version 1.121, 2000/11/11 00:52:38 |
version 1.128, 2001/03/01 16:31:39 |
|
|
|
|
#ifdef PFIL_HOOKS |
#ifdef PFIL_HOOKS |
/* Register our Packet Filter hook. */ |
/* Register our Packet Filter hook. */ |
inet_pfil_hook.ph_key = (void *)(u_long) AF_INET; |
inet_pfil_hook.ph_type = PFIL_TYPE_AF; |
inet_pfil_hook.ph_dlt = DLT_RAW; |
inet_pfil_hook.ph_af = AF_INET; |
i = pfil_head_register(&inet_pfil_hook); |
i = pfil_head_register(&inet_pfil_hook); |
if (i != 0) |
if (i != 0) |
printf("ip_init: WARNING: unable to register pfil hook, " |
printf("ip_init: WARNING: unable to register pfil hook, " |
Line 471 ip_input(struct mbuf *m) |
|
Line 471 ip_input(struct mbuf *m) |
|
* Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
* in the list may have previously cleared it. |
* in the list may have previously cleared it. |
*/ |
*/ |
if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, |
/* |
PFIL_IN) != 0) |
* let ipfilter look at packet on the wire, |
return; |
* not the decapsulated packet. |
if (m == NULL) |
*/ |
|
#ifdef IPSEC |
|
if (!ipsec_gethist(m, NULL)) |
|
#else |
|
if (1) |
|
#endif |
|
{ |
|
if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, |
|
PFIL_IN) != 0) |
return; |
return; |
ip = mtod(m, struct ip *); |
if (m == NULL) |
|
return; |
|
ip = mtod(m, struct ip *); |
|
} |
#endif /* PFIL_HOOKS */ |
#endif /* PFIL_HOOKS */ |
|
|
|
#ifdef ALTQ |
|
/* XXX Temporary until ALTQ is changed to use a pfil hook */ |
|
if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) { |
|
/* packet dropped by traffic conditioner */ |
|
return; |
|
} |
|
#endif |
|
|
/* |
/* |
* Convert fields to host representation. |
* Convert fields to host representation. |
*/ |
*/ |
|
|
IPQ_UNLOCK(); |
IPQ_UNLOCK(); |
} |
} |
|
|
|
#ifdef IPSEC |
|
/* |
|
* enforce IPsec policy checking if we are seeing last header. |
|
* note that we do not visit this with protocols with pcb layer |
|
* code - like udp/tcp/raw ip. |
|
*/ |
|
if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && |
|
ipsec4_in_reject(m, NULL)) { |
|
ipsecstat.in_polvio++; |
|
goto bad; |
|
} |
|
#endif |
|
|
/* |
/* |
* Switch out to protocol's input routine. |
* Switch out to protocol's input routine. |
*/ |
*/ |
#if IFA_STATS |
#if IFA_STATS |
ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; |
if (ia && ip) |
|
ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; |
#endif |
#endif |
ipstat.ips_delivered++; |
ipstat.ips_delivered++; |
{ |
{ |
Line 1443 ip_forward(m, srcrt) |
|
Line 1476 ip_forward(m, srcrt) |
|
|
|
#ifdef IPSEC |
#ifdef IPSEC |
/* Don't lookup socket in forwading case */ |
/* Don't lookup socket in forwading case */ |
ipsec_setsocket(m, NULL); |
(void)ipsec_setsocket(m, NULL); |
#endif |
#endif |
error = ip_output(m, (struct mbuf *)0, &ipforward_rt, |
error = ip_output(m, (struct mbuf *)0, &ipforward_rt, |
(IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); |
(IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); |