| version 1.254, 2007/10/02 20:35:04 |
version 1.254.4.4, 2008/02/18 21:07:08 |
|
|
| for (i = 0; i < IPREASS_NHASH; i++) |
for (i = 0; i < IPREASS_NHASH; i++) |
| LIST_INIT(&ipq[i]); |
LIST_INIT(&ipq[i]); |
| |
|
| |
ip_initid(); |
| ip_id = time_second & 0xfffff; |
ip_id = time_second & 0xfffff; |
| |
|
| ipintrq.ifq_maxlen = ipqmaxlen; |
ipintrq.ifq_maxlen = ipqmaxlen; |
|
|
| splx(s); |
splx(s); |
| if (m == 0) |
if (m == 0) |
| return; |
return; |
| MCLAIM(m, &ip_rx_mowner); |
|
| ip_input(m); |
ip_input(m); |
| } |
} |
| } |
} |
|
|
| * but it's not worth the time; just let them time out.) |
* but it's not worth the time; just let them time out.) |
| */ |
*/ |
| if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
| |
uint16_t off; |
| |
/* |
| |
* Prevent TCP blind data attacks by not allowing non-initial |
| |
* fragments to start at less than 68 bytes (minimal fragment |
| |
* size) and making sure the first fragment is at least 68 |
| |
* bytes. |
| |
*/ |
| |
off = (ntohs(ip->ip_off) & IP_OFFMASK) << 3; |
| |
if ((off > 0 ? off + hlen : len) < IP_MINFRAGSIZE - 1) { |
| |
ipstat.ips_badfrags++; |
| |
goto bad; |
| |
} |
| /* |
/* |
| * Look for queue of fragments |
* Look for queue of fragments |
| * of this datagram. |
* of this datagram. |
|
|
| if (ip->ip_id == fp->ipq_id && |
if (ip->ip_id == fp->ipq_id && |
| in_hosteq(ip->ip_src, fp->ipq_src) && |
in_hosteq(ip->ip_src, fp->ipq_src) && |
| in_hosteq(ip->ip_dst, fp->ipq_dst) && |
in_hosteq(ip->ip_dst, fp->ipq_dst) && |
| ip->ip_p == fp->ipq_p) |
ip->ip_p == fp->ipq_p) { |
| |
/* |
| |
* Make sure the TOS is matches previous |
| |
* fragments. |
| |
*/ |
| |
if (ip->ip_tos != fp->ipq_tos) { |
| |
ipstat.ips_badfrags++; |
| |
goto bad; |
| |
} |
| goto found; |
goto found; |
| |
} |
| } |
} |
| fp = 0; |
fp = 0; |
| found: |
found: |
| Line 1106 ip_reass(struct ipqent *ipqe, struct ipq |
|
| Line 1125 ip_reass(struct ipqent *ipqe, struct ipq |
|
| fp->ipq_ttl = IPFRAGTTL; |
fp->ipq_ttl = IPFRAGTTL; |
| fp->ipq_p = ipqe->ipqe_ip->ip_p; |
fp->ipq_p = ipqe->ipqe_ip->ip_p; |
| fp->ipq_id = ipqe->ipqe_ip->ip_id; |
fp->ipq_id = ipqe->ipqe_ip->ip_id; |
| |
fp->ipq_tos = ipqe->ipqe_ip->ip_tos; |
| TAILQ_INIT(&fp->ipq_fragq); |
TAILQ_INIT(&fp->ipq_fragq); |
| fp->ipq_src = ipqe->ipqe_ip->ip_src; |
fp->ipq_src = ipqe->ipqe_ip->ip_src; |
| fp->ipq_dst = ipqe->ipqe_ip->ip_dst; |
fp->ipq_dst = ipqe->ipqe_ip->ip_dst; |
| Line 1777 ip_srcroute(void) |
|
| Line 1797 ip_srcroute(void) |
|
| } |
} |
| |
|
| const int inetctlerrmap[PRC_NCMDS] = { |
const int inetctlerrmap[PRC_NCMDS] = { |
| 0, 0, 0, 0, |
[PRC_MSGSIZE] = EMSGSIZE, |
| 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH, |
[PRC_HOSTDEAD] = EHOSTDOWN, |
| EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, |
[PRC_HOSTUNREACH] = EHOSTUNREACH, |
| EMSGSIZE, EHOSTUNREACH, 0, 0, |
[PRC_UNREACH_NET] = EHOSTUNREACH, |
| 0, 0, 0, 0, |
[PRC_UNREACH_HOST] = EHOSTUNREACH, |
| ENOPROTOOPT |
[PRC_UNREACH_PROTOCOL] = ECONNREFUSED, |
| |
[PRC_UNREACH_PORT] = ECONNREFUSED, |
| |
[PRC_UNREACH_SRCFAIL] = EHOSTUNREACH, |
| |
[PRC_PARAMPROB] = ENOPROTOOPT, |
| }; |
}; |
| |
|
| /* |
/* |
| Line 1932 ip_forward(struct mbuf *m, int srcrt) |
|
| Line 1955 ip_forward(struct mbuf *m, int srcrt) |
|
| type = ICMP_UNREACH; |
type = ICMP_UNREACH; |
| code = ICMP_UNREACH_NEEDFRAG; |
code = ICMP_UNREACH_NEEDFRAG; |
| #if !defined(IPSEC) && !defined(FAST_IPSEC) |
#if !defined(IPSEC) && !defined(FAST_IPSEC) |
| if (ipforward_rt.ro_rt != NULL) |
if ((rt = rtcache_validate(&ipforward_rt)) != NULL) |
| destmtu = ipforward_rt.ro_rt->rt_ifp->if_mtu; |
destmtu = rt->rt_ifp->if_mtu; |
| #else |
#else |
| /* |
/* |
| * If the packet is routed over IPsec tunnel, tell the |
* If the packet is routed over IPsec tunnel, tell the |
| Line 1941 ip_forward(struct mbuf *m, int srcrt) |
|
| Line 1964 ip_forward(struct mbuf *m, int srcrt) |
|
| * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz |
* tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz |
| * XXX quickhack!!! |
* XXX quickhack!!! |
| */ |
*/ |
| if (ipforward_rt.ro_rt != NULL) { |
if ((rt = rtcache_validate(&ipforward_rt)) != NULL) { |
| struct secpolicy *sp; |
struct secpolicy *sp; |
| int ipsecerror; |
int ipsecerror; |
| size_t ipsechdr; |
size_t ipsechdr; |
| Line 1952 ip_forward(struct mbuf *m, int srcrt) |
|
| Line 1975 ip_forward(struct mbuf *m, int srcrt) |
|
| &ipsecerror); |
&ipsecerror); |
| |
|
| if (sp == NULL) |
if (sp == NULL) |
| destmtu = ipforward_rt.ro_rt->rt_ifp->if_mtu; |
destmtu = rt->rt_ifp->if_mtu; |
| else { |
else { |
| /* count IPsec header size */ |
/* count IPsec header size */ |
| ipsechdr = ipsec4_hdrsiz(mcopy, |
ipsechdr = ipsec4_hdrsiz(mcopy, |
| Line 1967 ip_forward(struct mbuf *m, int srcrt) |
|
| Line 1990 ip_forward(struct mbuf *m, int srcrt) |
|
| && sp->req->sav != NULL |
&& sp->req->sav != NULL |
| && sp->req->sav->sah != NULL) { |
&& sp->req->sav->sah != NULL) { |
| ro = &sp->req->sav->sah->sa_route; |
ro = &sp->req->sav->sah->sa_route; |
| if (ro->ro_rt && ro->ro_rt->rt_ifp) { |
if (rt && rt->rt_ifp) { |
| destmtu = |
destmtu = |
| ro->ro_rt->rt_rmx.rmx_mtu ? |
rt->rt_rmx.rmx_mtu ? |
| ro->ro_rt->rt_rmx.rmx_mtu : |
rt->rt_rmx.rmx_mtu : |
| ro->ro_rt->rt_ifp->if_mtu; |
rt->rt_ifp->if_mtu; |
| destmtu -= ipsechdr; |
destmtu -= ipsechdr; |
| } |
} |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet