version 1.288, 2010/07/13 22:16:10 |
version 1.291, 2010/11/05 01:35:57 |
Line 231 int in_multientries; /* total number o |
|
Line 231 int in_multientries; /* total number o |
|
struct in_multihashhead *in_multihashtbl; |
struct in_multihashhead *in_multihashtbl; |
struct ifqueue ipintrq; |
struct ifqueue ipintrq; |
|
|
|
ipid_state_t * ip_ids; |
uint16_t ip_id; |
uint16_t ip_id; |
|
|
percpu_t *ipstat_percpu; |
percpu_t *ipstat_percpu; |
|
|
|
|
ip_reass_init(); |
ip_reass_init(); |
|
|
ip_initid(); |
ip_ids = ip_id_init(); |
ip_id = time_second & 0xfffff; |
ip_id = time_second & 0xfffff; |
|
|
ipintrq.ifq_maxlen = ipqmaxlen; |
ipintrq.ifq_maxlen = ipqmaxlen; |
Line 412 ip_input(struct mbuf *m) |
|
Line 413 ip_input(struct mbuf *m) |
|
struct m_tag *mtag; |
struct m_tag *mtag; |
struct tdb_ident *tdbi; |
struct tdb_ident *tdbi; |
struct secpolicy *sp; |
struct secpolicy *sp; |
int error; |
int error, s; |
#endif /* FAST_IPSEC */ |
#endif /* FAST_IPSEC */ |
|
|
MCLAIM(m, &ip_rx_mowner); |
MCLAIM(m, &ip_rx_mowner); |
#ifdef DIAGNOSTIC |
KASSERT((m->m_flags & M_PKTHDR) != 0); |
if ((m->m_flags & M_PKTHDR) == 0) |
|
panic("ipintr no HDR"); |
|
#endif |
|
|
|
/* |
/* |
* If no IP addresses have been set yet but the interfaces |
* If no IP addresses have been set yet but the interfaces |
|
|
* If offset or IP_MF are set, must reassemble. |
* If offset or IP_MF are set, must reassemble. |
*/ |
*/ |
if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
if (ip->ip_off & ~htons(IP_DF|IP_RF)) { |
struct ipq *fp; |
|
u_int off, hash; |
|
bool mff; |
|
|
|
/* |
/* |
* Prevent TCP blind data attacks by not allowing non-initial |
* Pass to IP reassembly mechanism. |
* fragments to start at less than 68 bytes (minimal fragment |
|
* size) and making sure the first fragment is at least 68 |
|
* bytes. |
|
*/ |
*/ |
off = (ntohs(ip->ip_off) & IP_OFFMASK) << 3; |
if (ip_reass_packet(&m, ip) != 0) { |
if ((off > 0 ? off + hlen : len) < IP_MINFRAGSIZE - 1) { |
/* Failed; invalid fragment(s) or packet. */ |
IP_STATINC(IP_STAT_BADFRAGS); |
|
goto bad; |
goto bad; |
} |
} |
|
if (m == NULL) { |
/* |
/* More fragments should come; silently return. */ |
* Adjust total IP length to not reflect header. Set 'mff' |
return; |
* indicator, if more fragments are expected. Convert offset |
|
* of this to bytes. |
|
*/ |
|
ip->ip_len = htons(ntohs(ip->ip_len) - hlen); |
|
mff = (ip->ip_off & htons(IP_MF)) != 0; |
|
if (mff) { |
|
/* |
|
* Make sure that fragments have a data length |
|
* which is non-zero and multiple of 8 bytes. |
|
*/ |
|
if (ntohs(ip->ip_len) == 0 || |
|
(ntohs(ip->ip_len) & 0x7) != 0) { |
|
IP_STATINC(IP_STAT_BADFRAGS); |
|
goto bad; |
|
} |
|
} |
|
ip->ip_off = htons((ntohs(ip->ip_off) & IP_OFFMASK) << 3); |
|
|
|
/* Look for queue of fragments of this datagram. */ |
|
fp = ip_reass_lookup(ip, &hash); |
|
|
|
/* Make sure the TOS matches previous fragments. */ |
|
if (fp && fp->ipq_tos != ip->ip_tos) { |
|
IP_STATINC(IP_STAT_BADFRAGS); |
|
ip_reass_unlock(); |
|
goto bad; |
|
} |
} |
|
|
/* |
/* |
* If datagram marked as having more fragments |
* Reassembly is done, we have the final packet. |
* or if this is not the first fragment, |
* Updated cached data in local variable(s). |
* attempt reassembly; if it succeeds, proceed. |
|
*/ |
*/ |
if (mff || ip->ip_off != htons(0)) { |
ip = mtod(m, struct ip *); |
struct ipqent *ipqe; |
hlen = ip->ip_hl << 2; |
|
|
ipqe = ip_reass_getent(); |
|
if (ipqe == NULL) { |
|
IP_STATINC(IP_STAT_RCVMEMDROP); |
|
ip_reass_unlock(); |
|
goto bad; |
|
} |
|
ipqe->ipqe_mff = mff; |
|
ipqe->ipqe_m = m; |
|
ipqe->ipqe_ip = ip; |
|
m = ip_reass(ipqe, fp, hash); |
|
if (m == NULL) { |
|
return; |
|
} |
|
IP_STATINC(IP_STAT_REASSEMBLED); |
|
ip = mtod(m, struct ip *); |
|
hlen = ip->ip_hl << 2; |
|
ip->ip_len = htons(ntohs(ip->ip_len) + hlen); |
|
} else if (fp) { |
|
ip_freef(fp); |
|
ip_reass_unlock(); |
|
} |
|
} |
} |
|
|
#if defined(IPSEC) |
#if defined(IPSEC) |