Changeset View
Changeset View
Standalone View
Standalone View
head/sys/netinet/ip_input.c
Show First 20 Lines • Show All 73 Lines • ▼ Show 20 Lines | |||||
#include <netinet/ip_var.h> | #include <netinet/ip_var.h> | ||||
#include <netinet/ip_fw.h> | #include <netinet/ip_fw.h> | ||||
#include <netinet/ip_icmp.h> | #include <netinet/ip_icmp.h> | ||||
#include <netinet/ip_options.h> | #include <netinet/ip_options.h> | ||||
#include <machine/in_cksum.h> | #include <machine/in_cksum.h> | ||||
#include <netinet/ip_carp.h> | #include <netinet/ip_carp.h> | ||||
#ifdef IPSEC | #ifdef IPSEC | ||||
#include <netinet/ip_ipsec.h> | #include <netinet/ip_ipsec.h> | ||||
#include <netipsec/ipsec.h> | |||||
#include <netipsec/key.h> | |||||
#endif /* IPSEC */ | #endif /* IPSEC */ | ||||
#include <netinet/in_rss.h> | #include <netinet/in_rss.h> | ||||
#include <sys/socketvar.h> | #include <sys/socketvar.h> | ||||
#include <security/mac/mac_framework.h> | #include <security/mac/mac_framework.h> | ||||
#ifdef CTASSERT | #ifdef CTASSERT | ||||
▲ Show 20 Lines • Show All 405 Lines • ▼ Show 20 Lines | tooshort: | ||||
if (m->m_pkthdr.len > ip_len) { | if (m->m_pkthdr.len > ip_len) { | ||||
if (m->m_len == m->m_pkthdr.len) { | if (m->m_len == m->m_pkthdr.len) { | ||||
m->m_len = ip_len; | m->m_len = ip_len; | ||||
m->m_pkthdr.len = ip_len; | m->m_pkthdr.len = ip_len; | ||||
} else | } else | ||||
m_adj(m, ip_len - m->m_pkthdr.len); | m_adj(m, ip_len - m->m_pkthdr.len); | ||||
} | } | ||||
/* Try to forward the packet, but if we fail continue */ | |||||
#ifdef IPSEC | #ifdef IPSEC | ||||
/* For now we do not handle IPSEC in tryforward. */ | |||||
if (!key_havesp(IPSEC_DIR_INBOUND) && !key_havesp(IPSEC_DIR_OUTBOUND) && | |||||
(V_ipforwarding == 1)) | |||||
if (ip_tryforward(m) == NULL) | |||||
return; | |||||
/* | /* | ||||
* Bypass packet filtering for packets previously handled by IPsec. | * Bypass packet filtering for packets previously handled by IPsec. | ||||
*/ | */ | ||||
if (ip_ipsec_filtertunnel(m)) | if (ip_ipsec_filtertunnel(m)) | ||||
goto passin; | goto passin; | ||||
#else | |||||
if (V_ipforwarding == 1) | |||||
if (ip_tryforward(m) == NULL) | |||||
return; | |||||
#endif /* IPSEC */ | #endif /* IPSEC */ | ||||
/* | /* | ||||
* Run through list of hooks for input packets. | * Run through list of hooks for input packets. | ||||
* | * | ||||
* NB: Beware of the destination address changing (e.g. | * NB: Beware of the destination address changing (e.g. | ||||
* by NAT rewriting). When this happens, tell | * by NAT rewriting). When this happens, tell | ||||
* ip_forward to do the right thing. | * ip_forward to do the right thing. | ||||
▲ Show 20 Lines • Show All 819 Lines • Show Last 20 Lines |