2 * Copyright (c) 1982, 1986, 1988, 1990, 1993
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 4. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94
34 #include "opt_ipsec.h"
36 #include "opt_mbuf_stress_test.h"
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/kernel.h>
42 #include <sys/malloc.h>
44 #include <sys/protosw.h>
45 #include <sys/socket.h>
46 #include <sys/socketvar.h>
47 #include <sys/sysctl.h>
50 #include <net/netisr.h>
52 #include <net/route.h>
54 #include <netinet/in.h>
55 #include <netinet/in_systm.h>
56 #include <netinet/ip.h>
57 #include <netinet/in_pcb.h>
58 #include <netinet/in_var.h>
59 #include <netinet/ip_var.h>
60 #include <netinet/ip_options.h>
62 #if defined(IPSEC) || defined(FAST_IPSEC)
63 #include <netinet/ip_ipsec.h>
65 #include <netinet6/ipsec.h>
68 #include <netipsec/ipsec.h>
72 #include <machine/in_cksum.h>
74 static MALLOC_DEFINE(M_IPMOPTS, "ip_moptions", "internet multicast options");
76 #define print_ip(x, a, y) printf("%s %d.%d.%d.%d%s",\
77 x, (ntohl(a.s_addr)>>24)&0xFF,\
78 (ntohl(a.s_addr)>>16)&0xFF,\
79 (ntohl(a.s_addr)>>8)&0xFF,\
80 (ntohl(a.s_addr))&0xFF, y);
84 #ifdef MBUF_STRESS_TEST
85 int mbuf_frag_size = 0;
86 SYSCTL_INT(_net_inet_ip, OID_AUTO, mbuf_frag_size, CTLFLAG_RW,
87 &mbuf_frag_size, 0, "Fragment outgoing mbufs to this size");
90 static struct ifnet *ip_multicast_if(struct in_addr *, int *);
91 static void ip_mloopback
92 (struct ifnet *, struct mbuf *, struct sockaddr_in *, int);
93 static int ip_getmoptions(struct inpcb *, struct sockopt *);
94 static int ip_setmoptions(struct inpcb *, struct sockopt *);
97 extern struct protosw inetsw[];
100 * IP output. The packet in mbuf chain m contains a skeletal IP
101 * header (with len, off, ttl, proto, tos, src, dst).
102 * The mbuf chain containing the packet will be freed.
103 * The mbuf opt, if present, will not be freed.
104 * In the IP forwarding case, the packet will arrive with options already
105 * inserted, so must have a NULL opt pointer.
108 ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro,
109 int flags, struct ip_moptions *imo, struct inpcb *inp)
112 struct ifnet *ifp = NULL; /* keep compiler happy */
114 int hlen = sizeof (struct ip);
116 struct sockaddr_in *dst = NULL; /* keep compiler happy */
117 struct in_ifaddr *ia = NULL;
118 int isbroadcast, sw_csum;
119 struct route iproute;
121 #ifdef IPFIREWALL_FORWARD
122 struct m_tag *fwd_tag = NULL;
128 bzero(ro, sizeof (*ro));
132 INP_LOCK_ASSERT(inp);
136 m = ip_insertoptions(m, opt, &len);
140 ip = mtod(m, struct ip *);
143 * Fill in IP header. If we are not allowing fragmentation,
144 * then the ip_id field is meaningless, but we don't set it
145 * to zero. Doing so causes various problems when devices along
146 * the path (routers, load balancers, firewalls, etc.) illegally
147 * disable DF on our packet. Note that a 16-bit counter
148 * will wrap around in less than 10 seconds at 100 Mbit/s on a
149 * medium with MTU 1500. See Steven M. Bellovin, "A Technique
150 * for Counting NATted Hosts", Proc. IMW'02, available at
151 * <http://www.research.att.com/~smb/papers/fnat.pdf>.
153 if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) {
154 ip->ip_v = IPVERSION;
155 ip->ip_hl = hlen >> 2;
156 ip->ip_id = ip_newid();
157 ipstat.ips_localout++;
159 hlen = ip->ip_hl << 2;
162 dst = (struct sockaddr_in *)&ro->ro_dst;
165 * If there is a cached route,
166 * check that it is to the same destination
167 * and is still up. If not, free it and try again.
168 * The address family should also be checked in case of sharing the
171 if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
172 dst->sin_family != AF_INET ||
173 dst->sin_addr.s_addr != ip->ip_dst.s_addr)) {
175 ro->ro_rt = (struct rtentry *)0;
177 #ifdef IPFIREWALL_FORWARD
178 if (ro->ro_rt == NULL && fwd_tag == NULL) {
180 if (ro->ro_rt == NULL) {
182 bzero(dst, sizeof(*dst));
183 dst->sin_family = AF_INET;
184 dst->sin_len = sizeof(*dst);
185 dst->sin_addr = ip->ip_dst;
188 * If routing to interface only,
189 * short circuit routing lookup.
191 if (flags & IP_ROUTETOIF) {
192 if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL &&
193 (ia = ifatoia(ifa_ifwithnet(sintosa(dst)))) == NULL) {
194 ipstat.ips_noroute++;
200 isbroadcast = in_broadcast(dst->sin_addr, ifp);
201 } else if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) &&
202 imo != NULL && imo->imo_multicast_ifp != NULL) {
204 * Bypass the normal routing lookup for multicast
205 * packets if the interface is specified.
207 ifp = imo->imo_multicast_ifp;
209 isbroadcast = 0; /* fool gcc */
212 * We want to do any cloning requested by the link layer,
213 * as this is probably required in all cases for correct
214 * operation (as it is for ARP).
216 if (ro->ro_rt == NULL)
218 if (ro->ro_rt == NULL) {
219 ipstat.ips_noroute++;
220 error = EHOSTUNREACH;
223 ia = ifatoia(ro->ro_rt->rt_ifa);
224 ifp = ro->ro_rt->rt_ifp;
225 ro->ro_rt->rt_rmx.rmx_pksent++;
226 if (ro->ro_rt->rt_flags & RTF_GATEWAY)
227 dst = (struct sockaddr_in *)ro->ro_rt->rt_gateway;
228 if (ro->ro_rt->rt_flags & RTF_HOST)
229 isbroadcast = (ro->ro_rt->rt_flags & RTF_BROADCAST);
231 isbroadcast = in_broadcast(dst->sin_addr, ifp);
233 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
234 struct in_multi *inm;
236 m->m_flags |= M_MCAST;
238 * IP destination address is multicast. Make sure "dst"
239 * still points to the address in "ro". (It may have been
240 * changed to point to a gateway address, above.)
242 dst = (struct sockaddr_in *)&ro->ro_dst;
244 * See if the caller provided any multicast options
247 ip->ip_ttl = imo->imo_multicast_ttl;
248 if (imo->imo_multicast_vif != -1)
251 ip_mcast_src(imo->imo_multicast_vif) :
254 ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL;
256 * Confirm that the outgoing interface supports multicast.
258 if ((imo == NULL) || (imo->imo_multicast_vif == -1)) {
259 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
260 ipstat.ips_noroute++;
266 * If source address not specified yet, use address
267 * of outgoing interface.
269 if (ip->ip_src.s_addr == INADDR_ANY) {
270 /* Interface may have no addresses. */
272 ip->ip_src = IA_SIN(ia)->sin_addr;
276 IN_LOOKUP_MULTI(ip->ip_dst, ifp, inm);
278 (imo == NULL || imo->imo_multicast_loop)) {
281 * If we belong to the destination multicast group
282 * on the outgoing interface, and the caller did not
283 * forbid loopback, loop back a copy.
285 ip_mloopback(ifp, m, dst, hlen);
290 * If we are acting as a multicast router, perform
291 * multicast forwarding as if the packet had just
292 * arrived on the interface to which we are about
293 * to send. The multicast forwarding function
294 * recursively calls this function, using the
295 * IP_FORWARDING flag to prevent infinite recursion.
297 * Multicasts that are looped back by ip_mloopback(),
298 * above, will be forwarded by the ip_input() routine,
301 if (ip_mrouter && (flags & IP_FORWARDING) == 0) {
303 * If rsvp daemon is not running, do not
304 * set ip_moptions. This ensures that the packet
305 * is multicast and not just sent down one link
306 * as prescribed by rsvpd.
311 ip_mforward(ip, ifp, m, imo) != 0) {
319 * Multicasts with a time-to-live of zero may be looped-
320 * back, above, but must not be transmitted on a network.
321 * Also, multicasts addressed to the loopback interface
322 * are not sent -- the above call to ip_mloopback() will
323 * loop back a copy if this host actually belongs to the
324 * destination group on the loopback interface.
326 if (ip->ip_ttl == 0 || ifp->if_flags & IFF_LOOPBACK) {
335 * If the source address is not specified yet, use the address
336 * of the outoing interface.
338 if (ip->ip_src.s_addr == INADDR_ANY) {
339 /* Interface may have no addresses. */
341 ip->ip_src = IA_SIN(ia)->sin_addr;
346 * Verify that we have any chance at all of being able to queue the
347 * packet or packet fragments, unless ALTQ is enabled on the given
348 * interface in which case packetdrop should be done by queueing.
351 if ((!ALTQ_IS_ENABLED(&ifp->if_snd)) &&
352 ((ifp->if_snd.ifq_len + ip->ip_len / ifp->if_mtu + 1) >=
353 ifp->if_snd.ifq_maxlen))
355 if ((ifp->if_snd.ifq_len + ip->ip_len / ifp->if_mtu + 1) >=
356 ifp->if_snd.ifq_maxlen)
360 ipstat.ips_odropped++;
361 ifp->if_snd.ifq_drops += (ip->ip_len / ifp->if_mtu + 1);
366 * Look for broadcast address and
367 * verify user is allowed to send
371 if ((ifp->if_flags & IFF_BROADCAST) == 0) {
372 error = EADDRNOTAVAIL;
375 if ((flags & IP_ALLOWBROADCAST) == 0) {
379 /* don't allow broadcast messages to be fragmented */
380 if (ip->ip_len > ifp->if_mtu) {
384 if (flags & IP_SENDONES)
385 ip->ip_dst.s_addr = INADDR_BROADCAST;
386 m->m_flags |= M_BCAST;
388 m->m_flags &= ~M_BCAST;
392 #if defined(IPSEC) || defined(FAST_IPSEC)
393 switch(ip_ipsec_output(&m, inp, &flags, &error, &ro, &iproute, &dst, &ia, &ifp)) {
400 break; /* Continue with packet processing. */
402 /* Update variables that are affected by ipsec4_output(). */
403 ip = mtod(m, struct ip *);
404 hlen = ip->ip_hl << 2;
407 /* Jump over all PFIL processing if hooks are not active. */
408 if (!PFIL_HOOKED(&inet_pfil_hook))
411 /* Run through list of hooks for output packets. */
412 odst.s_addr = ip->ip_dst.s_addr;
413 error = pfil_run_hooks(&inet_pfil_hook, &m, ifp, PFIL_OUT, inp);
414 if (error != 0 || m == NULL)
417 ip = mtod(m, struct ip *);
419 /* See if destination IP address was changed by packet filter. */
420 if (odst.s_addr != ip->ip_dst.s_addr) {
421 m->m_flags |= M_SKIP_FIREWALL;
422 /* If destination is now ourself drop to ip_input(). */
423 if (in_localip(ip->ip_dst)) {
424 m->m_flags |= M_FASTFWD_OURS;
425 if (m->m_pkthdr.rcvif == NULL)
426 m->m_pkthdr.rcvif = loif;
427 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
428 m->m_pkthdr.csum_flags |=
429 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
430 m->m_pkthdr.csum_data = 0xffff;
432 m->m_pkthdr.csum_flags |=
433 CSUM_IP_CHECKED | CSUM_IP_VALID;
435 error = netisr_queue(NETISR_IP, m);
438 goto again; /* Redo the routing table lookup. */
441 #ifdef IPFIREWALL_FORWARD
442 /* See if local, if yes, send it to netisr with IP_FASTFWD_OURS. */
443 if (m->m_flags & M_FASTFWD_OURS) {
444 if (m->m_pkthdr.rcvif == NULL)
445 m->m_pkthdr.rcvif = loif;
446 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
447 m->m_pkthdr.csum_flags |=
448 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
449 m->m_pkthdr.csum_data = 0xffff;
451 m->m_pkthdr.csum_flags |=
452 CSUM_IP_CHECKED | CSUM_IP_VALID;
454 error = netisr_queue(NETISR_IP, m);
457 /* Or forward to some other address? */
458 fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
460 #ifndef IPFIREWALL_FORWARD_EXTENDED
461 if (!in_localip(ip->ip_src) && !in_localaddr(ip->ip_dst)) {
463 dst = (struct sockaddr_in *)&ro->ro_dst;
464 bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in));
465 m->m_flags |= M_SKIP_FIREWALL;
466 m_tag_delete(m, fwd_tag);
468 #ifndef IPFIREWALL_FORWARD_EXTENDED
470 m_tag_delete(m, fwd_tag);
475 #endif /* IPFIREWALL_FORWARD */
478 /* 127/8 must not appear on wire - RFC1122. */
479 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
480 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
481 if ((ifp->if_flags & IFF_LOOPBACK) == 0) {
482 ipstat.ips_badaddr++;
483 error = EADDRNOTAVAIL;
488 m->m_pkthdr.csum_flags |= CSUM_IP;
489 sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_hwassist;
490 if (sw_csum & CSUM_DELAY_DATA) {
492 sw_csum &= ~CSUM_DELAY_DATA;
494 m->m_pkthdr.csum_flags &= ifp->if_hwassist;
497 * If small enough for interface, or the interface will take
498 * care of the fragmentation for us, can just send directly.
500 if (ip->ip_len <= ifp->if_mtu || (ifp->if_hwassist & CSUM_FRAGMENT &&
501 ((ip->ip_off & IP_DF) == 0))) {
502 ip->ip_len = htons(ip->ip_len);
503 ip->ip_off = htons(ip->ip_off);
505 if (sw_csum & CSUM_DELAY_IP)
506 ip->ip_sum = in_cksum(m, hlen);
508 /* Record statistics for this interface address. */
509 if (!(flags & IP_FORWARDING) && ia) {
510 ia->ia_ifa.if_opackets++;
511 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
514 /* clean ipsec history once it goes out of the node */
517 #ifdef MBUF_STRESS_TEST
518 if (mbuf_frag_size && m->m_pkthdr.len > mbuf_frag_size)
519 m = m_fragment(m, M_DONTWAIT, mbuf_frag_size);
522 * Reset layer specific mbuf flags
523 * to avoid confusing lower layers.
525 m->m_flags &= ~(M_PROTOFLAGS);
527 error = (*ifp->if_output)(ifp, m,
528 (struct sockaddr *)dst, ro->ro_rt);
532 if (ip->ip_off & IP_DF) {
535 * This case can happen if the user changed the MTU
536 * of an interface after enabling IP on it. Because
537 * most netifs don't keep track of routes pointing to
538 * them, there is no way for one to update all its
539 * routes when the MTU is changed.
542 (ro->ro_rt->rt_flags & (RTF_UP | RTF_HOST)) &&
543 (ro->ro_rt->rt_rmx.rmx_mtu > ifp->if_mtu)) {
544 ro->ro_rt->rt_rmx.rmx_mtu = ifp->if_mtu;
546 ipstat.ips_cantfrag++;
551 * Too large for interface; fragment if possible. If successful,
552 * on return, m will point to a list of packets to be sent.
554 error = ip_fragment(ip, &m, ifp->if_mtu, ifp->if_hwassist, sw_csum);
561 /* clean ipsec history once it goes out of the node */
565 /* Record statistics for this interface address. */
567 ia->ia_ifa.if_opackets++;
568 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
571 * Reset layer specific mbuf flags
572 * to avoid confusing upper layers.
574 m->m_flags &= ~(M_PROTOFLAGS);
576 error = (*ifp->if_output)(ifp, m,
577 (struct sockaddr *)dst, ro->ro_rt);
583 ipstat.ips_fragmented++;
586 if (ro == &iproute && ro->ro_rt) {
596 * Create a chain of fragments which fit the given mtu. m_frag points to the
597 * mbuf to be fragmented; on return it points to the chain with the fragments.
598 * Return 0 if no error. If error, m_frag may contain a partially built
599 * chain of fragments that should be freed by the caller.
601 * if_hwassist_flags is the hw offload capabilities (see if_data.ifi_hwassist)
602 * sw_csum contains the delayed checksums flags (e.g., CSUM_DELAY_IP).
605 ip_fragment(struct ip *ip, struct mbuf **m_frag, int mtu,
606 u_long if_hwassist_flags, int sw_csum)
609 int hlen = ip->ip_hl << 2;
610 int len = (mtu - hlen) & ~7; /* size of payload in each fragment */
612 struct mbuf *m0 = *m_frag; /* the original packet */
617 if (ip->ip_off & IP_DF) { /* Fragmentation not allowed */
618 ipstat.ips_cantfrag++;
623 * Must be able to put at least 8 bytes per fragment.
629 * If the interface will not calculate checksums on
630 * fragmented packets, then do it here.
632 if (m0->m_pkthdr.csum_flags & CSUM_DELAY_DATA &&
633 (if_hwassist_flags & CSUM_IP_FRAGS) == 0) {
634 in_delayed_cksum(m0);
635 m0->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
638 if (len > PAGE_SIZE) {
640 * Fragment large datagrams such that each segment
641 * contains a multiple of PAGE_SIZE amount of data,
642 * plus headers. This enables a receiver to perform
643 * page-flipping zero-copy optimizations.
645 * XXX When does this help given that sender and receiver
646 * could have different page sizes, and also mtu could
647 * be less than the receiver's page size ?
652 for (m = m0, off = 0; m && (off+m->m_len) <= mtu; m = m->m_next)
656 * firstlen (off - hlen) must be aligned on an
660 goto smart_frag_failure;
661 off = ((off - hlen) & ~7) + hlen;
662 newlen = (~PAGE_MASK) & mtu;
663 if ((newlen + sizeof (struct ip)) > mtu) {
664 /* we failed, go back the default */
675 firstlen = off - hlen;
676 mnext = &m0->m_nextpkt; /* pointer to next packet */
679 * Loop through length of segment after first fragment,
680 * make new header and copy data of each part and link onto chain.
681 * Here, m0 is the original packet, m is the fragment being created.
682 * The fragments are linked off the m_nextpkt of the original
683 * packet, which after processing serves as the first fragment.
685 for (nfrags = 1; off < ip->ip_len; off += len, nfrags++) {
686 struct ip *mhip; /* ip header on the fragment */
688 int mhlen = sizeof (struct ip);
690 MGETHDR(m, M_DONTWAIT, MT_DATA);
693 ipstat.ips_odropped++;
696 m->m_flags |= (m0->m_flags & M_MCAST) | M_FRAG;
698 * In the first mbuf, leave room for the link header, then
699 * copy the original IP header including options. The payload
700 * goes into an additional mbuf chain returned by m_copy().
702 m->m_data += max_linkhdr;
703 mhip = mtod(m, struct ip *);
705 if (hlen > sizeof (struct ip)) {
706 mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip);
707 mhip->ip_v = IPVERSION;
708 mhip->ip_hl = mhlen >> 2;
711 /* XXX do we need to add ip->ip_off below ? */
712 mhip->ip_off = ((off - hlen) >> 3) + ip->ip_off;
713 if (off + len >= ip->ip_len) { /* last fragment */
714 len = ip->ip_len - off;
715 m->m_flags |= M_LASTFRAG;
717 mhip->ip_off |= IP_MF;
718 mhip->ip_len = htons((u_short)(len + mhlen));
719 m->m_next = m_copy(m0, off, len);
720 if (m->m_next == NULL) { /* copy failed */
722 error = ENOBUFS; /* ??? */
723 ipstat.ips_odropped++;
726 m->m_pkthdr.len = mhlen + len;
727 m->m_pkthdr.rcvif = NULL;
729 mac_create_fragment(m0, m);
731 m->m_pkthdr.csum_flags = m0->m_pkthdr.csum_flags;
732 mhip->ip_off = htons(mhip->ip_off);
734 if (sw_csum & CSUM_DELAY_IP)
735 mhip->ip_sum = in_cksum(m, mhlen);
737 mnext = &m->m_nextpkt;
739 ipstat.ips_ofragments += nfrags;
741 /* set first marker for fragment chain */
742 m0->m_flags |= M_FIRSTFRAG | M_FRAG;
743 m0->m_pkthdr.csum_data = nfrags;
746 * Update first fragment by trimming what's been copied out
747 * and updating header.
749 m_adj(m0, hlen + firstlen - ip->ip_len);
750 m0->m_pkthdr.len = hlen + firstlen;
751 ip->ip_len = htons((u_short)m0->m_pkthdr.len);
753 ip->ip_off = htons(ip->ip_off);
755 if (sw_csum & CSUM_DELAY_IP)
756 ip->ip_sum = in_cksum(m0, hlen);
764 in_delayed_cksum(struct mbuf *m)
767 u_short csum, offset;
769 ip = mtod(m, struct ip *);
770 offset = ip->ip_hl << 2 ;
771 csum = in_cksum_skip(m, ip->ip_len, offset);
772 if (m->m_pkthdr.csum_flags & CSUM_UDP && csum == 0)
774 offset += m->m_pkthdr.csum_data; /* checksum offset */
776 if (offset + sizeof(u_short) > m->m_len) {
777 printf("delayed m_pullup, m->len: %d off: %d p: %d\n",
778 m->m_len, offset, ip->ip_p);
781 * this shouldn't happen, but if it does, the
782 * correct behavior may be to insert the checksum
783 * in the appropriate next mbuf in the chain.
787 *(u_short *)(m->m_data + offset) = csum;
791 * IP socket option processing.
794 ip_ctloutput(so, sopt)
796 struct sockopt *sopt;
798 struct inpcb *inp = sotoinpcb(so);
802 if (sopt->sopt_level != IPPROTO_IP) {
806 switch (sopt->sopt_dir) {
808 switch (sopt->sopt_name) {
815 if (sopt->sopt_valsize > MLEN) {
819 MGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT, MT_DATA);
824 m->m_len = sopt->sopt_valsize;
825 error = sooptcopyin(sopt, mtod(m, char *), m->m_len,
828 error = ip_pcbopts(inp, sopt->sopt_name, m);
844 error = sooptcopyin(sopt, &optval, sizeof optval,
849 switch (sopt->sopt_name) {
851 inp->inp_ip_tos = optval;
855 inp->inp_ip_ttl = optval;
859 if (optval > 0 && optval <= MAXTTL)
860 inp->inp_ip_minttl = optval;
865 #define OPTSET(bit) do { \
868 inp->inp_flags |= bit; \
870 inp->inp_flags &= ~bit; \
875 OPTSET(INP_RECVOPTS);
879 OPTSET(INP_RECVRETOPTS);
883 OPTSET(INP_RECVDSTADDR);
899 OPTSET(INP_ONESBCAST);
902 OPTSET(INP_DONTFRAG);
908 case IP_MULTICAST_IF:
909 case IP_MULTICAST_VIF:
910 case IP_MULTICAST_TTL:
911 case IP_MULTICAST_LOOP:
912 case IP_ADD_MEMBERSHIP:
913 case IP_DROP_MEMBERSHIP:
914 error = ip_setmoptions(inp, sopt);
918 error = sooptcopyin(sopt, &optval, sizeof optval,
925 case IP_PORTRANGE_DEFAULT:
926 inp->inp_flags &= ~(INP_LOWPORT);
927 inp->inp_flags &= ~(INP_HIGHPORT);
930 case IP_PORTRANGE_HIGH:
931 inp->inp_flags &= ~(INP_LOWPORT);
932 inp->inp_flags |= INP_HIGHPORT;
935 case IP_PORTRANGE_LOW:
936 inp->inp_flags &= ~(INP_HIGHPORT);
937 inp->inp_flags |= INP_LOWPORT;
947 #if defined(IPSEC) || defined(FAST_IPSEC)
948 case IP_IPSEC_POLICY:
956 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
958 if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
960 priv = (sopt->sopt_td != NULL &&
961 suser(sopt->sopt_td) != 0) ? 0 : 1;
962 req = mtod(m, caddr_t);
964 optname = sopt->sopt_name;
965 error = ipsec4_set_policy(inp, optname, req, len, priv);
978 switch (sopt->sopt_name) {
981 if (inp->inp_options)
982 error = sooptcopyout(sopt,
983 mtod(inp->inp_options,
985 inp->inp_options->m_len);
987 sopt->sopt_valsize = 0;
1002 switch (sopt->sopt_name) {
1005 optval = inp->inp_ip_tos;
1009 optval = inp->inp_ip_ttl;
1013 optval = inp->inp_ip_minttl;
1016 #define OPTBIT(bit) (inp->inp_flags & bit ? 1 : 0)
1019 optval = OPTBIT(INP_RECVOPTS);
1022 case IP_RECVRETOPTS:
1023 optval = OPTBIT(INP_RECVRETOPTS);
1026 case IP_RECVDSTADDR:
1027 optval = OPTBIT(INP_RECVDSTADDR);
1031 optval = OPTBIT(INP_RECVTTL);
1035 optval = OPTBIT(INP_RECVIF);
1039 if (inp->inp_flags & INP_HIGHPORT)
1040 optval = IP_PORTRANGE_HIGH;
1041 else if (inp->inp_flags & INP_LOWPORT)
1042 optval = IP_PORTRANGE_LOW;
1048 optval = OPTBIT(INP_FAITH);
1052 optval = OPTBIT(INP_ONESBCAST);
1055 optval = OPTBIT(INP_DONTFRAG);
1058 error = sooptcopyout(sopt, &optval, sizeof optval);
1061 case IP_MULTICAST_IF:
1062 case IP_MULTICAST_VIF:
1063 case IP_MULTICAST_TTL:
1064 case IP_MULTICAST_LOOP:
1065 case IP_ADD_MEMBERSHIP:
1066 case IP_DROP_MEMBERSHIP:
1067 error = ip_getmoptions(inp, sopt);
1070 #if defined(IPSEC) || defined(FAST_IPSEC)
1071 case IP_IPSEC_POLICY:
1073 struct mbuf *m = NULL;
1078 req = mtod(m, caddr_t);
1081 error = ipsec4_get_policy(sotoinpcb(so), req, len, &m);
1083 error = soopt_mcopyout(sopt, m); /* XXX */
1091 error = ENOPROTOOPT;
1101 * The whole multicast option thing needs to be re-thought.
1102 * Several of these options are equally applicable to non-multicast
1103 * transmission, and one (IP_MULTICAST_TTL) totally duplicates a
1104 * standard option (IP_TTL).
1108 * following RFC1724 section 3.3, 0.0.0.0/8 is interpreted as interface index.
1110 static struct ifnet *
1111 ip_multicast_if(a, ifindexp)
1120 if (ntohl(a->s_addr) >> 24 == 0) {
1121 ifindex = ntohl(a->s_addr) & 0xffffff;
1122 if (ifindex < 0 || if_index < ifindex)
1124 ifp = ifnet_byindex(ifindex);
1126 *ifindexp = ifindex;
1128 INADDR_TO_IFP(*a, ifp);
1134 * Given an inpcb, return its multicast options structure pointer. Accepts
1135 * an unlocked inpcb pointer, but will return it locked. May sleep.
1137 static struct ip_moptions *
1138 ip_findmoptions(struct inpcb *inp)
1140 struct ip_moptions *imo;
1143 if (inp->inp_moptions != NULL)
1144 return (inp->inp_moptions);
1148 imo = (struct ip_moptions*)malloc(sizeof(*imo), M_IPMOPTS, M_WAITOK);
1150 imo->imo_multicast_ifp = NULL;
1151 imo->imo_multicast_addr.s_addr = INADDR_ANY;
1152 imo->imo_multicast_vif = -1;
1153 imo->imo_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
1154 imo->imo_multicast_loop = IP_DEFAULT_MULTICAST_LOOP;
1155 imo->imo_num_memberships = 0;
1158 if (inp->inp_moptions != NULL) {
1159 free(imo, M_IPMOPTS);
1160 return (inp->inp_moptions);
1162 inp->inp_moptions = imo;
1167 * Set the IP multicast options in response to user setsockopt().
1170 ip_setmoptions(struct inpcb *inp, struct sockopt *sopt)
1174 struct in_addr addr;
1175 struct ip_mreq mreq;
1177 struct ip_moptions *imo;
1179 struct sockaddr_in *dst;
1183 switch (sopt->sopt_name) {
1184 /* store an index number for the vif you wanna use in the send */
1185 case IP_MULTICAST_VIF:
1186 if (legal_vif_num == 0) {
1190 error = sooptcopyin(sopt, &i, sizeof i, sizeof i);
1193 if (!legal_vif_num(i) && (i != -1)) {
1197 imo = ip_findmoptions(inp);
1198 imo->imo_multicast_vif = i;
1202 case IP_MULTICAST_IF:
1204 * Select the interface for outgoing multicast packets.
1206 error = sooptcopyin(sopt, &addr, sizeof addr, sizeof addr);
1210 * INADDR_ANY is used to remove a previous selection.
1211 * When no interface is selected, a default one is
1212 * chosen every time a multicast packet is sent.
1214 imo = ip_findmoptions(inp);
1215 if (addr.s_addr == INADDR_ANY) {
1216 imo->imo_multicast_ifp = NULL;
1221 * The selected interface is identified by its local
1222 * IP address. Find the interface and confirm that
1223 * it supports multicasting.
1226 ifp = ip_multicast_if(&addr, &ifindex);
1227 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
1230 error = EADDRNOTAVAIL;
1233 imo->imo_multicast_ifp = ifp;
1235 imo->imo_multicast_addr = addr;
1237 imo->imo_multicast_addr.s_addr = INADDR_ANY;
1242 case IP_MULTICAST_TTL:
1244 * Set the IP time-to-live for outgoing multicast packets.
1245 * The original multicast API required a char argument,
1246 * which is inconsistent with the rest of the socket API.
1247 * We allow either a char or an int.
1249 if (sopt->sopt_valsize == 1) {
1251 error = sooptcopyin(sopt, &ttl, 1, 1);
1254 imo = ip_findmoptions(inp);
1255 imo->imo_multicast_ttl = ttl;
1259 error = sooptcopyin(sopt, &ttl, sizeof ttl,
1266 imo = ip_findmoptions(inp);
1267 imo->imo_multicast_ttl = ttl;
1273 case IP_MULTICAST_LOOP:
1275 * Set the loopback flag for outgoing multicast packets.
1276 * Must be zero or one. The original multicast API required a
1277 * char argument, which is inconsistent with the rest
1278 * of the socket API. We allow either a char or an int.
1280 if (sopt->sopt_valsize == 1) {
1282 error = sooptcopyin(sopt, &loop, 1, 1);
1285 imo = ip_findmoptions(inp);
1286 imo->imo_multicast_loop = !!loop;
1290 error = sooptcopyin(sopt, &loop, sizeof loop,
1294 imo = ip_findmoptions(inp);
1295 imo->imo_multicast_loop = !!loop;
1300 case IP_ADD_MEMBERSHIP:
1302 * Add a multicast group membership.
1303 * Group must be a valid IP multicast address.
1305 error = sooptcopyin(sopt, &mreq, sizeof mreq, sizeof mreq);
1309 if (!IN_MULTICAST(ntohl(mreq.imr_multiaddr.s_addr))) {
1315 * If no interface address was provided, use the interface of
1316 * the route to the given multicast address.
1318 if (mreq.imr_interface.s_addr == INADDR_ANY) {
1319 bzero((caddr_t)&ro, sizeof(ro));
1320 dst = (struct sockaddr_in *)&ro.ro_dst;
1321 dst->sin_len = sizeof(*dst);
1322 dst->sin_family = AF_INET;
1323 dst->sin_addr = mreq.imr_multiaddr;
1324 rtalloc_ign(&ro, RTF_CLONING);
1325 if (ro.ro_rt == NULL) {
1326 error = EADDRNOTAVAIL;
1330 ifp = ro.ro_rt->rt_ifp;
1334 ifp = ip_multicast_if(&mreq.imr_interface, NULL);
1338 * See if we found an interface, and confirm that it
1339 * supports multicast.
1341 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
1342 error = EADDRNOTAVAIL;
1347 * See if the membership already exists or if all the
1348 * membership slots are full.
1350 imo = ip_findmoptions(inp);
1351 for (i = 0; i < imo->imo_num_memberships; ++i) {
1352 if (imo->imo_membership[i]->inm_ifp == ifp &&
1353 imo->imo_membership[i]->inm_addr.s_addr
1354 == mreq.imr_multiaddr.s_addr)
1357 if (i < imo->imo_num_memberships) {
1363 if (i == IP_MAX_MEMBERSHIPS) {
1365 error = ETOOMANYREFS;
1370 * Everything looks good; add a new record to the multicast
1371 * address list for the given interface.
1373 if ((imo->imo_membership[i] =
1374 in_addmulti(&mreq.imr_multiaddr, ifp)) == NULL) {
1380 ++imo->imo_num_memberships;
1385 case IP_DROP_MEMBERSHIP:
1387 * Drop a multicast group membership.
1388 * Group must be a valid IP multicast address.
1390 error = sooptcopyin(sopt, &mreq, sizeof mreq, sizeof mreq);
1394 if (!IN_MULTICAST(ntohl(mreq.imr_multiaddr.s_addr))) {
1401 * If an interface address was specified, get a pointer
1402 * to its ifnet structure.
1404 if (mreq.imr_interface.s_addr == INADDR_ANY)
1407 ifp = ip_multicast_if(&mreq.imr_interface, NULL);
1409 error = EADDRNOTAVAIL;
1415 * Find the membership in the membership array.
1417 imo = ip_findmoptions(inp);
1418 for (i = 0; i < imo->imo_num_memberships; ++i) {
1420 imo->imo_membership[i]->inm_ifp == ifp) &&
1421 imo->imo_membership[i]->inm_addr.s_addr ==
1422 mreq.imr_multiaddr.s_addr)
1425 if (i == imo->imo_num_memberships) {
1427 error = EADDRNOTAVAIL;
1432 * Give up the multicast address record to which the
1433 * membership points.
1435 in_delmulti(imo->imo_membership[i]);
1437 * Remove the gap in the membership array.
1439 for (++i; i < imo->imo_num_memberships; ++i)
1440 imo->imo_membership[i-1] = imo->imo_membership[i];
1441 --imo->imo_num_memberships;
1455 * Return the IP multicast options in response to user getsockopt().
1458 ip_getmoptions(struct inpcb *inp, struct sockopt *sopt)
1460 struct ip_moptions *imo;
1461 struct in_addr addr;
1462 struct in_ifaddr *ia;
1467 imo = inp->inp_moptions;
1470 switch (sopt->sopt_name) {
1471 case IP_MULTICAST_VIF:
1473 optval = imo->imo_multicast_vif;
1477 error = sooptcopyout(sopt, &optval, sizeof optval);
1480 case IP_MULTICAST_IF:
1481 if (imo == NULL || imo->imo_multicast_ifp == NULL)
1482 addr.s_addr = INADDR_ANY;
1483 else if (imo->imo_multicast_addr.s_addr) {
1484 /* return the value user has set */
1485 addr = imo->imo_multicast_addr;
1487 IFP_TO_IA(imo->imo_multicast_ifp, ia);
1488 addr.s_addr = (ia == NULL) ? INADDR_ANY
1489 : IA_SIN(ia)->sin_addr.s_addr;
1492 error = sooptcopyout(sopt, &addr, sizeof addr);
1495 case IP_MULTICAST_TTL:
1497 optval = coptval = IP_DEFAULT_MULTICAST_TTL;
1499 optval = coptval = imo->imo_multicast_ttl;
1501 if (sopt->sopt_valsize == 1)
1502 error = sooptcopyout(sopt, &coptval, 1);
1504 error = sooptcopyout(sopt, &optval, sizeof optval);
1507 case IP_MULTICAST_LOOP:
1509 optval = coptval = IP_DEFAULT_MULTICAST_LOOP;
1511 optval = coptval = imo->imo_multicast_loop;
1513 if (sopt->sopt_valsize == 1)
1514 error = sooptcopyout(sopt, &coptval, 1);
1516 error = sooptcopyout(sopt, &optval, sizeof optval);
1521 error = ENOPROTOOPT;
1524 INP_UNLOCK_ASSERT(inp);
1530 * Discard the IP multicast options.
1533 ip_freemoptions(imo)
1534 register struct ip_moptions *imo;
1539 for (i = 0; i < imo->imo_num_memberships; ++i)
1540 in_delmulti(imo->imo_membership[i]);
1541 free(imo, M_IPMOPTS);
1546 * Routine called from ip_output() to loop back a copy of an IP multicast
1547 * packet to the input queue of a specified interface. Note that this
1548 * calls the output routine of the loopback "driver", but with an interface
1549 * pointer that might NOT be a loopback interface -- evil, but easier than
1550 * replicating that code here.
1553 ip_mloopback(ifp, m, dst, hlen)
1555 register struct mbuf *m;
1556 register struct sockaddr_in *dst;
1559 register struct ip *ip;
1562 copym = m_copy(m, 0, M_COPYALL);
1563 if (copym != NULL && (copym->m_flags & M_EXT || copym->m_len < hlen))
1564 copym = m_pullup(copym, hlen);
1565 if (copym != NULL) {
1566 /* If needed, compute the checksum and mark it as valid. */
1567 if (copym->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
1568 in_delayed_cksum(copym);
1569 copym->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
1570 copym->m_pkthdr.csum_flags |=
1571 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
1572 copym->m_pkthdr.csum_data = 0xffff;
1575 * We don't bother to fragment if the IP length is greater
1576 * than the interface's MTU. Can this possibly matter?
1578 ip = mtod(copym, struct ip *);
1579 ip->ip_len = htons(ip->ip_len);
1580 ip->ip_off = htons(ip->ip_off);
1582 ip->ip_sum = in_cksum(copym, hlen);
1585 * It's not clear whether there are any lingering
1586 * reentrancy problems in other areas which might
1587 * be exposed by using ip_input directly (in
1588 * particular, everything which modifies the packet
1589 * in-place). Yet another option is using the
1590 * protosw directly to deliver the looped back
1591 * packet. For the moment, we'll err on the side
1592 * of safety by using if_simloop().
1595 if (dst->sin_family != AF_INET) {
1596 printf("ip_mloopback: bad address family %d\n",
1598 dst->sin_family = AF_INET;
1603 copym->m_pkthdr.rcvif = ifp;
1606 if_simloop(ifp, copym, dst->sin_family, 0);