Commit | Line | Data |
---|---|---|
8ae0e4b4 | 1 | /* |
0880b18e | 2 | * Copyright (c) 1982, 1986 Regents of the University of California. |
2b6b6284 | 3 | * All rights reserved. |
8ae0e4b4 | 4 | * |
2b6b6284 KB |
5 | * Redistribution and use in source and binary forms are permitted |
6 | * provided that this notice is preserved and that due credit is given | |
7 | * to the University of California at Berkeley. The name of the University | |
8 | * may not be used to endorse or promote products derived from this | |
9 | * software without specific prior written permission. This software | |
10 | * is provided ``as is'' without express or implied warranty. | |
11 | * | |
12 | * @(#)ip_input.c 7.8 (Berkeley) %G% | |
8ae0e4b4 | 13 | */ |
6e8b2eca | 14 | |
20666ad3 JB |
15 | #include "param.h" |
16 | #include "systm.h" | |
17 | #include "mbuf.h" | |
18 | #include "domain.h" | |
19 | #include "protosw.h" | |
20 | #include "socket.h" | |
21 | #include "errno.h" | |
22 | #include "time.h" | |
23 | #include "kernel.h" | |
6e7edb25 BJ |
24 | |
25 | #include "../net/if.h" | |
26 | #include "../net/route.h" | |
f4d55810 | 27 | |
20666ad3 JB |
28 | #include "in.h" |
29 | #include "in_pcb.h" | |
30 | #include "in_systm.h" | |
f223fa7d | 31 | #include "in_var.h" |
20666ad3 JB |
32 | #include "ip.h" |
33 | #include "ip_var.h" | |
34 | #include "ip_icmp.h" | |
35 | #include "tcp.h" | |
e6dd2097 | 36 | |
eb44bfb2 | 37 | u_char ip_protox[IPPROTO_MAX]; |
1e977657 | 38 | int ipqmaxlen = IFQ_MAXLEN; |
f223fa7d | 39 | struct in_ifaddr *in_ifaddr; /* first inet address */ |
eb44bfb2 | 40 | |
8fb48289 MK |
41 | /* |
42 | * We need to save the IP options in case a protocol wants to respond | |
43 | * to an incoming packet over the same route if the packet got here | |
44 | * using IP source routing. This allows connection establishment and | |
45 | * maintenance when the remote end is on a network that is not known | |
46 | * to us. | |
47 | */ | |
48 | int ip_nhops = 0; | |
49 | static struct ip_srcrt { | |
50 | char nop; /* one NOP to align */ | |
51 | char srcopt[IPOPT_OFFSET + 1]; /* OPTVAL, OLEN and OFFSET */ | |
52 | struct in_addr route[MAX_IPOPTLEN]; | |
53 | } ip_srcrt; | |
54 | ||
d52566dd | 55 | /* |
b454c3ea | 56 | * IP initialization: fill in IP protocol switch table. |
405c9168 | 57 | * All protocols not implemented in kernel go to raw IP protocol handler. |
d52566dd BJ |
58 | */ |
59 | ip_init() | |
60 | { | |
eb44bfb2 BJ |
61 | register struct protosw *pr; |
62 | register int i; | |
eb44bfb2 | 63 | |
8fb48289 | 64 | pr = pffindproto(PF_INET, IPPROTO_RAW, SOCK_RAW); |
eb44bfb2 BJ |
65 | if (pr == 0) |
66 | panic("ip_init"); | |
67 | for (i = 0; i < IPPROTO_MAX; i++) | |
59965020 BJ |
68 | ip_protox[i] = pr - inetsw; |
69 | for (pr = inetdomain.dom_protosw; | |
36bb5f94 | 70 | pr < inetdomain.dom_protoswNPROTOSW; pr++) |
abe04898 | 71 | if (pr->pr_domain->dom_family == PF_INET && |
eb44bfb2 | 72 | pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW) |
59965020 | 73 | ip_protox[pr->pr_protocol] = pr - inetsw; |
d52566dd | 74 | ipq.next = ipq.prev = &ipq; |
b2ac7f3b | 75 | ip_id = time.tv_sec & 0xffff; |
1e977657 | 76 | ipintrq.ifq_maxlen = ipqmaxlen; |
d52566dd BJ |
77 | } |
78 | ||
eb44bfb2 | 79 | u_char ipcksum = 1; |
e6dd2097 | 80 | struct ip *ip_reass(); |
ee787340 | 81 | struct sockaddr_in ipaddr = { AF_INET }; |
8fb48289 | 82 | struct route ipforward_rt; |
e6dd2097 | 83 | |
e6dd2097 BJ |
84 | /* |
85 | * Ip input routine. Checksum and byte swap header. If fragmented | |
86 | * try to reassamble. If complete and fragment queue exists, discard. | |
87 | * Process options. Pass to next level. | |
88 | */ | |
8a13b737 | 89 | ipintr() |
e1d82856 | 90 | { |
2b4b57cd | 91 | register struct ip *ip; |
8a13b737 | 92 | register struct mbuf *m; |
a8d3bf7f | 93 | struct mbuf *m0; |
e6dd2097 | 94 | register int i; |
e1d82856 | 95 | register struct ipq *fp; |
f223fa7d | 96 | register struct in_ifaddr *ia; |
8fb48289 | 97 | struct ifnet *ifp; |
8a13b737 | 98 | int hlen, s; |
e1d82856 | 99 | |
8a13b737 | 100 | next: |
e6dd2097 | 101 | /* |
8a13b737 BJ |
102 | * Get next datagram off input queue and get IP header |
103 | * in first mbuf. | |
e6dd2097 | 104 | */ |
8a13b737 | 105 | s = splimp(); |
8fb48289 | 106 | IF_DEQUEUEIF(&ipintrq, m, ifp); |
8a13b737 | 107 | splx(s); |
7ac98d3c | 108 | if (m == 0) |
8a13b737 | 109 | return; |
773dfe90 MK |
110 | /* |
111 | * If no IP addresses have been set yet but the interfaces | |
112 | * are receiving, can't do anything with incoming packets yet. | |
113 | */ | |
114 | if (in_ifaddr == NULL) | |
115 | goto bad; | |
7922844b | 116 | ipstat.ips_total++; |
9411b6be | 117 | if ((m->m_off > MMAXOFF || m->m_len < sizeof (struct ip)) && |
9dc8d46a SL |
118 | (m = m_pullup(m, sizeof (struct ip))) == 0) { |
119 | ipstat.ips_toosmall++; | |
120 | goto next; | |
121 | } | |
e6dd2097 | 122 | ip = mtod(m, struct ip *); |
f223fa7d | 123 | hlen = ip->ip_hl << 2; |
8fb48289 | 124 | if (hlen < sizeof(struct ip)) { /* minimum header length */ |
f223fa7d | 125 | ipstat.ips_badhlen++; |
ac066ae1 | 126 | goto bad; |
f223fa7d MK |
127 | } |
128 | if (hlen > m->m_len) { | |
9dc8d46a SL |
129 | if ((m = m_pullup(m, hlen)) == 0) { |
130 | ipstat.ips_badhlen++; | |
131 | goto next; | |
132 | } | |
405c9168 BJ |
133 | ip = mtod(m, struct ip *); |
134 | } | |
4ad99bae | 135 | if (ipcksum) |
7c08c626 | 136 | if (ip->ip_sum = in_cksum(m, hlen)) { |
4ad99bae BJ |
137 | ipstat.ips_badsum++; |
138 | goto bad; | |
e1d82856 | 139 | } |
4ad99bae BJ |
140 | |
141 | /* | |
142 | * Convert fields to host representation. | |
143 | */ | |
cdad2eb1 | 144 | ip->ip_len = ntohs((u_short)ip->ip_len); |
9dc8d46a SL |
145 | if (ip->ip_len < hlen) { |
146 | ipstat.ips_badlen++; | |
147 | goto bad; | |
148 | } | |
e6dd2097 | 149 | ip->ip_id = ntohs(ip->ip_id); |
4ad99bae | 150 | ip->ip_off = ntohs((u_short)ip->ip_off); |
e1d82856 | 151 | |
d10bd5b7 | 152 | /* |
e6dd2097 BJ |
153 | * Check that the amount of data in the buffers |
154 | * is as at least much as the IP header would have us expect. | |
155 | * Trim mbufs if longer than we expect. | |
156 | * Drop packet if shorter than we expect. | |
d10bd5b7 | 157 | */ |
8fb48289 | 158 | i = -(u_short)ip->ip_len; |
405c9168 | 159 | m0 = m; |
9c0ca361 | 160 | for (;;) { |
e1d82856 | 161 | i += m->m_len; |
9c0ca361 BJ |
162 | if (m->m_next == 0) |
163 | break; | |
164 | m = m->m_next; | |
1dd55890 | 165 | } |
9c0ca361 BJ |
166 | if (i != 0) { |
167 | if (i < 0) { | |
405c9168 | 168 | ipstat.ips_tooshort++; |
842b6bb5 | 169 | m = m0; |
4ad99bae | 170 | goto bad; |
405c9168 | 171 | } |
9c0ca361 BJ |
172 | if (i <= m->m_len) |
173 | m->m_len -= i; | |
174 | else | |
175 | m_adj(m0, -i); | |
d10bd5b7 | 176 | } |
9c0ca361 | 177 | m = m0; |
e1d82856 | 178 | |
e6dd2097 BJ |
179 | /* |
180 | * Process options and, if not destined for us, | |
72e4f44e SL |
181 | * ship it on. ip_dooptions returns 1 when an |
182 | * error was detected (causing an icmp message | |
ac066ae1 | 183 | * to be sent and the original packet to be freed). |
e6dd2097 | 184 | */ |
8fb48289 | 185 | ip_nhops = 0; /* for source routed packets */ |
c45e83d2 | 186 | if (hlen > sizeof (struct ip) && ip_dooptions(ip, ifp)) |
72e4f44e | 187 | goto next; |
ee787340 SL |
188 | |
189 | /* | |
f223fa7d | 190 | * Check our list of addresses, to see if the packet is for us. |
ee787340 | 191 | */ |
f223fa7d MK |
192 | for (ia = in_ifaddr; ia; ia = ia->ia_next) { |
193 | #define satosin(sa) ((struct sockaddr_in *)(sa)) | |
194 | ||
195 | if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_dst.s_addr) | |
8fb48289 | 196 | goto ours; |
4afb57fa MK |
197 | if ( |
198 | #ifdef DIRECTED_BROADCAST | |
199 | ia->ia_ifp == ifp && | |
200 | #endif | |
201 | (ia->ia_ifp->if_flags & IFF_BROADCAST)) { | |
b2a3d559 | 202 | u_long t; |
4afb57fa MK |
203 | |
204 | if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr == | |
205 | ip->ip_dst.s_addr) | |
206 | goto ours; | |
207 | if (ip->ip_dst.s_addr == ia->ia_netbroadcast.s_addr) | |
208 | goto ours; | |
209 | /* | |
210 | * Look for all-0's host part (old broadcast addr), | |
211 | * either for subnet or net. | |
212 | */ | |
b2a3d559 MK |
213 | t = ntohl(ip->ip_dst.s_addr); |
214 | if (t == ia->ia_subnet) | |
4afb57fa | 215 | goto ours; |
b2a3d559 | 216 | if (t == ia->ia_net) |
4afb57fa MK |
217 | goto ours; |
218 | } | |
d10bd5b7 | 219 | } |
8fb48289 MK |
220 | if (ip->ip_dst.s_addr == (u_long)INADDR_BROADCAST) |
221 | goto ours; | |
222 | if (ip->ip_dst.s_addr == INADDR_ANY) | |
223 | goto ours; | |
e1d82856 | 224 | |
8fb48289 MK |
225 | /* |
226 | * Not for us; forward if possible and desirable. | |
227 | */ | |
228 | ip_forward(ip, ifp); | |
229 | goto next; | |
230 | ||
231 | ours: | |
e6dd2097 BJ |
232 | /* |
233 | * Look for queue of fragments | |
234 | * of this datagram. | |
235 | */ | |
236 | for (fp = ipq.next; fp != &ipq; fp = fp->next) | |
237 | if (ip->ip_id == fp->ipq_id && | |
238 | ip->ip_src.s_addr == fp->ipq_src.s_addr && | |
239 | ip->ip_dst.s_addr == fp->ipq_dst.s_addr && | |
240 | ip->ip_p == fp->ipq_p) | |
241 | goto found; | |
242 | fp = 0; | |
243 | found: | |
e1d82856 | 244 | |
e6dd2097 BJ |
245 | /* |
246 | * Adjust ip_len to not reflect header, | |
247 | * set ip_mff if more fragments are expected, | |
248 | * convert offset of this to bytes. | |
249 | */ | |
250 | ip->ip_len -= hlen; | |
eb44bfb2 | 251 | ((struct ipasfrag *)ip)->ipf_mff = 0; |
e6dd2097 | 252 | if (ip->ip_off & IP_MF) |
eb44bfb2 | 253 | ((struct ipasfrag *)ip)->ipf_mff = 1; |
e6dd2097 | 254 | ip->ip_off <<= 3; |
e1d82856 | 255 | |
e6dd2097 BJ |
256 | /* |
257 | * If datagram marked as having more fragments | |
258 | * or if this is not the first fragment, | |
259 | * attempt reassembly; if it succeeds, proceed. | |
260 | */ | |
eb44bfb2 | 261 | if (((struct ipasfrag *)ip)->ipf_mff || ip->ip_off) { |
8fb48289 | 262 | ipstat.ips_fragments++; |
eb44bfb2 | 263 | ip = ip_reass((struct ipasfrag *)ip, fp); |
e6dd2097 | 264 | if (ip == 0) |
8a13b737 | 265 | goto next; |
e6dd2097 BJ |
266 | m = dtom(ip); |
267 | } else | |
268 | if (fp) | |
e16de434 | 269 | ip_freef(fp); |
4ad99bae BJ |
270 | |
271 | /* | |
272 | * Switch out to protocol's input routine. | |
273 | */ | |
8fb48289 | 274 | (*inetsw[ip_protox[ip->ip_p]].pr_input)(m, ifp); |
8a13b737 | 275 | goto next; |
4ad99bae BJ |
276 | bad: |
277 | m_freem(m); | |
8a13b737 | 278 | goto next; |
e6dd2097 | 279 | } |
e1d82856 | 280 | |
e6dd2097 BJ |
281 | /* |
282 | * Take incoming datagram fragment and try to | |
4ad99bae | 283 | * reassemble it into whole datagram. If a chain for |
e6dd2097 BJ |
284 | * reassembly of this datagram already exists, then it |
285 | * is given as fp; otherwise have to make a chain. | |
286 | */ | |
287 | struct ip * | |
288 | ip_reass(ip, fp) | |
eb44bfb2 | 289 | register struct ipasfrag *ip; |
e6dd2097 BJ |
290 | register struct ipq *fp; |
291 | { | |
292 | register struct mbuf *m = dtom(ip); | |
eb44bfb2 | 293 | register struct ipasfrag *q; |
e6dd2097 BJ |
294 | struct mbuf *t; |
295 | int hlen = ip->ip_hl << 2; | |
296 | int i, next; | |
d10bd5b7 | 297 | |
e6dd2097 BJ |
298 | /* |
299 | * Presence of header sizes in mbufs | |
300 | * would confuse code below. | |
301 | */ | |
302 | m->m_off += hlen; | |
303 | m->m_len -= hlen; | |
d10bd5b7 | 304 | |
e6dd2097 BJ |
305 | /* |
306 | * If first fragment to arrive, create a reassembly queue. | |
307 | */ | |
308 | if (fp == 0) { | |
13494852 | 309 | if ((t = m_get(M_DONTWAIT, MT_FTABLE)) == NULL) |
e6dd2097 | 310 | goto dropfrag; |
e6dd2097 BJ |
311 | fp = mtod(t, struct ipq *); |
312 | insque(fp, &ipq); | |
313 | fp->ipq_ttl = IPFRAGTTL; | |
314 | fp->ipq_p = ip->ip_p; | |
315 | fp->ipq_id = ip->ip_id; | |
eb44bfb2 BJ |
316 | fp->ipq_next = fp->ipq_prev = (struct ipasfrag *)fp; |
317 | fp->ipq_src = ((struct ip *)ip)->ip_src; | |
318 | fp->ipq_dst = ((struct ip *)ip)->ip_dst; | |
405c9168 BJ |
319 | q = (struct ipasfrag *)fp; |
320 | goto insert; | |
e6dd2097 | 321 | } |
e1d82856 | 322 | |
e6dd2097 BJ |
323 | /* |
324 | * Find a segment which begins after this one does. | |
325 | */ | |
eb44bfb2 | 326 | for (q = fp->ipq_next; q != (struct ipasfrag *)fp; q = q->ipf_next) |
e6dd2097 BJ |
327 | if (q->ip_off > ip->ip_off) |
328 | break; | |
e1d82856 | 329 | |
e6dd2097 BJ |
330 | /* |
331 | * If there is a preceding segment, it may provide some of | |
332 | * our data already. If so, drop the data from the incoming | |
333 | * segment. If it provides all of our data, drop us. | |
334 | */ | |
eb44bfb2 BJ |
335 | if (q->ipf_prev != (struct ipasfrag *)fp) { |
336 | i = q->ipf_prev->ip_off + q->ipf_prev->ip_len - ip->ip_off; | |
e6dd2097 BJ |
337 | if (i > 0) { |
338 | if (i >= ip->ip_len) | |
339 | goto dropfrag; | |
340 | m_adj(dtom(ip), i); | |
341 | ip->ip_off += i; | |
342 | ip->ip_len -= i; | |
e1d82856 | 343 | } |
d10bd5b7 | 344 | } |
e1d82856 | 345 | |
e6dd2097 BJ |
346 | /* |
347 | * While we overlap succeeding segments trim them or, | |
348 | * if they are completely covered, dequeue them. | |
349 | */ | |
eb44bfb2 | 350 | while (q != (struct ipasfrag *)fp && ip->ip_off + ip->ip_len > q->ip_off) { |
e6dd2097 BJ |
351 | i = (ip->ip_off + ip->ip_len) - q->ip_off; |
352 | if (i < q->ip_len) { | |
353 | q->ip_len -= i; | |
c107df34 | 354 | q->ip_off += i; |
e6dd2097 BJ |
355 | m_adj(dtom(q), i); |
356 | break; | |
357 | } | |
eb44bfb2 BJ |
358 | q = q->ipf_next; |
359 | m_freem(dtom(q->ipf_prev)); | |
360 | ip_deq(q->ipf_prev); | |
e6dd2097 | 361 | } |
e1d82856 | 362 | |
405c9168 | 363 | insert: |
e6dd2097 BJ |
364 | /* |
365 | * Stick new segment in its place; | |
366 | * check for complete reassembly. | |
367 | */ | |
eb44bfb2 | 368 | ip_enq(ip, q->ipf_prev); |
e6dd2097 | 369 | next = 0; |
eb44bfb2 | 370 | for (q = fp->ipq_next; q != (struct ipasfrag *)fp; q = q->ipf_next) { |
e6dd2097 BJ |
371 | if (q->ip_off != next) |
372 | return (0); | |
373 | next += q->ip_len; | |
374 | } | |
eb44bfb2 | 375 | if (q->ipf_prev->ipf_mff) |
e6dd2097 | 376 | return (0); |
e1d82856 | 377 | |
e6dd2097 BJ |
378 | /* |
379 | * Reassembly is complete; concatenate fragments. | |
380 | */ | |
381 | q = fp->ipq_next; | |
382 | m = dtom(q); | |
383 | t = m->m_next; | |
384 | m->m_next = 0; | |
385 | m_cat(m, t); | |
dfb346d0 BJ |
386 | q = q->ipf_next; |
387 | while (q != (struct ipasfrag *)fp) { | |
388 | t = dtom(q); | |
389 | q = q->ipf_next; | |
390 | m_cat(m, t); | |
391 | } | |
e1d82856 | 392 | |
e6dd2097 BJ |
393 | /* |
394 | * Create header for new ip packet by | |
395 | * modifying header of first packet; | |
396 | * dequeue and discard fragment reassembly header. | |
397 | * Make header visible. | |
398 | */ | |
399 | ip = fp->ipq_next; | |
400 | ip->ip_len = next; | |
eb44bfb2 BJ |
401 | ((struct ip *)ip)->ip_src = fp->ipq_src; |
402 | ((struct ip *)ip)->ip_dst = fp->ipq_dst; | |
e6dd2097 | 403 | remque(fp); |
cdad2eb1 | 404 | (void) m_free(dtom(fp)); |
e6dd2097 | 405 | m = dtom(ip); |
8fb48289 MK |
406 | m->m_len += (ip->ip_hl << 2); |
407 | m->m_off -= (ip->ip_hl << 2); | |
eb44bfb2 | 408 | return ((struct ip *)ip); |
e6dd2097 BJ |
409 | |
410 | dropfrag: | |
8fb48289 | 411 | ipstat.ips_fragdropped++; |
e6dd2097 BJ |
412 | m_freem(m); |
413 | return (0); | |
e1d82856 BJ |
414 | } |
415 | ||
e6dd2097 BJ |
416 | /* |
417 | * Free a fragment reassembly header and all | |
418 | * associated datagrams. | |
419 | */ | |
e6dd2097 BJ |
420 | ip_freef(fp) |
421 | struct ipq *fp; | |
e1d82856 | 422 | { |
e16de434 | 423 | register struct ipasfrag *q, *p; |
e6dd2097 | 424 | |
e16de434 SL |
425 | for (q = fp->ipq_next; q != (struct ipasfrag *)fp; q = p) { |
426 | p = q->ipf_next; | |
427 | ip_deq(q); | |
e6dd2097 | 428 | m_freem(dtom(q)); |
e16de434 SL |
429 | } |
430 | remque(fp); | |
431 | (void) m_free(dtom(fp)); | |
e1d82856 BJ |
432 | } |
433 | ||
e6dd2097 BJ |
434 | /* |
435 | * Put an ip fragment on a reassembly chain. | |
436 | * Like insque, but pointers in middle of structure. | |
437 | */ | |
438 | ip_enq(p, prev) | |
eb44bfb2 | 439 | register struct ipasfrag *p, *prev; |
e1d82856 | 440 | { |
e1d82856 | 441 | |
eb44bfb2 BJ |
442 | p->ipf_prev = prev; |
443 | p->ipf_next = prev->ipf_next; | |
444 | prev->ipf_next->ipf_prev = p; | |
445 | prev->ipf_next = p; | |
e1d82856 BJ |
446 | } |
447 | ||
e6dd2097 BJ |
448 | /* |
449 | * To ip_enq as remque is to insque. | |
450 | */ | |
451 | ip_deq(p) | |
eb44bfb2 | 452 | register struct ipasfrag *p; |
e1d82856 | 453 | { |
e6dd2097 | 454 | |
eb44bfb2 BJ |
455 | p->ipf_prev->ipf_next = p->ipf_next; |
456 | p->ipf_next->ipf_prev = p->ipf_prev; | |
e1d82856 BJ |
457 | } |
458 | ||
e6dd2097 BJ |
459 | /* |
460 | * IP timer processing; | |
461 | * if a timer expires on a reassembly | |
462 | * queue, discard it. | |
463 | */ | |
d52566dd | 464 | ip_slowtimo() |
e1d82856 BJ |
465 | { |
466 | register struct ipq *fp; | |
e6dd2097 | 467 | int s = splnet(); |
e1d82856 | 468 | |
4aed14e3 BJ |
469 | fp = ipq.next; |
470 | if (fp == 0) { | |
471 | splx(s); | |
472 | return; | |
473 | } | |
e16de434 SL |
474 | while (fp != &ipq) { |
475 | --fp->ipq_ttl; | |
476 | fp = fp->next; | |
8fb48289 MK |
477 | if (fp->prev->ipq_ttl == 0) { |
478 | ipstat.ips_fragtimeout++; | |
e16de434 | 479 | ip_freef(fp->prev); |
8fb48289 | 480 | } |
e16de434 | 481 | } |
e6dd2097 | 482 | splx(s); |
e1d82856 BJ |
483 | } |
484 | ||
4ad99bae BJ |
485 | /* |
486 | * Drain off all datagram fragments. | |
487 | */ | |
d52566dd BJ |
488 | ip_drain() |
489 | { | |
490 | ||
8fb48289 MK |
491 | while (ipq.next != &ipq) { |
492 | ipstat.ips_fragdropped++; | |
e16de434 | 493 | ip_freef(ipq.next); |
8fb48289 | 494 | } |
d52566dd | 495 | } |
2b4b57cd | 496 | |
1846019d | 497 | extern struct in_ifaddr *ifptoia(); |
8fb48289 MK |
498 | struct in_ifaddr *ip_rtaddr(); |
499 | ||
e6dd2097 BJ |
500 | /* |
501 | * Do option processing on a datagram, | |
502 | * possibly discarding it if bad options | |
503 | * are encountered. | |
504 | */ | |
c45e83d2 MK |
505 | ip_dooptions(ip, ifp) |
506 | register struct ip *ip; | |
507 | struct ifnet *ifp; | |
e1d82856 | 508 | { |
e6dd2097 | 509 | register u_char *cp; |
8fb48289 | 510 | int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB; |
d52566dd | 511 | register struct ip_timestamp *ipt; |
8fb48289 MK |
512 | register struct in_ifaddr *ia; |
513 | struct in_addr *sin; | |
514 | n_time ntime; | |
e6dd2097 BJ |
515 | |
516 | cp = (u_char *)(ip + 1); | |
517 | cnt = (ip->ip_hl << 2) - sizeof (struct ip); | |
518 | for (; cnt > 0; cnt -= optlen, cp += optlen) { | |
8fb48289 | 519 | opt = cp[IPOPT_OPTVAL]; |
e6dd2097 BJ |
520 | if (opt == IPOPT_EOL) |
521 | break; | |
522 | if (opt == IPOPT_NOP) | |
523 | optlen = 1; | |
942169f7 | 524 | else { |
8fb48289 MK |
525 | optlen = cp[IPOPT_OLEN]; |
526 | if (optlen <= 0 || optlen > cnt) { | |
527 | code = &cp[IPOPT_OLEN] - (u_char *)ip; | |
36bb5f94 | 528 | goto bad; |
8fb48289 | 529 | } |
942169f7 | 530 | } |
e6dd2097 | 531 | switch (opt) { |
e1d82856 | 532 | |
e6dd2097 BJ |
533 | default: |
534 | break; | |
e1d82856 | 535 | |
4ad99bae BJ |
536 | /* |
537 | * Source routing with record. | |
538 | * Find interface with current destination address. | |
539 | * If none on this machine then drop if strictly routed, | |
540 | * or do nothing if loosely routed. | |
541 | * Record interface address and bring up next address | |
542 | * component. If strictly routed make sure next | |
543 | * address on directly accessible net. | |
544 | */ | |
e6dd2097 | 545 | case IPOPT_LSRR: |
a71ece0a | 546 | case IPOPT_SSRR: |
8fb48289 MK |
547 | if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { |
548 | code = &cp[IPOPT_OFFSET] - (u_char *)ip; | |
549 | goto bad; | |
550 | } | |
551 | ipaddr.sin_addr = ip->ip_dst; | |
552 | ia = (struct in_ifaddr *) | |
553 | ifa_ifwithaddr((struct sockaddr *)&ipaddr); | |
554 | if (ia == 0) { | |
555 | if (opt == IPOPT_SSRR) { | |
556 | type = ICMP_UNREACH; | |
557 | code = ICMP_UNREACH_SRCFAIL; | |
4ad99bae | 558 | goto bad; |
8fb48289 MK |
559 | } |
560 | /* | |
561 | * Loose routing, and not at next destination | |
562 | * yet; nothing to do except forward. | |
563 | */ | |
4ad99bae | 564 | break; |
e6dd2097 | 565 | } |
8fb48289 MK |
566 | off--; /* 0 origin */ |
567 | if (off > optlen - sizeof(struct in_addr)) { | |
568 | /* | |
569 | * End of source route. Should be for us. | |
570 | */ | |
571 | save_rte(cp, ip->ip_src); | |
4ad99bae | 572 | break; |
8fb48289 MK |
573 | } |
574 | /* | |
575 | * locate outgoing interface | |
576 | */ | |
8011f5df | 577 | bcopy((caddr_t)(cp + off), (caddr_t)&ipaddr.sin_addr, |
8fb48289 MK |
578 | sizeof(ipaddr.sin_addr)); |
579 | if ((opt == IPOPT_SSRR && | |
580 | in_iaonnetof(in_netof(ipaddr.sin_addr)) == 0) || | |
581 | (ia = ip_rtaddr(ipaddr.sin_addr)) == 0) { | |
582 | type = ICMP_UNREACH; | |
583 | code = ICMP_UNREACH_SRCFAIL; | |
4ad99bae | 584 | goto bad; |
8fb48289 MK |
585 | } |
586 | ip->ip_dst = ipaddr.sin_addr; | |
8011f5df MK |
587 | bcopy((caddr_t)&(IA_SIN(ia)->sin_addr), |
588 | (caddr_t)(cp + off), sizeof(struct in_addr)); | |
8fb48289 MK |
589 | cp[IPOPT_OFFSET] += sizeof(struct in_addr); |
590 | break; | |
591 | ||
592 | case IPOPT_RR: | |
593 | if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { | |
594 | code = &cp[IPOPT_OFFSET] - (u_char *)ip; | |
595 | goto bad; | |
596 | } | |
597 | /* | |
598 | * If no space remains, ignore. | |
599 | */ | |
600 | off--; /* 0 origin */ | |
601 | if (off > optlen - sizeof(struct in_addr)) | |
602 | break; | |
c13e44b4 | 603 | bcopy((caddr_t)(&ip->ip_dst), (caddr_t)&ipaddr.sin_addr, |
8fb48289 MK |
604 | sizeof(ipaddr.sin_addr)); |
605 | /* | |
606 | * locate outgoing interface | |
607 | */ | |
608 | if ((ia = ip_rtaddr(ipaddr.sin_addr)) == 0) { | |
609 | type = ICMP_UNREACH; | |
d89cc5db | 610 | code = ICMP_UNREACH_HOST; |
8fb48289 MK |
611 | goto bad; |
612 | } | |
8011f5df MK |
613 | bcopy((caddr_t)&(IA_SIN(ia)->sin_addr), |
614 | (caddr_t)(cp + off), sizeof(struct in_addr)); | |
8fb48289 | 615 | cp[IPOPT_OFFSET] += sizeof(struct in_addr); |
e6dd2097 BJ |
616 | break; |
617 | ||
618 | case IPOPT_TS: | |
72e4f44e | 619 | code = cp - (u_char *)ip; |
d52566dd BJ |
620 | ipt = (struct ip_timestamp *)cp; |
621 | if (ipt->ipt_len < 5) | |
e6dd2097 | 622 | goto bad; |
d52566dd BJ |
623 | if (ipt->ipt_ptr > ipt->ipt_len - sizeof (long)) { |
624 | if (++ipt->ipt_oflw == 0) | |
e6dd2097 | 625 | goto bad; |
e6dd2097 BJ |
626 | break; |
627 | } | |
1846019d | 628 | sin = (struct in_addr *)(cp + ipt->ipt_ptr - 1); |
d52566dd | 629 | switch (ipt->ipt_flg) { |
e1d82856 | 630 | |
e6dd2097 BJ |
631 | case IPOPT_TS_TSONLY: |
632 | break; | |
e1d82856 | 633 | |
e6dd2097 | 634 | case IPOPT_TS_TSANDADDR: |
8fb48289 MK |
635 | if (ipt->ipt_ptr + sizeof(n_time) + |
636 | sizeof(struct in_addr) > ipt->ipt_len) | |
e6dd2097 | 637 | goto bad; |
1846019d MK |
638 | ia = ifptoia(ifp); |
639 | bcopy((caddr_t)&IA_SIN(ia)->sin_addr, | |
8fb48289 | 640 | (caddr_t)sin, sizeof(struct in_addr)); |
1846019d | 641 | ipt->ipt_ptr += sizeof(struct in_addr); |
e6dd2097 BJ |
642 | break; |
643 | ||
644 | case IPOPT_TS_PRESPEC: | |
1846019d MK |
645 | if (ipt->ipt_ptr + sizeof(n_time) + |
646 | sizeof(struct in_addr) > ipt->ipt_len) | |
647 | goto bad; | |
8fb48289 MK |
648 | bcopy((caddr_t)sin, (caddr_t)&ipaddr.sin_addr, |
649 | sizeof(struct in_addr)); | |
f223fa7d | 650 | if (ifa_ifwithaddr((struct sockaddr *)&ipaddr) == 0) |
4ad99bae | 651 | continue; |
8fb48289 | 652 | ipt->ipt_ptr += sizeof(struct in_addr); |
e1d82856 BJ |
653 | break; |
654 | ||
655 | default: | |
e6dd2097 | 656 | goto bad; |
e1d82856 | 657 | } |
8fb48289 | 658 | ntime = iptime(); |
1846019d MK |
659 | bcopy((caddr_t)&ntime, (caddr_t)cp + ipt->ipt_ptr - 1, |
660 | sizeof(n_time)); | |
8fb48289 | 661 | ipt->ipt_ptr += sizeof(n_time); |
e6dd2097 | 662 | } |
e1d82856 | 663 | } |
72e4f44e | 664 | return (0); |
e6dd2097 | 665 | bad: |
c45e83d2 | 666 | icmp_error(ip, type, code, ifp); |
72e4f44e | 667 | return (1); |
e1d82856 BJ |
668 | } |
669 | ||
8fb48289 MK |
670 | /* |
671 | * Given address of next destination (final or next hop), | |
672 | * return internet address info of interface to be used to get there. | |
673 | */ | |
674 | struct in_ifaddr * | |
675 | ip_rtaddr(dst) | |
676 | struct in_addr dst; | |
677 | { | |
678 | register struct sockaddr_in *sin; | |
679 | register struct in_ifaddr *ia; | |
680 | ||
681 | sin = (struct sockaddr_in *) &ipforward_rt.ro_dst; | |
682 | ||
683 | if (ipforward_rt.ro_rt == 0 || dst.s_addr != sin->sin_addr.s_addr) { | |
684 | if (ipforward_rt.ro_rt) { | |
685 | RTFREE(ipforward_rt.ro_rt); | |
686 | ipforward_rt.ro_rt = 0; | |
687 | } | |
688 | sin->sin_family = AF_INET; | |
689 | sin->sin_addr = dst; | |
690 | ||
691 | rtalloc(&ipforward_rt); | |
692 | } | |
693 | if (ipforward_rt.ro_rt == 0) | |
694 | return ((struct in_ifaddr *)0); | |
695 | /* | |
696 | * Find address associated with outgoing interface. | |
697 | */ | |
698 | for (ia = in_ifaddr; ia; ia = ia->ia_next) | |
699 | if (ia->ia_ifp == ipforward_rt.ro_rt->rt_ifp) | |
700 | break; | |
701 | return (ia); | |
702 | } | |
703 | ||
704 | /* | |
705 | * Save incoming source route for use in replies, | |
706 | * to be picked up later by ip_srcroute if the receiver is interested. | |
707 | */ | |
708 | save_rte(option, dst) | |
8011f5df | 709 | u_char *option; |
8fb48289 MK |
710 | struct in_addr dst; |
711 | { | |
8011f5df | 712 | unsigned olen; |
8fb48289 MK |
713 | extern ipprintfs; |
714 | ||
715 | olen = option[IPOPT_OLEN]; | |
716 | if (olen > sizeof(ip_srcrt) - 1) { | |
717 | if (ipprintfs) | |
718 | printf("save_rte: olen %d\n", olen); | |
719 | return; | |
720 | } | |
8011f5df | 721 | bcopy((caddr_t)option, (caddr_t)ip_srcrt.srcopt, olen); |
8fb48289 MK |
722 | ip_nhops = (olen - IPOPT_OFFSET - 1) / sizeof(struct in_addr); |
723 | ip_srcrt.route[ip_nhops++] = dst; | |
724 | } | |
725 | ||
726 | /* | |
727 | * Retrieve incoming source route for use in replies, | |
728 | * in the same form used by setsockopt. | |
729 | * The first hop is placed before the options, will be removed later. | |
730 | */ | |
731 | struct mbuf * | |
732 | ip_srcroute() | |
733 | { | |
734 | register struct in_addr *p, *q; | |
735 | register struct mbuf *m; | |
736 | ||
737 | if (ip_nhops == 0) | |
738 | return ((struct mbuf *)0); | |
13494852 MK |
739 | m = m_get(M_DONTWAIT, MT_SOOPTS); |
740 | if (m == 0) | |
741 | return ((struct mbuf *)0); | |
8fb48289 MK |
742 | m->m_len = ip_nhops * sizeof(struct in_addr) + IPOPT_OFFSET + 1 + 1; |
743 | ||
744 | /* | |
745 | * First save first hop for return route | |
746 | */ | |
747 | p = &ip_srcrt.route[ip_nhops - 1]; | |
748 | *(mtod(m, struct in_addr *)) = *p--; | |
749 | ||
750 | /* | |
751 | * Copy option fields and padding (nop) to mbuf. | |
752 | */ | |
753 | ip_srcrt.nop = IPOPT_NOP; | |
754 | bcopy((caddr_t)&ip_srcrt, mtod(m, caddr_t) + sizeof(struct in_addr), | |
755 | IPOPT_OFFSET + 1 + 1); | |
756 | q = (struct in_addr *)(mtod(m, caddr_t) + | |
757 | sizeof(struct in_addr) + IPOPT_OFFSET + 1 + 1); | |
758 | /* | |
759 | * Record return path as an IP source route, | |
760 | * reversing the path (pointers are now aligned). | |
761 | */ | |
762 | while (p >= ip_srcrt.route) | |
763 | *q++ = *p--; | |
764 | return (m); | |
765 | } | |
766 | ||
e6dd2097 | 767 | /* |
4ad99bae BJ |
768 | * Strip out IP options, at higher |
769 | * level protocol in the kernel. | |
770 | * Second argument is buffer to which options | |
771 | * will be moved, and return value is their length. | |
e6dd2097 | 772 | */ |
7c08c626 | 773 | ip_stripoptions(ip, mopt) |
e6dd2097 | 774 | struct ip *ip; |
7c08c626 | 775 | struct mbuf *mopt; |
e1d82856 | 776 | { |
e6dd2097 BJ |
777 | register int i; |
778 | register struct mbuf *m; | |
8fb48289 | 779 | register caddr_t opts; |
e6dd2097 | 780 | int olen; |
e6dd2097 BJ |
781 | |
782 | olen = (ip->ip_hl<<2) - sizeof (struct ip); | |
4ad99bae | 783 | m = dtom(ip); |
8fb48289 | 784 | opts = (caddr_t)(ip + 1); |
7c08c626 BJ |
785 | if (mopt) { |
786 | mopt->m_len = olen; | |
787 | mopt->m_off = MMINOFF; | |
8fb48289 | 788 | bcopy(opts, mtod(mopt, caddr_t), (unsigned)olen); |
7c08c626 | 789 | } |
e6dd2097 | 790 | i = m->m_len - (sizeof (struct ip) + olen); |
8fb48289 | 791 | bcopy(opts + olen, opts, (unsigned)i); |
4aed14e3 | 792 | m->m_len -= olen; |
8fb48289 | 793 | ip->ip_hl = sizeof(struct ip) >> 2; |
e1d82856 | 794 | } |
72e4f44e | 795 | |
0ecfeefb | 796 | u_char inetctlerrmap[PRC_NCMDS] = { |
8fb48289 | 797 | 0, 0, 0, 0, |
0ecfeefb SL |
798 | 0, 0, EHOSTDOWN, EHOSTUNREACH, |
799 | ENETUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, | |
8fb48289 MK |
800 | EMSGSIZE, EHOSTUNREACH, 0, 0, |
801 | 0, 0, 0, 0, | |
802 | ENOPROTOOPT | |
72e4f44e SL |
803 | }; |
804 | ||
8fb48289 MK |
805 | #ifndef IPFORWARDING |
806 | #define IPFORWARDING 1 | |
807 | #endif | |
808 | #ifndef IPSENDREDIRECTS | |
809 | #define IPSENDREDIRECTS 1 | |
810 | #endif | |
72e4f44e | 811 | int ipprintfs = 0; |
8fb48289 MK |
812 | int ipforwarding = IPFORWARDING; |
813 | extern int in_interfaces; | |
814 | int ipsendredirects = IPSENDREDIRECTS; | |
815 | ||
72e4f44e SL |
816 | /* |
817 | * Forward a packet. If some error occurs return the sender | |
f223fa7d | 818 | * an icmp packet. Note we can't always generate a meaningful |
8fb48289 | 819 | * icmp message because icmp doesn't have a large enough repertoire |
72e4f44e | 820 | * of codes and types. |
c0a9b2bd MK |
821 | * |
822 | * If not forwarding (possibly because we have only a single external | |
823 | * network), just drop the packet. This could be confusing if ipforwarding | |
824 | * was zero but some routing protocol was advancing us as a gateway | |
825 | * to somewhere. However, we must let the routing protocol deal with that. | |
72e4f44e | 826 | */ |
8fb48289 | 827 | ip_forward(ip, ifp) |
72e4f44e | 828 | register struct ip *ip; |
8fb48289 | 829 | struct ifnet *ifp; |
72e4f44e | 830 | { |
8fb48289 MK |
831 | register int error, type = 0, code; |
832 | register struct sockaddr_in *sin; | |
f223fa7d | 833 | struct mbuf *mcopy; |
8fb48289 | 834 | struct in_addr dest; |
72e4f44e | 835 | |
8fb48289 | 836 | dest.s_addr = 0; |
72e4f44e SL |
837 | if (ipprintfs) |
838 | printf("forward: src %x dst %x ttl %x\n", ip->ip_src, | |
839 | ip->ip_dst, ip->ip_ttl); | |
f223fa7d | 840 | ip->ip_id = htons(ip->ip_id); |
8fb48289 | 841 | if (ipforwarding == 0 || in_interfaces <= 1) { |
c0a9b2bd | 842 | ipstat.ips_cantforward++; |
72427e98 MK |
843 | #ifdef GATEWAY |
844 | type = ICMP_UNREACH, code = ICMP_UNREACH_NET; | |
845 | goto sendicmp; | |
846 | #else | |
c0a9b2bd MK |
847 | m_freem(dtom(ip)); |
848 | return; | |
72427e98 | 849 | #endif |
72e4f44e | 850 | } |
c13e44b4 | 851 | if (ip->ip_ttl <= IPTTLDEC) { |
72e4f44e SL |
852 | type = ICMP_TIMXCEED, code = ICMP_TIMXCEED_INTRANS; |
853 | goto sendicmp; | |
854 | } | |
855 | ip->ip_ttl -= IPTTLDEC; | |
67387c9c SL |
856 | |
857 | /* | |
858 | * Save at most 64 bytes of the packet in case | |
859 | * we need to generate an ICMP message to the src. | |
860 | */ | |
58bca61d | 861 | mcopy = m_copy(dtom(ip), 0, imin((int)ip->ip_len, 64)); |
72e4f44e | 862 | |
8fb48289 MK |
863 | sin = (struct sockaddr_in *)&ipforward_rt.ro_dst; |
864 | if (ipforward_rt.ro_rt == 0 || | |
865 | ip->ip_dst.s_addr != sin->sin_addr.s_addr) { | |
866 | if (ipforward_rt.ro_rt) { | |
867 | RTFREE(ipforward_rt.ro_rt); | |
868 | ipforward_rt.ro_rt = 0; | |
869 | } | |
870 | sin->sin_family = AF_INET; | |
871 | sin->sin_addr = ip->ip_dst; | |
872 | ||
873 | rtalloc(&ipforward_rt); | |
874 | } | |
875 | /* | |
876 | * If forwarding packet using same interface that it came in on, | |
877 | * perhaps should send a redirect to sender to shortcut a hop. | |
878 | * Only send redirect if source is sending directly to us, | |
879 | * and if packet was not source routed (or has any options). | |
83dfdaa9 MK |
880 | * Also, don't send redirect if forwarding using a default route |
881 | * or a route modfied by a redirect. | |
8fb48289 | 882 | */ |
83dfdaa9 | 883 | #define satosin(sa) ((struct sockaddr_in *)(sa)) |
8fb48289 | 884 | if (ipforward_rt.ro_rt && ipforward_rt.ro_rt->rt_ifp == ifp && |
fc7b8b1e | 885 | (ipforward_rt.ro_rt->rt_flags & RTF_DYNAMIC) == 0 && |
83dfdaa9 | 886 | satosin(&ipforward_rt.ro_rt->rt_dst)->sin_addr.s_addr != 0 && |
8fb48289 MK |
887 | ipsendredirects && ip->ip_hl == (sizeof(struct ip) >> 2)) { |
888 | struct in_ifaddr *ia; | |
8fb48289 MK |
889 | u_long src = ntohl(ip->ip_src.s_addr); |
890 | u_long dst = ntohl(ip->ip_dst.s_addr); | |
891 | ||
892 | if ((ia = ifptoia(ifp)) && | |
893 | (src & ia->ia_subnetmask) == ia->ia_subnet) { | |
894 | if (ipforward_rt.ro_rt->rt_flags & RTF_GATEWAY) | |
895 | dest = satosin(&ipforward_rt.ro_rt->rt_gateway)->sin_addr; | |
896 | else | |
897 | dest = ip->ip_dst; | |
898 | /* | |
899 | * If the destination is reached by a route to host, | |
020b84ae MK |
900 | * is on a subnet of a local net, or is directly |
901 | * on the attached net (!), use host redirect. | |
8fb48289 MK |
902 | * (We may be the correct first hop for other subnets.) |
903 | */ | |
904 | type = ICMP_REDIRECT; | |
905 | code = ICMP_REDIRECT_NET; | |
906 | if ((ipforward_rt.ro_rt->rt_flags & RTF_HOST) || | |
907 | (ipforward_rt.ro_rt->rt_flags & RTF_GATEWAY) == 0) | |
908 | code = ICMP_REDIRECT_HOST; | |
909 | else for (ia = in_ifaddr; ia = ia->ia_next; ) | |
910 | if ((dst & ia->ia_netmask) == ia->ia_net) { | |
020b84ae MK |
911 | if (ia->ia_subnetmask != ia->ia_netmask) |
912 | code = ICMP_REDIRECT_HOST; | |
8fb48289 MK |
913 | break; |
914 | } | |
915 | if (ipprintfs) | |
916 | printf("redirect (%d) to %x\n", code, dest); | |
917 | } | |
918 | } | |
919 | ||
920 | error = ip_output(dtom(ip), (struct mbuf *)0, &ipforward_rt, | |
f223fa7d | 921 | IP_FORWARDING); |
8fb48289 MK |
922 | if (error) |
923 | ipstat.ips_cantforward++; | |
924 | else if (type) | |
925 | ipstat.ips_redirectsent++; | |
926 | else { | |
67387c9c SL |
927 | if (mcopy) |
928 | m_freem(mcopy); | |
ac066ae1 | 929 | ipstat.ips_forward++; |
72e4f44e | 930 | return; |
67387c9c | 931 | } |
9dfd168a SL |
932 | if (mcopy == NULL) |
933 | return; | |
67387c9c | 934 | ip = mtod(mcopy, struct ip *); |
8fb48289 | 935 | type = ICMP_UNREACH; |
67387c9c SL |
936 | switch (error) { |
937 | ||
8fb48289 MK |
938 | case 0: /* forwarded, but need redirect */ |
939 | type = ICMP_REDIRECT; | |
940 | /* code set above */ | |
941 | break; | |
942 | ||
67387c9c SL |
943 | case ENETUNREACH: |
944 | case ENETDOWN: | |
d933432a MK |
945 | if (in_localaddr(ip->ip_dst)) |
946 | code = ICMP_UNREACH_HOST; | |
947 | else | |
948 | code = ICMP_UNREACH_NET; | |
67387c9c SL |
949 | break; |
950 | ||
951 | case EMSGSIZE: | |
72e4f44e | 952 | code = ICMP_UNREACH_NEEDFRAG; |
67387c9c SL |
953 | break; |
954 | ||
955 | case EPERM: | |
956 | code = ICMP_UNREACH_PORT; | |
957 | break; | |
958 | ||
959 | case ENOBUFS: | |
960 | type = ICMP_SOURCEQUENCH; | |
961 | break; | |
962 | ||
963 | case EHOSTDOWN: | |
964 | case EHOSTUNREACH: | |
965 | code = ICMP_UNREACH_HOST; | |
966 | break; | |
967 | } | |
72e4f44e | 968 | sendicmp: |
c45e83d2 | 969 | icmp_error(ip, type, code, ifp, dest); |
72e4f44e | 970 | } |