| version 1.296.6.1, 2012/02/18 07:35:39 |
version 1.304, 2013/06/05 19:01:26 |
| Line 139 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| Line 139 __KERNEL_RCSID(0, "$NetBSD$"); |
|
| #ifdef MROUTING |
#ifdef MROUTING |
| #include <netinet/ip_mroute.h> |
#include <netinet/ip_mroute.h> |
| #endif |
#endif |
| |
#include <netinet/portalgo.h> |
| |
|
| #ifdef KAME_IPSEC |
#ifdef IPSEC |
| #include <netinet6/ipsec.h> |
|
| #include <netinet6/ipsec_private.h> |
|
| #include <netkey/key.h> |
|
| #endif |
|
| #ifdef FAST_IPSEC |
|
| #include <netipsec/ipsec.h> |
#include <netipsec/ipsec.h> |
| #include <netipsec/key.h> |
#include <netipsec/key.h> |
| #endif /* FAST_IPSEC*/ |
#endif /* IPSEC*/ |
| |
|
| #ifndef IPFORWARDING |
#ifndef IPFORWARDING |
| #ifdef GATEWAY |
#ifdef GATEWAY |
| Line 409 ip_input(struct mbuf *m) |
|
| Line 405 ip_input(struct mbuf *m) |
|
| int downmatch; |
int downmatch; |
| int checkif; |
int checkif; |
| int srcrt = 0; |
int srcrt = 0; |
| #ifdef FAST_IPSEC |
#ifdef IPSEC |
| struct m_tag *mtag; |
struct m_tag *mtag; |
| struct tdb_ident *tdbi; |
struct tdb_ident *tdbi; |
| struct secpolicy *sp; |
struct secpolicy *sp; |
| int error, s; |
int error, s; |
| #endif /* FAST_IPSEC */ |
#endif /* IPSEC */ |
| |
|
| MCLAIM(m, &ip_rx_mowner); |
MCLAIM(m, &ip_rx_mowner); |
| KASSERT((m->m_flags & M_PKTHDR) != 0); |
KASSERT((m->m_flags & M_PKTHDR) != 0); |
| Line 536 ip_input(struct mbuf *m) |
|
| Line 532 ip_input(struct mbuf *m) |
|
| m_adj(m, len - m->m_pkthdr.len); |
m_adj(m, len - m->m_pkthdr.len); |
| } |
} |
| |
|
| #if defined(KAME_IPSEC) |
|
| /* ipflow (IP fast forwarding) is not compatible with IPsec. */ |
|
| m->m_flags &= ~M_CANFASTFWD; |
|
| #else |
|
| /* |
/* |
| * Assume that we can create a fast-forward IP flow entry |
* Assume that we can create a fast-forward IP flow entry |
| * based on this packet. |
* based on this packet. |
| */ |
*/ |
| m->m_flags |= M_CANFASTFWD; |
m->m_flags |= M_CANFASTFWD; |
| #endif |
|
| |
|
| #ifdef PFIL_HOOKS |
#ifdef PFIL_HOOKS |
| /* |
/* |
| Line 559 ip_input(struct mbuf *m) |
|
| Line 550 ip_input(struct mbuf *m) |
|
| * let ipfilter look at packet on the wire, |
* let ipfilter look at packet on the wire, |
| * not the decapsulated packet. |
* not the decapsulated packet. |
| */ |
*/ |
| #ifdef KAME_IPSEC |
#if defined(IPSEC) |
| if (!ipsec_getnhist(m)) |
|
| #elif defined(FAST_IPSEC) |
|
| if (!ipsec_indone(m)) |
if (!ipsec_indone(m)) |
| #else |
#else |
| if (1) |
if (1) |
| Line 743 ip_input(struct mbuf *m) |
|
| Line 732 ip_input(struct mbuf *m) |
|
| IP_STATINC(IP_STAT_CANTFORWARD); |
IP_STATINC(IP_STAT_CANTFORWARD); |
| return; |
return; |
| } |
} |
| #ifdef KAME_IPSEC |
#ifdef IPSEC |
| if (ipsec4_in_reject(m, NULL)) { |
|
| IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); |
|
| goto bad; |
|
| } |
|
| #endif |
|
| #ifdef FAST_IPSEC |
|
| mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); |
mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL); |
| s = splsoftnet(); |
s = splsoftnet(); |
| if (mtag != NULL) { |
if (mtag != NULL) { |
| Line 796 ip_input(struct mbuf *m) |
|
| Line 779 ip_input(struct mbuf *m) |
|
| } |
} |
| splx(s); |
splx(s); |
| } |
} |
| #endif /* FAST_IPSEC */ |
#endif /* IPSEC */ |
| |
|
| ip_forward(m, srcrt); |
ip_forward(m, srcrt); |
| } |
} |
|
|
| hlen = ip->ip_hl << 2; |
hlen = ip->ip_hl << 2; |
| } |
} |
| |
|
| #if defined(KAME_IPSEC) |
#ifdef IPSEC |
| /* |
|
| * enforce IPsec policy checking if we are seeing last header. |
|
| * note that we do not visit this with protocols with pcb layer |
|
| * code - like udp/tcp/raw ip. |
|
| */ |
|
| if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && |
|
| ipsec4_in_reject(m, NULL)) { |
|
| IPSEC_STATINC(IPSEC_STAT_IN_POLVIO); |
|
| goto bad; |
|
| } |
|
| #endif |
|
| #ifdef FAST_IPSEC |
|
| /* |
/* |
| * enforce IPsec policy checking if we are seeing last header. |
* enforce IPsec policy checking if we are seeing last header. |
| * note that we do not visit this with protocols with pcb layer |
* note that we do not visit this with protocols with pcb layer |
| Line 875 DPRINTF(("ip_input: no SP, packet discar |
|
| Line 846 DPRINTF(("ip_input: no SP, packet discar |
|
| if (error) |
if (error) |
| goto bad; |
goto bad; |
| } |
} |
| #endif /* FAST_IPSEC */ |
#endif /* IPSEC */ |
| |
|
| /* |
/* |
| * Switch out to protocol's input routine. |
* Switch out to protocol's input routine. |
| Line 1452 ip_forward(struct mbuf *m, int srcrt) |
|
| Line 1423 ip_forward(struct mbuf *m, int srcrt) |
|
| if ((rt = rtcache_validate(&ipforward_rt)) != NULL) |
if ((rt = rtcache_validate(&ipforward_rt)) != NULL) |
| destmtu = rt->rt_ifp->if_mtu; |
destmtu = rt->rt_ifp->if_mtu; |
| |
|
| #if defined(KAME_IPSEC) || defined(FAST_IPSEC) |
#if defined(IPSEC) |
| { |
{ |
| /* |
/* |
| * If the packet is routed over IPsec tunnel, tell the |
* If the packet is routed over IPsec tunnel, tell the |
| Line 1494 ip_forward(struct mbuf *m, int srcrt) |
|
| Line 1465 ip_forward(struct mbuf *m, int srcrt) |
|
| } |
} |
| } |
} |
| |
|
| #ifdef KAME_IPSEC |
|
| key_freesp(sp); |
|
| #else |
|
| KEY_FREESP(&sp); |
KEY_FREESP(&sp); |
| #endif |
|
| } |
} |
| } |
} |
| #endif /*defined(KAME_IPSEC) || defined(FAST_IPSEC)*/ |
#endif /*defined(IPSEC)*/ |
| IP_STATINC(IP_STAT_CANTFRAG); |
IP_STATINC(IP_STAT_CANTFRAG); |
| break; |
break; |
| |
|
| Line 1829 sysctl_net_inet_ip_setup(struct sysctllo |
|
| Line 1796 sysctl_net_inet_ip_setup(struct sysctllo |
|
| CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| CTLTYPE_INT, "mtudisctimeout", |
CTLTYPE_INT, "mtudisctimeout", |
| SYSCTL_DESCR("Lifetime of a Path MTU Discovered route"), |
SYSCTL_DESCR("Lifetime of a Path MTU Discovered route"), |
| sysctl_net_inet_ip_pmtudto, 0, &ip_mtudisc_timeout, 0, |
sysctl_net_inet_ip_pmtudto, 0, (void *)&ip_mtudisc_timeout, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, |
CTL_NET, PF_INET, IPPROTO_IP, |
| IPCTL_MTUDISCTIMEOUT, CTL_EOL); |
IPCTL_MTUDISCTIMEOUT, CTL_EOL); |
| #ifdef GATEWAY |
#ifdef GATEWAY |
| Line 1920 sysctl_net_inet_ip_setup(struct sysctllo |
|
| Line 1887 sysctl_net_inet_ip_setup(struct sysctllo |
|
| sysctl_net_inet_ip_stats, 0, NULL, 0, |
sysctl_net_inet_ip_stats, 0, NULL, 0, |
| CTL_NET, PF_INET, IPPROTO_IP, IPCTL_STATS, |
CTL_NET, PF_INET, IPPROTO_IP, IPCTL_STATS, |
| CTL_EOL); |
CTL_EOL); |
| |
|
| |
/* anonportalgo RFC6056 subtree */ |
| |
const struct sysctlnode *portalgo_node; |
| |
sysctl_createv(clog, 0, NULL, &portalgo_node, |
| |
CTLFLAG_PERMANENT, |
| |
CTLTYPE_NODE, "anonportalgo", |
| |
SYSCTL_DESCR("Anonymous Port Algorithm Selection (RFC 6056)"), |
| |
NULL, 0, NULL, 0, |
| |
CTL_NET, PF_INET, IPPROTO_IP, CTL_CREATE, CTL_EOL); |
| |
sysctl_createv(clog, 0, &portalgo_node, NULL, |
| |
CTLFLAG_PERMANENT, |
| |
CTLTYPE_STRING, "available", |
| |
SYSCTL_DESCR("available algorithms"), |
| |
sysctl_portalgo_available, 0, NULL, PORTALGO_MAXLEN, |
| |
CTL_CREATE, CTL_EOL); |
| |
sysctl_createv(clog, 0, &portalgo_node, NULL, |
| |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| |
CTLTYPE_STRING, "selected", |
| |
SYSCTL_DESCR("selected algorithm"), |
| |
sysctl_portalgo_selected4, 0, NULL, PORTALGO_MAXLEN, |
| |
CTL_CREATE, CTL_EOL); |
| |
sysctl_createv(clog, 0, &portalgo_node, NULL, |
| |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
| |
CTLTYPE_STRUCT, "reserve", |
| |
SYSCTL_DESCR("bitmap of reserved ports"), |
| |
sysctl_portalgo_reserve4, 0, NULL, 0, |
| |
CTL_CREATE, CTL_EOL); |
| } |
} |
| |
|
| void |
void |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet