Changeset View
Changeset View
Standalone View
Standalone View
head/sys/netinet/ip_input.c
| Show First 20 Lines • Show All 73 Lines • ▼ Show 20 Lines | |||||
| #include <netinet/ip_var.h> | #include <netinet/ip_var.h> | ||||
| #include <netinet/ip_fw.h> | #include <netinet/ip_fw.h> | ||||
| #include <netinet/ip_icmp.h> | #include <netinet/ip_icmp.h> | ||||
| #include <netinet/ip_options.h> | #include <netinet/ip_options.h> | ||||
| #include <machine/in_cksum.h> | #include <machine/in_cksum.h> | ||||
| #include <netinet/ip_carp.h> | #include <netinet/ip_carp.h> | ||||
| #ifdef IPSEC | #ifdef IPSEC | ||||
| #include <netinet/ip_ipsec.h> | #include <netinet/ip_ipsec.h> | ||||
| #include <netipsec/ipsec.h> | |||||
| #include <netipsec/key.h> | |||||
| #endif /* IPSEC */ | #endif /* IPSEC */ | ||||
| #include <netinet/in_rss.h> | #include <netinet/in_rss.h> | ||||
| #include <sys/socketvar.h> | #include <sys/socketvar.h> | ||||
| #include <security/mac/mac_framework.h> | #include <security/mac/mac_framework.h> | ||||
| #ifdef CTASSERT | #ifdef CTASSERT | ||||
| ▲ Show 20 Lines • Show All 405 Lines • ▼ Show 20 Lines | tooshort: | ||||
| if (m->m_pkthdr.len > ip_len) { | if (m->m_pkthdr.len > ip_len) { | ||||
| if (m->m_len == m->m_pkthdr.len) { | if (m->m_len == m->m_pkthdr.len) { | ||||
| m->m_len = ip_len; | m->m_len = ip_len; | ||||
| m->m_pkthdr.len = ip_len; | m->m_pkthdr.len = ip_len; | ||||
| } else | } else | ||||
| m_adj(m, ip_len - m->m_pkthdr.len); | m_adj(m, ip_len - m->m_pkthdr.len); | ||||
| } | } | ||||
| /* Try to forward the packet, but if we fail continue */ | |||||
| #ifdef IPSEC | #ifdef IPSEC | ||||
| /* For now we do not handle IPSEC in tryforward. */ | |||||
| if (!key_havesp(IPSEC_DIR_INBOUND) && !key_havesp(IPSEC_DIR_OUTBOUND) && | |||||
| (V_ipforwarding == 1)) | |||||
| if (ip_tryforward(m) == NULL) | |||||
| return; | |||||
| /* | /* | ||||
| * Bypass packet filtering for packets previously handled by IPsec. | * Bypass packet filtering for packets previously handled by IPsec. | ||||
| */ | */ | ||||
| if (ip_ipsec_filtertunnel(m)) | if (ip_ipsec_filtertunnel(m)) | ||||
| goto passin; | goto passin; | ||||
| #else | |||||
| if (V_ipforwarding == 1) | |||||
| if (ip_tryforward(m) == NULL) | |||||
| return; | |||||
| #endif /* IPSEC */ | #endif /* IPSEC */ | ||||
| /* | /* | ||||
| * Run through list of hooks for input packets. | * Run through list of hooks for input packets. | ||||
| * | * | ||||
| * NB: Beware of the destination address changing (e.g. | * NB: Beware of the destination address changing (e.g. | ||||
| * by NAT rewriting). When this happens, tell | * by NAT rewriting). When this happens, tell | ||||
| * ip_forward to do the right thing. | * ip_forward to do the right thing. | ||||
| ▲ Show 20 Lines • Show All 819 Lines • Show Last 20 Lines | |||||