2 * Copyright (c) 1982, 1986, 1988, 1990, 1993
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 4. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
36 #include "opt_ipsec.h"
37 #include "opt_route.h"
38 #include "opt_mbuf_stress_test.h"
39 #include "opt_mpath.h"
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/kernel.h>
45 #include <sys/malloc.h>
49 #include <sys/protosw.h>
50 #include <sys/socket.h>
51 #include <sys/socketvar.h>
52 #include <sys/sysctl.h>
53 #include <sys/ucred.h>
56 #include <net/if_llatbl.h>
57 #include <net/netisr.h>
59 #include <net/route.h>
60 #include <net/flowtable.h>
62 #include <net/radix_mpath.h>
66 #include <netinet/in.h>
67 #include <netinet/in_systm.h>
68 #include <netinet/ip.h>
69 #include <netinet/in_pcb.h>
70 #include <netinet/in_var.h>
71 #include <netinet/ip_var.h>
72 #include <netinet/ip_options.h>
74 #include <netinet/sctp.h>
75 #include <netinet/sctp_crc32.h>
79 #include <netinet/ip_ipsec.h>
80 #include <netipsec/ipsec.h>
83 #include <machine/in_cksum.h>
85 #include <security/mac/mac_framework.h>
87 VNET_DEFINE(u_short, ip_id);
89 #ifdef MBUF_STRESS_TEST
90 static int mbuf_frag_size = 0;
91 SYSCTL_INT(_net_inet_ip, OID_AUTO, mbuf_frag_size, CTLFLAG_RW,
92 &mbuf_frag_size, 0, "Fragment outgoing mbufs to this size");
95 static void ip_mloopback
96 (struct ifnet *, struct mbuf *, struct sockaddr_in *, int);
99 extern int in_mcast_loop;
100 extern struct protosw inetsw[];
103 * IP output. The packet in mbuf chain m contains a skeletal IP
104 * header (with len, off, ttl, proto, tos, src, dst).
105 * ip_len and ip_off are in host format.
106 * The mbuf chain containing the packet will be freed.
107 * The mbuf opt, if present, will not be freed.
108 * If route ro is present and has ro_rt initialized, route lookup would be
109 * skipped and ro->ro_rt would be used. If ro is present but ro->ro_rt is NULL,
110 * then result of route lookup is stored in ro->ro_rt.
112 * In the IP forwarding case, the packet will arrive with options already
113 * inserted, so must have a NULL opt pointer.
116 ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags,
117 struct ip_moptions *imo, struct inpcb *inp)
120 struct ifnet *ifp = NULL; /* keep compiler happy */
122 int hlen = sizeof (struct ip);
124 int n; /* scratchpad */
126 struct sockaddr_in *dst;
127 struct in_ifaddr *ia;
129 uint16_t ip_len, ip_off, sw_csum;
130 struct route iproute;
131 struct rtentry *rte; /* cache for ro->ro_rt */
133 #ifdef IPFIREWALL_FORWARD
134 struct m_tag *fwd_tag = NULL;
137 int no_route_but_check_spd = 0;
142 INP_LOCK_ASSERT(inp);
143 M_SETFIB(m, inp->inp_inc.inc_fibnum);
144 if (inp->inp_flags & (INP_HW_FLOWID|INP_SW_FLOWID)) {
145 m->m_pkthdr.flowid = inp->inp_flowid;
146 m->m_flags |= M_FLOWID;
152 bzero(ro, sizeof (*ro));
156 if (ro->ro_rt == NULL) {
160 * The flow table returns route entries valid for up to 30
161 * seconds; we rely on the remainder of ip_output() taking no
162 * longer than that long for the stability of ro_rt. The
163 * flow ID assignment must have happened before this point.
165 fle = flowtable_lookup_mbuf(V_ip_ft, m, AF_INET);
167 flow_to_route(fle, ro);
173 m = ip_insertoptions(m, opt, &len);
175 hlen = len; /* ip->ip_hl is updated above */
177 ip = mtod(m, struct ip *);
180 * Fill in IP header. If we are not allowing fragmentation,
181 * then the ip_id field is meaningless, but we don't set it
182 * to zero. Doing so causes various problems when devices along
183 * the path (routers, load balancers, firewalls, etc.) illegally
184 * disable DF on our packet. Note that a 16-bit counter
185 * will wrap around in less than 10 seconds at 100 Mbit/s on a
186 * medium with MTU 1500. See Steven M. Bellovin, "A Technique
187 * for Counting NATted Hosts", Proc. IMW'02, available at
188 * <http://www.cs.columbia.edu/~smb/papers/fnat.pdf>.
190 if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) {
191 ip->ip_v = IPVERSION;
192 ip->ip_hl = hlen >> 2;
193 ip->ip_id = ip_newid();
194 IPSTAT_INC(ips_localout);
196 /* Header already set, fetch hlen from there */
197 hlen = ip->ip_hl << 2;
200 dst = (struct sockaddr_in *)&ro->ro_dst;
204 * If there is a cached route,
205 * check that it is to the same destination
206 * and is still up. If not, free it and try again.
207 * The address family should also be checked in case of sharing the
211 if (rte && ((rte->rt_flags & RTF_UP) == 0 ||
212 rte->rt_ifp == NULL ||
213 !RT_LINK_IS_UP(rte->rt_ifp) ||
214 dst->sin_family != AF_INET ||
215 dst->sin_addr.s_addr != ip->ip_dst.s_addr)) {
220 #ifdef IPFIREWALL_FORWARD
221 if (rte == NULL && fwd_tag == NULL) {
225 bzero(dst, sizeof(*dst));
226 dst->sin_family = AF_INET;
227 dst->sin_len = sizeof(*dst);
228 dst->sin_addr = ip->ip_dst;
231 * If routing to interface only, short circuit routing lookup.
232 * The use of an all-ones broadcast address implies this; an
233 * interface is specified by the broadcast address of an interface,
234 * or the destination address of a ptp interface.
236 if (flags & IP_SENDONES) {
237 if ((ia = ifatoia(ifa_ifwithbroadaddr(sintosa(dst)))) == NULL &&
238 (ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL) {
239 IPSTAT_INC(ips_noroute);
243 ip->ip_dst.s_addr = INADDR_BROADCAST;
244 dst->sin_addr = ip->ip_dst;
248 } else if (flags & IP_ROUTETOIF) {
249 if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL &&
250 (ia = ifatoia(ifa_ifwithnet(sintosa(dst), 0))) == NULL) {
251 IPSTAT_INC(ips_noroute);
257 isbroadcast = in_broadcast(dst->sin_addr, ifp);
258 } else if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) &&
259 imo != NULL && imo->imo_multicast_ifp != NULL) {
261 * Bypass the normal routing lookup for multicast
262 * packets if the interface is specified.
264 ifp = imo->imo_multicast_ifp;
266 isbroadcast = 0; /* fool gcc */
269 * We want to do any cloning requested by the link layer,
270 * as this is probably required in all cases for correct
271 * operation (as it is for ARP).
275 rtalloc_mpath_fib(ro,
276 ntohl(ip->ip_src.s_addr ^ ip->ip_dst.s_addr),
277 inp ? inp->inp_inc.inc_fibnum : M_GETFIB(m));
279 in_rtalloc_ign(ro, 0,
280 inp ? inp->inp_inc.inc_fibnum : M_GETFIB(m));
285 rte->rt_ifp == NULL ||
286 !RT_LINK_IS_UP(rte->rt_ifp)) {
289 * There is no route for this packet, but it is
290 * possible that a matching SPD entry exists.
292 no_route_but_check_spd = 1;
293 mtu = 0; /* Silence GCC warning. */
296 IPSTAT_INC(ips_noroute);
297 error = EHOSTUNREACH;
300 ia = ifatoia(rte->rt_ifa);
301 ifa_ref(&ia->ia_ifa);
303 rte->rt_rmx.rmx_pksent++;
304 if (rte->rt_flags & RTF_GATEWAY)
305 dst = (struct sockaddr_in *)rte->rt_gateway;
306 if (rte->rt_flags & RTF_HOST)
307 isbroadcast = (rte->rt_flags & RTF_BROADCAST);
309 isbroadcast = in_broadcast(dst->sin_addr, ifp);
312 * Calculate MTU. If we have a route that is up, use that,
313 * otherwise use the interface's MTU.
315 if (rte != NULL && (rte->rt_flags & (RTF_UP|RTF_HOST))) {
317 * This case can happen if the user changed the MTU
318 * of an interface after enabling IP on it. Because
319 * most netifs don't keep track of routes pointing to
320 * them, there is no way for one to update all its
321 * routes when the MTU is changed.
323 if (rte->rt_rmx.rmx_mtu > ifp->if_mtu)
324 rte->rt_rmx.rmx_mtu = ifp->if_mtu;
325 mtu = rte->rt_rmx.rmx_mtu;
329 /* Catch a possible divide by zero later. */
330 KASSERT(mtu > 0, ("%s: mtu %d <= 0, rte=%p (rt_flags=0x%08x) ifp=%p",
331 __func__, mtu, rte, (rte != NULL) ? rte->rt_flags : 0, ifp));
332 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
333 m->m_flags |= M_MCAST;
335 * IP destination address is multicast. Make sure "dst"
336 * still points to the address in "ro". (It may have been
337 * changed to point to a gateway address, above.)
339 dst = (struct sockaddr_in *)&ro->ro_dst;
341 * See if the caller provided any multicast options
344 ip->ip_ttl = imo->imo_multicast_ttl;
345 if (imo->imo_multicast_vif != -1)
348 ip_mcast_src(imo->imo_multicast_vif) :
351 ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL;
353 * Confirm that the outgoing interface supports multicast.
355 if ((imo == NULL) || (imo->imo_multicast_vif == -1)) {
356 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
357 IPSTAT_INC(ips_noroute);
363 * If source address not specified yet, use address
364 * of outgoing interface.
366 if (ip->ip_src.s_addr == INADDR_ANY) {
367 /* Interface may have no addresses. */
369 ip->ip_src = IA_SIN(ia)->sin_addr;
372 if ((imo == NULL && in_mcast_loop) ||
373 (imo && imo->imo_multicast_loop)) {
375 * Loop back multicast datagram if not expressly
376 * forbidden to do so, even if we are not a member
377 * of the group; ip_input() will filter it later,
378 * thus deferring a hash lookup and mutex acquisition
379 * at the expense of a cheap copy using m_copym().
381 ip_mloopback(ifp, m, dst, hlen);
384 * If we are acting as a multicast router, perform
385 * multicast forwarding as if the packet had just
386 * arrived on the interface to which we are about
387 * to send. The multicast forwarding function
388 * recursively calls this function, using the
389 * IP_FORWARDING flag to prevent infinite recursion.
391 * Multicasts that are looped back by ip_mloopback(),
392 * above, will be forwarded by the ip_input() routine,
395 if (V_ip_mrouter && (flags & IP_FORWARDING) == 0) {
397 * If rsvp daemon is not running, do not
398 * set ip_moptions. This ensures that the packet
399 * is multicast and not just sent down one link
400 * as prescribed by rsvpd.
405 ip_mforward(ip, ifp, m, imo) != 0) {
413 * Multicasts with a time-to-live of zero may be looped-
414 * back, above, but must not be transmitted on a network.
415 * Also, multicasts addressed to the loopback interface
416 * are not sent -- the above call to ip_mloopback() will
417 * loop back a copy. ip_input() will drop the copy if
418 * this host does not belong to the destination group on
419 * the loopback interface.
421 if (ip->ip_ttl == 0 || ifp->if_flags & IFF_LOOPBACK) {
430 * If the source address is not specified yet, use the address
431 * of the outoing interface.
433 if (ip->ip_src.s_addr == INADDR_ANY) {
434 /* Interface may have no addresses. */
436 ip->ip_src = IA_SIN(ia)->sin_addr;
441 * Verify that we have any chance at all of being able to queue the
442 * packet or packet fragments, unless ALTQ is enabled on the given
443 * interface in which case packetdrop should be done by queueing.
445 n = ip->ip_len / mtu + 1; /* how many fragments ? */
448 (!ALTQ_IS_ENABLED(&ifp->if_snd)) &&
450 (ifp->if_snd.ifq_len + n) >= ifp->if_snd.ifq_maxlen ) {
452 IPSTAT_INC(ips_odropped);
453 ifp->if_snd.ifq_drops += n;
458 * Look for broadcast address and
459 * verify user is allowed to send
463 if ((ifp->if_flags & IFF_BROADCAST) == 0) {
464 error = EADDRNOTAVAIL;
467 if ((flags & IP_ALLOWBROADCAST) == 0) {
471 /* don't allow broadcast messages to be fragmented */
472 if (ip->ip_len > mtu) {
476 m->m_flags |= M_BCAST;
478 m->m_flags &= ~M_BCAST;
483 switch(ip_ipsec_output(&m, inp, &flags, &error)) {
490 break; /* Continue with packet processing. */
493 * Check if there was a route for this packet; return error if not.
495 if (no_route_but_check_spd) {
496 IPSTAT_INC(ips_noroute);
497 error = EHOSTUNREACH;
500 /* Update variables that are affected by ipsec4_output(). */
501 ip = mtod(m, struct ip *);
502 hlen = ip->ip_hl << 2;
506 * To network byte order. pfil(9) hooks and ip_fragment() expect this.
508 ip->ip_len = htons(ip->ip_len);
509 ip->ip_off = htons(ip->ip_off);
511 /* Jump over all PFIL processing if hooks are not active. */
512 if (!PFIL_HOOKED(&V_inet_pfil_hook))
515 /* Run through list of hooks for output packets. */
516 odst.s_addr = ip->ip_dst.s_addr;
517 error = pfil_run_hooks(&V_inet_pfil_hook, &m, ifp, PFIL_OUT, inp);
518 if (error != 0 || m == NULL)
521 ip = mtod(m, struct ip *);
523 /* See if destination IP address was changed by packet filter. */
524 if (odst.s_addr != ip->ip_dst.s_addr) {
525 m->m_flags |= M_SKIP_FIREWALL;
526 /* If destination is now ourself drop to ip_input(). */
527 if (in_localip(ip->ip_dst)) {
528 m->m_flags |= M_FASTFWD_OURS;
529 if (m->m_pkthdr.rcvif == NULL)
530 m->m_pkthdr.rcvif = V_loif;
531 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
532 m->m_pkthdr.csum_flags |=
533 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
534 m->m_pkthdr.csum_data = 0xffff;
536 m->m_pkthdr.csum_flags |=
537 CSUM_IP_CHECKED | CSUM_IP_VALID;
539 if (m->m_pkthdr.csum_flags & CSUM_SCTP)
540 m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID;
542 error = netisr_queue(NETISR_IP, m);
546 ifa_free(&ia->ia_ifa);
547 ip->ip_len = ntohs(ip->ip_len);
548 ip->ip_off = ntohs(ip->ip_off);
549 goto again; /* Redo the routing table lookup. */
553 #ifdef IPFIREWALL_FORWARD
554 /* See if local, if yes, send it to netisr with IP_FASTFWD_OURS. */
555 if (m->m_flags & M_FASTFWD_OURS) {
556 if (m->m_pkthdr.rcvif == NULL)
557 m->m_pkthdr.rcvif = V_loif;
558 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
559 m->m_pkthdr.csum_flags |=
560 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
561 m->m_pkthdr.csum_data = 0xffff;
564 if (m->m_pkthdr.csum_flags & CSUM_SCTP)
565 m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID;
567 m->m_pkthdr.csum_flags |=
568 CSUM_IP_CHECKED | CSUM_IP_VALID;
570 error = netisr_queue(NETISR_IP, m);
573 /* Or forward to some other address? */
574 fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
576 dst = (struct sockaddr_in *)&ro->ro_dst;
577 bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in));
578 m->m_flags |= M_SKIP_FIREWALL;
579 m_tag_delete(m, fwd_tag);
581 ifa_free(&ia->ia_ifa);
582 ip->ip_len = ntohs(ip->ip_len);
583 ip->ip_off = ntohs(ip->ip_off);
586 #endif /* IPFIREWALL_FORWARD */
589 ip_len = ntohs(ip->ip_len);
590 ip_off = ntohs(ip->ip_off);
592 /* 127/8 must not appear on wire - RFC1122. */
593 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
594 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
595 if ((ifp->if_flags & IFF_LOOPBACK) == 0) {
596 IPSTAT_INC(ips_badaddr);
597 error = EADDRNOTAVAIL;
602 m->m_pkthdr.csum_flags |= CSUM_IP;
603 sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_hwassist;
604 if (sw_csum & CSUM_DELAY_DATA) {
606 sw_csum &= ~CSUM_DELAY_DATA;
609 if (sw_csum & CSUM_SCTP) {
610 sctp_delayed_cksum(m, (uint32_t)(ip->ip_hl << 2));
611 sw_csum &= ~CSUM_SCTP;
614 m->m_pkthdr.csum_flags &= ifp->if_hwassist;
617 * If small enough for interface, or the interface will take
618 * care of the fragmentation for us, we can just send directly.
621 (m->m_pkthdr.csum_flags & ifp->if_hwassist & CSUM_TSO) != 0 ||
622 ((ip_off & IP_DF) == 0 && (ifp->if_hwassist & CSUM_FRAGMENT))) {
624 if (sw_csum & CSUM_DELAY_IP)
625 ip->ip_sum = in_cksum(m, hlen);
628 * Record statistics for this interface address.
629 * With CSUM_TSO the byte/packet count will be slightly
630 * incorrect because we count the IP+TCP headers only
631 * once instead of for every generated packet.
633 if (!(flags & IP_FORWARDING) && ia) {
634 if (m->m_pkthdr.csum_flags & CSUM_TSO)
635 ia->ia_ifa.if_opackets +=
636 m->m_pkthdr.len / m->m_pkthdr.tso_segsz;
638 ia->ia_ifa.if_opackets++;
639 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
641 #ifdef MBUF_STRESS_TEST
642 if (mbuf_frag_size && m->m_pkthdr.len > mbuf_frag_size)
643 m = m_fragment(m, M_DONTWAIT, mbuf_frag_size);
646 * Reset layer specific mbuf flags
647 * to avoid confusing lower layers.
649 m->m_flags &= ~(M_PROTOFLAGS);
650 error = (*ifp->if_output)(ifp, m,
651 (struct sockaddr *)dst, ro);
655 /* Balk when DF bit is set or the interface didn't support TSO. */
656 if ((ip_off & IP_DF) || (m->m_pkthdr.csum_flags & CSUM_TSO)) {
658 IPSTAT_INC(ips_cantfrag);
663 * Too large for interface; fragment if possible. If successful,
664 * on return, m will point to a list of packets to be sent.
666 error = ip_fragment(ip, &m, mtu, ifp->if_hwassist, sw_csum);
673 /* Record statistics for this interface address. */
675 ia->ia_ifa.if_opackets++;
676 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
679 * Reset layer specific mbuf flags
680 * to avoid confusing upper layers.
682 m->m_flags &= ~(M_PROTOFLAGS);
684 error = (*ifp->if_output)(ifp, m,
685 (struct sockaddr *)dst, ro);
691 IPSTAT_INC(ips_fragmented);
697 ifa_free(&ia->ia_ifa);
705 * Create a chain of fragments which fit the given mtu. m_frag points to the
706 * mbuf to be fragmented; on return it points to the chain with the fragments.
707 * Return 0 if no error. If error, m_frag may contain a partially built
708 * chain of fragments that should be freed by the caller.
710 * if_hwassist_flags is the hw offload capabilities (see if_data.ifi_hwassist)
711 * sw_csum contains the delayed checksums flags (e.g., CSUM_DELAY_IP).
714 ip_fragment(struct ip *ip, struct mbuf **m_frag, int mtu,
715 u_long if_hwassist_flags, int sw_csum)
718 int hlen = ip->ip_hl << 2;
719 int len = (mtu - hlen) & ~7; /* size of payload in each fragment */
721 struct mbuf *m0 = *m_frag; /* the original packet */
725 uint16_t ip_len, ip_off;
727 ip_len = ntohs(ip->ip_len);
728 ip_off = ntohs(ip->ip_off);
730 if (ip_off & IP_DF) { /* Fragmentation not allowed */
731 IPSTAT_INC(ips_cantfrag);
736 * Must be able to put at least 8 bytes per fragment.
742 * If the interface will not calculate checksums on
743 * fragmented packets, then do it here.
745 if (m0->m_pkthdr.csum_flags & CSUM_DELAY_DATA &&
746 (if_hwassist_flags & CSUM_IP_FRAGS) == 0) {
747 in_delayed_cksum(m0);
748 m0->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
751 if (m0->m_pkthdr.csum_flags & CSUM_SCTP &&
752 (if_hwassist_flags & CSUM_IP_FRAGS) == 0) {
753 sctp_delayed_cksum(m0, hlen);
754 m0->m_pkthdr.csum_flags &= ~CSUM_SCTP;
757 if (len > PAGE_SIZE) {
759 * Fragment large datagrams such that each segment
760 * contains a multiple of PAGE_SIZE amount of data,
761 * plus headers. This enables a receiver to perform
762 * page-flipping zero-copy optimizations.
764 * XXX When does this help given that sender and receiver
765 * could have different page sizes, and also mtu could
766 * be less than the receiver's page size ?
771 for (m = m0, off = 0; m && (off+m->m_len) <= mtu; m = m->m_next)
775 * firstlen (off - hlen) must be aligned on an
779 goto smart_frag_failure;
780 off = ((off - hlen) & ~7) + hlen;
781 newlen = (~PAGE_MASK) & mtu;
782 if ((newlen + sizeof (struct ip)) > mtu) {
783 /* we failed, go back the default */
794 firstlen = off - hlen;
795 mnext = &m0->m_nextpkt; /* pointer to next packet */
798 * Loop through length of segment after first fragment,
799 * make new header and copy data of each part and link onto chain.
800 * Here, m0 is the original packet, m is the fragment being created.
801 * The fragments are linked off the m_nextpkt of the original
802 * packet, which after processing serves as the first fragment.
804 for (nfrags = 1; off < ip_len; off += len, nfrags++) {
805 struct ip *mhip; /* ip header on the fragment */
807 int mhlen = sizeof (struct ip);
809 MGETHDR(m, M_DONTWAIT, MT_DATA);
812 IPSTAT_INC(ips_odropped);
815 m->m_flags |= (m0->m_flags & M_MCAST) | M_FRAG;
817 * In the first mbuf, leave room for the link header, then
818 * copy the original IP header including options. The payload
819 * goes into an additional mbuf chain returned by m_copym().
821 m->m_data += max_linkhdr;
822 mhip = mtod(m, struct ip *);
824 if (hlen > sizeof (struct ip)) {
825 mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip);
826 mhip->ip_v = IPVERSION;
827 mhip->ip_hl = mhlen >> 2;
830 /* XXX do we need to add ip_off below ? */
831 mhip->ip_off = ((off - hlen) >> 3) + ip_off;
832 if (off + len >= ip_len) { /* last fragment */
834 m->m_flags |= M_LASTFRAG;
836 mhip->ip_off |= IP_MF;
837 mhip->ip_len = htons((u_short)(len + mhlen));
838 m->m_next = m_copym(m0, off, len, M_DONTWAIT);
839 if (m->m_next == NULL) { /* copy failed */
841 error = ENOBUFS; /* ??? */
842 IPSTAT_INC(ips_odropped);
845 m->m_pkthdr.len = mhlen + len;
846 m->m_pkthdr.rcvif = NULL;
848 mac_netinet_fragment(m0, m);
850 m->m_pkthdr.csum_flags = m0->m_pkthdr.csum_flags;
851 mhip->ip_off = htons(mhip->ip_off);
853 if (sw_csum & CSUM_DELAY_IP)
854 mhip->ip_sum = in_cksum(m, mhlen);
856 mnext = &m->m_nextpkt;
858 IPSTAT_ADD(ips_ofragments, nfrags);
860 /* set first marker for fragment chain */
861 m0->m_flags |= M_FIRSTFRAG | M_FRAG;
862 m0->m_pkthdr.csum_data = nfrags;
865 * Update first fragment by trimming what's been copied out
866 * and updating header.
868 m_adj(m0, hlen + firstlen - ip_len);
869 m0->m_pkthdr.len = hlen + firstlen;
870 ip->ip_len = htons((u_short)m0->m_pkthdr.len);
871 ip->ip_off = htons(ip_off | IP_MF);
873 if (sw_csum & CSUM_DELAY_IP)
874 ip->ip_sum = in_cksum(m0, hlen);
882 in_delayed_cksum(struct mbuf *m)
885 uint16_t csum, offset, ip_len;
887 ip = mtod(m, struct ip *);
888 offset = ip->ip_hl << 2 ;
889 ip_len = ntohs(ip->ip_len);
890 csum = in_cksum_skip(m, ip_len, offset);
891 if (m->m_pkthdr.csum_flags & CSUM_UDP && csum == 0)
893 offset += m->m_pkthdr.csum_data; /* checksum offset */
895 if (offset + sizeof(u_short) > m->m_len) {
896 printf("delayed m_pullup, m->len: %d off: %d p: %d\n",
897 m->m_len, offset, ip->ip_p);
900 * this shouldn't happen, but if it does, the
901 * correct behavior may be to insert the checksum
902 * in the appropriate next mbuf in the chain.
906 *(u_short *)(m->m_data + offset) = csum;
910 * IP socket option processing.
913 ip_ctloutput(struct socket *so, struct sockopt *sopt)
915 struct inpcb *inp = sotoinpcb(so);
919 if (sopt->sopt_level != IPPROTO_IP) {
922 if (sopt->sopt_level == SOL_SOCKET &&
923 sopt->sopt_dir == SOPT_SET) {
924 switch (sopt->sopt_name) {
927 if (IN_MULTICAST(ntohl(inp->inp_laddr.s_addr))) {
928 if ((so->so_options &
929 (SO_REUSEADDR | SO_REUSEPORT)) != 0)
930 inp->inp_flags2 |= INP_REUSEPORT;
932 inp->inp_flags2 &= ~INP_REUSEPORT;
939 if ((so->so_options & SO_REUSEPORT) != 0)
940 inp->inp_flags2 |= INP_REUSEPORT;
942 inp->inp_flags2 &= ~INP_REUSEPORT;
948 inp->inp_inc.inc_fibnum = so->so_fibnum;
959 switch (sopt->sopt_dir) {
961 switch (sopt->sopt_name) {
968 if (sopt->sopt_valsize > MLEN) {
972 MGET(m, sopt->sopt_td ? M_WAIT : M_DONTWAIT, MT_DATA);
977 m->m_len = sopt->sopt_valsize;
978 error = sooptcopyin(sopt, mtod(m, char *), m->m_len,
985 error = ip_pcbopts(inp, sopt->sopt_name, m);
991 if (sopt->sopt_td != NULL) {
992 error = priv_check(sopt->sopt_td,
993 PRIV_NETINET_BINDANY);
1002 case IP_RECVRETOPTS:
1003 case IP_RECVDSTADDR:
1010 error = sooptcopyin(sopt, &optval, sizeof optval,
1015 switch (sopt->sopt_name) {
1017 inp->inp_ip_tos = optval;
1021 inp->inp_ip_ttl = optval;
1025 if (optval >= 0 && optval <= MAXTTL)
1026 inp->inp_ip_minttl = optval;
1031 #define OPTSET(bit) do { \
1034 inp->inp_flags |= bit; \
1036 inp->inp_flags &= ~bit; \
1041 OPTSET(INP_RECVOPTS);
1044 case IP_RECVRETOPTS:
1045 OPTSET(INP_RECVRETOPTS);
1048 case IP_RECVDSTADDR:
1049 OPTSET(INP_RECVDSTADDR);
1053 OPTSET(INP_RECVTTL);
1065 OPTSET(INP_ONESBCAST);
1068 OPTSET(INP_DONTFRAG);
1071 OPTSET(INP_BINDANY);
1074 OPTSET(INP_RECVTOS);
1081 * Multicast socket options are processed by the in_mcast
1084 case IP_MULTICAST_IF:
1085 case IP_MULTICAST_VIF:
1086 case IP_MULTICAST_TTL:
1087 case IP_MULTICAST_LOOP:
1088 case IP_ADD_MEMBERSHIP:
1089 case IP_DROP_MEMBERSHIP:
1090 case IP_ADD_SOURCE_MEMBERSHIP:
1091 case IP_DROP_SOURCE_MEMBERSHIP:
1092 case IP_BLOCK_SOURCE:
1093 case IP_UNBLOCK_SOURCE:
1095 case MCAST_JOIN_GROUP:
1096 case MCAST_LEAVE_GROUP:
1097 case MCAST_JOIN_SOURCE_GROUP:
1098 case MCAST_LEAVE_SOURCE_GROUP:
1099 case MCAST_BLOCK_SOURCE:
1100 case MCAST_UNBLOCK_SOURCE:
1101 error = inp_setmoptions(inp, sopt);
1105 error = sooptcopyin(sopt, &optval, sizeof optval,
1112 case IP_PORTRANGE_DEFAULT:
1113 inp->inp_flags &= ~(INP_LOWPORT);
1114 inp->inp_flags &= ~(INP_HIGHPORT);
1117 case IP_PORTRANGE_HIGH:
1118 inp->inp_flags &= ~(INP_LOWPORT);
1119 inp->inp_flags |= INP_HIGHPORT;
1122 case IP_PORTRANGE_LOW:
1123 inp->inp_flags &= ~(INP_HIGHPORT);
1124 inp->inp_flags |= INP_LOWPORT;
1135 case IP_IPSEC_POLICY:
1140 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
1142 if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
1144 req = mtod(m, caddr_t);
1145 error = ipsec_set_policy(inp, sopt->sopt_name, req,
1146 m->m_len, (sopt->sopt_td != NULL) ?
1147 sopt->sopt_td->td_ucred : NULL);
1154 error = ENOPROTOOPT;
1160 switch (sopt->sopt_name) {
1163 if (inp->inp_options)
1164 error = sooptcopyout(sopt,
1165 mtod(inp->inp_options,
1167 inp->inp_options->m_len);
1169 sopt->sopt_valsize = 0;
1176 case IP_RECVRETOPTS:
1177 case IP_RECVDSTADDR:
1186 switch (sopt->sopt_name) {
1189 optval = inp->inp_ip_tos;
1193 optval = inp->inp_ip_ttl;
1197 optval = inp->inp_ip_minttl;
1200 #define OPTBIT(bit) (inp->inp_flags & bit ? 1 : 0)
1203 optval = OPTBIT(INP_RECVOPTS);
1206 case IP_RECVRETOPTS:
1207 optval = OPTBIT(INP_RECVRETOPTS);
1210 case IP_RECVDSTADDR:
1211 optval = OPTBIT(INP_RECVDSTADDR);
1215 optval = OPTBIT(INP_RECVTTL);
1219 optval = OPTBIT(INP_RECVIF);
1223 if (inp->inp_flags & INP_HIGHPORT)
1224 optval = IP_PORTRANGE_HIGH;
1225 else if (inp->inp_flags & INP_LOWPORT)
1226 optval = IP_PORTRANGE_LOW;
1232 optval = OPTBIT(INP_FAITH);
1236 optval = OPTBIT(INP_ONESBCAST);
1239 optval = OPTBIT(INP_DONTFRAG);
1242 optval = OPTBIT(INP_BINDANY);
1245 optval = OPTBIT(INP_RECVTOS);
1248 error = sooptcopyout(sopt, &optval, sizeof optval);
1252 * Multicast socket options are processed by the in_mcast
1255 case IP_MULTICAST_IF:
1256 case IP_MULTICAST_VIF:
1257 case IP_MULTICAST_TTL:
1258 case IP_MULTICAST_LOOP:
1260 error = inp_getmoptions(inp, sopt);
1264 case IP_IPSEC_POLICY:
1266 struct mbuf *m = NULL;
1271 req = mtod(m, caddr_t);
1274 error = ipsec_get_policy(sotoinpcb(so), req, len, &m);
1276 error = soopt_mcopyout(sopt, m); /* XXX */
1284 error = ENOPROTOOPT;
1293 * Routine called from ip_output() to loop back a copy of an IP multicast
1294 * packet to the input queue of a specified interface. Note that this
1295 * calls the output routine of the loopback "driver", but with an interface
1296 * pointer that might NOT be a loopback interface -- evil, but easier than
1297 * replicating that code here.
1299 * IP header in host byte order.
1302 ip_mloopback(struct ifnet *ifp, struct mbuf *m, struct sockaddr_in *dst,
1305 register struct ip *ip;
1309 * Make a deep copy of the packet because we're going to
1310 * modify the pack in order to generate checksums.
1312 copym = m_dup(m, M_DONTWAIT);
1313 if (copym != NULL && (copym->m_flags & M_EXT || copym->m_len < hlen))
1314 copym = m_pullup(copym, hlen);
1315 if (copym != NULL) {
1316 ip = mtod(copym, struct ip *);
1317 ip->ip_len = htons(ip->ip_len);
1318 ip->ip_off = htons(ip->ip_off);
1319 /* If needed, compute the checksum and mark it as valid. */
1320 if (copym->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
1321 in_delayed_cksum(copym);
1322 copym->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
1323 copym->m_pkthdr.csum_flags |=
1324 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
1325 copym->m_pkthdr.csum_data = 0xffff;
1328 * We don't bother to fragment if the IP length is greater
1329 * than the interface's MTU. Can this possibly matter?
1332 ip->ip_sum = in_cksum(copym, hlen);
1334 if (dst->sin_family != AF_INET) {
1335 printf("ip_mloopback: bad address family %d\n",
1337 dst->sin_family = AF_INET;
1340 if_simloop(ifp, copym, dst->sin_family, 0);