2 * Copyright (c) 1982, 1986, 1988, 1990, 1993
3 * The Regents of the University of California. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 4. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
36 #include "opt_ipsec.h"
38 #include "opt_mbuf_stress_test.h"
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/kernel.h>
43 #include <sys/malloc.h>
47 #include <sys/protosw.h>
48 #include <sys/socket.h>
49 #include <sys/socketvar.h>
50 #include <sys/sysctl.h>
51 #include <sys/ucred.h>
54 #include <net/netisr.h>
56 #include <net/route.h>
58 #include <netinet/in.h>
59 #include <netinet/in_systm.h>
60 #include <netinet/ip.h>
61 #include <netinet/in_pcb.h>
62 #include <netinet/in_var.h>
63 #include <netinet/ip_var.h>
64 #include <netinet/ip_options.h>
67 #include <netinet/ip_ipsec.h>
68 #include <netipsec/ipsec.h>
71 #include <machine/in_cksum.h>
73 #include <security/mac/mac_framework.h>
75 #define print_ip(x, a, y) printf("%s %d.%d.%d.%d%s",\
76 x, (ntohl(a.s_addr)>>24)&0xFF,\
77 (ntohl(a.s_addr)>>16)&0xFF,\
78 (ntohl(a.s_addr)>>8)&0xFF,\
79 (ntohl(a.s_addr))&0xFF, y);
83 #ifdef MBUF_STRESS_TEST
84 int mbuf_frag_size = 0;
85 SYSCTL_INT(_net_inet_ip, OID_AUTO, mbuf_frag_size, CTLFLAG_RW,
86 &mbuf_frag_size, 0, "Fragment outgoing mbufs to this size");
89 static void ip_mloopback
90 (struct ifnet *, struct mbuf *, struct sockaddr_in *, int);
93 extern struct protosw inetsw[];
96 * IP output. The packet in mbuf chain m contains a skeletal IP
97 * header (with len, off, ttl, proto, tos, src, dst).
98 * The mbuf chain containing the packet will be freed.
99 * The mbuf opt, if present, will not be freed.
100 * In the IP forwarding case, the packet will arrive with options already
101 * inserted, so must have a NULL opt pointer.
104 ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags,
105 struct ip_moptions *imo, struct inpcb *inp)
108 struct ifnet *ifp = NULL; /* keep compiler happy */
110 int hlen = sizeof (struct ip);
113 struct sockaddr_in *dst = NULL; /* keep compiler happy */
114 struct in_ifaddr *ia = NULL;
115 int isbroadcast, sw_csum;
116 struct route iproute;
118 #ifdef IPFIREWALL_FORWARD
119 struct m_tag *fwd_tag = NULL;
125 bzero(ro, sizeof (*ro));
129 M_SETFIB(m, inp->inp_inc.inc_fibnum);
130 INP_LOCK_ASSERT(inp);
135 m = ip_insertoptions(m, opt, &len);
139 ip = mtod(m, struct ip *);
142 * Fill in IP header. If we are not allowing fragmentation,
143 * then the ip_id field is meaningless, but we don't set it
144 * to zero. Doing so causes various problems when devices along
145 * the path (routers, load balancers, firewalls, etc.) illegally
146 * disable DF on our packet. Note that a 16-bit counter
147 * will wrap around in less than 10 seconds at 100 Mbit/s on a
148 * medium with MTU 1500. See Steven M. Bellovin, "A Technique
149 * for Counting NATted Hosts", Proc. IMW'02, available at
150 * <http://www.cs.columbia.edu/~smb/papers/fnat.pdf>.
152 if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) {
153 ip->ip_v = IPVERSION;
154 ip->ip_hl = hlen >> 2;
155 ip->ip_id = ip_newid();
156 ipstat.ips_localout++;
158 hlen = ip->ip_hl << 2;
161 dst = (struct sockaddr_in *)&ro->ro_dst;
164 * If there is a cached route,
165 * check that it is to the same destination
166 * and is still up. If not, free it and try again.
167 * The address family should also be checked in case of sharing the
170 if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 ||
171 dst->sin_family != AF_INET ||
172 dst->sin_addr.s_addr != ip->ip_dst.s_addr)) {
174 ro->ro_rt = (struct rtentry *)NULL;
176 #ifdef IPFIREWALL_FORWARD
177 if (ro->ro_rt == NULL && fwd_tag == NULL) {
179 if (ro->ro_rt == NULL) {
181 bzero(dst, sizeof(*dst));
182 dst->sin_family = AF_INET;
183 dst->sin_len = sizeof(*dst);
184 dst->sin_addr = ip->ip_dst;
187 * If routing to interface only, short circuit routing lookup.
188 * The use of an all-ones broadcast address implies this; an
189 * interface is specified by the broadcast address of an interface,
190 * or the destination address of a ptp interface.
192 if (flags & IP_SENDONES) {
193 if ((ia = ifatoia(ifa_ifwithbroadaddr(sintosa(dst)))) == NULL &&
194 (ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL) {
195 ipstat.ips_noroute++;
199 ip->ip_dst.s_addr = INADDR_BROADCAST;
200 dst->sin_addr = ip->ip_dst;
204 } else if (flags & IP_ROUTETOIF) {
205 if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL &&
206 (ia = ifatoia(ifa_ifwithnet(sintosa(dst)))) == NULL) {
207 ipstat.ips_noroute++;
213 isbroadcast = in_broadcast(dst->sin_addr, ifp);
214 } else if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) &&
215 imo != NULL && imo->imo_multicast_ifp != NULL) {
217 * Bypass the normal routing lookup for multicast
218 * packets if the interface is specified.
220 ifp = imo->imo_multicast_ifp;
222 isbroadcast = 0; /* fool gcc */
225 * We want to do any cloning requested by the link layer,
226 * as this is probably required in all cases for correct
227 * operation (as it is for ARP).
229 if (ro->ro_rt == NULL)
230 in_rtalloc_ign(ro, 0,
231 inp ? inp->inp_inc.inc_fibnum : M_GETFIB(m));
232 if (ro->ro_rt == NULL) {
233 ipstat.ips_noroute++;
234 error = EHOSTUNREACH;
237 ia = ifatoia(ro->ro_rt->rt_ifa);
238 ifp = ro->ro_rt->rt_ifp;
239 ro->ro_rt->rt_rmx.rmx_pksent++;
240 if (ro->ro_rt->rt_flags & RTF_GATEWAY)
241 dst = (struct sockaddr_in *)ro->ro_rt->rt_gateway;
242 if (ro->ro_rt->rt_flags & RTF_HOST)
243 isbroadcast = (ro->ro_rt->rt_flags & RTF_BROADCAST);
245 isbroadcast = in_broadcast(dst->sin_addr, ifp);
248 * Calculate MTU. If we have a route that is up, use that,
249 * otherwise use the interface's MTU.
251 if (ro->ro_rt != NULL && (ro->ro_rt->rt_flags & (RTF_UP|RTF_HOST))) {
253 * This case can happen if the user changed the MTU
254 * of an interface after enabling IP on it. Because
255 * most netifs don't keep track of routes pointing to
256 * them, there is no way for one to update all its
257 * routes when the MTU is changed.
259 if (ro->ro_rt->rt_rmx.rmx_mtu > ifp->if_mtu)
260 ro->ro_rt->rt_rmx.rmx_mtu = ifp->if_mtu;
261 mtu = ro->ro_rt->rt_rmx.rmx_mtu;
265 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
266 struct in_multi *inm;
268 m->m_flags |= M_MCAST;
270 * IP destination address is multicast. Make sure "dst"
271 * still points to the address in "ro". (It may have been
272 * changed to point to a gateway address, above.)
274 dst = (struct sockaddr_in *)&ro->ro_dst;
276 * See if the caller provided any multicast options
279 ip->ip_ttl = imo->imo_multicast_ttl;
280 if (imo->imo_multicast_vif != -1)
283 ip_mcast_src(imo->imo_multicast_vif) :
286 ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL;
288 * Confirm that the outgoing interface supports multicast.
290 if ((imo == NULL) || (imo->imo_multicast_vif == -1)) {
291 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
292 ipstat.ips_noroute++;
298 * If source address not specified yet, use address
299 * of outgoing interface.
301 if (ip->ip_src.s_addr == INADDR_ANY) {
302 /* Interface may have no addresses. */
304 ip->ip_src = IA_SIN(ia)->sin_addr;
308 IN_LOOKUP_MULTI(ip->ip_dst, ifp, inm);
310 (imo == NULL || imo->imo_multicast_loop)) {
313 * If we belong to the destination multicast group
314 * on the outgoing interface, and the caller did not
315 * forbid loopback, loop back a copy.
317 ip_mloopback(ifp, m, dst, hlen);
322 * If we are acting as a multicast router, perform
323 * multicast forwarding as if the packet had just
324 * arrived on the interface to which we are about
325 * to send. The multicast forwarding function
326 * recursively calls this function, using the
327 * IP_FORWARDING flag to prevent infinite recursion.
329 * Multicasts that are looped back by ip_mloopback(),
330 * above, will be forwarded by the ip_input() routine,
333 if (ip_mrouter && (flags & IP_FORWARDING) == 0) {
335 * If rsvp daemon is not running, do not
336 * set ip_moptions. This ensures that the packet
337 * is multicast and not just sent down one link
338 * as prescribed by rsvpd.
343 ip_mforward(ip, ifp, m, imo) != 0) {
351 * Multicasts with a time-to-live of zero may be looped-
352 * back, above, but must not be transmitted on a network.
353 * Also, multicasts addressed to the loopback interface
354 * are not sent -- the above call to ip_mloopback() will
355 * loop back a copy if this host actually belongs to the
356 * destination group on the loopback interface.
358 if (ip->ip_ttl == 0 || ifp->if_flags & IFF_LOOPBACK) {
367 * If the source address is not specified yet, use the address
368 * of the outoing interface.
370 if (ip->ip_src.s_addr == INADDR_ANY) {
371 /* Interface may have no addresses. */
373 ip->ip_src = IA_SIN(ia)->sin_addr;
378 * Verify that we have any chance at all of being able to queue the
379 * packet or packet fragments, unless ALTQ is enabled on the given
380 * interface in which case packetdrop should be done by queueing.
383 if ((!ALTQ_IS_ENABLED(&ifp->if_snd)) &&
384 ((ifp->if_snd.ifq_len + ip->ip_len / mtu + 1) >=
385 ifp->if_snd.ifq_maxlen))
387 if ((ifp->if_snd.ifq_len + ip->ip_len / mtu + 1) >=
388 ifp->if_snd.ifq_maxlen)
392 ipstat.ips_odropped++;
393 ifp->if_snd.ifq_drops += (ip->ip_len / ifp->if_mtu + 1);
398 * Look for broadcast address and
399 * verify user is allowed to send
403 if ((ifp->if_flags & IFF_BROADCAST) == 0) {
404 error = EADDRNOTAVAIL;
407 if ((flags & IP_ALLOWBROADCAST) == 0) {
411 /* don't allow broadcast messages to be fragmented */
412 if (ip->ip_len > mtu) {
416 m->m_flags |= M_BCAST;
418 m->m_flags &= ~M_BCAST;
423 switch(ip_ipsec_output(&m, inp, &flags, &error, &ro, &iproute, &dst, &ia, &ifp)) {
430 break; /* Continue with packet processing. */
432 /* Update variables that are affected by ipsec4_output(). */
433 ip = mtod(m, struct ip *);
434 hlen = ip->ip_hl << 2;
437 /* Jump over all PFIL processing if hooks are not active. */
438 if (!PFIL_HOOKED(&inet_pfil_hook))
441 /* Run through list of hooks for output packets. */
442 odst.s_addr = ip->ip_dst.s_addr;
443 error = pfil_run_hooks(&inet_pfil_hook, &m, ifp, PFIL_OUT, inp);
444 if (error != 0 || m == NULL)
447 ip = mtod(m, struct ip *);
449 /* See if destination IP address was changed by packet filter. */
450 if (odst.s_addr != ip->ip_dst.s_addr) {
451 m->m_flags |= M_SKIP_FIREWALL;
452 /* If destination is now ourself drop to ip_input(). */
453 if (in_localip(ip->ip_dst)) {
454 m->m_flags |= M_FASTFWD_OURS;
455 if (m->m_pkthdr.rcvif == NULL)
456 m->m_pkthdr.rcvif = loif;
457 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
458 m->m_pkthdr.csum_flags |=
459 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
460 m->m_pkthdr.csum_data = 0xffff;
462 m->m_pkthdr.csum_flags |=
463 CSUM_IP_CHECKED | CSUM_IP_VALID;
465 error = netisr_queue(NETISR_IP, m);
468 goto again; /* Redo the routing table lookup. */
471 #ifdef IPFIREWALL_FORWARD
472 /* See if local, if yes, send it to netisr with IP_FASTFWD_OURS. */
473 if (m->m_flags & M_FASTFWD_OURS) {
474 if (m->m_pkthdr.rcvif == NULL)
475 m->m_pkthdr.rcvif = loif;
476 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
477 m->m_pkthdr.csum_flags |=
478 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
479 m->m_pkthdr.csum_data = 0xffff;
481 m->m_pkthdr.csum_flags |=
482 CSUM_IP_CHECKED | CSUM_IP_VALID;
484 error = netisr_queue(NETISR_IP, m);
487 /* Or forward to some other address? */
488 fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
490 dst = (struct sockaddr_in *)&ro->ro_dst;
491 bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in));
492 m->m_flags |= M_SKIP_FIREWALL;
493 m_tag_delete(m, fwd_tag);
496 #endif /* IPFIREWALL_FORWARD */
499 /* 127/8 must not appear on wire - RFC1122. */
500 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
501 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
502 if ((ifp->if_flags & IFF_LOOPBACK) == 0) {
503 ipstat.ips_badaddr++;
504 error = EADDRNOTAVAIL;
509 m->m_pkthdr.csum_flags |= CSUM_IP;
510 sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_hwassist;
511 if (sw_csum & CSUM_DELAY_DATA) {
513 sw_csum &= ~CSUM_DELAY_DATA;
515 m->m_pkthdr.csum_flags &= ifp->if_hwassist;
518 * If small enough for interface, or the interface will take
519 * care of the fragmentation for us, we can just send directly.
521 if (ip->ip_len <= mtu ||
522 (m->m_pkthdr.csum_flags & ifp->if_hwassist & CSUM_TSO) != 0 ||
523 ((ip->ip_off & IP_DF) == 0 && (ifp->if_hwassist & CSUM_FRAGMENT))) {
524 ip->ip_len = htons(ip->ip_len);
525 ip->ip_off = htons(ip->ip_off);
527 if (sw_csum & CSUM_DELAY_IP)
528 ip->ip_sum = in_cksum(m, hlen);
531 * Record statistics for this interface address.
532 * With CSUM_TSO the byte/packet count will be slightly
533 * incorrect because we count the IP+TCP headers only
534 * once instead of for every generated packet.
536 if (!(flags & IP_FORWARDING) && ia) {
537 if (m->m_pkthdr.csum_flags & CSUM_TSO)
538 ia->ia_ifa.if_opackets +=
539 m->m_pkthdr.len / m->m_pkthdr.tso_segsz;
541 ia->ia_ifa.if_opackets++;
542 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
544 #ifdef MBUF_STRESS_TEST
545 if (mbuf_frag_size && m->m_pkthdr.len > mbuf_frag_size)
546 m = m_fragment(m, M_DONTWAIT, mbuf_frag_size);
549 * Reset layer specific mbuf flags
550 * to avoid confusing lower layers.
552 m->m_flags &= ~(M_PROTOFLAGS);
554 error = (*ifp->if_output)(ifp, m,
555 (struct sockaddr *)dst, ro->ro_rt);
559 /* Balk when DF bit is set or the interface didn't support TSO. */
560 if ((ip->ip_off & IP_DF) || (m->m_pkthdr.csum_flags & CSUM_TSO)) {
562 ipstat.ips_cantfrag++;
567 * Too large for interface; fragment if possible. If successful,
568 * on return, m will point to a list of packets to be sent.
570 error = ip_fragment(ip, &m, mtu, ifp->if_hwassist, sw_csum);
577 /* Record statistics for this interface address. */
579 ia->ia_ifa.if_opackets++;
580 ia->ia_ifa.if_obytes += m->m_pkthdr.len;
583 * Reset layer specific mbuf flags
584 * to avoid confusing upper layers.
586 m->m_flags &= ~(M_PROTOFLAGS);
588 error = (*ifp->if_output)(ifp, m,
589 (struct sockaddr *)dst, ro->ro_rt);
595 ipstat.ips_fragmented++;
598 if (ro == &iproute && ro->ro_rt) {
608 * Create a chain of fragments which fit the given mtu. m_frag points to the
609 * mbuf to be fragmented; on return it points to the chain with the fragments.
610 * Return 0 if no error. If error, m_frag may contain a partially built
611 * chain of fragments that should be freed by the caller.
613 * if_hwassist_flags is the hw offload capabilities (see if_data.ifi_hwassist)
614 * sw_csum contains the delayed checksums flags (e.g., CSUM_DELAY_IP).
617 ip_fragment(struct ip *ip, struct mbuf **m_frag, int mtu,
618 u_long if_hwassist_flags, int sw_csum)
621 int hlen = ip->ip_hl << 2;
622 int len = (mtu - hlen) & ~7; /* size of payload in each fragment */
624 struct mbuf *m0 = *m_frag; /* the original packet */
629 if (ip->ip_off & IP_DF) { /* Fragmentation not allowed */
630 ipstat.ips_cantfrag++;
635 * Must be able to put at least 8 bytes per fragment.
641 * If the interface will not calculate checksums on
642 * fragmented packets, then do it here.
644 if (m0->m_pkthdr.csum_flags & CSUM_DELAY_DATA &&
645 (if_hwassist_flags & CSUM_IP_FRAGS) == 0) {
646 in_delayed_cksum(m0);
647 m0->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
650 if (len > PAGE_SIZE) {
652 * Fragment large datagrams such that each segment
653 * contains a multiple of PAGE_SIZE amount of data,
654 * plus headers. This enables a receiver to perform
655 * page-flipping zero-copy optimizations.
657 * XXX When does this help given that sender and receiver
658 * could have different page sizes, and also mtu could
659 * be less than the receiver's page size ?
664 for (m = m0, off = 0; m && (off+m->m_len) <= mtu; m = m->m_next)
668 * firstlen (off - hlen) must be aligned on an
672 goto smart_frag_failure;
673 off = ((off - hlen) & ~7) + hlen;
674 newlen = (~PAGE_MASK) & mtu;
675 if ((newlen + sizeof (struct ip)) > mtu) {
676 /* we failed, go back the default */
687 firstlen = off - hlen;
688 mnext = &m0->m_nextpkt; /* pointer to next packet */
691 * Loop through length of segment after first fragment,
692 * make new header and copy data of each part and link onto chain.
693 * Here, m0 is the original packet, m is the fragment being created.
694 * The fragments are linked off the m_nextpkt of the original
695 * packet, which after processing serves as the first fragment.
697 for (nfrags = 1; off < ip->ip_len; off += len, nfrags++) {
698 struct ip *mhip; /* ip header on the fragment */
700 int mhlen = sizeof (struct ip);
702 MGETHDR(m, M_DONTWAIT, MT_DATA);
705 ipstat.ips_odropped++;
708 m->m_flags |= (m0->m_flags & M_MCAST) | M_FRAG;
710 * In the first mbuf, leave room for the link header, then
711 * copy the original IP header including options. The payload
712 * goes into an additional mbuf chain returned by m_copy().
714 m->m_data += max_linkhdr;
715 mhip = mtod(m, struct ip *);
717 if (hlen > sizeof (struct ip)) {
718 mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip);
719 mhip->ip_v = IPVERSION;
720 mhip->ip_hl = mhlen >> 2;
723 /* XXX do we need to add ip->ip_off below ? */
724 mhip->ip_off = ((off - hlen) >> 3) + ip->ip_off;
725 if (off + len >= ip->ip_len) { /* last fragment */
726 len = ip->ip_len - off;
727 m->m_flags |= M_LASTFRAG;
729 mhip->ip_off |= IP_MF;
730 mhip->ip_len = htons((u_short)(len + mhlen));
731 m->m_next = m_copy(m0, off, len);
732 if (m->m_next == NULL) { /* copy failed */
734 error = ENOBUFS; /* ??? */
735 ipstat.ips_odropped++;
738 m->m_pkthdr.len = mhlen + len;
739 m->m_pkthdr.rcvif = NULL;
741 mac_create_fragment(m0, m);
743 m->m_pkthdr.csum_flags = m0->m_pkthdr.csum_flags;
744 mhip->ip_off = htons(mhip->ip_off);
746 if (sw_csum & CSUM_DELAY_IP)
747 mhip->ip_sum = in_cksum(m, mhlen);
749 mnext = &m->m_nextpkt;
751 ipstat.ips_ofragments += nfrags;
753 /* set first marker for fragment chain */
754 m0->m_flags |= M_FIRSTFRAG | M_FRAG;
755 m0->m_pkthdr.csum_data = nfrags;
758 * Update first fragment by trimming what's been copied out
759 * and updating header.
761 m_adj(m0, hlen + firstlen - ip->ip_len);
762 m0->m_pkthdr.len = hlen + firstlen;
763 ip->ip_len = htons((u_short)m0->m_pkthdr.len);
765 ip->ip_off = htons(ip->ip_off);
767 if (sw_csum & CSUM_DELAY_IP)
768 ip->ip_sum = in_cksum(m0, hlen);
776 in_delayed_cksum(struct mbuf *m)
779 u_short csum, offset;
781 ip = mtod(m, struct ip *);
782 offset = ip->ip_hl << 2 ;
783 csum = in_cksum_skip(m, ip->ip_len, offset);
784 if (m->m_pkthdr.csum_flags & CSUM_UDP && csum == 0)
786 offset += m->m_pkthdr.csum_data; /* checksum offset */
788 if (offset + sizeof(u_short) > m->m_len) {
789 printf("delayed m_pullup, m->len: %d off: %d p: %d\n",
790 m->m_len, offset, ip->ip_p);
793 * this shouldn't happen, but if it does, the
794 * correct behavior may be to insert the checksum
795 * in the appropriate next mbuf in the chain.
799 *(u_short *)(m->m_data + offset) = csum;
803 * IP socket option processing.
806 ip_ctloutput(struct socket *so, struct sockopt *sopt)
808 struct inpcb *inp = sotoinpcb(so);
812 if (sopt->sopt_level != IPPROTO_IP) {
813 if ((sopt->sopt_level == SOL_SOCKET) &&
814 (sopt->sopt_name == SO_SETFIB)) {
815 inp->inp_inc.inc_fibnum = so->so_fibnum;
821 switch (sopt->sopt_dir) {
823 switch (sopt->sopt_name) {
830 if (sopt->sopt_valsize > MLEN) {
834 MGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT, MT_DATA);
839 m->m_len = sopt->sopt_valsize;
840 error = sooptcopyin(sopt, mtod(m, char *), m->m_len,
847 error = ip_pcbopts(inp, sopt->sopt_name, m);
863 error = sooptcopyin(sopt, &optval, sizeof optval,
868 switch (sopt->sopt_name) {
870 inp->inp_ip_tos = optval;
874 inp->inp_ip_ttl = optval;
878 if (optval >= 0 && optval <= MAXTTL)
879 inp->inp_ip_minttl = optval;
884 #define OPTSET(bit) do { \
887 inp->inp_flags |= bit; \
889 inp->inp_flags &= ~bit; \
894 OPTSET(INP_RECVOPTS);
898 OPTSET(INP_RECVRETOPTS);
902 OPTSET(INP_RECVDSTADDR);
918 OPTSET(INP_ONESBCAST);
921 OPTSET(INP_DONTFRAG);
928 * Multicast socket options are processed by the in_mcast
931 case IP_MULTICAST_IF:
932 case IP_MULTICAST_VIF:
933 case IP_MULTICAST_TTL:
934 case IP_MULTICAST_LOOP:
935 case IP_ADD_MEMBERSHIP:
936 case IP_DROP_MEMBERSHIP:
937 case IP_ADD_SOURCE_MEMBERSHIP:
938 case IP_DROP_SOURCE_MEMBERSHIP:
939 case IP_BLOCK_SOURCE:
940 case IP_UNBLOCK_SOURCE:
942 case MCAST_JOIN_GROUP:
943 case MCAST_LEAVE_GROUP:
944 case MCAST_JOIN_SOURCE_GROUP:
945 case MCAST_LEAVE_SOURCE_GROUP:
946 case MCAST_BLOCK_SOURCE:
947 case MCAST_UNBLOCK_SOURCE:
948 error = inp_setmoptions(inp, sopt);
952 error = sooptcopyin(sopt, &optval, sizeof optval,
959 case IP_PORTRANGE_DEFAULT:
960 inp->inp_flags &= ~(INP_LOWPORT);
961 inp->inp_flags &= ~(INP_HIGHPORT);
964 case IP_PORTRANGE_HIGH:
965 inp->inp_flags &= ~(INP_LOWPORT);
966 inp->inp_flags |= INP_HIGHPORT;
969 case IP_PORTRANGE_LOW:
970 inp->inp_flags &= ~(INP_HIGHPORT);
971 inp->inp_flags |= INP_LOWPORT;
982 case IP_IPSEC_POLICY:
987 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
989 if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
991 req = mtod(m, caddr_t);
992 error = ipsec4_set_policy(inp, sopt->sopt_name, req,
993 m->m_len, (sopt->sopt_td != NULL) ?
994 sopt->sopt_td->td_ucred : NULL);
1001 error = ENOPROTOOPT;
1007 switch (sopt->sopt_name) {
1010 if (inp->inp_options)
1011 error = sooptcopyout(sopt,
1012 mtod(inp->inp_options,
1014 inp->inp_options->m_len);
1016 sopt->sopt_valsize = 0;
1023 case IP_RECVRETOPTS:
1024 case IP_RECVDSTADDR:
1031 switch (sopt->sopt_name) {
1034 optval = inp->inp_ip_tos;
1038 optval = inp->inp_ip_ttl;
1042 optval = inp->inp_ip_minttl;
1045 #define OPTBIT(bit) (inp->inp_flags & bit ? 1 : 0)
1048 optval = OPTBIT(INP_RECVOPTS);
1051 case IP_RECVRETOPTS:
1052 optval = OPTBIT(INP_RECVRETOPTS);
1055 case IP_RECVDSTADDR:
1056 optval = OPTBIT(INP_RECVDSTADDR);
1060 optval = OPTBIT(INP_RECVTTL);
1064 optval = OPTBIT(INP_RECVIF);
1068 if (inp->inp_flags & INP_HIGHPORT)
1069 optval = IP_PORTRANGE_HIGH;
1070 else if (inp->inp_flags & INP_LOWPORT)
1071 optval = IP_PORTRANGE_LOW;
1077 optval = OPTBIT(INP_FAITH);
1081 optval = OPTBIT(INP_ONESBCAST);
1084 optval = OPTBIT(INP_DONTFRAG);
1087 error = sooptcopyout(sopt, &optval, sizeof optval);
1091 * Multicast socket options are processed by the in_mcast
1094 case IP_MULTICAST_IF:
1095 case IP_MULTICAST_VIF:
1096 case IP_MULTICAST_TTL:
1097 case IP_MULTICAST_LOOP:
1099 error = inp_getmoptions(inp, sopt);
1103 case IP_IPSEC_POLICY:
1105 struct mbuf *m = NULL;
1110 req = mtod(m, caddr_t);
1113 error = ipsec4_get_policy(sotoinpcb(so), req, len, &m);
1115 error = soopt_mcopyout(sopt, m); /* XXX */
1123 error = ENOPROTOOPT;
1132 * Routine called from ip_output() to loop back a copy of an IP multicast
1133 * packet to the input queue of a specified interface. Note that this
1134 * calls the output routine of the loopback "driver", but with an interface
1135 * pointer that might NOT be a loopback interface -- evil, but easier than
1136 * replicating that code here.
1139 ip_mloopback(struct ifnet *ifp, struct mbuf *m, struct sockaddr_in *dst,
1142 register struct ip *ip;
1146 * Make a deep copy of the packet because we're going to
1147 * modify the pack in order to generate checksums.
1149 copym = m_dup(m, M_DONTWAIT);
1150 if (copym != NULL && (copym->m_flags & M_EXT || copym->m_len < hlen))
1151 copym = m_pullup(copym, hlen);
1152 if (copym != NULL) {
1153 /* If needed, compute the checksum and mark it as valid. */
1154 if (copym->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
1155 in_delayed_cksum(copym);
1156 copym->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
1157 copym->m_pkthdr.csum_flags |=
1158 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
1159 copym->m_pkthdr.csum_data = 0xffff;
1162 * We don't bother to fragment if the IP length is greater
1163 * than the interface's MTU. Can this possibly matter?
1165 ip = mtod(copym, struct ip *);
1166 ip->ip_len = htons(ip->ip_len);
1167 ip->ip_off = htons(ip->ip_off);
1169 ip->ip_sum = in_cksum(copym, hlen);
1171 if (dst->sin_family != AF_INET) {
1172 printf("ip_mloopback: bad address family %d\n",
1174 dst->sin_family = AF_INET;
1177 if_simloop(ifp, copym, dst->sin_family, 0);
projects / FreeBSD / releng / 7.2.git / blob