Changeset View
Changeset View
Standalone View
Standalone View
sys/netinet/ip_input.c
Show First 20 Lines • Show All 936 Lines • ▼ Show 20 Lines | #endif | ||||
bzero(&ro, sizeof(ro)); | bzero(&ro, sizeof(ro)); | ||||
sin = (struct sockaddr_in *)&ro.ro_dst; | sin = (struct sockaddr_in *)&ro.ro_dst; | ||||
sin->sin_family = AF_INET; | sin->sin_family = AF_INET; | ||||
sin->sin_len = sizeof(*sin); | sin->sin_len = sizeof(*sin); | ||||
sin->sin_addr = ip->ip_dst; | sin->sin_addr = ip->ip_dst; | ||||
flowid = m->m_pkthdr.flowid; | flowid = m->m_pkthdr.flowid; | ||||
ro.ro_nh = fib4_lookup(M_GETFIB(m), ip->ip_dst, 0, NHR_REF, flowid); | ro.ro_nh = fib4_lookup(M_GETFIB(m), ip->ip_dst, 0, NHR_REF, flowid); | ||||
if (ro.ro_nh != NULL) { | if (ro.ro_nh != NULL) { | ||||
if (ro.ro_nh->nh_flags & (NHF_BLACKHOLE | NHF_BROADCAST)) { | |||||
melifaro: Q - why NHF_BROADCAST?
Also - both cases seem to have pretty much the same action except… | |||||
Done Inline ActionsThis mirrors the check done in the fast forward case: https://cgit.freebsd.org/src/tree/sys/netinet/ip_fastfwd.c#n207 And given that the commonality between REJECT and BLACKHOLE|BROADCAST is two lines (IPSTAT_INC(ips_cantforward) and NH_FREE()) I'm not sure that's worth making things more complicated. (Much like we do in the fastforward case) We'd end up with this: if (ro.ro_nh->nh_flags & (NHF_BLACKHOLE | NHF_BROADCAST | NHF_REJECT)) { IPSTAT_INC(ips_cantforward); NH_FREE(ro.ro_nh); if (ro.ro_nh->nh_flags & NHF_REJECT) { icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, 0, 0); } else { m_freem(m); } return; } (i.e. more complex, and we're now repeating the NHF_REJECT check) kp: This mirrors the check done in the fast forward case: https://cgit.freebsd. | |||||
IPSTAT_INC(ips_cantforward); | |||||
m_freem(m); | |||||
NH_FREE(ro.ro_nh); | |||||
return; | |||||
} | |||||
if (ro.ro_nh->nh_flags & NHF_REJECT) { | |||||
IPSTAT_INC(ips_cantforward); | |||||
NH_FREE(ro.ro_nh); | |||||
icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, 0, 0); | |||||
return; | |||||
} | |||||
ia = ifatoia(ro.ro_nh->nh_ifa); | ia = ifatoia(ro.ro_nh->nh_ifa); | ||||
} else | } else | ||||
ia = NULL; | ia = NULL; | ||||
/* | /* | ||||
* Save the IP header and at most 8 bytes of the payload, | * Save the IP header and at most 8 bytes of the payload, | ||||
* in case we need to generate an ICMP message to the src. | * in case we need to generate an ICMP message to the src. | ||||
* | * | ||||
* XXX this can be optimized a lot by saving the data in a local | * XXX this can be optimized a lot by saving the data in a local | ||||
▲ Show 20 Lines • Show All 432 Lines • Show Last 20 Lines |
Q - why NHF_BROADCAST?
Also - both cases seem to have pretty much the same action except sending icmp_error() - maybe it's worth handling both in a single condition?