Date: Sun, 1 Feb 2009 18:10:07 +0000 (UTC) From: Paolo Pisati <piso@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r187986 - user/piso/sys/netinet Message-ID: <200902011810.n11IA7Ic063083@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: piso Date: Sun Feb 1 18:10:06 2009 New Revision: 187986 URL: http://svn.freebsd.org/changeset/base/187986 Log: Make fragments reassemblig before nat sysctl controllable and enable it per default. Modified: user/piso/sys/netinet/ip_fw.h user/piso/sys/netinet/ip_fw_nat.c Modified: user/piso/sys/netinet/ip_fw.h ============================================================================== --- user/piso/sys/netinet/ip_fw.h Sun Feb 1 18:03:55 2009 (r187985) +++ user/piso/sys/netinet/ip_fw.h Sun Feb 1 18:10:06 2009 (r187986) @@ -714,6 +714,7 @@ struct vnet_ipfw { u_int64_t _norule_counter; struct callout _ipfw_timeout; eventhandler_tag _ifaddr_event_tag; + int _nat_reass; }; #ifndef VIMAGE @@ -758,6 +759,7 @@ extern struct vnet_ipfw vnet_ipfw_0; #define V_norule_counter VNET_IPFW(norule_counter) #define V_ipfw_timeout VNET_IPFW(ipfw_timeout) #define V_ifaddr_event_tag VNET_IPFW(ifaddr_event_tag) +#define V_nat_reass VNET_IPFW(nat_reass) #endif /* _KERNEL */ #endif /* _IPFW2_H */ Modified: user/piso/sys/netinet/ip_fw_nat.c ============================================================================== --- user/piso/sys/netinet/ip_fw_nat.c Sun Feb 1 18:03:55 2009 (r187985) +++ user/piso/sys/netinet/ip_fw_nat.c Sun Feb 1 18:10:06 2009 (r187986) @@ -72,6 +72,7 @@ MALLOC_DECLARE(M_IPFW); #ifdef VIMAGE_GLOBALS extern struct ip_fw_chain layer3_chain; static eventhandler_tag ifaddr_event_tag; +static int nat_reass; #endif extern ipfw_nat_t *ipfw_nat_ptr; @@ -80,6 +81,10 @@ extern ipfw_nat_cfg_t *ipfw_nat_del_ptr; extern ipfw_nat_cfg_t *ipfw_nat_get_cfg_ptr; extern ipfw_nat_cfg_t *ipfw_nat_get_log_ptr; +SYSCTL_DECL(_net_inet_ip_fw); +SYSCTL_V_INT(V_NET, vnet_ipfw, _net_inet_ip_fw, OID_AUTO, nat_reass, CTLFLAG_RW, + nat_reass, 0, "Reassemble ip fragments before ipfw nat"); + static void ifaddr_change(void *arg __unused, struct ifnet *ifp) { @@ -261,55 +266,63 @@ ipfw_nat(struct ip_fw_args *args, struct NULL) goto badnat; ip = mtod(mcl, struct ip *); - /* - * In case of fragments, reassemble the packet - * before passing it to libalias. - */ - off = (args->eh == NULL) ? ip->ip_off : ntohs(ip->ip_off); - if (off & (IP_MF | IP_OFFMASK)) { - struct mbuf *reass; + /* Shall we reassemble ip fragments? */ + if (!V_nat_reass) { + if (args->eh == NULL) { + ip->ip_len = htons(ip->ip_len); + ip->ip_off = htons(ip->ip_off); + } + } else { + off = (args->eh == NULL) ? ip->ip_off : ntohs(ip->ip_off); /* - * Ip_reass() expects len & off in host byte order: - * fix them in case we come from layer2. + * In case of fragments, reassemble the packet + * before passing it to libalias. */ - if (args->eh != NULL) { - ip->ip_len = ntohs(ip->ip_len); - ip->ip_off = ntohs(ip->ip_off); - } + if (off & (IP_MF | IP_OFFMASK)) { + struct mbuf *reass; - /* Reassemble packet. */ - reass = ip_reass(mcl); + /* + * Ip_reass() expects len & off in host byte order: + * fix them in case we come from layer2. + */ + if (args->eh != NULL) { + ip->ip_len = ntohs(ip->ip_len); + ip->ip_off = ntohs(ip->ip_off); + } - /* - * IP header checksum fixup after reassembly and leave header - * in network byte order. - */ - if (reass != NULL) { - int hlen; + /* Reassemble packet. */ + reass = ip_reass(mcl); + + /* + * IP header checksum fixup after reassembly and leave header + * in network byte order. + */ + if (reass != NULL) { + int hlen; - ip = mtod(reass, struct ip *); - hlen = ip->ip_hl << 2; + ip = mtod(reass, struct ip *); + hlen = ip->ip_hl << 2; + ip->ip_len = htons(ip->ip_len); + ip->ip_off = htons(ip->ip_off); + ip->ip_sum = 0; + if (hlen == sizeof(struct ip)) + ip->ip_sum = in_cksum_hdr(ip); + else + ip->ip_sum = in_cksum(reass, hlen); + if ((mcl = m_megapullup(reass, reass->m_pkthdr.len)) == + NULL) + goto badnat; + ip = mtod(mcl, struct ip *); + } else { + mcl = NULL; + goto badnat; + } + } else if (args->eh == NULL) { ip->ip_len = htons(ip->ip_len); ip->ip_off = htons(ip->ip_off); - ip->ip_sum = 0; - if (hlen == sizeof(struct ip)) - ip->ip_sum = in_cksum_hdr(ip); - else - ip->ip_sum = in_cksum(reass, hlen); - if ((mcl = m_megapullup(reass, reass->m_pkthdr.len)) == - NULL) - goto badnat; - ip = mtod(mcl, struct ip *); - } else { - mcl = NULL; - goto badnat; } - } else if (args->eh == NULL) { - ip->ip_len = htons(ip->ip_len); - ip->ip_off = htons(ip->ip_off); } - /* * XXX - Libalias checksum offload 'duct tape': * @@ -651,6 +664,7 @@ ipfw_nat_init(void) IPFW_WUNLOCK(&V_layer3_chain); V_ifaddr_event_tag = EVENTHANDLER_REGISTER(ifaddr_event, ifaddr_change, NULL, EVENTHANDLER_PRI_ANY); + V_nat_reass = 1; } static void
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902011810.n11IA7Ic063083>