xref: /freebsd/sys/netinet/ip_output.c (revision 5dd76dd0cc19450133aa379ce0ce4a68ae07fb39)
1 /*-
2  * Copyright (c) 1982, 1986, 1988, 1990, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 4. Neither the name of the University nor the names of its contributors
14  *    may be used to endorse or promote products derived from this software
15  *    without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  *	@(#)ip_output.c	8.3 (Berkeley) 1/21/94
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34 
35 #include "opt_ipfw.h"
36 #include "opt_ipsec.h"
37 #include "opt_mbuf_stress_test.h"
38 #include "opt_mpath.h"
39 #include "opt_route.h"
40 #include "opt_sctp.h"
41 
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/kernel.h>
45 #include <sys/malloc.h>
46 #include <sys/mbuf.h>
47 #include <sys/priv.h>
48 #include <sys/proc.h>
49 #include <sys/protosw.h>
50 #include <sys/sdt.h>
51 #include <sys/socket.h>
52 #include <sys/socketvar.h>
53 #include <sys/sysctl.h>
54 #include <sys/ucred.h>
55 
56 #include <net/if.h>
57 #include <net/if_var.h>
58 #include <net/if_llatbl.h>
59 #include <net/netisr.h>
60 #include <net/pfil.h>
61 #include <net/route.h>
62 #include <net/flowtable.h>
63 #ifdef RADIX_MPATH
64 #include <net/radix_mpath.h>
65 #endif
66 #include <net/vnet.h>
67 
68 #include <netinet/in.h>
69 #include <netinet/in_kdtrace.h>
70 #include <netinet/in_systm.h>
71 #include <netinet/ip.h>
72 #include <netinet/in_pcb.h>
73 #include <netinet/in_var.h>
74 #include <netinet/ip_var.h>
75 #include <netinet/ip_options.h>
76 #ifdef SCTP
77 #include <netinet/sctp.h>
78 #include <netinet/sctp_crc32.h>
79 #endif
80 
81 #ifdef IPSEC
82 #include <netinet/ip_ipsec.h>
83 #include <netipsec/ipsec.h>
84 #endif /* IPSEC*/
85 
86 #include <machine/in_cksum.h>
87 
88 #include <security/mac/mac_framework.h>
89 
90 VNET_DEFINE(u_short, ip_id);
91 
92 #ifdef MBUF_STRESS_TEST
93 static int mbuf_frag_size = 0;
94 SYSCTL_INT(_net_inet_ip, OID_AUTO, mbuf_frag_size, CTLFLAG_RW,
95 	&mbuf_frag_size, 0, "Fragment outgoing mbufs to this size");
96 #endif
97 
98 static void	ip_mloopback
99 	(struct ifnet *, struct mbuf *, struct sockaddr_in *, int);
100 
101 
102 extern int in_mcast_loop;
103 extern	struct protosw inetsw[];
104 
105 /*
106  * IP output.  The packet in mbuf chain m contains a skeletal IP
107  * header (with len, off, ttl, proto, tos, src, dst).
108  * The mbuf chain containing the packet will be freed.
109  * The mbuf opt, if present, will not be freed.
110  * If route ro is present and has ro_rt initialized, route lookup would be
111  * skipped and ro->ro_rt would be used. If ro is present but ro->ro_rt is NULL,
112  * then result of route lookup is stored in ro->ro_rt.
113  *
114  * In the IP forwarding case, the packet will arrive with options already
115  * inserted, so must have a NULL opt pointer.
116  */
117 int
118 ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags,
119     struct ip_moptions *imo, struct inpcb *inp)
120 {
121 	struct ip *ip;
122 	struct ifnet *ifp = NULL;	/* keep compiler happy */
123 	struct mbuf *m0;
124 	int hlen = sizeof (struct ip);
125 	int mtu;
126 	int error = 0;
127 	struct sockaddr_in *dst;
128 	const struct sockaddr_in *gw;
129 	struct in_ifaddr *ia;
130 	int isbroadcast;
131 	uint16_t ip_len, ip_off;
132 	struct route iproute;
133 	struct rtentry *rte;	/* cache for ro->ro_rt */
134 	struct in_addr odst;
135 	struct m_tag *fwd_tag = NULL;
136 #ifdef IPSEC
137 	int no_route_but_check_spd = 0;
138 #endif
139 	M_ASSERTPKTHDR(m);
140 
141 	if (inp != NULL) {
142 		INP_LOCK_ASSERT(inp);
143 		M_SETFIB(m, inp->inp_inc.inc_fibnum);
144 		if (inp->inp_flags & (INP_HW_FLOWID|INP_SW_FLOWID)) {
145 			m->m_pkthdr.flowid = inp->inp_flowid;
146 			m->m_flags |= M_FLOWID;
147 		}
148 	}
149 
150 	if (ro == NULL) {
151 		ro = &iproute;
152 		bzero(ro, sizeof (*ro));
153 	}
154 
155 #ifdef FLOWTABLE
156 	if (ro->ro_rt == NULL) {
157 		struct flentry *fle;
158 
159 		/*
160 		 * The flow table returns route entries valid for up to 30
161 		 * seconds; we rely on the remainder of ip_output() taking no
162 		 * longer than that long for the stability of ro_rt. The
163 		 * flow ID assignment must have happened before this point.
164 		 */
165 		fle = flowtable_lookup_mbuf(V_ip_ft, m, AF_INET);
166 		if (fle != NULL)
167 			flow_to_route(fle, ro);
168 	}
169 #endif
170 
171 	if (opt) {
172 		int len = 0;
173 		m = ip_insertoptions(m, opt, &len);
174 		if (len != 0)
175 			hlen = len; /* ip->ip_hl is updated above */
176 	}
177 	ip = mtod(m, struct ip *);
178 	ip_len = ntohs(ip->ip_len);
179 	ip_off = ntohs(ip->ip_off);
180 
181 	/*
182 	 * Fill in IP header.  If we are not allowing fragmentation,
183 	 * then the ip_id field is meaningless, but we don't set it
184 	 * to zero.  Doing so causes various problems when devices along
185 	 * the path (routers, load balancers, firewalls, etc.) illegally
186 	 * disable DF on our packet.  Note that a 16-bit counter
187 	 * will wrap around in less than 10 seconds at 100 Mbit/s on a
188 	 * medium with MTU 1500.  See Steven M. Bellovin, "A Technique
189 	 * for Counting NATted Hosts", Proc. IMW'02, available at
190 	 * <http://www.cs.columbia.edu/~smb/papers/fnat.pdf>.
191 	 */
192 	if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) {
193 		ip->ip_v = IPVERSION;
194 		ip->ip_hl = hlen >> 2;
195 		ip->ip_id = ip_newid();
196 		IPSTAT_INC(ips_localout);
197 	} else {
198 		/* Header already set, fetch hlen from there */
199 		hlen = ip->ip_hl << 2;
200 	}
201 
202 	/*
203 	 * dst/gw handling:
204 	 *
205 	 * dst can be rewritten but always points to &ro->ro_dst.
206 	 * gw is readonly but can point either to dst OR rt_gateway,
207 	 * therefore we need restore gw if we're redoing lookup.
208 	 */
209 	gw = dst = (struct sockaddr_in *)&ro->ro_dst;
210 again:
211 	ia = NULL;
212 	/*
213 	 * If there is a cached route, check that it is to the same
214 	 * destination and is still up.  If not, free it and try again.
215 	 * The address family should also be checked in case of sharing
216 	 * the cache with IPv6.
217 	 */
218 	rte = ro->ro_rt;
219 	if (rte && ((rte->rt_flags & RTF_UP) == 0 ||
220 		    rte->rt_ifp == NULL ||
221 		    !RT_LINK_IS_UP(rte->rt_ifp) ||
222 			  dst->sin_family != AF_INET ||
223 			  dst->sin_addr.s_addr != ip->ip_dst.s_addr)) {
224 		RO_RTFREE(ro);
225 		ro->ro_lle = NULL;
226 		rte = NULL;
227 		gw = dst;
228 	}
229 	if (rte == NULL && fwd_tag == NULL) {
230 		bzero(dst, sizeof(*dst));
231 		dst->sin_family = AF_INET;
232 		dst->sin_len = sizeof(*dst);
233 		dst->sin_addr = ip->ip_dst;
234 	}
235 	/*
236 	 * If routing to interface only, short circuit routing lookup.
237 	 * The use of an all-ones broadcast address implies this; an
238 	 * interface is specified by the broadcast address of an interface,
239 	 * or the destination address of a ptp interface.
240 	 */
241 	if (flags & IP_SENDONES) {
242 		if ((ia = ifatoia(ifa_ifwithbroadaddr(sintosa(dst)))) == NULL &&
243 		    (ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL) {
244 			IPSTAT_INC(ips_noroute);
245 			error = ENETUNREACH;
246 			goto bad;
247 		}
248 		ip->ip_dst.s_addr = INADDR_BROADCAST;
249 		dst->sin_addr = ip->ip_dst;
250 		ifp = ia->ia_ifp;
251 		ip->ip_ttl = 1;
252 		isbroadcast = 1;
253 	} else if (flags & IP_ROUTETOIF) {
254 		if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL &&
255 		    (ia = ifatoia(ifa_ifwithnet(sintosa(dst), 0))) == NULL) {
256 			IPSTAT_INC(ips_noroute);
257 			error = ENETUNREACH;
258 			goto bad;
259 		}
260 		ifp = ia->ia_ifp;
261 		ip->ip_ttl = 1;
262 		isbroadcast = in_broadcast(dst->sin_addr, ifp);
263 	} else if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) &&
264 	    imo != NULL && imo->imo_multicast_ifp != NULL) {
265 		/*
266 		 * Bypass the normal routing lookup for multicast
267 		 * packets if the interface is specified.
268 		 */
269 		ifp = imo->imo_multicast_ifp;
270 		IFP_TO_IA(ifp, ia);
271 		isbroadcast = 0;	/* fool gcc */
272 	} else {
273 		/*
274 		 * We want to do any cloning requested by the link layer,
275 		 * as this is probably required in all cases for correct
276 		 * operation (as it is for ARP).
277 		 */
278 		if (rte == NULL) {
279 #ifdef RADIX_MPATH
280 			rtalloc_mpath_fib(ro,
281 			    ntohl(ip->ip_src.s_addr ^ ip->ip_dst.s_addr),
282 			    inp ? inp->inp_inc.inc_fibnum : M_GETFIB(m));
283 #else
284 			in_rtalloc_ign(ro, 0,
285 			    inp ? inp->inp_inc.inc_fibnum : M_GETFIB(m));
286 #endif
287 			rte = ro->ro_rt;
288 		}
289 		if (rte == NULL ||
290 		    rte->rt_ifp == NULL ||
291 		    !RT_LINK_IS_UP(rte->rt_ifp)) {
292 #ifdef IPSEC
293 			/*
294 			 * There is no route for this packet, but it is
295 			 * possible that a matching SPD entry exists.
296 			 */
297 			no_route_but_check_spd = 1;
298 			mtu = 0; /* Silence GCC warning. */
299 			goto sendit;
300 #endif
301 			IPSTAT_INC(ips_noroute);
302 			error = EHOSTUNREACH;
303 			goto bad;
304 		}
305 		ia = ifatoia(rte->rt_ifa);
306 		ifa_ref(&ia->ia_ifa);
307 		ifp = rte->rt_ifp;
308 		rte->rt_rmx.rmx_pksent++;
309 		if (rte->rt_flags & RTF_GATEWAY)
310 			gw = (struct sockaddr_in *)rte->rt_gateway;
311 		if (rte->rt_flags & RTF_HOST)
312 			isbroadcast = (rte->rt_flags & RTF_BROADCAST);
313 		else
314 			isbroadcast = in_broadcast(gw->sin_addr, ifp);
315 	}
316 	/*
317 	 * Calculate MTU.  If we have a route that is up, use that,
318 	 * otherwise use the interface's MTU.
319 	 */
320 	if (rte != NULL && (rte->rt_flags & (RTF_UP|RTF_HOST))) {
321 		/*
322 		 * This case can happen if the user changed the MTU
323 		 * of an interface after enabling IP on it.  Because
324 		 * most netifs don't keep track of routes pointing to
325 		 * them, there is no way for one to update all its
326 		 * routes when the MTU is changed.
327 		 */
328 		if (rte->rt_rmx.rmx_mtu > ifp->if_mtu)
329 			rte->rt_rmx.rmx_mtu = ifp->if_mtu;
330 		mtu = rte->rt_rmx.rmx_mtu;
331 	} else {
332 		mtu = ifp->if_mtu;
333 	}
334 	/* Catch a possible divide by zero later. */
335 	KASSERT(mtu > 0, ("%s: mtu %d <= 0, rte=%p (rt_flags=0x%08x) ifp=%p",
336 	    __func__, mtu, rte, (rte != NULL) ? rte->rt_flags : 0, ifp));
337 	if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
338 		m->m_flags |= M_MCAST;
339 		/*
340 		 * IP destination address is multicast.  Make sure "gw"
341 		 * still points to the address in "ro".  (It may have been
342 		 * changed to point to a gateway address, above.)
343 		 */
344 		gw = dst;
345 		/*
346 		 * See if the caller provided any multicast options
347 		 */
348 		if (imo != NULL) {
349 			ip->ip_ttl = imo->imo_multicast_ttl;
350 			if (imo->imo_multicast_vif != -1)
351 				ip->ip_src.s_addr =
352 				    ip_mcast_src ?
353 				    ip_mcast_src(imo->imo_multicast_vif) :
354 				    INADDR_ANY;
355 		} else
356 			ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL;
357 		/*
358 		 * Confirm that the outgoing interface supports multicast.
359 		 */
360 		if ((imo == NULL) || (imo->imo_multicast_vif == -1)) {
361 			if ((ifp->if_flags & IFF_MULTICAST) == 0) {
362 				IPSTAT_INC(ips_noroute);
363 				error = ENETUNREACH;
364 				goto bad;
365 			}
366 		}
367 		/*
368 		 * If source address not specified yet, use address
369 		 * of outgoing interface.
370 		 */
371 		if (ip->ip_src.s_addr == INADDR_ANY) {
372 			/* Interface may have no addresses. */
373 			if (ia != NULL)
374 				ip->ip_src = IA_SIN(ia)->sin_addr;
375 		}
376 
377 		if ((imo == NULL && in_mcast_loop) ||
378 		    (imo && imo->imo_multicast_loop)) {
379 			/*
380 			 * Loop back multicast datagram if not expressly
381 			 * forbidden to do so, even if we are not a member
382 			 * of the group; ip_input() will filter it later,
383 			 * thus deferring a hash lookup and mutex acquisition
384 			 * at the expense of a cheap copy using m_copym().
385 			 */
386 			ip_mloopback(ifp, m, dst, hlen);
387 		} else {
388 			/*
389 			 * If we are acting as a multicast router, perform
390 			 * multicast forwarding as if the packet had just
391 			 * arrived on the interface to which we are about
392 			 * to send.  The multicast forwarding function
393 			 * recursively calls this function, using the
394 			 * IP_FORWARDING flag to prevent infinite recursion.
395 			 *
396 			 * Multicasts that are looped back by ip_mloopback(),
397 			 * above, will be forwarded by the ip_input() routine,
398 			 * if necessary.
399 			 */
400 			if (V_ip_mrouter && (flags & IP_FORWARDING) == 0) {
401 				/*
402 				 * If rsvp daemon is not running, do not
403 				 * set ip_moptions. This ensures that the packet
404 				 * is multicast and not just sent down one link
405 				 * as prescribed by rsvpd.
406 				 */
407 				if (!V_rsvp_on)
408 					imo = NULL;
409 				if (ip_mforward &&
410 				    ip_mforward(ip, ifp, m, imo) != 0) {
411 					m_freem(m);
412 					goto done;
413 				}
414 			}
415 		}
416 
417 		/*
418 		 * Multicasts with a time-to-live of zero may be looped-
419 		 * back, above, but must not be transmitted on a network.
420 		 * Also, multicasts addressed to the loopback interface
421 		 * are not sent -- the above call to ip_mloopback() will
422 		 * loop back a copy. ip_input() will drop the copy if
423 		 * this host does not belong to the destination group on
424 		 * the loopback interface.
425 		 */
426 		if (ip->ip_ttl == 0 || ifp->if_flags & IFF_LOOPBACK) {
427 			m_freem(m);
428 			goto done;
429 		}
430 
431 		goto sendit;
432 	}
433 
434 	/*
435 	 * If the source address is not specified yet, use the address
436 	 * of the outoing interface.
437 	 */
438 	if (ip->ip_src.s_addr == INADDR_ANY) {
439 		/* Interface may have no addresses. */
440 		if (ia != NULL) {
441 			ip->ip_src = IA_SIN(ia)->sin_addr;
442 		}
443 	}
444 
445 	/*
446 	 * Both in the SMP world, pre-emption world if_transmit() world,
447 	 * the following code doesn't really function as intended any further.
448 	 *
449 	 * + There can and will be multiple CPUs running this code path
450 	 *   in parallel, and we do no lock holding when checking the
451 	 *   queue depth;
452 	 * + And since other threads can be running concurrently, even if
453 	 *   we do pass this check, another thread may queue some frames
454 	 *   before this thread does and it will end up partially or fully
455 	 *   failing to send anyway;
456 	 * + if_transmit() based drivers don't necessarily set ifq_len
457 	 *   at all.
458 	 *
459 	 * This should be replaced with a method of pushing an entire list
460 	 * of fragment frames to the driver and have the driver decide
461 	 * whether it can queue or not queue the entire set.
462 	 */
463 #if 0
464 	/*
465 	 * Verify that we have any chance at all of being able to queue the
466 	 * packet or packet fragments, unless ALTQ is enabled on the given
467 	 * interface in which case packetdrop should be done by queueing.
468 	 */
469 	n = ip_len / mtu + 1; /* how many fragments ? */
470 	if (
471 #ifdef ALTQ
472 	    (!ALTQ_IS_ENABLED(&ifp->if_snd)) &&
473 #endif /* ALTQ */
474 	    (ifp->if_snd.ifq_len + n) >= ifp->if_snd.ifq_maxlen ) {
475 		error = ENOBUFS;
476 		IPSTAT_INC(ips_odropped);
477 		ifp->if_snd.ifq_drops += n;
478 		goto bad;
479 	}
480 #endif
481 
482 	/*
483 	 * Look for broadcast address and
484 	 * verify user is allowed to send
485 	 * such a packet.
486 	 */
487 	if (isbroadcast) {
488 		if ((ifp->if_flags & IFF_BROADCAST) == 0) {
489 			error = EADDRNOTAVAIL;
490 			goto bad;
491 		}
492 		if ((flags & IP_ALLOWBROADCAST) == 0) {
493 			error = EACCES;
494 			goto bad;
495 		}
496 		/* don't allow broadcast messages to be fragmented */
497 		if (ip_len > mtu) {
498 			error = EMSGSIZE;
499 			goto bad;
500 		}
501 		m->m_flags |= M_BCAST;
502 	} else {
503 		m->m_flags &= ~M_BCAST;
504 	}
505 
506 sendit:
507 #ifdef IPSEC
508 	switch(ip_ipsec_output(&m, inp, &flags, &error)) {
509 	case 1:
510 		goto bad;
511 	case -1:
512 		goto done;
513 	case 0:
514 	default:
515 		break;	/* Continue with packet processing. */
516 	}
517 	/*
518 	 * Check if there was a route for this packet; return error if not.
519 	 */
520 	if (no_route_but_check_spd) {
521 		IPSTAT_INC(ips_noroute);
522 		error = EHOSTUNREACH;
523 		goto bad;
524 	}
525 	/* Update variables that are affected by ipsec4_output(). */
526 	ip = mtod(m, struct ip *);
527 	hlen = ip->ip_hl << 2;
528 #endif /* IPSEC */
529 
530 	/* Jump over all PFIL processing if hooks are not active. */
531 	if (!PFIL_HOOKED(&V_inet_pfil_hook))
532 		goto passout;
533 
534 	/* Run through list of hooks for output packets. */
535 	odst.s_addr = ip->ip_dst.s_addr;
536 	error = pfil_run_hooks(&V_inet_pfil_hook, &m, ifp, PFIL_OUT, inp);
537 	if (error != 0 || m == NULL)
538 		goto done;
539 
540 	ip = mtod(m, struct ip *);
541 
542 	/* See if destination IP address was changed by packet filter. */
543 	if (odst.s_addr != ip->ip_dst.s_addr) {
544 		m->m_flags |= M_SKIP_FIREWALL;
545 		/* If destination is now ourself drop to ip_input(). */
546 		if (in_localip(ip->ip_dst)) {
547 			m->m_flags |= M_FASTFWD_OURS;
548 			if (m->m_pkthdr.rcvif == NULL)
549 				m->m_pkthdr.rcvif = V_loif;
550 			if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
551 				m->m_pkthdr.csum_flags |=
552 				    CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
553 				m->m_pkthdr.csum_data = 0xffff;
554 			}
555 			m->m_pkthdr.csum_flags |=
556 			    CSUM_IP_CHECKED | CSUM_IP_VALID;
557 #ifdef SCTP
558 			if (m->m_pkthdr.csum_flags & CSUM_SCTP)
559 				m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID;
560 #endif
561 			error = netisr_queue(NETISR_IP, m);
562 			goto done;
563 		} else {
564 			if (ia != NULL)
565 				ifa_free(&ia->ia_ifa);
566 			goto again;	/* Redo the routing table lookup. */
567 		}
568 	}
569 
570 	/* See if local, if yes, send it to netisr with IP_FASTFWD_OURS. */
571 	if (m->m_flags & M_FASTFWD_OURS) {
572 		if (m->m_pkthdr.rcvif == NULL)
573 			m->m_pkthdr.rcvif = V_loif;
574 		if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
575 			m->m_pkthdr.csum_flags |=
576 			    CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
577 			m->m_pkthdr.csum_data = 0xffff;
578 		}
579 #ifdef SCTP
580 		if (m->m_pkthdr.csum_flags & CSUM_SCTP)
581 			m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID;
582 #endif
583 		m->m_pkthdr.csum_flags |=
584 			    CSUM_IP_CHECKED | CSUM_IP_VALID;
585 
586 		error = netisr_queue(NETISR_IP, m);
587 		goto done;
588 	}
589 	/* Or forward to some other address? */
590 	if ((m->m_flags & M_IP_NEXTHOP) &&
591 	    (fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL) {
592 		bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in));
593 		m->m_flags |= M_SKIP_FIREWALL;
594 		m->m_flags &= ~M_IP_NEXTHOP;
595 		m_tag_delete(m, fwd_tag);
596 		if (ia != NULL)
597 			ifa_free(&ia->ia_ifa);
598 		goto again;
599 	}
600 
601 passout:
602 	/* 127/8 must not appear on wire - RFC1122. */
603 	if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
604 	    (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
605 		if ((ifp->if_flags & IFF_LOOPBACK) == 0) {
606 			IPSTAT_INC(ips_badaddr);
607 			error = EADDRNOTAVAIL;
608 			goto bad;
609 		}
610 	}
611 
612 	m->m_pkthdr.csum_flags |= CSUM_IP;
613 	if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA & ~ifp->if_hwassist) {
614 		in_delayed_cksum(m);
615 		m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
616 	}
617 #ifdef SCTP
618 	if (m->m_pkthdr.csum_flags & CSUM_SCTP & ~ifp->if_hwassist) {
619 		sctp_delayed_cksum(m, (uint32_t)(ip->ip_hl << 2));
620 		m->m_pkthdr.csum_flags &= ~CSUM_SCTP;
621 	}
622 #endif
623 
624 	/*
625 	 * If small enough for interface, or the interface will take
626 	 * care of the fragmentation for us, we can just send directly.
627 	 */
628 	if (ip_len <= mtu ||
629 	    (m->m_pkthdr.csum_flags & ifp->if_hwassist & CSUM_TSO) != 0 ||
630 	    ((ip_off & IP_DF) == 0 && (ifp->if_hwassist & CSUM_FRAGMENT))) {
631 		ip->ip_sum = 0;
632 		if (m->m_pkthdr.csum_flags & CSUM_IP & ~ifp->if_hwassist) {
633 			ip->ip_sum = in_cksum(m, hlen);
634 			m->m_pkthdr.csum_flags &= ~CSUM_IP;
635 		}
636 
637 		/*
638 		 * Record statistics for this interface address.
639 		 * With CSUM_TSO the byte/packet count will be slightly
640 		 * incorrect because we count the IP+TCP headers only
641 		 * once instead of for every generated packet.
642 		 */
643 		if (!(flags & IP_FORWARDING) && ia) {
644 			if (m->m_pkthdr.csum_flags & CSUM_TSO)
645 				counter_u64_add(ia->ia_ifa.ifa_opackets,
646 				    m->m_pkthdr.len / m->m_pkthdr.tso_segsz);
647 			else
648 				counter_u64_add(ia->ia_ifa.ifa_opackets, 1);
649 
650 			counter_u64_add(ia->ia_ifa.ifa_obytes, m->m_pkthdr.len);
651 		}
652 #ifdef MBUF_STRESS_TEST
653 		if (mbuf_frag_size && m->m_pkthdr.len > mbuf_frag_size)
654 			m = m_fragment(m, M_NOWAIT, mbuf_frag_size);
655 #endif
656 		/*
657 		 * Reset layer specific mbuf flags
658 		 * to avoid confusing lower layers.
659 		 */
660 		m_clrprotoflags(m);
661 		IP_PROBE(send, NULL, NULL, ip, ifp, ip, NULL);
662 		error = (*ifp->if_output)(ifp, m,
663 		    (const struct sockaddr *)gw, ro);
664 		goto done;
665 	}
666 
667 	/* Balk when DF bit is set or the interface didn't support TSO. */
668 	if ((ip_off & IP_DF) || (m->m_pkthdr.csum_flags & CSUM_TSO)) {
669 		error = EMSGSIZE;
670 		IPSTAT_INC(ips_cantfrag);
671 		goto bad;
672 	}
673 
674 	/*
675 	 * Too large for interface; fragment if possible. If successful,
676 	 * on return, m will point to a list of packets to be sent.
677 	 */
678 	error = ip_fragment(ip, &m, mtu, ifp->if_hwassist);
679 	if (error)
680 		goto bad;
681 	for (; m; m = m0) {
682 		m0 = m->m_nextpkt;
683 		m->m_nextpkt = 0;
684 		if (error == 0) {
685 			/* Record statistics for this interface address. */
686 			if (ia != NULL) {
687 				counter_u64_add(ia->ia_ifa.ifa_opackets, 1);
688 				counter_u64_add(ia->ia_ifa.ifa_obytes,
689 				    m->m_pkthdr.len);
690 			}
691 			/*
692 			 * Reset layer specific mbuf flags
693 			 * to avoid confusing upper layers.
694 			 */
695 			m_clrprotoflags(m);
696 
697 			IP_PROBE(send, NULL, NULL, ip, ifp, ip, NULL);
698 			error = (*ifp->if_output)(ifp, m,
699 			    (const struct sockaddr *)gw, ro);
700 		} else
701 			m_freem(m);
702 	}
703 
704 	if (error == 0)
705 		IPSTAT_INC(ips_fragmented);
706 
707 done:
708 	if (ro == &iproute)
709 		RO_RTFREE(ro);
710 	if (ia != NULL)
711 		ifa_free(&ia->ia_ifa);
712 	return (error);
713 bad:
714 	m_freem(m);
715 	goto done;
716 }
717 
718 /*
719  * Create a chain of fragments which fit the given mtu. m_frag points to the
720  * mbuf to be fragmented; on return it points to the chain with the fragments.
721  * Return 0 if no error. If error, m_frag may contain a partially built
722  * chain of fragments that should be freed by the caller.
723  *
724  * if_hwassist_flags is the hw offload capabilities (see if_data.ifi_hwassist)
725  */
726 int
727 ip_fragment(struct ip *ip, struct mbuf **m_frag, int mtu,
728     u_long if_hwassist_flags)
729 {
730 	int error = 0;
731 	int hlen = ip->ip_hl << 2;
732 	int len = (mtu - hlen) & ~7;	/* size of payload in each fragment */
733 	int off;
734 	struct mbuf *m0 = *m_frag;	/* the original packet		*/
735 	int firstlen;
736 	struct mbuf **mnext;
737 	int nfrags;
738 	uint16_t ip_len, ip_off;
739 
740 	ip_len = ntohs(ip->ip_len);
741 	ip_off = ntohs(ip->ip_off);
742 
743 	if (ip_off & IP_DF) {	/* Fragmentation not allowed */
744 		IPSTAT_INC(ips_cantfrag);
745 		return EMSGSIZE;
746 	}
747 
748 	/*
749 	 * Must be able to put at least 8 bytes per fragment.
750 	 */
751 	if (len < 8)
752 		return EMSGSIZE;
753 
754 	/*
755 	 * If the interface will not calculate checksums on
756 	 * fragmented packets, then do it here.
757 	 */
758 	if (m0->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
759 		in_delayed_cksum(m0);
760 		m0->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
761 	}
762 #ifdef SCTP
763 	if (m0->m_pkthdr.csum_flags & CSUM_SCTP) {
764 		sctp_delayed_cksum(m0, hlen);
765 		m0->m_pkthdr.csum_flags &= ~CSUM_SCTP;
766 	}
767 #endif
768 	if (len > PAGE_SIZE) {
769 		/*
770 		 * Fragment large datagrams such that each segment
771 		 * contains a multiple of PAGE_SIZE amount of data,
772 		 * plus headers. This enables a receiver to perform
773 		 * page-flipping zero-copy optimizations.
774 		 *
775 		 * XXX When does this help given that sender and receiver
776 		 * could have different page sizes, and also mtu could
777 		 * be less than the receiver's page size ?
778 		 */
779 		int newlen;
780 		struct mbuf *m;
781 
782 		for (m = m0, off = 0; m && (off+m->m_len) <= mtu; m = m->m_next)
783 			off += m->m_len;
784 
785 		/*
786 		 * firstlen (off - hlen) must be aligned on an
787 		 * 8-byte boundary
788 		 */
789 		if (off < hlen)
790 			goto smart_frag_failure;
791 		off = ((off - hlen) & ~7) + hlen;
792 		newlen = (~PAGE_MASK) & mtu;
793 		if ((newlen + sizeof (struct ip)) > mtu) {
794 			/* we failed, go back the default */
795 smart_frag_failure:
796 			newlen = len;
797 			off = hlen + len;
798 		}
799 		len = newlen;
800 
801 	} else {
802 		off = hlen + len;
803 	}
804 
805 	firstlen = off - hlen;
806 	mnext = &m0->m_nextpkt;		/* pointer to next packet */
807 
808 	/*
809 	 * Loop through length of segment after first fragment,
810 	 * make new header and copy data of each part and link onto chain.
811 	 * Here, m0 is the original packet, m is the fragment being created.
812 	 * The fragments are linked off the m_nextpkt of the original
813 	 * packet, which after processing serves as the first fragment.
814 	 */
815 	for (nfrags = 1; off < ip_len; off += len, nfrags++) {
816 		struct ip *mhip;	/* ip header on the fragment */
817 		struct mbuf *m;
818 		int mhlen = sizeof (struct ip);
819 
820 		m = m_gethdr(M_NOWAIT, MT_DATA);
821 		if (m == NULL) {
822 			error = ENOBUFS;
823 			IPSTAT_INC(ips_odropped);
824 			goto done;
825 		}
826 		m->m_flags |= (m0->m_flags & M_MCAST);
827 		/*
828 		 * In the first mbuf, leave room for the link header, then
829 		 * copy the original IP header including options. The payload
830 		 * goes into an additional mbuf chain returned by m_copym().
831 		 */
832 		m->m_data += max_linkhdr;
833 		mhip = mtod(m, struct ip *);
834 		*mhip = *ip;
835 		if (hlen > sizeof (struct ip)) {
836 			mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip);
837 			mhip->ip_v = IPVERSION;
838 			mhip->ip_hl = mhlen >> 2;
839 		}
840 		m->m_len = mhlen;
841 		/* XXX do we need to add ip_off below ? */
842 		mhip->ip_off = ((off - hlen) >> 3) + ip_off;
843 		if (off + len >= ip_len)
844 			len = ip_len - off;
845 		else
846 			mhip->ip_off |= IP_MF;
847 		mhip->ip_len = htons((u_short)(len + mhlen));
848 		m->m_next = m_copym(m0, off, len, M_NOWAIT);
849 		if (m->m_next == NULL) {	/* copy failed */
850 			m_free(m);
851 			error = ENOBUFS;	/* ??? */
852 			IPSTAT_INC(ips_odropped);
853 			goto done;
854 		}
855 		m->m_pkthdr.len = mhlen + len;
856 		m->m_pkthdr.rcvif = NULL;
857 #ifdef MAC
858 		mac_netinet_fragment(m0, m);
859 #endif
860 		m->m_pkthdr.csum_flags = m0->m_pkthdr.csum_flags;
861 		mhip->ip_off = htons(mhip->ip_off);
862 		mhip->ip_sum = 0;
863 		if (m->m_pkthdr.csum_flags & CSUM_IP & ~if_hwassist_flags) {
864 			mhip->ip_sum = in_cksum(m, mhlen);
865 			m->m_pkthdr.csum_flags &= ~CSUM_IP;
866 		}
867 		*mnext = m;
868 		mnext = &m->m_nextpkt;
869 	}
870 	IPSTAT_ADD(ips_ofragments, nfrags);
871 
872 	/*
873 	 * Update first fragment by trimming what's been copied out
874 	 * and updating header.
875 	 */
876 	m_adj(m0, hlen + firstlen - ip_len);
877 	m0->m_pkthdr.len = hlen + firstlen;
878 	ip->ip_len = htons((u_short)m0->m_pkthdr.len);
879 	ip->ip_off = htons(ip_off | IP_MF);
880 	ip->ip_sum = 0;
881 	if (m0->m_pkthdr.csum_flags & CSUM_IP & ~if_hwassist_flags) {
882 		ip->ip_sum = in_cksum(m0, hlen);
883 		m0->m_pkthdr.csum_flags &= ~CSUM_IP;
884 	}
885 
886 done:
887 	*m_frag = m0;
888 	return error;
889 }
890 
891 void
892 in_delayed_cksum(struct mbuf *m)
893 {
894 	struct ip *ip;
895 	uint16_t csum, offset, ip_len;
896 
897 	ip = mtod(m, struct ip *);
898 	offset = ip->ip_hl << 2 ;
899 	ip_len = ntohs(ip->ip_len);
900 	csum = in_cksum_skip(m, ip_len, offset);
901 	if (m->m_pkthdr.csum_flags & CSUM_UDP && csum == 0)
902 		csum = 0xffff;
903 	offset += m->m_pkthdr.csum_data;	/* checksum offset */
904 
905 	if (offset + sizeof(u_short) > m->m_len) {
906 		printf("delayed m_pullup, m->len: %d  off: %d  p: %d\n",
907 		    m->m_len, offset, ip->ip_p);
908 		/*
909 		 * XXX
910 		 * this shouldn't happen, but if it does, the
911 		 * correct behavior may be to insert the checksum
912 		 * in the appropriate next mbuf in the chain.
913 		 */
914 		return;
915 	}
916 	*(u_short *)(m->m_data + offset) = csum;
917 }
918 
919 /*
920  * IP socket option processing.
921  */
922 int
923 ip_ctloutput(struct socket *so, struct sockopt *sopt)
924 {
925 	struct	inpcb *inp = sotoinpcb(so);
926 	int	error, optval;
927 
928 	error = optval = 0;
929 	if (sopt->sopt_level != IPPROTO_IP) {
930 		error = EINVAL;
931 
932 		if (sopt->sopt_level == SOL_SOCKET &&
933 		    sopt->sopt_dir == SOPT_SET) {
934 			switch (sopt->sopt_name) {
935 			case SO_REUSEADDR:
936 				INP_WLOCK(inp);
937 				if ((so->so_options & SO_REUSEADDR) != 0)
938 					inp->inp_flags2 |= INP_REUSEADDR;
939 				else
940 					inp->inp_flags2 &= ~INP_REUSEADDR;
941 				INP_WUNLOCK(inp);
942 				error = 0;
943 				break;
944 			case SO_REUSEPORT:
945 				INP_WLOCK(inp);
946 				if ((so->so_options & SO_REUSEPORT) != 0)
947 					inp->inp_flags2 |= INP_REUSEPORT;
948 				else
949 					inp->inp_flags2 &= ~INP_REUSEPORT;
950 				INP_WUNLOCK(inp);
951 				error = 0;
952 				break;
953 			case SO_SETFIB:
954 				INP_WLOCK(inp);
955 				inp->inp_inc.inc_fibnum = so->so_fibnum;
956 				INP_WUNLOCK(inp);
957 				error = 0;
958 				break;
959 			default:
960 				break;
961 			}
962 		}
963 		return (error);
964 	}
965 
966 	switch (sopt->sopt_dir) {
967 	case SOPT_SET:
968 		switch (sopt->sopt_name) {
969 		case IP_OPTIONS:
970 #ifdef notyet
971 		case IP_RETOPTS:
972 #endif
973 		{
974 			struct mbuf *m;
975 			if (sopt->sopt_valsize > MLEN) {
976 				error = EMSGSIZE;
977 				break;
978 			}
979 			m = m_get(sopt->sopt_td ? M_WAITOK : M_NOWAIT, MT_DATA);
980 			if (m == NULL) {
981 				error = ENOBUFS;
982 				break;
983 			}
984 			m->m_len = sopt->sopt_valsize;
985 			error = sooptcopyin(sopt, mtod(m, char *), m->m_len,
986 					    m->m_len);
987 			if (error) {
988 				m_free(m);
989 				break;
990 			}
991 			INP_WLOCK(inp);
992 			error = ip_pcbopts(inp, sopt->sopt_name, m);
993 			INP_WUNLOCK(inp);
994 			return (error);
995 		}
996 
997 		case IP_BINDANY:
998 			if (sopt->sopt_td != NULL) {
999 				error = priv_check(sopt->sopt_td,
1000 				    PRIV_NETINET_BINDANY);
1001 				if (error)
1002 					break;
1003 			}
1004 			/* FALLTHROUGH */
1005 		case IP_TOS:
1006 		case IP_TTL:
1007 		case IP_MINTTL:
1008 		case IP_RECVOPTS:
1009 		case IP_RECVRETOPTS:
1010 		case IP_RECVDSTADDR:
1011 		case IP_RECVTTL:
1012 		case IP_RECVIF:
1013 		case IP_FAITH:
1014 		case IP_ONESBCAST:
1015 		case IP_DONTFRAG:
1016 		case IP_RECVTOS:
1017 			error = sooptcopyin(sopt, &optval, sizeof optval,
1018 					    sizeof optval);
1019 			if (error)
1020 				break;
1021 
1022 			switch (sopt->sopt_name) {
1023 			case IP_TOS:
1024 				inp->inp_ip_tos = optval;
1025 				break;
1026 
1027 			case IP_TTL:
1028 				inp->inp_ip_ttl = optval;
1029 				break;
1030 
1031 			case IP_MINTTL:
1032 				if (optval >= 0 && optval <= MAXTTL)
1033 					inp->inp_ip_minttl = optval;
1034 				else
1035 					error = EINVAL;
1036 				break;
1037 
1038 #define	OPTSET(bit) do {						\
1039 	INP_WLOCK(inp);							\
1040 	if (optval)							\
1041 		inp->inp_flags |= bit;					\
1042 	else								\
1043 		inp->inp_flags &= ~bit;					\
1044 	INP_WUNLOCK(inp);						\
1045 } while (0)
1046 
1047 			case IP_RECVOPTS:
1048 				OPTSET(INP_RECVOPTS);
1049 				break;
1050 
1051 			case IP_RECVRETOPTS:
1052 				OPTSET(INP_RECVRETOPTS);
1053 				break;
1054 
1055 			case IP_RECVDSTADDR:
1056 				OPTSET(INP_RECVDSTADDR);
1057 				break;
1058 
1059 			case IP_RECVTTL:
1060 				OPTSET(INP_RECVTTL);
1061 				break;
1062 
1063 			case IP_RECVIF:
1064 				OPTSET(INP_RECVIF);
1065 				break;
1066 
1067 			case IP_FAITH:
1068 				OPTSET(INP_FAITH);
1069 				break;
1070 
1071 			case IP_ONESBCAST:
1072 				OPTSET(INP_ONESBCAST);
1073 				break;
1074 			case IP_DONTFRAG:
1075 				OPTSET(INP_DONTFRAG);
1076 				break;
1077 			case IP_BINDANY:
1078 				OPTSET(INP_BINDANY);
1079 				break;
1080 			case IP_RECVTOS:
1081 				OPTSET(INP_RECVTOS);
1082 				break;
1083 			}
1084 			break;
1085 #undef OPTSET
1086 
1087 		/*
1088 		 * Multicast socket options are processed by the in_mcast
1089 		 * module.
1090 		 */
1091 		case IP_MULTICAST_IF:
1092 		case IP_MULTICAST_VIF:
1093 		case IP_MULTICAST_TTL:
1094 		case IP_MULTICAST_LOOP:
1095 		case IP_ADD_MEMBERSHIP:
1096 		case IP_DROP_MEMBERSHIP:
1097 		case IP_ADD_SOURCE_MEMBERSHIP:
1098 		case IP_DROP_SOURCE_MEMBERSHIP:
1099 		case IP_BLOCK_SOURCE:
1100 		case IP_UNBLOCK_SOURCE:
1101 		case IP_MSFILTER:
1102 		case MCAST_JOIN_GROUP:
1103 		case MCAST_LEAVE_GROUP:
1104 		case MCAST_JOIN_SOURCE_GROUP:
1105 		case MCAST_LEAVE_SOURCE_GROUP:
1106 		case MCAST_BLOCK_SOURCE:
1107 		case MCAST_UNBLOCK_SOURCE:
1108 			error = inp_setmoptions(inp, sopt);
1109 			break;
1110 
1111 		case IP_PORTRANGE:
1112 			error = sooptcopyin(sopt, &optval, sizeof optval,
1113 					    sizeof optval);
1114 			if (error)
1115 				break;
1116 
1117 			INP_WLOCK(inp);
1118 			switch (optval) {
1119 			case IP_PORTRANGE_DEFAULT:
1120 				inp->inp_flags &= ~(INP_LOWPORT);
1121 				inp->inp_flags &= ~(INP_HIGHPORT);
1122 				break;
1123 
1124 			case IP_PORTRANGE_HIGH:
1125 				inp->inp_flags &= ~(INP_LOWPORT);
1126 				inp->inp_flags |= INP_HIGHPORT;
1127 				break;
1128 
1129 			case IP_PORTRANGE_LOW:
1130 				inp->inp_flags &= ~(INP_HIGHPORT);
1131 				inp->inp_flags |= INP_LOWPORT;
1132 				break;
1133 
1134 			default:
1135 				error = EINVAL;
1136 				break;
1137 			}
1138 			INP_WUNLOCK(inp);
1139 			break;
1140 
1141 #ifdef IPSEC
1142 		case IP_IPSEC_POLICY:
1143 		{
1144 			caddr_t req;
1145 			struct mbuf *m;
1146 
1147 			if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */
1148 				break;
1149 			if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */
1150 				break;
1151 			req = mtod(m, caddr_t);
1152 			error = ipsec_set_policy(inp, sopt->sopt_name, req,
1153 			    m->m_len, (sopt->sopt_td != NULL) ?
1154 			    sopt->sopt_td->td_ucred : NULL);
1155 			m_freem(m);
1156 			break;
1157 		}
1158 #endif /* IPSEC */
1159 
1160 		default:
1161 			error = ENOPROTOOPT;
1162 			break;
1163 		}
1164 		break;
1165 
1166 	case SOPT_GET:
1167 		switch (sopt->sopt_name) {
1168 		case IP_OPTIONS:
1169 		case IP_RETOPTS:
1170 			if (inp->inp_options)
1171 				error = sooptcopyout(sopt,
1172 						     mtod(inp->inp_options,
1173 							  char *),
1174 						     inp->inp_options->m_len);
1175 			else
1176 				sopt->sopt_valsize = 0;
1177 			break;
1178 
1179 		case IP_TOS:
1180 		case IP_TTL:
1181 		case IP_MINTTL:
1182 		case IP_RECVOPTS:
1183 		case IP_RECVRETOPTS:
1184 		case IP_RECVDSTADDR:
1185 		case IP_RECVTTL:
1186 		case IP_RECVIF:
1187 		case IP_PORTRANGE:
1188 		case IP_FAITH:
1189 		case IP_ONESBCAST:
1190 		case IP_DONTFRAG:
1191 		case IP_BINDANY:
1192 		case IP_RECVTOS:
1193 			switch (sopt->sopt_name) {
1194 
1195 			case IP_TOS:
1196 				optval = inp->inp_ip_tos;
1197 				break;
1198 
1199 			case IP_TTL:
1200 				optval = inp->inp_ip_ttl;
1201 				break;
1202 
1203 			case IP_MINTTL:
1204 				optval = inp->inp_ip_minttl;
1205 				break;
1206 
1207 #define	OPTBIT(bit)	(inp->inp_flags & bit ? 1 : 0)
1208 
1209 			case IP_RECVOPTS:
1210 				optval = OPTBIT(INP_RECVOPTS);
1211 				break;
1212 
1213 			case IP_RECVRETOPTS:
1214 				optval = OPTBIT(INP_RECVRETOPTS);
1215 				break;
1216 
1217 			case IP_RECVDSTADDR:
1218 				optval = OPTBIT(INP_RECVDSTADDR);
1219 				break;
1220 
1221 			case IP_RECVTTL:
1222 				optval = OPTBIT(INP_RECVTTL);
1223 				break;
1224 
1225 			case IP_RECVIF:
1226 				optval = OPTBIT(INP_RECVIF);
1227 				break;
1228 
1229 			case IP_PORTRANGE:
1230 				if (inp->inp_flags & INP_HIGHPORT)
1231 					optval = IP_PORTRANGE_HIGH;
1232 				else if (inp->inp_flags & INP_LOWPORT)
1233 					optval = IP_PORTRANGE_LOW;
1234 				else
1235 					optval = 0;
1236 				break;
1237 
1238 			case IP_FAITH:
1239 				optval = OPTBIT(INP_FAITH);
1240 				break;
1241 
1242 			case IP_ONESBCAST:
1243 				optval = OPTBIT(INP_ONESBCAST);
1244 				break;
1245 			case IP_DONTFRAG:
1246 				optval = OPTBIT(INP_DONTFRAG);
1247 				break;
1248 			case IP_BINDANY:
1249 				optval = OPTBIT(INP_BINDANY);
1250 				break;
1251 			case IP_RECVTOS:
1252 				optval = OPTBIT(INP_RECVTOS);
1253 				break;
1254 			}
1255 			error = sooptcopyout(sopt, &optval, sizeof optval);
1256 			break;
1257 
1258 		/*
1259 		 * Multicast socket options are processed by the in_mcast
1260 		 * module.
1261 		 */
1262 		case IP_MULTICAST_IF:
1263 		case IP_MULTICAST_VIF:
1264 		case IP_MULTICAST_TTL:
1265 		case IP_MULTICAST_LOOP:
1266 		case IP_MSFILTER:
1267 			error = inp_getmoptions(inp, sopt);
1268 			break;
1269 
1270 #ifdef IPSEC
1271 		case IP_IPSEC_POLICY:
1272 		{
1273 			struct mbuf *m = NULL;
1274 			caddr_t req = NULL;
1275 			size_t len = 0;
1276 
1277 			if (m != 0) {
1278 				req = mtod(m, caddr_t);
1279 				len = m->m_len;
1280 			}
1281 			error = ipsec_get_policy(sotoinpcb(so), req, len, &m);
1282 			if (error == 0)
1283 				error = soopt_mcopyout(sopt, m); /* XXX */
1284 			if (error == 0)
1285 				m_freem(m);
1286 			break;
1287 		}
1288 #endif /* IPSEC */
1289 
1290 		default:
1291 			error = ENOPROTOOPT;
1292 			break;
1293 		}
1294 		break;
1295 	}
1296 	return (error);
1297 }
1298 
1299 /*
1300  * Routine called from ip_output() to loop back a copy of an IP multicast
1301  * packet to the input queue of a specified interface.  Note that this
1302  * calls the output routine of the loopback "driver", but with an interface
1303  * pointer that might NOT be a loopback interface -- evil, but easier than
1304  * replicating that code here.
1305  */
1306 static void
1307 ip_mloopback(struct ifnet *ifp, struct mbuf *m, struct sockaddr_in *dst,
1308     int hlen)
1309 {
1310 	register struct ip *ip;
1311 	struct mbuf *copym;
1312 
1313 	/*
1314 	 * Make a deep copy of the packet because we're going to
1315 	 * modify the pack in order to generate checksums.
1316 	 */
1317 	copym = m_dup(m, M_NOWAIT);
1318 	if (copym != NULL && (copym->m_flags & M_EXT || copym->m_len < hlen))
1319 		copym = m_pullup(copym, hlen);
1320 	if (copym != NULL) {
1321 		/* If needed, compute the checksum and mark it as valid. */
1322 		if (copym->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
1323 			in_delayed_cksum(copym);
1324 			copym->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
1325 			copym->m_pkthdr.csum_flags |=
1326 			    CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
1327 			copym->m_pkthdr.csum_data = 0xffff;
1328 		}
1329 		/*
1330 		 * We don't bother to fragment if the IP length is greater
1331 		 * than the interface's MTU.  Can this possibly matter?
1332 		 */
1333 		ip = mtod(copym, struct ip *);
1334 		ip->ip_sum = 0;
1335 		ip->ip_sum = in_cksum(copym, hlen);
1336 #if 1 /* XXX */
1337 		if (dst->sin_family != AF_INET) {
1338 			printf("ip_mloopback: bad address family %d\n",
1339 						dst->sin_family);
1340 			dst->sin_family = AF_INET;
1341 		}
1342 #endif
1343 		if_simloop(ifp, copym, dst->sin_family, 0);
1344 	}
1345 }
1346