Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.127
retrieving revision 1.135.2.2
diff -u -p -r1.127 -r1.135.2.2
--- src/sys/netinet/ip_input.c	2001/01/24 09:04:15	1.127
+++ src/sys/netinet/ip_input.c	2002/01/10 20:02:50	1.135.2.2
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.127 2001/01/24 09:04:15 itojun Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.135.2.2 2002/01/10 20:02:50 thorpej Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -101,10 +101,14 @@
  *	@(#)ip_input.c	8.2 (Berkeley) 1/4/94
  */
 
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.135.2.2 2002/01/10 20:02:50 thorpej Exp $");
+
 #include "opt_gateway.h"
 #include "opt_pfil_hooks.h"
 #include "opt_ipsec.h"
 #include "opt_mrouting.h"
+#include "opt_inet_csum.h"
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -117,11 +121,7 @@
 #include <sys/errno.h>
 #include <sys/time.h>
 #include <sys/kernel.h>
-#include <sys/proc.h>
 #include <sys/pool.h>
-
-#include <uvm/uvm_extern.h>
-
 #include <sys/sysctl.h>
 
 #include <net/if.h>
@@ -211,6 +211,8 @@ struct pfil_head inet_pfil_hook;
 
 struct ipqhead ipq;
 int	ipq_locked;
+int	ip_nfragpackets = 0;
+int	ip_maxfragpackets = 200;
 
 static __inline int ipq_lock_try __P((void));
 static __inline void ipq_unlock __P((void));
@@ -220,7 +222,11 @@ ipq_lock_try()
 {
 	int s;
 
-	s = splimp();
+	/*
+	 * Use splvm() -- we're bloking things that would cause
+	 * mbuf allocation.
+	 */
+	s = splvm();
 	if (ipq_locked) {
 		splx(s);
 		return (0);
@@ -235,7 +241,7 @@ ipq_unlock()
 {
 	int s;
 
-	s = splimp();
+	s = splvm();
 	ipq_locked = 0;
 	splx(s);
 }
@@ -264,6 +270,24 @@ do {									\
 
 struct pool ipqent_pool;
 
+#ifdef INET_CSUM_COUNTERS
+#include <sys/device.h>
+
+struct evcnt ip_hwcsum_bad = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
+    NULL, "inet", "hwcsum bad");
+struct evcnt ip_hwcsum_ok = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
+    NULL, "inet", "hwcsum ok");
+struct evcnt ip_swcsum = EVCNT_INITIALIZER(EVCNT_TYPE_MISC,
+    NULL, "inet", "swcsum");
+
+#define	INET_CSUM_COUNTER_INCR(ev)	(ev)->ev_count++
+
+#else
+
+#define	INET_CSUM_COUNTER_INCR(ev)	/* nothing */
+
+#endif /* INET_CSUM_COUNTERS */
+
 /*
  * We need to save the IP options in case a protocol wants to respond
  * to an incoming packet over the same route if the packet got here
@@ -326,6 +350,12 @@ ip_init()
 		printf("ip_init: WARNING: unable to register pfil hook, "
 		    "error %d\n", i);
 #endif /* PFIL_HOOKS */
+
+#ifdef INET_CSUM_COUNTERS
+	evcnt_attach_static(&ip_hwcsum_bad);
+	evcnt_attach_static(&ip_hwcsum_ok);
+	evcnt_attach_static(&ip_swcsum);
+#endif /* INET_CSUM_COUNTERS */
 }
 
 struct	sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET };
@@ -341,7 +371,7 @@ ipintr()
 	struct mbuf *m;
 
 	while (1) {
-		s = splimp();
+		s = splnet();
 		IF_DEQUEUE(&ipintrq, m);
 		splx(s);
 		if (m == 0)
@@ -383,7 +413,7 @@ ip_input(struct mbuf *m)
 	 * If no IP addresses have been set yet but the interfaces
 	 * are receiving, can't do anything with incoming packets yet.
 	 */
-	if (in_ifaddr.tqh_first == 0)
+	if (TAILQ_FIRST(&in_ifaddr) == 0)
 		goto bad;
 	ipstat.ips_total++;
 	if (m->m_len < sizeof (struct ip) &&
@@ -414,13 +444,37 @@ ip_input(struct mbuf *m)
 	 * not allowed.
 	 */
 	if (IN_MULTICAST(ip->ip_src.s_addr)) {
-		/* XXX stat */
+		ipstat.ips_badaddr++;
 		goto bad;
 	}
 
-	if (in_cksum(m, hlen) != 0) {
-		ipstat.ips_badsum++;
-		goto bad;
+	/* 127/8 must not appear on wire - RFC1122 */
+	if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
+	    (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
+		if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) {
+			ipstat.ips_badaddr++;
+			goto bad;
+		}
+	}
+
+	switch (m->m_pkthdr.csum_flags &
+		((m->m_pkthdr.rcvif->if_csum_flags_rx & M_CSUM_IPv4) |
+		 M_CSUM_IPv4_BAD)) {
+	case M_CSUM_IPv4|M_CSUM_IPv4_BAD:
+		INET_CSUM_COUNTER_INCR(&ip_hwcsum_bad);
+		goto badcsum;
+
+	case M_CSUM_IPv4:
+		/* Checksum was okay. */
+		INET_CSUM_COUNTER_INCR(&ip_hwcsum_ok);
+		break;
+
+	default:
+		/* Must compute it ourselves. */
+		INET_CSUM_COUNTER_INCR(&ip_swcsum);
+		if (in_cksum(m, hlen) != 0)
+			goto bad;
+		break;
 	}
 
 	/* Retrieve the packet length. */
@@ -476,7 +530,7 @@ ip_input(struct mbuf *m)
 	 * not the decapsulated packet.
 	 */
 #ifdef IPSEC
-	if (!ipsec_gethist(m, NULL))
+	if (!ipsec_getnhist(m))
 #else
 	if (1)
 #endif
@@ -487,6 +541,7 @@ ip_input(struct mbuf *m)
 		if (m == NULL)
 			return;
 		ip = mtod(m, struct ip *);
+		hlen = ip->ip_hl << 2;
 	}
 #endif /* PFIL_HOOKS */
 
@@ -522,9 +577,7 @@ ip_input(struct mbuf *m)
 	 * as not mine.
 	 */
 	downmatch = 0;
-	for (ia = IN_IFADDR_HASH(ip->ip_dst.s_addr).lh_first;
-	     ia != NULL;
-	     ia = ia->ia_hash.le_next) {
+	LIST_FOREACH(ia, &IN_IFADDR_HASH(ip->ip_dst.s_addr), ia_hash) {
 		if (in_hosteq(ia->ia_addr.sin_addr, ip->ip_dst)) {
 			if ((ia->ia_ifp->if_flags & IFF_UP) != 0)
 				break;
@@ -535,9 +588,9 @@ ip_input(struct mbuf *m)
 	if (ia != NULL)
 		goto ours;
 	if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) {
-		for (ifa = m->m_pkthdr.rcvif->if_addrlist.tqh_first;
-		    ifa != NULL; ifa = ifa->ifa_list.tqe_next) {
-			if (ifa->ifa_addr->sa_family != AF_INET) continue;
+		TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrlist, ifa_list) {
+			if (ifa->ifa_addr->sa_family != AF_INET)
+				continue;
 			ia = ifatoia(ifa);
 			if (in_hosteq(ip->ip_dst, ia->ia_broadaddr.sin_addr) ||
 			    in_hosteq(ip->ip_dst, ia->ia_netbroadcast) ||
@@ -650,7 +703,7 @@ ours:
 		 * of this datagram.
 		 */
 		IPQ_LOCK();
-		for (fp = ipq.lh_first; fp != NULL; fp = fp->ipq_q.le_next)
+		LIST_FOREACH(fp, &ipq, ipq_q)
 			if (ip->ip_id == fp->ipq_id &&
 			    in_hosteq(ip->ip_src, fp->ipq_src) &&
 			    in_hosteq(ip->ip_dst, fp->ipq_dst) &&
@@ -710,6 +763,19 @@ found:
 		IPQ_UNLOCK();
 	}
 
+#ifdef IPSEC
+	/*
+	 * enforce IPsec policy checking if we are seeing last header.
+	 * note that we do not visit this with protocols with pcb layer
+	 * code - like udp/tcp/raw ip.
+	 */
+	if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 &&
+	    ipsec4_in_reject(m, NULL)) {
+		ipsecstat.in_polvio++;
+		goto bad;
+	}
+#endif
+
 	/*
 	 * Switch out to protocol's input routine.
 	 */
@@ -726,6 +792,11 @@ found:
     }
 bad:
 	m_freem(m);
+	return;
+
+badcsum:
+	ipstat.ips_badsum++;
+	m_freem(m);
 }
 
 /*
@@ -759,6 +830,17 @@ ip_reass(ipqe, fp)
 	 * If first fragment to arrive, create a reassembly queue.
 	 */
 	if (fp == 0) {
+		/*
+		 * Enforce upper bound on number of fragmented packets
+		 * for which we attempt reassembly;
+		 * If maxfrag is 0, never accept fragments.
+		 * If maxfrag is -1, accept all fragments without limitation.
+		 */
+		if (ip_maxfragpackets < 0)
+			;
+		else if (ip_nfragpackets >= ip_maxfragpackets)
+			goto dropfrag;
+		ip_nfragpackets++;
 		MALLOC(fp, struct ipq *, sizeof (struct ipq),
 		    M_FTABLE, M_NOWAIT);
 		if (fp == NULL)
@@ -777,8 +859,8 @@ ip_reass(ipqe, fp)
 	/*
 	 * Find a segment which begins after this one does.
 	 */
-	for (p = NULL, q = fp->ipq_fragq.lh_first; q != NULL;
-	    p = q, q = q->ipqe_q.le_next)
+	for (p = NULL, q = LIST_FIRST(&fp->ipq_fragq); q != NULL;
+	    p = q, q = LIST_NEXT(q, ipqe_q))
 		if (q->ipqe_ip->ip_off > ipqe->ipqe_ip->ip_off)
 			break;
 
@@ -813,7 +895,7 @@ ip_reass(ipqe, fp)
 			m_adj(q->ipqe_m, i);
 			break;
 		}
-		nq = q->ipqe_q.le_next;
+		nq = LIST_NEXT(q, ipqe_q);
 		m_freem(q->ipqe_m);
 		LIST_REMOVE(q, ipqe_q);
 		pool_put(&ipqent_pool, q);
@@ -830,8 +912,8 @@ insert:
 		LIST_INSERT_AFTER(p, ipqe, ipqe_q);
 	}
 	next = 0;
-	for (p = NULL, q = fp->ipq_fragq.lh_first; q != NULL;
-	    p = q, q = q->ipqe_q.le_next) {
+	for (p = NULL, q = LIST_FIRST(&fp->ipq_fragq); q != NULL;
+	    p = q, q = LIST_NEXT(q, ipqe_q)) {
 		if (q->ipqe_ip->ip_off != next)
 			return (0);
 		next += q->ipqe_ip->ip_len;
@@ -843,7 +925,7 @@ insert:
 	 * Reassembly is complete.  Check for a bogus message size and
 	 * concatenate fragments.
 	 */
-	q = fp->ipq_fragq.lh_first;
+	q = LIST_FIRST(&fp->ipq_fragq);
 	ip = q->ipqe_ip;
 	if ((next + (ip->ip_hl << 2)) > IP_MAXPACKET) {
 		ipstat.ips_toolong++;
@@ -854,11 +936,11 @@ insert:
 	t = m->m_next;
 	m->m_next = 0;
 	m_cat(m, t);
-	nq = q->ipqe_q.le_next;
+	nq = LIST_NEXT(q, ipqe_q);
 	pool_put(&ipqent_pool, q);
 	for (q = nq; q != NULL; q = nq) {
 		t = q->ipqe_m;
-		nq = q->ipqe_q.le_next;
+		nq = LIST_NEXT(q, ipqe_q);
 		pool_put(&ipqent_pool, q);
 		m_cat(m, t);
 	}
@@ -874,6 +956,7 @@ insert:
 	ip->ip_dst = fp->ipq_dst;
 	LIST_REMOVE(fp, ipq_q);
 	FREE(fp, M_FTABLE);
+	ip_nfragpackets--;
 	m->m_len += (ip->ip_hl << 2);
 	m->m_data -= (ip->ip_hl << 2);
 	/* some debugging cruft by sklower, below, will go away soon */
@@ -904,14 +987,15 @@ ip_freef(fp)
 
 	IPQ_LOCK_CHECK();
 
-	for (q = fp->ipq_fragq.lh_first; q != NULL; q = p) {
-		p = q->ipqe_q.le_next;
+	for (q = LIST_FIRST(&fp->ipq_fragq); q != NULL; q = p) {
+		p = LIST_NEXT(q, ipqe_q);
 		m_freem(q->ipqe_m);
 		LIST_REMOVE(q, ipqe_q);
 		pool_put(&ipqent_pool, q);
 	}
 	LIST_REMOVE(fp, ipq_q);
 	FREE(fp, M_FTABLE);
+	ip_nfragpackets--;
 }
 
 /*
@@ -926,13 +1010,24 @@ ip_slowtimo()
 	int s = splsoftnet();
 
 	IPQ_LOCK();
-	for (fp = ipq.lh_first; fp != NULL; fp = nfp) {
-		nfp = fp->ipq_q.le_next;
+	for (fp = LIST_FIRST(&ipq); fp != NULL; fp = nfp) {
+		nfp = LIST_NEXT(fp, ipq_q);
 		if (--fp->ipq_ttl == 0) {
 			ipstat.ips_fragtimeout++;
 			ip_freef(fp);
 		}
 	}
+	/*
+	 * If we are over the maximum number of fragments
+	 * (due to the limit being lowered), drain off
+	 * enough to get down to the new limit.
+	 */
+	if (ip_maxfragpackets < 0)
+		;
+	else {
+		while (ip_nfragpackets > ip_maxfragpackets && LIST_FIRST(&ipq))
+			ip_freef(LIST_FIRST(&ipq));
+	}
 	IPQ_UNLOCK();
 #ifdef GATEWAY
 	ipflow_slowtimo();
@@ -954,9 +1049,9 @@ ip_drain()
 	if (ipq_lock_try() == 0)
 		return;
 
-	while (ipq.lh_first != NULL) {
+	while (LIST_FIRST(&ipq) != NULL) {
 		ipstat.ips_fragdropped++;
-		ip_freef(ipq.lh_first);
+		ip_freef(LIST_FIRST(&ipq));
 	}
 
 	IPQ_UNLOCK();
@@ -1343,7 +1438,7 @@ ip_stripoptions(m, mopt)
 	ip->ip_hl = sizeof (struct ip) >> 2;
 }
 
-int inetctlerrmap[PRC_NCMDS] = {
+const int inetctlerrmap[PRC_NCMDS] = {
 	0,		0,		0,		0,
 	0,		EMSGSIZE,	EHOSTDOWN,	EHOSTUNREACH,
 	EHOSTUNREACH,	EHOSTUNREACH,	ECONNREFUSED,	ECONNREFUSED,
@@ -1382,6 +1477,11 @@ ip_forward(m, srcrt)
 	struct ifnet dummyifp;
 #endif
 
+	/*
+	 * Clear any in-bound checksum flags for this packet.
+	 */
+	m->m_pkthdr.csum_flags = 0;
+
 	dest = 0;
 #ifdef DIAGNOSTIC
 	if (ipprintfs)
@@ -1462,7 +1562,7 @@ ip_forward(m, srcrt)
 	}
 
 #ifdef IPSEC
-	/* Don't lookup socket in forwading case */
+	/* Don't lookup socket in forwarding case */
 	(void)ipsec_setsocket(m, NULL);
 #endif
 	error = ip_output(m, (struct mbuf *)0, &ipforward_rt,
@@ -1769,6 +1869,10 @@ ip_sysctl(name, namelen, oldp, oldlenp, 
 		return (error);
 #endif
 
+	case IPCTL_MAXFRAGPACKETS:
+		return (sysctl_int(oldp, oldlenp, newp, newlen,
+		    &ip_maxfragpackets));
+
 	default:
 		return (EOPNOTSUPP);
 	}