version 1.223.6.1, 2006/02/04 14:18:52 |
version 1.230, 2006/09/08 20:58:58 |
Line 121 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 121 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <sys/kernel.h> |
#include <sys/kernel.h> |
#include <sys/pool.h> |
#include <sys/pool.h> |
#include <sys/sysctl.h> |
#include <sys/sysctl.h> |
|
#include <sys/kauth.h> |
|
|
#include <net/if.h> |
#include <net/if.h> |
#include <net/if_dl.h> |
#include <net/if_dl.h> |
|
|
#endif /* MBUFTRACE */ |
#endif /* MBUFTRACE */ |
} |
} |
|
|
struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; |
struct sockaddr_in ipaddr = { |
|
.sin_len = sizeof(ipaddr), |
|
.sin_family = AF_INET, |
|
}; |
struct route ipforward_rt; |
struct route ipforward_rt; |
|
|
/* |
/* |
Line 732 ip_input(struct mbuf *m) |
|
Line 736 ip_input(struct mbuf *m) |
|
} |
} |
if (ia != NULL) |
if (ia != NULL) |
goto ours; |
goto ours; |
if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { |
if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { |
IFADDR_FOREACH(ifa, m->m_pkthdr.rcvif) { |
IFADDR_FOREACH(ifa, m->m_pkthdr.rcvif) { |
if (ifa->ifa_addr->sa_family != AF_INET) |
if (ifa->ifa_addr->sa_family != AF_INET) |
continue; |
continue; |
|
|
goto bad; |
goto bad; |
} |
} |
#endif |
#endif |
#if FAST_IPSEC |
#ifdef FAST_IPSEC |
/* |
/* |
* enforce IPsec policy checking if we are seeing last header. |
* enforce IPsec policy checking if we are seeing last header. |
* note that we do not visit this with protocols with pcb layer |
* note that we do not visit this with protocols with pcb layer |
Line 1839 ip_forward(struct mbuf *m, int srcrt) |
|
Line 1843 ip_forward(struct mbuf *m, int srcrt) |
|
|
|
dest = 0; |
dest = 0; |
#ifdef DIAGNOSTIC |
#ifdef DIAGNOSTIC |
if (ipprintfs) |
if (ipprintfs) { |
printf("forward: src %2.2x dst %2.2x ttl %x\n", |
printf("forward: src %s ", inet_ntoa(ip->ip_src)); |
ntohl(ip->ip_src.s_addr), |
printf("dst %s ttl %x\n", inet_ntoa(ip->ip_dst), ip->ip_ttl); |
ntohl(ip->ip_dst.s_addr), ip->ip_ttl); |
} |
#endif |
#endif |
if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) { |
if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) { |
ipstat.ips_cantforward++; |
ipstat.ips_cantforward++; |
Line 2093 ip_savecontrol(struct inpcb *inp, struct |
|
Line 2097 ip_savecontrol(struct inpcb *inp, struct |
|
} |
} |
|
|
/* |
/* |
|
* sysctl helper routine for net.inet.ip.forwsrcrt. |
|
*/ |
|
static int |
|
sysctl_net_inet_ip_forwsrcrt(SYSCTLFN_ARGS) |
|
{ |
|
int error, tmp; |
|
struct sysctlnode node; |
|
|
|
node = *rnode; |
|
tmp = ip_forwsrcrt; |
|
node.sysctl_data = &tmp; |
|
error = sysctl_lookup(SYSCTLFN_CALL(&node)); |
|
if (error || newp == NULL) |
|
return (error); |
|
|
|
if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FORWSRCRT, |
|
NULL, NULL, NULL, NULL) != KAUTH_RESULT_ALLOW) |
|
return (EPERM); |
|
|
|
ip_forwsrcrt = tmp; |
|
|
|
return (0); |
|
} |
|
|
|
/* |
* sysctl helper routine for net.inet.ip.mtudisctimeout. checks the |
* sysctl helper routine for net.inet.ip.mtudisctimeout. checks the |
* range of the new value and tweaks timers if it changes. |
* range of the new value and tweaks timers if it changes. |
*/ |
*/ |
Line 2193 SYSCTL_SETUP(sysctl_net_inet_ip_setup, " |
|
Line 2222 SYSCTL_SETUP(sysctl_net_inet_ip_setup, " |
|
IPCTL_DEFMTU, CTL_EOL); |
IPCTL_DEFMTU, CTL_EOL); |
#endif /* IPCTL_DEFMTU */ |
#endif /* IPCTL_DEFMTU */ |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READONLY1, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "forwsrcrt", |
CTLTYPE_INT, "forwsrcrt", |
SYSCTL_DESCR("Enable forwarding of source-routed " |
SYSCTL_DESCR("Enable forwarding of source-routed " |
"datagrams"), |
"datagrams"), |
NULL, 0, &ip_forwsrcrt, 0, |
sysctl_net_inet_ip_forwsrcrt, 0, &ip_forwsrcrt, 0, |
CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
IPCTL_FORWSRCRT, CTL_EOL); |
IPCTL_FORWSRCRT, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |