Date: Tue, 22 Jun 2004 05:54:16 GMT From: Paul Saab <ps@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 55511 for review Message-ID: <200406220554.i5M5sGIF060795@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=55511 Change 55511 by ps@butter.corp on 2004/06/22 05:54:09 IFC Affected files ... .. //depot/projects/sack/cam/cam_xpt.c#3 integrate .. //depot/projects/sack/compat/linux/linux_util.c#2 integrate .. //depot/projects/sack/compat/svr4/svr4_ioctl.c#2 integrate .. //depot/projects/sack/compat/svr4/svr4_ttold.c#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/fil.c#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_auth.c#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_compat.h#3 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_fil.c#3 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_fil.h#3 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_frag.c#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_frag.h#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_ftp_pxy.c#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_log.c#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_nat.c#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_nat.h#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_raudio_pxy.c#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_rcmd_pxy.c#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_state.c#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ip_state.h#2 integrate .. //depot/projects/sack/contrib/ipfilter/netinet/ipl.h#2 integrate .. //depot/projects/sack/dev/ata/atapi-cd.c#2 integrate .. //depot/projects/sack/dev/ciss/ciss.c#3 integrate .. //depot/projects/sack/dev/ciss/cissreg.h#2 integrate .. //depot/projects/sack/dev/ciss/cissvar.h#3 integrate .. //depot/projects/sack/dev/cy/cy.c#4 integrate .. //depot/projects/sack/dev/digi/digi.c#4 integrate .. //depot/projects/sack/dev/esp/esp_sbus.c#2 integrate .. //depot/projects/sack/dev/rp/rp.c#4 integrate .. //depot/projects/sack/dev/rp/rp_pci.c#2 integrate .. //depot/projects/sack/dev/rp/rpreg.h#3 integrate .. //depot/projects/sack/dev/si/si.c#4 integrate .. //depot/projects/sack/dev/sio/sio.c#4 integrate .. //depot/projects/sack/dev/sx/sx.c#4 integrate .. //depot/projects/sack/geom/gate/g_gate.c#3 integrate .. //depot/projects/sack/geom/geom.h#3 integrate .. //depot/projects/sack/i386/ibcs2/ibcs2_ioctl.c#2 integrate .. //depot/projects/sack/i386/ibcs2/ibcs2_sysent.c#2 integrate .. //depot/projects/sack/i4b/driver/i4b_ing.c#2 integrate .. //depot/projects/sack/kern/init_sysent.c#2 integrate .. //depot/projects/sack/kern/kern_exit.c#4 integrate .. //depot/projects/sack/kern/kern_resource.c#4 integrate .. //depot/projects/sack/kern/kern_thread.c#4 integrate .. //depot/projects/sack/kern/kern_time.c#3 integrate .. //depot/projects/sack/kern/sched_4bsd.c#3 integrate .. //depot/projects/sack/kern/sched_ule.c#3 integrate .. //depot/projects/sack/kern/syscalls.c#2 integrate .. //depot/projects/sack/kern/syscalls.master#2 integrate .. //depot/projects/sack/kern/tty.c#4 integrate .. //depot/projects/sack/kern/tty_compat.c#3 integrate .. //depot/projects/sack/kern/tty_pty.c#4 integrate .. //depot/projects/sack/kern/uipc_socket.c#4 integrate .. //depot/projects/sack/kern/vfs_syscalls.c#4 integrate .. //depot/projects/sack/netinet/ip_divert.c#3 integrate .. //depot/projects/sack/pci/if_mn.c#3 integrate .. //depot/projects/sack/sys/ioctl_compat.h#2 integrate .. //depot/projects/sack/sys/syscall.h#2 integrate .. //depot/projects/sack/sys/syscall.mk#2 integrate .. //depot/projects/sack/sys/sysproto.h#2 integrate .. //depot/projects/sack/sys/ttychars.h#2 integrate .. //depot/projects/sack/sys/ttydev.h#2 integrate .. //depot/projects/sack/sys/user.h#3 integrate Differences ... ==== //depot/projects/sack/cam/cam_xpt.c#3 (text+ko) ==== @@ -28,7 +28,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/cam/cam_xpt.c,v 1.139 2004/06/16 09:46:31 phk Exp $"); +__FBSDID("$FreeBSD: src/sys/cam/cam_xpt.c,v 1.141 2004/06/21 19:01:55 ps Exp $"); #include <sys/param.h> #include <sys/bus.h> ==== //depot/projects/sack/compat/linux/linux_util.c#2 (text+ko) ==== @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/compat/linux/linux_util.c,v 1.24 2004/01/14 22:38:03 truckman Exp $"); +__FBSDID("$FreeBSD: src/sys/compat/linux/linux_util.c,v 1.25 2004/06/22 04:22:34 rwatson Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -101,6 +101,8 @@ char *ptr, *buf, *cp; size_t len, sz; + GIANT_REQUIRED; + buf = (char *) malloc(MAXPATHLEN, M_TEMP, M_WAITOK); *pbuf = buf; ==== //depot/projects/sack/compat/svr4/svr4_ioctl.c#2 (text+ko) ==== @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_ioctl.c,v 1.20 2003/06/10 21:35:15 obrien Exp $"); +__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_ioctl.c,v 1.21 2004/06/21 22:57:10 phk Exp $"); #include <sys/param.h> #include <sys/proc.h> @@ -119,10 +119,12 @@ #endif switch (cmd & 0xff00) { +#ifndef BURN_BRIDGES case SVR4_tIOC: DPRINTF(("ttold\n")); fun = svr4_ttold_ioctl; break; +#endif case SVR4_TIOC: DPRINTF(("term\n")); ==== //depot/projects/sack/compat/svr4/svr4_ttold.c#2 (text+ko) ==== @@ -27,7 +27,9 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_ttold.c,v 1.12 2003/06/10 21:35:15 obrien Exp $"); +__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_ttold.c,v 1.13 2004/06/21 22:57:10 phk Exp $"); + +#ifndef BURN_BRIDGES #include <sys/param.h> #include <sys/proc.h> @@ -376,3 +378,5 @@ return 0; /* ENOSYS really */ } } + +#endif /* BURN_BRIDGES */ ==== //depot/projects/sack/contrib/ipfilter/netinet/fil.c#2 (text+ko) ==== @@ -42,6 +42,7 @@ # include <sys/mbuf.h> # endif #else +# include <sys/cmn_err.h> # include <sys/byteorder.h> # if SOLARIS2 < 5 # include <sys/dditypes.h> @@ -99,7 +100,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed"; -static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/fil.c,v 1.37 2004/04/07 20:45:56 imp Exp $"; +static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/fil.c,v 1.38 2004/06/21 22:46:35 darrenr Exp $"; #endif #ifndef _KERNEL @@ -146,6 +147,9 @@ static int frflushlist __P((int, minor_t, int *, frentry_t **)); #ifdef _KERNEL static void frsynclist __P((frentry_t *)); +# ifndef __sgi +static void *ipf_pullup __P((mb_t *, fr_info_t *, int, void *)); +# endif #endif @@ -194,19 +198,27 @@ * compact the IP header into a structure which contains just the info. * which is useful for comparing IP headers with. */ -void fr_makefrip(hlen, ip, fin) +int fr_makefrip(hlen, ip, fin) int hlen; ip_t *ip; fr_info_t *fin; { u_short optmsk = 0, secmsk = 0, auth = 0; int i, mv, ol, off, p, plen, v; +#if defined(_KERNEL) +# if SOLARIS + mb_t *m = fin->fin_qfm; +# else + mb_t *m = fin->fin_mp ? *fin->fin_mp : NULL; +# endif +#endif fr_ip_t *fi = &fin->fin_fi; struct optlist *op; u_char *s, opt; tcphdr_t *tcp; fin->fin_rev = 0; + fin->fin_dp = NULL; fin->fin_fr = NULL; fin->fin_tcpf = 0; fin->fin_data[0] = 0; @@ -220,8 +232,10 @@ if (v == 4) { fin->fin_id = ip->ip_id; fi->fi_tos = ip->ip_tos; +#if (OpenBSD >= 200311) && defined(_KERNEL) + ip->ip_off = ntohs(ip->ip_off); +#endif off = (ip->ip_off & IP_OFFMASK); - tcp = (tcphdr_t *)((char *)ip + hlen); (*(((u_short *)fi) + 1)) = (*(((u_short *)ip) + 4)); fi->fi_src.i6[1] = 0; fi->fi_src.i6[2] = 0; @@ -235,6 +249,9 @@ fi->fi_fl = (hlen > sizeof(ip_t)) ? FI_OPTIONS : 0; if (ip->ip_off & (IP_MF|IP_OFFMASK)) fi->fi_fl |= FI_FRAG; +#if (OpenBSD >= 200311) && defined(_KERNEL) + ip->ip_len = ntohs(ip->ip_len); +#endif plen = ip->ip_len; fin->fin_dlen = plen - hlen; } @@ -246,7 +263,6 @@ p = ip6->ip6_nxt; fi->fi_p = p; fi->fi_ttl = ip6->ip6_hlim; - tcp = (tcphdr_t *)(ip6 + 1); fi->fi_src.in6 = ip6->ip6_src; fi->fi_dst.in6 = ip6->ip6_dst; fin->fin_id = (u_short)(ip6->ip6_flow & 0xffff); @@ -258,14 +274,23 @@ } #endif else - return; + return -1; fin->fin_off = off; fin->fin_plen = plen; - fin->fin_dp = (char *)tcp; + tcp = (tcphdr_t *)((char *)ip + hlen); fin->fin_misc = 0; off <<= 3; + /* + * For both ICMPV6 & ICMP, we attempt to pullup the entire packet into + * a single buffer for recognised error return packets. Why? Because + * the entire data section of the ICMP payload is considered to be of + * significance and maybe required in NAT/state processing, so rather + * than be careful later, attempt to get it all in one buffeer first. + * For TCP we just make sure the _entire_ TCP header is in the first + * buffer for convienience. + */ switch (p) { #ifdef USE_INET6 @@ -274,7 +299,7 @@ int minicmpsz = sizeof(struct icmp6_hdr); struct icmp6_hdr *icmp6; - if (fin->fin_dlen > 1) { + if (!(fin->fin_fl & FI_SHORT) && (fin->fin_dlen > 1)) { fin->fin_data[0] = *(u_short *)tcp; icmp6 = (struct icmp6_hdr *)tcp; @@ -289,6 +314,14 @@ case ICMP6_PACKET_TOO_BIG : case ICMP6_TIME_EXCEEDED : case ICMP6_PARAM_PROB : +# if defined(KERNEL) && !defined(__sgi) + if ((m != NULL) && (M_BLEN(m) < plen)) { + ip = ipf_pullup(m, fin, plen, ip); + if (ip == NULL) + return -1; + tcp = (tcphdr_t *)((char *)ip + hlen); + } +# endif /* KERNEL && !__sgi */ minicmpsz = ICMP6ERR_IPICMPHLEN; break; default : @@ -296,22 +329,27 @@ } } - if (!(plen >= minicmpsz)) + if (!(fin->fin_dlen >= minicmpsz)) fi->fi_fl |= FI_SHORT; break; } -#endif +#endif /* USE_INET6 */ + case IPPROTO_ICMP : { int minicmpsz = sizeof(struct icmp); icmphdr_t *icmp; - if (!off && (fin->fin_dlen > 1)) { + if (!off && (fin->fin_dlen > 1) && !(fin->fin_fl & FI_SHORT)) { fin->fin_data[0] = *(u_short *)tcp; icmp = (icmphdr_t *)tcp; + /* + * Minimum ICMP packet is type(1) code(1) cksum(2) + * plus 4 bytes following, totalling 8 bytes. + */ switch (icmp->icmp_type) { case ICMP_ECHOREPLY : @@ -327,7 +365,7 @@ */ case ICMP_TSTAMP : case ICMP_TSTAMPREPLY : - minicmpsz = 20; + minicmpsz = ICMP_MINLEN + 12; break; /* * type(1) + code(1) + cksum(2) + id(2) seq(2) + @@ -335,9 +373,28 @@ */ case ICMP_MASKREQ : case ICMP_MASKREPLY : - minicmpsz = 12; + minicmpsz = ICMP_MINLEN + 4; + break; + /* + * type(1) + code(1) + cksum(2) + arg(4) ip(20+) + */ + case ICMP_UNREACH : + case ICMP_SOURCEQUENCH : + case ICMP_REDIRECT : + case ICMP_TIMXCEED : + case ICMP_PARAMPROB : +#if defined(KERNEL) && !defined(__sgi) + if ((m != NULL) && (M_BLEN(m) < plen)) { + ip = ipf_pullup(m, fin, plen, ip); + if (ip == NULL) + return -1; + tcp = (tcphdr_t *)((char *)ip + hlen); + } +#endif /* KERNEL && !__sgi */ + minicmpsz = ICMPERR_MINPKTLEN - sizeof(ip_t); break; default : + minicmpsz = ICMP_MINLEN; break; } } @@ -345,9 +402,9 @@ if ((!(plen >= hlen + minicmpsz) && !off) || (off && off < sizeof(struct icmp))) fi->fi_fl |= FI_SHORT; - break; } + case IPPROTO_TCP : fi->fi_fl |= FI_TCPUDP; #ifdef USE_INET6 @@ -361,6 +418,20 @@ (off && off < sizeof(struct tcphdr))) fi->fi_fl |= FI_SHORT; } + +#if defined(KERNEL) && !defined(__sgi) + if (!off && !(fi->fi_fl & FI_SHORT)) { + int tlen = hlen + (tcp->th_off << 2); + + if ((m != NULL) && (M_BLEN(m) < tlen)) { + ip = ipf_pullup(m, fin, tlen, ip); + if (ip == NULL) + return -1; + tcp = (tcphdr_t *)((char *)ip + hlen); + } + } +#endif /* _KERNEL && !_sgi */ + if (!(fi->fi_fl & FI_SHORT) && !off) fin->fin_tcpf = tcp->th_flags; goto getports; @@ -400,12 +471,14 @@ break; } + fin->fin_dp = (char *)tcp; + #ifdef USE_INET6 if (v == 6) { fi->fi_optmsk = 0; fi->fi_secmsk = 0; fi->fi_auth = 0; - return; + return 0; } #endif @@ -462,6 +535,7 @@ fi->fi_optmsk = optmsk; fi->fi_secmsk = secmsk; fi->fi_auth = auth; + return 0; } @@ -749,7 +823,7 @@ #endif /* IPFILTER_LOG */ ATOMIC_INCL(fr->fr_hits); if (passt & FR_ACCOUNT) - fr->fr_bytes += (U_QUAD_T)ip->ip_len; + fr->fr_bytes += (U_QUAD_T)fin->fin_plen; else fin->fin_icode = fr->fr_icode; fin->fin_rule = rulen; @@ -812,12 +886,17 @@ int p, len, drop = 0, logit = 0; mb_t *mc = NULL; # if !defined(__SVR4) && !defined(__svr4__) + /* + * We don't do this section for Solaris because fr_precheck() does a + * pullupmsg() instead, effectively achieving the same result as here + * so no need to duplicate it. + */ # ifdef __sgi char hbuf[128]; # endif int up; -# if !SOLARIS && !defined(NETBSD_PF) && \ +# if !defined(NETBSD_PF) && \ ((defined(__FreeBSD__) && (__FreeBSD_version < 500011)) || \ defined(__OpenBSD__) || defined(_BSDI_VERSION)) if (fr_checkp != fr_check && fr_running > 0) { @@ -855,7 +934,7 @@ } # endif /* CSUM_DELAY_DATA */ -# ifdef USE_INET6 +# ifdef USE_INET6 if (v == 6) { len = ntohs(((ip6_t*)ip)->ip6_plen); if (!len) @@ -863,17 +942,20 @@ len += sizeof(ip6_t); p = ((ip6_t *)ip)->ip6_nxt; } else -# endif +# endif { p = ip->ip_p; len = ip->ip_len; } + fin->fin_mp = mp; + fin->fin_out = out; + if ((p == IPPROTO_TCP || p == IPPROTO_UDP || (v == 4 && p == IPPROTO_ICMP) -# ifdef USE_INET6 +# ifdef USE_INET6 || (v == 6 && p == IPPROTO_ICMPV6) -# endif +# endif )) { int plen = 0; @@ -893,7 +975,7 @@ case IPPROTO_ESP: plen = 8; break; -# ifdef USE_INET6 +# ifdef USE_INET6 case IPPROTO_ICMPV6 : /* * XXX does not take intermediate header @@ -901,8 +983,10 @@ */ plen = ICMP6ERR_MINPKTLEN + 8 - sizeof(ip6_t); break; -# endif +# endif } + if ((plen > 0) && (len < hlen + plen)) + fin->fin_fl |= FI_SHORT; up = MIN(hlen + plen, len); if (up > m->m_len) { @@ -917,14 +1001,34 @@ ip = (ip_t *)hbuf; # else /* __ sgi */ # ifndef linux - if ((*mp = m_pullup(m, up)) == 0) { - ATOMIC_INCL(frstats[out].fr_pull[1]); + /* + * Having determined that we need to pullup some data, + * try to bring as much of the packet up into a single + * buffer with the first pullup. This hopefully means + * less need for doing futher pullups. Not needed for + * Solaris because fr_precheck() does it anyway. + * + * The main potential for trouble here is if MLEN/MHLEN + * become quite small, lets say < 64 bytes...but if + * that did happen, BSD networking as a whole would be + * slow/inefficient. + */ +# ifdef MHLEN + /* + * Assume that M_PKTHDR is set and just work with what + * is left rather than check.. Should not make any + * real difference, anyway. + */ + if ((MHLEN > up) && (len > up)) + up = MIN(len, MHLEN); +# else + if ((MLEN > up) && (len > up)) + up = MIN(len, MLEN); +# endif + ip = ipf_pullup(m, fin, up, ip); + if (ip == NULL) return -1; - } else { - ATOMIC_INCL(frstats[out].fr_pull[0]); - m = *mp; - ip = mtod(m, ip_t *); - } + m = *mp; # endif /* !linux */ # endif /* __sgi */ } else @@ -937,9 +1041,14 @@ if ((u_int)ip & 0x3) return 2; + fin->fin_mp = mp; + fin->fin_out = out; fin->fin_qfm = m; fin->fin_qif = qif; # endif +#else + fin->fin_mp = mp; + fin->fin_out = out; #endif /* _KERNEL */ #ifndef __FreeBSD__ @@ -952,11 +1061,10 @@ #endif changed = 0; + fin->fin_v = v; fin->fin_ifp = ifp; - fin->fin_v = v; - fin->fin_out = out; - fin->fin_mp = mp; - fr_makefrip(hlen, ip, fin); + if (fr_makefrip(hlen, ip, fin) == -1) + return -1; #ifdef _KERNEL # ifdef USE_INET6 @@ -1120,6 +1228,10 @@ if (pass & FR_KEEPSTATE) { if (fr_addstate(ip, fin, NULL, 0) == NULL) { ATOMIC_INCL(frstats[out].fr_bads); + if (pass & FR_PASS) { + pass &= ~FR_PASS; + pass |= FR_BLOCK; + } } else { ATOMIC_INCL(frstats[out].fr_ads); } @@ -1306,6 +1418,12 @@ (void) ipfr_fastroute(ip, mc, &mc, fin, &fr->fr_dif); } # endif /* !SOLARIS */ +#if (OpenBSD >= 200311) && defined(_KERNEL) + if (pass & FR_PASS) { + ip->ip_len = htons(ip->ip_len); + ip->ip_off = htons(ip->ip_off); + } +#endif return (pass & FR_PASS) ? 0 : error; #else /* _KERNEL */ if (pass & FR_NOMATCH) @@ -1403,10 +1521,10 @@ /* * Both sum and sum2 are partial sums, so combine them together. */ - sum = (sum & 0xffff) + (sum >> 16); - sum = ~sum & 0xffff; - sum2 += sum; - sum2 = (sum2 & 0xffff) + (sum2 >> 16); + sum += ~sum2 & 0xffff; + while (sum > 0xffff) + sum = (sum & 0xffff) + (sum >> 16); + sum2 = ~sum & 0xffff; # else /* defined(BSD) || defined(sun) */ { union { @@ -1543,7 +1661,7 @@ * SUCH DAMAGE. * * @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94 - * $Id: fil.c,v 2.35.2.67 2002/12/06 13:28:05 darrenr Exp $ + * $Id: fil.c,v 2.35.2.82 2004/06/20 10:27:47 darrenr Exp $ */ /* * Copy data from an mbuf chain starting "off" bytes from the beginning, @@ -1975,12 +2093,40 @@ static void frsynclist(fr) register frentry_t *fr; { + frdest_t *fdp; + int i; + for (; fr; fr = fr->fr_next) { - if (fr->fr_ifa != NULL) { - fr->fr_ifa = GETUNIT(fr->fr_ifname, fr->fr_ip.fi_v); - if (fr->fr_ifa == NULL) - fr->fr_ifa = (void *)-1; + for (i = 0; i < 4; i++) { + if ((fr->fr_ifnames[i][1] == '\0') && + ((fr->fr_ifnames[i][0] == '-') || + (fr->fr_ifnames[i][0] == '*'))) { + fr->fr_ifas[i] = NULL; + } else if (*fr->fr_ifnames[i]) { + fr->fr_ifas[i] = GETUNIT(fr->fr_ifnames[i], + fr->fr_v); + if (!fr->fr_ifas[i]) + fr->fr_ifas[i] = (void *)-1; + } + } + + fdp = &fr->fr_dif; + fr->fr_flags &= ~FR_DUP; + if (*fdp->fd_ifname) { + fdp->fd_ifp = GETUNIT(fdp->fd_ifname, fr->fr_v); + if (!fdp->fd_ifp) + fdp->fd_ifp = (struct ifnet *)-1; + else + fr->fr_flags |= FR_DUP; + } + + fdp = &fr->fr_tif; + if (*fdp->fd_ifname) { + fdp->fd_ifp = GETUNIT(fdp->fd_ifname, fr->fr_v); + if (!fdp->fd_ifp) + fdp->fd_ifp = (struct ifnet *)-1; } + if (fr->fr_grp) frsynclist(fr->fr_grp); } @@ -2013,6 +2159,9 @@ IFNET_RUNLOCK(); # endif ip_natsync((struct ifnet *)-1); +# if defined(__FreeBSD_version) && (__FreeBSD_version >= 500043) + IFNET_RUNLOCK(); +# endif # endif /* !SOLARIS */ WRITE_ENTER(&ipf_mutex); @@ -2241,3 +2390,64 @@ return ip->ip_len; } #endif + + +#if defined(_KERNEL) && !defined(__sgi) +void *ipf_pullup(m, fin, len, ipin) +mb_t *m; +fr_info_t *fin; +int len; +void *ipin; +{ +# if SOLARIS + qif_t *qf = fin->fin_qif; +# endif + int out = fin->fin_out, dpoff, ipoff; + char *ip; + + if (m == NULL) + return NULL; + + ipoff = (char *)ipin - MTOD(m, char *); + if (fin->fin_dp != NULL) + dpoff = (char *)fin->fin_dp - (char *)ipin; + else + dpoff = 0; + + if (M_BLEN(m) < len) { +# if SOLARIS + qif_t *qf = fin->fin_qif; + int inc = 0; + + if (ipoff > 0) { + if ((ipoff & 3) != 0) { + inc = 4 - (ipoff & 3); + if (m->b_rptr - inc >= m->b_datap->db_base) + m->b_rptr -= inc; + else + inc = 0; + } + } + if (!pullupmsg(m, len + ipoff + inc)) { + ATOMIC_INCL(frstats[out].fr_pull[1]); + return NULL; + } + m->b_rptr += inc; + ATOMIC_INCL(frstats[out].fr_pull[0]); + qf->qf_data = MTOD(m, char *) + ipoff; +# else + m = m_pullup(m, len); + *fin->fin_mp = m; + if (m == NULL) { + ATOMIC_INCL(frstats[out].fr_pull[1]); + return NULL; + } + ATOMIC_INCL(frstats[out].fr_pull[0]); +# endif /* SOLARIS */ + } + ip = MTOD(m, char *) + ipoff; + if (fin->fin_dp != NULL) + fin->fin_dp = (char *)ip + dpoff; + return ip; +} +#endif /* _KERNEL */ ==== //depot/projects/sack/contrib/ipfilter/netinet/ip_auth.c#2 (text+ko) ==== @@ -105,7 +105,7 @@ #if !defined(lint) /* static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.11.2.12 2001/07/18 14:57:08 darrenr Exp $"; */ -static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/ip_auth.c,v 1.33 2003/03/04 23:19:55 jlemon Exp $"; +static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/ip_auth.c,v 1.36 2004/06/22 05:20:30 darrenr Exp $"; #endif @@ -321,6 +321,9 @@ { mb_t *m; #if defined(_KERNEL) && !SOLARIS +# if !defined(__FreeBSD_version) || (__FreeBSD_version < 501104) + struct ifqueue *ifq; +# endif int s; #endif frauth_t auth, *au = &auth, *fra; @@ -423,8 +426,8 @@ bzero((char *)&ro, sizeof(ro)); # if ((_BSDI_VERSION >= 199802) && (_BSDI_VERSION < 200005)) || \ - defined(__OpenBSD__) || (defined(IRIX) && (IRIX >= 605)) || \ - (__FreeBSD_version >= 500042) + defined(__OpenBSD__) || (defined(IRIX) && (IRIX >= 605)) || \ + (__FreeBSD_version >= 470102) error = ip_output(m, NULL, &ro, IP_FORWARDING, NULL, NULL); # else ==== //depot/projects/sack/contrib/ipfilter/netinet/ip_compat.h#3 (text+ko) ==== @@ -5,7 +5,7 @@ * * @(#)ip_compat.h 1.8 1/14/96 * $Id: ip_compat.h,v 2.26.2.9 2001/01/14 14:58:01 darrenr Exp $ - * $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_compat.h,v 1.22 2004/06/08 23:52:22 darrenr Exp $ + * $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_compat.h,v 1.23 2004/06/21 22:46:35 darrenr Exp $ */ #ifndef __IP_COMPAT_H__ @@ -66,7 +66,7 @@ #if defined(__sgi) || defined(bsdi) struct ether_addr { - u_char ether_addr_octet[6]; + u_char ether_addr_octet[6]; }; #endif @@ -164,6 +164,7 @@ # define V4_PART_OF_V6(v6) v6.s6_addr32[3] # endif # endif +# define M_BLEN(m) ((m)->b_wptr - (m)->b_rptr) typedef struct qif { struct qif *qf_next; @@ -173,6 +174,7 @@ void *qf_optr; queue_t *qf_in; queue_t *qf_out; + void *qf_data; /* layer 3 header pointer */ struct qinit *qf_wqinfo; struct qinit *qf_rqinfo; struct qinit qf_wqinit; @@ -525,6 +527,7 @@ # ifndef linux # define FREE_MB_T(m) m_freem(m) # define MTOD(m,t) mtod(m,t) +# define M_BLEN(m) (m)->m_len # define IRCOPY(a,b,c) (bcopy((a), (b), (c)), 0) # define IWCOPY(a,b,c) (bcopy((a), (b), (c)), 0) # define IRCOPYPTR ircopyptr @@ -963,7 +966,7 @@ __u32 th_seq; __u32 th_ack; # if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\ - defined(vax) + defined(__vax__) __u8 th_res:4; __u8 th_off:4; #else @@ -985,7 +988,7 @@ typedef struct { # if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\ - defined(vax) + defined(__vax__) __u8 ip_hl:4; __u8 ip_v:4; # else @@ -1209,8 +1212,8 @@ #define ICMPERR_MINPKTLEN (20 + 8 + 20) #define ICMPERR_MAXPKTLEN (20 + 8 + 20 + 8) #define ICMP6_MINLEN 8 -#define ICMP6ERR_MINPKTLEN (40 + 8) -#define ICMP6ERR_IPICMPHLEN (40 + 8 + 40) +#define ICMP6ERR_IPICMPHLEN (40 + 8) +#define ICMP6ERR_MINPKTLEN (40 + 8 + 40) #ifndef ICMP6_DST_UNREACH # define ICMP6_DST_UNREACH 1 ==== //depot/projects/sack/contrib/ipfilter/netinet/ip_fil.c#3 (text+ko) ==== @@ -131,7 +131,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed"; /* static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.34 2001/07/23 13:49:57 darrenr Exp $"; */ -static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/ip_fil.c,v 1.44 2004/06/16 09:46:34 phk Exp $"; +static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/ip_fil.c,v 1.46 2004/06/22 02:44:06 darrenr Exp $"; #endif extern struct protosw inetsw[]; @@ -537,7 +537,7 @@ # if (__NetBSD_Version__ >= 105150000) || (__FreeBSD_version >= 501108) struct pfil_head *ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET); # ifdef USE_INET6 - struct pfil_head *ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6); + struct pfil_head *ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6); # endif # endif #endif @@ -1055,8 +1055,8 @@ while ((f = *ftail)) ftail = &f->fr_next; else { + ftail = fprev; if (fp->fr_hits) { - ftail = fprev; while (--fp->fr_hits && (f = *ftail)) ftail = &f->fr_next; } @@ -1310,7 +1310,7 @@ frn.fin_ifp = fin->fin_ifp; frn.fin_v = fin->fin_v; frn.fin_out = fin->fin_out; - frn.fin_mp = fin->fin_mp; + frn.fin_mp = mp; ip = mtod(m, ip_t *); hlen = sizeof(*ip); @@ -1354,9 +1354,10 @@ m->m_pkthdr.rcvif = NULL; # endif - fr_makefrip(hlen, ip, &frn); - - error = ipfr_fastroute(m, mp, &frn, NULL); + if (fr_makefrip(hlen, ip, &frn) == 0) + error = ipfr_fastroute(m, mp, &frn, NULL); + else + error = EINVAL; return error; } @@ -1489,7 +1490,13 @@ #endif if (avail) { + slen = oip->ip_len; + oip->ip_len = htons(oip->ip_len); + soff = oip->ip_off; + oip->ip_off = htons(oip->ip_off); bcopy((char *)oip, (char *)&icmp->icmp_ip, MIN(ohlen, avail)); + oip->ip_len = slen; + oip->ip_off = soff; avail -= MIN(ohlen, avail); } @@ -1510,10 +1517,6 @@ } else #endif { - slen = oip->ip_len; - oip->ip_len = htons(oip->ip_len); - soff = oip->ip_off; - oip->ip_off = htons(ip->ip_off); ip->ip_src.s_addr = dst4.s_addr; ip->ip_dst.s_addr = oip->ip_src.s_addr; @@ -1533,13 +1536,7 @@ fin->fin_hlen = hlen; err = send_ip(oip, fin, &m); fin->fin_hlen = shlen; -#ifdef USE_INET6 - if (fin->fin_v == 4) -#endif - { - oip->ip_len = slen; - oip->ip_off = soff; - } + return err; } @@ -1597,7 +1594,7 @@ register struct ip *ip, *mhip; register struct mbuf *m = m0; register struct route *ro; - int len, off, error = 0, hlen, code; + int len, off, error = 0, hlen, code, sout; struct ifnet *ifp, *sifp; struct sockaddr_in *dst; struct route iproute; @@ -1663,7 +1660,7 @@ /* * Route packet. */ -#if defined(__sgi) && (IRIX >= 605) +#if (defined(IRIX) && (IRIX >= 605)) ROUTE_RDLOCK(); #endif bzero((caddr_t)ro, sizeof (*ro)); @@ -1682,8 +1679,12 @@ * check that we're going in the correct direction. */ if ((fr != NULL) && (fin->fin_rev != 0)) { - if ((ifp != NULL) && (fdp == &fr->fr_tif)) + if ((ifp != NULL) && (fdp == &fr->fr_tif)) { +# if (defined(IRIX) && (IRIX >= 605)) + ROUTE_UNLOCK(); +# endif return 0; + } } else if (fdp != NULL) { if (fdp->fd_ip.s_addr != 0) dst->sin_addr = fdp->fd_ip; @@ -1703,13 +1704,12 @@ rtalloc(ro); # endif -#if defined(__sgi) && (IRIX > 602) - ROUTE_UNLOCK(); -#endif - if (!ifp) { if (!fr || !(fr->fr_flags & FR_FASTROUTE)) { error = -2; +# if (defined(IRIX) && (IRIX >= 605)) + ROUTE_UNLOCK(); +# endif goto bad; } } @@ -1722,11 +1722,14 @@ error = EHOSTUNREACH; else error = ENETUNREACH; +# if (defined(IRIX) && (IRIX >= 605)) + ROUTE_UNLOCK(); +# endif goto bad; } if (ro->ro_rt->rt_flags & RTF_GATEWAY) { -#if BSD >= 199306 +#if (BSD >= 199306) || (defined(IRIX) && (IRIX >= 605)) dst = (struct sockaddr_in *)ro->ro_rt->rt_gateway; #else dst = (struct sockaddr_in *)&ro->ro_rt->rt_gateway; >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406220554.i5M5sGIF060795>