version 1.296.2.1, 2012/04/17 00:08:40 |
version 1.298.8.1, 2018/02/09 14:11:21 |
Line 140 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 140 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <netinet/ip_mroute.h> |
#include <netinet/ip_mroute.h> |
#endif |
#endif |
|
|
|
#ifdef KAME_IPSEC |
|
#include <netinet6/ipsec.h> |
|
#include <netinet6/ipsec_private.h> |
|
#include <netkey/key.h> |
|
#endif |
#ifdef FAST_IPSEC |
#ifdef FAST_IPSEC |
#include <netipsec/ipsec.h> |
#include <netipsec/ipsec.h> |
#include <netipsec/key.h> |
#include <netipsec/key.h> |
Line 156 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 161 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#define IPSENDREDIRECTS 1 |
#define IPSENDREDIRECTS 1 |
#endif |
#endif |
#ifndef IPFORWSRCRT |
#ifndef IPFORWSRCRT |
#define IPFORWSRCRT 1 /* forward source-routed packets */ |
#define IPFORWSRCRT 0 /* forward source-routed packets */ |
#endif |
#endif |
#ifndef IPALLOWSRCRT |
#ifndef IPALLOWSRCRT |
#define IPALLOWSRCRT 1 /* allow source-routed packets */ |
#define IPALLOWSRCRT 0 /* allow source-routed packets */ |
#endif |
#endif |
#ifndef IPMTUDISC |
#ifndef IPMTUDISC |
#define IPMTUDISC 1 |
#define IPMTUDISC 1 |
Line 531 ip_input(struct mbuf *m) |
|
Line 536 ip_input(struct mbuf *m) |
|
m_adj(m, len - m->m_pkthdr.len); |
m_adj(m, len - m->m_pkthdr.len); |
} |
} |
|
|
|
#if defined(KAME_IPSEC) |
|
/* ipflow (IP fast forwarding) is not compatible with IPsec. */ |
|
m->m_flags &= ~M_CANFASTFWD; |
|
#else |
/* |
/* |
* Assume that we can create a fast-forward IP flow entry |
* Assume that we can create a fast-forward IP flow entry |
* based on this packet. |
* based on this packet. |
*/ |
*/ |
m->m_flags |= M_CANFASTFWD; |
m->m_flags |= M_CANFASTFWD; |
|
#endif |
|
|
#ifdef PFIL_HOOKS |
#ifdef PFIL_HOOKS |
/* |
/* |
Line 549 ip_input(struct mbuf *m) |
|
Line 559 ip_input(struct mbuf *m) |
|
* let ipfilter look at packet on the wire, |
* let ipfilter look at packet on the wire, |
* not the decapsulated packet. |
* not the decapsulated packet. |
*/ |
*/ |
#if defined(FAST_IPSEC) |
#ifdef KAME_IPSEC |
|
if (!ipsec_getnhist(m)) |
|
#elif defined(FAST_IPSEC) |
if (!ipsec_indone(m)) |
if (!ipsec_indone(m)) |
#else |
#else |
if (1) |
if (1) |
Line 731 ip_input(struct mbuf *m) |
|
Line 743 ip_input(struct mbuf *m) |
|
IP_STATINC(IP_STAT_CANTFORWARD); |
IP_STATINC(IP_STAT_CANTFORWARD); |
return; |
return; |
} |
} |
|
#ifdef KAME_IPSEC |
|
if (ipsec4_in_reject(m, NULL)) { |
|
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); |
|
goto bad; |
|
} |
|
#endif |
#ifdef FAST_IPSEC |
#ifdef FAST_IPSEC |
mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); |
mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); |
s = splsoftnet(); |
s = splsoftnet(); |
|
|
hlen = ip->ip_hl << 2; |
hlen = ip->ip_hl << 2; |
} |
} |
|
|
|
#if defined(KAME_IPSEC) |
|
/* |
|
* enforce IPsec policy checking if we are seeing last header. |
|
* note that we do not visit this with protocols with pcb layer |
|
* code - like udp/tcp/raw ip. |
|
*/ |
|
if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && |
|
ipsec4_in_reject(m, NULL)) { |
|
IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); |
|
goto bad; |
|
} |
|
#endif |
#ifdef FAST_IPSEC |
#ifdef FAST_IPSEC |
/* |
/* |
* enforce IPsec policy checking if we are seeing last header. |
* enforce IPsec policy checking if we are seeing last header. |
Line 1422 ip_forward(struct mbuf *m, int srcrt) |
|
Line 1452 ip_forward(struct mbuf *m, int srcrt) |
|
if ((rt = rtcache_validate(&ipforward_rt)) != NULL) |
if ((rt = rtcache_validate(&ipforward_rt)) != NULL) |
destmtu = rt->rt_ifp->if_mtu; |
destmtu = rt->rt_ifp->if_mtu; |
|
|
#if defined(FAST_IPSEC) |
#if defined(KAME_IPSEC) || defined(FAST_IPSEC) |
{ |
{ |
/* |
/* |
* If the packet is routed over IPsec tunnel, tell the |
* If the packet is routed over IPsec tunnel, tell the |
Line 1464 ip_forward(struct mbuf *m, int srcrt) |
|
Line 1494 ip_forward(struct mbuf *m, int srcrt) |
|
} |
} |
} |
} |
|
|
|
#ifdef KAME_IPSEC |
|
key_freesp(sp); |
|
#else |
KEY_FREESP(&sp); |
KEY_FREESP(&sp); |
|
#endif |
} |
} |
} |
} |
#endif /*defined(FAST_IPSEC)*/ |
#endif /*defined(KAME_IPSEC) || defined(FAST_IPSEC)*/ |
IP_STATINC(IP_STAT_CANTFRAG); |
IP_STATINC(IP_STAT_CANTFRAG); |
break; |
break; |
|
|