1 /*- 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include "opt_ipfw.h" 36 #include "opt_ipsec.h" 37 #include "opt_mbuf_stress_test.h" 38 #include "opt_mpath.h" 39 #include "opt_route.h" 40 #include "opt_sctp.h" 41 42 #include <sys/param.h> 43 #include <sys/systm.h> 44 #include <sys/kernel.h> 45 #include <sys/malloc.h> 46 #include <sys/mbuf.h> 47 #include <sys/priv.h> 48 #include <sys/proc.h> 49 #include <sys/protosw.h> 50 #include <sys/sdt.h> 51 #include <sys/socket.h> 52 #include <sys/socketvar.h> 53 #include <sys/sysctl.h> 54 #include <sys/ucred.h> 55 56 #include <net/if.h> 57 #include <net/if_var.h> 58 #include <net/if_llatbl.h> 59 #include <net/netisr.h> 60 #include <net/pfil.h> 61 #include <net/route.h> 62 #include <net/flowtable.h> 63 #ifdef RADIX_MPATH 64 #include <net/radix_mpath.h> 65 #endif 66 #include <net/vnet.h> 67 68 #include <netinet/in.h> 69 #include <netinet/in_kdtrace.h> 70 #include <netinet/in_systm.h> 71 #include <netinet/ip.h> 72 #include <netinet/in_pcb.h> 73 #include <netinet/in_var.h> 74 #include <netinet/ip_var.h> 75 #include <netinet/ip_options.h> 76 #ifdef SCTP 77 #include <netinet/sctp.h> 78 #include <netinet/sctp_crc32.h> 79 #endif 80 81 #ifdef IPSEC 82 #include <netinet/ip_ipsec.h> 83 #include <netipsec/ipsec.h> 84 #endif /* IPSEC*/ 85 86 #include <machine/in_cksum.h> 87 88 #include <security/mac/mac_framework.h> 89 90 VNET_DEFINE(u_short, ip_id); 91 92 #ifdef MBUF_STRESS_TEST 93 static int mbuf_frag_size = 0; 94 SYSCTL_INT(_net_inet_ip, OID_AUTO, mbuf_frag_size, CTLFLAG_RW, 95 &mbuf_frag_size, 0, "Fragment outgoing mbufs to this size"); 96 #endif 97 98 static void ip_mloopback 99 (struct ifnet *, struct mbuf *, struct sockaddr_in *, int); 100 101 102 extern int in_mcast_loop; 103 extern struct protosw inetsw[]; 104 105 /* 106 * IP output. The packet in mbuf chain m contains a skeletal IP 107 * header (with len, off, ttl, proto, tos, src, dst). 108 * The mbuf chain containing the packet will be freed. 109 * The mbuf opt, if present, will not be freed. 110 * If route ro is present and has ro_rt initialized, route lookup would be 111 * skipped and ro->ro_rt would be used. If ro is present but ro->ro_rt is NULL, 112 * then result of route lookup is stored in ro->ro_rt. 113 * 114 * In the IP forwarding case, the packet will arrive with options already 115 * inserted, so must have a NULL opt pointer. 116 */ 117 int 118 ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags, 119 struct ip_moptions *imo, struct inpcb *inp) 120 { 121 struct ip *ip; 122 struct ifnet *ifp = NULL; /* keep compiler happy */ 123 struct mbuf *m0; 124 int hlen = sizeof (struct ip); 125 int mtu; 126 int error = 0; 127 struct sockaddr_in *dst; 128 const struct sockaddr_in *gw; 129 struct in_ifaddr *ia; 130 int isbroadcast; 131 uint16_t ip_len, ip_off; 132 struct route iproute; 133 struct rtentry *rte; /* cache for ro->ro_rt */ 134 struct in_addr odst; 135 struct m_tag *fwd_tag = NULL; 136 #ifdef IPSEC 137 int no_route_but_check_spd = 0; 138 #endif 139 M_ASSERTPKTHDR(m); 140 141 if (inp != NULL) { 142 INP_LOCK_ASSERT(inp); 143 M_SETFIB(m, inp->inp_inc.inc_fibnum); 144 if (inp->inp_flags & (INP_HW_FLOWID|INP_SW_FLOWID)) { 145 m->m_pkthdr.flowid = inp->inp_flowid; 146 m->m_flags |= M_FLOWID; 147 } 148 } 149 150 if (ro == NULL) { 151 ro = &iproute; 152 bzero(ro, sizeof (*ro)); 153 } 154 155 #ifdef FLOWTABLE 156 if (ro->ro_rt == NULL) { 157 struct flentry *fle; 158 159 /* 160 * The flow table returns route entries valid for up to 30 161 * seconds; we rely on the remainder of ip_output() taking no 162 * longer than that long for the stability of ro_rt. The 163 * flow ID assignment must have happened before this point. 164 */ 165 fle = flowtable_lookup_mbuf(V_ip_ft, m, AF_INET); 166 if (fle != NULL) 167 flow_to_route(fle, ro); 168 } 169 #endif 170 171 if (opt) { 172 int len = 0; 173 m = ip_insertoptions(m, opt, &len); 174 if (len != 0) 175 hlen = len; /* ip->ip_hl is updated above */ 176 } 177 ip = mtod(m, struct ip *); 178 ip_len = ntohs(ip->ip_len); 179 ip_off = ntohs(ip->ip_off); 180 181 /* 182 * Fill in IP header. If we are not allowing fragmentation, 183 * then the ip_id field is meaningless, but we don't set it 184 * to zero. Doing so causes various problems when devices along 185 * the path (routers, load balancers, firewalls, etc.) illegally 186 * disable DF on our packet. Note that a 16-bit counter 187 * will wrap around in less than 10 seconds at 100 Mbit/s on a 188 * medium with MTU 1500. See Steven M. Bellovin, "A Technique 189 * for Counting NATted Hosts", Proc. IMW'02, available at 190 * <http://www.cs.columbia.edu/~smb/papers/fnat.pdf>. 191 */ 192 if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) { 193 ip->ip_v = IPVERSION; 194 ip->ip_hl = hlen >> 2; 195 ip->ip_id = ip_newid(); 196 IPSTAT_INC(ips_localout); 197 } else { 198 /* Header already set, fetch hlen from there */ 199 hlen = ip->ip_hl << 2; 200 } 201 202 /* 203 * dst/gw handling: 204 * 205 * dst can be rewritten but always points to &ro->ro_dst. 206 * gw is readonly but can point either to dst OR rt_gateway, 207 * therefore we need restore gw if we're redoing lookup. 208 */ 209 gw = dst = (struct sockaddr_in *)&ro->ro_dst; 210 again: 211 ia = NULL; 212 /* 213 * If there is a cached route, check that it is to the same 214 * destination and is still up. If not, free it and try again. 215 * The address family should also be checked in case of sharing 216 * the cache with IPv6. 217 */ 218 rte = ro->ro_rt; 219 if (rte && ((rte->rt_flags & RTF_UP) == 0 || 220 rte->rt_ifp == NULL || 221 !RT_LINK_IS_UP(rte->rt_ifp) || 222 dst->sin_family != AF_INET || 223 dst->sin_addr.s_addr != ip->ip_dst.s_addr)) { 224 RO_RTFREE(ro); 225 ro->ro_lle = NULL; 226 rte = NULL; 227 gw = dst; 228 } 229 if (rte == NULL && fwd_tag == NULL) { 230 bzero(dst, sizeof(*dst)); 231 dst->sin_family = AF_INET; 232 dst->sin_len = sizeof(*dst); 233 dst->sin_addr = ip->ip_dst; 234 } 235 /* 236 * If routing to interface only, short circuit routing lookup. 237 * The use of an all-ones broadcast address implies this; an 238 * interface is specified by the broadcast address of an interface, 239 * or the destination address of a ptp interface. 240 */ 241 if (flags & IP_SENDONES) { 242 if ((ia = ifatoia(ifa_ifwithbroadaddr(sintosa(dst)))) == NULL && 243 (ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL) { 244 IPSTAT_INC(ips_noroute); 245 error = ENETUNREACH; 246 goto bad; 247 } 248 ip->ip_dst.s_addr = INADDR_BROADCAST; 249 dst->sin_addr = ip->ip_dst; 250 ifp = ia->ia_ifp; 251 ip->ip_ttl = 1; 252 isbroadcast = 1; 253 } else if (flags & IP_ROUTETOIF) { 254 if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL && 255 (ia = ifatoia(ifa_ifwithnet(sintosa(dst), 0))) == NULL) { 256 IPSTAT_INC(ips_noroute); 257 error = ENETUNREACH; 258 goto bad; 259 } 260 ifp = ia->ia_ifp; 261 ip->ip_ttl = 1; 262 isbroadcast = in_broadcast(dst->sin_addr, ifp); 263 } else if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) && 264 imo != NULL && imo->imo_multicast_ifp != NULL) { 265 /* 266 * Bypass the normal routing lookup for multicast 267 * packets if the interface is specified. 268 */ 269 ifp = imo->imo_multicast_ifp; 270 IFP_TO_IA(ifp, ia); 271 isbroadcast = 0; /* fool gcc */ 272 } else { 273 /* 274 * We want to do any cloning requested by the link layer, 275 * as this is probably required in all cases for correct 276 * operation (as it is for ARP). 277 */ 278 if (rte == NULL) { 279 #ifdef RADIX_MPATH 280 rtalloc_mpath_fib(ro, 281 ntohl(ip->ip_src.s_addr ^ ip->ip_dst.s_addr), 282 inp ? inp->inp_inc.inc_fibnum : M_GETFIB(m)); 283 #else 284 in_rtalloc_ign(ro, 0, 285 inp ? inp->inp_inc.inc_fibnum : M_GETFIB(m)); 286 #endif 287 rte = ro->ro_rt; 288 } 289 if (rte == NULL || 290 rte->rt_ifp == NULL || 291 !RT_LINK_IS_UP(rte->rt_ifp)) { 292 #ifdef IPSEC 293 /* 294 * There is no route for this packet, but it is 295 * possible that a matching SPD entry exists. 296 */ 297 no_route_but_check_spd = 1; 298 mtu = 0; /* Silence GCC warning. */ 299 goto sendit; 300 #endif 301 IPSTAT_INC(ips_noroute); 302 error = EHOSTUNREACH; 303 goto bad; 304 } 305 ia = ifatoia(rte->rt_ifa); 306 ifa_ref(&ia->ia_ifa); 307 ifp = rte->rt_ifp; 308 rte->rt_rmx.rmx_pksent++; 309 if (rte->rt_flags & RTF_GATEWAY) 310 gw = (struct sockaddr_in *)rte->rt_gateway; 311 if (rte->rt_flags & RTF_HOST) 312 isbroadcast = (rte->rt_flags & RTF_BROADCAST); 313 else 314 isbroadcast = in_broadcast(gw->sin_addr, ifp); 315 } 316 /* 317 * Calculate MTU. If we have a route that is up, use that, 318 * otherwise use the interface's MTU. 319 */ 320 if (rte != NULL && (rte->rt_flags & (RTF_UP|RTF_HOST))) { 321 /* 322 * This case can happen if the user changed the MTU 323 * of an interface after enabling IP on it. Because 324 * most netifs don't keep track of routes pointing to 325 * them, there is no way for one to update all its 326 * routes when the MTU is changed. 327 */ 328 if (rte->rt_rmx.rmx_mtu > ifp->if_mtu) 329 rte->rt_rmx.rmx_mtu = ifp->if_mtu; 330 mtu = rte->rt_rmx.rmx_mtu; 331 } else { 332 mtu = ifp->if_mtu; 333 } 334 /* Catch a possible divide by zero later. */ 335 KASSERT(mtu > 0, ("%s: mtu %d <= 0, rte=%p (rt_flags=0x%08x) ifp=%p", 336 __func__, mtu, rte, (rte != NULL) ? rte->rt_flags : 0, ifp)); 337 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { 338 m->m_flags |= M_MCAST; 339 /* 340 * IP destination address is multicast. Make sure "gw" 341 * still points to the address in "ro". (It may have been 342 * changed to point to a gateway address, above.) 343 */ 344 gw = dst; 345 /* 346 * See if the caller provided any multicast options 347 */ 348 if (imo != NULL) { 349 ip->ip_ttl = imo->imo_multicast_ttl; 350 if (imo->imo_multicast_vif != -1) 351 ip->ip_src.s_addr = 352 ip_mcast_src ? 353 ip_mcast_src(imo->imo_multicast_vif) : 354 INADDR_ANY; 355 } else 356 ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL; 357 /* 358 * Confirm that the outgoing interface supports multicast. 359 */ 360 if ((imo == NULL) || (imo->imo_multicast_vif == -1)) { 361 if ((ifp->if_flags & IFF_MULTICAST) == 0) { 362 IPSTAT_INC(ips_noroute); 363 error = ENETUNREACH; 364 goto bad; 365 } 366 } 367 /* 368 * If source address not specified yet, use address 369 * of outgoing interface. 370 */ 371 if (ip->ip_src.s_addr == INADDR_ANY) { 372 /* Interface may have no addresses. */ 373 if (ia != NULL) 374 ip->ip_src = IA_SIN(ia)->sin_addr; 375 } 376 377 if ((imo == NULL && in_mcast_loop) || 378 (imo && imo->imo_multicast_loop)) { 379 /* 380 * Loop back multicast datagram if not expressly 381 * forbidden to do so, even if we are not a member 382 * of the group; ip_input() will filter it later, 383 * thus deferring a hash lookup and mutex acquisition 384 * at the expense of a cheap copy using m_copym(). 385 */ 386 ip_mloopback(ifp, m, dst, hlen); 387 } else { 388 /* 389 * If we are acting as a multicast router, perform 390 * multicast forwarding as if the packet had just 391 * arrived on the interface to which we are about 392 * to send. The multicast forwarding function 393 * recursively calls this function, using the 394 * IP_FORWARDING flag to prevent infinite recursion. 395 * 396 * Multicasts that are looped back by ip_mloopback(), 397 * above, will be forwarded by the ip_input() routine, 398 * if necessary. 399 */ 400 if (V_ip_mrouter && (flags & IP_FORWARDING) == 0) { 401 /* 402 * If rsvp daemon is not running, do not 403 * set ip_moptions. This ensures that the packet 404 * is multicast and not just sent down one link 405 * as prescribed by rsvpd. 406 */ 407 if (!V_rsvp_on) 408 imo = NULL; 409 if (ip_mforward && 410 ip_mforward(ip, ifp, m, imo) != 0) { 411 m_freem(m); 412 goto done; 413 } 414 } 415 } 416 417 /* 418 * Multicasts with a time-to-live of zero may be looped- 419 * back, above, but must not be transmitted on a network. 420 * Also, multicasts addressed to the loopback interface 421 * are not sent -- the above call to ip_mloopback() will 422 * loop back a copy. ip_input() will drop the copy if 423 * this host does not belong to the destination group on 424 * the loopback interface. 425 */ 426 if (ip->ip_ttl == 0 || ifp->if_flags & IFF_LOOPBACK) { 427 m_freem(m); 428 goto done; 429 } 430 431 goto sendit; 432 } 433 434 /* 435 * If the source address is not specified yet, use the address 436 * of the outoing interface. 437 */ 438 if (ip->ip_src.s_addr == INADDR_ANY) { 439 /* Interface may have no addresses. */ 440 if (ia != NULL) { 441 ip->ip_src = IA_SIN(ia)->sin_addr; 442 } 443 } 444 445 /* 446 * Both in the SMP world, pre-emption world if_transmit() world, 447 * the following code doesn't really function as intended any further. 448 * 449 * + There can and will be multiple CPUs running this code path 450 * in parallel, and we do no lock holding when checking the 451 * queue depth; 452 * + And since other threads can be running concurrently, even if 453 * we do pass this check, another thread may queue some frames 454 * before this thread does and it will end up partially or fully 455 * failing to send anyway; 456 * + if_transmit() based drivers don't necessarily set ifq_len 457 * at all. 458 * 459 * This should be replaced with a method of pushing an entire list 460 * of fragment frames to the driver and have the driver decide 461 * whether it can queue or not queue the entire set. 462 */ 463 #if 0 464 /* 465 * Verify that we have any chance at all of being able to queue the 466 * packet or packet fragments, unless ALTQ is enabled on the given 467 * interface in which case packetdrop should be done by queueing. 468 */ 469 n = ip_len / mtu + 1; /* how many fragments ? */ 470 if ( 471 #ifdef ALTQ 472 (!ALTQ_IS_ENABLED(&ifp->if_snd)) && 473 #endif /* ALTQ */ 474 (ifp->if_snd.ifq_len + n) >= ifp->if_snd.ifq_maxlen ) { 475 error = ENOBUFS; 476 IPSTAT_INC(ips_odropped); 477 ifp->if_snd.ifq_drops += n; 478 goto bad; 479 } 480 #endif 481 482 /* 483 * Look for broadcast address and 484 * verify user is allowed to send 485 * such a packet. 486 */ 487 if (isbroadcast) { 488 if ((ifp->if_flags & IFF_BROADCAST) == 0) { 489 error = EADDRNOTAVAIL; 490 goto bad; 491 } 492 if ((flags & IP_ALLOWBROADCAST) == 0) { 493 error = EACCES; 494 goto bad; 495 } 496 /* don't allow broadcast messages to be fragmented */ 497 if (ip_len > mtu) { 498 error = EMSGSIZE; 499 goto bad; 500 } 501 m->m_flags |= M_BCAST; 502 } else { 503 m->m_flags &= ~M_BCAST; 504 } 505 506 sendit: 507 #ifdef IPSEC 508 switch(ip_ipsec_output(&m, inp, &flags, &error)) { 509 case 1: 510 goto bad; 511 case -1: 512 goto done; 513 case 0: 514 default: 515 break; /* Continue with packet processing. */ 516 } 517 /* 518 * Check if there was a route for this packet; return error if not. 519 */ 520 if (no_route_but_check_spd) { 521 IPSTAT_INC(ips_noroute); 522 error = EHOSTUNREACH; 523 goto bad; 524 } 525 /* Update variables that are affected by ipsec4_output(). */ 526 ip = mtod(m, struct ip *); 527 hlen = ip->ip_hl << 2; 528 #endif /* IPSEC */ 529 530 /* Jump over all PFIL processing if hooks are not active. */ 531 if (!PFIL_HOOKED(&V_inet_pfil_hook)) 532 goto passout; 533 534 /* Run through list of hooks for output packets. */ 535 odst.s_addr = ip->ip_dst.s_addr; 536 error = pfil_run_hooks(&V_inet_pfil_hook, &m, ifp, PFIL_OUT, inp); 537 if (error != 0 || m == NULL) 538 goto done; 539 540 ip = mtod(m, struct ip *); 541 542 /* See if destination IP address was changed by packet filter. */ 543 if (odst.s_addr != ip->ip_dst.s_addr) { 544 m->m_flags |= M_SKIP_FIREWALL; 545 /* If destination is now ourself drop to ip_input(). */ 546 if (in_localip(ip->ip_dst)) { 547 m->m_flags |= M_FASTFWD_OURS; 548 if (m->m_pkthdr.rcvif == NULL) 549 m->m_pkthdr.rcvif = V_loif; 550 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 551 m->m_pkthdr.csum_flags |= 552 CSUM_DATA_VALID | CSUM_PSEUDO_HDR; 553 m->m_pkthdr.csum_data = 0xffff; 554 } 555 m->m_pkthdr.csum_flags |= 556 CSUM_IP_CHECKED | CSUM_IP_VALID; 557 #ifdef SCTP 558 if (m->m_pkthdr.csum_flags & CSUM_SCTP) 559 m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID; 560 #endif 561 error = netisr_queue(NETISR_IP, m); 562 goto done; 563 } else { 564 if (ia != NULL) 565 ifa_free(&ia->ia_ifa); 566 goto again; /* Redo the routing table lookup. */ 567 } 568 } 569 570 /* See if local, if yes, send it to netisr with IP_FASTFWD_OURS. */ 571 if (m->m_flags & M_FASTFWD_OURS) { 572 if (m->m_pkthdr.rcvif == NULL) 573 m->m_pkthdr.rcvif = V_loif; 574 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 575 m->m_pkthdr.csum_flags |= 576 CSUM_DATA_VALID | CSUM_PSEUDO_HDR; 577 m->m_pkthdr.csum_data = 0xffff; 578 } 579 #ifdef SCTP 580 if (m->m_pkthdr.csum_flags & CSUM_SCTP) 581 m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID; 582 #endif 583 m->m_pkthdr.csum_flags |= 584 CSUM_IP_CHECKED | CSUM_IP_VALID; 585 586 error = netisr_queue(NETISR_IP, m); 587 goto done; 588 } 589 /* Or forward to some other address? */ 590 if ((m->m_flags & M_IP_NEXTHOP) && 591 (fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL) { 592 bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in)); 593 m->m_flags |= M_SKIP_FIREWALL; 594 m->m_flags &= ~M_IP_NEXTHOP; 595 m_tag_delete(m, fwd_tag); 596 if (ia != NULL) 597 ifa_free(&ia->ia_ifa); 598 goto again; 599 } 600 601 passout: 602 /* 127/8 must not appear on wire - RFC1122. */ 603 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || 604 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { 605 if ((ifp->if_flags & IFF_LOOPBACK) == 0) { 606 IPSTAT_INC(ips_badaddr); 607 error = EADDRNOTAVAIL; 608 goto bad; 609 } 610 } 611 612 m->m_pkthdr.csum_flags |= CSUM_IP; 613 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA & ~ifp->if_hwassist) { 614 in_delayed_cksum(m); 615 m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; 616 } 617 #ifdef SCTP 618 if (m->m_pkthdr.csum_flags & CSUM_SCTP & ~ifp->if_hwassist) { 619 sctp_delayed_cksum(m, (uint32_t)(ip->ip_hl << 2)); 620 m->m_pkthdr.csum_flags &= ~CSUM_SCTP; 621 } 622 #endif 623 624 /* 625 * If small enough for interface, or the interface will take 626 * care of the fragmentation for us, we can just send directly. 627 */ 628 if (ip_len <= mtu || 629 (m->m_pkthdr.csum_flags & ifp->if_hwassist & CSUM_TSO) != 0 || 630 ((ip_off & IP_DF) == 0 && (ifp->if_hwassist & CSUM_FRAGMENT))) { 631 ip->ip_sum = 0; 632 if (m->m_pkthdr.csum_flags & CSUM_IP & ~ifp->if_hwassist) { 633 ip->ip_sum = in_cksum(m, hlen); 634 m->m_pkthdr.csum_flags &= ~CSUM_IP; 635 } 636 637 /* 638 * Record statistics for this interface address. 639 * With CSUM_TSO the byte/packet count will be slightly 640 * incorrect because we count the IP+TCP headers only 641 * once instead of for every generated packet. 642 */ 643 if (!(flags & IP_FORWARDING) && ia) { 644 if (m->m_pkthdr.csum_flags & CSUM_TSO) 645 counter_u64_add(ia->ia_ifa.ifa_opackets, 646 m->m_pkthdr.len / m->m_pkthdr.tso_segsz); 647 else 648 counter_u64_add(ia->ia_ifa.ifa_opackets, 1); 649 650 counter_u64_add(ia->ia_ifa.ifa_obytes, m->m_pkthdr.len); 651 } 652 #ifdef MBUF_STRESS_TEST 653 if (mbuf_frag_size && m->m_pkthdr.len > mbuf_frag_size) 654 m = m_fragment(m, M_NOWAIT, mbuf_frag_size); 655 #endif 656 /* 657 * Reset layer specific mbuf flags 658 * to avoid confusing lower layers. 659 */ 660 m_clrprotoflags(m); 661 IP_PROBE(send, NULL, NULL, ip, ifp, ip, NULL); 662 error = (*ifp->if_output)(ifp, m, 663 (const struct sockaddr *)gw, ro); 664 goto done; 665 } 666 667 /* Balk when DF bit is set or the interface didn't support TSO. */ 668 if ((ip_off & IP_DF) || (m->m_pkthdr.csum_flags & CSUM_TSO)) { 669 error = EMSGSIZE; 670 IPSTAT_INC(ips_cantfrag); 671 goto bad; 672 } 673 674 /* 675 * Too large for interface; fragment if possible. If successful, 676 * on return, m will point to a list of packets to be sent. 677 */ 678 error = ip_fragment(ip, &m, mtu, ifp->if_hwassist); 679 if (error) 680 goto bad; 681 for (; m; m = m0) { 682 m0 = m->m_nextpkt; 683 m->m_nextpkt = 0; 684 if (error == 0) { 685 /* Record statistics for this interface address. */ 686 if (ia != NULL) { 687 counter_u64_add(ia->ia_ifa.ifa_opackets, 1); 688 counter_u64_add(ia->ia_ifa.ifa_obytes, 689 m->m_pkthdr.len); 690 } 691 /* 692 * Reset layer specific mbuf flags 693 * to avoid confusing upper layers. 694 */ 695 m_clrprotoflags(m); 696 697 IP_PROBE(send, NULL, NULL, ip, ifp, ip, NULL); 698 error = (*ifp->if_output)(ifp, m, 699 (const struct sockaddr *)gw, ro); 700 } else 701 m_freem(m); 702 } 703 704 if (error == 0) 705 IPSTAT_INC(ips_fragmented); 706 707 done: 708 if (ro == &iproute) 709 RO_RTFREE(ro); 710 if (ia != NULL) 711 ifa_free(&ia->ia_ifa); 712 return (error); 713 bad: 714 m_freem(m); 715 goto done; 716 } 717 718 /* 719 * Create a chain of fragments which fit the given mtu. m_frag points to the 720 * mbuf to be fragmented; on return it points to the chain with the fragments. 721 * Return 0 if no error. If error, m_frag may contain a partially built 722 * chain of fragments that should be freed by the caller. 723 * 724 * if_hwassist_flags is the hw offload capabilities (see if_data.ifi_hwassist) 725 */ 726 int 727 ip_fragment(struct ip *ip, struct mbuf **m_frag, int mtu, 728 u_long if_hwassist_flags) 729 { 730 int error = 0; 731 int hlen = ip->ip_hl << 2; 732 int len = (mtu - hlen) & ~7; /* size of payload in each fragment */ 733 int off; 734 struct mbuf *m0 = *m_frag; /* the original packet */ 735 int firstlen; 736 struct mbuf **mnext; 737 int nfrags; 738 uint16_t ip_len, ip_off; 739 740 ip_len = ntohs(ip->ip_len); 741 ip_off = ntohs(ip->ip_off); 742 743 if (ip_off & IP_DF) { /* Fragmentation not allowed */ 744 IPSTAT_INC(ips_cantfrag); 745 return EMSGSIZE; 746 } 747 748 /* 749 * Must be able to put at least 8 bytes per fragment. 750 */ 751 if (len < 8) 752 return EMSGSIZE; 753 754 /* 755 * If the interface will not calculate checksums on 756 * fragmented packets, then do it here. 757 */ 758 if (m0->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 759 in_delayed_cksum(m0); 760 m0->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; 761 } 762 #ifdef SCTP 763 if (m0->m_pkthdr.csum_flags & CSUM_SCTP) { 764 sctp_delayed_cksum(m0, hlen); 765 m0->m_pkthdr.csum_flags &= ~CSUM_SCTP; 766 } 767 #endif 768 if (len > PAGE_SIZE) { 769 /* 770 * Fragment large datagrams such that each segment 771 * contains a multiple of PAGE_SIZE amount of data, 772 * plus headers. This enables a receiver to perform 773 * page-flipping zero-copy optimizations. 774 * 775 * XXX When does this help given that sender and receiver 776 * could have different page sizes, and also mtu could 777 * be less than the receiver's page size ? 778 */ 779 int newlen; 780 struct mbuf *m; 781 782 for (m = m0, off = 0; m && (off+m->m_len) <= mtu; m = m->m_next) 783 off += m->m_len; 784 785 /* 786 * firstlen (off - hlen) must be aligned on an 787 * 8-byte boundary 788 */ 789 if (off < hlen) 790 goto smart_frag_failure; 791 off = ((off - hlen) & ~7) + hlen; 792 newlen = (~PAGE_MASK) & mtu; 793 if ((newlen + sizeof (struct ip)) > mtu) { 794 /* we failed, go back the default */ 795 smart_frag_failure: 796 newlen = len; 797 off = hlen + len; 798 } 799 len = newlen; 800 801 } else { 802 off = hlen + len; 803 } 804 805 firstlen = off - hlen; 806 mnext = &m0->m_nextpkt; /* pointer to next packet */ 807 808 /* 809 * Loop through length of segment after first fragment, 810 * make new header and copy data of each part and link onto chain. 811 * Here, m0 is the original packet, m is the fragment being created. 812 * The fragments are linked off the m_nextpkt of the original 813 * packet, which after processing serves as the first fragment. 814 */ 815 for (nfrags = 1; off < ip_len; off += len, nfrags++) { 816 struct ip *mhip; /* ip header on the fragment */ 817 struct mbuf *m; 818 int mhlen = sizeof (struct ip); 819 820 m = m_gethdr(M_NOWAIT, MT_DATA); 821 if (m == NULL) { 822 error = ENOBUFS; 823 IPSTAT_INC(ips_odropped); 824 goto done; 825 } 826 m->m_flags |= (m0->m_flags & M_MCAST); 827 /* 828 * In the first mbuf, leave room for the link header, then 829 * copy the original IP header including options. The payload 830 * goes into an additional mbuf chain returned by m_copym(). 831 */ 832 m->m_data += max_linkhdr; 833 mhip = mtod(m, struct ip *); 834 *mhip = *ip; 835 if (hlen > sizeof (struct ip)) { 836 mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip); 837 mhip->ip_v = IPVERSION; 838 mhip->ip_hl = mhlen >> 2; 839 } 840 m->m_len = mhlen; 841 /* XXX do we need to add ip_off below ? */ 842 mhip->ip_off = ((off - hlen) >> 3) + ip_off; 843 if (off + len >= ip_len) 844 len = ip_len - off; 845 else 846 mhip->ip_off |= IP_MF; 847 mhip->ip_len = htons((u_short)(len + mhlen)); 848 m->m_next = m_copym(m0, off, len, M_NOWAIT); 849 if (m->m_next == NULL) { /* copy failed */ 850 m_free(m); 851 error = ENOBUFS; /* ??? */ 852 IPSTAT_INC(ips_odropped); 853 goto done; 854 } 855 m->m_pkthdr.len = mhlen + len; 856 m->m_pkthdr.rcvif = NULL; 857 #ifdef MAC 858 mac_netinet_fragment(m0, m); 859 #endif 860 m->m_pkthdr.csum_flags = m0->m_pkthdr.csum_flags; 861 mhip->ip_off = htons(mhip->ip_off); 862 mhip->ip_sum = 0; 863 if (m->m_pkthdr.csum_flags & CSUM_IP & ~if_hwassist_flags) { 864 mhip->ip_sum = in_cksum(m, mhlen); 865 m->m_pkthdr.csum_flags &= ~CSUM_IP; 866 } 867 *mnext = m; 868 mnext = &m->m_nextpkt; 869 } 870 IPSTAT_ADD(ips_ofragments, nfrags); 871 872 /* 873 * Update first fragment by trimming what's been copied out 874 * and updating header. 875 */ 876 m_adj(m0, hlen + firstlen - ip_len); 877 m0->m_pkthdr.len = hlen + firstlen; 878 ip->ip_len = htons((u_short)m0->m_pkthdr.len); 879 ip->ip_off = htons(ip_off | IP_MF); 880 ip->ip_sum = 0; 881 if (m0->m_pkthdr.csum_flags & CSUM_IP & ~if_hwassist_flags) { 882 ip->ip_sum = in_cksum(m0, hlen); 883 m0->m_pkthdr.csum_flags &= ~CSUM_IP; 884 } 885 886 done: 887 *m_frag = m0; 888 return error; 889 } 890 891 void 892 in_delayed_cksum(struct mbuf *m) 893 { 894 struct ip *ip; 895 uint16_t csum, offset, ip_len; 896 897 ip = mtod(m, struct ip *); 898 offset = ip->ip_hl << 2 ; 899 ip_len = ntohs(ip->ip_len); 900 csum = in_cksum_skip(m, ip_len, offset); 901 if (m->m_pkthdr.csum_flags & CSUM_UDP && csum == 0) 902 csum = 0xffff; 903 offset += m->m_pkthdr.csum_data; /* checksum offset */ 904 905 if (offset + sizeof(u_short) > m->m_len) { 906 printf("delayed m_pullup, m->len: %d off: %d p: %d\n", 907 m->m_len, offset, ip->ip_p); 908 /* 909 * XXX 910 * this shouldn't happen, but if it does, the 911 * correct behavior may be to insert the checksum 912 * in the appropriate next mbuf in the chain. 913 */ 914 return; 915 } 916 *(u_short *)(m->m_data + offset) = csum; 917 } 918 919 /* 920 * IP socket option processing. 921 */ 922 int 923 ip_ctloutput(struct socket *so, struct sockopt *sopt) 924 { 925 struct inpcb *inp = sotoinpcb(so); 926 int error, optval; 927 928 error = optval = 0; 929 if (sopt->sopt_level != IPPROTO_IP) { 930 error = EINVAL; 931 932 if (sopt->sopt_level == SOL_SOCKET && 933 sopt->sopt_dir == SOPT_SET) { 934 switch (sopt->sopt_name) { 935 case SO_REUSEADDR: 936 INP_WLOCK(inp); 937 if ((so->so_options & SO_REUSEADDR) != 0) 938 inp->inp_flags2 |= INP_REUSEADDR; 939 else 940 inp->inp_flags2 &= ~INP_REUSEADDR; 941 INP_WUNLOCK(inp); 942 error = 0; 943 break; 944 case SO_REUSEPORT: 945 INP_WLOCK(inp); 946 if ((so->so_options & SO_REUSEPORT) != 0) 947 inp->inp_flags2 |= INP_REUSEPORT; 948 else 949 inp->inp_flags2 &= ~INP_REUSEPORT; 950 INP_WUNLOCK(inp); 951 error = 0; 952 break; 953 case SO_SETFIB: 954 INP_WLOCK(inp); 955 inp->inp_inc.inc_fibnum = so->so_fibnum; 956 INP_WUNLOCK(inp); 957 error = 0; 958 break; 959 default: 960 break; 961 } 962 } 963 return (error); 964 } 965 966 switch (sopt->sopt_dir) { 967 case SOPT_SET: 968 switch (sopt->sopt_name) { 969 case IP_OPTIONS: 970 #ifdef notyet 971 case IP_RETOPTS: 972 #endif 973 { 974 struct mbuf *m; 975 if (sopt->sopt_valsize > MLEN) { 976 error = EMSGSIZE; 977 break; 978 } 979 m = m_get(sopt->sopt_td ? M_WAITOK : M_NOWAIT, MT_DATA); 980 if (m == NULL) { 981 error = ENOBUFS; 982 break; 983 } 984 m->m_len = sopt->sopt_valsize; 985 error = sooptcopyin(sopt, mtod(m, char *), m->m_len, 986 m->m_len); 987 if (error) { 988 m_free(m); 989 break; 990 } 991 INP_WLOCK(inp); 992 error = ip_pcbopts(inp, sopt->sopt_name, m); 993 INP_WUNLOCK(inp); 994 return (error); 995 } 996 997 case IP_BINDANY: 998 if (sopt->sopt_td != NULL) { 999 error = priv_check(sopt->sopt_td, 1000 PRIV_NETINET_BINDANY); 1001 if (error) 1002 break; 1003 } 1004 /* FALLTHROUGH */ 1005 case IP_TOS: 1006 case IP_TTL: 1007 case IP_MINTTL: 1008 case IP_RECVOPTS: 1009 case IP_RECVRETOPTS: 1010 case IP_RECVDSTADDR: 1011 case IP_RECVTTL: 1012 case IP_RECVIF: 1013 case IP_FAITH: 1014 case IP_ONESBCAST: 1015 case IP_DONTFRAG: 1016 case IP_RECVTOS: 1017 error = sooptcopyin(sopt, &optval, sizeof optval, 1018 sizeof optval); 1019 if (error) 1020 break; 1021 1022 switch (sopt->sopt_name) { 1023 case IP_TOS: 1024 inp->inp_ip_tos = optval; 1025 break; 1026 1027 case IP_TTL: 1028 inp->inp_ip_ttl = optval; 1029 break; 1030 1031 case IP_MINTTL: 1032 if (optval >= 0 && optval <= MAXTTL) 1033 inp->inp_ip_minttl = optval; 1034 else 1035 error = EINVAL; 1036 break; 1037 1038 #define OPTSET(bit) do { \ 1039 INP_WLOCK(inp); \ 1040 if (optval) \ 1041 inp->inp_flags |= bit; \ 1042 else \ 1043 inp->inp_flags &= ~bit; \ 1044 INP_WUNLOCK(inp); \ 1045 } while (0) 1046 1047 case IP_RECVOPTS: 1048 OPTSET(INP_RECVOPTS); 1049 break; 1050 1051 case IP_RECVRETOPTS: 1052 OPTSET(INP_RECVRETOPTS); 1053 break; 1054 1055 case IP_RECVDSTADDR: 1056 OPTSET(INP_RECVDSTADDR); 1057 break; 1058 1059 case IP_RECVTTL: 1060 OPTSET(INP_RECVTTL); 1061 break; 1062 1063 case IP_RECVIF: 1064 OPTSET(INP_RECVIF); 1065 break; 1066 1067 case IP_FAITH: 1068 OPTSET(INP_FAITH); 1069 break; 1070 1071 case IP_ONESBCAST: 1072 OPTSET(INP_ONESBCAST); 1073 break; 1074 case IP_DONTFRAG: 1075 OPTSET(INP_DONTFRAG); 1076 break; 1077 case IP_BINDANY: 1078 OPTSET(INP_BINDANY); 1079 break; 1080 case IP_RECVTOS: 1081 OPTSET(INP_RECVTOS); 1082 break; 1083 } 1084 break; 1085 #undef OPTSET 1086 1087 /* 1088 * Multicast socket options are processed by the in_mcast 1089 * module. 1090 */ 1091 case IP_MULTICAST_IF: 1092 case IP_MULTICAST_VIF: 1093 case IP_MULTICAST_TTL: 1094 case IP_MULTICAST_LOOP: 1095 case IP_ADD_MEMBERSHIP: 1096 case IP_DROP_MEMBERSHIP: 1097 case IP_ADD_SOURCE_MEMBERSHIP: 1098 case IP_DROP_SOURCE_MEMBERSHIP: 1099 case IP_BLOCK_SOURCE: 1100 case IP_UNBLOCK_SOURCE: 1101 case IP_MSFILTER: 1102 case MCAST_JOIN_GROUP: 1103 case MCAST_LEAVE_GROUP: 1104 case MCAST_JOIN_SOURCE_GROUP: 1105 case MCAST_LEAVE_SOURCE_GROUP: 1106 case MCAST_BLOCK_SOURCE: 1107 case MCAST_UNBLOCK_SOURCE: 1108 error = inp_setmoptions(inp, sopt); 1109 break; 1110 1111 case IP_PORTRANGE: 1112 error = sooptcopyin(sopt, &optval, sizeof optval, 1113 sizeof optval); 1114 if (error) 1115 break; 1116 1117 INP_WLOCK(inp); 1118 switch (optval) { 1119 case IP_PORTRANGE_DEFAULT: 1120 inp->inp_flags &= ~(INP_LOWPORT); 1121 inp->inp_flags &= ~(INP_HIGHPORT); 1122 break; 1123 1124 case IP_PORTRANGE_HIGH: 1125 inp->inp_flags &= ~(INP_LOWPORT); 1126 inp->inp_flags |= INP_HIGHPORT; 1127 break; 1128 1129 case IP_PORTRANGE_LOW: 1130 inp->inp_flags &= ~(INP_HIGHPORT); 1131 inp->inp_flags |= INP_LOWPORT; 1132 break; 1133 1134 default: 1135 error = EINVAL; 1136 break; 1137 } 1138 INP_WUNLOCK(inp); 1139 break; 1140 1141 #ifdef IPSEC 1142 case IP_IPSEC_POLICY: 1143 { 1144 caddr_t req; 1145 struct mbuf *m; 1146 1147 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */ 1148 break; 1149 if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */ 1150 break; 1151 req = mtod(m, caddr_t); 1152 error = ipsec_set_policy(inp, sopt->sopt_name, req, 1153 m->m_len, (sopt->sopt_td != NULL) ? 1154 sopt->sopt_td->td_ucred : NULL); 1155 m_freem(m); 1156 break; 1157 } 1158 #endif /* IPSEC */ 1159 1160 default: 1161 error = ENOPROTOOPT; 1162 break; 1163 } 1164 break; 1165 1166 case SOPT_GET: 1167 switch (sopt->sopt_name) { 1168 case IP_OPTIONS: 1169 case IP_RETOPTS: 1170 if (inp->inp_options) 1171 error = sooptcopyout(sopt, 1172 mtod(inp->inp_options, 1173 char *), 1174 inp->inp_options->m_len); 1175 else 1176 sopt->sopt_valsize = 0; 1177 break; 1178 1179 case IP_TOS: 1180 case IP_TTL: 1181 case IP_MINTTL: 1182 case IP_RECVOPTS: 1183 case IP_RECVRETOPTS: 1184 case IP_RECVDSTADDR: 1185 case IP_RECVTTL: 1186 case IP_RECVIF: 1187 case IP_PORTRANGE: 1188 case IP_FAITH: 1189 case IP_ONESBCAST: 1190 case IP_DONTFRAG: 1191 case IP_BINDANY: 1192 case IP_RECVTOS: 1193 switch (sopt->sopt_name) { 1194 1195 case IP_TOS: 1196 optval = inp->inp_ip_tos; 1197 break; 1198 1199 case IP_TTL: 1200 optval = inp->inp_ip_ttl; 1201 break; 1202 1203 case IP_MINTTL: 1204 optval = inp->inp_ip_minttl; 1205 break; 1206 1207 #define OPTBIT(bit) (inp->inp_flags & bit ? 1 : 0) 1208 1209 case IP_RECVOPTS: 1210 optval = OPTBIT(INP_RECVOPTS); 1211 break; 1212 1213 case IP_RECVRETOPTS: 1214 optval = OPTBIT(INP_RECVRETOPTS); 1215 break; 1216 1217 case IP_RECVDSTADDR: 1218 optval = OPTBIT(INP_RECVDSTADDR); 1219 break; 1220 1221 case IP_RECVTTL: 1222 optval = OPTBIT(INP_RECVTTL); 1223 break; 1224 1225 case IP_RECVIF: 1226 optval = OPTBIT(INP_RECVIF); 1227 break; 1228 1229 case IP_PORTRANGE: 1230 if (inp->inp_flags & INP_HIGHPORT) 1231 optval = IP_PORTRANGE_HIGH; 1232 else if (inp->inp_flags & INP_LOWPORT) 1233 optval = IP_PORTRANGE_LOW; 1234 else 1235 optval = 0; 1236 break; 1237 1238 case IP_FAITH: 1239 optval = OPTBIT(INP_FAITH); 1240 break; 1241 1242 case IP_ONESBCAST: 1243 optval = OPTBIT(INP_ONESBCAST); 1244 break; 1245 case IP_DONTFRAG: 1246 optval = OPTBIT(INP_DONTFRAG); 1247 break; 1248 case IP_BINDANY: 1249 optval = OPTBIT(INP_BINDANY); 1250 break; 1251 case IP_RECVTOS: 1252 optval = OPTBIT(INP_RECVTOS); 1253 break; 1254 } 1255 error = sooptcopyout(sopt, &optval, sizeof optval); 1256 break; 1257 1258 /* 1259 * Multicast socket options are processed by the in_mcast 1260 * module. 1261 */ 1262 case IP_MULTICAST_IF: 1263 case IP_MULTICAST_VIF: 1264 case IP_MULTICAST_TTL: 1265 case IP_MULTICAST_LOOP: 1266 case IP_MSFILTER: 1267 error = inp_getmoptions(inp, sopt); 1268 break; 1269 1270 #ifdef IPSEC 1271 case IP_IPSEC_POLICY: 1272 { 1273 struct mbuf *m = NULL; 1274 caddr_t req = NULL; 1275 size_t len = 0; 1276 1277 if (m != 0) { 1278 req = mtod(m, caddr_t); 1279 len = m->m_len; 1280 } 1281 error = ipsec_get_policy(sotoinpcb(so), req, len, &m); 1282 if (error == 0) 1283 error = soopt_mcopyout(sopt, m); /* XXX */ 1284 if (error == 0) 1285 m_freem(m); 1286 break; 1287 } 1288 #endif /* IPSEC */ 1289 1290 default: 1291 error = ENOPROTOOPT; 1292 break; 1293 } 1294 break; 1295 } 1296 return (error); 1297 } 1298 1299 /* 1300 * Routine called from ip_output() to loop back a copy of an IP multicast 1301 * packet to the input queue of a specified interface. Note that this 1302 * calls the output routine of the loopback "driver", but with an interface 1303 * pointer that might NOT be a loopback interface -- evil, but easier than 1304 * replicating that code here. 1305 */ 1306 static void 1307 ip_mloopback(struct ifnet *ifp, struct mbuf *m, struct sockaddr_in *dst, 1308 int hlen) 1309 { 1310 register struct ip *ip; 1311 struct mbuf *copym; 1312 1313 /* 1314 * Make a deep copy of the packet because we're going to 1315 * modify the pack in order to generate checksums. 1316 */ 1317 copym = m_dup(m, M_NOWAIT); 1318 if (copym != NULL && (copym->m_flags & M_EXT || copym->m_len < hlen)) 1319 copym = m_pullup(copym, hlen); 1320 if (copym != NULL) { 1321 /* If needed, compute the checksum and mark it as valid. */ 1322 if (copym->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 1323 in_delayed_cksum(copym); 1324 copym->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; 1325 copym->m_pkthdr.csum_flags |= 1326 CSUM_DATA_VALID | CSUM_PSEUDO_HDR; 1327 copym->m_pkthdr.csum_data = 0xffff; 1328 } 1329 /* 1330 * We don't bother to fragment if the IP length is greater 1331 * than the interface's MTU. Can this possibly matter? 1332 */ 1333 ip = mtod(copym, struct ip *); 1334 ip->ip_sum = 0; 1335 ip->ip_sum = in_cksum(copym, hlen); 1336 #if 1 /* XXX */ 1337 if (dst->sin_family != AF_INET) { 1338 printf("ip_mloopback: bad address family %d\n", 1339 dst->sin_family); 1340 dst->sin_family = AF_INET; 1341 } 1342 #endif 1343 if_simloop(ifp, copym, dst->sin_family, 0); 1344 } 1345 } 1346