version 1.93, 1999/10/17 16:00:00 |
version 1.98, 2000/02/12 17:45:44 |
Line 397 ip_input(struct mbuf *m) |
|
Line 397 ip_input(struct mbuf *m) |
|
} |
} |
ip = mtod(m, struct ip *); |
ip = mtod(m, struct ip *); |
} |
} |
|
|
/* |
/* |
* we drop packets that have a multicast address as source |
* RFC1112: packets with a multicast source address are |
* as wanted by rfc 1112 |
* not allowed. |
*/ |
*/ |
if (IN_MULTICAST(ip->ip_src.s_addr)) { |
if (IN_MULTICAST(ip->ip_src.s_addr)) { |
|
/* XXX stat */ |
goto bad; |
goto bad; |
} |
} |
|
|
Line 443 ip_input(struct mbuf *m) |
|
Line 445 ip_input(struct mbuf *m) |
|
m_adj(m, len - m->m_pkthdr.len); |
m_adj(m, len - m->m_pkthdr.len); |
} |
} |
|
|
|
#ifdef IPSEC |
|
/* ipflow (IP fast fowarding) is not compatible with IPsec. */ |
|
m->m_flags &= ~M_CANFASTFWD; |
|
#else |
/* |
/* |
* Assume that we can create a fast-forward IP flow entry |
* Assume that we can create a fast-forward IP flow entry |
* based on this packet. |
* based on this packet. |
*/ |
*/ |
m->m_flags |= M_CANFASTFWD; |
m->m_flags |= M_CANFASTFWD; |
|
#endif |
|
|
#ifdef PFIL_HOOKS |
#ifdef PFIL_HOOKS |
/* |
/* |
Line 483 ip_input(struct mbuf *m) |
|
Line 490 ip_input(struct mbuf *m) |
|
/* |
/* |
* Check our list of addresses, to see if the packet is for us. |
* Check our list of addresses, to see if the packet is for us. |
*/ |
*/ |
INADDR_TO_IA(ip->ip_dst, ia); |
for (ia = IN_IFADDR_HASH(ip->ip_dst.s_addr).lh_first; |
|
ia != NULL; |
|
ia = ia->ia_hash.le_next) { |
|
if (in_hosteq(ia->ia_addr.sin_addr, ip->ip_dst)) { |
|
if ((ia->ia_ifp->if_flags & IFF_UP) != 0) |
|
break; |
|
else { |
|
icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, |
|
0, m->m_pkthdr.rcvif); |
|
return; |
|
} |
|
} |
|
} |
if (ia != NULL) |
if (ia != NULL) |
goto ours; |
goto ours; |
if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { |
if (m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { |
|
Line 1009 ip_dooptions(m) |
|
*/ |
*/ |
bcopy((caddr_t)(cp + off), (caddr_t)&ipaddr.sin_addr, |
bcopy((caddr_t)(cp + off), (caddr_t)&ipaddr.sin_addr, |
sizeof(ipaddr.sin_addr)); |
sizeof(ipaddr.sin_addr)); |
if (opt == IPOPT_SSRR) { |
if (opt == IPOPT_SSRR) |
#define INA struct in_ifaddr * |
ia = ifatoia(ifa_ifwithaddr(sintosa(&ipaddr))); |
#define SA struct sockaddr * |
else |
ia = (INA)ifa_ifwithladdr((SA)&ipaddr); |
|
} else |
|
ia = ip_rtaddr(ipaddr.sin_addr); |
ia = ip_rtaddr(ipaddr.sin_addr); |
if (ia == 0) { |
if (ia == 0) { |
type = ICMP_UNREACH; |
type = ICMP_UNREACH; |
Line 1028 ip_dooptions(m) |
|
Line 1045 ip_dooptions(m) |
|
* locate outgoing interface; if we're the destination, |
* locate outgoing interface; if we're the destination, |
* use the incoming interface (should be same). |
* use the incoming interface (should be same). |
*/ |
*/ |
if ((ia = (INA)ifa_ifwithaddr((SA)&ipaddr)) == 0 && |
if ((ia = ifatoia(ifa_ifwithaddr(sintosa(&ipaddr)))) |
(ia = ip_rtaddr(ipaddr.sin_addr)) == 0) { |
== NULL && |
|
(ia = ip_rtaddr(ipaddr.sin_addr)) == NULL) { |
type = ICMP_UNREACH; |
type = ICMP_UNREACH; |
code = ICMP_UNREACH_HOST; |
code = ICMP_UNREACH_HOST; |
goto bad; |
goto bad; |
Line 1060 ip_dooptions(m) |
|
Line 1078 ip_dooptions(m) |
|
sizeof(struct in_addr) > ipt->ipt_len) |
sizeof(struct in_addr) > ipt->ipt_len) |
goto bad; |
goto bad; |
ipaddr.sin_addr = dst; |
ipaddr.sin_addr = dst; |
ia = (INA)ifaof_ifpforaddr((SA)&ipaddr, |
ia = ifatoia(ifaof_ifpforaddr(sintosa(&ipaddr), |
m->m_pkthdr.rcvif); |
m->m_pkthdr.rcvif)); |
if (ia == 0) |
if (ia == 0) |
continue; |
continue; |
bcopy((caddr_t)&ia->ia_addr.sin_addr, |
bcopy((caddr_t)&ia->ia_addr.sin_addr, |
Line 1075 ip_dooptions(m) |
|
Line 1093 ip_dooptions(m) |
|
goto bad; |
goto bad; |
bcopy((caddr_t)sin, (caddr_t)&ipaddr.sin_addr, |
bcopy((caddr_t)sin, (caddr_t)&ipaddr.sin_addr, |
sizeof(struct in_addr)); |
sizeof(struct in_addr)); |
if (ifa_ifwithaddr((SA)&ipaddr) == 0) |
if (ifatoia(ifa_ifwithaddr(sintosa(&ipaddr))) |
|
== NULL) |
continue; |
continue; |
ipt->ipt_ptr += sizeof(struct in_addr); |
ipt->ipt_ptr += sizeof(struct in_addr); |
break; |
break; |
Line 1425 ip_forward(m, srcrt) |
|
Line 1444 ip_forward(m, srcrt) |
|
if (ipforward_rt.ro_rt) { |
if (ipforward_rt.ro_rt) { |
struct secpolicy *sp; |
struct secpolicy *sp; |
int ipsecerror; |
int ipsecerror; |
int ipsechdr; |
size_t ipsechdr; |
struct route *ro; |
struct route *ro; |
|
|
sp = ipsec4_getpolicybyaddr(mcopy, |
sp = ipsec4_getpolicybyaddr(mcopy, |
IP_FORWARDING, |
IPSEC_DIR_OUTBOUND, |
&ipsecerror); |
IP_FORWARDING, |
|
&ipsecerror); |
|
|
if (sp == NULL) |
if (sp == NULL) |
destifp = ipforward_rt.ro_rt->rt_ifp; |
destifp = ipforward_rt.ro_rt->rt_ifp; |
else { |
else { |
/* count IPsec header size */ |
/* count IPsec header size */ |
ipsechdr = ipsec4_hdrsiz(mcopy, NULL); |
ipsechdr = ipsec4_hdrsiz(mcopy, |
|
IPSEC_DIR_OUTBOUND, |
|
NULL); |
|
|
/* |
/* |
* find the correct route for outer IPv4 |
* find the correct route for outer IPv4 |
Line 1449 ip_forward(m, srcrt) |
|
Line 1471 ip_forward(m, srcrt) |
|
/*XXX*/ |
/*XXX*/ |
destifp = NULL; |
destifp = NULL; |
if (sp->req != NULL |
if (sp->req != NULL |
&& sp->req->sa != NULL) { |
&& sp->req->sav != NULL |
ro = &sp->req->sa->saidx->sa_route; |
&& sp->req->sav->sah != NULL) { |
|
ro = &sp->req->sav->sah->sa_route; |
if (ro->ro_rt && ro->ro_rt->rt_ifp) { |
if (ro->ro_rt && ro->ro_rt->rt_ifp) { |
dummyifp.if_mtu = |
dummyifp.if_mtu = |
ro->ro_rt->rt_ifp->if_mtu; |
ro->ro_rt->rt_ifp->if_mtu; |