| version 1.288, 2010/07/13 22:16:10 |
version 1.289, 2010/07/19 14:09:45 |
| Line 412 ip_input(struct mbuf *m) |
|
| Line 412 ip_input(struct mbuf *m) |
|
| struct m_tag *mtag; |
struct m_tag *mtag; |
| struct tdb_ident *tdbi; |
struct tdb_ident *tdbi; |
| struct secpolicy *sp; |
struct secpolicy *sp; |
| int error; |
int error, s; |
| #endif /* FAST_IPSEC */ |
#endif /* FAST_IPSEC */ |
| |
|
| MCLAIM(m, &ip_rx_mowner); |
MCLAIM(m, &ip_rx_mowner); |
| #ifdef DIAGNOSTIC |
KASSERT((m->m_flags & M_PKTHDR) != 0); |
| if ((m->m_flags & M_PKTHDR) == 0) |
|
| panic("ipintr no HDR"); |
|
| #endif |
|
| |
|
| /* |
/* |
| * If no IP addresses have been set yet but the interfaces |
* If no IP addresses have been set yet but the interfaces |
|
|
| * If offset or IP_MF are set, must reassemble. |
* If offset or IP_MF are set, must reassemble. |
| */ |
*/ |
| if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
| struct ipq *fp; |
struct mbuf *m_final; |
| u_int off, hash; |
u_int off, flen; |
| bool mff; |
bool mff; |
| |
|
| /* |
/* |
|
|
| goto bad; |
goto bad; |
| } |
} |
| |
|
| /* |
/* Fragment length and MF flag. */ |
| * Adjust total IP length to not reflect header. Set 'mff' |
flen = ntohs(ip->ip_len) - hlen; |
| * indicator, if more fragments are expected. Convert offset |
|
| * of this to bytes. |
|
| */ |
|
| ip->ip_len = htons(ntohs(ip->ip_len) - hlen); |
|
| mff = (ip->ip_off & htons(IP_MF)) != 0; |
mff = (ip->ip_off & htons(IP_MF)) != 0; |
| if (mff) { |
if (mff) { |
| /* |
/* |
| * Make sure that fragments have a data length |
* Make sure that fragments have a data length |
| * which is non-zero and multiple of 8 bytes. |
* which is non-zero and multiple of 8 bytes. |
| */ |
*/ |
| if (ntohs(ip->ip_len) == 0 || |
if (flen == 0 || (flen & 0x7) != 0) { |
| (ntohs(ip->ip_len) & 0x7) != 0) { |
|
| IP_STATINC(IP_STAT_BADFRAGS); |
IP_STATINC(IP_STAT_BADFRAGS); |
| goto bad; |
goto bad; |
| } |
} |
| } |
} |
| ip->ip_off = htons((ntohs(ip->ip_off) & IP_OFFMASK) << 3); |
|
| |
|
| /* Look for queue of fragments of this datagram. */ |
|
| fp = ip_reass_lookup(ip, &hash); |
|
| |
|
| /* Make sure the TOS matches previous fragments. */ |
|
| if (fp && fp->ipq_tos != ip->ip_tos) { |
|
| IP_STATINC(IP_STAT_BADFRAGS); |
|
| ip_reass_unlock(); |
|
| goto bad; |
|
| } |
|
| |
|
| /* |
/* |
| * If datagram marked as having more fragments |
* Adjust total IP length to not reflect header and convert |
| * or if this is not the first fragment, |
* offset of this to bytes. XXX: clobbers struct ip. |
| * attempt reassembly; if it succeeds, proceed. |
|
| */ |
*/ |
| if (mff || ip->ip_off != htons(0)) { |
ip->ip_len = htons(flen); |
| struct ipqent *ipqe; |
ip->ip_off = htons(off); |
| |
|
| ipqe = ip_reass_getent(); |
/* |
| if (ipqe == NULL) { |
* Pass to IP reassembly mechanism. |
| IP_STATINC(IP_STAT_RCVMEMDROP); |
*/ |
| ip_reass_unlock(); |
if (ip_reass_packet(m, ip, mff, &m_final) != 0) { |
| goto bad; |
/* Failed; invalid fragment(s) or packet. */ |
| } |
goto bad; |
| ipqe->ipqe_mff = mff; |
|
| ipqe->ipqe_m = m; |
|
| ipqe->ipqe_ip = ip; |
|
| m = ip_reass(ipqe, fp, hash); |
|
| if (m == NULL) { |
|
| return; |
|
| } |
|
| IP_STATINC(IP_STAT_REASSEMBLED); |
|
| ip = mtod(m, struct ip *); |
|
| hlen = ip->ip_hl << 2; |
|
| ip->ip_len = htons(ntohs(ip->ip_len) + hlen); |
|
| } else if (fp) { |
|
| ip_freef(fp); |
|
| ip_reass_unlock(); |
|
| } |
} |
| |
if (m_final == NULL) { |
| |
/* More fragments should come; silently return. */ |
| |
return; |
| |
} |
| |
/* Reassembly is done, we have the final packet. */ |
| |
m = m_final; |
| |
|
| |
/* Updated local variable(s). */ |
| |
ip = mtod(m, struct ip *); |
| |
hlen = ip->ip_hl << 2; |
| } |
} |
| |
|
| #if defined(IPSEC) |
#if defined(IPSEC) |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet