Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/sys/netinet Pull up revisions 1.22, 1.24-1.27 (via patch...
details: https://anonhg.NetBSD.org/src/rev/f9b96a0bd3a8
branches: netbsd-1-5
changeset: 492711:f9b96a0bd3a8
user: he <he%NetBSD.org@localhost>
date: Sat Feb 09 16:58:31 2002 +0000
description:
Pull up revisions 1.22,1.24-1.27 (via patch, requested by martti):
Updated IPFilter to 3.4.23.
diffstat:
sys/netinet/ip_frag.c | 118 +++++++++++++++++++++++++++++++++----------------
1 files changed, 80 insertions(+), 38 deletions(-)
diffs (287 lines):
diff -r 0be96272a991 -r f9b96a0bd3a8 sys/netinet/ip_frag.c
--- a/sys/netinet/ip_frag.c Sat Feb 09 16:58:05 2002 +0000
+++ b/sys/netinet/ip_frag.c Sat Feb 09 16:58:31 2002 +0000
@@ -1,22 +1,11 @@
-/* $NetBSD: ip_frag.c,v 1.21.2.1 2001/04/14 20:56:22 he Exp $ */
+/* $NetBSD: ip_frag.c,v 1.21.2.2 2002/02/09 16:58:31 he Exp $ */
/*
- * Copyright (C) 1993-2000 by Darren Reed.
+ * Copyright (C) 1993-2001 by Darren Reed.
*
- * Redistribution and use in source and binary forms are permitted
- * provided that this notice is preserved and due credit is given
- * to the original author and the contributors.
+ * See the IPFILTER.LICENCE file for details on licencing.
*/
-#if !defined(lint)
-#if defined(__NetBSD__)
-static const char rcsid[] = "$NetBSD: ip_frag.c,v 1.21.2.1 2001/04/14 20:56:22 he Exp $";
-#else
-static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)Id: ip_frag.c,v 2.10.2.4 2000/06/06 15:49:15 darrenr Exp";
-#endif
-#endif
-
-#if defined(__FreeBSD__) && defined(KERNEL) && !defined(_KERNEL)
+#if defined(KERNEL) && !defined(_KERNEL)
# define _KERNEL
#endif
@@ -76,7 +65,6 @@
#include "netinet/ip_compat.h"
#include <netinet/tcpip.h>
#include "netinet/ip_fil.h"
-#include "netinet/ip_proxy.h"
#include "netinet/ip_nat.h"
#include "netinet/ip_frag.h"
#include "netinet/ip_state.h"
@@ -87,7 +75,7 @@
# ifndef IPFILTER_LKM
# include <sys/libkern.h>
# include <sys/systm.h>
-# endif
+# endif
extern struct callout_handle ipfr_slowtimer_ch;
# endif
#endif
@@ -95,6 +83,20 @@
# include <sys/callout.h>
extern struct callout ipfr_slowtimer_ch;
#endif
+#if defined(__OpenBSD__)
+# include <sys/timeout.h>
+extern struct timeout ipfr_slowtimer_ch;
+#endif
+
+#if !defined(lint)
+#if defined(__NetBSD__)
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.21.2.2 2002/02/09 16:58:31 he Exp $");
+#else
+static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed";
+static const char rcsid[] = "@(#)Id: ip_frag.c,v 2.10.2.18 2002/01/01 15:09:11 darrenr Exp";
+#endif
+#endif
static ipfr_t *ipfr_heads[IPFT_SIZE];
@@ -153,7 +155,7 @@
if (ipfr_inuse >= IPFT_SIZE)
return NULL;
- if (!(fin->fin_fi.fi_fl & FI_FRAG))
+ if (!(fin->fin_fl & FI_FRAG))
return NULL;
frag.ipfr_p = ip->ip_p;
@@ -165,9 +167,14 @@
idx += ip->ip_src.s_addr;
frag.ipfr_dst.s_addr = ip->ip_dst.s_addr;
idx += ip->ip_dst.s_addr;
+ frag.ipfr_ifp = fin->fin_ifp;
idx *= 127;
idx %= IPFT_SIZE;
+ frag.ipfr_optmsk = fin->fin_fi.fi_optmsk & IPF_OPTCOPY;
+ frag.ipfr_secmsk = fin->fin_fi.fi_secmsk;
+ frag.ipfr_auth = fin->fin_fi.fi_auth;
+
/*
* first, make sure it isn't already there...
*/
@@ -226,11 +233,16 @@
ipfr_t *ipf;
if ((ip->ip_v != 4) || (fr_frag_lock))
- return NULL;
+ return -1;
WRITE_ENTER(&ipf_frag);
ipf = ipfr_new(ip, fin, pass, ipfr_heads);
RWLOCK_EXIT(&ipf_frag);
- return ipf ? 0 : -1;
+ if (ipf == NULL) {
+ ATOMIC_INCL(frstats[fin->fin_out].fr_bnfr);
+ return -1;
+ }
+ ATOMIC_INCL(frstats[fin->fin_out].fr_nfr);
+ return 0;
}
@@ -241,9 +253,16 @@
nat_t *nat;
{
ipfr_t *ipf;
+ int off;
if ((ip->ip_v != 4) || (fr_frag_lock))
+ return -1;
+
+ off = fin->fin_off;
+ off <<= 3;
+ if ((off + fin->fin_dlen) > 0xffff || (fin->fin_dlen == 0))
return NULL;
+
WRITE_ENTER(&ipf_natfrag);
ipf = ipfr_new(ip, fin, pass, ipfr_nattab);
if (ipf != NULL) {
@@ -265,11 +284,8 @@
ipfr_t *table[];
{
ipfr_t *f, frag;
- u_int idx;
-
- if (!(fin->fin_fi.fi_fl & FI_FRAG))
- return NULL;
-
+ u_int idx;
+
/*
* For fragments, we record protocol, packet id, TOS and both IP#'s
* (these should all be the same for all fragments of a packet).
@@ -285,9 +301,14 @@
idx += ip->ip_src.s_addr;
frag.ipfr_dst.s_addr = ip->ip_dst.s_addr;
idx += ip->ip_dst.s_addr;
+ frag.ipfr_ifp = fin->fin_ifp;
idx *= 127;
idx %= IPFT_SIZE;
+ frag.ipfr_optmsk = fin->fin_fi.fi_optmsk & IPF_OPTCOPY;
+ frag.ipfr_secmsk = fin->fin_fi.fi_secmsk;
+ frag.ipfr_auth = fin->fin_fi.fi_auth;
+
/*
* check the table, careful to only compare the right amount of data
*/
@@ -296,15 +317,16 @@
IPFR_CMPSZ)) {
u_short atoff, off;
+ off = fin->fin_off;
+
/*
* XXX - We really need to be guarding against the
* retransmission of (src,dst,id,offset-range) here
* because a fragmented packet is never resent with
* the same IP ID#.
*/
- off = ip->ip_off & IP_OFFMASK;
if (f->ipfr_seen0) {
- if (!off || (fin->fin_fi.fi_fl & FI_SHORT))
+ if (!off || (fin->fin_fl & FI_SHORT))
continue;
} else if (!off)
f->ipfr_seen0 = 1;
@@ -346,11 +368,18 @@
ip_t *ip;
fr_info_t *fin;
{
- nat_t *nat;
- ipfr_t *ipf;
+ ipfr_t *ipf;
+ nat_t *nat;
+ int off;
- if ((ip->ip_v != 4) || (fr_frag_lock))
+ if ((fin->fin_v != 4) || (fr_frag_lock))
return NULL;
+
+ off = fin->fin_off;
+ off <<= 3;
+ if ((off + fin->fin_dlen) > 0xffff || (fin->fin_dlen == 0))
+ return NULL;
+
READ_ENTER(&ipf_natfrag);
ipf = ipfr_lookup(ip, fin, ipfr_nattab);
if (ipf != NULL) {
@@ -376,15 +405,24 @@
ip_t *ip;
fr_info_t *fin;
{
- frentry_t *fr = NULL;
- ipfr_t *fra;
+ frentry_t *fr;
+ ipfr_t *fra;
+ int off;
- if ((ip->ip_v != 4) || (fr_frag_lock))
+ if ((fin->fin_v != 4) || (fr_frag_lock))
return NULL;
+
+ off = fin->fin_off;
+ off <<= 3;
+ if ((off + fin->fin_dlen) > 0xffff || (fin->fin_dlen == 0))
+ return NULL;
+
READ_ENTER(&ipf_frag);
fra = ipfr_lookup(ip, fin, ipfr_heads);
if (fra != NULL)
fr = fra->ipfr_rule;
+ else
+ fr = NULL;
RWLOCK_EXIT(&ipf_frag);
return fr;
}
@@ -462,7 +500,6 @@
}
-#ifdef _KERNEL
void ipfr_fragexpire()
{
ipfr_t **fp, *fra;
@@ -533,6 +570,7 @@
* Slowly expire held state for fragments. Timeouts are set * in expectation
* of this being called twice per second.
*/
+#ifdef _KERNEL
# if (BSD >= 199306) || SOLARIS || defined(__sgi)
# if defined(SOLARIS2) && (SOLARIS2 < 7)
void ipfr_slowtimer()
@@ -542,6 +580,9 @@
# else
int ipfr_slowtimer()
# endif
+#else
+void ipfr_slowtimer()
+#endif
{
#if defined(_KERNEL) && SOLARIS
extern int fr_running;
@@ -551,7 +592,7 @@
#endif
READ_ENTER(&ipf_solaris);
-#ifdef __sgi
+#if defined(__sgi) && defined(_KERNEL)
ipfilter_sgi_intfsync();
#endif
@@ -559,6 +600,7 @@
fr_timeoutstate();
ip_natexpire();
fr_authexpire();
+#if defined(_KERNEL)
# if SOLARIS
ipfr_timer_id = timeout(ipfr_slowtimer, NULL, drv_usectohz(500000));
RWLOCK_EXIT(&ipf_solaris);
@@ -569,8 +611,8 @@
# if (__FreeBSD_version >= 300000)
ipfr_slowtimer_ch = timeout(ipfr_slowtimer, NULL, hz/2);
# else
-# if defined(__NetBSD__)
- callout_reset(&ipfr_slowtimer_ch, hz / 2, ipfr_slowtimer, NULL);
+# if defined(__OpenBSD__)
+ timeout_add(&ipfr_slowtimer_ch, hz/2);
# else
timeout(ipfr_slowtimer, NULL, hz/2);
# endif
@@ -580,5 +622,5 @@
# endif /* FreeBSD */
# endif /* NetBSD */
# endif /* SOLARIS */
+#endif /* defined(_KERNEL) */
}
-#endif /* defined(_KERNEL) */
Home |
Main Index |
Thread Index |
Old Index