Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.228 retrieving revision 1.237 diff -u -p -r1.228 -r1.237 --- src/sys/netinet/ip_input.c 2006/07/30 17:38:19 1.228 +++ src/sys/netinet/ip_input.c 2006/12/06 00:38:16 1.237 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.228 2006/07/30 17:38:19 elad Exp $ */ +/* $NetBSD: ip_input.c,v 1.237 2006/12/06 00:38:16 dyoung Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -98,7 +98,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.228 2006/07/30 17:38:19 elad Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.237 2006/12/06 00:38:16 dyoung Exp $"); #include "opt_inet.h" #include "opt_gateway.h" @@ -121,6 +121,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip_input.c,v #include #include #include +#include #include #include @@ -376,8 +377,8 @@ static struct ip_srcrt { static void save_rte(u_char *, struct in_addr); #ifdef MBUFTRACE -struct mowner ip_rx_mowner = { "internet", "rx" }; -struct mowner ip_tx_mowner = { "internet", "tx" }; +struct mowner ip_rx_mowner = MOWNER_INIT("internet", "rx"); +struct mowner ip_tx_mowner = MOWNER_INIT("internet", "tx"); #endif /* @@ -445,7 +446,10 @@ ip_init(void) #endif /* MBUFTRACE */ } -struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; +struct sockaddr_in ipaddr = { + .sin_len = sizeof(ipaddr), + .sin_family = AF_INET, +}; struct route ipforward_rt; /* @@ -484,12 +488,13 @@ ip_input(struct mbuf *m) int downmatch; int checkif; int srcrt = 0; + int s; u_int hash; #ifdef FAST_IPSEC struct m_tag *mtag; struct tdb_ident *tdbi; struct secpolicy *sp; - int s, error; + int error; #endif /* FAST_IPSEC */ MCLAIM(m, &ip_rx_mowner); @@ -938,7 +943,9 @@ found: */ if (mff || ip->ip_off != htons(0)) { ipstat.ips_fragments++; + s = splvm(); ipqe = pool_get(&ipqent_pool, PR_NOWAIT); + splx(s); if (ipqe == NULL) { ipstat.ips_rcvmemdrop++; IPQ_UNLOCK(); @@ -1051,7 +1058,7 @@ ip_reass(struct ipqent *ipqe, struct ipq struct ip *ip; struct mbuf *t; int hlen = ipqe->ipqe_ip->ip_hl << 2; - int i, next; + int i, next, s; IPQ_LOCK_CHECK(); @@ -1156,7 +1163,9 @@ ip_reass(struct ipqent *ipqe, struct ipq nq = TAILQ_NEXT(q, ipqe_q); m_freem(q->ipqe_m); TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); + s = splvm(); pool_put(&ipqent_pool, q); + splx(s); fp->ipq_nfrags--; ip_nfrags--; } @@ -1197,11 +1206,15 @@ insert: m->m_next = 0; m_cat(m, t); nq = TAILQ_NEXT(q, ipqe_q); + s = splvm(); pool_put(&ipqent_pool, q); + splx(s); for (q = nq; q != NULL; q = nq) { t = q->ipqe_m; nq = TAILQ_NEXT(q, ipqe_q); + s = splvm(); pool_put(&ipqent_pool, q); + splx(s); m_cat(m, t); } ip_nfrags -= fp->ipq_nfrags; @@ -1236,7 +1249,9 @@ dropfrag: ip_nfrags--; ipstat.ips_fragdropped++; m_freem(m); + s = splvm(); pool_put(&ipqent_pool, ipqe); + splx(s); return (0); } @@ -1249,6 +1264,7 @@ ip_freef(struct ipq *fp) { struct ipqent *q, *p; u_int nfrags = 0; + int s; IPQ_LOCK_CHECK(); @@ -1257,7 +1273,9 @@ ip_freef(struct ipq *fp) m_freem(q->ipqe_m); nfrags++; TAILQ_REMOVE(&fp->ipq_fragq, q, ipqe_q); + s = splvm(); pool_put(&ipqent_pool, q); + splx(s); } if (nfrags != fp->ipq_nfrags) @@ -1710,10 +1728,10 @@ ip_srcroute(void) struct mbuf *m; if (ip_nhops == 0) - return ((struct mbuf *)0); + return NULL; m = m_get(M_DONTWAIT, MT_SOOPTS); if (m == 0) - return ((struct mbuf *)0); + return NULL; MCLAIM(m, &inetdomain.dom_mowner); #define OPTSIZ (sizeof(ip_srcrt.nop) + sizeof(ip_srcrt.srcopt)) @@ -2108,7 +2126,8 @@ sysctl_net_inet_ip_forwsrcrt(SYSCTLFN_AR if (error || newp == NULL) return (error); - if (securelevel > 0) + if (kauth_authorize_network(l->l_cred, KAUTH_NETWORK_FORWSRCRT, + 0, NULL, NULL, NULL)) return (EPERM); ip_forwsrcrt = tmp;