version 1.37.2.5, 2001/08/24 00:12:41 |
version 1.44, 2001/10/16 06:24:44 |
|
|
#include <sys/time.h> |
#include <sys/time.h> |
#include <sys/kernel.h> |
#include <sys/kernel.h> |
#include <sys/syslog.h> |
#include <sys/syslog.h> |
#include <sys/lwp.h> |
|
#include <sys/proc.h> |
#include <sys/proc.h> |
|
|
#include <net/if.h> |
#include <net/if.h> |
|
|
#endif |
#endif |
|
|
/* |
/* |
* mbuf statistics by kazu |
* mbuf statistics |
*/ |
*/ |
if (m->m_flags & M_EXT) { |
if (m->m_flags & M_EXT) { |
if (m->m_next) |
if (m->m_next) |
|
|
#define M2MMAX (sizeof(ip6stat.ip6s_m2m)/sizeof(ip6stat.ip6s_m2m[0])) |
#define M2MMAX (sizeof(ip6stat.ip6s_m2m)/sizeof(ip6stat.ip6s_m2m[0])) |
if (m->m_next) { |
if (m->m_next) { |
if (m->m_flags & M_LOOP) { |
if (m->m_flags & M_LOOP) { |
ip6stat.ip6s_m2m[loif[0].if_index]++; /*XXX*/ |
ip6stat.ip6s_m2m[loif[0].if_index]++; /* XXX */ |
} else if (m->m_pkthdr.rcvif->if_index < M2MMAX) |
} else if (m->m_pkthdr.rcvif->if_index < M2MMAX) |
ip6stat.ip6s_m2m[m->m_pkthdr.rcvif->if_index]++; |
ip6stat.ip6s_m2m[m->m_pkthdr.rcvif->if_index]++; |
else |
else |
|
|
} |
} |
#endif /* PFIL_HOOKS */ |
#endif /* PFIL_HOOKS */ |
|
|
|
|
ip6stat.ip6s_nxthist[ip6->ip6_nxt]++; |
ip6stat.ip6s_nxthist[ip6->ip6_nxt]++; |
|
|
#ifdef ALTQ |
#ifdef ALTQ |
/* XXX Temporary until ALTQ is changed to use a pfil hook */ |
|
if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) { |
if (altq_input != NULL && (*altq_input)(m, AF_INET6) == 0) { |
/* packet is dropped by traffic conditioner */ |
/* packet is dropped by traffic conditioner */ |
return; |
return; |
|
|
#endif |
#endif |
|
|
/* |
/* |
* Scope check |
* Check against address spoofing/corruption. |
*/ |
*/ |
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || |
if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_src) || |
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { |
IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_dst)) { |
|
|
goto bad; |
goto bad; |
} |
} |
/* |
/* |
* The following check is not documented in the spec. Malicious party |
* The following check is not documented in specs. A malicious |
* may be able to use IPv4 mapped addr to confuse tcp/udp stack and |
* party may be able to use IPv4 mapped addr to confuse tcp/udp stack |
* bypass security checks (act as if it was from 127.0.0.1 by using |
* and bypass security checks (act as if it was from 127.0.0.1 by using |
* IPv6 src ::ffff:127.0.0.1). Be cautious. |
* IPv6 src ::ffff:127.0.0.1). Be cautious. |
* |
* |
* This check chokes if we are in SIIT cloud. As none of BSDs support |
* This check chokes if we are in an SIIT cloud. As none of BSDs |
* IPv4-less kernel compilation, we cannot support SIIT environment |
* support IPv4-less kernel compilation, we cannot support SIIT |
* at all. So, it makes more sense for us to reject any malicious |
* environment at all. So, it makes more sense for us to reject any |
* packets for non-SIIT environment, than try to do a partical support |
* malicious packets for non-SIIT environment, than try to do a |
* for SIIT environment. |
* partical support for SIIT environment. |
*/ |
*/ |
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) || |
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) { |
Line 1009 ip6_savecontrol(in6p, mp, ip6, m) |
|
Line 1006 ip6_savecontrol(in6p, mp, ip6, m) |
|
struct ip6_hdr *ip6; |
struct ip6_hdr *ip6; |
struct mbuf *m; |
struct mbuf *m; |
{ |
{ |
struct proc *p = (curproc ? curproc->l_proc : 0); /* XXX */ |
struct proc *p = curproc; /* XXX */ |
int privileged; |
int privileged; |
|
|
privileged = 0; |
privileged = 0; |
Line 1454 ip6_sysctl(name, namelen, oldp, oldlenp, |
|
Line 1451 ip6_sysctl(name, namelen, oldp, oldlenp, |
|
&ip6_use_deprecated); |
&ip6_use_deprecated); |
case IPV6CTL_RR_PRUNE: |
case IPV6CTL_RR_PRUNE: |
return sysctl_int(oldp, oldlenp, newp, newlen, &ip6_rr_prune); |
return sysctl_int(oldp, oldlenp, newp, newlen, &ip6_rr_prune); |
#ifndef INET6_BINDV6ONLY |
case IPV6CTL_V6ONLY: |
case IPV6CTL_BINDV6ONLY: |
#ifdef INET6_BINDV6ONLY |
return sysctl_int(oldp, oldlenp, newp, newlen, |
return sysctl_rdint(oldp, oldlenp, newp, ip6_v6only); |
&ip6_bindv6only); |
#else |
|
return sysctl_int(oldp, oldlenp, newp, newlen, &ip6_v6only); |
#endif |
#endif |
case IPV6CTL_ANONPORTMIN: |
case IPV6CTL_ANONPORTMIN: |
old = ip6_anonportmin; |
old = ip6_anonportmin; |