| ip_options.c (271438) | ip_options.c (271610) |
|---|---|
| 1/* 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. 4 * Copyright (c) 2005 Andre Oppermann, Internet Business Solutions AG. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 16 unchanged lines hidden (view full) --- 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32#include <sys/cdefs.h> | 1/* 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. 4 * Copyright (c) 2005 Andre Oppermann, Internet Business Solutions AG. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 16 unchanged lines hidden (view full) --- 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32#include <sys/cdefs.h> |
| 33__FBSDID("$FreeBSD: head/sys/netinet/ip_options.c 271438 2014-09-11 20:21:03Z asomers $"); | 33__FBSDID("$FreeBSD: head/sys/netinet/ip_options.c 271610 2014-09-15 07:20:40Z hrs $"); |
| 34 35#include "opt_ipstealth.h" 36 37#include <sys/param.h> 38#include <sys/systm.h> 39#include <sys/mbuf.h> 40#include <sys/domain.h> 41#include <sys/protosw.h> --- 18 unchanged lines hidden (view full) --- 60#include <netinet/in_pcb.h> 61#include <netinet/ip_var.h> 62#include <netinet/ip_options.h> 63#include <netinet/ip_icmp.h> 64#include <machine/in_cksum.h> 65 66#include <sys/socketvar.h> 67 | 34 35#include "opt_ipstealth.h" 36 37#include <sys/param.h> 38#include <sys/systm.h> 39#include <sys/mbuf.h> 40#include <sys/domain.h> 41#include <sys/protosw.h> --- 18 unchanged lines hidden (view full) --- 60#include <netinet/in_pcb.h> 61#include <netinet/ip_var.h> 62#include <netinet/ip_options.h> 63#include <netinet/ip_icmp.h> 64#include <machine/in_cksum.h> 65 66#include <sys/socketvar.h> 67 |
| 68static int ip_dosourceroute = 0; 69SYSCTL_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW, 70 &ip_dosourceroute, 0, "Enable forwarding source routed IP packets"); | 68static VNET_DEFINE(int, ip_dosourceroute); 69SYSCTL_VNET_INT(_net_inet_ip, IPCTL_SOURCEROUTE, sourceroute, CTLFLAG_RW, 70 &VNET_NAME(ip_dosourceroute), 0, 71 "Enable forwarding source routed IP packets"); 72#define V_ip_dosourceroute VNET(ip_dosourceroute) |
| 71 | 73 |
| 72static int ip_acceptsourceroute = 0; 73SYSCTL_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute, 74 CTLFLAG_RW, &ip_acceptsourceroute, 0, | 74static VNET_DEFINE(int, ip_acceptsourceroute); 75SYSCTL_VNET_INT(_net_inet_ip, IPCTL_ACCEPTSOURCEROUTE, accept_sourceroute, 76 CTLFLAG_RW, &VNET_NAME(ip_acceptsourceroute), 0, |
| 75 "Enable accepting source routed IP packets"); | 77 "Enable accepting source routed IP packets"); |
| 78#define V_ip_acceptsourceroute VNET(ip_acceptsourceroute) |
|
| 76 | 79 |
| 77int ip_doopts = 1; /* 0 = ignore, 1 = process, 2 = reject */ 78SYSCTL_INT(_net_inet_ip, OID_AUTO, process_options, CTLFLAG_RW, 79 &ip_doopts, 0, "Enable IP options processing ([LS]SRR, RR, TS)"); | 80VNET_DEFINE(int, ip_doopts) = 1; /* 0 = ignore, 1 = process, 2 = reject */ 81SYSCTL_VNET_INT(_net_inet_ip, OID_AUTO, process_options, CTLFLAG_RW, 82 &VNET_NAME(ip_doopts), 0, "Enable IP options processing ([LS]SRR, RR, TS)"); |
| 80 81static void save_rte(struct mbuf *m, u_char *, struct in_addr); 82 83/* 84 * Do option processing on a datagram, possibly discarding it if bad options 85 * are encountered, or forwarding it if source-routed. 86 * 87 * The pass argument is used when operating in the IPSTEALTH mode to tell --- 11 unchanged lines hidden (view full) --- 99 u_char *cp; 100 struct in_ifaddr *ia; 101 int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0; 102 struct in_addr *sin, dst; 103 uint32_t ntime; 104 struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; 105 106 /* Ignore or reject packets with IP options. */ | 83 84static void save_rte(struct mbuf *m, u_char *, struct in_addr); 85 86/* 87 * Do option processing on a datagram, possibly discarding it if bad options 88 * are encountered, or forwarding it if source-routed. 89 * 90 * The pass argument is used when operating in the IPSTEALTH mode to tell --- 11 unchanged lines hidden (view full) --- 102 u_char *cp; 103 struct in_ifaddr *ia; 104 int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0; 105 struct in_addr *sin, dst; 106 uint32_t ntime; 107 struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET }; 108 109 /* Ignore or reject packets with IP options. */ |
| 107 if (ip_doopts == 0) | 110 if (V_ip_doopts == 0) |
| 108 return 0; | 111 return 0; |
| 109 else if (ip_doopts == 2) { | 112 else if (V_ip_doopts == 2) { |
| 110 type = ICMP_UNREACH; 111 code = ICMP_UNREACH_FILTER_PROHIB; 112 goto bad; 113 } 114 115 dst = ip->ip_dst; 116 cp = (u_char *)(ip + 1); 117 cnt = (ip->ip_hl << 2) - sizeof (struct ip); --- 44 unchanged lines hidden (view full) --- 162 ipaddr.sin_addr = ip->ip_dst; 163 if (ifa_ifwithaddr_check((struct sockaddr *)&ipaddr) 164 == 0) { 165 if (opt == IPOPT_SSRR) { 166 type = ICMP_UNREACH; 167 code = ICMP_UNREACH_SRCFAIL; 168 goto bad; 169 } | 113 type = ICMP_UNREACH; 114 code = ICMP_UNREACH_FILTER_PROHIB; 115 goto bad; 116 } 117 118 dst = ip->ip_dst; 119 cp = (u_char *)(ip + 1); 120 cnt = (ip->ip_hl << 2) - sizeof (struct ip); --- 44 unchanged lines hidden (view full) --- 165 ipaddr.sin_addr = ip->ip_dst; 166 if (ifa_ifwithaddr_check((struct sockaddr *)&ipaddr) 167 == 0) { 168 if (opt == IPOPT_SSRR) { 169 type = ICMP_UNREACH; 170 code = ICMP_UNREACH_SRCFAIL; 171 goto bad; 172 } |
| 170 if (!ip_dosourceroute) | 173 if (!V_ip_dosourceroute) |
| 171 goto nosourcerouting; 172 /* 173 * Loose routing, and not at next destination 174 * yet; nothing to do except forward. 175 */ 176 break; 177 } 178 off--; /* 0 origin */ 179 if (off > optlen - (int)sizeof(struct in_addr)) { 180 /* 181 * End of source route. Should be for us. 182 */ | 174 goto nosourcerouting; 175 /* 176 * Loose routing, and not at next destination 177 * yet; nothing to do except forward. 178 */ 179 break; 180 } 181 off--; /* 0 origin */ 182 if (off > optlen - (int)sizeof(struct in_addr)) { 183 /* 184 * End of source route. Should be for us. 185 */ |
| 183 if (!ip_acceptsourceroute) | 186 if (!V_ip_acceptsourceroute) |
| 184 goto nosourcerouting; 185 save_rte(m, cp, ip->ip_src); 186 break; 187 } 188#ifdef IPSTEALTH 189 if (V_ipstealth) 190 goto dropit; 191#endif | 187 goto nosourcerouting; 188 save_rte(m, cp, ip->ip_src); 189 break; 190 } 191#ifdef IPSTEALTH 192 if (V_ipstealth) 193 goto dropit; 194#endif |
| 192 if (!ip_dosourceroute) { | 195 if (!V_ip_dosourceroute) { |
| 193 if (V_ipforwarding) { 194 char buf[16]; /* aaa.bbb.ccc.ddd\0 */ 195 /* 196 * Acting as a router, so generate 197 * ICMP 198 */ 199nosourcerouting: 200 strcpy(buf, inet_ntoa(ip->ip_dst)); --- 540 unchanged lines hidden --- | 196 if (V_ipforwarding) { 197 char buf[16]; /* aaa.bbb.ccc.ddd\0 */ 198 /* 199 * Acting as a router, so generate 200 * ICMP 201 */ 202nosourcerouting: 203 strcpy(buf, inet_ntoa(ip->ip_dst)); --- 540 unchanged lines hidden --- |