Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.114.4.8 retrieving revision 1.116 diff -u -p -r1.114.4.8 -r1.116 --- src/sys/netinet/ip_input.c 2002/02/26 21:07:56 1.114.4.8 +++ src/sys/netinet/ip_input.c 2000/07/06 12:51:40 1.116 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.114.4.8 2002/02/26 21:07:56 he Exp $ */ +/* $NetBSD: ip_input.c,v 1.116 2000/07/06 12:51:40 itojun Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -120,7 +120,8 @@ #include #include -#include +#include + #include #include @@ -138,8 +139,6 @@ /* just for gif_ttl */ #include #include "gif.h" -#include -#include "gre.h" #ifdef MROUTING #include @@ -148,7 +147,6 @@ #ifdef IPSEC #include #include -#include #endif #ifndef IPFORWARDING @@ -209,8 +207,6 @@ u_int16_t ip_id; struct ipqhead ipq; int ipq_locked; -int ip_nfragpackets = 0; -int ip_maxfragpackets = 200; static __inline int ipq_lock_try __P((void)); static __inline void ipq_unlock __P((void)); @@ -463,14 +459,6 @@ ip_input(struct mbuf *m) #endif #ifdef PFIL_HOOKS -#ifdef IPSEC - /* - * let ipfilter look at packet on the wire, - * not the decapsulated packet. - */ - if (ipsec_gethist(m, NULL)) - goto nofilt; -#endif /* * Run through list of hooks for input packets. If there are any * filters which require that additional packets in the flow are @@ -491,9 +479,6 @@ ip_input(struct mbuf *m) return; ip = mtod(m, struct ip *); } -#ifdef IPSEC -nofilt:; -#endif #endif /* PFIL_HOOKS */ /* @@ -624,13 +609,6 @@ nofilt:; ipstat.ips_cantforward++; return; } -#ifdef IPSEC - if (ipsec4_in_reject(m, NULL)) { - ipsecstat.in_polvio++; - goto bad; - } -#endif - ip_forward(m, 0); } return; @@ -709,19 +687,6 @@ found: IPQ_UNLOCK(); } -#ifdef IPSEC - /* - * enforce IPsec policy checking if we are seeing last header. - * note that we do not visit this with protocols with pcb layer - * code - like udp/tcp/raw ip. - */ - if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && - ipsec4_in_reject(m, NULL)) { - ipsecstat.in_polvio++; - goto bad; - } -#endif - /* * Switch out to protocol's input routine. */ @@ -770,17 +735,6 @@ ip_reass(ipqe, fp) * If first fragment to arrive, create a reassembly queue. */ if (fp == 0) { - /* - * Enforce upper bound on number of fragmented packets - * for which we attempt reassembly; - * If maxfrag is 0, never accept fragments. - * If maxfrag is -1, accept all fragments without limitation. - */ - if (ip_maxfragpackets < 0) - ; - else if (ip_nfragpackets >= ip_maxfragpackets) - goto dropfrag; - ip_nfragpackets++; MALLOC(fp, struct ipq *, sizeof (struct ipq), M_FTABLE, M_NOWAIT); if (fp == NULL) @@ -896,7 +850,6 @@ insert: ip->ip_dst = fp->ipq_dst; LIST_REMOVE(fp, ipq_q); FREE(fp, M_FTABLE); - ip_nfragpackets--; m->m_len += (ip->ip_hl << 2); m->m_data -= (ip->ip_hl << 2); /* some debugging cruft by sklower, below, will go away soon */ @@ -935,7 +888,6 @@ ip_freef(fp) } LIST_REMOVE(fp, ipq_q); FREE(fp, M_FTABLE); - ip_nfragpackets--; } /* @@ -957,17 +909,6 @@ ip_slowtimo() ip_freef(fp); } } - /* - * If we are over the maximum number of fragments - * (due to the limit being lowered), drain off - * enough to get down to the new limit. - */ - if (ip_maxfragpackets < 0) - ; - else { - while (ip_nfragpackets > ip_maxfragpackets && ipq.lh_first) - ip_freef(ipq.lh_first); - } IPQ_UNLOCK(); #ifdef GATEWAY ipflow_slowtimo(); @@ -1457,11 +1398,8 @@ ip_forward(m, srcrt) /* * Save at most 68 bytes of the packet in case * we need to generate an ICMP message to the src. - * Pullup to avoid sharing mbuf cluster between m and mcopy. */ - mcopy = m_copym(m, 0, imin((int)ip->ip_len, 68), M_DONTWAIT); - if (mcopy) - mcopy = m_pullup(mcopy, ip->ip_hl << 2); + mcopy = m_copy(m, 0, imin((int)ip->ip_len, 68)); /* * If forwarding packet using same interface that it came in on, @@ -1498,7 +1436,7 @@ ip_forward(m, srcrt) #ifdef IPSEC /* Don't lookup socket in forwading case */ - (void)ipsec_setsocket(m, NULL); + ipsec_setsocket(m, NULL); #endif error = ip_output(m, (struct mbuf *)0, &ipforward_rt, (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); @@ -1727,8 +1665,7 @@ ip_sysctl(name, namelen, oldp, oldlenp, case IPCTL_ANONPORTMIN: old = anonportmin; error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmin); - if (anonportmin >= anonportmax || anonportmin < 0 - || anonportmin > 65535 + if (anonportmin >= anonportmax || anonportmin > 65535 #ifndef IPNOPRIVPORTS || anonportmin < IPPORT_RESERVED #endif @@ -1740,8 +1677,7 @@ ip_sysctl(name, namelen, oldp, oldlenp, case IPCTL_ANONPORTMAX: old = anonportmax; error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmax); - if (anonportmin >= anonportmax || anonportmax < 0 - || anonportmax > 65535 + if (anonportmin >= anonportmax || anonportmax > 65535 #ifndef IPNOPRIVPORTS || anonportmax < IPPORT_RESERVED #endif @@ -1779,41 +1715,6 @@ ip_sysctl(name, namelen, oldp, oldlenp, &ip_gif_ttl)); #endif -#if NGRE > 0 - case IPCTL_GRE_TTL: - return(sysctl_int(oldp, oldlenp, newp, newlen, - &ip_gre_ttl)); -#endif - -#ifndef IPNOPRIVPORTS - case IPCTL_LOWPORTMIN: - old = lowportmin; - error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmin); - if (lowportmin >= lowportmax - || lowportmin > IPPORT_RESERVEDMAX - || lowportmin < IPPORT_RESERVEDMIN - ) { - lowportmin = old; - return (EINVAL); - } - return (error); - case IPCTL_LOWPORTMAX: - old = lowportmax; - error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmax); - if (lowportmin >= lowportmax - || lowportmax > IPPORT_RESERVEDMAX - || lowportmax < IPPORT_RESERVEDMIN - ) { - lowportmax = old; - return (EINVAL); - } - return (error); -#endif - - case IPCTL_MAXFRAGPACKETS: - return (sysctl_int(oldp, oldlenp, newp, newlen, - &ip_maxfragpackets)); - default: return (EOPNOTSUPP); }