diff options
| author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2004-06-25 00:42:59 +0000 |
|---|---|---|
| committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2004-06-25 00:42:59 +0000 |
| commit | bc740d1ec4db7bf42ff48e0e6a67d956f41fab29 (patch) | |
| tree | bfb6902546bf584b66ea08ee9b299da148cbdcc3 /sys/netinet6/ip6_forward.c | |
| parent | a48d9c05558b17edbd3de22219d3977676adcbd8 (diff) | |
IPv6 reassembly on "scrub" directive.
caveats: (to be addressed soon)
- "scrub in" should queue fragments back into ip6intrq again, but
somehow it does not happen - the packet is kept inside reass queue.
need investigation
- ip6_forwarding path is not tested
- does not use red-black tree. somehow red-black tree behaved badly
and was not robust. performance issue, the above one is more
important.
good things:
- "scrub out" is perfectly ok
- i think now we can inspect upper-layer protocol fields (tcp port)
even if ip6 packet is fragmented.
- reass queue will be cleaned up properly by timeout (60sec). we might
want to impose pool limit as well
Diffstat (limited to 'sys/netinet6/ip6_forward.c')
| -rw-r--r-- | sys/netinet6/ip6_forward.c | 37 |
1 files changed, 21 insertions, 16 deletions
diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index eafe2b36e23..188455ad852 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_forward.c,v 1.31 2004/06/24 15:01:32 itojun Exp $ */ +/* $OpenBSD: ip6_forward.c,v 1.32 2004/06/25 00:42:58 itojun Exp $ */ /* $KAME: ip6_forward.c,v 1.75 2001/06/29 12:42:13 jinmei Exp $ */ /* @@ -429,28 +429,33 @@ ip6_forward(m, srcrt) ip6->ip6_dst.s6_addr16[1] = 0; #if NPF > 0 - if (pf_test6(PF_OUT, rt->rt_ifp, &m, NULL) != PF_PASS) { + if (pf_test6(PF_FORWARD, rt->rt_ifp, &m, NULL) != PF_PASS) { m_freem(m); goto senderr; } if (m == NULL) goto senderr; - - ip6 = mtod(m, struct ip6_hdr *); #endif - error = nd6_output(rt->rt_ifp, origifp, m, dst, rt); - if (error) { - in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard); - ip6stat.ip6s_cantforward++; - } else { - ip6stat.ip6s_forward++; - in6_ifstat_inc(rt->rt_ifp, ifs6_out_forward); - if (type) - ip6stat.ip6s_redirectsent++; - else { - if (mcopy) - goto freecopy; +#if NPF > 0 + for (; m; m = m->m_nextpkt) +#else + if (1) +#endif + { + error = nd6_output(rt->rt_ifp, origifp, m, dst, rt); + if (error) { + in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard); + ip6stat.ip6s_cantforward++; + } else { + ip6stat.ip6s_forward++; + in6_ifstat_inc(rt->rt_ifp, ifs6_out_forward); + if (type) + ip6stat.ip6s_redirectsent++; + else { + if (mcopy) + goto freecopy; + } } } |