diff options
38 files changed, 132 insertions, 229 deletions
@@ -24,6 +24,12 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 10.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20121023: + The IPv4 network stack has been converted to network byte + order. The following modules need to be recompiled together + with kernel: carp(4), divert(4), gif(4), siftr(4), gre(4), + pf(4), ipfw(4), ng_ipfw(4), stf(4). + 20121022: Support for non-MPSAFE filesystems was removed from VFS. The VFS_VERSION was bumped, all filesystem modules shall be diff --git a/sys/net/if_gre.c b/sys/net/if_gre.c index 0a0857b..b72f064 100644 --- a/sys/net/if_gre.c +++ b/sys/net/if_gre.c @@ -356,7 +356,7 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, * RFC2004 specifies that fragmented diagrams shouldn't * be encapsulated. */ - if (ip->ip_off & (IP_MF | IP_OFFMASK)) { + if (ip->ip_off & htons(IP_MF | IP_OFFMASK)) { _IF_DROP(&ifp->if_snd); m_freem(m); error = EINVAL; /* is there better errno? */ @@ -410,7 +410,7 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, } ip = mtod(m, struct ip *); memcpy((caddr_t)(ip + 1), &mob_h, (unsigned)msiz); - ip->ip_len = ntohs(ip->ip_len) + msiz; + ip->ip_len = htons(ntohs(ip->ip_len) + msiz); } else { /* AF_INET */ _IF_DROP(&ifp->if_snd); m_freem(m); @@ -493,7 +493,7 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, ((struct ip*)gh)->ip_ttl = GRE_TTL; ((struct ip*)gh)->ip_tos = gre_ip_tos; ((struct ip*)gh)->ip_id = gre_ip_id; - gh->gi_len = m->m_pkthdr.len; + gh->gi_len = htons(m->m_pkthdr.len); } ifp->if_opackets++; diff --git a/sys/net/if_stf.c b/sys/net/if_stf.c index 90dac40..edde456 100644 --- a/sys/net/if_stf.c +++ b/sys/net/if_stf.c @@ -524,7 +524,7 @@ stf_output(ifp, m, dst, ro) bcopy(&in4, &ip->ip_dst, sizeof(ip->ip_dst)); ip->ip_p = IPPROTO_IPV6; ip->ip_ttl = ip_stf_ttl; - ip->ip_len = m->m_pkthdr.len; /*host order*/ + ip->ip_len = htons(m->m_pkthdr.len); if (ifp->if_flags & IFF_LINK1) ip_ecn_ingress(ECN_ALLOWED, &ip->ip_tos, &tos); else diff --git a/sys/netgraph/ng_ipfw.c b/sys/netgraph/ng_ipfw.c index 907b5cb..82a7238 100644 --- a/sys/netgraph/ng_ipfw.c +++ b/sys/netgraph/ng_ipfw.c @@ -265,7 +265,6 @@ ng_ipfw_rcvdata(hook_p hook, item_p item) switch (ip->ip_v) { #ifdef INET case IPVERSION: - SET_HOST_IPLEN(ip); return (ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL)); #endif diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c index 94c00a1..1650fcb 100644 --- a/sys/netinet/igmp.c +++ b/sys/netinet/igmp.c @@ -1442,7 +1442,7 @@ igmp_input(struct mbuf *m, int off) ip = mtod(m, struct ip *); iphlen = off; - igmplen = ip->ip_len; + igmplen = ntohs(ip->ip_len); /* * Validate lengths. @@ -2225,7 +2225,7 @@ igmp_v1v2_queue_report(struct in_multi *inm, const int type) ip = mtod(m, struct ip *); ip->ip_tos = 0; - ip->ip_len = sizeof(struct ip) + sizeof(struct igmp); + ip->ip_len = htons(sizeof(struct ip) + sizeof(struct igmp)); ip->ip_off = 0; ip->ip_p = IPPROTO_IGMP; ip->ip_src.s_addr = INADDR_ANY; @@ -3522,8 +3522,8 @@ igmp_v3_encap_report(struct ifnet *ifp, struct mbuf *m) ip = mtod(m, struct ip *); ip->ip_tos = IPTOS_PREC_INTERNETCONTROL; - ip->ip_len = hdrlen + igmpreclen; - ip->ip_off = IP_DF; + ip->ip_len = htons(hdrlen + igmpreclen); + ip->ip_off = htons(IP_DF); ip->ip_p = IPPROTO_IGMP; ip->ip_sum = 0; diff --git a/sys/netinet/in.h b/sys/netinet/in.h index 40f5952..b66296c 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -741,33 +741,6 @@ void in_ifdetach(struct ifnet *); #define satosin(sa) ((struct sockaddr_in *)(sa)) #define sintosa(sin) ((struct sockaddr *)(sin)) #define ifatoia(ifa) ((struct in_ifaddr *)(ifa)) - -/* - * Historically, BSD keeps ip_len and ip_off in host format - * when doing layer 3 processing, and this often requires - * to translate the format back and forth. - * To make the process explicit, we define a couple of macros - * that also take into account the fact that at some point - * we may want to keep those fields always in net format. - */ - -#if (BYTE_ORDER == BIG_ENDIAN) || defined(HAVE_NET_IPLEN) -#define SET_NET_IPLEN(p) do {} while (0) -#define SET_HOST_IPLEN(p) do {} while (0) -#else -#define SET_NET_IPLEN(p) do { \ - struct ip *h_ip = (p); \ - h_ip->ip_len = htons(h_ip->ip_len); \ - h_ip->ip_off = htons(h_ip->ip_off); \ - } while (0) - -#define SET_HOST_IPLEN(p) do { \ - struct ip *h_ip = (p); \ - h_ip->ip_len = ntohs(h_ip->ip_len); \ - h_ip->ip_off = ntohs(h_ip->ip_off); \ - } while (0) -#endif /* !HAVE_NET_IPLEN */ - #endif /* _KERNEL */ /* INET6 stuff */ diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c index 6c60390..6ccd17f 100644 --- a/sys/netinet/in_gif.c +++ b/sys/netinet/in_gif.c @@ -192,7 +192,7 @@ in_gif_output(struct ifnet *ifp, int family, struct mbuf *m) iphdr.ip_p = proto; /* version will be set in ip_output() */ iphdr.ip_ttl = V_ip_gif_ttl; - iphdr.ip_len = m->m_pkthdr.len + sizeof(struct ip); + iphdr.ip_len = htons(m->m_pkthdr.len + sizeof(struct ip)); ip_ecn_ingress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED : ECN_NOCARE, &iphdr.ip_tos, &tos); diff --git a/sys/netinet/ip_carp.c b/sys/netinet/ip_carp.c index a5e766a..75e0585 100644 --- a/sys/netinet/ip_carp.c +++ b/sys/netinet/ip_carp.c @@ -783,9 +783,9 @@ carp_send_ad_locked(struct carp_softc *sc) ip->ip_v = IPVERSION; ip->ip_hl = sizeof(*ip) >> 2; ip->ip_tos = IPTOS_LOWDELAY; - ip->ip_len = len; + ip->ip_len = htons(len); ip->ip_id = ip_newid(); - ip->ip_off = IP_DF; + ip->ip_off = htons(IP_DF); ip->ip_ttl = CARP_DFLTTL; ip->ip_p = IPPROTO_CARP; ip->ip_sum = 0; diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index 7babb27..e698035 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -386,10 +386,6 @@ div_output(struct socket *so, struct mbuf *m, struct sockaddr_in *sin, INP_RUNLOCK(inp); goto cantsend; } - - /* Convert fields to host order for ip_output() */ - ip->ip_len = ntohs(ip->ip_len); - ip->ip_off = ntohs(ip->ip_off); break; #ifdef INET6 case IPV6_VERSION >> 4: diff --git a/sys/netinet/ip_gre.c b/sys/netinet/ip_gre.c index d0274de..0735311 100644 --- a/sys/netinet/ip_gre.c +++ b/sys/netinet/ip_gre.c @@ -274,12 +274,10 @@ gre_mobile_input(struct mbuf *m, int hlen) /* * On FreeBSD, rip_input() supplies us with ip->ip_len - * already converted into host byteorder and also decreases - * it by the lengh of IP header, however, ip_input() expects - * that this field is in the original format (network byteorder - * and full size of IP packet), so that adjust accordingly. + * decreased by the lengh of IP header, however, ip_input() + * expects it to be full size of IP packet, so adjust accordingly. */ - ip->ip_len = htons(ip->ip_len + sizeof(struct ip) - msiz); + ip->ip_len = htons(ntohs(ip->ip_len) + sizeof(struct ip) - msiz); ip->ip_sum = 0; ip->ip_sum = in_cksum(m, (ip->ip_hl << 2)); diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 7bbb998..0568bd7 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -229,7 +229,7 @@ icmp_error(struct mbuf *n, int type, int code, uint32_t dest, int mtu) */ if (n->m_flags & M_DECRYPTED) goto freeit; - if (oip->ip_off & ~(IP_MF|IP_DF)) + if (oip->ip_off & htons(~(IP_MF|IP_DF))) goto freeit; if (n->m_flags & (M_BCAST|M_MCAST)) goto freeit; @@ -263,16 +263,17 @@ icmp_error(struct mbuf *n, int type, int code, uint32_t dest, int mtu) tcphlen = th->th_off << 2; if (tcphlen < sizeof(struct tcphdr)) goto freeit; - if (oip->ip_len < oiphlen + tcphlen) + if (ntohs(oip->ip_len) < oiphlen + tcphlen) goto freeit; if (oiphlen + tcphlen > n->m_len && n->m_next == NULL) goto stdreply; if (n->m_len < oiphlen + tcphlen && ((n = m_pullup(n, oiphlen + tcphlen)) == NULL)) goto freeit; - icmpelen = max(tcphlen, min(V_icmp_quotelen, oip->ip_len - oiphlen)); + icmpelen = max(tcphlen, min(V_icmp_quotelen, + ntohs(oip->ip_len) - oiphlen)); } else -stdreply: icmpelen = max(8, min(V_icmp_quotelen, oip->ip_len - oiphlen)); +stdreply: icmpelen = max(8, min(V_icmp_quotelen, ntohs(oip->ip_len) - oiphlen)); icmplen = min(oiphlen + icmpelen, nlen); if (icmplen < sizeof(struct ip)) @@ -322,8 +323,6 @@ stdreply: icmpelen = max(8, min(V_icmp_quotelen, oip->ip_len - oiphlen)); */ m_copydata(n, 0, icmplen, (caddr_t)&icp->icmp_ip); nip = &icp->icmp_ip; - nip->ip_len = htons(nip->ip_len); - nip->ip_off = htons(nip->ip_off); /* * Set up ICMP message mbuf and copy old IP header (without options @@ -338,7 +337,7 @@ stdreply: icmpelen = max(8, min(V_icmp_quotelen, oip->ip_len - oiphlen)); m->m_pkthdr.rcvif = n->m_pkthdr.rcvif; nip = mtod(m, struct ip *); bcopy((caddr_t)oip, (caddr_t)nip, sizeof(struct ip)); - nip->ip_len = m->m_len; + nip->ip_len = htons(m->m_len); nip->ip_v = IPVERSION; nip->ip_hl = 5; nip->ip_p = IPPROTO_ICMP; @@ -360,7 +359,7 @@ icmp_input(struct mbuf *m, int off) struct ip *ip = mtod(m, struct ip *); struct sockaddr_in icmpsrc, icmpdst, icmpgw; int hlen = off; - int icmplen = ip->ip_len; + int icmplen = ntohs(ip->ip_len); int i, code; void (*ctlfunc)(int, struct sockaddr *, void *); int fibnum; @@ -501,7 +500,6 @@ icmp_input(struct mbuf *m, int off) ICMPSTAT_INC(icps_badlen); goto freeit; } - icp->icmp_ip.ip_len = ntohs(icp->icmp_ip.ip_len); /* Discard ICMP's in response to multicast packets */ if (IN_MULTICAST(ntohl(icp->icmp_ip.ip_dst.s_addr))) goto badcode; @@ -594,7 +592,8 @@ icmp_input(struct mbuf *m, int off) } ifa_free(&ia->ia_ifa); reflect: - ip->ip_len += hlen; /* since ip_input deducts this */ + /* Since ip_input() deducts this. */ + ip->ip_len = htons(ntohs(ip->ip_len) + hlen); ICMPSTAT_INC(icps_reflect); ICMPSTAT_INC(icps_outhist[icp->icmp_type]); icmp_reflect(m); @@ -864,7 +863,7 @@ match: * Now strip out original options by copying rest of first * mbuf's data back, and adjust the IP length. */ - ip->ip_len -= optlen; + ip->ip_len = htons(ntohs(ip->ip_len) - optlen); ip->ip_v = IPVERSION; ip->ip_hl = 5; m->m_len -= optlen; @@ -898,7 +897,7 @@ icmp_send(struct mbuf *m, struct mbuf *opts) m->m_len -= hlen; icp = mtod(m, struct icmp *); icp->icmp_cksum = 0; - icp->icmp_cksum = in_cksum(m, ip->ip_len - hlen); + icp->icmp_cksum = in_cksum(m, ntohs(ip->ip_len) - hlen); m->m_data -= hlen; m->m_len += hlen; m->m_pkthdr.rcvif = (struct ifnet *)0; diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index c2ff860..1b27a7f 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -390,9 +390,8 @@ ip_input(struct mbuf *m) m->m_flags &= ~M_FASTFWD_OURS; /* Set up some basics that will be used later. */ ip = mtod(m, struct ip *); - ip->ip_len = ntohs(ip->ip_len); - ip->ip_off = ntohs(ip->ip_off); hlen = ip->ip_hl << 2; + ip_len = ntohs(ip->ip_len); goto ours; } @@ -513,8 +512,6 @@ tooshort: #ifdef IPFIREWALL_FORWARD if (m->m_flags & M_FASTFWD_OURS) { m->m_flags &= ~M_FASTFWD_OURS; - ip->ip_len = ntohs(ip->ip_len); - ip->ip_off = ntohs(ip->ip_off); goto ours; } if ((dchg = (m_tag_find(m, PACKET_TAG_IPFORWARD, NULL) != NULL)) != 0) { @@ -523,20 +520,12 @@ tooshort: * packets originally destined to us to some other directly * connected host. */ - ip->ip_len = ntohs(ip->ip_len); - ip->ip_off = ntohs(ip->ip_off); ip_forward(m, dchg); return; } #endif /* IPFIREWALL_FORWARD */ passin: - /* - * From now and up to output pfil(9) processing in ip_output() - * the header is in host byte order. - */ - ip->ip_len = ntohs(ip->ip_len); - ip->ip_off = ntohs(ip->ip_off); /* * Process options and, if not destined for us, @@ -732,20 +721,21 @@ ours: * Attempt reassembly; if it succeeds, proceed. * ip_reass() will return a different mbuf. */ - if (ip->ip_off & (IP_MF | IP_OFFMASK)) { + if (ip->ip_off & htons(IP_MF | IP_OFFMASK)) { m = ip_reass(m); if (m == NULL) return; ip = mtod(m, struct ip *); /* Get the header length of the reassembled packet */ hlen = ip->ip_hl << 2; + ip_len = ntohs(ip->ip_len); } /* * Further protocols expect the packet length to be w/o the * IP header. */ - ip->ip_len -= hlen; + ip->ip_len = htons(ip_len - hlen); #ifdef IPSEC /* @@ -914,21 +904,20 @@ found: * Adjust ip_len to not reflect header, * convert offset of this to bytes. */ - ip->ip_len -= hlen; - if (ip->ip_off & IP_MF) { + ip->ip_len = htons(ntohs(ip->ip_len) - hlen); + if (ip->ip_off & htons(IP_MF)) { /* * Make sure that fragments have a data length * that's a non-zero multiple of 8 bytes. */ - if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) { + if (ntohs(ip->ip_len) == 0 || (ntohs(ip->ip_len & 0x7) != 0)) { IPSTAT_INC(ips_toosmall); /* XXX */ goto dropfrag; } m->m_flags |= M_FRAG; } else m->m_flags &= ~M_FRAG; - ip->ip_off <<= 3; - + ip->ip_off = htons(ntohs(ip->ip_off) << 3); /* * Attempt reassembly; if it succeeds, proceed. @@ -1000,7 +989,7 @@ found: * Find a segment which begins after this one does. */ for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) - if (GETIP(q)->ip_off > ip->ip_off) + if (ntohs(GETIP(q)->ip_off) > ntohs(ip->ip_off)) break; /* @@ -1013,14 +1002,15 @@ found: * segment, then it's checksum is invalidated. */ if (p) { - i = GETIP(p)->ip_off + GETIP(p)->ip_len - ip->ip_off; + i = ntohs(GETIP(p)->ip_off) + ntohs(GETIP(p)->ip_len) - + ntohs(ip->ip_off); if (i > 0) { - if (i >= ip->ip_len) + if (i >= ntohs(ip->ip_len)) goto dropfrag; m_adj(m, i); m->m_pkthdr.csum_flags = 0; - ip->ip_off += i; - ip->ip_len -= i; + ip->ip_off = htons(ntohs(ip->ip_off) + i); + ip->ip_len = htons(ntohs(ip->ip_len) - i); } m->m_nextpkt = p->m_nextpkt; p->m_nextpkt = m; @@ -1033,12 +1023,13 @@ found: * While we overlap succeeding segments trim them or, * if they are completely covered, dequeue them. */ - for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off; - q = nq) { - i = (ip->ip_off + ip->ip_len) - GETIP(q)->ip_off; - if (i < GETIP(q)->ip_len) { - GETIP(q)->ip_len -= i; - GETIP(q)->ip_off += i; + for (; q != NULL && ntohs(ip->ip_off) + ntohs(ip->ip_len) > + ntohs(GETIP(q)->ip_off); q = nq) { + i = (ntohs(ip->ip_off) + ntohs(ip->ip_len)) - + ntohs(GETIP(q)->ip_off); + if (i < ntohs(GETIP(q)->ip_len)) { + GETIP(q)->ip_len = htons(ntohs(GETIP(q)->ip_len) - i); + GETIP(q)->ip_off = htons(ntohs(GETIP(q)->ip_off) + i); m_adj(q, i); q->m_pkthdr.csum_flags = 0; break; @@ -1062,14 +1053,14 @@ found: */ next = 0; for (p = NULL, q = fp->ipq_frags; q; p = q, q = q->m_nextpkt) { - if (GETIP(q)->ip_off != next) { + if (ntohs(GETIP(q)->ip_off) != next) { if (fp->ipq_nfrags > V_maxfragsperpacket) { IPSTAT_ADD(ips_fragdropped, fp->ipq_nfrags); ip_freef(head, fp); } goto done; } - next += GETIP(q)->ip_len; + next += ntohs(GETIP(q)->ip_len); } /* Make sure the last packet didn't have the IP_MF flag */ if (p->m_flags & M_FRAG) { @@ -1125,7 +1116,7 @@ found: * packet; dequeue and discard fragment reassembly header. * Make header visible. */ - ip->ip_len = (ip->ip_hl << 2) + next; + ip->ip_len = htons((ip->ip_hl << 2) + next); ip->ip_src = fp->ipq_src; ip->ip_dst = fp->ipq_dst; TAILQ_REMOVE(head, fp, ipq_list); @@ -1365,8 +1356,6 @@ u_char inetctlerrmap[PRC_NCMDS] = { * * The srcrt parameter indicates whether the packet is being forwarded * via a source route. - * - * IP header in host byte order. */ void ip_forward(struct mbuf *m, int srcrt) @@ -1436,7 +1425,7 @@ ip_forward(struct mbuf *m, int srcrt) mcopy = NULL; } if (mcopy != NULL) { - mcopy->m_len = min(ip->ip_len, M_TRAILINGSPACE(mcopy)); + mcopy->m_len = min(ntohs(ip->ip_len), M_TRAILINGSPACE(mcopy)); mcopy->m_pkthdr.len = mcopy->m_len; m_copydata(m, 0, mcopy->m_len, mtod(mcopy, caddr_t)); } @@ -1564,7 +1553,7 @@ ip_forward(struct mbuf *m, int srcrt) if (ia != NULL) mtu = ia->ia_ifp->if_mtu; else - mtu = ip_next_mtu(ip->ip_len, 0); + mtu = ip_next_mtu(ntohs(ip->ip_len), 0); } IPSTAT_INC(ips_cantfrag); break; diff --git a/sys/netinet/ip_ipsec.c b/sys/netinet/ip_ipsec.c index 965deb2..526a6de 100644 --- a/sys/netinet/ip_ipsec.c +++ b/sys/netinet/ip_ipsec.c @@ -259,7 +259,6 @@ ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error) { #ifdef IPSEC struct secpolicy *sp = NULL; - struct ip *ip = mtod(*m, struct ip *); struct tdb_ident *tdbi; struct m_tag *mtag; /* @@ -324,9 +323,6 @@ ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error) } } - ip->ip_len = htons(ip->ip_len); - ip->ip_off = htons(ip->ip_off); - /* * Do delayed checksums now because we send before * this is done in the normal processing path. @@ -337,6 +333,8 @@ ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error) } #ifdef SCTP if ((*m)->m_pkthdr.csum_flags & CSUM_SCTP) { + struct ip *ip = mtod(*m, struct ip *); + sctp_delayed_cksum(*m, (uint32_t)(ip->ip_hl << 2)); (*m)->m_pkthdr.csum_flags &= ~CSUM_SCTP; } @@ -351,8 +349,6 @@ ip_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error) * IPsec processing and return without error. */ *error = 0; - ip->ip_len = ntohs(ip->ip_len); - ip->ip_off = ntohs(ip->ip_off); goto done; } /* diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c index c52332d..b72885f 100644 --- a/sys/netinet/ip_mroute.c +++ b/sys/netinet/ip_mroute.c @@ -1493,7 +1493,7 @@ ip_mdq(struct mbuf *m, struct ifnet *ifp, struct mfc *rt, vifi_t xmt_vif) { struct ip *ip = mtod(m, struct ip *); vifi_t vifi; - int plen = ip->ip_len; + int plen = ntohs(ip->ip_len); VIF_LOCK_ASSERT(); @@ -2376,10 +2376,7 @@ pim_register_prepare(struct ip *ip, struct mbuf *m) /* Take care of delayed checksums */ if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { - /* XXX: in_delayed_cksum() expects net byte order */ - ip->ip_len = htons(ip->ip_len); in_delayed_cksum(m); - ip->ip_len = ntohs(ip->ip_len); m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } @@ -2401,10 +2398,8 @@ pim_register_prepare(struct ip *ip, struct mbuf *m) /* Compute the MTU after the PIM Register encapsulation */ mtu = 0xffff - sizeof(pim_encap_iphdr) - sizeof(pim_encap_pimhdr); - if (ip->ip_len <= mtu) { + if (ntohs(ip->ip_len) <= mtu) { /* Turn the IP header into a valid one */ - ip->ip_len = htons(ip->ip_len); - ip->ip_off = htons(ip->ip_off); ip->ip_sum = 0; ip->ip_sum = in_cksum(mb_copy, ip->ip_hl << 2); } else { @@ -2509,7 +2504,8 @@ pim_register_send_rp(struct ip *ip, struct vif *vifp, struct mbuf *mb_copy, ip_outer = mtod(mb_first, struct ip *); *ip_outer = pim_encap_iphdr; ip_outer->ip_id = ip_newid(); - ip_outer->ip_len = len + sizeof(pim_encap_iphdr) + sizeof(pim_encap_pimhdr); + ip_outer->ip_len = htons(len + sizeof(pim_encap_iphdr) + + sizeof(pim_encap_pimhdr)); ip_outer->ip_src = V_viftable[vifi].v_lcl_addr; ip_outer->ip_dst = rt->mfc_rp; /* @@ -2517,8 +2513,8 @@ pim_register_send_rp(struct ip *ip, struct vif *vifp, struct mbuf *mb_copy, * IP_DF bit. */ ip_outer->ip_tos = ip->ip_tos; - if (ntohs(ip->ip_off) & IP_DF) - ip_outer->ip_off |= IP_DF; + if (ip->ip_off & htons(IP_DF)) + ip_outer->ip_off |= htons(IP_DF); pimhdr = (struct pim_encap_pimhdr *)((caddr_t)ip_outer + sizeof(pim_encap_iphdr)); *pimhdr = pim_encap_pimhdr; @@ -2571,7 +2567,7 @@ pim_input(struct mbuf *m, int off) struct ip *ip = mtod(m, struct ip *); struct pim *pim; int minlen; - int datalen = ip->ip_len; + int datalen = ntohs(ip->ip_len); int ip_tos; int iphlen = off; diff --git a/sys/netinet/ip_options.c b/sys/netinet/ip_options.c index c3c3535..54a66b6 100644 --- a/sys/netinet/ip_options.c +++ b/sys/netinet/ip_options.c @@ -490,7 +490,7 @@ ip_insertoptions(struct mbuf *m, struct mbuf *opt, int *phlen) unsigned optlen; optlen = opt->m_len - sizeof(p->ipopt_dst); - if (optlen + ip->ip_len > IP_MAXPACKET) { + if (optlen + ntohs(ip->ip_len) > IP_MAXPACKET) { *phlen = 0; return (m); /* XXX should fail */ } @@ -523,7 +523,7 @@ ip_insertoptions(struct mbuf *m, struct mbuf *opt, int *phlen) *phlen = sizeof(struct ip) + optlen; ip->ip_v = IPVERSION; ip->ip_hl = *phlen >> 2; - ip->ip_len += optlen; + ip->ip_len = htons(ntohs(ip->ip_len) + optlen); return (m); } diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 65e5518..51c8b0e 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -102,7 +102,6 @@ extern struct protosw inetsw[]; /* * IP output. The packet in mbuf chain m contains a skeletal IP * header (with len, off, ttl, proto, tos, src, dst). - * ip_len and ip_off are in host format. * The mbuf chain containing the packet will be freed. * The mbuf opt, if present, will not be freed. * If route ro is present and has ro_rt initialized, route lookup would be @@ -175,6 +174,8 @@ ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags, hlen = len; /* ip->ip_hl is updated above */ } ip = mtod(m, struct ip *); + ip_len = ntohs(ip->ip_len); + ip_off = ntohs(ip->ip_off); /* * Fill in IP header. If we are not allowing fragmentation, @@ -442,7 +443,7 @@ again: * packet or packet fragments, unless ALTQ is enabled on the given * interface in which case packetdrop should be done by queueing. */ - n = ip->ip_len / mtu + 1; /* how many fragments ? */ + n = ip_len / mtu + 1; /* how many fragments ? */ if ( #ifdef ALTQ (!ALTQ_IS_ENABLED(&ifp->if_snd)) && @@ -469,7 +470,7 @@ again: goto bad; } /* don't allow broadcast messages to be fragmented */ - if (ip->ip_len > mtu) { + if (ip_len > mtu) { error = EMSGSIZE; goto bad; } @@ -502,12 +503,6 @@ sendit: hlen = ip->ip_hl << 2; #endif /* IPSEC */ - /* - * To network byte order. pfil(9) hooks and ip_fragment() expect this. - */ - ip->ip_len = htons(ip->ip_len); - ip->ip_off = htons(ip->ip_off); - /* Jump over all PFIL processing if hooks are not active. */ if (!PFIL_HOOKED(&V_inet_pfil_hook)) goto passout; @@ -544,8 +539,6 @@ sendit: } else { if (ia != NULL) ifa_free(&ia->ia_ifa); - ip->ip_len = ntohs(ip->ip_len); - ip->ip_off = ntohs(ip->ip_off); goto again; /* Redo the routing table lookup. */ } } @@ -579,16 +572,11 @@ sendit: m_tag_delete(m, fwd_tag); if (ia != NULL) ifa_free(&ia->ia_ifa); - ip->ip_len = ntohs(ip->ip_len); - ip->ip_off = ntohs(ip->ip_off); goto again; } #endif /* IPFIREWALL_FORWARD */ passout: - ip_len = ntohs(ip->ip_len); - ip_off = ntohs(ip->ip_off); - /* 127/8 must not appear on wire - RFC1122. */ if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { @@ -1295,8 +1283,6 @@ ip_ctloutput(struct socket *so, struct sockopt *sopt) * calls the output routine of the loopback "driver", but with an interface * pointer that might NOT be a loopback interface -- evil, but easier than * replicating that code here. - * - * IP header in host byte order. */ static void ip_mloopback(struct ifnet *ifp, struct mbuf *m, struct sockaddr_in *dst, @@ -1313,9 +1299,6 @@ ip_mloopback(struct ifnet *ifp, struct mbuf *m, struct sockaddr_in *dst, if (copym != NULL && (copym->m_flags & M_EXT || copym->m_len < hlen)) copym = m_pullup(copym, hlen); if (copym != NULL) { - ip = mtod(copym, struct ip *); - ip->ip_len = htons(ip->ip_len); - ip->ip_off = htons(ip->ip_off); /* If needed, compute the checksum and mark it as valid. */ if (copym->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { in_delayed_cksum(copym); @@ -1328,6 +1311,7 @@ ip_mloopback(struct ifnet *ifp, struct mbuf *m, struct sockaddr_in *dst, * We don't bother to fragment if the IP length is greater * than the interface's MTU. Can this possibly matter? */ + ip = mtod(copym, struct ip *); ip->ip_sum = 0; ip->ip_sum = in_cksum(copym, hlen); #if 1 /* XXX */ diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index e48b666..291ef9a 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -292,7 +292,8 @@ rip_input(struct mbuf *m, int off) * not modify the packet except for some * byte order swaps. */ - ip->ip_len += off; + ip->ip_len = ntohs(ip->ip_len) + off; + ip->ip_off = ntohs(ip->ip_off); hash = INP_PCBHASH_RAW(proto, ip->ip_src.s_addr, ip->ip_dst.s_addr, V_ripcbinfo.ipi_hashmask); @@ -449,11 +450,11 @@ rip_output(struct mbuf *m, struct socket *so, u_long dst) ip = mtod(m, struct ip *); ip->ip_tos = inp->inp_ip_tos; if (inp->inp_flags & INP_DONTFRAG) - ip->ip_off = IP_DF; + ip->ip_off = htons(IP_DF); else - ip->ip_off = 0; + ip->ip_off = htons(0); ip->ip_p = inp->inp_ip_p; - ip->ip_len = m->m_pkthdr.len; + ip->ip_len = htons(m->m_pkthdr.len); ip->ip_src = inp->inp_laddr; if (jailed(inp->inp_cred)) { /* @@ -505,6 +506,12 @@ rip_output(struct mbuf *m, struct socket *so, u_long dst) ip->ip_id = ip_newid(); /* + * Applications on raw sockets expect host byte order. + */ + ip->ip_len = htons(ip->ip_len); + ip->ip_off = htons(ip->ip_off); + + /* * XXX prevent ip_output from overwriting header fields. */ flags |= IP_RAWOUTPUT; diff --git a/sys/netinet/sctp_input.c b/sys/netinet/sctp_input.c index c49e174..08c2f6e 100644 --- a/sys/netinet/sctp_input.c +++ b/sys/netinet/sctp_input.c @@ -6038,7 +6038,7 @@ sctp_input_with_port(struct mbuf *i_pak, int off, uint16_t port) dst.sin_len = sizeof(struct sockaddr_in); dst.sin_port = sh->dest_port; dst.sin_addr = ip->ip_dst; - length = ip->ip_len + iphlen; + length = ntohs(ip->ip_len) + iphlen; /* Validate mbuf chain length with IP payload length. */ if (SCTP_HEADER_LEN(m) != length) { SCTPDBG(SCTP_DEBUG_INPUT1, diff --git a/sys/netinet/sctp_output.c b/sys/netinet/sctp_output.c index d1a34e6..aad99ce 100644 --- a/sys/netinet/sctp_output.c +++ b/sys/netinet/sctp_output.c @@ -3980,15 +3980,15 @@ sctp_lowlevel_chunk_output(struct sctp_inpcb *inp, tos_value |= sctp_get_ect(stcb); } if ((nofragment_flag) && (port == 0)) { - ip->ip_off = IP_DF; + ip->ip_off = htons(IP_DF); } else - ip->ip_off = 0; + ip->ip_off = htons(0); /* FreeBSD has a function for ip_id's */ ip->ip_id = ip_newid(); ip->ip_ttl = inp->ip_inp.inp.inp_ip_ttl; - ip->ip_len = packet_length; + ip->ip_len = htons(packet_length); ip->ip_tos = tos_value; if (port) { ip->ip_p = IPPROTO_UDP; @@ -10991,7 +10991,7 @@ sctp_send_resp_msg(struct sockaddr *src, struct sockaddr *dst, udp->uh_sum = 0; } } - ip->ip_len = len; + ip->ip_len = htons(len); if (port) { #if defined(SCTP_WITH_NO_CSUM) SCTP_STAT_INCR(sctps_sendnocrc); diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index 94e99c0..50f1be0 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -180,7 +180,7 @@ sctp_notify_mbuf(struct sctp_inpcb *inp, SCTP_TCB_UNLOCK(stcb); return; } - totsz = ip->ip_len; + totsz = ntohs(ip->ip_len); nxtsz = ntohs(icmph->icmp_nextmtu); if (nxtsz == 0) { diff --git a/sys/netinet/sctputil.c b/sys/netinet/sctputil.c index c7ef173..41e8ac3 100644 --- a/sys/netinet/sctputil.c +++ b/sys/netinet/sctputil.c @@ -6821,7 +6821,7 @@ sctp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *ignored) switch (iph->ip_v) { #ifdef INET case IPVERSION: - iph->ip_len -= sizeof(struct udphdr); + iph->ip_len = ntohs(htons(iph->ip_len) - sizeof(struct udphdr)); sctp_input_with_port(m, off, port); break; #endif diff --git a/sys/netinet/siftr.c b/sys/netinet/siftr.c index 6145a54..b0e111c 100644 --- a/sys/netinet/siftr.c +++ b/sys/netinet/siftr.c @@ -952,7 +952,8 @@ siftr_chkpkt(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, * the mbuf cluster "at" at offset "offset" bytes from * the beginning of the "at" mbuf's data pointer. */ - th->th_sum = in_cksum_skip(*m, ip->ip_len, ip_hl); + th->th_sum = in_cksum_skip(*m, ntohs(ip->ip_len), + ip_hl); } /* diff --git a/sys/netinet/tcp_debug.c b/sys/netinet/tcp_debug.c index 5afbcde..d8dda289 100644 --- a/sys/netinet/tcp_debug.c +++ b/sys/netinet/tcp_debug.c @@ -175,11 +175,10 @@ tcp_trace(short act, short ostate, struct tcpcb *tp, void *ipgen, #ifdef INET6 isipv6 ? ntohs(((struct ip6_hdr *)ipgen)->ip6_plen) : #endif - ((struct ip *)ipgen)->ip_len; + ntohs(((struct ip *)ipgen)->ip_len); if (act == TA_OUTPUT) { seq = ntohl(seq); ack = ntohl(ack); - len = ntohs((u_short)len); } if (act == TA_OUTPUT) len -= sizeof (struct tcphdr); diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 3b21df1..a91062b 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -528,9 +528,6 @@ tcp_input(struct mbuf *m, int off0) { struct tcphdr *th = NULL; struct ip *ip = NULL; -#ifdef INET - struct ipovly *ipov; -#endif struct inpcb *inp = NULL; struct tcpcb *tp = NULL; struct socket *so = NULL; @@ -643,32 +640,27 @@ tcp_input(struct mbuf *m, int off0) } } ip = mtod(m, struct ip *); - ipov = (struct ipovly *)ip; th = (struct tcphdr *)((caddr_t)ip + off0); - tlen = ip->ip_len; + tlen = ntohs(ip->ip_len); if (m->m_pkthdr.csum_flags & CSUM_DATA_VALID) { if (m->m_pkthdr.csum_flags & CSUM_PSEUDO_HDR) th->th_sum = m->m_pkthdr.csum_data; else th->th_sum = in_pseudo(ip->ip_src.s_addr, - ip->ip_dst.s_addr, - htonl(m->m_pkthdr.csum_data + - ip->ip_len + - IPPROTO_TCP)); + ip->ip_dst.s_addr, + htonl(m->m_pkthdr.csum_data + tlen + + IPPROTO_TCP)); th->th_sum ^= 0xffff; -#ifdef TCPDEBUG - ipov->ih_len = (u_short)tlen; - ipov->ih_len = htons(ipov->ih_len); -#endif } else { + struct ipovly *ipov = (struct ipovly *)ip; + /* * Checksum extended TCP header and data. */ - len = sizeof (struct ip) + tlen; + len = off0 + tlen; bzero(ipov->ih_x1, sizeof(ipov->ih_x1)); - ipov->ih_len = (u_short)tlen; - ipov->ih_len = htons(ipov->ih_len); + ipov->ih_len = htons(tlen); th->th_sum = in_cksum(m, len); } if (th->th_sum) { @@ -721,7 +713,6 @@ tcp_input(struct mbuf *m, int off0) return; } ip = mtod(m, struct ip *); - ipov = (struct ipovly *)ip; th = (struct tcphdr *)((caddr_t)ip + off0); } } diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index 9876ef8..e1d9f11 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -1239,7 +1239,7 @@ timer: struct route ro; bzero(&ro, sizeof(ro)); - ip->ip_len = m->m_pkthdr.len; + ip->ip_len = htons(m->m_pkthdr.len); #ifdef INET6 if (tp->t_inpcb->inp_vflag & INP_IPV6PROTO) ip->ip_ttl = in6_selecthlim(tp->t_inpcb, NULL); @@ -1253,7 +1253,7 @@ timer: * NB: Don't set DF on small MTU/MSS to have a safe fallback. */ if (V_path_mtu_discovery && tp->t_maxopd > V_tcp_minmss) - ip->ip_off |= IP_DF; + ip->ip_off |= htons(IP_DF); error = ip_output(m, tp->t_inpcb->inp_options, &ro, ((so->so_options & SO_DONTROUTE) ? IP_ROUTETOIF : 0), 0, diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 4cc2e69..c566ec3 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -584,10 +584,10 @@ tcp_respond(struct tcpcb *tp, void *ipgen, struct tcphdr *th, struct mbuf *m, #ifdef INET { tlen += sizeof (struct tcpiphdr); - ip->ip_len = tlen; + ip->ip_len = htons(tlen); ip->ip_ttl = V_ip_defttl; if (V_path_mtu_discovery) - ip->ip_off |= IP_DF; + ip->ip_off |= htons(IP_DF); } #endif m->m_len = tlen; @@ -1398,12 +1398,11 @@ tcp_ctlinput(int cmd, struct sockaddr *sa, void *vip) /* * If no alternative MTU was * proposed, try the next smaller - * one. ip->ip_len has already - * been swapped in icmp_input(). + * one. */ if (!mtu) - mtu = ip_next_mtu(ip->ip_len, - 1); + mtu = ip_next_mtu( + ntohs(ip->ip_len), 1); if (mtu < V_tcp_minmss + sizeof(struct tcpiphdr)) mtu = V_tcp_minmss diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 0f7637d..55cca73 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1395,7 +1395,7 @@ syncache_respond(struct syncache *sc) ip = mtod(m, struct ip *); ip->ip_v = IPVERSION; ip->ip_hl = sizeof(struct ip) >> 2; - ip->ip_len = tlen; + ip->ip_len = htons(tlen); ip->ip_id = 0; ip->ip_off = 0; ip->ip_sum = 0; @@ -1413,7 +1413,7 @@ syncache_respond(struct syncache *sc) * 2) the SCF_UNREACH flag has been set */ if (V_path_mtu_discovery && ((sc->sc_flags & SCF_UNREACH) == 0)) - ip->ip_off |= IP_DF; + ip->ip_off |= htons(IP_DF); th = (struct tcphdr *)(ip + 1); } @@ -1473,7 +1473,7 @@ syncache_respond(struct syncache *sc) ip6->ip6_plen = htons(ntohs(ip6->ip6_plen) + optlen); else #endif - ip->ip_len += optlen; + ip->ip_len = htons(ntohs(ip->ip_len) + optlen); } else optlen = 0; diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index 397aaae..cdfad7e 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -593,9 +593,9 @@ tcp_twrespond(struct tcptw *tw, int flags) m->m_pkthdr.csum_flags = CSUM_TCP; th->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, htons(sizeof(struct tcphdr) + optlen + IPPROTO_TCP)); - ip->ip_len = m->m_pkthdr.len; + ip->ip_len = htons(m->m_pkthdr.len); if (V_path_mtu_discovery) - ip->ip_off |= IP_DF; + ip->ip_off |= htons(IP_DF); error = ip_output(m, inp->inp_options, NULL, ((tw->tw_so_options & SO_DONTROUTE) ? IP_ROUTETOIF : 0), NULL, inp); diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index ff52577..2576cf5 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -338,7 +338,7 @@ udp_input(struct mbuf *m, int off) struct udphdr *uh; struct ifnet *ifp; struct inpcb *inp; - int len; + uint16_t len, ip_len; struct ip save_ip; struct sockaddr_in udp_in; #ifdef IPFIREWALL_FORWARD @@ -392,13 +392,13 @@ udp_input(struct mbuf *m, int off) * reflect UDP length, drop. */ len = ntohs((u_short)uh->uh_ulen); - if (ip->ip_len != len) { - if (len > ip->ip_len || len < sizeof(struct udphdr)) { + ip_len = ntohs(ip->ip_len); + if (ip_len != len) { + if (len > ip_len || len < sizeof(struct udphdr)) { UDPSTAT_INC(udps_badlen); goto badunlocked; } - m_adj(m, len - ip->ip_len); - /* ip->ip_len = len; */ + m_adj(m, len - ip_len); } /* @@ -601,7 +601,7 @@ udp_input(struct mbuf *m, int off) if (badport_bandlim(BANDLIM_ICMP_UNREACH) < 0) goto badunlocked; *ip = save_ip; - ip->ip_len += iphlen; + ip->ip_len = htons(ip_len + iphlen); icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 0, 0); return; } @@ -1206,7 +1206,7 @@ udp_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr, struct ip *ip; ip = (struct ip *)&ui->ui_i; - ip->ip_off |= IP_DF; + ip->ip_off |= htons(IP_DF); } ipflags = 0; @@ -1233,7 +1233,7 @@ udp_output(struct inpcb *inp, struct mbuf *m, struct sockaddr *addr, m->m_pkthdr.csum_data = offsetof(struct udphdr, uh_sum); } else ui->ui_sum = 0; - ((struct ip *)ui)->ip_len = sizeof (struct udpiphdr) + len; + ((struct ip *)ui)->ip_len = htons(sizeof(struct udpiphdr) + len); ((struct ip *)ui)->ip_ttl = inp->inp_ip_ttl; /* XXX */ ((struct ip *)ui)->ip_tos = tos; /* XXX */ UDPSTAT_INC(udps_opackets); @@ -1383,7 +1383,7 @@ udp4_espdecap(struct inpcb *inp, struct mbuf *m, int off) m_adj(m, skip); ip = mtod(m, struct ip *); - ip->ip_len -= skip; + ip->ip_len = htons(ntohs(ip->ip_len) - skip); ip->ip_p = IPPROTO_ESP; /* diff --git a/sys/netinet6/ip6_ipsec.c b/sys/netinet6/ip6_ipsec.c index b741cb1..f4e781e 100644 --- a/sys/netinet6/ip6_ipsec.c +++ b/sys/netinet6/ip6_ipsec.c @@ -289,15 +289,9 @@ ip6_ipsec_output(struct mbuf **m, struct inpcb *inp, int *flags, int *error, */ #ifdef INET if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { - struct ip *ip; - ipseclog((LOG_DEBUG, "%s: we do not support IPv4 over IPv6", __func__)); - /* XXX: in_delayed_cksum() expects net byte order */ - ip = mtod(*m, struct ip *); - ip->ip_len = htons(ip->ip_len); in_delayed_cksum(*m); - ip->ip_len = ntohs(ip->ip_len); (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; } #endif diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index 712040f..6b41f51 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -597,10 +597,9 @@ ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport) IPSEC_ASSERT(m != NULL, ("null mbuf")); IPSEC_ASSERT(m->m_pkthdr.len >= sizeof(struct ip),("packet too short")); - /* NB: ip_input() flips it into host endian. XXX Need more checking. */ if (m->m_len >= sizeof (struct ip)) { struct ip *ip = mtod(m, struct ip *); - if (ip->ip_off & (IP_MF | IP_OFFMASK)) + if (ip->ip_off & htons(IP_MF | IP_OFFMASK)) goto done; #ifdef _IP_VHL off = _IP_VHL_HL(ip->ip_vhl) << 2; @@ -612,7 +611,7 @@ ipsec4_get_ulp(struct mbuf *m, struct secpolicyindex *spidx, int needport) struct ip ih; m_copydata(m, 0, sizeof (struct ip), (caddr_t) &ih); - if (ih.ip_off & (IP_MF | IP_OFFMASK)) + if (ih.ip_off & htons(IP_MF | IP_OFFMASK)) goto done; #ifdef _IP_VHL off = _IP_VHL_HL(ih.ip_vhl) << 2; diff --git a/sys/netpfil/ipfw/ip_dn_io.c b/sys/netpfil/ipfw/ip_dn_io.c index 2047b74..9a4b486 100644 --- a/sys/netpfil/ipfw/ip_dn_io.c +++ b/sys/netpfil/ipfw/ip_dn_io.c @@ -658,13 +658,10 @@ dummynet_send(struct mbuf *m) switch (dst) { case DIR_OUT: - SET_HOST_IPLEN(mtod(m, struct ip *)); ip_output(m, NULL, NULL, IP_FORWARDING, NULL, NULL); break ; case DIR_IN : - /* put header in network format for ip_input() */ - //SET_NET_IPLEN(mtod(m, struct ip *)); netisr_dispatch(NETISR_IP, m); break; diff --git a/sys/netpfil/ipfw/ip_fw2.c b/sys/netpfil/ipfw/ip_fw2.c index e43a0ef..f452222 100644 --- a/sys/netpfil/ipfw/ip_fw2.c +++ b/sys/netpfil/ipfw/ip_fw2.c @@ -627,8 +627,6 @@ send_reject(struct ip_fw_args *args, int code, int iplen, struct ip *ip) m_adj(m, args->L3offset); #endif if (code != ICMP_REJECT_RST) { /* Send an ICMP unreach */ - /* We need the IP header in host order for icmp_error(). */ - SET_HOST_IPLEN(ip); icmp_error(args->m, ICMP_UNREACH, code, 0L, 0); } else if (args->f_id.proto == IPPROTO_TCP) { struct tcphdr *const tcp = @@ -2418,11 +2416,6 @@ do { \ /* if not fragmented, go to next rule */ if ((ip_off & (IP_MF | IP_OFFMASK)) == 0) break; - /* - * ip_reass() expects len & off in host - * byte order. - */ - SET_HOST_IPLEN(ip); args->m = m = ip_reass(m); @@ -2436,7 +2429,6 @@ do { \ ip = mtod(m, struct ip *); hlen = ip->ip_hl << 2; - SET_NET_IPLEN(ip); ip->ip_sum = 0; if (hlen == sizeof(struct ip)) ip->ip_sum = in_cksum_hdr(ip); diff --git a/sys/netpfil/ipfw/ip_fw_dynamic.c b/sys/netpfil/ipfw/ip_fw_dynamic.c index 28d2d51..8714538 100644 --- a/sys/netpfil/ipfw/ip_fw_dynamic.c +++ b/sys/netpfil/ipfw/ip_fw_dynamic.c @@ -1016,9 +1016,8 @@ ipfw_send_pkt(struct mbuf *replyto, struct ipfw_flow_id *id, u_int32_t seq, h->ip_v = 4; h->ip_hl = sizeof(*h) >> 2; h->ip_tos = IPTOS_LOWDELAY; - h->ip_off = 0; - /* ip_len must be in host format for ip_output */ - h->ip_len = len; + h->ip_off = htons(0); + h->ip_len = htons(len); h->ip_ttl = V_ip_defttl; h->ip_sum = 0; break; diff --git a/sys/netpfil/ipfw/ip_fw_pfil.c b/sys/netpfil/ipfw/ip_fw_pfil.c index fa86de8..a2d29da 100644 --- a/sys/netpfil/ipfw/ip_fw_pfil.c +++ b/sys/netpfil/ipfw/ip_fw_pfil.c @@ -431,7 +431,6 @@ ipfw_divert(struct mbuf **m0, int incoming, struct ipfw_rule_ref *rule, int hlen; struct mbuf *reass; - SET_HOST_IPLEN(ip); /* ip_reass wants host order */ reass = ip_reass(clone); /* Reassemble packet. */ if (reass == NULL) return 0; /* not an error */ @@ -442,7 +441,6 @@ ipfw_divert(struct mbuf **m0, int incoming, struct ipfw_rule_ref *rule, */ ip = mtod(reass, struct ip *); hlen = ip->ip_hl << 2; - SET_NET_IPLEN(ip); ip->ip_sum = 0; if (hlen == sizeof(struct ip)) ip->ip_sum = in_cksum_hdr(ip); diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 53333f8..bd1e5c4 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -1382,7 +1382,7 @@ pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t data) ip->ip_hl = sizeof(sc->sc_template) >> 2; ip->ip_tos = IPTOS_LOWDELAY; /* len and id are set later. */ - ip->ip_off = IP_DF; + ip->ip_off = htons(IP_DF); ip->ip_ttl = PFSYNC_DFLTTL; ip->ip_p = IPPROTO_PFSYNC; ip->ip_src.s_addr = INADDR_ANY; @@ -1520,7 +1520,7 @@ pfsync_sendout(int schedswi) bcopy(&sc->sc_template, ip, sizeof(*ip)); offset = sizeof(*ip); - ip->ip_len = m->m_pkthdr.len; + ip->ip_len = htons(m->m_pkthdr.len); ip->ip_id = htons(ip_randomid()); /* build the pfsync header */ diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 4c126fd..0b07728 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -2252,8 +2252,8 @@ pf_send_tcp(struct mbuf *replyto, const struct pf_rule *r, sa_family_t af, h->ip_v = 4; h->ip_hl = sizeof(*h) >> 2; h->ip_tos = IPTOS_LOWDELAY; - h->ip_off = V_path_mtu_discovery ? IP_DF : 0; - h->ip_len = len; + h->ip_off = htons(V_path_mtu_discovery ? IP_DF : 0); + h->ip_len = htons(len); h->ip_ttl = ttl ? ttl : V_ip_defttl; h->ip_sum = 0; @@ -2316,17 +2316,8 @@ pf_send_icmp(struct mbuf *m, u_int8_t type, u_int8_t code, sa_family_t af, switch (af) { #ifdef INET case AF_INET: - { - struct ip *ip; - - /* icmp_error() expects host byte ordering */ - ip = mtod(m0, struct ip *); - NTOHS(ip->ip_len); - NTOHS(ip->ip_off); - pfse->pfse_type = PFSE_ICMP; break; - } #endif /* INET */ #ifdef INET6 case AF_INET6: diff --git a/sys/sys/param.h b/sys/sys/param.h index 3dc1ba8..470e369 100644 --- a/sys/sys/param.h +++ b/sys/sys/param.h @@ -58,7 +58,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1000021 /* Master, propagated to newvers */ +#define __FreeBSD_version 1000022 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, |
