Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.177 retrieving revision 1.186 diff -u -p -r1.177 -r1.186 --- src/sys/netinet/ip_input.c 2003/09/06 00:24:54 1.177 +++ src/sys/netinet/ip_input.c 2003/11/24 20:54:59 1.186 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.177 2003/09/06 00:24:54 itojun Exp $ */ +/* $NetBSD: ip_input.c,v 1.186 2003/11/24 20:54:59 scw Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -98,8 +98,9 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.177 2003/09/06 00:24:54 itojun Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.186 2003/11/24 20:54:59 scw Exp $"); +#include "opt_inet.h" #include "opt_gateway.h" #include "opt_pfil_hooks.h" #include "opt_ipsec.h" @@ -197,6 +198,11 @@ int ip_mtudisc_timeout = IPMTUDISCTIMEOU #ifdef DIAGNOSTIC int ipprintfs = 0; #endif + +#ifdef RANDOM_IP_ID +int ip_do_randomid = 0; +#endif + /* * XXX - Setting ip_checkinterface mostly implements the receive side of * the Strong ES model described in RFC 1122, but since the routing table @@ -219,14 +225,14 @@ extern struct domain inetdomain; int ipqmaxlen = IFQ_MAXLEN; u_long in_ifaddrhash; /* size of hash table - 1 */ int in_ifaddrentries; /* total number of addrs */ -struct in_ifaddrhead in_ifaddr; +struct in_ifaddrhead in_ifaddrhead; struct in_ifaddrhashhead *in_ifaddrhashtbl; u_long in_multihash; /* size of hash table - 1 */ int in_multientries; /* total number of addrs */ struct in_multihashhead *in_multihashtbl; struct ifqueue ipintrq; struct ipstat ipstat; -u_int16_t ip_id; +uint16_t ip_id; #ifdef PFIL_HOOKS struct pfil_head inet_pfil_hook; @@ -360,9 +366,9 @@ ip_init() pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) ip_protox[pr->pr_protocol] = pr - inetsw; LIST_INIT(&ipq); - ip_id = time.tv_sec & 0xffff; + ip_id = time.tv_sec & 0xfffff; ipintrq.ifq_maxlen = ipqmaxlen; - TAILQ_INIT(&in_ifaddr); + TAILQ_INIT(&in_ifaddrhead); in_ifaddrhashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, M_IFADDR, M_WAITOK, &in_ifaddrhash); in_multihashtbl = hashinit(IN_IFADDR_HASH_SIZE, HASH_LIST, M_IPMADDR, @@ -445,22 +451,12 @@ ip_input(struct mbuf *m) if ((m->m_flags & M_PKTHDR) == 0) panic("ipintr no HDR"); #endif -#ifdef IPSEC - /* - * should the inner packet be considered authentic? - * see comment in ah4_input(). - */ - if (m) { - m->m_flags &= ~M_AUTHIPHDR; - m->m_flags &= ~M_AUTHIPDGM; - } -#endif /* * If no IP addresses have been set yet but the interfaces * are receiving, can't do anything with incoming packets yet. */ - if (TAILQ_FIRST(&in_ifaddr) == 0) + if (TAILQ_FIRST(&in_ifaddrhead) == 0) goto bad; ipstat.ips_total++; /* @@ -592,6 +588,8 @@ ip_input(struct mbuf *m) */ #ifdef IPSEC if (!ipsec_getnhist(m)) +#elif defined(FAST_IPSEC) + if (!ipsec_indone(m)) #else if (1) #endif @@ -1934,9 +1932,9 @@ ip_sysctl(name, namelen, oldp, oldlenp, int error, old; - /* All sysctl names at this level are terminal. */ - if (namelen != 1) - return (ENOTDIR); + /* All sysctl names (except ifq.*) at this level are terminal. */ + if ((namelen != 1) && !(namelen == 2 && name[0] == IPCTL_IFQ)) + return (ENOTDIR); switch (name[0]) { case IPCTL_FORWARDING: @@ -2071,6 +2069,19 @@ ip_sysctl(name, namelen, oldp, oldlenp, case IPCTL_CHECKINTERFACE: return (sysctl_int(oldp, oldlenp, newp, newlen, &ip_checkinterface)); + + case IPCTL_IFQ: + return (sysctl_ifq(name + 1, namelen - 1, oldp, oldlenp, + newp, newlen, &ipintrq)); + + case IPCTL_RANDOMID: +#ifdef RANDOM_IP_ID + return (sysctl_int(oldp, oldlenp, newp, newlen, + &ip_do_randomid)); +#else + return (sysctl_rdint(oldp, oldlenp, newp, 0)); +#endif + default: return (EOPNOTSUPP); }