Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.218.2.9 retrieving revision 1.254.2.1 diff -u -p -r1.218.2.9 -r1.254.2.1 --- src/sys/netinet/ip_input.c 2008/02/11 15:00:04 1.218.2.9 +++ src/sys/netinet/ip_input.c 2007/11/13 16:02:51 1.254.2.1 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.218.2.9 2008/02/11 15:00:04 yamt Exp $ */ +/* $NetBSD: ip_input.c,v 1.254.2.1 2007/11/13 16:02:51 bouyer Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -98,7 +98,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.218.2.9 2008/02/11 15:00:04 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.254.2.1 2007/11/13 16:02:51 bouyer Exp $"); #include "opt_inet.h" #include "opt_gateway.h" @@ -417,7 +417,6 @@ ip_init(void) for (i = 0; i < IPREASS_NHASH; i++) LIST_INIT(&ipq[i]); - ip_initid(); ip_id = time_second & 0xfffff; ipintrq.ifq_maxlen = ipqmaxlen; @@ -897,18 +896,7 @@ ours: * but it's not worth the time; just let them time out.) */ if (ip->ip_off & ~htons(IP_DF|IP_RF)) { - uint16_t off; - /* - * Prevent TCP blind data attacks by not allowing non-initial - * fragments to start at less than 68 bytes (minimal fragment - * size) and making sure the first fragment is at least 68 - * bytes. - */ - off = (ntohs(ip->ip_off) & IP_OFFMASK) << 3; - if ((off > 0 ? off + hlen : len) < IP_MINFRAGSIZE - 1) { - ipstat.ips_badfrags++; - goto bad; - } + /* * Look for queue of fragments * of this datagram. @@ -919,17 +907,9 @@ ours: if (ip->ip_id == fp->ipq_id && in_hosteq(ip->ip_src, fp->ipq_src) && in_hosteq(ip->ip_dst, fp->ipq_dst) && - ip->ip_p == fp->ipq_p) { - /* - * Make sure the TOS is matches previous - * fragments. - */ - if (ip->ip_tos != fp->ipq_tos) { - ipstat.ips_badfrags++; - goto bad; - } + ip->ip_p == fp->ipq_p) goto found; - } + } fp = 0; found: @@ -1125,7 +1105,6 @@ ip_reass(struct ipqent *ipqe, struct ipq fp->ipq_ttl = IPFRAGTTL; fp->ipq_p = ipqe->ipqe_ip->ip_p; fp->ipq_id = ipqe->ipqe_ip->ip_id; - fp->ipq_tos = ipqe->ipqe_ip->ip_tos; TAILQ_INIT(&fp->ipq_fragq); fp->ipq_src = ipqe->ipqe_ip->ip_src; fp->ipq_dst = ipqe->ipqe_ip->ip_dst; @@ -1797,15 +1776,12 @@ ip_srcroute(void) } const int inetctlerrmap[PRC_NCMDS] = { - [PRC_MSGSIZE] = EMSGSIZE, - [PRC_HOSTDEAD] = EHOSTDOWN, - [PRC_HOSTUNREACH] = EHOSTUNREACH, - [PRC_UNREACH_NET] = EHOSTUNREACH, - [PRC_UNREACH_HOST] = EHOSTUNREACH, - [PRC_UNREACH_PROTOCOL] = ECONNREFUSED, - [PRC_UNREACH_PORT] = ECONNREFUSED, - [PRC_UNREACH_SRCFAIL] = EHOSTUNREACH, - [PRC_PARAMPROB] = ENOPROTOOPT, + 0, 0, 0, 0, + 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, + EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, + EMSGSIZE, EHOSTUNREACH, 0, 0, + 0, 0, 0, 0, + ENOPROTOOPT }; /* @@ -1955,8 +1931,8 @@ ip_forward(struct mbuf *m, int srcrt) type = ICMP_UNREACH; code = ICMP_UNREACH_NEEDFRAG; #if !defined(IPSEC) && !defined(FAST_IPSEC) - if ((rt = rtcache_validate(&ipforward_rt)) != NULL) - destmtu = rt->rt_ifp->if_mtu; + if (ipforward_rt.ro_rt != NULL) + destmtu = ipforward_rt.ro_rt->rt_ifp->if_mtu; #else /* * If the packet is routed over IPsec tunnel, tell the @@ -1964,7 +1940,7 @@ ip_forward(struct mbuf *m, int srcrt) * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz * XXX quickhack!!! */ - if ((rt = rtcache_validate(&ipforward_rt)) != NULL) { + if (ipforward_rt.ro_rt != NULL) { struct secpolicy *sp; int ipsecerror; size_t ipsechdr; @@ -1975,7 +1951,7 @@ ip_forward(struct mbuf *m, int srcrt) &ipsecerror); if (sp == NULL) - destmtu = rt->rt_ifp->if_mtu; + destmtu = ipforward_rt.ro_rt->rt_ifp->if_mtu; else { /* count IPsec header size */ ipsechdr = ipsec4_hdrsiz(mcopy, @@ -1990,11 +1966,11 @@ ip_forward(struct mbuf *m, int srcrt) && sp->req->sav != NULL && sp->req->sav->sah != NULL) { ro = &sp->req->sav->sah->sa_route; - if (rt && rt->rt_ifp) { + if (ro->ro_rt && ro->ro_rt->rt_ifp) { destmtu = - rt->rt_rmx.rmx_mtu ? - rt->rt_rmx.rmx_mtu : - rt->rt_ifp->if_mtu; + ro->ro_rt->rt_rmx.rmx_mtu ? + ro->ro_rt->rt_rmx.rmx_mtu : + ro->ro_rt->rt_ifp->if_mtu; destmtu -= ipsechdr; } }