From owner-p4-projects@FreeBSD.ORG Wed Jan 31 20:48:49 2007 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 970D116A402; Wed, 31 Jan 2007 20:48:49 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4829A16A400 for ; Wed, 31 Jan 2007 20:48:49 +0000 (UTC) (envelope-from piso@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id 3971E13C4B2 for ; Wed, 31 Jan 2007 20:48:49 +0000 (UTC) (envelope-from piso@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l0VKmnQN026114 for ; Wed, 31 Jan 2007 20:48:49 GMT (envelope-from piso@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l0VKmmiw026109 for perforce@freebsd.org; Wed, 31 Jan 2007 20:48:48 GMT (envelope-from piso@freebsd.org) Date: Wed, 31 Jan 2007 20:48:48 GMT Message-Id: <200701312048.l0VKmmiw026109@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to piso@freebsd.org using -f From: Paolo Pisati To: Perforce Change Reviews Cc: Subject: PERFORCE change 113792 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jan 2007 20:48:50 -0000 http://perforce.freebsd.org/chv.cgi?CH=113792 Change 113792 by piso@piso_newluxor on 2007/01/31 20:48:35 In LibAlias[In|Out]Locked() and in (almost) all the functions called from there we need a contiguos ip hdr: for this reason revert the previous changes made to ProtoAlias[In|Out](), and do the pullup of an ip hdr in LibAlias[In|Out]Locked() - this way we can guarantee that all the functions called from LibAlias[In|Out]Locked() will receive, at least, a contiguos ip hdr in their "void *ptr" argument, and, in some cases, where we only need the content of the ip hdr (like in the ProtoAlias[In|Out]()) cases, we will hand down directly a "struct ip *". Affected files ... .. //depot/projects/soc2005/libalias/sys/netinet/libalias/alias.c#45 edit Differences ... ==== //depot/projects/soc2005/libalias/sys/netinet/libalias/alias.c#45 (text+ko) ==== @@ -264,8 +264,8 @@ static int IcmpAliasOut2(struct libalias *, void *); static int IcmpAliasOut(struct libalias *, void *, int create); -static int ProtoAliasIn(struct libalias *, void *); -static int ProtoAliasOut(struct libalias *, void *, int create); +static int ProtoAliasIn(struct libalias *, struct ip *); +static int ProtoAliasOut(struct libalias *, struct ip *, int create); static int UdpAliasIn(struct libalias *, void *); static int UdpAliasOut(struct libalias *, void *, int create); @@ -681,7 +681,7 @@ static int -ProtoAliasIn(struct libalias *la, void *ptr) +ProtoAliasIn(struct libalias *la, struct ip *pip) { /* Handle incoming IP packets. The @@ -689,17 +689,7 @@ the dest IP address of the packet to our inside machine. */ - struct ip *pip; struct alias_link *lnk; -#ifdef _KERNEL - struct mbuf *m; - m = m_pullup(ptr, sizeof(struct ip)); - if (m == NULL) - return (PKT_ALIAS_IGNORED); - pip = mtod(m, struct ip *); -#else - pip = ptr; -#endif LIBALIAS_LOCK_ASSERT(la); /* Return if proxy-only mode is enabled */ @@ -724,7 +714,7 @@ static int -ProtoAliasOut(struct libalias *la, void *ptr, int create) +ProtoAliasOut(struct libalias *la, struct ip *pip, int create) { /* Handle outgoing IP packets. The @@ -732,16 +722,6 @@ the source IP address of the packet. */ struct alias_link *lnk; - struct ip *pip; -#ifdef _KERNEL - struct mbuf *m; - m = m_pullup(ptr, sizeof(struct ip)); - if (m == NULL) - return (PKT_ALIAS_IGNORED); - pip = mtod(m, struct ip *); -#else - pip = ptr; -#endif LIBALIAS_LOCK_ASSERT(la); (void)create; @@ -1303,10 +1283,10 @@ /* Local prototypes */ static int -LibAliasOutLocked(struct libalias *la, char *ptr, +LibAliasOutLocked(struct libalias *la, void *ptr, int maxpacketsize, int create); static int -LibAliasInLocked(struct libalias *la, char *ptr, +LibAliasInLocked(struct libalias *la, void *ptr, int maxpacketsize); int @@ -1320,13 +1300,24 @@ return (res); } +#ifdef _KERNEL +#define PULLUP_IPHDR(pip, ptr) do { \ + struct mbuf *m; \ + m = m_pullup((ptr), sizeof(struct ip)); \ + (pip) = mtod(m, struct ip *); \ +} while (0) +#else +#define PULLUP_IPHDR(pip, ptr) pip = ptr +#endif + static int -LibAliasInLocked(struct libalias *la, char *ptr, int maxpacketsize) +LibAliasInLocked(struct libalias *la, void *ptr, int maxpacketsize) { struct in_addr alias_addr; struct ip *pip; int iresult; + iresult = PKT_ALIAS_IGNORED; if (la->packetAliasMode & PKT_ALIAS_REVERSE) { la->packetAliasMode &= ~PKT_ALIAS_REVERSE; iresult = LibAliasOutLocked(la, ptr, maxpacketsize, 1); @@ -1335,17 +1326,16 @@ } HouseKeeping(la); ClearCheckNewLink(la); - pip = (struct ip *)ptr; + PULLUP_IPHDR(pip, ptr); + if (pip == NULL) + goto getout; alias_addr = pip->ip_dst; /* Defense against mangled packets */ if (ntohs(pip->ip_len) > maxpacketsize - || (pip->ip_hl << 2) > maxpacketsize) { - iresult = PKT_ALIAS_IGNORED; + || (pip->ip_hl << 2) > maxpacketsize) goto getout; - } - iresult = PKT_ALIAS_IGNORED; if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0) { switch (pip->ip_p) { case IPPROTO_ICMP: @@ -1369,16 +1359,17 @@ .maxpktsize = 0 }; - /* Walk out chain. */ + /* XXX broken - Walk out chain. */ error = find_handler(IN, IP, la, pip, &ad); + // XXX m_pullup() if (error == 0) iresult = PKT_ALIAS_OK; else - iresult = ProtoAliasIn(la, ptr); + iresult = ProtoAliasIn(la, pip); } - break; + break; default: - iresult = ProtoAliasIn(la, ptr); + iresult = ProtoAliasIn(la, pip); break; } @@ -1440,7 +1431,7 @@ } static int -LibAliasOutLocked(struct libalias *la, char *ptr, /* valid IP packet */ +LibAliasOutLocked(struct libalias *la, void *ptr, /* valid IP packet */ int maxpacketsize, /* How much the packet data may grow (FTP * and IRC inline changes) */ int create /* Create new entries ? */ @@ -1450,6 +1441,7 @@ struct in_addr addr_save; struct ip *pip; + iresult = PKT_ALIAS_IGNORED; if (la->packetAliasMode & PKT_ALIAS_REVERSE) { la->packetAliasMode &= ~PKT_ALIAS_REVERSE; iresult = LibAliasInLocked(la, ptr, maxpacketsize); @@ -1458,14 +1450,14 @@ } HouseKeeping(la); ClearCheckNewLink(la); - pip = (struct ip *)ptr; + PULLUP_IPHDR(pip, ptr); + if (pip == NULL) + goto getout; /* Defense against mangled packets */ if (ntohs(pip->ip_len) > maxpacketsize - || (pip->ip_hl << 2) > maxpacketsize) { - iresult = PKT_ALIAS_IGNORED; + || (pip->ip_hl << 2) > maxpacketsize) goto getout; - } addr_save = GetDefaultAliasAddress(la); if (la->packetAliasMode & PKT_ALIAS_UNREGISTERED_ONLY) { @@ -1487,7 +1479,6 @@ } else if (la->packetAliasMode & PKT_ALIAS_PROXY_ONLY) { SetDefaultAliasAddress(la, pip->ip_src); } - iresult = PKT_ALIAS_IGNORED; if ((ntohs(pip->ip_off) & IP_OFFMASK) == 0) { switch (pip->ip_p) { case IPPROTO_ICMP: @@ -1510,16 +1501,17 @@ .dport = NULL, .maxpktsize = 0 }; - /* Walk out chain. */ + /* XXX broken - Walk out chain. */ error = find_handler(OUT, IP, la, pip, &ad); + // XXX m_pullup() if (error == 0) iresult = PKT_ALIAS_OK; else - iresult = ProtoAliasOut(la, ptr, create); + iresult = ProtoAliasOut(la, pip, create); } break; default: - iresult = ProtoAliasOut(la, ptr, create); + iresult = ProtoAliasOut(la, pip, create); break; } } else {