1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 16 unchanged lines hidden (view full) --- 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 30 */ 31 32#include <sys/cdefs.h> |
33__FBSDID("$FreeBSD: head/sys/netinet/ip_input.c 207369 2010-04-29 11:52:42Z bz $"); |
34 35#include "opt_bootp.h" 36#include "opt_ipfw.h" 37#include "opt_ipstealth.h" 38#include "opt_ipsec.h" 39#include "opt_route.h" 40#include "opt_carp.h" 41 --- 42 unchanged lines hidden (view full) --- 84#include <sys/socketvar.h> 85 86#include <security/mac/mac_framework.h> 87 88#ifdef CTASSERT 89CTASSERT(sizeof(struct ip) == 20); 90#endif 91 |
92struct rwlock in_ifaddr_lock; 93RW_SYSINIT(in_ifaddr_lock, &in_ifaddr_lock, "in_ifaddr_lock"); 94 |
95VNET_DEFINE(int, rsvp_on); 96 97VNET_DEFINE(int, ipforwarding); |
98SYSCTL_VNET_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, 99 &VNET_NAME(ipforwarding), 0, 100 "Enable IP forwarding between interfaces"); 101 |
102static VNET_DEFINE(int, ipsendredirects) = 1; /* XXX */ 103#define V_ipsendredirects VNET(ipsendredirects) |
104SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, 105 &VNET_NAME(ipsendredirects), 0, 106 "Enable sending IP redirects"); 107 |
108VNET_DEFINE(int, ip_defttl) = IPDEFTTL; |
109SYSCTL_VNET_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, 110 &VNET_NAME(ip_defttl), 0, 111 "Maximum TTL on IP packets"); 112 |
113static VNET_DEFINE(int, ip_keepfaith); 114#define V_ip_keepfaith VNET(ip_keepfaith) |
115SYSCTL_VNET_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, 116 &VNET_NAME(ip_keepfaith), 0, 117 "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); 118 |
119static VNET_DEFINE(int, ip_sendsourcequench); 120#define V_ip_sendsourcequench VNET(ip_sendsourcequench) |
121SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, 122 &VNET_NAME(ip_sendsourcequench), 0, 123 "Enable the transmission of source quench packets"); 124 |
125VNET_DEFINE(int, ip_do_randomid); |
126SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, 127 &VNET_NAME(ip_do_randomid), 0, 128 "Assign random ip_id values"); 129 130/* 131 * XXX - Setting ip_checkinterface mostly implements the receive side of 132 * the Strong ES model described in RFC 1122, but since the routing table 133 * and transmit implementation do not implement the Strong ES model, 134 * setting this to 1 results in an odd hybrid. 135 * 136 * XXX - ip_checkinterface currently must be disabled if you use ipnat 137 * to translate the destination address to another local interface. 138 * 139 * XXX - ip_checkinterface must be disabled if you add IP aliases 140 * to the loopback interface instead of the interface where the 141 * packets for those addresses are received. 142 */ |
143static VNET_DEFINE(int, ip_checkinterface); 144#define V_ip_checkinterface VNET(ip_checkinterface) |
145SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, 146 &VNET_NAME(ip_checkinterface), 0, 147 "Verify packet arrives on correct interface"); 148 149VNET_DEFINE(struct pfil_head, inet_pfil_hook); /* Packet filter hooks */ 150 151static struct netisr_handler ip_nh = { 152 .nh_name = "ip", 153 .nh_handler = ip_input, 154 .nh_proto = NETISR_IP, 155 .nh_policy = NETISR_POLICY_FLOW, 156}; 157 158extern struct domain inetdomain; 159extern struct protosw inetsw[]; 160u_char ip_protox[IPPROTO_MAX]; |
161VNET_DEFINE(struct in_ifaddrhead, in_ifaddrhead); /* first inet address */ 162VNET_DEFINE(struct in_ifaddrhashhead *, in_ifaddrhashtbl); /* inet addr hash table */ 163VNET_DEFINE(u_long, in_ifaddrhmask); /* mask for hash table */ |
164 |
165VNET_DEFINE(struct ipstat, ipstat); |
166SYSCTL_VNET_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, 167 &VNET_NAME(ipstat), ipstat, 168 "IP statistics (struct ipstat, netinet/ip_var.h)"); 169 170static VNET_DEFINE(uma_zone_t, ipq_zone); |
171static VNET_DEFINE(TAILQ_HEAD(ipqhead, ipq), ipq[IPREASS_NHASH]); |
172static struct mtx ipqlock; 173 |
174#define V_ipq_zone VNET(ipq_zone) 175#define V_ipq VNET(ipq) 176 |
177#define IPQ_LOCK() mtx_lock(&ipqlock) 178#define IPQ_UNLOCK() mtx_unlock(&ipqlock) 179#define IPQ_LOCK_INIT() mtx_init(&ipqlock, "ipqlock", NULL, MTX_DEF) 180#define IPQ_LOCK_ASSERT() mtx_assert(&ipqlock, MA_OWNED) 181 182static void maxnipq_update(void); 183static void ipq_zone_change(void *); 184static void ip_drain_locked(void); 185 |
186static VNET_DEFINE(int, maxnipq); /* Administrative limit on # reass queues. */ 187static VNET_DEFINE(int, nipq); /* Total # of reass queues */ 188#define V_maxnipq VNET(maxnipq) 189#define V_nipq VNET(nipq) |
190SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, fragpackets, CTLFLAG_RD, 191 &VNET_NAME(nipq), 0, 192 "Current number of IPv4 fragment reassembly queue entries"); 193 |
194static VNET_DEFINE(int, maxfragsperpacket); 195#define V_maxfragsperpacket VNET(maxfragsperpacket) |
196SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, 197 &VNET_NAME(maxfragsperpacket), 0, 198 "Maximum number of IPv4 fragments allowed per packet"); 199 200struct callout ipport_tick_callout; 201 202#ifdef IPCTL_DEFMTU 203SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW, 204 &ip_mtu, 0, "Default MTU"); 205#endif 206 207#ifdef IPSTEALTH |
208VNET_DEFINE(int, ipstealth); |
209SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, 210 &VNET_NAME(ipstealth), 0, 211 "IP stealth mode, no TTL decrementation on forwarding"); 212#endif 213 214#ifdef FLOWTABLE 215static VNET_DEFINE(int, ip_output_flowtable_size) = 2048; 216VNET_DEFINE(struct flowtable *, ip_ft); --- 1507 unchanged lines hidden (view full) --- 1724} 1725 1726/* 1727 * XXXRW: Multicast routing code in ip_mroute.c is generally MPSAFE, but the 1728 * ip_rsvp and ip_rsvp_on variables need to be interlocked with rsvp_on 1729 * locking. This code remains in ip_input.c as ip_mroute.c is optionally 1730 * compiled. 1731 */ |
1732static VNET_DEFINE(int, ip_rsvp_on); 1733VNET_DEFINE(struct socket *, ip_rsvpd); 1734 1735#define V_ip_rsvp_on VNET(ip_rsvp_on) 1736 |
1737int 1738ip_rsvp_init(struct socket *so) 1739{ 1740 1741 if (so->so_type != SOCK_RAW || 1742 so->so_proto->pr_protocol != IPPROTO_RSVP) 1743 return EOPNOTSUPP; 1744 --- 58 unchanged lines hidden --- |