![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ip_icmp.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Apple XNU] / XNU / bsd / netinet|
Return to ip_icmp.c CVS log | Up to [Apple XNU] / XNU / bsd / netinet |
1.1 ! root 1: /* ! 2: * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. ! 3: * ! 4: * @APPLE_LICENSE_HEADER_START@ ! 5: * ! 6: * The contents of this file constitute Original Code as defined in and ! 7: * are subject to the Apple Public Source License Version 1.1 (the ! 8: * "License"). You may not use this file except in compliance with the ! 9: * License. Please obtain a copy of the License at ! 10: * http://www.apple.com/publicsource and read it before using this file. ! 11: * ! 12: * This Original Code and all software distributed under the License are ! 13: * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER ! 14: * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, ! 15: * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, ! 16: * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the ! 17: * License for the specific language governing rights and limitations ! 18: * under the License. ! 19: * ! 20: * @APPLE_LICENSE_HEADER_END@ ! 21: */ ! 22: /* ! 23: * Copyright (c) 1982, 1986, 1988, 1993 ! 24: * The Regents of the University of California. All rights reserved. ! 25: * ! 26: * Redistribution and use in source and binary forms, with or without ! 27: * modification, are permitted provided that the following conditions ! 28: * are met: ! 29: * 1. Redistributions of source code must retain the above copyright ! 30: * notice, this list of conditions and the following disclaimer. ! 31: * 2. Redistributions in binary form must reproduce the above copyright ! 32: * notice, this list of conditions and the following disclaimer in the ! 33: * documentation and/or other materials provided with the distribution. ! 34: * 3. All advertising materials mentioning features or use of this software ! 35: * must display the following acknowledgement: ! 36: * This product includes software developed by the University of ! 37: * California, Berkeley and its contributors. ! 38: * 4. Neither the name of the University nor the names of its contributors ! 39: * may be used to endorse or promote products derived from this software ! 40: * without specific prior written permission. ! 41: * ! 42: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ! 43: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ! 44: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ! 45: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ! 46: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ! 47: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ! 48: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ! 49: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ! 50: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ! 51: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ! 52: * SUCH DAMAGE. ! 53: * ! 54: * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94 ! 55: */ ! 56: ! 57: #include <sys/param.h> ! 58: #include <sys/systm.h> ! 59: #include <sys/mbuf.h> ! 60: #include <sys/protosw.h> ! 61: #include <sys/socket.h> ! 62: #include <sys/time.h> ! 63: #include <sys/kernel.h> ! 64: #include <sys/sysctl.h> ! 65: ! 66: #include <net/if.h> ! 67: #include <net/route.h> ! 68: ! 69: #define _IP_VHL ! 70: #include <netinet/in.h> ! 71: #include <netinet/in_systm.h> ! 72: #include <netinet/in_var.h> ! 73: #include <netinet/ip.h> ! 74: #include <netinet/ip_icmp.h> ! 75: #include <netinet/ip_var.h> ! 76: #include <netinet/icmp_var.h> ! 77: ! 78: /* ! 79: * ICMP routines: error generation, receive packet processing, and ! 80: * routines to turnaround packets back to the originator, and ! 81: * host table maintenance routines. ! 82: */ ! 83: ! 84: static struct icmpstat icmpstat; ! 85: SYSCTL_STRUCT(_net_inet_icmp, ICMPCTL_STATS, stats, CTLFLAG_RD, ! 86: &icmpstat, icmpstat, ""); ! 87: ! 88: static int icmpmaskrepl = 0; ! 89: SYSCTL_INT(_net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_RW, ! 90: &icmpmaskrepl, 0, ""); ! 91: ! 92: #if ICMP_BANDLIM ! 93: ! 94: /* ! 95: * ICMP error-response bandwidth limiting sysctl. If not enabled, sysctl ! 96: * variable content is -1 and read-only. ! 97: */ ! 98: ! 99: static int icmplim = 100; ! 100: SYSCTL_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RW, ! 101: &icmplim, 0, ""); ! 102: #else ! 103: ! 104: static int icmplim = -1; ! 105: SYSCTL_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RD, ! 106: &icmplim, 0, ""); ! 107: ! 108: #endif ! 109: ! 110: /* ! 111: * ICMP broadcast echo sysctl ! 112: */ ! 113: ! 114: static int icmpbmcastecho = 0; ! 115: SYSCTL_INT(_net_inet_icmp, OID_AUTO, bmcastecho, CTLFLAG_RW, &icmpbmcastecho, ! 116: 0, ""); ! 117: ! 118: ! 119: #if ICMPPRINTFS ! 120: int icmpprintfs = 0; ! 121: #endif ! 122: ! 123: static void icmp_reflect __P((struct mbuf *)); ! 124: static void icmp_send __P((struct mbuf *, struct mbuf *)); ! 125: static int ip_next_mtu __P((int, int)); ! 126: ! 127: extern struct protosw inetsw[]; ! 128: ! 129: /* ! 130: * Generate an error packet of type error ! 131: * in response to bad packet ip. ! 132: */ ! 133: void ! 134: icmp_error(n, type, code, dest, destifp) ! 135: struct mbuf *n; ! 136: int type, code; ! 137: n_long dest; ! 138: struct ifnet *destifp; ! 139: { ! 140: register struct ip *oip = mtod(n, struct ip *), *nip; ! 141: register unsigned oiplen = IP_VHL_HL(oip->ip_vhl) << 2; ! 142: register struct icmp *icp; ! 143: register struct mbuf *m; ! 144: unsigned icmplen; ! 145: ! 146: #if ICMPPRINTFS ! 147: if (icmpprintfs) ! 148: printf("icmp_error(%p, %x, %d)\n", oip, type, code); ! 149: #endif ! 150: if (type != ICMP_REDIRECT) ! 151: icmpstat.icps_error++; ! 152: /* ! 153: * Don't send error if not the first fragment of message. ! 154: * Don't error if the old packet protocol was ICMP ! 155: * error message, only known informational types. ! 156: */ ! 157: if (oip->ip_off &~ (IP_MF|IP_DF)) ! 158: goto freeit; ! 159: if (oip->ip_p == IPPROTO_ICMP && type != ICMP_REDIRECT && ! 160: n->m_len >= oiplen + ICMP_MINLEN && ! 161: !ICMP_INFOTYPE(((struct icmp *)((caddr_t)oip + oiplen))->icmp_type)) { ! 162: icmpstat.icps_oldicmp++; ! 163: goto freeit; ! 164: } ! 165: /* Don't send error in response to a multicast or broadcast packet */ ! 166: if (n->m_flags & (M_BCAST|M_MCAST)) ! 167: goto freeit; ! 168: /* ! 169: * First, formulate icmp message ! 170: */ ! 171: m = m_gethdr(M_DONTWAIT, MT_HEADER); ! 172: if (m == NULL) ! 173: goto freeit; ! 174: icmplen = oiplen + min(8, oip->ip_len); ! 175: m->m_len = icmplen + ICMP_MINLEN; ! 176: MH_ALIGN(m, m->m_len); ! 177: icp = mtod(m, struct icmp *); ! 178: if ((u_int)type > ICMP_MAXTYPE) ! 179: panic("icmp_error"); ! 180: icmpstat.icps_outhist[type]++; ! 181: icp->icmp_type = type; ! 182: if (type == ICMP_REDIRECT) ! 183: icp->icmp_gwaddr.s_addr = dest; ! 184: else { ! 185: icp->icmp_void = 0; ! 186: /* ! 187: * The following assignments assume an overlay with the ! 188: * zeroed icmp_void field. ! 189: */ ! 190: if (type == ICMP_PARAMPROB) { ! 191: icp->icmp_pptr = code; ! 192: code = 0; ! 193: } else if (type == ICMP_UNREACH && ! 194: code == ICMP_UNREACH_NEEDFRAG && destifp) { ! 195: icp->icmp_nextmtu = htons(destifp->if_mtu); ! 196: } ! 197: } ! 198: ! 199: icp->icmp_code = code; ! 200: bcopy((caddr_t)oip, (caddr_t)&icp->icmp_ip, icmplen); ! 201: nip = &icp->icmp_ip; ! 202: nip->ip_len = htons((u_short)(nip->ip_len + oiplen)); ! 203: ! 204: /* ! 205: * Now, copy old ip header (without options) ! 206: * in front of icmp message. ! 207: */ ! 208: if (m->m_data - sizeof(struct ip) < m->m_pktdat) ! 209: panic("icmp len"); ! 210: m->m_data -= sizeof(struct ip); ! 211: m->m_len += sizeof(struct ip); ! 212: m->m_pkthdr.len = m->m_len; ! 213: m->m_pkthdr.rcvif = n->m_pkthdr.rcvif; ! 214: nip = mtod(m, struct ip *); ! 215: bcopy((caddr_t)oip, (caddr_t)nip, sizeof(struct ip)); ! 216: nip->ip_len = m->m_len; ! 217: nip->ip_vhl = IP_VHL_BORING; ! 218: nip->ip_p = IPPROTO_ICMP; ! 219: nip->ip_tos = 0; ! 220: icmp_reflect(m); ! 221: ! 222: freeit: ! 223: m_freem(n); ! 224: } ! 225: ! 226: static struct sockaddr_in icmpsrc = { sizeof (struct sockaddr_in), AF_INET }; ! 227: static struct sockaddr_in icmpdst = { sizeof (struct sockaddr_in), AF_INET }; ! 228: static struct sockaddr_in icmpgw = { sizeof (struct sockaddr_in), AF_INET }; ! 229: ! 230: /* ! 231: * Process a received ICMP message. ! 232: */ ! 233: void ! 234: icmp_input(m, hlen) ! 235: register struct mbuf *m; ! 236: int hlen; ! 237: { ! 238: register struct icmp *icp; ! 239: register struct ip *ip = mtod(m, struct ip *); ! 240: int icmplen = ip->ip_len; ! 241: register int i; ! 242: struct in_ifaddr *ia; ! 243: void (*ctlfunc) __P((int, struct sockaddr *, void *)); ! 244: int code; ! 245: ! 246: /* ! 247: * Locate icmp structure in mbuf, and check ! 248: * that not corrupted and of at least minimum length. ! 249: */ ! 250: #if ICMPPRINTFS ! 251: if (icmpprintfs) { ! 252: char buf[4 * sizeof "123"]; ! 253: strcpy(buf, inet_ntoa(ip->ip_src)); ! 254: printf("icmp_input from %s to %s, len %d\n", ! 255: buf, inet_ntoa(ip->ip_dst), icmplen); ! 256: } ! 257: #endif ! 258: if (icmplen < ICMP_MINLEN) { ! 259: icmpstat.icps_tooshort++; ! 260: goto freeit; ! 261: } ! 262: i = hlen + min(icmplen, ICMP_ADVLENMIN); ! 263: if (m->m_len < i && (m = m_pullup(m, i)) == 0) { ! 264: icmpstat.icps_tooshort++; ! 265: return; ! 266: } ! 267: ip = mtod(m, struct ip *); ! 268: m->m_len -= hlen; ! 269: m->m_data += hlen; ! 270: icp = mtod(m, struct icmp *); ! 271: if (in_cksum(m, icmplen)) { ! 272: icmpstat.icps_checksum++; ! 273: goto freeit; ! 274: } ! 275: m->m_len += hlen; ! 276: m->m_data -= hlen; ! 277: ! 278: #if ICMPPRINTFS ! 279: if (icmpprintfs) ! 280: printf("icmp_input, type %d code %d\n", icp->icmp_type, ! 281: icp->icmp_code); ! 282: #endif ! 283: ! 284: /* ! 285: * Message type specific processing. ! 286: */ ! 287: if (icp->icmp_type > ICMP_MAXTYPE) ! 288: goto raw; ! 289: icmpstat.icps_inhist[icp->icmp_type]++; ! 290: code = icp->icmp_code; ! 291: switch (icp->icmp_type) { ! 292: ! 293: case ICMP_UNREACH: ! 294: switch (code) { ! 295: case ICMP_UNREACH_NET: ! 296: case ICMP_UNREACH_HOST: ! 297: case ICMP_UNREACH_PROTOCOL: ! 298: case ICMP_UNREACH_PORT: ! 299: case ICMP_UNREACH_SRCFAIL: ! 300: code += PRC_UNREACH_NET; ! 301: break; ! 302: ! 303: case ICMP_UNREACH_NEEDFRAG: ! 304: code = PRC_MSGSIZE; ! 305: break; ! 306: ! 307: case ICMP_UNREACH_NET_UNKNOWN: ! 308: case ICMP_UNREACH_NET_PROHIB: ! 309: case ICMP_UNREACH_TOSNET: ! 310: code = PRC_UNREACH_NET; ! 311: break; ! 312: ! 313: case ICMP_UNREACH_HOST_UNKNOWN: ! 314: case ICMP_UNREACH_ISOLATED: ! 315: case ICMP_UNREACH_HOST_PROHIB: ! 316: case ICMP_UNREACH_TOSHOST: ! 317: code = PRC_UNREACH_HOST; ! 318: break; ! 319: ! 320: case ICMP_UNREACH_FILTER_PROHIB: ! 321: case ICMP_UNREACH_HOST_PRECEDENCE: ! 322: case ICMP_UNREACH_PRECEDENCE_CUTOFF: ! 323: code = PRC_UNREACH_PORT; ! 324: break; ! 325: ! 326: default: ! 327: goto badcode; ! 328: } ! 329: goto deliver; ! 330: ! 331: case ICMP_TIMXCEED: ! 332: if (code > 1) ! 333: goto badcode; ! 334: code += PRC_TIMXCEED_INTRANS; ! 335: goto deliver; ! 336: ! 337: case ICMP_PARAMPROB: ! 338: if (code > 1) ! 339: goto badcode; ! 340: code = PRC_PARAMPROB; ! 341: goto deliver; ! 342: ! 343: case ICMP_SOURCEQUENCH: ! 344: if (code) ! 345: goto badcode; ! 346: code = PRC_QUENCH; ! 347: deliver: ! 348: /* ! 349: * Problem with datagram; advise higher level routines. ! 350: */ ! 351: if (icmplen < ICMP_ADVLENMIN || icmplen < ICMP_ADVLEN(icp) || ! 352: IP_VHL_HL(icp->icmp_ip.ip_vhl) < (sizeof(struct ip) >> 2)) { ! 353: icmpstat.icps_badlen++; ! 354: goto freeit; ! 355: } ! 356: NTOHS(icp->icmp_ip.ip_len); ! 357: /* Discard ICMP's in response to multicast packets */ ! 358: if (IN_MULTICAST(ntohl(icp->icmp_ip.ip_dst.s_addr))) ! 359: goto badcode; ! 360: #if ICMPPRINTFS ! 361: if (icmpprintfs) ! 362: printf("deliver to protocol %d\n", icp->icmp_ip.ip_p); ! 363: #endif ! 364: icmpsrc.sin_addr = icp->icmp_ip.ip_dst; ! 365: #if 1 ! 366: /* ! 367: * MTU discovery: ! 368: * If we got a needfrag and there is a host route to the ! 369: * original destination, and the MTU is not locked, then ! 370: * set the MTU in the route to the suggested new value ! 371: * (if given) and then notify as usual. The ULPs will ! 372: * notice that the MTU has changed and adapt accordingly. ! 373: * If no new MTU was suggested, then we guess a new one ! 374: * less than the current value. If the new MTU is ! 375: * unreasonably small (arbitrarily set at 296), then ! 376: * we reset the MTU to the interface value and enable the ! 377: * lock bit, indicating that we are no longer doing MTU ! 378: * discovery. ! 379: */ ! 380: if (code == PRC_MSGSIZE) { ! 381: struct rtentry *rt; ! 382: int mtu; ! 383: ! 384: rt = rtalloc1((struct sockaddr *)&icmpsrc, 0, ! 385: RTF_CLONING | RTF_PRCLONING); ! 386: if (rt && (rt->rt_flags & RTF_HOST) ! 387: && !(rt->rt_rmx.rmx_locks & RTV_MTU)) { ! 388: mtu = ntohs(icp->icmp_nextmtu); ! 389: if (!mtu) ! 390: mtu = ip_next_mtu(rt->rt_rmx.rmx_mtu, ! 391: 1); ! 392: #if DEBUG_MTUDISC ! 393: printf("MTU for %s reduced to %d\n", ! 394: inet_ntoa(icmpsrc.sin_addr), mtu); ! 395: #endif ! 396: if (mtu < 296) { ! 397: /* rt->rt_rmx.rmx_mtu = ! 398: rt->rt_ifp->if_mtu; */ ! 399: rt->rt_rmx.rmx_locks |= RTV_MTU; ! 400: } else if (rt->rt_rmx.rmx_mtu > mtu) { ! 401: rt->rt_rmx.rmx_mtu = mtu; ! 402: } ! 403: } ! 404: if (rt) ! 405: RTFREE(rt); ! 406: } ! 407: ! 408: #endif ! 409: ctlfunc = ip_protox[icp->icmp_ip.ip_p]->pr_ctlinput; ! 410: if (ctlfunc) ! 411: (*ctlfunc)(code, (struct sockaddr *)&icmpsrc, ! 412: (void *)&icp->icmp_ip); ! 413: break; ! 414: ! 415: badcode: ! 416: icmpstat.icps_badcode++; ! 417: break; ! 418: ! 419: case ICMP_ECHO: ! 420: if (!icmpbmcastecho ! 421: && (m->m_flags & (M_MCAST | M_BCAST)) != 0) { ! 422: icmpstat.icps_bmcastecho++; ! 423: break; ! 424: } ! 425: icp->icmp_type = ICMP_ECHOREPLY; ! 426: goto reflect; ! 427: ! 428: case ICMP_TSTAMP: ! 429: if (!icmpbmcastecho ! 430: && (m->m_flags & (M_MCAST | M_BCAST)) != 0) { ! 431: icmpstat.icps_bmcasttstamp++; ! 432: break; ! 433: } ! 434: if (icmplen < ICMP_TSLEN) { ! 435: icmpstat.icps_badlen++; ! 436: break; ! 437: } ! 438: icp->icmp_type = ICMP_TSTAMPREPLY; ! 439: icp->icmp_rtime = iptime(); ! 440: icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */ ! 441: goto reflect; ! 442: ! 443: case ICMP_MASKREQ: ! 444: #define satosin(sa) ((struct sockaddr_in *)(sa)) ! 445: if (icmpmaskrepl == 0) ! 446: break; ! 447: /* ! 448: * We are not able to respond with all ones broadcast ! 449: * unless we receive it over a point-to-point interface. ! 450: */ ! 451: if (icmplen < ICMP_MASKLEN) ! 452: break; ! 453: switch (ip->ip_dst.s_addr) { ! 454: ! 455: case INADDR_BROADCAST: ! 456: case INADDR_ANY: ! 457: icmpdst.sin_addr = ip->ip_src; ! 458: break; ! 459: ! 460: default: ! 461: icmpdst.sin_addr = ip->ip_dst; ! 462: } ! 463: ia = (struct in_ifaddr *)ifaof_ifpforaddr( ! 464: (struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif); ! 465: if (ia == 0) ! 466: break; ! 467: if (ia->ia_ifp == 0) ! 468: break; ! 469: icp->icmp_type = ICMP_MASKREPLY; ! 470: icp->icmp_mask = ia->ia_sockmask.sin_addr.s_addr; ! 471: if (ip->ip_src.s_addr == 0) { ! 472: if (ia->ia_ifp->if_flags & IFF_BROADCAST) ! 473: ip->ip_src = satosin(&ia->ia_broadaddr)->sin_addr; ! 474: else if (ia->ia_ifp->if_flags & IFF_POINTOPOINT) ! 475: ip->ip_src = satosin(&ia->ia_dstaddr)->sin_addr; ! 476: } ! 477: reflect: ! 478: ip->ip_len += hlen; /* since ip_input deducts this */ ! 479: icmpstat.icps_reflect++; ! 480: icmpstat.icps_outhist[icp->icmp_type]++; ! 481: icmp_reflect(m); ! 482: return; ! 483: ! 484: case ICMP_REDIRECT: ! 485: if (code > 3) ! 486: goto badcode; ! 487: if (icmplen < ICMP_ADVLENMIN || icmplen < ICMP_ADVLEN(icp) || ! 488: IP_VHL_HL(icp->icmp_ip.ip_vhl) < (sizeof(struct ip) >> 2)) { ! 489: icmpstat.icps_badlen++; ! 490: break; ! 491: } ! 492: /* ! 493: * Short circuit routing redirects to force ! 494: * immediate change in the kernel's routing ! 495: * tables. The message is also handed to anyone ! 496: * listening on a raw socket (e.g. the routing ! 497: * daemon for use in updating its tables). ! 498: */ ! 499: icmpgw.sin_addr = ip->ip_src; ! 500: icmpdst.sin_addr = icp->icmp_gwaddr; ! 501: #if ICMPPRINTFS ! 502: if (icmpprintfs) { ! 503: char buf[4 * sizeof "123"]; ! 504: strcpy(buf, inet_ntoa(icp->icmp_ip.ip_dst)); ! 505: ! 506: printf("redirect dst %s to %s\n", ! 507: buf, inet_ntoa(icp->icmp_gwaddr)); ! 508: } ! 509: #endif ! 510: icmpsrc.sin_addr = icp->icmp_ip.ip_dst; ! 511: rtredirect((struct sockaddr *)&icmpsrc, ! 512: (struct sockaddr *)&icmpdst, ! 513: (struct sockaddr *)0, RTF_GATEWAY | RTF_HOST, ! 514: (struct sockaddr *)&icmpgw, (struct rtentry **)0); ! 515: pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&icmpsrc); ! 516: break; ! 517: ! 518: /* ! 519: * No kernel processing for the following; ! 520: * just fall through to send to raw listener. ! 521: */ ! 522: case ICMP_ECHOREPLY: ! 523: case ICMP_ROUTERADVERT: ! 524: case ICMP_ROUTERSOLICIT: ! 525: case ICMP_TSTAMPREPLY: ! 526: case ICMP_IREQREPLY: ! 527: case ICMP_MASKREPLY: ! 528: default: ! 529: break; ! 530: } ! 531: ! 532: raw: ! 533: rip_input(m, hlen); ! 534: return; ! 535: ! 536: freeit: ! 537: m_freem(m); ! 538: } ! 539: ! 540: /* ! 541: * Reflect the ip packet back to the source ! 542: */ ! 543: static void ! 544: icmp_reflect(m) ! 545: struct mbuf *m; ! 546: { ! 547: register struct ip *ip = mtod(m, struct ip *); ! 548: register struct in_ifaddr *ia; ! 549: struct in_addr t; ! 550: struct mbuf *opts = 0; ! 551: int optlen = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof(struct ip); ! 552: ! 553: if (!in_canforward(ip->ip_src) && ! 554: ((ntohl(ip->ip_src.s_addr) & IN_CLASSA_NET) != ! 555: (IN_LOOPBACKNET << IN_CLASSA_NSHIFT))) { ! 556: m_freem(m); /* Bad return address */ ! 557: goto done; /* Ip_output() will check for broadcast */ ! 558: } ! 559: t = ip->ip_dst; ! 560: ip->ip_dst = ip->ip_src; ! 561: /* ! 562: * If the incoming packet was addressed directly to us, ! 563: * use dst as the src for the reply. Otherwise (broadcast ! 564: * or anonymous), use the address which corresponds ! 565: * to the incoming interface. ! 566: */ ! 567: for (ia = in_ifaddrhead.tqh_first; ia; ia = ia->ia_link.tqe_next) { ! 568: if (t.s_addr == IA_SIN(ia)->sin_addr.s_addr) ! 569: break; ! 570: if (ia->ia_ifp && (ia->ia_ifp->if_flags & IFF_BROADCAST) && ! 571: t.s_addr == satosin(&ia->ia_broadaddr)->sin_addr.s_addr) ! 572: break; ! 573: } ! 574: icmpdst.sin_addr = t; ! 575: if ((ia == (struct in_ifaddr *)0) && m->m_pkthdr.rcvif) ! 576: ia = (struct in_ifaddr *)ifaof_ifpforaddr( ! 577: (struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif); ! 578: /* ! 579: * The following happens if the packet was not addressed to us, ! 580: * and was received on an interface with no IP address. ! 581: */ ! 582: if (ia == (struct in_ifaddr *)0) ! 583: ia = in_ifaddrhead.tqh_first; ! 584: t = IA_SIN(ia)->sin_addr; ! 585: ip->ip_src = t; ! 586: ip->ip_ttl = MAXTTL; ! 587: ! 588: if (optlen > 0) { ! 589: register u_char *cp; ! 590: int opt, cnt; ! 591: u_int len; ! 592: ! 593: /* ! 594: * Retrieve any source routing from the incoming packet; ! 595: * add on any record-route or timestamp options. ! 596: */ ! 597: cp = (u_char *) (ip + 1); ! 598: if ((opts = ip_srcroute()) == 0 && ! 599: (opts = m_gethdr(M_DONTWAIT, MT_HEADER))) { ! 600: opts->m_len = sizeof(struct in_addr); ! 601: mtod(opts, struct in_addr *)->s_addr = 0; ! 602: } ! 603: if (opts) { ! 604: #if ICMPPRINTFS ! 605: if (icmpprintfs) ! 606: printf("icmp_reflect optlen %d rt %d => ", ! 607: optlen, opts->m_len); ! 608: #endif ! 609: for (cnt = optlen; cnt > 0; cnt -= len, cp += len) { ! 610: opt = cp[IPOPT_OPTVAL]; ! 611: if (opt == IPOPT_EOL) ! 612: break; ! 613: if (opt == IPOPT_NOP) ! 614: len = 1; ! 615: else { ! 616: len = cp[IPOPT_OLEN]; ! 617: if (len <= 0 || len > cnt) ! 618: break; ! 619: } ! 620: /* ! 621: * Should check for overflow, but it "can't happen" ! 622: */ ! 623: if (opt == IPOPT_RR || opt == IPOPT_TS || ! 624: opt == IPOPT_SECURITY) { ! 625: bcopy((caddr_t)cp, ! 626: mtod(opts, caddr_t) + opts->m_len, len); ! 627: opts->m_len += len; ! 628: } ! 629: } ! 630: /* Terminate & pad, if necessary */ ! 631: cnt = opts->m_len % 4; ! 632: if (cnt) { ! 633: for (; cnt < 4; cnt++) { ! 634: *(mtod(opts, caddr_t) + opts->m_len) = ! 635: IPOPT_EOL; ! 636: opts->m_len++; ! 637: } ! 638: } ! 639: #if ICMPPRINTFS ! 640: if (icmpprintfs) ! 641: printf("%d\n", opts->m_len); ! 642: #endif ! 643: } ! 644: /* ! 645: * Now strip out original options by copying rest of first ! 646: * mbuf's data back, and adjust the IP length. ! 647: */ ! 648: ip->ip_len -= optlen; ! 649: ip->ip_vhl = IP_VHL_BORING; ! 650: m->m_len -= optlen; ! 651: if (m->m_flags & M_PKTHDR) ! 652: m->m_pkthdr.len -= optlen; ! 653: optlen += sizeof(struct ip); ! 654: bcopy((caddr_t)ip + optlen, (caddr_t)(ip + 1), ! 655: (unsigned)(m->m_len - sizeof(struct ip))); ! 656: } ! 657: m->m_flags &= ~(M_BCAST|M_MCAST); ! 658: icmp_send(m, opts); ! 659: done: ! 660: if (opts) ! 661: (void)m_free(opts); ! 662: } ! 663: ! 664: /* ! 665: * Send an icmp packet back to the ip level, ! 666: * after supplying a checksum. ! 667: */ ! 668: static void ! 669: icmp_send(m, opts) ! 670: register struct mbuf *m; ! 671: struct mbuf *opts; ! 672: { ! 673: register struct ip *ip = mtod(m, struct ip *); ! 674: register int hlen; ! 675: register struct icmp *icp; ! 676: struct route ro; ! 677: ! 678: hlen = IP_VHL_HL(ip->ip_vhl) << 2; ! 679: m->m_data += hlen; ! 680: m->m_len -= hlen; ! 681: icp = mtod(m, struct icmp *); ! 682: icp->icmp_cksum = 0; ! 683: icp->icmp_cksum = in_cksum(m, ip->ip_len - hlen); ! 684: m->m_data -= hlen; ! 685: m->m_len += hlen; ! 686: #if ICMPPRINTFS ! 687: if (icmpprintfs) { ! 688: char buf[4 * sizeof "123"]; ! 689: strcpy(buf, inet_ntoa(ip->ip_dst)); ! 690: printf("icmp_send dst %s src %s\n", ! 691: buf, inet_ntoa(ip->ip_src)); ! 692: } ! 693: #endif ! 694: bzero(&ro, sizeof ro); ! 695: (void) ip_output(m, opts, &ro, 0, NULL); ! 696: if (ro.ro_rt) ! 697: RTFREE(ro.ro_rt); ! 698: } ! 699: ! 700: n_time ! 701: iptime() ! 702: { ! 703: struct timeval atv; ! 704: u_long t; ! 705: ! 706: microtime(&atv); ! 707: t = (atv.tv_sec % (24*60*60)) * 1000 + atv.tv_usec / 1000; ! 708: return (htonl(t)); ! 709: } ! 710: ! 711: #if 1 ! 712: /* ! 713: * Return the next larger or smaller MTU plateau (table from RFC 1191) ! 714: * given current value MTU. If DIR is less than zero, a larger plateau ! 715: * is returned; otherwise, a smaller value is returned. ! 716: */ ! 717: static int ! 718: ip_next_mtu(mtu, dir) ! 719: int mtu; ! 720: int dir; ! 721: { ! 722: static int mtutab[] = { ! 723: 65535, 32000, 17914, 8166, 4352, 2002, 1492, 1006, 508, 296, ! 724: 68, 0 ! 725: }; ! 726: int i; ! 727: ! 728: for (i = 0; i < (sizeof mtutab) / (sizeof mtutab[0]); i++) { ! 729: if (mtu >= mtutab[i]) ! 730: break; ! 731: } ! 732: ! 733: if (dir < 0) { ! 734: if (i == 0) { ! 735: return 0; ! 736: } else { ! 737: return mtutab[i - 1]; ! 738: } ! 739: } else { ! 740: if (mtutab[i] == 0) { ! 741: return 0; ! 742: } else if(mtu > mtutab[i]) { ! 743: return mtutab[i]; ! 744: } else { ! 745: return mtutab[i + 1]; ! 746: } ! 747: } ! 748: } ! 749: #endif ! 750: ! 751: #if ICMP_BANDLIM ! 752: ! 753: /* ! 754: * badport_bandlim() - check for ICMP bandwidth limit ! 755: * ! 756: * Return 0 if it is ok to send an ICMP error response, -1 if we have ! 757: * hit our bandwidth limit and it is not ok. ! 758: * ! 759: * If icmplim is <= 0, the feature is disabled and 0 is returned. ! 760: * ! 761: * For now we separate the TCP and UDP subsystems w/ different 'which' ! 762: * values. We may eventually remove this separation (and simplify the ! 763: * code further). ! 764: * ! 765: * Note that the printing of the error message is delayed so we can ! 766: * properly print the icmp error rate that the system was trying to do ! 767: * (i.e. 22000/100 pps, etc...). This can cause long delays in printing ! 768: * the 'final' error, but it doesn't make sense to solve the printing ! 769: * delay with more complex code. ! 770: */ ! 771: ! 772: int ! 773: badport_bandlim(int which) ! 774: { ! 775: static int lticks[2]; ! 776: static int lpackets[2]; ! 777: int dticks; ! 778: ! 779: /* ! 780: * Return ok status if feature disabled or argument out of ! 781: * ranage. ! 782: */ ! 783: ! 784: if (icmplim <= 0 || which >= 2 || which < 0) ! 785: return(0); ! 786: dticks = ticks - lticks[which]; ! 787: ! 788: /* ! 789: * reset stats when cumulative dt exceeds one second. ! 790: */ ! 791: ! 792: if ((unsigned int)dticks > hz) { ! 793: if (lpackets[which] > icmplim) { ! 794: printf("icmp-response bandwidth limit %d/%d pps\n", ! 795: lpackets[which], ! 796: icmplim ! 797: ); ! 798: } ! 799: lticks[which] = ticks; ! 800: lpackets[which] = 0; ! 801: } ! 802: ! 803: /* ! 804: * bump packet count ! 805: */ ! 806: ! 807: if (++lpackets[which] > icmplim) { ! 808: return(-1); ! 809: } ! 810: return(0); ! 811: } ! 812: ! 813: #endif ! 814: ! 815:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.