Changeset View
Changeset View
Standalone View
Standalone View
sys/netgraph/ng_nat.c
Show First 20 Lines • Show All 801 Lines • ▼ Show 20 Lines | default: | ||||
goto send; | goto send; | ||||
} | } | ||||
break; | break; | ||||
} | } | ||||
default: | default: | ||||
panic("Corrupted priv->dlt: %u", priv->dlt); | panic("Corrupted priv->dlt: %u", priv->dlt); | ||||
} | } | ||||
if (m->m_pkthdr.len < ipofs + sizeof(struct ip)) | |||||
goto send; /* packet too short to hold IP */ | |||||
c = (char *)mtodo(m, ipofs); | c = (char *)mtodo(m, ipofs); | ||||
ip = (struct ip *)mtodo(m, ipofs); | ip = (struct ip *)mtodo(m, ipofs); | ||||
KASSERT(m->m_pkthdr.len == ipofs + ntohs(ip->ip_len), | if (ip->ip_v != IPVERSION) | ||||
("ng_nat: ip_len != m_pkthdr.len")); | goto send; /* other IP version, let it pass */ | ||||
if (m->m_pkthdr.len < ipofs + ntohs(ip->ip_len)) | |||||
markj: There should be a space following 'if'. | |||||
goto send; /* packet too short (i.e. fragmented or broken) */ | |||||
Done Inline ActionsWe also need to verify that the packet length is >= ipofs + sizeof(struct ip). markj: We also need to verify that the packet length is >= ipofs + sizeof(struct ip). | |||||
Done Inline ActionsI think this validation only needs to be performed for ethernet packets, i.e., in the DLT_EN10MB case above. We should be able to trust raw IP packets, so it is a waste to re-validate in that case. markj: I think this validation only needs to be performed for ethernet packets, i.e., in the… | |||||
Done Inline ActionsRaw (IP) packets may come from other parts of the netgraph infrastructure which is not Ethernet based, i.e. PPP, HDLC etc. So I'd keep this. donner: Raw (IP) packets may come from other parts of the netgraph infrastructure which is not Ethernet… | |||||
/* | /* | ||||
* We drop packet when: | * We drop packet when: | ||||
* 1. libalias returns PKT_ALIAS_ERROR; | * 1. libalias returns PKT_ALIAS_ERROR; | ||||
* 2. For incoming packets: | * 2. For incoming packets: | ||||
* a) for unresolved fragments; | * a) for unresolved fragments; | ||||
* b) libalias returns PKT_ALIAS_IGNORED and | * b) libalias returns PKT_ALIAS_IGNORED and | ||||
* PKT_ALIAS_DENY_INCOMING flag is set. | * PKT_ALIAS_DENY_INCOMING flag is set. | ||||
▲ Show 20 Lines • Show All 140 Lines • Show Last 20 Lines |
There should be a space following 'if'.