| version 1.93.2.4, 2001/01/05 17:36:55 |
version 1.114.4.10, 2002/11/13 00:34:59 |
|
|
| #include <sys/proc.h> |
#include <sys/proc.h> |
| #include <sys/pool.h> |
#include <sys/pool.h> |
| |
|
| #include <uvm/uvm_extern.h> |
#include <vm/vm.h> |
| |
|
| #include <sys/sysctl.h> |
#include <sys/sysctl.h> |
| |
|
| #include <net/if.h> |
#include <net/if.h> |
|
|
| /* just for gif_ttl */ |
/* just for gif_ttl */ |
| #include <netinet/in_gif.h> |
#include <netinet/in_gif.h> |
| #include "gif.h" |
#include "gif.h" |
| |
#include <net/if_gre.h> |
| |
#include "gre.h" |
| |
|
| #ifdef MROUTING |
#ifdef MROUTING |
| #include <netinet/ip_mroute.h> |
#include <netinet/ip_mroute.h> |
|
|
| #ifdef IPSEC |
#ifdef IPSEC |
| #include <netinet6/ipsec.h> |
#include <netinet6/ipsec.h> |
| #include <netkey/key.h> |
#include <netkey/key.h> |
| |
#include <netkey/key_debug.h> |
| #endif |
#endif |
| |
|
| #ifndef IPFORWARDING |
#ifndef IPFORWARDING |
| Line 205 struct ifqueue ipintrq; |
|
| Line 207 struct ifqueue ipintrq; |
|
| struct ipstat ipstat; |
struct ipstat ipstat; |
| u_int16_t ip_id; |
u_int16_t ip_id; |
| |
|
| #ifdef PFIL_HOOKS |
|
| struct pfil_head inet_pfil_hook; |
|
| #endif |
|
| |
|
| struct ipqhead ipq; |
struct ipqhead ipq; |
| int ipq_locked; |
int ipq_locked; |
| |
int ip_nfragpackets = 0; |
| |
int ip_maxfragpackets = 200; |
| |
|
| static __inline int ipq_lock_try __P((void)); |
static __inline int ipq_lock_try __P((void)); |
| static __inline void ipq_unlock __P((void)); |
static __inline void ipq_unlock __P((void)); |
|
|
| ip_id = time.tv_sec & 0xffff; |
ip_id = time.tv_sec & 0xffff; |
| ipintrq.ifq_maxlen = ipqmaxlen; |
ipintrq.ifq_maxlen = ipqmaxlen; |
| TAILQ_INIT(&in_ifaddr); |
TAILQ_INIT(&in_ifaddr); |
| in_ifaddrhashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, M_IFADDR, |
in_ifaddrhashtbl = |
| M_WAITOK, &in_ifaddrhash); |
hashinit(IN_IFADDR_HASH_SIZE, M_IFADDR, M_WAITOK, &in_ifaddrhash); |
| if (ip_mtudisc != 0) |
ip_mtudisc_timeout_q = rt_timer_queue_create(ip_mtudisc_timeout); |
| ip_mtudisc_timeout_q = |
|
| rt_timer_queue_create(ip_mtudisc_timeout); |
|
| #ifdef GATEWAY |
#ifdef GATEWAY |
| ipflow_init(); |
ipflow_init(); |
| #endif |
#endif |
| |
|
| #ifdef PFIL_HOOKS |
|
| /* Register our Packet Filter hook. */ |
|
| inet_pfil_hook.ph_type = PFIL_TYPE_AF; |
|
| inet_pfil_hook.ph_af = AF_INET; |
|
| i = pfil_head_register(&inet_pfil_hook); |
|
| if (i != 0) |
|
| printf("ip_init: WARNING: unable to register pfil hook, " |
|
| "error %d\n", i); |
|
| #endif /* PFIL_HOOKS */ |
|
| } |
} |
| |
|
| struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; |
struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; |
| Line 364 ip_input(struct mbuf *m) |
|
| Line 352 ip_input(struct mbuf *m) |
|
| struct ipqent *ipqe; |
struct ipqent *ipqe; |
| int hlen = 0, mff, len; |
int hlen = 0, mff, len; |
| int downmatch; |
int downmatch; |
| |
#ifdef PFIL_HOOKS |
| |
struct packet_filter_hook *pfh; |
| |
struct mbuf *m0; |
| |
int rv; |
| |
#endif /* PFIL_HOOKS */ |
| |
|
| #ifdef DIAGNOSTIC |
#ifdef DIAGNOSTIC |
| if ((m->m_flags & M_PKTHDR) == 0) |
if ((m->m_flags & M_PKTHDR) == 0) |
| Line 423 ip_input(struct mbuf *m) |
|
| Line 416 ip_input(struct mbuf *m) |
|
| goto bad; |
goto bad; |
| } |
} |
| |
|
| /* Retrieve the packet length. */ |
/* |
| len = ntohs(ip->ip_len); |
* Convert fields to host representation. |
| |
*/ |
| |
NTOHS(ip->ip_len); |
| |
NTOHS(ip->ip_off); |
| |
len = ip->ip_len; |
| |
|
| /* |
/* |
| * Check for additional length bogosity |
* Check for additional length bogosity |
| Line 464 ip_input(struct mbuf *m) |
|
| Line 461 ip_input(struct mbuf *m) |
|
| #endif |
#endif |
| |
|
| #ifdef PFIL_HOOKS |
#ifdef PFIL_HOOKS |
| |
#ifdef IPSEC |
| |
/* |
| |
* let ipfilter look at packet on the wire, |
| |
* not the decapsulated packet. |
| |
*/ |
| |
if (ipsec_gethist(m, NULL)) |
| |
goto nofilt; |
| |
#endif |
| /* |
/* |
| * Run through list of hooks for input packets. If there are any |
* Run through list of hooks for input packets. If there are any |
| * filters which require that additional packets in the flow are |
* filters which require that additional packets in the flow are |
| Line 471 ip_input(struct mbuf *m) |
|
| Line 476 ip_input(struct mbuf *m) |
|
| * Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
| * in the list may have previously cleared it. |
* in the list may have previously cleared it. |
| */ |
*/ |
| if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, |
m0 = m; |
| PFIL_IN) != 0) |
pfh = pfil_hook_get(PFIL_IN, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); |
| return; |
for (; pfh; pfh = pfh->pfil_link.tqe_next) |
| if (m == NULL) |
if (pfh->pfil_func) { |
| return; |
rv = pfh->pfil_func(ip, hlen, |
| ip = mtod(m, struct ip *); |
m->m_pkthdr.rcvif, 0, &m0); |
| #endif /* PFIL_HOOKS */ |
if (rv) |
| |
return; |
| #ifdef ALTQ |
m = m0; |
| /* XXX Temporary until ALTQ is changed to use a pfil hook */ |
if (m == NULL) |
| if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) { |
return; |
| /* packet dropped by traffic conditioner */ |
ip = mtod(m, struct ip *); |
| return; |
} |
| } |
#ifdef IPSEC |
| |
nofilt:; |
| #endif |
#endif |
| |
#endif /* PFIL_HOOKS */ |
| /* |
|
| * Convert fields to host representation. |
|
| */ |
|
| NTOHS(ip->ip_len); |
|
| NTOHS(ip->ip_off); |
|
| |
|
| /* |
/* |
| * Process options and, if not destined for us, |
* Process options and, if not destined for us, |
| Line 621 ip_input(struct mbuf *m) |
|
| Line 622 ip_input(struct mbuf *m) |
|
| ipstat.ips_cantforward++; |
ipstat.ips_cantforward++; |
| return; |
return; |
| } |
} |
| |
#ifdef IPSEC |
| |
if (ipsec4_in_reject(m, NULL)) { |
| |
ipsecstat.in_polvio++; |
| |
goto bad; |
| |
} |
| |
#endif |
| |
|
| ip_forward(m, 0); |
ip_forward(m, 0); |
| } |
} |
| return; |
return; |
|
|
| IPQ_UNLOCK(); |
IPQ_UNLOCK(); |
| } |
} |
| |
|
| |
#ifdef IPSEC |
| |
/* |
| |
* enforce IPsec policy checking if we are seeing last header. |
| |
* note that we do not visit this with protocols with pcb layer |
| |
* code - like udp/tcp/raw ip. |
| |
*/ |
| |
if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && |
| |
ipsec4_in_reject(m, NULL)) { |
| |
ipsecstat.in_polvio++; |
| |
goto bad; |
| |
} |
| |
#endif |
| |
|
| /* |
/* |
| * Switch out to protocol's input routine. |
* Switch out to protocol's input routine. |
| */ |
*/ |
| #if IFA_STATS |
#if IFA_STATS |
| if (ia && ip) |
ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; |
| ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; |
|
| #endif |
#endif |
| ipstat.ips_delivered++; |
ipstat.ips_delivered++; |
| { |
{ |
| Line 748 ip_reass(ipqe, fp) |
|
| Line 768 ip_reass(ipqe, fp) |
|
| * If first fragment to arrive, create a reassembly queue. |
* If first fragment to arrive, create a reassembly queue. |
| */ |
*/ |
| if (fp == 0) { |
if (fp == 0) { |
| |
/* |
| |
* Enforce upper bound on number of fragmented packets |
| |
* for which we attempt reassembly; |
| |
* If maxfrag is 0, never accept fragments. |
| |
* If maxfrag is -1, accept all fragments without limitation. |
| |
*/ |
| |
if (ip_maxfragpackets < 0) |
| |
; |
| |
else if (ip_nfragpackets >= ip_maxfragpackets) |
| |
goto dropfrag; |
| |
ip_nfragpackets++; |
| MALLOC(fp, struct ipq *, sizeof (struct ipq), |
MALLOC(fp, struct ipq *, sizeof (struct ipq), |
| M_FTABLE, M_NOWAIT); |
M_FTABLE, M_NOWAIT); |
| if (fp == NULL) |
if (fp == NULL) |
|
|
| ip->ip_dst = fp->ipq_dst; |
ip->ip_dst = fp->ipq_dst; |
| LIST_REMOVE(fp, ipq_q); |
LIST_REMOVE(fp, ipq_q); |
| FREE(fp, M_FTABLE); |
FREE(fp, M_FTABLE); |
| |
ip_nfragpackets--; |
| m->m_len += (ip->ip_hl << 2); |
m->m_len += (ip->ip_hl << 2); |
| m->m_data -= (ip->ip_hl << 2); |
m->m_data -= (ip->ip_hl << 2); |
| /* some debugging cruft by sklower, below, will go away soon */ |
/* some debugging cruft by sklower, below, will go away soon */ |
|
|
| } |
} |
| LIST_REMOVE(fp, ipq_q); |
LIST_REMOVE(fp, ipq_q); |
| FREE(fp, M_FTABLE); |
FREE(fp, M_FTABLE); |
| |
ip_nfragpackets--; |
| } |
} |
| |
|
| /* |
/* |
|
|
| ip_freef(fp); |
ip_freef(fp); |
| } |
} |
| } |
} |
| |
/* |
| |
* If we are over the maximum number of fragments |
| |
* (due to the limit being lowered), drain off |
| |
* enough to get down to the new limit. |
| |
*/ |
| |
if (ip_maxfragpackets < 0) |
| |
; |
| |
else { |
| |
while (ip_nfragpackets > ip_maxfragpackets && ipq.lh_first) |
| |
ip_freef(ipq.lh_first); |
| |
} |
| IPQ_UNLOCK(); |
IPQ_UNLOCK(); |
| #ifdef GATEWAY |
#ifdef GATEWAY |
| ipflow_slowtimo(); |
ipflow_slowtimo(); |
| Line 1452 ip_forward(m, srcrt) |
|
| Line 1496 ip_forward(m, srcrt) |
|
| |
|
| #ifdef IPSEC |
#ifdef IPSEC |
| /* Don't lookup socket in forwading case */ |
/* Don't lookup socket in forwading case */ |
| ipsec_setsocket(m, NULL); |
(void)ipsec_setsocket(m, NULL); |
| #endif |
#endif |
| error = ip_output(m, (struct mbuf *)0, &ipforward_rt, |
error = ip_output(m, (struct mbuf *)0, &ipforward_rt, |
| (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); |
(IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); |
| Line 1670 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| Line 1714 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| case IPCTL_MTUDISC: |
case IPCTL_MTUDISC: |
| error = sysctl_int(oldp, oldlenp, newp, newlen, |
error = sysctl_int(oldp, oldlenp, newp, newlen, |
| &ip_mtudisc); |
&ip_mtudisc); |
| if (ip_mtudisc != 0 && ip_mtudisc_timeout_q == NULL) { |
if (error == 0 && ip_mtudisc == 0) |
| ip_mtudisc_timeout_q = |
rt_timer_queue_remove_all(ip_mtudisc_timeout_q, TRUE); |
| rt_timer_queue_create(ip_mtudisc_timeout); |
|
| } else if (ip_mtudisc == 0 && ip_mtudisc_timeout_q != NULL) { |
|
| rt_timer_queue_destroy(ip_mtudisc_timeout_q, TRUE); |
|
| ip_mtudisc_timeout_q = NULL; |
|
| } |
|
| return error; |
return error; |
| case IPCTL_ANONPORTMIN: |
case IPCTL_ANONPORTMIN: |
| old = anonportmin; |
old = anonportmin; |
| Line 1707 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| Line 1746 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| case IPCTL_MTUDISCTIMEOUT: |
case IPCTL_MTUDISCTIMEOUT: |
| error = sysctl_int(oldp, oldlenp, newp, newlen, |
error = sysctl_int(oldp, oldlenp, newp, newlen, |
| &ip_mtudisc_timeout); |
&ip_mtudisc_timeout); |
| if (ip_mtudisc_timeout_q != NULL) |
if (error == 0) |
| rt_timer_queue_change(ip_mtudisc_timeout_q, |
rt_timer_queue_change(ip_mtudisc_timeout_q, |
| ip_mtudisc_timeout); |
ip_mtudisc_timeout); |
| return (error); |
return (error); |
| #ifdef GATEWAY |
#ifdef GATEWAY |
| Line 1733 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| Line 1772 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| &ip_gif_ttl)); |
&ip_gif_ttl)); |
| #endif |
#endif |
| |
|
| |
#if NGRE > 0 |
| |
case IPCTL_GRE_TTL: |
| |
return(sysctl_int(oldp, oldlenp, newp, newlen, |
| |
&ip_gre_ttl)); |
| |
#endif |
| |
|
| #ifndef IPNOPRIVPORTS |
#ifndef IPNOPRIVPORTS |
| case IPCTL_LOWPORTMIN: |
case IPCTL_LOWPORTMIN: |
| old = lowportmin; |
old = lowportmin; |
| Line 1758 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| Line 1803 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| return (error); |
return (error); |
| #endif |
#endif |
| |
|
| |
case IPCTL_MAXFRAGPACKETS: |
| |
return (sysctl_int(oldp, oldlenp, newp, newlen, |
| |
&ip_maxfragpackets)); |
| |
|
| default: |
default: |
| return (EOPNOTSUPP); |
return (EOPNOTSUPP); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet