version 1.112, 2000/05/06 16:35:14 |
version 1.127, 2001/01/24 09:04:15 |
|
|
#include <sys/proc.h> |
#include <sys/proc.h> |
#include <sys/pool.h> |
#include <sys/pool.h> |
|
|
#include <vm/vm.h> |
#include <uvm/uvm_extern.h> |
|
|
#include <sys/sysctl.h> |
#include <sys/sysctl.h> |
|
|
#include <net/if.h> |
#include <net/if.h> |
|
|
#ifdef IPSEC |
#ifdef IPSEC |
#include <netinet6/ipsec.h> |
#include <netinet6/ipsec.h> |
#include <netkey/key.h> |
#include <netkey/key.h> |
#include <netkey/key_debug.h> |
|
#endif |
#endif |
|
|
#ifndef IPFORWARDING |
#ifndef IPFORWARDING |
Line 205 struct ifqueue ipintrq; |
|
Line 205 struct ifqueue ipintrq; |
|
struct ipstat ipstat; |
struct ipstat ipstat; |
u_int16_t ip_id; |
u_int16_t ip_id; |
|
|
|
#ifdef PFIL_HOOKS |
|
struct pfil_head inet_pfil_hook; |
|
#endif |
|
|
struct ipqhead ipq; |
struct ipqhead ipq; |
int ipq_locked; |
int ipq_locked; |
|
|
|
|
ip_id = time.tv_sec & 0xffff; |
ip_id = time.tv_sec & 0xffff; |
ipintrq.ifq_maxlen = ipqmaxlen; |
ipintrq.ifq_maxlen = ipqmaxlen; |
TAILQ_INIT(&in_ifaddr); |
TAILQ_INIT(&in_ifaddr); |
in_ifaddrhashtbl = |
in_ifaddrhashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, M_IFADDR, |
hashinit(IN_IFADDR_HASH_SIZE, M_IFADDR, M_WAITOK, &in_ifaddrhash); |
M_WAITOK, &in_ifaddrhash); |
if (ip_mtudisc != 0) |
if (ip_mtudisc != 0) |
ip_mtudisc_timeout_q = |
ip_mtudisc_timeout_q = |
rt_timer_queue_create(ip_mtudisc_timeout); |
rt_timer_queue_create(ip_mtudisc_timeout); |
#ifdef GATEWAY |
#ifdef GATEWAY |
ipflow_init(); |
ipflow_init(); |
#endif |
#endif |
|
|
|
#ifdef PFIL_HOOKS |
|
/* Register our Packet Filter hook. */ |
|
inet_pfil_hook.ph_type = PFIL_TYPE_AF; |
|
inet_pfil_hook.ph_af = AF_INET; |
|
i = pfil_head_register(&inet_pfil_hook); |
|
if (i != 0) |
|
printf("ip_init: WARNING: unable to register pfil hook, " |
|
"error %d\n", i); |
|
#endif /* PFIL_HOOKS */ |
} |
} |
|
|
struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; |
struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; |
Line 350 ip_input(struct mbuf *m) |
|
Line 364 ip_input(struct mbuf *m) |
|
struct ipqent *ipqe; |
struct ipqent *ipqe; |
int hlen = 0, mff, len; |
int hlen = 0, mff, len; |
int downmatch; |
int downmatch; |
#ifdef PFIL_HOOKS |
|
struct packet_filter_hook *pfh; |
|
struct mbuf *m0; |
|
int rv; |
|
#endif /* PFIL_HOOKS */ |
|
|
|
#ifdef DIAGNOSTIC |
#ifdef DIAGNOSTIC |
if ((m->m_flags & M_PKTHDR) == 0) |
if ((m->m_flags & M_PKTHDR) == 0) |
Line 414 ip_input(struct mbuf *m) |
|
Line 423 ip_input(struct mbuf *m) |
|
goto bad; |
goto bad; |
} |
} |
|
|
/* |
/* Retrieve the packet length. */ |
* Convert fields to host representation. |
len = ntohs(ip->ip_len); |
*/ |
|
NTOHS(ip->ip_len); |
|
NTOHS(ip->ip_off); |
|
len = ip->ip_len; |
|
|
|
/* |
/* |
* Check for additional length bogosity |
* Check for additional length bogosity |
Line 466 ip_input(struct mbuf *m) |
|
Line 471 ip_input(struct mbuf *m) |
|
* Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
* in the list may have previously cleared it. |
* in the list may have previously cleared it. |
*/ |
*/ |
m0 = m; |
/* |
pfh = pfil_hook_get(PFIL_IN, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); |
* let ipfilter look at packet on the wire, |
for (; pfh; pfh = pfh->pfil_link.tqe_next) |
* not the decapsulated packet. |
if (pfh->pfil_func) { |
*/ |
rv = pfh->pfil_func(ip, hlen, |
#ifdef IPSEC |
m->m_pkthdr.rcvif, 0, &m0); |
if (!ipsec_gethist(m, NULL)) |
if (rv) |
#else |
return; |
if (1) |
m = m0; |
#endif |
if (m == NULL) |
{ |
return; |
if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, |
ip = mtod(m, struct ip *); |
PFIL_IN) != 0) |
} |
return; |
|
if (m == NULL) |
|
return; |
|
ip = mtod(m, struct ip *); |
|
} |
#endif /* PFIL_HOOKS */ |
#endif /* PFIL_HOOKS */ |
|
|
|
#ifdef ALTQ |
|
/* XXX Temporary until ALTQ is changed to use a pfil hook */ |
|
if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) { |
|
/* packet dropped by traffic conditioner */ |
|
return; |
|
} |
|
#endif |
|
|
|
/* |
|
* Convert fields to host representation. |
|
*/ |
|
NTOHS(ip->ip_len); |
|
NTOHS(ip->ip_off); |
|
|
/* |
/* |
* Process options and, if not destined for us, |
* Process options and, if not destined for us, |
* ship it on. ip_dooptions returns 1 when an |
* ship it on. ip_dooptions returns 1 when an |
|
|
* Switch out to protocol's input routine. |
* Switch out to protocol's input routine. |
*/ |
*/ |
#if IFA_STATS |
#if IFA_STATS |
ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; |
if (ia && ip) |
|
ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; |
#endif |
#endif |
ipstat.ips_delivered++; |
ipstat.ips_delivered++; |
{ |
{ |
|
|
if (opt == IPOPT_NOP) |
if (opt == IPOPT_NOP) |
optlen = 1; |
optlen = 1; |
else { |
else { |
|
if (cnt < IPOPT_OLEN + sizeof(*cp)) { |
|
code = &cp[IPOPT_OLEN] - (u_char *)ip; |
|
goto bad; |
|
} |
optlen = cp[IPOPT_OLEN]; |
optlen = cp[IPOPT_OLEN]; |
if (optlen <= 0 || optlen > cnt) { |
if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { |
code = &cp[IPOPT_OLEN] - (u_char *)ip; |
code = &cp[IPOPT_OLEN] - (u_char *)ip; |
goto bad; |
goto bad; |
} |
} |
|
Line 1022 ip_dooptions(m) |
|
code = ICMP_UNREACH_NET_PROHIB; |
code = ICMP_UNREACH_NET_PROHIB; |
goto bad; |
goto bad; |
} |
} |
|
if (optlen < IPOPT_OFFSET + sizeof(*cp)) { |
|
code = &cp[IPOPT_OLEN] - (u_char *)ip; |
|
goto bad; |
|
} |
if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
code = &cp[IPOPT_OFFSET] - (u_char *)ip; |
code = &cp[IPOPT_OFFSET] - (u_char *)ip; |
goto bad; |
goto bad; |
Line 1045 ip_dooptions(m) |
|
Line 1077 ip_dooptions(m) |
|
break; |
break; |
|
|
case IPOPT_RR: |
case IPOPT_RR: |
|
if (optlen < IPOPT_OFFSET + sizeof(*cp)) { |
|
code = &cp[IPOPT_OLEN] - (u_char *)ip; |
|
goto bad; |
|
} |
if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
code = &cp[IPOPT_OFFSET] - (u_char *)ip; |
code = &cp[IPOPT_OFFSET] - (u_char *)ip; |
goto bad; |
goto bad; |
Line 1076 ip_dooptions(m) |
|
Line 1112 ip_dooptions(m) |
|
case IPOPT_TS: |
case IPOPT_TS: |
code = cp - (u_char *)ip; |
code = cp - (u_char *)ip; |
ipt = (struct ip_timestamp *)cp; |
ipt = (struct ip_timestamp *)cp; |
if (ipt->ipt_len < 5) |
if (ipt->ipt_len < 4 || ipt->ipt_len > 40) { |
|
code = (u_char *)&ipt->ipt_len - (u_char *)ip; |
|
goto bad; |
|
} |
|
if (ipt->ipt_ptr < 5) { |
|
code = (u_char *)&ipt->ipt_ptr - (u_char *)ip; |
goto bad; |
goto bad; |
|
} |
if (ipt->ipt_ptr > ipt->ipt_len - sizeof (int32_t)) { |
if (ipt->ipt_ptr > ipt->ipt_len - sizeof (int32_t)) { |
if (++ipt->ipt_oflw == 0) |
if (++ipt->ipt_oflw == 0) { |
|
code = (u_char *)&ipt->ipt_ptr - |
|
(u_char *)ip; |
goto bad; |
goto bad; |
|
} |
break; |
break; |
} |
} |
cp0 = (cp + ipt->ipt_ptr - 1); |
cp0 = (cp + ipt->ipt_ptr - 1); |
Line 1091 ip_dooptions(m) |
|
Line 1136 ip_dooptions(m) |
|
|
|
case IPOPT_TS_TSANDADDR: |
case IPOPT_TS_TSANDADDR: |
if (ipt->ipt_ptr - 1 + sizeof(n_time) + |
if (ipt->ipt_ptr - 1 + sizeof(n_time) + |
sizeof(struct in_addr) > ipt->ipt_len) |
sizeof(struct in_addr) > ipt->ipt_len) { |
|
code = (u_char *)&ipt->ipt_ptr - |
|
(u_char *)ip; |
goto bad; |
goto bad; |
|
} |
ipaddr.sin_addr = dst; |
ipaddr.sin_addr = dst; |
ia = ifatoia(ifaof_ifpforaddr(sintosa(&ipaddr), |
ia = ifatoia(ifaof_ifpforaddr(sintosa(&ipaddr), |
m->m_pkthdr.rcvif)); |
m->m_pkthdr.rcvif)); |
Line 1105 ip_dooptions(m) |
|
Line 1153 ip_dooptions(m) |
|
|
|
case IPOPT_TS_PRESPEC: |
case IPOPT_TS_PRESPEC: |
if (ipt->ipt_ptr - 1 + sizeof(n_time) + |
if (ipt->ipt_ptr - 1 + sizeof(n_time) + |
sizeof(struct in_addr) > ipt->ipt_len) |
sizeof(struct in_addr) > ipt->ipt_len) { |
|
code = (u_char *)&ipt->ipt_ptr - |
|
(u_char *)ip; |
goto bad; |
goto bad; |
|
} |
bcopy(cp0, &ipaddr.sin_addr, |
bcopy(cp0, &ipaddr.sin_addr, |
sizeof(struct in_addr)); |
sizeof(struct in_addr)); |
if (ifatoia(ifa_ifwithaddr(sintosa(&ipaddr))) |
if (ifatoia(ifa_ifwithaddr(sintosa(&ipaddr))) |
Line 1116 ip_dooptions(m) |
|
Line 1167 ip_dooptions(m) |
|
break; |
break; |
|
|
default: |
default: |
|
/* XXX can't take &ipt->ipt_flg */ |
|
code = (u_char *)&ipt->ipt_ptr - |
|
(u_char *)ip + 1; |
goto bad; |
goto bad; |
} |
} |
ntime = iptime(); |
ntime = iptime(); |
Line 1368 ip_forward(m, srcrt) |
|
Line 1422 ip_forward(m, srcrt) |
|
/* |
/* |
* Save at most 68 bytes of the packet in case |
* Save at most 68 bytes of the packet in case |
* we need to generate an ICMP message to the src. |
* we need to generate an ICMP message to the src. |
|
* Pullup to avoid sharing mbuf cluster between m and mcopy. |
*/ |
*/ |
mcopy = m_copy(m, 0, imin((int)ip->ip_len, 68)); |
mcopy = m_copym(m, 0, imin((int)ip->ip_len, 68), M_DONTWAIT); |
|
if (mcopy) |
|
mcopy = m_pullup(mcopy, ip->ip_hl << 2); |
|
|
/* |
/* |
* If forwarding packet using same interface that it came in on, |
* If forwarding packet using same interface that it came in on, |
Line 1406 ip_forward(m, srcrt) |
|
Line 1463 ip_forward(m, srcrt) |
|
|
|
#ifdef IPSEC |
#ifdef IPSEC |
/* Don't lookup socket in forwading case */ |
/* Don't lookup socket in forwading case */ |
ipsec_setsocket(m, NULL); |
(void)ipsec_setsocket(m, NULL); |
#endif |
#endif |
error = ip_output(m, (struct mbuf *)0, &ipforward_rt, |
error = ip_output(m, (struct mbuf *)0, &ipforward_rt, |
(IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); |
(IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); |
Line 1635 ip_sysctl(name, namelen, oldp, oldlenp, |
|
Line 1692 ip_sysctl(name, namelen, oldp, oldlenp, |
|
case IPCTL_ANONPORTMIN: |
case IPCTL_ANONPORTMIN: |
old = anonportmin; |
old = anonportmin; |
error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmin); |
error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmin); |
if (anonportmin >= anonportmax || anonportmin > 65535 |
if (anonportmin >= anonportmax || anonportmin < 0 |
|
|| anonportmin > 65535 |
#ifndef IPNOPRIVPORTS |
#ifndef IPNOPRIVPORTS |
|| anonportmin < IPPORT_RESERVED |
|| anonportmin < IPPORT_RESERVED |
#endif |
#endif |
Line 1647 ip_sysctl(name, namelen, oldp, oldlenp, |
|
Line 1705 ip_sysctl(name, namelen, oldp, oldlenp, |
|
case IPCTL_ANONPORTMAX: |
case IPCTL_ANONPORTMAX: |
old = anonportmax; |
old = anonportmax; |
error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmax); |
error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmax); |
if (anonportmin >= anonportmax || anonportmax > 65535 |
if (anonportmin >= anonportmax || anonportmax < 0 |
|
|| anonportmax > 65535 |
#ifndef IPNOPRIVPORTS |
#ifndef IPNOPRIVPORTS |
|| anonportmax < IPPORT_RESERVED |
|| anonportmax < IPPORT_RESERVED |
#endif |
#endif |
Line 1685 ip_sysctl(name, namelen, oldp, oldlenp, |
|
Line 1744 ip_sysctl(name, namelen, oldp, oldlenp, |
|
&ip_gif_ttl)); |
&ip_gif_ttl)); |
#endif |
#endif |
|
|
|
#ifndef IPNOPRIVPORTS |
|
case IPCTL_LOWPORTMIN: |
|
old = lowportmin; |
|
error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmin); |
|
if (lowportmin >= lowportmax |
|
|| lowportmin > IPPORT_RESERVEDMAX |
|
|| lowportmin < IPPORT_RESERVEDMIN |
|
) { |
|
lowportmin = old; |
|
return (EINVAL); |
|
} |
|
return (error); |
|
case IPCTL_LOWPORTMAX: |
|
old = lowportmax; |
|
error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmax); |
|
if (lowportmin >= lowportmax |
|
|| lowportmax > IPPORT_RESERVEDMAX |
|
|| lowportmax < IPPORT_RESERVEDMIN |
|
) { |
|
lowportmax = old; |
|
return (EINVAL); |
|
} |
|
return (error); |
|
#endif |
|
|
default: |
default: |
return (EOPNOTSUPP); |
return (EOPNOTSUPP); |
} |
} |