version 1.256.6.2, 2008/01/19 12:15:32 |
version 1.257, 2007/12/20 19:53:32 |
|
|
* but it's not worth the time; just let them time out.) |
* but it's not worth the time; just let them time out.) |
*/ |
*/ |
if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
uint16_t off; |
|
/* |
|
* Prevent TCP blind data attacks by not allowing non-initial |
|
* fragments to start at less than 68 bytes (minimal fragment |
|
* size) and making sure the first fragment is at least 68 |
|
* bytes. |
|
*/ |
|
off = (ntohs(ip->ip_off) & IP_OFFMASK) << 3; |
|
if ((off > 0 ? off + hlen : len) < IP_MINFRAGSIZE - 1) { |
|
ipstat.ips_badfrags++; |
|
goto bad; |
|
} |
|
/* |
/* |
* Look for queue of fragments |
* Look for queue of fragments |
* of this datagram. |
* of this datagram. |
|
|
if (ip->ip_id == fp->ipq_id && |
if (ip->ip_id == fp->ipq_id && |
in_hosteq(ip->ip_src, fp->ipq_src) && |
in_hosteq(ip->ip_src, fp->ipq_src) && |
in_hosteq(ip->ip_dst, fp->ipq_dst) && |
in_hosteq(ip->ip_dst, fp->ipq_dst) && |
ip->ip_p == fp->ipq_p) { |
ip->ip_p == fp->ipq_p) |
/* |
|
* Make sure the TOS is matches previous |
|
* fragments. |
|
*/ |
|
if (ip->ip_tos != fp->ipq_tos) { |
|
ipstat.ips_badfrags++; |
|
goto bad; |
|
} |
|
goto found; |
goto found; |
} |
|
} |
} |
fp = 0; |
fp = 0; |
found: |
found: |
Line 1124 ip_reass(struct ipqent *ipqe, struct ipq |
|
Line 1105 ip_reass(struct ipqent *ipqe, struct ipq |
|
fp->ipq_ttl = IPFRAGTTL; |
fp->ipq_ttl = IPFRAGTTL; |
fp->ipq_p = ipqe->ipqe_ip->ip_p; |
fp->ipq_p = ipqe->ipqe_ip->ip_p; |
fp->ipq_id = ipqe->ipqe_ip->ip_id; |
fp->ipq_id = ipqe->ipqe_ip->ip_id; |
fp->ipq_tos = ipqe->ipqe_ip->ip_tos; |
|
TAILQ_INIT(&fp->ipq_fragq); |
TAILQ_INIT(&fp->ipq_fragq); |
fp->ipq_src = ipqe->ipqe_ip->ip_src; |
fp->ipq_src = ipqe->ipqe_ip->ip_src; |
fp->ipq_dst = ipqe->ipqe_ip->ip_dst; |
fp->ipq_dst = ipqe->ipqe_ip->ip_dst; |
Line 1954 ip_forward(struct mbuf *m, int srcrt) |
|
Line 1934 ip_forward(struct mbuf *m, int srcrt) |
|
type = ICMP_UNREACH; |
type = ICMP_UNREACH; |
code = ICMP_UNREACH_NEEDFRAG; |
code = ICMP_UNREACH_NEEDFRAG; |
#if !defined(IPSEC) && !defined(FAST_IPSEC) |
#if !defined(IPSEC) && !defined(FAST_IPSEC) |
if ((rt = rtcache_validate(&ipforward_rt)) != NULL) |
if ((rt = rtcache_getrt(&ipforward_rt)) != NULL) |
destmtu = rt->rt_ifp->if_mtu; |
destmtu = rt->rt_ifp->if_mtu; |
#else |
#else |
/* |
/* |
Line 1963 ip_forward(struct mbuf *m, int srcrt) |
|
Line 1943 ip_forward(struct mbuf *m, int srcrt) |
|
* tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz |
* tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz |
* XXX quickhack!!! |
* XXX quickhack!!! |
*/ |
*/ |
if ((rt = rtcache_validate(&ipforward_rt)) != NULL) { |
if ((rt = rtcache_getrt(&ipforward_rt)) != NULL) { |
struct secpolicy *sp; |
struct secpolicy *sp; |
int ipsecerror; |
int ipsecerror; |
size_t ipsechdr; |
size_t ipsechdr; |