 @@ -1,14 +1,14 @@
-/*	$NetBSD: ip_input.c,v 1.388 2019/01/17 02:47:15 knakahara Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.389 2019/05/13 07:47:59 ozaki-r Exp $	*/
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -81,27 +81,27 @@
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)ip_input.c	8.2 (Berkeley) 1/4/94
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.388 2019/01/17 02:47:15 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.389 2019/05/13 07:47:59 ozaki-r Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
 #include "opt_gateway.h"
 #include "opt_ipsec.h"
 #include "opt_mrouting.h"
 #include "opt_mbuftrace.h"
 #include "opt_inet_csum.h"
 #include "opt_net_mpsafe.h"
 #endif
 #include "arp.h"
 @@ -568,26 +568,27 @@ ip_input(struct mbuf *m)
 	 */
 #if defined(IPSEC)
 	if (!ipsec_used || !ipsec_skip_pfil(m))
 #else
 	if (1)
 #endif
+	{
 		struct in_addr odst = ip->ip_dst;
 		bool freed;
 		freed = pfil_run_hooks(inet_pfil_hook, &m, ifp, PFIL_IN) != 0;
 		if (freed || m == NULL) {
 			m = NULL;
 			IP_STATINC(IP_STAT_PFILDROP_IN);
 			goto out;
+		}
 		KASSERT(m->m_len >= sizeof(struct ip));
 		ip = mtod(m, struct ip *);
 		hlen = ip->ip_hl << 2;
 		KASSERT(m->m_len >= hlen);
 		/*
 		 * XXX The setting of "srcrt" here is to prevent ip_forward()
 		 * from generating ICMP redirects for packets that have
 		 * been redirected by a hook back out on to the same LAN that
 		 * they came from and is not an indication that the packet
 		 * is being influenced by source routing options.  This

 @@ -1,14 +1,14 @@
-/*	$NetBSD: ip_output.c,v 1.310 2019/02/04 10:48:46 mrg Exp $	*/
+/*	$NetBSD: ip_output.c,v 1.311 2019/05/13 07:47:59 ozaki-r Exp $	*/
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -81,27 +81,27 @@
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)ip_output.c	8.3 (Berkeley) 1/21/94
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.310 2019/02/04 10:48:46 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.311 2019/05/13 07:47:59 ozaki-r Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
 #include "opt_ipsec.h"
 #include "opt_mrouting.h"
 #include "opt_net_mpsafe.h"
 #include "opt_mpls.h"
 #endif
 #include "arp.h"
 #include <sys/param.h>
 #include <sys/kmem.h>
 @@ -612,30 +612,30 @@ sendit:
 		/* Perform IPsec processing, if any. */
 		error = ipsec4_output(m, inp, flags, &mtu, &natt_frag,
 		    &ipsec_done);
 		if (error || ipsec_done)
 			goto done;
+	}
 #endif
 	/*
 	 * Run through list of hooks for output packets.
 	 */
 	error = pfil_run_hooks(inet_pfil_hook, &m, ifp, PFIL_OUT);
-	if (error)
+	if (error || m == NULL) {
-		goto done;
+		IP_STATINC(IP_STAT_PFILDROP_OUT);
 	if (m == NULL)
 		goto done;
+	}
 	ip = mtod(m, struct ip *);
 	hlen = ip->ip_hl << 2;
 	m->m_pkthdr.csum_data |= hlen << 16;
 	/*
 	 * search for the source address structure to
 	 * maintain output statistics, and verify address
 	 * validity
 	 */
 	KASSERT(ia == NULL);
 	sockaddr_in_init(&usrc.sin, &ip->ip_src, 0);

 @@ -1,14 +1,14 @@
-/*	$NetBSD: ip_var.h,v 1.127 2018/09/14 05:09:51 maxv Exp $	*/
+/*	$NetBSD: ip_var.h,v 1.128 2019/05/13 07:47:59 ozaki-r Exp $	*/
 /*
  * Copyright (c) 1982, 1986, 1993
  *	The Regents of the University of California.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -137,28 +137,30 @@ struct ip_pktopts {
 #define	IP_STAT_OFRAGMENTS	19	/* output fragments created */
 #define	IP_STAT_CANTFRAG	20	/* don't fragment flag was set, etc. */
 #define	IP_STAT_BADOPTIONS	21	/* error in option processing */
 #define	IP_STAT_NOROUTE		22	/* packets discarded due to no route */
 #define	IP_STAT_BADVERS		23	/* ip version != 4 */
 #define	IP_STAT_RAWOUT		24	/* total raw ip packets generated */
 #define	IP_STAT_BADFRAGS	25	/* malformed fragments (bad length) */
 #define	IP_STAT_RCVMEMDROP	26	/* frags dropped for lack of memory */
 #define	IP_STAT_TOOLONG		27	/* ip length > max ip packet size */
 #define	IP_STAT_NOGIF		28	/* no match gif found */
 #define	IP_STAT_BADADDR		29	/* invalid address on header */
 #define	IP_STAT_NOL2TP		30	/* no match l2tp found */
 #define	IP_STAT_NOIPSEC		31	/* no match ipsec(4) found */
 #define	IP_STAT_PFILDROP_IN	32	/* dropped by pfil (PFIL_IN) */
 #define	IP_STAT_PFILDROP_OUT	33	/* dropped by pfil (PFIL_OUT) */
-#define	IP_NSTATS		32
+#define	IP_NSTATS		34
 #ifdef _KERNEL
 #ifdef _KERNEL_OPT
 #include "opt_gateway.h"
 #include "opt_mbuftrace.h"
 #endif
 /*
  * The following flags can be passed to ip_output() as last parameter
  */
 #define	IP_FORWARDING		0x0001		/* most of ip header exists */
 #define	IP_RAWOUTPUT		0x0002		/* raw ip header exists */

 @@ -1,14 +1,14 @@
-/*	$NetBSD: ip6_forward.c,v 1.95 2018/05/01 07:21:39 maxv Exp $	*/
+/*	$NetBSD: ip6_forward.c,v 1.96 2019/05/13 07:47:59 ozaki-r Exp $	*/
 /*	$KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $	*/
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
 @@ -21,27 +21,27 @@
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.95 2018/05/01 07:21:39 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.96 2019/05/13 07:47:59 ozaki-r Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_gateway.h"
 #include "opt_ipsec.h"
 #endif
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/mbuf.h>
 #include <sys/errno.h>
 #include <sys/time.h>
 #include <sys/kernel.h>
 #include <sys/syslog.h>
 @@ -383,30 +383,34 @@ ip6_forward(struct mbuf *m, int srcrt)
+	}
 	/*
 	 * clear embedded scope identifiers if necessary.
 	 * in6_clearscope will touch the addresses only when necessary.
 	 */
 	in6_clearscope(&ip6->ip6_src);
 	in6_clearscope(&ip6->ip6_dst);
 	/*
 	 * Run through list of hooks for output packets.
 	 */
 	if ((error = pfil_run_hooks(inet6_pfil_hook, &m, rt->rt_ifp,
-	    PFIL_OUT)) != 0)
+	    PFIL_OUT)) != 0) {
 		IP6_STATINC(IP6_STAT_PFILDROP_OUT);
 		goto senderr;
 	if (m == NULL)
 	if (m == NULL) {
 		IP6_STATINC(IP6_STAT_PFILDROP_OUT);
 		goto freecopy;
+	}
 	ip6 = mtod(m, struct ip6_hdr *);
 	error = ip6_if_output(rt->rt_ifp, origifp, m, dst, rt);
 	if (error) {
 		in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard);
 		IP6_STATINC(IP6_STAT_CANTFORWARD);
 	} else {
 		IP6_STATINC(IP6_STAT_FORWARD);
 		in6_ifstat_inc(rt->rt_ifp, ifs6_out_forward);
 		if (type)
 			IP6_STATINC(IP6_STAT_REDIRECTSENT);
 		else {
 #ifdef GATEWAY

 @@ -1,14 +1,14 @@
-/*	$NetBSD: ip6_input.c,v 1.207 2019/01/17 02:47:15 knakahara Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.208 2019/05/13 07:47:59 ozaki-r Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
 @@ -52,27 +52,27 @@
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)ip_input.c	8.2 (Berkeley) 1/4/94
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.207 2019/01/17 02:47:15 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.208 2019/05/13 07:47:59 ozaki-r Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_gateway.h"
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
 #include "opt_net_mpsafe.h"
 #endif
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/mbuf.h>
 #include <sys/domain.h>
 @@ -338,32 +338,34 @@ ip6_input(struct mbuf *m, struct ifnet *
 	 * Note that filters must _never_ set this flag, as another filter
 	 * in the list may have previously cleared it.
+	 *
 	 * Don't call hooks if the packet has already been processed by
 	 * IPsec (encapsulated, tunnel mode).
 	 */
 #if defined(IPSEC)
 	if (!ipsec_used || !ipsec_skip_pfil(m))
 #else
 	if (1)
 #endif
+	{
 		struct in6_addr odst;
 		int error;
 		odst = ip6->ip6_dst;
-		if (pfil_run_hooks(inet6_pfil_hook, &m, rcvif, PFIL_IN) != 0)
+		error = pfil_run_hooks(inet6_pfil_hook, &m, rcvif, PFIL_IN);
-			return;
+		if (error != 0 || m == NULL) {
-		if (m == NULL)
+			IP6_STATINC(IP6_STAT_PFILDROP_IN);
 			return;
+		}
 		KASSERT(m->m_len >= sizeof(struct ip6_hdr));
 		ip6 = mtod(m, struct ip6_hdr *);
 		srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
+	}
 	IP6_STATINC(IP6_STAT_NXTHIST + ip6->ip6_nxt);
 #ifdef ALTQ
 	if (altq_input != NULL) {
 		SOFTNET_LOCK();
 		if ((*altq_input)(m, AF_INET6) == 0) {
 			SOFTNET_UNLOCK();
 			/* packet is dropped by traffic conditioner */

 @@ -1,14 +1,14 @@
-/*	$NetBSD: ip6_output.c,v 1.218 2019/04/03 19:23:38 maxv Exp $	*/
+/*	$NetBSD: ip6_output.c,v 1.219 2019/05/13 07:47:59 ozaki-r Exp $	*/
 /*	$KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $	*/
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
 @@ -52,27 +52,27 @@
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  *	@(#)ip_output.c	8.3 (Berkeley) 1/21/94
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.218 2019/04/03 19:23:38 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.219 2019/05/13 07:47:59 ozaki-r Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
 #include "opt_inet6.h"
 #include "opt_ipsec.h"
 #endif
 #include <sys/param.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/errno.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 @@ -746,30 +746,31 @@ ip6_output(
 		if (ip6_hopopts_input(&dummy1, &dummy2, &m, &hoff)) {
 			/* m was already freed at this point */
 			error = EINVAL;
 			goto done;
+		}
 		ip6 = mtod(m, struct ip6_hdr *);
+	}
 	/*
 	 * Run through list of hooks for output packets.
 	 */
-	if ((error = pfil_run_hooks(inet6_pfil_hook, &m, ifp, PFIL_OUT)) != 0)
+	error = pfil_run_hooks(inet6_pfil_hook, &m, ifp, PFIL_OUT);
-		goto done;
+	if (error != 0 || m == NULL) {
-	if (m == NULL)
+		IP6_STATINC(IP6_STAT_PFILDROP_OUT);
 		goto done;
+	}
 	ip6 = mtod(m, struct ip6_hdr *);
 	/*
 	 * Send the packet to the outgoing interface.
 	 * If necessary, do IPv6 fragmentation before sending.
+	 *
 	 * the logic here is rather complex:
 	 * 1: normal case (dontfrag == 0, alwaysfrag == 0)
 	 * 1-a:	send as is if tlen <= path mtu
 	 * 1-b:	fragment if tlen > path mtu
+	 *
 	 * 2: if user asks us not to fragment (dontfrag == 1)
 	 * 2-a:	send as is if tlen <= interface mtu

 @@ -1,14 +1,14 @@
-/*	$NetBSD: ip6_var.h,v 1.81 2018/11/29 09:51:21 ozaki-r Exp $	*/
+/*	$NetBSD: ip6_var.h,v 1.82 2019/05/13 07:47:59 ozaki-r Exp $	*/
 /*	$KAME: ip6_var.h,v 1.33 2000/06/11 14:59:20 jinmei Exp $	*/
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
 @@ -176,28 +176,30 @@ struct	ip6_pktopts {
 		/* space for 16 counters */
 #define	IP6_STAT_SOURCES_OTHERSCOPE 366	/* number of times that an address that
 					   has a different scope from the dest.
 					   is chosen */
 		/* space for 16 counters */
 #define	IP6_STAT_SOURCES_DEPRECATED 382	/* number of times that a deprecated
 					   address is chosen */
 		/* space for 16 counters */
 #define	IP6_STAT_FORWARD_CACHEHIT 398
 #define	IP6_STAT_FORWARD_CACHEMISS 399
 #define	IP6_STAT_FASTFORWARD	400	/* packets fast forwarded */
 #define	IP6_STAT_FASTFORWARDFLOWS 401	/* number of fast forward flows */
 #define	IP6_STAT_NOIPSEC	402	/* no match ipsec(4) found */
 #define	IP6_STAT_PFILDROP_IN	403	/* dropped by pfil (PFIL_IN) */
 #define	IP6_STAT_PFILDROP_OUT	404	/* dropped by pfil (PFIL_OUT) */
-#define	IP6_NSTATS		403
+#define	IP6_NSTATS		405
 #define IP6FLOW_HASHBITS         6 /* should not be a multiple of 8 */
 /*
  * Structure for an IPv6 flow (ip6_fastforward).
  */
 struct ip6flow {
 	TAILQ_ENTRY(ip6flow) ip6f_list;  /* next in active list */
 	TAILQ_ENTRY(ip6flow) ip6f_hash;  /* next ip6flow in bucket */
 	size_t ip6f_hashidx;             /* own hash index of ipflowtable[] */
 	struct in6_addr ip6f_dst;       /* destination address */
 	struct in6_addr ip6f_src;       /* source address */
 	struct route ip6f_ro;       /* associated route entry */