version 1.53.2.4, 1998/11/15 19:18:13 |
version 1.82.2.3, 1999/10/17 23:59:59 |
|
|
/* $NetBSD$ */ |
/* $NetBSD$ */ |
|
|
|
/*- |
|
* Copyright (c) 1998 The NetBSD Foundation, Inc. |
|
* All rights reserved. |
|
* |
|
* This code is derived from software contributed to The NetBSD Foundation |
|
* by Public Access Networks Corporation ("Panix"). It was developed under |
|
* contract to Panix by Eric Haszlakiewicz and Thor Lancelot Simon. |
|
* |
|
* Redistribution and use in source and binary forms, with or without |
|
* modification, are permitted provided that the following conditions |
|
* are met: |
|
* 1. Redistributions of source code must retain the above copyright |
|
* notice, this list of conditions and the following disclaimer. |
|
* 2. Redistributions in binary form must reproduce the above copyright |
|
* notice, this list of conditions and the following disclaimer in the |
|
* documentation and/or other materials provided with the distribution. |
|
* 3. All advertising materials mentioning features or use of this software |
|
* must display the following acknowledgement: |
|
* This product includes software developed by the NetBSD |
|
* Foundation, Inc. and its contributors. |
|
* 4. Neither the name of The NetBSD Foundation nor the names of its |
|
* contributors may be used to endorse or promote products derived |
|
* from this software without specific prior written permission. |
|
* |
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
* POSSIBILITY OF SUCH DAMAGE. |
|
*/ |
|
|
/* |
/* |
* Copyright (c) 1982, 1986, 1988, 1993 |
* Copyright (c) 1982, 1986, 1988, 1993 |
* The Regents of the University of California. All rights reserved. |
* The Regents of the University of California. All rights reserved. |
|
|
* @(#)ip_input.c 8.2 (Berkeley) 1/4/94 |
* @(#)ip_input.c 8.2 (Berkeley) 1/4/94 |
*/ |
*/ |
|
|
/*- |
#include "opt_gateway.h" |
* Copyright (c) 1998 The NetBSD Foundation, Inc. |
#include "opt_pfil_hooks.h" |
* All rights reserved. |
#include "opt_mrouting.h" |
* |
|
* This code is derived from software contributed to The NetBSD Foundation |
|
* by Public Access Networks Corporation ("Panix"). It was developed under |
|
* contract to Panix by Eric Haszlakiewicz and Thor Lancelot Simon. |
|
* |
|
* Redistribution and use in source and binary forms, with or without |
|
* modification, are permitted provided that the following conditions |
|
* are met: |
|
* 1. Redistributions of source code must retain the above copyright |
|
* notice, this list of conditions and the following disclaimer. |
|
* 2. Redistributions in binary form must reproduce the above copyright |
|
* notice, this list of conditions and the following disclaimer in the |
|
* documentation and/or other materials provided with the distribution. |
|
* 3. All advertising materials mentioning features or use of this software |
|
* must display the following acknowledgement: |
|
* This product includes software developed by the NetBSD |
|
* Foundation, Inc. and its contributors. |
|
* 4. Neither the name of The NetBSD Foundation nor the names of its |
|
* contributors may be used to endorse or promote products derived |
|
* from this software without specific prior written permission. |
|
* |
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
* POSSIBILITY OF SUCH DAMAGE. |
|
*/ |
|
|
|
#include <sys/param.h> |
#include <sys/param.h> |
#include <sys/systm.h> |
#include <sys/systm.h> |
|
|
#include <sys/time.h> |
#include <sys/time.h> |
#include <sys/kernel.h> |
#include <sys/kernel.h> |
#include <sys/proc.h> |
#include <sys/proc.h> |
|
#include <sys/pool.h> |
|
|
#include <vm/vm.h> |
#include <vm/vm.h> |
#include <sys/sysctl.h> |
#include <sys/sysctl.h> |
|
|
#include <netinet/ip_var.h> |
#include <netinet/ip_var.h> |
#include <netinet/ip_icmp.h> |
#include <netinet/ip_icmp.h> |
|
|
/* XXX should really put this in libkern.h */ |
|
#define offsetof(type, member) ((size_t)(&((type *)0)->member)) |
|
|
|
#ifndef IPFORWARDING |
#ifndef IPFORWARDING |
#ifdef GATEWAY |
#ifdef GATEWAY |
#define IPFORWARDING 1 /* forward IP packets not for us */ |
#define IPFORWARDING 1 /* forward IP packets not for us */ |
|
|
#define IPMTUDISCTIMEOUT (10 * 60) /* as per RFC 1191 */ |
#define IPMTUDISCTIMEOUT (10 * 60) /* as per RFC 1191 */ |
#endif |
#endif |
|
|
|
|
/* |
/* |
* Note: DIRECTED_BROADCAST is handled this way so that previous |
* Note: DIRECTED_BROADCAST is handled this way so that previous |
* configuration using this option will Just Work. |
* configuration using this option will Just Work. |
Line 160 int ipqmaxlen = IFQ_MAXLEN; |
|
Line 161 int ipqmaxlen = IFQ_MAXLEN; |
|
struct in_ifaddrhead in_ifaddr; |
struct in_ifaddrhead in_ifaddr; |
struct in_ifaddrhashhead *in_ifaddrhashtbl; |
struct in_ifaddrhashhead *in_ifaddrhashtbl; |
struct ifqueue ipintrq; |
struct ifqueue ipintrq; |
|
struct ipstat ipstat; |
|
u_int16_t ip_id; |
|
int ip_defttl; |
|
|
|
struct ipqhead ipq; |
|
int ipq_locked; |
|
|
|
static __inline int ipq_lock_try __P((void)); |
|
static __inline void ipq_unlock __P((void)); |
|
|
|
static __inline int |
|
ipq_lock_try() |
|
{ |
|
int s; |
|
|
|
s = splimp(); |
|
if (ipq_locked) { |
|
splx(s); |
|
return (0); |
|
} |
|
ipq_locked = 1; |
|
splx(s); |
|
return (1); |
|
} |
|
|
|
static __inline void |
|
ipq_unlock() |
|
{ |
|
int s; |
|
|
|
s = splimp(); |
|
ipq_locked = 0; |
|
splx(s); |
|
} |
|
|
|
#ifdef DIAGNOSTIC |
|
#define IPQ_LOCK() \ |
|
do { \ |
|
if (ipq_lock_try() == 0) { \ |
|
printf("%s:%d: ipq already locked\n", __FILE__, __LINE__); \ |
|
panic("ipq_lock"); \ |
|
} \ |
|
} while (0) |
|
#define IPQ_LOCK_CHECK() \ |
|
do { \ |
|
if (ipq_locked == 0) { \ |
|
printf("%s:%d: ipq lock not held\n", __FILE__, __LINE__); \ |
|
panic("ipq lock check"); \ |
|
} \ |
|
} while (0) |
|
#else |
|
#define IPQ_LOCK() (void) ipq_lock_try() |
|
#define IPQ_LOCK_CHECK() /* nothing */ |
|
#endif |
|
|
|
#define IPQ_UNLOCK() ipq_unlock() |
|
|
|
struct pool ipqent_pool; |
|
|
/* |
/* |
* We need to save the IP options in case a protocol wants to respond |
* We need to save the IP options in case a protocol wants to respond |
|
|
register struct protosw *pr; |
register struct protosw *pr; |
register int i; |
register int i; |
|
|
|
pool_init(&ipqent_pool, sizeof(struct ipqent), 0, 0, 0, "ipqepl", |
|
0, NULL, NULL, M_IPQ); |
|
|
pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); |
pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); |
if (pr == 0) |
if (pr == 0) |
panic("ip_init"); |
panic("ip_init"); |
|
|
ipintrq.ifq_maxlen = ipqmaxlen; |
ipintrq.ifq_maxlen = ipqmaxlen; |
TAILQ_INIT(&in_ifaddr); |
TAILQ_INIT(&in_ifaddr); |
in_ifaddrhashtbl = |
in_ifaddrhashtbl = |
hashinit(IN_IFADDR_HASH_SIZE, M_IFADDR, &in_ifaddrhash); |
hashinit(IN_IFADDR_HASH_SIZE, M_IFADDR, M_WAITOK, &in_ifaddrhash); |
if (ip_mtudisc != 0) |
if (ip_mtudisc != 0) |
ip_mtudisc_timeout_q = |
ip_mtudisc_timeout_q = |
rt_timer_queue_create(ip_mtudisc_timeout); |
rt_timer_queue_create(ip_mtudisc_timeout); |
|
#ifdef GATEWAY |
|
ipflow_init(); |
|
#endif |
} |
} |
|
|
struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; |
struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; |
|
|
} |
} |
ip = mtod(m, struct ip *); |
ip = mtod(m, struct ip *); |
} |
} |
if ((ip->ip_sum = in_cksum(m, hlen)) != 0) { |
if (in_cksum(m, hlen) != 0) { |
ipstat.ips_badsum++; |
ipstat.ips_badsum++; |
goto bad; |
goto bad; |
} |
} |
|
|
* Convert fields to host representation. |
* Convert fields to host representation. |
*/ |
*/ |
NTOHS(ip->ip_len); |
NTOHS(ip->ip_len); |
NTOHS(ip->ip_id); |
|
NTOHS(ip->ip_off); |
NTOHS(ip->ip_off); |
len = ip->ip_len; |
len = ip->ip_len; |
|
|
/* |
/* |
|
* Check for additional length bogosity |
|
*/ |
|
if (len < hlen) |
|
{ |
|
ipstat.ips_badlen++; |
|
goto bad; |
|
} |
|
|
|
/* |
* Check that the amount of data in the buffers |
* Check that the amount of data in the buffers |
* is as at least much as the IP header would have us expect. |
* is as at least much as the IP header would have us expect. |
* Trim mbufs if longer than we expect. |
* Trim mbufs if longer than we expect. |
|
|
m_adj(m, len - m->m_pkthdr.len); |
m_adj(m, len - m->m_pkthdr.len); |
} |
} |
|
|
|
/* |
|
* Assume that we can create a fast-forward IP flow entry |
|
* based on this packet. |
|
*/ |
|
m->m_flags |= M_CANFASTFWD; |
|
|
#ifdef PFIL_HOOKS |
#ifdef PFIL_HOOKS |
/* |
/* |
* Run through list of hooks for input packets. |
* Run through list of hooks for input packets. If there are any |
|
* filters which require that additional packets in the flow are |
|
* not fast-forwarded, they must clear the M_CANFASTFWD flag. |
|
* Note that filters must _never_ set this flag, as another filter |
|
* in the list may have previously cleared it. |
*/ |
*/ |
m0 = m; |
m0 = m; |
for (pfh = pfil_hook_get(PFIL_IN); pfh; pfh = pfh->pfil_link.tqe_next) |
for (pfh = pfil_hook_get(PFIL_IN); pfh; pfh = pfh->pfil_link.tqe_next) |
|
|
* Check our list of addresses, to see if the packet is for us. |
* Check our list of addresses, to see if the packet is for us. |
*/ |
*/ |
INADDR_TO_IA(ip->ip_dst, ia); |
INADDR_TO_IA(ip->ip_dst, ia); |
if (ia != NULL) goto ours; |
if (ia != NULL) |
|
goto ours; |
if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { |
if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { |
for (ifa = m->m_pkthdr.rcvif->if_addrlist.tqh_first; |
for (ifa = m->m_pkthdr.rcvif->if_addrlist.tqh_first; |
ifa != NULL; ifa = ifa->ifa_list.tqe_next) { |
ifa != NULL; ifa = ifa->ifa_list.tqe_next) { |
|
|
* as expected when ip_mforward() is called from |
* as expected when ip_mforward() is called from |
* ip_output().) |
* ip_output().) |
*/ |
*/ |
ip->ip_id = htons(ip->ip_id); |
|
if (ip_mforward(m, m->m_pkthdr.rcvif) != 0) { |
if (ip_mforward(m, m->m_pkthdr.rcvif) != 0) { |
ipstat.ips_cantforward++; |
ipstat.ips_cantforward++; |
m_freem(m); |
m_freem(m); |
goto next; |
goto next; |
} |
} |
ip->ip_id = ntohs(ip->ip_id); |
|
|
|
/* |
/* |
* The process-level routing demon needs to receive |
* The process-level routing demon needs to receive |
|
|
* Look for queue of fragments |
* Look for queue of fragments |
* of this datagram. |
* of this datagram. |
*/ |
*/ |
|
IPQ_LOCK(); |
for (fp = ipq.lh_first; fp != NULL; fp = fp->ipq_q.le_next) |
for (fp = ipq.lh_first; fp != NULL; fp = fp->ipq_q.le_next) |
if (ip->ip_id == fp->ipq_id && |
if (ip->ip_id == fp->ipq_id && |
in_hosteq(ip->ip_src, fp->ipq_src) && |
in_hosteq(ip->ip_src, fp->ipq_src) && |
|
|
*/ |
*/ |
if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) { |
if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) { |
ipstat.ips_badfrags++; |
ipstat.ips_badfrags++; |
|
IPQ_UNLOCK(); |
goto bad; |
goto bad; |
} |
} |
} |
} |
|
|
*/ |
*/ |
if (mff || ip->ip_off) { |
if (mff || ip->ip_off) { |
ipstat.ips_fragments++; |
ipstat.ips_fragments++; |
MALLOC(ipqe, struct ipqent *, sizeof (struct ipqent), |
ipqe = pool_get(&ipqent_pool, PR_NOWAIT); |
M_IPQ, M_NOWAIT); |
|
if (ipqe == NULL) { |
if (ipqe == NULL) { |
ipstat.ips_rcvmemdrop++; |
ipstat.ips_rcvmemdrop++; |
|
IPQ_UNLOCK(); |
goto bad; |
goto bad; |
} |
} |
ipqe->ipqe_mff = mff; |
ipqe->ipqe_mff = mff; |
ipqe->ipqe_m = m; |
ipqe->ipqe_m = m; |
ipqe->ipqe_ip = ip; |
ipqe->ipqe_ip = ip; |
m = ip_reass(ipqe, fp); |
m = ip_reass(ipqe, fp); |
if (m == 0) |
if (m == 0) { |
|
IPQ_UNLOCK(); |
goto next; |
goto next; |
|
} |
ipstat.ips_reassembled++; |
ipstat.ips_reassembled++; |
ip = mtod(m, struct ip *); |
ip = mtod(m, struct ip *); |
hlen = ip->ip_hl << 2; |
hlen = ip->ip_hl << 2; |
|
ip->ip_len += hlen; |
} else |
} else |
if (fp) |
if (fp) |
ip_freef(fp); |
ip_freef(fp); |
} else |
IPQ_UNLOCK(); |
ip->ip_len -= hlen; |
} |
|
|
/* |
/* |
* Switch out to protocol's input routine. |
* Switch out to protocol's input routine. |
*/ |
*/ |
|
#if IFA_STATS |
|
ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; |
|
#endif |
ipstat.ips_delivered++; |
ipstat.ips_delivered++; |
(*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen); |
(*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen); |
goto next; |
goto next; |
Line 528 ip_reass(ipqe, fp) |
|
Line 618 ip_reass(ipqe, fp) |
|
int hlen = ipqe->ipqe_ip->ip_hl << 2; |
int hlen = ipqe->ipqe_ip->ip_hl << 2; |
int i, next; |
int i, next; |
|
|
|
IPQ_LOCK_CHECK(); |
|
|
/* |
/* |
* Presence of header sizes in mbufs |
* Presence of header sizes in mbufs |
* would confuse code below. |
* would confuse code below. |
Line 596 ip_reass(ipqe, fp) |
|
Line 688 ip_reass(ipqe, fp) |
|
nq = q->ipqe_q.le_next; |
nq = q->ipqe_q.le_next; |
m_freem(q->ipqe_m); |
m_freem(q->ipqe_m); |
LIST_REMOVE(q, ipqe_q); |
LIST_REMOVE(q, ipqe_q); |
FREE(q, M_IPQ); |
pool_put(&ipqent_pool, q); |
} |
} |
|
|
insert: |
insert: |
|
|
m->m_next = 0; |
m->m_next = 0; |
m_cat(m, t); |
m_cat(m, t); |
nq = q->ipqe_q.le_next; |
nq = q->ipqe_q.le_next; |
FREE(q, M_IPQ); |
pool_put(&ipqent_pool, q); |
for (q = nq; q != NULL; q = nq) { |
for (q = nq; q != NULL; q = nq) { |
t = q->ipqe_m; |
t = q->ipqe_m; |
nq = q->ipqe_q.le_next; |
nq = q->ipqe_q.le_next; |
FREE(q, M_IPQ); |
pool_put(&ipqent_pool, q); |
m_cat(m, t); |
m_cat(m, t); |
} |
} |
|
|
|
|
dropfrag: |
dropfrag: |
ipstat.ips_fragdropped++; |
ipstat.ips_fragdropped++; |
m_freem(m); |
m_freem(m); |
FREE(ipqe, M_IPQ); |
pool_put(&ipqent_pool, ipqe); |
return (0); |
return (0); |
} |
} |
|
|
|
|
{ |
{ |
register struct ipqent *q, *p; |
register struct ipqent *q, *p; |
|
|
|
IPQ_LOCK_CHECK(); |
|
|
for (q = fp->ipq_fragq.lh_first; q != NULL; q = p) { |
for (q = fp->ipq_fragq.lh_first; q != NULL; q = p) { |
p = q->ipqe_q.le_next; |
p = q->ipqe_q.le_next; |
m_freem(q->ipqe_m); |
m_freem(q->ipqe_m); |
LIST_REMOVE(q, ipqe_q); |
LIST_REMOVE(q, ipqe_q); |
FREE(q, M_IPQ); |
pool_put(&ipqent_pool, q); |
} |
} |
LIST_REMOVE(fp, ipq_q); |
LIST_REMOVE(fp, ipq_q); |
FREE(fp, M_FTABLE); |
FREE(fp, M_FTABLE); |
|
|
register struct ipq *fp, *nfp; |
register struct ipq *fp, *nfp; |
int s = splsoftnet(); |
int s = splsoftnet(); |
|
|
|
IPQ_LOCK(); |
for (fp = ipq.lh_first; fp != NULL; fp = nfp) { |
for (fp = ipq.lh_first; fp != NULL; fp = nfp) { |
nfp = fp->ipq_q.le_next; |
nfp = fp->ipq_q.le_next; |
if (--fp->ipq_ttl == 0) { |
if (--fp->ipq_ttl == 0) { |
|
|
ip_freef(fp); |
ip_freef(fp); |
} |
} |
} |
} |
|
IPQ_UNLOCK(); |
|
#ifdef GATEWAY |
|
ipflow_slowtimo(); |
|
#endif |
splx(s); |
splx(s); |
} |
} |
|
|
|
|
ip_drain() |
ip_drain() |
{ |
{ |
|
|
|
/* |
|
* We may be called from a device's interrupt context. If |
|
* the ipq is already busy, just bail out now. |
|
*/ |
|
if (ipq_lock_try() == 0) |
|
return; |
|
|
while (ipq.lh_first != NULL) { |
while (ipq.lh_first != NULL) { |
ipstat.ips_fragdropped++; |
ipstat.ips_fragdropped++; |
ip_freef(ipq.lh_first); |
ip_freef(ipq.lh_first); |
} |
} |
|
|
|
IPQ_UNLOCK(); |
} |
} |
|
|
/* |
/* |
|
|
break; |
break; |
|
|
case IPOPT_TS_TSANDADDR: |
case IPOPT_TS_TSANDADDR: |
if (ipt->ipt_ptr + sizeof(n_time) + |
if (ipt->ipt_ptr - 1 + sizeof(n_time) + |
sizeof(struct in_addr) > ipt->ipt_len) |
sizeof(struct in_addr) > ipt->ipt_len) |
goto bad; |
goto bad; |
ipaddr.sin_addr = dst; |
ipaddr.sin_addr = dst; |
|
Line 1001 ip_dooptions(m) |
|
break; |
break; |
|
|
case IPOPT_TS_PRESPEC: |
case IPOPT_TS_PRESPEC: |
if (ipt->ipt_ptr + sizeof(n_time) + |
if (ipt->ipt_ptr - 1 + sizeof(n_time) + |
sizeof(struct in_addr) > ipt->ipt_len) |
sizeof(struct in_addr) > ipt->ipt_len) |
goto bad; |
goto bad; |
bcopy((caddr_t)sin, (caddr_t)&ipaddr.sin_addr, |
bcopy((caddr_t)sin, (caddr_t)&ipaddr.sin_addr, |
|
Line 1031 ip_dooptions(m) |
|
} |
} |
return (0); |
return (0); |
bad: |
bad: |
ip->ip_len -= ip->ip_hl << 2; /* XXX icmp_error adds in hdr length */ |
|
icmp_error(m, type, code, 0, 0); |
icmp_error(m, type, code, 0, 0); |
ipstat.ips_badoptions++; |
ipstat.ips_badoptions++; |
return (1); |
return (1); |
Line 1066 ip_stripoptions(m, mopt) |
|
Line 1173 ip_stripoptions(m, mopt) |
|
register caddr_t opts; |
register caddr_t opts; |
int olen; |
int olen; |
|
|
olen = (ip->ip_hl<<2) - sizeof (struct ip); |
olen = (ip->ip_hl << 2) - sizeof (struct ip); |
opts = (caddr_t)(ip + 1); |
opts = (caddr_t)(ip + 1); |
i = m->m_len - (sizeof (struct ip) + olen); |
i = m->m_len - (sizeof (struct ip) + olen); |
bcopy(opts + olen, opts, (unsigned)i); |
bcopy(opts + olen, opts, (unsigned)i); |
m->m_len -= olen; |
m->m_len -= olen; |
if (m->m_flags & M_PKTHDR) |
if (m->m_flags & M_PKTHDR) |
m->m_pkthdr.len -= olen; |
m->m_pkthdr.len -= olen; |
ip->ip_hl = sizeof(struct ip) >> 2; |
ip->ip_len -= olen; |
|
ip->ip_hl = sizeof (struct ip) >> 2; |
} |
} |
|
|
int inetctlerrmap[PRC_NCMDS] = { |
int inetctlerrmap[PRC_NCMDS] = { |
Line 1115 ip_forward(m, srcrt) |
|
Line 1223 ip_forward(m, srcrt) |
|
dest = 0; |
dest = 0; |
#ifdef DIAGNOSTIC |
#ifdef DIAGNOSTIC |
if (ipprintfs) |
if (ipprintfs) |
printf("forward: src %x dst %x ttl %x\n", |
printf("forward: src %2.2x dst %2.2x ttl %x\n", |
ip->ip_src.s_addr, ip->ip_dst.s_addr, ip->ip_ttl); |
ntohl(ip->ip_src.s_addr), |
|
ntohl(ip->ip_dst.s_addr), ip->ip_ttl); |
#endif |
#endif |
if (m->m_flags & M_BCAST || in_canforward(ip->ip_dst) == 0) { |
if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) { |
ipstat.ips_cantforward++; |
ipstat.ips_cantforward++; |
m_freem(m); |
m_freem(m); |
return; |
return; |
} |
} |
HTONS(ip->ip_id); |
|
if (ip->ip_ttl <= IPTTLDEC) { |
if (ip->ip_ttl <= IPTTLDEC) { |
icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, 0); |
icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, 0); |
return; |
return; |
Line 1170 ip_forward(m, srcrt) |
|
Line 1278 ip_forward(m, srcrt) |
|
if (rt->rt_ifa && |
if (rt->rt_ifa && |
(ip->ip_src.s_addr & ifatoia(rt->rt_ifa)->ia_subnetmask) == |
(ip->ip_src.s_addr & ifatoia(rt->rt_ifa)->ia_subnetmask) == |
ifatoia(rt->rt_ifa)->ia_subnet) { |
ifatoia(rt->rt_ifa)->ia_subnet) { |
if (rt->rt_flags & RTF_GATEWAY) |
if (rt->rt_flags & RTF_GATEWAY) |
dest = satosin(rt->rt_gateway)->sin_addr.s_addr; |
dest = satosin(rt->rt_gateway)->sin_addr.s_addr; |
else |
else |
dest = ip->ip_dst.s_addr; |
dest = ip->ip_dst.s_addr; |
/* Router requirements says to only send host redirects */ |
/* |
type = ICMP_REDIRECT; |
* Router requirements says to only send host |
code = ICMP_REDIRECT_HOST; |
* redirects. |
|
*/ |
|
type = ICMP_REDIRECT; |
|
code = ICMP_REDIRECT_HOST; |
#ifdef DIAGNOSTIC |
#ifdef DIAGNOSTIC |
if (ipprintfs) |
if (ipprintfs) |
printf("redirect (%d) to %x\n", code, (u_int32_t)dest); |
printf("redirect (%d) to %x\n", code, |
|
(u_int32_t)dest); |
#endif |
#endif |
} |
} |
} |
} |
Line 1193 ip_forward(m, srcrt) |
|
Line 1305 ip_forward(m, srcrt) |
|
if (type) |
if (type) |
ipstat.ips_redirectsent++; |
ipstat.ips_redirectsent++; |
else { |
else { |
if (mcopy) |
if (mcopy) { |
|
#ifdef GATEWAY |
|
if (mcopy->m_flags & M_CANFASTFWD) |
|
ipflow_create(&ipforward_rt, mcopy); |
|
#endif |
m_freem(mcopy); |
m_freem(mcopy); |
|
} |
return; |
return; |
} |
} |
} |
} |
Line 1303 ip_sysctl(name, namelen, oldp, oldlenp, |
|
Line 1420 ip_sysctl(name, namelen, oldp, oldlenp, |
|
size_t newlen; |
size_t newlen; |
{ |
{ |
extern int subnetsarelocal; |
extern int subnetsarelocal; |
int error; |
|
|
int error, old; |
|
|
/* All sysctl names at this level are terminal. */ |
/* All sysctl names at this level are terminal. */ |
if (namelen != 1) |
if (namelen != 1) |
Line 1349 ip_sysctl(name, namelen, oldp, oldlenp, |
|
Line 1467 ip_sysctl(name, namelen, oldp, oldlenp, |
|
ip_mtudisc_timeout_q = NULL; |
ip_mtudisc_timeout_q = NULL; |
} |
} |
return error; |
return error; |
|
case IPCTL_ANONPORTMIN: |
|
old = anonportmin; |
|
error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmin); |
|
if (anonportmin >= anonportmax || anonportmin > 65535 |
|
#ifndef IPNOPRIVPORTS |
|
|| anonportmin < IPPORT_RESERVED |
|
#endif |
|
) { |
|
anonportmin = old; |
|
return (EINVAL); |
|
} |
|
return (error); |
|
case IPCTL_ANONPORTMAX: |
|
old = anonportmax; |
|
error = sysctl_int(oldp, oldlenp, newp, newlen, &anonportmax); |
|
if (anonportmin >= anonportmax || anonportmax > 65535 |
|
#ifndef IPNOPRIVPORTS |
|
|| anonportmax < IPPORT_RESERVED |
|
#endif |
|
) { |
|
anonportmax = old; |
|
return (EINVAL); |
|
} |
|
return (error); |
case IPCTL_MTUDISCTIMEOUT: |
case IPCTL_MTUDISCTIMEOUT: |
error = sysctl_int(oldp, oldlenp, newp, newlen, |
error = sysctl_int(oldp, oldlenp, newp, newlen, |
&ip_mtudisc_timeout); |
&ip_mtudisc_timeout); |
if (ip_mtudisc_timeout_q != NULL) |
if (ip_mtudisc_timeout_q != NULL) |
rt_timer_queue_change(ip_mtudisc_timeout_q, |
rt_timer_queue_change(ip_mtudisc_timeout_q, |
ip_mtudisc_timeout); |
ip_mtudisc_timeout); |
return (error); |
return (error); |
|
#ifdef GATEWAY |
|
case IPCTL_MAXFLOWS: |
|
{ |
|
int s; |
|
|
|
error = sysctl_int(oldp, oldlenp, newp, newlen, |
|
&ip_maxflows); |
|
s = splsoftnet(); |
|
ipflow_reap(0); |
|
splx(s); |
|
return (error); |
|
} |
|
#endif |
default: |
default: |
return (EOPNOTSUPP); |
return (EOPNOTSUPP); |
} |
} |