Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.224.2.4 retrieving revision 1.239 diff -u -p -r1.224.2.4 -r1.239 --- src/sys/netinet/ip_input.c 2006/09/03 15:25:42 1.224.2.4 +++ src/sys/netinet/ip_input.c 2006/12/09 05:33:04 1.239 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.224.2.4 2006/09/03 15:25:42 yamt Exp $ */ +/* $NetBSD: ip_input.c,v 1.239 2006/12/09 05:33:04 dyoung Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -98,7 +98,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.224.2.4 2006/09/03 15:25:42 yamt Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.239 2006/12/09 05:33:04 dyoung Exp $"); #include "opt_inet.h" #include "opt_gateway.h" @@ -121,6 +121,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #include #include #include +#include #include #include @@ -376,8 +377,8 @@ static struct ip_srcrt { static void save_rte(u_char *, struct in_addr); #ifdef MBUFTRACE -struct mowner ip_rx_mowner = { "internet", "rx" }; -struct mowner ip_tx_mowner = { "internet", "tx" }; +struct mowner ip_rx_mowner = MOWNER_INIT("internet", "rx"); +struct mowner ip_tx_mowner = MOWNER_INIT("internet", "tx"); #endif /* @@ -487,12 +488,13 @@ ip_input(struct mbuf *m) int downmatch; int checkif; int srcrt = 0; + int s; u_int hash; #ifdef FAST_IPSEC struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; - int s, error; + int error; #endif /* FAST_IPSEC */ MCLAIM(m, &ip_rx_mowner); @@ -941,7 +943,9 @@ found: */ if (mff || ip->ip_off != htons(0)) { ipstat.ips_fragments++; + s = splvm(); ipqe = pool_get(&ipqent_pool, PR_NOWAIT); + splx(s); if (ipqe == NULL) { ipstat.ips_rcvmemdrop++; IPQ_UNLOCK(); @@ -1054,7 +1058,7 @@ ip_reass(struct ipqent *ipqe, struct ipq struct ip *ip; struct mbuf *t; int hlen = ipqe->ipqe_ip->ip_hl << 2; - int i, next; + int i, next, s; IPQ_LOCK_CHECK(); @@ -1159,7 +1163,9 @@ ip_reass(struct ipqent *ipqe, struct ipq nq = TAILQ_NEXT(q, ipqe_q); m_freem(q->ipqe_m); TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); + s = splvm(); pool_put(&ipqent_pool, q); + splx(s); fp->ipq_nfrags--; ip_nfrags--; } @@ -1200,11 +1206,15 @@ insert: m->m_next = 0; m_cat(m, t); nq = TAILQ_NEXT(q, ipqe_q); + s = splvm(); pool_put(&ipqent_pool, q); + splx(s); for (q = nq; q != NULL; q = nq) { t = q->ipqe_m; nq = TAILQ_NEXT(q, ipqe_q); + s = splvm(); pool_put(&ipqent_pool, q); + splx(s); m_cat(m, t); } ip_nfrags -= fp->ipq_nfrags; @@ -1239,7 +1249,9 @@ dropfrag: ip_nfrags--; ipstat.ips_fragdropped++; m_freem(m); + s = splvm(); pool_put(&ipqent_pool, ipqe); + splx(s); return (0); } @@ -1252,6 +1264,7 @@ ip_freef(struct ipq *fp) { struct ipqent *q, *p; u_int nfrags = 0; + int s; IPQ_LOCK_CHECK(); @@ -1260,7 +1273,9 @@ ip_freef(struct ipq *fp) m_freem(q->ipqe_m); nfrags++; TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); + s = splvm(); pool_put(&ipqent_pool, q); + splx(s); } if (nfrags != fp->ipq_nfrags) @@ -1664,20 +1679,18 @@ ip_rtaddr(struct in_addr dst) sin = satosin(&ipforward_rt.ro_dst); - if (ipforward_rt.ro_rt == 0 || !in_hosteq(dst, sin->sin_addr)) { - if (ipforward_rt.ro_rt) { - RTFREE(ipforward_rt.ro_rt); - ipforward_rt.ro_rt = 0; - } + if (ipforward_rt.ro_rt == NULL || !in_hosteq(dst, sin->sin_addr)) { + if (ipforward_rt.ro_rt != NULL) + rtflush(&ipforward_rt); sin->sin_family = AF_INET; sin->sin_len = sizeof(*sin); sin->sin_addr = dst; rtalloc(&ipforward_rt); } - if (ipforward_rt.ro_rt == 0) - return ((struct in_ifaddr *)0); - return (ifatoia(ipforward_rt.ro_rt->rt_ifa)); + if (ipforward_rt.ro_rt == NULL) + return NULL; + return ifatoia(ipforward_rt.ro_rt->rt_ifa); } /* @@ -1713,10 +1726,10 @@ ip_srcroute(void) struct mbuf *m; if (ip_nhops == 0) - return ((struct mbuf *)0); + return NULL; m = m_get(M_DONTWAIT, MT_SOOPTS); if (m == 0) - return ((struct mbuf *)0); + return NULL; MCLAIM(m, &inetdomain.dom_mowner); #define OPTSIZ (sizeof(ip_srcrt.nop) + sizeof(ip_srcrt.srcopt)) @@ -1858,18 +1871,16 @@ ip_forward(struct mbuf *m, int srcrt) } sin = satosin(&ipforward_rt.ro_dst); - if ((rt = ipforward_rt.ro_rt) == 0 || + if ((rt = ipforward_rt.ro_rt) == NULL || !in_hosteq(ip->ip_dst, sin->sin_addr)) { - if (ipforward_rt.ro_rt) { - RTFREE(ipforward_rt.ro_rt); - ipforward_rt.ro_rt = 0; - } + if (ipforward_rt.ro_rt != NULL) + rtflush(&ipforward_rt); sin->sin_family = AF_INET; sin->sin_len = sizeof(struct sockaddr_in); sin->sin_addr = ip->ip_dst; rtalloc(&ipforward_rt); - if (ipforward_rt.ro_rt == 0) { + if (ipforward_rt.ro_rt == NULL) { icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_NET, dest, 0); return; } @@ -1920,7 +1931,7 @@ ip_forward(struct mbuf *m, int srcrt) } } - error = ip_output(m, (struct mbuf *)0, &ipforward_rt, + error = ip_output(m, NULL, &ipforward_rt, (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), (struct ip_moptions *)NULL, (struct socket *)NULL); @@ -1963,7 +1974,7 @@ ip_forward(struct mbuf *m, int srcrt) type = ICMP_UNREACH; code = ICMP_UNREACH_NEEDFRAG; #if !defined(IPSEC) && !defined(FAST_IPSEC) - if (ipforward_rt.ro_rt) + if (ipforward_rt.ro_rt != NULL) destmtu = ipforward_rt.ro_rt->rt_ifp->if_mtu; #else /* @@ -1972,7 +1983,7 @@ ip_forward(struct mbuf *m, int srcrt) * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz * XXX quickhack!!! */ - if (ipforward_rt.ro_rt) { + if (ipforward_rt.ro_rt != NULL) { struct secpolicy *sp; int ipsecerror; size_t ipsechdr; @@ -2111,7 +2122,8 @@ sysctl_net_inet_ip_forwsrcrt(SYSCTLFN_AR if (error || newp == NULL) return (error); - if (securelevel > 0) + if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FORWSRCRT, + 0, NULL, NULL, NULL)) return (EPERM); ip_forwsrcrt = tmp;