diff options
| -rw-r--r-- | sys/net/if_gre.c | 23 | ||||
| -rw-r--r-- | sys/net/if_gre.h | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_gre.c | 67 |
3 files changed, 59 insertions, 37 deletions
diff --git a/sys/net/if_gre.c b/sys/net/if_gre.c index 9c41e71..47a74a3 100644 --- a/sys/net/if_gre.c +++ b/sys/net/if_gre.c @@ -1,4 +1,4 @@ -/* $NetBSD: if_gre.c,v 1.42 2002/08/14 00:23:27 itojun Exp $ */ +/* $NetBSD: if_gre.c,v 1.49 2003/12/11 00:22:29 itojun Exp $ */ /* $FreeBSD$ */ /* @@ -212,8 +212,7 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, struct gre_softc *sc = ifp->if_softc; struct greip *gh; struct ip *ip; - u_char osrc; - u_short etype = 0; + u_int16_t etype = 0; struct mobile_h mob_h; /* @@ -237,7 +236,6 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, gh = NULL; ip = NULL; - osrc = 0; if (ifp->if_bpf) { u_int32_t af = dst->sa_family; @@ -282,7 +280,7 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, msiz = MOB_H_SIZ_L; } mob_h.proto = htons(mob_h.proto); - mob_h.hcrc = gre_in_cksum((u_short *)&mob_h, msiz); + mob_h.hcrc = gre_in_cksum((u_int16_t *)&mob_h, msiz); if ((m->m_data - msiz) < m->m_pktdat) { /* need new mbuf */ @@ -365,13 +363,14 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, ((struct ip*)gh)->ip_ttl = GRE_TTL; ((struct ip*)gh)->ip_tos = ip->ip_tos; ((struct ip*)gh)->ip_id = ip->ip_id; - gh->gi_len = m->m_pkthdr.len; + gh->gi_len = htons(m->m_pkthdr.len); } ifp->if_opackets++; ifp->if_obytes += m->m_pkthdr.len; /* send it off */ - error = ip_output(m, NULL, &sc->route, 0, NULL, NULL); + error = ip_output(m, NULL, &sc->route, 0, + (struct ip_moptions *)NULL, (struct inpcb *)NULL); end: sc->called = 0; if (error) @@ -620,7 +619,7 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) * which would be taken by ip_output(), as this one will loop back to * us. If the interface is p2p as a--->b, then a routing entry exists * If we now send a packet to b (e.g. ping b), this will come down here - * gets src=a, dst=b tacked on and would from ip_ouput() sent back to + * gets src=a, dst=b tacked on and would from ip_output() sent back to * if_gre. * Goal here is to compute a route to b that is less specific than * a-->b. We know that this one exists as in normal operation we have @@ -656,7 +655,7 @@ gre_compute_route(struct gre_softc *sc) } #ifdef DIAGNOSTIC - printf("%s: searching a route to %s", if_name(&sc->sc_if), + printf("%s: searching for a route to %s", if_name(&sc->sc_if), inet_ntoa(((struct sockaddr_in *)&ro->ro_dst)->sin_addr)); #endif @@ -696,10 +695,10 @@ gre_compute_route(struct gre_softc *sc) * do a checksum of a buffer - much like in_cksum, which operates on * mbufs. */ -u_short -gre_in_cksum(u_short *p, u_int len) +u_int16_t +gre_in_cksum(u_int16_t *p, u_int len) { - u_int sum = 0; + u_int32_t sum = 0; int nwords = len >> 1; while (nwords-- != 0) diff --git a/sys/net/if_gre.h b/sys/net/if_gre.h index 8bed6a6..5f8f373 100644 --- a/sys/net/if_gre.h +++ b/sys/net/if_gre.h @@ -1,4 +1,4 @@ -/* $NetBSD: if_gre.h,v 1.10 2002/02/24 17:22:20 martin Exp $ */ +/* $NetBSD: if_gre.h,v 1.13 2003/11/10 08:51:52 wiz Exp $ */ /* $FreeBSD$ */ /* @@ -116,7 +116,7 @@ struct greip { * should be routed over more than one tunnel hop by hop */ struct gre_sre { - u_int16_t sre_family; /* adress family */ + u_int16_t sre_family; /* address family */ u_char sre_offset; /* offset to first octet of active entry */ u_char sre_length; /* number of octets in the SRE. sre_lengthl==0 -> last entry. */ @@ -166,7 +166,7 @@ struct mobip_h { LIST_HEAD(gre_softc_head, gre_softc); extern struct gre_softc_head gre_softc_list; -u_short gre_in_cksum(u_short *p, u_int len); +u_int16_t gre_in_cksum(u_int16_t *, u_int); #endif /* _KERNEL */ #endif diff --git a/sys/netinet/ip_gre.c b/sys/netinet/ip_gre.c index 05d3e09..a2fdb9f 100644 --- a/sys/netinet/ip_gre.c +++ b/sys/netinet/ip_gre.c @@ -1,4 +1,4 @@ -/* $NetBSD: ip_gre.c,v 1.21 2002/08/14 00:23:30 itojun Exp $ */ +/* $NetBSD: ip_gre.c,v 1.29 2003/09/05 23:02:43 itojun Exp $ */ /* $FreeBSD$ */ /* @@ -105,8 +105,8 @@ void gre_input(struct mbuf *m, ...) #else gre_input(m, va_alist) - struct mbuf *m; - va_dcl + struct mbuf *m; + va_dcl #endif { int off, ret, proto; @@ -135,26 +135,32 @@ gre_input(m, va_alist) * proto is the protocol number of the "calling" foo_input() * routine. */ - static int gre_input2(struct mbuf *m ,int hlen, u_char proto) { - struct greip *gip = mtod(m, struct greip *); + struct greip *gip; int isr; struct gre_softc *sc; - u_short flags; + u_int16_t flags; if ((sc = gre_lookup(m, proto)) == NULL) { /* No matching tunnel or tunnel is down. */ return (0); } + if (m->m_len < sizeof(*gip)) { + m = m_pullup(m, sizeof(*gip)); + if (m == NULL) + return (ENOBUFS); + } + gip = mtod(m, struct greip *); + sc->sc_if.if_ipackets++; sc->sc_if.if_ibytes += m->m_pkthdr.len; switch (proto) { case IPPROTO_GRE: - hlen += sizeof (struct gre_h); + hlen += sizeof(struct gre_h); /* process GRE flags as packet can be of variable len */ flags = ntohs(gip->gi_flags); @@ -164,11 +170,11 @@ gre_input2(struct mbuf *m ,int hlen, u_char proto) hlen += 4; /* We don't support routing fields (variable length) */ if (flags & GRE_RP) - return(0); + return (0); if (flags & GRE_KP) hlen += 4; if (flags & GRE_SP) - hlen +=4; + hlen += 4; switch (ntohs(gip->gi_ptype)) { /* ethertypes */ case ETHERTYPE_IP: /* shouldn't need a schednetisr(), as */ @@ -183,16 +189,19 @@ gre_input2(struct mbuf *m ,int hlen, u_char proto) case ETHERTYPE_IPV6: /* FALLTHROUGH */ default: /* others not yet supported */ - return(0); + return (0); } break; default: /* others not yet supported */ - return(0); + return (0); } - m->m_data += hlen; - m->m_len -= hlen; + if (hlen > m->m_pkthdr.len) { + m_freem(m); + return (EINVAL); + } + m_adj(m, hlen); m->m_pkthdr.len -= hlen; if (sc->sc_if.if_bpf) { @@ -204,7 +213,7 @@ gre_input2(struct mbuf *m ,int hlen, u_char proto) netisr_dispatch(isr, m); - return(1); /* packet is done, no further processing needed */ + return (1); /* packet is done, no further processing needed */ } /* @@ -223,15 +232,14 @@ gre_mobile_input(m, va_alist) va_dcl #endif { - struct ip *ip = mtod(m, struct ip *); - struct mobip_h *mip = mtod(m, struct mobip_h *); + struct ip *ip; + struct mobip_h *mip; struct gre_softc *sc; int hlen; va_list ap; - u_char osrc = 0; int msiz; - va_start(ap,m); + va_start(ap, m); hlen = va_arg(ap, int); va_end(ap); @@ -241,20 +249,35 @@ gre_mobile_input(m, va_alist) return; } + if (m->m_len < sizeof(*mip)) { + m = m_pullup(m, sizeof(*mip)); + if (m == NULL) + return; + } + ip = mtod(m, struct ip *); + mip = mtod(m, struct mobip_h *); + sc->sc_if.if_ipackets++; sc->sc_if.if_ibytes += m->m_pkthdr.len; - if(ntohs(mip->mh.proto) & MOB_H_SBIT) { - osrc = 1; + if (ntohs(mip->mh.proto) & MOB_H_SBIT) { msiz = MOB_H_SIZ_L; mip->mi.ip_src.s_addr = mip->mh.osrc; - } else { + } else msiz = MOB_H_SIZ_S; + + if (m->m_len < (ip->ip_hl << 2) + msiz) { + m = m_pullup(m, (ip->ip_hl << 2) + msiz); + if (m == NULL) + return; + ip = mtod(m, struct ip *); + mip = mtod(m, struct mobip_h *); } + mip->mi.ip_dst.s_addr = mip->mh.odst; mip->mi.ip_p = (ntohs(mip->mh.proto) >> 8); - if (gre_in_cksum((u_short*)&mip->mh,msiz) != 0) { + if (gre_in_cksum((u_int16_t *)&mip->mh, msiz) != 0) { m_freem(m); return; } |
