version 1.35, 1996/09/09 14:51:16 |
version 1.47, 1997/02/25 08:35:42 |
|
|
#include <sys/domain.h> |
#include <sys/domain.h> |
#include <sys/protosw.h> |
#include <sys/protosw.h> |
#include <sys/socket.h> |
#include <sys/socket.h> |
|
#include <sys/socketvar.h> |
#include <sys/errno.h> |
#include <sys/errno.h> |
#include <sys/time.h> |
#include <sys/time.h> |
#include <sys/kernel.h> |
#include <sys/kernel.h> |
|
|
#include <sys/sysctl.h> |
#include <sys/sysctl.h> |
|
|
#include <net/if.h> |
#include <net/if.h> |
|
#include <net/if_dl.h> |
#include <net/route.h> |
#include <net/route.h> |
|
#include <net/pfil.h> |
|
|
#include <netinet/in.h> |
#include <netinet/in.h> |
#include <netinet/in_systm.h> |
#include <netinet/in_systm.h> |
|
|
#include <netinet/ip_var.h> |
#include <netinet/ip_var.h> |
#include <netinet/ip_icmp.h> |
#include <netinet/ip_icmp.h> |
|
|
|
/* XXX should really put this in libkern.h */ |
|
#define offsetof(type, member) ((size_t)(&((type *)0)->member)) |
|
|
#ifndef IPFORWARDING |
#ifndef IPFORWARDING |
#ifdef GATEWAY |
#ifdef GATEWAY |
#define IPFORWARDING 1 /* forward IP packets not for us */ |
#define IPFORWARDING 1 /* forward IP packets not for us */ |
|
|
#define IPSENDREDIRECTS 1 |
#define IPSENDREDIRECTS 1 |
#endif |
#endif |
#ifndef IPFORWSRCRT |
#ifndef IPFORWSRCRT |
#define IPFORWSRCRT 1 /* allow source-routed packets */ |
#define IPFORWSRCRT 1 /* forward source-routed packets */ |
|
#endif |
|
#ifndef IPALLOWSRCRT |
|
#define IPALLOWSRCRT 0 /* reject all source-routed packets */ |
#endif |
#endif |
/* |
/* |
* Note: DIRECTED_BROADCAST is handled this way so that previous |
* Note: DIRECTED_BROADCAST is handled this way so that previous |
Line 90 int ipsendredirects = IPSENDREDIRECTS; |
|
Line 99 int ipsendredirects = IPSENDREDIRECTS; |
|
int ip_defttl = IPDEFTTL; |
int ip_defttl = IPDEFTTL; |
int ip_forwsrcrt = IPFORWSRCRT; |
int ip_forwsrcrt = IPFORWSRCRT; |
int ip_directedbcast = IPDIRECTEDBCAST; |
int ip_directedbcast = IPDIRECTEDBCAST; |
|
int ip_allowsrcrt = IPALLOWSRCRT; |
#ifdef DIAGNOSTIC |
#ifdef DIAGNOSTIC |
int ipprintfs = 0; |
int ipprintfs = 0; |
#endif |
#endif |
|
|
register struct in_ifaddr *ia; |
register struct in_ifaddr *ia; |
struct ipqent *ipqe; |
struct ipqent *ipqe; |
int hlen = 0, mff, len, s; |
int hlen = 0, mff, len, s; |
#ifdef PACKET_FILTER |
#ifdef PFIL_HOOKS |
struct packet_filter_hook *pfh; |
struct packet_filter_hook *pfh; |
struct mbuf *m0; |
struct mbuf *m0; |
#endif /* PACKET_FILTER */ |
int rv; |
|
#endif /* PFIL_HOOKS */ |
|
|
next: |
next: |
/* |
/* |
|
|
m_adj(m, len - m->m_pkthdr.len); |
m_adj(m, len - m->m_pkthdr.len); |
} |
} |
|
|
#ifdef PACKET_FILTER |
#ifdef PFIL_HOOKS |
/* |
/* |
* Run through list of hooks for input packets. |
* Run through list of hooks for input packets. |
*/ |
*/ |
m0 = m; |
m0 = m; |
for (pfh = pfil_hook_get(PFIL_IN); pfh; pfh = pfh->pfil_link.le_next) |
for (pfh = pfil_hook_get(PFIL_IN); pfh; pfh = pfh->pfil_link.le_next) |
if (pfh->pfil_func) { |
if (pfh->pfil_func) { |
if (pfh->pfil_func(ip, hlen, m->m_pkthdr.rcvif, 0, &m0)) |
rv = pfh->pfil_func(ip, hlen, m->m_pkthdr.rcvif, 0, &m0); |
goto bad; |
|
ip = mtod(m = m0, struct ip *); |
ip = mtod(m = m0, struct ip *); |
|
if (rv) |
|
goto next; |
} |
} |
#endif /* PACKET_FILTER */ |
#endif /* PFIL_HOOKS */ |
|
|
/* |
/* |
* Process options and, if not destined for us, |
* Process options and, if not destined for us, |
|
|
* if the packet was previously fragmented, |
* if the packet was previously fragmented, |
* but it's not worth the time; just let them time out.) |
* but it's not worth the time; just let them time out.) |
*/ |
*/ |
if (ip->ip_off &~ IP_DF) { |
if (ip->ip_off & ~(IP_DF|IP_RF)) { |
if (m->m_flags & M_EXT) { /* XXX */ |
if (m->m_flags & M_EXT) { /* XXX */ |
if ((m = m_pullup(m, sizeof (struct ip))) == 0) { |
if ((m = m_pullup(m, sizeof (struct ip))) == 0) { |
ipstat.ips_toosmall++; |
ipstat.ips_toosmall++; |
|
|
(*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen); |
(*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen); |
goto next; |
goto next; |
bad: |
bad: |
#ifdef PACKET_FILTER |
|
m0 = m; |
|
for (pfh = pfil_hook_get(PFIL_BAD); pfh; pfh = pfh->pfil_link.le_next) |
|
if (pfh->pfil_func) { |
|
(void)pfh->pfil_func(ip, hlen, m->m_pkthdr.rcvif, 2, &m0); |
|
ip = mtod(m = m0, struct ip *); |
|
} |
|
#endif /* PACKET_FILTER */ |
|
m_freem(m); |
m_freem(m); |
goto next; |
goto next; |
} |
} |
|
|
return (0); |
return (0); |
|
|
/* |
/* |
* Reassembly is complete; concatenate fragments. |
* Reassembly is complete. Check for a bogus message size and |
|
* concatenate fragments. |
*/ |
*/ |
q = fp->ipq_fragq.lh_first; |
q = fp->ipq_fragq.lh_first; |
ip = q->ipqe_ip; |
ip = q->ipqe_ip; |
|
if ((next + (ip->ip_hl << 2)) > IP_MAXPACKET) { |
|
ipstat.ips_toolong++; |
|
ip_freef(fp); |
|
return (0); |
|
} |
m = dtom(q->ipqe_ip); |
m = dtom(q->ipqe_ip); |
t = m->m_next; |
t = m->m_next; |
m->m_next = 0; |
m->m_next = 0; |
|
|
*/ |
*/ |
case IPOPT_LSRR: |
case IPOPT_LSRR: |
case IPOPT_SSRR: |
case IPOPT_SSRR: |
|
if (ip_allowsrcrt == 0) { |
|
type = ICMP_UNREACH; |
|
code = ICMP_UNREACH_NET_PROHIB; |
|
goto bad; |
|
} |
if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
code = &cp[IPOPT_OFFSET] - (u_char *)ip; |
code = &cp[IPOPT_OFFSET] - (u_char *)ip; |
goto bad; |
goto bad; |
Line 1156 ip_forward(m, srcrt) |
|
Line 1171 ip_forward(m, srcrt) |
|
icmp_error(mcopy, type, code, dest, destifp); |
icmp_error(mcopy, type, code, dest, destifp); |
} |
} |
|
|
|
void |
|
ip_savecontrol(inp, mp, ip, m) |
|
register struct inpcb *inp; |
|
register struct mbuf **mp; |
|
register struct ip *ip; |
|
register struct mbuf *m; |
|
{ |
|
|
|
if (inp->inp_socket->so_options & SO_TIMESTAMP) { |
|
struct timeval tv; |
|
|
|
microtime(&tv); |
|
*mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), |
|
SCM_TIMESTAMP, SOL_SOCKET); |
|
if (*mp) |
|
mp = &(*mp)->m_next; |
|
} |
|
if (inp->inp_flags & INP_RECVDSTADDR) { |
|
*mp = sbcreatecontrol((caddr_t) &ip->ip_dst, |
|
sizeof(struct in_addr), IP_RECVDSTADDR, IPPROTO_IP); |
|
if (*mp) |
|
mp = &(*mp)->m_next; |
|
} |
|
#ifdef notyet |
|
/* |
|
* XXX |
|
* Moving these out of udp_input() made them even more broken |
|
* than they already were. |
|
* - fenner@parc.xerox.com |
|
*/ |
|
/* options were tossed already */ |
|
if (inp->inp_flags & INP_RECVOPTS) { |
|
*mp = sbcreatecontrol((caddr_t) opts_deleted_above, |
|
sizeof(struct in_addr), IP_RECVOPTS, IPPROTO_IP); |
|
if (*mp) |
|
mp = &(*mp)->m_next; |
|
} |
|
/* ip_srcroute doesn't do what we want here, need to fix */ |
|
if (inp->inp_flags & INP_RECVRETOPTS) { |
|
*mp = sbcreatecontrol((caddr_t) ip_srcroute(), |
|
sizeof(struct in_addr), IP_RECVRETOPTS, IPPROTO_IP); |
|
if (*mp) |
|
mp = &(*mp)->m_next; |
|
} |
|
#endif |
|
if (inp->inp_flags & INP_RECVIF) { |
|
struct sockaddr_dl sdl; |
|
|
|
sdl.sdl_len = offsetof(struct sockaddr_dl, sdl_data[0]); |
|
sdl.sdl_family = AF_LINK; |
|
sdl.sdl_index = m->m_pkthdr.rcvif ? |
|
m->m_pkthdr.rcvif->if_index : 0; |
|
sdl.sdl_nlen = sdl.sdl_alen = sdl.sdl_slen = 0; |
|
*mp = sbcreatecontrol((caddr_t) &sdl, sdl.sdl_len, |
|
IP_RECVIF, IPPROTO_IP); |
|
if (*mp) |
|
mp = &(*mp)->m_next; |
|
} |
|
} |
|
|
int |
int |
ip_sysctl(name, namelen, oldp, oldlenp, newp, newlen) |
ip_sysctl(name, namelen, oldp, oldlenp, newp, newlen) |
int *name; |
int *name; |
Line 1182 ip_sysctl(name, namelen, oldp, oldlenp, |
|
Line 1257 ip_sysctl(name, namelen, oldp, oldlenp, |
|
return (sysctl_int(oldp, oldlenp, newp, newlen, &ip_mtu)); |
return (sysctl_int(oldp, oldlenp, newp, newlen, &ip_mtu)); |
#endif |
#endif |
case IPCTL_FORWSRCRT: |
case IPCTL_FORWSRCRT: |
/* |
/* Don't allow this to change in a secure environment. */ |
* Don't allow this to change in a secure environment. |
|
*/ |
|
if (securelevel > 0) |
if (securelevel > 0) |
return (EPERM); |
return (sysctl_rdint(oldp, oldlenp, newp, |
return (sysctl_int(oldp, oldlenp, newp, newlen, |
ip_forwsrcrt)); |
&ip_forwsrcrt)); |
else |
|
return (sysctl_int(oldp, oldlenp, newp, newlen, |
|
&ip_forwsrcrt)); |
case IPCTL_DIRECTEDBCAST: |
case IPCTL_DIRECTEDBCAST: |
return (sysctl_int(oldp, oldlenp, newp, newlen, |
return (sysctl_int(oldp, oldlenp, newp, newlen, |
&ip_directedbcast)); |
&ip_directedbcast)); |
|
case IPCTL_ALLOWSRCRT: |
|
return (sysctl_int(oldp, oldlenp, newp, newlen, |
|
&ip_allowsrcrt)); |
default: |
default: |
return (EOPNOTSUPP); |
return (EOPNOTSUPP); |
} |
} |