Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.32
retrieving revision 1.55.2.1
diff -u -p -r1.32 -r1.55.2.1
--- src/sys/netinet/raw_ip.c	1996/09/09 14:51:19	1.32
+++ src/sys/netinet/raw_ip.c	2001/08/24 00:12:28	1.55.2.1
@@ -1,4 +1,33 @@
-/*	$NetBSD: raw_ip.c,v 1.32 1996/09/09 14:51:19 mycroft Exp $	*/
+/*	$NetBSD: raw_ip.c,v 1.55.2.1 2001/08/24 00:12:28 nathanw Exp $	*/
+
+/*
+ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
 
 /*
  * Copyright (c) 1982, 1986, 1988, 1993
@@ -32,9 +61,12 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	@(#)raw_ip.c	8.2 (Berkeley) 1/4/94
+ *	@(#)raw_ip.c	8.7 (Berkeley) 5/15/95
  */
 
+#include "opt_ipsec.h"
+#include "opt_mrouting.h"
+
 #include <sys/param.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
@@ -53,11 +85,16 @@
 #include <netinet/ip.h>
 #include <netinet/ip_var.h>
 #include <netinet/ip_mroute.h>
+#include <netinet/ip_icmp.h>
 #include <netinet/in_pcb.h>
 #include <netinet/in_var.h>
 
 #include <machine/stdarg.h>
 
+#ifdef IPSEC
+#include <netinet6/ipsec.h>
+#endif /*IPSEC*/
+
 struct inpcbtable rawcbtable;
 
 int	 rip_bind __P((struct inpcb *, struct mbuf *));
@@ -81,9 +118,11 @@ void
 rip_init()
 {
 
-	in_pcbinit(&rawcbtable, 1);
+	in_pcbinit(&rawcbtable, 1, 1);
 }
 
+static struct	sockaddr_in ripsrc = { sizeof(ripsrc), AF_INET };
+
 /*
  * Setup generic address and protocol structures
  * for raw_input routine, then pass them along with
@@ -98,19 +137,35 @@ rip_input(m, va_alist)
 	va_dcl
 #endif
 {
-	register struct ip *ip = mtod(m, struct ip *);
-	register struct inpcb *inp;
-	struct socket *last = 0;
+	int off, proto;
+	struct ip *ip = mtod(m, struct ip *);
+	struct inpcb *inp;
+	struct inpcb *last = 0;
+	struct mbuf *opts = 0;
 	struct sockaddr_in ripsrc;
+	va_list ap;
+
+	va_start(ap, m);
+	off = va_arg(ap, int);
+	proto = va_arg(ap, int);
+	va_end(ap);
 
 	ripsrc.sin_family = AF_INET;
 	ripsrc.sin_len = sizeof(struct sockaddr_in);
 	ripsrc.sin_addr = ip->ip_src;
+	ripsrc.sin_port = 0;
+	bzero((caddr_t)ripsrc.sin_zero, sizeof(ripsrc.sin_zero));
+
+	/*
+	 * XXX Compatibility: programs using raw IP expect ip_len
+	 * XXX to have the header length subtracted.
+	 */
+	ip->ip_len -= ip->ip_hl << 2;
 
 	for (inp = rawcbtable.inpt_queue.cqh_first;
 	    inp != (struct inpcb *)&rawcbtable.inpt_queue;
 	    inp = inp->inp_queue.cqe_next) {
-		if (inp->inp_ip.ip_p && inp->inp_ip.ip_p != ip->ip_p)
+		if (inp->inp_ip.ip_p && inp->inp_ip.ip_p != proto)
 			continue;
 		if (!in_nullhost(inp->inp_laddr) &&
 		    !in_hosteq(inp->inp_laddr, ip->ip_dst))
@@ -120,29 +175,61 @@ rip_input(m, va_alist)
 			continue;
 		if (last) {
 			struct mbuf *n;
+
+#ifdef IPSEC
+			/* check AH/ESP integrity. */
+			if (ipsec4_in_reject_so(m, last->inp_socket)) {
+				ipsecstat.in_polvio++;
+				/* do not inject data to pcb */
+			} else
+#endif /*IPSEC*/
 			if ((n = m_copy(m, 0, (int)M_COPYALL)) != NULL) {
-				if (sbappendaddr(&last->so_rcv,
-				    sintosa(&ripsrc), n,
-				    (struct mbuf *)0) == 0)
+				if (last->inp_flags & INP_CONTROLOPTS ||
+				    last->inp_socket->so_options & SO_TIMESTAMP)
+					ip_savecontrol(last, &opts, ip, n);
+				if (sbappendaddr(&last->inp_socket->so_rcv,
+				    sintosa(&ripsrc), n, opts) == 0) {
 					/* should notify about lost packet */
 					m_freem(n);
-				else
-					sorwakeup(last);
+					if (opts)
+						m_freem(opts);
+				} else
+					sorwakeup(last->inp_socket);
+				opts = NULL;
 			}
 		}
-		last = inp->inp_socket;
+		last = inp;
 	}
+#ifdef IPSEC
+	/* check AH/ESP integrity. */
+	if (last && ipsec4_in_reject_so(m, last->inp_socket)) {
+		m_freem(m);
+		ipsecstat.in_polvio++;
+		ipstat.ips_delivered--;
+		/* do not inject data to pcb */
+	} else
+#endif /*IPSEC*/
 	if (last) {
-		if (sbappendaddr(&last->so_rcv, sintosa(&ripsrc), m,
-		    (struct mbuf *)0) == 0)
+		if (last->inp_flags & INP_CONTROLOPTS ||
+		    last->inp_socket->so_options & SO_TIMESTAMP)
+			ip_savecontrol(last, &opts, ip, m);
+		if (sbappendaddr(&last->inp_socket->so_rcv,
+		    sintosa(&ripsrc), m, opts) == 0) {
 			m_freem(m);
-		else
-			sorwakeup(last);
+			if (opts)
+				m_freem(opts);
+		} else
+			sorwakeup(last->inp_socket);
 	} else {
-		m_freem(m);
-		ipstat.ips_noproto++;
-		ipstat.ips_delivered--;
+		if (inetsw[ip_protox[ip->ip_p]].pr_input == rip_input) {
+			icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PROTOCOL,
+			    0, 0);
+			ipstat.ips_noproto++;
+			ipstat.ips_delivered--;
+		} else
+			m_freem(m);
 	}
+	return;
 }
 
 /*
@@ -158,8 +245,8 @@ rip_output(m, va_alist)
 	va_dcl
 #endif
 {
-	register struct inpcb *inp;
-	register struct ip *ip;
+	struct inpcb *inp;
+	struct ip *ip;
 	struct mbuf *opts;
 	int flags;
 	va_list ap;
@@ -169,13 +256,18 @@ rip_output(m, va_alist)
 	va_end(ap);
 
 	flags =
-	    (inp->inp_socket->so_options & SO_DONTROUTE) | IP_ALLOWBROADCAST;
+	    (inp->inp_socket->so_options & SO_DONTROUTE) | IP_ALLOWBROADCAST
+	    | IP_RETURNMTU;
 
 	/*
 	 * If the user handed us a complete IP packet, use it.
 	 * Otherwise, allocate an mbuf for a header and fill it in.
 	 */
 	if ((inp->inp_flags & INP_HDRINCL) == 0) {
+		if ((m->m_pkthdr.len + sizeof(struct ip)) > IP_MAXPACKET) {
+			m_freem(m);
+			return (EMSGSIZE);
+		}
 		M_PREPEND(m, sizeof(struct ip), M_WAIT);
 		ip = mtod(m, struct ip *);
 		ip->ip_tos = 0;
@@ -187,7 +279,15 @@ rip_output(m, va_alist)
 		ip->ip_ttl = MAXTTL;
 		opts = inp->inp_options;
 	} else {
+		if (m->m_pkthdr.len > IP_MAXPACKET) {
+			m_freem(m);
+			return (EMSGSIZE);
+		}
 		ip = mtod(m, struct ip *);
+		if (m->m_pkthdr.len != ip->ip_len) {
+			m_freem(m);
+			return (EINVAL);
+		}
 		if (ip->ip_id == 0)
 			ip->ip_id = htons(ip_id++);
 		opts = NULL;
@@ -195,7 +295,13 @@ rip_output(m, va_alist)
 		flags |= IP_RAWOUTPUT;
 		ipstat.ips_rawout++;
 	}
-	return (ip_output(m, opts, &inp->inp_route, flags, inp->inp_moptions));
+#ifdef IPSEC
+	if (ipsec_setsocket(m, inp->inp_socket) != 0) {
+		m_freem(m);
+		return ENOBUFS;
+	}
+#endif /*IPSEC*/
+	return (ip_output(m, opts, &inp->inp_route, flags, inp->inp_moptions, &inp->inp_errormtu));
 }
 
 /*
@@ -208,7 +314,7 @@ rip_ctloutput(op, so, level, optname, m)
 	int level, optname;
 	struct mbuf **m;
 {
-	register struct inpcb *inp = sotoinpcb(so);
+	struct inpcb *inp = sotoinpcb(so);
 	int error = 0;
 
 	if (level != IPPROTO_IP) {
@@ -327,14 +433,14 @@ u_long	rip_recvspace = RIPRCVQ;
 /*ARGSUSED*/
 int
 rip_usrreq(so, req, m, nam, control, p)
-	register struct socket *so;
+	struct socket *so;
 	int req;
 	struct mbuf *m, *nam, *control;
 	struct proc *p;
 {
-	register struct inpcb *inp;
+	struct inpcb *inp;
 	int s;
-	register int error = 0;
+	int error = 0;
 #ifdef MROUTING
 	extern struct socket *ip_mrouter;
 #endif
@@ -343,6 +449,13 @@ rip_usrreq(so, req, m, nam, control, p)
 		return (in_control(so, (long)m, (caddr_t)nam,
 		    (struct ifnet *)control, p));
 
+	if (req == PRU_PURGEIF) {
+		in_pcbpurgeif0(&rawcbtable, (struct ifnet *)control);
+		in_purgeif((struct ifnet *)control);
+		in_pcbpurgeif(&rawcbtable, (struct ifnet *)control);
+		return (0);
+	}
+
 	s = splsoftnet();
 	inp = sotoinpcb(so);
 #ifdef DIAGNOSTIC