Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.111 retrieving revision 1.135 diff -u -p -r1.111 -r1.135 --- src/sys/netinet/ip_input.c 2000/03/31 14:27:17 1.111 +++ src/sys/netinet/ip_input.c 2001/06/02 16:17:09 1.135 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.111 2000/03/31 14:27:17 jdolecek Exp $ */ +/* $NetBSD: ip_input.c,v 1.135 2001/06/02 16:17:09 thorpej Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -105,6 +105,7 @@ #include "opt_pfil_hooks.h" #include "opt_ipsec.h" #include "opt_mrouting.h" +#include "opt_inet_csum.h" #include #include @@ -120,7 +121,8 @@ #include #include -#include +#include + #include #include @@ -146,7 +148,6 @@ #ifdef IPSEC #include #include -#include #endif #ifndef IPFORWARDING @@ -205,8 +206,14 @@ struct ifqueue ipintrq; struct ipstat ipstat; u_int16_t ip_id; +#ifdef PFIL_HOOKS +struct pfil_head inet_pfil_hook; +#endif + struct ipqhead ipq; int ipq_locked; +int ip_nfragpackets = 0; +int ip_maxfragpackets = 200; static __inline int ipq_lock_try __P((void)); static __inline void ipq_unlock __P((void)); @@ -216,7 +223,11 @@ ipq_lock_try() { int s; - s = splimp(); + /* + * Use splvm() -- we're bloking things that would cause + * mbuf allocation. + */ + s = splvm(); if (ipq_locked) { splx(s); return (0); @@ -231,7 +242,7 @@ ipq_unlock() { int s; - s = splimp(); + s = splvm(); ipq_locked = 0; splx(s); } @@ -260,6 +271,24 @@ do { \ struct pool ipqent_pool; +#ifdef INET_CSUM_COUNTERS +#include + +struct evcnt ip_hwcsum_bad = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, + NULL, "inet", "hwcsum bad"); +struct evcnt ip_hwcsum_ok = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, + NULL, "inet", "hwcsum ok"); +struct evcnt ip_swcsum = EVCNT_INITIALIZER(EVCNT_TYPE_MISC, + NULL, "inet", "swcsum"); + +#define INET_CSUM_COUNTER_INCR(ev) (ev)->ev_count++ + +#else + +#define INET_CSUM_COUNTER_INCR(ev) /* nothing */ + +#endif /* INET_CSUM_COUNTERS */ + /* * We need to save the IP options in case a protocol wants to respond * to an incoming packet over the same route if the packet got here @@ -304,14 +333,30 @@ ip_init() ip_id = time.tv_sec & 0xffff; ipintrq.ifq_maxlen = ipqmaxlen; TAILQ_INIT(&in_ifaddr); - in_ifaddrhashtbl = - hashinit(IN_IFADDR_HASH_SIZE, M_IFADDR, M_WAITOK, &in_ifaddrhash); + in_ifaddrhashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, M_IFADDR, + M_WAITOK, &in_ifaddrhash); if (ip_mtudisc != 0) ip_mtudisc_timeout_q = rt_timer_queue_create(ip_mtudisc_timeout); #ifdef GATEWAY ipflow_init(); #endif + +#ifdef PFIL_HOOKS + /* Register our Packet Filter hook. */ + inet_pfil_hook.ph_type = PFIL_TYPE_AF; + inet_pfil_hook.ph_af = AF_INET; + i = pfil_head_register(&inet_pfil_hook); + if (i != 0) + printf("ip_init: WARNING: unable to register pfil hook, " + "error %d\n", i); +#endif /* PFIL_HOOKS */ + +#ifdef INET_CSUM_COUNTERS + evcnt_attach_static(&ip_hwcsum_bad); + evcnt_attach_static(&ip_hwcsum_ok); + evcnt_attach_static(&ip_swcsum); +#endif /* INET_CSUM_COUNTERS */ } struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; @@ -327,7 +372,7 @@ ipintr() struct mbuf *m; while (1) { - s = splimp(); + s = splnet(); IF_DEQUEUE(&ipintrq, m); splx(s); if (m == 0) @@ -350,11 +395,6 @@ ip_input(struct mbuf *m) struct ipqent *ipqe; int hlen = 0, mff, len; int downmatch; -#ifdef PFIL_HOOKS - struct packet_filter_hook *pfh; - struct mbuf *m0; - int rv; -#endif /* PFIL_HOOKS */ #ifdef DIAGNOSTIC if ((m->m_flags & M_PKTHDR) == 0) @@ -405,21 +445,41 @@ ip_input(struct mbuf *m) * not allowed. */ if (IN_MULTICAST(ip->ip_src.s_addr)) { - /* XXX stat */ + ipstat.ips_badaddr++; goto bad; } - if (in_cksum(m, hlen) != 0) { - ipstat.ips_badsum++; - goto bad; + /* 127/8 must not appear on wire - RFC1122 */ + if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || + (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { + if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) { + ipstat.ips_badaddr++; + goto bad; + } } - /* - * Convert fields to host representation. - */ - NTOHS(ip->ip_len); - NTOHS(ip->ip_off); - len = ip->ip_len; + switch (m->m_pkthdr.csum_flags & + ((m->m_pkthdr.rcvif->if_csum_flags & M_CSUM_IPv4) | + M_CSUM_IPv4_BAD)) { + case M_CSUM_IPv4|M_CSUM_IPv4_BAD: + INET_CSUM_COUNTER_INCR(&ip_hwcsum_bad); + goto badcsum; + + case M_CSUM_IPv4: + /* Checksum was okay. */ + INET_CSUM_COUNTER_INCR(&ip_hwcsum_ok); + break; + + default: + /* Must compute it ourselves. */ + INET_CSUM_COUNTER_INCR(&ip_swcsum); + if (in_cksum(m, hlen) != 0) + goto bad; + break; + } + + /* Retrieve the packet length. */ + len = ntohs(ip->ip_len); /* * Check for additional length bogosity @@ -466,21 +526,39 @@ ip_input(struct mbuf *m) * Note that filters must _never_ set this flag, as another filter * in the list may have previously cleared it. */ - m0 = m; - pfh = pfil_hook_get(PFIL_IN, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); - for (; pfh; pfh = pfh->pfil_link.tqe_next) - if (pfh->pfil_func) { - rv = pfh->pfil_func(ip, hlen, - m->m_pkthdr.rcvif, 0, &m0); - if (rv) - return; - m = m0; - if (m == NULL) - return; - ip = mtod(m, struct ip *); - } + /* + * let ipfilter look at packet on the wire, + * not the decapsulated packet. + */ +#ifdef IPSEC + if (!ipsec_gethist(m, NULL)) +#else + if (1) +#endif + { + if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, + PFIL_IN) != 0) + return; + if (m == NULL) + return; + ip = mtod(m, struct ip *); + } #endif /* PFIL_HOOKS */ +#ifdef ALTQ + /* XXX Temporary until ALTQ is changed to use a pfil hook */ + if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) { + /* packet dropped by traffic conditioner */ + return; + } +#endif + + /* + * Convert fields to host representation. + */ + NTOHS(ip->ip_len); + NTOHS(ip->ip_off); + /* * Process options and, if not destined for us, * ship it on. ip_dooptions returns 1 when an @@ -687,11 +765,25 @@ found: IPQ_UNLOCK(); } +#ifdef IPSEC + /* + * enforce IPsec policy checking if we are seeing last header. + * note that we do not visit this with protocols with pcb layer + * code - like udp/tcp/raw ip. + */ + if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && + ipsec4_in_reject(m, NULL)) { + ipsecstat.in_polvio++; + goto bad; + } +#endif + /* * Switch out to protocol's input routine. */ #if IFA_STATS - ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; + if (ia && ip) + ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; #endif ipstat.ips_delivered++; { @@ -702,6 +794,11 @@ found: } bad: m_freem(m); + return; + +badcsum: + ipstat.ips_badsum++; + m_freem(m); } /* @@ -735,6 +832,17 @@ ip_reass(ipqe, fp) * If first fragment to arrive, create a reassembly queue. */ if (fp == 0) { + /* + * Enforce upper bound on number of fragmented packets + * for which we attempt reassembly; + * If maxfrag is 0, never accept fragments. + * If maxfrag is -1, accept all fragments without limitation. + */ + if (ip_maxfragpackets < 0) + ; + else if (ip_nfragpackets >= ip_maxfragpackets) + goto dropfrag; + ip_nfragpackets++; MALLOC(fp, struct ipq *, sizeof (struct ipq), M_FTABLE, M_NOWAIT); if (fp == NULL) @@ -850,6 +958,7 @@ insert: ip->ip_dst = fp->ipq_dst; LIST_REMOVE(fp, ipq_q); FREE(fp, M_FTABLE); + ip_nfragpackets--; m->m_len += (ip->ip_hl << 2); m->m_data -= (ip->ip_hl << 2); /* some debugging cruft by sklower, below, will go away soon */ @@ -888,6 +997,7 @@ ip_freef(fp) } LIST_REMOVE(fp, ipq_q); FREE(fp, M_FTABLE); + ip_nfragpackets--; } /* @@ -909,6 +1019,17 @@ ip_slowtimo() ip_freef(fp); } } + /* + * If we are over the maximum number of fragments + * (due to the limit being lowered), drain off + * enough to get down to the new limit. + */ + if (ip_maxfragpackets < 0) + ; + else { + while (ip_nfragpackets > ip_maxfragpackets && ipq.lh_first) + ip_freef(ipq.lh_first); + } IPQ_UNLOCK(); #ifdef GATEWAY ipflow_slowtimo(); @@ -967,8 +1088,12 @@ ip_dooptions(m) if (opt == IPOPT_NOP) optlen = 1; else { + if (cnt < IPOPT_OLEN + sizeof(*cp)) { + code = &cp[IPOPT_OLEN] - (u_char *)ip; + goto bad; + } optlen = cp[IPOPT_OLEN]; - if (optlen <= 0 || optlen > cnt) { + if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { code = &cp[IPOPT_OLEN] - (u_char *)ip; goto bad; } @@ -994,6 +1119,10 @@ ip_dooptions(m) code = ICMP_UNREACH_NET_PROHIB; goto bad; } + if (optlen < IPOPT_OFFSET + sizeof(*cp)) { + code = &cp[IPOPT_OLEN] - (u_char *)ip; + goto bad; + } if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { code = &cp[IPOPT_OFFSET] - (u_char *)ip; goto bad; @@ -1013,7 +1142,7 @@ ip_dooptions(m) break; } off--; /* 0 origin */ - if (off > optlen - sizeof(struct in_addr)) { + if ((off + sizeof(struct in_addr)) > optlen) { /* * End of source route. Should be for us. */ @@ -1045,6 +1174,10 @@ ip_dooptions(m) break; case IPOPT_RR: + if (optlen < IPOPT_OFFSET + sizeof(*cp)) { + code = &cp[IPOPT_OLEN] - (u_char *)ip; + goto bad; + } if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { code = &cp[IPOPT_OFFSET] - (u_char *)ip; goto bad; @@ -1053,7 +1186,7 @@ ip_dooptions(m) * If no space remains, ignore. */ off--; /* 0 origin */ - if (off > optlen - sizeof(struct in_addr)) + if ((off + sizeof(struct in_addr)) > optlen) break; bcopy((caddr_t)(&ip->ip_dst), (caddr_t)&ipaddr.sin_addr, sizeof(ipaddr.sin_addr)); @@ -1076,11 +1209,20 @@ ip_dooptions(m) case IPOPT_TS: code = cp - (u_char *)ip; ipt = (struct ip_timestamp *)cp; - if (ipt->ipt_len < 5) + if (ipt->ipt_len < 4 || ipt->ipt_len > 40) { + code = (u_char *)&ipt->ipt_len - (u_char *)ip; goto bad; + } + if (ipt->ipt_ptr < 5) { + code = (u_char *)&ipt->ipt_ptr - (u_char *)ip; + goto bad; + } if (ipt->ipt_ptr > ipt->ipt_len - sizeof (int32_t)) { - if (++ipt->ipt_oflw == 0) + if (++ipt->ipt_oflw == 0) { + code = (u_char *)&ipt->ipt_ptr - + (u_char *)ip; goto bad; + } break; } cp0 = (cp + ipt->ipt_ptr - 1); @@ -1091,8 +1233,11 @@ ip_dooptions(m) case IPOPT_TS_TSANDADDR: if (ipt->ipt_ptr - 1 + sizeof(n_time) + - sizeof(struct in_addr) > ipt->ipt_len) + sizeof(struct in_addr) > ipt->ipt_len) { + code = (u_char *)&ipt->ipt_ptr - + (u_char *)ip; goto bad; + } ipaddr.sin_addr = dst; ia = ifatoia(ifaof_ifpforaddr(sintosa(&ipaddr), m->m_pkthdr.rcvif)); @@ -1105,8 +1250,11 @@ ip_dooptions(m) case IPOPT_TS_PRESPEC: if (ipt->ipt_ptr - 1 + sizeof(n_time) + - sizeof(struct in_addr) > ipt->ipt_len) + sizeof(struct in_addr) > ipt->ipt_len) { + code = (u_char *)&ipt->ipt_ptr - + (u_char *)ip; goto bad; + } bcopy(cp0, &ipaddr.sin_addr, sizeof(struct in_addr)); if (ifatoia(ifa_ifwithaddr(sintosa(&ipaddr))) @@ -1116,6 +1264,9 @@ ip_dooptions(m) break; default: + /* XXX can't take &ipt->ipt_flg */ + code = (u_char *)&ipt->ipt_ptr - + (u_char *)ip + 1; goto bad; } ntime = iptime(); @@ -1328,6 +1479,11 @@ ip_forward(m, srcrt) struct ifnet dummyifp; #endif + /* + * Clear any in-bound checksum flags for this packet. + */ + m->m_pkthdr.csum_flags = 0; + dest = 0; #ifdef DIAGNOSTIC if (ipprintfs) @@ -1368,8 +1524,11 @@ ip_forward(m, srcrt) /* * Save at most 68 bytes of the packet in case * we need to generate an ICMP message to the src. + * Pullup to avoid sharing mbuf cluster between m and mcopy. */ - mcopy = m_copy(m, 0, imin((int)ip->ip_len, 68)); + mcopy = m_copym(m, 0, imin((int)ip->ip_len, 68), M_DONTWAIT); + if (mcopy) + mcopy = m_pullup(mcopy, ip->ip_hl << 2); /* * If forwarding packet using same interface that it came in on, @@ -1405,8 +1564,8 @@ ip_forward(m, srcrt) } #ifdef IPSEC - /* Don't lookup socket in forwading case */ - ipsec_setsocket(m, NULL); + /* Don't lookup socket in forwarding case */ + (void)ipsec_setsocket(m, NULL); #endif error = ip_output(m, (struct mbuf *)0, &ipforward_rt, (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); @@ -1635,7 +1794,8 @@ ip_sysctl(name, namelen, oldp, oldlenp, case IPCTL_ANONPORTMIN: old = anonportmin; error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmin); - if (anonportmin >= anonportmax || anonportmin > 65535 + if (anonportmin >= anonportmax || anonportmin < 0 + || anonportmin > 65535 #ifndef IPNOPRIVPORTS || anonportmin < IPPORT_RESERVED #endif @@ -1647,7 +1807,8 @@ ip_sysctl(name, namelen, oldp, oldlenp, case IPCTL_ANONPORTMAX: old = anonportmax; error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmax); - if (anonportmin >= anonportmax || anonportmax > 65535 + if (anonportmin >= anonportmax || anonportmax < 0 + || anonportmax > 65535 #ifndef IPNOPRIVPORTS || anonportmax < IPPORT_RESERVED #endif @@ -1685,6 +1846,35 @@ ip_sysctl(name, namelen, oldp, oldlenp, &ip_gif_ttl)); #endif +#ifndef IPNOPRIVPORTS + case IPCTL_LOWPORTMIN: + old = lowportmin; + error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmin); + if (lowportmin >= lowportmax + || lowportmin > IPPORT_RESERVEDMAX + || lowportmin < IPPORT_RESERVEDMIN + ) { + lowportmin = old; + return (EINVAL); + } + return (error); + case IPCTL_LOWPORTMAX: + old = lowportmax; + error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmax); + if (lowportmin >= lowportmax + || lowportmax > IPPORT_RESERVEDMAX + || lowportmax < IPPORT_RESERVEDMIN + ) { + lowportmax = old; + return (EINVAL); + } + return (error); +#endif + + case IPCTL_MAXFRAGPACKETS: + return (sysctl_int(oldp, oldlenp, newp, newlen, + &ip_maxfragpackets)); + default: return (EOPNOTSUPP); }