Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v retrieving revision 1.82.2.2.4.3 retrieving revision 1.82.2.3 diff -u -p -r1.82.2.2.4.3 -r1.82.2.3 --- src/sys/netinet/ip_input.c 1999/11/30 13:35:31 1.82.2.2.4.3 +++ src/sys/netinet/ip_input.c 1999/10/17 23:59:59 1.82.2.3 @@ -1,33 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.82.2.2.4.3 1999/11/30 13:35:31 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ +/* $NetBSD: ip_input.c,v 1.82.2.3 1999/10/17 23:59:59 cgd Exp $ */ /*- * Copyright (c) 1998 The NetBSD Foundation, Inc. @@ -103,7 +74,6 @@ #include "opt_gateway.h" #include "opt_pfil_hooks.h" -#include "opt_ipsec.h" #include "opt_mrouting.h" #include @@ -135,15 +105,6 @@ #include #include #include -/* just for gif_ttl */ -#include -#include "gif.h" - -#ifdef IPSEC -#include -#include -#include -#endif #ifndef IPFORWARDING #ifdef GATEWAY @@ -193,10 +154,6 @@ int ipprintfs = 0; struct rttimer_queue *ip_mtudisc_timeout_q = NULL; -#ifdef ALTQ -int (*altq_input) __P((struct mbuf *, int)) = NULL; -#endif - extern struct domain inetdomain; extern struct protosw inetsw[]; u_char ip_protox[IPPROTO_MAX]; @@ -321,57 +278,39 @@ struct sockaddr_in ipaddr = { sizeof(ipa struct route ipforward_rt; /* - * IP software interrupt routine - */ -void -ipintr() -{ - int s; - struct mbuf *m; - - while (1) { - s = splimp(); - IF_DEQUEUE(&ipintrq, m); - splx(s); - if (m == 0) - return; - ip_input(m); - } -} - -/* * Ip input routine. Checksum and byte swap header. If fragmented * try to reassemble. Process options. Pass to next level. */ void -ip_input(struct mbuf *m) +ipintr() { register struct ip *ip = NULL; + register struct mbuf *m; register struct ipq *fp; register struct in_ifaddr *ia; register struct ifaddr *ifa; struct ipqent *ipqe; - int hlen = 0, mff, len; + int hlen = 0, mff, len, s; #ifdef PFIL_HOOKS struct packet_filter_hook *pfh; struct mbuf *m0; int rv; #endif /* PFIL_HOOKS */ +next: + /* + * Get next datagram off input queue and get IP header + * in first mbuf. + */ + s = splimp(); + IF_DEQUEUE(&ipintrq, m); + splx(s); + if (m == 0) + return; #ifdef DIAGNOSTIC if ((m->m_flags & M_PKTHDR) == 0) panic("ipintr no HDR"); #endif -#ifdef IPSEC - /* - * should the inner packet be considered authentic? - * see comment in ah4_input(). - */ - if (m) { - m->m_flags &= ~M_AUTHIPHDR; - m->m_flags &= ~M_AUTHIPDGM; - } -#endif /* * If no IP addresses have been set yet but the interfaces * are receiving, can't do anything with incoming packets yet. @@ -382,7 +321,7 @@ ip_input(struct mbuf *m) if (m->m_len < sizeof (struct ip) && (m = m_pullup(m, sizeof (struct ip))) == 0) { ipstat.ips_toosmall++; - return; + goto next; } ip = mtod(m, struct ip *); if (ip->ip_v != IPVERSION) { @@ -397,7 +336,7 @@ ip_input(struct mbuf *m) if (hlen > m->m_len) { if ((m = m_pullup(m, hlen)) == 0) { ipstat.ips_badhlen++; - return; + goto next; } ip = mtod(m, struct ip *); } @@ -406,11 +345,6 @@ ip_input(struct mbuf *m) goto bad; } -#ifdef ALTQ - if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) - /* packet is dropped by traffic conditioner */ - return; -#endif /* * Convert fields to host representation. */ @@ -445,16 +379,11 @@ ip_input(struct mbuf *m) m_adj(m, len - m->m_pkthdr.len); } -#ifdef IPSEC - /* ipflow (IP fast fowarding) is not compatible with IPsec. */ - m->m_flags &= ~M_CANFASTFWD; -#else /* * Assume that we can create a fast-forward IP flow entry * based on this packet. */ m->m_flags |= M_CANFASTFWD; -#endif #ifdef PFIL_HOOKS /* @@ -469,10 +398,10 @@ ip_input(struct mbuf *m) if (pfh->pfil_func) { rv = pfh->pfil_func(ip, hlen, m->m_pkthdr.rcvif, 0, &m0); if (rv) - return; + goto next; m = m0; if (m == NULL) - return; + goto next; ip = mtod(m, struct ip *); } #endif /* PFIL_HOOKS */ @@ -485,7 +414,7 @@ ip_input(struct mbuf *m) */ ip_nhops = 0; /* for source routed packets */ if (hlen > sizeof (struct ip) && ip_dooptions(m)) - return; + goto next; /* * Check our list of addresses, to see if the packet is for us. @@ -523,7 +452,7 @@ ip_input(struct mbuf *m) if (m->m_flags & M_EXT) { if ((m = m_pullup(m, hlen)) == 0) { ipstat.ips_toosmall++; - return; + goto next; } ip = mtod(m, struct ip *); } @@ -544,7 +473,7 @@ ip_input(struct mbuf *m) if (ip_mforward(m, m->m_pkthdr.rcvif) != 0) { ipstat.ips_cantforward++; m_freem(m); - return; + goto next; } /* @@ -565,7 +494,7 @@ ip_input(struct mbuf *m) if (inm == NULL) { ipstat.ips_cantforward++; m_freem(m); - return; + goto next; } goto ours; } @@ -581,7 +510,7 @@ ip_input(struct mbuf *m) m_freem(m); } else ip_forward(m, 0); - return; + goto next; ours: /* @@ -645,7 +574,7 @@ found: m = ip_reass(ipqe, fp); if (m == 0) { IPQ_UNLOCK(); - return; + goto next; } ipstat.ips_reassembled++; ip = mtod(m, struct ip *); @@ -664,14 +593,11 @@ found: ia->ia_ifa.ifa_data.ifad_inbytes += ip->ip_len; #endif ipstat.ips_delivered++; - { - int off = hlen, nh = ip->ip_p; - - (*inetsw[ip_protox[nh]].pr_input)(m, off, nh); - return; - } + (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen); + goto next; bad: m_freem(m); + goto next; } /* @@ -816,8 +742,6 @@ insert: * Make header visible. */ ip->ip_len = next; - ip->ip_ttl = 0; /* xxx */ - ip->ip_sum = 0; ip->ip_src = fp->ipq_src; ip->ip_dst = fp->ipq_dst; LIST_REMOVE(fp, ipq_q); @@ -1155,7 +1079,7 @@ save_rte(option, dst) #ifdef DIAGNOSTIC if (ipprintfs) printf("save_rte: olen %d\n", olen); -#endif /* 0 */ +#endif if (olen > sizeof(ip_srcrt) - (1 + sizeof(dst))) return; bcopy((caddr_t)option, (caddr_t)ip_srcrt.srcopt, olen); @@ -1295,9 +1219,6 @@ ip_forward(m, srcrt) struct mbuf *mcopy; n_long dest; struct ifnet *destifp; -#ifdef IPSEC - struct ifnet dummyifp; -#endif dest = 0; #ifdef DIAGNOSTIC @@ -1306,7 +1227,7 @@ ip_forward(m, srcrt) ntohl(ip->ip_src.s_addr), ntohl(ip->ip_dst.s_addr), ip->ip_ttl); #endif - if (m->m_flags & M_BCAST || in_canforward(ip->ip_dst) == 0) { + if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) { ipstat.ips_cantforward++; m_freem(m); return; @@ -1375,9 +1296,6 @@ ip_forward(m, srcrt) } } -#ifdef IPSEC - m->m_pkthdr.rcvif = NULL; -#endif /*IPSEC*/ error = ip_output(m, (struct mbuf *)0, &ipforward_rt, (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); if (error) @@ -1419,61 +1337,8 @@ ip_forward(m, srcrt) case EMSGSIZE: type = ICMP_UNREACH; code = ICMP_UNREACH_NEEDFRAG; -#ifndef IPSEC if (ipforward_rt.ro_rt) destifp = ipforward_rt.ro_rt->rt_ifp; -#else - /* - * If the packet is routed over IPsec tunnel, tell the - * originator the tunnel MTU. - * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz - * XXX quickhack!!! - */ - if (ipforward_rt.ro_rt) { - struct secpolicy *sp; - int ipsecerror; - int ipsechdr; - struct route *ro; - - sp = ipsec4_getpolicybyaddr(mcopy, - IPSEC_DIR_OUTBOUND, - IP_FORWARDING, - &ipsecerror); - - if (sp == NULL) - destifp = ipforward_rt.ro_rt->rt_ifp; - else { - /* count IPsec header size */ - ipsechdr = ipsec4_hdrsiz(mcopy, - IPSEC_DIR_OUTBOUND, - NULL); - - /* - * find the correct route for outer IPv4 - * header, compute tunnel MTU. - * - * XXX BUG ALERT - * The "dummyifp" code relies upon the fact - * that icmp_error() touches only ifp->if_mtu. - */ - /*XXX*/ - destifp = NULL; - if (sp->req != NULL - && sp->req->sav != NULL - && sp->req->sav->sah != NULL) { - ro = &sp->req->sav->sah->sa_route; - if (ro->ro_rt && ro->ro_rt->rt_ifp) { - dummyifp.if_mtu = - ro->ro_rt->rt_ifp->if_mtu; - dummyifp.if_mtu -= ipsechdr; - destifp = &dummyifp; - } - } - - key_freesp(sp); - } - } -#endif /*IPSEC*/ ipstat.ips_cantfrag++; break; @@ -1646,11 +1511,6 @@ ip_sysctl(name, namelen, oldp, oldlenp, return (error); } #endif -#if NGIF > 0 - case IPCTL_GIF_TTL: - return(sysctl_int(oldp, oldlenp, newp, newlen, - &ip_gif_ttl)); -#endif default: return (EOPNOTSUPP); }