version 1.219.2.2, 2005/11/02 11:58:11 |
version 1.233, 2006/10/05 17:35:19 |
Line 121 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 121 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <sys/kernel.h> |
#include <sys/kernel.h> |
#include <sys/pool.h> |
#include <sys/pool.h> |
#include <sys/sysctl.h> |
#include <sys/sysctl.h> |
|
#include <sys/kauth.h> |
|
|
#include <net/if.h> |
#include <net/if.h> |
#include <net/if_dl.h> |
#include <net/if_dl.h> |
Line 279 static u_int ip_reass_ttl_decr(u_int tic |
|
Line 280 static u_int ip_reass_ttl_decr(u_int tic |
|
static void ip_reass_drophalf(void); |
static void ip_reass_drophalf(void); |
|
|
|
|
static __inline int ipq_lock_try(void); |
static inline int ipq_lock_try(void); |
static __inline void ipq_unlock(void); |
static inline void ipq_unlock(void); |
|
|
static __inline int |
static inline int |
ipq_lock_try(void) |
ipq_lock_try(void) |
{ |
{ |
int s; |
int s; |
Line 301 ipq_lock_try(void) |
|
Line 302 ipq_lock_try(void) |
|
return (1); |
return (1); |
} |
} |
|
|
static __inline void |
static inline void |
ipq_unlock(void) |
ipq_unlock(void) |
{ |
{ |
int s; |
int s; |
|
|
for (i = 0; i < IPREASS_NHASH; i++) |
for (i = 0; i < IPREASS_NHASH; i++) |
LIST_INIT(&ipq[i]); |
LIST_INIT(&ipq[i]); |
|
|
ip_id = time.tv_sec & 0xfffff; |
ip_id = time_second & 0xfffff; |
|
|
ipintrq.ifq_maxlen = ipqmaxlen; |
ipintrq.ifq_maxlen = ipqmaxlen; |
ip_nmbclusters_changed(); |
ip_nmbclusters_changed(); |
|
|
#endif /* MBUFTRACE */ |
#endif /* MBUFTRACE */ |
} |
} |
|
|
struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; |
struct sockaddr_in ipaddr = { |
|
.sin_len = sizeof(ipaddr), |
|
.sin_family = AF_INET, |
|
}; |
struct route ipforward_rt; |
struct route ipforward_rt; |
|
|
/* |
/* |
Line 484 ip_input(struct mbuf *m) |
|
Line 488 ip_input(struct mbuf *m) |
|
int downmatch; |
int downmatch; |
int checkif; |
int checkif; |
int srcrt = 0; |
int srcrt = 0; |
|
int s; |
u_int hash; |
u_int hash; |
#ifdef FAST_IPSEC |
#ifdef FAST_IPSEC |
struct m_tag *mtag; |
struct m_tag *mtag; |
struct tdb_ident *tdbi; |
struct tdb_ident *tdbi; |
struct secpolicy *sp; |
struct secpolicy *sp; |
int s, error; |
int error; |
#endif /* FAST_IPSEC */ |
#endif /* FAST_IPSEC */ |
|
|
MCLAIM(m, &ip_rx_mowner); |
MCLAIM(m, &ip_rx_mowner); |
Line 732 ip_input(struct mbuf *m) |
|
Line 737 ip_input(struct mbuf *m) |
|
} |
} |
if (ia != NULL) |
if (ia != NULL) |
goto ours; |
goto ours; |
if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { |
if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { |
IFADDR_FOREACH(ifa, m->m_pkthdr.rcvif) { |
IFADDR_FOREACH(ifa, m->m_pkthdr.rcvif) { |
if (ifa->ifa_addr->sa_family != AF_INET) |
if (ifa->ifa_addr->sa_family != AF_INET) |
continue; |
continue; |
|
|
*/ |
*/ |
if (mff || ip->ip_off != htons(0)) { |
if (mff || ip->ip_off != htons(0)) { |
ipstat.ips_fragments++; |
ipstat.ips_fragments++; |
|
s = splvm(); |
ipqe = pool_get(&ipqent_pool, PR_NOWAIT); |
ipqe = pool_get(&ipqent_pool, PR_NOWAIT); |
|
splx(s); |
if (ipqe == NULL) { |
if (ipqe == NULL) { |
ipstat.ips_rcvmemdrop++; |
ipstat.ips_rcvmemdrop++; |
IPQ_UNLOCK(); |
IPQ_UNLOCK(); |
|
|
goto bad; |
goto bad; |
} |
} |
#endif |
#endif |
#if FAST_IPSEC |
#ifdef FAST_IPSEC |
/* |
/* |
* enforce IPsec policy checking if we are seeing last header. |
* enforce IPsec policy checking if we are seeing last header. |
* note that we do not visit this with protocols with pcb layer |
* note that we do not visit this with protocols with pcb layer |
Line 1051 ip_reass(struct ipqent *ipqe, struct ipq |
|
Line 1058 ip_reass(struct ipqent *ipqe, struct ipq |
|
struct ip *ip; |
struct ip *ip; |
struct mbuf *t; |
struct mbuf *t; |
int hlen = ipqe->ipqe_ip->ip_hl << 2; |
int hlen = ipqe->ipqe_ip->ip_hl << 2; |
int i, next; |
int i, next, s; |
|
|
IPQ_LOCK_CHECK(); |
IPQ_LOCK_CHECK(); |
|
|
Line 1156 ip_reass(struct ipqent *ipqe, struct ipq |
|
Line 1163 ip_reass(struct ipqent *ipqe, struct ipq |
|
nq = TAILQ_NEXT(q, ipqe_q); |
nq = TAILQ_NEXT(q, ipqe_q); |
m_freem(q->ipqe_m); |
m_freem(q->ipqe_m); |
TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); |
TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); |
|
s = splvm(); |
pool_put(&ipqent_pool, q); |
pool_put(&ipqent_pool, q); |
|
splx(s); |
fp->ipq_nfrags--; |
fp->ipq_nfrags--; |
ip_nfrags--; |
ip_nfrags--; |
} |
} |
|
|
m->m_next = 0; |
m->m_next = 0; |
m_cat(m, t); |
m_cat(m, t); |
nq = TAILQ_NEXT(q, ipqe_q); |
nq = TAILQ_NEXT(q, ipqe_q); |
|
s = splvm(); |
pool_put(&ipqent_pool, q); |
pool_put(&ipqent_pool, q); |
|
splx(s); |
for (q = nq; q != NULL; q = nq) { |
for (q = nq; q != NULL; q = nq) { |
t = q->ipqe_m; |
t = q->ipqe_m; |
nq = TAILQ_NEXT(q, ipqe_q); |
nq = TAILQ_NEXT(q, ipqe_q); |
|
s = splvm(); |
pool_put(&ipqent_pool, q); |
pool_put(&ipqent_pool, q); |
|
splx(s); |
m_cat(m, t); |
m_cat(m, t); |
} |
} |
ip_nfrags -= fp->ipq_nfrags; |
ip_nfrags -= fp->ipq_nfrags; |
|
|
ip_nfrags--; |
ip_nfrags--; |
ipstat.ips_fragdropped++; |
ipstat.ips_fragdropped++; |
m_freem(m); |
m_freem(m); |
|
s = splvm(); |
pool_put(&ipqent_pool, ipqe); |
pool_put(&ipqent_pool, ipqe); |
|
splx(s); |
return (0); |
return (0); |
} |
} |
|
|
Line 1249 ip_freef(struct ipq *fp) |
|
Line 1264 ip_freef(struct ipq *fp) |
|
{ |
{ |
struct ipqent *q, *p; |
struct ipqent *q, *p; |
u_int nfrags = 0; |
u_int nfrags = 0; |
|
int s; |
|
|
IPQ_LOCK_CHECK(); |
IPQ_LOCK_CHECK(); |
|
|
Line 1257 ip_freef(struct ipq *fp) |
|
Line 1273 ip_freef(struct ipq *fp) |
|
m_freem(q->ipqe_m); |
m_freem(q->ipqe_m); |
nfrags++; |
nfrags++; |
TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); |
TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); |
|
s = splvm(); |
pool_put(&ipqent_pool, q); |
pool_put(&ipqent_pool, q); |
|
splx(s); |
} |
} |
|
|
if (nfrags != fp->ipq_nfrags) |
if (nfrags != fp->ipq_nfrags) |
Line 1839 ip_forward(struct mbuf *m, int srcrt) |
|
Line 1857 ip_forward(struct mbuf *m, int srcrt) |
|
|
|
dest = 0; |
dest = 0; |
#ifdef DIAGNOSTIC |
#ifdef DIAGNOSTIC |
if (ipprintfs) |
if (ipprintfs) { |
printf("forward: src %2.2x dst %2.2x ttl %x\n", |
printf("forward: src %s ", inet_ntoa(ip->ip_src)); |
ntohl(ip->ip_src.s_addr), |
printf("dst %s ttl %x\n", inet_ntoa(ip->ip_dst), ip->ip_ttl); |
ntohl(ip->ip_dst.s_addr), ip->ip_ttl); |
} |
#endif |
#endif |
if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) { |
if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) { |
ipstat.ips_cantforward++; |
ipstat.ips_cantforward++; |
Line 2093 ip_savecontrol(struct inpcb *inp, struct |
|
Line 2111 ip_savecontrol(struct inpcb *inp, struct |
|
} |
} |
|
|
/* |
/* |
|
* sysctl helper routine for net.inet.ip.forwsrcrt. |
|
*/ |
|
static int |
|
sysctl_net_inet_ip_forwsrcrt(SYSCTLFN_ARGS) |
|
{ |
|
int error, tmp; |
|
struct sysctlnode node; |
|
|
|
node = *rnode; |
|
tmp = ip_forwsrcrt; |
|
node.sysctl_data = &tmp; |
|
error = sysctl_lookup(SYSCTLFN_CALL(&node)); |
|
if (error || newp == NULL) |
|
return (error); |
|
|
|
if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FORWSRCRT, |
|
0, NULL, NULL, NULL)) |
|
return (EPERM); |
|
|
|
ip_forwsrcrt = tmp; |
|
|
|
return (0); |
|
} |
|
|
|
/* |
* sysctl helper routine for net.inet.ip.mtudisctimeout. checks the |
* sysctl helper routine for net.inet.ip.mtudisctimeout. checks the |
* range of the new value and tweaks timers if it changes. |
* range of the new value and tweaks timers if it changes. |
*/ |
*/ |
Line 2193 SYSCTL_SETUP(sysctl_net_inet_ip_setup, " |
|
Line 2236 SYSCTL_SETUP(sysctl_net_inet_ip_setup, " |
|
IPCTL_DEFMTU, CTL_EOL); |
IPCTL_DEFMTU, CTL_EOL); |
#endif /* IPCTL_DEFMTU */ |
#endif /* IPCTL_DEFMTU */ |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READONLY1, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "forwsrcrt", |
CTLTYPE_INT, "forwsrcrt", |
SYSCTL_DESCR("Enable forwarding of source-routed " |
SYSCTL_DESCR("Enable forwarding of source-routed " |
"datagrams"), |
"datagrams"), |
NULL, 0, &ip_forwsrcrt, 0, |
sysctl_net_inet_ip_forwsrcrt, 0, &ip_forwsrcrt, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_FORWSRCRT, CTL_EOL); |
IPCTL_FORWSRCRT, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |