patch-2.3.39 linux/net/ipv4/ip_input.c

• Lines: 62
• Date: Sat Jan 8 21:36:20 2000
• Orig file: v2.3.38/linux/net/ipv4/ip_input.c
• Orig date: Thu Aug 26 13:05:45 1999

diff -u --recursive --new-file v2.3.38/linux/net/ipv4/ip_input.c linux/net/ipv4/ip_input.c
@@ -5,7 +5,7 @@
  *
  *		The Internet Protocol (IP) module.
  *
- * Version:	$Id: ip_input.c,v 1.42 1999/08/20 11:05:27 davem Exp $
+ * Version:	$Id: ip_input.c,v 1.44 2000/01/09 02:19:30 davem Exp $
  *
  * Authors:	Ross Biro, <bir7@leland.Stanford.Edu>
  *		Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
@@ -148,7 +148,7 @@
  *	SNMP management statistics
  */
 
-struct ip_mib ip_statistics={2,IPDEFTTL,};	/* Forwarding=No, Default TTL=64 */
+struct ip_mib ip_statistics[NR_CPUS*2];
 
 /*
  *	Process Router Attention IP option
@@ -368,7 +368,7 @@
 	return skb->dst->input(skb);
 
 inhdr_error:
-	ip_statistics.IpInHdrErrors++;
+	IP_INC_STATS_BH(IpInHdrErrors);
 drop:
         kfree_skb(skb);
         return(0);
@@ -387,7 +387,7 @@
 	if (skb->pkt_type == PACKET_OTHERHOST)
 		goto drop;
 
-	ip_statistics.IpInReceives++;
+	IP_INC_STATS_BH(IpInReceives);
 
 	if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
 		goto out;
@@ -403,14 +403,14 @@
 	 *	4.	Doesn't have a bogus length
 	 */
 
-	if (skb->len < sizeof(struct iphdr))
+	if (skb->len < sizeof(struct iphdr) || skb->len < (iph->ihl<<2))
 		goto inhdr_error; 
 	if (iph->ihl < 5 || iph->version != 4 || ip_fast_csum((u8 *)iph, iph->ihl) != 0)
 		goto inhdr_error; 
 
 	{
 		__u32 len = ntohs(iph->tot_len); 
-		if (skb->len < len)
+		if (skb->len < len || len < (iph->ihl<<2))
 			goto inhdr_error;
 
 		/* Our transport medium may have padded the buffer out. Now we know it
@@ -424,7 +424,7 @@
 		       ip_rcv_finish);
 
 inhdr_error:
-	ip_statistics.IpInHdrErrors++;
+	IP_INC_STATS_BH(IpInHdrErrors);
 drop:
         kfree_skb(skb);
 out: