Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet6/ip6_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.200 retrieving revision 1.208.2.2 diff -u -p -r1.200 -r1.208.2.2 --- src/sys/netinet6/ip6_input.c 2018/04/26 19:22:17 1.200 +++ src/sys/netinet6/ip6_input.c 2019/09/24 03:10:35 1.208.2.2 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.200 2018/04/26 19:22:17 maxv Exp $ */ +/* $NetBSD: ip6_input.c,v 1.208.2.2 2019/09/24 03:10:35 martin Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.200 2018/04/26 19:22:17 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.208.2.2 2019/09/24 03:10:35 martin Exp $"); #ifdef _KERNEL_OPT #include "opt_gateway.h" @@ -123,8 +123,6 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_input.c, #include "faith.h" -#include - extern struct domain inet6domain; u_char ip6_protox[IPPROTO_MAX]; @@ -196,7 +194,7 @@ ip6_init(void) KASSERT(inet6_pfil_hook != NULL); ip6stat_percpu = percpu_alloc(sizeof(uint64_t) * IP6_NSTATS); - ip6_forward_rt_percpu = percpu_alloc(sizeof(struct route)); + ip6_forward_rt_percpu = rtcache_percpu_alloc(); } static void @@ -344,18 +342,27 @@ ip6_input(struct mbuf *m, struct ifnet * * IPsec (encapsulated, tunnel mode). */ #if defined(IPSEC) - if (!ipsec_used || !ipsec_indone(m)) + if (!ipsec_used || !ipsec_skip_pfil(m)) #else if (1) #endif { struct in6_addr odst; + int error; odst = ip6->ip6_dst; - if (pfil_run_hooks(inet6_pfil_hook, &m, rcvif, PFIL_IN) != 0) - return; - if (m == NULL) + error = pfil_run_hooks(inet6_pfil_hook, &m, rcvif, PFIL_IN); + if (error != 0 || m == NULL) { + IP6_STATINC(IP6_STAT_PFILDROP_IN); return; + } + if (m->m_len < sizeof(struct ip6_hdr)) { + if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { + IP6_STATINC(IP6_STAT_TOOSMALL); + in6_ifstat_inc(rcvif, ifs6_in_hdrerr); + return; + } + } ip6 = mtod(m, struct ip6_hdr *); srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); } @@ -398,7 +405,7 @@ ip6_input(struct mbuf *m, struct ifnet * goto bad; } - ro = percpu_getref(ip6_forward_rt_percpu); + ro = rtcache_percpu_getref(ip6_forward_rt_percpu); /* * Multicast check @@ -559,7 +566,7 @@ hbhcheck: /* m already freed */ in6_ifstat_inc(rcvif, ifs6_in_discard); rtcache_unref(rt, ro); - percpu_putref(ip6_forward_rt_percpu); + rtcache_percpu_putref(ip6_forward_rt_percpu); return; } @@ -584,7 +591,7 @@ hbhcheck: ICMP6_PARAMPROB_HEADER, (char *)&ip6->ip6_plen - (char *)ip6); rtcache_unref(rt, ro); - percpu_putref(ip6_forward_rt_percpu); + rtcache_percpu_putref(ip6_forward_rt_percpu); return; } IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr), @@ -592,7 +599,7 @@ hbhcheck: if (hbh == NULL) { IP6_STATINC(IP6_STAT_TOOSHORT); rtcache_unref(rt, ro); - percpu_putref(ip6_forward_rt_percpu); + rtcache_percpu_putref(ip6_forward_rt_percpu); return; } KASSERT(IP6_HDR_ALIGNED_P(hbh)); @@ -646,7 +653,7 @@ hbhcheck: if (error != 0) { rtcache_unref(rt, ro); - percpu_putref(ip6_forward_rt_percpu); + rtcache_percpu_putref(ip6_forward_rt_percpu); IP6_STATINC(IP6_STAT_CANTFORWARD); goto bad; } @@ -655,7 +662,7 @@ hbhcheck: goto bad_unref; } else if (!ours) { rtcache_unref(rt, ro); - percpu_putref(ip6_forward_rt_percpu); + rtcache_percpu_putref(ip6_forward_rt_percpu); ip6_forward(m, srcrt); return; } @@ -696,7 +703,7 @@ hbhcheck: rtcache_unref(rt, ro); rt = NULL; } - percpu_putref(ip6_forward_rt_percpu); + rtcache_percpu_putref(ip6_forward_rt_percpu); rh_present = 0; frg_present = 0; @@ -740,11 +747,11 @@ hbhcheck: * header. Note that we do not visit this with * protocols with pcb layer code - like udp/tcp/raw ip. */ - if ((inet6sw[ip_protox[nxt]].pr_flags + if ((inet6sw[ip6_protox[nxt]].pr_flags & PR_LASTHDR) != 0) { int error; - error = ipsec6_input(m); + error = ipsec_ip_input(m, false); if (error) goto bad; } @@ -757,7 +764,7 @@ hbhcheck: bad_unref: rtcache_unref(rt, ro); - percpu_putref(ip6_forward_rt_percpu); + rtcache_percpu_putref(ip6_forward_rt_percpu); bad: m_freem(m); return; @@ -1051,17 +1058,6 @@ ip6_unknown_opt(u_int8_t *optp, struct m return (-1); } -/* - * Create the "control" list for this pcb. - * - * The routine will be called from upper layer handlers like tcp6_input(). - * Thus the routine assumes that the caller (tcp6_input) have already - * called IP6_EXTHDR_CHECK() and all the extension headers are located in the - * very first mbuf on the mbuf chain. - * We may want to add some infinite loop prevention or sanity checks for safety. - * (This applies only when you are using KAME mbuf chain restriction, i.e. - * you are using IP6_EXTHDR_CHECK() not m_pulldown()) - */ void ip6_savecontrol(struct in6pcb *in6p, struct mbuf **mp, struct ip6_hdr *ip6, struct mbuf *m) @@ -1495,7 +1491,7 @@ ip6_addaux(struct mbuf *m) { struct m_tag *mtag; - mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); + mtag = m_tag_find(m, PACKET_TAG_INET6); if (!mtag) { mtag = m_tag_get(PACKET_TAG_INET6, sizeof(struct ip6aux), M_NOWAIT); @@ -1512,7 +1508,7 @@ ip6_findaux(struct mbuf *m) { struct m_tag *mtag; - mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); + mtag = m_tag_find(m, PACKET_TAG_INET6); return mtag; } @@ -1521,7 +1517,7 @@ ip6_delaux(struct mbuf *m) { struct m_tag *mtag; - mtag = m_tag_find(m, PACKET_TAG_INET6, NULL); + mtag = m_tag_find(m, PACKET_TAG_INET6); if (mtag) m_tag_delete(m, mtag); }