1 //==========================================================================
3 // sys/netinet/ip_input.c
7 //==========================================================================
8 //####BSDCOPYRIGHTBEGIN####
10 // -------------------------------------------
12 // Portions of this software may have been derived from OpenBSD or other sources,
13 // and are covered by the appropriate copyright disclaimers included herein.
15 // -------------------------------------------
17 //####BSDCOPYRIGHTEND####
18 //==========================================================================
19 //#####DESCRIPTIONBEGIN####
22 // Contributors: gthomas
28 //####DESCRIPTIONEND####
30 //==========================================================================
33 /* $OpenBSD: ip_input.c,v 1.44 1999/12/08 06:50:20 itojun Exp $ */
34 /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */
37 * Copyright (c) 1982, 1986, 1988, 1993
38 * The Regents of the University of California. All rights reserved.
40 * Redistribution and use in source and binary forms, with or without
41 * modification, are permitted provided that the following conditions
43 * 1. Redistributions of source code must retain the above copyright
44 * notice, this list of conditions and the following disclaimer.
45 * 2. Redistributions in binary form must reproduce the above copyright
46 * notice, this list of conditions and the following disclaimer in the
47 * documentation and/or other materials provided with the distribution.
48 * 3. All advertising materials mentioning features or use of this software
49 * must display the following acknowledgement:
50 * This product includes software developed by the University of
51 * California, Berkeley and its contributors.
52 * 4. Neither the name of the University nor the names of its contributors
53 * may be used to endorse or promote products derived from this software
54 * without specific prior written permission.
56 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
57 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
58 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
59 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
60 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
61 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
62 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
64 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
65 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
68 * @(#)ip_input.c 8.2 (Berkeley) 1/4/94
71 #include <sys/param.h>
73 #include <sys/systm.h>
75 #include <sys/malloc.h>
77 #include <sys/domain.h>
78 #include <sys/protosw.h>
79 #include <sys/socket.h>
80 #include <sys/errno.h>
82 #include <sys/kernel.h>
84 #include <sys/syslog.h>
88 #include <sys/sysctl.h>
92 #include <net/if_dl.h>
93 #include <net/route.h>
95 #include <netinet/in.h>
96 #include <netinet/in_systm.h>
97 #include <netinet/if_ether.h>
98 #include <netinet/ip.h>
99 #include <netinet/in_pcb.h>
100 #include <netinet/in_var.h>
101 #include <netinet/ip_var.h>
102 #include <netinet/ip_icmp.h>
103 #include <netinet/ip_ipsp.h>
106 #include <stdio.h> // for 'sprintf()'
111 #define IPFORWARDING 1 /* forward IP packets not for us */
113 #define IPFORWARDING 0 /* don't forward IP packets not for us */
115 #endif /* IPFORWARDING */
116 #ifndef IPSENDREDIRECTS
117 #define IPSENDREDIRECTS 1
123 * Note: DIRECTED_BROADCAST is handled this way so that previous
124 * configuration using this option will Just Work.
126 #ifndef IPDIRECTEDBCAST
127 #ifdef DIRECTED_BROADCAST
128 #define IPDIRECTEDBCAST 1
130 #define IPDIRECTEDBCAST 0
131 #endif /* DIRECTED_BROADCAST */
132 #endif /* IPDIRECTEDBCAST */
133 int ipforwarding = IPFORWARDING;
134 int ipsendredirects = IPSENDREDIRECTS;
135 int ip_dosourceroute = 0; /* no src-routing unless sysctl'd to enable */
136 int ip_defttl = IPDEFTTL;
137 int ip_directedbcast = IPDIRECTEDBCAST;
142 int ipsec_auth_default_level = IPSEC_AUTH_LEVEL_DEFAULT;
143 int ipsec_esp_trans_default_level = IPSEC_ESP_TRANS_LEVEL_DEFAULT;
144 int ipsec_esp_network_default_level = IPSEC_ESP_NETWORK_LEVEL_DEFAULT;
146 /* Keep track of memory used for reassembly */
147 int ip_maxqueue = 300;
151 extern int ipport_firstauto;
152 extern int ipport_lastauto;
153 extern int ipport_hifirstauto;
154 extern int ipport_hilastauto;
155 extern struct baddynamicports baddynamicports;
157 extern struct domain inetdomain;
158 extern struct protosw inetsw[];
159 u_char ip_protox[IPPROTO_MAX];
160 int ipqmaxlen = IFQ_MAXLEN;
161 struct in_ifaddrhead in_ifaddr;
162 struct ifqueue ipintrq;
163 struct ipstat ipstat;
164 #if defined(IPFILTER) || defined(IPFILTER_LKM)
165 int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int,
170 static __inline int ipq_lock_try __P((void));
171 static __inline void ipq_unlock __P((void));
188 #define ipq_lock() ipq_lock_try()
200 #if 0 // Now in common layer
202 static char *ui8tod( cyg_uint8 n, char *p )
204 if( n > 99 ) *p++ = (n/100) + '0';
205 if( n > 9 ) *p++ = ((n/10)%10) + '0';
214 static char buf[4*sizeof "123"];
216 unsigned char *ucp = (unsigned char *)&ina;
218 // sprintf(buf, "%d.%d.%d.%d", ucp[0] & 0xff, ucp[1] & 0xff,
219 // ucp[2] & 0xff, ucp[3] & 0xff);
221 p = ui8tod( ucp[0] & 0xFF, p);
223 p = ui8tod( ucp[1] & 0xFF, p);
225 p = ui8tod( ucp[2] & 0xFF, p);
227 p = ui8tod( ucp[3] & 0xFF, p);
235 * We need to save the IP options in case a protocol wants to respond
236 * to an incoming packet over the same route if the packet got here
237 * using IP source routing. This allows connection establishment and
238 * maintenance when the remote end is on a network that is not known
242 static struct ip_srcrt {
243 struct in_addr dst; /* final destination */
244 char nop; /* one NOP to align */
245 char srcopt[IPOPT_OFFSET + 1]; /* OPTVAL, OLEN and OFFSET */
246 struct in_addr route[MAX_IPOPTLEN/sizeof(struct in_addr)];
249 static void save_rte __P((u_char *, struct in_addr));
250 static int ip_weadvertise(u_int32_t);
253 * IP initialization: fill in IP protocol switch table.
254 * All protocols not implemented in kernel go to raw IP protocol handler.
259 register struct protosw *pr;
261 const u_int16_t defbaddynamicports_tcp[] = DEFBADDYNAMICPORTS_TCP;
262 const u_int16_t defbaddynamicports_udp[] = DEFBADDYNAMICPORTS_UDP;
264 pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW);
267 for (i = 0; i < IPPROTO_MAX; i++)
268 ip_protox[i] = pr - inetsw;
269 for (pr = inetdomain.dom_protosw;
270 pr < inetdomain.dom_protoswNPROTOSW; pr++)
271 if (pr->pr_domain->dom_family == PF_INET &&
272 pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW)
273 ip_protox[pr->pr_protocol] = pr - inetsw;
275 ipintrq.ifq_maxlen = ipqmaxlen;
276 TAILQ_INIT(&in_ifaddr);
278 /* Fill in list of ports not to allocate dynamically. */
279 bzero((void *)&baddynamicports, sizeof(baddynamicports));
280 for (i = 0; defbaddynamicports_tcp[i] != 0; i++)
281 DP_SET(baddynamicports.tcp, defbaddynamicports_tcp[i]);
282 for (i = 0; defbaddynamicports_udp[i] != 0; i++)
283 DP_SET(baddynamicports.udp, defbaddynamicports_tcp[i]);
286 struct sockaddr_in ipaddr = { sizeof(ipaddr), AF_INET };
287 struct route ipforward_rt;
292 register struct mbuf *m;
300 * Get next datagram off input queue and get IP header
304 IF_DEQUEUE(&ipintrq, m);
309 if ((m->m_flags & M_PKTHDR) == 0)
310 panic("ipintr no HDR");
312 ipv4_input(m, 0, NULL, 0);
317 * Ip input routine. Checksum and byte swap header. If fragmented
318 * try to reassemble. Process options. Pass to next level.
321 ipv4_input(struct mbuf *m, ...)
323 register struct ip *ip;
324 register struct ipq *fp;
325 struct in_ifaddr *ia;
332 extra = va_arg(ap, int);
336 struct mbuf *newpacket;
338 if (!(newpacket = m_split(m, extra, M_NOWAIT))) {
343 newpacket->m_flags |= m->m_flags;
350 * If no IP addresses have been set yet but the interfaces
351 * are receiving, can't do anything with incoming packets yet.
353 if (in_ifaddr.tqh_first == 0)
356 if (m->m_len < sizeof (struct ip) &&
357 (m = m_pullup(m, sizeof (struct ip))) == 0) {
358 ipstat.ips_toosmall++;
361 ip = mtod(m, struct ip *);
362 if (ip->ip_v != IPVERSION) {
363 ipstat.ips_badvers++;
366 hlen = ip->ip_hl << 2;
367 if (hlen < sizeof(struct ip)) { /* minimum header length */
368 ipstat.ips_badhlen++;
371 if (hlen > m->m_len) {
372 if ((m = m_pullup(m, hlen)) == 0) {
373 ipstat.ips_badhlen++;
376 ip = mtod(m, struct ip *);
378 if ((ip->ip_sum = in_cksum(m, hlen)) != 0) {
384 * Convert fields to host representation.
387 if (ip->ip_len < hlen) {
395 * Check that the amount of data in the buffers
396 * is as at least much as the IP header would have us expect.
397 * Trim mbufs if longer than we expect.
398 * Drop packet if shorter than we expect.
400 if (m->m_pkthdr.len < ip->ip_len) {
401 ipstat.ips_tooshort++;
404 if (m->m_pkthdr.len > ip->ip_len) {
405 if (m->m_len == m->m_pkthdr.len) {
406 m->m_len = ip->ip_len;
407 m->m_pkthdr.len = ip->ip_len;
409 m_adj(m, ip->ip_len - m->m_pkthdr.len);
412 #if defined(IPFILTER) || defined(IPFILTER_LKM)
414 * Check if we want to allow this packet to be processed.
415 * Consider it to be bad if not.
419 if (fr_checkp && (*fr_checkp)(ip, hlen, m->m_pkthdr.rcvif, 0, &m0))
421 ip = mtod(m = m0, struct ip *);
426 * Process options and, if not destined for us,
427 * ship it on. ip_dooptions returns 1 when an
428 * error was detected (causing an icmp message
429 * to be sent and the original packet to be freed).
431 ip_nhops = 0; /* for source routed packets */
432 if (hlen > sizeof (struct ip) && ip_dooptions(m))
436 * Check our list of addresses, to see if the packet is for us.
438 if ((ia = in_iawithaddr(ip->ip_dst, m)) != NULL &&
439 (ia->ia_ifp->if_flags & IFF_UP))
442 if (IN_MULTICAST(ip->ip_dst.s_addr)) {
443 struct in_multi *inm;
445 extern struct socket *ip_mrouter;
447 if (m->m_flags & M_EXT) {
448 if ((m = m_pullup(m, hlen)) == 0) {
449 ipstat.ips_toosmall++;
452 ip = mtod(m, struct ip *);
457 * If we are acting as a multicast router, all
458 * incoming multicast packets are passed to the
459 * kernel-level multicast forwarding function.
460 * The packet is returned (relatively) intact; if
461 * ip_mforward() returns a non-zero value, the packet
462 * must be discarded, else it may be accepted below.
464 * (The IP ident field is put in the same byte order
465 * as expected when ip_mforward() is called from
468 ip->ip_id = htons(ip->ip_id);
469 if (ip_mforward(m, m->m_pkthdr.rcvif) != 0) {
470 ipstat.ips_cantforward++;
474 ip->ip_id = ntohs(ip->ip_id);
477 * The process-level routing demon needs to receive
478 * all multicast IGMP packets, whether or not this
479 * host belongs to their destination groups.
481 if (ip->ip_p == IPPROTO_IGMP)
483 ipstat.ips_forward++;
487 * See if we belong to the destination multicast group on the
490 IN_LOOKUP_MULTI(ip->ip_dst, m->m_pkthdr.rcvif, inm);
492 ipstat.ips_cantforward++;
498 if (ip->ip_dst.s_addr == INADDR_BROADCAST ||
499 ip->ip_dst.s_addr == INADDR_ANY)
503 * Not for us; forward if possible and desirable.
505 if (ipforwarding == 0) {
506 ipstat.ips_cantforward++;
514 * If offset or IP_MF are set, must reassemble.
515 * Otherwise, nothing need be done.
516 * (We could look in the reassembly queue to see
517 * if the packet was previously fragmented,
518 * but it's not worth the time; just let them time out.)
520 if (ip->ip_off &~ (IP_DF | IP_RF)) {
521 if (m->m_flags & M_EXT) { /* XXX */
522 if ((m = m_pullup(m, hlen)) == 0) {
523 ipstat.ips_toosmall++;
526 ip = mtod(m, struct ip *);
530 * Look for queue of fragments
534 for (fp = ipq.lh_first; fp != NULL; fp = fp->ipq_q.le_next)
535 if (ip->ip_id == fp->ipq_id &&
536 ip->ip_src.s_addr == fp->ipq_src.s_addr &&
537 ip->ip_dst.s_addr == fp->ipq_dst.s_addr &&
538 ip->ip_p == fp->ipq_p)
544 * Adjust ip_len to not reflect header,
545 * set ipqe_mff if more fragments are expected,
546 * convert offset of this to bytes.
549 mff = (ip->ip_off & IP_MF) != 0;
552 * Make sure that fragments have a data length
553 * that's a non-zero multiple of 8 bytes.
555 if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) {
556 ipstat.ips_badfrags++;
564 * If datagram marked as having more fragments
565 * or if this is not the first fragment,
566 * attempt reassembly; if it succeeds, proceed.
568 if (mff || ip->ip_off) {
569 ipstat.ips_fragments++;
570 if (ip_frags + 1 > ip_maxqueue) {
572 ipstat.ips_rcvmemdrop++;
577 MALLOC(ipqe, struct ipqent *, sizeof (struct ipqent),
580 ipstat.ips_rcvmemdrop++;
585 ipqe->ipqe_mff = mff;
587 ip = ip_reass(ipqe, fp);
592 ipstat.ips_reassembled++;
594 hlen = ip->ip_hl << 2;
603 * Switch out to protocol's input routine.
605 ipstat.ips_delivered++;
606 (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, hlen, NULL, 0);
613 in_iawithaddr(ina, m)
615 register struct mbuf *m;
617 register struct in_ifaddr *ia;
619 for (ia = in_ifaddr.tqh_first; ia; ia = ia->ia_list.tqe_next) {
620 if ((ina.s_addr == ia->ia_addr.sin_addr.s_addr) ||
621 ((ia->ia_ifp->if_flags & (IFF_LOOPBACK|IFF_LINK1)) ==
622 (IFF_LOOPBACK|IFF_LINK1) &&
623 ia->ia_subnet == (ina.s_addr & ia->ia_subnetmask)))
625 if (m && ((ip_directedbcast == 0) || (ip_directedbcast &&
626 ia->ia_ifp == m->m_pkthdr.rcvif)) &&
627 (ia->ia_ifp->if_flags & IFF_BROADCAST)) {
628 if (ina.s_addr == ia->ia_broadaddr.sin_addr.s_addr ||
629 ina.s_addr == ia->ia_netbroadcast.s_addr ||
631 * Look for all-0's host part (old broadcast addr),
632 * either for subnet or net.
634 ina.s_addr == ia->ia_subnet ||
635 ina.s_addr == ia->ia_net) {
636 /* Make sure M_BCAST is set */
637 m->m_flags |= M_BCAST;
647 * Take incoming datagram fragment and try to
648 * reassemble it into whole datagram. If a chain for
649 * reassembly of this datagram already exists, then it
650 * is given as fp; otherwise have to make a chain.
654 register struct ipqent *ipqe;
655 register struct ipq *fp;
657 register struct mbuf *m = dtom(ipqe->ipqe_ip);
658 register struct ipqent *nq, *p, *q;
661 int hlen = ipqe->ipqe_ip->ip_hl << 2;
665 * Presence of header sizes in mbufs
666 * would confuse code below.
672 * If first fragment to arrive, create a reassembly queue.
675 if ((t = m_get(M_DONTWAIT, MT_FTABLE)) == NULL)
677 fp = mtod(t, struct ipq *);
678 LIST_INSERT_HEAD(&ipq, fp, ipq_q);
679 fp->ipq_ttl = IPFRAGTTL;
680 fp->ipq_p = ipqe->ipqe_ip->ip_p;
681 fp->ipq_id = ipqe->ipqe_ip->ip_id;
682 LIST_INIT(&fp->ipq_fragq);
683 fp->ipq_src = ipqe->ipqe_ip->ip_src;
684 fp->ipq_dst = ipqe->ipqe_ip->ip_dst;
690 * Find a segment which begins after this one does.
692 for (p = NULL, q = fp->ipq_fragq.lh_first; q != NULL;
693 p = q, q = q->ipqe_q.le_next)
694 if (q->ipqe_ip->ip_off > ipqe->ipqe_ip->ip_off)
698 * If there is a preceding segment, it may provide some of
699 * our data already. If so, drop the data from the incoming
700 * segment. If it provides all of our data, drop us.
703 i = p->ipqe_ip->ip_off + p->ipqe_ip->ip_len -
704 ipqe->ipqe_ip->ip_off;
706 if (i >= ipqe->ipqe_ip->ip_len)
708 m_adj(dtom(ipqe->ipqe_ip), i);
709 ipqe->ipqe_ip->ip_off += i;
710 ipqe->ipqe_ip->ip_len -= i;
715 * While we overlap succeeding segments trim them or,
716 * if they are completely covered, dequeue them.
718 for (; q != NULL && ipqe->ipqe_ip->ip_off + ipqe->ipqe_ip->ip_len >
719 q->ipqe_ip->ip_off; q = nq) {
720 i = (ipqe->ipqe_ip->ip_off + ipqe->ipqe_ip->ip_len) -
722 if (i < q->ipqe_ip->ip_len) {
723 q->ipqe_ip->ip_len -= i;
724 q->ipqe_ip->ip_off += i;
725 m_adj(dtom(q->ipqe_ip), i);
728 nq = q->ipqe_q.le_next;
729 m_freem(dtom(q->ipqe_ip));
730 LIST_REMOVE(q, ipqe_q);
737 * Stick new segment in its place;
738 * check for complete reassembly.
741 LIST_INSERT_HEAD(&fp->ipq_fragq, ipqe, ipqe_q);
743 LIST_INSERT_AFTER(p, ipqe, ipqe_q);
746 for (p = NULL, q = fp->ipq_fragq.lh_first; q != NULL;
747 p = q, q = q->ipqe_q.le_next) {
748 if (q->ipqe_ip->ip_off != next)
750 next += q->ipqe_ip->ip_len;
756 * Reassembly is complete. Check for a bogus message size and
757 * concatenate fragments.
759 q = fp->ipq_fragq.lh_first;
761 if ((next + (ip->ip_hl << 2)) > IP_MAXPACKET) {
762 ipstat.ips_toolong++;
766 m = dtom(q->ipqe_ip);
770 nq = q->ipqe_q.le_next;
773 for (q = nq; q != NULL; q = nq) {
774 t = dtom(q->ipqe_ip);
775 nq = q->ipqe_q.le_next;
782 * Create header for new ip packet by
783 * modifying header of first packet;
784 * dequeue and discard fragment reassembly header.
785 * Make header visible.
788 ip->ip_ttl = 0; /* xxx */
790 ip->ip_src = fp->ipq_src;
791 ip->ip_dst = fp->ipq_dst;
792 LIST_REMOVE(fp, ipq_q);
793 (void) m_free(dtom(fp));
794 m->m_len += (ip->ip_hl << 2);
795 m->m_data -= (ip->ip_hl << 2);
796 /* some debugging cruft by sklower, below, will go away soon */
797 if (m->m_flags & M_PKTHDR) { /* XXX this should be done elsewhere */
798 register int plen = 0;
799 for (t = m; m; m = m->m_next)
801 t->m_pkthdr.len = plen;
806 ipstat.ips_fragdropped++;
814 * Free a fragment reassembly header and all
815 * associated datagrams.
821 register struct ipqent *q, *p;
823 for (q = fp->ipq_fragq.lh_first; q != NULL; q = p) {
824 p = q->ipqe_q.le_next;
825 m_freem(dtom(q->ipqe_ip));
826 LIST_REMOVE(q, ipqe_q);
830 LIST_REMOVE(fp, ipq_q);
831 (void) m_free(dtom(fp));
835 * IP timer processing;
836 * if a timer expires on a reassembly
842 register struct ipq *fp, *nfp;
843 int s = splsoftnet();
846 for (fp = ipq.lh_first; fp != NULL; fp = nfp) {
847 nfp = fp->ipq_q.le_next;
848 if (--fp->ipq_ttl == 0) {
849 ipstat.ips_fragtimeout++;
858 * Drain off all datagram fragments.
864 if (ipq_lock_try() == 0)
866 while (ipq.lh_first != NULL) {
867 ipstat.ips_fragdropped++;
868 ip_freef(ipq.lh_first);
874 * Flush a bunch of datagram fragments, till we are down to 75%.
881 /* ipq already locked */
882 while (ipq.lh_first != NULL && ip_frags > ip_maxqueue * 3 / 4 && --max) {
883 ipstat.ips_fragdropped++;
884 ip_freef(ipq.lh_first);
889 * Do option processing on a datagram,
890 * possibly discarding it if bad options are encountered,
891 * or forwarding it if source-routed.
892 * Returns 1 if packet has been forwarded/freed,
893 * 0 if the packet should be processed further.
899 register struct ip *ip = mtod(m, struct ip *);
901 register struct ip_timestamp *ipt;
902 register struct in_ifaddr *ia;
903 int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0;
904 struct in_addr *sin, dst;
908 cp = (u_char *)(ip + 1);
909 cnt = (ip->ip_hl << 2) - sizeof (struct ip);
910 for (; cnt > 0; cnt -= optlen, cp += optlen) {
911 opt = cp[IPOPT_OPTVAL];
912 if (opt == IPOPT_EOL)
914 if (opt == IPOPT_NOP)
917 optlen = cp[IPOPT_OLEN];
918 if (optlen <= 0 || optlen > cnt) {
919 code = &cp[IPOPT_OLEN] - (u_char *)ip;
929 * Source routing with record.
930 * Find interface with current destination address.
931 * If none on this machine then drop if strictly routed,
932 * or do nothing if loosely routed.
933 * Record interface address and bring up next address
934 * component. If strictly routed make sure next
935 * address is on directly accessible net.
939 if (!ip_dosourceroute) {
941 char buf[4*sizeof "123"];
943 strcpy(buf, inet_ntoa(ip->ip_dst));
945 "attempted source route from %s to %s\n",
946 inet_ntoa(ip->ip_src), buf);
949 code = ICMP_UNREACH_SRCFAIL;
952 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) {
953 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
956 ipaddr.sin_addr = ip->ip_dst;
957 ia = ifatoia(ifa_ifwithaddr(sintosa(&ipaddr)));
959 if (opt == IPOPT_SSRR) {
961 code = ICMP_UNREACH_SRCFAIL;
965 * Loose routing, and not at next destination
966 * yet; nothing to do except forward.
970 off--; /* 0 origin */
971 if (off > optlen - sizeof(struct in_addr)) {
973 * End of source route. Should be for us.
975 save_rte(cp, ip->ip_src);
980 * locate outgoing interface
982 bcopy((caddr_t)(cp + off), (caddr_t)&ipaddr.sin_addr,
983 sizeof(ipaddr.sin_addr));
984 if (opt == IPOPT_SSRR) {
985 #define INA struct in_ifaddr *
986 #define SA struct sockaddr *
987 if ((ia = (INA)ifa_ifwithdstaddr((SA)&ipaddr)) == 0)
988 ia = (INA)ifa_ifwithnet((SA)&ipaddr);
990 ia = ip_rtaddr(ipaddr.sin_addr);
993 code = ICMP_UNREACH_SRCFAIL;
996 ip->ip_dst = ipaddr.sin_addr;
997 bcopy((caddr_t)&ia->ia_addr.sin_addr,
998 (caddr_t)(cp + off), sizeof(struct in_addr));
999 cp[IPOPT_OFFSET] += sizeof(struct in_addr);
1001 * Let ip_intr's mcast routing check handle mcast pkts
1003 forward = !IN_MULTICAST(ip->ip_dst.s_addr);
1007 if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) {
1008 code = &cp[IPOPT_OFFSET] - (u_char *)ip;
1013 * If no space remains, ignore.
1015 off--; /* 0 origin */
1016 if (off > optlen - sizeof(struct in_addr))
1018 bcopy((caddr_t)(&ip->ip_dst), (caddr_t)&ipaddr.sin_addr,
1019 sizeof(ipaddr.sin_addr));
1021 * locate outgoing interface; if we're the destination,
1022 * use the incoming interface (should be same).
1024 if ((ia = (INA)ifa_ifwithaddr((SA)&ipaddr)) == 0 &&
1025 (ia = ip_rtaddr(ipaddr.sin_addr)) == 0) {
1026 type = ICMP_UNREACH;
1027 code = ICMP_UNREACH_HOST;
1030 bcopy((caddr_t)&ia->ia_addr.sin_addr,
1031 (caddr_t)(cp + off), sizeof(struct in_addr));
1032 cp[IPOPT_OFFSET] += sizeof(struct in_addr);
1036 code = cp - (u_char *)ip;
1037 ipt = (struct ip_timestamp *)cp;
1038 if (ipt->ipt_ptr < 5 || ipt->ipt_len < 5)
1040 if (ipt->ipt_ptr - 1 + sizeof(n_time) > ipt->ipt_len) {
1041 if (++ipt->ipt_oflw == 0)
1045 sin = (struct in_addr *)(cp + ipt->ipt_ptr - 1);
1046 switch (ipt->ipt_flg) {
1048 case IPOPT_TS_TSONLY:
1051 case IPOPT_TS_TSANDADDR:
1052 if (ipt->ipt_ptr - 1 + sizeof(n_time) +
1053 sizeof(struct in_addr) > ipt->ipt_len)
1055 ipaddr.sin_addr = dst;
1056 ia = (INA)ifaof_ifpforaddr((SA)&ipaddr,
1060 bcopy((caddr_t)&ia->ia_addr.sin_addr,
1061 (caddr_t)sin, sizeof(struct in_addr));
1062 ipt->ipt_ptr += sizeof(struct in_addr);
1065 case IPOPT_TS_PRESPEC:
1066 if (ipt->ipt_ptr - 1 + sizeof(n_time) +
1067 sizeof(struct in_addr) > ipt->ipt_len)
1069 bcopy((caddr_t)sin, (caddr_t)&ipaddr.sin_addr,
1070 sizeof(struct in_addr));
1071 if (ifa_ifwithaddr((SA)&ipaddr) == 0)
1073 ipt->ipt_ptr += sizeof(struct in_addr);
1080 bcopy((caddr_t)&ntime, (caddr_t)cp + ipt->ipt_ptr - 1,
1082 ipt->ipt_ptr += sizeof(n_time);
1085 if (forward && ipforwarding) {
1091 ip->ip_len -= ip->ip_hl << 2; /* XXX icmp_error adds in hdr length */
1092 HTONS(ip->ip_len); /* XXX because ip_input changed these three */
1095 icmp_error(m, type, code, 0, 0);
1096 ipstat.ips_badoptions++;
1101 * Given address of next destination (final or next hop),
1102 * return internet address info of interface to be used to get there.
1108 register struct sockaddr_in *sin;
1110 sin = satosin(&ipforward_rt.ro_dst);
1112 if (ipforward_rt.ro_rt == 0 || dst.s_addr != sin->sin_addr.s_addr) {
1113 if (ipforward_rt.ro_rt) {
1114 RTFREE(ipforward_rt.ro_rt);
1115 ipforward_rt.ro_rt = 0;
1117 sin->sin_family = AF_INET;
1118 sin->sin_len = sizeof(*sin);
1119 sin->sin_addr = dst;
1121 rtalloc(&ipforward_rt);
1123 if (ipforward_rt.ro_rt == 0)
1124 return ((struct in_ifaddr *)0);
1125 return (ifatoia(ipforward_rt.ro_rt->rt_ifa));
1129 * Save incoming source route for use in replies,
1130 * to be picked up later by ip_srcroute if the receiver is interested.
1133 save_rte(option, dst)
1139 olen = option[IPOPT_OLEN];
1142 printf("save_rte: olen %d\n", olen);
1144 if (olen > sizeof(ip_srcrt) - (1 + sizeof(dst)))
1146 bcopy((caddr_t)option, (caddr_t)ip_srcrt.srcopt, olen);
1147 ip_nhops = (olen - IPOPT_OFFSET - 1) / sizeof(struct in_addr);
1152 * Check whether we do proxy ARP for this address and we point to ourselves.
1153 * Code shamelessly copied from arplookup().
1156 ip_weadvertise(addr)
1159 register struct rtentry *rt;
1160 register struct ifnet *ifp;
1161 register struct ifaddr *ifa;
1162 struct sockaddr_inarp sin;
1164 sin.sin_len = sizeof(sin);
1165 sin.sin_family = AF_INET;
1166 sin.sin_addr.s_addr = addr;
1167 sin.sin_other = SIN_PROXY;
1168 rt = rtalloc1(sintosa(&sin), 0);
1174 if ((rt->rt_flags & RTF_GATEWAY) || (rt->rt_flags & RTF_LLINFO) == 0 ||
1175 rt->rt_gateway->sa_family != AF_LINK)
1178 for (ifp = ifnet.tqh_first; ifp != 0; ifp = ifp->if_list.tqe_next)
1179 for (ifa = ifp->if_addrlist.tqh_first; ifa != 0;
1180 ifa = ifa->ifa_list.tqe_next) {
1181 if (ifa->ifa_addr->sa_family != rt->rt_gateway->sa_family)
1184 if (!bcmp(LLADDR((struct sockaddr_dl *)ifa->ifa_addr),
1185 LLADDR((struct sockaddr_dl *)rt->rt_gateway),
1194 * Retrieve incoming source route for use in replies,
1195 * in the same form used by setsockopt.
1196 * The first hop is placed before the options, will be removed later.
1201 register struct in_addr *p, *q;
1202 register struct mbuf *m;
1205 return ((struct mbuf *)0);
1206 m = m_get(M_DONTWAIT, MT_SOOPTS);
1208 return ((struct mbuf *)0);
1210 #define OPTSIZ (sizeof(ip_srcrt.nop) + sizeof(ip_srcrt.srcopt))
1212 /* length is (nhops+1)*sizeof(addr) + sizeof(nop + srcrt header) */
1213 m->m_len = ip_nhops * sizeof(struct in_addr) + sizeof(struct in_addr) +
1217 printf("ip_srcroute: nhops %d mlen %d", ip_nhops, m->m_len);
1221 * First save first hop for return route
1223 p = &ip_srcrt.route[ip_nhops - 1];
1224 *(mtod(m, struct in_addr *)) = *p--;
1227 printf(" hops %x", ntohl(mtod(m, struct in_addr *)->s_addr));
1231 * Copy option fields and padding (nop) to mbuf.
1233 ip_srcrt.nop = IPOPT_NOP;
1234 ip_srcrt.srcopt[IPOPT_OFFSET] = IPOPT_MINOFF;
1235 bcopy((caddr_t)&ip_srcrt.nop,
1236 mtod(m, caddr_t) + sizeof(struct in_addr), OPTSIZ);
1237 q = (struct in_addr *)(mtod(m, caddr_t) +
1238 sizeof(struct in_addr) + OPTSIZ);
1241 * Record return path as an IP source route,
1242 * reversing the path (pointers are now aligned).
1244 while (p >= ip_srcrt.route) {
1247 printf(" %x", ntohl(q->s_addr));
1252 * Last hop goes to final destination.
1257 printf(" %x\n", ntohl(q->s_addr));
1263 * Strip out IP options, at higher
1264 * level protocol in the kernel.
1265 * Second argument is buffer to which options
1266 * will be moved, and return value is their length.
1267 * XXX should be deleted; last arg currently ignored.
1270 ip_stripoptions(m, mopt)
1271 register struct mbuf *m;
1275 struct ip *ip = mtod(m, struct ip *);
1276 register caddr_t opts;
1279 olen = (ip->ip_hl<<2) - sizeof (struct ip);
1280 opts = (caddr_t)(ip + 1);
1281 i = m->m_len - (sizeof (struct ip) + olen);
1282 bcopy(opts + olen, opts, (unsigned)i);
1284 if (m->m_flags & M_PKTHDR)
1285 m->m_pkthdr.len -= olen;
1286 ip->ip_hl = sizeof(struct ip) >> 2;
1289 int inetctlerrmap[PRC_NCMDS] = {
1291 0, EMSGSIZE, EHOSTDOWN, EHOSTUNREACH,
1292 EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED,
1293 EMSGSIZE, EHOSTUNREACH, 0, 0,
1299 * Forward a packet. If some error occurs return the sender
1300 * an icmp packet. Note we can't always generate a meaningful
1301 * icmp message because icmp doesn't have a large enough repertoire
1302 * of codes and types.
1304 * If not forwarding, just drop the packet. This could be confusing
1305 * if ipforwarding was zero but some routing protocol was advancing
1306 * us as a gateway to somewhere. However, we must let the routing
1307 * protocol deal with that.
1309 * The srcrt parameter indicates whether the packet is being forwarded
1310 * via a source route.
1313 ip_forward(m, srcrt)
1317 register struct ip *ip = mtod(m, struct ip *);
1318 register struct sockaddr_in *sin;
1319 register struct rtentry *rt;
1320 int error, type = 0, code = 0;
1323 struct ifnet *destifp;
1324 #if 0 /*KAME IPSEC*/
1325 struct ifnet dummyifp;
1331 printf("forward: src %x dst %x ttl %x\n", ip->ip_src.s_addr,
1332 ip->ip_dst.s_addr, ip->ip_ttl);
1334 if (m->m_flags & M_BCAST || in_canforward(ip->ip_dst) == 0) {
1335 ipstat.ips_cantforward++;
1340 if (ip->ip_ttl <= IPTTLDEC) {
1341 icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, 0);
1344 ip->ip_ttl -= IPTTLDEC;
1346 sin = satosin(&ipforward_rt.ro_dst);
1347 if ((rt = ipforward_rt.ro_rt) == 0 ||
1348 ip->ip_dst.s_addr != sin->sin_addr.s_addr) {
1349 if (ipforward_rt.ro_rt) {
1350 RTFREE(ipforward_rt.ro_rt);
1351 ipforward_rt.ro_rt = 0;
1353 sin->sin_family = AF_INET;
1354 sin->sin_len = sizeof(*sin);
1355 sin->sin_addr = ip->ip_dst;
1357 rtalloc(&ipforward_rt);
1358 if (ipforward_rt.ro_rt == 0) {
1359 icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, dest, 0);
1362 rt = ipforward_rt.ro_rt;
1366 * Save at most 68 bytes of the packet in case
1367 * we need to generate an ICMP message to the src.
1369 mcopy = m_copy(m, 0, imin((int)ip->ip_len, 68));
1372 * If forwarding packet using same interface that it came in on,
1373 * perhaps should send a redirect to sender to shortcut a hop.
1374 * Only send redirect if source is sending directly to us,
1375 * and if packet was not source routed (or has any options).
1376 * Also, don't send redirect if forwarding using a default route
1377 * or a route modified by a redirect.
1378 * Don't send redirect if we advertise destination's arp address
1379 * as ours (proxy arp).
1381 if (rt->rt_ifp == m->m_pkthdr.rcvif &&
1382 (rt->rt_flags & (RTF_DYNAMIC|RTF_MODIFIED)) == 0 &&
1383 satosin(rt_key(rt))->sin_addr.s_addr != 0 &&
1384 ipsendredirects && !srcrt &&
1385 !ip_weadvertise(satosin(rt_key(rt))->sin_addr.s_addr)) {
1387 (ip->ip_src.s_addr & ifatoia(rt->rt_ifa)->ia_subnetmask) ==
1388 ifatoia(rt->rt_ifa)->ia_subnet) {
1389 if (rt->rt_flags & RTF_GATEWAY)
1390 dest = satosin(rt->rt_gateway)->sin_addr.s_addr;
1392 dest = ip->ip_dst.s_addr;
1393 /* Router requirements says to only send host redirects */
1394 type = ICMP_REDIRECT;
1395 code = ICMP_REDIRECT_HOST;
1398 printf("redirect (%d) to %x\n", code, (u_int32_t)dest);
1403 #if 0 /*KAME IPSEC*/
1404 m->m_pkthdr.rcvif = NULL;
1406 error = ip_output(m, (struct mbuf *)0, &ipforward_rt,
1407 (IP_FORWARDING | (ip_directedbcast ? IP_ALLOWBROADCAST : 0)),
1410 ipstat.ips_cantforward++;
1412 ipstat.ips_forward++;
1414 ipstat.ips_redirectsent++;
1427 case 0: /* forwarded, but need redirect */
1428 /* type, code set above */
1431 case ENETUNREACH: /* shouldn't happen, checked above */
1436 type = ICMP_UNREACH;
1437 code = ICMP_UNREACH_HOST;
1441 type = ICMP_UNREACH;
1442 code = ICMP_UNREACH_NEEDFRAG;
1443 #if 1 /*KAME IPSEC*/
1444 if (ipforward_rt.ro_rt)
1445 destifp = ipforward_rt.ro_rt->rt_ifp;
1448 * If the packet is routed over IPsec tunnel, tell the
1449 * originator the tunnel MTU.
1450 * tunnel MTU = if MTU - sizeof(IP) - ESP/AH hdrsiz
1453 if (ipforward_rt.ro_rt) {
1454 struct secpolicy *sp;
1459 sp = ipsec4_getpolicybyaddr(mcopy,
1464 destifp = ipforward_rt.ro_rt->rt_ifp;
1466 /* count IPsec header size */
1467 ipsechdr = ipsec4_hdrsiz(mcopy, NULL);
1470 * find the correct route for outer IPv4
1471 * header, compute tunnel MTU.
1474 * The "dummyifp" code relies upon the fact
1475 * that icmp_error() touches only ifp->if_mtu.
1480 && sp->req->sa != NULL) {
1481 ro = &sp->req->sa->saidx->sa_route;
1482 if (ro->ro_rt && ro->ro_rt->rt_ifp) {
1484 ro->ro_rt->rt_ifp->if_mtu;
1485 dummyifp.if_mtu -= ipsechdr;
1486 destifp = &dummyifp;
1494 ipstat.ips_cantfrag++;
1498 type = ICMP_SOURCEQUENCH;
1503 icmp_error(mcopy, type, code, dest, destifp);
1506 #ifdef CYGPKG_NET_SYSCTL
1508 ip_sysctl(name, namelen, oldp, oldlenp, newp, newlen)
1516 /* All sysctl names at this level are terminal. */
1521 case IPCTL_FORWARDING:
1522 return (sysctl_int(oldp, oldlenp, newp, newlen, &ipforwarding));
1523 case IPCTL_SENDREDIRECTS:
1524 return (sysctl_int(oldp, oldlenp, newp, newlen,
1527 return (sysctl_int(oldp, oldlenp, newp, newlen, &ip_defttl));
1530 return (sysctl_int(oldp, oldlenp, newp, newlen, &ip_mtu));
1532 case IPCTL_SOURCEROUTE:
1534 * Don't allow this to change in a secure environment.
1536 if (newp && securelevel > 0)
1538 return (sysctl_int(oldp, oldlenp, newp, newlen,
1539 &ip_dosourceroute));
1540 case IPCTL_DIRECTEDBCAST:
1541 return (sysctl_int(oldp, oldlenp, newp, newlen,
1542 &ip_directedbcast));
1543 case IPCTL_IPPORT_FIRSTAUTO:
1544 return (sysctl_int(oldp, oldlenp, newp, newlen,
1545 &ipport_firstauto));
1546 case IPCTL_IPPORT_LASTAUTO:
1547 return (sysctl_int(oldp, oldlenp, newp, newlen,
1549 case IPCTL_IPPORT_HIFIRSTAUTO:
1550 return (sysctl_int(oldp, oldlenp, newp, newlen,
1551 &ipport_hifirstauto));
1552 case IPCTL_IPPORT_HILASTAUTO:
1553 return (sysctl_int(oldp, oldlenp, newp, newlen,
1554 &ipport_hilastauto));
1555 case IPCTL_IPPORT_MAXQUEUE:
1556 return (sysctl_int(oldp, oldlenp, newp, newlen,
1558 case IPCTL_ENCDEBUG:
1559 return (sysctl_int(oldp, oldlenp, newp, newlen, &encdebug));
1561 return (EOPNOTSUPP);
1565 #endif // CYGPKG_NET_SYSCTL