From: bluhm Date: Wed, 28 Feb 2024 10:57:20 +0000 (+0000) Subject: Cleanup IP input, forward, output. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=2136a888e5476e2126e5a2d27c4ca1085adee9aa;p=openbsd Cleanup IP input, forward, output. Before changing the routing code, get IPv4 and IPv6 input, forward, and output in a similar shape. Remove inconsistencies. OK claudio@ --- diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index d8709c94cf7..9c273238f39 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.390 2024/02/22 14:25:58 bluhm Exp $ */ +/* $OpenBSD: ip_input.c,v 1.391 2024/02/28 10:57:20 bluhm Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -391,7 +391,10 @@ ip_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp) struct rtentry *rt = NULL; struct ip *ip; int hlen; - in_addr_t pfrdr = 0; +#if NPF > 0 + struct in_addr odst; +#endif + int pfrdr = 0; KASSERT(*offp == 0); @@ -412,7 +415,7 @@ ip_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp) /* * Packet filter */ - pfrdr = ip->ip_dst.s_addr; + odst = ip->ip_dst; if (pf_test(AF_INET, PF_IN, ifp, mp) != PF_PASS) goto bad; m = *mp; @@ -420,7 +423,7 @@ ip_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp) goto bad; ip = mtod(m, struct ip *); - pfrdr = (pfrdr != ip->ip_dst.s_addr); + pfrdr = odst.s_addr != ip->ip_dst.s_addr; #endif hlen = ip->ip_hl << 2; @@ -1472,7 +1475,7 @@ const u_char inetctlerrmap[PRC_NCMDS] = { void ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt) { - struct mbuf mfake, *mcopy = NULL; + struct mbuf mfake, *mcopy; struct ip *ip = mtod(m, struct ip *); struct route ro; int error = 0, type = 0, code = 0, destmtu = 0, fake = 0, len; @@ -1482,11 +1485,11 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt) if (m->m_flags & (M_BCAST|M_MCAST) || in_canforward(ip->ip_dst) == 0) { ipstat_inc(ips_cantforward); m_freem(m); - goto freecopy; + goto done; } if (ip->ip_ttl <= IPTTLDEC) { icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, 0); - goto freecopy; + goto done; } ro.ro_rt = NULL; @@ -1563,10 +1566,10 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt) if (type) ipstat_inc(ips_redirectsent); else - goto freecopy; + goto done; } if (!fake) - goto freecopy; + goto done; switch (error) { case 0: /* forwarded, but need redirect */ @@ -1590,7 +1593,7 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt) } ipstat_inc(ips_cantfrag); if (destmtu == 0) - goto freecopy; + goto done; break; case EACCES: @@ -1598,7 +1601,7 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt) * pf(4) blocked the packet. There is no need to send an ICMP * packet back since pf(4) takes care of it. */ - goto freecopy; + goto done; case ENOBUFS: /* @@ -1607,7 +1610,7 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt) * source quench could be a big problem under DoS attacks, * or the underlying interface is rate-limited. */ - goto freecopy; + goto done; case ENETUNREACH: /* shouldn't happen, checked above */ case EHOSTUNREACH: @@ -1619,10 +1622,10 @@ ip_forward(struct mbuf *m, struct ifnet *ifp, struct rtentry *rt, int srcrt) break; } mcopy = m_copym(&mfake, 0, len, M_DONTWAIT); - if (mcopy) + if (mcopy != NULL) icmp_error(mcopy, type, code, dest, destmtu); -freecopy: + done: if (fake) m_tag_delete_chain(&mfake); rtfree(rt); diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index 65a51d52dac..84c872a192f 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_forward.c,v 1.115 2024/02/22 14:25:58 bluhm Exp $ */ +/* $OpenBSD: ip6_forward.c,v 1.116 2024/02/28 10:57:20 bluhm Exp $ */ /* $KAME: ip6_forward.c,v 1.75 2001/06/29 12:42:13 jinmei Exp $ */ /* @@ -89,7 +89,7 @@ ip6_forward(struct mbuf *m, struct rtentry *rt, int srcrt) struct route ro; struct ifnet *ifp = NULL; int error = 0, type = 0, code = 0, destmtu = 0; - struct mbuf *mcopy = NULL; + struct mbuf *mcopy; #ifdef IPSEC struct tdb *tdb = NULL; #endif /* IPSEC */ @@ -121,13 +121,13 @@ ip6_forward(struct mbuf *m, struct rtentry *rt, int srcrt) m->m_pkthdr.ph_ifidx); } m_freem(m); - goto out; + goto done; } if (ip6->ip6_hlim <= IPV6_HLIMDEC) { icmp6_error(m, ICMP6_TIME_EXCEEDED, ICMP6_TIME_EXCEED_TRANSIT, 0); - goto out; + goto done; } ip6->ip6_hlim -= IPV6_HLIMDEC; @@ -175,12 +175,12 @@ reroute: m->m_pkthdr.ph_rtableid); if (rt == NULL) { ip6stat_inc(ip6s_noroute); - if (mcopy) { + if (mcopy != NULL) { icmp6_error(mcopy, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOROUTE, 0); } m_freem(m); - goto out; + goto done; } } ro.ro_rt = rt; @@ -211,11 +211,11 @@ reroute: ip6->ip6_nxt, m->m_pkthdr.ph_ifidx, rt->rt_ifidx); } - if (mcopy) + if (mcopy != NULL) icmp6_error(mcopy, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_BEYONDSCOPE, 0); m_freem(m); - goto out; + goto done; } #ifdef IPSEC @@ -270,11 +270,11 @@ reroute: * type/code is based on suggestion by Rich Draves. * not sure if it is the best pick. */ - if (mcopy) + if (mcopy != NULL) icmp6_error(mcopy, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADDR, 0); m_freem(m); - goto out; + goto done; } type = ND_REDIRECT; } @@ -327,18 +327,18 @@ reroute: if (mcopy != NULL) icmp6_error(mcopy, ICMP6_PACKET_TOO_BIG, 0, ifp->if_mtu); m_freem(m); - goto out; + goto done; senderr: if (mcopy == NULL) - goto out; + goto done; switch (error) { case 0: if (type == ND_REDIRECT) { icmp6_redirect_output(mcopy, rt); ip6stat_inc(ip6s_redirectsent); - goto out; + goto done; } goto freecopy; @@ -383,11 +383,11 @@ senderr: break; } icmp6_error(mcopy, type, code, destmtu); - goto out; + goto done; -freecopy: + freecopy: m_freem(mcopy); -out: + done: rtfree(rt); if_put(ifp); #ifdef IPSEC diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 5d78407442b..112fe60376d 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_input.c,v 1.258 2024/02/22 14:25:58 bluhm Exp $ */ +/* $OpenBSD: ip6_input.c,v 1.259 2024/02/28 10:57:20 bluhm Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -366,7 +366,7 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp) #if NPF > 0 struct in6_addr odst; #endif - int srcrt = 0; + int pfrdr = 0; KASSERT(*offp == 0); @@ -413,7 +413,7 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp) goto bad; ip6 = mtod(m, struct ip6_hdr *); - srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); + pfrdr = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); #endif /* @@ -618,7 +618,7 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp) } #endif /* IPSEC */ - ip6_forward(m, rt, srcrt); + ip6_forward(m, rt, pfrdr); *mp = NULL; return IPPROTO_DONE; bad: diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index e277d49599f..94519429cf0 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_output.c,v 1.287 2024/02/22 14:25:58 bluhm Exp $ */ +/* $OpenBSD: ip6_output.c,v 1.288 2024/02/28 10:57:20 bluhm Exp $ */ /* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */ /* @@ -748,8 +748,16 @@ reroute: (error = if_output_ml(ifp, &ml, sin6tosa(dst), ro->ro_rt))) goto done; ip6stat_inc(ip6s_fragmented); + goto done; -done: + freehdrs: + m_freem(exthdrs.ip6e_hbh); /* m_freem will check if mbuf is 0 */ + m_freem(exthdrs.ip6e_dest1); + m_freem(exthdrs.ip6e_rthdr); + m_freem(exthdrs.ip6e_dest2); + bad: + m_freem(m); + done: if (ro == &iproute && ro->ro_rt) { rtfree(ro->ro_rt); } else if (ro_pmtu == &iproute && ro_pmtu->ro_rt) { @@ -760,16 +768,6 @@ done: tdb_unref(tdb); #endif /* IPSEC */ return (error); - -freehdrs: - m_freem(exthdrs.ip6e_hbh); /* m_freem will check if mbuf is 0 */ - m_freem(exthdrs.ip6e_dest1); - m_freem(exthdrs.ip6e_rthdr); - m_freem(exthdrs.ip6e_dest2); - /* FALLTHROUGH */ -bad: - m_freem(m); - goto done; } int