diff options
| author |   cedric <cedric@openbsd.org> | 2004-06-22 07:35:19 +0000 |
|---|---|---|
| committer | cedric <cedric@openbsd.org> | 2004-06-22 07:35:19 +0000 |
| commit | 71ad97c9b7131cf056bf696eec32a988f22f6473 (patch) | |
| tree | f8d4028a6ea83f25483699381fe917c0bf0fcfcc | |
| parent | introduce kroute6, which will be used to build a seperate v6 table (diff) | |
| download | wireguard-openbsd-71ad97c9b7131cf056bf696eec32a988f22f6473.tar.xz wireguard-openbsd-71ad97c9b7131cf056bf696eec32a988f22f6473.zip | |
Pull the plug on source-based routing until remaining bugs are eradicated.
No need to reconfig kernel or rebuild userland stuff.
requested deraadt@, help beck@
| -rw-r--r-- | sys/net/pf.c | 28 | ||||
| -rw-r--r-- | sys/net/route.c | 24 | ||||
| -rw-r--r-- | sys/net/rtsock.c | 7 | ||||
| -rw-r--r-- | sys/netinet/in_pcb.c | 5 | ||||
| -rw-r--r-- | sys/netinet/ip_icmp.c | 6 | ||||
| -rw-r--r-- | sys/netinet/ip_input.c | 39 | ||||
| -rw-r--r-- | sys/netinet/ip_output.c | 41 | ||||
| -rw-r--r-- | sys/netinet/ip_var.h | 4 |
8 files changed, 50 insertions, 104 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 278c6cdfecc..ab5179596d2 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.453 2004/06/21 23:50:36 tholo Exp $ */ +/* $OpenBSD: pf.c,v 1.454 2004/06/22 07:35:19 cedric Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -199,8 +199,8 @@ u_int8_t pf_get_wscale(struct mbuf *, int, u_int16_t, sa_family_t); u_int16_t pf_get_mss(struct mbuf *, int, u_int16_t, sa_family_t); -u_int16_t pf_calc_mss(struct pf_addr *, struct pf_addr *, - sa_family_t, u_int16_t); +u_int16_t pf_calc_mss(struct pf_addr *, sa_family_t, + u_int16_t); void pf_set_rt_ifp(struct pf_state *, struct pf_addr *); int pf_check_proto_cksum(struct mbuf *, int, int, @@ -2415,11 +2415,10 @@ pf_get_mss(struct mbuf *m, int off, u_int16_t th_off, sa_family_t af) } u_int16_t -pf_calc_mss(struct pf_addr *saddr, struct pf_addr *daddr, sa_family_t af, - u_int16_t offer) +pf_calc_mss(struct pf_addr *addr, sa_family_t af, u_int16_t offer) { #ifdef INET - struct sockaddr_rtin *dst; + struct sockaddr_in *dst; struct route ro; #endif /* INET */ #ifdef INET6 @@ -2435,11 +2434,10 @@ pf_calc_mss(struct pf_addr *saddr, struct pf_addr *daddr, sa_family_t af, case AF_INET: hlen = sizeof(struct ip); bzero(&ro, sizeof(ro)); - dst = satortin(&ro.ro_dst); - dst->rtin_family = AF_INET; - dst->rtin_len = sizeof(*dst); - dst->rtin_dst = daddr->v4; - dst->rtin_src = saddr->v4; + dst = (struct sockaddr_in *)&ro.ro_dst; + dst->sin_family = AF_INET; + dst->sin_len = sizeof(*dst); + dst->sin_addr = addr->v4; rtalloc_noclone(&ro, NO_CLONING); rt = ro.ro_rt; break; @@ -2451,7 +2449,7 @@ pf_calc_mss(struct pf_addr *saddr, struct pf_addr *daddr, sa_family_t af, dst6 = (struct sockaddr_in6 *)&ro6.ro_dst; dst6->sin6_family = AF_INET6; dst6->sin6_len = sizeof(*dst6); - dst6->sin6_addr = daddr->v6; + dst6->sin6_addr = addr->v6; rtalloc_noclone((struct route *)&ro6, NO_CLONING); rt = ro6.ro_rt; break; @@ -2840,8 +2838,8 @@ cleanup: s->src.seqhi = htonl(arc4random()); /* Find mss option */ mss = pf_get_mss(m, off, th->th_off, af); - mss = pf_calc_mss(saddr, daddr, af, mss); - mss = pf_calc_mss(daddr, saddr, af, mss); + mss = pf_calc_mss(saddr, af, mss); + mss = pf_calc_mss(daddr, af, mss); s->src.mss = mss; pf_send_tcp(r, af, daddr, saddr, th->th_dport, th->th_sport, s->src.seqhi, ntohl(th->th_seq) + 1, @@ -5001,9 +4999,7 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, dst->sin_addr = ip->ip_dst; if (r->rt == PF_FASTROUTE) { - satortin(&ro->ro_dst)->rtin_src = ip->ip_src; rtalloc(ro); - satortin(&ro->ro_dst)->rtin_src.s_addr = 0; if (ro->ro_rt == 0) { ipstat.ips_noroute++; goto bad; diff --git a/sys/net/route.c b/sys/net/route.c index cbd1ff8fcb5..b9ab6a12550 100644 --- a/sys/net/route.c +++ b/sys/net/route.c @@ -1,4 +1,4 @@ -/* $OpenBSD: route.c,v 1.43 2004/06/21 23:50:37 tholo Exp $ */ +/* $OpenBSD: route.c,v 1.44 2004/06/22 07:35:20 cedric Exp $ */ /* $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $ */ /* @@ -138,9 +138,6 @@ struct radix_node_head *rt_tables[AF_MAX+1]; int rttrash; /* routes not in table but not freed */ struct sockaddr wildcard; /* zero valued cookie for wildcard searches */ -const struct sockaddr_rtin rt_defmask4 = { /* default IPv4 route mask */ - offsetof(struct sockaddr_rtin, rtin_src), 0, 0, { -1 }}; - static int okaytoclone(u_int, int); static int rtdeletemsg(struct rtentry *); static int rtflushclone1(struct radix_node *, void *); @@ -671,14 +668,8 @@ rtrequest1(req, info, ret_nrt) if ((rnh = rt_tables[dst->sa_family]) == 0) senderr(EAFNOSUPPORT); - if (flags & RTF_HOST) { -#ifdef SMALL_KERNEL - netmask = (dst->sa_family == AF_INET) ? - (struct sockaddr *)&rt_defmask4 : NULL; -#else - sroute_verify_host(info); -#endif - } + if (flags & RTF_HOST) + netmask = 0; switch (req) { case RTM_DELETE: if ((rn = rnh->rnh_lookup(dst, netmask, rnh)) == NULL) @@ -735,15 +726,8 @@ rtrequest1(req, info, ret_nrt) flags = rt->rt_flags & ~(RTF_CLONING | RTF_STATIC); flags |= RTF_CLONED; gateway = rt->rt_gateway; -#ifdef SMALL_KERNEL - if ((netmask = rt->rt_genmask) == NULL) { + if ((netmask = rt->rt_genmask) == NULL) flags |= RTF_HOST; - if (dst->sa_family == AF_INET) - netmask = (struct sockaddr *)&rt_defmask4; - } -#else - sroute_clone_route(info, rt_mask(rt), rt->rt_genmask); -#endif goto makeroute; case RTM_ADD: diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index 3b55a425ed3..32cb3526449 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtsock.c,v 1.39 2004/06/06 16:49:09 cedric Exp $ */ +/* $OpenBSD: rtsock.c,v 1.40 2004/06/22 07:35:20 cedric Exp $ */ /* $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $ */ /* @@ -221,7 +221,6 @@ route_output(struct mbuf *m, ...) senderr(EINVAL); if (gate != 0 && (gate->sa_family >= AF_MAX)) senderr(EINVAL); - sroute_compact(&info, rtm->rtm_type); if (genmask) { struct radix_node *t; t = rn_addmask((caddr_t)genmask, 0, 1); @@ -325,7 +324,6 @@ route_output(struct mbuf *m, ...) ifaaddr = 0; } } - sroute_expand(&info); len = rt_msg2(rtm->rtm_type, &info, (caddr_t)0, (struct walkarg *)0); if (len > rtm->rtm_msglen) { @@ -639,7 +637,6 @@ rt_missmsg(type, rtinfo, flags, error) if (route_cb.any_count == 0) return; - sroute_expand(rtinfo); m = rt_msg1(type, rtinfo); if (m == 0) return; @@ -728,7 +725,6 @@ rt_newaddrmsg(cmd, ifa, error, rt) netmask = rt_mask(rt); dst = sa = rt_key(rt); gate = rt->rt_gateway; - sroute_expand(&info); if ((m = rt_msg1(cmd, &info)) == NULL) continue; rtm = mtod(m, struct rt_msghdr *); @@ -795,7 +791,6 @@ sysctl_dumpentry(rn, v) if (rt->rt_ifp->if_flags & IFF_POINTOPOINT) brdaddr = rt->rt_ifa->ifa_dstaddr; } - sroute_expand(&info); size = rt_msg2(RTM_GET, &info, 0, w); if (w->w_where && w->w_tmem && w->w_needed <= 0) { struct rt_msghdr *rtm = (struct rt_msghdr *)w->w_tmem; diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index dd9ac63edf4..06053e2f3cd 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.76 2004/06/06 16:49:09 cedric Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.77 2004/06/22 07:35:20 cedric Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -841,8 +841,7 @@ in_pcbrtentry(inp) break; ro->ro_dst.sa_family = AF_INET; ro->ro_dst.sa_len = sizeof(ro->ro_dst); - satortin(&ro->ro_dst)->rtin_dst = inp->inp_faddr; - satortin(&ro->ro_dst)->rtin_src = inp->inp_laddr; + satosin(&ro->ro_dst)->sin_addr = inp->inp_faddr; rtalloc(ro); break; } diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 15cf7cd391c..0b9889fa983 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_icmp.c,v 1.64 2004/06/06 16:49:09 cedric Exp $ */ +/* $OpenBSD: ip_icmp.c,v 1.65 2004/06/22 07:35:20 cedric Exp $ */ /* $NetBSD: ip_icmp.c,v 1.19 1996/02/13 23:42:22 christos Exp $ */ /* @@ -564,7 +564,7 @@ reflect: icmpsrc.sin_addr = icp->icmp_ip.ip_dst; rt = NULL; rtredirect(sintosa(&icmpsrc), sintosa(&icmpdst), - (struct sockaddr *)&rt_defmask4, RTF_GATEWAY | RTF_HOST, + (struct sockaddr *)0, RTF_GATEWAY | RTF_HOST, sintosa(&icmpgw), (struct rtentry **)&rt); if (rt != NULL && icmp_redirtimeout != 0) { (void)rt_timer_add(rt, icmp_redirect_timeout, @@ -850,7 +850,7 @@ icmp_mtudisc_clone(struct sockaddr *dst) error = rtrequest((int) RTM_ADD, dst, (struct sockaddr *) rt->rt_gateway, - sroute_clone_mask4(rt_mask(rt), NULL), + (struct sockaddr *) 0, RTF_GATEWAY | RTF_HOST | RTF_DYNAMIC, &nrt); if (error) { rtfree(rt); diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 4aba7e9e44c..bf47734098d 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.120 2004/06/21 19:26:01 mcbride Exp $ */ +/* $OpenBSD: ip_input.c,v 1.121 2004/06/22 07:35:20 cedric Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -1093,7 +1093,7 @@ ip_dooptions(m) if ((ia = (INA)ifa_ifwithdstaddr((SA)&ipaddr)) == 0) ia = (INA)ifa_ifwithnet((SA)&ipaddr); } else - ia = ip_rtaddr(ipaddr.sin_addr, ip->ip_src); + ia = ip_rtaddr(ipaddr.sin_addr); if (ia == 0) { type = ICMP_UNREACH; code = ICMP_UNREACH_SRCFAIL; @@ -1132,8 +1132,7 @@ ip_dooptions(m) * use the incoming interface (should be same). */ if ((ia = (INA)ifa_ifwithaddr((SA)&ipaddr)) == 0 && - (ia = ip_rtaddr(ipaddr.sin_addr, ip->ip_src)) == 0) - { + (ia = ip_rtaddr(ipaddr.sin_addr)) == 0) { type = ICMP_UNREACH; code = ICMP_UNREACH_HOST; goto bad; @@ -1212,22 +1211,21 @@ bad: * return internet address info of interface to be used to get there. */ struct in_ifaddr * -ip_rtaddr(struct in_addr dst, struct in_addr src) +ip_rtaddr(dst) + struct in_addr dst; { - struct sockaddr_rtin *rtin; + struct sockaddr_in *sin; - rtin = satortin(&ipforward_rt.ro_dst); + sin = satosin(&ipforward_rt.ro_dst); - if (ipforward_rt.ro_rt == 0 || dst.s_addr != rtin->rtin_dst.s_addr || - src.s_addr != rtin->rtin_src.s_addr) { + if (ipforward_rt.ro_rt == 0 || dst.s_addr != sin->sin_addr.s_addr) { if (ipforward_rt.ro_rt) { RTFREE(ipforward_rt.ro_rt); ipforward_rt.ro_rt = 0; } - rtin->rtin_family = AF_INET; - rtin->rtin_len = sizeof(*rtin); - rtin->rtin_dst = dst; - rtin->rtin_src = src; + sin->sin_family = AF_INET; + sin->sin_len = sizeof(*sin); + sin->sin_addr = dst; rtalloc(&ipforward_rt); } @@ -1275,7 +1273,6 @@ ip_weadvertise(addr) sin.sin_len = sizeof(sin); sin.sin_family = AF_INET; sin.sin_addr.s_addr = addr; - sin.sin_srcaddr.s_addr = 0; sin.sin_other = SIN_PROXY; rt = rtalloc1(sintosa(&sin), 0); if (rt == 0) @@ -1430,7 +1427,7 @@ ip_forward(m, srcrt) int srcrt; { struct ip *ip = mtod(m, struct ip *); - struct sockaddr_rtin *rtin; + struct sockaddr_in *sin; struct rtentry *rt; int error, type = 0, code = 0; struct mbuf *mcopy; @@ -1457,18 +1454,16 @@ ip_forward(m, srcrt) } ip->ip_ttl -= IPTTLDEC; - rtin = satortin(&ipforward_rt.ro_dst); + sin = satosin(&ipforward_rt.ro_dst); if ((rt = ipforward_rt.ro_rt) == 0 || - ip->ip_dst.s_addr != rtin->rtin_dst.s_addr || - ip->ip_src.s_addr != rtin->rtin_src.s_addr) { + ip->ip_dst.s_addr != sin->sin_addr.s_addr) { if (ipforward_rt.ro_rt) { RTFREE(ipforward_rt.ro_rt); ipforward_rt.ro_rt = 0; } - rtin->rtin_family = AF_INET; - rtin->rtin_len = sizeof(*rtin); - rtin->rtin_dst = ip->ip_dst; - rtin->rtin_src = ip->ip_src; + sin->sin_family = AF_INET; + sin->sin_len = sizeof(*sin); + sin->sin_addr = ip->ip_dst; rtalloc(&ipforward_rt); if (ipforward_rt.ro_rt == 0) { diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 69badd9337a..d70a966a448 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.166 2004/06/21 23:50:37 tholo Exp $ */ +/* $OpenBSD: ip_output.c,v 1.167 2004/06/22 07:35:20 cedric Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -98,7 +98,6 @@ ip_output(struct mbuf *m0, ...) int len, error = 0; struct route iproute; struct sockaddr_in *dst; - struct sockaddr_rtin *rtin; struct in_ifaddr *ia; struct mbuf *opt; struct route *ro; @@ -175,7 +174,6 @@ ip_output(struct mbuf *m0, ...) bzero((caddr_t)ro, sizeof (*ro)); } - rtin = satortin(&ro->ro_dst); dst = satosin(&ro->ro_dst); /* @@ -183,17 +181,15 @@ ip_output(struct mbuf *m0, ...) * destination and is still up. If not, free it and try again. */ if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 || - rtin->rtin_dst.s_addr != ip->ip_dst.s_addr || - rtin->rtin_src.s_addr != ip->ip_src.s_addr)) { + dst->sin_addr.s_addr != ip->ip_dst.s_addr)) { RTFREE(ro->ro_rt); ro->ro_rt = (struct rtentry *)0; } if (ro->ro_rt == 0) { - rtin->rtin_family = AF_INET; - rtin->rtin_len = sizeof(*rtin); - rtin->rtin_dst = ip->ip_dst; - rtin->rtin_src = ip->ip_src; + dst->sin_family = AF_INET; + dst->sin_len = sizeof(*dst); + dst->sin_addr = ip->ip_dst; } /* @@ -234,14 +230,6 @@ ip_output(struct mbuf *m0, ...) if (ro->ro_rt->rt_flags & RTF_GATEWAY) dst = satosin(ro->ro_rt->rt_gateway); - else if (rtin->rtin_src.s_addr) { - if (ro != &iproute) { - iproute.ro_dst = ro->ro_dst; - rtin = satortin(&iproute.ro_dst); - dst = satosin(&iproute.ro_dst); - } - rtin->rtin_src.s_addr = 0; - } } /* Set the source IP address */ @@ -353,7 +341,6 @@ ip_output(struct mbuf *m0, ...) bzero((caddr_t)ro, sizeof (*ro)); } - rtin = satortin(&ro->ro_dst); dst = satosin(&ro->ro_dst); /* @@ -361,17 +348,15 @@ ip_output(struct mbuf *m0, ...) * destination and is still up. If not, free it and try again. */ if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 || - rtin->rtin_dst.s_addr != ip->ip_dst.s_addr || - rtin->rtin_src.s_addr != ip->ip_src.s_addr)) { + dst->sin_addr.s_addr != ip->ip_dst.s_addr)) { RTFREE(ro->ro_rt); ro->ro_rt = (struct rtentry *)0; } if (ro->ro_rt == 0) { - rtin->rtin_family = AF_INET; - rtin->rtin_len = sizeof(*rtin); - rtin->rtin_dst = ip->ip_dst; - rtin->rtin_src = ip->ip_src; + dst->sin_family = AF_INET; + dst->sin_len = sizeof(*dst); + dst->sin_addr = ip->ip_dst; } /* @@ -412,14 +397,6 @@ ip_output(struct mbuf *m0, ...) if (ro->ro_rt->rt_flags & RTF_GATEWAY) dst = satosin(ro->ro_rt->rt_gateway); - else if (rtin->rtin_src.s_addr) { - if (ro != &iproute) { - iproute.ro_dst = ro->ro_dst; - rtin = satortin(&iproute.ro_dst); - dst = satosin(&iproute.ro_dst); - } - rtin->rtin_src.s_addr = 0; - } } /* Set the source IP address */ diff --git a/sys/netinet/ip_var.h b/sys/netinet/ip_var.h index f14af1156bf..4697fe53824 100644 --- a/sys/netinet/ip_var.h +++ b/sys/netinet/ip_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_var.h,v 1.31 2004/06/06 16:49:09 cedric Exp $ */ +/* $OpenBSD: ip_var.h,v 1.32 2004/06/22 07:35:20 cedric Exp $ */ /* $NetBSD: ip_var.h,v 1.16 1996/02/13 23:43:20 christos Exp $ */ /* @@ -183,7 +183,7 @@ struct mbuf * struct in_ifaddr * in_iawithaddr(struct in_addr, struct mbuf *); struct in_ifaddr * - ip_rtaddr(struct in_addr, struct in_addr); + ip_rtaddr(struct in_addr); u_int16_t ip_randomid(void); int ip_setmoptions(int, struct ip_moptions **, struct mbuf *); |