| version 1.33, 1996/09/06 05:07:44 |
version 1.49, 1997/04/15 00:41:52 |
|
|
| #include <sys/domain.h> |
#include <sys/domain.h> |
| #include <sys/protosw.h> |
#include <sys/protosw.h> |
| #include <sys/socket.h> |
#include <sys/socket.h> |
| |
#include <sys/socketvar.h> |
| #include <sys/errno.h> |
#include <sys/errno.h> |
| #include <sys/time.h> |
#include <sys/time.h> |
| #include <sys/kernel.h> |
#include <sys/kernel.h> |
|
|
| #include <sys/sysctl.h> |
#include <sys/sysctl.h> |
| |
|
| #include <net/if.h> |
#include <net/if.h> |
| |
#include <net/if_dl.h> |
| #include <net/route.h> |
#include <net/route.h> |
| |
#include <net/pfil.h> |
| |
|
| #include <netinet/in.h> |
#include <netinet/in.h> |
| #include <netinet/in_systm.h> |
#include <netinet/in_systm.h> |
|
|
| #include <netinet/ip_var.h> |
#include <netinet/ip_var.h> |
| #include <netinet/ip_icmp.h> |
#include <netinet/ip_icmp.h> |
| |
|
| |
/* XXX should really put this in libkern.h */ |
| |
#define offsetof(type, member) ((size_t)(&((type *)0)->member)) |
| |
|
| #ifndef IPFORWARDING |
#ifndef IPFORWARDING |
| #ifdef GATEWAY |
#ifdef GATEWAY |
| #define IPFORWARDING 1 /* forward IP packets not for us */ |
#define IPFORWARDING 1 /* forward IP packets not for us */ |
|
|
| #define IPSENDREDIRECTS 1 |
#define IPSENDREDIRECTS 1 |
| #endif |
#endif |
| #ifndef IPFORWSRCRT |
#ifndef IPFORWSRCRT |
| #define IPFORWSRCRT 1 /* allow source-routed packets */ |
#define IPFORWSRCRT 1 /* forward source-routed packets */ |
| |
#endif |
| |
#ifndef IPALLOWSRCRT |
| |
#define IPALLOWSRCRT 1 /* allow source-routed packets */ |
| #endif |
#endif |
| /* |
/* |
| * Note: DIRECTED_BROADCAST is handled this way so that previous |
* Note: DIRECTED_BROADCAST is handled this way so that previous |
| Line 90 int ipsendredirects = IPSENDREDIRECTS; |
|
| Line 99 int ipsendredirects = IPSENDREDIRECTS; |
|
| int ip_defttl = IPDEFTTL; |
int ip_defttl = IPDEFTTL; |
| int ip_forwsrcrt = IPFORWSRCRT; |
int ip_forwsrcrt = IPFORWSRCRT; |
| int ip_directedbcast = IPDIRECTEDBCAST; |
int ip_directedbcast = IPDIRECTEDBCAST; |
| |
int ip_allowsrcrt = IPALLOWSRCRT; |
| #ifdef DIAGNOSTIC |
#ifdef DIAGNOSTIC |
| int ipprintfs = 0; |
int ipprintfs = 0; |
| #endif |
#endif |
| Line 117 static struct ip_srcrt { |
|
| Line 127 static struct ip_srcrt { |
|
| } ip_srcrt; |
} ip_srcrt; |
| |
|
| static void save_rte __P((u_char *, struct in_addr)); |
static void save_rte __P((u_char *, struct in_addr)); |
| |
|
| /* |
/* |
| * IP initialization: fill in IP protocol switch table. |
* IP initialization: fill in IP protocol switch table. |
| * All protocols not implemented in kernel go to raw IP protocol handler. |
* All protocols not implemented in kernel go to raw IP protocol handler. |
|
|
| register struct ipq *fp; |
register struct ipq *fp; |
| register struct in_ifaddr *ia; |
register struct in_ifaddr *ia; |
| struct ipqent *ipqe; |
struct ipqent *ipqe; |
| int hlen = 0, mff, s; |
int hlen = 0, mff, len, s; |
| #ifdef PACKET_FILTER |
#ifdef PFIL_HOOKS |
| struct packet_filter_hook *pfh; |
struct packet_filter_hook *pfh; |
| struct mbuf *m0; |
struct mbuf *m0; |
| #endif /* PACKET_FILTER */ |
int rv; |
| |
#endif /* PFIL_HOOKS */ |
| |
|
| next: |
next: |
| /* |
/* |
|
|
| * Convert fields to host representation. |
* Convert fields to host representation. |
| */ |
*/ |
| NTOHS(ip->ip_len); |
NTOHS(ip->ip_len); |
| if (ip->ip_len < hlen) { |
|
| ipstat.ips_badlen++; |
|
| goto bad; |
|
| } |
|
| NTOHS(ip->ip_id); |
NTOHS(ip->ip_id); |
| NTOHS(ip->ip_off); |
NTOHS(ip->ip_off); |
| |
len = ip->ip_len; |
| |
|
| /* |
/* |
| * Check that the amount of data in the buffers |
* Check that the amount of data in the buffers |
|
|
| * Trim mbufs if longer than we expect. |
* Trim mbufs if longer than we expect. |
| * Drop packet if shorter than we expect. |
* Drop packet if shorter than we expect. |
| */ |
*/ |
| if (m->m_pkthdr.len < ip->ip_len) { |
if (m->m_pkthdr.len < len) { |
| ipstat.ips_tooshort++; |
ipstat.ips_tooshort++; |
| goto bad; |
goto bad; |
| } |
} |
| if (m->m_pkthdr.len > ip->ip_len) { |
if (m->m_pkthdr.len > len) { |
| if (m->m_len == m->m_pkthdr.len) { |
if (m->m_len == m->m_pkthdr.len) { |
| m->m_len = ip->ip_len; |
m->m_len = len; |
| m->m_pkthdr.len = ip->ip_len; |
m->m_pkthdr.len = len; |
| } else |
} else |
| m_adj(m, ip->ip_len - m->m_pkthdr.len); |
m_adj(m, len - m->m_pkthdr.len); |
| } |
} |
| |
|
| #ifdef PACKET_FILTER |
#ifdef PFIL_HOOKS |
| /* |
/* |
| * Run through list of hooks for input packets. |
* Run through list of hooks for input packets. |
| */ |
*/ |
| m0 = m; |
m0 = m; |
| for (pfh = pfil_hook_get(PFIL_IN); pfh; pfh = pfh->pfil_link.le_next) |
for (pfh = pfil_hook_get(PFIL_IN); pfh; pfh = pfh->pfil_link.le_next) |
| if (pfh->pfil_func) { |
if (pfh->pfil_func) { |
| if (pfh->pfil_func(ip, hlen, m->m_pkthdr.rcvif, 0, &m0)) |
rv = pfh->pfil_func(ip, hlen, m->m_pkthdr.rcvif, 0, &m0); |
| goto bad; |
if (rv) |
| |
goto next; |
| ip = mtod(m = m0, struct ip *); |
ip = mtod(m = m0, struct ip *); |
| } |
} |
| #endif /* PACKET_FILTER */ |
#endif /* PFIL_HOOKS */ |
| |
|
| /* |
/* |
| * Process options and, if not destined for us, |
* Process options and, if not destined for us, |
|
|
| * Check our list of addresses, to see if the packet is for us. |
* Check our list of addresses, to see if the packet is for us. |
| */ |
*/ |
| for (ia = in_ifaddr.tqh_first; ia; ia = ia->ia_list.tqe_next) { |
for (ia = in_ifaddr.tqh_first; ia; ia = ia->ia_list.tqe_next) { |
| if (ip->ip_dst.s_addr == ia->ia_addr.sin_addr.s_addr) |
if (in_hosteq(ip->ip_dst, ia->ia_addr.sin_addr)) |
| goto ours; |
goto ours; |
| if (((ip_directedbcast == 0) || (ip_directedbcast && |
if (((ip_directedbcast == 0) || (ip_directedbcast && |
| ia->ia_ifp == m->m_pkthdr.rcvif)) && |
ia->ia_ifp == m->m_pkthdr.rcvif)) && |
| (ia->ia_ifp->if_flags & IFF_BROADCAST)) { |
(ia->ia_ifp->if_flags & IFF_BROADCAST)) { |
| if (ip->ip_dst.s_addr == ia->ia_broadaddr.sin_addr.s_addr || |
if (in_hosteq(ip->ip_dst, ia->ia_broadaddr.sin_addr) || |
| ip->ip_dst.s_addr == ia->ia_netbroadcast.s_addr || |
in_hosteq(ip->ip_dst, ia->ia_netbroadcast) || |
| /* |
/* |
| * Look for all-0's host part (old broadcast addr), |
* Look for all-0's host part (old broadcast addr), |
| * either for subnet or net. |
* either for subnet or net. |
|
|
| goto ours; |
goto ours; |
| } |
} |
| if (ip->ip_dst.s_addr == INADDR_BROADCAST || |
if (ip->ip_dst.s_addr == INADDR_BROADCAST || |
| ip->ip_dst.s_addr == INADDR_ANY) |
in_nullhost(ip->ip_dst)) |
| goto ours; |
goto ours; |
| |
|
| /* |
/* |
|
|
| * if the packet was previously fragmented, |
* if the packet was previously fragmented, |
| * but it's not worth the time; just let them time out.) |
* but it's not worth the time; just let them time out.) |
| */ |
*/ |
| if (ip->ip_off &~ IP_DF) { |
if (ip->ip_off & ~(IP_DF|IP_RF)) { |
| if (m->m_flags & M_EXT) { /* XXX */ |
if (m->m_flags & M_EXT) { /* XXX */ |
| if ((m = m_pullup(m, sizeof (struct ip))) == 0) { |
if ((m = m_pullup(m, sizeof (struct ip))) == 0) { |
| ipstat.ips_toosmall++; |
ipstat.ips_toosmall++; |
|
|
| */ |
*/ |
| for (fp = ipq.lh_first; fp != NULL; fp = fp->ipq_q.le_next) |
for (fp = ipq.lh_first; fp != NULL; fp = fp->ipq_q.le_next) |
| if (ip->ip_id == fp->ipq_id && |
if (ip->ip_id == fp->ipq_id && |
| ip->ip_src.s_addr == fp->ipq_src.s_addr && |
in_hosteq(ip->ip_src, fp->ipq_src) && |
| ip->ip_dst.s_addr == fp->ipq_dst.s_addr && |
in_hosteq(ip->ip_dst, fp->ipq_dst) && |
| ip->ip_p == fp->ipq_p) |
ip->ip_p == fp->ipq_p) |
| goto found; |
goto found; |
| fp = 0; |
fp = 0; |
|
|
| (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen); |
(*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen); |
| goto next; |
goto next; |
| bad: |
bad: |
| #ifdef PACKET_FILTER |
|
| m0 = m; |
|
| for (pfh = pfil_hook_get(PFIL_BAD); pfh; pfh = pfh->pfil_link.le_next) |
|
| if (pfh->pfil_func) { |
|
| (void)pfh->pfil_func(ip, hlen, m->m_pkthdr.rcvif, 2, &m0); |
|
| ip = mtod(m = m0, struct ip *); |
|
| } |
|
| #endif /* PACKET_FILTER */ |
|
| m_freem(m); |
m_freem(m); |
| goto next; |
goto next; |
| } |
} |
|
|
| return (0); |
return (0); |
| |
|
| /* |
/* |
| * Reassembly is complete; concatenate fragments. |
* Reassembly is complete. Check for a bogus message size and |
| |
* concatenate fragments. |
| */ |
*/ |
| q = fp->ipq_fragq.lh_first; |
q = fp->ipq_fragq.lh_first; |
| ip = q->ipqe_ip; |
ip = q->ipqe_ip; |
| |
if ((next + (ip->ip_hl << 2)) > IP_MAXPACKET) { |
| |
ipstat.ips_toolong++; |
| |
ip_freef(fp); |
| |
return (0); |
| |
} |
| m = dtom(q->ipqe_ip); |
m = dtom(q->ipqe_ip); |
| t = m->m_next; |
t = m->m_next; |
| m->m_next = 0; |
m->m_next = 0; |
|
|
| */ |
*/ |
| case IPOPT_LSRR: |
case IPOPT_LSRR: |
| case IPOPT_SSRR: |
case IPOPT_SSRR: |
| |
if (ip_allowsrcrt == 0) { |
| |
type = ICMP_UNREACH; |
| |
code = ICMP_UNREACH_NET_PROHIB; |
| |
goto bad; |
| |
} |
| if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
| code = &cp[IPOPT_OFFSET] - (u_char *)ip; |
code = &cp[IPOPT_OFFSET] - (u_char *)ip; |
| goto bad; |
goto bad; |
|
|
| |
|
| sin = satosin(&ipforward_rt.ro_dst); |
sin = satosin(&ipforward_rt.ro_dst); |
| |
|
| if (ipforward_rt.ro_rt == 0 || dst.s_addr != sin->sin_addr.s_addr) { |
if (ipforward_rt.ro_rt == 0 || !in_hosteq(dst, sin->sin_addr)) { |
| if (ipforward_rt.ro_rt) { |
if (ipforward_rt.ro_rt) { |
| RTFREE(ipforward_rt.ro_rt); |
RTFREE(ipforward_rt.ro_rt); |
| ipforward_rt.ro_rt = 0; |
ipforward_rt.ro_rt = 0; |
| Line 1041 ip_forward(m, srcrt) |
|
| Line 1054 ip_forward(m, srcrt) |
|
| #ifdef DIAGNOSTIC |
#ifdef DIAGNOSTIC |
| if (ipprintfs) |
if (ipprintfs) |
| printf("forward: src %x dst %x ttl %x\n", |
printf("forward: src %x dst %x ttl %x\n", |
| ip->ip_src.s_addr, ip->ip_dst.s_addr, ip->ip_ttl); |
ip->ip_src.s_addr, ip->ip_dst.s_addr, ip->ip_ttl); |
| #endif |
#endif |
| if (m->m_flags & M_BCAST || in_canforward(ip->ip_dst) == 0) { |
if (m->m_flags & M_BCAST || in_canforward(ip->ip_dst) == 0) { |
| ipstat.ips_cantforward++; |
ipstat.ips_cantforward++; |
| Line 1057 ip_forward(m, srcrt) |
|
| Line 1070 ip_forward(m, srcrt) |
|
| |
|
| sin = satosin(&ipforward_rt.ro_dst); |
sin = satosin(&ipforward_rt.ro_dst); |
| if ((rt = ipforward_rt.ro_rt) == 0 || |
if ((rt = ipforward_rt.ro_rt) == 0 || |
| ip->ip_dst.s_addr != sin->sin_addr.s_addr) { |
!in_hosteq(ip->ip_dst, sin->sin_addr)) { |
| if (ipforward_rt.ro_rt) { |
if (ipforward_rt.ro_rt) { |
| RTFREE(ipforward_rt.ro_rt); |
RTFREE(ipforward_rt.ro_rt); |
| ipforward_rt.ro_rt = 0; |
ipforward_rt.ro_rt = 0; |
| } |
} |
| sin->sin_family = AF_INET; |
sin->sin_family = AF_INET; |
| sin->sin_len = sizeof(*sin); |
sin->sin_len = sizeof(struct sockaddr_in); |
| sin->sin_addr = ip->ip_dst; |
sin->sin_addr = ip->ip_dst; |
| |
|
| rtalloc(&ipforward_rt); |
rtalloc(&ipforward_rt); |
| Line 1075 ip_forward(m, srcrt) |
|
| Line 1088 ip_forward(m, srcrt) |
|
| } |
} |
| |
|
| /* |
/* |
| * Save at most 64 bytes of the packet in case |
* Save at most 68 bytes of the packet in case |
| * we need to generate an ICMP message to the src. |
* we need to generate an ICMP message to the src. |
| */ |
*/ |
| mcopy = m_copy(m, 0, imin((int)ip->ip_len, 64)); |
mcopy = m_copy(m, 0, imin((int)ip->ip_len, 68)); |
| |
|
| /* |
/* |
| * If forwarding packet using same interface that it came in on, |
* If forwarding packet using same interface that it came in on, |
| Line 1090 ip_forward(m, srcrt) |
|
| Line 1103 ip_forward(m, srcrt) |
|
| */ |
*/ |
| if (rt->rt_ifp == m->m_pkthdr.rcvif && |
if (rt->rt_ifp == m->m_pkthdr.rcvif && |
| (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0 && |
(rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0 && |
| satosin(rt_key(rt))->sin_addr.s_addr != 0 && |
!in_nullhost(satosin(rt_key(rt))->sin_addr) && |
| ipsendredirects && !srcrt) { |
ipsendredirects && !srcrt) { |
| if (rt->rt_ifa && |
if (rt->rt_ifa && |
| (ip->ip_src.s_addr & ifatoia(rt->rt_ifa)->ia_subnetmask) == |
(ip->ip_src.s_addr & ifatoia(rt->rt_ifa)->ia_subnetmask) == |
| Line 1104 ip_forward(m, srcrt) |
|
| Line 1117 ip_forward(m, srcrt) |
|
| code = ICMP_REDIRECT_HOST; |
code = ICMP_REDIRECT_HOST; |
| #ifdef DIAGNOSTIC |
#ifdef DIAGNOSTIC |
| if (ipprintfs) |
if (ipprintfs) |
| printf("redirect (%d) to %x\n", code, (u_int32_t)dest); |
printf("redirect (%d) to %x\n", code, (u_int32_t)dest); |
| #endif |
#endif |
| } |
} |
| } |
} |
| Line 1158 ip_forward(m, srcrt) |
|
| Line 1171 ip_forward(m, srcrt) |
|
| icmp_error(mcopy, type, code, dest, destifp); |
icmp_error(mcopy, type, code, dest, destifp); |
| } |
} |
| |
|
| |
void |
| |
ip_savecontrol(inp, mp, ip, m) |
| |
register struct inpcb *inp; |
| |
register struct mbuf **mp; |
| |
register struct ip *ip; |
| |
register struct mbuf *m; |
| |
{ |
| |
|
| |
if (inp->inp_socket->so_options & SO_TIMESTAMP) { |
| |
struct timeval tv; |
| |
|
| |
microtime(&tv); |
| |
*mp = sbcreatecontrol((caddr_t) &tv, sizeof(tv), |
| |
SCM_TIMESTAMP, SOL_SOCKET); |
| |
if (*mp) |
| |
mp = &(*mp)->m_next; |
| |
} |
| |
if (inp->inp_flags & INP_RECVDSTADDR) { |
| |
*mp = sbcreatecontrol((caddr_t) &ip->ip_dst, |
| |
sizeof(struct in_addr), IP_RECVDSTADDR, IPPROTO_IP); |
| |
if (*mp) |
| |
mp = &(*mp)->m_next; |
| |
} |
| |
#ifdef notyet |
| |
/* |
| |
* XXX |
| |
* Moving these out of udp_input() made them even more broken |
| |
* than they already were. |
| |
* - fenner@parc.xerox.com |
| |
*/ |
| |
/* options were tossed already */ |
| |
if (inp->inp_flags & INP_RECVOPTS) { |
| |
*mp = sbcreatecontrol((caddr_t) opts_deleted_above, |
| |
sizeof(struct in_addr), IP_RECVOPTS, IPPROTO_IP); |
| |
if (*mp) |
| |
mp = &(*mp)->m_next; |
| |
} |
| |
/* ip_srcroute doesn't do what we want here, need to fix */ |
| |
if (inp->inp_flags & INP_RECVRETOPTS) { |
| |
*mp = sbcreatecontrol((caddr_t) ip_srcroute(), |
| |
sizeof(struct in_addr), IP_RECVRETOPTS, IPPROTO_IP); |
| |
if (*mp) |
| |
mp = &(*mp)->m_next; |
| |
} |
| |
#endif |
| |
if (inp->inp_flags & INP_RECVIF) { |
| |
struct sockaddr_dl sdl; |
| |
|
| |
sdl.sdl_len = offsetof(struct sockaddr_dl, sdl_data[0]); |
| |
sdl.sdl_family = AF_LINK; |
| |
sdl.sdl_index = m->m_pkthdr.rcvif ? |
| |
m->m_pkthdr.rcvif->if_index : 0; |
| |
sdl.sdl_nlen = sdl.sdl_alen = sdl.sdl_slen = 0; |
| |
*mp = sbcreatecontrol((caddr_t) &sdl, sdl.sdl_len, |
| |
IP_RECVIF, IPPROTO_IP); |
| |
if (*mp) |
| |
mp = &(*mp)->m_next; |
| |
} |
| |
} |
| |
|
| int |
int |
| ip_sysctl(name, namelen, oldp, oldlenp, newp, newlen) |
ip_sysctl(name, namelen, oldp, oldlenp, newp, newlen) |
| int *name; |
int *name; |
| Line 1184 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| Line 1257 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| return (sysctl_int(oldp, oldlenp, newp, newlen, &ip_mtu)); |
return (sysctl_int(oldp, oldlenp, newp, newlen, &ip_mtu)); |
| #endif |
#endif |
| case IPCTL_FORWSRCRT: |
case IPCTL_FORWSRCRT: |
| /* |
/* Don't allow this to change in a secure environment. */ |
| * Don't allow this to change in a secure environment. |
|
| */ |
|
| if (securelevel > 0) |
if (securelevel > 0) |
| return (EPERM); |
return (sysctl_rdint(oldp, oldlenp, newp, |
| return (sysctl_int(oldp, oldlenp, newp, newlen, |
ip_forwsrcrt)); |
| &ip_forwsrcrt)); |
else |
| |
return (sysctl_int(oldp, oldlenp, newp, newlen, |
| |
&ip_forwsrcrt)); |
| case IPCTL_DIRECTEDBCAST: |
case IPCTL_DIRECTEDBCAST: |
| return (sysctl_int(oldp, oldlenp, newp, newlen, |
return (sysctl_int(oldp, oldlenp, newp, newlen, |
| &ip_directedbcast)); |
&ip_directedbcast)); |
| |
case IPCTL_ALLOWSRCRT: |
| |
return (sysctl_int(oldp, oldlenp, newp, newlen, |
| |
&ip_allowsrcrt)); |
| default: |
default: |
| return (EOPNOTSUPP); |
return (EOPNOTSUPP); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet