| in_gif.c (105194) | in_gif.c (105293) |
|---|---|
| 1/* $FreeBSD: head/sys/netinet/in_gif.c 105194 2002-10-16 01:54:46Z sam $ */ | 1/* $FreeBSD: head/sys/netinet/in_gif.c 105293 2002-10-16 19:49:37Z ume $ */ |
| 2/* $KAME: in_gif.c,v 1.54 2001/05/14 14:02:16 itojun Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 27 unchanged lines hidden (view full) --- 37#include <sys/param.h> 38#include <sys/systm.h> 39#include <sys/socket.h> 40#include <sys/sockio.h> 41#include <sys/mbuf.h> 42#include <sys/errno.h> 43#include <sys/kernel.h> 44#include <sys/sysctl.h> | 2/* $KAME: in_gif.c,v 1.54 2001/05/14 14:02:16 itojun Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions --- 27 unchanged lines hidden (view full) --- 37#include <sys/param.h> 38#include <sys/systm.h> 39#include <sys/socket.h> 40#include <sys/sockio.h> 41#include <sys/mbuf.h> 42#include <sys/errno.h> 43#include <sys/kernel.h> 44#include <sys/sysctl.h> |
| 45#include <sys/protosw.h> |
|
| 45 46#include <sys/malloc.h> 47 48#include <net/if.h> 49#include <net/route.h> 50 51#include <netinet/in.h> 52#include <netinet/in_systm.h> --- 11 unchanged lines hidden (view full) --- 64#ifdef MROUTING 65#include <netinet/ip_mroute.h> 66#endif /* MROUTING */ 67 68#include <net/if_gif.h> 69 70#include <net/net_osdep.h> 71 | 46 47#include <sys/malloc.h> 48 49#include <net/if.h> 50#include <net/route.h> 51 52#include <netinet/in.h> 53#include <netinet/in_systm.h> --- 11 unchanged lines hidden (view full) --- 65#ifdef MROUTING 66#include <netinet/ip_mroute.h> 67#endif /* MROUTING */ 68 69#include <net/if_gif.h> 70 71#include <net/net_osdep.h> 72 |
| 73static int gif_validate4(const struct ip *, struct gif_softc *, 74 struct ifnet *); 75 76extern struct domain inetdomain; 77struct protosw in_gif_protosw = 78{ SOCK_RAW, &inetdomain, 0/*IPPROTO_IPV[46]*/, PR_ATOMIC|PR_ADDR, 79 in_gif_input, (pr_output_t*)rip_output, 0, rip_ctloutput, 80 0, 81 0, 0, 0, 0, 82 &rip_usrreqs 83}; 84 |
|
| 72static int ip_gif_ttl = GIF_TTL; 73SYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW, 74 &ip_gif_ttl, 0, ""); 75 76int 77in_gif_output(ifp, family, m, rt) 78 struct ifnet *ifp; 79 int family; --- 192 unchanged lines hidden (view full) --- 272 m_freem(m); 273 return; 274 } 275 gif_input(m, af, gifp); 276 return; 277} 278 279/* | 85static int ip_gif_ttl = GIF_TTL; 86SYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW, 87 &ip_gif_ttl, 0, ""); 88 89int 90in_gif_output(ifp, family, m, rt) 91 struct ifnet *ifp; 92 int family; --- 192 unchanged lines hidden (view full) --- 285 m_freem(m); 286 return; 287 } 288 gif_input(m, af, gifp); 289 return; 290} 291 292/* |
| 280 * we know that we are in IFF_UP, outer address available, and outer family 281 * matched the physical addr family. see gif_encapcheck(). | 293 * validate outer address. |
| 282 */ | 294 */ |
| 283int 284gif_encapcheck4(m, off, proto, arg) 285 const struct mbuf *m; 286 int off; 287 int proto; 288 void *arg; 289{ 290 struct ip ip; | 295static int 296gif_validate4(ip, sc, ifp) 297 const struct ip *ip; |
| 291 struct gif_softc *sc; | 298 struct gif_softc *sc; |
| 299 struct ifnet *ifp; 300{ |
|
| 292 struct sockaddr_in *src, *dst; | 301 struct sockaddr_in *src, *dst; |
| 293 int addrmatch; | |
| 294 struct in_ifaddr *ia4; 295 | 302 struct in_ifaddr *ia4; 303 |
| 296 /* sanity check done in caller */ 297 sc = (struct gif_softc *)arg; | |
| 298 src = (struct sockaddr_in *)sc->gif_psrc; 299 dst = (struct sockaddr_in *)sc->gif_pdst; 300 | 304 src = (struct sockaddr_in *)sc->gif_psrc; 305 dst = (struct sockaddr_in *)sc->gif_pdst; 306 |
| 301 /* LINTED const cast */ 302 m_copydata(m, 0, sizeof(ip), (caddr_t)&ip); 303 | |
| 304 /* check for address match */ | 307 /* check for address match */ |
| 305 addrmatch = 0; 306 if (src->sin_addr.s_addr == ip.ip_dst.s_addr) 307 addrmatch |= 1; 308 if (dst->sin_addr.s_addr == ip.ip_src.s_addr) 309 addrmatch |= 2; 310 if (addrmatch != 3) | 308 if (src->sin_addr.s_addr != ip->ip_dst.s_addr || 309 dst->sin_addr.s_addr != ip->ip_src.s_addr) |
| 311 return 0; 312 313 /* martian filters on outer source - NOT done in ip_input! */ | 310 return 0; 311 312 /* martian filters on outer source - NOT done in ip_input! */ |
| 314 if (IN_MULTICAST(ntohl(ip.ip_src.s_addr))) | 313 if (IN_MULTICAST(ntohl(ip->ip_src.s_addr))) |
| 315 return 0; | 314 return 0; |
| 316 switch ((ntohl(ip.ip_src.s_addr) & 0xff000000) >> 24) { | 315 switch ((ntohl(ip->ip_src.s_addr) & 0xff000000) >> 24) { |
| 317 case 0: case 127: case 255: 318 return 0; 319 } 320 /* reject packets with broadcast on source */ 321 TAILQ_FOREACH(ia4, &in_ifaddrhead, ia_link) 322 { 323 if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0) 324 continue; | 316 case 0: case 127: case 255: 317 return 0; 318 } 319 /* reject packets with broadcast on source */ 320 TAILQ_FOREACH(ia4, &in_ifaddrhead, ia_link) 321 { 322 if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0) 323 continue; |
| 325 if (ip.ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr) | 324 if (ip->ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr) |
| 326 return 0; 327 } 328 329 /* ingress filters on outer source */ | 325 return 0; 326 } 327 328 /* ingress filters on outer source */ |
| 330 if ((sc->gif_if.if_flags & IFF_LINK2) == 0 && 331 (m->m_flags & M_PKTHDR) != 0 && m->m_pkthdr.rcvif) { | 329 if ((sc->gif_if.if_flags & IFF_LINK2) == 0 && ifp) { |
| 332 struct sockaddr_in sin; 333 struct rtentry *rt; 334 335 bzero(&sin, sizeof(sin)); 336 sin.sin_family = AF_INET; 337 sin.sin_len = sizeof(struct sockaddr_in); | 330 struct sockaddr_in sin; 331 struct rtentry *rt; 332 333 bzero(&sin, sizeof(sin)); 334 sin.sin_family = AF_INET; 335 sin.sin_len = sizeof(struct sockaddr_in); |
| 338 sin.sin_addr = ip.ip_src; | 336 sin.sin_addr = ip->ip_src; |
| 339 rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL); | 337 rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL); |
| 340 if (!rt || rt->rt_ifp != m->m_pkthdr.rcvif) { | 338 if (!rt || rt->rt_ifp != ifp) { |
| 341#if 0 342 log(LOG_WARNING, "%s: packet from 0x%x dropped " 343 "due to ingress filter\n", if_name(&sc->gif_if), 344 (u_int32_t)ntohl(sin.sin_addr.s_addr)); 345#endif 346 if (rt) 347 rtfree(rt); 348 return 0; 349 } 350 rtfree(rt); 351 } 352 353 return 32 * 2; 354} | 339#if 0 340 log(LOG_WARNING, "%s: packet from 0x%x dropped " 341 "due to ingress filter\n", if_name(&sc->gif_if), 342 (u_int32_t)ntohl(sin.sin_addr.s_addr)); 343#endif 344 if (rt) 345 rtfree(rt); 346 return 0; 347 } 348 rtfree(rt); 349 } 350 351 return 32 * 2; 352} |
| 353 354/* 355 * we know that we are in IFF_UP, outer address available, and outer family 356 * matched the physical addr family. see gif_encapcheck(). 357 */ 358int 359gif_encapcheck4(m, off, proto, arg) 360 const struct mbuf *m; 361 int off; 362 int proto; 363 void *arg; 364{ 365 struct ip ip; 366 struct gif_softc *sc; 367 struct ifnet *ifp; 368 369 /* sanity check done in caller */ 370 sc = (struct gif_softc *)arg; 371 372 /* LINTED const cast */ 373 m_copydata(m, 0, sizeof(ip), (caddr_t)&ip); 374 ifp = ((m->m_flags & M_PKTHDR) != 0) ? m->m_pkthdr.rcvif : NULL; 375 376 return gif_validate4(&ip, sc, ifp); 377} 378 379int 380in_gif_attach(sc) 381 struct gif_softc *sc; 382{ 383#ifndef USE_ENCAPCHECK 384 struct sockaddr_in mask4; 385 386 bzero(&mask4, sizeof(mask4)); 387 mask4.sin_len = sizeof(struct sockaddr_in); 388 mask4.sin_addr.s_addr = ~0; 389 390 if (!sc->gif_psrc || !sc->gif_pdst) 391 return EINVAL; 392 sc->encap_cookie4 = encap_attach(AF_INET, -1, sc->gif_psrc, 393 (struct sockaddr *)&mask4, sc->gif_pdst, (struct sockaddr *)&mask4, 394 (struct protosw *)&in_gif_protosw, sc); 395#else 396 sc->encap_cookie4 = encap_attach_func(AF_INET, -1, gif_encapcheck, 397 &in_gif_protosw, sc); 398#endif 399 if (sc->encap_cookie4 == NULL) 400 return EEXIST; 401 return 0; 402} 403 404int 405in_gif_detach(sc) 406 struct gif_softc *sc; 407{ 408 int error; 409 410 error = encap_detach(sc->encap_cookie4); 411 if (error == 0) 412 sc->encap_cookie4 = NULL; 413 return error; 414} |
|