version 1.288, 2010/07/13 22:16:10 |
version 1.289, 2010/07/19 14:09:45 |
Line 412 ip_input(struct mbuf *m) |
|
Line 412 ip_input(struct mbuf *m) |
|
struct m_tag *mtag; |
struct m_tag *mtag; |
struct tdb_ident *tdbi; |
struct tdb_ident *tdbi; |
struct secpolicy *sp; |
struct secpolicy *sp; |
int error; |
int error, s; |
#endif /* FAST_IPSEC */ |
#endif /* FAST_IPSEC */ |
|
|
MCLAIM(m, &ip_rx_mowner); |
MCLAIM(m, &ip_rx_mowner); |
#ifdef DIAGNOSTIC |
KASSERT((m->m_flags & M_PKTHDR) != 0); |
if ((m->m_flags & M_PKTHDR) == 0) |
|
panic("ipintr no HDR"); |
|
#endif |
|
|
|
/* |
/* |
* If no IP addresses have been set yet but the interfaces |
* If no IP addresses have been set yet but the interfaces |
|
|
* If offset or IP_MF are set, must reassemble. |
* If offset or IP_MF are set, must reassemble. |
*/ |
*/ |
if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
struct ipq *fp; |
struct mbuf *m_final; |
u_int off, hash; |
u_int off, flen; |
bool mff; |
bool mff; |
|
|
/* |
/* |
|
|
goto bad; |
goto bad; |
} |
} |
|
|
/* |
/* Fragment length and MF flag. */ |
* Adjust total IP length to not reflect header. Set 'mff' |
flen = ntohs(ip->ip_len) - hlen; |
* indicator, if more fragments are expected. Convert offset |
|
* of this to bytes. |
|
*/ |
|
ip->ip_len = htons(ntohs(ip->ip_len) - hlen); |
|
mff = (ip->ip_off & htons(IP_MF)) != 0; |
mff = (ip->ip_off & htons(IP_MF)) != 0; |
if (mff) { |
if (mff) { |
/* |
/* |
* Make sure that fragments have a data length |
* Make sure that fragments have a data length |
* which is non-zero and multiple of 8 bytes. |
* which is non-zero and multiple of 8 bytes. |
*/ |
*/ |
if (ntohs(ip->ip_len) == 0 || |
if (flen == 0 || (flen & 0x7) != 0) { |
(ntohs(ip->ip_len) & 0x7) != 0) { |
|
IP_STATINC(IP_STAT_BADFRAGS); |
IP_STATINC(IP_STAT_BADFRAGS); |
goto bad; |
goto bad; |
} |
} |
} |
} |
ip->ip_off = htons((ntohs(ip->ip_off) & IP_OFFMASK) << 3); |
|
|
|
/* Look for queue of fragments of this datagram. */ |
|
fp = ip_reass_lookup(ip, &hash); |
|
|
|
/* Make sure the TOS matches previous fragments. */ |
|
if (fp && fp->ipq_tos != ip->ip_tos) { |
|
IP_STATINC(IP_STAT_BADFRAGS); |
|
ip_reass_unlock(); |
|
goto bad; |
|
} |
|
|
|
/* |
/* |
* If datagram marked as having more fragments |
* Adjust total IP length to not reflect header and convert |
* or if this is not the first fragment, |
* offset of this to bytes. XXX: clobbers struct ip. |
* attempt reassembly; if it succeeds, proceed. |
|
*/ |
*/ |
if (mff || ip->ip_off != htons(0)) { |
ip->ip_len = htons(flen); |
struct ipqent *ipqe; |
ip->ip_off = htons(off); |
|
|
ipqe = ip_reass_getent(); |
/* |
if (ipqe == NULL) { |
* Pass to IP reassembly mechanism. |
IP_STATINC(IP_STAT_RCVMEMDROP); |
*/ |
ip_reass_unlock(); |
if (ip_reass_packet(m, ip, mff, &m_final) != 0) { |
goto bad; |
/* Failed; invalid fragment(s) or packet. */ |
} |
goto bad; |
ipqe->ipqe_mff = mff; |
|
ipqe->ipqe_m = m; |
|
ipqe->ipqe_ip = ip; |
|
m = ip_reass(ipqe, fp, hash); |
|
if (m == NULL) { |
|
return; |
|
} |
|
IP_STATINC(IP_STAT_REASSEMBLED); |
|
ip = mtod(m, struct ip *); |
|
hlen = ip->ip_hl << 2; |
|
ip->ip_len = htons(ntohs(ip->ip_len) + hlen); |
|
} else if (fp) { |
|
ip_freef(fp); |
|
ip_reass_unlock(); |
|
} |
} |
|
if (m_final == NULL) { |
|
/* More fragments should come; silently return. */ |
|
return; |
|
} |
|
/* Reassembly is done, we have the final packet. */ |
|
m = m_final; |
|
|
|
/* Updated local variable(s). */ |
|
ip = mtod(m, struct ip *); |
|
hlen = ip->ip_hl << 2; |
} |
} |
|
|
#if defined(IPSEC) |
#if defined(IPSEC) |