version 1.135.2.2, 2002/01/10 20:02:50 |
version 1.151, 2002/06/07 13:43:47 |
Line 139 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 139 __KERNEL_RCSID(0, "$NetBSD$"); |
|
/* just for gif_ttl */ |
/* just for gif_ttl */ |
#include <netinet/in_gif.h> |
#include <netinet/in_gif.h> |
#include "gif.h" |
#include "gif.h" |
|
#include <net/if_gre.h> |
|
#include "gre.h" |
|
|
#ifdef MROUTING |
#ifdef MROUTING |
#include <netinet/ip_mroute.h> |
#include <netinet/ip_mroute.h> |
Line 199 struct rttimer_queue *ip_mtudisc_timeout |
|
Line 201 struct rttimer_queue *ip_mtudisc_timeout |
|
|
|
extern struct domain inetdomain; |
extern struct domain inetdomain; |
int ipqmaxlen = IFQ_MAXLEN; |
int ipqmaxlen = IFQ_MAXLEN; |
|
u_long in_ifaddrhash; /* size of hash table - 1 */ |
|
int in_ifaddrentries; /* total number of addrs */ |
struct in_ifaddrhead in_ifaddr; |
struct in_ifaddrhead in_ifaddr; |
struct in_ifaddrhashhead *in_ifaddrhashtbl; |
struct in_ifaddrhashhead *in_ifaddrhashtbl; |
struct ifqueue ipintrq; |
struct ifqueue ipintrq; |
|
|
int s; |
int s; |
|
|
/* |
/* |
* Use splvm() -- we're bloking things that would cause |
* Use splvm() -- we're blocking things that would cause |
* mbuf allocation. |
* mbuf allocation. |
*/ |
*/ |
s = splvm(); |
s = splvm(); |
|
|
int i; |
int i; |
|
|
pool_init(&ipqent_pool, sizeof(struct ipqent), 0, 0, 0, "ipqepl", |
pool_init(&ipqent_pool, sizeof(struct ipqent), 0, 0, 0, "ipqepl", |
0, NULL, NULL, M_IPQ); |
NULL); |
|
|
pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); |
pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); |
if (pr == 0) |
if (pr == 0) |
Line 507 ip_input(struct mbuf *m) |
|
Line 511 ip_input(struct mbuf *m) |
|
} |
} |
|
|
#ifdef IPSEC |
#ifdef IPSEC |
/* ipflow (IP fast fowarding) is not compatible with IPsec. */ |
/* ipflow (IP fast forwarding) is not compatible with IPsec. */ |
m->m_flags &= ~M_CANFASTFWD; |
m->m_flags &= ~M_CANFASTFWD; |
#else |
#else |
/* |
/* |
Line 614 ip_input(struct mbuf *m) |
|
Line 618 ip_input(struct mbuf *m) |
|
#ifdef MROUTING |
#ifdef MROUTING |
extern struct socket *ip_mrouter; |
extern struct socket *ip_mrouter; |
|
|
if (m->m_flags & M_EXT) { |
if (M_READONLY(m)) { |
if ((m = m_pullup(m, hlen)) == 0) { |
if ((m = m_pullup(m, hlen)) == 0) { |
ipstat.ips_toosmall++; |
ipstat.ips_toosmall++; |
return; |
return; |
Line 685 ip_input(struct mbuf *m) |
|
Line 689 ip_input(struct mbuf *m) |
|
ipstat.ips_cantforward++; |
ipstat.ips_cantforward++; |
return; |
return; |
} |
} |
|
#ifdef IPSEC |
|
if (ipsec4_in_reject(m, NULL)) { |
|
ipsecstat.in_polvio++; |
|
goto bad; |
|
} |
|
#endif |
|
|
ip_forward(m, 0); |
ip_forward(m, 0); |
} |
} |
return; |
return; |
Line 849 ip_reass(ipqe, fp) |
|
Line 860 ip_reass(ipqe, fp) |
|
fp->ipq_ttl = IPFRAGTTL; |
fp->ipq_ttl = IPFRAGTTL; |
fp->ipq_p = ipqe->ipqe_ip->ip_p; |
fp->ipq_p = ipqe->ipqe_ip->ip_p; |
fp->ipq_id = ipqe->ipqe_ip->ip_id; |
fp->ipq_id = ipqe->ipqe_ip->ip_id; |
LIST_INIT(&fp->ipq_fragq); |
TAILQ_INIT(&fp->ipq_fragq); |
fp->ipq_src = ipqe->ipqe_ip->ip_src; |
fp->ipq_src = ipqe->ipqe_ip->ip_src; |
fp->ipq_dst = ipqe->ipqe_ip->ip_dst; |
fp->ipq_dst = ipqe->ipqe_ip->ip_dst; |
p = NULL; |
p = NULL; |
Line 859 ip_reass(ipqe, fp) |
|
Line 870 ip_reass(ipqe, fp) |
|
/* |
/* |
* Find a segment which begins after this one does. |
* Find a segment which begins after this one does. |
*/ |
*/ |
for (p = NULL, q = LIST_FIRST(&fp->ipq_fragq); q != NULL; |
for (p = NULL, q = TAILQ_FIRST(&fp->ipq_fragq); q != NULL; |
p = q, q = LIST_NEXT(q, ipqe_q)) |
p = q, q = TAILQ_NEXT(q, ipqe_q)) |
if (q->ipqe_ip->ip_off > ipqe->ipqe_ip->ip_off) |
if (q->ipqe_ip->ip_off > ipqe->ipqe_ip->ip_off) |
break; |
break; |
|
|
Line 895 ip_reass(ipqe, fp) |
|
Line 906 ip_reass(ipqe, fp) |
|
m_adj(q->ipqe_m, i); |
m_adj(q->ipqe_m, i); |
break; |
break; |
} |
} |
nq = LIST_NEXT(q, ipqe_q); |
nq = TAILQ_NEXT(q, ipqe_q); |
m_freem(q->ipqe_m); |
m_freem(q->ipqe_m); |
LIST_REMOVE(q, ipqe_q); |
TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); |
pool_put(&ipqent_pool, q); |
pool_put(&ipqent_pool, q); |
} |
} |
|
|
|
|
* check for complete reassembly. |
* check for complete reassembly. |
*/ |
*/ |
if (p == NULL) { |
if (p == NULL) { |
LIST_INSERT_HEAD(&fp->ipq_fragq, ipqe, ipqe_q); |
TAILQ_INSERT_HEAD(&fp->ipq_fragq, ipqe, ipqe_q); |
} else { |
} else { |
LIST_INSERT_AFTER(p, ipqe, ipqe_q); |
TAILQ_INSERT_AFTER(&fp->ipq_fragq, p, ipqe, ipqe_q); |
} |
} |
next = 0; |
next = 0; |
for (p = NULL, q = LIST_FIRST(&fp->ipq_fragq); q != NULL; |
for (p = NULL, q = TAILQ_FIRST(&fp->ipq_fragq); q != NULL; |
p = q, q = LIST_NEXT(q, ipqe_q)) { |
p = q, q = TAILQ_NEXT(q, ipqe_q)) { |
if (q->ipqe_ip->ip_off != next) |
if (q->ipqe_ip->ip_off != next) |
return (0); |
return (0); |
next += q->ipqe_ip->ip_len; |
next += q->ipqe_ip->ip_len; |
|
|
* Reassembly is complete. Check for a bogus message size and |
* Reassembly is complete. Check for a bogus message size and |
* concatenate fragments. |
* concatenate fragments. |
*/ |
*/ |
q = LIST_FIRST(&fp->ipq_fragq); |
q = TAILQ_FIRST(&fp->ipq_fragq); |
ip = q->ipqe_ip; |
ip = q->ipqe_ip; |
if ((next + (ip->ip_hl << 2)) > IP_MAXPACKET) { |
if ((next + (ip->ip_hl << 2)) > IP_MAXPACKET) { |
ipstat.ips_toolong++; |
ipstat.ips_toolong++; |
|
|
t = m->m_next; |
t = m->m_next; |
m->m_next = 0; |
m->m_next = 0; |
m_cat(m, t); |
m_cat(m, t); |
nq = LIST_NEXT(q, ipqe_q); |
nq = TAILQ_NEXT(q, ipqe_q); |
pool_put(&ipqent_pool, q); |
pool_put(&ipqent_pool, q); |
for (q = nq; q != NULL; q = nq) { |
for (q = nq; q != NULL; q = nq) { |
t = q->ipqe_m; |
t = q->ipqe_m; |
nq = LIST_NEXT(q, ipqe_q); |
nq = TAILQ_NEXT(q, ipqe_q); |
pool_put(&ipqent_pool, q); |
pool_put(&ipqent_pool, q); |
m_cat(m, t); |
m_cat(m, t); |
} |
} |
|
|
|
|
IPQ_LOCK_CHECK(); |
IPQ_LOCK_CHECK(); |
|
|
for (q = LIST_FIRST(&fp->ipq_fragq); q != NULL; q = p) { |
for (q = TAILQ_FIRST(&fp->ipq_fragq); q != NULL; q = p) { |
p = LIST_NEXT(q, ipqe_q); |
p = TAILQ_NEXT(q, ipqe_q); |
m_freem(q->ipqe_m); |
m_freem(q->ipqe_m); |
LIST_REMOVE(q, ipqe_q); |
TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); |
pool_put(&ipqent_pool, q); |
pool_put(&ipqent_pool, q); |
} |
} |
LIST_REMOVE(fp, ipq_q); |
LIST_REMOVE(fp, ipq_q); |
Line 1651 ip_forward(m, srcrt) |
|
Line 1662 ip_forward(m, srcrt) |
|
ro = &sp->req->sav->sah->sa_route; |
ro = &sp->req->sav->sah->sa_route; |
if (ro->ro_rt && ro->ro_rt->rt_ifp) { |
if (ro->ro_rt && ro->ro_rt->rt_ifp) { |
dummyifp.if_mtu = |
dummyifp.if_mtu = |
|
ro->ro_rt->rt_rmx.rmx_mtu ? |
|
ro->ro_rt->rt_rmx.rmx_mtu : |
ro->ro_rt->rt_ifp->if_mtu; |
ro->ro_rt->rt_ifp->if_mtu; |
dummyifp.if_mtu -= ipsechdr; |
dummyifp.if_mtu -= ipsechdr; |
destifp = &dummyifp; |
destifp = &dummyifp; |
Line 1665 ip_forward(m, srcrt) |
|
Line 1678 ip_forward(m, srcrt) |
|
break; |
break; |
|
|
case ENOBUFS: |
case ENOBUFS: |
|
#if 1 |
|
/* |
|
* a router should not generate ICMP_SOURCEQUENCH as |
|
* required in RFC1812 Requirements for IP Version 4 Routers. |
|
* source quench could be a big problem under DoS attacks, |
|
* or if the underlying interface is rate-limited. |
|
*/ |
|
if (mcopy) |
|
m_freem(mcopy); |
|
return; |
|
#else |
type = ICMP_SOURCEQUENCH; |
type = ICMP_SOURCEQUENCH; |
code = 0; |
code = 0; |
break; |
break; |
|
#endif |
} |
} |
icmp_error(mcopy, type, code, dest, destifp); |
icmp_error(mcopy, type, code, dest, destifp); |
} |
} |
Line 1844 ip_sysctl(name, namelen, oldp, oldlenp, |
|
Line 1869 ip_sysctl(name, namelen, oldp, oldlenp, |
|
&ip_gif_ttl)); |
&ip_gif_ttl)); |
#endif |
#endif |
|
|
|
#if NGRE > 0 |
|
case IPCTL_GRE_TTL: |
|
return(sysctl_int(oldp, oldlenp, newp, newlen, |
|
&ip_gre_ttl)); |
|
#endif |
|
|
#ifndef IPNOPRIVPORTS |
#ifndef IPNOPRIVPORTS |
case IPCTL_LOWPORTMIN: |
case IPCTL_LOWPORTMIN: |
old = lowportmin; |
old = lowportmin; |