diff options
| author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2003-07-09 22:03:17 +0000 |
|---|---|---|
| committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2003-07-09 22:03:17 +0000 |
| commit | 2283674da28e5dafc9ce3467ef20c59a96b9e900 (patch) | |
| tree | ebb49711fe1edf0247e2acb7b65e705fd4a922b9 /sys/netinet | |
| parent | e4575c1ca699d4eba1c2ebb28715c779ef686446 (diff) | |
do not flip ip_len/ip_off in netinet stack. deraadt ok.
(please test, especially PF portion)
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/igmp.c | 6 | ||||
| -rw-r--r-- | sys/netinet/in_gif.c | 9 | ||||
| -rw-r--r-- | sys/netinet/ip_ah.c | 20 | ||||
| -rw-r--r-- | sys/netinet/ip_gre.c | 5 | ||||
| -rw-r--r-- | sys/netinet/ip_icmp.c | 21 | ||||
| -rw-r--r-- | sys/netinet/ip_input.c | 75 | ||||
| -rw-r--r-- | sys/netinet/ip_mroute.c | 19 | ||||
| -rw-r--r-- | sys/netinet/ip_output.c | 38 | ||||
| -rw-r--r-- | sys/netinet/ipsec_input.c | 4 | ||||
| -rw-r--r-- | sys/netinet/ipsec_output.c | 11 | ||||
| -rw-r--r-- | sys/netinet/raw_ip.c | 14 | ||||
| -rw-r--r-- | sys/netinet/tcp_input.c | 6 | ||||
| -rw-r--r-- | sys/netinet/tcp_output.c | 4 | ||||
| -rw-r--r-- | sys/netinet/tcp_subr.c | 4 | ||||
| -rw-r--r-- | sys/netinet/udp_usrreq.c | 4 |
15 files changed, 101 insertions, 139 deletions
diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c index 33ad717ab19..c962fa7fa3a 100644 --- a/sys/netinet/igmp.c +++ b/sys/netinet/igmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: igmp.c,v 1.17 2003/02/12 14:41:07 jason Exp $ */ +/* $OpenBSD: igmp.c,v 1.18 2003/07/09 22:03:16 itojun Exp $ */ /* $NetBSD: igmp.c,v 1.15 1996/02/13 23:41:25 christos Exp $ */ /* @@ -140,7 +140,7 @@ igmp_input(struct mbuf *m, ...) ++igmpstat.igps_rcv_total; - igmplen = ip->ip_len; + igmplen = ntohs(ip->ip_len) - iphlen; /* * Validate lengths @@ -516,7 +516,7 @@ igmp_sendpkt(inm, type, addr) ip = mtod(m, struct ip *); ip->ip_tos = 0; - ip->ip_len = sizeof(struct ip) + IGMP_MINLEN; + ip->ip_len = htons(sizeof(struct ip) + IGMP_MINLEN); ip->ip_off = 0; ip->ip_p = IPPROTO_IGMP; ip->ip_src.s_addr = INADDR_ANY; diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c index 2b8372a7b7b..8664f2adc31 100644 --- a/sys/netinet/in_gif.c +++ b/sys/netinet/in_gif.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_gif.c,v 1.26 2002/08/28 15:43:03 pefo Exp $ */ +/* $OpenBSD: in_gif.c,v 1.27 2003/07/09 22:03:16 itojun Exp $ */ /* $KAME: in_gif.c,v 1.50 2001/01/22 07:27:16 itojun Exp $ */ /* @@ -71,7 +71,6 @@ in_gif_output(ifp, family, m, rt) struct xformsw xfs; int error; int hlen, poff; - u_int16_t plen; struct mbuf *mp; if (sin_src == NULL || sin_dst == NULL || @@ -149,12 +148,6 @@ in_gif_output(ifp, family, m, rt) #if NBRIDGE > 0 sendit: #endif /* NBRIDGE */ - /* ip_output needs host-order length. it should be nuked */ - m_copydata(m, offsetof(struct ip, ip_len), sizeof(u_int16_t), - (caddr_t) &plen); - NTOHS(plen); - m_copyback(m, offsetof(struct ip, ip_len), sizeof(u_int16_t), - (caddr_t) &plen); return ip_output(m, (void *)NULL, (void *)NULL, 0, (void *)NULL, (void *)NULL); } diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 780071a5554..12af3f94f7d 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.75 2003/05/03 01:43:07 itojun Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.76 2003/07/09 22:03:16 itojun Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -214,20 +214,10 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) * On input, fix ip_len which has been byte-swapped * at ip_input(). */ - if (!out) { - ip->ip_len += skip; - HTONS(ip->ip_len); - - if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) - ip->ip_off = htons(ip->ip_off & IP_DF); - else - ip->ip_off = 0; - } else { - if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) - ip->ip_off = htons(ntohs(ip->ip_off) & IP_DF); - else - ip->ip_off = 0; - } + if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) + ip->ip_off &= htons(IP_DF); + else + ip->ip_off = 0; ptr = mtod(m, unsigned char *) + sizeof(struct ip); diff --git a/sys/netinet/ip_gre.c b/sys/netinet/ip_gre.c index b80f99047ef..32577201e83 100644 --- a/sys/netinet/ip_gre.c +++ b/sys/netinet/ip_gre.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_gre.c,v 1.21 2003/05/03 01:43:07 itojun Exp $ */ +/* $OpenBSD: ip_gre.c,v 1.22 2003/07/09 22:03:16 itojun Exp $ */ /* $NetBSD: ip_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */ /* @@ -341,8 +341,7 @@ gre_mobile_input(struct mbuf *m, ...) m->m_len - msiz - (ip->ip_hl << 2)); m->m_len -= msiz; - ip->ip_len -= msiz; - HTONS(ip->ip_len); + ip->ip_len = htons(ntohs(ip->ip_len) - msiz); m->m_pkthdr.len -= msiz; ip->ip_sum = 0; diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 288604c9828..95d543880ad 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_icmp.c,v 1.60 2003/06/02 23:28:14 millert Exp $ */ +/* $OpenBSD: ip_icmp.c,v 1.61 2003/07/09 22:03:16 itojun Exp $ */ /* $NetBSD: ip_icmp.c,v 1.19 1996/02/13 23:42:22 christos Exp $ */ /* @@ -147,7 +147,7 @@ icmp_do_error(struct mbuf *n, int type, int code, n_long dest, * Don't error if the old packet protocol was ICMP * error message, only known informational types. */ - if (oip->ip_off & IP_OFFMASK) + if (oip->ip_off & htons(IP_OFFMASK)) goto freeit; if (oip->ip_p == IPPROTO_ICMP && type != ICMP_REDIRECT && n->m_len >= oiplen + ICMP_MINLEN && @@ -169,7 +169,7 @@ icmp_do_error(struct mbuf *n, int type, int code, n_long dest, /* * Now, formulate icmp message */ - icmplen = oiplen + min(8, oip->ip_len); + icmplen = oiplen + min(8, ntohs(oip->ip_len)); /* * Defend against mbuf chains shorter than oip->ip_len: */ @@ -225,8 +225,6 @@ icmp_do_error(struct mbuf *n, int type, int code, n_long dest, icp->icmp_nextmtu = htons(destifp->if_mtu); } - HTONS(oip->ip_off); - HTONS(oip->ip_len); icp->icmp_code = code; m_copydata(n, 0, icmplen, (caddr_t)&icp->icmp_ip); @@ -245,7 +243,7 @@ icmp_do_error(struct mbuf *n, int type, int code, n_long dest, /* ip_v set in ip_output */ nip->ip_hl = sizeof(struct ip) >> 2; nip->ip_tos = 0; - nip->ip_len = m->m_len; + nip->ip_len = htons(m->m_len); /* ip_id set in ip_output */ nip->ip_off = 0; /* ip_ttl set in icmp_reflect */ @@ -297,7 +295,7 @@ icmp_input(struct mbuf *m, ...) { struct icmp *icp; struct ip *ip = mtod(m, struct ip *); - int icmplen = ip->ip_len; + int icmplen; int i; struct in_ifaddr *ia; void *(*ctlfunc)(int, struct sockaddr *, void *); @@ -315,6 +313,7 @@ icmp_input(struct mbuf *m, ...) * Locate icmp structure in mbuf, and check * that not corrupted and of at least minimum length. */ + icmplen = ntohs(ip->ip_len) - hlen; #ifdef ICMPPRINTFS if (icmpprintfs) { char buf[4 * sizeof("123")]; @@ -424,7 +423,6 @@ icmp_input(struct mbuf *m, ...) } if (IN_MULTICAST(icp->icmp_ip.ip_dst.s_addr)) goto badcode; - NTOHS(icp->icmp_ip.ip_len); #ifdef INET6 /* Get more contiguous data for a v6 in v4 ICMP message. */ if (icp->icmp_ip.ip_p == IPPROTO_IPV6) { @@ -524,7 +522,6 @@ reflect: if (m->m_flags & M_PKTHDR) m_tag_delete_chain(m, NULL); - ip->ip_len += hlen; /* since ip_input deducts this */ icmpstat.icps_reflect++; icmpstat.icps_outhist[icp->icmp_type]++; icmp_reflect(m); @@ -736,7 +733,7 @@ icmp_reflect(struct mbuf *m) * Now strip out original options by copying rest of first * mbuf's data back, and adjust the IP length. */ - ip->ip_len -= optlen; + ip->ip_len = htons(ntohs(ip->ip_len) - optlen); ip->ip_hl = sizeof(struct ip) >> 2; m->m_len -= optlen; if (m->m_flags & M_PKTHDR) @@ -768,7 +765,7 @@ icmp_send(struct mbuf *m, struct mbuf *opts) m->m_len -= hlen; icp = mtod(m, struct icmp *); icp->icmp_cksum = 0; - icp->icmp_cksum = in_cksum(m, ip->ip_len - hlen); + icp->icmp_cksum = in_cksum(m, ntohs(ip->ip_len) - hlen); m->m_data -= hlen; m->m_len += hlen; #ifdef ICMPPRINTFS @@ -903,7 +900,7 @@ icmp_mtudisc(struct icmp *icp) if (mtu == 0) { int i = 0; - mtu = icp->icmp_ip.ip_len; /* NTOHS happened in deliver: */ + mtu = ntohs(icp->icmp_ip.ip_len); /* Some 4.2BSD-based routers incorrectly adjust the ip_len */ if (mtu > rt->rt_rmx.rmx_mtu && rt->rt_rmx.rmx_mtu != 0) mtu -= (icp->icmp_ip.ip_hl << 2); diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index c89ea26b1de..804fa3204f3 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.112 2003/06/02 23:28:14 millert Exp $ */ +/* $OpenBSD: ip_input.c,v 1.113 2003/07/09 22:03:16 itojun Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -296,7 +296,7 @@ ipv4_input(m) register struct ipq *fp; struct in_ifaddr *ia; struct ipqent *ipqe; - int hlen, mff; + int hlen, mff, len; in_addr_t pfrdr = 0; #ifdef IPSEC int error, s; @@ -360,15 +360,16 @@ ipv4_input(m) ipstat.ips_inhwcsum++; } + /* Retrieve the packet lenght. */ + len = ntohs(ip->ip_len); + /* * Convert fields to host representation. */ - NTOHS(ip->ip_len); - if (ip->ip_len < hlen) { + if (len < hlen) { ipstat.ips_badlen++; goto bad; } - NTOHS(ip->ip_off); /* * Check that the amount of data in the buffers @@ -376,16 +377,16 @@ ipv4_input(m) * Trim mbufs if longer than we expect. * Drop packet if shorter than we expect. */ - if (m->m_pkthdr.len < ip->ip_len) { + if (m->m_pkthdr.len < len) { ipstat.ips_tooshort++; goto bad; } - if (m->m_pkthdr.len > ip->ip_len) { + if (m->m_pkthdr.len > len) { if (m->m_len == m->m_pkthdr.len) { - m->m_len = ip->ip_len; - m->m_pkthdr.len = ip->ip_len; + m->m_len = len; + m->m_pkthdr.len = len; } else - m_adj(m, ip->ip_len - m->m_pkthdr.len); + m_adj(m, len - m->m_pkthdr.len); } #if NPF > 0 @@ -527,7 +528,7 @@ ours: * if the packet was previously fragmented, * but it's not worth the time; just let them time out.) */ - if (ip->ip_off &~ (IP_DF | IP_RF)) { + if (ip->ip_off &~ htons(IP_DF | IP_RF)) { if (m->m_flags & M_EXT) { /* XXX */ if ((m = m_pullup(m, hlen)) == NULL) { ipstat.ips_toosmall++; @@ -555,20 +556,21 @@ found: * set ipqe_mff if more fragments are expected, * convert offset of this to bytes. */ - ip->ip_len -= hlen; - mff = (ip->ip_off & IP_MF) != 0; + ip->ip_len = htons(ntohs(ip->ip_len) - hlen); + mff = (ip->ip_off & htons(IP_MF)) != 0; if (mff) { /* * Make sure that fragments have a data length * that's a non-zero multiple of 8 bytes. */ - if (ip->ip_len == 0 || (ip->ip_len & 0x7) != 0) { + if (ntohs(ip->ip_len) == 0 || + (ntohs(ip->ip_len) & 0x7) != 0) { ipstat.ips_badfrags++; ipq_unlock(); goto bad; } } - ip->ip_off <<= 3; + ip->ip_off = htons(ntohs(ip->ip_off) << 3); /* * If datagram marked as having more fragments @@ -606,8 +608,7 @@ found: if (fp) ip_freef(fp); ipq_unlock(); - } else - ip->ip_len -= hlen; + } #ifdef IPSEC /* @@ -785,7 +786,7 @@ ip_reass(ipqe, fp) */ for (p = NULL, q = fp->ipq_fragq.lh_first; q != NULL; p = q, q = q->ipqe_q.le_next) - if (q->ipqe_ip->ip_off > ipqe->ipqe_ip->ip_off) + if (ntohs(q->ipqe_ip->ip_off) > ntohs(ipqe->ipqe_ip->ip_off)) break; /* @@ -794,14 +795,16 @@ ip_reass(ipqe, fp) * segment. If it provides all of our data, drop us. */ if (p != NULL) { - i = p->ipqe_ip->ip_off + p->ipqe_ip->ip_len - - ipqe->ipqe_ip->ip_off; + i = ntohs(p->ipqe_ip->ip_off) + ntohs(p->ipqe_ip->ip_len) - + ntohs(ipqe->ipqe_ip->ip_off); if (i > 0) { - if (i >= ipqe->ipqe_ip->ip_len) + if (i >= ntohs(ipqe->ipqe_ip->ip_len)) goto dropfrag; m_adj(ipqe->ipqe_m, i); - ipqe->ipqe_ip->ip_off += i; - ipqe->ipqe_ip->ip_len -= i; + ipqe->ipqe_ip->ip_off = + htons(ntohs(ipqe->ipqe_ip->ip_off) + i); + ipqe->ipqe_ip->ip_len = + htons(ntohs(ipqe->ipqe_ip->ip_len) - i); } } @@ -809,13 +812,16 @@ ip_reass(ipqe, fp) * While we overlap succeeding segments trim them or, * if they are completely covered, dequeue them. */ - for (; q != NULL && ipqe->ipqe_ip->ip_off + ipqe->ipqe_ip->ip_len > - q->ipqe_ip->ip_off; q = nq) { - i = (ipqe->ipqe_ip->ip_off + ipqe->ipqe_ip->ip_len) - - q->ipqe_ip->ip_off; - if (i < q->ipqe_ip->ip_len) { - q->ipqe_ip->ip_len -= i; - q->ipqe_ip->ip_off += i; + for (; q != NULL && + ntohs(ipqe->ipqe_ip->ip_off) + ntohs(ipqe->ipqe_ip->ip_len) > + ntohs(q->ipqe_ip->ip_off); q = nq) { + i = (ntohs(ipqe->ipqe_ip->ip_off) + + ntohs(ipqe->ipqe_ip->ip_len)) - ntohs(q->ipqe_ip->ip_off); + if (i < ntohs(q->ipqe_ip->ip_len)) { + q->ipqe_ip->ip_len = + htons(ntohs(q->ipqe_ip->ip_len) - i); + q->ipqe_ip->ip_off = + htons(ntohs(q->ipqe_ip->ip_off) + i); m_adj(q->ipqe_m, i); break; } @@ -839,9 +845,9 @@ insert: next = 0; for (p = NULL, q = fp->ipq_fragq.lh_first; q != NULL; p = q, q = q->ipqe_q.le_next) { - if (q->ipqe_ip->ip_off != next) + if (ntohs(q->ipqe_ip->ip_off) != next) return (0); - next += q->ipqe_ip->ip_len; + next += ntohs(q->ipqe_ip->ip_len); } if (p->ipqe_mff) return (0); @@ -878,7 +884,7 @@ insert: * dequeue and discard fragment reassembly header. * Make header visible. */ - ip->ip_len = next; + ip->ip_len = htons(next); ip->ip_src = fp->ipq_src; ip->ip_dst = fp->ipq_dst; LIST_REMOVE(fp, ipq_q); @@ -1192,7 +1198,6 @@ ip_dooptions(m) } return (0); bad: - ip->ip_len -= ip->ip_hl << 2; /* XXX icmp_error adds in hdr length */ icmp_error(m, type, code, 0, 0); ipstat.ips_badoptions++; return (1); @@ -1470,7 +1475,7 @@ ip_forward(m, srcrt) * we need to generate an ICMP message to the src. * Pullup to avoid sharing mbuf cluster between m and mcopy. */ - mcopy = m_copym(m, 0, imin((int)ip->ip_len, 68), M_DONTWAIT); + mcopy = m_copym(m, 0, imin(ntohs(ip->ip_len), 68), M_DONTWAIT); if (mcopy) mcopy = m_pullup(mcopy, ip->ip_hl << 2); diff --git a/sys/netinet/ip_mroute.c b/sys/netinet/ip_mroute.c index cb31616768e..b13676f3c76 100644 --- a/sys/netinet/ip_mroute.c +++ b/sys/netinet/ip_mroute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_mroute.c,v 1.32 2003/07/09 03:23:26 itojun Exp $ */ +/* $OpenBSD: ip_mroute.c,v 1.33 2003/07/09 22:03:16 itojun Exp $ */ /* $NetBSD: ip_mroute.c,v 1.27 1996/05/07 02:40:50 thorpej Exp $ */ /* @@ -1292,7 +1292,7 @@ ip_mdq(m, ifp, rt) register struct ip *ip = mtod(m, struct ip *); register vifi_t vifi; register struct vif *vifp; - register int plen = ip->ip_len; + register int plen = ntohs(ip->ip_len) - (ip->ip_hl << 2); /* * Macro to send packet on vif. Since RSVP packets don't get counted on @@ -1436,7 +1436,8 @@ phyint_send(ip, vifp, m) if (vifp->v_rate_limit <= 0) tbf_send_packet(vifp, mb_copy); else - tbf_control(vifp, mb_copy, mtod(mb_copy, struct ip *), ip->ip_len); + tbf_control(vifp, mb_copy, mtod(mb_copy, struct ip *), + ntohs(ip->ip_len)); } static void @@ -1447,7 +1448,7 @@ encap_send(ip, vifp, m) { register struct mbuf *mb_copy; register struct ip *ip_copy; - register int i, len = ip->ip_len + sizeof(multicast_encap_iphdr); + register int i, len = ntohs(ip->ip_len) + sizeof(multicast_encap_iphdr); /* * copy the old packet & pullup it's IP header into the @@ -1478,7 +1479,7 @@ encap_send(ip, vifp, m) ip_copy = mtod(mb_copy, struct ip *); *ip_copy = multicast_encap_iphdr; ip_copy->ip_id = htons(ip_randomid()); - ip_copy->ip_len = len; + ip_copy->ip_len = htons(len); ip_copy->ip_src = vifp->v_lcl_addr; ip_copy->ip_dst = vifp->v_rmt_addr; @@ -1487,8 +1488,6 @@ encap_send(ip, vifp, m) */ ip = (struct ip *)((caddr_t)ip_copy + sizeof(multicast_encap_iphdr)); --ip->ip_ttl; - HTONS(ip->ip_len); - HTONS(ip->ip_off); ip->ip_sum = 0; #if defined(LBL) && !defined(ultrix) && !defined(i386) ip->ip_sum = ~oc_cksum((caddr_t)ip, ip->ip_hl << 2, 0); @@ -1501,7 +1500,7 @@ encap_send(ip, vifp, m) if (vifp->v_rate_limit <= 0) tbf_send_packet(vifp, mb_copy); else - tbf_control(vifp, mb_copy, ip, ip_copy->ip_len); + tbf_control(vifp, mb_copy, ip, ntohs(ip_copy->ip_len)); } /* @@ -1641,7 +1640,7 @@ tbf_queue(vifp, m, ip) ql = vifp->v_tbf.q_len; qtable[index][ql].pkt_m = m; - qtable[index][ql].pkt_len = (mtod(m, struct ip *))->ip_len; + qtable[index][ql].pkt_len = ntohs((mtod(m, struct ip *))->ip_len); qtable[index][ql].pkt_ip = ip; vifp->v_tbf.q_len++; @@ -1698,7 +1697,7 @@ tbf_dequeue(vifp, j) qtable[index][i-1] = qtable[index][i]; } qtable[index][i-1].pkt_m = NULL; - qtable[index][i-1].pkt_len = NULL; + qtable[index][i-1].pkt_len = 0; qtable[index][i-1].pkt_ip = NULL; vifp->v_tbf.q_len--; diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index a2214de3d09..0f8578b0e10 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.153 2003/06/02 23:28:14 millert Exp $ */ +/* $OpenBSD: ip_output.c,v 1.154 2003/07/09 22:03:16 itojun Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -146,7 +146,7 @@ ip_output(struct mbuf *m0, ...) */ if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) { ip->ip_v = IPVERSION; - ip->ip_off &= IP_DF; + ip->ip_off &= htons(IP_DF); ip->ip_id = htons(ip_randomid()); ip->ip_hl = hlen >> 2; ipstat.ips_localout++; @@ -531,7 +531,7 @@ ip_output(struct mbuf *m0, ...) } /* Don't allow broadcast messages to be fragmented */ - if ((u_int16_t)ip->ip_len > ifp->if_mtu) { + if (ntohs(ip->ip_len) > ifp->if_mtu) { error = EMSGSIZE; goto bad; } @@ -546,7 +546,7 @@ sendit: */ if ((flags & IP_MTUDISC) && ro && ro->ro_rt && (ro->ro_rt->rt_rmx.rmx_locks & RTV_MTU) == 0) - ip->ip_off |= IP_DF; + ip->ip_off |= htons(IP_DF); #ifdef IPSEC /* @@ -584,8 +584,8 @@ sendit: } /* Check if we are allowed to fragment */ - if (ip_mtudisc && (ip->ip_off & IP_DF) && tdb->tdb_mtu && - (u_int16_t)ip->ip_len > tdb->tdb_mtu && + if (ip_mtudisc && (ip->ip_off & htons(IP_DF)) && tdb->tdb_mtu && + ntohs(ip->ip_len) > tdb->tdb_mtu && tdb->tdb_mtutimeout > time.tv_sec) { struct rtentry *rt = NULL; @@ -613,10 +613,6 @@ sendit: goto bad; } - /* Massage the IP header for use by the IPsec code */ - ip->ip_len = htons((u_short) ip->ip_len); - ip->ip_off = htons((u_short) ip->ip_off); - /* * Clear these -- they'll be set in the recursive invocation * as needed. @@ -677,9 +673,7 @@ sendit: /* * If small enough for interface, can just send directly. */ - if ((u_int16_t)ip->ip_len <= mtu) { - ip->ip_len = htons((u_int16_t)ip->ip_len); - ip->ip_off = htons((u_int16_t)ip->ip_off); + if (ntohs(ip->ip_len) <= mtu) { if ((ifp->if_capabilities & IFCAP_CSUM_IPv4) && ifp->if_bridge == NULL) { m->m_pkthdr.csum |= M_IPV4_CSUM_OUT; @@ -701,7 +695,7 @@ sendit: * Too large for interface; fragment if possible. * Must be able to put at least 8 bytes per fragment. */ - if (ip->ip_off & IP_DF) { + if (ip->ip_off & htons(IP_DF)) { #ifdef IPSEC icmp_mtu = ifp->if_mtu; #endif @@ -786,7 +780,7 @@ ip_fragment(struct mbuf *m, struct ifnet *ifp, u_long mtu) */ m0 = m; mhlen = sizeof (struct ip); - for (off = hlen + len; off < (u_int16_t)ip->ip_len; off += len) { + for (off = hlen + len; off < ntohs(ip->ip_len); off += len) { MGETHDR(m, M_DONTWAIT, MT_HEADER); if (m == 0) { ipstat.ips_odropped++; @@ -807,8 +801,8 @@ ip_fragment(struct mbuf *m, struct ifnet *ifp, u_long mtu) mhip->ip_off = ((off - hlen) >> 3) + (ip->ip_off & ~IP_MF); if (ip->ip_off & IP_MF) mhip->ip_off |= IP_MF; - if (off + len >= (u_int16_t)ip->ip_len) - len = (u_int16_t)ip->ip_len - off; + if (off + len >= ntohs(ip->ip_len)) + len = ntohs(ip->ip_len) - off; else mhip->ip_off |= IP_MF; mhip->ip_len = htons((u_int16_t)(len + mhlen)); @@ -835,10 +829,10 @@ ip_fragment(struct mbuf *m, struct ifnet *ifp, u_long mtu) * and updating header, then send each fragment (in order). */ m = m0; - m_adj(m, hlen + firstlen - (u_int16_t)ip->ip_len); + m_adj(m, hlen + firstlen - ntohs(ip->ip_len)); m->m_pkthdr.len = hlen + firstlen; ip->ip_len = htons((u_int16_t)m->m_pkthdr.len); - ip->ip_off = htons((u_int16_t)(ip->ip_off | IP_MF)); + ip->ip_off |= htons(IP_MF); if ((ifp->if_capabilities & IFCAP_CSUM_IPv4) && ifp->if_bridge == NULL) { m->m_pkthdr.csum |= M_IPV4_CSUM_OUT; @@ -868,7 +862,7 @@ ip_insertoptions(m, opt, phlen) unsigned optlen; optlen = opt->m_len - sizeof(p->ipopt_dst); - if (optlen + (u_int16_t)ip->ip_len > IP_MAXPACKET) + if (optlen + ntohs(ip->ip_len) > IP_MAXPACKET) return (m); /* XXX should fail */ if (p->ipopt_dst.s_addr) ip->ip_dst = p->ipopt_dst; @@ -894,7 +888,7 @@ ip_insertoptions(m, opt, phlen) ip = mtod(m, struct ip *); bcopy((caddr_t)p->ipopt_list, (caddr_t)(ip + 1), (unsigned)optlen); *phlen = sizeof(struct ip) + optlen; - ip->ip_len += optlen; + ip->ip_len = htons(ntohs(ip->ip_len) + optlen); return (m); } @@ -1884,8 +1878,6 @@ ip_mloopback(ifp, m, dst) * than the interface's MTU. Can this possibly matter? */ ip = mtod(copym, struct ip *); - ip->ip_len = htons((u_int16_t)ip->ip_len); - ip->ip_off = htons((u_int16_t)ip->ip_off); ip->ip_sum = 0; ip->ip_sum = in_cksum(copym, ip->ip_hl << 2); (void) looutput(ifp, copym, sintosa(dst), NULL); diff --git a/sys/netinet/ipsec_input.c b/sys/netinet/ipsec_input.c index 4a8e58fc620..719a88c3260 100644 --- a/sys/netinet/ipsec_input.c +++ b/sys/netinet/ipsec_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_input.c,v 1.66 2003/07/08 11:01:20 markus Exp $ */ +/* $OpenBSD: ipsec_input.c,v 1.67 2003/07/09 22:03:16 itojun Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -306,8 +306,6 @@ ipsec_common_input_cb(struct mbuf *m, struct tdb *tdbp, int skip, int protoff, } ip = mtod(m, struct ip *); - ip->ip_len = htons(m->m_pkthdr.len); - HTONS(ip->ip_off); ip->ip_sum = 0; ip->ip_sum = in_cksum(m, ip->ip_hl << 2); prot = ip->ip_p; diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index 903fb87cd4b..95ea1b9a330 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.26 2003/02/19 19:15:13 jason Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.27 2003/07/09 22:03:16 itojun Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -180,7 +180,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) * This is not a bridge packet, remember if we * had IP_DF. */ - setdf = ntohs(ip->ip_off) & IP_DF; + setdf = ip->ip_off & htons(IP_DF); #endif /* INET */ #ifdef INET6 @@ -262,9 +262,7 @@ ipsp_process_packet(struct mbuf *m, struct tdb *tdb, int af, int tunalready) return ENOBUFS; ip = mtod(m, struct ip *); - NTOHS(ip->ip_off); - ip->ip_off |= IP_DF; - HTONS(ip->ip_off); + ip->ip_off |= htons(IP_DF); } /* Remember that we appended a tunnel header. */ @@ -410,9 +408,6 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) switch (tdb->tdb_dst.sa.sa_family) { #ifdef INET case AF_INET: - NTOHS(ip->ip_len); - NTOHS(ip->ip_off); - return ip_output(m, (void *)NULL, (void *)NULL, IP_RAWOUTPUT, (void *)NULL, (void *)NULL); #endif /* INET */ diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 8e41184c1bb..ed8d9213a20 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip.c,v 1.29 2003/06/02 23:28:14 millert Exp $ */ +/* $OpenBSD: raw_ip.c,v 1.30 2003/07/09 22:03:16 itojun Exp $ */ /* $NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $ */ /* @@ -205,9 +205,9 @@ rip_output(struct mbuf *m, ...) return (ENOBUFS); ip = mtod(m, struct ip *); ip->ip_tos = 0; - ip->ip_off = 0; + ip->ip_off = htons(0); ip->ip_p = inp->inp_ip.ip_p; - ip->ip_len = m->m_pkthdr.len; + ip->ip_len = htons(m->m_pkthdr.len); ip->ip_src = inp->inp_laddr; ip->ip_dst.s_addr = dst; ip->ip_ttl = MAXTTL; @@ -216,20 +216,18 @@ rip_output(struct mbuf *m, ...) m_freem(m); return (EMSGSIZE); } - if (m->m_pkthdr.len < sizeof (struct ip)) { + if (m->m_pkthdr.len < sizeof(struct ip)) { m_freem(m); return (EINVAL); } ip = mtod(m, struct ip *); - NTOHS(ip->ip_len); - NTOHS(ip->ip_off); /* * don't allow both user specified and setsockopt options, * and don't allow packet length sizes that will crash */ if ((ip->ip_hl != (sizeof (*ip) >> 2) && inp->inp_options) || - ip->ip_len > m->m_pkthdr.len || - ip->ip_len < ip->ip_hl << 2) { + ntohs(ip->ip_len) > m->m_pkthdr.len || + ntohs(ip->ip_len) < ip->ip_hl << 2) { m_freem(m); return (EINVAL); } diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 02866771153..5b8b3270f41 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.131 2003/06/09 07:40:25 itojun Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.132 2003/07/09 22:03:16 itojun Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -519,11 +519,7 @@ tcp_input(struct mbuf *m, ...) struct tcpiphdr *ti; ip = mtod(m, struct ip *); -#if 1 tlen = m->m_pkthdr.len - iphlen; -#else - tlen = ((struct ip *)ti)->ip_len; -#endif ti = mtod(m, struct tcpiphdr *); #ifdef TCP_ECN diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index 80c927bc06a..33b0ac36f41 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_output.c,v 1.57 2003/06/09 07:40:25 itojun Exp $ */ +/* $OpenBSD: tcp_output.c,v 1.58 2003/07/09 22:03:16 itojun Exp $ */ /* $NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $ */ /* @@ -1104,7 +1104,7 @@ send: struct ip *ip; ip = mtod(m, struct ip *); - ip->ip_len = m->m_pkthdr.len; + ip->ip_len = htons(m->m_pkthdr.len); ip->ip_ttl = tp->t_inpcb->inp_ip.ip_ttl; ip->ip_tos = tp->t_inpcb->inp_ip.ip_tos; #ifdef TCP_ECN diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index ea29d919bf5..2706c5edb18 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_subr.c,v 1.67 2003/06/02 23:28:14 millert Exp $ */ +/* $OpenBSD: tcp_subr.c,v 1.68 2003/07/09 22:03:16 itojun Exp $ */ /* $NetBSD: tcp_subr.c,v 1.22 1996/02/13 23:44:00 christos Exp $ */ /* @@ -451,7 +451,7 @@ tcp_respond(tp, template, m, ack, seq, flags) */ th->th_sum = 0; th->th_sum = in_cksum(m, tlen); - ((struct ip *)ti)->ip_len = tlen; + ((struct ip *)ti)->ip_len = htons(tlen); ((struct ip *)ti)->ip_ttl = ip_defttl; ip_output(m, (void *)NULL, ro, ip_mtudisc ? IP_MTUDISC : 0, (void *)NULL, tp ? tp->t_inpcb : (void *)NULL); diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 5f726dff5fb..9e5842d6087 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.90 2003/06/02 23:28:15 millert Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.91 2003/07/09 22:03:16 itojun Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -949,7 +949,7 @@ udp_output(struct mbuf *m, ...) sizeof (struct udphdr) + IPPROTO_UDP)); } else ui->ui_sum = 0; - ((struct ip *)ui)->ip_len = sizeof (struct udpiphdr) + len; + ((struct ip *)ui)->ip_len = htons(sizeof (struct udpiphdr) + len); ((struct ip *)ui)->ip_ttl = inp->inp_ip.ip_ttl; ((struct ip *)ui)->ip_tos = inp->inp_ip.ip_tos; |