ip_input.c (206989) | ip_input.c (207369) |
---|---|
1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 16 unchanged lines hidden (view full) --- 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 30 */ 31 32#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 16 unchanged lines hidden (view full) --- 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 30 */ 31 32#include <sys/cdefs.h> |
33__FBSDID("$FreeBSD: head/sys/netinet/ip_input.c 206989 2010-04-21 10:21:34Z bz $"); | 33__FBSDID("$FreeBSD: head/sys/netinet/ip_input.c 207369 2010-04-29 11:52:42Z bz $"); |
34 35#include "opt_bootp.h" 36#include "opt_ipfw.h" 37#include "opt_ipstealth.h" 38#include "opt_ipsec.h" 39#include "opt_route.h" 40#include "opt_carp.h" 41 --- 42 unchanged lines hidden (view full) --- 84#include <sys/socketvar.h> 85 86#include <security/mac/mac_framework.h> 87 88#ifdef CTASSERT 89CTASSERT(sizeof(struct ip) == 20); 90#endif 91 | 34 35#include "opt_bootp.h" 36#include "opt_ipfw.h" 37#include "opt_ipstealth.h" 38#include "opt_ipsec.h" 39#include "opt_route.h" 40#include "opt_carp.h" 41 --- 42 unchanged lines hidden (view full) --- 84#include <sys/socketvar.h> 85 86#include <security/mac/mac_framework.h> 87 88#ifdef CTASSERT 89CTASSERT(sizeof(struct ip) == 20); 90#endif 91 |
92static VNET_DEFINE(int, ipsendredirects) = 1; /* XXX */ 93static VNET_DEFINE(int, ip_checkinterface); 94static VNET_DEFINE(int, ip_keepfaith); 95static VNET_DEFINE(int, ip_sendsourcequench); 96 97#define V_ipsendredirects VNET(ipsendredirects) 98#define V_ip_checkinterface VNET(ip_checkinterface) 99#define V_ip_keepfaith VNET(ip_keepfaith) 100#define V_ip_sendsourcequench VNET(ip_sendsourcequench) 101 102VNET_DEFINE(int, ip_defttl) = IPDEFTTL; 103VNET_DEFINE(int, ip_do_randomid); 104VNET_DEFINE(int, ipforwarding); 105 106VNET_DEFINE(struct in_ifaddrhead, in_ifaddrhead); /* first inet address */ 107VNET_DEFINE(struct in_ifaddrhashhead *, in_ifaddrhashtbl); /* inet addr hash table */ 108VNET_DEFINE(u_long, in_ifaddrhmask); /* mask for hash table */ 109VNET_DEFINE(struct ipstat, ipstat); 110 111static VNET_DEFINE(int, ip_rsvp_on); 112VNET_DEFINE(struct socket *, ip_rsvpd); 113VNET_DEFINE(int, rsvp_on); 114 115#define V_ip_rsvp_on VNET(ip_rsvp_on) 116 117static VNET_DEFINE(TAILQ_HEAD(ipqhead, ipq), ipq[IPREASS_NHASH]); 118static VNET_DEFINE(int, maxnipq); /* Administrative limit on # reass queues. */ 119static VNET_DEFINE(int, maxfragsperpacket); 120static VNET_DEFINE(int, nipq); /* Total # of reass queues */ 121 122#define V_ipq VNET(ipq) 123#define V_maxnipq VNET(maxnipq) 124#define V_maxfragsperpacket VNET(maxfragsperpacket) 125#define V_nipq VNET(nipq) 126 127VNET_DEFINE(int, ipstealth); 128 | |
129struct rwlock in_ifaddr_lock; 130RW_SYSINIT(in_ifaddr_lock, &in_ifaddr_lock, "in_ifaddr_lock"); 131 | 92struct rwlock in_ifaddr_lock; 93RW_SYSINIT(in_ifaddr_lock, &in_ifaddr_lock, "in_ifaddr_lock"); 94 |
95VNET_DEFINE(int, rsvp_on); 96 97VNET_DEFINE(int, ipforwarding); |
|
132SYSCTL_VNET_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, 133 &VNET_NAME(ipforwarding), 0, 134 "Enable IP forwarding between interfaces"); 135 | 98SYSCTL_VNET_INT(_net_inet_ip, IPCTL_FORWARDING, forwarding, CTLFLAG_RW, 99 &VNET_NAME(ipforwarding), 0, 100 "Enable IP forwarding between interfaces"); 101 |
102static VNET_DEFINE(int, ipsendredirects) = 1; /* XXX */ 103#define V_ipsendredirects VNET(ipsendredirects) |
|
136SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, 137 &VNET_NAME(ipsendredirects), 0, 138 "Enable sending IP redirects"); 139 | 104SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SENDREDIRECTS, redirect, CTLFLAG_RW, 105 &VNET_NAME(ipsendredirects), 0, 106 "Enable sending IP redirects"); 107 |
108VNET_DEFINE(int, ip_defttl) = IPDEFTTL; |
|
140SYSCTL_VNET_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, 141 &VNET_NAME(ip_defttl), 0, 142 "Maximum TTL on IP packets"); 143 | 109SYSCTL_VNET_INT(_net_inet_ip, IPCTL_DEFTTL, ttl, CTLFLAG_RW, 110 &VNET_NAME(ip_defttl), 0, 111 "Maximum TTL on IP packets"); 112 |
113static VNET_DEFINE(int, ip_keepfaith); 114#define V_ip_keepfaith VNET(ip_keepfaith) |
|
144SYSCTL_VNET_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, 145 &VNET_NAME(ip_keepfaith), 0, 146 "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); 147 | 115SYSCTL_VNET_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, 116 &VNET_NAME(ip_keepfaith), 0, 117 "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); 118 |
119static VNET_DEFINE(int, ip_sendsourcequench); 120#define V_ip_sendsourcequench VNET(ip_sendsourcequench) |
|
148SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, 149 &VNET_NAME(ip_sendsourcequench), 0, 150 "Enable the transmission of source quench packets"); 151 | 121SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, 122 &VNET_NAME(ip_sendsourcequench), 0, 123 "Enable the transmission of source quench packets"); 124 |
125VNET_DEFINE(int, ip_do_randomid); |
|
152SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, 153 &VNET_NAME(ip_do_randomid), 0, 154 "Assign random ip_id values"); 155 156/* 157 * XXX - Setting ip_checkinterface mostly implements the receive side of 158 * the Strong ES model described in RFC 1122, but since the routing table 159 * and transmit implementation do not implement the Strong ES model, 160 * setting this to 1 results in an odd hybrid. 161 * 162 * XXX - ip_checkinterface currently must be disabled if you use ipnat 163 * to translate the destination address to another local interface. 164 * 165 * XXX - ip_checkinterface must be disabled if you add IP aliases 166 * to the loopback interface instead of the interface where the 167 * packets for those addresses are received. 168 */ | 126SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, random_id, CTLFLAG_RW, 127 &VNET_NAME(ip_do_randomid), 0, 128 "Assign random ip_id values"); 129 130/* 131 * XXX - Setting ip_checkinterface mostly implements the receive side of 132 * the Strong ES model described in RFC 1122, but since the routing table 133 * and transmit implementation do not implement the Strong ES model, 134 * setting this to 1 results in an odd hybrid. 135 * 136 * XXX - ip_checkinterface currently must be disabled if you use ipnat 137 * to translate the destination address to another local interface. 138 * 139 * XXX - ip_checkinterface must be disabled if you add IP aliases 140 * to the loopback interface instead of the interface where the 141 * packets for those addresses are received. 142 */ |
143static VNET_DEFINE(int, ip_checkinterface); 144#define V_ip_checkinterface VNET(ip_checkinterface) |
|
169SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, 170 &VNET_NAME(ip_checkinterface), 0, 171 "Verify packet arrives on correct interface"); 172 173VNET_DEFINE(struct pfil_head, inet_pfil_hook); /* Packet filter hooks */ 174 175static struct netisr_handler ip_nh = { 176 .nh_name = "ip", 177 .nh_handler = ip_input, 178 .nh_proto = NETISR_IP, 179 .nh_policy = NETISR_POLICY_FLOW, 180}; 181 182extern struct domain inetdomain; 183extern struct protosw inetsw[]; 184u_char ip_protox[IPPROTO_MAX]; | 145SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_RW, 146 &VNET_NAME(ip_checkinterface), 0, 147 "Verify packet arrives on correct interface"); 148 149VNET_DEFINE(struct pfil_head, inet_pfil_hook); /* Packet filter hooks */ 150 151static struct netisr_handler ip_nh = { 152 .nh_name = "ip", 153 .nh_handler = ip_input, 154 .nh_proto = NETISR_IP, 155 .nh_policy = NETISR_POLICY_FLOW, 156}; 157 158extern struct domain inetdomain; 159extern struct protosw inetsw[]; 160u_char ip_protox[IPPROTO_MAX]; |
161VNET_DEFINE(struct in_ifaddrhead, in_ifaddrhead); /* first inet address */ 162VNET_DEFINE(struct in_ifaddrhashhead *, in_ifaddrhashtbl); /* inet addr hash table */ 163VNET_DEFINE(u_long, in_ifaddrhmask); /* mask for hash table */ |
|
185 | 164 |
165VNET_DEFINE(struct ipstat, ipstat); |
|
186SYSCTL_VNET_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, 187 &VNET_NAME(ipstat), ipstat, 188 "IP statistics (struct ipstat, netinet/ip_var.h)"); 189 190static VNET_DEFINE(uma_zone_t, ipq_zone); | 166SYSCTL_VNET_STRUCT(_net_inet_ip, IPCTL_STATS, stats, CTLFLAG_RW, 167 &VNET_NAME(ipstat), ipstat, 168 "IP statistics (struct ipstat, netinet/ip_var.h)"); 169 170static VNET_DEFINE(uma_zone_t, ipq_zone); |
191#define V_ipq_zone VNET(ipq_zone) 192 | 171static VNET_DEFINE(TAILQ_HEAD(ipqhead, ipq), ipq[IPREASS_NHASH]); |
193static struct mtx ipqlock; 194 | 172static struct mtx ipqlock; 173 |
174#define V_ipq_zone VNET(ipq_zone) 175#define V_ipq VNET(ipq) 176 |
|
195#define IPQ_LOCK() mtx_lock(&ipqlock) 196#define IPQ_UNLOCK() mtx_unlock(&ipqlock) 197#define IPQ_LOCK_INIT() mtx_init(&ipqlock, "ipqlock", NULL, MTX_DEF) 198#define IPQ_LOCK_ASSERT() mtx_assert(&ipqlock, MA_OWNED) 199 200static void maxnipq_update(void); 201static void ipq_zone_change(void *); 202static void ip_drain_locked(void); 203 | 177#define IPQ_LOCK() mtx_lock(&ipqlock) 178#define IPQ_UNLOCK() mtx_unlock(&ipqlock) 179#define IPQ_LOCK_INIT() mtx_init(&ipqlock, "ipqlock", NULL, MTX_DEF) 180#define IPQ_LOCK_ASSERT() mtx_assert(&ipqlock, MA_OWNED) 181 182static void maxnipq_update(void); 183static void ipq_zone_change(void *); 184static void ip_drain_locked(void); 185 |
186static VNET_DEFINE(int, maxnipq); /* Administrative limit on # reass queues. */ 187static VNET_DEFINE(int, nipq); /* Total # of reass queues */ 188#define V_maxnipq VNET(maxnipq) 189#define V_nipq VNET(nipq) |
|
204SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, fragpackets, CTLFLAG_RD, 205 &VNET_NAME(nipq), 0, 206 "Current number of IPv4 fragment reassembly queue entries"); 207 | 190SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, fragpackets, CTLFLAG_RD, 191 &VNET_NAME(nipq), 0, 192 "Current number of IPv4 fragment reassembly queue entries"); 193 |
194static VNET_DEFINE(int, maxfragsperpacket); 195#define V_maxfragsperpacket VNET(maxfragsperpacket) |
|
208SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, 209 &VNET_NAME(maxfragsperpacket), 0, 210 "Maximum number of IPv4 fragments allowed per packet"); 211 212struct callout ipport_tick_callout; 213 214#ifdef IPCTL_DEFMTU 215SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW, 216 &ip_mtu, 0, "Default MTU"); 217#endif 218 219#ifdef IPSTEALTH | 196SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, maxfragsperpacket, CTLFLAG_RW, 197 &VNET_NAME(maxfragsperpacket), 0, 198 "Maximum number of IPv4 fragments allowed per packet"); 199 200struct callout ipport_tick_callout; 201 202#ifdef IPCTL_DEFMTU 203SYSCTL_INT(_net_inet_ip, IPCTL_DEFMTU, mtu, CTLFLAG_RW, 204 &ip_mtu, 0, "Default MTU"); 205#endif 206 207#ifdef IPSTEALTH |
208VNET_DEFINE(int, ipstealth); |
|
220SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, 221 &VNET_NAME(ipstealth), 0, 222 "IP stealth mode, no TTL decrementation on forwarding"); 223#endif 224 225#ifdef FLOWTABLE 226static VNET_DEFINE(int, ip_output_flowtable_size) = 2048; 227VNET_DEFINE(struct flowtable *, ip_ft); --- 1507 unchanged lines hidden (view full) --- 1735} 1736 1737/* 1738 * XXXRW: Multicast routing code in ip_mroute.c is generally MPSAFE, but the 1739 * ip_rsvp and ip_rsvp_on variables need to be interlocked with rsvp_on 1740 * locking. This code remains in ip_input.c as ip_mroute.c is optionally 1741 * compiled. 1742 */ | 209SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, stealth, CTLFLAG_RW, 210 &VNET_NAME(ipstealth), 0, 211 "IP stealth mode, no TTL decrementation on forwarding"); 212#endif 213 214#ifdef FLOWTABLE 215static VNET_DEFINE(int, ip_output_flowtable_size) = 2048; 216VNET_DEFINE(struct flowtable *, ip_ft); --- 1507 unchanged lines hidden (view full) --- 1724} 1725 1726/* 1727 * XXXRW: Multicast routing code in ip_mroute.c is generally MPSAFE, but the 1728 * ip_rsvp and ip_rsvp_on variables need to be interlocked with rsvp_on 1729 * locking. This code remains in ip_input.c as ip_mroute.c is optionally 1730 * compiled. 1731 */ |
1732static VNET_DEFINE(int, ip_rsvp_on); 1733VNET_DEFINE(struct socket *, ip_rsvpd); 1734 1735#define V_ip_rsvp_on VNET(ip_rsvp_on) 1736 |
|
1743int 1744ip_rsvp_init(struct socket *so) 1745{ 1746 1747 if (so->so_type != SOCK_RAW || 1748 so->so_proto->pr_protocol != IPPROTO_RSVP) 1749 return EOPNOTSUPP; 1750 --- 58 unchanged lines hidden --- | 1737int 1738ip_rsvp_init(struct socket *so) 1739{ 1740 1741 if (so->so_type != SOCK_RAW || 1742 so->so_proto->pr_protocol != IPPROTO_RSVP) 1743 return EOPNOTSUPP; 1744 --- 58 unchanged lines hidden --- |