Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.28 retrieving revision 1.61 diff -u -p -r1.28 -r1.61 --- src/sys/netinet/raw_ip.c 1996/05/23 17:03:27 1.28 +++ src/sys/netinet/raw_ip.c 2002/06/09 16:33:43 1.61 @@ -1,4 +1,33 @@ -/* $NetBSD: raw_ip.c,v 1.28 1996/05/23 17:03:27 mycroft Exp $ */ +/* $NetBSD: raw_ip.c,v 1.61 2002/06/09 16:33:43 itojun Exp $ */ + +/* + * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ /* * Copyright (c) 1982, 1986, 1988, 1993 @@ -32,9 +61,15 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * @(#)raw_ip.c 8.2 (Berkeley) 1/4/94 + * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 */ +#include +__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.61 2002/06/09 16:33:43 itojun Exp $"); + +#include "opt_ipsec.h" +#include "opt_mrouting.h" + #include #include #include @@ -53,13 +88,24 @@ #include #include #include +#include #include #include #include +#ifdef IPSEC +#include +#endif /*IPSEC*/ + struct inpcbtable rawcbtable; +int rip_pcbnotify __P((struct inpcbtable *, struct in_addr, + struct in_addr, int, int, void (*) __P((struct inpcb *, int)))); +int rip_bind __P((struct inpcb *, struct mbuf *)); +int rip_connect __P((struct inpcb *, struct mbuf *)); +void rip_disconnect __P((struct inpcb *)); + /* * Nominal space allocated to a raw ip socket. */ @@ -77,10 +123,11 @@ void rip_init() { - in_pcbinit(&rawcbtable, 1); + in_pcbinit(&rawcbtable, 1, 1); } -struct sockaddr_in ripsrc = { sizeof(ripsrc), AF_INET }; +static struct sockaddr_in ripsrc = { sizeof(ripsrc), AF_INET }; + /* * Setup generic address and protocol structures * for raw_input routine, then pass them along with @@ -95,47 +142,158 @@ rip_input(m, va_alist) va_dcl #endif { - register struct ip *ip = mtod(m, struct ip *); - register struct inpcb *inp; - struct socket *last = 0; + int off, proto; + struct ip *ip = mtod(m, struct ip *); + struct inpcb *inp; + struct inpcb *last = 0; + struct mbuf *opts = 0; + struct sockaddr_in ripsrc; + va_list ap; + va_start(ap, m); + off = va_arg(ap, int); + proto = va_arg(ap, int); + va_end(ap); + + ripsrc.sin_family = AF_INET; + ripsrc.sin_len = sizeof(struct sockaddr_in); ripsrc.sin_addr = ip->ip_src; - for (inp = rawcbtable.inpt_queue.cqh_first; - inp != (struct inpcb *)&rawcbtable.inpt_queue; - inp = inp->inp_queue.cqe_next) { - if (inp->inp_ip.ip_p && inp->inp_ip.ip_p != ip->ip_p) + ripsrc.sin_port = 0; + bzero((caddr_t)ripsrc.sin_zero, sizeof(ripsrc.sin_zero)); + + /* + * XXX Compatibility: programs using raw IP expect ip_len + * XXX to have the header length subtracted. + */ + ip->ip_len -= ip->ip_hl << 2; + + CIRCLEQ_FOREACH(inp, &rawcbtable.inpt_queue, inp_queue) { + if (inp->inp_ip.ip_p && inp->inp_ip.ip_p != proto) continue; - if (inp->inp_laddr.s_addr != INADDR_ANY && - inp->inp_laddr.s_addr != ip->ip_dst.s_addr) + if (!in_nullhost(inp->inp_laddr) && + !in_hosteq(inp->inp_laddr, ip->ip_dst)) continue; - if (inp->inp_faddr.s_addr != INADDR_ANY && - inp->inp_faddr.s_addr != ip->ip_src.s_addr) + if (!in_nullhost(inp->inp_faddr) && + !in_hosteq(inp->inp_faddr, ip->ip_src)) continue; if (last) { struct mbuf *n; + +#ifdef IPSEC + /* check AH/ESP integrity. */ + if (ipsec4_in_reject_so(m, last->inp_socket)) { + ipsecstat.in_polvio++; + /* do not inject data to pcb */ + } else +#endif /*IPSEC*/ if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) { - if (sbappendaddr(&last->so_rcv, - sintosa(&ripsrc), n, - (struct mbuf *)0) == 0) + if (last->inp_flags & INP_CONTROLOPTS || + last->inp_socket->so_options & SO_TIMESTAMP) + ip_savecontrol(last, &opts, ip, n); + if (sbappendaddr(&last->inp_socket->so_rcv, + sintosa(&ripsrc), n, opts) == 0) { /* should notify about lost packet */ m_freem(n); - else - sorwakeup(last); + if (opts) + m_freem(opts); + } else + sorwakeup(last->inp_socket); + opts = NULL; } } - last = inp->inp_socket; + last = inp; } +#ifdef IPSEC + /* check AH/ESP integrity. */ + if (last && ipsec4_in_reject_so(m, last->inp_socket)) { + m_freem(m); + ipsecstat.in_polvio++; + ipstat.ips_delivered--; + /* do not inject data to pcb */ + } else +#endif /*IPSEC*/ if (last) { - if (sbappendaddr(&last->so_rcv, sintosa(&ripsrc), m, - (struct mbuf *)0) == 0) + if (last->inp_flags & INP_CONTROLOPTS || + last->inp_socket->so_options & SO_TIMESTAMP) + ip_savecontrol(last, &opts, ip, m); + if (sbappendaddr(&last->inp_socket->so_rcv, + sintosa(&ripsrc), m, opts) == 0) { m_freem(m); - else - sorwakeup(last); + if (opts) + m_freem(opts); + } else + sorwakeup(last->inp_socket); } else { - m_freem(m); - ipstat.ips_noproto++; - ipstat.ips_delivered--; + if (inetsw[ip_protox[ip->ip_p]].pr_input == rip_input) { + icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PROTOCOL, + 0, 0); + ipstat.ips_noproto++; + ipstat.ips_delivered--; + } else + m_freem(m); + } + return; +} + +int +rip_pcbnotify(table, faddr, laddr, proto, errno, notify) + struct inpcbtable *table; + struct in_addr faddr, laddr; + int proto; + int errno; + void (*notify) __P((struct inpcb *, int)); +{ + struct inpcb *inp, *ninp; + int nmatch; + + nmatch = 0; + for (inp = CIRCLEQ_FIRST(&table->inpt_queue); + inp != (struct inpcb *)&table->inpt_queue; + inp = ninp) { + ninp = inp->inp_queue.cqe_next; + if (inp->inp_ip.ip_p && inp->inp_ip.ip_p != proto) + continue; + if (in_hosteq(inp->inp_faddr, faddr) && + in_hosteq(inp->inp_laddr, laddr)) { + (*notify)(inp, errno); + nmatch++; + } } + + return nmatch; +} + +void * +rip_ctlinput(cmd, sa, v) + int cmd; + struct sockaddr *sa; + void *v; +{ + struct ip *ip = v; + void (*notify) __P((struct inpcb *, int)) = in_rtchange; + int errno; + + if (sa->sa_family != AF_INET || + sa->sa_len != sizeof(struct sockaddr_in)) + return NULL; + if ((unsigned)cmd >= PRC_NCMDS) + return NULL; + errno = inetctlerrmap[cmd]; + if (PRC_IS_REDIRECT(cmd)) + notify = in_rtchange, ip = 0; + else if (cmd == PRC_HOSTDEAD) + ip = 0; + else if (errno == 0) + return NULL; + if (ip) { + rip_pcbnotify(&rawcbtable, satosin(sa)->sin_addr, + ip->ip_src, ip->ip_p, errno, notify); + + /* XXX mapped address case */ + } else + in_pcbnotifyall(&rawcbtable, satosin(sa)->sin_addr, errno, + notify); + return NULL; } /* @@ -151,8 +309,8 @@ rip_output(m, va_alist) va_dcl #endif { - register struct inpcb *inp; - register struct ip *ip; + struct inpcb *inp; + struct ip *ip; struct mbuf *opts; int flags; va_list ap; @@ -162,13 +320,18 @@ rip_output(m, va_alist) va_end(ap); flags = - (inp->inp_socket->so_options & SO_DONTROUTE) | IP_ALLOWBROADCAST; + (inp->inp_socket->so_options & SO_DONTROUTE) | IP_ALLOWBROADCAST + | IP_RETURNMTU; /* * If the user handed us a complete IP packet, use it. * Otherwise, allocate an mbuf for a header and fill it in. */ if ((inp->inp_flags & INP_HDRINCL) == 0) { + if ((m->m_pkthdr.len + sizeof(struct ip)) > IP_MAXPACKET) { + m_freem(m); + return (EMSGSIZE); + } M_PREPEND(m, sizeof(struct ip), M_WAIT); ip = mtod(m, struct ip *); ip->ip_tos = 0; @@ -180,7 +343,15 @@ rip_output(m, va_alist) ip->ip_ttl = MAXTTL; opts = inp->inp_options; } else { + if (m->m_pkthdr.len > IP_MAXPACKET) { + m_freem(m); + return (EMSGSIZE); + } ip = mtod(m, struct ip *); + if (m->m_pkthdr.len != ip->ip_len) { + m_freem(m); + return (EINVAL); + } if (ip->ip_id == 0) ip->ip_id = htons(ip_id++); opts = NULL; @@ -188,7 +359,13 @@ rip_output(m, va_alist) flags |= IP_RAWOUTPUT; ipstat.ips_rawout++; } - return (ip_output(m, opts, &inp->inp_route, flags, inp->inp_moptions)); +#ifdef IPSEC + if (ipsec_setsocket(m, inp->inp_socket) != 0) { + m_freem(m); + return ENOBUFS; + } +#endif /*IPSEC*/ + return (ip_output(m, opts, &inp->inp_route, flags, inp->inp_moptions, &inp->inp_errormtu)); } /* @@ -201,65 +378,91 @@ rip_ctloutput(op, so, level, optname, m) int level, optname; struct mbuf **m; { - register struct inpcb *inp = sotoinpcb(so); -#ifdef MROUTING - int error; -#endif + struct inpcb *inp = sotoinpcb(so); + int error = 0; if (level != IPPROTO_IP) { - if (m != 0 && *m != 0) - (void)m_free(*m); - return (EINVAL); - } - - switch (optname) { - - case IP_HDRINCL: - if (op == PRCO_SETOPT || op == PRCO_GETOPT) { - if (m == 0 || *m == 0 || (*m)->m_len < sizeof (int)) - return (EINVAL); - if (op == PRCO_SETOPT) { + error = ENOPROTOOPT; + if (op == PRCO_SETOPT && *m != 0) + (void) m_free(*m); + } else switch (op) { + + case PRCO_SETOPT: + switch (optname) { + case IP_HDRINCL: + if (*m == 0 || (*m)->m_len < sizeof (int)) + error = EINVAL; + else { if (*mtod(*m, int *)) inp->inp_flags |= INP_HDRINCL; else inp->inp_flags &= ~INP_HDRINCL; - (void)m_free(*m); - } else { - (*m)->m_len = sizeof (int); - *mtod(*m, int *) = inp->inp_flags & INP_HDRINCL; } - return (0); + if (*m != 0) + (void) m_free(*m); + break; + +#ifdef MROUTING + case MRT_INIT: + case MRT_DONE: + case MRT_ADD_VIF: + case MRT_DEL_VIF: + case MRT_ADD_MFC: + case MRT_DEL_MFC: + case MRT_ASSERT: + error = ip_mrouter_set(so, optname, m); + break; +#endif + + default: + error = ip_ctloutput(op, so, level, optname, m); + break; } break; - case MRT_INIT: - case MRT_DONE: - case MRT_ADD_VIF: - case MRT_DEL_VIF: - case MRT_ADD_MFC: - case MRT_DEL_MFC: - case MRT_VERSION: - case MRT_ASSERT: -#ifdef MROUTING - switch (op) { - case PRCO_SETOPT: - error = ip_mrouter_set(optname, so, m); + case PRCO_GETOPT: + switch (optname) { + case IP_HDRINCL: + *m = m_get(M_WAIT, M_SOOPTS); + (*m)->m_len = sizeof (int); + *mtod(*m, int *) = inp->inp_flags & INP_HDRINCL ? 1 : 0; break; - case PRCO_GETOPT: - error = ip_mrouter_get(optname, so, m); + +#ifdef MROUTING + case MRT_VERSION: + case MRT_ASSERT: + error = ip_mrouter_get(so, optname, m); break; +#endif + default: - error = EINVAL; + error = ip_ctloutput(op, so, level, optname, m); break; } - return (error); -#else - if (op == PRCO_SETOPT && *m) - m_free(*m); - return (EOPNOTSUPP); -#endif + break; } - return (ip_ctloutput(op, so, level, optname, m)); + return (error); +} + +int +rip_bind(inp, nam) + struct inpcb *inp; + struct mbuf *nam; +{ + struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *); + + if (nam->m_len != sizeof(*addr)) + return (EINVAL); + if (TAILQ_FIRST(&ifnet) == 0) + return (EADDRNOTAVAIL); + if (addr->sin_family != AF_INET && + addr->sin_family != AF_IMPLINK) + return (EAFNOSUPPORT); + if (!in_nullhost(addr->sin_addr) && + ifa_ifwithaddr(sintosa(addr)) == 0) + return (EADDRNOTAVAIL); + inp->inp_laddr = addr->sin_addr; + return (0); } int @@ -271,7 +474,7 @@ rip_connect(inp, nam) if (nam->m_len != sizeof(*addr)) return (EINVAL); - if (ifnet.tqh_first == 0) + if (TAILQ_FIRST(&ifnet) == 0) return (EADDRNOTAVAIL); if (addr->sin_family != AF_INET && addr->sin_family != AF_IMPLINK) @@ -285,7 +488,7 @@ rip_disconnect(inp) struct inpcb *inp; { - inp->inp_faddr.s_addr = INADDR_ANY; + inp->inp_faddr = zeroin_addr; } u_long rip_sendspace = RIPSNDQ; @@ -294,14 +497,14 @@ u_long rip_recvspace = RIPRCVQ; /*ARGSUSED*/ int rip_usrreq(so, req, m, nam, control, p) - register struct socket *so; + struct socket *so; int req; struct mbuf *m, *nam, *control; struct proc *p; { - register struct inpcb *inp; + struct inpcb *inp; int s; - register int error = 0; + int error = 0; #ifdef MROUTING extern struct socket *ip_mrouter; #endif @@ -310,6 +513,13 @@ rip_usrreq(so, req, m, nam, control, p) return (in_control(so, (long)m, (caddr_t)nam, (struct ifnet *)control, p)); + if (req == PRU_PURGEIF) { + in_pcbpurgeif0(&rawcbtable, (struct ifnet *)control); + in_purgeif((struct ifnet *)control); + in_pcbpurgeif(&rawcbtable, (struct ifnet *)control); + return (0); + } + s = splsoftnet(); inp = sotoinpcb(so); #ifdef DIAGNOSTIC @@ -353,30 +563,8 @@ rip_usrreq(so, req, m, nam, control, p) break; case PRU_BIND: - { - struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *); - - if (nam->m_len != sizeof(*addr)) { - error = EINVAL; - break; - } - if (ifnet.tqh_first == 0) { - error = EADDRNOTAVAIL; - break; - } - if (addr->sin_family != AF_INET && - addr->sin_family != AF_IMPLINK) { - error = EAFNOSUPPORT; - break; - } - if (addr->sin_addr.s_addr != INADDR_ANY && - ifa_ifwithaddr(sintosa(addr)) == 0) { - error = EADDRNOTAVAIL; - break; - } - inp->inp_laddr = addr->sin_addr; + error = rip_bind(inp, nam); break; - } case PRU_LISTEN: error = EOPNOTSUPP;