| version 1.293.2.1, 2011/06/06 09:09:55 |
version 1.296.2.1, 2012/04/17 00:08:40 |
| Line 140 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| Line 140 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| #include <netinet/ip_mroute.h> |
#include <netinet/ip_mroute.h> |
| #endif |
#endif |
| |
|
| #ifdef IPSEC |
|
| #include <netinet6/ipsec.h> |
|
| #include <netinet6/ipsec_private.h> |
|
| #include <netkey/key.h> |
|
| #endif |
|
| #ifdef FAST_IPSEC |
#ifdef FAST_IPSEC |
| #include <netipsec/ipsec.h> |
#include <netipsec/ipsec.h> |
| #include <netipsec/key.h> |
#include <netipsec/key.h> |
| Line 456 ip_input(struct mbuf *m) |
|
| Line 451 ip_input(struct mbuf *m) |
|
| goto bad; |
goto bad; |
| } |
} |
| if (hlen > m->m_len) { |
if (hlen > m->m_len) { |
| if ((m = m_pullup(m, hlen)) == 0) { |
if ((m = m_pullup(m, hlen)) == NULL) { |
| IP_STATINC(IP_STAT_BADHLEN); |
IP_STATINC(IP_STAT_BADHLEN); |
| return; |
return; |
| } |
} |
| Line 536 ip_input(struct mbuf *m) |
|
| Line 531 ip_input(struct mbuf *m) |
|
| m_adj(m, len - m->m_pkthdr.len); |
m_adj(m, len - m->m_pkthdr.len); |
| } |
} |
| |
|
| #if defined(IPSEC) |
|
| /* ipflow (IP fast forwarding) is not compatible with IPsec. */ |
|
| m->m_flags &= ~M_CANFASTFWD; |
|
| #else |
|
| /* |
/* |
| * Assume that we can create a fast-forward IP flow entry |
* Assume that we can create a fast-forward IP flow entry |
| * based on this packet. |
* based on this packet. |
| */ |
*/ |
| m->m_flags |= M_CANFASTFWD; |
m->m_flags |= M_CANFASTFWD; |
| #endif |
|
| |
|
| #ifdef PFIL_HOOKS |
#ifdef PFIL_HOOKS |
| /* |
/* |
| Line 559 ip_input(struct mbuf *m) |
|
| Line 549 ip_input(struct mbuf *m) |
|
| * let ipfilter look at packet on the wire, |
* let ipfilter look at packet on the wire, |
| * not the decapsulated packet. |
* not the decapsulated packet. |
| */ |
*/ |
| #ifdef IPSEC |
#if defined(FAST_IPSEC) |
| if (!ipsec_getnhist(m)) |
|
| #elif defined(FAST_IPSEC) |
|
| if (!ipsec_indone(m)) |
if (!ipsec_indone(m)) |
| #else |
#else |
| if (1) |
if (1) |
| Line 743 ip_input(struct mbuf *m) |
|
| Line 731 ip_input(struct mbuf *m) |
|
| IP_STATINC(IP_STAT_CANTFORWARD); |
IP_STATINC(IP_STAT_CANTFORWARD); |
| return; |
return; |
| } |
} |
| #ifdef IPSEC |
|
| if (ipsec4_in_reject(m, NULL)) { |
|
| IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); |
|
| goto bad; |
|
| } |
|
| #endif |
|
| #ifdef FAST_IPSEC |
#ifdef FAST_IPSEC |
| mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); |
mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); |
| s = splsoftnet(); |
s = splsoftnet(); |
|
|
| hlen = ip->ip_hl << 2; |
hlen = ip->ip_hl << 2; |
| } |
} |
| |
|
| #if defined(IPSEC) |
|
| /* |
|
| * enforce IPsec policy checking if we are seeing last header. |
|
| * note that we do not visit this with protocols with pcb layer |
|
| * code - like udp/tcp/raw ip. |
|
| */ |
|
| if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && |
|
| ipsec4_in_reject(m, NULL)) { |
|
| IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); |
|
| goto bad; |
|
| } |
|
| #endif |
|
| #ifdef FAST_IPSEC |
#ifdef FAST_IPSEC |
| /* |
/* |
| * enforce IPsec policy checking if we are seeing last header. |
* enforce IPsec policy checking if we are seeing last header. |
| Line 1405 ip_forward(struct mbuf *m, int srcrt) |
|
| Line 1375 ip_forward(struct mbuf *m, int srcrt) |
|
| |
|
| error = ip_output(m, NULL, &ipforward_rt, |
error = ip_output(m, NULL, &ipforward_rt, |
| (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), |
(IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), |
| (struct ip_moptions *)NULL, (struct socket *)NULL); |
NULL, NULL); |
| |
|
| if (error) |
if (error) |
| IP_STATINC(IP_STAT_CANTFORWARD); |
IP_STATINC(IP_STAT_CANTFORWARD); |
| Line 1452 ip_forward(struct mbuf *m, int srcrt) |
|
| Line 1422 ip_forward(struct mbuf *m, int srcrt) |
|
| if ((rt = rtcache_validate(&ipforward_rt)) != NULL) |
if ((rt = rtcache_validate(&ipforward_rt)) != NULL) |
| destmtu = rt->rt_ifp->if_mtu; |
destmtu = rt->rt_ifp->if_mtu; |
| |
|
| #if defined(IPSEC) || defined(FAST_IPSEC) |
#if defined(FAST_IPSEC) |
| { |
{ |
| /* |
/* |
| * If the packet is routed over IPsec tunnel, tell the |
* If the packet is routed over IPsec tunnel, tell the |
| Line 1494 ip_forward(struct mbuf *m, int srcrt) |
|
| Line 1464 ip_forward(struct mbuf *m, int srcrt) |
|
| } |
} |
| } |
} |
| |
|
| #ifdef IPSEC |
|
| key_freesp(sp); |
|
| #else |
|
| KEY_FREESP(&sp); |
KEY_FREESP(&sp); |
| #endif |
|
| } |
} |
| } |
} |
| #endif /*defined(IPSEC) || defined(FAST_IPSEC)*/ |
#endif /*defined(FAST_IPSEC)*/ |
| IP_STATINC(IP_STAT_CANTFRAG); |
IP_STATINC(IP_STAT_CANTFRAG); |
| break; |
break; |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to ip_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet