ip_input.c (de7201225514f33f0fde51cab02f4a86c879b13d) | ip_input.c (21d172a3f17d63c16991f0313fe5de2353043d5b) |
---|---|
1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 366 unchanged lines hidden (view full) --- 375void 376ip_input(struct mbuf *m) 377{ 378 struct ip *ip = NULL; 379 struct in_ifaddr *ia = NULL; 380 struct ifaddr *ifa; 381 struct ifnet *ifp; 382 int checkif, hlen = 0; | 1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 366 unchanged lines hidden (view full) --- 375void 376ip_input(struct mbuf *m) 377{ 378 struct ip *ip = NULL; 379 struct in_ifaddr *ia = NULL; 380 struct ifaddr *ifa; 381 struct ifnet *ifp; 382 int checkif, hlen = 0; |
383 u_short sum; | 383 uint16_t sum, ip_len; |
384 int dchg = 0; /* dest changed after fw */ 385 struct in_addr odst; /* original dst address */ 386 387 M_ASSERTPKTHDR(m); 388 389 if (m->m_flags & M_FASTFWD_OURS) { | 384 int dchg = 0; /* dest changed after fw */ 385 struct in_addr odst; /* original dst address */ 386 387 M_ASSERTPKTHDR(m); 388 389 if (m->m_flags & M_FASTFWD_OURS) { |
390 /* 391 * Firewall or NAT changed destination to local. 392 * We expect ip_len and ip_off to be in host byte order. 393 */ | |
394 m->m_flags &= ~M_FASTFWD_OURS; 395 /* Set up some basics that will be used later. */ 396 ip = mtod(m, struct ip *); | 390 m->m_flags &= ~M_FASTFWD_OURS; 391 /* Set up some basics that will be used later. */ 392 ip = mtod(m, struct ip *); |
393 ip->ip_len = ntohs(ip->ip_len); 394 ip->ip_off = ntohs(ip->ip_off); |
|
397 hlen = ip->ip_hl << 2; 398 goto ours; 399 } 400 401 IPSTAT_INC(ips_total); 402 403 if (m->m_pkthdr.len < sizeof(struct ip)) 404 goto tooshort; --- 48 unchanged lines hidden (view full) --- 453 } 454 455#ifdef ALTQ 456 if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) 457 /* packet is dropped by traffic conditioner */ 458 return; 459#endif 460 | 395 hlen = ip->ip_hl << 2; 396 goto ours; 397 } 398 399 IPSTAT_INC(ips_total); 400 401 if (m->m_pkthdr.len < sizeof(struct ip)) 402 goto tooshort; --- 48 unchanged lines hidden (view full) --- 451 } 452 453#ifdef ALTQ 454 if (altq_input != NULL && (*altq_input)(m, AF_INET) == 0) 455 /* packet is dropped by traffic conditioner */ 456 return; 457#endif 458 |
461 /* 462 * Convert fields to host representation. 463 */ 464 ip->ip_len = ntohs(ip->ip_len); 465 if (ip->ip_len < hlen) { | 459 ip_len = ntohs(ip->ip_len); 460 if (ip_len < hlen) { |
466 IPSTAT_INC(ips_badlen); 467 goto bad; 468 } | 461 IPSTAT_INC(ips_badlen); 462 goto bad; 463 } |
469 ip->ip_off = ntohs(ip->ip_off); | |
470 471 /* 472 * Check that the amount of data in the buffers 473 * is as at least much as the IP header would have us expect. 474 * Trim mbufs if longer than we expect. 475 * Drop packet if shorter than we expect. 476 */ | 464 465 /* 466 * Check that the amount of data in the buffers 467 * is as at least much as the IP header would have us expect. 468 * Trim mbufs if longer than we expect. 469 * Drop packet if shorter than we expect. 470 */ |
477 if (m->m_pkthdr.len < ip->ip_len) { | 471 if (m->m_pkthdr.len < ip_len) { |
478tooshort: 479 IPSTAT_INC(ips_tooshort); 480 goto bad; 481 } | 472tooshort: 473 IPSTAT_INC(ips_tooshort); 474 goto bad; 475 } |
482 if (m->m_pkthdr.len > ip->ip_len) { | 476 if (m->m_pkthdr.len > ip_len) { |
483 if (m->m_len == m->m_pkthdr.len) { | 477 if (m->m_len == m->m_pkthdr.len) { |
484 m->m_len = ip->ip_len; 485 m->m_pkthdr.len = ip->ip_len; | 478 m->m_len = ip_len; 479 m->m_pkthdr.len = ip_len; |
486 } else | 480 } else |
487 m_adj(m, ip->ip_len - m->m_pkthdr.len); | 481 m_adj(m, ip_len - m->m_pkthdr.len); |
488 } 489#ifdef IPSEC 490 /* 491 * Bypass packet filtering for packets previously handled by IPsec. 492 */ 493 if (ip_ipsec_filtertunnel(m)) 494 goto passin; 495#endif /* IPSEC */ --- 18 unchanged lines hidden (view full) --- 514 515 ip = mtod(m, struct ip *); 516 dchg = (odst.s_addr != ip->ip_dst.s_addr); 517 ifp = m->m_pkthdr.rcvif; 518 519#ifdef IPFIREWALL_FORWARD 520 if (m->m_flags & M_FASTFWD_OURS) { 521 m->m_flags &= ~M_FASTFWD_OURS; | 482 } 483#ifdef IPSEC 484 /* 485 * Bypass packet filtering for packets previously handled by IPsec. 486 */ 487 if (ip_ipsec_filtertunnel(m)) 488 goto passin; 489#endif /* IPSEC */ --- 18 unchanged lines hidden (view full) --- 508 509 ip = mtod(m, struct ip *); 510 dchg = (odst.s_addr != ip->ip_dst.s_addr); 511 ifp = m->m_pkthdr.rcvif; 512 513#ifdef IPFIREWALL_FORWARD 514 if (m->m_flags & M_FASTFWD_OURS) { 515 m->m_flags &= ~M_FASTFWD_OURS; |
516 ip->ip_len = ntohs(ip->ip_len); 517 ip->ip_off = ntohs(ip->ip_off); |
|
522 goto ours; 523 } 524 if ((dchg = (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != NULL)) != 0) { 525 /* 526 * Directly ship the packet on. This allows forwarding 527 * packets originally destined to us to some other directly 528 * connected host. 529 */ | 518 goto ours; 519 } 520 if ((dchg = (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != NULL)) != 0) { 521 /* 522 * Directly ship the packet on. This allows forwarding 523 * packets originally destined to us to some other directly 524 * connected host. 525 */ |
526 ip->ip_len = ntohs(ip->ip_len); 527 ip->ip_off = ntohs(ip->ip_off); |
|
530 ip_forward(m, dchg); 531 return; 532 } 533#endif /* IPFIREWALL_FORWARD */ 534 535passin: 536 /* | 528 ip_forward(m, dchg); 529 return; 530 } 531#endif /* IPFIREWALL_FORWARD */ 532 533passin: 534 /* |
535 * From now and up to output pfil(9) processing in ip_output() 536 * the header is in host byte order. 537 */ 538 ip->ip_len = ntohs(ip->ip_len); 539 ip->ip_off = ntohs(ip->ip_off); 540 541 /* |
|
537 * Process options and, if not destined for us, 538 * ship it on. ip_dooptions returns 1 when an 539 * error was detected (causing an icmp message 540 * to be sent and the original packet to be freed). 541 */ 542 if (hlen > sizeof (struct ip) && ip_dooptions(m, 0)) 543 return; 544 --- 810 unchanged lines hidden (view full) --- 1355 * 1356 * If not forwarding, just drop the packet. This could be confusing 1357 * if ipforwarding was zero but some routing protocol was advancing 1358 * us as a gateway to somewhere. However, we must let the routing 1359 * protocol deal with that. 1360 * 1361 * The srcrt parameter indicates whether the packet is being forwarded 1362 * via a source route. | 542 * Process options and, if not destined for us, 543 * ship it on. ip_dooptions returns 1 when an 544 * error was detected (causing an icmp message 545 * to be sent and the original packet to be freed). 546 */ 547 if (hlen > sizeof (struct ip) && ip_dooptions(m, 0)) 548 return; 549 --- 810 unchanged lines hidden (view full) --- 1360 * 1361 * If not forwarding, just drop the packet. This could be confusing 1362 * if ipforwarding was zero but some routing protocol was advancing 1363 * us as a gateway to somewhere. However, we must let the routing 1364 * protocol deal with that. 1365 * 1366 * The srcrt parameter indicates whether the packet is being forwarded 1367 * via a source route. |
1368 * 1369 * IP header in host byte order. |
|
1363 */ 1364void 1365ip_forward(struct mbuf *m, int srcrt) 1366{ 1367 struct ip *ip = mtod(m, struct ip *); 1368 struct in_ifaddr *ia; 1369 struct mbuf *mcopy; 1370 struct in_addr dest; --- 400 unchanged lines hidden --- | 1370 */ 1371void 1372ip_forward(struct mbuf *m, int srcrt) 1373{ 1374 struct ip *ip = mtod(m, struct ip *); 1375 struct in_ifaddr *ia; 1376 struct mbuf *mcopy; 1377 struct in_addr dest; --- 400 unchanged lines hidden --- |