version 1.100, 2003/06/15 02:49:34 |
version 1.112, 2003/10/18 13:05:45 |
|
|
* 2. Redistributions in binary form must reproduce the above copyright |
* 2. Redistributions in binary form must reproduce the above copyright |
* notice, this list of conditions and the following disclaimer in the |
* notice, this list of conditions and the following disclaimer in the |
* documentation and/or other materials provided with the distribution. |
* documentation and/or other materials provided with the distribution. |
* 3. All advertising materials mentioning features or use of this software |
* 3. Neither the name of the University nor the names of its contributors |
* must display the following acknowledgement: |
|
* This product includes software developed by the University of |
|
* California, Berkeley and its contributors. |
|
* 4. Neither the name of the University nor the names of its contributors |
|
* may be used to endorse or promote products derived from this software |
* may be used to endorse or promote products derived from this software |
* without specific prior written permission. |
* without specific prior written permission. |
* |
* |
Line 71 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 67 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include "opt_ipsec.h" |
#include "opt_ipsec.h" |
#include "opt_inet_csum.h" |
#include "opt_inet_csum.h" |
#include "opt_ipkdb.h" |
#include "opt_ipkdb.h" |
|
#include "opt_mbuftrace.h" |
|
|
#include <sys/param.h> |
#include <sys/param.h> |
#include <sys/malloc.h> |
#include <sys/malloc.h> |
Line 118 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 115 __KERNEL_RCSID(0, "$NetBSD$"); |
|
|
|
#include <machine/stdarg.h> |
#include <machine/stdarg.h> |
|
|
|
#ifdef FAST_IPSEC |
|
#include <netipsec/ipsec.h> |
|
#ifdef INET6 |
|
#include <netipsec/ipsec6.h> |
|
#endif |
|
#endif /* FAST_IPSEC*/ |
|
|
#ifdef IPSEC |
#ifdef IPSEC |
#include <netinet6/ipsec.h> |
#include <netinet6/ipsec.h> |
#include <netkey/key.h> |
#include <netkey/key.h> |
|
|
udp_init() |
udp_init() |
{ |
{ |
|
|
#ifdef INET |
|
in_pcbinit(&udbtable, udbhashsize, udbhashsize); |
in_pcbinit(&udbtable, udbhashsize, udbhashsize); |
#endif |
|
|
|
#ifdef UDP_CSUM_COUNTERS |
#ifdef UDP_CSUM_COUNTERS |
evcnt_attach_static(&udp_hwcsum_bad); |
evcnt_attach_static(&udp_hwcsum_bad); |
Line 268 udp_input(m, va_alist) |
|
Line 270 udp_input(m, va_alist) |
|
*/ |
*/ |
if (uh->uh_sum) { |
if (uh->uh_sum) { |
switch (m->m_pkthdr.csum_flags & |
switch (m->m_pkthdr.csum_flags & |
((m->m_pkthdr.rcvif->if_csum_flags_rx & M_CSUM_UDPv4) | |
((m->m_pkthdr.rcvif->if_csum_flags_rx & M_CSUM_UDPv4) | |
M_CSUM_TCP_UDP_BAD | M_CSUM_DATA)) { |
M_CSUM_TCP_UDP_BAD | M_CSUM_DATA)) { |
case M_CSUM_UDPv4|M_CSUM_TCP_UDP_BAD: |
case M_CSUM_UDPv4|M_CSUM_TCP_UDP_BAD: |
UDP_CSUM_COUNTER_INCR(&udp_hwcsum_bad); |
UDP_CSUM_COUNTER_INCR(&udp_hwcsum_bad); |
goto badcsum; |
goto badcsum; |
|
|
case M_CSUM_UDPv4|M_CSUM_DATA: |
case M_CSUM_UDPv4|M_CSUM_DATA: { |
|
u_int32_t hw_csum = m->m_pkthdr.csum_data; |
UDP_CSUM_COUNTER_INCR(&udp_hwcsum_data); |
UDP_CSUM_COUNTER_INCR(&udp_hwcsum_data); |
if ((m->m_pkthdr.csum_data ^ 0xffff) != 0) |
if (m->m_pkthdr.csum_flags & M_CSUM_NO_PSEUDOHDR) |
|
hw_csum = in_cksum_phdr(ip->ip_src.s_addr, |
|
ip->ip_dst.s_addr, |
|
htonl(hw_csum + ntohs(ip->ip_len) + |
|
IPPROTO_UDP)); |
|
if ((hw_csum ^ 0xffff) != 0) |
goto badcsum; |
goto badcsum; |
break; |
break; |
|
} |
|
|
case M_CSUM_UDPv4: |
case M_CSUM_UDPv4: |
/* Checksum was okay. */ |
/* Checksum was okay. */ |
Line 489 udp4_sendup(m, off, src, so) |
|
Line 498 udp4_sendup(m, off, src, so) |
|
return; |
return; |
} |
} |
|
|
#ifdef IPSEC |
#if defined(IPSEC) || defined(FAST_IPSEC) |
/* check AH/ESP integrity. */ |
/* check AH/ESP integrity. */ |
if (so != NULL && ipsec4_in_reject_so(m, so)) { |
if (so != NULL && ipsec4_in_reject_so(m, so)) { |
ipsecstat.in_polvio++; |
ipsecstat.in_polvio++; |
|
if ((n = m_copy(m, 0, M_COPYALL)) != NULL) |
|
icmp_error(n, ICMP_UNREACH, ICMP_UNREACH_ADMIN_PROHIBIT, |
|
0, 0); |
return; |
return; |
} |
} |
#endif /*IPSEC*/ |
#endif /*IPSEC*/ |
Line 535 udp6_sendup(m, off, src, so) |
|
Line 547 udp6_sendup(m, off, src, so) |
|
return; |
return; |
in6p = sotoin6pcb(so); |
in6p = sotoin6pcb(so); |
|
|
#ifdef IPSEC |
#if defined(IPSEC) || defined(FAST_IPSEC) |
/* check AH/ESP integrity. */ |
/* check AH/ESP integrity. */ |
if (so != NULL && ipsec6_in_reject_so(m, so)) { |
if (so != NULL && ipsec6_in_reject_so(m, so)) { |
ipsec6stat.in_polvio++; |
ipsec6stat.in_polvio++; |
|
if ((n = m_copy(m, 0, M_COPYALL)) != NULL) |
|
icmp6_error(n, ICMP6_DST_UNREACH, |
|
ICMP6_DST_UNREACH_ADMIN, 0); |
return; |
return; |
} |
} |
#endif /*IPSEC*/ |
#endif /*IPSEC*/ |
Line 573 udp4_realinput(src, dst, m, off) |
|
Line 588 udp4_realinput(src, dst, m, off) |
|
u_int16_t *sport, *dport; |
u_int16_t *sport, *dport; |
int rcvcnt; |
int rcvcnt; |
struct in_addr *src4, *dst4; |
struct in_addr *src4, *dst4; |
|
struct inpcb_hdr *inph; |
struct inpcb *inp; |
struct inpcb *inp; |
|
|
rcvcnt = 0; |
rcvcnt = 0; |
Line 611 udp4_realinput(src, dst, m, off) |
|
Line 627 udp4_realinput(src, dst, m, off) |
|
/* |
/* |
* Locate pcb(s) for datagram. |
* Locate pcb(s) for datagram. |
*/ |
*/ |
CIRCLEQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue) { |
CIRCLEQ_FOREACH(inph, &udbtable.inpt_queue, inph_queue) { |
|
inp = (struct inpcb *)inph; |
|
if (inp->inp_af != AF_INET) |
|
continue; |
|
|
if (inp->inp_lport != *dport) |
if (inp->inp_lport != *dport) |
continue; |
continue; |
if (!in_nullhost(inp->inp_laddr)) { |
if (!in_nullhost(inp->inp_laddr)) { |
Line 674 udp6_realinput(af, src, dst, m, off) |
|
Line 694 udp6_realinput(af, src, dst, m, off) |
|
int rcvcnt; |
int rcvcnt; |
struct in6_addr src6, dst6; |
struct in6_addr src6, dst6; |
const struct in_addr *dst4; |
const struct in_addr *dst4; |
|
struct inpcb_hdr *inph; |
struct in6pcb *in6p; |
struct in6pcb *in6p; |
|
|
rcvcnt = 0; |
rcvcnt = 0; |
Line 715 udp6_realinput(af, src, dst, m, off) |
|
Line 736 udp6_realinput(af, src, dst, m, off) |
|
/* |
/* |
* Locate pcb(s) for datagram. |
* Locate pcb(s) for datagram. |
*/ |
*/ |
for (in6p = udb6.in6p_next; in6p != &udb6; |
CIRCLEQ_FOREACH(inph, &udbtable.inpt_queue, inph_queue) { |
in6p = in6p->in6p_next) { |
in6p = (struct in6pcb *)inph; |
|
if (in6p->in6p_af != AF_INET6) |
|
continue; |
|
|
if (in6p->in6p_lport != dport) |
if (in6p->in6p_lport != dport) |
continue; |
continue; |
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) { |
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->in6p_laddr)) { |
Line 757 udp6_realinput(af, src, dst, m, off) |
|
Line 781 udp6_realinput(af, src, dst, m, off) |
|
/* |
/* |
* Locate pcb for datagram. |
* Locate pcb for datagram. |
*/ |
*/ |
in6p = in6_pcblookup_connect(&udb6, &src6, sport, |
in6p = in6_pcblookup_connect(&udbtable, &src6, sport, |
&dst6, dport, 0); |
&dst6, dport, 0); |
if (in6p == 0) { |
if (in6p == 0) { |
++udpstat.udps_pcbhashmiss; |
++udpstat.udps_pcbhashmiss; |
in6p = in6_pcblookup_bind(&udb6, &dst6, dport, 0); |
in6p = in6_pcblookup_bind(&udbtable, &dst6, dport, 0); |
if (in6p == 0) |
if (in6p == 0) |
return rcvcnt; |
return rcvcnt; |
} |
} |
Line 897 udp_output(m, va_alist) |
|
Line 921 udp_output(m, va_alist) |
|
((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; /* XXX */ |
((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; /* XXX */ |
udpstat.udps_opackets++; |
udpstat.udps_opackets++; |
|
|
#ifdef IPSEC |
|
if (ipsec_setsocket(m, inp->inp_socket) != 0) { |
|
error = ENOBUFS; |
|
goto release; |
|
} |
|
#endif /*IPSEC*/ |
|
|
|
return (ip_output(m, inp->inp_options, &inp->inp_route, |
return (ip_output(m, inp->inp_options, &inp->inp_route, |
inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST), |
inp->inp_socket->so_options & (SO_DONTROUTE | SO_BROADCAST), |
inp->inp_moptions)); |
inp->inp_moptions, inp->inp_socket)); |
|
|
release: |
release: |
m_freem(m); |
m_freem(m); |