| version 1.93.2.8, 2001/04/21 17:46:48 |
version 1.123, 2000/12/14 17:36:44 |
| Line 211 struct pfil_head inet_pfil_hook; |
|
| Line 211 struct pfil_head inet_pfil_hook; |
|
| |
|
| struct ipqhead ipq; |
struct ipqhead ipq; |
| int ipq_locked; |
int ipq_locked; |
| int ip_nfragpackets = 0; |
|
| int ip_maxfragpackets = 200; |
|
| |
|
| static __inline int ipq_lock_try __P((void)); |
static __inline int ipq_lock_try __P((void)); |
| static __inline void ipq_unlock __P((void)); |
static __inline void ipq_unlock __P((void)); |
|
|
| { |
{ |
| int s; |
int s; |
| |
|
| /* |
s = splimp(); |
| * Use splvm() -- we're bloking things that would cause |
|
| * mbuf allocation. |
|
| */ |
|
| s = splvm(); |
|
| if (ipq_locked) { |
if (ipq_locked) { |
| splx(s); |
splx(s); |
| return (0); |
return (0); |
|
|
| { |
{ |
| int s; |
int s; |
| |
|
| s = splvm(); |
s = splimp(); |
| ipq_locked = 0; |
ipq_locked = 0; |
| splx(s); |
splx(s); |
| } |
} |
|
|
| |
|
| #ifdef PFIL_HOOKS |
#ifdef PFIL_HOOKS |
| /* Register our Packet Filter hook. */ |
/* Register our Packet Filter hook. */ |
| inet_pfil_hook.ph_type = PFIL_TYPE_AF; |
inet_pfil_hook.ph_key = (void *)(u_long) AF_INET; |
| inet_pfil_hook.ph_af = AF_INET; |
inet_pfil_hook.ph_dlt = DLT_RAW; |
| i = pfil_head_register(&inet_pfil_hook); |
i = pfil_head_register(&inet_pfil_hook); |
| if (i != 0) |
if (i != 0) |
| printf("ip_init: WARNING: unable to register pfil hook, " |
printf("ip_init: WARNING: unable to register pfil hook, " |
|
|
| struct mbuf *m; |
struct mbuf *m; |
| |
|
| while (1) { |
while (1) { |
| s = splnet(); |
s = splimp(); |
| IF_DEQUEUE(&ipintrq, m); |
IF_DEQUEUE(&ipintrq, m); |
| splx(s); |
splx(s); |
| if (m == 0) |
if (m == 0) |
| Line 420 ip_input(struct mbuf *m) |
|
| Line 414 ip_input(struct mbuf *m) |
|
| * not allowed. |
* not allowed. |
| */ |
*/ |
| if (IN_MULTICAST(ip->ip_src.s_addr)) { |
if (IN_MULTICAST(ip->ip_src.s_addr)) { |
| ipstat.ips_badaddr++; |
/* XXX stat */ |
| goto bad; |
goto bad; |
| } |
} |
| |
|
| /* 127/8 must not appear on wire - RFC1122 */ |
|
| if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || |
|
| (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { |
|
| if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) { |
|
| ipstat.ips_badaddr++; |
|
| goto bad; |
|
| } |
|
| } |
|
| |
|
| if (in_cksum(m, hlen) != 0) { |
if (in_cksum(m, hlen) != 0) { |
| ipstat.ips_badsum++; |
ipstat.ips_badsum++; |
| goto bad; |
goto bad; |
| Line 486 ip_input(struct mbuf *m) |
|
| Line 471 ip_input(struct mbuf *m) |
|
| * Note that filters must _never_ set this flag, as another filter |
* Note that filters must _never_ set this flag, as another filter |
| * in the list may have previously cleared it. |
* in the list may have previously cleared it. |
| */ |
*/ |
| /* |
if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, |
| * let ipfilter look at packet on the wire, |
PFIL_IN) != 0) |
| * not the decapsulated packet. |
|
| */ |
|
| #ifdef IPSEC |
|
| if (!ipsec_gethist(m, NULL)) |
|
| #else |
|
| if (1) |
|
| #endif |
|
| { |
|
| if (pfil_run_hooks(&inet_pfil_hook, &m, m->m_pkthdr.rcvif, |
|
| PFIL_IN) != 0) |
|
| return; |
return; |
| if (m == NULL) |
if (m == NULL) |
| return; |
return; |
| ip = mtod(m, struct ip *); |
ip = mtod(m, struct ip *); |
| } |
|
| #endif /* PFIL_HOOKS */ |
#endif /* PFIL_HOOKS */ |
| |
|
| #ifdef ALTQ |
#ifdef ALTQ |
|
|
| IPQ_UNLOCK(); |
IPQ_UNLOCK(); |
| } |
} |
| |
|
| #ifdef IPSEC |
|
| /* |
|
| * enforce IPsec policy checking if we are seeing last header. |
|
| * note that we do not visit this with protocols with pcb layer |
|
| * code - like udp/tcp/raw ip. |
|
| */ |
|
| if ((inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0 && |
|
| ipsec4_in_reject(m, NULL)) { |
|
| ipsecstat.in_polvio++; |
|
| goto bad; |
|
| } |
|
| #endif |
|
| |
|
| /* |
/* |
| * Switch out to protocol's input routine. |
* Switch out to protocol's input routine. |
| */ |
*/ |
| Line 787 ip_reass(ipqe, fp) |
|
| Line 748 ip_reass(ipqe, fp) |
|
| * If first fragment to arrive, create a reassembly queue. |
* If first fragment to arrive, create a reassembly queue. |
| */ |
*/ |
| if (fp == 0) { |
if (fp == 0) { |
| /* |
|
| * Enforce upper bound on number of fragmented packets |
|
| * for which we attempt reassembly; |
|
| * If maxfrag is 0, never accept fragments. |
|
| * If maxfrag is -1, accept all fragments without limitation. |
|
| */ |
|
| if (ip_maxfragpackets < 0) |
|
| ; |
|
| else if (ip_nfragpackets >= ip_maxfragpackets) |
|
| goto dropfrag; |
|
| ip_nfragpackets++; |
|
| MALLOC(fp, struct ipq *, sizeof (struct ipq), |
MALLOC(fp, struct ipq *, sizeof (struct ipq), |
| M_FTABLE, M_NOWAIT); |
M_FTABLE, M_NOWAIT); |
| if (fp == NULL) |
if (fp == NULL) |
|
|
| ip->ip_dst = fp->ipq_dst; |
ip->ip_dst = fp->ipq_dst; |
| LIST_REMOVE(fp, ipq_q); |
LIST_REMOVE(fp, ipq_q); |
| FREE(fp, M_FTABLE); |
FREE(fp, M_FTABLE); |
| ip_nfragpackets--; |
|
| m->m_len += (ip->ip_hl << 2); |
m->m_len += (ip->ip_hl << 2); |
| m->m_data -= (ip->ip_hl << 2); |
m->m_data -= (ip->ip_hl << 2); |
| /* some debugging cruft by sklower, below, will go away soon */ |
/* some debugging cruft by sklower, below, will go away soon */ |
|
|
| } |
} |
| LIST_REMOVE(fp, ipq_q); |
LIST_REMOVE(fp, ipq_q); |
| FREE(fp, M_FTABLE); |
FREE(fp, M_FTABLE); |
| ip_nfragpackets--; |
|
| } |
} |
| |
|
| /* |
/* |
|
|
| ip_freef(fp); |
ip_freef(fp); |
| } |
} |
| } |
} |
| /* |
|
| * If we are over the maximum number of fragments |
|
| * (due to the limit being lowered), drain off |
|
| * enough to get down to the new limit. |
|
| */ |
|
| if (ip_maxfragpackets < 0) |
|
| ; |
|
| else { |
|
| while (ip_nfragpackets > ip_maxfragpackets && ipq.lh_first) |
|
| ip_freef(ipq.lh_first); |
|
| } |
|
| IPQ_UNLOCK(); |
IPQ_UNLOCK(); |
| #ifdef GATEWAY |
#ifdef GATEWAY |
| ipflow_slowtimo(); |
ipflow_slowtimo(); |
| Line 1515 ip_forward(m, srcrt) |
|
| Line 1452 ip_forward(m, srcrt) |
|
| |
|
| #ifdef IPSEC |
#ifdef IPSEC |
| /* Don't lookup socket in forwading case */ |
/* Don't lookup socket in forwading case */ |
| (void)ipsec_setsocket(m, NULL); |
ipsec_setsocket(m, NULL); |
| #endif |
#endif |
| error = ip_output(m, (struct mbuf *)0, &ipforward_rt, |
error = ip_output(m, (struct mbuf *)0, &ipforward_rt, |
| (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); |
(IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)), 0); |
| Line 1821 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| Line 1758 ip_sysctl(name, namelen, oldp, oldlenp, |
|
| return (error); |
return (error); |
| #endif |
#endif |
| |
|
| case IPCTL_MAXFRAGPACKETS: |
|
| return (sysctl_int(oldp, oldlenp, newp, newlen, |
|
| &ip_maxfragpackets)); |
|
| |
|
| default: |
default: |
| return (EOPNOTSUPP); |
return (EOPNOTSUPP); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to ip_input.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / netinet