_dooptions returns 1 when an |
* ship it on. ip_dooptions returns 1 when an |
|
|
| * Switch out to protocol's input routine. |
* Switch out to protocol's input routine. |
| */ |
*/ |
| #if IFA_STATS |
#if IFA_STATS |
| ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; |
if (ia && ip) |
| |
ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; |
| #endif |
#endif |
| ipstat.ips_delivered++; |
ipstat.ips_delivered++; |
| { |
{ |
|
|
| if (opt == IPOPT_NOP) |
if (opt == IPOPT_NOP) |
| optlen = 1; |
optlen = 1; |
| else { |
else { |
| |
if (cnt < IPOPT_OLEN + sizeof(*cp)) { |
| |
code = &cp[IPOPT_OLEN] - (u_char *)ip; |
| |
goto bad; |
| |
} |
| optlen = cp[IPOPT_OLEN]; |
optlen = cp[IPOPT_OLEN]; |
| if (optlen <= 0 || optlen > cnt) { |
if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { |
| code = &cp[IPOPT_OLEN] - (u_char *)ip; |
code = &cp[IPOPT_OLEN] - (u_char *)ip; |
| goto bad; |
goto bad; |
| } |
} |
|
| Line 1022 ip_dooptions(m) |
|
| code = ICMP_UNREACH_NET_PROHIB; |
code = ICMP_UNREACH_NET_PROHIB; |
| goto bad; |
goto bad; |
| } |
} |
| |
if (optlen < IPOPT_OFFSET + sizeof(*cp)) { |
| |
code = &cp[IPOPT_OLEN] - (u_char *)ip; |
| |
goto bad; |
| |
} |
| if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
| code = &cp[IPOPT_OFFSET] - (u_char *)ip; |
code = &cp[IPOPT_OFFSET] - (u_char *)ip; |
| goto bad; |
goto bad; |
| Line 1045 ip_dooptions(m) |
|
| Line 1077 ip_dooptions(m) |
|
| break; |
break; |
| |
|
| case IPOPT_RR: |
case IPOPT_RR: |
| |
if (optlen < IPOPT_OFFSET + sizeof(*cp)) { |
| |
code = &cp[IPOPT_OLEN] - (u_char *)ip; |
| |
goto bad; |
| |
} |
| if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
| code = &cp[IPOPT_OFFSET] - (u_char *)ip; |
code = &cp[IPOPT_OFFSET] - (u_char *)ip; |
| goto bad; |
goto bad; |
| Line 1076 ip_dooptions(m) |
|
| Line 1112 ip_dooptions(m) |
|
| case IPOPT_TS: |
case IPOPT_TS: |
| code = cp - (u_char *)ip; |
code = cp - (u_char *)ip; |
| ipt = (struct ip_timestamp *)cp; |
ipt = (struct ip_timestamp *)cp; |
| if (ipt->ipt_len < 5) |
if (ipt->ipt_len < 4 || ipt->ipt_len > 40) { |
| |
code = (u_char *)&ipt->ipt_len - (u_char *)ip; |
| |
goto bad; |
| |
} |
| |
if (ipt->ipt_ptr < 5) { |
| |
code = (u_char *)&ipt->ipt_ptr - (u_char *)ip; |
| goto bad; |
goto bad; |
| |
} |
| if (ipt->ipt_ptr > ipt->ipt_len - sizeof (int32_t)) { |
if (ipt->ipt_ptr > ipt->ipt_len - sizeof (int32_t)) { |
| if (++ipt->ipt_oflw == 0) |
if (++ipt->ipt_oflw == 0) { |
| |
code = (u_char *)&ipt->ipt_ptr - |
| |
(u_char *)ip; |
| goto bad; |
goto bad; |
| |
} |
| break; |
break; |
| } |
} |
| cp0 = (cp + ipt->ipt_ptr - 1); |
cp0 = (cp + ipt->ipt_ptr - 1); |
| Line 1091 ip_dooptions(m) |
|
| Line 1136 ip_dooptions(m) |
|
| |
|
| case IPOPT_TS_TSANDADDR: |
case IPOPT_TS_TSANDADDR: |
| if (ipt->ipt_ptr - 1 + sizeof(n_time) + |
if (ipt->ipt_ptr - 1 + sizeof(n_time) + |
| sizeof(struct in_addr) > ipt->ipt_len) |
sizeof(struct in_addr) > ipt->ipt_len) { |
| |
code = (u_char *)&ipt->ipt_ptr - |
| |
(u_char *)ip; |
| goto bad; |
goto bad; |
| |
} |
| ipaddr.sin_addr = dst; |
ipaddr.sin_addr = dst; |
| ia = ifatoia(ifaof_ifpforaddr(sintosa(&ipaddr), |
ia = ifatoia(ifaof_ifpforaddr(sintosa(&ipaddr), |
| m->m_pkthdr.rcvif)); |
m->m_pkthdr.rcvif)); |
| Line 1105 ip_dooptions(m) |
|
| Line 1153 ip_dooptions(m) |
|
| |
|
| case IPOPT_TS_PRESPEC: |
case IPOPT_TS_PRESPEC: |
| if (ipt->ipt_ptr - 1 + sizeof(n_time) + |
if (ipt->ipt_ptr - 1 + sizeof(n_time) + |
| sizeof(struct in_addr) > ipt->ipt_len) |
sizeof(struct in_addr) > ipt->ipt_len) { |
| |
code = (u_char *)&ipt->ipt_ptr - |
| |
(u_char *)ip; |
| goto bad; |
goto bad; |
| |
} |
| bcopy(cp0, &ipaddr.sin_addr, |
bcopy(cp0, &ipaddr.sin_addr, |
| sizeof(struct in_addr)); |
sizeof(struct in_addr)); |
| if (ifatoia(ifa_ifwithaddr(sintosa(&ipaddr))) |
if (ifatoia(ifa_ifwithaddr(sintosa(&ipaddr))) |
| Line 1116 ip_dooptions(m) |
|
| Line 1167 ip_dooptions(m) |
|
| break; |
break; |
| |
|
| default: |
default: |
| |
/* XXX can't take &ipt->ipt_flg */ |
| |
code = (u_char *)&ipt->ipt_ptr - |
| |
(u_char *)ip + 1; |
| goto bad; |
goto bad; |
| } |
} |
| ntime = iptime(); |
ntime = iptime(); |
| Line 1368 ip_forward(m, srcrt) |
|
| Line 1422 ip_forward(m, srcrt) |
|
| /* |
/* |
| * Save at most 68 bytes of the packet in case |
* Save at most 68 bytes of the packet in case |
| * we need to generate an ICMP message to the src. |
* we need to generate an ICMP message to the src. |
| |
* Pullup to avoid sharing mbuf cluster between m and mcopy. |
| */ |
*/ |
| mcopy = m_copy(m, 0, imin((int)ip->ip_len, 68)); |
mcopy = m_copym(m, 0, imin((int)ip->ip_len, 68), M_DONTWAIT); |
| |
if (mcopy) |
| |
mcopy = m_pullup(mcopy, ip->ip_hl << 2); |
| |
|
| /* |
/* |
| * If forwarding packet using same interface that it came in on, |
* If forwarding packet using same interface that it came in on, |
| Line 1406 ip_forward(m, srcrt) |
|
| Line 1463 ip_forward(m, srcrt) |
|
| |
|
| #ifdef IPSEC |
#ifdef IPSEC |
| /* Don't lookup socket in forwading case */ |
/* Don't lookup socket in forwading case */ |
| ipsec_setsocket(m, NULL); |
(void)ipsec_setsocket(m, NULL); |
| #endif |
#endif |
| error = ip_output(m, (struct mbuf *)0, &ipforward_rt, |
error = ip_output(m, (struct mbuf *)0, &ipforward_rt, |
| (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); |
(IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); |
| Line 1635 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| Line 1692 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| case IPCTL_ANONPORTMIN: |
case IPCTL_ANONPORTMIN: |
| old = anonportmin; |
old = anonportmin; |
| error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmin); |
error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmin); |
| if (anonportmin >= anonportmax || anonportmin > 65535 |
if (anonportmin >= anonportmax || anonportmin < 0 |
| |
|| anonportmin > 65535 |
| #ifndef IPNOPRIVPORTS |
#ifndef IPNOPRIVPORTS |
| || anonportmin < IPPORT_RESERVED |
|| anonportmin < IPPORT_RESERVED |
| #endif |
#endif |
| Line 1647 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| Line 1705 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| case IPCTL_ANONPORTMAX: |
case IPCTL_ANONPORTMAX: |
| old = anonportmax; |
old = anonportmax; |
| error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmax); |
error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmax); |
| if (anonportmin >= anonportmax || anonportmax > 65535 |
if (anonportmin >= anonportmax || anonportmax < 0 |
| |
|| anonportmax > 65535 |
| #ifndef IPNOPRIVPORTS |
#ifndef IPNOPRIVPORTS |
| || anonportmax < IPPORT_RESERVED |
|| anonportmax < IPPORT_RESERVED |
| #endif |
#endif |
| Line 1685 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| Line 1744 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| &ip_gif_ttl)); |
&ip_gif_ttl)); |
| #endif |
#endif |
| |
|
| |
#ifndef IPNOPRIVPORTS |
| |
case IPCTL_LOWPORTMIN: |
| |
old = lowportmin; |
| |
error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmin); |
| |
if (lowportmin >= lowportmax |
| |
|| lowportmin > IPPORT_RESERVEDMAX |
| |
|| lowportmin < IPPORT_RESERVEDMIN |
| |
) { |
| |
lowportmin = old; |
| |
return (EINVAL); |
| |
} |
| |
return (error); |
| |
case IPCTL_LOWPORTMAX: |
| |
old = lowportmax; |
| |
error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmax); |
| |
if (lowportmin >= lowportmax |
| |
|| lowportmax > IPPORT_RESERVEDMAX |
| |
|| lowportmax < IPPORT_RESERVEDMIN |
| |
) { |
| |
lowportmax = old; |
| |
return (EINVAL); |
| |
} |
| |
return (error); |
| |
#endif |
| |
|
| default: |
default: |
| return (EOPNOTSUPP); |
return (EOPNOTSUPP); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet