| ip_input.c (112973) | ip_input.c (112985) |
|---|---|
| 1/* 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 | 1/* 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 17 unchanged lines hidden (view full) --- 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 |
| 34 * $FreeBSD: head/sys/netinet/ip_input.c 112973 2003-04-02 10:28:47Z mdodd $ | 34 * $FreeBSD: head/sys/netinet/ip_input.c 112985 2003-04-02 20:14:44Z mdodd $ |
| 35 */ 36 37#include "opt_bootp.h" 38#include "opt_ipfw.h" 39#include "opt_ipdn.h" 40#include "opt_ipdivert.h" 41#include "opt_ipfilter.h" 42#include "opt_ipstealth.h" --- 86 unchanged lines hidden (view full) --- 129 &maxfragsperpacket, 0, 130 "Maximum number of IPv4 fragments allowed per packet"); 131 132static int ip_sendsourcequench = 0; 133SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, 134 &ip_sendsourcequench, 0, 135 "Enable the transmission of source quench packets"); 136 | 35 */ 36 37#include "opt_bootp.h" 38#include "opt_ipfw.h" 39#include "opt_ipdn.h" 40#include "opt_ipdivert.h" 41#include "opt_ipfilter.h" 42#include "opt_ipstealth.h" --- 86 unchanged lines hidden (view full) --- 129 &maxfragsperpacket, 0, 130 "Maximum number of IPv4 fragments allowed per packet"); 131 132static int ip_sendsourcequench = 0; 133SYSCTL_INT(_net_inet_ip, OID_AUTO, sendsourcequench, CTLFLAG_RW, 134 &ip_sendsourcequench, 0, 135 "Enable the transmission of source quench packets"); 136 |
| 137static int hear_no_evil = 0; 138SYSCTL_INT(_net_inet_ip, OID_AUTO, hear_no_evil, CTLFLAG_RW, 139 &hear_no_evil, 0, 140 "Drop all received EVIL packets."); 141 | |
| 142/* 143 * XXX - Setting ip_checkinterface mostly implements the receive side of 144 * the Strong ES model described in RFC 1122, but since the routing table 145 * and transmit implementation do not implement the Strong ES model, 146 * setting this to 1 results in an odd hybrid. 147 * 148 * XXX - ip_checkinterface currently must be disabled if you use ipnat 149 * to translate the destination address to another local interface. --- 257 unchanged lines hidden (view full) --- 407 ip->ip_len = ntohs(ip->ip_len); 408 if (ip->ip_len < hlen) { 409 ipstat.ips_badlen++; 410 goto bad; 411 } 412 ip->ip_off = ntohs(ip->ip_off); 413 414 /* | 137/* 138 * XXX - Setting ip_checkinterface mostly implements the receive side of 139 * the Strong ES model described in RFC 1122, but since the routing table 140 * and transmit implementation do not implement the Strong ES model, 141 * setting this to 1 results in an odd hybrid. 142 * 143 * XXX - ip_checkinterface currently must be disabled if you use ipnat 144 * to translate the destination address to another local interface. --- 257 unchanged lines hidden (view full) --- 402 ip->ip_len = ntohs(ip->ip_len); 403 if (ip->ip_len < hlen) { 404 ipstat.ips_badlen++; 405 goto bad; 406 } 407 ip->ip_off = ntohs(ip->ip_off); 408 409 /* |
| 415 * Check for RFC3514 (EVIL) packets. 416 */ 417 if (ip->ip_off & IP_EF) { 418 ipstat.ips_evil++; 419 if (hear_no_evil) 420 goto bad; 421 } 422 423 /* | |
| 424 * Check that the amount of data in the buffers 425 * is as at least much as the IP header would have us expect. 426 * Trim mbufs if longer than we expect. 427 * Drop packet if shorter than we expect. 428 */ 429 if (m->m_pkthdr.len < ip->ip_len) { 430tooshort: 431 ipstat.ips_tooshort++; --- 1766 unchanged lines hidden --- | 410 * Check that the amount of data in the buffers 411 * is as at least much as the IP header would have us expect. 412 * Trim mbufs if longer than we expect. 413 * Drop packet if shorter than we expect. 414 */ 415 if (m->m_pkthdr.len < ip->ip_len) { 416tooshort: 417 ipstat.ips_tooshort++; --- 1766 unchanged lines hidden --- |