PERFORCE change 55495 for review
Robert Watson
rwatson at FreeBSD.org
Tue Jun 22 02:57:17 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=55495
Change 55495 by rwatson at rwatson_tislabs on 2004/06/22 02:56:21
Integrate netperf_socket.
Affected files ...
.. //depot/projects/netperf_socket/sys/cam/cam_xpt.c#4 integrate
.. //depot/projects/netperf_socket/sys/compat/svr4/svr4_ioctl.c#2 integrate
.. //depot/projects/netperf_socket/sys/compat/svr4/svr4_ttold.c#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/fil.c#3 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_auth.c#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_compat.h#3 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_fil.c#4 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_fil.h#3 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_frag.c#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_frag.h#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_log.c#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_nat.c#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_nat.h#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_raudio_pxy.c#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_state.c#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_state.h#2 integrate
.. //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ipl.h#2 integrate
.. //depot/projects/netperf_socket/sys/dev/ata/atapi-cd.c#6 integrate
.. //depot/projects/netperf_socket/sys/dev/ciss/ciss.c#11 integrate
.. //depot/projects/netperf_socket/sys/dev/ciss/cissreg.h#7 integrate
.. //depot/projects/netperf_socket/sys/dev/ciss/cissvar.h#4 integrate
.. //depot/projects/netperf_socket/sys/dev/cy/cy.c#7 integrate
.. //depot/projects/netperf_socket/sys/dev/digi/digi.c#8 integrate
.. //depot/projects/netperf_socket/sys/dev/esp/esp_sbus.c#3 integrate
.. //depot/projects/netperf_socket/sys/dev/rp/rp.c#7 integrate
.. //depot/projects/netperf_socket/sys/dev/rp/rp_pci.c#4 integrate
.. //depot/projects/netperf_socket/sys/dev/rp/rpreg.h#3 integrate
.. //depot/projects/netperf_socket/sys/dev/si/si.c#7 integrate
.. //depot/projects/netperf_socket/sys/dev/sio/sio.c#11 integrate
.. //depot/projects/netperf_socket/sys/dev/sx/sx.c#6 integrate
.. //depot/projects/netperf_socket/sys/geom/gate/g_gate.c#4 integrate
.. //depot/projects/netperf_socket/sys/geom/geom.h#5 integrate
.. //depot/projects/netperf_socket/sys/i386/ibcs2/ibcs2_ioctl.c#2 integrate
.. //depot/projects/netperf_socket/sys/i386/ibcs2/ibcs2_sysent.c#4 integrate
.. //depot/projects/netperf_socket/sys/i4b/driver/i4b_ing.c#3 integrate
.. //depot/projects/netperf_socket/sys/kern/kern_exit.c#13 integrate
.. //depot/projects/netperf_socket/sys/kern/kern_resource.c#8 integrate
.. //depot/projects/netperf_socket/sys/kern/kern_thread.c#15 integrate
.. //depot/projects/netperf_socket/sys/kern/kern_time.c#4 integrate
.. //depot/projects/netperf_socket/sys/kern/sched_4bsd.c#6 integrate
.. //depot/projects/netperf_socket/sys/kern/sched_ule.c#10 integrate
.. //depot/projects/netperf_socket/sys/kern/tty.c#9 integrate
.. //depot/projects/netperf_socket/sys/kern/tty_compat.c#5 integrate
.. //depot/projects/netperf_socket/sys/kern/tty_pty.c#9 integrate
.. //depot/projects/netperf_socket/sys/pci/if_mn.c#5 integrate
.. //depot/projects/netperf_socket/sys/sys/ioctl_compat.h#3 integrate
.. //depot/projects/netperf_socket/sys/sys/ttychars.h#3 integrate
.. //depot/projects/netperf_socket/sys/sys/ttydev.h#3 integrate
.. //depot/projects/netperf_socket/sys/sys/user.h#8 integrate
Differences ...
==== //depot/projects/netperf_socket/sys/cam/cam_xpt.c#4 (text+ko) ====
@@ -28,7 +28,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/cam/cam_xpt.c,v 1.139 2004/06/16 09:46:31 phk Exp $");
+__FBSDID("$FreeBSD: src/sys/cam/cam_xpt.c,v 1.141 2004/06/21 19:01:55 ps Exp $");
#include <sys/param.h>
#include <sys/bus.h>
==== //depot/projects/netperf_socket/sys/compat/svr4/svr4_ioctl.c#2 (text+ko) ====
@@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_ioctl.c,v 1.20 2003/06/10 21:35:15 obrien Exp $");
+__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_ioctl.c,v 1.21 2004/06/21 22:57:10 phk Exp $");
#include <sys/param.h>
#include <sys/proc.h>
@@ -119,10 +119,12 @@
#endif
switch (cmd & 0xff00) {
+#ifndef BURN_BRIDGES
case SVR4_tIOC:
DPRINTF(("ttold\n"));
fun = svr4_ttold_ioctl;
break;
+#endif
case SVR4_TIOC:
DPRINTF(("term\n"));
==== //depot/projects/netperf_socket/sys/compat/svr4/svr4_ttold.c#2 (text+ko) ====
@@ -27,7 +27,9 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_ttold.c,v 1.12 2003/06/10 21:35:15 obrien Exp $");
+__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_ttold.c,v 1.13 2004/06/21 22:57:10 phk Exp $");
+
+#ifndef BURN_BRIDGES
#include <sys/param.h>
#include <sys/proc.h>
@@ -376,3 +378,5 @@
return 0; /* ENOSYS really */
}
}
+
+#endif /* BURN_BRIDGES */
==== //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/fil.c#3 (text+ko) ====
@@ -42,6 +42,7 @@
# include <sys/mbuf.h>
# endif
#else
+# include <sys/cmn_err.h>
# include <sys/byteorder.h>
# if SOLARIS2 < 5
# include <sys/dditypes.h>
@@ -99,7 +100,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/fil.c,v 1.37 2004/04/07 20:45:56 imp Exp $";
+static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/fil.c,v 1.38 2004/06/21 22:46:35 darrenr Exp $";
#endif
#ifndef _KERNEL
@@ -146,6 +147,9 @@
static int frflushlist __P((int, minor_t, int *, frentry_t **));
#ifdef _KERNEL
static void frsynclist __P((frentry_t *));
+# ifndef __sgi
+static void *ipf_pullup __P((mb_t *, fr_info_t *, int, void *));
+# endif
#endif
@@ -194,19 +198,27 @@
* compact the IP header into a structure which contains just the info.
* which is useful for comparing IP headers with.
*/
-void fr_makefrip(hlen, ip, fin)
+int fr_makefrip(hlen, ip, fin)
int hlen;
ip_t *ip;
fr_info_t *fin;
{
u_short optmsk = 0, secmsk = 0, auth = 0;
int i, mv, ol, off, p, plen, v;
+#if defined(_KERNEL)
+# if SOLARIS
+ mb_t *m = fin->fin_qfm;
+# else
+ mb_t *m = fin->fin_mp ? *fin->fin_mp : NULL;
+# endif
+#endif
fr_ip_t *fi = &fin->fin_fi;
struct optlist *op;
u_char *s, opt;
tcphdr_t *tcp;
fin->fin_rev = 0;
+ fin->fin_dp = NULL;
fin->fin_fr = NULL;
fin->fin_tcpf = 0;
fin->fin_data[0] = 0;
@@ -220,8 +232,10 @@
if (v == 4) {
fin->fin_id = ip->ip_id;
fi->fi_tos = ip->ip_tos;
+#if (OpenBSD >= 200311) && defined(_KERNEL)
+ ip->ip_off = ntohs(ip->ip_off);
+#endif
off = (ip->ip_off & IP_OFFMASK);
- tcp = (tcphdr_t *)((char *)ip + hlen);
(*(((u_short *)fi) + 1)) = (*(((u_short *)ip) + 4));
fi->fi_src.i6[1] = 0;
fi->fi_src.i6[2] = 0;
@@ -235,6 +249,9 @@
fi->fi_fl = (hlen > sizeof(ip_t)) ? FI_OPTIONS : 0;
if (ip->ip_off & (IP_MF|IP_OFFMASK))
fi->fi_fl |= FI_FRAG;
+#if (OpenBSD >= 200311) && defined(_KERNEL)
+ ip->ip_len = ntohs(ip->ip_len);
+#endif
plen = ip->ip_len;
fin->fin_dlen = plen - hlen;
}
@@ -246,7 +263,6 @@
p = ip6->ip6_nxt;
fi->fi_p = p;
fi->fi_ttl = ip6->ip6_hlim;
- tcp = (tcphdr_t *)(ip6 + 1);
fi->fi_src.in6 = ip6->ip6_src;
fi->fi_dst.in6 = ip6->ip6_dst;
fin->fin_id = (u_short)(ip6->ip6_flow & 0xffff);
@@ -258,14 +274,23 @@
}
#endif
else
- return;
+ return -1;
fin->fin_off = off;
fin->fin_plen = plen;
- fin->fin_dp = (char *)tcp;
+ tcp = (tcphdr_t *)((char *)ip + hlen);
fin->fin_misc = 0;
off <<= 3;
+ /*
+ * For both ICMPV6 & ICMP, we attempt to pullup the entire packet into
+ * a single buffer for recognised error return packets. Why? Because
+ * the entire data section of the ICMP payload is considered to be of
+ * significance and maybe required in NAT/state processing, so rather
+ * than be careful later, attempt to get it all in one buffeer first.
+ * For TCP we just make sure the _entire_ TCP header is in the first
+ * buffer for convienience.
+ */
switch (p)
{
#ifdef USE_INET6
@@ -274,7 +299,7 @@
int minicmpsz = sizeof(struct icmp6_hdr);
struct icmp6_hdr *icmp6;
- if (fin->fin_dlen > 1) {
+ if (!(fin->fin_fl & FI_SHORT) && (fin->fin_dlen > 1)) {
fin->fin_data[0] = *(u_short *)tcp;
icmp6 = (struct icmp6_hdr *)tcp;
@@ -289,6 +314,14 @@
case ICMP6_PACKET_TOO_BIG :
case ICMP6_TIME_EXCEEDED :
case ICMP6_PARAM_PROB :
+# if defined(KERNEL) && !defined(__sgi)
+ if ((m != NULL) && (M_BLEN(m) < plen)) {
+ ip = ipf_pullup(m, fin, plen, ip);
+ if (ip == NULL)
+ return -1;
+ tcp = (tcphdr_t *)((char *)ip + hlen);
+ }
+# endif /* KERNEL && !__sgi */
minicmpsz = ICMP6ERR_IPICMPHLEN;
break;
default :
@@ -296,22 +329,27 @@
}
}
- if (!(plen >= minicmpsz))
+ if (!(fin->fin_dlen >= minicmpsz))
fi->fi_fl |= FI_SHORT;
break;
}
-#endif
+#endif /* USE_INET6 */
+
case IPPROTO_ICMP :
{
int minicmpsz = sizeof(struct icmp);
icmphdr_t *icmp;
- if (!off && (fin->fin_dlen > 1)) {
+ if (!off && (fin->fin_dlen > 1) && !(fin->fin_fl & FI_SHORT)) {
fin->fin_data[0] = *(u_short *)tcp;
icmp = (icmphdr_t *)tcp;
+ /*
+ * Minimum ICMP packet is type(1) code(1) cksum(2)
+ * plus 4 bytes following, totalling 8 bytes.
+ */
switch (icmp->icmp_type)
{
case ICMP_ECHOREPLY :
@@ -327,7 +365,7 @@
*/
case ICMP_TSTAMP :
case ICMP_TSTAMPREPLY :
- minicmpsz = 20;
+ minicmpsz = ICMP_MINLEN + 12;
break;
/*
* type(1) + code(1) + cksum(2) + id(2) seq(2) +
@@ -335,9 +373,28 @@
*/
case ICMP_MASKREQ :
case ICMP_MASKREPLY :
- minicmpsz = 12;
+ minicmpsz = ICMP_MINLEN + 4;
+ break;
+ /*
+ * type(1) + code(1) + cksum(2) + arg(4) ip(20+)
+ */
+ case ICMP_UNREACH :
+ case ICMP_SOURCEQUENCH :
+ case ICMP_REDIRECT :
+ case ICMP_TIMXCEED :
+ case ICMP_PARAMPROB :
+#if defined(KERNEL) && !defined(__sgi)
+ if ((m != NULL) && (M_BLEN(m) < plen)) {
+ ip = ipf_pullup(m, fin, plen, ip);
+ if (ip == NULL)
+ return -1;
+ tcp = (tcphdr_t *)((char *)ip + hlen);
+ }
+#endif /* KERNEL && !__sgi */
+ minicmpsz = ICMPERR_MINPKTLEN - sizeof(ip_t);
break;
default :
+ minicmpsz = ICMP_MINLEN;
break;
}
}
@@ -345,9 +402,9 @@
if ((!(plen >= hlen + minicmpsz) && !off) ||
(off && off < sizeof(struct icmp)))
fi->fi_fl |= FI_SHORT;
-
break;
}
+
case IPPROTO_TCP :
fi->fi_fl |= FI_TCPUDP;
#ifdef USE_INET6
@@ -361,6 +418,20 @@
(off && off < sizeof(struct tcphdr)))
fi->fi_fl |= FI_SHORT;
}
+
+#if defined(KERNEL) && !defined(__sgi)
+ if (!off && !(fi->fi_fl & FI_SHORT)) {
+ int tlen = hlen + (tcp->th_off << 2);
+
+ if ((m != NULL) && (M_BLEN(m) < tlen)) {
+ ip = ipf_pullup(m, fin, tlen, ip);
+ if (ip == NULL)
+ return -1;
+ tcp = (tcphdr_t *)((char *)ip + hlen);
+ }
+ }
+#endif /* _KERNEL && !_sgi */
+
if (!(fi->fi_fl & FI_SHORT) && !off)
fin->fin_tcpf = tcp->th_flags;
goto getports;
@@ -400,12 +471,14 @@
break;
}
+ fin->fin_dp = (char *)tcp;
+
#ifdef USE_INET6
if (v == 6) {
fi->fi_optmsk = 0;
fi->fi_secmsk = 0;
fi->fi_auth = 0;
- return;
+ return 0;
}
#endif
@@ -462,6 +535,7 @@
fi->fi_optmsk = optmsk;
fi->fi_secmsk = secmsk;
fi->fi_auth = auth;
+ return 0;
}
@@ -749,7 +823,7 @@
#endif /* IPFILTER_LOG */
ATOMIC_INCL(fr->fr_hits);
if (passt & FR_ACCOUNT)
- fr->fr_bytes += (U_QUAD_T)ip->ip_len;
+ fr->fr_bytes += (U_QUAD_T)fin->fin_plen;
else
fin->fin_icode = fr->fr_icode;
fin->fin_rule = rulen;
@@ -812,12 +886,17 @@
int p, len, drop = 0, logit = 0;
mb_t *mc = NULL;
# if !defined(__SVR4) && !defined(__svr4__)
+ /*
+ * We don't do this section for Solaris because fr_precheck() does a
+ * pullupmsg() instead, effectively achieving the same result as here
+ * so no need to duplicate it.
+ */
# ifdef __sgi
char hbuf[128];
# endif
int up;
-# if !SOLARIS && !defined(NETBSD_PF) && \
+# if !defined(NETBSD_PF) && \
((defined(__FreeBSD__) && (__FreeBSD_version < 500011)) || \
defined(__OpenBSD__) || defined(_BSDI_VERSION))
if (fr_checkp != fr_check && fr_running > 0) {
@@ -855,7 +934,7 @@
}
# endif /* CSUM_DELAY_DATA */
-# ifdef USE_INET6
+# ifdef USE_INET6
if (v == 6) {
len = ntohs(((ip6_t*)ip)->ip6_plen);
if (!len)
@@ -863,17 +942,20 @@
len += sizeof(ip6_t);
p = ((ip6_t *)ip)->ip6_nxt;
} else
-# endif
+# endif
{
p = ip->ip_p;
len = ip->ip_len;
}
+ fin->fin_mp = mp;
+ fin->fin_out = out;
+
if ((p == IPPROTO_TCP || p == IPPROTO_UDP ||
(v == 4 && p == IPPROTO_ICMP)
-# ifdef USE_INET6
+# ifdef USE_INET6
|| (v == 6 && p == IPPROTO_ICMPV6)
-# endif
+# endif
)) {
int plen = 0;
@@ -893,7 +975,7 @@
case IPPROTO_ESP:
plen = 8;
break;
-# ifdef USE_INET6
+# ifdef USE_INET6
case IPPROTO_ICMPV6 :
/*
* XXX does not take intermediate header
@@ -901,8 +983,10 @@
*/
plen = ICMP6ERR_MINPKTLEN + 8 - sizeof(ip6_t);
break;
-# endif
+# endif
}
+ if ((plen > 0) && (len < hlen + plen))
+ fin->fin_fl |= FI_SHORT;
up = MIN(hlen + plen, len);
if (up > m->m_len) {
@@ -917,14 +1001,34 @@
ip = (ip_t *)hbuf;
# else /* __ sgi */
# ifndef linux
- if ((*mp = m_pullup(m, up)) == 0) {
- ATOMIC_INCL(frstats[out].fr_pull[1]);
+ /*
+ * Having determined that we need to pullup some data,
+ * try to bring as much of the packet up into a single
+ * buffer with the first pullup. This hopefully means
+ * less need for doing futher pullups. Not needed for
+ * Solaris because fr_precheck() does it anyway.
+ *
+ * The main potential for trouble here is if MLEN/MHLEN
+ * become quite small, lets say < 64 bytes...but if
+ * that did happen, BSD networking as a whole would be
+ * slow/inefficient.
+ */
+# ifdef MHLEN
+ /*
+ * Assume that M_PKTHDR is set and just work with what
+ * is left rather than check.. Should not make any
+ * real difference, anyway.
+ */
+ if ((MHLEN > up) && (len > up))
+ up = MIN(len, MHLEN);
+# else
+ if ((MLEN > up) && (len > up))
+ up = MIN(len, MLEN);
+# endif
+ ip = ipf_pullup(m, fin, up, ip);
+ if (ip == NULL)
return -1;
- } else {
- ATOMIC_INCL(frstats[out].fr_pull[0]);
- m = *mp;
- ip = mtod(m, ip_t *);
- }
+ m = *mp;
# endif /* !linux */
# endif /* __sgi */
} else
@@ -937,9 +1041,14 @@
if ((u_int)ip & 0x3)
return 2;
+ fin->fin_mp = mp;
+ fin->fin_out = out;
fin->fin_qfm = m;
fin->fin_qif = qif;
# endif
+#else
+ fin->fin_mp = mp;
+ fin->fin_out = out;
#endif /* _KERNEL */
#ifndef __FreeBSD__
@@ -952,11 +1061,10 @@
#endif
changed = 0;
+ fin->fin_v = v;
fin->fin_ifp = ifp;
- fin->fin_v = v;
- fin->fin_out = out;
- fin->fin_mp = mp;
- fr_makefrip(hlen, ip, fin);
+ if (fr_makefrip(hlen, ip, fin) == -1)
+ return -1;
#ifdef _KERNEL
# ifdef USE_INET6
@@ -1120,6 +1228,10 @@
if (pass & FR_KEEPSTATE) {
if (fr_addstate(ip, fin, NULL, 0) == NULL) {
ATOMIC_INCL(frstats[out].fr_bads);
+ if (pass & FR_PASS) {
+ pass &= ~FR_PASS;
+ pass |= FR_BLOCK;
+ }
} else {
ATOMIC_INCL(frstats[out].fr_ads);
}
@@ -1306,6 +1418,12 @@
(void) ipfr_fastroute(ip, mc, &mc, fin, &fr->fr_dif);
}
# endif /* !SOLARIS */
+#if (OpenBSD >= 200311) && defined(_KERNEL)
+ if (pass & FR_PASS) {
+ ip->ip_len = htons(ip->ip_len);
+ ip->ip_off = htons(ip->ip_off);
+ }
+#endif
return (pass & FR_PASS) ? 0 : error;
#else /* _KERNEL */
if (pass & FR_NOMATCH)
@@ -1403,10 +1521,10 @@
/*
* Both sum and sum2 are partial sums, so combine them together.
*/
- sum = (sum & 0xffff) + (sum >> 16);
- sum = ~sum & 0xffff;
- sum2 += sum;
- sum2 = (sum2 & 0xffff) + (sum2 >> 16);
+ sum += ~sum2 & 0xffff;
+ while (sum > 0xffff)
+ sum = (sum & 0xffff) + (sum >> 16);
+ sum2 = ~sum & 0xffff;
# else /* defined(BSD) || defined(sun) */
{
union {
@@ -1543,7 +1661,7 @@
* SUCH DAMAGE.
*
* @(#)uipc_mbuf.c 8.2 (Berkeley) 1/4/94
- * $Id: fil.c,v 2.35.2.67 2002/12/06 13:28:05 darrenr Exp $
+ * $Id: fil.c,v 2.35.2.82 2004/06/20 10:27:47 darrenr Exp $
*/
/*
* Copy data from an mbuf chain starting "off" bytes from the beginning,
@@ -1975,12 +2093,40 @@
static void frsynclist(fr)
register frentry_t *fr;
{
+ frdest_t *fdp;
+ int i;
+
for (; fr; fr = fr->fr_next) {
- if (fr->fr_ifa != NULL) {
- fr->fr_ifa = GETUNIT(fr->fr_ifname, fr->fr_ip.fi_v);
- if (fr->fr_ifa == NULL)
- fr->fr_ifa = (void *)-1;
+ for (i = 0; i < 4; i++) {
+ if ((fr->fr_ifnames[i][1] == '\0') &&
+ ((fr->fr_ifnames[i][0] == '-') ||
+ (fr->fr_ifnames[i][0] == '*'))) {
+ fr->fr_ifas[i] = NULL;
+ } else if (*fr->fr_ifnames[i]) {
+ fr->fr_ifas[i] = GETUNIT(fr->fr_ifnames[i],
+ fr->fr_v);
+ if (!fr->fr_ifas[i])
+ fr->fr_ifas[i] = (void *)-1;
+ }
+ }
+
+ fdp = &fr->fr_dif;
+ fr->fr_flags &= ~FR_DUP;
+ if (*fdp->fd_ifname) {
+ fdp->fd_ifp = GETUNIT(fdp->fd_ifname, fr->fr_v);
+ if (!fdp->fd_ifp)
+ fdp->fd_ifp = (struct ifnet *)-1;
+ else
+ fr->fr_flags |= FR_DUP;
+ }
+
+ fdp = &fr->fr_tif;
+ if (*fdp->fd_ifname) {
+ fdp->fd_ifp = GETUNIT(fdp->fd_ifname, fr->fr_v);
+ if (!fdp->fd_ifp)
+ fdp->fd_ifp = (struct ifnet *)-1;
}
+
if (fr->fr_grp)
frsynclist(fr->fr_grp);
}
@@ -2013,6 +2159,9 @@
IFNET_RUNLOCK();
# endif
ip_natsync((struct ifnet *)-1);
+# if defined(__FreeBSD_version) && (__FreeBSD_version >= 500043)
+ IFNET_RUNLOCK();
+# endif
# endif /* !SOLARIS */
WRITE_ENTER(&ipf_mutex);
@@ -2241,3 +2390,64 @@
return ip->ip_len;
}
#endif
+
+
+#if defined(_KERNEL) && !defined(__sgi)
+void *ipf_pullup(m, fin, len, ipin)
+mb_t *m;
+fr_info_t *fin;
+int len;
+void *ipin;
+{
+# if SOLARIS
+ qif_t *qf = fin->fin_qif;
+# endif
+ int out = fin->fin_out, dpoff, ipoff;
+ char *ip;
+
+ if (m == NULL)
+ return NULL;
+
+ ipoff = (char *)ipin - MTOD(m, char *);
+ if (fin->fin_dp != NULL)
+ dpoff = (char *)fin->fin_dp - (char *)ipin;
+ else
+ dpoff = 0;
+
+ if (M_BLEN(m) < len) {
+# if SOLARIS
+ qif_t *qf = fin->fin_qif;
+ int inc = 0;
+
+ if (ipoff > 0) {
+ if ((ipoff & 3) != 0) {
+ inc = 4 - (ipoff & 3);
+ if (m->b_rptr - inc >= m->b_datap->db_base)
+ m->b_rptr -= inc;
+ else
+ inc = 0;
+ }
+ }
+ if (!pullupmsg(m, len + ipoff + inc)) {
+ ATOMIC_INCL(frstats[out].fr_pull[1]);
+ return NULL;
+ }
+ m->b_rptr += inc;
+ ATOMIC_INCL(frstats[out].fr_pull[0]);
+ qf->qf_data = MTOD(m, char *) + ipoff;
+# else
+ m = m_pullup(m, len);
+ *fin->fin_mp = m;
+ if (m == NULL) {
+ ATOMIC_INCL(frstats[out].fr_pull[1]);
+ return NULL;
+ }
+ ATOMIC_INCL(frstats[out].fr_pull[0]);
+# endif /* SOLARIS */
+ }
+ ip = MTOD(m, char *) + ipoff;
+ if (fin->fin_dp != NULL)
+ fin->fin_dp = (char *)ip + dpoff;
+ return ip;
+}
+#endif /* _KERNEL */
==== //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_auth.c#2 (text+ko) ====
@@ -105,7 +105,7 @@
#if !defined(lint)
/* static const char rcsid[] = "@(#)$Id: ip_auth.c,v 2.11.2.12 2001/07/18 14:57:08 darrenr Exp $"; */
-static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/ip_auth.c,v 1.33 2003/03/04 23:19:55 jlemon Exp $";
+static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/ip_auth.c,v 1.34 2004/06/21 22:46:35 darrenr Exp $";
#endif
@@ -320,7 +320,9 @@
#endif
{
mb_t *m;
-#if defined(_KERNEL) && !SOLARIS
+#if defined(_KERNEL) && !SOLARIS && \
+ (!defined(__FreeBSD_version) || (__FreeBSD_version < 501000))
+ struct ifqueue *ifq;
int s;
#endif
frauth_t auth, *au = &auth, *fra;
@@ -423,8 +425,8 @@
bzero((char *)&ro, sizeof(ro));
# if ((_BSDI_VERSION >= 199802) && (_BSDI_VERSION < 200005)) || \
- defined(__OpenBSD__) || (defined(IRIX) && (IRIX >= 605)) || \
- (__FreeBSD_version >= 500042)
+ defined(__OpenBSD__) || (defined(IRIX) && (IRIX >= 605)) || \
+ (__FreeBSD_version >= 470102)
error = ip_output(m, NULL, &ro, IP_FORWARDING, NULL,
NULL);
# else
@@ -442,8 +444,22 @@
# if SOLARIS
error = (fr_qin(fra->fra_q, m) == 0) ? EINVAL : 0;
# else /* SOLARIS */
- if (! netisr_queue(NETISR_IP, m))
+# if __FreeBSD_version >= 501104
+ if (! netisr_dispatch(NETISR_IP, m))
+ error = ENOBUFS;
+# else
+ ifq = &ipintrq;
+ if (IF_QFULL(ifq)) {
+ IF_DROP(ifq);
+ m_freem(m);
error = ENOBUFS;
+ } else {
+ IF_ENQUEUE(ifq, m);
+# if IRIX < 605
+ schednetisr(NETISR_IP);
+# endif
+ }
+# endif
# endif /* SOLARIS */
if (error)
fr_authstats.fas_quefail++;
==== //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_compat.h#3 (text+ko) ====
@@ -5,7 +5,7 @@
*
* @(#)ip_compat.h 1.8 1/14/96
* $Id: ip_compat.h,v 2.26.2.9 2001/01/14 14:58:01 darrenr Exp $
- * $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_compat.h,v 1.22 2004/06/08 23:52:22 darrenr Exp $
+ * $FreeBSD: src/sys/contrib/ipfilter/netinet/ip_compat.h,v 1.23 2004/06/21 22:46:35 darrenr Exp $
*/
#ifndef __IP_COMPAT_H__
@@ -66,7 +66,7 @@
#if defined(__sgi) || defined(bsdi)
struct ether_addr {
- u_char ether_addr_octet[6];
+ u_char ether_addr_octet[6];
};
#endif
@@ -164,6 +164,7 @@
# define V4_PART_OF_V6(v6) v6.s6_addr32[3]
# endif
# endif
+# define M_BLEN(m) ((m)->b_wptr - (m)->b_rptr)
typedef struct qif {
struct qif *qf_next;
@@ -173,6 +174,7 @@
void *qf_optr;
queue_t *qf_in;
queue_t *qf_out;
+ void *qf_data; /* layer 3 header pointer */
struct qinit *qf_wqinfo;
struct qinit *qf_rqinfo;
struct qinit qf_wqinit;
@@ -525,6 +527,7 @@
# ifndef linux
# define FREE_MB_T(m) m_freem(m)
# define MTOD(m,t) mtod(m,t)
+# define M_BLEN(m) (m)->m_len
# define IRCOPY(a,b,c) (bcopy((a), (b), (c)), 0)
# define IWCOPY(a,b,c) (bcopy((a), (b), (c)), 0)
# define IRCOPYPTR ircopyptr
@@ -963,7 +966,7 @@
__u32 th_seq;
__u32 th_ack;
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
- defined(vax)
+ defined(__vax__)
__u8 th_res:4;
__u8 th_off:4;
#else
@@ -985,7 +988,7 @@
typedef struct {
# if defined(__i386__) || defined(__MIPSEL__) || defined(__alpha__) ||\
- defined(vax)
+ defined(__vax__)
__u8 ip_hl:4;
__u8 ip_v:4;
# else
@@ -1209,8 +1212,8 @@
#define ICMPERR_MINPKTLEN (20 + 8 + 20)
#define ICMPERR_MAXPKTLEN (20 + 8 + 20 + 8)
#define ICMP6_MINLEN 8
-#define ICMP6ERR_MINPKTLEN (40 + 8)
-#define ICMP6ERR_IPICMPHLEN (40 + 8 + 40)
+#define ICMP6ERR_IPICMPHLEN (40 + 8)
+#define ICMP6ERR_MINPKTLEN (40 + 8 + 40)
#ifndef ICMP6_DST_UNREACH
# define ICMP6_DST_UNREACH 1
==== //depot/projects/netperf_socket/sys/contrib/ipfilter/netinet/ip_fil.c#4 (text+ko) ====
@@ -131,7 +131,7 @@
#if !defined(lint)
static const char sccsid[] = "@(#)ip_fil.c 2.41 6/5/96 (C) 1993-2000 Darren Reed";
/* static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.34 2001/07/23 13:49:57 darrenr Exp $"; */
-static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/ip_fil.c,v 1.44 2004/06/16 09:46:34 phk Exp $";
+static const char rcsid[] = "@(#)$FreeBSD: src/sys/contrib/ipfilter/netinet/ip_fil.c,v 1.46 2004/06/22 02:44:06 darrenr Exp $";
#endif
extern struct protosw inetsw[];
@@ -537,7 +537,7 @@
# if (__NetBSD_Version__ >= 105150000) || (__FreeBSD_version >= 501108)
struct pfil_head *ph_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
# ifdef USE_INET6
- struct pfil_head *ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
+ struct pfil_head *ph_inet6 = pfil_head_get(PFIL_TYPE_AF, AF_INET6);
# endif
# endif
#endif
@@ -1055,8 +1055,8 @@
while ((f = *ftail))
ftail = &f->fr_next;
else {
+ ftail = fprev;
if (fp->fr_hits) {
- ftail = fprev;
while (--fp->fr_hits && (f = *ftail))
ftail = &f->fr_next;
}
@@ -1310,7 +1310,7 @@
frn.fin_ifp = fin->fin_ifp;
frn.fin_v = fin->fin_v;
frn.fin_out = fin->fin_out;
- frn.fin_mp = fin->fin_mp;
+ frn.fin_mp = mp;
ip = mtod(m, ip_t *);
hlen = sizeof(*ip);
@@ -1354,9 +1354,10 @@
m->m_pkthdr.rcvif = NULL;
# endif
- fr_makefrip(hlen, ip, &frn);
-
- error = ipfr_fastroute(m, mp, &frn, NULL);
+ if (fr_makefrip(hlen, ip, &frn) == 0)
+ error = ipfr_fastroute(m, mp, &frn, NULL);
+ else
+ error = EINVAL;
return error;
}
@@ -1489,7 +1490,13 @@
#endif
if (avail) {
+ slen = oip->ip_len;
+ oip->ip_len = htons(oip->ip_len);
+ soff = oip->ip_off;
+ oip->ip_off = htons(oip->ip_off);
bcopy((char *)oip, (char *)&icmp->icmp_ip, MIN(ohlen, avail));
+ oip->ip_len = slen;
+ oip->ip_off = soff;
avail -= MIN(ohlen, avail);
}
@@ -1510,10 +1517,6 @@
} else
#endif
{
- slen = oip->ip_len;
- oip->ip_len = htons(oip->ip_len);
- soff = oip->ip_off;
- oip->ip_off = htons(ip->ip_off);
ip->ip_src.s_addr = dst4.s_addr;
ip->ip_dst.s_addr = oip->ip_src.s_addr;
@@ -1533,13 +1536,7 @@
fin->fin_hlen = hlen;
err = send_ip(oip, fin, &m);
fin->fin_hlen = shlen;
-#ifdef USE_INET6
- if (fin->fin_v == 4)
-#endif
- {
- oip->ip_len = slen;
- oip->ip_off = soff;
- }
+
return err;
}
@@ -1597,7 +1594,7 @@
register struct ip *ip, *mhip;
register struct mbuf *m = m0;
register struct route *ro;
- int len, off, error = 0, hlen, code;
+ int len, off, error = 0, hlen, code, sout;
struct ifnet *ifp, *sifp;
struct sockaddr_in *dst;
struct route iproute;
@@ -1663,7 +1660,7 @@
/*
* Route packet.
*/
-#if defined(__sgi) && (IRIX >= 605)
+#if (defined(IRIX) && (IRIX >= 605))
ROUTE_RDLOCK();
#endif
bzero((caddr_t)ro, sizeof (*ro));
@@ -1682,8 +1679,12 @@
* check that we're going in the correct direction.
*/
if ((fr != NULL) && (fin->fin_rev != 0)) {
- if ((ifp != NULL) && (fdp == &fr->fr_tif))
+ if ((ifp != NULL) && (fdp == &fr->fr_tif)) {
+# if (defined(IRIX) && (IRIX >= 605))
+ ROUTE_UNLOCK();
+# endif
return 0;
+ }
} else if (fdp != NULL) {
if (fdp->fd_ip.s_addr != 0)
dst->sin_addr = fdp->fd_ip;
@@ -1703,13 +1704,12 @@
rtalloc(ro);
# endif
-#if defined(__sgi) && (IRIX > 602)
- ROUTE_UNLOCK();
-#endif
-
if (!ifp) {
if (!fr || !(fr->fr_flags & FR_FASTROUTE)) {
error = -2;
+# if (defined(IRIX) && (IRIX >= 605))
+ ROUTE_UNLOCK();
+# endif
goto bad;
}
}
@@ -1722,11 +1722,14 @@
error = EHOSTUNREACH;
else
error = ENETUNREACH;
+# if (defined(IRIX) && (IRIX >= 605))
+ ROUTE_UNLOCK();
+# endif
goto bad;
}
if (ro->ro_rt->rt_flags & RTF_GATEWAY) {
-#if BSD >= 199306
+#if (BSD >= 199306) || (defined(IRIX) && (IRIX >= 605))
dst = (struct sockaddr_in *)ro->ro_rt->rt_gateway;
#else
dst = (struct sockaddr_in *)&ro->ro_rt->rt_gateway;
@@ -1734,6 +1737,10 @@
}
ro->ro_rt->rt_use++;
+#if (defined(IRIX) && (IRIX > 602))
+ ROUTE_UNLOCK();
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list