| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | /* $NetBSD: ip_mroute.c,v 1.158 2018/05/07 19:34:03 maxv Exp $ */ | | 1 | /* $NetBSD: ip_mroute.c,v 1.159 2018/05/14 17:26:16 maxv Exp $ */ |
| 2 | | | 2 | |
| 3 | /* | | 3 | /* |
| 4 | * Copyright (c) 1992, 1993 | | 4 | * Copyright (c) 1992, 1993 |
| 5 | * The Regents of the University of California. All rights reserved. | | 5 | * The Regents of the University of California. All rights reserved. |
| 6 | * | | 6 | * |
| 7 | * This code is derived from software contributed to Berkeley by | | 7 | * This code is derived from software contributed to Berkeley by |
| 8 | * Stephen Deering of Stanford University. | | 8 | * Stephen Deering of Stanford University. |
| 9 | * | | 9 | * |
| 10 | * Redistribution and use in source and binary forms, with or without | | 10 | * Redistribution and use in source and binary forms, with or without |
| 11 | * modification, are permitted provided that the following conditions | | 11 | * modification, are permitted provided that the following conditions |
| 12 | * are met: | | 12 | * are met: |
| 13 | * 1. Redistributions of source code must retain the above copyright | | 13 | * 1. Redistributions of source code must retain the above copyright |
| 14 | * notice, this list of conditions and the following disclaimer. | | 14 | * notice, this list of conditions and the following disclaimer. |
| @@ -83,27 +83,27 @@ | | | @@ -83,27 +83,27 @@ |
| 83 | * Modified by Charles M. Hannum, NetBSD, May 1995. | | 83 | * Modified by Charles M. Hannum, NetBSD, May 1995. |
| 84 | * Modified by Ahmed Helmy, SGI, June 1996 | | 84 | * Modified by Ahmed Helmy, SGI, June 1996 |
| 85 | * Modified by George Edmond Eddy (Rusty), ISI, February 1998 | | 85 | * Modified by George Edmond Eddy (Rusty), ISI, February 1998 |
| 86 | * Modified by Pavlin Radoslavov, USC/ISI, May 1998, August 1999, October 2000 | | 86 | * Modified by Pavlin Radoslavov, USC/ISI, May 1998, August 1999, October 2000 |
| 87 | * Modified by Hitoshi Asaeda, WIDE, August 2000 | | 87 | * Modified by Hitoshi Asaeda, WIDE, August 2000 |
| 88 | * Modified by Pavlin Radoslavov, ICSI, October 2002 | | 88 | * Modified by Pavlin Radoslavov, ICSI, October 2002 |
| 89 | * | | 89 | * |
| 90 | * MROUTING Revision: 1.2 | | 90 | * MROUTING Revision: 1.2 |
| 91 | * and PIM-SMv2 and PIM-DM support, advanced API support, | | 91 | * and PIM-SMv2 and PIM-DM support, advanced API support, |
| 92 | * bandwidth metering and signaling | | 92 | * bandwidth metering and signaling |
| 93 | */ | | 93 | */ |
| 94 | | | 94 | |
| 95 | #include <sys/cdefs.h> | | 95 | #include <sys/cdefs.h> |
| 96 | __KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.158 2018/05/07 19:34:03 maxv Exp $"); | | 96 | __KERNEL_RCSID(0, "$NetBSD: ip_mroute.c,v 1.159 2018/05/14 17:26:16 maxv Exp $"); |
| 97 | | | 97 | |
| 98 | #ifdef _KERNEL_OPT | | 98 | #ifdef _KERNEL_OPT |
| 99 | #include "opt_inet.h" | | 99 | #include "opt_inet.h" |
| 100 | #include "opt_ipsec.h" | | 100 | #include "opt_ipsec.h" |
| 101 | #include "opt_pim.h" | | 101 | #include "opt_pim.h" |
| 102 | #endif | | 102 | #endif |
| 103 | | | 103 | |
| 104 | #ifdef PIM | | 104 | #ifdef PIM |
| 105 | #define _PIM_VT 1 | | 105 | #define _PIM_VT 1 |
| 106 | #endif | | 106 | #endif |
| 107 | | | 107 | |
| 108 | #include <sys/param.h> | | 108 | #include <sys/param.h> |
| 109 | #include <sys/systm.h> | | 109 | #include <sys/systm.h> |
| @@ -1818,48 +1818,50 @@ vif_encapcheck(struct mbuf *m, int off, | | | @@ -1818,48 +1818,50 @@ vif_encapcheck(struct mbuf *m, int off, |
| 1818 | if (!arg || proto != IPPROTO_IPV4) | | 1818 | if (!arg || proto != IPPROTO_IPV4) |
| 1819 | panic("unexpected arg in vif_encapcheck"); | | 1819 | panic("unexpected arg in vif_encapcheck"); |
| 1820 | #endif | | 1820 | #endif |
| 1821 | | | 1821 | |
| 1822 | /* | | 1822 | /* |
| 1823 | * Accept the packet only if the inner heaader is multicast | | 1823 | * Accept the packet only if the inner heaader is multicast |
| 1824 | * and the outer header matches a tunnel-mode vif. Order | | 1824 | * and the outer header matches a tunnel-mode vif. Order |
| 1825 | * checks in the hope that common non-matching packets will be | | 1825 | * checks in the hope that common non-matching packets will be |
| 1826 | * rejected quickly. Assume that unicast IPv4 traffic in a | | 1826 | * rejected quickly. Assume that unicast IPv4 traffic in a |
| 1827 | * parallel tunnel (e.g. gif(4)) is unlikely. | | 1827 | * parallel tunnel (e.g. gif(4)) is unlikely. |
| 1828 | */ | | 1828 | */ |
| 1829 | | | 1829 | |
| 1830 | /* Obtain the outer IP header and the vif pointer. */ | | 1830 | /* Obtain the outer IP header and the vif pointer. */ |
| 1831 | m_copydata((struct mbuf *)m, 0, sizeof(ip), (void *)&ip); | | 1831 | m_copydata(m, 0, sizeof(ip), (void *)&ip); |
| 1832 | vifp = (struct vif *)arg; | | 1832 | vifp = (struct vif *)arg; |
| 1833 | | | 1833 | |
| 1834 | /* | | 1834 | /* |
| 1835 | * The outer source must match the vif's remote peer address. | | 1835 | * The outer source must match the vif's remote peer address. |
| 1836 | * For a multicast router with several tunnels, this is the | | 1836 | * For a multicast router with several tunnels, this is the |
| 1837 | * only check that will fail on packets in other tunnels, | | 1837 | * only check that will fail on packets in other tunnels, |
| 1838 | * assuming the local address is the same. | | 1838 | * assuming the local address is the same. |
| 1839 | */ | | 1839 | */ |
| 1840 | if (!in_hosteq(vifp->v_rmt_addr, ip.ip_src)) | | 1840 | if (!in_hosteq(vifp->v_rmt_addr, ip.ip_src)) |
| 1841 | return 0; | | 1841 | return 0; |
| 1842 | | | 1842 | |
| 1843 | /* The outer destination must match the vif's local address. */ | | 1843 | /* The outer destination must match the vif's local address. */ |
| 1844 | if (!in_hosteq(vifp->v_lcl_addr, ip.ip_dst)) | | 1844 | if (!in_hosteq(vifp->v_lcl_addr, ip.ip_dst)) |
| 1845 | return 0; | | 1845 | return 0; |
| 1846 | | | 1846 | |
| 1847 | /* The vif must be of tunnel type. */ | | 1847 | /* The vif must be of tunnel type. */ |
| 1848 | if ((vifp->v_flags & VIFF_TUNNEL) == 0) | | 1848 | if ((vifp->v_flags & VIFF_TUNNEL) == 0) |
| 1849 | return 0; | | 1849 | return 0; |
| 1850 | | | 1850 | |
| 1851 | /* Check that the inner destination is multicast. */ | | 1851 | /* Check that the inner destination is multicast. */ |
| 1852 | m_copydata((struct mbuf *)m, off, sizeof(ip), (void *)&ip); | | 1852 | if (off + sizeof(ip) > m->m_pkthdr.len) |
| | | 1853 | return 0; |
| | | 1854 | m_copydata(m, off, sizeof(ip), (void *)&ip); |
| 1853 | if (!IN_MULTICAST(ip.ip_dst.s_addr)) | | 1855 | if (!IN_MULTICAST(ip.ip_dst.s_addr)) |
| 1854 | return 0; | | 1856 | return 0; |
| 1855 | | | 1857 | |
| 1856 | /* | | 1858 | /* |
| 1857 | * We have checked that both the outer src and dst addresses | | 1859 | * We have checked that both the outer src and dst addresses |
| 1858 | * match the vif, and that the inner destination is multicast | | 1860 | * match the vif, and that the inner destination is multicast |
| 1859 | * (224/5). By claiming more than 64, we intend to | | 1861 | * (224/5). By claiming more than 64, we intend to |
| 1860 | * preferentially take packets that also match a parallel | | 1862 | * preferentially take packets that also match a parallel |
| 1861 | * gif(4). | | 1863 | * gif(4). |
| 1862 | */ | | 1864 | */ |
| 1863 | return 32 + 32 + 5; | | 1865 | return 32 + 32 + 5; |
| 1864 | } | | 1866 | } |
| 1865 | | | 1867 | |