| version 1.121, 2000/11/11 00:52:38 |
version 1.128, 2001/03/01 16:31:39 |
|
|
| |
|
| #ifdef PFIL_HOOKS |
#ifdef PFIL_HOOKS |
| /* Register our Packet Filter hook. */ |
/* Register our Packet Filter hook. */ |
| inet_pfil_hook.ph_key = (void *)(u_long) AF_INET; |
inet_pfil_hook.ph_type = PFIL_TYPE_AF; |
| inet_pfil_hook.ph_dlt = DLT_RAW; |
inet_pfil_hook.ph_af = AF_INET; |
| i = pfil_head_register(&inet_pfil_hook); |
i = pfil_head_register(&inet_pfil_hook); |
| if (i != 0) |
if (i != 0) |
| printf("ip_init: WARNING: unable to register pfil hook, " |
printf("ip_init: WARNING: unable to register pfil hook, " |
| Line 471 ip_input(struct mbuf *m) |
|
| Line 471 ip_input(struct mbuf *m) |
|
| * Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
| * in the list may have previously cleared it. |
* in the list may have previously cleared it. |
| */ |
*/ |
| if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, |
/* |
| PFIL_IN) != 0) |
* let ipfilter look at packet on the wire, |
| return; |
* not the decapsulated packet. |
| if (m == NULL) |
*/ |
| |
#ifdef IPSEC |
| |
if (!ipsec_gethist(m, NULL)) |
| |
#else |
| |
if (1) |
| |
#endif |
| |
{ |
| |
if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, |
| |
PFIL_IN) != 0) |
| return; |
return; |
| ip = mtod(m, struct ip *); |
if (m == NULL) |
| |
return; |
| |
ip = mtod(m, struct ip *); |
| |
} |
| #endif /* PFIL_HOOKS */ |
#endif /* PFIL_HOOKS */ |
| |
|
| |
#ifdef ALTQ |
| |
/* XXX Temporary until ALTQ is changed to use a pfil hook */ |
| |
if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) { |
| |
/* packet dropped by traffic conditioner */ |
| |
return; |
| |
} |
| |
#endif |
| |
|
| /* |
/* |
| * Convert fields to host representation. |
* Convert fields to host representation. |
| */ |
*/ |
|
|
| IPQ_UNLOCK(); |
IPQ_UNLOCK(); |
| } |
} |
| |
|
| |
#ifdef IPSEC |
| |
/* |
| |
* enforce IPsec policy checking if we are seeing last header. |
| |
* note that we do not visit this with protocols with pcb layer |
| |
* code - like udp/tcp/raw ip. |
| |
*/ |
| |
if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && |
| |
ipsec4_in_reject(m, NULL)) { |
| |
ipsecstat.in_polvio++; |
| |
goto bad; |
| |
} |
| |
#endif |
| |
|
| /* |
/* |
| * Switch out to protocol's input routine. |
* Switch out to protocol's input routine. |
| */ |
*/ |
| #if IFA_STATS |
#if IFA_STATS |
| ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; |
if (ia && ip) |
| |
ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; |
| #endif |
#endif |
| ipstat.ips_delivered++; |
ipstat.ips_delivered++; |
| { |
{ |
| Line 1443 ip_forward(m, srcrt) |
|
| Line 1476 ip_forward(m, srcrt) |
|
| |
|
| #ifdef IPSEC |
#ifdef IPSEC |
| /* Don't lookup socket in forwading case */ |
/* Don't lookup socket in forwading case */ |
| ipsec_setsocket(m, NULL); |
(void)ipsec_setsocket(m, NULL); |
| #endif |
#endif |
| error = ip_output(m, (struct mbuf *)0, &ipforward_rt, |
error = ip_output(m, (struct mbuf *)0, &ipforward_rt, |
| (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); |
(IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet